settld 0.1.2 → 0.2.0

package/scripts/ci/run-production-cutover-gate.mjs

@@ -0,0 +1,540 @@
+#!/usr/bin/env node
+
+import crypto from "node:crypto";
+import { spawn } from "node:child_process";
+import { mkdir, writeFile } from "node:fs/promises";
+import net from "node:net";
+import path from "node:path";
+
+const PRODUCTION_CUTOVER_GATE_SCHEMA_VERSION = "ProductionCutoverGateReport.v1";
+const DEFAULT_GATE_REPORT_PATH = "artifacts/gates/production-cutover-gate.json";
+const DEFAULT_MCP_HOST_SMOKE_REPORT_PATH = "artifacts/ops/mcp-host-smoke.json";
+const DEFAULT_MCP_HOST_CERT_MATRIX_REPORT_PATH = "artifacts/ops/mcp-host-cert-matrix.json";
+const DEFAULT_X402_HITL_SMOKE_REPORT_PATH = "artifacts/ops/x402-hitl-smoke.json";
+
+function usage() {
+  return [
+    "usage: node scripts/ci/run-production-cutover-gate.mjs [options]",
+    "",
+    "options:",
+    "  --mode <local|live>  Gate mode (default: local)",
+    "  --base-url <url>     Required for live mode",
+    "  --tenant-id <id>     Required for live mode",
+    "  --ops-token <token>  Required for live mode",
+    "  --protocol <ver>     Protocol (default: 1.0)",
+    "  --report <file>      Gate report output path (default: artifacts/gates/production-cutover-gate.json)",
+    "  --help               Show help",
+    "",
+    "env fallbacks (live mode): PROD_BASE_URL, PROD_TENANT_ID, PROD_OPS_TOKEN, PROD_PROTOCOL"
+  ].join("\n");
+}
+
+function normalizeOptionalString(value) {
+  if (typeof value !== "string") return null;
+  const trimmed = value.trim();
+  return trimmed === "" ? null : trimmed;
+}
+
+function toExitCode(code, signal) {
+  if (Number.isInteger(code)) return code;
+  if (signal) return 1;
+  return 1;
+}
+
+function validateHttpUrl(raw, fieldName) {
+  const value = normalizeOptionalString(raw);
+  if (!value) throw new Error(`${fieldName} is required`);
+  let parsed;
+  try {
+    parsed = new URL(value);
+  } catch {
+    throw new Error(`${fieldName} must be a valid URL`);
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error(`${fieldName} must be http(s)`);
+  }
+  return parsed.toString().replace(/\/$/, "");
+}
+
+export function parseArgs(argv, env = process.env, cwd = process.cwd()) {
+  const out = {
+    mode: normalizeOptionalString(env.PRODUCTION_CUTOVER_GATE_MODE) ?? "local",
+    baseUrl:
+      normalizeOptionalString(env.PROD_BASE_URL) ??
+      normalizeOptionalString(env.SETTLD_BASE_URL) ??
+      null,
+    tenantId:
+      normalizeOptionalString(env.PROD_TENANT_ID) ??
+      normalizeOptionalString(env.SETTLD_TENANT_ID) ??
+      null,
+    protocol:
+      normalizeOptionalString(env.PROD_PROTOCOL) ??
+      normalizeOptionalString(env.SETTLD_PROTOCOL) ??
+      "1.0",
+    opsToken:
+      normalizeOptionalString(env.PROD_OPS_TOKEN) ??
+      normalizeOptionalString(env.SETTLD_OPS_TOKEN) ??
+      normalizeOptionalString(env.PROXY_OPS_TOKEN) ??
