test(shell): cover controller compose preparation

Author: rikohomeless

docker-compose.api.yml

@@ -37,7 +37,7 @@ services:
       - docker_git_projects:${DOCKER_GIT_PROJECTS_ROOT:-/home/dev/.docker-git}
       - docker_git_docker_data:/var/lib/docker
       - /var/run/docker.sock:/var/run/docker.sock
-    privileged: true
+    privileged: ${DOCKER_GIT_CONTROLLER_PRIVILEGED:-false}
     cgroup: host
     init: true
     restart: unless-stopped

docker-compose.yml

@@ -37,7 +37,7 @@ services:
       - docker_git_projects:${DOCKER_GIT_PROJECTS_ROOT:-/home/dev/.docker-git}
       - docker_git_docker_data:/var/lib/docker
       - /var/run/docker.sock:/var/run/docker.sock
-    privileged: true
+    privileged: ${DOCKER_GIT_CONTROLLER_PRIVILEGED:-false}
     cgroup: host
     init: true
     restart: unless-stopped

packages/api/README.md

@@ -11,11 +11,12 @@ This is now the intended controller plane:
 
 ## Runtime contract: host-Docker-backed
 
-`docker-git` is host-Docker-backed, not isolated. The controller container
-created from this package binds the host socket
+`docker-git` is host-Docker-backed by default. The primary controller
+container created from this package binds the host socket
 (`/var/run/docker.sock:/var/run/docker.sock`, see `docker-compose.yml`) and
-uses it to spawn per-project containers. There is no Docker-in-Docker
-runtime; the daemon is always the host's daemon.
+uses it to spawn per-project containers. `DOCKER_GIT_DOCKER_RUNTIME=isolated`
+is an opt-in fallback for environments that explicitly require an embedded
+controller daemon.
 
 The host CLI (`packages/app`) also talks to that same daemon directly when
 it bootstraps the controller. Three failure modes look identical at first
@@ -61,8 +62,9 @@ Optional env:
 
 - `DOCKER_GIT_API_BIND_HOST` (default: `127.0.0.1`)
 - `DOCKER_GIT_API_PORT` (default: `3334`)
-- `DOCKER_GIT_DOCKER_RUNTIME` (default: `host`; set to `isolated` to use an embedded controller daemon)
+- `DOCKER_GIT_DOCKER_RUNTIME` (default: `host`; set to `isolated` as an optional fallback to use an embedded controller daemon)
 - `DOCKER_GIT_CONTROLLER_DOCKER_HOST` (default: `unix:///var/run/docker.sock`; socket path inside the controller)
+- `DOCKER_GIT_CONTROLLER_PRIVILEGED` (default: `false`; set to `true` only when using `DOCKER_GIT_DOCKER_RUNTIME=isolated`)
 - `DOCKER_GIT_DOCKERD_TCP_HOST` (default: `tcp://0.0.0.0:2375`; reachable only inside Docker networks unless explicitly published)
 - `DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE` (default: `host`; keeps nested project containers compatible with cgroup v2 DinD)
 - `DOCKER_GIT_PROJECT_DOCKER_HOST` (default: empty; unset uses host socket in project containers when mounted)

packages/app/src/docker-git/controller-compose.ts

@@ -2,7 +2,7 @@ import type * as CommandExecutor from "@effect/platform/CommandExecutor"
 import type { PlatformError } from "@effect/platform/Error"
 import * as FileSystem from "@effect/platform/FileSystem"
 import * as Path from "@effect/platform/Path"
-import { Effect } from "effect"
+import { Duration, Effect } from "effect"
 
 import { computeLocalControllerRevision, controllerRevisionEnvKey } from "./controller-revision.js"
 import { runCommandWithCapturedOutput } from "./frontend-lib/shell/command-runner.js"
@@ -97,6 +97,7 @@ const skillerSubmoduleCommand = [
   "--checkout",
   skillerSubmodulePath
 ]
+const skillerSubmoduleInitTimeout = Duration.seconds(60)
 
