ostruct-cli 0.3.0__py3-none-any.whl → 0.4.0__py3-none-any.whl

ostruct/cli/errors.py

@@ -1,11 +1,14 @@
 """Custom error classes for CLI error handling."""
 
-import os
-from pathlib import Path
+import logging
 from typing import Any, Dict, List, Optional, TextIO, cast
 
 import click
 
+from .security.errors import PathSecurityError as SecurityPathSecurityError
+
+logger = logging.getLogger(__name__)
+
 
 class CLIError(click.ClickException):
     """Base class for all CLI errors."""
@@ -96,6 +99,19 @@ class FileNotFoundError(PathError):
         super().__init__(path, path, context)
 
 
+class FileReadError(PathError):
+    """Raised when a file cannot be read or decoded.
+
+    This is a wrapper exception that preserves the original cause (FileNotFoundError,
+    UnicodeDecodeError, etc) while providing a consistent interface for error handling.
+    """
+
+    def __init__(
+        self, message: str, path: str, context: Optional[Dict[str, Any]] = None
+    ):
+        super().__init__(message, path, context)
+
+
 class DirectoryNotFoundError(PathError):
     """Raised when a specified directory does not exist."""
 
@@ -104,12 +120,11 @@ class DirectoryNotFoundError(PathError):
         super().__init__(path, path, context)
 
 
-class PathSecurityError(PathError):
-    """Exception raised when file access is denied due to security constraints.
+class PathSecurityError(CLIError, SecurityPathSecurityError):
+    """CLI wrapper for security package's PathSecurityError.
 
-    Attributes:
-        message: The error message with full context
-        wrapped: Whether this error has been wrapped by another error
+    This class bridges the security package's error handling with the CLI's
+    error handling system, providing both sets of functionality.
     """
 
     def __init__(
@@ -119,188 +134,65 @@ class PathSecurityError(PathError):
         context: Optional[Dict[str, Any]] = None,
         error_logged: bool = False,
     ):
-        path = path or "unknown"  # Provide default path if none given
-        context = context or {}
-        context["has_been_logged"] = (
-            error_logged  # Store in context to match parent behavior
+        """Initialize both parent classes properly.
+
+        Args:
+            message: The error message
+            path: The path that caused the error
+            context: Additional context about the error
+            error_logged: Whether this error has been logged
+        """
+        # Initialize security error first
+        SecurityPathSecurityError.__init__(
+            self,
+            message,
+            path=path or "",
+            context=context,
+            error_logged=error_logged,
+        )
+        # Initialize CLI error with the same context
+        CLIError.__init__(self, message, context=self.context)
+        # Ensure error_logged state is consistent
+        self._has_been_logged = error_logged
+        logger.debug(
+            "Created CLI PathSecurityError with message=%r, path=%r, context=%r, error_logged=%r",
+            message,
+            path,
+            self.context,
+            error_logged,
         )
-        context["wrapped"] = False  # Initialize wrapped state
-        super().__init__(message, path, context)
 
-    def __str__(self) -> str:
-        """Return string representation with allowed directories if present."""
-        base = super().__str__()
-        if self.context and "allowed_dirs" in self.context:
-            allowed = self.context["allowed_dirs"]
-            if allowed:  # Only add if there are actually allowed dirs
-                return f"{base} (allowed directories: {', '.join(allowed)})"
-        return base
+    def show(self, file: Optional[TextIO] = None) -> None:
+        """Show the error with CLI formatting."""
+        logger.debug("Showing error with context: %r", self.context)
+        super().show(file)
 
     @property
     def has_been_logged(self) -> bool:
         """Whether this error has been logged."""
-        return bool(self.context.get("has_been_logged", False))
+        return self._has_been_logged or super().has_been_logged
 
     @has_been_logged.setter
     def has_been_logged(self, value: bool) -> None:
         """Set whether this error has been logged."""
-        self.context["has_been_logged"] = value
+        self._has_been_logged = value
+        super().has_been_logged = value  # type: ignore[misc]
 
     @property
     def error_logged(self) -> bool:
-        """Alias for has_been_logged for backward compatibility."""
+        """Whether this error has been logged (alias for has_been_logged)."""
         return self.has_been_logged
 
     @error_logged.setter
     def error_logged(self, value: bool) -> None:
-        """Alias for has_been_logged for backward compatibility."""
+        """Set whether this error has been logged (alias for has_been_logged)."""
         self.has_been_logged = value
 
