Merge branch 'dev' into fix/exec-cwd-envs

internal/hostagent/callback.go

@@ -0,0 +1,129 @@
+package hostagent
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"log/slog"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+)
+
+// CallbackEvent is the payload sent to the CP's sandbox event callback endpoint.
+type CallbackEvent struct {
+	Event     string `json:"event"`
+	SandboxID string `json:"sandbox_id"`
+	HostID    string `json:"host_id"`
+	Timestamp int64  `json:"timestamp"`
+}
+
+// CallbackSender sends sandbox lifecycle events to the CP via HTTP POST.
+// Used for autonomous agent-side events (auto-pause, auto-destroy) that
+// the CP cannot observe through its own RPC goroutines.
+type CallbackSender struct {
+	cpURL    string
+	hostID   string
+	credFile string
+	client   *http.Client
+	mu       sync.RWMutex
+	jwt      string
+}
+
+// NewCallbackSender creates a callback sender.
+func NewCallbackSender(cpURL, credFile, hostID string) *CallbackSender {
+	jwt := ""
+	if tf, err := LoadTokenFile(credFile); err == nil {
+		jwt = tf.JWT
+	}
+	return &CallbackSender{
+		cpURL:    strings.TrimRight(cpURL, "/"),
+		hostID:   hostID,
+		credFile: credFile,
+		client:   &http.Client{Timeout: 10 * time.Second},
+		jwt:      jwt,
+	}
+}
+
+// UpdateJWT refreshes the JWT used for callback authentication.
+// Called from the heartbeat's onCredsRefreshed hook.
+func (s *CallbackSender) UpdateJWT(jwt string) {
+	s.mu.Lock()
+	s.jwt = jwt
+	s.mu.Unlock()
+}
+
+func (s *CallbackSender) getJWT() string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.jwt
+}
+
+// Send sends a callback event to the CP synchronously with retries.
+func (s *CallbackSender) Send(ctx context.Context, ev CallbackEvent) error {
+	ev.HostID = s.hostID
+	if ev.Timestamp == 0 {
+		ev.Timestamp = time.Now().Unix()
+	}
+
+	body, err := json.Marshal(ev)
+	if err != nil {
+		return fmt.Errorf("marshal callback event: %w", err)
+	}
+
+	url := s.cpURL + "/v1/hosts/sandbox-events"
+
+	var lastErr error
+	for attempt := 0; attempt < 3; attempt++ {
+		if attempt > 0 {
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			case <-time.After(time.Duration(attempt) * 500 * time.Millisecond):
+			}
+		}
+
+		req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
+		if err != nil {
+			return fmt.Errorf("create callback request: %w", err)
+		}
+		req.Header.Set("Content-Type", "application/json")
+		req.Header.Set("X-Host-Token", s.getJWT())
+
+		resp, err := s.client.Do(req)
+		if err != nil {
+			lastErr = err
+			continue
+		}
+		resp.Body.Close()
+
+		if resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusForbidden {
+			if newCreds, refreshErr := RefreshCredentials(ctx, s.cpURL, s.credFile); refreshErr == nil {
+				s.UpdateJWT(newCreds.JWT)
+			}
+			lastErr = fmt.Errorf("callback auth failed: %d", resp.StatusCode)
+			continue
+		}
+
+		if resp.StatusCode >= 200 && resp.StatusCode < 300 {
+			return nil
+		}
+
+		lastErr = fmt.Errorf("callback failed: status %d", resp.StatusCode)
+	}
+
+	return fmt.Errorf("callback failed after 3 attempts: %w", lastErr)
+}
+
+// SendAsync sends a callback event in a background goroutine.
+func (s *CallbackSender) SendAsync(ev CallbackEvent) {
+	go func() {
+		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+		defer cancel()
+		if err := s.Send(ctx, ev); err != nil {
+			slog.Warn("callback send failed (reconciler will catch it)", "event", ev.Event, "sandbox_id", ev.SandboxID, "error", err)
+		}
+	}()
+}

internal/hostagent/callback_adapter.go

@@ -0,0 +1,22 @@
+package hostagent
+
+import (
+	"git.omukk.dev/wrenn/wrenn/internal/sandbox"
+)
+
+// callbackAdapter adapts CallbackSender to satisfy sandbox.EventSender.
+type callbackAdapter struct {
+	sender *CallbackSender
+}
+
+// NewEventSender wraps a CallbackSender as a sandbox.EventSender.
+func NewEventSender(sender *CallbackSender) sandbox.EventSender {
+	return &callbackAdapter{sender: sender}
+}
+
+func (a *callbackAdapter) SendAsync(event sandbox.LifecycleEvent) {
+	a.sender.SendAsync(CallbackEvent{
+		Event:     event.Event,
+		SandboxID: event.SandboxID,
+	})
+}