Spaces:

Leon4gr45
/

hyp

Running

App Files Files Community

hyp / libs /platform /src /system-paths.ts

Leon4gr45

Upload folder using huggingface_hub

947ac7d verified about 1 month ago

raw

history blame contribute delete

45.3 kB

	/**
	* System Paths Configuration
	*
	* Centralized configuration for ALL system paths that automaker needs to access
	* outside of the ALLOWED_ROOT_DIRECTORY. These are well-known system paths for
	* tools like GitHub CLI, Claude CLI, Node.js version managers, etc.
	*
	* ALL file system access must go through this module or secureFs.
	* Direct fs imports are NOT allowed anywhere else in the codebase.
	*
	* Categories of system paths:
	* 1. CLI Tools: GitHub CLI, Claude CLI
	* 2. Version Managers: NVM, fnm, Volta
	* 3. Shells: /bin/zsh, /bin/bash, PowerShell
	* 4. Electron userData: API keys, window bounds, app settings
	* 5. Script directories: node_modules, logs (relative to script)
	*/

	import os from 'os';
	import path from 'path';
	import fsSync from 'fs';
	import fs from 'fs/promises';

	// =============================================================================
	// System Tool Path Definitions
	// =============================================================================

	/**
	* Get NVM for Windows (nvm4w) symlink paths for a given CLI tool.
	* Reused across getClaudeCliPaths, getCodexCliPaths, and getOpenCodeCliPaths.
	*/
	function getNvmWindowsCliPaths(cliName: string): string[] {
	const nvmSymlink = process.env.NVM_SYMLINK;
	if (!nvmSymlink) return [];
	return [path.join(nvmSymlink, `${cliName}.cmd`), path.join(nvmSymlink, cliName)];
	}

	/**
	* Get common paths where GitHub CLI might be installed
	*/
	export function getGitHubCliPaths(): string[] {
	const isWindows = process.platform === 'win32';

	if (isWindows) {
	return [
	path.join(process.env.LOCALAPPDATA \|\| '', 'Programs', 'gh', 'bin', 'gh.exe'),
	path.join(process.env.ProgramFiles \|\| '', 'GitHub CLI', 'gh.exe'),
	].filter(Boolean);
	}

	return [
	'/opt/homebrew/bin/gh',
	'/usr/local/bin/gh',
	'/usr/bin/gh',
	path.join(os.homedir(), '.local', 'bin', 'gh'),
	'/home/linuxbrew/.linuxbrew/bin/gh',
	];
	}

	/**
	* Get common paths where Claude CLI might be installed
	*/
	export function getClaudeCliPaths(): string[] {
	const isWindows = process.platform === 'win32';

	if (isWindows) {
	const appData = process.env.APPDATA \|\| path.join(os.homedir(), 'AppData', 'Roaming');
	return [
	path.join(os.homedir(), '.local', 'bin', 'claude.exe'),
	path.join(appData, 'npm', 'claude.cmd'),
	path.join(appData, 'npm', 'claude'),
	path.join(appData, '.npm-global', 'bin', 'claude.cmd'),
	path.join(appData, '.npm-global', 'bin', 'claude'),
	...getNvmWindowsCliPaths('claude'),
	];
	}

	return [
	path.join(os.homedir(), '.local', 'bin', 'claude'),
	path.join(os.homedir(), '.claude', 'local', 'claude'),
	'/usr/local/bin/claude',
	path.join(os.homedir(), '.npm-global', 'bin', 'claude'),
	];
	}

	/**
	* Get NVM-installed Node.js bin paths for CLI tools
	*/
	function getNvmBinPaths(): string[] {
	const nvmDir = process.env.NVM_DIR \|\| path.join(os.homedir(), '.nvm');
	const versionsDir = path.join(nvmDir, 'versions', 'node');

	try {
	if (!fsSync.existsSync(versionsDir)) {
	return [];
	}
	const versions = fsSync.readdirSync(versionsDir);
	return versions.map((version) => path.join(versionsDir, version, 'bin'));
	} catch {
	return [];
	}
	}

	/**
	* Get fnm (Fast Node Manager) installed Node.js bin paths
	*/
	function getFnmBinPaths(): string[] {
	const homeDir = os.homedir();
	const possibleFnmDirs = [
	path.join(homeDir, '.local', 'share', 'fnm', 'node-versions'),
	path.join(homeDir, '.fnm', 'node-versions'),
	// macOS
	path.join(homeDir, 'Library', 'Application Support', 'fnm', 'node-versions'),
	];

	const binPaths: string[] = [];

	for (const fnmDir of possibleFnmDirs) {
	try {
	if (!fsSync.existsSync(fnmDir)) {
	continue;
	}
	const versions = fsSync.readdirSync(fnmDir);
	for (const version of versions) {
	binPaths.push(path.join(fnmDir, version, 'installation', 'bin'));
	}
	} catch {
	// Ignore errors for this directory
	}
	}

	return binPaths;
	}

	/**
	* Get common paths where Codex CLI might be installed
	*/
	export function getCodexCliPaths(): string[] {
	const isWindows = process.platform === 'win32';
	const homeDir = os.homedir();

	if (isWindows) {
	const appData = process.env.APPDATA \|\| path.join(homeDir, 'AppData', 'Roaming');
	const localAppData = process.env.LOCALAPPDATA \|\| path.join(homeDir, 'AppData', 'Local');
	return [
	path.join(homeDir, '.local', 'bin', 'codex.exe'),
	path.join(appData, 'npm', 'codex.cmd'),
	path.join(appData, 'npm', 'codex'),
	path.join(appData, '.npm-global', 'bin', 'codex.cmd'),
	path.join(appData, '.npm-global', 'bin', 'codex'),
	// Volta on Windows
	path.join(homeDir, '.volta', 'bin', 'codex.exe'),
	// pnpm on Windows
	path.join(localAppData, 'pnpm', 'codex.cmd'),
	path.join(localAppData, 'pnpm', 'codex'),
	...getNvmWindowsCliPaths('codex'),
	];
	}

