1use std::path::{Path, PathBuf};
2use std::time::{SystemTime, UNIX_EPOCH};
3
4use crate::core::cache::SessionCache;
5use crate::core::tokens::count_tokens;
6
7pub struct EditParams {
9 pub path: String,
10 pub old_string: String,
11 pub new_string: String,
12 pub replace_all: bool,
13 pub create: bool,
14 pub expected_md5: Option<String>,
16 pub expected_size: Option<u64>,
17 pub expected_mtime_ms: Option<u64>,
18 pub backup: bool,
20 pub backup_path: Option<String>,
21 pub evidence: bool,
23 pub diff_max_lines: usize,
24 pub allow_lossy_utf8: bool,
26}
27
28struct ReplaceArgs<'a> {
29 content: &'a str,
30 old_str: &'a str,
31 new_str: &'a str,
32 occurrences: usize,
33 replace_all: bool,
34 old_tokens: usize,
35 new_tokens: usize,
36}
37
38#[derive(Clone, Debug, PartialEq, Eq)]
39struct FileFingerprint {
40 size: u64,
41 mtime_ms: u64,
42 md5: String,
43}
44
45#[derive(Clone, Debug)]
46struct FilePreimage {
47 fp: FileFingerprint,
48 permissions: std::fs::Permissions,
49 bytes: Vec<u8>,
50 text: String,
51 uses_crlf: bool,
52}
53
54fn system_time_to_millis(t: SystemTime) -> u64 {
55 t.duration_since(UNIX_EPOCH)
56 .map_or(0, |d| d.as_millis() as u64)
57}
58
59fn read_file_bytes_limited(
60 path: &Path,
61 cap: usize,
62) -> Result<(Vec<u8>, std::fs::Metadata), String> {
63 if let Ok(meta) = std::fs::metadata(path) {
64 if meta.len() > cap as u64 {
65 return Err(format!(
66 "ERROR: file too large ({} bytes, cap {} via LCTX_MAX_READ_BYTES): {}",
67 meta.len(),
68 cap,
69 path.display()
70 ));
71 }
72 }
73
74 let mut file = std::fs::OpenOptions::new()
75 .read(true)
76 .open(path)
77 .map_err(|e| format!("ERROR: cannot open {}: {e}", path.display()))?;
78
79 use std::io::Read;
80 let mut raw: Vec<u8> = Vec::new();
81 let mut limited = (&mut file).take((cap as u64).saturating_add(1));
82 limited
83 .read_to_end(&mut raw)
84 .map_err(|e| format!("ERROR: cannot read {}: {e}", path.display()))?;
85 if raw.len() > cap {
86 return Err(format!(
87 "ERROR: file too large (cap {} via LCTX_MAX_READ_BYTES): {}",
88 cap,
89 path.display()
90 ));
91 }
92
93 let meta = file
94 .metadata()
95 .map_err(|e| format!("ERROR: cannot stat {}: {e}", path.display()))?;
96 Ok((raw, meta))
97}
98
99fn fingerprint_from_bytes(bytes: &[u8], meta: &std::fs::Metadata) -> FileFingerprint {
100 FileFingerprint {
101 size: bytes.len() as u64,
102 mtime_ms: meta.modified().map_or(0, system_time_to_millis),
103 md5: crate::core::hasher::hash_hex(bytes),
104 }
105}
106
107fn read_preimage(path: &Path, cap: usize, allow_lossy_utf8: bool) -> Result<FilePreimage, String> {
108 let (bytes, meta) = read_file_bytes_limited(path, cap)?;
109 let permissions = meta.permissions();
110 let fp = fingerprint_from_bytes(&bytes, &meta);
111
112 let text = if allow_lossy_utf8 {
113 String::from_utf8_lossy(&bytes).into_owned()
114 } else {
115 String::from_utf8(bytes.clone()).map_err(|_| {
116 format!(
117 "ERROR: file is not valid UTF-8 (binary/encoding). Refusing to edit: {}",
118 path.display()
119 )
120 })?
