zeph-tools 0.19.2

Tool executor trait with shell, web scrape, and composite executors for Zeph
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307

// SPDX-FileCopyrightText: 2026 Andrei G <bug-ops>
// SPDX-License-Identifier: MIT OR Apache-2.0

use std::path::{Path, PathBuf};

use globset::GlobMatcher;

/// Summary of a completed rollback operation.
#[derive(Debug)]
pub(crate) struct RollbackReport {
    pub restored_count: usize,
    pub deleted_count: usize,
}

/// Tracks whether a snapshotted path existed before capture.
#[derive(Debug)]
enum EntryKind {
    /// File existed; backup copy is at `backup_path`.
    Existing { backup_path: PathBuf },
    /// File did not exist; rollback should delete it if present.
    New,
}

#[derive(Debug)]
struct SnapshotEntry {
    original: PathBuf,
    kind: EntryKind,
}

/// File-level snapshot for transactional rollback.
///
/// Holds copies of files captured before a write command executes.
/// On success the snapshot is simply dropped (`TempDir` auto-cleans).
/// On failure call `rollback()` to restore originals.
pub(crate) struct TransactionSnapshot {
    // Kept for its Drop impl which deletes the temp directory on success path.
    #[allow(dead_code)]
    backup_dir: tempfile::TempDir,
    entries: Vec<SnapshotEntry>,
}

impl std::fmt::Debug for TransactionSnapshot {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("TransactionSnapshot")
            .field("entry_count", &self.entries.len())
            .finish_non_exhaustive()
    }
}

impl TransactionSnapshot {
    /// Capture files at `paths`.
    ///
    /// Non-existent paths are recorded as "new" (rollback will delete them if created).
    /// If `max_bytes > 0` and the cumulative size of copied files exceeds `max_bytes`,
    /// an error is returned immediately.
    ///
    /// # Errors
    ///
    /// Returns `std::io::Error` if the temp directory, any file copy fails, or the
    /// snapshot size limit is exceeded.
    pub(crate) fn capture(paths: &[PathBuf], max_bytes: u64) -> Result<Self, std::io::Error> {
        let backup_dir = tempfile::TempDir::new()?;
        let mut entries = Vec::with_capacity(paths.len());
        let mut cumulative_bytes: u64 = 0;

        for (i, original) in paths.iter().enumerate() {
            // Use symlink_metadata to avoid following symlinks — snapshot only regular files.
            match original.symlink_metadata() {
                Err(_) => {
                    // Path does not exist; record as "new" so rollback can delete it if created.
                    entries.push(SnapshotEntry {
                        original: original.clone(),
                        kind: EntryKind::New,
                    });
                    continue;
                }
                Ok(meta) if meta.file_type().is_symlink() => {
                    tracing::debug!(
                        path = %original.display(),
                        "transaction snapshot: skipping symlink"
                    );
                    continue;
                }
                Ok(_) => {}
            }

            // Mirror the relative structure inside the backup dir using an index prefix
            // to avoid collisions from files with the same name in different directories.
            let backup_path = backup_dir
                .path()
                .join(format!("{i}_{}", file_name(original)));
            std::fs::copy(original, &backup_path)?;

            // Preserve permissions
            let meta = std::fs::metadata(original)?;
            std::fs::set_permissions(&backup_path, meta.permissions())?;

            cumulative_bytes += meta.len();
            if max_bytes > 0 && cumulative_bytes > max_bytes {
                return Err(std::io::Error::other(format!(
                    "snapshot size {cumulative_bytes} exceeds limit {max_bytes}"
                )));
            }

            entries.push(SnapshotEntry {
                original: original.clone(),
                kind: EntryKind::Existing { backup_path },
            });
        }

        Ok(Self {
            backup_dir,
            entries,
        })
    }

    /// Number of files captured (existing + new).
    pub(crate) fn file_count(&self) -> usize {
        self.entries.len()
    }

    /// Total bytes stored in backup copies (new-file entries contribute 0).
    pub(crate) fn total_bytes(&self) -> u64 {
        self.entries
            .iter()
            .filter_map(|e| {
                if let EntryKind::Existing { backup_path } = &e.kind {
                    std::fs::metadata(backup_path).map(|m| m.len()).ok()
                } else {
                    None
                }
            })
            .sum()
    }

