Stop and remove NetBird daemon in darwin UI uninstaller

.github/issue-resolution/package.json

@@ -1,5 +0,0 @@
-{
-  "name": "issue-resolution",
-  "private": true,
-  "type": "module"
-}

.github/issue-resolution/prompts/issue-resolution-system.txt

@@ -1,41 +0,0 @@
-You are a GitHub issue resolution classifier.
-
-Your job is to decide whether an open GitHub issue is:
-- AUTO_CLOSE
-- MANUAL_REVIEW
-- KEEP_OPEN
-
-Rules:
-1. AUTO_CLOSE is only allowed if there is objective, hard evidence:
-   - a merged linked PR that clearly resolves the issue, or
-   - an explicit maintainer/member/owner/collaborator comment saying the issue is fixed, resolved, duplicate, or superseded
-2. If there is any contradictory later evidence, do NOT AUTO_CLOSE.
-3. If evidence is promising but not airtight, choose MANUAL_REVIEW.
-4. If the issue still appears active or unresolved, choose KEEP_OPEN.
-5. Do not invent evidence.
-6. Output valid JSON only.
-
-Maintainer-authoritative roles:
-- MEMBER
-- OWNER
-- COLLABORATOR
-
-Partial fixes and multi-item issues:
-- A merged PR that only addresses SOME items in a multi-item request does NOT resolve the issue. If the issue lists 5 feature requests and a PR fixes 1, the issue is still open.
-- If a PR description or comment says "partially addresses", "partial fix", or similar, the issue is NOT resolved. Classify as KEEP_OPEN.
-- If a merged PR addresses the core ask but a later comment objects or reports a regression, classify as MANUAL_REVIEW (not resolved).
-
-Workarounds vs. actual fixes:
-- A WORKAROUND is when a user changes their own setup to avoid the problem (editing configs, using a different setting, manual SQL fixes, switching tools, scripts). Workarounds do NOT count as resolution — the underlying issue is still present in the product.
-- An ACTUAL FIX is when a user reports the problem went away after upgrading to a specific version (e.g., "fixed after updating to v0.65.1") or after a specific PR was merged. This suggests the fix was shipped in the product itself.
-- A maintainer pointing to an existing alternative feature is NOT the same as fixing the issue. If the reporter never confirmed the alternative works for them, classify as KEEP_OPEN.
-- If only workarounds exist and no maintainer has confirmed a fix, classify as KEEP_OPEN.
-- If a user reports an actual fix via a version upgrade but no maintainer confirmed it, classify as MANUAL_REVIEW (not AUTO_CLOSE).
-
-Stale issues:
-- An issue with no activity for over 12 months, where a maintainer offered an alternative or asked for more info and the reporter never responded, is a candidate for MANUAL_REVIEW — not necessarily KEEP_OPEN.
-
-Important:
-- Later comments outweigh earlier ones.
-- A non-maintainer saying "fixed for me" is not enough for AUTO_CLOSE.
-- If uncertain, prefer MANUAL_REVIEW or KEEP_OPEN.

.github/issue-resolution/schemas/issue-resolution-output.json

@@ -1,80 +0,0 @@
-{
-  "type": "object",
-  "additionalProperties": false,
-  "required": [
-    "decision",
-    "reason_code",
-    "confidence",
-    "hard_signals",
-    "contradictions",
-    "summary",
-    "close_comment",
-    "manual_review_note"
-  ],
-  "properties": {
-    "decision": {
-      "type": "string",
-      "enum": ["AUTO_CLOSE", "MANUAL_REVIEW", "KEEP_OPEN"]
-    },
-    "reason_code": {
-      "type": "string",
-      "enum": [
-        "resolved_by_merged_pr",
-        "maintainer_confirmed_resolved",
-        "duplicate_confirmed",
-        "superseded_confirmed",
-        "likely_fixed_but_unconfirmed",
-        "still_open",
-        "unclear"
-      ]
-    },
-    "confidence": {
-      "type": "number",
-      "minimum": 0,
-      "maximum": 1
-    },
-    "hard_signals": {
-      "type": "array",
-      "items": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": ["type", "url"],
-        "properties": {
-          "type": {
-            "type": "string",
-            "enum": [
-              "merged_pr",
-              "maintainer_comment",
-              "duplicate_reference",
-              "superseded_reference"
-            ]
-          },
-          "url": { "type": "string" }
-        }
-      }
-    },
-    "contradictions": {
-      "type": "array",
-      "items": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": ["type", "url"],
-        "properties": {
-          "type": {
-            "type": "string",
-            "enum": [
-              "reporter_still_broken",
-              "later_unresolved_comment",
-              "ambiguous_pr_link",
-              "other"
-            ]
-          },
-          "url": { "type": "string" }
-        }
-      }
-    },
-    "summary": { "type": "string" },
-    "close_comment": { "type": "string" },
-    "manual_review_note": { "type": "string" }
-  }
-}

