@openpalm/lib 0.10.2 → 0.11.0-beta.10

package/src/control-plane/compose-args.test.ts

@@ -6,7 +6,6 @@ import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
 import {
-  COMPOSE_PROJECT_NAME,
   buildComposeOptions,
   buildComposeCliArgs,
 } from "./compose-args.js";
@@ -15,47 +14,42 @@ import type { ControlPlaneState } from "./types.js";
 let tempDir: string;
 
 function makeState(overrides: Partial<ControlPlaneState> = {}): ControlPlaneState {
+  const configDir = join(tempDir, "config");
   return {
-    adminToken: "test",
-    assistantToken: "test",
-    setupToken: "test",
     homeDir: tempDir,
-    configDir: join(tempDir, "config"),
-    vaultDir: join(tempDir, "vault"),
-    dataDir: join(tempDir, "data"),
-    logsDir: join(tempDir, "logs"),
+    configDir,
+    stashDir: join(tempDir, "stash"),
+    workspaceDir: join(tempDir, "workspace"),
     cacheDir: join(tempDir, "cache"),
+    stateDir: join(tempDir, "state"),
+    stackDir: join(configDir, "stack"),
     services: {},
     artifacts: { compose: "" },
     artifactMeta: [],
-    audit: [],
     ...overrides,
   };
 }
 
 function seedCoreCompose(): void {
-  const stackDir = join(tempDir, "stack");
+  const stackDir = join(tempDir, "config", "stack");
   mkdirSync(stackDir, { recursive: true });
   writeFileSync(join(stackDir, "core.compose.yml"), "services: {}");
 }
 
-function seedEnvFiles(files: { stack?: boolean; user?: boolean; guardian?: boolean } = {}): void {
+function seedEnvFiles(files: { stack?: boolean; guardian?: boolean } = {}): void {
+  const stackDir = join(tempDir, "config", "stack");
   if (files.stack) {
-    mkdirSync(join(tempDir, "vault", "stack"), { recursive: true });
-    writeFileSync(join(tempDir, "vault", "stack", "stack.env"), "KEY=val");
-  }
-  if (files.user) {
-    mkdirSync(join(tempDir, "vault", "user"), { recursive: true });
-    writeFileSync(join(tempDir, "vault", "user", "user.env"), "SECRET=val");
+    mkdirSync(stackDir, { recursive: true });
+    writeFileSync(join(stackDir, "stack.env"), "KEY=val");
   }
   if (files.guardian) {
-    mkdirSync(join(tempDir, "vault", "stack"), { recursive: true });
-    writeFileSync(join(tempDir, "vault", "stack", "guardian.env"), "CHANNEL_CHAT_SECRET=abc");
+    mkdirSync(stackDir, { recursive: true });
+    writeFileSync(join(stackDir, "guardian.env"), "CHANNEL_CHAT_SECRET=abc");
   }
 }
 
 function seedAddon(name: string): void {
-  const addonDir = join(tempDir, "stack", "addons", name);
+  const addonDir = join(tempDir, "config", "stack", "addons", name);
   mkdirSync(addonDir, { recursive: true });
   writeFileSync(join(addonDir, "compose.yml"), "services: {}");
 }
@@ -68,14 +62,6 @@ afterEach(() => {
   rmSync(tempDir, { recursive: true, force: true });
 });
 
-// ── COMPOSE_PROJECT_NAME ─────────────────────────────────────────────────
-
-describe("COMPOSE_PROJECT_NAME", () => {
-  it("is 'openpalm'", () => {
-    expect(COMPOSE_PROJECT_NAME).toBe("openpalm");
-  });
-});
-
 // ── buildComposeOptions ──────────────────────────────────────────────────
 
 describe("buildComposeOptions", () => {
@@ -98,13 +84,16 @@ describe("buildComposeOptions", () => {
   });
 
   it("returns env files in correct order", () => {
-    seedEnvFiles({ stack: true, user: true, guardian: true });
+    // Note: vault/user/user.env is no longer a
+    // compose env_file. The runtime env file list is: stack.env, guardian.env.
+    // Even when a legacy user.env is present on disk, it is intentionally
+    // excluded from the compose args.
+    seedEnvFiles({ stack: true, guardian: true });
     const state = makeState();
     const opts = buildComposeOptions(state);
-    expect(opts.envFiles).toHaveLength(3);
+    expect(opts.envFiles).toHaveLength(2);
     expect(opts.envFiles[0]).toContain("stack.env");
-    expect(opts.envFiles[1]).toContain("user.env");
-    expect(opts.envFiles[2]).toContain("guardian.env");
+    expect(opts.envFiles[1]).toContain("guardian.env");
   });
 
   it("excludes missing env files", () => {
@@ -136,8 +125,11 @@ describe("buildComposeCliArgs", () => {
   });
 
   it("includes --env-file flags for env files that exist", () => {
+    // Note: vault/user/user.env is no longer
+    // listed in the compose env_file set. Only stack.env and guardian.env
+    // (when present) are passed via --env-file.
     seedCoreCompose();
-    seedEnvFiles({ stack: true, user: true });
+    seedEnvFiles({ stack: true, guardian: true });
     const state = makeState();
     const args = buildComposeCliArgs(state);
     const envFileIndices = args.reduce<number[]>((acc, arg, i) => {

package/src/control-plane/compose-args.ts

@@ -11,10 +11,6 @@ import { buildComposeFileList } from "./lifecycle.js";
 import { buildEnvFiles } from "./config-persistence.js";
 import { resolveComposeProjectName } from "./docker.js";
 
