Skip to content

feat(doctor): actionable, Fedora-safe doctor + install-time run (bd openlock-lvc.3)#52

Merged
vessux merged 7 commits into
mainfrom
feat/actionable-doctor
May 30, 2026
Merged

feat(doctor): actionable, Fedora-safe doctor + install-time run (bd openlock-lvc.3)#52
vessux merged 7 commits into
mainfrom
feat/actionable-doctor

Conversation

@vessux
Copy link
Copy Markdown
Owner

@vessux vessux commented May 30, 2026

Summary

First slice of the onboarding golden-path epic (bd openlock-lvc): make openlock doctor actually help cold installs.

  • Fix Fedora false-negative (root cause). Detect commands via Bun.which (direct PATH search) instead of shelling out to which, which Fedora 43 doesn't ship. Extracted one shared commandExists, replacing four duplicated buggy copies — doctor, the runtime probe, the fzf picker, and the openshell cred-refresh lookup. The runtime-probe copy was the worst: on Fedora it made auto-detection fail and launched the interactive picker even when podman worked.
  • Actionable output. Every failed check now prints an exact fix: command (e.g. podman machine start, systemctl --user enable --now podman.socket, openlock login). Platform-aware install hints (brew on Mac / apt on Linux; docker → official docs URL, since apt install docker installs the wrong package).
  • Non-interactive runtime resolution. Doctor never launches the interactive runtime picker (safe under curl | sh); emits a container runtime (podman/docker) failure with an install hint when neither is found. New resolveRuntimeNonInteractive() in runtime.ts.
  • Install-time. install.sh runs openlock doctor at the end (full path, || true so set -euo pipefail can't abort the install).
  • Consistency fix. credentialsPath() now honors XDG_CONFIG_HOME, matching globalConfigPath().

Out of scope (deferred per design): doctor --fix auto-remediation, --json, severity tiers, /etc/os-release parsing.

⚠️ Release note (for the release PR to aggregate)

credentialsPath() now respects XDG_CONFIG_HOME (previously always ~/.config). Users with a custom XDG_CONFIG_HOME may appear logged out after upgrade and need to re-run openlock login (or move ~/.config/openlock/credentials.json$XDG_CONFIG_HOME/openlock/). No effect when XDG_CONFIG_HOME is unset (the common case) — and it aligns credentials with where the global config already lived.

Test plan

  • Unit: 597 pass / 8 skip / 0 fail. lint, typecheck, knip all green.
  • Manual (Mac): openlock doctor → all checks pass, exit 0. Forced-failure run (XDG_CONFIG_HOME=<empty> OPENLOCK_RUNTIME=docker) → fix: lines render under the failing docker-daemon and credentials checks, exit 1 preserved.
  • Not automated: install.sh runtime behavior — covered only by bash -n here; needs a Mac/Lima install smoke before/after release.

Closes bd openlock-lvc.3.

@vessux vessux mentioned this pull request May 30, 2026
Merged
vessux added 6 commits May 30, 2026 15:51
@vessux
fix(doctor): detect commands via Bun.which, not \which\ (Fedora fal…
ee722a7 
…se-negative)
@vessux
feat(doctor): add fix field to checks + installHint helper
a11f296
@vessux
feat(runtime): add resolveRuntimeNonInteractive (no wizard prompt)
c6874cd
@vessux
feat(doctor): per-check fix commands + non-interactive runtime resolu…
c4c0532 
…tion

runDoctorChecks now accepts null to skip interactive runtime detection
(safe for curl-pipe installs), emitting a "container runtime (podman/docker)"
failure with install hint. Each check carries a fix string printed under
failed items. credentialsPath respects XDG_CONFIG_HOME for test isolation.
@vessux
feat(install): run openlock doctor at end of install.sh
363012e
@vessux
fix(doctor): actionable fix hint for invalid global config
35fa0b2
@vessux vessux force-pushed the feat/actionable-doctor branch from a81440d to 35fa0b2 Compare May 30, 2026 13:52
@vessux vessux merged commit a597c57 into main May 30, 2026
5 checks passed
@vessux vessux deleted the feat/actionable-doctor branch May 30, 2026 14:08
@vessux vessux mentioned this pull request May 30, 2026
Merged
vessux added a commit that referenced this pull request May 30, 2026
@vessux
test(integration): harden post-create exec test vs echo-proxy bring-u…
c9e3e1c 
…p race (bd openlock-eh8) (#55)

post-create-exec-proxy.test.ts was the one echo-mode integration test still on
bare `curl -sf`, missing the `--retry 5 --retry-all-errors` hardening its
siblings (harness-cred-inject, openrouter-opencode-cred-inject) received in #38.
That gap is why it became the recurring exit-56 flake locus on #52/#53/#54.

exit 56 = curl CURLE_RECV_ERROR from the in-container echo proxy on first
egress, relayed faithfully through ssh (ssh's own transport failures are 255,
never 56) — NOT an ssh transport drop as previously suspected. `curl -s` was
muting curl's error, which presented as "empty stdout/stderr".

- add `--retry 5 --retry-all-errors --retry-delay 1` to the post-create exec test
- switch all three flaking tests `-sf` -> `-sSf` so a retries-exhausted failure
  surfaces curl's real error instead of being silently muted

bd openlock-eh8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vessux