.github/issue-resolution/scripts/apply-decisions.mjs

@@ -1,213 +0,0 @@
-import fs from "node:fs/promises";
-
-const decisions = JSON.parse(await fs.readFile("decisions.json", "utf8"));
-const dryRun = String(process.env.DRY_RUN).toLowerCase() === "true";
-
-const ghHeaders = {
-  Authorization: `Bearer ${process.env.GH_TOKEN}`,
-  Accept: "application/vnd.github+json",
-  "X-GitHub-Api-Version": "2022-11-28",
-};
-
-// Use PROJECT_PAT for project board operations, fall back to GH_TOKEN
-const projectHeaders = {
-  Authorization: `Bearer ${process.env.PROJECT_PAT || process.env.GH_TOKEN}`,
-  Accept: "application/vnd.github+json",
-  "X-GitHub-Api-Version": "2022-11-28",
-};
-
-async function rest(url, method = "GET", body) {
-  const res = await fetch(url, {
-    method,
-    headers: ghHeaders,
-    body: body ? JSON.stringify(body) : undefined
-  });
-  if (!res.ok) throw new Error(`${res.status} ${url}: ${await res.text()}`);
-  return res.status === 204 ? null : res.json();
-}
-
-async function graphql(query, variables) {
-  const res = await fetch("https://api.github.com/graphql", {
-    method: "POST",
-    headers: projectHeaders,
-    body: JSON.stringify({ query, variables })
-  });
-  if (!res.ok) throw new Error(`${res.status}: ${await res.text()}`);
-  const json = await res.json();
-  if (json.errors) throw new Error(JSON.stringify(json.errors));
-  return json.data;
-}
-
-async function addLabel(owner, repo, issueNumber, labels) {
-  return rest(
-    `https://api.github.com/repos/${owner}/${repo}/issues/${issueNumber}/labels`,
-    "POST",
-    { labels }
-  );
-}
-
-async function addComment(owner, repo, issueNumber, body) {
-  return rest(
-    `https://api.github.com/repos/${owner}/${repo}/issues/${issueNumber}/comments`,
-    "POST",
-    { body }
-  );
-}
-
-async function closeIssue(owner, repo, issueNumber) {
-  return rest(
-    `https://api.github.com/repos/${owner}/${repo}/issues/${issueNumber}`,
-    "PATCH",
-    { state: "closed", state_reason: "completed" }
-  );
-}
-
-async function getIssueNodeId(owner, repo, issueNumber) {
-  const issue = await rest(`https://api.github.com/repos/${owner}/${repo}/issues/${issueNumber}`);
-  return issue.node_id;
-}
-
-async function addToProject(issueNodeId) {
-  const mutation = `
-    mutation($projectId: ID!, $contentId: ID!) {
-      addProjectV2ItemById(input: {projectId: $projectId, contentId: $contentId}) {
-        item { id }
-      }
-    }
-  `;
-
-  try {
-    const data = await graphql(mutation, {
-      projectId: process.env.PROJECT_ID,
-      contentId: issueNodeId
-    });
-    return data.addProjectV2ItemById.item.id;
-  } catch (err) {
-    console.warn(`[WARN] Could not add to project (needs PAT with project scope): ${err.message}`);
-    return null;
-  }
-}
-
-async function setTextField(itemId, fieldId, value) {
-  const mutation = `
-    mutation($projectId: ID!, $itemId: ID!, $fieldId: ID!, $value: String!) {
-      updateProjectV2ItemFieldValue(input: {
-        projectId: $projectId,
-        itemId: $itemId,
-        fieldId: $fieldId,
-        value: { text: $value }
-      }) {
-        projectV2Item { id }
-      }
-    }
-  `;
-
-  return graphql(mutation, {
-    projectId: process.env.PROJECT_ID,
-    itemId,
-    fieldId,
-    value
-  });
-}
-
-async function setNumberField(itemId, fieldId, value) {
-  const mutation = `
-    mutation($projectId: ID!, $itemId: ID!, $fieldId: ID!, $value: Float!) {
-      updateProjectV2ItemFieldValue(input: {
-        projectId: $projectId,
-        itemId: $itemId,
-        fieldId: $fieldId,
-        value: { number: $value }
-      }) {
-        projectV2Item { id }
-      }
-    }
-  `;
-
-  return graphql(mutation, {
-    projectId: process.env.PROJECT_ID,
-    itemId,
-    fieldId,
-    value
-  });
-}
-
-async function setSingleSelectField(itemId, fieldId, optionId) {
-  const mutation = `
-    mutation($projectId: ID!, $itemId: ID!, $fieldId: ID!, $optionId: String!) {
-      updateProjectV2ItemFieldValue(input: {
-        projectId: $projectId,
-        itemId: $itemId,
-        fieldId: $fieldId,
-        value: { singleSelectOptionId: $optionId }
-      }) {
-        projectV2Item { id }
-      }
-    }
-  `;
-
-  return graphql(mutation, {
-    projectId: process.env.PROJECT_ID,
-    itemId,
-    fieldId,
-    optionId
-  });
-}
-
-async function addToProjectWithFields(owner, repo, d) {
-  const issueNodeId = await getIssueNodeId(owner, repo, d.issue_number);
-  const itemId = await addToProject(issueNodeId);
-
-  if (itemId) {
-    if (process.env.PROJECT_STATUS_FIELD_ID && process.env.PROJECT_STATUS_OPTION_NEEDS_REVIEW_ID) {
-      await setSingleSelectField(itemId, process.env.PROJECT_STATUS_FIELD_ID, process.env.PROJECT_STATUS_OPTION_NEEDS_REVIEW_ID);
-    }
-    if (process.env.PROJECT_CONFIDENCE_FIELD_ID) {
-      await setNumberField(itemId, process.env.PROJECT_CONFIDENCE_FIELD_ID, d.model.confidence);
-    }
-    if (process.env.PROJECT_REASON_FIELD_ID) {
-      await setTextField(itemId, process.env.PROJECT_REASON_FIELD_ID, d.model.reason_code);
-    }
-    if (process.env.PROJECT_EVIDENCE_FIELD_ID) {
-      await setTextField(itemId, process.env.PROJECT_EVIDENCE_FIELD_ID, d.issue_url);
-    }
-    console.log(`  → Added to project board (Status: Needs Review)`);
-  }
-}
-
-for (const d of decisions) {
-  const [owner, repo] = d.repository.split("/");
-
-  if (d.final_decision === "KEEP_OPEN") {
-    console.log(`#${d.issue_number} → KEEP_OPEN (confidence: ${d.model.confidence}, reason: ${d.model.reason_code})`);
-    continue;
-  }
-
-  if (dryRun) {
-    console.log(`[DRY RUN] #${d.issue_number} → ${d.final_decision} (confidence: ${d.model.confidence}, reason: ${d.model.reason_code})`);
-    // In dry-run: populate project board but don't touch issues
-    if (d.final_decision === "MANUAL_REVIEW" || d.final_decision === "AUTO_CLOSE") {
-      await addToProjectWithFields(owner, repo, d);
-    }
-    continue;
-  }
-
-  if (d.final_decision === "AUTO_CLOSE") {
-    await addLabel(owner, repo, d.issue_number, ["auto-closed-resolved"]);
-    await addComment(owner, repo, d.issue_number, d.model.close_comment);
-    await closeIssue(owner, repo, d.issue_number);
-    await addToProjectWithFields(owner, repo, d);
-  }
-
-  if (d.final_decision === "MANUAL_REVIEW") {
-    await addLabel(owner, repo, d.issue_number, ["resolution-candidate"]);
-    await addToProjectWithFields(owner, repo, d);
-    await addComment(
-      owner,
-      repo,
-      d.issue_number,
-      d.model.manual_review_note ||
-        "This issue looks like a possible resolution candidate, but not with enough certainty for automatic closure. Added to the review queue."
-    );
-  }
-}

