npm - specmem-hardwicksoftware - Versions diffs - 3.5.20 → 3.5.22 - Mend

specmem-hardwicksoftware 3.5.20 → 3.5.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of specmem-hardwicksoftware might be problematic. Click here for more details.

Files changed (2) hide show

package/package.json +1 -1
package/scripts/global-postinstall.cjs +183 -50

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "specmem-hardwicksoftware",
-  "version": "3.5.20",
+  "version": "3.5.22",
   "type": "module",
   "description": "SpecMem - Speculative Memory for Claude Code. Auto-configures hooks, docker, embeddings. https://justcalljon.pro",
   "main": "dist/index.js",

package/scripts/global-postinstall.cjs CHANGED Viewed

@@ -126,6 +126,15 @@ const IS_MAC = PLATFORM === 'darwin';
 const IS_LINUX = PLATFORM === 'linux';
 const IS_WINDOWS = PLATFORM === 'win32';
+// Detect if running inside Docker container
+const IS_DOCKER = fs.existsSync('/.dockerenv') ||
+                  (fs.existsSync('/proc/1/cgroup') &&
+                   fs.readFileSync('/proc/1/cgroup', 'utf8').includes('docker'));
+// Skip embeddings flag (for low-resource or containerized environments)
+const SKIP_EMBEDDINGS = process.env.SPECMEM_SKIP_EMBEDDINGS === 'true' ||
+                        process.env.SPECMEM_LITE === 'true';
 /**
  * Run a command and return success/output
  */
@@ -265,56 +274,77 @@ function checkPostgres() {
 function installPostgres() {
   log.header('Installing PostgreSQL');
+  const PG_TIMEOUT = 180000; // 3 minute timeout for PG install
   if (IS_MAC) {
     log.step(1, 'Installing via Homebrew...');
     // Check if Homebrew exists
     if (!commandExists('brew')) {
       log.info('Installing Homebrew first...');
-      run('/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"');
+      run('/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"', { timeout: 300000 });
     }
-    run('brew install postgresql@16');
-    run('brew services start postgresql@16');
+    run('brew install postgresql@16', { timeout: PG_TIMEOUT });
+    run('brew services start postgresql@16', { timeout: 30000 });
     // Add to PATH
-    const brewPrefix = execSync('brew --prefix', { encoding: 'utf8' }).trim();
-    const pgPath = `${brewPrefix}/opt/postgresql@16/bin`;
-    log.info(`Add to PATH: export PATH="${pgPath}:$PATH"`);
+    try {
+      const brewPrefix = execSync('brew --prefix', { encoding: 'utf8', timeout: 10000 }).trim();
+      const pgPath = `${brewPrefix}/opt/postgresql@16/bin`;
+      log.info(`Add to PATH: export PATH="${pgPath}:$PATH"`);
+    } catch (e) {}
   } else if (IS_LINUX) {
     log.step(1, 'Detecting Linux distribution...');
     // Check for apt (Debian/Ubuntu)
     if (commandExists('apt-get')) {
-      log.step(2, 'Installing via apt...');
-      run('sudo apt-get update');
-      run('sudo apt-get install -y postgresql postgresql-contrib');
-      run('sudo systemctl start postgresql');
-      run('sudo systemctl enable postgresql');
+      log.step(2, 'Installing via apt (timeout: 3 min)...');
+      run('sudo apt-get update', { timeout: 60000 });
+      const result = run('sudo apt-get install -y postgresql postgresql-contrib', { timeout: PG_TIMEOUT });
+      if (!result.success) {
+        log.warn('PostgreSQL install timed out or failed');
+        log.info('Try manually: sudo apt-get install -y postgresql postgresql-contrib');
+        return false;
+      }
+      run('sudo systemctl start postgresql', { timeout: 30000 });
+      run('sudo systemctl enable postgresql', { timeout: 30000 });
     }
     // Check for yum/dnf (RHEL/CentOS/Fedora)
     else if (commandExists('dnf')) {
-      log.step(2, 'Installing via dnf...');
-      run('sudo dnf install -y postgresql-server postgresql-contrib');
-      run('sudo postgresql-setup --initdb');
-      run('sudo systemctl start postgresql');
