@opencode-cloud/core 1.0.8 → 3.0.15

package/src/host/ssh_config.rs

@@ -0,0 +1,282 @@
+//! SSH config file parsing and writing
+//!
+//! Parses ~/.ssh/config to auto-fill host settings and can write new entries.
+
+use std::fs::{self, File, OpenOptions};
+use std::io::{BufReader, Write};
+use std::path::PathBuf;
+
+use ssh2_config_rs::{ParseRule, SshConfig};
+
+use super::error::HostError;
+
+/// Settings found in user's SSH config for a host
+#[derive(Debug, Clone, Default)]
+pub struct SshConfigMatch {
+    /// User from SSH config
+    pub user: Option<String>,
+    /// Port from SSH config
+    pub port: Option<u16>,
+    /// Identity file path from SSH config
+    pub identity_file: Option<String>,
+    /// ProxyJump (jump host) from SSH config
+    pub proxy_jump: Option<String>,
+    /// Whether any match was found
+    pub matched: bool,
+}
+
+impl SshConfigMatch {
+    /// Check if any useful settings were found
+    pub fn has_settings(&self) -> bool {
+        self.user.is_some()
+            || self.port.is_some()
+            || self.identity_file.is_some()
+            || self.proxy_jump.is_some()
+    }
+
+    /// Format found settings for display
+    pub fn display_settings(&self) -> String {
+        let mut parts = Vec::new();
+
+        if let Some(user) = &self.user {
+            parts.push(format!("User={user}"));
+        }
+        if let Some(port) = self.port {
+            parts.push(format!("Port={port}"));
+        }
+        if let Some(key) = &self.identity_file {
+            parts.push(format!("IdentityFile={key}"));
+        }
+        if let Some(jump) = &self.proxy_jump {
+            parts.push(format!("ProxyJump={jump}"));
+        }
+
+        parts.join(", ")
+    }
+}
+
+/// Get the path to the user's SSH config file
+pub fn get_ssh_config_path() -> Option<PathBuf> {
+    dirs::home_dir().map(|home| home.join(".ssh").join("config"))
+}
+
+/// Parse user's SSH config and query for a hostname
+///
+/// Returns settings found for the given hostname, applying SSH config
+/// precedence rules (first match wins).
+pub fn query_ssh_config(hostname: &str) -> Result<SshConfigMatch, HostError> {
+    let config_path = match get_ssh_config_path() {
+        Some(path) if path.exists() => path,
+        _ => {
+            tracing::debug!("No SSH config file found");
+            return Ok(SshConfigMatch::default());
+        }
+    };
+
+    let file = File::open(&config_path).map_err(|e| {
+        HostError::SshConfigRead(format!("Failed to open {}: {}", config_path.display(), e))
+    })?;
+
+    let mut reader = BufReader::new(file);
+
+    // Use ALLOW_UNKNOWN_FIELDS to be lenient with SSH config options we don't support
+    let config = SshConfig::default()
+        .parse(&mut reader, ParseRule::ALLOW_UNKNOWN_FIELDS)
+        .map_err(|e| HostError::SshConfigRead(format!("Failed to parse SSH config: {e}")))?;
+
+    // Query for the hostname
+    let params = config.query(hostname);
+
+    let mut result = SshConfigMatch {
+        matched: true,
+        ..Default::default()
+    };
+
+    // Extract relevant fields
+    if let Some(user) = params.user {
+        result.user = Some(user);
+    }
+    if let Some(port) = params.port {
+        result.port = Some(port);
+    }
+    if let Some(files) = params.identity_file {
+        // SSH config can have multiple identity files; take the first
+        if let Some(first) = files.first() {
+            result.identity_file = Some(first.to_string_lossy().to_string());
+        }
+    }
+    if let Some(jump) = params.proxy_jump {
+        // SSH config can have multiple jump hosts chained; join them
+        if !jump.is_empty() {
+            result.proxy_jump = Some(jump.join(","));
+        }
+    }
+
+    // Check if we actually found anything useful
+    if !result.has_settings() {
+        result.matched = false;
+    }
+
+    Ok(result)
+}
+
+/// Write a new host entry to the user's SSH config file
+///
+/// Appends a Host block to ~/.ssh/config with the provided settings.
+/// Creates the file and directory if they don't exist.
+pub fn write_ssh_config_entry(
+    alias: &str,
+    hostname: &str,
+    user: Option<&str>,
+    port: Option<u16>,
+    identity_file: Option<&str>,
+    jump_host: Option<&str>,
+) -> Result<PathBuf, HostError> {
+    let config_path = get_ssh_config_path().ok_or_else(|| {
+        HostError::SshConfigWrite("Could not determine home directory".to_string())
+    })?;
+
