@opencode-cloud/core 1.0.8 → 3.0.15

package/src/docker/mount.rs

@@ -0,0 +1,330 @@
+//! Bind mount parsing and validation for container configuration.
+//!
+//! This module provides functionality to:
+//! - Parse mount strings in Docker format (`/host:/container[:ro|rw]`)
+//! - Validate mount paths (existence, type, permissions)
+//! - Convert parsed mounts to Bollard's Mount type for Docker API
+//! - Warn about potentially dangerous container mount points
+
+use bollard::service::{Mount, MountTypeEnum};
+use std::path::PathBuf;
+use thiserror::Error;
+
+/// Errors that can occur during mount parsing and validation.
+#[derive(Debug, Error)]
+pub enum MountError {
+    /// Mount path is relative, but must be absolute.
+    #[error("Mount paths must be absolute. Use: /full/path/to/dir (got: {0})")]
+    RelativePath(String),
+
+    /// Mount string format is invalid.
+    #[error("Invalid mount format. Expected: /host/path:/container/path[:ro] (got: {0})")]
+    InvalidFormat(String),
+
+    /// Path does not exist or cannot be accessed.
+    #[error("Path not found: {0} ({1})")]
+    PathNotFound(String, String),
+
+    /// Path exists but is not a directory.
+    #[error("Path is not a directory: {0}")]
+    NotADirectory(String),
+
+    /// Permission denied accessing path.
+    #[error("Cannot access path (permission denied): {0}")]
+    PermissionDenied(String),
+}
+
+/// A parsed bind mount specification.
+#[derive(Debug, Clone, PartialEq)]
+pub struct ParsedMount {
+    /// Host path to mount (absolute).
+    pub host_path: PathBuf,
+
+    /// Container path where the host path is mounted.
+    pub container_path: String,
+
+    /// Whether the mount is read-only.
+    pub read_only: bool,
+}
+
+impl ParsedMount {
+    /// Parse a mount string in Docker format.
+    ///
+    /// Format: `/host/path:/container/path[:ro|rw]`
+    ///
+    /// # Arguments
+    /// * `mount_str` - The mount specification string.
+    ///
+    /// # Returns
+    /// * `Ok(ParsedMount)` - Successfully parsed mount.
+    /// * `Err(MountError)` - Parse error.
+    ///
+    /// # Examples
+    /// ```
+    /// use opencode_cloud_core::docker::ParsedMount;
+    ///
+    /// // Read-write mount (default)
+    /// let mount = ParsedMount::parse("/home/user/data:/workspace/data").unwrap();
+    /// assert_eq!(mount.host_path.to_str().unwrap(), "/home/user/data");
+    /// assert_eq!(mount.container_path, "/workspace/data");
+    /// assert!(!mount.read_only);
+    ///
+    /// // Read-only mount
+    /// let mount = ParsedMount::parse("/home/user/config:/etc/app:ro").unwrap();
+    /// assert!(mount.read_only);
+    /// ```
+    pub fn parse(mount_str: &str) -> Result<Self, MountError> {
+        let parts: Vec<&str> = mount_str.split(':').collect();
+
+        match parts.len() {
+            2 => {
+                // /host:/container (default rw)
+                let host_path = PathBuf::from(parts[0]);
+                if !host_path.is_absolute() {
+                    return Err(MountError::RelativePath(parts[0].to_string()));
+                }
+                Ok(Self {
+                    host_path,
+                    container_path: parts[1].to_string(),
+                    read_only: false,
+                })
+            }
+            3 => {
+                // /host:/container:ro or /host:/container:rw
+                let host_path = PathBuf::from(parts[0]);
+                if !host_path.is_absolute() {
+                    return Err(MountError::RelativePath(parts[0].to_string()));
+                }
+                let read_only = match parts[2].to_lowercase().as_str() {
+                    "ro" => true,
+                    "rw" => false,
