fix(mosaic): resumable gateway install + prominent admin token

The `mosaic gateway install` command had three UX problems: 1. Admin API token was silently saved to meta.json and never shown to the user — no way to retrieve it without reading the file. 2. If install crashed mid-way (e.g. daemon health-check failure), the next run prompted "Reinstall? [y/N]" and aborted on N, leaving a half-configured install with no resume path. 3. Health-check failures only pointed at `mosaic gateway logs` — user had to run a separate command to see the actual error. Changes: - **Prominent admin token banner** printed immediately after bootstrap creates the first admin user. Clear "save now, won't be shown again" warning. - **Resumable install state machine.** Detects partial installs from meta.json + .env + mosaic.config.json + daemon state, and picks up where a prior attempt stopped instead of prompting. Fully set up installs now offer "re-run config wizard" with explicit warnings about what it does (regenerates .env, clears admin token, may change backend storage). - **Inline log tail on health failure.** Last 30 non-empty lines of gateway.log printed automatically when the daemon fails to become healthy, so the user sees the underlying error without running a second command. - **Corrupt-state detection.** If exactly one of .env / mosaic.config.json exists (from an interrupted prior install), refuses to guess and directs the user to `mosaic gateway uninstall`. - **BETTER_AUTH_SECRET preservation** across config regeneration so existing Better Auth sessions aren't silently invalidated. - **Admin token dropped on any config regeneration** (the wizard may point at a different backend; the old token is unverifiable). - **Daemon stopped before config rewrite** so the live process never serves stale config. - Bump `@mosaic/mosaic` 0.0.19 → 0.0.20. Known follow-ups (noted in review): - `--port 14242` as an explicit override cannot be distinguished from commander's default value; requires plumbing an `explicit` flag. - No automated test coverage for the new state branches; requires mocking fs/readline/fetch/spawn. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 22:08:39 -05:00
parent 2b1840214e
commit 7e95107ed5
3 changed files with 305 additions and 68 deletions
--- a/docs/scratchpads/gateway-install-ux-20260404.md
+++ b/docs/scratchpads/gateway-install-ux-20260404.md
@@ -0,0 +1,47 @@
 # Gateway Install UX Fixes — 2026-04-04
 ## Context
 User hit two publish-drift bugs on `mosaic gateway install` (fixed in #386 and
 #389). On top of those, the install UX itself has three concrete problems:
 1. Admin API token is generated by the bootstrap step and saved to
   `~/.config/mosaic/gateway/meta.json`, but never shown to the user. There is
   no way to retrieve it without reading the file or running `mosaic gateway
 config` afterward.
 2. When install crashes mid-way (e.g. daemon fails to become healthy), the
   next run of `mosaic gateway install` prompts "Reinstall? [y/N]". Saying N
   aborts, leaving the user with a half-configured install and no clear path
   forward. There is no resume path.
 3. Health-check failure only prints "Check logs: mosaic gateway logs" — forcing
   the user to run another command to see the actual error.
 ## Goal
 Make `mosaic gateway install` a single end-to-end, resumable command that shows
 the admin token on creation and surfaces errors inline.
 ## Plan
 - `install.ts`: detect partial state (meta exists, no admin token, daemon not
  running) and skip already-completed phases instead of aborting.
 - `install.ts`: add a prominent "Admin API Token" banner printed right after
  bootstrap succeeds. Include copy-now warning.
 - `install.ts`: on health-check timeout, read the tail of `LOG_FILE` and print
  the last ~30 non-empty lines before returning.
 - Keep `mosaic gateway config` as-is (view/edit env vars); this is not the
  setup wizard.
 - No new commands. No new flags yet.
 ## Out of scope
 - Readline/stdin piping fragility (pre-existing, not related to user complaint).
 - Refactor to a phased state machine (overkill for three targeted fixes).
 ## Verification
 - Typecheck, lint, format (mandatory gates).
 - Manual end-to-end: fresh install → confirm token displayed.
 - Manual resume: delete daemon.pid mid-install → re-run → confirm it resumes.
 - Manual failure: point ENV_FILE port to a used port → re-run → confirm log
  tail is printed.
