underpost 3.2.10 → 3.2.11

package/src/cli/monitor.js

@@ -4,7 +4,13 @@
  * @namespace UnderpostMonitor
  */
 
-import { loadReplicas, pathPortAssignmentFactory, loadConfServerJson, loadCronDeployEnv } from '../server/conf.js';
+import {
+  loadReplicas,
+  pathPortAssignmentFactory,
+  loadConfServerJson,
+  loadCronDeployEnv,
+  etcHostFactory,
+} from '../server/conf.js';
 import { loggerFactory } from '../server/logger.js';
 import axios from 'axios';
 import fs from 'fs-extra';
@@ -144,7 +150,7 @@ class UnderpostMonitor {
             if (path.match('peer') || path.match('socket')) continue;
             const urlTest = `http${env === 'development' ? '' : 's'}://${host}${path}`;
             if (env === 'development') {
-              const { renderHosts } = Underpost.deploy.etcHostFactory([host]);
+              const { renderHosts } = etcHostFactory([host]);
               logger.info('renderHosts', renderHosts);
             }
             await axios.get(urlTest, { timeout: 10000 }).catch((error) => {
@@ -200,7 +206,7 @@ class UnderpostMonitor {
       let monitorPodName;
       const monitorCallBack = (resolve, reject) => {
         if (env === 'development') {
-          const { renderHosts } = Underpost.deploy.etcHostFactory([]);
+          const { renderHosts } = etcHostFactory([]);
           logger.info('renderHosts', renderHosts);
         }
         const envMsTimeout = Underpost.env.get(`${deployId}-${env}-monitor-ms`);

