void-cli 0.0.2

CLI for void — anonymous encrypted source control
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399

//! Initialize a new void repository.
//!
//! Creates the `.void` directory structure in **collaboration mode** by default.
//! Requires an existing identity (`void identity init`). The identity's public keys
//! are used to create a contributor manifest with the user as owner and the repo key
//! ECIES-wrapped for the owner.

use rand::RngCore;
use serde::Serialize;
use std::collections::HashMap;
#[cfg(test)]
use std::fs;
use std::path::Path;
use void_core::collab::manifest::RepoKey;

use crate::context::load_public_identity;
use crate::output::{run_command, CliError, CliOptions, ErrorCode};
use crate::repo_init::{self, NewRepoOpts};

/// JSON output for the init command.
#[derive(Debug, Serialize)]
pub struct InitOutput {
    /// Path to the created .void directory.
    pub path: String,
    /// Whether the repository was created (always true on success).
    pub created: bool,
    /// UUID v4 identifying this repository.
    pub repo_id: String,
    /// Human-friendly name (derived from directory name).
    pub repo_name: String,
}

/// Initialize a new void repository in the given directory.
///
/// Requires an existing identity (created via `void identity init`).
///
/// Creates:
/// - `.void/` directory
/// - `.void/objects/` directory for object storage
/// - `.void/refs/heads/` directory for branch refs
/// - `.void/staged/` directory for staged blobs
/// - `.void/HEAD` file pointing to refs/heads/trunk
/// - `.void/contributors.json` manifest with owner as first contributor (ECIES-wrapped repo key)
/// - `.void/config.json` with default configuration including repoSecret and user.name
///
/// # Errors
///
/// Returns an error if:
/// - `.void` directory already exists (conflict)
/// - No identity exists (must run `void identity init` first)
/// - Failed to create directory or write files
pub fn run(cwd: &Path, opts: &CliOptions) -> Result<(), CliError> {
    run_command("init", opts, |ctx| {
        let void_dir = cwd.join(".void");

        // Check if already initialized
        if void_dir.exists() {
            let mut details = HashMap::new();
            details.insert(
                "path".to_string(),
                serde_json::Value::String(void_dir.display().to_string()),
            );
            return Err(CliError::with_details(
                ErrorCode::Conflict,
                "repository already initialized",
                details,
            ));
        }

        ctx.progress("Checking identity...");

        // Pre-flight: verify identity exists before creating any directories.
        // setup_owner_manifest will load identity again, but checking early
        // avoids leaving a partial .void directory on failure.
        load_public_identity().map_err(|_| {
            CliError::new(
                ErrorCode::InvalidArgs,
                "no identity found — run 'void identity init' first",
            )
        })?;

        ctx.progress("Creating .void directory...");

        // Generate repo identity
        let repo_id = uuid::Uuid::new_v4().to_string();
        // Canonicalize to resolve "." to an absolute path before extracting dir name
        let abs_cwd = cwd.canonicalize().unwrap_or_else(|_| cwd.to_path_buf());
        let repo_name = abs_cwd
            .file_name()
            .and_then(|n| n.to_str())
            .unwrap_or("unnamed")
            .to_string();

        // Create .void directory structure (canonical: includes refs/tags)
        repo_init::create_void_dir_structure(&void_dir)?;
        ctx.verbose("Created .void directory structure");

        // Generate random 32-byte key (only exists in memory; persisted
        // solely as an ECIES-wrapped blob inside the manifest below).
        let mut key = [0u8; 32];
        rand::thread_rng().fill_bytes(&mut key);
        let repo_key = RepoKey::from_bytes(key);
        ctx.verbose("Generated encryption key");

        // Create manifest + config via shared helper
        let result = repo_init::setup_owner_manifest(&void_dir, &repo_key, NewRepoOpts {
            repo_name: Some(repo_name.clone()),
            repo_id: Some(repo_id.clone()),
            repo_secret: Some(repo_init::generate_repo_secret()),
        })?;
        ctx.verbose("Created contributor manifest and config");

        // Register in local repo registry (best-effort)
        match crate::registry::register_repo(&repo_id, &repo_name, cwd, "self", None) {
            Ok(_record) => {}
            Err(e) => {
                ctx.warn(format!("Failed to register repo in registry: {}", e));
            }
        }

        let void_dir_str = void_dir.display().to_string();

        // Human-readable output
        if !ctx.use_json() {
            ctx.info(format!(
                "Initialized void repository in {} (collaboration mode, owner: {})",
                void_dir_str, result.username
            ));
        }

