void_core/support/

void_context.rs

//! Application-level dependency injection container.
//!
//! `VoidContext` groups all the state a CLI invocation needs into a single
//! value created once at startup.  Subsystem structs (`RepoPaths`,
//! `CryptoContext`, `RepoMeta`, `SealConfig`, `NetworkConfig`) keep related
//! config together so consumers can accept only the slice they need.
//!
//! This module is purely additive — existing APIs and callers are unchanged.
//! Future waves will migrate `*Options` structs to accept `&VoidContext`
//! instead of `RepoContext` + ad-hoc config values.

use std::collections::HashMap;
use std::sync::Arc;

use camino::Utf8PathBuf;
use void_crypto::{EncryptedCommit, EncryptedMetadata, EncryptedShard, KeyVault, RepoSecret};

use std::path::Path;

use crate::shard::PaddingStrategy;
use crate::store::{FsStore, ObjectStoreExt, RemoteStore};
use crate::support::config::{Config, CoreConfig, IpfsConfig, RemoteConfig, TorConfig, UserConfig};
use crate::support::util;
use crate::support::util::to_utf8;
use crate::Result;

// ---------------------------------------------------------------------------
// Top-level container
// ---------------------------------------------------------------------------

/// Application-level DI container for a single CLI invocation.
///
/// Created once (via `build_void_context` in the CLI crate) and threaded
/// through the call stack.  Subsystems can be borrowed independently.
#[derive(Clone, Debug)]
pub struct VoidContext {
    /// Where the repository lives on disk.
    pub paths: RepoPaths,
    /// Encryption vault + identity keys.
    pub crypto: CryptoContext,
    /// Repository identity (id, name, secret).
    pub repo: RepoMeta,
    /// Compression / shard sizing settings.
    pub seal: SealConfig,
    /// Transport configuration (IPFS, Tor, remotes).
    pub network: NetworkConfig,
    /// Author identity (name, email).
    pub user: UserConfig,
}

// ---------------------------------------------------------------------------
// Subsystem structs
// ---------------------------------------------------------------------------

/// Filesystem paths for the repository.
#[derive(Clone, Debug)]
pub struct RepoPaths {
    /// Working-tree root (parent of `.void`).
    pub root: Utf8PathBuf,
    /// Absolute path to the `.void` directory.
    pub void_dir: Utf8PathBuf,
    /// Per-workspace state dir.  Equals `void_dir` for the main workspace;
    /// `.void/worktrees/{name}/` for linked worktrees.
    pub workspace_dir: Utf8PathBuf,
}

/// Encryption state needed for repository operations.
#[derive(Clone, Debug)]
pub struct CryptoContext {
    /// Opaque custodian of root key material.
    pub vault: Arc<KeyVault>,
    /// Key epoch (0 = legacy single-key, >0 = epoch-based).
    pub epoch: u64,
    /// Ed25519 signing key (optional — not all operations need it).
    /// Wrapped in `Arc` because `ed25519_dalek::SigningKey` is `!Clone`.
    pub signing_key: Option<Arc<ed25519_dalek::SigningKey>>,
}

/// Repository identity metadata.
#[derive(Clone, Debug)]
pub struct RepoMeta {
    /// Unique repository identifier from config.
    pub id: Option<String>,
    /// Human-readable repository name.
    pub name: Option<String>,
    /// Deterministic secret used for shard assignment during push/pull.
    pub secret: RepoSecret,
}

/// Shard sealing / compression settings.
///
/// Extracted from `CoreConfig` + hardcoded defaults.
#[derive(Clone, Debug)]
pub struct SealConfig {
    /// Zstd compression level (0 = no compression, 22 = max).
    pub compression_level: i32,
    /// Target shard size in bytes before padding.
    pub target_shard_size: u64,
    /// Hard upper bound on shard size.
    pub max_shard_size: u64,
    /// Padding strategy to obfuscate content sizes.
    pub padding: PaddingStrategy,
    /// Files larger than this are memory-mapped instead of read into RAM.
    pub mmap_threshold: u64,
    /// Maximum number of recursive split rounds for oversized shards.
    pub max_split_rounds: u8,
}

/// Network / transport configuration.
#[derive(Clone, Debug)]
pub struct NetworkConfig {
    /// IPFS backend settings.
    pub ipfs: Option<IpfsConfig>,
    /// Tor proxy / hidden-service settings.
    pub tor: Option<TorConfig>,
    /// Named remote endpoints.
    pub remotes: HashMap<String, RemoteConfig>,
}