+      null,
+    reportPath: path.resolve(cwd, normalizeOptionalString(env.PRODUCTION_CUTOVER_GATE_REPORT_PATH) ?? DEFAULT_GATE_REPORT_PATH),
+    help: false
+  };
+
+  for (let i = 0; i < argv.length; i += 1) {
+    const arg = String(argv[i] ?? "").trim();
+    if (!arg) continue;
+    if (arg === "--help" || arg === "-h") {
+      out.help = true;
+      continue;
+    }
+    if (arg === "--mode") {
+      out.mode = normalizeOptionalString(argv[i + 1]) ?? "";
+      i += 1;
+      continue;
+    }
+    if (arg === "--base-url") {
+      out.baseUrl = normalizeOptionalString(argv[i + 1]);
+      i += 1;
+      continue;
+    }
+    if (arg === "--tenant-id") {
+      out.tenantId = normalizeOptionalString(argv[i + 1]);
+      i += 1;
+      continue;
+    }
+    if (arg === "--ops-token") {
+      out.opsToken = normalizeOptionalString(argv[i + 1]);
+      i += 1;
+      continue;
+    }
+    if (arg === "--protocol") {
+      out.protocol = normalizeOptionalString(argv[i + 1]) ?? "";
+      i += 1;
+      continue;
+    }
+    if (arg === "--report") {
+      const value = normalizeOptionalString(argv[i + 1]);
+      if (!value) throw new Error("--report requires a file path");
+      out.reportPath = path.resolve(cwd, value);
+      i += 1;
+      continue;
+    }
+    throw new Error(`unknown argument: ${arg}`);
+  }
+
+  out.mode = String(out.mode ?? "").trim().toLowerCase();
+  if (out.mode !== "local" && out.mode !== "live") {
+    throw new Error("--mode must be local or live");
+  }
+
+  if (!out.help && out.mode === "live") {
+    out.baseUrl = validateHttpUrl(out.baseUrl, "--base-url");
+    if (!normalizeOptionalString(out.tenantId)) throw new Error("--tenant-id is required for live mode");
+    if (!normalizeOptionalString(out.protocol)) throw new Error("--protocol is required for live mode");
+    if (!normalizeOptionalString(out.opsToken)) throw new Error("--ops-token is required for live mode");
+  }
+
+  return out;
+}
+
+function randomId(prefix) {
+  return `${prefix}_${crypto.randomBytes(6).toString("hex")}`;
+}
+
+function pickPort() {
+  return new Promise((resolve, reject) => {
+    const server = net.createServer();
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      const port = addr && typeof addr === "object" ? addr.port : null;
+      server.close(() => {
+        if (!Number.isInteger(port) || port <= 0) {
+          reject(new Error("failed to allocate loopback port"));
+          return;
+        }
+        resolve(port);
+      });
+    });
+    server.on("error", reject);
+  });
+}
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function stopProc(child) {
+  if (!child || typeof child.kill !== "function") return;
+  if (child.exitCode !== null && child.exitCode !== undefined) return;
+  try {
+    child.kill("SIGTERM");
+  } catch {
+    return;
+  }
+  const exited = await Promise.race([
+    new Promise((resolve) => child.once("exit", () => resolve(true))),
+    sleep(3000).then(() => false)
+  ]);
+  if (!exited) {
+    try {
+      child.kill("SIGKILL");
+    } catch {
+      // ignore
+    }
+  }
+}
+
+async function waitForApiHealth({ baseUrl, child, timeoutMs = 30_000, intervalMs = 250 }) {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    if (child && child.exitCode !== null && child.exitCode !== undefined) {
+      throw new Error(`ephemeral api exited before ready (${child.exitCode})`);
+    }
+    const response = await fetch(`${baseUrl}/healthz`).catch(() => null);
+    if (response?.ok) return;
+    await sleep(intervalMs);
+  }
+  throw new Error("api readiness timed out");
+}
+
+function runNodeScript(scriptPath, args = [], { env = process.env } = {}) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(process.execPath, [scriptPath, ...args], {
