jishushell 0.6.5 → 0.6.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/apps/anythingllm-container.yaml +15 -170
- package/apps/browserless-chromium-container.yaml +15 -10
- package/apps/filebrowser-container.yaml +14 -9
- package/apps/hermes-container.yaml +23 -2
- package/apps/jishu-kb-container.yaml +29 -161
- package/apps/ollama-binary.yaml +32 -28
- package/apps/ollama-cpu-container.yaml +5 -0
- package/apps/ollama-with-hollama-binary.yaml +33 -28
- package/apps/openclaw-binary.yaml +34 -10
- package/apps/openclaw-container.yaml +31 -7
- package/apps/openclaw-with-ollama-container.yaml +8 -2
- package/apps/openclaw-with-searxng-container.yaml +18 -6
- package/apps/searxng-container.yaml +11 -6
- package/apps/weknora-container.yaml +21 -21
- package/dependencies/jishushell-panel-0.6.18.tgz +0 -0
- package/dist/cli/app.js +244 -213
- package/dist/cli/app.js.map +1 -1
- package/dist/cli/backup.js +15 -12
- package/dist/cli/backup.js.map +1 -1
- package/dist/cli/core.d.ts +4 -3
- package/dist/cli/core.js +392 -227
- package/dist/cli/core.js.map +1 -1
- package/dist/cli/doctor.d.ts +1 -1
- package/dist/cli/doctor.js +17 -10
- package/dist/cli/doctor.js.map +1 -1
- package/dist/cli/job.js +62 -14
- package/dist/cli/job.js.map +1 -1
- package/dist/cli/llm.js +80 -11
- package/dist/cli/llm.js.map +1 -1
- package/dist/cli/managed-list.d.ts +1 -3
- package/dist/cli/managed-list.js +18 -16
- package/dist/cli/managed-list.js.map +1 -1
- package/dist/cli/migrate.d.ts +2 -0
- package/dist/cli/migrate.js +160 -0
- package/dist/cli/migrate.js.map +1 -0
- package/dist/cli.js +1 -0
- package/dist/cli.js.map +1 -1
- package/dist/config.d.ts +23 -19
- package/dist/config.js +60 -49
- package/dist/config.js.map +1 -1
- package/dist/control.d.ts +6 -6
- package/dist/control.js +31 -23
- package/dist/control.js.map +1 -1
- package/dist/core.d.ts +5 -5
- package/dist/core.js +5 -5
- package/dist/core.js.map +1 -1
- package/dist/install.d.ts +2 -2
- package/dist/install.js +18 -18
- package/dist/install.js.map +1 -1
- package/dist/routes/apps.d.ts +1 -1
- package/dist/routes/apps.js +101 -193
- package/dist/routes/apps.js.map +1 -1
- package/dist/routes/auth.js +1 -1
- package/dist/routes/auth.js.map +1 -1
- package/dist/routes/backup.js +1 -1
- package/dist/routes/backup.js.map +1 -1
- package/dist/routes/external-mounts.d.ts +1 -1
- package/dist/routes/external-mounts.js +1 -1
- package/dist/routes/external-mounts.js.map +1 -1
- package/dist/routes/file-mounts.d.ts +4 -3
- package/dist/routes/file-mounts.js +51 -30
- package/dist/routes/file-mounts.js.map +1 -1
- package/dist/routes/files-organize.d.ts +2 -2
- package/dist/routes/files-organize.js +5 -5
- package/dist/routes/files-organize.js.map +1 -1
- package/dist/routes/files.d.ts +1 -1
- package/dist/routes/files.js +1 -1
- package/dist/routes/files.js.map +1 -1
- package/dist/routes/instances.d.ts +10 -4
- package/dist/routes/instances.js +323 -541
- package/dist/routes/instances.js.map +1 -1
- package/dist/routes/integration-apps.d.ts +14 -0
- package/dist/routes/integration-apps.js +81 -0
- package/dist/routes/integration-apps.js.map +1 -0
- package/dist/routes/integrations.d.ts +9 -0
- package/dist/routes/integrations.js +12 -0
- package/dist/routes/integrations.js.map +1 -0
- package/dist/routes/llm-proxy.js +26 -3
- package/dist/routes/llm-proxy.js.map +1 -1
- package/dist/routes/setup.js +53 -38
- package/dist/routes/setup.js.map +1 -1
- package/dist/routes/system.js +108 -68
- package/dist/routes/system.js.map +1 -1
- package/dist/routes/webdav.d.ts +1 -1
- package/dist/routes/webdav.js +2 -2
- package/dist/routes/webdav.js.map +1 -1
- package/dist/server.js +315 -213
- package/dist/server.js.map +1 -1
- package/dist/services/app-common/app-compiler.js +186 -0
- package/dist/services/app-common/app-compiler.js.map +1 -0
- package/dist/services/app-common/app-shared.d.ts +15 -0
- package/dist/services/app-common/app-shared.js +64 -0
- package/dist/services/app-common/app-shared.js.map +1 -0
- package/dist/services/app-common/capability-service.d.ts +45 -0
- package/dist/services/app-common/capability-service.js +331 -0
- package/dist/services/app-common/capability-service.js.map +1 -0
- package/dist/services/app-common/catalog-service.d.ts +59 -0
- package/dist/services/app-common/catalog-service.js +308 -0
- package/dist/services/app-common/catalog-service.js.map +1 -0
- package/dist/services/app-common/create-pipeline.d.ts +26 -0
- package/dist/services/app-common/create-pipeline.js +298 -0
- package/dist/services/app-common/create-pipeline.js.map +1 -0
- package/dist/services/app-common/delete-service.d.ts +5 -0
- package/dist/services/app-common/delete-service.js +104 -0
- package/dist/services/app-common/delete-service.js.map +1 -0
- package/dist/services/app-common/execution-owner.d.ts +23 -0
- package/dist/services/app-common/execution-owner.js +124 -0
- package/dist/services/app-common/execution-owner.js.map +1 -0
- package/dist/services/app-common/execution-service.d.ts +23 -0
- package/dist/services/app-common/execution-service.js +105 -0
- package/dist/services/app-common/execution-service.js.map +1 -0
- package/dist/services/app-common/id-normalizer.d.ts +31 -0
- package/dist/services/app-common/id-normalizer.js +83 -0
- package/dist/services/app-common/id-normalizer.js.map +1 -0
- package/dist/services/app-common/install-store.d.ts +34 -0
- package/dist/services/app-common/install-store.js +261 -0
- package/dist/services/app-common/install-store.js.map +1 -0
- package/dist/services/app-common/instance-store.d.ts +78 -0
- package/dist/services/app-common/instance-store.js +495 -0
- package/dist/services/app-common/instance-store.js.map +1 -0
- package/dist/services/app-common/integration-refs.d.ts +17 -0
- package/dist/services/app-common/integration-refs.js +47 -0
- package/dist/services/app-common/integration-refs.js.map +1 -0
- package/dist/services/app-common/lifecycle-pipeline.d.ts +62 -0
- package/dist/services/app-common/lifecycle-pipeline.js +317 -0
- package/dist/services/app-common/lifecycle-pipeline.js.map +1 -0
- package/dist/services/app-common/lifecycle-scripts.d.ts +38 -0
- package/dist/services/app-common/lifecycle-scripts.js +935 -0
- package/dist/services/app-common/lifecycle-scripts.js.map +1 -0
- package/dist/services/app-common/lifecycle-service.d.ts +68 -0
- package/dist/services/app-common/lifecycle-service.js +467 -0
- package/dist/services/app-common/lifecycle-service.js.map +1 -0
- package/dist/services/app-common/paths.d.ts +29 -0
- package/dist/services/app-common/paths.js +34 -0
- package/dist/services/app-common/paths.js.map +1 -0
- package/dist/services/app-common/platform-transform.d.ts +32 -0
- package/dist/services/app-common/platform-transform.js +65 -0
- package/dist/services/app-common/platform-transform.js.map +1 -0
- package/dist/services/app-common/provide-resolver.d.ts +29 -0
- package/dist/services/app-common/provide-resolver.js +129 -0
- package/dist/services/app-common/provide-resolver.js.map +1 -0
- package/dist/services/app-common/remote-spec.d.ts +14 -0
- package/dist/services/app-common/remote-spec.js +58 -0
- package/dist/services/app-common/remote-spec.js.map +1 -0
- package/dist/services/app-common/runtime-builder.d.ts +1 -0
- package/dist/services/app-common/runtime-builder.js +2 -0
- package/dist/services/app-common/runtime-builder.js.map +1 -0
- package/dist/services/app-common/runtime-facts.d.ts +19 -0
- package/dist/services/app-common/runtime-facts.js +126 -0
- package/dist/services/app-common/runtime-facts.js.map +1 -0
- package/dist/services/app-common/service.d.ts +9 -0
- package/dist/services/app-common/service.js +10 -0
- package/dist/services/app-common/service.js.map +1 -0
- package/dist/services/app-common/spec-materializer.d.ts +9 -0
- package/dist/services/app-common/spec-materializer.js +361 -0
- package/dist/services/app-common/spec-materializer.js.map +1 -0
- package/dist/services/app-common/status-refresh.d.ts +33 -0
- package/dist/services/app-common/status-refresh.js +759 -0
- package/dist/services/app-common/status-refresh.js.map +1 -0
- package/dist/services/app-common/task-service.d.ts +29 -0
- package/dist/services/app-common/task-service.js +93 -0
- package/dist/services/app-common/task-service.js.map +1 -0
- package/dist/services/app-common/terminal-session-manager.js +157 -0
- package/dist/services/app-common/terminal-session-manager.js.map +1 -0
- package/dist/services/app-modules/browserless/routes.d.ts +9 -0
- package/dist/services/app-modules/browserless/routes.js +517 -0
- package/dist/services/app-modules/browserless/routes.js.map +1 -0
- package/dist/services/app-modules/routes.d.ts +2 -0
- package/dist/services/app-modules/routes.js +5 -0
- package/dist/services/app-modules/routes.js.map +1 -0
- package/dist/services/backup/backup-admin.d.ts +95 -0
- package/dist/services/backup/backup-admin.js +246 -0
- package/dist/services/backup/backup-admin.js.map +1 -0
- package/dist/services/backup/backup-manager.d.ts +264 -0
- package/dist/services/backup/backup-manager.js +2318 -0
- package/dist/services/backup/backup-manager.js.map +1 -0
- package/dist/services/backup/backup-verify.js +240 -0
- package/dist/services/backup/backup-verify.js.map +1 -0
- package/dist/services/capabilities/browser-policy.d.ts +14 -0
- package/dist/services/capabilities/browser-policy.js +141 -0
- package/dist/services/capabilities/browser-policy.js.map +1 -0
- package/dist/services/capabilities/contract.d.ts +50 -0
- package/dist/services/capabilities/contract.js +129 -0
- package/dist/services/capabilities/contract.js.map +1 -0
- package/dist/services/capabilities/endpoint-validator.d.ts +42 -0
- package/dist/services/capabilities/endpoint-validator.js +114 -0
- package/dist/services/capabilities/endpoint-validator.js.map +1 -0
- package/dist/services/capabilities/health.d.ts +16 -0
- package/dist/services/capabilities/health.js +121 -0
- package/dist/services/capabilities/health.js.map +1 -0
- package/dist/services/capabilities/registry.d.ts +56 -0
- package/dist/services/capabilities/registry.js +222 -0
- package/dist/services/capabilities/registry.js.map +1 -0
- package/dist/services/capabilities/sync.d.ts +7 -0
- package/dist/services/capabilities/sync.js +223 -0
- package/dist/services/capabilities/sync.js.map +1 -0
- package/dist/services/capability-proxy/html-rewriters/browserless.d.ts +1 -0
- package/dist/services/capability-proxy/html-rewriters/browserless.js +83 -0
- package/dist/services/capability-proxy/html-rewriters/browserless.js.map +1 -0
- package/dist/services/capability-proxy/html-rewriters/index.d.ts +12 -0
- package/dist/services/capability-proxy/html-rewriters/index.js +25 -0
- package/dist/services/capability-proxy/html-rewriters/index.js.map +1 -0
- package/dist/services/capability-proxy/html-rewriters/jishukb.d.ts +1 -0
- package/dist/services/capability-proxy/html-rewriters/jishukb.js +161 -0
- package/dist/services/capability-proxy/html-rewriters/jishukb.js.map +1 -0
- package/dist/services/connections/admin.d.ts +80 -0
- package/dist/services/connections/admin.js +327 -0
- package/dist/services/connections/admin.js.map +1 -0
- package/dist/services/connections/apply.d.ts +110 -0
- package/dist/services/connections/apply.js +444 -0
- package/dist/services/connections/apply.js.map +1 -0
- package/dist/services/connections/resolver.d.ts +82 -0
- package/dist/services/connections/resolver.js +289 -0
- package/dist/services/connections/resolver.js.map +1 -0
- package/dist/services/connections/suggestions.d.ts +27 -0
- package/dist/services/connections/suggestions.js +124 -0
- package/dist/services/connections/suggestions.js.map +1 -0
- package/dist/services/connections/transactor.d.ts +39 -0
- package/dist/services/connections/transactor.js +307 -0
- package/dist/services/connections/transactor.js.map +1 -0
- package/dist/services/files/external-mounts.js +187 -0
- package/dist/services/files/external-mounts.js.map +1 -0
- package/dist/services/files/files-manager.d.ts +265 -0
- package/dist/services/files/files-manager.js +1189 -0
- package/dist/services/files/files-manager.js.map +1 -0
- package/dist/services/files/files-mounts.d.ts +42 -0
- package/dist/services/files/files-mounts.js +207 -0
- package/dist/services/files/files-mounts.js.map +1 -0
- package/dist/services/files/organize/applier.js +218 -0
- package/dist/services/files/organize/applier.js.map +1 -0
- package/dist/services/files/organize/rules.js +286 -0
- package/dist/services/files/organize/rules.js.map +1 -0
- package/dist/services/files/organize/scanner.js +366 -0
- package/dist/services/files/organize/scanner.js.map +1 -0
- package/dist/services/files/organize/store.js +82 -0
- package/dist/services/files/organize/store.js.map +1 -0
- package/dist/services/files/webdav/server.d.ts +47 -0
- package/dist/services/files/webdav/server.js +329 -0
- package/dist/services/files/webdav/server.js.map +1 -0
- package/dist/services/files/webdav/xml-builder.js.map +1 -0
- package/dist/services/instances/admin.d.ts +23 -0
- package/dist/services/instances/admin.js +218 -0
- package/dist/services/instances/admin.js.map +1 -0
- package/dist/services/instances/clone.d.ts +26 -0
- package/dist/services/instances/clone.js +78 -0
- package/dist/services/instances/clone.js.map +1 -0
- package/dist/services/instances/config-admin.d.ts +17 -0
- package/dist/services/instances/config-admin.js +181 -0
- package/dist/services/instances/config-admin.js.map +1 -0
- package/dist/services/instances/manager.d.ts +231 -0
- package/dist/services/instances/manager.js +1348 -0
- package/dist/services/instances/manager.js.map +1 -0
- package/dist/services/instances/passwords.js +173 -0
- package/dist/services/instances/passwords.js.map +1 -0
- package/dist/services/instances/types.d.ts +21 -0
- package/dist/services/instances/types.js +2 -0
- package/dist/services/instances/types.js.map +1 -0
- package/dist/services/integrations/anythingllm/integration.d.ts +25 -0
- package/dist/services/integrations/anythingllm/integration.js +251 -0
- package/dist/services/integrations/anythingllm/integration.js.map +1 -0
- package/dist/services/integrations/catalog.d.ts +3 -0
- package/dist/services/integrations/catalog.js +73 -0
- package/dist/services/integrations/catalog.js.map +1 -0
- package/dist/services/integrations/custom/integration.d.ts +28 -0
- package/dist/services/integrations/custom/integration.js +179 -0
- package/dist/services/integrations/custom/integration.js.map +1 -0
- package/dist/services/integrations/hermes/integration.d.ts +194 -0
- package/dist/services/integrations/hermes/integration.js +1669 -0
- package/dist/services/integrations/hermes/integration.js.map +1 -0
- package/dist/services/integrations/index.d.ts +40 -0
- package/dist/services/integrations/index.js +59 -0
- package/dist/services/integrations/index.js.map +1 -0
- package/dist/services/integrations/installable/catalog.d.ts +33 -0
- package/dist/services/integrations/installable/catalog.js +88 -0
- package/dist/services/integrations/installable/catalog.js.map +1 -0
- package/dist/services/integrations/installable/index.d.ts +35 -0
- package/dist/services/integrations/installable/index.js +170 -0
- package/dist/services/integrations/installable/index.js.map +1 -0
- package/dist/services/integrations/installable/installers/integration-probes.d.ts +50 -0
- package/dist/services/integrations/installable/installers/integration-probes.js +231 -0
- package/dist/services/integrations/installable/installers/integration-probes.js.map +1 -0
- package/dist/services/integrations/installable/installers/integration.d.ts +30 -0
- package/dist/services/integrations/installable/installers/integration.js +177 -0
- package/dist/services/integrations/installable/installers/integration.js.map +1 -0
- package/dist/services/integrations/installable/installers/registry-probe.js.map +1 -0
- package/dist/services/integrations/installable/installers/shell-script.d.ts +46 -0
- package/dist/services/integrations/installable/installers/shell-script.js +487 -0
- package/dist/services/integrations/installable/installers/shell-script.js.map +1 -0
- package/dist/services/integrations/installable/types.d.ts +130 -0
- package/dist/services/integrations/installable/types.js +19 -0
- package/dist/services/integrations/installable/types.js.map +1 -0
- package/dist/services/integrations/jishukb/integration.d.ts +22 -0
- package/dist/services/integrations/jishukb/integration.js +189 -0
- package/dist/services/integrations/jishukb/integration.js.map +1 -0
- package/dist/services/integrations/openclaw/anythingllm-shim.d.ts +46 -0
- package/dist/services/integrations/openclaw/anythingllm-shim.js +281 -0
- package/dist/services/integrations/openclaw/anythingllm-shim.js.map +1 -0
- package/dist/services/integrations/openclaw/drive-shim.js +490 -0
- package/dist/services/integrations/openclaw/drive-shim.js.map +1 -0
- package/dist/services/integrations/openclaw/integration.d.ts +424 -0
- package/dist/services/integrations/openclaw/integration.js +4402 -0
- package/dist/services/integrations/openclaw/integration.js.map +1 -0
- package/dist/services/integrations/openclaw/jishukb-shim.d.ts +48 -0
- package/dist/services/integrations/openclaw/jishukb-shim.js +750 -0
- package/dist/services/integrations/openclaw/jishukb-shim.js.map +1 -0
- package/dist/services/integrations/openclaw/mcporter-lite.js +276 -0
- package/dist/services/integrations/openclaw/mcporter-lite.js.map +1 -0
- package/dist/services/integrations/openclaw/mcporter.d.ts +46 -0
- package/dist/services/integrations/openclaw/mcporter.js +112 -0
- package/dist/services/integrations/openclaw/mcporter.js.map +1 -0
- package/dist/services/integrations/openclaw/routes.d.ts +21 -0
- package/dist/services/integrations/openclaw/routes.js +1191 -0
- package/dist/services/integrations/openclaw/routes.js.map +1 -0
- package/dist/services/integrations/registry.d.ts +17 -0
- package/dist/services/integrations/registry.js +36 -0
- package/dist/services/integrations/registry.js.map +1 -0
- package/dist/services/integrations/routes.d.ts +2 -0
- package/dist/services/integrations/routes.js +9 -0
- package/dist/services/integrations/routes.js.map +1 -0
- package/dist/services/integrations/types.d.ts +469 -0
- package/dist/services/integrations/types.js +2 -0
- package/dist/services/integrations/types.js.map +1 -0
- package/dist/services/legacy-migrator/classifier.d.ts +44 -0
- package/dist/services/legacy-migrator/classifier.js +309 -0
- package/dist/services/legacy-migrator/classifier.js.map +1 -0
- package/dist/services/legacy-migrator/executor.d.ts +42 -0
- package/dist/services/legacy-migrator/executor.js +637 -0
- package/dist/services/legacy-migrator/executor.js.map +1 -0
- package/dist/services/legacy-migrator/index.d.ts +31 -0
- package/dist/services/legacy-migrator/index.js +34 -0
- package/dist/services/legacy-migrator/index.js.map +1 -0
- package/dist/services/legacy-migrator/planner.d.ts +8 -0
- package/dist/services/legacy-migrator/planner.js +154 -0
- package/dist/services/legacy-migrator/planner.js.map +1 -0
- package/dist/services/legacy-migrator/provider-settings.d.ts +6 -0
- package/dist/services/legacy-migrator/provider-settings.js +72 -0
- package/dist/services/legacy-migrator/provider-settings.js.map +1 -0
- package/dist/services/legacy-migrator/report.d.ts +9 -0
- package/dist/services/legacy-migrator/report.js +99 -0
- package/dist/services/legacy-migrator/report.js.map +1 -0
- package/dist/services/legacy-migrator/scanner.d.ts +13 -0
- package/dist/services/legacy-migrator/scanner.js +157 -0
- package/dist/services/legacy-migrator/scanner.js.map +1 -0
- package/dist/services/legacy-migrator/types.d.ts +97 -0
- package/dist/services/legacy-migrator/types.js +23 -0
- package/dist/services/legacy-migrator/types.js.map +1 -0
- package/dist/services/llm-proxy/instance-proxy.d.ts +17 -1
- package/dist/services/llm-proxy/instance-proxy.js +171 -44
- package/dist/services/llm-proxy/instance-proxy.js.map +1 -1
- package/dist/services/llm-proxy/probe.js +5 -14
- package/dist/services/llm-proxy/probe.js.map +1 -1
- package/dist/services/llm-proxy/providers.js +23 -31
- package/dist/services/llm-proxy/providers.js.map +1 -1
- package/dist/services/llm-proxy/ssrf.d.ts +11 -4
- package/dist/services/llm-proxy/ssrf.js +45 -7
- package/dist/services/llm-proxy/ssrf.js.map +1 -1
- package/dist/services/llm-proxy/validate-key.js +16 -37
- package/dist/services/llm-proxy/validate-key.js.map +1 -1
- package/dist/services/repair/runtime-repair.d.ts +22 -0
- package/dist/services/repair/runtime-repair.js +307 -0
- package/dist/services/repair/runtime-repair.js.map +1 -0
- package/dist/services/runtime/driver-registry.d.ts +21 -0
- package/dist/services/runtime/driver-registry.js +22 -0
- package/dist/services/runtime/driver-registry.js.map +1 -0
- package/dist/services/runtime/drivers/nomad.d.ts +260 -0
- package/dist/services/runtime/drivers/nomad.js +3092 -0
- package/dist/services/runtime/drivers/nomad.js.map +1 -0
- package/dist/services/runtime/errors.d.ts +3 -3
- package/dist/services/runtime/errors.js +3 -3
- package/dist/services/runtime/instance.d.ts +14 -16
- package/dist/services/runtime/instance.js +93 -123
- package/dist/services/runtime/instance.js.map +1 -1
- package/dist/services/runtime/job-id.d.ts +1 -1
- package/dist/services/runtime/job-id.js +1 -1
- package/dist/services/runtime/mcp-shims/firewall.d.ts +2 -2
- package/dist/services/runtime/mcp-shims/firewall.js +2 -2
- package/dist/services/runtime/mcp-shims/searxng-shim.d.ts +3 -5
- package/dist/services/runtime/mcp-shims/searxng-shim.js +3 -5
- package/dist/services/runtime/mcp-shims/searxng-shim.js.map +1 -1
- package/dist/services/runtime/mcp-shims/write-mcp-entry.d.ts +20 -20
- package/dist/services/runtime/mcp-shims/write-mcp-entry.js +16 -16
- package/dist/services/runtime/mcp-shims/write-mcp-entry.js.map +1 -1
- package/dist/services/runtime/ownership-marker.d.ts +83 -0
- package/dist/services/runtime/ownership-marker.js +109 -0
- package/dist/services/runtime/ownership-marker.js.map +1 -0
- package/dist/services/runtime/types.d.ts +22 -501
- package/dist/services/runtime/types.js +0 -12
- package/dist/services/runtime/types.js.map +1 -1
- package/dist/services/runtime/workload-compiler.d.ts +17 -0
- package/dist/services/runtime/workload-compiler.js +525 -0
- package/dist/services/runtime/workload-compiler.js.map +1 -0
- package/dist/services/runtime/workload-types.d.ts +11 -0
- package/dist/services/runtime/workload-types.js +2 -0
- package/dist/services/runtime/workload-types.js.map +1 -0
- package/dist/services/setup/core-manager.d.ts +50 -0
- package/dist/services/setup/core-manager.js +456 -0
- package/dist/services/setup/core-manager.js.map +1 -0
- package/dist/services/setup/plugin-installer.js +136 -0
- package/dist/services/setup/plugin-installer.js.map +1 -0
- package/dist/services/setup/setup-manager.d.ts +158 -0
- package/dist/services/setup/setup-manager.js +2768 -0
- package/dist/services/setup/setup-manager.js.map +1 -0
- package/dist/services/system/cli-command.d.ts +5 -0
- package/dist/services/system/cli-command.js +18 -0
- package/dist/services/system/cli-command.js.map +1 -0
- package/dist/services/system/macos-launchd.js +312 -0
- package/dist/services/system/macos-launchd.js.map +1 -0
- package/dist/services/system/repair-orchestrator.d.ts +71 -0
- package/dist/services/system/repair-orchestrator.js +412 -0
- package/dist/services/system/repair-orchestrator.js.map +1 -0
- package/dist/services/system/system-monitor.js +96 -0
- package/dist/services/system/system-monitor.js.map +1 -0
- package/dist/services/system/system-ollama-provider.d.ts +14 -0
- package/dist/services/system/system-ollama-provider.js +129 -0
- package/dist/services/system/system-ollama-provider.js.map +1 -0
- package/dist/services/system/system-reconciler.d.ts +59 -0
- package/dist/services/system/system-reconciler.js +710 -0
- package/dist/services/system/system-reconciler.js.map +1 -0
- package/dist/services/system/update-manager.d.ts +43 -0
- package/dist/services/system/update-manager.js +315 -0
- package/dist/services/system/update-manager.js.map +1 -0
- package/dist/services/system/upgrade-finalize.d.ts +80 -0
- package/dist/services/system/upgrade-finalize.js +507 -0
- package/dist/services/system/upgrade-finalize.js.map +1 -0
- package/dist/services/tasks/registry.d.ts +44 -0
- package/dist/services/tasks/registry.js +90 -0
- package/dist/services/tasks/registry.js.map +1 -0
- package/dist/services/telemetry/activation.d.ts +6 -2
- package/dist/services/telemetry/activation.js +6 -2
- package/dist/services/telemetry/activation.js.map +1 -1
- package/dist/services/telemetry/heartbeat.d.ts +6 -2
- package/dist/services/telemetry/heartbeat.js +6 -2
- package/dist/services/telemetry/heartbeat.js.map +1 -1
- package/dist/services/workspaces/builder.d.ts +29 -0
- package/dist/services/workspaces/builder.js +186 -0
- package/dist/services/workspaces/builder.js.map +1 -0
- package/dist/types.d.ts +331 -45
- package/dist/utils/instance-lock.d.ts +2 -2
- package/dist/utils/instance-lock.js +2 -2
- package/install/jishu-install.sh +107 -26
- package/install/jishu-uninstall.sh +8 -0
- package/install/post-install.sh +162 -185
- package/install/post-uninstall.sh +6 -0
- package/node_modules/@fastify/static/.github/workflows/ci.yml +1 -1
- package/node_modules/@fastify/static/.github/workflows/lock-threads.yml +19 -0
- package/node_modules/@fastify/static/LICENSE +1 -3
- package/node_modules/@fastify/static/example/server-benchmark.js +39 -0
- package/node_modules/@fastify/static/index.js +169 -23
- package/node_modules/@fastify/static/lib/dirList.js +20 -6
- package/node_modules/@fastify/static/package.json +10 -8
- package/node_modules/@fastify/static/test/dir-list.test.js +82 -0
- package/node_modules/@fastify/static/test/static.test.js +326 -4
- package/node_modules/@fastify/static/types/index.d.ts +0 -4
- package/node_modules/@fastify/static/types/index.test-d.ts +1 -1
- package/node_modules/content-disposition/README.md +21 -22
- package/node_modules/content-disposition/index.js +122 -44
- package/node_modules/content-disposition/package.json +16 -20
- package/node_modules/glob/README.md +39 -130
- package/node_modules/glob/dist/commonjs/glob.d.ts +8 -0
- package/node_modules/glob/dist/commonjs/glob.d.ts.map +1 -1
- package/node_modules/glob/dist/commonjs/glob.js +2 -1
- package/node_modules/glob/dist/commonjs/glob.js.map +1 -1
- package/node_modules/glob/dist/commonjs/index.min.js +4 -0
- package/node_modules/glob/dist/commonjs/index.min.js.map +7 -0
- package/node_modules/glob/dist/commonjs/pattern.d.ts +3 -0
- package/node_modules/glob/dist/commonjs/pattern.d.ts.map +1 -1
- package/node_modules/glob/dist/commonjs/pattern.js +4 -0
- package/node_modules/glob/dist/commonjs/pattern.js.map +1 -1
- package/node_modules/glob/dist/esm/glob.d.ts +8 -0
- package/node_modules/glob/dist/esm/glob.d.ts.map +1 -1
- package/node_modules/glob/dist/esm/glob.js +2 -1
- package/node_modules/glob/dist/esm/glob.js.map +1 -1
- package/node_modules/glob/dist/esm/index.min.js +4 -0
- package/node_modules/glob/dist/esm/index.min.js.map +7 -0
- package/node_modules/glob/dist/esm/pattern.d.ts +3 -0
- package/node_modules/glob/dist/esm/pattern.d.ts.map +1 -1
- package/node_modules/glob/dist/esm/pattern.js +4 -0
- package/node_modules/glob/dist/esm/pattern.js.map +1 -1
- package/node_modules/glob/package.json +38 -37
- package/node_modules/jishushell-panel/README.md +4 -4
- package/node_modules/jishushell-panel/output/dist/server.js +17 -6
- package/node_modules/jishushell-panel/output/dist/server.js.map +1 -1
- package/node_modules/jishushell-panel/output/public/assets/ApiKeyField-NKcbHjNz.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/Dashboard-Da1fL38t.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/HermesChatPanel-DZvmYsoh.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/HermesConfigForm-BLUWlKwm.js +4 -0
- package/node_modules/jishushell-panel/output/public/assets/InitPassword-BAKsshzk.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/InstanceDetail-Dgyc_TX5.js +14 -0
- package/node_modules/jishushell-panel/output/public/assets/Login-DHeOmwI8.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/NewInstance-CIy0cYtp.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/ProviderRecommendations-H0ByEYF0.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/Settings-DAT-UMfP.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/Setup-g3uckFYR.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/WeixinLoginPanel-D-T6BxkQ.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/api-C70Gt678.js +4 -0
- package/node_modules/jishushell-panel/output/public/assets/index-DnnqTf7s.css +1 -0
- package/node_modules/jishushell-panel/output/public/assets/index-ERt6_ngA.js +23 -0
- package/node_modules/jishushell-panel/output/public/assets/registry-DF93EzIb.js +2 -0
- package/node_modules/jishushell-panel/output/public/assets/rolldown-runtime-QTnfLwEv.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/setup-task-q21GnI0E.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/usePolling-DeoThIQn.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/vendor-i18n-CS8DFbkQ.js +1 -0
- package/node_modules/jishushell-panel/output/public/assets/vendor-react-Cc84NArf.js +8 -0
- package/node_modules/jishushell-panel/output/public/index.html +6 -4
- package/node_modules/jishushell-panel/package.json +2 -2
- package/node_modules/semver/classes/range.js +11 -2
- package/node_modules/semver/package.json +2 -2
- package/package.json +12 -64
- package/scripts/check-app-path-boundaries.mjs +121 -0
- package/scripts/check-app-spec.mjs +127 -25
- package/scripts/check-colima-launchd.mjs +10 -8
- package/scripts/check-integration-isolation.ts +541 -0
- package/scripts/check-new-file-tests.mjs +11 -3
- package/scripts/check-open-core-boundaries.mjs +60 -10
- package/scripts/check-test-layering.sh +1 -1
- package/scripts/fixtures/instances/hermes-sample/instance.json +3 -2
- package/scripts/fixtures/instances/legacy-openclaw-sample/instance.json +1 -1
- package/scripts/local-web-upgrade-test.README +4 -3
- package/scripts/local-web-upgrade-test.example.env +2 -2
- package/scripts/local-web-upgrade-test.sh +14 -1
- package/scripts/pack-gui-and-send-pi.sh +41 -0
- package/scripts/perf/instances.js +1 -1
- package/scripts/prune-open-core-dist.mjs +89 -2
- package/scripts/smoke/hermes-bootstrap.sh +5 -5
- package/templates/hermes-entrypoint.sh +19 -29
- package/apps/openwebui-container.yaml +0 -97
- package/apps/playwright-container.yaml +0 -126
- package/dependencies/jishushell-panel-0.6.5.tgz +0 -0
- package/dist/crypto-shim.d.ts +0 -1
- package/dist/crypto-shim.js +0 -2
- package/dist/crypto-shim.js.map +0 -1
- package/dist/routes/agent-apps.d.ts +0 -14
- package/dist/routes/agent-apps.js +0 -77
- package/dist/routes/agent-apps.js.map +0 -1
- package/dist/routes/internal.d.ts +0 -2
- package/dist/routes/internal.js +0 -55
- package/dist/routes/internal.js.map +0 -1
- package/dist/routes/openclaw-routes.d.ts +0 -22
- package/dist/routes/openclaw-routes.js +0 -1020
- package/dist/routes/openclaw-routes.js.map +0 -1
- package/dist/routes/runtime.d.ts +0 -15
- package/dist/routes/runtime.js +0 -76
- package/dist/routes/runtime.js.map +0 -1
- package/dist/services/agent-apps/catalog.d.ts +0 -33
- package/dist/services/agent-apps/catalog.js +0 -88
- package/dist/services/agent-apps/catalog.js.map +0 -1
- package/dist/services/agent-apps/index.d.ts +0 -36
- package/dist/services/agent-apps/index.js +0 -171
- package/dist/services/agent-apps/index.js.map +0 -1
- package/dist/services/agent-apps/installers/adapter-probes.d.ts +0 -49
- package/dist/services/agent-apps/installers/adapter-probes.js +0 -230
- package/dist/services/agent-apps/installers/adapter-probes.js.map +0 -1
- package/dist/services/agent-apps/installers/adapter.d.ts +0 -30
- package/dist/services/agent-apps/installers/adapter.js +0 -171
- package/dist/services/agent-apps/installers/adapter.js.map +0 -1
- package/dist/services/agent-apps/installers/registry-probe.js.map +0 -1
- package/dist/services/agent-apps/installers/shell-script.d.ts +0 -47
- package/dist/services/agent-apps/installers/shell-script.js +0 -488
- package/dist/services/agent-apps/installers/shell-script.js.map +0 -1
- package/dist/services/agent-apps/types.d.ts +0 -128
- package/dist/services/agent-apps/types.js +0 -17
- package/dist/services/agent-apps/types.js.map +0 -1
- package/dist/services/app/app-compiler.js +0 -185
- package/dist/services/app/app-compiler.js.map +0 -1
- package/dist/services/app/app-manager.d.ts +0 -184
- package/dist/services/app/app-manager.js +0 -2933
- package/dist/services/app/app-manager.js.map +0 -1
- package/dist/services/app/custom-manager.d.ts +0 -27
- package/dist/services/app/custom-manager.js +0 -382
- package/dist/services/app/custom-manager.js.map +0 -1
- package/dist/services/app/hermes-agent-manager.d.ts +0 -20
- package/dist/services/app/hermes-agent-manager.js +0 -299
- package/dist/services/app/hermes-agent-manager.js.map +0 -1
- package/dist/services/app/id-normalizer.d.ts +0 -27
- package/dist/services/app/id-normalizer.js +0 -77
- package/dist/services/app/id-normalizer.js.map +0 -1
- package/dist/services/app/ollama-manager.d.ts +0 -18
- package/dist/services/app/ollama-manager.js +0 -224
- package/dist/services/app/ollama-manager.js.map +0 -1
- package/dist/services/app/openclaw-manager.d.ts +0 -63
- package/dist/services/app/openclaw-manager.js +0 -1215
- package/dist/services/app/openclaw-manager.js.map +0 -1
- package/dist/services/app/paths.d.ts +0 -27
- package/dist/services/app/paths.js +0 -40
- package/dist/services/app/paths.js.map +0 -1
- package/dist/services/app/platform-transform.d.ts +0 -32
- package/dist/services/app/platform-transform.js +0 -65
- package/dist/services/app/platform-transform.js.map +0 -1
- package/dist/services/app/provide-resolver.d.ts +0 -29
- package/dist/services/app/provide-resolver.js +0 -135
- package/dist/services/app/provide-resolver.js.map +0 -1
- package/dist/services/app/registry.d.ts +0 -17
- package/dist/services/app/registry.js +0 -31
- package/dist/services/app/registry.js.map +0 -1
- package/dist/services/app/remote-spec.d.ts +0 -14
- package/dist/services/app/remote-spec.js +0 -58
- package/dist/services/app/remote-spec.js.map +0 -1
- package/dist/services/app/terminal-session-manager.js +0 -157
- package/dist/services/app/terminal-session-manager.js.map +0 -1
- package/dist/services/app/types.d.ts +0 -74
- package/dist/services/app/types.js +0 -16
- package/dist/services/app/types.js.map +0 -1
- package/dist/services/app-config-admin.d.ts +0 -17
- package/dist/services/app-config-admin.js +0 -177
- package/dist/services/app-config-admin.js.map +0 -1
- package/dist/services/app-create-from-installed.d.ts +0 -23
- package/dist/services/app-create-from-installed.js +0 -75
- package/dist/services/app-create-from-installed.js.map +0 -1
- package/dist/services/app-passwords.js +0 -173
- package/dist/services/app-passwords.js.map +0 -1
- package/dist/services/backup-admin.d.ts +0 -101
- package/dist/services/backup-admin.js +0 -259
- package/dist/services/backup-admin.js.map +0 -1
- package/dist/services/backup-manager.d.ts +0 -264
- package/dist/services/backup-manager.js +0 -2263
