aa-cli 0.0.1-beta.3

aasm — command-line tool for Agent Assembly
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

//! `aasm policy get` — display the currently active (or a specific) policy.

use std::process::ExitCode;

use aa_gateway::policy::history::{FsHistoryStore, HistoryConfig, PolicyHistoryStore};
use clap::Args;
use serde::Deserialize;

use crate::config::ResolvedContext;

/// Arguments for `aasm policy get`.
#[derive(Args)]
pub struct GetArgs {
    /// Version identifier (SHA-256 prefix) to retrieve.
    /// Shows the currently active policy when omitted.
    #[arg(long)]
    pub version: Option<String>,
}

/// Response from `GET /api/v1/policies/active`. Only the YAML is consumed here.
#[derive(Debug, Deserialize)]
struct ActivePolicyResponse {
    /// Raw YAML content of the currently active governance policy.
    policy_yaml: String,
}

/// Execute the `aasm policy get` command.
///
/// When `--version` is provided, retrieves that specific policy version from
/// the local version-history store. Otherwise, resolves the currently active
/// policy from the gateway (the same source `apply` and `list` use), so a
/// policy that was just applied is found instead of reporting "no versions".
pub fn run(args: GetArgs, ctx: &ResolvedContext) -> ExitCode {
    let rt = tokio::runtime::Runtime::new().expect("failed to create tokio runtime");
    rt.block_on(async {
        match args.version {
            Some(version) => get_by_version(&version, HistoryConfig::default_config()).await,
            None => get_active(ctx).await,
        }
    })
}

/// Resolve the currently active policy from the gateway and print its YAML.
async fn get_active(ctx: &ResolvedContext) -> ExitCode {
    match crate::client::get_json::<ActivePolicyResponse>(ctx, "/api/v1/policies/active").await {
        Ok(resp) => {
            print!("{}", resp.policy_yaml);
            ExitCode::SUCCESS
        }
        Err(e) => {
            eprintln!("error: {e}");
            ExitCode::FAILURE
        }
    }
}

/// Retrieve a specific policy version from the local history store.
async fn get_by_version(version: &str, config: HistoryConfig) -> ExitCode {
    let store = FsHistoryStore::new(config);
    match store.get(version).await {
        Ok(snapshot) => {
            print!("{}", snapshot.yaml_content);
            ExitCode::SUCCESS
        }
        Err(e) => {
            eprintln!("error: {e}");
            ExitCode::FAILURE
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    fn test_config(dir: &std::path::Path) -> HistoryConfig {
        HistoryConfig {
            history_dir: dir.join("policy-history"),
            max_versions: 100,
        }
    }

    #[test]
    fn get_by_version_after_save_exits_success() {
        let tmp = tempfile::tempdir().unwrap();
        let config = test_config(tmp.path());

        let rt = tokio::runtime::Runtime::new().unwrap();
        let store = FsHistoryStore::new(config.clone());
        let yaml = "tier: low\nrules:\n  - id: r1\n    description: test\n    match:\n      actions: [\"*\"]\n    effect: allow\n    audit: true\n";
        let meta = rt.block_on(store.save(yaml, Some("test"))).unwrap();

        let exit = rt.block_on(get_by_version(&meta.sha256[..12], config));
        assert_eq!(exit, ExitCode::SUCCESS);
    }

    #[test]
    fn get_unknown_version_exits_failure() {
        let tmp = tempfile::tempdir().unwrap();
        let config = test_config(tmp.path());
        let rt = tokio::runtime::Runtime::new().unwrap();
        let exit = rt.block_on(get_by_version("nonexistent123", config));
        assert_eq!(exit, ExitCode::FAILURE);
    }
}