jishushell 0.6.5 → 0.6.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (998) hide show
  1. package/apps/anythingllm-container.yaml +15 -170
  2. package/apps/browserless-chromium-container.yaml +15 -10
  3. package/apps/filebrowser-container.yaml +14 -9
  4. package/apps/hermes-container.yaml +23 -2
  5. package/apps/jishu-kb-container.yaml +29 -161
  6. package/apps/ollama-binary.yaml +32 -28
  7. package/apps/ollama-cpu-container.yaml +5 -0
  8. package/apps/ollama-with-hollama-binary.yaml +33 -28
  9. package/apps/openclaw-binary.yaml +34 -10
  10. package/apps/openclaw-container.yaml +31 -7
  11. package/apps/openclaw-with-ollama-container.yaml +8 -2
  12. package/apps/openclaw-with-searxng-container.yaml +18 -6
  13. package/apps/searxng-container.yaml +11 -6
  14. package/apps/weknora-container.yaml +21 -21
  15. package/dependencies/jishushell-panel-0.6.18.tgz +0 -0
  16. package/dist/cli/app.js +244 -213
  17. package/dist/cli/app.js.map +1 -1
  18. package/dist/cli/backup.js +15 -12
  19. package/dist/cli/backup.js.map +1 -1
  20. package/dist/cli/core.d.ts +4 -3
  21. package/dist/cli/core.js +392 -227
  22. package/dist/cli/core.js.map +1 -1
  23. package/dist/cli/doctor.d.ts +1 -1
  24. package/dist/cli/doctor.js +17 -10
  25. package/dist/cli/doctor.js.map +1 -1
  26. package/dist/cli/job.js +62 -14
  27. package/dist/cli/job.js.map +1 -1
  28. package/dist/cli/llm.js +80 -11
  29. package/dist/cli/llm.js.map +1 -1
  30. package/dist/cli/managed-list.d.ts +1 -3
  31. package/dist/cli/managed-list.js +18 -16
  32. package/dist/cli/managed-list.js.map +1 -1
  33. package/dist/cli/migrate.d.ts +2 -0
  34. package/dist/cli/migrate.js +160 -0
  35. package/dist/cli/migrate.js.map +1 -0
  36. package/dist/cli.js +1 -0
  37. package/dist/cli.js.map +1 -1
  38. package/dist/config.d.ts +23 -19
  39. package/dist/config.js +60 -49
  40. package/dist/config.js.map +1 -1
  41. package/dist/control.d.ts +6 -6
  42. package/dist/control.js +31 -23
  43. package/dist/control.js.map +1 -1
  44. package/dist/core.d.ts +5 -5
  45. package/dist/core.js +5 -5
  46. package/dist/core.js.map +1 -1
  47. package/dist/install.d.ts +2 -2
  48. package/dist/install.js +18 -18
  49. package/dist/install.js.map +1 -1
  50. package/dist/routes/apps.d.ts +1 -1
  51. package/dist/routes/apps.js +101 -193
  52. package/dist/routes/apps.js.map +1 -1
  53. package/dist/routes/auth.js +1 -1
  54. package/dist/routes/auth.js.map +1 -1
  55. package/dist/routes/backup.js +1 -1
  56. package/dist/routes/backup.js.map +1 -1
  57. package/dist/routes/external-mounts.d.ts +1 -1
  58. package/dist/routes/external-mounts.js +1 -1
  59. package/dist/routes/external-mounts.js.map +1 -1
  60. package/dist/routes/file-mounts.d.ts +4 -3
  61. package/dist/routes/file-mounts.js +51 -30
  62. package/dist/routes/file-mounts.js.map +1 -1
  63. package/dist/routes/files-organize.d.ts +2 -2
  64. package/dist/routes/files-organize.js +5 -5
  65. package/dist/routes/files-organize.js.map +1 -1
  66. package/dist/routes/files.d.ts +1 -1
  67. package/dist/routes/files.js +1 -1
  68. package/dist/routes/files.js.map +1 -1
  69. package/dist/routes/instances.d.ts +10 -4
  70. package/dist/routes/instances.js +323 -541
  71. package/dist/routes/instances.js.map +1 -1
  72. package/dist/routes/integration-apps.d.ts +14 -0
  73. package/dist/routes/integration-apps.js +81 -0
  74. package/dist/routes/integration-apps.js.map +1 -0
  75. package/dist/routes/integrations.d.ts +9 -0
  76. package/dist/routes/integrations.js +12 -0
  77. package/dist/routes/integrations.js.map +1 -0
  78. package/dist/routes/llm-proxy.js +26 -3
  79. package/dist/routes/llm-proxy.js.map +1 -1
  80. package/dist/routes/setup.js +53 -38
  81. package/dist/routes/setup.js.map +1 -1
  82. package/dist/routes/system.js +108 -68
  83. package/dist/routes/system.js.map +1 -1
  84. package/dist/routes/webdav.d.ts +1 -1
  85. package/dist/routes/webdav.js +2 -2
  86. package/dist/routes/webdav.js.map +1 -1
  87. package/dist/server.js +315 -213
  88. package/dist/server.js.map +1 -1
  89. package/dist/services/app-common/app-compiler.js +186 -0
  90. package/dist/services/app-common/app-compiler.js.map +1 -0
  91. package/dist/services/app-common/app-shared.d.ts +15 -0
  92. package/dist/services/app-common/app-shared.js +64 -0
  93. package/dist/services/app-common/app-shared.js.map +1 -0
  94. package/dist/services/app-common/capability-service.d.ts +45 -0
  95. package/dist/services/app-common/capability-service.js +331 -0
  96. package/dist/services/app-common/capability-service.js.map +1 -0
  97. package/dist/services/app-common/catalog-service.d.ts +59 -0
  98. package/dist/services/app-common/catalog-service.js +308 -0
  99. package/dist/services/app-common/catalog-service.js.map +1 -0
  100. package/dist/services/app-common/create-pipeline.d.ts +26 -0
  101. package/dist/services/app-common/create-pipeline.js +298 -0
  102. package/dist/services/app-common/create-pipeline.js.map +1 -0
  103. package/dist/services/app-common/delete-service.d.ts +5 -0
  104. package/dist/services/app-common/delete-service.js +104 -0
  105. package/dist/services/app-common/delete-service.js.map +1 -0
  106. package/dist/services/app-common/execution-owner.d.ts +23 -0
  107. package/dist/services/app-common/execution-owner.js +124 -0
  108. package/dist/services/app-common/execution-owner.js.map +1 -0
  109. package/dist/services/app-common/execution-service.d.ts +23 -0
  110. package/dist/services/app-common/execution-service.js +105 -0
  111. package/dist/services/app-common/execution-service.js.map +1 -0
  112. package/dist/services/app-common/id-normalizer.d.ts +31 -0
  113. package/dist/services/app-common/id-normalizer.js +83 -0
  114. package/dist/services/app-common/id-normalizer.js.map +1 -0
  115. package/dist/services/app-common/install-store.d.ts +34 -0
  116. package/dist/services/app-common/install-store.js +261 -0
  117. package/dist/services/app-common/install-store.js.map +1 -0
  118. package/dist/services/app-common/instance-store.d.ts +78 -0
  119. package/dist/services/app-common/instance-store.js +495 -0
  120. package/dist/services/app-common/instance-store.js.map +1 -0
  121. package/dist/services/app-common/integration-refs.d.ts +17 -0
  122. package/dist/services/app-common/integration-refs.js +47 -0
  123. package/dist/services/app-common/integration-refs.js.map +1 -0
  124. package/dist/services/app-common/lifecycle-pipeline.d.ts +62 -0
  125. package/dist/services/app-common/lifecycle-pipeline.js +317 -0
  126. package/dist/services/app-common/lifecycle-pipeline.js.map +1 -0
  127. package/dist/services/app-common/lifecycle-scripts.d.ts +38 -0
  128. package/dist/services/app-common/lifecycle-scripts.js +935 -0
  129. package/dist/services/app-common/lifecycle-scripts.js.map +1 -0
  130. package/dist/services/app-common/lifecycle-service.d.ts +68 -0
  131. package/dist/services/app-common/lifecycle-service.js +467 -0
  132. package/dist/services/app-common/lifecycle-service.js.map +1 -0
  133. package/dist/services/app-common/paths.d.ts +29 -0
  134. package/dist/services/app-common/paths.js +34 -0
  135. package/dist/services/app-common/paths.js.map +1 -0
  136. package/dist/services/app-common/platform-transform.d.ts +32 -0
  137. package/dist/services/app-common/platform-transform.js +65 -0
  138. package/dist/services/app-common/platform-transform.js.map +1 -0
  139. package/dist/services/app-common/provide-resolver.d.ts +29 -0
  140. package/dist/services/app-common/provide-resolver.js +129 -0
  141. package/dist/services/app-common/provide-resolver.js.map +1 -0
  142. package/dist/services/app-common/remote-spec.d.ts +14 -0
  143. package/dist/services/app-common/remote-spec.js +58 -0
  144. package/dist/services/app-common/remote-spec.js.map +1 -0
  145. package/dist/services/app-common/runtime-builder.d.ts +1 -0
  146. package/dist/services/app-common/runtime-builder.js +2 -0
  147. package/dist/services/app-common/runtime-builder.js.map +1 -0
  148. package/dist/services/app-common/runtime-facts.d.ts +19 -0
  149. package/dist/services/app-common/runtime-facts.js +126 -0
  150. package/dist/services/app-common/runtime-facts.js.map +1 -0
  151. package/dist/services/app-common/service.d.ts +9 -0
  152. package/dist/services/app-common/service.js +10 -0
  153. package/dist/services/app-common/service.js.map +1 -0
  154. package/dist/services/app-common/spec-materializer.d.ts +9 -0
  155. package/dist/services/app-common/spec-materializer.js +361 -0
  156. package/dist/services/app-common/spec-materializer.js.map +1 -0
  157. package/dist/services/app-common/status-refresh.d.ts +33 -0
  158. package/dist/services/app-common/status-refresh.js +759 -0
  159. package/dist/services/app-common/status-refresh.js.map +1 -0
  160. package/dist/services/app-common/task-service.d.ts +29 -0
  161. package/dist/services/app-common/task-service.js +93 -0
  162. package/dist/services/app-common/task-service.js.map +1 -0
  163. package/dist/services/app-common/terminal-session-manager.js +157 -0
  164. package/dist/services/app-common/terminal-session-manager.js.map +1 -0
  165. package/dist/services/app-modules/browserless/routes.d.ts +9 -0
  166. package/dist/services/app-modules/browserless/routes.js +517 -0
  167. package/dist/services/app-modules/browserless/routes.js.map +1 -0
  168. package/dist/services/app-modules/routes.d.ts +2 -0
  169. package/dist/services/app-modules/routes.js +5 -0
  170. package/dist/services/app-modules/routes.js.map +1 -0
  171. package/dist/services/backup/backup-admin.d.ts +95 -0
  172. package/dist/services/backup/backup-admin.js +246 -0
  173. package/dist/services/backup/backup-admin.js.map +1 -0
  174. package/dist/services/backup/backup-manager.d.ts +264 -0
  175. package/dist/services/backup/backup-manager.js +2318 -0
  176. package/dist/services/backup/backup-manager.js.map +1 -0
  177. package/dist/services/backup/backup-verify.js +240 -0
  178. package/dist/services/backup/backup-verify.js.map +1 -0
  179. package/dist/services/capabilities/browser-policy.d.ts +14 -0
  180. package/dist/services/capabilities/browser-policy.js +141 -0
  181. package/dist/services/capabilities/browser-policy.js.map +1 -0
  182. package/dist/services/capabilities/contract.d.ts +50 -0
  183. package/dist/services/capabilities/contract.js +129 -0
  184. package/dist/services/capabilities/contract.js.map +1 -0
  185. package/dist/services/capabilities/endpoint-validator.d.ts +42 -0
  186. package/dist/services/capabilities/endpoint-validator.js +114 -0
  187. package/dist/services/capabilities/endpoint-validator.js.map +1 -0
  188. package/dist/services/capabilities/health.d.ts +16 -0
  189. package/dist/services/capabilities/health.js +121 -0
  190. package/dist/services/capabilities/health.js.map +1 -0
  191. package/dist/services/capabilities/registry.d.ts +56 -0
  192. package/dist/services/capabilities/registry.js +222 -0
  193. package/dist/services/capabilities/registry.js.map +1 -0
  194. package/dist/services/capabilities/sync.d.ts +7 -0
  195. package/dist/services/capabilities/sync.js +223 -0
  196. package/dist/services/capabilities/sync.js.map +1 -0
  197. package/dist/services/capability-proxy/html-rewriters/browserless.d.ts +1 -0
  198. package/dist/services/capability-proxy/html-rewriters/browserless.js +83 -0
  199. package/dist/services/capability-proxy/html-rewriters/browserless.js.map +1 -0
  200. package/dist/services/capability-proxy/html-rewriters/index.d.ts +12 -0
  201. package/dist/services/capability-proxy/html-rewriters/index.js +25 -0
  202. package/dist/services/capability-proxy/html-rewriters/index.js.map +1 -0
  203. package/dist/services/capability-proxy/html-rewriters/jishukb.d.ts +1 -0
  204. package/dist/services/capability-proxy/html-rewriters/jishukb.js +161 -0
  205. package/dist/services/capability-proxy/html-rewriters/jishukb.js.map +1 -0
  206. package/dist/services/connections/admin.d.ts +80 -0
  207. package/dist/services/connections/admin.js +327 -0
  208. package/dist/services/connections/admin.js.map +1 -0
  209. package/dist/services/connections/apply.d.ts +110 -0
  210. package/dist/services/connections/apply.js +444 -0
  211. package/dist/services/connections/apply.js.map +1 -0
  212. package/dist/services/connections/resolver.d.ts +82 -0
  213. package/dist/services/connections/resolver.js +289 -0
  214. package/dist/services/connections/resolver.js.map +1 -0
  215. package/dist/services/connections/suggestions.d.ts +27 -0
  216. package/dist/services/connections/suggestions.js +124 -0
  217. package/dist/services/connections/suggestions.js.map +1 -0
  218. package/dist/services/connections/transactor.d.ts +39 -0
  219. package/dist/services/connections/transactor.js +307 -0
  220. package/dist/services/connections/transactor.js.map +1 -0
  221. package/dist/services/files/external-mounts.js +187 -0
  222. package/dist/services/files/external-mounts.js.map +1 -0
  223. package/dist/services/files/files-manager.d.ts +265 -0
  224. package/dist/services/files/files-manager.js +1189 -0
  225. package/dist/services/files/files-manager.js.map +1 -0
  226. package/dist/services/files/files-mounts.d.ts +42 -0
  227. package/dist/services/files/files-mounts.js +207 -0
  228. package/dist/services/files/files-mounts.js.map +1 -0
  229. package/dist/services/files/organize/applier.js +218 -0
  230. package/dist/services/files/organize/applier.js.map +1 -0
  231. package/dist/services/files/organize/rules.js +286 -0
  232. package/dist/services/files/organize/rules.js.map +1 -0
  233. package/dist/services/files/organize/scanner.js +366 -0
  234. package/dist/services/files/organize/scanner.js.map +1 -0
  235. package/dist/services/files/organize/store.js +82 -0
  236. package/dist/services/files/organize/store.js.map +1 -0
  237. package/dist/services/files/webdav/server.d.ts +47 -0
  238. package/dist/services/files/webdav/server.js +329 -0
  239. package/dist/services/files/webdav/server.js.map +1 -0
  240. package/dist/services/files/webdav/xml-builder.js.map +1 -0
  241. package/dist/services/instances/admin.d.ts +23 -0
  242. package/dist/services/instances/admin.js +218 -0
  243. package/dist/services/instances/admin.js.map +1 -0
  244. package/dist/services/instances/clone.d.ts +26 -0
  245. package/dist/services/instances/clone.js +78 -0
  246. package/dist/services/instances/clone.js.map +1 -0
  247. package/dist/services/instances/config-admin.d.ts +17 -0
  248. package/dist/services/instances/config-admin.js +181 -0
  249. package/dist/services/instances/config-admin.js.map +1 -0
  250. package/dist/services/instances/manager.d.ts +231 -0
  251. package/dist/services/instances/manager.js +1348 -0
  252. package/dist/services/instances/manager.js.map +1 -0
  253. package/dist/services/instances/passwords.js +173 -0
  254. package/dist/services/instances/passwords.js.map +1 -0
  255. package/dist/services/instances/types.d.ts +21 -0
  256. package/dist/services/instances/types.js +2 -0
  257. package/dist/services/instances/types.js.map +1 -0
  258. package/dist/services/integrations/anythingllm/integration.d.ts +25 -0
  259. package/dist/services/integrations/anythingllm/integration.js +251 -0
  260. package/dist/services/integrations/anythingllm/integration.js.map +1 -0
  261. package/dist/services/integrations/catalog.d.ts +3 -0
  262. package/dist/services/integrations/catalog.js +73 -0
  263. package/dist/services/integrations/catalog.js.map +1 -0
  264. package/dist/services/integrations/custom/integration.d.ts +28 -0
  265. package/dist/services/integrations/custom/integration.js +179 -0
  266. package/dist/services/integrations/custom/integration.js.map +1 -0
  267. package/dist/services/integrations/hermes/integration.d.ts +194 -0
  268. package/dist/services/integrations/hermes/integration.js +1669 -0
  269. package/dist/services/integrations/hermes/integration.js.map +1 -0
  270. package/dist/services/integrations/index.d.ts +40 -0
  271. package/dist/services/integrations/index.js +59 -0
  272. package/dist/services/integrations/index.js.map +1 -0
  273. package/dist/services/integrations/installable/catalog.d.ts +33 -0
  274. package/dist/services/integrations/installable/catalog.js +88 -0
  275. package/dist/services/integrations/installable/catalog.js.map +1 -0
  276. package/dist/services/integrations/installable/index.d.ts +35 -0
  277. package/dist/services/integrations/installable/index.js +170 -0
  278. package/dist/services/integrations/installable/index.js.map +1 -0
  279. package/dist/services/integrations/installable/installers/integration-probes.d.ts +50 -0
  280. package/dist/services/integrations/installable/installers/integration-probes.js +231 -0
  281. package/dist/services/integrations/installable/installers/integration-probes.js.map +1 -0
  282. package/dist/services/integrations/installable/installers/integration.d.ts +30 -0
  283. package/dist/services/integrations/installable/installers/integration.js +177 -0
  284. package/dist/services/integrations/installable/installers/integration.js.map +1 -0
  285. package/dist/services/integrations/installable/installers/registry-probe.js.map +1 -0
  286. package/dist/services/integrations/installable/installers/shell-script.d.ts +46 -0
  287. package/dist/services/integrations/installable/installers/shell-script.js +487 -0
  288. package/dist/services/integrations/installable/installers/shell-script.js.map +1 -0
  289. package/dist/services/integrations/installable/types.d.ts +130 -0
  290. package/dist/services/integrations/installable/types.js +19 -0
  291. package/dist/services/integrations/installable/types.js.map +1 -0
  292. package/dist/services/integrations/jishukb/integration.d.ts +22 -0
  293. package/dist/services/integrations/jishukb/integration.js +189 -0
  294. package/dist/services/integrations/jishukb/integration.js.map +1 -0
  295. package/dist/services/integrations/openclaw/anythingllm-shim.d.ts +46 -0
  296. package/dist/services/integrations/openclaw/anythingllm-shim.js +281 -0
  297. package/dist/services/integrations/openclaw/anythingllm-shim.js.map +1 -0
  298. package/dist/services/integrations/openclaw/drive-shim.js +490 -0
  299. package/dist/services/integrations/openclaw/drive-shim.js.map +1 -0
  300. package/dist/services/integrations/openclaw/integration.d.ts +424 -0
  301. package/dist/services/integrations/openclaw/integration.js +4402 -0
  302. package/dist/services/integrations/openclaw/integration.js.map +1 -0
  303. package/dist/services/integrations/openclaw/jishukb-shim.d.ts +48 -0
  304. package/dist/services/integrations/openclaw/jishukb-shim.js +750 -0
  305. package/dist/services/integrations/openclaw/jishukb-shim.js.map +1 -0
  306. package/dist/services/integrations/openclaw/mcporter-lite.js +276 -0
  307. package/dist/services/integrations/openclaw/mcporter-lite.js.map +1 -0
  308. package/dist/services/integrations/openclaw/mcporter.d.ts +46 -0
  309. package/dist/services/integrations/openclaw/mcporter.js +112 -0
  310. package/dist/services/integrations/openclaw/mcporter.js.map +1 -0
  311. package/dist/services/integrations/openclaw/routes.d.ts +21 -0
  312. package/dist/services/integrations/openclaw/routes.js +1191 -0
  313. package/dist/services/integrations/openclaw/routes.js.map +1 -0
  314. package/dist/services/integrations/registry.d.ts +17 -0
  315. package/dist/services/integrations/registry.js +36 -0
  316. package/dist/services/integrations/registry.js.map +1 -0
  317. package/dist/services/integrations/routes.d.ts +2 -0
  318. package/dist/services/integrations/routes.js +9 -0
  319. package/dist/services/integrations/routes.js.map +1 -0
  320. package/dist/services/integrations/types.d.ts +469 -0
  321. package/dist/services/integrations/types.js +2 -0
  322. package/dist/services/integrations/types.js.map +1 -0
  323. package/dist/services/legacy-migrator/classifier.d.ts +44 -0
  324. package/dist/services/legacy-migrator/classifier.js +309 -0
  325. package/dist/services/legacy-migrator/classifier.js.map +1 -0
  326. package/dist/services/legacy-migrator/executor.d.ts +42 -0
  327. package/dist/services/legacy-migrator/executor.js +637 -0
  328. package/dist/services/legacy-migrator/executor.js.map +1 -0
  329. package/dist/services/legacy-migrator/index.d.ts +31 -0
  330. package/dist/services/legacy-migrator/index.js +34 -0
  331. package/dist/services/legacy-migrator/index.js.map +1 -0
  332. package/dist/services/legacy-migrator/planner.d.ts +8 -0
  333. package/dist/services/legacy-migrator/planner.js +154 -0
  334. package/dist/services/legacy-migrator/planner.js.map +1 -0
  335. package/dist/services/legacy-migrator/provider-settings.d.ts +6 -0
  336. package/dist/services/legacy-migrator/provider-settings.js +72 -0
  337. package/dist/services/legacy-migrator/provider-settings.js.map +1 -0
  338. package/dist/services/legacy-migrator/report.d.ts +9 -0
  339. package/dist/services/legacy-migrator/report.js +99 -0
  340. package/dist/services/legacy-migrator/report.js.map +1 -0
  341. package/dist/services/legacy-migrator/scanner.d.ts +13 -0
  342. package/dist/services/legacy-migrator/scanner.js +157 -0
  343. package/dist/services/legacy-migrator/scanner.js.map +1 -0
  344. package/dist/services/legacy-migrator/types.d.ts +97 -0
  345. package/dist/services/legacy-migrator/types.js +23 -0
  346. package/dist/services/legacy-migrator/types.js.map +1 -0
  347. package/dist/services/llm-proxy/instance-proxy.d.ts +17 -1
  348. package/dist/services/llm-proxy/instance-proxy.js +171 -44
  349. package/dist/services/llm-proxy/instance-proxy.js.map +1 -1
  350. package/dist/services/llm-proxy/probe.js +5 -14
  351. package/dist/services/llm-proxy/probe.js.map +1 -1
  352. package/dist/services/llm-proxy/providers.js +23 -31
  353. package/dist/services/llm-proxy/providers.js.map +1 -1
  354. package/dist/services/llm-proxy/ssrf.d.ts +11 -4
  355. package/dist/services/llm-proxy/ssrf.js +45 -7
  356. package/dist/services/llm-proxy/ssrf.js.map +1 -1
  357. package/dist/services/llm-proxy/validate-key.js +16 -37
  358. package/dist/services/llm-proxy/validate-key.js.map +1 -1
  359. package/dist/services/repair/runtime-repair.d.ts +22 -0
  360. package/dist/services/repair/runtime-repair.js +307 -0
  361. package/dist/services/repair/runtime-repair.js.map +1 -0
  362. package/dist/services/runtime/driver-registry.d.ts +21 -0
  363. package/dist/services/runtime/driver-registry.js +22 -0
  364. package/dist/services/runtime/driver-registry.js.map +1 -0
  365. package/dist/services/runtime/drivers/nomad.d.ts +260 -0
  366. package/dist/services/runtime/drivers/nomad.js +3092 -0
  367. package/dist/services/runtime/drivers/nomad.js.map +1 -0
  368. package/dist/services/runtime/errors.d.ts +3 -3
  369. package/dist/services/runtime/errors.js +3 -3
  370. package/dist/services/runtime/instance.d.ts +14 -16
  371. package/dist/services/runtime/instance.js +93 -123
  372. package/dist/services/runtime/instance.js.map +1 -1
  373. package/dist/services/runtime/job-id.d.ts +1 -1
  374. package/dist/services/runtime/job-id.js +1 -1
  375. package/dist/services/runtime/mcp-shims/firewall.d.ts +2 -2
  376. package/dist/services/runtime/mcp-shims/firewall.js +2 -2
  377. package/dist/services/runtime/mcp-shims/searxng-shim.d.ts +3 -5
  378. package/dist/services/runtime/mcp-shims/searxng-shim.js +3 -5
  379. package/dist/services/runtime/mcp-shims/searxng-shim.js.map +1 -1
  380. package/dist/services/runtime/mcp-shims/write-mcp-entry.d.ts +20 -20
  381. package/dist/services/runtime/mcp-shims/write-mcp-entry.js +16 -16
  382. package/dist/services/runtime/mcp-shims/write-mcp-entry.js.map +1 -1
  383. package/dist/services/runtime/ownership-marker.d.ts +83 -0
  384. package/dist/services/runtime/ownership-marker.js +109 -0
  385. package/dist/services/runtime/ownership-marker.js.map +1 -0
  386. package/dist/services/runtime/types.d.ts +22 -501
  387. package/dist/services/runtime/types.js +0 -12
  388. package/dist/services/runtime/types.js.map +1 -1
  389. package/dist/services/runtime/workload-compiler.d.ts +17 -0
  390. package/dist/services/runtime/workload-compiler.js +525 -0
  391. package/dist/services/runtime/workload-compiler.js.map +1 -0
  392. package/dist/services/runtime/workload-types.d.ts +11 -0
  393. package/dist/services/runtime/workload-types.js +2 -0
  394. package/dist/services/runtime/workload-types.js.map +1 -0
  395. package/dist/services/setup/core-manager.d.ts +50 -0
  396. package/dist/services/setup/core-manager.js +456 -0
  397. package/dist/services/setup/core-manager.js.map +1 -0
  398. package/dist/services/setup/plugin-installer.js +136 -0
  399. package/dist/services/setup/plugin-installer.js.map +1 -0
  400. package/dist/services/setup/setup-manager.d.ts +158 -0
  401. package/dist/services/setup/setup-manager.js +2768 -0
  402. package/dist/services/setup/setup-manager.js.map +1 -0
  403. package/dist/services/system/cli-command.d.ts +5 -0
  404. package/dist/services/system/cli-command.js +18 -0
  405. package/dist/services/system/cli-command.js.map +1 -0
  406. package/dist/services/system/macos-launchd.js +312 -0
  407. package/dist/services/system/macos-launchd.js.map +1 -0
  408. package/dist/services/system/repair-orchestrator.d.ts +71 -0
  409. package/dist/services/system/repair-orchestrator.js +412 -0
  410. package/dist/services/system/repair-orchestrator.js.map +1 -0
  411. package/dist/services/system/system-monitor.js +96 -0
  412. package/dist/services/system/system-monitor.js.map +1 -0
  413. package/dist/services/system/system-ollama-provider.d.ts +14 -0
  414. package/dist/services/system/system-ollama-provider.js +129 -0
  415. package/dist/services/system/system-ollama-provider.js.map +1 -0
  416. package/dist/services/system/system-reconciler.d.ts +59 -0
  417. package/dist/services/system/system-reconciler.js +710 -0
  418. package/dist/services/system/system-reconciler.js.map +1 -0
  419. package/dist/services/system/update-manager.d.ts +43 -0
  420. package/dist/services/system/update-manager.js +315 -0
  421. package/dist/services/system/update-manager.js.map +1 -0
  422. package/dist/services/system/upgrade-finalize.d.ts +80 -0
  423. package/dist/services/system/upgrade-finalize.js +507 -0
  424. package/dist/services/system/upgrade-finalize.js.map +1 -0
  425. package/dist/services/tasks/registry.d.ts +44 -0
  426. package/dist/services/tasks/registry.js +90 -0
  427. package/dist/services/tasks/registry.js.map +1 -0
  428. package/dist/services/telemetry/activation.d.ts +6 -2
  429. package/dist/services/telemetry/activation.js +6 -2
  430. package/dist/services/telemetry/activation.js.map +1 -1
  431. package/dist/services/telemetry/heartbeat.d.ts +6 -2
  432. package/dist/services/telemetry/heartbeat.js +6 -2
  433. package/dist/services/telemetry/heartbeat.js.map +1 -1
  434. package/dist/services/workspaces/builder.d.ts +29 -0
  435. package/dist/services/workspaces/builder.js +186 -0
  436. package/dist/services/workspaces/builder.js.map +1 -0
  437. package/dist/types.d.ts +331 -45
  438. package/dist/utils/instance-lock.d.ts +2 -2
  439. package/dist/utils/instance-lock.js +2 -2
  440. package/install/jishu-install.sh +107 -26
  441. package/install/jishu-uninstall.sh +8 -0
  442. package/install/post-install.sh +162 -185
  443. package/install/post-uninstall.sh +6 -0
  444. package/node_modules/@fastify/static/.github/workflows/ci.yml +1 -1
  445. package/node_modules/@fastify/static/.github/workflows/lock-threads.yml +19 -0
  446. package/node_modules/@fastify/static/LICENSE +1 -3
  447. package/node_modules/@fastify/static/example/server-benchmark.js +39 -0
  448. package/node_modules/@fastify/static/index.js +169 -23
  449. package/node_modules/@fastify/static/lib/dirList.js +20 -6
  450. package/node_modules/@fastify/static/package.json +10 -8
  451. package/node_modules/@fastify/static/test/dir-list.test.js +82 -0
  452. package/node_modules/@fastify/static/test/static.test.js +326 -4
  453. package/node_modules/@fastify/static/types/index.d.ts +0 -4
  454. package/node_modules/@fastify/static/types/index.test-d.ts +1 -1
  455. package/node_modules/content-disposition/README.md +21 -22
  456. package/node_modules/content-disposition/index.js +122 -44
  457. package/node_modules/content-disposition/package.json +16 -20
  458. package/node_modules/glob/README.md +39 -130
  459. package/node_modules/glob/dist/commonjs/glob.d.ts +8 -0
  460. package/node_modules/glob/dist/commonjs/glob.d.ts.map +1 -1
  461. package/node_modules/glob/dist/commonjs/glob.js +2 -1
  462. package/node_modules/glob/dist/commonjs/glob.js.map +1 -1
  463. package/node_modules/glob/dist/commonjs/index.min.js +4 -0
  464. package/node_modules/glob/dist/commonjs/index.min.js.map +7 -0
  465. package/node_modules/glob/dist/commonjs/pattern.d.ts +3 -0
  466. package/node_modules/glob/dist/commonjs/pattern.d.ts.map +1 -1
  467. package/node_modules/glob/dist/commonjs/pattern.js +4 -0
  468. package/node_modules/glob/dist/commonjs/pattern.js.map +1 -1
  469. package/node_modules/glob/dist/esm/glob.d.ts +8 -0
  470. package/node_modules/glob/dist/esm/glob.d.ts.map +1 -1
  471. package/node_modules/glob/dist/esm/glob.js +2 -1
  472. package/node_modules/glob/dist/esm/glob.js.map +1 -1
  473. package/node_modules/glob/dist/esm/index.min.js +4 -0
  474. package/node_modules/glob/dist/esm/index.min.js.map +7 -0
  475. package/node_modules/glob/dist/esm/pattern.d.ts +3 -0
  476. package/node_modules/glob/dist/esm/pattern.d.ts.map +1 -1
  477. package/node_modules/glob/dist/esm/pattern.js +4 -0
  478. package/node_modules/glob/dist/esm/pattern.js.map +1 -1
  479. package/node_modules/glob/package.json +38 -37
  480. package/node_modules/jishushell-panel/README.md +4 -4
  481. package/node_modules/jishushell-panel/output/dist/server.js +17 -6
  482. package/node_modules/jishushell-panel/output/dist/server.js.map +1 -1
  483. package/node_modules/jishushell-panel/output/public/assets/ApiKeyField-NKcbHjNz.js +1 -0
  484. package/node_modules/jishushell-panel/output/public/assets/Dashboard-Da1fL38t.js +1 -0
  485. package/node_modules/jishushell-panel/output/public/assets/HermesChatPanel-DZvmYsoh.js +1 -0
  486. package/node_modules/jishushell-panel/output/public/assets/HermesConfigForm-BLUWlKwm.js +4 -0
  487. package/node_modules/jishushell-panel/output/public/assets/InitPassword-BAKsshzk.js +1 -0
  488. package/node_modules/jishushell-panel/output/public/assets/InstanceDetail-Dgyc_TX5.js +14 -0
  489. package/node_modules/jishushell-panel/output/public/assets/Login-DHeOmwI8.js +1 -0
  490. package/node_modules/jishushell-panel/output/public/assets/NewInstance-CIy0cYtp.js +1 -0
  491. package/node_modules/jishushell-panel/output/public/assets/ProviderRecommendations-H0ByEYF0.js +1 -0
  492. package/node_modules/jishushell-panel/output/public/assets/Settings-DAT-UMfP.js +1 -0
  493. package/node_modules/jishushell-panel/output/public/assets/Setup-g3uckFYR.js +1 -0
  494. package/node_modules/jishushell-panel/output/public/assets/WeixinLoginPanel-D-T6BxkQ.js +1 -0
  495. package/node_modules/jishushell-panel/output/public/assets/api-C70Gt678.js +4 -0
  496. package/node_modules/jishushell-panel/output/public/assets/index-DnnqTf7s.css +1 -0
  497. package/node_modules/jishushell-panel/output/public/assets/index-ERt6_ngA.js +23 -0
  498. package/node_modules/jishushell-panel/output/public/assets/registry-DF93EzIb.js +2 -0
  499. package/node_modules/jishushell-panel/output/public/assets/rolldown-runtime-QTnfLwEv.js +1 -0
  500. package/node_modules/jishushell-panel/output/public/assets/setup-task-q21GnI0E.js +1 -0
  501. package/node_modules/jishushell-panel/output/public/assets/usePolling-DeoThIQn.js +1 -0
  502. package/node_modules/jishushell-panel/output/public/assets/vendor-i18n-CS8DFbkQ.js +1 -0
  503. package/node_modules/jishushell-panel/output/public/assets/vendor-react-Cc84NArf.js +8 -0
  504. package/node_modules/jishushell-panel/output/public/index.html +6 -4
  505. package/node_modules/jishushell-panel/package.json +2 -2
  506. package/node_modules/semver/classes/range.js +11 -2
  507. package/node_modules/semver/package.json +2 -2
  508. package/package.json +12 -64
  509. package/scripts/check-app-path-boundaries.mjs +121 -0
  510. package/scripts/check-app-spec.mjs +127 -25
  511. package/scripts/check-colima-launchd.mjs +10 -8
  512. package/scripts/check-integration-isolation.ts +541 -0
  513. package/scripts/check-new-file-tests.mjs +11 -3