+      cwd: process.cwd(),
+      env,
+      stdio: "inherit"
+    });
+    child.on("error", reject);
+    child.on("close", (code, signal) => {
+      resolve({
+        exitCode: toExitCode(code, signal),
+        signal
+      });
+    });
+  });
+}
+
+function startNodeProc({ name, scriptPath, env }) {
+  const logs = [];
+  const child = spawn(process.execPath, [scriptPath], {
+    env: { ...process.env, ...(env ?? {}) },
+    stdio: ["ignore", "pipe", "pipe"]
+  });
+  child.stdout.setEncoding("utf8");
+  child.stderr.setEncoding("utf8");
+  const push = (line) => {
+    if (!line) return;
+    logs.push(line);
+    if (logs.length > 240) logs.shift();
+  };
+  child.stdout.on("data", (chunk) => {
+    for (const line of String(chunk).split(/\r?\n/)) push(`[${name}:stdout] ${line}`);
+  });
+  child.stderr.on("data", (chunk) => {
+    for (const line of String(chunk).split(/\r?\n/)) push(`[${name}:stderr] ${line}`);
+  });
+  return { child, logs };
+}
+
+async function startEphemeralApi(env = process.env) {
+  const port = await pickPort();
+  const opsToken = randomId("ops");
+  const baseUrl = `http://127.0.0.1:${port}`;
+  const api = startNodeProc({
+    name: "cutover-api",
+    scriptPath: "src/api/server.js",
+    env: {
+      ...env,
+      PORT: String(port),
+      PROXY_BIND_HOST: "127.0.0.1",
+      PROXY_OPS_TOKEN: opsToken,
+      PROXY_AUTOTICK_INTERVAL_MS: "200"
+    }
+  });
+  await waitForApiHealth({ baseUrl, child: api.child });
+  return {
+    ...api,
+    baseUrl,
+    opsToken,
+    port
+  };
+}
+
+function toStatus(exitCode) {
+  return exitCode === 0 ? "passed" : "failed";
+}
+
+export function evaluateGateVerdict(checks) {
+  const rows = Array.isArray(checks) ? checks : [];
+  const passedChecks = rows.filter((row) => row?.status === "passed").length;
+  const requiredChecks = rows.length;
+  const failedChecks = requiredChecks - passedChecks;
+  const ok = requiredChecks > 0 && failedChecks === 0;
+  return {
+    ok,
+    status: ok ? "pass" : "fail",
+    requiredChecks,
+    passedChecks,
+    failedChecks
+  };
+}
+
+async function runCheck(check) {
+  const startedAt = Date.now();
+  let row = {
+    id: check.id,
+    label: check.label,
+    status: "failed",
+    exitCode: 1,
+    reportPath: check.reportPath,
+    durationMs: 0,
+    command: [process.execPath, check.scriptPath, ...check.args]
+  };
+  try {
+    const result = await runNodeScript(check.scriptPath, check.args, { env: check.env });
+    row = {
+      ...row,
+      status: toStatus(result.exitCode),
+      exitCode: result.exitCode
+    };
+  } catch (err) {
+    row = {
+      ...row,
+      status: "failed",
+      exitCode: 1,
+      error: err?.message ?? String(err)
+    };
+  }
+  return {
+    ...row,
+    durationMs: Date.now() - startedAt
+  };
+}
+
+async function runApiHealthCheck({ baseUrl }) {
+  const startedAt = Date.now();
+  const row = {
+    id: "prod_api_healthz",
+    label: "Production API healthz",
+    status: "failed",
+    exitCode: 1,
+    reportPath: null,
+    durationMs: 0,
+    command: ["GET", `${baseUrl}/healthz`]
+  };
+  try {
+    const response = await fetch(`${baseUrl}/healthz`);
+    row.exitCode = response.ok ? 0 : 1;
+    row.status = response.ok ? "passed" : "failed";
+    row.httpStatus = response.status;
+  } catch (err) {
+    row.status = "failed";
+    row.exitCode = 1;
+    row.error = err?.message ?? String(err);
+  }
+  row.durationMs = Date.now() - startedAt;
+  return row;
+}
+
+async function runX402HitlCheckLocal({ reportPath, tenantId, protocol, env }) {
+  const startedAt = Date.now();
+  const row = {
+    id: "x402_hitl_smoke",
+    label: "x402 HITL escalation smoke",
+    status: "failed",
+    exitCode: 1,
+    reportPath,
+    durationMs: 0,
