Draft: better logs and shell #485
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces comprehensive design document for addressing time-synchronicity issues in current stdout/stderr handling and enabling real-time log streaming and interactive shell access to Docker services. Key features planned: - Unified time-synchronized output preserving chronological order - Real-time log streaming via app:logs command with WebSocket support - Interactive shell access via app:shell command - Bollard-based Docker integration with docker-compose fallback - Memory management with configurable output limits - Permission-based access control for logs and shell operations - Frontend integration planning for unified log viewer Breaking changes documented for TaskDetails stdout/stderr removal.
Completes technical validation of bollard capabilities for unified output system. Technical spike results: - Validates bollard container logs API with real-time streaming - Confirms exec API supports interactive shell sessions - Tests stdout/stderr separation and timestamp handling - Proves service discovery integration with existing patterns Key findings: - Bollard provides all required capabilities for logs and shell access - Existing service discovery via docker labels works perfectly - WebSocket integration path is clear and low-risk - Performance benefits over docker-compose subprocess approach Files added: - docs/technical-spike-bollard-findings.md: Comprehensive analysis and recommendations - scotty/examples/bollard_spike.rs: Working proof-of-concept with real container testing Ready for implementation Phase 1: Core Infrastructure.
- Add OutputLine, TaskOutput, and OutputStreamType structures for time-synchronized output collection - Add OutputSettings for configurable limits on lines and line length - Add ShellSettings for shell session configuration (TTL, limits, defaults) - Integrate settings into main configuration structure - Support both default limits and custom settings per task
BREAKING CHANGE: Remove stdout and stderr fields from TaskDetails - Remove stdout/stderr string fields from TaskDetails structure - Remove print/println methods from TaskDetails - Add TaskOutput to TaskState for unified output collection - Update TaskManager to use unified output streams with configurable limits - Add methods to TaskManager for adding messages to task output - Replace separate stdout/stderr readers with unified stream handlers - Update CLI to show basic task status (TODO: implement full output streaming)
- Update wait_for_all_containers_handler to add status messages to task output - Replace server-only logging with client-visible task messages - Messages now appear in UI instead of only server logs - Maintain server logging for debugging purposes
- Add note about running cargo fmt and cargo clippy for code quality checks
- Add LogsStreamInfo, LogsStreamData, LogsStreamEnd, LogsStreamError for log streaming - Add ShellSessionInfo, ShellSessionData, ShellSessionEnd, ShellSessionError for shell sessions - Add ShellDataType enum for input/output differentiation - Extend WebSocketMessage enum with comprehensive real-time streaming support - Messages support stream/session identification via UUIDs
- Add unified output system implementation progress to CLAUDE.md - Document completed Phase 1 tasks and next Phase 2 objectives - List key modified files and reference documents for easy resumption
- Add LogStreamingService for real-time container log streaming via WebSocket - Add ShellService for interactive container shell sessions with TTY support - Support session limits, TTL, and input/output streaming - Handle Docker timestamp extraction for proper log formatting - Implement resize support for TTY sessions - Both services use bollard Docker API for container interaction
Add find_container_by_service() and get_container_id_for_service() helper methods to AppData to simplify container discovery operations and reduce code duplication across services.
