use crate::Error; use chrono::Utc; use pod_store::PodMetadata; use serde::{Deserialize, Serialize}; use serde_json::Value; use sha2::{Digest, Sha256}; use std::{ collections::BTreeSet, fs, path::{Path, PathBuf}, sync::Arc, }; const LOCAL_RUNTIME_ID: &str = "local-pod-runtime"; const LOCAL_HOST_KIND: &str = "local-pod-host"; const MAX_DIAGNOSTICS: usize = 16; const MAX_HOST_SCAN: usize = 256; const MAX_IDENTIFIER_LEN: usize = 120; const ID_DIGEST_HEX_LEN: usize = 16; #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct RuntimeDiagnostic { pub code: String, pub severity: DiagnosticSeverity, pub message: String, } impl RuntimeDiagnostic { pub fn new(code: impl Into, severity: &str, message: impl Into) -> Self { let severity = match severity { "error" => DiagnosticSeverity::Error, "warning" => DiagnosticSeverity::Warning, _ => DiagnosticSeverity::Info, }; diagnostic(code, severity, message) } } #[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)] #[serde(rename_all = "snake_case")] pub enum DiagnosticSeverity { Info, Warning, Error, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct RuntimeCapabilitySummary { pub can_list_hosts: bool, pub can_list_workers: bool, pub can_get_worker: bool, pub can_spawn_worker: bool, pub can_stop_worker: bool, pub can_accept_input: bool, pub can_stream_events: bool, pub can_read_bounded_transcript: bool, pub has_workspace_fs: bool, pub has_shell: bool, pub has_git: bool, pub supports_worktrees: bool, pub supports_backend_internal_tools: bool, pub local_pod_inspection: String, pub workspace_scope: String, pub max_workers: usize, pub os: String, pub arch: String, } pub type HostCapabilitySummary = RuntimeCapabilitySummary; #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct RuntimeSummary { pub runtime_id: String, pub label: String, pub kind: String, pub status: String, pub host_ids: Vec, pub capabilities: RuntimeCapabilitySummary, pub diagnostics: Vec, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct HostSummary { pub runtime_id: String, pub host_id: String, pub label: String, pub kind: String, pub status: String, pub observed_at: String, pub last_seen_at: Option, pub capabilities: HostCapabilitySummary, pub diagnostics: Vec, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerWorkspaceSummary { pub visibility: String, pub identity: String, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerImplementationSummary { pub kind: String, pub display_hint: String, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerCapabilitySummary { pub can_accept_input: bool, pub can_stream_events: bool, pub can_stop: bool, pub can_spawn_followup: bool, pub can_read_bounded_transcript: bool, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerSummary { pub runtime_id: String, pub worker_id: String, pub host_id: String, pub label: String, pub role: Option, pub profile: Option, pub workspace: WorkerWorkspaceSummary, pub state: String, pub status: String, pub last_seen_at: Option, pub implementation: WorkerImplementationSummary, pub capabilities: WorkerCapabilitySummary, pub diagnostics: Vec, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct RuntimeList { pub items: Vec, pub diagnostics: Vec, } impl RuntimeList { fn new(items: Vec, diagnostics: Vec) -> Self { Self { items, diagnostics } } } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerLookupResult { #[serde(skip_serializing_if = "Option::is_none")] pub worker: Option, pub diagnostics: Vec, } /// Browser-safe worker spawn request shape. /// /// The request intentionally carries only workspace policy intents and stable /// worker identifiers. Raw workspace roots, child cwd, executable path, and raw /// profile selectors are resolved