database_bootstrap/

runner.rs

//! Bootstrap runner that executes steps in dependency order.

use crate::step::{BootstrapStep, StepOutput};
use crate::{BootstrapError, Requirement, VerifyResult};
use std::collections::{HashMap, HashSet};
use crate::traits::{DatabaseConnection, TransactionalConnection};

/// Options for bootstrap execution.
#[derive(Debug, Clone, Default)]
pub struct RunOptions {
    /// If true, verify all steps and report status without making changes.
    pub dry_run: bool,
    /// If true, continue running even if a required step fails verification.
    pub continue_on_error: bool,
}

/// Summary of bootstrap execution.
#[derive(Debug)]
pub struct BootstrapSummary {
    /// Results for each step.
    pub results: Vec<(&'static str, VerifyResult)>,
    /// Outputs (secrets, etc.) from steps.
    pub outputs: Vec<StepOutput>,
}

impl BootstrapSummary {
    /// Returns true if any step had a partial or missing result for required steps.
    pub fn has_issues(&self) -> bool {
        self.results
            .iter()
            .any(|(_, result)| *result != VerifyResult::Present)
    }
}

/// Executes bootstrap steps in dependency order.
///
/// The runner uses topological sort to determine execution order,
/// ensuring that dependencies are satisfied before each step runs.
/// Each step runs in its own transaction with the bootstrap RLS bypass.
///
/// The [`Default`] implementation pre-registers all builtin bootstrap steps:
/// - `system_tenant`: Creates system and default tenants
/// - `super_admin`: Creates the super-admin user
/// - `global_roles`: Creates global default roles
/// - `agent_service_token`: Creates the agent service token
///
/// Use [`BootstrapRunner::new`] for an empty runner if you need custom step configuration.
pub struct BootstrapRunner<T> {
    steps: HashMap<&'static str, Box<dyn BootstrapStep<T>>>,
    execution_order: Vec<&'static str>,
}

impl<T> BootstrapRunner<T>
where
    T: DatabaseConnection,
    T::Error: Into<BootstrapError<T::Error>>,
    BootstrapError<T::Error>: From<T::Error>
{
    /// Creates an empty runner.
    pub fn new() -> Self {
        Self {
            steps: HashMap::new(),
            execution_order: Vec::new(),
        }
    }

    /// Adds a bootstrap step to the runner.
    ///
    /// Steps can be added in any order. The runner will execute them
    /// in dependency order based on their declared dependencies.
    pub fn add_step<S: BootstrapStep<T> + 'static>(&mut self, step: S) {
        let name = step.name();

        if self.steps.contains_key(name) {
            tracing::warn!("duplicate bootstrap step: {}", name);
            return;
        }

        self.steps.insert(name, Box::new(step));
        self.execution_order.push(name);
    }

    /// Ensures all dependencies are registered, creating missing ones from factories.
    fn ensure_dependencies(&mut self) -> Result<(), BootstrapError<T::Error>> {
        let mut to_add: Vec<Box<dyn BootstrapStep<T>>> = Vec::new();

        // Collect all steps and their dependencies
        let existing: HashSet<&'static str> = self.steps.keys().copied().collect();

        for step in self.steps.values() {
            for dep_factory in step.dependencies() {
                let dep_name = dep_factory.step_name();
                if !existing.contains(dep_name) {
                    tracing::info!(
                        step = dep_name,
                        required_by = step.name(),
                        "auto-creating missing dependency step"
                    );
                    to_add.push(dep_factory.create());
                }
            }
        }

        // Add the new steps
        for step in to_add {
            let name = step.name();
            if !self.steps.contains_key(name) {
                self.steps.insert(name, step);
                self.execution_order.push(name);
            }
        }

        Ok(())
    }

    /// Builds and returns the execution order based on dependencies.
    fn build_execution_order(&self) -> Result<Vec<&'static str>, BootstrapError<T::Error>> {
        let steps: Vec<&'static str> = self.execution_order.to_vec();
        let n = steps.len();
        let mut in_degree: HashMap<&'static str, usize> = HashMap::new();
        let mut dependents: HashMap<&'static str, Vec<&'static str>> = HashMap::new();

        for name in &steps {
            in_degree.insert(*name, 0);
            dependents.insert(*name, Vec::new());
        }

