test(e2e): safety hardening suite + CI matrix + invariant fixups

Adds four end-to-end integration test files exercising the safety
primitives through the binary, plus shared `tests/common/mod.rs`
helpers, plus two existing-test contract updates.

**Suites added (20 new tests):**

- `e2e_safety_lock.rs` (6 tests, non-ignored). Test holds the same
  `.socket/apply.lock` the binary uses via `fs2` directly, then
  spawns `socket-patch apply` and asserts the second process exits
  with `error.code == "lock_held"`. Zero production-code hooks.

- `e2e_safety_yarn_pnp.rs` (5 tests, non-ignored). Yarn-berry PnP
  markers (`.pnp.cjs`, `.pnp.loader.mjs`) trigger
  `error.code == "yarn_pnp_unsupported"`. Negative control:
  plain npm layout does NOT trigger the refusal.

- `e2e_safety_cargo_build.rs` (5 tests, `#[ignore]` + `--features
  cargo`). Three synthetic-vendor tests:
    1. Baseline `cargo check --offline --frozen` succeeds.
    2. Negative control — mutating the source WITHOUT the sidecar
       fixup makes cargo refuse with "checksum changed". Proves
       cargo actually verifies, which is what makes the positive
       test meaningful.
    3. Sidecar fixup makes `cargo check` pass; `.cargo-checksum.json`
       is rewritten and the `package` field is preserved.
    4. JSON envelope contract: `.cargo-checksum.json` appears in
       `event.details.sidecarsUpdated`.
  Plus `traitobject_real_socket_patch_round_trip` — the cargo
  layer-2+3 combined test: `cargo fetch traitobject@0.0.1` from
  crates.io → `socket-patch get b15f2b7f-d5cb-43c9-b793-80f71682188f`
  from patches-api.socket.dev → assert `.cargo-checksum.json`
  rewritten + `cargo check` succeeds against the real, production
  Socket patch.

- `e2e_safety_pnpm.rs` (4 tests, `#[ignore]`). Two projects share a
  pnpm content store via `--config.package-import-method=hardlink`.
  `socket-patch get` in project A patches A; project B + store
  entry stay byte-identical. `pnpm install --frozen-lockfile` in B
  afterwards does not revert A. Exercises CoW against a real pnpm
  install rather than a hand-rolled hardlink.

**`tests/common/mod.rs`** — shared helpers (`binary`, `run`,
`assert_run_ok`, `git_sha256`, `sha256_hex`, `pnpm_run`, `cargo_run`,
`write_minimal_manifest`, `write_blob`, `parse_json_envelope`,
`envelope_error_code`, `envelope_error_message`) lifted from the
duplicated copies in `e2e_npm.rs` etc. Additive; existing suites
keep their inlined copies for now.

**CI matrix** in `.github/workflows/ci.yml`:
- `e2e_safety_cargo_build` on ubuntu + macos + windows
- `e2e_safety_pnpm` on ubuntu + macos + windows
  (pnpm-on-Windows uses junctions + copies by default, so the CoW
   invariant holds vacuously; the test still runs to verify apply
   doesn't error on Windows. Semantic Windows nlink coverage is a
   follow-up — `std::fs::Metadata` doesn't expose nlink on Windows
   without `GetFileInformationByHandle` via `windows-sys`.)
- New `Setup pnpm` step (`npm install -g pnpm@10`) gated on the
  pnpm suite. The fast non-ignored suites (`e2e_safety_lock`,
  `e2e_safety_yarn_pnp`) run via the standard `test` job on all
  three platforms.

**Existing-test contract updates** (these tests were pinning the
old, broken behavior; both still describe correct invariants —
their assertions just needed to track the rebased semantics):
- `tests/apply_invariants.rs`: `dir_hash` excludes `apply.lock`.
  The lock file is deliberate ephemeral session state, not patch
  content; the "apply is read-only against .socket/" invariant is
  about manifest + blobs + diffs + packages.
- `tests/in_process_edge_cases.rs`:
  `apply_blob_after_hash_mismatch_reports_failure` now asserts the
  atomic-write contract — the target file is byte-identical to its
  pre-call state on the hash-mismatch failure path, no half-written
  corruption.

