tina4-nodejs 3.12.10 → 3.13.1

package/packages/core/src/mcp.ts

@@ -17,6 +17,7 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
 import * as os from "node:os";
+import { spawnSync } from "node:child_process";
 
 // ── Types ─────────────────────────────────────────────────────
 
@@ -562,6 +563,217 @@ function redactEnv(key: string, value: string): string {
   return value;
 }
 
+// ── Defensive write helpers (mirrors tina4-python tools.py) ──
+//
+// Five layered guards wrap `file_write` and `file_patch`:
+//   1. agentLog — structured audit log at .tina4/agent.log + stderr
+//   2. looksLikeProse — reject sentences-as-filenames (AI mishap)
+//   3. normalizeCoderPath — rewrite bare routes/, orm/, ... to src/<dir>/
+//   4. agentBackup — copy pre-write content to .tina4/backups/
+//   5. truncation guard (inline in file_write) — refuse suspicious shrinkage
+
+/**
+ * Append a structured line to `.tina4/agent.log` AND echo to stderr.
+ * Cheap — never blocks the caller on I/O failure.
+ */
+function agentLog(projectRoot: string, category: string, message: string): void {
+  try {
+    const logDir = path.join(projectRoot, ".tina4");
+    if (!fs.existsSync(logDir)) {
+      fs.mkdirSync(logDir, { recursive: true });
+    }
+    const logPath = path.join(logDir, "agent.log");
+    const ts = new Date().toISOString().replace(/\..+/, "Z");
+    fs.appendFileSync(logPath, `${ts} [${category}] ${message}\n`, "utf-8");
+  } catch {
+    // logging must never fail the actual call
+  }
+  process.stderr.write(`  [agent ${category}] ${message}\n`);
+}
+
+const SANE_PATH_SEGMENT = /^[A-Za-z0-9._\-]+$/;
+
+/**
+ * Return an error string if the path looks like prose, else null.
+ * AI agents sometimes pass natural language as `path` to file_write
+ * and produce folders with prose names — catch the slip here.
+ */
+function looksLikeProse(relPath: string): string | null {
+  if (!relPath || !relPath.trim()) {
+    return "path is empty";
+  }
+  if (relPath.length > 300) {
+    return `path too long (${relPath.length} chars); use a real filename`;
+  }
+  const badSequences = ["`", "\n", "\t", "  ", " — ", " (", " [", "?", "*", "<", ">", "|"];
+  for (const bad of badSequences) {
+    if (relPath.includes(bad)) {
+      return `path contains illegal character sequence ${JSON.stringify(bad)} — looks like prose, not a filename`;
+    }
+  }
+  for (const seg of relPath.split("/")) {
+    if (!seg || seg === "." || seg === "..") {
+      continue;
+    }
+    if (seg.length > 80) {
+      return `path segment too long: ${JSON.stringify(seg.slice(0, 60))}… — use a short filename`;
+    }
+    if (!SANE_PATH_SEGMENT.test(seg)) {
+      return `path segment ${JSON.stringify(seg)} contains disallowed characters — stick to [A-Za-z0-9._-]`;
+    }
+  }
+  return null;
+}
+
+/**
+ * Rewrite bare top-level Tina4-conventional directories into their
+ * `src/<dir>/` canonical form. The framework's auto-discovery only
+ * scans `src/`, so a file at `templates/foo.twig` is dead weight —
+ * the framework never loads it. Mirrors Python's _normalize_coder_path.
+ */
+function normalizeCoderPath(projectRoot: string, relPath: string): string {
+  const passthroughPrefixes = ["src/", "migrations/", "plan/", "tests/", "test/", ".tina4/"];
+  const passthroughFiles = new Set([
+    "app.py", "app.ts", "app.rb", "index.php",
+    "composer.json", "package.json", "Gemfile",
+    "pyproject.toml", "requirements.txt",
+    ".env", ".env.example",
+  ]);
+  if (passthroughPrefixes.some((p) => relPath.startsWith(p))) {
+    return relPath;
+  }
+  if (passthroughFiles.has(relPath)) {
+    return relPath;
+  }