	// Include NVM bin paths for codex installed via npm global under NVM
	const nvmBinPaths = getNvmBinPaths().map((binPath) => path.join(binPath, 'codex'));

	// Include fnm bin paths
	const fnmBinPaths = getFnmBinPaths().map((binPath) => path.join(binPath, 'codex'));

	// pnpm global bin path
	const pnpmHome = process.env.PNPM_HOME \|\| path.join(homeDir, '.local', 'share', 'pnpm');

	return [
	// Standard locations
	path.join(homeDir, '.local', 'bin', 'codex'),
	'/opt/homebrew/bin/codex',
	'/usr/local/bin/codex',
	'/usr/bin/codex',
	path.join(homeDir, '.npm-global', 'bin', 'codex'),
	// Linuxbrew
	'/home/linuxbrew/.linuxbrew/bin/codex',
	// Volta
	path.join(homeDir, '.volta', 'bin', 'codex'),
	// pnpm global
	path.join(pnpmHome, 'codex'),
	// Yarn global
	path.join(homeDir, '.yarn', 'bin', 'codex'),
	path.join(homeDir, '.config', 'yarn', 'global', 'node_modules', '.bin', 'codex'),
	// Snap packages
	'/snap/bin/codex',
	// NVM paths
	...nvmBinPaths,
	// fnm paths
	...fnmBinPaths,
	];
	}

	const CODEX_CONFIG_DIR_NAME = '.codex';
	const CODEX_AUTH_FILENAME = 'auth.json';
	const CODEX_TOKENS_KEY = 'tokens';

	/**
	* Get the Codex configuration directory path
	*/
	export function getCodexConfigDir(): string {
	return path.join(os.homedir(), CODEX_CONFIG_DIR_NAME);
	}

	/**
	* Get path to Codex auth file
	*/
	export function getCodexAuthPath(): string {
	return path.join(getCodexConfigDir(), CODEX_AUTH_FILENAME);
	}

	/**
	* Get the Claude configuration directory path
	*/
	export function getClaudeConfigDir(): string {
	return path.join(os.homedir(), '.claude');
	}

	/**
	* Get paths to Claude credential files
	*/
	export function getClaudeCredentialPaths(): string[] {
	const claudeDir = getClaudeConfigDir();
	return [path.join(claudeDir, '.credentials.json'), path.join(claudeDir, 'credentials.json')];
	}

	/**
	* Get path to Claude settings file
	*/
	export function getClaudeSettingsPath(): string {
	return path.join(getClaudeConfigDir(), 'settings.json');
	}

	/**
	* Get path to Claude stats cache file
	*/
	export function getClaudeStatsCachePath(): string {
	return path.join(getClaudeConfigDir(), 'stats-cache.json');
	}

	/**
	* Get path to Claude projects/sessions directory
	*/
	export function getClaudeProjectsDir(): string {
	return path.join(getClaudeConfigDir(), 'projects');
	}

	/**
	* Enumerate directories matching a prefix pattern and return full paths
	* Used to resolve dynamic directory names like version numbers
	*/
	function enumerateMatchingPaths(
	parentDir: string,
	prefix: string,
	...subPathParts: string[]
	): string[] {
	try {
	if (!fsSync.existsSync(parentDir)) {
	return [];
	}
	const entries = fsSync.readdirSync(parentDir);
	const matching = entries.filter((entry) => entry.startsWith(prefix));
	return matching.map((entry) => path.join(parentDir, entry, ...subPathParts));
	} catch {
	return [];
	}
	}

	/**
	* Get common Git Bash installation paths on Windows
	* Git Bash is needed for running shell scripts cross-platform
	*/
	export function getGitBashPaths(): string[] {
	if (process.platform !== 'win32') {
	return [];
	}

	const homeDir = os.homedir();
	const localAppData = process.env.LOCALAPPDATA \|\| '';

	// Dynamic paths that require directory enumeration
	// winget installs to: LocalAppData\Microsoft\WinGet\Packages\Git.Git_<hash>\bin\bash.exe
	const wingetGitPaths = localAppData
	? enumerateMatchingPaths(
	path.join(localAppData, 'Microsoft', 'WinGet', 'Packages'),
	'Git.Git_',
	'bin',
	'bash.exe'
	)
	: [];