by the runtime service and never accepted from /// Workspace API callers. #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerSpawnRequest { pub intent: WorkerSpawnIntent, #[serde(skip_serializing_if = "Option::is_none")] pub requested_worker_name: Option, pub acceptance: WorkerSpawnAcceptanceRequirement, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] #[serde(tag = "kind", rename_all = "snake_case")] pub enum WorkerSpawnIntent { WorkspaceCompanion, WorkspaceOrchestrator, TicketRole { ticket_id: String, role: TicketWorkerRole, }, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] #[serde(rename_all = "snake_case")] pub enum TicketWorkerRole { Intake, Orchestrator, Coder, Reviewer, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] #[serde(tag = "kind", rename_all = "snake_case")] pub enum WorkerSpawnAcceptanceRequirement { SocketReady, RunAccepted { expected_segments: usize }, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerSpawnResult { pub state: WorkerOperationState, #[serde(skip_serializing_if = "Option::is_none")] pub worker: Option, pub acceptance_evidence: Vec, pub diagnostics: Vec, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] #[serde(rename_all = "snake_case")] pub enum WorkerOperationState { Accepted, Unsupported, Rejected, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerSpawnAcceptanceEvidence { pub kind: String, pub detail: String, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerStopRequest { pub worker_id: String, pub mode: WorkerStopMode, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] #[serde(rename_all = "snake_case")] pub enum WorkerStopMode { Graceful, Force, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerStopResult { pub state: WorkerOperationState, pub diagnostics: Vec, } #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)] pub struct WorkerProxyConnectPoint { pub kind: String, pub status: String, pub diagnostics: Vec, } #[derive(Debug, Clone, PartialEq, Eq)] pub enum RuntimeRegistryError { InvalidIdentifier { kind: &'static str, value: String }, UnknownHost(String), UnknownWorker(String), } impl RuntimeRegistryError { pub fn into_error(self) -> Error { match self { Self::InvalidIdentifier { kind, value } => Error::InvalidRuntimeIdentifier { kind: kind.to_string(), value, }, Self::UnknownHost(host_id) => Error::UnknownHost(host_id), Self::UnknownWorker(worker_id) => Error::UnknownWorker(worker_id), } } } pub trait WorkspaceWorkerRuntime: Send + Sync { fn runtime_id(&self) -> &str; fn runtime_summary(&self, limit: usize) -> RuntimeSummary; fn list_hosts(&self, limit: usize) -> RuntimeList; fn list_workers(&self, limit: usize) -> RuntimeList; fn worker(&self, worker_id: &str) -> WorkerLookupResult; fn spawn_worker(&self, request: WorkerSpawnRequest) -> WorkerSpawnResult { WorkerSpawnResult { state: WorkerOperationState::Unsupported, worker: None, acceptance_evidence: Vec::new(), diagnostics: vec![diagnostic( "worker_spawn_resolver_pending", DiagnosticSeverity::Info, format!( "worker spawn intent '{}' was accepted as a typed request shape, but launch resolution is not implemented by this registry surface", worker_spawn_intent_label(&request.intent) ), )], } } fn stop_worker(&self, request: WorkerStopRequest) -> WorkerStopResult { WorkerStopResult { state: WorkerOperationState::Unsupported, diagnostics: vec![diagnostic( "worker_stop_pending", DiagnosticSeverity::Info, format!( "worker stop for '{}' is reserved for the runtime service boundary and is not implemented by this registry surface", request.worker_id ), )], } } fn proxy_connect_points(&self, worker_id: &str) -> Vec { vec![WorkerProxyConnectPoint { kind: "stream_proxy".to_string(), status: "not_implemented".to_string(), diagnostics: vec![diagnostic( "worker_proxy_pending", DiagnosticSeverity::Info, format!