openpalm 0.9.7 → 0.9.9

package/src/commands/restart.ts

@@ -1,5 +1,4 @@
 import { defineCommand } from 'citty';
-import { tryAdminRequest, getServiceNames } from '../lib/admin.ts';
 import { runDockerCompose } from '../lib/docker.ts';
 import { ensureStagedState, fullComposeArgs, buildManagedServiceNames } from '../lib/staging.ts';
 
@@ -23,25 +22,7 @@ export default defineCommand({
 
 export async function runRestartAction(services: string[]): Promise<void> {
   if (services.length === 0) {
-    // Try admin delegation first
-    const adminResult = await tryAdminRequest('/admin/containers/list');
-    if (adminResult !== null) {
-      const serviceNames = getServiceNames(adminResult);
-      for (const service of serviceNames) {
-        const result = await tryAdminRequest('/admin/containers/restart', {
-          method: 'POST',
-          body: JSON.stringify({ service }),
-        });
-        if (result !== null) {
-          console.log(JSON.stringify(result, null, 2));
-        } else {
-          console.warn(`Warning: failed to restart ${service} via admin API`);
-        }
-      }
-      return;
-    }
-
-    // Direct compose restart
+    // Restart all managed services (admin included if enabled)
     const state = await ensureStagedState();
     const managedServices = buildManagedServiceNames(state);
     await runDockerCompose([...fullComposeArgs(state), 'restart', ...managedServices]);
@@ -50,22 +31,8 @@ export async function runRestartAction(services: string[]): Promise<void> {
 
   // Restart specific services
   for (const service of services) {
-    const adminResult = await tryAdminRequest('/admin/containers/restart', {
-      method: 'POST',
-      body: JSON.stringify({ service }),
-    });
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      continue;
-    }
-
-    // Direct compose restart for specific service
     const state = await ensureStagedState();
     const composeArgs = fullComposeArgs(state);
-    if (service === 'admin' || service === 'docker-socket-proxy') {
-      await runDockerCompose([...composeArgs, '--profile', 'admin', 'restart', service]);
-    } else {
-      await runDockerCompose([...composeArgs, 'restart', service]);
-    }
+    await runDockerCompose([...composeArgs, 'restart', service]);
   }
 }

package/src/commands/service.ts

@@ -1,5 +1,4 @@
 import { defineCommand } from 'citty';
-import { tryAdminRequest } from '../lib/admin.ts';
 import { runDockerCompose } from '../lib/docker.ts';
 import { ensureStagedState, fullComposeArgs, buildManagedServiceNames } from '../lib/staging.ts';
 import { runLogsAction } from './logs.ts';
@@ -42,14 +41,6 @@ const logsCmd = defineCommand({
 const updateCmd = defineCommand({
   meta: { name: 'update', description: 'Pull latest images' },
   async run() {
-    // Try admin delegation first
-    const adminResult = await tryAdminRequest('/admin/containers/pull', { method: 'POST' });
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      return;
-    }
-
-    // Direct compose pull + recreate (scoped to managed services)
     const state = await ensureStagedState();
     const composeArgs = fullComposeArgs(state);
     const managedServices = buildManagedServiceNames(state);
@@ -64,14 +55,6 @@ const updateCmd = defineCommand({
 const statusCmd = defineCommand({
   meta: { name: 'status', description: 'Show container status' },
   async run() {
-    // Try admin delegation first
-    const adminResult = await tryAdminRequest('/admin/containers/list');
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      return;
-    }
-
-    // Direct compose ps
     const state = await ensureStagedState();
     await runDockerCompose([...fullComposeArgs(state), 'ps', '--format', 'table']);
   },

package/src/commands/start.ts

@@ -1,5 +1,4 @@
 import { defineCommand } from 'citty';
-import { tryAdminRequest } from '../lib/admin.ts';
 import { runDockerCompose } from '../lib/docker.ts';
 import { ensureStagedState, fullComposeArgs, buildManagedServiceNames } from '../lib/staging.ts';
 
