arisa 2.2.11 → 2.3.0

package/bin/arisa.js

@@ -403,7 +403,9 @@ function printForegroundNotice() {
   process.stdout.write("Use `arisa start` to run it as a background service.\n");
 }
 
-// ── Root detection helpers ──────────────────────────────────────────
+// ── Root: create arisa user for claude/codex execution ──────────────
+// Daemon runs as root. Only claude/codex CLI calls run as user arisa
+// (Claude CLI refuses to run as root). This avoids two heavy bun processes.
 
 function isRoot() {
   return process.getuid?.() === 0;
@@ -413,24 +415,8 @@ function arisaUserExists() {
   return spawnSync("id", ["arisa"], { stdio: "ignore" }).status === 0;
 }
 
-function isProvisioned() {
-  return arisaUserExists() && existsSync("/home/arisa/.bun/bin/bun") && existsSync(SHARED_ARISA_ROOT);
-}
-
-function isArisaConfigured() {
-  const envPath = "/home/arisa/.arisa/.env";
-  if (!existsSync(envPath)) return false;
-  const content = readFileSync(envPath, "utf8");
-  return content.includes("TELEGRAM_BOT_TOKEN=");
-}
-
-function detectSudoGroup() {
-  // Debian/Ubuntu use 'sudo', RHEL/Fedora use 'wheel'
-  const sudoGroup = spawnSync("getent", ["group", "sudo"], { stdio: "ignore" });
-  if (sudoGroup.status === 0) return "sudo";
-  const wheelGroup = spawnSync("getent", ["group", "wheel"], { stdio: "ignore" });
-  if (wheelGroup.status === 0) return "wheel";
-  return null;
+function isArisaUserProvisioned() {
+  return arisaUserExists() && existsSync("/home/arisa/.bun/bin/bun");
 }
 
 function step(ok, msg) {
@@ -438,320 +424,44 @@ function step(ok, msg) {
 }
 
 const ARISA_BUN_ENV = 'export BUN_INSTALL=/home/arisa/.bun && export PATH=/home/arisa/.bun/bin:$PATH';
-const SHARED_ARISA_ROOT = "/opt/arisa/node_modules/arisa";
-const sharedDaemonEntry = join(SHARED_ARISA_ROOT, "src", "daemon", "index.ts");
-
-function runAsInherit(cmd) {
-  return spawnSync("su", ["-", "arisa", "-c", `${ARISA_BUN_ENV} && ${cmd}`], {
-    stdio: "inherit",
-    timeout: 180_000,
-  });
-}
-
-function ensureSwap() {
-  // Check if swap already exists
-  const swapon = spawnSync("swapon", ["--show"], { stdio: "pipe" });
-  const swapOutput = (swapon.stdout || "").toString().trim();
-  if (swapOutput.includes("/")) return; // swap already active
-
-  // Create 512MB swap file (essential on 1GB VPS for bun add)
-  process.stdout.write("  Creating swap file (512MB)...\n");
-  const cmds = [
-    ["fallocate", ["-l", "512M", "/swapfile"]],
-    ["chmod", ["600", "/swapfile"]],
-    ["mkswap", ["/swapfile"]],
-    ["swapon", ["/swapfile"]],
-  ];
-  for (const [cmd, cmdArgs] of cmds) {
-    const result = spawnSync(cmd, cmdArgs, { stdio: "pipe" });
-    if (result.status !== 0) {
-      step(false, "Failed to create swap file");
-      return;
-    }
-  }
-
-  // Make persistent across reboots
-  const fstabPath = "/etc/fstab";
-  if (existsSync(fstabPath)) {
-    const fstab = readFileSync(fstabPath, "utf8");
-    if (!fstab.includes("/swapfile")) {
-      writeFileSync(fstabPath, fstab.trimEnd() + "\n/swapfile none swap sw 0 0\n");
-    }
-  }
-
-  step(true, "Swap file created (512MB)");
-}
 
 function provisionArisaUser() {
-  process.stdout.write("Running as root \u2014 creating dedicated user 'arisa'...\n");
-
-  // 0. Ensure swap exists (prevents OOM on 1GB VPS during CLI installs)
-  ensureSwap();
+  process.stdout.write("Creating user 'arisa' for Claude/Codex CLI execution...\n");
 
   // 1. Create user
-  const useradd = spawnSync("useradd", ["-m", "-s", "/bin/bash", "arisa"], {
-    stdio: "pipe",
-  });
+  const useradd = spawnSync("useradd", ["-m", "-s", "/bin/bash", "arisa"], { stdio: "pipe" });
   if (useradd.status !== 0) {
     step(false, `Failed to create user: ${(useradd.stderr || "").toString().trim()}`);
     process.exit(1);
   }
   step(true, "User arisa created");
 
-  // Add to sudo/wheel group if available
-  const group = detectSudoGroup();
-  if (group) {
-    spawnSync("usermod", ["-aG", group, "arisa"], { stdio: "ignore" });
-  }
-
-  // 2. Install bun (curl, not bun — low memory footprint)
-  process.stdout.write("  Installing bun (this may take a minute)...\n");
-  const bunInstall = runAsInherit("curl -fsSL https://bun.sh/install | bash");
+  // 2. Install bun for arisa (curl — lightweight, no bun child process)
+  process.stdout.write("  Installing bun for arisa (this may take a minute)...\n");
+  const bunInstall = spawnSync("su", ["-", "arisa", "-c", "curl -fsSL https://bun.sh/install | bash"], {
+    stdio: "inherit",
+    timeout: 180_000,
+  });
   if (bunInstall.status !== 0) {
     step(false, "Failed to install bun");
     process.exit(1);
   }
   step(true, "Bun installed for arisa");
 