+    // Ensure .ssh directory exists with proper permissions
+    if let Some(ssh_dir) = config_path.parent() {
+        if !ssh_dir.exists() {
+            fs::create_dir_all(ssh_dir).map_err(|e| {
+                HostError::SshConfigWrite(format!("Failed to create .ssh directory: {e}"))
+            })?;
+
+            // Set directory permissions to 700 on Unix
+            #[cfg(unix)]
+            {
+                use std::os::unix::fs::PermissionsExt;
+                let perms = fs::Permissions::from_mode(0o700);
+                fs::set_permissions(ssh_dir, perms).map_err(|e| {
+                    HostError::SshConfigWrite(format!("Failed to set .ssh permissions: {e}"))
+                })?;
+            }
+        }
+    }
+
+    // Build the config entry
+    let mut entry = String::new();
+    entry.push_str(&format!("\n# Added by opencode-cloud for host '{alias}'\n"));
+    entry.push_str(&format!("Host {alias}\n"));
+    entry.push_str(&format!("    HostName {hostname}\n"));
+
+    if let Some(u) = user {
+        entry.push_str(&format!("    User {u}\n"));
+    }
+    if let Some(p) = port {
+        if p != 22 {
+            entry.push_str(&format!("    Port {p}\n"));
+        }
+    }
+    if let Some(key) = identity_file {
+        entry.push_str(&format!("    IdentityFile {key}\n"));
+    }
+    if let Some(jump) = jump_host {
+        entry.push_str(&format!("    ProxyJump {jump}\n"));
+    }
+
+    // Append to config file (create if doesn't exist)
+    let mut file = OpenOptions::new()
+        .create(true)
+        .append(true)
+        .open(&config_path)
+        .map_err(|e| {
+            HostError::SshConfigWrite(format!("Failed to open {}: {}", config_path.display(), e))
+        })?;
+
+    // Set file permissions to 600 on Unix if we just created it
+    #[cfg(unix)]
+    {
+        use std::os::unix::fs::PermissionsExt;
+        let metadata = file
+            .metadata()
+            .map_err(|e| HostError::SshConfigWrite(format!("Failed to get file metadata: {e}")))?;
+        if metadata.len() == 0 {
+            let perms = fs::Permissions::from_mode(0o600);
+            fs::set_permissions(&config_path, perms).map_err(|e| {
+                HostError::SshConfigWrite(format!("Failed to set config permissions: {e}"))
+            })?;
+        }
+    }
+
+    file.write_all(entry.as_bytes()).map_err(|e| {
+        HostError::SshConfigWrite(format!(
+            "Failed to write to {}: {}",
+            config_path.display(),
+            e
+        ))
+    })?;
+
+    tracing::info!(
+        "Added host '{}' to SSH config at {}",
+        alias,
+        config_path.display()
+    );
+
+    Ok(config_path)
+}
+
+/// Check if a host alias already exists in SSH config
+pub fn host_exists_in_ssh_config(alias: &str) -> bool {
+    let config_path = match get_ssh_config_path() {
+        Some(path) if path.exists() => path,
+        _ => return false,
+    };
+
+    let Ok(file) = File::open(&config_path) else {
+        return false;
+    };
+
+    let mut reader = BufReader::new(file);
+
+    let Ok(config) = SshConfig::default().parse(&mut reader, ParseRule::ALLOW_UNKNOWN_FIELDS)
+    else {
+        return false;
+    };
+
+    // Query returns default params if not found, so we check if hostname is set
+    let params = config.query(alias);
+    params.host_name.is_some()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_ssh_config_match_display() {
+        let m = SshConfigMatch {
+            user: Some("ubuntu".to_string()),
+            port: Some(2222),
+            identity_file: Some("~/.ssh/mykey.pem".to_string()),
+            proxy_jump: None,
+            matched: true,
+        };
+
+        let display = m.display_settings();
+        assert!(display.contains("User=ubuntu"));
+        assert!(display.contains("Port=2222"));
+        assert!(display.contains("IdentityFile=~/.ssh/mykey.pem"));
+    }
+
+    #[test]
+    fn test_ssh_config_match_has_settings() {
+        let empty = SshConfigMatch::default();
+        assert!(!empty.has_settings());
+
+        let with_user = SshConfigMatch {
+            user: Some("test".to_string()),
+            ..Default::default()
+        };
+        assert!(with_user.has_settings());
+    }
+
+    #[test]
+    fn test_get_ssh_config_path() {
+        let path = get_ssh_config_path();
+        assert!(path.is_some());
+        let path = path.unwrap();
+        assert!(path.ends_with(".ssh/config"));
+    }
+}

