nexo-brain 2.6.21 → 3.0.0

package/src/public_contribution.py

@@ -120,52 +120,93 @@ def save_public_contribution_config(config: dict) -> dict:
 
 
 def _gh(*args: str, cwd: Path | None = None, timeout: int = 20) -> subprocess.CompletedProcess:
+    env = os.environ.copy()
+    token = (
+        str(env.get("GH_TOKEN") or env.get("GITHUB_TOKEN") or "").strip()
+        or _github_token_from_credentials()
+    )
+    if token:
+        env["GH_TOKEN"] = token
     return subprocess.run(
         ["gh", *args],
         cwd=str(cwd) if cwd else None,
         capture_output=True,
         text=True,
         timeout=timeout,
+        env=env,
     )
 
 
+def _github_token_from_credentials() -> str:
+    try:
+        from db import get_credential
+    except Exception:
+        return ""
+    for key in ("token", "gh_token", "github_token"):
+        try:
+            matches = get_credential("github", key)
+        except Exception:
+            continue
+        for item in matches or []:
+            value = str(item.get("value") or "").strip()
+            if value:
+                return value
+    return ""
+
+
 def github_auth_status() -> dict:
     if not shutil.which("gh"):
-        return {"ok": False, "message": "GitHub CLI not found.", "login": ""}
+        return {"ok": False, "message": "GitHub CLI not found.", "login": "", "code": "gh_missing"}
     try:
         result = _gh("api", "user", timeout=20)
     except Exception as e:
-        return {"ok": False, "message": str(e), "login": ""}
+        return {"ok": False, "message": str(e), "login": "", "code": "gh_error"}
     if result.returncode != 0:
-        return {"ok": False, "message": (result.stderr or result.stdout).strip(), "login": ""}
+        message = (result.stderr or result.stdout).strip()
+        lowered = message.lower()
+        code = "auth_missing"
+        if "keychain" in lowered:
+            code = "keychain_blocked"
+        elif "token" in lowered or "authentication" in lowered or "login" in lowered:
+            code = "auth_missing"
+        return {"ok": False, "message": message, "login": "", "code": code}
     try:
         payload = json.loads(result.stdout or "{}")
         login = str(payload.get("login") or "").strip()
     except Exception:
         login = ""
-    return {"ok": bool(login), "message": "", "login": login}
+    return {"ok": bool(login), "message": "", "login": login, "code": "ok" if login else "auth_missing"}
 
 
 def ensure_fork(login: str) -> dict:
     if not login:
-        return {"ok": False, "message": "Missing GitHub login.", "fork_repo": ""}
+        return {"ok": False, "message": "Missing GitHub login.", "fork_repo": "", "code": "missing_login"}
     fork_repo = f"{login}/nexo"
     if not shutil.which("gh"):
-        return {"ok": False, "message": "GitHub CLI not found.", "fork_repo": ""}
+        return {"ok": False, "message": "GitHub CLI not found.", "fork_repo": "", "code": "gh_missing"}
     try:
         check = _gh("repo", "view", fork_repo, "--json", "nameWithOwner", timeout=20)
         if check.returncode == 0:
-            return {"ok": True, "message": "", "fork_repo": fork_repo}
+            return {"ok": True, "message": "", "fork_repo": fork_repo, "code": "ok"}
         create = _gh("repo", "fork", UPSTREAM_REPO, "--clone=false", "--remote=false", timeout=60)
         if create.returncode == 0:
-            return {"ok": True, "message": "", "fork_repo": fork_repo}
+            return {"ok": True, "message": "", "fork_repo": fork_repo, "code": "ok"}
         return {
             "ok": False,
             "message": (create.stderr or create.stdout or check.stderr or check.stdout).strip(),
             "fork_repo": "",
+            "code": "fork_unavailable",
         }
     except Exception as e:
-        return {"ok": False, "message": str(e), "fork_repo": ""}
+        return {"ok": False, "message": str(e), "fork_repo": "", "code": "fork_error"}
+
+
+def _set_pending_auth(config: dict, message: str) -> dict:
+    config["status"] = STATUS_PENDING_AUTH
+    config["last_result"] = f"pending_auth:{message}"
+    save_public_contribution_config(config)
+    config["message"] = message
+    return config
 
 
 def _parse_iso(ts: str | None) -> datetime | None:
@@ -336,13 +377,45 @@ def refresh_public_contribution_state(config: dict | None = None) -> dict:
             config["status"] = STATUS_COOLDOWN
             save_public_contribution_config(config)
             return config
+        return _set_pending_auth(
+            config,
+            f"GitHub Draft PR status check failed: {(result.stderr or result.stdout).strip() or 'unknown gh error'}",
+        )
 
