hackerrun 0.1.0 → 0.1.6

package/src/lib/gateway-tunnel.ts

@@ -0,0 +1,187 @@
+// Gateway Tunnel Management
+// Shared utility for SSH tunneling through gateway when direct IPv6 is unavailable
+
+import { spawn, ChildProcess } from 'child_process';
+import * as net from 'net';
+
+export interface TunnelInfo {
+  process: ChildProcess;
+  localPort: number;
+  vmIp: string;
+  gatewayIp: string;
+  controlPath?: string;  // SSH ControlMaster socket path
+}
+
+export interface GatewayInfo {
+  ipv4: string;
+  ipv6: string;
+}
+
+/**
+ * Find an available local port
+ */
+export async function findAvailablePort(): Promise<number> {
+  return new Promise((resolve, reject) => {
+    const server = net.createServer();
+    server.listen(0, () => {
+      const addr = server.address();
+      const port = typeof addr === 'object' && addr ? addr.port : 0;
+      server.close(() => resolve(port));
+    });
+    server.on('error', reject);
+  });
+}
+
+/**
+ * Wait for tunnel to be established by testing TCP connectivity
+ */
+export async function waitForTunnel(port: number, timeoutMs: number = 10000): Promise<void> {
+  const startTime = Date.now();
+
+  while (Date.now() - startTime < timeoutMs) {
+    try {
+      await new Promise<void>((resolve, reject) => {
+        const socket = net.createConnection(port, 'localhost', () => {
+          socket.destroy();
+          resolve();
+        });
+        socket.on('error', () => {
+          socket.destroy();
+          reject();
+        });
+        socket.setTimeout(500, () => {
+          socket.destroy();
+          reject();
+        });
+      });
+      return;
+    } catch {
+      await new Promise(r => setTimeout(r, 200));
+    }
+  }
+
+  throw new Error(`Tunnel failed to establish on port ${port}`);
+}
+
+/**
+ * Create an SSH tunnel through the gateway to reach a VM
+ * Returns tunnel info including local port to connect to
+ */
+export async function createTunnel(
+  vmIp: string,
+  gatewayIp: string,
+  options: { timeoutMs?: number } = {}
+): Promise<TunnelInfo> {
+  const { timeoutMs = 15000 } = options;
+
+  // Find an available port
+  const localPort = await findAvailablePort();
+
+  // Start SSH tunnel in background
+  // The SSH agent will provide the certificate for authentication
+  const tunnelProcess = spawn('ssh', [
+    '-N',  // No remote command
+    '-L', `${localPort}:[${vmIp}]:22`,  // Local port forward
+    '-o', 'StrictHostKeyChecking=no',
+    '-o', 'UserKnownHostsFile=/dev/null',
+    '-o', 'LogLevel=ERROR',
+    '-o', 'ExitOnForwardFailure=yes',
+    '-o', 'BatchMode=yes',               // No interactive prompts
+    '-o', 'ServerAliveInterval=5',       // Send keepalive every 5s (more aggressive)
+    '-o', 'ServerAliveCountMax=12',      // Allow 12 missed keepalives (60s) before disconnect
+    '-o', 'TCPKeepAlive=yes',            // Enable TCP keepalive
+    '-o', 'Compression=no',              // Disable compression for stability
+    '-o', 'IPQoS=throughput',            // Optimize for throughput
+    '-o', 'ConnectTimeout=30',           // Connection timeout
+    `root@${gatewayIp}`,
+  ], {
+    detached: true,
+    stdio: ['ignore', 'ignore', 'ignore'],  // Ignore all stdio to prevent buffer issues
+  });
+
+  // Unref so the tunnel doesn't prevent the process from exiting
+  tunnelProcess.unref();
+
+  // Wait for tunnel to be established
+  await waitForTunnel(localPort, timeoutMs);
+
+  return {
+    process: tunnelProcess,
+    localPort,
+    vmIp,
+    gatewayIp,
+  };
+}
+
+/**
+ * Kill a tunnel process
+ */
+export function killTunnel(tunnel: TunnelInfo): void {
+  try {
+    tunnel.process.kill();
+  } catch {
+    // Ignore errors during cleanup
+  }
+}
+
+/**
+ * TunnelManager - Manages multiple tunnels with caching
+ * Use this when you need to maintain tunnels across multiple operations
+ */
+export class TunnelManager {
+  private activeTunnels: Map<string, TunnelInfo> = new Map();
+
+  /**
+   * Get or create a tunnel for a VM
+   * Tunnels are cached by a key (e.g., appName or vmIp)
+   */
+  async ensureTunnel(
+    key: string,
+    vmIp: string,
+    gatewayIp: string,
+    options: { timeoutMs?: number } = {}
+  ): Promise<TunnelInfo> {
+    // Check for existing valid tunnel
+    const existing = this.activeTunnels.get(key);
+    if (existing && !existing.process.killed) {
+      return existing;
+    }
+
+    // Create new tunnel
+    const tunnel = await createTunnel(vmIp, gatewayIp, options);
+    this.activeTunnels.set(key, tunnel);
+    return tunnel;
+  }
+
+  /**
+   * Get an existing tunnel if available
+   */
+  getTunnel(key: string): TunnelInfo | undefined {
+    const tunnel = this.activeTunnels.get(key);
+    if (tunnel && !tunnel.process.killed) {
+      return tunnel;
+    }
+    return undefined;
+  }
+
+  /**
+   * Close a specific tunnel
+   */
+  closeTunnel(key: string): void {
+    const tunnel = this.activeTunnels.get(key);
+    if (tunnel) {
+      killTunnel(tunnel);
+      this.activeTunnels.delete(key);
+    }
+  }
+
+  /**
+   * Close all tunnels
+   */
+  closeAll(): void {
+    for (const tunnel of this.activeTunnels.values()) {
+      killTunnel(tunnel);
+    }
+    this.activeTunnels.clear();
+  }
+}

