commandmate 0.1.10 → 0.1.11

package/dist/cli/utils/worktree-detector.js

@@ -0,0 +1,221 @@
+"use strict";
+/**
+ * Worktree Detector
+ * Issue #136: Phase 1 - Task 1.3
+ *
+ * Provides utilities for detecting git worktrees and extracting issue numbers.
+ * Used to automatically identify which worktree environment the CLI is running in.
+ *
+ * Security: Uses execFile instead of exec to prevent command injection.
+ *
+ * @module worktree-detector
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractIssueNoFromPath = extractIssueNoFromPath;
+exports.extractIssueNoFromBranch = extractIssueNoFromBranch;
+exports.isWorktreeDirectory = isWorktreeDirectory;
+exports.detectCurrentWorktree = detectCurrentWorktree;
+exports.detectWorktreeContext = detectWorktreeContext;
+const child_process_1 = require("child_process");
+const util_1 = require("util");
+const path_1 = __importDefault(require("path"));
+const execFileAsync = (0, util_1.promisify)(child_process_1.execFile);
+/**
+ * Pattern for extracting issue number from worktree directory name
+ * Matches: commandmate-issue-{number}
+ */
+const WORKTREE_PATH_PATTERN = /commandmate-issue-(\d+)/;
+/**
+ * Pattern for extracting issue number from branch name
+ * Matches:
+ * - feature/{number}-description
+ * - fix/{number}-description
+ * - hotfix/{number}-description
+ * - {number}-description (without prefix)
+ */
+const BRANCH_ISSUE_PATTERN = /^(?:feature\/|fix\/|hotfix\/)?(\d+)-/;
+/**
+ * Extract issue number from a worktree directory path
+ *
+ * @param dirPath - Directory path to check
+ * @returns Issue number or null if not a worktree path
+ *
+ * @example
+ * ```typescript
+ * extractIssueNoFromPath('/home/user/repos/commandmate-issue-135'); // 135
+ * extractIssueNoFromPath('/home/user/repos/commandmate'); // null
+ * ```
+ */
+function extractIssueNoFromPath(dirPath) {
+    // Normalize path and remove trailing slash
+    const normalizedPath = path_1.default.normalize(dirPath).replace(/\/$/, '');
+    const match = normalizedPath.match(WORKTREE_PATH_PATTERN);
+    if (!match) {
+        return null;
+    }
+    const issueNo = parseInt(match[1], 10);
+    // Validate: must be positive integer
+    if (!Number.isInteger(issueNo) || issueNo <= 0) {
+        return null;
+    }
+    return issueNo;
+}
+/**
+ * Extract issue number from a git branch name
+ *
+ * @param branchName - Git branch name
+ * @returns Issue number or null if not found
+ *
+ * @example
+ * ```typescript
+ * extractIssueNoFromBranch('feature/135-add-worktree'); // 135
+ * extractIssueNoFromBranch('main'); // null
+ * ```
+ */
+function extractIssueNoFromBranch(branchName) {
+    const match = branchName.match(BRANCH_ISSUE_PATTERN);
+    if (!match) {
+        return null;
+    }
+    const issueNo = parseInt(match[1], 10);
+    // Validate: must be positive integer
+    if (!Number.isInteger(issueNo) || issueNo <= 0) {
+        return null;
+    }
+    return issueNo;
+}
+/**
+ * Check if a directory is inside a git worktree
+ *
+ * @param dirPath - Directory path to check
+ * @returns true if directory is inside a git repository
+ */
+async function isWorktreeDirectory(dirPath) {
+    try {
+        // Use execFile for security (no shell interpretation)
+        const { stdout } = await execFileAsync('git', ['rev-parse', '--is-inside-work-tree'], {
+            cwd: dirPath,
+            timeout: 5000, // 5 second timeout
+        });
+        return stdout.trim() === 'true';
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Get the git repository root for a directory
+ *
+ * @param dirPath - Directory path
+ * @returns Repository root path or null
+ */
+async function getGitRoot(dirPath) {
+    try {
+        const { stdout } = await execFileAsync('git', ['rev-parse', '--show-toplevel'], {
+            cwd: dirPath,
+            timeout: 5000,
+        });
+        return stdout.trim();
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Get the current git branch name
+ *
+ * @param dirPath - Directory path within git repository
+ * @returns Branch name or null
+ */
+async function getCurrentBranch(dirPath) {
+    try {
+        const { stdout } = await execFileAsync('git', ['rev-parse', '--abbrev-ref', 'HEAD'], {
+            cwd: dirPath,
+            timeout: 5000,
+        });
+        const branch = stdout.trim();
+        // Handle detached HEAD
+        if (branch === 'HEAD') {
+            return null;
+        }
+        return branch;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Detect if the current directory is within a CommandMate worktree
+ *
+ * Attempts to extract issue number from:
+ * 1. Directory path (e.g., commandmate-issue-135)
+ * 2. Git branch name (e.g., feature/135-description)
+ *
+ * @param dirPath - Directory path to check (defaults to cwd)
+ * @returns WorktreeInfo if detected, null otherwise
+ *
+ * @example
+ * ```typescript
+ * const info = await detectCurrentWorktree();
+ * if (info) {
+ *   console.log(`Running in worktree for Issue #${info.issueNo}`);
+ * }
+ * ```
+ */
+async function detectCurrentWorktree(dirPath) {
+    const targetPath = dirPath || process.cwd();
+    try {
+        // Get git root
+        const gitRoot = await getGitRoot(targetPath);
+        if (!gitRoot) {
+            return null;
+        }
+        // Get current branch
+        const branch = await getCurrentBranch(targetPath);
+        // Try to extract issue number from path first
+        let issueNo = extractIssueNoFromPath(gitRoot);
+        // If not found in path, try branch name
+        if (issueNo === null && branch) {
+            issueNo = extractIssueNoFromBranch(branch);
+        }
+        // If no issue number found, this is not a worktree for an issue
+        if (issueNo === null) {
+            return null;
+        }
+        return {
+            issueNo,
+            path: gitRoot,
+            branch: branch || 'unknown',
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Detect worktree from environment or current directory
+ * Convenience function that checks CM_ISSUE_NO env var first
+ *
+ * @returns WorktreeInfo if detected, null otherwise
+ */
+async function detectWorktreeContext() {
+    // Check environment variable first
+    const envIssueNo = process.env.CM_ISSUE_NO;
+    if (envIssueNo) {
+        const issueNo = parseInt(envIssueNo, 10);
+        if (Number.isInteger(issueNo) && issueNo > 0) {
+            const gitRoot = await getGitRoot(process.cwd());
+            const branch = await getCurrentBranch(process.cwd());
+            return {
+                issueNo,
+                path: gitRoot || process.cwd(),
+                branch: branch || 'unknown',
+            };
+        }
+    }
+    // Fall back to detection
+    return detectCurrentWorktree();
+}

package/dist/lib/errors.d.ts

@@ -0,0 +1,111 @@
+/**
+ * Error Definitions
+ * Issue #136: Phase 1 - Foundation
+ *
+ * Centralized error handling for the application.
+ * SF-SEC-003: Separates client-facing and internal error messages.
+ *
+ * @module errors
+ */
+/**
+ * Standard error codes used throughout the application
+ * These codes are safe to expose to clients.
+ */
+export declare const ErrorCode: {
+    readonly INVALID_ISSUE_NO: "INVALID_ISSUE_NO";
+    readonly ISSUE_NO_OUT_OF_RANGE: "ISSUE_NO_OUT_OF_RANGE";
+    readonly INVALID_BRANCH_NAME: "INVALID_BRANCH_NAME";
+    readonly BRANCH_NAME_TOO_LONG: "BRANCH_NAME_TOO_LONG";
+    readonly INVALID_PORT: "INVALID_PORT";
+    readonly PORT_EXHAUSTED: "PORT_EXHAUSTED";
+    readonly PORT_IN_USE: "PORT_IN_USE";
+    readonly WORKTREE_NOT_FOUND: "WORKTREE_NOT_FOUND";
+    readonly WORKTREE_ALREADY_EXISTS: "WORKTREE_ALREADY_EXISTS";
+    readonly PID_FILE_EXISTS: "PID_FILE_EXISTS";
+    readonly PROCESS_NOT_RUNNING: "PROCESS_NOT_RUNNING";
+    readonly PATH_TRAVERSAL: "PATH_TRAVERSAL";
+    readonly UNAUTHORIZED: "UNAUTHORIZED";
+    readonly FORBIDDEN: "FORBIDDEN";
+    readonly DATABASE_ERROR: "DATABASE_ERROR";
+    readonly FILESYSTEM_ERROR: "FILESYSTEM_ERROR";
+    readonly GIT_ERROR: "GIT_ERROR";
+    readonly TIMEOUT: "TIMEOUT";
+    readonly UNKNOWN_ERROR: "UNKNOWN_ERROR";
+};
+export type ErrorCodeType = (typeof ErrorCode)[keyof typeof ErrorCode];
+/**
+ * Application-specific error class
+ *
+ * @example
+ * ```typescript
+ * throw new AppError('INVALID_ISSUE_NO', 'Issue number must be a positive integer', { received: -1 });
+ * ```
+ */
+export declare class AppError extends Error {
+    /**
+     * Error code - safe to expose to clients
+     */
+    readonly code: string;
+    /**
+     * Additional details - may contain sensitive info, log only
+     */
+    readonly details?: Record<string, unknown>;
+    /**
+     * Timestamp when error occurred
+     */
+    readonly timestamp: string;
+    constructor(code: string, message: string, details?: Record<string, unknown>);
+    /**
+     * Create a client-safe representation (excludes sensitive details)
+     */
+    toClientError(): {
+        code: string;
+        message: string;
+    };
+    /**
+     * Create a log-safe representation (includes details for debugging)
+     */
+    toLogError(): {
+        code: string;
+        message: string;
+        details?: Record<string, unknown>;
+        timestamp: string;
+    };
+}
+/**
+ * Factory function to create AppError
+ *
+ * @param code - Error code from ErrorCode enum
+ * @param message - Human-readable error message
+ * @param details - Optional additional details (logged, not sent to client)
+ * @returns AppError instance
+ *
+ * @example
+ * ```typescript
+ * throw createAppError(ErrorCode.PORT_EXHAUSTED, 'No available ports in range', { range: [3001, 3100] });
+ * ```
+ */
+export declare function createAppError(code: string, message: string, details?: Record<string, unknown>): AppError;
+/**
+ * Type guard to check if an error is an AppError
+ *
+ * @param error - Error to check
+ * @returns true if error is an AppError
+ */
+export declare function isAppError(error: unknown): error is AppError;
+/**
+ * Wrap unknown error into AppError
+ *
+ * @param error - Unknown error
+ * @param defaultCode - Default error code if error is not AppError
+ * @returns AppError instance
+ */
+export declare function wrapError(error: unknown, defaultCode?: string): AppError;
+/**
+ * Get error message from unknown error
+ *
+ * @param error - Unknown error
+ * @returns Error message string
+ */
+export declare function getErrorMessage(error: unknown): string;
+//# sourceMappingURL=errors.d.ts.map

package/dist/lib/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/lib/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;CA6BZ,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAEvE;;;;;;;GAOG;AACH,qBAAa,QAAS,SAAQ,KAAK;IACjC;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE3C;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;gBAGzB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAcnC;;OAEG;IACH,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAOlD;;OAEG;IACH,UAAU,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE;CAQtG;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,QAAQ,CAEV;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,QAAQ,CAE5D;AAED;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,GAAE,MAAgC,GAAG,QAAQ,CAUjG;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAKtD"}

package/dist/lib/errors.js

@@ -0,0 +1,153 @@
+"use strict";
+/**
+ * Error Definitions
+ * Issue #136: Phase 1 - Foundation
+ *
+ * Centralized error handling for the application.
+ * SF-SEC-003: Separates client-facing and internal error messages.
+ *
+ * @module errors
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppError = exports.ErrorCode = void 0;
+exports.createAppError = createAppError;
+exports.isAppError = isAppError;
+exports.wrapError = wrapError;
+exports.getErrorMessage = getErrorMessage;
+/**
+ * Standard error codes used throughout the application
+ * These codes are safe to expose to clients.
+ */
+exports.ErrorCode = {
+    // Input validation errors
+    INVALID_ISSUE_NO: 'INVALID_ISSUE_NO',
+    ISSUE_NO_OUT_OF_RANGE: 'ISSUE_NO_OUT_OF_RANGE',
+    INVALID_BRANCH_NAME: 'INVALID_BRANCH_NAME',
+    BRANCH_NAME_TOO_LONG: 'BRANCH_NAME_TOO_LONG',
+    INVALID_PORT: 'INVALID_PORT',
+    // Resource errors
+    PORT_EXHAUSTED: 'PORT_EXHAUSTED',
+    PORT_IN_USE: 'PORT_IN_USE',
+    WORKTREE_NOT_FOUND: 'WORKTREE_NOT_FOUND',
+    WORKTREE_ALREADY_EXISTS: 'WORKTREE_ALREADY_EXISTS',
+    PID_FILE_EXISTS: 'PID_FILE_EXISTS',
+    PROCESS_NOT_RUNNING: 'PROCESS_NOT_RUNNING',
+    // Security errors
+    PATH_TRAVERSAL: 'PATH_TRAVERSAL',
+    UNAUTHORIZED: 'UNAUTHORIZED',
+    FORBIDDEN: 'FORBIDDEN',
+    // System errors
+    DATABASE_ERROR: 'DATABASE_ERROR',
+    FILESYSTEM_ERROR: 'FILESYSTEM_ERROR',
+    GIT_ERROR: 'GIT_ERROR',
+    TIMEOUT: 'TIMEOUT',
+    // Generic errors
+    UNKNOWN_ERROR: 'UNKNOWN_ERROR',
+};
+/**
+ * Application-specific error class
+ *
+ * @example
+ * ```typescript
+ * throw new AppError('INVALID_ISSUE_NO', 'Issue number must be a positive integer', { received: -1 });
+ * ```
+ */
+class AppError extends Error {
+    /**
+     * Error code - safe to expose to clients
+     */
+    code;
+    /**
+     * Additional details - may contain sensitive info, log only
+     */
+    details;
+    /**
+     * Timestamp when error occurred
+     */
+    timestamp;
+    constructor(code, message, details) {
+        super(message);
+        this.name = 'AppError';
+        this.code = code;
+        this.details = details;
+        this.timestamp = new Date().toISOString();
+        // Maintains proper stack trace for where our error was thrown (only available on V8)
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, AppError);
+        }
+    }
+    /**
+     * Create a client-safe representation (excludes sensitive details)
+     */
+    toClientError() {
+        return {
+            code: this.code,
+            message: this.message,
+        };
+    }
+    /**
+     * Create a log-safe representation (includes details for debugging)
+     */
+    toLogError() {
+        return {
+            code: this.code,
+            message: this.message,
+            details: this.details,
+            timestamp: this.timestamp,
+        };
+    }
+}
+exports.AppError = AppError;
+/**
+ * Factory function to create AppError
+ *
+ * @param code - Error code from ErrorCode enum
+ * @param message - Human-readable error message
+ * @param details - Optional additional details (logged, not sent to client)
+ * @returns AppError instance
+ *
+ * @example
+ * ```typescript
+ * throw createAppError(ErrorCode.PORT_EXHAUSTED, 'No available ports in range', { range: [3001, 3100] });
+ * ```
+ */
+function createAppError(code, message, details) {
+    return new AppError(code, message, details);
+}
+/**
+ * Type guard to check if an error is an AppError
+ *
+ * @param error - Error to check
+ * @returns true if error is an AppError
+ */
+function isAppError(error) {
+    return error instanceof AppError;
+}
+/**
+ * Wrap unknown error into AppError
+ *
+ * @param error - Unknown error
+ * @param defaultCode - Default error code if error is not AppError
+ * @returns AppError instance
+ */
+function wrapError(error, defaultCode = exports.ErrorCode.UNKNOWN_ERROR) {
+    if (isAppError(error)) {
+        return error;
+    }
+    if (error instanceof Error) {
+        return new AppError(defaultCode, error.message, { originalError: error.name });
+    }
+    return new AppError(defaultCode, String(error));
+}
+/**
+ * Get error message from unknown error
+ *
+ * @param error - Unknown error
+ * @returns Error message string
+ */
+function getErrorMessage(error) {
+    if (error instanceof Error) {
+        return error.message;
+    }
+    return String(error);
+}

package/dist/server/server.js

@@ -34,6 +34,7 @@ const ws_server_1 = require("./src/lib/ws-server");
 const worktrees_1 = require("./src/lib/worktrees");
 const db_instance_1 = require("./src/lib/db-instance");
 const response_poller_1 = require("./src/lib/response-poller");
+const auto_yes_manager_1 = require("./src/lib/auto-yes-manager");
 const db_migrations_1 = require("./src/lib/db-migrations");
 const env_1 = require("./src/lib/env");
 const dev = process.env.NODE_ENV !== 'production';
@@ -104,6 +105,8 @@ app.prepare().then(() => {
         console.log(`${signal} received: shutting down...`);
         // Stop polling first
         (0, response_poller_1.stopAllPolling)();
+        // Issue #138: Stop all auto-yes pollers
+        (0, auto_yes_manager_1.stopAllAutoYesPolling)();
         // Close WebSocket connections immediately (don't wait)
         (0, ws_server_1.closeWebSocket)();
         // Force exit after 3 seconds if graceful shutdown fails

package/dist/server/src/cli/utils/install-context.js

@@ -0,0 +1,96 @@
+"use strict";
+/**
+ * Install Context Utility
+ * Issue #136: DRY refactoring - extract common install detection functions
+ *
+ * This module provides centralized functions for detecting the install type
+ * (global vs local npm install) and resolving configuration directories.
+ *
+ * Extracted from env-setup.ts to solve circular import issues and follow DRY principle.
+ *
+ * @module install-context
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isGlobalInstall = isGlobalInstall;
+exports.getConfigDir = getConfigDir;
+exports.ensureConfigDir = ensureConfigDir;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const os_1 = require("os");
+/**
+ * Check if running as global npm package
+ * Issue #119: Determine .env location based on install type
+ * Issue #136: Extracted to avoid circular imports
+ *
+ * @returns true if running as global npm package
+ *
+ * @example
+ * ```typescript
+ * if (isGlobalInstall()) {
+ *   // Use ~/.commandmate for config
+ * } else {
+ *   // Use current working directory
+ * }
+ * ```
+ */
+function isGlobalInstall() {
+    // Check if running from global node_modules
+    // Global installs typically have paths like:
+    // - /usr/local/lib/node_modules/
+    // - /Users/xxx/.npm-global/lib/node_modules/
+    // - C:\Users\xxx\AppData\Roaming\npm\node_modules\
+    const currentPath = (0, path_1.dirname)(__dirname);
+    return (currentPath.includes('/lib/node_modules/') ||
+        currentPath.includes('\\node_modules\\') ||
+        currentPath.includes('/node_modules/commandmate'));
+}
+/**
+ * Get the config directory path
+ * Issue #119: Returns ~/.commandmate for global, cwd for local
+ * Issue #125: Added symlink resolution for security (path traversal protection)
+ * Issue #136: Extracted to avoid circular imports
+ *
+ * @returns Path to config directory (absolute, with symlinks resolved)
+ * @throws Error if config directory resolves outside home directory (for global install)
+ *
+ * @example
+ * ```typescript
+ * const configDir = getConfigDir();
+ * // Global: /Users/username/.commandmate
+ * // Local: /path/to/project (resolved from symlinks)
+ * ```
+ */
+function getConfigDir() {
+    if (isGlobalInstall()) {
+        const configDir = (0, path_1.join)((0, os_1.homedir)(), '.commandmate');
+        // Verify config directory is within home directory (security check)
+        // Only validate if the directory exists (it may not exist yet during init)
+        if ((0, fs_1.existsSync)(configDir)) {
+            const realPath = (0, fs_1.realpathSync)(configDir);
+            const realHome = (0, fs_1.realpathSync)((0, os_1.homedir)());
+            if (!realPath.startsWith(realHome)) {
+                throw new Error(`Security error: Config directory ${configDir} is outside home directory`);
+            }
+            return realPath;
+        }
+        return configDir;
+    }
+    // Local install - resolve symlinks in cwd
+    const cwd = process.cwd();
+    return (0, fs_1.realpathSync)(cwd);
+}
+/**
+ * Ensure the config directory exists with proper permissions
+ * Issue #136: Utility for creating config directory if needed
+ *
+ * @returns Path to config directory (created if needed)
+ */
+function ensureConfigDir() {
+    const configDir = isGlobalInstall()
+        ? (0, path_1.join)((0, os_1.homedir)(), '.commandmate')
+        : process.cwd();
+    if (!(0, fs_1.existsSync)(configDir)) {
+        (0, fs_1.mkdirSync)(configDir, { recursive: true, mode: 0o700 });
+    }
+    return getConfigDir();
+}

package/dist/server/src/config/system-directories.js

@@ -0,0 +1,40 @@
+"use strict";
+/**
+ * System Directories Configuration
+ * Issue #135: DB path resolution logic fix
+ *
+ * Centralized list of system directories that are not allowed for DB storage.
+ * This supports security measures SEC-001, SEC-002, SEC-005.
+ *
+ * @module system-directories
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SYSTEM_DIRECTORIES = void 0;
+exports.isSystemDirectory = isSystemDirectory;
+/**
+ * System directories that are not allowed for DB storage
+ *
+ * SEC-001: System directory protection
+ * These directories are protected to prevent writing database files
+ * to critical system paths which could cause security issues.
+ */
+exports.SYSTEM_DIRECTORIES = [
+    '/etc',
+    '/usr',
+    '/bin',
+    '/sbin',
+    '/var',
+    '/tmp',
+    '/dev',
+    '/sys',
+    '/proc',
+];
+/**
+ * Check if a path is within a system directory
+ *
+ * @param resolvedPath - The resolved absolute path to check
+ * @returns true if the path is within a system directory
+ */
+function isSystemDirectory(resolvedPath) {
+    return exports.SYSTEM_DIRECTORIES.some((dir) => resolvedPath.startsWith(dir));
+}