121 };
122 let uses_crlf = text.contains("\r\n");
123
124 Ok(FilePreimage {
125 fp,
126 permissions,
127 bytes,
128 text,
129 uses_crlf,
130 })
131}
132
133fn verify_expected_preimage(pre: &FilePreimage, params: &EditParams) -> Result<(), String> {
134 if let Some(expected) = params.expected_size {
135 if expected != pre.fp.size {
136 return Err(format!(
137 "ERROR: preimage mismatch for {}: expected_size={}, actual_size={}",
138 params.path, expected, pre.fp.size
139 ));
140 }
141 }
142 if let Some(expected) = params.expected_mtime_ms {
143 if expected != pre.fp.mtime_ms {
144 return Err(format!(
145 "ERROR: preimage mismatch for {}: expected_mtime_ms={}, actual_mtime_ms={}",
146 params.path, expected, pre.fp.mtime_ms
147 ));
148 }
149 }
150 if let Some(expected) = params.expected_md5.as_deref() {
151 if expected != pre.fp.md5 {
152 return Err(format!(
153 "ERROR: preimage mismatch for {}: expected_md5={}, actual_md5={}",
154 params.path, expected, pre.fp.md5
155 ));
156 }
157 }
158 Ok(())
159}
160
161fn ensure_preimage_still_matches(
162 path: &Path,
163 expected: &FileFingerprint,
164 cap: usize,
165) -> Result<(), String> {
166 let (bytes, meta) = read_file_bytes_limited(path, cap)?;
167 let now = fingerprint_from_bytes(&bytes, &meta);
168 if &now != expected {
169 return Err(format!(
170 "ERROR: file changed since read (TOCTOU guard). Re-read and retry: {}\nexpected: size={}, mtime_ms={}, md5={}\nactual: size={}, mtime_ms={}, md5={}",
171 path.display(),
172 expected.size,
173 expected.mtime_ms,
174 expected.md5,
175 now.size,
176 now.mtime_ms,
177 now.md5
178 ));
179 }
180 Ok(())
181}
182
183fn default_backup_path(path: &Path) -> Option<PathBuf> {
184 let parent = path.parent()?;
185 let filename = path.file_name()?.to_string_lossy();
186 let pid = std::process::id();
187 let nanos = SystemTime::now()
188 .duration_since(UNIX_EPOCH)
189 .map_or(0, |d| d.as_nanos());
190 Some(parent.join(format!("{filename}.lean-ctx.bak.{pid}.{nanos}")))
191}
192
193fn write_atomic_bytes_with_permissions(
194 path: &Path,
195 bytes: &[u8],
196 permissions: Option<&std::fs::Permissions>,
197) -> Result<(), String> {
198 if let Some(parent) = path.parent() {
199 std::fs::create_dir_all(parent).map_err(|e| e.to_string())?;
200 }
201
202 let parent = path
203 .parent()
204 .ok_or_else(|| "invalid path (no parent directory)".to_string())?;
205 let filename = path
206 .file_name()
207 .ok_or_else(|| "invalid path (no filename)".to_string())?
