wolverine-ai 2.8.0 → 2.8.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wolverine-ai",
-  "version": "2.8.0",
+  "version": "2.8.1",
   "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
   "main": "src/index.js",
   "bin": {

package/src/platform/auto-update.js

@@ -6,83 +6,51 @@ const chalk = require("chalk");
 /**
  * Auto-Updater — self-updating wolverine framework.
  *
- * Checks npm registry for newer wolverine-ai versions on a schedule.
- * When a new version is found, upgrades via npm and restarts.
- *
- * Config/settings are protected: backed up before update, restored after.
- * Disable in settings.json: "autoUpdate": { "enabled": false }
- *
- * Wolverine can't edit files outside server/ directly, but it CAN
- * run bash commands — so npm update is the upgrade path.
+ * CRITICAL SAFEGUARDS (learned from $6.92 infinite loop incident):
+ * 1. Never re-trigger on same version — tracks last attempted version on disk
+ * 2. Verify deps after update — npm ls must pass or update is rolled back
+ * 3. Cooldown after failed update — won't retry for 1 hour
+ * 4. Max 1 update attempt per boot — prevents restart loops
  */
 
 const PACKAGE_NAME = "wolverine-ai";
-const CHECK_INTERVAL_MS = 3600000; // 1 hour
+const CHECK_INTERVAL_MS = 3600000;
+const LOCKFILE = ".wolverine/update-lock.json"; // tracks last attempt
 
 let _timer = null;
 let _currentVersion = null;
 let _checking = false;
+let _attemptedThisBoot = false; // max 1 update per boot
 
-/**
- * Get the currently installed version.
- */
 function getCurrentVersion() {
   if (_currentVersion) return _currentVersion;
-  try {
-    const pkg = require("../../package.json");
-    _currentVersion = pkg.version;
-  } catch {
-    _currentVersion = "0.0.0";
-  }
+  try { _currentVersion = require("../../package.json").version; } catch { _currentVersion = "0.0.0"; }
   return _currentVersion;
 }
 
-/**
- * Check for the latest available version.
- * For git repos: checks remote for newer commits via `git ls-remote`.
- * For npm installs: checks npm registry via `npm view`.
- */
 function getLatestVersion(cwd) {
-  // Try npm registry first (works for both git and npm installs)
   try {
-    const result = execSync(`npm view ${PACKAGE_NAME} version 2>/dev/null`, {
-      encoding: "utf-8",
-      timeout: 15000,
-      cwd: cwd || process.cwd(),
-    }).trim();
-    if (result) return result;
+    return execSync(`npm view ${PACKAGE_NAME} version 2>/dev/null`, {
+      encoding: "utf-8", timeout: 15000, cwd: cwd || process.cwd(),
+    }).trim() || null;
   } catch {}
 
-  // Fallback for git repos: check if remote has newer commits
+  // Git fallback
   try {
-    if (isGitRepo(cwd || process.cwd())) {
+    if (_isGitRepo(cwd || process.cwd())) {
       execSync("git fetch origin --quiet", { cwd: cwd || process.cwd(), stdio: "pipe", timeout: 15000 });
-      const behind = execSync("git rev-list HEAD..origin/master --count", {
+      const remoteVersion = execSync("git show origin/master:package.json", {
         cwd: cwd || process.cwd(), encoding: "utf-8", timeout: 5000,
-      }).trim();
-      if (parseInt(behind, 10) > 0) {
-        // There are newer commits — read version from remote package.json
-        try {
-          const remoteVersion = execSync("git show origin/master:package.json", {
-            cwd: cwd || process.cwd(), encoding: "utf-8", timeout: 5000,
-          });
-          const pkg = JSON.parse(remoteVersion);
-          return pkg.version || null;
-        } catch {}
-      }
+      });
+      return JSON.parse(remoteVersion).version || null;
     }
   } catch {}
-
   return null;
 }
 
-/**
- * Compare semver versions. Returns true if latest > current.
- */
 function isNewer(latest, current) {
   if (!latest || !current) return false;
-  const a = latest.split(".").map(Number);
-  const b = current.split(".").map(Number);
+  const a = latest.split(".").map(Number), b = current.split(".").map(Number);
   for (let i = 0; i < 3; i++) {
     if ((a[i] || 0) > (b[i] || 0)) return true;
     if ((a[i] || 0) < (b[i] || 0)) return false;
@@ -90,38 +58,100 @@ function isNewer(latest, current) {
   return false;
 }
 
+function _isGitRepo(cwd) {
+  try { execSync("git rev-parse --is-inside-work-tree", { cwd, stdio: "pipe", timeout: 3000 }); return true; } catch { return false; }
+}
+
 /**
- * Detect if this is a git repo or an npm install.
+ * Read the update lock file — prevents retrying same version.
  */
-function isGitRepo(cwd) {
+function _readLock(cwd) {
   try {
-    execSync("git rev-parse --is-inside-work-tree", { cwd, stdio: "pipe", timeout: 3000 });
-    return true;
-  } catch { return false; }
+    const lockPath = path.join(cwd, LOCKFILE);
+    if (fs.existsSync(lockPath)) return JSON.parse(fs.readFileSync(lockPath, "utf-8"));
+  } catch {}
+  return {};
+}
+
+function _writeLock(cwd, data) {
+  try {
+    const lockPath = path.join(cwd, LOCKFILE);
+    fs.mkdirSync(path.dirname(lockPath), { recursive: true });
+    fs.writeFileSync(lockPath, JSON.stringify(data, null, 2), "utf-8");
+  } catch {}
 }
 
 /**
- * Perform the upgrade. Returns { success, from, to, error? }
- * Supports both npm-installed and git-cloned wolverine.
+ * Verify deps are intact after update. Returns true if healthy.
  */
+function _verifyDeps(cwd) {
+  try {
+    execSync("node -e \"require('fastify')\" 2>/dev/null", { cwd, stdio: "pipe", timeout: 5000 });
+    return true;
+  } catch {
+    // Try npm install to restore deps
+    try {
+      console.log(chalk.yellow("  ⚠️  Deps broken after update — running npm install to fix..."));
+      execSync("npm install", { cwd, stdio: "pipe", timeout: 120000 });
+      execSync("node -e \"require('fastify')\" 2>/dev/null", { cwd, stdio: "pipe", timeout: 5000 });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+}
+
 function upgrade(cwd, logger) {
   const current = getCurrentVersion();
-  const latest = getLatestVersion();
+  const latest = getLatestVersion(cwd);
 
   if (!latest || !isNewer(latest, current)) {
     return { success: false, from: current, to: latest, error: "Already up to date" };
   }
 
-  // Delegate to the update skill for the full safe upgrade routine
+  // Check lock — don't retry same version
+  const lock = _readLock(cwd);
+  if (lock.lastAttemptedVersion === latest) {
+    const elapsed = Date.now() - (lock.lastAttemptedAt || 0);
+    if (elapsed < 3600000) { // 1 hour cooldown
+      console.log(chalk.gray(`  🔄 Skipping ${latest} (already attempted ${Math.round(elapsed / 60000)}min ago)`));
+      return { success: false, from: current, to: latest, error: "Already attempted, cooldown active" };
+    }
+  }
+
+  // Record attempt BEFORE trying (so we don't retry on crash)
+  _writeLock(cwd, { lastAttemptedVersion: latest, lastAttemptedAt: Date.now(), from: current });
+
   const { safeUpdate } = require("../skills/update");
-  _currentVersion = null; // clear cache so next check sees new version
-  return safeUpdate(cwd, { logger });
+  _currentVersion = null;
+  const result = safeUpdate(cwd, { logger });
+
+  // Verify deps after update
+  if (result.success) {
+    if (!_verifyDeps(cwd)) {
+      console.log(chalk.red("  ❌ Update broke dependencies — rolling back"));
+      if (logger) logger.error("update.deps_broken", "Update broke dependencies, rolling back");
+      // Restore from emergency backup
+      try {
+        const { restoreFromSafeBackup, listSafeBackups } = require("../skills/update");
+        const backups = listSafeBackups();
+        if (backups.length > 0) {
+          restoreFromSafeBackup(cwd, backups[0].dir);
+          console.log(chalk.yellow("  ↩️  Rolled back to pre-update state"));
+        }
+      } catch {}
+      _writeLock(cwd, { lastAttemptedVersion: latest, lastAttemptedAt: Date.now(), from: current, failed: true, reason: "deps_broken" });
+      return { success: false, from: current, to: latest, error: "Update broke dependencies" };
+    }
+  }
+
+  if (result.success) {
+    _writeLock(cwd, { lastAttemptedVersion: latest, lastAttemptedAt: Date.now(), from: current, success: true });
+  }
+
+  return result;
 }
 
-/**
- * Check for updates (non-blocking). Logs if update available.
- * Call upgrade() separately to actually apply.
- */
 function checkForUpdate(cwd) {
   if (_checking) return null;
   _checking = true;
@@ -129,52 +159,54 @@ function checkForUpdate(cwd) {
     const current = getCurrentVersion();
     const latest = getLatestVersion(cwd);
     _checking = false;
-    if (latest && isNewer(latest, current)) {
-      console.log(chalk.blue(`  🔄 Update available: ${PACKAGE_NAME} ${current} → ${latest}`));
-      return { available: true, current, latest };
+
+    if (!latest || !isNewer(latest, current)) {
+      return { available: false, current, latest };
+    }
+
+    // Check lock — don't report available if we already failed on this version
+    const lock = _readLock(cwd);
+    if (lock.lastAttemptedVersion === latest && lock.failed) {
+      const elapsed = Date.now() - (lock.lastAttemptedAt || 0);
+      if (elapsed < 3600000) return { available: false, current, latest, locked: true };
     }
-    return { available: false, current, latest };
+
+    console.log(chalk.blue(`  🔄 Update available: ${PACKAGE_NAME} ${current} → ${latest}`));
+    return { available: true, current, latest };
   } catch {
     _checking = false;
     return null;
   }
 }
 
-/**
- * Start auto-update schedule. Checks every hour (configurable).
- * If autoUpdate is enabled and a new version is found, upgrades and signals restart.
- *
- * @param {object} options
- * @param {string} options.cwd — project root
- * @param {object} options.logger — EventLogger
- * @param {function} options.onUpdate — called after successful update (trigger restart)
- * @param {number} options.intervalMs — check interval (default: 1h)
- */
 function startAutoUpdate({ cwd, logger, onUpdate, intervalMs }) {
   const interval = intervalMs || CHECK_INTERVAL_MS;
 
-  // Check on startup (delayed 30s to not block boot)
   console.log(chalk.gray(`  🔄 Auto-update scheduled: first check in 30s, then every ${Math.round(interval / 60000)}min`));
+
   setTimeout(() => {
+    if (_attemptedThisBoot) return;
     console.log(chalk.gray(`  🔄 Checking for updates (v${getCurrentVersion()})...`));
     const result = checkForUpdate(cwd);
     if (result?.available) {
+      _attemptedThisBoot = true;
       const upgraded = upgrade(cwd, logger);
       if (upgraded.success && onUpdate) {
         console.log(chalk.blue("  🔄 Restarting with new version..."));
         onUpdate(upgraded);
       }
     } else if (result) {
-      console.log(chalk.gray(`  🔄 Up to date (v${result.current}${result.latest ? ", npm: " + result.latest : ""})`));
+      console.log(chalk.gray(`  🔄 Up to date (v${result.current}${result.latest ? ", npm: " + result.latest : ""}${result.locked ? " [cooldown]" : ""})`));
     } else {
       console.log(chalk.yellow("  🔄 Update check failed (npm unreachable?)"));
     }
   }, 30000);
 
-  // Periodic check
   _timer = setInterval(() => {
+    if (_attemptedThisBoot) return; // max 1 attempt per boot
     const result = checkForUpdate(cwd);
     if (result?.available) {
+      _attemptedThisBoot = true;
       const upgraded = upgrade(cwd, logger);
       if (upgraded.success && onUpdate) {
         console.log(chalk.blue("  🔄 Restarting with new version..."));
@@ -188,12 +220,4 @@ function stopAutoUpdate() {
   if (_timer) { clearInterval(_timer); _timer = null; }
 }
 
-module.exports = {
-  getCurrentVersion,
-  getLatestVersion,
-  isNewer,
-  checkForUpdate,
-  upgrade,
-  startAutoUpdate,
-  stopAutoUpdate,
-};
+module.exports = { getCurrentVersion, getLatestVersion, isNewer, checkForUpdate, upgrade, startAutoUpdate, stopAutoUpdate };

package/src/skills/update.js

@@ -175,9 +175,12 @@ function safeUpdate(cwd, options = {}) {
     // 3. Update framework ONLY — server/ is never touched
     if (isGit) {
       console.log(chalk.blue("  📦 Selective git update (server/ untouched)"));
-      const frameworkPaths = "src/ bin/ package.json package-lock.json examples/ tests/ CLAUDE.md README.md CHANGELOG.md .npmignore";
+      // ONLY update framework files — never touch server/ or its deps
+      const frameworkPaths = "src/ bin/ examples/ tests/ CLAUDE.md README.md CHANGELOG.md .npmignore";
       execSync(`git checkout origin/master -- ${frameworkPaths}`, { cwd, stdio: "pipe", timeout: 30000 });
-      execSync("npm install --production", { cwd, stdio: "pipe", timeout: 120000 });
+      // Update package.json separately, then install deps to restore anything lost
+      execSync("git checkout origin/master -- package.json", { cwd, stdio: "pipe", timeout: 10000 });
+      execSync("npm install", { cwd, stdio: "pipe", timeout: 120000 });
     } else {
       const cmd = `npm install ${PACKAGE_NAME}@${latestVersion}`;
       console.log(chalk.blue(`  📦 ${cmd}`));