-  // Ensure .profile has bun PATH (login shells skip .bashrc non-interactive guard)
-  const profilePath = "/home/arisa/.profile";
-  const profileContent = existsSync(profilePath) ? readFileSync(profilePath, "utf8") : "";
-  if (!profileContent.includes("BUN_INSTALL")) {
-    const bunPath = '\n# bun\nexport BUN_INSTALL="/home/arisa/.bun"\nexport PATH="$BUN_INSTALL/bin:$PATH"\n';
-    writeFileSync(profilePath, profileContent + bunPath, "utf8");
-    spawnSync("chown", ["arisa:arisa", profilePath], { stdio: "ignore" });
-  }
-
-  // 3. Copy global node_modules to shared location (lightweight cp, no bun)
-  const sharedDir = "/opt/arisa";
-  const globalModules = resolve(pkgRoot, "..");
-  mkdirSync(sharedDir, { recursive: true });
-  spawnSync("cp", ["-r", globalModules, join(sharedDir, "node_modules")], { stdio: "pipe" });
-  spawnSync("chown", ["-R", "arisa:arisa", sharedDir], { stdio: "pipe" });
-  step(true, "Arisa copied to /opt/arisa");
-
-  // 4. Migrate data
-  const rootArisa = "/root/.arisa";
-  if (existsSync(rootArisa)) {
-    const destArisa = "/home/arisa/.arisa";
-    spawnSync("cp", ["-r", rootArisa, destArisa], { stdio: "pipe" });
-    spawnSync("chown", ["-R", "arisa:arisa", destArisa], { stdio: "pipe" });
-    step(true, "Data migrated to /home/arisa/.arisa/");
-  }
-}
-
-// ── System-level systemd (for root-provisioned installs) ────────────
-
-const systemdSystemUnitPath = "/etc/systemd/system/arisa.service";
-
-function writeSystemdSystemUnit() {
-  const unit = `[Unit]
-Description=Arisa Agent Runtime
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-User=arisa
-WorkingDirectory=${SHARED_ARISA_ROOT}
-ExecStart=/home/arisa/.bun/bin/bun ${sharedDaemonEntry}
-Restart=always
-RestartSec=5
-Environment=ARISA_PROJECT_DIR=${SHARED_ARISA_ROOT}
-Environment=BUN_INSTALL=/home/arisa/.bun
-Environment=PATH=/home/arisa/.bun/bin:/usr/local/bin:/usr/bin:/bin
-
-[Install]
-WantedBy=multi-user.target
-`;
-  writeFileSync(systemdSystemUnitPath, unit, "utf8");
-}
-
-function runSystemdSystem(commandArgs) {
-  const child = runCommand("systemctl", commandArgs, { stdio: "pipe" });
-  if (child.status !== 0) {
-    const stderr = child.stderr || "Unknown systemd error";
-    process.stderr.write(stderr.endsWith("\n") ? stderr : `${stderr}\n`);
-    return { ok: false, status: child.status ?? 1 };
-  }
-  return { ok: true, status: 0, stdout: child.stdout || "" };
-}
-
-function startSystemdSystem() {
-  const start = runSystemdSystem(["start", "arisa"]);
-  if (!start.ok) return start.status;
-  process.stdout.write("Arisa service started.\n");
-  return 0;
-}
-
-function stopSystemdSystem() {
-  const stop = runSystemdSystem(["stop", "arisa"]);
-  if (!stop.ok) return stop.status;
-  process.stdout.write("Arisa service stopped.\n");
-  return 0;
-}
-
-function restartSystemdSystem() {
-  const restart = runSystemdSystem(["restart", "arisa"]);
-  if (!restart.ok) return restart.status;
-  process.stdout.write("Arisa service restarted.\n");
-  return 0;
-}
-
-function statusSystemdSystem() {
-  const result = runCommand("systemctl", ["status", "arisa"], { stdio: "inherit" });
-  return result.status ?? 1;
-}
-
-function isSystemdActive() {
-  const result = runCommand("systemctl", ["is-active", "arisa"], { stdio: "pipe" });
-  return result.status === 0;
-}
-
-function canUseSystemdSystem() {
-  if (platform() !== "linux") return false;
-  if (!commandExists("systemctl")) return false;
-  const probe = runCommand("systemctl", ["is-system-running"], { stdio: "pipe" });
-  const state = (probe.stdout || "").trim();
-  return probe.status === 0 || state === "degraded" || state === "running";
-}
-
-function runArisaForeground() {
-  const result = spawnSync("su", ["-", "arisa", "-c", `${ARISA_BUN_ENV} && export ARISA_PROJECT_DIR=${SHARED_ARISA_ROOT} && exec /home/arisa/.bun/bin/bun ${sharedDaemonEntry}`], {
-    stdio: "inherit",
-  });
-  return result.status ?? 1;
-}
-
-// ── Minimal setup (runs as root, no second bun process) ─────────────
+  // 3. Write ink-shim for non-TTY execution (prevents Ink setRawMode crash)
+  const shimPath = "/home/arisa/.arisa-ink-shim.js";
+  writeFileSync(shimPath, 'if(process.stdin&&!process.stdin.setRawMode)process.stdin.setRawMode=()=>process.stdin;\n');
+  spawnSync("chown", ["arisa:arisa", shimPath], { stdio: "ignore" });
+  step(true, "Ink shim installed");
 
-function askLine(promptText) {
-  process.stdout.write(promptText);
-  const result = spawnSync("bash", ["-c", "read -r line; echo \"$line\""], {
-    stdio: ["inherit", "pipe", "inherit"],
-  });
-  return (result.stdout || "").toString().trim();
+  process.stdout.write("  Done. Claude/Codex will run as user arisa.\n\n");
 }
 