  514. package/scripts/check-open-core-boundaries.mjs +60 -10
  515. package/scripts/check-test-layering.sh +1 -1
  516. package/scripts/fixtures/instances/hermes-sample/instance.json +3 -2
  517. package/scripts/fixtures/instances/legacy-openclaw-sample/instance.json +1 -1
  518. package/scripts/local-web-upgrade-test.README +4 -3
  519. package/scripts/local-web-upgrade-test.example.env +2 -2
  520. package/scripts/local-web-upgrade-test.sh +14 -1
  521. package/scripts/pack-gui-and-send-pi.sh +41 -0
  522. package/scripts/perf/instances.js +1 -1
  523. package/scripts/prune-open-core-dist.mjs +89 -2
  524. package/scripts/smoke/hermes-bootstrap.sh +5 -5
  525. package/templates/hermes-entrypoint.sh +19 -29
  526. package/apps/openwebui-container.yaml +0 -97
  527. package/apps/playwright-container.yaml +0 -126
  528. package/dependencies/jishushell-panel-0.6.5.tgz +0 -0
  529. package/dist/crypto-shim.d.ts +0 -1
  530. package/dist/crypto-shim.js +0 -2
  531. package/dist/crypto-shim.js.map +0 -1
  532. package/dist/routes/agent-apps.d.ts +0 -14
  533. package/dist/routes/agent-apps.js +0 -77
  534. package/dist/routes/agent-apps.js.map +0 -1
  535. package/dist/routes/internal.d.ts +0 -2
  536. package/dist/routes/internal.js +0 -55
  537. package/dist/routes/internal.js.map +0 -1
  538. package/dist/routes/openclaw-routes.d.ts +0 -22
  539. package/dist/routes/openclaw-routes.js +0 -1020
  540. package/dist/routes/openclaw-routes.js.map +0 -1
  541. package/dist/routes/runtime.d.ts +0 -15
  542. package/dist/routes/runtime.js +0 -76
  543. package/dist/routes/runtime.js.map +0 -1
  544. package/dist/services/agent-apps/catalog.d.ts +0 -33
  545. package/dist/services/agent-apps/catalog.js +0 -88
  546. package/dist/services/agent-apps/catalog.js.map +0 -1
  547. package/dist/services/agent-apps/index.d.ts +0 -36
  548. package/dist/services/agent-apps/index.js +0 -171
  549. package/dist/services/agent-apps/index.js.map +0 -1
  550. package/dist/services/agent-apps/installers/adapter-probes.d.ts +0 -49
  551. package/dist/services/agent-apps/installers/adapter-probes.js +0 -230
  552. package/dist/services/agent-apps/installers/adapter-probes.js.map +0 -1
  553. package/dist/services/agent-apps/installers/adapter.d.ts +0 -30
  554. package/dist/services/agent-apps/installers/adapter.js +0 -171
  555. package/dist/services/agent-apps/installers/adapter.js.map +0 -1
  556. package/dist/services/agent-apps/installers/registry-probe.js.map +0 -1
  557. package/dist/services/agent-apps/installers/shell-script.d.ts +0 -47
  558. package/dist/services/agent-apps/installers/shell-script.js +0 -488
  559. package/dist/services/agent-apps/installers/shell-script.js.map +0 -1
  560. package/dist/services/agent-apps/types.d.ts +0 -128
  561. package/dist/services/agent-apps/types.js +0 -17
  562. package/dist/services/agent-apps/types.js.map +0 -1
  563. package/dist/services/app/app-compiler.js +0 -185
  564. package/dist/services/app/app-compiler.js.map +0 -1
  565. package/dist/services/app/app-manager.d.ts +0 -184
  566. package/dist/services/app/app-manager.js +0 -2933
  567. package/dist/services/app/app-manager.js.map +0 -1
  568. package/dist/services/app/custom-manager.d.ts +0 -27
  569. package/dist/services/app/custom-manager.js +0 -382
  570. package/dist/services/app/custom-manager.js.map +0 -1
  571. package/dist/services/app/hermes-agent-manager.d.ts +0 -20
  572. package/dist/services/app/hermes-agent-manager.js +0 -299
  573. package/dist/services/app/hermes-agent-manager.js.map +0 -1
  574. package/dist/services/app/id-normalizer.d.ts +0 -27
  575. package/dist/services/app/id-normalizer.js +0 -77
  576. package/dist/services/app/id-normalizer.js.map +0 -1
  577. package/dist/services/app/ollama-manager.d.ts +0 -18
  578. package/dist/services/app/ollama-manager.js +0 -224
  579. package/dist/services/app/ollama-manager.js.map +0 -1
  580. package/dist/services/app/openclaw-manager.d.ts +0 -63
  581. package/dist/services/app/openclaw-manager.js +0 -1215
  582. package/dist/services/app/openclaw-manager.js.map +0 -1
  583. package/dist/services/app/paths.d.ts +0 -27
  584. package/dist/services/app/paths.js +0 -40
  585. package/dist/services/app/paths.js.map +0 -1
  586. package/dist/services/app/platform-transform.d.ts +0 -32
  587. package/dist/services/app/platform-transform.js +0 -65
  588. package/dist/services/app/platform-transform.js.map +0 -1
  589. package/dist/services/app/provide-resolver.d.ts +0 -29
  590. package/dist/services/app/provide-resolver.js +0 -135
  591. package/dist/services/app/provide-resolver.js.map +0 -1
  592. package/dist/services/app/registry.d.ts +0 -17
  593. package/dist/services/app/registry.js +0 -31
  594. package/dist/services/app/registry.js.map +0 -1
  595. package/dist/services/app/remote-spec.d.ts +0 -14
  596. package/dist/services/app/remote-spec.js +0 -58
  597. package/dist/services/app/remote-spec.js.map +0 -1
  598. package/dist/services/app/terminal-session-manager.js +0 -157
  599. package/dist/services/app/terminal-session-manager.js.map +0 -1
  600. package/dist/services/app/types.d.ts +0 -74
  601. package/dist/services/app/types.js +0 -16
  602. package/dist/services/app/types.js.map +0 -1
  603. package/dist/services/app-config-admin.d.ts +0 -17
  604. package/dist/services/app-config-admin.js +0 -177
  605. package/dist/services/app-config-admin.js.map +0 -1
  606. package/dist/services/app-create-from-installed.d.ts +0 -23
  607. package/dist/services/app-create-from-installed.js +0 -75
  608. package/dist/services/app-create-from-installed.js.map +0 -1
  609. package/dist/services/app-passwords.js +0 -173
  610. package/dist/services/app-passwords.js.map +0 -1
  611. package/dist/services/backup-admin.d.ts +0 -101
  612. package/dist/services/backup-admin.js +0 -259
  613. package/dist/services/backup-admin.js.map +0 -1
  614. package/dist/services/backup-manager.d.ts +0 -264
  615. package/dist/services/backup-manager.js +0 -2263
  616. package/dist/services/backup-manager.js.map +0 -1
  617. package/dist/services/backup-verify.js +0 -240
  618. package/dist/services/backup-verify.js.map +0 -1
  619. package/dist/services/capability-endpoint-validator.d.ts +0 -41
  620. package/dist/services/capability-endpoint-validator.js +0 -114
  621. package/dist/services/capability-endpoint-validator.js.map +0 -1
  622. package/dist/services/capability-health.d.ts +0 -16
  623. package/dist/services/capability-health.js +0 -121
  624. package/dist/services/capability-health.js.map +0 -1
  625. package/dist/services/capability-registry.d.ts +0 -29
  626. package/dist/services/capability-registry.js +0 -176
  627. package/dist/services/capability-registry.js.map +0 -1
  628. package/dist/services/capability-sync.d.ts +0 -4
  629. package/dist/services/capability-sync.js +0 -220
  630. package/dist/services/capability-sync.js.map +0 -1
  631. package/dist/services/connection-admin.d.ts +0 -74
  632. package/dist/services/connection-admin.js +0 -287
  633. package/dist/services/connection-admin.js.map +0 -1
  634. package/dist/services/connection-apply.d.ts +0 -91
  635. package/dist/services/connection-apply.js +0 -471
  636. package/dist/services/connection-apply.js.map +0 -1
  637. package/dist/services/connection-resolver.d.ts +0 -65
  638. package/dist/services/connection-resolver.js +0 -281
  639. package/dist/services/connection-resolver.js.map +0 -1
  640. package/dist/services/connection-transactor.d.ts +0 -39
  641. package/dist/services/connection-transactor.js +0 -354
  642. package/dist/services/connection-transactor.js.map +0 -1
  643. package/dist/services/core-manager.d.ts +0 -50
  644. package/dist/services/core-manager.js +0 -411
  645. package/dist/services/core-manager.js.map +0 -1
  646. package/dist/services/external-mounts.js +0 -187
  647. package/dist/services/external-mounts.js.map +0 -1
  648. package/dist/services/files-manager.d.ts +0 -252
  649. package/dist/services/files-manager.js +0 -1156
  650. package/dist/services/files-manager.js.map +0 -1
  651. package/dist/services/files-mounts.d.ts +0 -42
  652. package/dist/services/files-mounts.js +0 -207
  653. package/dist/services/files-mounts.js.map +0 -1
  654. package/dist/services/instance-admin.d.ts +0 -26
  655. package/dist/services/instance-admin.js +0 -218
  656. package/dist/services/instance-admin.js.map +0 -1
  657. package/dist/services/instance-manager.d.ts +0 -192
  658. package/dist/services/instance-manager.js +0 -1289
  659. package/dist/services/instance-manager.js.map +0 -1
  660. package/dist/services/macos-launchd.js +0 -312
  661. package/dist/services/macos-launchd.js.map +0 -1
  662. package/dist/services/nomad-manager.d.ts +0 -307
  663. package/dist/services/nomad-manager.js +0 -3958
  664. package/dist/services/nomad-manager.js.map +0 -1
  665. package/dist/services/organize/applier.js +0 -218
  666. package/dist/services/organize/applier.js.map +0 -1
  667. package/dist/services/organize/rules.js +0 -286
  668. package/dist/services/organize/rules.js.map +0 -1
  669. package/dist/services/organize/scanner.js +0 -366
  670. package/dist/services/organize/scanner.js.map +0 -1
  671. package/dist/services/organize/store.js +0 -82
  672. package/dist/services/organize/store.js.map +0 -1
  673. package/dist/services/plugin-installer.js +0 -128
  674. package/dist/services/plugin-installer.js.map +0 -1
  675. package/dist/services/process-manager.d.ts +0 -25
  676. package/dist/services/process-manager.js +0 -568
  677. package/dist/services/process-manager.js.map +0 -1
  678. package/dist/services/runtime/adapters/custom.d.ts +0 -20
  679. package/dist/services/runtime/adapters/custom.js +0 -188
  680. package/dist/services/runtime/adapters/custom.js.map +0 -1
  681. package/dist/services/runtime/adapters/hermes.d.ts +0 -204
  682. package/dist/services/runtime/adapters/hermes.js +0 -1684
  683. package/dist/services/runtime/adapters/hermes.js.map +0 -1
  684. package/dist/services/runtime/adapters/openclaw-mcporter.d.ts +0 -45
  685. package/dist/services/runtime/adapters/openclaw-mcporter.js +0 -108
  686. package/dist/services/runtime/adapters/openclaw-mcporter.js.map +0 -1
  687. package/dist/services/runtime/adapters/openclaw.d.ts +0 -426
  688. package/dist/services/runtime/adapters/openclaw.js +0 -3975
  689. package/dist/services/runtime/adapters/openclaw.js.map +0 -1
  690. package/dist/services/runtime/index.d.ts +0 -34
  691. package/dist/services/runtime/index.js +0 -51
  692. package/dist/services/runtime/index.js.map +0 -1
  693. package/dist/services/runtime/mcp-shims/anythingllm-shim.d.ts +0 -46
  694. package/dist/services/runtime/mcp-shims/anythingllm-shim.js +0 -281
  695. package/dist/services/runtime/mcp-shims/anythingllm-shim.js.map +0 -1
  696. package/dist/services/runtime/mcp-shims/drive-shim.js +0 -490
  697. package/dist/services/runtime/mcp-shims/drive-shim.js.map +0 -1
  698. package/dist/services/runtime/mcp-shims/jishukb-shim.d.ts +0 -48
  699. package/dist/services/runtime/mcp-shims/jishukb-shim.js +0 -723
  700. package/dist/services/runtime/mcp-shims/jishukb-shim.js.map +0 -1
  701. package/dist/services/runtime/mcp-shims/mcporter-lite.js +0 -276
  702. package/dist/services/runtime/mcp-shims/mcporter-lite.js.map +0 -1
  703. package/dist/services/runtime/migrations.d.ts +0 -23
  704. package/dist/services/runtime/migrations.js +0 -125
  705. package/dist/services/runtime/migrations.js.map +0 -1
  706. package/dist/services/runtime/registry.d.ts +0 -13
  707. package/dist/services/runtime/registry.js +0 -32
  708. package/dist/services/runtime/registry.js.map +0 -1
  709. package/dist/services/runtime-identity.d.ts +0 -13
  710. package/dist/services/runtime-identity.js +0 -166
  711. package/dist/services/runtime-identity.js.map +0 -1
  712. package/dist/services/runtime-repair.d.ts +0 -52
  713. package/dist/services/runtime-repair.js +0 -352
  714. package/dist/services/runtime-repair.js.map +0 -1
  715. package/dist/services/setup-manager.d.ts +0 -158
  716. package/dist/services/setup-manager.js +0 -2740
  717. package/dist/services/setup-manager.js.map +0 -1
  718. package/dist/services/suggestions.d.ts +0 -27
  719. package/dist/services/suggestions.js +0 -133
  720. package/dist/services/suggestions.js.map +0 -1
  721. package/dist/services/system-monitor.js +0 -79
  722. package/dist/services/system-monitor.js.map +0 -1
  723. package/dist/services/system-ollama-provider.d.ts +0 -14
  724. package/dist/services/system-ollama-provider.js +0 -125
  725. package/dist/services/system-ollama-provider.js.map +0 -1
  726. package/dist/services/system-reconciler.d.ts +0 -72
  727. package/dist/services/system-reconciler.js +0 -600
  728. package/dist/services/system-reconciler.js.map +0 -1
  729. package/dist/services/task-registry.d.ts +0 -44
  730. package/dist/services/task-registry.js +0 -76
  731. package/dist/services/task-registry.js.map +0 -1
  732. package/dist/services/types-shim.d.ts +0 -16
  733. package/dist/services/types-shim.js +0 -2
  734. package/dist/services/types-shim.js.map +0 -1
  735. package/dist/services/update-manager.d.ts +0 -47
  736. package/dist/services/update-manager.js +0 -351
  737. package/dist/services/update-manager.js.map +0 -1
  738. package/dist/services/webdav/server.d.ts +0 -24
  739. package/dist/services/webdav/server.js +0 -420
  740. package/dist/services/webdav/server.js.map +0 -1
  741. package/dist/services/webdav/xml-builder.js.map +0 -1
  742. package/dist/services/workspace-builder.d.ts +0 -29
  743. package/dist/services/workspace-builder.js +0 -188
  744. package/dist/services/workspace-builder.js.map +0 -1
  745. package/node_modules/@fastify/static/.github/stale.yml +0 -21
  746. package/node_modules/@isaacs/cliui/LICENSE.md +0 -63
  747. package/node_modules/@isaacs/cliui/README.md +0 -151
  748. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.d.ts +0 -4
  749. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.d.ts.map +0 -1
  750. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.js +0 -16
  751. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-regex/index.js.map +0 -1
  752. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.d.ts +0 -34
  753. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.d.ts.map +0 -1
  754. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.js +0 -170
  755. package/node_modules/@isaacs/cliui/dist/commonjs/ansi-styles/index.js.map +0 -1
  756. package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.d.ts +0 -6
  757. package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.d.ts.map +0 -1
  758. package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.js +0 -307
  759. package/node_modules/@isaacs/cliui/dist/commonjs/eastasianwidth/index.js.map +0 -1
  760. package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.d.ts +0 -2
  761. package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.d.ts.map +0 -1
  762. package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.js +0 -7
  763. package/node_modules/@isaacs/cliui/dist/commonjs/emoji-regex/index.js.map +0 -1
  764. package/node_modules/@isaacs/cliui/dist/commonjs/index.d.ts +0 -41
  765. package/node_modules/@isaacs/cliui/dist/commonjs/index.d.ts.map +0 -1
  766. package/node_modules/@isaacs/cliui/dist/commonjs/index.js +0 -322
  767. package/node_modules/@isaacs/cliui/dist/commonjs/index.js.map +0 -1
  768. package/node_modules/@isaacs/cliui/dist/commonjs/index.min.js +0 -12
  769. package/node_modules/@isaacs/cliui/dist/commonjs/index.min.js.map +0 -7
  770. package/node_modules/@isaacs/cliui/dist/commonjs/package.json +0 -3
  771. package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.d.ts +0 -5
  772. package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.d.ts.map +0 -1
  773. package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.js +0 -49
  774. package/node_modules/@isaacs/cliui/dist/commonjs/string-width/index.js.map +0 -1
  775. package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.d.ts +0 -2
  776. package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.d.ts.map +0 -1
  777. package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.js +0 -8
  778. package/node_modules/@isaacs/cliui/dist/commonjs/strip-ansi/index.js.map +0 -1
  779. package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.d.ts +0 -7
  780. package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.d.ts.map +0 -1
  781. package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.js +0 -176
  782. package/node_modules/@isaacs/cliui/dist/commonjs/wrap-ansi/index.js.map +0 -1
  783. package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.d.ts +0 -4
  784. package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.d.ts.map +0 -1
  785. package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.js +0 -12
  786. package/node_modules/@isaacs/cliui/dist/esm/ansi-regex/index.js.map +0 -1
  787. package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.d.ts +0 -34
  788. package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.d.ts.map +0 -1
  789. package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.js +0 -167
  790. package/node_modules/@isaacs/cliui/dist/esm/ansi-styles/index.js.map +0 -1
  791. package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.d.ts +0 -6
  792. package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.d.ts.map +0 -1
  793. package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.js +0 -299
  794. package/node_modules/@isaacs/cliui/dist/esm/eastasianwidth/index.js.map +0 -1
  795. package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.d.ts +0 -2
  796. package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.d.ts.map +0 -1
  797. package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.js +0 -3
  798. package/node_modules/@isaacs/cliui/dist/esm/emoji-regex/index.js.map +0 -1
  799. package/node_modules/@isaacs/cliui/dist/esm/index.d.ts +0 -41
  800. package/node_modules/@isaacs/cliui/dist/esm/index.d.ts.map +0 -1
  801. package/node_modules/@isaacs/cliui/dist/esm/index.js +0 -317
  802. package/node_modules/@isaacs/cliui/dist/esm/index.js.map +0 -1
  803. package/node_modules/@isaacs/cliui/dist/esm/index.min.js +0 -12
  804. package/node_modules/@isaacs/cliui/dist/esm/index.min.js.map +0 -7
  805. package/node_modules/@isaacs/cliui/dist/esm/package.json +0 -3
  806. package/node_modules/@isaacs/cliui/dist/esm/string-width/index.d.ts +0 -5
  807. package/node_modules/@isaacs/cliui/dist/esm/string-width/index.d.ts.map +0 -1
  808. package/node_modules/@isaacs/cliui/dist/esm/string-width/index.js +0 -46
  809. package/node_modules/@isaacs/cliui/dist/esm/string-width/index.js.map +0 -1
  810. package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.d.ts +0 -2
  811. package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.d.ts.map +0 -1
  812. package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.js +0 -4
  813. package/node_modules/@isaacs/cliui/dist/esm/strip-ansi/index.js.map +0 -1
  814. package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.d.ts +0 -7
  815. package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.d.ts.map +0 -1
  816. package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.js +0 -172
  817. package/node_modules/@isaacs/cliui/dist/esm/wrap-ansi/index.js.map +0 -1
  818. package/node_modules/@isaacs/cliui/package.json +0 -163
  819. package/node_modules/content-disposition/HISTORY.md +0 -60
  820. package/node_modules/cross-spawn/LICENSE +0 -21
  821. package/node_modules/cross-spawn/README.md +0 -89
  822. package/node_modules/cross-spawn/index.js +0 -39
  823. package/node_modules/cross-spawn/lib/enoent.js +0 -59
  824. package/node_modules/cross-spawn/lib/parse.js +0 -91
  825. package/node_modules/cross-spawn/lib/util/escape.js +0 -47
  826. package/node_modules/cross-spawn/lib/util/readShebang.js +0 -23
  827. package/node_modules/cross-spawn/lib/util/resolveCommand.js +0 -52
  828. package/node_modules/cross-spawn/package.json +0 -73
  829. package/node_modules/foreground-child/LICENSE +0 -15
  830. package/node_modules/foreground-child/README.md +0 -128
  831. package/node_modules/foreground-child/dist/commonjs/all-signals.d.ts +0 -2
  832. package/node_modules/foreground-child/dist/commonjs/all-signals.d.ts.map +0 -1
  833. package/node_modules/foreground-child/dist/commonjs/all-signals.js +0 -58
  834. package/node_modules/foreground-child/dist/commonjs/all-signals.js.map +0 -1
  835. package/node_modules/foreground-child/dist/commonjs/index.d.ts +0 -58
  836. package/node_modules/foreground-child/dist/commonjs/index.d.ts.map +0 -1
  837. package/node_modules/foreground-child/dist/commonjs/index.js +0 -123
  838. package/node_modules/foreground-child/dist/commonjs/index.js.map +0 -1
  839. package/node_modules/foreground-child/dist/commonjs/package.json +0 -3
  840. package/node_modules/foreground-child/dist/commonjs/proxy-signals.d.ts +0 -6
  841. package/node_modules/foreground-child/dist/commonjs/proxy-signals.d.ts.map +0 -1
  842. package/node_modules/foreground-child/dist/commonjs/proxy-signals.js +0 -38
  843. package/node_modules/foreground-child/dist/commonjs/proxy-signals.js.map +0 -1
  844. package/node_modules/foreground-child/dist/commonjs/watchdog.d.ts +0 -10
  845. package/node_modules/foreground-child/dist/commonjs/watchdog.d.ts.map +0 -1
  846. package/node_modules/foreground-child/dist/commonjs/watchdog.js +0 -50
  847. package/node_modules/foreground-child/dist/commonjs/watchdog.js.map +0 -1
  848. package/node_modules/foreground-child/dist/esm/all-signals.d.ts +0 -2
  849. package/node_modules/foreground-child/dist/esm/all-signals.d.ts.map +0 -1
  850. package/node_modules/foreground-child/dist/esm/all-signals.js +0 -52
  851. package/node_modules/foreground-child/dist/esm/all-signals.js.map +0 -1
  852. package/node_modules/foreground-child/dist/esm/index.d.ts +0 -58
  853. package/node_modules/foreground-child/dist/esm/index.d.ts.map +0 -1
  854. package/node_modules/foreground-child/dist/esm/index.js +0 -115
  855. package/node_modules/foreground-child/dist/esm/index.js.map +0 -1
  856. package/node_modules/foreground-child/dist/esm/package.json +0 -3
  857. package/node_modules/foreground-child/dist/esm/proxy-signals.d.ts +0 -6
  858. package/node_modules/foreground-child/dist/esm/proxy-signals.d.ts.map +0 -1
  859. package/node_modules/foreground-child/dist/esm/proxy-signals.js +0 -34
  860. package/node_modules/foreground-child/dist/esm/proxy-signals.js.map +0 -1
  861. package/node_modules/foreground-child/dist/esm/watchdog.d.ts +0 -10
  862. package/node_modules/foreground-child/dist/esm/watchdog.d.ts.map +0 -1
  863. package/node_modules/foreground-child/dist/esm/watchdog.js +0 -46
  864. package/node_modules/foreground-child/dist/esm/watchdog.js.map +0 -1
  865. package/node_modules/foreground-child/package.json +0 -106
  866. package/node_modules/glob/dist/esm/bin.d.mts +0 -3
  867. package/node_modules/glob/dist/esm/bin.d.mts.map +0 -1
  868. package/node_modules/glob/dist/esm/bin.mjs +0 -346
  869. package/node_modules/glob/dist/esm/bin.mjs.map +0 -1
  870. package/node_modules/isexe/.npmignore +0 -2
  871. package/node_modules/isexe/LICENSE +0 -15
  872. package/node_modules/isexe/README.md +0 -51
  873. package/node_modules/isexe/index.js +0 -57
  874. package/node_modules/isexe/mode.js +0 -41
  875. package/node_modules/isexe/package.json +0 -31
  876. package/node_modules/isexe/test/basic.js +0 -221
  877. package/node_modules/isexe/windows.js +0 -42
  878. package/node_modules/jackspeak/LICENSE.md +0 -55
  879. package/node_modules/jackspeak/README.md +0 -394
  880. package/node_modules/jackspeak/dist/commonjs/index.d.ts +0 -323
  881. package/node_modules/jackspeak/dist/commonjs/index.d.ts.map +0 -1
  882. package/node_modules/jackspeak/dist/commonjs/index.js +0 -944
  883. package/node_modules/jackspeak/dist/commonjs/index.js.map +0 -1
  884. package/node_modules/jackspeak/dist/commonjs/index.min.js +0 -33
  885. package/node_modules/jackspeak/dist/commonjs/index.min.js.map +0 -7
  886. package/node_modules/jackspeak/dist/commonjs/package.json +0 -3
  887. package/node_modules/jackspeak/dist/esm/index.d.ts +0 -323
  888. package/node_modules/jackspeak/dist/esm/index.d.ts.map +0 -1
  889. package/node_modules/jackspeak/dist/esm/index.js +0 -936
  890. package/node_modules/jackspeak/dist/esm/index.js.map +0 -1
  891. package/node_modules/jackspeak/dist/esm/index.min.js +0 -33
  892. package/node_modules/jackspeak/dist/esm/index.min.js.map +0 -7
  893. package/node_modules/jackspeak/dist/esm/package.json +0 -3
  894. package/node_modules/jackspeak/package.json +0 -115
  895. package/node_modules/jishushell-panel/output/public/assets/ApiKeyField-D1i7zWXR.js +0 -1
  896. package/node_modules/jishushell-panel/output/public/assets/Dashboard-sWIvL43F.js +0 -1
  897. package/node_modules/jishushell-panel/output/public/assets/HermesChatPanel-DQ8RyvQY.js +0 -1
  898. package/node_modules/jishushell-panel/output/public/assets/HermesConfigForm-tIbPP1sB.js +0 -4
  899. package/node_modules/jishushell-panel/output/public/assets/InitPassword-C3Slq3Dd.js +0 -1
  900. package/node_modules/jishushell-panel/output/public/assets/InstanceDetail-7JqY9tq4.js +0 -92
  901. package/node_modules/jishushell-panel/output/public/assets/Login-BXLDJlQN.js +0 -1
  902. package/node_modules/jishushell-panel/output/public/assets/NewInstance-dLc5Xrpx.js +0 -1
  903. package/node_modules/jishushell-panel/output/public/assets/ProviderRecommendations-DIAXxesl.js +0 -1
  904. package/node_modules/jishushell-panel/output/public/assets/Settings-Bd5utbBh.js +0 -1
  905. package/node_modules/jishushell-panel/output/public/assets/Setup-Yn9_20FL.js +0 -1
  906. package/node_modules/jishushell-panel/output/public/assets/WeixinLoginPanel-C21doQTJ.js +0 -9
  907. package/node_modules/jishushell-panel/output/public/assets/index-CCkaIEjn.js +0 -20
  908. package/node_modules/jishushell-panel/output/public/assets/index-D7qxy-Vh.css +0 -1
  909. package/node_modules/jishushell-panel/output/public/assets/registry-B2ZQZXWL.js +0 -2
  910. package/node_modules/jishushell-panel/output/public/assets/usePolling-BFZm4do_.js +0 -1
  911. package/node_modules/jishushell-panel/output/public/assets/vendor-i18n-DqPtOicc.js +0 -9
  912. package/node_modules/jishushell-panel/output/public/assets/vendor-react-DW5juQin.js +0 -59
  913. package/node_modules/package-json-from-dist/LICENSE.md +0 -63
  914. package/node_modules/package-json-from-dist/README.md +0 -110
  915. package/node_modules/package-json-from-dist/dist/commonjs/index.d.ts +0 -89
  916. package/node_modules/package-json-from-dist/dist/commonjs/index.d.ts.map +0 -1
  917. package/node_modules/package-json-from-dist/dist/commonjs/index.js +0 -134
  918. package/node_modules/package-json-from-dist/dist/commonjs/index.js.map +0 -1
  919. package/node_modules/package-json-from-dist/dist/commonjs/package.json +0 -3
  920. package/node_modules/package-json-from-dist/dist/esm/index.d.ts +0 -89
  921. package/node_modules/package-json-from-dist/dist/esm/index.d.ts.map +0 -1
  922. package/node_modules/package-json-from-dist/dist/esm/index.js +0 -129
  923. package/node_modules/package-json-from-dist/dist/esm/index.js.map +0 -1
  924. package/node_modules/package-json-from-dist/dist/esm/package.json +0 -3
  925. package/node_modules/package-json-from-dist/package.json +0 -68
  926. package/node_modules/path-key/index.d.ts +0 -40
  927. package/node_modules/path-key/index.js +0 -16
  928. package/node_modules/path-key/license +0 -9
  929. package/node_modules/path-key/package.json +0 -39
  930. package/node_modules/path-key/readme.md +0 -61
  931. package/node_modules/safe-buffer/LICENSE +0 -21
  932. package/node_modules/safe-buffer/README.md +0 -584
  933. package/node_modules/safe-buffer/index.d.ts +0 -187
  934. package/node_modules/safe-buffer/index.js +0 -65
  935. package/node_modules/safe-buffer/package.json +0 -51
  936. package/node_modules/shebang-command/index.js +0 -19
  937. package/node_modules/shebang-command/license +0 -9
  938. package/node_modules/shebang-command/package.json +0 -34
  939. package/node_modules/shebang-command/readme.md +0 -34
  940. package/node_modules/shebang-regex/index.d.ts +0 -22
  941. package/node_modules/shebang-regex/index.js +0 -2
  942. package/node_modules/shebang-regex/license +0 -9
  943. package/node_modules/shebang-regex/package.json +0 -35
  944. package/node_modules/shebang-regex/readme.md +0 -33
  945. package/node_modules/signal-exit/LICENSE.txt +0 -16
  946. package/node_modules/signal-exit/README.md +0 -74
  947. package/node_modules/signal-exit/dist/cjs/browser.d.ts +0 -12
  948. package/node_modules/signal-exit/dist/cjs/browser.d.ts.map +0 -1
  949. package/node_modules/signal-exit/dist/cjs/browser.js +0 -10
  950. package/node_modules/signal-exit/dist/cjs/browser.js.map +0 -1
  951. package/node_modules/signal-exit/dist/cjs/index.d.ts +0 -48
  952. package/node_modules/signal-exit/dist/cjs/index.d.ts.map +0 -1
  953. package/node_modules/signal-exit/dist/cjs/index.js +0 -279
  954. package/node_modules/signal-exit/dist/cjs/index.js.map +0 -1
  955. package/node_modules/signal-exit/dist/cjs/package.json +0 -3
  956. package/node_modules/signal-exit/dist/cjs/signals.d.ts +0 -29
  957. package/node_modules/signal-exit/dist/cjs/signals.d.ts.map +0 -1
  958. package/node_modules/signal-exit/dist/cjs/signals.js +0 -42
  959. package/node_modules/signal-exit/dist/cjs/signals.js.map +0 -1
  960. package/node_modules/signal-exit/dist/mjs/browser.d.ts +0 -12
  961. package/node_modules/signal-exit/dist/mjs/browser.d.ts.map +0 -1
  962. package/node_modules/signal-exit/dist/mjs/browser.js +0 -4
  963. package/node_modules/signal-exit/dist/mjs/browser.js.map +0 -1
  964. package/node_modules/signal-exit/dist/mjs/index.d.ts +0 -48
  965. package/node_modules/signal-exit/dist/mjs/index.d.ts.map +0 -1
  966. package/node_modules/signal-exit/dist/mjs/index.js +0 -275
  967. package/node_modules/signal-exit/dist/mjs/index.js.map +0 -1
  968. package/node_modules/signal-exit/dist/mjs/package.json +0 -3
  969. package/node_modules/signal-exit/dist/mjs/signals.d.ts +0 -29
  970. package/node_modules/signal-exit/dist/mjs/signals.d.ts.map +0 -1
  971. package/node_modules/signal-exit/dist/mjs/signals.js +0 -39
  972. package/node_modules/signal-exit/dist/mjs/signals.js.map +0 -1
  973. package/node_modules/signal-exit/package.json +0 -106
  974. package/node_modules/which/CHANGELOG.md +0 -166
  975. package/node_modules/which/LICENSE +0 -15
  976. package/node_modules/which/README.md +0 -54
  977. package/node_modules/which/bin/node-which +0 -52
  978. package/node_modules/which/package.json +0 -43
  979. package/node_modules/which/which.js +0 -125
  980. package/scripts/check-adapter-isolation.ts +0 -293
  981. /package/dist/services/{app → app-common}/app-compiler.d.ts +0 -0
  982. /package/dist/services/{app → app-common}/terminal-session-manager.d.ts +0 -0
  983. /package/dist/services/{backup-verify.d.ts → backup/backup-verify.d.ts} +0 -0
  984. /package/dist/services/{external-mounts.d.ts → files/external-mounts.d.ts} +0 -0
  985. /package/dist/services/{organize → files/organize}/applier.d.ts +0 -0
  986. /package/dist/services/{organize → files/organize}/rules.d.ts +0 -0
  987. /package/dist/services/{organize → files/organize}/scanner.d.ts +0 -0
  988. /package/dist/services/{organize → files/organize}/store.d.ts +0 -0
  989. /package/dist/services/{webdav → files/webdav}/xml-builder.d.ts +0 -0
  990. /package/dist/services/{webdav → files/webdav}/xml-builder.js +0 -0
  991. /package/dist/services/{app-passwords.d.ts → instances/passwords.d.ts} +0 -0
  992. /package/dist/services/{agent-apps → integrations/installable}/installers/registry-probe.d.ts +0 -0
  993. /package/dist/services/{agent-apps → integrations/installable}/installers/registry-probe.js +0 -0
  994. /package/dist/services/{runtime/mcp-shims → integrations/openclaw}/drive-shim.d.ts +0 -0
  995. /package/dist/services/{runtime/mcp-shims → integrations/openclaw}/mcporter-lite.d.ts +0 -0
  996. /package/dist/services/{plugin-installer.d.ts → setup/plugin-installer.d.ts} +0 -0
  997. /package/dist/services/{macos-launchd.d.ts → system/macos-launchd.d.ts} +0 -0
  998. /package/dist/services/{system-monitor.d.ts → system/system-monitor.d.ts} +0 -0
@@ -1,3958 +0,0 @@
1
- /**
2
- * Nomad-based service manager — kind-agnostic scheduler layer.
