void_core/ops/

publish.rs

//! Publish a void repository as a browsable static website.
//!
//! Generates a self-contained SPA (`index.html`) plus a CBOR content pack
//! (`content.cbor`) that can be pinned to IPFS and viewed on any gateway.
//!
//! Text files are individually gzipped (for browser `DecompressionStream`),
//! binary assets are served at original paths, and commit provenance
//! (signature, author, timestamp) is included for client-side verification.

use std::collections::BTreeMap;
use std::io::Write;

use flate2::write::GzEncoder;
use flate2::Compression;
use serde::Serialize;
use thiserror::Error;

use crate::cid::{self, ToVoidCid};
use crate::crypto::{CommitReader, ContentKey, KeyVault};
use crate::VoidContext;
use crate::metadata::Commit;
use crate::refs;

use crate::store::{FsStore, ObjectStoreExt};
use crate::VoidError;

// ============================================================================
// Error type
// ============================================================================

#[derive(Debug, Error)]
pub enum PublishError {
    #[error("no HEAD commit found")]
    NoHead,
    #[error("resolve error: {0}")]
    ResolveError(String),
    #[error("CBOR encoding error: {0}")]
    CborError(String),
    #[error("I/O error: {0}")]
    IoError(#[from] std::io::Error),
    #[error("shard error: {0}")]
    ShardError(String),
    #[error("void error: {0}")]
    VoidError(#[from] VoidError),
}

// ============================================================================
// Options and output types
// ============================================================================

pub struct PublishOptions {
    /// Repository context (void_dir, vault, etc.)
    pub ctx: VoidContext,
    /// Specific commit CID to publish (None = HEAD).
    pub commit_cid: Option<String>,
    /// Include identity URI in published metadata.
    pub include_identity: bool,
    /// Include contributor list in published metadata.
    pub include_contributors: bool,
    /// Optional identity URI string (pre-loaded by CLI).
    pub identity_uri: Option<String>,
    /// Optional repo name override.
    pub repo_name: Option<String>,
    /// HTML template for the published SPA shell.
    pub html_template: String,
}

#[derive(Debug, Clone, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PublishOutput {
    /// The rendered SPA shell.
    pub index_html: Vec<u8>,
    /// The CBOR content pack.
    pub cbor_pack: Vec<u8>,
    /// Binary asset files to write alongside.
    pub assets: Vec<AssetFile>,
    /// Publication statistics.
    pub stats: PublishStats,
    /// Files that were excluded (secrets, binaries, etc.).
    pub excluded: Vec<ExcludedFile>,
    /// The commit CID that was published.
    pub commit_cid: String,
    /// Per-commit content key (hex). Enables scoped read-only clone.
    pub content_key: String,
}

#[derive(Debug, Clone, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PublishStats {
    pub text_files: usize,
    pub asset_files: usize,
    pub excluded_files: usize,
    pub cbor_size: u64,
    pub total_asset_size: u64,
}

#[derive(Debug, Clone, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct AssetFile {
    pub repo_path: String,
    pub mime: String,
    pub size: u64,
    pub content: Vec<u8>,
}

#[derive(Debug, Clone, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct ExcludedFile {
    pub path: String,
    pub reason: ExcludeReason,
}

#[derive(Debug, Clone, Serialize)]
#[serde(rename_all = "camelCase")]
pub enum ExcludeReason {
    SecretPattern,
    BuildArtifact,
    BinaryExclusion,
}

// ============================================================================
// File classification
// ============================================================================

#[derive(Debug, Clone)]
pub enum FileClass {
    Text { lang: String },
    Asset { mime: String },
    Excluded { reason: ExcludeReason },
}

/// Classify a file path into text, asset, or excluded.
pub fn classify_file(path: &str) -> FileClass {
    let lower = path.to_lowercase();
    let basename = lower.rsplit('/').next().unwrap_or(&lower);

    // Secret patterns (always excluded) — check basename and full path
    if is_secret_pattern(basename, &lower) {
        return FileClass::Excluded {
            reason: ExcludeReason::SecretPattern,
        };
    }

    // Build artifacts (not secrets, just noisy for publishing)
    if is_build_artifact(basename, &lower) {
        return FileClass::Excluded {
            reason: ExcludeReason::BuildArtifact,
        };
    }

    let ext = basename.rsplit('.').next().unwrap_or("");

