@opencode-cloud/core 1.0.8 → 1.0.10

package/src/docker/health.rs

@@ -0,0 +1,165 @@
+//! Health check module for OpenCode service
+//!
+//! Provides health checking functionality by querying OpenCode's /global/health endpoint.
+
+use serde::{Deserialize, Serialize};
+use std::time::Duration;
+use thiserror::Error;
+
+use super::DockerClient;
+
+/// Response from OpenCode's /global/health endpoint
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct HealthResponse {
+    /// Whether the service is healthy
+    pub healthy: bool,
+    /// Service version string
+    pub version: String,
+}
+
+/// Extended health response including container stats
+#[derive(Debug, Serialize)]
+pub struct ExtendedHealthResponse {
+    /// Whether the service is healthy
+    pub healthy: bool,
+    /// Service version string
+    pub version: String,
+    /// Container state (running, stopped, etc.)
+    pub container_state: String,
+    /// Uptime in seconds
+    pub uptime_seconds: u64,
+    /// Memory usage in megabytes (if available)
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub memory_usage_mb: Option<u64>,
+}
+
+/// Errors that can occur during health checks
+#[derive(Debug, Error)]
+pub enum HealthError {
+    /// HTTP request failed
+    #[error("Request failed: {0}")]
+    RequestError(#[from] reqwest::Error),
+
+    /// Service returned non-200 status
+    #[error("Service unhealthy (HTTP {0})")]
+    Unhealthy(u16),
+
+    /// Connection refused - service may not be running
+    #[error("Connection refused - service may not be running")]
+    ConnectionRefused,
+
+    /// Request timed out - service may be starting
+    #[error("Timeout - service may be starting")]
+    Timeout,
+}
+
+/// Check health by querying OpenCode's /global/health endpoint
+///
+/// Returns the health response on success (HTTP 200).
+/// Returns an error for connection issues, timeouts, or non-200 responses.
+pub async fn check_health(port: u16) -> Result<HealthResponse, HealthError> {
+    let url = format!("http://127.0.0.1:{port}/global/health");
+
+    let client = reqwest::Client::builder()
+        .timeout(Duration::from_secs(5))
+        .build()?;
+
+    let response = match client.get(&url).send().await {
+        Ok(resp) => resp,
+        Err(e) => {
+            // Check for connection refused
+            if e.is_connect() {
+                return Err(HealthError::ConnectionRefused);
+            }
+            // Check for timeout
+            if e.is_timeout() {
+                return Err(HealthError::Timeout);
+            }
+            return Err(HealthError::RequestError(e));
+        }
+    };
+
+    let status = response.status();
+
+    if status.is_success() {
+        let health_response = response.json::<HealthResponse>().await?;
+        Ok(health_response)
+    } else {
+        Err(HealthError::Unhealthy(status.as_u16()))
+    }
+}
+
+/// Check health with extended information including container stats
+///
+/// Combines basic health check with container statistics from Docker.
+/// If container stats fail, still returns response with container_state = "unknown".
+pub async fn check_health_extended(
+    client: &DockerClient,
+    port: u16,
+) -> Result<ExtendedHealthResponse, HealthError> {
+    // Get basic health info
+    let health = check_health(port).await?;
+
+    // Get container stats
+    let container_name = super::CONTAINER_NAME;
+
+    // Try to get container info
+    let (container_state, uptime_seconds, memory_usage_mb) =
+        match client.inner().inspect_container(container_name, None).await {
+            Ok(info) => {
+                let state = info
+                    .state
+                    .as_ref()
+                    .and_then(|s| s.status.as_ref())
+                    .map(|s| s.to_string())
+                    .unwrap_or_else(|| "unknown".to_string());
+
+                // Calculate uptime
+                let uptime = info
+                    .state
+                    .as_ref()
+                    .and_then(|s| s.started_at.as_ref())
+                    .and_then(|started| {
+                        let timestamp = chrono::DateTime::parse_from_rfc3339(started).ok()?;
+                        let now = chrono::Utc::now();
+                        let started_utc = timestamp.with_timezone(&chrono::Utc);
+                        if now >= started_utc {
+                            Some((now - started_utc).num_seconds() as u64)
+                        } else {
+                            None
+                        }
+                    })
+                    .unwrap_or(0);
+
+                // Get memory usage (would require stats API call - skip for now)
+                let memory = None;
+
+                (state, uptime, memory)
+            }
+            Err(_) => ("unknown".to_string(), 0, None),
+        };
+
+    Ok(ExtendedHealthResponse {
+        healthy: health.healthy,
+        version: health.version,
+        container_state,
+        uptime_seconds,
+        memory_usage_mb,
+    })
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[tokio::test]
+    async fn test_health_check_connection_refused() {
+        // Port 1 should always refuse connection
+        let result = check_health(1).await;
+        assert!(result.is_err());
+        match result.unwrap_err() {
+            HealthError::ConnectionRefused => {}
+            other => panic!("Expected ConnectionRefused, got: {other:?}"),
+        }
+    }
+}

