CasperSecurity
<?php
/*
* This file is part of Psy Shell.
*
* (c) 2012-2026 Justin Hileman
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Psy;
use Symfony\Component\Console\Helper\QuestionHelper;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Question\ConfirmationQuestion;
/**
* Handles project trust decisions, persistence, and interactive prompting.
*/
class ProjectTrust
{
private string $mode = Configuration::PROJECT_TRUST_PROMPT;
private bool $forceTrust = false;
private bool $forceUntrust = false;
private bool $warnedUntrustedAutoload = false;
/** @var string[] Project roots trusted for this session only (when persistence fails) */
private array $sessionTrustedRoots = [];
private ConfigPaths $configPaths;
public function __construct(ConfigPaths $configPaths)
{
$this->configPaths = $configPaths;
}
/**
* Get the current trust mode.
*/
public function getMode(): string
{
return $this->mode;
}
/**
* Set the trust mode.
*
* Accepts one of: 'prompt', 'always', 'never'.
*/
public function setMode(string $mode): void
{
$this->mode = $mode;
}
/**
* Set trust mode from environment variable.
*
* Accepts: true, 1, false, 0
*
* @throws \InvalidArgumentException for invalid values
*/
public function setModeFromEnv(string $value): void
{
switch (\strtolower(\trim($value))) {
case 'true':
case '1':
$this->mode = Configuration::PROJECT_TRUST_ALWAYS;
break;
case 'false':
case '0':
$this->mode = Configuration::PROJECT_TRUST_NEVER;
break;
default:
throw new \InvalidArgumentException('Invalid PSYSH_TRUST_PROJECT value. Expected: true, 1, false, or 0');
}
}
/**
* Set force trust for this run.
*/
public function setForceTrust(bool $force = true): void
{
$this->forceTrust = $force;
if ($force) {
$this->forceUntrust = false;
}
}
/**
* Get force trust status.
*/
public function getForceTrust(): bool
{
return $this->forceTrust;
}
/**
* Set force untrust for this run.
*/
public function setForceUntrust(bool $force = true): void
{
$this->forceUntrust = $force;
if ($force) {
$this->forceTrust = false;
}
}
/**
* Get force untrust status.
*/
public function getForceUntrust(): bool
{
return $this->forceUntrust;
}
/**
* Check project trust status.
*
* @return bool|null true if trusted, false if untrusted, null if should prompt
*/
public function getProjectTrustStatus(string $projectRoot): ?bool
{
if ($this->forceUntrust || $this->mode === Configuration::PROJECT_TRUST_NEVER) {
return false;
}
if ($this->forceTrust || $this->mode === Configuration::PROJECT_TRUST_ALWAYS || $this->isProjectTrusted($projectRoot)) {
return true;
}
return null;
}
/**
* Check if a project root is trusted (via stored trust or session trust).
*/
public function isProjectTrusted(string $root): bool
{
if ($this->forceUntrust) {
return false;
}
if ($this->forceTrust) {
return true;
}
if ($this->mode === Configuration::PROJECT_TRUST_ALWAYS) {
return true;
}
if ($this->mode === Configuration::PROJECT_TRUST_NEVER) {
return false;
}
$root = $this->normalizeProjectRoot($root);
$trustedRoots = $this->getTrustedProjectRoots();
if (\in_array($root, $trustedRoots, true)) {
return true;
}
return \in_array($root, $this->sessionTrustedRoots, true);
}
/**
* Trust a project root, persisting if possible.
*
* Falls back to session-only trust with a warning if persistence fails.
*/
public function trustProjectRoot(string $root, ?OutputInterface $output = null): bool
{
$root = $this->normalizeProjectRoot($root);
$trustedRoots = $this->getTrustedProjectRoots();
if (!\in_array($root, $trustedRoots, true)) {
$trustedRoots[] = $root;
}
if (!$this->saveTrustedProjectRoots($trustedRoots)) {
if ($output !== null) {
$this->warnTrustPersistenceFailed($root, $output);
}
$this->sessionTrustedRoots[] = $root;
return true;
}
return true;
}
/**
* Display a trust persistence failure warning.
*/
public function warnTrustPersistenceFailed(string $root, OutputInterface $output): void
{
if ($output instanceof \Symfony\Component\Console\Output\ConsoleOutput) {
$output = $output->getErrorOutput();
}
$prettyDir = ConfigPaths::prettyPath($root);
$output->writeln(
"<comment>Warning: Unable to save trust settings. Trusting {$prettyDir} for this session only.</comment>"
);
}
/**
* Display a warning about untrusted autoload warming.
*/
public function warnUntrustedAutoloadWarming(string $projectRoot, OutputInterface $output): void
{
if ($this->warnedUntrustedAutoload) {
return;
}
$this->warnedUntrustedAutoload = true;
if ($output instanceof \Symfony\Component\Console\Output\ConsoleOutput) {
$output = $output->getErrorOutput();
}
$prettyDir = ConfigPaths::prettyPath($projectRoot);
$output->writeln(
"<comment>Skipping project autoload (vendor/autoload.php) in untrusted project {$prettyDir}. Use --trust-project to allow.</comment>"
);
}
/**
* Display the interactive trust prompt and trust the project on approval.
