npm - patchwork-os - Versions diffs - 0.2.0-beta.4 → 0.2.0-beta.5 - Mend

patchwork-os 0.2.0-beta.4 → 0.2.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.js +74 -40
package/dist/index.js.map +1 -1
package/dist/recipeOrchestration.js +58 -8
package/dist/recipeOrchestration.js.map +1 -1
package/dist/recipeRoutes.js +95 -14
package/dist/recipeRoutes.js.map +1 -1
package/dist/server.js +36 -18
package/dist/server.js.map +1 -1
package/package.json +1 -1
package/scripts/start-all.ps1 +209 -209
package/scripts/start-orchestrator.ps1 +158 -158

package/dist/index.js CHANGED Viewed

@@ -193,8 +193,12 @@ if (process.argv[2] === "--help" ||
         `  recipe --help                             Full recipe subcommand index\n\n` +
         `Diagnose\n` +
         `  halts [--window 1h|24h|overnight|7d]      Morning summary of recent recipe halts\n` +
+        `  judgments [--window ...] [--recipe N]     Recent judge-step verdicts across runs\n` +
         `  traces export                             Bundle approval / recipe / decision traces\n` +
         `  print-token [--port N]                    Print the active bridge auth token\n\n` +
+        `Safety\n` +
+        `  kill-switch <engage|release|status>       Block / resume write-tier tools across bridges\n` +
+        `  panic [--reason "..."]                    Shorthand for kill-switch engage\n\n` +
         `Daemon (no subcommand)\n` +
         `  --workspace <dir>                         Start the bridge in foreground\n` +
         `  --watch                                   Auto-restart supervisor\n` +
@@ -1763,11 +1767,22 @@ if (process.argv[2] === "kill-switch") {
 // form is `kill-switch engage`; this alias matches it so shell history six
 // months later still makes sense. Does not accept sub-verbs — just runs engage.
 if (process.argv[2] === "panic") {
+    const extra = process.argv.slice(3); // e.g. --reason "..." --force-local
+    // Guard against `panic --help` engaging the kill switch — a real
+    // footgun if you tab-completed the verb to confirm syntax before
+    // committing to the action. `panic` is an alias, so we honor --help
+    // here ourselves rather than forwarding to kill-switch engage.
+    if (extra.includes("--help") || extra.includes("-h")) {
+        console.log('Usage: patchwork panic [--reason "..."] [--force-local]\n\n' +
+            "  Alias for `patchwork kill-switch engage` — blocks all write-tier\n" +
+            "  tool calls across every running bridge. Use --reason to leave a\n" +
+            "  note in the audit trail. Release with `patchwork kill-switch release`.\n");
+        process.exit(0);
+    }
     // Spawn self with kill-switch engage to reuse the full handler without
     // duplicating 200+ LOC. Passes through any flags (--reason, --force-local).
     import("node:child_process").then(({ spawnSync }) => {
         const self = process.argv[1] ?? process.execPath;
-        const extra = process.argv.slice(3); // e.g. --reason "..." --force-local
         const result = spawnSync(process.execPath, [self, "kill-switch", "engage", ...extra], { stdio: "inherit" });
         process.exit(result.status ?? 1);
     });
@@ -1834,14 +1849,6 @@ if (process.argv[2] === "halts") {
                 process.stderr.write("No running bridge found. Start one with `patchwork start` (or `--driver subprocess`).\n");
                 process.exit(2);
             }
-            // Single-bridge default: query the first. Multi-bridge users will
-            // typically have one orchestrator anyway; expanding to fan-out is a
-            // follow-up if needed.
-            const lock = liveLocks[0];
-            if (!lock) {
-                process.stderr.write("No running bridge found.\n");
-                process.exit(2);
-            }
             const sinceMs = windowSinceMs(window);
             const params = [];
             if (sinceMs != null)
@@ -1849,20 +1856,35 @@ if (process.argv[2] === "halts") {
             if (recipeFilter)
                 params.push(`recipe=${encodeURIComponent(recipeFilter)}`);
             const qs = params.length > 0 ? `?${params.join("&")}` : "";
-            const controller = new AbortController();
-            const timer = setTimeout(() => controller.abort(), 10_000);
-            let res;
-            try {
-                res = await fetch(`http://127.0.0.1:${lock.port}/runs/halt-summary${qs}`, {
-                    headers: { Authorization: `Bearer ${lock.authToken}` },
-                    signal: controller.signal,
-                });
-            }
-            finally {
-                clearTimeout(timer);
