thepopebot 1.2.75-beta.7 → 1.2.75-beta.8

package/bin/cli.js

@@ -248,6 +248,7 @@ async function init() {
     const pkg = {
       name: dirName,
       private: true,
+      type: 'module',
       scripts: {
         setup: 'thepopebot setup',
         'setup-telegram': 'thepopebot setup-telegram',
@@ -260,7 +261,15 @@ async function init() {
     fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
     console.log('  Created package.json');
   } else {
-    console.log('  Skipped package.json (already exists)');
+    // Ensure "type": "module" is set for ESM support
+    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+    if (!pkg.type) {
+      pkg.type = 'module';
+      fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
+      console.log('  Added "type": "module" to package.json');
+    } else {
+      console.log('  Skipped package.json (already exists)');
+    }
   }
 
   // Create default skill activation symlinks

package/config/instrumentation.js

@@ -70,9 +70,9 @@ export async function register() {
   const { startClusterRuntime } = await import('../lib/cluster/runtime.js');
   startClusterRuntime();
 
-  // Maintenance cron disabled — agent job key cleanup will be redesigned
-  // const { startMaintenanceCron } = await import('../lib/maintenance.js');
-  // startMaintenanceCron();
+  // Start internal maintenance cron (cleanup orphaned agent job keys, etc.)
+  const { startMaintenanceCron } = await import('../lib/maintenance.js');
+  startMaintenanceCron();
 
   console.log('thepopebot initialized');
 }

package/lib/db/api-keys.js

@@ -154,12 +154,12 @@ export function verifyApiKey(rawKey) {
 }
 
 /**
- * Create a per-job API key for an agent job container.
- * Stored as type 'agent_job_api_key'.
- * @param {string} jobId - Agent job or workspace ID (stored as key column for traceability)
+ * Create a per-container API key for agent secret access.
+ * Stored as type 'agent_job_api_key' with the container name in the key column.
+ * @param {string} containerName - Docker container name (used for cleanup)
  * @returns {{ key: string }} The raw API key to inject into the container
  */
-export function createAgentJobApiKey(jobId) {
+export function createAgentJobApiKey(containerName) {
   const db = getDb();
   const key = generateApiKey();
   const keyHash = hashApiKey(key);
@@ -167,7 +167,7 @@ export function createAgentJobApiKey(jobId) {
   db.insert(settings).values({
     id: randomUUID(),
     type: 'agent_job_api_key',
-    key: jobId,
+    key: containerName,
     value: JSON.stringify({ key_hash: keyHash }),
     createdAt: now,
     updatedAt: now,

package/lib/maintenance.js

@@ -3,36 +3,54 @@ import { eq } from 'drizzle-orm';
 import { getDb } from './db/index.js';
 import { settings } from './db/schema.js';
 
-const ONE_HOUR = 60 * 60 * 1000;
+const TWENTY_FOUR_HOURS = 24 * 60 * 60 * 1000;
 
-function cleanExpiredAgentJobKeys() {
+async function cleanExpiredAgentJobKeys() {
   try {
     const db = getDb();
-    const cutoff = Date.now() - ONE_HOUR;
+    const cutoff = Date.now() - TWENTY_FOUR_HOURS;
     const rows = db
-      .select({ id: settings.id, lastUsedAt: settings.lastUsedAt, createdAt: settings.createdAt })
+      .select({ id: settings.id, key: settings.key, lastUsedAt: settings.lastUsedAt, createdAt: settings.createdAt })
       .from(settings)
       .where(eq(settings.type, 'agent_job_api_key'))
       .all();
-    const expiredIds = rows
-      .filter(r => r.lastUsedAt !== null ? r.lastUsedAt < cutoff : r.createdAt < cutoff)
-      .map(r => r.id);
+
+    // Filter to candidates not used in the last 24 hours
+    const candidates = rows.filter(r =>
+      (r.lastUsedAt !== null ? r.lastUsedAt : r.createdAt) < cutoff
+    );
+
+    if (candidates.length === 0) {
+      console.log(`[maintenance] No expired agent job keys (${rows.length} active)`);
+      return;
+    }
+
+    // Check if the container still exists for each candidate
+    const { inspectContainer } = await import('./tools/docker.js');
+    const expiredIds = [];
+    for (const r of candidates) {
+      const info = await inspectContainer(r.key);
+      if (!info) {
+        expiredIds.push(r.id);
+      }
+    }
+
     if (expiredIds.length > 0) {
       for (const id of expiredIds) {
         db.delete(settings).where(eq(settings.id, id)).run();
       }
-      console.log(`[maintenance] Deleted ${expiredIds.length} expired agent job key(s)`);
+      console.log(`[maintenance] Deleted ${expiredIds.length} orphaned agent job key(s)`);
     } else {
-      console.log(`[maintenance] No expired agent job keys (${rows.length} active)`);
+      console.log(`[maintenance] ${candidates.length} candidate(s) checked, all containers still running`);
     }
   } catch (err) {
     console.error('[maintenance] cleanExpiredAgentJobKeys failed:', err);
   }
 }
 