// ---------------------------------------------------------------------------
// Defaults
// ---------------------------------------------------------------------------

impl Default for SealConfig {
    fn default() -> Self {
        Self {
            compression_level: 3,
            target_shard_size: 100_000,
            max_shard_size: 150_000,
            padding: PaddingStrategy::default(), // PowerOfTwo
            mmap_threshold: 5_000_000,
            max_split_rounds: 4,
        }
    }
}

impl Default for NetworkConfig {
    fn default() -> Self {
        Self {
            ipfs: None,
            tor: None,
            remotes: HashMap::new(),
        }
    }
}

// ---------------------------------------------------------------------------
// Config → subsystem conversions  (Track E)
// ---------------------------------------------------------------------------

impl From<&CoreConfig> for SealConfig {
    fn from(core: &CoreConfig) -> Self {
        let target = core.target_shard_size as u64;
        Self {
            compression_level: core.compression_level as i32,
            target_shard_size: target,
            // 1.5× target, floored to the default if target is 0
            max_shard_size: if target > 0 {
                target + target / 2
            } else {
                150_000
            },
            ..Self::default()
        }
    }
}

impl From<&Config> for SealConfig {
    fn from(cfg: &Config) -> Self {
        SealConfig::from(&cfg.core)
    }
}

impl From<&Config> for NetworkConfig {
    fn from(cfg: &Config) -> Self {
        Self {
            ipfs: cfg.ipfs.clone(),
            tor: cfg.tor.clone(),
            remotes: cfg.remote.clone(),
        }
    }
}

impl From<&Config> for RepoMeta {
    /// Build `RepoMeta` from config.
    ///
    /// `repo_secret` is parsed from hex if present; falls back to a zeroed
    /// secret (callers that need a real secret should use
    /// `config::load_repo_secret` which derives from the vault).
    fn from(cfg: &Config) -> Self {
        let secret = cfg
            .repo_secret
            .as_deref()
            .and_then(|hex| hex::decode(hex.trim()).ok())
            .and_then(|bytes| <[u8; 32]>::try_from(bytes.as_slice()).ok())
            .map(RepoSecret::new)
            .unwrap_or_else(|| RepoSecret::new([0u8; 32]));

        Self {
            id: cfg.repo_id.clone(),
            name: cfg.repo_name.clone(),
            secret,
        }
    }
}

// ---------------------------------------------------------------------------
// VoidContext convenience methods
// ---------------------------------------------------------------------------

impl VoidContext {
    /// Open the object store for this repository.
    pub fn open_store(&self) -> Result<FsStore> {
        util::open_store(&self.paths.void_dir)
    }

    /// Fetch a typed encrypted blob, local-first with remote fallback.
    ///
    /// Checks the local object store first. On miss, fetches from the remote
    /// (which handles CID verification), stores locally, and returns.
    pub fn fetch_object<B: void_crypto::EncryptedBlob>(
        &self,
        remote: &impl RemoteStore,
        cid: &crate::cid::VoidCid,
    ) -> Result<B> {
        let store = self.open_store()?;
        match store.get_blob::<B>(cid) {
            Ok(blob) => Ok(blob),
            Err(crate::VoidError::NotFound(_)) => {
                let blob: B = remote.fetch(cid)?;
                store.put_blob(&blob)?;
                Ok(blob)
            }
            Err(err) => Err(err),
        }
    }

    /// Push a typed encrypted blob to a remote store.
    ///
    /// The remote handles CID verification internally.
    pub fn push_object<B: void_crypto::EncryptedBlob>(
        &self,
        remote: &impl RemoteStore,
        blob: &B,
    ) -> Result<crate::cid::VoidCid> {
        remote.push(blob)
    }

    /// Resolve HEAD to a commit CID (handles workspace-split correctly).
    pub fn resolve_head(&self) -> Result<Option<void_crypto::CommitCid>> {
        crate::refs::resolve_head_split(&self.paths.workspace_dir, &self.paths.void_dir)
    }

    /// Decrypt a blob using the vault.
    pub fn decrypt(&self, ciphertext: &[u8], aad: &[u8]) -> Result<Vec<u8>> {
        Ok(self.crypto.vault.decrypt_blob(ciphertext, aad)?)
    }

    /// Decrypt a blob into raw bytes.
    pub fn decrypt_raw(&self, ciphertext: &[u8], aad: &[u8]) -> Result<Vec<u8>> {
        Ok(self.crypto.vault.decrypt_blob_raw(ciphertext, aad)?)
    }

    /// Decrypt a commit blob and return a `CommitReader` for child objects.
    pub fn open_commit(
        &self,
        blob: &EncryptedCommit,
    ) -> Result<(crate::crypto::CommitPlaintext, crate::crypto::CommitReader)> {
        crate::crypto::CommitReader::open_with_vault(&self.crypto.vault, blob)
    }