@@ -14,66 +13,29 @@ export default defineCommand({
       description: 'Service names to start (omit for all)',
       required: false,
     },
-    'with-admin': {
-      type: 'boolean',
-      description: 'Include admin UI and docker-socket-proxy (use --no-with-admin to skip)',
-      default: true,
-    },
   },
   async run({ args }) {
     const services = args._ ?? [];
-    const withAdmin = args['with-admin'] ?? false;
-    await runStartAction(services, { withAdmin });
+    await runStartAction(services);
   },
 });
 
 export async function runStartAction(
   services: string[],
-  opts?: { withAdmin?: boolean },
 ): Promise<void> {
-  const withAdmin = opts?.withAdmin ?? false;
-
   if (services.length === 0) {
-    // Try admin delegation first (gives admin's scheduler/audit a chance to observe)
-    const adminResult = await tryAdminRequest('/admin/install', { method: 'POST' });
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      return;
-    }
-
-    // Direct compose — stage artifacts and start managed services
+    // Stage artifacts and start all managed services (admin included if enabled)
     const state = await ensureStagedState();
     const composeArgs = fullComposeArgs(state);
     const managedServices = buildManagedServiceNames(state);
-
-    if (withAdmin) {
-      // Include the admin profile — starts admin + docker-socket-proxy
-      await runDockerCompose([...composeArgs, '--profile', 'admin', 'up', '-d', ...managedServices, 'admin', 'docker-socket-proxy']);
-    } else {
-      await runDockerCompose([...composeArgs, 'up', '-d', ...managedServices]);
-    }
+    await runDockerCompose([...composeArgs, 'up', '-d', ...managedServices]);
     return;
   }
 
-  // Start specific services — try admin first, fall back to direct compose
+  // Start specific services
   for (const service of services) {
-    const adminResult = await tryAdminRequest('/admin/containers/up', {
-      method: 'POST',
-      body: JSON.stringify({ service }),
-    });
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      continue;
-    }
-
-    // Direct compose for specific service
     const state = await ensureStagedState();
     const composeArgs = fullComposeArgs(state);
-    // If starting admin explicitly, include the admin profile
-    if (service === 'admin' || service === 'docker-socket-proxy') {
-      await runDockerCompose([...composeArgs, '--profile', 'admin', 'up', '-d', service]);
-    } else {
-      await runDockerCompose([...composeArgs, 'up', '-d', service]);
-    }
+    await runDockerCompose([...composeArgs, 'up', '-d', service]);
   }
 }

package/src/commands/status.ts

@@ -1,5 +1,4 @@
 import { defineCommand } from 'citty';
-import { tryAdminRequest } from '../lib/admin.ts';
 import { runDockerCompose } from '../lib/docker.ts';
 import { ensureStagedState, fullComposeArgs } from '../lib/staging.ts';
 
@@ -9,14 +8,6 @@ export default defineCommand({
     description: 'Show container status',
   },
   async run() {
-    // Try admin delegation first for richer output
-    const adminResult = await tryAdminRequest('/admin/containers/list');
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      return;
-    }
-
-    // Direct compose ps
     const state = await ensureStagedState();
     await runDockerCompose([...fullComposeArgs(state), 'ps', '--format', 'table']);
   },

package/src/commands/stop.ts

@@ -1,5 +1,4 @@
 import { defineCommand } from 'citty';
-import { tryAdminRequest, getServiceNames } from '../lib/admin.ts';
 import { runDockerCompose } from '../lib/docker.ts';
 import { ensureStagedState, fullComposeArgs } from '../lib/staging.ts';
 
@@ -23,48 +22,17 @@ export default defineCommand({
 
 export async function runStopAction(services: string[]): Promise<void> {
   if (services.length === 0) {
-    // Try admin delegation — stop each managed container
-    const adminResult = await tryAdminRequest('/admin/containers/list');
-    if (adminResult !== null) {
-      const serviceNames = getServiceNames(adminResult);
-      for (const service of serviceNames) {
-        const result = await tryAdminRequest('/admin/containers/down', {
-          method: 'POST',
-          body: JSON.stringify({ service }),
-        });
-        if (result !== null) {
-          console.log(JSON.stringify(result, null, 2));
-        } else {
-          console.warn(`Warning: failed to stop ${service} via admin API`);
-        }
-      }
-      return;
-    }
-
-    // Direct compose down — include admin profile to tear down all services
+    // Compose file list includes admin.yml when admin is enabled,
+    // so `down` tears down all services including admin/caddy/socket-proxy.
     const state = await ensureStagedState();
-    await runDockerCompose([...fullComposeArgs(state), '--profile', 'admin', 'down']);
+    await runDockerCompose([...fullComposeArgs(state), 'down']);
     return;
   }
 
