Dev

[cap-jmk-real]

Summary by CodeRabbit

• New Features

  • Added CLI cleanup commands: shiphook cleanup --domain <host> and shiphook cleanup --all.
  • CLI now shows a concise completion message after HTTPS bootstrap (prints webhook secret and exits under systemd).

• Documentation

  • Added cleanup guidance, multi-app deployment patterns, systemd unit notes, and updated troubleshooting steps for stale nginx/systemd state.

• Tests

  • Added tests covering cleanup argument parsing and unit/file selection.

• Chores

  • Bumped package version to 0.10.5.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new Linux-only cleanup CLI subcommand removes stale Shiphook systemd units and nginx configuration files, supporting domain-scoped (--domain <host>) and global (--all) modes with timestamped backups. README and docs were updated to document the command and clarify multi-app and service naming conventions.

Changes

Cohort / File(s)	Summary
Cleanup Implementation src/cleanup.ts, src/cleanup.test.ts	New cleanup module and tests: introduces CleanupTarget type, parseCleanupTarget(), unitMatchesDomain(), selectDomainUnitsForCleanup(), buildCleanupBashCommand(), and runCleanup(). Implements domain validation, domain/all modes, timestamped nginx backups, systemd unit detection/removal, and tests covering parsing, command generation, and unit-matching.
CLI Integration src/cli.ts	Added cleanup subcommand with Linux-only gating via runCleanupCliCommand(). Adjusted post-HTTPS-bootstrap messaging to simpler completion text (no server summary).
Documentation README.md, docs/deployment-recipes.md, docs/self-hosted-https.md, docs/systemd.md	Documented `shiphook cleanup --domain
Version Metadata package.json	Bumped package version 0.10.4 → 0.10.5.

Sequence Diagram

sequenceDiagram
    actor User
    participant CLI as "CLI Parser"
    participant Validator as "Arg Validator"
    participant Generator as "Bash Command Generator"
    participant Executor as "Process Executor"
    participant Systemd as "systemd"
    participant Nginx as "nginx"

    User->>CLI: shiphook cleanup --domain example.com
    CLI->>Validator: parseCleanupTarget(argv)
    Validator-->>CLI: { mode: "domain", domain }
    CLI->>Generator: buildCleanupBashCommand(target)
    Generator->>Generator: create timestamped backup dir
    Generator-->>CLI: bash command string
    CLI->>Executor: spawnSync("sudo bash -lc <cmd>")
    Executor->>Systemd: inspect/disable/remove matching units
    Executor->>Nginx: move matching configs to backup
    Executor->>Nginx: nginx -t and reload
    Executor-->>CLI: exit code 0/1
    CLI-->>User: success/failure

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• single server multi app functionality with seperate setup and keys as… #30: Overlaps changes to src/cli.ts and post-bootstrap messaging flow that this PR also modifies.
• Fix recursive restart problem in systemd #22: Related edits to CLI systemd/HTTPS control flow and messaging that intersect with the cleanup gating/exit behavior.
• Improve UX of cli and setup of background process during init #12: Documentation and CLI output changes around systemd and HTTPS that touch the same areas updated here.

Poem

🐰 Hoppy cleanup rabbit digs,

Backups first, then gentle nips.
Nginx and units swept with care,
One small hop, the servers spare.
✨🗑️

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 36.36% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Dev' is vague and generic, providing no meaningful information about the changeset beyond implying branch-based naming.	Replace with a descriptive title that summarizes the main change, e.g., 'Add cleanup command for removing stale Shiphook configuration' or 'Implement CLI cleanup helper for nginx/systemd state management'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/cleanup.ts`:
- Around line 52-59: The systemdCleanup array currently removes all
shiphook*.service units regardless of --domain mode, which is inconsistent with
domain-scoped nginx cleanup; update the cleanup to be domain-aware by changing
the systemd command in systemdCleanup (or the function that uses it) to filter
unit files for the target domain (e.g., inspect unit contents or names for the
domain string and only disable/remove matching units) instead of unconditionally
disabling/removing all shiphook*.service units; update references to systemctl
disable/--now, rm -f /etc/systemd/system/shiphook*.service, and any
daemon-reload/reset-failed logic to operate only on the filtered set (or
alternately add explicit comments/docs if you decide to keep global removal).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8299bb50-2a6e-4551-9bf5-d3e30cb6d874