208 .to_string_lossy();
209
210 let pid = std::process::id();
211 let nanos = SystemTime::now()
212 .duration_since(UNIX_EPOCH)
213 .map_or(0, |d| d.as_nanos());
214 let tmp = parent.join(format!(".{filename}.lean-ctx.tmp.{pid}.{nanos}"));
215
216 {
217 use std::io::Write;
218 let mut f = std::fs::OpenOptions::new()
219 .write(true)
220 .create_new(true)
221 .open(&tmp)
222 .map_err(|e| format!("ERROR: cannot write {}: {e}", tmp.display()))?;
223 f.write_all(bytes)
224 .map_err(|e| format!("ERROR: cannot write {}: {e}", tmp.display()))?;
225 let _ = f.flush();
226 let _ = f.sync_all();
227 }
228
229 if let Some(perms) = permissions {
230 let _ = std::fs::set_permissions(&tmp, perms.clone());
231 }
232
233 #[cfg(windows)]
234 {
235 if path.exists() {
236 let _ = std::fs::remove_file(path);
237 }
238 }
239
240 std::fs::rename(&tmp, path).map_err(|e| {
241 format!(
242 "ERROR: atomic write failed: {} (tmp: {})",
243 e,
244 tmp.to_string_lossy()
245 )
246 })?;
247
248 Ok(())
249}
250
251macro_rules! static_regex {
252 ($pattern:expr) => {{
253 static RE: std::sync::OnceLock<regex::Regex> = std::sync::OnceLock::new();
254 RE.get_or_init(|| {
255 regex::Regex::new($pattern).expect(concat!("BUG: invalid static regex: ", $pattern))
256 })
257 }};
258}
259
260fn redact_sensitive_diff(input: &str) -> String {
261 let patterns: Vec<(&str, ®ex::Regex)> = vec![
262 (
263 "Bearer token",
264 static_regex!(r"(?i)(bearer\s+)[a-zA-Z0-9\-_\.]{8,}"),
265 ),
266 (
267 "Authorization header",
268 static_regex!(r"(?i)(authorization:\s*(?:basic|bearer|token)\s+)[^\s\r\n]+"),
269 ),
270 (
271 "API key param",
272 static_regex!(
273 r#"(?i)((?:api[_-]?key|apikey|access[_-]?key|secret[_-]?key|token|password|passwd|pwd|secret)\s*[=:]\s*)[^\s\r\n,;&"']+"#
274 ),
275 ),
276 ("AWS key", static_regex!(r"(AKIA[0-9A-Z]{12,})")),
277 (
278 "Private key block",
279 static_regex!(
280 r"(?s)(-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----).+?(-----END\s+(?:RSA\s+)?PRIVATE\s+KEY-----)"
281 ),
282 ),
283 (
284 "GitHub token",
285 static_regex!(r"(gh[pousr]_)[a-zA-Z0-9]{20,}"),
286 ),
287 (
288 "Generic long secret",
289 static_regex!(
290 r#"(?i)(?:key|token|secret|password|credential|auth)\s*[=:]\s*['"]?([a-zA-Z0-9+/=\-_]{32,})['"]?"#
291 ),
292 ),
293 ];
294
295 let mut out = input.to_string();
296 for (label, re) in &patterns {
297 out = re
298 .replace_all(&out, |caps: ®ex::Captures| {
299 if let Some(prefix) = caps.get(1) {
300 format!("{}[REDACTED:{}]", prefix.as_str(), label)
301 } else {
302 format!("[REDACTED:{label}]")
303 }
304 })
305 .to_string();
306 }
307 out
308}
309
310fn build_diff_evidence(old: &str, new: &str, label: &str, max_lines: usize) -> String {
311 let diff = similar::TextDiff::from_lines(old, new)
312 .unified_diff()
313 .context_radius(3)
314 .header(label, label)
315 .to_string();
316 let diff = redact_sensitive_diff(&diff);
317
318 let mut out = String::new();
319 for (i, line) in diff.lines().enumerate() {
320 if i >= max_lines {
321 out.push_str(&format!("\n... diff truncated (max_lines={max_lines})"));
322 break;
323 }
324 out.push_str(line);
325 out.push('\n');
326 }
327 out.trim_end_matches('\n').to_string()
328}
329
330pub fn handle(cache: &mut SessionCache, params: &EditParams) -> String {
332 let file_path = ¶ms.path;
333
334 if params.create {