-// ── Constants ────────────────────────────────────────────────────────────
-
-export const COMPOSE_PROJECT_NAME = "openpalm";
-
 // ── Types ────────────────────────────────────────────────────────────────
 
 export type ComposeOptions = {

package/src/control-plane/compose-errors.test.ts

@@ -0,0 +1,106 @@
+import { describe, expect, it } from "bun:test";
+import {
+  parseComposeStderr,
+  summarizeComposeStderr,
+} from "./compose-errors.js";
+
+describe("parseComposeStderr", () => {
+  it("returns empty for empty input", () => {
+    expect(parseComposeStderr("")).toEqual([]);
+    expect(parseComposeStderr("\n\n")).toEqual([]);
+  });
+
+  it("extracts pull access denied for a single service", () => {
+    const stderr = [
+      " Network openpalm_default  Created",
+      " voice Pulling",
+      " voice Error pull access denied for openpalm/voice, repository does not exist or may require 'docker login'",
+      "Error response from daemon: pull access denied for openpalm/voice, repository does not exist or may require 'docker login': denied: requested access to the resource is denied",
+    ].join("\n");
+
+    const failures = parseComposeStderr(stderr);
+    expect(failures.length).toBeGreaterThanOrEqual(1);
+    expect(failures[0].service).toBe("voice");
+    expect(failures[0].reason).toMatch(/pull access denied/);
+  });
+
+  it("handles spinner / status prefix glyphs", () => {
+    const stderr = " ⠿ voice Error    pull access denied for openpalm/voice";
+    const failures = parseComposeStderr(stderr);
+    expect(failures).toHaveLength(1);
+    expect(failures[0].service).toBe("voice");
+    expect(failures[0].reason).toMatch(/pull access denied/);
+  });
+
+  it("captures quoted Service failed lines", () => {
+    const stderr =
+      'Service "discord" failed to build: failed to solve: process did not complete';
+    const failures = parseComposeStderr(stderr);
+    expect(failures).toHaveLength(1);
+    expect(failures[0].service).toBe("discord");
+    expect(failures[0].reason).toMatch(/failed to solve/);
+  });
+
+  it("deduplicates identical (service, reason) pairs", () => {
+    const stderr = [
+      "voice Error pull access denied for openpalm/voice",
+      "voice Error pull access denied for openpalm/voice",
+    ].join("\n");
+    const failures = parseComposeStderr(stderr);
+    expect(failures).toHaveLength(1);
+  });
+
+  it("returns multiple distinct failures", () => {
+    const stderr = [
+      "voice Error pull access denied for openpalm/voice",
+      "discord Error no such image: openpalm/discord:latest",
+    ].join("\n");
+    const failures = parseComposeStderr(stderr);
+    expect(failures).toHaveLength(2);
+    expect(failures.map((f) => f.service).sort()).toEqual(["discord", "voice"]);
+  });
+
+  it("falls back to image name when only daemon error is present", () => {
+    const stderr =
+      "Error response from daemon: pull access denied for openpalm/voice, repository does not exist";
+    const failures = parseComposeStderr(stderr);
+    expect(failures).toHaveLength(1);
+    expect(failures[0].service).toBe("openpalm/voice");
+    expect(failures[0].reason).toMatch(/pull access denied/);
+  });
+
+  it("ignores non-error noise (Pulling/Created/Started)", () => {
+    const stderr = [
+      " Network openpalm_default  Created",
+      " Container openpalm-guardian-1  Started",
+      " assistant Pulling",
+    ].join("\n");
+    expect(parseComposeStderr(stderr)).toEqual([]);
+  });
+
+  it("does not treat 'Error response from daemon' as a service name", () => {
+    const stderr = "Error response from daemon: something bad happened";
+    // No service-prefixed line, no pull access denied, no quoted service —
+    // parser should NOT invent a service called "Error".
+    expect(parseComposeStderr(stderr)).toEqual([]);
+  });
+});
+
+describe("summarizeComposeStderr", () => {
+  it("returns first non-empty line", () => {
+    expect(summarizeComposeStderr("\n\n  hello world  \nnext line")).toBe(
+      "hello world"
+    );
+  });
+
+  it("truncates long lines", () => {
+    const long = "x".repeat(800);
+    const out = summarizeComposeStderr(long, 100);
+    expect(out.length).toBe(100);
+    expect(out.endsWith("…")).toBe(true);
+  });
+
+  it("returns empty string for empty input", () => {
+    expect(summarizeComposeStderr("")).toBe("");
+  });
+});