3
- *
4
- * §32.2 / §32.8: this file contains ZERO knowledge of specific agent kinds.
5
- * Runtime-specific task assembly (`buildNomadTask`), pre-start patches
6
- * (`hooks.onBeforeStart`), and capability profiles live inside
7
- * `src/services/runtime/adapters/<agentType>.ts`. Framework dispatch is:
8
- *
9
- * const agentType = resolveAgentType(getInstance(id));
10
- * const adapter = getAdapter(agentType);
11
- * await adapter.hooks?.onBeforeStart?.({ instanceId });
12
- * const task = await adapter.buildNomadTask(instanceId);
13
- */
14
- import { execFile as execFileCb, spawn } from "child_process";
15
- import { existsSync, readFileSync } from "fs";
16
- import { createServer as netCreateServer } from "net";
17
- import { homedir, userInfo } from "os";
18
- import { basename, join } from "path";
19
- import { StringDecoder } from "string_decoder";
20
- import { promisify } from "util";
21
- import { parse } from "yaml";
22
- import * as config from "../config.js";
23
- import { extractGatewayPort, getGatewayPort, getInstance, getInstanceRuntime, instanceMetaPath, getRuntimeEnv, isPortInUse, reallocateGatewayPort, } from "./instance-manager.js";
24
- import { getAdapter, resolveAgentType } from "./runtime/index.js";
25
- import { resolveNomadJobId } from "./runtime/job-id.js";
26
- import { resolveRuntimeIdentity } from "./runtime-identity.js";
27
- function getConfigValue(name) {
28
- return name in config ? config[name] : undefined;
29
- }
30
- function resolveConfigPath(value, fallback) {
31
- return typeof value === "string" && value.trim() ? value : fallback;
32
- }
33
- const JISHUSHELL_HOME = resolveConfigPath(getConfigValue("JISHUSHELL_HOME"), join(process.env.HOME ?? homedir(), ".jishushell"));
34
- const APPS_DIR = resolveConfigPath(getConfigValue("APPS_DIR"), join(JISHUSHELL_HOME, "apps"));
35
- const _INSTANCES_DIR = resolveConfigPath(getConfigValue("INSTANCES_DIR"), join(JISHUSHELL_HOME, "instances"));
36
- const getNomadAddrValue = getConfigValue("getNomadAddr");
37
- const getNomadDriverValue = getConfigValue("getNomadDriver");
38
- const getNomadTokenValue = getConfigValue("getNomadToken");
39
- const getCoreConfigValue = getConfigValue("getCoreConfig");
40
- const getNomadAddr = typeof getNomadAddrValue === "function"
41
- ? getNomadAddrValue
42
- : () => "http://127.0.0.1:4646";
43
- const getNomadDriver = typeof getNomadDriverValue === "function"
44
- ? getNomadDriverValue
45
- : () => "docker";
46
- const getNomadToken = typeof getNomadTokenValue === "function"
47
- ? getNomadTokenValue
48
- : () => "";
49
- const getCoreConfig = typeof getCoreConfigValue === "function"
50
- ? getCoreConfigValue
51
- : () => ({});
52
- // Docker image names must match this pattern to prevent command injection.
53
- export const DOCKER_IMAGE_RE = /^[a-zA-Z0-9][a-zA-Z0-9\-_.:/@]*$/;
54
- /**
55
- * Linux username validation regex. Shared by adapter Nomad task builders
56
- * (OpenClaw / Hermes) and re-exported here as a neutral framework constant
57
- * so security-regression tests can assert on it without depending on a
58
- * specific adapter file.
59
- *
60
- * Strict form: lowercase letters/digits/dot/dash/underscore only, 1..32 chars.
61
- * Rejects uppercase, shell metacharacters, paths, and empty strings.
62
- */
63
- export const VALID_USER_RE = /^[a-z0-9._-]{1,32}$/;
64
- // Maximum allowed length for a Docker image reference.
65
- export const MAX_DOCKER_IMAGE_NAME_LEN = 256;
66
- /**
67
- * Nomad job name prefix. Dispatched via `adapter.nomadJobPrefix` so
68
- * every runtime owns its own namespace (`hermes-<id>`, `openclaw-<id>`,
69
- * …). New agent runtimes should declare their own prefix on the
70
- * adapter rather than re-using another kind's. Falls back to the
71
- * framework-generic `jishushell-` only when the adapter lookup fails —
72
- * that branch shouldn't fire for a registered agent type.
73
- */
74
- function jobPrefixFor(instanceId) {
75
- try {
76
- const agentType = getInstanceAgentType(instanceId);
77
- const adapter = getAdapter(agentType);
78
- return adapter.nomadJobPrefix ?? "jishushell-";
79
- }
80
- catch {
81
- return "jishushell-";
82
- }
83
- }
84
- /**
85
- * Per-instance Nomad Variable subpath. Returned without the leading
86
- * `nomad/jobs/<jid>/` prefix. `undefined` means this adapter does not
87
- * use Nomad Variables — writeInstanceVariables/purgeInstanceVariables
88
- * become no-ops.
89
- */
90
- function adapterVariableSubpath(instanceId) {
91
- try {
92
- const agentType = getInstanceAgentType(instanceId);
93
- const adapter = getAdapter(agentType);
94
- return adapter.nomadVariablePath;
95
- }
96
- catch {
97
- return undefined;
98
- }
99
- }
100
- /**
101
- * Resolve the Nomad task name for the given instance. Reads
102
- * `adapter.nomadTaskName` so framework code never hardcodes "gateway".
103
- * Falls back to "gateway" for backwards compat when the adapter leaves it
104
- * unset or the lookup fails.
105
- */
106
- function resolveTaskName(instanceId) {
107
- try {
108
- const agentType = getInstanceAgentType(instanceId);
109
- return getAdapter(agentType).nomadTaskName ?? "gateway";
110
- }
111
- catch {
112
- return "gateway";
113
- }
114
- }
115
- function getLegacyManagedAppType(instanceId) {
116
- const identity = resolveRuntimeIdentity(instanceId);
117
- if (identity?.installMode === "app-dir")
118
- return null;
119
- const meta = getInstance(instanceId);
120
- const appType = typeof meta?.app_type === "string" ? meta.app_type.trim() : "";
121
- return appType === "custom" || appType === "ollama" ? appType : null;
122
- }
123
- async function getLegacyAppManager(instanceId) {
124
- const appType = getLegacyManagedAppType(instanceId);
125
- if (!appType)
126
- return null;
127
- const { getAppManager } = await import("./app/registry.js");
128
- return getAppManager(appType);
129
- }
130
- async function getInstanceBackedInstalledApp(instanceId) {
131
- const { getApp } = await import("./app/app-manager.js");
132
- const appData = getApp(instanceId);
133
- if (!appData || appData.manifest.install_mode !== "instance-dir")
134
- return null;
135
- return appData;
136
- }
137
- async function getAppDirInstalledApp(instanceId) {
138
- const { getApp } = await import("./app/app-manager.js");
139
- const appData = getApp(instanceId);
140
- if (!appData || appData.manifest.install_mode !== "app-dir")
141
- return null;
142
- return appData;
143
- }
144
- async function getAdapterManagedAppDirInstalledApp(instanceId) {
145
- const appData = await getAppDirInstalledApp(instanceId);
146
- if (!appData)
147
- return null;
148
- const identity = resolveRuntimeIdentity(instanceId);
149
- return identity?.driver === "runtime-adapter" ? appData : null;
150
- }
151
- // Tracks the core server's listening port so bridge-mode containers can reach it via host.docker.internal.
152
- let _corePort = 8091;
153
- export function setCorePort(port) { _corePort = port; }
154
- // §32.2 / §32.8: patchJsproxyBaseUrl / patchDockerBridgeGatewayBind /
155
- // ensureOpenclawUpdateSeed previously lived here (~140 lines). They are now
156
- // owned by `src/services/runtime/adapters/openclaw.ts` and invoked via
157
- // `adapter.hooks.onBeforeStart({ instanceId })` in startInstance below.
158
- export const VALID_LOG_TYPES = new Set(["stdout", "stderr"]);
159
- async function inspectDockerLogPath(command, args) {
160
- try {
161
- const { stdout } = await execFileAsync(command, args, { timeout: 5_000 });
162
- const logPath = stdout.trim();
163
- return logPath || null;
164
- }
165
- catch {
166
- return null;
167
- }
168
- }
169
- async function resolveDockerLogPath(containerName) {
170
- const direct = await inspectDockerLogPath("docker", [
171
- "inspect",
172
- "--format",
173
- "{{.LogPath}}",
174
- containerName,
175
- ]);
176
- if (direct)
177
- return direct;
178
- return inspectDockerLogPath("sudo", [
179
- "-n",
180
- "docker",
181
- "inspect",
182
- "--format",
183
- "{{.LogPath}}",
184
- containerName,
185
- ]);
186
- }
187
- async function readDockerLogText(logPath, lines) {
188
- try {
189
- return readFileSync(logPath, "utf-8");
190
- }
191
- catch {
192
- try {
193
- const tailLines = String(Math.max(lines * 50, 2_000));
194
- const { stdout } = await execFileAsync("sudo", ["-n", "tail", "-n", tailLines, logPath], {
195
- timeout: 5_000,
196
- });
197
- return stdout;
198
- }
199
- catch {
200
- return "";
201
- }
202
- }
203
- }
204
- async function readDockerCliLogs(containerName, lines) {
205
- const commands = [
206
- { command: "docker", args: ["logs", "--tail", String(lines), containerName] },
207
- { command: "sudo", args: ["-n", "docker", "logs", "--tail", String(lines), containerName] },
208
- ];
209
- for (const candidate of commands) {
210
- try {
211
- const { stdout, stderr } = await execFileAsync(candidate.command, candidate.args, { timeout: 10_000 });
212
- const combined = `${stdout}${stderr}`.trim();
213
- if (combined)
214
- return combined.split("\n").slice(-lines);
215
- }
216
- catch {
217
- continue;
218
- }
219
- }
220
- return [];
221
- }
222
- async function readDockerStreamLogs(containerName, lines = 200, logType = "stderr") {
223
- if (!VALID_LOG_TYPES.has(logType))
224
- logType = "stderr";
225
- const logPath = await resolveDockerLogPath(containerName);
226
- if (!logPath)
227
- return readDockerCliLogs(containerName, lines);
228
- const rawText = await readDockerLogText(logPath, lines);
229
- if (!rawText)
230
- return readDockerCliLogs(containerName, lines);
231
- const collected = [];
232
- const entries = rawText.split("\n");
233
- for (let index = entries.length - 1; index >= 0 && collected.length < lines; index--) {
234
- const line = entries[index]?.trim();
235
- if (!line)
236
- continue;
237
- try {
238
- const parsed = JSON.parse(line);
239
- if (parsed.stream !== logType)
240
- continue;
241
- const message = typeof parsed.log === "string"
242
- ? parsed.log.replace(/\n$/, "")
243
- : "";
244
- if (message)
245
- collected.push(message);
246
- }
247
- catch {
248
- continue;
249
- }
250
- }
251
- const streamLines = collected.reverse();
252
- if (streamLines.length > 0)
253
- return streamLines;
254
- return readDockerCliLogs(containerName, lines);
255
- }
256
- function nomadAuthHeaders() {
257
- const token = getNomadToken();
258
- return token ? { "X-Nomad-Token": token } : {};
259
- }
260
- // §32.2 / §32.8: scheduler-level defaults and resource ceilings. Runtime
261
- // command / args / env / resources now live inside each adapter's
262
- // `buildNomadTask` — nomad-manager never looks at them directly.
263
- function jobId(instanceId) {
264
- return resolveNomadJobId(instanceId, jobPrefixFor(instanceId));
265
- }
266
- /** Exported only for unit tests — not part of the public API. */
267
- export function __jobIdForTests(instanceId) {
268
- return jobId(instanceId);
269
- }
270
- // Nomad Template metacharacters that must not appear in values interpolated
271
- // into EmbeddedTmpl. Defense-in-depth: instanceId is already validated by the
272
- // route layer, but this guard makes the template-building code self-contained.
273
- export const NOMAD_TEMPLATE_UNSAFE_RE = /[{}"\\]/;
274
- function assertSafeTemplateId(id) {
275
- if (NOMAD_TEMPLATE_UNSAFE_RE.test(id)) {
276
- throw new Error(`Job ID "${id}" contains characters unsafe for Nomad Template interpolation`);
277
- }
278
- }
279
- async function nomadGet(path) {
280
- const resp = await fetch(`${getNomadAddr()}${path}`, {
281
- headers: nomadAuthHeaders(),
282
- signal: AbortSignal.timeout(10000),
283
- });
284
- if (!resp.ok && resp.status !== 404)
285
- throw new Error(`Nomad ${path}: ${resp.status}`);
286
- return resp;
287
- }
288
- async function nomadPost(path, body) {
289
- return fetch(`${getNomadAddr()}${path}`, {
290
- method: "POST",
291
- headers: { "Content-Type": "application/json", ...nomadAuthHeaders() },
292
- body: JSON.stringify(body),
293
- signal: AbortSignal.timeout(10000),
294
- });
295
- }
296
- async function nomadDelete(path) {
297
- return fetch(`${getNomadAddr()}${path}`, {
298
- method: "DELETE",
299
- headers: nomadAuthHeaders(),
300
- signal: AbortSignal.timeout(10000),
301
- });
302
- }
303
- async function nomadPut(path, body) {
304
- return fetch(`${getNomadAddr()}${path}`, {
305
- method: "PUT",
306
- headers: { "Content-Type": "application/json", ...nomadAuthHeaders() },
307
- body: JSON.stringify(body),
308
- signal: AbortSignal.timeout(10000),
309
- });
310
- }
311
- // ── Nomad Variables (secrets) ──
312
- export async function writeInstanceVariables(instanceId) {
313
- const jid = jobId(instanceId);
314
- // (short-term mitigation): variable path follows Nomad's workload-identity
315
- // convention. Each job's workload identity has implicit read/write access only
316
- // to variables under its own nomad/jobs/<job-id>/ prefix, providing per-job
317
- // secret isolation within the shared "default" namespace. Per-instance Nomad
318
- // namespaces remain a planned future improvement.
319
- const ns = "default";
320
- const subpath = adapterVariableSubpath(instanceId);
321
- if (!subpath)
322
- return;
323
- const varPath = `nomad/jobs/${jid}/${subpath}`;
324
- const encodedPath = encodeURIComponent(varPath);
325
- // Read proxy token from env file
326
- const env = getRuntimeEnv(instanceId);
327
- const proxyToken = env.JSPROXY_API_KEY || "";
328
- // Nothing to store when proxy token is unconfigured.
329
- if (!proxyToken)
330
- return;
331
- const items = { JSPROXY_API_KEY: proxyToken };
332
- // retry with exponential back-off on CAS conflicts (409) so concurrent
333
- // startInstance calls do not silently discard the latest token. Throw after
334
- // MAX_ATTEMPTS so the caller can surface the error instead of continuing with
335
- // a missing proxy token.
336
- const MAX_ATTEMPTS = 3;
337
- for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
338
- // Re-read ModifyIndex on every attempt to always CAS against the latest version.
339
- let cas = 0;
340
- try {
341
- const existing = await nomadGet(`/v1/var/${encodedPath}?namespace=${ns}`);
342
- if (existing.ok) {
343
- const data = await existing.json();
344
- cas = data.ModifyIndex || 0;
345
- }
346
- }
347
- catch { /* variable may not exist yet — cas=0 creates a new one */ }
348
- const resp = await nomadPut(`/v1/var/${encodedPath}?cas=${cas}&namespace=${ns}`, {
349
- Namespace: ns,
350
- Path: varPath,
351
- Items: items,
352
- });
353
- if (resp.ok)
354
- return;
355
- const text = await resp.text();
356
- // 409 Conflict = CAS mismatch; another writer won the race — retry.
357
- if (resp.status === 409 && attempt < MAX_ATTEMPTS - 1) {
358
- await new Promise(r => setTimeout(r, 100 * Math.pow(2, attempt)));
359
- continue;
360
- }
361
- throw new Error(`Failed to write Nomad Variables for ${instanceId}` +
362
- ` (attempt ${attempt + 1}/${MAX_ATTEMPTS}): HTTP ${resp.status} ${text}`);
363
- }
364
- }
365
- export async function purgeInstanceVariables(instanceId) {
366
- const jid = jobId(instanceId);
367
- const subpath = adapterVariableSubpath(instanceId);
368
- if (!subpath)
369
- return;
370
- const varPath = `nomad/jobs/${jid}/${subpath}`;
371
- const encodedPath = encodeURIComponent(varPath);
372
- try {
373
- // Match writeInstanceVariables symmetry: always pin the namespace on
374
- // every Variables API call so the delete cannot drift into a different
375
- // namespace if Nomad's default-namespace behaviour changes between
376
- // minor versions. Without this, a schema tweak in a future 1.6.x point
377
- // release could leave a stale secret behind after purge=true.
378
- const resp = await nomadDelete(`/v1/var/${encodedPath}?namespace=default`);
379
- if (!resp.ok && resp.status !== 404) {
380
- console.warn(`[nomad] Failed to purge variables for ${instanceId}: HTTP ${resp.status}`);
381
- }
382
- }
383
- catch (e) {
384
- console.warn(`[nomad] Failed to purge variables for ${instanceId}: ${e.message}`);
385
- }
386
- }
387
- /**
388
- * Resolve the numeric uid:gid for a given username by reading /etc/passwd.
389
- * Falls back to process.getuid!():process.getgid!() when the lookup fails.
390
- * Still used here by the kind-agnostic `exec()` helper below (for docker
391
- * exec user resolution); adapters carry their own copies for task build.
392
- */
393
- function resolveUidGid(username) {
394
- try {
395
- const passwd = readFileSync("/etc/passwd", "utf-8");
396
- const line = passwd.split("\n").find(l => l.startsWith(username + ":"));
397
- if (line) {
398
- const parts = line.split(":");
399
- const uid = parseInt(parts[2], 10);
400
- const gid = parseInt(parts[3], 10);
401
- if (!isNaN(uid) && !isNaN(gid))
402
- return `${uid}:${gid}`;
403
- }
404
- }
405
- catch { /* ignore */ }
406
- return `${process.getuid()}:${process.getgid()}`;
407
- }
408
- // §32.2 / §32.8:
409
- // The previous ~380 lines of OpenClaw / Hermes task assembly
410
- // (`buildRuntime`, `buildTaskDocker`, `buildHermesTaskDocker`, resource
411
- // normalizer, kind detector) have been physically migrated into
412
- // `src/services/runtime/adapters/{openclaw,hermes}.ts:buildNomadTask()`.
413
- // Framework code here is now a pure dispatcher: it asks the adapter for
414
- // a Nomad task definition and embeds it in the job spec below.
415
- function getInstanceAgentType(instanceId) {
416
- try {
417
- const meta = getInstance(instanceId);
418
- return resolveAgentType(meta);
419
- }
420
- catch {
421
- return "openclaw";
422
- }
423
- }
424
- function wrapNomadJob(jid, groupName, task) {
425
- // Adapters declare port reservations on `task.Resources.Networks` (legacy
426
- // schema). The docker driver's `Config.ports = [<label>]` lookup, however,
427
- // resolves labels against the TaskGroup-level `Networks` block. Move (not
428
- // copy) the network block so the docker driver can find the port and so
429
- // HostNetwork ("external") is honored — without this, ports publish to
430
- // 127.0.0.1 by default. Keeping it on both levels would make Nomad reject
431
- // the job with "port label already in use".
432
- const taskNetworks = Array.isArray(task?.Resources?.Networks)
433
- ? task.Resources.Networks
434
- : [];
435
- const groupNetworks = taskNetworks.length > 0 ? taskNetworks.map((n) => ({ ...n })) : undefined;
436
- if (groupNetworks && task?.Resources && typeof task.Resources === "object") {
437
- delete task.Resources.Networks;
438
- }
439
- return {
440
- Job: {
441
- ID: jid,
442
- Name: jid,
443
- Namespace: "default",
444
- Type: "service",
445
- Datacenters: ["*"],
446
- TaskGroups: [{
447
- Name: groupName,
448
- Count: 1,
449
- ...(groupNetworks ? { Networks: groupNetworks } : {}),
450
- RestartPolicy: {
451
- // 10 attempts × 15s delay = ~2.5min recovery window. Multi-task
452
- // groups (e.g. weknora-app racing paradedb cold-init) commonly
453
- // need 3-5 restarts before the dependency's external port-publish
454
- // settles. Previous 3-attempt cap caused alloc-fail cascades on
455
- // first-boot of stacks with DB sidecars.
456
- Attempts: 10,
457
- Interval: 600000000000,
458
- Delay: 15000000000,
459
- Mode: "fail",
460
- },
461
- Reschedule: {
462
- // Allow Nomad to reschedule the whole alloc up to 3 times if all
463
- // restarts fail (e.g. transient image pull or host reboot).
464
- // Unlimited stays false to keep alloc churn bounded.
465
- Attempts: 3,
466
- Interval: 3600000000000,
467
- Unlimited: false,
468
- },
469
- Update: {
470
- MaxParallel: 1,
471
- HealthCheck: "task_states",
472
- MinHealthyTime: 5000000000,
473
- HealthyDeadline: 60000000000,
474
- AutoRevert: false,
475
- },
476
- Tasks: [task],
477
- }],
478
- },
479
- };
480
- }
481
- async function buildJob(instanceId) {
482
- const jid = jobId(instanceId);
483
- const driver = getNomadDriver();
484
- if (driver !== "docker") {
485
- throw new Error(`Unsupported Nomad driver: ${driver}. Only "docker" is supported.`);
486
- }
487
- const legacyManager = await getLegacyAppManager(instanceId);
488
- if (legacyManager) {
489
- const runtime = legacyManager.buildRuntime(instanceId);
490
- const task = legacyManager.buildNomadTask(instanceId, runtime, jid);
491
- await injectConnectionsRuntimeEnv(instanceId, task);
492
- return wrapNomadJob(jid, legacyManager.nomadTaskGroupName(), task);
493
- }
494
- // Pure adapter dispatch — no more `isHermesInstance()` / kind literals.
495
- const agentType = getInstanceAgentType(instanceId);
496
- const adapter = getAdapter(agentType);
497
- if (!adapter.buildNomadTask) {
498
- throw new Error(`Runtime adapter "${agentType}" does not implement buildNomadTask(); cannot schedule Nomad job`);
499
- }
500
- const task = await adapter.buildNomadTask(instanceId);
501
- await injectConnectionsRuntimeEnv(instanceId, task);
502
- // Task group name mirrors the agentType. Log/status helpers resolve the
503
- // Nomad task name via resolveTaskName(instanceId) → adapter.nomadTaskName.
504
- const groupName = agentType;
505
- return wrapNomadJob(jid, groupName, task);
506
- }
507
- /**
508
- * Re-resolve `instance.connections` against the live capability registry
509
- * and merge the resulting env into the freshly-built Nomad task. Idempotent
510
- * — empty meta.connections short-circuits to a no-op.
511
- *
512
- * Resolving at start time (rather than reading the frozen
513
- * `instance.json["connections-env"]` written by PUT /connections) means
514
- * provider port / address changes in the registry propagate on next
515
- * restart without requiring the user to re-bind. Failures here are
516
- * logged but never block start: a missing required binding still surfaces
517
- * via the Connections UI status badge.
518
- */
519
- async function injectConnectionsRuntimeEnv(instanceId, task) {
520
- try {
521
- const meta = getInstance(instanceId);
522
- const connections = meta?.connections;
523
- if (!meta || !connections || Object.keys(connections).length === 0)
524
- return;
525
- const { loadCapabilitySpecForLegacyInstance } = await import("./runtime/migrations.js");
526
- const spec = loadCapabilitySpecForLegacyInstance(meta);
527
- if (!spec)
528
- return;
529
- const { resolveConnections } = await import("./connection-resolver.js");
530
- const { resolved } = resolveConnections(spec, { connections }, "preCreate");
531
- if (resolved.length === 0)
532
- return;
533
- const { RUNTIME_HOOKS } = await import("./connection-apply.js");
534
- const merged = {};
535
- for (const binding of resolved) {
536
- const hook = RUNTIME_HOOKS[binding.category];
537
- if (!hook)
538
- continue;
539
- Object.assign(merged, await hook(meta, binding));
540
- }
541
- if (Object.keys(merged).length === 0)
542
- return;
543
- task.Env = { ...(task.Env ?? {}), ...merged };
544
- }
545
- catch (e) {
546
- console.warn(`[nomad] connections runtime env merge failed for ${instanceId}: ${e?.message ?? e}`);
547
- }
548
- }
549
- async function getRunningAlloc(instanceId) {
550
- const allocs = await getAllocs(instanceId);
551
- if (!allocs)
552
- return null;
553
- for (const status of ["running", "pending"]) {
554
- for (const alloc of allocs) {
555
- if (alloc.ClientStatus === status)
556
- return alloc;
557
- }
558
- }
559
- return null;
560
- }
561
- async function getAllocs(instanceId) {
562
- const jid = jobId(instanceId);
563
- try {
564
- const resp = await nomadGet(`/v1/job/${jid}/allocations`);
565
- if (resp.status === 404)
566
- return [];
567
- const allocs = await resp.json();
568
- return Array.isArray(allocs) ? allocs : [];
569
- }
570
- catch {
571
- return null;
572
- }
573
- }
574
- function latestAlloc(allocs) {
575
- if (!allocs.length)
576
- return null;
577
- return [...allocs].sort((a, b) => ((b.ModifyIndex ?? b.CreateIndex ?? 0) - (a.ModifyIndex ?? a.CreateIndex ?? 0)))[0] ?? null;
578
- }
579
- // Returns true if the Nomad job exists and was NOT explicitly stopped by the user (Stop=false).