- package/dist/services/backup-manager.js.map +0 -1
- package/dist/services/backup-verify.js +0 -240
- package/dist/services/backup-verify.js.map +0 -1
- package/dist/services/capability-endpoint-validator.d.ts +0 -41
- package/dist/services/capability-endpoint-validator.js +0 -114
- package/dist/services/capability-endpoint-validator.js.map +0 -1
- package/dist/services/capability-health.d.ts +0 -16
- package/dist/services/capability-health.js +0 -121
- package/dist/services/capability-health.js.map +0 -1
- package/dist/services/capability-registry.d.ts +0 -29
- package/dist/services/capability-registry.js +0 -176
- package/dist/services/capability-registry.js.map +0 -1
- package/dist/services/capability-sync.d.ts +0 -4
- package/dist/services/capability-sync.js +0 -220
- package/dist/services/capability-sync.js.map +0 -1
- package/dist/services/connection-admin.d.ts +0 -74
- package/dist/services/connection-admin.js +0 -287
- package/dist/services/connection-admin.js.map +0 -1
- package/dist/services/connection-apply.d.ts +0 -91
- package/dist/services/connection-apply.js +0 -471
- package/dist/services/connection-apply.js.map +0 -1
- package/dist/services/connection-resolver.d.ts +0 -65
- package/dist/services/connection-resolver.js +0 -281
- package/dist/services/connection-resolver.js.map +0 -1
- package/dist/services/connection-transactor.d.ts +0 -39
- package/dist/services/connection-transactor.js +0 -354
- package/dist/services/connection-transactor.js.map +0 -1
- package/dist/services/core-manager.d.ts +0 -50
- package/dist/services/core-manager.js +0 -411
- package/dist/services/core-manager.js.map +0 -1
- package/dist/services/external-mounts.js +0 -187
- package/dist/services/external-mounts.js.map +0 -1
- package/dist/services/files-manager.d.ts +0 -252
- package/dist/services/files-manager.js +0 -1156
- package/dist/services/files-manager.js.map +0 -1
- package/dist/services/files-mounts.d.ts +0 -42
- package/dist/services/files-mounts.js +0 -207
- package/dist/services/files-mounts.js.map +0 -1
- package/dist/services/instance-admin.d.ts +0 -26
- package/dist/services/instance-admin.js +0 -218
- package/dist/services/instance-admin.js.map +0 -1
- package/dist/services/instance-manager.d.ts +0 -192
- package/dist/services/instance-manager.js +0 -1289
- package/dist/services/instance-manager.js.map +0 -1
- package/dist/services/macos-launchd.js +0 -312
- package/dist/services/macos-launchd.js.map +0 -1
- package/dist/services/nomad-manager.d.ts +0 -307
- package/dist/services/nomad-manager.js +0 -3958
- package/dist/services/nomad-manager.js.map +0 -1
- package/dist/services/organize/applier.js +0 -218
- package/dist/services/organize/applier.js.map +0 -1
- package/dist/services/organize/rules.js +0 -286
- package/dist/services/organize/rules.js.map +0 -1
- package/dist/services/organize/scanner.js +0 -366
- package/dist/services/organize/scanner.js.map +0 -1
- package/dist/services/organize/store.js +0 -82
- package/dist/services/organize/store.js.map +0 -1
- package/dist/services/plugin-installer.js +0 -128
- package/dist/services/plugin-installer.js.map +0 -1
- package/dist/services/process-manager.d.ts +0 -25
- package/dist/services/process-manager.js +0 -568
- package/dist/services/process-manager.js.map +0 -1
- package/dist/services/runtime/adapters/custom.d.ts +0 -20
- package/dist/services/runtime/adapters/custom.js +0 -188
- package/dist/services/runtime/adapters/custom.js.map +0 -1
- package/dist/services/runtime/adapters/hermes.d.ts +0 -204
- package/dist/services/runtime/adapters/hermes.js +0 -1684
- package/dist/services/runtime/adapters/hermes.js.map +0 -1
- package/dist/services/runtime/adapters/openclaw-mcporter.d.ts +0 -45
- package/dist/services/runtime/adapters/openclaw-mcporter.js +0 -108
- package/dist/services/runtime/adapters/openclaw-mcporter.js.map +0 -1
- package/dist/services/runtime/adapters/openclaw.d.ts +0 -426
- package/dist/services/runtime/adapters/openclaw.js +0 -3975
- package/dist/services/runtime/adapters/openclaw.js.map +0 -1
- package/dist/services/runtime/index.d.ts +0 -34
- package/dist/services/runtime/index.js +0 -51
- package/dist/services/runtime/index.js.map +0 -1
- package/dist/services/runtime/mcp-shims/anythingllm-shim.d.ts +0 -46
- package/dist/services/runtime/mcp-shims/anythingllm-shim.js +0 -281
- package/dist/services/runtime/mcp-shims/anythingllm-shim.js.map +0 -1
- package/dist/services/runtime/mcp-shims/drive-shim.js +0 -490
- package/dist/services/runtime/mcp-shims/drive-shim.js.map +0 -1
- package/dist/services/runtime/mcp-shims/jishukb-shim.d.ts +0 -48
- package/dist/services/runtime/mcp-shims/jishukb-shim.js +0 -723
- package/dist/services/runtime/mcp-shims/jishukb-shim.js.map +0 -1
- package/dist/services/runtime/mcp-shims/mcporter-lite.js +0 -276
- package/dist/services/runtime/mcp-shims/mcporter-lite.js.map +0 -1
- package/dist/services/runtime/migrations.d.ts +0 -23
- package/dist/services/runtime/migrations.js +0 -125
- package/dist/services/runtime/migrations.js.map +0 -1
- package/dist/services/runtime/registry.d.ts +0 -13
- package/dist/services/runtime/registry.js +0 -32
- package/dist/services/runtime/registry.js.map +0 -1
- package/dist/services/runtime-identity.d.ts +0 -13
- package/dist/services/runtime-identity.js +0 -166
- package/dist/services/runtime-identity.js.map +0 -1
- package/dist/services/runtime-repair.d.ts +0 -52
- package/dist/services/runtime-repair.js +0 -352
- package/dist/services/runtime-repair.js.map +0 -1
- package/dist/services/setup-manager.d.ts +0 -158
- package/dist/services/setup-manager.js +0 -2740
- package/dist/services/setup-manager.js.map +0 -1
- package/dist/services/suggestions.d.ts +0 -27
- package/dist/services/suggestions.js +0 -133
- package/dist/services/suggestions.js.map +0 -1
- package/dist/services/system-monitor.js +0 -79
- package/dist/services/system-monitor.js.map +0 -1
- package/dist/services/system-ollama-provider.d.ts +0 -14
- package/dist/services/system-ollama-provider.js +0 -125
- package/dist/services/system-ollama-provider.js.map +0 -1
- package/dist/services/system-reconciler.d.ts +0 -72
- package/dist/services/system-reconciler.js +0 -600
- package/dist/services/system-reconciler.js.map +0 -1
- package/dist/services/task-registry.d.ts +0 -44
- package/dist/services/task-registry.js +0 -76
- package/dist/services/task-registry.js.map +0 -1
- package/dist/services/types-shim.d.ts +0 -16
- package/dist/services/types-shim.js +0 -2
- package/dist/services/types-shim.js.map +0 -1
- package/dist/services/update-manager.d.ts +0 -47
- package/dist/services/update-manager.js +0 -351
- package/dist/services/update-manager.js.map +0 -1
- package/dist/services/webdav/server.d.ts +0 -24
- package/dist/services/webdav/server.js +0 -420
- package/dist/services/webdav/server.js.map +0 -1
- package/dist/services/webdav/xml-builder.js.map +0 -1
- package/dist/services/workspace-builder.d.ts +0 -29
- package/dist/services/workspace-builder.js +0 -188
- package/dist/services/workspace-builder.js.map +0 -1
- package/node_modules/@fastify/static/.github/stale.yml +0 -21
- package/node_modules/@isaacs/cliui/LICENSE.md +0 -63
- package/node_modules/@isaacs/cliui/README.md +0 -151
- package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.d.ts +0 -4
- package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.js +0 -16
- package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.d.ts +0 -34
- package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.js +0 -170
- package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.d.ts +0 -6
- package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.js +0 -307
- package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.d.ts +0 -2
- package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.js +0 -7
- package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/index.d.ts +0 -41
- package/node_modules/@isaacs/cliui/dist/commonjs/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/index.js +0 -322
- package/node_modules/@isaacs/cliui/dist/commonjs/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/index.min.js +0 -12
- package/node_modules/@isaacs/cliui/dist/commonjs/index.min.js.map +0 -7
- package/node_modules/@isaacs/cliui/dist/commonjs/package.json +0 -3
- package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.d.ts +0 -5
- package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.js +0 -49
- package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.d.ts +0 -2
- package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.js +0 -8
- package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.d.ts +0 -7
- package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.js +0 -176
- package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.d.ts +0 -4
- package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.js +0 -12
- package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.d.ts +0 -34
- package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.js +0 -167
- package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.d.ts +0 -6
- package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.js +0 -299
- package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.d.ts +0 -2
- package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.js +0 -3
- package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/index.d.ts +0 -41
- package/node_modules/@isaacs/cliui/dist/esm/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/index.js +0 -317
- package/node_modules/@isaacs/cliui/dist/esm/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/index.min.js +0 -12
- package/node_modules/@isaacs/cliui/dist/esm/index.min.js.map +0 -7
- package/node_modules/@isaacs/cliui/dist/esm/package.json +0 -3
- package/node_modules/@isaacs/cliui/dist/esm/string-width/index.d.ts +0 -5
- package/node_modules/@isaacs/cliui/dist/esm/string-width/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/string-width/index.js +0 -46
- package/node_modules/@isaacs/cliui/dist/esm/string-width/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.d.ts +0 -2
- package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.js +0 -4
- package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.d.ts +0 -7
- package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.d.ts.map +0 -1
- package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.js +0 -172
- package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.js.map +0 -1
- package/node_modules/@isaacs/cliui/package.json +0 -163
- package/node_modules/content-disposition/HISTORY.md +0 -60
- package/node_modules/cross-spawn/LICENSE +0 -21
- package/node_modules/cross-spawn/README.md +0 -89
- package/node_modules/cross-spawn/index.js +0 -39
- package/node_modules/cross-spawn/lib/enoent.js +0 -59
- package/node_modules/cross-spawn/lib/parse.js +0 -91
- package/node_modules/cross-spawn/lib/util/escape.js +0 -47
- package/node_modules/cross-spawn/lib/util/readShebang.js +0 -23
- package/node_modules/cross-spawn/lib/util/resolveCommand.js +0 -52
- package/node_modules/cross-spawn/package.json +0 -73
- package/node_modules/foreground-child/LICENSE +0 -15
- package/node_modules/foreground-child/README.md +0 -128
- package/node_modules/foreground-child/dist/commonjs/all-signals.d.ts +0 -2
- package/node_modules/foreground-child/dist/commonjs/all-signals.d.ts.map +0 -1
- package/node_modules/foreground-child/dist/commonjs/all-signals.js +0 -58
- package/node_modules/foreground-child/dist/commonjs/all-signals.js.map +0 -1
- package/node_modules/foreground-child/dist/commonjs/index.d.ts +0 -58
- package/node_modules/foreground-child/dist/commonjs/index.d.ts.map +0 -1
- package/node_modules/foreground-child/dist/commonjs/index.js +0 -123
- package/node_modules/foreground-child/dist/commonjs/index.js.map +0 -1
- package/node_modules/foreground-child/dist/commonjs/package.json +0 -3
- package/node_modules/foreground-child/dist/commonjs/proxy-signals.d.ts +0 -6
- package/node_modules/foreground-child/dist/commonjs/proxy-signals.d.ts.map +0 -1
- package/node_modules/foreground-child/dist/commonjs/proxy-signals.js +0 -38
- package/node_modules/foreground-child/dist/commonjs/proxy-signals.js.map +0 -1
- package/node_modules/foreground-child/dist/commonjs/watchdog.d.ts +0 -10
- package/node_modules/foreground-child/dist/commonjs/watchdog.d.ts.map +0 -1
- package/node_modules/foreground-child/dist/commonjs/watchdog.js +0 -50
- package/node_modules/foreground-child/dist/commonjs/watchdog.js.map +0 -1
- package/node_modules/foreground-child/dist/esm/all-signals.d.ts +0 -2
- package/node_modules/foreground-child/dist/esm/all-signals.d.ts.map +0 -1
- package/node_modules/foreground-child/dist/esm/all-signals.js +0 -52
- package/node_modules/foreground-child/dist/esm/all-signals.js.map +0 -1
- package/node_modules/foreground-child/dist/esm/index.d.ts +0 -58
- package/node_modules/foreground-child/dist/esm/index.d.ts.map +0 -1
- package/node_modules/foreground-child/dist/esm/index.js +0 -115
- package/node_modules/foreground-child/dist/esm/index.js.map +0 -1
- package/node_modules/foreground-child/dist/esm/package.json +0 -3
- package/node_modules/foreground-child/dist/esm/proxy-signals.d.ts +0 -6
- package/node_modules/foreground-child/dist/esm/proxy-signals.d.ts.map +0 -1
- package/node_modules/foreground-child/dist/esm/proxy-signals.js +0 -34
- package/node_modules/foreground-child/dist/esm/proxy-signals.js.map +0 -1
- package/node_modules/foreground-child/dist/esm/watchdog.d.ts +0 -10
- package/node_modules/foreground-child/dist/esm/watchdog.d.ts.map +0 -1
- package/node_modules/foreground-child/dist/esm/watchdog.js +0 -46
- package/node_modules/foreground-child/dist/esm/watchdog.js.map +0 -1
- package/node_modules/foreground-child/package.json +0 -106
- package/node_modules/glob/dist/esm/bin.d.mts +0 -3
- package/node_modules/glob/dist/esm/bin.d.mts.map +0 -1
- package/node_modules/glob/dist/esm/bin.mjs +0 -346
- package/node_modules/glob/dist/esm/bin.mjs.map +0 -1
- package/node_modules/isexe/.npmignore +0 -2
- package/node_modules/isexe/LICENSE +0 -15
- package/node_modules/isexe/README.md +0 -51
- package/node_modules/isexe/index.js +0 -57
- package/node_modules/isexe/mode.js +0 -41
- package/node_modules/isexe/package.json +0 -31
- package/node_modules/isexe/test/basic.js +0 -221
- package/node_modules/isexe/windows.js +0 -42
- package/node_modules/jackspeak/LICENSE.md +0 -55
- package/node_modules/jackspeak/README.md +0 -394
- package/node_modules/jackspeak/dist/commonjs/index.d.ts +0 -323
- package/node_modules/jackspeak/dist/commonjs/index.d.ts.map +0 -1
- package/node_modules/jackspeak/dist/commonjs/index.js +0 -944
- package/node_modules/jackspeak/dist/commonjs/index.js.map +0 -1
- package/node_modules/jackspeak/dist/commonjs/index.min.js +0 -33
- package/node_modules/jackspeak/dist/commonjs/index.min.js.map +0 -7
- package/node_modules/jackspeak/dist/commonjs/package.json +0 -3
- package/node_modules/jackspeak/dist/esm/index.d.ts +0 -323
- package/node_modules/jackspeak/dist/esm/index.d.ts.map +0 -1
- package/node_modules/jackspeak/dist/esm/index.js +0 -936
- package/node_modules/jackspeak/dist/esm/index.js.map +0 -1
- package/node_modules/jackspeak/dist/esm/index.min.js +0 -33
- package/node_modules/jackspeak/dist/esm/index.min.js.map +0 -7
- package/node_modules/jackspeak/dist/esm/package.json +0 -3
- package/node_modules/jackspeak/package.json +0 -115
- package/node_modules/jishushell-panel/output/public/assets/ApiKeyField-D1i7zWXR.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/Dashboard-sWIvL43F.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/HermesChatPanel-DQ8RyvQY.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/HermesConfigForm-tIbPP1sB.js +0 -4
- package/node_modules/jishushell-panel/output/public/assets/InitPassword-C3Slq3Dd.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/InstanceDetail-7JqY9tq4.js +0 -92
- package/node_modules/jishushell-panel/output/public/assets/Login-BXLDJlQN.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/NewInstance-dLc5Xrpx.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/ProviderRecommendations-DIAXxesl.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/Settings-Bd5utbBh.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/Setup-Yn9_20FL.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/WeixinLoginPanel-C21doQTJ.js +0 -9
- package/node_modules/jishushell-panel/output/public/assets/index-CCkaIEjn.js +0 -20
- package/node_modules/jishushell-panel/output/public/assets/index-D7qxy-Vh.css +0 -1
- package/node_modules/jishushell-panel/output/public/assets/registry-B2ZQZXWL.js +0 -2
- package/node_modules/jishushell-panel/output/public/assets/usePolling-BFZm4do_.js +0 -1
- package/node_modules/jishushell-panel/output/public/assets/vendor-i18n-DqPtOicc.js +0 -9
- package/node_modules/jishushell-panel/output/public/assets/vendor-react-DW5juQin.js +0 -59
- package/node_modules/package-json-from-dist/LICENSE.md +0 -63
- package/node_modules/package-json-from-dist/README.md +0 -110
- package/node_modules/package-json-from-dist/dist/commonjs/index.d.ts +0 -89
- package/node_modules/package-json-from-dist/dist/commonjs/index.d.ts.map +0 -1
- package/node_modules/package-json-from-dist/dist/commonjs/index.js +0 -134
- package/node_modules/package-json-from-dist/dist/commonjs/index.js.map +0 -1
- package/node_modules/package-json-from-dist/dist/commonjs/package.json +0 -3
- package/node_modules/package-json-from-dist/dist/esm/index.d.ts +0 -89
- package/node_modules/package-json-from-dist/dist/esm/index.d.ts.map +0 -1
- package/node_modules/package-json-from-dist/dist/esm/index.js +0 -129
- package/node_modules/package-json-from-dist/dist/esm/index.js.map +0 -1
- package/node_modules/package-json-from-dist/dist/esm/package.json +0 -3
- package/node_modules/package-json-from-dist/package.json +0 -68
- package/node_modules/path-key/index.d.ts +0 -40
- package/node_modules/path-key/index.js +0 -16
- package/node_modules/path-key/license +0 -9
- package/node_modules/path-key/package.json +0 -39
- package/node_modules/path-key/readme.md +0 -61
- package/node_modules/safe-buffer/LICENSE +0 -21
- package/node_modules/safe-buffer/README.md +0 -584
- package/node_modules/safe-buffer/index.d.ts +0 -187
- package/node_modules/safe-buffer/index.js +0 -65
- package/node_modules/safe-buffer/package.json +0 -51
- package/node_modules/shebang-command/index.js +0 -19
- package/node_modules/shebang-command/license +0 -9
- package/node_modules/shebang-command/package.json +0 -34
- package/node_modules/shebang-command/readme.md +0 -34
- package/node_modules/shebang-regex/index.d.ts +0 -22
- package/node_modules/shebang-regex/index.js +0 -2
- package/node_modules/shebang-regex/license +0 -9
- package/node_modules/shebang-regex/package.json +0 -35
- package/node_modules/shebang-regex/readme.md +0 -33
- package/node_modules/signal-exit/LICENSE.txt +0 -16
- package/node_modules/signal-exit/README.md +0 -74
- package/node_modules/signal-exit/dist/cjs/browser.d.ts +0 -12
- package/node_modules/signal-exit/dist/cjs/browser.d.ts.map +0 -1
- package/node_modules/signal-exit/dist/cjs/browser.js +0 -10
- package/node_modules/signal-exit/dist/cjs/browser.js.map +0 -1
- package/node_modules/signal-exit/dist/cjs/index.d.ts +0 -48
- package/node_modules/signal-exit/dist/cjs/index.d.ts.map +0 -1
- package/node_modules/signal-exit/dist/cjs/index.js +0 -279
- package/node_modules/signal-exit/dist/cjs/index.js.map +0 -1
- package/node_modules/signal-exit/dist/cjs/package.json +0 -3
- package/node_modules/signal-exit/dist/cjs/signals.d.ts +0 -29
- package/node_modules/signal-exit/dist/cjs/signals.d.ts.map +0 -1
- package/node_modules/signal-exit/dist/cjs/signals.js +0 -42
- package/node_modules/signal-exit/dist/cjs/signals.js.map +0 -1
- package/node_modules/signal-exit/dist/mjs/browser.d.ts +0 -12
- package/node_modules/signal-exit/dist/mjs/browser.d.ts.map +0 -1
- package/node_modules/signal-exit/dist/mjs/browser.js +0 -4
- package/node_modules/signal-exit/dist/mjs/browser.js.map +0 -1
- package/node_modules/signal-exit/dist/mjs/index.d.ts +0 -48
- package/node_modules/signal-exit/dist/mjs/index.d.ts.map +0 -1
- package/node_modules/signal-exit/dist/mjs/index.js +0 -275
- package/node_modules/signal-exit/dist/mjs/index.js.map +0 -1
- package/node_modules/signal-exit/dist/mjs/package.json +0 -3
- package/node_modules/signal-exit/dist/mjs/signals.d.ts +0 -29
- package/node_modules/signal-exit/dist/mjs/signals.d.ts.map +0 -1
- package/node_modules/signal-exit/dist/mjs/signals.js +0 -39
- package/node_modules/signal-exit/dist/mjs/signals.js.map +0 -1
- package/node_modules/signal-exit/package.json +0 -106
- package/node_modules/which/CHANGELOG.md +0 -166
- package/node_modules/which/LICENSE +0 -15
- package/node_modules/which/README.md +0 -54
- package/node_modules/which/bin/node-which +0 -52
- package/node_modules/which/package.json +0 -43
- package/node_modules/which/which.js +0 -125
- package/scripts/check-adapter-isolation.ts +0 -293
- /package/dist/services/{app → app-common}/app-compiler.d.ts +0 -0
- /package/dist/services/{app → app-common}/terminal-session-manager.d.ts +0 -0
- /package/dist/services/{backup-verify.d.ts → backup/backup-verify.d.ts} +0 -0
- /package/dist/services/{external-mounts.d.ts → files/external-mounts.d.ts} +0 -0
- /package/dist/services/{organize → files/organize}/applier.d.ts +0 -0
- /package/dist/services/{organize → files/organize}/rules.d.ts +0 -0
- /package/dist/services/{organize → files/organize}/scanner.d.ts +0 -0
- /package/dist/services/{organize → files/organize}/store.d.ts +0 -0
- /package/dist/services/{webdav → files/webdav}/xml-builder.d.ts +0 -0
- /package/dist/services/{webdav → files/webdav}/xml-builder.js +0 -0
- /package/dist/services/{app-passwords.d.ts → instances/passwords.d.ts} +0 -0
- /package/dist/services/{agent-apps → integrations/installable}/installers/registry-probe.d.ts +0 -0
- /package/dist/services/{agent-apps → integrations/installable}/installers/registry-probe.js +0 -0
- /package/dist/services/{runtime/mcp-shims → integrations/openclaw}/drive-shim.d.ts +0 -0
- /package/dist/services/{runtime/mcp-shims → integrations/openclaw}/mcporter-lite.d.ts +0 -0
- /package/dist/services/{plugin-installer.d.ts → setup/plugin-installer.d.ts} +0 -0
- /package/dist/services/{macos-launchd.d.ts → system/macos-launchd.d.ts} +0 -0
- /package/dist/services/{system-monitor.d.ts → system/system-monitor.d.ts} +0 -0
|
@@ -1,3958 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Nomad-based service manager — kind-agnostic scheduler layer.
|
|
3
|
-
*
|
|
4
|
-
* §32.2 / §32.8: this file contains ZERO knowledge of specific agent kinds.
|
|
5
|
-
* Runtime-specific task assembly (`buildNomadTask`), pre-start patches
|
|
6
|
-
* (`hooks.onBeforeStart`), and capability profiles live inside
|
|
7
|
-
* `src/services/runtime/adapters/<agentType>.ts`. Framework dispatch is:
|
|
8
|
-
*
|
|
9
|
-
* const agentType = resolveAgentType(getInstance(id));
|
|
10
|
-
* const adapter = getAdapter(agentType);
|
|
11
|
-
* await adapter.hooks?.onBeforeStart?.({ instanceId });
|
|
12
|
-
* const task = await adapter.buildNomadTask(instanceId);
|
|
13
|
-
*/
|
|
14
|
-
import { execFile as execFileCb, spawn } from "child_process";
|
|
15
|
-
import { existsSync, readFileSync } from "fs";
|
|
16
|
-
import { createServer as netCreateServer } from "net";
|
|
17
|
-
import { homedir, userInfo } from "os";
|
|
18
|
-
import { basename, join } from "path";
|
|
19
|
-
import { StringDecoder } from "string_decoder";
|
|
20
|
-
import { promisify } from "util";
|
|
21
|
-
import { parse } from "yaml";
|
|
22
|
-
import * as config from "../config.js";
|
|
23
|
-
import { extractGatewayPort, getGatewayPort, getInstance, getInstanceRuntime, instanceMetaPath, getRuntimeEnv, isPortInUse, reallocateGatewayPort, } from "./instance-manager.js";
|
|
24
|
-
import { getAdapter, resolveAgentType } from "./runtime/index.js";
|
|
25
|
-
import { resolveNomadJobId } from "./runtime/job-id.js";
|
|
26
|
-
import { resolveRuntimeIdentity } from "./runtime-identity.js";
|
|
27
|
-
function getConfigValue(name) {
|
|
28
|
-
return name in config ? config[name] : undefined;
|
|
29
|
-
}
|
|
30
|
-
function resolveConfigPath(value, fallback) {
|
|
31
|
-
return typeof value === "string" && value.trim() ? value : fallback;
|
|
32
|
-
}
|
|
33
|
-
const JISHUSHELL_HOME = resolveConfigPath(getConfigValue("JISHUSHELL_HOME"), join(process.env.HOME ?? homedir(), ".jishushell"));
|
|
34
|
-
const APPS_DIR = resolveConfigPath(getConfigValue("APPS_DIR"), join(JISHUSHELL_HOME, "apps"));
|
|
35
|
-
const _INSTANCES_DIR = resolveConfigPath(getConfigValue("INSTANCES_DIR"), join(JISHUSHELL_HOME, "instances"));
|
|
36
|
-
const getNomadAddrValue = getConfigValue("getNomadAddr");
|
|
37
|
-
const getNomadDriverValue = getConfigValue("getNomadDriver");
|
|
38
|
-
const getNomadTokenValue = getConfigValue("getNomadToken");
|
|
39
|
-
const getCoreConfigValue = getConfigValue("getCoreConfig");
|
|
40
|
-
const getNomadAddr = typeof getNomadAddrValue === "function"
|
|
41
|
-
? getNomadAddrValue
|
|
42
|
-
: () => "http://127.0.0.1:4646";
|
|
43
|
-
const getNomadDriver = typeof getNomadDriverValue === "function"
|
|
44
|
-
? getNomadDriverValue
|
|
45
|
-
: () => "docker";
|
|
46
|
-
const getNomadToken = typeof getNomadTokenValue === "function"
|
|
47
|
-
? getNomadTokenValue
|
|
48
|
-
: () => "";
|
|
49
|
-
const getCoreConfig = typeof getCoreConfigValue === "function"
|
|
50
|
-
? getCoreConfigValue
|
|
51
|
-
: () => ({});
|
|
52
|
-
// Docker image names must match this pattern to prevent command injection.
|
|
53
|
-
export const DOCKER_IMAGE_RE = /^[a-zA-Z0-9][a-zA-Z0-9\-_.:/@]*$/;
|
|
54
|
-
/**
|
|
55
|
-
* Linux username validation regex. Shared by adapter Nomad task builders
|
|
56
|
-
* (OpenClaw / Hermes) and re-exported here as a neutral framework constant
|
|
57
|
-
* so security-regression tests can assert on it without depending on a
|
|
58
|
-
* specific adapter file.
|
|
59
|
-
*
|
|
60
|
-
* Strict form: lowercase letters/digits/dot/dash/underscore only, 1..32 chars.
|
|
61
|
-
* Rejects uppercase, shell metacharacters, paths, and empty strings.
|
|
62
|
-
*/
|
|
63
|
-
export const VALID_USER_RE = /^[a-z0-9._-]{1,32}$/;
|
|
64
|
-
// Maximum allowed length for a Docker image reference.
|
|
65
|
-
export const MAX_DOCKER_IMAGE_NAME_LEN = 256;
|
|
66
|
-
/**
|
|
67
|
-
* Nomad job name prefix. Dispatched via `adapter.nomadJobPrefix` so
|
|
68
|
-
* every runtime owns its own namespace (`hermes-<id>`, `openclaw-<id>`,
|
|
69
|
-
* …). New agent runtimes should declare their own prefix on the
|
|
70
|
-
* adapter rather than re-using another kind's. Falls back to the
|
|
71
|
-
* framework-generic `jishushell-` only when the adapter lookup fails —
|
|
72
|
-
* that branch shouldn't fire for a registered agent type.
|
|
73
|
-
*/
|
|
74
|
-
function jobPrefixFor(instanceId) {
|
|
75
|
-
try {
|
|
76
|
-
const agentType = getInstanceAgentType(instanceId);
|
|
77
|
-
const adapter = getAdapter(agentType);
|
|
78
|
-
return adapter.nomadJobPrefix ?? "jishushell-";
|
|
79
|
-
}
|
|
80
|
-
catch {
|
|
81
|
-
return "jishushell-";
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
|
-
/**
|
|
85
|
-
* Per-instance Nomad Variable subpath. Returned without the leading
|
|
86
|
-
* `nomad/jobs/<jid>/` prefix. `undefined` means this adapter does not
|
|
87
|
-
* use Nomad Variables — writeInstanceVariables/purgeInstanceVariables
|
|
88
|
-
* become no-ops.
|
|
89
|
-
*/
|
|
90
|
-
function adapterVariableSubpath(instanceId) {
|
|
91
|
-
try {
|
|
92
|
-
const agentType = getInstanceAgentType(instanceId);
|
|
93
|
-
const adapter = getAdapter(agentType);
|
|
94
|
-
return adapter.nomadVariablePath;
|
|
95
|
-
}
|
|
96
|
-
catch {
|
|
97
|
-
return undefined;
|
|
98
|
-
}
|
|
99
|
-
}
|
|
100
|
-
/**
|
|
101
|
-
* Resolve the Nomad task name for the given instance. Reads
|
|
102
|
-
* `adapter.nomadTaskName` so framework code never hardcodes "gateway".
|
|
103
|
-
* Falls back to "gateway" for backwards compat when the adapter leaves it
|
|
104
|
-
* unset or the lookup fails.
|
|
105
|
-
*/
|
|
106
|
-
function resolveTaskName(instanceId) {
|
|
107
|
-
try {
|
|
108
|
-
const agentType = getInstanceAgentType(instanceId);
|
|
109
|
-
return getAdapter(agentType).nomadTaskName ?? "gateway";
|
|
110
|
-
}
|
|
111
|
-
catch {
|
|
112
|
-
return "gateway";
|
|
113
|
-
}
|
|
114
|
-
}
|
|
115
|
-
function getLegacyManagedAppType(instanceId) {
|
|
116
|
-
const identity = resolveRuntimeIdentity(instanceId);
|
|
117
|
-
if (identity?.installMode === "app-dir")
|
|
118
|
-
return null;
|
|
119
|
-
const meta = getInstance(instanceId);
|
|
120
|
-
const appType = typeof meta?.app_type === "string" ? meta.app_type.trim() : "";
|
|
121
|
-
return appType === "custom" || appType === "ollama" ? appType : null;
|
|
122
|
-
}
|
|
123
|
-
async function getLegacyAppManager(instanceId) {
|
|
124
|
-
const appType = getLegacyManagedAppType(instanceId);
|
|
125
|
-
if (!appType)
|
|
126
|
-
return null;
|
|
127
|
-
const { getAppManager } = await import("./app/registry.js");
|
|
128
|
-
return getAppManager(appType);
|
|
129
|
-
}
|
|
130
|
-
async function getInstanceBackedInstalledApp(instanceId) {
|
|
131
|
-
const { getApp } = await import("./app/app-manager.js");
|
|
132
|
-
const appData = getApp(instanceId);
|
|
133
|
-
if (!appData || appData.manifest.install_mode !== "instance-dir")
|
|
134
|
-
return null;
|
|
135
|
-
return appData;
|
|
136
|
-
}
|
|
137
|
-
async function getAppDirInstalledApp(instanceId) {
|
|
138
|
-
const { getApp } = await import("./app/app-manager.js");
|
|
139
|
-
const appData = getApp(instanceId);
|
|
140
|
-
if (!appData || appData.manifest.install_mode !== "app-dir")
|
|
141
|
-
return null;
|
|
142
|
-
return appData;
|
|
143
|
-
}
|
|
144
|
-
async function getAdapterManagedAppDirInstalledApp(instanceId) {
|
|
145
|
-
const appData = await getAppDirInstalledApp(instanceId);
|
|
146
|
-
if (!appData)
|
|
147
|
-
return null;
|
|
148
|
-
const identity = resolveRuntimeIdentity(instanceId);
|
|
149
|
-
return identity?.driver === "runtime-adapter" ? appData : null;
|
|
150
|
-
}
|
|
151
|
-
// Tracks the core server's listening port so bridge-mode containers can reach it via host.docker.internal.
|
|
152
|
-
let _corePort = 8091;
|
|
153
|
-
export function setCorePort(port) { _corePort = port; }
|
|
154
|
-
// §32.2 / §32.8: patchJsproxyBaseUrl / patchDockerBridgeGatewayBind /
|
|
155
|
-
// ensureOpenclawUpdateSeed previously lived here (~140 lines). They are now
|
|
156
|
-
// owned by `src/services/runtime/adapters/openclaw.ts` and invoked via
|
|
157
|
-
// `adapter.hooks.onBeforeStart({ instanceId })` in startInstance below.
|
|
158
|
-
export const VALID_LOG_TYPES = new Set(["stdout", "stderr"]);
|
|
159
|
-
async function inspectDockerLogPath(command, args) {
|
|
160
|
-
try {
|
|
161
|
-
const { stdout } = await execFileAsync(command, args, { timeout: 5_000 });
|
|
162
|
-
const logPath = stdout.trim();
|
|
163
|
-
return logPath || null;
|
|
164
|
-
}
|
|
165
|
-
catch {
|
|
166
|
-
return null;
|
|
167
|
-
}
|
|
168
|
-
}
|
|
169
|
-
async function resolveDockerLogPath(containerName) {
|
|
170
|
-
const direct = await inspectDockerLogPath("docker", [
|
|
171
|
-
"inspect",
|
|
172
|
-
"--format",
|
|
173
|
-
"{{.LogPath}}",
|
|
174
|
-
containerName,
|
|
175
|
-
]);
|
|
176
|
-
if (direct)
|
|
177
|
-
return direct;
|
|
178
|
-
return inspectDockerLogPath("sudo", [
|
|
179
|
-
"-n",
|
|
180
|
-
"docker",
|
|
181
|
-
"inspect",
|
|
182
|
-
"--format",
|
|
183
|
-
"{{.LogPath}}",
|
|
184
|
-
containerName,
|
|
185
|
-
]);
|
|
186
|
-
}
|
|
187
|
-
async function readDockerLogText(logPath, lines) {
|
|
188
|
-
try {
|
|
189
|
-
return readFileSync(logPath, "utf-8");
|
|
190
|
-
}
|
|
191
|
-
catch {
|
|
192
|
-
try {
|
|
193
|
-
const tailLines = String(Math.max(lines * 50, 2_000));
|
|
194
|
-
const { stdout } = await execFileAsync("sudo", ["-n", "tail", "-n", tailLines, logPath], {
|
|
195
|
-
timeout: 5_000,
|
|
196
|
-
});
|
|
197
|
-
return stdout;
|
|
198
|
-
}
|
|
199
|
-
catch {
|
|
200
|
-
return "";
|
|
201
|
-
}
|
|
202
|
-
}
|
|
203
|
-
}
|
|
204
|
-
async function readDockerCliLogs(containerName, lines) {
|
|
205
|
-
const commands = [
|
|
206
|
-
{ command: "docker", args: ["logs", "--tail", String(lines), containerName] },
|
|
207
|
-
{ command: "sudo", args: ["-n", "docker", "logs", "--tail", String(lines), containerName] },
|
|
208
|
-
];
|
|
209
|
-
for (const candidate of commands) {
|
|
210
|
-
try {
|
|
211
|
-
const { stdout, stderr } = await execFileAsync(candidate.command, candidate.args, { timeout: 10_000 });
|
|
212
|
-
const combined = `${stdout}${stderr}`.trim();
|
|
213
|
-
if (combined)
|
|
214
|
-
return combined.split("\n").slice(-lines);
|
|
215
|
-
}
|
|
216
|
-
catch {
|
|
217
|
-
continue;
|
|
218
|
-
}
|
|
219
|
-
}
|
|
220
|
-
return [];
|
|
221
|
-
}
|
|
222
|
-
async function readDockerStreamLogs(containerName, lines = 200, logType = "stderr") {
|
|
223
|
-
if (!VALID_LOG_TYPES.has(logType))
|
|
224
|
-
logType = "stderr";
|
|
225
|
-
const logPath = await resolveDockerLogPath(containerName);
|
|
226
|
-
if (!logPath)
|
|
227
|
-
return readDockerCliLogs(containerName, lines);
|
|
228
|
-
const rawText = await readDockerLogText(logPath, lines);
|
|
229
|
-
if (!rawText)
|
|
230
|
-
return readDockerCliLogs(containerName, lines);
|
|
231
|
-
const collected = [];
|
|
232
|
-
const entries = rawText.split("\n");
|
|
233
|
-
for (let index = entries.length - 1; index >= 0 && collected.length < lines; index--) {
|
|
234
|
-
const line = entries[index]?.trim();
|
|
235
|
-
if (!line)
|
|
236
|
-
continue;
|
|
237
|
-
try {
|
|
238
|
-
const parsed = JSON.parse(line);
|
|
239
|
-
if (parsed.stream !== logType)
|
|
240
|
-
continue;
|
|
241
|
-
const message = typeof parsed.log === "string"
|
|
242
|
-
? parsed.log.replace(/\n$/, "")
|
|
243
|
-
: "";
|
|
244
|
-
if (message)
|
|
245
|
-
collected.push(message);
|
|
246
|
-
}
|
|
247
|
-
catch {
|
|
248
|
-
continue;
|
|
249
|
-
}
|
|
250
|
-
}
|
|
251
|
-
const streamLines = collected.reverse();
|
|
252
|
-
if (streamLines.length > 0)
|
|
253
|
-
return streamLines;
|
|
254
|
-
return readDockerCliLogs(containerName, lines);
|
|
255
|
-
}
|
|
256
|
-
function nomadAuthHeaders() {
|
|
257
|
-
const token = getNomadToken();
|
|
258
|
-
return token ? { "X-Nomad-Token": token } : {};
|
|
259
|
-
}
|
|
260
|
-
// §32.2 / §32.8: scheduler-level defaults and resource ceilings. Runtime
|
|
261
|
-
// command / args / env / resources now live inside each adapter's
|
|
262
|
-
// `buildNomadTask` — nomad-manager never looks at them directly.
|
|
263
|
-
function jobId(instanceId) {
|
|
264
|
-
return resolveNomadJobId(instanceId, jobPrefixFor(instanceId));
|
|
265
|
-
}
|
|
266
|
-
/** Exported only for unit tests — not part of the public API. */
|
|
267
|
-
export function __jobIdForTests(instanceId) {
|
|
268
|
-
return jobId(instanceId);
|
|
269
|
-
}
|
|
270
|
-
// Nomad Template metacharacters that must not appear in values interpolated
|
|
271
|
-
// into EmbeddedTmpl. Defense-in-depth: instanceId is already validated by the
|
|
272
|
-
// route layer, but this guard makes the template-building code self-contained.
