sxn 0.2.0

data/lib/sxn/rules/setup_commands_rule.rb

@@ -0,0 +1,307 @@
+# frozen_string_literal: true
+
+require_relative "base_rule"
+require_relative "errors"
+require_relative "../security/secure_command_executor"
+
+module Sxn
+  module Rules
+    # SetupCommandsRule executes project setup commands safely using the SecureCommandExecutor.
+    # It supports environment variables, conditional execution, and proper error handling.
+    #
+    # Configuration format:
+    # {
+    #   "commands" => [
+    #     {
+    #       "command" => ["bundle", "install"],
+    #       "env" => { "RAILS_ENV" => "development" },
+    #       "timeout" => 120,
+    #       "condition" => "file_missing:Gemfile.lock",
+    #       "description" => "Install Ruby dependencies",
+    #       "required" => true,
+    #       "working_directory" => "."
+    #     }
+    #   ],
+    #   "continue_on_failure" => false
+    # }
+    #
+    # @example Basic usage
+    #   rule = SetupCommandsRule.new(
+    #     "rails_setup",
+    #     {
+    #       "commands" => [
+    #         { "command" => ["bundle", "install"] },
+    #         { "command" => ["bin/rails", "db:create"] },
+    #         { "command" => ["bin/rails", "db:migrate"] }
+    #       ]
+    #     },
+    #     "/path/to/project",
+    #     "/path/to/session"
+    #   )
+    #   rule.validate
+    #   rule.apply
+    #
+    class SetupCommandsRule < BaseRule
+      # Supported condition types for conditional execution
+      CONDITION_TYPES = {
+        "file_exists" => :file_exists?,
+        "file_missing" => :file_missing?,
+        "directory_exists" => :directory_exists?,
+        "directory_missing" => :directory_missing?,
+        "command_available" => :command_available?,
+        "env_var_set" => :env_var_set?,
+        "always" => :always_true
+      }.freeze
+
+      # Default command timeout in seconds
+      DEFAULT_TIMEOUT = 60
+
+      # Maximum allowed timeout in seconds
+      MAX_TIMEOUT = 1800 # 30 minutes
+
+      # Initialize the setup commands rule
+      def initialize(arg1 = nil, arg2 = nil, arg3 = nil, arg4 = nil, dependencies: [])
+        super
+        @command_executor = Security::SecureCommandExecutor.new(@session_path, logger: logger)
+        @executed_commands = []
+      end
+
+      # Validate the rule configuration
+
+      # Apply the command execution operations
+      def apply(_context = {})
+        change_state!(APPLYING)
+        continue_on_failure = @config.fetch("continue_on_failure", false)
+
+        begin
+          @config["commands"].each_with_index do |command_config, index|
+            apply_command(command_config, index, continue_on_failure)
+          end
+
+          change_state!(APPLIED)
+          log(:info, "Successfully executed #{@executed_commands.size} commands")
+          true
+        rescue StandardError => e
+          @errors << e
+          change_state!(FAILED)
+          raise ApplicationError, "Failed to execute setup commands: #{e.message}"
+        end
+      end
+
+      # Get summary of executed commands
+      def execution_summary
+        @executed_commands.map do |cmd_result|
+          {
+            command: cmd_result[:command],
+            success: cmd_result[:result].success?,
+            duration: cmd_result[:result].duration,
+            exit_status: cmd_result[:result].exit_status
+          }
+        end
+      end
+
+      protected
+
+      # Validate rule-specific configuration
+      def validate_rule_specific!
+        raise ValidationError, "SetupCommandsRule requires 'commands' configuration" unless @config.key?("commands")
+
+        raise ValidationError, "SetupCommandsRule 'commands' must be an array" unless @config["commands"].is_a?(Array)
+
+        raise ValidationError, "SetupCommandsRule 'commands' cannot be empty" if @config["commands"].empty?
+
+        @config["commands"].each_with_index do |command_config, index|
+          validate_command_config!(command_config, index)
+        end
+
+        # Validate global options
+        return unless @config.key?("continue_on_failure")
+        return if [true, false].include?(@config["continue_on_failure"])
+
+        raise ValidationError, "continue_on_failure must be true or false"
+      end
+
+      private
+
+      # Validate individual command configuration
+      def validate_command_config!(command_config, index)
+        raise ValidationError, "Command config #{index} must be a hash" unless command_config.is_a?(Hash)
+
+        raise ValidationError, "Command config #{index} must have a 'command' field" unless command_config.key?("command")
+
+        command = command_config["command"]
+        raise ValidationError, "Command config #{index} 'command' must be a non-empty array" unless command.is_a?(Array) && !command.empty?
+
+        # Validate that command is whitelisted
+        raise ValidationError, "Command config #{index}: command not whitelisted: #{command.first}" unless @command_executor.command_allowed?(command)
+
+        # Validate timeout
+        if command_config.key?("timeout")
+          timeout = command_config["timeout"]
+          unless timeout.is_a?(Integer) && timeout.positive? && timeout <= MAX_TIMEOUT
+            raise ValidationError, "Command config #{index}: timeout must be positive integer <= #{MAX_TIMEOUT}"
+          end
+        end
+
+        # Validate environment variables
+        if command_config.key?("env")
+          env = command_config["env"]
+          raise ValidationError, "Command config #{index}: env must be a hash" unless env.is_a?(Hash)
+
+          env.each do |key, value|
+            raise ValidationError, "Command config #{index}: env keys and values must be strings" unless key.is_a?(String) && value.is_a?(String)
+          end
+        end
+
+        # Validate condition
+        if command_config.key?("condition")
+          condition = command_config["condition"]
+          raise ValidationError, "Command config #{index}: invalid condition format: #{condition}" unless valid_condition?(condition)
+        end
+
+        # Validate working directory
+        return unless command_config.key?("working_directory")
+
+        working_dir = command_config["working_directory"]
+        raise ValidationError, "Command config #{index}: working_directory must be a string" unless working_dir.is_a?(String)
+
+        full_path = File.expand_path(working_dir, @session_path)
+        return if full_path.start_with?(@session_path)
+
+        raise ValidationError, "Command config #{index}: working_directory must be within session path"
+      end
+
+      # Check if condition format is valid
+      def valid_condition?(condition)
+        return true if condition.nil? || condition == "always"
+
+        condition.is_a?(String) && condition.include?(":") &&
+          CONDITION_TYPES.key?(condition.split(":", 2).first)
+      end
+
+      # Apply a single command operation
+      def apply_command(command_config, index, continue_on_failure)
+        command = command_config["command"]
+        description = command_config.fetch("description", command.join(" "))
+
+        log(:debug, "Evaluating command #{index}: #{description}")
+
+        # Check condition
+        unless should_execute_command?(command_config)
+          log(:info, "Skipping command due to condition: #{description}")
+          return
+        end
+
+        log(:info, "Executing command: #{description}")
+
+        begin
+          result = execute_command_safely(command_config)
+
+          @executed_commands << {
+            index: index,
+            command: command,
+            description: description,
+            result: result
+          }
+
+          track_change(:command_executed, command.join(" "), {
+                         working_directory: determine_working_directory(command_config),
+                         env: command_config.fetch("env", {}),
+                         exit_status: result.exit_status,
+                         duration: result.duration
+                       })
+
+          if result.failure?
+            error_msg = "Command failed: #{description} (exit status: #{result.exit_status})"
+
+            error_msg += "\nSTDERR: #{result.stderr}" if result.stderr && !result.stderr.empty?
+
+            raise ApplicationError, error_msg unless continue_on_failure
+
+            log(:warn, error_msg)
+
+          else
+            log(:debug, "Command completed successfully", {
+                  exit_status: result.exit_status,
+                  duration: result.duration
+                })
+          end
+        rescue StandardError => e
+          error_msg = "Failed to execute command: #{description} - #{e.message}"
+
+          raise ApplicationError, error_msg unless continue_on_failure
+
+          log(:error, error_msg)
+        end
+      end
+
+      # Execute a command with the security layer
+      def execute_command_safely(command_config)
+        command = command_config["command"]
+        env = command_config.fetch("env", {})
+        timeout = command_config.fetch("timeout", DEFAULT_TIMEOUT)
+        working_dir = determine_working_directory(command_config)
+
+        @command_executor.execute(
+          command,
+          env: env,
+          timeout: timeout,
+          chdir: working_dir
+        )
+      end
+
+      # Determine the working directory for command execution
+      def determine_working_directory(command_config)
+        if command_config.key?("working_directory")
+          File.expand_path(command_config["working_directory"], @session_path)
+        else
+          @session_path
+        end
+      end
+
+      # Check if command should be executed based on its condition
+      def should_execute_command?(command_config)
+        condition = command_config["condition"]
+        return true if condition.nil? || condition == "always"
+
+        condition_type, condition_arg = condition.split(":", 2)
+        method_name = CONDITION_TYPES[condition_type]
+
+        return true unless method_name
+
+        send(method_name, condition_arg)
+      end
+
+      # Condition evaluation methods
+      def file_exists?(path)
+        full_path = File.expand_path(path, @session_path)
+        File.exist?(full_path)
+      end
+
+      def file_missing?(path)
+        !file_exists?(path)
+      end
+
+      def directory_exists?(path)
+        full_path = File.expand_path(path, @session_path)
+        File.directory?(full_path)
+      end
+
+      def directory_missing?(path)
+        !directory_exists?(path)
+      end
+
+      def command_available?(command_name)
+        @command_executor.command_allowed?([command_name])
+      end
+
+      def env_var_set?(var_name)
+        ENV.key?(var_name) && !ENV[var_name].to_s.empty?
+      end
+
+      def always_true(_arg = nil)
+        true
+      end
+    end
+  end
+end

data/lib/sxn/rules/template_rule.rb

@@ -0,0 +1,262 @@
+# frozen_string_literal: true
+
+require_relative "base_rule"
+require_relative "errors"
+require_relative "../templates/template_processor"
+
+module Sxn
+  module Rules
+    # TemplateRule processes and applies template files using the secure template processor.
+    # It supports variable substitution, multiple template engines, and safe file generation.
+    #
+    # Configuration format:
+    # {
+    #   "templates" => [
+    #     {
+    #       "source" => ".sxn/templates/session-info.md.liquid",
+    #       "destination" => "README.md",
+    #       "variables" => { "custom_var" => "value" },
+    #       "engine" => "liquid",
+    #       "required" => true,
+    #       "overwrite" => false
+    #     }
+    #   ]
+    # }
+    #
+    # @example Basic usage
+    #   rule = TemplateRule.new(
+    #     "generate_docs",
+    #     {
+    #       "templates" => [
+    #         {
+    #           "source" => ".sxn/templates/CLAUDE.md.liquid",
+    #           "destination" => "CLAUDE.md"
+    #         }
+    #       ]
+    #     },
+    #     "/path/to/project",
+    #     "/path/to/session"
+    #   )
+    #   rule.validate
+    #   rule.apply
+    #
+    class TemplateRule < BaseRule
+      # Supported template engines
+      SUPPORTED_ENGINES = %w[liquid].freeze
+
+      # Initialize the template rule
+      def initialize(arg1 = nil, arg2 = nil, arg3 = nil, arg4 = nil, dependencies: [])
+        super
+        @template_processor = Templates::TemplateProcessor.new
+        @template_variables = Templates::TemplateVariables.new
+      end
+
+      # Validate the rule configuration
+
+      # Apply the template processing operations
+      def apply
+        change_state!(APPLYING)
+
+        begin
+          @config["templates"].each_with_index do |template_config, index|
+            apply_template(template_config, index)
+          end
+
+          change_state!(APPLIED)
+          log(:info, "Successfully processed #{@config["templates"].size} templates")
+          true
+        rescue StandardError => e
+          @errors << e
+          change_state!(FAILED)
+          raise ApplicationError, "Failed to process templates: #{e.message}"
+        end
+      end
+
+      protected
+
+      # Validate rule-specific configuration
+      def validate_rule_specific!
+        raise ValidationError, "TemplateRule requires 'templates' configuration" unless @config.key?("templates")
+
+        raise ValidationError, "TemplateRule 'templates' must be an array" unless @config["templates"].is_a?(Array)
+
+        raise ValidationError, "TemplateRule 'templates' cannot be empty" if @config["templates"].empty?
+
+        @config["templates"].each_with_index do |template_config, index|
+          validate_template_config!(template_config, index)
+        end
+      end
+
+      private
+
+      # Validate individual template configuration
+      def validate_template_config!(template_config, index)
+        raise ValidationError, "Template config #{index} must be a hash" unless template_config.is_a?(Hash)
+
+        unless template_config.key?("source") && template_config["source"].is_a?(String)
+          raise ValidationError, "Template config #{index} must have a 'source' string"
+        end
+
+        unless template_config.key?("destination") && template_config["destination"].is_a?(String)
+          raise ValidationError, "Template config #{index} must have a 'destination' string"
+        end
+
+        # Validate engine
+        if template_config.key?("engine")
+          engine = template_config["engine"]
+          unless SUPPORTED_ENGINES.include?(engine)
+            raise ValidationError,
+                  "Template config #{index} has unsupported engine '#{engine}'. Supported: #{SUPPORTED_ENGINES.join(", ")}"
+          end
+        end
+
+        # Validate variables
+        if template_config.key?("variables")
+          variables = template_config["variables"]
+          raise ValidationError, "Template config #{index} 'variables' must be a hash" unless variables.is_a?(Hash)
+        end
+
+        # Validate source template exists if required
+        source_path = File.join(@project_path, template_config["source"])
+        required = template_config.fetch("required", true)
+
+        raise ValidationError, "Required template file does not exist: #{template_config["source"]}" if required && !File.exist?(source_path)
+
+        # Validate destination path is safe
+        destination = template_config["destination"]
+        return unless destination.include?("..") || destination.start_with?("/")
+
+        raise ValidationError, "Template config #{index} destination path is not safe: #{destination}"
+      end
+
+      # Apply a single template operation
+      def apply_template(template_config, _index)
+        source = template_config["source"]
+        destination = template_config["destination"]
+        required = template_config.fetch("required", true)
+        overwrite = template_config.fetch("overwrite", false)
+
+        source_path = File.join(@project_path, source)
+        destination_path = File.join(@session_path, destination)
+
+        # Skip if source doesn't exist and is not required
+        unless File.exist?(source_path)
+          raise ApplicationError, "Required template file does not exist: #{source}" if required
+
+          log(:debug, "Skipping optional missing template: #{source}")
+          return
+
+        end
+
+        # Check if destination already exists
+        if File.exist?(destination_path) && !overwrite
+          log(:warn, "Destination file already exists, skipping: #{destination}")
+          return
+        end
+
+        log(:debug, "Processing template: #{source} -> #{destination}")
+
+        begin
+          # Prepare template variables
+          variables = build_template_variables(template_config)
+
+          # Validate template syntax first
+          template_content = File.read(source_path)
+          @template_processor.validate_syntax(template_content)
+
+          # Process the template
+          processed_content = @template_processor.process(template_content, variables)
+
+          # Create destination directory if needed
+          destination_dir = File.dirname(destination_path)
+          FileUtils.mkdir_p(destination_dir) unless File.directory?(destination_dir)
+
+          # Create backup if file exists and we're overwriting
+          backup_path = nil
+          if File.exist?(destination_path) && overwrite
+            backup_path = "#{destination_path}.backup.#{Time.now.to_i}"
+            FileUtils.cp(destination_path, backup_path)
+          end
+
+          # Write processed content
+          File.write(destination_path, processed_content)
+
+          # Set appropriate permissions
+          File.chmod(0o644, destination_path)
+
+          track_change(:file_created, destination_path, {
+                         source: source_path,
+                         template: true,
+                         backup_path: backup_path,
+                         variables_used: extract_used_variables(template_content)
+                       })
+
+          log(:debug, "Template processed successfully", {
+                source: source,
+                destination: destination,
+                size: processed_content.bytesize
+              })
+        rescue Templates::Errors::TemplateSyntaxError => e
+          raise ApplicationError, "Template syntax error in #{source}: #{e.message}"
+        rescue Templates::Errors::TemplateProcessingError => e
+          raise ApplicationError, "Template processing error for #{source}: #{e.message}"
+        rescue StandardError => e
+          raise ApplicationError, "Failed to process template #{source}: #{e.message}"
+        end
+      end
+
+      # Build variables hash for template processing
+      def build_template_variables(template_config)
+        # Start with system-generated variables
+        variables = @template_variables.build_variables
+
+        # Add any custom variables from configuration
+        if template_config.key?("variables")
+          custom_vars = template_config["variables"]
+          variables = deep_merge(variables, custom_vars)
+        end
+
+        # Add template-specific metadata
+        variables[:template] = {
+          source: template_config["source"],
+          destination: template_config["destination"],
+          processed_at: Time.now.iso8601
+        }
+
+        variables
+      end
+
+      # Deep merge two hashes, with the second hash taking precedence
+      # Handles mixed symbol/string keys by preserving both when merging
+      def deep_merge(hash1, hash2)
+        result = hash1.dup
+
+        hash2.each do |key, value|
+          # Check if there's an existing key with the same string representation
+          existing_key = result.keys.find { |k| k.to_s == key.to_s }
+
+          if existing_key && result[existing_key].is_a?(Hash) && value.is_a?(Hash)
+            # Merge the hashes and set the new key (preserving the incoming key type)
+            merged_value = deep_merge(result[existing_key], value)
+            result.delete(existing_key) if existing_key != key # Remove old key if different
+            result[key] = merged_value
+          else
+            # For non-hash values or new keys, just set the value
+            result.delete(existing_key) if existing_key && existing_key != key
+            result[key] = value
+          end
+        end
+
+        result
+      end
+
+      # Extract variable names used in a template
+      def extract_used_variables(template_content)
+        @template_processor.extract_variables(template_content)
+      rescue StandardError => e
+        log(:warn, "Could not extract variables from template: #{e.message}")
+        []
+      end
+    end
+  end
+end