     cooldown_until = _parse_iso(config.get("cooldown_until"))
     if cooldown_until and cooldown_until > _utcnow():
         config["status"] = STATUS_COOLDOWN
-    elif config["mode"] == MODE_PENDING_AUTH:
+        save_public_contribution_config(config)
+        return config
+
+    auth = github_auth_status()
+    if not auth.get("ok"):
+        return _set_pending_auth(
+            config,
+            auth.get("message") or "GitHub authentication is missing for public contribution.",
+        )
+    login = str(auth.get("login") or "").strip()
+    configured_login = str(config.get("github_user") or "").strip()
+    if configured_login and login and configured_login.lower() != login.lower():
+        return _set_pending_auth(
+            config,
+            f"GitHub login drift detected: configured {configured_login}, current {login}. Reconfirm public contribution credentials.",
+        )
+    if login and not configured_login:
+        config["github_user"] = login
+
+    if not str(config.get("fork_repo") or "").strip():
+        fork = ensure_fork(login)
+        if not fork.get("ok"):
+            return _set_pending_auth(
+                config,
+                fork.get("message") or "GitHub fork setup is missing for public contribution.",
+            )
+        config["fork_repo"] = str(fork.get("fork_repo") or "").strip()
+
+    if config["mode"] == MODE_PENDING_AUTH:
         config["status"] = STATUS_PENDING_AUTH
-    elif config["mode"] == MODE_DRAFT_PRS:
+    else:
         config["status"] = STATUS_ACTIVE
     save_public_contribution_config(config)
     return config
@@ -351,7 +424,8 @@ def refresh_public_contribution_state(config: dict | None = None) -> dict:
 def can_run_public_contribution(config: dict | None = None) -> tuple[bool, str, dict]:
     config = refresh_public_contribution_state(config)
     if config["mode"] == MODE_PENDING_AUTH or config["status"] == STATUS_PENDING_AUTH:
-        return False, "github authentication or fork setup is pending", config
+        detail = str(config.get("message") or config.get("last_result") or "").strip()
+        return False, detail or "github authentication or fork setup is pending", config
     if config["mode"] != MODE_DRAFT_PRS or not config.get("enabled"):
         return False, "public contribution is disabled", config
     if config["status"] == STATUS_PAUSED_OPEN_PR:

package/src/script_registry.py

@@ -662,6 +662,105 @@ def _canonical_schedule_value(schedule_type: str, schedule_value: str | dict | l
     return str(schedule_value or "")
 
