zexus 1.8.0 → 1.8.2

package/src/zexus/object.py

@@ -3,9 +3,69 @@ import time
 import random
 import json
 import os
+import re
 import sys
+import threading
+import atexit
 from threading import Lock
 
+
+# ===============================================
+# SECURITY: Path & Identifier Sanitization (v1.8.1)
+# ===============================================
+
+def _safe_resolve_path(path: str, sandbox: str = None) -> str:
+    """Resolve *path* and ensure it stays within *sandbox* (default: cwd).
+
+    Raises ``PermissionError`` if the resolved path escapes the sandbox.
+    Rejects paths that contain null bytes.
+    """
+    if "\x00" in path:
+        raise PermissionError("Path contains null bytes")
+    if sandbox is None:
+        sandbox = os.getcwd()
+    sandbox = os.path.realpath(sandbox)
+    resolved = os.path.realpath(os.path.join(sandbox, path))
+    # Ensure the resolved path is still within the sandbox
+    if not (resolved == sandbox or resolved.startswith(sandbox + os.sep)):
+        raise PermissionError(
+            f"Path traversal denied: '{path}' resolves outside the project directory"
+        )
+    return resolved
+
+
+# Regex: only alphanumeric, underscore, hyphen, dot allowed in identifiers
+_SAFE_ID_RE = re.compile(r'^[A-Za-z0-9_.\-]+$')
+
+
+def _sanitize_identifier(name: str, label: str = "identifier") -> str:
+    """Ensure *name* is a safe filesystem identifier (no path separators, no traversal).
+
+    Raises ``ValueError`` on invalid input.
+    """
+    if not name or not isinstance(name, str):
+        raise ValueError(f"Invalid {label}: must be a non-empty string")
+    if not _SAFE_ID_RE.match(name):
+        raise ValueError(
+            f"Invalid {label} '{name}': only alphanumeric, underscore, hyphen, "
+            f"and dot characters are allowed"
+        )
+    # Extra guard: reject hidden-file tricks and double-dot
+    if name.startswith('.') or '..' in name:
+        raise ValueError(f"Invalid {label} '{name}': leading dot or '..' not allowed")
+    return name
+
+
+# Env vars that must never be modified by Zexus programs
+BLOCKED_ENV_VARS = frozenset({
+    'PATH', 'LD_PRELOAD', 'LD_LIBRARY_PATH', 'DYLD_INSERT_LIBRARIES',
+    'DYLD_LIBRARY_PATH', 'PYTHONPATH', 'PYTHONSTARTUP', 'PYTHONHOME',
+    'NODE_PATH', 'NODE_OPTIONS', 'PERL5LIB', 'RUBYLIB',
+    'CLASSPATH', 'HOME', 'USER', 'SHELL', 'LOGNAME',
+    'SSH_AUTH_SOCK', 'GPG_AGENT_INFO',
+})
+
+
 class Object:
     def inspect(self):
         raise NotImplementedError("Subclasses must implement this method")
@@ -489,10 +549,43 @@ class Coroutine(Object):
 
 # === ENTITY OBJECTS ===
 
+# Thread-local evaluator cache for entity/contract method execution.
+# Kept lazy to avoid circular imports at module import time.
+_entity_evaluator_cache = threading.local()
+
+
+def _get_cached_evaluator():
+    evaluator = getattr(_entity_evaluator_cache, "evaluator", None)
+    if evaluator is None:
+        from .evaluator.core import Evaluator
+        evaluator = Evaluator()
+        _entity_evaluator_cache.evaluator = evaluator
+    return evaluator
+
+
+def _clear_cached_evaluator():
+    if hasattr(_entity_evaluator_cache, "evaluator"):
+        del _entity_evaluator_cache.evaluator
+
+
+# Best-effort cleanup for the current thread at interpreter shutdown.
+atexit.register(_clear_cached_evaluator)
+
 class EntityDefinition(Object):
-    def __init__(self, name, properties, parent=None):
+    """Entity definition.
+
+    MEDIUM (M5): This is the canonical EntityDefinition implementation.
+    It supports:
+    - properties as either a dict (new format) or list (legacy format)
+    - optional methods (Action objects)
+    - optional parent entity (inheritance)
+    - optional dependency injection for marked properties
+    """
+
+    def __init__(self, name, properties, methods=None, parent=None):
         self.name = name
-        self.properties = properties  # List of property definitions
+        self.properties = properties  # dict or list
+        self.methods = methods or {}
         self.parent = parent  # Optional parent entity for inheritance
         
     def type(self):
@@ -506,33 +599,169 @@ class EntityDefinition(Object):
         else:
             props_str = ", ".join([f"{prop['name']}: {prop['type']}" for prop in self.properties])
         return f"entity {self.name} {{ {props_str} }}"
+
+    def get_all_properties(self):
+        """Get all properties including inherited ones (parent first)."""
+        props = {}
+        if self.parent:
+            try:
+                props.update(self.parent.get_all_properties())
+            except Exception:
+                pass
+        if isinstance(self.properties, dict):
+            props.update(self.properties)
+        else:
+            # Legacy list format: [{name,type,default_value?}, ...]
+            for prop in self.properties:
+                try:
+                    props[prop['name']] = prop
+                except Exception:
+                    continue
+        return props
         
     def create_instance(self, initial_values=None):
-        """Create an instance of this entity with optional initial values"""
-        return EntityInstance(self, initial_values or {})
+        """Create an instance of this entity with optional initial values."""
+        injected_values = dict(initial_values or {})
+
+        # Dependency injection support: fill missing injected deps with container values.
+        injected_deps = getattr(self, 'injected_deps', None)
+        if injected_deps:
+            try:
+                from .dependency_injection import get_di_registry
+                registry = get_di_registry()
+                container = registry.get_container("__main__")
+            except Exception:
+                container = None
+
+            for dep_name in injected_deps:
+                if dep_name in injected_values:
+                    continue
+                if container is None:
+                    injected_values[dep_name] = NULL
+                    continue
+                try:
+                    injected_values[dep_name] = container.get(dep_name)
+                except BaseException:
+                    injected_values[dep_name] = NULL
+
+        return EntityInstance(self, injected_values)
 
 class EntityInstance(Object):
     def __init__(self, entity_def, values):
         self.entity_def = entity_def
-        self.values = values
+        self.data = values or {}
+        # Backward compatibility alias
+        self.values = self.data
+        self._validate_properties()
         
     def type(self):
         return "ENTITY_INSTANCE"
         
     def inspect(self):
-        values_str = ", ".join([f"{k}: {v.inspect()}" for k, v in self.values.items()])
+        values_str = ", ".join([
+            f"{k}: {v.inspect() if hasattr(v, 'inspect') else v}" for k, v in self.data.items()
+        ])
         return f"{self.entity_def.name} {{ {values_str} }}"
+
+    def __str__(self):
+        return self.inspect()
+
+    def __repr__(self):
+        return self.__str__()
+
+    def _validate_properties(self):
+        """Populate missing injected/default values for declared properties."""
+        try:
+            all_props = self.entity_def.get_all_properties()
+        except Exception:
+            all_props = {}
+
+        for prop_name, prop_config in all_props.items():
+            if prop_name in self.data:
+                continue
+
+            # New-format dict config
+            if isinstance(prop_config, dict):
+                if prop_config.get("injected", False):
+                    try:
+                        from .dependency_injection import get_di_registry
+                        registry = get_di_registry()
+                        container = registry.get_container("__main__")
+                        if container is not None:
+                            self.data[prop_name] = container.get(prop_name)
+                        else:
+                            self.data[prop_name] = NULL
+                    except Exception:
+                        self.data[prop_name] = NULL
+                    continue
+
+                if "default_value" in prop_config:
+                    self.data[prop_name] = prop_config.get("default_value")
+                    continue
+
+            # Legacy list config may include default_value
+            if isinstance(prop_config, dict) and "default_value" in prop_config:
+                self.data[prop_name] = prop_config.get("default_value")
         