--- a/packages/mosaic/package.json
+++ b/packages/mosaic/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@mosaicstack/mosaic",
-  "version": "0.0.19",
+  "version": "0.0.20",
  "repository": {
    "type": "git",
    "url": "https://git.mosaicstack.dev/mosaic/mosaic-stack.git",
--- a/packages/mosaic/src/commands/gateway/install.ts
+++ b/packages/mosaic/src/commands/gateway/install.ts
@@ -1,21 +1,26 @@
 import { randomBytes } from 'node:crypto';
-import { writeFileSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { createInterface } from 'node:readline';
 import type { GatewayMeta } from './daemon.js';
 import {
  ENV_FILE,
  GATEWAY_HOME,
  LOG_FILE,
  ensureDirs,
  getDaemonPid,
  installGatewayPackage,
  readMeta,
  resolveGatewayEntry,
  startDaemon,
  stopDaemon,
  waitForHealth,
  writeMeta,
  getInstalledGatewayVersion,
 } from './daemon.js';
 const MOSAIC_CONFIG_FILE = join(GATEWAY_HOME, 'mosaic.config.json');
 interface InstallOpts {
  host: string;
  port: number;
@@ -36,30 +41,198 @@ export async function runInstall(opts: InstallOpts): Promise<void> {
 }
 async function doInstall(rl: ReturnType<typeof createInterface>, opts: InstallOpts): Promise<void> {
  // Check existing installation
  const existing = readMeta();
-  if (existing) {
+  const envExists = existsSync(ENV_FILE);
-    const answer = await prompt(
+  const mosaicConfigExists = existsSync(MOSAIC_CONFIG_FILE);
-      rl,
+  let hasConfig = envExists && mosaicConfigExists;
-      `Gateway already installed (v${existing.version}). Reinstall? [y/N] `,
+  let daemonRunning = getDaemonPid() !== null;
  const hasAdminToken = Boolean(existing?.adminToken);
  // `opts.host` already incorporates meta fallback via the parent command
  // in gateway.ts (resolveOpts). Using it directly also lets a user pass
  // `--host X` to recover from a previous install that stored a broken
  // host. We intentionally do not prefer `existing.host` over `opts.host`.
  const host = opts.host;
  // Corrupt partial state: exactly one of the two config files survived.
  // This happens when an earlier install was interrupted between writing
  // .env and mosaic.config.json. Rewriting the missing one would silently
  // rotate BETTER_AUTH_SECRET or clobber saved DB/Valkey URLs. Refuse to
  // guess — tell the user how to recover. Check file presence only; do
  // NOT gate on `existing`, because the installer writes config before
  // meta, so an interrupted first install has no meta yet.
  if ((envExists || mosaicConfigExists) && !hasConfig) {
    console.error('Gateway install is in a corrupt partial state:');
    console.error(`  .env file:            ${envExists ? 'present' : 'MISSING'} (${ENV_FILE})`);
    console.error(
      `  mosaic.config.json:   ${mosaicConfigExists ? 'present' : 'MISSING'} (${MOSAIC_CONFIG_FILE})`,
    );
-    if (answer.toLowerCase() !== 'y') {
+    console.error('\nRun `mosaic gateway uninstall` to clean up, then re-run install.');
-      console.log('Aborted.');
+    return;
      return;
    }
  }
-  // Step 1: Install npm package
+  // Fully set up already — offer to re-run the config wizard and restart.
-  if (!opts.skipInstall) {
+  // The wizard allows changing storage tier / DB URLs, so this can move
  // the install onto a different data store. We do NOT wipe persisted
  // local data here — for a true scratch wipe run `mosaic gateway
  // uninstall` first.
  let explicitReinstall = false;
  if (existing && hasConfig && daemonRunning && hasAdminToken) {
    console.log(`Gateway is already installed and running (v${existing.version}).`);
    console.log(`  Endpoint:  http://${existing.host}:${existing.port.toString()}`);
    console.log(`  Status:    mosaic gateway status`);
    console.log();
    console.log('Re-running the config wizard will:');
    console.log('  - regenerate .env and mosaic.config.json');
    console.log('  - restart the daemon');
    console.log('  - preserve BETTER_AUTH_SECRET (sessions stay valid)');
    console.log('  - clear the stored admin token (you will re-bootstrap an admin user)');
    console.log('  - allow changing storage tier / DB URLs (may point at a different data store)');
    console.log('To wipe persisted data, run `mosaic gateway uninstall` first.');
    const answer = await prompt(rl, 'Re-run config wizard? [y/N] ');
    if (answer.trim().toLowerCase() !== 'y') {
      console.log('Nothing to do.');
      return;
    }
    // Fall through. The daemon stop below triggers because hasConfig=false
    // forces the wizard to re-run.