package/src/cli/release.js

@@ -13,6 +13,7 @@ import fs from 'fs-extra';
 import path from 'path';
 import dotenv from 'dotenv';
 import { pbcopy, shellCd, shellExec } from '../server/process.js';
+import { Dns } from '../server/dns.js';
 import { loggerFactory } from '../server/logger.js';
 import { timer } from '../client/components/core/CommonJs.js';
 import Underpost from '../index.js';
@@ -76,10 +77,7 @@ const buildVersionBumpTargets = () => [
   {
     dir: 'src/client/public/cyberia-docs',
     match: /\.md$/,
-    patterns: [
-      /(\*\*(?:Current )?[Vv]ersion:\*\* )\d+\.\d+\.\d+/g,
-      /(underpost\/[a-z0-9-]+:v)\d+\.\d+\.\d+/g,
-    ],
+    patterns: [/(\*\*(?:Current )?[Vv]ersion:\*\* )\d+\.\d+\.\d+/g, /(underpost\/[a-z0-9-]+:v)\d+\.\d+\.\d+/g],
     recursive: true,
   },
   {
@@ -99,10 +97,7 @@ const buildVersionBumpTargets = () => [
   {
     dir: 'manifests/deployment',
     match: /deployment\.yaml$/,
-    patterns: [
-      /(underpost\/[a-z0-9-]+:v)\d+\.\d+\.\d+/g,
-      /(engine\.version: )\d+\.\d+\.\d+/g,
-    ],
+    patterns: [/(underpost\/[a-z0-9-]+:v)\d+\.\d+\.\d+/g, /(engine\.version: )\d+\.\d+\.\d+/g],
     recursive: true,
   },
   {
@@ -240,13 +235,72 @@ const printBumpReport = (report, { dryRun }) => {
  * (e.g. overwriting package.json). Skips VSCode internals and the current process.
  */
 function killDevServers() {
-  // shellExec(
-  //   `kill -9 $(pgrep -f 'nodemon|node.*src/server|node.*dev' | grep -v '^${process.pid}$') 2>/dev/null || true`,
-  // );
-  shellExec(`node bin run kill 4001`);
-  shellExec(`node bin run kill 4002`);
-  shellExec(`node bin run kill 4003`);
-  shellExec(`node bin run kill 3000`);
+  for (const port of [4001, 4002, 4003, 3000]) shellExec(`node bin run kill ${port}`);
+}
+
+const TEMPLATE_PATH = '../pwa-microservices-template';
+
+/**
+ * Runs a command in an ISOLATED environment. `release build` loads the engine's
+ * `dd-cron/.env.production` (DEPLOY_ID=dd-cron, DB creds, secrets, …) into its own `process.env`,
+ * which `shellExec` children would otherwise inherit — and the template's `dotenv.config()` runs
+ * without override, so it could never reclaim those keys. `env -i` starts the child with an empty
+ * environment; only PATH/HOME-class essentials are re-added so node/npm/git still resolve. The
+ * template then reads only its own `.env`, resolving `dd-default` exactly like a fresh clone.
+ */
+const ISOLATED_ENV = 'env -i HOME="$HOME" PATH="$PATH" USER="$USER" LOGNAME="$LOGNAME" TERM="$TERM" LANG="$LANG"';
+
+/**
+ * Builds the pwa-microservices-template from scratch and smoke-tests its default workflow.
+ *
+ * 1. Cleans the engine, pulls latest, and rebuilds the template via `bin/build.template`.
+ * 2. Derives `.env` + `.env.example` from the template `.env.example` (DHCP host IP + file
+ *    logs), both written from the same `dd-default` content so the default startup workflow
+ *    bootstraps `engine-private` from scratch out of them. `.env` is rewritten because it is
+ *    gitignored (git clean never removes it) and may otherwise hold a stale `dd-cron`.
+ * 3. Installs deps, then builds + runs the template `dev` server in an ISOLATED env
+ *    (see `ISOLATED_ENV`) so it resolves `dd-default` like a fresh clone, and asserts the
+ *    startup log is error-free.
+ *
+ * @returns {boolean} true when the template started cleanly, false otherwise.
+ */
+async function buildAndTestTemplate() {
+  killDevServers();
+  Underpost.repo.clean({ paths: ['/home/dd/engine', '/home/dd/engine/engine-private '] });
+  shellExec(`node bin pull . ${process.env.GITHUB_USERNAME}/engine`);
+  shellExec(`npm run update:template`);
+  shellExec(`node bin run shared-dir ${TEMPLATE_PATH}`);
+
+  const dhcpHostIp = Dns.getLocalIPv4Address();
+  logger.info(`DHCP host IP for template test: ${dhcpHostIp}`);
+  let envContent = fs.readFileSync(`${TEMPLATE_PATH}/.env.example`, 'utf8');
+  if (dhcpHostIp) envContent = envContent.replace(/127\.0\.0\.1/g, dhcpHostIp);
+  envContent = envContent.replace(/^ENABLE_FILE_LOGS=.*/m, 'ENABLE_FILE_LOGS=true');
+  // fs.writeFileSync(`${TEMPLATE_PATH}/.env`, envContent, 'utf8');
+  fs.writeFileSync(`${TEMPLATE_PATH}/.env.example`, envContent, 'utf8');
+  shellExec(`cd ${TEMPLATE_PATH} && npm install`);
+  shellExec(`cd ${TEMPLATE_PATH} && node bin env clean`);
+  // Build + run in an isolated env so the template resolves dd-default from its own .env and
+  // never inherits the engine's dd-cron deploy selection. See ISOLATED_ENV above.
+  //
+  // ENABLE_FILE_LOGS must be passed inline: src/server.js builds start.js's logger at import
+  // time, before Config.build() loads the template .env, so the var has to be present in the
+  // process env from the start for logs/start.js/all.log (the success probe below) to be written.
+  shellExec(`cd ${TEMPLATE_PATH} && ${ISOLATED_ENV} npm run build`);
+  shellExec(`cd ${TEMPLATE_PATH} && ${ISOLATED_ENV} ENABLE_FILE_LOGS=true timeout 5s npm run dev`, { async: true });
+  await timer(5500);
+
+  const templateLogPath = `${TEMPLATE_PATH}/logs/start.js/all.log`;
+  const runnerResult = fs.existsSync(templateLogPath) ? fs.readFileSync(templateLogPath, 'utf8') : '';
+  logger.info('Test template runner result');
+  killDevServers();
+  shellCd(`/home/dd/engine`);
+  Underpost.repo.clean({ paths: ['/home/dd/engine', '/home/dd/engine/engine-private '] });
+  if (!runnerResult || runnerResult.toLowerCase().match('error')) {
+    logger.error('Test template runner result failed');
+    return false;
+  }
+  return true;
 }
 