Assisted-by: Claude Code:claude-opus-4-7

Author: mikolalysenko

.github/workflows/ci.yml

@@ -411,6 +411,30 @@ jobs:
             suite: e2e_scan
           - os: macos-latest
             suite: e2e_scan
+          # Safety-hardening e2e suites. The fast non-ignored ones
+          # (e2e_safety_lock, e2e_safety_yarn_pnp) run via the
+          # standard `test` job above on all three platforms, so no
+          # matrix entry is needed for them. The two below need real
+          # toolchains and are #[ignore]-gated.
+          - os: ubuntu-latest
+            suite: e2e_safety_cargo_build
+          - os: macos-latest
+            suite: e2e_safety_cargo_build
+          - os: windows-latest
+            suite: e2e_safety_cargo_build
+          - os: ubuntu-latest
+            suite: e2e_safety_pnpm
+          - os: macos-latest
+            suite: e2e_safety_pnpm
+          # pnpm-on-Windows uses junctions for symlinks and copies
+          # (not hardlinks) by default, so the CoW invariant holds
+          # vacuously. Test still runs to verify apply doesn't error
+          # on Windows — semantic Windows nlink coverage is a
+          # follow-up (`std::fs::Metadata` doesn't expose nlink on
+          # Windows; needs `GetFileInformationByHandle` via
+          # `windows-sys`).
+          - os: windows-latest
+            suite: e2e_safety_pnpm
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout
@@ -436,11 +460,20 @@ jobs:
           restore-keys: ${{ matrix.os }}-cargo-e2e-
 
       - name: Setup Node.js
-        if: matrix.suite == 'e2e_npm' || matrix.suite == 'e2e_scan'
+        if: matrix.suite == 'e2e_npm' || matrix.suite == 'e2e_scan' || matrix.suite == 'e2e_safety_pnpm'
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version: '20.20.2'
 
+      - name: Setup pnpm
+        if: matrix.suite == 'e2e_safety_pnpm'
+        # Pin the major version so the store layout the test
+        # asserts on stays stable. `npm install -g` is the simplest
+        # cross-platform install path (works on ubuntu, macos,
+        # windows-runners — they all ship a usable npm via
+        # actions/setup-node).
+        run: npm install -g pnpm@10
+
       - name: Setup Python
         if: matrix.suite == 'e2e_pypi'
         uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5

crates/socket-patch-cli/tests/apply_invariants.rs

@@ -75,9 +75,18 @@ fn write_project(root: &Path) {
 /// Recursive, stable hash of every regular file under `dir`. Combines
 /// each file's relative path and bytes into a single SHA-256 so any
 /// change — adding, removing, or rewriting a file — flips the digest.
+///
+/// Excludes `apply.lock` (advisory lock file created by `apply` /
+/// `rollback` / `repair` / `remove`). That file is deliberate
+/// ephemeral session state — not patch content — and persists by
+/// design so subsequent runs can re-flock the same inode without a
+/// create race. The "apply is read-only against .socket/" invariant
+/// is about the patch payload (manifest, blobs, diffs, packages),
+/// not session metadata.
 fn dir_hash(dir: &Path) -> String {
     let mut files: Vec<(PathBuf, Vec<u8>)> = Vec::new();
     collect_files(dir, dir, &mut files);
+    files.retain(|(rel, _)| rel.file_name().and_then(|n| n.to_str()) != Some("apply.lock"));
     files.sort_by(|a, b| a.0.cmp(&b.0));
     let mut hasher = Sha256::new();
     for (rel, bytes) in files {