+    command: [process.execPath, "scripts/ops/run-x402-hitl-smoke.mjs"]
+  };
+
+  let api = null;
+  try {
+    api = await startEphemeralApi(env);
+    const args = ["--base-url", api.baseUrl, "--tenant-id", tenantId, "--protocol", protocol, "--ops-token", api.opsToken, "--out", reportPath];
+    row.command = [process.execPath, "scripts/ops/run-x402-hitl-smoke.mjs", ...args];
+
+    const result = await runNodeScript("scripts/ops/run-x402-hitl-smoke.mjs", args, { env });
+    row.status = toStatus(result.exitCode);
+    row.exitCode = result.exitCode;
+    row.ephemeralApi = {
+      baseUrl: api.baseUrl,
+      port: api.port,
+      started: true
+    };
+  } catch (err) {
+    row.status = "failed";
+    row.exitCode = 1;
+    row.error = err?.message ?? String(err);
+    if (api?.baseUrl) {
+      row.ephemeralApi = {
+        baseUrl: api.baseUrl,
+        port: api.port,
+        started: true,
+        logsTail: api.logs.slice(-40)
+      };
+    }
+  } finally {
+    if (api?.child) {
+      await stopProc(api.child);
+      row.ephemeralApi = {
+        ...(row.ephemeralApi ?? {
+          baseUrl: api.baseUrl,
+          port: api.port,
+          started: true
+        }),
+        stopped: true
+      };
+    }
+    row.durationMs = Date.now() - startedAt;
+  }
+
+  return row;
+}
+
+async function runX402HitlCheckLive({ reportPath, baseUrl, tenantId, protocol, opsToken, env }) {
+  const startedAt = Date.now();
+  const args = ["--base-url", baseUrl, "--tenant-id", tenantId, "--protocol", protocol, "--ops-token", opsToken, "--out", reportPath];
+  const row = {
+    id: "x402_hitl_smoke_live",
+    label: "x402 HITL escalation smoke (live)",
+    status: "failed",
+    exitCode: 1,
+    reportPath,
+    durationMs: 0,
+    command: [process.execPath, "scripts/ops/run-x402-hitl-smoke.mjs", ...args]
+  };
+  try {
+    const result = await runNodeScript("scripts/ops/run-x402-hitl-smoke.mjs", args, { env });
+    row.status = toStatus(result.exitCode);
+    row.exitCode = result.exitCode;
+  } catch (err) {
+    row.status = "failed";
+    row.exitCode = 1;
+    row.error = err?.message ?? String(err);
+  }
+  row.durationMs = Date.now() - startedAt;
+  return row;
+}
+
+export async function runProductionCutoverGate(args, env = process.env, cwd = process.cwd()) {
+  const startedAt = Date.now();
+  const mcpHostSmokeReportPath = path.resolve(cwd, normalizeOptionalString(env.MCP_HOST_SMOKE_REPORT_PATH) ?? DEFAULT_MCP_HOST_SMOKE_REPORT_PATH);
+  const mcpHostCertMatrixReportPath = path.resolve(
+    cwd,
+    normalizeOptionalString(env.MCP_HOST_CERT_MATRIX_REPORT_PATH) ?? DEFAULT_MCP_HOST_CERT_MATRIX_REPORT_PATH
+  );
+  const x402HitlSmokeReportPath = path.resolve(cwd, normalizeOptionalString(env.X402_HITL_SMOKE_REPORT_PATH) ?? DEFAULT_X402_HITL_SMOKE_REPORT_PATH);
+
+  const checks = [];
+
+  if (args.mode === "local") {
+    const tenantId = normalizeOptionalString(args.tenantId) ?? normalizeOptionalString(env.SETTLD_TENANT_ID) ?? "tenant_default";
+    const protocol = normalizeOptionalString(args.protocol) ?? normalizeOptionalString(env.SETTLD_PROTOCOL) ?? "1.0";
+
+    checks.push(
+      await runCheck({
+        id: "mcp_host_runtime_smoke",
+        label: "MCP host runtime smoke",
+        scriptPath: "scripts/ci/run-mcp-host-smoke.mjs",
+        args: [],
+        env: { ...env, MCP_HOST_SMOKE_REPORT_PATH: mcpHostSmokeReportPath },
+        reportPath: mcpHostSmokeReportPath
+      })
+    );
+
+    checks.push(
+      await runCheck({
+        id: "mcp_host_cert_matrix",
+        label: "MCP host certification matrix",
+        scriptPath: "scripts/ci/run-mcp-host-cert-matrix.mjs",
+        args: ["--report", mcpHostCertMatrixReportPath],
+        env,
+        reportPath: mcpHostCertMatrixReportPath
