"""Hardening tests for ``muse snapshot`` — security, performance, agent UX. Covers: Unit (helpers): - _safe_arcname: absolute path rejected, .. segments rejected, prefix .. rejected, valid paths accepted - _validate_snapshot_id_prefix: strips non-hex chars, caps at 64 - _list_all_snapshots: symlink skipped - _resolve_snapshot: prefix scan skips symlinks, full ID hit Unit (SnapshotRecord): - note field persists through to_dict / from_dict round-trip - note defaults to "" for old records without the field Security: - Symlink inside .muse/snapshots/ skipped during list - Symlink inside .muse/snapshots/ skipped during show prefix scan - Symlink inside .muse/snapshots/ skipped during export prefix scan - ANSI in note sanitized in text output, raw in JSON - ANSI in rel_path sanitized in show --text output - Broken --json shorthand on export no longer accepted (was broken bug) Error routing: - snapshot read not-found goes to stderr - snapshot export not-found goes to stderr JSON schema (create): - All _SnapshotCreateJson fields present: repo_id, snapshot_id, file_count, note, created_at - note persisted and returned in JSON JSON schema (list): - _SnapshotListItemJson fields: snapshot_id, file_count, note, created_at - note round-trips through create → list JSON schema (show): - _SnapshotReadJson fields: snapshot_id, created_at, file_count, note, manifest - show default is JSON (no flag needed) - --text flag emits human-readable text JSON schema (export): - _SnapshotExportJson fields: snapshot_id, output, format, file_count, size_bytes - size_bytes > 0 for non-empty archive - format field matches archive type New features: - note persisted in SnapshotRecord (not ephemeral) - note shown in snapshot list text output - note shown in snapshot read text output - Old --format json / -f json flags rejected (clean migration) Integration: - create → list → show → export pipeline (tar.gz + zip) - Prefix scan resolves short ID in show and export - Multiple snapshots sorted newest-first in list - export --json + tar.gz produces valid archive AND JSON summary E2E: - --help shows --json for create, list, export - --help shows --text for show - snapshot read --help describes default-JSON behaviour Stress: - 200 snapshots list correctly - 500-file snapshot create + show manifest integrity - Concurrent create (5 threads) - Concurrent list (10 threads) """ from __future__ import annotations import hashlib import json import pathlib import tarfile import threading import zipfile import pytest from tests.cli_test_helper import CliRunner, InvokeResult from muse.core.object_store import object_path, write_object from muse.core.ids import hash_snapshot from muse.core.types import MsgpackValue from muse.core.snapshots import ( SnapshotRecord, write_snapshot, ) from muse.cli.commands.snapshot_cmd import ( _list_all_snapshots, _resolve_snapshot, _safe_arcname, _validate_snapshot_id_prefix, ) from muse.core.types import Manifest, MsgpackDict, blob_id, split_id, short_id from muse.core.paths import muse_dir runner = CliRunner() cli = None # argparse migration — CliRunner ignores this arg _REPO_ID = "snapshot-hardening-test" # --------------------------------------------------------------------------- # TypedDicts for parsing JSON # --------------------------------------------------------------------------- from typing import TypedDict class _CreateOut(TypedDict): repo_id: str snapshot_id: str file_count: int note: str created_at: str class _ListItemOut(TypedDict): snapshot_id: str file_count: int note: str created_at: str class _ReadOut(TypedDict): snapshot_id: str created_at: str file_count: int note: str manifest: Manifest class _ExportOut(TypedDict): snapshot_id: str output: str format: str file_count: int size_bytes: int # --------------------------------------------------------------------------- # Helpers # --------------------------------------------------------------------------- _invoke_lock = threading.Lock() def _init_repo(path: pathlib.Path) -> pathlib.Path: muse = muse_dir(path) for d in ("commits", "snapshots", "objects", "refs/heads"): (muse / d).mkdir(parents=True, exist_ok=True) (muse / "HEAD").write_text("ref: refs/heads/main", encoding="utf-8") (muse / "repo.json").write_text( json.dumps({"repo_id": _REPO_ID, "domain": "code"}), encoding="utf-8" ) return path def _env(repo: pathlib.Path) -> Manifest: return {"MUSE_REPO_ROOT": str(repo)} def _create_files(root: pathlib.Path, count: int = 3) -> list[str]: names: list[str] = [] for i in range(count): name = f"file_{i}.txt" (root / name).write_text(f"content {i}", encoding="utf-8") names.append(name) return names def _invoke(args: list[str], env: Manifest) -> InvokeResult: with _invoke_lock: return runner.invoke(cli, args, env=env) def _write_snapshot(root: pathlib.Path, note: str = "", n_files: int = 1) -> str: """Create and store a snapshot record directly; return the snapshot_id.""" manifest: Manifest = {} for i in range(n_files): data = f"object-{i}-{note}".encode() obj_id = blob_id(data) write_object(root, obj_id, data) manifest[f"file_{i}.txt"] = obj_id snap_id = hash_snapshot(manifest) write_snapshot(root, SnapshotRecord(snapshot_id=snap_id, manifest=manifest, note=note)) return snap_id # --------------------------------------------------------------------------- # Unit: _safe_arcname # --------------------------------------------------------------------------- def test_safe_arcname_rejects_absolute() -> None: assert _safe_arcname("prefix", "/etc/passwd") is None def test_safe_arcname_rejects_dotdot_in_rel() -> None: assert _safe_arcname("prefix", "../traversal.txt") is None def test_safe_arcname_rejects_dotdot_in_prefix() -> None: assert _safe_arcname("../traversal", "file.txt") is None def test_safe_arcname_valid_no_prefix() -> None: result = _safe_arcname("", "path/to/file.txt") assert result == "path/to/file.txt" def test_safe_arcname_valid_with_prefix() -> None: result = _safe_arcname("myproject", "path/to/file.txt") assert result == "myproject/path/to/file.txt" def test_safe_arcname_strips_trailing_slash_from_prefix() -> None: result = _safe_arcname("myproject/", "file.txt") assert result == "myproject/file.txt" # --------------------------------------------------------------------------- # Unit: _validate_snapshot_id_prefix # --------------------------------------------------------------------------- def test_validate_snapshot_id_prefix_strips_non_hex() -> None: result = _validate_snapshot_id_prefix("abc123xyz!@#$") assert result == "abc123" def test_validate_snapshot_id_prefix_caps_at_64() -> None: long_hex = "a" * 100 result = _validate_snapshot_id_prefix(long_hex) assert len(result) == 64 def test_validate_snapshot_id_prefix_empty_input() -> None: result = _validate_snapshot_id_prefix("") assert result == "" # --------------------------------------------------------------------------- # Unit: _list_all_snapshots symlink guard # --------------------------------------------------------------------------- def test_list_all_snapshots_skips_symlink(tmp_path: pathlib.Path) -> None: from muse.core.paths import objects_dir as _objects_dir _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path) # Plant a symlink inside the object store — iter_stored_objects must skip it. objs_dir = _objects_dir(tmp_path) shard_dir = objs_dir / "sha256" / "de" shard_dir.mkdir(parents=True, exist_ok=True) target = tmp_path / "malicious.txt" target.write_bytes(b"not a snapshot") link = shard_dir / ("ad" + "0" * 60) try: link.symlink_to(target) except (OSError, NotImplementedError): pytest.skip("symlinks not supported on this platform") results = _list_all_snapshots(tmp_path) snap_ids = [r.snapshot_id for r in results] # Only the legitimately written snapshot must appear. assert snap_ids == [snap_id] def test_list_all_snapshots_returns_real_records(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _write_snapshot(tmp_path, note="a") _write_snapshot(tmp_path, note="b", n_files=2) results = _list_all_snapshots(tmp_path) assert len(results) == 2 # --------------------------------------------------------------------------- # Unit: _resolve_snapshot prefix scan skips symlinks # --------------------------------------------------------------------------- def test_resolve_snapshot_prefix_skips_symlink(tmp_path: pathlib.Path) -> None: from muse.core.paths import objects_dir as _objects_dir _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path) # Plant a symlink with prefix "aaaa" inside the object