( "worker proxy connect points for '{}' are not implemented by this overview-only registry surface", worker_id ), )], }] } } #[derive(Clone)] pub struct WorkerRuntimeRegistry { runtimes: Vec>, } impl WorkerRuntimeRegistry { pub fn new(runtimes: Vec>) -> Self { Self { runtimes } } pub fn for_local_pods(runtime: LocalPodRuntime) -> Self { Self::new(vec![Arc::new(runtime)]) } pub fn list_runtimes(&self, limit: usize) -> RuntimeList { let mut diagnostics = Vec::new(); let mut items = Vec::new(); for runtime in self.runtimes.iter().take(limit) { let summary = runtime.runtime_summary(limit); diagnostics.extend(summary.diagnostics.iter().cloned()); items.push(summary); } diagnostics.truncate(MAX_DIAGNOSTICS); RuntimeList::new(items, diagnostics) } pub fn list_hosts(&self, limit: usize) -> RuntimeList { let mut items = Vec::new(); let mut diagnostics = Vec::new(); for runtime in &self.runtimes { if items.len() >= limit { break; } let mut list = runtime.list_hosts(limit.saturating_sub(items.len())); diagnostics.append(&mut list.diagnostics); items.append(&mut list.items); } diagnostics.truncate(MAX_DIAGNOSTICS); RuntimeList::new(items, diagnostics) } pub fn list_workers(&self, limit: usize) -> RuntimeList { let mut items = Vec::new(); let mut diagnostics = Vec::new(); for runtime in &self.runtimes { if items.len() >= limit { break; } let mut list = runtime.list_workers(limit.saturating_sub(items.len())); diagnostics.append(&mut list.diagnostics); items.append(&mut list.items); } diagnostics.truncate(MAX_DIAGNOSTICS); RuntimeList::new(items, diagnostics) } pub fn list_workers_for_host( &self, host_id: &str, limit: usize, ) -> Result, RuntimeRegistryError> { validate_backend_identifier("host_id", host_id)?; let mut host_found = false; let mut diagnostics = Vec::new(); let mut items = Vec::new(); for runtime in &self.runtimes { let host_list = runtime.list_hosts(MAX_HOST_SCAN); diagnostics.extend(host_list.diagnostics); if !host_list.items.iter().any(|host| host.host_id == host_id) { continue; } host_found = true; let worker_list = runtime.list_workers(limit); diagnostics.extend(worker_list.diagnostics); items.extend( worker_list .items .into_iter() .filter(|worker| worker.host_id == host_id) .take(limit.saturating_sub(items.len())), ); if items.len() >= limit { break; } } diagnostics.truncate(MAX_DIAGNOSTICS); if host_found { Ok(RuntimeList::new(items, diagnostics)) } else { Err(RuntimeRegistryError::UnknownHost(host_id.to_string())) } } pub fn worker(&self, worker_id: &str) -> Result { validate_backend_identifier("worker_id", worker_id)?; for runtime in &self.runtimes { let lookup = runtime.worker(worker_id); if let Some(worker) = lookup.worker { return Ok(worker); } } Err(RuntimeRegistryError::UnknownWorker(worker_id.to_string())) } } #[derive(Clone)] pub struct LocalPodRuntime { runtime_id: String, host_id: String, workspace_root: PathBuf, data_dir: Option, } pub type LocalRuntimeBridge = LocalPodRuntime; impl LocalPodRuntime { pub fn new( workspace_id: impl AsRef, workspace_root: impl Into, data_dir: Option, ) -> Self { Self { runtime_id: LOCAL_RUNTIME_ID.to_string(), host_id: host_id_for_workspace(workspace_id.as_ref()), workspace_root: workspace_root.into(), data_dir, } } fn pod_root(&self) -> Option { self.data_dir.as_ref().map(|dir| dir.join("pods")) } fn pod_names(&self, pod_root: &Path) -> Result, RuntimeDiagnostic> { let entries = fs::read_dir(pod_root).map_err(|err| { diagnostic( "local_pod_registry_unreadable", DiagnosticSeverity::Warning, format!