memvid_cli/commands/

tickets.rs

//! Ticket management command handlers (list, issue, revoke, sync, apply)

use std::path::PathBuf;

use anyhow::{anyhow, bail, Context, Result};
use base64::{engine::general_purpose::STANDARD as BASE64_STANDARD, Engine};
use chrono::Utc;
use clap::{ArgAction, Args, Subcommand};
use memvid_core::types::MemoryBinding;
use memvid_core::{verify_ticket_signature, Memvid, Ticket};
use serde_json::json;
use uuid::Uuid;

use crate::api::{
    apply_ticket as api_apply_ticket, fetch_ticket as api_fetch_ticket,
    ApplyTicketRequest as ApiApplyTicketRequest,
};
use crate::commands::{apply_ticket_with_warning, LockCliArgs};
use crate::config::CliConfig;
use crate::ticket_cache::{load as load_cached_ticket, store as store_cached_ticket, CachedTicket};
use crate::utils::{apply_lock_cli, open_read_only_mem};

/// Subcommands for the `tickets` command
#[derive(Subcommand)]
pub enum TicketsCommand {
    /// Show the currently applied ticket
    List(TicketsStatusArgs),
    /// Apply a new ticket
    Issue(TicketsIssueArgs),
    /// Clear ticket metadata while advancing the sequence
    Revoke(TicketsRevokeArgs),
    /// Synchronise the ticket state with the Memvid API
    Sync(TicketsSyncArgs),
    /// Submit a ticket fetched from the API back to the control plane
    Apply(TicketsApplyArgs),
}

/// Arguments for the `tickets` command
#[derive(Args)]
pub struct TicketsArgs {
    #[command(subcommand)]
    pub command: TicketsCommand,
}

/// Arguments for the `tickets sync` subcommand
#[derive(Args)]
pub struct TicketsSyncArgs {
    #[arg(value_name = "FILE", value_parser = clap::value_parser!(PathBuf))]
    pub file: PathBuf,
    #[arg(long = "memory-id", value_name = "UUID", value_parser = clap::value_parser!(Uuid))]
    pub memory_id: Uuid,
    #[arg(long)]
    pub json: bool,

    #[command(flatten)]
    pub lock: LockCliArgs,
}

/// Arguments for the `tickets apply` subcommand
#[derive(Args)]
pub struct TicketsApplyArgs {
    #[arg(value_name = "FILE", value_parser = clap::value_parser!(PathBuf))]
    pub file: PathBuf,
    #[arg(long = "memory-id", value_name = "UUID", value_parser = clap::value_parser!(Uuid))]
    pub memory_id: Uuid,
    #[arg(long = "from-api", action = ArgAction::SetTrue)]
    pub from_api: bool,
    #[arg(long)]
    pub json: bool,
}

/// Arguments for the `tickets issue` subcommand
#[derive(Args)]
pub struct TicketsIssueArgs {
    #[arg(value_name = "FILE", value_parser = clap::value_parser!(PathBuf))]
    pub file: PathBuf,
    #[arg(long)]
    pub issuer: String,
    #[arg(long, value_name = "SEQ")]
    pub seq: i64,
    #[arg(long = "expires-in", value_name = "SECS")]
    pub expires_in: Option<u64>,
    #[arg(long, value_name = "BYTES")]
    pub capacity: Option<u64>,
    #[arg(long)]
    pub json: bool,

    #[command(flatten)]
    pub lock: LockCliArgs,
}

/// Arguments for the `tickets revoke` subcommand
#[derive(Args)]
pub struct TicketsRevokeArgs {
    #[arg(value_name = "FILE", value_parser = clap::value_parser!(PathBuf))]
    pub file: PathBuf,
    #[arg(long)]
    pub json: bool,

    #[command(flatten)]
    pub lock: LockCliArgs,
}

/// Arguments for the `tickets list` subcommand
#[derive(Args)]
pub struct TicketsStatusArgs {
    #[arg(value_name = "FILE", value_parser = clap::value_parser!(PathBuf))]
    pub file: PathBuf,
    #[arg(long)]
    pub json: bool,
}