580
- // Used on jishushell startup to auto-restart instances that were running before a reboot.
581
- export async function shouldAutoStart(instanceId) {
582
- const jid = jobId(instanceId);
583
- try {
584
- const resp = await nomadGet(`/v1/job/${jid}`);
585
- // 404 = nomad has no record of this job. Two cases:
586
- // (a) Raft was wiped — e.g. Nomad 1.11.3 → 1.6.5 auto-migration
587
- // (install/jishu-install.sh:_migrate_nomad_to_target). The
588
- // on-disk instance config is still present and MUST be
589
- // resubmitted on the next jishushell startup, otherwise every
590
- // OpenClaw instance silently disappears after the upgrade.
591
- // (b) Brand-new instance created without a default LLM provider, never
592
- // started via /api/instances/.../service/start. Resubmitting it
593
- // here is a safe superset — the Nomad job is idempotent and the
594
- // container starts whether or not a provider is configured; the
595
- // user still needs to configure one to answer chat.
596
- // Returning true on 404 covers (a); (b) is an accepted side effect and
597
- // does not regress any user-facing behaviour.
598
- if (resp.status === 404)
599
- return true;
600
- if (!resp.ok)
601
- return false;
602
- const job = await resp.json();
603
- // Stop=true means user explicitly stopped it; Stop=false means it was running.
604
- // Also skip dead jobs — all allocs failed, resubmitting would fail again.
605
- return job.Stop === false && job.Status !== "dead";
606
- }
607
- catch {
608
- return false;
609
- }
610
- }
611
- export async function getStatus(instanceId) {
612
- const jid = jobId(instanceId);
613
- const stopped = { status: "stopped", pid: null, uptime: null, memory_mb: null, cpu_percent: null };
614
- try {
615
- const resp = await nomadGet(`/v1/job/${jid}`);
616
- if (resp.status === 404)
617
- return stopped;
618
- const job = await resp.json();
619
- if (job.Stop)
620
- return stopped;
621
- }
622
- catch {
623
- return { ...stopped, status: "unknown", error: "Nomad unreachable" };
624
- }
625
- const allocs = await getAllocs(instanceId);
626
- if (allocs == null || allocs.length === 0)
627
- return { ...stopped, status: "pending" };
628
- const alloc = allocs.find((entry) => entry.ClientStatus === "running")
629
- ?? allocs.find((entry) => entry.ClientStatus === "pending")
630
- ?? latestAlloc(allocs);
631
- if (!alloc)
632
- return { ...stopped, status: "pending" };
633
- const allocId = alloc.ID;
634
- const result = {
635
- status: alloc.ClientStatus || "unknown",
636
- alloc_id: allocId,
637
- pid: null,
638
- uptime: null,
639
- memory_mb: null,
640
- cpu_percent: null,
641
- restarts: 0,
642
- };
643
- const gwState = alloc.TaskStates?.[resolveTaskName(instanceId)] || {};
644
- result.restarts = gwState.Restarts || 0;
645
- const startedAt = gwState.StartedAt;
646
- if (startedAt) {
647
- try {
648
- const start = new Date(startedAt);
649
- result.uptime = Math.floor((Date.now() - start.getTime()) / 1000);
650
- }
651
- catch { /* ignore */ }
652
- }
653
- try {
654
- const statsResp = await nomadGet(`/v1/client/allocation/${allocId}/stats`);
655
- if (statsResp.ok) {
656
- const stats = await statsResp.json();
657
- // raw_exec: stats nested under Tasks.<taskName>; docker: top-level ResourceUsage
658
- const tn = resolveTaskName(instanceId);
659
- const taskStats = stats.Tasks?.[tn]?.ResourceUsage || stats.ResourceUsage || {};
660
- const memStats = taskStats.MemoryStats || {};
661
- const cpuStats = taskStats.CpuStats || {};
662
- const memBytes = memStats.RSS || memStats.Usage || 0;
663
- result.memory_mb = Math.round(memBytes / (1024 * 1024) * 10) / 10;
664
- result.cpu_percent = Math.round((cpuStats.Percent || 0) * 10) / 10;
665
- }
666
- }
667
- catch { /* ignore */ }
668
- // Fallback: Nomad cgroup stats are often zero on cgroup v2 (e.g. Raspberry
669
- // Pi / CIX). Read from the shared, cached, single-flight `docker stats`
670
- // snapshot instead of forking one `docker stats` per instance — see
671
- // getDockerMemSnapshot for why per-instance forking was the cold-path cost.
672
- if (!result.memory_mb && allocId && /^[a-f0-9-]+$/i.test(allocId)) {
673
- const containerName = `${resolveTaskName(instanceId)}-${allocId}`;
674
- const stat = (await getDockerMemSnapshot()).get(containerName);
675
- if (stat) {
676
- if (stat.memory_mb)
677
- result.memory_mb = stat.memory_mb;
678
- if (!result.cpu_percent && stat.cpu_percent)
679
- result.cpu_percent = stat.cpu_percent;
680
- }
681
- }
682
- return result;
683
- }
684
- /** Phase 1: reject if the instance's Nomad job is already running. */
685
- async function phaseRunningCheck(instanceId) {
686
- const status = await getStatus(instanceId);
687
- if (status.status === "running") {
688
- return { ok: false, error: "Instance is already running", code: "INSTANCE_ALREADY_RUNNING" };
689
- }
690
- return { ok: true };
691
- }
692
- async function phaseResetTerminalJobBeforeStart(instanceId) {
693
- const status = await getStatus(instanceId);
694
- if (!["failed", "dead", "complete"].includes(String(status.status)))
695
- return;
696
- try {
697
- const resp = await nomadDelete(`/v1/job/${jobId(instanceId)}?purge=false`);
698
- if (!resp.ok && resp.status !== 404) {
699
- console.warn(`[nomad] ${instanceId}: failed to stop terminal job before start (HTTP ${resp.status}): ${await resp.text()}`);
700
- }
701
- }
702
- catch (e) {
703
- console.warn(`[nomad] ${instanceId}: failed to stop terminal job before start: ${e?.message ?? e}`);
704
- }
705
- }
706
- /**
707
- * Phase 2: home-conflict check — dispatched through the adapter so
708
- * framework code carries no agentType-specific knowledge. Adapters that
709
- * do not share an agent-home directory across instances (e.g. Hermes,
710
- * each instance owns its own bind-mount) leave the hook unset and this
711
- * phase is a no-op.
712
- */
713
- async function phaseHomeConflict(_instanceId, sharedHomeIds) {
714
- const homeConflicts = [];
715
- for (const otherId of sharedHomeIds) {
716
- const otherStatus = await getStatus(otherId);
717
- if (otherStatus.status === "running")
718
- homeConflicts.push(otherId);
719
- }
720
- if (homeConflicts.length) {
721
- return {
722
- ok: false,
723
- error: `This instance shares its agent-home directory with running instance(s): ` +
724
- `${homeConflicts.join(", ")}. Move it to its own instance directory before starting it.`,
725
- };
726
- }
727
- return { ok: true };
728
- }
729
- /**
730
- * Phase 3: host port probe + self-heal. Returns the allocation record so
731
- * the caller can surface it in the API response, or null if the desired
732
- * port was already free.
733
- */
734
- async function phasePortAlloc(instanceId) {
735
- const desiredPort = getGatewayPort(instanceId);
736
- if (!(await isPortInUse(desiredPort)))
737
- return { ok: true, portAllocation: null };
738
- try {
739
- const re = await reallocateGatewayPort(instanceId);
740
- return { ok: true, portAllocation: { from: re.from, to: re.to, reason: "host_port_busy" } };
741
- }
742
- catch (e) {
743
- return {
744
- ok: false,
745
- error: `Gateway port ${desiredPort} is held by another process and reallocation failed: ${e?.message ?? e}`,
746
- };
747
- }
748
- }
749
- /**
750
- * Phase 4: adapter pre-start hook — kind-specific setup (config patches,
751
- * image validation, secret seeding, legacy process cleanup). A thrown
752
- * error with `.building` / `.taskId` signals an async background build;
753
- * we surface it to the caller so the UI can poll the task.
754
- */
755
- async function phasePreStartHook(adapter, instanceId) {
756
- if (!adapter.hooks?.onBeforeStart)
757
- return { ok: true };
758
- try {
759
- await adapter.hooks.onBeforeStart({ instanceId });
760
- return { ok: true };
761
- }
762
- catch (e) {
763
- if (e && typeof e === "object" && e.building && e.taskId) {
764
- return {
765
- ok: false,
766
- error: e.message,
767
- building: true,
768
- taskId: e.taskId,
769
- ...(typeof e.code === "string" ? { code: e.code } : {}),
770
- ...(typeof e.statusCode === "number" ? { statusCode: e.statusCode } : {}),
771
- };
772
- }
773
- return {
774
- ok: false,
775
- error: e?.message || String(e),
776
- ...(typeof e?.code === "string" ? { code: e.code } : {}),
777
- ...(typeof e?.statusCode === "number" ? { statusCode: e.statusCode } : {}),
778
- };
779
- }
780
- }
781
- /**
782
- * §17 / PR 9 — re-render adapter-managed connection config from the
783
- * current capability registry before each instance start.
784
- *
785
- * Without this hook, env values (like `SEARCH_API_BASE_URL` =
786
- * `http://<host>:<port>/search`) are frozen into the adapter's config
787
- * files at PUT /connections time. When the host IP changes (DHCP
788
- * renewal, pi reboot picking up a new lease, network move) or a
789
- * provider gets re-deployed at a different host:port, the consumer
790
- * keeps trying the stale address and search/llm/etc. silently fail.
791
- *
792
- * What this does on every start:
793
- * 1. Read connections from instance.json
794
- * 2. Re-resolve them in `runtime` mode (tolerant: ambiguous/missing
795
- * becomes empty resolved instead of throwing — start should still
796
- * proceed even if one binding can't be re-rendered)
797
- * 3. Collect env via the same persist hooks PUT /connections uses
798
- * 4. Call adapter.applyConnectionEnv with the fresh env so the
799
- * adapter rewrites its config files (mcp_servers / openclaw.json /
800
- * etc.) with the current address
801
- *
802
- * Failures here are logged but never block start: a stale config is
803
- * better than no start. If something is genuinely wrong with the
804
- * registry, the user will see a connection error in the UI on next
805
- * use — at which point they can re-bind manually.
806
- */
807
- async function phaseRefreshConnections(adapter, instanceId) {
808
- if (!adapter.applyConnectionEnv)
809
- return;
810
- try {
811
- const meta = getInstance(instanceId);
812
- if (!meta)
813
- return;
814
- const { getApp, refreshCapabilityRegistry } = await import("./app/app-manager.js");
815
- const { loadCapabilitySpecForLegacyInstance } = await import("./runtime/migrations.js");
816
- const appData = getApp(instanceId);
817
- const spec = appData?.spec ?? loadCapabilitySpecForLegacyInstance(meta);
818
- if (!spec)
819
- return;
820
- await refreshCapabilityRegistry();
821
- const { renderRuntimeConnectionsEnv } = await import("./connection-apply.js");
822
- const env = await renderRuntimeConnectionsEnv(spec, {
823
- id: instanceId,
824
- connections: meta.connections,
825
- });
826
- if (Object.keys(env).length === 0)
827
- return;
828
- await adapter.applyConnectionEnv(instanceId, env);
829
- }
830
- catch (e) {
831
- console.warn(`[nomad] connections refresh failed for ${instanceId}: ${e?.message ?? e}`);
832
- }
833
- }
834
- /**
835
- * Phase 5: submit to Nomad with a single retry on port race. Between our
836
- * earlier host probe and Docker's actual bind another process could have
837
- * grabbed the port; on submit failure we re-probe, reallocate once if
838
- * busy, and retry. Otherwise we surface the original submit error.
839
- */
840
- async function phaseSubmit(instanceId, initialAllocation) {
841
- let portAllocation = initialAllocation;
842
- for (let attempt = 0; attempt < 2; attempt++) {
843
- const jobDef = await buildJob(instanceId);
844
- let submitError = null;
845
- let netErr = false;
846
- try {
847
- const resp = await nomadPost("/v1/jobs", jobDef);
848
- if (resp.ok) {
849
- const data = await resp.json();
850
- return { ok: true, evalId: data.EvalID, portAllocation };
851
- }
852
- submitError = await resp.text();
853
- }
854
- catch (e) {
855
- netErr = e?.message === "fetch failed" || e?.cause?.code === "ECONNREFUSED";
856
- submitError = netErr ? `Nomad 服务不可达 (${getNomadAddr()}),请先启动 Nomad` : e.message;
857
- }
858
- if (attempt === 0 && !netErr && (await isPortInUse(getGatewayPort(instanceId)))) {
859
- try {
860
- const re = await reallocateGatewayPort(instanceId);
861
- portAllocation = { from: re.from, to: re.to, reason: "docker_race" };
862
- console.log(`[nomad] ${instanceId}: retrying after docker port race (${re.from} -> ${re.to})`);
863
- continue;
864
- }
865
- catch { /* fall through to error return */ }
866
- }
867
- return { ok: false, error: submitError ?? "unknown error" };
868
- }
869
- return { ok: false, error: "start retry exhausted" };
870
- }
871
- /**
872
- * §32.2 / §32.8: pure adapter dispatch. Framework owns five generic
873
- * responsibilities delegated to `phase*` helpers above; every kind-
874
- * specific concern lives in `adapter.hooks.onBeforeStart()`.
875
- *
876
- * Phase ordering:
877
- * running_check → home_conflict → pre_start_hook → port_alloc → submit
878
- *
879
- * `pre_start_hook` intentionally runs BEFORE `port_alloc` so deterministic
880
- * errors (missing config, missing image, variables-write failure) surface
881
- * ahead of port-reallocation noise. A port reallocation failure after a
882
- * successful hook means the environment is genuinely contended; a hook
883
- * failure after a reallocation would waste the allocation and bury the
884
- * real cause under an incidental port change.
885
- *
886
- * Error returns carry a `phase` tag so callers and logs can distinguish
887
- * *where* the failure happened. The shape stays backward-compatible: old
888
- * callers that only read `ok`/`error` continue to work.
889
- */
890
- export async function startInstance(instanceId) {
891
- const identity = resolveRuntimeIdentity(instanceId);
892
- if (identity?.driver === "app-job" || identity?.driver === "local-model") {
893
- const { startApp } = await import("./app/app-manager.js");
894
- return startApp(instanceId);
895
- }
896
- const failed = (phase, rest) => {
897
- console.log(`[nomad] ${instanceId}: startInstance failed at phase=${phase}: ${rest.error ?? ""}`);
898
- return { ok: false, phase, ...rest };
899
- };
900
- const running = await phaseRunningCheck(instanceId);
901
- if (!running.ok) {
902
- const extra = { error: running.error };
903
- if (running.code)
904
- extra.code = running.code;
905
- return failed("running_check", extra);
906
- }
907
- await phaseResetTerminalJobBeforeStart(instanceId);
908
- const legacyManager = await getLegacyAppManager(instanceId);
909
- if (legacyManager) {
910
- const prep = await legacyManager.prepareStart(instanceId);
911
- if (!prep.ok) {
912
- const extra = { error: prep.error ?? "prepareStart failed" };
913
- if (prep.code)
914
- extra.code = prep.code;
915
- if (typeof prep.statusCode === "number")
916
- extra.statusCode = prep.statusCode;
917
- if (prep.building)
918
- extra.building = true;
919
- if (prep.taskId)
920
- extra.taskId = prep.taskId;
921
- return failed("pre_start_hook", extra);
922
- }
923
- }
924
- else {
925
- const agentType = getInstanceAgentType(instanceId);
926
- const adapter = getAdapter(agentType);
927
- const home = await phaseHomeConflict(instanceId, adapter.findInstancesSharingHome?.(instanceId) ?? []);
928
- if (!home.ok)
929
- return failed("home_conflict", { error: home.error });
930
- // PR 9 — refresh adapter-managed connection config from current
931
- // capability registry before adapter pre-start. Best-effort: never
932
- // blocks start (any failure is logged and we proceed with the
933
- // existing on-disk config). See phaseRefreshConnections doc.
934
- await phaseRefreshConnections(adapter, instanceId);
935
- const hook = await phasePreStartHook(adapter, instanceId);
936
- if (!hook.ok) {
937
- const extra = { error: hook.error };
938
- if (hook.code)
939
- extra.code = hook.code;
940
- if (typeof hook.statusCode === "number")
941
- extra.statusCode = hook.statusCode;
942
- if (hook.building)
943
- extra.building = true;
944
- if (hook.taskId)
945
- extra.taskId = hook.taskId;
946
- return failed("pre_start_hook", extra);
947
- }
948
- }
949
- const port = await phasePortAlloc(instanceId);
950
- if (!port.ok)
951
- return failed("port_alloc", { error: port.error });
952
- const submit = await phaseSubmit(instanceId, port.portAllocation);
953
- if (!submit.ok)
954
- return failed("submit", { error: submit.error });
955
- await syncCapabilitiesForInstance(instanceId);
956
- return {
957
- ok: true,
958
- eval_id: submit.evalId,
959
- ...(submit.portAllocation ? { port_allocation: submit.portAllocation } : {}),
960
- };
961
- }
962
- async function syncCapabilitiesForInstance(instanceId) {
963
- try {
964
- const { syncCapabilitiesForApp } = await import("./app/app-manager.js");
965
- await syncCapabilitiesForApp(instanceId);
966
- }
967
- catch (e) {
968
- console.warn(`[capability-sync] sync failed for ${instanceId}: ${e?.message ?? e}`);
969
- }
970
- }
971
- export async function stopInstance(instanceId, purge = false) {
972
- const jid = jobId(instanceId);
973
- try {
974
- const resp = await nomadDelete(`/v1/job/${jid}?purge=${purge}`);
975
- if (resp.ok) {
976
- if (purge) {
977
- try {
978
- await purgeInstanceVariables(instanceId);
979
- }
980
- catch { /* ignore */ }
981
- }
982
- await syncCapabilitiesForInstance(instanceId);
983
- return { ok: true };
984
- }
985
- if (resp.status === 404) {
986
- await syncCapabilitiesForInstance(instanceId);
987
- return { ok: false, error: "Instance is not running" };
988
- }
989
- return { ok: false, error: await resp.text() };
990
- }
991
- catch (e) {
992
- const isNetErr = e?.message === "fetch failed" || e?.cause?.code === "ECONNREFUSED";
993
- return { ok: false, error: isNetErr ? `Nomad 服务不可达 (${getNomadAddr()}),请先启动 Nomad` : e.message };
994
- }
995
- }
996
- export async function restartInstance(instanceId) {
997
- const stopResult = await stopInstance(instanceId);
998
- if (!stopResult.ok && !stopResult.error?.includes("not running") && !stopResult.error?.includes("not found")) {
999
- return stopResult;
1000
- }
1001
- await new Promise((r) => setTimeout(r, 2000));
1002
- return startInstance(instanceId);
1003
- }
1004
- export async function getLogs(instanceId, lines = 200, logType = "stderr") {
1005
- // Defense-in-depth: only allow known log types to prevent path/query injection
1006
- if (!VALID_LOG_TYPES.has(logType))
1007
- logType = "stderr";
1008
- let alloc = await getRunningAlloc(instanceId);
1009
- if (!alloc) {
1010
- const jid = jobId(instanceId);
1011
- try {
1012
- const resp = await nomadGet(`/v1/job/${jid}/allocations`);
1013
- if (resp.ok) {
1014
- const allocs = await resp.json();
1015
- if (allocs.length) {
1016
- alloc = allocs.sort((a, b) => (b.CreateIndex || 0) - (a.CreateIndex || 0))[0];
1017
- }
1018
- }
1019
- }
1020
- catch { /* ignore */ }
1021
- }
1022
- if (!alloc)
1023
- return [];
1024
- const preferredTask = resolveTaskName(instanceId);
1025
- const resolvedTask = alloc.TaskStates?.[preferredTask]
1026
- ? preferredTask
1027
- : alloc.TaskStates?.gateway
1028
- ? "gateway"
1029
- : (Object.keys(alloc.TaskStates ?? {})[0] ?? preferredTask);
1030
- // Primary: Nomad log API
1031
- try {
1032
- const params = new URLSearchParams({
1033
- task: resolvedTask,
1034
- type: logType,
1035
- plain: "true",
1036
- origin: "end",
1037
- offset: String(Math.max(lines * 512, 100000)),
1038
- follow: "false",
1039
- });
1040
- const resp = await nomadGet(`/v1/client/fs/logs/${alloc.ID}?${params}`);
1041
- if (resp.ok) {
1042
- const text = await resp.text();
1043
- const trimmed = text.trim();
1044
- if (trimmed)
1045
- return trimmed.split("\n").slice(-lines);
1046
- }
1047
- }
1048
- catch { /* ignore */ }
1049
- // Fallback: read Docker's json-file log directly so stdout/stderr can still
1050
- // be separated when Nomad log collection is disabled.
1051
- const dockerLogLines = await readDockerStreamLogs(`${resolvedTask}-${alloc.ID}`, lines, logType);
1052
- if (dockerLogLines.length > 0)
1053
- return dockerLogLines;
1054
- return [];
1055
- }
1056
- const execFileAsync = promisify(execFileCb);
1057
- const DOCKER_STATS_TTL_MS = 30_000;
1058
- /** Field separator for the batched `docker stats --format` line. Exported so
1059
- * tests can construct mock output without hardcoding the literal. */
1060
- export const DOCKER_STATS_FIELD_SEP = "__JS__";
1061
- let _dockerStatsEntry = null;
1062
- let _dockerStatsInFlight = null;
1063
- /** Test-only: reset the shared docker-stats snapshot so each test starts from
1064
- * a cold cache (the 30s TTL + single-flight would otherwise leak one test's
1065
- * mocked snapshot into the next). Not used by production code paths. */
1066
- export function __resetDockerStatsCacheForTests() {
1067
- _dockerStatsEntry = null;
1068
- _dockerStatsInFlight = null;
1069
- }
1070
- function parseDockerMemUsageMb(memUsage) {
1071
- // Format: "499.6MiB / 3GiB" — the used side is everything before "/".
1072
- const used = (memUsage.split("/")[0] ?? "").trim();
1073
- const match = used.match(/^([\d.]+)\s*(MiB|GiB|MB|GB|KiB|KB|B)?/i);
1074
- if (!match)
1075
- return 0;
1076
- let mb = parseFloat(match[1]);
1077
- if (!Number.isFinite(mb))
1078
- return 0;
1079
- const unit = (match[2] ?? "MiB").toLowerCase();
1080
- if (unit === "gib" || unit === "gb")
1081
- mb *= 1024;
1082
- else if (unit === "kib" || unit === "kb")
1083
- mb /= 1024;
1084
- else if (unit === "b")
1085
- mb /= 1024 * 1024;
1086
- return Math.round(mb * 10) / 10;
1087
- }
1088
- async function loadDockerStatsSnapshot() {
1089
- const snapshot = new Map();
1090
- try {
1091
- const fmt = `{{.Name}}${DOCKER_STATS_FIELD_SEP}{{.MemUsage}}${DOCKER_STATS_FIELD_SEP}{{.CPUPerc}}`;
1092
- const { stdout } = await execFileAsync("docker", ["stats", "--no-stream", "--format", fmt], { timeout: 8_000 });
1093
- for (const line of stdout.split("\n")) {
1094
- const trimmed = line.trim();
1095
- if (!trimmed)
1096
- continue;
1097
- const [name, memUsage, cpuPerc] = trimmed.split(DOCKER_STATS_FIELD_SEP);
1098
- if (!name)
1099
- continue;
1100
- snapshot.set(name, {
1101
- memory_mb: parseDockerMemUsageMb(memUsage ?? ""),
1102
- cpu_percent: Math.round((parseFloat(cpuPerc ?? "") || 0) * 10) / 10,
1103
- });
1104
- }
1105
- }
1106
- catch {
1107
- /* docker missing / timeout / daemon down → empty map, caller degrades */
1108
- }
1109
- return snapshot;
1110
- }
1111
- /**
1112
- * Returns a per-container stats map, refreshing at most once per
1113
- * DOCKER_STATS_TTL_MS. Concurrent callers (the `Promise.all` over every
1114
- * instance in `GET /api/instances`) share a single in-flight docker call.
1115
- */
1116
- async function getDockerMemSnapshot() {
1117
- const now = Date.now();
1118
- if (_dockerStatsEntry && now - _dockerStatsEntry.ts < DOCKER_STATS_TTL_MS) {
1119
- return _dockerStatsEntry.data;
1120
- }
1121
- if (_dockerStatsInFlight)
1122
- return _dockerStatsInFlight;
1123
- _dockerStatsInFlight = loadDockerStatsSnapshot()
1124
- .then((data) => {
1125
- _dockerStatsEntry = { data, ts: Date.now() };
1126
- return data;
1127
- })
1128
- .finally(() => {
1129
- _dockerStatsInFlight = null;
1130
- });
1131
- return _dockerStatsInFlight;
1132
- }
1133
- export async function exec(instanceId, command, timeoutMs = 120_000) {
1134
- const alloc = await getRunningAlloc(instanceId);
1135
- if (!alloc || alloc.ClientStatus !== "running") {
1136
- throw new Error("Instance is not running");
1137
- }
1138
- const allocId = alloc.ID;
1139
- if (!/^[a-f0-9-]+$/i.test(allocId))
1140
- throw new Error("invalid allocId");
1141
- const containerName = `gateway-${allocId}`;
1142
- // Use the same user as the container's main process (runtime.user uid:gid)
1143
- const runtime = getInstanceRuntime(instanceId);
1144
- const userFlag = resolveUidGid(runtime.user);
1145
- try {
1146
- const { stdout, stderr } = await execFileAsync("docker", ["exec", "--user", userFlag, containerName, ...command], { timeout: timeoutMs });
1147
- return { stdout, stderr, exitCode: 0 };
1148
- }
1149
- catch (e) {
1150
- return {
1151
- stdout: e.stdout || "",
1152
- stderr: e.stderr || e.message,
1153
- exitCode: e.code ?? 1,
1154
- };
1155
- }
1156
- }
1157
- // ── Compatibility constants for app-type managers (src/services/app/) ───────
1158
- // The cli branch kept these in-file; HEAD shrunk nomad-manager.ts to a
1159
- // framework-generic layer, so the app-type managers would otherwise lose
1160
- // their imports. Keep them here as the single source of truth and re-export
1161
- // via the block below.
1162
- export const DEFAULT_PIDS_LIMIT = 512;
1163
- export const DEFAULT_ARGS = ["gateway", "run", "--port", "18789", "--allow-unconfigured"];
1164
- export const DEFAULT_USER = userInfo().username;
1165
- export const DEFAULT_CWD = homedir();
1166
- export const DEFAULT_ENV = {
1167
- HOME: homedir(),
1168
- TMPDIR: "/tmp",
1169
- PATH: `${homedir()}/.local/bin:${homedir()}/.npm-global/bin:${homedir()}/bin:${homedir()}/.volta/bin:`
1170
- + `${homedir()}/.asdf/shims:${homedir()}/.bun/bin:${homedir()}/.nvm/current/bin:${homedir()}/.fnm/current/bin:`
1171
- + `${homedir()}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin`,
1172
- };
1173
- export const DEFAULT_RESOURCES = { CPU: 500, MemoryMB: 512 };
1174
- export const MAX_CPU_MHZ = 4000; // 4 GHz per task
1175
- /** @deprecated Use {@link getMaxAppMemoryMB} from config.ts for the live ceiling. */
1176
- export const MAX_MEMORY_MB = 4096; // 4 GB fallback — overridden by core.json max_app_memory_mb
1177
- /** @deprecated Use {@link getMaxAppMemoryMB} from config.ts for the live ceiling. */
1178
- export const MAX_MEMORY_MAX_MB = 4096; // 4 GB fallback — overridden by core.json max_app_memory_mb
1179
- /**
1180
- * Clamp container memory reservation/limit to the framework ceilings and
1181
- * ensure `MemoryMaxMB >= MemoryMB`. Shared by every container-runtime app
1182
- * manager (openclaw / custom / ollama / hermes) so they apply the same
1183
- * guard-rails before handing a task spec to Nomad.
1184
- */
1185
- export function normalizeDockerResources(instanceId, runtime) {
1186
- const ceiling = config.getMaxAppMemoryMB();
1187
- const requestedMemoryMB = Number(runtime.resources?.MemoryMB ?? DEFAULT_RESOURCES.MemoryMB);
1188
- let effectiveMemoryMB = Math.min(requestedMemoryMB, ceiling);
1189
- let effectiveMemoryMaxMB = Math.min(Number(runtime.resources?.MemoryMaxMB ?? requestedMemoryMB), ceiling);
1190
- if (effectiveMemoryMaxMB < effectiveMemoryMB) {
1191
- console.warn(`[nomad] ${instanceId}: MemoryMaxMB (${effectiveMemoryMaxMB}) is below MemoryMB (${effectiveMemoryMB}); clamping max to reservation.`);
1192
- effectiveMemoryMaxMB = effectiveMemoryMB;
1193
- }
1194
- return {
1195
- ...(runtime.resources ?? {}),
1196
- MemoryMB: effectiveMemoryMB,
1197
- MemoryMaxMB: effectiveMemoryMaxMB,
1198
- };
1199
- }
1200
- // ── Compatibility re-exports for app-type managers ─────────────────────────
1201
- // `jobId`/`resolveUidGid`/`nomadGet`/`nomadPut`/`assertSafeTemplateId` are
1202
- // internal helpers defined elsewhere in this file; re-exporting them keeps
1203
- // cli-branch imports (`../nomad-manager.js`) working.
1204
- export { jobId, resolveUidGid, nomadGet, nomadPut, assertSafeTemplateId, };
1205
- const instanceScheduler = {
1206
- getStatus,
1207
- startInstance,
1208
- stopInstance,
1209
- restartInstance,
1210
- getLogs,
1211
- exec,
1212
- };
1213
- var UnifiedNomadJobs;
1214
- (function (UnifiedNomadJobs) {
1215
- // ── Constants ─────────────────────────────────────────────────────────────
1216
- const OPENCLAW_PREFIX = "openclaw-";
1217
- // Docker image names must match this pattern to prevent command injection.
1218
- UnifiedNomadJobs.DOCKER_IMAGE_RE = /^[a-zA-Z0-9][a-zA-Z0-9\-_.:/@]*$/;
1219
- UnifiedNomadJobs.MAX_DOCKER_IMAGE_NAME_LEN = 256;
1220
- UnifiedNomadJobs.VALID_LOG_TYPES = new Set(["stdout", "stderr"]);
1221
- // Nomad Template metacharacters that must not appear in values interpolated
1222
- // into EmbeddedTmpl strings.
1223
- UnifiedNomadJobs.NOMAD_TEMPLATE_UNSAFE_RE = /[{}"\\]/;
1224
- const DEFAULT_CPU_MHZ = 500;
1225
- const DEFAULT_MEMORY_MB = 512;
1226
- // Hard upper bounds: prevents misconfigured specs from exhausting scheduler resources.