     def get(self, property_name):
-        return self.values.get(property_name, NULL)
+        return self.data.get(property_name, NULL)
         
     def set(self, property_name, value):
-        # Check if property exists in entity definition
-        prop_def = next((prop for prop in self.entity_def.properties if prop['name'] == property_name), None)
-        if prop_def:
-            self.values[property_name] = value
-            return TRUE
-        return FALSE
+        # Check if property exists in entity definition (including inherited props)
+        try:
+            props = self.entity_def.get_all_properties()
+            if property_name not in props:
+                return FALSE
+        except Exception:
+            # Legacy list-only entity definitions
+            try:
+                prop_def = next(
+                    (prop for prop in self.entity_def.properties if prop.get('name') == property_name),
+                    None,
+                )
+                if not prop_def:
+                    return FALSE
+            except Exception:
+                return FALSE
+
+        existing = self.data.get(property_name)
+        if existing is not None and existing.__class__.__name__ == 'SealedObject':
+            return EvaluationError(f"Cannot modify sealed property: {property_name}")
+
+        self.data[property_name] = value
+        return TRUE
+
+    def call_method(self, method_name, args):
+        """Call an entity method (Action) defined on the entity definition."""
+        if not hasattr(self.entity_def, 'methods') or method_name not in self.entity_def.methods:
+            return EvaluationError(f"Method '{method_name}' not supported for ENTITY_INSTANCE")
+
+        method = self.entity_def.methods[method_name]
+
+        # Create a new environment for method execution
+        from .environment import Environment as ExecEnvironment
+        method_env = ExecEnvironment(outer=method.env if hasattr(method, 'env') else None)
+        method_env.set('this', self)
+
+        # Bind method parameters
+        if hasattr(method, 'parameters'):
+            for i, param in enumerate(method.parameters):
+                if i >= len(args):
+                    break
+                if hasattr(param, 'name'):
+                    param_name = param.name.value if hasattr(param.name, 'value') else str(param.name)
+                elif hasattr(param, 'value'):
+                    param_name = param.value
+                else:
+                    param_name = str(param)
+                method_env.set(param_name, args[i])
+
+        evaluator = _get_cached_evaluator()
+
+        result = evaluator.eval_node(method.body, method_env, stack_trace=[])
+        if isinstance(result, ReturnValue):
+            return result.value
+        return result
 
 # === UTILITY CLASSES ===
 
@@ -600,9 +829,12 @@ class File(Object):
         try:
             if isinstance(path, String):
                 path = path.value
-            with open(path, 'r', encoding='utf-8') as f:
+            resolved = _safe_resolve_path(path)
+            with open(resolved, 'r', encoding='utf-8') as f:
                 # Files are external data sources - return untrusted strings
                 return String(f.read(), is_trusted=False)
+        except PermissionError as e:
+            return EvaluationError(f"File read denied: {str(e)}")
         except Exception as e:
             return EvaluationError(f"File read error: {str(e)}")
 
@@ -613,9 +845,12 @@ class File(Object):
                 path = path.value
             if isinstance(content, String):
                 content = content.value
-            with open(path, 'w', encoding='utf-8') as f:
+            resolved = _safe_resolve_path(path)
+            with open(resolved, 'w', encoding='utf-8') as f:
                 f.write(content)
             return Boolean(True)
+        except PermissionError as e:
+            return EvaluationError(f"File write denied: {str(e)}")
         except Exception as e:
             return EvaluationError(f"File write error: {str(e)}")
 
@@ -623,7 +858,11 @@ class File(Object):
     def exists(path):
         if isinstance(path, String):
             path = path.value
-        return Boolean(os.path.exists(path))
+        try:
+            resolved = _safe_resolve_path(path)
+            return Boolean(os.path.exists(resolved))
+        except PermissionError:
+            return Boolean(False)
 
