@lamentis/naome 1.3.7 → 1.3.9

package/crates/naome-core/src/quality/cache.rs

@@ -1,5 +1,6 @@
-use std::fs;
-use std::path::{Path, PathBuf};
+use std::fs::{self, OpenOptions};
+use std::io::Write;
+use std::path::{Component, Path, PathBuf};
 
 use serde::{Deserialize, Serialize};
 use sha2::{Digest, Sha256};
@@ -49,7 +50,11 @@ impl QualityCache {
     }
 
     pub(crate) fn read(&self, path: &str, content_hash: &str) -> Option<FileAnalysis> {
-        let entry = fs::read_to_string(self.entry_path(path, content_hash)).ok()?;
+        let cache_path = self.safe_entry_path(path, content_hash).ok()?;
+        if !regular_file_without_symlink(&cache_path) {
+            return None;
+        }
+        let entry = fs::read_to_string(cache_path).ok()?;
         let entry: CacheEntry = serde_json::from_str(&entry).ok()?;
         if entry.schema == CACHE_SCHEMA
             && entry.naome_version == env!("CARGO_PKG_VERSION")
@@ -70,10 +75,7 @@ impl QualityCache {
         content_hash: &str,
         analysis: &FileAnalysis,
     ) -> Result<(), NaomeError> {
-        let cache_path = self.entry_path(path, content_hash);
-        if let Some(parent) = cache_path.parent() {
-            fs::create_dir_all(parent)?;
-        }
+        let cache_path = self.safe_entry_path(path, content_hash)?;
         let entry = CacheEntry {
             schema: CACHE_SCHEMA.to_string(),
             naome_version: env!("CARGO_PKG_VERSION").to_string(),
@@ -84,31 +86,29 @@ impl QualityCache {
             analysis: analysis.clone(),
         };
         let content = format!("{}\n", serde_json::to_string(&entry)?);
-        if fs::read_to_string(&cache_path).map_or(true, |current| current != content) {
-            fs::write(cache_path, content)?;
-        }
-        Ok(())
+        write_cache_entry(&cache_path, &content)
     }
 
-    fn entry_path(&self, path: &str, content_hash: &str) -> PathBuf {
-        self.root.join(CACHE_RELATIVE_PATH).join(stable_key(&[
+    fn safe_entry_path(&self, path: &str, content_hash: &str) -> Result<PathBuf, NaomeError> {
+        let cache_root = safe_cache_root(&self.root, true)?;
+        Ok(cache_root.join(stable_key(&[
             env!("CARGO_PKG_VERSION"),
             &self.config_hash,
             ADAPTER_VERSION,
             path,
             content_hash,
-        ]))
+        ])))
     }
 }
 
 pub fn quality_cache_status(root: &Path) -> Result<QualityCacheStatus, NaomeError> {
-    let path = root.join(CACHE_RELATIVE_PATH);
+    let path = safe_cache_root(root, false)?;
     let mut entry_count = 0;
     let mut bytes = 0;
-    if path.is_dir() {
+    if regular_directory_without_symlink(&path) {
         for entry in fs::read_dir(&path)? {
             let entry = entry?;
-            let metadata = entry.metadata()?;
+            let metadata = fs::symlink_metadata(entry.path())?;
             if metadata.is_file() {
                 entry_count += 1;
                 bytes += metadata.len();
@@ -124,13 +124,116 @@ pub fn quality_cache_status(root: &Path) -> Result<QualityCacheStatus, NaomeErro
 }
 
 pub fn clear_quality_cache(root: &Path) -> Result<QualityCacheStatus, NaomeError> {
-    let path = root.join(CACHE_RELATIVE_PATH);
-    if path.exists() {
+    let path = safe_cache_root(root, false)?;
+    if regular_directory_without_symlink(&path) {
         fs::remove_dir_all(&path)?;
     }
     quality_cache_status(root)
 }
 
+fn write_cache_entry(cache_path: &Path, content: &str) -> Result<(), NaomeError> {
+    validate_cache_entry_parent(cache_path)?;
+    match fs::symlink_metadata(cache_path) {
+        Ok(metadata) if metadata.file_type().is_symlink() || !metadata.is_file() => {
+            return Err(NaomeError::new(format!(
+                "quality cache entry must be a regular file: {}",
+                cache_path.display()
+            )));
+        }
+        Ok(_) => {
+            if fs::read_to_string(cache_path).map_or(false, |current| current == content) {
+                return Ok(());
+            }
+        }
+        Err(error) if error.kind() == std::io::ErrorKind::NotFound => {}
+        Err(error) => return Err(error.into()),
+    }
+
+    let temp_path = cache_path.with_extension(format!(
+        "tmp.{}.{}",
+        std::process::id(),
+        stable_key(&[content]).trim_end_matches(".json")
+    ));
+    validate_cache_entry_parent(&temp_path)?;
+    let mut temp = OpenOptions::new()
+        .write(true)
+        .create_new(true)
+        .open(&temp_path)?;
+    if let Err(error) = temp.write_all(content.as_bytes()) {
+        let _ = fs::remove_file(&temp_path);
+        return Err(error.into());
+    }
+    if let Err(error) = temp.sync_all() {
+        let _ = fs::remove_file(&temp_path);
+        return Err(error.into());
+    }
+    drop(temp);
+    validate_cache_entry_parent(cache_path)?;
+    if let Err(error) = fs::rename(&temp_path, cache_path) {
+        let _ = fs::remove_file(&temp_path);
+        return Err(error.into());
+    }
+    Ok(())
+}
+
+fn validate_cache_entry_parent(cache_path: &Path) -> Result<(), NaomeError> {
+    let Some(parent) = cache_path.parent() else {
+        return Err(NaomeError::new("quality cache entry path has no parent"));
+    };
+    if !regular_directory_without_symlink(parent) {
+        return Err(NaomeError::new(format!(
+            "quality cache path must be a regular directory without symlinks: {}",
+            parent.display()
+        )));
+    }
+    Ok(())
+}
+
+fn safe_cache_root(root: &Path, create: bool) -> Result<PathBuf, NaomeError> {
+    let mut current = root.to_path_buf();
+    for component in Path::new(CACHE_RELATIVE_PATH).components() {
+        let Component::Normal(component) = component else {
+            return Err(NaomeError::new(
+                "quality cache path must be repository-relative",
+            ));
+        };
+        current.push(component);
+        match fs::symlink_metadata(&current) {
+            Ok(metadata) if metadata.file_type().is_symlink() => {
+                return Err(NaomeError::new(format!(
+                    "quality cache path must not contain symlinks: {}",
+                    current.display()
+                )));
+            }
+            Ok(metadata) if metadata.is_dir() => {}
+            Ok(_) => {
+                return Err(NaomeError::new(format!(
+                    "quality cache path component is not a directory: {}",
+                    current.display()
+                )));
+            }
+            Err(error) if error.kind() == std::io::ErrorKind::NotFound && create => {
+                fs::create_dir(&current)?;
+            }
+            Err(error) if error.kind() == std::io::ErrorKind::NotFound => return Ok(current),
+            Err(error) => return Err(error.into()),
+        }
+    }
+    Ok(current)
+}
+
+fn regular_directory_without_symlink(path: &Path) -> bool {
+    fs::symlink_metadata(path)
+        .map(|metadata| metadata.is_dir() && !metadata.file_type().is_symlink())
+        .unwrap_or(false)
+}
+
+fn regular_file_without_symlink(path: &Path) -> bool {
+    fs::symlink_metadata(path)
+        .map(|metadata| metadata.is_file() && !metadata.file_type().is_symlink())
+        .unwrap_or(false)
+}
+
 pub(crate) fn content_hash(content: &str) -> String {
     stable_key(&[content])
 }

package/crates/naome-core/src/quality/scanner/analysis.rs

@@ -8,6 +8,8 @@ use super::{FileAnalysis, NormalizedLine, SymbolAnalysis};
 use crate::quality::cache::{content_hash, QualityCache};
 use normalize::{normalize_line, token_set};
 