335 return handle_create(cache, file_path, ¶ms.new_string, params);
336 }
337
338 let cap = crate::core::limits::max_read_bytes();
339 let path = Path::new(file_path);
340 let pre = match read_preimage(path, cap, params.allow_lossy_utf8) {
341 Ok(p) => p,
342 Err(e) => return e,
343 };
344 if let Err(e) = verify_expected_preimage(&pre, params) {
345 return e;
346 }
347 let content = &pre.text;
348
349 if params.old_string.is_empty() {
350 return "ERROR: old_string must not be empty (use create=true to create a new file)".into();
351 }
352
353 let uses_crlf = pre.uses_crlf;
354 let old_str = ¶ms.old_string;
355 let new_str = ¶ms.new_string;
356
357 let occurrences = content.matches(old_str).count();
358
359 if occurrences > 0 {
360 let args = ReplaceArgs {
361 content,
362 old_str,
363 new_str,
364 occurrences,
365 replace_all: params.replace_all,
366 old_tokens: count_tokens(¶ms.old_string),
367 new_tokens: count_tokens(¶ms.new_string),
368 };
369 return do_replace(cache, path, &pre, params, cap, &args);
370 }
371
372 if uses_crlf && !old_str.contains('\r') {
374 let old_crlf = old_str.replace('\n', "\r\n");
375 let occ = content.matches(&old_crlf).count();
376 if occ > 0 {
377 let new_crlf = new_str.replace('\n', "\r\n");
378 let args = ReplaceArgs {
379 content,
380 old_str: &old_crlf,
381 new_str: &new_crlf,
382 occurrences: occ,
383 replace_all: params.replace_all,
384 old_tokens: count_tokens(¶ms.old_string),
385 new_tokens: count_tokens(¶ms.new_string),
386 };
387 return do_replace(cache, path, &pre, params, cap, &args);
388 }
389 } else if !uses_crlf && old_str.contains("\r\n") {
390 let old_lf = old_str.replace("\r\n", "\n");
391 let occ = content.matches(&old_lf).count();
392 if occ > 0 {
393 let new_lf = new_str.replace("\r\n", "\n");
394 let args = ReplaceArgs {
395 content,
396 old_str: &old_lf,
397 new_str: &new_lf,
398 occurrences: occ,
399 replace_all: params.replace_all,
400 old_tokens: count_tokens(¶ms.old_string),
401 new_tokens: count_tokens(¶ms.new_string),
402 };
403 return do_replace(cache, path, &pre, params, cap, &args);
404 }
405 }
406
407 let normalized_content = trim_trailing_per_line(content);
409 let normalized_old = trim_trailing_per_line(old_str);
410 if !normalized_old.is_empty() && normalized_content.contains(&normalized_old) {
411 let line_sep = if uses_crlf { "\r\n" } else { "\n" };
412 let adapted_new = adapt_new_string_to_line_sep(new_str, line_sep);
413 let adapted_old = find_original_span(content, &normalized_old);
414 if let Some(original_match) = adapted_old {
415 let occ = content.matches(&original_match).count();
416 let args = ReplaceArgs {
417 content,
418 old_str: &original_match,
419 new_str: &adapted_new,
420 occurrences: occ,
421 replace_all: params.replace_all,
422 old_tokens: count_tokens(¶ms.old_string),
423 new_tokens: count_tokens(¶ms.new_string),
424 };
425 return do_replace(cache, path, &pre, params, cap, &args);
426 }
427 }
428
429 let preview = if old_str.len() > 80 {
430 format!("{}...", &old_str[..77])
431 } else {
432 old_str.clone()
433 };
434 let hint = if uses_crlf {
435 " (file uses CRLF line endings)"
436 } else {
437 ""
438 };
439 format!(
440 "ERROR: old_string not found in {file_path}{hint}. \
441 Make sure it matches exactly (including whitespace/indentation).\n\
442 Searched for: {preview}"
443 )