        Ok(InitOutput {
            path: void_dir_str,
            created: true,
            repo_id,
            repo_name,
        })
    })
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::output::CliOptions;
    use tempfile::tempdir;
    use void_core::collab::manifest::{load_manifest, SigningPubKey, RecipientPubKey};
    use void_core::collab::Identity;

    fn default_opts() -> CliOptions {
        CliOptions {
            human: true,
            ..Default::default()
        }
    }

    /// Set up a fake identity on disk so `load_public_identity()` succeeds.
    ///
    /// Creates `<home>/.void/identity/{signing.pub, recipient.pub, profile.json}`
    /// and returns a `VoidHomeGuard` that overrides `get_void_home()` for this
    /// thread. The caller must hold the guard for the duration of the test.
    fn setup_test_identity(
        home_dir: &Path,
        username: &str,
    ) -> (SigningPubKey, RecipientPubKey, crate::context::VoidHomeGuard) {
        let identity = Identity::generate();
        let signing_pub = identity.signing_pubkey();
        let recipient_pub = identity.recipient_pubkey();

        let identity_dir = home_dir.join(".void").join("identity");
        fs::create_dir_all(&identity_dir).unwrap();

        fs::write(
            identity_dir.join("signing.pub"),
            signing_pub.to_hex(),
        )
        .unwrap();
        fs::write(
            identity_dir.join("recipient.pub"),
            recipient_pub.to_hex(),
        )
        .unwrap();
        fs::write(
            identity_dir.join("profile.json"),
            format!(r#"{{"username":"{}"}}"#, username),
        )
        .unwrap();

        let guard = crate::context::VoidHomeGuard::new(home_dir);

        (signing_pub, recipient_pub, guard)
    }

    #[test]
    fn test_init_creates_void_dir() {
        let home = tempdir().unwrap();
        let _guard = setup_test_identity(home.path(), "alice");

        let dir = tempdir().unwrap();
        let result = run(dir.path(), &default_opts());
        assert!(result.is_ok());

        let void_dir = dir.path().join(".void");
        assert!(void_dir.exists());
        assert!(
            !void_dir.join("key.legacy").exists(),
            "should NOT have key.legacy (plaintext key storage eliminated)"
        );
        assert!(!void_dir.join("key").exists(), "should NOT have plaintext key");
        assert!(void_dir.join("contributors.json").exists());
        assert!(void_dir.join("config.json").exists());
        assert!(void_dir.join("objects").is_dir());
        assert!(void_dir.join("refs/heads").is_dir());
        assert!(void_dir.join("staged").is_dir());
        assert!(void_dir.join("HEAD").exists());
    }

    #[test]
    fn test_init_head_file_content() {
        let home = tempdir().unwrap();
        let _guard = setup_test_identity(home.path(), "alice");

        let dir = tempdir().unwrap();
        run(dir.path(), &default_opts()).unwrap();

        let head_content = fs::read_to_string(dir.path().join(".void/HEAD")).unwrap();
        assert_eq!(head_content, "ref: refs/heads/trunk\n");
    }

    #[test]
    fn test_init_key_wrapped_in_manifest() {
        let home = tempdir().unwrap();
        let (signing_pub, _recipient_pub, _guard) = setup_test_identity(home.path(), "alice");

        let dir = tempdir().unwrap();
        run(dir.path(), &default_opts()).unwrap();

        let void_dir = dir.path().join(".void");

        // No plaintext key should exist
        assert!(!void_dir.join("key.legacy").exists());

        // Manifest should have a wrapped key for the owner
        let manifest = load_manifest(&void_dir).unwrap().expect("manifest should exist");
        assert!(
            manifest.read_keys.wrapped.contains_key(&signing_pub),
            "manifest should contain a wrapped key for the owner"
        );
    }

    #[test]
    fn test_init_repo_secret_in_config() {
        let home = tempdir().unwrap();
        let _guard = setup_test_identity(home.path(), "alice");

        let dir = tempdir().unwrap();
        run(dir.path(), &default_opts()).unwrap();

        let config = void_core::config::load(&dir.path().join(".void")).unwrap();
        assert!(config.repo_secret.is_some());
        let repo_secret = config.repo_secret.unwrap();
        // Should be 64 hex chars (32 bytes)
        assert_eq!(repo_secret.len(), 64);
        // Should be valid hex
        assert!(hex::decode(&repo_secret).is_ok());
    }

