claw-branch 0.1.2

Fork, simulate, and merge engine for ClawDB agents.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

//! Snapshot integrity verification and file hashing helpers.

use std::{fs::File, io::Read, path::Path};

use sqlx::{
    sqlite::{SqliteConnectOptions, SqlitePoolOptions},
    Row, SqlitePool,
};

use crate::{
    error::{BranchError, BranchResult},
    snapshot::manifest::{EntityCounts, SnapshotManifest},
};

/// Verifies a snapshot file against its manifest hashes, counts, and SQLite integrity checks.
pub async fn verify_snapshot(manifest: &SnapshotManifest) -> BranchResult<()> {
    if !manifest.snapshot_db_path.exists() {
        return Err(BranchError::SnapshotCorrupt {
            branch_id: manifest.branch_id,
            path: manifest.snapshot_db_path.clone(),
        });
    }

    let sidecar_path = sidecar_hash_path_for_db(&manifest.snapshot_db_path);
    let expected =
        read_sidecar_hash(&sidecar_path).ok_or_else(|| BranchError::SnapshotHashMissing {
            branch_id: manifest.branch_id,
            path: sidecar_path.clone(),
        })?;
    let hash = hash_file_blake3(&manifest.snapshot_db_path)?;
    let actual_hash = blake3::Hash::from_bytes(hash);
    let expected_hash = blake3::Hash::from_bytes(expected);
    if !actual_hash.eq(&expected_hash) {
        return Err(BranchError::SnapshotCorrupt {
            branch_id: manifest.branch_id,
            path: manifest.snapshot_db_path.clone(),
        });
    }

    let pool = SqlitePoolOptions::new()
        .max_connections(1)
        .connect_with(
            SqliteConnectOptions::new()
                .filename(&manifest.snapshot_db_path)
                .create_if_missing(false),
        )
        .await?;
    let integrity = sqlx::query("PRAGMA integrity_check")
        .fetch_one(&pool)
        .await?
        .try_get::<String, _>(0)?;
    if integrity != "ok" {
        return Err(BranchError::SnapshotCorrupt {
            branch_id: manifest.branch_id,
            path: manifest.snapshot_db_path.clone(),
        });
    }

    let counts = EntityCounts::from_pool(&pool).await?;
    if counts != manifest.entity_counts {
        return Err(BranchError::SnapshotCorrupt {
            branch_id: manifest.branch_id,
            path: manifest.snapshot_db_path.clone(),
        });
    }
    verify_schema_version(&pool, manifest.schema_version).await
}

/// Computes a BLAKE3 digest for a file in 64KB chunks.
pub fn hash_file_blake3(path: &Path) -> BranchResult<[u8; 32]> {
    let mut file = File::open(path)?;
    let mut hasher = blake3::Hasher::new();
    let mut buffer = [0_u8; 64 * 1024];

    loop {
        let bytes_read = file.read(&mut buffer)?;
        if bytes_read == 0 {
            break;
        }
        hasher.update(&buffer[..bytes_read]);
    }

    Ok(*hasher.finalize().as_bytes())
}

/// Returns the snapshot sidecar hash path for a snapshot db path.
pub fn sidecar_hash_path_for_db(snapshot_db_path: &Path) -> std::path::PathBuf {
    snapshot_db_path.with_extension("hash")
}

/// Writes a sidecar hash file using lowercase hex encoding.
pub fn write_sidecar_hash(path: &Path, hash: &[u8; 32]) -> BranchResult<()> {
    let mut output = String::with_capacity(64);
    for byte in hash {
        use std::fmt::Write as _;
        let _ = write!(&mut output, "{byte:02x}");
    }
    std::fs::write(path, output)?;
    Ok(())
}

/// Reads a sidecar hash file from lowercase hex.
pub fn read_sidecar_hash(path: &Path) -> Option<[u8; 32]> {
    let text = std::fs::read_to_string(path).ok()?;
    let text = text.trim();
    if text.len() != 64 {
        return None;
    }
    let mut bytes = [0_u8; 32];
    for (index, chunk) in text.as_bytes().chunks(2).enumerate() {
        let high = from_hex(chunk[0])?;
        let low = from_hex(chunk[1])?;
        bytes[index] = (high << 4) | low;
    }
    Some(bytes)
}

fn from_hex(value: u8) -> Option<u8> {
    match value {
        b'0'..=b'9' => Some(value - b'0'),
        b'a'..=b'f' => Some(value - b'a' + 10),
        b'A'..=b'F' => Some(value - b'A' + 10),
        _ => None,
    }
}

/// Verifies the SQLite user version for a pool.
pub async fn verify_schema_version(pool: &SqlitePool, expected: u32) -> BranchResult<()> {
    let row = sqlx::query("PRAGMA user_version").fetch_one(pool).await?;
    let actual = row.try_get::<i64, _>(0)? as u32;
    if actual != expected {
        return Err(BranchError::SnapshotFailed {
            branch_id: uuid::Uuid::nil(),
            reason: format!("schema version mismatch: expected {expected}, found {actual}"),
        });
    }
    Ok(())
}