Stabilize paired reviewer recovery and owner follow-up

This commit is contained in:
ejclaw
2026-04-06 07:49:26 +09:00
parent 994e957767
commit d75d26c23d
27 changed files with 1474 additions and 166 deletions

View File

@@ -11,7 +11,12 @@ import os from 'os';
import path from 'path';
import { logger } from '../src/logger.js';
import { getPlatform, getNodePath, getServiceManager } from './platform.js';
import {
ensureLinuxReadonlySandboxAppArmorSupport,
getPlatform,
getNodePath,
getServiceManager,
} from './platform.js';
import {
detectLegacyServiceIssues,
formatLegacyServiceFailureMessage,
@@ -33,6 +38,22 @@ export async function run(_args: string[]): Promise<void> {
logger.info({ platform, nodePath, projectRoot }, 'Setting up service');
const readonlySandboxAppArmorSetup =
ensureLinuxReadonlySandboxAppArmorSupport();
if (readonlySandboxAppArmorSetup === 'configured') {
logger.info(
'Configured AppArmor user namespace sysctl for EJClaw readonly sandbox support',
);
} else if (readonlySandboxAppArmorSetup === 'failed') {
logger.warn(
'Failed to apply AppArmor user namespace sysctl for EJClaw readonly sandbox support',
);
} else if (readonlySandboxAppArmorSetup === 'requires-root') {
logger.warn(
'Readonly sandbox strict mode requires root setup to disable AppArmor unprivileged userns restriction',
);
}
const legacyServiceIssues = detectLegacyServiceIssues(
projectRoot,
serviceManager,