+                    _ => return Err(MountError::InvalidFormat(mount_str.to_string())),
+                };
+                Ok(Self {
+                    host_path,
+                    container_path: parts[1].to_string(),
+                    read_only,
+                })
+            }
+            _ => Err(MountError::InvalidFormat(mount_str.to_string())),
+        }
+    }
+
+    /// Convert to a Bollard Mount for the Docker API.
+    ///
+    /// Returns a bind mount with the parsed host and container paths.
+    pub fn to_bollard_mount(&self) -> Mount {
+        Mount {
+            target: Some(self.container_path.clone()),
+            source: Some(self.host_path.to_string_lossy().to_string()),
+            typ: Some(MountTypeEnum::BIND),
+            read_only: Some(self.read_only),
+            ..Default::default()
+        }
+    }
+}
+
+/// Validate that a mount host path exists and is accessible.
+///
+/// Checks:
+/// 1. Path is absolute.
+/// 2. Path exists (via canonicalize, which also resolves symlinks).
+/// 3. Path is a directory.
+///
+/// # Arguments
+/// * `path` - The path to validate.
+///
+/// # Returns
+/// * `Ok(PathBuf)` - The canonical (resolved) path.
+/// * `Err(MountError)` - Validation error.
+pub fn validate_mount_path(path: &std::path::Path) -> Result<PathBuf, MountError> {
+    // Check absolute
+    if !path.is_absolute() {
+        return Err(MountError::RelativePath(path.display().to_string()));
+    }
+
+    // Canonicalize (resolves symlinks, checks existence)
+    let canonical = std::fs::canonicalize(path).map_err(|e| {
+        if e.kind() == std::io::ErrorKind::PermissionDenied {
+            MountError::PermissionDenied(path.display().to_string())
+        } else {
+            MountError::PathNotFound(path.display().to_string(), e.to_string())
+        }
+    })?;
+
+    // Check it's a directory
+    let metadata = std::fs::metadata(&canonical).map_err(|e| {
+        if e.kind() == std::io::ErrorKind::PermissionDenied {
+            MountError::PermissionDenied(path.display().to_string())
+        } else {
+            MountError::PathNotFound(path.display().to_string(), e.to_string())
+        }
+    })?;
+
+    if !metadata.is_dir() {
+        return Err(MountError::NotADirectory(path.display().to_string()));
+    }
+
+    Ok(canonical)
+}
+
+/// System paths that should typically not be mounted over.
+const SYSTEM_PATHS: &[&str] = &["/etc", "/usr", "/bin", "/sbin", "/lib", "/var"];
+
+/// Check if mounting to a container path might be dangerous.
+///
+/// Returns a warning message if the container path is a system path,
+/// or `None` if the path appears safe.
+///
+/// # Arguments
+/// * `container_path` - The path inside the container.
+///
+/// # Returns
+/// * `Some(String)` - Warning message about the system path.
+/// * `None` - Path appears safe.
+pub fn check_container_path_warning(container_path: &str) -> Option<String> {
+    for system_path in SYSTEM_PATHS {
+        if container_path == *system_path || container_path.starts_with(&format!("{system_path}/"))
+        {
+            return Some(format!(
+                "Warning: mounting to '{container_path}' may affect container system files"
+            ));
+        }
+    }
+    None
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn parse_valid_mount_rw() {
+        let mount = ParsedMount::parse("/a:/b").unwrap();
+        assert_eq!(mount.host_path, PathBuf::from("/a"));
+        assert_eq!(mount.container_path, "/b");
+        assert!(!mount.read_only);
+    }
+
+    #[test]
+    fn parse_valid_mount_ro() {
+        let mount = ParsedMount::parse("/a:/b:ro").unwrap();
+        assert_eq!(mount.host_path, PathBuf::from("/a"));
+        assert_eq!(mount.container_path, "/b");
+        assert!(mount.read_only);