package/src/lib/platform-client.ts

@@ -21,6 +21,37 @@ export interface AppCluster {
 
 const PLATFORM_API_URL = process.env.HACKERRUN_API_URL || 'http://localhost:3000';
 
+// Default retry configuration
+const DEFAULT_RETRIES = 3;
+const RETRY_DELAY_MS = 2000;
+
+/**
+ * Sleep for a given number of milliseconds
+ */
+function sleep(ms: number): Promise<void> {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+/**
+ * Check if an error is retryable (network errors, timeouts, 5xx errors)
+ */
+function isRetryableError(error: any, status?: number): boolean {
+  // Network errors (fetch failed, connection reset, etc.)
+  if (error?.cause?.code === 'ECONNREFUSED' ||
+      error?.cause?.code === 'ECONNRESET' ||
+      error?.cause?.code === 'ETIMEDOUT' ||
+      error?.message?.includes('fetch failed') ||
+      error?.message?.includes('network') ||
+      error?.message?.includes('ECONNREFUSED')) {
+    return true;
+  }
+  // Server errors (5xx)
+  if (status && status >= 500) {
+    return true;
+  }
+  return false;
+}
+
 export interface CreateVMParams {
   name: string;
   location: string;
@@ -53,55 +84,69 @@ export class PlatformClient {
   private async request<T>(
     method: string,
     path: string,
-    body?: any
+    body?: any,
+    options: { retries?: number; retryDelay?: number; operation?: string } = {}
   ): Promise<T> {
-    const url = `${PLATFORM_API_URL}${path}`;
-    const headers: Record<string, string> = {
-      Authorization: `Bearer ${this.authToken}`,
-      'Content-Type': 'application/json',
-      // FIX STALE CONNECTION: If retry logic below doesn't reliably fix
-      // "SocketError: other side closed" errors, uncomment this line and
-      // remove the retry logic in the catch block below.
-      // 'Connection': 'close',
-    };
-
-    const doFetch = () => fetch(url, {
-      method,
-      headers,
-      body: body ? JSON.stringify(body) : undefined,
-    });
+    const {
+      retries = DEFAULT_RETRIES,
+      retryDelay = RETRY_DELAY_MS,
+      operation = `${method} ${path}`
+    } = options;
 
