Skip to main content

lean_ctx/core/
compression_safety.rs

1use std::fmt;
2
3/// How aggressively a command's output may be compressed.
4#[derive(Debug, Clone, Copy, PartialEq, Eq)]
5pub enum SafetyLevel {
6    Verbatim,
7    Minimal,
8    Standard,
9    Aggressive,
10}
11
12impl fmt::Display for SafetyLevel {
13    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
14        match self {
15            SafetyLevel::Verbatim => write!(f, "verbatim"),
16            SafetyLevel::Minimal => write!(f, "minimal"),
17            SafetyLevel::Standard => write!(f, "standard"),
18            SafetyLevel::Aggressive => write!(f, "aggressive"),
19        }
20    }
21}
22
23/// Maps a CLI command to its compression safety level and rationale.
24pub struct CommandSafety {
25    pub command: &'static str,
26    pub level: SafetyLevel,
27    pub description: &'static str,
28}
29
30/// Static lookup table of per-command compression safety levels.
31pub const COMMAND_SAFETY_TABLE: &[CommandSafety] = &[
32    // --- Verbatim: output passes through unchanged ---
33    CommandSafety {
34        command: "df",
35        level: SafetyLevel::Verbatim,
36        description: "Disk usage — root filesystem must never be hidden",
37    },
38    CommandSafety {
39        command: "git status",
40        level: SafetyLevel::Verbatim,
41        description: "DETACHED HEAD, staged/unstaged lists preserved verbatim",
42    },
43    CommandSafety {
44        command: "git stash",
45        level: SafetyLevel::Verbatim,
46        description: "Stash save/pop/list output preserved verbatim",
47    },
48    CommandSafety {
49        command: "ls",
50        level: SafetyLevel::Verbatim,
51        description: "All files shown including .env, dotfiles",
52    },
53    CommandSafety {
54        command: "find",
55        level: SafetyLevel::Verbatim,
56        description: "Full absolute paths preserved",
57    },
58    CommandSafety {
59        command: "wc",
60        level: SafetyLevel::Verbatim,
61        description: "Pipe/stdin input handled correctly",
62    },
63    CommandSafety {
64        command: "env/printenv",
65        level: SafetyLevel::Verbatim,
66        description: "Environment variables preserved (values filtered)",
67    },
68    // --- Minimal: light formatting, all critical data preserved ---
69    CommandSafety {
70        command: "git diff",
71        level: SafetyLevel::Minimal,
72        description: "All +/- lines preserved, only index headers and excess context trimmed",
73    },
74    CommandSafety {
75        command: "git log",
76        level: SafetyLevel::Minimal,
77        description: "Up to 50 entries, respects --max-count/-n, shows truncation notice",
78    },
79    CommandSafety {
80        command: "git blame",
81        level: SafetyLevel::Minimal,
82        description: "Verbatim up to 100 lines, then author/line-range summary",
83    },
84    CommandSafety {
85        command: "docker ps",
86        level: SafetyLevel::Minimal,
87        description: "Header-parsed columns; (unhealthy), Exited status always preserved",
88    },
89    CommandSafety {
90        command: "grep/rg",
91        level: SafetyLevel::Minimal,
92        description: "Verbatim up to 100 lines, then grouped by file with line numbers",
93    },
94    CommandSafety {
95        command: "ruff check",
96        level: SafetyLevel::Minimal,
97        description: "Verbatim up to 30 issues (file:line:col preserved), then summary",
98    },
99    CommandSafety {
100        command: "npm audit",
101        level: SafetyLevel::Minimal,
102        description: "CVE IDs, severity, package names, fix recommendations preserved",
103    },
104    CommandSafety {
105        command: "pip list",
106        level: SafetyLevel::Minimal,
107        description: "All packages shown (no truncation)",
108    },
109    CommandSafety {
110        command: "pip uninstall",
111        level: SafetyLevel::Minimal,
112        description: "All removed package names listed",
113    },
114    CommandSafety {
115        command: "pytest",
116        level: SafetyLevel::Minimal,
117        description: "passed/failed/skipped/xfailed/xpassed/warnings all counted",
118    },
119    CommandSafety {
120        command: "docker logs",
121        level: SafetyLevel::Minimal,
122        description: "Dedup + safety-needle scan preserves FATAL/ERROR/CRITICAL lines",
123    },
124    CommandSafety {
125        command: "cat (logs)",
126        level: SafetyLevel::Minimal,
127        description: "Log dedup preserves all severity levels including CRITICAL",
128    },
129    // --- Standard: structured compression, key info preserved ---
130    CommandSafety {
131        command: "cargo build/test",
132        level: SafetyLevel::Standard,
133        description: "Errors and warnings preserved, progress lines removed",
134    },
135    CommandSafety {
