test(cli): integration harness + basic flow tests

Uses assert_cmd + tempfile to spin up a fresh vault per test. Covers init layout, add/list/get mask semantics, rm/restore/purge cycle, and generate smoke. Adds RELICARIO_TEST_PASSPHRASE env-var hatch in unlock_interactive and cmd_init so tests don't need a TTY. Also fixes read_params in session.rs to correctly parse the nested params.json format (kdf sub-object) rather than trying to deserialize the whole file as KdfParams. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-20 18:32:45 -04:00
parent 494eedbbb8
commit b263c27da9
6 changed files with 741 additions and 42 deletions
--- a/crates/relicario-cli/src/session.rs
+++ b/crates/relicario-cli/src/session.rs
@@ -39,10 +39,14 @@ impl UnlockedVault {
            .with_context(|| format!("failed to read reference image {}", image_path.display()))?;
        let image_secret = Zeroizing::new(imgsecret::extract(&image_bytes)?);

-        let passphrase = Zeroizing::new(
-            rpassword::prompt_password("Passphrase: ")
-                .context("failed to read passphrase")?
-        );
+        let passphrase = if let Ok(p) = std::env::var("RELICARIO_TEST_PASSPHRASE") {
+            Zeroizing::new(p)
+        } else {
+            Zeroizing::new(
+                rpassword::prompt_password("Passphrase: ")
+                    .context("failed to read passphrase")?
+            )
+        };

        let master_key = derive_master_key(
            passphrase.as_bytes(),
@@ -104,10 +108,16 @@ fn read_salt(root: &Path) -> Result<[u8; 32]> {
 }

 fn read_params(root: &Path) -> Result<KdfParams> {
+    // params.json layout: { "format_version": 2, "kdf": { "argon2_m": ..., ... }, ... }
+    // We extract only the "kdf" sub-object and deserialize it as KdfParams.
+    #[derive(serde::Deserialize)]
+    struct ParamsFile {
+        kdf: KdfParams,
+    }
    let s = fs::read_to_string(root.join(".relicario").join("params.json"))
        .context("failed to read .relicario/params.json")?;
-    let params: KdfParams = serde_json::from_str(&s).context("failed to parse params.json")?;
-    Ok(params)
+    let pf: ParamsFile = serde_json::from_str(&s).context("failed to parse params.json")?;
+    Ok(pf.kdf)
 }

 /// Locate the reference image path via `RELICARIO_IMAGE` env var or interactive prompt.