package/src/host/storage.rs

@@ -0,0 +1,118 @@
+//! Host configuration storage
+//!
+//! Load and save hosts.json file.
+
+use std::fs::{self, File};
+use std::io::{Read, Write};
+
+use super::error::HostError;
+use super::schema::HostsFile;
+use crate::config::paths::get_hosts_path;
+
+/// Load hosts configuration from hosts.json
+///
+/// Returns empty HostsFile if file doesn't exist.
+pub fn load_hosts() -> Result<HostsFile, HostError> {
+    let hosts_path = get_hosts_path()
+        .ok_or_else(|| HostError::LoadFailed("Could not determine hosts file path".to_string()))?;
+
+    if !hosts_path.exists() {
+        tracing::debug!(
+            "Hosts file not found, returning empty: {}",
+            hosts_path.display()
+        );
+        return Ok(HostsFile::new());
+    }
+
+    let mut file = File::open(&hosts_path).map_err(|e| {
+        HostError::LoadFailed(format!("Failed to open {}: {}", hosts_path.display(), e))
+    })?;
+
+    let mut contents = String::new();
+    file.read_to_string(&mut contents).map_err(|e| {
+        HostError::LoadFailed(format!("Failed to read {}: {}", hosts_path.display(), e))
+    })?;
+
+    let hosts: HostsFile = serde_json::from_str(&contents).map_err(|e| {
+        HostError::LoadFailed(format!("Invalid JSON in {}: {}", hosts_path.display(), e))
+    })?;
+
+    tracing::debug!(
+        "Loaded {} hosts from {}",
+        hosts.hosts.len(),
+        hosts_path.display()
+    );
+    Ok(hosts)
+}
+
+/// Save hosts configuration to hosts.json
+///
+/// Creates the config directory if it doesn't exist.
+/// Creates a backup (.bak) if file already exists.
+pub fn save_hosts(hosts: &HostsFile) -> Result<(), HostError> {
+    let hosts_path = get_hosts_path()
+        .ok_or_else(|| HostError::SaveFailed("Could not determine hosts file path".to_string()))?;
+
+    // Ensure config directory exists
+    if let Some(parent) = hosts_path.parent() {
+        if !parent.exists() {
+            fs::create_dir_all(parent)
+                .map_err(|e| HostError::SaveFailed(format!("Failed to create directory: {e}")))?;
+        }
+    }
+
+    // Create backup if file exists
+    if hosts_path.exists() {
+        let backup_path = hosts_path.with_extension("json.bak");
+        fs::copy(&hosts_path, &backup_path)
+            .map_err(|e| HostError::SaveFailed(format!("Failed to create backup: {e}")))?;
+        tracing::debug!("Created hosts backup: {}", backup_path.display());
+    }
+
+    // Serialize with pretty formatting
+    let json = serde_json::to_string_pretty(hosts)
+        .map_err(|e| HostError::SaveFailed(format!("Failed to serialize: {e}")))?;
+
+    // Write to file
+    let mut file = File::create(&hosts_path).map_err(|e| {
+        HostError::SaveFailed(format!("Failed to create {}: {}", hosts_path.display(), e))
+    })?;
+
+    file.write_all(json.as_bytes()).map_err(|e| {
+        HostError::SaveFailed(format!("Failed to write {}: {}", hosts_path.display(), e))
+    })?;
+
+    tracing::debug!(
+        "Saved {} hosts to {}",
+        hosts.hosts.len(),
+        hosts_path.display()
+    );
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::host::schema::HostConfig;
+
+    #[test]
+    fn test_load_nonexistent_returns_empty() {
+        // This test relies on hosts.json not existing in a fresh environment
+        // In CI/testing, we'd mock the path, but for basic test:
+        let result = load_hosts();
+        // Should succeed with empty or existing hosts
+        assert!(result.is_ok());
+    }
+
+    #[test]
+    fn test_serialize_format() {
+        let mut hosts = HostsFile::new();
+        hosts.add_host("test", HostConfig::new("test.example.com"));
+
+        let json = serde_json::to_string_pretty(&hosts).unwrap();
+
+        // Verify it's valid JSON that can be read back
+        let parsed: HostsFile = serde_json::from_str(&json).unwrap();
+        assert!(parsed.has_host("test"));
+    }
+}