	// GitHub Desktop bundles Git at: LocalAppData\GitHubDesktop\app-<version>\resources\app\git\cmd\bash.exe
	const githubDesktopPaths = localAppData
	? enumerateMatchingPaths(
	path.join(localAppData, 'GitHubDesktop'),
	'app-',
	'resources',
	'app',
	'git',
	'cmd',
	'bash.exe'
	)
	: [];

	return [
	// Standard Git for Windows installations
	'C:\\Program Files\\Git\\bin\\bash.exe',
	'C:\\Program Files (x86)\\Git\\bin\\bash.exe',
	// User-local installations
	path.join(localAppData, 'Programs', 'Git', 'bin', 'bash.exe'),
	// Scoop package manager
	path.join(homeDir, 'scoop', 'apps', 'git', 'current', 'bin', 'bash.exe'),
	// Chocolatey
	path.join(
	process.env.ChocolateyInstall \|\| 'C:\\ProgramData\\chocolatey',
	'lib',
	'git',
	'tools',
	'bin',
	'bash.exe'
	),
	// winget installations (dynamically resolved)
	...wingetGitPaths,
	// GitHub Desktop bundled Git (dynamically resolved)
	...githubDesktopPaths,
	].filter(Boolean);
	}

	/**
	* Get common shell paths for shell detection
	* Includes both full paths and short names to match $SHELL or PATH entries
	*/
	export function getShellPaths(): string[] {
	if (process.platform === 'win32') {
	return [
	// Full paths (most specific first)
	'C:\\Program Files\\PowerShell\\7\\pwsh.exe',
	'C:\\Program Files\\PowerShell\\7-preview\\pwsh.exe',
	'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe',
	// COMSPEC environment variable (typically cmd.exe)
	process.env.COMSPEC \|\| 'C:\\Windows\\System32\\cmd.exe',
	// Short names (for PATH resolution)
	'pwsh.exe',
	'pwsh',
	'powershell.exe',
	'powershell',
	'cmd.exe',
	'cmd',
	];
	}

	// POSIX (macOS, Linux)
	return [
	// Full paths
	'/bin/zsh',
	'/bin/bash',
	'/bin/sh',
	'/usr/bin/zsh',
	'/usr/bin/bash',
	'/usr/bin/sh',
	'/usr/local/bin/zsh',
	'/usr/local/bin/bash',
	'/opt/homebrew/bin/zsh',
	'/opt/homebrew/bin/bash',
	// Short names (for PATH resolution or $SHELL matching)
	'zsh',
	'bash',
	'sh',
	];
	}

	// =============================================================================
	// Node.js Version Manager Paths
	// =============================================================================

	/**
	* Get NVM installation paths
	*/
	export function getNvmPaths(): string[] {
	const homeDir = os.homedir();

	if (process.platform === 'win32') {
	const appData = process.env.APPDATA \|\| path.join(homeDir, 'AppData', 'Roaming');
	return [path.join(appData, 'nvm')];
	}

	return [path.join(homeDir, '.nvm', 'versions', 'node')];
	}

	/**
	* Get fnm installation paths
	*/
	export function getFnmPaths(): string[] {
	const homeDir = os.homedir();

	if (process.platform === 'win32') {
	const localAppData = process.env.LOCALAPPDATA \|\| path.join(homeDir, 'AppData', 'Local');
	return [
	path.join(homeDir, '.fnm', 'node-versions'),
	path.join(localAppData, 'fnm', 'node-versions'),
	];
	}

	if (process.platform === 'darwin') {
	return [
	path.join(homeDir, '.local', 'share', 'fnm', 'node-versions'),
	path.join(homeDir, 'Library', 'Application Support', 'fnm', 'node-versions'),
	];
	}

	return [
	path.join(homeDir, '.local', 'share', 'fnm', 'node-versions'),
	path.join(homeDir, '.fnm', 'node-versions'),
	];
	}

	/**
	* Get common Node.js installation paths (not version managers)
	*/
	export function getNodeSystemPaths(): string[] {
	if (process.platform === 'win32') {
	return [
	path.join(process.env.PROGRAMFILES \|\| 'C:\\Program Files', 'nodejs', 'node.exe'),
	path.join(
	process.env['PROGRAMFILES(X86)'] \|\| 'C:\\Program Files (x86)',
	'nodejs',
	'node.exe'
	),
	];
	}

	if (process.platform === 'darwin') {
	return ['/opt/homebrew/bin/node', '/usr/local/bin/node', '/usr/bin/node'];
	}

	// Linux
	return ['/usr/bin/node', '/usr/local/bin/node', '/snap/bin/node'];
	}

	/**
	* Get Scoop installation path for Node.js (Windows)
	*/
	export function getScoopNodePath(): string {
	return path.join(os.homedir(), 'scoop', 'apps', 'nodejs', 'current', 'node.exe');
	}

	/**
	* Get Chocolatey installation path for Node.js (Windows)
	*/
	export function getChocolateyNodePath(): string {
	return path.join(
	process.env.ChocolateyInstall \|\| 'C:\\ProgramData\\chocolatey',
	'bin',
	'node.exe'
	);
	}

	/**
	* Get WSL detection path
	*/
	export function getWslVersionPath(): string {
	return '/proc/version';
	}

	/**
	* Extended PATH environment for finding system tools
	*/
	export function getExtendedPath(): string {
	const paths = [
	process.env.PATH,
	'/opt/homebrew/bin',
	'/usr/local/bin',
	'/home/linuxbrew/.linuxbrew/bin',
	`${process.env.HOME}/.local/bin`,
	];

	return paths.filter(Boolean).join(process.platform === 'win32' ? ';' : ':');
	}

	// =============================================================================
	// System Path Access Methods (Unconstrained - only for system tool detection)
	// =============================================================================

	/**
	* Check if a file exists at a system path (synchronous)
	* IMPORTANT: This bypasses ALLOWED_ROOT_DIRECTORY restrictions.
	* Only use for checking system tool installation paths.
	*/
	export function systemPathExists(filePath: string): boolean {
	if (!isAllowedSystemPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not an allowed system path`);
	}
	return fsSync.existsSync(filePath);
	}

	/**
	* Check if a file is accessible at a system path (async)
	* IMPORTANT: This bypasses ALLOWED_ROOT_DIRECTORY restrictions.
	* Only use for checking system tool installation paths.
	*/
	export async function systemPathAccess(filePath: string): Promise<boolean> {
	if (!isAllowedSystemPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not an allowed system path`);
	}
	try {
	await fs.access(filePath);
	return true;
	} catch {
	return false;
	}
	}

	/**
	* Check if a file has execute permission (synchronous)
	* On Windows, only checks existence (X_OK is not meaningful)
	*/
	export function systemPathIsExecutable(filePath: string): boolean {
	if (!isAllowedSystemPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not an allowed system path`);
	}
	try {
	if (process.platform === 'win32') {
	fsSync.accessSync(filePath, fsSync.constants.F_OK);
	} else {
	fsSync.accessSync(filePath, fsSync.constants.X_OK);
	}
	return true;
	} catch {
	return false;
	}
	}

	/**
	* Read a file from an allowed system path (async)
	* IMPORTANT: This bypasses ALLOWED_ROOT_DIRECTORY restrictions.
	* Only use for reading Claude config files and similar system configs.
	*/
	export async function systemPathReadFile(
	filePath: string,
	encoding: BufferEncoding = 'utf-8'
	): Promise<string> {
	if (!isAllowedSystemPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not an allowed system path`);
	}
	return fs.readFile(filePath, encoding);
	}

	/**
	* Read a file from an allowed system path (synchronous)
	*/
	export function systemPathReadFileSync(
	filePath: string,
	encoding: BufferEncoding = 'utf-8'
	): string {
	if (!isAllowedSystemPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not an allowed system path`);
	}
	return fsSync.readFileSync(filePath, encoding);
	}

	/**
	* Write a file to an allowed system path (synchronous)
	*/
	export function systemPathWriteFileSync(
	filePath: string,
	data: string,
	options?: { encoding?: BufferEncoding; mode?: number }
	): void {
	if (!isAllowedSystemPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not an allowed system path`);
	}
	fsSync.writeFileSync(filePath, data, options);
	}

	/**
	* Read directory contents from an allowed system path (async)
	* IMPORTANT: This bypasses ALLOWED_ROOT_DIRECTORY restrictions.
	*/
	export async function systemPathReaddir(dirPath: string): Promise<string[]> {
	if (!isAllowedSystemPath(dirPath)) {
	throw new Error(`[SystemPaths] Access denied: ${dirPath} is not an allowed system path`);
	}
	return fs.readdir(dirPath);
	}

	/**
	* Read directory contents from an allowed system path (synchronous)
	*/
	export function systemPathReaddirSync(dirPath: string): string[] {
	if (!isAllowedSystemPath(dirPath)) {
	throw new Error(`[SystemPaths] Access denied: ${dirPath} is not an allowed system path`);
	}
	return fsSync.readdirSync(dirPath);
	}

	/**
	* Get file stats from a system path (synchronous)
	*/
	export function systemPathStatSync(filePath: string): fsSync.Stats {
	if (!isAllowedSystemPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not an allowed system path`);
	}
	return fsSync.statSync(filePath);
	}

	/**
	* Get file stats from a system path (async)
	*/
	export async function systemPathStat(filePath: string): Promise<fsSync.Stats> {
	if (!isAllowedSystemPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not an allowed system path`);
	}
	return fs.stat(filePath);
	}

	// =============================================================================
	// Path Validation
	// =============================================================================

	/**
	* All paths that are allowed for system tool detection
	*/
	function getAllAllowedSystemPaths(): string[] {
	return [
	// GitHub CLI paths
	...getGitHubCliPaths(),
	// Claude CLI paths
	...getClaudeCliPaths(),
	// Claude config directory and files
	getClaudeConfigDir(),
	...getClaudeCredentialPaths(),
	getClaudeSettingsPath(),
	getClaudeStatsCachePath(),
	getClaudeProjectsDir(),
	// Codex CLI paths
	...getCodexCliPaths(),
	// Codex config directory and files
	getCodexConfigDir(),
	getCodexAuthPath(),
	// OpenCode CLI paths
	...getOpenCodeCliPaths(),
	// OpenCode config directory and files
	getOpenCodeConfigDir(),
	getOpenCodeAuthPath(),
	// Shell paths
	...getShellPaths(),
	// Git Bash paths (for Windows cross-platform shell script execution)
	...getGitBashPaths(),
	// Node.js system paths
	...getNodeSystemPaths(),
	getScoopNodePath(),
	getChocolateyNodePath(),
	// WSL detection
	getWslVersionPath(),
	];
	}

