huskies: merge 1152 story Set HUSKIES_GATEWAY_URL on every sled container so 1136's relay actually spawns

2026-05-19 17:50:01 +00:00
parent 398726a14a
commit 9a5b6f4d92
4 changed files with 164 additions and 1 deletions
@@ -29,6 +29,9 @@ services:
      - HUSKIES_PORT=3001
      # Bind to all interfaces so Docker port forwarding works.
      - HUSKIES_HOST=0.0.0.0
      # Gateway URL so this sled's relay task forwards CRDT events to the gateway.
      # Uses host.docker.internal so the container can reach the gateway on the host.
      - HUSKIES_GATEWAY_URL=http://host.docker.internal:3000
      # Optional: Matrix bot credentials (if using Matrix integration)
      - MATRIX_HOMESERVER=${MATRIX_HOMESERVER:-}
      - MATRIX_USER=${MATRIX_USER:-}
@@ -756,6 +756,7 @@ async fn handle_adopt_project(
        &git_user_name,
        &git_user_email,
        Some(&credentials_file),
        &resolve_gateway_url(),
    );
    docker_args.push("-v".into());
@@ -1142,6 +1143,7 @@ pub async fn handle_new_project(
        &git_user_name,
        &git_user_email,
        Some(&credentials_file),
        &resolve_gateway_url(),
    );
    // HTTPS push token: passed as env vars consumed by the entrypoint credential helper.
@@ -1330,11 +1332,15 @@ pub async fn build_project_image(
 /// Without this the server defaults to `127.0.0.1` inside the container —
 /// reachable only from within the container itself, not via `docker -p`.
 ///
 /// When `gateway_url` is non-empty, `-e HUSKIES_GATEWAY_URL=<url>` is added so
 /// the sled's relay task connects back to the gateway and forwards CRDT events.
 ///
 /// When `credentials_path` is `Some`, the file is bind-mounted read-only at
 /// `/run/claude-credentials-src` so the container entrypoint can copy it into
 /// `/home/huskies/.claude/.credentials.json` with mode 0600.  Mounting to an
 /// intermediate path (rather than directly to the destination) ensures the
 /// huskies user owns the copy regardless of the host user's UID.
 #[allow(clippy::too_many_arguments)]
 pub(crate) fn project_docker_run_args(
    container_name: &str,
    port: u16,
@@ -1343,6 +1349,7 @@ pub(crate) fn project_docker_run_args(
    git_user_name: &str,
    git_user_email: &str,
    credentials_path: Option<&std::path::Path>,
    gateway_url: &str,
 ) -> Vec<String> {
    let mut args = vec![
        "run".into(),
@@ -1364,6 +1371,10 @@ pub(crate) fn project_docker_run_args(
        "-e".into(),
        format!("GIT_USER_EMAIL={git_user_email}"),
    ];
    if !gateway_url.is_empty() {
        args.push("-e".into());
        args.push(format!("HUSKIES_GATEWAY_URL={gateway_url}"));
    }
    if let Some(creds) = credentials_path {
        args.push("-v".into());
        args.push(format!(
@@ -1374,6 +1385,16 @@ pub(crate) fn project_docker_run_args(
    args
 }
 /// Resolve the gateway URL to inject into project sled containers.
 ///
 /// Reads `HUSKIES_GATEWAY_URL` from the environment first; falls back to
 /// `http://host.docker.internal:3000` so containers launched by the gateway
 /// can always relay events back without explicit configuration.
 pub(crate) fn resolve_gateway_url() -> String {
    std::env::var("HUSKIES_GATEWAY_URL")
        .unwrap_or_else(|_| "http://host.docker.internal:3000".to_string())
 }
 /// Convert a failed `docker run` stderr into an actionable chat message.
 ///
 /// When Docker cannot find the image locally it prints `Unable to find image`.
