orbok-core 0.19.0

orbok shared vocabulary: identifiers, data lifecycle classes, status enums, errors
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221

//! Privacy modes and local data visibility (RFC-039 §5–§6, §17).
//!
//! This is the shared vocabulary for privacy settings. It lives in
//! `orbok-core` so that `orbok-app`, `orbok-ui`, and any future
//! diagnostics layer can all refer to the same types without a
//! circular dependency.

use serde::{Deserialize, Serialize};

// ── Privacy mode ──────────────────────────────────────────────────────

/// Top-level privacy mode for the app (RFC-039 §5).
///
/// User-facing copy:
/// - `Standard`    → "Documents are processed on this computer only."
/// - `Strict`      → "Strict privacy reduces what orbok remembers."
/// - `Portable`    → "orbok stores app data next to this copy of the app."
/// - `Diagnostics` → "Include extra details for troubleshooting."
#[derive(Debug, Clone, Copy, PartialEq, Eq, Default, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum PrivacyMode {
    /// Default — safe for most users.
    #[default]
    Standard,
    /// Reduced local footprint for sensitive environments.
    Strict,
    /// Data lives next to the portable app copy.
    Portable,
    /// Temporary opt-in for troubleshooting (must be explicitly enabled).
    Diagnostics,
}

impl PrivacyMode {
    /// Stable settings string for persistence.
    pub fn as_str(self) -> &'static str {
        match self {
            PrivacyMode::Standard => "standard",
            PrivacyMode::Strict => "strict",
            PrivacyMode::Portable => "portable",
            PrivacyMode::Diagnostics => "diagnostics",
        }
    }

    pub fn from_str(s: &str) -> Self {
        match s {
            "strict" => PrivacyMode::Strict,
            "portable" => PrivacyMode::Portable,
            "diagnostics" => PrivacyMode::Diagnostics,
            _ => PrivacyMode::Standard,
        }
    }

    /// Whether recent searches should be stored in this mode (RFC-039 §10).
    pub fn allows_recent_searches(self) -> bool {
        !matches!(self, PrivacyMode::Strict)
    }

    /// Whether snippet / preview caching is allowed (RFC-039 §11).
    pub fn allows_snippet_persistence(self) -> bool {
        !matches!(self, PrivacyMode::Strict)
    }

    /// Whether sensitive diagnostics opt-ins are shown (RFC-039 §14).
    pub fn allows_diagnostics_sensitive_optins(self) -> bool {
        !matches!(self, PrivacyMode::Strict)
    }
}

// ── Privacy settings ──────────────────────────────────────────────────

/// Fine-grained privacy preferences (RFC-039 §17).
///
/// `mode` governs defaults; individual fields may further restrict
/// behavior. Strict mode forces some fields to their most private value
/// regardless of what the user previously selected.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PrivacySettings {
    pub mode: PrivacyMode,
    /// Whether to persist recent search queries.
    pub remember_recent_searches: bool,
    /// Whether to store snippet previews across sessions.
    pub persist_snippets: bool,
    /// Whether to clear temporary previews when the app exits.
    pub clear_temporary_previews_on_exit: bool,
    /// Whether diagnostics may include raw filesystem paths.
    pub diagnostics_include_paths: bool,
    /// Whether diagnostics may include recent search queries.
    pub diagnostics_include_recent_searches: bool,
}

impl Default for PrivacySettings {
    fn default() -> Self {
        Self {
            mode: PrivacyMode::Standard,
            remember_recent_searches: true,
            persist_snippets: true,
            clear_temporary_previews_on_exit: false,
            diagnostics_include_paths: false,
            diagnostics_include_recent_searches: false,
        }
    }
}

impl PrivacySettings {
    /// Apply strict-mode overrides (RFC-039 §9).
    ///
    /// Strict mode forces the most private values for settings it
    /// controls, regardless of individual field values.
    pub fn with_mode_applied(mut self) -> Self {
        if self.mode == PrivacyMode::Strict {
            self.remember_recent_searches = false;
            self.persist_snippets = false;
            self.diagnostics_include_paths = false;
            self.diagnostics_include_recent_searches = false;
        }
        self
    }

    /// Effective value for recent searches, accounting for mode.
    pub fn effective_recent_searches(&self) -> bool {
        self.mode.allows_recent_searches() && self.remember_recent_searches
    }

    /// Effective value for snippet persistence, accounting for mode.
    pub fn effective_snippet_persistence(&self) -> bool {
        self.mode.allows_snippet_persistence() && self.persist_snippets
    }
}

// ── Local data category ───────────────────────────────────────────────

/// Classified local data categories for the storage dashboard
/// and cleanup controls (RFC-039 §6, §15, §16).
///
/// User-facing labels must avoid technical terms — see RFC-039 §15
/// for the mapping (`KeywordIndex` → "Search data", etc.).
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum LocalDataCategory {
    SourcePaths,
    FileMetadata,
    ExtractedText,
    KeywordIndex,
    Embeddings,
    Snippets,
    TemporaryPreviews,
    RecentSearches,
    Logs,
    Diagnostics,
    ModelFiles,
    Settings,
}

impl LocalDataCategory {
    /// Plain-language user label (RFC-039 §15 — no "cache/catalog/vector").
    pub fn user_label(self) -> &'static str {
        match self {
            LocalDataCategory::SourcePaths => "Folder list",
            LocalDataCategory::FileMetadata => "File information",
            LocalDataCategory::ExtractedText => "Prepared text",
            LocalDataCategory::KeywordIndex => "Search data",
            LocalDataCategory::Embeddings => "Better search data",
            LocalDataCategory::Snippets => "Temporary previews",
            LocalDataCategory::TemporaryPreviews => "Temporary previews",
            LocalDataCategory::RecentSearches => "Recent searches",
            LocalDataCategory::Logs => "Logs",
            LocalDataCategory::Diagnostics => "Support files",
            LocalDataCategory::ModelFiles => "Search helper",
            LocalDataCategory::Settings => "App settings",
        }
    }
}

// ── Diagnostics policy ────────────────────────────────────────────────

/// Policy governing what a diagnostics export may include (RFC-040 §12).
///
/// All sensitive fields default to `false`. Strict privacy mode
/// prevents enabling them.
#[derive(Debug, Clone)]
pub struct DiagnosticsPolicy {
    pub include_raw_paths: bool,
    pub include_folder_names: bool,
    pub include_recent_searches: bool,
    pub include_detailed_logs: bool,
    pub privacy_mode: PrivacyMode,
}

impl Default for DiagnosticsPolicy {
    fn default() -> Self {
        Self {
            include_raw_paths: false,
            include_folder_names: false,
            include_recent_searches: false,
            include_detailed_logs: false,
            privacy_mode: PrivacyMode::Standard,
        }
    }
}

impl DiagnosticsPolicy {
    /// Build from privacy settings, enforcing strict-mode restrictions.
    pub fn from_privacy(settings: &PrivacySettings) -> Self {
        let strict = settings.mode == PrivacyMode::Strict;
        Self {
            include_raw_paths: false, // never enabled by default
            include_folder_names: if strict { false } else { false }, // opt-in only
            include_recent_searches: if strict {
                false
            } else {
                settings.diagnostics_include_recent_searches
            },
            include_detailed_logs: false,
            privacy_mode: settings.mode,
        }
    }

    /// Whether this policy permits showing sensitive opt-in checkboxes.
    pub fn allows_sensitive_optins(&self) -> bool {
        self.privacy_mode.allows_diagnostics_sensitive_optins()
    }
}