+      })
+    );
+
+    checks.push(
+      await runX402HitlCheckLocal({
+        reportPath: x402HitlSmokeReportPath,
+        tenantId,
+        protocol,
+        env
+      })
+    );
+  } else {
+    checks.push(await runApiHealthCheck({ baseUrl: args.baseUrl }));
+
+    checks.push(
+      await runCheck({
+        id: "mcp_host_cert_matrix",
+        label: "MCP host certification matrix",
+        scriptPath: "scripts/ci/run-mcp-host-cert-matrix.mjs",
+        args: ["--report", mcpHostCertMatrixReportPath],
+        env,
+        reportPath: mcpHostCertMatrixReportPath
+      })
+    );
+
+    checks.push(
+      await runX402HitlCheckLive({
+        reportPath: x402HitlSmokeReportPath,
+        baseUrl: args.baseUrl,
+        tenantId: args.tenantId,
+        protocol: args.protocol,
+        opsToken: args.opsToken,
+        env
+      })
+    );
+  }
+
+  const verdict = evaluateGateVerdict(checks);
+  const report = {
+    schemaVersion: PRODUCTION_CUTOVER_GATE_SCHEMA_VERSION,
+    mode: args.mode,
+    generatedAt: new Date().toISOString(),
+    durationMs: Date.now() - startedAt,
+    context:
+      args.mode === "live"
+        ? {
+            baseUrl: args.baseUrl,
+            tenantId: args.tenantId,
+            protocol: args.protocol
+          }
+        : null,
+    checks,
+    verdict
+  };
+
+  await mkdir(path.dirname(args.reportPath), { recursive: true });
+  await writeFile(args.reportPath, JSON.stringify(report, null, 2) + "\n", "utf8");
+
+  return { report, reportPath: args.reportPath };
+}
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  if (args.help) {
+    process.stdout.write(`${usage()}\n`);
+    return;
+  }
+
+  const { report, reportPath } = await runProductionCutoverGate(args, process.env, process.cwd());
+  process.stdout.write(`wrote production cutover gate report: ${reportPath}\n`);
+  if (!report.verdict.ok) process.exitCode = 1;
+}
+
+const isDirectExecution = (() => {
+  try {
+    return import.meta.url === new URL(`file://${process.argv[1]}`).href;
+  } catch {
+    return false;
+  }
+})();
+
+if (isDirectExecution) {
+  main().catch((err) => {
+    process.stderr.write(`${err?.stack ?? err?.message ?? String(err)}\n`);
+    process.exit(1);
+  });
+}

package/scripts/ci/run-public-openclaw-npx-smoke.mjs

@@ -0,0 +1,148 @@
+#!/usr/bin/env node
+
+import { spawnSync } from "node:child_process";
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { pathToFileURL } from "node:url";
+
+function assert(condition, message) {
+  if (!condition) throw new Error(message);
+}
+
+function run(cmd, args, { cwd, env } = {}) {
+  const res = spawnSync(cmd, args, {
+    cwd,
+    env,
+    encoding: "utf8",
+    stdio: ["ignore", "pipe", "pipe"]
+  });
+  if (res.status !== 0) {
+    const detail = String(res.stderr || res.stdout || "").trim();
+    throw new Error(`${cmd} ${args.join(" ")} failed (exit ${res.status})${detail ? `: ${detail}` : ""}`);
+  }
+  return String(res.stdout ?? "");
+}
+
+function parseJsonText(text, label) {
+  try {
+    return JSON.parse(String(text ?? ""));
+  } catch (err) {
+    throw new Error(`invalid ${label} JSON: ${err?.message ?? String(err)}`);
+  }
+}
+
+async function main() {
+  const repoRoot = process.cwd();
+  const packDir = await fs.mkdtemp(path.join(os.tmpdir(), "settld-public-openclaw-pack-"));
+  const unpackDir = await fs.mkdtemp(path.join(os.tmpdir(), "settld-public-openclaw-unpack-"));
+  const npmCacheDir = await fs.mkdtemp(path.join(os.tmpdir(), "settld-public-openclaw-cache-"));
+  const fakeHomeDir = await fs.mkdtemp(path.join(os.tmpdir(), "settld-public-openclaw-home-"));
+
+  const npmEnv = {
+    ...process.env,
+    NPM_CONFIG_CACHE: npmCacheDir,
+    npm_config_cache: npmCacheDir,
