@mmmbuto/masix 0.4.0 → 0.4.1

package/packages/plugin-base/codex-backend/source/src/workspace.rs

@@ -0,0 +1,433 @@
+//! Workspace resolution with fallback chain
+//!
+//! Provides robust path resolution that falls back through:
+//! 1. Explicit repo_path if valid and existing
+//! 2. Runtime-provided workdir
+//! 3. Module-configured default root
+//!
+//! All paths are canonicalized and validated against the active execution profile.
+
+use crate::CodingError;
+use std::fmt;
+use std::path::{Path, PathBuf};
+
+/// Default workspace root for Termux environments
+#[cfg(target_os = "android")]
+pub fn default_workspace_root() -> PathBuf {
+    PathBuf::from("/data/data/com.termux/files/home")
+}
+
+/// Default workspace root for non-Termux environments
+#[cfg(not(target_os = "android"))]
+pub fn default_workspace_root() -> PathBuf {
+    std::env::var("HOME")
+        .map(PathBuf::from)
+        .or_else(|_| std::env::var("USERPROFILE").map(PathBuf::from))
+        .unwrap_or_else(|_| PathBuf::from("/tmp"))
+}
+
+/// Execution profile controlling path access scope
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Default)]
+pub enum ExecutionProfile {
+    /// Workspace locked - only paths under resolved workspace root
+    #[default]
+    WorkspaceLocked,
+    /// Workspace plus configured roots - workspace + allowlisted paths
+    WorkspacePlusRoots,
+    /// System unlocked - admin-only, full system access with logging
+    SystemUnlocked,
+}
+
+impl ExecutionProfile {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            ExecutionProfile::WorkspaceLocked => "workspace_locked",
+            ExecutionProfile::WorkspacePlusRoots => "workspace_plus_roots",
+            ExecutionProfile::SystemUnlocked => "system_unlocked",
+        }
+    }
+
+    pub fn from_str(s: &str) -> Option<Self> {
+        match s.to_lowercase().as_str() {
+            "workspace_locked" | "workspacelocked" => Some(ExecutionProfile::WorkspaceLocked),
+            "workspace_plus_roots" | "workspaceplusroots" => {
+                Some(ExecutionProfile::WorkspacePlusRoots)
+            }
+            "system_unlocked" | "systemunlocked" => Some(ExecutionProfile::SystemUnlocked),
+            _ => None,
+        }
+    }
+}
+
+impl fmt::Display for ExecutionProfile {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "{}", self.as_str())
+    }
+}
+
+/// Configuration for workspace resolution
+#[derive(Debug, Clone)]
+pub struct WorkspaceConfig {
+    /// Explicit repo path from tool input
+    pub repo_path: Option<PathBuf>,
+    /// Runtime-provided working directory
+    pub runtime_workdir: Option<PathBuf>,
+    /// Module-configured default root
+    pub default_root: Option<PathBuf>,
+    /// Additional allowed roots (for WorkspacePlusRoots profile)
+    pub allowed_roots: Vec<PathBuf>,
+    /// Execution profile
+    pub profile: ExecutionProfile,
+}
+
+impl Default for WorkspaceConfig {
+    fn default() -> Self {
+        Self {
+            repo_path: None,
+            runtime_workdir: None,
+            default_root: Some(default_workspace_root()),
+            allowed_roots: Vec::new(),
+            profile: ExecutionProfile::WorkspaceLocked,
+        }
+    }
+}
+
+impl WorkspaceConfig {
+    /// Create a new workspace config with explicit repo path
+    pub fn with_repo_path(mut self, path: impl Into<PathBuf>) -> Self {
+        let path: PathBuf = path.into();
+        if path.as_os_str().is_empty() {
+            self.repo_path = None;
+        } else {
+            self.repo_path = Some(path);
+        }
+        self
+    }
+
+    /// Set runtime workdir
+    pub fn with_runtime_workdir(mut self, path: impl Into<PathBuf>) -> Self {
+        self.runtime_workdir = Some(path.into());
+        self
+    }
+
+    /// Set default root
+    pub fn with_default_root(mut self, path: impl Into<PathBuf>) -> Self {
+        self.default_root = Some(path.into());
+        self
+    }
+
+    /// Add an allowed root
+    pub fn with_allowed_root(mut self, path: impl Into<PathBuf>) -> Self {
+        self.allowed_roots.push(path.into());
+        self
+    }
+
+    /// Set execution profile
+    pub fn with_profile(mut self, profile: ExecutionProfile) -> Self {
+        self.profile = profile;
+        self
+    }
+}
+
+/// Resolved workspace with validated root
+#[derive(Debug, Clone)]
+pub struct ResolvedWorkspace {
+    /// Canonical workspace root
+    pub root: PathBuf,
+    /// Source of the resolution
+    pub source: WorkspaceSource,
+    /// Execution profile in effect
+    pub profile: ExecutionProfile,
+    /// Canonical allowed roots for WorkspacePlusRoots profile
+    pub allowed_roots: Vec<PathBuf>,
+}
+
+/// Source of workspace resolution
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum WorkspaceSource {
+    /// Explicit repo_path was used
+    ExplicitRepoPath,
+    /// Runtime workdir was used
+    RuntimeWorkdir,
+    /// Default root was used
+    DefaultRoot,
+}
+
+impl fmt::Display for WorkspaceSource {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            WorkspaceSource::ExplicitRepoPath => write!(f, "explicit_repo_path"),
+            WorkspaceSource::RuntimeWorkdir => write!(f, "runtime_workdir"),
+            WorkspaceSource::DefaultRoot => write!(f, "default_root"),
+        }
+    }
+}
+
+impl ResolvedWorkspace {
+    /// Check if a path is within the workspace (or allowed roots)
+    pub fn is_path_allowed(&self, path: &Path) -> Result<PathBuf, CodingError> {
+        // Canonicalize the path (or its parent if it doesn't exist yet)
+        let canonical_path = if path.exists() {
+            path.canonicalize().map_err(|e| {
+                CodingError::PathSecurityViolation(format!("Cannot canonicalize path: {}", e))
+            })?
+        } else {
+            // For non-existent paths, canonicalize parent and join
+            let mut check_path = path.to_path_buf();
+            while !check_path.exists() {
+                if !check_path.pop() {
+                    break;
+                }
+            }
+            let canonical_parent = check_path.canonicalize().map_err(|e| {
+                CodingError::PathSecurityViolation(format!(
+                    "Cannot canonicalize parent path: {}",
+                    e
+                ))
+            })?;
+            canonical_parent.join(path.strip_prefix(&check_path).unwrap_or(path))
+        };
+
+        // Canonicalize workspace root as well to avoid false negatives on platforms
+        // where temp/system paths have alias forms (e.g. /var vs /private/var on macOS).
+        let canonical_root = self
+            .root
+            .canonicalize()
+            .unwrap_or_else(|_| self.root.clone());
+
+        // SystemUnlocked allows anything (admin-only)
+        if self.profile == ExecutionProfile::SystemUnlocked {
+            return Ok(canonical_path);
+        }
+
+        // Check against workspace root
+        if canonical_path.starts_with(&canonical_root) {
+            return Ok(canonical_path);
+        }
+
+        // Check against allowed roots (for WorkspacePlusRoots profile)
+        if self.profile == ExecutionProfile::WorkspacePlusRoots {
+            for allowed in &self.allowed_roots {
+                let canonical_allowed = allowed.canonicalize().unwrap_or_else(|_| allowed.clone());
+                if canonical_path.starts_with(&canonical_allowed) {
+                    return Ok(canonical_path);
+                }
+            }
+        }
+
+        Err(CodingError::PathSecurityViolation(format!(
+            "Path '{}' is outside workspace root '{}'",
+            path.display(),
+            canonical_root.display()
+        )))
+    }
+}
+
+/// Resolve workspace using fallback chain
+pub fn resolve_workspace(config: &WorkspaceConfig) -> Result<ResolvedWorkspace, CodingError> {
+    let canonical_allowed_roots: Vec<PathBuf> = config
+        .allowed_roots
+        .iter()
+        .filter(|p| p.exists())
+        .filter_map(|p| p.canonicalize().ok())
+        .collect();
+
+    let build = |root: PathBuf, source: WorkspaceSource| ResolvedWorkspace {
+        root,
+        source,
+        profile: config.profile,
+        allowed_roots: canonical_allowed_roots.clone(),
+    };
+
+    // Try explicit repo_path first
+    if let Some(ref repo_path) = config.repo_path {
+        if repo_path.exists() {
+            let canonical = repo_path.canonicalize().map_err(|e| {
+                CodingError::IoError(format!(
+                    "Cannot canonicalize repo_path '{}': {}",
+                    repo_path.display(),
+                    e
+                ))
+            })?;
+            return Ok(build(canonical, WorkspaceSource::ExplicitRepoPath));
+        }
+        // repo_path was provided but doesn't exist - this is no longer a hard error
+        // We fall through to fallbacks
+    }
+
+    // Try runtime workdir
+    if let Some(ref workdir) = config.runtime_workdir {
+        if workdir.exists() {
+            let canonical = workdir.canonicalize().map_err(|e| {
+                CodingError::IoError(format!(
+                    "Cannot canonicalize runtime_workdir '{}': {}",
+                    workdir.display(),
+                    e
+                ))
+            })?;
+            return Ok(build(canonical, WorkspaceSource::RuntimeWorkdir));
+        }
+    }
+
+    // Fall back to default root
+    if let Some(ref default) = config.default_root {
+        if default.exists() {
+            let canonical = default.canonicalize().map_err(|e| {
+                CodingError::IoError(format!(
+                    "Cannot canonicalize default_root '{}': {}",
+                    default.display(),
+                    e
+                ))
+            })?;
+            return Ok(build(canonical, WorkspaceSource::DefaultRoot));
+        }
+    }
+
+    // Last resort: use current directory
+    let cwd = std::env::current_dir()
+        .map_err(|e| CodingError::IoError(format!("Cannot get current directory: {}", e)))?;
+    let canonical = cwd
+        .canonicalize()
+        .map_err(|e| CodingError::IoError(format!("Cannot canonicalize cwd: {}", e)))?;
+
+    Ok(build(canonical, WorkspaceSource::DefaultRoot))
+}
+
+/// Resolve a relative path within a workspace
+pub fn resolve_relative_path(
+    relative: &str,
+    workspace: &ResolvedWorkspace,
+) -> Result<PathBuf, CodingError> {
+    // Security checks
+    let normalized = relative.replace('\\', "/");
+
+    // Reject absolute paths
+    if normalized.starts_with('/') || normalized.starts_with('~') {
+        return Err(CodingError::PathSecurityViolation(
+            "Absolute/home paths not allowed".into(),
+        ));
+    }
+
+    // Reject path traversal
+    for component in normalized.split('/') {
+        if component == ".." {
+            return Err(CodingError::PathSecurityViolation(
+                "Path traversal not allowed".into(),
+            ));
+        }
+    }
+
+    let resolved = workspace.root.join(&normalized);
+
+    // Verify the path is within workspace
+    workspace.is_path_allowed(&resolved)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::fs;
+
+    #[test]
+    fn test_execution_profile_from_str() {
+        assert_eq!(
+            ExecutionProfile::from_str("workspace_locked"),
+            Some(ExecutionProfile::WorkspaceLocked)
+        );
+        assert_eq!(
+            ExecutionProfile::from_str("system_unlocked"),
+            Some(ExecutionProfile::SystemUnlocked)
+        );
+        assert_eq!(ExecutionProfile::from_str("invalid"), None);
+    }
+
+    #[test]
+    fn test_workspace_config_builder() {
+        let config = WorkspaceConfig::default()
+            .with_repo_path("/tmp/test")
+            .with_profile(ExecutionProfile::WorkspaceLocked);
+
+        assert_eq!(config.repo_path, Some(PathBuf::from("/tmp/test")));
+        assert_eq!(config.profile, ExecutionProfile::WorkspaceLocked);
+    }
+
+    #[test]
+    fn test_resolve_workspace_with_existing_path() {
+        let tmp_dir = std::env::temp_dir();
+        let test_path = tmp_dir.join("masix_test_workspace");
+        fs::create_dir_all(&test_path).ok();
+
+        let config = WorkspaceConfig::default().with_repo_path(&test_path);
+        let result = resolve_workspace(&config);
+
+        assert!(result.is_ok());
+        let workspace = result.unwrap();
+        assert_eq!(workspace.source, WorkspaceSource::ExplicitRepoPath);
+
+        fs::remove_dir(&test_path).ok();
+    }
+
+    #[test]
+    fn test_resolve_workspace_fallback_to_default() {
+        let config = WorkspaceConfig {
+            repo_path: Some(PathBuf::from("/nonexistent/path/12345")),
+            runtime_workdir: None,
+            default_root: Some(std::env::temp_dir()),
+            allowed_roots: Vec::new(),
+            profile: ExecutionProfile::WorkspaceLocked,
+        };
+
+        let result = resolve_workspace(&config);
+        assert!(result.is_ok());
+        let workspace = result.unwrap();
+        assert_eq!(workspace.source, WorkspaceSource::DefaultRoot);
+    }
+
+    #[test]
+    fn test_resolve_relative_path_rejects_absolute() {
+        let workspace = ResolvedWorkspace {
+            root: PathBuf::from("/tmp"),
+            source: WorkspaceSource::DefaultRoot,
+            profile: ExecutionProfile::WorkspaceLocked,
+            allowed_roots: Vec::new(),
+        };
+
+        let result = resolve_relative_path("/etc/passwd", &workspace);
+        assert!(matches!(result, Err(CodingError::PathSecurityViolation(_))));
+    }
+
+    #[test]
+    fn test_resolve_relative_path_rejects_traversal() {
+        let workspace = ResolvedWorkspace {
+            root: PathBuf::from("/tmp"),
+            source: WorkspaceSource::DefaultRoot,
+            profile: ExecutionProfile::WorkspaceLocked,
+            allowed_roots: Vec::new(),
+        };
+
+        let result = resolve_relative_path("../../../etc/passwd", &workspace);
+        assert!(matches!(result, Err(CodingError::PathSecurityViolation(_))));
+    }
+
+    #[test]
+    fn test_workspace_plus_roots_allows_extra_root() {
+        let tmp_dir = std::env::temp_dir();
+        let workspace_root = tmp_dir.join("masix_workspace_root");
+        let allowed_root = tmp_dir.join("masix_allowed_root");
+        fs::create_dir_all(&workspace_root).ok();
+        fs::create_dir_all(&allowed_root).ok();
+
+        let config = WorkspaceConfig::default()
+            .with_repo_path(&workspace_root)
+            .with_profile(ExecutionProfile::WorkspacePlusRoots)
+            .with_allowed_root(&allowed_root);
+        let resolved = resolve_workspace(&config).unwrap();
+
+        let target = allowed_root.join("nested").join("file.txt");
+        let allowed = resolved.is_path_allowed(&target);
+        assert!(allowed.is_ok());
+
+        fs::remove_dir_all(&workspace_root).ok();
+        fs::remove_dir_all(&allowed_root).ok();
+    }
+}