📥 Commits

Reviewing files that changed from the base of the PR and between bd0f63c and 965a31c.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (8)

• README.md
• docs/deployment-recipes.md
• docs/self-hosted-https.md
• docs/systemd.md
• package.json
• src/cleanup.test.ts
• src/cleanup.ts
• src/cli.ts

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/cleanup.ts (1)

114-118: Consider whether login shell (-l) is necessary.

bash -lc runs a login shell, which sources profile scripts like /etc/profile and ~/.bash_profile. This could introduce unexpected behavior depending on root's shell configuration. If the intent is just PATH setup, bash -c with explicit PATH may be more predictable—though in practice, sudo typically preserves a safe PATH.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/cleanup.ts` around lines 114 - 118, The current runCleanup function
invokes spawnSync with "bash -lc", which starts a login shell and can source
profile scripts unexpectedly; change the invocation to use "bash -c" instead
(i.e., replace the "-lc" flag with "-c") so the command runs without forcing a
login shell, and if you need specific PATH or environment for the cleanup
commands, explicitly set it via the spawn options (env) or prepend PATH in the
command built by buildCleanupBashCommand; update references in runCleanup and
ensure buildCleanupBashCommand still produces a safe, self-contained command.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/cleanup.ts`:
- Around line 43-52: The current unitMatchesDomain uses simple substring checks
which cause false positives (e.g., "a.com" matching "data.com"); update
unitMatchesDomain to perform stricter matching — either use a
word-boundary/anchored regex (e.g., /\bDOMAIN\b/ or match lines like
/^server_name\s+.*\bDOMAIN\b/i against unitContent) and enforce a clear unit
name pattern (e.g., exact name, prefix/suffix, or a regex) instead of includes;
also update the corresponding shell grep -Fq usage to the same stricter check so
both unitMatchesDomain and the bash check use the same exact-match semantics
(reference functions: unitMatchesDomain and selectDomainUnitsForCleanup).

---

Nitpick comments:
In `@src/cleanup.ts`:
- Around line 114-118: The current runCleanup function invokes spawnSync with
"bash -lc", which starts a login shell and can source profile scripts
unexpectedly; change the invocation to use "bash -c" instead (i.e., replace the
"-lc" flag with "-c") so the command runs without forcing a login shell, and if
you need specific PATH or environment for the cleanup commands, explicitly set
it via the spawn options (env) or prepend PATH in the command built by
buildCleanupBashCommand; update references in runCleanup and ensure
buildCleanupBashCommand still produces a safe, self-contained command.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d2ee34d1-3bed-4c1c-9508-dbe9e5d86659

📥 Commits

Reviewing files that changed from the base of the PR and between 965a31c and 4c6c6cc.

📒 Files selected for processing (4)

• README.md
• docs/systemd.md
• src/cleanup.test.ts
• src/cleanup.ts

✅ Files skipped from review due to trivial changes (2)

• README.md
• src/cleanup.test.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Substring matching may cause unintended matches.

The includes() check will match a domain like "a.com" against unit names or content containing "data.com". While the backup mechanism provides a safety net, consider using word-boundary matching or requiring the domain to appear as a distinct server_name or in the unit name pattern.

This mirrors the grep -Fq behavior in the bash command (line 93), so both would need updating if addressed.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/cleanup.ts` around lines 43 - 52, The current unitMatchesDomain uses
simple substring checks which cause false positives (e.g., "a.com" matching
"data.com"); update unitMatchesDomain to perform stricter matching — either use
a word-boundary/anchored regex (e.g., /\bDOMAIN\b/ or match lines like
/^server_name\s+.*\bDOMAIN\b/i against unitContent) and enforce a clear unit
name pattern (e.g., exact name, prefix/suffix, or a regex) instead of includes;
also update the corresponding shell grep -Fq usage to the same stricter check so
both unitMatchesDomain and the bash check use the same exact-match semantics
(reference functions: unitMatchesDomain and selectDomainUnitsForCleanup).