+  const bareDirs = ["routes", "orm", "templates", "seeds", "controllers", "models", "middleware"];
+  for (const d of bareDirs) {
+    if (relPath.startsWith(`${d}/`)) {
+      const rewritten = `src/${relPath}`;
+      agentLog(projectRoot, "write.path_normalized", `${relPath} → ${rewritten}`);
+      return rewritten;
+    }
+  }
+  return relPath;
+}
+
+/**
+ * Copy `target` into `.tina4/backups/` with a timestamped name.
+ * Returns the relative backup path on success, null on failure.
+ */
+function agentBackup(projectRoot: string, target: string): string | null {
+  try {
+    if (!fs.existsSync(target) || !fs.statSync(target).isFile()) {
+      return null;
+    }
+    const backupDir = path.join(projectRoot, ".tina4", "backups");
+    if (!fs.existsSync(backupDir)) {
+      fs.mkdirSync(backupDir, { recursive: true });
+    }
+    let rel = path.relative(projectRoot, target);
+    if (rel.startsWith("..") || path.isAbsolute(rel)) {
+      rel = path.basename(target);
+    }
+    const safe = rel.replace(/[/\\]/g, "__");
+    const ts = new Date().toISOString().replace(/:/g, "-").replace(/\..+/, "Z");
+    const backupName = `${safe}.${ts}.bak`;
+    const backupPath = path.join(backupDir, backupName);
+    fs.writeFileSync(backupPath, fs.readFileSync(target));
+    return `.tina4/backups/${backupName}`;
+  } catch (e) {
+    agentLog(projectRoot, "write.backup_failed", `${target}: ${(e as Error).message}`);
+    return null;
+  }
+}
+
+/**
+ * Try syntax-checking a freshly-written JS/TS module to catch
+ * hallucinated framework APIs and broken syntax BEFORE the next
+ * request hits the broken handler. Mirrors Python's _verify_python_import.
+ *
+ * Returns null on success, or the captured error string on failure.
+ *
+ * - Only checks files under `src/` with extensions .js / .ts / .mjs / .cjs.
+ * - Skips test files (*.test.{ts,js}, *.spec.{ts,js}) — they have their
+ *   own loading patterns and would fail single-file type checking.
+ * - .js / .mjs / .cjs → `node --check <file>` (fast, exit 0 = OK).
+ * - .ts → `npx --no-install tsc --noEmit --allowJs --skipLibCheck <file>`.
+ *   If tsc isn't available locally, returns null (don't block the write).
+ * - Uses spawnSync with 5-second timeout so a hung subprocess never
+ *   blocks the MCP server.
+ */
+function verifyNodeSyntax(absPath: string, relPath: string): string | null {
+  if (!relPath.startsWith("src/")) {
+    return null;
+  }
+  const ext = path.extname(relPath).toLowerCase();
+  if (![".js", ".ts", ".mjs", ".cjs"].includes(ext)) {
+    return null;
+  }
+  const base = path.basename(relPath);
+  if (/\.(test|spec)\.(ts|js|mjs|cjs)$/.test(base)) {
+    return null;
+  }
+
+  let cmd: string;
+  let args: string[];
+  if (ext === ".ts") {
+    cmd = "npx";
+    args = ["--no-install", "tsc", "--noEmit", "--allowJs", "--skipLibCheck", absPath];
+  } else {
+    cmd = "node";
+    args = ["--check", absPath];
+  }
+
+  let proc;
+  try {
+    proc = spawnSync(cmd, args, {
+      encoding: "utf-8",
+      timeout: 5000,
+      cwd: path.dirname(path.dirname(absPath)),
+    });
+  } catch (e) {
+    return `verification subprocess failed: ${(e as Error).message}`;
+  }
+
+  // npx may fail to find tsc — gracefully return null instead of blocking.
+  if (ext === ".ts" && (proc.error || proc.status === null || proc.status === 127)) {
+    return null;
+  }
+  if (proc.error) {
+    return `verification subprocess failed: ${proc.error.message}`;
+  }
+  if (proc.status === 0) {
+    return null;
+  }
+
+  // Errors land on stderr for `node --check`, stdout for tsc.
+  const raw = (ext === ".ts" ? (proc.stdout || "") + (proc.stderr || "") : (proc.stderr || "") + (proc.stdout || "")).trim();
