From 9d0162c77564b3e07c3af1db3801e4748e5ee627 Mon Sep 17 00:00:00 2001 From: Bortlesboat Date: Tue, 12 May 2026 23:13:41 -0400 Subject: [PATCH] fix: honor cortex home for trusted workspaces --- .../runner/app_runner/trusted_workspaces.rs | 99 ++++++++++++++++++- 1 file changed, 94 insertions(+), 5 deletions(-) diff --git a/src/cortex-tui/src/runner/app_runner/trusted_workspaces.rs b/src/cortex-tui/src/runner/app_runner/trusted_workspaces.rs index 556a2e364..dec9801d2 100644 --- a/src/cortex-tui/src/runner/app_runner/trusted_workspaces.rs +++ b/src/cortex-tui/src/runner/app_runner/trusted_workspaces.rs @@ -7,10 +7,18 @@ use std::path::PathBuf; // Trusted Workspaces // ============================================================================ +fn trusted_workspaces_dir() -> Option { + cortex_common::get_cortex_home() +} + +fn trusted_workspaces_file() -> Option { + trusted_workspaces_dir().map(|dir| dir.join("trusted_workspaces.json")) +} + /// Check if a workspace is already trusted. pub fn is_workspace_trusted(workspace: &std::path::Path) -> bool { - let trusted_file = match dirs::home_dir() { - Some(home) => home.join(".cortex").join("trusted_workspaces.json"), + let trusted_file = match trusted_workspaces_file() { + Some(path) => path, None => return false, }; @@ -41,9 +49,7 @@ pub fn is_workspace_trusted(workspace: &std::path::Path) -> bool { /// Mark a workspace as trusted. pub fn mark_workspace_trusted(workspace: &std::path::Path) -> Result<()> { - let cortex_dir = dirs::home_dir() - .map(|h| h.join(".cortex")) - .unwrap_or_else(|| PathBuf::from(".cortex")); + let cortex_dir = trusted_workspaces_dir().unwrap_or_else(|| PathBuf::from(".cortex")); std::fs::create_dir_all(&cortex_dir)?; @@ -74,3 +80,86 @@ pub fn mark_workspace_trusted(workspace: &std::path::Path) -> Result<()> { std::fs::write(&trusted_file, serde_json::to_string_pretty(&data)?)?; Ok(()) } + +#[cfg(test)] +mod tests { + use super::*; + use std::ffi::{OsStr, OsString}; + use std::sync::Mutex; + + static ENV_LOCK: Mutex<()> = Mutex::new(()); + + struct EnvVarGuard { + key: &'static str, + previous: Option, + } + + impl EnvVarGuard { + fn set(key: &'static str, value: &OsStr) -> Self { + let previous = std::env::var_os(key); + unsafe { + std::env::set_var(key, value); + } + Self { key, previous } + } + } + + impl Drop for EnvVarGuard { + fn drop(&mut self) { + unsafe { + if let Some(previous) = &self.previous { + std::env::set_var(self.key, previous); + } else { + std::env::remove_var(self.key); + } + } + } + } + + #[test] + fn trusted_workspaces_file_uses_cortex_home_override() { + let _lock = ENV_LOCK.lock().unwrap(); + let temp_dir = tempfile::tempdir().unwrap(); + let _guard = EnvVarGuard::set("CORTEX_HOME", temp_dir.path().as_os_str()); + + assert_eq!( + trusted_workspaces_file().unwrap(), + temp_dir.path().join("trusted_workspaces.json") + ); + } + + #[test] + fn is_workspace_trusted_reads_trust_store_from_cortex_home() { + let _lock = ENV_LOCK.lock().unwrap(); + let temp_dir = tempfile::tempdir().unwrap(); + let _guard = EnvVarGuard::set("CORTEX_HOME", temp_dir.path().as_os_str()); + let workspace = temp_dir.path().join("project"); + let trusted_file = temp_dir.path().join("trusted_workspaces.json"); + + std::fs::write( + &trusted_file, + serde_json::json!({ + "version": 1, + "trusted": [workspace.to_string_lossy()] + }) + .to_string(), + ) + .unwrap(); + + assert!(is_workspace_trusted(&workspace)); + } + + #[test] + fn mark_workspace_trusted_writes_trust_store_to_cortex_home() { + let _lock = ENV_LOCK.lock().unwrap(); + let temp_dir = tempfile::tempdir().unwrap(); + let _guard = EnvVarGuard::set("CORTEX_HOME", temp_dir.path().as_os_str()); + let workspace = temp_dir.path().join("project"); + let trusted_file = temp_dir.path().join("trusted_workspaces.json"); + + mark_workspace_trusted(&workspace).unwrap(); + + assert!(trusted_file.exists()); + assert!(is_workspace_trusted(&workspace)); + } +}