st/collab/

space.rs

//! User Spaces - Containerized environments for collaborators
//!
//! Each collaborator gets their own space with:
//! - Isolated or shared filesystem view
//! - Their preferred tools (template)
//! - Ability to share terminals, memories

use super::{Identity, Template};
use anyhow::Result;
use serde::{Deserialize, Serialize};
use std::path::PathBuf;

/// Container isolation level
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
pub enum IsolationLevel {
    /// Full container (podman) - own filesystem, network
    Podman,
    /// Linux namespace - lighter, shared kernel
    Namespace,
    /// No isolation - direct access (trust mode)
    #[default]
    None,
}

/// Configuration for a user space
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SpaceConfig {
    /// Isolation level
    pub isolation: IsolationLevel,

    /// Base template to use
    pub template: Option<String>,

    /// Working directory within the space
    pub workdir: PathBuf,

    /// Environment variables to set
    pub env: Vec<(String, String)>,

    /// Paths to mount into the space (host:container)
    pub mounts: Vec<(PathBuf, PathBuf)>,

    /// Memory limit (bytes, 0 = unlimited)
    pub memory_limit: u64,

    /// CPU limit (cores, 0 = unlimited)
    pub cpu_limit: f32,

    /// Network access
    pub network: NetworkConfig,
}

impl Default for SpaceConfig {
    fn default() -> Self {
        SpaceConfig {
            isolation: IsolationLevel::None,
            template: None,
            workdir: PathBuf::from("."),
            env: Vec::new(),
            mounts: Vec::new(),
            memory_limit: 0,
            cpu_limit: 0.0,
            network: NetworkConfig::default(),
        }
    }
}

/// Network configuration for a space
#[derive(Debug, Clone, Serialize, Deserialize, Default)]
pub struct NetworkConfig {
    /// Allow outbound internet access
    pub internet: bool,
    /// Allow connections to host services
    pub host_access: bool,
    /// Ports to expose
    pub exposed_ports: Vec<u16>,
}

/// A user's active space in a project
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UserSpace {
    /// The user's identity
    pub identity: Identity,

    /// Space configuration
    pub config: SpaceConfig,

    /// Container/namespace ID (if isolated)
    pub container_id: Option<String>,

    /// Unix socket path for this space
    pub socket_path: Option<PathBuf>,

    /// PID of the space's shell process
    pub shell_pid: Option<u32>,

    /// When the space was created
    pub created_at: u64,

    /// Last activity timestamp
    pub last_active: u64,
}

impl UserSpace {
    /// Create a new user space
    pub fn new(identity: Identity, config: SpaceConfig) -> Self {
        let now = std::time::SystemTime::now()
            .duration_since(std::time::UNIX_EPOCH)
            .unwrap_or_default()
            .as_secs();

        UserSpace {
            identity,
            config,
            container_id: None,
            socket_path: None,
            shell_pid: None,
            created_at: now,
            last_active: now,
        }
    }

    /// Create a space with a template
    pub fn with_template(identity: Identity, template: &Template) -> Self {
        let config = SpaceConfig {
            template: Some(template.name.clone()),
            isolation: template.default_isolation.clone(),
            env: template.env.clone(),
            ..Default::default()
        };
        Self::new(identity, config)
    }

    /// Start the user space (create container if needed)
    pub async fn start(&mut self) -> Result<()> {
        match self.config.isolation {
            IsolationLevel::Podman => self.start_podman().await,
            IsolationLevel::Namespace => self.start_namespace().await,
            IsolationLevel::None => self.start_direct().await,
        }
    }

    /// Start with podman container
    async fn start_podman(&mut self) -> Result<()> {
        // TODO: Implement podman container creation
        // podman run -d --name {identity} -v {project}:/workspace {template_image}
        tracing::info!("Starting podman container for {}", self.identity);
        Ok(())
    }

    /// Start with Linux namespace
    async fn start_namespace(&mut self) -> Result<()> {
        // TODO: Implement namespace isolation
        // unshare --user --mount --pid --fork
        tracing::info!("Starting namespace for {}", self.identity);
        Ok(())
    }

    /// Start without isolation (trust mode)
    async fn start_direct(&mut self) -> Result<()> {
        tracing::info!("Starting direct space for {}", self.identity);
        // Just set up the working directory and environment
        Ok(())
    }

