@openparachute/hub 0.6.2 → 0.6.3-rc.2

package/src/__tests__/expose-cloudflare.test.ts

@@ -15,9 +15,12 @@ import {
   exposeCloudflareOff,
   exposeCloudflareUp,
 } from "../commands/expose-cloudflare.ts";
+import type { ExposeSupervisorOpts } from "../commands/expose-supervisor.ts";
 import { readEnvFileValues } from "../env-file.ts";
 import { readExposeState } from "../expose-state.ts";
 import { writeHubPort } from "../hub-control.ts";
+import type { EnsureHubUnitOpts } from "../hub-unit.ts";
+import { type ModuleOp, ModuleOpHttpError } from "../module-ops-client.ts";
 import type { CommandResult, Runner } from "../tailscale/run.ts";
 
 // Default seeded hub port used by tests with `skipHub: true`. The cloudflared
@@ -283,23 +286,22 @@ describe("exposeCloudflareUp", () => {
     }
   });
 
-  test("persists the public hub origin to vault/.env + restarts vault (Cloudflare 401 fix)", async () => {
+  test("persists the public hub origin to vault/.env + restarts vault via the supervisor (Cloudflare 401 fix)", async () => {
     // The Cloudflare 401 P0: the cloudflare path wrote expose-state.json but —
     // unlike the Tailscale path, which auto-restarts vault and so flows the
-    // public origin into vault/.env via lifecycle's persistVaultHubOrigin —
-    // never touched vault's .env or restarted it. The launchd/systemd daemon
-    // kept booting vault with NO PARACHUTE_HUB_ORIGIN → vault fell back to
-    // loopback as its expected issuer → every hub-minted token (iss=public)
-    // failed the iss check → 401. This asserts the durable .env write + the
-    // running-vault restart that mirrors the Tailscale path.
+    // public origin into vault/.env — never touched vault's .env or restarted
+    // it. The launchd/systemd daemon kept booting vault with NO
+    // PARACHUTE_HUB_ORIGIN → vault fell back to loopback as its expected issuer →
+    // every hub-minted token (iss=public) failed the iss check → 401.
+    //
+    // Phase 5b: the restart goes through the running Supervisor
+    // (`driveModuleOp("vault", "restart")`) — the helper also persists the
+    // durable .env. This asserts the durable .env write + the supervised restart
+    // (no longer a pidfile-gated detached restart; the supervisor decides
+    // liveness, and a not-supervised vault surfaces as a tolerated 404 — see the
+    // Phase 4 dual-dispatch suite).
     const env = makeEnv();
     try {
-      // Seed vault as "running" so the restart branch fires. PID lives at
-      // <configDir>/vault/run/vault.pid (see process-state.ts:pidPath).
-      const vaultRun = join(env.configDir, "vault", "run");
-      require("node:fs").mkdirSync(vaultRun, { recursive: true });
-      writeFileSync(join(vaultRun, "vault.pid"), "99001");
-
       const uuid = "ffffffff-0000-0000-0000-000000000006";
       const { runner } = queueRunner([
         { code: 0, stdout: "cloudflared 2024.1.0\n", stderr: "" },
@@ -312,14 +314,12 @@ describe("exposeCloudflareUp", () => {
         { code: 0, stdout: "", stderr: "" },
       ]);
       const { spawner } = fakeSpawner(42300);
-      const restarted: string[] = [];
+      const sup = makeCfSupervisorStub();
 
       const code = await exposeCloudflareUp("gitcoin-parachute.unforced.dev", {
         runner,
         spawner,
-        // `alive` reports the seeded vault pid as running so processState() ===
-        // "running" and the restart branch executes.
-        alive: (pid) => pid === 99001,
+        alive: () => false,
         kill: () => {},
         log: () => {},
         manifestPath: env.manifestPath,
@@ -330,10 +330,7 @@ describe("exposeCloudflareUp", () => {
         cloudflaredHome: env.cloudflaredHome,
         configDir: env.configDir,
         skipHub: true,
-        restartService: async (short) => {
-          restarted.push(short);
-          return 0;
-        },
+        supervisor: sup.opts,
       });
 