|
|
273
|
-
export const NOMAD_TEMPLATE_UNSAFE_RE = /[{}"\\]/;
|
|
274
|
-
function assertSafeTemplateId(id) {
|
|
275
|
-
if (NOMAD_TEMPLATE_UNSAFE_RE.test(id)) {
|
|
276
|
-
throw new Error(`Job ID "${id}" contains characters unsafe for Nomad Template interpolation`);
|
|
277
|
-
}
|
|
278
|
-
}
|
|
279
|
-
async function nomadGet(path) {
|
|
280
|
-
const resp = await fetch(`${getNomadAddr()}${path}`, {
|
|
281
|
-
headers: nomadAuthHeaders(),
|
|
282
|
-
signal: AbortSignal.timeout(10000),
|
|
283
|
-
});
|
|
284
|
-
if (!resp.ok && resp.status !== 404)
|
|
285
|
-
throw new Error(`Nomad ${path}: ${resp.status}`);
|
|
286
|
-
return resp;
|
|
287
|
-
}
|
|
288
|
-
async function nomadPost(path, body) {
|
|
289
|
-
return fetch(`${getNomadAddr()}${path}`, {
|
|
290
|
-
method: "POST",
|
|
291
|
-
headers: { "Content-Type": "application/json", ...nomadAuthHeaders() },
|
|
292
|
-
body: JSON.stringify(body),
|
|
293
|
-
signal: AbortSignal.timeout(10000),
|
|
294
|
-
});
|
|
295
|
-
}
|
|
296
|
-
async function nomadDelete(path) {
|
|
297
|
-
return fetch(`${getNomadAddr()}${path}`, {
|
|
298
|
-
method: "DELETE",
|
|
299
|
-
headers: nomadAuthHeaders(),
|
|
300
|
-
signal: AbortSignal.timeout(10000),
|
|
301
|
-
});
|
|
302
|
-
}
|
|
303
|
-
async function nomadPut(path, body) {
|
|
304
|
-
return fetch(`${getNomadAddr()}${path}`, {
|
|
305
|
-
method: "PUT",
|
|
306
|
-
headers: { "Content-Type": "application/json", ...nomadAuthHeaders() },
|
|
307
|
-
body: JSON.stringify(body),
|
|
308
|
-
signal: AbortSignal.timeout(10000),
|
|
309
|
-
});
|
|
310
|
-
}
|
|
311
|
-
// ── Nomad Variables (secrets) ──
|
|
312
|
-
export async function writeInstanceVariables(instanceId) {
|
|
313
|
-
const jid = jobId(instanceId);
|
|
314
|
-
// (short-term mitigation): variable path follows Nomad's workload-identity
|
|
315
|
-
// convention. Each job's workload identity has implicit read/write access only
|
|
316
|
-
// to variables under its own nomad/jobs/<job-id>/ prefix, providing per-job
|
|
317
|
-
// secret isolation within the shared "default" namespace. Per-instance Nomad
|
|
318
|
-
// namespaces remain a planned future improvement.
|
|
319
|
-
const ns = "default";
|
|
320
|
-
const subpath = adapterVariableSubpath(instanceId);
|
|
321
|
-
if (!subpath)
|
|
322
|
-
return;
|
|
323
|
-
const varPath = `nomad/jobs/${jid}/${subpath}`;
|
|
324
|
-
const encodedPath = encodeURIComponent(varPath);
|
|
325
|
-
// Read proxy token from env file
|
|
326
|
-
const env = getRuntimeEnv(instanceId);
|
|
327
|
-
const proxyToken = env.JSPROXY_API_KEY || "";
|
|
328
|
-
// Nothing to store when proxy token is unconfigured.
|
|
329
|
-
if (!proxyToken)
|
|
330
|
-
return;
|
|
331
|
-
const items = { JSPROXY_API_KEY: proxyToken };
|
|
332
|
-
// retry with exponential back-off on CAS conflicts (409) so concurrent
|
|
333
|
-
// startInstance calls do not silently discard the latest token. Throw after
|
|
334
|
-
// MAX_ATTEMPTS so the caller can surface the error instead of continuing with
|
|
335
|
-
// a missing proxy token.
|
|
336
|
-
const MAX_ATTEMPTS = 3;
|
|
337
|
-
for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
|
|
338
|
-
// Re-read ModifyIndex on every attempt to always CAS against the latest version.
|
|
339
|
-
let cas = 0;
|
|
340
|
-
try {
|
|
341
|
-
const existing = await nomadGet(`/v1/var/${encodedPath}?namespace=${ns}`);
|
|
342
|
-
if (existing.ok) {
|
|
343
|
-
const data = await existing.json();
|
|
344
|
-
cas = data.ModifyIndex || 0;
|
|
345
|
-
}
|
|
346
|
-
}
|
|
347
|
-
catch { /* variable may not exist yet — cas=0 creates a new one */ }
|
|
348
|
-
const resp = await nomadPut(`/v1/var/${encodedPath}?cas=${cas}&namespace=${ns}`, {
|
|
349
|
-
Namespace: ns,
|
|
350
|
-
Path: varPath,
|
|
351
|
-
Items: items,
|
|
352
|
-
});
|
|
353
|
-
if (resp.ok)
|
|
354
|
-
return;
|
|
355
|
-
const text = await resp.text();
|
|
356
|
-
// 409 Conflict = CAS mismatch; another writer won the race — retry.
|
|
357
|
-
if (resp.status === 409 && attempt < MAX_ATTEMPTS - 1) {
|
|
358
|
-
await new Promise(r => setTimeout(r, 100 * Math.pow(2, attempt)));
|
|
359
|
-
continue;
|
|
360
|
-
}
|
|
361
|
-
throw new Error(`Failed to write Nomad Variables for ${instanceId}` +
|
|
362
|
-
` (attempt ${attempt + 1}/${MAX_ATTEMPTS}): HTTP ${resp.status} ${text}`);
|
|
363
|
-
}
|
|
364
|
-
}
|
|
365
|
-
export async function purgeInstanceVariables(instanceId) {
|
|
366
|
-
const jid = jobId(instanceId);
|
|
367
|
-
const subpath = adapterVariableSubpath(instanceId);
|
|
368
|
-
if (!subpath)
|
|
369
|
-
return;
|
|
370
|
-
const varPath = `nomad/jobs/${jid}/${subpath}`;
|
|
371
|
-
const encodedPath = encodeURIComponent(varPath);
|
|
372
|
-
try {
|
|
373
|
-
// Match writeInstanceVariables symmetry: always pin the namespace on
|
|
374
|
-
// every Variables API call so the delete cannot drift into a different
|
|
375
|
-
// namespace if Nomad's default-namespace behaviour changes between
|
|
376
|
-
// minor versions. Without this, a schema tweak in a future 1.6.x point
|
|
377
|
-
// release could leave a stale secret behind after purge=true.
|
|
378
|
-
const resp = await nomadDelete(`/v1/var/${encodedPath}?namespace=default`);
|
|
379
|
-
if (!resp.ok && resp.status !== 404) {
|
|
380
|
-
console.warn(`[nomad] Failed to purge variables for ${instanceId}: HTTP ${resp.status}`);
|
|
381
|
-
}
|
|
382
|
-
}
|
|
383
|
-
catch (e) {
|
|
384
|
-
console.warn(`[nomad] Failed to purge variables for ${instanceId}: ${e.message}`);
|
|
385
|
-
}
|
|
386
|
-
}
|
|
387
|
-
/**
|
|
388
|
-
* Resolve the numeric uid:gid for a given username by reading /etc/passwd.
|
|
389
|
-
* Falls back to process.getuid!():process.getgid!() when the lookup fails.
|
|
390
|
-
* Still used here by the kind-agnostic `exec()` helper below (for docker
|
|
391
|
-
* exec user resolution); adapters carry their own copies for task build.
|
|
392
|
-
*/
|
|
393
|
-
function resolveUidGid(username) {
|
|
394
|
-
try {
|
|
395
|
-
const passwd = readFileSync("/etc/passwd", "utf-8");
|
|
396
|
-
const line = passwd.split("\n").find(l => l.startsWith(username + ":"));
|
|
397
|
-
if (line) {
|
|
398
|
-
const parts = line.split(":");
|
|
399
|
-
const uid = parseInt(parts[2], 10);
|
|
400
|
-
const gid = parseInt(parts[3], 10);
|
|
401
|
-
if (!isNaN(uid) && !isNaN(gid))
|
|
402
|
-
return `${uid}:${gid}`;
|
|
403
|
-
}
|
|
404
|
-
}
|
|
405
|
-
catch { /* ignore */ }
|
|
406
|
-
return `${process.getuid()}:${process.getgid()}`;
|
|
407
|
-
}
|
|
408
|
-
// §32.2 / §32.8:
|
|
409
|
-
// The previous ~380 lines of OpenClaw / Hermes task assembly
|
|
410
|
-
// (`buildRuntime`, `buildTaskDocker`, `buildHermesTaskDocker`, resource
|
|
411
|
-
// normalizer, kind detector) have been physically migrated into
|
|
412
|
-
// `src/services/runtime/adapters/{openclaw,hermes}.ts:buildNomadTask()`.
|
|
413
|
-
// Framework code here is now a pure dispatcher: it asks the adapter for
|
|
414
|
-
// a Nomad task definition and embeds it in the job spec below.
|
|
415
|
-
function getInstanceAgentType(instanceId) {
|
|
416
|
-
try {
|
|
417
|
-
const meta = getInstance(instanceId);
|
|
418
|
-
return resolveAgentType(meta);
|
|
419
|
-
}
|
|
420
|
-
catch {
|
|
421
|
-
return "openclaw";
|
|
422
|
-
}
|
|
423
|
-
}
|
|
424
|
-
function wrapNomadJob(jid, groupName, task) {
|
|
425
|
-
// Adapters declare port reservations on `task.Resources.Networks` (legacy
|
|
426
|
-
// schema). The docker driver's `Config.ports = [<label>]` lookup, however,
|
|
427
|
-
// resolves labels against the TaskGroup-level `Networks` block. Move (not
|
|
428
|
-
// copy) the network block so the docker driver can find the port and so
|
|
429
|
-
// HostNetwork ("external") is honored — without this, ports publish to
|
|
430
|
-
// 127.0.0.1 by default. Keeping it on both levels would make Nomad reject
|
|
431
|
-
// the job with "port label already in use".
|
|
432
|
-
const taskNetworks = Array.isArray(task?.Resources?.Networks)
|
|
433
|
-
? task.Resources.Networks
|
|
434
|
-
: [];
|
|
435
|
-
const groupNetworks = taskNetworks.length > 0 ? taskNetworks.map((n) => ({ ...n })) : undefined;
|
|
436
|
-
if (groupNetworks && task?.Resources && typeof task.Resources === "object") {
|
|
437
|
-
delete task.Resources.Networks;
|
|
438
|
-
}
|
|
439
|
-
return {
|
|
440
|
-
Job: {
|
|
441
|
-
ID: jid,
|
|
442
|
-
Name: jid,
|
|
443
|
-
Namespace: "default",
|
|
444
|
-
Type: "service",
|
|
445
|
-
Datacenters: ["*"],
|
|
446
|
-
TaskGroups: [{
|
|
447
|
-
Name: groupName,
|
|
448
|
-
Count: 1,
|
|
449
|
-
...(groupNetworks ? { Networks: groupNetworks } : {}),
|
|
450
|
-
RestartPolicy: {
|
|
451
|
-
// 10 attempts × 15s delay = ~2.5min recovery window. Multi-task
|
|
452
|
-
// groups (e.g. weknora-app racing paradedb cold-init) commonly
|
|
453
|
-
// need 3-5 restarts before the dependency's external port-publish
|
|
454
|
-
// settles. Previous 3-attempt cap caused alloc-fail cascades on
|
|
455
|
-
// first-boot of stacks with DB sidecars.
|
|
456
|
-
Attempts: 10,
|
|
457
|
-
Interval: 600000000000,
|
|
458
|
-
Delay: 15000000000,
|
|
459
|
-
Mode: "fail",
|
|
460
|
-
},
|
|
461
|
-
Reschedule: {
|
|
462
|
-
// Allow Nomad to reschedule the whole alloc up to 3 times if all
|
|
463
|
-
// restarts fail (e.g. transient image pull or host reboot).
|
|
464
|
-
// Unlimited stays false to keep alloc churn bounded.
|
|
465
|
-
Attempts: 3,
|
|
466
|
-
Interval: 3600000000000,
|
|
467
|
-
Unlimited: false,
|
|
468
|
-
},
|
|
469
|
-
Update: {
|
|
470
|
-
MaxParallel: 1,
|
|
471
|
-
HealthCheck: "task_states",
|
|
472
|
-
MinHealthyTime: 5000000000,
|
|
473
|
-
HealthyDeadline: 60000000000,
|
|
474
|
-
AutoRevert: false,
|
|
475
|
-
},
|
|
476
|
-
Tasks: [task],
|
|
477
|
-
}],
|
|
478
|
-
},
|
|
479
|
-
};
|
|
480
|
-
}
|
|
481
|
-
async function buildJob(instanceId) {
|
|
482
|
-
const jid = jobId(instanceId);
|
|
483
|
-
const driver = getNomadDriver();
|
|
484
|
-
if (driver !== "docker") {
|
|
485
|
-
throw new Error(`Unsupported Nomad driver: ${driver}. Only "docker" is supported.`);
|
|
486
|
-
}
|
|
487
|
-
const legacyManager = await getLegacyAppManager(instanceId);
|
|
488
|
-
if (legacyManager) {
|
|
489
|
-
const runtime = legacyManager.buildRuntime(instanceId);
|
|
490
|
-
const task = legacyManager.buildNomadTask(instanceId, runtime, jid);
|
|
491
|
-
await injectConnectionsRuntimeEnv(instanceId, task);
|
|
492
|
-
return wrapNomadJob(jid, legacyManager.nomadTaskGroupName(), task);
|
|
493
|
-
}
|
|
494
|
-
// Pure adapter dispatch — no more `isHermesInstance()` / kind literals.
|
|
495
|
-
const agentType = getInstanceAgentType(instanceId);
|
|
496
|
-
const adapter = getAdapter(agentType);
|
|
497
|
-
if (!adapter.buildNomadTask) {
|
|
498
|
-
throw new Error(`Runtime adapter "${agentType}" does not implement buildNomadTask(); cannot schedule Nomad job`);
|
|
499
|
-
}
|
|
500
|
-
const task = await adapter.buildNomadTask(instanceId);
|
|
501
|
-
await injectConnectionsRuntimeEnv(instanceId, task);
|
|
502
|
-
// Task group name mirrors the agentType. Log/status helpers resolve the
|
|
503
|
-
// Nomad task name via resolveTaskName(instanceId) → adapter.nomadTaskName.
|
|
504
|
-
const groupName = agentType;
|
|
505
|
-
return wrapNomadJob(jid, groupName, task);
|
|
506
|
-
}
|
|
507
|
-
/**
|
|
508
|
-
* Re-resolve `instance.connections` against the live capability registry
|
|
509
|
-
* and merge the resulting env into the freshly-built Nomad task. Idempotent
|
|
510
|
-
* — empty meta.connections short-circuits to a no-op.
|
|
511
|
-
*
|
|
512
|
-
* Resolving at start time (rather than reading the frozen
|
|
513
|
-
* `instance.json["connections-env"]` written by PUT /connections) means
|
|
514
|
-
* provider port / address changes in the registry propagate on next
|
|
515
|
-
* restart without requiring the user to re-bind. Failures here are
|
|
516
|
-
* logged but never block start: a missing required binding still surfaces
|
|
517
|
-
* via the Connections UI status badge.
|
|
518
|
-
*/
|
|
519
|
-
async function injectConnectionsRuntimeEnv(instanceId, task) {
|
|
520
|
-
try {
|
|
521
|
-
const meta = getInstance(instanceId);
|
|
522
|
-
const connections = meta?.connections;
|
|
523
|
-
if (!meta || !connections || Object.keys(connections).length === 0)
|
|
524
|
-
return;
|
|
525
|
-
const { loadCapabilitySpecForLegacyInstance } = await import("./runtime/migrations.js");
|
|
526
|
-
const spec = loadCapabilitySpecForLegacyInstance(meta);
|
|
527
|
-
if (!spec)
|
|
528
|
-
return;
|
|
529
|
-
const { resolveConnections } = await import("./connection-resolver.js");
|
|
530
|
-
const { resolved } = resolveConnections(spec, { connections }, "preCreate");
|
|
531
|
-
if (resolved.length === 0)
|
|
532
|
-
return;
|
|
533
|
-
const { RUNTIME_HOOKS } = await import("./connection-apply.js");
|
|
534
|
-
const merged = {};
|
|
535
|
-
for (const binding of resolved) {
|
|
536
|
-
const hook = RUNTIME_HOOKS[binding.category];
|
|
537
|
-
if (!hook)
|
|
538
|
-
continue;
|
|
539
|
-
Object.assign(merged, await hook(meta, binding));
|
|
540
|
-
}
|
|
541
|
-
if (Object.keys(merged).length === 0)
|
|
542
|
-
return;
|
|
543
|
-
task.Env = { ...(task.Env ?? {}), ...merged };
|
|
544
|
-
}
|
|
545
|
-
catch (e) {
|
|
546
|
-
console.warn(`[nomad] connections runtime env merge failed for ${instanceId}: ${e?.message ?? e}`);
|
|
547
|
-
}
|
|
548
|
-
}
|
|
549
|
-
async function getRunningAlloc(instanceId) {
|
|
550
|
-
const allocs = await getAllocs(instanceId);
|
|
551
|
-
if (!allocs)
|
|
552
|
-
return null;
|
|
553
|
-
for (const status of ["running", "pending"]) {
|
|
554
|
-
for (const alloc of allocs) {
|
|
555
|
-
if (alloc.ClientStatus === status)
|
|
556
|
-
return alloc;
|
|
557
|
-
}
|
|
558
|
-
}
|
|
559
|
-
return null;
|
|
560
|
-
}
|
|
561
|
-
async function getAllocs(instanceId) {
|
|
562
|
-
const jid = jobId(instanceId);
|
|
563
|
-
try {
|
|
564
|
-
const resp = await nomadGet(`/v1/job/${jid}/allocations`);
|
|
565
|
-
if (resp.status === 404)
|
|
566
|
-
return [];
|
|
567
|
-
const allocs = await resp.json();
|
|
568
|
-
return Array.isArray(allocs) ? allocs : [];
|
|
569
|
-
}
|
|
570
|
-
catch {
|
|
571
|
-
return null;
|
|
572
|
-
}
|
|
573
|
-
}
|
|
574
|
-
function latestAlloc(allocs) {
|
|
575
|
-
if (!allocs.length)
|
|
576
|
-
return null;
|
|
577
|
-
return [...allocs].sort((a, b) => ((b.ModifyIndex ?? b.CreateIndex ?? 0) - (a.ModifyIndex ?? a.CreateIndex ?? 0)))[0] ?? null;
|
|
578
|
-
}
|
|
579
|
-
// Returns true if the Nomad job exists and was NOT explicitly stopped by the user (Stop=false).
|
|
580
|
-
// Used on jishushell startup to auto-restart instances that were running before a reboot.
|
|
581
|
-
export async function shouldAutoStart(instanceId) {
|
|
582
|
-
const jid = jobId(instanceId);
|
|
583
|
-
try {
|
|
584
|
-
const resp = await nomadGet(`/v1/job/${jid}`);
|
|
585
|
-
// 404 = nomad has no record of this job. Two cases:
|
|
586
|
-
// (a) Raft was wiped — e.g. Nomad 1.11.3 → 1.6.5 auto-migration
|
|
587
|
-
// (install/jishu-install.sh:_migrate_nomad_to_target). The
|
|
588
|
-
// on-disk instance config is still present and MUST be
|
|
589
|
-
// resubmitted on the next jishushell startup, otherwise every
|
|
590
|
-
// OpenClaw instance silently disappears after the upgrade.
|
|
591
|
-
// (b) Brand-new instance created without a default LLM provider, never
|
|
592
|
-
// started via /api/instances/.../service/start. Resubmitting it
|
|
593
|
-
// here is a safe superset — the Nomad job is idempotent and the
|
|
594
|
-
// container starts whether or not a provider is configured; the
|
|
595
|
-
// user still needs to configure one to answer chat.
|
|
596
|
-
// Returning true on 404 covers (a); (b) is an accepted side effect and
|
|
597
|
-
// does not regress any user-facing behaviour.
|
|
598
|
-
if (resp.status === 404)
|
|
599
|
-
return true;
|
|
600
|
-
if (!resp.ok)
|
|
601
|
-
return false;
|
|
602
|
-
const job = await resp.json();
|
|
603
|
-
// Stop=true means user explicitly stopped it; Stop=false means it was running.
|
|
604
|
-
// Also skip dead jobs — all allocs failed, resubmitting would fail again.
|
|
605
|
-
return job.Stop === false && job.Status !== "dead";
|
|
606
|
-
}
|
|
607
|
-
catch {
|
|
608
|
-
return false;
|
|
609
|
-
}
|
|
610
|
-
}
|
|
611
|
-
export async function getStatus(instanceId) {
|
|
612
|
-
const jid = jobId(instanceId);
|
|
613
|
-
const stopped = { status: "stopped", pid: null, uptime: null, memory_mb: null, cpu_percent: null };
|
|
614
|
-
try {
|
|
615
|
-
const resp = await nomadGet(`/v1/job/${jid}`);
|
|
616
|
-
if (resp.status === 404)
|
|
617
|
-
return stopped;
|
|
618
|
-
const job = await resp.json();
|
|
619
|
-
if (job.Stop)
|
|
620
|
-
return stopped;
|
|
621
|
-
}
|
|
622
|
-
catch {
|
|
623
|
-
return { ...stopped, status: "unknown", error: "Nomad unreachable" };
|
|
624
|
-
}
|
|
625
|
-
const allocs = await getAllocs(instanceId);
|
|
626
|
-
if (allocs == null || allocs.length === 0)
|
|
627
|
-
return { ...stopped, status: "pending" };
|
|
628
|
-
const alloc = allocs.find((entry) => entry.ClientStatus === "running")
|
|
629
|
-
?? allocs.find((entry) => entry.ClientStatus === "pending")
|
|
630
|
-
?? latestAlloc(allocs);
|
|
631
|
-
if (!alloc)
|
|
632
|
-
return { ...stopped, status: "pending" };
|
|
633
|
-
const allocId = alloc.ID;
|
|
634
|
-
const result = {
|
|
635
|
-
status: alloc.ClientStatus || "unknown",
|
|
636
|
-
alloc_id: allocId,
|
|
637
|
-
pid: null,
|
|
638
|
-
uptime: null,
|
|
639
|
-
memory_mb: null,
|
|
640
|
-
cpu_percent: null,
|
|
641
|
-
restarts: 0,
|
|
642
|
-
};
|
|
643
|
-
const gwState = alloc.TaskStates?.[resolveTaskName(instanceId)] || {};
|
|
644
|
-
result.restarts = gwState.Restarts || 0;
|
|
645
|
-
const startedAt = gwState.StartedAt;
|
|
646
|
-
if (startedAt) {
|
|
647
|
-
try {
|
|
648
|
-
const start = new Date(startedAt);
|
|
649
|
-
result.uptime = Math.floor((Date.now() - start.getTime()) / 1000);
|
|
650
|
-
}
|
|
651
|
-
catch { /* ignore */ }
|
|
652
|
-
}
|
|
653
|
-
try {
|
|
654
|
-
const statsResp = await nomadGet(`/v1/client/allocation/${allocId}/stats`);
|
|
655
|
-
if (statsResp.ok) {
|
|
656
|
-
const stats = await statsResp.json();
|
|
657
|
-
// raw_exec: stats nested under Tasks.<taskName>; docker: top-level ResourceUsage
|
|
658
|
-
const tn = resolveTaskName(instanceId);
|
|
659
|
-
const taskStats = stats.Tasks?.[tn]?.ResourceUsage || stats.ResourceUsage || {};
|
|
660
|
-
const memStats = taskStats.MemoryStats || {};
|
|
661
|
-
const cpuStats = taskStats.CpuStats || {};
|
|
662
|
-
const memBytes = memStats.RSS || memStats.Usage || 0;
|
|
663
|
-
result.memory_mb = Math.round(memBytes / (1024 * 1024) * 10) / 10;
|
|
664
|
-
result.cpu_percent = Math.round((cpuStats.Percent || 0) * 10) / 10;
|
|
665
|
-
}
|
|
666
|
-
}
|
|
667
|
-
catch { /* ignore */ }
|
|
668
|
-
// Fallback: Nomad cgroup stats are often zero on cgroup v2 (e.g. Raspberry
|
|
669
|
-
// Pi / CIX). Read from the shared, cached, single-flight `docker stats`
|
|
670
|
-
// snapshot instead of forking one `docker stats` per instance — see
|
|
671
|
-
// getDockerMemSnapshot for why per-instance forking was the cold-path cost.
|
|
672
|
-
if (!result.memory_mb && allocId && /^[a-f0-9-]+$/i.test(allocId)) {
|
|
673
|
-
const containerName = `${resolveTaskName(instanceId)}-${allocId}`;
|
|
674
|
-
const stat = (await getDockerMemSnapshot()).get(containerName);
|
|
675
|
-
if (stat) {
|
|
676
|
-
if (stat.memory_mb)
|
|
677
|
-
result.memory_mb = stat.memory_mb;
|
|
678
|
-
if (!result.cpu_percent && stat.cpu_percent)
|
|
679
|
-
result.cpu_percent = stat.cpu_percent;
|
|
680
|
-
}
|
|
681
|
-
}
|
|
682
|
-
return result;
|
|
683
|
-
}
|
|
684
|
-
/** Phase 1: reject if the instance's Nomad job is already running. */
|
|
685
|
-
async function phaseRunningCheck(instanceId) {
|
|
686
|
-
const status = await getStatus(instanceId);
|
|
687
|
-
if (status.status === "running") {
|
|
688
|
-
return { ok: false, error: "Instance is already running", code: "INSTANCE_ALREADY_RUNNING" };
|
|
689
|
-
}
|
|
690
|
-
return { ok: true };
|
|
691
|
-
}
|
|
692
|
-
async function phaseResetTerminalJobBeforeStart(instanceId) {
|
|
693
|
-
const status = await getStatus(instanceId);
|
|
694
|
-
if (!["failed", "dead", "complete"].includes(String(status.status)))
|
|
695
|
-
return;
|
|
696
|
-
try {
|
|
697
|
-
const resp = await nomadDelete(`/v1/job/${jobId(instanceId)}?purge=false`);
|
|
698
|
-
if (!resp.ok && resp.status !== 404) {
|
|
699
|
-
console.warn(`[nomad] ${instanceId}: failed to stop terminal job before start (HTTP ${resp.status}): ${await resp.text()}`);
|
|
700
|
-
}
|
|
701
|
-
}
|
|
702
|
-
catch (e) {
|
|
703
|
-
console.warn(`[nomad] ${instanceId}: failed to stop terminal job before start: ${e?.message ?? e}`);
|
|
704
|
-
}
|
|
705
|
-
}
|
|
706
|
-
/**
|
|
707
|
-
* Phase 2: home-conflict check — dispatched through the adapter so
|
|
708
|
-
* framework code carries no agentType-specific knowledge. Adapters that
|
|
709
|
-
* do not share an agent-home directory across instances (e.g. Hermes,
|
|
710
|
-
* each instance owns its own bind-mount) leave the hook unset and this
|
|
711
|
-
* phase is a no-op.
|
|
712
|
-
*/
|
|
713
|
-
async function phaseHomeConflict(_instanceId, sharedHomeIds) {
|
|
714
|
-
const homeConflicts = [];
|
|
715
|
-
for (const otherId of sharedHomeIds) {
|
|
716
|
-
const otherStatus = await getStatus(otherId);
|
|
717
|
-
if (otherStatus.status === "running")
|
|
718
|
-
homeConflicts.push(otherId);
|
|
719
|
-
}
|
|
720
|
-
if (homeConflicts.length) {
|
|
721
|
-
return {
|
|
722
|
-
ok: false,
|
|
723
|
-
error: `This instance shares its agent-home directory with running instance(s): ` +
|
|
724
|
-
`${homeConflicts.join(", ")}. Move it to its own instance directory before starting it.`,
|
|
725
|
-
};
|
|
726
|
-
}
|
|
727
|
-
return { ok: true };
|
|
728
|
-
}
|
|
729
|
-
/**
|
|
730
|
-
* Phase 3: host port probe + self-heal. Returns the allocation record so
|
|
731
|
-
* the caller can surface it in the API response, or null if the desired
|
|
732
|
-
* port was already free.
|
|
733
|
-
*/
|
|
734
|
-
async function phasePortAlloc(instanceId) {
|
|
735
|
-
const desiredPort = getGatewayPort(instanceId);
|
|
736
|
-
if (!(await isPortInUse(desiredPort)))
|
|
737
|
-
return { ok: true, portAllocation: null };
|
|
738
|
-
try {
|
|
739
|
-
const re = await reallocateGatewayPort(instanceId);
|
|
740
|
-
return { ok: true, portAllocation: { from: re.from, to: re.to, reason: "host_port_busy" } };
|
|
741
|
-
}
|
|
742
|
-
catch (e) {
|
|
743
|
-
return {
|
|
744
|
-
ok: false,
|
|
745
|
-
error: `Gateway port ${desiredPort} is held by another process and reallocation failed: ${e?.message ?? e}`,
|
|
746
|
-
};
|
|
747
|
-
}
|
|
748
|
-
}
|
|
749
|
-
/**
|
|
750
|
-
* Phase 4: adapter pre-start hook — kind-specific setup (config patches,
|
|
751
|
-
* image validation, secret seeding, legacy process cleanup). A thrown
|
|
752
|
-
* error with `.building` / `.taskId` signals an async background build;
|
|
753
|
-
* we surface it to the caller so the UI can poll the task.
|
|
754
|
-
*/
|
|
755
|
-
async function phasePreStartHook(adapter, instanceId) {
|
|
756
|
-
if (!adapter.hooks?.onBeforeStart)
|
|
757
|
-
return { ok: true };
|
|
758
|
-
try {
|
|
759
|
-
await adapter.hooks.onBeforeStart({ instanceId });
|
|
760
|
-
return { ok: true };
|
|
761
|
-
}
|
|
762
|
-
catch (e) {
|
|
763
|
-
if (e && typeof e === "object" && e.building && e.taskId) {
|
|
764
|
-
return {
|
|
765
|
-
ok: false,
|
|
766
|
-
error: e.message,
|
|
767
|
-
building: true,
|
|
768
|
-
taskId: e.taskId,
|
|
769
|
-
...(typeof e.code === "string" ? { code: e.code } : {}),
|
|
770
|
-
...(typeof e.statusCode === "number" ? { statusCode: e.statusCode } : {}),
|
|
771
|
-
};
|
|
772
|
-
}
|
|
773
|
-
return {
|
|
774
|
-
ok: false,
|
|
775
|
-
error: e?.message || String(e),
|
|
776
|
-
...(typeof e?.code === "string" ? { code: e.code } : {}),
|
|
777
|
-
...(typeof e?.statusCode === "number" ? { statusCode: e.statusCode } : {}),
|
|
778
|
-
};
|
|
779
|
-
}
|
|
780
|
-
}
|
|
781
|
-
/**
|
|
782
|
-
* §17 / PR 9 — re-render adapter-managed connection config from the
|
|
783
|
-
* current capability registry before each instance start.
|
|
784
|
-
*
|
|
785
|
-
* Without this hook, env values (like `SEARCH_API_BASE_URL` =
|
|
786
|
-
* `http://<host>:<port>/search`) are frozen into the adapter's config
|
|
787
|
-
* files at PUT /connections time. When the host IP changes (DHCP
|
|
788
|
-
* renewal, pi reboot picking up a new lease, network move) or a
|
|
789
|
-
* provider gets re-deployed at a different host:port, the consumer
|
|
790
|
-
* keeps trying the stale address and search/llm/etc. silently fail.
|
|
791
|
-
*
|
|
792
|
-
* What this does on every start:
|
|
793
|
-
* 1. Read connections from instance.json
|
|
794
|
-
* 2. Re-resolve them in `runtime` mode (tolerant: ambiguous/missing
|
|
795
|
-
* becomes empty resolved instead of throwing — start should still
|
|
796
|
-
* proceed even if one binding can't be re-rendered)
|
|
797
|
-
* 3. Collect env via the same persist hooks PUT /connections uses
|
|
798
|
-
* 4. Call adapter.applyConnectionEnv with the fresh env so the
|
|
799
|
-
* adapter rewrites its config files (mcp_servers / openclaw.json /
|
|
800
|
-
* etc.) with the current address
|
|
801
|
-
*
|
|
802
|
-
* Failures here are logged but never block start: a stale config is
|
|
803
|
-
* better than no start. If something is genuinely wrong with the
|
|
804
|
-
* registry, the user will see a connection error in the UI on next
|
|
805
|
-
* use — at which point they can re-bind manually.
|
|
806
|
-
*/
|
|
807
|
-
async function phaseRefreshConnections(adapter, instanceId) {
|
|
808
|
-
if (!adapter.applyConnectionEnv)
|
|
809
|
-
return;
|
|
810
|
-
try {
|
|
811
|
-
const meta = getInstance(instanceId);
|
|
812
|
-
if (!meta)
|
|
813
|
-
return;
|
|
814
|
-
const { getApp, refreshCapabilityRegistry } = await import("./app/app-manager.js");
|
|
815
|
-
const { loadCapabilitySpecForLegacyInstance } = await import("./runtime/migrations.js");
|
|
816
|
-
const appData = getApp(instanceId);
|
|
817
|
-
const spec = appData?.spec ?? loadCapabilitySpecForLegacyInstance(meta);
|
|
818
|
-
if (!spec)
|
|
819
|
-
return;
|
|
820
|
-
await refreshCapabilityRegistry();
|
|
821
|
-
const { renderRuntimeConnectionsEnv } = await import("./connection-apply.js");
|
|
822
|
-
const env = await renderRuntimeConnectionsEnv(spec, {
|
|
823
|
-
id: instanceId,
|
|
824
|
-
connections: meta.connections,
|
|
825
|
-
});
|
|
826
|
-
if (Object.keys(env).length === 0)
|
|
827
|
-
return;
|
|
828
|
-
await adapter.applyConnectionEnv(instanceId, env);
|
|
829
|
-
}
|
|
830
|
-
catch (e) {
|
|
831
|
-
console.warn(`[nomad] connections refresh failed for ${instanceId}: ${e?.message ?? e}`);
|
|
832
|
-
}
|
|
833
|
-
}
|
|
834
|
-
/**
|
|
835
|
-
* Phase 5: submit to Nomad with a single retry on port race. Between our
|
|
836
|
-
* earlier host probe and Docker's actual bind another process could have
|
|
837
|
-
* grabbed the port; on submit failure we re-probe, reallocate once if
|
|
838
|
-
* busy, and retry. Otherwise we surface the original submit error.
|
|
839
|
-
*/
|
|
840
|
-
async function phaseSubmit(instanceId, initialAllocation) {
|
|
841
|
-
let portAllocation = initialAllocation;
|
|
842
|
-
for (let attempt = 0; attempt < 2; attempt++) {
|
|
843
|
-
const jobDef = await buildJob(instanceId);
|
|
844
|
-
let submitError = null;
|
|
845
|
-
let netErr = false;
|
|
846
|
-
try {
|
|
847
|
-
const resp = await nomadPost("/v1/jobs", jobDef);
|
|
848
|
-
if (resp.ok) {
|
|
849
|
-
const data = await resp.json();
|
|
850
|
-
return { ok: true, evalId: data.EvalID, portAllocation };
|
|
851
|
-
}
|
|
852
|
-
submitError = await resp.text();
|
|
853
|
-
}
|
|
854
|
-
catch (e) {
|
|
855
|
-
netErr = e?.message === "fetch failed" || e?.cause?.code === "ECONNREFUSED";
|
|
856
|
-
submitError = netErr ? `Nomad 服务不可达 (${getNomadAddr()}),请先启动 Nomad` : e.message;
|
|
857
|
-
}
|
|
858
|
-
if (attempt === 0 && !netErr && (await isPortInUse(getGatewayPort(instanceId)))) {
|
|
859
|
-
try {
|
|
860
|
-
const re = await reallocateGatewayPort(instanceId);
|
|
861
|
-
portAllocation = { from: re.from, to: re.to, reason: "docker_race" };
|
|
862
|
-
console.log(`[nomad] ${instanceId}: retrying after docker port race (${re.from} -> ${re.to})`);
|
|
863
|
-
continue;
|
|
864
|
-
}
|
|
865
|
-
catch { /* fall through to error return */ }
|
|
866
|
-
}
|
|
867
|
-
return { ok: false, error: submitError ?? "unknown error" };
|
|
868
|
-
}
|
|
869
|
-
return { ok: false, error: "start retry exhausted" };
|
|
870
|
-
}
|
|
871
|
-
/**
|
|
872
|
-
* §32.2 / §32.8: pure adapter dispatch. Framework owns five generic
|
|
873
|
-
* responsibilities delegated to `phase*` helpers above; every kind-
|
|
874
|
-
* specific concern lives in `adapter.hooks.onBeforeStart()`.
|
|
875
|
-
*
|
|
876
|
-
* Phase ordering:
|
|
877
|
-
* running_check → home_conflict → pre_start_hook → port_alloc → submit
|
|
878
|
-
*
|
|
879
|
-
* `pre_start_hook` intentionally runs BEFORE `port_alloc` so deterministic
|
|
880
|
-
* errors (missing config, missing image, variables-write failure) surface
|
|
881
|
-
* ahead of port-reallocation noise. A port reallocation failure after a
|
|
882
|
-
* successful hook means the environment is genuinely contended; a hook
|
|
883
|
-
* failure after a reallocation would waste the allocation and bury the
|
|
884
|
-
* real cause under an incidental port change.
|
|
885
|
-
*
|
|
886
|
-
* Error returns carry a `phase` tag so callers and logs can distinguish
|
|
887
|
-
* *where* the failure happened. The shape stays backward-compatible: old
|
|
888
|
-
* callers that only read `ok`/`error` continue to work.