-    @property
-    def wrapped(self) -> bool:
-        """Whether this error has been wrapped by another error."""
-        return bool(self.context.get("wrapped", False))
-
-    @wrapped.setter
-    def wrapped(self, value: bool) -> None:
-        """Set whether this error has been wrapped."""
-        self.context["wrapped"] = value
-
-    @staticmethod
-    def _format_allowed_dirs(allowed_dirs: List[str]) -> str:
-        """Format allowed directories as a list representation."""
-        return f"[{', '.join(repr(d) for d in allowed_dirs)}]"
-
-    @staticmethod
-    def _create_error_message(
-        path: str, base_dir: Optional[str] = None
-    ) -> str:
-        """Create a standardized error message."""
-        if base_dir:
-            rel_path = os.path.relpath(path, base_dir)
-            return f"Access denied: {rel_path} is outside base directory and not in allowed directories"
-        return f"Access denied: {path} is outside base directory and not in allowed directories"
-
-    @classmethod
-    def from_expanded_paths(
-        cls,
-        original_path: str,
-        expanded_path: str,
-        base_dir: Optional[str] = None,
-        allowed_dirs: Optional[List[str]] = None,
-        error_logged: bool = False,
-    ) -> "PathSecurityError":
-        """Create error with expanded path context."""
-        message = f"Access denied: {original_path} is outside base directory and not in allowed directories"
-        if expanded_path != original_path:
-            message += f" (expanded to {expanded_path})"
-
-        context = {
-            "original_path": original_path,
-            "expanded_path": expanded_path,
-            "has_been_logged": error_logged,
-        }
-        if base_dir:
-            context["base_dir"] = base_dir
-        if allowed_dirs:
-            context["allowed_dirs"] = allowed_dirs
-
-        # Format full message with all context
-        parts = [message]
-        if base_dir:
-            parts.append(f"Base directory: {base_dir}")
-        if allowed_dirs:
-            parts.append(
-                f"Allowed directories: {cls._format_allowed_dirs(allowed_dirs)}"
-            )
-        parts.append(
-            "Use --allowed-dir to specify additional allowed directories"
-        )
-
-        return cls(
-            "\n".join(parts),
-            path=original_path,
-            context=context,
-            error_logged=error_logged,
-        )
-
-    @classmethod
-    def access_denied(
-        cls,
-        path: Path,
-        reason: Optional[str] = None,
-        error_logged: bool = False,
-    ) -> "PathSecurityError":
-        """Create access denied error."""
-        msg = f"Access denied: {path}"
-        if reason:
-            msg += f" - {reason}"
-        msg += " is outside base directory and not in allowed directories"
-        return cls(msg, path=str(path), error_logged=error_logged)
-
-    @classmethod
-    def outside_allowed(
-        cls,
-        path: Path,
-        base_dir: Optional[Path] = None,
-        error_logged: bool = False,
-    ) -> "PathSecurityError":
-        """Create error for path outside allowed directories."""
-        msg = f"Access denied: {path} is outside base directory and not in allowed directories"
-        context = {}
-        if base_dir:
-            context["base_directory"] = str(base_dir)
-        return cls(
-            msg, path=str(path), context=context, error_logged=error_logged
-        )
-
-    @classmethod
-    def traversal_attempt(
-        cls, path: Path, error_logged: bool = False
-    ) -> "PathSecurityError":
-        """Create error for directory traversal attempt."""
-        msg = f"Access denied: {path} - directory traversal not allowed"
-        return cls(msg, path=str(path), error_logged=error_logged)
-
-    def format_with_context(
-        self,
-        original_path: Optional[str] = None,
-        expanded_path: Optional[str] = None,
-        base_dir: Optional[str] = None,
-        allowed_dirs: Optional[List[str]] = None,
-    ) -> str:
-        """Format error message with additional context."""
-        parts = [self.message]
-        if original_path and expanded_path and original_path != expanded_path:
-            parts.append(f"Original path: {original_path}")
-            parts.append(f"Expanded path: {expanded_path}")
-        if base_dir:
-            parts.append(f"Base directory: {base_dir}")
-        if allowed_dirs:
-            parts.append(
-                f"Allowed directories: {self._format_allowed_dirs(allowed_dirs)}"
-            )
-        parts.append(
-            "Use --allowed-dir to specify additional allowed directories"
-        )
-        return "\n".join(parts)
-
-    @classmethod
-    def wrap_error(
-        cls, context: str, original: "PathSecurityError"
-    ) -> "PathSecurityError":
-        """Wrap an error with additional context while preserving attributes."""
-        message = f"{context}: {original.message}"
-        new_context = original.context.copy()
-        new_context["wrapped"] = True  # Mark as wrapped
-        error = cls(
-            message,
-            path=original.context.get("path", "unknown"),
-            context=new_context,
-            error_logged=original.has_been_logged,
-        )
-        error.wrapped = True  # Ensure wrapped is set through the property
-        return error
+    def __str__(self) -> str:
+        """Format the error message with context."""
+        msg = SecurityPathSecurityError.__str__(self)
+        logger.debug("Formatted error message: %r", msg)
+        return msg
 
