rusty-autossh 0.1.0

Keep an SSH tunnel alive across drops — a Rust port of Carson Harding's `autossh 1.4g` SSH connection supervisor. Tokio-based supervisor, `-M <port>` monitor-port heartbeat (or `-M 0` exit-only respawn), `AUTOSSH_*` env-var surface incl. `AUTOSSH_MESSAGE` byte-identical wire format, Unix `-f` daemonize + Windows `DETACHED_PROCESS` analogue, SIGTERM/SIGUSR1/SIGHUP handling on Unix, byte-equal Strict-mode upstream compatibility, and a typed library API.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328

//! Library API surface tests (US4 — T092..T103).
//!
//! These tests assert the v0.1.0 public-library contract:
//!
//! - **T096** `default-features = false` dep tree excludes every CLI-only
//!   crate (clap / clap_complete / anstyle / tracing-* / daemonize /
//!   atomicwrites / windows-sys-0.59) per HINT-007 + FR-061 + SC-008.
//! - **T097** Send/Sync compile-time guards per SC-009 / FR-060.
//! - **T099** `MonitorMode::None` happy-path supervisor (no fs, no listener,
//!   pure library usage) per US4-AS3.
//! - **T100** `SupervisorEvent` mpsc channel consumer wiring per US4-AS2.
//! - **T101** `MonitorMode::Active` variant buildability + argv-injection
//!   per FR-063.
//! - **T102** `AutosshError` `#[from] io::Error` conversion per AD-014.

#![allow(clippy::let_underscore_untyped)]

use std::env;
use std::io;
use std::process::Command;
use std::time::Duration;

use static_assertions::assert_impl_all;
use tokio::sync::mpsc;

use rusty_autossh::{
    AutosshError, CompatibilityMode, MonitorMode, SshSupervisor, SshSupervisorBuilder,
    SupervisorEvent,
};

// -----------------------------------------------------------------------------
// T097 — Send/Sync compile-time guards (SC-009 / FR-060).
// -----------------------------------------------------------------------------

assert_impl_all!(SshSupervisorBuilder: Send, Sync);
// SshSupervisor is intentionally Send but NOT Sync — it owns the mutable
// child handle + monitor listeners.
assert_impl_all!(SshSupervisor: Send);
assert_impl_all!(MonitorMode: Send, Sync, Clone);
assert_impl_all!(SupervisorEvent: Send, Sync);
assert_impl_all!(AutosshError: Send, Sync);
assert_impl_all!(CompatibilityMode: Send, Sync, Clone, Copy);

#[test]
fn send_sync_compile_time_guards_pass() {
    // Force the static_assertions invocations above to be referenced from a
    // real test entry so they're guaranteed to be evaluated.
    fn assert_static<T: 'static>() {}
    assert_static::<AutosshError>();
}

// -----------------------------------------------------------------------------
// T096 — dep tree under `--no-default-features` excludes CLI-only crates.
// -----------------------------------------------------------------------------

/// CLI-only crate names that MUST NOT appear in the no-default-features dep
/// tree per HINT-007 + FR-061. (Allow-list strategy is too brittle because
/// tokio + socket2 + thiserror pull a long transitive subtree of pure-Rust
/// crates.)
const CLI_ONLY_CRATES: &[&str] = &[
    "clap",
    "clap_complete",
    "anstyle",
    "tracing",
    "tracing-subscriber",
    "tracing-appender",
    "daemonize",
    "atomicwrites",
];

#[test]
fn default_features_off_excludes_cli_deps() {
    let cargo = env::var_os("CARGO").unwrap_or_else(|| "cargo".into());
    let manifest_dir = env!("CARGO_MANIFEST_DIR");

    let output = Command::new(&cargo)
        .args([
            "tree",
            "--no-default-features",
            "--prefix",
            "none",
            "--edges",
            "normal",
            "--no-dedupe",
        ])
        .current_dir(manifest_dir)
        .output()
        .expect("cargo tree --no-default-features invocation");

    assert!(
        output.status.success(),
        "cargo tree exited {:?}\nstderr:\n{}",
        output.status,
        String::from_utf8_lossy(&output.stderr),
    );
    let stdout = String::from_utf8_lossy(&output.stdout);