|
|
889
|
-
*/
|
|
890
|
-
export async function startInstance(instanceId) {
|
|
891
|
-
const identity = resolveRuntimeIdentity(instanceId);
|
|
892
|
-
if (identity?.driver === "app-job" || identity?.driver === "local-model") {
|
|
893
|
-
const { startApp } = await import("./app/app-manager.js");
|
|
894
|
-
return startApp(instanceId);
|
|
895
|
-
}
|
|
896
|
-
const failed = (phase, rest) => {
|
|
897
|
-
console.log(`[nomad] ${instanceId}: startInstance failed at phase=${phase}: ${rest.error ?? ""}`);
|
|
898
|
-
return { ok: false, phase, ...rest };
|
|
899
|
-
};
|
|
900
|
-
const running = await phaseRunningCheck(instanceId);
|
|
901
|
-
if (!running.ok) {
|
|
902
|
-
const extra = { error: running.error };
|
|
903
|
-
if (running.code)
|
|
904
|
-
extra.code = running.code;
|
|
905
|
-
return failed("running_check", extra);
|
|
906
|
-
}
|
|
907
|
-
await phaseResetTerminalJobBeforeStart(instanceId);
|
|
908
|
-
const legacyManager = await getLegacyAppManager(instanceId);
|
|
909
|
-
if (legacyManager) {
|
|
910
|
-
const prep = await legacyManager.prepareStart(instanceId);
|
|
911
|
-
if (!prep.ok) {
|
|
912
|
-
const extra = { error: prep.error ?? "prepareStart failed" };
|
|
913
|
-
if (prep.code)
|
|
914
|
-
extra.code = prep.code;
|
|
915
|
-
if (typeof prep.statusCode === "number")
|
|
916
|
-
extra.statusCode = prep.statusCode;
|
|
917
|
-
if (prep.building)
|
|
918
|
-
extra.building = true;
|
|
919
|
-
if (prep.taskId)
|
|
920
|
-
extra.taskId = prep.taskId;
|
|
921
|
-
return failed("pre_start_hook", extra);
|
|
922
|
-
}
|
|
923
|
-
}
|
|
924
|
-
else {
|
|
925
|
-
const agentType = getInstanceAgentType(instanceId);
|
|
926
|
-
const adapter = getAdapter(agentType);
|
|
927
|
-
const home = await phaseHomeConflict(instanceId, adapter.findInstancesSharingHome?.(instanceId) ?? []);
|
|
928
|
-
if (!home.ok)
|
|
929
|
-
return failed("home_conflict", { error: home.error });
|
|
930
|
-
// PR 9 — refresh adapter-managed connection config from current
|
|
931
|
-
// capability registry before adapter pre-start. Best-effort: never
|
|
932
|
-
// blocks start (any failure is logged and we proceed with the
|
|
933
|
-
// existing on-disk config). See phaseRefreshConnections doc.
|
|
934
|
-
await phaseRefreshConnections(adapter, instanceId);
|
|
935
|
-
const hook = await phasePreStartHook(adapter, instanceId);
|
|
936
|
-
if (!hook.ok) {
|
|
937
|
-
const extra = { error: hook.error };
|
|
938
|
-
if (hook.code)
|
|
939
|
-
extra.code = hook.code;
|
|
940
|
-
if (typeof hook.statusCode === "number")
|
|
941
|
-
extra.statusCode = hook.statusCode;
|
|
942
|
-
if (hook.building)
|
|
943
|
-
extra.building = true;
|
|
944
|
-
if (hook.taskId)
|
|
945
|
-
extra.taskId = hook.taskId;
|
|
946
|
-
return failed("pre_start_hook", extra);
|
|
947
|
-
}
|
|
948
|
-
}
|
|
949
|
-
const port = await phasePortAlloc(instanceId);
|
|
950
|
-
if (!port.ok)
|
|
951
|
-
return failed("port_alloc", { error: port.error });
|
|
952
|
-
const submit = await phaseSubmit(instanceId, port.portAllocation);
|
|
953
|
-
if (!submit.ok)
|
|
954
|
-
return failed("submit", { error: submit.error });
|
|
955
|
-
await syncCapabilitiesForInstance(instanceId);
|
|
956
|
-
return {
|
|
957
|
-
ok: true,
|
|
958
|
-
eval_id: submit.evalId,
|
|
959
|
-
...(submit.portAllocation ? { port_allocation: submit.portAllocation } : {}),
|
|
960
|
-
};
|
|
961
|
-
}
|
|
962
|
-
async function syncCapabilitiesForInstance(instanceId) {
|
|
963
|
-
try {
|
|
964
|
-
const { syncCapabilitiesForApp } = await import("./app/app-manager.js");
|
|
965
|
-
await syncCapabilitiesForApp(instanceId);
|
|
966
|
-
}
|
|
967
|
-
catch (e) {
|
|
968
|
-
console.warn(`[capability-sync] sync failed for ${instanceId}: ${e?.message ?? e}`);
|
|
969
|
-
}
|
|
970
|
-
}
|
|
971
|
-
export async function stopInstance(instanceId, purge = false) {
|
|
972
|
-
const jid = jobId(instanceId);
|
|
973
|
-
try {
|
|
974
|
-
const resp = await nomadDelete(`/v1/job/${jid}?purge=${purge}`);
|
|
975
|
-
if (resp.ok) {
|
|
976
|
-
if (purge) {
|
|
977
|
-
try {
|
|
978
|
-
await purgeInstanceVariables(instanceId);
|
|
979
|
-
}
|
|
980
|
-
catch { /* ignore */ }
|
|
981
|
-
}
|
|
982
|
-
await syncCapabilitiesForInstance(instanceId);
|
|
983
|
-
return { ok: true };
|
|
984
|
-
}
|
|
985
|
-
if (resp.status === 404) {
|
|
986
|
-
await syncCapabilitiesForInstance(instanceId);
|
|
987
|
-
return { ok: false, error: "Instance is not running" };
|
|
988
|
-
}
|
|
989
|
-
return { ok: false, error: await resp.text() };
|
|
990
|
-
}
|
|
991
|
-
catch (e) {
|
|
992
|
-
const isNetErr = e?.message === "fetch failed" || e?.cause?.code === "ECONNREFUSED";
|
|
993
|
-
return { ok: false, error: isNetErr ? `Nomad 服务不可达 (${getNomadAddr()}),请先启动 Nomad` : e.message };
|
|
994
|
-
}
|
|
995
|
-
}
|
|
996
|
-
export async function restartInstance(instanceId) {
|
|
997
|
-
const stopResult = await stopInstance(instanceId);
|
|
998
|
-
if (!stopResult.ok && !stopResult.error?.includes("not running") && !stopResult.error?.includes("not found")) {
|
|
999
|
-
return stopResult;
|
|
1000
|
-
}
|
|
1001
|
-
await new Promise((r) => setTimeout(r, 2000));
|
|
1002
|
-
return startInstance(instanceId);
|
|
1003
|
-
}
|
|
1004
|
-
export async function getLogs(instanceId, lines = 200, logType = "stderr") {
|
|
1005
|
-
// Defense-in-depth: only allow known log types to prevent path/query injection
|
|
1006
|
-
if (!VALID_LOG_TYPES.has(logType))
|
|
1007
|
-
logType = "stderr";
|
|
1008
|
-
let alloc = await getRunningAlloc(instanceId);
|
|
1009
|
-
if (!alloc) {
|
|
1010
|
-
const jid = jobId(instanceId);
|
|
1011
|
-
try {
|
|
1012
|
-
const resp = await nomadGet(`/v1/job/${jid}/allocations`);
|
|
1013
|
-
if (resp.ok) {
|
|
1014
|
-
const allocs = await resp.json();
|
|
1015
|
-
if (allocs.length) {
|
|
1016
|
-
alloc = allocs.sort((a, b) => (b.CreateIndex || 0) - (a.CreateIndex || 0))[0];
|
|
1017
|
-
}
|
|
1018
|
-
}
|
|
1019
|
-
}
|
|
1020
|
-
catch { /* ignore */ }
|
|
1021
|
-
}
|
|
1022
|
-
if (!alloc)
|
|
1023
|
-
return [];
|
|
1024
|
-
const preferredTask = resolveTaskName(instanceId);
|
|
1025
|
-
const resolvedTask = alloc.TaskStates?.[preferredTask]
|
|
1026
|
-
? preferredTask
|
|
1027
|
-
: alloc.TaskStates?.gateway
|
|
1028
|
-
? "gateway"
|
|
1029
|
-
: (Object.keys(alloc.TaskStates ?? {})[0] ?? preferredTask);
|
|
1030
|
-
// Primary: Nomad log API
|
|
1031
|
-
try {
|
|
1032
|
-
const params = new URLSearchParams({
|
|
1033
|
-
task: resolvedTask,
|
|
1034
|
-
type: logType,
|
|
1035
|
-
plain: "true",
|
|
1036
|
-
origin: "end",
|
|
1037
|
-
offset: String(Math.max(lines * 512, 100000)),
|
|
1038
|
-
follow: "false",
|
|
1039
|
-
});
|
|
1040
|
-
const resp = await nomadGet(`/v1/client/fs/logs/${alloc.ID}?${params}`);
|
|
1041
|
-
if (resp.ok) {
|
|
1042
|
-
const text = await resp.text();
|
|
1043
|
-
const trimmed = text.trim();
|
|
1044
|
-
if (trimmed)
|
|
1045
|
-
return trimmed.split("\n").slice(-lines);
|
|
1046
|
-
}
|
|
1047
|
-
}
|
|
1048
|
-
catch { /* ignore */ }
|
|
1049
|
-
// Fallback: read Docker's json-file log directly so stdout/stderr can still
|
|
1050
|
-
// be separated when Nomad log collection is disabled.
|
|
1051
|
-
const dockerLogLines = await readDockerStreamLogs(`${resolvedTask}-${alloc.ID}`, lines, logType);
|
|
1052
|
-
if (dockerLogLines.length > 0)
|
|
1053
|
-
return dockerLogLines;
|
|
1054
|
-
return [];
|
|
1055
|
-
}
|
|
1056
|
-
const execFileAsync = promisify(execFileCb);
|
|
1057
|
-
const DOCKER_STATS_TTL_MS = 30_000;
|
|
1058
|
-
/** Field separator for the batched `docker stats --format` line. Exported so
|
|
1059
|
-
* tests can construct mock output without hardcoding the literal. */
|
|
1060
|
-
export const DOCKER_STATS_FIELD_SEP = "__JS__";
|
|
1061
|
-
let _dockerStatsEntry = null;
|
|
1062
|
-
let _dockerStatsInFlight = null;
|
|
1063
|
-
/** Test-only: reset the shared docker-stats snapshot so each test starts from
|
|
1064
|
-
* a cold cache (the 30s TTL + single-flight would otherwise leak one test's
|
|
1065
|
-
* mocked snapshot into the next). Not used by production code paths. */
|
|
1066
|
-
export function __resetDockerStatsCacheForTests() {
|
|
1067
|
-
_dockerStatsEntry = null;
|
|
1068
|
-
_dockerStatsInFlight = null;
|
|
1069
|
-
}
|
|
1070
|
-
function parseDockerMemUsageMb(memUsage) {
|
|
1071
|
-
// Format: "499.6MiB / 3GiB" — the used side is everything before "/".
|
|
1072
|
-
const used = (memUsage.split("/")[0] ?? "").trim();
|
|
1073
|
-
const match = used.match(/^([\d.]+)\s*(MiB|GiB|MB|GB|KiB|KB|B)?/i);
|
|
1074
|
-
if (!match)
|
|
1075
|
-
return 0;
|
|
1076
|
-
let mb = parseFloat(match[1]);
|
|
1077
|
-
if (!Number.isFinite(mb))
|
|
1078
|
-
return 0;
|
|
1079
|
-
const unit = (match[2] ?? "MiB").toLowerCase();
|
|
1080
|
-
if (unit === "gib" || unit === "gb")
|
|
1081
|
-
mb *= 1024;
|
|
1082
|
-
else if (unit === "kib" || unit === "kb")
|
|
1083
|
-
mb /= 1024;
|
|
1084
|
-
else if (unit === "b")
|
|
1085
|
-
mb /= 1024 * 1024;
|
|
1086
|
-
return Math.round(mb * 10) / 10;
|
|
1087
|
-
}
|
|
1088
|
-
async function loadDockerStatsSnapshot() {
|
|
1089
|
-
const snapshot = new Map();
|
|
1090
|
-
try {
|
|
1091
|
-
const fmt = `{{.Name}}${DOCKER_STATS_FIELD_SEP}{{.MemUsage}}${DOCKER_STATS_FIELD_SEP}{{.CPUPerc}}`;
|
|
1092
|
-
const { stdout } = await execFileAsync("docker", ["stats", "--no-stream", "--format", fmt], { timeout: 8_000 });
|
|
1093
|
-
for (const line of stdout.split("\n")) {
|
|
1094
|
-
const trimmed = line.trim();
|
|
1095
|
-
if (!trimmed)
|
|
1096
|
-
continue;
|
|
1097
|
-
const [name, memUsage, cpuPerc] = trimmed.split(DOCKER_STATS_FIELD_SEP);
|
|
1098
|
-
if (!name)
|
|
1099
|
-
continue;
|
|
1100
|
-
snapshot.set(name, {
|
|
1101
|
-
memory_mb: parseDockerMemUsageMb(memUsage ?? ""),
|
|
1102
|
-
cpu_percent: Math.round((parseFloat(cpuPerc ?? "") || 0) * 10) / 10,
|
|
1103
|
-
});
|
|
1104
|
-
}
|
|
1105
|
-
}
|
|
1106
|
-
catch {
|
|
1107
|
-
/* docker missing / timeout / daemon down → empty map, caller degrades */
|
|
1108
|
-
}
|
|
1109
|
-
return snapshot;
|
|
1110
|
-
}
|
|
1111
|
-
/**
|
|
1112
|
-
* Returns a per-container stats map, refreshing at most once per
|
|
1113
|
-
* DOCKER_STATS_TTL_MS. Concurrent callers (the `Promise.all` over every
|
|
1114
|
-
* instance in `GET /api/instances`) share a single in-flight docker call.
|
|
1115
|
-
*/
|
|
1116
|
-
async function getDockerMemSnapshot() {
|
|
1117
|
-
const now = Date.now();
|
|
1118
|
-
if (_dockerStatsEntry && now - _dockerStatsEntry.ts < DOCKER_STATS_TTL_MS) {
|
|
1119
|
-
return _dockerStatsEntry.data;
|
|
1120
|
-
}
|
|
1121
|
-
if (_dockerStatsInFlight)
|
|
1122
|
-
return _dockerStatsInFlight;
|
|
1123
|
-
_dockerStatsInFlight = loadDockerStatsSnapshot()
|
|
1124
|
-
.then((data) => {
|
|
1125
|
-
_dockerStatsEntry = { data, ts: Date.now() };
|
|
1126
|
-
return data;
|
|
1127
|
-
})
|
|
1128
|
-
.finally(() => {
|
|
1129
|
-
_dockerStatsInFlight = null;
|
|
1130
|
-
});
|
|
1131
|
-
return _dockerStatsInFlight;
|
|
1132
|
-
}
|
|
1133
|
-
export async function exec(instanceId, command, timeoutMs = 120_000) {
|
|
1134
|
-
const alloc = await getRunningAlloc(instanceId);
|
|
1135
|
-
if (!alloc || alloc.ClientStatus !== "running") {
|
|
1136
|
-
throw new Error("Instance is not running");
|
|
1137
|
-
}
|
|
1138
|
-
const allocId = alloc.ID;
|
|
1139
|
-
if (!/^[a-f0-9-]+$/i.test(allocId))
|
|
1140
|
-
throw new Error("invalid allocId");
|
|
1141
|
-
const containerName = `gateway-${allocId}`;
|
|
1142
|
-
// Use the same user as the container's main process (runtime.user uid:gid)
|
|
1143
|
-
const runtime = getInstanceRuntime(instanceId);
|
|
1144
|
-
const userFlag = resolveUidGid(runtime.user);
|
|
1145
|
-
try {
|
|
1146
|
-
const { stdout, stderr } = await execFileAsync("docker", ["exec", "--user", userFlag, containerName, ...command], { timeout: timeoutMs });
|
|
1147
|
-
return { stdout, stderr, exitCode: 0 };
|
|
1148
|
-
}
|
|
1149
|
-
catch (e) {
|
|
1150
|
-
return {
|
|
1151
|
-
stdout: e.stdout || "",
|
|
1152
|
-
stderr: e.stderr || e.message,
|
|
1153
|
-
exitCode: e.code ?? 1,
|
|
1154
|
-
};
|
|
1155
|
-
}
|
|
1156
|
-
}
|
|
1157
|
-
// ── Compatibility constants for app-type managers (src/services/app/) ───────
|
|
1158
|
-
// The cli branch kept these in-file; HEAD shrunk nomad-manager.ts to a
|
|
1159
|
-
// framework-generic layer, so the app-type managers would otherwise lose
|
|
1160
|
-
// their imports. Keep them here as the single source of truth and re-export
|
|
1161
|
-
// via the block below.
|
|
1162
|
-
export const DEFAULT_PIDS_LIMIT = 512;
|
|
1163
|
-
export const DEFAULT_ARGS = ["gateway", "run", "--port", "18789", "--allow-unconfigured"];
|
|
1164
|
-
export const DEFAULT_USER = userInfo().username;
|
|
1165
|
-
export const DEFAULT_CWD = homedir();
|
|
1166
|
-
export const DEFAULT_ENV = {
|
|
1167
|
-
HOME: homedir(),
|
|
1168
|
-
TMPDIR: "/tmp",
|
|
1169
|
-
PATH: `${homedir()}/.local/bin:${homedir()}/.npm-global/bin:${homedir()}/bin:${homedir()}/.volta/bin:`
|
|
1170
|
-
+ `${homedir()}/.asdf/shims:${homedir()}/.bun/bin:${homedir()}/.nvm/current/bin:${homedir()}/.fnm/current/bin:`
|
|
1171
|
-
+ `${homedir()}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin`,
|
|
1172
|
-
};
|
|
1173
|
-
export const DEFAULT_RESOURCES = { CPU: 500, MemoryMB: 512 };
|
|
1174
|
-
export const MAX_CPU_MHZ = 4000; // 4 GHz per task
|
|
1175
|
-
/** @deprecated Use {@link getMaxAppMemoryMB} from config.ts for the live ceiling. */
|
|
1176
|
-
export const MAX_MEMORY_MB = 4096; // 4 GB fallback — overridden by core.json max_app_memory_mb
|
|
1177
|
-
/** @deprecated Use {@link getMaxAppMemoryMB} from config.ts for the live ceiling. */
|
|
1178
|
-
export const MAX_MEMORY_MAX_MB = 4096; // 4 GB fallback — overridden by core.json max_app_memory_mb
|
|
1179
|
-
/**
|
|
1180
|
-
* Clamp container memory reservation/limit to the framework ceilings and
|
|
1181
|
-
* ensure `MemoryMaxMB >= MemoryMB`. Shared by every container-runtime app
|
|
1182
|
-
* manager (openclaw / custom / ollama / hermes) so they apply the same
|
|
1183
|
-
* guard-rails before handing a task spec to Nomad.
|
|
1184
|
-
*/
|
|
1185
|
-
export function normalizeDockerResources(instanceId, runtime) {
|
|
1186
|
-
const ceiling = config.getMaxAppMemoryMB();
|
|
1187
|
-
const requestedMemoryMB = Number(runtime.resources?.MemoryMB ?? DEFAULT_RESOURCES.MemoryMB);
|
|
1188
|
-
let effectiveMemoryMB = Math.min(requestedMemoryMB, ceiling);
|
|
1189
|
-
let effectiveMemoryMaxMB = Math.min(Number(runtime.resources?.MemoryMaxMB ?? requestedMemoryMB), ceiling);
|
|
1190
|
-
if (effectiveMemoryMaxMB < effectiveMemoryMB) {
|
|
1191
|
-
console.warn(`[nomad] ${instanceId}: MemoryMaxMB (${effectiveMemoryMaxMB}) is below MemoryMB (${effectiveMemoryMB}); clamping max to reservation.`);
|
|
1192
|
-
effectiveMemoryMaxMB = effectiveMemoryMB;
|
|
1193
|
-
}
|
|
1194
|
-
return {
|
|
1195
|
-
...(runtime.resources ?? {}),
|
|
1196
|
-
MemoryMB: effectiveMemoryMB,
|
|
1197
|
-
MemoryMaxMB: effectiveMemoryMaxMB,
|
|
1198
|
-
};
|
|
1199
|
-
}
|
|
1200
|
-
// ── Compatibility re-exports for app-type managers ─────────────────────────
|
|
1201
|
-
// `jobId`/`resolveUidGid`/`nomadGet`/`nomadPut`/`assertSafeTemplateId` are
|
|
1202
|
-
// internal helpers defined elsewhere in this file; re-exporting them keeps
|
|
1203
|
-
// cli-branch imports (`../nomad-manager.js`) working.
|
|
1204
|
-
export { jobId, resolveUidGid, nomadGet, nomadPut, assertSafeTemplateId, };
|
|
1205
|
-
const instanceScheduler = {
|
|
1206
|
-
getStatus,
|
|
1207
|
-
startInstance,
|
|
1208
|
-
stopInstance,
|
|
1209
|
-
restartInstance,
|
|
1210
|
-
getLogs,
|
|
1211
|
-
exec,
|
|
1212
|
-
};
|
|
1213
|
-
var UnifiedNomadJobs;
|
|
1214
|
-
(function (UnifiedNomadJobs) {
|
|
1215
|
-
// ── Constants ─────────────────────────────────────────────────────────────
|
|
1216
|
-
const OPENCLAW_PREFIX = "openclaw-";
|
|
1217
|
-
// Docker image names must match this pattern to prevent command injection.
|
|
1218
|
-
UnifiedNomadJobs.DOCKER_IMAGE_RE = /^[a-zA-Z0-9][a-zA-Z0-9\-_.:/@]*$/;
|
|
1219
|
-
UnifiedNomadJobs.MAX_DOCKER_IMAGE_NAME_LEN = 256;
|
|
1220
|
-
UnifiedNomadJobs.VALID_LOG_TYPES = new Set(["stdout", "stderr"]);
|
|
1221
|
-
// Nomad Template metacharacters that must not appear in values interpolated
|
|
1222
|
-
// into EmbeddedTmpl strings.
|
|
1223
|
-
UnifiedNomadJobs.NOMAD_TEMPLATE_UNSAFE_RE = /[{}"\\]/;
|
|
1224
|
-
const DEFAULT_CPU_MHZ = 500;
|
|
1225
|
-
const DEFAULT_MEMORY_MB = 512;
|
|
1226
|
-
// Hard upper bounds: prevents misconfigured specs from exhausting scheduler resources.
|
|
1227
|
-
const MAX_CPU_MHZ = 4000; // 4 GHz
|
|
1228
|
-
// Memory ceilings read from core.json at runtime via config.getMaxAppMemoryMB().
|
|
1229
|
-
const DEFAULT_PIDS_LIMIT = 512;
|
|
1230
|
-
const NOMAD_CONFIG_PATH = join(JISHUSHELL_HOME, "nomad", "nomad.hcl");
|
|
1231
|
-
const _DEFAULT_CWD = homedir();
|
|
1232
|
-
function appDirForId(appId) {
|
|
1233
|
-
return join(APPS_DIR, appId);
|
|
1234
|
-
}
|
|
1235
|
-
function isAppJob(id) {
|
|
1236
|
-
const identity = resolveRuntimeIdentity(id);
|
|
1237
|
-
if (identity)
|
|
1238
|
-
return identity.driver === "app-job";
|
|
1239
|
-
const dir = appDirForId(id);
|
|
1240
|
-
if (existsSync(join(dir, "manifest.json")) || existsSync(join(dir, "app-spec.yaml"))) {
|
|
1241
|
-
return true;
|
|
1242
|
-
}
|
|
1243
|
-
if (id.startsWith(OPENCLAW_PREFIX))
|
|
1244
|
-
return false;
|
|
1245
|
-
return false;
|
|
1246
|
-
}
|
|
1247
|
-
UnifiedNomadJobs.isAppJob = isAppJob;
|
|
1248
|
-
function resolveAppDir(appId) {
|
|
1249
|
-
const dir = appDirForId(appId);
|
|
1250
|
-
if (existsSync(join(dir, "manifest.json")) || existsSync(join(dir, "app-spec.yaml"))) {
|
|
1251
|
-
return dir;
|
|
1252
|
-
}
|
|
1253
|
-
return null;
|
|
1254
|
-
}
|
|
1255
|
-
// ── Job ID ────────────────────────────────────────────────────────────────
|
|
1256
|
-
function jobId(appId) {
|
|
1257
|
-
return appId;
|
|
1258
|
-
}
|
|
1259
|
-
function assertSafeTemplateId(id) {
|
|
1260
|
-
if (UnifiedNomadJobs.NOMAD_TEMPLATE_UNSAFE_RE.test(id)) {
|
|
1261
|
-
throw new Error(`Job ID "${id}" contains characters unsafe for Nomad Template interpolation`);
|
|
1262
|
-
}
|
|
1263
|
-
}
|
|
1264
|
-
// ── Nomad HTTP helpers ────────────────────────────────────────────────────
|
|
1265
|
-
function nomadAuthHeaders() {
|
|
1266
|
-
const token = getNomadToken();
|
|
1267
|
-
return token ? { "X-Nomad-Token": token } : {};
|
|
1268
|
-
}
|
|
1269
|
-
async function nomadGet(path) {
|
|
1270
|
-
const resp = await fetch(`${getNomadAddr()}${path}`, {
|
|
1271
|
-
headers: nomadAuthHeaders(),
|
|
1272
|
-
signal: AbortSignal.timeout(10_000),
|
|
1273
|
-
});
|
|
1274
|
-
if (!resp.ok && resp.status !== 404) {
|
|
1275
|
-
throw new Error(`Nomad GET ${path}: HTTP ${resp.status}`);
|
|
1276
|
-
}
|
|
1277
|
-
return resp;
|
|
1278
|
-
}
|
|
1279
|
-
async function nomadPost(path, body) {
|
|
1280
|
-
return fetch(`${getNomadAddr()}${path}`, {
|
|
1281
|
-
method: "POST",
|
|
1282
|
-
headers: { "Content-Type": "application/json", ...nomadAuthHeaders() },
|
|
1283
|
-
body: JSON.stringify(body),
|
|
1284
|
-
signal: AbortSignal.timeout(10_000),
|
|
1285
|
-
});
|
|
1286
|
-
}
|
|
1287
|
-
async function nomadPut(path, body) {
|
|
1288
|
-
return fetch(`${getNomadAddr()}${path}`, {
|
|
1289
|
-
method: "PUT",
|
|
1290
|
-
headers: { "Content-Type": "application/json", ...nomadAuthHeaders() },
|
|
1291
|
-
body: JSON.stringify(body),
|
|
1292
|
-
signal: AbortSignal.timeout(10_000),
|
|
1293
|
-
});
|
|
1294
|
-
}
|
|
1295
|
-
async function nomadDelete(path) {
|
|
1296
|
-
return fetch(`${getNomadAddr()}${path}`, {
|
|
1297
|
-
method: "DELETE",
|
|
1298
|
-
headers: nomadAuthHeaders(),
|
|
1299
|
-
signal: AbortSignal.timeout(10_000),
|
|
1300
|
-
});
|
|
1301
|
-
}
|
|
1302
|
-
async function listNomadNodes() {
|
|
1303
|
-
try {
|
|
1304
|
-
const resp = await nomadGet("/v1/nodes");
|
|
1305
|
-
if (!resp.ok)
|
|
1306
|
-
return [];
|
|
1307
|
-
const nodes = await resp.json();
|
|
1308
|
-
return Array.isArray(nodes) ? nodes : [];
|
|
1309
|
-
}
|
|
1310
|
-
catch {
|
|
1311
|
-
return [];
|
|
1312
|
-
}
|
|
1313
|
-
}
|
|
1314
|
-
function isSchedulableNode(node) {
|
|
1315
|
-
return (node.Status ?? "ready") === "ready"
|
|
1316
|
-
&& (node.SchedulingEligibility ?? "eligible") === "eligible";
|
|
1317
|
-
}
|
|
1318
|
-
function rawExecDriverHealthy(node) {
|
|
1319
|
-
const driver = node.Drivers?.raw_exec;
|
|
1320
|
-
return driver?.Detected === true && driver?.Healthy === true;
|
|
1321
|
-
}
|
|
1322
|
-
function rawExecRestartHint() {
|
|
1323
|
-
if (process.platform === "linux")
|
|
1324
|
-
return "sudo systemctl restart nomad";
|
|
1325
|
-
if (process.platform === "darwin")
|
|
1326
|
-
return "重启 Nomad launchd agent";
|
|
1327
|
-
return "重启 Nomad 服务";
|
|
1328
|
-
}
|
|
1329
|
-
function nomadConfigEnablesRawExec() {
|
|
1330
|
-
try {
|
|
1331
|
-
const config = readFileSync(NOMAD_CONFIG_PATH, "utf-8");
|
|
1332
|
-
return /plugin\s+"raw_exec"\s*\{[\s\S]*?enabled\s*=\s*true\b/.test(config);
|
|
1333
|
-
}
|
|
1334
|
-
catch {
|
|
1335
|
-
return false;
|
|
1336
|
-
}
|
|
1337
|
-
}
|
|
1338
|
-
async function validateRawExecDriverAvailability() {
|
|
1339
|
-
const nodes = (await listNomadNodes()).filter(isSchedulableNode);
|
|
1340
|
-
if (nodes.length === 0)
|
|
1341
|
-
return null;
|
|
1342
|
-
if (nodes.some(rawExecDriverHealthy))
|
|
1343
|
-
return null;
|
|
1344
|
-
const detail = nodes
|
|
1345
|
-
.map((node) => {
|
|
1346
|
-
const driver = node.Drivers?.raw_exec;
|
|
1347
|
-
const name = String(node.Name ?? node.ID ?? "unknown-node");
|
|
1348
|
-
const description = String(driver?.HealthDescription
|
|
1349
|
-
?? (driver?.Detected === false ? "disabled" : "unavailable"));
|
|
1350
|
-
return `${name}: ${description}`;
|
|
1351
|
-
})
|
|
1352
|
-
.join("; ");
|
|
1353
|
-
if (nomadConfigEnablesRawExec()) {
|
|
1354
|
-
return `Nomad client 当前未启用 raw_exec driver(${detail})。磁盘配置已启用 raw_exec,但运行中的 Nomad 仍在使用旧配置;请先执行 ${rawExecRestartHint()} 后重试。`;
|
|
1355
|
-
}
|
|
1356
|
-
return `Nomad client 当前未启用 raw_exec driver(${detail})。请先在 Nomad 配置中启用 plugin \"raw_exec\" { config { enabled = true } },然后重启 Nomad。`;
|
|
1357
|
-
}
|
|
1358
|
-
function allocTimestamp(alloc) {
|
|
1359
|
-
const raw = alloc.ModifyTime ?? alloc.CreateTime ?? alloc.CreateIndex ?? 0;
|
|
1360
|
-
return typeof raw === "number" ? raw : Number(raw) || 0;
|
|
1361
|
-
}
|
|
1362
|
-
// ── Resource unit parsers ─────────────────────────────────────────────────
|
|
1363
|
-
/**
|
|
1364
|
-
* Parse a CPU resource string to Nomad MHz integer.
|
|
1365
|
-
* "500m" → 500 (millicores treated as MHz for simplicity)
|
|
1366
|
-
* "1" → 1000 (1 core → 1000 MHz)
|
|
1367
|
-
* "1000" → 1000 (bare integer treated as MHz already)
|
|
1368
|
-
*
|
|
1369
|
-
* Nomad doesn't have a concept of "cores"; it schedules by MHz.
|
|
1370
|
-
* We treat 1 core = 1000 MHz as a reasonable proxy for a Pi-class host.
|
|
1371
|
-
*/
|
|
1372
|
-
function parseCpuMHz(cpu) {
|
|
1373
|
-
if (cpu == null)
|
|
1374
|
-
return DEFAULT_CPU_MHZ;
|
|
1375
|
-
const s = String(cpu).trim();
|
|
1376
|
-
if (s.endsWith("m")) {
|
|
1377
|
-
// millicores (K8s-style): "500m" → 500 MHz
|
|
1378
|
-
const val = parseFloat(s.slice(0, -1));
|
|
1379
|
-
return isNaN(val) ? DEFAULT_CPU_MHZ : Math.max(1, Math.min(Math.round(val), MAX_CPU_MHZ));
|
|
1380
|
-
}
|
|
1381
|
-
const val = parseFloat(s);
|
|
1382
|
-
if (isNaN(val))
|
|
1383
|
-
return DEFAULT_CPU_MHZ;
|
|
1384
|
-
// Bare integer ≤ 16 likely means "cores" (e.g. "1", "2"); convert to MHz.
|
|
1385
|
-
// Bare integer > 16 likely already MHz.
|
|
1386
|
-
const mhz = val <= 16 ? Math.round(val * 1000) : Math.round(val);
|
|
1387
|
-
return Math.max(1, Math.min(mhz, MAX_CPU_MHZ));
|
|
1388
|
-
}
|
|
1389
|
-
UnifiedNomadJobs.parseCpuMHz = parseCpuMHz;
|
|
1390
|
-
/**
|
|
1391
|
-
* Parse a memory resource string to Nomad MB integer.
|
|
1392
|
-
* "512Mi" or "512MiB" → 512 MB
|
|
1393
|
-
* "1Gi" or "1GiB" → 1024 MB
|
|
1394
|
-
* "512M" or "512MB" → 512 MB
|
|
1395
|
-
* "1G" or "1GB" → 1024 MB
|
|
1396
|
-
* "1024" → 1024 MB (bare integer = MB)
|
|
1397
|
-
*/
|
|
1398
|
-
function parseMemoryMB(memory) {
|
|
1399
|
-
if (memory == null)
|
|
1400
|
-
return DEFAULT_MEMORY_MB;
|
|
1401
|
-
const s = String(memory).trim();
|
|
1402
|
-
const match = s.match(/^([\d.]+)\s*(gi|gib|g|gb|mi|mib|m|mb|ki|kib|k|kb)?$/i);
|
|
1403
|
-
if (!match)
|
|
1404
|
-
return DEFAULT_MEMORY_MB;
|
|
1405
|
-
const val = parseFloat(match[1]);
|
|
1406
|
-
if (isNaN(val))
|
|
1407
|
-
return DEFAULT_MEMORY_MB;
|
|
1408
|
-
const unit = (match[2] || "").toLowerCase();
|
|
1409
|
-
let mb;
|
|
1410
|
-
if (unit === "gi" || unit === "gib" || unit === "g" || unit === "gb") {
|
|
1411
|
-
mb = Math.round(val * 1024);
|
|
1412
|
-
}
|
|
1413
|
-
else if (unit === "ki" || unit === "kib" || unit === "k" || unit === "kb") {
|
|
1414
|
-
mb = Math.round(val / 1024);
|
|
1415
|
-
}
|
|
1416
|
-
else {
|
|
1417
|
-
// "mi"/"mib"/"m"/"mb" or bare integer
|
|
1418
|
-
mb = Math.round(val);
|
|
1419
|
-
}
|
|
1420
|
-
return Math.max(1, Math.min(mb, config.getMaxAppMemoryMB()));
|
|
1421
|
-
}
|
|
1422
|
-
UnifiedNomadJobs.parseMemoryMB = parseMemoryMB;
|
|
1423
|
-
// ── Interval parser ───────────────────────────────────────────────────────
|
|
1424
|
-
function parseIntervalNs(s, defaultNs) {
|
|
1425
|
-
if (!s)
|
|
1426
|
-
return defaultNs;
|
|
1427
|
-
if (s.endsWith("ms"))
|
|
1428
|
-
return parseInt(s, 10) * 1_000_000;
|
|
1429
|
-
if (s.endsWith("s"))
|
|
1430
|
-
return parseInt(s, 10) * 1_000_000_000;
|
|
1431
|
-
if (s.endsWith("m"))
|
|
1432
|
-
return parseInt(s, 10) * 60_000_000_000;
|
|
1433
|
-
return parseInt(s, 10) * 1_000_000_000;
|
|
1434
|
-
}
|
|
1435
|
-
function portLabel(taskName, portName) {
|
|
1436
|
-
const sanitize = (value) => value.replace(/[^a-zA-Z0-9_-]/g, "-");
|
|
1437
|
-
return `${sanitize(taskName)}-${sanitize(portName)}`;
|
|
1438
|
-
}
|
|
1439
|
-
function nomadConfigDeclaresHostNetwork(name) {
|
|
1440
|
-
if (!existsSync(NOMAD_CONFIG_PATH))
|
|
1441
|
-
return false;
|
|
1442
|
-
try {
|
|
1443
|
-
const config = readFileSync(NOMAD_CONFIG_PATH, "utf-8");
|
|
1444
|
-
const escaped = name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
|
|
1445
|
-
return new RegExp(`host_network\\s+"${escaped}"\\s*\\{`).test(config);
|
|
1446
|
-
}
|
|
1447
|
-
catch {
|
|
1448
|
-
return false;
|
|
1449
|
-
}
|
|
1450
|
-
}
|
|
1451
|
-
function requiredHostNetworkForPort(port) {
|
|
1452
|
-
if ((port.visibility ?? "external") === "internal")
|
|
1453
|
-
return null;
|
|
1454
|
-
const requested = (port.host_network ?? "").trim();
|
|
1455
|
-
return requested || "external";
|
|
1456
|
-
}
|
|
1457
|
-
function hostNetworkForPort(port) {
|
|
1458
|
-
if ((port.visibility ?? "external") === "internal")
|
|
1459
|
-
return undefined;
|
|
1460
|
-
// Honor explicit host_network from spec (e.g. weknora's ports declare
|
|
1461
|
-
// `host_network: docker_bridge` so peer tasks reach the published port
|
|
1462
|
-
// via host.docker.internal). Verify the named network is actually
|
|
1463
|
-
// declared in nomad.hcl — otherwise validation rejects the start before
|
|
1464
|
-
// job submission. Falls back to "external" only when no explicit
|
|
1465
|
-
// host_network was requested.
