refactor(cli): policies belong in runtime — collapse into runtime/ module

Moves the policy-related modules into a runtime/ directory module, next
to the wasmtime linker setup and the generated WIT bindings they depend
on. Config stays declarative; runtime owns all the host setup.

Layout:
  src/
    config.rs         — declarative types: FsConfig, HttpConfig,
                        CliPolicyOverrides, TOML + CLI resolution.
    runtime/
      mod.rs          — HostState, linker, create_store, actor loop.
      bindings/       — WIT-generated bindings (was src/bindings/).
      fs_matcher.rs   — globset-backed FsMatcher.
      fs_policy.rs    — Preopen + derive_preopens + platform_root_preopens
                        + apply_mount_root + PolicyFilesystem HostDescriptor.
      http_policy.rs  — PolicyHttpHooks.

Also renames DirMount → Preopen. With the virtual-root model we're no
longer doing traditional mount-style remapping — a Preopen is just a
(guest, host) pair handed to wasmtime-wasi's preopened_dir. Tests that
exercised preopen derivation and apply_mount_root moved to the
preopen_tests submodule in runtime/fs_policy.rs.

Author: GamePad64

act-cli/src/config.rs

@@ -54,66 +54,6 @@ impl FsConfig {
             ..Default::default()
         }
     }
-
-    /// Preopens for this policy.
-    ///
-    /// For every non-`Deny` mode, the `FsMatcher` is the only enforcement
-    /// point — the guest sees the whole (platform-native) host filesystem in
-    /// its namespace but can't actually open anything the matcher denies.
-    ///
-    /// - Unix: a single virtual-root preopen `{guest: "/", host: "/"}`.
-    /// - Windows: one preopen per accessible drive, guest `/{lowercase letter}`
-    ///   → host `{uppercase letter}:\`. Drives are enumerated by attempting
-    ///   `std::fs::metadata` on each letter A–Z; inaccessible drives are
-    ///   silently skipped.
-    ///
-    /// Deny mode: no preopens at all (guest can't name anything).
-    pub fn preopens(&self) -> Result<Vec<DirMount>> {
-        match self.mode {
-            PolicyMode::Deny => Ok(vec![]),
-            PolicyMode::Open | PolicyMode::Allowlist => Ok(platform_root_preopens()),
-        }
-    }
-}
-
-#[cfg(unix)]
-fn platform_root_preopens() -> Vec<DirMount> {
-    vec![DirMount {
-        guest: "/".to_string(),
-        host: PathBuf::from("/"),
-    }]
-}
-
-#[cfg(windows)]
-fn platform_root_preopens() -> Vec<DirMount> {
-    let mut mounts = Vec::new();
-    for letter in b'A'..=b'Z' {
-        let c = letter as char;
-        let host = PathBuf::from(format!("{}:\\", c));
-        // `metadata` trips DriveNotReady / access errors for absent drives;
-        // treat any failure as "skip this letter".
-        if std::fs::metadata(&host).is_ok() {
-            let guest = format!("/{}", c.to_ascii_lowercase());
-            mounts.push(DirMount { guest, host });
-        }
-    }
-    mounts
-}
-
-#[cfg(not(any(unix, windows)))]
-fn platform_root_preopens() -> Vec<DirMount> {
-    // Fall back to a POSIX-ish root on esoteric platforms.
-    vec![DirMount {
-        guest: "/".to_string(),
-        host: PathBuf::from("/"),
-    }]
-}
-
-/// Derived directory mount for wasmtime's `preopened_dir`.
-#[derive(Debug, Clone, PartialEq)]
-pub struct DirMount {
-    pub guest: String,
-    pub host: PathBuf,
 }
 
 /// Resolved HTTP policy for a component invocation.
@@ -410,22 +350,6 @@ pub fn resolve_metadata(
     }
 }
 
-/// Adjust guest paths in preopen mounts based on the component's `std:fs:mount-root`.
-pub fn apply_mount_root(mounts: &mut [DirMount], mount_root: &str) {
-    if mount_root == "/" || mount_root.is_empty() {
-        return;
-    }
-    let root = mount_root.trim_end_matches('/');
-    for mount in mounts {
-        if mount.guest == "/" {
-            mount.guest = root.to_string();
-        } else {
-            let guest = mount.guest.trim_start_matches('/');
-            mount.guest = format!("{}/{}", root, guest);
-        }
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -441,38 +365,6 @@ mod tests {
         assert!(PolicyMode::parse("bogus").is_err());
     }
 
-    #[test]
-    fn fs_deny_has_no_preopens() {
-        let cfg = FsConfig::deny();
-        assert!(cfg.preopens().unwrap().is_empty());
-    }
-
-    #[test]
-    fn fs_open_maps_root() {
-        let cfg = FsConfig {
-            mode: PolicyMode::Open,
-            ..Default::default()
-        };
-        let mounts = cfg.preopens().unwrap();
-        assert_eq!(mounts.len(), 1);
-        assert_eq!(mounts[0].host, PathBuf::from("/"));
-        assert_eq!(mounts[0].guest, "/");
-    }
-
-    #[test]
-    fn fs_allowlist_uses_virtual_root() {
-        let cfg = FsConfig {
-            mode: PolicyMode::Allowlist,
-            allow: vec!["/tmp/data/**".into(), "~/projects/{foo,bar}/**".into()],
-            ..Default::default()
-        };
-        let mounts = cfg.preopens().unwrap();
-        // Always a single virtual-root preopen; matcher handles the patterns.
-        assert_eq!(mounts.len(), 1);
-        assert_eq!(mounts[0].host, PathBuf::from("/"));
-        assert_eq!(mounts[0].guest, "/");
-    }
-
     #[test]
     fn cli_http_allow_host() {
         let cli = CliPolicyOverrides {
@@ -532,16 +424,6 @@ allow = [{ host = "api.openai.com", scheme = "https" }]
         assert_eq!(http.allow[0].scheme.as_deref(), Some("https"));
     }
 
-    #[test]
-    fn apply_mount_root_rewrites() {
-        let mut mounts = vec![DirMount {
-            guest: "/".to_string(),
-            host: PathBuf::from("/host"),
-        }];
-        apply_mount_root(&mut mounts, "/data");
-        assert_eq!(mounts[0].guest, "/data");
-    }
-
     #[test]
     fn cli_overrides_config_file() {
         let toml = r#"

act-cli/src/main.rs

@@ -1,9 +1,6 @@
 mod config;
 mod format;
-mod fs_matcher;
-mod fs_policy;
 mod http;
-mod http_policy;
 mod mcp;
 mod resolve;
 mod runtime;
@@ -299,9 +296,9 @@ async fn prepare_component(
 
     runtime::warn_missing_capabilities(&info, &fs, &http);
 
-    let mut preopens = fs.preopens()?;
+    let mut preopens = runtime::fs_policy::derive_preopens(&fs);
     let mount_root = info.std.capabilities.fs_mount_root().unwrap_or("/");
-    config::apply_mount_root(&mut preopens, mount_root);
+    runtime::fs_policy::apply_mount_root(&mut preopens, mount_root);
 
     let metadata: runtime::Metadata = resolved
         .metadata

act-cli/src/bindings/mod.rs act-cli/src/runtime/bindings/mod.rsact-cli/src/bindings/mod.rs renamed to act-cli/src/runtime/bindings/mod.rs

@@ -38,7 +38,87 @@ use wasmtime_wasi::p2::bindings::filesystem::types::{
 };
 use wasmtime_wasi::p2::{DynInputStream, DynOutputStream, FsError, FsResult};
 