// ============================================================================
// Tickets command handlers
// ============================================================================

pub fn handle_tickets(config: &CliConfig, args: TicketsArgs) -> Result<()> {
    match args.command {
        TicketsCommand::List(status) => handle_ticket_status(status),
        TicketsCommand::Issue(issue) => handle_ticket_issue(issue),
        TicketsCommand::Revoke(revoke) => handle_ticket_revoke(revoke),
        TicketsCommand::Sync(sync) => handle_ticket_sync(config, sync),
        TicketsCommand::Apply(apply) => handle_ticket_apply(config, apply),
    }
}

fn ticket_public_key(config: &CliConfig) -> Result<&ed25519_dalek::VerifyingKey> {
    config
        .ticket_pubkey
        .as_ref()
        .ok_or_else(|| anyhow!("MEMVID_TICKET_PUBKEY is not set"))
}

fn ticket_to_json(ticket: &memvid_core::TicketRef) -> serde_json::Value {
    json!({
        "issuer": ticket.issuer,
        "seq_no": ticket.seq_no,
        "expires_in_secs": ticket.expires_in_secs,
        "capacity_bytes": ticket.capacity_bytes,
    })
}

pub fn handle_ticket_status(args: TicketsStatusArgs) -> Result<()> {
    let mem = open_read_only_mem(&args.file)?;
    let ticket = mem.current_ticket();
    if args.json {
        println!(
            "{}",
            serde_json::to_string_pretty(&ticket_to_json(&ticket))?
        );
    } else {
        println!("Ticket issuer: {}", ticket.issuer);
        println!("Sequence: {}", ticket.seq_no);
        println!("Expires in (secs): {}", ticket.expires_in_secs);
        if ticket.capacity_bytes != 0 {
            println!("Capacity bytes: {}", ticket.capacity_bytes);
        } else {
            println!("Capacity bytes: (tier default)");
        }
    }
    Ok(())
}

pub fn handle_ticket_issue(args: TicketsIssueArgs) -> Result<()> {
    let mut mem = Memvid::open(&args.file)?;
    apply_lock_cli(&mut mem, &args.lock);
    let mut ticket = Ticket::new(&args.issuer, args.seq);
    if let Some(expires) = args.expires_in {
        ticket = ticket.expires_in_secs(expires);
    }
    if let Some(capacity) = args.capacity {
        ticket = ticket.capacity_bytes(capacity);
    }
    apply_ticket_with_warning(&mut mem, ticket)?;
    let ticket = mem.current_ticket();
    if args.json {
        println!(
            "{}",
            serde_json::to_string_pretty(&ticket_to_json(&ticket))?
        );
    } else {
        println!(
            "Applied ticket seq={} issuer={}",
            ticket.seq_no, ticket.issuer
        );
    }
    Ok(())
}

pub fn handle_ticket_revoke(args: TicketsRevokeArgs) -> Result<()> {
    let mut mem = Memvid::open(&args.file)?;
    apply_lock_cli(&mut mem, &args.lock);
    let current = mem.current_ticket();
    let next_seq = current.seq_no.saturating_add(1).max(1);
    let ticket = Ticket::new("", next_seq);
    apply_ticket_with_warning(&mut mem, ticket)?;
    let ticket = mem.current_ticket();
    if args.json {
        println!(
            "{}",
            serde_json::to_string_pretty(&ticket_to_json(&ticket))?
        );
    } else {
        println!("Ticket cleared; seq advanced to {}", ticket.seq_no);
    }
    Ok(())
}

pub fn handle_ticket_sync(config: &CliConfig, args: TicketsSyncArgs) -> Result<()> {
    let pubkey = ticket_public_key(config)?;
    let response = api_fetch_ticket(config, &args.memory_id)?;

    // Get file info for registration
    let file_path = std::fs::canonicalize(&args.file)
        .with_context(|| format!("failed to get absolute path for {:?}", args.file))?;
    let file_metadata = std::fs::metadata(&args.file)
        .with_context(|| format!("failed to get file metadata for {:?}", args.file))?;
    let file_size = file_metadata.len() as i64;
    let file_name = args
        .file
        .file_name()
        .and_then(|n| n.to_str())
        .unwrap_or("unknown.mv2");
    let machine_id = hostname::get()
        .map(|h| h.to_string_lossy().to_string())
        .unwrap_or_else(|_| "unknown".to_string());
    let signature_bytes = BASE64_STANDARD
        .decode(response.payload.signature.as_bytes())
        .context("ticket signature is not valid base64")?;

    // Extract values from response
    let issuer = response.payload.issuer.clone();
    let seq_no = response.payload.sequence;
    let expires_in = response.payload.expires_in;
    let capacity_bytes = response.payload.capacity_bytes;

    verify_ticket_signature(
        pubkey,
        &args.memory_id,
        &issuer,
        seq_no,
        expires_in,
        capacity_bytes,
        &signature_bytes,
    )
    .context("ticket signature verification failed")?;

    let mut mem = Memvid::open(&args.file)?;
    apply_lock_cli(&mut mem, &args.lock);