|
|
1466
|
-
const requested = (port.host_network ?? "").trim();
|
|
1467
|
-
if (requested)
|
|
1468
|
-
return nomadConfigDeclaresHostNetwork(requested) ? requested : undefined;
|
|
1469
|
-
return nomadConfigDeclaresHostNetwork("external") ? "external" : undefined;
|
|
1470
|
-
}
|
|
1471
|
-
function requiredHostNetworksForPorts(ports) {
|
|
1472
|
-
const required = new Set();
|
|
1473
|
-
for (const port of ports) {
|
|
1474
|
-
const network = requiredHostNetworkForPort(port);
|
|
1475
|
-
if (network)
|
|
1476
|
-
required.add(network);
|
|
1477
|
-
}
|
|
1478
|
-
return required;
|
|
1479
|
-
}
|
|
1480
|
-
async function validateNomadPortHostNetworks(ports) {
|
|
1481
|
-
const requiredNetworks = requiredHostNetworksForPorts(ports);
|
|
1482
|
-
if (requiredNetworks.size === 0)
|
|
1483
|
-
return null;
|
|
1484
|
-
for (const network of requiredNetworks) {
|
|
1485
|
-
if (!nomadConfigDeclaresHostNetwork(network)) {
|
|
1486
|
-
return `Nomad 配置缺少 host_network "${network}"。请重新运行/修复 JishuShell 设置并重启 Nomad,再启动该应用。`;
|
|
1487
|
-
}
|
|
1488
|
-
}
|
|
1489
|
-
try {
|
|
1490
|
-
const resp = await nomadGet("/v1/agent/self");
|
|
1491
|
-
if (!resp.ok)
|
|
1492
|
-
return null;
|
|
1493
|
-
const self = await resp.json();
|
|
1494
|
-
const hostNetworks = Array.isArray(self?.config?.Client?.HostNetworks)
|
|
1495
|
-
? self.config.Client.HostNetworks
|
|
1496
|
-
: [];
|
|
1497
|
-
const loadedNetworks = new Set(hostNetworks
|
|
1498
|
-
.map((network) => String(network?.Name ?? "").trim())
|
|
1499
|
-
.filter(Boolean));
|
|
1500
|
-
for (const network of requiredNetworks) {
|
|
1501
|
-
if (!loadedNetworks.has(network)) {
|
|
1502
|
-
return `Nomad 运行中的 agent 尚未加载 host_network "${network}"。请先重启 Nomad,再启动该应用。`;
|
|
1503
|
-
}
|
|
1504
|
-
}
|
|
1505
|
-
}
|
|
1506
|
-
catch {
|
|
1507
|
-
// Let the later job submission path report Nomad unreachable when needed.
|
|
1508
|
-
}
|
|
1509
|
-
return null;
|
|
1510
|
-
}
|
|
1511
|
-
UnifiedNomadJobs.validateNomadPortHostNetworks = validateNomadPortHostNetworks;
|
|
1512
|
-
async function validateRequiredHostNetworks(spec) {
|
|
1513
|
-
return validateNomadPortHostNetworks(spec.tasks.flatMap((task) => task.ports ?? []));
|
|
1514
|
-
}
|
|
1515
|
-
function buildNomadReservedPort(input) {
|
|
1516
|
-
const hostNetwork = hostNetworkForPort(input);
|
|
1517
|
-
return {
|
|
1518
|
-
Label: input.label,
|
|
1519
|
-
Value: input.value,
|
|
1520
|
-
...(input.to != null ? { To: input.to } : {}),
|
|
1521
|
-
...(hostNetwork ? { HostNetwork: hostNetwork } : {}),
|
|
1522
|
-
};
|
|
1523
|
-
}
|
|
1524
|
-
UnifiedNomadJobs.buildNomadReservedPort = buildNomadReservedPort;
|
|
1525
|
-
function reservedPortsForTask(task) {
|
|
1526
|
-
// visibility=internal ports are intra-group only (e.g. SearXNG sidecar
|
|
1527
|
-
// reachable from the gateway task via 127.0.0.1 inside the bridge
|
|
1528
|
-
// network namespace). Reserving them on the host would occupy a host
|
|
1529
|
-
// port slot AND, combined with docker publishing below, expose the
|
|
1530
|
-
// endpoint externally. Skip them entirely — they stay inside the task
|
|
1531
|
-
// group's network namespace.
|
|
1532
|
-
// Attach the named host_network for any externally-visible port —
|
|
1533
|
-
// including container tasks. Without it, Nomad falls back to
|
|
1534
|
-
// HostNetwork="default" (loopback) and the docker driver publishes
|
|
1535
|
-
// to 127.0.0.1, breaking cross-container consumers. The earlier
|
|
1536
|
-
// restriction to non-container tasks was overcautious: our task
|
|
1537
|
-
// groups use host networking (Mode: "") rather than Nomad bridge
|
|
1538
|
-
// mode, so attaching host_network is safe.
|
|
1539
|
-
return (task.ports ?? [])
|
|
1540
|
-
.filter((port) => (port.visibility ?? "external") !== "internal")
|
|
1541
|
-
.map((port) => buildNomadReservedPort({
|
|
1542
|
-
label: portLabel(task.name, port.name),
|
|
1543
|
-
value: port.host_port ?? port.port,
|
|
1544
|
-
...(task.runtime === "container" ? { to: port.container_port ?? port.port } : {}),
|
|
1545
|
-
visibility: port.visibility,
|
|
1546
|
-
host_network: port.host_network,
|
|
1547
|
-
}));
|
|
1548
|
-
}
|
|
1549
|
-
function isExternalAppTaskPort(port) {
|
|
1550
|
-
return (port.visibility ?? "external") !== "internal";
|
|
1551
|
-
}
|
|
1552
|
-
function readDeclaredHostPort(port) {
|
|
1553
|
-
const candidate = port.host_port ?? port.port;
|
|
1554
|
-
return Number.isInteger(candidate) && candidate > 0 ? candidate : null;
|
|
1555
|
-
}
|
|
1556
|
-
function applyPersistedAppSpecPortOverrides(appId, spec) {
|
|
1557
|
-
const meta = getInstance(appId);
|
|
1558
|
-
if (!meta)
|
|
1559
|
-
return spec;
|
|
1560
|
-
const runtime = getInstanceRuntime(appId);
|
|
1561
|
-
const runtimePorts = Array.isArray(runtime.ports) ? runtime.ports : [];
|
|
1562
|
-
const persistedGatewayPort = extractGatewayPort(runtime, resolveAgentType(meta));
|
|
1563
|
-
const totalExternalPorts = spec.tasks.reduce((count, task) => count + (task.ports ?? []).filter((port) => isExternalAppTaskPort(port)).length, 0);
|
|
1564
|
-
let changed = false;
|
|
1565
|
-
const tasks = spec.tasks.map((task) => {
|
|
1566
|
-
if (!Array.isArray(task.ports) || task.ports.length === 0)
|
|
1567
|
-
return task;
|
|
1568
|
-
let taskChanged = false;
|
|
1569
|
-
const ports = task.ports.map((port) => {
|
|
1570
|
-
if (!isExternalAppTaskPort(port))
|
|
1571
|
-
return port;
|
|
1572
|
-
const currentHostPort = readDeclaredHostPort(port);
|
|
1573
|
-
if (!currentHostPort)
|
|
1574
|
-
return port;
|
|
1575
|
-
let nextHostPort = null;
|
|
1576
|
-
// Scope the runtime-port match to BOTH the owning task AND the port name.
|
|
1577
|
-
// Multi-service-task apps (e.g. WeKnora's `app` + `ui`, both with a port
|
|
1578
|
-
// named "http") record every external port tagged with its taskName; a
|
|
1579
|
-
// name-only match would rewrite the `ui` task's host port to the `app`
|
|
1580
|
-
// task's allocation and collide them. Tolerate legacy runtime records
|
|
1581
|
-
// that predate the taskName tag by allowing an untagged name match.
|
|
1582
|
-
const namedRuntimePort = typeof port.name === "string" && port.name
|
|
1583
|
-
? (runtimePorts.find((candidate) => candidate?.taskName === task.name
|
|
1584
|
-
&& candidate?.name === port.name
|
|
1585
|
-
&& Number.isInteger(candidate?.hostPort)
|
|
1586
|
-
&& candidate.hostPort > 0)
|
|
1587
|
-
?? runtimePorts.find((candidate) => candidate?.taskName === undefined
|
|
1588
|
-
&& candidate?.name === port.name
|
|
1589
|
-
&& Number.isInteger(candidate?.hostPort)
|
|
1590
|
-
&& candidate.hostPort > 0))
|
|
1591
|
-
: null;
|
|
1592
|
-
if (namedRuntimePort) {
|
|
1593
|
-
nextHostPort = namedRuntimePort.hostPort;
|
|
1594
|
-
}
|
|
1595
|
-
else if (runtimePorts.length === 1
|
|
1596
|
-
&& totalExternalPorts === 1
|
|
1597
|
-
&& Number.isInteger(runtimePorts[0]?.hostPort)
|
|
1598
|
-
&& runtimePorts[0].hostPort > 0) {
|
|
1599
|
-
nextHostPort = runtimePorts[0].hostPort;
|
|
1600
|
-
}
|
|
1601
|
-
else if (totalExternalPorts === 1
|
|
1602
|
-
&& persistedGatewayPort != null
|
|
1603
|
-
&& persistedGatewayPort > 0) {
|
|
1604
|
-
nextHostPort = persistedGatewayPort;
|
|
1605
|
-
}
|
|
1606
|
-
if (!nextHostPort || nextHostPort === currentHostPort)
|
|
1607
|
-
return port;
|
|
1608
|
-
changed = true;
|
|
1609
|
-
taskChanged = true;
|
|
1610
|
-
return { ...port, host_port: nextHostPort };
|
|
1611
|
-
});
|
|
1612
|
-
return taskChanged ? { ...task, ports } : task;
|
|
1613
|
-
});
|
|
1614
|
-
return changed ? { ...spec, tasks } : spec;
|
|
1615
|
-
}
|
|
1616
|
-
async function maybeReallocateAppSpecHostPort(appId, spec, reason) {
|
|
1617
|
-
if (!getInstance(appId))
|
|
1618
|
-
return { spec, changed: false };
|
|
1619
|
-
const effectiveSpec = applyPersistedAppSpecPortOverrides(appId, spec);
|
|
1620
|
-
const currentGatewayPort = getGatewayPort(appId);
|
|
1621
|
-
if (!Number.isInteger(currentGatewayPort) || currentGatewayPort <= 0) {
|
|
1622
|
-
return { spec: effectiveSpec, changed: false };
|
|
1623
|
-
}
|
|
1624
|
-
const declaredPorts = effectiveSpec.tasks.flatMap((task) => (task.ports ?? [])
|
|
1625
|
-
.filter((port) => isExternalAppTaskPort(port))
|
|
1626
|
-
.map((port) => readDeclaredHostPort(port))
|
|
1627
|
-
.filter((port) => port != null));
|
|
1628
|
-
if (!declaredPorts.includes(currentGatewayPort)) {
|
|
1629
|
-
return { spec: effectiveSpec, changed: false };
|
|
1630
|
-
}
|
|
1631
|
-
if (!(await isPortInUse(currentGatewayPort))) {
|
|
1632
|
-
return { spec: effectiveSpec, changed: false };
|
|
1633
|
-
}
|
|
1634
|
-
try {
|
|
1635
|
-
const reallocation = await reallocateGatewayPort(appId);
|
|
1636
|
-
console.log(`[nomad] ${appId}: reallocated AppSpec host port ${reallocation.from} -> ${reallocation.to} (${reason})`);
|
|
1637
|
-
return {
|
|
1638
|
-
spec: applyPersistedAppSpecPortOverrides(appId, spec),
|
|
1639
|
-
changed: true,
|
|
1640
|
-
};
|
|
1641
|
-
}
|
|
1642
|
-
catch (e) {
|
|
1643
|
-
return {
|
|
1644
|
-
spec: effectiveSpec,
|
|
1645
|
-
changed: false,
|
|
1646
|
-
error: `AppSpec host port ${currentGatewayPort} is held by another process and reallocation failed: ${e?.message ?? e}`,
|
|
1647
|
-
};
|
|
1648
|
-
}
|
|
1649
|
-
}
|
|
1650
|
-
// ── Health check → Nomad service check builder ────────────────────────────
|
|
1651
|
-
function buildServiceCheck(task, appId) {
|
|
1652
|
-
const health = task.health;
|
|
1653
|
-
if (!health?.http)
|
|
1654
|
-
return null;
|
|
1655
|
-
const portEntry = task.ports?.find((p) => p.port === health.http.port
|
|
1656
|
-
|| p.host_port === health.http.port
|
|
1657
|
-
|| p.container_port === health.http.port);
|
|
1658
|
-
if (!portEntry)
|
|
1659
|
-
return null;
|
|
1660
|
-
// Internal ports are not reserved on host (see reservedPortsForTask),
|
|
1661
|
-
// so a host-mode Nomad service check would reference an unknown port
|
|
1662
|
-
// label. Skip the task-level health check; intra-group readiness for
|
|
1663
|
-
// sidecars falls through to the `after:` ordering once that lands.
|
|
1664
|
-
if ((portEntry.visibility ?? "external") === "internal")
|
|
1665
|
-
return null;
|
|
1666
|
-
const checkPortLabel = portLabel(task.name, portEntry.name);
|
|
1667
|
-
// Task-level checks cannot use address_mode="alloc". raw_exec tasks also do
|
|
1668
|
-
// not create an allocation network namespace, so host mode is the valid
|
|
1669
|
-
// Nomad-compatible choice here.
|
|
1670
|
-
const checkAddressMode = "host";
|
|
1671
|
-
const check = {
|
|
1672
|
-
Name: `${task.name}-health`,
|
|
1673
|
-
Type: "http",
|
|
1674
|
-
Path: health.http.path,
|
|
1675
|
-
PortLabel: checkPortLabel,
|
|
1676
|
-
AddressMode: checkAddressMode,
|
|
1677
|
-
Header: {
|
|
1678
|
-
"X-Real-IP": ["127.0.0.1"],
|
|
1679
|
-
},
|
|
1680
|
-
Interval: parseIntervalNs(health.interval, 15_000_000_000),
|
|
1681
|
-
Timeout: parseIntervalNs(health.timeout, 5_000_000_000),
|
|
1682
|
-
};
|
|
1683
|
-
if (health.retries != null || health.start_period) {
|
|
1684
|
-
check.CheckRestart = {
|
|
1685
|
-
Limit: health.retries ?? 3,
|
|
1686
|
-
Grace: health.start_period ? parseIntervalNs(health.start_period, 0) : 0,
|
|
1687
|
-
IgnoreWarnings: false,
|
|
1688
|
-
};
|
|
1689
|
-
}
|
|
1690
|
-
return {
|
|
1691
|
-
Name: `${appId}-${task.name}`,
|
|
1692
|
-
Provider: "nomad",
|
|
1693
|
-
PortLabel: checkPortLabel,
|
|
1694
|
-
AddressMode: "host",
|
|
1695
|
-
Checks: [check],
|
|
1696
|
-
};
|
|
1697
|
-
}
|
|
1698
|
-
// ── Deep merge utility ────────────────────────────────────────────────────
|
|
1699
|
-
function deepMerge(target, source) {
|
|
1700
|
-
const result = { ...target };
|
|
1701
|
-
for (const key of Object.keys(source)) {
|
|
1702
|
-
if (source[key] && typeof source[key] === "object" && !Array.isArray(source[key]) &&
|
|
1703
|
-
result[key] && typeof result[key] === "object" && !Array.isArray(result[key])) {
|
|
1704
|
-
result[key] = deepMerge(result[key], source[key]);
|
|
1705
|
-
}
|
|
1706
|
-
else {
|
|
1707
|
-
result[key] = source[key];
|
|
1708
|
-
}
|
|
1709
|
-
}
|
|
1710
|
-
return result;
|
|
1711
|
-
}
|
|
1712
|
-
function interpolateEnvRequires(taskEnv, extraEnv) {
|
|
1713
|
-
const result = {};
|
|
1714
|
-
for (const [k, v] of Object.entries(taskEnv)) {
|
|
1715
|
-
result[k] = v.replace(/\$\{requires\.([^}]+)\}/g, (_, key) => extraEnv[key] ?? "");
|
|
1716
|
-
}
|
|
1717
|
-
return result;
|
|
1718
|
-
}
|
|
1719
|
-
function materializeAppIdTokens(value, appId) {
|
|
1720
|
-
if (typeof value === "string") {
|
|
1721
|
-
return value
|
|
1722
|
-
.replace(/\$\{app_id\}/g, appId)
|
|
1723
|
-
.replace(/\$\{app\.id\}/g, appId);
|
|
1724
|
-
}
|
|
1725
|
-
if (Array.isArray(value)) {
|
|
1726
|
-
return value.map((entry) => materializeAppIdTokens(entry, appId));
|
|
1727
|
-
}
|
|
1728
|
-
if (value && typeof value === "object") {
|
|
1729
|
-
const result = {};
|
|
1730
|
-
for (const [key, entry] of Object.entries(value)) {
|
|
1731
|
-
result[key] = materializeAppIdTokens(entry, appId);
|
|
1732
|
-
}
|
|
1733
|
-
return result;
|
|
1734
|
-
}
|
|
1735
|
-
return value;
|
|
1736
|
-
}
|
|
1737
|
-
// ── Task lifecycle mapping ────────────────────────────────────────────────
|
|
1738
|
-
/**
|
|
1739
|
-
* Map AppTask role to a Nomad task lifecycle block.
|
|
1740
|
-
* Returns null for the default "service" role (no lifecycle block needed).
|
|
1741
|
-
*
|
|
1742
|
-
* Nomad lifecycle hooks:
|
|
1743
|
-
* prestart - runs before main tasks; sidecar=false means it must complete
|
|
1744
|
-
* poststart - runs after main tasks start; sidecar=true means it keeps running
|
|
1745
|
-
* poststop - runs after all main tasks stop
|
|
1746
|
-
*
|
|
1747
|
-
* TODO: AppTask.after[] dependency ordering is not yet mapped.
|
|
1748
|
-
*/
|
|
1749
|
-
function roleToLifecycle(role) {
|
|
1750
|
-
switch (role) {
|
|
1751
|
-
case "init":
|
|
1752
|
-
return { Hook: "prestart", Sidecar: false };
|
|
1753
|
-
case "sidecar":
|
|
1754
|
-
return { Hook: "prestart", Sidecar: true };
|
|
1755
|
-
case "cleanup":
|
|
1756
|
-
return { Hook: "poststop", Sidecar: false };
|
|
1757
|
-
case "service":
|
|
1758
|
-
default:
|
|
1759
|
-
return null;
|
|
1760
|
-
}
|
|
1761
|
-
}
|
|
1762
|
-
// ── Process runtime helpers ──────────────────────────────────────────────
|
|
1763
|
-
/**
|
|
1764
|
-
* Check whether a binary process is already running on the host OS by
|
|
1765
|
-
* matching its command path via pgrep -f.
|
|
1766
|
-
*
|
|
1767
|
-
* Used by startAppJob to skip Nomad submission when the binary is already
|
|
1768
|
-
* running (e.g. started outside of Nomad or when raw_exec driver is unavailable).
|
|
1769
|
-
*/
|
|
1770
|
-
async function isBinaryRunning(command) {
|
|
1771
|
-
if (!command)
|
|
1772
|
-
return false;
|
|
1773
|
-
const expanded = command.replace(/^~(?=\/|$)/, homedir());
|
|
1774
|
-
// Try full path first, then basename — covers symlinks & macOS App Translocation.
|
|
1775
|
-
const patterns = [expanded];
|
|
1776
|
-
const base = basename(expanded);
|
|
1777
|
-
if (base !== expanded)
|
|
1778
|
-
patterns.push(base);
|
|
1779
|
-
for (const pattern of patterns) {
|
|
1780
|
-
const found = await new Promise((resolve) => {
|
|
1781
|
-
execFileCb("pgrep", ["-f", pattern], { timeout: 3_000 }, (_err, stdout) => {
|
|
1782
|
-
resolve(stdout.trim().length > 0);
|
|
1783
|
-
});
|
|
1784
|
-
});
|
|
1785
|
-
if (found)
|
|
1786
|
-
return true;
|
|
1787
|
-
}
|
|
1788
|
-
return false;
|
|
1789
|
-
}
|
|
1790
|
-
UnifiedNomadJobs.isBinaryRunning = isBinaryRunning;
|
|
1791
|
-
function tryBindPort(port, host) {
|
|
1792
|
-
return new Promise((resolve) => {
|
|
1793
|
-
const server = netCreateServer();
|
|
1794
|
-
server.once("error", (error) => {
|
|
1795
|
-
if (error?.code === "EADDRINUSE") {
|
|
1796
|
-
resolve(true);
|
|
1797
|
-
return;
|
|
1798
|
-
}
|
|
1799
|
-
console.warn(`[port-probe] bind ${host}:${port} failed with ${error?.code ?? "unknown"}: ${error?.message}; treating as free`);
|
|
1800
|
-
resolve(false);
|
|
1801
|
-
});
|
|
1802
|
-
server.once("listening", () => {
|
|
1803
|
-
server.close(() => resolve(false));
|
|
1804
|
-
});
|
|
1805
|
-
server.listen(port, host);
|
|
1806
|
-
});
|
|
1807
|
-
}
|
|
1808
|
-
async function isPortInUse(port) {
|
|
1809
|
-
if (!Number.isInteger(port) || port < 1 || port > 65535)
|
|
1810
|
-
return false;
|
|
1811
|
-
// Probe sequentially so the wildcard probe does not race with the loopback
|
|
1812
|
-
// probe and falsely trigger EADDRINUSE against our own temporary socket.
|
|
1813
|
-
if (await tryBindPort(port, "0.0.0.0"))
|
|
1814
|
-
return true;
|
|
1815
|
-
return tryBindPort(port, "127.0.0.1");
|
|
1816
|
-
}
|
|
1817
|
-
function loadInstalledAppSpec(appId) {
|
|
1818
|
-
const appDir = resolveAppDir(appId);
|
|
1819
|
-
if (!appDir)
|
|
1820
|
-
return null;
|
|
1821
|
-
try {
|
|
1822
|
-
return parse(readFileSync(join(appDir, "app-spec.yaml"), "utf-8"));
|
|
1823
|
-
}
|
|
1824
|
-
catch {
|
|
1825
|
-
return null;
|
|
1826
|
-
}
|
|
1827
|
-
}
|
|
1828
|
-
function externalHealthProbeTimeoutMs(task) {
|
|
1829
|
-
return Math.max(1_000, Math.floor(parseIntervalNs(task.health?.timeout, 5_000_000_000) / 1_000_000));
|
|
1830
|
-
}
|
|
1831
|
-
async function probeExternalTaskHealth(appId, task) {
|
|
1832
|
-
const health = task.health?.http;
|
|
1833
|
-
if (!health)
|
|
1834
|
-
return null;
|
|
1835
|
-
const url = `http://127.0.0.1:${health.port}${health.path}`;
|
|
1836
|
-
try {
|
|
1837
|
-
const resp = await fetch(url, { signal: AbortSignal.timeout(externalHealthProbeTimeoutMs(task)) });
|
|
1838
|
-
return {
|
|
1839
|
-
name: `${task.name}-health`,
|
|
1840
|
-
status: resp.ok ? "success" : "failure",
|
|
1841
|
-
service: `${appId}-${task.name}`,
|
|
1842
|
-
output: `external probe: HTTP ${resp.status}`,
|
|
1843
|
-
};
|
|
1844
|
-
}
|
|
1845
|
-
catch (e) {
|
|
1846
|
-
return {
|
|
1847
|
-
name: `${task.name}-health`,
|
|
1848
|
-
status: "failure",
|
|
1849
|
-
service: `${appId}-${task.name}`,
|
|
1850
|
-
output: `external probe: ${e?.message ?? "request failed"}`,
|
|
1851
|
-
};
|
|
1852
|
-
}
|
|
1853
|
-
}
|
|
1854
|
-
const EXTERNAL_PROCESS_ADOPT_COMMAND = "/bin/sh";
|
|
1855
|
-
const EXTERNAL_PROCESS_ADOPT_ARGS = [
|
|
1856
|
-
"-c",
|
|
1857
|
-
"echo 'jishushell adopting external service'; trap 'exit 0' TERM INT; while true; do sleep 3600; done",
|
|
1858
|
-
];
|
|
1859
|
-
const EXTERNAL_STOP_POLL_INTERVAL_MS = 250;
|
|
1860
|
-
const EXTERNAL_STOP_SETTLE_TIMEOUT_MS = 4_000;
|
|
1861
|
-
function expandTaskCommand(command) {
|
|
1862
|
-
if (!command)
|
|
1863
|
-
return null;
|
|
1864
|
-
return command.replace(/^~(?=\/|$)/, homedir());
|
|
1865
|
-
}
|
|
1866
|
-
function commandLineMatchesTask(commandLine, task) {
|
|
1867
|
-
const normalized = commandLine.trim();
|
|
1868
|
-
const command = expandTaskCommand(task.command);
|
|
1869
|
-
if (!command)
|
|
1870
|
-
return false;
|
|
1871
|
-
const [actualCommand, ...actualArgs] = normalized.split(/\s+/);
|
|
1872
|
-
const expectedArgs = (task.args ?? []).map(String);
|
|
1873
|
-
const commandMatches = actualCommand === command || actualCommand === basename(command);
|
|
1874
|
-
if (!commandMatches)
|
|
1875
|
-
return false;
|
|
1876
|
-
const actualTail = actualArgs.join(" ").trim();
|
|
1877
|
-
const expectedTail = expectedArgs.join(" ").trim();
|
|
1878
|
-
if (!expectedTail)
|
|
1879
|
-
return true;
|
|
1880
|
-
return actualTail === expectedTail || actualTail.startsWith(`${expectedTail} `);
|
|
1881
|
-
}
|
|
1882
|
-
function parseExecFileError(error) {
|
|
1883
|
-
const stderr = typeof error?.stderr === "string" ? error.stderr.trim() : "";
|
|
1884
|
-
if (stderr)
|
|
1885
|
-
return stderr.split("\n")[0];
|
|
1886
|
-
const stdout = typeof error?.stdout === "string" ? error.stdout.trim() : "";
|
|
1887
|
-
if (stdout)
|
|
1888
|
-
return stdout.split("\n")[0];
|
|
1889
|
-
return String(error?.message ?? "command failed").trim();
|
|
1890
|
-
}
|
|
1891
|
-
async function listExternalTaskProcesses(task) {
|
|
1892
|
-
const command = expandTaskCommand(task.command);
|
|
1893
|
-
if (!command)
|
|
1894
|
-
return [];
|
|
1895
|
-
const execFileAsync = promisify(execFileCb);
|
|
1896
|
-
try {
|
|
1897
|
-
const { stdout } = await execFileAsync("ps", ["-eo", "pid=,user=,args="], { timeout: 5_000 });
|
|
1898
|
-
return stdout
|
|
1899
|
-
.split("\n")
|
|
1900
|
-
.map((line) => line.match(/^\s*(\d+)\s+(\S+)\s+(.*)$/))
|
|
1901
|
-
.filter((match) => Boolean(match))
|
|
1902
|
-
.map((match) => ({
|
|
1903
|
-
pid: Number(match[1]),
|
|
1904
|
-
user: match[2] || null,
|
|
1905
|
-
commandLine: match[3]?.trim() ?? "",
|
|
1906
|
-
}))
|
|
1907
|
-
.filter((entry) => entry.pid > 1 && commandLineMatchesTask(entry.commandLine, task));
|
|
1908
|
-
}
|
|
1909
|
-
catch {
|
|
1910
|
-
return [];
|
|
1911
|
-
}
|
|
1912
|
-
}
|
|
1913
|
-
async function listExternalTaskBusyPorts(task) {
|
|
1914
|
-
const declaredPorts = (task.ports ?? [])
|
|
1915
|
-
.map((port) => port.port)
|
|
1916
|
-
.filter((port) => Number.isInteger(port) && port > 0 && port <= 65535);
|
|
1917
|
-
const occupiedFlags = await Promise.all(declaredPorts.map((port) => isPortInUse(port)));
|
|
1918
|
-
return declaredPorts.filter((_port, index) => occupiedFlags[index]);
|
|
1919
|
-
}
|
|
1920
|
-
function parseSsPortLine(line) {
|
|
1921
|
-
const columns = line.trim().split(/\s+/);
|
|
1922
|
-
const local = columns[3] ?? "";
|
|
1923
|
-
if (!local)
|
|
1924
|
-
return null;
|
|
1925
|
-
if (local.startsWith("[")) {
|
|
1926
|
-
const end = local.indexOf("]:");
|
|
1927
|
-
if (end < 0)
|
|
1928
|
-
return null;
|
|
1929
|
-
const address = local.slice(1, end);
|
|
1930
|
-
const port = Number(local.slice(end + 2));
|
|
1931
|
-
return Number.isInteger(port) ? { address, port } : null;
|
|
1932
|
-
}
|
|
1933
|
-
const idx = local.lastIndexOf(":");
|
|
1934
|
-
if (idx < 0)
|
|
1935
|
-
return null;
|
|
1936
|
-
const address = local.slice(0, idx);
|
|
1937
|
-
const port = Number(local.slice(idx + 1));
|
|
1938
|
-
return Number.isInteger(port) ? { address, port } : null;
|
|
1939
|
-
}
|
|
1940
|
-
async function listListeningAddressesForPorts(ports) {
|
|
1941
|
-
const wanted = new Set(ports.filter((port) => Number.isInteger(port) && port > 0 && port <= 65535));
|
|
1942
|
-
if (wanted.size === 0)
|
|
1943
|
-
return {};
|
|
1944
|
-
const execFileAsync = promisify(execFileCb);
|
|
1945
|
-
try {
|
|
1946
|
-
const { stdout } = await execFileAsync("ss", ["-ltnH"], { timeout: 5_000 });
|
|
1947
|
-
const result = {};
|
|
1948
|
-
for (const line of stdout.split("\n")) {
|
|
1949
|
-
const parsed = parseSsPortLine(line);
|
|
1950
|
-
if (!parsed || !wanted.has(parsed.port))
|
|
1951
|
-
continue;
|
|
1952
|
-
result[parsed.port] ??= [];
|
|
1953
|
-
if (!result[parsed.port].includes(parsed.address)) {
|
|
1954
|
-
result[parsed.port].push(parsed.address);
|
|
1955
|
-
}
|
|
1956
|
-
}
|
|
1957
|
-
return result;
|
|
1958
|
-
}
|
|
1959
|
-
catch {
|
|
1960
|
-
return {};
|
|
1961
|
-
}
|
|
1962
|
-
}
|
|
1963
|
-
function portRequiresExternalBinding(task, port) {
|
|
1964
|
-
const portEntry = (task.ports ?? []).find((entry) => entry.port === port);
|
|
1965
|
-
return (portEntry?.visibility ?? "external") !== "internal";
|
|
1966
|
-
}
|
|
1967
|
-
function isNonLoopbackAddress(address) {
|
|
1968
|
-
const normalized = address.trim().replace(/^\[|\]$/g, "");
|
|
1969
|
-
if (!normalized || normalized === "*" || normalized === "0.0.0.0" || normalized === "::" || normalized === ":::") {
|
|
1970
|
-
return true;
|
|
1971
|
-
}
|
|
1972
|
-
if (normalized === "localhost" || normalized === "::1")
|
|
1973
|
-
return false;
|
|
1974
|
-
if (/^127\./.test(normalized))
|
|
1975
|
-
return false;
|
|
1976
|
-
return true;
|
|
1977
|
-
}
|
|
1978
|
-
function loopbackOnlyConflictDetail(task, occupiedPorts, listeningAddresses) {
|
|
1979
|
-
const invalidPorts = occupiedPorts.filter((port) => {
|
|
1980
|
-
if (!portRequiresExternalBinding(task, port))
|
|
1981
|
-
return false;
|
|
1982
|
-
const addresses = listeningAddresses[port] ?? [];
|
|
1983
|
-
return addresses.length > 0 && !addresses.some(isNonLoopbackAddress);
|
|
1984
|
-
});
|
|
1985
|
-
if (invalidPorts.length === 0)
|
|
1986
|
-
return null;
|
|
1987
|
-
const details = invalidPorts.map((port) => {
|
|
1988
|
-
const bindings = (listeningAddresses[port] ?? []).join(", ") || "127.0.0.1";
|
|
1989
|
-
return `${port} (${bindings})`;
|
|
1990
|
-
});
|
|
1991
|
-
return `Task "${task.name}" 端口 ${details.join(", ")} 当前仅监听在本地回环地址,无法作为可外部访问的应用接管`;
|
|
1992
|
-
}
|
|
1993
|
-
async function snapshotExternalTaskRuntime(task) {
|
|
1994
|
-
const [processes, occupiedPorts, healthCheck] = await Promise.all([
|
|
1995
|
-
listExternalTaskProcesses(task),
|
|
1996
|
-
listExternalTaskBusyPorts(task),
|
|
1997
|
-
probeExternalTaskHealth("external-stop", task),
|
|
1998
|
-
]);
|
|
1999
|
-
const healthy = healthCheck?.status === "success";
|
|
2000
|
-
return {
|
|
2001
|
-
running: processes.length > 0 || (occupiedPorts.length > 0 && (healthy || !task.health?.http)),
|
|
2002
|
-
processes,
|
|
2003
|
-
occupiedPorts,
|
|
2004
|
-
healthy,
|
|
2005
|
-
};
|
|
2006
|
-
}
|
|
2007
|
-
async function waitForExternalTaskExit(task, timeoutMs = EXTERNAL_STOP_SETTLE_TIMEOUT_MS) {
|
|
2008
|
-
const deadline = Date.now() + timeoutMs;
|
|
2009
|
-
while (Date.now() < deadline) {
|
|
2010
|
-
const snapshot = await snapshotExternalTaskRuntime(task);
|
|
2011
|
-
if (!snapshot.running)
|
|
2012
|
-
return true;
|
|
2013
|
-
await new Promise((resolve) => setTimeout(resolve, EXTERNAL_STOP_POLL_INTERVAL_MS));
|
|
2014
|
-
}
|
|
2015
|
-
const finalSnapshot = await snapshotExternalTaskRuntime(task);
|
|
2016
|
-
return !finalSnapshot.running;
|
|
2017
|
-
}
|
|
2018
|
-
async function detectSystemdUnitForTask(task, processes) {
|
|
2019
|
-
if (process.platform !== "linux" || processes.length === 0)
|
|
2020
|
-
return null;
|
|
2021
|
-
const command = expandTaskCommand(task.command);
|
|
2022
|
-
if (!command)
|
|
2023
|
-
return null;
|
|
2024
|
-
const candidate = `${basename(command).replace(/\.[^.]+$/, "")}.service`;
|
|
2025
|
-
const execFileAsync = promisify(execFileCb);
|
|
2026
|
-
try {
|
|
2027
|
-
const { stdout } = await execFileAsync("systemctl", ["show", candidate, "--property=LoadState,ActiveState,MainPID,ExecStart"], { timeout: 5_000 });
|
|
2028
|
-
const props = Object.fromEntries(stdout
|
|
2029
|
-
.split("\n")
|
|
2030
|
-
.map((line) => line.trim())
|
|
2031
|
-
.filter(Boolean)
|
|
2032
|
-
.map((line) => {
|
|
2033
|
-
const idx = line.indexOf("=");
|
|
2034
|
-
return idx >= 0 ? [line.slice(0, idx), line.slice(idx + 1)] : [line, ""];
|
|
2035
|
-
}));
|
|
2036
|
-
if (props.LoadState === "not-found")
|
|
2037
|
-
return null;
|
|
2038
|
-
if (!["active", "activating", "reloading"].includes(props.ActiveState ?? ""))
|
|
2039
|
-
return null;
|
|
2040
|
-
const mainPid = Number(props.MainPID ?? 0);
|
|
2041
|
-
if (processes.some((entry) => entry.pid === mainPid)) {
|
|
2042
|
-
return candidate;
|
|
2043
|
-
}
|
|
2044
|
-
return props.ExecStart?.includes(command) ? candidate : null;
|
|
2045
|
-
}
|
|
2046
|
-
catch {
|
|
2047
|
-
return null;
|
|
2048
|
-
}
|
|
2049
|
-
}
|
|
2050
|
-
async function stopSystemdUnit(unit) {
|
|
2051
|
-
const execFileAsync = promisify(execFileCb);
|
|
2052
|
-
let lastError = null;
|
|
2053
|
-
try {
|
|
2054
|
-
await execFileAsync("systemctl", ["--no-ask-password", "stop", unit], { timeout: 15_000 });
|
|
2055
|
-
return null;
|
|
2056
|
-
}
|
|
2057
|
-
catch (error) {
|
|
2058
|
-
lastError = parseExecFileError(error);
|
|
2059
|
-
}
|
|
2060
|
-
try {
|
|
2061
|
-
await execFileAsync("sudo", ["-n", "systemctl", "stop", unit], { timeout: 15_000 });
|
|
2062
|
-
return null;
|
|
2063
|
-
}
|
|
2064
|
-
catch (error) {
|
|
2065
|
-
return parseExecFileError(error) || lastError;
|
|
2066
|
-
}
|
|
2067
|
-
}
|
|
2068
|
-
function isProcessAlive(pid) {
|
|
2069
|
-
try {
|
|
2070
|
-
process.kill(pid, 0);
|
|
2071
|
-
return true;
|
|
2072
|
-
}
|
|
2073
|
-
catch (error) {
|
|
2074
|
-
return error?.code === "EPERM";
|
|
2075
|
-
}
|
|
2076
|
-
}
|
|
2077
|
-
async function waitForPidExit(pid, timeoutMs) {
|
|
2078
|
-
const deadline = Date.now() + timeoutMs;
|
|
2079
|
-
while (Date.now() < deadline) {
|
|
2080
|
-
if (!isProcessAlive(pid))
|
|
2081
|
-
return true;
|
|
2082
|
-
await new Promise((resolve) => setTimeout(resolve, EXTERNAL_STOP_POLL_INTERVAL_MS));
|
|
2083
|
-
}
|
|
2084
|
-
return !isProcessAlive(pid);
|
|
2085
|
-
}
|
|
2086
|
-
async function terminateExternalProcess(pid) {
|
|
2087
|
-
try {
|
|
2088
|
-
process.kill(pid, "SIGTERM");
|
|
2089
|
-
}
|
|
2090
|
-
catch (error) {
|
|
2091
|
-
if (error?.code === "ESRCH")
|
|
2092
|
-
return null;
|
|
2093
|
-
return String(error?.message ?? error);
|
|
2094
|
-
}
|
|
2095
|
-
if (await waitForPidExit(pid, 2_500)) {
|
|
2096
|
-
return null;
|
|
2097
|
-
}
|
|
2098
|
-
try {
|
|
2099
|
-
process.kill(pid, "SIGKILL");
|
|
2100
|
-
}
|
|
2101
|
-
catch (error) {
|
|
2102
|
-
if (error?.code === "ESRCH")
|
|
2103
|
-
return null;
|
|
2104
|
-
return String(error?.message ?? error);
|
|
2105
|
-
}
|
|
2106
|
-
return (await waitForPidExit(pid, 1_500)) ? null : `pid ${pid} 在 SIGKILL 后仍存活`;
|
|
2107
|
-
}
|
|
2108
|
-
async function stopExternalProcessTask(task) {
|
|
2109
|
-
const initial = await snapshotExternalTaskRuntime(task);
|
|
2110
|
-
if (!initial.running) {
|
|
2111
|
-
return { detected: false, ok: true };
|
|
2112
|
-
}
|
|
2113
|
-
const errors = [];
|
|
2114
|
-
const systemdUnit = await detectSystemdUnitForTask(task, initial.processes);
|
|
2115
|
-
if (systemdUnit) {
|
|
2116
|
-
const stopError = await stopSystemdUnit(systemdUnit);
|
|
2117
|
-
if (stopError) {
|
|
2118
|
-
errors.push(`systemd unit "${systemdUnit}" 停止失败: ${stopError}`);
|
|
2119
|
-
}
|
|
2120
|
-
if (await waitForExternalTaskExit(task)) {
|
|
2121
|
-
return { detected: true, ok: true };
|
|
2122
|
-
}
|
|
2123
|
-
}
|
|
2124
|
-
for (const proc of initial.processes) {
|
|
2125
|
-
const stopError = await terminateExternalProcess(proc.pid);
|
|
2126
|
-
if (stopError) {
|
|
2127
|
-
const owner = proc.user ? ` (${proc.user})` : "";
|
|
2128
|
-
errors.push(`无法停止进程 ${proc.pid}${owner}: ${stopError}`);
|
|
2129
|
-
}
|
|
2130
|
-
}
|
|
2131
|
-
if (await waitForExternalTaskExit(task)) {
|
|
2132
|
-
return { detected: true, ok: true };
|
|
2133
|
-
}
|
|
2134
|
-
const finalSnapshot = await snapshotExternalTaskRuntime(task);
|
|
2135
|
-
const details = [];
|
|
2136
|
-
if (finalSnapshot.processes.length > 0) {
|
|
2137
|
-
details.push(`进程 ${finalSnapshot.processes.map((proc) => `${proc.pid}${proc.user ? `(${proc.user})` : ""}`).join(", ")} 仍在运行`);
|
|
2138
|
-
}
|
|
2139
|
-
if (finalSnapshot.occupiedPorts.length > 0) {
|
|
2140
|
-
details.push(`端口 ${finalSnapshot.occupiedPorts.join(", ")} 仍被占用`);
|
|
2141
|
-
}
|
|
2142
|
-
if (systemdUnit) {
|
|
2143
|
-
details.push(`可手动执行 sudo systemctl stop ${systemdUnit}`);
|
|
2144
|
-
}
|
|
2145
|
-
return {
|
|
2146
|
-
detected: true,
|
|
2147
|
-
ok: false,
|
|
2148
|
-
error: `Task "${task.name}" 未能完全停止:${details.join(",")}${errors.length ? `;${errors.join("; ")}` : ""}`,
|
|
2149
|
-
};
|
|
2150
|
-
}
|
|
2151
|
-
async function stopExternalProcessApp(appId) {
|
|
2152
|
-
const spec = loadInstalledAppSpec(appId);
|
|
2153
|
-
if (!spec) {
|
|
2154
|
-
return { detected: false, ok: true };
|
|
2155
|
-
}
|
|
2156
|
-
const processTasks = spec.tasks.filter((task) => task.runtime === "process" && (task.role ?? "service") === "service");
|
|
2157
|
-
if (processTasks.length === 0) {
|
|
2158
|
-
return { detected: false, ok: true };
|
|
2159
|
-
}
|
|
2160
|
-
const errors = [];
|
|
2161
|
-
let detected = false;
|
|
2162
|
-
for (const task of processTasks) {
|
|
2163
|
-
const result = await stopExternalProcessTask(task);
|
|
2164
|
-
detected ||= result.detected;
|
|
2165
|
-
if (!result.ok && result.error) {
|
|
2166
|
-
errors.push(result.error);
|
|
2167
|
-
}
|
|
2168
|
-
}
|
|
2169
|
-
return {
|
|
2170
|
-
detected,
|
|
2171
|
-
ok: errors.length === 0,
|
|
2172
|
-
...(errors.length ? { error: errors.join("; ") } : {}),
|
|
2173
|
-
};
|
|
2174
|
-
}
|
|
2175
|
-
async function inspectExternalProcessTask(appId, task) {
|
|
2176
|
-
const commandRunning = task.command ? await isBinaryRunning(task.command) : false;
|
|
2177
|
-
const declaredPorts = (task.ports ?? [])
|
|
2178
|
-
.map((port) => port.port)
|
|
2179
|
-
.filter((port) => Number.isInteger(port) && port > 0 && port <= 65535);
|
|
2180
|
-
const occupiedFlags = await Promise.all(declaredPorts.map((port) => isPortInUse(port)));
|
|
2181
|
-
const busyPorts = declaredPorts.filter((_port, index) => occupiedFlags[index]);
|
|
2182
|
-
const listeningAddresses = await listListeningAddressesForPorts(busyPorts);
|
|
2183
|
-
const healthCheck = await probeExternalTaskHealth(appId, task);
|
|
2184
|
-
const healthMatched = healthCheck?.status === "success";
|
|
2185
|
-
const bindingConflict = loopbackOnlyConflictDetail(task, busyPorts, listeningAddresses);
|
|
2186
|
-
const hasDeclaredPorts = declaredPorts.length > 0;
|
|
2187
|
-
// External adoption must be conservative. A matching command name alone is
|
|
2188
|
-
// not enough evidence for service readiness because unrelated host processes
|
|
2189
|
-
// can share the same binary. When a health check exists, require it to pass.