*
* @param string[] $features Features that need trust
*
* @return bool true if user approved
*/
public function promptForTrust(InputInterface $input, OutputInterface $output, string $root, array $features): bool
{
$helper = new QuestionHelper();
$prettyDir = ConfigPaths::prettyPath($root);
$output->writeln('');
$output->writeln("<comment>Unrecognized project {$prettyDir}</comment>");
$output->writeln('');
$output->writeln('Untrusted projects run in Restricted Mode to protect your system.');
$output->writeln('');
$output->writeln('Trusting this project would enable:');
foreach ($features as $feature) {
$output->writeln(" - {$feature}");
}
$output->writeln('');
$question = new ConfirmationQuestion('Trust and continue? (y/N) ', false);
if ($helper->ask($input, $output, $question)) {
$this->trustProjectRoot($root, $output);
return true;
}
return false;
}
/**
* Normalize a project root path.
*/
public function normalizeProjectRoot(string $root): string
{
$realRoot = \realpath($root);
if ($realRoot !== false) {
$root = $realRoot;
}
return \str_replace('\\', '/', $root);
}
/**
* Get the project root for trust decisions (walks up to find composer.json).
*/
public function getProjectRoot(): ?string
{
$root = $this->configPaths->projectRoot();
if ($root === null) {
return null;
}
return $this->normalizeProjectRoot($root);
}
/**
* Get the local config root (cwd only, no ancestor walking).
*/
public function getLocalConfigRoot(): ?string
{
$root = $this->configPaths->localConfigRoot();
if ($root === null) {
return null;
}
return $this->normalizeProjectRoot($root);
}
/**
* Check if a project has Composer autoload files.
*
* Walks up the directory tree from the project root looking for
* vendor/autoload.php or vendor/composer/autoload_psr4.php.
*/
public function hasComposerAutoloadFiles(string $projectRoot): bool
{
$dir = $projectRoot;
$parent = \dirname($dir);
while ($dir !== $parent) {
if (@\is_file($dir.'/vendor/autoload.php') || @\is_file($dir.'/vendor/composer/autoload_psr4.php')) {
return true;
}
$dir = $parent;
$parent = \dirname($dir);
}
return false;
}
/**
* Check if the project has a local PsySH installation.
*
* Looks for psy/psysh in composer.json name or composer.lock packages,
* and falls back to the PSYSH_UNTRUSTED_PROJECT env var.
*/
public function getLocalPsyshProjectRoot(string $projectRoot): ?string
{
$composerJson = $projectRoot.'/composer.json';
if (@\is_file($composerJson)) {
$cfg = \json_decode(@\file_get_contents($composerJson), true);
if (\is_array($cfg) && isset($cfg['name']) && $cfg['name'] === 'psy/psysh') {
if (@\is_file($projectRoot.'/vendor/autoload.php')) {
return $this->normalizeProjectRoot($projectRoot);
}
}
}
$composerLock = $projectRoot.'/composer.lock';
if (@\is_file($composerLock)) {
$cfg = \json_decode(@\file_get_contents($composerLock), true);
if (\is_array($cfg)) {
$packages = \array_merge($cfg['packages'] ?? [], $cfg['packages-dev'] ?? []);
foreach ($packages as $pkg) {
if (isset($pkg['name']) && $pkg['name'] === 'psy/psysh') {
if (@\is_file($projectRoot.'/vendor/autoload.php')) {
return $this->normalizeProjectRoot($projectRoot);
}
return null;
}
}
}
}
if (isset($_SERVER['PSYSH_UNTRUSTED_PROJECT']) && $_SERVER['PSYSH_UNTRUSTED_PROJECT']) {
return $this->normalizeProjectRoot($_SERVER['PSYSH_UNTRUSTED_PROJECT']);
}
return null;
}
/**
* Get trusted project roots from the trust file.
*
* @return string[]
*/
public function getTrustedProjectRoots(): array
{
$trustFile = $this->getProjectTrustFilePath();
if ($trustFile === null || !@\is_file($trustFile)) {
return [];
}
$contents = @\file_get_contents($trustFile);
if ($contents === false || $contents === '') {
return [];
}
$data = \json_decode($contents, true);
if (!\is_array($data)) {
return [];
}
$roots = [];
foreach ($data as $dir) {
if (\is_string($dir) && $dir !== '') {
$roots[] = $dir;
}
}
return \array_values(\array_unique($roots));
}
/**
* Save trusted project roots to the trust file.
*
* @param string[] $roots
*/
public function saveTrustedProjectRoots(array $roots): bool
{
$trustFile = $this->getProjectTrustFileForWrite();
if ($trustFile === false) {
return false;
}
$roots = \array_values(\array_unique(\array_filter($roots, 'is_string')));
$json = \json_encode($roots, \JSON_PRETTY_PRINT | \JSON_UNESCAPED_SLASHES);
if ($json === false) {
return false;
}
return \file_put_contents($trustFile, $json.\PHP_EOL) !== false;
}
/**
* Get the path to the trusted projects file.
*/
public function getProjectTrustFilePath(): ?string
{
$configDir = $this->configPaths->currentConfigDir();
if ($configDir === null) {
return null;
}
return $configDir.'/trusted_projects.json';
}
/**
* Get a writable path to the trusted projects file, creating dirs if needed.
*
* @return string|false
*/
private function getProjectTrustFileForWrite()
{
$trustFile = $this->getProjectTrustFilePath();
if ($trustFile === null) {
return false;
}
return ConfigPaths::touchFileWithMkdir($trustFile);
}
}