@westbayberry/dg 2.0.8 → 2.0.11

package/dist/setup/plan.js

@@ -1,11 +1,12 @@
 import { accessSync, constants, existsSync, mkdirSync, readdirSync, readFileSync, renameSync, rmSync, writeFileSync } from "node:fs";
-import { basename, delimiter, dirname, join, resolve } from "node:path";
+import { basename, delimiter, dirname, join, resolve, sep } from "node:path";
 import { chmodSync } from "node:fs";
 import { createTheme } from "../presentation/theme.js";
-import { acquireLockSync, findStaleSessionsSync, resolveDgPaths, sweepStaleSessionsSync, CLEANUP_REGISTRY_LOCK } from "../state/index.js";
+import { acquireLockSync, findStaleSessionsSync, preserveCorruptCleanupRegistrySync, resolveDgPaths, sweepStaleSessionsSync, CLEANUP_REGISTRY_LOCK } from "../state/index.js";
 import { currentNodeVersion, isSupportedNode } from "../runtime/node-version.js";
 import { dgVersion } from "../commands/version.js";
-import { AuthError, authStatus, displayTier } from "../auth/store.js";
+import { compareVersions, readLatestVersion } from "../commands/update.js";
+import { AuthError, authStatus, displayTier, readAuthState } from "../auth/store.js";
 import { ConfigError, loadUserConfig } from "../config/settings.js";
 import { resolveRealBinary } from "../launcher/resolve-real-binary.js";
 import { packageManagerNames } from "../launcher/classify.js";
@@ -32,6 +33,7 @@ export const STALE_SESSION_OLDER_THAN_MS = 24 * 60 * 60 * 1000;
 const DOCTOR_GROUP_BY_NAME = {
     node: "environment",
     package: "environment",
+    update: "environment",
     "dg-binary-path": "environment",
     "real-binary-resolution": "environment",
     "recursive-shim-guard": "environment",
@@ -45,12 +47,16 @@ const DOCTOR_GROUP_BY_NAME = {
     "shell-rc": "setup",
     "python-hook-drift": "setup",
     path: "setup",
+    "path-noninteractive": "setup",
+    "commit-guard": "setup",
     "stale-sessions": "setup",
     service: "setup",
-    auth: "account"
+    auth: "account",
+    api: "account"
 };
 const DOCTOR_FIX_BY_NAME = {
     node: "upgrade Node to >=22.14.0",
+    update: "dg update",
     "dg-binary-path": "put the dg bin directory first on PATH",
     "cleanup-registry": "re-run dg setup",
     "cleanup-registry-stale-entries": "re-run dg setup to refresh",
@@ -61,6 +67,7 @@ const DOCTOR_FIX_BY_NAME = {
     "shell-rc": "dg setup",
     "python-hook-drift": "dg uninstall, or re-run dg setup, to remove the stale pip hook",
     path: "reload your shell after setup",
+    "commit-guard": "dg guard-commit",
     "stale-sessions": "clears on the next protected run",
     auth: "dg login"
 };
@@ -187,7 +194,9 @@ export function uninstallSetup(options) {
             olderThanMs: STALE_SESSION_OLDER_THAN_MS
         }).removed;
         if (registryRead.malformed) {
-            warnings.push(`cleanup registry is malformed: ${paths.cleanupRegistryPath}`);
+            warnings.push(registryRead.preservedPath
+                ? `cleanup registry was malformed: ${paths.cleanupRegistryPath} (preserved at ${registryRead.preservedPath})`
+                : `cleanup registry is malformed: ${paths.cleanupRegistryPath}`);
         }
         for (const entry of registryRead.registry.entries) {
             if (entry.owner !== "dg") {
@@ -290,6 +299,8 @@ export function doctorReport(options = {}) {
             : `Legacy dg pip hooks break pip in: ${staleHookSites.join(", ")}`
     });
     checks.push(pathPrecedenceCheck(env, shimDir, functionsPresent));
+    checks.push(nonInteractivePathCheck(env, shimDir));
+    checks.push(commitGuardCheck(registryRead.registry, env));
     checks.push({
         name: "stale-sessions",
         status: staleSessions.length === 0 ? "pass" : "warn",
@@ -315,6 +326,107 @@ export function doctorReport(options = {}) {
         checks: checks.map(enrichDoctorCheck)
     };
 }
+const API_HEALTH_TIMEOUT_MS = 2000;
+const UPDATE_LOOKUP_TIMEOUT_MS = 1500;
+export async function doctorReportWithRemote(options = {}) {
+    const env = options.env ?? process.env;
+    const base = doctorReport({ env });
+    const checks = [...base.checks];
+    insertAfter(checks, "package", enrichDoctorCheck(updateFreshnessCheck()));
+    insertAfter(checks, "auth", enrichDoctorCheck(await apiHealthCheck(env, options.fetchImpl ?? fetch, options.apiTimeoutMs ?? API_HEALTH_TIMEOUT_MS)));
+    return { version: base.version, checks };
+}
+function insertAfter(checks, name, check) {
+    const index = checks.findIndex((candidate) => candidate.name === name);
+    checks.splice(index === -1 ? checks.length : index + 1, 0, check);
+}
+function updateFreshnessCheck() {
+    const latest = readLatestVersion(UPDATE_LOOKUP_TIMEOUT_MS);
+    if (!latest) {
+        return {
+            name: "update",
+            status: "unavailable",
+            message: "Latest published dg version is unknown (npm registry metadata unavailable). Run 'dg update' to retry."
+        };
+    }
+    if (compareVersions(latest, dgVersion()) > 0) {
+        return {
+            name: "update",
+            status: "warn",
+            message: `dg ${dgVersion()} is behind the latest published ${latest}`
+        };
+    }
+    return {
+        name: "update",
+        status: "pass",
+        message: `dg ${dgVersion()} is the latest published version`
+    };
+}
+async function apiHealthCheck(env, fetchImpl, timeoutMs) {
+    let baseUrl;
+    try {
+        baseUrl = doctorApiBaseUrl(env);
+    }
+    catch (error) {
+        return {
+            name: "api",
+            status: "fail",
+            message: error instanceof ConfigError ? error.message : "Unable to resolve api.baseUrl"
+        };
+    }
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    const started = Date.now();
+    try {
+        const response = await fetchImpl(`${baseUrl}/health`, { method: "GET", signal: controller.signal });
+        const latencyMs = Date.now() - started;
+        if (response.ok) {
+            return {
+                name: "api",
+                status: "pass",
+                message: `${baseUrl}/health responded ${response.status} in ${latencyMs}ms`
+            };
+        }
+        return {
+            name: "api",
+            status: "warn",
+            message: `${baseUrl}/health responded ${response.status} after ${latencyMs}ms`,
+            fix: "check api.baseUrl (dg config get api.baseUrl) and the service status"
+        };
+    }
+    catch (error) {
+        return {
+            name: "api",
+            status: "warn",
+            message: `${baseUrl} is unreachable: ${describeFetchError(error, timeoutMs)}`,
+            fix: "check your network and api.baseUrl (dg config get api.baseUrl)"
+        };