    #[test]
    fn test_init_already_initialized() {
        let home = tempdir().unwrap();
        let _guard = setup_test_identity(home.path(), "alice");

        let dir = tempdir().unwrap();

        // First init should succeed
        run(dir.path(), &default_opts()).unwrap();

        // Second init should fail with conflict error
        let result = run(dir.path(), &default_opts());
        assert!(result.is_err());
    }

    #[test]
    fn test_init_creates_manifest() {
        let home = tempdir().unwrap();
        let _guard = setup_test_identity(home.path(), "alice");

        let dir = tempdir().unwrap();
        run(dir.path(), &default_opts()).unwrap();

        let void_dir = dir.path().join(".void");
        let manifest = load_manifest(&void_dir).unwrap().expect("manifest should exist");

        // Manifest should be self-consistent: owner is the first contributor's signing key
        let owner = &manifest.owner;
        assert_eq!(manifest.contributors.len(), 1);
        assert!(manifest.is_owner(&manifest.contributors[0].identity.signing));
        assert_eq!(&manifest.contributors[0].added_by, owner);

        // Should have a wrapped key for the owner
        assert!(manifest.read_keys.wrapped.contains_key(owner));

        // Should have repo metadata
        assert!(manifest.repo_id.is_some());
        assert!(manifest.repo_name.is_some());
    }

    #[test]
    fn test_init_no_identity_fails() {
        let home = tempdir().unwrap();
        // Point void home to empty tempdir (no identity files)
        let _guard = crate::context::VoidHomeGuard::new(home.path());

        let dir = tempdir().unwrap();
        let result = run(dir.path(), &default_opts());
        let err = result.unwrap_err();

        // Should give a clear error mentioning how to fix it
        assert!(
            err.message.contains("void identity init"),
            "error should mention 'void identity init', got: {}",
            err.message
        );

        // .void directory should NOT have been created
        assert!(!dir.path().join(".void").exists());
    }

    #[test]
    fn test_init_config_has_username() {
        let home = tempdir().unwrap();
        let _guard = setup_test_identity(home.path(), "bob");

        let dir = tempdir().unwrap();
        run(dir.path(), &default_opts()).unwrap();

        let void_dir = dir.path().join(".void");
        let config = void_core::config::load(&void_dir).unwrap();
        // Config should have a username set (matches whatever identity was loaded)
        assert!(config.user.name.is_some());

        // Username in config should match the contributor name in the manifest
        let manifest = load_manifest(&void_dir).unwrap().expect("manifest should exist");
        assert_eq!(config.user.name, manifest.contributors[0].name);
    }

    #[test]
    fn test_init_repo_name_not_unnamed() {
        let home = tempdir().unwrap();
        let _guard = setup_test_identity(home.path(), "alice");

        // Create a named subdirectory (simulates a real project dir)
        let dir = tempdir().unwrap();
        let project_dir = dir.path().join("my-project");
        fs::create_dir(&project_dir).unwrap();

        run(&project_dir, &default_opts()).unwrap();

        let config = void_core::config::load(&project_dir.join(".void")).unwrap();
        assert_eq!(
            config.repo_name,
            Some("my-project".to_string()),
            "repo_name should be derived from directory name"
        );
    }

    #[test]
    fn test_init_repo_name_with_relative_path() {
        let home = tempdir().unwrap();
        let _guard = setup_test_identity(home.path(), "alice");

        // Create a named subdirectory and use a relative path to it
        let dir = tempdir().unwrap();
        let project_dir = dir.path().join("my-repo");
        fs::create_dir(&project_dir).unwrap();

        // Use a relative path like the CLI does when cwd = "."
        // We cd into the project dir and pass "." as the path
        let old_cwd = std::env::current_dir().unwrap();
        std::env::set_current_dir(&project_dir).unwrap();

        let result = run(Path::new("."), &default_opts());

        // Restore cwd before any assertions (so cleanup works)
        std::env::set_current_dir(&old_cwd).unwrap();

        result.unwrap();

        let config = void_core::config::load(&project_dir.join(".void")).unwrap();
        assert_ne!(
            config.repo_name,
            Some("unnamed".to_string()),
            "repo_name should NOT be 'unnamed' when using relative path"
        );
        assert_eq!(
            config.repo_name,
            Some("my-repo".to_string()),
            "repo_name should be 'my-repo' even when cwd is '.'"
        );
    }
}