1use std::path::{Path, PathBuf};
2use std::time::{SystemTime, UNIX_EPOCH};
3
4use crate::core::cache::SessionCache;
5use crate::core::tokens::count_tokens;
6
7pub struct EditParams {
9 pub path: String,
10 pub old_string: String,
11 pub new_string: String,
12 pub replace_all: bool,
13 pub create: bool,
14 pub expected_md5: Option<String>,
16 pub expected_size: Option<u64>,
17 pub expected_mtime_ms: Option<u64>,
18 pub backup: bool,
20 pub backup_path: Option<String>,
21 pub evidence: bool,
23 pub diff_max_lines: usize,
24 pub allow_lossy_utf8: bool,
26}
27
28struct ReplaceArgs<'a> {
29 content: &'a str,
30 old_str: &'a str,
31 new_str: &'a str,
32 occurrences: usize,
33 replace_all: bool,
34 old_tokens: usize,
35 new_tokens: usize,
36}
37
38#[derive(Clone, Debug, PartialEq, Eq)]
39struct FileFingerprint {
40 size: u64,
41 mtime_ms: u64,
42 md5: String,
43}
44
45#[derive(Clone, Debug)]
46struct FilePreimage {
47 fp: FileFingerprint,
48 permissions: std::fs::Permissions,
49 bytes: Vec<u8>,
50 text: String,
51 uses_crlf: bool,
52}
53
54fn system_time_to_millis(t: SystemTime) -> u64 {
55 t.duration_since(UNIX_EPOCH)
56 .map_or(0, |d| d.as_millis() as u64)
57}
58
59fn read_file_bytes_limited(
60 path: &Path,
61 cap: usize,
62) -> Result<(Vec<u8>, std::fs::Metadata), String> {
63 if let Ok(meta) = std::fs::metadata(path) {
64 if meta.len() > cap as u64 {
65 return Err(format!(
66 "ERROR: file too large ({} bytes, cap {} via LCTX_MAX_READ_BYTES): {}",
67 meta.len(),
68 cap,
69 path.display()
70 ));
71 }
72 }
73
74 let mut file = std::fs::OpenOptions::new()
75 .read(true)
76 .open(path)
77 .map_err(|e| format!("ERROR: cannot open {}: {e}", path.display()))?;
78
79 use std::io::Read;
80 let mut raw: Vec<u8> = Vec::new();
81 let mut limited = (&mut file).take((cap as u64).saturating_add(1));
82 limited
83 .read_to_end(&mut raw)
84 .map_err(|e| format!("ERROR: cannot read {}: {e}", path.display()))?;
85 if raw.len() > cap {
86 return Err(format!(
87 "ERROR: file too large (cap {} via LCTX_MAX_READ_BYTES): {}",
88 cap,
89 path.display()
90 ));
91 }
92
93 let meta = file
94 .metadata()
95 .map_err(|e| format!("ERROR: cannot stat {}: {e}", path.display()))?;
96 Ok((raw, meta))
97}
98
99fn fingerprint_from_bytes(bytes: &[u8], meta: &std::fs::Metadata) -> FileFingerprint {
100 FileFingerprint {
101 size: bytes.len() as u64,
102 mtime_ms: meta.modified().map_or(0, system_time_to_millis),
103 md5: crate::core::hasher::hash_hex(bytes),
104 }
105}
106
107fn read_preimage(path: &Path, cap: usize, allow_lossy_utf8: bool) -> Result<FilePreimage, String> {
108 let (bytes, meta) = read_file_bytes_limited(path, cap)?;
109 let permissions = meta.permissions();
110 let fp = fingerprint_from_bytes(&bytes, &meta);
111
112 let text = if allow_lossy_utf8 {
113 String::from_utf8_lossy(&bytes).into_owned()
114 } else {
115 String::from_utf8(bytes.clone()).map_err(|_| {
116 format!(
117 "ERROR: file is not valid UTF-8 (binary/encoding). Refusing to edit: {}",
118 path.display()
119 )
120 })?