    /// Decrypt a commit blob, then parse it into (Commit, CommitReader).
    pub fn open_and_parse_commit(
        &self,
        blob: &EncryptedCommit,
    ) -> Result<(crate::metadata::Commit, crate::crypto::CommitReader)> {
        let (plaintext, reader) = self.open_commit(blob)?;
        let commit = plaintext.parse()?;
        Ok((commit, reader))
    }

    /// Load a commit by CID from the store, decrypt, and parse.
    ///
    /// Collapses the common `store.get → open_with_vault → parse_commit` chain
    /// into a single call.
    pub fn load_commit(
        &self,
        store: &impl ObjectStoreExt,
        commit_cid: &crate::cid::VoidCid,
    ) -> Result<(crate::metadata::Commit, crate::crypto::CommitReader)> {
        let encrypted: EncryptedCommit = store.get_blob(commit_cid)?;
        self.open_and_parse_commit(&encrypted)
    }

    /// Load a commit and its metadata by CID from the store.
    ///
    /// Collapses the full `store.get → decrypt commit → parse → get metadata
    /// → decrypt metadata` chain into a single call.
    pub fn load_commit_with_metadata(
        &self,
        store: &impl ObjectStoreExt,
        commit_cid: &crate::cid::VoidCid,
    ) -> Result<(crate::metadata::Commit, crate::metadata::MetadataBundle, crate::crypto::CommitReader)> {
        let (commit, reader) = self.load_commit(store, commit_cid)?;
        let metadata_cid = crate::cid::VoidCid::from_bytes(commit.metadata_bundle.as_bytes())?;
        let metadata_encrypted: EncryptedMetadata = store.get_blob(&metadata_cid)?;
        let metadata: crate::metadata::MetadataBundle = reader.decrypt_metadata(&metadata_encrypted)?;
        Ok((commit, metadata, reader))
    }

    /// Load a TreeManifest from a commit.
    ///
    /// Returns `None` if the commit has no `manifest_cid` (older commits).
    pub fn load_manifest(
        &self,
        store: &impl ObjectStoreExt,
        commit: &crate::metadata::Commit,
        reader: &crate::crypto::CommitReader,
    ) -> Result<Option<crate::metadata::manifest_tree::TreeManifest>> {
        crate::metadata::manifest_tree::TreeManifest::from_commit(store, commit, reader)
    }

    /// Read a file from a commit using the TreeManifest.
    ///
    /// Loads the manifest, looks up the file entry, fetches and decrypts the
    /// shard, decompresses the body, and extracts the file content.
    pub fn read_file_from_commit(
        &self,
        store: &impl ObjectStoreExt,
        commit: &crate::metadata::Commit,
        reader: &crate::crypto::CommitReader,
        ancestor_keys: &[void_crypto::ContentKey],
        path: &str,
    ) -> Result<crate::FileContent> {
        let manifest = self.load_manifest(store, commit, reader)?
            .ok_or_else(|| crate::VoidError::NotFound(
                format!("no manifest in commit for file '{}'", path),
            ))?;

        // O(log N) lookup via binary search
        let entry = manifest.lookup(path)?;

        let shard_ref = manifest.shards().get(entry.shard_index as usize)
            .ok_or_else(|| crate::VoidError::Shard(
                format!("shard_index {} out of range", entry.shard_index),
            ))?;

        let shard_cid = crate::cid::VoidCid::from_bytes(shard_ref.cid.as_bytes())?;
        let shard_encrypted: EncryptedShard = store.get_blob(&shard_cid)?;
        let decrypted = reader.decrypt_shard(&shard_encrypted, shard_ref.wrapped_key.as_ref(), ancestor_keys)?;
        let body = decrypted.decompress()?;
        body.read_file(&entry)
    }

    /// Decrypt and parse a CBOR-serialized type.
    pub fn decrypt_parse<T>(&self, ciphertext: &[u8], aad: &[u8]) -> Result<T>
    where
        T: serde::de::DeserializeOwned,
    {
        let plaintext = self.decrypt(ciphertext, aad)?;
        ciborium::from_reader(&plaintext[..])
            .map_err(|e| crate::VoidError::Serialization(format!("CBOR deserialization failed: {e}")))
    }
}

// ---------------------------------------------------------------------------
// Constructors
// ---------------------------------------------------------------------------

impl VoidContext {
    /// Create a context for headless / network-only operations.
    ///
    /// Sets `root` to the parent of `void_dir` (or `void_dir` itself if no parent).
    /// Use when no workspace root is available (clone, push, pull, repair, etc.).
    pub fn headless(
        void_dir: impl AsRef<Path>,
        vault: Arc<KeyVault>,
        epoch: u64,
    ) -> Result<Self> {
        let void_dir = to_utf8(void_dir)?;
        let root = void_dir
            .parent()
            .map(camino::Utf8Path::to_path_buf)
            .unwrap_or_else(|| void_dir.clone());
        let workspace_dir = void_dir.clone();

        Ok(Self {
            paths: RepoPaths {
                root,
                void_dir,
                workspace_dir,
            },
            crypto: CryptoContext {
                vault,
                epoch,
                signing_key: None,
            },
            repo: RepoMeta {
                id: None,
                name: None,
                secret: RepoSecret::new([0u8; 32]),
            },
            seal: SealConfig::default(),
            network: NetworkConfig::default(),
            user: UserConfig::default(),
        })
    }

    /// Create a context for a linked worktree.
    ///
    /// `workspace_dir` is the per-workspace state directory (e.g.
    /// `.void/worktrees/{name}/`) where HEAD, index, staged blobs and
    /// merge state live.  Shared state (objects, refs, config, keys)
    /// is still read from `void_dir`.
    pub fn with_workspace(
        root: impl AsRef<Path>,
        void_dir: impl AsRef<Path>,
        workspace_dir: impl AsRef<Path>,
        vault: Arc<KeyVault>,
        epoch: u64,
    ) -> Result<Self> {
        Ok(Self {
            paths: RepoPaths {
                root: to_utf8(root)?,
                void_dir: to_utf8(void_dir)?,
                workspace_dir: to_utf8(workspace_dir)?,
            },
            crypto: CryptoContext {
                vault,
                epoch,
                signing_key: None,
            },
            repo: RepoMeta {
                id: None,
                name: None,
                secret: RepoSecret::new([0u8; 32]),
            },
            seal: SealConfig::default(),
            network: NetworkConfig::default(),
            user: UserConfig::default(),
        })
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use void_crypto::KeyVault;

    /// Helper: build a minimal VoidContext for testing.
    fn test_context() -> VoidContext {
        let vault = Arc::new(KeyVault::new([0x42u8; 32]).unwrap());
        VoidContext {
            paths: RepoPaths {
                root: Utf8PathBuf::from("/tmp/repo"),
                void_dir: Utf8PathBuf::from("/tmp/repo/.void"),
                workspace_dir: Utf8PathBuf::from("/tmp/repo/.void"),
            },
            crypto: CryptoContext {
                vault,
                epoch: 0,
                signing_key: None,
            },
            repo: RepoMeta {
                id: Some("test-id".into()),
                name: Some("test-repo".into()),
                secret: RepoSecret::new([0xAA; 32]),
            },
            seal: SealConfig::default(),
            network: NetworkConfig::default(),
            user: UserConfig::default(),
        }
    }

    #[test]
    fn seal_config_default_values() {
        let sc = SealConfig::default();
        assert_eq!(sc.compression_level, 3);
        assert_eq!(sc.target_shard_size, 100_000);
        assert_eq!(sc.max_shard_size, 150_000);
        assert_eq!(sc.mmap_threshold, 5_000_000);
        assert_eq!(sc.max_split_rounds, 4);
    }

    #[test]
    fn seal_config_from_core_config() {
        let core = CoreConfig {
            compression_level: 10,
            target_shard_size: 200_000,
        };
        let sc = SealConfig::from(&core);
        assert_eq!(sc.compression_level, 10);
        assert_eq!(sc.target_shard_size, 200_000);
        assert_eq!(sc.max_shard_size, 300_000); // 1.5×
    }

    #[test]
    fn network_config_from_config() {
        let mut cfg = Config::default();
        cfg.remote.insert(
            "origin".into(),
            RemoteConfig {
                url: Some("https://example.com".into()),
                ..Default::default()
            },
        );
        let nc = NetworkConfig::from(&cfg);
        assert!(nc.remotes.contains_key("origin"));
        assert!(nc.ipfs.is_none());
    }

    #[test]
    fn repo_meta_parses_hex_secret() {
        let mut cfg = Config::default();
        cfg.repo_secret = Some(hex::encode([0xBB; 32]));
        cfg.repo_id = Some("my-repo-id".into());

        let meta = RepoMeta::from(&cfg);
        assert_eq!(meta.id.as_deref(), Some("my-repo-id"));
        assert_eq!(*meta.secret.as_bytes(), [0xBB; 32]);
    }

    #[test]
    fn repo_meta_falls_back_to_zeroed_secret() {
        let cfg = Config::default();
        let meta = RepoMeta::from(&cfg);
        assert_eq!(*meta.secret.as_bytes(), [0u8; 32]);
    }

}