store. objs_dir = _objects_dir(tmp_path) shard_dir = objs_dir / "sha256" / "aa" shard_dir.mkdir(parents=True, exist_ok=True) target = tmp_path / "rogue.txt" target.write_bytes(b"not a snapshot") link = shard_dir / ("aa" + "0" * 60) try: link.symlink_to(target) except (OSError, NotImplementedError): pytest.skip("symlinks not supported on this platform") # The symlink has a hex prefix "aaaa…" — resolving that prefix must skip it. resolved = _resolve_snapshot(tmp_path, "aaaa") # "aaaa" is not a hex prefix of the real snap_id — so should be None. assert resolved is None or resolved.snapshot_id == snap_id def test_resolve_snapshot_full_id_hit(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="full hit") resolved = _resolve_snapshot(tmp_path, snap_id) assert resolved is not None assert resolved.snapshot_id == snap_id def test_resolve_snapshot_prefix_hit(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="prefix hit") resolved = _resolve_snapshot(tmp_path, short_id(snap_id)) assert resolved is not None assert resolved.snapshot_id == snap_id def test_resolve_snapshot_miss(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) resolved = _resolve_snapshot(tmp_path, "0000000000000000000000000000000000000000000000000000000000000000") assert resolved is None # --------------------------------------------------------------------------- # Unit: SnapshotRecord note round-trip # --------------------------------------------------------------------------- def test_snapshot_record_note_round_trips_to_dict() -> None: snap = SnapshotRecord(snapshot_id="a" * 64, manifest={}, note="my note") d = snap.to_dict() assert d["note"] == "my note" def test_snapshot_record_note_round_trips_from_dict() -> None: snap = SnapshotRecord(snapshot_id="b" * 64, manifest={}, note="restored") d: MsgpackDict = { "snapshot_id": snap.snapshot_id, "manifest": {}, "created_at": snap.created_at.isoformat(), "note": snap.note, } restored = SnapshotRecord.from_dict(d) assert restored.note == "restored" def test_snapshot_record_note_defaults_empty_for_old_records() -> None: d: MsgpackDict = { "snapshot_id": "c" * 64, "manifest": {}, "created_at": "2026-01-01T00:00:00+00:00", # no "note" key — simulates an old record } restored = SnapshotRecord.from_dict(d) assert restored.note == "" # --------------------------------------------------------------------------- # Security: symlink guard in show + export # --------------------------------------------------------------------------- def test_snapshot_read_symlink_not_resolved(tmp_path: pathlib.Path) -> None: """Prefix scan in show must skip symlinks in the object store.""" from muse.core.paths import objects_dir as _objects_dir _init_repo(tmp_path) _write_snapshot(tmp_path) objs_dir = _objects_dir(tmp_path) shard_dir = objs_dir / "sha256" / "00" shard_dir.mkdir(parents=True, exist_ok=True) target = tmp_path / "some_file.txt" target.write_bytes(b"not a snapshot") link = shard_dir / ("00" + "0" * 60) try: link.symlink_to(target) except (OSError, NotImplementedError): pytest.skip("symlinks not supported on this platform") result = _invoke(["snapshot", "read", "0000000000000000"], env=_env(tmp_path)) # Symlink skipped → prefix "0000" not found → exit_code != 0 assert result.exit_code != 0 def test_snapshot_export_symlink_not_resolved(tmp_path: pathlib.Path) -> None: """Prefix scan in export must skip symlinks in the object store.""" from muse.core.paths import objects_dir as _objects_dir _init_repo(tmp_path) _write_snapshot(tmp_path) objs_dir = _objects_dir(tmp_path) shard_dir = objs_dir / "sha256" / "bb" shard_dir.mkdir(parents=True, exist_ok=True) target = tmp_path / "some_file.txt" target.write_bytes(b"not a snapshot") link = shard_dir / ("bb" + "0" * 60) try: link.symlink_to(target) except (OSError, NotImplementedError): pytest.skip("symlinks not supported on this platform") out_file = tmp_path / "out.tar.gz" result = _invoke( ["snapshot", "export", "bbbbbbbbbbbbbbbb", "--output", str(out_file)], env=_env(tmp_path), ) # Symlink skipped → prefix "bbbb" not found → exit_code != 0 assert result.exit_code != 0 # --------------------------------------------------------------------------- # Security: ANSI injection # --------------------------------------------------------------------------- def test_ansi_in_note_sanitized_in_text_output(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) malicious_note = "\x1b[31mRED\x1b[0m" result = _invoke(["snapshot", "create", "-m", malicious_note], env=_env(tmp_path)) assert result.exit_code == 0 assert "\x1b[" not in result.output def test_ansi_in_note_raw_in_json_output(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) malicious_note = "\x1b[31mRED\x1b[0m" result = _invoke(["snapshot", "create", "--json", "-m", malicious_note], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert "\x1b[" in data["note"] # JSON preserves raw bytes def test_ansi_in_note_sanitized_in_list_text(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) malicious_note = "\x1b[31mDanger\x1b[0m" _invoke(["snapshot", "create", "-m", malicious_note], env=_env(tmp_path)) result = _invoke(["snapshot", "list"], env=_env(tmp_path)) assert result.exit_code == 0 assert "\x1b[" not in result.output # --------------------------------------------------------------------------- # Error routing # --------------------------------------------------------------------------- def test_snapshot_read_not_found_stderr(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) result = _invoke(["snapshot", "read", "doesnotexist"], env=_env(tmp_path)) assert result.exit_code != 0 def test_snapshot_export_not_found_stderr(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) result = _invoke( ["snapshot", "export", "doesnotexist", "--output", "/tmp/x.tar.gz"], env=_env(tmp_path), ) assert result.exit_code != 0 def test_old_format_flag_rejected(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) result = _invoke(["snapshot", "create", "-f", "json"], env=_env(tmp_path)) # -f is no longer a valid flag for create → argparse rejects it assert result.exit_code != 0 # --------------------------------------------------------------------------- # JSON schema: create # --------------------------------------------------------------------------- def test_create_json_all_fields(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 2) result = _invoke(["snapshot", "create", "--json", "-m", "hello"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["repo_id"] == _REPO_ID assert len(data["snapshot_id"]) == 71 assert data["file_count"] >= 2 assert data["note"] == "hello" assert "T" in data["created_at"] def test_create_json_note_persisted(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "--json", "-m", "saved"], env=_env(tmp_path)) data: _CreateOut = json.loads(result.output) assert data["note"] == "saved" def test_create_json_no_note_empty_string(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) data: _CreateOut = json.loads(result.output) assert data["note"] == "" def test_create_json_repo_id_present(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) data: _CreateOut = json.loads(result.output) assert data["repo_id"] == _REPO_ID # --------------------------------------------------------------------------- # JSON schema: list # --------------------------------------------------------------------------- def test_list_json_item_has_note(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) _invoke(["snapshot", "create", "-m", "list-note"], env=_env(tmp_path)) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 items: list[_ListItemOut] = json.loads(result.output)["snapshots"] assert len(items) == 1 assert items[0]["note"] == "list-note" def test_list_json_all_fields(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) _invoke(["snapshot", "create"], env=_env(tmp_path)) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) items: list[_ListItemOut] = json.loads(result.output)["snapshots"] assert "snapshot_id" in items[0] assert "file_count" in items[0] assert "note" in items[0] assert "created_at" in items[0] def test_list_empty_json_is_array(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data = json.loads(result.output) assert data["snapshots"] == [] def test_list_note_in_text_output(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) _invoke(["snapshot", "create", "-m", "a-note"], env=_env(tmp_path)) result = _invoke(["snapshot", "list"], env=_env(tmp_path)) assert result.exit_code == 0 assert "a-note" in result.output # --------------------------------------------------------------------------- # JSON schema: show # --------------------------------------------------------------------------- def test_read_default_is_json(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _ReadOut = json.loads(result.output) assert data["snapshot_id"] == snap_id def test_read_json_all_fields(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json", "-m", "show-note"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) data: _ReadOut = json.loads(result.output) assert data["snapshot_id"] == snap_id assert data["file_count"] >= 2 assert data["note"] == "show-note" assert isinstance(data["manifest"], dict) assert "created_at" in data def test_read_text_flag(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 assert "snapshot_id:" in result.output def test_read_text_note_displayed(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke( ["snapshot", "create", "--json", "-m", "text-note"], env=_env(tmp_path) ) snap_id: str = json.loads(create_res.output)["snapshot_id"] result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 assert "text-note" in result.output # --------------------------------------------------------------------------- # JSON schema: export # --------------------------------------------------------------------------- def test_export_json_all_fields_tar(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "out.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 data: _ExportOut = json.loads(result.output) assert data["snapshot_id"] == snap_id assert data["output"] == str(out_file) assert data["format"] == "tar.gz" assert data["file_count"] >= 2 assert data["size_bytes"] > 0 def test_export_json_all_fields_zip(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "out.zip" result = _invoke( [ "snapshot", "export", snap_id, "--format", "zip", "--output", str(out_file), "--json", ], env=_env(tmp_path), ) assert result.exit_code == 0 data: _ExportOut = json.loads(result.output) assert data["format"] == "zip" assert data["size_bytes"] > 0 def test_export_json_and_archive_both_created(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "both.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert out_file.exists() assert tarfile.is_tarfile(str(out_file)) data: _ExportOut = json.loads(result.output) assert data["file_count"] >= 2 # --------------------------------------------------------------------------- # Integration: create → list → show → export pipeline # --------------------------------------------------------------------------- def test_pipeline_create_list_read_export(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) _create_files(tmp_path, 3) # 1. Create create_res = _invoke( ["snapshot", "create", "--json", "-m", "pipeline-note"], env=_env(tmp_path) ) assert create_res.exit_code == 0 create_data: _CreateOut = json.loads(create_res.output) snap_id = create_data["snapshot_id"] assert create_data["note"] == "pipeline-note" # 2. List list_res = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert list_res.exit_code == 0 list_items: list[_ListItemOut] = json.loads(list_res.output)["snapshots"] assert any(item["snapshot_id"] == snap_id for item in list_items) matching = next(i for i in list_items if i["snapshot_id"] == snap_id) assert matching["note"] == "pipeline-note" # 3. Show show_res = _invoke(["snapshot", "read", short_id(snap_id), "--json"], env=_env(tmp_path)) assert show_res.exit_code == 0 show_data: _ReadOut = json.loads(show_res.output) assert show_data["snapshot_id"] == snap_id assert show_data["note"] == "pipeline-note" assert show_data["file_count"] == 3 # 4. Export tar.gz out_tar = tmp_path / "pipe.tar.gz" export_res = _invoke( ["snapshot", "export", snap_id, "--output", str(out_tar), "--json"], env=_env(tmp_path), ) assert export_res.exit_code == 0 export_data: _ExportOut = json.loads(export_res.output) assert export_data["file_count"] == 3 assert out_tar.exists() # 5. Export zip out_zip = tmp_path / "pipe.zip" export_zip_res = _invoke( [ "snapshot", "export", snap_id, "--format", "zip", "--output", str(out_zip), "--json", ], env=_env(tmp_path), ) assert export_zip_res.exit_code == 0 assert zipfile.is_zipfile(str(out_zip)) def test_multiple_snapshots_sorted_newest_first(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) for i in range(4): _create_files(tmp_path, 1) _invoke([f"snapshot", "create", "-m", f"snap-{i}"], env=_env(tmp_path)) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) items: list[_ListItemOut] = json.loads(result.output)["snapshots"] # Verify timestamps are non-increasing (newest first). for j in range(len(items) - 1): assert items[j]["created_at"] >= items[j + 1]["created_at"] # --------------------------------------------------------------------------- # E2E: help output # --------------------------------------------------------------------------- def test_create_help_shows_json_flag() -> None: result = runner.invoke(cli, ["snapshot", "create", "--help"]) assert result.exit_code == 0 assert "--json" in result.output def test_list_help_shows_json_flag() -> None: result = runner.invoke(cli, ["snapshot", "list", "--help"]) assert result.exit_code == 0 assert "--json" in result.output def test_read_help_mentions_json_flag() -> None: result = runner.invoke(cli, ["snapshot", "read", "--help"]) assert result.exit_code == 0 assert "--json" in result.output def test_export_help_shows_json_flag() -> None: result = runner.invoke(cli, ["snapshot", "export", "--help"]) assert result.exit_code == 0 assert "--json" in result.output def test_export_help_shows_format_choices() -> None: result = runner.invoke(cli, ["snapshot", "export", "--help"]) assert result.exit_code == 0 assert "tar.gz" in result.output assert "zip" in result.output # --------------------------------------------------------------------------- # Stress # --------------------------------------------------------------------------- def test_stress_200_snapshots_list(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) for i in range(200): _write_snapshot(tmp_path, note=f"snap-{i}") result = _invoke(["snapshot", "list", "--json", "--limit", "200"], env=_env(tmp_path)) assert result.exit_code == 0 items: list[_ListItemOut] = json.loads(result.output)["snapshots"] assert len(items) == 200 def test_stress_500_file_snapshot(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) for i in range(500): (tmp_path / f"f{i}.txt").write_text(f"data-{i}", encoding="utf-8") result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["file_count"] >= 500 snap_id = data["snapshot_id"] show_res = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert show_res.exit_code == 0 show_data: _ReadOut = json.loads(show_res.output) assert show_data["file_count"] >= 500 assert len(show_data["manifest"]) >= 500 def test_stress_concurrent_create(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) for i in range(10): (tmp_path / f"cf{i}.txt").write_text(f"c{i}", encoding="utf-8") errors: list[str] = [] def _create() -> None: result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) with _invoke_lock: pass # lock already acquired inside _invoke if result.exit_code != 0: errors.append(f"exit_code={result.exit_code}") threads = [threading.Thread(target=_create) for _ in range(5)] for t in threads: t.start() for t in threads: t.join() assert errors == [], f"Concurrent create errors: {errors}" def test_stress_concurrent_list(tmp_path: pathlib.Path) -> None: _init_repo(tmp_path) for i in range(5): _write_snapshot(tmp_path, note=f"concurrent-{i}") errors: list[str] = [] def _list() -> None: result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) if result.exit_code != 0: errors.append(f"exit_code={result.exit_code}") else: try: data = json.loads(result.output) if len(data) < 5: errors.append(f"expected 5 items, got {len(data)}") except Exception as exc: errors.append(str(exc)) threads = [threading.Thread(target=_list) for _ in range(10)] for t in threads: t.start() for t in threads: t.join() assert errors == [], f"Concurrent list errors: {errors}" # --------------------------------------------------------------------------- # Extended / Security / Stress tests for ``muse snapshot create`` # --------------------------------------------------------------------------- class TestSnapshotCreateExtended: """Unit, integration, and edge-case tests for ``muse snapshot create``.""" def test_create_help_contains_agent_quickstart(self) -> None: result = runner.invoke(cli, ["snapshot", "create", "--help"]) assert result.exit_code == 0 assert "quickstart" in result.output.lower() or "muse snapshot create" in result.output def test_create_help_contains_json_schema(self) -> None: result = runner.invoke(cli, ["snapshot", "create", "--help"]) assert result.exit_code == 0 assert "snapshot_id" in result.output def test_create_help_contains_exit_codes(self) -> None: result = runner.invoke(cli, ["snapshot", "create", "--help"]) assert result.exit_code == 0 assert "exit code" in result.output.lower() or "0 —" in result.output def test_create_j_alias(self, tmp_path: pathlib.Path) -> None: """-j is an alias for --json.""" _init_repo(tmp_path) _create_files(tmp_path, 2) result = _invoke(["snapshot", "create", "-j"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert "snapshot_id" in data def test_create_snapshot_id_is_64_hex(self, tmp_path: pathlib.Path) -> None: """snapshot_id in JSON output is exactly 64 hex characters.""" _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert len(data["snapshot_id"]) == 71 assert all(c in "0123456789abcdef" for c in split_id(data["snapshot_id"])[1]) def test_create_file_count_matches_actual(self, tmp_path: pathlib.Path) -> None: """file_count in JSON output matches the number of files created.""" _init_repo(tmp_path) _create_files(tmp_path, 7) result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["file_count"] >= 7 def test_create_created_at_is_iso8601(self, tmp_path: pathlib.Path) -> None: """created_at field is ISO-8601 format (contains 'T' separator).""" _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert "T" in data["created_at"] def test_create_note_empty_when_not_supplied(self, tmp_path: pathlib.Path) -> None: """note is empty string in JSON when -m not passed.""" _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["note"] == "" def test_create_note_persisted_in_json(self, tmp_path: pathlib.Path) -> None: """note supplied via -m is reflected in JSON output.""" _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "-m", "checkpoint", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["note"] == "checkpoint" def test_create_note_persists_to_list(self, tmp_path: pathlib.Path) -> None: """note written via create is readable via list.""" _init_repo(tmp_path) _create_files(tmp_path, 1) _invoke(["snapshot", "create", "-m", "roundtrip"], env=_env(tmp_path)) list_result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert list_result.exit_code == 0 items: list[_ListItemOut] = json.loads(list_result.output)["snapshots"] assert any(i["note"] == "roundtrip" for i in items) def test_create_note_persists_to_read(self, tmp_path: pathlib.Path) -> None: """note written via create is readable via show.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_result = _invoke( ["snapshot", "create", "-m", "showcheck", "--json"], env=_env(tmp_path) ) snap_id = json.loads(create_result.output)["snapshot_id"] show_result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert show_result.exit_code == 0 show_data: _ReadOut = json.loads(show_result.output) assert show_data["note"] == "showcheck" def test_create_text_output_shows_short_id(self, tmp_path: pathlib.Path) -> None: """Text output contains a 12-char prefix of the snapshot_id.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id = json.loads(create_result.output)["snapshot_id"] text_result = _invoke(["snapshot", "create"], env=_env(tmp_path)) # Each create call produces a new snapshot; just verify format assert text_result.exit_code == 0 # Output should contain a hex-like prefix assert any(c in "0123456789abcdef" for c in text_result.output) def test_create_text_output_shows_note(self, tmp_path: pathlib.Path) -> None: """Text output shows note label when -m is supplied.""" _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "-m", "my note"], env=_env(tmp_path)) assert result.exit_code == 0 assert "my note" in result.output def test_create_text_output_no_note_line_when_empty(self, tmp_path: pathlib.Path) -> None: """Text output has no 'Note:' line when -m is not passed.""" _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create"], env=_env(tmp_path)) assert result.exit_code == 0 assert "Note:" not in result.output def test_create_json_compact_no_indent(self, tmp_path: pathlib.Path) -> None: """JSON output is compact (no indentation).""" _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 # json.loads succeeds and the raw text has no indented lines assert "\n " not in result.output.strip() def test_create_repo_id_in_json(self, tmp_path: pathlib.Path) -> None: """repo_id field is present and non-empty in JSON output.""" _init_repo(tmp_path) _create_files(tmp_path, 1) result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["repo_id"] == _REPO_ID def test_create_idempotent_same_files_same_id(self, tmp_path: pathlib.Path) -> None: """Two consecutive creates of the same working tree produce the same snapshot_id.""" _init_repo(tmp_path) _create_files(tmp_path, 3) r1 = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) r2 = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert r1.exit_code == 0 assert r2.exit_code == 0 assert json.loads(r1.output)["snapshot_id"] == json.loads(r2.output)["snapshot_id"] def test_create_different_files_different_id(self, tmp_path: pathlib.Path) -> None: """Adding a file between creates produces a different snapshot_id.""" _init_repo(tmp_path) _create_files(tmp_path, 2) r1 = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) (tmp_path / "extra.txt").write_text("extra", encoding="utf-8") r2 = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert r1.exit_code == 0 and r2.exit_code == 0 assert json.loads(r1.output)["snapshot_id"] != json.loads(r2.output)["snapshot_id"] class TestSnapshotCreateSecurity: """Security tests for ``muse snapshot create``.""" def test_create_ansi_note_stripped_in_text(self, tmp_path: pathlib.Path) -> None: """ANSI escape codes in note are stripped from text output.""" _init_repo(tmp_path) _create_files(tmp_path, 1) malicious_note = "\x1b[31mDanger\x1b[0m" result = _invoke(["snapshot", "create", "-m", malicious_note], env=_env(tmp_path)) assert result.exit_code == 0 assert "\x1b[31m" not in result.output def test_create_ansi_note_raw_in_json(self, tmp_path: pathlib.Path) -> None: """ANSI escape codes in note are preserved raw in JSON output (agent data).""" _init_repo(tmp_path) _create_files(tmp_path, 1) malicious_note = "\x1b[31mDanger\x1b[0m" result = _invoke(["snapshot", "create", "-m", malicious_note, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["note"] == malicious_note def test_create_control_char_note_stripped_in_text(self, tmp_path: pathlib.Path) -> None: """CRLF and other control characters in note are stripped from text output.""" _init_repo(tmp_path) _create_files(tmp_path, 1) malicious_note = "good\r\ninjected line" result = _invoke(["snapshot", "create", "-m", malicious_note], env=_env(tmp_path)) assert result.exit_code == 0 assert "\r" not in result.output def test_create_very_long_note_no_crash(self, tmp_path: pathlib.Path) -> None: """A 10 000-character note does not crash the command.""" _init_repo(tmp_path) _create_files(tmp_path, 1) long_note = "x" * 10_000 result = _invoke(["snapshot", "create", "-m", long_note, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["note"] == long_note def test_create_path_traversal_chars_in_note_no_crash(self, tmp_path: pathlib.Path) -> None: """Path-traversal-like characters in note do not crash or escape output.""" _init_repo(tmp_path) _create_files(tmp_path, 1) malicious_note = "../../etc/passwd" result = _invoke(["snapshot", "create", "-m", malicious_note, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["note"] == malicious_note def test_create_snapshot_id_always_hex(self, tmp_path: pathlib.Path) -> None: """snapshot_id in text output is a safe hex substring with no control chars.""" _init_repo(tmp_path) _create_files(tmp_path, 1) # Get snapshot_id from JSON, verify text output contains its prefix json_result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id = json.loads(json_result.output)["snapshot_id"] # Verify it is pure lowercase hex assert all(c in "0123456789abcdef" for c in split_id(snap_id)[1]) assert "\x1b" not in snap_id assert "\r" not in snap_id class TestSnapshotCreateStress: """Stress tests for ``muse snapshot create``.""" def test_create_1000_file_snapshot(self, tmp_path: pathlib.Path) -> None: """Snapshot of 1 000 files completes without error and