 /**
@@ -298,26 +352,8 @@ class UnderpostRelease {
       logger.info(`Release build — bumping ${version} → ${newVersion}${dryRun ? ' (dry-run)' : ''}`);
 
       if (!dryRun) {
-        killDevServers();
-        Underpost.repo.clean({ paths: ['/home/dd/engine', '/home/dd/engine/engine-private '] });
-        shellExec(`node bin pull . ${process.env.GITHUB_USERNAME}/engine`);
-        shellExec(`npm run update:template`);
-        shellExec(`cd ../pwa-microservices-template && npm install && npm run build`);
-        console.log(fs.existsSync(`../pwa-microservices-template/engine-private/conf/dd-default`));
-        shellExec(`cd ../pwa-microservices-template && ENABLE_FILE_LOGS=true timeout 5s npm run dev`, {
-          async: true,
-        });
-        await timer(5500);
-        const templateRunnerResult = fs.readFileSync(`../pwa-microservices-template/logs/start.js/all.log`, 'utf8');
-        logger.info('Test template runner result');
-        console.log(templateRunnerResult);
-        if (!templateRunnerResult || templateRunnerResult.toLowerCase().match('error')) {
-          logger.error('Test template runner result failed');
-          return;
-        }
-        killDevServers();
-        shellCd(`/home/dd/engine`);
-        Underpost.repo.clean({ paths: ['/home/dd/engine', '/home/dd/engine/engine-private '] });
+        const templateOk = await buildAndTestTemplate();
+        if (!templateOk) return;
       }
 
       // ── Canonical version files: delegate to bumpp (package.json, package-lock.json,
@@ -424,7 +460,7 @@ class UnderpostRelease {
      * Runs the pwa-microservices-template update and push flow locally.
      *
      * Always removes and re-clones pwa-microservices-template, then:
-     * 1. Runs update:template (node bin/file update-template) to sync engine sources.
+     * 1. Runs update:template (node bin/build.template) to sync engine sources.
      * 2. Installs dependencies and builds the template.
      * 3. Commits and pushes to the pwa-microservices-template remote repository.
      *

package/src/cli/repository.js

@@ -924,8 +924,6 @@ class UnderpostRepository {
       shellExec(`cd ${privateRepoPath} && underpost pull . ${process.env.GITHUB_USERNAME}/${privateRepoName}`, {
         silent: true,
       });
-      shellExec(`underpost run secret`);
-      shellExec(`underpost run underpost-config`);
       const packageJsonDeploy = JSON.parse(fs.readFileSync(`./engine-private/conf/${deployId}/package.json`, 'utf8'));
       const packageJsonEngine = JSON.parse(fs.readFileSync(`./package.json`, 'utf8'));
       if (packageJsonDeploy.version !== packageJsonEngine.version) {
@@ -1051,9 +1049,9 @@ Prevent build private config repo.`,
      */
     clean(options = { paths: [''] }) {
       for (const path of options.paths) {
-        shellExec(`cd ${path} && git reset`, { silent: true });
-        shellExec(`cd ${path} && git checkout .`, { silent: true });
-        shellExec(`cd ${path} && git clean -f -d`, { silent: true });
+        shellExec(`cd ${path} && git reset`, { silentOnError: true, silent: true, disableLog: true });
+        shellExec(`cd ${path} && git checkout .`, { silentOnError: true, silent: true, disableLog: true });
+        shellExec(`cd ${path} && git clean -f -d`, { silentOnError: true, silent: true, disableLog: true });
       }
     },
 
@@ -1107,7 +1105,7 @@ Prevent build private config repo.`,
 
       try {
         // Fetch directory contents recursively
-        const copiedFiles = await this._fetchAndCopyGitHubDirectory({
+        const copiedFiles = await this.fetchAndCopyGitHubDirectory({
           apiUrl,
           targetPath,
           basePath: directoryPath,
@@ -1143,7 +1141,7 @@ Prevent build private config repo.`,
      * @returns {Promise<array>} Array of copied file paths.
      * @memberof UnderpostRepository
      */
-    async _fetchAndCopyGitHubDirectory(options) {
+    async fetchAndCopyGitHubDirectory(options) {
       const { apiUrl, targetPath, basePath, branch } = options;
       const copiedFiles = [];
 
