kaish-kernel 0.7.0

Core kernel for kaish: lexer, parser, interpreter, and runtime
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677

//! rm — Remove files and directories.
//!
//! Supports confirmation latch (`set -o latch`) and trash-on-delete
//! (`set -o trash`) for safe autonomous operation.

use async_trait::async_trait;
use std::path::{Path, PathBuf};

use crate::ast::Value;
use crate::backend::{BackendError, KernelBackend};
use crate::interpreter::ExecResult;
use crate::tools::{ExecContext, Tool, ToolArgs, ToolSchema, ParamSchema};

/// Rm tool: remove files and directories.
pub struct Rm;

/// What the rm decision logic chose to do.
#[derive(Debug, PartialEq)]
enum RmAction {
    /// Move to freedesktop.org Trash.
    Trash(PathBuf),
    /// Permanent delete (via backend).
    Delete,
    /// Latch gate: return exit code 2 with nonce.
    Latch,
}

/// Determine the rm action based on trash/latch settings and file properties.
fn decide_rm_action(
    trash_enabled: bool,
    latch_enabled: bool,
    real_path: Option<&Path>,
    file_size: Option<u64>,
    trash_max_size: u64,
    is_dir: bool,
) -> RmAction {
    if trash_enabled {
        if let Some(rp) = real_path {
            // Skip trash for excluded paths (/tmp, /v/*)
            // Use Path::starts_with (component-aware) not str starts_with,
            // otherwise "/tmp_file.txt" would incorrectly match "/tmp".
            let excluded = rp.starts_with("/tmp")
                || rp.starts_with("/v");

            if !excluded {
                // Directories always go to trash — stat size is unreliable
                // and trash::delete handles them atomically.
                if is_dir {
                    return RmAction::Trash(rp.to_path_buf());
                }
                let size = file_size.unwrap_or(0);
                if size <= trash_max_size {
                    return RmAction::Trash(rp.to_path_buf());
                }
                // File too big for trash — fall through to latch check
                if latch_enabled {
                    return RmAction::Latch;
                }
                return RmAction::Delete;
            }
        }
        // Virtual path (no real path) or excluded path — fall through
    }

    if latch_enabled {
        return RmAction::Latch;
    }

    RmAction::Delete
}

#[async_trait]
impl Tool for Rm {
    fn name(&self) -> &str {
        "rm"
    }

    fn schema(&self) -> ToolSchema {
        ToolSchema::new("rm", "Remove files and directories")
            .param(ParamSchema::required("path", "string", "Path to remove"))
            .param(ParamSchema::optional(
                "recursive",
                "bool",
                Value::Bool(false),
                "Remove directories and their contents recursively (-r)",
            ).with_aliases(["-r", "-R"]))
            .param(ParamSchema::optional(
                "force",
                "bool",
                Value::Bool(false),
                "Ignore nonexistent files, never prompt (-f)",
            ).with_aliases(["-f"]))
            .param(ParamSchema::optional(
                "confirm",
                "string",
                Value::Null,
                "Confirmation nonce for latch-gated operations (--confirm=NONCE)",
            ))
            .example("Remove a file", "rm temp.txt")
            .example("Remove directory recursively", "rm -rf build/")
            .example("Confirm latched removal", "rm --confirm=a3f7b2c1 bigfile.bin")
    }

    async fn execute(&self, args: ToolArgs, ctx: &mut ExecContext) -> ExecResult {
        let path = match args.get_string("path", 0) {
            Some(p) => p,
            None => return ExecResult::failure(1, "rm: missing path argument"),
        };

        let recursive = args.has_flag("recursive") || args.has_flag("r");
        let force = args.has_flag("force") || args.has_flag("f");
        let confirm = args.get_named("confirm").and_then(|v| match v {
            Value::String(s) => Some(s.clone()),
            _ => None,
        });
        let resolved = ctx.resolve_path(&path);

        // Check existence first
        let stat = match ctx.backend.stat(Path::new(&resolved)).await {
            Ok(info) => Some(info),
            Err(BackendError::NotFound(_)) if force => return ExecResult::success(""),
            Err(BackendError::NotFound(_)) => return ExecResult::failure(1, format!("rm: {}: No such file or directory", path)),
            Err(e) => return ExecResult::failure(1, format!("rm: {}: {}", path, e)),
        };

        let trash_enabled = ctx.scope.trash_enabled();
        let latch_enabled = ctx.scope.latch_enabled();
        let trash_max_size = ctx.scope.trash_max_size();