121 };
122 let uses_crlf = text.contains("\r\n");
123
124 Ok(FilePreimage {
125 fp,
126 permissions,
127 bytes,
128 text,
129 uses_crlf,
130 })
131}
132
133fn verify_expected_preimage(pre: &FilePreimage, params: &EditParams) -> Result<(), String> {
134 if let Some(expected) = params.expected_size {
135 if expected != pre.fp.size {
136 return Err(format!(
137 "ERROR: preimage mismatch for {}: expected_size={}, actual_size={}",
138 params.path, expected, pre.fp.size
139 ));
140 }
141 }
142 if let Some(expected) = params.expected_mtime_ms {
143 if expected != pre.fp.mtime_ms {
144 return Err(format!(
145 "ERROR: preimage mismatch for {}: expected_mtime_ms={}, actual_mtime_ms={}",
146 params.path, expected, pre.fp.mtime_ms
147 ));
148 }
149 }
150 if let Some(expected) = params.expected_md5.as_deref() {
151 if expected != pre.fp.md5 {
152 return Err(format!(
153 "ERROR: preimage mismatch for {}: expected_md5={}, actual_md5={}",
154 params.path, expected, pre.fp.md5
155 ));
156 }
157 }
158 Ok(())
159}
160
161fn ensure_preimage_still_matches(
162 path: &Path,
163 expected: &FileFingerprint,
164 cap: usize,
165) -> Result<(), String> {
166 let (bytes, meta) = read_file_bytes_limited(path, cap)?;
167 let now = fingerprint_from_bytes(&bytes, &meta);
168 if &now != expected {
169 return Err(format!(
170 "ERROR: file changed since read (TOCTOU guard). Re-read and retry: {}\nexpected: size={}, mtime_ms={}, md5={}\nactual: size={}, mtime_ms={}, md5={}",
171 path.display(),
172 expected.size,
173 expected.mtime_ms,
174 expected.md5,
175 now.size,
176 now.mtime_ms,
177 now.md5
178 ));
179 }
180 Ok(())
181}
182
183fn default_backup_path(path: &Path) -> Option<PathBuf> {
184 let parent = path.parent()?;
185 let filename = path.file_name()?.to_string_lossy();
186 let pid = std::process::id();
187 let nanos = SystemTime::now()
188 .duration_since(UNIX_EPOCH)
189 .map_or(0, |d| d.as_nanos());
190 Some(parent.join(format!("{filename}.lean-ctx.bak.{pid}.{nanos}")))
191}
192
193fn write_atomic_bytes_with_permissions(
194 path: &Path,
195 bytes: &[u8],
196 permissions: Option<&std::fs::Permissions>,
197) -> Result<(), String> {
198 if let Some(parent) = path.parent() {
199 std::fs::create_dir_all(parent).map_err(|e| e.to_string())?;
200 }
201
202 let parent = path
203 .parent()
204 .ok_or_else(|| "invalid path (no parent directory)".to_string())?;
205 let filename = path
206 .file_name()
207 .ok_or_else(|| "invalid path (no filename)".to_string())?
