nexvora 0.2.0 → 0.2.1

package/bin/nexvora.js

@@ -17,6 +17,8 @@
  */
 
 const { spawn } = require("node:child_process");
+const { existsSync } = require("node:fs");
+const { join } = require("node:path");
 
 /** os-cpu -> per-platform package that carries the prebuilt binary. */
 const PLATFORM_PACKAGES = {
@@ -41,17 +43,29 @@ function resolveBinary() {
     );
   }
   const exe = process.platform === "win32" ? "nexvora.exe" : "nexvora";
+
+  // 1. Normal path: the per-platform optionalDependency installed cleanly.
   try {
     return require.resolve(`${pkg}/bin/${exe}`);
   } catch {
-    fail(
-      `the native binary for ${key} is missing.\n` +
-        `Its package '${pkg}' was not installed — usually because optional\n` +
-        `dependencies were skipped. Reinstall with them enabled:\n` +
-        `  npm install -g nexvora\n` +
-        `(remove any --no-optional / --omit=optional flag, and check proxy settings).`,
-    );
+    /* not installed — try the postinstall fallback below */
   }
+
+  // 2. Fallback: the postinstall script (scripts/postinstall.mjs) downloads the
+  //    binary into vendor/<os-cpu>/ when npm skips the optional dependency.
+  const vendored = join(__dirname, "..", "vendor", key, exe);
+  if (existsSync(vendored)) {
+    return vendored;
+  }
+
+  // 3. Neither present — guide the user.
+  fail(
+    `the native binary for ${key} is missing.\n` +
+      `Its package '${pkg}' was not installed (npm skipped the optional\n` +
+      `dependency) and the postinstall fallback could not fetch it. Reinstall:\n` +
+      `  npm install -g nexvora\n` +
+      `(remove any --no-optional / --omit=optional flag, and check proxy/registry settings).`,
+  );
 }
 
 const child = spawn(resolveBinary(), process.argv.slice(2), { stdio: "inherit" });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexvora",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "NexVora — one binary for the MCP server, CLI, and donor daemon. Single login, run anything.",
   "keywords": [
     "nexvora",
@@ -15,8 +15,12 @@
   "bin": {
     "nexvora": "bin/nexvora.js"
   },
+  "scripts": {
+    "postinstall": "node scripts/postinstall.mjs"
+  },
   "files": [
     "bin",
+    "scripts",
     "README.md"
   ],
   "engines": {
@@ -24,10 +28,10 @@
   },
   "//": "The actual native (Rust) binary ships in exactly one of these per-platform packages; npm installs only the one matching the user's os/cpu (see each package's os/cpu fields). bin/nexvora.js resolves and execs it.",
   "optionalDependencies": {
-    "@nexvora/cli-darwin-arm64": "0.2.0",
-    "@nexvora/cli-darwin-x64": "0.2.0",
-    "@nexvora/cli-linux-x64": "0.2.0",
-    "@nexvora/cli-win32-x64": "0.2.0"
+    "@nexvora/cli-darwin-arm64": "0.2.1",
+    "@nexvora/cli-darwin-x64": "0.2.1",
+    "@nexvora/cli-linux-x64": "0.2.1",
+    "@nexvora/cli-win32-x64": "0.2.1"
   },
   "publishConfig": {
     "access": "public",