- Replace String errors with proper enum-based error types using thiserror - Add LogStreamError and ShellServiceError enums with detailed error variants - Implement helper methods on session structs for better encapsulation - Add LogOutputConverter and LogBuffer for improved log processing - Add constructor methods to WebSocket message types - Improve error messages with structured context
- Add LogStreamError and ShellServiceError variants to AppError enum - Implement From trait for automatic error conversion - Map service errors to appropriate HTTP status codes - Ensure proper error propagation through the API layer
- Add POST /apps/{app_id}/services/{service_name}/logs for log streaming
- Add DELETE /logs/streams/{stream_id} to stop log streams
- Add POST /apps/{app_id}/services/{service_name}/shell for shell sessions
- Add POST /shell/sessions/{session_id}/input for sending input
- Add POST /shell/sessions/{session_id}/resize for TTY resizing
- Add DELETE /shell/sessions/{session_id} to terminate sessions
- All endpoints include proper OpenAPI documentation
- Appropriate permission levels (View for logs, Manage for shell)
- Add routes for all logs and shell endpoints - Configure permission middleware (View for logs, Manage for shell) - Register OpenAPI schemas for request/response types - Import necessary handlers and error types - Maintain consistent routing patterns with existing endpoints
- Add 7 tests for LogStreamingService covering error handling, timestamp parsing, buffer management, and service initialization - Add 8 tests for ShellService covering TTL enforcement, channel communication, session management, and error scenarios - Include Docker availability helper to gracefully skip tests in CI - Test real functionality rather than mocking - Ensure tests work in environments without Docker daemon
Remove references to stdout and stderr fields that were removed during the unified output system implementation in Phase 1
Document the completion of Phase 2 of the unified output system: - Bollard log streaming and shell services implemented - API endpoints created and integrated - Comprehensive tests added with CI support - All code properly committed with conventional commits Ready for Phase 3: CLI commands and frontend integration
…uto-merge-(patch) fix(deps): update dependency @tailwindcss/typography to v0.5.18
…uto-merge-(patch) chore(deps): update dependency svelte to v5.39.3
… app:logs command - Split monolithic apps.rs (339 lines) into focused modules: - list.rs: app listing and info functionality - lifecycle.rs: run, stop, rebuild, purge, destroy operations - management.rs: create and adopt functionality - actions.rs: custom action execution - logs.rs: new log viewing functionality - mod.rs: shared utilities and re-exports - Add comprehensive app:logs command with CLI options: - Support for historical and real-time log streaming - WebSocket integration for --follow functionality - Configurable lines, timestamps, since/until filters - Unified output formatting with stream indicators - Technical improvements: - Better code organization and maintainability - Clear separation of concerns - Foundation for future app:shell command - Maintained backward compatibility for all existing commands
…oved UX - Centralize authentication logic in auth_core module to eliminate duplication - Implement shared LogStreamingService in AppState for proper stream cleanup - Add proactive client disconnect cleanup to stop orphaned log streams - Improve log streaming performance and user experience: - Reduce idle timeout from 2s to 200ms for faster historical log completion - Remove duplicate completion messages for cleaner output - Default to no timestamps unless explicitly enabled with --timestamps flag - Add comprehensive WebSocket message-based authentication flow - Integrate log streaming endpoints with proper authorization checks - Add log-demo example app for testing and demonstration Breaking changes: - Log timestamps now default to disabled (use --timestamps to enable) - Removed HTTP-based log endpoints in favor of WebSocket streaming
Change --timestamps from Option<bool> to bool for cleaner UX: - Remove requirement to specify --timestamps=true/false - Simple flag behavior: present = enabled, absent = disabled - Follows standard CLI conventions like other flags (-f, --follow) - Maintains default behavior (timestamps disabled by default) Examples: - scottyctl app:logs myapp web -t # Enable timestamps - scottyctl app:logs myapp web # Disable timestamps (default) Breaking change: --timestamps=true/false syntax no longer supported
- Remove unimplemented --download option to avoid user confusion - Change --lines behavior to show all logs by default instead of limiting to 100 - Update server-side to use tail="all" when no line limit specified - Improve status messages to clearly indicate "all logs" vs specific line count Breaking changes: - --download option removed (was non-functional) - Default behavior now shows all available logs instead of last 100 lines - Use --lines <N> to explicitly limit output when needed Examples: - scottyctl app:logs myapp web # All available logs (new default) - scottyctl app:logs myapp web -n 100 # Last 100 lines (explicit limit)
- Mark all phases 1-3 as completed in unified output system PRD - Update CLAUDE.md with comprehensive Phase 3 accomplishments - Document CLI command examples and latest commit history - Update documentation to reflect current --lines and --timestamps behavior - Add implementation status showing core functionality ready for production The unified output system now provides: - Full WebSocket-based authenticated log streaming - Interactive shell access with proper authentication - Centralized auth system with proactive resource cleanup - Optimized UX with faster completion and cleaner output - Comprehensive test coverage and CI integration
- Change --timestamps to simple boolean flag (default: false) - Change --lines to optional parameter (default: show all logs) - Add is_terminal() method to UI for conditional formatting - Remove verbose true/false requirement for --timestamps flag - Fix server-side to default to "all" logs instead of limiting to 100 These changes improve the user experience by making the CLI more intuitive and following common Unix tool conventions.
