trusty-analyze 0.3.0

Sidecar code-analysis daemon for trusty-search: complexity, smells, quality, facts
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345

//! Handlers for `start`, `stop`, `status`, and `doctor`.
//!
//! Why: gives users a familiar `start/stop/status/doctor` lifecycle for the
//! analyzer daemon without forcing them to learn launchd/systemd. Mirrors the
//! UX of `trusty-search` and `trusty-memory`.
//! What: spawns the binary itself in the background (writing a PID file under
//! `~/.trusty-analyze/`), sends SIGTERM on stop, TCP-probes the port for
//! status, and runs a small battery of sanity checks for doctor.
//! Test: integration coverage lives in tests against the binary; this module
//! is exercised manually via `trusty-analyze start` / `stop` / `status` /
//! `doctor` and via the unit tests below.

use std::net::{SocketAddr, TcpStream};
use std::path::{Path, PathBuf};
use std::time::Duration;

use anyhow::{Context, Result};
use colored::Colorize;

/// Resolve the data directory used for the PID file.
///
/// Why: every trusty-* daemon writes runtime metadata under `~/.<name>/` so
/// users can find it predictably. Aligns with the launchd service template
/// that already uses `~/.trusty-analyze/`.
/// What: returns `~/.trusty-analyze/`, creating it if missing.
/// Test: callers panic on $HOME-less environments — the error message is
/// surfaced via `anyhow::Result` rather than `expect`.
pub fn data_dir() -> Result<PathBuf> {
    let home = dirs::home_dir().context("could not resolve $HOME")?;
    let dir = home.join(".trusty-analyze");
    std::fs::create_dir_all(&dir).with_context(|| format!("create data dir {}", dir.display()))?;
    Ok(dir)
}

/// Path to the PID file used by `start` / `stop` / `status`.
///
/// Why: a single well-known location keeps the lifecycle commands trivial to
/// implement and lets external tooling reuse the same file.
/// What: returns `~/.trusty-analyze/daemon.pid`.
/// Test: covered transitively by `start_writes_pid_file` integration.
pub fn pid_file_path() -> Result<PathBuf> {
    Ok(data_dir()?.join("daemon.pid"))
}

/// Read the PID stored in `daemon.pid`, returning `None` if absent or invalid.
///
/// Why: stop / status both need a tolerant reader — a missing or corrupt file
/// is normal and should not panic.
/// What: parses the trimmed file contents as `u32`.
/// Test: `read_pid_handles_missing_file` below.
fn read_pid(path: &Path) -> Option<u32> {
    let raw = std::fs::read_to_string(path).ok()?;
    raw.trim().parse::<u32>().ok()
}

/// Probe whether the analyzer daemon's HTTP port is accepting connections.
///
/// Why: TCP probing is the lightest-weight signal that the daemon is up; it
/// doesn't require HTTP framing or response parsing.
/// What: connects to `127.0.0.1:<port>` with a 500 ms timeout.
/// Test: returns `false` against a free port.
fn port_reachable(port: u16) -> bool {
    let addr: SocketAddr = ([127, 0, 0, 1], port).into();
    TcpStream::connect_timeout(&addr, Duration::from_millis(500)).is_ok()
}

/// Spawn the daemon in the background and write its PID.
///
/// Why: gives users a one-command "boot the daemon" path without forcing them
/// onto launchd. Background detach is done by spawning `serve` on the same
/// executable and immediately returning.
/// What: if a PID file exists with a live PID we exit early; otherwise we
/// `Command::spawn` the current exe with `serve`, write the child PID to
/// `~/.trusty-analyze/daemon.pid`, and print the dashboard URL.
/// Test: run `trusty-analyze start` twice — the second invocation reports
/// "already running" and exits 0.
pub fn handle_start(port: u16) -> Result<()> {
    let pid_path = pid_file_path()?;
    if let Some(pid) = read_pid(&pid_path) {
        if port_reachable(port) {
            println!(
                "{} trusty-analyze already running (pid {pid}, port {port})",
                "".green()
            );
            return Ok(());
        }
        // Stale PID file — remove and continue.
        let _ = std::fs::remove_file(&pid_path);
    }