    // Excluded binary formats (executables, archives)
    match ext {
        "exe" | "dll" | "so" | "dylib" | "wasm" | "tar" | "gz" | "tgz" | "bz2" | "xz"
        | "zip" | "rar" | "7z" | "o" | "a" | "lib" | "pyc" | "pyo" | "class" | "jar"
        | "war" | "deb" | "rpm" | "msi" | "dmg" | "iso" => {
            return FileClass::Excluded {
                reason: ExcludeReason::BinaryExclusion,
            };
        }
        _ => {}
    }

    // Asset types (served as binary)
    match ext {
        "png" | "jpg" | "jpeg" | "gif" | "webp" | "ico" | "bmp" | "tiff" | "tif" => {
            return FileClass::Asset {
                mime: format!("image/{}", if ext == "jpg" { "jpeg" } else { ext }),
            };
        }
        "svg" => {
            return FileClass::Asset {
                mime: "image/svg+xml".into(),
            };
        }
        "pdf" => {
            return FileClass::Asset {
                mime: "application/pdf".into(),
            };
        }
        "woff" => {
            return FileClass::Asset {
                mime: "font/woff".into(),
            };
        }
        "woff2" => {
            return FileClass::Asset {
                mime: "font/woff2".into(),
            };
        }
        "ttf" => {
            return FileClass::Asset {
                mime: "font/ttf".into(),
            };
        }
        "otf" => {
            return FileClass::Asset {
                mime: "font/otf".into(),
            };
        }
        "mp3" | "ogg" | "wav" | "flac" => {
            return FileClass::Asset {
                mime: format!("audio/{}", ext),
            };
        }
        "mp4" | "webm" | "avi" | "mov" => {
            return FileClass::Asset {
                mime: format!("video/{}", ext),
            };
        }
        _ => {}
    }

    // Text types — map extension to language identifier
    let lang = match ext {
        "rs" => "rust",
        "ts" | "tsx" => "typescript",
        "js" | "jsx" | "mjs" | "cjs" => "javascript",
        "py" => "python",
        "go" => "go",
        "rb" => "ruby",
        "java" => "java",
        "kt" | "kts" => "kotlin",
        "swift" => "swift",
        "c" | "h" => "c",
        "cpp" | "cc" | "cxx" | "hpp" | "hxx" => "cpp",
        "cs" => "csharp",
        "php" => "php",
        "r" => "r",
        "scala" => "scala",
        "zig" => "zig",
        "nim" => "nim",
        "lua" => "lua",
        "ex" | "exs" => "elixir",
        "erl" | "hrl" => "erlang",
        "hs" => "haskell",
        "ml" | "mli" => "ocaml",
        "clj" | "cljs" => "clojure",
        "dart" => "dart",
        "v" => "v",
        "d" => "d",
        "jl" => "julia",
        "pl" | "pm" => "perl",
        "sh" | "bash" | "zsh" | "fish" => "shellscript",
        "ps1" | "psm1" => "powershell",
        "bat" | "cmd" => "bat",
        "sql" => "sql",
        "md" | "markdown" => "markdown",
        "html" | "htm" => "html",
        "css" | "scss" | "sass" | "less" => "css",
        "xml" | "xsl" | "xslt" => "xml",
        "json" | "jsonc" | "json5" => "json",
        "yaml" | "yml" => "yaml",
        "toml" => "toml",
        "ini" | "cfg" | "conf" => "ini",
        "dockerfile" => "dockerfile",
        "makefile" => "makefile",
        "cmake" => "cmake",
        "nix" => "nix",
        "tf" | "hcl" => "hcl",
        "proto" => "protobuf",
        "graphql" | "gql" => "graphql",
        "svelte" => "svelte",
        "vue" => "vue",
        "astro" => "astro",
        "txt" | "text" | "log" | "csv" | "tsv" => "plaintext",
        "lock" => "plaintext",
        "gitignore" | "gitattributes" | "editorconfig" | "voidignore" => "plaintext",
        "env" => "plaintext", // shouldn't reach here due to secret filter, but safe default
        _ => "plaintext",     // unknown extensions default to text
    };

