Skip to content

chore: pin deps, collapse CI to one job, deactivate dependabot, fix node-pty on macOS#19

Merged
akougkas merged 5 commits into
mainfrom
fix/node-pty-darwin-permissions
Apr 25, 2026
Merged

chore: pin deps, collapse CI to one job, deactivate dependabot, fix node-pty on macOS#19
akougkas merged 5 commits into
mainfrom
fix/node-pty-darwin-permissions

Conversation

@akougkas
Copy link
Copy Markdown
Contributor

@akougkas akougkas commented Apr 25, 2026
edited
Loading

Summary

Single PR. Three concerns, one merge:

  1. Pin every dependency to an exact version. No more ^ drift. npm ci reproduces an identical tree. All three @mariozechner/pi-* packages aligned at 0.70.2 (the manual merge of build(deps): bump @mariozechner/pi-agent-core from 0.69.0 to 0.70.2 #18 left them mismatched).
  2. Collapse CI to one workflow, one job. lint + typecheck + test + build + e2e on Ubuntu / Node 24. Matrix and cross-platform-tracking deleted; revisit when there's a reason.
  3. Deactivate dependabot. Config file removed. Re-enable in a later session when the dependency surface stops moving daily.

Files

change path
add scripts/fix-node-pty-permissions.mjs
modify package.json (postinstall hook + pinned deps)
modify package-lock.json
modify .github/workflows/ci.yml (single job)
modify .github/branch-protection-main.json (require single ci check)
delete .github/workflows/ci-cross-platform.yml
delete .github/dependabot.yml

Why the spawn-helper fix

node-pty 1.1.0 ships prebuilds/darwin-{arm64,x64}/spawn-helper from its npm tarball with 0o644 permissions. On macOS the first pty.spawn() returns posix_spawnp failed because the kernel refuses to exec a non-executable file. Linux dodged it (no Linux prebuild ships, node-gyp recompiles). Hidden until the harness-index flake stopped aborting tests early.

The postinstall script chmods the helpers to 0o755. Idempotent and defensive.

Verification

npm run ci clean on Node 24 locally: 587 unit/integration tests, 40 e2e tests, full build, 0 audit advisories.

akougkas added 3 commits April 25, 2026 07:12
@akougkas
fix(build): chmod node-pty darwin spawn-helper on postinstall
b64961a 
node-pty 1.1.0's published tarball ships
prebuilds/darwin-{arm64,x64}/spawn-helper without the executable bit
(0o644). The first time the test pty harness called pty.spawn() on
macOS, posix_spawnp from the native binding refused the helper and
returned "posix_spawnp failed". Linux dodged this because no Linux
prebuild ships; node-gyp recompiled the helper on install and the
compiler emits an executable. Windows uses winpty/conpty.

The postinstall hook chmods the helpers to 0o755. Idempotent and
defensive: missing prebuilds are skipped, chmod failures are
swallowed so postinstall can never fail an install. End users do
not call pty.spawn anywhere in clio's runtime; this only affects
test harness usage on macOS, but shipping it as a real postinstall
keeps `npm install` and `npm ci` honest on every platform.
@akougkas
ci: collapse to a single workflow, deactivate dependabot
a7b635f 
Early-stage heavy dev does not need a 3-job split, a separate
cross-platform workflow with auto-issue creation, or a dependabot
that opens a PR every time someone pushes a patch upstream.

Drop:
- .github/workflows/ci-cross-platform.yml (macOS post-merge + nightly)
- .github/dependabot.yml (the whole config; revisit when the surface
  is stable enough to want passive update PRs)

Reshape ci.yml to one job that runs typecheck + lint + test + build
+ e2e on Ubuntu / Node 24. Same coverage as before, single check,
no theater.

Branch-protection contexts collapse to just "ci" to match.
@akougkas
build(deps): pin every dependency to an exact version
2d35fb7 
Caret ranges meant npm pulled fresh patches on every install and
dependabot proposed PRs for the same. With dependabot deactivated
and the project under heavy iteration, we want reproducible installs:
two contributors running `npm ci` two months apart get identical
trees.

All three pi-mono packages aligned at 0.70.2 (the user-merged bump
in #18 left @mariozechner/pi-agent-core ahead of pi-ai and pi-tui).
Full local CI clean against the matched 0.70.2 set.
@akougkas akougkas force-pushed the fix/node-pty-darwin-permissions branch from b8d2092 to 2d35fb7 Compare April 25, 2026 12:14
@akougkas akougkas changed the title fix(build): chmod node-pty darwin spawn-helper on postinstall chore: pin deps, collapse CI to one job, deactivate dependabot, fix node-pty on macOS Apr 25, 2026
akougkas added 2 commits April 25, 2026 07:19
@akougkas
test(bash): widen abort timing to absorb cold-runner shell startup
467c5a1 
bashTool spawns `/bin/bash -lc`. On a cold CI runner /etc/profile
takes long enough to read that the SIGTERM from a 250ms abort can
land before the inline `trap "" TERM` is installed, killing the
shell at the default disposition. The test then sees ~250ms total
elapsed and fails the >=5000ms assertion even though the production
escalation path is fine.

Move the abort to 1500ms (well past the slowest profile read we see)
and assert the >=4500ms grace window relative to the abort instead
of the test start. Same coverage, no flake.
@akougkas
ci: bump biome schema URL to 2.4.13, reflow test for biome formatter
a9a21cb
@akougkas akougkas merged commit 62c7c33 into main Apr 25, 2026
1 check passed
@akougkas akougkas deleted the fix/node-pty-darwin-permissions branch April 25, 2026 12:22
@akougkas akougkas mentioned this pull request Apr 25, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@akougkas