package/src/control-plane/compose-errors.ts

@@ -0,0 +1,117 @@
+/**
+ * Parse `docker compose` stderr for per-service failures.
+ *
+ * `docker compose up -d` reports its progress on stderr — one or more
+ * status lines per service, plus a daemon-level "Error response from daemon"
+ * summary. When a single addon service fails to pull or start, the rest of
+ * the stack often comes up fine, so the only signal that anything is wrong
+ * is whatever appears on stderr. This helper extracts the per-service
+ * failure messages so callers can surface them to operators.
+ */
+export type ComposeServiceFailure = {
+  service: string;
+  reason: string;
+};
+
+/**
+ * Lines we recognise as per-service failure indicators. The compose CLI
+ * has rendered these in a few different shapes across versions:
+ *
+ *   "voice Error pull access denied for openpalm/voice ..."
+ *   " ⠿ voice Error    pull access denied for openpalm/voice ..."
+ *   "Service \"voice\" failed to build: ..."
+ *
+ * We also pick up the bare daemon error and attribute it to the service
+ * named in nearby lines when no service-prefixed line is present.
+ */
+const SERVICE_ERROR_RE = /^[\s⠦⠧⠇⠏⠋⠙⠹⠸⠼⠴⠿✔✘×]*\s*([A-Za-z0-9._-]+)\s+(Error|Failed|failed)\s+(.+)$/;
+const SERVICE_FAILED_QUOTED_RE = /Service\s+["']([A-Za-z0-9._-]+)["']\s+failed[^:]*:\s*(.+)$/i;
+const SERVICE_NOT_FOUND_RE = /no such service:\s*([A-Za-z0-9._-]+)/i;
+const PULL_ACCESS_DENIED_RE = /pull access denied for\s+([^\s,]+)/i;
+
+function pushUnique(
+  failures: ComposeServiceFailure[],
+  entry: ComposeServiceFailure
+): void {
+  const trimmed = { service: entry.service.trim(), reason: entry.reason.trim() };
+  if (!trimmed.service || !trimmed.reason) return;
+  const dup = failures.find(
+    (f) => f.service === trimmed.service && f.reason === trimmed.reason
+  );
+  if (!dup) failures.push(trimmed);
+}
+
+/**
+ * Best-effort extraction of failures from compose stderr.
+ *
+ * - Returns one entry per (service, reason) pair, in stderr order.
+ * - Does NOT fabricate service names: if a daemon error appears without
+ *   any nearby service-prefixed line, the caller's intended-services list
+ *   is used by the route, not this parser.
+ */
+export function parseComposeStderr(stderr: string): ComposeServiceFailure[] {
+  const failures: ComposeServiceFailure[] = [];
+  if (!stderr) return failures;
+
+  const lines = stderr.split(/\r?\n/);
+
+  for (const raw of lines) {
+    const line = raw.replace(/\s+$/, "");
+    if (!line.trim()) continue;
+
+    const quoted = SERVICE_FAILED_QUOTED_RE.exec(line);
+    if (quoted) {
+      pushUnique(failures, { service: quoted[1], reason: quoted[2] });
+      continue;
+    }
+
+    const m = SERVICE_ERROR_RE.exec(line);
+    if (m) {
+      // Skip generic prefixes that look like services but aren't
+      // (e.g. "Error response from daemon ..." would match if the parser
+      // is too lenient — the verb word would be the second token).
+      const candidate = m[1];
+      if (candidate.toLowerCase() === "error") continue;
+      pushUnique(failures, { service: candidate, reason: m[3] });
+      continue;
+    }
+
+    const notFound = SERVICE_NOT_FOUND_RE.exec(line);
+    if (notFound) {
+      pushUnique(failures, {
+        service: notFound[1],
+        reason: `no such service: ${notFound[1]}`,
+      });
+      continue;
+    }
+  }
+
+  // If we still found nothing but the stderr clearly mentions a pull
+  // access denied, surface the offending image as the "service" identifier
+  // — better than swallowing the failure entirely.
+  if (failures.length === 0) {
+    const denied = PULL_ACCESS_DENIED_RE.exec(stderr);
+    if (denied) {
+      pushUnique(failures, {
+        service: denied[1],
+        reason: `pull access denied for ${denied[1]}`,
+      });
+    }
+  }
+
+  return failures;
+}
+
+/**
+ * Summarise compose stderr in a single short line, suitable for log
+ * envelopes / API error messages when no per-service parse succeeded.
+ * Returns the first non-empty stderr line, capped.
+ */
+export function summarizeComposeStderr(stderr: string, maxLen = 500): string {
+  if (!stderr) return "";
+  const first = stderr
+    .split(/\r?\n/)
+    .map((l) => l.trim())
+    .find((l) => l.length > 0) ?? "";
+  return first.length > maxLen ? first.slice(0, maxLen - 1) + "…" : first;
+}