bosun 0.29.5 → 0.29.7

package/README.md

@@ -110,3 +110,6 @@ npm -C scripts/bosun run hooks:install
 ## License
 
 Apache-2.0
+
+<!-- GitHub Analytics Pixel -->
+<img src="https://cloud.umami.is/p/iR78WZdwe" alt="" width="1" height="1" style="display:none;" />

package/cli.mjs

@@ -66,6 +66,7 @@ function showHelp() {
 
   COMMANDS
     --setup                     Run the interactive setup wizard
+    --where                     Show the resolved bosun config directory
     --doctor                    Validate bosun .env/config setup
     --help                      Show this help
     --version                   Show version
@@ -203,6 +204,48 @@ function showHelp() {
 `);
 }
 
+function isWslInteropRuntime() {
+  return Boolean(
+    process.env.WSL_DISTRO_NAME ||
+      process.env.WSL_INTEROP ||
+      (process.platform === "win32" &&
+        String(process.env.HOME || "")
+          .trim()
+          .startsWith("/home/")),
+  );
+}
+
+function resolveConfigDirForCli() {
+  if (process.env.BOSUN_DIR) return resolve(process.env.BOSUN_DIR);
+  const preferWindowsDirs =
+    process.platform === "win32" && !isWslInteropRuntime();
+  const baseDir = preferWindowsDirs
+    ? process.env.APPDATA ||
+      process.env.LOCALAPPDATA ||
+      process.env.USERPROFILE ||
+      process.env.HOME ||
+      process.cwd()
+    : process.env.HOME ||
+      process.env.XDG_CONFIG_HOME ||
+      process.env.USERPROFILE ||
+      process.env.APPDATA ||
+      process.env.LOCALAPPDATA ||
+      process.cwd();
+  return resolve(baseDir, "bosun");
+}
+
+function printConfigLocations() {
+  const configDir = resolveConfigDirForCli();
+  const envPath = resolve(configDir, ".env");
+  const configPath = resolve(configDir, "bosun.config.json");
+  const workspacesPath = resolve(configDir, "workspaces");
+  console.log("\n  Bosun config directory");
+  console.log(`  ${configDir}`);
+  console.log(`  .env: ${envPath}`);
+  console.log(`  bosun.config.json: ${configPath}`);
+  console.log(`  workspaces: ${workspacesPath}\n`);
+}
+
 // ── Main ─────────────────────────────────────────────────────────────────────
 
 // ── Daemon Mode ──────────────────────────────────────────────────────────────
@@ -572,6 +615,12 @@ async function main() {
     process.exit(0);
   }
 
+  // Handle --where
+  if (args.includes("--where") || args.includes("where")) {
+    printConfigLocations();
+    process.exit(0);
+  }
+
   // Handle desktop shortcut controls
   if (args.includes("--desktop-shortcut")) {
     const { installDesktopShortcut, getDesktopShortcutMethodName } =
@@ -721,15 +770,23 @@ async function main() {
     );
   }
 
+  // Auto-start sentinel in daemon mode when Telegram credentials are available
+  const hasTelegramCreds = !!(
+    (process.env.TELEGRAM_BOT_TOKEN || readEnvCredentials().TELEGRAM_BOT_TOKEN) &&
+    (process.env.TELEGRAM_CHAT_ID || readEnvCredentials().TELEGRAM_CHAT_ID)
+  );
   const sentinelRequested =
     args.includes("--sentinel") ||
-    parseBoolEnv(process.env.BOSUN_SENTINEL_AUTO_START, false);
+    parseBoolEnv(process.env.BOSUN_SENTINEL_AUTO_START, false) ||
+    (IS_DAEMON_CHILD && hasTelegramCreds);
   if (sentinelRequested) {
     const sentinel = await ensureSentinelRunning({ quiet: false });
     if (!sentinel.ok) {
       const mode = args.includes("--sentinel")
         ? "requested by --sentinel"
-        : "requested by BOSUN_SENTINEL_AUTO_START";
+        : IS_DAEMON_CHILD && hasTelegramCreds
+          ? "auto-started in daemon mode (Telegram credentials detected)"
+          : "requested by BOSUN_SENTINEL_AUTO_START";
       const strictSentinel = parseBoolEnv(
         process.env.BOSUN_SENTINEL_STRICT,
         false,

package/codex-config.mjs

@@ -312,6 +312,51 @@ export function hasSandboxPermissions(toml) {
   return /^sandbox_permissions\s*=/m.test(toml);
 }
 
