midden 0.4.0

Resolve, audit, and garbage-collect Claude Code's accumulated state
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245

use anyhow::{Context, Result, anyhow};
use serde_json::{Map, Value};
use std::io::Write;
use std::path::Path;
use std::time::{SystemTime, UNIX_EPOCH};

/// Loaded `~/.claude.json` plus the raw text it was parsed from. The raw text
/// is kept so we can report size deltas without re-serializing twice.
pub struct ClaudeJson {
    pub raw: String,
    pub data: Value,
}

impl ClaudeJson {
    pub fn load(path: &Path) -> Result<Self> {
        let raw =
            std::fs::read_to_string(path).with_context(|| format!("read {}", path.display()))?;
        let data: Value =
            serde_json::from_str(&raw).with_context(|| format!("parse {}", path.display()))?;
        Ok(Self { raw, data })
    }

    pub fn projects(&self) -> Option<&Map<String, Value>> {
        self.data.get("projects").and_then(Value::as_object)
    }

    pub fn projects_mut(&mut self) -> Option<&mut Map<String, Value>> {
        self.data.get_mut("projects").and_then(Value::as_object_mut)
    }
}

/// Render the JSON the same way Claude Code would: indent=2, preserving key
/// order. We rely on `serde_json`'s `preserve_order` feature so unrelated keys
/// keep their original positions.
pub fn render(data: &Value) -> Result<String> {
    serde_json::to_string_pretty(data).map_err(|e| anyhow!("serialize: {e}"))
}

/// The `projects.<dir>` entry whose key refers to `root`, if any. Claude Code
/// records the working directory as the shell reported it, which can differ
/// from the canonical form (macOS `/var` -> `/private/var`), so fall back to
/// comparing canonicalized keys when no exact match exists.
pub fn project_entry<'a>(data: &'a Value, root: &Path) -> Option<&'a Value> {
    let projects = data.get("projects")?.as_object()?;
    if let Some(v) = projects.get(root.to_string_lossy().as_ref()) {
        return Some(v);
    }
    projects
        .iter()
        .find_map(|(k, v)| (std::fs::canonicalize(k).ok()? == root).then_some(v))
}

/// Write `contents` to `path` atomically: stream to a temp sibling on the same
/// filesystem, flush it to disk, then rename over the target. A crash or
/// `ENOSPC` mid-write leaves either the old file or the new one intact — never
/// the truncated half-write a plain `fs::write` would produce on the central
/// `~/.claude.json`.
pub fn write_atomic(path: &Path, contents: &str) -> Result<()> {
    let dir = path.parent().unwrap_or_else(|| Path::new("."));
    let name = path
        .file_name()
        .and_then(|n| n.to_str())
        .unwrap_or("claude.json");
    // Close the handle (end of scope) before renaming.
    let tmp = {
        let (tmp, mut f) = create_temp_sibling(dir, name)?;
        // The rename publishes the temp's permissions as the target's, and
        // `OpenOptions` applies the umask. Mirror the target's current mode,
        // owner-only for new files, before any content is written.
        let write_result = (|| -> Result<()> {
            #[cfg(unix)]
            {
                use std::os::unix::fs::PermissionsExt;
                let mode = match std::fs::metadata(path) {
                    Ok(m) => m.permissions().mode() & 0o7777,
                    Err(_) => 0o600,
                };
                f.set_permissions(std::fs::Permissions::from_mode(mode))
                    .with_context(|| format!("set mode on temp {}", tmp.display()))?;
            }
            f.write_all(contents.as_bytes())
                .with_context(|| format!("write temp {}", tmp.display()))?;
            f.sync_all()
                .with_context(|| format!("sync temp {}", tmp.display()))?;
            Ok(())
        })();
        if let Err(e) = write_result {
            let _ = std::fs::remove_file(&tmp);
            return Err(e);
        }
        tmp
    };
    if let Err(e) = std::fs::rename(&tmp, path) {
        let _ = std::fs::remove_file(&tmp);
        return Err(anyhow!(
            "rename {} -> {}: {e}",
            tmp.display(),
            path.display()
        ));
    }
    // The rename is durable only once the directory entry is synced; until
    // then a crash can roll back to the old file. Best-effort — not every
    // filesystem supports fsync on a directory handle.
    #[cfg(unix)]
    if let Ok(d) = std::fs::File::open(dir) {
        let _ = d.sync_all();
    }
    Ok(())
}