        // Resolve real filesystem path (None for virtual paths like /v/*)
        let real_path = ctx.backend.resolve_real_path(Path::new(&resolved));
        let file_size = stat.as_ref().map(|s| s.size);

        let is_dir = stat.as_ref().is_some_and(|s| s.is_dir());
        let action = decide_rm_action(
            trash_enabled,
            latch_enabled,
            real_path.as_deref(),
            file_size,
            trash_max_size,
            is_dir,
        );

        match action {
            RmAction::Trash(real) => {
                let trash_backend = match ctx.trash_backend.as_ref() {
                    Some(tb) => tb,
                    None => return ExecResult::failure(1, "rm: trash backend not available"),
                };
                let real_display = real.display().to_string();
                match trash_backend.trash(&real).await {
                    Ok(()) => ExecResult::success(""),
                    Err(e) => {
                        ExecResult::failure(1, format!(
                            "rm: {}: trash failed: {} (use `set +o trash` to delete permanently)",
                            real_display, e
                        ))
                    }
                }
            }
            RmAction::Latch => {
                // Check if a valid confirmation nonce was provided
                if let Some(nonce) = &confirm {
                    match ctx.verify_nonce(nonce, "rm", &[&path]) {
                        Ok(()) => {
                            // Nonce valid — proceed with delete
                            match remove_path(&*ctx.backend, Path::new(&resolved), recursive, force).await {
                                Ok(()) => ExecResult::success(""),
                                Err(e) => ExecResult::failure(1, format!("rm: {}: {}", path, e)),
                            }
                        }
                        Err(e) => ExecResult::failure(1, format!("rm: {}: {}", path, e)),
                    }
                } else {
                    ctx.latch_result("rm", &[&path], "latch enabled", |nonce| {
                        format!("rm --confirm=\"{}\" {}", nonce, path)
                    })
                }
            }
            RmAction::Delete => {
                match remove_path(&*ctx.backend, Path::new(&resolved), recursive, force).await {
                    Ok(()) => ExecResult::success(""),
                    Err(e) => ExecResult::failure(1, format!("rm: {}: {}", path, e)),
                }
            }
        }
    }
}

/// Remove a path, optionally recursively.
async fn remove_path(backend: &dyn KernelBackend, path: &Path, recursive: bool, force: bool) -> Result<(), BackendError> {
    // Check if path exists
    match backend.stat(path).await {
        Ok(info) => {
            if info.is_dir() && recursive {
                // Remove contents first
                remove_dir_recursive(backend, path).await?;
            }
            backend.remove(path, false).await
        }
        Err(BackendError::NotFound(_)) if force => {
            // -f ignores nonexistent files
            Ok(())
        }
        Err(e) => Err(e),
    }
}

/// Recursively remove directory contents, then the directory itself.
fn remove_dir_recursive<'a>(
    backend: &'a dyn KernelBackend,
    dir: &'a Path,
) -> std::pin::Pin<Box<dyn std::future::Future<Output = Result<(), BackendError>> + Send + 'a>> {
    Box::pin(async move {
        let entries = backend.list(dir).await?;

        for entry in entries {
            let child_path: PathBuf = dir.join(&entry.name);
            if entry.is_dir() {
                // Recurse into subdirectory
                remove_dir_recursive(backend, &child_path).await?;
                backend.remove(&child_path, false).await?;
            } else {
                backend.remove(&child_path, false).await?;
            }
        }

        Ok(())
    })
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::ast::Value;
    use crate::vfs::{Filesystem, MemoryFs, VfsRouter};
    use std::sync::Arc;

    async fn make_ctx() -> ExecContext {
        let mut vfs = VfsRouter::new();
        let mem = MemoryFs::new();
        mem.write(Path::new("file.txt"), b"data").await.unwrap();
        mem.mkdir(Path::new("emptydir")).await.unwrap();
        mem.write(Path::new("fulldir/file.txt"), b"data").await.unwrap();
        vfs.mount("/", mem);
        ExecContext::new(Arc::new(vfs))
    }

    #[tokio::test]
    async fn test_rm_file() {
        let mut ctx = make_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/file.txt".into()));

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());

        // Verify deleted
        assert!(!ctx.backend.exists(Path::new("/file.txt")).await);
    }

    #[tokio::test]
    async fn test_rm_empty_dir() {
        let mut ctx = make_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/emptydir".into()));