    // Handle extensionless files by basename
    let lang = if ext == basename {
        // No extension — check well-known filenames
        match basename {
            "makefile" | "gnumakefile" => "makefile",
            "dockerfile" => "dockerfile",
            "cmakelists.txt" => "cmake",
            "readme" | "license" | "copying" | "changelog" | "authors" | "contributing"
            | "todo" => "markdown",
            _ => lang,
        }
    } else {
        lang
    };

    FileClass::Text {
        lang: lang.to_string(),
    }
}

/// Check if a filename or path matches secret/sensitive patterns.
fn is_secret_pattern(basename: &str, full_path: &str) -> bool {
    // Exact basename matches
    matches!(
        basename,
        "id_rsa"
            | "id_ed25519"
            | "id_ecdsa"
            | "id_dsa"
            | "keys.enc"
            | "credentials.json"
            | "service-account.json"
            | ".npmrc"
            | ".pypirc"
            | ".netrc"
    ) ||
    // Prefix patterns
    basename.starts_with(".env") ||
    // Suffix patterns
    basename.ends_with(".key") ||
    basename.ends_with(".pem") ||
    basename.ends_with(".p12") ||
    basename.ends_with(".pfx") ||
    basename.ends_with(".keystore") ||
    basename.ends_with(".jks") ||
    basename.ends_with(".secret") ||
    // Path patterns
    full_path.contains(".void/") ||
    full_path.starts_with(".git/")
}

/// Check if a filename or path is a build artifact (not secret, just noisy).
fn is_build_artifact(basename: &str, full_path: &str) -> bool {
    basename == "cargo.lock" ||
    full_path.contains("node_modules/") ||
    full_path.contains(".cargo-home/") ||
    full_path.contains(".rustup-home/")
}

// ============================================================================
// Core publish function
// ============================================================================

/// Publish a void repository as a static website.
///
/// Decrypts the commit, walks all files, classifies them, gzips text content,
/// and produces an SPA shell + CBOR content pack.
pub fn publish(opts: PublishOptions) -> Result<PublishOutput, PublishError> {
    // --- 1. Load metadata (same pattern as lazy.rs) ---
    let objects_dir = opts.ctx.paths.void_dir.join("objects");
    let store = FsStore::new(objects_dir).map_err(PublishError::VoidError)?;

    // Resolve commit CID
    let commit_cid_multihash = match &opts.commit_cid {
        Some(c) => cid::parse(c).map_err(|e| PublishError::ResolveError(e.to_string()))?,
        None => {
            let head_commit_cid = refs::resolve_head(&opts.ctx.paths.void_dir)
                .map_err(|e| PublishError::ResolveError(e.to_string()))?
                .ok_or(PublishError::NoHead)?;
            cid::from_bytes(head_commit_cid.as_bytes()).map_err(|e| PublishError::ResolveError(e.to_string()))?
        }
    };
    let commit_cid_str = commit_cid_multihash.to_string();

    // Decrypt commit + metadata
    let (commit, _metadata, reader) = opts
        .ctx
        .load_commit_with_metadata(&store, &commit_cid_multihash)
        .map_err(PublishError::VoidError)?;

    // Build ancestor content keys for shard decryption fallback
    let ancestor_keys = collect_ancestor_keys(&store, &opts.ctx.crypto.vault, &commit);

    // Resolve current branch name
    let branch = match refs::read_head(&opts.ctx.paths.void_dir) {
        Ok(Some(refs::HeadRef::Symbolic(name))) => Some(name),
        _ => None,
    };

    // --- 2. Walk all files via manifest ---
    let manifest = crate::metadata::manifest_tree::TreeManifest::from_commit(&store, &commit, &reader)
        .map_err(PublishError::VoidError)?
        .ok_or_else(|| PublishError::ShardError("commit has no manifest".into()))?;

    let (text_files, assets, excluded) = extract_all_files(
        &store,
        &manifest,
        &reader,
        &ancestor_keys,
    )?;

    // --- 3. Build CBOR payload ---
    let cbor_pack = build_cbor(
        &commit,
        &commit_cid_str,
        branch.as_deref(),
        &text_files,
        &assets,
        opts.repo_name.as_deref(),
        opts.identity_uri.as_deref(),
        Some(reader.content_key().as_bytes()),
    )?;

    // --- 4. Embed SPA shell ---
    let index_html = &opts.html_template;

