chore(e2e): stop and reap leaked isolated Obsidian E2E instances

[chhoumann]

Summary

The per-worktree Obsidian E2E isolation wrapper (PR #188) starts a private-HOME Obsidian instance per worktree (profile dir under /private/tmp/podnotes-obsidian-e2e/<vault>-<hash>/) but nothing stopped it. When a worktree was removed on merge, every completed worker leaked an Obsidian process tree and a /private/tmp vault dir. This adds a reliable teardown.

This is DevX tooling only — no plugin runtime / user-facing behavior changes.

What's added

• scripts/stop-obsidian-e2e-instance.mjs + npm run stop:e2e-obsidian — identifies this worktree's instance by its private --user-data-dir=<instance>/ token (handles the macOS /tmp ↔ /private/tmp firmlink so the whole Electron tree is matched), terminates that process tree (SIGTERM, then SIGKILL for stragglers), and removes its profile dir behind a safe-path + profile-root containment guard. Supports --dry-run, --json, --prune.
• Orca archive hook (orca.yaml) — scripts.archive runs the teardown on orca worktree rm --run-hooks (cwd = worktree, $ORCA_WORKTREE_PATH), guarded with command -v node. A failed hook is logged by Orca but never blocks removal.
• Reap-on-start safety net — start:e2e-obsidian and obsidian:e2e reap orphaned instances (those whose worktree is gone, recorded via a new podnotes-e2e-instance.json marker) before launching, so leaks are cleaned even when a worktree is removed without --run-hooks. An idle instance for a worktree that still exists is left alone so concurrent workers reuse it.
• Docs — AGENTS.md "Stopping an isolated instance" subsection.
• Tests — scripts/stop-obsidian-e2e-instance.test.ts (23 cases): process-tree matching across /tmp vs /private/tmp, flag-scoped seeding, descendant walk, SIGTERM→SIGKILL, safe-path/containment guards, marker-based orphan detection, and reap isolation.

Safety invariants (held)

The teardown only ever targets the current worktree's instance. The shared dev vault (real $HOME, no /tmp token), other worktrees (distinct per-worktree hash), and all quickadd instances (/tmp/quickadd-obsidian-e2e/...) are never touched.

Runtime verification (real Obsidian, this worktree)

• Started an isolated instance → verifiedPodNotes: true; the marker recorded the worktree path.
• stop --dry-run listed exactly the instance's 4 pids and removed nothing.
• stop terminated exactly those pids and removed the profile dir, while a live sibling worktree instance, 3 quickadd instances, and the shared dev vault all stayed alive and the sibling's dir was intact.
• Synthetic worktree-gone orphan → reaped; live sibling spared.

Review

Ran a 3-reviewer pass (1 comprehensive + 2 adversarial), each finding independently verified against the code: 13 raised, 10 confirmed, 0 must-fix. Addressed the high-value confirmed items in the second commit (flag-scoped matcher, worktree-marker orphan signal, EPERM tolerance, per-orphan isolation, containment guard, hook node guard).

Commands run (Node 22)

npm run lint · npm run format:check · npm run typecheck · npm run build · npm run test (453 passing). docs:build skipped (no docs/ changes; mkdocs not installed locally).

Release / migration impact

None. Tooling/scripts only; no plugin code, settings, storage, API, or URI behavior changes.

Note on hook activation

Orca reads orca.yaml from the registered repo root (/Users/christian/Developer/PodNotes), so the archive hook becomes active for future worktree removals once this merges to master. The stop:e2e-obsidian script and reap-on-start net work immediately regardless.

[cloudflare-workers-and-pages]

Deploying podnotes with    Cloudflare Pages

Latest commit:	62e8852
Status:	✅  Deploy successful!
Preview URL:	https://12fee50f.podnotes.pages.dev
Branch Preview URL:	https://chhoumann-devx-e2e-vault-tea.podnotes.pages.dev

View logs