-function runMaintenance() {
+async function runMaintenance() {
   console.log('[maintenance] Running maintenance...');
-  cleanExpiredAgentJobKeys();
+  await cleanExpiredAgentJobKeys();
 }
 
 export function startMaintenanceCron() {

package/lib/tools/docker.js

@@ -236,7 +236,7 @@ async function runInteractiveContainer({ containerName, repo, branch, codingAgen
     }
     // Create per-container API key for agent-secrets access
     const { createAgentJobApiKey } = await import('../db/api-keys.js');
-    const { key: agentJobToken } = createAgentJobApiKey(workspaceId || containerName);
+    const { key: agentJobToken } = createAgentJobApiKey(containerName);
     env.push(`AGENT_JOB_TOKEN=${agentJobToken}`);
     const appUrl = getConfig('APP_URL');
     if (appUrl) env.push(`APP_URL=${appUrl}`);
@@ -449,7 +449,7 @@ async function runHeadlessContainer({ containerName, repo, branch, featureBranch
     }
     // Create per-container API key for agent-secrets access
     const { createAgentJobApiKey } = await import('../db/api-keys.js');
-    const { key: agentJobToken } = createAgentJobApiKey(workspaceId || containerName);
+    const { key: agentJobToken } = createAgentJobApiKey(containerName);
     env.push(`AGENT_JOB_TOKEN=${agentJobToken}`);
     const appUrl = getConfig('APP_URL');
     if (appUrl) env.push(`APP_URL=${appUrl}`);
@@ -903,7 +903,7 @@ async function runAgentJobContainer({ agentJobId, repo, branch, title, descripti
 
   // Create per-container API key for agent-secrets access
   const { createAgentJobApiKey } = await import('../db/api-keys.js');
-  const { key: agentJobToken } = createAgentJobApiKey(agentJobId);
+  const { key: agentJobToken } = createAgentJobApiKey(containerName);
   env.push(`AGENT_JOB_TOKEN=${agentJobToken}`);
 
   // Inject agent job secrets (plain secrets as env vars; oauth types are null — agent must fetch via get)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thepopebot",
-  "version": "1.2.75-beta.7",
+  "version": "1.2.75-beta.8",
   "type": "module",
   "description": "Create autonomous AI agents with a two-layer architecture: Next.js Event Handler + Docker Agent.",
   "bin": {

package/templates/skills/agent-job-secrets/SKILL.md

@@ -7,14 +7,14 @@ description: List, get, or update agent secrets. Use get for OAuth credentials (
 
 ```bash
 # List available secrets (null = must fetch, plain = already in env)
-node skills/agent-job-secrets/agent-job-secrets.mjs
+node skills/agent-job-secrets/agent-job-secrets.js
 
 # Get a secret value (OAuth credentials are auto-refreshed)
-node skills/agent-job-secrets/agent-job-secrets.mjs get MY_CREDENTIALS
+node skills/agent-job-secrets/agent-job-secrets.js get MY_CREDENTIALS
 
 # Set/update a secret (plain string or piped value)
-node skills/agent-job-secrets/agent-job-secrets.mjs set MY_KEY "value"
-echo "$UPDATED_CREDENTIALS" | node skills/agent-job-secrets/agent-job-secrets.mjs set MY_KEY
+node skills/agent-job-secrets/agent-job-secrets.js set MY_KEY "value"
+echo "$UPDATED_CREDENTIALS" | node skills/agent-job-secrets/agent-job-secrets.js set MY_KEY
 ```
 
 ## Notes