	/**
	* Get all allowed directories (for recursive access)
	*/
	function getAllAllowedSystemDirs(): string[] {
	return [
	// Claude config
	getClaudeConfigDir(),
	getClaudeProjectsDir(),
	// Codex config
	getCodexConfigDir(),
	// OpenCode config
	getOpenCodeConfigDir(),
	// Version managers (need recursive access for version directories)
	...getNvmPaths(),
	...getFnmPaths(),
	];
	}

	/**
	* Check if a path is an allowed system path
	* Paths must either be exactly in the allowed list, or be inside an allowed directory
	*/
	export function isAllowedSystemPath(filePath: string): boolean {
	const normalizedPath = path.resolve(filePath);
	const allowedPaths = getAllAllowedSystemPaths();

	// Check for exact match
	if (allowedPaths.includes(normalizedPath)) {
	return true;
	}

	// Check if the path is inside an allowed directory
	const allowedDirs = getAllAllowedSystemDirs();

	for (const allowedDir of allowedDirs) {
	const normalizedAllowedDir = path.resolve(allowedDir);
	// Check if path is exactly the allowed dir or inside it
	if (
	normalizedPath === normalizedAllowedDir \|\|
	normalizedPath.startsWith(normalizedAllowedDir + path.sep)
	) {
	return true;
	}
	}

	return false;
	}

	// =============================================================================
	// Electron userData Operations
	// =============================================================================

	// Store the Electron userData path (set by Electron main process)
	let electronUserDataPath: string \| null = null;

	/**
	* Set the Electron userData path (called from Electron main process)
	*/
	export function setElectronUserDataPath(userDataPath: string): void {
	electronUserDataPath = userDataPath;
	}

	/**
	* Get the Electron userData path
	*/
	export function getElectronUserDataPath(): string \| null {
	return electronUserDataPath;
	}

	/**
	* Check if a path is within the Electron userData directory
	*/
	export function isElectronUserDataPath(filePath: string): boolean {
	if (!electronUserDataPath) return false;
	const normalizedPath = path.resolve(filePath);
	const normalizedUserData = path.resolve(electronUserDataPath);
	return (
	normalizedPath === normalizedUserData \|\|
	normalizedPath.startsWith(normalizedUserData + path.sep)
	);
	}

	/**
	* Read a file from Electron userData directory
	*/
	export function electronUserDataReadFileSync(
	relativePath: string,
	encoding: BufferEncoding = 'utf-8'
	): string {
	if (!electronUserDataPath) {
	throw new Error('[SystemPaths] Electron userData path not initialized');
	}
	const fullPath = path.join(electronUserDataPath, relativePath);
	return fsSync.readFileSync(fullPath, encoding);
	}

	/**
	* Write a file to Electron userData directory
	*/
	export function electronUserDataWriteFileSync(
	relativePath: string,
	data: string,
	options?: { encoding?: BufferEncoding; mode?: number }
	): void {
	if (!electronUserDataPath) {
	throw new Error('[SystemPaths] Electron userData path not initialized');
	}
	const fullPath = path.join(electronUserDataPath, relativePath);
	// Ensure parent directory exists (may not exist on first launch)
	const dir = path.dirname(fullPath);
	fsSync.mkdirSync(dir, { recursive: true });
	fsSync.writeFileSync(fullPath, data, options);
	}

	/**
	* Check if a file exists in Electron userData directory
	*/
	export function electronUserDataExists(relativePath: string): boolean {
	if (!electronUserDataPath) return false;
	const fullPath = path.join(electronUserDataPath, relativePath);
	return fsSync.existsSync(fullPath);
	}

	// =============================================================================
	// Script Directory Operations (for init.mjs and similar)
	// =============================================================================

	// Store the script's base directory
	let scriptBaseDir: string \| null = null;

	/**
	* Set the script base directory
	*/
	export function setScriptBaseDir(baseDir: string): void {
	scriptBaseDir = baseDir;
	}

	/**
	* Get the script base directory
	*/
	export function getScriptBaseDir(): string \| null {
	return scriptBaseDir;
	}

	/**
	* Check if a file exists relative to script base directory
	*/
	export function scriptDirExists(relativePath: string): boolean {
	if (!scriptBaseDir) {
	throw new Error('[SystemPaths] Script base directory not initialized');
	}
	const fullPath = path.join(scriptBaseDir, relativePath);
	return fsSync.existsSync(fullPath);
	}

	/**
	* Create a directory relative to script base directory
	*/
	export function scriptDirMkdirSync(relativePath: string, options?: { recursive?: boolean }): void {
	if (!scriptBaseDir) {
	throw new Error('[SystemPaths] Script base directory not initialized');
	}
	const fullPath = path.join(scriptBaseDir, relativePath);
	fsSync.mkdirSync(fullPath, options);
	}

	/**
	* Create a write stream for a file relative to script base directory
	*/
	export function scriptDirCreateWriteStream(relativePath: string): fsSync.WriteStream {
	if (!scriptBaseDir) {
	throw new Error('[SystemPaths] Script base directory not initialized');
	}
	const fullPath = path.join(scriptBaseDir, relativePath);
	return fsSync.createWriteStream(fullPath);
	}

	// =============================================================================
	// Electron App Bundle Operations (for accessing app's own files)
	// =============================================================================

	// Store the Electron app bundle paths (can have multiple allowed directories)
	let electronAppDirs: string[] = [];
	let electronResourcesPath: string \| null = null;

