npm - plc-checkweigher - Versions diffs - 1.28.1 → 1.29.0 - Mend

plc-checkweigher 1.28.1 → 1.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/cli.js CHANGED Viewed

@@ -86,35 +86,15 @@ function buildBanner() {
   return lines.join('\n');
 }
-const STAMP_FILE = '/tmp/.plc-checkweigher-postinstall';
 function showAccessDenied() {
-  const banner = buildBanner();
-  const isPostinstall = process.env.npm_lifecycle_event === 'postinstall';
-  if (isPostinstall) {
-    // npm 7+ pipes away stdout/stderr — write directly to /dev/tty.
-    try {
-      const fd = fs.openSync('/dev/tty', 'w');
-      fs.writeSync(fd, banner + '\n');
-      fs.closeSync(fd);
-    } catch (_) {}
-    // Always stamp regardless of whether /dev/tty was available,
-    // so the CLI invocation npx runs right after skips the banner.
-    try { fs.writeFileSync(STAMP_FILE, String(Date.now())); } catch (_) {}
+  // During npm install the binary hasn't been invoked yet — exit silently.
+  // The banner only makes sense when someone runs the binary directly
+  // without a valid subcommand (e.g. bare `npx plc-checkweigher`).
+  if (process.env.npm_lifecycle_event === 'postinstall') {
     process.exit(0);
   }
-  // Suppress duplicate: if postinstall printed the banner within the last 3s, skip.
-  try {
-    const ts = parseInt(fs.readFileSync(STAMP_FILE, 'utf8'), 10);
-    if (Date.now() - ts < 3000) {
-      fs.unlinkSync(STAMP_FILE);
-      process.exit(1);
-    }
-  } catch (_) {}
-  console.log(banner);
+  console.log(buildBanner());
   process.exit(1);
 }

package/bin/plc_checkweigher CHANGED Viewed

@@ -1450,27 +1450,29 @@ PYEOF
         ulog "CONFIG: journal OK"
     fi
-    # 9b. Web maintenance sudoers rule (dashboard FIX button)
+    # 9b. Web maintenance sudoers rule (dashboard terminal)
     spin_start "Web maintenance sudoers rule"
     _SUDOERS_F="/etc/sudoers.d/010_plc-web-fix"
-    if [[ ! -f "$_SUDOERS_F" ]]; then
+    # Content-aware: rewrite if missing OR still the old fix-only version
+    if [[ ! -f "$_SUDOERS_F" ]] \
+       || ! sudo grep -q "plc_checkweigher update" "$_SUDOERS_F" 2>/dev/null; then
         cat > /tmp/010_plc-web-fix << 'SUDOEOF'
-# Web dashboard maintenance console — allows the locked, root-owned CLI
-# to run its fix command from plc_web (User=pi). Scope: fix only.
-pi ALL=(root) NOPASSWD: /usr/local/bin/plc_checkweigher fix, /usr/local/bin/plc_checkweigher fix *
+# Web dashboard maintenance terminal — allows the locked, root-owned CLI
+# to run whitelisted maintenance subcommands from plc_web (User=pi).
+pi ALL=(root) NOPASSWD: /usr/local/bin/plc_checkweigher fix, /usr/local/bin/plc_checkweigher fix *, /usr/local/bin/plc_checkweigher status, /usr/local/bin/plc_checkweigher restart, /usr/local/bin/plc_checkweigher start, /usr/local/bin/plc_checkweigher stop, /usr/local/bin/plc_checkweigher update
 SUDOEOF
         if sudo visudo -c -f /tmp/010_plc-web-fix &>/dev/null; then
             sudo cp /tmp/010_plc-web-fix "$_SUDOERS_F"
             sudo chmod 440 "$_SUDOERS_F"
-            spin_ok "Sudoers rule installed (web FIX button enabled)"
-            ulog "FIXED: web maintenance sudoers rule installed"
+            spin_ok "Sudoers rule installed/upgraded (web terminal enabled)"
+            ulog "FIXED: web maintenance sudoers rule installed/upgraded"
         else
             spin_warn "Sudoers rule failed validation — skipped"
             ulog "WARN: sudoers rule validation failed"
         fi
         rm -f /tmp/010_plc-web-fix
     else
-        spin_ok "Sudoers rule present"
+        spin_ok "Sudoers rule current"
         ulog "CONFIG: web sudoers OK"
     fi

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "plc-checkweigher",
-  "version": "1.28.1",
+  "version": "1.29.0",
   "description": "One-command installer for the PLC Check-Weigher system on Raspberry Pi (PREEMPT_RT kernel, Python stack, WiFi, SMB, systemd RT services)",
   "scripts": {
     "postinstall": "node bin/cli.js"

package/setup.sh CHANGED Viewed

@@ -169,19 +169,21 @@ install_cli() {
         warn "bin/plc_checkweigher not found — skipping CLI install"
     fi
-    # Scoped sudoers rule: web dashboard maintenance console can run the
-    # locked root-owned CLI's fix command (and nothing else) without password.
+    # Scoped sudoers rule: web maintenance terminal can run whitelisted
+    # subcommands of the locked root-owned CLI — and nothing else.
+    # Interactive/destructive subcommands (wifi, smb-config, uninstall,
+    # hotspot) are deliberately NOT listed.
     cat > /tmp/010_plc-web-fix << 'EOF'
-# Web dashboard maintenance console — allows the locked, root-owned CLI
-# to run its fix command from plc_web (User=pi). Scope: fix only.
-pi ALL=(root) NOPASSWD: /usr/local/bin/plc_checkweigher fix, /usr/local/bin/plc_checkweigher fix *
+# Web dashboard maintenance terminal — allows the locked, root-owned CLI
+# to run whitelisted maintenance subcommands from plc_web (User=pi).
+pi ALL=(root) NOPASSWD: /usr/local/bin/plc_checkweigher fix, /usr/local/bin/plc_checkweigher fix *, /usr/local/bin/plc_checkweigher status, /usr/local/bin/plc_checkweigher restart, /usr/local/bin/plc_checkweigher start, /usr/local/bin/plc_checkweigher stop, /usr/local/bin/plc_checkweigher update
 EOF
     if visudo -c -f /tmp/010_plc-web-fix &>/dev/null; then
         cp /tmp/010_plc-web-fix /etc/sudoers.d/010_plc-web-fix
         chmod 440 /etc/sudoers.d/010_plc-web-fix
-        ok "Web maintenance sudoers rule installed  (fix only, validated)"
+        ok "Web maintenance sudoers rule installed  (whitelisted subcommands)"
     else
-        warn "sudoers rule failed validation — web FIX button will not work"
+        warn "sudoers rule failed validation — web maintenance terminal limited"
     fi
     rm -f /tmp/010_plc-web-fix
 }
@@ -622,15 +624,27 @@ setup_vscode_priority() {
     cat > /usr/local/bin/vscode-priority-daemon << 'DAEMON'
 #!/usr/bin/env bash
-# Apply CPU affinity (cores 0-2) and Nice=-5 to VS Code server processes.
+# Apply CPU affinity (cores 0-2) and Nice=-5 to remote-dev processes:
+#   - VS Code server + all its extensions (extension host, Claude Code,
+#     GitHub, language servers — anything under ~/.vscode-server)
+#   - standalone claude CLI sessions (run outside VS Code)
+#   - sshd listener + active SSH sessions
 # Core 3 is reserved exclusively for the SCHED_FIFO PLC process.
-# Runs every 60s so newly-spawned extension host processes are caught promptly.
-while true; do
-    mapfile -t pids < <(pgrep -u pi -f '\.vscode-server' 2>/dev/null || true)
-    for pid in "${pids[@]}"; do
+# Runs every 60s so newly-spawned processes are caught promptly.
+prioritize() {
+    local pid
+    for pid in "$@"; do
         taskset -cp 0-2 "$pid" >/dev/null 2>&1 || true
         renice -n -5 -p "$pid" >/dev/null 2>&1 || true
     done
+}
+while true; do
+    # VS Code server tree — extension binaries live under .vscode-server/extensions/
+    prioritize $(pgrep -u pi -f '\.vscode-server' 2>/dev/null)
+    # Standalone claude CLI (plain terminal, outside the VS Code tree)
+    prioritize $(pgrep -u pi -x claude 2>/dev/null)
+    # SSH — listener and per-session processes (keep off the RT core)
+    prioritize $(pgrep -x sshd 2>/dev/null) $(pgrep -x sshd-session 2>/dev/null)
     sleep 60
 done
 DAEMON