( target: ServerTarget, )
| 796 | }); |
| 797 | |
| 798 | const resolveExecutorServerConnection = ( |
| 799 | target: ServerTarget, |
| 800 | ): Effect.Effect<ExecutorServerConnection, Error, FileSystem.FileSystem | PlatformPath.Path> => |
| 801 | Effect.gen(function* () { |
| 802 | const requestedResult = yield* resolveRequestedExecutorServerConnection(target); |
| 803 | const active = yield* readActiveLocalServerManifest(); |
| 804 | const decision = chooseCliServerConnectionWithActiveLocal({ |
| 805 | requested: requestedResult.connection, |
| 806 | source: requestedResult.source, |
| 807 | active, |
| 808 | }); |
| 809 | |
| 810 | if (decision.kind === "conflict") { |
| 811 | return yield* Effect.fail( |
| 812 | new Error( |
| 813 | [ |
| 814 | `A local Executor ${decision.active.kind} is already running at ${decision.active.connection.origin} (pid ${decision.active.pid}).`, |
| 815 | `It owns the current data directory: ${decision.active.dataDir}`, |
| 816 | "Refusing to auto-start another local server against the same database.", |
| 817 | `Use the active server, or stop it before starting ${cliPrefix} daemon run.`, |
| 818 | ].join("\n"), |
| 819 | ), |
| 820 | ); |
| 821 | } |
| 822 | |
| 823 | const requested = yield* refreshOAuthConnection(decision.connection); |
| 824 | if (decision.kind === "use-active") return requested; |
| 825 | |
| 826 | if (!canAutoStartCliServerConnection(requested)) { |
| 827 | // An authenticated remote connection (oauth device-login, bearer key, or |
| 828 | // basic password): use it directly. The /api/health liveness probe is only |
| 829 | // a gate for the local auto-start decision and isn't necessarily exposed |
| 830 | // by hosted servers, the real API call surfaces any connectivity/auth |
| 831 | // error with proper context. |
| 832 | if (requested.auth) return requested; |
| 833 | if (yield* isServerReachable(requested.origin)) { |
| 834 | return requested; |
| 835 | } |
| 836 | return yield* Effect.fail( |
| 837 | new Error( |
| 838 | [ |
| 839 | `Executor server is not reachable at ${requested.origin}.`, |
| 840 | "For hosted Executor, set EXECUTOR_API_KEY to a bearer API key.", |
| 841 | "For local or desktop servers, set EXECUTOR_AUTH_TOKEN to the server's bearer token.", |
| 842 | ].join("\n"), |
| 843 | ), |
| 844 | ); |
| 845 | } |
| 846 | |
| 847 | const daemonUrl = yield* ensureDaemon(requested.origin); |
| 848 | // The daemon we just ensured published a manifest carrying its bearer token |
| 849 | // (minted into auth.json). Prefer that authed connection — otherwise the |
| 850 | // next API call hits the now-gated server with no credential and 401s. |
| 851 | const started = yield* readActiveLocalServerManifest().pipe(Effect.orElseSucceed(() => null)); |
| 852 | const daemonOrigin = normalizeExecutorServerConnection({ origin: daemonUrl }).origin; |
| 853 | const startedOrigin = started |
| 854 | ? normalizeExecutorServerConnection({ origin: started.connection.origin }).origin |
| 855 | : null; |
no test coverage detected