    /// Stop the user space
    pub async fn stop(&mut self) -> Result<()> {
        match self.config.isolation {
            IsolationLevel::Podman => {
                if let Some(ref id) = self.container_id {
                    // podman stop {id}
                    tracing::info!("Stopping podman container {}", id);
                }
            }
            IsolationLevel::Namespace => {
                if let Some(pid) = self.shell_pid {
                    // kill namespace process
                    tracing::info!("Stopping namespace pid {}", pid);
                }
            }
            IsolationLevel::None => {
                // Nothing to stop
            }
        }
        self.container_id = None;
        self.shell_pid = None;
        Ok(())
    }

    /// Execute a command in the space
    pub async fn exec(&self, command: &[&str]) -> Result<String> {
        match self.config.isolation {
            IsolationLevel::Podman => {
                if let Some(ref id) = self.container_id {
                    // podman exec {id} {command}
                    tracing::debug!("Exec in podman {}: {:?}", id, command);
                }
            }
            IsolationLevel::Namespace => {
                if let Some(pid) = self.shell_pid {
                    // nsenter -t {pid} -a {command}
                    tracing::debug!("Exec in namespace {}: {:?}", pid, command);
                }
            }
            IsolationLevel::None => {
                // Direct execution
                tracing::debug!("Direct exec: {:?}", command);
            }
        }
        // TODO: Actually execute command
        Ok(String::new())
    }

    /// Share terminal with another user
    pub async fn share_terminal(&self, with: &Identity) -> Result<String> {
        // Returns a session ID that the other user can join
        let session_id = format!(
            "term-{}-{}",
            self.identity.username,
            std::time::SystemTime::now()
                .duration_since(std::time::UNIX_EPOCH)
                .unwrap()
                .as_millis()
        );
        tracing::info!(
            "Sharing terminal {} with {}",
            session_id,
            with.canonical()
        );
        Ok(session_id)
    }

    /// Update last active timestamp
    pub fn touch(&mut self) {
        self.last_active = std::time::SystemTime::now()
            .duration_since(std::time::UNIX_EPOCH)
            .unwrap_or_default()
            .as_secs();
    }

    /// Check if space has been idle too long
    pub fn is_idle(&self, timeout_secs: u64) -> bool {
        let now = std::time::SystemTime::now()
            .duration_since(std::time::UNIX_EPOCH)
            .unwrap_or_default()
            .as_secs();
        now - self.last_active > timeout_secs
    }
}

/// Manager for all active user spaces
#[derive(Debug, Default)]
pub struct SpaceManager {
    /// Active spaces by identity canonical name
    spaces: std::collections::HashMap<String, UserSpace>,
}

impl SpaceManager {
    pub fn new() -> Self {
        SpaceManager {
            spaces: std::collections::HashMap::new(),
        }
    }

    /// Get or create a space for a user
    pub async fn get_or_create(
        &mut self,
        identity: Identity,
        config: SpaceConfig,
    ) -> Result<&mut UserSpace> {
        let key = identity.canonical();
        if !self.spaces.contains_key(&key) {
            let mut space = UserSpace::new(identity, config);
            space.start().await?;
            self.spaces.insert(key.clone(), space);
        }
        Ok(self.spaces.get_mut(&key).unwrap())
    }

    /// Get an existing space
    pub fn get(&self, identity: &Identity) -> Option<&UserSpace> {
        self.spaces.get(&identity.canonical())
    }

    /// Remove a user's space
    pub async fn remove(&mut self, identity: &Identity) -> Result<()> {
        let key = identity.canonical();
        if let Some(mut space) = self.spaces.remove(&key) {
            space.stop().await?;
        }
        Ok(())
    }

    /// List all active spaces
    pub fn list(&self) -> Vec<&UserSpace> {
        self.spaces.values().collect()
    }

    /// Clean up idle spaces
    pub async fn cleanup_idle(&mut self, timeout_secs: u64) -> Result<usize> {
        let idle: Vec<String> = self
            .spaces
            .iter()
            .filter(|(_, s)| s.is_idle(timeout_secs))
            .map(|(k, _)| k.clone())
            .collect();

        let count = idle.len();
        for key in idle {
            if let Some(mut space) = self.spaces.remove(&key) {
                space.stop().await?;
            }
        }
        Ok(count)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_space_config_default() {
        let config = SpaceConfig::default();
        assert_eq!(config.isolation, IsolationLevel::None);
        assert!(config.template.is_none());
    }

    #[test]
    fn test_user_space_creation() {
        let identity = Identity::local("test");
        let space = UserSpace::new(identity.clone(), SpaceConfig::default());
        assert_eq!(space.identity, identity);
        assert!(space.container_id.is_none());
    }
}