       expect(code).toBe(0);
@@ -342,57 +339,8 @@ describe("exposeCloudflareUp", () => {
       expect(readEnvFileValues(join(env.configDir, "vault", ".env")).PARACHUTE_HUB_ORIGIN).toBe(
         "https://gitcoin-parachute.unforced.dev",
       );
-      // Live half: the running vault is restarted to re-read the new origin.
-      expect(restarted).toEqual(["vault"]);
-    } finally {
-      env.cleanup();
-    }
-  });
-
-  test("persists vault/.env but does NOT restart when vault isn't running", async () => {
-    // No vault pidfile → processState() !== "running" → no restart, but the
-    // durable .env write still happens so the next daemon boot is correct.
-    const env = makeEnv();
-    try {
-      const uuid = "ffffffff-0000-0000-0000-000000000007";
-      const { runner } = queueRunner([
-        { code: 0, stdout: "cloudflared 2024.1.0\n", stderr: "" },
-        { code: 0, stdout: "[]", stderr: "" },
-        {
-          code: 0,
-          stdout: `Tunnel credentials written to ${env.cloudflaredHome}/${uuid}.json.\nCreated tunnel parachute with id ${uuid}\n`,
-          stderr: "",
-        },
-        { code: 0, stdout: "", stderr: "" },
-      ]);
-      const { spawner } = fakeSpawner(42301);
-      const restarted: string[] = [];
-
-      const code = await exposeCloudflareUp("gitcoin-parachute.unforced.dev", {
-        runner,
-        spawner,
-        alive: () => false,
-        kill: () => {},
-        log: () => {},
-        manifestPath: env.manifestPath,
-        statePath: env.statePath,
-        exposeStatePath: env.exposeStatePath,
-        configPath: env.configPath,
-        logPath: env.logPath,
-        cloudflaredHome: env.cloudflaredHome,
-        configDir: env.configDir,
-        skipHub: true,
-        restartService: async (short) => {
-          restarted.push(short);
-          return 0;
-        },
-      });
-
-      expect(code).toBe(0);
-      expect(readEnvFileValues(join(env.configDir, "vault", ".env")).PARACHUTE_HUB_ORIGIN).toBe(
-        "https://gitcoin-parachute.unforced.dev",
-      );
-      expect(restarted).toEqual([]);
+      // Live half: vault is restarted via the supervisor to re-read the new origin.
+      expect(sup.driveCalls).toEqual([{ short: "vault", op: "restart" }]);
     } finally {
       env.cleanup();
     }
@@ -2017,3 +1965,146 @@ describe("reboot-persistent connector service wiring", () => {
     }
   });
 });
+
+// ---------------------------------------------------------------------------
+// Phase 4 dual-dispatch (design §4.3): unit-managed → "ensure the hub" ensures
+// the UNIT (not a detached spawn) and the post-route vault restart drives the
+// running Supervisor over the loopback module-ops API (firing the operator-
+// token self-heal). The cloudflared CONNECTOR unit is unchanged. The no-unit
+// arm keeps today's `persistVaultHubOrigin` + `restartService` behavior.
+// ---------------------------------------------------------------------------
+
+interface CfExposeSupervisorStub {
+  opts: ExposeSupervisorOpts;
+  ensureCalls: number;
+  driveCalls: Array<{ short: string; op: ModuleOp }>;
+  selfHealCalls: Array<{ issuer: string }>;
+}
+
+function makeCfSupervisorStub(opts?: {
+  ensureOutcome?: "already-up" | "started" | "no-manager";
+  driveThrows?: () => unknown;
+}): CfExposeSupervisorStub {
+  const stub: CfExposeSupervisorStub = {
+    ensureCalls: 0,
+    driveCalls: [],
+    selfHealCalls: [],
+    opts: {
+      openDb: () => ({ close() {} }) as unknown as import("bun:sqlite").Database,
+      ensureHubUnit: async (o: EnsureHubUnitOpts) => {
+        stub.ensureCalls++;
+        return { outcome: opts?.ensureOutcome ?? "already-up", port: o.port ?? 1939, messages: [] };
+      },
+      driveModuleOp: async (short, op) => {
+        stub.driveCalls.push({ short, op });
+        if (opts?.driveThrows) throw opts.driveThrows();
+        return { status: 200, body: { short, state: { status: "running" } } };
+      },
+      selfHealOperatorTokenIssuer: async (_db, o) => {
+        stub.selfHealCalls.push({ issuer: o.issuer });