 const formatSkillerSubmoduleFailure = (rootDir: string, exitCode: number, output: string): ControllerBootstrapError =>
   controllerBootstrapError(
@@ -121,6 +122,18 @@ const runSkillerSubmoduleInit = (
     [0],
     (exitCode, output) => formatSkillerSubmoduleFailure(rootDir, exitCode, output)
   ).pipe(
+    Effect.timeoutFail({
+      duration: skillerSubmoduleInitTimeout,
+      onTimeout: () =>
+        controllerBootstrapError(
+          [
+            "Timed out while initializing Skiller submodule before building docker-git controller.",
+            `Command: git ${skillerSubmoduleCommand.join(" ")}`,
+            `Working directory: ${rootDir}`,
+            "Timeout: 60 seconds"
+          ].join("\n")
+        )
+    }),
     Effect.mapError((error): ControllerBootstrapError =>
       error._tag === "ControllerBootstrapError"
         ? error

packages/app/tests/docker-git/controller-compose.test.ts

@@ -0,0 +1,176 @@
+import { NodeContext } from "@effect/platform-node"
+import * as FileSystem from "@effect/platform/FileSystem"
+import * as Path from "@effect/platform/Path"
+import { describe, expect, it } from "@effect/vitest"
+import { Effect } from "effect"
+
+import {
+  controllerBuildSkillerEnvKey,
+  controllerGpuModeEnvKey,
+  ensureSkillerSubmoduleInitialized,
+  prepareControllerRevision
+} from "../../src/docker-git/controller-compose.js"
+import { controllerRevisionEnvKey } from "../../src/docker-git/controller-revision.js"
+import { commandExecutorLayer } from "./fixtures/command-executor.js"
+
+const expectedSkillerSubmoduleCommand =
+  "git submodule update --init --checkout third_party/skiller-desktop-skills-manager"
+const skillerPackageRelativePath = "third_party/skiller-desktop-skills-manager/package.json"
+
+const temporaryControllerRoot = Effect.gen(function*(_) {
+  const fs = yield* _(FileSystem.FileSystem)
+  return yield* _(fs.makeTempDirectoryScoped({ prefix: "docker-git-controller-compose-" }))
+})
+
+const writeRootFile = (
+  rootDir: string,
+  relativePath: string,
+  contents: string
+) =>
+  Effect.all({
+    fs: FileSystem.FileSystem,
+    path: Path.Path
+  }).pipe(
+    Effect.flatMap(({ fs, path }) => {
+      const absolutePath = path.join(rootDir, relativePath)
+      return fs.makeDirectory(path.dirname(absolutePath), { recursive: true }).pipe(
+        Effect.zipRight(fs.writeFileString(absolutePath, contents))
+      )
+    })
+  )
+
+const writeMinimalCompose = (rootDir: string) =>
+  writeRootFile(rootDir, "docker-compose.yml", "services:\n  api:\n    image: docker-git-api\n")
+
+const writeSkillerPackage = (rootDir: string) =>
+  writeRootFile(rootDir, skillerPackageRelativePath, "{\"name\":\"skiller-desktop-skills-manager\"}\n")
+
+const withWorkingDirectory = (nextCwd: string) =>
+  Effect.acquireRelease(
+    Effect.sync(() => {
+      const previousCwd = process.cwd()
+      process.chdir(nextCwd)
+      return previousCwd
+    }),
+    (previousCwd) =>
+      Effect.sync(() => {
+        process.chdir(previousCwd)
+      })
+  )
+
+const setOptionalEnv = (key: string, value: string | undefined): void => {
+  if (value === undefined) {
+    Reflect.deleteProperty(process.env, key)
+    return
+  }
+  process.env[key] = value
+}
+
+const withControllerEnv = (entries: ReadonlyArray<readonly [string, string | undefined]>) =>
+  Effect.acquireRelease(
+    Effect.sync(() => {
+      const previousEntries: Array<readonly [string, string | undefined]> = entries.map(([
+        key
+      ]) => [key, process.env[key]])
+      for (const [key, value] of entries) {
