fusabi-stdlib-ext 0.1.6

Extended standard library modules and domain packs for Fusabi
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

//! Process execution module.
//!
//! Provides functions for executing system processes with safety controls.

use std::sync::Arc;
use std::time::Duration;

use fusabi_host::ExecutionContext;
use fusabi_host::Value;

use crate::error::{Error, Result};
use crate::safety::SafetyConfig;

/// Execute a command and wait for completion.
pub fn exec(
    safety: &Arc<SafetyConfig>,
    timeout: Option<Duration>,
    args: &[Value],
    _ctx: &ExecutionContext,
) -> fusabi_host::Result<Value> {
    let command = args
        .first()
        .and_then(|v| v.as_str())
        .ok_or_else(|| fusabi_host::Error::host_function("exec: missing command argument"))?;

    // Check safety
    safety.check_execute(command).map_err(|e| {
        fusabi_host::Error::host_function(e.to_string())
    })?;

    // Get arguments
    let cmd_args: Vec<String> = args
        .iter()
        .skip(1)
        .filter_map(|v| v.as_str().map(String::from))
        .collect();

    // Apply timeout
    let timeout = timeout
        .map(|t| safety.clamp_timeout(t))
        .unwrap_or(safety.default_timeout);

    // Execute command (simulated)
    tracing::info!("Executing: {} {:?} (timeout: {:?})", command, cmd_args, timeout);

    // In real implementation, would use tokio::process::Command
    let output = format!("Executed: {} {}", command, cmd_args.join(" "));

    Ok(Value::Map({
        let mut m = std::collections::HashMap::new();
        m.insert("stdout".into(), Value::String(output));
        m.insert("stderr".into(), Value::String(String::new()));
        m.insert("exit_code".into(), Value::Int(0));
        m
    }))
}

/// Spawn a command without waiting.
pub fn spawn(
    args: &[Value],
    _ctx: &ExecutionContext,
) -> fusabi_host::Result<Value> {
    let command = args
        .first()
        .and_then(|v| v.as_str())
        .ok_or_else(|| fusabi_host::Error::host_function("spawn: missing command argument"))?;

    // In real implementation, would spawn the process and return a handle
    tracing::info!("Spawning: {}", command);

    Ok(Value::Map({
        let mut m = std::collections::HashMap::new();
        m.insert("pid".into(), Value::Int(12345));
        m.insert("command".into(), Value::String(command.to_string()));
        m
    }))
}

/// Options for process execution.
#[derive(Debug, Clone)]
pub struct ExecOptions {
    /// Working directory.
    pub cwd: Option<String>,
    /// Environment variables.
    pub env: std::collections::HashMap<String, String>,
    /// Timeout.
    pub timeout: Option<Duration>,
    /// Capture stdout.
    pub capture_stdout: bool,
    /// Capture stderr.
    pub capture_stderr: bool,
}

impl Default for ExecOptions {
    fn default() -> Self {
        Self {
            cwd: None,
            env: std::collections::HashMap::new(),
            timeout: Some(Duration::from_secs(30)),
            capture_stdout: true,
            capture_stderr: true,
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use fusabi_host::Capabilities;
    use fusabi_host::{Sandbox, SandboxConfig};
    use fusabi_host::Limits;

    fn create_test_ctx() -> ExecutionContext {
        let sandbox = Sandbox::new(SandboxConfig::default()).unwrap();
        ExecutionContext::new(1, Capabilities::none(), Limits::default(), sandbox)
    }

    #[test]
    fn test_exec_safety_check() {
        let safety = Arc::new(SafetyConfig::strict());
        let ctx = create_test_ctx();

        let result = exec(&safety, None, &[Value::String("ls".into())], &ctx);
        assert!(result.is_err()); // Should fail - process not allowed
    }

    #[test]
    fn test_exec_with_permission() {
        let safety = Arc::new(
            SafetyConfig::new()
                .with_allow_process(true)
                .with_allowed_commands(["ls"])
        );
        let ctx = create_test_ctx();

        let result = exec(&safety, None, &[Value::String("ls".into())], &ctx);
        assert!(result.is_ok());
    }

    #[test]
    fn test_exec_command_not_allowed() {
        let safety = Arc::new(
            SafetyConfig::new()
                .with_allow_process(true)
                .with_allowed_commands(["ls"])
        );
        let ctx = create_test_ctx();

        let result = exec(&safety, None, &[Value::String("rm".into())], &ctx);
        assert!(result.is_err()); // rm not in allowed list
    }
}