1227
- const MAX_CPU_MHZ = 4000; // 4 GHz
1228
- // Memory ceilings read from core.json at runtime via config.getMaxAppMemoryMB().
1229
- const DEFAULT_PIDS_LIMIT = 512;
1230
- const NOMAD_CONFIG_PATH = join(JISHUSHELL_HOME, "nomad", "nomad.hcl");
1231
- const _DEFAULT_CWD = homedir();
1232
- function appDirForId(appId) {
1233
- return join(APPS_DIR, appId);
1234
- }
1235
- function isAppJob(id) {
1236
- const identity = resolveRuntimeIdentity(id);
1237
- if (identity)
1238
- return identity.driver === "app-job";
1239
- const dir = appDirForId(id);
1240
- if (existsSync(join(dir, "manifest.json")) || existsSync(join(dir, "app-spec.yaml"))) {
1241
- return true;
1242
- }
1243
- if (id.startsWith(OPENCLAW_PREFIX))
1244
- return false;
1245
- return false;
1246
- }
1247
- UnifiedNomadJobs.isAppJob = isAppJob;
1248
- function resolveAppDir(appId) {
1249
- const dir = appDirForId(appId);
1250
- if (existsSync(join(dir, "manifest.json")) || existsSync(join(dir, "app-spec.yaml"))) {
1251
- return dir;
1252
- }
1253
- return null;
1254
- }
1255
- // ── Job ID ────────────────────────────────────────────────────────────────
1256
- function jobId(appId) {
1257
- return appId;
1258
- }
1259
- function assertSafeTemplateId(id) {
1260
- if (UnifiedNomadJobs.NOMAD_TEMPLATE_UNSAFE_RE.test(id)) {
1261
- throw new Error(`Job ID "${id}" contains characters unsafe for Nomad Template interpolation`);
1262
- }
1263
- }
1264
- // ── Nomad HTTP helpers ────────────────────────────────────────────────────
1265
- function nomadAuthHeaders() {
1266
- const token = getNomadToken();
1267
- return token ? { "X-Nomad-Token": token } : {};
1268
- }
1269
- async function nomadGet(path) {
1270
- const resp = await fetch(`${getNomadAddr()}${path}`, {
1271
- headers: nomadAuthHeaders(),
1272
- signal: AbortSignal.timeout(10_000),
1273
- });
1274
- if (!resp.ok && resp.status !== 404) {
1275
- throw new Error(`Nomad GET ${path}: HTTP ${resp.status}`);
1276
- }
1277
- return resp;
1278
- }
1279
- async function nomadPost(path, body) {
1280
- return fetch(`${getNomadAddr()}${path}`, {
1281
- method: "POST",
1282
- headers: { "Content-Type": "application/json", ...nomadAuthHeaders() },
1283
- body: JSON.stringify(body),
1284
- signal: AbortSignal.timeout(10_000),
1285
- });
1286
- }
1287
- async function nomadPut(path, body) {
1288
- return fetch(`${getNomadAddr()}${path}`, {
1289
- method: "PUT",
1290
- headers: { "Content-Type": "application/json", ...nomadAuthHeaders() },
1291
- body: JSON.stringify(body),
1292
- signal: AbortSignal.timeout(10_000),
1293
- });
1294
- }
1295
- async function nomadDelete(path) {
1296
- return fetch(`${getNomadAddr()}${path}`, {
1297
- method: "DELETE",
1298
- headers: nomadAuthHeaders(),
1299
- signal: AbortSignal.timeout(10_000),
1300
- });
1301
- }
1302
- async function listNomadNodes() {
1303
- try {
1304
- const resp = await nomadGet("/v1/nodes");
1305
- if (!resp.ok)
1306
- return [];
1307
- const nodes = await resp.json();
1308
- return Array.isArray(nodes) ? nodes : [];
1309
- }
1310
- catch {
1311
- return [];
1312
- }
1313
- }
1314
- function isSchedulableNode(node) {
1315
- return (node.Status ?? "ready") === "ready"
1316
- && (node.SchedulingEligibility ?? "eligible") === "eligible";
1317
- }
1318
- function rawExecDriverHealthy(node) {
1319
- const driver = node.Drivers?.raw_exec;
1320
- return driver?.Detected === true && driver?.Healthy === true;
1321
- }
1322
- function rawExecRestartHint() {
1323
- if (process.platform === "linux")
1324
- return "sudo systemctl restart nomad";
1325
- if (process.platform === "darwin")
1326
- return "重启 Nomad launchd agent";
1327
- return "重启 Nomad 服务";
1328
- }
1329
- function nomadConfigEnablesRawExec() {
1330
- try {
1331
- const config = readFileSync(NOMAD_CONFIG_PATH, "utf-8");
1332
- return /plugin\s+"raw_exec"\s*\{[\s\S]*?enabled\s*=\s*true\b/.test(config);
1333
- }
1334
- catch {
1335
- return false;
1336
- }
1337
- }
1338
- async function validateRawExecDriverAvailability() {
1339
- const nodes = (await listNomadNodes()).filter(isSchedulableNode);
1340
- if (nodes.length === 0)
1341
- return null;
1342
- if (nodes.some(rawExecDriverHealthy))
1343
- return null;
1344
- const detail = nodes
1345
- .map((node) => {
1346
- const driver = node.Drivers?.raw_exec;
1347
- const name = String(node.Name ?? node.ID ?? "unknown-node");
1348
- const description = String(driver?.HealthDescription
1349
- ?? (driver?.Detected === false ? "disabled" : "unavailable"));
1350
- return `${name}: ${description}`;
1351
- })
1352
- .join("; ");
1353
- if (nomadConfigEnablesRawExec()) {
1354
- return `Nomad client 当前未启用 raw_exec driver(${detail})。磁盘配置已启用 raw_exec,但运行中的 Nomad 仍在使用旧配置;请先执行 ${rawExecRestartHint()} 后重试。`;
1355
- }
1356
- return `Nomad client 当前未启用 raw_exec driver(${detail})。请先在 Nomad 配置中启用 plugin \"raw_exec\" { config { enabled = true } },然后重启 Nomad。`;
1357
- }
1358
- function allocTimestamp(alloc) {
1359
- const raw = alloc.ModifyTime ?? alloc.CreateTime ?? alloc.CreateIndex ?? 0;
1360
- return typeof raw === "number" ? raw : Number(raw) || 0;
1361
- }
1362
- // ── Resource unit parsers ─────────────────────────────────────────────────
1363
- /**
1364
- * Parse a CPU resource string to Nomad MHz integer.
1365
- * "500m" → 500 (millicores treated as MHz for simplicity)
1366
- * "1" → 1000 (1 core → 1000 MHz)
1367
- * "1000" → 1000 (bare integer treated as MHz already)
1368
- *
1369
- * Nomad doesn't have a concept of "cores"; it schedules by MHz.
1370
- * We treat 1 core = 1000 MHz as a reasonable proxy for a Pi-class host.
1371
- */
1372
- function parseCpuMHz(cpu) {
1373
- if (cpu == null)
1374
- return DEFAULT_CPU_MHZ;
1375
- const s = String(cpu).trim();
1376
- if (s.endsWith("m")) {
1377
- // millicores (K8s-style): "500m" → 500 MHz
1378
- const val = parseFloat(s.slice(0, -1));
1379
- return isNaN(val) ? DEFAULT_CPU_MHZ : Math.max(1, Math.min(Math.round(val), MAX_CPU_MHZ));
1380
- }
1381
- const val = parseFloat(s);
1382
- if (isNaN(val))
1383
- return DEFAULT_CPU_MHZ;
1384
- // Bare integer ≤ 16 likely means "cores" (e.g. "1", "2"); convert to MHz.
1385
- // Bare integer > 16 likely already MHz.
1386
- const mhz = val <= 16 ? Math.round(val * 1000) : Math.round(val);
1387
- return Math.max(1, Math.min(mhz, MAX_CPU_MHZ));
1388
- }
1389
- UnifiedNomadJobs.parseCpuMHz = parseCpuMHz;
1390
- /**
1391
- * Parse a memory resource string to Nomad MB integer.
1392
- * "512Mi" or "512MiB" → 512 MB
1393
- * "1Gi" or "1GiB" → 1024 MB
1394
- * "512M" or "512MB" → 512 MB
1395
- * "1G" or "1GB" → 1024 MB
1396
- * "1024" → 1024 MB (bare integer = MB)
1397
- */
1398
- function parseMemoryMB(memory) {
1399
- if (memory == null)
1400
- return DEFAULT_MEMORY_MB;
1401
- const s = String(memory).trim();
1402
- const match = s.match(/^([\d.]+)\s*(gi|gib|g|gb|mi|mib|m|mb|ki|kib|k|kb)?$/i);
1403
- if (!match)
1404
- return DEFAULT_MEMORY_MB;
1405
- const val = parseFloat(match[1]);
1406
- if (isNaN(val))
1407
- return DEFAULT_MEMORY_MB;
1408
- const unit = (match[2] || "").toLowerCase();
1409
- let mb;
1410
- if (unit === "gi" || unit === "gib" || unit === "g" || unit === "gb") {
1411
- mb = Math.round(val * 1024);
1412
- }
1413
- else if (unit === "ki" || unit === "kib" || unit === "k" || unit === "kb") {
1414
- mb = Math.round(val / 1024);
1415
- }
1416
- else {
1417
- // "mi"/"mib"/"m"/"mb" or bare integer
1418
- mb = Math.round(val);
1419
- }
1420
- return Math.max(1, Math.min(mb, config.getMaxAppMemoryMB()));
1421
- }
1422
- UnifiedNomadJobs.parseMemoryMB = parseMemoryMB;
1423
- // ── Interval parser ───────────────────────────────────────────────────────
1424
- function parseIntervalNs(s, defaultNs) {
1425
- if (!s)
1426
- return defaultNs;
1427
- if (s.endsWith("ms"))
1428
- return parseInt(s, 10) * 1_000_000;
1429
- if (s.endsWith("s"))
1430
- return parseInt(s, 10) * 1_000_000_000;
1431
- if (s.endsWith("m"))
1432
- return parseInt(s, 10) * 60_000_000_000;
1433
- return parseInt(s, 10) * 1_000_000_000;
1434
- }
1435
- function portLabel(taskName, portName) {
1436
- const sanitize = (value) => value.replace(/[^a-zA-Z0-9_-]/g, "-");
1437
- return `${sanitize(taskName)}-${sanitize(portName)}`;
1438
- }
1439
- function nomadConfigDeclaresHostNetwork(name) {
1440
- if (!existsSync(NOMAD_CONFIG_PATH))
1441
- return false;
1442
- try {
1443
- const config = readFileSync(NOMAD_CONFIG_PATH, "utf-8");
1444
- const escaped = name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
1445
- return new RegExp(`host_network\\s+"${escaped}"\\s*\\{`).test(config);
1446
- }
1447
- catch {
1448
- return false;
1449
- }
1450
- }
1451
- function requiredHostNetworkForPort(port) {
1452
- if ((port.visibility ?? "external") === "internal")
1453
- return null;
1454
- const requested = (port.host_network ?? "").trim();
1455
- return requested || "external";
1456
- }
1457
- function hostNetworkForPort(port) {
1458
- if ((port.visibility ?? "external") === "internal")
1459
- return undefined;
1460
- // Honor explicit host_network from spec (e.g. weknora's ports declare
1461
- // `host_network: docker_bridge` so peer tasks reach the published port
1462
- // via host.docker.internal). Verify the named network is actually
1463
- // declared in nomad.hcl — otherwise validation rejects the start before
1464
- // job submission. Falls back to "external" only when no explicit
1465
- // host_network was requested.
1466
- const requested = (port.host_network ?? "").trim();
1467
- if (requested)
1468
- return nomadConfigDeclaresHostNetwork(requested) ? requested : undefined;
1469
- return nomadConfigDeclaresHostNetwork("external") ? "external" : undefined;
1470
- }
1471
- function requiredHostNetworksForPorts(ports) {
1472
- const required = new Set();
1473
- for (const port of ports) {
1474
- const network = requiredHostNetworkForPort(port);
1475
- if (network)
1476
- required.add(network);
1477
- }
1478
- return required;
1479
- }
1480
- async function validateNomadPortHostNetworks(ports) {
1481
- const requiredNetworks = requiredHostNetworksForPorts(ports);
1482
- if (requiredNetworks.size === 0)
1483
- return null;
1484
- for (const network of requiredNetworks) {
1485
- if (!nomadConfigDeclaresHostNetwork(network)) {
1486
- return `Nomad 配置缺少 host_network "${network}"。请重新运行/修复 JishuShell 设置并重启 Nomad,再启动该应用。`;
1487
- }
1488
- }
1489
- try {
1490
- const resp = await nomadGet("/v1/agent/self");
1491
- if (!resp.ok)
1492
- return null;
1493
- const self = await resp.json();
1494
- const hostNetworks = Array.isArray(self?.config?.Client?.HostNetworks)
1495
- ? self.config.Client.HostNetworks
1496
- : [];
1497
- const loadedNetworks = new Set(hostNetworks
1498
- .map((network) => String(network?.Name ?? "").trim())
1499
- .filter(Boolean));
1500
- for (const network of requiredNetworks) {
1501
- if (!loadedNetworks.has(network)) {
1502
- return `Nomad 运行中的 agent 尚未加载 host_network "${network}"。请先重启 Nomad,再启动该应用。`;
1503
- }
1504
- }
1505
- }
1506
- catch {
1507
- // Let the later job submission path report Nomad unreachable when needed.
1508
- }
1509
- return null;
1510
- }
1511
- UnifiedNomadJobs.validateNomadPortHostNetworks = validateNomadPortHostNetworks;
1512
- async function validateRequiredHostNetworks(spec) {
1513
- return validateNomadPortHostNetworks(spec.tasks.flatMap((task) => task.ports ?? []));
1514
- }
1515
- function buildNomadReservedPort(input) {
1516
- const hostNetwork = hostNetworkForPort(input);
1517
- return {
1518
- Label: input.label,
1519
- Value: input.value,
1520
- ...(input.to != null ? { To: input.to } : {}),
1521
- ...(hostNetwork ? { HostNetwork: hostNetwork } : {}),
1522
- };
1523
- }
1524
- UnifiedNomadJobs.buildNomadReservedPort = buildNomadReservedPort;
1525
- function reservedPortsForTask(task) {
1526
- // visibility=internal ports are intra-group only (e.g. SearXNG sidecar
1527
- // reachable from the gateway task via 127.0.0.1 inside the bridge
1528
- // network namespace). Reserving them on the host would occupy a host
1529
- // port slot AND, combined with docker publishing below, expose the
1530
- // endpoint externally. Skip them entirely — they stay inside the task
1531
- // group's network namespace.
1532
- // Attach the named host_network for any externally-visible port —
1533
- // including container tasks. Without it, Nomad falls back to
1534
- // HostNetwork="default" (loopback) and the docker driver publishes
1535
- // to 127.0.0.1, breaking cross-container consumers. The earlier
1536
- // restriction to non-container tasks was overcautious: our task
1537
- // groups use host networking (Mode: "") rather than Nomad bridge
1538
- // mode, so attaching host_network is safe.
1539
- return (task.ports ?? [])
1540
- .filter((port) => (port.visibility ?? "external") !== "internal")
1541
- .map((port) => buildNomadReservedPort({
1542
- label: portLabel(task.name, port.name),
1543
- value: port.host_port ?? port.port,
1544
- ...(task.runtime === "container" ? { to: port.container_port ?? port.port } : {}),
1545
- visibility: port.visibility,
1546
- host_network: port.host_network,
1547
- }));
1548
- }
1549
- function isExternalAppTaskPort(port) {
1550
- return (port.visibility ?? "external") !== "internal";
1551
- }
1552
- function readDeclaredHostPort(port) {
1553
- const candidate = port.host_port ?? port.port;
1554
- return Number.isInteger(candidate) && candidate > 0 ? candidate : null;
1555
- }
1556
- function applyPersistedAppSpecPortOverrides(appId, spec) {
1557
- const meta = getInstance(appId);
1558
- if (!meta)
1559
- return spec;
1560
- const runtime = getInstanceRuntime(appId);
1561
- const runtimePorts = Array.isArray(runtime.ports) ? runtime.ports : [];
1562
- const persistedGatewayPort = extractGatewayPort(runtime, resolveAgentType(meta));
1563
- const totalExternalPorts = spec.tasks.reduce((count, task) => count + (task.ports ?? []).filter((port) => isExternalAppTaskPort(port)).length, 0);
1564
- let changed = false;
1565
- const tasks = spec.tasks.map((task) => {
1566
- if (!Array.isArray(task.ports) || task.ports.length === 0)
1567
- return task;
1568
- let taskChanged = false;
1569
- const ports = task.ports.map((port) => {
1570
- if (!isExternalAppTaskPort(port))
1571
- return port;
1572
- const currentHostPort = readDeclaredHostPort(port);
1573
- if (!currentHostPort)
1574
- return port;
1575
- let nextHostPort = null;
1576
- // Scope the runtime-port match to BOTH the owning task AND the port name.
1577
- // Multi-service-task apps (e.g. WeKnora's `app` + `ui`, both with a port
1578
- // named "http") record every external port tagged with its taskName; a
1579
- // name-only match would rewrite the `ui` task's host port to the `app`
1580
- // task's allocation and collide them. Tolerate legacy runtime records
1581
- // that predate the taskName tag by allowing an untagged name match.
1582
- const namedRuntimePort = typeof port.name === "string" && port.name
1583
- ? (runtimePorts.find((candidate) => candidate?.taskName === task.name
1584
- && candidate?.name === port.name
1585
- && Number.isInteger(candidate?.hostPort)
1586
- && candidate.hostPort > 0)
1587
- ?? runtimePorts.find((candidate) => candidate?.taskName === undefined
1588
- && candidate?.name === port.name
1589
- && Number.isInteger(candidate?.hostPort)
1590
- && candidate.hostPort > 0))
1591
- : null;
1592
- if (namedRuntimePort) {
1593
- nextHostPort = namedRuntimePort.hostPort;
1594
- }
1595
- else if (runtimePorts.length === 1
1596
- && totalExternalPorts === 1
1597
- && Number.isInteger(runtimePorts[0]?.hostPort)
1598
- && runtimePorts[0].hostPort > 0) {
1599
- nextHostPort = runtimePorts[0].hostPort;
1600
- }
1601
- else if (totalExternalPorts === 1
1602
- && persistedGatewayPort != null
1603
- && persistedGatewayPort > 0) {
1604
- nextHostPort = persistedGatewayPort;
1605
- }
1606
- if (!nextHostPort || nextHostPort === currentHostPort)
1607
- return port;
1608
- changed = true;
1609
- taskChanged = true;
1610
- return { ...port, host_port: nextHostPort };
1611
- });
1612
- return taskChanged ? { ...task, ports } : task;
1613
- });
1614
- return changed ? { ...spec, tasks } : spec;
1615
- }
1616
- async function maybeReallocateAppSpecHostPort(appId, spec, reason) {
1617
- if (!getInstance(appId))
1618
- return { spec, changed: false };
1619
- const effectiveSpec = applyPersistedAppSpecPortOverrides(appId, spec);
1620
- const currentGatewayPort = getGatewayPort(appId);
1621
- if (!Number.isInteger(currentGatewayPort) || currentGatewayPort <= 0) {
1622
- return { spec: effectiveSpec, changed: false };
1623
- }
1624
- const declaredPorts = effectiveSpec.tasks.flatMap((task) => (task.ports ?? [])
1625
- .filter((port) => isExternalAppTaskPort(port))
1626
- .map((port) => readDeclaredHostPort(port))
1627
- .filter((port) => port != null));
1628
- if (!declaredPorts.includes(currentGatewayPort)) {
1629
- return { spec: effectiveSpec, changed: false };
1630
- }
1631
- if (!(await isPortInUse(currentGatewayPort))) {
1632
- return { spec: effectiveSpec, changed: false };
1633
- }
1634
- try {
1635
- const reallocation = await reallocateGatewayPort(appId);
1636
- console.log(`[nomad] ${appId}: reallocated AppSpec host port ${reallocation.from} -> ${reallocation.to} (${reason})`);
1637
- return {
1638
- spec: applyPersistedAppSpecPortOverrides(appId, spec),
1639
- changed: true,
1640
- };
1641
- }
1642
- catch (e) {
1643
- return {
1644
- spec: effectiveSpec,
1645
- changed: false,
1646
- error: `AppSpec host port ${currentGatewayPort} is held by another process and reallocation failed: ${e?.message ?? e}`,
1647
- };
1648
- }
1649
- }
1650
- // ── Health check → Nomad service check builder ────────────────────────────
1651
- function buildServiceCheck(task, appId) {
1652
- const health = task.health;
1653
- if (!health?.http)
1654
- return null;
1655
- const portEntry = task.ports?.find((p) => p.port === health.http.port
1656
- || p.host_port === health.http.port
1657
- || p.container_port === health.http.port);
1658
- if (!portEntry)
1659
- return null;
1660
- // Internal ports are not reserved on host (see reservedPortsForTask),
1661
- // so a host-mode Nomad service check would reference an unknown port
1662
- // label. Skip the task-level health check; intra-group readiness for
1663
- // sidecars falls through to the `after:` ordering once that lands.
1664
- if ((portEntry.visibility ?? "external") === "internal")
1665
- return null;
1666
- const checkPortLabel = portLabel(task.name, portEntry.name);
1667
- // Task-level checks cannot use address_mode="alloc". raw_exec tasks also do
1668
- // not create an allocation network namespace, so host mode is the valid
1669
- // Nomad-compatible choice here.
1670
- const checkAddressMode = "host";
1671
- const check = {
1672
- Name: `${task.name}-health`,
1673
- Type: "http",
1674
- Path: health.http.path,
1675
- PortLabel: checkPortLabel,
1676
- AddressMode: checkAddressMode,
1677
- Header: {
1678
- "X-Real-IP": ["127.0.0.1"],
1679
- },
1680
- Interval: parseIntervalNs(health.interval, 15_000_000_000),
1681
- Timeout: parseIntervalNs(health.timeout, 5_000_000_000),
1682
- };
1683
- if (health.retries != null || health.start_period) {
1684
- check.CheckRestart = {
1685
- Limit: health.retries ?? 3,
1686
- Grace: health.start_period ? parseIntervalNs(health.start_period, 0) : 0,
1687
- IgnoreWarnings: false,
1688
- };
1689
- }
1690
- return {
1691
- Name: `${appId}-${task.name}`,
1692
- Provider: "nomad",
1693
- PortLabel: checkPortLabel,
1694
- AddressMode: "host",
1695
- Checks: [check],
1696
- };
1697
- }
1698
- // ── Deep merge utility ────────────────────────────────────────────────────
1699
- function deepMerge(target, source) {
1700
- const result = { ...target };
1701
- for (const key of Object.keys(source)) {
1702
- if (source[key] && typeof source[key] === "object" && !Array.isArray(source[key]) &&
1703
- result[key] && typeof result[key] === "object" && !Array.isArray(result[key])) {
1704
- result[key] = deepMerge(result[key], source[key]);
1705
- }
1706
- else {
1707
- result[key] = source[key];
1708
- }
1709
- }
1710
- return result;
1711
- }
1712
- function interpolateEnvRequires(taskEnv, extraEnv) {
1713
- const result = {};
1714
- for (const [k, v] of Object.entries(taskEnv)) {
1715
- result[k] = v.replace(/\$\{requires\.([^}]+)\}/g, (_, key) => extraEnv[key] ?? "");
1716
- }
1717
- return result;
1718
- }
1719
- function materializeAppIdTokens(value, appId) {
1720
- if (typeof value === "string") {
1721
- return value
1722
- .replace(/\$\{app_id\}/g, appId)
1723
- .replace(/\$\{app\.id\}/g, appId);
1724
- }
1725
- if (Array.isArray(value)) {
1726
- return value.map((entry) => materializeAppIdTokens(entry, appId));
1727
- }
1728
- if (value && typeof value === "object") {
1729
- const result = {};
1730
- for (const [key, entry] of Object.entries(value)) {
1731
- result[key] = materializeAppIdTokens(entry, appId);
1732
- }
1733
- return result;
1734
- }
1735
- return value;
1736
- }
1737
- // ── Task lifecycle mapping ────────────────────────────────────────────────
1738
- /**
1739
- * Map AppTask role to a Nomad task lifecycle block.
1740
- * Returns null for the default "service" role (no lifecycle block needed).
1741
- *
1742
- * Nomad lifecycle hooks:
1743
- * prestart - runs before main tasks; sidecar=false means it must complete
1744
- * poststart - runs after main tasks start; sidecar=true means it keeps running
1745
- * poststop - runs after all main tasks stop
1746
- *
1747
- * TODO: AppTask.after[] dependency ordering is not yet mapped.
1748
- */
1749
- function roleToLifecycle(role) {
1750
- switch (role) {
1751
- case "init":
1752
- return { Hook: "prestart", Sidecar: false };
1753
- case "sidecar":
1754
- return { Hook: "prestart", Sidecar: true };
1755
- case "cleanup":
1756
- return { Hook: "poststop", Sidecar: false };
1757
- case "service":
1758
- default:
1759
- return null;
1760
- }
1761
- }
1762
- // ── Process runtime helpers ──────────────────────────────────────────────
1763
- /**
1764
- * Check whether a binary process is already running on the host OS by
1765
- * matching its command path via pgrep -f.
1766
- *
1767
- * Used by startAppJob to skip Nomad submission when the binary is already
1768
- * running (e.g. started outside of Nomad or when raw_exec driver is unavailable).
1769
- */
1770
- async function isBinaryRunning(command) {
1771
- if (!command)
1772
- return false;
1773
- const expanded = command.replace(/^~(?=\/|$)/, homedir());
1774
- // Try full path first, then basename — covers symlinks & macOS App Translocation.
1775
- const patterns = [expanded];
1776
- const base = basename(expanded);
1777
- if (base !== expanded)
1778
- patterns.push(base);
1779
- for (const pattern of patterns) {
1780
- const found = await new Promise((resolve) => {
1781
- execFileCb("pgrep", ["-f", pattern], { timeout: 3_000 }, (_err, stdout) => {
1782
- resolve(stdout.trim().length > 0);
1783
- });
1784
- });
1785
- if (found)
1786
- return true;
1787
- }
1788
- return false;
1789
- }
1790
- UnifiedNomadJobs.isBinaryRunning = isBinaryRunning;
1791
- function tryBindPort(port, host) {
1792
- return new Promise((resolve) => {
1793
- const server = netCreateServer();
1794
- server.once("error", (error) => {
1795
- if (error?.code === "EADDRINUSE") {
1796
- resolve(true);
1797
- return;
1798
- }
1799
- console.warn(`[port-probe] bind ${host}:${port} failed with ${error?.code ?? "unknown"}: ${error?.message}; treating as free`);
1800
- resolve(false);
1801
- });
1802
- server.once("listening", () => {
1803
- server.close(() => resolve(false));
1804
- });
1805
- server.listen(port, host);
1806
- });
1807
- }
1808
- async function isPortInUse(port) {
1809
- if (!Number.isInteger(port) || port < 1 || port > 65535)
1810
- return false;
1811
- // Probe sequentially so the wildcard probe does not race with the loopback
1812
- // probe and falsely trigger EADDRINUSE against our own temporary socket.