+function stripSandboxPermissions(toml) {
+  let next = toml.replace(
+    /^\s*#\s*Sandbox permissions.*(?:\r?\n)?/gim,
+    "",
+  );
+  next = next.replace(/^\s*sandbox_permissions\s*=.*(?:\r?\n)?/gim, "");
+  return next;
+}
+
+function extractSandboxPermissionsValue(toml) {
+  const match = toml.match(/^\s*sandbox_permissions\s*=\s*(.+)$/m);
+  if (!match) return "";
+  const raw = String(match[1] || "").split("#")[0].trim();
+  if (!raw) return "";
+  if (raw.startsWith("[")) {
+    const values = parseTomlArrayLiteral(raw);
+    return values.join(",");
+  }
+  const quoted = raw.match(/^"(.*)"$/) || raw.match(/^'(.*)'$/);
+  if (quoted) return quoted[1];
+  return raw;
+}
+
+function insertTopLevelSandboxPermissions(toml, permValue) {
+  const block = buildSandboxPermissions(permValue).trim();
+  const tableIdx = toml.search(/^\s*\[/m);
+  if (tableIdx === -1) {
+    return `${toml.trimEnd()}\n\n${block}\n`;
+  }
+  const head = toml.slice(0, tableIdx).trimEnd();
+  const tail = toml.slice(tableIdx).trimStart();
+  return `${head}\n\n${block}\n\n${tail}`;
+}
+
+function ensureTopLevelSandboxPermissions(toml, envValue) {
+  const existingValue = extractSandboxPermissionsValue(toml);
+  const permValue = envValue || existingValue || "disk-full-write-access";
+  const stripped = stripSandboxPermissions(toml);
+  const updated = insertTopLevelSandboxPermissions(stripped, permValue);
+  return {
+    toml: updated,
+    changed: updated !== toml,
+  };
+}
+
 /**
  * Build a [features] block with the recommended flags.
  * Reads environment overrides: set CODEX_FEATURES_<NAME>=false to disable.
@@ -407,16 +452,18 @@ export function ensureFeatureFlags(toml, envOverrides = process.env) {
 
 /**
  * Build the sandbox_permissions top-level key.
- * Default: ["disk-full-write-access"] for agentic workloads.
+ * Default: "disk-full-write-access" for agentic workloads.
+ *
+ * Codex CLI expects sandbox_permissions as a plain string, NOT an array.
  *
  * @param {string} [envValue]  CODEX_SANDBOX_PERMISSIONS env var value
  * @returns {string}  TOML line(s)
  */
 export function buildSandboxPermissions(envValue) {
-  const perms = envValue
-    ? envValue.split(",").map((s) => `"${s.trim()}"`)
-    : ['"disk-full-write-access"'];
-  return `\n# Sandbox permissions (added by bosun)\nsandbox_permissions = [${perms.join(", ")}]\n`;
+  const perm = envValue
+    ? envValue.split(",").map((s) => s.trim()).filter(Boolean).join(",")
+    : "disk-full-write-access";
+  return `\n# Sandbox permissions (added by bosun)\nsandbox_permissions = "${perm}"\n`;
 }
 
 function parseTomlArrayLiteral(raw) {
@@ -1289,10 +1336,13 @@ export function ensureCodexConfig({
 
   // ── 1e. Ensure sandbox permissions ────────────────────────
 
-  if (!hasSandboxPermissions(toml)) {
+  {
     const envPerms = env.CODEX_SANDBOX_PERMISSIONS || "";
-    toml = toml.trimEnd() + "\n" + buildSandboxPermissions(envPerms || undefined);
-    result.sandboxAdded = true;
+    const ensured = ensureTopLevelSandboxPermissions(toml, envPerms);
+    if (ensured.changed) {
+      toml = ensured.toml;
+      result.sandboxAdded = true;
+    }
   }
 
   // ── 1f. Ensure sandbox workspace-write defaults ───────────

package/codex-model-profiles.mjs

@@ -1,3 +1,7 @@
+import { existsSync, readFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { resolve } from "node:path";
+
 const DEFAULT_ACTIVE_PROFILE = "xl";
 const DEFAULT_SUBAGENT_PROFILE = "m";
 
@@ -63,6 +67,19 @@ function profileRecord(env, profileName, globalProvider) {
   };
 }
 
+function readCodexConfigTopLevelModel() {
+  try {
+    const configPath = resolve(homedir(), ".codex", "config.toml");
+    if (!existsSync(configPath)) return "";
+    const content = readFileSync(configPath, "utf8");
+    const head = content.split(/\n\[/)[0] || "";
+    const match = head.match(/^\s*model\s*=\s*"([^"]+)"/m);
+    return match ? match[1].trim() : "";
+  } catch {
+    return "";
+  }
+}
+
 /**
  * Resolve codex model/provider profile configuration from env vars.
  * Applies active profile values onto runtime env keys (`CODEX_MODEL`,
@@ -86,6 +103,8 @@ export function resolveCodexProfileRuntime(envInput = process.env) {
 
   const env = { ...sourceEnv };
 
+  const configModel = readCodexConfigTopLevelModel();
+
   if (active.model) {
     env.CODEX_MODEL = active.model;
   }
@@ -96,6 +115,21 @@ export function resolveCodexProfileRuntime(envInput = process.env) {
   const profileApiKey = active.apiKey;
   const resolvedProvider = active.provider || globalProvider;
 
+  // Azure deployments often differ from default model names.
+  // If the env is using Azure and the model is still the default,
+  // prefer the top-level ~/.codex/config.toml model when present.
+  const activeModelExplicit =
+    Boolean(readProfileField(sourceEnv, activeProfile, "MODEL")) ||
+    Boolean(clean(sourceEnv.CODEX_MODEL));
+  if (
+    resolvedProvider === "azure" &&
+    configModel &&
+    (!activeModelExplicit || clean(env.CODEX_MODEL) === "gpt-5.3-codex")
+  ) {
+    env.CODEX_MODEL = configModel;
+    active.model = configModel;
+  }
+
   if (profileApiKey) {
     if (resolvedProvider === "azure") {
       env.AZURE_OPENAI_API_KEY = profileApiKey;

package/config.mjs

@@ -265,17 +265,33 @@ function isEnvEnabled(value, defaultValue = false) {
 
 // ── Git helpers ──────────────────────────────────────────────────────────────
 
-function detectRepoSlug() {
-  try {
-    const remote = execSync("git remote get-url origin", {
-      encoding: "utf8",
-      stdio: ["pipe", "pipe", "ignore"],
-    }).trim();
-    const match = remote.match(/github\.com[/:]([^/]+\/[^/.]+)/);
-    return match ? match[1] : null;
-  } catch {
-    return null;
+function detectRepoSlug(repoRoot = "") {
+  const tryResolve = (cwd) => {
+    try {
+      const remote = execSync("git remote get-url origin", {
+        cwd,
+        encoding: "utf8",
+        stdio: ["pipe", "pipe", "ignore"],
+      }).trim();
+      const match = remote.match(/github\.com[/:]([^/]+\/[^/.]+)/);
+      return match ? match[1] : null;
+    } catch {
+      return null;
+    }
+  };
+
+  // First try current working directory
+  const direct = tryResolve(process.cwd());
+  if (direct) return direct;
+
+  // Fall back to detected repo root if provided (or detectable)
+  const root = repoRoot || detectRepoRoot();
+  if (root) {
+    const viaRoot = tryResolve(root);
+    if (viaRoot) return viaRoot;
   }
+
+  return null;
 }
 
 function detectRepoRoot() {

package/desktop/launch.mjs

@@ -15,6 +15,8 @@ const chromeSandbox = resolve(
   "chrome-sandbox",
 );
 