    /// Restore all captured files to their original locations.
    ///
    /// All entries are attempted even if individual restores fail.
    /// Files that did not exist before the snapshot are deleted if they now exist.
    ///
    /// # Errors
    ///
    /// Returns the first `std::io::Error` encountered after attempting all restores.
    pub(crate) fn rollback(self) -> Result<RollbackReport, std::io::Error> {
        let mut restored_count = 0usize;
        let mut deleted_count = 0usize;
        let mut first_error: Option<std::io::Error> = None;

        for entry in &self.entries {
            let result = match &entry.kind {
                EntryKind::Existing { backup_path } => {
                    let dir_result = entry
                        .original
                        .parent()
                        .map_or(Ok(()), std::fs::create_dir_all);
                    dir_result
                        .and_then(|()| std::fs::copy(backup_path, &entry.original).map(|_| ()))
                }
                EntryKind::New => {
                    if entry.original.exists() {
                        std::fs::remove_file(&entry.original)
                    } else {
                        Ok(())
                    }
                }
            };
            match result {
                Ok(()) => match &entry.kind {
                    EntryKind::Existing { .. } => restored_count += 1,
                    EntryKind::New => {
                        if !entry.original.exists() {
                            deleted_count += 1;
                        }
                    }
                },
                Err(e) => {
                    tracing::warn!(
                        path = %entry.original.display(),
                        err = %e,
                        "rollback: failed to restore entry, continuing"
                    );
                    if first_error.is_none() {
                        first_error = Some(e);
                    }
                }
            }
        }

        // backup_dir is dropped here; TempDir auto-cleans.
        if let Some(e) = first_error {
            Err(e)
        } else {
            Ok(RollbackReport {
                restored_count,
                deleted_count,
            })
        }
    }
}

fn file_name(path: &Path) -> String {
    path.file_name()
        .map_or_else(|| "file".to_owned(), |n| n.to_string_lossy().into_owned())
}

// Shell write indicators: if the command contains any of these tokens we assume
// it may write to the filesystem and a snapshot should be taken.
// False positives are acceptable (cheap snapshot); false negatives are the risk.
const WRITE_INDICATORS: &[&str] = &[
    ">",
    ">>",
    "tee ",
    "mv ",
    "cp ",
    "rm ",
    "mkdir ",
    "touch ",
    "sed -i",
    "chmod ",
    "chown ",
    "git checkout",
    "cargo fmt",
    "patch ",
];

/// Returns true if `command` likely performs a write operation.
pub(crate) fn is_write_command(command: &str) -> bool {
    let lower = command.to_lowercase();
    WRITE_INDICATORS.iter().any(|ind| lower.contains(ind))
}

/// Extract file paths that are targets of shell redirections.
///
/// Handles: `>`, `>>`, `2>`, `2>>`, `&>`, `&>>`
pub(crate) fn extract_redirection_targets(command: &str) -> Vec<String> {
    let mut targets = Vec::new();
    let tokens: Vec<&str> = command.split_whitespace().collect();
    let mut i = 0;
    while i < tokens.len() {
        let tok = tokens[i];
        let is_redir = matches!(tok, ">" | ">>" | "2>" | "2>>" | "&>" | "&>>");
        // Also handle redirections glued to the next token: e.g. "2>/dev/null"
        let is_glued_redir = tok.starts_with(">>")
            || tok.starts_with("2>>")
            || tok.starts_with("&>>")
            || tok.starts_with("2>")
            || tok.starts_with("&>")
            || (tok.starts_with('>') && tok.len() > 1 && !tok.starts_with(">>"));

        if is_redir {
            if let Some(next) = tokens.get(i + 1) {
                if !next.starts_with('-') {
                    targets.push((*next).to_owned());
                }
                i += 2;
                continue;
            }
        } else if is_glued_redir {
            // Extract the path portion after the operator characters
            let path_part = tok
                .trim_start_matches("&>>")
                .trim_start_matches("2>>")
                .trim_start_matches("&>")
                .trim_start_matches("2>")
                .trim_start_matches(">>")
                .trim_start_matches('>');
            if !path_part.is_empty() && !path_part.starts_with('-') {
                targets.push(path_part.to_owned());
            }
        }
        i += 1;
    }
    targets
}

/// Combine `extract_paths()` and `extract_redirection_targets()`, deduplicate,
/// then filter through `scope` glob matchers.
///
/// If `scope` is empty, all extracted paths are eligible.
pub(crate) fn affected_paths(command: &str, scope: &[GlobMatcher]) -> Vec<PathBuf> {
    let mut raw: Vec<String> = super::extract_paths(command);
    raw.extend(extract_redirection_targets(command));
    raw.sort_unstable();
    raw.dedup();

    raw.into_iter()
        .map(PathBuf::from)
        .filter(|p| scope.is_empty() || scope.iter().any(|m| m.is_match(p)))
        .collect()
}

/// Build `GlobMatcher` list from pattern strings.
///
/// Patterns that fail to compile are silently skipped with a warning.
pub(crate) fn build_scope_matchers(patterns: &[String]) -> Vec<GlobMatcher> {
    patterns
        .iter()
        .filter_map(|pat| {
            globset::Glob::new(pat)
                .map(|g| g.compile_matcher())
                .map_err(
                    |e| tracing::warn!(pattern = %pat, err = %e, "invalid transaction_scope glob"),
                )
                .ok()
        })
        .collect()
}