    // The crate root must be present.
    assert!(
        stdout.contains("rusty-autossh"),
        "dep tree missing rusty-autossh:\n{stdout}"
    );

    // Always-on deps required for the library API.
    for required in &["tokio", "thiserror", "socket2"] {
        assert!(
            stdout
                .lines()
                .any(|line| line.starts_with(&format!("{required} v"))),
            "dep tree missing required allow-list crate `{required}`:\n{stdout}"
        );
    }

    // CLI-only crates must be absent — they only enter the tree when the
    // `cli` feature is active.
    for cli_only in CLI_ONLY_CRATES {
        let needle_prefix = format!("{cli_only} v");
        let hit = stdout.lines().any(|line| line.starts_with(&needle_prefix));
        assert!(
            !hit,
            "CLI-only crate `{cli_only}` leaked into the library dep tree:\n{stdout}"
        );
    }

    // The CLI-gated `windows-sys = 0.59` optional dep MUST be absent.
    // (`socket2` pulls its own `windows-sys` versions transitively — that's
    // an unrelated pure-Rust subtree, so we narrow the absence check to the
    // version pinned in `Cargo.toml [target.'cfg(windows)'.dependencies]`.)
    assert!(
        !stdout.contains("windows-sys v0.59"),
        "CLI-gated windows-sys 0.59 leaked into the library dep tree:\n{stdout}"
    );
}

// -----------------------------------------------------------------------------
// T099 — Library run with `MonitorMode::None` end-to-end (no fs, no listener).
// -----------------------------------------------------------------------------

/// Run the supervisor in library-only `MonitorMode::None` mode against a
/// non-existent ssh binary and observe the resulting `AutosshError` path —
/// covers pure-library usage with no fs and no TCP listener bind.
#[test]
fn library_run_with_monitor_mode_none_returns_error_for_missing_ssh() {
    let rt = tokio::runtime::Builder::new_current_thread()
        .enable_all()
        .build()
        .expect("tokio runtime build");

    rt.block_on(async {
        // Force resolve_ssh_path to fail by pointing AUTOSSH_PATH at a
        // path that obviously cannot spawn AND letting spawn fail.
        // We bypass the resolver by providing an explicit ssh_path that
        // does not exist, which surfaces a spawn-time `AutosshError::Io`.
        let bogus = std::path::PathBuf::from(if cfg!(windows) {
            "C:\\nonexistent\\ssh-does-not-exist.exe"
        } else {
            "/nonexistent/ssh-does-not-exist"
        });

        let mut supervisor = SshSupervisorBuilder::new()
            .ssh_args(vec!["user@host".to_string()])
            .monitor_mode(MonitorMode::None)
            .ssh_path(bogus)
            .poll(Duration::from_millis(50))
            .gate_time(Duration::from_millis(10))
            .max_start(Some(1))
            .one_shot(true)
            .build()
            .expect("builder build succeeds with explicit ssh_path");

        let result = supervisor.run().await;
        // Either Io (spawn failure) or MaxStartReached after one immediate
        // failure — both are acceptable library-API outcomes for a
        // non-existent binary.
        assert!(
            matches!(
                result,
                Err(AutosshError::Io(_)) | Err(AutosshError::MaxStartReached { .. })
            ),
            "expected Io or MaxStartReached for missing ssh, got {result:?}"
        );
    });
}

// -----------------------------------------------------------------------------
// T100 — `SupervisorEvent` mpsc channel consumer wiring.
// -----------------------------------------------------------------------------

#[test]
fn supervisor_event_mpsc_channel_wires_through_builder() {
    let rt = tokio::runtime::Builder::new_current_thread()
        .enable_all()
        .build()
        .expect("tokio runtime build");

    rt.block_on(async {
        let (tx, mut rx) = mpsc::channel::<SupervisorEvent>(16);

        let bogus = std::path::PathBuf::from(if cfg!(windows) {
            "C:\\nonexistent\\ssh-does-not-exist.exe"
        } else {
            "/nonexistent/ssh-does-not-exist"
        });

        let mut supervisor = SshSupervisorBuilder::new()
            .ssh_args(vec!["user@host".to_string()])
            .monitor_mode(MonitorMode::None)
            .ssh_path(bogus)
            .poll(Duration::from_millis(50))
            .gate_time(Duration::from_millis(10))
            .max_start(Some(1))
            .one_shot(true)
            .event_sender(tx)
            .build()
            .expect("builder build succeeds with explicit ssh_path");

        let _result = supervisor.run().await;