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());

        assert!(!ctx.backend.exists(Path::new("/emptydir")).await);
    }

    #[tokio::test]
    async fn test_rm_non_empty_dir_fails() {
        let mut ctx = make_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/fulldir".into()));

        let result = Rm.execute(args, &mut ctx).await;
        assert!(!result.ok());
        // Directory should still exist
        assert!(ctx.backend.exists(Path::new("/fulldir")).await);
    }

    #[tokio::test]
    async fn test_rm_nonexistent() {
        let mut ctx = make_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/nonexistent".into()));

        let result = Rm.execute(args, &mut ctx).await;
        assert!(!result.ok());
    }

    #[tokio::test]
    async fn test_rm_no_arg() {
        let mut ctx = make_ctx().await;
        let args = ToolArgs::new();

        let result = Rm.execute(args, &mut ctx).await;
        assert!(!result.ok());
        assert!(result.err.contains("missing"));
    }

    #[tokio::test]
    async fn test_rm_r_recursive() {
        let mut ctx = make_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/fulldir".into()));
        args.flags.insert("r".to_string());

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());

        // Verify directory and contents removed
        assert!(!ctx.backend.exists(Path::new("/fulldir")).await);
        assert!(!ctx.backend.exists(Path::new("/fulldir/file.txt")).await);
    }

    #[tokio::test]
    async fn test_rm_recursive_flag() {
        let mut ctx = make_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/fulldir".into()));
        args.flags.insert("recursive".to_string());

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());
        assert!(!ctx.backend.exists(Path::new("/fulldir")).await);
    }

    #[tokio::test]
    async fn test_rm_f_force_nonexistent() {
        let mut ctx = make_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/nonexistent".into()));
        args.flags.insert("f".to_string());

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok()); // -f silences not-found errors
    }

    #[tokio::test]
    async fn test_rm_force_flag_nonexistent() {
        let mut ctx = make_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/nonexistent".into()));
        args.flags.insert("force".to_string());

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());
    }

    async fn make_deep_ctx() -> ExecContext {
        let mut vfs = VfsRouter::new();
        let mem = MemoryFs::new();
        mem.write(Path::new("deep/a/b/c/file.txt"), b"data").await.unwrap();
        mem.write(Path::new("deep/a/sibling.txt"), b"data").await.unwrap();
        vfs.mount("/", mem);
        ExecContext::new(Arc::new(vfs))
    }

    #[tokio::test]
    async fn test_rm_r_deeply_nested() {
        let mut ctx = make_deep_ctx().await;
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/deep".into()));
        args.flags.insert("r".to_string());

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());

        assert!(!ctx.backend.exists(Path::new("/deep")).await);
        assert!(!ctx.backend.exists(Path::new("/deep/a")).await);
        assert!(!ctx.backend.exists(Path::new("/deep/a/b")).await);
    }

    // ── Latch tests (MemoryFs — no real filesystem) ──

    #[tokio::test]
    async fn test_rm_latch_off_deletes_normally() {
        let mut ctx = make_ctx().await;
        // latch is off by default

        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/file.txt".into()));

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());
        assert!(!ctx.backend.exists(Path::new("/file.txt")).await);
    }

    #[tokio::test]
    async fn test_rm_latch_on_no_confirm_returns_code_2() {
        let mut ctx = make_ctx().await;
        ctx.scope.set_latch_enabled(true);

        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/file.txt".into()));

        let result = Rm.execute(args, &mut ctx).await;
        assert_eq!(result.code, 2);
        // Error message should contain a hex nonce pattern and authorized paths
        assert!(result.err.contains("confirmation required"));
        assert!(result.err.contains("Authorized: /file.txt"));
        assert!(result.err.contains("--confirm="));
        assert!(result.err.contains("60 seconds"));
        // Structured latch data should be present
        let data = result.data.as_ref().expect("latch result should have data");
        if let Value::Json(json) = data {
            assert!(json["nonce"].is_string());
            assert_eq!(json["command"], "rm");
            assert_eq!(json["paths"], serde_json::json!(["/file.txt"]));
            assert_eq!(json["ttl"], 60);
            assert!(json["hint"].as_str().unwrap().contains("--confirm="));
        } else {
            panic!("expected Value::Json, got {:?}", data);
        }
        // File should still exist
        assert!(ctx.backend.exists(Path::new("/file.txt")).await);
    }

    #[tokio::test]
    async fn test_rm_latch_on_valid_confirm_deletes() {
        let mut ctx = make_ctx().await;
        ctx.scope.set_latch_enabled(true);

        // Issue a nonce manually
        let nonce = ctx.nonce_store.issue("rm", &["/file.txt"]);

        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/file.txt".into()));
        args.named.insert("confirm".to_string(), Value::String(nonce));