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+function doctorApiBaseUrl(env) {
+    try {
+        const apiBaseUrl = readAuthState(env)?.apiBaseUrl;
+        if (apiBaseUrl) {
+            return apiBaseUrl;
+        }
+    }
+    catch {
+        return loadUserConfig(env).api.baseUrl;
+    }
+    return loadUserConfig(env).api.baseUrl;
+}
+function describeFetchError(error, timeoutMs) {
+    if (error instanceof Error && error.name === "AbortError") {
+        return `no response within ${timeoutMs}ms`;
+    }
+    if (error instanceof Error && error.cause instanceof Error && error.cause.message) {
+        return error.cause.message;
+    }
+    return error instanceof Error ? error.message : "request failed";
+}
 const DOCTOR_STATUS_ROLE = {
     pass: "pass",
     warn: "warn",
@@ -358,10 +470,10 @@ export function renderDoctorReport(report, theme = createTheme(false), verbose =
         }
         let nonPass = groupChecks.filter((check) => check.status !== "pass");
         if (key === "setup") {
-            const trio = ["shims", "shell-rc", "path"];
-            const allWarn = trio.every((name) => nonPass.some((check) => check.name === name && check.status === "warn"));
+            const setupCore = ["shims", "shell-rc", "path", "path-noninteractive"];
+            const allWarn = setupCore.every((name) => nonPass.some((check) => check.name === name && check.status === "warn"));
             if (allWarn) {
-                nonPass = nonPass.filter((check) => !trio.includes(check.name) && !(check.name === "config" && check.status === "warn"));
+                nonPass = nonPass.filter((check) => !setupCore.includes(check.name) && !(check.name === "config" && check.status === "warn"));
                 const notSetUp = "not set up — bare npm/pip installs aren't protected";
                 if (nonPass.length === 0) {
                     lines.push(rollupInlineLine(title, "warn", "⚠", notSetUp, "dg setup", theme));
@@ -483,7 +595,8 @@ export function shimSource(command) {
         `if [ -x "${dg}" ]; then`,
         `  DG_SHIM_ACTIVE=${nonce} exec "${dg}" ${command} "$@"`,
         "fi",
-        `dg_path=$(printf '%s' "$PATH" | awk -v RS=':' -v ORS=':' '$0 != ENVIRON["HOME"] "/.dg/shims"' | sed 's/:$//')`,
+        `shim_dir=$(CDPATH= cd -- "$(dirname -- "$0")" 2>/dev/null && pwd)`,
+        `dg_path=$(printf '%s' "$PATH" | awk -v RS=':' -v ORS=':' -v shim="$shim_dir" '$0 != shim && $0 != ENVIRON["HOME"] "/.dg/shims"' | sed 's/:$//')`,
         `dg_bin=$(PATH="$dg_path" command -v dg 2>/dev/null)`,
         `if [ -n "$dg_bin" ]; then`,
         `  DG_SHIM_ACTIVE=${nonce} exec "$dg_bin" ${command} "$@"`,
@@ -529,9 +642,34 @@ function fishRcBlock(shimDir) {
     return `${RC_BEGIN}\n# ${RC_SENTINEL}\n# ${RC_FUNCTIONS_SENTINEL}\nfish_add_path -p "${dir}"\n${fns}\n${RC_END}\n`;
 }
 function stripRcBlock(existing) {
-    const pattern = new RegExp(`${escapeRegex(RC_BEGIN)}\\n[\\s\\S]*?${escapeRegex(RC_END)}\\n?`, "g");
-    const unterminatedPattern = new RegExp(`${escapeRegex(RC_BEGIN)}\\n[\\s\\S]*$`, "g");
-    return existing.replace(pattern, "").replace(unterminatedPattern, "");
+    return stripRcBlockDetailed(existing).content;
+}
+// An unterminated begin marker must never strip to EOF: only lines verifiably
+// written by dg are removed, so user content below a stale marker survives.
+function stripRcBlockDetailed(existing) {
+    let content = existing.replace(rcPairPattern(RC_BEGIN, RC_END), "");
+    const repairedLines = [];
+    for (;;) {
+        const lines = content.split("\n");
+        const begin = lines.indexOf(RC_BEGIN);
+        if (begin === -1) {
+            break;
+        }
+        let end = begin;
+        while (end + 1 < lines.length && isDgWrittenRcLine(lines[end + 1] ?? "")) {
+            end += 1;
+        }
+        repairedLines.push(begin === end ? `line ${begin + 1}` : `lines ${begin + 1}-${end + 1}`);
+        lines.splice(begin, end - begin + 1);
+        content = lines.join("\n");
+    }
+    return { content, repairedLines };
+}
+function rcPairPattern(begin, end) {
+    return new RegExp(`${escapeRegex(begin)}\\n(?:(?!${escapeRegex(begin)})[\\s\\S])*?${escapeRegex(end)}\\n?`, "g");
+}
+function isDgWrittenRcLine(line) {
+    return line === RC_END || line.startsWith("# dg-") || line.includes(RC_SHIM_HELPER) || line.includes(`${sep}.dg${sep}shims`);
 }
 function sweepLegacyRcBlocks(homeDir, removed, warnings) {
     for (const rel of LEGACY_RC_CANDIDATES) {
@@ -549,8 +687,7 @@ function sweepLegacyRcBlocks(homeDir, removed, warnings) {
                 warnings.push(`legacy dg block in ${rcPath} is missing its end marker; left untouched`);
                 continue;
             }
-            const pattern = new RegExp(`${escapeRegex(marker.begin)}\\n[\\s\\S]*?${escapeRegex(marker.end)}\\n?`, "g");
-            next = next.replace(pattern, "");
+            next = next.replace(rcPairPattern(marker.begin, marker.end), "");
         }
         if (next === existing) {
             continue;
@@ -567,7 +704,7 @@ function sweepLegacyRcBlocks(homeDir, removed, warnings) {
 export function legacyPythonHookSites(homeDir) {
     return candidateSitePackagesDirs(homeDir).filter((dir) => existsSync(join(dir, LEGACY_PYTHON_HOOK_PTH)) || readText(join(dir, LEGACY_PYTHON_HOOK_PY)).includes(LEGACY_PYTHON_HOOK_MARKER));
 }
-function sweepLegacyPythonHooks(homeDir, removed, warnings) {
+export function sweepLegacyPythonHooks(homeDir, removed, warnings) {
     for (const dir of candidateSitePackagesDirs(homeDir)) {
         const pyPath = join(dir, LEGACY_PYTHON_HOOK_PY);
         const pthPath = join(dir, LEGACY_PYTHON_HOOK_PTH);
@@ -651,12 +788,14 @@ export function readRegistry(paths) {
         };
     }
     catch {
+        const preservedPath = preserveCorruptCleanupRegistrySync(paths);
         return {
             registry: {
                 version: 1,
                 entries: []
             },
-            malformed: true
+            malformed: true,
+            ...(preservedPath ? { preservedPath } : {})
         };
     }
 }
@@ -690,7 +829,6 @@ function configCheck(paths, env) {
 }
 function unavailableDoctorChecks() {
     const unavailable = [
-        ["api", "API connectivity is not checked until this machine is authenticated. Run 'dg login', then run 'dg doctor' again."],
         ["path-cache", "Shell command path cache checks are guidance only. After setup, run 'hash -r' for bash or 'rehash' for zsh."],
         ["proxy", "Per-command proxy health is checked when a protected prefix command runs, for example 'dg npm install <package>'."],
         ["ca", "CA health is checked during protected HTTPS artifact fetches or explicit service startup."],
@@ -844,6 +982,70 @@ function pathPrecedenceCheck(env, shimDir, functionsPresent) {
         message: `${shimDir} precedes the real package-manager directories on PATH`
     };
 }
+// Shell functions only protect interactive shells; scripts, Makefiles,
+// lifecycle scripts, and CI resolve commands by raw PATH order, so a version
+// manager bin dir ahead of the shim dir bypasses dg there.