+use super::repo_paths::regular_repo_file_path;
+
 pub(super) fn analyze_repo_file(
     root: &Path,
     path: &str,
@@ -16,8 +18,8 @@ pub(super) fn analyze_repo_file(
     cache: &QualityCache,
     allow_cache: bool,
 ) -> Option<(FileAnalysis, bool)> {
-    let full_path = root.join(path);
-    if !full_path.is_file() || is_binary_extension(path) {
+    let full_path = regular_repo_file_path(root, path)?;
+    if is_binary_extension(path) {
         return None;
     }
     if allow_cache {

package/crates/naome-core/src/quality/scanner/repo_paths.rs

@@ -1,6 +1,6 @@
 use std::collections::{HashMap, HashSet};
 use std::fs;
-use std::path::Path;
+use std::path::{Component, Path};
 use std::process::Command;
 
 use crate::models::NaomeError;
@@ -44,8 +44,10 @@ pub(super) fn added_lines_by_path(
         if !target_paths.contains(&path) {
             continue;
         }
-        if let Ok(content) = fs::read_to_string(root.join(&path)) {
-            added.insert(path, content.lines().count());
+        if let Some(file_path) = regular_repo_file_path(root, &path) {
+            if let Ok(content) = fs::read_to_string(file_path) {
+                added.insert(path, content.lines().count());
+            }
         }
     }
     Ok(added)
@@ -92,3 +94,25 @@ fn untracked_paths(root: &Path) -> Result<Vec<String>, NaomeError> {
         .map(|entry| String::from_utf8_lossy(entry).replace('\\', "/"))
         .collect())
 }
+
+pub(super) fn regular_repo_file_path(root: &Path, path: &str) -> Option<std::path::PathBuf> {
+    let relative = Path::new(path);
+    if relative.is_absolute() {
+        return None;
+    }
+    let mut current = root.to_path_buf();
+    for component in relative.components() {
+        let Component::Normal(component) = component else {
+            return None;
+        };
+        current.push(component);
+        let metadata = fs::symlink_metadata(&current).ok()?;
+        if metadata.file_type().is_symlink() {
+            return None;
+        }
+    }
+    fs::symlink_metadata(&current)
+        .ok()
+        .filter(|metadata| metadata.is_file())
+        .map(|_| current)
+}

package/crates/naome-core/src/quality/scanner.rs

@@ -9,7 +9,7 @@ use sha2::{Digest, Sha256};
 
 use crate::{git, models::NaomeError, paths};
 pub(crate) use repo_paths::collect_repo_paths;
-use repo_paths::{added_lines_by_path, tracked_blob_hashes};
+use repo_paths::{added_lines_by_path, regular_repo_file_path, tracked_blob_hashes};
 
 use super::cache::QualityCache;
 use super::types::{
@@ -317,7 +317,10 @@ fn max_file_bytes(mode: QualityMode) -> u64 {
 }
 
 fn file_exceeds_budget(root: &Path, path: &str, mode: QualityMode) -> bool {
-    fs::metadata(root.join(path)).map_or(false, |metadata| {
+    let Some(full_path) = regular_repo_file_path(root, path) else {
+        return false;
+    };
+    fs::symlink_metadata(full_path).map_or(false, |metadata| {
         metadata.is_file() && metadata.len() > max_file_bytes(mode)
     })
 }

package/crates/naome-core/src/route/context.rs

@@ -57,6 +57,8 @@ pub(super) fn winning_rule(intent: &IntentDecision) -> String {
             "current_task_revision_continues_task"
         }
         "answer_status_only" => "status_request_read_only",
+        "normalize_prompt_first" => "prompt_envelope_required_before_routing",
+        "answer_without_mutation" => "advisory_prompt_read_only",
         "create_new_task" | "create_new_task_without_auto_baseline" => "ready_repo_new_task",
         "create_isolated_task_worktree" => "dirty_repo_new_task_worktree_isolation",
         "commit_user_diff_with_quality_gate" => "explicit_user_diff_commit_quality_gate",
@@ -164,6 +166,12 @@ pub(super) fn required_context_for_intent(intent: &IntentDecision) -> Vec<String
         "answer_status_only" => {
             push_unique(&mut context, "docs/naome/index.md");
         }
+        "normalize_prompt_first" => {
+            push_unique(&mut context, "docs/naome/agent-workflow.md");
+        }
+        "answer_without_mutation" => {
+            push_unique(&mut context, "docs/naome/index.md");
+        }
         "repair_harness_only" => {
             push_unique(&mut context, ".naome/manifest.json");
             push_unique(&mut context, "docs/naome/index.md");

package/crates/naome-core/src/workflow/integrity_support.rs

@@ -23,8 +23,14 @@ pub(super) fn refresh_support_files(
             changed.push(path.to_string());
         }
     }
-    if replace_native_integrity(root, integrity)? {
-        changed.push(NAOME_COMMAND_PATH.to_string());
+    for path in [
+        NAOME_COMMAND_PATH,
+        HEALTH_CHECKER_PATH,
+        TASK_STATE_CHECKER_PATH,
+    ] {
+        if replace_native_integrity(root, path, integrity)? {
+            changed.push(path.to_string());
+        }
     }
     Ok(changed)
 }
@@ -76,12 +82,13 @@ fn render_expected_integrity_block(integrity: &BTreeMap<String, String>) -> Stri
 
 fn replace_native_integrity(
     root: &Path,
+    relative_path: &str,
     integrity: &BTreeMap<String, String>,
 ) -> Result<bool, NaomeError> {
     let Some(native_hash) = integrity.get(NATIVE_BINARY_PATH) else {
         return Ok(false);
     };
-    let path = root.join(NAOME_COMMAND_PATH);
+    let path = root.join(relative_path);
     if !path.is_file() {
         return Ok(false);
     }

package/crates/naome-core/tests/context.rs

@@ -66,6 +66,91 @@ fn prompt_context_uses_file_mentions_without_broad_markdown_context() {
         .any(|item| item.path == "docs/naome/repository-quality.md"));
 }
 
+#[test]
+fn prompt_context_ignores_nonexistent_concept_tokens_that_look_path_like() {
+    let repo = context_repo("context-prompt-concept-terms");
+    repo.write_file("docs/naome/repository-quality.md", "# Quality\n");
+    repo.commit_all("baseline");
+
+    let selection = select_context_for_prompt(
+        repo.path(),
+        "Advisory/planning-only prompts and German/English examples must not become paths.",
+    )
+    .unwrap();
+
+    assert_eq!(selection.mode, "prompt");
+    assert_eq!(
+        selection.required_context[0].path,
+        ".naome/verification.json"
+    );
+    assert!(!selection
+        .required_context
+        .iter()
+        .any(|item| item.path == "Advisory/planning-only" || item.path == "German/English"));
+}
+
+#[test]
+fn prompt_context_prefers_envelope_referenced_paths_over_raw_prompt_tokens() {
+    let repo = context_repo("context-prompt-envelope-paths");
+    repo.write_file("packages/app/src/lib.rs", "pub fn app() {}\n");
+    repo.write_file("packages/app/src/other.rs", "pub fn other() {}\n");
+    repo.commit_all("baseline");
+
+    let selection = select_context_for_prompt(
+        repo.path(),
+        "```naome-prompt-envelope-v1\n{\"schema\":\"naome.prompt-envelope.v1\",\"requestKind\":\"implementation\",\"mutationIntent\":\"modify_files\",\"workflowAction\":\"none\",\"taskIntent\":\"new_task\",\"risk\":\"none\",\"requestedActions\":[],\"referencedPaths\":[\"packages/app/src/lib.rs\"],\"constraints\":[],\"uncertainties\":[]}\n```\n\nPlease mention packages/app/src/other.rs in prose but use the envelope path.",
+    )
+    .unwrap();
+
+    assert_eq!(selection.mode, "prompt");
+    assert_eq!(
+        selection.required_context[0].path,
+        "packages/app/src/lib.rs"
+    );
+    assert!(!selection
+        .required_context
+        .iter()
+        .any(|item| item.path == "packages/app/src/other.rs"));
+}
+
+#[test]
+fn prompt_context_keeps_envelope_paths_for_nested_creation_targets() {
+    let repo = app_context_repo("context-prompt-envelope-new-paths");
+
+    let selection = select_context_for_prompt(
+        repo.path(),
+        "```naome-prompt-envelope-v1\n{\"schema\":\"naome.prompt-envelope.v1\",\"requestKind\":\"implementation\",\"mutationIntent\":\"create_files\",\"workflowAction\":\"none\",\"taskIntent\":\"new_task\",\"risk\":\"none\",\"requestedActions\":[],\"referencedPaths\":[\"packages/app/src/new/mod.rs\"],\"constraints\":[],\"uncertainties\":[]}\n```\n\nCreate the new module.",
+    )
+    .unwrap();
+
+    assert_eq!(selection.mode, "prompt");
+    assert_eq!(
+        selection.required_context[0].path,
+        "packages/app/src/new/mod.rs"
+    );
+}
+
+#[test]
+fn prompt_context_rejects_envelope_paths_outside_repository() {
+    let repo = app_context_repo("context-prompt-envelope-safe-paths");
+
+    let selection = select_context_for_prompt(
+        repo.path(),
+        "```naome-prompt-envelope-v1\n{\"schema\":\"naome.prompt-envelope.v1\",\"requestKind\":\"implementation\",\"mutationIntent\":\"modify_files\",\"workflowAction\":\"none\",\"taskIntent\":\"new_task\",\"risk\":\"none\",\"requestedActions\":[],\"referencedPaths\":[\"../notes.md\",\"/tmp/file.rs\",\"packages/app/src/lib.rs\"],\"constraints\":[],\"uncertainties\":[]}\n```",
+    )
+    .unwrap();
+
+    assert_eq!(selection.mode, "prompt");
+    assert_eq!(
+        selection.required_context[0].path,
+        "packages/app/src/lib.rs"
+    );
+    assert!(!selection
+        .required_context
+        .iter()
+        .any(|item| item.path == "../notes.md" || item.path == "/tmp/file.rs"));
+}
+
 #[test]
 fn context_selection_reports_over_budget_when_many_paths_change() {
     let repo = context_repo("context-budget");
@@ -97,3 +182,10 @@ fn context_repo(name: &str) -> TestRepo {
     );
     repo
 }
+
+fn app_context_repo(name: &str) -> TestRepo {
+    let repo = context_repo(name);
+    repo.write_file("packages/app/src/lib.rs", "pub fn app() {}\n");
+    repo.commit_all("baseline");
+    repo
+}