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());
        assert!(!ctx.backend.exists(Path::new("/file.txt")).await);
    }

    #[tokio::test]
    async fn test_rm_latch_on_invalid_confirm_fails() {
        let mut ctx = make_ctx().await;
        ctx.scope.set_latch_enabled(true);

        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/file.txt".into()));
        args.named.insert("confirm".to_string(), Value::String("bogus123".into()));

        let result = Rm.execute(args, &mut ctx).await;
        assert_eq!(result.code, 1);
        assert!(result.err.contains("invalid nonce"));
        assert!(ctx.backend.exists(Path::new("/file.txt")).await);
    }

    #[tokio::test]
    async fn test_rm_latch_on_force_nonexistent() {
        let mut ctx = make_ctx().await;
        ctx.scope.set_latch_enabled(true);

        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/nonexistent".into()));
        args.flags.insert("f".to_string());

        // -f on nonexistent should succeed silently (no latch — nothing to gate)
        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());
    }

    #[tokio::test]
    async fn test_rm_latch_on_nonexistent_no_force() {
        let mut ctx = make_ctx().await;
        ctx.scope.set_latch_enabled(true);

        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/nonexistent".into()));

        // Should error with NotFound, NOT exit code 2
        let result = Rm.execute(args, &mut ctx).await;
        assert_eq!(result.code, 1);
        assert!(result.err.contains("No such file"));
    }

    #[tokio::test]
    async fn test_rm_latch_nonce_reuse_idempotent() {
        let mut ctx = make_ctx().await;
        ctx.scope.set_latch_enabled(true);

        let nonce = ctx.nonce_store.issue("rm", &["/file.txt"]);

        // First confirm: deletes the file
        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/file.txt".into()));
        args.named.insert("confirm".to_string(), Value::String(nonce.clone()));

        let result = Rm.execute(args, &mut ctx).await;
        assert!(result.ok());
        assert!(!ctx.backend.exists(Path::new("/file.txt")).await);

        // Second confirm: file is gone, NotFound error (not exit code 2)
        let mut args2 = ToolArgs::new();
        args2.positional.push(Value::String("/file.txt".into()));
        args2.named.insert("confirm".to_string(), Value::String(nonce));

        let result2 = Rm.execute(args2, &mut ctx).await;
        assert_eq!(result2.code, 1);
    }

    #[tokio::test]
    async fn test_rm_latch_error_message_is_parseable() {
        let mut ctx = make_ctx().await;
        ctx.scope.set_latch_enabled(true);

        let mut args = ToolArgs::new();
        args.positional.push(Value::String("/file.txt".into()));

        let result = Rm.execute(args, &mut ctx).await;
        assert_eq!(result.code, 2);

        // Parse the nonce from the error message
        let err = &result.err;
        assert!(err.contains("rm --confirm="));
        assert!(err.contains("/file.txt"));
        assert!(err.contains("60 seconds"));

        // Extract nonce: find '--confirm="' then take next 8 chars
        let confirm_prefix = "rm --confirm=\"";
        let idx = err.find(confirm_prefix).expect("should contain confirm prefix");
        let nonce_start = idx + confirm_prefix.len();
        let nonce: String = err[nonce_start..].chars().take(8).collect();
        assert_eq!(nonce.len(), 8);
        assert!(nonce.chars().all(|c| c.is_ascii_hexdigit()));
    }

    // ── Decision logic unit tests ──

    #[test]
    fn test_decide_rm_action_no_flags() {
        let action = decide_rm_action(false, false, None, Some(100), 10_000_000, false);
        assert_eq!(action, RmAction::Delete);
    }

    #[test]
    fn test_decide_rm_action_latch_only() {
        let action = decide_rm_action(false, true, None, Some(100), 10_000_000, false);
        assert_eq!(action, RmAction::Latch);
    }

    #[test]
    fn test_decide_rm_action_trash_small_file() {
        let real = PathBuf::from("/home/user/file.txt");
        let action = decide_rm_action(true, false, Some(&real), Some(100), 10_000_000, false);
        assert_eq!(action, RmAction::Trash(real));
    }

    #[test]
    fn test_decide_rm_action_trash_small_with_latch() {
        // Small file → trash catches it, latch irrelevant
        let real = PathBuf::from("/home/user/file.txt");
        let action = decide_rm_action(true, true, Some(&real), Some(100), 10_000_000, false);
        assert_eq!(action, RmAction::Trash(real));
    }