+  // npx placeholder when tsc isn't installed locally — bail silently
+  // rather than block the write with a meaningless banner.
+  if (ext === ".ts" && raw.includes("This is not the tsc command")) {
+    return null;
+  }
+  if (!raw) {
+    return `syntax check failed (exit ${proc.status}, no output)`;
+  }
+  const lines = raw.split(/\r?\n/).map((l) => l.trim()).filter(Boolean);
+  if (lines.length === 0) {
+    return `syntax check failed (exit ${proc.status})`;
+  }
+  // Strip the absolute path prefix from the first meaningful line so the
+  // LLM sees a stable, project-relative error message.
+  const stripPath = (line: string): string => line.replace(absPath, relPath);
+  // For tsc: the first line is usually "src/foo.ts(3,5): error TS1109: ...".
+  // For node --check: the first line is the file path; the actual error is
+  // a later "SyntaxError: ..." line. Pick the most informative line.
+  for (const line of lines) {
+    if (/error|SyntaxError|TS\d+/i.test(line)) {
+      return stripPath(line);
+    }
+  }
+  return stripPath(lines[0]);
+}
+
 /**
  * Register all 24 built-in dev tools on the given McpServer.
  */
@@ -734,15 +946,63 @@ export function registerDevTools(server: McpServer): void {
   server.registerTool(
     "file_write",
     (args) => {
-      const p = safePath(projectRoot, args.path as string);
+      let rawPath = (args.path as string) || "";
+      // 1. Prose check first — before path resolution.
+      const proseErr = looksLikeProse(rawPath);
+      if (proseErr) {
+        return { error: `Invalid path ${JSON.stringify(rawPath)}: ${proseErr}` };
+      }
+      // 2. Coder-path normalization — rewrite bare top-level
+      //    Tina4 dirs (templates/, routes/, ...) into src/.
+      rawPath = normalizeCoderPath(projectRoot, rawPath);
+      // 3. Safe path resolution (sandbox check — throws on escape).
+      const p = safePath(projectRoot, rawPath);
+      // 4. Compute old/new sizes for truncation guard + audit log.
+      const oldBytes = fs.existsSync(p) && fs.statSync(p).isFile()
+        ? fs.readFileSync(p)
+        : Buffer.alloc(0);
+      const oldSize = oldBytes.length;
+      const oldLines = (oldBytes.toString("utf-8").match(/\n/g) || []).length;
+      const content = args.content as string;
+      const newBytes = Buffer.from(content, "utf-8");
+      const newSize = newBytes.length;
+      const newLines = (content.match(/\n/g) || []).length;
+      const relPath = path.relative(projectRoot, p);
+
+      // 5. Truncation guard — refuse suspicious shrinkage on non-trivial files.
+      if (oldSize > 200 && newSize * 100 < oldSize * 30) {
+        const msg = `REFUSED ${relPath} (would shrink ${oldSize} → ${newSize} bytes / ` +
+          `${oldLines} → ${newLines} lines, looks truncated)`;
+        agentLog(projectRoot, "write.refused", msg);
+        return { error: msg, refused: true, old_bytes: oldSize, new_bytes: newSize };
+      }
+
+      // 6. Backup before overwrite.
+      const backupRel = oldSize > 0 ? agentBackup(projectRoot, p) : null;
+
+      // 7. Write.
       const dir = path.dirname(p);
       if (!fs.existsSync(dir)) {
         fs.mkdirSync(dir, { recursive: true });
       }
-      const content = args.content as string;
       fs.writeFileSync(p, content, "utf-8");
-      const relPath = path.relative(projectRoot, p);
-      return { written: relPath, bytes: Buffer.byteLength(content, "utf-8") };
+
+      agentLog(projectRoot, "write.ok",
+        `${relPath} (${oldSize}B/${oldLines}L → ${newSize}B/${newLines}L, ` +
+        `backup: ${backupRel || "(no prior file)"})`);
+
+      const result: Record<string, unknown> = { written: relPath, bytes: newSize };
+      if (backupRel) {
+        result.backup = backupRel;
+      }
+      // 8. Post-write syntax verification — catch broken JS/TS inline
+      //    so the LLM sees the error on its next turn.
+      const importErr = verifyNodeSyntax(p, relPath);
+      if (importErr) {
+        result.import_error = importErr;
+        agentLog(projectRoot, "write.import_failed", `${relPath}: ${importErr}`);
+      }
+      return result;
     },
     "Write or update a project file",
     schemaFromParams([
@@ -1178,19 +1438,30 @@ export function registerDevTools(server: McpServer): void {
     "file_patch",
     (args) => {
       try {
-        const rel = (args.path as string) || "";
+        let rel = (args.path as string) || "";
         const oldStr = (args.old_string as string) || "";
         const newStr = (args.new_string as string) || "";
         const count = (args.count as number) || 1;
         const projectRoot = path.resolve(process.cwd());
+
+        // 1. Prose check first — before path resolution.
+        const proseErr = looksLikeProse(rel);
+        if (proseErr) {
+          return { error: `Invalid path ${JSON.stringify(rel)}: ${proseErr}` };
+        }
+        // 2. Coder-path normalization.
+        rel = normalizeCoderPath(projectRoot, rel);
+        // 3. Safe path resolution (sandbox check).
         const resolved = path.resolve(projectRoot, rel);
         if (!resolved.startsWith(projectRoot)) {
           return { error: `Path escapes project directory: ${rel}` };
         }
+        // 4. Existence check.
         if (!fs.existsSync(resolved) || !fs.statSync(resolved).isFile()) {
           return { error: `File not found: ${rel}` };
         }
         const original = fs.readFileSync(resolved, "utf-8");
+        // 5. Match-count guard.
         let occurrences = 0;
         let idx = -1;
         while ((idx = original.indexOf(oldStr, idx + 1)) !== -1) occurrences++;
@@ -1204,13 +1475,37 @@ export function registerDevTools(server: McpServer): void {
         }
         let updated = original;
         for (let i = 0; i < count; i++) updated = updated.replace(oldStr, newStr);
+
+        // 6. Backup before overwrite — same path as file_write so
+        //    recovery is uniform regardless of which tool touched the file.
+        const backupRel = agentBackup(projectRoot, resolved);
+
+        // 7. Write.
         fs.writeFileSync(resolved, updated, "utf-8");
         try { loadPlan().recordAction("patched", rel); } catch { /* best-effort */ }
-        return {
+
+        const oldSize = Buffer.byteLength(original, "utf-8");
+        const newSize = Buffer.byteLength(updated, "utf-8");
+        agentLog(projectRoot, "patch.ok",
+          `${rel} (replaced ${count}× old_string, ${oldSize}B → ${newSize}B, ` +
+          `backup: ${backupRel || "(none)"})`);
+
+        const result: Record<string, unknown> = {
           patched: rel,
           replacements: count,
-          bytes: Buffer.byteLength(updated, "utf-8"),
+          bytes: newSize,
         };
+        if (backupRel) {
+          result.backup = backupRel;
+        }
+        // 8. Post-patch syntax verification — same inline check as
+        //    file_write so a hallucinated edit surfaces immediately.
+        const importErr = verifyNodeSyntax(resolved, rel);
+        if (importErr) {
+          result.import_error = importErr;
+          agentLog(projectRoot, "patch.import_failed", `${rel}: ${importErr}`);
+        }
+        return result;
       } catch (e) {
         return { error: (e as Error).message };
       }