208 .to_string_lossy();
209
210 let pid = std::process::id();
211 let nanos = SystemTime::now()
212 .duration_since(UNIX_EPOCH)
213 .map_or(0, |d| d.as_nanos());
214 let tmp = parent.join(format!(".{filename}.lean-ctx.tmp.{pid}.{nanos}"));
215
216 {
217 use std::io::Write;
218 let mut f = std::fs::OpenOptions::new()
219 .write(true)
220 .create_new(true)
221 .open(&tmp)
222 .map_err(|e| format!("ERROR: cannot write {}: {e}", tmp.display()))?;
223 f.write_all(bytes)
224 .map_err(|e| format!("ERROR: cannot write {}: {e}", tmp.display()))?;
225 let _ = f.flush();
226 let _ = f.sync_all();
227 }
228
229 if let Some(perms) = permissions {
230 let _ = std::fs::set_permissions(&tmp, perms.clone());
231 }
232
233 #[cfg(windows)]
234 {
235 if path.exists() {
236 let _ = std::fs::remove_file(path);
237 }
238 }
239
240 std::fs::rename(&tmp, path).map_err(|e| {
241 format!(
242 "ERROR: atomic write failed: {} (tmp: {})",
243 e,
244 tmp.to_string_lossy()
245 )
246 })?;
247
248 Ok(())
249}
250
251macro_rules! static_regex {
252 ($pattern:expr) => {{
253 static RE: std::sync::OnceLock<regex::Regex> = std::sync::OnceLock::new();
254 RE.get_or_init(|| {
255 regex::Regex::new($pattern).expect(concat!("BUG: invalid static regex: ", $pattern))
256 })
257 }};
258}
259
260fn redact_sensitive_diff(input: &str) -> String {
261 let patterns: Vec<(&str, ®ex::Regex)> = vec![
262 (
263 "Bearer token",
264 static_regex!(r"(?i)(bearer\s+)[a-zA-Z0-9\-_\.]{8,}"),
265 ),
266 (
267 "Authorization header",
268 static_regex!(r"(?i)(authorization:\s*(?:basic|bearer|token)\s+)[^\s\r\n]+"),
269 ),
270 (
271 "API key param",
272 static_regex!(
273 r#"(?i)((?:api[_-]?key|apikey|access[_-]?key|secret[_-]?key|token|password|passwd|pwd|secret)\s*[=:]\s*)[^\s\r\n,;&"']+"#
274 ),
275 ),
276 ("AWS key", static_regex!(r"(AKIA[0-9A-Z]{12,})")),
277 (
278 "Private key block",
279 static_regex!(
280 r"(?s)(-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----).+?(-----END\s+(?:RSA\s+)?PRIVATE\s+KEY-----)"
281 ),
282 ),
283 (
284 "GitHub token",
285 static_regex!(r"(gh[pousr]_)[a-zA-Z0-9]{20,}"),
286 ),
287 (
288 "Generic long secret",
289 static_regex!(
290 r#"(?i)(?:key|token|secret|password|credential|auth)\s*[=:]\s*['"]?([a-zA-Z0-9+/=\-_]{32,})['"]?"#
291 ),
292 ),
293 ];
294
295 let mut out = input.to_string();
296 for (label, re) in &patterns {
297 out = re
298 .replace_all(&out, |caps: ®ex::Captures| {
299 if let Some(prefix) = caps.get(1) {
300 format!("{}[REDACTED:{}]", prefix.as_str(), label)
301 } else {
302 format!("[REDACTED:{label}]")
303 }
304 })
305 .to_string();
306 }
307 out
308}
309
310fn build_diff_evidence(old: &str, new: &str, label: &str, max_lines: usize) -> String {
311 let diff = similar::TextDiff::from_lines(old, new)
312 .unified_diff()
313 .context_radius(3)
314 .header(label, label)
315 .to_string();
316 let diff = redact_sensitive_diff(&diff);
317
318 let mut out = String::new();
319 for (i, line) in diff.lines().enumerate() {
320 if i >= max_lines {
321 out.push_str(&format!("\n... diff truncated (max_lines={max_lines})"));
322 break;
323 }
324 out.push_str(line);
325 out.push('\n');
326 }
327 out.trim_end_matches('\n').to_string()
328}
329
330pub fn handle(cache: &mut SessionCache, params: &EditParams) -> String {
332 let file_path = ¶ms.path;
333
334 if params.create {
