Skip to content

feat(anolisa): add scoped status view#1414

Merged
kongche-jbw merged 1 commit into
alibaba:mainfrom
ikunkun-sys:scoped-status-view
Jul 9, 2026
Merged

feat(anolisa): add scoped status view#1414
kongche-jbw merged 1 commit into
alibaba:mainfrom
ikunkun-sys:scoped-status-view

Conversation

@ikunkun-sys

@ikunkun-sys ikunkun-sys commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Description

Expose scoped installed-state records in anolisa status so a user-mode
invocation can report components installed in the current user's state and
readable system-scope state without merging their physical write targets.

Status now loads through StateView with UserPlusSystem visibility. Each
visible root keeps its own FsLayout, so health and integrity probes evaluate
system records against system paths and user records against user paths.

Manifest catalogs are also loaded per visible root. System-scope records use
the system root catalog and overlays, while concrete system-root catalog loads
ignore user-controlled ANOLISA_DATA_DIR and executable-sibling discovery.

Status JSON and human output now include scope metadata for each record:

  • scope
  • active
  • mutable_by_current_invocation
  • shadowed_by
  • state_path

This preserves mutation semantics: status only reports visibility. Receipts and
other writes still belong to the current install mode's physical state. Doctor
keeps using current-scope metadata and remains a follow-up PR for full scoped
view adoption.

Related Issue

N/A

Ship Note

anolisa status --install-mode user can now surface readable system-scope
install records alongside user-scope records. Output marks which record is
active, whether it is mutable by the current invocation, whether it is shadowed,
and which installed.toml file owns it.

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update
  • Refactoring
  • Performance improvement
  • CI/CD or build changes

Scope

  • anolisa (anolisa-cli)
  • anolisa-core

Testing

  • cargo fmt --all -- --check
  • cargo check
  • cargo test -p anolisa-cli (429 tests)
  • cargo clippy --workspace --all-targets --locked -- -D warnings
  • cargo doc --no-deps
  • cargo build -p anolisa-cli
  • LSP diagnostics on changed Rust files
  • git diff --check on the scoped status changes
  • Local CLI QA with temporary user and system state:
    • user-mode JSON status for a shadowed component reports both records
    • human status includes scope, active, mutability, shadowing, and state path
    • conflicting user/system manifests use the system-root catalog for system
      records
    • malicious ANOLISA_DATA_DIR does not influence system-scope catalog
      selection
  • Remote real-environment QA on Alinux 4:
    • root/system all-record status
    • unprivileged user/user all-record status
    • named system record visible from user mode
    • user-over-system shadowing
    • missing component behavior

@kongche-jbw kongche-jbw left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

发现一个 scoped catalog 问题,见行内评论。

Comment thread src/anolisa/crates/anolisa-cli/src/commands/tier1/status.rs Outdated
Expose scoped status through StateView so user mode can report the
current user's records and readable system-scope records without merging
their physical write targets.

Each visible root keeps its own FsLayout and manifest catalog. Status
uses the record's root when running integrity and manifest health probes,
so system records are checked against system paths and system overlays.

Keep mutation semantics unchanged. Status only reports visibility; state
writes and receipts still belong to the current install mode's physical
state. Doctor remains a follow-up for full scoped view adoption.

Concrete system-root catalog loads ignore ANOLISA_DATA_DIR and
exe-sibling discovery, so user-mode status cannot let user-controlled
catalogs influence system-scope health results.

Tests cover user-visible system records, shadowing, system-only
projection, scope metadata, root-specific catalog selection,
system-catalog env override protection, and RPM drift adjudication.

Assisted-by: Codex:0.143.0
Signed-off-by: 爱鲲 <jiawa.syx@alibaba-inc.com>
@ikunkun-sys ikunkun-sys force-pushed the scoped-status-view branch from 7ff8fc4 to 527cd88 Compare July 9, 2026 07:45

@kongche-jbw kongche-jbw left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@kongche-jbw kongche-jbw merged commit 00771ca into alibaba:main Jul 9, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants