actcore
diff --git a/‎Cargo.lock‎
Lines changed: 24 additions & 0 deletions b/‎Cargo.lock‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎act-cli/Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎act-cli/Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎act-cli/src/config.rs‎
Lines changed: 16 additions & 56 deletions b/‎act-cli/src/config.rs‎
Lines changed: 16 additions & 56 deletions
diff --git a/‎act-cli/src/fs_matcher.rs‎
Lines changed: 214 additions & 0 deletions b/‎act-cli/src/fs_matcher.rs‎
Lines changed: 214 additions & 0 deletions
@@ -50,6 +50,7 @@ http-body-util = "0.1"
 hyper = "1"
 bytes = "1"
 cidr = "0.3"
+globset = "0.4"
 
 [dev-dependencies]
 tempfile = "3"
@@ -55,18 +55,22 @@ impl FsConfig {
         }
     }
 
-    /// Preopens derived from `allow` entries. Layer 1 supports literal path
-    /// patterns and a trailing `/**` (meaning the directory and everything
-    /// under it). Other glob syntax is rejected until the Layer 1 custom WASI
-    /// impl lands and replaces preopens with per-op matching.
+    /// Preopens for this policy. Layer 1 uses a single virtual-root preopen
+    /// at host `/` for every non-`Deny` mode — the `FsMatcher` is the only
+    /// enforcement point. The guest sees the whole host filesystem in its
+    /// namespace but can't actually open anything the matcher denies.
+    ///
+    /// Deny mode: no preopens at all (guest can't name anything).
+    ///
+    /// This is Unix-first: preopening `/` assumes a POSIX root. Windows
+    /// support requires preopening each drive separately and is deferred.
     pub fn preopens(&self) -> Result<Vec<DirMount>> {
         match self.mode {
             PolicyMode::Deny => Ok(vec![]),
-            PolicyMode::Open => Ok(vec![DirMount {
+            PolicyMode::Open | PolicyMode::Allowlist => Ok(vec![DirMount {
                 guest: "/".to_string(),
                 host: PathBuf::from("/"),
             }]),
-            PolicyMode::Allowlist => self.allow.iter().map(|p| path_to_mount(p)).collect(),
         }
     }
 }
@@ -206,32 +210,6 @@ pub fn get_profile<'a>(config: &'a ConfigFile, name: &str) -> Result<&'a Profile
         .with_context(|| format!("profile '{}' not found in config", name))
 }
 
-/// Expand `~` in a path string to the user's home directory.
-fn expand_path(s: &str) -> PathBuf {
-    let expanded = shellexpand::tilde(s);
-    PathBuf::from(expanded.as_ref())
-}
-
-/// Convert an `allow` entry (literal path or `dir/**`) to a preopen mount.
-fn path_to_mount(pattern: &str) -> Result<DirMount> {
-    let trimmed = pattern
-        .strip_suffix("/**")
-        .or_else(|| pattern.strip_suffix("/*"))
-        .unwrap_or(pattern);
-    if trimmed.contains('*') || trimmed.contains('?') || trimmed.contains('[') {
-        anyhow::bail!(
-            "unsupported glob in '{}'; Layer 1 allows literal paths and a trailing '/**' only",
-            pattern
-        );
-    }
-    let host = expand_path(trimmed);
-    let guest = format!(
-        "/{}",
-        host.file_name().and_then(|n| n.to_str()).unwrap_or("")
-    );
-    Ok(DirMount { guest, host })
-}
-
 // ── Resolution ──
 
 /// CLI-provided policy overrides, collected in one place.
@@ -444,39 +422,21 @@ mod tests {
         let mounts = cfg.preopens().unwrap();
         assert_eq!(mounts.len(), 1);
         assert_eq!(mounts[0].host, PathBuf::from("/"));
+        assert_eq!(mounts[0].guest, "/");
     }
 
     #[test]
-    fn fs_allowlist_literal_path() {
+    fn fs_allowlist_uses_virtual_root() {
         let cfg = FsConfig {
             mode: PolicyMode::Allowlist,
-            allow: vec!["/tmp/data".into()],
+            allow: vec!["/tmp/data/**".into(), "~/projects/{foo,bar}/**".into()],
             ..Default::default()
         };
         let mounts = cfg.preopens().unwrap();
+        // Always a single virtual-root preopen; matcher handles the patterns.
         assert_eq!(mounts.len(), 1);
-        assert_eq!(mounts[0].host, PathBuf::from("/tmp/data"));
-    }
-
-    #[test]
-    fn fs_allowlist_trailing_double_star() {
-        let cfg = FsConfig {
-            mode: PolicyMode::Allowlist,
-            allow: vec!["/tmp/data/**".into()],
-            ..Default::default()
-        };
-        let mounts = cfg.preopens().unwrap();
-        assert_eq!(mounts[0].host, PathBuf::from("/tmp/data"));
-    }
-
-    #[test]
-    fn fs_allowlist_rejects_mid_glob() {
-        let cfg = FsConfig {
-            mode: PolicyMode::Allowlist,
-            allow: vec!["/tmp/*/x".into()],
-            ..Default::default()
-        };
-        assert!(cfg.preopens().is_err());
+        assert_eq!(mounts[0].host, PathBuf::from("/"));
+        assert_eq!(mounts[0].guest, "/");
     }
 