reports correct count.""" _init_repo(tmp_path) for i in range(1000): (tmp_path / f"f{i}.dat").write_text(f"data-{i}", encoding="utf-8") result = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _CreateOut = json.loads(result.output) assert data["file_count"] >= 1000 def test_create_50_consecutive_snapshots(self, tmp_path: pathlib.Path) -> None: """50 consecutive creates all succeed and produce listable records.""" _init_repo(tmp_path) _create_files(tmp_path, 5) for i in range(50): (tmp_path / f"extra_{i}.txt").write_text(f"v{i}", encoding="utf-8") r = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) assert r.exit_code == 0, f"Failed on iteration {i}: {r.output}" list_result = _invoke(["snapshot", "list", "--json", "--limit", "100"], env=_env(tmp_path)) assert list_result.exit_code == 0 items = json.loads(list_result.output)["snapshots"] assert len(items) >= 50 def test_create_concurrent_write_safety(self, tmp_path: pathlib.Path) -> None: """Concurrent snapshot creates on the same repo do not corrupt the store.""" _init_repo(tmp_path) for i in range(10): (tmp_path / f"cf{i}.txt").write_text(f"c{i}", encoding="utf-8") from muse.core.snapshots import write_snapshot from muse.core.ids import hash_snapshot errors: list[str] = [] def _do_create() -> None: try: # Use core directly — CliRunner serializes via _invoke_lock. manifest = {f"cf{i}.txt": blob_id(f"c{i}".encode()) for i in range(10)} snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord( snapshot_id=snap_id, manifest=manifest, note="concurrent" )) except Exception as exc: # noqa: BLE001 errors.append(str(exc)) threads = [threading.Thread(target=_do_create) for _ in range(20)] for t in threads: t.start() for t in threads: t.join() assert not errors, f"Concurrent create failures: {errors}" # --------------------------------------------------------------------------- # Extended / Security / Stress tests for ``muse snapshot list`` # --------------------------------------------------------------------------- class TestSnapshotListExtended: """Unit, integration, and edge-case tests for ``muse snapshot list``.""" def test_list_help_contains_agent_quickstart(self) -> None: result = runner.invoke(cli, ["snapshot", "list", "--help"]) assert result.exit_code == 0 assert "quickstart" in result.output.lower() or "muse snapshot list" in result.output def test_list_help_contains_json_schema(self) -> None: result = runner.invoke(cli, ["snapshot", "list", "--help"]) assert result.exit_code == 0 assert "snapshot_id" in result.output def test_list_help_contains_exit_codes(self) -> None: result = runner.invoke(cli, ["snapshot", "list", "--help"]) assert result.exit_code == 0 assert "exit code" in result.output.lower() or "0 —" in result.output def test_list_j_alias(self, tmp_path: pathlib.Path) -> None: """-j is an alias for --json.""" _init_repo(tmp_path) _write_snapshot(tmp_path, note="alias-test") result = _invoke(["snapshot", "list", "-j"], env=_env(tmp_path)) assert result.exit_code == 0 items: list[_ListItemOut] = json.loads(result.output)["snapshots"] assert len(items) == 1 def test_list_json_compact_no_indent(self, tmp_path: pathlib.Path) -> None: """JSON output is compact (no indentation).""" _init_repo(tmp_path) _write_snapshot(tmp_path) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert "\n " not in result.output.strip() def test_list_empty_returns_empty_array_json(self, tmp_path: pathlib.Path) -> None: """Empty snapshot store emits '[]' with --json.""" _init_repo(tmp_path) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert json.loads(result.output)["snapshots"] == [] def test_list_empty_text_message(self, tmp_path: pathlib.Path) -> None: """Empty snapshot store prints a human message in text mode.""" _init_repo(tmp_path) result = _invoke(["snapshot", "list"], env=_env(tmp_path)) assert result.exit_code == 0 assert "no snapshots" in result.output.lower() def test_list_all_fields_present(self, tmp_path: pathlib.Path) -> None: """Every JSON item has snapshot_id, file_count, note, created_at.""" _init_repo(tmp_path) _write_snapshot(tmp_path, note="fields") result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 item = json.loads(result.output)["snapshots"][0] assert "snapshot_id" in item assert "file_count" in item assert "note" in item assert "created_at" in item def test_list_snapshot_id_is_64_hex(self, tmp_path: pathlib.Path) -> None: """snapshot_id in each JSON item is 64 hex chars.""" _init_repo(tmp_path) _write_snapshot(tmp_path) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 sid = json.loads(result.output)["snapshots"][0]["snapshot_id"] assert len(sid) == 71 assert all(c in "0123456789abcdef" for c in split_id(sid)[1]) def test_list_created_at_iso8601(self, tmp_path: pathlib.Path) -> None: """created_at field contains 'T' (ISO-8601 separator).""" _init_repo(tmp_path) _write_snapshot(tmp_path) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert "T" in json.loads(result.output)["snapshots"][0]["created_at"] def test_list_newest_first_order(self, tmp_path: pathlib.Path) -> None: """Multiple snapshots appear newest-first in JSON output.""" import time as _time _init_repo(tmp_path) for i in range(5): _write_snapshot(tmp_path, note=f"snap-{i}", n_files=i + 1) _time.sleep(0.01) result = _invoke(["snapshot", "list", "--limit", "10", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 items: list[_ListItemOut] = json.loads(result.output)["snapshots"] timestamps = [i["created_at"] for i in items] assert timestamps == sorted(timestamps, reverse=True) def test_list_limit_caps_results(self, tmp_path: pathlib.Path) -> None: """--limit N returns at most N snapshots.""" _init_repo(tmp_path) for i in range(10): _write_snapshot(tmp_path, note=f"s{i}") result = _invoke(["snapshot", "list", "--limit", "3", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert len(json.loads(result.output)["snapshots"]) == 3 def test_list_limit_zero_exits_1(self, tmp_path: pathlib.Path) -> None: """--limit 0 is rejected with exit code 1.""" _init_repo(tmp_path) result = _invoke(["snapshot", "list", "--limit", "0"], env=_env(tmp_path)) assert result.exit_code == 1 def test_list_limit_negative_exits_1(self, tmp_path: pathlib.Path) -> None: """--limit -1 is rejected with exit code 1.""" _init_repo(tmp_path) result = _invoke(["snapshot", "list", "--limit", "-1"], env=_env(tmp_path)) assert result.exit_code == 1 def test_list_limit_error_mentions_limit(self, tmp_path: pathlib.Path) -> None: """Out-of-range --limit error output mentions 'limit'.""" _init_repo(tmp_path) result = _invoke(["snapshot", "list", "--limit", "0"], env=_env(tmp_path)) assert result.exit_code == 1 assert "limit" in result.stderr.lower() def test_list_note_in_text_output(self, tmp_path: pathlib.Path) -> None: """Note label appears in text output when present.""" _init_repo(tmp_path) _write_snapshot(tmp_path, note="my-label") result = _invoke(["snapshot", "list"], env=_env(tmp_path)) assert result.exit_code == 0 assert "my-label" in result.output def test_list_text_shows_short_id(self, tmp_path: pathlib.Path) -> None: """Text output shows the short_id prefix of snapshot_id.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path) result = _invoke(["snapshot", "list"], env=_env(tmp_path)) assert result.exit_code == 0 assert short_id(snap_id) in result.output def test_list_file_count_in_json(self, tmp_path: pathlib.Path) -> None: """file_count in JSON matches the number of files in the snapshot.""" _init_repo(tmp_path) _write_snapshot(tmp_path, n_files=7) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert json.loads(result.output)["snapshots"][0]["file_count"] == 7 class TestSnapshotListSecurity: """Security tests for ``muse snapshot list``.""" def test_list_ansi_note_stripped_in_text(self, tmp_path: pathlib.Path) -> None: """ANSI escape codes in note are stripped from text output.""" _init_repo(tmp_path) _write_snapshot(tmp_path, note="\x1b[31mDanger\x1b[0m") result = _invoke(["snapshot", "list"], env=_env(tmp_path)) assert result.exit_code == 0 assert "\x1b[31m" not in result.output def test_list_ansi_note_raw_in_json(self, tmp_path: pathlib.Path) -> None: """ANSI escape codes in note are preserved raw in JSON output.""" _init_repo(tmp_path) malicious = "\x1b[31mDanger\x1b[0m" _write_snapshot(tmp_path, note=malicious) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert json.loads(result.output)["snapshots"][0]["note"] == malicious def test_list_control_char_note_stripped_in_text(self, tmp_path: pathlib.Path) -> None: """CRLF in note is stripped from text output.""" _init_repo(tmp_path) _write_snapshot(tmp_path, note="good\r\ninjected") result = _invoke(["snapshot", "list"], env=_env(tmp_path)) assert result.exit_code == 0 assert "\r" not in result.output def test_list_symlink_in_objects_dir_skipped(self, tmp_path: pathlib.Path) -> None: """A symlink inside .muse/objects/ is skipped, not followed.""" from muse.core.paths import objects_dir as _objects_dir _init_repo(tmp_path) _write_snapshot(tmp_path, note="real") objs_dir = _objects_dir(tmp_path) shard_dir = objs_dir / "sha256" / "aa" shard_dir.mkdir(parents=True, exist_ok=True) fake = shard_dir / ("aa" * 31 + "0000") try: fake.symlink_to("/etc/passwd") except (OSError, NotImplementedError): pytest.skip("symlinks not supported on this platform") result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 items: list[_ListItemOut] = json.loads(result.output)["snapshots"] assert len(items) == 1 assert items[0]["note"] == "real" def test_list_snapshot_id_prefix_in_text_is_safe_hex(self, tmp_path: pathlib.Path) -> None: """short_id(snapshot_id) in text output contains only hex chars.