package/src/docker/image.rs

@@ -203,8 +203,7 @@ pub async fn pull_image(
             Ok(full_name)
         }
         Err(dockerhub_err) => Err(DockerError::Pull(format!(
-            "Failed to pull from both registries. GHCR: {}. Docker Hub: {}",
-            ghcr_err, dockerhub_err
+            "Failed to pull from both registries. GHCR: {ghcr_err}. Docker Hub: {dockerhub_err}"
         ))),
     }
 }
@@ -246,8 +245,7 @@ async fn pull_from_registry(
 
     Err(last_error.unwrap_or_else(|| {
         DockerError::Pull(format!(
-            "Pull failed for {} after {} attempts",
-            full_name, MAX_PULL_RETRIES
+            "Pull failed for {full_name} after {MAX_PULL_RETRIES} attempts"
         ))
     }))
 }

package/src/docker/mod.rs

@@ -8,13 +8,21 @@
 //! - Image build and pull operations
 //! - Volume management for persistent storage
 //! - Container lifecycle (create, start, stop, remove)
+//! - Container exec for running commands inside containers
+//! - User management operations (create, delete, lock/unlock users)
+//! - Image update and rollback operations
 
 mod client;
 pub mod container;
 mod dockerfile;
 mod error;
+pub mod exec;
+mod health;
 pub mod image;
 pub mod progress;
+pub mod update;
+pub mod users;
+mod version;
 pub mod volume;
 
 // Core types
@@ -22,12 +30,32 @@ pub use client::DockerClient;
 pub use error::DockerError;
 pub use progress::ProgressReporter;
 
+// Health check operations
+pub use health::{
+    ExtendedHealthResponse, HealthError, HealthResponse, check_health, check_health_extended,
+};
+
 // Dockerfile constants
 pub use dockerfile::{DOCKERFILE, IMAGE_NAME_DOCKERHUB, IMAGE_NAME_GHCR, IMAGE_TAG_DEFAULT};
 
 // Image operations
 pub use image::{build_image, image_exists, pull_image};
 
