anamnesis-core 0.1.0

Core domain types and adapter trait for Anamnesis
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

//! Append-only audit log — see `BLUEPRINT.md §7`.
//!
//! Records every privileged action (import, search, export, serve) as a
//! JSON Lines record under `$DATA_DIR/audit.log`. No rotation in Phase 1;
//! ops can `tail -f` or `jq` directly.

use std::io::Write;
use std::path::{Path, PathBuf};

use chrono::Utc;
use serde::{Deserialize, Serialize};

/// Audit log handle. Cheap to construct.
#[derive(Debug, Clone)]
pub struct Audit {
    log_path: PathBuf,
}

impl Audit {
    /// Build an audit logger that appends to `data_dir/audit.log`.
    /// Creates the parent dir lazily on the first write.
    pub fn new(data_dir: &Path) -> Self {
        Self {
            log_path: data_dir.join("audit.log"),
        }
    }

    /// Path to the log file.
    pub fn path(&self) -> &Path {
        &self.log_path
    }

    /// Append one entry. Best-effort: failures are logged at warn level
    /// but never propagated — the user's command must succeed even if
    /// the audit log can't be written.
    pub fn record(&self, entry: AuditEntry) {
        if let Err(e) = self.try_record(&entry) {
            tracing::warn!(
                error = %e,
                path = %self.log_path.display(),
                action = %entry.action,
                "audit log write failed (ignored)"
            );
        }
    }

    fn try_record(&self, entry: &AuditEntry) -> std::io::Result<()> {
        if let Some(parent) = self.log_path.parent() {
            std::fs::create_dir_all(parent)?;
        }
        let line = serde_json::to_string(entry).unwrap_or_else(|_| "{}".into());
        let mut file = std::fs::OpenOptions::new()
            .create(true)
            .append(true)
            .open(&self.log_path)?;
        writeln!(file, "{line}")?;
        Ok(())
    }
}

/// One audit log entry.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct AuditEntry {
    /// ISO-8601 UTC timestamp.
    pub timestamp: chrono::DateTime<Utc>,
    /// Action name (`"import"`, `"search"`, `"export"`, `"serve.start"`, …).
    pub action: String,
    /// Free-form detail object — keep it small and structured.
    pub detail: serde_json::Value,
}

impl AuditEntry {
    /// Convenience: build an entry stamped with `now()`.
    pub fn new(action: impl Into<String>, detail: serde_json::Value) -> Self {
        Self {
            timestamp: Utc::now(),
            action: action.into(),
            detail,
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use serde_json::json;
    use std::sync::atomic::{AtomicU64, Ordering};

    static AUDIT_TMP_NONCE: AtomicU64 = AtomicU64::new(0);

    fn tmp_dir() -> PathBuf {
        let nonce = std::time::SystemTime::now()
            .duration_since(std::time::UNIX_EPOCH)
            .unwrap()
            .as_nanos();
        let seq = AUDIT_TMP_NONCE.fetch_add(1, Ordering::Relaxed);
        let p = std::env::temp_dir().join(format!(
            "anamnesis-audit-{nonce}-{pid}-{seq}",
            pid = std::process::id()
        ));
        std::fs::create_dir_all(&p).unwrap();
        p
    }

    #[test]
    fn writes_one_jsonl_per_record() {
        let dir = tmp_dir();
        let audit = Audit::new(&dir);
        audit.record(AuditEntry::new(
            "import",
            json!({"adapter": "claude-code", "records": 12}),
        ));
        audit.record(AuditEntry::new(
            "search",
            json!({"query": "vim", "hits": 3}),
        ));
        let body = std::fs::read_to_string(audit.path()).unwrap();
        let lines: Vec<&str> = body.lines().collect();
        assert_eq!(lines.len(), 2);
        let first: AuditEntry = serde_json::from_str(lines[0]).unwrap();
        assert_eq!(first.action, "import");
        assert_eq!(first.detail["adapter"], "claude-code");
        let second: AuditEntry = serde_json::from_str(lines[1]).unwrap();
        assert_eq!(second.action, "search");
    }

    #[test]
    fn appends_when_log_exists() {
        let dir = tmp_dir();
        let audit = Audit::new(&dir);
        audit.record(AuditEntry::new("first", json!({})));
        audit.record(AuditEntry::new("second", json!({})));
        audit.record(AuditEntry::new("third", json!({})));
        let body = std::fs::read_to_string(audit.path()).unwrap();
        assert_eq!(body.lines().count(), 3);
    }

    #[test]
    fn creates_parent_directory_lazily() {
        let dir = tmp_dir().join("nested/sub/dir");
        // Directory does NOT exist yet.
        assert!(!dir.exists());
        let audit = Audit::new(&dir);
        audit.record(AuditEntry::new("late", json!({})));
        assert!(audit.path().exists(), "audit.log should have been created");
    }

    #[test]
    fn missing_directory_does_not_propagate_error() {
        // Even with a path we can't write to (e.g. /root on macOS), the
        // record() call must not panic or return an error.
        let audit = Audit::new(Path::new(
            "/nonexistent-anamnesis-path/that/cannot/be/created",
        ));
        // No need to assert anything except that the call completes.
        audit.record(AuditEntry::new("safe", json!({})));
    }
}