    #[test]
    fn test_decide_rm_action_trash_large_no_latch() {
        let real = PathBuf::from("/home/user/bigfile.bin");
        let action = decide_rm_action(true, false, Some(&real), Some(100_000_000), 10_000_000, false);
        assert_eq!(action, RmAction::Delete);
    }

    #[test]
    fn test_decide_rm_action_trash_large_with_latch() {
        let real = PathBuf::from("/home/user/bigfile.bin");
        let action = decide_rm_action(true, true, Some(&real), Some(100_000_000), 10_000_000, false);
        assert_eq!(action, RmAction::Latch);
    }

    #[test]
    fn test_decide_rm_action_trash_virtual_path() {
        // Virtual path (resolve_real_path returns None) → normal delete
        let action = decide_rm_action(true, false, None, Some(100), 10_000_000, false);
        assert_eq!(action, RmAction::Delete);
    }

    #[test]
    fn test_decide_rm_action_trash_excluded_tmp() {
        let real = PathBuf::from("/tmp/scratch");
        let action = decide_rm_action(true, false, Some(&real), Some(100), 10_000_000, false);
        assert_eq!(action, RmAction::Delete);
    }

    #[test]
    fn test_decide_rm_action_trash_excluded_v() {
        let real = PathBuf::from("/v/jobs/something");
        let action = decide_rm_action(true, false, Some(&real), Some(100), 10_000_000, false);
        assert_eq!(action, RmAction::Delete);
    }

    // ── Directory-specific tests ──

    #[test]
    fn test_decide_rm_action_dir_always_trashes() {
        let real = PathBuf::from("/home/user/mydir");
        // Directory with size=0 (stat behavior) — should trash regardless of threshold
        let action = decide_rm_action(true, false, Some(&real), Some(0), 10_000_000, true);
        assert_eq!(action, RmAction::Trash(real));
    }

    #[test]
    fn test_decide_rm_action_dir_trashes_with_latch() {
        let real = PathBuf::from("/home/user/mydir");
        // Directory always trashes when trash enabled — latch irrelevant
        let action = decide_rm_action(true, true, Some(&real), Some(0), 10_000_000, true);
        assert_eq!(action, RmAction::Trash(real));
    }

    #[test]
    fn test_decide_rm_action_dir_excluded_tmp() {
        let real = PathBuf::from("/tmp/mydir");
        // Excluded path — directory still gets excluded
        let action = decide_rm_action(true, false, Some(&real), Some(0), 10_000_000, true);
        assert_eq!(action, RmAction::Delete);
    }

    // ── Composition matrix (rstest) ──

    #[derive(Debug, PartialEq)]
    enum Outcome {
        Deleted,
        Trashed,
        Latched,
    }

    fn matrix_action_to_outcome(action: &RmAction) -> Outcome {
        match action {
            RmAction::Trash(_) => Outcome::Trashed,
            RmAction::Delete => Outcome::Deleted,
            RmAction::Latch => Outcome::Latched,
        }
    }

    #[test]
    fn test_composition_matrix() {
        let real = PathBuf::from("/home/user/file.txt");
        let small = 100u64;
        let large = 100_000_000u64;
        let max = 10_000_000u64;

        // (trash, latch, size, is_dir) → expected outcome
        let cases = vec![
            (false, false, small, false, Outcome::Deleted),
            (false, true,  small, false, Outcome::Latched),
            (true,  false, small, false, Outcome::Trashed),
            (true,  true,  small, false, Outcome::Trashed),   // trash catches small, latch irrelevant
            (false, false, large, false, Outcome::Deleted),
            (false, true,  large, false, Outcome::Latched),
            (true,  false, large, false, Outcome::Deleted),    // too big for trash, no latch → delete
            (true,  true,  large, false, Outcome::Latched),    // too big for trash + latch → gate
            // Directories always trash (size irrelevant)
            (true,  false, 0,     true,  Outcome::Trashed),
            (true,  true,  0,     true,  Outcome::Trashed),
            // Dir without trash enabled → normal flow
            (false, false, 0,     true,  Outcome::Deleted),
            (false, true,  0,     true,  Outcome::Latched),
        ];

        for (trash, latch, size, is_dir, expected) in cases {
            let action = decide_rm_action(trash, latch, Some(&real), Some(size), max, is_dir);
            let outcome = matrix_action_to_outcome(&action);
            assert_eq!(
                outcome, expected,
                "trash={}, latch={}, size={}, is_dir={}: expected {:?}, got {:?}",
                trash, latch, size, is_dir, expected, outcome
            );
        }
    }
}