@dexto/tools-filesystem 1.5.2 → 1.5.3

package/dist/filesystem-service.js

@@ -93,7 +93,7 @@ class FileSystemService {
    * @param filePath The file path to check (can be relative or absolute)
    * @returns true if the path is within config-allowed paths, false otherwise
    */
-  isPathWithinConfigAllowed(filePath) {
+  async isPathWithinConfigAllowed(filePath) {
     return this.pathValidator.isPathWithinAllowed(filePath);
   }
   /**
@@ -101,7 +101,7 @@ class FileSystemService {
    */
   async readFile(filePath, options = {}) {
     await this.ensureInitialized();
-    const validation = this.pathValidator.validatePath(filePath);
+    const validation = await this.pathValidator.validatePath(filePath);
     if (!validation.isValid || !validation.normalizedPath) {
       throw FileSystemError.invalidPath(filePath, validation.error || "Unknown error");
     }
@@ -178,7 +178,7 @@ class FileSystemService {
       });
       const validFiles = [];
       for (const file of files) {
-        const validation = this.pathValidator.validatePath(file);
+        const validation = await this.pathValidator.validatePath(file);
         if (!validation.isValid || !validation.normalizedPath) {
           this.logger.debug(`Skipping invalid path: ${file}`);
           continue;
@@ -311,7 +311,7 @@ class FileSystemService {
    */
   async writeFile(filePath, content, options = {}) {
     await this.ensureInitialized();
-    const validation = this.pathValidator.validatePath(filePath);
+    const validation = await this.pathValidator.validatePath(filePath);
     if (!validation.isValid || !validation.normalizedPath) {
       throw FileSystemError.invalidPath(filePath, validation.error || "Unknown error");
     }
@@ -353,14 +353,14 @@ class FileSystemService {
    */
   async editFile(filePath, operation, options = {}) {
     await this.ensureInitialized();
-    const validation = this.pathValidator.validatePath(filePath);
+    const validation = await this.pathValidator.validatePath(filePath);
     if (!validation.isValid || !validation.normalizedPath) {
       throw FileSystemError.invalidPath(filePath, validation.error || "Unknown error");
     }
     const normalizedPath = validation.normalizedPath;
     const fileContent = await this.readFile(normalizedPath);
-    let content = fileContent.content;
-    const occurrences = (content.match(
+    const originalContent = fileContent.content;
+    const occurrences = (originalContent.match(
       new RegExp(operation.oldString.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"), "g")
     ) || []).length;
     if (occurrences === 0) {
@@ -374,21 +374,24 @@ class FileSystemService {
       backupPath = await this.createBackup(normalizedPath);
     }
     try {
+      let newContent;
       if (operation.replaceAll) {
-        content = content.replace(
+        newContent = originalContent.replace(
           new RegExp(operation.oldString.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"), "g"),
           operation.newString
         );
       } else {
-        content = content.replace(operation.oldString, operation.newString);
+        newContent = originalContent.replace(operation.oldString, operation.newString);
       }
-      await fs.writeFile(normalizedPath, content, options.encoding || DEFAULT_ENCODING);
+      await fs.writeFile(normalizedPath, newContent, options.encoding || DEFAULT_ENCODING);
       this.logger.debug(`File edited: ${normalizedPath} (${occurrences} replacements)`);
       return {
         success: true,
         path: normalizedPath,
         changesCount: occurrences,
-        backupPath
+        backupPath,
+        originalContent,
+        newContent
       };
     } catch (error) {
       throw FileSystemError.editFailed(
@@ -480,10 +483,10 @@ class FileSystemService {
     return { ...this.config };
   }
   /**
-   * Check if a path is allowed
+   * Check if a path is allowed (async for non-blocking symlink resolution)
    */
-  isPathAllowed(filePath) {
-    const validation = this.pathValidator.validatePath(filePath);
+  async isPathAllowed(filePath) {
+    const validation = await this.pathValidator.validatePath(filePath);
     return validation.isValid;
   }
 }

