sem-cli 0.10.1

Semantic version control CLI. Shows what entities changed (functions, classes, methods) instead of lines.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384

//! `sem update` — self-update to the latest GitHub release, plus a
//! non-blocking background check that nudges the user when behind.

use std::fs;
use std::io::Read;
use std::path::{Path, PathBuf};
use std::time::Duration;

use colored::Colorize;
use serde::{Deserialize, Serialize};

const REPO: &str = "Ataraxy-Labs/sem";
const DOWNLOAD_TIMEOUT_SECS: u64 = 120;
/// Release binaries are ~15MB; refuse anything wildly larger.
const MAX_DOWNLOAD_BYTES: u64 = 200 * 1024 * 1024;
/// How often the background version check runs, and how often the
/// "new version available" hint may print.
const CHECK_INTERVAL_SECS: u64 = 24 * 3600;
const NOTIFY_INTERVAL_SECS: u64 = 24 * 3600;
const CHECK_TIMEOUT_SECS: u64 = 5;

// ─── Update notification ─────────────────────────────────────────────────

#[derive(Serialize, Deserialize, Default)]
struct UpdateCheckState {
    #[serde(default)]
    latest_version: String,
    #[serde(default)]
    last_check: u64,
    #[serde(default)]
    last_notified: u64,
}

fn check_disabled() -> bool {
    let set = |var: &str| std::env::var(var).is_ok_and(|v| !v.is_empty() && v != "0");
    set("SEM_NO_UPDATE_CHECK") || set("DO_NOT_TRACK")
}

fn check_state_path() -> Option<PathBuf> {
    let home = std::env::var("HOME")
        .or_else(|_| std::env::var("USERPROFILE"))
        .ok()?;
    Some(PathBuf::from(home).join(".sem").join("update-check.json"))
}

fn load_check_state() -> UpdateCheckState {
    check_state_path()
        .and_then(|p| fs::read_to_string(p).ok())
        .and_then(|s| serde_json::from_str(&s).ok())
        .unwrap_or_default()
}

fn save_check_state(state: &UpdateCheckState) {
    let Some(path) = check_state_path() else { return };
    if let Some(parent) = path.parent() {
        let _ = fs::create_dir_all(parent);
    }
    let _ = fs::write(path, serde_json::to_string(state).unwrap_or_default());
}

fn now_secs() -> u64 {
    std::time::SystemTime::now()
        .duration_since(std::time::UNIX_EPOCH)
        .map(|d| d.as_secs())
        .unwrap_or(0)
}

/// Print a once-a-day hint when a newer release is known, and kick off a
/// detached background check when the cached answer is stale. Costs one
/// small file read; never touches the network in this process.
pub fn maybe_notify(command: &str) {
    if check_disabled() {
        return;
    }
    // Commands where an extra stderr line is unwanted noise.
    if matches!(command, "update" | "mcp" | "completions") {
        return;
    }

    let mut state = load_check_state();
    let now = now_secs();
    let mut dirty = false;

    if !state.latest_version.is_empty()
        && is_newer(&state.latest_version, env!("CARGO_PKG_VERSION"))
        && now.saturating_sub(state.last_notified) >= NOTIFY_INTERVAL_SECS
    {
        eprintln!(
            "{}",
            format!(
                "A new version of sem is available: v{} → v{}. Run `sem update` to upgrade.",
                env!("CARGO_PKG_VERSION"),
                state.latest_version
            )
            .dimmed()
        );
        state.last_notified = now;
        dirty = true;
    }

    if now.saturating_sub(state.last_check) >= CHECK_INTERVAL_SECS {
        // Stamp before spawning so concurrent runs don't spawn a checker each.
        state.last_check = now;
        dirty = true;
        if let Ok(exe) = std::env::current_exe() {
            let _ = std::process::Command::new(exe)
                .arg("__update-check")
                .stdin(std::process::Stdio::null())
                .stdout(std::process::Stdio::null())
                .stderr(std::process::Stdio::null())
                .spawn();
        }
    }

