brainwires-relay 0.1.0

MCP server framework, relay client, and agent communication backbone for Brainwires
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341

//! Attachment handling for remote file uploads
//!
//! Manages chunked file uploads from the web UI, including:
//! - Reassembly of chunks
//! - Decompression (zstd/gzip)
//! - Checksum verification
//! - Temporary file storage

use std::collections::HashMap;
use std::io::{Read, Write};
use std::path::PathBuf;
use std::sync::Arc;

use anyhow::{bail, Context, Result};
use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64};
use sha2::{Sha256, Digest};
use tokio::sync::RwLock;

use super::protocol::CompressionAlgorithm;

/// Default chunk size for attachments (64KB)
pub const ATTACHMENT_CHUNK_SIZE: usize = 64 * 1024;

/// Compression threshold - files larger than this are compressed (10KB)
pub const COMPRESSION_THRESHOLD: usize = 10 * 1024;

/// Maximum attachment size (100MB)
pub const MAX_ATTACHMENT_SIZE: u64 = 100 * 1024 * 1024;

/// State of an in-progress attachment upload
#[derive(Debug)]
#[allow(dead_code)]
struct PendingAttachment {
    /// Unique attachment ID
    id: String,
    /// Original filename
    filename: String,
    /// MIME type
    mime_type: String,
    /// Expected total size (uncompressed)
    expected_size: u64,
    /// Whether data is compressed
    compressed: bool,
    /// Compression algorithm (if compressed)
    compression_algorithm: Option<CompressionAlgorithm>,
    /// Expected number of chunks
    chunks_total: u32,
    /// Received chunks (index -> data)
    chunks: HashMap<u32, Vec<u8>>,
    /// Total bytes received so far
    bytes_received: usize,
    /// Associated agent ID
    agent_id: String,
    /// Command ID for response
    command_id: String,
}

/// Manages attachment uploads
#[derive(Clone)]
pub struct AttachmentReceiver {
    /// Pending attachments by ID
    pending: Arc<RwLock<HashMap<String, PendingAttachment>>>,
    /// Directory to store received attachments
    output_dir: PathBuf,
}

impl AttachmentReceiver {
    /// Create a new attachment receiver
    pub fn new(output_dir: PathBuf) -> Self {
        Self {
            pending: Arc::new(RwLock::new(HashMap::new())),
            output_dir,
        }
    }

    /// Start receiving a new attachment
    #[allow(clippy::too_many_arguments)]
    pub async fn start_upload(
        &self,
        command_id: String,
        agent_id: String,
        attachment_id: String,
        filename: String,
        mime_type: String,
        size: u64,
        compressed: bool,
        compression_algorithm: Option<CompressionAlgorithm>,
        chunks_total: u32,
    ) -> Result<()> {
        // Validate size
        if size > MAX_ATTACHMENT_SIZE {
            bail!(
                "Attachment too large: {} bytes (max: {} bytes)",
                size,
                MAX_ATTACHMENT_SIZE
            );
        }

        let pending = PendingAttachment {
            id: attachment_id.clone(),
            filename,
            mime_type,
            expected_size: size,
            compressed,
            compression_algorithm,
            chunks_total,
            chunks: HashMap::new(),
            bytes_received: 0,
            agent_id,
            command_id,
        };

        let mut pending_map = self.pending.write().await;
        pending_map.insert(attachment_id, pending);

        Ok(())
    }

    /// Receive a chunk of attachment data
    pub async fn receive_chunk(
        &self,
        attachment_id: &str,
        chunk_index: u32,
        data: &str,
        is_final: bool,
    ) -> Result<bool> {
        // Decode base64 data
        let decoded = BASE64
            .decode(data)
            .context("Failed to decode base64 chunk data")?;

        let mut pending_map = self.pending.write().await;
        let pending = pending_map
            .get_mut(attachment_id)
            .context("Unknown attachment ID")?;

        // Validate chunk index
        if chunk_index >= pending.chunks_total {
            bail!(
                "Invalid chunk index: {} (expected 0-{})",
                chunk_index,
                pending.chunks_total - 1
            );
        }

        // Store chunk
        pending.bytes_received += decoded.len();
        pending.chunks.insert(chunk_index, decoded);

        // Check if we have all chunks
        let all_received = pending.chunks.len() == pending.chunks_total as usize;

        if is_final && !all_received {
            tracing::warn!(
                "Final chunk received but only have {}/{} chunks",
                pending.chunks.len(),
                pending.chunks_total
            );
        }

        Ok(all_received)
    }

    /// Complete the attachment upload, verify checksum, and save to disk
    pub async fn complete_upload(
        &self,
        attachment_id: &str,
        expected_checksum: &str,
    ) -> Result<PathBuf> {
        let pending = {
            let mut pending_map = self.pending.write().await;
            pending_map
                .remove(attachment_id)
                .context("Unknown attachment ID")?
        };

