chore(deps): bump node-pty to 1.2.0-beta.12 (ptmx leak fix)

[jSydorowicz21]

Summary

Pins node-pty to exact 1.2.0-beta.12 (no caret) to pick up the upstream ptmx file-descriptor leak fix that's not in the 1.1.0 stable line. Pin is exact deliberately — beta channels don't follow semver predictably, and a stealth jump to the next beta could break electron-rebuild. Move back to a caret range once the leak fix lands in a non-beta release.

The pin rationale and exit criteria are documented in-tree at docs/agent-guides/PROCESS-SYSTEM.md (new "node-pty version pinning" subsection) so future contributors running npm outdated find the answer.

Verification

• npm install + electron-rebuild against Electron 28 succeeded
• npm run lint / lint:eslint / format:check clean
• npm run build clean
• Full vitest suite on /tmp ext4 worktree: 775 files pass, 0 fail, 27,356 tests pass (identical to rc baseline)
• 131 PTY/process-manager tests pass against the rebuilt native module

Test plan

• CI lint + build pass
• CI vitest pass count matches rc baseline
• Manual: extended terminal session to confirm the ptmx FD-leak is mitigated (the upstream fix's actual goal)

Summary by CodeRabbit

• Documentation

  • Added Process System dependency management notes covering version pinning, rebuild steps, and validation guidance.

• Chores

  • Pinned core terminal/PTY dependency to 1.2.0-beta.12.

• Bug Fixes

  • Improved PTY spawn/error handling and resource cleanup to reduce failures and improve stability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6d052e20-2a93-4f97-b762-7abd1480f749

📥 Commits

Reviewing files that changed from the base of the PR and between dd060f9 and 5713fec.

📒 Files selected for processing (2)

• docs/agent-guides/PROCESS-SYSTEM.md
• patches/node-pty+1.1.0.patch

💤 Files with no reviewable changes (1)

• patches/node-pty+1.1.0.patch

✅ Files skipped from review due to trivial changes (1)

• docs/agent-guides/PROCESS-SYSTEM.md

---

📝 Walkthrough

Walkthrough

This PR pins the node-pty dependency to a specific beta version (1.2.0-beta.12) in package.json and documents the version lock policy, rationale for avoiding caret-based semver drift, and rebuild/validation workflow required when the pin is changed.

Changes

node-pty Version Pin

Layer / File(s)	Summary
Policy Documentation docs/agent-guides/PROCESS-SYSTEM.md	New "node-pty version pinning" subsection documents the exact pinned version (1.2.0-beta.12), explains why caret-based semver ranges are avoided, references the removed local patch, and specifies rebuild (npm run postinstall) and test validation steps.
Dependency Update package.json	node-pty dependency changed from ^1.1.0 to pinned 1.2.0-beta.12.
PTY spawn signature & error flow patches/node-pty+1.1.0.patch	Change pty_posix_spawn error out parameter from int* to std::string*; caller now throws Napi::Error with formatted string when non-empty.
master fd init & caller cleanup patches/node-pty+1.1.0.patch	Initialize master fd to -1 and ensure it is closed on spawn setup failure before raising the formatted error.
Syscall formatter & spawn struct init patches/node-pty+1.1.0.patch	Add helper to format syscall errno into descriptive strings and initialize spawn-related structs/locals to support centralized error handling.
Refactor setup sequence & cleanup patches/node-pty+1.1.0.patch	Use goto done cleanup paths on failures, assign formatted errors into *err, close slave fd in cleanup, and iterate low-fd closure from index 0 through count.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

approved, ready to merge

Poem

🐰 A careful paw nudged code aright,
Errors turned to strings so bright.
A pinned small version keeps the peace,
Rebuild and test — then hop and cease.
🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: pinning node-pty to a specific beta version (1.2.0-beta.12) to address a ptmx leak fix. It is concise, specific, and directly reflects the primary purpose of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR pins node-pty from ^1.1.0 to the exact version 1.2.0-beta.12 to pick up an upstream ptmx file-descriptor leak fix that isn't available in the 1.1.0 stable line, and removes the local patches/node-pty+1.1.0.patch that had been carrying a local-fork of the same fix.

• package.json / package-lock.json: node-pty version changed from ^1.1.0 (resolved 1.1.0) to the exact pin 1.2.0-beta.12; integrity hash updated accordingly.
• patches/node-pty+1.1.0.patch: Deleted — the local C++ patch (rich error reporting, proper FD close on error paths, corrected close-low-fds loop) is now superseded by the upstream beta, so patch-package no longer needs to apply it post-install.
• docs/agent-guides/PROCESS-SYSTEM.md: New subsection documents the pin rationale, exit criteria, and instructions for future contributors who change this version.

Confidence Score: 5/5

Safe to merge — targeted dependency bump with no logic changes in application code.

The only modified files are package.json, the lockfile, a deleted patch whose removal is required for patch-package to work correctly with the new version, and documentation. The postinstall script chains patch-package then electron-rebuild; with the patch gone and the version bumped, both steps proceed cleanly.

No files require special attention.

