From c41479dc9ba7069dc5090698e18e885da72bbfba Mon Sep 17 00:00:00 2001
From: Christopher Hiller <boneskull@boneskull.com>
Date: Thu, 7 Mar 2024 14:04:18 -0800
Subject: [PATCH] feat(endomoat): support native modules in policy generation
 [ci skip]

---
 packages/endomoat/src/constants.js            |   4 +++
 .../policy-gen/policy-generator-context.js    |  30 ++++++++++++------
 .../endomoat/test/fixture/json/native.json    |   8 +++++
 .../test/policy-gen/generate-policy.spec.js   |   2 ++
 .../snapshots/generate-policy.spec.js.md      |  15 +++++++++
 .../snapshots/generate-policy.spec.js.snap    | Bin 595 -> 675 bytes
 6 files changed, 50 insertions(+), 9 deletions(-)
 create mode 100644 packages/endomoat/test/fixture/json/native.json

diff --git a/packages/endomoat/src/constants.js b/packages/endomoat/src/constants.js
index 22bf598152..9f09dca017 100644
--- a/packages/endomoat/src/constants.js
+++ b/packages/endomoat/src/constants.js
@@ -29,3 +29,7 @@ export const RSRC_POLICY_GLOBALS = 'globals'
 
 export const LMR_TYPE_BUILTIN = 'builtin'
 export const LMR_TYPE_SOURCE = 'js'
+
+export const LMR_TYPE_NATIVE = 'native'
+
+export const ENDO_PARSER_BYTES = 'bytes'
diff --git a/packages/endomoat/src/policy-gen/policy-generator-context.js b/packages/endomoat/src/policy-gen/policy-generator-context.js
index 4f4f130413..ca2df46864 100644
--- a/packages/endomoat/src/policy-gen/policy-generator-context.js
+++ b/packages/endomoat/src/policy-gen/policy-generator-context.js
@@ -8,8 +8,10 @@ import { isBuiltin as nodeIsBuiltin } from 'node:module'
 import { fileURLToPath } from 'node:url'
 import path from 'path'
 import {
+  ENDO_PARSER_BYTES,
   LAVAMOAT_PKG_POLICY_ROOT,
   LMR_TYPE_BUILTIN,
+  LMR_TYPE_NATIVE,
   LMR_TYPE_SOURCE,
 } from '../constants.js'
 import { defaultReadPower } from '../power.js'
@@ -271,7 +273,10 @@ export class PolicyGeneratorContext {
    * @returns {Promise<import('lavamoat-core').LavamoatModuleRecord[]>}
    * @internal
    */
-  async buildModuleRecordsForSource(specifier, { record, sourceLocation }) {
+  async buildModuleRecordsForSource(
+    specifier,
+    { parser, record, sourceLocation }
+  ) {
     if (!sourceLocation) {
       // XXX: why would we not have a sourceLocation?
       throw new TypeError(
@@ -299,17 +304,24 @@ export class PolicyGeneratorContext {
      * The `ModuleSource.content` prop is already pre-processed by Endo, and we
      * do not want that, since it befouls our AST crawling.
      *
+     * This will not be run if the `parser` is `bytes`.
+     *
      * @remarks
      * Doing this first since it may be more likely to fail than the other
-     * operations below
-     * @type {NonNullable<
-     *   import('lavamoat-core').LavamoatModuleRecord['content']
-     * >}
+     * operations below.
+     * @type {string | undefined}
      * @todo Modify Endo to surface the original source
+     *
+     * @todo Add more exceptions to the parsers?
      */
-    const content = await this.readPower(sourceLocation).then((buffer) =>
-      PolicyGeneratorContext.#decoder.decode(buffer)
-    )
+    let content
+
+    await Promise.resolve()
+    if (parser !== ENDO_PARSER_BYTES) {
+      content = await this.readPower(sourceLocation).then((buffer) =>
+        PolicyGeneratorContext.#decoder.decode(buffer)
+      )
+    }
 