    // --- 5. Build stats ---
    let total_asset_size: u64 = assets.iter().map(|a| a.size).sum();
    let stats = PublishStats {
        text_files: text_files.len(),
        asset_files: assets.len(),
        excluded_files: excluded.len(),
        cbor_size: cbor_pack.len() as u64,
        total_asset_size,
    };

    let content_key_hex = hex::encode(reader.content_key().as_bytes());

    Ok(PublishOutput {
        index_html: index_html.as_bytes().to_vec(),
        cbor_pack,
        assets,
        stats,
        excluded,
        commit_cid: commit_cid_str,
        content_key: content_key_hex,
    })
}

// ============================================================================
// Internal helpers
// ============================================================================

/// Collected text file for CBOR encoding.
struct TextFile {
    lang: String,
    gz: Vec<u8>,
    raw_size: u64,
}

/// Collect ancestor content keys for shard decryption fallback.
fn collect_ancestor_keys(
    store: &FsStore,
    vault: &KeyVault,
    commit: &Commit,
) -> Vec<ContentKey> {
    let mut ancestor_keys: Vec<ContentKey> = Vec::new();
    let mut current_parent = commit.parent().cloned();
    for _ in 0..100 {
        let parent_commit_cid = match current_parent {
            Some(ref p) => p.clone(),
            None => break,
        };
        let parent_cid = match parent_commit_cid.to_void_cid() {
            Ok(c) => c,
            Err(_) => break,
        };
        let parent_encrypted: void_crypto::EncryptedCommit = match store.get_blob(&parent_cid) {
            Ok(d) => d,
            Err(_) => break,
        };
        let (parent_bytes, parent_reader) = match CommitReader::open_with_vault(vault, &parent_encrypted) {
            Ok(r) => r,
            Err(_) => break,
        };
        ancestor_keys.push(*parent_reader.content_key());
        let parent_commit = match parent_bytes.parse() {
            Ok(c) => c,
            Err(_) => break,
        };
        current_parent = parent_commit.parent().cloned();
    }
    ancestor_keys
}

/// Extract all files from a commit using manifest-driven shard access.
fn extract_all_files(
    store: &FsStore,
    manifest: &crate::metadata::manifest_tree::TreeManifest,
    commit_reader: &CommitReader,
    ancestor_keys: &[ContentKey],
) -> Result<(BTreeMap<String, TextFile>, Vec<AssetFile>, Vec<ExcludedFile>), PublishError> {
    let mut text_files: BTreeMap<String, TextFile> = BTreeMap::new();
    let mut assets: Vec<AssetFile> = Vec::new();
    let mut excluded: Vec<ExcludedFile> = Vec::new();

    let groups = manifest.entries_by_shard().map_err(PublishError::VoidError)?;
    let shards = manifest.shards();

    for (idx, entries) in groups.into_iter().enumerate() {
        if entries.is_empty() {
            continue;
        }
        let shard_ref = shards.get(idx).ok_or_else(|| {
            PublishError::ShardError(format!("shard index {} out of bounds", idx))
        })?;

        let shard_cid = cid::from_bytes(shard_ref.cid.as_bytes())
            .map_err(|e| PublishError::ShardError(e.to_string()))?;
        let shard_encrypted: void_crypto::EncryptedShard = store.get_blob(&shard_cid).map_err(PublishError::VoidError)?;

        let shard_bytes = commit_reader.decrypt_shard(
            &shard_encrypted,
            shard_ref.wrapped_key.as_ref(),
            ancestor_keys,
        )
        .map_err(PublishError::VoidError)?;

        let body = shard_bytes.decompress().map_err(PublishError::VoidError)?;

        for entry in &entries {
            let path = entry.path.as_str();

            match classify_file(path) {
                FileClass::Text { lang } => {
                    let content: Vec<u8> = body.read_file(&entry)
                        .map_err(PublishError::VoidError)?
                        .into();

                    // Gzip for browser DecompressionStream
                    let mut encoder = GzEncoder::new(Vec::new(), Compression::default());
                    encoder
                        .write_all(&content)
                        .map_err(PublishError::IoError)?;
                    let gz = encoder.finish().map_err(PublishError::IoError)?;

                    text_files.insert(
                        path.to_string(),
                        TextFile {
                            lang,
                            gz,
                            raw_size: entry.length,
                        },
                    );
                }
                FileClass::Asset { mime } => {
                    let content: Vec<u8> = body.read_file(&entry)
                        .map_err(PublishError::VoidError)?
                        .into();

                    assets.push(AssetFile {
                        repo_path: path.to_string(),
                        mime,
                        size: entry.length,
                        content,
                    });
                }
                FileClass::Excluded { reason } => {
                    excluded.push(ExcludedFile {
                        path: path.to_string(),
                        reason,
                    });
                }
            }
        }
    }