package/dist/filesystem-service.test.cjs

@@ -0,0 +1,233 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var import_vitest = require("vitest");
+var path = __toESM(require("node:path"), 1);
+var fs = __toESM(require("node:fs/promises"), 1);
+var os = __toESM(require("node:os"), 1);
+var import_filesystem_service = require("./filesystem-service.js");
+const createMockLogger = () => ({
+  debug: import_vitest.vi.fn(),
+  info: import_vitest.vi.fn(),
+  warn: import_vitest.vi.fn(),
+  error: import_vitest.vi.fn(),
+  createChild: import_vitest.vi.fn().mockReturnThis()
+});
+(0, import_vitest.describe)("FileSystemService", () => {
+  let mockLogger;
+  let tempDir;
+  (0, import_vitest.beforeEach)(async () => {
+    mockLogger = createMockLogger();
+    const rawTempDir = await fs.mkdtemp(path.join(os.tmpdir(), "dexto-fs-test-"));
+    tempDir = await fs.realpath(rawTempDir);
+    import_vitest.vi.clearAllMocks();
+  });
+  (0, import_vitest.afterEach)(async () => {
+    try {
+      await fs.rm(tempDir, { recursive: true, force: true });
+    } catch {
+    }
+  });
+  (0, import_vitest.describe)("Backup Behavior", () => {
+    (0, import_vitest.describe)("writeFile", () => {
+      (0, import_vitest.it)("should NOT create backup when enableBackups is false (default)", async () => {
+        const fileSystemService = new import_filesystem_service.FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: false,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "original content");
+        const result = await fileSystemService.writeFile(testFile, "new content");
+        (0, import_vitest.expect)(result.success).toBe(true);
+        (0, import_vitest.expect)(result.backupPath).toBeUndefined();
+        const backupDir = path.join(tempDir, ".dexto-backups");
+        try {
+          const files = await fs.readdir(backupDir);
+          (0, import_vitest.expect)(files.length).toBe(0);
+        } catch {
+        }
+      });
+      (0, import_vitest.it)("should create backup when enableBackups is true", async () => {
+        const fileSystemService = new import_filesystem_service.FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: true,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "original content");
+        const result = await fileSystemService.writeFile(testFile, "new content");
+        (0, import_vitest.expect)(result.success).toBe(true);
+        (0, import_vitest.expect)(result.backupPath).toBeDefined();
+        (0, import_vitest.expect)(result.backupPath).toContain(".dexto");
+        (0, import_vitest.expect)(result.backupPath).toContain("backup");
+        const backupContent = await fs.readFile(result.backupPath, "utf-8");
+        (0, import_vitest.expect)(backupContent).toBe("original content");
+        const newContent = await fs.readFile(testFile, "utf-8");
+        (0, import_vitest.expect)(newContent).toBe("new content");
+      });
+      (0, import_vitest.it)("should NOT create backup for new files even when enableBackups is true", async () => {
+        const fileSystemService = new import_filesystem_service.FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: true,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "new-file.txt");