|
|
2190
|
-
// Without a health check, require the service to actually occupy its declared
|
|
2191
|
-
// port(s); only port-less process tasks can fall back to command detection.
|
|
2192
|
-
const detected = !bindingConflict && ((Boolean(task.health?.http) && healthMatched)
|
|
2193
|
-
|| (!task.health?.http && hasDeclaredPorts && busyPorts.length > 0)
|
|
2194
|
-
|| (!task.health?.http && !hasDeclaredPorts && commandRunning));
|
|
2195
|
-
const conflict = Boolean(bindingConflict) || (busyPorts.length > 0 && !healthMatched && Boolean(task.health?.http));
|
|
2196
|
-
const status = {
|
|
2197
|
-
state: detected ? "running" : conflict ? "failed" : "stopped",
|
|
2198
|
-
restarts: 0,
|
|
2199
|
-
};
|
|
2200
|
-
if (healthCheck) {
|
|
2201
|
-
status.health_checks = [healthCheck];
|
|
2202
|
-
status.health_status = aggregateHealthStatus(status.health_checks);
|
|
2203
|
-
}
|
|
2204
|
-
return {
|
|
2205
|
-
detected,
|
|
2206
|
-
conflict,
|
|
2207
|
-
occupiedPorts: busyPorts,
|
|
2208
|
-
...(bindingConflict ? { conflictDetail: bindingConflict } : {}),
|
|
2209
|
-
status,
|
|
2210
|
-
};
|
|
2211
|
-
}
|
|
2212
|
-
async function inspectExternalProcessApp(appId, spec) {
|
|
2213
|
-
if (!resolveAppDir(appId)) {
|
|
2214
|
-
return { detected: false, conflicts: [], status: null };
|
|
2215
|
-
}
|
|
2216
|
-
const appSpec = spec ?? loadInstalledAppSpec(appId);
|
|
2217
|
-
if (!appSpec)
|
|
2218
|
-
return { detected: false, conflicts: [], status: null };
|
|
2219
|
-
const serviceProcessTasks = appSpec.tasks.filter((task) => task.runtime === "process" && (task.role ?? "service") === "service");
|
|
2220
|
-
if (serviceProcessTasks.length === 0) {
|
|
2221
|
-
return { detected: false, conflicts: [], status: null };
|
|
2222
|
-
}
|
|
2223
|
-
const tasks = {};
|
|
2224
|
-
const conflicts = [];
|
|
2225
|
-
let detected = false;
|
|
2226
|
-
for (const task of appSpec.tasks) {
|
|
2227
|
-
if (task.runtime === "process" && (task.role ?? "service") === "service") {
|
|
2228
|
-
const inspection = await inspectExternalProcessTask(appId, task);
|
|
2229
|
-
tasks[task.name] = inspection.status;
|
|
2230
|
-
detected ||= inspection.detected;
|
|
2231
|
-
if (inspection.conflict) {
|
|
2232
|
-
if (inspection.conflictDetail) {
|
|
2233
|
-
conflicts.push(inspection.conflictDetail);
|
|
2234
|
-
}
|
|
2235
|
-
else {
|
|
2236
|
-
const ports = inspection.occupiedPorts.join(", ");
|
|
2237
|
-
const path = task.health?.http?.path ?? "/";
|
|
2238
|
-
conflicts.push(`Task "${task.name}" 端口 ${ports} 已被占用,但现有服务未通过健康检查 ${path}`);
|
|
2239
|
-
}
|
|
2240
|
-
}
|
|
2241
|
-
continue;
|
|
2242
|
-
}
|
|
2243
|
-
tasks[task.name] = {
|
|
2244
|
-
state: (task.role ?? "service") === "init" ? "dead" : "unknown",
|
|
2245
|
-
restarts: 0,
|
|
2246
|
-
};
|
|
2247
|
-
}
|
|
2248
|
-
if (!detected) {
|
|
2249
|
-
return { detected: false, conflicts, status: null };
|
|
2250
|
-
}
|
|
2251
|
-
const primaryTaskName = serviceProcessTasks[0]?.name ?? Object.keys(tasks)[0] ?? "";
|
|
2252
|
-
return {
|
|
2253
|
-
detected: true,
|
|
2254
|
-
conflicts,
|
|
2255
|
-
status: {
|
|
2256
|
-
status: "running",
|
|
2257
|
-
tasks,
|
|
2258
|
-
pid: null,
|
|
2259
|
-
uptime: null,
|
|
2260
|
-
memory_mb: null,
|
|
2261
|
-
cpu_percent: null,
|
|
2262
|
-
restarts: tasks[primaryTaskName]?.restarts ?? 0,
|
|
2263
|
-
},
|
|
2264
|
-
};
|
|
2265
|
-
}
|
|
2266
|
-
async function buildExternalAdoptedSpec(appId, spec) {
|
|
2267
|
-
if (!resolveAppDir(appId)) {
|
|
2268
|
-
return { adopted: false, conflicts: [], spec };
|
|
2269
|
-
}
|
|
2270
|
-
const conflicts = [];
|
|
2271
|
-
let adopted = false;
|
|
2272
|
-
const tasks = await Promise.all(spec.tasks.map(async (task) => {
|
|
2273
|
-
if (task.runtime !== "process" || (task.role ?? "service") !== "service") {
|
|
2274
|
-
return task;
|
|
2275
|
-
}
|
|
2276
|
-
const inspection = await inspectExternalProcessTask(appId, task);
|
|
2277
|
-
if (inspection.conflict) {
|
|
2278
|
-
if (inspection.conflictDetail) {
|
|
2279
|
-
conflicts.push(inspection.conflictDetail);
|
|
2280
|
-
}
|
|
2281
|
-
else {
|
|
2282
|
-
const ports = inspection.occupiedPorts.join(", ");
|
|
2283
|
-
const path = task.health?.http?.path ?? "/";
|
|
2284
|
-
conflicts.push(`Task "${task.name}" 端口 ${ports} 已被占用,但现有服务未通过健康检查 ${path}`);
|
|
2285
|
-
}
|
|
2286
|
-
return task;
|
|
2287
|
-
}
|
|
2288
|
-
if (!inspection.detected) {
|
|
2289
|
-
return task;
|
|
2290
|
-
}
|
|
2291
|
-
adopted = true;
|
|
2292
|
-
return {
|
|
2293
|
-
...task,
|
|
2294
|
-
command: EXTERNAL_PROCESS_ADOPT_COMMAND,
|
|
2295
|
-
args: [...EXTERNAL_PROCESS_ADOPT_ARGS],
|
|
2296
|
-
env: {
|
|
2297
|
-
...(task.env ?? {}),
|
|
2298
|
-
JISHUSHELL_EXTERNAL_ADOPTED: "1",
|
|
2299
|
-
},
|
|
2300
|
-
};
|
|
2301
|
-
}));
|
|
2302
|
-
return {
|
|
2303
|
-
adopted,
|
|
2304
|
-
conflicts,
|
|
2305
|
-
spec: adopted ? { ...spec, tasks } : spec,
|
|
2306
|
-
};
|
|
2307
|
-
}
|
|
2308
|
-
// ── Nomad task builders ───────────────────────────────────────────────────
|
|
2309
|
-
/**
|
|
2310
|
-
* Build a Nomad raw_exec task from an AppTask with runtime="process".
|
|
2311
|
-
*
|
|
2312
|
-
* raw_exec runs the command directly on the host as the specified user.
|
|
2313
|
-
* Ports declared in task.ports are registered with Nomad for discovery
|
|
2314
|
-
* but do NOT require network mapping (process binds the host port directly).
|
|
2315
|
-
*/
|
|
2316
|
-
function buildRawExecTask(task, appId, extraEnv) {
|
|
2317
|
-
const command = (task.command ?? task.binary)
|
|
2318
|
-
?.replace(/^~(?=\/|$)/, homedir());
|
|
2319
|
-
if (!command)
|
|
2320
|
-
throw new Error(`raw_exec task "${task.name}" must specify command`);
|
|
2321
|
-
const args = (task.args ?? []).map(String);
|
|
2322
|
-
const cpu = parseCpuMHz(task.resources?.cpu);
|
|
2323
|
-
const mem = parseMemoryMB(task.resources?.memory);
|
|
2324
|
-
const env = {
|
|
2325
|
-
...extraEnv,
|
|
2326
|
-
...interpolateEnvRequires(task.env ?? {}, extraEnv),
|
|
2327
|
-
};
|
|
2328
|
-
const lifecycle = roleToLifecycle(task.role ?? "service");
|
|
2329
|
-
const taskDef = {
|
|
2330
|
-
Name: task.name,
|
|
2331
|
-
Driver: "raw_exec",
|
|
2332
|
-
Config: {
|
|
2333
|
-
command,
|
|
2334
|
-
args,
|
|
2335
|
-
},
|
|
2336
|
-
Env: env,
|
|
2337
|
-
Resources: {
|
|
2338
|
-
CPU: cpu,
|
|
2339
|
-
MemoryMB: mem,
|
|
2340
|
-
},
|
|
2341
|
-
LogConfig: { MaxFiles: 3, MaxFileSizeMB: 10 },
|
|
2342
|
-
};
|
|
2343
|
-
if (lifecycle)
|
|
2344
|
-
taskDef.Lifecycle = lifecycle;
|
|
2345
|
-
const svcCheck = buildServiceCheck(task, appId);
|
|
2346
|
-
if (svcCheck)
|
|
2347
|
-
taskDef.Services = [svcCheck];
|
|
2348
|
-
return taskDef;
|
|
2349
|
-
}
|
|
2350
|
-
/**
|
|
2351
|
-
* Build a Nomad docker task from an AppTask with runtime="container".
|
|
2352
|
-
*
|
|
2353
|
-
* Uses bridge network mode. Each declared port in task.ports is published
|
|
2354
|
-
* from the host to the container.
|
|
2355
|
-
*/
|
|
2356
|
-
function buildDockerTask(task, appId, extraEnv) {
|
|
2357
|
-
const image = task.image;
|
|
2358
|
-
if (!image)
|
|
2359
|
-
throw new Error(`docker task "${task.name}" must specify image`);
|
|
2360
|
-
if (!UnifiedNomadJobs.DOCKER_IMAGE_RE.test(image) || image.length > UnifiedNomadJobs.MAX_DOCKER_IMAGE_NAME_LEN) {
|
|
2361
|
-
throw new Error(`docker task "${task.name}": invalid image name "${image}"`);
|
|
2362
|
-
}
|
|
2363
|
-
const args = (task.args ?? []).map(String);
|
|
2364
|
-
const cpu = parseCpuMHz(task.resources?.cpu);
|
|
2365
|
-
const mem = parseMemoryMB(task.resources?.memory);
|
|
2366
|
-
const memMax = Math.min(mem, config.getMaxAppMemoryMB());
|
|
2367
|
-
const env = {
|
|
2368
|
-
...extraEnv,
|
|
2369
|
-
...interpolateEnvRequires(task.env ?? {}, extraEnv),
|
|
2370
|
-
};
|
|
2371
|
-
// Only externally-visible ports get published to the host. Internal
|
|
2372
|
-
// ports (e.g. SearXNG sidecar at 8080) stay inside the container /
|
|
2373
|
-
// task-group network and are reached from peer tasks via 127.0.0.1.
|
|
2374
|
-
const publishedPorts = (task.ports ?? [])
|
|
2375
|
-
.filter((p) => (p.visibility ?? "external") !== "internal")
|
|
2376
|
-
.map((p) => portLabel(task.name, p.name));
|
|
2377
|
-
const lifecycle = roleToLifecycle(task.role ?? "service");
|
|
2378
|
-
const volumes = (task.volumes ?? []).map((v) => {
|
|
2379
|
-
if (typeof v === "string")
|
|
2380
|
-
return v.replace(/^~(?=\/|$)/, homedir());
|
|
2381
|
-
const src = v.source.replace(/^~(?=\/|$)/, homedir());
|
|
2382
|
-
return `${src}:${v.target}${v.readonly ? ":ro" : ":rw"}`;
|
|
2383
|
-
});
|
|
2384
|
-
const workDir = typeof task.cwd === "string" ? task.cwd.trim() : "";
|
|
2385
|
-
// Resolve container task user. On Linux we default to the panel
|
|
2386
|
-
// process's host uid:gid so bind-mounted data dirs (owned by the panel
|
|
2387
|
-
// user, typically `pi`) are writable without forcing the container to
|
|
2388
|
-
// run as root and without needing chown / DAC_OVERRIDE gymnastics.
|
|
2389
|
-
// yaml override `user: "<uid>:<gid>"` wins; explicit `user: "root"` or
|
|
2390
|
-
// `user: "0:0"` keeps the image's root default.
|
|
2391
|
-
//
|
|
2392
|
-
// On macOS we skip the host-uid default. Docker on Mac runs inside a
|
|
2393
|
-
// Linux VM (Colima/Docker Desktop) with its own uid namespace — host
|
|
2394
|
-
// uids like 501 (the standard macOS first-user) are virtualised away
|
|
2395
|
-
// by virtiofs and almost never exist in the image's /etc/passwd. Some
|
|
2396
|
-
// images crash hard when started as an unknown uid: e.g. browserless
|
|
2397
|
-
// calls Node.js `os.userInfo()` very early, which throws
|
|
2398
|
-
// `uv_os_get_passwd returned ENOENT` and the container exits before
|
|
2399
|
-
// the port ever binds. Letting the image's default USER directive
|
|
2400
|
-
// take effect is correct on Mac; users who do need bind-mount
|
|
2401
|
-
// ownership control can still set yaml `user:` explicitly.
|
|
2402
|
-
const containerUser = (() => {
|
|
2403
|
-
if (task.runtime !== "container")
|
|
2404
|
-
return undefined;
|
|
2405
|
-
const declared = typeof task.user === "string" ? task.user.trim() : "";
|
|
2406
|
-
if (declared === "host" || declared === "") {
|
|
2407
|
-
if (process.platform === "darwin")
|
|
2408
|
-
return undefined;
|
|
2409
|
-
const uid = process.getuid?.() ?? 1000;
|
|
2410
|
-
const gid = process.getgid?.() ?? 1000;
|
|
2411
|
-
return `${uid}:${gid}`;
|
|
2412
|
-
}
|
|
2413
|
-
return declared;
|
|
2414
|
-
})();
|
|
2415
|
-
// Validate cap_add against a tight allowlist. The full Linux cap surface
|
|
2416
|
-
// is large; we only honor capabilities image entrypoints actually need
|
|
2417
|
-
// for the canonical "start as root + gosu to user" pattern. Anything
|
|
2418
|
-
// outside this list is silently dropped — failing closed protects
|
|
2419
|
-
// against typo'd / hostile specs widening the container's capability
|
|
2420
|
-
// bounds beyond what the panel author signed off on.
|
|
2421
|
-
const ALLOWED_CAPS = new Set([
|
|
2422
|
-
"CHOWN", "DAC_OVERRIDE", "FOWNER",
|
|
2423
|
-
"SETUID", "SETGID", "SETPCAP", "NET_BIND_SERVICE",
|
|
2424
|
-
]);
|
|
2425
|
-
const capAdd = Array.isArray(task.cap_add)
|
|
2426
|
-
? task.cap_add
|
|
2427
|
-
.map((c) => typeof c === "string" ? c.trim().toUpperCase().replace(/^CAP_/, "") : "")
|
|
2428
|
-
.filter((c) => ALLOWED_CAPS.has(c))
|
|
2429
|
-
: [];
|
|
2430
|
-
// Public-DNS override. Defaults to AliDNS / DNSPod / Cloudflare; can be
|
|
2431
|
-
// disabled or replaced via core.json `container_dns`. The override is
|
|
2432
|
-
// necessary because docker's "copy host's resolv.conf" default rewrites
|
|
2433
|
-
// 127.0.0.53 (systemd-resolved loopback) back to whatever upstream the
|
|
2434
|
-
// host learned from DHCP, re-introducing into the container any DNS
|
|
2435
|
-
// hijack the host had bypassed via DoT/DoH — silent failure mode that
|
|
2436
|
-
// surfaces as 3-second-timeout on every outbound request from inside
|
|
2437
|
-
// search/scraper apps on home networks. Empty list = no override.
|
|
2438
|
-
const containerDns = config.getContainerDns();
|
|
2439
|
-
const taskDef = {
|
|
2440
|
-
Name: task.name,
|
|
2441
|
-
Driver: "docker",
|
|
2442
|
-
...(containerUser ? { User: containerUser } : {}),
|
|
2443
|
-
Config: {
|
|
2444
|
-
image,
|
|
2445
|
-
force_pull: false,
|
|
2446
|
-
// Nomad's docker driver default `image_pull_timeout` is 5 minutes;
|
|
2447
|
-
// on Raspberry Pi or other constrained networks a 1+ GiB image
|
|
2448
|
-
// (Open WebUI, OpenClaw, Hermes) can exceed that and the alloc
|
|
2449
|
-
// restart-loops with "Failed to pull: context deadline exceeded"
|
|
2450
|
-
// before it ever starts. Raise to 15 minutes — long enough for
|
|
2451
|
-
// realistic Pi-class pulls, short enough that a genuinely
|
|
2452
|
-
// unreachable registry still surfaces as a failure within a
|
|
2453
|
-
// bounded window.
|
|
2454
|
-
image_pull_timeout: "15m",
|
|
2455
|
-
...(workDir ? { work_dir: workDir } : {}),
|
|
2456
|
-
...(task.command ? { command: String(task.command) } : {}),
|
|
2457
|
-
args,
|
|
2458
|
-
...(publishedPorts.length > 0 ? { ports: publishedPorts } : {}),
|
|
2459
|
-
extra_hosts: ["host.docker.internal:host-gateway"],
|
|
2460
|
-
...(containerDns.length > 0 ? { dns_servers: containerDns } : {}),
|
|
2461
|
-
cap_drop: ["ALL"],
|
|
2462
|
-
...(capAdd.length > 0 ? { cap_add: capAdd } : {}),
|
|
2463
|
-
security_opt: ["no-new-privileges"],
|
|
2464
|
-
pids_limit: DEFAULT_PIDS_LIMIT,
|
|
2465
|
-
readonly_rootfs: false,
|
|
2466
|
-
...(volumes.length > 0 ? { volumes } : {}),
|
|
2467
|
-
mounts: [
|
|
2468
|
-
{ type: "tmpfs", target: "/tmp", tmpfs_options: { size: 536_870_912 } },
|
|
2469
|
-
{ type: "tmpfs", target: "/var/tmp", tmpfs_options: { size: 67_108_864 } },
|
|
2470
|
-
],
|
|
2471
|
-
},
|
|
2472
|
-
Env: env,
|
|
2473
|
-
Resources: {
|
|
2474
|
-
CPU: cpu,
|
|
2475
|
-
MemoryMB: mem,
|
|
2476
|
-
MemoryMaxMB: memMax,
|
|
2477
|
-
},
|
|
2478
|
-
LogConfig: { MaxFiles: 3, MaxFileSizeMB: 10 },
|
|
2479
|
-
};
|
|
2480
|
-
if (lifecycle)
|
|
2481
|
-
taskDef.Lifecycle = lifecycle;
|
|
2482
|
-
const svcCheck = buildServiceCheck(task, appId);
|
|
2483
|
-
if (svcCheck)
|
|
2484
|
-
taskDef.Services = [svcCheck];
|
|
2485
|
-
return taskDef;
|
|
2486
|
-
}
|
|
2487
|
-
// ── Job builder ───────────────────────────────────────────────────────────
|
|
2488
|
-
/**
|
|
2489
|
-
* Build a complete Nomad job payload from an AppSpec.
|
|
2490
|
-
*
|
|
2491
|
-
* @param spec The validated AppSpec.
|
|
2492
|
-
* @param appId A unique instance/run ID (used as job suffix).
|
|
2493
|
-
* @param driver "docker" | "raw_exec"
|
|
2494
|
-
* @param extraEnv Additional env vars injected into every task (e.g. capability addresses).
|
|
2495
|
-
*/
|
|
2496
|
-
function buildAppJob(spec, appId, driver, extraEnv) {
|
|
2497
|
-
const materializedSpec = materializeAppIdTokens(spec, appId);
|
|
2498
|
-
const jid = jobId(appId);
|
|
2499
|
-
assertSafeTemplateId(jid);
|
|
2500
|
-
const tasks = materializedSpec.tasks.map((task) => {
|
|
2501
|
-
const actualDriver = task.runtime === "container" ? "docker" : "raw_exec";
|
|
2502
|
-
// Validate driver availability
|
|
2503
|
-
if (actualDriver !== driver) {
|
|
2504
|
-
// Allow mixed task runtimes — build each task with its own driver.
|
|
2505
|
-
// Nomad supports heterogeneous drivers within one group.
|
|
2506
|
-
}
|
|
2507
|
-
if (task.runtime === "container") {
|
|
2508
|
-
return buildDockerTask(task, appId, extraEnv);
|
|
2509
|
-
}
|
|
2510
|
-
else if (task.runtime === "process") {
|
|
2511
|
-
return buildRawExecTask(task, appId, extraEnv);
|
|
2512
|
-
}
|
|
2513
|
-
else {
|
|
2514
|
-
throw new Error(`Unsupported task runtime "${task.runtime}" for task "${task.name}"`);
|
|
2515
|
-
}
|
|
2516
|
-
});
|
|
2517
|
-
const groupReservedPorts = materializedSpec.tasks.flatMap((task) => reservedPortsForTask(task));
|
|
2518
|
-
const jobDef = {
|
|
2519
|
-
Job: {
|
|
2520
|
-
ID: jid,
|
|
2521
|
-
Name: jid,
|
|
2522
|
-
Namespace: "default",
|
|
2523
|
-
Type: "service",
|
|
2524
|
-
Datacenters: ["*"],
|
|
2525
|
-
TaskGroups: [{
|
|
2526
|
-
Name: materializedSpec.id,
|
|
2527
|
-
Count: 1,
|
|
2528
|
-
...(groupReservedPorts.length > 0
|
|
2529
|
-
? { Networks: [{ ReservedPorts: groupReservedPorts }] }
|
|
2530
|
-
: {}),
|
|
2531
|
-
RestartPolicy: {
|
|
2532
|
-
// 10 attempts × 15s delay = ~2.5min recovery window. Multi-task
|
|
2533
|
-
// app groups commonly need 3-5 restarts before sidecar
|
|
2534
|
-
// dependencies' external port-publish settles.
|
|
2535
|
-
Attempts: 10,
|
|
2536
|
-
Interval: 600_000_000_000,
|
|
2537
|
-
Delay: 15_000_000_000,
|
|
2538
|
-
Mode: "fail",
|
|
2539
|
-
},
|
|
2540
|
-
Reschedule: {
|
|
2541
|
-
Attempts: 3,
|
|
2542
|
-
Interval: 3_600_000_000_000,
|
|
2543
|
-
Unlimited: false,
|
|
2544
|
-
},
|
|
2545
|
-
Update: {
|
|
2546
|
-
MaxParallel: 1,
|
|
2547
|
-
HealthCheck: "task_states",
|
|
2548
|
-
MinHealthyTime: 5_000_000_000,
|
|
2549
|
-
HealthyDeadline: 120_000_000_000,
|
|
2550
|
-
AutoRevert: false,
|
|
2551
|
-
},
|
|
2552
|
-
Tasks: tasks,
|
|
2553
|
-
}],
|
|
2554
|
-
},
|
|
2555
|
-
};
|
|
2556
|
-
if (materializedSpec._engine) {
|
|
2557
|
-
jobDef.Job = deepMerge(jobDef.Job, materializedSpec._engine.Job ?? materializedSpec._engine);
|
|
2558
|
-
}
|
|
2559
|
-
return jobDef;
|
|
2560
|
-
}
|
|
2561
|
-
// ── Alloc helpers ─────────────────────────────────────────────────────────
|
|
2562
|
-
async function getAllocs(appId) {
|
|
2563
|
-
const jid = jobId(appId);
|
|
2564
|
-
try {
|
|
2565
|
-
const resp = await nomadGet(`/v1/job/${jid}/allocations`);
|
|
2566
|
-
if (resp.status === 404)
|
|
2567
|
-
return [];
|
|
2568
|
-
const allocs = await resp.json();
|
|
2569
|
-
return allocs;
|
|
2570
|
-
}
|
|
2571
|
-
catch {
|
|
2572
|
-
return [];
|
|
2573
|
-
}
|
|
2574
|
-
}
|
|
2575
|
-
function pickLiveAlloc(allocs) {
|
|
2576
|
-
for (const clientStatus of ["running", "pending"]) {
|
|
2577
|
-
for (const alloc of allocs) {
|
|
2578
|
-
if (alloc.ClientStatus === clientStatus)
|
|
2579
|
-
return alloc;
|
|
2580
|
-
}
|
|
2581
|
-
}
|
|
2582
|
-
return null;
|
|
2583
|
-
}
|
|
2584
|
-
function pickLatestTerminalAlloc(allocs) {
|
|
2585
|
-
const terminalAllocs = allocs
|
|
2586
|
-
.filter((alloc) => alloc.ClientStatus !== "running" && alloc.ClientStatus !== "pending")
|
|
2587
|
-
.sort((left, right) => allocTimestamp(right) - allocTimestamp(left));
|
|
2588
|
-
return terminalAllocs[0] ?? null;
|
|
2589
|
-
}
|
|
2590
|
-
async function getAllocClientStatus(allocId) {
|
|
2591
|
-
if (!/^[a-f0-9-]+$/i.test(allocId))
|
|
2592
|
-
return null;
|
|
2593
|
-
try {
|
|
2594
|
-
const resp = await nomadGet(`/v1/allocation/${allocId}`);
|
|
2595
|
-
if (resp.status === 404 || !resp.ok)
|
|
2596
|
-
return null;
|
|
2597
|
-
const alloc = await resp.json();
|
|
2598
|
-
return typeof alloc?.ClientStatus === "string" ? alloc.ClientStatus : null;
|
|
2599
|
-
}
|
|
2600
|
-
catch {
|
|
2601
|
-
return null;
|
|
2602
|
-
}
|
|
2603
|
-
}
|
|
2604
|
-
async function waitForAllocationsToStop(allocIds, timeoutMs = 30_000, pollIntervalMs = 1_000) {
|
|
2605
|
-
const pending = new Set(allocIds.filter((allocId) => /^[a-f0-9-]+$/i.test(allocId)));
|
|
2606
|
-
if (pending.size === 0)
|
|
2607
|
-
return true;
|
|
2608
|
-
const deadline = Date.now() + timeoutMs;
|
|
2609
|
-
while (Date.now() < deadline) {
|
|
2610
|
-
for (const allocId of [...pending]) {
|
|
2611
|
-
const status = await getAllocClientStatus(allocId);
|
|
2612
|
-
if (status == null || (status !== "running" && status !== "pending")) {
|
|
2613
|
-
pending.delete(allocId);
|
|
2614
|
-
}
|
|
2615
|
-
}
|
|
2616
|
-
if (pending.size === 0)
|
|
2617
|
-
return true;
|
|
2618
|
-
await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
|
|
2619
|
-
}
|
|
2620
|
-
return pending.size === 0;
|
|
2621
|
-
}
|
|
2622
|
-
async function getAllocChecks(allocId) {
|
|
2623
|
-
try {
|
|
2624
|
-
const resp = await nomadGet(`/v1/allocation/${allocId}/checks`);
|
|
2625
|
-
if (resp.status === 404 || !resp.ok)
|
|
2626
|
-
return [];
|
|
2627
|
-
const checks = await resp.json();
|
|
2628
|
-
return Object.values(checks ?? {});
|
|
2629
|
-
}
|
|
2630
|
-
catch {
|
|
2631
|
-
return [];
|
|
2632
|
-
}
|
|
2633
|
-
}
|
|
2634
|
-
function taskNameForAllocCheck(check, taskNames, appId) {
|
|
2635
|
-
const checkName = String(check.Check ?? "");
|
|
2636
|
-
for (const taskName of taskNames) {
|
|
2637
|
-
if (checkName === `${taskName}-health` || checkName.startsWith(`${taskName}-`)) {
|
|
2638
|
-
return taskName;
|
|
2639
|
-
}
|
|
2640
|
-
}
|
|
2641
|
-
const serviceName = String(check.Service ?? "");
|
|
2642
|
-
if (taskNames.includes(serviceName))
|
|
2643
|
-
return serviceName;
|
|
2644
|
-
const appTaskPrefix = `${appId}-`;
|
|
2645
|
-
if (serviceName.startsWith(appTaskPrefix)) {
|
|
2646
|
-
const candidate = serviceName.slice(appTaskPrefix.length);
|
|
2647
|
-
if (taskNames.includes(candidate))
|
|
2648
|
-
return candidate;
|
|
2649
|
-
}
|
|
2650
|
-
return null;
|
|
2651
|
-
}
|
|
2652
|
-
function aggregateHealthStatus(checks) {
|
|
2653
|
-
const statuses = checks.map((check) => String(check.status ?? "unknown").toLowerCase());
|
|
2654
|
-
if (statuses.length === 0)
|
|
2655
|
-
return "unknown";
|
|
2656
|
-
const healthy = new Set(["success", "passing", "healthy"]);
|
|
2657
|
-
const unhealthy = new Set(["failure", "critical", "warning", "unhealthy"]);
|
|
2658
|
-
if (statuses.every((status) => healthy.has(status)))
|
|
2659
|
-
return "healthy";
|
|
2660
|
-
if (statuses.some((status) => unhealthy.has(status)))
|
|
2661
|
-
return "unhealthy";
|
|
2662
|
-
if (statuses.some((status) => status === "pending" || status === "unknown" || status === "")) {
|
|
2663
|
-
return "unknown";
|
|
2664
|
-
}
|
|
2665
|
-
return statuses[0];
|
|
2666
|
-
}
|
|
2667
|
-
UnifiedNomadJobs.aggregateHealthStatus = aggregateHealthStatus;
|
|
2668
|
-
async function getRunningAlloc(appId) {
|
|
2669
|
-
return pickLiveAlloc(await getAllocs(appId));
|
|
2670
|
-
}
|
|
2671
|
-
// ── Public API ────────────────────────────────────────────────────────────
|
|
2672
|
-
/**
|
|
2673
|
-
* Returns true if this app job exists in Nomad and was NOT explicitly stopped.
|
|
2674
|
-
* Used at JishuShell startup to auto-restart apps that were running before reboot.
|
|
2675
|
-
*/
|
|
2676
|
-
async function shouldAutoStart(appId) {
|
|
2677
|
-
const jid = jobId(appId);
|
|
2678
|
-
try {
|
|
2679
|
-
const resp = await nomadGet(`/v1/job/${jid}`);
|
|
2680
|
-
if (!resp.ok || resp.status === 404)
|
|
2681
|
-
return false;
|
|
2682
|
-
const job = await resp.json();
|
|
2683
|
-
return job.Stop === false && job.Status !== "dead";
|
|
2684
|
-
}
|
|
2685
|
-
catch {
|
|
2686
|
-
return false;
|
|
2687
|
-
}
|
|
2688
|
-
}
|
|
2689
|
-
UnifiedNomadJobs.shouldAutoStart = shouldAutoStart;
|
|
2690
|
-
/**
|
|
2691
|
-
* Get the aggregated status of an app job.
|
|
2692
|
-
*
|
|
2693
|
-
* @param appId App instance ID.
|
|
2694
|
-
* @param primaryTask Task name to use for uptime/restarts summary.
|
|
2695
|
-
* Defaults to the first service task in the spec.
|
|
2696
|
-
* If omitted, the first task state found is used.
|
|
2697
|
-
*/
|
|
2698
|
-
async function getAppStatus(appId, primaryTask) {
|
|
2699
|
-
const jid = jobId(appId);
|
|
2700
|
-
const stopped = {
|
|
2701
|
-
status: "stopped",
|
|
2702
|
-
tasks: {},
|
|
2703
|
-
pid: null,
|
|
2704
|
-
uptime: null,
|
|
2705
|
-
memory_mb: null,
|
|
2706
|
-
cpu_percent: null,
|
|
2707
|
-
restarts: 0,
|
|
2708
|
-
};
|
|
2709
|
-
try {
|
|
2710
|
-
const resp = await nomadGet(`/v1/job/${jid}`);
|
|
2711
|
-
if (resp.status === 404)
|
|
2712
|
-
return stopped;
|
|
2713
|
-
const job = await resp.json();
|
|
2714
|
-
if (job.Stop)
|
|
2715
|
-
return stopped;
|
|
2716
|
-
}
|
|
2717
|
-
catch {
|
|
2718
|
-
return { ...stopped, status: "unknown", error: "Nomad unreachable" };
|
|
2719
|
-
}
|
|
2720
|
-
const allocs = await getAllocs(appId);
|
|
2721
|
-
const alloc = pickLiveAlloc(allocs) ?? pickLatestTerminalAlloc(allocs);
|
|
2722
|
-
// When Nomad has no allocation (e.g. raw_exec driver disabled), fall back to
|
|
2723
|
-
// external process detection for process-runtime apps.