   // Stop specific services
   for (const service of services) {
-    const adminResult = await tryAdminRequest('/admin/containers/down', {
-      method: 'POST',
-      body: JSON.stringify({ service }),
-    });
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      continue;
-    }
-
-    // Direct compose stop for specific service
     const state = await ensureStagedState();
     const composeArgs = fullComposeArgs(state);
-    if (service === 'admin' || service === 'docker-socket-proxy') {
-      await runDockerCompose([...composeArgs, '--profile', 'admin', 'stop', service]);
-    } else {
-      await runDockerCompose([...composeArgs, 'stop', service]);
-    }
+    await runDockerCompose([...composeArgs, 'stop', service]);
   }
 }

package/src/commands/uninstall.ts

@@ -1,7 +1,8 @@
 import { defineCommand } from 'citty';
-import { tryAdminRequest } from '../lib/admin.ts';
+import { rmSync } from 'node:fs';
 import { runDockerCompose } from '../lib/docker.ts';
 import { ensureStagedState, fullComposeArgs } from '../lib/staging.ts';
+import { resolveConfigHome, resolveDataHome, resolveStateHome } from '@openpalm/lib';
 
 export default defineCommand({
   meta: {
@@ -14,24 +15,32 @@ export default defineCommand({
       description: 'Also remove Docker volumes',
       default: false,
     },
+    purge: {
+      type: 'boolean',
+      description: 'Remove all OpenPalm XDG directories (config, data, state)',
+      default: false,
+    },
   },
   async run({ args }) {
-    // Try admin delegation first
-    const adminResult = await tryAdminRequest('/admin/uninstall', { method: 'POST' });
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      return;
-    }
-
-    // Direct compose down — include admin profile to tear down all services
+    // Compose file list includes admin.yml when admin is enabled,
+    // so `down` tears down all services including admin/caddy/socket-proxy.
     const state = await ensureStagedState();
     const composeArgs = fullComposeArgs(state);
-    const downArgs = args.volumes ? ['down', '-v'] : ['down'];
-    await runDockerCompose([...composeArgs, '--profile', 'admin', ...downArgs]);
+    const downArgs = args.volumes || args.purge ? ['down', '-v'] : ['down'];
+    await runDockerCompose([...composeArgs, ...downArgs]);
 
-    console.log('OpenPalm stack stopped and removed.');
-    if (!args.volumes) {
-      console.log('Config and data directories are preserved. Use --volumes to also remove Docker volumes.');
+    if (args.purge) {
+      const dirs = [resolveConfigHome(), resolveDataHome(), resolveStateHome()];
+      for (const dir of dirs) {
+        console.log(`Removing ${dir}`);
+        rmSync(dir, { recursive: true, force: true });
+      }
+      console.log('OpenPalm stack and all data removed.');
+    } else {
+      console.log('OpenPalm stack stopped and removed.');
+      if (!args.volumes) {
+        console.log('Config and data directories are preserved. Use --purge to remove everything.');
+      }
     }
   },
 });

package/src/commands/update.ts

@@ -1,5 +1,4 @@
 import { defineCommand } from 'citty';
-import { tryAdminRequest } from '../lib/admin.ts';
 import { runDockerCompose } from '../lib/docker.ts';
 import { ensureStagedState, fullComposeArgs, buildManagedServiceNames } from '../lib/staging.ts';
 