+// Update operations
+pub use update::{UpdateResult, has_previous_image, rollback_image, update_image};
+
+// Version detection
+pub use version::{VERSION_LABEL, get_cli_version, get_image_version, versions_compatible};
+
+// Container exec operations
+pub use exec::{exec_command, exec_command_exit_code, exec_command_with_stdin};
+
+// User management operations
+pub use users::{
+    UserInfo, create_user, delete_user, list_users, lock_user, set_user_password, unlock_user,
+    user_exists,
+};
+
 // Volume management
 pub use volume::{
     MOUNT_CONFIG, MOUNT_PROJECTS, MOUNT_SESSION, VOLUME_CONFIG, VOLUME_NAMES, VOLUME_PROJECTS,
@@ -49,10 +77,16 @@ pub use container::{
 /// * `client` - Docker client
 /// * `opencode_web_port` - Port to bind on host for opencode web UI (defaults to OPENCODE_WEB_PORT)
 /// * `env_vars` - Additional environment variables (optional)
+/// * `bind_address` - IP address to bind on host (defaults to "127.0.0.1")
+/// * `cockpit_port` - Port to bind on host for Cockpit (defaults to 9090)
+/// * `cockpit_enabled` - Whether to enable Cockpit port mapping (defaults to true)
 pub async fn setup_and_start(
     client: &DockerClient,
     opencode_web_port: Option<u16>,
     env_vars: Option<Vec<String>>,
+    bind_address: Option<&str>,
+    cockpit_port: Option<u16>,
+    cockpit_enabled: Option<bool>,
 ) -> Result<String, DockerError> {
     // Ensure volumes exist first
     volume::ensure_volumes_exist(client).await?;
@@ -65,13 +99,23 @@ pub async fn setup_and_start(
             .inspect_container(container::CONTAINER_NAME, None)
             .await
             .map_err(|e| {
-                DockerError::Container(format!("Failed to inspect existing container: {}", e))
+                DockerError::Container(format!("Failed to inspect existing container: {e}"))
             })?;
         info.id
             .unwrap_or_else(|| container::CONTAINER_NAME.to_string())
     } else {
         // Create new container
-        container::create_container(client, None, None, opencode_web_port, env_vars).await?
+        container::create_container(
+            client,
+            None,
+            None,
+            opencode_web_port,
+            env_vars,
+            bind_address,
+            cockpit_port,
+            cockpit_enabled,
+        )
+        .await?
     };
 
     // Start if not running
@@ -93,8 +137,7 @@ pub async fn stop_service(client: &DockerClient, remove: bool) -> Result<(), Doc
     // Check if container exists
     if !container::container_exists(client, name).await? {
         return Err(DockerError::Container(format!(
-            "Container '{}' does not exist",
-            name
+            "Container '{name}' does not exist"
         )));
     }
 

package/src/docker/progress.rs

@@ -48,9 +48,9 @@ fn format_elapsed(duration: Duration) -> String {
     let seconds = total_secs % 60;
 
     if hours > 0 {
-        format!("{:02}:{:02}:{:02}", hours, minutes, seconds)
+        format!("{hours:02}:{minutes:02}:{seconds:02}")
     } else {
-        format!("{:02}:{:02}", minutes, seconds)
+        format!("{minutes:02}:{seconds:02}")
     }
 }
 
@@ -116,8 +116,8 @@ impl ProgressReporter {
         // Format: "[elapsed] Context · message" or "[elapsed] message"
         // Timer at the beginning for easy scanning
         match &self.context {
-            Some(ctx) => format!("[{}] {} · {}", elapsed, ctx, clean_msg),
-            None => format!("[{}] {}", elapsed, clean_msg),
+            Some(ctx) => format!("[{elapsed}] {ctx} · {clean_msg}"),
+            None => format!("[{elapsed}] {clean_msg}"),
         }
     }
 