package/src/host/tunnel.rs

@@ -0,0 +1,268 @@
+//! SSH tunnel management
+//!
+//! Creates and manages SSH tunnels to remote Docker daemons.
+
+use std::net::TcpListener;
+use std::process::{Child, Command, Stdio};
+use std::time::Duration;
+
+use super::error::HostError;
+use super::schema::HostConfig;
+
+/// SSH tunnel to a remote Docker daemon
+///
+/// The tunnel forwards a local port to the remote Docker socket.
+/// Implements Drop to ensure the SSH process is killed on cleanup.
+pub struct SshTunnel {
+    child: Child,
+    local_port: u16,
+    host_name: String,
+}
+
+impl SshTunnel {
+    /// Create SSH tunnel to remote Docker socket
+    ///
+    /// Spawns an SSH process with local port forwarding:
+    /// `ssh -L local_port:/var/run/docker.sock -N host`
+    ///
+    /// Uses BatchMode=yes to fail fast if key not in agent.
+    pub fn new(host: &HostConfig, host_name: &str) -> Result<Self, HostError> {
+        // Find available local port
+        let local_port = find_available_port()?;
+
+        // Build SSH command
+        let mut cmd = Command::new("ssh");
+
+        // Local port forward: local_port -> remote docker.sock
+        cmd.arg("-L")
+            .arg(format!("{local_port}:/var/run/docker.sock"));
+
+        // No command, just forward
+        cmd.arg("-N");
+
+        // Suppress prompts, fail fast on auth issues
+        cmd.arg("-o").arg("BatchMode=yes");
+
+        // Accept new host keys automatically (first connection)
+        cmd.arg("-o").arg("StrictHostKeyChecking=accept-new");
+
+        // Connection timeout
+        cmd.arg("-o").arg("ConnectTimeout=10");
+
+        // Prevent SSH from reading stdin (fixes issues with background operation)
+        cmd.arg("-o").arg("RequestTTY=no");
+
+        // Jump host support
+        if let Some(jump) = &host.jump_host {
+            cmd.arg("-J").arg(jump);
+        }
+
+        // Identity file
+        if let Some(key) = &host.identity_file {
+            cmd.arg("-i").arg(key);
+        }
+
+        // Custom port
+        if let Some(port) = host.port {
+            cmd.arg("-p").arg(port.to_string());
+        }
+
+        // Target: user@hostname
+        cmd.arg(format!("{}@{}", host.user, host.hostname));
+
+        // Configure stdio
+        cmd.stdin(Stdio::null())
+            .stdout(Stdio::null())
+            .stderr(Stdio::piped());
+
+        tracing::debug!(
+            "Spawning SSH tunnel: ssh -L {}:/var/run/docker.sock {}@{}",
+            local_port,
+            host.user,
+            host.hostname
+        );
+
+        let child = cmd.spawn().map_err(|e| {
+            if e.kind() == std::io::ErrorKind::NotFound {
+                HostError::SshSpawn("SSH not found. Install OpenSSH client.".to_string())
+            } else {
+                HostError::SshSpawn(e.to_string())
+            }
+        })?;
+
+        Ok(Self {
+            child,
+            local_port,
+            host_name: host_name.to_string(),
+        })
+    }
+
+    /// Get the local port for Docker connection
+    pub fn local_port(&self) -> u16 {
+        self.local_port
+    }
+
+    /// Get the Docker connection URL
+    pub fn docker_url(&self) -> String {
+        format!("tcp://127.0.0.1:{}", self.local_port)
+    }
+
+    /// Get the host name this tunnel connects to
+    pub fn host_name(&self) -> &str {
+        &self.host_name
+    }
+
+    /// Wait for tunnel to be ready (port accepting connections)
+    ///
+    /// Retries with exponential backoff: 100ms, 200ms, 400ms (3 attempts)
+    pub async fn wait_ready(&self) -> Result<(), HostError> {
+        let max_attempts = 3;
+        let initial_delay_ms = 100;
+
+        for attempt in 0..max_attempts {
+            if attempt > 0 {
+                let delay = Duration::from_millis(initial_delay_ms * 2u64.pow(attempt));
+                tracing::debug!("Tunnel wait attempt {} after {:?}", attempt + 1, delay);
+                tokio::time::sleep(delay).await;
+            }
+
+            // Try to connect to the local port
+            match std::net::TcpStream::connect_timeout(
+                &format!("127.0.0.1:{}", self.local_port).parse().unwrap(),
