refactor: fail loud, tighten types, remove speculative abstraction

Fail loud at the boundary: - substitute_template raises ConfigError on unresolved {{...}}; no more silent literal placeholders in download URLs. - parse_profile raises ConfigError when 'os' is missing -- no raw.get("os", "linux") default that silently masks typos. - urllib download failures wrapped to FlowError. - bootstrap _execute_action dispatches phases explicitly and raises on unhandled phase; no more "anything else runs as shell". Direct access over defensive wrapping: - plan_bootstrap requires env; plan_install requires pm. Drop the dead `or os.environ` / `or detect_package_manager()` fallbacks. - InstalledState.from_dict raises ConfigError on missing fields rather than .get(..., default). - Replace `x or {}` chains with explicit `x if x is not None else {}` in package resolution; catalog validates type/platform-map/install shapes at parse. One canonical form / direct access: - Path.home() replaced with paths.HOME in services/packages.py and commands/completion.py. paths.HOME is the single source now. - Use Path.is_relative_to for install-path containment instead of str.startswith. Domain purity: - domain/containers/resolution.resolve_mounts takes a filesystem_check predicate; service passes the probe in. Domain no longer touches the filesystem directly. No speculative abstraction: - Drop the `allow_sudo` field entirely. The _script_uses_sudo check it gated was bypassable (substring match) and gave false confidence; the manifest is fully user-trusted anyway. - Delete dead terminfo_fix_command + RemoteService.fix_terminfo (no command surface exposes them). - FileSystem.remove_tree no longer swallows errors via ignore_errors; callers opt into missing_ok if needed. Typed enums: - PackageDef.type, AppConfig.container_runtime as Literal[...]. container_runtime values validated at config parse. Completion bypasses runtime no longer: - complete(ctx, ...) threads context; ContainerRuntime and state-file reads go through ctx.runtime instead of constructing primitives. Tests added for: template raise, missing os raise, env/pm required, unknown phase raise, no allow_sudo gate, URL download failure, install path escape, corrupt installed.json, container_runtime Literal, filesystem_check controls mounts. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 00:02:06 +03:00
parent c0e2758057
commit a71742afee
26 changed files with 429 additions and 214 deletions
--- a/tests/test_domain_packages.py
+++ b/tests/test_domain_packages.py
@@ -67,7 +67,7 @@ class TestResolveSpec:
            name="fd", type="pkg", sources={"apt": "fd-find"},
            source=None, version=None, asset_pattern=None,
            platform_map={}, extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )}
        ref = ProfilePackageRef(name="fd", type=None, source=None, version="1.0", asset_pattern=None)
        result = resolve_spec(ref, catalog)
@@ -86,7 +86,7 @@ class TestResolveSpec:
            name="docker", type="pkg", sources={"apt": "docker-ce"},
            source=None, version=None, asset_pattern=None,
            platform_map={}, extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )}
        ref = ProfilePackageRef(
            name="docker",
@@ -95,11 +95,9 @@ class TestResolveSpec:
            version=None,
            asset_pattern=None,
            post_install="sudo groupadd docker || true",
-            allow_sudo=True,
        )
        result = resolve_spec(ref, catalog)
        assert result.post_install == "sudo groupadd docker || true"
-        assert result.allow_sudo is True


 class TestResolveSourceName:
@@ -108,7 +106,7 @@ class TestResolveSourceName:
            name="fd", type="pkg", sources={"apt": "fd-find"},
            source=None, version=None, asset_pattern=None,
            platform_map={}, extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        assert resolve_source_name(pkg, "apt") == "fd-find"

@@ -117,7 +115,7 @@ class TestResolveSourceName:
            name="fd", type="pkg", sources={},
            source=None, version=None, asset_pattern=None,
            platform_map={}, extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        assert resolve_source_name(pkg, "apt") == "fd"

@@ -131,7 +129,7 @@ class TestResolveBinaryAsset:
            asset_pattern=None,
            platform_map={"linux-x64": "nvim-linux-x86_64.tar.gz"},
            extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        assert resolve_binary_asset(pkg, "linux-x64") == "nvim-linux-x86_64.tar.gz"

@@ -143,7 +141,7 @@ class TestResolveBinaryAsset:
            asset_pattern="fd-v10.2.0-{{arch}}-unknown-{{os}}-gnu.tar.gz",
            platform_map={},
            extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        result = resolve_binary_asset(pkg, "linux-x64")
        assert "x64" in result
@@ -157,7 +155,7 @@ class TestResolveBinaryAsset:
            asset_pattern="nvim-{{os}}-{{arch}}.tar.gz",
            platform_map={"linux-x64": {"os": "linux", "arch": "x86_64"}},
            extract_dir="nvim-{{os}}64", install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        assert resolve_binary_asset(pkg, "linux-x64") == "nvim-linux-x86_64.tar.gz"
        assert resolve_extract_dir(pkg, "linux-x64") == "nvim-linux64"
@@ -171,7 +169,7 @@ class TestResolveDownloadUrl:
            version="v0.10.4",
            asset_pattern=None, platform_map={},
            extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        url = resolve_download_url(pkg, "nvim.tar.gz")
        assert "github.com/neovim/neovim" in url
@@ -184,7 +182,7 @@ class TestResolveDownloadUrl:
            version="0.10.4",
            asset_pattern=None, platform_map={},
            extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        url = resolve_download_url(pkg, "nvim.tar.gz", "linux-x64")
        assert "/download/v0.10.4/" in url
@@ -196,7 +194,7 @@ class TestResolveDownloadUrl:
            version=None,
            asset_pattern=None, platform_map={},
            extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        url = resolve_download_url(pkg, "nvim.tar.gz")
        assert "latest" in url
@@ -208,7 +206,7 @@ class TestResolveDownloadUrl:
            version=None,
            asset_pattern=None, platform_map={},
            extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        url = resolve_download_url(pkg, "x.tar.gz")
        assert url == "https://example.com/download/x.tar.gz"
@@ -247,7 +245,7 @@ class TestPlanning:
            name="wezterm", type="cask", sources={"brew": "wezterm"},
            source=None, version=None, asset_pattern=None,
            platform_map={}, extract_dir=None, install={},
-            post_install=None, allow_sudo=False,
+            post_install=None,
        )
        plan = plan_install([pkg], InstalledState(), "macos-arm64", "brew")
        assert plan.install_ops[0].method == "cask"