+process.title = "bosun-desktop-launcher";
+
 function shouldDisableSandbox() {
   if (process.env.BOSUN_DESKTOP_DISABLE_SANDBOX === "1") return true;
   if (process.platform !== "linux") return false;

package/desktop/main.mjs

@@ -9,6 +9,8 @@ import { homedir } from "node:os";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 
+process.title = "bosun-desktop";
+
 let mainWindow = null;
 let shuttingDown = false;
 let uiServerStarted = false;

package/github-reconciler.mjs

@@ -216,6 +216,9 @@ export class GitHubReconciler {
     if (backend !== "github") {
       return { status: "skipped", reason: `backend=${backend || "unknown"}` };
     }
+    if (!this.repoSlug || this.repoSlug === "unknown/unknown") {
+      return { status: "skipped", reason: "missing-repo" };
+    }
 
     const summary = {
       status: "ok",
@@ -350,6 +353,10 @@ export class GitHubReconciler {
   start() {
     if (this.running) return this;
     this.running = true;
+    if (!this.repoSlug || this.repoSlug === "unknown/unknown") {
+      console.warn(`${TAG} disabled (missing repo slug)`);
+      return this;
+    }
     console.log(
       `${TAG} started (repo=${this.repoSlug}, interval=${this.intervalMs}ms, lookback=${this.mergedLookbackHours}h)`,
     );

package/hook-profiles.mjs

@@ -552,6 +552,10 @@ function buildDisableEnv(hookConfig) {
   };
 }
 
+function normalizePathForOutput(value) {
+  return String(value || "").replace(/\\/g, "/");
+}
+
 export function scaffoldAgentHookFiles(repoRoot, options = {}) {
   const root = resolve(repoRoot || process.cwd());
   const targets = normalizeHookTargets(options.targets);
@@ -585,13 +589,13 @@ export function scaffoldAgentHookFiles(repoRoot, options = {}) {
     const codexPath = resolve(root, ".codex", "hooks.json");
     const existedBefore = existsSync(codexPath);
     if (existedBefore && !overwriteExisting) {
-      result.skipped.push(relative(root, codexPath));
+      result.skipped.push(normalizePathForOutput(relative(root, codexPath)));
     } else {
       writeJson(codexPath, codexHookConfig);
       if (existedBefore) {
-        result.updated.push(relative(root, codexPath));
+        result.updated.push(normalizePathForOutput(relative(root, codexPath)));
       } else {
-        result.written.push(relative(root, codexPath));
+        result.written.push(normalizePathForOutput(relative(root, codexPath)));
       }
     }
   }
@@ -610,18 +614,18 @@ export function scaffoldAgentHookFiles(repoRoot, options = {}) {
       hasLegacyBridgeInCopilotConfig(existingCopilot);
 
     if (existedBefore && !overwriteExisting && !forceLegacyMigration) {
-      result.skipped.push(relative(root, copilotPath));
+      result.skipped.push(normalizePathForOutput(relative(root, copilotPath)));
     } else {
       writeJson(copilotPath, config);
       if (existedBefore) {
-        result.updated.push(relative(root, copilotPath));
+        result.updated.push(normalizePathForOutput(relative(root, copilotPath)));
         if (forceLegacyMigration) {
           result.warnings.push(
-            `${relative(root, copilotPath)} contained legacy bridge path and was auto-updated`,
+            `${normalizePathForOutput(relative(root, copilotPath))} contained legacy bridge path and was auto-updated`,
           );
         }
       } else {
-        result.written.push(relative(root, copilotPath));
+        result.written.push(normalizePathForOutput(relative(root, copilotPath)));
       }
     }
   }
@@ -634,15 +638,15 @@ export function scaffoldAgentHookFiles(repoRoot, options = {}) {
 
