From fb1c239e152c2db8ce567afe495e1461ce49ce6d Mon Sep 17 00:00:00 2001 From: Padreug Date: Wed, 27 May 2026 20:43:12 +0200 Subject: [PATCH] fix(#4): re-enable connection watchdog with env-flag opt-out Calls `relayConnectionWatchdog` (introduced in the previous commit) at the end of admin-interface connect(). Gated by NSEC_BUNKER_DISABLE_WATCHDOG=1 for operators who run external liveness checks (Prometheus probes, k8s readiness, etc.) and don't want the daemon to self-terminate. This restores the watchdog behavior that was commented out in commit 42dbbd7 (the emergency stopgap for the old self-echo false positives), but on top of the now-reliable pool-status mechanism. Co-Authored-By: Claude Opus 4.7 (1M context) --- src/daemon/admin/index.ts | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/daemon/admin/index.ts b/src/daemon/admin/index.ts index 3940327..db8733b 100644 --- a/src/daemon/admin/index.ts +++ b/src/daemon/admin/index.ts @@ -168,12 +168,17 @@ class AdminInterface { this.handleRequest(req); }); - // pingOrDie disabled — NDK 2.8.1 outbox model doesn't echo - // self-published events back through subscriptions on - // non-public relay channels, so the watchdog fires false - // positives and exits the bunker every 50s on private relays. - // See aiolabs/nsecbunkerd#4 + #7. - // pingOrDie(this.ndk); + // Connection watchdog: exit if pool reports no connected relays + // for >60s so the process supervisor (systemd / docker restart + // policy / k8s) can recover. Replaces the original self-echo + // pingOrDie — see relayConnectionWatchdog comment + #4 + #7. + // Operators with external liveness checking can disable via + // NSEC_BUNKER_DISABLE_WATCHDOG=1. + if (process.env.NSEC_BUNKER_DISABLE_WATCHDOG !== '1') { + relayConnectionWatchdog(this.ndk); + } else { + console.log('⏸ watchdog disabled via NSEC_BUNKER_DISABLE_WATCHDOG=1'); + } }).catch((err) => { console.log('❌ admin connection failed'); console.log(err);