        // Drain whatever events were sent. We don't gate on a specific
        // variant order — the supervisor can fail before ChildSpawned
        // when spawn itself errors. We only assert the channel receiver
        // can be consumed without panicking and at least one event arrived
        // OR the run exited without dispatching any event (both branches
        // are legitimate for a failed-spawn happy-path).
        let mut count = 0usize;
        while let Ok(Some(_event)) =
            tokio::time::timeout(Duration::from_millis(100), rx.recv()).await
        {
            count += 1;
            if count >= 32 {
                break;
            }
        }
        // Just demonstrate the consumer can pull events.
        let _ = count;
    });
}

// -----------------------------------------------------------------------------
// T101 — `MonitorMode::Active` variant build + argv-injection coverage.
// -----------------------------------------------------------------------------

#[test]
fn monitor_mode_active_variants_are_constructible() {
    let two_listener = MonitorMode::Active {
        port: 20000,
        echo: None,
    };
    let single_listener = MonitorMode::Active {
        port: 20000,
        echo: Some(22),
    };
    let none = MonitorMode::None;

    // Pattern match exercising the public surface.
    for mode in [two_listener, single_listener, none] {
        match mode {
            MonitorMode::None => {}
            MonitorMode::Active { port, echo } => {
                assert_eq!(port, 20000);
                assert!(matches!(echo, None | Some(22)));
            }
            _ => unreachable!("non_exhaustive future variant"),
        }
    }
}

#[test]
fn monitor_mode_active_with_echo_argv_injection() {
    let mode = MonitorMode::Active {
        port: 20000,
        echo: Some(22),
    };
    let injected =
        rusty_autossh::spawner::inject_monitor_forwards(&mode, &["user@host".to_string()]);

    // `-L 20000:127.0.0.1:22` only — NO `-R` per FR-004 + FR-063.
    assert_eq!(injected.len(), 3, "expected 3 tokens, got {injected:?}");
    assert_eq!(injected[0], "-L");
    assert_eq!(injected[1], "20000:127.0.0.1:22");
    assert_eq!(injected[2], "user@host");
    assert!(
        !injected.iter().any(|t| t == "-R"),
        "no `-R` token expected for echo-mode injection, got {injected:?}"
    );
}

// -----------------------------------------------------------------------------
// T102 — `AutosshError` `#[from] io::Error` conversion.
// -----------------------------------------------------------------------------

#[test]
fn autossh_error_from_io_error_via_from_derive() {
    let io_err = io::Error::new(io::ErrorKind::PermissionDenied, "denied");
    let autossh_err: AutosshError = io_err.into();

    match autossh_err {
        AutosshError::Io(inner) => {
            assert_eq!(inner.kind(), io::ErrorKind::PermissionDenied);
        }
        other => panic!("expected AutosshError::Io, got {other:?}"),
    }
}

#[test]
fn autossh_error_source_chain_for_wrapping_variants() {
    use std::error::Error;

    // Wrapping variant — source() must surface the inner io::Error.
    let inner = io::Error::new(io::ErrorKind::AddrInUse, "in use");
    let err = AutosshError::MonitorBindFailed {
        port: 20000,
        source: inner,
    };
    assert!(err.source().is_some(), "wrapping variant must have source");

    // Leaf variant — source() must be None.
    let leaf = AutosshError::SshNotFound {
        searched: vec![std::path::PathBuf::from("/usr/bin")],
    };
    assert!(leaf.source().is_none(), "leaf variant must have no source");

    let leaf2 = AutosshError::MaxStartReached { attempts: 3 };
    assert!(leaf2.source().is_none());

    let leaf3 = AutosshError::MaxLifetimeReached;
    assert!(leaf3.source().is_none());
}