package/scripts/package-binaries.mjs

@@ -0,0 +1,74 @@
+#!/usr/bin/env node
+// Populates the per-platform npm packages with the freshly built Rust binaries
+// and syncs every version to the main package's version. Run in CI after
+// `cargo build --release` for each target, before `npm publish`.
+//
+// Expected layout of built binaries (override the root with NEXVORA_BIN_DIR):
+//   <binDir>/aarch64-apple-darwin/nexvora
+//   <binDir>/x86_64-apple-darwin/nexvora
+//   <binDir>/x86_64-unknown-linux-gnu/nexvora
+//   <binDir>/aarch64-unknown-linux-gnu/nexvora
+//   <binDir>/x86_64-pc-windows-msvc/nexvora.exe
+//
+// Publish order (optional deps must exist first):
+//   node scripts/package-binaries.mjs
+//   for d in npm/*/ ; do (cd "$d" && npm publish) ; done
+//   npm publish            # the main `nexvora` launcher package, last
+
+import { chmodSync, copyFileSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const here = dirname(fileURLToPath(import.meta.url));
+const root = join(here, "..");
+const binDir = process.env.NEXVORA_BIN_DIR ?? join(root, "..", "..", "nexvora-daemon", "target");
+
+// Rust target triple -> { package dir, windows? }
+const TARGETS = {
+  "aarch64-apple-darwin": { pkg: "cli-darwin-arm64", windows: false },
+  "x86_64-apple-darwin": { pkg: "cli-darwin-x64", windows: false },
+  "x86_64-unknown-linux-gnu": { pkg: "cli-linux-x64", windows: false },
+  "x86_64-pc-windows-msvc": { pkg: "cli-win32-x64", windows: true },
+};
+
+// `nexvora` is the entry point the npm launcher execs; it finds `nexvora-daemon`
+// (the engine) as a sibling in the same bin/ directory. Both ship per platform.
+const BINARIES = ["nexvora", "nexvora-daemon"];
+
+// Version precedence: explicit CLI arg (CI passes the release tag) > package.json.
+const mainPkgVersion = JSON.parse(readFileSync(join(root, "package.json"), "utf8")).version;
+const version = process.argv[2] ?? mainPkgVersion;
+console.log(`Packaging nexvora native binaries at v${version}`);
+
+for (const [triple, { pkg, windows }] of Object.entries(TARGETS)) {
+  const pkgDir = join(root, "npm", pkg);
+
+  for (const base of BINARIES) {
+    const exe = windows ? `${base}.exe` : base;
+    const src = join(binDir, triple, "release", exe);
+    const outBin = join(pkgDir, "bin", exe);
+    mkdirSync(dirname(outBin), { recursive: true });
+    copyFileSync(src, outBin);
+    if (!windows) {
+      chmodSync(outBin, 0o755);
+    }
+  }
+
+  // Keep each platform package's version in lockstep with the launcher.
+  const pkgJsonPath = join(pkgDir, "package.json");
+  const pkgJson = JSON.parse(readFileSync(pkgJsonPath, "utf8"));
+  pkgJson.version = version;
+  writeFileSync(pkgJsonPath, `${JSON.stringify(pkgJson, null, 2)}\n`);
+
+  console.log(`  ${triple} -> @nexvora/${pkg}  (${BINARIES.join(", ")})`);
+}
+
+// Stamp the launcher's own version and pin optionalDependencies to it.
+const mainPath = join(root, "package.json");
+const main = JSON.parse(readFileSync(mainPath, "utf8"));
+main.version = version;
+for (const key of Object.keys(main.optionalDependencies ?? {})) {
+  main.optionalDependencies[key] = version;
+}
+writeFileSync(mainPath, `${JSON.stringify(main, null, 2)}\n`);
+console.log("Stamped launcher version + optionalDependencies to", version);