    hasConfig = false;
    explicitReinstall = true;
  } else if (existing && (hasConfig || daemonRunning)) {
    // Partial install detected — resume instead of re-prompting the user.
    console.log('Detected a partial gateway installation — resuming setup.\n');
  }
  // If we are going to (re)write config, the running daemon would end up
  // serving the old config while health checks and meta point at the new
  // one. Always stop the daemon before writing config.
  if (!hasConfig && daemonRunning) {
    console.log('Stopping gateway daemon before writing new config...');
    try {
      await stopDaemon();
    } catch (err) {
      const msg = err instanceof Error ? err.message : String(err);
      if (/not running/i.test(msg)) {
        // Raced with daemon exit — fine, proceed.
      } else {
        console.error(`Failed to stop running daemon: ${msg}`);
        console.error('Refusing to rewrite config while an unknown-state daemon is running.');
        console.error('Stop it manually (mosaic gateway stop) and re-run install.');
        return;
      }
    }
    // Re-check — stop may have succeeded but we want to be sure before
    // writing new config files and starting a fresh process.
    if (getDaemonPid() !== null) {
      console.error('Gateway daemon is still running after stop attempt. Aborting.');
      return;
    }
    daemonRunning = false;
  }
  // Step 1: Install npm package. Always run on first install and on any
  // resume where the daemon is NOT already running — a prior failure may
  // have been caused by a broken package version, and the retry should
  // pick up the latest release. Skip only when resuming while the daemon
  // is already alive (package must be working to have started).
  if (!opts.skipInstall && !daemonRunning) {
    installGatewayPackage();
  }
  ensureDirs();
-  // Step 2: Collect configuration
+  // Step 2: Collect configuration (skip if both files already exist).
  // On resume, treat the .env file as authoritative for port — but let a
  // user-supplied non-default `--port` override it so they can recover
  // from a conflicting saved port the same way `--host` lets them
  // recover from a bad saved host. `opts.port === 14242` is commander's
  // default (not explicit user input), so we prefer .env in that case.
  let port: number;
  const regeneratedConfig = !hasConfig;
  if (hasConfig) {
    const envPort = readPortFromEnv();
    port = opts.port !== 14242 ? opts.port : (envPort ?? existing?.port ?? opts.port);
    console.log(`Using existing config at ${ENV_FILE} (port ${port.toString()})`);
  } else {
    port = await runConfigWizard(rl, opts);
  }
  // Step 3: Write meta.json. Prefer host from existing meta when resuming.
  let entryPoint: string;
  try {
    entryPoint = resolveGatewayEntry();
  } catch {
    console.error('Error: Gateway package not found after install.');
    console.error('Check that @mosaicstack/gateway installed correctly.');
    return;
  }
  const version = getInstalledGatewayVersion() ?? 'unknown';
  // Preserve the admin token only on a pure resume (no config regeneration).
  // Any time we regenerated config, the wizard may have pointed at a
  // different storage tier / DB URL, so the old token is unverifiable —
  // drop it and require re-bootstrap.
  const preserveToken = !regeneratedConfig && Boolean(existing?.adminToken);
  const meta: GatewayMeta = {
    version,
    installedAt: explicitReinstall
      ? new Date().toISOString()
      : (existing?.installedAt ?? new Date().toISOString()),
    entryPoint,
    host,
    port,
    ...(preserveToken && existing?.adminToken ? { adminToken: existing.adminToken } : {}),
  };
  writeMeta(meta);
  // Step 4: Start the daemon (idempotent — skip if already running).
  if (!daemonRunning) {
    console.log('\nStarting gateway daemon...');
    try {
      const pid = startDaemon();
      console.log(`Gateway started (PID ${pid.toString()})`);
    } catch (err) {
      console.error(`Failed to start: ${err instanceof Error ? err.message : String(err)}`);
      printLogTail();
      return;
    }
  } else {
    console.log('\nGateway daemon is already running.');
  }
  // Step 5: Wait for health
  console.log('Waiting for gateway to become healthy...');
  const healthy = await waitForHealth(host, port, 30_000);
  if (!healthy) {
    console.error('\nGateway did not become healthy within 30 seconds.');
    printLogTail();
    console.error('\nFix the underlying error above, then re-run `mosaic gateway install`.');
    return;
  }
  console.log('Gateway is healthy.\n');
  // Step 6: Bootstrap — first admin user.