    // Check if the file already has this ticket or a newer one
    let current = mem.current_ticket();
    if current.seq_no >= seq_no {
        // Already bound with same or newer ticket
        let capacity = mem.get_capacity();

        // Still register/update file with the control plane
        let file_path_str = file_path.to_string_lossy();
        let register_request = crate::api::RegisterFileRequest {
            file_name,
            file_path: &file_path_str,
            file_size,
            machine_id: &machine_id,
        };
        if let Err(e) = crate::api::register_file(config, &args.memory_id, &register_request) {
            log::warn!("Failed to register file with control plane: {}", e);
        }

        if args.json {
            let json = json!({
                "issuer": current.issuer,
                "seq_no": current.seq_no,
                "expires_in": current.expires_in_secs,
                "capacity_bytes": if current.capacity_bytes > 0 { Some(current.capacity_bytes) } else { None },
                "memory_id": args.memory_id,
                "already_bound": true,
            });
            println!("{}", serde_json::to_string_pretty(&json)?);
        } else {
            println!(
                "Already bound to memory {} (seq={}, issuer={})",
                args.memory_id, current.seq_no, current.issuer
            );
            println!(
                "Current capacity: {:.2} GB",
                capacity as f64 / 1024.0 / 1024.0 / 1024.0
            );
        }
        return Ok(());
    }

    // Create ticket
    let mut ticket = Ticket::new(&issuer, seq_no).expires_in_secs(expires_in);
    if let Some(capacity) = capacity_bytes {
        ticket = ticket.capacity_bytes(capacity);
    }

    // Create memory binding
    let binding = MemoryBinding {
        memory_id: args.memory_id,
        memory_name: issuer.clone(), // Use issuer as name for now
        bound_at: Utc::now(),
        api_url: config.api_url.clone(),
    };

    // Use bind_memory to store both ticket and binding
    mem.bind_memory(binding, ticket)
        .context("failed to bind memory")?;
    mem.commit()?;

    let cache_entry = CachedTicket {
        memory_id: args.memory_id,
        issuer: issuer.clone(),
        seq_no,
        expires_in,
        capacity_bytes,
        signature: response.payload.signature.clone(),
    };
    store_cached_ticket(config, &cache_entry)?;

    let capacity = mem.get_capacity();

    // Register file with the control plane
    let file_path_str = file_path.to_string_lossy();
    let register_request = crate::api::RegisterFileRequest {
        file_name,
        file_path: &file_path_str,
        file_size,
        machine_id: &machine_id,
    };
    if let Err(e) = crate::api::register_file(config, &args.memory_id, &register_request) {
        // Don't fail the sync if file registration fails, just warn
        log::warn!("Failed to register file with control plane: {}", e);
    }

    if args.json {
        let json = json!({
            "issuer": issuer,
            "seq_no": seq_no,
            "expires_in": expires_in,
            "capacity_bytes": capacity_bytes,
            "memory_id": args.memory_id,
            "request_id": response.request_id,
        });
        println!("{}", serde_json::to_string_pretty(&json)?);
    } else {
        println!(
            "Bound to memory {} (seq={}, issuer={})",
            args.memory_id, seq_no, issuer
        );
        println!(
            "New capacity: {:.2} GB",
            capacity as f64 / 1024.0 / 1024.0 / 1024.0
        );
    }
    Ok(())
}

pub fn handle_ticket_apply(config: &CliConfig, args: TicketsApplyArgs) -> Result<()> {
    if !args.from_api {
        bail!("use --from-api to submit the ticket fetched from the API");
    }
    let cached = load_cached_ticket(config, &args.memory_id)
        .context("no cached ticket available; run `tickets sync` first")?;
    let request = ApiApplyTicketRequest {
        issuer: &cached.issuer,
        seq_no: cached.seq_no,
        expires_in: cached.expires_in,
        capacity_bytes: cached.capacity_bytes,
        signature: &cached.signature,
    };
    let request_id = api_apply_ticket(config, &args.memory_id, &request)?;
    if args.json {
        let json = json!({
            "memory_id": args.memory_id,
            "seq_no": cached.seq_no,
            "request_id": request_id,
        });
        println!("{}", serde_json::to_string_pretty(&json)?);
    } else {
        println!(
            "Submitted ticket seq={} for memory {} (request {})",
            cached.seq_no, args.memory_id, request_id
        );
    }
    Ok(())
}