kaish_kernel/tools/context.rs
1//! Execution context for tools.
2
3use std::collections::HashMap;
4use std::path::{Component, PathBuf};
5use std::sync::Arc;
6
7use crate::ast::Value;
8use crate::backend::{KernelBackend, LocalBackend};
9use crate::dispatch::PipelinePosition;
10use crate::ignore_config::IgnoreConfig;
11use crate::interpreter::{ExecResult, Scope};
12use crate::nonce::NonceStore;
13use crate::output_limit::OutputLimitConfig;
14use crate::scheduler::{JobManager, PipeReader, PipeWriter, StderrStream};
15use crate::tools::ToolRegistry;
16use crate::trash::TrashBackend;
17use crate::vfs::VfsRouter;
18use kaish_vfs::ByteBudget;
19use tokio_util::sync::CancellationToken;
20
21use crate::interpreter::OutputFormat;
22
23use super::traits::ToolSchema;
24
25/// Output context determines how command output should be formatted.
26///
27/// Different contexts prefer different output formats:
28/// - **Interactive** — Pretty columns, colors, traditional tree (TTY/REPL)
29/// - **Piped** — Raw output for pipeline processing
30/// - **Model** — Token-efficient compact formats (MCP server / agent context)
31/// - **Script** — Non-interactive script execution
32#[derive(Debug, Clone, Copy, PartialEq, Eq, Default)]
33pub enum OutputContext {
34 /// Interactive TTY/REPL - use human-friendly format with colors.
35 #[default]
36 Interactive,
37 /// Output to another command - use raw output for pipes.
38 Piped,
39 /// MCP server / agent context - use token-efficient model format.
40 Model,
41 /// Non-interactive script - use raw output.
42 Script,
43}
44
45/// Execution context passed to tools.
46///
47/// Provides access to the backend (for file operations and tool dispatch),
48/// scope, and other kernel state.
49pub struct ExecContext {
50 /// Kernel backend for I/O operations.
51 ///
52 /// This is the preferred way to access filesystem operations.
53 /// Use `backend.read()`, `backend.write()`, etc.
54 pub backend: Arc<dyn KernelBackend>,
55 /// Variable scope.
56 pub scope: Scope,
57 /// Current working directory (VFS path).
58 pub cwd: PathBuf,
59 /// Previous working directory (for `cd -`).
60 pub prev_cwd: Option<PathBuf>,
61 /// Standard input for the tool (from pipeline).
62 pub stdin: Option<String>,
63 /// Structured data from pipeline (pre-parsed JSON from previous command).
64 /// Tools can check this before parsing stdin to avoid redundant JSON parsing.
65 pub stdin_data: Option<Value>,
66 /// Streaming pipe input (set when this command is in a concurrent pipeline).
67 pub pipe_stdin: Option<PipeReader>,
68 /// Streaming pipe output (set when this command is in a concurrent pipeline).
69 pub pipe_stdout: Option<PipeWriter>,
70 /// Tool schemas for help command.
71 pub tool_schemas: Vec<ToolSchema>,
72 /// Tool registry reference (for tools that need to inspect available tools).
73 pub tools: Option<Arc<ToolRegistry>>,
74 /// Job manager for background jobs (optional).
75 pub job_manager: Option<Arc<JobManager>>,
76 /// Kernel stderr stream for real-time error output from pipeline stages.
77 ///
78 /// When set, pipeline stages write stderr here instead of buffering in
79 /// `ExecResult.err`. This allows stderr from all stages to stream to
80 /// the terminal (or other sink) concurrently, matching bash behavior.
81 pub stderr: Option<StderrStream>,
82 /// Position of this command within a pipeline (for stdio decisions).
83 pub pipeline_position: PipelinePosition,
84 /// Whether we're running in interactive (REPL) mode.
85 pub interactive: bool,
86 /// Command aliases (name → expansion string).
87 pub aliases: HashMap<String, String>,
88 /// Ignore file configuration for file-walking tools.
89 pub ignore_config: IgnoreConfig,
90 /// Output size limit configuration for agent safety.
91 pub output_limit: OutputLimitConfig,
92 /// Whether external command execution is allowed.
93 ///
94 /// When `false`, external commands (PATH lookup, `exec`, `spawn`) are blocked.
95 /// Only kaish builtins and backend-registered tools (MCP) are available.
96 pub allow_external_commands: bool,
97 /// Confirmation nonce store for latch-gated operations.
98 ///
99 /// Arc-shared across pipeline stages so nonces issued in one stage
100 /// can be validated in another.
101 pub nonce_store: NonceStore,
102 /// Trash backend for safe file deletion.
103 ///
104 /// Always present when the kernel creates the context (even if `set -o trash`
105 /// is off — the backend exists so `kaish-trash list/restore/empty` work
106 /// regardless of the trash flag).
107 pub trash_backend: Option<Arc<dyn TrashBackend>>,
108 /// Terminal state for job control (interactive mode, Unix only).
109 #[cfg(all(unix, feature = "subprocess"))]
110 pub terminal_state: Option<std::sync::Arc<crate::terminal::TerminalState>>,
111 /// Command dispatcher for re-dispatching through the full resolution chain.
112 ///
113 /// When set (via `Kernel::into_arc()`), builtins like `timeout` can dispatch
114 /// inner commands through the full chain (user tools → builtins → .kai scripts
115 /// → external commands) instead of being limited to `backend.call_tool()`.
116 ///
117 /// `None` when the Kernel was not wrapped via `into_arc()`.
118 pub dispatcher: Option<Arc<dyn crate::dispatch::CommandDispatcher>>,
119 /// Cancellation token for this execution path.
120 ///
121 /// Populated by the kernel at execute entry, then propagated through pipeline
122 /// stages, foreground forks (scatter workers, concurrent pipeline stages,
123 /// `$(...)` cmdsubs), and into spawned external children. When the token
124 /// fires, externals receive SIGTERM/SIGKILL via the `wait_or_kill` helper.
125 ///
126 /// Default for stand-alone `ExecContext` constructors is a fresh, never-fired
127 /// token so non-kernel test contexts behave as before.
128 pub cancel: CancellationToken,
129 /// Per-execution output format override set by a builtin's GlobalFlags
130 /// flatten (e.g. `--json`). The dispatcher reads this after `tool.execute()`
131 /// returns and applies the format via `apply_output_format`.
132 ///
133 /// Builtins set this via `GlobalFlags::apply(ctx)`; external commands
134 /// don't touch it.
135 pub output_format: Option<OutputFormat>,
136
137 /// Shared VFS memory budget for this kernel's `MemoryFs` mounts.
138 ///
139 /// `Arc`-cloned from the owning `Kernel` (or its fork parent) so all
140 /// concurrent execution paths draw from the same pool. `None` means
141 /// unbounded. Populated by `Kernel::assemble` and forwarded through
142 /// `child_for_pipeline` / `fork_inner` so background jobs and scatter
143 /// workers see the same cap as foreground execution.
144 pub vfs_budget: Option<Arc<ByteBudget>>,
145
146 /// The per-execute timeout watchdog, when a script timeout is in effect.
147 ///
148 /// Populated by the kernel at execute entry (alongside `cancel`) and
149 /// shared through `child_for_pipeline` so forks and pipeline stages can
150 /// acquire patient holds against the same script clock. `None` when no
151 /// timeout is configured — `ToolCtx::patient` then returns an inert guard.
152 pub watchdog: Option<Arc<crate::watchdog::Watchdog>>,
153
154 /// Active overlay handle when the kernel was constructed with `overlay: true`.
155 ///
156 /// `Arc`-cloned so forks and pipeline stages share the same transaction.
157 /// `None` when no overlay is active (most kernels).
158 #[cfg(all(feature = "localfs", feature = "overlay"))]
159 pub overlay_handle: Option<Arc<crate::kernel::OverlayHandle>>,
160}
161
162impl ExecContext {
163 /// Create a new execution context with a VFS (uses LocalBackend without tools).
