Live-reload Gemini API key config + fix vendor module resolution
Two related changes that ship together because the second was uncovered
while testing the first.
1. Live config reload (the ostensible feature):
The "Set Gemini API Key" StartOS action writes to /data/config/
startos-config.json. The server used to read that file once at
startup (and via a separate Python read in docker_entrypoint.sh
before that), which meant a key change required a service restart
to take effect. Now the server polls the file every 3 s
(RECAP_CONFIG_POLL_MS, env-overridable) and updates serverApiKey
in place. fs.watch was tried first and dropped — it's flaky on
macOS (FSEvents single-file quirks) and behaves inconsistently with
atomic-rename writes the SDK file model uses. Polling is dead
simple and a stat call every 3 s is free.
Also dropped the Python config read from docker_entrypoint.sh; the
server now handles it natively. Entrypoint still loads /data/.env
for arbitrary env vars (RECAP_*, etc.).
2. Vendor module resolution (the silently-broken thing):
The earlier vendor change (move @keysat/licensing-client from a
git+https dep to a file: dep at vendor/) created a symlink in
server/node_modules. That symlink to the vendor dir was getting
resolved by Node, so the keysat client tried to import @noble/
ed25519 from /app/vendor/keysat-licensing-client/dist/, walked up
to /app/vendor/, then /app/, neither of which had node_modules.
Result: v0.2.0 and v0.2.1 would crash at startup with
ERR_MODULE_NOT_FOUND on @noble/ed25519. The Docker BUILD succeeded
because npm install with file: deps doesn't pull transitive deps
into the parent node_modules — but the runtime would have failed
the moment server/license.js ran.
Fix:
• Dockerfile builder now `npm install`s inside vendor/keysat-
licensing-client/ so @noble/* lands in its own node_modules,
where Node's resolver finds it.
• Dockerfile runner now COPYs vendor/ to the runner image
(previously not copied — the symlink in server/node_modules
would have pointed at nothing).
• vendor/keysat-licensing-client/package-lock.json is committed
so the in-Docker install is reproducible.
This commit is contained in:
Keysat
@@ -13,8 +13,15 @@ FROM node:20-slim AS builder
|
||||
# @keysat/licensing-client is a private git repo, so we vendor its built
|
||||
# output into vendor/ and reference it via a file: dep. That removes any
|
||||
# need for git or credentials in the build container.
|
||||
#
|
||||
# The vendor package needs its own node_modules (for @noble/ed25519 etc.)
|
||||
# because npm's file: deps create a symlink, and Node's module resolver
|
||||
# walking up from a symlinked location won't find the parent project's
|
||||
# node_modules. Installing inside the vendor dir is the simplest fix.
|
||||
WORKDIR /app
|
||||
COPY vendor/keysat-licensing-client /app/vendor/keysat-licensing-client
|
||||
WORKDIR /app/vendor/keysat-licensing-client
|
||||
RUN npm install --omit=dev --ignore-scripts
|
||||
WORKDIR /app/server
|
||||
COPY server/package.json server/package-lock.json* ./
|
||||
RUN npm ci --omit=dev --ignore-scripts 2>/dev/null || npm install --omit=dev --ignore-scripts
|
||||
@@ -43,6 +50,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
&& yt-dlp --version
|
||||
|
||||
# Copy Node.js app from builder
|
||||
COPY --from=builder /app/vendor ./vendor/
|
||||
COPY --from=builder /app/server/node_modules ./server/node_modules/
|
||||
COPY server/package.json ./server/
|
||||
COPY server/index.js ./server/
|
||||
|
||||
Reference in New Issue
Block a user