fix(shell): satisfy lint and effect-ts checks for docker access

skulidropek · skulidropek · commit d4cb2eaf0f32 · 2026-02-19T16:22:45.000+04:00
diff --git a/packages/lib/src/core/command-builders.ts b/packages/lib/src/core/command-builders.ts
@@ -1,5 +1,6 @@
 import { Either } from "effect"
 
+import { expandContainerHome } from "../usecases/scrap-path.js"
 import { type RawOptions } from "./command-options.js"
 import {
   type CreateCommand,
@@ -10,7 +11,6 @@ import {
   resolveRepoInput
 } from "./domain.js"
 import { trimRightChar } from "./strings.js"
-import { expandContainerHome } from "../usecases/scrap-path.js"
 
 const parsePort = (value: string): Either.Either<number, ParseError> => {
   const parsed = Number(value)
diff --git a/packages/lib/src/shell/docker-daemon-access.ts b/packages/lib/src/shell/docker-daemon-access.ts
@@ -0,0 +1,150 @@
+import * as Command from "@effect/platform/Command"
+import * as CommandExecutor from "@effect/platform/CommandExecutor"
+import type { PlatformError } from "@effect/platform/Error"
+import { Effect, pipe } from "effect"
+import * as Chunk from "effect/Chunk"
+import * as Stream from "effect/Stream"
+
+import { DockerAccessError, type DockerAccessIssue } from "./errors.js"
+
+const permissionDeniedPattern = /permission denied/i
+
+const collectUint8Array = (chunks: Chunk.Chunk<Uint8Array>): Uint8Array =>
+  Chunk.reduce(chunks, new Uint8Array(), (acc, curr) => {
+    const next = new Uint8Array(acc.length + curr.length)
+    next.set(acc)
+    next.set(curr, acc.length)
+    return next
+  })
+
+const resolveDockerHostFallbackCandidates = (): ReadonlyArray<string> => {
+  if (process.env["DOCKER_HOST"] !== undefined) {
+    return []
+  }
+
+  const runtimeDir = process.env["XDG_RUNTIME_DIR"]?.trim()
+  const uid = typeof process.getuid === "function"
+    ? process.getuid().toString()
+    : process.env["UID"]?.trim()
+
+  return [
+    ...new Set(
+      [
+        runtimeDir ? `unix://${runtimeDir}/docker.sock` : undefined,
+        uid ? `unix:///run/user/${uid}/docker.sock` : undefined
+      ].filter((value): value is string => value !== undefined)
+    )
+  ]
+}
+
+const runDockerInfoCommand = (
+  cwd: string,
+  env?: Readonly<Record<string, string | undefined>>
+): Effect.Effect<
+  { readonly exitCode: number; readonly details: string },
+  PlatformError,
+  CommandExecutor.CommandExecutor
+> =>
+  Effect.scoped(
+    Effect.gen(function*(_) {
+      const executor = yield* _(CommandExecutor.CommandExecutor)
+      const process = yield* _(
+        executor.start(
+          pipe(
+            Command.make("docker", "info"),
+            Command.workingDirectory(cwd),
+            env ? Command.env(env) : (value) => value,
+            Command.stdin("pipe"),
+            Command.stdout("pipe"),
+            Command.stderr("pipe")
+          )
+        )
+      )
+
+      const stderrBytes = yield* _(
+        pipe(process.stderr, Stream.runCollect, Effect.map((chunks) => collectUint8Array(chunks)))
+      )
+      const exitCode = Number(yield* _(process.exitCode))
+      const stderr = new TextDecoder("utf-8").decode(stderrBytes).trim()
+      return {
+        exitCode,
+        details: stderr.length > 0 ? stderr : `docker info failed with exit code ${exitCode}`
+      }
+    })
+  )
