palladium_cli/commands/

msg.rs

use clap::{Args, Subcommand};
use schemars::JsonSchema;
use serde::Serialize;
use serde_json::json;

use crate::client::{CliError, ControlPlaneClient, Endpoint};
use crate::output;
use crate::CliResult;

#[derive(Subcommand, Debug, Serialize, JsonSchema)]
#[serde(rename_all = "kebab-case")]
pub enum MsgCommand {
    /// Send a JSON message to an actor (Phase 5 — codec registry required).
    Send(MsgSendArgs),
    /// Perform a synchronous request-response call.
    Call(MsgCallArgs),
    /// Inspect an actor's current mailbox depth and capacity.
    Inspect(MsgInspectArgs),
}

#[derive(Args, Debug, Serialize, JsonSchema)]
#[serde(rename_all = "kebab-case")]
pub struct MsgSendArgs {
    /// Target actor path.
    pub path: String,
    /// JSON payload to send.
    pub payload: String,
}

#[derive(Args, Debug, Serialize, JsonSchema)]
#[serde(rename_all = "kebab-case")]
pub struct MsgCallArgs {
    /// Target actor path.
    pub path: String,
    /// JSON payload to send.
    pub payload: String,
    /// Timeout in seconds.
    #[arg(long, default_value_t = 5)]
    pub timeout: u64,
}

#[derive(Args, Debug, Serialize, JsonSchema)]
#[serde(rename_all = "kebab-case")]
pub struct MsgInspectArgs {
    /// Target actor path.
    pub path: String,
    /// Output in JSON format.
    #[arg(long)]
    pub json: bool,
}

pub fn run(cmd: MsgCommand, endpoint: &Endpoint) -> CliResult {
    match cmd {
        MsgCommand::Send(_args) => {
            eprintln!("pd msg send: actor.send not implemented (Phase 5)");
            std::process::exit(1);
        }
        MsgCommand::Call(args) => {
            let mut client = ControlPlaneClient::connect_endpoint(endpoint)?;
            let params = json!({
                "path": args.path,
                "payload": args.payload,
                "timeout_secs": args.timeout
            });
            let result = match client.call("msg.call", params.clone()) {
                Ok(result) => result,
                Err(CliError::Rpc { code, message })
                    if code == -32000 && message.starts_with("actor not found:") =>
                {
                    call_remote_via_federation(endpoint, &params)?
                }
                Err(e) => return Err(e.into()),
            };
            if let Some(text) = result.get("payload_text").and_then(|v| v.as_str()) {
                println!("{text}");
            } else {
                println!("{}", serde_json::to_string_pretty(&result)?);
            }
        }
        MsgCommand::Inspect(args) => {
            let mut client = ControlPlaneClient::connect_endpoint(endpoint)?;
            let result = client.call("actor.info", json!({"path": args.path}))?;
            if args.json {
                println!("{}", serde_json::to_string_pretty(&result)?);
            } else {
                print!("{}", output::format_mailbox_info(&result));
            }
        }
    }
    Ok(())
}

fn call_remote_via_federation(endpoint: &Endpoint, params: &serde_json::Value) -> CliResultValue {
    let path = params
        .get("path")
        .and_then(|v| v.as_str())
        .ok_or_else(|| CliError::Protocol("missing path".to_string()))?;

    let mut local = ControlPlaneClient::connect_endpoint(endpoint)?;
    let policy = local.call("federation.policy.get", serde_json::Value::Null)?;
    if !federation_policy_allows(&policy, path) {
        return Err(CliError::Rpc {
            code: -32000,
            message: format!("federation policy denies actor path: {path}"),
        }
        .into());
    }

    let entry = local.call("federation.registry.get", json!({ "path": path }))?;
    let owner_engine = entry
        .get("engine_id")
        .and_then(|v| v.as_str())
        .ok_or_else(|| CliError::Protocol("federation.registry.get missing engine_id".into()))?;
    let status = local.call("cluster.status", serde_json::Value::Null)?;
    if status
        .get("local_engine")
        .and_then(|v| v.as_str())
        .is_some_and(|s| s == owner_engine)
    {
        return Err(CliError::Rpc {
            code: -32000,
            message: format!("actor not found locally: {path}"),
        }
        .into());
    }