("local Pod registry could not be read: {err}"), ) })?; let mut pod_names = BTreeSet::new(); for entry in entries.flatten() { let Ok(file_type) = entry.file_type() else { continue; }; if !file_type.is_dir() { continue; } let Some(name) = entry.file_name().to_str().map(|name| name.to_string()) else { continue; }; pod_names.insert(name); } Ok(pod_names) } fn read_worker(&self, pod_root: &Path, pod_name: &str) -> WorkerReadOutcome { let metadata_path = pod_root.join(pod_name).join("metadata.json"); let data = match fs::read_to_string(metadata_path) { Ok(data) => data, Err(err) => { return WorkerReadOutcome::Diagnostic(diagnostic( "local_pod_metadata_unreadable", DiagnosticSeverity::Warning, format!("local Pod metadata could not be read: {err}"), )); } }; let metadata: PodMetadata = match serde_json::from_str(&data) { Ok(metadata) => metadata, Err(err) => { return WorkerReadOutcome::Diagnostic(diagnostic( "local_pod_metadata_invalid", DiagnosticSeverity::Warning, format!("local Pod metadata could not be parsed: {err}"), )); } }; let Some(metadata_workspace_root) = metadata.workspace_root.as_ref() else { return WorkerReadOutcome::Diagnostic(diagnostic( "local_pod_workspace_root_missing", DiagnosticSeverity::Warning, "local Pod metadata did not include a workspace identity and was not included" .to_string(), )); }; if !same_workspace_root(metadata_workspace_root, &self.workspace_root) { return WorkerReadOutcome::Diagnostic(diagnostic( "local_pod_workspace_not_visible", DiagnosticSeverity::Info, "local Pod metadata belongs to another workspace and was not included".to_string(), )); } let label = safe_display_hint(&metadata.pod_name); let role = manifest_hint_string(&metadata.resolved_manifest_snapshot, "role"); let profile = manifest_hint_string(&metadata.resolved_manifest_snapshot, "profile_selector"); let worker_id = worker_id_for_pod(pod_name); let status = match metadata .active .as_ref() .and_then(|active| active.segment_id.as_ref()) { Some(_) => "active:segment".to_string(), None if metadata.active.is_some() => "active:pending_segment".to_string(), None => "metadata_only".to_string(), }; let state = if metadata.active.is_some() { "active".to_string() } else { "metadata_only".to_string() }; let last_seen_at = None; WorkerReadOutcome::Worker(WorkerSummary { runtime_id: self.runtime_id.clone(), worker_id, host_id: self.host_id.clone(), label, role, profile, workspace: WorkerWorkspaceSummary { visibility: "current_workspace".to_string(), identity: "runtime_workspace".to_string(), }, state, status, last_seen_at, implementation: WorkerImplementationSummary { kind: "local_pod".to_string(), display_hint: safe_display_hint(pod_name), }, capabilities: WorkerCapabilitySummary { can_accept_input: true, can_stream_events: false, can_stop: false, can_spawn_followup: false, can_read_bounded_transcript: false, }, diagnostics: vec![diagnostic( "worker_actions_not_implemented", DiagnosticSeverity::Info, "runtime overview is available; worker control and stream/proxy operations are not yet implemented" .to_string(), )], }) } } impl WorkspaceWorkerRuntime for LocalPodRuntime { fn runtime_id(&self) -> &str { &self.runtime_id } fn runtime_summary(&self, limit: usize) -> RuntimeSummary { let host_list = self.list_hosts(1); RuntimeSummary { runtime_id: self.runtime_id.clone(), label: "Local Pod runtime".to_string(), kind: "local_pod".to_string(), status: "available".to_string(), host_ids: host_list .items .iter() .take(limit) .map(|host| host.host_id.clone()) .collect(), capabilities: local_runtime_capabilities(limit, self.pod_root().is_some()), diagnostics: host_list.diagnostics, } } fn list_hosts(&self, limit: usize) -> RuntimeList { if limit == 0 { return RuntimeList::new(Vec::new(), Vec::new()); } let mut diagnostics = Vec::new(); let inspection_available = self.pod_root().is_some(); if !inspection_available { diagnostics.push(diagnostic( "local_pod_registry_unavailable", DiagnosticSeverity::Warning, "local Pod data directory is not configured; worker discovery is unavailable" .to_string(), )); } let item = HostSummary { runtime_id: self.runtime_id.clone(), host_id: self.host_id.clone(), label: label_for_workspace(&self.workspace_root), kind: LOCAL_HOST_KIND.to_string(), status: if inspection_available { "available" } else { "degraded" } .to_string(), observed_at: Utc::now().to_rfc3339(), last_seen_at: None, capabilities: local_runtime_capabilities(limit, inspection_available), diagnostics: diagnostics.clone(), }; RuntimeList::new(vec![item], diagnostics) } fn list_workers(&self, limit: usize) -> RuntimeList { let Some(pod_root) = self.pod_root() else { return RuntimeList::new( Vec::new(), vec![diagnostic( "local_pod_registry_unavailable", DiagnosticSeverity::Warning, "local Pod data directory is not configured; worker discovery is unavailable" .to_string(), )], ); }; if limit == 0 { return RuntimeList::new(Vec::new(), Vec::new()); } let mut workers = Vec::new(); let mut diagnostics = Vec::new(); let pod_names = match self.pod_names(&pod_root) { Ok(pod_names) => pod_names, Err(diag) => return RuntimeList::new(Vec::new(), vec![diag]), }; for pod_name in pod_names { if workers.len() >= limit { break; } match self.read_worker(&pod_root, &pod_name) { WorkerReadOutcome::Worker(worker) => workers.push(worker), WorkerReadOutcome::Diagnostic(diag) => { if diagnostics.len() < MAX_DIAGNOSTICS { diagnostics.push(diag); } } } } RuntimeList::new(workers, diagnostics) } fn worker(&self, worker_id: &str) -> WorkerLookupResult { let Some(pod_root) = self.pod_root() else { return WorkerLookupResult { worker: None, diagnostics: vec![diagnostic( "local_pod_registry_unavailable", DiagnosticSeverity::Warning, "local Pod data directory is not configured; worker discovery is unavailable" .to_string(), )], }; }; let pod_names = match self.pod_names(&pod_root) { Ok(pod_names) => pod_names, Err(diag) => { return WorkerLookupResult { worker: None, diagnostics: vec![diag], }; } }; for pod_name in pod_names { if worker_id_for_pod(&pod_name) != worker_id { continue; } return match self.read_worker(&pod_root, &pod_name) { WorkerReadOutcome::Worker(worker) => WorkerLookupResult { worker: Some(worker), diagnostics: Vec::new(), }, WorkerReadOutcome::Diagnostic(diag) => WorkerLookupResult { worker: None, diagnostics: vec![diag], }, }; } WorkerLookupResult { worker: None, diagnostics: Vec::new(), } } } enum WorkerReadOutcome { Worker(WorkerSummary), Diagnostic(RuntimeDiagnostic), } fn local_runtime_capabilities( limit: usize, inspection_available: bool, ) -> RuntimeCapabilitySummary { RuntimeCapabilitySummary { can_list_hosts: true, can_list_workers: inspection_available, can_get_worker: inspection_available, can_spawn_worker: false, can_stop_worker: false, can_accept_input: false, can_stream_events: false, can_read_bounded_transcript: false, has_workspace_fs: false, has_shell: false, has_git: false, supports_worktrees: false, supports_backend_internal_tools: false, local_pod_inspection: if inspection_available { "available" } else { "unavailable" } .to_string(), workspace_scope: "current_workspace".to_string(), max_workers: limit, os: std::env::consts::OS.to_string(), arch: std::env::consts::ARCH.to_string(), } } fn diagnostic( code: impl Into, severity: DiagnosticSeverity, message: impl Into, ) -> RuntimeDiagnostic { RuntimeDiagnostic { code: code.into(), severity, message: message.into(), } } fn host_id_for_workspace(workspace_id: &str) -> String { bounded_backend_identifier("local-", workspace_id) } fn worker_id_for_pod(pod_name: &str) -> String { bounded_backend_identifier("local-pod-", pod_name) } fn bounded_backend_identifier(prefix: &str, value: &str) -> String { let digest = digest_hex(value.as_bytes(), ID_DIGEST_HEX_LEN); let mut body = sanitize_identifier_body(value); if body.is_empty() { body = "id".to_string(); } let suffix_len = 1 + ID_DIGEST_HEX_LEN; let body_budget = MAX_IDENTIFIER_LEN .saturating_sub(prefix.len()) .saturating_sub(suffix_len) .max(1); if body.len() > body_budget { body.truncate(body_budget); body = body.trim_matches('-').to_string(); if body.is_empty() { body = "id".to_string(); } } let mut id = format!("{prefix}{body}-{digest}"); if id.len() > MAX_IDENTIFIER_LEN { let digest_suffix = format!("-{digest}"); let prefix_budget = MAX_IDENTIFIER_LEN.saturating_sub(digest_suffix.len()); id = format!( "{}{}", prefix.chars().take(prefix_budget).collect::(), digest_suffix ); } id } fn sanitize_identifier_body(value: &str) -> String { let mut out = String::with_capacity(value.len()); for ch in value.chars() { if ch.is_ascii_alphanumeric() { out.push(ch.to_ascii_lowercase()); } else if ch == '-' || ch == '_' { out.push(ch); } else { out.push('-'); } } out.trim_matches('-').to_string() } fn digest_hex(bytes: &[u8], hex_len: usize) -> String { let digest = Sha256::digest(bytes); let mut out = String::with_capacity(hex_len); for byte in digest { if out.len() >= hex_len { break; } out.push_str(&format!("{byte:02x}")); } out.truncate(hex_len); out } fn validate_backend_identifier( kind: &'static str, value: &str, ) -> Result<(), RuntimeRegistryError> { if value.is_empty() || value.len() > MAX_IDENTIFIER_LEN || value .chars() .any(|ch| !(ch.is_ascii_alphanumeric() || ch == '-' || ch == '_' || ch == ':')) { return Err(RuntimeRegistryError::InvalidIdentifier { kind, value: value.chars().take(MAX_IDENTIFIER_LEN).collect(), }); } Ok(()) } fn label_for_workspace(workspace_root: &Path) -> String { workspace_root .file_name() .and_then(|name| name.to_str()) .filter(|name| !name.is_empty()) .unwrap_or("workspace") .to_string() } fn same_workspace_root(left: &Path, right: &Path) -> bool { lexical_path_string(left) == lexical_path_string(right) } fn lexical_path_string(path: &Path) -> String { let mut value = path.to_string_lossy().replace('\\', "/"); while value.len() > 1 && value.ends_with('/') { value.pop(); } value } fn safe_display_hint(value: &str) -> String { value .chars() .filter(|ch| !ch.is_control() && *ch != '/' && *ch != '\\') .take(80) .collect() } fn worker_spawn_intent_label(intent: &WorkerSpawnIntent) -> &'static str { match intent { WorkerSpawnIntent::WorkspaceCompanion => "workspace_companion", WorkerSpawnIntent::WorkspaceOrchestrator => "workspace_orchestrator", WorkerSpawnIntent::TicketRole { role, .. } => match role { TicketWorkerRole::Intake => "ticket_intake", TicketWorkerRole::Orchestrator => "ticket_orchestrator", TicketWorkerRole::Coder => "ticket_coder", TicketWorkerRole::Reviewer => "ticket_reviewer", }, } } fn manifest_hint_string(snapshot: &Option, key: &str) -> Option { let value = snapshot.as_ref()?; let candidate = match key { "role" => value .get("role") .or_else(|| value.get("role_claim").and_then(|role| role.get("role"))), "profile_selector" => value .get("profile_selector") .or_else(|| value.get("profile")), _ => value.get(key), }?; let text = candidate.as_str().map(ToOwned::to_owned).or_else(|| { candidate .get("name") .and_then(|name| name.as_str()) .map(ToOwned::to_owned) })?; let safe = safe_display_hint(&text); (!safe.is_empty()).then_some(safe) } pub fn placeholder_worker(host_id: impl Into) -> WorkerSummary { let host_id = host_id.into(); WorkerSummary { runtime_id: "placeholder".to_string(), worker_id: "worker-placeholder".to_string(), host_id, label: "Worker runtime actions are not implemented".to_string(), role: None, profile: None, workspace: WorkerWorkspaceSummary { visibility: "none".to_string(), identity: "unsupported".to_string(), }, state: "unsupported".to_string(), status: "Worker runtime control is not wired yet".to_string(), last_seen_at: None, implementation: WorkerImplementationSummary { kind: "placeholder".to_string(), display_hint: "unsupported".to_string(), }, capabilities: WorkerCapabilitySummary { can_accept_input: false, can_stream_events: false, can_stop: false, can_spawn_followup: false, can_read_bounded_transcript: false, }, diagnostics: vec![diagnostic( "runtime_capability_unsupported", DiagnosticSeverity::Info, "worker control is outside this overview-only registry surface".to_string(), )], } } pub fn placeholder_spawn_response(host_id: impl Into) -> WorkerSpawnResult { WorkerSpawnResult { state: WorkerOperationState::Unsupported, worker: Some(placeholder_worker(host_id)), acceptance_evidence: Vec::new(), diagnostics: vec![diagnostic( "worker_spawn_unsupported", DiagnosticSeverity::Info, "Workspace worker runtime control is not implemented yet".to_string(), )], } } #[cfg(test)] mod tests { use super::*; use serde_json::json; use std::fs; use tempfile::TempDir; fn write_metadata(dir: &Path, pod_name: &str, metadata: &PodMetadata) { let pod_dir = dir.join("pods").join(pod_name); fs::create_dir_all(&pod_dir).unwrap(); fs::write( pod_dir.join("metadata.json"), serde_json::to_vec(metadata).unwrap(), ) .unwrap(); } fn metadata(workspace_root: Option<&str>) -> PodMetadata { let mut metadata = PodMetadata::new("coder", None); metadata.workspace_root = workspace_root.map(PathBuf::from); metadata.resolved_manifest_snapshot = Some(json!({ "role": "coder", "profile_selector": "builtin:coder" })); metadata } fn assert_valid_generated_id(id: &str) { assert!(id.len() <= MAX_IDENTIFIER_LEN, "id too long: {id}"); validate_backend_identifier("test_id", id).unwrap(); } fn host_id() -> String { host_id_for_workspace("local:test") } #[test] fn local_runtime_reports_host_without_private_paths() { let bridge = LocalPodRuntime::new("local:test", "/workspace/project", None); let hosts = bridge.list_hosts(10); assert_eq!(hosts.items.len(), 1); let host = &hosts.items[0]; assert_eq!(host.runtime_id, LOCAL_RUNTIME_ID); assert_eq!(host.host_id, host_id()); assert_valid_generated_id(&host.host_id); assert_eq!(host.capabilities.local_pod_inspection, "unavailable"); assert_eq!(host.capabilities.workspace_scope, "current_workspace"); let json = serde_json::to_string(host).unwrap(); assert!(!json.contains("/workspace/project")); assert!(!json.contains("metadata.json")); } #[test] fn registry_lists_runtimes_hosts_and_workers() { let temp = TempDir::new().unwrap(); write_metadata(temp.path(), "coder", &metadata(Some("/workspace/project"))); let registry = WorkerRuntimeRegistry::for_local_pods(LocalPodRuntime::new( "local:test", "/workspace/project", Some(temp.path().to_path_buf()), )); let runtimes = registry.list_runtimes(10); assert_eq!(runtimes.items[0].runtime_id, LOCAL_RUNTIME_ID); assert_eq!(runtimes.items[0].host_ids, vec![host_id()]); let hosts = registry.list_hosts(10); assert_eq!(hosts.items[0].host_id, host_id()); assert_valid_generated_id(&hosts.items[0].host_id); let workers = registry.list_workers(10); assert_eq!(workers.items.len(), 1); let worker = &workers.items[0]; assert_eq!(worker.runtime_id, LOCAL_RUNTIME_ID); assert_eq!(worker.worker_id, worker_id_for_pod("coder")); assert_valid_generated_id(&worker.worker_id); assert_eq!(worker.host_id, host_id()); assert_eq!