        for name in &steps {
            let step = self.steps.get(name).expect("step must exist");
            for dep_factory in step.dependencies() {
                let dep_name = dep_factory.step_name();
                if !in_degree.contains_key(dep_name) {
                    return Err(BootstrapError::DependencyNotSatisfied {
                        step: name,
                        dependency: dep_name,
                    });
                }
                in_degree.entry(*name).and_modify(|d| *d += 1);
                dependents.entry(dep_name).or_default().push(*name);
            }
        }

        let mut queue: Vec<&'static str> = in_degree
            .iter()
            .filter(|(_, d)| **d == 0)
            .map(|(&name, _)| name)
            .collect();

        let mut result = Vec::new();
        while let Some(name) = queue.pop() {
            result.push(name);
            if let Some(deps) = dependents.get(name) {
                for dep in deps {
                    if let Some(d) = in_degree.get_mut(dep) {
                        *d -= 1;
                        if *d == 0 {
                            queue.push(*dep);
                        }
                    }
                }
            }
        }

        if result.len() != n {
            for name in &steps {
                if !result.contains(name) {
                    return Err(BootstrapError::CircularDependency { step: name });
                }
            }
        }

        Ok(result)
    }

    /// Runs all bootstrap steps in dependency order.
    pub async fn run(
        &mut self,
        db: &T,
        options: &RunOptions,
    ) -> Result<BootstrapSummary, BootstrapError<T::Error>> {
        // Ensure all dependencies are registered
        self.ensure_dependencies()?;

        let order = self.build_execution_order()?;
        let mut results = Vec::new();
        let mut completed: HashSet<&'static str> = HashSet::new();
        let mut outputs: Vec<StepOutput> = Vec::new();

        tracing::info!("╔═══════════════════════════════════════════════════════════╗");
        tracing::info!("║                    BOOTSTRAP STARTING                     ║");
        tracing::info!("╚═══════════════════════════════════════════════════════════╝");

        for name in order {
            let step = self.steps.get(name).expect("step must exist");

            // Check dependencies
            for dep_factory in step.dependencies() {
                let dep_name = dep_factory.step_name();
                if !completed.contains(dep_name) {
                    return Err(BootstrapError::DependencyNotSatisfied {
                        step: name,
                        dependency: dep_name,
                    });
                }
            }

            tracing::info!("┌───────────────────────────────────────────────────────────┐");
            tracing::info!("│ Step: {:<51} │", name);
            tracing::info!("├───────────────────────────────────────────────────────────┤");

            let txn = db.begin().await?;

            let verify_details = step.verify(&txn).await?;
            let status = match verify_details.result {
                VerifyResult::Present => "PRESENT ✓",
                VerifyResult::Missing => "MISSING",
                VerifyResult::Partial => "PARTIAL ⚠",
            };
            tracing::info!("│ Status: {:<49} │", status);

            match verify_details.result {
                VerifyResult::Present => {
                    tracing::info!("│ Action: {:<49} │", "Skipping (already exists)");
                    results.push((name, verify_details.result));
                    completed.insert(name);
                    txn.commit().await?;
                }
                VerifyResult::Missing => {
                    if step.skip_if_missing() {
                        tracing::warn!("│ Action: {:<49} │", "Skipping (optional, not configured)");
                        results.push((name, VerifyResult::Missing));
                        completed.insert(name);
                        txn.commit().await?;
                    } else if options.dry_run {
                        tracing::info!("│ Action: {:<49} │", "Would run (dry run)");
                        results.push((name, VerifyResult::Missing));
                        txn.commit().await?;
                    } else {
                        tracing::info!("│ Action: {:<49} │", "Running...");
                        let run_result = step.run(&txn, &verify_details).await;
                        
                        if let Err(e) = run_result {
                            // Rollback on error before returning
                            let _ = txn.rollback().await;
                            return Err(e);
                        }
                        
                        if let Some(output) = run_result.unwrap() {
                            outputs.push(output);
                        }
                        results.push((name, VerifyResult::Missing));