@@ -9,14 +8,6 @@ export default defineCommand({
     description: 'Pull latest images and recreate containers',
   },
   async run() {
-    // Try admin delegation first
-    const adminResult = await tryAdminRequest('/admin/containers/pull', { method: 'POST' });
-    if (adminResult !== null) {
-      console.log(JSON.stringify(adminResult, null, 2));
-      return;
-    }
-
-    // Direct compose: pull + recreate
     const state = await ensureStagedState();
     const composeArgs = fullComposeArgs(state);
     const managedServices = buildManagedServiceNames(state);

package/src/lib/docker.ts

@@ -27,6 +27,23 @@ export async function ensureDirectoryTree(
   }
 }
 
+/**
+ * Fetches a URL with retries and exponential backoff. Only retries on 5xx or network errors.
+ */
+async function fetchWithRetry(url: string, retries = 3): Promise<Response> {
+  for (let i = 0; i < retries; i++) {
+    try {
+      const res = await fetch(url, { signal: AbortSignal.timeout(30000) });
+      if (res.ok || res.status < 500) return res;
+      if (i < retries - 1) await Bun.sleep(200 * 2 ** i);
+    } catch (err) {
+      if (i === retries - 1) throw err;
+      await Bun.sleep(200 * 2 ** i);
+    }
+  }
+  throw new Error(`Failed to fetch ${url} after ${retries} attempts`);
+}
+
 /**
  * Downloads an asset from a GitHub release, falling back to raw.githubusercontent.com.
  */
@@ -34,15 +51,15 @@ export async function fetchAsset(repoRef: string, filename: string): Promise<str
   const releaseUrl = `https://github.com/${REPO_OWNER}/${REPO_NAME}/releases/download/${repoRef}/${filename}`;
   const rawUrl = `https://raw.githubusercontent.com/${REPO_OWNER}/${REPO_NAME}/${repoRef}/assets/${filename}`;
 
-  const releaseResponse = await fetch(releaseUrl, { signal: AbortSignal.timeout(30000) });
-  if (releaseResponse.ok) {
-    return await releaseResponse.text();
+  try {
+    const releaseResponse = await fetchWithRetry(releaseUrl);
+    if (releaseResponse.ok) return await releaseResponse.text();
+  } catch {
+    // Fall through to raw URL
   }
 
-  const rawResponse = await fetch(rawUrl, { signal: AbortSignal.timeout(30000) });
-  if (rawResponse.ok) {
-    return await rawResponse.text();
-  }
+  const rawResponse = await fetchWithRetry(rawUrl);
+  if (rawResponse.ok) return await rawResponse.text();
 
   throw new Error(`Failed to download ${filename} from ${repoRef}`);
 }
@@ -90,6 +107,7 @@ export async function runDockerComposeCapture(args: string[]): Promise<string> {
  * Opens a URL in the user's default browser. Best-effort, never throws.
  */
 export async function openBrowser(url: string): Promise<void> {
+  console.log(`Opening ${url} in your browser...`);
   const platform = process.platform;
   try {
     if (platform === 'darwin') {