335 return handle_create(cache, file_path, ¶ms.new_string, params);
336 }
337
338 let cap = crate::core::limits::max_read_bytes();
339 let path = Path::new(file_path);
340 let pre = match read_preimage(path, cap, params.allow_lossy_utf8) {
341 Ok(p) => p,
342 Err(e) => return e,
343 };
344 if let Err(e) = verify_expected_preimage(&pre, params) {
345 return e;
346 }
347 let content = &pre.text;
348
349 if params.old_string.is_empty() {
350 return "ERROR: old_string must not be empty (use create=true to create a new file)".into();
351 }
352
353 let uses_crlf = pre.uses_crlf;
354 let old_str = ¶ms.old_string;
355 let new_str = ¶ms.new_string;
356
357 let occurrences = content.matches(old_str).count();
358
359 if occurrences > 0 {
360 let args = ReplaceArgs {
361 content,
362 old_str,
363 new_str,
364 occurrences,
365 replace_all: params.replace_all,
366 old_tokens: count_tokens(¶ms.old_string),
367 new_tokens: count_tokens(¶ms.new_string),
368 };
369 return do_replace(cache, path, &pre, params, cap, &args);
370 }
371
372 if uses_crlf && !old_str.contains('\r') {
374 let old_crlf = old_str.replace('\n', "\r\n");
375 let occ = content.matches(&old_crlf).count();
376 if occ > 0 {
377 let new_crlf = new_str.replace('\n', "\r\n");
378 let args = ReplaceArgs {
379 content,
380 old_str: &old_crlf,
381 new_str: &new_crlf,
382 occurrences: occ,
383 replace_all: params.replace_all,
384 old_tokens: count_tokens(¶ms.old_string),
385 new_tokens: count_tokens(¶ms.new_string),
386 };
387 return do_replace(cache, path, &pre, params, cap, &args);
388 }
389 } else if !uses_crlf && old_str.contains("\r\n") {
390 let old_lf = old_str.replace("\r\n", "\n");
391 let occ = content.matches(&old_lf).count();
392 if occ > 0 {
393 let new_lf = new_str.replace("\r\n", "\n");
394 let args = ReplaceArgs {
395 content,
396 old_str: &old_lf,
397 new_str: &new_lf,
398 occurrences: occ,
399 replace_all: params.replace_all,
400 old_tokens: count_tokens(¶ms.old_string),
401 new_tokens: count_tokens(¶ms.new_string),
402 };
403 return do_replace(cache, path, &pre, params, cap, &args);
404 }
405 }
406
407 let normalized_content = trim_trailing_per_line(content);
409 let normalized_old = trim_trailing_per_line(old_str);
410 if !normalized_old.is_empty() && normalized_content.contains(&normalized_old) {
411 let line_sep = if uses_crlf { "\r\n" } else { "\n" };
412 let adapted_new = adapt_new_string_to_line_sep(new_str, line_sep);
413 let adapted_old = find_original_span(content, &normalized_old);
414 if let Some(original_match) = adapted_old {
415 let occ = content.matches(&original_match).count();
416 let args = ReplaceArgs {
417 content,
418 old_str: &original_match,
419 new_str: &adapted_new,
420 occurrences: occ,
421 replace_all: params.replace_all,
422 old_tokens: count_tokens(¶ms.old_string),
423 new_tokens: count_tokens(¶ms.new_string),
424 };
425 return do_replace(cache, path, &pre, params, cap, &args);
426 }
427 }
428
429 let preview = if old_str.len() > 80 {
430 format!("{}...", &old_str[..77])
431 } else {
432 old_str.clone()
433 };
434 let hint = if uses_crlf {
435 " (file uses CRLF line endings)"
436 } else {
437 ""
438 };
439 format!(
440 "ERROR: old_string not found in {file_path}{hint}. \
441 Make sure it matches exactly (including whitespace/indentation).\n\
442 Searched for: {preview}"
443 )