    Ok((text_files, assets, excluded))
}

/// Build the CBOR content pack.
///
/// Structure:
/// ```text
/// {
///   "meta": { version, repo, commit_cid, message, timestamp, branch?, author?, signature?, signable_bytes?, identity? },
///   "files": { "path": { "lang": str, "size": int, "gz": bytes } },
///   "assets": { "path": { "size": int, "mime": str } }
/// }
/// ```
fn build_cbor(
    commit: &Commit,
    commit_cid: &str,
    branch: Option<&str>,
    text_files: &BTreeMap<String, TextFile>,
    assets: &[AssetFile],
    repo_name: Option<&str>,
    identity_uri: Option<&str>,
    content_key_bytes: Option<&[u8; 32]>,
) -> Result<Vec<u8>, PublishError> {
    use ciborium::Value;

    // Build meta map
    let mut meta_entries: Vec<(Value, Value)> = vec![
        (Value::Text("version".into()), Value::Integer(1_i64.into())),
        (
            Value::Text("commit_cid".into()),
            Value::Text(commit_cid.into()),
        ),
        (
            Value::Text("message".into()),
            Value::Text(commit.message.clone()),
        ),
        (
            Value::Text("timestamp".into()),
            Value::Integer((commit.timestamp as i64).into()),
        ),
    ];

    if let Some(name) = repo_name {
        meta_entries.push((Value::Text("repo".into()), Value::Text(name.into())));
    }

    if let Some(b) = branch {
        meta_entries.push((Value::Text("branch".into()), Value::Text(b.into())));
    }

    // Signature object (nested for SPA consumption)
    if let (Some(author_bytes), Some(sig_bytes)) = (&commit.author, &commit.signature) {
        let verified = commit.verify().is_ok();
        let sig_obj = Value::Map(vec![
            (
                Value::Text("signing_key".into()),
                Value::Text(author_bytes.to_hex()),
            ),
            (
                Value::Text("signature".into()),
                Value::Text(sig_bytes.to_hex()),
            ),
            (
                Value::Text("signed_data".into()),
                Value::Bytes(commit.signable_bytes()),
            ),
            (Value::Text("verified".into()), Value::Bool(verified)),
        ]);
        meta_entries.push((Value::Text("signature".into()), sig_obj));
    } else if let Some(author_bytes) = &commit.author {
        // Author without signature (shouldn't happen normally)
        meta_entries.push((
            Value::Text("author".into()),
            Value::Text(author_bytes.to_hex()),
        ));
    }

    if let Some(uri) = identity_uri {
        meta_entries.push((Value::Text("identity".into()), Value::Text(uri.into())));
    }

    if let Some(key_bytes) = content_key_bytes {
        meta_entries.push((
            Value::Text("content_key".into()),
            Value::Text(hex::encode(key_bytes)),
        ));
    }

    let meta = Value::Map(meta_entries);

    // Build files map
    let files_entries: Vec<(Value, Value)> = text_files
        .iter()
        .map(|(path, tf)| {
            let file_map = Value::Map(vec![
                (Value::Text("lang".into()), Value::Text(tf.lang.clone())),
                (
                    Value::Text("size".into()),
                    Value::Integer((tf.raw_size as i64).into()),
                ),
                (
                    Value::Text("raw".into()),
                    Value::Integer((tf.raw_size as i64).into()),
                ),
                (Value::Text("gz".into()), Value::Bytes(tf.gz.clone())),
            ]);
            (Value::Text(path.clone()), file_map)
        })
        .collect();
    let files = Value::Map(files_entries);

    // Build assets map (metadata only — actual bytes served as separate files)
    let assets_entries: Vec<(Value, Value)> = assets
        .iter()
        .map(|af| {
            let asset_map = Value::Map(vec![
                (
                    Value::Text("size".into()),
                    Value::Integer((af.size as i64).into()),
                ),
                (Value::Text("mime".into()), Value::Text(af.mime.clone())),
            ]);
            (Value::Text(af.repo_path.clone()), asset_map)
        })
        .collect();
    let assets_map = Value::Map(assets_entries);

    // Top-level CBOR map
    let root = Value::Map(vec![
        (Value::Text("meta".into()), meta),
        (Value::Text("files".into()), files),
        (Value::Text("assets".into()), assets_map),
    ]);

    let mut buf = Vec::new();
    ciborium::into_writer(&root, &mut buf)
        .map_err(|e| PublishError::CborError(e.to_string()))?;

    Ok(buf)
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn classify_rust_file() {
        match classify_file("src/main.rs") {
            FileClass::Text { lang } => assert_eq!(lang, "rust"),
            other => panic!("expected Text, got {:?}", other),
        }
    }

    #[test]
    fn classify_image_asset() {
        match classify_file("docs/screenshot.png") {
            FileClass::Asset { mime } => assert_eq!(mime, "image/png"),
            other => panic!("expected Asset, got {:?}", other),
        }
    }

    #[test]
    fn classify_secret_env() {
        match classify_file(".env.production") {
            FileClass::Excluded { reason } => {
                assert!(matches!(reason, ExcludeReason::SecretPattern))
            }
            other => panic!("expected Excluded, got {:?}", other),
        }
    }

    #[test]
    fn classify_key_file() {
        match classify_file("deploy/server.key") {
            FileClass::Excluded { reason } => {
                assert!(matches!(reason, ExcludeReason::SecretPattern))
            }
            other => panic!("expected Excluded, got {:?}", other),
        }
    }

    #[test]
    fn classify_binary_excluded() {
        match classify_file("target/debug/void") {
            // extensionless in target/ — treated as text (not in excluded list by extension)
            FileClass::Text { .. } => {}
            FileClass::Excluded { .. } => {}
            other => panic!("unexpected: {:?}", other),
        }
        // .exe is excluded
        match classify_file("build/app.exe") {
            FileClass::Excluded { reason } => {
                assert!(matches!(reason, ExcludeReason::BinaryExclusion))
            }
            other => panic!("expected Excluded, got {:?}", other),
        }
    }

    #[test]
    fn classify_unknown_extension_as_text() {
        match classify_file("data/config.custom") {
            FileClass::Text { lang } => assert_eq!(lang, "plaintext"),
            other => panic!("expected Text, got {:?}", other),
        }
    }

    #[test]
    fn classify_svg_as_asset() {
        match classify_file("logo.svg") {
            FileClass::Asset { mime } => assert_eq!(mime, "image/svg+xml"),
            other => panic!("expected Asset, got {:?}", other),
        }
    }

    #[test]
    fn classify_markdown() {
        match classify_file("README.md") {
            FileClass::Text { lang } => assert_eq!(lang, "markdown"),
            other => panic!("expected Text, got {:?}", other),
        }
    }

    #[test]
    fn secret_patterns_detected() {
        assert!(is_secret_pattern("id_rsa", "id_rsa"));
        assert!(is_secret_pattern("id_ed25519", "id_ed25519"));
        assert!(is_secret_pattern(".env", ".env"));
        assert!(is_secret_pattern(".env.local", ".env.local"));
        assert!(is_secret_pattern("server.pem", "certs/server.pem"));
        assert!(is_secret_pattern("keys.enc", ".void/identity/keys.enc"));
        assert!(!is_secret_pattern("readme.md", "readme.md"));
        assert!(!is_secret_pattern("main.rs", "src/main.rs"));
        // Build artifacts are NOT secrets
        assert!(!is_secret_pattern("cargo.lock", "cargo.lock"));
    }

    #[test]
    fn build_artifacts_detected() {
        assert!(is_build_artifact("cargo.lock", "cargo.lock"));
        assert!(is_build_artifact("cachedir.tag", ".cargo-home/registry/cachedir.tag"));
        assert!(is_build_artifact("settings.toml", ".rustup-home/settings.toml"));
        assert!(is_build_artifact("package.json", "node_modules/foo/package.json"));
        assert!(!is_build_artifact("main.rs", "src/main.rs"));
    }

    #[test]
    fn classify_cargo_lock_as_build_artifact() {
        match classify_file("Cargo.lock") {
            FileClass::Excluded { reason } => {
                assert!(matches!(reason, ExcludeReason::BuildArtifact))
            }
            other => panic!("expected Excluded(BuildArtifact), got {:?}", other),
        }
    }
}