@@ -1178,14 +1176,12 @@ Prevent build private config repo.`,
 
       logger.info(`Found ${contents.length} items in directory: ${basePath}`);
 
-      // Process each item in the directory
       for (const item of contents) {
         const itemTargetPath = `${targetPath}/${item.name}`;
 
         if (item.type === 'file') {
           logger.info(`Downloading file: ${item.path}`);
 
-          // Download file content
           const fileResponse = await fetch(item.download_url);
           if (!fileResponse.ok) {
             logger.error(`Failed to download: ${item.download_url}`);
@@ -1195,16 +1191,14 @@ Prevent build private config repo.`,
           const fileContent = await fileResponse.text();
           fs.writeFileSync(itemTargetPath, fileContent);
 
-          logger.info(`✓ Saved: ${itemTargetPath}`);
+          logger.info(`Saved: ${itemTargetPath}`);
           copiedFiles.push(itemTargetPath);
         } else if (item.type === 'dir') {
-          logger.info(`📁 Processing directory: ${item.path}`);
+          logger.info(`Processing directory: ${item.path}`);
 
-          // Create subdirectory
           fs.mkdirSync(itemTargetPath, { recursive: true });
 
-          // Recursively process subdirectory
-          const subFiles = await this._fetchAndCopyGitHubDirectory({
+          const subFiles = await this.fetchAndCopyGitHubDirectory({
             apiUrl: item.url,
             targetPath: itemTargetPath,
             basePath: item.path,
@@ -1212,7 +1206,7 @@ Prevent build private config repo.`,
           });
 
           copiedFiles.push(...subFiles);
-          logger.info(`✓ Completed directory: ${item.path} (${subFiles.length} files)`);
+          logger.info(`Completed directory: ${item.path} (${subFiles.length} files)`);
         } else {
           logger.warn(`Skipping unknown item type '${item.type}': ${item.path}`);
         }
@@ -1384,7 +1378,7 @@ Prevent build private config repo.`,
       }
       shellExec(`cd "${repoPath}" && git config user.name '${gitUsername}'`);
       shellExec(`cd "${repoPath}" && git config user.email '${gitEmail}'`);
-
+      shellExec(`cd "${repoPath}" && git config core.filemode false`);
       if (origin) {
         const currentRemote = shellExec(`cd "${repoPath}" && git remote get-url origin`, {
           stdout: true,

package/src/cli/run.js

@@ -10,6 +10,8 @@ import {
   awaitDeployMonitor,
   buildKindPorts,
   Config,
+  cronDeployIdResolve,
+  etcHostFactory,
   getNpmRootPath,
   isDeployRunnerContext,
   loadConfServerJson,
@@ -116,6 +118,7 @@ const logger = loggerFactory(import.meta);
  * @property {boolean} copy - Whether to copy the command to the clipboard instead of executing it.
  * @property {boolean} skipFullBuild - Whether to skip the full client bundle build during deployment (supported by: sync, template-deploy).
  * @property {boolean} pullBundle - Whether to pull the bundle before running. Use together with --skip-full-build to skip the local build entirely (supported by: sync, template-deploy).
+ * @property {boolean} remove - Whether to remove/teardown resources instead of creating them (e.g. delete-expose for k3s proxy devices in dev-cluster).
  * @memberof UnderpostRun
  */
 const DEFAULT_OPTION = {
@@ -183,6 +186,7 @@ const DEFAULT_OPTION = {
   copy: false,
   skipFullBuild: false,
   pullBundle: false,
+  remove: false,
 };
 
 /**
@@ -212,28 +216,39 @@ class UnderpostRun {
     'dev-cluster': (path, options = DEFAULT_OPTION) => {
       const baseCommand = options.dev ? 'node bin' : 'underpost';
       const mongoHosts = ['mongodb-0.mongodb-service'];
+      let primaryMongoHost = 'mongodb-0.mongodb-service';
       if (!options.expose) {
         shellExec(`${baseCommand} cluster${options.dev ? ' --dev' : ''} --reset`);
         shellExec(`${baseCommand} cluster${options.dev ? ' --dev' : ''}`);
 
         shellExec(
-          `${baseCommand} cluster${options.dev ? ' --dev' : ''} --mongodb --mongo-db-host ${mongoHosts.join(
+          `${baseCommand} cluster${options.dev ? ' --dev' : ''} --mongodb4 --service-host ${mongoHosts.join(
             ',',
           )} --pull-image`,
         );
         shellExec(`${baseCommand} cluster${options.dev ? ' --dev' : ''} --valkey --pull-image`);
       }
-
-      {
-        // Detect MongoDB primary pod using method
-        let primaryMongoHost = 'mongodb-0.mongodb-service';
+      if (options.k3s) {
+        if (options.remove) {
+          shellExec(`${baseCommand} lxd --delete-expose k3s-control:27017`);
+          shellExec(`${baseCommand} lxd --delete-expose k3s-control:6379`);
+        } else {
+          shellExec(`${baseCommand} lxd --expose k3s-control:27017 --node-port 32017`);
+          shellExec(`${baseCommand} lxd --expose k3s-control:6379 --node-port 32079`);
+        }
+        shellExec(`lxc config device show k3s-control`);
+      } else {
         try {
-          const primaryPodName = MongoBootstrap.getPrimaryPodName({
-            namespace: options.namespace,
-            podName: 'mongodb-0',
-          });
-          // shellExec(`${baseCommand} deploy --expose --disable-update-underpost-config mongo`, { async: true });
-          shellExec(`kubectl port-forward -n ${options.namespace} pod/${primaryPodName} 27017:27017`, { async: true });
+          const primaryPodName =
+            MongoBootstrap.getPrimaryPodName({
+              namespace: options.namespace,
+              podName: 'mongodb-0',
+              disableAuth: options.dev,
+            }) || 'mongodb-0';
+          shellExec(
+            `${baseCommand} deploy --expose --namespace ${options.namespace} --disable-update-underpost-config mongo`,
+            { async: true },
+          );
           shellExec(
             `${baseCommand} deploy --expose --namespace ${options.namespace} --disable-update-underpost-config valkey`,
             { async: true },
@@ -244,10 +259,9 @@ class UnderpostRun {
             default: primaryMongoHost,
           });
         }
-
-        const hostListenResult = Underpost.deploy.etcHostFactory([primaryMongoHost]);
-        logger.info(hostListenResult.renderHosts);
       }
+      const hostListenResult = etcHostFactory([primaryMongoHost]);
+      logger.info(hostListenResult.renderHosts);
     },
 
     /**
@@ -532,6 +546,7 @@ class UnderpostRun {
      */
     clean: (path = '', options = DEFAULT_OPTION) => {
       Underpost.repo.clean({ paths: path ? path.split(',') : ['/home/dd/engine', '/home/dd/engine/engine-private'] });
+      if (options.dev) shellExec(`node bin run shared-dir ${path ? path : '/home/dd/engine'}`);
     },
     /**
      * @method pull
@@ -1159,7 +1174,7 @@ EOF
         );
       }
       if (options.etcHosts) {
-        const hostListenResult = Underpost.deploy.etcHostFactory(etcHosts);
+        const hostListenResult = etcHostFactory(etcHosts);
         logger.info(hostListenResult.renderHosts);
       }
     },
@@ -1531,7 +1546,8 @@ EOF`);
           `git config user.name '${username}' && ` +
           `git config user.email '${email}' && ` +
           `git config credential.interactive always &&` +
-          `git config pull.rebase false`,
+          `git config pull.rebase false && ` +
+          `git config core.filemode false`,
         {
           disableLog: true,
           silent: true,
@@ -1908,7 +1924,7 @@ EOF`);
         );
       } else logger.error(`Service pod ${podToMonitor} failed to start in time.`);
       if (options.etcHosts === true) {
-        const hostListenResult = Underpost.deploy.etcHostFactory([host]);
+        const hostListenResult = etcHostFactory([host]);
         logger.info(hostListenResult.renderHosts);
       }
     },
@@ -1926,7 +1942,7 @@ EOF`);
         const confServer = loadConfServerJson(`./engine-private/conf/${options.deployId}/conf.server.json`);
         hosts.push(...Object.keys(confServer));
       }
-      const hostListenResult = Underpost.deploy.etcHostFactory(hosts);
+      const hostListenResult = etcHostFactory(hosts);
       logger.info(hostListenResult.renderHosts);
     },
 