package/packages/plugin-base/codex-tools/0.1.3/SHA256SUMS

@@ -0,0 +1,3 @@
+b3daf8cfe3531fdf675ddf4578a65c3f5186ad9e490d02ea2a9b90d1653b4920  codex-tools-android-aarch64-termux.pkg
+d1b39e3c8c2c6ca4234a0f4a19f20fb1eb63faf6ce0bde3447b6dcbff08a18b3  codex-tools-linux-x86_64.pkg
+d52ae0ccd97060dce260cb542ac820b7eb0bd664c82820c126c2a7f032c9b383  codex-tools-macos-aarch64.pkg

package/packages/plugin-base/codex-tools/0.1.3/manifest.json

@@ -0,0 +1,33 @@
+{
+  "plugin_id": "codex-tools",
+  "version": "0.1.3",
+  "visibility": "plugin-base",
+  "license": "MIT",
+  "admin_only": true,
+  "package_type": "mcp_binary",
+  "platforms": [
+    {
+      "id": "android-aarch64-termux",
+      "file": "codex-tools-android-aarch64-termux.pkg",
+      "sha256": "b3daf8cfe3531fdf675ddf4578a65c3f5186ad9e490d02ea2a9b90d1653b4920"
+    },
+    {
+      "id": "linux-x86_64",
+      "file": "codex-tools-linux-x86_64.pkg",
+      "sha256": "d1b39e3c8c2c6ca4234a0f4a19f20fb1eb63faf6ce0bde3447b6dcbff08a18b3"
+    },
+    {
+      "id": "macos-aarch64",
+      "file": "codex-tools-macos-aarch64.pkg",
+      "sha256": "d52ae0ccd97060dce260cb542ac820b7eb0bd664c82820c126c2a7f032c9b383"
+    }
+  ],
+  "install": {
+    "command": "masix plugin install-file --file <path-to-pkg> --plugin codex-tools --version 0.1.3 --package-type mcp_binary --admin-only"
+  },
+  "notes": [
+    "Admin-only module. Non-admin users cannot call codex tools.",
+    "Package usable without plugin server.",
+    "Requires codex-backend enabled for full functionality."
+  ]
+}

package/packages/plugin-base/codex-tools/CHANGELOG.md

@@ -0,0 +1,17 @@
+# codex-tools Package Changelog
+
+## 0.1.3 - 2026-03-05
+
+- Refreshed package artifacts for android-aarch64-termux, linux-x86_64, macos-aarch64.
+- Added `packages/plugin-base/codex-tools/0.1.3/` with updated `manifest.json` and `SHA256SUMS`.
+
+
+## 0.1.2 - 2026-03-02
+
+- Added MIT package publication layout under `packages/plugin-base/codex-tools/0.1.2`.
+- Included platform artifacts:
+  - `codex-tools-android-aarch64-termux.pkg`
+  - `codex-tools-linux-x86_64.pkg`
+  - `codex-tools-macos-aarch64.pkg`
+- Added `manifest.json` with platform metadata and checksums.
+- Added `SHA256SUMS` for manual integrity verification.

package/packages/plugin-base/codex-tools/README.md

@@ -0,0 +1,33 @@
+# codex-tools (`plugin-base`)
+
+`codex-tools` exposes MCP tools for coding workflows and patch operations.
+
+## What It Is
+
+- Package type: `mcp_binary`
+- Visibility: `plugin-base`
+- Admin-only: `true`
+- Distribution: local `.pkg` install supported (`install-file`)
+
+## Install Example
+
+```bash
+masix plugin install-file \
+  --file packages/plugin-base/codex-tools/0.1.3/codex-tools-linux-x86_64.pkg \
+  --plugin codex-tools \
+  --version 0.1.3 \
+  --package-type mcp_binary \
+  --admin-only
+```
+
+Then enable and restart:
+
+```bash
+masix plugin enable codex-tools
+masix restart
+```
+
+## Notes
+
+- For full coding flow, install `codex-backend` and `codex-tools` together.
+- Tools are filtered by admin policy at runtime.