crates/socket-patch-cli/tests/common/mod.rs

@@ -0,0 +1,263 @@
+//! Helpers shared across the e2e-safety test suites.
+//!
+//! The original e2e files (`e2e_npm.rs`, `e2e_pypi.rs`, `e2e_gem.rs`)
+//! each carry their own copy of the same `binary` / `run` /
+//! `assert_run_ok` / `git_sha256` helpers. Rather than refactor those
+//! files in this PR, this module is an additive landing place for the
+//! same surface plus the new helpers the safety suites need
+//! (synthetic manifest writers, pnpm runners, cargo runners). Existing
+//! suites can migrate in a follow-up.
+//!
+//! Each test file pulls this in with `#[path = "common/mod.rs"] mod common;`.
+//!
+//! `#![allow(dead_code)]` because each test file uses a different
+//! subset of these helpers; the unused ones would otherwise produce
+//! warnings under `-D warnings`.
+
+#![allow(dead_code)]
+
+use std::collections::HashMap;
+use std::path::{Path, PathBuf};
+use std::process::{Command, Output};
+
+use sha2::{Digest, Sha256};
+
+// ── Binary discovery + invocation ─────────────────────────────────────
+
+/// Absolute path to the built `socket-patch` binary that cargo
+/// provides via the `CARGO_BIN_EXE_*` env var. Available because
+/// these tests live in the same crate that produces the binary.
+pub fn binary() -> PathBuf {
+    env!("CARGO_BIN_EXE_socket-patch").into()
+}
+
+/// Quick check whether `cmd` is on PATH. Used to soft-skip
+/// toolchain-dependent tests when the toolchain isn't installed
+/// (CI gates the toolchain at the workflow level; this is a
+/// belt-and-braces guard for local runs).
+pub fn has_command(cmd: &str) -> bool {
+    Command::new(cmd)
+        .arg("--version")
+        .stdout(std::process::Stdio::null())
+        .stderr(std::process::Stdio::null())
+        .status()
+        .is_ok()
+}
+
+/// Run the CLI binary with `args`, working dir `cwd`. Returns
+/// `(exit_code, stdout, stderr)`. Strips `SOCKET_API_TOKEN` from the
+/// environment so apply paths default to the public proxy and tests
+/// don't accidentally exercise authed endpoints.
+pub fn run(cwd: &Path, args: &[&str]) -> (i32, String, String) {
+    let out: Output = Command::new(binary())
+        .args(args)
+        .current_dir(cwd)
+        .env_remove("SOCKET_API_TOKEN")
+        .output()
+        .expect("failed to execute socket-patch binary");
+    let code = out.status.code().unwrap_or(-1);
+    let stdout = String::from_utf8_lossy(&out.stdout).to_string();
+    let stderr = String::from_utf8_lossy(&out.stderr).to_string();
+    (code, stdout, stderr)
+}
+
+/// `run` + assertion that exit code is 0. Returns `(stdout, stderr)`
+/// on success; panics with a context message + both streams on
+/// failure (so test logs show exactly what the binary printed).
+pub fn assert_run_ok(cwd: &Path, args: &[&str], context: &str) -> (String, String) {
+    let (code, stdout, stderr) = run(cwd, args);
+    assert_eq!(
+        code, 0,
+        "{context} failed (exit {code}).\nstdout:\n{stdout}\nstderr:\n{stderr}"
+    );
+    (stdout, stderr)
+}
+
+// ── Hashing ───────────────────────────────────────────────────────────
+
+/// Compute Git-flavored SHA-256: `SHA256("blob <len>\0" ++ content)`.
+/// This is the hash socket-patch records in manifests under
+/// `before_hash` / `after_hash`.
+pub fn git_sha256(content: &[u8]) -> String {
+    let header = format!("blob {}\0", content.len());
+    let mut hasher = Sha256::new();
+    hasher.update(header.as_bytes());
+    hasher.update(content);
+    hex::encode(hasher.finalize())
+}
+
+/// Git-SHA-256 of the file at `path`. Panics if the file can't be
+/// read — tests use this on paths they know exist.
+pub fn git_sha256_file(path: &Path) -> String {
+    let content =
+        std::fs::read(path).unwrap_or_else(|e| panic!("read {}: {e}", path.display()));
+    git_sha256(&content)
+}
+
+/// Raw lowercase-hex SHA-256 (no Git blob framing). Used by the
+/// Cargo sidecar which embeds plain digests in
+/// `.cargo-checksum.json`.
+pub fn sha256_hex(content: &[u8]) -> String {
+    let mut hasher = Sha256::new();
+    hasher.update(content);
+    format!("{:x}", hasher.finalize())
+}
+
+// ── Toolchain runners ─────────────────────────────────────────────────
+
+/// Run `npm` in `cwd`, panic on non-zero exit with full output.
+pub fn npm_run(cwd: &Path, args: &[&str]) {
+    run_toolchain(cwd, "npm", args, &[]);
+}
+
+/// Run `pnpm` in `cwd`. Same shape as `npm_run`; `extra_env` lets
+/// the caller force store-dir overrides etc.
+pub fn pnpm_run(cwd: &Path, args: &[&str], extra_env: &[(&str, &str)]) {
+    run_toolchain(cwd, "pnpm", args, extra_env);
+}
+
+/// Run `cargo` in `cwd`. Returns the raw Output so callers can
+/// inspect stdout/stderr/exit on either pass or fail — the cargo
+/// e2e test wants both passing and failing cases (negative control).
+pub fn cargo_run(cwd: &Path, args: &[&str], extra_env: &[(&str, &str)]) -> Output {
+    let mut cmd = Command::new("cargo");
+    cmd.args(args).current_dir(cwd);
+    for (k, v) in extra_env {
+        cmd.env(k, v);
