chore: merge integration/all-fixes into main (50-commit rollup)

.github/workflows/ci.yml

@@ -39,21 +39,30 @@ jobs:
       - name: Clone sphere-sdk sibling
         # Pin to a specific commit SHA (not a branch name) for supply-chain
         # integrity — a branch pointer can be force-pushed or rebased,
-        # silently changing the code CI builds against. This SHA points at
-        # the tip of `refactor/extract-cli-to-sphere-cli` at the time of
-        # this commit; that branch contains `bc07e89 feat(cli-extraction)`
-        # which promoted CLI-consumed types (CreateInvoiceRequest,
-        # PayInvoiceParams, encrypt/decrypt helpers, etc.) to the public
-        # module surface. Those exports have not yet landed on `main` or
-        # in any published npm version.
+        # silently changing the code CI builds against.
+        #
+        # This SHA is the tip of sphere-sdk `main` ("merge: PR #395 #394
+        # automated CID delivery re-enabled + 512 KiB inline cap + demo
+        # playbook"). That commit exports the symbols `src/shared/sphere-
+        # providers.ts` consumes from `@unicitylabs/sphere-sdk/impl/nodejs`:
+        # `createUxfCarPublisher`, `DEFAULT_IPFS_GATEWAYS`,
+        # `PublishToIpfsCallback`. It also exposes `AccountingModule.
+        # deliverInvoice`, which `invoice-deliver` (PR #18 / issue #226)
+        # calls. Pinning to `main` (rather than the previous integration-
+        # branch tip 02cb4550) avoids the "unable to read tree" failure
+        # when an integration tip is rebased away.
         #
         # Bump this SHA when a new sphere-sdk commit is required; remove
         # this whole workaround once sphere-sdk publishes v0.7.1+ to npm
         # with the post-extraction exports.
         env:
-          SPHERE_SDK_SHA: 86468103ac25271b96a338f64349dd0eb472689f
+          SPHERE_SDK_SHA: 3f3dadf9d03eb29db87f062921751f24bfefdec8
         run: |
           git clone https://github.com/unicity-sphere/sphere-sdk.git ../../sphere-sdk
+          # The pinned SHA may not be on a branch tip after future merges;
+          # fetch it explicitly before checkout so the workflow keeps
+          # working when sphere-sdk main advances past this commit.
+          git -C ../../sphere-sdk fetch origin "$SPHERE_SDK_SHA" || true
           git -C ../../sphere-sdk checkout --detach "$SPHERE_SDK_SHA"
 
       - name: "Build sphere-sdk (required for file: dependency to resolve types)"

.github/workflows/integration-nightly.yml

@@ -35,11 +35,15 @@ jobs:
           cache: npm
 
       # See ci.yml for the rationale behind the sibling-clone workaround.
-      # Kept identical here so a nightly run is hermetic w.r.t. ci.yml state.
+      # Kept identical here (same SHA pin) so a nightly run is hermetic
+      # w.r.t. ci.yml state — bump both together when needed.
       - name: Clone sphere-sdk sibling
+        env:
+          SPHERE_SDK_SHA: 02cb4550facae0bea58c3b04aceaf3059599464b
         run: |
-          git clone --depth 1 --branch refactor/extract-cli-to-sphere-cli \
-            https://github.com/unicity-sphere/sphere-sdk.git ../../sphere-sdk
+          git clone https://github.com/unicity-sphere/sphere-sdk.git ../../sphere-sdk
+          git -C ../../sphere-sdk fetch origin "$SPHERE_SDK_SHA" || true
+          git -C ../../sphere-sdk checkout --detach "$SPHERE_SDK_SHA"
 
       - name: Build sphere-sdk (required for file: dependency to resolve types)
         run: |

src/host/sphere-init.ts

@@ -9,8 +9,11 @@
 
 import * as fs from 'node:fs';
 import { Sphere } from '@unicitylabs/sphere-sdk';
-import { createNodeProviders } from '@unicitylabs/sphere-sdk/impl/nodejs';
 import type { NetworkType } from '@unicitylabs/sphere-sdk';
+import {
+  buildSphereProviders,
+  detectWalletKind,
+} from '../shared/sphere-providers.js';
 
 // All paths are CWD-relative by design — matches legacy-cli behaviour so the
 // same wallet is visible whether invoked via `sphere wallet …` (legacy) or
@@ -48,9 +51,25 @@ function loadConfig(): CliConfig {
 export async function initSphere(): Promise<Sphere> {
   const config = loadConfig();
 