+        const result = await fileSystemService.writeFile(testFile, "content", {
+          createDirs: true
+        });
+        (0, import_vitest.expect)(result.success).toBe(true);
+        (0, import_vitest.expect)(result.backupPath).toBeUndefined();
+      });
+      (0, import_vitest.it)("should respect per-call backup option over config", async () => {
+        const fileSystemService = new import_filesystem_service.FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: false,
+            // Config says no backups
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "original content");
+        const result = await fileSystemService.writeFile(testFile, "new content", {
+          backup: true
+        });
+        (0, import_vitest.expect)(result.success).toBe(true);
+        (0, import_vitest.expect)(result.backupPath).toBeDefined();
+      });
+    });
+    (0, import_vitest.describe)("editFile", () => {
+      (0, import_vitest.it)("should NOT create backup when enableBackups is false (default)", async () => {
+        const fileSystemService = new import_filesystem_service.FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: false,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "hello world");
+        const result = await fileSystemService.editFile(testFile, {
+          oldString: "world",
+          newString: "universe"
+        });
+        (0, import_vitest.expect)(result.success).toBe(true);
+        (0, import_vitest.expect)(result.backupPath).toBeUndefined();
+        const content = await fs.readFile(testFile, "utf-8");
+        (0, import_vitest.expect)(content).toBe("hello universe");
+      });
+      (0, import_vitest.it)("should create backup when enableBackups is true", async () => {
+        const fileSystemService = new import_filesystem_service.FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: true,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "hello world");
+        const result = await fileSystemService.editFile(testFile, {
+          oldString: "world",
+          newString: "universe"
+        });
+        (0, import_vitest.expect)(result.success).toBe(true);
+        (0, import_vitest.expect)(result.backupPath).toBeDefined();
+        const backupContent = await fs.readFile(result.backupPath, "utf-8");
+        (0, import_vitest.expect)(backupContent).toBe("hello world");
+        const content = await fs.readFile(testFile, "utf-8");
+        (0, import_vitest.expect)(content).toBe("hello universe");
+      });
+      (0, import_vitest.it)("should respect per-call backup option over config", async () => {
+        const fileSystemService = new import_filesystem_service.FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: false,
+            // Config says no backups
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "hello world");
+        const result = await fileSystemService.editFile(
+          testFile,
+          {
+            oldString: "world",
+            newString: "universe"
+          },
+          { backup: true }
+        );
+        (0, import_vitest.expect)(result.success).toBe(true);
+        (0, import_vitest.expect)(result.backupPath).toBeDefined();
+      });
+    });
+  });
+});

package/dist/filesystem-service.test.d.cts

@@ -0,0 +1,2 @@
+
+export {  }

package/dist/filesystem-service.test.d.ts

@@ -0,0 +1,2 @@
+
+export {  }

package/dist/filesystem-service.test.js

@@ -0,0 +1,210 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import * as path from "node:path";
+import * as fs from "node:fs/promises";
+import * as os from "node:os";
+import { FileSystemService } from "./filesystem-service.js";
+const createMockLogger = () => ({
+  debug: vi.fn(),
+  info: vi.fn(),
+  warn: vi.fn(),
+  error: vi.fn(),
+  createChild: vi.fn().mockReturnThis()
+});
+describe("FileSystemService", () => {
+  let mockLogger;
+  let tempDir;
+  beforeEach(async () => {
+    mockLogger = createMockLogger();
+    const rawTempDir = await fs.mkdtemp(path.join(os.tmpdir(), "dexto-fs-test-"));
+    tempDir = await fs.realpath(rawTempDir);
+    vi.clearAllMocks();
+  });
+  afterEach(async () => {
+    try {
+      await fs.rm(tempDir, { recursive: true, force: true });
+    } catch {
+    }
+  });
+  describe("Backup Behavior", () => {
+    describe("writeFile", () => {
+      it("should NOT create backup when enableBackups is false (default)", async () => {
+        const fileSystemService = new FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: false,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "original content");
+        const result = await fileSystemService.writeFile(testFile, "new content");
+        expect(result.success).toBe(true);
+        expect(result.backupPath).toBeUndefined();
+        const backupDir = path.join(tempDir, ".dexto-backups");
+        try {
+          const files = await fs.readdir(backupDir);
+          expect(files.length).toBe(0);
+        } catch {
+        }
+      });
+      it("should create backup when enableBackups is true", async () => {
+        const fileSystemService = new FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: true,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "original content");
+        const result = await fileSystemService.writeFile(testFile, "new content");
+        expect(result.success).toBe(true);
+        expect(result.backupPath).toBeDefined();
+        expect(result.backupPath).toContain(".dexto");
+        expect(result.backupPath).toContain("backup");
+        const backupContent = await fs.readFile(result.backupPath, "utf-8");
+        expect(backupContent).toBe("original content");
+        const newContent = await fs.readFile(testFile, "utf-8");
+        expect(newContent).toBe("new content");
+      });
+      it("should NOT create backup for new files even when enableBackups is true", async () => {
+        const fileSystemService = new FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: true,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "new-file.txt");
+        const result = await fileSystemService.writeFile(testFile, "content", {
+          createDirs: true
+        });
+        expect(result.success).toBe(true);
+        expect(result.backupPath).toBeUndefined();
+      });
+      it("should respect per-call backup option over config", async () => {
+        const fileSystemService = new FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: false,
+            // Config says no backups
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "original content");
+        const result = await fileSystemService.writeFile(testFile, "new content", {
+          backup: true
+        });
+        expect(result.success).toBe(true);
+        expect(result.backupPath).toBeDefined();
+      });
+    });
+    describe("editFile", () => {
+      it("should NOT create backup when enableBackups is false (default)", async () => {
+        const fileSystemService = new FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: false,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "hello world");
+        const result = await fileSystemService.editFile(testFile, {
+          oldString: "world",
+          newString: "universe"
+        });
+        expect(result.success).toBe(true);
+        expect(result.backupPath).toBeUndefined();
+        const content = await fs.readFile(testFile, "utf-8");
+        expect(content).toBe("hello universe");
+      });
+      it("should create backup when enableBackups is true", async () => {
+        const fileSystemService = new FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: true,
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "hello world");
+        const result = await fileSystemService.editFile(testFile, {
+          oldString: "world",
+          newString: "universe"
+        });
+        expect(result.success).toBe(true);
+        expect(result.backupPath).toBeDefined();
+        const backupContent = await fs.readFile(result.backupPath, "utf-8");
+        expect(backupContent).toBe("hello world");
+        const content = await fs.readFile(testFile, "utf-8");
+        expect(content).toBe("hello universe");
+      });
+      it("should respect per-call backup option over config", async () => {
+        const fileSystemService = new FileSystemService(
+          {
+            allowedPaths: [tempDir],
+            blockedPaths: [],
+            blockedExtensions: [],
+            maxFileSize: 10 * 1024 * 1024,
+            workingDirectory: tempDir,
+            enableBackups: false,
+            // Config says no backups
+            backupRetentionDays: 7
+          },
+          mockLogger
+        );
+        await fileSystemService.initialize();
+        const testFile = path.join(tempDir, "test.txt");
+        await fs.writeFile(testFile, "hello world");
+        const result = await fileSystemService.editFile(
+          testFile,
+          {
+            oldString: "world",
+            newString: "universe"
+          },
+          { backup: true }
+        );
+        expect(result.success).toBe(true);
+        expect(result.backupPath).toBeDefined();
+      });
+    });
+  });
+});