-    let response: Response;
-    try {
-      response = await doFetch();
-    } catch (error) {
-      // STALE CONNECTION RETRY: Node.js fetch (undici) reuses TCP connections.
-      // After spawnSync operations, connections may become stale (server closed them).
-      // Retry once on UND_ERR_SOCKET errors to establish a fresh connection.
-      // If this doesn't work reliably, use 'Connection: close' header instead.
-      const isSocketError = error instanceof Error &&
-        (error.cause as any)?.code === 'UND_ERR_SOCKET';
-      if (isSocketError) {
-        response = await doFetch();
-      } else {
-        const errMsg = error instanceof Error ? error.message : 'Unknown error';
-        throw new Error(`Failed to connect to platform API (${url}): ${errMsg}`);
-      }
-    }
+    const url = `${PLATFORM_API_URL}${path}`;
+    let lastError: Error | null = null;
 
-    if (!response.ok) {
-      const errorText = await response.text();
-      let errorMessage: string;
+    for (let attempt = 1; attempt <= retries; attempt++) {
       try {
-        const errorJson = JSON.parse(errorText);
-        errorMessage = errorJson.error || response.statusText;
-      } catch {
-        errorMessage = errorText || response.statusText;
+        const response = await fetch(url, {
+          method,
+          headers: {
+            Authorization: `Bearer ${this.authToken}`,
+            'Content-Type': 'application/json',
+          },
+          body: body ? JSON.stringify(body) : undefined,
+        });
+
+        if (!response.ok) {
+          const errorText = await response.text();
+          let errorMessage: string;
+          try {
+            const errorJson = JSON.parse(errorText);
+            errorMessage = errorJson.error || response.statusText;
+          } catch {
+            errorMessage = errorText || response.statusText;
+          }
+
+          const error = new Error(`API error (${response.status}): ${errorMessage}`);
+
+          // Retry on server errors
+          if (isRetryableError(error, response.status) && attempt < retries) {
+            lastError = error;
+            await sleep(retryDelay * attempt); // Exponential backoff
+            continue;
+          }
+
+          throw error;
+        }
+
+        return response.json();
+      } catch (error) {
+        lastError = error as Error;
+
+        // Check if this is a retryable error
+        if (isRetryableError(error) && attempt < retries) {
+          await sleep(retryDelay * attempt); // Exponential backoff
+          continue;
+        }
+
+        // Not retryable or max retries reached
+        const errorMessage = (error as Error).message || 'Unknown error';
+        throw new Error(`${operation} failed: ${errorMessage}`);
       }
-      throw new Error(`API error (${response.status}): ${errorMessage}`);
     }
 
-    return response.json();
+    // Should not reach here, but just in case
+    throw lastError || new Error(`${operation} failed after ${retries} attempts`);
   }
 