fn create_temp_sibling(dir: &Path, name: &str) -> Result<(std::path::PathBuf, std::fs::File)> {
    let nonce = SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .map_or(0, |duration| duration.as_nanos());
    for attempt in 0..100 {
        let tmp = dir.join(format!(
            ".{name}.tmp-{}-{nonce}-{attempt}",
            std::process::id()
        ));
        let mut options = std::fs::OpenOptions::new();
        options.write(true).create_new(true);
        // Start owner-only even when the target intentionally has a broader mode;
        // we widen to the target's exact mode before writing content.
        #[cfg(unix)]
        {
            use std::os::unix::fs::OpenOptionsExt;
            options.mode(0o600);
        }
        match options.open(&tmp) {
            Ok(file) => return Ok((tmp, file)),
            Err(e) if e.kind() == std::io::ErrorKind::AlreadyExists => continue,
            Err(e) => return Err(anyhow!("create temp {}: {e}", tmp.display())),
        }
    }
    Err(anyhow!(
        "create temp in {}: exhausted collision retries",
        dir.display()
    ))
}

#[cfg(test)]
mod tests {
    use super::*;
    use serde_json::json;

    #[test]
    fn project_entry_matches_an_exact_key() {
        let data = json!({ "projects": { "/x/y": { "k": 1 } } });
        assert!(project_entry(&data, Path::new("/x/y")).is_some());
        assert!(project_entry(&data, Path::new("/x/z")).is_none());
    }

    #[test]
    fn project_entry_falls_back_to_canonical_comparison() {
        let dir = tempfile::tempdir().unwrap();
        let a = dir.path().join("a");
        std::fs::create_dir(&a).unwrap();
        let root = a.canonicalize().unwrap();
        // A key recorded in non-canonical form (here via a `.` component) must
        // still resolve to the same entry.
        let noncanon = dir.path().join(".").join("a");
        let mut projects = Map::new();
        projects.insert(noncanon.to_string_lossy().into_owned(), json!({ "k": 1 }));
        let mut top = Map::new();
        top.insert("projects".into(), Value::Object(projects));
        let data = Value::Object(top);
        assert!(project_entry(&data, &root).is_some());
    }

    #[test]
    fn write_atomic_replaces_content() {
        let dir = tempfile::tempdir().unwrap();
        let path = dir.path().join("c.json");
        std::fs::write(&path, "old").unwrap();
        write_atomic(&path, "new").unwrap();
        assert_eq!(std::fs::read_to_string(&path).unwrap(), "new");
    }

    #[test]
    fn write_atomic_removes_temp_file_after_success() {
        let dir = tempfile::tempdir().unwrap();
        let path = dir.path().join("c.json");
        write_atomic(&path, "{}").unwrap();

        let temps = std::fs::read_dir(dir.path())
            .unwrap()
            .filter_map(|entry| entry.ok())
            .filter(|entry| {
                entry
                    .file_name()
                    .to_string_lossy()
                    .starts_with(".c.json.tmp-")
            })
            .count();
        assert_eq!(
            temps, 0,
            "successful atomic write should publish or clean temp"
        );
    }

    #[cfg(unix)]
    fn mode(path: &Path) -> u32 {
        use std::os::unix::fs::PermissionsExt;
        std::fs::metadata(path).unwrap().permissions().mode() & 0o7777
    }

    #[cfg(unix)]
    fn chmod(path: &Path, mode: u32) {
        use std::os::unix::fs::PermissionsExt;
        std::fs::set_permissions(path, std::fs::Permissions::from_mode(mode)).unwrap();
    }

    #[cfg(unix)]
    #[test]
    fn write_atomic_preserves_a_restrictive_target_mode() {
        // Regression: File::create + umask used to broaden a 0600 target to
        // 0644 on every rewrite.
        let dir = tempfile::tempdir().unwrap();
        let path = dir.path().join("c.json");
        std::fs::write(&path, "{}").unwrap();
        chmod(&path, 0o600);
        write_atomic(&path, "{\"k\":1}").unwrap();
        assert_eq!(mode(&path), 0o600, "0600 target must stay 0600");
    }

    #[cfg(unix)]
    #[test]
    fn write_atomic_preserves_a_broad_target_mode() {
        let dir = tempfile::tempdir().unwrap();
        let path = dir.path().join("c.json");
        std::fs::write(&path, "{}").unwrap();
        chmod(&path, 0o644);
        write_atomic(&path, "{\"k\":1}").unwrap();
        assert_eq!(mode(&path), 0o644, "deliberate modes are kept, not clamped");
    }

    #[cfg(unix)]
    #[test]
    fn write_atomic_creates_missing_targets_owner_only() {
        let dir = tempfile::tempdir().unwrap();
        let path = dir.path().join("new.json");
        write_atomic(&path, "{}").unwrap();
        assert_eq!(mode(&path), 0o600, "this file class holds credentials");
    }
}