nexo-plugin-discovery 0.1.0

Plugin catalogue discovery — fetches public plugin metadata from crates.io / GitHub topic / curated index (Phase 98).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269

//! Disk cache for the merged catalogue.
//!
//! Single JSON file at `<state_dir>/plugin-discovery/catalogue.json`.
//! Writes go to a sibling `.tmp` file then atomically rename to the
//! final path — readers either see the previous snapshot or the new
//! one, never a torn write.
//!
//! Reads return `Some(snapshot)` only when the file exists AND its
//! `fetched_at_ms` is within `ttl_ms` of the caller-supplied `now_ms`.
//! Stale snapshots are reported via [`DiskCache::read_any`] for the
//! stale-while-revalidate path in [`crate`]'s client orchestrator.

use std::io;
use std::path::{Path, PathBuf};

use thiserror::Error;
use tokio::fs;

use crate::types::CachedCatalogue;

/// Cache I/O failures. Soft errors (missing file, parse failure)
/// surface as `Ok(None)` from the read API; this enum only covers
/// the cases the caller cannot safely ignore.
#[derive(Debug, Error)]
pub enum CacheError {
    /// File-system errors. Includes the path under operation for
    /// triage.
    #[error("{op}: {source} (path: {path})")]
    Io {
        /// Logical operation that failed (`write`, `rename`, etc).
        op: &'static str,
        /// Filesystem path involved.
        path: PathBuf,
        /// Inner I/O failure.
        #[source]
        source: io::Error,
    },
    /// `serde_json::to_string` failed. Effectively unreachable for
    /// our payload but exposed in the public error enum so the
    /// caller's match is exhaustive without `_ =>` wildcards.
    #[error("serialize: {0}")]
    Serialize(#[source] serde_json::Error),
}

/// Disk persistence helper for one cached catalogue file.
#[derive(Debug, Clone)]
pub struct DiskCache {
    cache_file: PathBuf,
}

impl DiskCache {
    /// Bind a cache to a specific catalogue path. Path is created
    /// lazily on first write — readers tolerate the parent dir
    /// not existing yet.
    pub fn new(cache_file: PathBuf) -> Self {
        Self { cache_file }
    }

    /// Logical cache file path (no I/O).
    pub fn path(&self) -> &Path {
        &self.cache_file
    }

    /// Read the cached snapshot regardless of staleness. Returns:
    ///   - `Ok(Some(snap))` — file existed AND parsed cleanly.
    ///   - `Ok(None)` — file missing OR parse failed (latter
    ///     emits a `tracing::warn` for ops triage).
    ///   - `Err(CacheError::Io)` — only for non-`NotFound` I/O
    ///     errors (permission denied, EIO, etc).
    pub async fn read_any(&self) -> Result<Option<CachedCatalogue>, CacheError> {
        let bytes = match fs::read(&self.cache_file).await {
            Ok(b) => b,
            Err(e) if e.kind() == io::ErrorKind::NotFound => return Ok(None),
            Err(e) => {
                return Err(CacheError::Io {
                    op: "read",
                    path: self.cache_file.clone(),
                    source: e,
                });
            }
        };
        match serde_json::from_slice::<CachedCatalogue>(&bytes) {
            Ok(snap) => Ok(Some(snap)),
            Err(e) => {
                tracing::warn!(
                    path = %self.cache_file.display(),
                    error = %e,
                    "plugin-discovery cache: parse failed; treating as miss"
                );
                Ok(None)
            }
        }
    }

    /// Read only when the snapshot is fresh (younger than `ttl_ms`
    /// relative to `now_ms`). Stale entries return `Ok(None)`; the
    /// caller normally falls through to a network refresh and a
    /// subsequent [`Self::write_atomic`].
    pub async fn read_fresh(
        &self,
        now_ms: u64,
        ttl_ms: u64,
    ) -> Result<Option<CachedCatalogue>, CacheError> {
        match self.read_any().await? {
            Some(snap) if !snap.is_stale(now_ms, ttl_ms) => Ok(Some(snap)),
            _ => Ok(None),
        }
    }

    /// Persist a snapshot. Implementation:
    ///   1. `mkdir -p` the parent dir (idempotent).
    ///   2. Write to a sibling `.tmp` file in the same dir so
    ///      `rename` stays on one filesystem (atomic on POSIX).
    ///   3. `rename(tmp, final)` swaps the live snapshot in one
    ///      step — readers always see either the prior snapshot
    ///      or the new one, never a half-written file.
    ///   4. On error any partial `.tmp` is best-effort removed.
    pub async fn write_atomic(&self, snap: &CachedCatalogue) -> Result<(), CacheError> {
        let json = serde_json::to_vec_pretty(snap).map_err(CacheError::Serialize)?;
        if let Some(parent) = self.cache_file.parent() {
            fs::create_dir_all(parent)
                .await
                .map_err(|e| CacheError::Io {
                    op: "create_dir_all",
                    path: parent.to_path_buf(),
                    source: e,
                })?;
        }
        let tmp = self.tmp_path();
        if let Err(e) = fs::write(&tmp, &json).await {
            let _ = fs::remove_file(&tmp).await;
            return Err(CacheError::Io {
                op: "write_tmp",
                path: tmp.clone(),
                source: e,
            });
        }
        if let Err(e) = fs::rename(&tmp, &self.cache_file).await {
            let _ = fs::remove_file(&tmp).await;
            return Err(CacheError::Io {
                op: "rename",
                path: self.cache_file.clone(),
                source: e,
            });
        }
        Ok(())
    }

    /// Forget the cache. Returns `Ok(())` when file missing
    /// (idempotent) — matches the operator-facing "refresh" RPC's
    /// expected semantics.
    pub async fn invalidate(&self) -> Result<(), CacheError> {
        match fs::remove_file(&self.cache_file).await {
            Ok(()) => Ok(()),
            Err(e) if e.kind() == io::ErrorKind::NotFound => Ok(()),
            Err(e) => Err(CacheError::Io {
                op: "remove",
                path: self.cache_file.clone(),
                source: e,
            }),
        }
    }

    fn tmp_path(&self) -> PathBuf {
        let mut tmp = self.cache_file.clone();
        let file_name = tmp
            .file_name()
            .map(|n| n.to_owned())
            .unwrap_or_else(|| std::ffi::OsString::from("catalogue.json"));
        let mut fname = file_name;
        fname.push(".tmp");
        tmp.set_file_name(fname);
        tmp
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::types::CachedCatalogue;
    use tempfile::TempDir;

    fn cache_in(tmp: &TempDir) -> DiskCache {
        DiskCache::new(tmp.path().join("plugin-discovery").join("catalogue.json"))
    }

    fn snap(fetched_at: u64) -> CachedCatalogue {
        CachedCatalogue {
            fetched_at_ms: fetched_at,
            items: vec![],
        }
    }

    #[tokio::test]
    async fn miss_returns_none() {
        let tmp = TempDir::new().unwrap();
        let cache = cache_in(&tmp);
        let res = cache.read_any().await.unwrap();
        assert!(res.is_none(), "fresh dir must yield cache miss");
    }

    #[tokio::test]
    async fn write_then_read_roundtrip() {
        let tmp = TempDir::new().unwrap();
        let cache = cache_in(&tmp);
        let s = snap(123_456);
        cache.write_atomic(&s).await.unwrap();
        let got = cache.read_any().await.unwrap().expect("snapshot present");
        assert_eq!(got, s);
    }

    #[tokio::test]
    async fn read_fresh_filters_by_ttl() {
        let tmp = TempDir::new().unwrap();
        let cache = cache_in(&tmp);
        let s = snap(1_000);
        cache.write_atomic(&s).await.unwrap();
        // Within TTL window → Some.
        let fresh = cache.read_fresh(1_050, 100).await.unwrap();
        assert!(fresh.is_some());
        // Past TTL → None.
        let stale = cache.read_fresh(1_200, 100).await.unwrap();
        assert!(stale.is_none());
    }

    #[tokio::test]
    async fn write_atomic_via_tmp_then_rename() {
        let tmp = TempDir::new().unwrap();
        let cache = cache_in(&tmp);
        cache.write_atomic(&snap(1)).await.unwrap();
        // Final exists; tmp does not (cleaned by rename).
        assert!(cache.cache_file.exists());
        let tmp_path = cache.tmp_path();
        assert!(
            !tmp_path.exists(),
            "tmp must not survive a successful write: {}",
            tmp_path.display()
        );
    }

    #[tokio::test]
    async fn invalidate_is_idempotent_on_missing() {
        let tmp = TempDir::new().unwrap();
        let cache = cache_in(&tmp);
        // Missing → Ok.
        cache.invalidate().await.unwrap();
        // Write then invalidate → file gone.
        cache.write_atomic(&snap(7)).await.unwrap();
        assert!(cache.cache_file.exists());
        cache.invalidate().await.unwrap();
        assert!(!cache.cache_file.exists());
    }

    #[tokio::test]
    async fn parse_failure_returns_miss_with_warn() {
        let tmp = TempDir::new().unwrap();
        let cache = cache_in(&tmp);
        // Create parent + write garbage that won't deserialize.
        fs::create_dir_all(cache.cache_file.parent().unwrap())
            .await
            .unwrap();
        fs::write(&cache.cache_file, b"not json").await.unwrap();
        let res = cache.read_any().await.unwrap();
        assert!(
            res.is_none(),
            "malformed JSON must surface as miss, not error"
        );
    }
}