     #[test]
 
@@ -0,0 +1,214 @@
+//! Layer 1 phase C1, part 1/2: glob matcher for filesystem policy.
+//!
+//! Compiles the resolved `FsConfig.allow` / `FsConfig.deny` lists into
+//! `GlobSet`s and answers "is this absolute host path allowed?" The matcher
+//! itself is hook-agnostic — it's consumed by the custom `HostDescriptor`
+//! wrapper (part 2/2) at `open_at` time.
+//!
+//! Path normalisation rules:
+//! - All patterns are canonicalised to absolute host paths at construction
+//!   (`~` expansion, relative paths resolved against the current directory).
+//! - All paths passed to `decide` must be absolute host paths, already
+//!   canonicalised (symlinks resolved, `..` collapsed). The wrapper handles
+//!   canonicalisation before calling into the matcher.
+//! - Patterns accept `globset` syntax: `*`, `?`, `[...]`, `{a,b}`, `**`. A
+//!   pattern ending in `/` or `/**` applies to the directory and everything
+//!   below it.
+//!
+//! Decision rule:
+//! - Mode = Deny → always `Deny`.
+//! - Mode = Open → always `Allow`.
+//! - Mode = Allowlist → `Deny` if any deny pattern matches; else `Allow`
+//!   if any allow pattern matches; else `Deny`.
+
+use std::path::Path;
+
+use anyhow::{Context, Result};
+use globset::{Glob, GlobSet, GlobSetBuilder};
+
+use crate::config::{FsConfig, PolicyMode};
+
+/// Result of a policy decision for one filesystem operation.
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+#[allow(dead_code)] // wired in phase C1 part 2 (HostDescriptor wrapper)
+pub enum FsDecision {
+    Allow,
+    Deny,
+}
+
+/// Compiled glob sets ready to decide access for a given host path.
+#[derive(Debug, Clone)]
+#[allow(dead_code)] // wired in phase C1 part 2 (HostDescriptor wrapper)
+pub struct FsMatcher {
+    mode: PolicyMode,
+    allow: GlobSet,
+    deny: GlobSet,
+}
+
+impl FsMatcher {
+    /// Compile a matcher from a resolved `FsConfig`.
+    pub fn compile(cfg: &FsConfig) -> Result<Self> {
+        Ok(Self {
+            mode: cfg.mode,
+            allow: compile_set("allow", &cfg.allow)?,
+            deny: compile_set("deny", &cfg.deny)?,
+        })
+    }
+
+    /// Decide whether an absolute, canonical host path may be opened/touched.
+    pub fn decide(&self, path: &Path) -> FsDecision {
+        match self.mode {
+            PolicyMode::Deny => FsDecision::Deny,
+            PolicyMode::Open => FsDecision::Allow,
+            PolicyMode::Allowlist => {
+                if self.deny.is_match(path) {
+                    return FsDecision::Deny;
+                }
+                if self.allow.is_match(path) {
+                    FsDecision::Allow
+                } else {
+                    FsDecision::Deny
+                }
+            }
+        }
+    }
+}
+
+fn compile_set(label: &str, patterns: &[String]) -> Result<GlobSet> {
+    let mut b = GlobSetBuilder::new();
+    for p in patterns {
+        let expanded = expand_pattern(p);
+        let glob = Glob::new(&expanded)
+            .with_context(|| format!("invalid {label} glob '{p}' (expanded: '{expanded}')"))?;
+        b.add(glob);
+        // A directory pattern like `/foo/bar` (no trailing `/**`) should also
+        // match descendants, so add `/foo/bar/**` alongside.
+        if !expanded.ends_with("/**") && !expanded.contains('*') && !expanded.contains('?') {
+            let descendants = format!("{expanded}/**");
+            let glob = Glob::new(&descendants).with_context(|| {
+                format!("invalid derived {label} glob '{descendants}' from '{p}'")
+            })?;
+            b.add(glob);
+        }
+    }
+    b.build()
+        .with_context(|| format!("failed to build {label} glob set"))
+}
+
+/// Expand `~` and make patterns absolute. Relative patterns are resolved