@@ -2255,11 +2271,14 @@ EOF`);
           port = parseInt(port);
           sumPortOffSet = parseInt(sumPortOffSet);
           for (const sumPort of range(0, sumPortOffSet))
-            shellExec(`sudo kill -9 $(lsof -t -i:${parseInt(port) + parseInt(sumPort)})`, {
-              silentOnError: true,
-            });
+            shellExec(
+              `PIDS=$(lsof -t -i:${parseInt(port) + parseInt(sumPort)}); [ -n "$PIDS" ] && sudo kill -9 $PIDS || true`,
+              {
+                silentOnError: true,
+              },
+            );
         } else
-          shellExec(`sudo kill -9 $(lsof -t -i:${_path})`, {
+          shellExec(`PIDS=$(lsof -t -i:${_path}); [ -n "$PIDS" ] && sudo kill -9 $PIDS || true`, {
             silentOnError: true,
           });
       }
@@ -2308,9 +2327,10 @@ EOF`);
      * @memberof UnderpostRun
      */
     secret: (path, options = DEFAULT_OPTION) => {
-      const secretPath = path ? path : `/home/dd/engine/engine-private/conf/dd-cron/.env.production`;
-      const command = `${options.dev ? 'node bin' : 'underpost'} secret underpost --create-from-file ${secretPath}`;
-      shellExec(command);
+      const cronDeployId = cronDeployIdResolve() || 'dd-cron';
+      Underpost.secret.underpost.createFromEnvFile(
+        `/home/dd/engine/engine-private/conf/${cronDeployId}/.env.${options.dev ? 'development' : 'production'}`,
+      );
     },
     /**
      * @method underpost-config
@@ -2620,7 +2640,28 @@ EOF`;
     },
 
     /**
-     * @method setup-shared-dir
+     * @method monitor-ui
+     * @description Installs and enables the Cockpit KVM Dashboard (cockpit, cockpit-machines, libvirt)
+     * and opens the cockpit firewall service. With `--remove`, closes the firewall service instead.
+     * @param {string} path - Unused.
+     * @param {Object} options - The default underpost runner options for customizing workflow.
+     *   `options.remove` — when true, removes the cockpit firewall rule instead of adding it.
+     * @memberof UnderpostRun
+     */
+    'monitor-ui': (path, options = DEFAULT_OPTION) => {
+      if (options.remove) {
+        shellExec(`sudo firewall-cmd --zone=public --remove-service=cockpit --permanent`);
+        shellExec(`sudo firewall-cmd --reload`);
+        return;
+      }
+      shellExec(`sudo dnf install -y cockpit cockpit-machines libvirt`);
+      shellExec(`sudo systemctl enable --now cockpit.socket libvirtd`);
+      shellExec(`sudo firewall-cmd --permanent --add-service=cockpit`);
+      shellExec(`sudo firewall-cmd --reload`);
+    },
+
+    /**
+     * @method shared-dir
      * @description Run once for initial shared-directory setup. Creates the group, adds the user,
      * creates the directory, sets ownership, applies the SGID bit, and configures default ACLs so
      * all future files inside the directory automatically inherit group write permissions.
@@ -2631,7 +2672,7 @@ EOF`;
      *   Key fields: `options.user` (default `'admin'`), `options.group` (default `'engine-dev'`).
      * @memberof UnderpostRun
      */
-    'setup-shared-dir': (path = '/home/dd/engine', options = DEFAULT_OPTION) => {
+    'shared-dir': (path = '/home/dd/engine', options = DEFAULT_OPTION) => {
       const dir = path || '/home/dd/engine';
       const user = options.user || 'admin';
       const group = options.group || 'engine-dev';
@@ -2648,30 +2689,6 @@ EOF`;
 
       logger.info(`[setup-shared-dir] Shared directory setup complete: ${dir}`);
     },
-
-    /**
-     * @method reload-shared-dir
-     * @description Re-applies recursive permissions and ACLs to repair permission drift on an
-     * already-configured shared directory. Does **not** recreate the group, add users, or modify
-     * ownership. Use this after VS Code permission errors or when existing files lose group write
-     * access due to tool or process interference.
-     * @param {string} path - Target directory to repair (defaults to `/home/dd/engine`).
-     *   Customise via the `path` argument or leave empty to use the default.
-     * @param {Object} options - The default underpost runner options for customizing workflow.
-     *   Key fields: `options.group` (default `'engine-dev'`).
-     * @memberof UnderpostRun
-     */
-    'reload-shared-dir': (path = '/home/dd/engine', options = DEFAULT_OPTION) => {
-      const dir = path || '/home/dd/engine';
-      const group = options.group || 'engine-dev';
-
-      logger.info(`[reload-shared-dir] dir=${dir} group=${group}`);
-
-      shellExec(`sudo chmod -R 2775 ${dir}`);
-      shellExec(`sudo setfacl -R -m g:${group}:rwx ${dir}`);
-
-      logger.info(`[reload-shared-dir] Shared directory permissions reloaded: ${dir}`);
-    },
   };
 
   static API = {
@@ -2728,14 +2745,14 @@ EOF`;
         if (options.replicas === '' || options.replicas === null || options.replicas === undefined)
           options.replicas = 1;
         options.npmRoot = npmRoot;
-        logger.info('callback', { path, options });
+        logger.info(`Executing runner`, { runner, namespace: options.namespace });
         if (!Underpost.run.RUNNERS.includes(runner)) throw new Error(`Runner not found: ${runner}`);
         const result = await Underpost.run.CALL(runner, path, options);
         return result;
       } catch (error) {
         console.log(error);
         logger.error(error);
-        return null;
+        process.exit(1);
       }
     },
   };

package/src/cli/secrets.js

@@ -26,17 +26,26 @@ class UnderpostSecret {
      * @memberof UnderpostSecret
      */
     underpost: {
-      createFromEnvFile(envPath) {
+      /**
+       * @method createFromEnvFile
+       * @description Reads application secrets from a .env file and writes them to the underpost .env file. Used for local development and testing.
+       * @param {string} envPath - The path to the .env file to read secrets from. Defaults to './.env'.
+       * @memberof UnderpostSecret
+       */
+      createFromEnvFile(envPath = './.env') {
         Underpost.env.clean();
         const envObj = dotenv.parse(fs.readFileSync(envPath, 'utf8'));
         for (const key of Object.keys(envObj)) {
           Underpost.env.set(key, envObj[key]);
         }
       },
-      /** Reads application secrets from process.env (injected via envFrom: secretRef)
+      /**
+       * @method createFromContainerEnv
+       * @description Reads application secrets from process.env (injected via envFrom: secretRef)
        *  and writes them to the underpost .env file, filtering out known system and
        *  Kubernetes-injected environment variables. Replaces the fragile shell-based
        *  `printenv | grep -vE` pattern with a maintainable Node.js blocklist.
+       * @memberof UnderpostSecret
        */
       createFromContainerEnv() {
         Underpost.env.clean();

package/src/client/components/core/Auth.js

@@ -319,10 +319,11 @@ class Auth {
       // Close any open login/signup modals
       if (s(`.modal-log-in`)) s(`.btn-close-modal-log-in`).click();
       if (s(`.modal-sign-up`)) s(`.btn-close-modal-sign-up`).click();
-      if (!s(`.main-body-btn-ui-open`).classList.contains('hide'))
-        s(`.main-body-btn-ui-open`).click();
-      if (!s(`.main-body-btn-ui-bar-custom-open`).classList.contains('hide'))
+      if (!s(`.main-body-btn-ui-open`).classList.contains('hide')) s(`.main-body-btn-ui-open`).click();
+      if (!s(`.main-body-btn-ui-bar-custom-open`).classList.contains('hide')) {
+        SearchBox.Data.skipOpen = true;
         s(`.main-body-btn-ui-bar-custom-open`).click();
+      }
     });
   }
 

package/src/client/components/core/ClientEvents.js

@@ -45,6 +45,79 @@ const AppointmentEventType = {
   submitted: 'appointment:submitted',
 };
 