+                Duration::from_secs(1),
+            ) {
+                Ok(_) => {
+                    tracing::debug!("SSH tunnel ready on port {}", self.local_port);
+                    return Ok(());
+                }
+                Err(e) => {
+                    tracing::debug!("Tunnel not ready: {}", e);
+                }
+            }
+        }
+
+        Err(HostError::TunnelTimeout(max_attempts))
+    }
+
+    /// Check if the SSH process is still running
+    pub fn is_alive(&mut self) -> bool {
+        matches!(self.child.try_wait(), Ok(None))
+    }
+}
+
+impl Drop for SshTunnel {
+    fn drop(&mut self) {
+        tracing::debug!(
+            "Cleaning up SSH tunnel to {} (port {})",
+            self.host_name,
+            self.local_port
+        );
+        if let Err(e) = self.child.kill() {
+            // Process may have already exited
+            tracing::debug!("SSH tunnel kill result: {}", e);
+        }
+        // Wait to reap the zombie process
+        let _ = self.child.wait();
+    }
+}
+
+/// Find an available local port for the tunnel
+fn find_available_port() -> Result<u16, HostError> {
+    // Bind to port 0 to get OS-assigned port
+    let listener =
+        TcpListener::bind("127.0.0.1:0").map_err(|e| HostError::PortAllocation(e.to_string()))?;
+
+    let port = listener
+        .local_addr()
+        .map_err(|e| HostError::PortAllocation(e.to_string()))?
+        .port();
+
+    // Drop listener to free the port
+    drop(listener);
+
+    Ok(port)
+}
+
+/// Test SSH connection to a host
+///
+/// Runs `ssh user@host docker version` to verify:
+/// 1. SSH connection works
+/// 2. Docker is available on remote
+pub async fn test_connection(host: &HostConfig) -> Result<String, HostError> {
+    let mut cmd = Command::new("ssh");
+
+    // Standard options
+    cmd.arg("-o")
+        .arg("BatchMode=yes")
+        .arg("-o")
+        .arg("ConnectTimeout=10")
+        .arg("-o")
+        .arg("StrictHostKeyChecking=accept-new");
+
+    // Host-specific options (port, identity, jump, user@host)
+    cmd.args(host.ssh_args());
+
+    // Docker version command
+    cmd.arg("docker")
+        .arg("version")
+        .arg("--format")
+        .arg("{{.Server.Version}}");
+
+    cmd.stdin(Stdio::null())
+        .stdout(Stdio::piped())
+        .stderr(Stdio::piped());
+
+    let output = cmd.output().map_err(|e| {
+        if e.kind() == std::io::ErrorKind::NotFound {
+            HostError::SshSpawn("SSH not found. Install OpenSSH client.".to_string())
+        } else {
+            HostError::SshSpawn(e.to_string())
+        }
+    })?;
+
+    if output.status.success() {
+        let version = String::from_utf8_lossy(&output.stdout).trim().to_string();
+        tracing::info!("Docker version on remote: {}", version);
+        Ok(version)
+    } else {
+        let stderr = String::from_utf8_lossy(&output.stderr);
+
+        // Detect authentication failures
+        if stderr.contains("Permission denied") || stderr.contains("Host key verification failed") {
+            return Err(HostError::AuthFailed {
+                key_hint: host.identity_file.clone(),
+            });
+        }
+
+        // Detect Docker not available
+        if stderr.contains("command not found") || stderr.contains("not found") {
+            return Err(HostError::RemoteDockerUnavailable(
+                "Docker is not installed on remote host".to_string(),
+            ));
+        }
+
+        Err(HostError::ConnectionFailed(stderr.to_string()))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_find_available_port() {
+        let port = find_available_port().unwrap();
+        assert!(port > 0);
+
+        // Port should be available (we can bind to it)
+        let listener = TcpListener::bind(format!("127.0.0.1:{port}"));
+        assert!(listener.is_ok());
+    }
+
+    #[test]
+    fn test_docker_url_format() {
+        // We can't easily test tunnel creation without SSH, but we can test the URL format
+        let url = format!("tcp://127.0.0.1:{}", 12345);
+        assert_eq!(url, "tcp://127.0.0.1:12345");
+    }
+}