|
Claude finished @stmh's task —— View job Pull Request Review: Better Logs and ShellI've completed a comprehensive review of this substantial feature implementation that adds unified output system with logs and shell functionality across 57 files. Review Tasks
✅ Overall Assessment: High Quality ImplementationThis PR implements a well-architected unified output system that addresses real problems with time-synchronized logging while adding significant new capabilities. The implementation demonstrates strong software engineering practices. 🎯 StrengthsArchitecture & Design
Docker Integration// scotty/src/docker/services/logs.rs:174-198
Security Implementation// scotty/src/api/auth_core.rs:16-52
CLI User Experience// scottyctl/src/commands/apps/logs.rs:287-299
🔍 Areas for Improvement1. Error Handling Enhancements// scotty/src/docker/services/logs.rs:356-369Issue: Docker connection failures could be more specific // Current
Err(e) => {
error!("Error reading logs for stream {}: {}", stream_id, e);
// Generic error sent to client
}
// Suggestion: Add specific error types
match e.kind() {
bollard::errors::ErrorKind::DockerResponseNotFoundError => {
// Container stopped/removed
},
bollard::errors::ErrorKind::DockerResponseTimeoutError => {
// Timeout - maybe retry
},
_ => // Generic handling
}2. Memory Management Edge Cases// scotty-core/src/output/unified_output.rs:122-129Issue: Line truncation could break multi-byte UTF-8 characters // Current - potential UTF-8 boundary issue
let truncated_content = if content.len() > self.limits.max_line_length {
format!("{}... [TRUNCATED]", &content[..self.limits.max_line_length - 15])
} else { content };
// Suggestion: Use char_indices() for safe UTF-8 truncation
let truncated_content = if content.chars().count() > max_chars {
let truncate_pos = content.char_indices()
.nth(max_chars - 15)
.map(|(pos, _)| pos)
.unwrap_or(content.len());
format!("{}... [TRUNCATED]", &content[..truncate_pos])
} else { content };3. Configuration Validation// scotty-core/src/settings/shell.rs:24-36Missing: Shell path validation could be stronger // Add validation method
impl ShellSettings {
pub fn validate(&self) -> Result<(), String> {
for shell in &self.allowed_shells {
if !std::path::Path::new(shell).exists() {
return Err(format!("Shell not found: {}", shell));
}
}
Ok(())
}
}4. Performance ConsiderationsLog Buffer Optimization (scotty/src/docker/services/logs.rs:123-157):
WebSocket Message Serialization:
🧪 Test Coverage AssessmentStrengths:
Areas to expand:
🔒 Security ReviewWell implemented:
Consider adding:
🚀 Performance & ScalabilityGood patterns:
Future considerations:
📝 Code QualityExcellent practices:
🔧 Minor Issues
✅ Recommendation: APPROVE with Minor ImprovementsThis is a high-quality implementation that significantly enhances Scotty's capabilities. The architecture is sound, security is well-handled, and the user experience is thoughtfully designed. The suggested improvements are minor and could be addressed in follow-up PRs. Key achievements:
The implementation follows the documented PRD closely and represents substantial value for users managing containerized applications. |
Implement complete WebSocket-based task output streaming to replace the removed stdout/stderr fields from TaskDetails. This creates a unified system where both Docker container logs and task outputs use the same infrastructure. - Add new WebSocket message types for task output streaming: - StartTaskOutputStream/StopTaskOutputStream for client subscription - TaskOutputData for streaming output lines with historical/live flags - TaskOutputStreamStarted/Ended for lifecycle management - Extend WebSocketClient with task subscription tracking: - Add HashSet to track subscribed task IDs per client - Implement subscribe/unsubscribe methods with proper cleanup - Integrate TaskManager with WebSocket broadcasting: - Real-time streaming of output lines as they're generated - Automatic notifications when tasks complete/fail - Proper cleanup of subscriptions when tasks expire - Add comprehensive permission checks and authentication for task streams - Support historical data replay when clients subscribe to existing tasks - Batch large outputs to prevent WebSocket message size issues This completes the backend implementation for the unified output system described in the PRD, enabling real-time task output streaming via WebSocket connections.