+        return { kind: "fresh" };
+      },
+    },
+  };
+  return stub;
+}
+
+describe("Phase 4 cloudflare expose dual-dispatch — unit-managed", () => {
+  test("unit-managed → ensureHubUnit (not detached) + supervised vault restart + operator-token self-heal", async () => {
+    const env = makeEnv();
+    try {
+      const uuid = "ffffffff-0000-0000-0000-0000000000a4";
+      const { runner } = queueRunner([
+        { code: 0, stdout: "cloudflared 2024.1.0\n", stderr: "" }, // --version
+        { code: 0, stdout: "[]", stderr: "" }, // tunnel list
+        {
+          code: 0,
+          stdout: `Tunnel credentials written to ${env.cloudflaredHome}/${uuid}.json.\nCreated tunnel parachute with id ${uuid}\n`,
+          stderr: "",
+        }, // tunnel create
+        { code: 0, stdout: "", stderr: "" }, // route dns
+      ]);
+      const { spawner } = fakeSpawner(42400);
+      const sup = makeCfSupervisorStub();
+      const logs: string[] = [];
+
+      const code = await exposeCloudflareUp("gitcoin-parachute.unforced.dev", {
+        runner,
+        spawner,
+        alive: () => false,
+        kill: () => {},
+        log: (l) => logs.push(l),
+        manifestPath: env.manifestPath,
+        statePath: env.statePath,
+        exposeStatePath: env.exposeStatePath,
+        configPath: env.configPath,
+        logPath: env.logPath,
+        cloudflaredHome: env.cloudflaredHome,
+        configDir: env.configDir,
+        // No skipHub → the hub-unit ensure runs (via the stub, no real hub).
+        // Inert connector install so the cloudflared connector path is unchanged.
+        installService: () => ({ outcome: "fallback", messages: [] }),
+        supervisor: sup.opts,
+      });
+
+      expect(code).toBe(0);
+      // Ensured the hub UNIT (the stub), never a detached spawn.
+      expect(sup.ensureCalls).toBe(1);
+      // Vault restart drove the running Supervisor.
+      expect(sup.driveCalls).toEqual([{ short: "vault", op: "restart" }]);
+      // Operator-token issuer self-heal fired toward the public origin.
+      expect(sup.selfHealCalls).toHaveLength(1);
+      expect(sup.selfHealCalls[0]?.issuer).toBe("https://gitcoin-parachute.unforced.dev");
+      // Durable .env still written (the helper persists it for vault).
+      expect(readEnvFileValues(join(env.configDir, "vault", ".env")).PARACHUTE_HUB_ORIGIN).toBe(
+        "https://gitcoin-parachute.unforced.dev",
+      );
+      expect(logs.join("\n")).toMatch(/hub unit up/);
+    } finally {
+      env.cleanup();
+    }
+  });
+
+  test("unit-managed: a not_supervised vault (404) is not a failure", async () => {
+    const env = makeEnv();
+    try {
+      const uuid = "ffffffff-0000-0000-0000-0000000000a5";
+      const { runner } = queueRunner([
+        { code: 0, stdout: "cloudflared 2024.1.0\n", stderr: "" },
+        { code: 0, stdout: "[]", stderr: "" },
+        {
+          code: 0,
+          stdout: `Tunnel credentials written to ${env.cloudflaredHome}/${uuid}.json.\nCreated tunnel parachute with id ${uuid}\n`,
+          stderr: "",
+        },
+        { code: 0, stdout: "", stderr: "" },
+      ]);
+      const { spawner } = fakeSpawner(42401);
+      const sup = makeCfSupervisorStub({
+        driveThrows: () => new ModuleOpHttpError(404, "not_supervised", "vault is not supervised"),
+      });
+
+      const code = await exposeCloudflareUp("gitcoin-parachute.unforced.dev", {
+        runner,
+        spawner,
+        alive: () => false,
+        kill: () => {},
+        log: () => {},
+        manifestPath: env.manifestPath,
+        statePath: env.statePath,
+        exposeStatePath: env.exposeStatePath,
+        configPath: env.configPath,
+        logPath: env.logPath,
+        cloudflaredHome: env.cloudflaredHome,
+        configDir: env.configDir,
+        installService: () => ({ outcome: "fallback", messages: [] }),
+        supervisor: sup.opts,
+      });
+
+      expect(code).toBe(0);
+      expect(sup.driveCalls).toEqual([{ short: "vault", op: "restart" }]);
+    } finally {
+      env.cleanup();
+    }
+  });
+});