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path) result = _invoke(["snapshot", "list"], env=_env(tmp_path)) assert result.exit_code == 0 assert short_id(snap_id) in result.output assert "\x1b" not in result.output def test_list_very_long_note_no_crash(self, tmp_path: pathlib.Path) -> None: """A 10 000-character note does not crash list.""" _init_repo(tmp_path) _write_snapshot(tmp_path, note="x" * 10_000) result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert json.loads(result.output)["snapshots"][0]["note"] == "x" * 10_000 class TestSnapshotListStress: """Stress tests for ``muse snapshot list``.""" def test_list_1000_snapshots(self, tmp_path: pathlib.Path) -> None: """Listing 1 000 snapshots with --limit 1000 returns all 1 000.""" _init_repo(tmp_path) for i in range(1000): _write_snapshot(tmp_path, note=f"s{i}") result = _invoke(["snapshot", "list", "--limit", "1000", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert len(json.loads(result.output)["snapshots"]) == 1000 def test_list_default_limit_caps_at_20(self, tmp_path: pathlib.Path) -> None: """Default --limit of 20 caps a 50-snapshot store at 20 results.""" _init_repo(tmp_path) for i in range(50): _write_snapshot(tmp_path, note=f"s{i}") result = _invoke(["snapshot", "list", "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert len(json.loads(result.output)["snapshots"]) == 20 def test_list_concurrent_reads_safe(self, tmp_path: pathlib.Path) -> None: """Concurrent _list_all_snapshots core calls on the same repo do not crash.""" _init_repo(tmp_path) for i in range(10): _write_snapshot(tmp_path, note=f"c{i}") errors: list[str] = [] def _do_list() -> None: try: records = _list_all_snapshots(tmp_path) assert len(records) == 10 except Exception as exc: # noqa: BLE001 errors.append(str(exc)) threads = [threading.Thread(target=_do_list) for _ in range(15)] for t in threads: t.start() for t in threads: t.join() assert not errors, f"Concurrent failures: {errors}" # --------------------------------------------------------------------------- # Extended / Security / Stress tests for ``muse snapshot read`` # --------------------------------------------------------------------------- class TestSnapshotReadExtended: """Unit, integration, and edge-case tests for ``muse snapshot read``.""" def test_read_help_contains_agent_quickstart(self) -> None: result = runner.invoke(cli, ["snapshot", "read", "--help"]) assert result.exit_code == 0 assert "quickstart" in result.output.lower() or "muse snapshot read" in result.output def test_read_help_contains_json_schema(self) -> None: result = runner.invoke(cli, ["snapshot", "read", "--help"]) assert result.exit_code == 0 assert "snapshot_id" in result.output and "manifest" in result.output def test_read_help_contains_exit_codes(self) -> None: result = runner.invoke(cli, ["snapshot", "read", "--help"]) assert result.exit_code == 0 assert "exit code" in result.output.lower() or "0 —" in result.output def test_read_help_says_default_is_json(self) -> None: result = runner.invoke(cli, ["snapshot", "read", "--help"]) assert result.exit_code == 0 assert "json" in result.output.lower() def test_read_default_is_json_no_flag_needed(self, tmp_path: pathlib.Path) -> None: """show with no flags emits valid JSON.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="default-json") result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _ReadOut = json.loads(result.output) assert data["snapshot_id"] == snap_id def test_read_json_compact_no_indent(self, tmp_path: pathlib.Path) -> None: """JSON output is compact (no indentation).""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path) result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert "\n " not in result.output.strip() def test_read_json_all_fields(self, tmp_path: pathlib.Path) -> None: """JSON output contains all five required fields.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="fields-check", n_files=3) result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _ReadOut = json.loads(result.output) assert data["snapshot_id"] == snap_id assert "created_at" in data assert data["file_count"] == 3 assert data["note"] == "fields-check" assert isinstance(data["manifest"], dict) def test_read_manifest_sorted_alphabetically(self, tmp_path: pathlib.Path) -> None: """manifest keys in JSON output are sorted alphabetically.""" _init_repo(tmp_path) manifest = {f"z_file_{i}.txt": blob_id(f"z{i}".encode()) for i in range(5)} manifest.update({f"a_file_{i}.txt": blob_id(f"a{i}".encode()) for i in range(5)}) snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord(snapshot_id=snap_id, manifest=manifest)) result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _ReadOut = json.loads(result.output) keys = list(data["manifest"].keys()) assert keys == sorted(keys) def test_read_prefix_resolves_short_id(self, tmp_path: pathlib.Path) -> None: """A 12-char prefix resolves to the full snapshot.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="prefix-test") result = _invoke(["snapshot", "read", short_id(snap_id), "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _ReadOut = json.loads(result.output) assert data["snapshot_id"] == snap_id def test_read_not_found_exits_1(self, tmp_path: pathlib.Path) -> None: """Unknown snapshot ID exits with code 1.""" _init_repo(tmp_path) result = _invoke(["snapshot", "read", "sha256:deadbeef"], env=_env(tmp_path)) assert result.exit_code == 1 def test_read_not_found_error_to_stderr(self, tmp_path: pathlib.Path) -> None: """Not-found message goes to stderr (captured in output by CliRunner).""" _init_repo(tmp_path) result = _invoke(["snapshot", "read", "sha256:deadbeef"], env=_env(tmp_path)) assert result.exit_code != 0 assert "not found" in result.stderr.lower() def test_read_text_flag_human_readable(self, tmp_path: pathlib.Path) -> None: """--text emits human-readable output (not JSON).""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="text-mode") result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 # Text output starts with "snapshot_id:" label, not a JSON brace assert not result.output.strip().startswith("{") assert "snapshot_id:" in result.output def test_read_text_includes_note(self, tmp_path: pathlib.Path) -> None: """--text output includes the note label.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="my-note") result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 assert "my-note" in result.output def test_read_text_lists_files(self, tmp_path: pathlib.Path) -> None: """--text output lists file names from the manifest.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, n_files=3) result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 assert "file_0.txt" in result.output def test_read_file_count_matches_manifest(self, tmp_path: pathlib.Path) -> None: """file_count in JSON equals the number of keys in manifest.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, n_files=9) result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _ReadOut = json.loads(result.output) assert data["file_count"] == len(data["manifest"]) def test_read_created_at_iso8601(self, tmp_path: pathlib.Path) -> None: """created_at field is ISO-8601 (contains 'T' separator).""