git-cloak 0.0.1

The Invisible Layer for Your Repositories - Manage private, untracked files across Git clones.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

use serde::de;
use sha2::{Digest, Sha256};
use std::path::Path;
use std::process::Command;
use thiserror::Error;

const GIT_HASH_SHORT_LEN: usize = 16;
const PATH_HASH_SHORT_LEN: usize = 7;

#[derive(Debug, Clone, PartialEq, Eq, Hash)]
pub enum Pid {
    Git(String),
    Path(String),
}

impl Pid {
    pub fn as_str(&self) -> &str {
        match self {
            Pid::Git(s) | Pid::Path(s) => s,
        }
    }

    pub fn kind(&self) -> &'static str {
        match self {
            Pid::Git(_) => "git",
            Pid::Path(_) => "path",
        }
    }

    /// Reconstruct a `Pid` from its serialized string form (e.g. `"git_abc123"` or `"path_def456"`).
    pub fn parse(s: &str) -> Option<Pid> {
        if let Some(rest) = s.strip_prefix("git_") {
            if rest.is_empty() {
                return None;
            }
            Some(Pid::Git(s.to_owned()))
        } else if let Some(rest) = s.strip_prefix("path_") {
            if rest.is_empty() {
                return None;
            }
            Some(Pid::Path(s.to_owned()))
        } else {
            None
        }
    }
}

impl std::fmt::Display for Pid {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.write_str(self.as_str())
    }
}

impl serde::Serialize for Pid {
    fn serialize<S: serde::Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error> {
        serializer.serialize_str(self.as_str())
    }
}

impl<'de> serde::Deserialize<'de> for Pid {
    fn deserialize<D: serde::Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error> {
        let s = String::deserialize(deserializer)?;
        Pid::parse(&s).ok_or_else(|| de::Error::custom(format!("invalid PID: {s}")))
    }
}

#[derive(Debug, Error)]
pub enum PidError {
    #[error("failed to discover git repository: {0}")]
    GitDiscover(#[from] gix::discover::Error),
    #[error("repository HEAD is unborn — no commits yet")]
    UnbornHead,
    #[error("git command failed: {0}")]
    GitCommand(String),
    #[error("path is not absolute: {0}")]
    RelativePath(String),
}

/// Compute PID for the given directory.
///
/// Priority A: If inside a git repo, returns `Pid::Git("git_<root_hash_short>")`.
/// Priority B: Otherwise, returns `Pid::Path("path_<sha256_short>")`.
pub fn compute(dir: &Path) -> Result<Pid, PidError> {
    match compute_git_pid(dir) {
        Ok(pid) => Ok(pid),
        Err(_) => compute_path_pid(dir),
    }
}

/// Compute a Git-based PID from the initial commit hash.
///
/// Shells out to `git rev-list --max-parents=0 HEAD` for the root commit hash,
/// which is O(1) with commit-graph. Uses `gix::discover` for robust repo resolution.
/// Returns `git_<first 16 hex chars of root commit hash>`.
pub fn compute_git_pid(dir: &Path) -> Result<Pid, PidError> {
    let repo = gix::discover(dir)?;
    let git_dir = repo.git_dir().to_owned();

    let output = Command::new("git")
        .args(["rev-list", "--max-parents=0", "HEAD"]) // TODO situ: check if there is a better way to do this, using gix directly
        .env("GIT_DIR", &git_dir)
        .current_dir(dir)
        .output()
        .map_err(|e| PidError::GitCommand(e.to_string()))?;

    if !output.status.success() {
        let stderr = String::from_utf8_lossy(&output.stderr);
        if stderr.contains("unknown revision") || stderr.contains("bad default revision") {
            return Err(PidError::UnbornHead);
        }
        return Err(PidError::GitCommand(stderr.into_owned()));
    }

    let stdout = String::from_utf8_lossy(&output.stdout);
    // Multiple roots possible; last line is the chronologically earliest.
    let hash = stdout.lines().last().unwrap_or("").trim();
    if hash.is_empty() {
        return Err(PidError::UnbornHead);
    }

    let short = &hash[..GIT_HASH_SHORT_LEN.min(hash.len())];
    Ok(Pid::Git(format!("git_{short}")))
}

/// Compute a path-based PID from SHA256 of the absolute path.
///
/// Returns `path_<first 7 hex chars of SHA256>`.
pub fn compute_path_pid(dir: &Path) -> Result<Pid, PidError> {
    if !dir.is_absolute() {
        return Err(PidError::RelativePath(dir.display().to_string()));
    }

    let path_str = dir.to_string_lossy();
    let mut hasher = Sha256::new();
    hasher.update(path_str.as_bytes());
    let result = hasher.finalize();
    let hex_str = hex::encode(result);
    let short = &hex_str[..PATH_HASH_SHORT_LEN.min(hex_str.len())];
    Ok(Pid::Path(format!("path_{short}")))
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::path::PathBuf;

    #[test]
    fn git_pid_format() {
        // Run from the repo itself — should produce a git_ PID
        let dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
        let pid = compute(&dir).unwrap();
        match &pid {
            Pid::Git(s) => {
                assert!(s.starts_with("git_"));
                // "git_" (4 chars) + 16 hex chars = 20
                assert_eq!(s.len(), 4 + GIT_HASH_SHORT_LEN);
            }
            _ => panic!("expected Git PID, got {:?}", pid),
        }
    }

    #[test]
    fn git_pid_is_stable() {
        let dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
        let a = compute_git_pid(&dir).unwrap();
        let b = compute_git_pid(&dir).unwrap();
        assert_eq!(a, b);
    }

    #[test]
    fn path_pid_format() {
        let pid = compute_path_pid(Path::new("/tmp/some-non-git-dir")).unwrap(); // TODO situ use temp dir generator crate
        match &pid {
            Pid::Path(s) => {
                assert!(s.starts_with("path_"));
                assert_eq!(s.len(), 5 + PATH_HASH_SHORT_LEN);
            }
            _ => panic!("expected Path PID, got {:?}", pid),
        }
    }

    #[test]
    fn path_pid_is_stable() {
        let a = compute_path_pid(Path::new("/foo/bar")).unwrap();
        let b = compute_path_pid(Path::new("/foo/bar")).unwrap();
        assert_eq!(a, b);
    }

    #[test]
    fn path_pid_differs_for_different_paths() {
        let a = compute_path_pid(Path::new("/foo/bar")).unwrap();
        let b = compute_path_pid(Path::new("/foo/baz")).unwrap();
        assert_ne!(a, b);
    }

    #[test]
    fn path_pid_rejects_relative() {
        let result = compute_path_pid(Path::new("relative/path"));
        assert!(result.is_err());
    }

    #[test]
    fn parse_git_pid() {
        let pid = Pid::parse("git_abc123").unwrap();
        assert_eq!(pid, Pid::Git("git_abc123".into()));
    }

    #[test]
    fn parse_path_pid() {
        let pid = Pid::parse("path_def456").unwrap();
        assert_eq!(pid, Pid::Path("path_def456".into()));
    }

    #[test]
    fn parse_rejects_invalid() {
        assert!(Pid::parse("").is_none());
        assert!(Pid::parse("unknown_abc").is_none());
        assert!(Pid::parse("git_").is_none());
        assert!(Pid::parse("path_").is_none());
    }

    #[test]
    fn serde_round_trip() {
        let pid = Pid::Git("git_abc123def456ab".into());
        let json = serde_json::to_string(&pid).unwrap();
        assert_eq!(json, "\"git_abc123def456ab\"");
        let back: Pid = serde_json::from_str(&json).unwrap();
        assert_eq!(back, pid);
    }
}