	/**
	* Set the Electron app directories (called from Electron main process)
	* In development mode, pass the project root to allow access to source files.
	* In production mode, pass __dirname and process.resourcesPath.
	*
	* @param appDirOrDirs - Single directory or array of directories to allow
	* @param resourcesPath - Optional resources path (for packaged apps)
	*/
	export function setElectronAppPaths(appDirOrDirs: string \| string[], resourcesPath?: string): void {
	electronAppDirs = Array.isArray(appDirOrDirs) ? appDirOrDirs : [appDirOrDirs];
	electronResourcesPath = resourcesPath \|\| null;
	}

	/**
	* Check if a path is within the Electron app bundle (any of the allowed directories)
	*/
	function isElectronAppPath(filePath: string): boolean {
	const normalizedPath = path.resolve(filePath);

	// Check against all allowed app directories
	for (const appDir of electronAppDirs) {
	const normalizedAppDir = path.resolve(appDir);
	if (
	normalizedPath === normalizedAppDir \|\|
	normalizedPath.startsWith(normalizedAppDir + path.sep)
	) {
	return true;
	}
	}

	// Check against resources path (for packaged apps)
	if (electronResourcesPath) {
	const normalizedResources = path.resolve(electronResourcesPath);
	if (
	normalizedPath === normalizedResources \|\|
	normalizedPath.startsWith(normalizedResources + path.sep)
	) {
	return true;
	}
	}

	return false;
	}

	/**
	* Check if a file exists within the Electron app bundle
	*/
	export function electronAppExists(filePath: string): boolean {
	if (!isElectronAppPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not within Electron app bundle`);
	}
	return fsSync.existsSync(filePath);
	}

	/**
	* Read a file from the Electron app bundle
	*/
	export function electronAppReadFileSync(filePath: string): Buffer {
	if (!isElectronAppPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not within Electron app bundle`);
	}
	return fsSync.readFileSync(filePath);
	}

	/**
	* Get file stats from the Electron app bundle
	*/
	export function electronAppStatSync(filePath: string): fsSync.Stats {
	if (!isElectronAppPath(filePath)) {
	throw new Error(`[SystemPaths] Access denied: ${filePath} is not within Electron app bundle`);
	}
	return fsSync.statSync(filePath);
	}

	/**
	* Get file stats from the Electron app bundle (async with callback for compatibility)
	*/
	export function electronAppStat(
	filePath: string,
	callback: (err: NodeJS.ErrnoException \| null, stats: fsSync.Stats \| undefined) => void
	): void {
	if (!isElectronAppPath(filePath)) {
	callback(
	new Error(`[SystemPaths] Access denied: ${filePath} is not within Electron app bundle`),
	undefined
	);
	return;
	}
	fsSync.stat(filePath, callback);
	}

	/**
	* Read a file from the Electron app bundle (async with callback for compatibility)
	*/
	export function electronAppReadFile(
	filePath: string,
	callback: (err: NodeJS.ErrnoException \| null, data: Buffer \| undefined) => void
	): void {
	if (!isElectronAppPath(filePath)) {
	callback(
	new Error(`[SystemPaths] Access denied: ${filePath} is not within Electron app bundle`),
	undefined
	);
	return;
	}
	fsSync.readFile(filePath, callback);
	}

	// =============================================================================
	// High-level Tool Detection Methods
	// =============================================================================

	/**
	* Find the first existing path from a list of system paths
	*/
	export async function findFirstExistingPath(paths: string[]): Promise<string \| null> {
	for (const p of paths) {
	if (await systemPathAccess(p)) {
	return p;
	}
	}
	return null;
	}

	/**
	* Check if GitHub CLI is installed and return its path
	*/
	export async function findGitHubCliPath(): Promise<string \| null> {
	return findFirstExistingPath(getGitHubCliPaths());
	}

	/**
	* Check if Claude CLI is installed and return its path
	*/
	export async function findClaudeCliPath(): Promise<string \| null> {
	return findFirstExistingPath(getClaudeCliPaths());
	}

	export async function findCodexCliPath(): Promise<string \| null> {
	return findFirstExistingPath(getCodexCliPaths());
	}

	/**
	* Find Git Bash on Windows and return its path
	*/
	export async function findGitBashPath(): Promise<string \| null> {
	return findFirstExistingPath(getGitBashPaths());
	}

	/**
	* Details about a file check performed during auth detection
	*/
	export interface FileCheckResult {
	path: string;
	exists: boolean;
	readable: boolean;
	error?: string;
	}

	/**
	* Details about a directory check performed during auth detection
	*/
	export interface DirectoryCheckResult {
	path: string;
	exists: boolean;
	readable: boolean;
	entryCount: number;
	error?: string;
	}

	/**
	* Get Claude authentication status by checking various indicators
	*/
	export interface ClaudeAuthIndicators {
	hasCredentialsFile: boolean;
	hasSettingsFile: boolean;
	hasStatsCacheWithActivity: boolean;
	hasProjectsSessions: boolean;
	credentials: {
	hasOAuthToken: boolean;
	hasApiKey: boolean;
	} \| null;
	/** Detailed information about what was checked */
	checks: {
	settingsFile: FileCheckResult;
	statsCache: FileCheckResult & { hasDailyActivity?: boolean };
	projectsDir: DirectoryCheckResult;
	credentialFiles: FileCheckResult[];
	};
	}

	export async function getClaudeAuthIndicators(): Promise<ClaudeAuthIndicators> {
	const settingsPath = getClaudeSettingsPath();
	const statsCachePath = getClaudeStatsCachePath();
	const projectsDir = getClaudeProjectsDir();
	const credentialPaths = getClaudeCredentialPaths();