.github/issue-resolution/scripts/classify-candidates.mjs

@@ -1,259 +0,0 @@
-import fs from "node:fs/promises";
-
-const candidates = JSON.parse(await fs.readFile("candidates.json", "utf8"));
-const systemPrompt = await fs.readFile("prompts/issue-resolution-system.txt", "utf8");
-const outputSchema = JSON.parse(await fs.readFile("schemas/issue-resolution-output.json", "utf8"));
-
-function isMaintainerRole(role) {
-  return ["MEMBER", "OWNER", "COLLABORATOR"].includes(role || "");
-}
-
-function preScore(candidate) {
-  let score = 0;
-  const hardSignals = [];
-  const contradictions = [];
-
-  for (const t of candidate.timeline) {
-    const sourceIssue = t.source?.issue;
-
-    if (t.event === "cross-referenced" && sourceIssue?.pull_request?.html_url) {
-      hardSignals.push({
-        type: "merged_pr",
-        url: sourceIssue.html_url
-      });
-      score += 40; // provisional until PR merged state is verified
-    }
-
-    if (["referenced", "connected"].includes(t.event)) {
-      score += 10;
-    }
-  }
-
-  for (const c of candidate.comments) {
-    const body = c.body.toLowerCase();
-
-    if (
-      isMaintainerRole(c.author_association) &&
-      /\b(fixed|resolved|duplicate|superseded|closing)\b/.test(body)
-    ) {
-      score += 25;
-      hardSignals.push({
-        type: "maintainer_comment",
-        url: c.html_url
-      });
-    }
-
-    if (/\b(still broken|still happening|not fixed|reproducible)\b/.test(body)) {
-      score -= 50;
-      contradictions.push({
-        type: "later_unresolved_comment",
-        url: c.html_url
-      });
-    }
-  }
-
-  return { score, hardSignals, contradictions };
-}
-
-// GitHub Models gpt-4o has an 8000 token input limit.
-// Reserve ~2000 tokens for system prompt + response overhead.
-// 1 token ~= 4 chars, so cap user message at ~24000 chars.
-const MAX_USER_MESSAGE_CHARS = 24000;
-
-function truncate(text, maxChars) {
-  if (text.length <= maxChars) return text;
-  return text.slice(0, maxChars) + "\n\n[... truncated due to length]";
-}
-
-function buildUserMessage(candidate, pre) {
-  const { issue, comments, timeline } = candidate;
-
-  const commentBlock = comments
-    .map((c) => `[${c.author_association}] ${c.user} (${c.created_at}):\n${c.body}`)
-    .join("\n---\n");
-
-  const timelineBlock = timeline
-    .filter((t) => ["cross-referenced", "referenced", "connected", "closed", "reopened"].includes(t.event))
-    .map((t) => {
-      let line = `${t.event} (${t.created_at})`;
-      if (t.source?.issue?.html_url) line += ` — ${t.source.issue.html_url}`;
-      if (t.source?.issue?.pull_request?.html_url) line += ` (PR: ${t.source.issue.pull_request.html_url})`;
-      return line;
-    })
-    .join("\n");
-
-  const sections = [
-    `## Issue #${issue.number}: ${issue.title}`,
-    `URL: ${issue.html_url}`,
-    `Created: ${issue.created_at} | Updated: ${issue.updated_at}`,
-    `Labels: ${issue.labels.join(", ") || "none"}`,
-    "",
-    "### Body",
-    truncate(issue.body || "(empty)", 4000),
-    "",
-    "### Comments",
-    commentBlock || "(none)",
-    "",
-    "### Timeline events",
-    timelineBlock || "(none)",
-  ];
-
-  if (candidate.linked_prs?.length) {
-    sections.push("");
-    sections.push("### Linked PRs (verified state)");
-    for (const pr of candidate.linked_prs) {
-      const status = pr.merged ? `MERGED (${pr.merged_at})` : pr.state.toUpperCase();
-      sections.push(`- PR #${pr.number}: ${pr.title} — ${status} — ${pr.url}`);
-    }
-  }
-
-  if (pre.hardSignals.length || pre.contradictions.length) {
-    sections.push("");
-    sections.push("### Automated evidence scan");
-    for (const s of pre.hardSignals) {
-      sections.push(`- SIGNAL: ${s.type} — ${s.url}`);
-    }
-    for (const c of pre.contradictions) {
-      sections.push(`- CONTRADICTION: ${c.type} — ${c.url}`);
-    }
-  }
-
-  return truncate(sections.join("\n"), MAX_USER_MESSAGE_CHARS);
-}
-
-const MODEL = "gpt-4o-mini";
-const MAX_RETRIES = 5;
