Live-reload Gemini API key config + fix vendor module resolution
Two related changes that ship together because the second was uncovered
while testing the first.
1. Live config reload (the ostensible feature):
The "Set Gemini API Key" StartOS action writes to /data/config/
startos-config.json. The server used to read that file once at
startup (and via a separate Python read in docker_entrypoint.sh
before that), which meant a key change required a service restart
to take effect. Now the server polls the file every 3 s
(RECAP_CONFIG_POLL_MS, env-overridable) and updates serverApiKey
in place. fs.watch was tried first and dropped — it's flaky on
macOS (FSEvents single-file quirks) and behaves inconsistently with
atomic-rename writes the SDK file model uses. Polling is dead
simple and a stat call every 3 s is free.
Also dropped the Python config read from docker_entrypoint.sh; the
server now handles it natively. Entrypoint still loads /data/.env
for arbitrary env vars (RECAP_*, etc.).
2. Vendor module resolution (the silently-broken thing):
The earlier vendor change (move @keysat/licensing-client from a
git+https dep to a file: dep at vendor/) created a symlink in
server/node_modules. That symlink to the vendor dir was getting
resolved by Node, so the keysat client tried to import @noble/
ed25519 from /app/vendor/keysat-licensing-client/dist/, walked up
to /app/vendor/, then /app/, neither of which had node_modules.
Result: v0.2.0 and v0.2.1 would crash at startup with
ERR_MODULE_NOT_FOUND on @noble/ed25519. The Docker BUILD succeeded
because npm install with file: deps doesn't pull transitive deps
into the parent node_modules — but the runtime would have failed
the moment server/license.js ran.
Fix:
• Dockerfile builder now `npm install`s inside vendor/keysat-
licensing-client/ so @noble/* lands in its own node_modules,
where Node's resolver finds it.
• Dockerfile runner now COPYs vendor/ to the runner image
(previously not copied — the symlink in server/node_modules
would have pointed at nothing).
• vendor/keysat-licensing-client/package-lock.json is committed
so the in-Docker install is reproducible.
This commit is contained in:
Keysat
+43
-11
@@ -27,25 +27,57 @@ await fs.mkdir(configDir, { recursive: true }).catch(() => {});
|
||||
|
||||
// ── Server-side API key (shared across all clients) ───────────────────────
|
||||
// Priority: GEMINI_API_KEY env var → StartOS config → .env file
|
||||
let serverApiKey = process.env.GEMINI_API_KEY || "";
|
||||
//
|
||||
// The StartOS config path is watched for changes — when a user updates the
|
||||
// key via the "Set Gemini API Key" action, the new value is picked up
|
||||
// without a service restart. Env var takes priority and pins the value.
|
||||
const envPath = path.join(DATA_DIR, ".env");
|
||||
if (!serverApiKey) {
|
||||
// Try StartOS config file
|
||||
const startosConfigPath = path.join(configDir, "startos-config.json");
|
||||
const envApiKey = process.env.GEMINI_API_KEY || "";
|
||||
let serverApiKey = envApiKey;
|
||||
|
||||
async function readApiKeyFromConfig() {
|
||||
try {
|
||||
const configContent = await fs.readFile(path.join(configDir, "startos-config.json"), "utf-8").catch(() => "{}");
|
||||
const config = JSON.parse(configContent);
|
||||
if (config.gemini_api_key) serverApiKey = config.gemini_api_key;
|
||||
} catch {}
|
||||
const content = await fs.readFile(startosConfigPath, "utf-8");
|
||||
const config = JSON.parse(content);
|
||||
return config.gemini_api_key || "";
|
||||
} catch {
|
||||
return "";
|
||||
}
|
||||
}
|
||||
if (!serverApiKey) {
|
||||
// Fall back to .env file
|
||||
|
||||
async function readApiKeyFromEnvFile() {
|
||||
try {
|
||||
const envContent = await fs.readFile(envPath, "utf-8").catch(() => "");
|
||||
const envContent = await fs.readFile(envPath, "utf-8");
|
||||
const match = envContent.match(/^GEMINI_API_KEY=(.+)$/m);
|
||||
if (match) serverApiKey = match[1].trim().replace(/^["']|["']$/g, "");
|
||||
if (match) return match[1].trim().replace(/^["']|["']$/g, "");
|
||||
} catch {}
|
||||
return "";
|
||||
}
|
||||
|
||||
async function refreshServerApiKey(reason) {
|
||||
if (envApiKey) return; // env var pins the value
|
||||
const fromConfig = await readApiKeyFromConfig();
|
||||
const next = fromConfig || (await readApiKeyFromEnvFile()) || "";
|
||||
if (next !== serverApiKey) {
|
||||
serverApiKey = next;
|
||||
console.log(`[config] server API key ${next ? "loaded" : "cleared"} (${reason})`);
|
||||
}
|
||||
}
|
||||
|
||||
await refreshServerApiKey("startup");
|
||||
|
||||
// Poll the StartOS config file every few seconds and refresh the in-memory
|
||||
// API key when it changes — so a key updated via the "Set Gemini API Key"
|
||||
// action is picked up without a service restart. Polling is more reliable
|
||||
// than fs.watch (FSEvents on macOS, inotify edge cases on Linux, atomic-
|
||||
// write rename behavior in the SDK file model). The cost is a single stat
|
||||
// every 3 s, which is negligible.
|
||||
const CONFIG_POLL_MS = parseInt(process.env.RECAP_CONFIG_POLL_MS || "3000", 10);
|
||||
setInterval(() => {
|
||||
refreshServerApiKey("config poll").catch(() => {});
|
||||
}, CONFIG_POLL_MS);
|
||||
|
||||
// ── YouTube cookies (bypass bot detection) ──────────────────────────────
|
||||
// Priority: 1) cookies.txt file 2) --cookies-from-browser (local dev only) 3) no cookies
|
||||
// On StartOS: cookies.txt lives in DATA_DIR
|
||||
|
||||
Reference in New Issue
Block a user