+
+// CHANGE: classify docker daemon access failure into deterministic typed reasons
+// WHY: allow callers to render actionable recovery guidance for socket permission issues
+// QUOTE(ТЗ): "docker-git handles Docker socket permission problems predictably"
+// REF: issue-11
+// SOURCE: n/a
+// FORMAT THEOREM: ∀m: classify(m) ∈ {"PermissionDenied","DaemonUnavailable"}
+// PURITY: CORE
+// EFFECT: Effect<DockerAccessIssue, never, never>
+// INVARIANT: classification is stable for equal input
+// COMPLEXITY: O(|m|)
+export const classifyDockerAccessIssue = (message: string): DockerAccessIssue =>
+  permissionDeniedPattern.test(message) ? "PermissionDenied" : "DaemonUnavailable"
+
+// CHANGE: verify docker daemon access before compose/auth flows
+// WHY: fail fast on socket permission errors instead of cascading into opaque command failures
+// QUOTE(ТЗ): "permission denied to /var/run/docker.sock"
+// REF: issue-11
+// SOURCE: n/a
+// FORMAT THEOREM: ∀cwd: access(cwd)=ok ∨ DockerAccessError
+// PURITY: SHELL
+// EFFECT: Effect<void, DockerAccessError | PlatformError, CommandExecutor>
+// INVARIANT: non-zero docker info exit always maps to DockerAccessError
+// COMPLEXITY: O(command)
+export const ensureDockerDaemonAccess = (
+  cwd: string
+): Effect.Effect<void, DockerAccessError | PlatformError, CommandExecutor.CommandExecutor> =>
+  Effect.scoped(
+    Effect.gen(function*(_) {
+      const primaryResult = yield* _(runDockerInfoCommand(cwd))
+      if (primaryResult.exitCode === 0) {
+        return
+      }
+
+      const primaryIssue = classifyDockerAccessIssue(primaryResult.details)
+      if (primaryIssue !== "PermissionDenied") {
+        return yield* _(
+          Effect.fail(
+            new DockerAccessError({
+              issue: primaryIssue,
+              details: primaryResult.details
+            })
+          )
+        )
+      }
+
+      let fallbackErrorDetails = primaryResult.details
+      let fallbackIssue: DockerAccessIssue = primaryIssue
+
+      for (const fallbackHost of resolveDockerHostFallbackCandidates()) {
+        const fallbackResult = yield* _(
+          runDockerInfoCommand(cwd, {
+            ...process.env,
+            DOCKER_HOST: fallbackHost
+          })
+        )
+
+        if (fallbackResult.exitCode === 0) {
+          process.env["DOCKER_HOST"] = fallbackHost
+          return
+        }
+
+        fallbackErrorDetails = fallbackResult.details
+        fallbackIssue = classifyDockerAccessIssue(fallbackResult.details)
+      }
+
+      return yield* _(
+        Effect.fail(
+          new DockerAccessError({
+            issue: fallbackIssue,
+            details: fallbackErrorDetails
+          })
+        )
+      )
+    })
+  )
diff --git a/packages/lib/src/shell/docker.ts b/packages/lib/src/shell/docker.ts
@@ -1,14 +1,13 @@
 import * as Command from "@effect/platform/Command"
-import * as CommandExecutor from "@effect/platform/CommandExecutor"
+import type * as CommandExecutor from "@effect/platform/CommandExecutor"
 import { ExitCode } from "@effect/platform/CommandExecutor"
 import type { PlatformError } from "@effect/platform/Error"
 import { Effect, pipe } from "effect"
-import * as Chunk from "effect/Chunk"
-import * as Stream from "effect/Stream"
-import { existsSync } from "node:fs"
 