-function runMinimalSetup() {
-  const arisaDataDir = "/home/arisa/.arisa";
-  const envPath = join(arisaDataDir, ".env");
-
-  // Load existing .env if any
-  const vars = {};
-  if (existsSync(envPath)) {
-    for (const line of readFileSync(envPath, "utf8").split("\n")) {
-      const match = line.match(/^([A-Z_][A-Z0-9_]*)=(.+)$/);
-      if (match) vars[match[1]] = match[2].trim();
-    }
-  }
-
-  if (!vars.TELEGRAM_BOT_TOKEN) {
-    process.stdout.write("\nArisa Setup\n\n");
-    const token = askLine("Telegram Bot Token (from https://t.me/BotFather): ");
-    if (!token) {
-      process.stdout.write("No token provided. Cannot start without Telegram Bot Token.\n");
-      process.exit(1);
-    }
-    vars.TELEGRAM_BOT_TOKEN = token;
-    process.stdout.write("  Token saved.\n");
-  }
-
-  if (!vars.OPENAI_API_KEY) {
-    const key = askLine("OpenAI API Key (optional, enter to skip): ");
-    if (key) {
-      vars.OPENAI_API_KEY = key;
-      process.stdout.write("  Key saved.\n");
-    }
-  }
-
-  vars.ARISA_SETUP_COMPLETE = "1";
-
-  // Write .env
-  mkdirSync(arisaDataDir, { recursive: true });
-  const content = Object.entries(vars).map(([k, v]) => `${k}=${v}`).join("\n") + "\n";
-  writeFileSync(envPath, content, "utf8");
-  spawnSync("chown", ["-R", "arisa:arisa", arisaDataDir], { stdio: "ignore" });
-
-  process.stdout.write(`\nConfig saved to ${envPath}\n`);
-}
-
-// ── Root guard ──────────────────────────────────────────────────────
-
-if (isRoot()) {
-  if (!isProvisioned()) {
-    provisionArisaUser();
-    if (canUseSystemdSystem()) {
-      writeSystemdSystemUnit();
-      spawnSync("systemctl", ["daemon-reload"], { stdio: "inherit" });
-      spawnSync("systemctl", ["enable", "arisa"], { stdio: "inherit" });
-      step(true, "Systemd service enabled (auto-starts on reboot)");
-    }
-  }
-
-  // Minimal setup: collect tokens here (no second bun process)
-  if (!isArisaConfigured()) {
-    runMinimalSetup();
-  }
-
-  // Already provisioned + configured — route commands
-  if (command === "help" || command === "--help" || command === "-h") {
-    printHelp();
-    process.exit(0);
-  }
-  if (command === "version" || command === "--version" || command === "-v") {
-    printVersion();
-    process.exit(0);
-  }
-
-  const hasSystemd = canUseSystemdSystem();
-
-  if (isDefaultInvocation) {
-    if (hasSystemd) {
-      if (!isSystemdActive()) {
-        const start = startSystemdSystem();
-        if (start !== 0) process.exit(start);
-      }
-      process.stdout.write("\nArisa is running. Management commands:\n");
-      process.stdout.write("  Status:   systemctl status arisa\n");
-      process.stdout.write("  Logs:     journalctl -u arisa -f\n");
-      process.stdout.write("  Restart:  systemctl restart arisa\n");
-      process.stdout.write("  Stop:     systemctl stop arisa\n\n");
-      process.exit(0);
-    }
-    // No systemd → foreground (two bun processes, but no other option)
-    process.exit(runArisaForeground());
-  }
-
-  switch (command) {
-    case "start":
-      if (hasSystemd) process.exit(startSystemdSystem());
-      process.exit(runArisaForeground());
-      break;
-    case "stop":
-      if (hasSystemd) process.exit(stopSystemdSystem());
-      process.stderr.write("No systemd available. Stop the foreground process with Ctrl+C.\n");
-      process.exit(1);
-      break;
-    case "restart":
-      if (hasSystemd) process.exit(restartSystemdSystem());
-      process.stderr.write("No systemd available. Restart the foreground process manually.\n");
-      process.exit(1);
-      break;
-    case "status":
-      if (hasSystemd) process.exit(statusSystemdSystem());
-      process.stderr.write("No systemd available.\n");
-      process.exit(1);
-      break;
-    case "daemon":
-    case "run":
-      process.exit(runArisaForeground());
-    default:
-      process.stderr.write(`Unknown command: ${command}\n\n`);
-      printHelp();
-      process.exit(1);
-  }
+// Provision arisa user if running as root and not yet done
+if (isRoot() && !isArisaUserProvisioned()) {
+  provisionArisaUser();
 }
+// Then fall through to normal daemon startup (as root)
 