-
-function sleep(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
-}
-
-async function callGitHubModel(candidate, pre) {
-  const body = JSON.stringify({
-    model: MODEL,
-    messages: [
-      { role: "system", content: systemPrompt },
-      { role: "user", content: buildUserMessage(candidate, pre) },
-    ],
-    response_format: {
-      type: "json_schema",
-      json_schema: {
-        name: "issue_resolution",
-        strict: true,
-        schema: outputSchema,
-      },
-    },
-    temperature: 0.1,
-  });
-
-  for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
-    const res = await fetch("https://models.inference.ai.azure.com/chat/completions", {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${process.env.GH_TOKEN}`,
-        "Content-Type": "application/json",
-      },
-      body,
-    });
-
-    if (res.status === 429) {
-      const retryAfter = Number(res.headers.get("retry-after")) || 30;
-      if (retryAfter > 120) {
-        console.warn(`  [QUOTA EXHAUSTED] API wants ${retryAfter}s wait — skipping remaining issues.`);
-        return null;
-      }
-      console.warn(`  [RATE LIMITED] Waiting ${retryAfter}s (attempt ${attempt + 1}/${MAX_RETRIES})...`);
-      await sleep(retryAfter * 1000);
-      continue;
-    }
-
-    if (!res.ok) {
-      const text = await res.text();
-      throw new Error(`GitHub Models ${res.status}: ${text}`);
-    }
-
-    const data = await res.json();
-    return JSON.parse(data.choices[0].message.content);
-  }
-
-  throw new Error(`GitHub Models: exceeded ${MAX_RETRIES} retries due to rate limiting`);
-}
-
-function enforcePolicy(modelOut, pre) {
-  const approvedReasons = new Set([
-    "resolved_by_merged_pr",
-    "maintainer_confirmed_resolved",
-    "duplicate_confirmed",
-    "superseded_confirmed"
-  ]);
-
-  const hasHardSignal =
-    (modelOut.hard_signals || []).some(s =>
-      ["merged_pr", "maintainer_comment", "duplicate_reference", "superseded_reference"].includes(s.type)
-    ) || pre.hardSignals.length > 0;
-
-  const hasContradiction =
-    (modelOut.contradictions || []).length > 0 || pre.contradictions.length > 0;
-
-  // Only auto-close with very strict criteria
-  if (
-    modelOut.decision === "AUTO_CLOSE" &&
-    modelOut.confidence >= 0.97 &&
-    approvedReasons.has(modelOut.reason_code) &&
-    hasHardSignal &&
-    !hasContradiction
-  ) {
-    return "AUTO_CLOSE";
-  }
-
-  // Downgrade AUTO_CLOSE that didn't pass the gate
-  if (modelOut.decision === "AUTO_CLOSE") {
-    return "MANUAL_REVIEW";
-  }
-
-  // Otherwise trust the model
-  return modelOut.decision;
-}
-
-console.log(`Classifying ${candidates.length} candidates with ${MODEL}...\n`);
-
-// 15 req/min limit → 1 request every 4s. Use 4.5s for safety margin.
-const PACE_MS = 4500;
-let lastRequestTime = 0;
-
-async function paced(fn) {
-  const elapsed = Date.now() - lastRequestTime;
-  if (elapsed < PACE_MS) await sleep(PACE_MS - elapsed);
-  lastRequestTime = Date.now();
-  return fn();
-}
-
-const decisions = [];
-for (const candidate of candidates) {
-  const pre = preScore(candidate);
-  const modelOut = await paced(() => callGitHubModel(candidate, pre));
-
-  if (modelOut === null) {
-    console.warn(`\nQuota exhausted after ${decisions.length} issues. Writing partial results.`);
-    break;
-  }
-
-  const finalDecision = enforcePolicy(modelOut, pre);
-
-  decisions.push({
-    repository: candidate.repository,
-    issue_number: candidate.issue.number,
-    issue_url: candidate.issue.html_url,
-    title: candidate.issue.title,
-    pre_score: pre.score,
-    final_decision: finalDecision,
-    model: modelOut
-  });
-
-  console.log(
-    `#${candidate.issue.number} | pre_score: ${pre.score} | model: ${modelOut.decision} @ ${modelOut.confidence} | final: ${finalDecision} | ${modelOut.reason_code}`
-  );
-}
-
-await fs.writeFile("decisions.json", JSON.stringify(decisions, null, 2));
-console.log(`\nWrote ${decisions.length} decisions to decisions.json`);