-      run('sudo systemctl enable postgresql');
+      log.step(2, 'Installing via dnf (timeout: 3 min)...');
+      const result = run('sudo dnf install -y postgresql-server postgresql-contrib', { timeout: PG_TIMEOUT });
+      if (!result.success) {
+        log.warn('PostgreSQL install timed out');
+        return false;
+      }
+      run('sudo postgresql-setup --initdb', { timeout: 60000 });
+      run('sudo systemctl start postgresql', { timeout: 30000 });
+      run('sudo systemctl enable postgresql', { timeout: 30000 });
     }
     else if (commandExists('yum')) {
-      log.step(2, 'Installing via yum...');
-      run('sudo yum install -y postgresql-server postgresql-contrib');
-      run('sudo postgresql-setup initdb');
-      run('sudo systemctl start postgresql');
-      run('sudo systemctl enable postgresql');
+      log.step(2, 'Installing via yum (timeout: 3 min)...');
+      const result = run('sudo yum install -y postgresql-server postgresql-contrib', { timeout: PG_TIMEOUT });
+      if (!result.success) {
+        log.warn('PostgreSQL install timed out');
+        return false;
+      }
+      run('sudo postgresql-setup initdb', { timeout: 60000 });
+      run('sudo systemctl start postgresql', { timeout: 30000 });
+      run('sudo systemctl enable postgresql', { timeout: 30000 });
     }
     // Check for pacman (Arch)
     else if (commandExists('pacman')) {
-      log.step(2, 'Installing via pacman...');
-      run('sudo pacman -S --noconfirm postgresql');
-      run('sudo -u postgres initdb -D /var/lib/postgres/data');
-      run('sudo systemctl start postgresql');
-      run('sudo systemctl enable postgresql');
+      log.step(2, 'Installing via pacman (timeout: 3 min)...');
+      const result = run('sudo pacman -S --noconfirm postgresql', { timeout: PG_TIMEOUT });
+      if (!result.success) {
+        log.warn('PostgreSQL install timed out');
+        return false;
+      }
+      run('sudo -u postgres initdb -D /var/lib/postgres/data', { timeout: 60000 });
+      run('sudo systemctl start postgresql', { timeout: 30000 });
+      run('sudo systemctl enable postgresql', { timeout: 30000 });
     }
     else {
       log.error('Could not detect package manager. Please install PostgreSQL manually.');
@@ -328,8 +358,9 @@ function installPostgres() {
     return false;
   }
-  // Verify installation
-  const check = run('pg_isready', { silent: true });
+  // Verify installation with timeout
+  log.info('Verifying PostgreSQL installation...');
+  const check = run('pg_isready', { silent: true, timeout: 10000 });
   if (check.success) {
     log.success('PostgreSQL installed and running!');
     return true;
@@ -338,12 +369,23 @@ function installPostgres() {
   // Try starting the service
   log.info('Trying to start PostgreSQL service...');
   if (IS_MAC) {
-    run('brew services start postgresql@16');
+    run('brew services start postgresql@16', { timeout: 30000 });
   } else if (IS_LINUX) {
-    run('sudo systemctl start postgresql');
+    run('sudo systemctl start postgresql', { timeout: 30000 });
+  }
+  // Wait up to 30 seconds for PG to be ready
+  for (let i = 0; i < 6; i++) {
+    if (run('pg_isready', { silent: true, timeout: 5000 }).success) {
+      log.success('PostgreSQL is ready');
+      return true;
+    }
+    log.info('Waiting for PostgreSQL to start...');
+    run('sleep 5', { silent: true });
   }
-  return run('pg_isready', { silent: true }).success;
+  log.warn('PostgreSQL may not be fully started - continuing anyway');
+  return true; // Continue setup, might work
 }
 // ============================================================================
@@ -358,7 +400,7 @@ function checkPgvector() {
   const result = run(
     `sudo -u postgres psql -c "SELECT 1 FROM pg_available_extensions WHERE name = 'vector';" 2>/dev/null`,