   // ==================== App State Management ====================
@@ -119,7 +164,12 @@ export class PlatformClient {
    */
   async getApp(appName: string): Promise<AppCluster | null> {
     try {
-      const { app } = await this.request<{ app: AppCluster }>('GET', `/api/apps/${appName}`);
+      const { app } = await this.request<{ app: AppCluster }>(
+        'GET',
+        `/api/apps/${appName}`,
+        undefined,
+        { operation: `Get app '${appName}'` }
+      );
       return app;
     } catch (error: any) {
       if (error.message.includes('404') || error.message.includes('not found')) {
@@ -134,18 +184,23 @@ export class PlatformClient {
    * Returns the app with auto-generated domainName
    */
   async saveApp(cluster: AppCluster): Promise<AppCluster> {
-    const { app } = await this.request<{ app: AppCluster }>('POST', '/api/apps', {
-      appName: cluster.appName,
-      location: cluster.location,
-      uncloudContext: cluster.uncloudContext,
-      nodes: cluster.nodes.map(node => ({
-        name: node.name,
-        id: node.id,
-        ipv4: node.ipv4,
-        ipv6: node.ipv6,
-        isPrimary: node.isPrimary,
-      })),
-    });
+    const { app } = await this.request<{ app: AppCluster }>(
+      'POST',
+      '/api/apps',
+      {
+        appName: cluster.appName,
+        location: cluster.location,
+        uncloudContext: cluster.uncloudContext,
+        nodes: cluster.nodes.map(node => ({
+          name: node.name,
+          id: node.id,
+          ipv4: node.ipv4,
+          ipv6: node.ipv6,
+          isPrimary: node.isPrimary,
+        })),
+      },
+      { operation: `Save app '${cluster.appName}'` }
+    );
     return app;
   }
 
@@ -155,7 +210,7 @@ export class PlatformClient {
   async updateLastDeployed(appName: string): Promise<void> {
     await this.request('PATCH', `/api/apps/${appName}`, {
       lastDeployedAt: new Date().toISOString(),
-    });
+    }, { operation: `Update last deployed for '${appName}'` });
   }
 
   /**
@@ -182,7 +237,7 @@ export class PlatformClient {
    * Delete an app
    */
   async deleteApp(appName: string): Promise<void> {
-    await this.request('DELETE', `/api/apps/${appName}`);
+    await this.request('DELETE', `/api/apps/${appName}`, undefined, { operation: `Delete app '${appName}'` });
   }
 
   /**
@@ -215,7 +270,7 @@ export class PlatformClient {
    * Create a new VM
    */
   async createVM(params: CreateVMParams): Promise<UbicloudVM> {
-    const { vm } = await this.request<{ vm: UbicloudVM }>('POST', '/api/vms', params);
+    const { vm } = await this.request<{ vm: UbicloudVM }>('POST', '/api/vms', params, { operation: `Create VM '${params.name}'` });
     return vm;
   }
 
@@ -225,7 +280,9 @@ export class PlatformClient {
   async getVM(location: string, vmName: string): Promise<UbicloudVM> {
     const { vm } = await this.request<{ vm: UbicloudVM }>(
       'GET',
-      `/api/vms/${location}/${vmName}`
+      `/api/vms/${location}/${vmName}`,
+      undefined,
+      { operation: `Get VM '${vmName}'` }
     );
     return vm;
   }
@@ -234,7 +291,7 @@ export class PlatformClient {
    * Delete a VM
    */
   async deleteVM(location: string, vmName: string): Promise<void> {
-    await this.request('DELETE', `/api/vms/${location}/${vmName}`);
+    await this.request('DELETE', `/api/vms/${location}/${vmName}`, undefined, { operation: `Delete VM '${vmName}'` });
   }
 
   // ==================== Uncloud Config Management ====================
@@ -292,7 +349,7 @@ export class PlatformClient {
           tunnelId: string;
           location: string;
         };
-      }>('GET', `/api/gateway?location=${encodeURIComponent(location)}`);
+      }>('GET', `/api/gateway?location=${encodeURIComponent(location)}`, undefined, { operation: `Get gateway for '${location}'` });
       return gateway;
     } catch (error: any) {
       if (error.message.includes('404') || error.message.includes('not found')) {
@@ -317,7 +374,7 @@ export class PlatformClient {
       appName,
       backendIpv6,
       backendPort,
-    });
+    }, { operation: `Register route for '${appName}'` });
     return route;
   }
 
@@ -338,7 +395,7 @@ export class PlatformClient {
     const result = await this.request<{
       success: boolean;
       routeCount: number;
-    }>('POST', '/api/gateway/sync', { location });
+    }>('POST', '/api/gateway/sync', { location }, { operation: `Sync gateway routes for '${location}'` });
     return { routeCount: result.routeCount };
   }
 
