fix(worldline): keep prior content as a truncating write's "before"

A rewrite via `writeFileSync` (or any `O_TRUNC` open) empties the file at
open, before worldline's open-time snapshot runs in the supervisor — so the
snapshot read back empty and overwrote the file's real prior content. A second
write to the same file then showed `"" -> "new"` instead of `"old" -> "new"`.

Only adopt the open-time read as the `before` when it is non-empty (a
non-truncating open, or a pre-existing file). An empty read for a path already
tracked is treated as a truncating open, and the last-recorded content (the
previous write's `after`) is kept as the `before`. Adds a node-free regression
test covering repeated truncating writes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: wan9chi

crates/worldline/src/capture/store.rs

@@ -2,9 +2,12 @@
 //! ordered list of *writes* and a raw terminal-output byte log.
 //!
 //! A **write** is one open→…→close lifecycle of a descriptor opened for
-//! writing. Its *before* is the file's content snapshotted in the open
-//! callback; its *after* is the content snapshotted in the close callback of
-//! the same descriptor. Both are stored as points in the Loro history (per-path
+//! writing. Its *after* is the content snapshotted in the close callback of
+//! that descriptor; its *before* is the file's content just prior to the write
+//! — the open-callback snapshot for a fresh or non-truncating open, or, when a
+//! truncating open (`O_TRUNC`, as `writeFileSync` uses) has already emptied the
+//! file before the snapshot could run, the content last recorded for that path.
+//! Both are stored as points in the Loro history (per-path
 //! `LoroText`/binary, so repeated near-identical writes are delta-stored), and
 //! each write records the before/after [`Frontiers`](loro::Frontiers) the
 //! server later `checkout`s to render them.
@@ -34,7 +37,9 @@ pub struct Write {
     pub seq: u64,
     /// Absolute path of the written file.
     pub path: Str,
-    /// Frontier capturing the file's content at the matching open.
+    /// Frontier capturing the file's content just before this write (the open
+    /// snapshot, or the last-recorded content when a truncating open emptied it
+    /// first).
     pub before: Vec<OpId>,
     /// Frontier capturing the file's content at the close.
     pub after: Vec<OpId>,
@@ -135,14 +140,34 @@ impl Snapshotter {
     /// descriptor `raw_fd` of process `pid`. Pairs with the matching
     /// [`Self::record_close`].
     ///
+    /// The open-time `content` is read in the supervisor *after* the open
+    /// syscall, so a truncating open (`O_TRUNC` — what `writeFileSync` and most
+    /// whole-file writes use) has already emptied the file by the time we read
+    /// it. To avoid losing the real pre-write content, the open read is only
+    /// adopted as the `before` when it is non-empty (a non-truncating open, or a
+    /// pre-existing file); an empty read for a path we've already recorded is
+    /// treated as a truncating open and the last-recorded content is kept.
+    ///
     /// # Panics
     ///
     /// Panics if a Loro container operation fails (a corrupted invariant).
     pub fn record_open(&self, pid: u32, raw_fd: i64, path: &str, content: &[u8]) {
         let mut guard = self.lock();
-        let before = set_content(&mut guard, path, content);
-        let key = fd_key(pid, raw_fd, &Str::from(path));
-        guard.open.insert(key, before);
+        let key = Str::from(path);
+        let before = if !content.is_empty() {
+            // Non-truncating open or a pre-existing file: the read reflects the
+            // real current content (including any external modification).
+            set_content(&mut guard, path, content)
+        } else if guard.flavor.contains_key(&key) {
+            // Empty read but we already track this path: a truncating open
+            // emptied the file before we could read it. Keep what we last
+            // recorded (the previous write's `after`) as the `before`.
+            serialize_frontiers(&guard.doc.state_frontiers())
+        } else {
+            // Empty read, never seen before: a genuinely new or empty file.
+            set_content(&mut guard, path, content)
+        };
+        guard.open.insert(fd_key(pid, raw_fd, &key), before);
     }
 
     /// Record the post-write snapshot taken just before `path` is closed on

crates/worldline/tests/capture.rs

@@ -92,6 +92,50 @@ async fn captures_writes_with_before_and_after() {
     );
 }
 
+/// A truncating rewrite (`File::create`/`writeFileSync` — `O_TRUNC`) empties the
+/// file at open, before the open-time snapshot runs. The write's `before` must
+/// still be the file's prior content (the previously-recorded write), not the
+/// empty post-truncation read. Uses the test binary (no Node), so it runs in the
+/// default `cargo test` on every platform.
+#[tokio::test(flavor = "multi_thread", worker_threads = 4)]
+async fn truncating_rewrite_keeps_prior_content_as_before() {
+    let dir = tempfile::tempdir().unwrap();
+    let dir_arg = dir.path().to_str().unwrap().to_owned();
+
+    let cmd = command_for_fn!(dir_arg, |dir: String| {
+        use std::io::Write as _;
+        let a = std::path::Path::new(&dir).join("a.txt");
+        // Two truncating writes to the same file.
+        std::fs::write(&a, b"first").unwrap();
+        std::fs::write(&a, b"second").unwrap();
+        let mut out = std::io::stdout();
+        out.write_all(b"done!").unwrap();
+        out.flush().unwrap();
+    });
+
+    let cwd = AbsolutePathBuf::new(dir.path().to_path_buf()).unwrap();
+    let ignore = IgnoreSet::new(cwd.clone(), true, &[]).unwrap();
+    let captured = run(RunOptions { program: cmd.program, args: cmd.args, cwd, ignore })
+        .await
+        .expect("run worldline");
+    assert_eq!(captured.meta.exit_code, Some(0), "child should exit cleanly");
+
+    let api = reconstruct(&captured);
+    let a_writes: Vec<&ApiWrite> =
+        api.writes.iter().filter(|w| w.path.ends_with("a.txt")).collect();
+    assert!(
+        a_writes.iter().any(|w| {
+            text(&api, w.before.as_str()).as_deref() == Some("first")
+                && text(&api, w.after.as_str()).as_deref() == Some("second")
+        }),
+        "expected the truncating rewrite to show before='first' after='second', got {:?}",
+        a_writes
+            .iter()
+            .map(|w| (text(&api, w.before.as_str()), text(&api, w.after.as_str())))
+            .collect::<Vec<_>>()
+    );
+}
+
 /// Regression for the user-facing `worldline node` scenario: Node's libuv closes
 /// descriptors via `close$NOCANCEL` on macOS — a distinct libc symbol from
 /// `close`. If fspy doesn't interpose it, the write-close is never observed, so