Commit Graph

4 Commits

Author SHA1 Message Date
Bilal Godil
ac9271f487 chore(cli): rename internal marker env var to HEXCLAVE_CLI_REEXEC_MARKER 2026-06-16 14:51:12 -07:00
Bilal Godil
a9c22da3bd fix(cli): don't fall back when npx is killed by a signal; harden tests
Review follow-ups:
- A Ctrl-C forwarded to the npx child surfaced as exit code null (-> 1), which
  the fallback logic misread as an npx failure and relaunched dev on the
  installed CLI instead of aborting. Capture the terminating signal in
  runReexec and propagate (128+signum) instead of falling back.
- Scrub STACK_CLI_REEXEC_MARKER from the wrapped user command's env so the
  internal handshake var doesn't leak into arbitrary child processes.
- Add wiring tests (marker present -> propagate; absent -> fall back without
  process.exit) and a signal-abort case, so a regression in the glue between
  createReexecMarker/spawn/decidePostReexec is caught.
2026-06-16 14:46:58 -07:00
Bilal Godil
a2590be68e fix(cli): fall back to installed CLI when npx auto-update fails
`hexclave dev` re-execs through `npx <pkg>@latest` to pick up the latest
dashboard. If that npx run failed (npm error, blocked download, lock
contention, offline) it exited nonzero and `maybeReexecToLatest` propagated
the code via process.exit, killing `hexclave dev` even though a perfectly good
CLI was already installed.

This bites users behind a package firewall (e.g. Socket Firewall on Replit),
which blocks the @hexclave/cli download and surfaces as `npm error
Lock compromised` (ECOMPROMISED) from npx's own cache lock.

Use a startup-marker handshake to tell apart an npx/install failure (our CLI
never ran -> fall back to the installed CLI) from a genuine nonzero exit of
the wrapped command (our CLI ran -> propagate). The marker only needs file
create/exists, so it's robust on sandboxed/networked filesystems. If the
marker can't be created we keep the old always-propagate behavior.

decidePostReexec + signalReexecStartedIfChild are pure and unit-tested.
2026-06-16 14:18:26 -07:00
BilalG1
41942fcfc1
feat(cli): auto-update RDE dashboard via npx re-exec on stack dev (#1521)
## What & why

Re-running `stack dev` / `hexclave dev` now picks up the **latest
published dashboard without reinstalling the CLI**.

In the RDE, the dashboard is a Next.js standalone build **bundled into
the `@hexclave/cli` npm tarball** — so a dashboard change only reaches a
user when they get a newer CLI *version*. This PR closes that gap for
the recommended `stack dev` flow.

## How it works

1. **npx self-re-exec** — at the top of the `dev` action, the CLI checks
npm for a newer `@hexclave/cli`. If found, it re-execs `npx --yes -p
@hexclave/cli@<latest> stack dev <your args>` (with a loop guard) and
exits with the child's code. The running code — and the dashboard
bundled in that tarball — is now the latest; the user's installed
devDependency is untouched. npx caches per version, so steady-state runs
are fast.

2. **Dashboard version handshake** (the necessary second half) — `stack
dev` keeps a **detached background dashboard** alive across runs and
reuses it by default, which would otherwise silently defeat the update.
The now-latest process compares the running dashboard's version
(persisted in dev-env state) against its own and **kills + restarts**
the stale one (SIGTERM → wait → SIGKILL) so the new dashboard actually
binds `:26700`. Equal/older/unknown versions are reused exactly as
before.

## Safety / opt-outs

- Skipped for the re-exec'd child (`STACK_CLI_SKIP_AUTO_UPDATE`, loop
guard), when the user opts out (`STACK_CLI_NO_AUTO_UPDATE` /
`--no-auto-update`), and in CI (`CI`).
- Registry lookup is TTL-cached in dev-env state with a short timeout
and is **offline-safe** — any failure (no network, no npx) falls through
to the installed CLI.
- `isVersionNewer` never downgrades and returns false for unparseable
versions.

## Changes

- **`packages/stack-cli/src/lib/self-update.ts`** (new) —
`maybeReexecToLatest()`, `resolveLatestVersion()`, `isVersionNewer()`,
`buildNpxInvocation()`.
- **`packages/stack-cli/src/commands/dev.ts`** — re-exec wiring,
`killLocalDashboard()`, version handshake, `--no-auto-update` flag,
version stamp on the recorded dashboard process.
- **`packages/stack-cli/src/lib/dev-env-state.ts`** —
`localDashboard.version` + `cliUpdateCheck` cache helpers.
- Tests: new `self-update.test.ts` + additions to
`dev-env-state.test.ts`.

## Verification

- `pnpm --filter @hexclave/cli run lint` 
- `pnpm --filter @hexclave/cli run typecheck` 
- `pnpm --filter @hexclave/cli run test`  (132 passed)

## Prerequisite

Relies on `@hexclave/cli` being published to npm with the `latest`
dist-tag tracking releases — otherwise the check is a no-op (which is
safe).

<!-- This is an auto-generated description by cubic. -->
---
## Summary by cubic
`hexclave dev` now re-execs via `npx` to run the latest `@hexclave/cli`,
so the bundled RDE dashboard stays current without reinstalling. It
reuses the running dashboard and only restarts it when the current CLI
is strictly newer.

- **New Features**
- Auto-update: always re-execs `npx --yes --min-release-age=0 -p
@hexclave/cli@latest hexclave dev ...`; runs in CI; opt out with
`--no-auto-update` or `STACK_CLI_NO_AUTO_UPDATE=1`.
- Per-port dashboard version handshake: records the CLI version per port
and restarts only when strictly newer; otherwise reuses it (respects
`NEXT_PUBLIC_HEXCLAVE_LOCAL_DASHBOARD_PORT`).

- **Bug Fixes**
- Safer restarts: after SIGTERM, wait for the port to free instead of
pid probes; bail on ESRCH/EPERM; only SIGKILL if the port still answers.
- Robust execution: ship a single `hexclave` bin (fixes `pnpx`/`pnpm
dlx`), forward SIGINT/SIGTERM to children, validate per-port dashboard
state, update help/messages to `hexclave`, and make Windows re-exec
reliable (`npx.cmd` with shell and argv quoting).

<sup>Written for commit 80c9b30a5c.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1521?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* CLI can auto-check and re-exec to a pinned newer release (opt-out:
--no-auto-update).
* Local dashboard startup is version-aware and only restarts when the
CLI is strictly newer.
  * Improved child-process signal forwarding for cleaner shutdowns.

* **Tests**
* Expanded unit tests covering dev workflow, self-update, package
metadata, persistence, and dashboard lifecycle.

* **Bug Fixes**
  * Updated user-facing CLI messaging to use "hexclave" command names.

* **Chores**
  * Removed legacy docs workspace entry.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com>
2026-06-04 09:01:00 -07:00