void_core/sdk/

builder.rs

//! RepoBuilder — configures and opens a Repo.

use std::path::{Path, PathBuf};
use std::sync::Arc;

use camino::Utf8PathBuf;

use crate::collab::Identity;
use crate::crypto::KeyVault;
use crate::support::void_context::{
    CryptoContext, NetworkConfig, RepoPaths, RepoMeta, SealConfig,
};
use crate::{config, Result, VoidContext, VoidError};

use super::Repo;

/// Builder for opening a [`Repo`].
///
/// Must provide exactly one key source: `key()`, `content_key()`, `token()`,
/// or `identity()`.
pub struct RepoBuilder {
    path: PathBuf,
    key: Option<[u8; 32]>,
    content_key: Option<[u8; 32]>,
    token: Option<crate::crypto::machine_token::MachineToken>,
    identity: Option<Identity>,
    signing_key: Option<ed25519_dalek::SigningKey>,
    target_shard_size: Option<u64>,
    remote: Option<Arc<dyn crate::store::RemoteStore>>,
}

impl RepoBuilder {
    pub(crate) fn new(path: impl AsRef<Path>) -> Self {
        Self {
            path: path.as_ref().to_path_buf(),
            key: None,
            content_key: None,
            token: None,
            identity: None,
            signing_key: None,
            target_shard_size: None,
            remote: None,
        }
    }

    /// Set the repository root key (full read-write access).
    pub fn key(mut self, key: &[u8; 32]) -> Self {
        self.key = Some(*key);
        self
    }

    /// Set a content key (read-only access to one commit).
    pub fn content_key(mut self, key: &[u8; 32]) -> Self {
        self.content_key = Some(*key);
        self
    }

    /// Set a machine token (read-only access + signing identity).
    pub fn token(mut self, token: crate::crypto::machine_token::MachineToken) -> Self {
        self.token = Some(token);
        self
    }

    /// Set an identity for key unwrapping (CLI path).
    ///
    /// The builder will find the manifest, ECIES-unwrap the repo key using
    /// the identity's recipient key, and extract the signing key automatically.
    pub fn identity(mut self, identity: Identity) -> Self {
        self.identity = Some(identity);
        self
    }

    /// Set a signing key for commit operations.
    pub fn signing_key(mut self, key: ed25519_dalek::SigningKey) -> Self {
        self.signing_key = Some(key);
        self
    }

    /// Override the target shard size (default: from config or 100KB).
    pub fn target_shard_size(mut self, size: u64) -> Self {
        self.target_shard_size = Some(size);
        self
    }

    /// Set a remote store for push/pull operations.
    ///
    /// When set, `Repo::push()` and `Repo::pull()` use this remote instead
    /// of creating an IpfsStore from config. Pass a `NetworkRemoteStore`
    /// wrapping a `VoidNode` for daemon-backed networking.
    pub fn remote(mut self, remote: Arc<dyn crate::store::RemoteStore>) -> Self {
        self.remote = Some(remote);
        self
    }

    /// Build the Repo. Finds `.void`, loads config, creates vault.
    pub fn build(self) -> Result<Repo> {
        // Find .void directory
        let void_dir = find_void_dir(&self.path)?;
        let root = void_dir
            .parent()
            .ok_or_else(|| VoidError::NotFound("void_dir has no parent".into()))?
            .to_path_buf();

        // Build vault from the provided key source
        let key_sources = [
            self.key.is_some(),
            self.content_key.is_some(),
            self.token.is_some(),
            self.identity.is_some(),
        ]
        .iter()
        .filter(|x| **x)
        .count();

        if key_sources == 0 {
            return Err(VoidError::Unauthorized(
                "no key provided — use key(), content_key(), token(), or identity()".into(),
            ));
        }
        if key_sources > 1 {
            return Err(VoidError::Unauthorized(
                "multiple key sources provided — use exactly one".into(),
            ));
        }

        let (vault, signing_key) = if let Some(key) = self.key {
            let vault = KeyVault::new(key)?;
            (vault, self.signing_key.map(Arc::new))
        } else if let Some(ck) = self.content_key {
            let vault = KeyVault::from_content_key_bytes(ck);
            (vault, self.signing_key.map(Arc::new))
        } else if let Some(ref token) = self.token {
            let vault = token.to_vault()?;
            let sk = token.to_signing_key()?;
            (vault, Some(Arc::new(sk)))
        } else if let Some(ref identity) = self.identity {
            // ECIES unwrap: identity → manifest → repo key → vault
            let repo_key = crate::collab::manifest::load_repo_key(&void_dir, Some(identity))?;
            let vault = KeyVault::new(*repo_key.as_bytes())?;
            let sk = identity.signing_key().clone();
            (vault, Some(Arc::new(sk)))
        } else {
            unreachable!()
        };

        let vault = Arc::new(vault);

        // Load config
        let root_utf8 = Utf8PathBuf::try_from(root)
            .map_err(|e| VoidError::Io(std::io::Error::new(std::io::ErrorKind::InvalidData, e)))?;
        let void_dir_utf8 = Utf8PathBuf::try_from(void_dir)
            .map_err(|e| VoidError::Io(std::io::Error::new(std::io::ErrorKind::InvalidData, e)))?;

        let cfg = config::load(void_dir_utf8.as_std_path())?;

        let secret = config::load_repo_secret(void_dir_utf8.as_std_path(), &vault)
            .unwrap_or_else(|_| crate::crypto::RepoSecret::new([0u8; 32]));

        let mut seal_cfg = SealConfig::from(&cfg);
        if let Some(size) = self.target_shard_size {
            seal_cfg.target_shard_size = size;
            seal_cfg.max_shard_size = size * 3 / 2;
        }

        let ctx = VoidContext {
            paths: RepoPaths {
                root: root_utf8,
                void_dir: void_dir_utf8.clone(),
                workspace_dir: void_dir_utf8,
            },
            crypto: CryptoContext {
                vault,
                epoch: 0,
                signing_key,
                nostr_pubkey: None,
            },
            repo: RepoMeta {
                id: cfg.repo_id.clone(),
                name: cfg.repo_name.clone(),
                secret,
            },
            seal: seal_cfg,
            network: NetworkConfig::from(&cfg),
            user: cfg.user.clone(),
        };

        Ok(Repo::from_context_with_remote(ctx, self.remote))
    }
}

/// Walk up from `start` to find a `.void` directory.
fn find_void_dir(start: &Path) -> Result<PathBuf> {
    let mut current = if start.is_absolute() {
        start.to_path_buf()
    } else {
        std::env::current_dir()
            .map_err(|e| VoidError::Io(e))?
            .join(start)
    };

    loop {
        let candidate = current.join(".void");
        if candidate.is_dir() {
            return Ok(candidate);
        }
        if !current.pop() {
            return Err(VoidError::NotFound(
                "no .void directory found in any parent directory".into(),
            ));
        }
    }
}