444}
445
446fn do_replace(
447 cache: &mut SessionCache,
448 path: &Path,
449 pre: &FilePreimage,
450 params: &EditParams,
451 cap: usize,
452 args: &ReplaceArgs<'_>,
453) -> String {
454 if args.occurrences > 1 && !args.replace_all {
455 return format!(
456 "ERROR: old_string found {} times in {}. \
457 Use replace_all=true to replace all, or provide more context to make old_string unique."
458 ,
459 args.occurrences,
460 path.display()
461 );
462 }
463
464 let new_content = if args.replace_all {
465 args.content.replace(args.old_str, args.new_str)
466 } else {
467 args.content.replacen(args.old_str, args.new_str, 1)
468 };
469
470 if let Err(e) = ensure_preimage_still_matches(path, &pre.fp, cap) {
471 return e;
472 }
473
474 let backup_path = if params.backup {
475 let bp = params
476 .backup_path
477 .as_deref()
478 .map(PathBuf::from)
479 .or_else(|| default_backup_path(path));
480 let Some(bp) = bp else {
481 return format!("ERROR: cannot compute backup path for {}", path.display());
482 };
483 if let Err(e) = write_atomic_bytes_with_permissions(&bp, &pre.bytes, Some(&pre.permissions))
484 {
485 return format!("ERROR: cannot create backup {}: {e}", bp.display());
486 }
487 Some(bp.to_string_lossy().to_string())
488 } else {
489 None
490 };
491
492 if let Err(e) =
493 write_atomic_bytes_with_permissions(path, new_content.as_bytes(), Some(&pre.permissions))
494 {
495 return e;
496 }
497
498 cache.invalidate(¶ms.path);
499
500 let old_lines = args.content.lines().count();
501 let new_lines = new_content.lines().count();
502 let line_delta = new_lines as i64 - old_lines as i64;
503 let delta_str = if line_delta > 0 {
504 format!("+{line_delta}")
505 } else {
506 format!("{line_delta}")
507 };
508
509 let old_tokens = args.old_tokens;
510 let new_tokens = args.new_tokens;
511
512 let replaced_str = if args.replace_all && args.occurrences > 1 {
513 format!("{} replacements", args.occurrences)
514 } else {
515 "1 replacement".into()
516 };
517
518 let short = path.file_name().map_or_else(
519 || path.to_string_lossy().to_string(),
520 |f| f.to_string_lossy().to_string(),
521 );
522
523 let post_mtime_ms = std::fs::metadata(path)
524 .ok()
525 .and_then(|m| m.modified().ok())
526 .map_or(0, system_time_to_millis);
527 let post_fp = FileFingerprint {
528 size: new_content.len() as u64,
529 mtime_ms: post_mtime_ms,
530 md5: crate::core::hasher::hash_hex(new_content.as_bytes()),
531 };
532
533 let mut out = format!(
534 "✓ {short}: {replaced_str}, {delta_str} lines ({old_tokens}→{new_tokens} tok)\n\
535preimage: bytes={}, mtime_ms={}, md5={}\n\
536postimage: bytes={}, mtime_ms={}, md5={}",
537 pre.fp.size, pre.fp.mtime_ms, pre.fp.md5, post_fp.size, post_fp.mtime_ms, post_fp.md5
538 );
539 if let Some(bp) = backup_path {
540 out.push_str(&format!("\nbackup: {bp}"));
541 }
542 if params.evidence {
543 let diff = build_diff_evidence(args.content, &new_content, &short, params.diff_max_lines);
544 out.push_str("\n\nevidence (diff, redacted, bounded):\n```diff\n");
545 out.push_str(&diff);
546 out.push_str("\n```");
547 }
548 out
549}
550
551fn handle_create(
552 cache: &mut SessionCache,
553 file_path: &str,
554 content: &str,
555 params: &EditParams,
556) -> String {
557 let path = Path::new(file_path);
558 let cap = crate::core::limits::max_read_bytes();
559
560 let mut preimage: Option<FilePreimage> = None;
561 if path.exists() {
562 let pre = match read_preimage(path, cap, params.allow_lossy_utf8) {
563 Ok(p) => p,
564 Err(e) => return e,
565 };
566 if let Err(e) = verify_expected_preimage(&pre, params) {
