@wolpertingerlabs/drawlatch 1.0.0-alpha.9.3 → 1.0.0-alpha.9.5

package/bin/drawlatch.js

@@ -356,10 +356,16 @@ async function cmdStart() {
     }
     console.log(`  Logs:      drawlatch logs`);
   } else {
-    console.log(
-      `\nServer started (PID ${child.pid}) but health check did not pass.`,
-    );
-    console.log(`  Check logs: drawlatch logs`);
+    const stillAlive = isProcessAlive(child.pid);
+    if (stillAlive) {
+      console.log(
+        `\nServer started (PID ${child.pid}) but health check did not pass within 5s.`,
+      );
+      console.log(`  The server process is still running — it may need more time.`);
+    } else {
+      console.log(`\nServer process (PID ${child.pid}) exited before becoming healthy.`);
+      cleanPidFile();
+    }
     await diagnoseStartFailure();
   }
 }
@@ -956,18 +962,18 @@ function ensureConfigDir() {
 // ── Diagnostic utilities ──────────────────────────────────────────
 
 async function diagnoseStartFailure() {
-  if (!existsSync(LOG_FILE)) return;
+  if (!existsSync(LOG_FILE)) {
+    console.log("\n  No log file found. The server may not have started at all.");
+    return;
+  }
   try {
     const content = readFileSync(LOG_FILE, "utf-8");
-    const lines = content.split("\n").slice(-20);
-    const eaddrinuse = lines.find((l) => l.includes("EADDRINUSE"));
-    const eacces = lines.find((l) => l.includes("EACCES"));
-    if (eaddrinuse) {
-      console.log("\n  Error: Port is already in use.");
-      console.log("  Another process may be using the same port.");
-    } else if (eacces) {
-      console.log("\n  Error: Permission denied.");
-      console.log("  Try using a port >= 1024.");
+    const lines = content.split("\n").filter(Boolean).slice(-15);
+    if (lines.length > 0) {
+      console.log("\n  Recent logs:");
+      for (const line of lines) {
+        console.log(`    ${line}`);
+      }
     }
   } catch {
     // Best effort

package/dist/remote/ingestors/manager.d.ts

@@ -43,7 +43,14 @@ export declare class IngestorManager {
     private readonly config;
     /** Active ingestor instances, keyed by `callerAlias:connectionAlias:instanceId`. */
     private ingestors;
-    constructor(config: RemoteServerConfig);
+    /**
+     * Optional config loader for hot-reload support. When provided, `startOne()`
+     * uses it to get fresh config from disk instead of the constructor snapshot.
+     */
+    private configLoader;
+    constructor(config: RemoteServerConfig, configLoader?: () => RemoteServerConfig);
+    /** Return fresh config if a loader is available, otherwise the constructor snapshot. */
+    private getConfig;
     /**
      * Start ingestors for all callers whose connections have an `ingestor` config.
      * Called once when the remote server starts listening.

