shellfirm 0.3.9

`shellfirm` will intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification, kinda like a captcha for your terminal.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

//! Environment abstraction for testability.
//!
//! Provides the [`Environment`] trait to abstract all external I/O
//! (env vars, filesystem, subprocesses), enabling fully sandboxed testing.

use std::{
    collections::{HashMap, HashSet},
    io::{BufReader, Read as _},
    path::{Path, PathBuf},
    process, thread,
    time::Duration,
};

use crate::error::Result;
use wait_timeout::ChildExt;

/// Abstracts all interaction with the operating system.
///
/// The real application uses [`RealEnvironment`]; tests inject
/// [`MockEnvironment`] so that nothing touches the real system.
pub trait Environment: Send + Sync {
    /// Read an environment variable.
    fn var(&self, key: &str) -> Option<String>;

    /// Get the current working directory.
    ///
    /// # Errors
    /// Returns an error if the working directory cannot be determined.
    fn current_dir(&self) -> Result<PathBuf>;

    /// Check if a path exists (file or directory).
    fn path_exists(&self, path: &Path) -> bool;

    /// Get the user's home directory.
    fn home_dir(&self) -> Option<PathBuf>;

    /// Run a command and return its stdout, or `None` on failure/timeout.
    fn run_command(&self, cmd: &str, args: &[&str], timeout_ms: u64) -> Option<String>;

    /// Read a file's contents.
    ///
    /// # Errors
    /// Returns an error if the file cannot be read.
    fn read_file(&self, path: &Path) -> Result<String>;

    /// Walk up directories from `start` looking for `filename`.
    /// Returns the full path to the first match, or `None`.
    fn find_file_upward(&self, start: &Path, filename: &str) -> Option<PathBuf>;
}

// ---------------------------------------------------------------------------
// Real implementation (used in production)
// ---------------------------------------------------------------------------

/// Production [`Environment`] backed by the real OS.
pub struct RealEnvironment;

impl Environment for RealEnvironment {
    fn var(&self, key: &str) -> Option<String> {
        std::env::var(key).ok()
    }

    fn current_dir(&self) -> Result<PathBuf> {
        std::env::current_dir().map_err(Into::into)
    }

    fn path_exists(&self, path: &Path) -> bool {
        path.exists()
    }

    fn home_dir(&self) -> Option<PathBuf> {
        dirs::home_dir()
    }

    fn run_command(&self, cmd: &str, args: &[&str], timeout_ms: u64) -> Option<String> {
        let mut child = process::Command::new(cmd)
            .args(args)
            .stdin(process::Stdio::null())
            .stdout(process::Stdio::piped())
            .stderr(process::Stdio::null())
            .spawn()
            .ok()?;

        // Read stdout in a separate thread to prevent pipe buffer deadlock.
        // Without this, processes producing >64KB of stdout (e.g. `find` on
        // large directories) block on write, causing wait_timeout to fire
        // even though the process hasn't finished computing.
        let stdout = child.stdout.take()?;
        let reader_handle = thread::spawn(move || {
            let mut output = String::new();
            let mut reader = BufReader::new(stdout);
            let _ = reader.read_to_string(&mut output);
            output
        });

        let timeout = Duration::from_millis(timeout_ms);
        match child.wait_timeout(timeout) {
            Ok(Some(status)) if status.success() => {
                reader_handle.join().ok().map(|o| o.trim().to_string())
            }
            Ok(Some(_)) => {
                // Process exited with non-success status
                None
            }
            Ok(None) => {
                // Timeout — kill the child (closes pipe, unblocks reader)
                let _ = child.kill();
                let _ = child.wait();
                let _ = reader_handle.join();
                None
            }
            Err(_) => None,
        }
    }

    fn read_file(&self, path: &Path) -> Result<String> {
        Ok(std::fs::read_to_string(path)?)
    }

    fn find_file_upward(&self, start: &Path, filename: &str) -> Option<PathBuf> {
        let mut current = start.to_path_buf();
        loop {
            let candidate = current.join(filename);
            if candidate.is_file() {
                return Some(candidate);
            }
            if !current.pop() {
                return None;
            }
        }
    }
}

// ---------------------------------------------------------------------------
// Mock implementation (used in tests — zero real I/O)
// ---------------------------------------------------------------------------

/// A fully in-memory [`Environment`] for sandboxed testing.
///
/// Every field is public so tests can construct scenarios declaratively.
#[derive(Debug, Clone, Default)]
pub struct MockEnvironment {
    pub env_vars: HashMap<String, String>,
    pub cwd: PathBuf,
    pub existing_paths: HashSet<PathBuf>,
    pub home: Option<PathBuf>,
    /// Maps `"cmd arg1 arg2"` → stdout output.
    pub command_outputs: HashMap<String, String>,
    /// Virtual filesystem: path → file contents.
    pub files: HashMap<PathBuf, String>,
}

impl Environment for MockEnvironment {
    fn var(&self, key: &str) -> Option<String> {
        self.env_vars.get(key).cloned()
    }

    fn current_dir(&self) -> Result<PathBuf> {
        Ok(self.cwd.clone())
    }

    fn path_exists(&self, path: &Path) -> bool {
        self.existing_paths.contains(path) || self.files.contains_key(path)
    }

    fn home_dir(&self) -> Option<PathBuf> {
        self.home.clone()
    }

    fn run_command(&self, cmd: &str, args: &[&str], _timeout_ms: u64) -> Option<String> {
        let key = format!("{} {}", cmd, args.join(" "));
        self.command_outputs.get(&key).cloned()
    }

    fn read_file(&self, path: &Path) -> Result<String> {
        self.files.get(path).cloned().ok_or_else(|| {
            crate::error::Error::Other(format!("mock file not found: {}", path.display()))
        })
    }

    fn find_file_upward(&self, start: &Path, filename: &str) -> Option<PathBuf> {
        let mut current = start.to_path_buf();
        loop {
            let candidate = current.join(filename);
            if self.files.contains_key(&candidate) {
                return Some(candidate);
            }
            if !current.pop() {
                return None;
            }
        }
    }
}