|
|
2724
|
-
if (!alloc || alloc.ClientStatus === "pending") {
|
|
2725
|
-
const ext = await inspectExternalProcessApp(appId);
|
|
2726
|
-
if (ext.detected && ext.status)
|
|
2727
|
-
return ext.status;
|
|
2728
|
-
if (!alloc)
|
|
2729
|
-
return { ...stopped, status: "pending" };
|
|
2730
|
-
}
|
|
2731
|
-
const allocId = alloc.ID;
|
|
2732
|
-
const taskStates = alloc.TaskStates ?? {};
|
|
2733
|
-
// Build per-task summary
|
|
2734
|
-
const tasks = {};
|
|
2735
|
-
for (const [name, state] of Object.entries(taskStates)) {
|
|
2736
|
-
const s = state;
|
|
2737
|
-
tasks[name] = {
|
|
2738
|
-
state: s.State ?? "unknown",
|
|
2739
|
-
restarts: s.Restarts ?? 0,
|
|
2740
|
-
started_at: s.StartedAt ?? undefined,
|
|
2741
|
-
};
|
|
2742
|
-
}
|
|
2743
|
-
const allocChecks = await getAllocChecks(allocId);
|
|
2744
|
-
const taskNames = Object.keys(tasks);
|
|
2745
|
-
for (const check of allocChecks) {
|
|
2746
|
-
const taskName = taskNameForAllocCheck(check, taskNames, appId);
|
|
2747
|
-
if (!taskName || !tasks[taskName])
|
|
2748
|
-
continue;
|
|
2749
|
-
tasks[taskName].health_checks ??= [];
|
|
2750
|
-
tasks[taskName].health_checks.push({
|
|
2751
|
-
name: String(check.Check ?? "health"),
|
|
2752
|
-
status: String(check.Status ?? "unknown"),
|
|
2753
|
-
...(typeof check.Service === "string" ? { service: check.Service } : {}),
|
|
2754
|
-
...(typeof check.Output === "string" && check.Output ? { output: check.Output } : {}),
|
|
2755
|
-
});
|
|
2756
|
-
}
|
|
2757
|
-
for (const task of Object.values(tasks)) {
|
|
2758
|
-
if (task.health_checks?.length) {
|
|
2759
|
-
task.health_status = aggregateHealthStatus(task.health_checks);
|
|
2760
|
-
}
|
|
2761
|
-
}
|
|
2762
|
-
// Determine primary task for aggregated stats
|
|
2763
|
-
const ptName = primaryTask ?? Object.keys(tasks)[0] ?? "";
|
|
2764
|
-
const pt = tasks[ptName] ?? {};
|
|
2765
|
-
const result = {
|
|
2766
|
-
status: alloc.ClientStatus ?? "unknown",
|
|
2767
|
-
alloc_id: allocId,
|
|
2768
|
-
tasks,
|
|
2769
|
-
pid: null,
|
|
2770
|
-
uptime: null,
|
|
2771
|
-
memory_mb: null,
|
|
2772
|
-
cpu_percent: null,
|
|
2773
|
-
restarts: pt.restarts ?? 0,
|
|
2774
|
-
};
|
|
2775
|
-
// Uptime from primary task's StartedAt
|
|
2776
|
-
if (pt.started_at) {
|
|
2777
|
-
try {
|
|
2778
|
-
result.uptime = Math.floor((Date.now() - new Date(pt.started_at).getTime()) / 1000);
|
|
2779
|
-
}
|
|
2780
|
-
catch { /* ignore */ }
|
|
2781
|
-
}
|
|
2782
|
-
// Resource stats from Nomad alloc stats API
|
|
2783
|
-
try {
|
|
2784
|
-
const statsResp = await nomadGet(`/v1/client/allocation/${allocId}/stats`);
|
|
2785
|
-
if (statsResp.ok) {
|
|
2786
|
-
const stats = await statsResp.json();
|
|
2787
|
-
// raw_exec: stats nested under Tasks.<name>; docker: top-level ResourceUsage
|
|
2788
|
-
const taskStats = (ptName ? stats.Tasks?.[ptName]?.ResourceUsage : null) ??
|
|
2789
|
-
stats.ResourceUsage ??
|
|
2790
|
-
{};
|
|
2791
|
-
const memStats = taskStats.MemoryStats ?? {};
|
|
2792
|
-
const cpuStats = taskStats.CpuStats ?? {};
|
|
2793
|
-
const memBytes = memStats.RSS ?? memStats.Usage ?? 0;
|
|
2794
|
-
result.memory_mb = Math.round((memBytes / (1024 * 1024)) * 10) / 10;
|
|
2795
|
-
result.cpu_percent = Math.round((cpuStats.Percent ?? 0) * 10) / 10;
|
|
2796
|
-
}
|
|
2797
|
-
}
|
|
2798
|
-
catch { /* ignore */ }
|
|
2799
|
-
// Fallback: cgroup v2 (Pi / CIX) → Nomad alloc-stats are zero. Use the
|
|
2800
|
-
// shared cached `docker stats` snapshot rather than forking per-instance.
|
|
2801
|
-
if (!result.memory_mb && allocId && ptName && /^[a-f0-9-]+$/i.test(allocId)) {
|
|
2802
|
-
const containerName = `${ptName}-${allocId}`;
|
|
2803
|
-
const stat = (await getDockerMemSnapshot()).get(containerName);
|
|
2804
|
-
if (stat) {
|
|
2805
|
-
if (stat.memory_mb)
|
|
2806
|
-
result.memory_mb = stat.memory_mb;
|
|
2807
|
-
if (!result.cpu_percent && stat.cpu_percent)
|
|
2808
|
-
result.cpu_percent = stat.cpu_percent;
|
|
2809
|
-
}
|
|
2810
|
-
}
|
|
2811
|
-
return result;
|
|
2812
|
-
}
|
|
2813
|
-
UnifiedNomadJobs.getAppStatus = getAppStatus;
|
|
2814
|
-
// ── Driver health check + auto-restart ────────────────────────────────────
|
|
2815
|
-
/**
|
|
2816
|
-
* Check whether a Nomad task driver is healthy on the local node.
|
|
2817
|
-
* Returns true if the driver is both detected and healthy.
|
|
2818
|
-
*/
|
|
2819
|
-
async function isNomadDriverHealthy(driverName) {
|
|
2820
|
-
try {
|
|
2821
|
-
const nodesResp = await nomadGet("/v1/nodes");
|
|
2822
|
-
if (!nodesResp.ok)
|
|
2823
|
-
return true; // assume healthy if we can't check
|
|
2824
|
-
const nodes = await nodesResp.json();
|
|
2825
|
-
if (nodes.length === 0)
|
|
2826
|
-
return true;
|
|
2827
|
-
const nodeId = nodes[0]?.ID;
|
|
2828
|
-
if (!nodeId)
|
|
2829
|
-
return true;
|
|
2830
|
-
const nodeResp = await nomadGet(`/v1/node/${nodeId}`);
|
|
2831
|
-
if (!nodeResp.ok)
|
|
2832
|
-
return true;
|
|
2833
|
-
const node = await nodeResp.json();
|
|
2834
|
-
const driver = node.Drivers?.[driverName];
|
|
2835
|
-
if (!driver)
|
|
2836
|
-
return false;
|
|
2837
|
-
return driver.Detected === true && driver.Healthy === true;
|
|
2838
|
-
}
|
|
2839
|
-
catch {
|
|
2840
|
-
return true; // don't block on transient errors
|
|
2841
|
-
}
|
|
2842
|
-
}
|
|
2843
|
-
/**
|
|
2844
|
-
* If the required Nomad driver is not healthy, restart Nomad so it picks up
|
|
2845
|
-
* the current config (e.g. raw_exec enabled = true). Driver plugin changes
|
|
2846
|
-
* require a full Nomad agent restart — SIGHUP / reload API are insufficient.
|
|
2847
|
-
*
|
|
2848
|
-
* Returns true if the driver is healthy (possibly after restart), false if it
|
|
2849
|
-
* could not be made healthy.
|
|
2850
|
-
*/
|
|
2851
|
-
async function ensureNomadDriverHealthy(driverName) {
|
|
2852
|
-
if (await isNomadDriverHealthy(driverName))
|
|
2853
|
-
return true;
|
|
2854
|
-
console.warn(`[nomad] Driver "${driverName}" is not healthy — restarting Nomad to apply config…`);
|
|
2855
|
-
try {
|
|
2856
|
-
const { stopNomad, startNomad } = await import("./setup-manager.js");
|
|
2857
|
-
const stopResult = await stopNomad();
|
|
2858
|
-
if (!stopResult.ok) {
|
|
2859
|
-
console.warn(`[nomad] Nomad stop failed: ${stopResult.error}`);
|
|
2860
|
-
}
|
|
2861
|
-
const startResult = await startNomad();
|
|
2862
|
-
if (!startResult.ok) {
|
|
2863
|
-
console.warn(`[nomad] Nomad start failed: ${startResult.error}`);
|
|
2864
|
-
return false;
|
|
2865
|
-
}
|
|
2866
|
-
// Wait up to 15s for the driver to become healthy after restart
|
|
2867
|
-
for (let i = 0; i < 15; i++) {
|
|
2868
|
-
await new Promise((r) => setTimeout(r, 1_000));
|
|
2869
|
-
if (await isNomadDriverHealthy(driverName))
|
|
2870
|
-
return true;
|
|
2871
|
-
}
|
|
2872
|
-
console.warn(`[nomad] Driver "${driverName}" still unhealthy after Nomad restart`);
|
|
2873
|
-
return false;
|
|
2874
|
-
}
|
|
2875
|
-
catch (e) {
|
|
2876
|
-
console.warn(`[nomad] Failed to restart Nomad: ${e.message}`);
|
|
2877
|
-
return false;
|
|
2878
|
-
}
|
|
2879
|
-
}
|
|
2880
|
-
/**
|
|
2881
|
-
* Submit a Nomad job for an app.
|
|
2882
|
-
*
|
|
2883
|
-
* @param spec Validated AppSpec.
|
|
2884
|
-
* @param appId Unique instance ID (job name suffix).
|
|
2885
|
-
* @param extraEnv Env vars injected into every task (e.g. resolved capability addresses).
|
|
2886
|
-
*/
|
|
2887
|
-
async function startAppJob(spec, appId, extraEnv = {}) {
|
|
2888
|
-
const status = await getAppStatus(appId);
|
|
2889
|
-
const adoptedExternal = await buildExternalAdoptedSpec(appId, spec);
|
|
2890
|
-
if (adoptedExternal.conflicts.length > 0) {
|
|
2891
|
-
return { ok: false, error: adoptedExternal.conflicts.join("; ") };
|
|
2892
|
-
}
|
|
2893
|
-
let effectiveSpec = applyPersistedAppSpecPortOverrides(appId, adoptedExternal.spec);
|
|
2894
|
-
// Validate all images before submitting
|
|
2895
|
-
for (const task of effectiveSpec.tasks) {
|
|
2896
|
-
if (task.runtime === "container") {
|
|
2897
|
-
if (!task.image || !UnifiedNomadJobs.DOCKER_IMAGE_RE.test(task.image) || task.image.length > UnifiedNomadJobs.MAX_DOCKER_IMAGE_NAME_LEN) {
|
|
2898
|
-
return { ok: false, error: `Task "${task.name}": invalid docker image "${task.image ?? ""}"` };
|
|
2899
|
-
}
|
|
2900
|
-
}
|
|
2901
|
-
}
|
|
2902
|
-
// Determine predominant driver (first service task wins)
|
|
2903
|
-
const primaryTask = effectiveSpec.tasks.find((t) => (t.role ?? "service") === "service") ?? effectiveSpec.tasks[0];
|
|
2904
|
-
const driver = primaryTask?.runtime === "container" ? "docker" : "raw_exec";
|
|
2905
|
-
// Ensure the required Nomad driver is healthy; restart Nomad if needed.
|
|
2906
|
-
const driverOk = await ensureNomadDriverHealthy(driver);
|
|
2907
|
-
if (!driverOk) {
|
|
2908
|
-
if (driver === "raw_exec") {
|
|
2909
|
-
const rawExecError = await validateRawExecDriverAvailability();
|
|
2910
|
-
if (rawExecError) {
|
|
2911
|
-
return { ok: false, error: rawExecError };
|
|
2912
|
-
}
|
|
2913
|
-
}
|
|
2914
|
-
return { ok: false, error: `Nomad driver "${driver}" is not available. Check Nomad configuration and restart Nomad.` };
|
|
2915
|
-
}
|
|
2916
|
-
const hostNetworkError = await validateRequiredHostNetworks(effectiveSpec);
|
|
2917
|
-
if (hostNetworkError) {
|
|
2918
|
-
return { ok: false, error: hostNetworkError };
|
|
2919
|
-
}
|
|
2920
|
-
if (driver === "docker") {
|
|
2921
|
-
const preflight = await maybeReallocateAppSpecHostPort(appId, effectiveSpec, "host_port_busy");
|
|
2922
|
-
if (preflight.error)
|
|
2923
|
-
return { ok: false, error: preflight.error };
|
|
2924
|
-
effectiveSpec = preflight.spec;
|
|
2925
|
-
}
|
|
2926
|
-
for (let attempt = 0; attempt < 2; attempt++) {
|
|
2927
|
-
let jobDef;
|
|
2928
|
-
try {
|
|
2929
|
-
jobDef = buildAppJob(effectiveSpec, appId, driver, extraEnv);
|
|
2930
|
-
}
|
|
2931
|
-
catch (e) {
|
|
2932
|
-
return { ok: false, error: `Job build failed: ${e.message}` };
|
|
2933
|
-
}
|
|
2934
|
-
let submitError = null;
|
|
2935
|
-
let netErr = false;
|
|
2936
|
-
try {
|
|
2937
|
-
const resp = await nomadPost("/v1/jobs", jobDef);
|
|
2938
|
-
if (resp.ok) {
|
|
2939
|
-
const data = await resp.json();
|
|
2940
|
-
// When the app was previously failed, verify it actually transitions
|
|
2941
|
-
// away from the failed state rather than reporting false success.
|
|
2942
|
-
if (status.status === "failed") {
|
|
2943
|
-
const recovered = await waitForRecovery(appId, 15_000, 2_000);
|
|
2944
|
-
if (!recovered) {
|
|
2945
|
-
return { ok: false, error: "App start submitted but instance remains in failed state. Check app logs for details.", eval_id: data.EvalID };
|
|
2946
|
-
}
|
|
2947
|
-
}
|
|
2948
|
-
return { ok: true, eval_id: data.EvalID };
|
|
2949
|
-
}
|
|
2950
|
-
submitError = await resp.text();
|
|
2951
|
-
}
|
|
2952
|
-
catch (e) {
|
|
2953
|
-
netErr = e?.message === "fetch failed" || e?.cause?.code === "ECONNREFUSED";
|
|
2954
|
-
submitError = netErr ? `Nomad 服务不可达 (${getNomadAddr()}),请先启动 Nomad` : e.message;
|
|
2955
|
-
}
|
|
2956
|
-
if (attempt === 0 && driver === "docker" && !netErr) {
|
|
2957
|
-
const retry = await maybeReallocateAppSpecHostPort(appId, effectiveSpec, "docker_race");
|
|
2958
|
-
if (retry.error)
|
|
2959
|
-
return { ok: false, error: retry.error };
|
|
2960
|
-
if (retry.changed) {
|
|
2961
|
-
effectiveSpec = retry.spec;
|
|
2962
|
-
continue;
|
|
2963
|
-
}
|
|
2964
|
-
}
|
|
2965
|
-
return { ok: false, error: submitError ?? "unknown error" };
|
|
2966
|
-
}
|
|
2967
|
-
return { ok: false, error: "start retry exhausted" };
|
|
2968
|
-
}
|
|
2969
|
-
UnifiedNomadJobs.startAppJob = startAppJob;
|
|
2970
|
-
/**
|
|
2971
|
-
* Poll until the app job reaches "running" status or times out.
|
|
2972
|
-
* Returns true if the job is running, false if timed out.
|
|
2973
|
-
*/
|
|
2974
|
-
async function waitForRunning(appId, timeoutMs = 120_000, pollIntervalMs = 3_000) {
|
|
2975
|
-
const deadline = Date.now() + timeoutMs;
|
|
2976
|
-
while (Date.now() < deadline) {
|
|
2977
|
-
const status = await getAppStatus(appId);
|
|
2978
|
-
if (status.status === "running")
|
|
2979
|
-
return true;
|
|
2980
|
-
if (status.status === "dead" || status.status === "failed")
|
|
2981
|
-
return false;
|
|
2982
|
-
await new Promise((r) => setTimeout(r, pollIntervalMs));
|
|
2983
|
-
}
|
|
2984
|
-
return false;
|
|
2985
|
-
}
|
|
2986
|
-
UnifiedNomadJobs.waitForRunning = waitForRunning;
|
|
2987
|
-
/**
|
|
2988
|
-
* Poll until the app job leaves the "failed" state or times out.
|
|
2989
|
-
* Used after start submission to verify actual recovery before reporting success.
|
|
2990
|
-
* Returns true if the app transitions away from "failed" (to pending/running/etc).
|
|
2991
|
-
*/
|
|
2992
|
-
async function waitForRecovery(appId, timeoutMs = 15_000, pollIntervalMs = 2_000) {
|
|
2993
|
-
const deadline = Date.now() + timeoutMs;
|
|
2994
|
-
while (Date.now() < deadline) {
|
|
2995
|
-
await new Promise((r) => setTimeout(r, pollIntervalMs));
|
|
2996
|
-
const status = await getAppStatus(appId);
|
|
2997
|
-
if (status.status !== "failed")
|
|
2998
|
-
return true;
|
|
2999
|
-
}
|
|
3000
|
-
return false;
|
|
3001
|
-
}
|
|
3002
|
-
async function checkDependencies(spec) {
|
|
3003
|
-
if (!spec.depends_on || Object.keys(spec.depends_on).length === 0) {
|
|
3004
|
-
return { ok: true, errors: [] };
|
|
3005
|
-
}
|
|
3006
|
-
const errors = [];
|
|
3007
|
-
for (const [depId, dep] of Object.entries(spec.depends_on)) {
|
|
3008
|
-
const status = await getAppStatus(depId);
|
|
3009
|
-
const condition = dep.condition ?? "started";
|
|
3010
|
-
const required = dep.required !== false;
|
|
3011
|
-
let satisfied = false;
|
|
3012
|
-
if (condition === "started") {
|
|
3013
|
-
satisfied = status.status !== "stopped" && status.status !== "unknown";
|
|
3014
|
-
}
|
|
3015
|
-
else if (condition === "healthy") {
|
|
3016
|
-
satisfied = status.status === "running";
|
|
3017
|
-
}
|
|
3018
|
-
else if (condition === "completed") {
|
|
3019
|
-
satisfied = status.status === "dead";
|
|
3020
|
-
}
|
|
3021
|
-
if (!satisfied) {
|
|
3022
|
-
const msg = `Dependency "${depId}" not satisfied (need: ${condition}, got: ${status.status})`;
|
|
3023
|
-
if (required) {
|
|
3024
|
-
errors.push(msg);
|
|
3025
|
-
}
|
|
3026
|
-
else {
|
|
3027
|
-
console.warn(` [depends_on] ${msg} (optional, continuing)`);
|
|
3028
|
-
}
|
|
3029
|
-
}
|
|
3030
|
-
}
|
|
3031
|
-
return { ok: errors.length === 0, errors };
|
|
3032
|
-
}
|
|
3033
|
-
UnifiedNomadJobs.checkDependencies = checkDependencies;
|
|
3034
|
-
/**
|
|
3035
|
-
* Stop (and optionally purge) a Nomad app job.
|
|
3036
|
-
*/
|
|
3037
|
-
async function stopAppJob(appId, purge = false) {
|
|
3038
|
-
const jid = jobId(appId);
|
|
3039
|
-
const liveAllocIds = (await getAllocs(appId))
|
|
3040
|
-
.filter((alloc) => alloc?.ID && (alloc.ClientStatus === "running" || alloc.ClientStatus === "pending"))
|
|
3041
|
-
.map((alloc) => String(alloc.ID));
|
|
3042
|
-
let nomadStopped = false;
|
|
3043
|
-
let appMissing = false;
|
|
3044
|
-
let nomadError;
|
|
3045
|
-
try {
|
|
3046
|
-
const resp = await nomadDelete(`/v1/job/${jid}?purge=${purge}`);
|
|
3047
|
-
nomadStopped = resp.ok;
|
|
3048
|
-
appMissing = resp.status === 404;
|
|
3049
|
-
if (!resp.ok && !appMissing) {
|
|
3050
|
-
nomadError = await resp.text();
|
|
3051
|
-
}
|
|
3052
|
-
}
|
|
3053
|
-
catch (e) {
|
|
3054
|
-
const isNetErr = e?.message === "fetch failed" || e?.cause?.code === "ECONNREFUSED";
|
|
3055
|
-
nomadError = isNetErr
|
|
3056
|
-
? `Nomad 服务不可达 (${getNomadAddr()}),请先启动 Nomad`
|
|
3057
|
-
: e.message;
|
|
3058
|
-
}
|
|
3059
|
-
const externalStop = await stopExternalProcessApp(appId);
|
|
3060
|
-
if (!externalStop.ok) {
|
|
3061
|
-
return {
|
|
3062
|
-
ok: false,
|
|
3063
|
-
error: nomadError ? `${nomadError}; ${externalStop.error}` : externalStop.error,
|
|
3064
|
-
};
|
|
3065
|
-
}
|
|
3066
|
-
if (nomadStopped) {
|
|
3067
|
-
const allocsStopped = await waitForAllocationsToStop(liveAllocIds);
|
|
3068
|
-
if (!allocsStopped) {
|
|
3069
|
-
const lingeringAlloc = await getRunningAlloc(appId);
|
|
3070
|
-
if (!lingeringAlloc) {
|
|
3071
|
-
return { ok: true };
|
|
3072
|
-
}
|
|
3073
|
-
return { ok: false, error: `App '${appId}' allocations did not stop in time` };
|
|
3074
|
-
}
|
|
3075
|
-
return { ok: true };
|
|
3076
|
-
}
|
|
3077
|
-
if (nomadError)
|
|
3078
|
-
return { ok: false, error: nomadError };
|
|
3079
|
-
if (appMissing) {
|
|
3080
|
-
return externalStop.detected ? { ok: true } : { ok: false, error: "App is not running" };
|
|
3081
|
-
}
|
|
3082
|
-
return { ok: true };
|
|
3083
|
-
}
|
|
3084
|
-
UnifiedNomadJobs.stopAppJob = stopAppJob;
|
|
3085
|
-
/**
|
|
3086
|
-
* Restart a running app job.
|
|
3087
|
-
* Prefers native Nomad allocation restart to preserve alloc history.
|
|
3088
|
-
* Falls back to stop + re-submit when no AppSpec is available for re-submit.
|
|
3089
|
-
*
|
|
3090
|
-
* @param appId App instance ID.
|
|
3091
|
-
* @param primaryTask Task name to restart. Defaults to the first task.
|
|
3092
|
-
*/
|
|
3093
|
-
async function restartAppJob(appId, primaryTask) {
|
|
3094
|
-
const alloc = await getRunningAlloc(appId);
|
|
3095
|
-
if (alloc) {
|
|
3096
|
-
try {
|
|
3097
|
-
// Native Nomad allocation restart — preserves alloc history.
|
|
3098
|
-
const resp = await nomadPut(`/v1/client/allocation/${alloc.ID}/restart`, {
|
|
3099
|
-
TaskName: primaryTask ?? "",
|
|
3100
|
-
AllTasks: !primaryTask,
|
|
3101
|
-
});
|
|
3102
|
-
if (resp.ok)
|
|
3103
|
-
return { ok: true, alloc_id: alloc.ID };
|
|
3104
|
-
const errText = await resp.text();
|
|
3105
|
-
console.warn(`[nomad] Native restart failed for app ${appId} (HTTP ${resp.status}): ${errText}` +
|
|
3106
|
-
" — falling back to stop+start");
|
|
3107
|
-
}
|
|
3108
|
-
catch (e) {
|
|
3109
|
-
console.warn(`[nomad] Native restart error for app ${appId}: ${e.message}` +
|
|
3110
|
-
" — falling back to stop+start");
|
|
3111
|
-
}
|
|
3112
|
-
}
|
|
3113
|
-
// Fallback: stop then re-start. Caller must re-call startAppJob with spec.
|
|
3114
|
-
// This path is intentionally not self-contained because we don't cache the
|
|
3115
|
-
// AppSpec here — app-manager owns the spec and should call startAppJob.
|
|
3116
|
-
const stopResult = await stopAppJob(appId);
|
|
3117
|
-
if (!stopResult.ok && stopResult.error !== "App is not running") {
|
|
3118
|
-
return stopResult;
|
|
3119
|
-
}
|
|
3120
|
-
return { ok: false, error: "restart_requires_resubmit" };
|
|
3121
|
-
}
|
|
3122
|
-
UnifiedNomadJobs.restartAppJob = restartAppJob;
|
|
3123
|
-
/**
|
|
3124
|
-
* Fetch recent log lines for a task in an app job.
|
|
3125
|
-
*
|
|
3126
|
-
* @param appId App instance ID.
|
|
3127
|
-
* @param taskName Nomad task name (task.name from AppSpec).
|
|
3128
|
-
* @param lines Number of lines to return (default 200).
|
|
3129
|
-
* @param logType "stdout" | "stderr" (default "stderr").
|
|
3130
|
-
*/
|
|
3131
|
-
async function getAppLogs(appId, taskName = "", lines = 200, logType = "stderr") {
|
|
3132
|
-
if (!UnifiedNomadJobs.VALID_LOG_TYPES.has(logType))
|
|
3133
|
-
logType = "stderr";
|
|
3134
|
-
let alloc = await getRunningAlloc(appId);
|
|
3135
|
-
// If no running alloc, try the most recent alloc (for post-mortem logs).
|
|
3136
|
-
if (!alloc) {
|
|
3137
|
-
const jid = jobId(appId);
|
|
3138
|
-
try {
|
|
3139
|
-
const resp = await nomadGet(`/v1/job/${jid}/allocations`);
|
|
3140
|
-
if (resp.ok) {
|
|
3141
|
-
const allocs = await resp.json();
|
|
3142
|
-
if (allocs.length) {
|
|
3143
|
-
alloc = allocs.sort((a, b) => (b.CreateIndex ?? 0) - (a.CreateIndex ?? 0))[0];
|
|
3144
|
-
}
|
|
3145
|
-
}
|
|
3146
|
-
}
|
|
3147
|
-
catch { /* ignore */ }
|
|
3148
|
-
}
|
|
3149
|
-
if (!alloc)
|
|
3150
|
-
return [];
|
|
3151
|
-
const resolvedTask = taskName || (Object.keys(alloc.TaskStates ?? {})[0] ?? "");
|
|
3152
|
-
if (!resolvedTask)
|
|
3153
|
-
return [];
|
|
3154
|
-
// Primary: Nomad log API (works for both docker and raw_exec).
|
|
3155
|
-
try {
|
|
3156
|
-
const params = new URLSearchParams({
|
|
3157
|
-
task: resolvedTask,
|
|
3158
|
-
type: logType,
|
|
3159
|
-
plain: "true",
|
|
3160
|
-
origin: "end",
|
|
3161
|
-
offset: String(Math.max(lines * 512, 100_000)),
|
|
3162
|
-
follow: "false",
|
|
3163
|
-
});
|
|
3164
|
-
const resp = await nomadGet(`/v1/client/fs/logs/${alloc.ID}?${params}`);
|
|
3165
|
-
if (resp.ok) {
|
|
3166
|
-
const text = await resp.text();
|
|
3167
|
-
const trimmed = text.trim();
|
|
3168
|
-
if (trimmed)
|
|
3169
|
-
return trimmed.split("\n").slice(-lines);
|
|
3170
|
-
}
|
|
3171
|
-
}
|
|
3172
|
-
catch { /* ignore */ }
|
|
3173
|
-
if (!/^[a-f0-9-]+$/i.test(alloc.ID))
|
|
3174
|
-
return [];
|
|
3175
|
-
const dockerLogLines = await readDockerStreamLogs(`${resolvedTask}-${alloc.ID}`, lines, logType);
|
|
3176
|
-
if (dockerLogLines.length > 0)
|
|
3177
|
-
return dockerLogLines;
|
|
3178
|
-
return [];
|
|
3179
|
-
}
|
|
3180
|
-
UnifiedNomadJobs.getAppLogs = getAppLogs;
|
|
3181
|
-
// ── Nomad WebSocket exec ─────────────────────────────────────────────────
|
|
3182
|
-
/**
|
|
3183
|
-
* Execute a command inside a running task via Nomad's WebSocket exec API.
|
|
3184
|
-
* Works for both `docker` and `raw_exec` tasks — Nomad proxies the exec
|
|
3185
|
-
* through the allocation without requiring direct Docker socket access.
|
|
3186
|
-
*
|
|
3187
|
-
* Protocol (https://developer.hashicorp.com/nomad/api-docs/client#stream-file):
|
|
3188
|
-
* - Upgrade: GET /v1/client/allocation/{id}/exec → 101 Switching Protocols
|
|
3189
|
-
* - Send stdin frames: {"stdin":{"data":"<base64>"}}
|
|
3190
|
-
* - Close stdin: {"stdin":{"close":true}}
|
|
3191
|
-
* - Recv stdout frames: {"stdout":{"data":"<base64>"}}
|
|
3192
|
-
* - Recv stderr frames: {"stderr":{"data":"<base64>"}}
|
|
3193
|
-
* - Recv exit frame: {"exited":true,"result":{"exit_code":0}}
|
|
3194
|
-
*
|
|
3195
|
-
* Authentication: Nomad token is passed as a query parameter because the
|
|
3196
|
-
* native WebSocket API (Node.js ≥21) does not support custom headers.
|
|
3197
|
-
*
|
|
3198
|
-
* @param allocId Nomad allocation UUID.
|
|
3199
|
-
* @param taskName Task name within the allocation.
|
|
3200
|
-
* @param command Command + args array.
|
|
3201
|
-
* @param stdin Optional stdin data to pipe in.
|
|
3202
|
-
* @param timeoutMs Execution timeout in ms (default 120 s).
|
|
3203
|
-
*/
|
|
3204
|
-
async function nomadWsExec(allocId, taskName, command, stdin, timeoutMs = 120_000) {
|
|
3205
|
-
return nomadWsExecStream(allocId, taskName, command, stdin, {}, timeoutMs);
|
|
3206
|
-
}
|
|
3207
|
-
function emitStreamChunk(handler, decoder, data) {
|
|
3208
|
-
const chunk = typeof data === "string" ? data : decoder.write(data);
|
|
3209
|
-
if (chunk)
|
|
3210
|
-
handler?.(chunk);
|
|
3211
|
-
return chunk;
|
|
3212
|
-
}
|
|
3213
|
-
function flushStreamChunk(handler, decoder) {
|
|
3214
|
-
const chunk = decoder.end();
|
|
3215
|
-
if (chunk)
|
|
3216
|
-
handler?.(chunk);
|
|
3217
|
-
return chunk;
|
|
3218
|
-
}
|
|
3219
|
-
async function streamSpawnedExec(file, args, handlers, timeoutMs, options) {
|
|
3220
|
-
return new Promise((resolve) => {
|
|
3221
|
-
const stdoutDecoder = new StringDecoder("utf8");
|
|
3222
|
-
const stderrDecoder = new StringDecoder("utf8");
|
|
3223
|
-
let stdoutBuf = "";
|
|
3224
|
-
let stderrBuf = "";
|
|
3225
|
-
let settled = false;
|
|
3226
|
-
const settle = (exitCode) => {
|
|
3227
|
-
if (settled)
|
|
3228
|
-
return;
|
|
3229
|
-
settled = true;
|
|
3230
|
-
stdoutBuf += flushStreamChunk(handlers.onStdout, stdoutDecoder);
|
|
3231
|
-
stderrBuf += flushStreamChunk(handlers.onStderr, stderrDecoder);
|
|
3232
|
-
resolve({ stdout: stdoutBuf, stderr: stderrBuf, exitCode });
|
|
3233
|
-
};
|
|
3234
|
-
const child = spawn(file, args, {
|
|
3235
|
-
...options,
|
|
3236
|
-
stdio: ["ignore", "pipe", "pipe"],
|
|
3237
|
-
timeout: timeoutMs,
|
|
3238
|
-
});
|
|
3239
|
-
child.stdout?.on("data", (data) => {
|
|
3240
|
-
stdoutBuf += emitStreamChunk(handlers.onStdout, stdoutDecoder, data);
|
|
3241
|
-
});
|
|
3242
|
-
child.stderr?.on("data", (data) => {
|
|
3243
|
-
stderrBuf += emitStreamChunk(handlers.onStderr, stderrDecoder, data);
|
|
3244
|
-
});
|
|
3245
|
-
child.on("error", (error) => {
|
|
3246
|
-
const message = error.message || String(error);
|
|
3247
|
-
stderrBuf += message;
|
|
3248
|
-
handlers.onStderr?.(message);
|
|
3249
|
-
settle(error.code === "ENOENT" ? 127 : 1);
|
|
3250
|
-
});
|
|
3251
|
-
child.on("close", (code) => {
|
|
3252
|
-
settle(code ?? 1);
|
|
3253
|
-
});
|
|
3254
|
-
});
|
|
3255
|
-
}
|
|
3256
|
-
async function nomadWsExecStream(allocId, taskName, command, stdin, handlers, timeoutMs = 120_000) {
|
|
3257
|
-
const nomadAddr = getNomadAddr();
|
|
3258
|
-
// Convert http(s) → ws(s) for the WebSocket URL.
|
|
3259
|
-
const wsBase = nomadAddr.replace(/^http/, "ws");
|
|
3260
|
-
const params = new URLSearchParams({
|
|
3261
|
-
task: taskName,
|
|
3262
|
-
command: JSON.stringify(command),
|
|
3263
|
-
tty: "false",
|
|
3264
|
-
});
|
|
3265
|
-
// Native WebSocket does not support custom request headers;
|
|
3266
|
-
// Nomad also accepts the token as a query parameter.
|
|
3267
|
-
const token = getNomadToken();
|
|
3268
|
-
if (token)
|
|
3269
|
-
params.set("token", token);
|
|
3270
|
-
const url = `${wsBase}/v1/client/allocation/${allocId}/exec?${params}`;
|
|
3271
|
-
return new Promise((resolve, reject) => {
|
|
3272
|
-
// Node.js ≥21 ships a global WebSocket; engines field requires ≥22.
|
|
3273
|
-
const ws = new WebSocket(url);
|
|
3274
|
-
let stdoutBuf = "";
|
|
3275
|
-
let stderrBuf = "";
|
|
3276
|
-
let exitCode = 1;
|
|
3277
|
-
let settled = false;
|
|
3278
|
-
const settle = (result) => {
|
|
3279
|
-
if (settled)
|
|
3280
|
-
return;
|
|
3281
|
-
settled = true;
|
|
3282
|
-
clearTimeout(timer);
|
|
3283
|
-
ws.close();
|
|
3284
|
-
resolve(result);
|
|
3285
|
-
};
|
|
3286
|
-
const timer = setTimeout(() => {
|
|
3287
|
-
if (settled)
|
|
3288
|
-
return;
|
|
3289
|
-
settled = true;
|
|
3290
|
-
ws.close();
|
|
3291
|
-
reject(new Error(`nomad exec timed out after ${timeoutMs}ms`));
|
|
3292
|
-
}, timeoutMs);
|
|
3293
|
-
ws.onopen = () => {
|
|
3294
|
-
if (stdin) {
|
|
3295
|
-
ws.send(JSON.stringify({
|
|
3296
|
-
stdin: { data: Buffer.from(stdin, "utf-8").toString("base64") },
|
|
3297
|
-
}));
|
|
3298
|
-
}
|
|
3299
|
-
// Always close stdin so the remote process sees EOF.
|
|
3300
|
-
ws.send(JSON.stringify({ stdin: { close: true } }));
|
|
3301
|
-
};
|
|
3302
|
-
ws.onmessage = (event) => {
|
|
3303
|
-
try {
|
|
3304
|
-
const msg = JSON.parse(event.data);
|
|
3305
|
-
if (msg.stdout?.data) {
|
|
3306
|
-
const chunk = Buffer.from(msg.stdout.data, "base64").toString("utf-8");
|
|
3307
|
-
stdoutBuf += chunk;
|
|
3308
|
-
if (chunk)
|
|
3309
|
-
handlers.onStdout?.(chunk);
|
|
3310
|
-
}
|
|
3311
|
-
if (msg.stderr?.data) {
|
|
3312
|
-
const chunk = Buffer.from(msg.stderr.data, "base64").toString("utf-8");
|
|
3313
|
-
stderrBuf += chunk;
|
|
3314
|
-
if (chunk)
|
|
3315
|
-
handlers.onStderr?.(chunk);
|
|
3316
|
-
}
|
|
3317
|
-
if (msg.exited === true) {
|
|
3318
|
-
exitCode = msg.result?.exit_code ?? 1;
|
|
3319
|
-
settle({ stdout: stdoutBuf, stderr: stderrBuf, exitCode });
|
|
3320
|
-
}
|
|
3321
|
-
}
|
|
3322
|
-
catch { /* ignore malformed frames */ }
|
|
3323
|
-
};
|
|
3324
|
-
ws.onerror = (event) => {
|
|
3325
|
-
if (settled)
|
|
3326
|
-
return;
|
|
3327
|
-
settled = true;
|
|
3328
|
-
clearTimeout(timer);
|
|
3329
|
-
// ErrorEvent has a .message; plain Event does not.
|
|
3330
|
-
const msg = event.message ?? "WebSocket error";
|
|
3331
|
-
reject(new Error(`[nomad-ws-exec] ${msg}`));
|
|
3332
|
-
};
|
|
3333
|
-
ws.onclose = () => {
|
|
3334
|
-
// Connection dropped before we received the exited frame.
|
|
3335
|
-
// Resolve with whatever we collected so the caller sees partial output.
|
|
3336
|
-
settle({ stdout: stdoutBuf, stderr: stderrBuf, exitCode });
|
|
3337
|
-
};
|
|
3338
|
-
});
|
|
3339
|
-
}
|
|
3340
|
-
/**
|
|
3341
|
-
* Execute a command inside a running app task.
|
|
3342
|
-
*
|
|
3343
|
-
* Strategy:
|
|
3344
|
-
* 1. Try `docker exec` (fast path for docker-driver tasks, no Nomad dependency).
|
|
3345
|
-
* 2. If the container is not found, fall back to the Nomad WebSocket exec API
|
|
3346
|
-
* which works for both `docker` and `raw_exec` tasks.
|
|
3347
|
-
*
|
|
3348
|
-
* @param appId App instance ID.
|
|
3349
|
-
* @param taskName Task name from AppSpec.
|
|
3350
|
-
* @param command Command + args array.
|
|
3351
|
-
* @param timeoutMs Execution timeout in ms (default 120 s).
|
|
3352
|
-
*/
|
|
3353
|
-
async function execInApp(appId, taskName = "", command, timeoutMs = 120_000) {
|
|
3354
|
-
const alloc = await getRunningAlloc(appId);
|
|
3355
|
-
if (!alloc || alloc.ClientStatus !== "running") {
|
|
3356
|
-
throw new Error("App is not running");
|
|
3357
|
-
}
|
|
3358
|
-
const allocId = alloc.ID;
|
|
3359
|
-
if (!/^[a-f0-9-]+$/i.test(allocId))
|
|
3360
|
-
throw new Error("invalid allocId");
|
|
3361
|
-
const resolvedTask = taskName || (Object.keys(alloc.TaskStates ?? {})[0] ?? "");
|
|
3362
|
-
if (!resolvedTask)
|
|
3363
|
-
throw new Error("No task found in alloc");
|
|
3364
|
-
const taskState = alloc.TaskStates?.[resolvedTask];
|
|
3365
|
-
if (!taskState)
|
|
3366
|
-
throw new Error(`Task "${resolvedTask}" not found in alloc`);
|
|
3367
|
-
// For process (raw_exec) apps, execute directly on the host — no container
|
|
3368
|
-
// or Nomad WebSocket overhead needed since the binary runs natively.