+function nonInteractivePathCheck(env, shimDir) {
+    const pathEntries = (env.PATH ?? "").split(delimiter).filter(Boolean);
+    const shimIndex = pathEntries.findIndex((entry) => resolve(entry) === resolve(shimDir));
+    if (shimIndex === -1) {
+        return {
+            name: "path-noninteractive",
+            status: "warn",
+            message: `${shimDir} is not on PATH, so scripts, Makefiles, lifecycle scripts, and CI bypass dg`,
+            fix: "dg setup, then make sure the dg PATH block loads where non-interactive shells read it"
+        };
+    }
+    const offenders = new Map();
+    for (const command of SHIM_COMMANDS) {
+        const hit = firstExecutableOnPath(command, pathEntries);
+        if (!hit || resolve(hit.dir) === resolve(shimDir) || isShimFile(hit.path)) {
+            continue;
+        }
+        const offender = offenders.get(hit.dir) ?? { index: hit.index, commands: [] };
+        offender.commands.push(command);
+        offenders.set(hit.dir, offender);
+    }
+    if (offenders.size === 0) {
+        return {
+            name: "path-noninteractive",
+            status: "pass",
+            message: `Non-interactive shells resolve the dg shims in ${shimDir} first for every shimmed command`
+        };
+    }
+    const details = [...offenders.entries()]
+        .map(([dir, offender]) => `${offender.commands.join(", ")} from ${dir}${versionManagerLabel(dir)} at PATH position ${offender.index + 1}`)
+        .join("; ");
+    const firstDir = [...offenders.keys()][0] ?? "";
+    return {
+        name: "path-noninteractive",
+        status: "warn",
+        message: `Non-interactive shells (scripts, Makefiles, lifecycle scripts, CI) run ${details}, bypassing the dg shims at PATH position ${shimIndex + 1}`,
+        fix: `put ${shimDir} before ${firstDir} on PATH for non-interactive shells (load the dg setup block after the version-manager init)`
+    };
+}
+function firstExecutableOnPath(command, pathEntries) {
+    for (const [index, dir] of pathEntries.entries()) {
+        const candidate = join(dir, command);
+        try {
+            accessSync(candidate, constants.X_OK);
+            return { path: candidate, dir, index };
+        }
+        catch {
+            continue;
+        }
+    }
+    return null;
+}
+function isShimFile(path) {
+    return readText(path).slice(0, 160).includes(SHIM_SENTINEL);
+}
+const VERSION_MANAGER_DIR_NAMES = ["nvm", "asdf", "volta", "corepack", "fnm", "n"];
+function versionManagerLabel(dir) {
+    const segments = dir.split(sep).map((segment) => segment.replace(/^\./, ""));
+    const manager = VERSION_MANAGER_DIR_NAMES.find((name) => segments.includes(name));
+    return manager ? ` (${manager})` : "";
+}
 export function currentShellActivation(env = process.env) {
     const shell = resolveShell("auto", env);
     const homeDir = resolveDgPaths(env).homeDir;
@@ -966,9 +1168,91 @@ function removeRcBlock(entry, removed, missing, warnings) {
         warnings.push(`refused to edit shell rc without dg sentinel: ${entry.path}`);
         return;
     }
-    writeFileSync(entry.path, stripRcBlock(existing), "utf8");
+    const stripped = stripRcBlockDetailed(existing);
+    writeFileSync(entry.path, stripped.content, "utf8");
+    if (stripped.repairedLines.length > 0) {
+        warnings.push(`repaired an unterminated dg block in ${entry.path}: removed only dg-written lines (${stripped.repairedLines.join(", ")})`);
+    }
     removed.push(entry.path);
 }
+// The command -v guard keeps the hook fail-open: a removed or moved dg prints
+// a one-line notice and lets the commit (and any chained hook) proceed instead
+// of blocking every commit with exit 127.
+export function guardHookScript(dgPath, chainedOriginal) {
+    const lines = [
+        "#!/bin/sh",
+        `# ${GUARD_HOOK_SENTINEL}`,
+        `if command -v "${dgPath}" >/dev/null 2>&1; then`,
+        `  "${dgPath}" scan --staged --hook || exit $?`,
+        "else",
+        `  echo "dg: pre-commit scan skipped (dg not runnable at ${dgPath}); commit allowed" >&2`,
+        "fi"
+    ];
+    if (chainedOriginal) {
+        lines.push(`[ -x "${chainedOriginal}" ] && exec "${chainedOriginal}" "$@"`);
+    }
+    lines.push("exit 0");
+    return `${lines.join("\n")}\n`;
+}
+export function chainedHookOriginal(content) {
+    return content.match(/^\[ -x "(.+)" \] && exec "\1" "\$@"$/m)?.[1] ?? null;
+}
+export function guardHookDgPath(content) {
+    return (content.match(/^if command -v "(.+)" >\/dev\/null 2>&1; then$/m)?.[1] ??