-    { silent: true }
+    { silent: true, timeout: 15000 }
   );
   if (result.success && result.output && result.output.includes('1')) {
@@ -376,30 +418,33 @@ function checkPgvector() {
 function installPgvector() {
   log.header('Installing pgvector Extension');
+  const PGVECTOR_TIMEOUT = 120000; // 2 minute timeout
   if (IS_MAC) {
     log.step(1, 'Installing pgvector via Homebrew...');
-    run('brew install pgvector');
+    run('brew install pgvector', { timeout: PGVECTOR_TIMEOUT });
   } else if (IS_LINUX) {
     // Try apt first (Ubuntu/Debian have pgvector in repos now)
     if (commandExists('apt-get')) {
-      log.step(1, 'Trying apt install...');
-      const aptResult = run('sudo apt-get install -y postgresql-16-pgvector 2>/dev/null || sudo apt-get install -y postgresql-pgvector 2>/dev/null', { silent: true });
+      log.step(1, 'Trying apt install (timeout: 2 min)...');
+      const aptResult = run('sudo apt-get install -y postgresql-16-pgvector 2>/dev/null || sudo apt-get install -y postgresql-pgvector 2>/dev/null', { silent: true, timeout: PGVECTOR_TIMEOUT });
       if (!aptResult.success) {
-        log.step(2, 'Building pgvector from source...');
+        log.step(2, 'Building pgvector from source (timeout: 3 min)...');
         buildPgvectorFromSource();
       }
     } else {
-      log.step(1, 'Building pgvector from source...');
+      log.step(1, 'Building pgvector from source (timeout: 3 min)...');
       buildPgvectorFromSource();
     }
   }
-  // Verify
+  // Verify with timeout
+  log.info('Verifying pgvector installation...');
   const check = run(
     `sudo -u postgres psql -c "SELECT 1 FROM pg_available_extensions WHERE name = 'vector';" 2>/dev/null`,
-    { silent: true }
+    { silent: true, timeout: 15000 }
   );
   if (check.success && check.output && check.output.includes('1')) {
@@ -407,7 +452,8 @@ function installPgvector() {
     return true;
   }
-  log.warn('pgvector may need manual installation');
+  log.warn('pgvector install may have timed out - continuing anyway');
+  log.info('SpecMem can work without pgvector (reduced functionality)');
   return false;
 }
@@ -417,21 +463,33 @@ function installPgvector() {
 function buildPgvectorFromSource() {
   log.info('Building pgvector from source...');
+  const BUILD_TIMEOUT = 180000; // 3 minute timeout for build
   // Install build dependencies
   if (commandExists('apt-get')) {
-    run('sudo apt-get install -y build-essential git postgresql-server-dev-all');
+    run('sudo apt-get install -y build-essential git postgresql-server-dev-all', { timeout: 120000 });
   } else if (commandExists('dnf')) {
-    run('sudo dnf install -y gcc make git postgresql-devel');
+    run('sudo dnf install -y gcc make git postgresql-devel', { timeout: 120000 });
   } else if (commandExists('yum')) {
-    run('sudo yum install -y gcc make git postgresql-devel');
+    run('sudo yum install -y gcc make git postgresql-devel', { timeout: 120000 });
   }
-  // Clone and build
+  // Clone and build with timeout
   const tmpDir = '/tmp/pgvector-build';
-  run(`rm -rf ${tmpDir}`);
-  run(`git clone --branch v0.7.4 https://github.com/pgvector/pgvector.git ${tmpDir}`);
-  run(`cd ${tmpDir} && make && sudo make install`);
-  run(`rm -rf ${tmpDir}`);
+  run(`rm -rf ${tmpDir}`, { timeout: 10000 });
+  const cloneResult = run(`git clone --branch v0.7.4 https://github.com/pgvector/pgvector.git ${tmpDir}`, { timeout: 60000 });
+  if (!cloneResult.success) {
+    log.warn('Failed to clone pgvector repo - skipping');
+    return;
+  }
+  const buildResult = run(`cd ${tmpDir} && make && sudo make install`, { timeout: BUILD_TIMEOUT });
+  if (!buildResult.success) {
+    log.warn('pgvector build timed out or failed');
+  }
+  run(`rm -rf ${tmpDir}`, { timeout: 10000 });
 }
 // ============================================================================