package/packages/core/src/plan.ts

@@ -35,6 +35,9 @@ export interface PlanSummary {
   steps_total: number;
   steps_done: number;
   is_current: boolean;
+  /** Path relative to project root — lets the SPA open the right file
+   *  regardless of which dir the plan came from (plan/ vs .tina4/plans/). */
+  path: string;
 }
 
 export interface ExecutionSummary {
@@ -158,25 +161,63 @@ function loadParsed(name: string): { path: string; plan: ParsedPlan } {
 // ── Plan namespace ────────────────────────────────────────────
 
 export const Plan = {
+  /**
+   * All plan files — merged from `plan/` (user-curated canonical) and
+   * `.tina4/plans/` (where the Rust supervisor's planner writes).
+   *
+   * Two directories exist because of a historic split: the framework
+   * treats `plan/` as the canonical project location, but the Rust agent's
+   * planner writes to `.tina4/plans/` (alongside other AI-state artefacts
+   * like chat history). Until those are unified we read both so plans
+   * created either way are discoverable. Dedup by filename when a plan
+   * exists in both — `plan/` wins on collision.
+   *
+   * Newest-first by filename (Rust planner uses unix-timestamp prefixes).
+   */
   listPlans(): PlanSummary[] {
-    const d = planDir();
+    const root = projectRoot();
     const current = Plan.currentName() || "";
+
+    // Order matters for dedup: user-curated first.
+    const dirs: string[] = [planDir()];
+    const rustPlans = path.join(root, ".tina4", "plans");
+    if (fs.existsSync(rustPlans) && fs.statSync(rustPlans).isDirectory()) {
+      dirs.push(rustPlans);
+    }
+
+    const seen = new Set<string>();
     const out: PlanSummary[] = [];
-    const entries = fs.readdirSync(d).filter((f) => f.endsWith(".md")).sort();
-    for (const name of entries) {
-      const full = path.join(d, name);
-      if (!fs.statSync(full).isFile()) continue;
-      const parsed = parse(fs.readFileSync(full, "utf-8"));
-      const total = parsed.steps.length;
-      const done = parsed.steps.filter((s) => s.done).length;
-      out.push({
-        name,
-        title: parsed.title || name.replace(/\.md$/, ""),
-        steps_total: total,
-        steps_done: done,
-        is_current: name === current,
-      });
+    for (const dir of dirs) {
+      let entries: string[];
+      try {
+        entries = fs.readdirSync(dir).filter((f) => f.endsWith(".md")).sort();
+      } catch {
+        continue;  // dir disappeared between exists() and readdir — skip
+      }
+      for (const name of entries) {
+        if (seen.has(name)) continue;  // plan/ wins over .tina4/plans/ on name clash
+        const full = path.join(dir, name);
+        let stat;
+        try { stat = fs.statSync(full); } catch { continue; }
+        if (!stat.isFile()) continue;
+        seen.add(name);
+        const parsed = parse(fs.readFileSync(full, "utf-8"));
+        const total = parsed.steps.length;
+        const done = parsed.steps.filter((s) => s.done).length;
+        out.push({
+          name,
+          title: parsed.title || name.replace(/\.md$/, ""),
+          steps_total: total,
+          steps_done: done,
+          is_current: name === current,
+          // Relative path from project root — lets the SPA open the right
+          // file in the editor regardless of source dir.
+          path: path.relative(root, full),
+        });
+      }
     }
+    // Newest first by name (filenames start with unix timestamps).
+    out.sort((a, b) => (a.name < b.name ? 1 : a.name > b.name ? -1 : 0));
     return out;
   },
 

package/packages/core/src/request.ts

@@ -3,7 +3,16 @@ import type { Tina4Request, UploadedFile } from "./types.js";
 
 export function createRequest(req: IncomingMessage): Tina4Request {
   const tReq = req as Tina4Request;
-  const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+
+  // Resolve scheme + host honouring proxy headers — parity with PHP/Python/Ruby.
+  const xfProto = req.headers["x-forwarded-proto"];
+  const proto = (Array.isArray(xfProto) ? xfProto[0] : xfProto)
+    ?? ((req.socket as { encrypted?: boolean })?.encrypted ? "https" : "http");
+  const xfHost = req.headers["x-forwarded-host"];
+  const host = (Array.isArray(xfHost) ? xfHost[0] : xfHost)
+    ?? (req.headers.host ?? "localhost");
+
+  const url = new URL(req.url ?? "/", `${proto}://${host}`);
   const query: Record<string, string> = {};
   for (const [key, value] of url.searchParams) {
     query[key] = value;
@@ -11,6 +20,13 @@ export function createRequest(req: IncomingMessage): Tina4Request {
 
   tReq.params = {};
   tReq.query = query;
+  // Path, query string, and full URL — same shape across all four frameworks.
+  // `path` is the URL path only; `queryString` is the raw query without "?".
+  // `url` is overridden from Node's IncomingMessage.url (path+query) to the
+  // full absolute URL — parity with PHP/Python/Ruby.
+  tReq.path = url.pathname;
+  tReq.queryString = url.search.replace(/^\?/, "");
+  tReq.url = url.toString();
   tReq.body = undefined;
   tReq.files = {};
   tReq.contentType = (req.headers["content-type"] ?? "") as string;

package/packages/core/src/routeDiscovery.ts

@@ -1,13 +1,27 @@
-import { readdirSync, statSync } from "node:fs";
+import { readdirSync, statSync, mkdirSync, writeFileSync, existsSync } from "node:fs";
 import { join, relative, basename, extname } from "node:path";
 import type { RouteDefinition, RouteHandler, RouteMeta } from "./types.js";
 
 const VALID_METHODS = new Set(["get", "post", "put", "delete", "patch"]);
 