+    }
+
+    #[test]
+    fn parse_valid_mount_explicit_rw() {
+        let mount = ParsedMount::parse("/a:/b:rw").unwrap();
+        assert_eq!(mount.host_path, PathBuf::from("/a"));
+        assert_eq!(mount.container_path, "/b");
+        assert!(!mount.read_only);
+    }
+
+    #[test]
+    fn parse_valid_mount_ro_uppercase() {
+        let mount = ParsedMount::parse("/a:/b:RO").unwrap();
+        assert!(mount.read_only);
+    }
+
+    #[test]
+    fn parse_invalid_format_single_part() {
+        let result = ParsedMount::parse("invalid");
+        assert!(matches!(result, Err(MountError::InvalidFormat(_))));
+    }
+
+    #[test]
+    fn parse_invalid_format_too_many_parts() {
+        let result = ParsedMount::parse("/a:/b:ro:extra");
+        assert!(matches!(result, Err(MountError::InvalidFormat(_))));
+    }
+
+    #[test]
+    fn parse_invalid_format_bad_mode() {
+        let result = ParsedMount::parse("/a:/b:invalid");
+        assert!(matches!(result, Err(MountError::InvalidFormat(_))));
+    }
+
+    #[test]
+    fn parse_relative_path_rejected() {
+        let result = ParsedMount::parse("./rel:/b");
+        assert!(matches!(result, Err(MountError::RelativePath(_))));
+    }
+
+    #[test]
+    fn parse_relative_path_no_dot_rejected() {
+        let result = ParsedMount::parse("relative/path:/b");
+        assert!(matches!(result, Err(MountError::RelativePath(_))));
+    }
+
+    #[test]
+    fn system_path_warning_etc() {
+        let warning = check_container_path_warning("/etc");
+        assert!(warning.is_some());
+        assert!(warning.unwrap().contains("/etc"));
+    }
+
+    #[test]
+    fn system_path_warning_etc_subdir() {
+        let warning = check_container_path_warning("/etc/passwd");
+        assert!(warning.is_some());
+    }
+
+    #[test]
+    fn system_path_warning_usr() {
+        let warning = check_container_path_warning("/usr");
+        assert!(warning.is_some());
+    }
+
+    #[test]
+    fn system_path_warning_usr_local() {
+        let warning = check_container_path_warning("/usr/local");
+        assert!(warning.is_some());
+    }
+
+    #[test]
+    fn non_system_path_no_warning() {
+        let warning = check_container_path_warning("/workspace/data");
+        assert!(warning.is_none());
+    }
+
+    #[test]
+    fn non_system_path_home_no_warning() {
+        let warning = check_container_path_warning("/home/user/data");
+        assert!(warning.is_none());
+    }
+
+    #[test]
+    fn to_bollard_mount_structure() {
+        let mount = ParsedMount {
+            host_path: PathBuf::from("/host/path"),
+            container_path: "/container/path".to_string(),
+            read_only: true,
+        };
+        let bollard_mount = mount.to_bollard_mount();
+        assert_eq!(bollard_mount.target, Some("/container/path".to_string()));
+        assert_eq!(bollard_mount.source, Some("/host/path".to_string()));
+        assert_eq!(bollard_mount.typ, Some(MountTypeEnum::BIND));
+        assert_eq!(bollard_mount.read_only, Some(true));
+    }
+
+    #[test]
+    fn validate_mount_path_relative_rejected() {
+        let result = validate_mount_path(std::path::Path::new("./relative"));
+        assert!(matches!(result, Err(MountError::RelativePath(_))));
+    }
+
+    #[test]
+    fn validate_mount_path_nonexistent() {
+        let result = validate_mount_path(std::path::Path::new("/nonexistent/path/xyz123"));
+        assert!(matches!(result, Err(MountError::PathNotFound(_, _))));
+    }
+
+    #[test]
+    fn validate_mount_path_existing_directory() {
+        // Use /tmp which should exist on any Unix system
+        let result = validate_mount_path(std::path::Path::new("/tmp"));
+        assert!(result.is_ok());
+    }
+}