package/dist/path-validator.cjs

@@ -32,7 +32,7 @@ __export(path_validator_exports, {
 });
 module.exports = __toCommonJS(path_validator_exports);
 var path = __toESM(require("node:path"), 1);
-var import_node_fs = require("node:fs");
+var fs = __toESM(require("node:fs/promises"), 1);
 class PathValidator {
   config;
   normalizedAllowedPaths;
@@ -67,7 +67,7 @@ class PathValidator {
   /**
    * Validate a file path for security and policy compliance
    */
-  validatePath(filePath) {
+  async validatePath(filePath) {
     if (!filePath || filePath.trim() === "") {
       return {
         isValid: false,
@@ -79,7 +79,7 @@ class PathValidator {
     try {
       normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
       try {
-        normalizedPath = import_node_fs.realpathSync.native(normalizedPath);
+        normalizedPath = await fs.realpath(normalizedPath);
       } catch {
       }
     } catch (error) {
@@ -135,22 +135,10 @@ class PathValidator {
   /**
    * Check if path is within allowed paths (whitelist check)
    * Also consults the directory approval checker if configured.
+   * Uses the sync version since the path is already normalized at this point.
    */
   isPathAllowed(normalizedPath) {
-    if (this.normalizedAllowedPaths.length === 0) {
-      return true;
-    }
-    const isInConfigPaths = this.normalizedAllowedPaths.some((allowedPath) => {
-      const relative = path.relative(allowedPath, normalizedPath);
-      return !relative.startsWith("..") && !path.isAbsolute(relative);
-    });
-    if (isInConfigPaths) {
-      return true;
-    }
-    if (this.directoryApprovalChecker) {
-      return this.directoryApprovalChecker(normalizedPath);
-    }
-    return false;
+    return this.isPathAllowedSync(normalizedPath);
   }
   /**
    * Check if path matches blocked patterns (blacklist check)
@@ -169,9 +157,30 @@ class PathValidator {
   }
   /**
    * Quick check if a path is allowed (for internal use)
+   * Note: This assumes the path is already normalized/canonicalized
    */
   isPathAllowedQuick(normalizedPath) {
-    return this.isPathAllowed(normalizedPath) && !this.isPathBlocked(normalizedPath);
+    return this.isPathAllowedSync(normalizedPath) && !this.isPathBlocked(normalizedPath);
+  }
+  /**
+   * Synchronous path allowed check (for already-normalized paths)
+   * This is used internally when we already have a canonicalized path
+   */
+  isPathAllowedSync(normalizedPath) {
+    if (this.normalizedAllowedPaths.length === 0) {
+      return true;
+    }
+    const isInConfigPaths = this.normalizedAllowedPaths.some((allowedPath) => {
+      const relative = path.relative(allowedPath, normalizedPath);
+      return !relative.startsWith("..") && !path.isAbsolute(relative);
+    });
+    if (isInConfigPaths) {
+      return true;
+    }
+    if (this.directoryApprovalChecker) {
+      return this.directoryApprovalChecker(normalizedPath);
+    }
+    return false;
   }
   /**
    * Check if a file path is within the configured allowed paths (from config only).
@@ -183,7 +192,7 @@ class PathValidator {
    * @param filePath The file path to check (can be relative or absolute)
    * @returns true if the path is within config-allowed paths, false otherwise
    */
-  isPathWithinAllowed(filePath) {
+  async isPathWithinAllowed(filePath) {
     if (!filePath || filePath.trim() === "") {
       return false;
     }
@@ -192,7 +201,7 @@ class PathValidator {
     try {
       normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
       try {
-        normalizedPath = import_node_fs.realpathSync.native(normalizedPath);
+        normalizedPath = await fs.realpath(normalizedPath);
       } catch {
       }
     } catch {

package/dist/path-validator.d.cts

@@ -43,7 +43,7 @@ declare class PathValidator {
     /**
      * Validate a file path for security and policy compliance
      */
-    validatePath(filePath: string): PathValidation;
+    validatePath(filePath: string): Promise<PathValidation>;
     /**
      * Check if path contains traversal attempts
      */
@@ -51,6 +51,7 @@ declare class PathValidator {
     /**
      * Check if path is within allowed paths (whitelist check)
      * Also consults the directory approval checker if configured.
+     * Uses the sync version since the path is already normalized at this point.
      */
     private isPathAllowed;
     /**
@@ -59,8 +60,14 @@ declare class PathValidator {
     private isPathBlocked;
     /**
      * Quick check if a path is allowed (for internal use)
+     * Note: This assumes the path is already normalized/canonicalized
      */
     isPathAllowedQuick(normalizedPath: string): boolean;
+    /**
+     * Synchronous path allowed check (for already-normalized paths)
+     * This is used internally when we already have a canonicalized path
+     */
+    private isPathAllowedSync;
     /**
      * Check if a file path is within the configured allowed paths (from config only).
      * This method does NOT consult ApprovalManager - it only checks the static config paths.
@@ -71,7 +78,7 @@ declare class PathValidator {
      * @param filePath The file path to check (can be relative or absolute)
      * @returns true if the path is within config-allowed paths, false otherwise
      */
-    isPathWithinAllowed(filePath: string): boolean;
+    isPathWithinAllowed(filePath: string): Promise<boolean>;
     /**
      * Check if path is within config-allowed paths only (no approval checker).
      * Used for prompting decisions.