Refactoring Opportunity
Summary
- File:
src/compose-generator.ts
- Current size: 1,651 lines
- Responsibilities identified: 6+ distinct container service configurations crammed into one function
Evidence
generateDockerCompose() (lines 105–1627) is a single ~1,520-line function that builds Docker Compose configs for all six services:
- Squid proxy service — volume construction, healthcheck, env vars, SSL volumes
- Agent service — bind mounts (system dirs, home dirs, workspace), UID/GID mapping, env vars
- iptables-init container — network namespace sharing, seccomp profile
- API proxy sidecar — token injection, port mappings, health probe, env vars
- DNS-over-HTTPS proxy sidecar — DoH proxy config and volumes
- CLI proxy sidecar — external DIFC proxy configuration
The function also handles:
- Network subnet allocation (
getExistingDockerSubnets, _generateRandomSubnet)
- Image source selection (GHCR vs local build)
- Log path resolution for 4 different log destinations
- SSL/TLS configuration injection
grep -n "^export\s" src/compose-generator.ts
# 105: export function generateDockerCompose( ← starts here
# 1633: export function redactDockerComposeSecrets( ← only other export
Proposed Split
src/compose-generator.ts (1,651 lines) could be split into:
src/services/squid-service.ts — Squid proxy service builder, SSL volumes (~150 lines)src/services/agent-service.ts — Agent container + iptables-init, bind mounts, env vars (~450 lines)src/services/api-proxy-service.ts — API proxy sidecar service builder (~200 lines)src/services/doh-proxy-service.ts — DNS-over-HTTPS proxy sidecar (~100 lines)src/services/cli-proxy-service.ts — CLI proxy sidecar (~100 lines)src/network-allocator.ts — Subnet allocation helpers (~70 lines)src/compose-generator.ts — Orchestration facade, assembles services into final compose config (~200 lines)
Affected Callers
grep -rn "from.*compose-generator\|require.*compose-generator" src/ 2>/dev/null
Likely: src/cli-workflow.ts, src/container-lifecycle.ts, test files.
Effort Estimate
Medium — function boundaries are clear but the internal variable dependencies need careful untangling.
Benefits
- Each service builder can be read, reviewed, and tested independently
- Security-critical agent bind mount logic is isolated from unrelated service configs
- Enables focused unit tests per service type (currently 3,525-line composite test)
- Reduces merge conflict surface area on a frequently-changed file
Detected by Refactoring Scanner workflow. Run date: 2026-05-05
Generated by Refactoring Opportunity Scanner · ● 350.4K · ◷
Refactoring Opportunity
Summary
src/compose-generator.tsEvidence
generateDockerCompose()(lines 105–1627) is a single ~1,520-line function that builds Docker Compose configs for all six services:The function also handles:
getExistingDockerSubnets,_generateRandomSubnet)Proposed Split
src/compose-generator.ts(1,651 lines) could be split into:src/services/squid-service.ts— Squid proxy service builder, SSL volumes (~150 lines)src/services/agent-service.ts— Agent container + iptables-init, bind mounts, env vars (~450 lines)src/services/api-proxy-service.ts— API proxy sidecar service builder (~200 lines)src/services/doh-proxy-service.ts— DNS-over-HTTPS proxy sidecar (~100 lines)src/services/cli-proxy-service.ts— CLI proxy sidecar (~100 lines)src/network-allocator.ts— Subnet allocation helpers (~70 lines)src/compose-generator.ts— Orchestration facade, assembles services into final compose config (~200 lines)Affected Callers
Likely:
src/cli-workflow.ts,src/container-lifecycle.ts, test files.Effort Estimate
Medium — function boundaries are clear but the internal variable dependencies need careful untangling.
Benefits
Detected by Refactoring Scanner workflow. Run date: 2026-05-05