164 ///
165 /// This constructor is for backward compatibility and tests that don't need tool dispatch.
166 /// For full tool support, use `with_vfs_and_tools`.
167 pub fn new(vfs: Arc<VfsRouter>) -> Self {
168 Self {
169 backend: Arc::new(LocalBackend::new(vfs)),
170 scope: Scope::new(),
171 cwd: PathBuf::from("/"),
172 prev_cwd: None,
173 stdin: None,
174 stdin_data: None,
175 pipe_stdin: None,
176 pipe_stdout: None,
177 stderr: None,
178 tool_schemas: Vec::new(),
179 tools: None,
180 job_manager: None,
181 pipeline_position: PipelinePosition::Only,
182 interactive: false,
183 aliases: HashMap::new(),
184 ignore_config: IgnoreConfig::none(),
185 output_limit: OutputLimitConfig::none(),
186 allow_external_commands: true,
187 nonce_store: NonceStore::new(),
188 trash_backend: None,
189 #[cfg(all(unix, feature = "subprocess"))]
190 terminal_state: None,
191 dispatcher: None,
192 cancel: CancellationToken::new(),
193 output_format: None,
194 vfs_budget: None,
195 watchdog: None,
196 #[cfg(all(feature = "localfs", feature = "overlay"))]
197 overlay_handle: None,
198 }
199 }
200
201 /// Create a new execution context with VFS and tool registry.
202 ///
203 /// This is the preferred constructor for full kaish operation where
204 /// tools need to be dispatched through the backend.
205 pub fn with_vfs_and_tools(vfs: Arc<VfsRouter>, tools: Arc<ToolRegistry>) -> Self {
206 Self {
207 backend: Arc::new(LocalBackend::with_tools(vfs, tools.clone())),
208 scope: Scope::new(),
209 cwd: PathBuf::from("/"),
210 prev_cwd: None,
211 stdin: None,
212 stdin_data: None,
213 pipe_stdin: None,
214 pipe_stdout: None,
215 stderr: None,
216 tool_schemas: Vec::new(),
217 tools: Some(tools),
218 job_manager: None,
219 pipeline_position: PipelinePosition::Only,
220 interactive: false,
221 aliases: HashMap::new(),
222 ignore_config: IgnoreConfig::none(),
223 output_limit: OutputLimitConfig::none(),
224 allow_external_commands: true,
225 nonce_store: NonceStore::new(),
226 trash_backend: None,
227 #[cfg(all(unix, feature = "subprocess"))]
228 terminal_state: None,
229 dispatcher: None,
230 cancel: CancellationToken::new(),
231 output_format: None,
232 vfs_budget: None,
233 watchdog: None,
234 #[cfg(all(feature = "localfs", feature = "overlay"))]
235 overlay_handle: None,
236 }
237 }
238
239 /// Create a new execution context with a custom backend.
240 pub fn with_backend(backend: Arc<dyn KernelBackend>) -> Self {
241 Self {
242 backend,
243 scope: Scope::new(),
244 cwd: PathBuf::from("/"),
245 prev_cwd: None,
246 stdin: None,
247 stdin_data: None,
248 pipe_stdin: None,
249 pipe_stdout: None,
250 stderr: None,
251 tool_schemas: Vec::new(),
252 tools: None,
253 job_manager: None,
254 pipeline_position: PipelinePosition::Only,
255 interactive: false,
256 aliases: HashMap::new(),
257 ignore_config: IgnoreConfig::none(),
258 output_limit: OutputLimitConfig::none(),
259 allow_external_commands: true,
260 nonce_store: NonceStore::new(),
261 trash_backend: None,
262 #[cfg(all(unix, feature = "subprocess"))]
263 terminal_state: None,
264 dispatcher: None,
265 cancel: CancellationToken::new(),
266 output_format: None,
267 vfs_budget: None,
268 watchdog: None,
269 #[cfg(all(feature = "localfs", feature = "overlay"))]
270 overlay_handle: None,
271 }
272 }
273
274 /// Create a context with VFS, tools, and a specific scope.
275 pub fn with_vfs_tools_and_scope(vfs: Arc<VfsRouter>, tools: Arc<ToolRegistry>, scope: Scope) -> Self {
276 Self {
277 backend: Arc::new(LocalBackend::with_tools(vfs, tools.clone())),
278 scope,
279 cwd: PathBuf::from("/"),
280 prev_cwd: None,
281 stdin: None,
282 stdin_data: None,
283 pipe_stdin: None,
284 pipe_stdout: None,
285 stderr: None,
286 tool_schemas: Vec::new(),
287 tools: Some(tools),
288 job_manager: None,
289 pipeline_position: PipelinePosition::Only,
290 interactive: false,
291 aliases: HashMap::new(),
292 ignore_config: IgnoreConfig::none(),
293 output_limit: OutputLimitConfig::none(),
294 allow_external_commands: true,
295 nonce_store: NonceStore::new(),
296 trash_backend: None,
297 #[cfg(all(unix, feature = "subprocess"))]
298 terminal_state: None,
299 dispatcher: None,
300 cancel: CancellationToken::new(),
301 output_format: None,
302 vfs_budget: None,
303 watchdog: None,
304 #[cfg(all(feature = "localfs", feature = "overlay"))]
305 overlay_handle: None,
306 }
307 }
308
309 /// Create a context with a specific scope (uses LocalBackend without tools).
310 ///
311 /// For tests that don't need tool dispatch. For full tool support,
312 /// use `with_vfs_tools_and_scope`.
313 pub fn with_scope(vfs: Arc<VfsRouter>, scope: Scope) -> Self {
314 Self {
315 backend: Arc::new(LocalBackend::new(vfs)),
316 scope,
317 cwd: PathBuf::from("/"),
318 prev_cwd: None,
319 stdin: None,
320 stdin_data: None,
321 pipe_stdin: None,
322 pipe_stdout: None,
323 stderr: None,
324 tool_schemas: Vec::new(),
325 tools: None,
326 job_manager: None,
327 pipeline_position: PipelinePosition::Only,
328 interactive: false,
329 aliases: HashMap::new(),
330 ignore_config: IgnoreConfig::none(),
331 output_limit: OutputLimitConfig::none(),
332 allow_external_commands: true,
333 nonce_store: NonceStore::new(),
334 trash_backend: None,
335 #[cfg(all(unix, feature = "subprocess"))]
336 terminal_state: None,
337 dispatcher: None,
338 cancel: CancellationToken::new(),
339 output_format: None,
340 vfs_budget: None,
341 watchdog: None,
342 #[cfg(all(feature = "localfs", feature = "overlay"))]
343 overlay_handle: None,
344 }
345 }
346
347 /// Create a context with a custom backend and scope.
348 pub fn with_backend_and_scope(backend: Arc<dyn KernelBackend>, scope: Scope) -> Self {
349 Self {
350 backend,
351 scope,
352 cwd: PathBuf::from("/"),
353 prev_cwd: None,
354 stdin: None,
355 stdin_data: None,
356 pipe_stdin: None,
357 pipe_stdout: None,
358 stderr: None,
359 tool_schemas: Vec::new(),
360 tools: None,
361 job_manager: None,
362 pipeline_position: PipelinePosition::Only,
363 interactive: false,
364 aliases: HashMap::new(),
365 ignore_config: IgnoreConfig::none(),
366 output_limit: OutputLimitConfig::none(),
367 allow_external_commands: true,
368 nonce_store: NonceStore::new(),
369 trash_backend: None,
370 #[cfg(all(unix, feature = "subprocess"))]
371 terminal_state: None,
372 dispatcher: None,
373 cancel: CancellationToken::new(),
374 output_format: None,
375 vfs_budget: None,
376 watchdog: None,
377 #[cfg(all(feature = "localfs", feature = "overlay"))]
378 overlay_handle: None,
379 }
380 }
381
382 /// Set the available tool schemas (for help command).
383 pub fn set_tool_schemas(&mut self, schemas: Vec<ToolSchema>) {
384 self.tool_schemas = schemas;
385 }
386
387 /// Set the tool registry reference.
388 pub fn set_tools(&mut self, tools: Arc<ToolRegistry>) {
389 self.tools = Some(tools);
390 }
391
392 /// Set the job manager for background job tracking.
393 pub fn set_job_manager(&mut self, manager: Arc<JobManager>) {
394 self.job_manager = Some(manager);
395 }
396
397 /// Set the trash backend.
398 pub fn set_trash_backend(&mut self, backend: Arc<dyn TrashBackend>) {
399 self.trash_backend = Some(backend);
400 }
401
402 /// Set stdin for this execution.
403 pub fn set_stdin(&mut self, stdin: String) {
404 self.stdin = Some(stdin);
405 }
406
407 /// Get stdin, consuming it.
408 pub fn take_stdin(&mut self) -> Option<String> {
409 self.stdin.take()
410 }
411
412 /// Set both text stdin and structured data.
413 ///
414 /// Use this when passing output through a pipeline where the previous
415 /// command produced structured data (e.g., JSON from MCP tools).
416 pub fn set_stdin_with_data(&mut self, text: String, data: Option<Value>) {
417 self.stdin = Some(text);
418 self.stdin_data = data;
419 }
420
421 /// Take structured data if available, consuming it.
422 ///
423 /// Tools can use this to avoid re-parsing JSON that was already parsed
424 /// by a previous command in the pipeline.
425 pub fn take_stdin_data(&mut self) -> Option<Value> {
426 self.stdin_data.take()
427 }
428
429 /// Resolve a path relative to cwd, normalizing `.` and `..` components.
430 pub fn resolve_path(&self, path: &str) -> PathBuf {
431 let raw = if path.starts_with('/') {
432 PathBuf::from(path)
433 } else {
434 self.cwd.join(path)
435 };
436 normalize_path(&raw)
437 }
438
439 /// Change the current working directory.
440 ///
441 /// Saves the old directory for `cd -` support.
442 pub fn set_cwd(&mut self, path: PathBuf) {
443 self.prev_cwd = Some(self.cwd.clone());
444 self.cwd = path;
445 }
446
447 /// Get the previous working directory (for `cd -`).
448 pub fn get_prev_cwd(&self) -> Option<&PathBuf> {
449 self.prev_cwd.as_ref()
450 }
451
452 /// Read all stdin (pipe or buffered string) into a String.
453 ///
454 /// Prefers pipe_stdin if set (streaming pipeline), otherwise falls back
455 /// to the buffered stdin string. Consumes the source.
456 pub async fn read_stdin_to_string(&mut self) -> Option<String> {
457 if let Some(mut reader) = self.pipe_stdin.take() {
458 use tokio::io::AsyncReadExt;
459 let mut buf = Vec::new();
460 reader.read_to_end(&mut buf).await.ok()?;
461 Some(String::from_utf8_lossy(&buf).into_owned())
462 } else {
463 self.stdin.take()
464 }
465 }
466
467 /// Read stdin as text, erroring on non-UTF-8 instead of silently
468 /// lossy-decoding it (which corrupts binary with `U+FFFD`).
469 ///
470 /// The strict counterpart to [`Self::read_stdin_to_string`], for text-only
471 /// builtins (`grep`, `sed`, `awk`, `cut`, `sort`, `jq`, …): a binary stream
472 /// is a loud error, not a mangle. Returns `Ok(None)` when there is no stdin
473 /// at all. The `Err` is a ready-to-use message; callers prefix their name.
474 /// See `docs/binary-data.md` and `docs/issues.md`.
475 pub async fn read_stdin_to_text(&mut self) -> Result<Option<String>, String> {
476 match self.read_stdin_to_bytes().await {
477 None => Ok(None),
478 Some(bytes) => String::from_utf8(bytes).map(Some).map_err(|_| {
479 "input is not valid UTF-8 (binary data?) — pipe through base64/xxd \
480 or use a binary-aware tool (cat, dd, cmp, wc -c)"
481 .to_string()
482 }),
483 }
484 }
485
486 /// Read all of stdin as raw bytes, preserving binary intact.
487 ///
488 /// The byte-clean counterpart to [`Self::read_stdin_to_string`], for
489 /// binary-aware builtins (`base64`, `xxd`, `checksum`, `wc -c`, `cmp`, …).
490 /// Returns `None` when there is no stdin at all (no pipe and no buffer);
491 /// an empty pipe yields `Some(vec![])`. A buffered text stdin is returned
492 /// as its UTF-8 bytes. See `docs/binary-data.md`.
493 pub async fn read_stdin_to_bytes(&mut self) -> Option<Vec<u8>> {
494 if let Some(mut reader) = self.pipe_stdin.take() {
495 use tokio::io::AsyncReadExt;
496 let mut buf = Vec::new();
497 reader.read_to_end(&mut buf).await.ok()?;
498 Some(buf)
499 } else {
500 self.stdin.take().map(String::into_bytes)
501 }
502 }
503
504 /// Create a child context for a pipeline stage.
505 ///
506 /// Shares backend, tools, job_manager, aliases, cwd, and scope
507 /// but has independent stdin/stdout pipes.
508 pub fn child_for_pipeline(&self) -> Self {
509 Self {
510 backend: self.backend.clone(),
511 scope: self.scope.clone(),
512 cwd: self.cwd.clone(),
513 prev_cwd: self.prev_cwd.clone(),
514 stdin: None,
515 stdin_data: None,
516 pipe_stdin: None,
517 pipe_stdout: None,
518 stderr: self.stderr.clone(),
519 tool_schemas: self.tool_schemas.clone(),
520 tools: self.tools.clone(),
521 job_manager: self.job_manager.clone(),
522 pipeline_position: PipelinePosition::Only,
523 interactive: self.interactive,
524 aliases: self.aliases.clone(),
525 ignore_config: self.ignore_config.clone(),
526 output_limit: self.output_limit.clone(),
527 allow_external_commands: self.allow_external_commands,
528 nonce_store: self.nonce_store.clone(),
529 trash_backend: self.trash_backend.clone(),
530 #[cfg(all(unix, feature = "subprocess"))]
531 terminal_state: self.terminal_state.clone(),
532 dispatcher: self.dispatcher.clone(),
533 cancel: self.cancel.clone(),
534 // Output format is per-execution; child pipeline stages start fresh.
535 output_format: None,
536 // Budget is shared: the child draws from the same pool as the parent.
537 vfs_budget: self.vfs_budget.clone(),
538 // Watchdog is shared: a patient hold in a pipeline stage or fork
539 // suspends the same script clock as foreground execution.
540 watchdog: self.watchdog.clone(),
541 // Overlay handle is shared: pipeline stages share the same transaction.
542 #[cfg(all(feature = "localfs", feature = "overlay"))]
543 overlay_handle: self.overlay_handle.clone(),
544 }
545 }
546
547 /// Build an `IgnoreFilter` from the current ignore configuration.
548 ///
549 /// Returns `None` if no filtering is configured.
550 pub async fn build_ignore_filter(&self, root: &std::path::Path) -> Option<crate::walker::IgnoreFilter> {
551 use crate::backend_walker_fs::BackendWalkerFs;
552 let fs = BackendWalkerFs(self.backend.as_ref());
553 self.ignore_config.build_filter(root, &fs).await
554 }
555
556 /// Validate a confirmation nonce against a command and paths.
557 ///
558 /// Thin wrapper on `NonceStore::validate` for ergonomic use from builtins.
559 pub fn verify_nonce(&self, nonce: &str, command: &str, paths: &[&str]) -> Result<(), String> {
560 self.nonce_store.validate(nonce, command, paths)
561 }
562
563 /// Issue a nonce and build the standard exit-2 latch result.
564 ///
565 /// `reason` explains why confirmation is needed (e.g., `"latch enabled"`,
566 /// `"emptying trash is destructive"`). The `confirm_hint` closure receives
567 /// the nonce string so each tool can format its own re-run command.
568 ///
569 /// The result includes structured data in `.data` for programmatic access:
570 /// ```json
571 /// {"nonce": "a3f7b2c1", "command": "rm", "paths": [...], "hint": "rm --confirm=a3f7b2c1 file", "ttl": 60}
572 /// ```
573 pub fn latch_result(
574 &self,
575 command: &str,
576 paths: &[&str],
577 reason: &str,
578 confirm_hint: impl FnOnce(&str) -> String,
579 ) -> ExecResult {
580 let nonce = self.nonce_store.issue(command, paths);
581 let ttl = self.nonce_store.ttl().as_secs();
582 let authorized = if paths.is_empty() {
583 String::new()
584 } else {
585 format!("\nAuthorized: {}", paths.join(", "))
586 };
587 let hint = confirm_hint(&nonce);
588
589 let mut result = ExecResult::failure(2, format!(
590 "{command}: confirmation required ({reason}){authorized}\nTo confirm, run: {hint}\nNonce expires in {ttl} seconds."
591 ));
592 result.data = Some(Value::Json(serde_json::json!({
593 "nonce": nonce,
594 "command": command,
595 "paths": paths,
596 "hint": hint,
597 "ttl": ttl,
598 })));
599 result
600 }
601
602 /// Expand a glob pattern to matching file paths.
603 ///
604 /// Returns the matched paths (absolute). Used by builtins that accept glob
605 /// patterns in their path arguments (ls, cat, head, tail, wc, etc.).
606 pub async fn expand_glob(&self, pattern: &str) -> Result<Vec<PathBuf>, String> {
607 use crate::backend_walker_fs::BackendWalkerFs;
608 use crate::walker::{EntryTypes, FileWalker, GlobPath, WalkOptions};
609
610 let glob = GlobPath::new(pattern).map_err(|e| format!("invalid pattern: {}", e))?;
611
612 let root = if glob.is_anchored() {
613 self.resolve_path("/")
614 } else {
615 self.resolve_path(".")
616 };
617
618 let options = WalkOptions {
619 entry_types: EntryTypes::all(),
620 respect_gitignore: self.ignore_config.auto_gitignore(),
621 ..WalkOptions::default()
622 };
623
624 let fs = BackendWalkerFs(self.backend.as_ref());
625 let mut walker = FileWalker::new(&fs, &root)
626 .with_pattern(glob)
627 .with_options(options);
628
629 // Note: if ignore_files contains ".gitignore" AND auto_gitignore is true,
630 // the root .gitignore is loaded twice (once here, once by the walker).
631 // This is harmless — merge is additive and rules are idempotent.
632 if let Some(filter) = self.ignore_config.build_filter(&root, &fs).await {
633 walker = walker.with_ignore(filter);
634 }
635
636 walker.collect().await.map_err(|e| e.to_string())
637 }
638
639 /// Expand positional arguments, resolving glob patterns to relative paths.
640 ///
641 /// Used by file-processing builtins (cat, head, tail, wc) that accept
642 /// glob patterns in their path arguments. Non-string values are converted
643 /// to strings (matching shell conventions).
644 pub async fn expand_paths(&self, positional: &[Value]) -> Result<Vec<String>, String> {
645 let mut paths = Vec::new();
646 for arg in positional {
647 let s = match arg {
648 Value::String(s) => s.clone(),
649 Value::Int(n) => n.to_string(),
650 Value::Float(f) => f.to_string(),
651 _ => continue,
652 };
653 if crate::glob::contains_glob(&s) {
654 let expanded = self.expand_glob(&s).await?;
655 let root = self.resolve_path(".");
656 for p in expanded {
657 let rel = p.strip_prefix(&root).unwrap_or(&p);
658 paths.push(rel.to_string_lossy().to_string());
659 }
660 } else {
661 paths.push(s);
662 }
663 }
664 Ok(paths)
665 }
666
667 /// Default chunk size for forward file scans. Bounds the memory a
668 /// scan-oriented builtin holds at once, independent of file size.
669 pub const STREAM_CHUNK_SIZE: u64 = 256 * 1024;
670
671 /// Stream a file's bytes forward in `chunk_size` slices, handing each
672 /// non-empty chunk to `f`.
673 ///
674 /// Reads are issued as positional `read_range` requests, so backends slice
675 /// without materialising the whole file (LocalFs seeks; MemoryFs/OverlayFs
676 /// slice their stored bytes). The loop terminates on the first empty chunk,
677 /// which every backend returns once the offset reaches EOF. `f` returns a
678 /// [`ControlFlow`](std::ops::ControlFlow): `Break` stops the loop early
679 /// (e.g. a consumer that has detected binary content and will discard the
680 /// rest), so we don't keep reading a file the caller is done with. This is
681 /// the shared engine for scan-oriented builtins (`wc`, `checksum`, `grep`)
682 /// that walk a file front-to-back and must not hold it all in memory.
683 pub async fn read_file_chunked<F>(
684 &self,
685 path: &std::path::Path,
686 chunk_size: u64,
687 mut f: F,
688 ) -> kaish_types::backend::BackendResult<()>
689 where
690 F: FnMut(&[u8]) -> std::ops::ControlFlow<()>,
691 {
692 use kaish_types::ReadRange;
693 let mut offset = 0u64;
694 loop {
695 let chunk = self
696 .backend
697 .read(path, Some(ReadRange::bytes(offset, chunk_size)))
698 .await?;
699 if chunk.is_empty() {
700 break;
701 }
702 offset += chunk.len() as u64;
703 if f(&chunk).is_break() {
704 break;
705 }
706 }
707 Ok(())
708 }
709}
710
711/// The kernel's full execution context satisfies the trimmed portable
712/// [`ToolCtx`](kaish_tool_api::ToolCtx) contract that out-of-tree tools see.
713///
714/// Trusted in-tree builtins recover the concrete `ExecContext` (job control,
715/// pipes, dispatcher) through [`ToolCtx::as_any_mut`].
716impl kaish_tool_api::ToolCtx for ExecContext {
717 fn backend(&self) -> &Arc<dyn KernelBackend> {
718 &self.backend
719 }
720
721 fn cwd(&self) -> &std::path::Path {
722 self.cwd.as_path()
723 }
724
725 fn resolve_path(&self, path: &str) -> PathBuf {
726 // Inherent methods shadow trait methods in call syntax, so the
727 // fully-qualified inherent call here is not recursive.
728 ExecContext::resolve_path(self, path)
729 }
730
731 fn var(&self, name: &str) -> Option<Value> {
732 self.scope.get(name).cloned()
733 }
734
735 fn set_var(&mut self, name: &str, value: Value) {
736 self.scope.set(name, value);
737 }
738
739 fn set_output_format(&mut self, format: OutputFormat) {
740 self.output_format = Some(format);
741 }
742
743 fn patient(&self, budget: std::time::Duration) -> kaish_tool_api::PatientGuard {
744 match &self.watchdog {
745 Some(watchdog) => kaish_tool_api::PatientGuard::held(Box::new(watchdog.hold(budget))),
746 None => kaish_tool_api::PatientGuard::inert(),
747 }
748 }
749
750 fn as_any(&self) -> &dyn std::any::Any {
751 self
752 }
753
754 fn as_any_mut(&mut self) -> &mut dyn std::any::Any {
755 self
756 }
757}
758
759/// Normalize a path by resolving `.` and `..` components lexically (no filesystem access).
760fn normalize_path(path: &std::path::Path) -> PathBuf {
761 let mut parts: Vec<Component> = Vec::new();
762 for component in path.components() {
763 match component {
764 Component::CurDir => {} // skip `.`
765 Component::ParentDir => {
766 // Pop the last normal component, but don't pop past root
767 if let Some(Component::Normal(_)) = parts.last() {
768 parts.pop();
769 } else {
770 parts.push(component);
771 }
772 }
773 _ => parts.push(component),
774 }
775 }
776 if parts.is_empty() {
777 PathBuf::from("/")
778 } else {
779 parts.iter().collect()
780 }
781}