 import { runCommandCapture, runCommandWithExitCodes } from "./command-runner.js"
-import { CommandFailedError, DockerAccessError, type DockerAccessIssue, DockerCommandError } from "./errors.js"
+import { CommandFailedError, DockerCommandError } from "./errors.js"
+
+export { classifyDockerAccessIssue, ensureDockerDaemonAccess } from "./docker-daemon-access.js"
 
 const composeSpec = (cwd: string, args: ReadonlyArray<string>) => ({
   cwd,
@@ -30,148 +29,6 @@ const parseInspectNetworkEntry = (line: string): ReadonlyArray<readonly [string,
   return [entry]
 }
 
-const collectUint8Array = (chunks: Chunk.Chunk<Uint8Array>): Uint8Array =>
-  Chunk.reduce(chunks, new Uint8Array(), (acc, curr) => {
-    const next = new Uint8Array(acc.length + curr.length)
-    next.set(acc)
-    next.set(curr, acc.length)
-    return next
-  })
-
-const permissionDeniedPattern = /permission denied/i
-
-const resolveDockerHostFallback = (): string | undefined => {
-  if (process.env["DOCKER_HOST"] !== undefined) {
-    return undefined
-  }
-
-  const runtimeDir = process.env["XDG_RUNTIME_DIR"]?.trim()
-  const uid =
-    typeof process.getuid === "function"
-      ? process.getuid().toString()
-      : process.env["UID"]?.trim()
-
-  const candidates = Array.from(
-    new Set(
-      [
-        runtimeDir ? `${runtimeDir}/docker.sock` : undefined,
-        uid ? `/run/user/${uid}/docker.sock` : undefined
-      ].filter((value): value is string => value !== undefined)
-    )
-  )
-
-  for (const candidate of candidates) {
-    if (existsSync(candidate)) {
-      return `unix://${candidate}`
-    }
-  }
-
-  return undefined
-}
-
-const runDockerInfoCommand = (
-  cwd: string,
-  env?: Readonly<Record<string, string | undefined>>
-): Effect.Effect<{ readonly exitCode: number; readonly details: string }, PlatformError, CommandExecutor.CommandExecutor> =>
-  Effect.scoped(
-    Effect.gen(function*(_) {
-      const executor = yield* _(CommandExecutor.CommandExecutor)
-      const process = yield* _(
-        executor.start(
-          pipe(
-            Command.make("docker", "info"),
-            Command.workingDirectory(cwd),
-            env ? Command.env(env) : (value) => value,
-            Command.stdin("pipe"),
-            Command.stdout("pipe"),
-            Command.stderr("pipe")
-          )
-        )
-      )
-
-      const stderrBytes = yield* _(
-        pipe(process.stderr, Stream.runCollect, Effect.map((chunks) => collectUint8Array(chunks)))
-      )
-      const exitCode = Number(yield* _(process.exitCode))
-      const stderr = new TextDecoder("utf-8").decode(stderrBytes).trim()
-      return {
-        exitCode,
-        details: stderr.length > 0 ? stderr : `docker info failed with exit code ${exitCode}`
-      }
-    })
-  )
-
-// CHANGE: classify docker daemon access failure into deterministic typed reasons
-// WHY: allow callers to render actionable recovery guidance for socket permission issues
-// QUOTE(ТЗ): "docker-git handles Docker socket permission problems predictably"
-// REF: issue-11
-// SOURCE: n/a
-// FORMAT THEOREM: ∀m: classify(m) ∈ {"PermissionDenied","DaemonUnavailable"}
-// PURITY: CORE
-// EFFECT: Effect<DockerAccessIssue, never, never>
-// INVARIANT: classification is stable for equal input
-// COMPLEXITY: O(|m|)
-export const classifyDockerAccessIssue = (message: string): DockerAccessIssue =>
-  permissionDeniedPattern.test(message) ? "PermissionDenied" : "DaemonUnavailable"
-
-// CHANGE: verify docker daemon access before compose/auth flows
-// WHY: fail fast on socket permission errors instead of cascading into opaque command failures
-// QUOTE(ТЗ): "permission denied to /var/run/docker.sock"
-// REF: issue-11
-// SOURCE: n/a
-// FORMAT THEOREM: ∀cwd: access(cwd)=ok ∨ DockerAccessError
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerAccessError | PlatformError, CommandExecutor>
-// INVARIANT: non-zero docker info exit always maps to DockerAccessError
-// COMPLEXITY: O(command)
-export const ensureDockerDaemonAccess = (
-  cwd: string
-): Effect.Effect<void, DockerAccessError | PlatformError, CommandExecutor.CommandExecutor> =>
-  Effect.scoped(
-    Effect.gen(function*(_) {
-      const primaryResult = yield* _(runDockerInfoCommand(cwd))
-      if (primaryResult.exitCode === 0) {
-        return
-      }
-
-      const primaryIssue = classifyDockerAccessIssue(primaryResult.details)
-      if (primaryIssue === "PermissionDenied" && process.env["DOCKER_HOST"] === undefined) {
-        const fallbackHost = resolveDockerHostFallback()
-        if (fallbackHost !== undefined) {
-          const fallbackResult = yield* _(
-            runDockerInfoCommand(cwd, {
-              ...process.env,
-              DOCKER_HOST: fallbackHost
-            })
-          )
-
-          if (fallbackResult.exitCode === 0) {
-            process.env["DOCKER_HOST"] = fallbackHost
-            return
-          }
-
-          return yield* _(
-            Effect.fail(
-              new DockerAccessError({
-                issue: classifyDockerAccessIssue(fallbackResult.details),
-                details: fallbackResult.details
-              })
-            )
-          )
-        }
-      }
-
-      return yield* _(
-        Effect.fail(
-          new DockerAccessError({
-            issue: primaryIssue,
-            details: primaryResult.details
-          })
-        )
-      )
-    })
-  )
-
 const runCompose = (
   cwd: string,
   args: ReadonlyArray<string>,