     # === MEDIUM TIER ===
     @staticmethod
@@ -729,18 +968,65 @@ class File(Object):
     _lock = Lock()
 
     @staticmethod
-    def lock_file(path):
-        """Lock file for exclusive access"""
+    def lock_file(path, timeout=None):
+        """Lock file for exclusive access.
+
+        SECURITY (M9): Previously this could block forever and hang the interpreter.
+        A default timeout is applied (configurable via env var).
+
+        Args:
+            path: File path (string or String)
+            timeout: Optional seconds (Integer/Float/str/number). If omitted, uses
+                $ZEXUS_FILE_LOCK_TIMEOUT_SECONDS (default: 30).
+        """
         try:
             if isinstance(path, String):
                 path = path.value
 
-            with File._lock:
-                if path not in File._file_locks:
-                    File._file_locks[path] = Lock()
+            # Normalize key to reduce accidental duplicate lock objects
+            try:
+                lock_key = os.path.realpath(str(path))
+            except Exception:
+                lock_key = str(path)
+
+            timeout_seconds = None
+            if timeout is None:
+                env_timeout = os.environ.get("ZEXUS_FILE_LOCK_TIMEOUT_SECONDS", "30")
+                try:
+                    timeout_seconds = float(env_timeout)
+                except Exception:
+                    timeout_seconds = 30.0
+            else:
+                if isinstance(timeout, Integer):
+                    timeout_seconds = float(timeout.value)
+                elif isinstance(timeout, Float):
+                    timeout_seconds = float(timeout.value)
+                elif isinstance(timeout, String):
+                    timeout_seconds = float(timeout.value)
+                else:
+                    timeout_seconds = float(timeout)
+
+            if timeout_seconds is not None and timeout_seconds < 0:
+                timeout_seconds = 0.0
 
-                File._file_locks[path].acquire()
+            with File._lock:
+                lock_obj = File._file_locks.get(lock_key)
+                if lock_obj is None:
+                    lock_obj = Lock()
+                    File._file_locks[lock_key] = lock_obj
+
+            # Acquire without holding the global map lock
+            acquired = False
+            if timeout_seconds is None:
+                # Shouldn't happen, but keep backward-compatible behavior
+                lock_obj.acquire()
+                acquired = True
+            else:
+                acquired = lock_obj.acquire(timeout=timeout_seconds)
+
+            if acquired:
                 return Boolean(True)
+            return EvaluationError(f"File lock timeout after {timeout_seconds:.3f}s")
         except Exception as e:
             return EvaluationError(f"File lock error: {str(e)}")
 
@@ -751,10 +1037,22 @@ class File(Object):
             if isinstance(path, String):
                 path = path.value
 
+            try:
+                lock_key = os.path.realpath(str(path))
+            except Exception:
+                lock_key = str(path)
+
             with File._lock:
-                if path in File._file_locks:
-                    File._file_locks[path].release()
-                    return Boolean(True)
+                lock_obj = File._file_locks.get(lock_key)
+                if lock_obj is not None:
+                    try:
+                        if hasattr(lock_obj, "locked") and not lock_obj.locked():
+                            return Boolean(False)
+                        lock_obj.release()
+                        return Boolean(True)
+                    except RuntimeError:
+                        # Release on an unlocked lock
+                        return Boolean(False)
                 return Boolean(False)
         except Exception as e:
             return EvaluationError(f"File unlock error: {str(e)}")
@@ -996,13 +1294,10 @@ class Environment:
         """Initialize persistence system if scope is provided"""
         if self.persistence_scope:
             try:
-                # Lazy import to avoid circular dependencies
-                import sys
-                if 'zexus.persistence' in sys.modules:
-                    from .persistence import PersistentStorage, MemoryTracker
-                    self._persistent_storage = PersistentStorage(self.persistence_scope)
-                    self._memory_tracker = MemoryTracker()
-                    self._memory_tracker.start_tracking()
+                from .persistence import PersistentStorage, MemoryTracker
+                self._persistent_storage = PersistentStorage(self.persistence_scope)
+                self._memory_tracker = MemoryTracker()
+                self._memory_tracker.start_tracking()
             except (ImportError, Exception):
                 # Persistence module not available or error - continue without it
                 pass
@@ -1042,12 +1337,9 @@ class Environment:
         """Enable memory leak detection"""
         if not self._memory_tracker:
             try:
-                # Lazy import
-                import sys
-                if 'zexus.persistence' in sys.modules:
-                    from .persistence import MemoryTracker
-                    self._memory_tracker = MemoryTracker()
-                    self._memory_tracker.start_tracking()
+                from .persistence import MemoryTracker
+                self._memory_tracker = MemoryTracker()
+                self._memory_tracker.start_tracking()
             except (ImportError, Exception):
                 pass
     