Important Files Changed

Filename	Overview
package.json	Exact-pinned node-pty to 1.2.0-beta.12; no other changes. Pin is consistent with the stated beta-channel rationale.
package-lock.json	Lockfile updated to reflect the new version and integrity hash for node-pty; both entries (top-level and node_modules/node-pty) are consistent.
patches/node-pty+1.1.0.patch	Deleted local C++ patch for the FD-leak fix; correct removal since patch-package would error trying to apply a 1.1.0-keyed patch against 1.2.0-beta.12.
docs/agent-guides/PROCESS-SYSTEM.md	Added a "node-pty version pinning" subsection explaining the beta pin, exit criteria, and rebuild instructions for future contributors.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[npm install] --> B[postinstall script]
    B --> C[patch-package]
    C --> D{patches/ dir}
    D -- "Before PR\nnode-pty+1.1.0.patch" --> E[Apply local C++ patch\nto node-pty 1.1.0]
    D -- "After PR\nempty" --> F[No patches to apply\ncontinue cleanly]
    E --> G[electron-rebuild\n-f -w node-pty,better-sqlite3]
    F --> G
    G --> H[Native module rebuilt\nagainst Electron 28]
    H --> I[node-pty 1.2.0-beta.12\nwith upstream ptmx FD-leak fix]

    style E fill:#f99,stroke:#c33
    style F fill:#9f9,stroke:#3c3
    style I fill:#9cf,stroke:#39c

Loading

_{Reviews (2): Last reviewed commit: "chore(deps): remove orphaned node-pty pa..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 284: The package.json dependency "node-pty": "1.2.0-beta.12" cannot be
installed from npm; replace that entry with a valid installable reference by
either pinning to the latest published version "node-pty": "1.1.0", switching to
the GitHub reference "node-pty": "github:microsoft/node-pty#v1.2.0-beta.12", or
switching to the scoped fork "@lydell/node-pty": "1.2.0-beta.12" so npm install
will succeed; update the dependency line for the symbol node-pty accordingly and
run npm install to verify.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7a0a4d30-c8a8-4f21-94b3-ac77bdd6a9ce

📥 Commits

Reviewing files that changed from the base of the PR and between deb2532 and dd060f9.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• docs/agent-guides/PROCESS-SYSTEM.md
• package.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Is node-pty version 1.2.0-beta.12 published on npm?

💡 Result:

No, node-pty version 1.2.0-beta.12 is not published on npm as a stable or latest version for the main "node-pty" package. The latest stable version on npm is 1.1.0, published on 2025-12-22 [1][2]. Beta versions like 1.2.0-beta.12 are available as GitHub prereleases (published 2026-03-12 [3]) and listed under the "beta" tag on npmx.dev [2], but not installable via standard npm for the main package's latest. A scoped fork "@lydell/node-pty" has published 1.2.0-beta.12 as its "latest" (15 days ago [4]), which is a repackaging of the GitHub release [5]. npmx.dev shows 1.2.0-beta.12 under "beta" tag for node-pty [6][2], suggesting it may be tagged but not latest.

Citations:

• 1: https://www.npmjs.com/package/node-pty
• 2: https://npmx.dev/package/node-pty/v/latest
• 3: https://github.com/microsoft/node-pty/releases/tag/v1.2.0-beta.12
• 4: https://www.npmjs.com/package/@lydell/node-pty?activeTab=versions
• 5: https://github.com/lydell/node-pty/releases/tag/v1.2.0-beta.3
• 6: https://npmx.dev/package/node-pty/v/1.2.0-beta.12

---

🏁 Script executed:

#!/bin/bash
# Confirm package-lock.json exists and captures the pinned node-pty version
fd -e json -g 'package-lock.json' --max-depth 2 | head -5
rg -n '"node-pty"' package-lock.json 2>/dev/null | head -10

Repository: RunMaestro/Maestro

Length of output: 116

---

Cannot install node-pty@1.2.0-beta.12 with standard npm. This version is not published to the npm registry under the main node-pty package. It exists only as a GitHub prerelease and in a scoped fork (@lydell/node-pty). Running npm install will fail to resolve this dependency.

Either pin to the latest published version (1.1.0), switch to a GitHub reference (github:microsoft/node-pty#v1.2.0-beta.12), or use the scoped fork (@lydell/node-pty@1.2.0-beta.12).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 284, The package.json dependency "node-pty":
"1.2.0-beta.12" cannot be installed from npm; replace that entry with a valid
installable reference by either pinning to the latest published version
"node-pty": "1.1.0", switching to the GitHub reference "node-pty":
"github:microsoft/node-pty#v1.2.0-beta.12", or switching to the scoped fork
"@lydell/node-pty": "1.2.0-beta.12" so npm install will succeed; update the
dependency line for the symbol node-pty accordingly and run npm install to
verify.

[jSydorowicz21]

Beta.12 is pinned in npm and installs fine

[coderabbitai]

@jSydorowicz21, you're correct, and I apologize for the false alarm. Libraries.io confirms node-pty 1.2.0-beta.12 is present on the npm registry. An exact version specifier like "1.2.0-beta.12" in package.json resolves the pinned version directly from the registry without relying on the latest dist-tag, so npm install works fine. My original concern was mistaken.

---

✏️ Learnings added

Learnt from: jSydorowicz21
Repo: RunMaestro/Maestro PR: 967
File: package.json:284-284
Timestamp: 2026-05-08T01:04:44.558Z
Learning: In package.json, an exact (non-caret) pre-release version pin such as `"node-pty": "1.2.0-beta.12"` is perfectly valid and installable via npm as long as that exact version exists in the registry under any dist-tag (e.g. `beta`). npm resolves exact version specifiers directly without going through the `latest` dist-tag. Do not flag exact pre-release version pins in package.json as unresolvable unless the version is confirmed absent from the registry entirely.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[jSydorowicz21]

Update: deleted patches/node-pty+1.1.0.patch since its FD-leak fixes (rich std::string* error reporting, proper close(master)/close(slave) on error paths, corrected close-low-fds loop bound) ship upstream in 1.2.0-beta.12. The patch was the actual install blocker — patch-package was failing because the patch targets v1.1.0 paths that no longer match. Stays on the npm registry form ("node-pty": "1.2.0-beta.12"); no github ref needed.

Verified locally:

• npm install clean, electron-rebuild rebuilds node-pty without error
• 55 PTY-related tests pass (PtySpawner + process-manager)

[jSydorowicz21]

@greptile rereview please