openlatch-provider 0.2.0

Self-service onboarding CLI + runtime daemon for OpenLatch Editors and Providers
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336

//! Profile-aware config loaded from `~/.openlatch/provider/config.toml` (XDG-compliant).
//!
//! The full profile/`config get/set` UX lands in P1.T2.4. T1 only needs:
//! - locating the provider dir
//! - generating + persisting `machine_id` on first use (telemetry identity)
//! - reading the `[crashreport]` and `[telemetry]` sections
//!
//! On first run the file is created with mode `0700` parent and `0600` content
//! (Unix). Windows inherits ACLs from `%APPDATA%\openlatch\provider`.

use std::fs;
use std::io::ErrorKind;
use std::path::{Path, PathBuf};
use std::sync::OnceLock;

use serde::{Deserialize, Serialize};
use uuid::Uuid;

use crate::error::{
    OlError, OL_4262_CONSENT_FILE_CORRUPT, OL_4272_XDG_DIR_UNWRITABLE, OL_4273_MANIFEST_UNREADABLE,
};

/// Top-level shape of `~/.openlatch/provider/config.toml`.
#[derive(Debug, Default, Clone, Serialize, Deserialize)]
pub struct Config {
    #[serde(default)]
    pub telemetry: TelemetrySection,
    #[serde(default)]
    pub crashreport: CrashreportSection,
    /// `[profiles.<name>]` table — populated in P1.T2.4.
    #[serde(default, skip_serializing_if = "std::collections::BTreeMap::is_empty")]
    pub profiles: std::collections::BTreeMap<String, ProfileSection>,
}

#[derive(Debug, Default, Clone, Serialize, Deserialize)]
pub struct TelemetrySection {
    /// Stable per-machine identifier — used as the pre-auth PostHog
    /// `distinct_id`. Generated once and never rotated. Format: `mach_<uuidv7>`.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub machine_id: Option<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CrashreportSection {
    /// Whether Sentry crash-report capture is on. Defaults to `true`; see
    /// `.claude/rules/telemetry.md` — Sentry is opt-out, PostHog is opt-in.
    #[serde(default = "default_true")]
    pub enabled: bool,
}

impl Default for CrashreportSection {
    fn default() -> Self {
        Self { enabled: true }
    }
}

fn default_true() -> bool {
    true
}

#[derive(Debug, Default, Clone, Serialize, Deserialize)]
pub struct ProfileSection {
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub api_url: Option<String>,
    /// Web/app URL — used by the login flow's `/cli-auth` redirect. Mirrors
    /// `api_url`; usually only diverges in local-dev (e.g. Vite on :5173).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub app_url: Option<String>,
    /// Slug of the active editor manifest. Resolved to
    /// `<provider_dir>/<slug>.yaml` by [`active_manifest_path`].
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub manifest_slug: Option<String>,
}

// ---------------------------------------------------------------------------
// Path helpers
// ---------------------------------------------------------------------------

/// Process-cached openlatch-provider state dir. Computed once via
/// `OPENLATCH_PROVIDER_CONFIG_DIR` env override, else
/// `dirs::home_dir()/.openlatch/provider/`. The `provider/` subdir keeps our
/// state isolated from `openlatch-client`, which writes to `~/.openlatch/`
/// directly.
pub fn provider_dir() -> PathBuf {
    static DIR: OnceLock<PathBuf> = OnceLock::new();
    DIR.get_or_init(compute_provider_dir).clone()
}

fn compute_provider_dir() -> PathBuf {
    if let Ok(override_dir) = std::env::var("OPENLATCH_PROVIDER_CONFIG_DIR") {
        return PathBuf::from(override_dir);
    }
    if let Some(home) = dirs::home_dir() {
        return home.join(".openlatch").join("provider");
    }
    // Last-resort fallback: cwd. The init flow surfaces OL-4272 if writes fail.
    PathBuf::from(".openlatch").join("provider")
}

/// Path to `config.toml` inside the provider dir.
pub fn config_path() -> PathBuf {
    provider_dir().join("config.toml")
}

/// Build the manifest path for a given slug — `<provider_dir>/<slug>.yaml`.
pub fn manifest_path_for_slug(slug: &str) -> PathBuf {
    provider_dir().join(format!("{slug}.yaml"))
}