package/src/__tests__/expose-off-auto.test.ts

@@ -1,5 +1,6 @@
 import { describe, expect, test } from "bun:test";
 import type { CloudflaredState } from "../cloudflare/state.ts";
+import type { ExposeCloudflareOpts } from "../commands/expose-cloudflare.ts";
 import {
   type ExposePublicOffAutoOpts,
   runExposePublicOffAutoDetect,
@@ -50,6 +51,7 @@ interface Harness {
   prompts: string[];
   tailscaleCalls: number;
   cloudflareCalls: number;
+  cloudflareOpts: ExposeCloudflareOpts[];
 }
 
 function makeHarness(
@@ -70,6 +72,7 @@ function makeHarness(
     prompts: [],
     tailscaleCalls: 0,
     cloudflareCalls: 0,
+    cloudflareOpts: [],
   };
   const answers = [...(input.promptAnswers ?? [])];
   let i = 0;
@@ -88,8 +91,9 @@ function makeHarness(
       harness.tailscaleCalls++;
       return input.tsExitCode ?? 0;
     },
-    exposeCloudflareOffImpl: async () => {
+    exposeCloudflareOffImpl: async (cfOpts) => {
       harness.cloudflareCalls++;
+      harness.cloudflareOpts.push(cfOpts);
       return input.cfExitCode ?? 0;
     },
   };
@@ -273,3 +277,24 @@ describe("runExposePublicOffAutoDetect — both live (non-TTY)", () => {
     expect(harness.logs).toContain("(non-TTY: tearing down both.)");
   });
 });
+
+describe("runExposePublicOffAutoDetect — supervisor threading (Phase 4 consistency)", () => {
+  test("cloudflareOffOpts.supervisor reaches the cloudflare teardown leg", async () => {
+    // cli.ts threads `cloudflareOffOpts: { supervisor: {} }` into the
+    // auto-detect off path so the Phase 4 supervisor resolution is consistent
+    // across both providers (matching the explicit `--cloudflare off` branch).
+    // Assert the supervisor block survives the spread-with-tunnelName wrapper
+    // and arrives at the leaf cloudflare-off impl.
+    const { harness, opts } = makeHarness({ cfState: cloudflaredState() });
+    const code = await runExposePublicOffAutoDetect({
+      ...opts,
+      cloudflareOffOpts: { supervisor: {} },
+    });
+    expect(code).toBe(0);
+    expect(harness.cloudflareCalls).toBe(1);
+    expect(harness.cloudflareOpts).toHaveLength(1);
+    expect(harness.cloudflareOpts[0]?.supervisor).toEqual({});
+    // The per-record wrapper still stamps the tunnelName onto the leaf opts.
+    expect(harness.cloudflareOpts[0]?.tunnelName).toBe("vault-tunnel");
+  });
+});