package/scripts/postinstall.mjs

@@ -0,0 +1,160 @@
+#!/usr/bin/env node
+// Postinstall fallback for the native binary.
+//
+// The binary normally arrives via the per-platform optionalDependency
+// (`@nexvora/cli-<os>-<cpu>`). But npm silently SKIPS optionalDependencies in
+// several common situations — custom global prefixes, `--omit=optional`,
+// `--no-optional`, certain proxy/CI setups, and assorted npm bugs — which leaves
+// the launcher with no binary to exec. This script closes that gap: if the
+// optional package isn't resolvable after install, it downloads that exact
+// package's tarball from the registry (same version as this launcher) and
+// extracts the binaries into `vendor/<os-cpu>/`, where bin/nexvora.js also looks.
+//
+// Best-effort by design: it NEVER fails the install. If the download can't
+// happen (offline, locked-down proxy), bin/nexvora.js prints a clear, actionable
+// error at runtime instead.
+
+import { createRequire } from "node:module";
+import { dirname, join, basename } from "node:path";
+import { fileURLToPath } from "node:url";
+import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { gunzipSync } from "node:zlib";
+import { get } from "node:https";
+
+const here = dirname(fileURLToPath(import.meta.url));
+const root = join(here, ".."); // the launcher package dir (node_modules/nexvora at install time)
+
+/** os-cpu -> per-platform package carrying the prebuilt binary. */
+const PLATFORM_PACKAGES = {
+  "darwin-arm64": "@nexvora/cli-darwin-arm64",
+  "darwin-x64": "@nexvora/cli-darwin-x64",
+  "linux-x64": "@nexvora/cli-linux-x64",
+  "win32-x64": "@nexvora/cli-win32-x64",
+};
+
+function log(msg) {
+  process.stdout.write(`nexvora(postinstall): ${msg}\n`);
+}
+
+/** Fetch a URL to a Buffer, following redirects (registry -> CDN). */
+function fetchBuffer(url, redirectsLeft = 5) {
+  return new Promise((resolve, reject) => {
+    const req = get(url, { headers: { "user-agent": "nexvora-postinstall" } }, (res) => {
+      const status = res.statusCode ?? 0;
+      if (status >= 300 && status < 400 && res.headers.location) {
+        res.resume();
+        if (redirectsLeft <= 0) {
+          reject(new Error("too many redirects"));
+          return;
+        }
+        const next = new URL(res.headers.location, url).toString();
+        resolve(fetchBuffer(next, redirectsLeft - 1));
+        return;
+      }
+      if (status !== 200) {
+        res.resume();
+        reject(new Error(`HTTP ${status} for ${url}`));
+        return;
+      }
+      const chunks = [];
+      res.on("data", (c) => chunks.push(c));
+      res.on("end", () => resolve(Buffer.concat(chunks)));
+    });
+    req.on("error", reject);
+    req.setTimeout(30_000, () => req.destroy(new Error("request timed out")));
+  });
+}
+
+/** Resolve the exact tarball URL for pkg@version from the registry packument. */
+async function resolveTarballUrl(pkg, version) {
+  // Honour an explicitly configured registry (npm exposes config as env during
+  // lifecycle scripts); default to the public registry.
+  const registry = (process.env.npm_config_registry || "https://registry.npmjs.org/").replace(/\/+$/, "/");
+  const url = `${registry}${pkg.replace("/", "%2f")}`;
+  const packument = JSON.parse((await fetchBuffer(url)).toString("utf8"));
+  const tarball = packument?.versions?.[version]?.dist?.tarball;
+  if (!tarball) {
+    throw new Error(`no tarball for ${pkg}@${version} in the registry`);
+  }
+  return tarball;
+}
+
+/**
+ * Extract specific binaries from a gzipped npm tarball (ustar). npm tarballs put
+ * everything under a `package/` prefix; we only want `package/bin/<name>`.
+ */
+function extractBinaries(tgz, destDir, wantBasenames) {
+  const tar = gunzipSync(tgz);
+  const want = new Set(wantBasenames);
+  const written = [];
+  mkdirSync(destDir, { recursive: true });
+  let offset = 0;
+  while (offset + 512 <= tar.length) {
+    const header = tar.subarray(offset, offset + 512);
+    const name = header.subarray(0, 100).toString("utf8").replace(/\0.*$/, "");
+    if (name === "") break; // end-of-archive (zero block)
+    const size = parseInt(header.subarray(124, 136).toString("utf8").replace(/\0.*$/, "").trim(), 8) || 0;
+    const typeflag = header[156];
+    const isFile = typeflag === 0x30 || typeflag === 0; // '0' or NUL = regular file
+    const dataStart = offset + 512;
+    const base = basename(name);
+    if (isFile && name.startsWith("package/bin/") && want.has(base)) {
+      const out = join(destDir, base);
+      writeFileSync(out, tar.subarray(dataStart, dataStart + size));
+      if (process.platform !== "win32") {
+        chmodSync(out, 0o755);
+      }
+      written.push(base);
+    }
+    offset = dataStart + Math.ceil(size / 512) * 512;
+  }
+  return written;
+}
+
+async function main() {
+  const key = `${process.platform}-${process.arch}`;
+  const pkg = PLATFORM_PACKAGES[key];
+  if (!pkg) {
+    // Unsupported platform: nothing to fetch. The launcher reports this clearly.
+    return;
+  }
+
+  const exe = process.platform === "win32" ? "nexvora.exe" : "nexvora";
+  const daemonExe = process.platform === "win32" ? "nexvora-daemon.exe" : "nexvora-daemon";
+
+  // Fast path: the optional dependency installed normally — nothing to do.
+  const require = createRequire(import.meta.url);
+  try {
+    require.resolve(`${pkg}/bin/${exe}`);
+    return;
+  } catch {
+    /* not installed — fall through to the fallback download */
+  }
+
+  const vendorDir = join(root, "vendor", key);
+  if (existsSync(join(vendorDir, exe))) {
+    return; // already vendored on a previous run
+  }
+
+  const version = JSON.parse(readFileSync(join(root, "package.json"), "utf8")).version;
+  log(`'${pkg}' was not installed (npm skipped the optional dependency); fetching the ${key} binary for v${version}...`);
+
+  try {
+    const tarballUrl = await resolveTarballUrl(pkg, version);
+    const tgz = await fetchBuffer(tarballUrl);
+    const written = extractBinaries(tgz, vendorDir, [exe, daemonExe]);
+    if (!written.includes(exe)) {
+      throw new Error(`tarball did not contain bin/${exe}`);
+    }
+    log(`fallback binary installed -> vendor/${key}/ (${written.join(", ")})`);
+  } catch (err) {
+    log(`could not fetch the fallback binary: ${err.message}`);
+    log(`reinstall with optional dependencies enabled ('npm install -g nexvora', no --omit=optional),`);
+    log(`or check proxy/registry settings. The launcher will guide you if you run it without a binary.`);
+  }
+}
+
+// Never let a postinstall failure break `npm install`.
+main().catch((err) => {
+  log(`unexpected error (ignored): ${err?.message ?? err}`);
+});