+        content.match(/^"(.+)" scan --staged --hook/m)?.[1] ??
+        null);
+}
+function commitGuardCheck(registry, env) {
+    const hooks = registry.entries.filter((entry) => entry.owner === "dg" && entry.kind === "git-hook");
+    if (hooks.length === 0) {
+        return {
+            name: "commit-guard",
+            status: "pass",
+            message: "No commit guard installed (optional; run dg guard-commit inside a repo)"
+        };
+    }
+    const missing = hooks.filter((entry) => !hookOwnedByDg(entry));
+    if (missing.length > 0) {
+        return {
+            name: "commit-guard",
+            status: "warn",
+            message: `Commit guard hook missing or replaced at: ${missing.map((entry) => entry.path).join(", ")}`,
+            fix: "re-run dg guard-commit in that repo, or dg guard-commit off to forget it"
+        };
+    }
+    const broken = hooks.filter((entry) => {
+        const dgPath = guardHookDgPath(readText(entry.path));
+        return dgPath !== null && !runnableDgPath(dgPath, env);
+    });
+    if (broken.length > 0) {
+        return {
+            name: "commit-guard",
+            status: "warn",
+            message: `Commit guard at ${broken.map((entry) => entry.path).join(", ")} points at a dg binary that is not runnable, so commits there fail open with a notice`,
+            fix: "reinstall dg, then re-run dg guard-commit"
+        };
+    }
+    return {
+        name: "commit-guard",
+        status: "pass",
+        message: `Commit guard installed (${hooks.length} ${hooks.length === 1 ? "repo" : "repos"}); hook and dg binary resolve`
+    };
+}
+function hookOwnedByDg(entry) {
+    return readText(entry.path).split("\n", 2)[1]?.includes(entry.sentinel ?? GUARD_HOOK_SENTINEL) ?? false;
+}
+function runnableDgPath(dgPath, env) {
+    if (dgPath.includes(sep)) {
+        try {
+            accessSync(dgPath, constants.X_OK);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    return findDgExecutables(env).length > 0;
+}
 export function reverseGitHookEntry(entry, removed, missing, warnings) {
     const sentinel = entry.sentinel ?? GUARD_HOOK_SENTINEL;
     let ownsTarget = false;

package/dist/state/cleanup-registry.js

@@ -1,4 +1,6 @@
-import { readJsonFile, writeJsonFileAtomic } from "./store.js";
+import { renameSync } from "node:fs";
+import { rename } from "node:fs/promises";
+import { JsonStoreError, readJsonFile, writeJsonFileAtomic } from "./store.js";
 import { acquireLock, CLEANUP_REGISTRY_LOCK } from "./locks.js";
 export function emptyCleanupRegistry() {
     return {
@@ -6,12 +8,30 @@ export function emptyCleanupRegistry() {
         entries: []
     };
 }
-export async function readCleanupRegistry(paths) {
-    const registry = await readJsonFile(paths.cleanupRegistryPath, emptyCleanupRegistry());
-    if (registry.version !== 1 || !Array.isArray(registry.entries)) {
-        throw new Error(`Unsupported cleanup registry at ${paths.cleanupRegistryPath}`);
+export async function loadCleanupRegistry(paths, options = {}) {
+    let parsed;
+    try {
+        parsed = await readJsonFile(paths.cleanupRegistryPath, emptyCleanupRegistry());
+    }
+    catch (error) {
+        if (!(error instanceof JsonStoreError)) {
+            throw error;
+        }
+        parsed = undefined;
+    }
+    if (isCleanupRegistry(parsed)) {
+        return {
+            registry: parsed
+        };
     }
-    return registry;
+    const preserved = await preserveCorruptRegistry(paths, options);
+    return {
+        registry: emptyCleanupRegistry(),
+        ...(preserved ? { corruptPreservedPath: preserved } : {})