package/src/zexus/parser/parser.py

@@ -140,6 +140,7 @@ class UltimateParser:
             REQUIRE: self.parse_require_statement,
             REVERT: self.parse_revert_statement,
             LIMIT: self.parse_limit_statement,
+            PROTOCOL: self.parse_protocol_statement,
         }
 
         # Traditional parser setup (fallback)
@@ -361,6 +362,15 @@ class UltimateParser:
                         if match_brace_depth == 0:
                             in_match_brace = False
                 elif t.type == LAMBDA and getattr(t, 'literal', None) == '=>':
+                    # Exclude watch => patterns — those are reactive watchers, not lambdas
+                    if idx > 0 and all_tokens[idx - 1].type == IDENT:
+                        # Check if this is a watch statement: watch <expr> =>
+                        # Walk back past identifiers and dots (e.g. watch order.status =>)
+                        watch_idx = idx - 2
+                        while watch_idx >= 0 and all_tokens[watch_idx].type in (IDENT, DOT):
+                            watch_idx -= 1
+                        if watch_idx >= 0 and getattr(all_tokens[watch_idx], 'type', None) == WATCH:
+                            continue  # Skip watch arrows
                     has_non_match_arrow = True
                     break
             if has_non_match_arrow:
@@ -2817,24 +2827,30 @@ class UltimateParser:
             self.errors.append(f"Line {token.line}:{token.column} - Expected expression after 'watch'")
             return None
 
-        # Expect '=>' (LAMBDA token)
-        if not self.expect_peek(LAMBDA):
-            self.errors.append(f"Line {self.cur_token.line}:{self.cur_token.column} - Expected '=>' in watch statement")
-            return None
+        # Check for '=>' (LAMBDA token) — optional; allow watch expr { ... } form
+        if self.peek_token_is(LAMBDA):
+            self.next_token()  # consume '=>'
 
-        # Parse reaction (block or expression)
-        if self.peek_token_is(LBRACE):
+            # Parse reaction (block or expression)
+            if self.peek_token_is(LBRACE):
+                self.next_token()
+                reaction = self.parse_block("watch")
+            else:
+                self.next_token()
+                reaction_block = BlockStatement()
+                stmt = self.parse_statement()
+                if stmt is None:
+                    self.errors.append(f"Line {self.cur_token.line}:{self.cur_token.column} - Expected reaction after '=>'")
+                    return None
+                reaction_block.statements.append(stmt)
+                reaction = reaction_block
+        elif self.peek_token_is(LBRACE):
+            # Form: watch expr { ... }
             self.next_token()
             reaction = self.parse_block("watch")
         else:
-            self.next_token()
-            reaction_block = BlockStatement()
-            stmt = self.parse_statement()
-            if stmt is None:
-                self.errors.append(f"Line {self.cur_token.line}:{self.cur_token.column} - Expected reaction after '=>'")
-                return None
-            reaction_block.statements.append(stmt)
-            reaction = reaction_block
+            self.errors.append(f"Line {self.cur_token.line}:{self.cur_token.column} - Expected '=>' or '{{' in watch statement")
+            return None
 
         if reaction is None:
             self.errors.append(f"Line {self.cur_token.line}:{self.cur_token.column} - Expected reaction after '=>'")
@@ -4451,6 +4467,54 @@ class UltimateParser:
         
         return InterfaceStatement(name=interface_name, methods=methods, properties=properties)
 