.github/issue-resolution/scripts/fetch-candidates.mjs

@@ -1,123 +0,0 @@
-import fs from "node:fs/promises";
-
-const token = process.env.GH_TOKEN;
-const repo = process.env.REPO; // "owner/repo"
-const maxIssues = Number(process.env.MAX_ISSUES) || 100;
-
-const headers = {
-  Authorization: `Bearer ${token}`,
-  Accept: "application/vnd.github+json",
-  "X-GitHub-Api-Version": "2022-11-28",
-};
-
-async function rest(url) {
-  const res = await fetch(url, { headers });
-  if (!res.ok) throw new Error(`${res.status} ${url}: ${await res.text()}`);
-  return res.json();
-}
-
-async function restSafe(url) {
-  const res = await fetch(url, { headers });
-  if (!res.ok) return null;
-  return res.json();
-}
-
-async function paginate(url, max) {
-  const items = [];
-  let page = 1;
-  while (items.length < max) {
-    const perPage = Math.min(100, max - items.length);
-    const sep = url.includes("?") ? "&" : "?";
-    const batch = await rest(`${url}${sep}per_page=${perPage}&page=${page}`);
-    if (!batch.length) break;
-    items.push(...batch);
-    page++;
-  }
-  return items.slice(0, max);
-}
-
-console.log(`Fetching up to ${maxIssues} open issues from ${repo}...`);
-
-const issues = await paginate(
-  `https://api.github.com/repos/${repo}/issues?state=open&sort=updated&direction=asc`,
-  maxIssues
-);
-
-// Filter out pull requests (GitHub API returns PRs as issues too)
-const realIssues = issues.filter((i) => !i.pull_request);
-console.log(`Found ${realIssues.length} open issues (excluded PRs).`);
-
-const candidates = [];
-for (const issue of realIssues) {
-  const [comments, timeline] = await Promise.all([
-    rest(`https://api.github.com/repos/${repo}/issues/${issue.number}/comments?per_page=100`),
-    rest(`https://api.github.com/repos/${repo}/issues/${issue.number}/timeline?per_page=100`),
-  ]);
-
-  candidates.push({
-    repository: repo,
-    issue: {
-      number: issue.number,
-      html_url: issue.html_url,
-      title: issue.title,
-      body: issue.body,
-      created_at: issue.created_at,
-      updated_at: issue.updated_at,
-      labels: issue.labels.map((l) => l.name),
-    },
-    comments: comments.map((c) => ({
-      body: c.body,
-      author_association: c.author_association,
-      html_url: c.html_url,
-      created_at: c.created_at,
-      user: c.user?.login,
-    })),
-    timeline: timeline.map((t) => ({
-      event: t.event,
-      created_at: t.created_at,
-      source: t.source
-        ? {
-            issue: {
-              html_url: t.source.issue?.html_url,
-              pull_request: t.source.issue?.pull_request
-                ? { html_url: t.source.issue.pull_request.html_url }
-                : undefined,
-            },
-          }
-        : undefined,
-    })),
-    linked_prs: [],
-  });
-
-  // Fetch merge status for cross-referenced PRs
-  const prUrls = new Set();
-  for (const t of timeline) {
-    const prHtml = t.source?.issue?.pull_request?.html_url;
-    if (t.event === "cross-referenced" && prHtml) {
-      prUrls.add(prHtml);
-    }
-  }
-
-  const candidate = candidates[candidates.length - 1];
-  for (const prHtml of prUrls) {
-    // Extract owner/repo and PR number from URL like https://github.com/owner/repo/pull/123
-    const match = prHtml.match(/github\.com\/([^/]+\/[^/]+)\/pull\/(\d+)/);
-    if (!match) continue;
-    const [, prRepo, prNum] = match;
-    const pr = await restSafe(`https://api.github.com/repos/${prRepo}/pulls/${prNum}`);
-    if (!pr) continue;
-    candidate.linked_prs.push({
-      number: pr.number,
-      title: pr.title,
-      url: prHtml,
-      state: pr.state,
-      merged: pr.merged || false,
-      merged_at: pr.merged_at,
-    });
-  }
-
-  console.log(`  #${issue.number} — ${comments.length} comments, ${timeline.length} timeline events, ${candidate.linked_prs.length} linked PRs`);
-}
-
-await fs.writeFile("candidates.json", JSON.stringify(candidates, null, 2));
-console.log(`Wrote ${candidates.length} candidates to candidates.json`);

