opencode-cloud-core 25.1.3

Core library for opencode-cloud - config management, singleton enforcement, and shared utilities
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277

//! SSH tunnel management
//!
//! Creates and manages SSH tunnels to remote Docker daemons.

use std::net::TcpListener;
use std::process::{Child, Command, Stdio};
use std::time::Duration;

use super::error::HostError;
use super::schema::HostConfig;

/// SSH tunnel to a remote Docker daemon
///
/// The tunnel forwards a local port to the remote Docker socket.
/// Implements Drop to ensure the SSH process is killed on cleanup.
pub struct SshTunnel {
    child: Child,
    local_port: u16,
    host_name: String,
}

impl SshTunnel {
    /// Create SSH tunnel to remote Docker socket
    ///
    /// Spawns an SSH process with local port forwarding:
    /// `ssh -L local_port:/var/run/docker.sock -N host`
    ///
    /// Uses BatchMode=yes to fail fast if key not in agent.
    pub fn new(host: &HostConfig, host_name: &str) -> Result<Self, HostError> {
        // Find available local port
        let local_port = find_available_port()?;

        // Build SSH command
        let mut cmd = Command::new("ssh");

        // Local port forward: local_port -> remote docker.sock
        cmd.arg("-L")
            .arg(format!("{local_port}:/var/run/docker.sock"));

        // No command, just forward
        cmd.arg("-N");

        // Suppress prompts, fail fast on auth issues
        cmd.arg("-o").arg("BatchMode=yes");

        // Accept new host keys automatically (first connection)
        cmd.arg("-o").arg("StrictHostKeyChecking=accept-new");

        // Connection timeout
        cmd.arg("-o").arg("ConnectTimeout=10");

        // Prevent SSH from reading stdin (fixes issues with background operation)
        cmd.arg("-o").arg("RequestTTY=no");

        // Jump host support
        if let Some(jump) = &host.jump_host {
            cmd.arg("-J").arg(jump);
        }

        // Identity file
        if let Some(key) = &host.identity_file {
            cmd.arg("-i").arg(key);
        }

        // Custom port
        if let Some(port) = host.port {
            cmd.arg("-p").arg(port.to_string());
        }

        // Target: user@hostname
        cmd.arg(format!("{}@{}", host.user, host.hostname));

        // Configure stdio
        cmd.stdin(Stdio::null())
            .stdout(Stdio::null())
            .stderr(Stdio::piped());

        tracing::debug!(
            "Spawning SSH tunnel: ssh -L {}:/var/run/docker.sock {}@{}",
            local_port,
            host.user,
            host.hostname
        );

        let child = cmd.spawn().map_err(|e| {
            if e.kind() == std::io::ErrorKind::NotFound {
                HostError::SshSpawn("SSH not found. Install OpenSSH client.".to_string())
            } else {
                HostError::SshSpawn(e.to_string())
            }
        })?;

        Ok(Self {
            child,
            local_port,
            host_name: host_name.to_string(),
        })
    }

    /// Get the local port for Docker connection
    pub fn local_port(&self) -> u16 {
        self.local_port
    }

    /// Get the Docker connection URL
    pub fn docker_url(&self) -> String {
        format!("tcp://127.0.0.1:{}", self.local_port)
    }

    /// Get the host name this tunnel connects to
    pub fn host_name(&self) -> &str {
        &self.host_name
    }

    /// Wait for tunnel to be ready (port accepting connections)
    ///
    /// Retries with exponential backoff: 100ms, 200ms, 400ms (3 attempts)
    pub async fn wait_ready(&self) -> Result<(), HostError> {
        let max_attempts = 3;
        let initial_delay_ms = 100;

        for attempt in 0..max_attempts {
            if attempt > 0 {
                let delay = Duration::from_millis(initial_delay_ms * 2u64.pow(attempt));
                tracing::debug!("Tunnel wait attempt {} after {:?}", attempt + 1, delay);
                tokio::time::sleep(delay).await;
            }

