buildfix-edit 0.3.1

Policy-aware edit/apply engine for buildfix plan operations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

# buildfix-edit

TOML editing engine - decides HOW to apply operations. Uses `toml_edit` for format-preserving transformations.

## Build & Test

```bash
cargo test -p buildfix-edit
cargo clippy -p buildfix-edit
```

## Key Functions

### `attach_preconditions(plan, repo_root, options) -> Result<BuildfixPlan>`
Adds SHA256 preconditions for each touched file. Optionally captures git HEAD SHA.

### `preview_patch(plan, repo_root) -> Result<String>`
Generates unified diff without writing to disk.

### `apply_plan(plan, repo_root, options) -> Result<ExecuteOutcome>`
Executes plan in-memory or to disk with optional backups.

### `check_policy_block(outcome) -> Option<PolicyBlockError>`
Returns error if any op was blocked by policy.

## Types

### `ApplyOptions`
```rust
struct ApplyOptions {
    dry_run: bool,           // Don't write to disk
    allow_guarded: bool,     // Apply guarded ops
    allow_unsafe: bool,      // Apply unsafe ops
    backup_enabled: bool,
    backup_dir: Option<PathBuf>,
    backup_suffix: String,
    params: HashMap<String, String>,
}
```

### `ExecuteOutcome`
- `before` / `after` - Content maps for diffing
- `results` - Per-op outcomes
- `summary` - Counts of attempted/applied/skipped/failed

## Operation Implementations

Each `toml_transform` rule_id has a corresponding TOML transformation:

| Operation | Transformation |
|-----------|----------------|
| `ensure_workspace_resolver_v2` | Sets `doc["workspace"]["resolver"] = "2"` |
| `set_package_rust_version` | Sets `doc["package"]["rust-version"]` |
| `ensure_path_dep_has_version` | Adds version to path dep inline/table |
| `use_workspace_dependency` | Converts to `{ workspace = true }` inline table |

## Policy Enforcement

1. **Glob matching** - Simple `*` and `?` patterns for allow/deny lists
2. **Safety gates** - Safe always allowed; Guarded/Unsafe require flags
3. **Precondition checks** - File SHA256 and optional git HEAD validation
4. **Backup creation** - Stored alongside file or in dedicated backup_dir

## Error Types

- `EditError` - I/O, parse, or validation failures
- `PolicyBlockError` - Precondition or safety gate denial (exit code 2)

## Invariants

- Never writes without matching preconditions
- TOML formatting preserved (comments, whitespace, ordering)
- Backup created before any file modification