     /**
      * The {@link LavamoatModuleRecord.file} prop
@@ -338,7 +350,7 @@ export class PolicyGeneratorContext {
         packageName: this.packageName,
         importMap,
         content,
-        type: LMR_TYPE_SOURCE,
+        type: parser === ENDO_PARSER_BYTES ? LMR_TYPE_NATIVE : LMR_TYPE_SOURCE,
       }),
     ]
 
diff --git a/packages/endomoat/test/fixture/json/native.json b/packages/endomoat/test/fixture/json/native.json
new file mode 100644
index 0000000000..6f0fcf1485
--- /dev/null
+++ b/packages/endomoat/test/fixture/json/native.json
@@ -0,0 +1,8 @@
+{
+  "/package.json": "{\n  \"name\": \"native\",\n  \"version\": \"1.0.0\",\n  \"type\": \"module\",\n  \"license\": \"ISC\",\n  \"private\": true,\n  \"main\": \"app.js\",\n  \"dependencies\": {\n    \"hello\": \"^1.0.0\"\n  }\n}\n",
+  "/index.js": "import addon from 'hello'\nexport const hello = addon.hello()\n",
+  "/node_modules/hello/package.json": "{\n  \"name\": \"hello\",\n  \"version\": \"0.0.0\",\n  \"description\": \"this code does not run\",\n  \"private\": true,\n  \"main\": \"index.js\",\n  \"parsers\": {\n    \"node\": \"bytes\"\n  }\n}\n",
+  "/node_modules/hello/index.js": "var addon = require('./hello')\n\nconsole.log(addon.hello()) // 'world'\n\nmodule.exports = addon\n",
+  "/node_modules/hello/hello.node": "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
+  "/node_modules/hello/README.md": "This fixture is an example of a package shipping a native module (`hello.node`). `hello.node` is not _actually_ a native module, but it has the right extension and is full of null bytes. Good enough.\n"
+}
diff --git a/packages/endomoat/test/policy-gen/generate-policy.spec.js b/packages/endomoat/test/policy-gen/generate-policy.spec.js
index c0346dce21..1dffa9223b 100644
--- a/packages/endomoat/test/policy-gen/generate-policy.spec.js
+++ b/packages/endomoat/test/policy-gen/generate-policy.spec.js
@@ -10,6 +10,8 @@ test(testPolicyForJSON, 'builtins.json')
 
 test(testPolicyForJSON, 'kitchen-sink.json')
 
