front/launcher: drop duplicate date/server headers, broker route logging, robust file log

frontproxy:
- _DROP_RESP now drops date/server when relaying engine responses. The front's
  own ASGI server adds Date/Server, so keeping the engine's too produced DUPLICATE
  header lines — which nginx logged as a warning on every request, flooding the
  terminal. Now each appears once.
- Brokered route logs the engine's actual status/bytes/preview (or "NO ENGINE ->
  503") so a brokered request that "doesn't get executed" (instant tiny reply) is
  diagnosable from the log.

coderai-oci:
- Use the host-tailable file log only when it's actually writable. When the
  container runs as --user but the log dir/file was created by an earlier root
  run, it's root-owned; tee then spammed "Permission denied" and the file stayed
  empty. Now we detect that and log to stdout only with a clear note.
Co-Authored-By: 's avatarClaude Opus 4.8 <noreply@anthropic.com>
parent 293fb57f
......@@ -37,7 +37,11 @@ _HOP_BY_HOP = {
# Also strip any client-supplied internal token so a caller can't spoof/override the
# real one the front injects — only the front's httpx default header reaches engines.
_DROP_REQ = _HOP_BY_HOP | {"host", "content-length", "x-coderai-internal"}
_DROP_RESP = _HOP_BY_HOP | {"content-length"}
# Also drop date/server from relayed engine responses: the front's own ASGI server
# (uvicorn/starlette) adds its own Date and Server headers, so keeping the engine's
# too produces DUPLICATE header lines — which nginx logs as a warning on every
# request, flooding the terminal. Strip them here so each appears exactly once.
_DROP_RESP = _HOP_BY_HOP | {"content-length", "date", "server"}
class FrontProxy:
......@@ -203,6 +207,10 @@ class FrontProxy:
default_engine=self.default_engine, pinned=self._pin_for(model),
pin_fallback=bool(self._model_info(model).get("engine_fallback")))
if engine is None:
print("[front] broker route: NO ENGINE for path=%s model=%r "
"(required_cap=%r pin=%r) — returning 503"
% (path, model, self._required_cap(path, model), self._pin_for(model)),
flush=True)
return {"status_code": 503, "headers": {"content-type": "application/json"},
"body": b'{"error":"No engine is ready yet."}'}
send_headers = {k: v for k, v in (headers or {}).items()
......@@ -212,10 +220,17 @@ class FrontProxy:
headers=send_headers, params=query or {},
content=body or b"")
except Exception as exc:
print("[front] broker route: engine#%s (%s) unreachable for %s: %s"
% (engine.id, engine.name, path, exc), flush=True)
return {"status_code": 502,
"headers": {"content-type": "application/json"},
"body": ('{"error":"engine#%s unreachable: %s"}'
% (engine.id, exc)).encode()}
# Surface the engine's actual reply so a brokered request that "doesn't get
# executed" (e.g. an instant small error body) is diagnosable from the log.
print("[front] broker route: %s %s -> engine#%s(%s) status=%s bytes=%d preview=%r"
% (method, path, engine.id, engine.name, r.status_code,
len(r.content), r.content[:200]), flush=True)
return {"status_code": r.status_code, "headers": dict(r.headers),
"body": r.content}
......
......@@ -93,9 +93,20 @@ CODERAI_BIN="/opt/coderai/python/bin/python3 /opt/coderai/app/coderai"
# torn down together on stop.)
if [ -n "${CODERAI_LOG_FILE:-}" ]; then
mkdir -p "$(dirname "$CODERAI_LOG_FILE")" 2>/dev/null || true
echo "[coderai-oci] debug='${CODERAI_DEBUG:-off}' → logging to $CODERAI_LOG_FILE" >&2
# shellcheck disable=SC2086
exec $CODERAI_BIN "$@" $DEBUG_ARGS ${CODERAI_EXTRA_ARGS:-} 2>&1 | tee -a "$CODERAI_LOG_FILE"
# Only use the file log if we can actually write it. When the container runs as
# --user but the log dir/file was created by an earlier ROOT run, it's root-owned
# and not writable — previously `tee` then spammed "Permission denied" and the
# file stayed empty. Detect that and fall back to plain stdout with a clear note,
# so output is never lost and the terminal isn't polluted by tee errors.
if ( : >> "$CODERAI_LOG_FILE" ) 2>/dev/null; then
echo "[coderai-oci] debug='${CODERAI_DEBUG:-off}' → logging to $CODERAI_LOG_FILE" >&2
# shellcheck disable=SC2086
exec $CODERAI_BIN "$@" $DEBUG_ARGS ${CODERAI_EXTRA_ARGS:-} 2>&1 | tee -a "$CODERAI_LOG_FILE"
else
echo "[coderai-oci] WARNING: cannot write $CODERAI_LOG_FILE (not writable by uid $(id -u)) —" >&2
echo "[coderai-oci] logging to stdout only. Fix: remove the root-owned path on the host," >&2
echo "[coderai-oci] e.g. 'sudo rm -rf <cache>/logs', or run without --user." >&2
fi
fi
# shellcheck disable=SC2086
exec $CODERAI_BIN "$@" $DEBUG_ARGS ${CODERAI_EXTRA_ARGS:-}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment