tsafe-cli 1.0.26

//! Integration tests for `tsafe diff`.

use assert_cmd::Command;
use predicates::str::contains;
use tempfile::tempdir;

fn tsafe() -> Command {
    Command::cargo_bin("tsafe").unwrap()
}

#[test]
fn diff_shows_added_key() {
    let dir = tempdir().unwrap();
    // Create vault with one secret (creates initial snapshot).
    tsafe()
        .args(["init"])
        .env("TSAFE_VAULT_DIR", dir.path())
        .env("TSAFE_PASSWORD", "test-pw")
        .assert()
        .success();

    tsafe()
        .args(["set", "FIRST_KEY", "value1"])
        .env("TSAFE_VAULT_DIR", dir.path())
        .env("TSAFE_PASSWORD", "test-pw")
        .assert()
        .success();

    // Add another key — diff should show it as added.
    tsafe()
        .args(["set", "SECOND_KEY", "value2"])
        .env("TSAFE_VAULT_DIR", dir.path())
        .env("TSAFE_PASSWORD", "test-pw")
        .assert()
        .success();

    tsafe()
        .args(["diff"])
        .env("TSAFE_VAULT_DIR", dir.path())
        .env("TSAFE_PASSWORD", "test-pw")
        .assert()
        .success()
        .stdout(contains("SECOND_KEY"));
}

#[test]
fn diff_no_changes_reports_clean() {
    let dir = tempdir().unwrap();
    tsafe()
        .args(["init"])
        .env("TSAFE_VAULT_DIR", dir.path())
        .env("TSAFE_PASSWORD", "test-pw")
        .assert()
        .success();

    tsafe()
        .args(["set", "ONLY_KEY", "value"])
        .env("TSAFE_VAULT_DIR", dir.path())
        .env("TSAFE_PASSWORD", "test-pw")
        .assert()
        .success();

    // Snapshot on save is the pre-write file; one `set` leaves "latest snap" = empty vault.
    // A second save (same value) makes the newest snapshot match current decrypted state.
    tsafe()
        .args(["set", "ONLY_KEY", "value", "--overwrite"])
        .env("TSAFE_VAULT_DIR", dir.path())
        .env("TSAFE_PASSWORD", "test-pw")
        .assert()
        .success();

    // No changes since last snapshot — should report clean.
    tsafe()
        .args(["diff"])
        .env("TSAFE_VAULT_DIR", dir.path())
        .env("TSAFE_PASSWORD", "test-pw")
        .assert()
        .success()
        .stdout(contains("no changes"));
}