Skip to content

tooling: soup build/verify stack + Windows estate scripts#61

Merged
heavygee merged 1 commit into
mainfrom
tooling/soup-build-stack
Jun 23, 2026
Merged

tooling: soup build/verify stack + Windows estate scripts#61
heavygee merged 1 commit into
mainfrom
tooling/soup-build-stack

Conversation

@heavygee

Copy link
Copy Markdown
Owner

Summary

  • Commits the soup dogfood recovery tooling that was on disk and referenced in docs but missing from origin/main after the Jun-22 salvage (hapi-driver-build-web, hapi-verify-web-dist, lib/build-web-atomic.sh, promotion stamp helpers, etc.).
  • Adds Windows production-mutation guard + muzzle install scripts and docs/operator/windows-estate-agents.md.
  • Updates docs/tooling/mirror-main-layout.md: fork main changes land via PR only, not direct push.

Supersedes the intent of closed #60 (blocked on docs/plans/ leakage). Tooling-only.

Test plan

  • bash -n on new shell scripts
  • Doc cross-refs resolve
  • Merge via PR (not direct main push)

Made with Cursor

Jun-22 dogfood recovery scripts were referenced in driver-soup.md and
feature-work-lifecycle.md but never landed on origin/main during salvage.
Adds build-web atomic path, promotion stamp helpers, web/dist verify,
Windows production-mutation guard, and mirror-main PR discipline note.

Co-authored-by: Cursor <cursoragent@cursor.com>

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a3d40daf65

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +17 to +24
CMD=$(printf '%s' "$INPUT" | jq -r '
[
.command,
.input.command,
.tool_input.command,
.input.cmd,
.tool_input.cmd
]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Parse top-level cmd before allowing hook input

When a hook payload supplies the shell text as top-level cmd, this extractor leaves CMD empty and the guard immediately returns allow, so an SSH production mutation such as {"cmd":"ssh server 'kill ... hapi-hub :3006'"} bypasses the new muzzle entirely. The Windows twin already accepts top-level cmd; add .cmd here or fail closed when parsing succeeds but no supported command field is found.

Useful? React with 👍 / 👎.

Comment on lines +38 to +42
(.agentSessionId // "") as $aid
| $aid != $agent
and ($aid | startswith($agent) | not)
and ($agent | startswith($aid) | not)
)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep sessions with missing agent IDs in drain count

When PATIENT_EXCLUDE_AGENT is set, any WORKING session without agentSessionId gets $aid == ""; because every string starts with the empty string, $agent | startswith($aid) is true and this predicate drops that unrelated session from the drain set. In patient-drain callers this can report zero blocking work and proceed with a stack switch while a session that lacks an agent id is still running; only run the reverse prefix check when $aid is non-empty.

Useful? React with 👍 / 👎.

Comment on lines +20 to +23
const plugins = (base.plugins ?? []).filter((p) => {
const name = p?.name ?? ''
return !name.includes('vite-plugin-pwa') && name !== 'vite:pwa'
})

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Flatten Vite plugins before dropping PWA

With the current web/vite.config.ts, the VitePWA(...) entry is a nested array of plugins, so this filter sees that array as one item, gets an empty name, and keeps the whole PWA plugin set. That means the “strip VitePWA” soup-build path still runs the injectManifest stage it is meant to avoid under memory pressure; flatten the plugin list (or otherwise inspect nested entries) before filtering by name.

Useful? React with 👍 / 👎.

)
}
}
($hookDoc | ConvertTo-Json -Depth 6) | Set-Content -Encoding UTF8 (Join-Path $cursor 'hooks.json')

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Merge workspace hooks instead of replacing them

When the installer reaches the workspace deploy step, this writes a brand-new .cursor/hooks.json and discards any existing workspace hooks, even though the top-level installer promises to preserve unrelated hooks. On a workspace that already has a beforeShellExecution hook, refreshing the muzzle silently disables that hook; mirror the merge logic used for the user-level hooks instead of overwriting the file.

Useful? React with 👍 / 👎.

fi

# Driver tree destruction / sneak promote
if printf '%s' "$lc" | grep -qE 'git reset --hard.*(driver|hapi/driver)|embeddedassets.*driver|cp -r.*embeddedassets'; then

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Catch resets after changing into driver

When the command first changes into the driver tree and then resets, e.g. cd ~/coding/hapi/driver && git reset --hard, this pattern does not match because it only catches git reset --hard followed later by driver or hapi/driver. That is a common form of the destructive driver reset the guard is meant to block, so those production mutations still pass; also match chained cd/cwd forms.

Useful? React with 👍 / 👎.


# Returns 0 when port is free OR owned correctly by systemd hub on expected tree.
# Prints human-readable errors to stderr and returns 1 on rogue ownership.
hub_port_guard_assert_production() {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Wire the port guard into activation paths

Repo-wide search shows hub_port_guard_assert_production is only defined in this new file and is not sourced by hapi-watch-activate-driver, hapi-use-worktree, or hapi-use-driver, so the rogue-listener check never runs before activation despite the guard's stated purpose. Wire this function into the activation/restart paths; otherwise a manual hub on :3006 can still block systemd unnoticed.

Useful? React with 👍 / 👎.


HAPI_PROMOTION_FILE="${HAPI_PROMOTION_FILE:-$HOME/.hapi/driver-promotion.json}"

driver_promotion_stamp() {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Stamp and check promotions from real callers

Repo-wide search shows driver_promotion_stamp and driver_promotion_check are only defined here; hapi-driver-rebuild --verify never records a verified SHA and hapi-use-driver never checks one before switching. As a result, the new promotion contract is inert and live stack switches remain possible without the verified build this helper is supposed to require.

Useful? React with 👍 / 👎.

@heavygee heavygee merged commit aa741d3 into main Jun 23, 2026
0 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant