jettypod 4.3.0 → 4.4.1

package/lib/safe-delete.js

@@ -0,0 +1,794 @@
+/**
+ * Safe Delete Module
+ *
+ * Provides safe wrappers around fs deletion operations with:
+ * - Path validation to prevent catastrophic deletions
+ * - Audit logging for forensic analysis
+ * - Boundary enforcement (only delete within allowed paths)
+ *
+ * NEVER bypass these functions with direct fs.rmSync() calls.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+/**
+ * Forbidden paths that should NEVER be deleted
+ */
+const FORBIDDEN_PATHS = [
+  '/',
+  '/bin',
+  '/sbin',
+  '/usr',
+  '/etc',
+  '/var',
+  '/tmp',
+  '/home',
+  '/Users',
+  '/System',
+  '/Library',
+  '/Applications',
+  os.homedir(),
+];
+
+/**
+ * Allowed path patterns for deletion
+ * Paths must match one of these patterns to be deletable
+ */
+const ALLOWED_PATTERNS = [
+  /^\/tmp\/jettypod-test-/,           // Test directories
+  /^\/var\/folders\/.*\/jettypod-test-/, // macOS temp directories
+  /\.jettypod-work\//,                 // Worktree directories
+  /\.jettypod-trash\//,                // Trash directories
+  /\.jettypod\/.*\.backup/,            // Backup directories
+  /\.git\/jettypod-backups\//,         // Git-stored backups
+];
+
+/**
+ * Deletion log entry
+ */
+function logDeletion(targetPath, operation, success, error = null, metadata = {}) {
+  const logEntry = {
+    timestamp: new Date().toISOString(),
+    operation,
+    path: targetPath,
+    success,
+    error: error ? error.message : null,
+    pid: process.pid,
+    cwd: process.cwd(),
+    ...metadata
+  };
+
+  // Try to write to .jettypod/deletion-log.json
+  try {
+    const logDir = path.join(process.cwd(), '.jettypod');
+    const logPath = path.join(logDir, 'deletion-log.json');
+
+    let logs = [];
+    if (fs.existsSync(logPath)) {
+      try {
+        logs = JSON.parse(fs.readFileSync(logPath, 'utf8'));
+      } catch {
+        logs = [];
+      }
+    }
+
+    logs.push(logEntry);
+
+    // Keep only last 1000 entries
+    if (logs.length > 1000) {
+      logs = logs.slice(-1000);
+    }
+
+    if (fs.existsSync(logDir)) {
+      fs.writeFileSync(logPath, JSON.stringify(logs, null, 2));
+    }
+  } catch {
+    // Logging failure should not block operation
+    console.warn('Warning: Could not write to deletion log');
+  }
+
+  return logEntry;
+}
+
+/**
+ * Validate that a path is safe to delete
+ *
+ * @param {string} targetPath - Path to validate
+ * @param {string} gitRoot - Git repository root (optional, for additional validation)
+ * @returns {Object} { safe: boolean, reason: string }
+ */
+function validatePath(targetPath, gitRoot = null) {
+  if (!targetPath || typeof targetPath !== 'string') {
+    return { safe: false, reason: 'Invalid path: must be a non-empty string' };
+  }
+
+  // Resolve to absolute path
+  const resolved = path.resolve(targetPath);
+
+  // Check against forbidden paths
+  for (const forbidden of FORBIDDEN_PATHS) {
+    if (resolved === forbidden || resolved === path.resolve(forbidden)) {
+      return { safe: false, reason: `Forbidden path: ${forbidden}` };
+    }
+  }
+
+  // Check if path is the home directory or a direct child
+  const home = os.homedir();
+  if (resolved === home) {
+    return { safe: false, reason: 'Cannot delete home directory' };
+  }
+
+  // Prevent deleting direct children of home (e.g., ~/Documents, ~/Desktop)
+  const homeChildren = ['Documents', 'Desktop', 'Downloads', 'Pictures', 'Music', 'Movies', 'Library', 'Applications'];
+  for (const child of homeChildren) {
+    if (resolved === path.join(home, child)) {
+      return { safe: false, reason: `Cannot delete home subdirectory: ${child}` };
+    }
+  }
+
+  // If gitRoot is provided, ensure we're not deleting it or its parents
+  if (gitRoot) {
+    const resolvedGitRoot = path.resolve(gitRoot);
+
+    // Cannot delete the git root itself
+    if (resolved === resolvedGitRoot) {