@@ -1792,8 +1813,8 @@ mod tests {
            "Test User",
            "test@example.com",
            None,
            "http://host.docker.internal:3000",
        );
        // Find "-e" followed by "HUSKIES_HOST=0.0.0.0"
        let pairs: Vec<_> = args.windows(2).collect();
        assert!(
            pairs
@@ -1807,6 +1828,31 @@ mod tests {
                .any(|w| w[0] == "-e" && w[1] == "HUSKIES_PORT=3001"),
            "expected -e HUSKIES_PORT=3001 in docker args, got: {args:?}"
        );
        assert!(
            pairs
                .iter()
                .any(|w| w[0] == "-e"
                    && w[1] == "HUSKIES_GATEWAY_URL=http://host.docker.internal:3000"),
            "expected -e HUSKIES_GATEWAY_URL=http://host.docker.internal:3000 in docker args, got: {args:?}"
        );
    }
    #[test]
    fn project_docker_args_no_gateway_url_when_empty() {
        let args = project_docker_run_args(
            "huskies-myapp",
            3100,
            2200,
            "ssh-ed25519 AAAA...",
            "Test User",
            "test@example.com",
            None,
            "",
        );
        assert!(
            !args.iter().any(|a| a.contains("HUSKIES_GATEWAY_URL")),
            "expected no HUSKIES_GATEWAY_URL when gateway_url is empty, got: {args:?}"
        );
    }
    #[test]
@@ -1820,6 +1866,7 @@ mod tests {
            "Test User",
            "test@example.com",
            Some(creds),
            "",
        );
        let pairs: Vec<_> = args.windows(2).collect();
        assert!(
@@ -1839,6 +1886,7 @@ mod tests {
            "Test User",
            "test@example.com",
            None,
            "",
        );
        assert!(
            !args.iter().any(|a| a.contains("claude-credentials-src")),
@@ -233,6 +233,7 @@ pub async fn handle_project_rebuild(
        &git_user_name,
        &git_user_email,
        creds_opt,
        &super::new_project::resolve_gateway_url(),
    );
    docker_args.push("-v".into());
@@ -365,4 +365,115 @@ mod tests {
            received.event
        );
    }
    /// Extends `relay_end_to_end_stage_transition_reaches_gateway_broadcast` to
    /// cover the full wiring path: `project_docker_run_args` embeds
    /// `HUSKIES_GATEWAY_URL` in the sled's argv; when that URL is used to start
    /// the relay, a transition fired inside the sled reaches the gateway's CRDT
    /// event_log within 1 second.
    #[tokio::test]
    async fn project_docker_run_args_gateway_url_wires_relay() {
        use crate::chat::transport::matrix::new_project::project_docker_run_args;
        use crate::http::gateway::{gateway_event_push_handler, gateway_generate_token_handler};
        use crate::service::gateway::{GatewayConfig, GatewayState, ProjectEntry};
        use poem::EndpointExt as _;
        use poem::listener::TcpAcceptor;
        use std::collections::BTreeMap;
        use std::path::PathBuf;
        use tokio::net::TcpListener;
        crate::crdt_state::init_for_test();
        // Spin up an in-process gateway server on an ephemeral port so we have
        // a real URL to embed in the docker run args.
        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
        let addr = listener.local_addr().unwrap();
        let gateway_url = format!("http://127.0.0.1:{}", addr.port());
        // project_docker_run_args embeds the gateway URL: this is the production
        // code path that sets HUSKIES_GATEWAY_URL on the sled container.
        let docker_args = project_docker_run_args(
            "huskies-sled-relay",
            3200,
            2300,
            "ssh-ed25519 AAAA...",
            "Test User",
            "test@example.com",
            None,
            &gateway_url,
        );
        // Extract the injected URL exactly as the sled would read it from its env.
        let injected_url = docker_args
            .windows(2)
            .find(|w| w[0] == "-e" && w[1].starts_with("HUSKIES_GATEWAY_URL="))
            .map(|w| w[1].trim_start_matches("HUSKIES_GATEWAY_URL=").to_string())
            .expect("project_docker_run_args must inject HUSKIES_GATEWAY_URL");
        assert_eq!(injected_url, gateway_url, "injected URL must match input");
        // Set up gateway state for the relay project.
        let mut projects = BTreeMap::new();
        projects.insert(
            "sled-relay".to_string(),
            ProjectEntry::with_url("http://sled-relay:3001"),
        );
        let config = GatewayConfig {
            projects,
            sled_tokens: BTreeMap::new(),
        };
        let state = Arc::new(GatewayState::new(config, PathBuf::new(), 9001).unwrap());
        let mut gw_rx = state.event_tx.subscribe();
        let route = poem::Route::new()
            .at(
                "/gateway/tokens",
                poem::post(gateway_generate_token_handler),
            )
            .at(
                "/gateway/events/push",
                poem::get(gateway_event_push_handler),
            )
            .data(state.clone());
        tokio::spawn(async move {
            let acceptor = TcpAcceptor::from_tokio(listener).unwrap();
            let _ = poem::Server::new_with_acceptor(acceptor).run(route).await;
        });
        // Spawn the relay using the URL extracted from the docker run args —
        // this simulates what the sled does when it reads HUSKIES_GATEWAY_URL
        // from its container environment.
        let broadcaster = Arc::new(StatusBroadcaster::new());
        spawn_relay_task(
            injected_url,
            "sled-relay".into(),
            Arc::clone(&broadcaster),
            reqwest::Client::new(),
        );
        tokio::time::sleep(std::time::Duration::from_millis(200)).await;
        broadcaster.publish(StatusEvent::StageTransition {
            story_id: "99_docker_args_relay".into(),
            story_name: "Docker Args Relay".into(),
            from_stage: "1_backlog".into(),
            to_stage: "2_current".into(),
        });
        let received = tokio::time::timeout(std::time::Duration::from_secs(1), gw_rx.recv())
            .await
            .expect("timed out: event did not reach gateway within 1 s")
            .expect("gateway broadcast channel closed unexpectedly");
        assert_eq!(received.project, "sled-relay");
        assert!(
            matches!(
                received.event,
                StoredEvent::StageTransition { ref story_id, .. } if story_id == "99_docker_args_relay"
            ),
            "unexpected gateway event: {:?}",
            received.event
        );
    }
 }