	// Initialize checks with paths
	const settingsFileCheck: FileCheckResult = {
	path: settingsPath,
	exists: false,
	readable: false,
	};

	const statsCacheCheck: FileCheckResult & { hasDailyActivity?: boolean } = {
	path: statsCachePath,
	exists: false,
	readable: false,
	};

	const projectsDirCheck: DirectoryCheckResult = {
	path: projectsDir,
	exists: false,
	readable: false,
	entryCount: 0,
	};

	const credentialFileChecks: FileCheckResult[] = credentialPaths.map((p) => ({
	path: p,
	exists: false,
	readable: false,
	}));

	const result: ClaudeAuthIndicators = {
	hasCredentialsFile: false,
	hasSettingsFile: false,
	hasStatsCacheWithActivity: false,
	hasProjectsSessions: false,
	credentials: null,
	checks: {
	settingsFile: settingsFileCheck,
	statsCache: statsCacheCheck,
	projectsDir: projectsDirCheck,
	credentialFiles: credentialFileChecks,
	},
	};

	// Check settings file
	// First check existence, then try to read to confirm it's actually readable
	try {
	if (await systemPathAccess(settingsPath)) {
	settingsFileCheck.exists = true;
	// Try to actually read the file to confirm read permissions
	try {
	await systemPathReadFile(settingsPath);
	settingsFileCheck.readable = true;
	result.hasSettingsFile = true;
	} catch (readErr) {
	// File exists but cannot be read (permission denied, etc.)
	settingsFileCheck.readable = false;
	settingsFileCheck.error = `Cannot read: ${readErr instanceof Error ? readErr.message : String(readErr)}`;
	}
	}
	} catch (err) {
	settingsFileCheck.error = err instanceof Error ? err.message : String(err);
	}

	// Check stats cache for recent activity
	try {
	const statsContent = await systemPathReadFile(statsCachePath);
	statsCacheCheck.exists = true;
	statsCacheCheck.readable = true;
	try {
	const stats = JSON.parse(statsContent);
	if (stats.dailyActivity && stats.dailyActivity.length > 0) {
	statsCacheCheck.hasDailyActivity = true;
	result.hasStatsCacheWithActivity = true;
	} else {
	statsCacheCheck.hasDailyActivity = false;
	}
	} catch (parseErr) {
	statsCacheCheck.error = `JSON parse error: ${parseErr instanceof Error ? parseErr.message : String(parseErr)}`;
	}
	} catch (err) {
	if ((err as NodeJS.ErrnoException).code === 'ENOENT') {
	statsCacheCheck.exists = false;
	} else {
	statsCacheCheck.error = err instanceof Error ? err.message : String(err);
	}
	}

	// Check for sessions in projects directory
	try {
	const sessions = await systemPathReaddir(projectsDir);
	projectsDirCheck.exists = true;
	projectsDirCheck.readable = true;
	projectsDirCheck.entryCount = sessions.length;
	if (sessions.length > 0) {
	result.hasProjectsSessions = true;
	}
	} catch (err) {
	if ((err as NodeJS.ErrnoException).code === 'ENOENT') {
	projectsDirCheck.exists = false;
	} else {
	projectsDirCheck.error = err instanceof Error ? err.message : String(err);
	}
	}

	// Check credentials files
	// We iterate through all credential paths and only stop when we find a file
	// that contains actual credentials (OAuth tokens or API keys). An empty or
	// token-less file should not prevent checking subsequent credential paths.
	for (let i = 0; i < credentialPaths.length; i++) {
	const credPath = credentialPaths[i];
	const credCheck = credentialFileChecks[i];
	try {
	const content = await systemPathReadFile(credPath);
	credCheck.exists = true;
	credCheck.readable = true;
	try {
	const credentials = JSON.parse(content);
	// Support multiple credential formats:
	// 1. Claude Code CLI format: { claudeAiOauth: { accessToken, refreshToken } }
	// 2. Legacy format: { oauth_token } or { access_token }
	// 3. API key format: { api_key }
	const hasClaudeOauth = !!credentials.claudeAiOauth?.accessToken;
	const hasLegacyOauth = !!(credentials.oauth_token \|\| credentials.access_token);
	const hasOAuthToken = hasClaudeOauth \|\| hasLegacyOauth;
	const hasApiKey = !!credentials.api_key;