+/**
+ * Files already discovered by a prior scan. Lets rediscoverRoutes() pick up
+ * only the freshly-added files without double-registering anything that was
+ * already loaded.
+ */
+const _seenFiles = new Set<string>();
+
+/** The last directory passed to discoverRoutes() — used by rediscoverRoutes(). */
+let _lastRoutesDir = "";
+
 export async function discoverRoutes(routesDir: string): Promise<RouteDefinition[]> {
+  _lastRoutesDir = routesDir;
   const definitions: RouteDefinition[] = [];
   const files = walkDir(routesDir);
 
+  let routeFileCount = 0;
+  let registeredFromThisScan = 0;
+
   for (const filePath of files) {
     const ext = extname(filePath);
     if (ext !== ".ts" && ext !== ".js") continue;
@@ -15,6 +29,10 @@ export async function discoverRoutes(routesDir: string): Promise<RouteDefinition
     const name = basename(filePath, ext).toLowerCase();
     if (!VALID_METHODS.has(name)) continue;
 
+    routeFileCount++;
+
+    if (_seenFiles.has(filePath)) continue;
+
     const method = name.toUpperCase();
     const relativePath = relative(routesDir, filePath);
     const pattern = filePathToPattern(relativePath);
@@ -34,14 +52,64 @@ export async function discoverRoutes(routesDir: string): Promise<RouteDefinition
       const template: string | undefined = typeof mod.template === "string" ? mod.template : undefined;
 
       definitions.push({ method, pattern, handler, filePath, meta, template });
+      _seenFiles.add(filePath);
+      registeredFromThisScan++;
     } catch (err) {
       console.error(`  Error loading route ${relativePath}:`, err);
+      recordBrokenImport(filePath, err as Error);
     }
   }
 
+  // Zero-routes warning: src/routes/ has method-named files but none of them
+  // produced a route this scan. Could mean every file failed to import, or
+  // the handler exports are missing — both situations the user wants to know
+  // about loudly. Only fires on the first scan when nothing came back.
+  if (routeFileCount > 0 && registeredFromThisScan === 0 && _seenFiles.size === 0) {
+    console.warn(
+      `  Warning: ${routeFileCount} method-named file(s) in ${routesDir} but no routes registered. ` +
+      `Each route file must \`export default async function (req, res) { ... }\`.`,
+    );
+  }
+
   return definitions;
 }
 
+/**
+ * Re-run the most recent route scan — called by POST /__dev/api/reload so a
+ * newly-added file in src/routes/ registers without a server restart. Already
+ * loaded files are skipped. No-op if discoverRoutes() has never been called.
+ */
+export async function rediscoverRoutes(): Promise<RouteDefinition[]> {
+  if (!_lastRoutesDir) return [];
+  return discoverRoutes(_lastRoutesDir);
+}
+
+/** Test-only: reset the seen-files state so tests can replay the same dir. */
+export function _resetRouteDiscovery(): void {
+  _seenFiles.clear();
+  _lastRoutesDir = "";
+}
+
+/**
+ * Write a .broken sentinel so /health and the dev dashboard surface auto-discover
+ * failures rather than swallowing them into a console line nobody reads.
+ */
+function recordBrokenImport(filePath: string, error: Error): void {
+  try {
+    const brokenDir = join(process.cwd(), "data", ".broken");
+    if (!existsSync(brokenDir)) mkdirSync(brokenDir, { recursive: true });
+    const slug = filePath.replace(/[/\\]/g, "_");
+    const payload = JSON.stringify({
+      type: "auto_discover_failure",
+      file: filePath,
+      error: `${error.name}: ${error.message}`,
+    }, null, 2);
+    writeFileSync(join(brokenDir, `discover_${slug}.broken`), payload);
+  } catch {
+    // .broken write itself failed — the original error is already logged.
+  }
+}
+
 function filePathToPattern(relativePath: string): string {
   // Remove the filename (get.ts, post.ts, etc.) to get the directory path
   // Normalise backslashes for Windows compatibility