.github/workflows/issue-resolution-triage.yml

@@ -1,63 +0,0 @@
-name: issue-resolution-triage
-
-on:
-  push:
-    branches: [github-issue-resolver]
-  workflow_dispatch:
-    inputs:
-      dry_run:
-        description: "If true, do not close issues"
-        required: false
-        default: "true"
-      max_issues:
-        description: "How many issues to process"
-        required: false
-        default: "100"
-  schedule:
-    - cron: "17 2 * * *"
-
-permissions:
-  contents: read
-  issues: write
-  pull-requests: read
-  models: read
-
-#  todo: remove hardcoded values
-jobs:
-  triage:
-    runs-on: ubuntu-latest
-    env:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      PROJECT_PAT: ${{ secrets.PROJECT_PAT }}
-      DRY_RUN: "true"
-      MAX_ISSUES: "100"
-      REPO: ${{ github.repository }}
-      PROJECT_ID: "PVT_kwDOBfz4Jc4BVeWR"
-      PROJECT_STATUS_FIELD_ID: "PVTSSF_lADOBfz4Jc4BVeWRzhQ56sU"
-      PROJECT_STATUS_OPTION_NEEDS_REVIEW_ID: "a55a2be9"
-      PROJECT_CONFIDENCE_FIELD_ID: "PVTF_lADOBfz4Jc4BVeWRzhQ57x4"
-      PROJECT_REASON_FIELD_ID: "PVTF_lADOBfz4Jc4BVeWRzhQ5-Lg"
-      PROJECT_EVIDENCE_FIELD_ID: "PVTF_lADOBfz4Jc4BVeWRzhQ5-Pw"
-
-    defaults:
-      run:
-        working-directory: .github/issue-resolution
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-
-      - run: node scripts/fetch-candidates.mjs
-      - run: node scripts/classify-candidates.mjs
-      - run: node scripts/apply-decisions.mjs
-
-      - uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: triage-results
-          path: |
-            .github/issue-resolution/candidates.json
-            .github/issue-resolution/decisions.json

client/internal/connect.go

@@ -333,10 +333,6 @@ func (c *ConnectClient) run(mobileDependency MobileDependency, runningChan chan
 		c.statusRecorder.MarkSignalConnected()
 
 		relayURLs, token := parseRelayInfo(loginResp)
-		if override, ok := peer.OverrideRelayURLs(); ok {
-			log.Infof("overriding relay URLs from %s: %v", peer.EnvKeyNBHomeRelayServers, override)
-			relayURLs = override
-		}
 		peerConfig := loginResp.GetPeerConfig()
 
 		engineConfig, err := createEngineConfig(myPrivateKey, c.config, peerConfig, logPath)

client/internal/engine.go

@@ -944,12 +944,7 @@ func (e *Engine) handleRelayUpdate(update *mgmProto.RelayConfig) error {
 			return fmt.Errorf("update relay token: %w", err)
 		}
 
-		urls := update.Urls
-		if override, ok := peer.OverrideRelayURLs(); ok {
-			log.Infof("overriding relay URLs from %s: %v", peer.EnvKeyNBHomeRelayServers, override)
-			urls = override
-		}
-		e.relayManager.UpdateServerURLs(urls)
+		e.relayManager.UpdateServerURLs(update.Urls)
 
 		// Just in case the agent started with an MGM server where the relay was disabled but was later enabled.
 		// We can ignore all errors because the guard will manage the reconnection retries.

client/internal/peer/env.go

@@ -7,8 +7,7 @@ import (
 )
 
 const (
-	EnvKeyNBForceRelay       = "NB_FORCE_RELAY"
-	EnvKeyNBHomeRelayServers = "NB_HOME_RELAY_SERVERS"
+	EnvKeyNBForceRelay = "NB_FORCE_RELAY"
 )
 
 func IsForceRelayed() bool {
@@ -17,28 +16,3 @@ func IsForceRelayed() bool {
 	}
 	return strings.EqualFold(os.Getenv(EnvKeyNBForceRelay), "true")
 }
-
-// OverrideRelayURLs returns the relay server URL list set in
-// NB_HOME_RELAY_SERVERS (comma-separated) and a boolean indicating whether
-// the override is active. When the env var is unset, the boolean is false
-// and the caller should keep the list received from the management server.
-// Intended for lab/debug scenarios where a peer must pin to a specific home
-// relay regardless of what management offers.
-func OverrideRelayURLs() ([]string, bool) {
-	raw := os.Getenv(EnvKeyNBHomeRelayServers)
-	if raw == "" {
-		return nil, false
-	}
-	parts := strings.Split(raw, ",")
-	urls := make([]string, 0, len(parts))
-	for _, p := range parts {
-		p = strings.TrimSpace(p)
-		if p != "" {
-			urls = append(urls, p)
-		}
-	}
-	if len(urls) == 0 {
-		return nil, false
-	}
-	return urls, true
-}

release_files/darwin-ui-uninstaller.sh

@@ -1,14 +1,19 @@
 #!/bin/sh
 
-export PATH=$PATH:/usr/local/bin
+export PATH=$PATH:/usr/local/bin:/opt/homebrew/bin
 