+        setOptionalEnv(key, value)
+      }
+      return previousEntries
+    }),
+    (previousEntries) =>
+      Effect.sync(() => {
+        for (const [key, value] of previousEntries) {
+          setOptionalEnv(key, value)
+        }
+      })
+  )
+
+type PreparedRevision = {
+  readonly persistedRevision: string | undefined
+  readonly revision: string
+}
+
+type PrepareRevisionFixture = {
+  readonly buildSkillerMode: string | undefined
+  readonly includeSkillerPackage: boolean
+}
+
+const prepareRevisionInTemporaryRoot = ({
+  buildSkillerMode,
+  includeSkillerPackage
+}: PrepareRevisionFixture) =>
+  Effect.scoped(
+    Effect.gen(function*(_) {
+      const rootDir = yield* _(temporaryControllerRoot)
+      yield* _(writeMinimalCompose(rootDir))
+      if (includeSkillerPackage) {
+        yield* _(writeSkillerPackage(rootDir))
+      }
+      yield* _(withWorkingDirectory(rootDir))
+      yield* _(
+        withControllerEnv([
+          [controllerBuildSkillerEnvKey, buildSkillerMode],
+          [controllerGpuModeEnvKey, undefined],
+          [controllerRevisionEnvKey, undefined]
+        ])
+      )
+
+      const revision = yield* _(prepareControllerRevision())
+      return { persistedRevision: process.env[controllerRevisionEnvKey], revision }
+    })
+  ).pipe(Effect.provide(NodeContext.layer))
+
+const expectPreparedRevision = (prepared: PreparedRevision, pattern: RegExp): void => {
+  expect(prepared.revision).toMatch(pattern)
+  expect(prepared.persistedRevision).toBe(prepared.revision)
+}
+
+describe("controller compose preparation", () => {
+  it.effect("does not initialize the Skiller submodule when package metadata already exists", () =>
+    Effect.scoped(
+      Effect.gen(function*(_) {
+        const rootDir = yield* _(temporaryControllerRoot)
+        yield* _(writeSkillerPackage(rootDir))
+
+        yield* _(ensureSkillerSubmoduleInitialized(rootDir))
+      })
+    ).pipe(Effect.provide(NodeContext.layer)))
+
+  it.effect("reports a typed failure when submodule initialization cannot provide package metadata", () =>
+    Effect.scoped(
+      Effect.gen(function*(_) {
+        const rootDir = yield* _(temporaryControllerRoot)
+        const startedCommands: Array<string> = []
+
+        const error = yield* _(
+          ensureSkillerSubmoduleInitialized(rootDir).pipe(
+            Effect.provide(commandExecutorLayer((command) => {
+              startedCommands.push([command.command, ...command.args].join(" "))
+              return { exitCode: 128, stderr: "fatal: no submodule mapping found", stdout: "" }
+            })),
+            Effect.provide(NodeContext.layer),
+            Effect.flip
+          )
+        )
+
+        expect(error._tag).toBe("ControllerBootstrapError")
+        expect(error.message).toContain(expectedSkillerSubmoduleCommand)
+        expect(startedCommands).toEqual([expectedSkillerSubmoduleCommand])
+      })
+    ).pipe(Effect.provide(NodeContext.layer)))
+
+  it.effect("prepares and persists host controller revisions for Skiller build modes", () =>
+    Effect.gen(function*(_) {
+      const enabled = yield* _(prepareRevisionInTemporaryRoot({
+        buildSkillerMode: undefined,
+        includeSkillerPackage: true
+      }))
+      const disabled = yield* _(prepareRevisionInTemporaryRoot({
+        buildSkillerMode: "0",
+        includeSkillerPackage: false
+      }))
+
+      expectPreparedRevision(enabled, /^[a-f0-9]{16}-none-skiller1$/u)
+      expectPreparedRevision(disabled, /^[a-f0-9]{16}-none-skiller0$/u)
+    }))
+})

