VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/zddc/internal/zddc/writer.go
ZDDC a02a26d3c2
All checks were successful
Build + deploy releases / build-and-deploy (push) Successful in 8s
Details
feat: form-data system v0 (sixth tool + zddc-server endpoints) 
Schema-driven form renderer plus zddc-server endpoints that turn any
<name>.form.yaml into a working data-collection form at <path>/<name>.form.html.
Submissions land in <path>/<name>/<YYYY-MM-DD>-<email-sanitized>.yaml,
ACL-gated by the existing .zddc cascade. The form posts back to its own URL;
the server strips ".html" and routes by what's underneath, so create and
update use the same client-side code path.

Form spec dialect: JSON Schema 2020-12 + RJSF-style ui:* hints, written in
YAML. Chosen for LLM authorability — it's the canonical structured-output
target for OpenAI/Anthropic, and the ui:* convention is the most-trained UI
hint vocabulary. Supported subset for v0: type (string/number/integer/boolean/
array/object), enum, min/max, minLength/maxLength, required, additionalProperties:
false, properties, items, format (date, email). Round-trip mode is form-as-truth:
submission YAML is regenerated each save, comments are not preserved (the v1
file-as-truth mode for hand-edited files like .zddc itself is deferred).

New components:
  * form/ — sixth single-file HTML tool, vanilla JS renderer (~760 LoC)
  * zddc/internal/jsonschema/ — focused JSON Schema validator covering only
    the v0 keyword subset. Match-implementation-cost-to-surface-used: a full
    library brings 70%+ surface we don't use; revisit when v1 adds $ref +
    oneOf + if/then/else.
  * zddc/internal/handler/formhandler.go — RecognizeFormRequest / ServeForm,
    capability-URL re-edit, atomic submission writes via the new
    zddc.WriteAtomic helper extracted from writer.go.
  * dispatch() in zddc-server/main.go now intercepts *.form.html and
    *.yaml.html before the static-file path; spec existence is the trigger.

Build pipeline: form joins ZDDC_RELEASE_TOOLS in lockstep, gets its own
embedded copy in handler/form.html (separate from the apps cascade —
the form renderer is fixed, not subject to per-folder version overrides).

Tests: 5 new Playwright specs (form-safety) + 14 new Go tests across the
validator and handler. All 172 Playwright tests + 10 Go packages green.
End-to-end manual verification: GET empty → POST 201 + capability URL →
GET re-edit (pre-filled) → POST update → 200, raw YAML browsable, ACL
deny → 403.

Docs: form/ section added to AGENTS.md and ARCHITECTURE.md. AGENTS.md
also documents the implementation-vs-dependency policy. CLAUDE.md repo-shape
list extended.

Deferred (v1+): .zddc editor migration onto this system, file-as-truth
lossless YAML round-trip, ui:show-when conditional visibility, oneOf/anyOf,
apps-cascade preview hook, cascade-fetched form definitions.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 20:12:16 -05:00

104 lines
3 KiB
Go
Raw Blame History

package zddc
import (
"fmt"
"os"
"path/filepath"
"gopkg.in/yaml.v3"
)
// WriteAtomic writes data to absPath atomically. The parent directory is
// created (mode 0o755) if it does not exist; the file is written with mode
// 0o644.
//
// Implementation: bytes go to a sibling temp file, are fsync'd, then renamed
// onto absPath. On any failure the temp is removed and absPath is untouched.
// Knows nothing about caches — callers that need cache invalidation
// (.zddc, the apps cascade, etc.) handle it themselves.
func WriteAtomic(absPath string, data []byte) error {
dir := filepath.Dir(absPath)
if err := os.MkdirAll(dir, 0o755); err != nil {
return fmt.Errorf("ensure dir: %w", err)
}
base := filepath.Base(absPath)
tmp, err := os.CreateTemp(dir, "."+base+".*.tmp")
if err != nil {
return fmt.Errorf("create temp: %w", err)
}
tmpPath := tmp.Name()
defer func() {
_ = os.Remove(tmpPath)
}()
if _, err := tmp.Write(data); err != nil {
tmp.Close()
return fmt.Errorf("write temp: %w", err)
}
if err := tmp.Sync(); err != nil {
tmp.Close()
return fmt.Errorf("fsync temp: %w", err)
}
if err := tmp.Close(); err != nil {
return fmt.Errorf("close temp: %w", err)
}
if err := os.Chmod(tmpPath, 0o644); err != nil {
return fmt.Errorf("chmod temp: %w", err)
}
if err := os.Rename(tmpPath, absPath); err != nil {
return fmt.Errorf("rename: %w", err)
}
return nil
}
// WriteFile atomically writes zf as YAML to <dirPath>/.zddc.
//
// The YAML round-trips through Marshal then Unmarshal as a sanity check —
// this catches struct-encoding bugs before they hit disk and ensures the
// file we produce is parseable by ParseFile (which is what every reader
// uses). On any failure the original file is untouched.
//
// After the write succeeds the policy and scan caches for dirPath (and
// descendants) are invalidated so the next EffectivePolicy / ScanZddcFiles
// call reads fresh content.
func WriteFile(dirPath string, zf ZddcFile) error {
dirPath = filepath.Clean(dirPath)
data, err := yaml.Marshal(&zf)
if err != nil {
return fmt.Errorf("marshal: %w", err)
}
// Sanity round-trip: re-parse what we just produced. If this fails the
// in-memory struct does not survive a write/read cycle and we should
// abort before touching disk.
var probe ZddcFile
if err := yaml.Unmarshal(data, &probe); err != nil {
return fmt.Errorf("round-trip parse: %w", err)
}
target := filepath.Join(dirPath, ".zddc")
if err := WriteAtomic(target, data); err != nil {
return err
}
InvalidateCache(dirPath)
InvalidateScanCache()
return nil
}
// DeleteFile removes <dirPath>/.zddc. Returns nil if the file does not exist.
// Cache invalidation runs unconditionally so any in-memory copy of an old
// chain is dropped.
func DeleteFile(dirPath string) error {
dirPath = filepath.Clean(dirPath)
target := filepath.Join(dirPath, ".zddc")
err := os.Remove(target)
if err != nil && !os.IsNotExist(err) {
return fmt.Errorf("remove: %w", err)
}
InvalidateCache(dirPath)
InvalidateScanCache()
return nil
}
Reference in a new issue View git blame Copy permalink