+    };
+}
+export async function readCleanupRegistry(paths) {
+    return (await loadCleanupRegistry(paths)).registry;
 }
 export async function writeCleanupRegistry(paths, registry) {
     await writeJsonFileAtomic(paths.cleanupRegistryPath, registry);
@@ -19,7 +39,7 @@ export async function writeCleanupRegistry(paths, registry) {
 export async function recordCleanupEntry(paths, entry) {
     const lock = await acquireLock(paths, CLEANUP_REGISTRY_LOCK);
     try {
-        const registry = await readCleanupRegistry(paths);
+        const { registry } = await loadCleanupRegistry(paths);
         const nextEntry = {
             ...entry,
             installedAt: entry.installedAt ?? new Date().toISOString(),
@@ -40,7 +60,7 @@ export async function recordCleanupEntry(paths, entry) {
 export async function removeCleanupEntry(paths, target) {
     const lock = await acquireLock(paths, CLEANUP_REGISTRY_LOCK);
     try {
-        const registry = await readCleanupRegistry(paths);
+        const { registry } = await loadCleanupRegistry(paths);
         const next = {
             version: 1,
             entries: registry.entries.filter((candidate) => !sameRegistryTarget(candidate, target))
@@ -55,6 +75,43 @@ export async function removeCleanupEntry(paths, target) {
 export function ownedCleanupEntries(registry) {
     return registry.entries.filter((entry) => entry.owner === "dg");
 }
+async function preserveCorruptRegistry(paths, options) {
+    const preservedPath = `${paths.cleanupRegistryPath}.corrupt-${new Date().toISOString().replace(/[:.]/g, "-")}`;
+    try {
+        await rename(paths.cleanupRegistryPath, preservedPath);
+    }
+    catch (error) {
+        if (isEnoent(error)) {
+            return undefined;
+        }
+        throw error;
+    }
+    const stderr = options.stderr ?? process.stderr;
+    stderr.write(`dg: cleanup registry at ${paths.cleanupRegistryPath} was unreadable; preserved it at ${preservedPath}. Previously registered entries may need 'dg doctor'.\n`);
+    return preservedPath;
+}
+export function preserveCorruptCleanupRegistrySync(paths, options = {}) {
+    const preservedPath = `${paths.cleanupRegistryPath}.corrupt-${new Date().toISOString().replace(/[:.]/g, "-")}`;
+    try {
+        renameSync(paths.cleanupRegistryPath, preservedPath);
+    }
+    catch {
+        return undefined;
+    }
+    const stderr = options.stderr ?? process.stderr;
+    stderr.write(`dg: cleanup registry at ${paths.cleanupRegistryPath} was unreadable; preserved it at ${preservedPath}. Previously registered entries may need 'dg doctor'.\n`);
+    return preservedPath;
+}
+function isCleanupRegistry(value) {
+    return (typeof value === "object" &&
+        value !== null &&
+        !Array.isArray(value) &&
+        value.version === 1 &&
+        Array.isArray(value.entries));
+}
+function isEnoent(error) {
+    return typeof error === "object" && error !== null && "code" in error && error.code === "ENOENT";
+}
 function sameRegistryTarget(left, right) {
     return left.kind === right.kind && left.path === right.path && left.sentinel === right.sentinel;
 }

package/dist/state/locks.js

@@ -1,4 +1,4 @@
-import { closeSync, mkdirSync, openSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs";
+import { closeSync, mkdirSync, openSync, readFileSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { mkdir, open, readFile, rename, rm, stat } from "node:fs/promises";
 import { join } from "node:path";
 export const CLEANUP_REGISTRY_LOCK = "cleanup-registry";
@@ -91,7 +91,69 @@ export function acquireLockSync(paths, name, options = {}) {