1813
- if (await tryBindPort(port, "0.0.0.0"))
1814
- return true;
1815
- return tryBindPort(port, "127.0.0.1");
1816
- }
1817
- function loadInstalledAppSpec(appId) {
1818
- const appDir = resolveAppDir(appId);
1819
- if (!appDir)
1820
- return null;
1821
- try {
1822
- return parse(readFileSync(join(appDir, "app-spec.yaml"), "utf-8"));
1823
- }
1824
- catch {
1825
- return null;
1826
- }
1827
- }
1828
- function externalHealthProbeTimeoutMs(task) {
1829
- return Math.max(1_000, Math.floor(parseIntervalNs(task.health?.timeout, 5_000_000_000) / 1_000_000));
1830
- }
1831
- async function probeExternalTaskHealth(appId, task) {
1832
- const health = task.health?.http;
1833
- if (!health)
1834
- return null;
1835
- const url = `http://127.0.0.1:${health.port}${health.path}`;
1836
- try {
1837
- const resp = await fetch(url, { signal: AbortSignal.timeout(externalHealthProbeTimeoutMs(task)) });
1838
- return {
1839
- name: `${task.name}-health`,
1840
- status: resp.ok ? "success" : "failure",
1841
- service: `${appId}-${task.name}`,
1842
- output: `external probe: HTTP ${resp.status}`,
1843
- };
1844
- }
1845
- catch (e) {
1846
- return {
1847
- name: `${task.name}-health`,
1848
- status: "failure",
1849
- service: `${appId}-${task.name}`,
1850
- output: `external probe: ${e?.message ?? "request failed"}`,
1851
- };
1852
- }
1853
- }
1854
- const EXTERNAL_PROCESS_ADOPT_COMMAND = "/bin/sh";
1855
- const EXTERNAL_PROCESS_ADOPT_ARGS = [
1856
- "-c",
1857
- "echo 'jishushell adopting external service'; trap 'exit 0' TERM INT; while true; do sleep 3600; done",
1858
- ];
1859
- const EXTERNAL_STOP_POLL_INTERVAL_MS = 250;
1860
- const EXTERNAL_STOP_SETTLE_TIMEOUT_MS = 4_000;
1861
- function expandTaskCommand(command) {
1862
- if (!command)
1863
- return null;
1864
- return command.replace(/^~(?=\/|$)/, homedir());
1865
- }
1866
- function commandLineMatchesTask(commandLine, task) {
1867
- const normalized = commandLine.trim();
1868
- const command = expandTaskCommand(task.command);
1869
- if (!command)
1870
- return false;
1871
- const [actualCommand, ...actualArgs] = normalized.split(/\s+/);
1872
- const expectedArgs = (task.args ?? []).map(String);
1873
- const commandMatches = actualCommand === command || actualCommand === basename(command);
1874
- if (!commandMatches)
1875
- return false;
1876
- const actualTail = actualArgs.join(" ").trim();
1877
- const expectedTail = expectedArgs.join(" ").trim();
1878
- if (!expectedTail)
1879
- return true;
1880
- return actualTail === expectedTail || actualTail.startsWith(`${expectedTail} `);
1881
- }
1882
- function parseExecFileError(error) {
1883
- const stderr = typeof error?.stderr === "string" ? error.stderr.trim() : "";
1884
- if (stderr)
1885
- return stderr.split("\n")[0];
1886
- const stdout = typeof error?.stdout === "string" ? error.stdout.trim() : "";
1887
- if (stdout)
1888
- return stdout.split("\n")[0];
1889
- return String(error?.message ?? "command failed").trim();
1890
- }
1891
- async function listExternalTaskProcesses(task) {
1892
- const command = expandTaskCommand(task.command);
1893
- if (!command)
1894
- return [];
1895
- const execFileAsync = promisify(execFileCb);
1896
- try {
1897
- const { stdout } = await execFileAsync("ps", ["-eo", "pid=,user=,args="], { timeout: 5_000 });
1898
- return stdout
1899
- .split("\n")
1900
- .map((line) => line.match(/^\s*(\d+)\s+(\S+)\s+(.*)$/))
1901
- .filter((match) => Boolean(match))
1902
- .map((match) => ({
1903
- pid: Number(match[1]),
1904
- user: match[2] || null,
1905
- commandLine: match[3]?.trim() ?? "",
1906
- }))
1907
- .filter((entry) => entry.pid > 1 && commandLineMatchesTask(entry.commandLine, task));
1908
- }
1909
- catch {
1910
- return [];
1911
- }
1912
- }
1913
- async function listExternalTaskBusyPorts(task) {
1914
- const declaredPorts = (task.ports ?? [])
1915
- .map((port) => port.port)
1916
- .filter((port) => Number.isInteger(port) && port > 0 && port <= 65535);
1917
- const occupiedFlags = await Promise.all(declaredPorts.map((port) => isPortInUse(port)));
1918
- return declaredPorts.filter((_port, index) => occupiedFlags[index]);
1919
- }
1920
- function parseSsPortLine(line) {
1921
- const columns = line.trim().split(/\s+/);
1922
- const local = columns[3] ?? "";
1923
- if (!local)
1924
- return null;
1925
- if (local.startsWith("[")) {
1926
- const end = local.indexOf("]:");
1927
- if (end < 0)
1928
- return null;
1929
- const address = local.slice(1, end);
1930
- const port = Number(local.slice(end + 2));
1931
- return Number.isInteger(port) ? { address, port } : null;
1932
- }
1933
- const idx = local.lastIndexOf(":");
1934
- if (idx < 0)
1935
- return null;
1936
- const address = local.slice(0, idx);
1937
- const port = Number(local.slice(idx + 1));
1938
- return Number.isInteger(port) ? { address, port } : null;
1939
- }
1940
- async function listListeningAddressesForPorts(ports) {
1941
- const wanted = new Set(ports.filter((port) => Number.isInteger(port) && port > 0 && port <= 65535));
1942
- if (wanted.size === 0)
1943
- return {};
1944
- const execFileAsync = promisify(execFileCb);
1945
- try {
1946
- const { stdout } = await execFileAsync("ss", ["-ltnH"], { timeout: 5_000 });
1947
- const result = {};
1948
- for (const line of stdout.split("\n")) {
1949
- const parsed = parseSsPortLine(line);
1950
- if (!parsed || !wanted.has(parsed.port))
1951
- continue;
1952
- result[parsed.port] ??= [];
1953
- if (!result[parsed.port].includes(parsed.address)) {
1954
- result[parsed.port].push(parsed.address);
1955
- }
1956
- }
1957
- return result;
1958
- }
1959
- catch {
1960
- return {};
1961
- }
1962
- }
1963
- function portRequiresExternalBinding(task, port) {
1964
- const portEntry = (task.ports ?? []).find((entry) => entry.port === port);
1965
- return (portEntry?.visibility ?? "external") !== "internal";
1966
- }
1967
- function isNonLoopbackAddress(address) {
1968
- const normalized = address.trim().replace(/^\[|\]$/g, "");
1969
- if (!normalized || normalized === "*" || normalized === "0.0.0.0" || normalized === "::" || normalized === ":::") {
1970
- return true;
1971
- }
1972
- if (normalized === "localhost" || normalized === "::1")
1973
- return false;
1974
- if (/^127\./.test(normalized))
1975
- return false;
1976
- return true;
1977
- }
1978
- function loopbackOnlyConflictDetail(task, occupiedPorts, listeningAddresses) {
1979
- const invalidPorts = occupiedPorts.filter((port) => {
1980
- if (!portRequiresExternalBinding(task, port))
1981
- return false;
1982
- const addresses = listeningAddresses[port] ?? [];
1983
- return addresses.length > 0 && !addresses.some(isNonLoopbackAddress);
1984
- });
1985
- if (invalidPorts.length === 0)
1986
- return null;
1987
- const details = invalidPorts.map((port) => {
1988
- const bindings = (listeningAddresses[port] ?? []).join(", ") || "127.0.0.1";
1989
- return `${port} (${bindings})`;
1990
- });
1991
- return `Task "${task.name}" 端口 ${details.join(", ")} 当前仅监听在本地回环地址,无法作为可外部访问的应用接管`;
1992
- }
1993
- async function snapshotExternalTaskRuntime(task) {
1994
- const [processes, occupiedPorts, healthCheck] = await Promise.all([
1995
- listExternalTaskProcesses(task),
1996
- listExternalTaskBusyPorts(task),
1997
- probeExternalTaskHealth("external-stop", task),
1998
- ]);
1999
- const healthy = healthCheck?.status === "success";
2000
- return {
2001
- running: processes.length > 0 || (occupiedPorts.length > 0 && (healthy || !task.health?.http)),
2002
- processes,
2003
- occupiedPorts,
2004
- healthy,
2005
- };
2006
- }
2007
- async function waitForExternalTaskExit(task, timeoutMs = EXTERNAL_STOP_SETTLE_TIMEOUT_MS) {
2008
- const deadline = Date.now() + timeoutMs;
2009
- while (Date.now() < deadline) {
2010
- const snapshot = await snapshotExternalTaskRuntime(task);
2011
- if (!snapshot.running)
2012
- return true;
2013
- await new Promise((resolve) => setTimeout(resolve, EXTERNAL_STOP_POLL_INTERVAL_MS));
2014
- }
2015
- const finalSnapshot = await snapshotExternalTaskRuntime(task);
2016
- return !finalSnapshot.running;
2017
- }
2018
- async function detectSystemdUnitForTask(task, processes) {
2019
- if (process.platform !== "linux" || processes.length === 0)
2020
- return null;
2021
- const command = expandTaskCommand(task.command);
2022
- if (!command)
2023
- return null;
2024
- const candidate = `${basename(command).replace(/\.[^.]+$/, "")}.service`;
2025
- const execFileAsync = promisify(execFileCb);
2026
- try {
2027
- const { stdout } = await execFileAsync("systemctl", ["show", candidate, "--property=LoadState,ActiveState,MainPID,ExecStart"], { timeout: 5_000 });
2028
- const props = Object.fromEntries(stdout
2029
- .split("\n")
2030
- .map((line) => line.trim())
2031
- .filter(Boolean)
2032
- .map((line) => {
2033
- const idx = line.indexOf("=");
2034
- return idx >= 0 ? [line.slice(0, idx), line.slice(idx + 1)] : [line, ""];
2035
- }));
2036
- if (props.LoadState === "not-found")
2037
- return null;
2038
- if (!["active", "activating", "reloading"].includes(props.ActiveState ?? ""))
2039
- return null;
2040
- const mainPid = Number(props.MainPID ?? 0);
2041
- if (processes.some((entry) => entry.pid === mainPid)) {
2042
- return candidate;
2043
- }
2044
- return props.ExecStart?.includes(command) ? candidate : null;
2045
- }
2046
- catch {
2047
- return null;
2048
- }
2049
- }
2050
- async function stopSystemdUnit(unit) {
2051
- const execFileAsync = promisify(execFileCb);
2052
- let lastError = null;
2053
- try {
2054
- await execFileAsync("systemctl", ["--no-ask-password", "stop", unit], { timeout: 15_000 });
2055
- return null;
2056
- }
2057
- catch (error) {
2058
- lastError = parseExecFileError(error);
2059
- }
2060
- try {
2061
- await execFileAsync("sudo", ["-n", "systemctl", "stop", unit], { timeout: 15_000 });
2062
- return null;
2063
- }
2064
- catch (error) {
2065
- return parseExecFileError(error) || lastError;
2066
- }
2067
- }
2068
- function isProcessAlive(pid) {
2069
- try {
2070
- process.kill(pid, 0);
2071
- return true;
2072
- }
2073
- catch (error) {
2074
- return error?.code === "EPERM";
2075
- }
2076
- }
2077
- async function waitForPidExit(pid, timeoutMs) {
2078
- const deadline = Date.now() + timeoutMs;
2079
- while (Date.now() < deadline) {
2080
- if (!isProcessAlive(pid))
2081
- return true;
2082
- await new Promise((resolve) => setTimeout(resolve, EXTERNAL_STOP_POLL_INTERVAL_MS));
2083
- }
2084
- return !isProcessAlive(pid);
2085
- }
2086
- async function terminateExternalProcess(pid) {
2087
- try {
2088
- process.kill(pid, "SIGTERM");
2089
- }
2090
- catch (error) {
2091
- if (error?.code === "ESRCH")
2092
- return null;
2093
- return String(error?.message ?? error);
2094
- }
2095
- if (await waitForPidExit(pid, 2_500)) {
2096
- return null;
2097
- }
2098
- try {
2099
- process.kill(pid, "SIGKILL");
2100
- }
2101
- catch (error) {
2102
- if (error?.code === "ESRCH")
2103
- return null;
2104
- return String(error?.message ?? error);
2105
- }
2106
- return (await waitForPidExit(pid, 1_500)) ? null : `pid ${pid} 在 SIGKILL 后仍存活`;
2107
- }
2108
- async function stopExternalProcessTask(task) {
2109
- const initial = await snapshotExternalTaskRuntime(task);
2110
- if (!initial.running) {
2111
- return { detected: false, ok: true };
2112
- }
2113
- const errors = [];
2114
- const systemdUnit = await detectSystemdUnitForTask(task, initial.processes);
2115
- if (systemdUnit) {
2116
- const stopError = await stopSystemdUnit(systemdUnit);
2117
- if (stopError) {
2118
- errors.push(`systemd unit "${systemdUnit}" 停止失败: ${stopError}`);
2119
- }
2120
- if (await waitForExternalTaskExit(task)) {
2121
- return { detected: true, ok: true };
2122
- }
2123
- }
2124
- for (const proc of initial.processes) {
2125
- const stopError = await terminateExternalProcess(proc.pid);
2126
- if (stopError) {
2127
- const owner = proc.user ? ` (${proc.user})` : "";
2128
- errors.push(`无法停止进程 ${proc.pid}${owner}: ${stopError}`);
2129
- }
2130
- }
2131
- if (await waitForExternalTaskExit(task)) {
2132
- return { detected: true, ok: true };
2133
- }
2134
- const finalSnapshot = await snapshotExternalTaskRuntime(task);
2135
- const details = [];
2136
- if (finalSnapshot.processes.length > 0) {
2137
- details.push(`进程 ${finalSnapshot.processes.map((proc) => `${proc.pid}${proc.user ? `(${proc.user})` : ""}`).join(", ")} 仍在运行`);
2138
- }
2139
- if (finalSnapshot.occupiedPorts.length > 0) {
2140
- details.push(`端口 ${finalSnapshot.occupiedPorts.join(", ")} 仍被占用`);
2141
- }
2142
- if (systemdUnit) {
2143
- details.push(`可手动执行 sudo systemctl stop ${systemdUnit}`);
2144
- }
2145
- return {
2146
- detected: true,
2147
- ok: false,
2148
- error: `Task "${task.name}" 未能完全停止:${details.join(",")}${errors.length ? `;${errors.join("; ")}` : ""}`,
2149
- };
2150
- }
2151
- async function stopExternalProcessApp(appId) {
2152
- const spec = loadInstalledAppSpec(appId);
2153
- if (!spec) {
2154
- return { detected: false, ok: true };
2155
- }
2156
- const processTasks = spec.tasks.filter((task) => task.runtime === "process" && (task.role ?? "service") === "service");
2157
- if (processTasks.length === 0) {
2158
- return { detected: false, ok: true };
2159
- }
2160
- const errors = [];
2161
- let detected = false;
2162
- for (const task of processTasks) {
2163
- const result = await stopExternalProcessTask(task);
2164
- detected ||= result.detected;
2165
- if (!result.ok && result.error) {
2166
- errors.push(result.error);
2167
- }
2168
- }
2169
- return {
2170
- detected,
2171
- ok: errors.length === 0,
2172
- ...(errors.length ? { error: errors.join("; ") } : {}),
2173
- };
2174
- }
2175
- async function inspectExternalProcessTask(appId, task) {
2176
- const commandRunning = task.command ? await isBinaryRunning(task.command) : false;
2177
- const declaredPorts = (task.ports ?? [])
2178
- .map((port) => port.port)
2179
- .filter((port) => Number.isInteger(port) && port > 0 && port <= 65535);
2180
- const occupiedFlags = await Promise.all(declaredPorts.map((port) => isPortInUse(port)));
2181
- const busyPorts = declaredPorts.filter((_port, index) => occupiedFlags[index]);
2182
- const listeningAddresses = await listListeningAddressesForPorts(busyPorts);
2183
- const healthCheck = await probeExternalTaskHealth(appId, task);
2184
- const healthMatched = healthCheck?.status === "success";
2185
- const bindingConflict = loopbackOnlyConflictDetail(task, busyPorts, listeningAddresses);
2186
- const hasDeclaredPorts = declaredPorts.length > 0;
2187
- // External adoption must be conservative. A matching command name alone is
2188
- // not enough evidence for service readiness because unrelated host processes
2189
- // can share the same binary. When a health check exists, require it to pass.
2190
- // Without a health check, require the service to actually occupy its declared
2191
- // port(s); only port-less process tasks can fall back to command detection.
2192
- const detected = !bindingConflict && ((Boolean(task.health?.http) && healthMatched)
2193
- || (!task.health?.http && hasDeclaredPorts && busyPorts.length > 0)
2194
- || (!task.health?.http && !hasDeclaredPorts && commandRunning));
2195
- const conflict = Boolean(bindingConflict) || (busyPorts.length > 0 && !healthMatched && Boolean(task.health?.http));
2196
- const status = {
2197
- state: detected ? "running" : conflict ? "failed" : "stopped",
2198
- restarts: 0,
2199
- };
2200
- if (healthCheck) {
2201
- status.health_checks = [healthCheck];
2202
- status.health_status = aggregateHealthStatus(status.health_checks);
2203
- }
2204
- return {
2205
- detected,
2206
- conflict,
2207
- occupiedPorts: busyPorts,
2208
- ...(bindingConflict ? { conflictDetail: bindingConflict } : {}),
2209
- status,
2210
- };
2211
- }
2212
- async function inspectExternalProcessApp(appId, spec) {
2213
- if (!resolveAppDir(appId)) {
2214
- return { detected: false, conflicts: [], status: null };
2215
- }
2216
- const appSpec = spec ?? loadInstalledAppSpec(appId);
2217
- if (!appSpec)
2218
- return { detected: false, conflicts: [], status: null };
2219
- const serviceProcessTasks = appSpec.tasks.filter((task) => task.runtime === "process" && (task.role ?? "service") === "service");
2220
- if (serviceProcessTasks.length === 0) {
2221
- return { detected: false, conflicts: [], status: null };
2222
- }
2223
- const tasks = {};
2224
- const conflicts = [];
2225
- let detected = false;
2226
- for (const task of appSpec.tasks) {
2227
- if (task.runtime === "process" && (task.role ?? "service") === "service") {
2228
- const inspection = await inspectExternalProcessTask(appId, task);
2229
- tasks[task.name] = inspection.status;
2230
- detected ||= inspection.detected;
2231
- if (inspection.conflict) {
2232
- if (inspection.conflictDetail) {
2233
- conflicts.push(inspection.conflictDetail);
2234
- }
2235
- else {
2236
- const ports = inspection.occupiedPorts.join(", ");
2237
- const path = task.health?.http?.path ?? "/";
2238
- conflicts.push(`Task "${task.name}" 端口 ${ports} 已被占用,但现有服务未通过健康检查 ${path}`);
2239
- }
2240
- }
2241
- continue;
2242
- }
2243
- tasks[task.name] = {
2244
- state: (task.role ?? "service") === "init" ? "dead" : "unknown",
2245
- restarts: 0,
2246
- };
2247
- }
2248
- if (!detected) {
2249
- return { detected: false, conflicts, status: null };
2250
- }
2251
- const primaryTaskName = serviceProcessTasks[0]?.name ?? Object.keys(tasks)[0] ?? "";
2252
- return {
2253
- detected: true,
2254
- conflicts,
2255
- status: {
2256
- status: "running",
2257
- tasks,
2258
- pid: null,
2259
- uptime: null,
2260
- memory_mb: null,
2261
- cpu_percent: null,
2262
- restarts: tasks[primaryTaskName]?.restarts ?? 0,
2263
- },
2264
- };
2265
- }
2266
- async function buildExternalAdoptedSpec(appId, spec) {
2267
- if (!resolveAppDir(appId)) {
2268
- return { adopted: false, conflicts: [], spec };
2269
- }
2270
- const conflicts = [];
2271
- let adopted = false;
2272
- const tasks = await Promise.all(spec.tasks.map(async (task) => {
2273
- if (task.runtime !== "process" || (task.role ?? "service") !== "service") {
2274
- return task;
2275
- }
2276
- const inspection = await inspectExternalProcessTask(appId, task);
2277
- if (inspection.conflict) {
2278
- if (inspection.conflictDetail) {
2279
- conflicts.push(inspection.conflictDetail);
2280
- }
2281
- else {
2282
- const ports = inspection.occupiedPorts.join(", ");
2283
- const path = task.health?.http?.path ?? "/";
2284
- conflicts.push(`Task "${task.name}" 端口 ${ports} 已被占用,但现有服务未通过健康检查 ${path}`);
2285
- }
2286
- return task;
2287
- }
2288
- if (!inspection.detected) {
2289
- return task;
2290
- }
2291
- adopted = true;
2292
- return {
2293
- ...task,
2294
- command: EXTERNAL_PROCESS_ADOPT_COMMAND,
2295
- args: [...EXTERNAL_PROCESS_ADOPT_ARGS],
2296
- env: {
2297
- ...(task.env ?? {}),
2298
- JISHUSHELL_EXTERNAL_ADOPTED: "1",
2299
- },
2300
- };
2301
- }));
2302
- return {
2303
- adopted,
2304
- conflicts,
2305
- spec: adopted ? { ...spec, tasks } : spec,
2306
- };
2307
- }
2308
- // ── Nomad task builders ───────────────────────────────────────────────────
2309
- /**
2310
- * Build a Nomad raw_exec task from an AppTask with runtime="process".
2311
- *
2312
- * raw_exec runs the command directly on the host as the specified user.
2313
- * Ports declared in task.ports are registered with Nomad for discovery
2314
- * but do NOT require network mapping (process binds the host port directly).
2315
- */
2316
- function buildRawExecTask(task, appId, extraEnv) {
2317
- const command = (task.command ?? task.binary)
2318
- ?.replace(/^~(?=\/|$)/, homedir());
2319
- if (!command)
2320
- throw new Error(`raw_exec task "${task.name}" must specify command`);
2321
- const args = (task.args ?? []).map(String);
2322
- const cpu = parseCpuMHz(task.resources?.cpu);
2323
- const mem = parseMemoryMB(task.resources?.memory);
2324
- const env = {
2325
- ...extraEnv,
2326
- ...interpolateEnvRequires(task.env ?? {}, extraEnv),
2327
- };
2328
- const lifecycle = roleToLifecycle(task.role ?? "service");
2329
- const taskDef = {
2330
- Name: task.name,
2331
- Driver: "raw_exec",
2332
- Config: {
2333
- command,
2334
- args,
2335
- },
2336
- Env: env,
2337
- Resources: {
2338
- CPU: cpu,
2339
- MemoryMB: mem,
2340
- },
2341
- LogConfig: { MaxFiles: 3, MaxFileSizeMB: 10 },
2342
- };
2343
- if (lifecycle)
2344
- taskDef.Lifecycle = lifecycle;
2345
- const svcCheck = buildServiceCheck(task, appId);
2346
- if (svcCheck)
2347
- taskDef.Services = [svcCheck];
2348
- return taskDef;
2349
- }
2350
- /**
2351
- * Build a Nomad docker task from an AppTask with runtime="container".
2352
- *
2353
- * Uses bridge network mode. Each declared port in task.ports is published
2354
- * from the host to the container.
2355
- */
2356
- function buildDockerTask(task, appId, extraEnv) {
2357
- const image = task.image;
2358
- if (!image)
2359
- throw new Error(`docker task "${task.name}" must specify image`);
2360
- if (!UnifiedNomadJobs.DOCKER_IMAGE_RE.test(image) || image.length > UnifiedNomadJobs.MAX_DOCKER_IMAGE_NAME_LEN) {
2361
- throw new Error(`docker task "${task.name}": invalid image name "${image}"`);
2362
- }
2363
- const args = (task.args ?? []).map(String);
2364
- const cpu = parseCpuMHz(task.resources?.cpu);
2365
- const mem = parseMemoryMB(task.resources?.memory);
2366
- const memMax = Math.min(mem, config.getMaxAppMemoryMB());
2367
- const env = {
2368
- ...extraEnv,
2369
- ...interpolateEnvRequires(task.env ?? {}, extraEnv),
2370
- };
2371
- // Only externally-visible ports get published to the host. Internal
2372
- // ports (e.g. SearXNG sidecar at 8080) stay inside the container /
2373
- // task-group network and are reached from peer tasks via 127.0.0.1.
2374
- const publishedPorts = (task.ports ?? [])
2375
- .filter((p) => (p.visibility ?? "external") !== "internal")
2376
- .map((p) => portLabel(task.name, p.name));
2377
- const lifecycle = roleToLifecycle(task.role ?? "service");
2378
- const volumes = (task.volumes ?? []).map((v) => {
2379
- if (typeof v === "string")
2380
- return v.replace(/^~(?=\/|$)/, homedir());
2381
- const src = v.source.replace(/^~(?=\/|$)/, homedir());
2382
- return `${src}:${v.target}${v.readonly ? ":ro" : ":rw"}`;
2383
- });
2384
- const workDir = typeof task.cwd === "string" ? task.cwd.trim() : "";
2385
- // Resolve container task user. On Linux we default to the panel
2386
- // process's host uid:gid so bind-mounted data dirs (owned by the panel
2387
- // user, typically `pi`) are writable without forcing the container to
2388
- // run as root and without needing chown / DAC_OVERRIDE gymnastics.
2389
- // yaml override `user: "<uid>:<gid>"` wins; explicit `user: "root"` or
2390
- // `user: "0:0"` keeps the image's root default.
2391
- //
2392
- // On macOS we skip the host-uid default. Docker on Mac runs inside a
2393
- // Linux VM (Colima/Docker Desktop) with its own uid namespace — host
2394
- // uids like 501 (the standard macOS first-user) are virtualised away
2395
- // by virtiofs and almost never exist in the image's /etc/passwd. Some
2396
- // images crash hard when started as an unknown uid: e.g. browserless
2397
- // calls Node.js `os.userInfo()` very early, which throws
2398
- // `uv_os_get_passwd returned ENOENT` and the container exits before
2399
- // the port ever binds. Letting the image's default USER directive
2400
- // take effect is correct on Mac; users who do need bind-mount
2401
- // ownership control can still set yaml `user:` explicitly.
2402
- const containerUser = (() => {
2403
- if (task.runtime !== "container")
2404
- return undefined;
2405
- const declared = typeof task.user === "string" ? task.user.trim() : "";
2406
- if (declared === "host" || declared === "") {
2407
- if (process.platform === "darwin")
2408
- return undefined;
2409
- const uid = process.getuid?.() ?? 1000;
2410
- const gid = process.getgid?.() ?? 1000;
2411
- return `${uid}:${gid}`;
2412
- }
2413
- return declared;
2414
- })();
2415
- // Validate cap_add against a tight allowlist. The full Linux cap surface
2416
- // is large; we only honor capabilities image entrypoints actually need
2417
- // for the canonical "start as root + gosu to user" pattern. Anything
2418
- // outside this list is silently dropped — failing closed protects
2419
- // against typo'd / hostile specs widening the container's capability
2420
- // bounds beyond what the panel author signed off on.
2421
- const ALLOWED_CAPS = new Set([
2422
- "CHOWN", "DAC_OVERRIDE", "FOWNER",
2423
- "SETUID", "SETGID", "SETPCAP", "NET_BIND_SERVICE",
2424
- ]);
2425
- const capAdd = Array.isArray(task.cap_add)
2426
- ? task.cap_add
2427
- .map((c) => typeof c === "string" ? c.trim().toUpperCase().replace(/^CAP_/, "") : "")
2428
- .filter((c) => ALLOWED_CAPS.has(c))
2429
- : [];
2430
- // Public-DNS override. Defaults to AliDNS / DNSPod / Cloudflare; can be
2431
- // disabled or replaced via core.json `container_dns`. The override is
2432
- // necessary because docker's "copy host's resolv.conf" default rewrites
2433
- // 127.0.0.53 (systemd-resolved loopback) back to whatever upstream the
2434
- // host learned from DHCP, re-introducing into the container any DNS
2435
- // hijack the host had bypassed via DoT/DoH — silent failure mode that
2436
- // surfaces as 3-second-timeout on every outbound request from inside
2437
- // search/scraper apps on home networks. Empty list = no override.
2438
- const containerDns = config.getContainerDns();
2439
- const taskDef = {
2440
- Name: task.name,
2441
- Driver: "docker",
2442
- ...(containerUser ? { User: containerUser } : {}),
2443
- Config: {
2444
- image,
2445
- force_pull: false,
2446
- // Nomad's docker driver default `image_pull_timeout` is 5 minutes;
2447
- // on Raspberry Pi or other constrained networks a 1+ GiB image
2448
- // (Open WebUI, OpenClaw, Hermes) can exceed that and the alloc
2449
- // restart-loops with "Failed to pull: context deadline exceeded"
2450
- // before it ever starts. Raise to 15 minutes — long enough for
2451
- // realistic Pi-class pulls, short enough that a genuinely
2452
- // unreachable registry still surfaces as a failure within a
2453
- // bounded window.
2454
- image_pull_timeout: "15m",
2455
- ...(workDir ? { work_dir: workDir } : {}),
2456
- ...(task.command ? { command: String(task.command) } : {}),
2457
- args,
2458
- ...(publishedPorts.length > 0 ? { ports: publishedPorts } : {}),
2459
- extra_hosts: ["host.docker.internal:host-gateway"],
2460
- ...(containerDns.length > 0 ? { dns_servers: containerDns } : {}),
2461
- cap_drop: ["ALL"],
2462
- ...(capAdd.length > 0 ? { cap_add: capAdd } : {}),
2463
- security_opt: ["no-new-privileges"],
2464
- pids_limit: DEFAULT_PIDS_LIMIT,
2465
- readonly_rootfs: false,
2466
- ...(volumes.length > 0 ? { volumes } : {}),
2467
- mounts: [
2468
- { type: "tmpfs", target: "/tmp", tmpfs_options: { size: 536_870_912 } },
2469
- { type: "tmpfs", target: "/var/tmp", tmpfs_options: { size: 67_108_864 } },
2470
- ],
2471
- },
2472
- Env: env,
2473
- Resources: {
2474
- CPU: cpu,
2475
- MemoryMB: mem,
2476
- MemoryMaxMB: memMax,
2477
- },
2478
- LogConfig: { MaxFiles: 3, MaxFileSizeMB: 10 },
2479
- };
2480
- if (lifecycle)
2481
- taskDef.Lifecycle = lifecycle;
2482
- const svcCheck = buildServiceCheck(task, appId);
2483
- if (svcCheck)
2484
- taskDef.Services = [svcCheck];
2485
- return taskDef;
2486
- }
2487
- // ── Job builder ───────────────────────────────────────────────────────────
2488
- /**
2489
- * Build a complete Nomad job payload from an AppSpec.
2490
- *
2491
- * @param spec The validated AppSpec.
2492
- * @param appId A unique instance/run ID (used as job suffix).
2493
- * @param driver "docker" | "raw_exec"
2494
- * @param extraEnv Additional env vars injected into every task (e.g. capability addresses).
2495
- */
2496
- function buildAppJob(spec, appId, driver, extraEnv) {
2497
- const materializedSpec = materializeAppIdTokens(spec, appId);
2498
- const jid = jobId(appId);
2499
- assertSafeTemplateId(jid);
2500
- const tasks = materializedSpec.tasks.map((task) => {
2501
- const actualDriver = task.runtime === "container" ? "docker" : "raw_exec";
2502
- // Validate driver availability
2503
- if (actualDriver !== driver) {
2504
- // Allow mixed task runtimes — build each task with its own driver.
2505
- // Nomad supports heterogeneous drivers within one group.
2506
- }
2507
- if (task.runtime === "container") {
2508
- return buildDockerTask(task, appId, extraEnv);
2509
- }
2510
- else if (task.runtime === "process") {
2511
- return buildRawExecTask(task, appId, extraEnv);
2512
- }
2513
- else {
2514
- throw new Error(`Unsupported task runtime "${task.runtime}" for task "${task.name}"`);
2515
- }
2516
- });
2517
- const groupReservedPorts = materializedSpec.tasks.flatMap((task) => reservedPortsForTask(task));
2518
- const jobDef = {
2519
- Job: {
2520
- ID: jid,
2521
- Name: jid,
2522
- Namespace: "default",
2523
- Type: "service",
2524
- Datacenters: ["*"],
2525
- TaskGroups: [{
2526
- Name: materializedSpec.id,
2527
- Count: 1,
2528
- ...(groupReservedPorts.length > 0
2529
- ? { Networks: [{ ReservedPorts: groupReservedPorts }] }
2530
- : {}),
2531
- RestartPolicy: {
2532
- // 10 attempts × 15s delay = ~2.5min recovery window. Multi-task
2533
- // app groups commonly need 3-5 restarts before sidecar
2534
- // dependencies' external port-publish settles.
2535
- Attempts: 10,
2536
- Interval: 600_000_000_000,
2537
- Delay: 15_000_000_000,
2538
- Mode: "fail",
2539
- },
2540
- Reschedule: {
2541
- Attempts: 3,
2542
- Interval: 3_600_000_000_000,
2543
- Unlimited: false,
2544
- },
2545
- Update: {
2546
- MaxParallel: 1,
2547
- HealthCheck: "task_states",
2548
- MinHealthyTime: 5_000_000_000,
2549
- HealthyDeadline: 120_000_000_000,
2550
- AutoRevert: false,
2551
- },
2552
- Tasks: tasks,
2553
- }],
2554
- },
2555
- };
2556
- if (materializedSpec._engine) {
2557
- jobDef.Job = deepMerge(jobDef.Job, materializedSpec._engine.Job ?? materializedSpec._engine);
2558
- }
2559
- return jobDef;
2560
- }
2561
- // ── Alloc helpers ─────────────────────────────────────────────────────────
2562
- async function getAllocs(appId) {
2563
- const jid = jobId(appId);
2564
- try {
2565
- const resp = await nomadGet(`/v1/job/${jid}/allocations`);
2566
- if (resp.status === 404)
2567
- return [];
2568
- const allocs = await resp.json();
2569
- return allocs;
2570
- }
2571
- catch {
2572
- return [];
2573
- }
2574
- }
2575
- function pickLiveAlloc(allocs) {
2576
- for (const clientStatus of ["running", "pending"]) {
2577
- for (const alloc of allocs) {
2578
- if (alloc.ClientStatus === clientStatus)
2579
- return alloc;
2580
- }
2581
- }
2582
- return null;
2583
- }
2584
- function pickLatestTerminalAlloc(allocs) {
2585
- const terminalAllocs = allocs
2586
- .filter((alloc) => alloc.ClientStatus !== "running" && alloc.ClientStatus !== "pending")
2587
- .sort((left, right) => allocTimestamp(right) - allocTimestamp(left));
2588
- return terminalAllocs[0] ?? null;
2589
- }
2590
- async function getAllocClientStatus(allocId) {
2591
- if (!/^[a-f0-9-]+$/i.test(allocId))
2592
- return null;
2593
- try {
2594
- const resp = await nomadGet(`/v1/allocation/${allocId}`);
2595
- if (resp.status === 404 || !resp.ok)
2596
- return null;
2597
- const alloc = await resp.json();
2598
- return typeof alloc?.ClientStatus === "string" ? alloc.ClientStatus : null;
2599
- }
2600
- catch {
2601
- return null;
2602
- }
2603
- }
2604
- async function waitForAllocationsToStop(allocIds, timeoutMs = 30_000, pollIntervalMs = 1_000) {
2605
- const pending = new Set(allocIds.filter((allocId) => /^[a-f0-9-]+$/i.test(allocId)));
2606
- if (pending.size === 0)
2607
- return true;
2608
- const deadline = Date.now() + timeoutMs;
2609
- while (Date.now() < deadline) {
2610
- for (const allocId of [...pending]) {
2611
- const status = await getAllocClientStatus(allocId);
2612
- if (status == null || (status !== "running" && status !== "pending")) {
2613
- pending.delete(allocId);
2614
- }
2615
- }
2616
- if (pending.size === 0)
2617
- return true;
2618
- await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
2619
- }
2620
- return pending.size === 0;
2621
- }
2622
- async function getAllocChecks(allocId) {
2623
- try {
2624
- const resp = await nomadGet(`/v1/allocation/${allocId}/checks`);
2625
- if (resp.status === 404 || !resp.ok)
2626
- return [];
2627
- const checks = await resp.json();
2628
- return Object.values(checks ?? {});
2629
- }
2630
- catch {
2631
- return [];
2632
- }
2633
- }
2634
- function taskNameForAllocCheck(check, taskNames, appId) {
2635
- const checkName = String(check.Check ?? "");
2636
- for (const taskName of taskNames) {
2637
- if (checkName === `${taskName}-health` || checkName.startsWith(`${taskName}-`)) {
2638
- return taskName;
2639
- }
2640
- }
2641
- const serviceName = String(check.Service ?? "");
2642
- if (taskNames.includes(serviceName))
2643
- return serviceName;
2644
- const appTaskPrefix = `${appId}-`;
2645
- if (serviceName.startsWith(appTaskPrefix)) {
2646
- const candidate = serviceName.slice(appTaskPrefix.length);
2647
- if (taskNames.includes(candidate))
2648
- return candidate;
2649
- }
2650
- return null;
2651
- }
2652
- function aggregateHealthStatus(checks) {
2653
- const statuses = checks.map((check) => String(check.status ?? "unknown").toLowerCase());
2654
- if (statuses.length === 0)
2655
- return "unknown";
2656
- const healthy = new Set(["success", "passing", "healthy"]);
2657
- const unhealthy = new Set(["failure", "critical", "warning", "unhealthy"]);
2658
- if (statuses.every((status) => healthy.has(status)))
2659
- return "healthy";
2660
- if (statuses.some((status) => unhealthy.has(status)))
2661
- return "unhealthy";
2662
- if (statuses.some((status) => status === "pending" || status === "unknown" || status === "")) {
2663
- return "unknown";
2664
- }
2665
- return statuses[0];
2666
- }
2667
- UnifiedNomadJobs.aggregateHealthStatus = aggregateHealthStatus;
2668
- async function getRunningAlloc(appId) {
2669
- return pickLiveAlloc(await getAllocs(appId));
2670
- }
2671
- // ── Public API ────────────────────────────────────────────────────────────
2672
- /**
2673
- * Returns true if this app job exists in Nomad and was NOT explicitly stopped.