 // ── Non-root flow (unchanged) ───────────────────────────────────────
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "arisa",
-  "version": "2.2.11",
+  "version": "2.3.0",
   "description": "Arisa - dynamic agent runtime with daemon/core architecture that evolves through user interaction",
   "preferGlobal": true,
   "bin": {

package/src/daemon/setup.ts

@@ -15,7 +15,7 @@ import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
 import { dirname, join } from "path";
 import { dataDir } from "../shared/paths";
 import { secrets, setSecret } from "../shared/secrets";
-import { isAgentCliInstalled, buildBunWrappedAgentCliCommand, type AgentCliName } from "../shared/ai-cli";
+import { isAgentCliInstalled, buildBunWrappedAgentCliCommand, isRunningAsRoot, type AgentCliName } from "../shared/ai-cli";
 
 const ENV_PATH = join(dataDir, ".env");
 const SETUP_DONE_KEY = "ARISA_SETUP_COMPLETE";
@@ -230,11 +230,14 @@ async function setupClis(inq: typeof import("@inquirer/prompts") | null, vars: R
 
 async function installCli(cli: AgentCliName): Promise<boolean> {
   try {
-    const proc = Bun.spawn(["bun", "add", "-g", CLI_PACKAGES[cli]], {
+    const cmd = isRunningAsRoot()
+      ? ["su", "-", "arisa", "-c", `export BUN_INSTALL=/home/arisa/.bun && export PATH=/home/arisa/.bun/bin:$PATH && bun add -g ${CLI_PACKAGES[cli]}`]
+      : ["bun", "add", "-g", CLI_PACKAGES[cli]];
+    const proc = Bun.spawn(cmd, {
       stdout: "inherit",
       stderr: "inherit",
     });
-    const timeout = setTimeout(() => proc.kill(), 120_000);
+    const timeout = setTimeout(() => proc.kill(), 180_000);
     const exitCode = await proc.exited;
     clearTimeout(timeout);
     return exitCode === 0;

package/src/shared/ai-cli.ts

@@ -1,6 +1,8 @@
 /**
  * @module shared/ai-cli
  * @role Resolve agent CLI binaries and execute them via Bun runtime.
+ *       When running as root, wraps calls with su - arisa to satisfy
+ *       Claude CLI's non-root requirement.
  */
 
 import { existsSync } from "fs";
@@ -8,6 +10,18 @@ import { delimiter, dirname, join } from "path";
 
 export type AgentCliName = "claude" | "codex";
 
+const ARISA_USER_BUN = "/home/arisa/.bun/bin";
+const ARISA_INK_SHIM = "/home/arisa/.arisa-ink-shim.js";
+const ARISA_BUN_ENV = `export BUN_INSTALL=/home/arisa/.bun && export PATH=${ARISA_USER_BUN}:$PATH`;
+
+export function isRunningAsRoot(): boolean {
+  return process.getuid?.() === 0;
+}
+
+function shellEscape(arg: string): string {
+  return "'" + arg.replace(/'/g, "'\\''") + "'";
+}
+
 function unique(paths: Array<string | null | undefined>): string[] {
   const seen = new Set<string>();
   const out: string[] = [];
@@ -25,6 +39,14 @@ function cliOverrideEnvVar(cli: AgentCliName): string | undefined {
 }
 
 function candidatePaths(cli: AgentCliName): string[] {
+  if (isRunningAsRoot()) {
+    // When root, CLIs are installed under arisa user's bun
+    return unique([
+      cliOverrideEnvVar(cli),
+      join(ARISA_USER_BUN, cli),
+    ]);
+  }
+
   const bunInstall = process.env.BUN_INSTALL?.trim();
   const bunDir = dirname(process.execPath);
   const fromPath = Bun.which(cli);
@@ -57,6 +79,14 @@ export function isAgentCliInstalled(cli: AgentCliName): boolean {
 const INK_SHIM = join(dirname(new URL(import.meta.url).pathname), "ink-shim.js");
 
 export function buildBunWrappedAgentCliCommand(cli: AgentCliName, args: string[]): string[] {
+  if (isRunningAsRoot()) {
+    // Run as arisa user — Claude CLI refuses to run as root
+    const cliPath = resolveAgentCliPath(cli) || join(ARISA_USER_BUN, cli);
+    const shimPath = existsSync(ARISA_INK_SHIM) ? ARISA_INK_SHIM : INK_SHIM;
+    const inner = ["bun", "--preload", shimPath, cliPath, ...args].map(shellEscape).join(" ");
+    return ["su", "-", "arisa", "-c", `${ARISA_BUN_ENV} && ${inner}`];
+  }
+
   const cliPath = resolveAgentCliPath(cli);
   if (!cliPath) {
     throw new Error(`${cli} CLI not found`);