akm-cli 0.9.0-beta.0 → 0.9.0-beta.1

package/CHANGELOG.md

@@ -6,6 +6,28 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ## [Unreleased]
 
+## [0.9.0-beta.1] - 2026-06-08
+
+### Fixed
+
+- **`improve.lock` leaked on signal death (cron timeout)** — forward-ported from
+  0.8.3. The improve SIGTERM/SIGINT/SIGHUP handler calls `process.exit()`, which
+  skips `finally` blocks, so the `finally` releasing `improve.lock` never ran and
+  every timed-out cron run leaked the lock. It is now released from a
+  `process.on("exit", …)` handler registered at acquire time, via a new
+  ownership-checked `releaseLockIfOwned(path, pid)`.
+- **`quick` profile was not quick** — forward-ported from 0.8.3. It did not
+  disable the default-ON session-`extract` process, so a `quick` run processed
+  the entire session backlog (~40 min). `quick` now sets
+  `processes.extract.enabled: false`.
+- **`akm-eval` smoke suite adapted to the 0.9.0 CLI** (CI/tooling only). The
+  eval harness called `akm search --detail agent`, but 0.9.0 moved the
+  agent/summary projections to `--shape`; it now uses `--shape agent`.
+  Additionally, the improve-run history readers (`listRecentImproveRunIds` /
+  `resolveImproveRunId`) treated a missing `state.db` as an error rather than
+  "no runs", which broke the read-only smoke + replay-determinism gates on a
+  fresh checkout; a missing `state.db` is now handled as an empty history.
+
 ## [0.9.0-beta.0] - 2026-06-08
 
 ### Added
@@ -191,6 +213,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
   `migrate-storage` change is pinned by a sha256 + file-mode fixture-stash
   differential test.
 
+## [0.8.3] - 2026-06-08
+
+### Fixed
+
+- **`improve.lock` leaked on signal death (cron timeout).** The improve
+  SIGTERM/SIGINT/SIGHUP handler calls `process.exit()`, which skips `finally`
+  blocks — so the `finally` that releases `improve.lock` never ran, and every
+  timed-out cron run leaked the lock sentinel. (It wasn't a permanent deadlock
+  only because the next run reclaims a dead-PID lock, a path that PID reuse can
+  defeat.) The lock is now released from a `process.on("exit", …)` handler
+  registered at acquire time (exit handlers DO run on `process.exit()`), via a
+  new ownership-checked `releaseLockIfOwned(path, pid)` so a backstop release can
+  never delete a different run's lock. This generalizes to the budget watchdog
+  and any future exit path.
+- **`quick` profile was not quick.** It was documented "Reflect-only" but did
+  not disable the session-`extract` process (which is default-ON), so a `quick`
+  run processed the entire unindexed-session backlog (~40 min) — guaranteeing a
+  5-minute cron timeout → SIGTERM → the lock leak above, every run. `quick` now
+  explicitly sets `processes.extract.enabled: false`.
+
 ## [0.8.2] - 2026-06-05
 
 ### Added

package/dist/assets/profiles/quick.json

@@ -1,10 +1,11 @@
 {
-  "description": "Reflect-only pass — no distill, consolidate, memoryInference, or graphExtraction.",
+  "description": "Reflect-only pass — no extract, distill, consolidate, memoryInference, or graphExtraction.",
   "processes": {
     "reflect": {
       "enabled": true,
       "allowedTypes": ["agent", "command", "knowledge", "lesson", "memory", "skill", "wiki", "workflow"]
     },
+    "extract": { "enabled": false },
     "distill": { "enabled": false },
     "consolidate": { "enabled": false },
     "memoryInference": { "enabled": false },

package/dist/commands/improve/improve.js

@@ -10,7 +10,7 @@ import { daysToMs, isAssetType } from "../../core/common.js";
 import { getDefaultLlmConfig, loadConfig } from "../../core/config/config.js";
 import { ConfigError, NotFoundError, rethrowIfTestIsolationError, UsageError } from "../../core/errors.js";
 import { appendEvent, readEvents } from "../../core/events.js";
-import { probeLock, releaseLock, tryAcquireLockSync } from "../../core/file-lock.js";
+import { probeLock, releaseLock, releaseLockIfOwned, tryAcquireLockSync } from "../../core/file-lock.js";
 import { classifyImproveAction } from "../../core/improve-types.js";
 import { getDbPath, getStateDbPathInDataDir } from "../../core/paths.js";
 import { openStateDatabase, purgeOldEvents, purgeOldImproveRuns } from "../../core/state-db.js";
@@ -560,6 +560,17 @@ export async function akmImprove(options = {}) {
         }
         lockAcquired = false;
     };
+    // Signal-safe lock release. The SIGTERM/SIGINT/SIGHUP handler in improve-cli.ts
+    // calls `process.exit()`, which does NOT run the `finally` below that owns lock
+    // release — so a cron-timeout SIGTERM leaked `improve.lock` every run.
+    // `process.exit()` DOES fire `'exit'` listeners, so we release the lock from
+    // one. `releaseLockIfOwned` only unlinks a lock still owned by this PID, so it
+    // is safe even if a later run re-acquired it. The listener is removed in the
+    // `finally` so the normal path stays single-release and repeated in-process
+    // `akmImprove` calls (tests) do not accumulate listeners.
+    const releaseLockOnExit = () => {
+        releaseLockIfOwned(resolvedLockPath, process.pid);
+    };
     const preEnsureCleanupWarnings = [];
     let plannedRefs;
     let memorySummary;
@@ -574,6 +585,9 @@ export async function akmImprove(options = {}) {
         if (!options.dryRun) {
             acquireLock();
             lockAcquired = true;
+            // Backstop release on process.exit() (signal handler / budget watchdog),
+            // which skips the finally below. Removed in that finally on the normal path.
+            process.on("exit", releaseLockOnExit);
             // Phase 4 triage pre-pass (§7, §13): drain the standing pending backlog
             // BEFORE ensureIndex so improve generates fresh proposals against a cleared
             // queue (no `duplicate_pending` collisions) and ensureIndex absorbs triage's
@@ -1002,6 +1016,9 @@ export async function akmImprove(options = {}) {
         catch {
             // ignore
         }
+        // The normal path released the lock above; drop the process.exit backstop so
+        // it does not fire later (or accumulate across repeated in-process calls).
+        process.removeListener("exit", releaseLockOnExit);
         // I1: close the long-lived state.db connection opened at the top of the run.
         try {
             eventsDb?.close();

package/dist/core/file-lock.js

@@ -79,6 +79,28 @@ export function releaseLock(lockPath) {
         // Sentinel already gone — fine.
     }
 }
+/**
+ * Release a lock ONLY if it is still owned by `ownerPid`. Safe to call from a
+ * `process.exit()` / `'exit'` handler as a backstop: `process.exit()` skips
+ * `finally` blocks — so the normal lock-release never runs on signal death
+ * (SIGTERM/SIGINT) — but it DOES fire `'exit'` listeners synchronously. Checking
+ * ownership first means that if the lock was already released and re-acquired by
+ * a different process, this leaves that process's lock intact (no cross-run
+ * deletion / PID-reuse footgun). Synchronous so it is valid inside an exit handler.
+ */
+export function releaseLockIfOwned(lockPath, ownerPid) {
+    let rawContent;
+    try {
+        rawContent = fs.readFileSync(lockPath, "utf8");
+    }
+    catch {
+        // Absent or unreadable — nothing of ours to release.
+        return;
+    }
+    if (extractHolderPid(rawContent) === ownerPid) {
+        releaseLock(lockPath);
+    }
+}
 /**
  * Extract a PID from a sentinel body. Accepts the two shapes used across
  * the codebase: a bare numeric string (config-io, vault, lockfile) and

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "akm-cli",
-  "version": "0.9.0-beta.0",
+  "version": "0.9.0-beta.1",
   "type": "module",
   "description": "akm (Agent Knowledge Management) — A package manager for AI agent skills, commands, tools, and knowledge. Works with Claude Code, OpenCode, Cursor, and any AI coding assistant.",
   "keywords": [