+            // Walk live bridges in order; first responsive one wins. See the
+            // matching block in the `judgments` handler — findAllLiveBridges
+            // can include stale entries when a recycled PID still answers
+            // `kill(pid, 0)` but the lock points at a dead bridge.
+            let res = null;
+            let lastStatus = 0;
+            for (const lock of liveLocks) {
+                const controller = new AbortController();
+                const timer = setTimeout(() => controller.abort(), 10_000);
+                try {
+                    const candidate = await fetch(`http://127.0.0.1:${lock.port}/runs/halt-summary${qs}`, {
+                        headers: { Authorization: `Bearer ${lock.authToken}` },
+                        signal: controller.signal,
+                    });
+                    if (candidate.ok) {
+                        res = candidate;
+                        break;
+                    }
+                    lastStatus = candidate.status;
+                }
+                catch {
+                    /* unreachable lock — try next */
+                }
+                finally {
+                    clearTimeout(timer);
+                }
             }
-            if (!res.ok) {
-                process.stderr.write(`Bridge returned ${res.status} for /runs/halt-summary\n`);
+            if (!res) {
+                process.stderr.write(`No live bridge served /runs/halt-summary (last status: ${lastStatus || "unreachable"}).\n`);
                 process.exit(1);
             }
             const summary = (await res.json());
@@ -1974,11 +1996,6 @@ if (process.argv[2] === "judgments") {
                 process.stderr.write("No running bridge found. Start one with `patchwork start` (or `--driver subprocess`).\n");
                 process.exit(2);
             }
-            const lock = liveLocks[0];
-            if (!lock) {
-                process.stderr.write("No running bridge found.\n");
-                process.exit(2);
-            }
             const sinceMs = windowSinceMs(window);
             const params = [];
             if (sinceMs != null)
@@ -1986,20 +2003,37 @@ if (process.argv[2] === "judgments") {
             if (recipeFilter)
                 params.push(`recipe=${encodeURIComponent(recipeFilter)}`);
             const qs = params.length > 0 ? `?${params.join("&")}` : "";
-            const controller = new AbortController();
-            const timer = setTimeout(() => controller.abort(), 10_000);
-            let res;
-            try {
-                res = await fetch(`http://127.0.0.1:${lock.port}/runs/judge-summary${qs}`, {
-                    headers: { Authorization: `Bearer ${lock.authToken}` },
-                    signal: controller.signal,
-                });
-            }
-            finally {
-                clearTimeout(timer);
+            // Walk live bridges in order; the first responsive one wins.
+            // findAllLiveBridges uses `kill(pid, 0)` for liveness, which
+            // returns true for any recycled PID — so liveLocks can contain
+            // stale entries from dead bridges. Previously we picked [0]
+            // unconditionally and surfaced a confusing 404; now we try each
+            // and only fall through to the error path when *all* fail.
+            let res = null;
+            let lastStatus = 0;
+            for (const lock of liveLocks) {
+                const controller = new AbortController();
+                const timer = setTimeout(() => controller.abort(), 10_000);
+                try {
+                    const candidate = await fetch(`http://127.0.0.1:${lock.port}/runs/judge-summary${qs}`, {
+                        headers: { Authorization: `Bearer ${lock.authToken}` },
+                        signal: controller.signal,
+                    });
+                    if (candidate.ok) {
+                        res = candidate;
+                        break;
+                    }
+                    lastStatus = candidate.status;
+                }
+                catch {
+                    /* unreachable lock — try next */
+                }
+                finally {
+                    clearTimeout(timer);
+                }
             }
-            if (!res.ok) {
-                process.stderr.write(`Bridge returned ${res.status} for /runs/judge-summary\n`);
+            if (!res) {
+                process.stderr.write(`No live bridge served /runs/judge-summary (last status: ${lastStatus || "unreachable"}).\n`);
                 process.exit(1);
             }
             const summary = (await res.json());