@@ -541,6 +599,25 @@ function adjustPgAuth() {
 function setupDocker() {
   log.header('Checking Docker');
+  // Skip if requested or in lite mode
+  if (SKIP_EMBEDDINGS) {
+    log.info('Skipping Docker/embeddings setup (SPECMEM_SKIP_EMBEDDINGS=true)');
+    log.info('SpecMem will use API-based embeddings as fallback');
+    return true;
+  }
+  // Warn if running inside Docker (Docker-in-Docker is complex)
+  if (IS_DOCKER) {
+    log.warn('Running inside Docker container detected!');
+    log.info('Docker-in-Docker requires special setup.');
+    log.info('Options:');
+    log.info('  1. Mount host Docker socket: -v /var/run/docker.sock:/var/run/docker.sock');
+    log.info('  2. Use privileged mode: --privileged');
+    log.info('  3. Skip local embeddings: export SPECMEM_SKIP_EMBEDDINGS=true');
+    log.info('');
+    log.info('Attempting to continue anyway...');
+  }
   // Check if Docker is already installed
   if (commandExists('docker')) {
     log.success('Docker is installed');
@@ -608,7 +685,25 @@ function startDockerDaemon() {
     return false;
   } else if (IS_LINUX) {
-    // Try systemctl first
+    // In Docker container, systemctl won't work
+    if (IS_DOCKER) {
+      log.warn('Inside Docker container - systemctl unavailable');
+      log.info('Checking if Docker socket is mounted...');
+      if (fs.existsSync('/var/run/docker.sock')) {
+        if (run('docker info', { silent: true }).success) {
+          log.success('Docker socket available (mounted from host)');
+          return true;
+        }
+      }
+      log.warn('Docker socket not available in container');
+      log.info('SpecMem will work without local embeddings');
+      log.info('To enable: run container with -v /var/run/docker.sock:/var/run/docker.sock');
+      return false;
+    }
+    // Try systemctl first (only on non-containerized Linux)
     log.step(1, 'Starting Docker via systemctl...');
     run('sudo systemctl start docker');
     run('sudo systemctl enable docker');
@@ -775,6 +870,7 @@ function installDockerLinux() {
 /**
  * Configure Docker for non-root usage on Linux
+ * SECURITY: Binds Docker to 127.0.0.1 only (no external access)
  */
 function configureDockerLinux() {
   log.step('→', 'Configuring Docker for non-root usage...');
@@ -784,9 +880,46 @@ function configureDockerLinux() {
   // Add user to docker group
   run(`sudo usermod -aG docker ${user}`);
+  // SECURITY: Configure Docker to bind to localhost only
+  log.step('→', 'Securing Docker to localhost only (127.0.0.1)...');
+  const daemonConfig = {
+    "iptables": true,
+    "ip": "127.0.0.1",
+    "ip-forward": false,
+    "userland-proxy": true,
+    "live-restore": true,
+    "log-driver": "json-file",
+    "log-opts": {
+      "max-size": "10m",
+      "max-file": "3"
+    }
+  };
+  try {
+    const daemonJsonPath = '/etc/docker/daemon.json';
+    run('sudo mkdir -p /etc/docker');
+    // Check if config exists and merge
+    let existingConfig = {};
+    if (fs.existsSync(daemonJsonPath)) {
+      try {
+        existingConfig = JSON.parse(fs.readFileSync(daemonJsonPath, 'utf8'));
+      } catch (e) {}
+    }
+    const mergedConfig = { ...existingConfig, ...daemonConfig };
+    const configJson = JSON.stringify(mergedConfig, null, 2);
+    // Write via sudo
+    run(`echo '${configJson}' | sudo tee ${daemonJsonPath}`);
+    log.success('Docker configured for localhost-only access (127.0.0.1)');
+  } catch (e) {
+    log.warn('Could not configure Docker daemon.json - manual security review recommended');
+  }
   // Enable and start Docker service
   run('sudo systemctl enable docker');
-  run('sudo systemctl start docker');
+  run('sudo systemctl restart docker'); // Restart to apply new config
   // Set up Docker to start on boot
   run('sudo systemctl enable containerd');