2674
- * Used at JishuShell startup to auto-restart apps that were running before reboot.
2675
- */
2676
- async function shouldAutoStart(appId) {
2677
- const jid = jobId(appId);
2678
- try {
2679
- const resp = await nomadGet(`/v1/job/${jid}`);
2680
- if (!resp.ok || resp.status === 404)
2681
- return false;
2682
- const job = await resp.json();
2683
- return job.Stop === false && job.Status !== "dead";
2684
- }
2685
- catch {
2686
- return false;
2687
- }
2688
- }
2689
- UnifiedNomadJobs.shouldAutoStart = shouldAutoStart;
2690
- /**
2691
- * Get the aggregated status of an app job.
2692
- *
2693
- * @param appId App instance ID.
2694
- * @param primaryTask Task name to use for uptime/restarts summary.
2695
- * Defaults to the first service task in the spec.
2696
- * If omitted, the first task state found is used.
2697
- */
2698
- async function getAppStatus(appId, primaryTask) {
2699
- const jid = jobId(appId);
2700
- const stopped = {
2701
- status: "stopped",
2702
- tasks: {},
2703
- pid: null,
2704
- uptime: null,
2705
- memory_mb: null,
2706
- cpu_percent: null,
2707
- restarts: 0,
2708
- };
2709
- try {
2710
- const resp = await nomadGet(`/v1/job/${jid}`);
2711
- if (resp.status === 404)
2712
- return stopped;
2713
- const job = await resp.json();
2714
- if (job.Stop)
2715
- return stopped;
2716
- }
2717
- catch {
2718
- return { ...stopped, status: "unknown", error: "Nomad unreachable" };
2719
- }
2720
- const allocs = await getAllocs(appId);
2721
- const alloc = pickLiveAlloc(allocs) ?? pickLatestTerminalAlloc(allocs);
2722
- // When Nomad has no allocation (e.g. raw_exec driver disabled), fall back to
2723
- // external process detection for process-runtime apps.
2724
- if (!alloc || alloc.ClientStatus === "pending") {
2725
- const ext = await inspectExternalProcessApp(appId);
2726
- if (ext.detected && ext.status)
2727
- return ext.status;
2728
- if (!alloc)
2729
- return { ...stopped, status: "pending" };
2730
- }
2731
- const allocId = alloc.ID;
2732
- const taskStates = alloc.TaskStates ?? {};
2733
- // Build per-task summary
2734
- const tasks = {};
2735
- for (const [name, state] of Object.entries(taskStates)) {
2736
- const s = state;
2737
- tasks[name] = {
2738
- state: s.State ?? "unknown",
2739
- restarts: s.Restarts ?? 0,
2740
- started_at: s.StartedAt ?? undefined,
2741
- };
2742
- }
2743
- const allocChecks = await getAllocChecks(allocId);
2744
- const taskNames = Object.keys(tasks);
2745
- for (const check of allocChecks) {
2746
- const taskName = taskNameForAllocCheck(check, taskNames, appId);
2747
- if (!taskName || !tasks[taskName])
2748
- continue;
2749
- tasks[taskName].health_checks ??= [];
2750
- tasks[taskName].health_checks.push({
2751
- name: String(check.Check ?? "health"),
2752
- status: String(check.Status ?? "unknown"),
2753
- ...(typeof check.Service === "string" ? { service: check.Service } : {}),
2754
- ...(typeof check.Output === "string" && check.Output ? { output: check.Output } : {}),
2755
- });
2756
- }
2757
- for (const task of Object.values(tasks)) {
2758
- if (task.health_checks?.length) {
2759
- task.health_status = aggregateHealthStatus(task.health_checks);
2760
- }
2761
- }
2762
- // Determine primary task for aggregated stats
2763
- const ptName = primaryTask ?? Object.keys(tasks)[0] ?? "";
2764
- const pt = tasks[ptName] ?? {};
2765
- const result = {
2766
- status: alloc.ClientStatus ?? "unknown",
2767
- alloc_id: allocId,
2768
- tasks,
2769
- pid: null,
2770
- uptime: null,
2771
- memory_mb: null,
2772
- cpu_percent: null,
2773
- restarts: pt.restarts ?? 0,
2774
- };
2775
- // Uptime from primary task's StartedAt
2776
- if (pt.started_at) {
2777
- try {
2778
- result.uptime = Math.floor((Date.now() - new Date(pt.started_at).getTime()) / 1000);
2779
- }
2780
- catch { /* ignore */ }
2781
- }
2782
- // Resource stats from Nomad alloc stats API
2783
- try {
2784
- const statsResp = await nomadGet(`/v1/client/allocation/${allocId}/stats`);
2785
- if (statsResp.ok) {
2786
- const stats = await statsResp.json();
2787
- // raw_exec: stats nested under Tasks.<name>; docker: top-level ResourceUsage
2788
- const taskStats = (ptName ? stats.Tasks?.[ptName]?.ResourceUsage : null) ??
2789
- stats.ResourceUsage ??
2790
- {};
2791
- const memStats = taskStats.MemoryStats ?? {};
2792
- const cpuStats = taskStats.CpuStats ?? {};
2793
- const memBytes = memStats.RSS ?? memStats.Usage ?? 0;
2794
- result.memory_mb = Math.round((memBytes / (1024 * 1024)) * 10) / 10;
2795
- result.cpu_percent = Math.round((cpuStats.Percent ?? 0) * 10) / 10;
2796
- }
2797
- }
2798
- catch { /* ignore */ }
2799
- // Fallback: cgroup v2 (Pi / CIX) → Nomad alloc-stats are zero. Use the
2800
- // shared cached `docker stats` snapshot rather than forking per-instance.
2801
- if (!result.memory_mb && allocId && ptName && /^[a-f0-9-]+$/i.test(allocId)) {
2802
- const containerName = `${ptName}-${allocId}`;
2803
- const stat = (await getDockerMemSnapshot()).get(containerName);
2804
- if (stat) {
2805
- if (stat.memory_mb)
2806
- result.memory_mb = stat.memory_mb;
2807
- if (!result.cpu_percent && stat.cpu_percent)
2808
- result.cpu_percent = stat.cpu_percent;
2809
- }
2810
- }
2811
- return result;
2812
- }
2813
- UnifiedNomadJobs.getAppStatus = getAppStatus;
2814
- // ── Driver health check + auto-restart ────────────────────────────────────
2815
- /**
2816
- * Check whether a Nomad task driver is healthy on the local node.
2817
- * Returns true if the driver is both detected and healthy.
2818
- */
2819
- async function isNomadDriverHealthy(driverName) {
2820
- try {
2821
- const nodesResp = await nomadGet("/v1/nodes");
2822
- if (!nodesResp.ok)
2823
- return true; // assume healthy if we can't check
2824
- const nodes = await nodesResp.json();
2825
- if (nodes.length === 0)
2826
- return true;
2827
- const nodeId = nodes[0]?.ID;
2828
- if (!nodeId)
2829
- return true;
2830
- const nodeResp = await nomadGet(`/v1/node/${nodeId}`);
2831
- if (!nodeResp.ok)
2832
- return true;
2833
- const node = await nodeResp.json();
2834
- const driver = node.Drivers?.[driverName];
2835
- if (!driver)
2836
- return false;
2837
- return driver.Detected === true && driver.Healthy === true;
2838
- }
2839
- catch {
2840
- return true; // don't block on transient errors
2841
- }
2842
- }
2843
- /**
2844
- * If the required Nomad driver is not healthy, restart Nomad so it picks up
2845
- * the current config (e.g. raw_exec enabled = true). Driver plugin changes
2846
- * require a full Nomad agent restart — SIGHUP / reload API are insufficient.
2847
- *
2848
- * Returns true if the driver is healthy (possibly after restart), false if it
2849
- * could not be made healthy.
2850
- */
2851
- async function ensureNomadDriverHealthy(driverName) {
2852
- if (await isNomadDriverHealthy(driverName))
2853
- return true;
2854
- console.warn(`[nomad] Driver "${driverName}" is not healthy — restarting Nomad to apply config…`);
2855
- try {
2856
- const { stopNomad, startNomad } = await import("./setup-manager.js");
2857
- const stopResult = await stopNomad();
2858
- if (!stopResult.ok) {
2859
- console.warn(`[nomad] Nomad stop failed: ${stopResult.error}`);
2860
- }
2861
- const startResult = await startNomad();
2862
- if (!startResult.ok) {
2863
- console.warn(`[nomad] Nomad start failed: ${startResult.error}`);
2864
- return false;
2865
- }
2866
- // Wait up to 15s for the driver to become healthy after restart
2867
- for (let i = 0; i < 15; i++) {
2868
- await new Promise((r) => setTimeout(r, 1_000));
2869
- if (await isNomadDriverHealthy(driverName))
2870
- return true;
2871
- }
2872
- console.warn(`[nomad] Driver "${driverName}" still unhealthy after Nomad restart`);
2873
- return false;
2874
- }
2875
- catch (e) {
2876
- console.warn(`[nomad] Failed to restart Nomad: ${e.message}`);
2877
- return false;
2878
- }
2879
- }
2880
- /**
2881
- * Submit a Nomad job for an app.
2882
- *
2883
- * @param spec Validated AppSpec.
2884
- * @param appId Unique instance ID (job name suffix).
2885
- * @param extraEnv Env vars injected into every task (e.g. resolved capability addresses).
2886
- */
2887
- async function startAppJob(spec, appId, extraEnv = {}) {
2888
- const status = await getAppStatus(appId);
2889
- const adoptedExternal = await buildExternalAdoptedSpec(appId, spec);
2890
- if (adoptedExternal.conflicts.length > 0) {
2891
- return { ok: false, error: adoptedExternal.conflicts.join("; ") };
2892
- }
2893
- let effectiveSpec = applyPersistedAppSpecPortOverrides(appId, adoptedExternal.spec);
2894
- // Validate all images before submitting
2895
- for (const task of effectiveSpec.tasks) {
2896
- if (task.runtime === "container") {
2897
- if (!task.image || !UnifiedNomadJobs.DOCKER_IMAGE_RE.test(task.image) || task.image.length > UnifiedNomadJobs.MAX_DOCKER_IMAGE_NAME_LEN) {
2898
- return { ok: false, error: `Task "${task.name}": invalid docker image "${task.image ?? ""}"` };
2899
- }
2900
- }
2901
- }
2902
- // Determine predominant driver (first service task wins)
2903
- const primaryTask = effectiveSpec.tasks.find((t) => (t.role ?? "service") === "service") ?? effectiveSpec.tasks[0];
2904
- const driver = primaryTask?.runtime === "container" ? "docker" : "raw_exec";
2905
- // Ensure the required Nomad driver is healthy; restart Nomad if needed.
2906
- const driverOk = await ensureNomadDriverHealthy(driver);
2907
- if (!driverOk) {
2908
- if (driver === "raw_exec") {
2909
- const rawExecError = await validateRawExecDriverAvailability();
2910
- if (rawExecError) {
2911
- return { ok: false, error: rawExecError };
2912
- }
2913
- }
2914
- return { ok: false, error: `Nomad driver "${driver}" is not available. Check Nomad configuration and restart Nomad.` };
2915
- }
2916
- const hostNetworkError = await validateRequiredHostNetworks(effectiveSpec);
2917
- if (hostNetworkError) {
2918
- return { ok: false, error: hostNetworkError };
2919
- }
2920
- if (driver === "docker") {
2921
- const preflight = await maybeReallocateAppSpecHostPort(appId, effectiveSpec, "host_port_busy");
2922
- if (preflight.error)
2923
- return { ok: false, error: preflight.error };
2924
- effectiveSpec = preflight.spec;
2925
- }
2926
- for (let attempt = 0; attempt < 2; attempt++) {
2927
- let jobDef;
2928
- try {
2929
- jobDef = buildAppJob(effectiveSpec, appId, driver, extraEnv);
2930
- }
2931
- catch (e) {
2932
- return { ok: false, error: `Job build failed: ${e.message}` };
2933
- }
2934
- let submitError = null;
2935
- let netErr = false;
2936
- try {
2937
- const resp = await nomadPost("/v1/jobs", jobDef);
2938
- if (resp.ok) {
2939
- const data = await resp.json();
2940
- // When the app was previously failed, verify it actually transitions
2941
- // away from the failed state rather than reporting false success.
2942
- if (status.status === "failed") {
2943
- const recovered = await waitForRecovery(appId, 15_000, 2_000);
2944
- if (!recovered) {
2945
- return { ok: false, error: "App start submitted but instance remains in failed state. Check app logs for details.", eval_id: data.EvalID };
2946
- }
2947
- }
2948
- return { ok: true, eval_id: data.EvalID };
2949
- }
2950
- submitError = await resp.text();
2951
- }
2952
- catch (e) {
2953
- netErr = e?.message === "fetch failed" || e?.cause?.code === "ECONNREFUSED";
2954
- submitError = netErr ? `Nomad 服务不可达 (${getNomadAddr()}),请先启动 Nomad` : e.message;
2955
- }
2956
- if (attempt === 0 && driver === "docker" && !netErr) {
2957
- const retry = await maybeReallocateAppSpecHostPort(appId, effectiveSpec, "docker_race");
2958
- if (retry.error)
2959
- return { ok: false, error: retry.error };
2960
- if (retry.changed) {
2961
- effectiveSpec = retry.spec;
2962
- continue;
2963
- }
2964
- }
2965
- return { ok: false, error: submitError ?? "unknown error" };
2966
- }
2967
- return { ok: false, error: "start retry exhausted" };
2968
- }
2969
- UnifiedNomadJobs.startAppJob = startAppJob;
2970
- /**
2971
- * Poll until the app job reaches "running" status or times out.
2972
- * Returns true if the job is running, false if timed out.
2973
- */
2974
- async function waitForRunning(appId, timeoutMs = 120_000, pollIntervalMs = 3_000) {
2975
- const deadline = Date.now() + timeoutMs;
2976
- while (Date.now() < deadline) {
2977
- const status = await getAppStatus(appId);
2978
- if (status.status === "running")
2979
- return true;
2980
- if (status.status === "dead" || status.status === "failed")
2981
- return false;
2982
- await new Promise((r) => setTimeout(r, pollIntervalMs));
2983
- }
2984
- return false;
2985
- }
2986
- UnifiedNomadJobs.waitForRunning = waitForRunning;
2987
- /**
2988
- * Poll until the app job leaves the "failed" state or times out.
2989
- * Used after start submission to verify actual recovery before reporting success.
2990
- * Returns true if the app transitions away from "failed" (to pending/running/etc).
2991
- */
2992
- async function waitForRecovery(appId, timeoutMs = 15_000, pollIntervalMs = 2_000) {
2993
- const deadline = Date.now() + timeoutMs;
2994
- while (Date.now() < deadline) {
2995
- await new Promise((r) => setTimeout(r, pollIntervalMs));
2996
- const status = await getAppStatus(appId);
2997
- if (status.status !== "failed")
2998
- return true;
2999
- }
3000
- return false;
3001
- }
3002
- async function checkDependencies(spec) {
3003
- if (!spec.depends_on || Object.keys(spec.depends_on).length === 0) {
3004
- return { ok: true, errors: [] };
3005
- }
3006
- const errors = [];
3007
- for (const [depId, dep] of Object.entries(spec.depends_on)) {
3008
- const status = await getAppStatus(depId);
3009
- const condition = dep.condition ?? "started";
3010
- const required = dep.required !== false;
3011
- let satisfied = false;
3012
- if (condition === "started") {
3013
- satisfied = status.status !== "stopped" && status.status !== "unknown";
3014
- }
3015
- else if (condition === "healthy") {
3016
- satisfied = status.status === "running";
3017
- }
3018
- else if (condition === "completed") {
3019
- satisfied = status.status === "dead";
3020
- }
3021
- if (!satisfied) {
3022
- const msg = `Dependency "${depId}" not satisfied (need: ${condition}, got: ${status.status})`;
3023
- if (required) {
3024
- errors.push(msg);
3025
- }
3026
- else {
3027
- console.warn(` [depends_on] ${msg} (optional, continuing)`);
3028
- }
3029
- }
3030
- }
3031
- return { ok: errors.length === 0, errors };
3032
- }
3033
- UnifiedNomadJobs.checkDependencies = checkDependencies;
3034
- /**
3035
- * Stop (and optionally purge) a Nomad app job.
3036
- */
3037
- async function stopAppJob(appId, purge = false) {
3038
- const jid = jobId(appId);
3039
- const liveAllocIds = (await getAllocs(appId))
3040
- .filter((alloc) => alloc?.ID && (alloc.ClientStatus === "running" || alloc.ClientStatus === "pending"))
3041
- .map((alloc) => String(alloc.ID));
3042
- let nomadStopped = false;
3043
- let appMissing = false;
3044
- let nomadError;
3045
- try {
3046
- const resp = await nomadDelete(`/v1/job/${jid}?purge=${purge}`);
3047
- nomadStopped = resp.ok;
3048
- appMissing = resp.status === 404;
3049
- if (!resp.ok && !appMissing) {
3050
- nomadError = await resp.text();
3051
- }
3052
- }
3053
- catch (e) {
3054
- const isNetErr = e?.message === "fetch failed" || e?.cause?.code === "ECONNREFUSED";
3055
- nomadError = isNetErr
3056
- ? `Nomad 服务不可达 (${getNomadAddr()}),请先启动 Nomad`
3057
- : e.message;
3058
- }
3059
- const externalStop = await stopExternalProcessApp(appId);
3060
- if (!externalStop.ok) {
3061
- return {
3062
- ok: false,
3063
- error: nomadError ? `${nomadError}; ${externalStop.error}` : externalStop.error,
3064
- };
3065
- }
3066
- if (nomadStopped) {
3067
- const allocsStopped = await waitForAllocationsToStop(liveAllocIds);
3068
- if (!allocsStopped) {
3069
- const lingeringAlloc = await getRunningAlloc(appId);
3070
- if (!lingeringAlloc) {
3071
- return { ok: true };
3072
- }
3073
- return { ok: false, error: `App '${appId}' allocations did not stop in time` };
3074
- }
3075
- return { ok: true };
3076
- }
3077
- if (nomadError)
3078
- return { ok: false, error: nomadError };
3079
- if (appMissing) {
3080
- return externalStop.detected ? { ok: true } : { ok: false, error: "App is not running" };
3081
- }
3082
- return { ok: true };
3083
- }
3084
- UnifiedNomadJobs.stopAppJob = stopAppJob;
3085
- /**
3086
- * Restart a running app job.
3087
- * Prefers native Nomad allocation restart to preserve alloc history.
3088
- * Falls back to stop + re-submit when no AppSpec is available for re-submit.
3089
- *
3090
- * @param appId App instance ID.
3091
- * @param primaryTask Task name to restart. Defaults to the first task.
3092
- */
3093
- async function restartAppJob(appId, primaryTask) {
3094
- const alloc = await getRunningAlloc(appId);
3095
- if (alloc) {
3096
- try {
3097
- // Native Nomad allocation restart — preserves alloc history.
3098
- const resp = await nomadPut(`/v1/client/allocation/${alloc.ID}/restart`, {
3099
- TaskName: primaryTask ?? "",
3100
- AllTasks: !primaryTask,
3101
- });
3102
- if (resp.ok)
3103
- return { ok: true, alloc_id: alloc.ID };
3104
- const errText = await resp.text();
3105
- console.warn(`[nomad] Native restart failed for app ${appId} (HTTP ${resp.status}): ${errText}` +
3106
- " — falling back to stop+start");
3107
- }
3108
- catch (e) {
3109
- console.warn(`[nomad] Native restart error for app ${appId}: ${e.message}` +
3110
- " — falling back to stop+start");
3111
- }
3112
- }
3113
- // Fallback: stop then re-start. Caller must re-call startAppJob with spec.
3114
- // This path is intentionally not self-contained because we don't cache the
3115
- // AppSpec here — app-manager owns the spec and should call startAppJob.
3116
- const stopResult = await stopAppJob(appId);
3117
- if (!stopResult.ok && stopResult.error !== "App is not running") {
3118
- return stopResult;
3119
- }
3120
- return { ok: false, error: "restart_requires_resubmit" };
3121
- }
3122
- UnifiedNomadJobs.restartAppJob = restartAppJob;
3123
- /**
3124
- * Fetch recent log lines for a task in an app job.
3125
- *
3126
- * @param appId App instance ID.
3127
- * @param taskName Nomad task name (task.name from AppSpec).
3128
- * @param lines Number of lines to return (default 200).
3129
- * @param logType "stdout" | "stderr" (default "stderr").
3130
- */
3131
- async function getAppLogs(appId, taskName = "", lines = 200, logType = "stderr") {
3132
- if (!UnifiedNomadJobs.VALID_LOG_TYPES.has(logType))
3133
- logType = "stderr";
3134
- let alloc = await getRunningAlloc(appId);
3135
- // If no running alloc, try the most recent alloc (for post-mortem logs).
3136
- if (!alloc) {
3137
- const jid = jobId(appId);
3138
- try {
3139
- const resp = await nomadGet(`/v1/job/${jid}/allocations`);
3140
- if (resp.ok) {
3141
- const allocs = await resp.json();
3142
- if (allocs.length) {
3143
- alloc = allocs.sort((a, b) => (b.CreateIndex ?? 0) - (a.CreateIndex ?? 0))[0];
3144
- }
3145
- }
3146
- }
3147
- catch { /* ignore */ }
3148
- }
3149
- if (!alloc)
3150
- return [];
3151
- const resolvedTask = taskName || (Object.keys(alloc.TaskStates ?? {})[0] ?? "");
3152
- if (!resolvedTask)
3153
- return [];
3154
- // Primary: Nomad log API (works for both docker and raw_exec).
3155
- try {
3156
- const params = new URLSearchParams({
3157
- task: resolvedTask,
3158
- type: logType,
3159
- plain: "true",
3160
- origin: "end",
3161
- offset: String(Math.max(lines * 512, 100_000)),
3162
- follow: "false",
3163
- });
3164
- const resp = await nomadGet(`/v1/client/fs/logs/${alloc.ID}?${params}`);
3165
- if (resp.ok) {
3166
- const text = await resp.text();
3167
- const trimmed = text.trim();
3168
- if (trimmed)
3169
- return trimmed.split("\n").slice(-lines);
3170
- }
3171
- }
3172
- catch { /* ignore */ }
3173
- if (!/^[a-f0-9-]+$/i.test(alloc.ID))
3174
- return [];
3175
- const dockerLogLines = await readDockerStreamLogs(`${resolvedTask}-${alloc.ID}`, lines, logType);
3176
- if (dockerLogLines.length > 0)
3177
- return dockerLogLines;
3178
- return [];
3179
- }
3180
- UnifiedNomadJobs.getAppLogs = getAppLogs;
3181
- // ── Nomad WebSocket exec ─────────────────────────────────────────────────
3182
- /**
3183
- * Execute a command inside a running task via Nomad's WebSocket exec API.
3184
- * Works for both `docker` and `raw_exec` tasks — Nomad proxies the exec
3185
- * through the allocation without requiring direct Docker socket access.
3186
- *
3187
- * Protocol (https://developer.hashicorp.com/nomad/api-docs/client#stream-file):
3188
- * - Upgrade: GET /v1/client/allocation/{id}/exec → 101 Switching Protocols
3189
- * - Send stdin frames: {"stdin":{"data":"<base64>"}}
3190
- * - Close stdin: {"stdin":{"close":true}}
3191
- * - Recv stdout frames: {"stdout":{"data":"<base64>"}}
3192
- * - Recv stderr frames: {"stderr":{"data":"<base64>"}}
3193
- * - Recv exit frame: {"exited":true,"result":{"exit_code":0}}
3194
- *
3195
- * Authentication: Nomad token is passed as a query parameter because the
3196
- * native WebSocket API (Node.js ≥21) does not support custom headers.
3197
- *
3198
- * @param allocId Nomad allocation UUID.
3199
- * @param taskName Task name within the allocation.
3200
- * @param command Command + args array.
3201
- * @param stdin Optional stdin data to pipe in.
3202
- * @param timeoutMs Execution timeout in ms (default 120 s).
3203
- */
3204
- async function nomadWsExec(allocId, taskName, command, stdin, timeoutMs = 120_000) {
3205
- return nomadWsExecStream(allocId, taskName, command, stdin, {}, timeoutMs);
3206
- }
3207
- function emitStreamChunk(handler, decoder, data) {
3208
- const chunk = typeof data === "string" ? data : decoder.write(data);
3209
- if (chunk)
3210
- handler?.(chunk);
3211
- return chunk;
3212
- }
3213
- function flushStreamChunk(handler, decoder) {
3214
- const chunk = decoder.end();
3215
- if (chunk)
3216
- handler?.(chunk);
3217
- return chunk;
3218
- }
3219
- async function streamSpawnedExec(file, args, handlers, timeoutMs, options) {
3220
- return new Promise((resolve) => {
3221
- const stdoutDecoder = new StringDecoder("utf8");
3222
- const stderrDecoder = new StringDecoder("utf8");
3223
- let stdoutBuf = "";
3224
- let stderrBuf = "";
3225
- let settled = false;
3226
- const settle = (exitCode) => {
3227
- if (settled)
3228
- return;
3229
- settled = true;
3230
- stdoutBuf += flushStreamChunk(handlers.onStdout, stdoutDecoder);
3231
- stderrBuf += flushStreamChunk(handlers.onStderr, stderrDecoder);
3232
- resolve({ stdout: stdoutBuf, stderr: stderrBuf, exitCode });
3233
- };
3234
- const child = spawn(file, args, {
3235
- ...options,
3236
- stdio: ["ignore", "pipe", "pipe"],
3237
- timeout: timeoutMs,
3238
- });
3239
- child.stdout?.on("data", (data) => {
3240
- stdoutBuf += emitStreamChunk(handlers.onStdout, stdoutDecoder, data);
3241
- });
3242
- child.stderr?.on("data", (data) => {
3243
- stderrBuf += emitStreamChunk(handlers.onStderr, stderrDecoder, data);
3244
- });
3245
- child.on("error", (error) => {
3246
- const message = error.message || String(error);
3247
- stderrBuf += message;
3248
- handlers.onStderr?.(message);
3249
- settle(error.code === "ENOENT" ? 127 : 1);
3250
- });
3251
- child.on("close", (code) => {
3252
- settle(code ?? 1);
3253
- });
3254
- });
3255
- }
3256
- async function nomadWsExecStream(allocId, taskName, command, stdin, handlers, timeoutMs = 120_000) {
3257
- const nomadAddr = getNomadAddr();
3258
- // Convert http(s) → ws(s) for the WebSocket URL.
3259
- const wsBase = nomadAddr.replace(/^http/, "ws");
3260
- const params = new URLSearchParams({
3261
- task: taskName,
3262
- command: JSON.stringify(command),
3263
- tty: "false",
3264
- });
3265
- // Native WebSocket does not support custom request headers;
3266
- // Nomad also accepts the token as a query parameter.
3267
- const token = getNomadToken();
3268
- if (token)
3269
- params.set("token", token);
3270
- const url = `${wsBase}/v1/client/allocation/${allocId}/exec?${params}`;
3271
- return new Promise((resolve, reject) => {
3272
- // Node.js ≥21 ships a global WebSocket; engines field requires ≥22.
3273
- const ws = new WebSocket(url);
3274
- let stdoutBuf = "";
3275
- let stderrBuf = "";
3276
- let exitCode = 1;
3277
- let settled = false;
3278
- const settle = (result) => {
3279
- if (settled)
3280
- return;
3281
- settled = true;
3282
- clearTimeout(timer);
3283
- ws.close();
3284
- resolve(result);
3285
- };
3286
- const timer = setTimeout(() => {
3287
- if (settled)
3288
- return;
3289
- settled = true;
3290
- ws.close();
3291
- reject(new Error(`nomad exec timed out after ${timeoutMs}ms`));
3292
- }, timeoutMs);
3293
- ws.onopen = () => {
3294
- if (stdin) {
3295
- ws.send(JSON.stringify({
3296
- stdin: { data: Buffer.from(stdin, "utf-8").toString("base64") },
3297
- }));
3298
- }
3299
- // Always close stdin so the remote process sees EOF.
3300
- ws.send(JSON.stringify({ stdin: { close: true } }));
3301
- };
3302
- ws.onmessage = (event) => {
3303
- try {
3304
- const msg = JSON.parse(event.data);
3305
- if (msg.stdout?.data) {
3306
- const chunk = Buffer.from(msg.stdout.data, "base64").toString("utf-8");
3307
- stdoutBuf += chunk;
3308
- if (chunk)
3309
- handlers.onStdout?.(chunk);
3310
- }
3311
- if (msg.stderr?.data) {
3312
- const chunk = Buffer.from(msg.stderr.data, "base64").toString("utf-8");
3313
- stderrBuf += chunk;
3314
- if (chunk)
3315
- handlers.onStderr?.(chunk);
3316
- }
3317
- if (msg.exited === true) {
3318
- exitCode = msg.result?.exit_code ?? 1;
3319
- settle({ stdout: stdoutBuf, stderr: stderrBuf, exitCode });
3320
- }
3321
- }
3322
- catch { /* ignore malformed frames */ }
3323
- };
3324
- ws.onerror = (event) => {
3325
- if (settled)
3326
- return;
3327
- settled = true;
3328
- clearTimeout(timer);
3329
- // ErrorEvent has a .message; plain Event does not.