package/src/docker/progress.rs

@@ -48,9 +48,9 @@ fn format_elapsed(duration: Duration) -> String {
     let seconds = total_secs % 60;
 
     if hours > 0 {
-        format!("{:02}:{:02}:{:02}", hours, minutes, seconds)
+        format!("{hours:02}:{minutes:02}:{seconds:02}")
     } else {
-        format!("{:02}:{:02}", minutes, seconds)
+        format!("{minutes:02}:{seconds:02}")
     }
 }
 
@@ -116,8 +116,8 @@ impl ProgressReporter {
         // Format: "[elapsed] Context · message" or "[elapsed] message"
         // Timer at the beginning for easy scanning
         match &self.context {
-            Some(ctx) => format!("[{}] {} · {}", elapsed, ctx, clean_msg),
-            None => format!("[{}] {}", elapsed, clean_msg),
+            Some(ctx) => format!("[{elapsed}] {ctx} · {clean_msg}"),
+            None => format!("[{elapsed}] {clean_msg}"),
         }
     }
 

package/src/docker/state.rs

@@ -0,0 +1,120 @@
+//! Image state tracking for provenance information
+//!
+//! Tracks where the current Docker image came from (prebuilt or built)
+//! and which registry it was pulled from.
+
+use chrono::Utc;
+use serde::{Deserialize, Serialize};
+use std::path::PathBuf;
+
+/// Image provenance state
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ImageState {
+    /// Image version (e.g., "1.0.12")
+    pub version: String,
+    /// Source: "prebuilt" or "build"
+    pub source: String,
+    /// Registry if prebuilt: "ghcr.io" or "docker.io", None for build
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub registry: Option<String>,
+    /// When the image was acquired (ISO8601)
+    pub acquired_at: String,
+}
+
+impl ImageState {
+    /// Create a new ImageState for a prebuilt image
+    pub fn prebuilt(version: &str, registry: &str) -> Self {
+        Self {
+            version: version.to_string(),
+            source: "prebuilt".to_string(),
+            registry: Some(registry.to_string()),
+            acquired_at: Utc::now().to_rfc3339(),
+        }
+    }
+
+    /// Create a new ImageState for a locally built image
+    pub fn built(version: &str) -> Self {
+        Self {
+            version: version.to_string(),
+            source: "build".to_string(),
+            registry: None,
+            acquired_at: Utc::now().to_rfc3339(),
+        }
+    }
+}
+
+/// Get the path to the image state file
+pub fn get_state_path() -> Option<PathBuf> {
+    crate::config::paths::get_data_dir().map(|p| p.join("image-state.json"))
+}
+
+/// Save image state to disk
+pub fn save_state(state: &ImageState) -> anyhow::Result<()> {
+    let path = get_state_path().ok_or_else(|| anyhow::anyhow!("Could not determine state path"))?;
+
+    // Ensure parent directory exists
+    if let Some(parent) = path.parent() {
+        std::fs::create_dir_all(parent)?;
+    }
+
+    let json = serde_json::to_string_pretty(state)?;
+    std::fs::write(&path, json)?;
+    Ok(())
+}
+
+/// Load image state from disk
+pub fn load_state() -> Option<ImageState> {
+    let path = get_state_path()?;
+    let content = std::fs::read_to_string(&path).ok()?;
+    serde_json::from_str(&content).ok()
+}
+
+/// Clear image state (e.g., after image removal)
+pub fn clear_state() -> anyhow::Result<()> {
+    if let Some(path) = get_state_path() {
+        if path.exists() {
+            std::fs::remove_file(&path)?;
+        }
+    }
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_image_state_prebuilt() {
+        let state = ImageState::prebuilt("1.0.12", "ghcr.io");
+        assert_eq!(state.version, "1.0.12");
+        assert_eq!(state.source, "prebuilt");
+        assert_eq!(state.registry, Some("ghcr.io".to_string()));
+        assert!(!state.acquired_at.is_empty());
+    }
+
+    #[test]
+    fn test_image_state_built() {
+        let state = ImageState::built("1.0.12");
+        assert_eq!(state.version, "1.0.12");
+        assert_eq!(state.source, "build");
+        assert!(state.registry.is_none());
+    }
+
+    #[test]
+    fn test_image_state_serialize_deserialize() {
+        let state = ImageState::prebuilt("1.0.12", "docker.io");
+        let json = serde_json::to_string(&state).unwrap();
+        let parsed: ImageState = serde_json::from_str(&json).unwrap();
+        assert_eq!(state.version, parsed.version);
+        assert_eq!(state.source, parsed.source);
+        assert_eq!(state.registry, parsed.registry);
+    }
+
+    #[test]
+    fn test_get_state_path() {
+        let path = get_state_path();
+        assert!(path.is_some());
+        let p = path.unwrap();
+        assert!(p.to_string_lossy().contains("image-state.json"));
+    }
+}