444}
445
446fn do_replace(
447 cache: &mut SessionCache,
448 path: &Path,
449 pre: &FilePreimage,
450 params: &EditParams,
451 cap: usize,
452 args: &ReplaceArgs<'_>,
453) -> String {
454 if args.occurrences > 1 && !args.replace_all {
455 return format!(
456 "ERROR: old_string found {} times in {}. \
457 Use replace_all=true to replace all, or provide more context to make old_string unique."
458 ,
459 args.occurrences,
460 path.display()
461 );
462 }
463
464 let new_content = if args.replace_all {
465 args.content.replace(args.old_str, args.new_str)
466 } else {
467 args.content.replacen(args.old_str, args.new_str, 1)
468 };
469
470 if let Err(e) = ensure_preimage_still_matches(path, &pre.fp, cap) {
471 return e;
472 }
473
474 let backup_path = if params.backup {
475 let bp = params
476 .backup_path
477 .as_deref()
478 .map(PathBuf::from)
479 .or_else(|| default_backup_path(path));
480 let Some(bp) = bp else {
481 return format!("ERROR: cannot compute backup path for {}", path.display());
482 };
483 if let Err(e) = write_atomic_bytes_with_permissions(&bp, &pre.bytes, Some(&pre.permissions))
484 {
485 return format!("ERROR: cannot create backup {}: {e}", bp.display());
486 }
487 Some(bp.to_string_lossy().to_string())
488 } else {
489 None
490 };
491
492 if let Err(e) =
493 write_atomic_bytes_with_permissions(path, new_content.as_bytes(), Some(&pre.permissions))
494 {
495 return e;
496 }
497
498 cache.invalidate(¶ms.path);
499
500 if let Ok(mut bt) = crate::core::bounce_tracker::global().lock() {
501 bt.record_edit(¶ms.path);
502 }
503
504 let old_lines = args.content.lines().count();
505 let new_lines = new_content.lines().count();
506 let line_delta = new_lines as i64 - old_lines as i64;
507 let delta_str = if line_delta > 0 {
508 format!("+{line_delta}")
509 } else {
510 format!("{line_delta}")
511 };
512
513 let old_tokens = args.old_tokens;
514 let new_tokens = args.new_tokens;
515
516 let replaced_str = if args.replace_all && args.occurrences > 1 {
517 format!("{} replacements", args.occurrences)
518 } else {
519 "1 replacement".into()
520 };
521
522 let short = path.file_name().map_or_else(
523 || path.to_string_lossy().to_string(),
524 |f| f.to_string_lossy().to_string(),
525 );
526
527 let post_mtime_ms = std::fs::metadata(path)
528 .ok()
529 .and_then(|m| m.modified().ok())
530 .map_or(0, system_time_to_millis);
531 let post_fp = FileFingerprint {
532 size: new_content.len() as u64,
533 mtime_ms: post_mtime_ms,
534 md5: crate::core::hasher::hash_hex(new_content.as_bytes()),
535 };
536
537 let mut out = format!(
538 "✓ {short}: {replaced_str}, {delta_str} lines ({old_tokens}→{new_tokens} tok)\n\
539preimage: bytes={}, mtime_ms={}, md5={}\n\
540postimage: bytes={}, mtime_ms={}, md5={}",
541 pre.fp.size, pre.fp.mtime_ms, pre.fp.md5, post_fp.size, post_fp.mtime_ms, post_fp.md5
542 );
543 if let Some(bp) = backup_path {
544 out.push_str(&format!("\nbackup: {bp}"));
545 }
546 if params.evidence {
547 let diff = build_diff_evidence(args.content, &new_content, &short, params.diff_max_lines);
548 out.push_str("\n\nevidence (diff, redacted, bounded):\n```diff\n");
549 out.push_str(&diff);
550 out.push_str("\n```");
551 }
552 out
553}
554
555fn handle_create(
556 cache: &mut SessionCache,
557 file_path: &str,
558 content: &str,
559 params: &EditParams,
560) -> String {
561 let path = Path::new(file_path);
562 let cap = crate::core::limits::max_read_bytes();
563
564 let mut preimage: Option<FilePreimage> = None;
565 if path.exists() {
566 let pre = match read_preimage(path, cap, params.allow_lossy_utf8) {
567 Ok(p) => p,
568 Err(e) => return e,
569 };
570 if let Err(e) = verify_expected_preimage(&pre, params) {
571 return e;
572 }
573 if let Err(e) = ensure_preimage_still_matches(path, &pre.fp, cap) {
574 return e;
575 }
576 preimage = Some(pre);
577 }
578
579 if let Some(parent) = path.parent() {
580 if !parent.exists() {
581 if let Err(e) = std::fs::create_dir_all(parent) {
582 return format!("ERROR: cannot create directory {}: {e}", parent.display());
583 }
584 }
585 }
586
587 let backup_path = if params.backup {
588 if let Some(pre) = &preimage {
589 let bp = params
590 .backup_path
591 .as_deref()
592 .map(PathBuf::from)
593 .or_else(|| default_backup_path(path));
594 let Some(bp) = bp else {
595 return format!("ERROR: cannot compute backup path for {}", path.display());
596 };
597 if let Err(e) =
598 write_atomic_bytes_with_permissions(&bp, &pre.bytes, Some(&pre.permissions))
599 {
600 return format!("ERROR: cannot create backup {}: {e}", bp.display());
601 }
602 Some(bp.to_string_lossy().to_string())
603 } else {
604 None
605 }
606 } else {
607 None
608 };
609
610 let perms = preimage.as_ref().map(|p| &p.permissions);
611 if let Err(e) = write_atomic_bytes_with_permissions(path, content.as_bytes(), perms) {
612 return e;
613 }
614
615 cache.invalidate(file_path);
616
617 let lines = content.lines().count();
618 let tokens = count_tokens(content);
619 let short = path.file_name().map_or_else(
620 || path.to_string_lossy().to_string(),
621 |f| f.to_string_lossy().to_string(),
622 );
623
624 let mut out = format!("✓ created {short}: {lines} lines, {tokens} tok");
625 if let Some(bp) = backup_path {
626 out.push_str(&format!("\nbackup: {bp}"));
627 }
628 out
629}
630
631fn trim_trailing_per_line(s: &str) -> String {
632 s.lines().map(str::trim_end).collect::<Vec<_>>().join("\n")
633}
634
635fn adapt_new_string_to_line_sep(s: &str, sep: &str) -> String {
636 let normalized = s.replace("\r\n", "\n");
637 if sep == "\r\n" {
638 normalized.replace('\n', "\r\n")
639 } else {
640 normalized
641 }
642}
643
644fn find_original_span(content: &str, normalized_needle: &str) -> Option<String> {
647 let needle_lines: Vec<&str> = normalized_needle.lines().collect();
648 if needle_lines.is_empty() {
649 return None;
650 }
651
652 let content_lines: Vec<&str> = content.lines().collect();
653
654 'outer: for start in 0..content_lines.len() {
655 if start + needle_lines.len() > content_lines.len() {
656 break;
657 }
658 for (i, nl) in needle_lines.iter().enumerate() {
659 if content_lines[start + i].trim_end() != *nl {
660 continue 'outer;
661 }
662 }
663 let sep = if content.contains("\r\n") {
664 "\r\n"
665 } else {
666 "\n"
667 };
668 return Some(content_lines[start..start + needle_lines.len()].join(sep));
669 }
670 None
671}
672
673#[cfg(test)]
674mod tests {
675 use super::*;
676 use std::io::Write;
677 use tempfile::NamedTempFile;
678
679 fn make_temp(content: &str) -> NamedTempFile {
680 let mut f = NamedTempFile::new().unwrap();
681 f.write_all(content.as_bytes()).unwrap();
682 f
683 }
684
685 fn mk_params(path: &Path, old: &str, new: &str, replace_all: bool, create: bool) -> EditParams {
686 EditParams {
687 path: path.to_string_lossy().to_string(),
688 old_string: old.to_string(),
689 new_string: new.to_string(),
690 replace_all,
691 create,
692 expected_md5: None,
693 expected_size: None,
694 expected_mtime_ms: None,
695 backup: false,
696 backup_path: None,
697 evidence: false,
698 diff_max_lines: 200,
699 allow_lossy_utf8: false,
700 }
701 }
702
703 #[test]
704 fn replace_single_occurrence() {