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path) result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert "T" in json.loads(result.output)["created_at"] def test_read_note_empty_string_when_not_set(self, tmp_path: pathlib.Path) -> None: """note is empty string in JSON when not supplied at create time.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="") result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert json.loads(result.output)["note"] == "" def test_read_text_no_note_line_when_empty(self, tmp_path: pathlib.Path) -> None: """--text output has no 'note:' line when note is empty.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="") result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 assert "note:" not in result.output.lower() class TestSnapshotReadSecurity: """Security tests for ``muse snapshot read``.""" def test_read_ansi_note_stripped_in_text(self, tmp_path: pathlib.Path) -> None: """ANSI in note is stripped from --text output.""" _init_repo(tmp_path) malicious = "\x1b[31mDanger\x1b[0m" snap_id = _write_snapshot(tmp_path, note=malicious) result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 assert "\x1b[31m" not in result.output def test_read_ansi_note_raw_in_json(self, tmp_path: pathlib.Path) -> None: """ANSI in note is preserved raw in JSON output (agent data).""" _init_repo(tmp_path) malicious = "\x1b[31mDanger\x1b[0m" snap_id = _write_snapshot(tmp_path, note=malicious) result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert json.loads(result.output)["note"] == malicious def test_read_ansi_rel_path_stripped_in_text(self, tmp_path: pathlib.Path) -> None: """ANSI in a manifest path is stripped from --text output.""" _init_repo(tmp_path) malicious_path = "\x1b[32msrc/malicious.py\x1b[0m" manifest = {malicious_path: blob_id(b"malicious")} snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord(snapshot_id=snap_id, manifest=manifest)) result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 assert "\x1b[32m" not in result.output def test_read_control_char_note_stripped_in_text(self, tmp_path: pathlib.Path) -> None: """CRLF in note is stripped from --text output.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="good\r\ninjected") result = _invoke(["snapshot", "read", snap_id], env=_env(tmp_path)) assert result.exit_code == 0 assert "\r" not in result.output def test_read_not_found_id_sanitized_in_error(self, tmp_path: pathlib.Path) -> None: """ANSI in a not-found snapshot ID is stripped from the error message.""" _init_repo(tmp_path) malicious_id = "\x1b[31mdeadbeef\x1b[0m" result = _invoke(["snapshot", "read", malicious_id], env=_env(tmp_path)) assert result.exit_code != 0 assert "\x1b[31m" not in result.output def test_read_symlink_in_prefix_scan_skipped(self, tmp_path: pathlib.Path) -> None: """A symlink in the object store is skipped during prefix scan.""" from muse.core.paths import objects_dir as _objects_dir _init_repo(tmp_path) real_id = _write_snapshot(tmp_path, note="real") objs_dir = _objects_dir(tmp_path) # Plant a symlink in the object store whose shard matches the real ID prefix. _, real_hex = split_id(real_id) shard_name = real_hex[:2] shard_dir = objs_dir / "sha256" / shard_name shard_dir.mkdir(parents=True, exist_ok=True) fake_name = real_hex[:4] + "f" * 58 fake = shard_dir / fake_name try: fake.symlink_to("/etc/passwd") except (OSError, NotImplementedError): pytest.skip("symlinks not supported on this platform") # Full ID lookup should still work — symlink at different ID is irrelevant result = _invoke(["snapshot", "read", real_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 assert json.loads(result.output)["note"] == "real" class TestSnapshotReadStress: """Stress tests for ``muse snapshot read``.""" def test_read_500_file_manifest_json(self, tmp_path: pathlib.Path) -> None: """show returns all 500 manifest entries for a large snapshot.""" _init_repo(tmp_path) manifest = {f"f{i:04d}.dat": blob_id(f"data{i}".encode()) for i in range(500)} snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord(snapshot_id=snap_id, manifest=manifest)) result = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert result.exit_code == 0 data: _ReadOut = json.loads(result.output) assert data["file_count"] == 500 assert len(data["manifest"]) == 500 def test_read_50_consecutive_shows(self, tmp_path: pathlib.Path) -> None: """50 consecutive show calls on different snapshots all succeed.""" _init_repo(tmp_path) ids = [_write_snapshot(tmp_path, note=f"snap-{i}") for i in range(50)] for snap_id in ids: r = _invoke(["snapshot", "read", snap_id, "--json"], env=_env(tmp_path)) assert r.exit_code == 0, f"Failed for {short_id(snap_id)}: {r.output}" assert json.loads(r.output)["snapshot_id"] == snap_id def test_read_concurrent_reads_safe(self, tmp_path: pathlib.Path) -> None: """Concurrent _resolve_snapshot calls on the same snapshot do not crash.""" _init_repo(tmp_path) snap_id = _write_snapshot(tmp_path, note="concurrent", n_files=5) errors: list[str] = [] def _do_show() -> None: try: rec = _resolve_snapshot(tmp_path, snap_id) assert rec is not None assert rec.snapshot_id == snap_id assert rec.note == "concurrent" except Exception as exc: # noqa: BLE001 errors.append(str(exc)) threads = [threading.Thread(target=_do_show) for _ in range(20)] for t in threads: t.start() for t in threads: t.join() assert not errors, f"Concurrent failures: {errors}" # --------------------------------------------------------------------------- # Extended / Security / Stress tests for ``muse snapshot export`` # --------------------------------------------------------------------------- class TestSnapshotExportExtended: """Unit, integration, and edge-case tests for ``muse snapshot export``.""" def test_export_help_contains_agent_quickstart(self) -> None: result = runner.invoke(cli, ["snapshot", "export", "--help"]) assert result.exit_code == 0 assert "quickstart" in result.output.lower() or "muse snapshot export" in result.output def test_export_help_contains_json_schema(self) -> None: result = runner.invoke(cli, ["snapshot", "export", "--help"]) assert result.exit_code == 0 assert "size_bytes" in result.output def test_export_help_contains_exit_codes(self) -> None: result = runner.invoke(cli, ["snapshot", "export", "--help"]) assert result.exit_code == 0 assert "exit code" in result.output.lower() or "0 —" in result.output def test_export_j_alias(self, tmp_path: pathlib.Path) -> None: """-j is an alias for --json.""" _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "alias.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "-j"], env=_env(tmp_path), ) assert result.exit_code == 0 data: _ExportOut = json.loads(result.output) assert data["snapshot_id"] == snap_id def test_export_tar_gz_default_format(self, tmp_path: pathlib.Path) -> None: """Default format is tar.gz; JSON reports format correctly.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "out.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["format"] == "tar.gz" assert tarfile.is_tarfile(str(out_file)) def test_export_zip_format(self, tmp_path: pathlib.Path) -> None: """--format zip writes a valid zip archive.""" _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "out.zip" result = _invoke( ["snapshot", "export", snap_id, "--format", "zip", "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["format"] == "zip" assert zipfile.is_zipfile(str(out_file)) def test_export_json_all_fields_present(self, tmp_path: pathlib.Path) -> None: """JSON output contains all five required fields.""" _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "fields.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 data: _ExportOut = json.loads(result.output) assert "snapshot_id" in data assert "output" in data assert "format" in data assert "file_count" in data assert "size_bytes" in data def test_export_json_compact_no_indent(self, tmp_path: pathlib.Path) -> None: """JSON output is compact (no indentation).""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "compact.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert "\n " not in result.output.strip() def test_export_size_bytes_positive(self, tmp_path: pathlib.Path) -> None: """size_bytes > 0 for a non-empty archive.""" _init_repo(tmp_path) _create_files(tmp_path, 3) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "size.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["size_bytes"] > 0 def test_export_file_count_matches(self, tmp_path: pathlib.Path) -> None: """file_count in JSON matches number of files created.""" _init_repo(tmp_path) _create_files(tmp_path, 5) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "count.