    let exe = std::env::current_exe().context("resolve current executable")?;
    let child = std::process::Command::new(&exe)
        .arg("serve")
        .arg("--port")
        .arg(port.to_string())
        .stdout(std::process::Stdio::null())
        .stderr(std::process::Stdio::null())
        .stdin(std::process::Stdio::null())
        .spawn()
        .with_context(|| format!("spawn {} serve", exe.display()))?;

    std::fs::write(&pid_path, child.id().to_string())
        .with_context(|| format!("write pid file {}", pid_path.display()))?;

    println!(
        "{} trusty-analyze started (pid {}, port {port})",
        "".green(),
        child.id()
    );
    println!(
        "  Dashboard: {}",
        format!("http://127.0.0.1:{port}/ui").cyan()
    );
    Ok(())
}

/// Stop the running daemon by sending SIGTERM to the recorded PID.
///
/// Why: pairs with `start` — a single command users can run to tear the
/// background daemon down cleanly.
/// What: reads the PID file, invokes `kill -TERM`, polls up to 5 s for the
/// process to release the port, then removes the PID file.
/// Test: with a running daemon → "stopped" message within a few seconds.
pub fn handle_stop(port: u16) -> Result<()> {
    let pid_path = pid_file_path()?;
    let Some(pid) = read_pid(&pid_path) else {
        eprintln!(
            "{} No PID file at {} — daemon not running?",
            "".red(),
            pid_path.display()
        );
        std::process::exit(1);
    };

    println!("{} Stopping trusty-analyze (pid {pid})…", "".cyan());
    let status = std::process::Command::new("kill")
        .arg("-TERM")
        .arg(pid.to_string())
        .status()
        .context("invoke kill -TERM")?;
    if !status.success() {
        eprintln!(
            "{} kill -TERM {pid} failed (process may already be gone)",
            "".red()
        );
        let _ = std::fs::remove_file(&pid_path);
        std::process::exit(1);
    }

    for _ in 0..50 {
        std::thread::sleep(Duration::from_millis(100));
        if !port_reachable(port) {
            let _ = std::fs::remove_file(&pid_path);
            println!("{} trusty-analyze stopped", "".green());
            return Ok(());
        }
    }
    println!(
        "{} Daemon did not release port {port} within 5 s; PID file left in place",
        "".yellow()
    );
    Ok(())
}

/// Show daemon status: running/down, port, version when reachable.
///
/// Why: `health` already reports trusty-search status; this command focuses
/// on the analyzer itself with more detail (PID, version) for the user.
/// What: TCP-probes the analyzer port, reads the PID file, and queries
/// `/health` for the version string if the daemon answers.
/// Test: with the daemon down, prints "DOWN" and exits 0 (informational).
pub async fn handle_status(port: u16) -> Result<()> {
    let pid_path = pid_file_path()?;
    let pid = read_pid(&pid_path);
    let reachable = port_reachable(port);

    if reachable {
        println!("{} trusty-analyze: {}", "".green(), "RUNNING".green());
    } else {
        println!("{} trusty-analyze: {}", "".red(), "DOWN".red());
    }
    println!("  Port:     {port}");
    if let Some(pid) = pid {
        println!("  PID:      {pid} (from {})", pid_path.display());
    } else {
        println!("  PID:      {}", "<no pid file>".dimmed());
    }

    if reachable {
        let url = format!("http://127.0.0.1:{port}/health");
        let client = reqwest::Client::new();
        match client
            .get(&url)
            .timeout(Duration::from_secs(2))
            .send()
            .await
        {
            Ok(resp) if resp.status().is_success() => {
                if let Ok(body) = resp.json::<serde_json::Value>().await {
                    if let Some(v) = body.get("version").and_then(|v| v.as_str()) {
                        println!("  Version:  {v}");
                    }
                }
            }
            Ok(resp) => println!("  Health:   HTTP {}", resp.status()),
            Err(e) => println!("  Health:   probe failed: {e}"),
        }
    }
    Ok(())
}

