kaish-kernel 0.8.1

Core kernel for kaish: lexer, parser, interpreter, and runtime
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401

//! TDD tests for background execution (`&` operator).
//!
//! These tests document expected behavior. Implementation in kernel.rs
//! will make them pass.
//!
//! The `&` operator should:
//! - Spawn the command as a background job
//! - Register it with JobManager and create /v/jobs/{id}/ VFS entries
//! - Return immediately with a job ID like "[1]"
//! - Capture stdout/stderr via BoundedStream
//! - Allow polling status via /v/jobs/{id}/status

use std::time::Duration;

use std::sync::Arc;

use kaish_kernel::{Kernel, KernelConfig};

/// Create a test kernel with an isolated (no local filesystem) configuration.
async fn setup() -> Arc<Kernel> {
    Kernel::new(KernelConfig::isolated()).expect("failed to create kernel").into_arc()
}

/// Wait for a job to complete by polling status.
///
/// This avoids flaky sleeps by checking actual job state.
async fn wait_for_job(kernel: &Kernel, job_id: u64, timeout: Duration) -> String {
    let start = std::time::Instant::now();
    let status_cmd = format!("cat /v/jobs/{}/status", job_id);

    loop {
        let result = kernel.execute(&status_cmd).await.expect("status check failed");
        let text = result.text_out();
        let status = text.trim();

        if status.starts_with("done:") || status.starts_with("failed:") {
            return status.to_string();
        }

        if start.elapsed() > timeout {
            panic!("Job {} did not complete within {:?}", job_id, timeout);
        }

        tokio::time::sleep(Duration::from_millis(10)).await;
    }
}

// ============================================================================
// Host filesystem isolation (no spill/job-output leaks)
// ============================================================================

/// A kernel that owns no host filesystem must not persist job output to a host
/// temp file — that write goes through `std::fs`, bypassing the VFS and any
/// read-only mount. Holds for `NoLocal` (mounts nothing) and `with_backend`
/// (the embedder owns the VFS). A host-owning kernel still persists.
#[tokio::test]
async fn test_job_output_persistence_disabled_for_hostless_kernels() {
    use kaish_kernel::vfs::{MemoryFs, VfsRouter};
    use kaish_kernel::{KernelBackend, LocalBackend};

    // NoLocal: no host filesystem mounted.
    let isolated = Kernel::new(KernelConfig::isolated()).expect("isolated kernel");
    assert!(
        !isolated.jobs().persist_output_files(),
        "NoLocal kernel must not write job output to host disk"
    );

    // Custom backend: embedder owns the entire VFS, kernel owns no host mounts.
    let mut vfs = VfsRouter::new();
    vfs.mount("/", MemoryFs::new());
    let backend: Arc<dyn KernelBackend> = Arc::new(LocalBackend::new(Arc::new(vfs)));
    let embedded = Kernel::with_backend(backend, KernelConfig::isolated(), |_| {}, |_| {})
        .expect("with_backend kernel");
    assert!(
        !embedded.jobs().persist_output_files(),
        "with_backend kernel must not write job output to host disk"
    );

    // A host-owning kernel (Sandboxed) keeps the default persistence.
    let host_owning = Kernel::new(KernelConfig::transient()).expect("transient kernel");
    assert!(
        host_owning.jobs().persist_output_files(),
        "a host-owning kernel should still persist job output files"
    );
}

/// A `with_backend` kernel must truncate over-limit output in memory, never
/// spill it to a host file via `std::fs` — even when the config requests
/// `SpillMode::Disk`. Otherwise project bytes leak to host `/tmp`, bypassing the
/// read-only VFS. Uses a `Sandboxed`-mode config (whose `vfs_mode` alone would
/// NOT force memory) so this proves the `with_backend` override specifically.
#[tokio::test]
async fn test_with_backend_forces_in_memory_spill_not_host_disk() {
    use kaish_kernel::vfs::{MemoryFs, VfsRouter};
    use kaish_kernel::{KernelBackend, LocalBackend, OutputLimitConfig};

    let mut limit = OutputLimitConfig::mcp(); // SpillMode::Disk (the leaky default)
    limit.set_limit(Some(16));
    let config = KernelConfig::transient().with_output_limit(limit); // Sandboxed mode

    let mut vfs = VfsRouter::new();
    vfs.mount("/", MemoryFs::new());
    let backend: Arc<dyn KernelBackend> = Arc::new(LocalBackend::new(Arc::new(vfs)));
    let kernel = Kernel::with_backend(backend, config, |_| {}, |_| {})
        .expect("with_backend kernel");

    let result = kernel.execute("seq 1 50").await.expect("execute failed");
    assert!(result.did_spill, "output over the 16-byte limit should be truncated");
    assert!(
        result.text_out().contains("no spill file"),
        "with_backend kernel must truncate in memory, not spill to host disk; got: {}",
        result.text_out()
    );
}