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Core migrations completed: - AppSettings.environment field → SecretHashMap - AppData.get_environment() → returns SecretHashMap - AppData.augment_environment() → works with SecretHashMap - resolve_environment_variables() → takes and returns SecretHashMap - SecureJson → uses SecretHashMap.to_masked_hashmap() - Added #[schema(value_type = HashMap)] for OpenAPI compatibility Remaining work: - Fix docker compose functions to use .expose_all() - Update load balancer implementations - Update validation functions - Fix remaining type mismatches (14 errors) Progress: scotty-core compiles ✅, scotty has 14 type mismatch errors
- Updated AppSettings.environment from HashMap to SecretHashMap - Modified all handlers to pass SecretHashMap through call chain - Secrets now exposed at latest possible moment (YAML generation, process execution) - Enhanced to_masked_hashmap to also mask URI credentials - Updated all tests to use SecretHashMap - Fixed validation to check keys without exposing secret values
chore(deps): update rust crate regex to v1.12.2
…monorepo chore(deps): update dependency typescript-eslint to v8.46.1
chore(deps): update dependency globals to v16.4.0
refactor: migrate environment variables to SecretHashMap
…auto-merge-(patch) chore(deps): update rust crate zeroize to v1.8.2
Merge changes from main branch that introduced secret handling (secrecy/zeroize) with authorization features (casbin/semver) from feat/better-logs-and-shell. Changes: - Add secrecy and zeroize dependencies alongside casbin and semver - Update environment handling to use SecretHashMap - Add serde_yml dependency for authorization config serialization - Fix clippy warning: use std::mem::take instead of drain().collect() - Format code with cargo fmt
Add #[allow(dead_code)] attributes to functions, methods, struct fields, and enum variants that are intentionally unused but may be needed in the future or are part of the public API.
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.3.7 to 6.4.1. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/[email protected]/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.4.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
…ntend/vite-6.4.1 chore(deps-dev): bump vite from 6.3.7 to 6.4.1 in /frontend
…lity chore(deps): update dependency vite to v6.4.1 [security]
chore(deps): update dependency svelte to v5.41.1
Service names from docker-compose can contain hyphens and periods (allowed characters: [a-zA-Z0-9\._\-]), but these are not valid in environment variable names which only allow [a-zA-Z0-9_]. This introduces a sanitize_env_var_name() utility function that replaces hyphens and periods with underscores and converts to uppercase. This ensures that autogenerated environment variables like SCOTTY__PUBLIC_URL__<SERVICE_NAME> are always valid. Fixes #509
…in-env-vars fix: sanitize service names in autogenerated environment variables
Add documentation for SCOTTY__APP_NAME and SCOTTY__PUBLIC_URL__<SERVICE_NAME> environment variables that are automatically injected when blueprint action scripts are executed. Include practical example showing usage in Drupal blueprint with drush uli command.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.