-# check if netbird is installed
-NB_BIN=$(which netbird)
-if [ -z "$NB_BIN" ]
-then
-  exit 0
+NB_BIN=$(command -v netbird)
+if [ -n "$NB_BIN" ]; then
+  echo "Stopping NetBird daemon"
+  "$NB_BIN" service stop 2>/dev/null || true
+  echo "Uninstalling NetBird daemon"
+  "$NB_BIN" service uninstall 2>/dev/null || true
 fi
-# start netbird daemon service
-echo "netbird daemon service still running. You can uninstall it by running: "
-echo "sudo netbird service stop"
-echo "sudo netbird service uninstall"
+
+PLIST=/Library/LaunchDaemons/netbird.plist
+if [ -f "$PLIST" ]; then
+  launchctl bootout system "$PLIST" 2>/dev/null || launchctl unload "$PLIST" 2>/dev/null || true
+  rm -f "$PLIST"
+fi
+
+exit 0

shared/management/client/grpc.go

@@ -252,19 +252,21 @@ func (c *GrpcClient) handleJobStream(
 					c.notifyDisconnected(err)
 					return backoff.Permanent(err) // unrecoverable error, propagate to the upper layer
 				case codes.Canceled:
-					log.Debugf("job stream context has been canceled, this usually indicates shutdown")
+					log.Debugf("management connection context has been canceled, this usually indicates shutdown")
 					return err
 				case codes.Unimplemented:
 					log.Warn("Job feature is not supported by the current management server version. " +
 						"Please update the management service to use this feature.")
 					return nil
 				default:
-					log.Warnf("job stream disconnected, will retry silently. Reason: %v", err)
+					c.notifyDisconnected(err)
+					log.Warnf("disconnected from the Management service but will retry silently. Reason: %v", err)
 					return err
 				}
 			} else {
 				// non-gRPC error
-				log.Warnf("job stream disconnected, will retry silently. Reason: %v", err)
+				c.notifyDisconnected(err)
+				log.Warnf("disconnected from the Management service but will retry silently. Reason: %v", err)
 				return err
 			}
 		}

shared/relay/client/guard.go

@@ -8,7 +8,10 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
-const defaultMaxBackoffInterval = 60 * time.Second
+const (
+	// TODO: make it configurable, the manager should validate all configurable parameters
+	reconnectingTimeout = 60 * time.Second
+)
 
 // Guard manage the reconnection tries to the Relay server in case of disconnection event.
 type Guard struct {
@@ -16,23 +19,14 @@ type Guard struct {
 	OnNewRelayClient chan *Client
 	OnReconnected    chan struct{}
 	serverPicker     *ServerPicker
-
-	// maxBackoffInterval caps the exponential backoff between reconnect
-	// attempts.
-	maxBackoffInterval time.Duration
 }
 
-// NewGuard creates a new guard for the relay client. A non-positive
-// maxBackoffInterval falls back to defaultMaxBackoffInterval.
-func NewGuard(sp *ServerPicker, maxBackoffInterval time.Duration) *Guard {
-	if maxBackoffInterval <= 0 {
-		maxBackoffInterval = defaultMaxBackoffInterval
-	}
+// NewGuard creates a new guard for the relay client.
+func NewGuard(sp *ServerPicker) *Guard {
 	g := &Guard{
-		OnNewRelayClient:   make(chan *Client, 1),
-		OnReconnected:      make(chan struct{}, 1),
-		serverPicker:       sp,
-		maxBackoffInterval: maxBackoffInterval,
+		OnNewRelayClient: make(chan *Client, 1),
+		OnReconnected:    make(chan struct{}, 1),
+		serverPicker:     sp,
 	}
 	return g
 }
@@ -55,7 +49,7 @@ func (g *Guard) StartReconnectTrys(ctx context.Context, relayClient *Client) {
 	}
 
 	// start a ticker to pick a new server
-	ticker := g.exponentTicker(ctx)
+	ticker := exponentTicker(ctx)
 	defer ticker.Stop()
 
 	for {
@@ -131,11 +125,11 @@ func (g *Guard) notifyReconnected() {
 	}
 }
 
-func (g *Guard) exponentTicker(ctx context.Context) *backoff.Ticker {
+func exponentTicker(ctx context.Context) *backoff.Ticker {
 	bo := backoff.WithContext(&backoff.ExponentialBackOff{
 		InitialInterval: 2 * time.Second,
 		Multiplier:      2,
-		MaxInterval:     g.maxBackoffInterval,
+		MaxInterval:     reconnectingTimeout,
 		Clock:           backoff.SystemClock,
 	}, ctx)
 

shared/relay/client/manager.go

@@ -39,15 +39,6 @@ func NewRelayTrack() *RelayTrack {
 
 type OnServerCloseListener func()
 