            // Try to connect to the local port
            match std::net::TcpStream::connect_timeout(
                &format!("127.0.0.1:{}", self.local_port).parse().unwrap(),
                Duration::from_secs(1),
            ) {
                Ok(_) => {
                    tracing::debug!("SSH tunnel ready on port {}", self.local_port);
                    return Ok(());
                }
                Err(e) => {
                    tracing::debug!("Tunnel not ready: {}", e);
                }
            }
        }

        Err(HostError::TunnelTimeout(max_attempts))
    }

    /// Check if the SSH process is still running
    pub fn is_alive(&mut self) -> bool {
        matches!(self.child.try_wait(), Ok(None))
    }
}

impl Drop for SshTunnel {
    fn drop(&mut self) {
        tracing::debug!(
            "Cleaning up SSH tunnel to {} (port {})",
            self.host_name,
            self.local_port
        );
        if let Err(e) = self.child.kill() {
            // Process may have already exited
            tracing::debug!("SSH tunnel kill result: {}", e);
        }
        // Wait to reap the zombie process
        let _ = self.child.wait();
    }
}

/// Find an available local port for the tunnel
fn find_available_port() -> Result<u16, HostError> {
    // Bind to port 0 to get OS-assigned port
    let listener =
        TcpListener::bind("127.0.0.1:0").map_err(|e| HostError::PortAllocation(e.to_string()))?;

    let port = listener
        .local_addr()
        .map_err(|e| HostError::PortAllocation(e.to_string()))?
        .port();

    // Drop listener to free the port
    drop(listener);

    Ok(port)
}

/// Test SSH connection to a host
///
/// Runs `ssh user@host docker version` to verify:
/// 1. SSH connection works
/// 2. Docker is available on remote
pub async fn test_connection(host: &HostConfig) -> Result<String, HostError> {
    let mut cmd = Command::new("ssh");

    // Standard options
    cmd.arg("-o")
        .arg("BatchMode=yes")
        .arg("-o")
        .arg("ConnectTimeout=10")
        .arg("-o")
        .arg("StrictHostKeyChecking=accept-new");

    // Host-specific options (port, identity, jump, user@host)
    cmd.args(host.ssh_args());

    // Docker version command
    cmd.arg("docker")
        .arg("version")
        .arg("--format")
        .arg("{{.Server.Version}}");

    cmd.stdin(Stdio::null())
        .stdout(Stdio::piped())
        .stderr(Stdio::piped());

    let output = cmd.output().map_err(|e| {
        if e.kind() == std::io::ErrorKind::NotFound {
            HostError::SshSpawn("SSH not found. Install OpenSSH client.".to_string())
        } else {
            HostError::SshSpawn(e.to_string())
        }
    })?;

    if output.status.success() {
        let version = String::from_utf8_lossy(&output.stdout).trim().to_string();
        tracing::info!("Docker version on remote: {}", version);
        Ok(version)
    } else {
        let stderr = String::from_utf8_lossy(&output.stderr);

        // Detect authentication failures
        if stderr.contains("Permission denied") || stderr.contains("Host key verification failed") {
            return Err(HostError::AuthFailed {
                key_hint: host.identity_file.clone(),
            });
        }

        // Detect Docker not available
        if stderr.contains("command not found") || stderr.contains("not found") {
            return Err(HostError::RemoteDockerUnavailable(
                "Docker is not installed on remote host".to_string(),
            ));
        }

        Err(HostError::ConnectionFailed(stderr.to_string()))
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::net::TcpListener;

    fn can_bind_localhost() -> bool {
        TcpListener::bind(("127.0.0.1", 0)).is_ok()
    }

    #[test]
    fn test_find_available_port() {
        if !can_bind_localhost() {
            eprintln!("Skipping test: cannot bind to localhost in this environment.");
            return;
        }
        let port = find_available_port().unwrap();
        assert!(port > 0);

        // Port should be available (we can bind to it)
        let listener = TcpListener::bind(format!("127.0.0.1:{port}"));
        assert!(listener.is_ok());
    }

    #[test]
    fn test_docker_url_format() {
        // We can't easily test tunnel creation without SSH, but we can test the URL format
        let url = format!("tcp://127.0.0.1:{}", 12345);
        assert_eq!(url, "tcp://127.0.0.1:12345");
    }
}