package/dist/remote/ingestors/manager.js

@@ -48,8 +48,18 @@ export class IngestorManager {
     config;
     /** Active ingestor instances, keyed by `callerAlias:connectionAlias:instanceId`. */
     ingestors = new Map();
-    constructor(config) {
+    /**
+     * Optional config loader for hot-reload support. When provided, `startOne()`
+     * uses it to get fresh config from disk instead of the constructor snapshot.
+     */
+    configLoader;
+    constructor(config, configLoader) {
         this.config = config;
+        this.configLoader = configLoader;
+    }
+    /** Return fresh config if a loader is available, otherwise the constructor snapshot. */
+    getConfig() {
+        return this.configLoader ? this.configLoader() : this.config;
     }
     /**
      * Start ingestors for all callers whose connections have an `ingestor` config.
@@ -228,7 +238,11 @@ export class IngestorManager {
      * When omitted, starts the default instance (or all instances if listenerInstances is defined).
      */
     async startOne(callerAlias, connectionAlias, instanceId) {
-        const callerConfig = this.config.callers[callerAlias];
+        // Get fresh config (from disk in production, or constructor snapshot in tests)
+        // so we pick up changes made by tool handlers (e.g. set_connection_enabled,
+        // set_listener_params, set_secrets) without requiring a server restart.
+        const config = this.getConfig();
+        const callerConfig = config.callers[callerAlias];
         if (!callerConfig) {
             return {
                 success: false,
@@ -244,7 +258,7 @@ export class IngestorManager {
                 error: `Caller does not have connection: ${connectionAlias}`,
             };
         }
-        const rawRoutes = resolveCallerRoutes(this.config, callerAlias);
+        const rawRoutes = resolveCallerRoutes(config, callerAlias);
         const callerEnvResolved = resolveSecrets(callerConfig.env ?? {});
         const resolvedRoutes = resolveRoutes(rawRoutes, callerEnvResolved, callerAlias);
         const rawRoute = rawRoutes[connectionIndex];
@@ -258,7 +272,7 @@ export class IngestorManager {
         }
         // If a specific instanceId is given, start just that one
         if (instanceId) {
-            return this.startOneInstance(callerAlias, connectionAlias, instanceId, rawRoute, resolvedRoute);
+            return this.startOneInstance(callerAlias, connectionAlias, instanceId, rawRoute, resolvedRoute, config);
         }
         // If listenerInstances is defined, start all instances
         const instances = callerConfig.listenerInstances?.[connectionAlias];
@@ -267,15 +281,15 @@ export class IngestorManager {
             for (const [instId, instOverrides] of Object.entries(instances)) {
                 if (instOverrides.disabled)
                     continue;
-                results.push(await this.startOneInstance(callerAlias, connectionAlias, instId, rawRoute, resolvedRoute));
+                results.push(await this.startOneInstance(callerAlias, connectionAlias, instId, rawRoute, resolvedRoute, config));
             }
             return results;
         }
         // Single default instance
-        return this.startOneInstance(callerAlias, connectionAlias, undefined, rawRoute, resolvedRoute);
+        return this.startOneInstance(callerAlias, connectionAlias, undefined, rawRoute, resolvedRoute, config);
     }
     /** Internal: start a single specific instance. */
-    async startOneInstance(callerAlias, connectionAlias, instanceId, rawRoute, resolvedRoute) {
+    async startOneInstance(callerAlias, connectionAlias, instanceId, rawRoute, resolvedRoute, config) {
         const key = makeKey(callerAlias, connectionAlias, instanceId ?? DEFAULT_INSTANCE_ID);
         // If already running, return current status
         const existing = this.ingestors.get(key);
@@ -289,10 +303,10 @@ export class IngestorManager {
             // Remove stopped instance to recreate
             this.ingestors.delete(key);
         }
-        const callerConfig = this.config.callers[callerAlias];
+        const callerCfg = config.callers[callerAlias];
         const overrides = instanceId
-            ? callerConfig.listenerInstances?.[connectionAlias]?.[instanceId]
-            : callerConfig.ingestorOverrides?.[connectionAlias];
+            ? callerCfg.listenerInstances?.[connectionAlias]?.[instanceId]
+            : callerCfg.ingestorOverrides?.[connectionAlias];
         const effectiveConfig = IngestorManager.mergeIngestorConfig(rawRoute.ingestor, overrides);
         // Apply instance params
         const instanceSecrets = { ...resolvedRoute.secrets };

