Harden Native SSH Deploy Checks

Native deploys over SSH were failing for avoidable operator reasons: the remote shell did not inherit Bun's install path, and native verification assumed it was already running from the repository root before it called checked-in health scripts. This patch makes the SSH path more forgiving and fixes the verification working directory.

Generated 2026-05-19 19:38 EDT

Summary

Updated scripts/deploy.ts so native SSH deploys prepend $HOME/.bun/bin when it exists, and native verification now explicitly cds into the remote repo before running the checked-in health helpers.

Changes Made

Prepended $HOME/.bun/bin during native remote precheck when available.
Prepended $HOME/.bun/bin during native remote rollout when available.
Changed native remote verification to run from /home/delta/islandflow before calling deployment/native/check-native-infra.sh.

Context

During a live native rollout, the deploy helper failed first because the non-login SSH shell could not find bun even though it was installed under the deploy user's home directory. After that was corrected on the host, worker rollout still reported failure because remote verification executed from the home directory and could not resolve the relative path to the checked-in infra check script.

Important Implementation Details

The fallback only adjusts PATH when $HOME/.bun/bin/bun exists, so it stays harmless on hosts that already expose Bun globally.
The repo-root cd keeps the existing relative helper calls intact instead of hardcoding every individual script path in multiple places.
This change improves SSH-based deploys without changing local-server deploy behavior.

Relevant Diff Snippets

Unified diff blocks below are formatted for diffs-compatible rendering.

diff --git a/scripts/deploy.ts b/scripts/deploy.ts
@@ -754,6 +754,10 @@ set -euo pipefail
 
 cd ${shellEscape(REMOTE_REPO)}
 
+if [[ -x "$HOME/.bun/bin/bun" ]]; then
+  export PATH="$HOME/.bun/bin:$PATH"
+fi
+
 if ! command -v bun >/dev/null 2>&1; then

@@ -855,6 +859,10 @@ set -euo pipefail
 
+if [[ -x "$HOME/.bun/bin/bun" ]]; then
+  export PATH="$HOME/.bun/bin:$PATH"
+fi
+
 ${remoteGitUpdateScript(mode, remote, branch)}

@@ -943,6 +951,12 @@ set -euo pipefail
 
+cd ${shellEscape(REMOTE_REPO)}
+
+if [[ -x "$HOME/.bun/bin/bun" ]]; then
+  export PATH="$HOME/.bun/bin:$PATH"
+fi
+
 declare -a units=(${units})

Expected Impact for End-Users

End users should see fewer failed native deploy attempts and fewer partial restarts caused by tooling assumptions rather than application health. This lowers the odds of avoidable downtime during native rollouts.

Validation

Observed the original failures during live rollout: missing bun in SSH PATH and missing deployment/native/check-native-infra.sh during remote verification.
Used the patched operational path to complete native worker, API, and web rollouts successfully on the VPS.
Verified API health at http://127.0.0.1:4000/health and web health at both http://127.0.0.1:3000/ and https://flow.deltaisland.io.

Issues, Limitations, and Mitigations

This patch does not solve the separate ingest-news credential problem. Full native deploys still need that unit and provider path to be made healthy before they are completely clean.
The VPS also needed a host-level Bun symlink during this recovery. The repo patch reduces dependence on that fix for future SSH deploys but does not remove it retroactively.

Follow-up Work

islandflow-fmg: Keep the deploy helper aligned with the actual VPS runtime assumptions and add regression checks around native verification paths.
islandflow-wf5: Decide whether ingest-news and live options should stay provider-backed or remain intentionally synthetic until auth is hardened.