+      return { safe: false, reason: 'Cannot delete repository root' };
+    }
+
+    // Cannot delete parent of git root
+    if (resolvedGitRoot.startsWith(resolved + path.sep)) {
+      return { safe: false, reason: 'Cannot delete parent of repository root' };
+    }
+  }
+
+  // Check if path matches allowed patterns
+  let matchesAllowed = false;
+  for (const pattern of ALLOWED_PATTERNS) {
+    if (pattern.test(resolved)) {
+      matchesAllowed = true;
+      break;
+    }
+  }
+
+  // If in test environment, allow /tmp paths
+  if (process.env.NODE_ENV === 'test' && resolved.startsWith('/tmp/')) {
+    matchesAllowed = true;
+  }
+
+  // If path doesn't match allowed patterns, require it to be within gitRoot/.jettypod-work
+  if (!matchesAllowed && gitRoot) {
+    const worktreeBase = path.join(path.resolve(gitRoot), '.jettypod-work');
+    if (!resolved.startsWith(worktreeBase)) {
+      return {
+        safe: false,
+        reason: `Path not in allowed location. Must be in .jettypod-work/ or match allowed patterns`
+      };
+    }
+    matchesAllowed = true;
+  }
+
+  if (!matchesAllowed) {
+    return { safe: false, reason: 'Path does not match any allowed patterns' };
+  }
+
+  return { safe: true, reason: 'Path validated successfully' };
+}
+
+/**
+ * Count files and directories that would be deleted
+ *
+ * @param {string} targetPath - Path to count
+ * @returns {Object} { files: number, directories: number, total: number }
+ */
+function countContents(targetPath) {
+  let files = 0;
+  let directories = 0;
+
+  function traverse(currentPath) {
+    try {
+      const stats = fs.lstatSync(currentPath);
+
+      if (stats.isDirectory()) {
+        directories++;
+        const entries = fs.readdirSync(currentPath);
+        for (const entry of entries) {
+          traverse(path.join(currentPath, entry));
+        }
+      } else {
+        files++;
+      }
+    } catch {
+      // Ignore errors during counting
+    }
+  }
+
+  if (fs.existsSync(targetPath)) {
+    traverse(targetPath);
+  }
+
+  return { files, directories, total: files + directories };
+}
+
+/**
+ * Safely remove a file
+ *
+ * @param {string} targetPath - Path to file to delete
+ * @param {Object} options - Options
+ * @param {string} options.gitRoot - Git repository root for validation
+ * @returns {Object} { success: boolean, error?: string }
+ */
+function safeUnlink(targetPath, options = {}) {
+  const validation = validatePath(targetPath, options.gitRoot);
+
+  if (!validation.safe) {
+    const error = new Error(`SAFETY: Cannot delete file - ${validation.reason}`);
+    logDeletion(targetPath, 'unlink', false, error);
+    return { success: false, error: validation.reason };
+  }
+
+  try {
+    fs.unlinkSync(targetPath);
+    logDeletion(targetPath, 'unlink', true);
+    return { success: true };
+  } catch (err) {
+    logDeletion(targetPath, 'unlink', false, err);
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Safely remove a directory (non-recursive)
+ *
+ * @param {string} targetPath - Path to directory to delete
+ * @param {Object} options - Options
+ * @param {string} options.gitRoot - Git repository root for validation
+ * @returns {Object} { success: boolean, error?: string }
+ */
+function safeRmdir(targetPath, options = {}) {
+  const validation = validatePath(targetPath, options.gitRoot);
+
+  if (!validation.safe) {
+    const error = new Error(`SAFETY: Cannot delete directory - ${validation.reason}`);
+    logDeletion(targetPath, 'rmdir', false, error);
+    return { success: false, error: validation.reason };
+  }
+
+  try {
+    fs.rmdirSync(targetPath);
+    logDeletion(targetPath, 'rmdir', true);
+    return { success: true };
+  } catch (err) {
+    logDeletion(targetPath, 'rmdir', false, err);
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Safely remove a directory recursively
+ *
+ * This is the ONLY safe way to recursively delete directories.
+ * NEVER use fs.rmSync() directly with { recursive: true }.
+ *
+ * @param {string} targetPath - Path to directory to delete
+ * @param {Object} options - Options
+ * @param {string} options.gitRoot - Git repository root for validation (REQUIRED)
+ * @param {number} options.maxCount - Maximum files/dirs to delete without confirmation (default: 100)
+ * @param {boolean} options.force - Force deletion even if count exceeds threshold
+ * @returns {Object} { success: boolean, error?: string, count?: Object }
+ */
+function safeRmRecursive(targetPath, options = {}) {
+  const { gitRoot, maxCount = 100, force = false } = options;
+
+  // Require gitRoot for recursive deletes
+  if (!gitRoot) {
+    const error = new Error('SAFETY: gitRoot is required for recursive deletes');
+    logDeletion(targetPath, 'rmRecursive', false, error);
+    return { success: false, error: error.message };
+  }
+
+  const validation = validatePath(targetPath, gitRoot);
+
+  if (!validation.safe) {
+    const error = new Error(`SAFETY: Cannot delete directory - ${validation.reason}`);
+    logDeletion(targetPath, 'rmRecursive', false, error);
+    return { success: false, error: validation.reason };
+  }
+
+  // Count contents before deletion
+  const count = countContents(targetPath);
+
+  // Check threshold
+  if (count.total > maxCount && !force) {
+    const error = new Error(
+      `SAFETY: Refusing to delete ${count.total} items (${count.files} files, ${count.directories} dirs). ` +
+      `Use force: true to override.`
+    );
+    logDeletion(targetPath, 'rmRecursive', false, error, { count });
+    return { success: false, error: error.message, count };
+  }
+
+  try {
+    // Do NOT use force: true - we want errors to surface
+    fs.rmSync(targetPath, { recursive: true });
+    logDeletion(targetPath, 'rmRecursive', true, null, { count });
+    return { success: true, count };
+  } catch (err) {
+    logDeletion(targetPath, 'rmRecursive', false, err, { count });
+    return { success: false, error: err.message, count };
+  }
+}
+
+/**
+ * Check if we're running from within a worktree
+ *
+ * @returns {boolean} True if current directory is inside a worktree
+ */
+function isInWorktree() {
+  try {
+    const { execSync } = require('child_process');
+    const gitDir = execSync('git rev-parse --git-dir', {
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'pipe']
+    }).trim();
+
+    return gitDir.includes('.jettypod-work') || (gitDir !== '.git' && !gitDir.endsWith('/.git'));
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Ensure we're not running from within a worktree
+ * Throws an error if we are.
+ *
+ * @throws {Error} If running from within a worktree
+ */
+function ensureNotInWorktree() {
+  if (isInWorktree()) {
+    throw new Error('SAFETY: Cannot run destructive operations from within a worktree. ' +
+      'Please change to the main repository directory.');
+  }
+}
+
+/**
+ * Get the main repository root, even if we're in a worktree
+ *
+ * @returns {string|null} Path to main repository root, or null if not in a git repo
+ */
+function getMainRepoRoot() {
+  try {
+    const { execSync } = require('child_process');
+
+    // Get the git common dir (points to main repo even in worktrees)
+    const commonDir = execSync('git rev-parse --git-common-dir', {
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'pipe']
+    }).trim();
+
+    // Common dir is the .git directory, so get its parent
+    if (commonDir === '.git') {
+      return process.cwd();
+    }
+
+    return path.dirname(path.resolve(commonDir));
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * SAFETY: Validate that a path is safe to delete in test context
+ * Only allows deletion of paths in temp directories with test-related names
+ *
+ * @param {string} dirPath - Path to validate
+ * @returns {boolean} True if path is safe to delete in test context
+ */
+function isSafeTestPath(dirPath) {