+    npm_config_update_notifier: "false"
+  };
+
+  try {
+    const packJson = run("npm", ["--cache", npmCacheDir, "pack", "--json"], {
+      cwd: repoRoot,
+      env: npmEnv
+    });
+    const packRows = parseJsonText(packJson, "npm pack");
+    const row = Array.isArray(packRows) ? packRows[0] : null;
+    assert(row && typeof row.filename === "string" && row.filename.trim(), "npm pack did not return a tarball filename");
+    const tarballName = row.filename.trim();
+    const tarballPath = path.join(repoRoot, tarballName);
+    await fs.rename(tarballPath, path.join(packDir, tarballName));
+    const packedTarballPath = path.join(packDir, tarballName);
+
+    run("tar", ["-xzf", packedTarballPath, "-C", unpackDir], { env: npmEnv });
+    const packageRoot = path.join(unpackDir, "package");
+    const hostConfigScript = path.join(packageRoot, "scripts", "setup", "host-config.mjs");
+    await fs.access(hostConfigScript);
+
+    const versionText = run(
+      "npx",
+      [
+        "--yes",
+        "--package",
+        packedTarballPath,
+        "--",
+        "settld",
+        "--version"
+      ],
+      { cwd: packDir, env: npmEnv }
+    ).trim();
+    assert(/^[0-9]+\.[0-9]+\.[0-9]+(?:-[0-9A-Za-z-.]+)?$/.test(versionText), `unexpected public CLI version output: ${JSON.stringify(versionText)}`);
+
+    const setupReportPath = path.join(fakeHomeDir, "public-setup-report.json");
+    run(
+      "npx",
+      [
+        "--yes",
+        "--package",
+        packedTarballPath,
+        "--",
+        "settld",
+        "setup",
+        "--non-interactive",
+        "--host",
+        "openclaw",
+        "--base-url",
+        "https://api.settld.work",
+        "--tenant-id",
+        "tenant_public_smoke",
+        "--settld-api-key",
+        "sk_public_smoke.x",
+        "--wallet-mode",
+        "none",
+        "--no-preflight",
+        "--no-smoke",
+        "--dry-run",
+        "--format",
+        "json",
+        "--report-path",
+        setupReportPath
+      ],
+      {
+        cwd: packDir,
+        env: {
+          ...npmEnv,
+          HOME: fakeHomeDir
+        }
+      }
+    );
+    const setupResult = parseJsonText(await fs.readFile(setupReportPath, "utf8"), "settld setup report");
+    assert(setupResult?.ok === true, "public npx setup did not return ok=true");
+    assert(String(setupResult?.host ?? "") === "openclaw", "public npx setup host mismatch");
+    assert(String(setupResult?.wallet?.mode ?? "") === "none", "public npx wallet mode mismatch");
+
+    const hostConfigModule = await import(pathToFileURL(hostConfigScript).href);
+    const hostConfigSummary = await hostConfigModule.runHostConfigSetup({
+      host: "openclaw",
+      dryRun: true,
+      env: {
+        ...npmEnv,
+        HOME: fakeHomeDir,
+        SETTLD_BASE_URL: "https://api.settld.work",
+        SETTLD_TENANT_ID: "tenant_public_smoke",
+        SETTLD_API_KEY: "sk_public_smoke.x"
+      }
+    });
+    assert(hostConfigSummary?.ok === true, "host-config dry-run summary missing ok=true");
+    assert(String(hostConfigSummary?.serverCommand ?? "") === "npx", "public openclaw server command must default to npx");
+    assert(Array.isArray(hostConfigSummary?.serverArgs), "public openclaw server args missing");
+    assert(hostConfigSummary.serverArgs.includes("-y"), "public openclaw server args missing -y");
+    assert(hostConfigSummary.serverArgs.includes("settld-mcp"), "public openclaw server args missing settld-mcp");
+  } finally {
+    await fs.rm(packDir, { recursive: true, force: true });
+    await fs.rm(unpackDir, { recursive: true, force: true });
+    await fs.rm(npmCacheDir, { recursive: true, force: true });
+    await fs.rm(fakeHomeDir, { recursive: true, force: true });
+  }
+}
+
+await main();