+    }
+    cmd.output().expect("failed to run cargo")
+}
+
+fn run_toolchain(cwd: &Path, exe: &str, args: &[&str], extra_env: &[(&str, &str)]) {
+    let mut cmd = Command::new(exe);
+    cmd.args(args).current_dir(cwd);
+    for (k, v) in extra_env {
+        cmd.env(k, v);
+    }
+    let out = cmd
+        .output()
+        .unwrap_or_else(|e| panic!("failed to run {exe}: {e}"));
+    assert!(
+        out.status.success(),
+        "{exe} {args:?} failed (exit {:?}).\nstdout:\n{}\nstderr:\n{}",
+        out.status.code(),
+        String::from_utf8_lossy(&out.stdout),
+        String::from_utf8_lossy(&out.stderr),
+    );
+}
+
+// ── Project scaffolding ───────────────────────────────────────────────
+
+/// Write a minimal package.json. Avoids `npm init -y` which rejects
+/// temp dir names that start with `.` or contain invalid chars.
+pub fn write_package_json(cwd: &Path) {
+    std::fs::write(
+        cwd.join("package.json"),
+        r#"{"name":"e2e-test","version":"0.0.0","private":true}"#,
+    )
+    .expect("write package.json");
+}
+
+// ── Synthetic manifest + blob construction ────────────────────────────
+
+/// Describe a single patched-file row in a synthetic manifest.
+pub struct PatchEntry<'a> {
+    /// File path as recorded by the manifest (may include the
+    /// `package/` prefix used by the API; apply strips it before
+    /// resolving against pkg_path).
+    pub file_name: &'a str,
+    pub before_hash: &'a str,
+    pub after_hash: &'a str,
+}
+
+/// Write a minimal `.socket/manifest.json` at `socket_dir/manifest.json`
+/// describing one patch for `purl` with the given `uuid` and `files`.
+///
+/// Returns the path to the manifest file.
+///
+/// Does NOT write the `after_hash` blobs — that's `write_blob`'s
+/// job, and the test gets to decide which blobs to omit (e.g. to
+/// force an offline-apply failure).
+pub fn write_minimal_manifest(
+    socket_dir: &Path,
+    purl: &str,
+    uuid: &str,
+    files: &[PatchEntry<'_>],
+) -> PathBuf {
+    std::fs::create_dir_all(socket_dir).expect("create .socket dir");
+    let mut files_map = serde_json::Map::new();
+    for f in files {
+        files_map.insert(
+            f.file_name.to_string(),
+            serde_json::json!({
+                "beforeHash": f.before_hash,
+                "afterHash": f.after_hash,
+            }),
+        );
+    }
+    let manifest = serde_json::json!({
+        "patches": {
+            purl: {
+                "uuid": uuid,
+                "exportedAt": "2026-01-01T00:00:00Z",
+                "files": files_map,
+                "vulnerabilities": {},
+                "description": "synthetic test patch",
+                "license": "MIT",
+                "tier": "free",
+            }
+        }
+    });
+    let path = socket_dir.join("manifest.json");
+    std::fs::write(&path, serde_json::to_string_pretty(&manifest).unwrap())
+        .expect("write manifest.json");
+    path
+}
+
+/// Drop `content` at `<socket_dir>/blobs/<hash>`. Used to stage the
+/// `after_hash` blob a synthetic manifest references so apply can
+/// run fully offline.
+pub fn write_blob(socket_dir: &Path, hash: &str, content: &[u8]) {
+    let blobs = socket_dir.join("blobs");
+    std::fs::create_dir_all(&blobs).expect("create .socket/blobs");
+    std::fs::write(blobs.join(hash), content).expect("write blob");
+}
+
+/// Parse `--json` apply output, returning the top-level JSON object
+/// or panicking with the raw text on parse failure. Most safety tests
+/// want to assert on specific fields (`errorCode`, `status`, etc.).
+pub fn parse_json_envelope(stdout: &str) -> serde_json::Value {
+    serde_json::from_str(stdout)
+        .unwrap_or_else(|e| panic!("failed to parse JSON envelope: {e}\nstdout:\n{stdout}"))
+}
+
+/// Extract a stringified field from a parsed JSON envelope, or None
+/// if the field is missing / not a string. Convenience for the
+/// `status` checks the safety tests do repeatedly.
+pub fn json_string<'a>(env: &'a serde_json::Value, key: &str) -> Option<&'a str> {
+    env.get(key).and_then(|v| v.as_str())
+}
+
+/// Extract `env.error.code` from a parsed envelope. The v3.0
+/// envelope shape nests the error under a top-level `error` object
+/// (`{"error": {"code": "lock_held", "message": "..."}}`), not at
+/// the top level. This helper centralises that lookup so individual
+/// tests can stay terse.
+pub fn envelope_error_code(env: &serde_json::Value) -> Option<&str> {
+    env.get("error")?.get("code")?.as_str()
+}
+
+/// Extract `env.error.message` from a parsed envelope. Companion to
+/// [`envelope_error_code`].
+pub fn envelope_error_message(env: &serde_json::Value) -> Option<&str> {
+    env.get("error")?.get("message")?.as_str()
+}
+
+/// Map a slice of `(env-var-name, env-var-value)` tuples into a
+/// HashMap for callers that want a stable container.
+pub fn env_map(pairs: &[(&str, &str)]) -> HashMap<String, String> {
+    pairs
+        .iter()
+        .map(|(k, v)| ((*k).to_string(), (*v).to_string()))
+        .collect()
+}