package/src/lib/env.ts

@@ -1,62 +1,7 @@
-import { basename, dirname, join } from 'node:path';
-import { defaultConfigHome, defaultDockerSock } from './paths.ts';
-
-const EXPORT_ENV_PREFIX = 'export ';
-
-/**
- * Loads the admin token from environment variables or secrets.env file.
- * Checks OPENPALM_ADMIN_TOKEN first, then ADMIN_TOKEN (legacy), then reads from
- * CONFIG_HOME/secrets.env. Returns empty string if no token is found.
- */
-export async function loadAdminToken(): Promise<string> {
-  if (process.env.OPENPALM_ADMIN_TOKEN) {
-    return process.env.OPENPALM_ADMIN_TOKEN;
-  }
-
-  if (process.env.ADMIN_TOKEN) {
-    return process.env.ADMIN_TOKEN;
-  }
-
-  const configHome = defaultConfigHome();
-  const secretsPaths = [join(configHome, 'secrets.env')];
-  if (basename(configHome) === 'openpalm') {
-    secretsPaths.push(join(dirname(configHome), 'secrets.env'));
-  }
-
-  for (const secretsPath of secretsPaths) {
-    const token = await readTokenFromFile(secretsPath, 'OPENPALM_ADMIN_TOKEN');
-    if (token) return token;
-    const legacyToken = await readTokenFromFile(secretsPath, 'ADMIN_TOKEN');
-    if (legacyToken) return legacyToken;
-  }
-
-  return '';
-}
-
-/**
- * Reads a specific key from an env file. Handles `export` prefix and quoted values.
- */
-async function readTokenFromFile(secretsPath: string, key: string): Promise<string | null> {
-  try {
-    const text = await Bun.file(secretsPath).text();
-    for (const rawLine of text.split('\n')) {
-      const line = rawLine.trim();
-      if (!line || line.startsWith('#')) continue;
-      const lineWithoutExportPrefix = line.startsWith(EXPORT_ENV_PREFIX)
-        ? line.slice(EXPORT_ENV_PREFIX.length).trimStart()
-        : line;
-      const [lineKey, ...rest] = lineWithoutExportPrefix.split('=');
-      if (lineKey !== key) continue;
-      const value = unwrapQuotedEnvValue(rest.join('=').trim());
-      if (!value) return null;
-      return value;
-    }
-  } catch {
-    // Best effort only.
-  }
-
-  return null;
-}
+import { join, dirname } from 'node:path';
+import { randomBytes } from 'node:crypto';
+import { mkdirSync } from 'node:fs';
+import { defaultDockerSock } from './paths.ts';
 
 export function unwrapQuotedEnvValue(value: string): string {
   const isDoubleQuoted = value.startsWith('"') && value.endsWith('"');
@@ -143,6 +88,7 @@ export OPENAI_BASE_URL=
 
 # Memory
 export MEMORY_USER_ID=${userId}
+export MEMORY_AUTH_TOKEN=${randomBytes(32).toString('hex')}
 `;
 
   await Bun.write(secretsPath, content);
@@ -189,6 +135,7 @@ OPENPALM_IMAGE_TAG=${defaultImageTag}
       await Bun.write(dataStackEnv, reconciled);
     }
   }
+  mkdirSync(dirname(stagedStackEnv), { recursive: true });
   await Bun.write(stagedStackEnv, Bun.file(dataStackEnv));
 
   const stateSecrets = join(stateHome, 'artifacts', 'secrets.env');

package/src/lib/paths.ts

@@ -1,6 +1,7 @@
 /**
  * Path resolution — re-exports from @openpalm/lib with CLI-specific additions.
  */
+import { existsSync } from 'node:fs';
 import { homedir } from 'node:os';
 import { join } from 'node:path';
 import {
@@ -19,7 +20,16 @@ export { resolveStateHome as defaultStateHome };
 // CLI-specific paths (not in lib)
 export function defaultDockerSock(): string {
   if (process.env.OPENPALM_DOCKER_SOCK) return process.env.OPENPALM_DOCKER_SOCK;
-  return IS_WINDOWS ? '//./pipe/docker_engine' : '/var/run/docker.sock';
+  if (IS_WINDOWS) return '//./pipe/docker_engine';
+
+  const home = homedir();
+  const candidates = [
+    '/var/run/docker.sock',
+    join(home, '.orbstack/run/docker.sock'),
+    join(home, '.colima/default/docker.sock'),
+    join(home, '.rd/docker.sock'),
+  ];
+  return candidates.find((p) => existsSync(p)) ?? candidates[0];
 }
 
 export function defaultWorkDir(): string {

package/src/lib/staging.ts

@@ -22,9 +22,9 @@ import { defaultDataHome } from './paths.ts';
 /**
  * Ensure all artifacts are staged from CONFIG_HOME/DATA_HOME to STATE_HOME.
  *
- * This is the CLI-side equivalent of the admin's staging pipeline.
- * It uses FilesystemAssetProvider (reads core assets from DATA_HOME,
- * persisted by the install command) rather than Vite bundle imports.
+ * Uses FilesystemAssetProvider (reads core assets from DATA_HOME,
+ * persisted by the install command) to assemble compose files, env
+ * files, and Caddyfile into STATE_HOME/artifacts for Docker Compose.
  *
  * Returns a ControlPlaneState usable with fullComposeArgs().
  */