  await bootstrapFirstUser(rl, host, port, meta);
  console.log('\n─── Installation Complete ───');
  console.log(`  Endpoint:  http://${host}:${port.toString()}`);
  console.log(`  Config:    ${GATEWAY_HOME}`);
  console.log(`  Logs:      mosaic gateway logs`);
  console.log(`  Status:    mosaic gateway status`);
 }
 async function runConfigWizard(
  rl: ReturnType<typeof createInterface>,
  opts: InstallOpts,
 ): Promise<number> {
  console.log('\n─── Gateway Configuration ───\n');
-  // Tier selection
+  // If a previous .env exists on disk, reuse its BETTER_AUTH_SECRET so
  // regenerating config does not silently log out existing users.
  const preservedAuthSecret = readEnvVarFromFile('BETTER_AUTH_SECRET');
  if (preservedAuthSecret) {
    console.log('(Preserving existing BETTER_AUTH_SECRET — auth sessions will remain valid.)\n');
  }
  console.log('Storage tier:');
  console.log('  1. Local (embedded database, no dependencies)');
  console.log('  2. Team (PostgreSQL + Valkey required)');
@@ -91,10 +264,8 @@ async function doInstall(rl: ReturnType<typeof createInterface>, opts: InstallOp
  const corsOrigin =
    (await prompt(rl, 'CORS origin [http://localhost:3000]: ')) || 'http://localhost:3000';
-  // Generate auth secret
+  const authSecret = preservedAuthSecret ?? randomBytes(32).toString('hex');
  const authSecret = randomBytes(32).toString('hex');
  // Step 3: Write .env
  const envLines = [
    `GATEWAY_PORT=${port.toString()}`,
    `BETTER_AUTH_SECRET=${authSecret}`,
@@ -116,7 +287,6 @@ async function doInstall(rl: ReturnType<typeof createInterface>, opts: InstallOp
  writeFileSync(ENV_FILE, envLines.join('\n') + '\n', { mode: 0o600 });
  console.log(`\nConfig written to ${ENV_FILE}`);
  // Step 3b: Write mosaic.config.json
  const mosaicConfig =
    tier === 'local'
      ? {
@@ -132,66 +302,81 @@ async function doInstall(rl: ReturnType<typeof createInterface>, opts: InstallOp
          memory: { type: 'pgvector' },
        };
-  const configFile = join(GATEWAY_HOME, 'mosaic.config.json');
+  writeFileSync(MOSAIC_CONFIG_FILE, JSON.stringify(mosaicConfig, null, 2) + '\n', { mode: 0o600 });
-  writeFileSync(configFile, JSON.stringify(mosaicConfig, null, 2) + '\n', { mode: 0o600 });
+  console.log(`Config written to ${MOSAIC_CONFIG_FILE}`);
  console.log(`Config written to ${configFile}`);
-  // Step 4: Write meta.json
+  return port;
-  let entryPoint: string;
+}
 function readEnvVarFromFile(key: string): string | null {
  if (!existsSync(ENV_FILE)) return null;
  try {
-    entryPoint = resolveGatewayEntry();
+    for (const line of readFileSync(ENV_FILE, 'utf-8').split('\n')) {
      const trimmed = line.trim();
      if (!trimmed || trimmed.startsWith('#')) continue;
      const eqIdx = trimmed.indexOf('=');
      if (eqIdx <= 0) continue;
      if (trimmed.slice(0, eqIdx) !== key) continue;
      return trimmed.slice(eqIdx + 1);
    }
  } catch {
-    console.error('Error: Gateway package not found after install.');
+    return null;
-    console.error('Check that @mosaicstack/gateway installed correctly.');
+  }
  return null;
 }
 function readPortFromEnv(): number | null {
  const raw = readEnvVarFromFile('GATEWAY_PORT');
  if (raw === null) return null;
  const parsed = parseInt(raw, 10);
  return Number.isNaN(parsed) ? null : parsed;
 }
 function printLogTail(maxLines = 30): void {
  if (!existsSync(LOG_FILE)) {
    console.error(`(no log file at ${LOG_FILE})`);
    return;
  }
  const version = getInstalledGatewayVersion() ?? 'unknown';
  const meta = {
    version,
    installedAt: new Date().toISOString(),
    entryPoint,
    host: opts.host,
    port,
