citum-schema-style 0.65.0

Citum style schema types and styling engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352

/*
SPDX-License-Identifier: MIT OR Apache-2.0
SPDX-FileCopyrightText: © 2023-2026 Bruce D'Arcus and Citum contributors
*/

//! Style inheritance and resolver integration.

use std::collections::HashSet;

use crate::{ResolutionError, StyleInfo, StyleResolver, options, registry, style_base};

use super::Style;
use super::overlay::merge_style_overlay;

impl Style {
    /// Resolve this style into its final effective form by applying base inheritance.
    ///
    /// If the `extends` field is present, the base [`StyleBase`](style_base::StyleBase) is loaded
    /// and any explicit `options`, `citation`, or `bibliography` keys in the current
    /// style document are merged on top (taking ultimate precedence).
    ///
    /// Styles without a base still resolve Template V3 variants and scoped
    /// options, but do not merge any inherited style data.
    ///
    /// # Panics
    ///
    /// Panics when style resolution fails. Use [`Style::try_into_resolved`]
    /// to handle profile-contract and inheritance errors explicitly.
    #[must_use]
    #[allow(
        clippy::panic,
        reason = "Convenience API for infallible resolution contexts"
    )]
    pub fn into_resolved(self) -> Self {
        self.try_into_resolved()
            .unwrap_or_else(|err| panic!("style resolution failed: {err}"))
    }

    /// Resolve this style into its final effective form, returning validation errors.
    ///
    /// Unlike [`Style::into_resolved`], this preserves resolution failures as
    /// structured [`ResolutionError`] values.
    ///
    /// # Errors
    ///
    /// Returns an error when profile wrappers try to override template-bearing
    /// structure, when profile capability validation fails, or when inheritance
    /// loops are detected.
    pub fn try_into_resolved(self) -> Result<Self, ResolutionError> {
        self.try_into_resolved_with(None)
    }

    /// Resolve this style into its final effective form using an optional style resolver.
    ///
    /// The resolver is used for URI, registry, and remote `extends` references
    /// that cannot be satisfied by embedded bases alone.
    ///
    /// # Errors
    ///
    /// Returns an error when style inheritance or Template V3 variant
    /// resolution fails.
    pub fn try_into_resolved_with(
        self,
        resolver: Option<&StyleResolver>,
    ) -> Result<Self, ResolutionError> {
        self.try_into_resolved_recursive_with_depth(resolver, &mut HashSet::new(), 0)
    }

    /// Internal recursive resolver with loop protection.
    ///
    /// # Panics
    ///
    /// Panics when style resolution fails. Use
    /// [`Style::try_into_resolved_recursive`] to preserve errors.
    #[must_use]
    #[allow(
        clippy::panic,
        reason = "Convenience API for infallible resolution contexts"
    )]
    pub fn into_resolved_recursive(self, visited: &mut HashSet<String>) -> Self {
        self.try_into_resolved_recursive(visited)
            .unwrap_or_else(|err| panic!("style resolution failed: {err}"))
    }

    /// Internal recursive resolver with loop protection.
    ///
    /// # Errors
    ///
    /// Returns an error when profile wrappers violate the config-only
    /// contract, when profile capability validation fails, or when
    /// inheritance loops are detected.
    pub fn try_into_resolved_recursive(
        self,
        visited: &mut HashSet<String>,
    ) -> Result<Self, ResolutionError> {
        self.try_into_resolved_recursive_with(None, visited)
    }

    /// Internal recursive resolver with loop protection and optional external resolver.
    ///
    /// # Errors
    ///
    /// Returns an error when style inheritance or Template V3 variant
    /// resolution fails.
    pub fn try_into_resolved_recursive_with(
        self,
        resolver: Option<&StyleResolver>,
        visited: &mut HashSet<String>,
    ) -> Result<Self, ResolutionError> {
        self.try_into_resolved_recursive_with_depth(resolver, visited, 0)
    }

    /// Internal recursive resolver with depth limit.
    fn try_into_resolved_recursive_with_depth(
        self,
        resolver: Option<&StyleResolver>,
        visited: &mut HashSet<String>,
        depth: usize,
    ) -> Result<Self, ResolutionError> {
        const MAX_DEPTH: usize = 5;

        // Reject root styles whose declared engine compat range we don't satisfy
        // before we waste any work on inheritance or template variants.
        let root_label = self
            .info
            .id
            .as_deref()
            .or(self.info.title.as_deref())
            .unwrap_or("<root>");
        check_citum_version(root_label, &self.info)?;

        let Some(base_ref) = self.extends.clone() else {
            let mut style = self;
            crate::template::resolve_style_template_variants(&mut style, None)?;
            options::scoped::apply_scoped_style_options(&mut style);
            return Ok(style);
        };

        if depth >= MAX_DEPTH {
            let uri = base_ref.key();
            return Err(ResolutionError::UriResolutionFailed {
                uri: uri.to_string(),
                reason: format!("inheritance chain exceeds maximum depth of {MAX_DEPTH}"),
            });
        }

        let key = base_ref.key().to_string();
        if visited.contains(&key) {
            return Err(ResolutionError::InheritanceLoop { base: key });
        }
        visited.insert(key);

        let is_profile = self.resolves_as_profile();
        let pin = self.extends_pin.clone();
        let mut effective = match base_ref {
            style_base::StyleReference::Base(base) => {
                if pin.is_some() {
                    return Err(ResolutionError::UriResolutionFailed {
                        uri: base.key().to_string(),
                        reason:
                            "extends-pin is only supported for URI-based parents (https://, cid:); \
                         builtin StyleBase parents are content-fixed already"
                                .to_string(),
                    });
                }
                base.try_resolve_with_visited(resolver, visited)?
            }
            style_base::StyleReference::Uri(ref uri) => {
                let base_style = resolve_style_reference_uri(uri, resolver)?;
                if let Some(ref expected) = pin {
                    verify_parent_pin(uri, &base_style, expected)?;
                }
                base_style.try_into_resolved_recursive_with_depth(resolver, visited, depth + 1)?
            }
        };
        if is_profile {
            self.validate_profile_shape()?;
        }

        let inherited_variants = crate::template::inherited_variant_context(&effective);
        merge_style_overlay(&mut effective, &self);
        effective.version = self.version;
        effective.extends = self.extends;
        effective.extends_pin = self.extends_pin;
        effective.raw_yaml = self.raw_yaml;
        crate::template::resolve_style_template_variants(
            &mut effective,
            inherited_variants.as_ref(),
        )?;
        options::scoped::apply_scoped_style_options(&mut effective);
        if is_profile {
            effective.extends = None;
        }

        Ok(effective)
    }
    fn style_kind(&self) -> Option<registry::StyleKind> {
        let id = self.info.id.as_deref()?;
        registry::StyleRegistry::load_default()
            .resolve(id)
            .and_then(|entry| entry.kind.clone())
    }

    fn resolves_as_profile(&self) -> bool {
        self.style_kind() == Some(registry::StyleKind::Profile)
    }
}

#[allow(
    clippy::panic,
    reason = "Multihash::wrap on a 32-byte SHA-256 digest is infallible by construction"
)]
fn schema_compute_style_cid(bytes: &[u8]) -> String {
    use cid::Cid;
    use multihash::Multihash;
    use sha2::{Digest, Sha256};

    const RAW_CODEC: u64 = 0x55;
    const SHA256_CODE: u64 = 0x12;

    let digest: [u8; 32] = Sha256::digest(bytes).into();
    let mh = Multihash::<64>::wrap(SHA256_CODE, &digest)
        .unwrap_or_else(|_| panic!("32-byte SHA-256 digest fits in Multihash<64>"));
    Cid::new_v1(RAW_CODEC, mh).to_string()
}

/// Normalize a CID-or-`cid:`-URI to its canonical lowercase string form.
fn schema_canonicalize_cid(s: &str) -> Result<String, ResolutionError> {
    use cid::Cid;
    let trimmed = s.strip_prefix("cid:").unwrap_or(s);
    let cid: Cid =
        trimmed
            .parse()
            .map_err(|err: cid::Error| ResolutionError::UriResolutionFailed {
                uri: s.to_string(),
                reason: format!("invalid CID '{s}': {err}"),
            })?;
    Ok(cid.to_string())
}

/// Verify that the parent style's serialized form matches `expected_pin`.
///
/// Re-serializes the parsed `Style` to its canonical YAML form and computes
/// its CIDv1. Mismatch produces [`ResolutionError::IntegrityFailure`]. This
/// is a best-effort check at the schema layer; for byte-exact verification
/// of the originally-fetched bytes, route through
/// `citum_store::fetch_and_verify_bytes` before parsing.
fn verify_parent_pin(uri: &str, parent: &Style, expected_pin: &str) -> Result<(), ResolutionError> {
    let expected = schema_canonicalize_cid(expected_pin)?;
    let bytes =
        serde_yaml::to_string(parent).map_err(|err| ResolutionError::UriResolutionFailed {
            uri: uri.to_string(),
            reason: format!("re-serialize for extends-pin verification: {err}"),
        })?;
    let actual = schema_compute_style_cid(bytes.as_bytes());
    if actual == expected {
        Ok(())
    } else {
        Err(ResolutionError::IntegrityFailure {
            uri: uri.to_string(),
            expected,
            actual,
        })
    }
}

/// Apply an `info.citum-version` requirement check against the running
/// engine version (CARGO_PKG_VERSION).
///
/// Returns `Ok(())` when the field is absent or the requirement is satisfied;
/// returns [`ResolutionError::VersionMismatch`] otherwise.
///
/// # Errors
///
/// Returns [`ResolutionError::VersionMismatch`] when the running engine
/// version does not satisfy the style's declared `citum-version` requirement.
/// Returns [`ResolutionError::UriResolutionFailed`] when the requirement
/// string itself fails to parse as a semver `VersionReq`, or when the
/// running engine's `CARGO_PKG_VERSION` cannot be parsed (this latter case
/// is structurally impossible at runtime but is preserved as a typed error
/// rather than a panic).
pub fn check_citum_version(uri: &str, info: &StyleInfo) -> Result<(), ResolutionError> {
    let Some(req_str) = info.citum_version.as_ref() else {
        return Ok(());
    };
    let req =
        semver::VersionReq::parse(req_str).map_err(|err| ResolutionError::UriResolutionFailed {
            uri: uri.to_string(),
            reason: format!("invalid `info.citum-version` requirement '{req_str}': {err}"),
        })?;
    let engine_str = env!("CARGO_PKG_VERSION");
    let engine =
        semver::Version::parse(engine_str).map_err(|err| ResolutionError::UriResolutionFailed {
            uri: uri.to_string(),
            reason: format!("unparseable engine version `{engine_str}`: {err}"),
        })?;
    if req.matches(&engine) {
        Ok(())
    } else {
        Err(ResolutionError::VersionMismatch {
            uri: uri.to_string(),
            required: req_str.clone(),
            declared: engine_str.to_string(),
        })
    }
}

fn resolve_style_reference_uri(
    uri: &str,
    resolver: Option<&StyleResolver>,
) -> Result<Style, ResolutionError> {
    if let Some(resolver) = resolver {
        let style = resolver
            .resolve_style(uri)
            .map_err(|e| ResolutionError::from_resolver_error(uri, e))?;
        check_citum_version(uri, &style.info)?;
        return Ok(style);
    }

    let Some(raw_path) = uri.strip_prefix("file://") else {
        return Err(ResolutionError::UriResolutionFailed {
            uri: uri.to_string(),
            reason: "unsupported scheme; an external style resolver is required".to_string(),
        });
    };
    let path = std::path::Path::new(raw_path);
    let bytes = std::fs::read(path).map_err(|e| ResolutionError::UriResolutionFailed {
        uri: uri.to_string(),
        reason: e.to_string(),
    })?;
    let ext = path.extension().and_then(|e| e.to_str()).unwrap_or("yaml");
    let style: Style = match ext {
        "cbor" => ciborium::de::from_reader(std::io::Cursor::new(&bytes)).map_err(|e| {
            ResolutionError::UriResolutionFailed {
                uri: uri.to_string(),
                reason: e.to_string(),
            }
        })?,
        "json" => {
            serde_json::from_slice(&bytes).map_err(|e| ResolutionError::UriResolutionFailed {
                uri: uri.to_string(),
                reason: e.to_string(),
            })?
        }
        _ => Style::from_yaml_bytes(&bytes).map_err(|e| ResolutionError::UriResolutionFailed {
            uri: uri.to_string(),
            reason: e.to_string(),
        })?,
    };
    check_citum_version(uri, &style.info)?;
    Ok(style)
}