+  const resolved = path.resolve(dirPath);
+  const tempDir = os.tmpdir();
+
+  // Must be in temp directory
+  const isInTemp = resolved.startsWith(path.resolve(tempDir)) ||
+                   resolved.startsWith('/var/folders') ||
+                   resolved.startsWith('/tmp');
+
+  // Must have test-related name
+  const basename = path.basename(resolved);
+  const hasTestName = basename.includes('test') ||
+                      basename.includes('jettypod-test') ||
+                      basename.startsWith('tmp');
+
+  return isInTemp && hasTestName;
+}
+
+/**
+ * Safely cleanup a test directory
+ * Only deletes directories that are in temp and have test-related names
+ *
+ * @param {string} testDir - Path to test directory to cleanup
+ * @returns {Object} { success: boolean, error?: string }
+ */
+function safeTestCleanup(testDir) {
+  if (!testDir || typeof testDir !== 'string') {
+    return { success: false, error: 'Invalid test directory path' };
+  }
+
+  if (!fs.existsSync(testDir)) {
+    return { success: true }; // Already gone
+  }
+
+  if (!isSafeTestPath(testDir)) {
+    const error = `SAFETY: Refusing to delete ${testDir} - not a valid test directory`;
+    console.warn(error);
+    return { success: false, error };
+  }
+
+  try {
+    fs.rmSync(testDir, { recursive: true });
+    logDeletion(testDir, 'safeTestCleanup', true);
+    return { success: true };
+  } catch (err) {
+    logDeletion(testDir, 'safeTestCleanup', false, err);
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Get the trash directory path for a given git root
+ *
+ * @param {string} gitRoot - Git repository root
+ * @returns {string} Path to trash directory
+ */
+function getTrashDir(gitRoot) {
+  return path.join(gitRoot, '.jettypod-trash');
+}
+
+/**
+ * Move a file or directory to trash instead of deleting
+ *
+ * @param {string} targetPath - Path to move to trash
+ * @param {Object} options - Options
+ * @param {string} options.gitRoot - Git repository root (REQUIRED)
+ * @returns {Object} { success: boolean, trashPath?: string, error?: string }
+ */
+function moveToTrash(targetPath, options = {}) {
+  const { gitRoot } = options;
+
+  if (!gitRoot) {
+    return { success: false, error: 'SAFETY: gitRoot is required for trash operations' };
+  }
+
+  if (!fs.existsSync(targetPath)) {
+    return { success: false, error: 'Path does not exist' };
+  }
+
+  const validation = validatePath(targetPath, gitRoot);
+  if (!validation.safe) {
+    logDeletion(targetPath, 'moveToTrash', false, new Error(validation.reason));
+    return { success: false, error: validation.reason };
+  }
+
+  const trashDir = getTrashDir(gitRoot);
+
+  // Create trash directory if it doesn't exist
+  if (!fs.existsSync(trashDir)) {
+    fs.mkdirSync(trashDir, { recursive: true });
+  }
+
+  // Generate unique trash item name with timestamp and original path
+  const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+  const originalName = path.basename(targetPath);
+  const relativePath = path.relative(gitRoot, targetPath);
+  const sanitizedRelativePath = relativePath.replace(/\//g, '__');
+  const trashItemName = `${timestamp}__${sanitizedRelativePath}`;
+  const trashPath = path.join(trashDir, trashItemName);
+
+  // Create metadata file
+  const metadataPath = trashPath + '.meta.json';
+  const metadata = {
+    originalPath: targetPath,
+    relativePath: relativePath,
+    trashedAt: new Date().toISOString(),
+    isDirectory: fs.statSync(targetPath).isDirectory()
+  };
+
+  try {
+    // Move to trash
+    fs.renameSync(targetPath, trashPath);
+
+    // Write metadata
+    fs.writeFileSync(metadataPath, JSON.stringify(metadata, null, 2));
+
+    logDeletion(targetPath, 'moveToTrash', true, null, {
+      trashPath,
+      metadata
+    });
+
+    return { success: true, trashPath, metadata };
+  } catch (err) {
+    // If rename fails (cross-device), try copy + delete
+    try {
+      const { execSync } = require('child_process');
+      execSync(`cp -R "${targetPath}" "${trashPath}"`, { stdio: 'pipe' });
+      fs.rmSync(targetPath, { recursive: true });
+      fs.writeFileSync(metadataPath, JSON.stringify(metadata, null, 2));
+
+      logDeletion(targetPath, 'moveToTrash', true, null, {
+        trashPath,
+        metadata,
+        crossDevice: true
+      });
+
+      return { success: true, trashPath, metadata };
+    } catch (copyErr) {
+      logDeletion(targetPath, 'moveToTrash', false, copyErr);
+      return { success: false, error: copyErr.message };
+    }
+  }
+}
+
+/**
+ * List items in trash
+ *
+ * @param {string} gitRoot - Git repository root
+ * @returns {Array} List of trash items with metadata
+ */
+function listTrash(gitRoot) {
+  const trashDir = getTrashDir(gitRoot);
+
+  if (!fs.existsSync(trashDir)) {
+    return [];
+  }
+
+  const items = [];
+  const entries = fs.readdirSync(trashDir);
+
+  for (const entry of entries) {
+    // Skip metadata files
+    if (entry.endsWith('.meta.json')) continue;
+
+    const trashPath = path.join(trashDir, entry);
+    const metadataPath = trashPath + '.meta.json';
+
+    let metadata = {};
+    if (fs.existsSync(metadataPath)) {
+      try {
+        metadata = JSON.parse(fs.readFileSync(metadataPath, 'utf8'));
+      } catch {
+        // Corrupted metadata, construct from filename
+        const parts = entry.split('__');
+        metadata = {
+          trashedAt: parts[0] ? parts[0].replace(/-/g, ':').replace(/T(\d+):(\d+):(\d+)/, 'T$1:$2:$3') : 'unknown',
+          relativePath: parts.slice(1).join('/'),
+          originalPath: 'unknown'
+        };
+      }
+    }
+
+    const stat = fs.statSync(trashPath);
+
+    items.push({
+      name: entry,
+      trashPath,
+      originalPath: metadata.originalPath || 'unknown',
+      relativePath: metadata.relativePath || entry,
+      trashedAt: metadata.trashedAt ? new Date(metadata.trashedAt) : stat.mtime,
+      isDirectory: stat.isDirectory(),
+      size: stat.isDirectory() ? countContents(trashPath).total : stat.size
+    });
+  }
+
+  // Sort by trashed date, newest first
+  return items.sort((a, b) => b.trashedAt - a.trashedAt);
+}
+
+/**
+ * Restore an item from trash
+ *
+ * @param {string} gitRoot - Git repository root
+ * @param {string} trashItemName - Name of trash item to restore (or 'latest')
+ * @param {Object} options - Options
+ * @param {string} options.restoreTo - Custom restore path (optional)
+ * @returns {Object} { success: boolean, restoredTo?: string, error?: string }
+ */
+function restoreFromTrash(gitRoot, trashItemName = 'latest', options = {}) {
+  const trashDir = getTrashDir(gitRoot);
+  const trashItems = listTrash(gitRoot);
+
+  if (trashItems.length === 0) {
+    return { success: false, error: 'Trash is empty' };
+  }
+
+  let item;
+  if (trashItemName === 'latest') {
+    item = trashItems[0];
+  } else {
+    item = trashItems.find(i => i.name === trashItemName || i.relativePath === trashItemName);
+  }
+
+  if (!item) {
+    return { success: false, error: `Trash item not found: ${trashItemName}` };
+  }
+
+  // Determine restore path
+  const restorePath = options.restoreTo || item.originalPath;
+
+  // Check if restore path already exists
+  if (fs.existsSync(restorePath)) {
+    return {
+      success: false,
+      error: `Cannot restore - path already exists: ${restorePath}`
+    };
+  }
+
+  // Ensure parent directory exists
+  const parentDir = path.dirname(restorePath);
+  if (!fs.existsSync(parentDir)) {
+    fs.mkdirSync(parentDir, { recursive: true });
+  }
+
+  try {
+    // Move from trash back to original location
+    fs.renameSync(item.trashPath, restorePath);
+
+    // Remove metadata file
+    const metadataPath = item.trashPath + '.meta.json';
+    if (fs.existsSync(metadataPath)) {
+      fs.unlinkSync(metadataPath);
+    }
+
+    logDeletion(restorePath, 'restoreFromTrash', true, null, {
+      trashPath: item.trashPath,
+      originalPath: item.originalPath
+    });
+
+    return { success: true, restoredTo: restorePath };
+  } catch (err) {
+    // If rename fails (cross-device), try copy + delete
+    try {
+      const { execSync } = require('child_process');
+      execSync(`cp -R "${item.trashPath}" "${restorePath}"`, { stdio: 'pipe' });
+      fs.rmSync(item.trashPath, { recursive: true });
+
+      const metadataPath = item.trashPath + '.meta.json';
+      if (fs.existsSync(metadataPath)) {
+        fs.unlinkSync(metadataPath);
+      }
+
+      logDeletion(restorePath, 'restoreFromTrash', true, null, {
+        trashPath: item.trashPath,
+        crossDevice: true
+      });
+
+      return { success: true, restoredTo: restorePath };
+    } catch (copyErr) {
+      return { success: false, error: copyErr.message };
+    }
+  }
+}
+
+/**
+ * Purge old items from trash
+ *
+ * @param {string} gitRoot - Git repository root
+ * @param {Object} options - Options
+ * @param {number} options.maxAgeHours - Maximum age in hours (default: 24)
+ * @param {boolean} options.dryRun - If true, only list what would be purged
+ * @returns {Object} { success: boolean, purged: Array, errors: Array }
+ */
+function purgeOldTrash(gitRoot, options = {}) {
+  const { maxAgeHours = 24, dryRun = false } = options;
+  const trashItems = listTrash(gitRoot);
+  const cutoffTime = new Date(Date.now() - (maxAgeHours * 60 * 60 * 1000));
+
+  const toPurge = trashItems.filter(item => item.trashedAt < cutoffTime);
+  const purged = [];
+  const errors = [];
+
+  for (const item of toPurge) {
+    if (dryRun) {
+      purged.push({
+        name: item.name,
+        originalPath: item.originalPath,
+        trashedAt: item.trashedAt,
+        dryRun: true
+      });
+      continue;
+    }
+
+    try {
+      fs.rmSync(item.trashPath, { recursive: true });
+
+      const metadataPath = item.trashPath + '.meta.json';
+      if (fs.existsSync(metadataPath)) {
+        fs.unlinkSync(metadataPath);
+      }
+
+      purged.push({
+        name: item.name,
+        originalPath: item.originalPath,
+        trashedAt: item.trashedAt
+      });
+
+      logDeletion(item.trashPath, 'purgeTrash', true, null, {
+        originalPath: item.originalPath,
+        age: Math.round((Date.now() - item.trashedAt.getTime()) / (60 * 60 * 1000)) + ' hours'
+      });
+    } catch (err) {
+      errors.push({
+        name: item.name,
+        error: err.message
+      });
+    }
+  }
+
+  return {
+    success: errors.length === 0,
+    purged,
+    errors,
+    remaining: trashItems.length - toPurge.length
+  };
+}
+
+/**
+ * Empty the entire trash
+ *
+ * @param {string} gitRoot - Git repository root
+ * @returns {Object} { success: boolean, count: number, error?: string }
+ */
+function emptyTrash(gitRoot) {
+  const trashDir = getTrashDir(gitRoot);
+
+  if (!fs.existsSync(trashDir)) {
+    return { success: true, count: 0 };
+  }
+
+  const trashItems = listTrash(gitRoot);
+  let count = 0;
+
+  for (const item of trashItems) {
+    try {
+      fs.rmSync(item.trashPath, { recursive: true });
+
+      const metadataPath = item.trashPath + '.meta.json';
+      if (fs.existsSync(metadataPath)) {
+        fs.unlinkSync(metadataPath);
+      }
+
+      count++;
+    } catch (err) {
+      // Log but continue
+      console.warn(`Warning: Could not remove ${item.name}: ${err.message}`);
+    }
+  }
+
+  logDeletion(trashDir, 'emptyTrash', true, null, { itemsRemoved: count });
+
+  return { success: true, count };
+}
+
+module.exports = {
+  validatePath,
+  countContents,
+  safeUnlink,
+  safeRmdir,
+  safeRmRecursive,
+  isInWorktree,
+  ensureNotInWorktree,
+  getMainRepoRoot,
+  logDeletion,
+  isSafeTestPath,
+  safeTestCleanup,
+  // Trash functionality
+  getTrashDir,
+  moveToTrash,
+  listTrash,
+  restoreFromTrash,
+  purgeOldTrash,
+  emptyTrash,
+  // Export constants for testing
+  FORBIDDEN_PATHS,
+  ALLOWED_PATTERNS
+};