// ============================================================================
// Basic Background Execution
// ============================================================================

#[tokio::test]
async fn test_background_job_returns_job_id() {
    let kernel = setup().await;
    let result = kernel.execute("echo hello &").await.unwrap();

    assert!(result.ok(), "background command should succeed, got: {}", result.err);
    // Should return job ID like "[1]"
    assert!(
        result.text_out().contains("[1]") || result.text_out().contains("1"),
        "expected job ID in output, got: {}",
        result.text_out()
    );
}

#[tokio::test]
async fn test_background_job_creates_vfs_entry() {
    let kernel = setup().await;
    kernel.execute("echo hello &").await.unwrap();

    // Give job a moment to register
    tokio::time::sleep(Duration::from_millis(10)).await;

    // Job should appear in /v/jobs
    let result = kernel.execute("ls /v/jobs").await.unwrap();
    assert!(result.ok(), "ls /v/jobs failed: {}", result.err);
    assert!(
        result.text_out().contains("1"),
        "expected job 1 in /v/jobs, got: {}",
        result.text_out()
    );
}

#[tokio::test]
async fn test_background_job_captures_stdout() {
    let kernel = setup().await;
    kernel.execute("echo 'hello from background' &").await.unwrap();

    wait_for_job(&kernel, 1, Duration::from_secs(1)).await;

    let result = kernel.execute("cat /v/jobs/1/stdout").await.unwrap();
    assert!(result.ok(), "cat stdout failed: {}", result.err);
    assert!(
        result.text_out().contains("hello from background"),
        "expected stdout content, got: {}",
        result.text_out()
    );
}

#[tokio::test]
async fn test_background_job_status_transitions() {
    let kernel = setup().await;
    kernel.execute("sleep 1 &").await.unwrap();

    // Give job a moment to register
    tokio::time::sleep(Duration::from_millis(10)).await;

    // Check status while running (immediate check)
    let result = kernel.execute("cat /v/jobs/1/status").await.unwrap();
    assert!(result.ok(), "status check failed: {}", result.err);
    assert_eq!(result.text_out().trim(), "running", "expected running status");

    // Wait for completion
    let status = wait_for_job(&kernel, 1, Duration::from_secs(1)).await;
    assert_eq!(status, "done:0", "expected done:0 status");
}

#[tokio::test]
async fn test_background_job_command_file() {
    let kernel = setup().await;
    kernel.execute("echo test123 &").await.unwrap();

    wait_for_job(&kernel, 1, Duration::from_secs(1)).await;

    let result = kernel.execute("cat /v/jobs/1/command").await.unwrap();
    assert!(result.ok(), "cat command failed: {}", result.err);
    assert!(
        result.text_out().contains("echo") && result.text_out().contains("test123"),
        "expected command in output, got: {}",
        result.text_out()
    );
}

// ============================================================================
// Multiple Jobs
// ============================================================================

#[tokio::test]
async fn test_multiple_background_jobs() {
    let kernel = setup().await;

    kernel.execute("echo job1 &").await.unwrap();
    kernel.execute("echo job2 &").await.unwrap();
    kernel.execute("echo job3 &").await.unwrap();

    // Wait for all jobs
    wait_for_job(&kernel, 1, Duration::from_secs(1)).await;
    wait_for_job(&kernel, 2, Duration::from_secs(1)).await;
    wait_for_job(&kernel, 3, Duration::from_secs(1)).await;

    // All jobs should exist
    let result = kernel.execute("ls /v/jobs").await.unwrap();
    assert!(result.ok());
    assert!(result.text_out().contains("1"), "missing job 1");
    assert!(result.text_out().contains("2"), "missing job 2");
    assert!(result.text_out().contains("3"), "missing job 3");
}

#[tokio::test]
async fn test_each_job_has_correct_output() {
    let kernel = setup().await;

    kernel.execute("echo 'output-one' &").await.unwrap();
    kernel.execute("echo 'output-two' &").await.unwrap();

    wait_for_job(&kernel, 1, Duration::from_secs(1)).await;
    wait_for_job(&kernel, 2, Duration::from_secs(1)).await;

    let r1 = kernel.execute("cat /v/jobs/1/stdout").await.unwrap();
    let r2 = kernel.execute("cat /v/jobs/2/stdout").await.unwrap();

    assert!(r1.text_out().contains("output-one"), "job 1 wrong output: {}", r1.text_out());
    assert!(r2.text_out().contains("output-two"), "job 2 wrong output: {}", r2.text_out());
}

// ============================================================================
// Context Inheritance
// ============================================================================

#[tokio::test]
async fn test_background_job_inherits_env() {
    let kernel = setup().await;