136        command: "npm install",
137        level: SafetyLevel::Standard,
138        description: "Package count, vulnerability summary preserved",
139    },
140    CommandSafety {
141        command: "docker build",
142        level: SafetyLevel::Standard,
143        description: "Step count, errors preserved, intermediate output removed",
144    },
145    CommandSafety {
146        command: "git commit",
147        level: SafetyLevel::Standard,
148        description: "Branch, hash, change stats preserved; hook output kept",
149    },
150    CommandSafety {
151        command: "git push/pull",
152        level: SafetyLevel::Standard,
153        description: "Remote, branch, conflict info preserved",
154    },
155    CommandSafety {
156        command: "eslint/biome",
157        level: SafetyLevel::Standard,
158        description: "Error/warning counts, file references preserved",
159    },
160    CommandSafety {
161        command: "tsc",
162        level: SafetyLevel::Standard,
163        description: "Type errors with file:line preserved",
164    },
165    CommandSafety {
166        command: "curl (JSON)",
167        level: SafetyLevel::Standard,
168        description: "Schema extraction; sensitive keys (token/password/secret) REDACTED",
169    },
170    // --- Aggressive: heavy compression for verbose output ---
171    CommandSafety {
172        command: "kubectl describe",
173        level: SafetyLevel::Aggressive,
174        description: "Key fields extracted, verbose event history trimmed",
175    },
176    CommandSafety {
177        command: "aws CLI",
178        level: SafetyLevel::Aggressive,
179        description: "JSON schema extraction for large API responses",
180    },
181    CommandSafety {
182        command: "terraform plan",
183        level: SafetyLevel::Aggressive,
184        description: "Resource changes summarized, full plan truncated",
185    },
186    CommandSafety {
187        command: "docker images",
188        level: SafetyLevel::Aggressive,
189        description: "Compressed to name:tag (size) list",
190    },
191];
192
193/// Renders the full safety table as a human-readable report.
194pub fn format_safety_table() -> String {
195    let mut out = String::new();
196    out.push_str("Command Compression Safety Levels\n");
197    out.push_str(&"=".repeat(72));
198    out.push('\n');
199    out.push('\n');
200
201    for level in &[
202        SafetyLevel::Verbatim,
203        SafetyLevel::Minimal,
204        SafetyLevel::Standard,
205        SafetyLevel::Aggressive,
206    ] {
207        let label = match level {
208            SafetyLevel::Verbatim => "VERBATIM — output passes through unchanged",
209            SafetyLevel::Minimal => {
210                "MINIMAL — light formatting, all safety-critical data preserved"
211            }
212            SafetyLevel::Standard => "STANDARD — structured compression, key info preserved",
213            SafetyLevel::Aggressive => "AGGRESSIVE — heavy compression for verbose output",
214        };
215        out.push_str(&format!("[{label}]\n"));
216
217        for entry in COMMAND_SAFETY_TABLE.iter().filter(|e| e.level == *level) {
218            out.push_str(&format!("  {:<20} {}\n", entry.command, entry.description));
219        }
220        out.push('\n');
221    }
222
223    out.push_str("Safety features active on ALL commands:\n");
224    out.push_str("  • Safety-needle scan: CRITICAL/FATAL/panic/ERROR/CVE lines preserved\n");
225    out.push_str("  • Safeguard ratio: >95% compression on >100 tokens triggers fallback\n");
226    out.push_str("  • Auth flow detection: login/OAuth prompts never compressed\n");
227    out.push_str("  • Minimum token threshold: outputs <50 tokens pass through unchanged\n");
228    out.push('\n');
229    out.push_str("Use `lean-ctx bypass \"command\"` to run any command with zero compression.\n");
230
231    out
232}
233
234#[cfg(test)]
235mod tests {
236    use super::*;
237
238    #[test]
239    fn safety_table_has_entries() {
240        assert!(COMMAND_SAFETY_TABLE.len() > 20);
241    }
242
243    #[test]
244    fn format_table_contains_all_levels() {
245        let table = format_safety_table();
246        assert!(table.contains("VERBATIM"));
247        assert!(table.contains("MINIMAL"));
248        assert!(table.contains("STANDARD"));
249        assert!(table.contains("AGGRESSIVE"));
250    }
251
252    #[test]
253    fn df_is_verbatim() {
254        let df = COMMAND_SAFETY_TABLE
255            .iter()
256            .find(|e| e.command == "df")
257            .unwrap();
258        assert_eq!(df.level, SafetyLevel::Verbatim);
259    }
260
261    #[test]
262    fn git_diff_is_minimal() {
263        let diff = COMMAND_SAFETY_TABLE
264            .iter()
265            .find(|e| e.command == "git diff")
266            .unwrap();
267        assert_eq!(diff.level, SafetyLevel::Minimal);
268    }
269}