-  const providers = createNodeProviders({
-    network: config.network,
-    dataDir: config.dataDir,
+  // Issue #23 — same gate as the legacy CLI bootstrap. Host commands
+  // cannot operate against a pre-migration wallet because the new
+  // Profile-backed token storage would start empty and silently miss
+  // every token the user has on the legacy IPNS-pointer path. Surface
+  // the migration step explicitly instead of silently mis-routing.
+  const kind = detectWalletKind(config.dataDir);
+  if (kind === 'legacy') {
+    throw new Error(
+      `Legacy wallet detected at ${config.dataDir} (file storage + IPNS sync).\n` +
+        '`sphere host` requires the new Profile storage. Migrate via:\n' +
+        '  sphere wallet migrate           # dry-run summary first\n' +
+        '  sphere wallet migrate --apply   # commit the import\n' +
+        'See GitHub sphere-cli#23 for context.',
+    );
+  }
+
+  const providers = buildSphereProviders({
+    network:   config.network,
+    dataDir:   config.dataDir,
     tokensDir: config.tokensDir,
   });
 
@@ -62,11 +81,16 @@ export async function initSphere(): Promise<Sphere> {
   }
 
   const { sphere } = await Sphere.init({
-    storage: providers.storage,
-    transport: providers.transport,
-    oracle: providers.oracle,
-    network: config.network,
+    storage:      providers.storage,
+    tokenStorage: providers.tokenStorage,
+    transport:    providers.transport,
+    oracle:       providers.oracle,
+    network:      config.network,
     autoGenerate: false,
+    // sphere-sdk #394 — pass through the UXF CID-delivery wiring so
+    // sends of > RELAY_SAFE_CAP_BYTES bundles can promote to CID.
+    ...(providers.publishToIpfs ? { publishToIpfs: providers.publishToIpfs } : {}),
+    ...(providers.cidFetchGateways ? { cidFetchGateways: providers.cidFetchGateways } : {}),
   });
 
   return sphere;

src/index.test.ts

@@ -93,6 +93,17 @@ describe('buildLegacyArgv dispatcher', () => {
       expect(buildLegacyArgv('wallet', ['create', 'foo', '--network', 'testnet']))
         .toEqual(['wallet', 'create', 'foo', '--network', 'testnet']);
     });
+    // Issue #23 — `sphere wallet migrate` is the user-facing entry
+    // point for moving a legacy IPNS-pointer wallet into the new
+    // Profile storage. Lock the dispatch shape so a future namespace
+    // refactor doesn't silently route it elsewhere.
+    it('`wallet migrate` falls through to legacy `wallet migrate`', () => {
+      expect(buildLegacyArgv('wallet', ['migrate'])).toEqual(['wallet', 'migrate']);
+    });
+    it('`wallet migrate --apply` preserves the apply flag', () => {
+      expect(buildLegacyArgv('wallet', ['migrate', '--apply']))
+        .toEqual(['wallet', 'migrate', '--apply']);
+    });
     it('bare `wallet` with no subcommand produces `[wallet]`', () => {
       expect(buildLegacyArgv('wallet', [])).toEqual(['wallet']);
     });

src/legacy/daemon.ts

@@ -42,7 +42,7 @@
  * Parse a PID file. Handles both the new JSON format and the legacy plain-text
  * format (just a number). Returns null on parse failure or missing file.
  */
-function readPidFile(pidFile: string): PidFileData | null {
+export function readPidFile(pidFile: string): PidFileData | null {
   let raw: string;
   try {
     raw = fs.readFileSync(pidFile, 'utf8').trim();
@@ -81,7 +81,7 @@
  * Returns false for dead PIDs and for PIDs that are alive but clearly not ours
  * (i.e. PID reuse case).
  */
-function isDaemonProcessAlive(pid: number): boolean {
+export function isDaemonProcessAlive(pid: number): boolean {
   if (!isProcessAlive(pid)) return false;
   // Best-effort PID reuse detection via /proc/<pid>/comm (Linux only).
   try {
@@ -442,9 +442,13 @@
 function log(message: string): void {
   const line = message.startsWith('[') ? message : `[${new Date().toISOString()}] ${message}`;
   if (logStream) {
+    // In forked mode the WriteStream IS the log destination — avoid
+    // double-writing via the (now-redirected) console.log which also
+    // forwards to the same stream.
     logStream.write(line + '\n');
+  } else {
+    console.log(line);
   }
-  console.log(line);
 }
 
 // =============================================================================
@@ -541,10 +545,10 @@
     const stream = fs.createWriteStream(config.logFile, { flags: 'a' });
     logStream = stream;
     // Redirect console output to log file
     const origLog = console.log;
     const origErr = console.error;
     const origWarn = console.warn;
     console.log = (...a: unknown[]) => { stream.write(a.map(String).join(' ') + '\n'); };
     console.error = (...a: unknown[]) => { stream.write('[ERROR] ' + a.map(String).join(' ') + '\n'); };
     console.warn = (...a: unknown[]) => { stream.write('[WARN] ' + a.map(String).join(' ') + '\n'); };
 
@@ -569,12 +573,27 @@
       throw e;
     }
 
-    // Disconnect from parent
-    if (process.disconnect) process.disconnect();
+    // Disconnect from parent's IPC channel if one exists. The parent's
+    // detachDaemon call passes 'ipc' in stdio (Fix issue #19) so the channel
+    // is normally open here; the `process.connected` guard handles the
+    // edge case of running with a non-IPC stdio (test harnesses, manual
+    // invocation of `daemon start --_forked`). Calling `process.disconnect()`
+    // without a live channel throws "IPC channel is not open", which under
+    // `stdio: 'ignore'` would crash the child silently with no log trail.
+    //
+    // The try/catch handles a residual race: the parent's child.disconnect()
+    // closes the channel at the OS layer, but the JS 'disconnect' event
+    // (which flips process.connected to false) is async — there's a microtask
+    // window where process.connected reads true while the underlying channel
+    // is already torn down, in which case disconnect() throws. Swallowing
+    // here is correct: the goal state (channel closed) already holds.
+    if (process.connected && process.disconnect) {
+      try { process.disconnect(); } catch { /* already torn down by parent */ }
+    }
 
     // Restore on exit for cleanup logging
     process.on('exit', () => {
       console.log = origLog;
       console.error = origErr;
       console.warn = origWarn;
     });
@@ -697,14 +716,21 @@
 // =============================================================================
 
 function detachDaemon(args: string[], flags: DaemonFlags): void {
-  // Build the resolved config just to get the PID file path
+  // Resolve config once so we have BOTH the PID file path (for the advisory
+  // already-running check below) AND the log file path (so we can open it in
+  // the parent and inherit the fd into the child — see fork() call below).
   let pidFile: string;
+  let logFile: string;
   try {
     const rawConfig = buildConfigFromFlags(flags);
     const config = resolveConfig(rawConfig);
     pidFile = config.pidFile;
+    logFile = config.logFile;
   } catch {
     pidFile = getDefaultPidFile();
+    // Match the default emitted by the success message below so the operator
+    // sees a consistent path. resolveConfig() would normally produce this.
+    logFile = '.sphere-cli/daemon.log';
   }
 
   // Check if already running. Note: this check is advisory only — the forked
@@ -723,22 +749,43 @@
   // Build child args: replace --detach with --_forked, keep everything else
   const childArgs = ['daemon', 'start', '--_forked', ...args.filter(a => a !== '--detach')];
 
-  // Fork the child process
+  // Fix issue #19: Open the log file in the parent and pass its fd as the
+  // child's stdout and stderr. The previous `stdio: 'ignore'` discarded both
+  // streams, so any failure between fork() and the child's first WriteStream
+  // flush — including the silent crash from `process.disconnect()` throwing
+  // on a missing IPC channel — was invisible: no log, no PID-file cleanup,
+  // just a stale pid. With the fd inherited at OS level, any thrown error,
+  // uncaught exception, or stderr emission lands in the log file before any
+  // Node-level streaming machinery is required.
+  //
+  // The 'ipc' entry is required by child_process.fork() (Node throws
+  // "Forked processes must have an IPC channel" without it). The parent
+  // does not send messages over the channel — it exists solely to satisfy
+  // fork's contract. The child's runDaemon() calls process.disconnect()
+  // (guarded on process.connected) to release the channel from the child's
+  // event loop after PID-file write.
+  ensureDir(logFile);
+  const logFd = fs.openSync(logFile, 'a');
+  fs.writeSync(
+    logFd,
+    `[${new Date().toISOString()}] sphere daemon: forking child (parent PID ${process.pid})\n`,
+  );
   const child = fork(process.argv[1], childArgs, {
     detached: true,
-    stdio: 'ignore',
+    stdio: ['ignore', logFd, logFd, 'ipc'],
   });
+  // Child has inherited its own copy of the fd; close the parent's reference.
+  fs.closeSync(logFd);
 
+  // Don't keep the parent alive waiting for the child. We also disconnect
+  // the parent's end of the IPC channel so process.exit(0) below doesn't
+  // need to forcibly tear down a live handle.
   child.unref();
+  if (child.connected) child.disconnect();
 
   console.log(`Daemon started in background (PID ${child.pid})`);
   console.log(`PID file: ${pidFile}`);
-
-  if (flags.logFile) {
-    console.log(`Log file: ${flags.logFile}`);
-  } else {
-    console.log('Log file: .sphere-cli/daemon.log');
-  }
+  console.log(`Log file: ${logFile}`);
 
   process.exit(0);
 }
@@ -753,7 +800,7 @@
 
   const pidData = readPidFile(pidFile);
   if (!pidData) {
     console.log('No daemon running (PID file not found).');
     return;
   }
   const pid = pidData.pid;
@@ -762,12 +809,12 @@
   // appears to be a different (non-node) process, treat as stale so we don't
   // SIGTERM someone else's editor/shell.
   if (!isDaemonProcessAlive(pid)) {
     console.log(`Stale PID file (process ${pid} not running or reused). Cleaning up.`);
     safeUnlink(pidFile);
     return;
   }
 
   console.log(`Stopping daemon (PID ${pid})...`);
 
   // Fix D-6: SIGTERM may race against process exit (ESRCH). Treat as already-dead.
   try {