  };
  writeMeta(meta);
  // Step 5: Start the daemon
  console.log('\nStarting gateway daemon...');
  try {
-    const pid = startDaemon();
+    const lines = readFileSync(LOG_FILE, 'utf-8')
-    console.log(`Gateway started (PID ${pid.toString()})`);
+      .split('\n')
      .filter((l) => l.trim().length > 0);
    const tail = lines.slice(-maxLines);
    if (tail.length === 0) {
      console.error('(log file is empty)');
      return;
    }
    console.error(`\n─── Last ${tail.length.toString()} log lines (${LOG_FILE}) ───`);
    for (const line of tail) console.error(line);
    console.error('─────────────────────────────────────────────');
  } catch (err) {
-    console.error(`Failed to start: ${err instanceof Error ? err.message : String(err)}`);
+    console.error(`Could not read log file: ${err instanceof Error ? err.message : String(err)}`);
    return;
  }
 }
-  // Step 6: Wait for health
+function printAdminTokenBanner(token: string): void {
-  console.log('Waiting for gateway to become healthy...');
+  const border = '═'.repeat(68);
-  const healthy = await waitForHealth(opts.host, port, 30_000);
+  console.log();
-  if (!healthy) {
+  console.log(border);
-    console.error('Gateway did not become healthy within 30 seconds.');
+  console.log('  Admin API Token');
-    console.error(`Check logs: mosaic gateway logs`);
+  console.log(border);
-    return;
+  console.log();
-  }
+  console.log(`    ${token}`);
-  console.log('Gateway is healthy.\n');
+  console.log();
-
+  console.log('  Save this token now — it will not be shown again in full.');
-  // Step 7: Bootstrap — first user setup
+  console.log('  It is stored (read-only) at:');
-  await bootstrapFirstUser(rl, opts.host, port, meta);
+  console.log(`    ${join(GATEWAY_HOME, 'meta.json')}`);
-
+  console.log();
-  console.log('\n─── Installation Complete ───');
+  console.log('  Use it with admin endpoints, e.g.:');
-  console.log(`  Endpoint:  http://${opts.host}:${port.toString()}`);
+  console.log(`    mosaic gateway --token <token> status`);
-  console.log(`  Config:    ${GATEWAY_HOME}`);
+  console.log(border);
  console.log(`  Logs:      mosaic gateway logs`);
  console.log(`  Status:    mosaic gateway status`);
 }
 async function bootstrapFirstUser(
  rl: ReturnType<typeof createInterface>,
  host: string,
  port: number,
-  meta: Omit<GatewayMeta, 'adminToken'> & { adminToken?: string },
+  meta: GatewayMeta,
 ): Promise<void> {
  const baseUrl = `http://${host}:${port.toString()}`;
@@ -201,7 +386,12 @@ async function bootstrapFirstUser(
    const status = (await statusRes.json()) as { needsSetup: boolean };
    if (!status.needsSetup) {
-      console.log('Admin user already exists — skipping setup.');
+      if (meta.adminToken) {
        console.log('Admin user already exists (token on file).');
      } else {
        console.log('Admin user already exists — skipping setup.');
        console.log('(No admin token on file — sign in via the web UI to manage tokens.)');
      }
      return;
    }
  } catch {
@@ -247,12 +437,12 @@ async function bootstrapFirstUser(
      token: { plaintext: string };
    };
-    // Save admin token to meta
+    // Persist the token so future CLI calls can authenticate automatically.
    meta.adminToken = result.token.plaintext;
-    writeMeta(meta as GatewayMeta);
+    writeMeta(meta);
    console.log(`\nAdmin user created: ${result.user.email}`);
-    console.log('Admin API token saved to gateway config.');
+    printAdminTokenBanner(result.token.plaintext);
  } catch (err) {
    console.error(`Bootstrap error: ${err instanceof Error ? err.message : String(err)}`);
  }