+/// against the current directory; patterns beginning with `~` expand against
+/// the home directory. `**` and other globset metacharacters are left intact.
+fn expand_pattern(pattern: &str) -> String {
+    let expanded = shellexpand::tilde(pattern).into_owned();
+    if Path::new(&expanded).is_absolute() {
+        return expanded;
+    }
+    match std::env::current_dir() {
+        Ok(cwd) => cwd.join(&expanded).to_string_lossy().into_owned(),
+        Err(_) => expanded,
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::path::PathBuf;
+
+    fn cfg(mode: PolicyMode, allow: &[&str], deny: &[&str]) -> FsConfig {
+        FsConfig {
+            mode,
+            allow: allow.iter().map(|s| s.to_string()).collect(),
+            deny: deny.iter().map(|s| s.to_string()).collect(),
+        }
+    }
+
+    #[test]
+    fn deny_mode_blocks_everything() {
+        let m = FsMatcher::compile(&cfg(PolicyMode::Deny, &[], &[])).unwrap();
+        assert_eq!(m.decide(&PathBuf::from("/tmp/anything")), FsDecision::Deny);
+    }
+
+    #[test]
+    fn open_mode_allows_everything() {
+        let m = FsMatcher::compile(&cfg(PolicyMode::Open, &[], &[])).unwrap();
+        assert_eq!(m.decide(&PathBuf::from("/etc/passwd")), FsDecision::Allow);
+    }
+
+    #[test]
+    fn allow_literal_path_matches_descendants() {
+        let m = FsMatcher::compile(&cfg(PolicyMode::Allowlist, &["/tmp/work"], &[])).unwrap();
+        assert_eq!(m.decide(&PathBuf::from("/tmp/work")), FsDecision::Allow);
+        assert_eq!(
+            m.decide(&PathBuf::from("/tmp/work/sub/file.txt")),
+            FsDecision::Allow
+        );
+        assert_eq!(m.decide(&PathBuf::from("/tmp/other")), FsDecision::Deny);
+    }
+
+    #[test]
+    fn allow_trailing_double_star_matches_descendants() {
+        let m = FsMatcher::compile(&cfg(PolicyMode::Allowlist, &["/tmp/work/**"], &[])).unwrap();
+        assert_eq!(
+            m.decide(&PathBuf::from("/tmp/work/sub/file.txt")),
+            FsDecision::Allow
+        );
+        assert_eq!(m.decide(&PathBuf::from("/tmp/other")), FsDecision::Deny);
+    }
+
+    #[test]
+    fn deny_rules_beat_allow() {
+        let m = FsMatcher::compile(&cfg(
+            PolicyMode::Allowlist,
+            &["/home/alex/**"],
+            &["/home/alex/.ssh/**", "/home/alex/.aws/**"],
+        ))
+        .unwrap();
+        assert_eq!(
+            m.decide(&PathBuf::from("/home/alex/project/main.rs")),
+            FsDecision::Allow
+        );
+        assert_eq!(
+            m.decide(&PathBuf::from("/home/alex/.ssh/id_rsa")),
+            FsDecision::Deny
+        );
+        assert_eq!(
+            m.decide(&PathBuf::from("/home/alex/.aws/credentials")),
+            FsDecision::Deny
+        );
+    }
+
+    #[test]
+    fn ripgrep_style_brace_expansion() {
+        let m = FsMatcher::compile(&cfg(
+            PolicyMode::Allowlist,
+            &["/home/alex/{projects,work}/**"],
+            &[],
+        ))
+        .unwrap();
+        assert_eq!(
+            m.decide(&PathBuf::from("/home/alex/projects/foo/lib.rs")),
+            FsDecision::Allow
+        );
+        assert_eq!(
+            m.decide(&PathBuf::from("/home/alex/work/docs/README.md")),
+            FsDecision::Allow
+        );
+        assert_eq!(
+            m.decide(&PathBuf::from("/home/alex/Downloads/x")),
+            FsDecision::Deny
+        );
+    }
+
+    #[test]
+    fn extension_glob() {
+        let m = FsMatcher::compile(&cfg(PolicyMode::Allowlist, &["/tmp/**/*.md"], &[])).unwrap();
+        assert_eq!(
+            m.decide(&PathBuf::from("/tmp/notes/today.md")),
+            FsDecision::Allow
+        );
+        assert_eq!(
+            m.decide(&PathBuf::from("/tmp/notes/secret.txt")),
+            FsDecision::Deny
+        );
+    }
+}