3330
- const msg = event.message ?? "WebSocket error";
3331
- reject(new Error(`[nomad-ws-exec] ${msg}`));
3332
- };
3333
- ws.onclose = () => {
3334
- // Connection dropped before we received the exited frame.
3335
- // Resolve with whatever we collected so the caller sees partial output.
3336
- settle({ stdout: stdoutBuf, stderr: stderrBuf, exitCode });
3337
- };
3338
- });
3339
- }
3340
- /**
3341
- * Execute a command inside a running app task.
3342
- *
3343
- * Strategy:
3344
- * 1. Try `docker exec` (fast path for docker-driver tasks, no Nomad dependency).
3345
- * 2. If the container is not found, fall back to the Nomad WebSocket exec API
3346
- * which works for both `docker` and `raw_exec` tasks.
3347
- *
3348
- * @param appId App instance ID.
3349
- * @param taskName Task name from AppSpec.
3350
- * @param command Command + args array.
3351
- * @param timeoutMs Execution timeout in ms (default 120 s).
3352
- */
3353
- async function execInApp(appId, taskName = "", command, timeoutMs = 120_000) {
3354
- const alloc = await getRunningAlloc(appId);
3355
- if (!alloc || alloc.ClientStatus !== "running") {
3356
- throw new Error("App is not running");
3357
- }
3358
- const allocId = alloc.ID;
3359
- if (!/^[a-f0-9-]+$/i.test(allocId))
3360
- throw new Error("invalid allocId");
3361
- const resolvedTask = taskName || (Object.keys(alloc.TaskStates ?? {})[0] ?? "");
3362
- if (!resolvedTask)
3363
- throw new Error("No task found in alloc");
3364
- const taskState = alloc.TaskStates?.[resolvedTask];
3365
- if (!taskState)
3366
- throw new Error(`Task "${resolvedTask}" not found in alloc`);
3367
- // For process (raw_exec) apps, execute directly on the host — no container
3368
- // or Nomad WebSocket overhead needed since the binary runs natively.
3369
- const { getApp } = await import("./app/app-manager.js");
3370
- const appData = getApp(appId);
3371
- const matchedTask = appData?.spec.tasks.find((t) => t.name === resolvedTask);
3372
- if (matchedTask?.runtime === "process") {
3373
- const execFileAsync = promisify(execFileCb);
3374
- try {
3375
- const { stdout, stderr } = await execFileAsync(command[0], command.slice(1), {
3376
- timeout: timeoutMs,
3377
- env: { ...process.env, ...matchedTask.env },
3378
- });
3379
- return { stdout, stderr, exitCode: 0 };
3380
- }
3381
- catch (e) {
3382
- return {
3383
- stdout: e.stdout ?? "",
3384
- stderr: e.stderr ?? e.message,
3385
- exitCode: e.code ?? 1,
3386
- };
3387
- }
3388
- }
3389
- // Fast path: docker exec (avoids WebSocket overhead for container tasks).
3390
- const execFileAsync = promisify(execFileCb);
3391
- const containerName = `${resolvedTask}-${allocId}`;
3392
- try {
3393
- const { stdout, stderr } = await execFileAsync("docker", ["exec", containerName, ...command], { timeout: timeoutMs });
3394
- return { stdout, stderr, exitCode: 0 };
3395
- }
3396
- catch (e) {
3397
- const notFound = e?.stderr?.includes("No such container") ||
3398
- e?.message?.includes("No such container") ||
3399
- e?.code === 125; // docker CLI: container not found exit code
3400
- if (!notFound) {
3401
- // docker exec was found but the command itself failed — real error.
3402
- return {
3403
- stdout: e.stdout ?? "",
3404
- stderr: e.stderr ?? e.message,
3405
- exitCode: e.code ?? 1,
3406
- };
3407
- }
3408
- // Container not found → likely raw_exec; fall through to Nomad WS exec.
3409
- console.log(`[nomad] execInApp: container "${containerName}" not found, ` +
3410
- `falling back to Nomad WebSocket exec for task "${resolvedTask}"`);
3411
- }
3412
- // Nomad WebSocket exec — works for raw_exec and docker without docker socket.
3413
- return nomadWsExec(allocId, resolvedTask, command, undefined, timeoutMs);
3414
- }
3415
- UnifiedNomadJobs.execInApp = execInApp;
3416
- async function streamExecInApp(appId, taskName = "", command, handlers = {}, timeoutMs = 120_000) {
3417
- const alloc = await getRunningAlloc(appId);
3418
- if (!alloc || alloc.ClientStatus !== "running") {
3419
- throw new Error("App is not running");
3420
- }
3421
- const allocId = alloc.ID;
3422
- if (!/^[a-f0-9-]+$/i.test(allocId))
3423
- throw new Error("invalid allocId");
3424
- const resolvedTask = taskName || (Object.keys(alloc.TaskStates ?? {})[0] ?? "");
3425
- if (!resolvedTask)
3426
- throw new Error("No task found in alloc");
3427
- const taskState = alloc.TaskStates?.[resolvedTask];
3428
- if (!taskState)
3429
- throw new Error(`Task "${resolvedTask}" not found in alloc`);
3430
- const { getApp } = await import("./app/app-manager.js");
3431
- const appData = getApp(appId);
3432
- const matchedTask = appData?.spec.tasks.find((task) => task.name === resolvedTask);
3433
- if (matchedTask?.runtime === "process") {
3434
- return streamSpawnedExec(command[0], command.slice(1), handlers, timeoutMs, { env: { ...process.env, ...matchedTask.env } });
3435
- }
3436
- const containerName = `${resolvedTask}-${allocId}`;
3437
- const dockerResult = await streamSpawnedExec("docker", ["exec", containerName, ...command], handlers, timeoutMs);
3438
- const notFound = dockerResult.stderr.includes("No such container") ||
3439
- dockerResult.exitCode === 125;
3440
- if (!notFound) {
3441
- return dockerResult;
3442
- }
3443
- console.log(`[nomad] streamExecInApp: container "${containerName}" not found, ` +
3444
- `falling back to Nomad WebSocket exec for task "${resolvedTask}"`);
3445
- return nomadWsExecStream(allocId, resolvedTask, command, undefined, handlers, timeoutMs);
3446
- }
3447
- UnifiedNomadJobs.streamExecInApp = streamExecInApp;
3448
- async function listInstanceIds() {
3449
- try {
3450
- const resp = await nomadGet("/v1/jobs");
3451
- if (!resp.ok)
3452
- return [];
3453
- const jobs = await resp.json();
3454
- return [...new Set(jobs.map((job) => readInstanceMeta(job.ID)?.id || job.ID))];
3455
- }
3456
- catch {
3457
- return [];
3458
- }
3459
- }
3460
- UnifiedNomadJobs.listInstanceIds = listInstanceIds;
3461
- function readInstanceMeta(nomadJobId) {
3462
- const directMetaPath = instanceMetaPath(nomadJobId);
3463
- try {
3464
- if (existsSync(directMetaPath))
3465
- return JSON.parse(readFileSync(directMetaPath, "utf-8"));
3466
- }
3467
- catch { }
3468
- if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
3469
- const id = nomadJobId.slice(OPENCLAW_PREFIX.length);
3470
- const metaPath = instanceMetaPath(id);
3471
- try {
3472
- if (existsSync(metaPath))
3473
- return JSON.parse(readFileSync(metaPath, "utf-8"));
3474
- }
3475
- catch { }
3476
- return null;
3477
- }
3478
- if (isAppJob(nomadJobId)) {
3479
- const appDir = resolveAppDir(nomadJobId);
3480
- if (!appDir)
3481
- return null;
3482
- const manifestPath = join(appDir, "manifest.json");
3483
- const yamlPath = join(appDir, "app-spec.yaml");
3484
- try {
3485
- const manifest = existsSync(manifestPath)
3486
- ? JSON.parse(readFileSync(manifestPath, "utf-8"))
3487
- : {};
3488
- if (existsSync(yamlPath)) {
3489
- const m = readFileSync(yamlPath, "utf-8").match(/^name:\s*(.+)$/m);
3490
- if (m)
3491
- return { ...manifest, name: m[1].trim().replace(/^['"]|['"]$/g, "") };
3492
- }
3493
- return Object.keys(manifest).length > 0 ? manifest : null;
3494
- }
3495
- catch {
3496
- return null;
3497
- }
3498
- }
3499
- return null;
3500
- }
3501
- UnifiedNomadJobs.readInstanceMeta = readInstanceMeta;
3502
- async function resolveInstanceId(id) {
3503
- const ids = await listInstanceIds();
3504
- if (ids.length === 0)
3505
- throw new Error("No instances found.");
3506
- if (id) {
3507
- if (existsSync(instanceMetaPath(id))) {
3508
- return id;
3509
- }
3510
- if (!ids.includes(id)) {
3511
- throw new Error(`Instance "${id}" not found. Available: ${ids.join(", ")}`);
3512
- }
3513
- return id;
3514
- }
3515
- if (ids.length === 1)
3516
- return ids[0];
3517
- throw new Error(`Multiple instances exist. Specify an ID. Available: ${ids.join(", ")}`);
3518
- }
3519
- UnifiedNomadJobs.resolveInstanceId = resolveInstanceId;
3520
- async function resolveInstanceForPairing(instanceId) {
3521
- const ids = await listInstanceIds();
3522
- if (ids.length === 0)
3523
- throw new Error("No instances found.");
3524
- if (instanceId) {
3525
- if (existsSync(instanceMetaPath(instanceId)))
3526
- return instanceId;
3527
- if (!ids.includes(instanceId))
3528
- throw new Error(`Instance "${instanceId}" not found.`);
3529
- return instanceId;
3530
- }
3531
- if (ids.length === 1)
3532
- return ids[0];
3533
- const runningIds = [];
3534
- for (const id of ids) {
3535
- try {
3536
- const st = await getInstanceStatus(id);
3537
- if (st.status === "running")
3538
- runningIds.push(id);
3539
- }
3540
- catch { }
3541
- }
3542
- if (runningIds.length === 1)
3543
- return runningIds[0];
3544
- if (runningIds.length === 0)
3545
- throw new Error("No running instances found. Start an instance first.");
3546
- throw new Error(`Multiple running instances: ${runningIds.join(", ")}. Use --instance <id>.`);
3547
- }
3548
- UnifiedNomadJobs.resolveInstanceForPairing = resolveInstanceForPairing;
3549
- function ensureNomadToken() {
3550
- if (process.env.NOMAD_TOKEN)
3551
- return;
3552
- const candidates = [
3553
- join(homedir(), ".jishushell", "nomad.env"),
3554
- "/etc/jishushell/nomad.env",
3555
- ];
3556
- for (const f of candidates) {
3557
- if (!existsSync(f))
3558
- continue;
3559
- try {
3560
- const match = readFileSync(f, "utf-8").match(/^NOMAD_TOKEN=(.+)$/m);
3561
- if (match) {
3562
- process.env.NOMAD_TOKEN = match[1].trim();
3563
- return;
3564
- }
3565
- }
3566
- catch { }
3567
- }
3568
- const legacy = getCoreConfig().nomad_token;
3569
- if (legacy)
3570
- process.env.NOMAD_TOKEN = legacy;
3571
- }
3572
- UnifiedNomadJobs.ensureNomadToken = ensureNomadToken;
3573
- async function getGenericJobStatus(jobId) {
3574
- const stopped = { status: "stopped", pid: null, uptime: null, memory_mb: null, cpu_percent: null };
3575
- try {
3576
- const resp = await nomadGet(`/v1/job/${jobId}`);
3577
- if (!resp.ok)
3578
- return stopped;
3579
- const job = await resp.json();
3580
- if (job.Stop)
3581
- return stopped;
3582
- const allocResp = await nomadGet(`/v1/job/${jobId}/allocations`);
3583
- if (!allocResp.ok)
3584
- return { ...stopped, status: "unknown" };
3585
- const allocs = await allocResp.json();
3586
- if (!allocs.length)
3587
- return { ...stopped, status: "pending" };
3588
- const sorted = [...allocs].sort((a, b) => (b.CreateIndex ?? 0) - (a.CreateIndex ?? 0));
3589
- const running = sorted.find(a => a.ClientStatus === "running") ?? sorted[0];
3590
- return { ...stopped, status: running.ClientStatus ?? "unknown" };
3591
- }
3592
- catch {
3593
- return { ...stopped, status: "unknown" };
3594
- }
3595
- }
3596
- async function getInstanceStatus(nomadJobId) {
3597
- if (await getInstanceBackedInstalledApp(nomadJobId)) {
3598
- const st = await getAppStatus(nomadJobId);
3599
- return {
3600
- status: st.status,
3601
- pid: st.pid,
3602
- uptime: st.uptime,
3603
- memory_mb: st.memory_mb,
3604
- cpu_percent: st.cpu_percent,
3605
- };
3606
- }
3607
- if (isAppJob(nomadJobId)) {
3608
- const st = await getAppStatus(nomadJobId);
3609
- return {
3610
- status: st.status,
3611
- pid: st.pid,
3612
- uptime: st.uptime,
3613
- memory_mb: st.memory_mb,
3614
- cpu_percent: st.cpu_percent,
3615
- };
3616
- }
3617
- const identity = resolveRuntimeIdentity(nomadJobId);
3618
- if (identity?.driver === "app-job" || identity?.driver === "local-model") {
3619
- const st = await getAppStatus(nomadJobId);
3620
- return {
3621
- status: st.status,
3622
- pid: st.pid,
3623
- uptime: st.uptime,
3624
- memory_mb: st.memory_mb,
3625
- cpu_percent: st.cpu_percent,
3626
- };
3627
- }
3628
- if (identity?.driver === "runtime-adapter") {
3629
- return instanceScheduler.getStatus(nomadJobId);
3630
- }
3631
- if (existsSync(instanceMetaPath(nomadJobId))) {
3632
- return instanceScheduler.getStatus(nomadJobId);
3633
- }
3634
- if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
3635
- return instanceScheduler.getStatus(nomadJobId.slice(OPENCLAW_PREFIX.length));
3636
- }
3637
- return getGenericJobStatus(nomadJobId);
3638
- }
3639
- UnifiedNomadJobs.getInstanceStatus = getInstanceStatus;
3640
- async function startInstance(nomadJobId) {
3641
- const instanceBackedApp = await getInstanceBackedInstalledApp(nomadJobId);
3642
- if (instanceBackedApp) {
3643
- // PR 3 sub-step 3d: switch to resolveConnections in runtime mode so
3644
- // missing required producers / ambiguous prefix candidates throw with
3645
- // structured codes (412 / 409 / 400). Read the live instance.json so
3646
- // UI bindings persisted via PUT /connections (PR 4) drive the
3647
- // resolution; fall back to a stub `{ connections: {} }` when the
3648
- // instance file isn't readable yet.
3649
- let extraEnv = {};
3650
- try {
3651
- const { refreshCapabilityRegistry } = await import("./app/app-manager.js");
3652
- await refreshCapabilityRegistry();
3653
- const { resolveConnections, resolvedToLegacyEnv } = await import("./connection-resolver.js");
3654
- const legacyInstanceManager = await import("./instance-manager.js");
3655
- const meta = legacyInstanceManager.getInstance(nomadJobId);
3656
- const instance = { connections: meta?.connections ?? {} };
3657
- // Validate in runtime mode so missing required / ambiguous still throws
3658
- // with structured error codes (412 / 409 / 400) before we touch Nomad.
3659
- const { resolved } = resolveConnections(instanceBackedApp.spec, instance, "runtime");
3660
- // Render the full RUNTIME_HOOKS env (covers llm/search/browser/mcp)
3661
- // rather than just the default-category subset, so apply: openai-env
3662
- // consumers (e.g. OpenWebUI) self-heal across provider port changes.
3663
- const { renderRuntimeConnectionsEnv } = await import("./connection-apply.js");
3664
- const runtimeEnv = await renderRuntimeConnectionsEnv(instanceBackedApp.spec, { id: nomadJobId, connections: instance.connections });
3665
- extraEnv = { ...resolvedToLegacyEnv(resolved), ...runtimeEnv };
3666
- }
3667
- catch (e) {
3668
- return {
3669
- ok: false,
3670
- error: e.message,
3671
- ...(e.code ? { code: e.code } : {}),
3672
- ...(typeof e.statusCode === "number" ? { statusCode: e.statusCode } : {}),
3673
- };
3674
- }
3675
- const depCheck = await checkDependencies(instanceBackedApp.spec);
3676
- if (!depCheck.ok) {
3677
- return { ok: false, error: depCheck.errors.join("; ") };
3678
- }
3679
- const result = await startAppJob(instanceBackedApp.spec, nomadJobId, extraEnv);
3680
- if (!result.ok)
3681
- return result;
3682
- const { runPostStartSteps, syncCapabilitiesForApp, waitForAppRuntimeRunning } = await import("./app/app-manager.js");
3683
- const running = instanceBackedApp.spec.provides?.length || instanceBackedApp.spec.lifecycle?.post_start?.length
3684
- ? await waitForAppRuntimeRunning(nomadJobId, instanceBackedApp.spec.lifecycle?.post_start?.length ? 120_000 : 30_000)
3685
- : false;
3686
- if (running && instanceBackedApp.spec.lifecycle?.post_start?.length) {
3687
- await runPostStartSteps(instanceBackedApp.spec);
3688
- }
3689
- await syncCapabilitiesForApp(nomadJobId);
3690
- return result;
3691
- }
3692
- if (await getAdapterManagedAppDirInstalledApp(nomadJobId)) {
3693
- const result = await instanceScheduler.startInstance(nomadJobId);
3694
- if (result.ok)
3695
- await syncCapabilitiesForInstance(nomadJobId);
3696
- return result;
3697
- }
3698
- const identity = resolveRuntimeIdentity(nomadJobId);
3699
- if (identity?.driver === "app-job" || identity?.driver === "local-model") {
3700
- const { startApp } = await import("./app/app-manager.js");
3701
- return startApp(nomadJobId);
3702
- }
3703
- if (identity?.driver === "runtime-adapter") {
3704
- const result = await instanceScheduler.startInstance(nomadJobId);
3705
- if (result.ok)
3706
- await syncCapabilitiesForInstance(nomadJobId);
3707
- return result;
3708
- }
3709
- if (isAppJob(nomadJobId)) {
3710
- return { ok: false, error: `App '${nomadJobId}' 必须通过 app-manager 启动` };
3711
- }
3712
- if (existsSync(instanceMetaPath(nomadJobId))) {
3713
- const result = await instanceScheduler.startInstance(nomadJobId);
3714
- if (result.ok)
3715
- await syncCapabilitiesForInstance(nomadJobId);
3716
- return result;
3717
- }
3718
- if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
3719
- const inner = nomadJobId.slice(OPENCLAW_PREFIX.length);
3720
- const result = await instanceScheduler.startInstance(inner);
3721
- if (result.ok)
3722
- await syncCapabilitiesForInstance(inner);
3723
- return result;
3724
- }
3725
- if (!isAppJob(nomadJobId)) {
3726
- return { ok: false, error: `Cannot start unmanaged job "${nomadJobId}"` };
3727
- }
3728
- return { ok: false, error: `Cannot start unmanaged job "${nomadJobId}"` };
3729
- }
3730
- UnifiedNomadJobs.startInstance = startInstance;
3731
- async function stopInstance(nomadJobId, purge = false) {
3732
- if (await getInstanceBackedInstalledApp(nomadJobId)) {
3733
- const result = await stopAppJob(nomadJobId, purge);
3734
- if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
3735
- await syncCapabilitiesForInstance(nomadJobId);
3736
- }
3737
- return result;
3738
- }
3739
- if (await getAdapterManagedAppDirInstalledApp(nomadJobId)) {
3740
- const result = await instanceScheduler.stopInstance(nomadJobId, purge);
3741
- if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
3742
- await syncCapabilitiesForInstance(nomadJobId);
3743
- }
3744
- return result;
3745
- }
3746
- const identity = resolveRuntimeIdentity(nomadJobId);
3747
- if (identity?.driver === "app-job" || identity?.driver === "local-model") {
3748
- const { stopApp } = await import("./app/app-manager.js");
3749
- return stopApp(nomadJobId, purge);
3750
- }
3751
- if (identity?.driver === "runtime-adapter") {
3752
- const result = await instanceScheduler.stopInstance(nomadJobId, purge);
3753
- if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
3754
- await syncCapabilitiesForInstance(nomadJobId);
3755
- }
3756
- return result;
3757
- }
3758
- if (isAppJob(nomadJobId)) {
3759
- return { ok: false, error: `App '${nomadJobId}' 必须通过 app-manager 停止` };
3760
- }
3761
- if (existsSync(instanceMetaPath(nomadJobId))) {
3762
- const result = await instanceScheduler.stopInstance(nomadJobId, purge);
3763
- if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
3764
- await syncCapabilitiesForInstance(nomadJobId);
3765
- }
3766
- return result;
3767
- }
3768
- if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
3769
- const inner = nomadJobId.slice(OPENCLAW_PREFIX.length);
3770
- const result = await instanceScheduler.stopInstance(inner, purge);
3771
- if (result.ok || result.error?.includes("not running") || result.error?.includes("not found")) {
3772
- await syncCapabilitiesForInstance(inner);
3773
- }
3774
- return result;
3775
- }
3776
- try {
3777
- const resp = await nomadDelete(`/v1/job/${nomadJobId}?purge=${purge}`);
3778
- return resp.ok ? { ok: true } : { ok: false, error: `HTTP ${resp.status}` };
3779
- }
3780
- catch (e) {
3781
- return { ok: false, error: e.message };
3782
- }
3783
- }
3784
- UnifiedNomadJobs.stopInstance = stopInstance;
3785
- async function restartInstance(nomadJobId) {
3786
- if (await getInstanceBackedInstalledApp(nomadJobId)) {
3787
- const stopResult = await stopInstance(nomadJobId);
3788
- if (!stopResult.ok && !stopResult.error?.includes("not running") && !stopResult.error?.includes("not found")) {
3789
- return stopResult;
3790
- }
3791
- return startInstance(nomadJobId);
3792
- }
3793
- if (await getAdapterManagedAppDirInstalledApp(nomadJobId)) {
3794
- const result = await instanceScheduler.restartInstance(nomadJobId);
3795
- if (result.ok)
3796
- await syncCapabilitiesForInstance(nomadJobId);
3797
- return result;
3798
- }
3799
- const identity = resolveRuntimeIdentity(nomadJobId);
3800
- if (identity?.driver === "app-job" || identity?.driver === "local-model") {
3801
- const { restartApp } = await import("./app/app-manager.js");
3802
- return restartApp(nomadJobId);
3803
- }
3804
- if (identity?.driver === "runtime-adapter") {
3805
- const result = await instanceScheduler.restartInstance(nomadJobId);
3806
- if (result.ok)
3807
- await syncCapabilitiesForInstance(nomadJobId);
3808
- return result;
3809
- }
3810
- if (isAppJob(nomadJobId)) {
3811
- return { ok: false, error: `App '${nomadJobId}' 必须通过 app-manager 重启` };
3812
- }
3813
- if (existsSync(instanceMetaPath(nomadJobId))) {
3814
- const result = await instanceScheduler.restartInstance(nomadJobId);
3815
- if (result.ok)
3816
- await syncCapabilitiesForInstance(nomadJobId);
3817
- return result;
3818
- }
3819
- if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
3820
- const inner = nomadJobId.slice(OPENCLAW_PREFIX.length);
3821
- const result = await instanceScheduler.restartInstance(inner);
3822
- if (result.ok)
3823
- await syncCapabilitiesForInstance(inner);
3824
- return result;
3825
- }
3826
- if (!isAppJob(nomadJobId)) {
3827
- return { ok: false, error: `Cannot restart unmanaged job "${nomadJobId}"` };
3828
- }
3829
- return { ok: false, error: `Cannot restart unmanaged job "${nomadJobId}"` };
3830
- }
3831
- UnifiedNomadJobs.restartInstance = restartInstance;
3832
- async function getInstanceLogs(nomadJobId, lines = 200, logType = "stderr") {
3833
- if (await getInstanceBackedInstalledApp(nomadJobId)) {
3834
- return getAppLogs(nomadJobId, "", lines, logType);
3835
- }
3836
- if (isAppJob(nomadJobId))
3837
- return getAppLogs(nomadJobId, "", lines, logType);
3838
- const identity = resolveRuntimeIdentity(nomadJobId);
3839
- if (identity?.driver === "app-job" || identity?.driver === "local-model") {
3840
- return getAppLogs(nomadJobId, "", lines, logType);
3841
- }
3842
- if (identity?.driver === "runtime-adapter") {
3843
- return instanceScheduler.getLogs(nomadJobId, lines, logType);
3844
- }
3845
- if (existsSync(instanceMetaPath(nomadJobId))) {
3846
- return instanceScheduler.getLogs(nomadJobId, lines, logType);
3847
- }
3848
- if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
3849
- return instanceScheduler.getLogs(nomadJobId.slice(OPENCLAW_PREFIX.length), lines, logType);
3850
- }
3851
- if (!isAppJob(nomadJobId))
3852
- return [];
3853
- return [];
3854
- }
3855
- UnifiedNomadJobs.getInstanceLogs = getInstanceLogs;
3856
- async function execInInstance(nomadJobId, command, timeoutMs) {
3857
- if (await getInstanceBackedInstalledApp(nomadJobId)) {
3858
- return execInApp(nomadJobId, "", command, timeoutMs ?? 120_000);
3859
- }
3860
- if (isAppJob(nomadJobId)) {
3861
- return execInApp(nomadJobId, "", command, timeoutMs ?? 120_000);
3862
- }
3863
- const identity = resolveRuntimeIdentity(nomadJobId);
3864
- if (identity?.driver === "app-job" || identity?.driver === "local-model") {
3865
- return execInApp(nomadJobId, "", command, timeoutMs ?? 120_000);
3866
- }
3867
- if (identity?.driver === "runtime-adapter") {
3868
- return instanceScheduler.exec(nomadJobId, command, timeoutMs);
3869
- }
3870
- if (existsSync(instanceMetaPath(nomadJobId))) {
3871
- return instanceScheduler.exec(nomadJobId, command, timeoutMs);
3872
- }
3873
- if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
3874
- return instanceScheduler.exec(nomadJobId.slice(OPENCLAW_PREFIX.length), command, timeoutMs);
3875
- }
3876
- if (!isAppJob(nomadJobId)) {
3877
- return { stdout: "", stderr: `Cannot exec into unmanaged job "${nomadJobId}"`, exitCode: 1 };
3878
- }
3879
- return { stdout: "", stderr: `Cannot exec into unmanaged job "${nomadJobId}"`, exitCode: 1 };
3880
- }
3881
- UnifiedNomadJobs.execInInstance = execInInstance;
3882
- async function streamExecInInstance(nomadJobId, command, handlers = {}, timeoutMs, taskName = "") {
3883
- if (await getInstanceBackedInstalledApp(nomadJobId)) {
3884
- return streamExecInApp(nomadJobId, taskName, command, handlers, timeoutMs ?? 120_000);
3885
- }
3886
- if (isAppJob(nomadJobId)) {
3887
- return streamExecInApp(nomadJobId, taskName, command, handlers, timeoutMs ?? 120_000);
3888
- }
3889
- const identity = resolveRuntimeIdentity(nomadJobId);
3890
- if (identity?.driver === "app-job" || identity?.driver === "local-model") {
3891
- return streamExecInApp(nomadJobId, taskName, command, handlers, timeoutMs ?? 120_000);
3892
- }
3893
- if (identity?.driver === "runtime-adapter") {
3894
- const result = await instanceScheduler.exec(nomadJobId, command, timeoutMs);
3895
- if (result.stdout)
3896
- handlers.onStdout?.(result.stdout);
3897
- if (result.stderr)
3898
- handlers.onStderr?.(result.stderr);
3899
- return result;
3900
- }
3901
- if (existsSync(instanceMetaPath(nomadJobId))) {
3902
- const result = await instanceScheduler.exec(nomadJobId, command, timeoutMs);
3903
- if (result.stdout)
3904
- handlers.onStdout?.(result.stdout);
3905
- if (result.stderr)
3906
- handlers.onStderr?.(result.stderr);
3907
- return result;
3908
- }
3909
- if (nomadJobId.startsWith(OPENCLAW_PREFIX)) {
3910
- const result = await instanceScheduler.exec(nomadJobId.slice(OPENCLAW_PREFIX.length), command, timeoutMs);
3911
- if (result.stdout)
3912
- handlers.onStdout?.(result.stdout);
3913
- if (result.stderr)
3914
- handlers.onStderr?.(result.stderr);
3915
- return result;
3916
- }
3917
- if (!isAppJob(nomadJobId)) {
3918
- const stderr = `Cannot exec into unmanaged job "${nomadJobId}"`;
3919
- handlers.onStderr?.(stderr);
3920
- return { stdout: "", stderr, exitCode: 1 };
3921
- }
3922
- const stderr = `Cannot exec into unmanaged job "${nomadJobId}"`;
3923
- handlers.onStderr?.(stderr);
3924
- return { stdout: "", stderr, exitCode: 1 };
3925
- }
3926
- UnifiedNomadJobs.streamExecInInstance = streamExecInInstance;
3927
- })(UnifiedNomadJobs || (UnifiedNomadJobs = {}));
3928
- export const isAppJob = UnifiedNomadJobs.isAppJob;
3929
- export const parseCpuMHz = UnifiedNomadJobs.parseCpuMHz;
3930
- export const parseMemoryMB = UnifiedNomadJobs.parseMemoryMB;
3931
- export const isBinaryRunning = UnifiedNomadJobs.isBinaryRunning;
3932
- export const getAppStatus = UnifiedNomadJobs.getAppStatus;
3933
- export const startAppJob = UnifiedNomadJobs.startAppJob;
3934
- export const waitForRunning = UnifiedNomadJobs.waitForRunning;
3935
- export const checkDependencies = UnifiedNomadJobs.checkDependencies;
3936
- export const validateNomadPortHostNetworks = UnifiedNomadJobs.validateNomadPortHostNetworks;
3937
- export const buildNomadReservedPort = UnifiedNomadJobs.buildNomadReservedPort;
3938
- export const stopAppJob = UnifiedNomadJobs.stopAppJob;
3939
- export const restartAppJob = UnifiedNomadJobs.restartAppJob;
3940
- export const getAppLogs = UnifiedNomadJobs.getAppLogs;
3941
- export const execInApp = UnifiedNomadJobs.execInApp;
3942
- export const streamExecInApp = UnifiedNomadJobs.streamExecInApp;
3943
- export const listInstanceIds = UnifiedNomadJobs.listInstanceIds;
3944
- export const readInstanceMeta = UnifiedNomadJobs.readInstanceMeta;
3945
- export const resolveInstanceId = UnifiedNomadJobs.resolveInstanceId;
3946
- export const resolveInstanceForPairing = UnifiedNomadJobs.resolveInstanceForPairing;
3947
- export const ensureNomadToken = UnifiedNomadJobs.ensureNomadToken;
3948
- export const getInstanceStatus = UnifiedNomadJobs.getInstanceStatus;
3949
- export const getInstanceLogs = UnifiedNomadJobs.getInstanceLogs;
3950
- export const execInInstance = UnifiedNomadJobs.execInInstance;
3951
- export const streamExecInInstance = UnifiedNomadJobs.streamExecInInstance;
3952
- export const shouldAutoStartNomadJob = UnifiedNomadJobs.shouldAutoStart;
3953
- export const startNomadJobInstance = UnifiedNomadJobs.startInstance;
3954
- export const stopNomadJobInstance = UnifiedNomadJobs.stopInstance;
3955
- export const restartNomadJobInstance = UnifiedNomadJobs.restartInstance;
3956
- // @internal — exposed for Phase 10.4 unit testing only.
3957
- export const __aggregateHealthStatusForTests = UnifiedNomadJobs.aggregateHealthStatus;
3958
- //# sourceMappingURL=nomad-manager.js.map