package/packages/plugin-base/codex-tools/source/Cargo.toml

@@ -0,0 +1,23 @@
+[package]
+name = "masix-plugin-codex-tools"
+version = "0.1.3"
+edition.workspace = true
+license.workspace = true
+description = "MCP binary plugin exposing codex-backend tools for MasiX runtime"
+
+[[bin]]
+name = "masix-plugin-codex-tools"
+path = "src/main.rs"
+
+[dependencies]
+anyhow.workspace = true
+clap.workspace = true
+masix-plugin-codex-backend = { path = "../codex-backend" }
+serde.workspace = true
+serde_json.workspace = true
+tokio.workspace = true
+tracing.workspace = true
+tracing-subscriber.workspace = true
+
+[dev-dependencies]
+# none yet

package/packages/plugin-base/codex-tools/source/plugin.manifest.json

@@ -0,0 +1,124 @@
+{
+  "id": "codex-tools",
+  "name": "MasiX Codex Tools",
+  "version": "0.1.3",
+  "visibility": "plugin-base",
+  "package_type": "mcp_binary",
+  "entrypoint": "masix-plugin-codex-tools",
+  "admin_only": true,
+  "permissions": {
+    "required": [
+      "admin"
+    ],
+    "description": "Codex tools require admin privileges for file operations and API access"
+  },
+  "platforms_supported": [
+    "linux-x86_64",
+    "android-aarch64-termux",
+    "macos-aarch64"
+  ],
+  "platforms_tested": [
+    "linux-x86_64",
+    "android-aarch64-termux",
+    "macos-aarch64"
+  ],
+  "platforms_planned": [
+    "linux-aarch64"
+  ],
+  "dependencies": {
+    "codex-backend": ">=0.1.0"
+  },
+  "config": {
+    "properties": {
+      "provider": {
+        "type": "string",
+        "enum": [
+          "openai",
+          "anthropic",
+          "openai-compatible"
+        ],
+        "default": "openai"
+      },
+      "api_key_env": {
+        "type": "string",
+        "default": "CODEX_API_KEY",
+        "description": "Environment variable name for API key"
+      },
+      "base_url": {
+        "type": "string"
+      },
+      "model": {
+        "type": "string"
+      },
+      "timeout_secs": {
+        "type": "integer",
+        "default": 300,
+        "minimum": 10,
+        "maximum": 3600
+      }
+    }
+  },
+  "tools": [
+    {
+      "name": "codex_run",
+      "description": "Execute a coding task via HTTP backend",
+      "requires_admin": true
+    },
+    {
+      "name": "codex_dry_run",
+      "description": "Preview execution settings without mutation",
+      "requires_admin": false
+    },
+    {
+      "name": "codex_status",
+      "description": "Get module version and health info",
+      "requires_admin": false
+    },
+    {
+      "name": "codex_capabilities",
+      "description": "Get machine-readable metadata for AI workers",
+      "requires_admin": false
+    },
+    {
+      "name": "codex_exec_command",
+      "description": "Execute a command in a bounded, secure environment",
+      "requires_admin": true
+    },
+    {
+      "name": "codex_patch_preview",
+      "description": "Preview a diff patch without applying it",
+      "requires_admin": true
+    },
+    {
+      "name": "codex_apply_patch",
+      "description": "Apply a diff patch with automatic backup",
+      "requires_admin": true
+    },
+    {
+      "name": "codex_rollback_patch",
+      "description": "Rollback a previously applied patch using backup ID",
+      "requires_admin": true
+    }
+  ],
+  "min_masix_version": "0.3.0",
+  "max_masix_version": "0.4.1",
+  "capabilities": [
+    "http_client",
+    "file_read",
+    "file_write",
+    "command_exec"
+  ],
+  "constraints": {
+    "max_concurrent_tasks": 1,
+    "requires_isolation": false,
+    "timeout_enforcement": "strict"
+  },
+  "tool_access": {
+    "default_required_role": "admin",
+    "per_tool_required_role": {
+      "codex_dry_run": "user",
+      "codex_status": "user",
+      "codex_capabilities": "user"
+    }
+  }
+}