/// Resolve the active manifest path from `config.toml`.
///
/// Returns `OL-4273` if the requested profile (default: `default`) has no
/// `manifest_slug` set — that means `init` has never run, so the user gets a
/// pointer at it. Callers that accept an explicit `--manifest <path>` flag
/// must short-circuit before calling this.
pub fn active_manifest_path(profile: Option<&str>) -> Result<PathBuf, OlError> {
    let cfg = Config::load()?;
    let profile_name = profile.unwrap_or("default");
    let slug = cfg
        .profiles
        .get(profile_name)
        .and_then(|p| p.manifest_slug.as_deref())
        .filter(|s| !s.is_empty())
        .ok_or_else(|| {
            OlError::new(
                OL_4273_MANIFEST_UNREADABLE,
                format!(
                    "no manifest configured for profile `{profile_name}` (config.toml has no \
                     `[profiles.{profile_name}] manifest_slug`)"
                ),
            )
            .with_suggestion(
                "Run `openlatch-provider init` to scaffold a manifest, or pass \
                 `--manifest <path>` to use one explicitly.",
            )
        })?;
    Ok(manifest_path_for_slug(slug))
}

/// Persist `manifest_slug` for the given profile, creating the profile entry
/// if it does not exist yet.
pub fn set_manifest_slug(profile: Option<&str>, slug: &str) -> Result<(), OlError> {
    let mut cfg = Config::load()?;
    let profile_name = profile.unwrap_or("default").to_string();
    cfg.profiles.entry(profile_name).or_default().manifest_slug = Some(slug.to_string());
    cfg.save()
}

// ---------------------------------------------------------------------------
// Load / save
// ---------------------------------------------------------------------------

impl Config {
    /// Read `~/.openlatch/provider/config.toml`. Missing file → default config.
    /// Malformed file → [`OL_4262_CONSENT_FILE_CORRUPT`].
    pub fn load() -> Result<Self, OlError> {
        Self::load_from(&config_path())
    }

    pub fn load_from(path: &Path) -> Result<Self, OlError> {
        match fs::read_to_string(path) {
            Ok(raw) => toml::from_str(&raw).map_err(|e| {
                OlError::new(
                    OL_4262_CONSENT_FILE_CORRUPT,
                    format!("config.toml at '{}' is malformed: {e}", path.display()),
                )
                .with_suggestion(
                    "Delete the file and re-run any openlatch-provider command to regenerate it.",
                )
            }),
            Err(e) if e.kind() == ErrorKind::NotFound => Ok(Self::default()),
            Err(e) => Err(OlError::new(
                OL_4262_CONSENT_FILE_CORRUPT,
                format!("cannot read config.toml at '{}': {e}", path.display()),
            )),
        }
    }

    /// Atomically write the config back. Creates the parent directory if it
    /// doesn't exist.
    pub fn save(&self) -> Result<(), OlError> {
        Self::save_to(self, &config_path())
    }

    pub fn save_to(&self, path: &Path) -> Result<(), OlError> {
        if let Some(parent) = path.parent() {
            fs::create_dir_all(parent).map_err(|e| {
                OlError::new(
                    OL_4272_XDG_DIR_UNWRITABLE,
                    format!("cannot create '{}': {e}", parent.display()),
                )
            })?;
            #[cfg(unix)]
            {
                use std::os::unix::fs::PermissionsExt;
                let _ = fs::set_permissions(parent, fs::Permissions::from_mode(0o700));
            }
        }

        let serialized = toml::to_string_pretty(self).map_err(|e| {
            OlError::new(
                OL_4272_XDG_DIR_UNWRITABLE,
                format!("cannot serialize config.toml: {e}"),
            )
        })?;

        let tmp = path.with_extension("toml.tmp");
        fs::write(&tmp, serialized.as_bytes()).map_err(|e| {
            OlError::new(
                OL_4272_XDG_DIR_UNWRITABLE,
                format!("cannot write '{}': {e}", tmp.display()),
            )
        })?;
        #[cfg(unix)]
        {
            use std::os::unix::fs::PermissionsExt;
            let _ = fs::set_permissions(&tmp, fs::Permissions::from_mode(0o600));
        }
        fs::rename(&tmp, path).map_err(|e| {
            OlError::new(
                OL_4272_XDG_DIR_UNWRITABLE,
                format!("cannot rename '{}' into place: {e}", tmp.display()),
            )
        })?;
        Ok(())
    }
}

// ---------------------------------------------------------------------------
// machine_id
// ---------------------------------------------------------------------------

/// Return the existing `machine_id` or generate + persist a fresh one.
///
/// Stable across upgrades. Format: `mach_<uuidv7-simple>`. On first call the
/// id is written back to `config.toml` so the next process sees the same
/// value.
pub fn machine_id_or_init() -> Result<String, OlError> {
    machine_id_or_init_in(&config_path())
}

pub fn machine_id_or_init_in(path: &Path) -> Result<String, OlError> {
    let mut cfg = Config::load_from(path)?;
    if let Some(id) = cfg.telemetry.machine_id.as_ref() {
        if !id.is_empty() {
            return Ok(id.clone());
        }
    }
    let id = format!("mach_{}", Uuid::now_v7().simple());
    cfg.telemetry.machine_id = Some(id.clone());
    cfg.save_to(path)?;
    Ok(id)
}

#[cfg(test)]
mod tests {
    use super::*;
    use tempfile::TempDir;

    #[test]
    fn machine_id_round_trips() {
        let tmp = TempDir::new().unwrap();
        let path = tmp.path().join("config.toml");
        let first = machine_id_or_init_in(&path).unwrap();
        assert!(first.starts_with("mach_"));
        let second = machine_id_or_init_in(&path).unwrap();
        assert_eq!(first, second);
    }

    #[test]
    fn missing_file_yields_default_config() {
        let tmp = TempDir::new().unwrap();
        let path = tmp.path().join("absent.toml");
        let cfg = Config::load_from(&path).unwrap();
        assert!(cfg.telemetry.machine_id.is_none());
        assert!(cfg.crashreport.enabled);
    }

    #[test]
    fn malformed_file_returns_corrupt_error() {
        let tmp = TempDir::new().unwrap();
        let path = tmp.path().join("bad.toml");
        std::fs::write(&path, b"not = a [valid toml").unwrap();
        let err = Config::load_from(&path).unwrap_err();
        assert_eq!(err.code.code, "OL-4262");
    }

    #[test]
    fn manifest_slug_round_trips_through_toml() {
        let tmp = TempDir::new().unwrap();
        let path = tmp.path().join("config.toml");
        let mut cfg = Config::default();
        cfg.profiles.insert(
            "default".to_string(),
            ProfileSection {
                manifest_slug: Some("my-editor".into()),
                ..Default::default()
            },
        );
        cfg.save_to(&path).unwrap();

        let reloaded = Config::load_from(&path).unwrap();
        assert_eq!(
            reloaded
                .profiles
                .get("default")
                .and_then(|p| p.manifest_slug.as_deref()),
            Some("my-editor"),
        );
    }

    #[test]
    fn manifest_path_for_slug_appends_yaml_extension() {
        let path = manifest_path_for_slug("my-editor");
        assert!(path.ends_with("my-editor.yaml"));
    }

    /// Default-path lock-in: when no env override is set, `provider_dir` MUST
    /// land under `<home>/.openlatch/provider/` so that openlatch-client and
    /// openlatch-provider don't share a single byte of disk state. This test
    /// targets `compute_provider_dir` directly because `provider_dir` caches
    /// in a `OnceLock` — the cached value would survive env mutation.
    ///
    /// Mutates `OPENLATCH_PROVIDER_CONFIG_DIR`; not safe to run in parallel
    /// with tests that read it.
    #[test]
    fn default_provider_dir_is_under_home_openlatch_provider() {
        std::env::remove_var("OPENLATCH_PROVIDER_CONFIG_DIR");
        let path = compute_provider_dir();
        let s = path.to_string_lossy().replace('\\', "/");
        assert!(
            s.ends_with("/.openlatch/provider") || s == ".openlatch/provider",
            "expected default to end with .openlatch/provider, got: {s}"
        );
    }
}