                        let after_result = step.verify(&txn).await?;
                        match after_result.result {
                            VerifyResult::Present => {
                                tracing::info!("│ Result: {:<49} │", "Success ✓");
                                completed.insert(name);
                                txn.commit().await?;
                            }
                            VerifyResult::Missing | VerifyResult::Partial => {
                                if step.requirement() == Requirement::Required {
                                    tracing::info!("│ Result: {:<49} │", "FAILED ✗");
                                    // Rollback before returning error
                                    let _ = txn.rollback().await;
                                    return Err(BootstrapError::VerificationFailed {
                                        step: name,
                                        expected: "Present".to_string(),
                                        actual: format!("{:?}", after_result.result),
                                    });
                                }
                                tracing::info!("│ Result: {:<49} │", "Incomplete (optional)");
                                completed.insert(name);
                                txn.commit().await?;
                            }
                        }
                    }
                }
                VerifyResult::Partial => {
                    tracing::info!("│ Action: {:<49} │", "Fixing partial state...");
                    if options.dry_run {
                        tracing::info!("│ Result: {:<49} │", "Would fix (dry run)");
                        results.push((name, verify_details.result));
                        txn.commit().await?;
                    } else {
                        let run_result = step.run(&txn, &verify_details).await;
                        
                        if let Err(e) = run_result {
                            // Rollback on error before returning
                            let _ = txn.rollback().await;
                            return Err(e);
                        }
                        
                        if let Some(output) = run_result.unwrap() {
                            outputs.push(output);
                        }
                        results.push((name, verify_details.result));

                        let after_result = step.verify(&txn).await?;
                        match after_result.result {
                            VerifyResult::Present => {
                                tracing::info!("│ Result: {:<49} │", "Fixed ✓");
                                completed.insert(name);
                                txn.commit().await?;
                            }
                            VerifyResult::Missing | VerifyResult::Partial => {
                                if step.requirement() == Requirement::Required {
                                    tracing::info!("│ Result: {:<49} │", "FAILED ✗");
                                    // Rollback before returning error
                                    let _ = txn.rollback().await;
                                    return Err(BootstrapError::VerificationFailed {
                                        step: name,
                                        expected: "Present".to_string(),
                                        actual: format!("{:?}", after_result.result),
                                    });
                                }
                                tracing::info!("│ Result: {:<49} │", "Incomplete (optional)");
                                completed.insert(name);
                                txn.commit().await?;
                            }
                        }
                    }
                }
            }
            tracing::info!("└───────────────────────────────────────────────────────────┘");
        }

        // Print summary
        if !outputs.is_empty() {
            self.print_summary(&outputs);
        }

        Ok(BootstrapSummary { results, outputs })
    }

    fn print_summary(&self, outputs: &[StepOutput]) {
        const MIN_WIDTH: usize = 40;
        const HEADER: &str = "BOOTSTRAP COMPLETE";
        const SENSITIVE_MSG: &str = "⚠ SENSITIVE - Save this information now!";

        // Calculate required width based on content (using char count for unicode support)
        let mut max_content_len = HEADER.chars().count();
        let mut has_sensitive = false;

        for output in outputs {
            max_content_len = max_content_len.max(output.title.chars().count() + 2);
            for (key, value) in &output.fields {
                max_content_len =
                    max_content_len.max(key.chars().count() + value.chars().count() + 7);
            }
            if output.is_sensitive {
                max_content_len = max_content_len.max(SENSITIVE_MSG.chars().count() + 4);
                has_sensitive = true;
            }
        }

        let width = MIN_WIDTH.max(max_content_len + 4);

        // Helper to print a content line (width = total chars inside the box borders)
        let print_line = |content: &str| {
            let padding = width.saturating_sub(content.chars().count() + 1);
            tracing::info!("║ {}{}║", content, " ".repeat(padding));
        };

        // Print header box
        tracing::info!("");
        tracing::info!("╔{}╗", "═".repeat(width));
        let header_pad = width.saturating_sub(HEADER.chars().count()) / 2;
        tracing::info!(
            "║{}{}{}║",
            " ".repeat(header_pad),
            HEADER,
            " ".repeat(width - HEADER.chars().count() - header_pad)
        );
        tracing::info!("╠{}╣", "═".repeat(width));

        // Print each output section
        for output in outputs {
            tracing::info!("║{}║", " ".repeat(width));
            print_line(&format!("  {}", output.title));

            for (key, value) in &output.fields {
                print_line(&format!("    {}: {}", key, value));
            }

            if output.is_sensitive {
                print_line(&format!("  {}  ", SENSITIVE_MSG));
            }
        }

        tracing::info!("╚{}╝", "═".repeat(width));

        if has_sensitive {
            tracing::warn!(
                "⚠️  Sensitive data was generated. Save the output above before it scrolls away!"
            );
        }
    }
}