replicas-engine 0.1.267 → 0.1.269

package/dist/src/index.js

@@ -286,7 +286,7 @@ var WORKSPACE_SIZES = ["small", "large"];
 var INVALID_WORKSPACE_SIZE_ERROR = `Invalid size: must be one of ${WORKSPACE_SIZES.join(", ")}`;
 
 // ../shared/src/e2b.ts
-var E2B_TEMPLATE_NAME = "replicas-sandbox-2026-06-05-v4";
+var E2B_TEMPLATE_NAME = "replicas-sandbox-2026-06-05-v6";
 
 // ../shared/src/runtime-env.ts
 function parsePosixEnvFile(content) {
@@ -1967,6 +1967,13 @@ function isClaudeAuthErrorText(text) {
   return lower.includes("failed to authenticate") || lower.includes("authentication_error") || lower.includes("authentication_failed") || lower.includes("authentication failed") || lower.includes("invalid authentication credentials") || lower.includes("not logged in") || lower.includes("please run /login") || lower.includes("credit balance is too low") || lower.includes("401") && lower.includes("authentic");
 }
 
+// ../shared/src/codex-auth.ts
+function isCodexAuthError(error) {
+  const msg = error instanceof Error ? error.message : String(error);
+  const lower = msg.toLowerCase();
+  return lower.includes("unauthorized") || lower.includes("authentication") || lower.includes("invalid api key") || lower.includes("incorrect api key") || lower.includes("api key") && lower.includes("invalid") || lower.includes("401") || lower.includes('codexerrorinfo="unauthorized"') || lower.includes("codexerrorinfo=unauthorized") || lower.includes("failed to refresh token") || lower.includes("your session has ended");
+}
+
 // ../shared/src/engine/environment.ts
 var DESKTOP_NOVNC_PORT = 6080;
 
@@ -6575,7 +6582,7 @@ var AspClient = class {
 // src/managers/codex-asp/app-server-process.ts
 var DEFAULT_CODEX_BINARY = "codex";
 var DEFAULT_CODEX_ARGS = ["app-server", "--listen", "stdio://"];
-var ENGINE_PACKAGE_VERSION = "0.1.267";
+var ENGINE_PACKAGE_VERSION = "0.1.269";
 var INITIALIZE_METHOD = "initialize";
 var INITIALIZED_NOTIFICATION = "initialized";
 var ACCOUNT_LOGIN_START_METHOD = "account/login/start";
@@ -6834,13 +6841,6 @@ var CodexQuotaStatusTracker = class {
   }
 };
 
-// src/utils/codex-auth.ts
-function isCodexAuthError(error) {
-  const msg = error instanceof Error ? error.message : String(error);
-  const lower = msg.toLowerCase();
-  return lower.includes("unauthorized") || lower.includes("authentication") || lower.includes("invalid api key") || lower.includes("incorrect api key") || lower.includes("api key") && lower.includes("invalid") || lower.includes("401") || lower.includes('codexerrorinfo="unauthorized"') || lower.includes("codexerrorinfo=unauthorized");
-}
-
 // src/managers/codex-asp/mappers.ts
 import { existsSync as existsSync6, readFileSync as readFileSync3 } from "fs";
 var localImageCache = /* @__PURE__ */ new Map();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "replicas-engine",
-  "version": "0.1.267",
+  "version": "0.1.269",
   "description": "Lightweight API server for Replicas workspaces",
   "type": "module",
   "main": "dist/src/index.js",

package/scripts/engine-watchdog.sh

@@ -39,7 +39,12 @@ sudo prlimit --memlock=536870912:536870912 --pid $$ 2>/dev/null || true
 LOCKMEM_SO=/usr/local/lib/replicas-lockmem.so
 if [ -r "$LOCKMEM_SO" ]; then
   # Prepend (don't replace) so any inherited LD_PRELOAD still loads.
-  if [ -n "${LD_PRELOAD:-}" ]; then
+  if [ "${LD_PRELOAD:-}" = "$LOCKMEM_SO" ] \
+    || [[ "${LD_PRELOAD:-}" == "$LOCKMEM_SO:"* ]] \
+    || [[ "${LD_PRELOAD:-}" == *":$LOCKMEM_SO" ]] \
+    || [[ "${LD_PRELOAD:-}" == *":$LOCKMEM_SO:"* ]]; then
+    ENGINE_LD_PRELOAD="$LD_PRELOAD"
+  elif [ -n "${LD_PRELOAD:-}" ]; then
     ENGINE_LD_PRELOAD="$LOCKMEM_SO:$LD_PRELOAD"
   else
     ENGINE_LD_PRELOAD="$LOCKMEM_SO"

package/scripts/lockmem.c

@@ -5,15 +5,75 @@
 #include <sys/mman.h>
 #include <stdio.h>
 #include <errno.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
+static int is_own_preload_token(const char *token) {
+  const char *basename = strrchr(token, '/');
+  basename = basename == NULL ? token : basename + 1;
+  return strcmp(basename, "replicas-lockmem.so") == 0;
+}
+
+static void scrub_own_preload(void) {
+  const char *current = getenv("LD_PRELOAD");
+  if (current == NULL) {
+    return;
+  }
+
+  char *copy = strdup(current);
+  if (copy == NULL) {
+    return;
+  }
+
+  char *next = copy;
+  char *token;
+  size_t output_len = 0;
+  int removed = 0;
+  char *output = malloc(strlen(current) + 1);
+  if (output == NULL) {
+    free(copy);
+    return;
+  }
+  output[0] = '\0';
+
+  while ((token = strsep(&next, ":")) != NULL) {
+    if (is_own_preload_token(token)) {
+      removed = 1;
+      continue;
+    }
+
+    if (output_len > 0) {
+      output[output_len++] = ':';
+      output[output_len] = '\0';
+    }
+    strcpy(output + output_len, token);
+    output_len += strlen(token);
+  }
+
+  if (removed) {
+    if (output_len == 0) {
+      unsetenv("LD_PRELOAD");
+    } else {
+      setenv("LD_PRELOAD", output, 1);
+    }
+  }
+
+  free(output);
+  free(copy);
+}
+
 __attribute__((constructor))
 static void replicas_lockmem_init(void) {
+  scrub_own_preload();
+
   if (mlockall(MCL_CURRENT) != 0) {
     fprintf(stderr, "[lockmem] mlockall(MCL_CURRENT) failed: %s (errno=%d); engine running unprotected\n",
             strerror(errno), errno);
     return;
   }
-  fprintf(stderr, "[lockmem] engine pages locked (pid=%d)\n", getpid());
+
+  if (getenv("REPLICAS_LOCKMEM_VERBOSE") != NULL) {
+    fprintf(stderr, "[lockmem] engine pages locked (pid=%d)\n", getpid());
+  }
 }