 
 class TaskTemplateError(CLIError):
@@ -470,6 +362,7 @@ __all__ = [
     "PathError",
     "PathSecurityError",
     "FileNotFoundError",
+    "FileReadError",
     "DirectoryNotFoundError",
     "SchemaValidationError",
     "SchemaFileError",

ostruct/cli/file_info.py

@@ -5,7 +5,7 @@ import logging
 import os
 from typing import Any, Optional
 
-from .errors import FileNotFoundError, PathSecurityError
+from .errors import FileNotFoundError, FileReadError, PathSecurityError
 from .security import SecurityManager
 
 logger = logging.getLogger(__name__)
@@ -45,6 +45,7 @@ class FileInfo:
         Raises:
             FileNotFoundError: If the file does not exist
             PathSecurityError: If the path is not allowed
+            PermissionError: If access is denied
         """
         logger.debug("Creating FileInfo for path: %s", path)
 
@@ -53,7 +54,7 @@ class FileInfo:
             raise ValueError("Path cannot be empty")
 
         # Initialize private attributes
-        self.__path = os.path.expanduser(os.path.expandvars(path))
+        self.__path = str(path)
         self.__security_manager = security_manager
         self.__content = content
         self.__encoding = encoding
@@ -61,44 +62,67 @@ class FileInfo:
         self.__size: Optional[int] = None
         self.__mtime: Optional[float] = None
 
-        # First validate security and resolve path
         try:
             # This will raise PathSecurityError if path is not allowed
+            # And FileNotFoundError if the file doesn't exist
             resolved_path = self.__security_manager.resolve_path(self.__path)
             logger.debug(
                 "Security-resolved path for %s: %s", path, resolved_path
             )
 
-            # Now check if the file exists and is accessible
-            if not resolved_path.exists():
-                # Use the original path in the error message
-                raise FileNotFoundError(
-                    f"File not found: {os.path.basename(path)}"
-                )
-
+            # Check if it's a regular file (not a directory, device, etc.)
             if not resolved_path.is_file():
+                logger.debug("Not a regular file: %s", resolved_path)
                 raise FileNotFoundError(
-                    f"Not a file: {os.path.basename(path)}"
+                    f"Not a regular file: {os.path.basename(str(path))}"
                 )
 
-        except PathSecurityError:
-            # Re-raise security errors as is
-            raise
-        except FileNotFoundError:
-            # Re-raise file not found errors with simplified message
-            raise FileNotFoundError(
-                f"File not found: {os.path.basename(path)}"
+        except PathSecurityError as e:
+            # Let security errors propagate directly with context
+            logger.error(
+                "Security error accessing file %s: %s",
+                path,
+                str(e),
+                extra={
+                    "path": path,
+                    "resolved_path": (
+                        str(resolved_path)
+                        if "resolved_path" in locals()
+                        else None
+                    ),
+                    "base_dir": str(self.__security_manager.base_dir),
+                    "allowed_dirs": [
+                        str(d) for d in self.__security_manager.allowed_dirs
+                    ],
+                },
             )
-        except Exception:  # Catch all other exceptions
-            # Convert other errors to FileNotFoundError with simplified message
+            raise
+
+        except FileNotFoundError as e:
+            # Re-raise with standardized message format
+            logger.debug("File not found error: %s", e)
             raise FileNotFoundError(
-                f"File not found: {os.path.basename(path)}"
-            )
+                f"File not found: {os.path.basename(str(path))}"
+            ) from e
 
