baqup_agent/

lib.rs

//! # baqup-agent
//!
//! SDK for building baqup backup agents in Rust.
//!
//! > ⚠️ **This is a placeholder crate.** Full implementation coming soon.
//!
//! ## What is baqup?
//!
//! [baqup](https://github.com/baqupio/baqup) is a container-native backup orchestration system.
//! Agents are stateless containers that perform backup and restore operations.
//!
//! This SDK provides everything needed to build a compliant baqup agent:
//!
//! - **Contract types** - `ExitCode`, `AgentState`, `LogLevel`
//! - **Structured logging** - JSON logs with required fields
//! - **Redis communication** - Bus client with filesystem fallback
//! - **Heartbeat management** - Background thread with intent signalling
//! - **Staging utilities** - Atomic writes, checksums, path validation
//! - **Secret handling** - Wrapper preventing accidental exposure
//!
//! ## Example (Preview API)
//!
//! ```rust
//! use baqup_agent::{ExitCode, AgentState, Secret};
//!
//! // Exit codes are already available
//! assert_eq!(ExitCode::Success as i32, 0);
//! assert_eq!(ExitCode::UsageConfigError as i32, 64);
//!
//! // Secret wrapper (available now)
//! let password = Secret::new("my-secret-password");
//! assert_eq!(format!("{}", password), "[REDACTED]");
//! assert_eq!(password.reveal(), "my-secret-password");
//! ```

use std::fmt;
use std::path::Path;
use thiserror::Error;

/// Crate version
pub const VERSION: &str = env!("CARGO_PKG_VERSION");

/// Exit codes from AGENT-CONTRACT-SPEC.md §5
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[repr(i32)]
pub enum ExitCode {
    /// Success
    Success = 0,
    /// General failure
    GeneralFailure = 1,
    /// Usage/config error
    UsageConfigError = 64,
    /// Data error
    DataError = 65,
    /// Resource unavailable
    ResourceUnavailable = 69,
    /// Internal error
    InternalError = 70,
    /// Can't create output
    CantCreateOutput = 73,
    /// I/O error
    IoError = 74,
    /// Completed but unreported
    CompletedUnreported = 75,
    /// Partial failure
    PartialFailure = 76,
}

impl From<ExitCode> for i32 {
    fn from(code: ExitCode) -> i32 {
        code as i32
    }
}

/// Agent lifecycle states from AGENT-CONTRACT-SPEC.md §1
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum AgentState {
    /// Config validation, bus connection, first heartbeat
    Initializing,
    /// Active work, heartbeats every N seconds
    Running,
    /// Writing final artifacts, checksums, status
    Completing,
    /// Exit 0, status reported
    Terminated,
    /// Exit non-zero, error reported if possible
    Failed,
}

impl fmt::Display for AgentState {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            AgentState::Initializing => write!(f, "initializing"),
            AgentState::Running => write!(f, "running"),
            AgentState::Completing => write!(f, "completing"),
            AgentState::Terminated => write!(f, "terminated"),
            AgentState::Failed => write!(f, "failed"),
        }
    }
}

/// Log levels from AGENT-CONTRACT-SPEC.md §6
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
#[repr(u8)]
pub enum LogLevel {
    Trace = 0,
    Debug = 1,
    Info = 2,
    Warn = 3,
    Error = 4,
    Fatal = 5,
}

/// Secret wrapper that prevents accidental exposure in logs.
///
/// From AGENT-CONTRACT-SPEC.md §7.
///
/// # Example
///
/// ```rust
/// use baqup_agent::Secret;
///
/// let password = Secret::new("my-secret");
/// assert_eq!(format!("{}", password), "[REDACTED]");
/// assert_eq!(password.reveal(), "my-secret");
/// ```
#[derive(Clone)]
pub struct Secret {
    value: String,
}

impl Secret {
    /// Create a new secret wrapper
    pub fn new(value: impl Into<String>) -> Self {
        Self {
            value: value.into(),
        }
    }

    /// Reveal the actual secret value
    pub fn reveal(&self) -> &str {
        &self.value
    }
}

impl fmt::Display for Secret {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "[REDACTED]")
    }
}

impl fmt::Debug for Secret {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "Secret([REDACTED])")
    }
}

/// A single backup artifact
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
pub struct Artifact {
    /// Filename of the artifact
    pub filename: String,
    /// Size in bytes
    pub size_bytes: u64,
    /// Checksum algorithm (e.g., "sha256")
    pub checksum_algorithm: String,
    /// Checksum value
    pub checksum_value: String,
    /// Compression algorithm (if any)
    #[serde(skip_serializing_if = "Option::is_none")]
    pub compression: Option<String>,
    /// Whether the artifact is encrypted
    #[serde(default)]
    pub encrypted: bool,
}