    if dirty {
        save_check_state(&state);
    }
}

/// Hidden subcommand body: fetch the latest release tag and cache it.
/// Runs in its own process.
pub fn background_check() {
    if check_disabled() {
        return;
    }
    let agent = ureq::AgentBuilder::new()
        .timeout(Duration::from_secs(CHECK_TIMEOUT_SECS))
        .build();
    let Ok(resp) = agent
        .get(&format!(
            "https://api.github.com/repos/{REPO}/releases/latest"
        ))
        .set("User-Agent", "sem-cli")
        .set("Accept", "application/vnd.github+json")
        .call()
    else {
        return;
    };
    let Ok(release) = resp.into_json::<serde_json::Value>() else {
        return;
    };
    let Some(tag) = release["tag_name"].as_str() else {
        return;
    };

    let mut state = load_check_state();
    state.latest_version = tag.trim_start_matches('v').to_string();
    state.last_check = now_secs();
    save_check_state(&state);
}

// ─── sem update ──────────────────────────────────────────────────────────

pub fn run() -> Result<(), Box<dyn std::error::Error>> {
    let current = env!("CARGO_PKG_VERSION");

    // Homebrew owns its files; replacing them under brew's feet breaks
    // `brew upgrade` later. Defer to it.
    let exe = std::env::current_exe()?;
    let exe_str = exe.to_string_lossy();
    if exe_str.contains("/Cellar/") || exe_str.contains("/linuxbrew/") {
        println!(
            "sem was installed with Homebrew. Update it with:\n  {}",
            "brew upgrade sem".bold()
        );
        return Ok(());
    }

    eprint!("{}", "Checking for updates...".dimmed());
    let agent = ureq::AgentBuilder::new()
        .timeout(Duration::from_secs(DOWNLOAD_TIMEOUT_SECS))
        .build();

    let release: serde_json::Value = agent
        .get(&format!(
            "https://api.github.com/repos/{REPO}/releases/latest"
        ))
        .set("User-Agent", "sem-cli")
        .set("Accept", "application/vnd.github+json")
        .call()?
        .into_json()?;

    let tag = release["tag_name"]
        .as_str()
        .ok_or("No tag_name in latest release")?;
    let latest = tag.trim_start_matches('v');
    eprintln!(" latest is v{latest}");

    if !is_newer(latest, current) {
        println!(
            "{} sem v{current} is already the latest version",
            "ok".green().bold()
        );
        return Ok(());
    }

    let artifact = artifact_name()?;
    let url = format!("https://github.com/{REPO}/releases/download/{tag}/{artifact}");

    println!(
        "Updating sem {}{}",
        format!("v{current}").dimmed(),
        format!("v{latest}").bold()
    );

    // Download to a temp dir.
    let tmp = std::env::temp_dir().join(format!("sem-update-{}", std::process::id()));
    fs::create_dir_all(&tmp)?;
    let archive = tmp.join(&artifact);
    download(&agent, &url, &archive)?;

    // Best-effort checksum verification when a system sha tool exists.
    verify_checksum(&agent, tag, &artifact, &archive);

    // Extract. tar handles .tar.gz on macOS, Linux, and Windows 10+.
    let status = std::process::Command::new("tar")
        .arg("xzf")
        .arg(&archive)
        .arg("-C")
        .arg(&tmp)
        .status()?;
    if !status.success() {
        cleanup(&tmp);
        return Err("Failed to extract release archive".into());
    }

    let new_binary = find_binary(&tmp).ok_or("No sem binary found in release archive")?;

    // Swap in place: move the running binary aside (allowed on Unix and
    // Windows), then move the new one into its path.
    let old = exe.with_extension("old");
    let _ = fs::remove_file(&old);
    if let Err(e) = fs::rename(&exe, &old) {
        cleanup(&tmp);
        return Err(format!(
            "Cannot replace {} ({e}). Try with elevated permissions, or reinstall:\n  curl -fsSL https://raw.githubusercontent.com/{REPO}/main/install.sh | sh",
            exe.display()
        )
        .into());
    }
    if let Err(e) = fs::rename(&new_binary, &exe) {
        // Roll back so the user still has a working sem.
        let _ = fs::rename(&old, &exe);
        cleanup(&tmp);
        return Err(format!("Failed to install new binary: {e}").into());
    }