567 return e;
568 }
569 if let Err(e) = ensure_preimage_still_matches(path, &pre.fp, cap) {
570 return e;
571 }
572 preimage = Some(pre);
573 }
574
575 if let Some(parent) = path.parent() {
576 if !parent.exists() {
577 if let Err(e) = std::fs::create_dir_all(parent) {
578 return format!("ERROR: cannot create directory {}: {e}", parent.display());
579 }
580 }
581 }
582
583 let backup_path = if params.backup {
584 if let Some(pre) = &preimage {
585 let bp = params
586 .backup_path
587 .as_deref()
588 .map(PathBuf::from)
589 .or_else(|| default_backup_path(path));
590 let Some(bp) = bp else {
591 return format!("ERROR: cannot compute backup path for {}", path.display());
592 };
593 if let Err(e) =
594 write_atomic_bytes_with_permissions(&bp, &pre.bytes, Some(&pre.permissions))
595 {
596 return format!("ERROR: cannot create backup {}: {e}", bp.display());
597 }
598 Some(bp.to_string_lossy().to_string())
599 } else {
600 None
601 }
602 } else {
603 None
604 };
605
606 let perms = preimage.as_ref().map(|p| &p.permissions);
607 if let Err(e) = write_atomic_bytes_with_permissions(path, content.as_bytes(), perms) {
608 return e;
609 }
610
611 cache.invalidate(file_path);
612
613 let lines = content.lines().count();
614 let tokens = count_tokens(content);
615 let short = path.file_name().map_or_else(
616 || path.to_string_lossy().to_string(),
617 |f| f.to_string_lossy().to_string(),
618 );
619
620 let mut out = format!("✓ created {short}: {lines} lines, {tokens} tok");
621 if let Some(bp) = backup_path {
622 out.push_str(&format!("\nbackup: {bp}"));
623 }
624 out
625}
626
627fn trim_trailing_per_line(s: &str) -> String {
628 s.lines().map(str::trim_end).collect::<Vec<_>>().join("\n")
629}
630
631fn adapt_new_string_to_line_sep(s: &str, sep: &str) -> String {
632 let normalized = s.replace("\r\n", "\n");
633 if sep == "\r\n" {
634 normalized.replace('\n', "\r\n")
635 } else {
636 normalized
637 }
638}
639
640fn find_original_span(content: &str, normalized_needle: &str) -> Option<String> {
643 let needle_lines: Vec<&str> = normalized_needle.lines().collect();
644 if needle_lines.is_empty() {
645 return None;
646 }
647
648 let content_lines: Vec<&str> = content.lines().collect();
649
650 'outer: for start in 0..content_lines.len() {
651 if start + needle_lines.len() > content_lines.len() {
652 break;
653 }
654 for (i, nl) in needle_lines.iter().enumerate() {
655 if content_lines[start + i].trim_end() != *nl {
656 continue 'outer;
657 }
658 }
659 let sep = if content.contains("\r\n") {
660 "\r\n"
661 } else {
662 "\n"
663 };
664 return Some(content_lines[start..start + needle_lines.len()].join(sep));
665 }
666 None
667}
668
669#[cfg(test)]
670mod tests {
671 use super::*;
672 use std::io::Write;
673 use tempfile::NamedTempFile;
674
675 fn make_temp(content: &str) -> NamedTempFile {
676 let mut f = NamedTempFile::new().unwrap();
677 f.write_all(content.as_bytes()).unwrap();
678 f
679 }
680
681 fn mk_params(path: &Path, old: &str, new: &str, replace_all: bool, create: bool) -> EditParams {
682 EditParams {
683 path: path.to_string_lossy().to_string(),
684 old_string: old.to_string(),
685 new_string: new.to_string(),
686 replace_all,
687 create,
688 expected_md5: None,
689 expected_size: None,
690 expected_mtime_ms: None,
691 backup: false,
692 backup_path: None,
693 evidence: false,
694 diff_max_lines: 200,
695 allow_lossy_utf8: false,
696 }
697 }
698
699 #[test]
700 fn replace_single_occurrence() {
701 let f = make_temp("fn hello() {\n println!(\"hello\");\n}\n");