package/dist/remote/server.js

@@ -30,11 +30,11 @@ import { isSecretSetForCaller, setCallerSecrets } from '../shared/env-utils.js';
 function loadEnvFile() {
     const configDirEnvPath = getEnvFilePath();
     if (fs.existsSync(configDirEnvPath)) {
-        dotenv.config({ path: configDirEnvPath });
+        dotenv.config({ path: configDirEnvPath, quiet: true });
         return;
     }
     // Backward compat: fall back to cwd .env
-    const result = dotenv.config();
+    const result = dotenv.config({ quiet: true });
     if (result.parsed) {
         console.warn(`[remote] Loaded .env from working directory. ` +
             `Move it to ${configDirEnvPath} for portable operation.`);
@@ -1030,8 +1030,14 @@ export function createApp(options = {}) {
     const ownKeys = options.ownKeys ?? loadKeyBundle(getServerKeysDir());
     const authorizedPeers = options.authorizedPeers ?? loadCallerPeers(config.callers);
     rateLimitPerMinute = config.rateLimitPerMinute;
-    // Create or use the provided ingestor manager
-    const ingestorManager = options.ingestorManager ?? new IngestorManager(config);
+    // Create or use the provided ingestor manager.
+    // When config is loaded from disk (production), pass loadRemoteConfig as the
+    // config loader so startOne()/restartOne() read fresh config, picking up
+    // changes made by tool handlers without requiring a server restart.
+    // When config is injected via options (tests), omit the loader so the
+    // IngestorManager uses the injected config snapshot.
+    const configLoader = options.config ? undefined : loadRemoteConfig;
+    const ingestorManager = options.ingestorManager ?? new IngestorManager(config, configLoader);
     app.locals.ingestorManager = ingestorManager;
     // Log connector and caller summary
     const connectorCount = config.connectors?.length ?? 0;
@@ -1076,9 +1082,12 @@ export function createApp(options = {}) {
             // Look up the caller alias by matching the returned PublicKeyBundle
             const matchedPeer = authorizedPeers.find((p) => p.keys === initiatorPubKey);
             const callerAlias = matchedPeer?.alias ?? 'unknown';
+            // Reload config from disk so new sessions pick up changes made by tool
+            // handlers (e.g. set_connection_enabled, set_secrets) without a restart.
+            const freshConfig = options.config ?? loadRemoteConfig();
             // Resolve per-caller routes (with optional env overrides)
-            const callerRoutes = resolveCallerRoutes(config, callerAlias);
-            const caller = config.callers[callerAlias];
+            const callerRoutes = resolveCallerRoutes(freshConfig, callerAlias);
+            const caller = freshConfig.callers[callerAlias];
             const callerEnvResolved = resolveSecrets(caller.env ?? {});
             const callerResolvedRoutes = resolveRoutes(callerRoutes, callerEnvResolved, callerAlias);
             // Store pending handshake for the finish step
@@ -1316,19 +1325,21 @@ export function createApp(options = {}) {
             res.status(400).json({ error: 'INVALID_PAYLOAD', detail: `Invalid public keys: ${msg}` });
             return;
         }
+        // Reload config from disk so we don't clobber changes made since startup
+        const freshConfig = options.config ?? loadRemoteConfig();
         // Register caller in config if not already present
-        if (!(callerAlias in config.callers)) {
-            config.callers[callerAlias] = {
+        if (!(callerAlias in freshConfig.callers)) {
+            freshConfig.callers[callerAlias] = {
                 connections: [],
             };
-            saveRemoteConfig(config);
+            saveRemoteConfig(freshConfig);
             console.log(`[sync] Registered new caller "${callerAlias}" (0 connections — configure manually)`);
         }
         else {
             console.log(`[sync] Caller "${callerAlias}" already exists, updated peer keys`);
         }
         // Reload authorized peers so the new caller can connect immediately
-        const newPeer = loadCallerPeers({ [callerAlias]: config.callers[callerAlias] });
+        const newPeer = loadCallerPeers({ [callerAlias]: freshConfig.callers[callerAlias] });
         for (const p of newPeer) {
             if (!authorizedPeers.find((existing) => existing.alias === p.alias)) {
                 authorizedPeers.push(p);
@@ -1407,6 +1418,7 @@ export function createApp(options = {}) {
 }
 // ── Start ──────────────────────────────────────────────────────────────────
 export function main() {
+    console.log('[remote] Starting drawlatch server...');
     // Pre-flight validation: check for common setup issues before starting
     const remoteConfigPath = getRemoteConfigPath();
     if (!fs.existsSync(remoteConfigPath)) {
@@ -1443,6 +1455,7 @@ export function main() {
     let stopTunnel;
     const server = app.listen(port, host, () => void (async () => {
         console.log(`[remote] Secure remote server listening on ${host}:${port}`);
+        console.log(`[remote] PID: ${process.pid}, Node: ${process.version}`);
         // If a tunnel was requested, start it before ingestors so that
         // process.env.DRAWLATCH_TUNNEL_URL is available during secret resolution.
         if (useTunnel) {
@@ -1513,6 +1526,18 @@ export function main() {
             process.exit(1);
         }, 10_000).unref();
     };
+    server.on('error', (err) => {
+        if (err.code === 'EADDRINUSE') {
+            console.error(`[remote] Error: Port ${port} is already in use.`);
+        }
+        else if (err.code === 'EACCES') {
+            console.error(`[remote] Error: Permission denied for ${host}:${port}. Try a port >= 1024.`);
+        }
+        else {
+            console.error(`[remote] Server error:`, err);
+        }
+        process.exit(1);
+    });
     process.on('SIGTERM', shutdown);
     process.on('SIGINT', shutdown);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wolpertingerlabs/drawlatch",
-  "version": "1.0.0-alpha.9.3",
+  "version": "1.0.0-alpha.9.5",
   "description": "Encrypted MCP proxy with mutual authentication. Local MCP server forwards requests through an encrypted channel to a remote secrets-holding server.",
   "type": "module",
   "main": "./dist/mcp/server.js",