    #[cfg(unix)]
    {
        use std::os::unix::fs::PermissionsExt;
        let _ = fs::set_permissions(&exe, fs::Permissions::from_mode(0o755));
    }

    let _ = fs::remove_file(&old); // fails harmlessly on Windows while running
    cleanup(&tmp);

    println!(
        "{} Updated to v{latest} ({})",
        "ok".green().bold(),
        exe.display()
    );
    Ok(())
}

/// Strict numeric semver comparison; non-numeric parts compare as 0.
fn is_newer(candidate: &str, current: &str) -> bool {
    let parse = |v: &str| -> (u64, u64, u64) {
        let mut parts = v.split('.').map(|p| {
            p.chars()
                .take_while(|c| c.is_ascii_digit())
                .collect::<String>()
                .parse::<u64>()
                .unwrap_or(0)
        });
        (
            parts.next().unwrap_or(0),
            parts.next().unwrap_or(0),
            parts.next().unwrap_or(0),
        )
    };
    parse(candidate) > parse(current)
}

fn artifact_name() -> Result<String, Box<dyn std::error::Error>> {
    let os = match std::env::consts::OS {
        "macos" => "darwin",
        "linux" => "linux",
        "windows" => "windows",
        other => return Err(format!("No prebuilt binaries for OS '{other}'").into()),
    };
    let arch = match std::env::consts::ARCH {
        "aarch64" => "arm64",
        "x86_64" => "x86_64",
        other => return Err(format!("No prebuilt binaries for arch '{other}'").into()),
    };
    Ok(format!("sem-{os}-{arch}.tar.gz"))
}

fn download(
    agent: &ureq::Agent,
    url: &str,
    dest: &Path,
) -> Result<(), Box<dyn std::error::Error>> {
    let resp = agent.get(url).set("User-Agent", "sem-cli").call()?;
    let mut reader = resp.into_reader().take(MAX_DOWNLOAD_BYTES);
    let mut file = fs::File::create(dest)?;
    std::io::copy(&mut reader, &mut file)?;
    Ok(())
}

/// Verify the archive against the release's checksums.txt when shasum or
/// sha256sum is available. Hard-fails on mismatch; skips silently when no
/// tool or no checksum entry exists.
fn verify_checksum(agent: &ureq::Agent, tag: &str, artifact: &str, archive: &Path) {
    let url = format!("https://github.com/{REPO}/releases/download/{tag}/checksums.txt");
    let Ok(resp) = agent.get(&url).set("User-Agent", "sem-cli").call() else {
        return;
    };
    let Ok(listing) = resp.into_string() else {
        return;
    };
    let Some(expected) = listing
        .lines()
        .find(|l| l.contains(artifact))
        .and_then(|l| l.split_whitespace().next())
        .map(str::to_lowercase)
    else {
        return;
    };

    let actual = ["sha256sum", "shasum"]
        .iter()
        .find_map(|tool| {
            let mut cmd = std::process::Command::new(tool);
            if *tool == "shasum" {
                cmd.args(["-a", "256"]);
            }
            cmd.arg(archive);
            let out = cmd.output().ok()?;
            if !out.status.success() {
                return None;
            }
            String::from_utf8_lossy(&out.stdout)
                .split_whitespace()
                .next()
                .map(str::to_lowercase)
        });

    if let Some(actual) = actual {
        if actual != expected {
            eprintln!(
                "{} checksum mismatch for {artifact} — aborting",
                "error:".red().bold()
            );
            std::process::exit(1);
        }
    }
}

fn find_binary(dir: &Path) -> Option<PathBuf> {
    let names = ["sem", "sem.exe"];
    // Top level first, then one level deep (archives may nest a directory).
    for name in names {
        let direct = dir.join(name);
        if direct.is_file() {
            return Some(direct);
        }
    }
    for entry in fs::read_dir(dir).ok()?.flatten() {
        if entry.path().is_dir() {
            for name in names {
                let nested = entry.path().join(name);
                if nested.is_file() {
                    return Some(nested);
                }
            }
        }
    }
    None
}

fn cleanup(tmp: &Path) {
    let _ = fs::remove_dir_all(tmp);
}