-        # If content/encoding weren't provided, read them now
-        if self.__content is None or self.__encoding is None:
-            logger.debug("Reading content for %s", path)
-            self._read_file()
+        except PermissionError as e:
+            # Handle permission errors with context
+            logger.error(
+                "Permission denied accessing file %s: %s",
+                path,
+                str(e),
+                extra={
+                    "path": path,
+                    "resolved_path": (
+                        str(resolved_path)
+                        if "resolved_path" in locals()
+                        else None
+                    ),
+                },
+            )
+            raise PermissionError(
+                f"Permission denied: {os.path.basename(str(path))}"
+            ) from e
 
     @property
     def path(self) -> str:
@@ -154,7 +178,8 @@ class FileInfo:
         """Get file size in bytes."""
         if self.__size is None:
             try:
-                self.__size = os.path.getsize(self.abs_path)
+                size = os.path.getsize(self.abs_path)
+                self.__size = size
             except OSError:
                 logger.warning("Could not get size for %s", self.__path)
                 return None
@@ -170,7 +195,8 @@ class FileInfo:
         """Get file modification time as Unix timestamp."""
         if self.__mtime is None:
             try:
-                self.__mtime = os.path.getmtime(self.abs_path)
+                mtime = os.path.getmtime(self.abs_path)
+                self.__mtime = mtime
             except OSError:
                 logger.warning("Could not get mtime for %s", self.__path)
                 return None
@@ -183,10 +209,25 @@ class FileInfo:
 
     @property
     def content(self) -> str:
-        """Get the content of the file."""
+        """Get the content of the file.
+
+        Returns:
+            str: The file content
+
+        Raises:
+            FileReadError: If the file cannot be read, wrapping the underlying cause
+                         (FileNotFoundError, UnicodeDecodeError, etc)
+        """
+        if self.__content is None:
+            try:
+                self._read_file()
+            except Exception as e:
+                raise FileReadError(
+                    f"Failed to load content: {self.__path}", self.__path
+                ) from e
         assert (
             self.__content is not None
-        ), "Content should be initialized in constructor"
+        )  # Help mypy understand content is set
         return self.__content
 
     @content.setter
@@ -196,10 +237,20 @@ class FileInfo:
 
     @property
     def encoding(self) -> str:
-        """Get the encoding of the file."""
+        """Get the encoding of the file.
+
+        Returns:
+            str: The file encoding (utf-8 or system)
+
+        Raises:
+            FileReadError: If the file cannot be read or decoded
+        """
+        if self.__encoding is None:
+            # This will trigger content loading and may raise FileReadError
+            self.content
         assert (
             self.__encoding is not None
-        ), "Encoding should be initialized in constructor"
+        )  # Help mypy understand encoding is set
         return self.__encoding
 
     @encoding.setter
@@ -248,34 +299,24 @@ class FileInfo:
             return False
 
     def _read_file(self) -> None:
-        """Read file content and encoding from disk."""
+        """Read and decode file content.
+
+        Implementation detail: Attempts UTF-8 first, falls back to system encoding.
+        All exceptions will be caught and wrapped by the content property.
+        """
         try:
             with open(self.abs_path, "rb") as f:
                 raw_content = f.read()
-        except FileNotFoundError as e:
-            raise FileNotFoundError(f"File not found: {self.__path}") from e
-        except OSError as e:
-            raise FileNotFoundError(
-                f"Could not read file {self.__path}: {e}"
-            ) from e
-
-        # Try UTF-8 first
-        try:
-            self.__content = raw_content.decode("utf-8")
-            self.__encoding = "utf-8"
-            return
-        except UnicodeDecodeError:
-            pass
-
-        # Fall back to system default encoding
-        try:
-            self.__content = raw_content.decode()
-            self.__encoding = "system"
-            return
-        except UnicodeDecodeError as e:
-            raise ValueError(
-                f"Could not decode file {self.__path}: {e}"
-            ) from e
+            try:
+                self.__content = raw_content.decode("utf-8")
+                self.__encoding = "utf-8"
+            except UnicodeDecodeError:
+                # Fall back to system encoding
+                self.__content = raw_content.decode()
+                self.__encoding = "system"
+        except Exception:
+            # Let content property handle all errors
+            raise
 
     def update_cache(
         self,