package/src/lib.rs

@@ -5,6 +5,7 @@
 
 pub mod config;
 pub mod docker;
+pub mod host;
 pub mod platform;
 pub mod singleton;
 pub mod version;
@@ -13,7 +14,7 @@ pub mod version;
 pub use version::{get_version, get_version_long};
 
 // Re-export config types and functions
-pub use config::{Config, load_config, save_config};
+pub use config::{Config, get_hosts_path, load_config, save_config};
 
 // Re-export singleton types
 pub use singleton::{InstanceLock, SingletonError};
@@ -27,6 +28,14 @@ pub use platform::{
     is_service_registration_supported,
 };
 
+// Re-export host types
+pub use host::{
+    DistroFamily, DistroInfo, HostConfig, HostError, HostsFile, SshConfigMatch, SshTunnel,
+    detect_distro, get_docker_install_commands, get_ssh_config_path, host_exists_in_ssh_config,
+    install_docker, load_hosts, query_ssh_config, save_hosts, test_connection,
+    verify_docker_installed, write_ssh_config_entry,
+};
+
 // Re-export bollard to ensure all crates use the same version
 pub use bollard;
 

package/src/platform/launchd.rs

@@ -120,7 +120,7 @@ fn get_user_id() -> Result<u32> {
     uid_str
         .trim()
         .parse()
-        .map_err(|e| anyhow!("Failed to parse UID: {}", e))
+        .map_err(|e| anyhow!("Failed to parse UID: {e}"))
 }
 
 impl ServiceManager for LaunchdManager {