package/crates/naome-core/tests/harness_health.rs

@@ -24,6 +24,11 @@ const MACHINE_OWNED_PATHS: &[&str] = &[
     "docs/naome/upgrade.md",
 ];
 
+#[cfg(windows)]
+const NATIVE_BINARY_PATH: &str = ".naome/bin/naome-rust.exe";
+#[cfg(not(windows))]
+const NATIVE_BINARY_PATH: &str = ".naome/bin/naome-rust";
+
 const PROJECT_OWNED_PATHS: &[&str] = &[
     ".naomeignore",
     ".naome/init-state.json",
@@ -78,6 +83,99 @@ fn rejects_drifted_machine_owned_files() {
     assert!(joined.contains("docs/naome/execution.md"));
 }
 
+#[test]
+fn accepts_native_decision_binary_with_manifest_ownership_and_integrity() {
+    let mut repo = HarnessFixture::new();
+    repo.install_native_decision_binary("native decision fixture\n");
+
+    let errors = validate_harness_health(repo.path(), options(repo.integrity.clone())).unwrap();
+
+    assert!(errors.is_empty(), "{errors:#?}");
+}
+
+#[test]
+fn rejects_native_decision_binary_when_manifest_ownership_is_removed() {
+    let mut repo = HarnessFixture::new();
+    repo.install_native_decision_binary("native decision fixture\n");
+    repo.remove_native_manifest_entry();
+
+    let errors = validate_harness_health(repo.path(), options(repo.integrity.clone())).unwrap();
+    let joined = errors.join("\n");
+
+    assert!(
+        joined.contains(&format!(
+            ".naome/manifest.json machineOwned must include {NATIVE_BINARY_PATH}."
+        )),
+        "{joined}"
+    );
+    assert!(
+        joined.contains(&format!(
+            ".naome/manifest.json integrity missing {NATIVE_BINARY_PATH}."
+        )),
+        "{joined}"
+    );
+}
+
+#[test]
+fn rejects_checker_declared_native_integrity_without_native_manifest_entry() {
+    let mut repo = HarnessFixture::new();
+    let checker_path = ".naome/bin/check-task-state.js";
+    let native_hash = format!("sha256:{}", "a".repeat(64));
+    repo.write(
+        checker_path,
+        &format!("const expectedNativeBinaryIntegrity = \"{native_hash}\";\n"),
+    );
+    repo.integrity.insert(
+        checker_path.to_string(),
+        format!(
+            "sha256:{}",
+            sha256("const expectedNativeBinaryIntegrity = \"sha256:generated\";\n")
+        ),
+    );
+    write_file(
+        repo.path(),
+        ".naome/manifest.json",
+        &pretty_json(manifest_fixture(&repo.integrity)),
+    );
+
+    let errors = validate_harness_health(repo.path(), options(repo.integrity.clone())).unwrap();
+    let joined = errors.join("\n");
+
+    assert!(
+        joined.contains(&format!(
+            ".naome/manifest.json machineOwned must include {NATIVE_BINARY_PATH}."
+        )),
+        "{joined}"
+    );
+    assert!(
+        joined.contains(&format!("{NATIVE_BINARY_PATH} is missing.")),
+        "{joined}"
+    );
+}
+
+#[test]
+fn rejects_native_integrity_assignment_with_appended_code() {
+    let mut repo = HarnessFixture::new();
+    repo.install_native_decision_binary("native decision fixture\n");
+    let native_hash = repo.integrity.get(NATIVE_BINARY_PATH).unwrap().clone();
+    repo.write(
+        ".naome/bin/check-harness-health.js",