     if (existing === null && existsSync(claudePath)) {
       result.warnings.push(
-        `${relative(root, claudePath)} exists but is not valid JSON; skipped`,
+        `${normalizePathForOutput(relative(root, claudePath))} exists but is not valid JSON; skipped`,
       );
     } else {
       const merged = mergeClaudeSettings(existing, generated);
       writeJson(claudePath, merged);
       if (existedBefore) {
-        result.updated.push(relative(root, claudePath));
+        result.updated.push(normalizePathForOutput(relative(root, claudePath)));
       } else {
-        result.written.push(relative(root, claudePath));
+        result.written.push(normalizePathForOutput(relative(root, claudePath)));
       }
     }
   }

package/monitor.mjs

@@ -216,6 +216,7 @@ import {
   setKanbanBackend,
   listTasks as listKanbanTasks,
   updateTaskStatus as updateKanbanTaskStatus,
+  updateTask as updateKanbanTask,
   listProjects as listKanbanProjects,
   createTask as createKanbanTask,
 } from "./kanban-adapter.mjs";
@@ -5863,7 +5864,7 @@ const dependabotMergeAttempted = new Set();
  */
 async function checkAndMergeDependabotPRs() {
   if (!dependabotAutoMerge) return;
-  if (!repoSlug) {
+  if (!repoSlug || repoSlug === "unknown/unknown") {
     console.warn("[dependabot] auto-merge disabled — no repo slug configured");
     return;
   }
@@ -9026,8 +9027,20 @@ async function triggerTaskPlannerViaKanban(
       `[monitor] task planner task already exists in backlog — skipping: "${existingPlanner.title}" (${existingPlanner.id})`,
     );
     // Best-effort: keep backlog task aligned with current requirements
-    // Note: For now, we skip updating existing tasks as not all backends support partial updates
-    // TODO: Implement backend-specific update logic if needed
+    // Update description if the backend supports it, so the agent gets fresh context
+    try {
+      await updateKanbanTask(existingPlanner.id, {
+        description: desiredDescription,
+      });
+      console.log(
+        `[monitor] updated description of existing planner task: "${existingPlanner.title}" (${existingPlanner.id})`,
+      );
+    } catch (updateErr) {
+      // Not all backends support partial description updates — log and continue
+      console.log(
+        `[monitor] could not update existing planner task description (${updateErr.message || updateErr}) — skipping`,
+      );
+    }
 
     const taskUrl = buildTaskUrl(existingPlanner, projectId);
     if (notify) {
@@ -12035,6 +12048,10 @@ function restartGitHubReconciler() {
       : "") ||
     repoSlug ||
     "unknown/unknown";
+  if (!repo || repo === "unknown/unknown") {
+    console.warn("[gh-reconciler] disabled — missing repo slug");
+    return;
+  }
 
   ghReconciler = startGitHubReconciler({
     repoSlug: repo,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bosun",
-  "version": "0.29.5",
+  "version": "0.29.7",
   "description": "AI-powered orchestrator supervisor — manages AI agent executors with failover, auto-restarts on failure, analyzes crashes with Codex SDK, creates PRs via Vibe-Kanban API, and sends Telegram notifications. Supports N executors with weighted distribution, multi-repo projects, and auto-setup.",
   "type": "module",
   "license": "Apache 2.0",
@@ -151,6 +151,7 @@
     "prepublish-check.mjs",
     "presence.mjs",
     "primary-agent.mjs",
+    "repo-config.mjs",
     "repo-root.mjs",
     "restart-controller.mjs",
     "review-agent.mjs",