/// Backup manifest from AGENT-CONTRACT-SPEC.md §4
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
pub struct Manifest {
    /// Manifest version (e.g., "1.0")
    pub version: String,
    /// Job ID (UUID)
    pub job_id: String,
    /// Agent type (e.g., "agent-postgres")
    pub agent: String,
    /// Agent version
    pub agent_version: String,
    /// Role (snapshot, restore, etc.)
    pub role: String,
    /// Creation timestamp (ISO 8601)
    pub created_at: String,
    /// List of artifacts
    pub artifacts: Vec<Artifact>,
    /// Source metadata (optional)
    #[serde(skip_serializing_if = "Option::is_none")]
    pub source_metadata: Option<serde_json::Value>,
}

/// Agent SDK error types
#[derive(Error, Debug)]
pub enum AgentError {
    #[error("Placeholder: {0}")]
    Placeholder(String),

    #[error("Configuration error: {0}")]
    Config(String),

    #[error("Bus connection error: {0}")]
    Bus(String),

    #[error("IO error: {0}")]
    Io(#[from] std::io::Error),

    #[error("JSON error: {0}")]
    Json(#[from] serde_json::Error),

    #[error("Path traversal detected: {0}")]
    PathTraversal(String),
}

const PLACEHOLDER_MESSAGE: &str = concat!(
    "baqup-agent is currently a placeholder crate. ",
    "Full implementation coming soon. ",
    "See https://github.com/baqupio/baqup for updates."
);

/// Compute file checksum
///
/// # Arguments
///
/// * `path` - Path to the file
/// * `algorithm` - Hash algorithm (default: "sha256")
///
/// # Errors
///
/// Returns `AgentError::Placeholder` - this is a placeholder crate
pub fn compute_checksum(_path: &Path, _algorithm: &str) -> Result<String, AgentError> {
    Err(AgentError::Placeholder(PLACEHOLDER_MESSAGE.to_string()))
}

/// Validate path is within boundary (prevent traversal)
///
/// # Arguments
///
/// * `path` - Path to validate
/// * `boundary` - Allowed root directory
///
/// # Returns
///
/// `true` if path is within boundary, `false` otherwise
///
/// # Errors
///
/// Returns `AgentError::Placeholder` - this is a placeholder crate
pub fn validate_path(_path: &Path, _boundary: &Path) -> Result<bool, AgentError> {
    Err(AgentError::Placeholder(PLACEHOLDER_MESSAGE.to_string()))
}

/// Atomic write pattern: .staging/ -> parent
///
/// # Arguments
///
/// * `staging_dir` - Root staging directory
/// * `job_id` - Job identifier
///
/// # Errors
///
/// Returns `AgentError::Placeholder` - this is a placeholder crate
pub fn atomic_write(_staging_dir: &Path, _job_id: &str) -> Result<String, AgentError> {
    Err(AgentError::Placeholder(PLACEHOLDER_MESSAGE.to_string()))
}

/// Load configuration from schema
///
/// # Arguments
///
/// * `schema_path` - Path to the agent's JSON Schema file
///
/// # Errors
///
/// Returns `AgentError::Placeholder` - this is a placeholder crate
pub fn load_config(
    _schema_path: &str,
) -> Result<std::collections::HashMap<String, serde_json::Value>, AgentError> {
    Err(AgentError::Placeholder(PLACEHOLDER_MESSAGE.to_string()))
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_exit_codes() {
        assert_eq!(ExitCode::Success as i32, 0);
        assert_eq!(ExitCode::GeneralFailure as i32, 1);
        assert_eq!(ExitCode::UsageConfigError as i32, 64);
        assert_eq!(ExitCode::DataError as i32, 65);
        assert_eq!(ExitCode::ResourceUnavailable as i32, 69);
        assert_eq!(ExitCode::InternalError as i32, 70);
        assert_eq!(ExitCode::CantCreateOutput as i32, 73);
        assert_eq!(ExitCode::IoError as i32, 74);
        assert_eq!(ExitCode::CompletedUnreported as i32, 75);
        assert_eq!(ExitCode::PartialFailure as i32, 76);
    }

    #[test]
    fn test_agent_state_display() {
        assert_eq!(AgentState::Initializing.to_string(), "initializing");
        assert_eq!(AgentState::Running.to_string(), "running");
        assert_eq!(AgentState::Completing.to_string(), "completing");
        assert_eq!(AgentState::Terminated.to_string(), "terminated");
        assert_eq!(AgentState::Failed.to_string(), "failed");
    }

    #[test]
    fn test_secret_redaction() {
        let secret = Secret::new("my-password");
        assert_eq!(format!("{}", secret), "[REDACTED]");
        assert_eq!(format!("{:?}", secret), "Secret([REDACTED])");
        assert_eq!(secret.reveal(), "my-password");
    }

    #[test]
    fn test_log_level_ordering() {
        assert!(LogLevel::Trace < LogLevel::Debug);
        assert!(LogLevel::Debug < LogLevel::Info);
        assert!(LogLevel::Info < LogLevel::Warn);
        assert!(LogLevel::Warn < LogLevel::Error);
        assert!(LogLevel::Error < LogLevel::Fatal);
    }
}