+    def parse_protocol_statement(self):
+        """Parse protocol definition statement
+        
+        protocol Greetable {
+            action greet() -> string
+            action farewell()
+        }
+        """
+        token = self.cur_token
+        self.next_token()
+        
+        # protocol Name { ... }
+        if not self.cur_token_is(IDENT):
+            self.errors.append(f"Line {token.line}:{token.column} - Expected protocol name")
+            return None
+        
+        protocol_name = Identifier(self.cur_token.literal)
+        self.next_token()
+        
+        methods = []
+        
+        if self.cur_token_is(LBRACE):
+            self.next_token()
+            while not self.cur_token_is(RBRACE) and self.cur_token.type != EOF:
+                if self.cur_token_is(ACTION) or self.cur_token_is(FUNCTION):
+                    self.next_token()
+                    if self.cur_token_is(IDENT):
+                        methods.append(self.cur_token.literal)
+                        self.next_token()
+                        # Skip past params and return type annotation
+                        while not self.cur_token_is(SEMICOLON) and not self.cur_token_is(RBRACE) and self.cur_token.type != EOF:
+                            self.next_token()
+                        if self.cur_token_is(SEMICOLON):
+                            self.next_token()
+                    else:
+                        self.next_token()
+                elif self.cur_token_is(IDENT):
+                    methods.append(self.cur_token.literal)
+                    self.next_token()
+                    while not self.cur_token_is(SEMICOLON) and not self.cur_token_is(RBRACE) and self.cur_token.type != EOF:
+                        self.next_token()
+                    if self.cur_token_is(SEMICOLON):
+                        self.next_token()
+                else:
+                    self.next_token()
+        
+        return ProtocolStatement(name=protocol_name, methods=methods)
+
     def parse_type_alias_statement(self):
         """Parse type alias statement"""
         token = self.cur_token
@@ -4551,8 +4615,16 @@ class UltimateParser:
         
         return UsingStatement(resource_name=resource_name, resource_expr=resource_expr, body=body)
 
+    def parse_type_expression(self):
+        """Parse a simple type expression (identifier)."""
+        if self.cur_token_is(IDENT):
+            type_node = Identifier(self.cur_token.literal)
+            self.next_token()
+            return type_node
+        return None
+
     def parse_channel_statement(self):
-        """Parse channel declaration: channel<type> name; or channel<type> name = expr;"""
+        """Parse channel declaration: channel<type>[capacity] name"""
         token = self.cur_token
         self.next_token()  # consume CHANNEL
         
@@ -4570,25 +4642,33 @@ class UltimateParser:
         
         self.next_token()
         
+        # Optional capacity in brackets: [10]
+        capacity = None
+        if self.cur_token_is(LBRACKET):
+            self.next_token()
+            capacity = self.parse_expression(LOWEST)
+            if not self.cur_token_is(RBRACKET):
+                self.errors.append(f"Line {token.line}:{token.column} - Expected ']' after channel capacity")
+                return None
+            self.next_token()
+        
         # Parse channel name
         if not self.cur_token_is(IDENT):
             self.errors.append(f"Line {token.line}:{token.column} - Expected channel name")
             return None
         
-        name = self.cur_token.literal
+        name = Identifier(self.cur_token.literal)
         self.next_token()
         
-        # Optional capacity specification
-        capacity = None
-        if self.cur_token_is(ASSIGN):
+        # Optional capacity via assignment: = expr
+        if capacity is None and self.cur_token_is(ASSIGN):
             self.next_token()
             capacity = self.parse_expression(LOWEST)
         
-        if not self.cur_token_is(SEMICOLON):
-            self.errors.append(f"Line {token.line}:{token.column} - Expected ';' after channel declaration")
-            return None
+        # Semicolons are optional in modern Zexus
+        if self.cur_token_is(SEMICOLON):
+            self.next_token()
         
-        self.next_token()
         return ChannelStatement(name=name, element_type=element_type, capacity=capacity)
 
     def parse_send_statement(self):