+const ModalEventType = {
+  close: 'modal:close',
+  menu: 'modal:menu',
+  collapseMenu: 'modal:collapse-menu',
+  extendMenu: 'modal:extend-menu',
+  dragEnd: 'modal:drag-end',
+  observer: 'modal:observer',
+  click: 'modal:click',
+  expandUi: 'modal:expand-ui',
+  barUiOpen: 'modal:bar-ui-open',
+  barUiClose: 'modal:bar-ui-close',
+  reload: 'modal:reload',
+  home: 'modal:home',
+};
+
+const ModalListenerChannels = {
+  onCloseListener: ModalEventType.close,
+  onMenuListener: ModalEventType.menu,
+  onCollapseMenuListener: ModalEventType.collapseMenu,
+  onExtendMenuListener: ModalEventType.extendMenu,
+  onDragEndListener: ModalEventType.dragEnd,
+  onObserverListener: ModalEventType.observer,
+  onClickListener: ModalEventType.click,
+  onExpandUiListener: ModalEventType.expandUi,
+  onBarUiOpen: ModalEventType.barUiOpen,
+  onBarUiClose: ModalEventType.barUiClose,
+  onReloadModalListener: ModalEventType.reload,
+  onHome: ModalEventType.home,
+};
+
+const createModalEventChannel = (bus, type) => {
+  const busKey = (key) => `${type}::${key}`;
+  return new Proxy(
+    {},
+    {
+      get(_target, prop) {
+        if (typeof prop === 'symbol') return undefined;
+        const key = busKey(prop);
+        if (!bus.has(key)) return undefined;
+        return (detail) => bus.emitKey(key, detail);
+      },
+      set(_target, prop, value) {
+        if (typeof prop !== 'symbol' && typeof value === 'function') bus.on(type, value, { key: busKey(prop) });
+        return true;
+      },
+      deleteProperty(_target, prop) {
+        if (typeof prop !== 'symbol') bus.off(busKey(prop));
+        return true;
+      },
+      has(_target, prop) {
+        return typeof prop !== 'symbol' && bus.has(busKey(prop));
+      },
+      ownKeys() {
+        const prefix = `${type}::`;
+        return bus.keysOf(type).map((key) => String(key).slice(prefix.length));
+      },
+      getOwnPropertyDescriptor(_target, prop) {
+        if (typeof prop !== 'symbol' && bus.has(busKey(prop)))
+          return { enumerable: true, configurable: true, writable: true, value: undefined };
+        return undefined;
+      },
+    },
+  );
+};
+
+// One EventBus per modal id, surfaced through the legacy channel names.
+const createModalEvents = () => {
+  const bus = new EventBus();
+  const channels = {};
+  for (const [name, type] of Object.entries(ModalListenerChannels)) channels[name] = createModalEventChannel(bus, type);
+  return { bus, channels };
+};
+
 const authLoginEvents = new EventBus();
 const authLogoutEvents = new EventBus();
 const authSignupEvents = new EventBus();
@@ -70,6 +143,9 @@ export {
   KeyboardEventType,
   AccountEventType,
   AppointmentEventType,
+  ModalEventType,
+  ModalListenerChannels,
+  createModalEvents,
   authLoginEvents,
   authLogoutEvents,
   authSignupEvents,

package/src/client/components/core/EventBus.js

@@ -69,6 +69,10 @@ class EventBus {
     return this.listeners.has(key);
   }
 
+  keysOf(type) {
+    return [...(this.typeKeys.get(type) ?? [])];
+  }
+
   async emit(type, detail) {
     if (!(this.typeKeys.get(type)?.size > 0)) return;