+        &format!("const expectedNativeBinaryIntegrity = \"{native_hash}\"; process.exit(0);\n"),
+    );
+
+    let errors = validate_harness_health(repo.path(), options(repo.integrity.clone())).unwrap();
+    let joined = errors.join("\n");
+
+    assert!(
+        joined.contains(".naome/bin/check-harness-health.js integrity mismatch"),
+        "{joined}"
+    );
+    assert!(
+        joined.contains(".naome/bin/check-harness-health.js native binary integrity does not match .naome/manifest.json."),
+        "{joined}"
+    );
+}
+
 #[test]
 fn rejects_missing_archive_ignore_boundary() {
     let repo = HarnessFixture::new();
@@ -175,6 +273,53 @@ impl HarnessFixture {
     fn write(&self, relative_path: &str, content: &str) {
         write_file(&self.root, relative_path, content);
     }
+
+    fn install_native_decision_binary(&mut self, content: &str) {
+        let native_hash = format!("sha256:{}", sha256(content));
+        write_file(&self.root, NATIVE_BINARY_PATH, content);
+        self.integrity
+            .insert(NATIVE_BINARY_PATH.to_string(), native_hash.clone());
+
+        for relative_path in [
+            ".naome/bin/naome.js",
+            ".naome/bin/check-harness-health.js",
+            ".naome/bin/check-task-state.js",
+        ] {
+            let command_content =
+                format!("const expectedNativeBinaryIntegrity = \"{native_hash}\";\n");
+            let normalized_command_content =
+                "const expectedNativeBinaryIntegrity = \"sha256:generated\";\n";
+            write_file(&self.root, relative_path, &command_content);
+            self.integrity.insert(
+                relative_path.to_string(),
+                format!("sha256:{}", sha256(normalized_command_content)),
+            );
+        }
+
+        self.write_manifest_with_native_entry();
+    }
+
+    fn remove_native_manifest_entry(&self) {
+        let mut manifest = read_json_value(&self.root, ".naome/manifest.json");
+        manifest["machineOwned"]
+            .as_array_mut()
+            .unwrap()
+            .retain(|entry| entry.as_str() != Some(NATIVE_BINARY_PATH));
+        manifest["integrity"]
+            .as_object_mut()
+            .unwrap()
+            .remove(NATIVE_BINARY_PATH);
+        write_file(&self.root, ".naome/manifest.json", &pretty_json(manifest));
+    }
+
+    fn write_manifest_with_native_entry(&self) {
+        let mut manifest = manifest_fixture(&self.integrity);
+        manifest["machineOwned"]
+            .as_array_mut()
+            .unwrap()
+            .push(json!(NATIVE_BINARY_PATH));
+        write_file(&self.root, ".naome/manifest.json", &pretty_json(manifest));
+    }
 }
 
 fn manifest_fixture(integrity: &HashMap<String, String>) -> serde_json::Value {
@@ -217,6 +362,10 @@ fn machine_content(relative_path: &str) -> String {
     }
 }
 
+fn read_json_value(root: &Path, relative_path: &str) -> serde_json::Value {
+    serde_json::from_str(&fs::read_to_string(root.join(relative_path)).unwrap()).unwrap()
+}
+
 fn write_file(root: &Path, relative_path: &str, content: &str) {
     let path = root.join(relative_path);
     fs::create_dir_all(path.parent().unwrap()).unwrap();