@@ -354,7 +411,7 @@ export class PlatformClient {
     return this.request<{
       caPublicKey: string;
       platformPublicKey: string;
-    }>('GET', '/api/platform/ssh-keys');
+    }>('GET', '/api/platform/ssh-keys', undefined, { operation: 'Get platform SSH keys' });
   }
 
   /**
@@ -382,7 +439,7 @@ export class PlatformClient {
     return this.request<{
       certificate: string;
       validityMinutes: number;
-    }>('POST', `/api/apps/${appName}/ssh-certificate`, { publicKey });
+    }>('POST', `/api/apps/${appName}/ssh-certificate`, { publicKey }, { operation: `Request SSH certificate for '${appName}'` });
   }
 
   // ==================== VM Setup ====================
@@ -396,7 +453,7 @@ export class PlatformClient {
       vmIp,
       location,
       appName,
-    });
+    }, { operation: `Setup VM for '${appName}'`, retries: 5, retryDelay: 3000 });
   }
 
   // ==================== Environment Variables ====================
@@ -419,10 +476,10 @@ export class PlatformClient {
    * List environment variables (values are masked)
    */
   async listEnvVars(appName: string): Promise<Array<{ key: string; valueLength: number }>> {
-    const { vars } = await this.request<{
-      vars: Array<{ key: string; valueLength: number }>;
+    const { envVars } = await this.request<{
+      envVars: Array<{ key: string; valueLength: number }>;
     }>('GET', `/api/apps/${appName}/env`);
-    return vars;
+    return envVars;
   }
 
   /**
@@ -489,6 +546,14 @@ export class PlatformClient {
     }
   }
 
+  /**
+   * Delete current user's GitHub App installation record
+   * Used when the installation becomes stale/invalid
+   */
+  async deleteGitHubInstallation(): Promise<void> {
+    await this.request('DELETE', '/api/github/installation');
+  }
+
   /**
    * List repositories accessible via GitHub App installation
    */
@@ -634,4 +699,61 @@ export class PlatformClient {
     }>('GET', url);
     return events;
   }
+
+  // ==================== VPN Management ====================
+
+  /**
+   * Register VPN peer with the platform
+   * This is idempotent - if already registered, returns existing config
+   */
+  async registerVPNPeer(publicKey: string, location: string): Promise<{
+    address: string;           // User's assigned IPv6 address
+    gatewayEndpoint: string;   // Gateway WireGuard endpoint (ip:port)
+    gatewayPublicKey: string;  // Gateway's WireGuard public key
+    allowedIPs: string;        // IPs to route through VPN
+  }> {
+    const { vpnConfig } = await this.request<{
+      vpnConfig: {
+        address: string;
+        gatewayEndpoint: string;
+        gatewayPublicKey: string;
+        allowedIPs: string;
+      };
+    }>('POST', '/api/vpn/register', { publicKey, location }, { operation: 'Register VPN peer' });
+    return vpnConfig;
+  }
+
+  /**
+   * Get existing VPN config if registered
+   */
+  async getVPNConfig(location: string): Promise<{
+    address: string;
+    gatewayEndpoint: string;
+    gatewayPublicKey: string;
+    allowedIPs: string;
+  } | null> {
+    try {
+      const { vpnConfig } = await this.request<{
+        vpnConfig: {
+          address: string;
+          gatewayEndpoint: string;
+          gatewayPublicKey: string;
+          allowedIPs: string;
+        } | null;
+      }>('GET', `/api/vpn/config?location=${encodeURIComponent(location)}`);
+      return vpnConfig;
+    } catch (error: any) {
+      if (error.message.includes('404') || error.message.includes('not found')) {
+        return null;
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Unregister VPN peer
+   */
+  async unregisterVPNPeer(): Promise<void> {
+    await this.request('DELETE', '/api/vpn/unregister');
+  }
 }