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["file_count"] >= 5 def test_export_output_path_in_json(self, tmp_path: pathlib.Path) -> None: """output field in JSON matches the --output argument.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "myarchive.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["output"] == str(out_file) def test_export_archive_actually_created(self, tmp_path: pathlib.Path) -> None: """The archive file is present on disk after export.""" _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "present.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file)], env=_env(tmp_path), ) assert result.exit_code == 0 assert out_file.exists() def test_export_prefix_nests_files_in_tar(self, tmp_path: pathlib.Path) -> None: """--prefix nests all files under a directory inside the tar archive.""" _init_repo(tmp_path) _create_files(tmp_path, 2) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "prefixed.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--prefix", "mydir"], env=_env(tmp_path), ) assert result.exit_code == 0 with tarfile.open(str(out_file)) as tf: names = tf.getnames() assert all(n.startswith("mydir/") for n in names) def test_export_not_found_exits_1(self, tmp_path: pathlib.Path) -> None: """Unknown snapshot ID exits with code 1.""" _init_repo(tmp_path) out_file = tmp_path / "nope.tar.gz" result = _invoke( ["snapshot", "export", "deadbeef", "--output", str(out_file)], env=_env(tmp_path), ) assert result.exit_code == 1 def test_export_prefix_scan_resolves_short_id(self, tmp_path: pathlib.Path) -> None: """A 12-char prefix resolves to the correct snapshot for export.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "prefix_resolve.tar.gz" result = _invoke( ["snapshot", "export", short_id(snap_id), "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["snapshot_id"] == snap_id def test_export_snapshot_id_in_json_is_full_hex(self, tmp_path: pathlib.Path) -> None: """snapshot_id in JSON is the full 64-char hex ID.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "id_check.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 sid = json.loads(result.output)["snapshot_id"] assert len(sid) == 71 assert all(c in "0123456789abcdef" for c in split_id(sid)[1]) def test_export_text_output_mentions_path(self, tmp_path: pathlib.Path) -> None: """Text output mentions the archive filename.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "mentioned.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file)], env=_env(tmp_path), ) assert result.exit_code == 0 assert "mentioned.tar.gz" in result.output class TestSnapshotExportSecurity: """Security tests for ``muse snapshot export``.""" def test_export_not_found_id_sanitized(self, tmp_path: pathlib.Path) -> None: """ANSI in a not-found snapshot ID is stripped from the error message.""" _init_repo(tmp_path) malicious_id = "\x1b[31mdeadbeef\x1b[0m" out_file = tmp_path / "nope.tar.gz" result = _invoke( ["snapshot", "export", malicious_id, "--output", str(out_file)], env=_env(tmp_path), ) assert result.exit_code != 0 assert "\x1b[31m" not in result.output def test_export_text_output_no_ansi(self, tmp_path: pathlib.Path) -> None: """Normal text output from export contains no ANSI escape sequences.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "clean.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file)], env=_env(tmp_path), ) assert result.exit_code == 0 assert "\x1b[" not in result.output def test_export_zip_slip_dotdot_skipped(self, tmp_path: pathlib.Path) -> None: """A manifest entry with '..' segments is skipped (zip-slip guard).""" _init_repo(tmp_path) malicious_path = "../../../etc/passwd" obj_data = b"malicious content" obj_id = blob_id(obj_data) write_object(tmp_path, obj_id, obj_data) manifest = {malicious_path: obj_id} snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord(snapshot_id=snap_id, manifest=manifest)) out_file = tmp_path / "slip.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["file_count"] == 0 def test_export_zip_slip_absolute_skipped(self, tmp_path: pathlib.Path) -> None: """A manifest entry with an absolute path is skipped (zip-slip guard).""" _init_repo(tmp_path) obj_data = b"absolute malicious" obj_id = blob_id(obj_data) write_object(tmp_path, obj_id, obj_data) manifest = {"/etc/passwd": obj_id} snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord(snapshot_id=snap_id, manifest=manifest)) out_file = tmp_path / "abs.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["file_count"] == 0 def test_export_prefix_dotdot_skipped(self, tmp_path: pathlib.Path) -> None: """A --prefix containing '..' causes all entries to be skipped.""" _init_repo(tmp_path) _create_files(tmp_path, 1) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] out_file = tmp_path / "dotdot.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--prefix", "../escape", "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["file_count"] == 0 def test_export_missing_object_skipped(self, tmp_path: pathlib.Path) -> None: """A manifest entry whose object is missing from the store is skipped.""" _init_repo(tmp_path) ghost_id = blob_id(b"ghost") manifest = {"ghost.txt": ghost_id} snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord(snapshot_id=snap_id, manifest=manifest)) out_file = tmp_path / "ghost.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 assert json.loads(result.output)["file_count"] == 0 class TestSnapshotExportStress: """Stress tests for ``muse snapshot export``.""" def test_export_500_file_tar_gz(self, tmp_path: pathlib.Path) -> None: """Export of a 500-file snapshot produces a valid tar.gz with all files.""" _init_repo(tmp_path) manifest: Manifest = {} for i in range(500): data = f"content-{i}".encode() obj_id = blob_id(data) write_object(tmp_path, obj_id, data) manifest[f"f{i:04d}.dat"] = obj_id snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord(snapshot_id=snap_id, manifest=manifest)) out_file = tmp_path / "big.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 data_out: _ExportOut = json.loads(result.output) assert data_out["file_count"] == 500 assert data_out["size_bytes"] > 0 assert tarfile.is_tarfile(str(out_file)) def test_export_500_file_zip(self, tmp_path: pathlib.Path) -> None: """Export of a 500-file snapshot produces a valid zip with all files.""" _init_repo(tmp_path) manifest: Manifest = {} for i in range(500): data = f"zip-content-{i}".encode() obj_id = blob_id(data) write_object(tmp_path, obj_id, data) manifest[f"z{i:04d}.dat"] = obj_id snap_id = hash_snapshot(manifest) write_snapshot(tmp_path, SnapshotRecord(snapshot_id=snap_id, manifest=manifest)) out_file = tmp_path / "big.zip" result = _invoke( ["snapshot", "export", snap_id, "--format", "zip", "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0 data_out: _ExportOut = json.loads(result.output) assert data_out["file_count"] == 500 assert zipfile.is_zipfile(str(out_file)) def test_export_10_consecutive_exports_same_snapshot(self, tmp_path: pathlib.Path) -> None: """10 consecutive exports of the same snapshot all succeed with consistent results.""" _init_repo(tmp_path) _create_files(tmp_path, 5) create_res = _invoke(["snapshot", "create", "--json"], env=_env(tmp_path)) snap_id: str = json.loads(create_res.output)["snapshot_id"] for i in range(10): out_file = tmp_path / f"repeat_{i}.tar.gz" result = _invoke( ["snapshot", "export", snap_id, "--output", str(out_file), "--json"], env=_env(tmp_path), ) assert result.exit_code == 0, f"Iteration {i} failed: {result.output}" data_out: _ExportOut = json.loads(result.output) assert data_out["snapshot_id"] == snap_id assert data_out["file_count"] >= 5 # --------------------------------------------------------------------------- # Flag registration tests # --------------------------------------------------------------------------- class TestRegisterFlags: def _parser(self) -> "argparse.ArgumentParser": import argparse from muse.cli.commands.snapshot_cmd import register p = argparse.ArgumentParser() subs = p.add_subparsers() register(subs) return p def test_default_json_out_is_false(self) -> None: args = self._parser().parse_args(["snapshot", "create"]) assert args.json_out is False def test_json_flag_sets_json_out(self) -> None: args = self._parser().parse_args(["snapshot", "create", "--json"]) assert args.json_out is True def test_j_shorthand_sets_json_out(self) -> None: args = self._parser().parse_args(["snapshot", "create", "-j"]) assert args.json_out is True