        // Reassemble chunks in order
        let mut assembled = Vec::with_capacity(pending.bytes_received);
        for i in 0..pending.chunks_total {
            let chunk = pending
                .chunks
                .get(&i)
                .context(format!("Missing chunk {}", i))?;
            assembled.extend_from_slice(chunk);
        }

        // Decompress if needed
        let data = if pending.compressed {
            decompress(&assembled, pending.compression_algorithm)?
        } else {
            assembled
        };

        // Verify checksum
        let mut hasher = Sha256::new();
        hasher.update(&data);
        let actual_checksum = format!("{:x}", hasher.finalize());

        if actual_checksum != expected_checksum {
            bail!(
                "Checksum mismatch: expected {}, got {}",
                expected_checksum,
                actual_checksum
            );
        }

        // Ensure output directory exists
        std::fs::create_dir_all(&self.output_dir)
            .context("Failed to create attachment output directory")?;

        // Generate unique filename
        let safe_filename = sanitize_filename(&pending.filename);
        let timestamp = chrono::Utc::now().format("%Y%m%d_%H%M%S");
        let output_path = self.output_dir.join(format!("{}_{}", timestamp, safe_filename));

        // Write to file
        let mut file = std::fs::File::create(&output_path)
            .context("Failed to create attachment file")?;
        file.write_all(&data)
            .context("Failed to write attachment data")?;

        tracing::info!(
            "Attachment saved: {} ({} bytes, {})",
            output_path.display(),
            data.len(),
            pending.mime_type
        );

        Ok(output_path)
    }

    /// Cancel a pending upload
    pub async fn cancel_upload(&self, attachment_id: &str) {
        let mut pending_map = self.pending.write().await;
        if pending_map.remove(attachment_id).is_some() {
            tracing::info!("Cancelled attachment upload: {}", attachment_id);
        }
    }

    /// Get status of a pending upload
    pub async fn get_status(&self, attachment_id: &str) -> Option<(u32, u32, usize)> {
        let pending_map = self.pending.read().await;
        pending_map.get(attachment_id).map(|p| {
            (p.chunks.len() as u32, p.chunks_total, p.bytes_received)
        })
    }
}

/// Decompress data using the specified algorithm
fn decompress(data: &[u8], algorithm: Option<CompressionAlgorithm>) -> Result<Vec<u8>> {
    match algorithm {
        Some(CompressionAlgorithm::Zstd) => {
            zstd::decode_all(data).context("Failed to decompress zstd data")
        }
        Some(CompressionAlgorithm::Gzip) => {
            let mut decoder = flate2::read::GzDecoder::new(data);
            let mut decompressed = Vec::new();
            decoder
                .read_to_end(&mut decompressed)
                .context("Failed to decompress gzip data")?;
            Ok(decompressed)
        }
        None => Ok(data.to_vec()),
    }
}

/// Sanitize a filename to prevent path traversal attacks
fn sanitize_filename(filename: &str) -> String {
    // Take only the file name (not path)
    let name = std::path::Path::new(filename)
        .file_name()
        .and_then(|n| n.to_str())
        .unwrap_or("attachment");

    // Replace problematic characters
    name.chars()
        .map(|c| match c {
            '/' | '\\' | ':' | '*' | '?' | '"' | '<' | '>' | '|' => '_',
            c if c.is_ascii_control() => '_',
            c => c,
        })
        .collect()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_sanitize_filename() {
        assert_eq!(sanitize_filename("file.txt"), "file.txt");
        assert_eq!(sanitize_filename("path/to/file.txt"), "file.txt");
        assert_eq!(sanitize_filename("file:name.txt"), "file_name.txt");
        assert_eq!(sanitize_filename("file<>|name.txt"), "file___name.txt");
    }

    #[tokio::test]
    async fn test_attachment_receiver() {
        let temp_dir = tempfile::tempdir().unwrap();
        let receiver = AttachmentReceiver::new(temp_dir.path().to_path_buf());

        // Start upload
        receiver
            .start_upload(
                "cmd-1".to_string(),
                "agent-1".to_string(),
                "attach-1".to_string(),
                "test.txt".to_string(),
                "text/plain".to_string(),
                13,
                false,
                None,
                1,
            )
            .await
            .unwrap();

        // Send chunk (base64 of "Hello, World!")
        let data = BASE64.encode(b"Hello, World!");
        let all_received = receiver
            .receive_chunk("attach-1", 0, &data, true)
            .await
            .unwrap();
        assert!(all_received);

        // Calculate expected checksum
        let mut hasher = Sha256::new();
        hasher.update(b"Hello, World!");
        let checksum = format!("{:x}", hasher.finalize());

        // Complete upload
        let path = receiver
            .complete_upload("attach-1", &checksum)
            .await
            .unwrap();
        assert!(path.exists());

        let content = std::fs::read_to_string(&path).unwrap();
        assert_eq!(content, "Hello, World!");
    }
}