    // Set environment variable
    kernel.execute("export MY_VAR=test_value").await.unwrap();
    kernel.execute("echo $MY_VAR &").await.unwrap();

    wait_for_job(&kernel, 1, Duration::from_secs(1)).await;

    let result = kernel.execute("cat /v/jobs/1/stdout").await.unwrap();
    assert!(
        result.text_out().contains("test_value"),
        "expected env var in output, got: {}",
        result.text_out()
    );
}

#[tokio::test]
async fn test_background_job_inherits_cwd() {
    let kernel = setup().await;

    // Create a unique test directory in the in-memory VFS and cd into it
    let dir = format!("/tmp/test_cwd_{}", std::process::id());
    kernel.execute(&format!("mkdir -p {dir}")).await.unwrap();
    kernel.execute(&format!("cd {dir}")).await.unwrap();
    kernel.execute("pwd &").await.unwrap();

    wait_for_job(&kernel, 1, Duration::from_secs(1)).await;

    let result = kernel.execute("cat /v/jobs/1/stdout").await.unwrap();
    assert!(
        result.text_out().contains(&dir),
        "expected cwd in output, got: {}",
        result.text_out()
    );
}

// ============================================================================
// Error Handling & Exit Codes
// ============================================================================

#[tokio::test]
async fn test_failed_background_job_status() {
    let kernel = setup().await;

    // Command that will fail (false returns exit code 1)
    kernel.execute("false &").await.unwrap();

    let status = wait_for_job(&kernel, 1, Duration::from_secs(1)).await;
    assert!(
        status.starts_with("failed:") || status == "done:1",
        "expected failed status, got: {}",
        status
    );
}

// ============================================================================
// Pipelines in Background
// ============================================================================

#[tokio::test]
async fn test_pipeline_in_background() {
    let kernel = setup().await;

    kernel.execute("echo 'line1\nline2\nline3' | wc -l &").await.unwrap();

    wait_for_job(&kernel, 1, Duration::from_secs(1)).await;

    let result = kernel.execute("cat /v/jobs/1/stdout").await.unwrap();
    assert!(result.ok(), "cat failed: {}", result.err);
    // wc -l should output "3"
    assert!(
        result.text_out().trim() == "3" || result.text_out().contains("3"),
        "expected 3 lines, got: {}",
        result.text_out()
    );
}

// ============================================================================
// Jobs Builtin Integration
// ============================================================================

#[tokio::test]
async fn test_jobs_builtin_shows_background_job() {
    let kernel = setup().await;

    kernel.execute("echo background-test &").await.unwrap();

    // Give job a moment to register
    tokio::time::sleep(Duration::from_millis(10)).await;

    let result = kernel.execute("jobs").await.unwrap();
    assert!(result.ok(), "jobs command failed: {}", result.err);
    assert!(
        result.text_out().contains("1") && result.text_out().contains("/v/jobs/1/"),
        "expected job info, got: {}",
        result.text_out()
    );
}

/// `wait %N` — the bash jobspec form — must parse (it was a lexer error) and
/// wait for the named background job end-to-end.
#[tokio::test]
async fn wait_jobspec_percent_form_end_to_end() {
    let kernel = setup().await;
    let result = kernel
        .execute("sleep 0.05 & wait %1")
        .await
        .expect("wait %1 should parse and run");
    assert!(result.ok(), "wait %1 failed: {}", result.err);
    assert!(
        result.text_out().contains("[1]"),
        "expected job 1 status, got: {}",
        result.text_out()
    );
}

/// Phase 1: `kill %N` stops a pure-builtin background job (no OS process
/// group) via its cancellation token, and removes it from the table.
/// (`kill` is gated on the `subprocess` feature.)
#[cfg(feature = "subprocess")]
#[tokio::test]
async fn kill_terminates_builtin_background_job() {
    let kernel = setup().await;
    // Background a long builtin sleep, then kill it. The kill must succeed and
    // drop the job — a follow-up kill reports it gone.
    let r = kernel.execute("sleep 30 & kill %1").await.expect("execute");
    assert_eq!(r.code, 0, "kill %1 of a builtin job should succeed: {}", r.err);

    let again = kernel.execute("kill %1").await.expect("execute");
    assert!(!again.ok(), "job should be gone after kill");
    assert!(again.err.contains("not found"), "got: {}", again.err);
}

/// A non-terminating signal to a pure-builtin job is refused loudly (there is
/// no process group to deliver SIGUSR1 to), rather than silently terminating.
#[cfg(feature = "subprocess")]
#[tokio::test]
async fn kill_nonterminating_signal_on_builtin_job_errors() {
    let kernel = setup().await;
    let r = kernel
        .execute("sleep 30 & kill --signal USR1 %1")
        .await
        .expect("execute");
    assert!(!r.ok());
    assert!(
        r.err.contains("in-process task") && r.err.contains("USR1"),
        "expected in-process-task error, got: {}",
        r.err
    );
    // Clean up the still-running job.
    let _ = kernel.execute("kill %1").await;
}