feat(offload): finalize high-performance architecture with fast-path SSH and worktrees

2026-05-03 08:24:10 -07:00 · 2026-03-14 09:23:40 -07:00
parent b13fe22582
commit 7ee56e7cfd
5 changed files with 159 additions and 118 deletions
@@ -1,11 +1,12 @@
 /**
 * Universal Offload Onboarding (Local)
 * 
- * Configures the GCP Project and Fleet defaults.
+ * Configures the GCP Project and performs one-time initialization of the worker.
 */
 import { spawnSync } from 'child_process';
 import path from 'path';
 import fs from 'fs';
+import os from 'os';
 import { fileURLToPath } from 'url';
 import readline from 'readline';

@@ -33,32 +34,115 @@ async function confirm(question: string): Promise<boolean> {
 }

 export async function runSetup(env: NodeJS.ProcessEnv = process.env) {
-  console.log('\n🌟 Initializing GCE Offload Fleet Settings...');
+  console.log('\n🌟 Initializing Dedicated Offload Worker...');

  const projectId = await prompt('GCP Project ID', 'gemini-cli-team-quota');
  const zone = await prompt('Compute Zone', 'us-west1-a');
-  const machineType = await prompt('Machine Type', 'n2-standard-8');
+  const targetVM = `gcli-offload-${env.USER || 'mattkorwel'}`;

-  console.log(`🔍 Verifying project access for ${projectId}...`);
-  const projectCheck = spawnSync('gcloud', ['projects', 'describe', projectId], { stdio: 'pipe' });
-  if (projectCheck.status !== 0) {
-    console.error(`❌ Access denied to project: ${projectId}. Ensure you are logged in via gcloud.`);
+  console.log(`🔍 Verifying access and finding worker ${targetVM}...`);
+  const statusCheck = spawnSync(`gcloud compute instances describe ${targetVM} --project ${projectId} --zone ${zone} --format="json(status,networkInterfaces[0].accessConfigs[0].natIP)"`, { shell: true });
+  
+  let instanceData: any;
+  try {
+    instanceData = JSON.parse(statusCheck.stdout.toString());
+  } catch (e) {
+    console.error(`❌ Worker ${targetVM} not found. Run "npm run offload:fleet provision" first.`);
    return 1;
  }

-  // Identity Synchronization Onboarding
-  console.log('\n🔐 Identity & Authentication:');
-  const homeDir = env.HOME || '';
-  const localAuth = path.join(homeDir, '.gemini/google_accounts.json');
-  const hasAuth = fs.existsSync(localAuth);
+  const status = instanceData.status;
+  const publicIp = instanceData.networkInterfaces[0].accessConfigs[0].natIP;

-  let syncAuth = false;
-  if (hasAuth) {
-    console.log(`  🔍 Found local Gemini CLI credentials.`);
-    syncAuth = await confirm('  Would you like to automatically sync your local credentials to new fleet workers for seamless authentication?');
+  if (status !== 'RUNNING') {
+    console.log(`⚠️ Worker is ${status}. Starting it for initialization...`);
+    spawnSync(`gcloud compute instances start ${targetVM} --project ${projectId} --zone ${zone}`, { shell: true, stdio: 'inherit' });
  }