+test(testPolicyForJSON, 'native.json')
+
 test('basic nested global access', testPolicyForModule, 'location.href', {
   resources: {
     test: {
diff --git a/packages/endomoat/test/policy-gen/snapshots/generate-policy.spec.js.md b/packages/endomoat/test/policy-gen/snapshots/generate-policy.spec.js.md
index 8d24cc2d57..6e1f3df57a 100644
--- a/packages/endomoat/test/policy-gen/snapshots/generate-policy.spec.js.md
+++ b/packages/endomoat/test/policy-gen/snapshots/generate-policy.spec.js.md
@@ -58,3 +58,18 @@ Generated by [AVA](https://avajs.dev).
         },
       },
     }
+
+## policy for fixture matches snapshot (native.json)
+
+> Snapshot 1
+
+    {
+      resources: {
+        hello: {
+          globals: {
+            'console.log': true,
+          },
+          native: true,
+        },
+      },
+    }
diff --git a/packages/endomoat/test/policy-gen/snapshots/generate-policy.spec.js.snap b/packages/endomoat/test/policy-gen/snapshots/generate-policy.spec.js.snap
index a3d79d56e773015cec311f665f3fe65cddd91813..38619d4e76b2122212d192340f19d5e3482b5af9 100644
GIT binary patch
literal 675
zcmV;U0$lw;RzV<BZeeh9Xm4~Nb~6eC08A1ORdwiR7JaphneP-<wNb*N3xBN71Xy3l
z75}ZiZXb&X00000000BEl(BEqKorKmcaD=3M4KuIF@~uyG!iOOr;3FPu#^ok6zSqz
z5+|-NvM*60Rh25(8Bhf*NM&T}#()?QV&p$S3@k9RG9lYZ>YVL3OS2???|0wby?md~
z+D%7VegFA;p={-d@y<Xxwl%4>rB`d)V>R?d?T{<0EBu=8@`2x#s&>0Mv>j!;e!b^Q
z_l`Yl_$Ozr7FYZ!J26l~@S!rXI)Hlss#M&h;(oIyEJZZ`S*cV&*FXeXC)x*aoeYq<
zNo$_)<<PT)ALta00lWb48o&o#k0tbsQ144jk9b)66E8KxQiU!`MKKbt3b$mt1niNv
zm9e;0nb;Eo4s^^+U?T#KbgYyyh|}1S$^&loc_)~|y#FcIFHQfDSo>GJ-Em}-JJFS{
zFrdP;LlhEc-Dbd!jujKw0Rt=@E2mv)165+$jKfE^k&09!q}~X=8i%%0!du3dEb02v
z5mRPn=-rhJ-M52^yY1U<Kg-lc=Q2(G7Qp$crv4VwGx%T-7XQYI#il1^Uxf9WF((*S
zFWlC+Pe6l!XZhwH6L73!NhiD^;GK>ooxs8~eN1)dI?>M@*WX~v`+MpAGO-o|dbz$Y
zzGT2D1I`)nodLfYU>dp6zGVPgI#x<x4-DXuj;-a!Wjz|vV^0o*rzY_jm>O#Gk?<~v
z#neTvNN)z#$XI4M+{;>Kwz%s~mIYH^o{P+)dv~Six?I^Kkri5ccnP6pBLGMFVU2WN
z#dOTBa2y#X@H2p~0DkB?Mn-1-AuThDbBu;DA9Y|%0=D#67IGbTb^11~JF+vC`wu|u
JnDQ(L003L)Jgoo#

literal 595
zcmV-Z0<8T(RzV<BZeeh9Xm4~Nb~6eC020}(`^W<?FFDYc?&5JBgN*+4A89{0_ZJ*c
zP?XKauOEvD00000000BElfQ4%KorNn@2<8}B+^tth%rpS&@4sjRI!kyOW6=Zk<QK~
zb>jLg-z7?<s!|bqrwUk*%E;D@fr){Ue}RDoM*ah2r$5|t5_iFi?eF{Cd(Y3`ch>VG
z6%6&8Ptt@Yl9SCuMPV>)^;FvGg%dMMW$QqgU|;H%jzyyPm1#ZpM`2{bShojS#ZSV^
zfIdF!c7+kI*fEEP?4la6Hh`x9n&hsNyXy~RV2G|B8;u6&E{H&NqFn&@h=ZJUT1}-^
zqco5@%d>I>;4Of606yFKSScUR^L;DiBausgijtp84Z4<GIhL`>OR_Bjw#h2RZ<eYN
zdr82ajX5Q3Ou(Uyc?$+{T4<@3h+ruC*&MFoUkh>X;)fK%zl!00q<j(0KIskv8q8{9
zrPS*N12%2UEn#~M2yCo2?~~ThBxcPxe`RZPk>(6(cd}dOAT&m%%XlwPu~w11U@i^4
zbt^*;!%T@cbQlj8nVR?ir>Q>xIKQo_zZddxktDhJw;;NHs?<>C`h$WKcreJz@@E8e
z2zXs>?g;@$Hdc1RdjdY%SlJ0I@9E22ch-r1R=EB?TOQw@AFmPXGGI{Yd-sF^rwlk}
zzz+ueW`M&hSNkCc9@&^z!k%+r$HrDG*QGui(Th|iGBwlU8aNi}h_OtsiJMzDbH)5%
hW{m~Mf=Hx`jyYWs$J1qtX&<jd{sCIEYtxkm004O+8IS+~