705 let f = make_temp("fn hello() {\n println!(\"hello\");\n}\n");
706 let mut cache = SessionCache::new();
707 let result = handle(
708 &mut cache,
709 &mk_params(f.path(), "hello", "world", false, false),
710 );
711 assert!(result.contains("ERROR"), "should fail: 'hello' appears 2x");
712 }
713
714 #[test]
715 fn replace_all() {
716 let f = make_temp("aaa bbb aaa\n");
717 let mut cache = SessionCache::new();
718 let result = handle(&mut cache, &mk_params(f.path(), "aaa", "ccc", true, false));
719 assert!(result.contains("2 replacements"));
720 let content = std::fs::read_to_string(f.path()).unwrap();
721 assert_eq!(content, "ccc bbb ccc\n");
722 }
723
724 #[test]
725 fn not_found_error() {
726 let f = make_temp("some content\n");
727 let mut cache = SessionCache::new();
728 let result = handle(
729 &mut cache,
730 &mk_params(f.path(), "nonexistent", "x", false, false),
731 );
732 assert!(result.contains("ERROR: old_string not found"));
733 }
734
735 #[test]
736 fn create_new_file() {
737 let dir = tempfile::tempdir().unwrap();
738 let path = dir.path().join("sub/new_file.txt");
739 let mut cache = SessionCache::new();
740 let result = handle(
741 &mut cache,
742 &mk_params(&path, "", "line1\nline2\nline3\n", false, true),
743 );
744 assert!(result.contains("created new_file.txt"));
745 assert!(result.contains("3 lines"));
746 assert!(path.exists());
747 }
748
749 #[test]
750 fn unique_match_succeeds() {
751 let f = make_temp("fn main() {\n let x = 42;\n}\n");
752 let mut cache = SessionCache::new();
753 let result = handle(
754 &mut cache,
755 &mk_params(f.path(), "let x = 42", "let x = 99", false, false),
756 );
757 assert!(result.contains("✓"));
758 assert!(result.contains("1 replacement"));
759 let content = std::fs::read_to_string(f.path()).unwrap();
760 assert!(content.contains("let x = 99"));
761 }
762
763 #[test]
764 fn crlf_file_with_lf_search() {
765 let f = make_temp("line1\r\nline2\r\nline3\r\n");
766 let mut cache = SessionCache::new();
767 let result = handle(
768 &mut cache,
769 &mk_params(f.path(), "line1\nline2", "changed1\nchanged2", false, false),
770 );
771 assert!(result.contains("✓"), "CRLF fallback should work: {result}");
772 let content = std::fs::read_to_string(f.path()).unwrap();
773 assert!(
774 content.contains("changed1\r\nchanged2"),
775 "new_string should be adapted to CRLF: {content:?}"
776 );
777 assert!(
778 content.contains("\r\nline3\r\n"),
779 "rest of file should keep CRLF: {content:?}"
780 );
781 }
782
783 #[test]
784 fn lf_file_with_crlf_search() {
785 let f = make_temp("line1\nline2\nline3\n");
786 let mut cache = SessionCache::new();
787 let result = handle(
788 &mut cache,
789 &mk_params(f.path(), "line1\r\nline2", "a\r\nb", false, false),
790 );
791 assert!(result.contains("✓"), "LF fallback should work: {result}");
792 let content = std::fs::read_to_string(f.path()).unwrap();
793 assert!(
794 content.contains("a\nb"),
795 "new_string should be adapted to LF: {content:?}"
796 );
797 }
798
799 #[test]
800 fn trailing_whitespace_tolerance() {
801 let f = make_temp(" let x = 1; \n let y = 2;\n");
802 let mut cache = SessionCache::new();
803 let result = handle(
804 &mut cache,
805 &mk_params(
806 f.path(),
807 " let x = 1;\n let y = 2;",
808 " let x = 10;\n let y = 20;",
809 false,
810 false,
811 ),
812 );
813 assert!(
814 result.contains("✓"),
815 "trailing whitespace tolerance should work: {result}"
816 );
817 let content = std::fs::read_to_string(f.path()).unwrap();
818 assert!(content.contains("let x = 10;"));
819 assert!(content.contains("let y = 20;"));
820 }
821
822 #[test]
823 fn crlf_with_trailing_whitespace() {
824 let f = make_temp(" const a = 1; \r\n const b = 2;\r\n");
825 let mut cache = SessionCache::new();
826 let result = handle(
827 &mut cache,
828 &mk_params(
829 f.path(),
830 " const a = 1;\n const b = 2;",
831 " const a = 10;\n const b = 20;",
832 false,
833 false,
834 ),
835 );
836 assert!(
837 result.contains("✓"),
838 "CRLF + trailing whitespace should work: {result}"
839 );
840 let content = std::fs::read_to_string(f.path()).unwrap();
841 assert!(content.contains("const a = 10;"));
842 assert!(content.contains("const b = 20;"));
843 }
844
845 #[test]
846 fn rejects_invalid_utf8_by_default() {
847 let mut f = NamedTempFile::new().unwrap();
848 f.write_all(&[0xff, 0xfe, 0xfd]).unwrap();
849 let mut cache = SessionCache::new();
850 let result = handle(&mut cache, &mk_params(f.path(), "a", "b", false, false));
851 assert!(
852 result.contains("not valid UTF-8"),
853 "expected utf8 rejection, got: {result}"
854 );
855 }
856
857 #[test]
858 fn allows_lossy_utf8_only_when_enabled() {
859 let mut f = NamedTempFile::new().unwrap();
860 f.write_all(&[0xff, 0xfe, 0xfd]).unwrap();
861 let mut cache = SessionCache::new();
862 let mut p = mk_params(f.path(), "a", "b", false, false);
863 p.allow_lossy_utf8 = true;
864 let result = handle(&mut cache, &p);
865 assert!(
866 !result.contains("not valid UTF-8"),
867 "lossy mode should avoid utf8 hard error, got: {result}"
868 );
869 }
870
871 #[test]
872 fn expected_md5_mismatch_fails_without_writing() {
873 let f = make_temp("aaa\n");
874 let mut cache = SessionCache::new();
875 let mut p = mk_params(f.path(), "aaa", "bbb", false, false);
876 p.expected_md5 = Some("deadbeef".to_string());
877 let result = handle(&mut cache, &p);
878 assert!(
879 result.contains("preimage mismatch"),
880 "expected preimage mismatch, got: {result}"
881 );
882 let content = std::fs::read_to_string(f.path()).unwrap();
883 assert_eq!(content, "aaa\n");
884 }
885
886 #[test]
887 fn backup_is_created_when_enabled() {
888 let f = make_temp("aaa\n");
889 let mut cache = SessionCache::new();
890 let mut p = mk_params(f.path(), "aaa", "bbb", false, false);
891 p.backup = true;
892 let out = handle(&mut cache, &p);
893 assert!(out.contains("backup:"), "expected backup path, got: {out}");
894 let bp = out
895 .lines()
896 .find_map(|l| l.strip_prefix("backup: "))
897 .expect("backup line");
898 let backup_content = std::fs::read_to_string(bp).unwrap();
899 assert_eq!(backup_content, "aaa\n");
900 let content = std::fs::read_to_string(f.path()).unwrap();
901 assert_eq!(content, "bbb\n");
902 }
903
904 #[test]
905 fn evidence_diff_is_emitted_when_enabled() {
906 let f = make_temp("line1\nline2\n");
907 let mut cache = SessionCache::new();
908 let mut p = mk_params(f.path(), "line2", "changed2", false, false);
909 p.evidence = true;
910 p.diff_max_lines = 50;
911 let out = handle(&mut cache, &p);
912 assert!(out.contains("```diff"), "expected diff fence, got: {out}");
913 assert!(
914 out.contains("preimage:"),
915 "expected preimage metadata, got: {out}"
916 );
917 assert!(
918 out.contains("postimage:"),
919 "expected postimage metadata, got: {out}"
920 );
921 }
922
923 #[test]
924 fn detects_toctou_via_preimage_guard() {
925 let f = make_temp("aaa\n");
926 let cap = crate::core::limits::max_read_bytes();
927 let pre = read_preimage(f.path(), cap, false).unwrap();
928 std::fs::write(f.path(), "bbb\n").unwrap();
929 let err = ensure_preimage_still_matches(f.path(), &pre.fp, cap).unwrap_err();
930 assert!(err.contains("TOCTOU guard"), "unexpected error: {err}");
931 }
932}