-  const terminalType = await prompt('\nTerminal Automation (iterm2 / terminal / none)', 'iterm2');
+  // 1. Configure Fast-Path SSH Alias
+  console.log(`\n🚀 Configuring Fast-Path SSH Alias...`);
+  const sshAlias = 'gcli-worker';
+  const sshConfigPath = path.join(os.homedir(), '.ssh/config');
+  const sshEntry = `
+Host ${sshAlias}
+    HostName ${publicIp}
+    IdentityFile ~/.ssh/google_compute_engine
+    User ${env.USER || 'mattkorwel'}_google_com
+    CheckHostIP no
+    StrictHostKeyChecking no
+`;
+
+  let currentConfig = '';
+  if (fs.existsSync(sshConfigPath)) currentConfig = fs.readFileSync(sshConfigPath, 'utf8');
+
+  if (!currentConfig.includes(`Host ${sshAlias}`)) {
+    fs.appendFileSync(sshConfigPath, sshEntry);
+    console.log(`   ✅ Added '${sshAlias}' alias to ~/.ssh/config`);
+  } else {
+    console.log(`   ℹ️  '${sshAlias}' alias already exists in ~/.ssh/config`);
+  }
+
+  // 1. Configure Fast-Path SSH Alias
+  // ... (unchanged)
+
+  // Use the alias for remaining setup steps
+  const remoteHost = sshAlias;
+  const remoteHome = spawnSync(`ssh ${remoteHost} "pwd"`, { shell: true }).stdout.toString().trim();
+  const remoteWorkDir = `${remoteHome}/dev/main`;
+  const persistentScripts = `${remoteHome}/.offload/scripts`;
+
+  console.log(`\n📦 Performing One-Time Synchronization...`);
+  spawnSync(`ssh ${remoteHost} "mkdir -p ${remoteWorkDir} ${remoteHome}/.gemini/policies ${persistentScripts}"`, { shell: true });
+
+  // Sync offload scripts to persistent location
+  console.log('   - Pushing offload logic to persistent worker directory...');
+  spawnSync(`rsync -avz --delete .gemini/skills/offload/scripts/ ${remoteHost}:${persistentScripts}/`, { shell: true });
+  spawnSync(`rsync -avz .gemini/skills/offload/policy.toml ${remoteHost}:${remoteHome}/.gemini/policies/offload-policy.toml`, { shell: true });
+
+  // 3. Sync Auth (Gemini)
+  if (await confirm('Sync Gemini accounts credentials?')) {
+    const homeDir = env.HOME || '';
+    const lp = path.join(homeDir, '.gemini/google_accounts.json');
+    if (fs.existsSync(lp)) {
+      console.log(`   - Syncing .gemini/google_accounts.json...`);
+      spawnSync(`rsync -avz ${lp} ${remoteHost}:${remoteHome}/.gemini/google_accounts.json`, { shell: true });
+    }
+  }
+
+  // 4. Remote GitHub Login
+  if (await confirm('Authenticate GitHub CLI on the worker?')) {
+    console.log('\n🔐 Performing non-interactive GitHub CLI authentication on worker...');
+    const localToken = spawnSync('gh', ['auth', 'token'], { stdio: 'pipe' }).stdout.toString().trim();
+    if (!localToken) {
+      console.error('❌ Could not find local GitHub token. Please log in locally first with "gh auth login".');
+      return 1;
+    }
+
+    // Pipe the local token to the remote worker's gh auth login
+    const loginCmd = `gh auth login --with-token --insecure-storage`;
+    const result = spawnSync(`echo ${localToken} | ssh ${remoteHost} ${JSON.stringify(loginCmd)}`, { shell: true, stdio: 'inherit' });
+    
+    if (result.status === 0) {
+      console.log('✅ GitHub CLI authenticated successfully on worker.');
+      // Set git protocol to https by default for simplicity
+      spawnSync(`ssh ${remoteHost} "gh config set git_protocol https"`, { shell: true });
+    } else {
+      console.error('❌ GitHub CLI authentication failed on worker.');
+    }
+  }
+
+  // 5. Global Tooling & Clone
+  if (await confirm('Configure global tools (tsx, vitest) and clone repository?')) {
+    console.log('🚀 Installing global developer tools...');
+    spawnSync(`ssh ${remoteHost} "sudo npm install -g tsx vitest"`, { shell: true, stdio: 'inherit' });
+
+    console.log('🚀 Cloning repository (blob-less) on worker...');
+    const repoUrl = 'https://github.com/google-gemini/gemini-cli.git';
+    const cloneCmd = `[ -d ${remoteWorkDir}/.git ] || git clone --filter=blob:none ${repoUrl} ${remoteWorkDir}`;
+    spawnSync(`ssh ${remoteHost} ${JSON.stringify(cloneCmd)}`, { shell: true, stdio: 'inherit' });
+    
+    // We skip the full npm install here as requested; per-worktree builds will handle it if needed.
+  }

  // Save Settings
  const settingsPath = path.join(REPO_ROOT, '.gemini/settings.json');
@@ -70,18 +154,14 @@ export async function runSetup(env: NodeJS.ProcessEnv = process.env) {
  settings.maintainer.deepReview = { 
    projectId, 
    zone, 
-    machineType, 
-    terminalType, 
-    syncAuth,
-    setupType: 'isolated',
-    geminiSetup: 'isolated',
-    ghSetup: 'isolated'
+    remoteHost,
+    remoteHome,
+    remoteWorkDir,
+    terminalType: 'iterm2'
  };
-  fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
  
-  console.log('\n✅ GCE Fleet Onboarding complete! Settings saved to .gemini/settings.json');
-  console.log(`👉 Use 'npm run offload:fleet provision' to spin up your first worker.`);
+  console.log('\n✅ Initialization complete! Your dedicated worker is ready via fast-path SSH.');
  return 0;
 }