Slice 2: real auth, agent-mediated repo/branch listing, deployment list from SQLite

- protocol: add RepoInfo, RouteOverride; add HostPort, SandboxID to DeployRequest. - ws hub: add CallAgent for sync request/response RPCs over the agent WS, and DeliverAgentReply to route {op:reply} frames back to the caller. UnregisterAgent now also fails any pending RPCs so callers don't hang. - agent-micro: new op handlers list_repos, list_branches, probe. Wire protocol.Event frames use json.RawMessage so each op decodes its own data shape. - agent-gateway: same op handlers (list_repos/list_branches/probe) plus push_routes, which the gateway uses to rewrite the api-gateway config.php. Detailed in a later commit. - control-plane login: validateViaAgent now calls CallAgent('probe') against the gateway agent (git ls-remote), replacing the accept-any-creds stub. - control-plane repos: handleListRepos and handleListBranches forward to the agents via list_repos / list_branches RPCs, replacing the hardcoded fixtures. - control-plane deployments: split into its own file. handleListDeployments reads from SQLite (was hardcoded []). handleCreateDeployment now supports sandbox-scoped deploys with a host port + env merge. handleStopDeployment looks up the node from the deployment row. - store: split into store.go + deployments.go. The Deployment type adds sandboxId, containerId, hostPort. StartDeploymentInSandbox, SetContainerID, ListDeployments, GetDeployment, LatestDeploymentBySandboxService are new. - store_test.go: round-trips every Slice-2 path (env, sandbox, template, clone, routes, deployment). - .gitignore: track bin/ — the build runs on a separate Linux box with the golang:1.24 toolchain, and the binaries are SCPed from there to the company VMs (92 / 186). The VMs have no internet. - Tracked bin/{control-plane,agent-micro,agent-gateway}.
2026-06-24 03:58:53 +00:00
parent 2bc3ff73a2
commit 55d7705c63
17 changed files with 1244 additions and 317 deletions
@@ -20,9 +20,11 @@ type Event struct {
 // Credentials are passed per-operation; agents MUST NOT log or persist them.
 type DeployRequest struct {
 	DeploymentID string            `json:"deploymentId"`
+	SandboxID    string            `json:"sandboxId,omitempty"` // owning sandbox (Slice 2)
 	Repository   string            `json:"repository"`   // name from agent's repo config
 	Branch       string            `json:"branch"`
-	Env          map[string]string `json:"env,omitempty"` // injected into container
+	HostPort     int               `json:"hostPort,omitempty"` // host port to bind the container to
+	Env          map[string]string `json:"env,omitempty"`      // injected into container
 	Username     string            `json:"username"`
 	Password     string            `json:"password"`
 }
@@ -33,3 +35,23 @@ type DeployResponse struct {
 	OK    bool   `json:"ok"`
 	Error string `json:"error,omitempty"`
 }
+
+// RepoInfo describes one repository the agent knows about.
+type RepoInfo struct {
+	Name string `json:"name"`
+	Path string `json:"path"`
+	// DefaultBranch is best-effort; empty if the repo is empty or unreadable.
+	DefaultBranch string `json:"defaultBranch,omitempty"`
+}
+
+// RouteOverride is a single "<service>_url" line the gateway agent should
+// rewrite in the API gateway's config.php. The key is the PHP array key
+// (e.g. "haven_url"); the value is the new URL (e.g.
+// "http://172.18.136.92:9001"). TargetOCP=true means "leave it alone /
+// point back at the OCP URL"; in that case the agent should restore the
+// original value from its snapshot.
+type RouteOverride struct {
+	Key        string `json:"key"`        // e.g. "haven_url"
+	Value      string `json:"value"`      // new URL, e.g. "http://172.18.136.92:9001"
+	TargetOCP  bool   `json:"targetOcp"`  // if true, restore OCP URL from snapshot
+}