package/src/docker/update.rs

@@ -0,0 +1,156 @@
+//! Docker image update and rollback operations
+//!
+//! This module provides functionality to update the opencode image to the latest
+//! version and rollback to a previous version if needed.
+
+use super::image::{image_exists, pull_image};
+use super::progress::ProgressReporter;
+use super::{DockerClient, DockerError, IMAGE_NAME_GHCR, IMAGE_TAG_DEFAULT};
+use bollard::image::TagImageOptions;
+use tracing::debug;
+
+/// Tag for the previous image version (used for rollback)
+pub const PREVIOUS_TAG: &str = "previous";
+
+/// Result of an update operation
+#[derive(Debug, Clone, PartialEq)]
+pub enum UpdateResult {
+    /// Update completed successfully
+    Success,
+    /// Already on the latest version
+    AlreadyLatest,
+}
+
+/// Tag the current image as "previous" for rollback support
+///
+/// This allows users to rollback to the version they had before updating.
+/// If the current image doesn't exist, this is silently skipped.
+///
+/// # Arguments
+/// * `client` - Docker client
+pub async fn tag_current_as_previous(client: &DockerClient) -> Result<(), DockerError> {
+    let current_image = format!("{IMAGE_NAME_GHCR}:{IMAGE_TAG_DEFAULT}");
+    let previous_image = format!("{IMAGE_NAME_GHCR}:{PREVIOUS_TAG}");
+
+    debug!(
+        "Tagging current image {} as {}",
+        current_image, previous_image
+    );
+
+    // Check if current image exists
+    if !image_exists(client, IMAGE_NAME_GHCR, IMAGE_TAG_DEFAULT).await? {
+        debug!("Current image not found, skipping backup tag");
+        return Ok(());
+    }
+
+    // Tag current as previous
+    let options = TagImageOptions {
+        repo: IMAGE_NAME_GHCR,
+        tag: PREVIOUS_TAG,
+    };
+
+    client
+        .inner()
+        .tag_image(&current_image, Some(options))
+        .await
+        .map_err(|e| {
+            DockerError::Container(format!("Failed to tag current image as previous: {e}"))
+        })?;
+
+    debug!("Successfully tagged current image as previous");
+    Ok(())
+}
+
+/// Check if a previous image exists for rollback
+///
+/// Returns true if a rollback is possible, false otherwise.
+///
+/// # Arguments
+/// * `client` - Docker client
+pub async fn has_previous_image(client: &DockerClient) -> Result<bool, DockerError> {
+    image_exists(client, IMAGE_NAME_GHCR, PREVIOUS_TAG).await
+}
+
+/// Update the opencode image to the latest version
+///
+/// This operation:
+/// 1. Tags the current image as "previous" for rollback
+/// 2. Pulls the latest image from the registry
+///
+/// Returns UpdateResult indicating success or if already on latest.
+///
+/// # Arguments
+/// * `client` - Docker client
+/// * `progress` - Progress reporter for user feedback
+pub async fn update_image(
+    client: &DockerClient,
+    progress: &mut ProgressReporter,
+) -> Result<UpdateResult, DockerError> {
+    // Step 1: Tag current image as previous for rollback
+    progress.add_spinner("backup", "Backing up current image");
+    tag_current_as_previous(client).await?;
+    progress.finish("backup", "Current image backed up");
+
+    // Step 2: Pull latest image
+    progress.add_spinner("pull", "Pulling latest image");
+    pull_image(client, Some(IMAGE_TAG_DEFAULT), progress).await?;
+    progress.finish("pull", "Latest image pulled");
+
+    Ok(UpdateResult::Success)
+}
+
+/// Rollback to the previous image version
+///
+/// This re-tags the "previous" image as "latest", effectively reverting
+/// to the version that was active before the last update.
+///
+/// Returns an error if no previous image exists.
+///
+/// # Arguments
+/// * `client` - Docker client
+pub async fn rollback_image(client: &DockerClient) -> Result<(), DockerError> {
+    // Check if previous image exists
+    if !has_previous_image(client).await? {
+        return Err(DockerError::Container(
+            "No previous image available for rollback. Update at least once before using rollback."
+                .to_string(),
+        ));
+    }
+
+    let previous_image = format!("{IMAGE_NAME_GHCR}:{PREVIOUS_TAG}");
+    let current_image = format!("{IMAGE_NAME_GHCR}:{IMAGE_TAG_DEFAULT}");
+
+    debug!("Rolling back from {} to {}", current_image, previous_image);
+
+    // Re-tag previous as latest
+    let options = TagImageOptions {
+        repo: IMAGE_NAME_GHCR,
+        tag: IMAGE_TAG_DEFAULT,
+    };
+
+    client
+        .inner()
+        .tag_image(&previous_image, Some(options))
+        .await
+        .map_err(|e| DockerError::Container(format!("Failed to rollback image: {e}")))?;
+
+    debug!("Successfully rolled back to previous image");
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn previous_tag_constant() {
+        assert_eq!(PREVIOUS_TAG, "previous");
+    }
+
+    #[test]
+    fn update_result_variants() {
+        assert_eq!(UpdateResult::Success, UpdateResult::Success);
+        assert_eq!(UpdateResult::AlreadyLatest, UpdateResult::AlreadyLatest);
+        assert_ne!(UpdateResult::Success, UpdateResult::AlreadyLatest);
+    }
+}