|
|
3369
|
-
const { getApp } = await import("./app/app-manager.js");
|
|
3370
|
-
const appData = getApp(appId);
|
|
3371
|
-
const matchedTask = appData?.spec.tasks.find((t) => t.name === resolvedTask);
|
|
3372
|
-
if (matchedTask?.runtime === "process") {
|
|
3373
|
-
const execFileAsync = promisify(execFileCb);
|
|
3374
|
-
try {
|
|
3375
|
-
const { stdout, stderr } = await execFileAsync(command[0], command.slice(1), {
|
|
3376
|
-
timeout: timeoutMs,
|
|
3377
|
-
env: { ...process.env, ...matchedTask.env },
|
|
3378
|
-
});
|
|
3379
|
-
return { stdout, stderr, exitCode: 0 };
|
|
3380
|
-
}
|
|
3381
|
-
catch (e) {
|
|
3382
|
-
return {
|
|
3383
|
-
stdout: e.stdout ?? "",
|
|
3384
|
-
stderr: e.stderr ?? e.message,
|
|
3385
|
-
exitCode: e.code ?? 1,
|
|
3386
|
-
};
|
|
3387
|
-
}
|
|
3388
|
-
}
|
|
3389
|
-
// Fast path: docker exec (avoids WebSocket overhead for container tasks).
|
|
3390
|
-
const execFileAsync = promisify(execFileCb);
|
|
3391
|
-
const containerName = `${resolvedTask}-${allocId}`;
|
|
3392
|
-
try {
|
|
3393
|
-
const { stdout, stderr } = await execFileAsync("docker", ["exec", containerName, ...command], { timeout: timeoutMs });
|
|
3394
|
-
return { stdout, stderr, exitCode: 0 };
|
|
3395
|
-
}
|
|
3396
|
-
catch (e) {
|
|
3397
|
-
const notFound = e?.stderr?.includes("No such container") ||
|
|
3398
|
-
e?.message?.includes("No such container") ||
|
|
3399
|
-
e?.code === 125; // docker CLI: container not found exit code
|
|
3400
|
-
if (!notFound) {
|
|
3401
|
-
// docker exec was found but the command itself failed — real error.
|
|
3402
|
-
return {
|
|
3403
|
-
stdout: e.stdout ?? "",
|
|
3404
|
-
stderr: e.stderr ?? e.message,
|
|
3405
|
-
exitCode: e.code ?? 1,
|
|
3406
|
-
};
|
|
3407
|
-
}
|
|
3408
|
-
// Container not found → likely raw_exec; fall through to Nomad WS exec.
|
|
3409
|
-
console.log(`[nomad] execInApp: container "${containerName}" not found, ` +
|
|
3410
|
-
`falling back to Nomad WebSocket exec for task "${resolvedTask}"`);
|
|
3411
|
-
}
|
|
3412
|
-
// Nomad WebSocket exec — works for raw_exec and docker without docker socket.
|
|
3413
|
-
return nomadWsExec(allocId, resolvedTask, command, undefined, timeoutMs);
|
|
3414
|
-
}
|
|
3415
|
-
UnifiedNomadJobs.execInApp = execInApp;
|
|
3416
|
-
async function streamExecInApp(appId, taskName = "", command, handlers = {}, timeoutMs = 120_000) {
|
|
3417
|
-
const alloc = await getRunningAlloc(appId);
|
|
3418
|
-
if (!alloc || alloc.ClientStatus !== "running") {
|
|
3419
|
-
throw new Error("App is not running");
|
|
3420
|
-
}
|
|
3421
|
-
const allocId = alloc.ID;
|
|
3422
|
-
if (!/^[a-f0-9-]+$/i.test(allocId))
|
|
3423
|
-
throw new Error("invalid allocId");
|
|
3424
|
-
const resolvedTask = taskName || (Object.keys(alloc.TaskStates ?? {})[0] ?? "");
|
|
3425
|
-
if (!resolvedTask)
|
|
3426
|
-
throw new Error("No task found in alloc");
|
|
3427
|
-
const taskState = alloc.TaskStates?.[resolvedTask];
|
|
3428
|
-
if (!taskState)
|
|
3429
|
-
throw new Error(`Task "${resolvedTask}" not found in alloc`);
|
|
3430
|
-
const { getApp } = await import("./app/app-manager.js");
|
|
3431
|
-
const appData = getApp(appId);
|
|
3432
|
-
const matchedTask = appData?.spec.tasks.find((task) => task.name === resolvedTask);
|
|
3433
|
-
if (matchedTask?.runtime === "process") {
|
|
3434
|
-
return streamSpawnedExec(command[0], command.slice(1), handlers, timeoutMs, { env: { ...process.env, ...matchedTask.env } });
|
|
3435
|
-
}
|
|
3436
|
-
const containerName = `${resolvedTask}-${allocId}`;
|
|
3437
|
-
const dockerResult = await streamSpawnedExec("docker", ["exec", containerName, ...command], handlers, timeoutMs);
|
|
3438
|
-
const notFound = dockerResult.stderr.includes("No such container") ||
|
|
3439
|
-
dockerResult.exitCode === 125;
|
|
3440
|
-
if (!notFound) {
|
|
3441
|
-
return dockerResult;
|
|
3442
|
-
}
|
|
3443
|
-
console.log(`[nomad] streamExecInApp: container "${containerName}" not found, ` +
|
|
3444
|
-
`falling back to Nomad WebSocket exec for task "${resolvedTask}"`);
|
|
3445
|
-
return nomadWsExecStream(allocId, resolvedTask, command, undefined, handlers, timeoutMs);
|
|
3446
|
-
}
|
|
3447
|
-
UnifiedNomadJobs.streamExecInApp = streamExecInApp;
|
|
3448
|
-
async function listInstanceIds() {
|
|
3449
|
-
try {
|
|
3450
|
-
const resp = await nomadGet("/v1/jobs");
|
|
3451
|
-
if (!resp.ok)
|
|
3452
|
-
return [];
|
|
3453
|
-
const jobs = await resp.json();
|
|
3454
|
-
return [...new Set(jobs.map((job) => readInstanceMeta(job.ID)?.id || job.ID))];
|
|
3455
|
-
}
|
|
3456
|
-
catch {
|
|
3457
|
-
return [];
|
|
3458
|
-
}
|
|
3459
|
-
}
|
|
3460
|
-
UnifiedNomadJobs.listInstanceIds = listInstanceIds;
|
|
3461
|
-
function readInstanceMeta(nomadJobId) {
|
|
3462
|
-
const directMetaPath = instanceMetaPath(nomadJobId);
|
|
3463
|
-
try {
|
|
3464
|
-
if (existsSync(directMetaPath))
|
|
3465
|
-
return JSON.parse(readFileSync(directMetaPath, "utf-8"));
|
|
3466
|
-
}
|
|
3467
|
-
catch { }
|
|
3468
|
-
if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
|
|
3469
|
-
const id = nomadJobId.slice(OPENCLAW_PREFIX.length);
|
|
3470
|
-
const metaPath = instanceMetaPath(id);
|
|
3471
|
-
try {
|
|
3472
|
-
if (existsSync(metaPath))
|
|
3473
|
-
return JSON.parse(readFileSync(metaPath, "utf-8"));
|
|
3474
|
-
}
|
|
3475
|
-
catch { }
|
|
3476
|
-
return null;
|
|
3477
|
-
}
|
|
3478
|
-
if (isAppJob(nomadJobId)) {
|
|
3479
|
-
const appDir = resolveAppDir(nomadJobId);
|
|
3480
|
-
if (!appDir)
|
|
3481
|
-
return null;
|
|
3482
|
-
const manifestPath = join(appDir, "manifest.json");
|
|
3483
|
-
const yamlPath = join(appDir, "app-spec.yaml");
|
|
3484
|
-
try {
|
|
3485
|
-
const manifest = existsSync(manifestPath)
|
|
3486
|
-
? JSON.parse(readFileSync(manifestPath, "utf-8"))
|
|
3487
|
-
: {};
|
|
3488
|
-
if (existsSync(yamlPath)) {
|
|
3489
|
-
const m = readFileSync(yamlPath, "utf-8").match(/^name:\s*(.+)$/m);
|
|
3490
|
-
if (m)
|
|
3491
|
-
return { ...manifest, name: m[1].trim().replace(/^['"]|['"]$/g, "") };
|
|
3492
|
-
}
|
|
3493
|
-
return Object.keys(manifest).length > 0 ? manifest : null;
|
|
3494
|
-
}
|
|
3495
|
-
catch {
|
|
3496
|
-
return null;
|
|
3497
|
-
}
|
|
3498
|
-
}
|
|
3499
|
-
return null;
|
|
3500
|
-
}
|
|
3501
|
-
UnifiedNomadJobs.readInstanceMeta = readInstanceMeta;
|
|
3502
|
-
async function resolveInstanceId(id) {
|
|
3503
|
-
const ids = await listInstanceIds();
|
|
3504
|
-
if (ids.length === 0)
|
|
3505
|
-
throw new Error("No instances found.");
|
|
3506
|
-
if (id) {
|
|
3507
|
-
if (existsSync(instanceMetaPath(id))) {
|
|
3508
|
-
return id;
|
|
3509
|
-
}
|
|
3510
|
-
if (!ids.includes(id)) {
|
|
3511
|
-
throw new Error(`Instance "${id}" not found. Available: ${ids.join(", ")}`);
|
|
3512
|
-
}
|
|
3513
|
-
return id;
|
|
3514
|
-
}
|
|
3515
|
-
if (ids.length === 1)
|
|
3516
|
-
return ids[0];
|
|
3517
|
-
throw new Error(`Multiple instances exist. Specify an ID. Available: ${ids.join(", ")}`);
|
|
3518
|
-
}
|
|
3519
|
-
UnifiedNomadJobs.resolveInstanceId = resolveInstanceId;
|
|
3520
|
-
async function resolveInstanceForPairing(instanceId) {
|
|
3521
|
-
const ids = await listInstanceIds();
|
|
3522
|
-
if (ids.length === 0)
|
|
3523
|
-
throw new Error("No instances found.");
|
|
3524
|
-
if (instanceId) {
|
|
3525
|
-
if (existsSync(instanceMetaPath(instanceId)))
|
|
3526
|
-
return instanceId;
|
|
3527
|
-
if (!ids.includes(instanceId))
|
|
3528
|
-
throw new Error(`Instance "${instanceId}" not found.`);
|
|
3529
|
-
return instanceId;
|
|
3530
|
-
}
|
|
3531
|
-
if (ids.length === 1)
|
|
3532
|
-
return ids[0];
|
|
3533
|
-
const runningIds = [];
|
|
3534
|
-
for (const id of ids) {
|
|
3535
|
-
try {
|
|
3536
|
-
const st = await getInstanceStatus(id);
|
|
3537
|
-
if (st.status === "running")
|
|
3538
|
-
runningIds.push(id);
|
|
3539
|
-
}
|
|
3540
|
-
catch { }
|
|
3541
|
-
}
|
|
3542
|
-
if (runningIds.length === 1)
|
|
3543
|
-
return runningIds[0];
|
|
3544
|
-
if (runningIds.length === 0)
|
|
3545
|
-
throw new Error("No running instances found. Start an instance first.");
|
|
3546
|
-
throw new Error(`Multiple running instances: ${runningIds.join(", ")}. Use --instance <id>.`);
|
|
3547
|
-
}
|
|
3548
|
-
UnifiedNomadJobs.resolveInstanceForPairing = resolveInstanceForPairing;
|
|
3549
|
-
function ensureNomadToken() {
|
|
3550
|
-
if (process.env.NOMAD_TOKEN)
|
|
3551
|
-
return;
|
|
3552
|
-
const candidates = [
|
|
3553
|
-
join(homedir(), ".jishushell", "nomad.env"),
|
|
3554
|
-
"/etc/jishushell/nomad.env",
|
|
3555
|
-
];
|
|
3556
|
-
for (const f of candidates) {
|
|
3557
|
-
if (!existsSync(f))
|
|
3558
|
-
continue;
|
|
3559
|
-
try {
|
|
3560
|
-
const match = readFileSync(f, "utf-8").match(/^NOMAD_TOKEN=(.+)$/m);
|
|
3561
|
-
if (match) {
|
|
3562
|
-
process.env.NOMAD_TOKEN = match[1].trim();
|
|
3563
|
-
return;
|
|
3564
|
-
}
|
|
3565
|
-
}
|
|
3566
|
-
catch { }
|
|
3567
|
-
}
|
|
3568
|
-
const legacy = getCoreConfig().nomad_token;
|
|
3569
|
-
if (legacy)
|
|
3570
|
-
process.env.NOMAD_TOKEN = legacy;
|
|
3571
|
-
}
|
|
3572
|
-
UnifiedNomadJobs.ensureNomadToken = ensureNomadToken;
|
|
3573
|
-
async function getGenericJobStatus(jobId) {
|
|
3574
|
-
const stopped = { status: "stopped", pid: null, uptime: null, memory_mb: null, cpu_percent: null };
|
|
3575
|
-
try {
|
|
3576
|
-
const resp = await nomadGet(`/v1/job/${jobId}`);
|
|
3577
|
-
if (!resp.ok)
|
|
3578
|
-
return stopped;
|
|
3579
|
-
const job = await resp.json();
|
|
3580
|
-
if (job.Stop)
|
|
3581
|
-
return stopped;
|
|
3582
|
-
const allocResp = await nomadGet(`/v1/job/${jobId}/allocations`);
|
|
3583
|
-
if (!allocResp.ok)
|
|
3584
|
-
return { ...stopped, status: "unknown" };
|
|
3585
|
-
const allocs = await allocResp.json();
|
|
3586
|
-
if (!allocs.length)
|
|
3587
|
-
return { ...stopped, status: "pending" };
|
|
3588
|
-
const sorted = [...allocs].sort((a, b) => (b.CreateIndex ?? 0) - (a.CreateIndex ?? 0));
|
|
3589
|
-
const running = sorted.find(a => a.ClientStatus === "running") ?? sorted[0];
|
|
3590
|
-
return { ...stopped, status: running.ClientStatus ?? "unknown" };
|
|
3591
|
-
}
|
|
3592
|
-
catch {
|
|
3593
|
-
return { ...stopped, status: "unknown" };
|
|
3594
|
-
}
|
|
3595
|
-
}
|
|
3596
|
-
async function getInstanceStatus(nomadJobId) {
|
|
3597
|
-
if (await getInstanceBackedInstalledApp(nomadJobId)) {
|
|
3598
|
-
const st = await getAppStatus(nomadJobId);
|
|
3599
|
-
return {
|
|
3600
|
-
status: st.status,
|
|
3601
|
-
pid: st.pid,
|
|
3602
|
-
uptime: st.uptime,
|
|
3603
|
-
memory_mb: st.memory_mb,
|
|
3604
|
-
cpu_percent: st.cpu_percent,
|
|
3605
|
-
};
|
|
3606
|
-
}
|
|
3607
|
-
if (isAppJob(nomadJobId)) {
|
|
3608
|
-
const st = await getAppStatus(nomadJobId);
|
|
3609
|
-
return {
|
|
3610
|
-
status: st.status,
|
|
3611
|
-
pid: st.pid,
|
|
3612
|
-
uptime: st.uptime,
|
|
3613
|
-
memory_mb: st.memory_mb,
|
|
3614
|
-
cpu_percent: st.cpu_percent,
|
|
3615
|
-
};
|
|
3616
|
-
}
|
|
3617
|
-
const identity = resolveRuntimeIdentity(nomadJobId);
|
|
3618
|
-
if (identity?.driver === "app-job" || identity?.driver === "local-model") {
|
|
3619
|
-
const st = await getAppStatus(nomadJobId);
|
|
3620
|
-
return {
|
|
3621
|
-
status: st.status,
|
|
3622
|
-
pid: st.pid,
|
|
3623
|
-
uptime: st.uptime,
|
|
3624
|
-
memory_mb: st.memory_mb,
|
|
3625
|
-
cpu_percent: st.cpu_percent,
|
|
3626
|
-
};
|
|
3627
|
-
}
|
|
3628
|
-
if (identity?.driver === "runtime-adapter") {
|
|
3629
|
-
return instanceScheduler.getStatus(nomadJobId);
|
|
3630
|
-
}
|
|
3631
|
-
if (existsSync(instanceMetaPath(nomadJobId))) {
|
|
3632
|
-
return instanceScheduler.getStatus(nomadJobId);
|
|
3633
|
-
}
|
|
3634
|
-
if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
|
|
3635
|
-
return instanceScheduler.getStatus(nomadJobId.slice(OPENCLAW_PREFIX.length));
|
|
3636
|
-
}
|
|
3637
|
-
return getGenericJobStatus(nomadJobId);
|
|
3638
|
-
}
|
|
3639
|
-
UnifiedNomadJobs.getInstanceStatus = getInstanceStatus;
|
|
3640
|
-
async function startInstance(nomadJobId) {
|
|
3641
|
-
const instanceBackedApp = await getInstanceBackedInstalledApp(nomadJobId);
|
|
3642
|
-
if (instanceBackedApp) {
|
|
3643
|
-
// PR 3 sub-step 3d: switch to resolveConnections in runtime mode so
|
|
3644
|
-
// missing required producers / ambiguous prefix candidates throw with
|
|
3645
|
-
// structured codes (412 / 409 / 400). Read the live instance.json so
|
|
3646
|
-
// UI bindings persisted via PUT /connections (PR 4) drive the
|
|
3647
|
-
// resolution; fall back to a stub `{ connections: {} }` when the
|
|
3648
|
-
// instance file isn't readable yet.
|
|
3649
|
-
let extraEnv = {};
|
|
3650
|
-
try {
|
|
3651
|
-
const { refreshCapabilityRegistry } = await import("./app/app-manager.js");
|
|
3652
|
-
await refreshCapabilityRegistry();
|
|
3653
|
-
const { resolveConnections, resolvedToLegacyEnv } = await import("./connection-resolver.js");
|
|
3654
|
-
const legacyInstanceManager = await import("./instance-manager.js");
|
|
3655
|
-
const meta = legacyInstanceManager.getInstance(nomadJobId);
|
|
3656
|
-
const instance = { connections: meta?.connections ?? {} };
|
|
3657
|
-
// Validate in runtime mode so missing required / ambiguous still throws
|
|
3658
|
-
// with structured error codes (412 / 409 / 400) before we touch Nomad.
|
|
3659
|
-
const { resolved } = resolveConnections(instanceBackedApp.spec, instance, "runtime");
|
|
3660
|
-
// Render the full RUNTIME_HOOKS env (covers llm/search/browser/mcp)
|
|
3661
|
-
// rather than just the default-category subset, so apply: openai-env
|
|
3662
|
-
// consumers (e.g. OpenWebUI) self-heal across provider port changes.
|
|
3663
|
-
const { renderRuntimeConnectionsEnv } = await import("./connection-apply.js");
|
|
3664
|
-
const runtimeEnv = await renderRuntimeConnectionsEnv(instanceBackedApp.spec, { id: nomadJobId, connections: instance.connections });
|
|
3665
|
-
extraEnv = { ...resolvedToLegacyEnv(resolved), ...runtimeEnv };
|
|
3666
|
-
}
|
|
3667
|
-
catch (e) {
|
|
3668
|
-
return {
|
|
3669
|
-
ok: false,
|
|
3670
|
-
error: e.message,
|
|
3671
|
-
...(e.code ? { code: e.code } : {}),
|
|
3672
|
-
...(typeof e.statusCode === "number" ? { statusCode: e.statusCode } : {}),
|
|
3673
|
-
};
|
|
3674
|
-
}
|
|
3675
|
-
const depCheck = await checkDependencies(instanceBackedApp.spec);
|
|
3676
|
-
if (!depCheck.ok) {
|
|
3677
|
-
return { ok: false, error: depCheck.errors.join("; ") };
|
|
3678
|
-
}
|
|
3679
|
-
const result = await startAppJob(instanceBackedApp.spec, nomadJobId, extraEnv);
|
|
3680
|
-
if (!result.ok)
|
|
3681
|
-
return result;
|
|
3682
|
-
const { runPostStartSteps, syncCapabilitiesForApp, waitForAppRuntimeRunning } = await import("./app/app-manager.js");
|
|
3683
|
-
const running = instanceBackedApp.spec.provides?.length || instanceBackedApp.spec.lifecycle?.post_start?.length
|
|
3684
|
-
? await waitForAppRuntimeRunning(nomadJobId, instanceBackedApp.spec.lifecycle?.post_start?.length ? 120_000 : 30_000)
|
|
3685
|
-
: false;
|
|
3686
|
-
if (running && instanceBackedApp.spec.lifecycle?.post_start?.length) {
|
|
3687
|
-
await runPostStartSteps(instanceBackedApp.spec);
|
|
3688
|
-
}
|
|
3689
|
-
await syncCapabilitiesForApp(nomadJobId);
|
|
3690
|
-
return result;
|
|
3691
|
-
}
|
|
3692
|
-
if (await getAdapterManagedAppDirInstalledApp(nomadJobId)) {
|
|
3693
|
-
const result = await instanceScheduler.startInstance(nomadJobId);
|
|
3694
|
-
if (result.ok)
|
|
3695
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3696
|
-
return result;
|
|
3697
|
-
}
|
|
3698
|
-
const identity = resolveRuntimeIdentity(nomadJobId);
|
|
3699
|
-
if (identity?.driver === "app-job" || identity?.driver === "local-model") {
|
|
3700
|
-
const { startApp } = await import("./app/app-manager.js");
|
|
3701
|
-
return startApp(nomadJobId);
|
|
3702
|
-
}
|
|
3703
|
-
if (identity?.driver === "runtime-adapter") {
|
|
3704
|
-
const result = await instanceScheduler.startInstance(nomadJobId);
|
|
3705
|
-
if (result.ok)
|
|
3706
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3707
|
-
return result;
|
|
3708
|
-
}
|
|
3709
|
-
if (isAppJob(nomadJobId)) {
|
|
3710
|
-
return { ok: false, error: `App '${nomadJobId}' 必须通过 app-manager 启动` };
|
|
3711
|
-
}
|
|
3712
|
-
if (existsSync(instanceMetaPath(nomadJobId))) {
|
|
3713
|
-
const result = await instanceScheduler.startInstance(nomadJobId);
|
|
3714
|
-
if (result.ok)
|
|
3715
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3716
|
-
return result;
|
|
3717
|
-
}
|
|
3718
|
-
if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
|
|
3719
|
-
const inner = nomadJobId.slice(OPENCLAW_PREFIX.length);
|
|
3720
|
-
const result = await instanceScheduler.startInstance(inner);
|
|
3721
|
-
if (result.ok)
|
|
3722
|
-
await syncCapabilitiesForInstance(inner);
|
|
3723
|
-
return result;
|
|
3724
|
-
}
|
|
3725
|
-
if (!isAppJob(nomadJobId)) {
|
|
3726
|
-
return { ok: false, error: `Cannot start unmanaged job "${nomadJobId}"` };
|
|
3727
|
-
}
|
|
3728
|
-
return { ok: false, error: `Cannot start unmanaged job "${nomadJobId}"` };
|
|
3729
|
-
}
|
|
3730
|
-
UnifiedNomadJobs.startInstance = startInstance;
|
|
3731
|
-
async function stopInstance(nomadJobId, purge = false) {
|
|
3732
|
-
if (await getInstanceBackedInstalledApp(nomadJobId)) {
|
|
3733
|
-
const result = await stopAppJob(nomadJobId, purge);
|
|
3734
|
-
if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
|
|
3735
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3736
|
-
}
|
|
3737
|
-
return result;
|
|
3738
|
-
}
|
|
3739
|
-
if (await getAdapterManagedAppDirInstalledApp(nomadJobId)) {
|
|
3740
|
-
const result = await instanceScheduler.stopInstance(nomadJobId, purge);
|
|
3741
|
-
if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
|
|
3742
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3743
|
-
}
|
|
3744
|
-
return result;
|
|
3745
|
-
}
|
|
3746
|
-
const identity = resolveRuntimeIdentity(nomadJobId);
|
|
3747
|
-
if (identity?.driver === "app-job" || identity?.driver === "local-model") {
|
|
3748
|
-
const { stopApp } = await import("./app/app-manager.js");
|
|
3749
|
-
return stopApp(nomadJobId, purge);
|
|
3750
|
-
}
|
|
3751
|
-
if (identity?.driver === "runtime-adapter") {
|
|
3752
|
-
const result = await instanceScheduler.stopInstance(nomadJobId, purge);
|
|
3753
|
-
if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
|
|
3754
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3755
|
-
}
|
|
3756
|
-
return result;
|
|
3757
|
-
}
|
|
3758
|
-
if (isAppJob(nomadJobId)) {
|
|
3759
|
-
return { ok: false, error: `App '${nomadJobId}' 必须通过 app-manager 停止` };
|
|
3760
|
-
}
|
|
3761
|
-
if (existsSync(instanceMetaPath(nomadJobId))) {
|
|
3762
|
-
const result = await instanceScheduler.stopInstance(nomadJobId, purge);
|
|
3763
|
-
if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
|
|
3764
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3765
|
-
}
|
|
3766
|
-
return result;
|
|
3767
|
-
}
|
|
3768
|
-
if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
|
|
3769
|
-
const inner = nomadJobId.slice(OPENCLAW_PREFIX.length);
|
|
3770
|
-
const result = await instanceScheduler.stopInstance(inner, purge);
|
|
3771
|
-
if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
|
|
3772
|
-
await syncCapabilitiesForInstance(inner);
|
|
3773
|
-
}
|
|
3774
|
-
return result;
|
|
3775
|
-
}
|
|
3776
|
-
try {
|
|
3777
|
-
const resp = await nomadDelete(`/v1/job/${nomadJobId}?purge=${purge}`);
|
|
3778
|
-
return resp.ok ? { ok: true } : { ok: false, error: `HTTP ${resp.status}` };
|
|
3779
|
-
}
|
|
3780
|
-
catch (e) {
|
|
3781
|
-
return { ok: false, error: e.message };
|
|
3782
|
-
}
|
|
3783
|
-
}
|
|
3784
|
-
UnifiedNomadJobs.stopInstance = stopInstance;
|
|
3785
|
-
async function restartInstance(nomadJobId) {
|
|
3786
|
-
if (await getInstanceBackedInstalledApp(nomadJobId)) {
|
|
3787
|
-
const stopResult = await stopInstance(nomadJobId);
|
|
3788
|
-
if (!stopResult.ok && !stopResult.error?.includes("not running") && !stopResult.error?.includes("not found")) {
|
|
3789
|
-
return stopResult;
|
|
3790
|
-
}
|
|
3791
|
-
return startInstance(nomadJobId);
|
|
3792
|
-
}
|
|
3793
|
-
if (await getAdapterManagedAppDirInstalledApp(nomadJobId)) {
|
|
3794
|
-
const result = await instanceScheduler.restartInstance(nomadJobId);
|
|
3795
|
-
if (result.ok)
|
|
3796
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3797
|
-
return result;
|
|
3798
|
-
}
|
|
3799
|
-
const identity = resolveRuntimeIdentity(nomadJobId);
|
|
3800
|
-
if (identity?.driver === "app-job" || identity?.driver === "local-model") {
|
|
3801
|
-
const { restartApp } = await import("./app/app-manager.js");
|
|
3802
|
-
return restartApp(nomadJobId);
|
|
3803
|
-
}
|
|
3804
|
-
if (identity?.driver === "runtime-adapter") {
|
|
3805
|
-
const result = await instanceScheduler.restartInstance(nomadJobId);
|
|
3806
|
-
if (result.ok)
|
|
3807
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3808
|
-
return result;
|
|
3809
|
-
}
|
|
3810
|
-
if (isAppJob(nomadJobId)) {
|
|
3811
|
-
return { ok: false, error: `App '${nomadJobId}' 必须通过 app-manager 重启` };
|
|
3812
|
-
}
|
|
3813
|
-
if (existsSync(instanceMetaPath(nomadJobId))) {
|
|
3814
|
-
const result = await instanceScheduler.restartInstance(nomadJobId);
|
|
3815
|
-
if (result.ok)
|
|
3816
|
-
await syncCapabilitiesForInstance(nomadJobId);
|
|
3817
|
-
return result;
|
|
3818
|
-
}
|
|
3819
|
-
if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
|
|
3820
|
-
const inner = nomadJobId.slice(OPENCLAW_PREFIX.length);
|
|
3821
|
-
const result = await instanceScheduler.restartInstance(inner);
|
|
3822
|
-
if (result.ok)
|
|
3823
|
-
await syncCapabilitiesForInstance(inner);
|
|
3824
|
-
return result;
|
|
3825
|
-
}
|
|
3826
|
-
if (!isAppJob(nomadJobId)) {
|
|
3827
|
-
return { ok: false, error: `Cannot restart unmanaged job "${nomadJobId}"` };
|
|
3828
|
-
}
|
|
3829
|
-
return { ok: false, error: `Cannot restart unmanaged job "${nomadJobId}"` };
|
|
3830
|
-
}
|
|
3831
|
-
UnifiedNomadJobs.restartInstance = restartInstance;
|
|
3832
|
-
async function getInstanceLogs(nomadJobId, lines = 200, logType = "stderr") {
|
|
3833
|
-
if (await getInstanceBackedInstalledApp(nomadJobId)) {
|
|
3834
|
-
return getAppLogs(nomadJobId, "", lines, logType);
|
|
3835
|
-
}
|
|
3836
|
-
if (isAppJob(nomadJobId))
|
|
3837
|
-
return getAppLogs(nomadJobId, "", lines, logType);
|
|
3838
|
-
const identity = resolveRuntimeIdentity(nomadJobId);
|
|
3839
|
-
if (identity?.driver === "app-job" || identity?.driver === "local-model") {
|
|
3840
|
-
return getAppLogs(nomadJobId, "", lines, logType);
|
|
3841
|
-
}
|
|
3842
|
-
if (identity?.driver === "runtime-adapter") {
|
|
3843
|
-
return instanceScheduler.getLogs(nomadJobId, lines, logType);
|
|
3844
|
-
}
|
|
3845
|
-
if (existsSync(instanceMetaPath(nomadJobId))) {
|
|
3846
|
-
return instanceScheduler.getLogs(nomadJobId, lines, logType);
|
|
3847
|
-
}
|
|
3848
|
-
if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
|
|
3849
|
-
return instanceScheduler.getLogs(nomadJobId.slice(OPENCLAW_PREFIX.length), lines, logType);
|
|
3850
|
-
}
|
|
3851
|
-
if (!isAppJob(nomadJobId))
|
|
3852
|
-
return [];
|
|
3853
|
-
return [];
|
|
3854
|
-
}
|
|
3855
|
-
UnifiedNomadJobs.getInstanceLogs = getInstanceLogs;
|
|
3856
|
-
async function execInInstance(nomadJobId, command, timeoutMs) {
|
|
3857
|
-
if (await getInstanceBackedInstalledApp(nomadJobId)) {
|
|
3858
|
-
return execInApp(nomadJobId, "", command, timeoutMs ?? 120_000);
|
|
3859
|
-
}
|
|
3860
|
-
if (isAppJob(nomadJobId)) {
|
|
3861
|
-
return execInApp(nomadJobId, "", command, timeoutMs ?? 120_000);
|
|
3862
|
-
}
|
|
3863
|
-
const identity = resolveRuntimeIdentity(nomadJobId);
|
|
3864
|
-
if (identity?.driver === "app-job" || identity?.driver === "local-model") {
|
|
3865
|
-
return execInApp(nomadJobId, "", command, timeoutMs ?? 120_000);
|
|
3866
|
-
}
|
|
3867
|
-
if (identity?.driver === "runtime-adapter") {
|
|
3868
|
-
return instanceScheduler.exec(nomadJobId, command, timeoutMs);
|
|
3869
|
-
}
|
|
3870
|
-
if (existsSync(instanceMetaPath(nomadJobId))) {
|
|
3871
|
-
return instanceScheduler.exec(nomadJobId, command, timeoutMs);
|
|
3872
|
-
}
|
|
3873
|
-
if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
|
|
3874
|
-
return instanceScheduler.exec(nomadJobId.slice(OPENCLAW_PREFIX.length), command, timeoutMs);
|
|
3875
|
-
}
|
|
3876
|
-
if (!isAppJob(nomadJobId)) {
|
|
3877
|
-
return { stdout: "", stderr: `Cannot exec into unmanaged job "${nomadJobId}"`, exitCode: 1 };
|
|
3878
|
-
}
|
|
3879
|
-
return { stdout: "", stderr: `Cannot exec into unmanaged job "${nomadJobId}"`, exitCode: 1 };
|
|
3880
|
-
}
|
|
3881
|
-
UnifiedNomadJobs.execInInstance = execInInstance;
|
|
3882
|
-
async function streamExecInInstance(nomadJobId, command, handlers = {}, timeoutMs, taskName = "") {
|
|
3883
|
-
if (await getInstanceBackedInstalledApp(nomadJobId)) {
|
|
3884
|
-
return streamExecInApp(nomadJobId, taskName, command, handlers, timeoutMs ?? 120_000);
|
|
3885
|
-
}
|
|
3886
|
-
if (isAppJob(nomadJobId)) {
|
|
3887
|
-
return streamExecInApp(nomadJobId, taskName, command, handlers, timeoutMs ?? 120_000);
|
|
3888
|
-
}
|
|
3889
|
-
const identity = resolveRuntimeIdentity(nomadJobId);
|
|
3890
|
-
if (identity?.driver === "app-job" || identity?.driver === "local-model") {
|
|
3891
|
-
return streamExecInApp(nomadJobId, taskName, command, handlers, timeoutMs ?? 120_000);
|
|
3892
|
-
}
|
|
3893
|
-
if (identity?.driver === "runtime-adapter") {
|
|
3894
|
-
const result = await instanceScheduler.exec(nomadJobId, command, timeoutMs);
|
|
3895
|
-
if (result.stdout)
|
|
3896
|
-
handlers.onStdout?.(result.stdout);
|
|
3897
|
-
if (result.stderr)
|
|
3898
|
-
handlers.onStderr?.(result.stderr);
|
|
3899
|
-
return result;
|
|
3900
|
-
}
|
|
3901
|
-
if (existsSync(instanceMetaPath(nomadJobId))) {
|
|
3902
|
-
const result = await instanceScheduler.exec(nomadJobId, command, timeoutMs);
|
|
3903
|
-
if (result.stdout)
|
|
3904
|
-
handlers.onStdout?.(result.stdout);
|
|
3905
|
-
if (result.stderr)
|
|
3906
|
-
handlers.onStderr?.(result.stderr);
|
|
3907
|
-
return result;
|
|
3908
|
-
}
|
|
3909
|
-
if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
|
|
3910
|
-
const result = await instanceScheduler.exec(nomadJobId.slice(OPENCLAW_PREFIX.length), command, timeoutMs);
|
|
3911
|
-
if (result.stdout)
|
|
3912
|
-
handlers.onStdout?.(result.stdout);
|
|
3913
|
-
if (result.stderr)
|
|
3914
|
-
handlers.onStderr?.(result.stderr);
|
|
3915
|
-
return result;
|
|
3916
|
-
}
|
|
3917
|
-
if (!isAppJob(nomadJobId)) {
|
|
3918
|
-
const stderr = `Cannot exec into unmanaged job "${nomadJobId}"`;
|
|
3919
|
-
handlers.onStderr?.(stderr);
|
|
3920
|
-
return { stdout: "", stderr, exitCode: 1 };
|
|
3921
|
-
}
|
|
3922
|
-
const stderr = `Cannot exec into unmanaged job "${nomadJobId}"`;
|
|
3923
|
-
handlers.onStderr?.(stderr);
|
|
3924
|
-
return { stdout: "", stderr, exitCode: 1 };
|
|
3925
|
-
}
|
|
3926
|
-
UnifiedNomadJobs.streamExecInInstance = streamExecInInstance;
|
|
3927
|
-
})(UnifiedNomadJobs || (UnifiedNomadJobs = {}));
|
|
3928
|
-
export const isAppJob = UnifiedNomadJobs.isAppJob;
|
|
3929
|
-
export const parseCpuMHz = UnifiedNomadJobs.parseCpuMHz;
|
|
3930
|
-
export const parseMemoryMB = UnifiedNomadJobs.parseMemoryMB;
|
|
3931
|
-
export const isBinaryRunning = UnifiedNomadJobs.isBinaryRunning;
|
|
3932
|
-
export const getAppStatus = UnifiedNomadJobs.getAppStatus;
|
|
3933
|
-
export const startAppJob = UnifiedNomadJobs.startAppJob;
|
|
3934
|
-
export const waitForRunning = UnifiedNomadJobs.waitForRunning;
|
|
3935
|
-
export const checkDependencies = UnifiedNomadJobs.checkDependencies;
|
|
3936
|
-
export const validateNomadPortHostNetworks = UnifiedNomadJobs.validateNomadPortHostNetworks;
|
|
3937
|
-
export const buildNomadReservedPort = UnifiedNomadJobs.buildNomadReservedPort;
|
|
3938
|
-
export const stopAppJob = UnifiedNomadJobs.stopAppJob;
|
|
3939
|
-
export const restartAppJob = UnifiedNomadJobs.restartAppJob;
|
|
3940
|
-
export const getAppLogs = UnifiedNomadJobs.getAppLogs;
|
|
3941
|
-
export const execInApp = UnifiedNomadJobs.execInApp;
|
|
3942
|
-
export const streamExecInApp = UnifiedNomadJobs.streamExecInApp;
|
|
3943
|
-
export const listInstanceIds = UnifiedNomadJobs.listInstanceIds;
|
|
3944
|
-
export const readInstanceMeta = UnifiedNomadJobs.readInstanceMeta;
|
|
3945
|
-
export const resolveInstanceId = UnifiedNomadJobs.resolveInstanceId;
|
|
3946
|
-
export const resolveInstanceForPairing = UnifiedNomadJobs.resolveInstanceForPairing;
|
|
3947
|
-
export const ensureNomadToken = UnifiedNomadJobs.ensureNomadToken;
|
|
3948
|
-
export const getInstanceStatus = UnifiedNomadJobs.getInstanceStatus;
|
|
3949
|
-
export const getInstanceLogs = UnifiedNomadJobs.getInstanceLogs;
|
|
3950
|
-
export const execInInstance = UnifiedNomadJobs.execInInstance;
|
|
3951
|
-
export const streamExecInInstance = UnifiedNomadJobs.streamExecInInstance;
|
|
3952
|
-
export const shouldAutoStartNomadJob = UnifiedNomadJobs.shouldAutoStart;
|
|
3953
|
-
export const startNomadJobInstance = UnifiedNomadJobs.startInstance;
|
|
3954
|
-
export const stopNomadJobInstance = UnifiedNomadJobs.stopInstance;
|
|
3955
|
-
export const restartNomadJobInstance = UnifiedNomadJobs.restartInstance;
|
|
3956
|
-
// @internal — exposed for Phase 10.4 unit testing only.
|
|
3957
|
-
export const __aggregateHealthStatusForTests = UnifiedNomadJobs.aggregateHealthStatus;
|
|
3958
|
-
//# sourceMappingURL=nomad-manager.js.map
|