(worker.workspace.visibility, "current_workspace"); assert_eq!(worker.implementation.display_hint, "coder"); let json = serde_json::to_string(worker).unwrap(); assert!(!json.contains("/workspace/project")); assert!(!json.contains("metadata.json")); } #[test] fn registry_resolves_backend_validated_host_ids() { let temp = TempDir::new().unwrap(); write_metadata(temp.path(), "coder", &metadata(Some("/workspace/project"))); let registry = WorkerRuntimeRegistry::for_local_pods(LocalPodRuntime::new( "local:test", "/workspace/project", Some(temp.path().to_path_buf()), )); let workers = registry.list_workers_for_host(&host_id(), 10).unwrap(); assert_eq!(workers.items.len(), 1); assert!(matches!( registry.list_workers_for_host("../secret", 10), Err(RuntimeRegistryError::InvalidIdentifier { .. }) )); assert!(matches!( registry.list_workers_for_host("local-missing", 10), Err(RuntimeRegistryError::UnknownHost(_)) )); } #[test] fn local_runtime_excludes_other_workspace_metadata() { let temp = TempDir::new().unwrap(); write_metadata(temp.path(), "other", &metadata(Some("/workspace/other"))); write_metadata(temp.path(), "missing", &metadata(None)); let bridge = LocalPodRuntime::new( "local:test", "/workspace/project", Some(temp.path().to_path_buf()), ); let workers = bridge.list_workers(10); assert!(workers.items.is_empty()); assert!( workers .diagnostics .iter() .any(|diag| diag.code == "local_pod_workspace_not_visible") ); assert!( workers .diagnostics .iter() .any(|diag| diag.code == "local_pod_workspace_root_missing") ); } #[test] fn local_runtime_worker_detail_is_safe_and_bounded() { let temp = TempDir::new().unwrap(); write_metadata(temp.path(), "coder", &metadata(Some("/workspace/project"))); let bridge = LocalPodRuntime::new( "local:test", "/workspace/project", Some(temp.path().to_path_buf()), ); let worker_id = worker_id_for_pod("coder"); let worker = bridge.worker(&worker_id).worker.unwrap(); assert_eq!(worker.label, "coder"); assert_eq!(worker.workspace.identity, "runtime_workspace"); assert!( bridge .worker(&worker_id_for_pod("missing")) .worker .is_none() ); } #[test] fn generated_worker_ids_are_opaque_bounded_unique_and_resolvable() { let temp = TempDir::new().unwrap(); let long_a = format!("{}-A", "TicketWorkerWithVeryLongName".repeat(8)); let long_b = format!("{}-B", "TicketWorkerWithVeryLongName".repeat(8)); let pod_names = vec![ "00001KVWECEQG-Coder.Pod".to_string(), "foo.bar".to_string(), "foo-bar".to_string(), "Ticket#Worker@Reviewer".to_string(), long_a, long_b, ]; for pod_name in &pod_names { write_metadata(temp.path(), pod_name, &metadata(Some("/workspace/project"))); } let bridge = LocalPodRuntime::new( "local:test", "/workspace/project", Some(temp.path().to_path_buf()), ); let registry = WorkerRuntimeRegistry::for_local_pods(bridge.clone()); let listed = registry.list_workers(100); assert_eq!(listed.items.len(), pod_names.len()); let mut ids = BTreeSet::new(); for worker in listed.items { assert_valid_generated_id(&worker.worker_id); assert!( ids.insert(worker.worker_id.clone()), "duplicate id: {}", worker.worker_id ); assert!(!worker.worker_id.contains('.')); assert!(!worker.worker_id.contains('@')); assert!(!worker.worker_id.contains('#')); let from_registry = registry.worker(&worker.worker_id).unwrap(); assert_eq!(from_registry.worker_id, worker.worker_id); let from_runtime = bridge.worker(&worker.worker_id).worker.unwrap(); assert_eq!(from_runtime.worker_id, worker.worker_id); } let dotted = worker_id_for_pod("foo.bar"); let dashed = worker_id_for_pod("foo-bar"); assert_ne!(dotted, dashed); assert!(ids.contains(&dotted)); assert!(ids.contains(&dashed)); assert!(ids.iter().any(|id| id.len() == MAX_IDENTIFIER_LEN)); } }