/// Diagnose common configuration issues and print a ✓/✗ summary.
///
/// Why: gives users a fast self-service path to "why isn't this working?"
/// without needing to read tracing logs.
/// What: checks (1) daemon reachable on the configured port, (2) data dir
/// exists and is writable, (3) the facts-store path is openable.
/// Test: run `trusty-analyze doctor` with the daemon down — should print the
/// missing-daemon ✗ line and exit non-zero.
pub async fn handle_doctor(port: u16, facts_path: &Path) -> Result<()> {
    let mut ok = true;
    println!("trusty-analyze doctor:");

    // 1. Daemon reachability.
    if port_reachable(port) {
        println!("  {} daemon reachable on port {port}", "".green());
    } else {
        println!(
            "  {} daemon not reachable on port {port} (start it with `trusty-analyze start`)",
            "".red()
        );
        ok = false;
    }

    // 2. Data directory writable.
    match data_dir() {
        Ok(dir) => {
            let probe = dir.join(".doctor-probe");
            match std::fs::write(&probe, b"ok") {
                Ok(()) => {
                    let _ = std::fs::remove_file(&probe);
                    println!("  {} data dir writable: {}", "".green(), dir.display());
                }
                Err(e) => {
                    println!(
                        "  {} data dir not writable ({}): {e}",
                        "".red(),
                        dir.display()
                    );
                    ok = false;
                }
            }
        }
        Err(e) => {
            println!("  {} could not resolve data dir: {e}", "".red());
            ok = false;
        }
    }

    // 3. Facts-store path openable. We don't actually open redb here — just
    // verify the parent directory exists / is creatable.
    let facts_parent = facts_path.parent().unwrap_or(Path::new("."));
    if facts_parent.as_os_str().is_empty() || facts_parent.exists() {
        println!(
            "  {} facts path parent exists: {}",
            "".green(),
            facts_path.display()
        );
    } else {
        match std::fs::create_dir_all(facts_parent) {
            Ok(()) => println!(
                "  {} facts path parent created: {}",
                "".green(),
                facts_parent.display()
            ),
            Err(e) => {
                println!(
                    "  {} could not create facts path parent {}: {e}",
                    "".red(),
                    facts_parent.display()
                );
                ok = false;
            }
        }
    }

    println!();
    if ok {
        println!("{} all checks passed", "".green());
        Ok(())
    } else {
        eprintln!("{} one or more checks failed", "".red());
        std::process::exit(1);
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    /// Why: a missing PID file is the normal "daemon not running" case and
    /// must not panic.
    /// What: passes a path that doesn't exist and asserts `None`.
    /// Test: this function.
    #[test]
    fn read_pid_handles_missing_file() {
        let tmp = std::env::temp_dir().join("trusty-analyze-no-such-pid");
        let _ = std::fs::remove_file(&tmp);
        assert!(read_pid(&tmp).is_none());
    }

    /// Why: garbage in the PID file should be treated the same as missing.
    /// What: writes "not-a-pid" and asserts `None`.
    /// Test: this function.
    #[test]
    fn read_pid_handles_garbage() {
        let dir = tempfile::tempdir().unwrap();
        let path = dir.path().join("daemon.pid");
        std::fs::write(&path, "not-a-pid\n").unwrap();
        assert!(read_pid(&path).is_none());
    }

    /// Why: a well-formed PID file should round-trip.
    /// What: writes "12345" and asserts `Some(12345)`.
    /// Test: this function.
    #[test]
    fn read_pid_parses_valid_pid() {
        let dir = tempfile::tempdir().unwrap();
        let path = dir.path().join("daemon.pid");
        std::fs::write(&path, "12345\n").unwrap();
        assert_eq!(read_pid(&path), Some(12345));
    }

    /// Why: probing a definitely-free port must return false quickly.
    /// What: picks an unused port by binding+dropping a listener, then asserts
    /// `port_reachable` is false.
    /// Test: this function.
    #[test]
    fn port_reachable_returns_false_for_free_port() {
        let listener = std::net::TcpListener::bind("127.0.0.1:0").unwrap();
        let port = listener.local_addr().unwrap().port();
        drop(listener);
        assert!(!port_reachable(port));
    }
}