 export async function readLockMetadata(path) {
     return JSON.parse(await readFile(path, "utf8"));
 }
+const LOCK_RETRY_DELAY_MS = 25;
+export function acquireLockSyncWithRetry(paths, name, options = {}) {
+    const deadline = Date.now() + (options.timeoutMs ?? 5_000);
+    const acquireOptions = {
+        ...(options.staleMs !== undefined ? { staleMs: options.staleMs } : {}),
+        ...(options.now !== undefined ? { now: options.now } : {})
+    };
+    for (;;) {
+        try {
+            return acquireLockSync(paths, name, acquireOptions);
+        }
+        catch (error) {
+            if (!(error instanceof LockBusyError) || Date.now() + LOCK_RETRY_DELAY_MS > deadline) {
+                throw error;
+            }
+            sleepSync(LOCK_RETRY_DELAY_MS);
+        }
+    }
+}
+function sleepSync(ms) {
+    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+}
+export function isProcessAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch (error) {
+        return !isErrno(error, "ESRCH");
+    }
+}
+function holderStateFromContent(content) {
+    let pid;
+    try {
+        pid = JSON.parse(content).pid;
+    }
+    catch {
+        return "unknown";
+    }
+    if (typeof pid !== "number" || !Number.isInteger(pid) || pid <= 0) {
+        return "unknown";
+    }
+    return isProcessAlive(pid) ? "alive" : "dead";
+}
 async function removeStaleLock(path, options) {
+    let content;
+    try {
+        content = await readFile(path, "utf8");
+    }
+    catch (error) {
+        if (isErrno(error, "ENOENT")) {
+            return;
+        }
+        content = null;
+    }
+    const holder = content === null ? "unknown" : holderStateFromContent(content);
+    if (holder === "alive") {
+        return;
+    }
+    if (holder === "dead") {
+        await takeoverLock(path);
+        return;
+    }
     if (!options.staleMs) {
         return;
     }
@@ -108,21 +170,27 @@ async function removeStaleLock(path, options) {
     if (now - details.mtimeMs < options.staleMs) {
         return;
     }
-    const takeoverPath = `${path}.stale-${process.pid}-${++takeoverCounter}`;
+    await takeoverLock(path);
+}
+function removeStaleLockSync(path, options) {
+    let content;
     try {
-        await rename(path, takeoverPath);
+        content = readFileSync(path, "utf8");
     }
     catch (error) {
         if (isErrno(error, "ENOENT")) {
             return;
         }
-        throw error;
+        content = null;
+    }
+    const holder = content === null ? "unknown" : holderStateFromContent(content);
+    if (holder === "alive") {
+        return;
+    }
+    if (holder === "dead") {
+        takeoverLockSync(path);
+        return;
     }
-    await rm(takeoverPath, {
-        force: true
-    });
-}
-function removeStaleLockSync(path, options) {
     if (!options.staleMs) {
         return;
     }
@@ -140,6 +208,24 @@ function removeStaleLockSync(path, options) {
     if (now - details.mtimeMs < options.staleMs) {
         return;
     }
+    takeoverLockSync(path);
+}
+async function takeoverLock(path) {
+    const takeoverPath = `${path}.stale-${process.pid}-${++takeoverCounter}`;
+    try {
+        await rename(path, takeoverPath);
+    }
+    catch (error) {
+        if (isErrno(error, "ENOENT")) {
+            return;
+        }
+        throw error;
+    }
+    await rm(takeoverPath, {
+        force: true
+    });
+}
+function takeoverLockSync(path) {
     const takeoverPath = `${path}.stale-${process.pid}-${++takeoverCounter}`;
     try {
         renameSync(path, takeoverPath);