 
+def _extract_launchctl_value(output: str, prefixes: str | tuple[str, ...]) -> str | None:
+    if isinstance(prefixes, str):
+        prefixes = (prefixes,)
+    for raw_line in output.splitlines():
+        line = raw_line.strip()
+        for prefix in prefixes:
+            if line.startswith(prefix):
+                return line[len(prefix):].strip()
+    return None
+
+
+def _launchctl_service_state(label: str) -> dict:
+    state = {
+        "loaded": None,
+        "pid": "",
+        "state": "",
+        "last_exit_status": "",
+        "error": "",
+    }
+    if platform.system() != "Darwin":
+        return state
+
+    try:
+        result = subprocess.run(
+            ["launchctl", "print", f"gui/{os.getuid()}/{label}"],
+            capture_output=True,
+            text=True,
+            timeout=3,
+        )
+    except Exception as exc:
+        return {**state, "loaded": False, "error": str(exc)}
+
+    output = (result.stdout or "") + (result.stderr or "")
+    if result.returncode != 0 or "Could not find service" in output:
+        return {**state, "loaded": False, "error": output.strip() or "not loaded"}
+
+    return {
+        "loaded": True,
+        "pid": _extract_launchctl_value(output, ("pid = ", "PID = ")) or "",
+        "state": _extract_launchctl_value(output, "state = ") or "",
+        "last_exit_status": _extract_launchctl_value(
+            output,
+            ("last exit code = ", "last exit status = ", "LastExitStatus = "),
+        ) or "",
+        "error": "",
+    }
+
+
+def _keep_alive_runtime_snapshot(record: dict) -> dict:
+    if record.get("schedule_type") != "keep_alive":
+        return {
+            "runtime_state": "unknown",
+            "runtime_summary": "",
+            "runtime_problems": [],
+        }
+
+    label = record.get("launchd_label") or f"com.nexo.{record.get('cron_id', '')}"
+    service = _launchctl_service_state(str(label))
+    problems: list[str] = []
+
+    if service.get("loaded") is False:
+        problems.append("keep_alive service not loaded in launchd")
+        return {
+            "runtime_state": "stale",
+            "runtime_summary": "keep_alive service not loaded",
+            "runtime_problems": problems,
+        }
+
+    pid = str(service.get("pid", "") or "").strip()
+    service_state = str(service.get("state", "") or "").strip().lower()
+    last_exit = str(service.get("last_exit_status", "") or "").strip()
+    if pid:
+        return {
+            "runtime_state": "alive",
+            "runtime_summary": f"running with pid {pid}",
+            "runtime_problems": [],
+        }
+    if service_state in {"running", "spawned"}:
+        return {
+            "runtime_state": "alive",
+            "runtime_summary": f"launchd state {service_state}",
+            "runtime_problems": [],
+        }
+    if last_exit and last_exit != "0":
+        problems.append(f"keep_alive daemon exited with status {last_exit}")
+        return {
+            "runtime_state": "degraded",
+            "runtime_summary": f"last exit {last_exit}",
+            "runtime_problems": problems,
+        }
+
+    problems.append("keep_alive service is loaded but has no active pid")
+    return {
+        "runtime_state": "degraded",
+        "runtime_summary": "loaded but not running",
+        "runtime_problems": problems,
+    }
+
+
 def _discover_personal_schedule_records() -> list[dict]:
     """Inspect macOS LaunchAgents and return raw personal schedule records."""
     if platform.system() != "Darwin":
@@ -737,6 +836,12 @@ def audit_personal_schedules() -> dict:
         "healthy": 0,
         "problems": 0,
         "managed_registered": 0,
+        "keep_alive": 0,
+        "runtime_alive": 0,
+        "runtime_degraded": 0,
+        "runtime_duplicated": 0,
+        "runtime_stale": 0,
+        "runtime_unknown": 0,
     }
 
     for record in _discover_personal_schedule_records():
@@ -790,6 +895,7 @@ def audit_personal_schedules() -> dict:
             schedule_state = "orphaned"
 
         audited_record = dict(record)
+        runtime_snapshot = _keep_alive_runtime_snapshot(record)
         audited_record.update({
             "schedule_origin": schedule_origin,
             "schedule_declared": declared_valid,
@@ -799,6 +905,7 @@ def audit_personal_schedules() -> dict:
             "problems": problems,
             "script_name": script.get("name", "") if script else "",
             "declared_schedule": declared if script else {},
+            **runtime_snapshot,
         })
         audited.append(audited_record)
         summary[schedule_origin] += 1
@@ -808,6 +915,41 @@ def audit_personal_schedules() -> dict:
         else:
             summary["problems"] += 1
 
+    duplicate_cron_ids: dict[str, int] = {}
+    duplicate_script_paths: dict[str, int] = {}
+    for record in audited:
+        if record.get("schedule_type") != "keep_alive":
+            continue
+        cron_id = str(record.get("cron_id", "") or "")
+        script_path = str(record.get("script_path", "") or "")
+        if cron_id:
+            duplicate_cron_ids[cron_id] = duplicate_cron_ids.get(cron_id, 0) + 1
+        if script_path:
+            duplicate_script_paths[script_path] = duplicate_script_paths.get(script_path, 0) + 1
+
+    for record in audited:
+        if record.get("schedule_type") == "keep_alive":
+            cron_id = str(record.get("cron_id", "") or "")
+            script_path = str(record.get("script_path", "") or "")
+            duplicated = (
+                (cron_id and duplicate_cron_ids.get(cron_id, 0) > 1)
+                or (script_path and duplicate_script_paths.get(script_path, 0) > 1)
+            )
+            if duplicated:
+                runtime_problems = list(record.get("runtime_problems", []))
+                runtime_problems.append("duplicate keep_alive schedules discovered for the same cron/script")
+                record["runtime_state"] = "duplicated"
+                record["runtime_summary"] = "multiple keep_alive schedules discovered"
+                record["runtime_problems"] = runtime_problems
+
+        if record.get("schedule_type") == "keep_alive":
+            summary["keep_alive"] += 1
+            runtime_state = str(record.get("runtime_state", "unknown") or "unknown")
+            key = f"runtime_{runtime_state}"
+            if key not in summary:
+                summary[key] = 0
+            summary[key] += 1
+
     return {
         "schedules": audited,
         "summary": summary,