702 let mut cache = SessionCache::new();
703 let result = handle(
704 &mut cache,
705 &mk_params(f.path(), "hello", "world", false, false),
706 );
707 assert!(result.contains("ERROR"), "should fail: 'hello' appears 2x");
708 }
709
710 #[test]
711 fn replace_all() {
712 let f = make_temp("aaa bbb aaa\n");
713 let mut cache = SessionCache::new();
714 let result = handle(&mut cache, &mk_params(f.path(), "aaa", "ccc", true, false));
715 assert!(result.contains("2 replacements"));
716 let content = std::fs::read_to_string(f.path()).unwrap();
717 assert_eq!(content, "ccc bbb ccc\n");
718 }
719
720 #[test]
721 fn not_found_error() {
722 let f = make_temp("some content\n");
723 let mut cache = SessionCache::new();
724 let result = handle(
725 &mut cache,
726 &mk_params(f.path(), "nonexistent", "x", false, false),
727 );
728 assert!(result.contains("ERROR: old_string not found"));
729 }
730
731 #[test]
732 fn create_new_file() {
733 let dir = tempfile::tempdir().unwrap();
734 let path = dir.path().join("sub/new_file.txt");
735 let mut cache = SessionCache::new();
736 let result = handle(
737 &mut cache,
738 &mk_params(&path, "", "line1\nline2\nline3\n", false, true),
739 );
740 assert!(result.contains("created new_file.txt"));
741 assert!(result.contains("3 lines"));
742 assert!(path.exists());
743 }
744
745 #[test]
746 fn unique_match_succeeds() {
747 let f = make_temp("fn main() {\n let x = 42;\n}\n");
748 let mut cache = SessionCache::new();
749 let result = handle(
750 &mut cache,
751 &mk_params(f.path(), "let x = 42", "let x = 99", false, false),
752 );
753 assert!(result.contains("✓"));
754 assert!(result.contains("1 replacement"));
755 let content = std::fs::read_to_string(f.path()).unwrap();
756 assert!(content.contains("let x = 99"));
757 }
758
759 #[test]
760 fn crlf_file_with_lf_search() {
761 let f = make_temp("line1\r\nline2\r\nline3\r\n");
762 let mut cache = SessionCache::new();
763 let result = handle(
764 &mut cache,
765 &mk_params(f.path(), "line1\nline2", "changed1\nchanged2", false, false),
766 );
767 assert!(result.contains("✓"), "CRLF fallback should work: {result}");
768 let content = std::fs::read_to_string(f.path()).unwrap();
769 assert!(
770 content.contains("changed1\r\nchanged2"),
771 "new_string should be adapted to CRLF: {content:?}"
772 );
773 assert!(
774 content.contains("\r\nline3\r\n"),
775 "rest of file should keep CRLF: {content:?}"
776 );
777 }
778
779 #[test]
780 fn lf_file_with_crlf_search() {
781 let f = make_temp("line1\nline2\nline3\n");
782 let mut cache = SessionCache::new();
783 let result = handle(
784 &mut cache,
785 &mk_params(f.path(), "line1\r\nline2", "a\r\nb", false, false),
786 );
787 assert!(result.contains("✓"), "LF fallback should work: {result}");
788 let content = std::fs::read_to_string(f.path()).unwrap();
789 assert!(
790 content.contains("a\nb"),
791 "new_string should be adapted to LF: {content:?}"
792 );
793 }
794
795 #[test]
796 fn trailing_whitespace_tolerance() {
797 let f = make_temp(" let x = 1; \n let y = 2;\n");
798 let mut cache = SessionCache::new();
799 let result = handle(
800 &mut cache,
801 &mk_params(
802 f.path(),
803 " let x = 1;\n let y = 2;",
804 " let x = 10;\n let y = 20;",
805 false,
806 false,
807 ),
808 );
809 assert!(
810 result.contains("✓"),
811 "trailing whitespace tolerance should work: {result}"
812 );
813 let content = std::fs::read_to_string(f.path()).unwrap();
814 assert!(content.contains("let x = 10;"));
815 assert!(content.contains("let y = 20;"));
816 }
817
818 #[test]
819 fn crlf_with_trailing_whitespace() {