-use crate::fs_matcher::{FsDecision, FsMatcher};
+use crate::config::{FsConfig, PolicyMode};
+use crate::runtime::fs_matcher::{FsDecision, FsMatcher};
+
+// ── Preopen derivation ────────────────────────────────────────────────────
+
+/// A (guest path → host path) pair handed to wasmtime-wasi's `preopened_dir`.
+///
+/// With the virtual-root policy model the guest always sees the whole host
+/// filesystem at `/` (Unix) or at `/c`, `/d`, ... (Windows drives); the
+/// `FsMatcher` gates per-op access. These records are the bridge between
+/// config and the wasmtime setup code.
+#[derive(Debug, Clone, PartialEq)]
+pub struct Preopen {
+    pub guest: String,
+    pub host: PathBuf,
+}
+
+/// Derive the preopen list for an `FsConfig`.
+///
+/// - `Deny` → no preopens (guest can't name anything).
+/// - `Open` / `Allowlist` → platform root preopens. Unix: one `/` preopen.
+///   Windows: one per accessible drive letter (`/c` → `C:\`, `/d` → `D:\`, …;
+///   absent drives are skipped).
+pub fn derive_preopens(cfg: &FsConfig) -> Vec<Preopen> {
+    match cfg.mode {
+        PolicyMode::Deny => Vec::new(),
+        PolicyMode::Open | PolicyMode::Allowlist => platform_root_preopens(),
+    }
+}
+
+#[cfg(unix)]
+fn platform_root_preopens() -> Vec<Preopen> {
+    vec![Preopen {
+        guest: "/".to_string(),
+        host: PathBuf::from("/"),
+    }]
+}
+
+#[cfg(windows)]
+fn platform_root_preopens() -> Vec<Preopen> {
+    let mut mounts = Vec::new();
+    for letter in b'A'..=b'Z' {
+        let c = letter as char;
+        let host = PathBuf::from(format!("{}:\\", c));
+        // `metadata` trips DriveNotReady / access errors for absent drives;
+        // treat any failure as "skip this letter".
+        if std::fs::metadata(&host).is_ok() {
+            let guest = format!("/{}", c.to_ascii_lowercase());
+            mounts.push(Preopen { guest, host });
+        }
+    }
+    mounts
+}
+
+#[cfg(not(any(unix, windows)))]
+fn platform_root_preopens() -> Vec<Preopen> {
+    vec![Preopen {
+        guest: "/".to_string(),
+        host: PathBuf::from("/"),
+    }]
+}
+
+/// Adjust guest paths based on the component's `std:fs:mount-root` —
+/// cosmetic renaming of the preopen entries. Host paths are untouched and
+/// the policy matcher always operates on host paths.
+pub fn apply_mount_root(preopens: &mut [Preopen], mount_root: &str) {
+    if mount_root == "/" || mount_root.is_empty() {
+        return;
+    }
+    let root = mount_root.trim_end_matches('/');
+    for p in preopens {
+        if p.guest == "/" {
+            p.guest = root.to_string();
+        } else {
+            let guest = p.guest.trim_start_matches('/');
+            p.guest = format!("{}/{}", root, guest);
+        }
+    }
+}
+
+// ── Wasmtime host impl ────────────────────────────────────────────────────
 
 /// `HasData` marker for our policy-aware filesystem view.
 pub struct PolicyFilesystem;
@@ -410,3 +490,67 @@ impl HostDirectoryEntryStream for PolicyFilesystemCtxView<'_> {
         HostDirectoryEntryStream::drop(&mut self.inner(), stream)
     }
 }
+
+#[cfg(test)]
+mod preopen_tests {
+    use super::*;
+
+    #[test]
+    fn deny_mode_yields_no_preopens() {
+        let cfg = FsConfig::deny();
+        assert!(derive_preopens(&cfg).is_empty());
+    }
+
+    #[test]
+    #[cfg(unix)]
+    fn unix_open_and_allowlist_yield_root() {
+        for mode in [PolicyMode::Open, PolicyMode::Allowlist] {
+            let cfg = FsConfig {
+                mode,
+                ..Default::default()
+            };
+            let preopens = derive_preopens(&cfg);
+            assert_eq!(preopens.len(), 1);
+            assert_eq!(preopens[0].guest, "/");
+            assert_eq!(preopens[0].host, PathBuf::from("/"));
+        }
+    }
+
+    #[test]
+    fn apply_mount_root_is_a_noop_for_root() {
+        let mut preopens = vec![Preopen {
+            guest: "/".to_string(),
+            host: PathBuf::from("/host"),
+        }];
+        apply_mount_root(&mut preopens, "/");
+        assert_eq!(preopens[0].guest, "/");
+    }
+
+    #[test]
+    fn apply_mount_root_rewrites_virtual_root() {
+        let mut preopens = vec![Preopen {
+            guest: "/".to_string(),
+            host: PathBuf::from("/host"),
+        }];
+        apply_mount_root(&mut preopens, "/data");
+        assert_eq!(preopens[0].guest, "/data");
+        assert_eq!(preopens[0].host, PathBuf::from("/host"));
+    }
+
+    #[test]
+    fn apply_mount_root_prefixes_drive_letters() {
+        let mut preopens = vec![
+            Preopen {
+                guest: "/c".to_string(),
+                host: PathBuf::from("C:\\"),
+            },
+            Preopen {
+                guest: "/d".to_string(),
+                host: PathBuf::from("D:\\"),
+            },
+        ];
+        apply_mount_root(&mut preopens, "/host");
+        assert_eq!(preopens[0].guest, "/host/c");
+        assert_eq!(preopens[1].guest, "/host/d");
+    }
+}