    let members = local.call("cluster.members", serde_json::Value::Null)?;
    let owner_addr = members
        .as_array()
        .and_then(|items| {
            items.iter().find_map(|m| {
                if m.get("engine_id").and_then(|v| v.as_str()) == Some(owner_engine) {
                    m.get("addr").and_then(|v| v.as_str()).map(str::to_string)
                } else {
                    None
                }
            })
        })
        .ok_or_else(|| CliError::Protocol(format!("owner member not found: {owner_engine}")))?;

    let remote = remote_endpoint_for_member(endpoint, &owner_addr)?;
    let mut remote_client = ControlPlaneClient::connect_endpoint(&remote)?;
    Ok(remote_client.call("msg.call", params.clone())?)
}

type CliResultValue = Result<serde_json::Value, Box<dyn std::error::Error>>;

fn remote_endpoint_for_member(current: &Endpoint, member_addr: &str) -> Result<Endpoint, CliError> {
    let (host, port) = member_addr
        .rsplit_once(':')
        .ok_or_else(|| CliError::Protocol(format!("invalid member addr: {member_addr}")))?;
    let port = port
        .parse::<u16>()
        .map_err(|_| CliError::Protocol(format!("invalid member port: {member_addr}")))?;
    match current {
        Endpoint::Tcp { tls, .. } => Ok(Endpoint::Tcp {
            host: host.to_string(),
            port,
            tls: tls.clone(),
        }),
        Endpoint::Quic { tls, .. } => Ok(Endpoint::Quic {
            host: host.to_string(),
            port,
            tls: tls.clone(),
        }),
        Endpoint::Unix(_) => Err(CliError::Protocol(
            "remote msg.call forwarding requires --endpoint tcp://... or quic://...".to_string(),
        )),
    }
}

fn federation_policy_allows(policy: &serde_json::Value, path: &str) -> bool {
    let mode = policy
        .get("mode")
        .and_then(|v| v.as_str())
        .unwrap_or("allow-all");
    let prefixes: Vec<&str> = policy
        .get("prefixes")
        .and_then(|v| v.as_array())
        .map(|arr| arr.iter().filter_map(|v| v.as_str()).collect())
        .unwrap_or_default();

    let matches_prefix = |p: &str| path == p || path.starts_with(&format!("{p}/"));
    match mode {
        "allow-all" => true,
        "deny-all" => false,
        "allow-prefixes" => prefixes.iter().any(|p| matches_prefix(p)),
        "deny-prefixes" => !prefixes.iter().any(|p| matches_prefix(p)),
        _ => true,
    }
}

#[cfg(test)]
mod tests {
    use super::{federation_policy_allows, remote_endpoint_for_member};
    use crate::client::{Endpoint, TlsClientConfig};
    use serde_json::json;
    use std::path::PathBuf;

    fn sample_tls() -> TlsClientConfig {
        TlsClientConfig {
            cert: PathBuf::from("client.crt"),
            key: PathBuf::from("client.key"),
            ca: Some(PathBuf::from("ca.crt")),
            sni: None,
        }
    }

    #[test]
    fn endpoint_for_member_keeps_scheme_and_tls() {
        let endpoint = Endpoint::Tcp {
            host: "127.0.0.1".to_string(),
            port: 4100,
            tls: sample_tls(),
        };
        let remote = remote_endpoint_for_member(&endpoint, "server-b:4200").unwrap();
        match remote {
            Endpoint::Tcp { host, port, .. } => {
                assert_eq!(host, "server-b");
                assert_eq!(port, 4200);
            }
            _ => panic!("expected tcp endpoint"),
        }
    }

    #[test]
    fn allow_prefix_policy_matches_descendants() {
        let policy = json!({
            "mode": "allow-prefixes",
            "prefixes": ["/user"]
        });
        assert!(federation_policy_allows(&policy, "/user/core1/counter-a"));
        assert!(!federation_policy_allows(&policy, "/system/control-plane"));
    }
}