-// ManagerOption configures a Manager at construction time.
-type ManagerOption func(*Manager)
-
-// WithMaxBackoffInterval caps the exponential backoff between reconnect
-// attempts to the home relay. A non-positive value keeps the default.
-func WithMaxBackoffInterval(d time.Duration) ManagerOption {
-	return func(m *Manager) { m.maxBackoffInterval = d }
-}
-
 // Manager is a manager for the relay client instances. It establishes one persistent connection to the given relay URL
 // and automatically reconnect to them in case disconnection.
 // The manager also manage temporary relay connection. If a client wants to communicate with a client on a
@@ -73,13 +64,12 @@ type Manager struct {
 	onReconnectedListenerFn func()
 	listenerLock            sync.Mutex
 
-	mtu                uint16
-	maxBackoffInterval time.Duration
+	mtu uint16
 }
 
 // NewManager creates a new manager instance.
 // The serverURL address can be empty. In this case, the manager will not serve.
-func NewManager(ctx context.Context, serverURLs []string, peerID string, mtu uint16, opts ...ManagerOption) *Manager {
+func NewManager(ctx context.Context, serverURLs []string, peerID string, mtu uint16) *Manager {
 	tokenStore := &relayAuth.TokenStore{}
 
 	m := &Manager{
@@ -96,11 +86,8 @@ func NewManager(ctx context.Context, serverURLs []string, peerID string, mtu uin
 		relayClients:            make(map[string]*RelayTrack),
 		onDisconnectedListeners: make(map[string]*list.List),
 	}
-	for _, opt := range opts {
-		opt(m)
-	}
 	m.serverPicker.ServerURLs.Store(serverURLs)
-	m.reconnectGuard = NewGuard(m.serverPicker, m.maxBackoffInterval)
+	m.reconnectGuard = NewGuard(m.serverPicker)
 	return m
 }
 
@@ -303,36 +290,19 @@ func (m *Manager) onServerConnected() {
 	go m.onReconnectedListenerFn()
 }
 
-// onServerDisconnected handles relay disconnect events. For the home server it
-// starts the reconnect guard. For foreign servers it evicts the now-dead client
-// from the cache so the next OpenConn builds a fresh one instead of reusing a
-// closed client.
+// onServerDisconnected start to reconnection for home server only
 func (m *Manager) onServerDisconnected(serverAddress string) {
 	m.relayClientMu.Lock()
-	isHome := m.relayClient != nil && serverAddress == m.relayClient.connectionURL
-	if isHome {
+	if serverAddress == m.relayClient.connectionURL {
 		go func(client *Client) {
 			m.reconnectGuard.StartReconnectTrys(m.ctx, client)
 		}(m.relayClient)
 	}
 	m.relayClientMu.Unlock()
 
-	if !isHome {
-		m.evictForeignRelay(serverAddress)
-	}
-
 	m.notifyOnDisconnectListeners(serverAddress)
 }
 
-func (m *Manager) evictForeignRelay(serverAddress string) {
-	m.relayClientsMutex.Lock()
-	defer m.relayClientsMutex.Unlock()
-	if _, ok := m.relayClients[serverAddress]; ok {
-		delete(m.relayClients, serverAddress)
-		log.Debugf("evicted disconnected foreign relay client: %s", serverAddress)
-	}
-}
-
 func (m *Manager) listenGuardEvent(ctx context.Context) {
 	for {
 		select {

shared/relay/client/manager_test.go

@@ -2,7 +2,6 @@ package client
 
 import (
 	"context"
-	"fmt"
 	"testing"
 	"time"
 
@@ -361,8 +360,7 @@ func TestAutoReconnect(t *testing.T) {
 		t.Fatalf("failed to serve manager: %s", err)
 	}
 
-	clientAlice := NewManager(mCtx, toURL(srvCfg), "alice", iface.DefaultMTU,
-		WithMaxBackoffInterval(2*time.Second))
+	clientAlice := NewManager(mCtx, toURL(srvCfg), "alice", iface.DefaultMTU)
 	err = clientAlice.Serve()
 	if err != nil {
 		t.Fatalf("failed to serve manager: %s", err)
@@ -386,9 +384,7 @@ func TestAutoReconnect(t *testing.T) {
 	}
 
 	log.Infof("waiting for reconnection")
-	if err := waitForReady(ctx, clientAlice, 15*time.Second); err != nil {
-		t.Fatalf("manager did not reconnect: %s", err)
-	}
+	time.Sleep(reconnectingTimeout + 1*time.Second)
 
 	log.Infof("reopent the connection")
 	_, err = clientAlice.OpenConn(ctx, ra, "bob")
@@ -397,21 +393,6 @@ func TestAutoReconnect(t *testing.T) {
 	}
 }
 
-func waitForReady(ctx context.Context, m *Manager, timeout time.Duration) error {
-	deadline := time.Now().Add(timeout)
-	for time.Now().Before(deadline) {
-		if m.Ready() {
-			return nil
-		}
-		select {
-		case <-time.After(100 * time.Millisecond):
-		case <-ctx.Done():
-			return ctx.Err()
-		}
-	}
-	return fmt.Errorf("manager not ready within %s", timeout)
-}
-
 func TestNotifierDoubleAdd(t *testing.T) {
 	ctx := context.Background()