package/src/docker/update.rs

@@ -0,0 +1,156 @@
+//! Docker image update and rollback operations
+//!
+//! This module provides functionality to update the opencode image to the latest
+//! version and rollback to a previous version if needed.
+
+use super::image::{image_exists, pull_image};
+use super::progress::ProgressReporter;
+use super::{DockerClient, DockerError, IMAGE_NAME_GHCR, IMAGE_TAG_DEFAULT};
+use bollard::image::TagImageOptions;
+use tracing::debug;
+
+/// Tag for the previous image version (used for rollback)
+pub const PREVIOUS_TAG: &str = "previous";
+
+/// Result of an update operation
+#[derive(Debug, Clone, PartialEq)]
+pub enum UpdateResult {
+    /// Update completed successfully
+    Success,
+    /// Already on the latest version
+    AlreadyLatest,
+}
+
+/// Tag the current image as "previous" for rollback support
+///
+/// This allows users to rollback to the version they had before updating.
+/// If the current image doesn't exist, this is silently skipped.
+///
+/// # Arguments
+/// * `client` - Docker client
+pub async fn tag_current_as_previous(client: &DockerClient) -> Result<(), DockerError> {
+    let current_image = format!("{IMAGE_NAME_GHCR}:{IMAGE_TAG_DEFAULT}");
+    let previous_image = format!("{IMAGE_NAME_GHCR}:{PREVIOUS_TAG}");
+
+    debug!(
+        "Tagging current image {} as {}",
+        current_image, previous_image
+    );
+
+    // Check if current image exists
+    if !image_exists(client, IMAGE_NAME_GHCR, IMAGE_TAG_DEFAULT).await? {
+        debug!("Current image not found, skipping backup tag");
+        return Ok(());
+    }
+
+    // Tag current as previous
+    let options = TagImageOptions {
+        repo: IMAGE_NAME_GHCR,
+        tag: PREVIOUS_TAG,
+    };
+
+    client
+        .inner()
+        .tag_image(&current_image, Some(options))
+        .await
+        .map_err(|e| {
+            DockerError::Container(format!("Failed to tag current image as previous: {e}"))
+        })?;
+
+    debug!("Successfully tagged current image as previous");
+    Ok(())
+}
+
+/// Check if a previous image exists for rollback
+///
+/// Returns true if a rollback is possible, false otherwise.
+///
+/// # Arguments
+/// * `client` - Docker client
+pub async fn has_previous_image(client: &DockerClient) -> Result<bool, DockerError> {
+    image_exists(client, IMAGE_NAME_GHCR, PREVIOUS_TAG).await
+}
+
+/// Update the opencode image to the latest version
+///
+/// This operation:
+/// 1. Tags the current image as "previous" for rollback
+/// 2. Pulls the latest image from the registry
+///
+/// Returns UpdateResult indicating success or if already on latest.
+///
+/// # Arguments
+/// * `client` - Docker client
+/// * `progress` - Progress reporter for user feedback
+pub async fn update_image(
+    client: &DockerClient,
+    progress: &mut ProgressReporter,
+) -> Result<UpdateResult, DockerError> {
+    // Step 1: Tag current image as previous for rollback
+    progress.add_spinner("backup", "Backing up current image");
+    tag_current_as_previous(client).await?;
+    progress.finish("backup", "Current image backed up");
+
+    // Step 2: Pull latest image
+    progress.add_spinner("pull", "Pulling latest image");
+    pull_image(client, Some(IMAGE_TAG_DEFAULT), progress).await?;
+    progress.finish("pull", "Latest image pulled");
+
+    Ok(UpdateResult::Success)
+}
+
+/// Rollback to the previous image version
+///
+/// This re-tags the "previous" image as "latest", effectively reverting
+/// to the version that was active before the last update.
+///
+/// Returns an error if no previous image exists.
+///
+/// # Arguments
+/// * `client` - Docker client
+pub async fn rollback_image(client: &DockerClient) -> Result<(), DockerError> {
+    // Check if previous image exists
+    if !has_previous_image(client).await? {
+        return Err(DockerError::Container(
+            "No previous image available for rollback. Update at least once before using rollback."
+                .to_string(),
+        ));
+    }
+
+    let previous_image = format!("{IMAGE_NAME_GHCR}:{PREVIOUS_TAG}");
+    let current_image = format!("{IMAGE_NAME_GHCR}:{IMAGE_TAG_DEFAULT}");
+
+    debug!("Rolling back from {} to {}", current_image, previous_image);
+
+    // Re-tag previous as latest
+    let options = TagImageOptions {
+        repo: IMAGE_NAME_GHCR,
+        tag: IMAGE_TAG_DEFAULT,
+    };
+
+    client
+        .inner()
+        .tag_image(&previous_image, Some(options))
+        .await
+        .map_err(|e| DockerError::Container(format!("Failed to rollback image: {e}")))?;
+
+    debug!("Successfully rolled back to previous image");
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn previous_tag_constant() {
+        assert_eq!(PREVIOUS_TAG, "previous");
+    }
+
+    #[test]
+    fn update_result_variants() {
+        assert_eq!(UpdateResult::Success, UpdateResult::Success);
+        assert_eq!(UpdateResult::AlreadyLatest, UpdateResult::AlreadyLatest);
+        assert_ne!(UpdateResult::Success, UpdateResult::AlreadyLatest);
+    }
+}