packages/app/tests/docker-git/controller-image-revision.test.ts

@@ -1,28 +1,18 @@
-import * as Command from "@effect/platform/Command"
-import * as CommandExecutor from "@effect/platform/CommandExecutor"
 import * as FileSystem from "@effect/platform/FileSystem"
 import * as Path from "@effect/platform/Path"
 import { describe, expect, it } from "@effect/vitest"
-import { Effect, Either, Layer } from "effect"
-import * as Inspectable from "effect/Inspectable"
-import * as Sink from "effect/Sink"
-import * as Stream from "effect/Stream"
+import { Effect, Either } from "effect"
 import * as fc from "fast-check"
 
 import { inspectControllerImageRevision } from "../../src/docker-git/controller-image-revision.js"
 import type { ControllerBootstrapError } from "../../src/docker-git/host-errors.js"
+import {
+  commandExecutorLayer,
+  emptyCommandResult,
+  type TestCommandHandler,
+  type TestCommandResult
+} from "./fixtures/command-executor.js"
 
-type TestCommandResult = {
-  readonly exitCode: number
-  readonly stderr: string
-  readonly stdout: string
-}
-
-const emptyCommandResult: TestCommandResult = {
-  exitCode: 0,
-  stderr: "",
-  stdout: ""
-}
 const composeImageLineArbitrary = fc
   .string({ minLength: 1 })
   .filter((value) => value.trim().length > 0 && !value.includes("\n") && !value.includes("\r"))
@@ -33,81 +23,6 @@ const nonReusableComposeImagesOutputArbitrary = fc.oneof(
   )
 )
 
-const encodeText = (value: string): Uint8Array => new TextEncoder().encode(value)
-
-const textStream = (value: string) => value.length === 0 ? Stream.empty : Stream.succeed(encodeText(value))
-
-/**
- * Builds a completed process for controller image revision shell tests.
- *
- * @param result - Command result emitted by the fake process.
- * @returns A completed Effect platform process.
- * @pure true
- * @effect none
- * @invariant The process is already stopped and its exit code is deterministic.
- * @precondition `result.stdout` and `result.stderr` are finite strings.
- * @postcondition Consumers observe exactly the provided stdout, stderr, and exit code.
- * @complexity O(n) time and O(n) space where n = |stdout| + |stderr|.
- * @throws Never
- */
-// CHANGE: model Docker CLI process output without touching the host Docker daemon
-// WHY: image revision fallback invariants must be unit-testable without external services
-// QUOTE(ТЗ): "комментарии ребита надо было тоже поддержать"
-// REF: CodeRabbit PR #344 review 4349211730
-// SOURCE: n/a
-// FORMAT THEOREM: process(result).stdout = result.stdout and process(result).exit = result.exitCode
-// PURITY: CORE
-// EFFECT: none
-// INVARIANT: fake process is not running after construction
-// COMPLEXITY: O(n)
-const completedProcess = (result: TestCommandResult): CommandExecutor.Process => ({
-  [CommandExecutor.ProcessTypeId]: CommandExecutor.ProcessTypeId,
-  [Inspectable.NodeInspectSymbol]: () => ({ _tag: "TestProcess" }),
-  exitCode: Effect.succeed(CommandExecutor.ExitCode(result.exitCode)),
-  isRunning: Effect.succeed(false),
-  kill: () => Effect.void,
-  pid: CommandExecutor.ProcessId(0),
-  stderr: textStream(result.stderr),
-  stdin: Sink.drain,
-  stdout: textStream(result.stdout),
-  toJSON: () => ({ _tag: "TestProcess" }),
-  toString: () => "TestProcess"
-})
-
-type TestCommandHandler = (command: Command.StandardCommand) => TestCommandResult
-
-/**
- * Creates a command-executor layer backed by a pure command handler.
- *
- * @param handler - Total handler for standard commands.
- * @returns Layer providing CommandExecutor.
- * @pure true
- * @effect none
- * @invariant Every started command maps to exactly one completed fake process.
- * @precondition The handler is total for all commands issued by the test subject.
- * @postcondition Command effects never reach the real operating system.
- * @complexity O(1) layer construction.
- * @throws Never
- */
-// CHANGE: provide typed Effect dependency injection for Docker command tests
-// WHY: controller image revision inspection is a shell effect and must be tested through its service boundary
-// QUOTE(ТЗ): "комментарии ребита надо было тоже поддержать"
-// REF: CodeRabbit PR #344 review 4349211730
-// SOURCE: n/a
-// FORMAT THEOREM: start(command) = completedProcess(handler(command))
-// PURITY: SHELL
-// EFFECT: Layer<CommandExecutor>
-// INVARIANT: no command escapes the fake executor
-// COMPLEXITY: O(1)
-const commandExecutorLayer = (handler: TestCommandHandler) =>
-  Layer.succeed(
-    CommandExecutor.CommandExecutor,
-    CommandExecutor.makeExecutor((command) => {
-      const standardCommand = Command.flatten(command)[0]
-      return Effect.succeed(completedProcess(handler(standardCommand)))
-    })
-  )
-
 /**
  * Runs image revision inspection with a controlled command handler.
  *