fix(docker-git): restore reliable ssh auto-open

Author: skulidropek

packages/api/src/services/auth-terminal-sessions.ts

@@ -148,6 +148,28 @@ const decodeClientMessage = (raw: RawData): TerminalClientMessage | null =>
 const clampTerminalSize = (value: number, fallback: number): number =>
   Number.isFinite(value) && value > 0 ? Math.max(1, Math.floor(value)) : fallback
 
+const writePtyInput = (pty: IPty | null, data: string): void => {
+  if (pty === null) {
+    return
+  }
+  try {
+    pty.write(data)
+  } catch {
+    return
+  }
+}
+
+const resizePty = (pty: IPty | null, cols: number, rows: number): void => {
+  if (pty === null) {
+    return
+  }
+  try {
+    pty.resize(cols, rows)
+  } catch {
+    return
+  }
+}
+
 const startTerminalPty = (record: AuthTerminalRecord, cols: number, rows: number): void => {
   const pty = spawn(process.execPath, [...record.args], {
     cols: clampTerminalSize(cols, 120),
@@ -213,11 +235,11 @@ const handleSocketMessage = (record: AuthTerminalRecord, raw: RawData): void =>
     return
   }
   if (message.type === "input") {
-    record.pty?.write(message.data)
+    writePtyInput(record.pty, message.data)
     return
   }
   if (message.type === "resize") {
-    record.pty?.resize(clampTerminalSize(message.cols, 120), clampTerminalSize(message.rows, 32))
+    resizePty(record.pty, clampTerminalSize(message.cols, 120), clampTerminalSize(message.rows, 32))
     return
   }
   cleanupRecord(record)

packages/api/src/services/projects.ts

@@ -236,6 +236,22 @@ const mergeAuthorizedKeys = (
   return merged.length === 0 ? "" : `${merged.join("\n")}\n`
 }
 
+const resolveRequestedAuthorizedKeysContents = (
+  authorizedKeysContents: string | undefined,
+  useManagedAuthorizedKeys: boolean
+) =>
+  Effect.gen(function*(_) {
+    const managedAuthorizedKeysContents = useManagedAuthorizedKeys
+      ? yield* _(resolveManagedAuthorizedKeysContents())
+      : undefined
+    const merged = mergeAuthorizedKeys(
+      normalizeAuthorizedKeys(managedAuthorizedKeysContents ?? ""),
+      normalizeAuthorizedKeys(authorizedKeysContents ?? "")
+    )
+
+    return merged.length === 0 ? undefined : merged
+  })
+
 const withManagedAuthorizedKeysForCreate = (
   command: LibCreateCommand,
   authorizedKeysContents: string | undefined
@@ -375,11 +391,14 @@ export const createProjectFromRequest = (
       waitForClone: request.waitForClone ?? parsed.right.waitForClone
     }
 
-    const resolvedAuthorizedKeysContents = request.authorizedKeysContents ?? (
+    const requestAuthorizedKeysContents = request.authorizedKeysContents ?? (
       request.useManagedAuthorizedKeys === true
         ? yield* _(resolveCreateAuthorizedKeysContents(parsedCommand.outDir, parsedCommand.config.authorizedKeysPath))
         : undefined
     )
+    const resolvedAuthorizedKeysContents = yield* _(
+      resolveRequestedAuthorizedKeysContents(requestAuthorizedKeysContents, request.useManagedAuthorizedKeys === true)
+    )
 
     const command = withManagedAuthorizedKeysForCreate(parsedCommand, resolvedAuthorizedKeysContents)
 
@@ -525,10 +544,8 @@ export const upProject = (
 ) =>
   Effect.gen(function*(_) {
     const project = yield* _(findProjectById(projectId))
-    const resolvedAuthorizedKeysContents = authorizedKeysContents ?? (
-      useManagedAuthorizedKeys === true
-        ? yield* _(resolveManagedAuthorizedKeysContents())
-        : undefined
+    const resolvedAuthorizedKeysContents = yield* _(
+      resolveRequestedAuthorizedKeysContents(authorizedKeysContents, useManagedAuthorizedKeys === true)
     )
     yield* _(seedAuthorizedKeysForCreate(project.projectDir, resolvedAuthorizedKeysContents))
     yield* _(markDeployment(projectId, "build", "docker compose up -d --build"))

packages/api/src/services/terminal-sessions.ts

@@ -241,6 +241,28 @@ const decodeClientMessage = (raw: RawData): TerminalClientMessage | null =>
 const clampTerminalSize = (value: number, fallback: number): number =>
   Number.isFinite(value) && value > 0 ? Math.max(1, Math.floor(value)) : fallback
 
+const writePtyInput = (pty: IPty | null, data: string): void => {
+  if (pty === null) {
+    return
+  }
+  try {
+    pty.write(data)
+  } catch {
+    return
+  }
+}
+
+const resizePty = (pty: IPty | null, cols: number, rows: number): void => {
+  if (pty === null) {
+    return
+  }
+  try {
+    pty.resize(cols, rows)
+  } catch {
+    return
+  }
+}
+
 const startTerminalPty = (
   record: TerminalRecord,
   cols: number,
@@ -387,11 +409,11 @@ const handleSocketMessage = (record: TerminalRecord, raw: RawData): void => {
     return
   }
   if (message.type === "input") {
-    record.pty?.write(message.data)
+    writePtyInput(record.pty, message.data)
     return
   }
   if (message.type === "resize") {
-    record.pty?.resize(clampTerminalSize(message.cols, 120), clampTerminalSize(message.rows, 32))
+    resizePty(record.pty, clampTerminalSize(message.cols, 120), clampTerminalSize(message.rows, 32))
     return
   }
   handleCloseMessage(record)

packages/app/src/docker-git/api-client-helpers.ts

@@ -5,7 +5,12 @@ import { Effect } from "effect"
 import { asObject, asString, type JsonValue } from "./api-json.js"
 import { defaultTemplateConfig } from "./frontend-lib/core/domain.js"
 import type { CreateCommand } from "./frontend-lib/core/domain.js"
-import { resolvePathFromCwd } from "./frontend-lib/usecases/path-helpers.js"
+import {
+  findAuthorizedKeysSource,
+  findExistingPath,
+  findSshPrivateKey,
+  resolvePathFromCwd
+} from "./frontend-lib/usecases/path-helpers.js"
 
 export const readProjectOutput = (payload: JsonValue): string => {
   const object = asObject(payload)
@@ -37,6 +42,30 @@ const resolveClientCreatePath = (
 
 const missingAuthorizedKeysContents = (): string | undefined => undefined
 
+const normalizeAuthorizedKeysContents = (value: string): string | undefined => {
+  const trimmed = value.trim()
+  return trimmed.length === 0 ? undefined : `${trimmed}\n`
+}
+
+const resolveManagedAuthorizedKeysContents = () =>
+  Effect.gen(function*(_) {
+    const fs = yield* _(FileSystem.FileSystem)
+    const path = yield* _(Path.Path)
+    const cwd = process.cwd()
+    const sshPrivateKey = yield* _(findSshPrivateKey(fs, path, cwd))
+    const matchingPublicKey = sshPrivateKey === null ? null : yield* _(findExistingPath(fs, `${sshPrivateKey}.pub`))
+    const source = matchingPublicKey === null
+      ? yield* _(findAuthorizedKeysSource(fs, path, cwd))
+      : matchingPublicKey
+
+    if (source === null) {
+      return missingAuthorizedKeysContents()
+    }
+
+    const contents = yield* _(fs.readFileString(source))
+    return normalizeAuthorizedKeysContents(contents)
+  })
+
 export const resolveCreateRequestPaths = (command: CreateCommand) =>
   Effect.gen(function*(_) {
     const fs = yield* _(FileSystem.FileSystem)
@@ -46,11 +75,15 @@ export const resolveCreateRequestPaths = (command: CreateCommand) =>
       ? command.config.authorizedKeysPath
       : resolveClientCreatePath(path, cwd, command.config.authorizedKeysPath)
     const authorizedKeysContents = authorizedKeysPath === defaultTemplateConfig.authorizedKeysPath
-      ? undefined
+      ? yield* _(resolveManagedAuthorizedKeysContents())
       : yield* _(
         fs.exists(authorizedKeysPath).pipe(
           Effect.flatMap((exists) =>
-            exists ? fs.readFileString(authorizedKeysPath) : Effect.sync(missingAuthorizedKeysContents)
+            exists
+              ? fs.readFileString(authorizedKeysPath).pipe(
+                Effect.map((contents) => normalizeAuthorizedKeysContents(contents))
+              )
+              : Effect.sync(missingAuthorizedKeysContents)
           )
         )
       )

packages/app/src/docker-git/host-ssh.ts

@@ -1,10 +1,10 @@
 import { Effect } from "effect"
 
 import { shouldAutoOpenSsh } from "../shared/auto-open-ssh.js"
-import { createProjectTerminalSession } from "./api-client.js"
+import { getProject } from "./api-client.js"
 import type { ApiProjectDetails } from "./api-project-codec.js"
+import { openResolvedProjectSsh } from "./open-project-ssh.js"
 import { projectItemFromApiDetails } from "./project-item.js"
-import { attachTerminalSession } from "./terminal-session-client.js"
 
 type AutoOpenSshCommand = {
   readonly openSsh: boolean
@@ -37,21 +37,11 @@ export const autoOpenProjectSsh = (
       return
     }
 
-    const item = projectItemFromApiDetails(project)
-    const terminal = yield* _(createProjectTerminalSession(item.projectDir))
-    if (terminal === null) {
-      yield* _(Effect.logWarning(`Skipping SSH auto-open: terminal session was not created for ${item.displayName}.`))
-      return
-    }
-    yield* _(
-      attachTerminalSession({
-        header: `SSH terminal: ${item.displayName}`,
-        session: terminal.session,
-        websocketPath: `/projects/${encodeURIComponent(item.projectDir)}/terminal-sessions/${
-          encodeURIComponent(terminal.session.id)
-        }/ws`
-      })
+    const refreshedProject = yield* _(
+      getProject(project.id).pipe(Effect.orElseSucceed(() => null))
     )
+    const item = projectItemFromApiDetails(refreshedProject ?? project)
+    yield* _(openResolvedProjectSsh(item))
   }).pipe(
     Effect.matchEffect({
       onFailure: (error) => Effect.logWarning(`SSH auto-open failed: ${renderKnownError(error)}`),