820 let f = make_temp(" const a = 1; \r\n const b = 2;\r\n");
821 let mut cache = SessionCache::new();
822 let result = handle(
823 &mut cache,
824 &mk_params(
825 f.path(),
826 " const a = 1;\n const b = 2;",
827 " const a = 10;\n const b = 20;",
828 false,
829 false,
830 ),
831 );
832 assert!(
833 result.contains("✓"),
834 "CRLF + trailing whitespace should work: {result}"
835 );
836 let content = std::fs::read_to_string(f.path()).unwrap();
837 assert!(content.contains("const a = 10;"));
838 assert!(content.contains("const b = 20;"));
839 }
840
841 #[test]
842 fn rejects_invalid_utf8_by_default() {
843 let mut f = NamedTempFile::new().unwrap();
844 f.write_all(&[0xff, 0xfe, 0xfd]).unwrap();
845 let mut cache = SessionCache::new();
846 let result = handle(&mut cache, &mk_params(f.path(), "a", "b", false, false));
847 assert!(
848 result.contains("not valid UTF-8"),
849 "expected utf8 rejection, got: {result}"
850 );
851 }
852
853 #[test]
854 fn allows_lossy_utf8_only_when_enabled() {
855 let mut f = NamedTempFile::new().unwrap();
856 f.write_all(&[0xff, 0xfe, 0xfd]).unwrap();
857 let mut cache = SessionCache::new();
858 let mut p = mk_params(f.path(), "a", "b", false, false);
859 p.allow_lossy_utf8 = true;
860 let result = handle(&mut cache, &p);
861 assert!(
862 !result.contains("not valid UTF-8"),
863 "lossy mode should avoid utf8 hard error, got: {result}"
864 );
865 }
866
867 #[test]
868 fn expected_md5_mismatch_fails_without_writing() {
869 let f = make_temp("aaa\n");
870 let mut cache = SessionCache::new();
871 let mut p = mk_params(f.path(), "aaa", "bbb", false, false);
872 p.expected_md5 = Some("deadbeef".to_string());
873 let result = handle(&mut cache, &p);
874 assert!(
875 result.contains("preimage mismatch"),
876 "expected preimage mismatch, got: {result}"
877 );
878 let content = std::fs::read_to_string(f.path()).unwrap();
879 assert_eq!(content, "aaa\n");
880 }
881
882 #[test]
883 fn backup_is_created_when_enabled() {
884 let f = make_temp("aaa\n");
885 let mut cache = SessionCache::new();
886 let mut p = mk_params(f.path(), "aaa", "bbb", false, false);
887 p.backup = true;
888 let out = handle(&mut cache, &p);
889 assert!(out.contains("backup:"), "expected backup path, got: {out}");
890 let bp = out
891 .lines()
892 .find_map(|l| l.strip_prefix("backup: "))
893 .expect("backup line");
894 let backup_content = std::fs::read_to_string(bp).unwrap();
895 assert_eq!(backup_content, "aaa\n");
896 let content = std::fs::read_to_string(f.path()).unwrap();
897 assert_eq!(content, "bbb\n");
898 }
899
900 #[test]
901 fn evidence_diff_is_emitted_when_enabled() {
902 let f = make_temp("line1\nline2\n");
903 let mut cache = SessionCache::new();
904 let mut p = mk_params(f.path(), "line2", "changed2", false, false);
905 p.evidence = true;
906 p.diff_max_lines = 50;
907 let out = handle(&mut cache, &p);
908 assert!(out.contains("```diff"), "expected diff fence, got: {out}");
909 assert!(
910 out.contains("preimage:"),
911 "expected preimage metadata, got: {out}"
912 );
913 assert!(
914 out.contains("postimage:"),
915 "expected postimage metadata, got: {out}"
916 );
917 }
918
919 #[test]
920 fn detects_toctou_via_preimage_guard() {
921 let f = make_temp("aaa\n");
922 let cap = crate::core::limits::max_read_bytes();
923 let pre = read_preimage(f.path(), cap, false).unwrap();
924 std::fs::write(f.path(), "bbb\n").unwrap();
925 let err = ensure_preimage_still_matches(f.path(), &pre.fp, cap).unwrap_err();
926 assert!(err.contains("TOCTOU guard"), "unexpected error: {err}");
927 }
928}