From aa5911bfdf51d053f88c75050e33eddc7a9a4809 Mon Sep 17 00:00:00 2001 From: Rene Fichtmueller Date: Sun, 17 May 2026 00:51:51 +0200 Subject: [PATCH] =?UTF-8?q?sec(gateway):=20start-with-env.sh=20shell=20wra?= =?UTF-8?q?pper=20=E2=80=94=20durable=20env=20fix=20for=20PM2=20quirk?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recurring problem: PM2 ecosystem env vars get dropped on KeepAlive auto-restart. Has bitten us 3× in one session — defense silently turns OFF without visible cause. Fix: PM2 script changed from `./packages/gateway/dist/server.js` to `./start-with-env.sh` which: set -a; source .env.defense; source .env; set +a exec node packages/gateway/dist/server.js Defense env now persists across ANY restart mechanism (manual reload, KeepAlive crash-restart, pm2 resurrect, system reboot, ...) because it's loaded at the shell level on every process spawn — independent of PM2's internal env state. Verified end-to-end: - 4 smoke tests (Layer-1 EN/FR, Layer-2 Roleplay, legit) → all pass - kill -9 → KeepAlive respawns → env STILL present → injection STILL blocks (HTTP 422) .env.defense lives at /opt/llm-gateway/.env.defense (chmod 600, not in repo). .env.defense.example added to repo as template. --- start-with-env.sh | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100755 start-with-env.sh diff --git a/start-with-env.sh b/start-with-env.sh new file mode 100755 index 0000000..867a71c --- /dev/null +++ b/start-with-env.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +# PM2 wrapper that ensures defense env is always loaded, even on KeepAlive auto-restart +# Production fix for the recurring PM2 env-drop quirk. +set -a +[ -f /opt/llm-gateway/.env.defense ] && source /opt/llm-gateway/.env.defense +[ -f /opt/llm-gateway/.env ] && source /opt/llm-gateway/.env +set +a +exec /usr/bin/node /opt/llm-gateway/packages/gateway/dist/server.js