	// Only consider this a valid credentials file if it actually contains tokens
	// An empty JSON file ({}) or file without tokens should not stop us from
	// checking subsequent credential paths
	if (hasOAuthToken \|\| hasApiKey) {
	result.hasCredentialsFile = true;
	result.credentials = {
	hasOAuthToken,
	hasApiKey,
	};
	break; // Found valid credentials, stop searching
	}
	// File exists and is valid JSON but contains no tokens - continue checking other paths
	} catch (parseErr) {
	credCheck.error = `JSON parse error: ${parseErr instanceof Error ? parseErr.message : String(parseErr)}`;
	}
	} catch (err) {
	if ((err as NodeJS.ErrnoException).code === 'ENOENT') {
	credCheck.exists = false;
	} else {
	credCheck.error = err instanceof Error ? err.message : String(err);
	}
	}
	}

	return result;
	}

	export interface CodexAuthIndicators {
	hasAuthFile: boolean;
	hasOAuthToken: boolean;
	hasApiKey: boolean;
	}

	const CODEX_OAUTH_KEYS = ['access_token', 'oauth_token'] as const;
	const CODEX_API_KEY_KEYS = ['api_key', 'OPENAI_API_KEY'] as const;

	function hasNonEmptyStringField(record: Record<string, unknown>, keys: readonly string[]): boolean {
	return keys.some((key) => typeof record[key] === 'string' && record[key]);
	}

	function getNestedTokens(record: Record<string, unknown>): Record<string, unknown> \| null {
	const tokens = record[CODEX_TOKENS_KEY];
	if (tokens && typeof tokens === 'object' && !Array.isArray(tokens)) {
	return tokens as Record<string, unknown>;
	}
	return null;
	}

	export async function getCodexAuthIndicators(): Promise<CodexAuthIndicators> {
	const result: CodexAuthIndicators = {
	hasAuthFile: false,
	hasOAuthToken: false,
	hasApiKey: false,
	};

	try {
	const authContent = await systemPathReadFile(getCodexAuthPath());
	result.hasAuthFile = true;

	try {
	const authJson = JSON.parse(authContent) as Record<string, unknown>;
	result.hasOAuthToken = hasNonEmptyStringField(authJson, CODEX_OAUTH_KEYS);
	result.hasApiKey = hasNonEmptyStringField(authJson, CODEX_API_KEY_KEYS);
	const nestedTokens = getNestedTokens(authJson);
	if (nestedTokens) {
	result.hasOAuthToken =
	result.hasOAuthToken \|\| hasNonEmptyStringField(nestedTokens, CODEX_OAUTH_KEYS);
	result.hasApiKey =
	result.hasApiKey \|\| hasNonEmptyStringField(nestedTokens, CODEX_API_KEY_KEYS);
	}
	} catch {
	// Ignore parse errors; file exists but contents are unreadable
	}
	} catch {
	// Auth file not found or inaccessible
	}

	return result;
	}

	// =============================================================================
	// OpenCode CLI Detection
	// =============================================================================

	const OPENCODE_DATA_DIR = '.local/share/opencode';
	const OPENCODE_AUTH_FILENAME = 'auth.json';
	const OPENCODE_TOKENS_KEY = 'tokens';

	/**
	* Get common paths where OpenCode CLI might be installed
	*/
	export function getOpenCodeCliPaths(): string[] {
	const isWindows = process.platform === 'win32';
	const homeDir = os.homedir();

	if (isWindows) {
	const appData = process.env.APPDATA \|\| path.join(homeDir, 'AppData', 'Roaming');
	const localAppData = process.env.LOCALAPPDATA \|\| path.join(homeDir, 'AppData', 'Local');
	return [
	// OpenCode's default installation directory
	path.join(homeDir, '.opencode', 'bin', 'opencode.exe'),
	path.join(homeDir, '.local', 'bin', 'opencode.exe'),
	path.join(appData, 'npm', 'opencode.cmd'),
	path.join(appData, 'npm', 'opencode'),
	path.join(appData, '.npm-global', 'bin', 'opencode.cmd'),
	path.join(appData, '.npm-global', 'bin', 'opencode'),
	// Volta on Windows
	path.join(homeDir, '.volta', 'bin', 'opencode.exe'),
	// pnpm on Windows
	path.join(localAppData, 'pnpm', 'opencode.cmd'),
	path.join(localAppData, 'pnpm', 'opencode'),
	// Go installation (if OpenCode is a Go binary)
	path.join(homeDir, 'go', 'bin', 'opencode.exe'),
	path.join(process.env.GOPATH \|\| path.join(homeDir, 'go'), 'bin', 'opencode.exe'),
	...getNvmWindowsCliPaths('opencode'),
	];
	}

	// Include NVM bin paths for opencode installed via npm global under NVM
	const nvmBinPaths = getNvmBinPaths().map((binPath) => path.join(binPath, 'opencode'));

	// Include fnm bin paths
	const fnmBinPaths = getFnmBinPaths().map((binPath) => path.join(binPath, 'opencode'));

	// pnpm global bin path
	const pnpmHome = process.env.PNPM_HOME \|\| path.join(homeDir, '.local', 'share', 'pnpm');

	return [
	// OpenCode's default installation directory
	path.join(homeDir, '.opencode', 'bin', 'opencode'),
	// Standard locations
	path.join(homeDir, '.local', 'bin', 'opencode'),
	'/opt/homebrew/bin/opencode',
	'/usr/local/bin/opencode',
	'/usr/bin/opencode',
	path.join(homeDir, '.npm-global', 'bin', 'opencode'),
	// Linuxbrew
	'/home/linuxbrew/.linuxbrew/bin/opencode',
	// Volta
	path.join(homeDir, '.volta', 'bin', 'opencode'),
	// pnpm global
	path.join(pnpmHome, 'opencode'),
	// Yarn global
	path.join(homeDir, '.yarn', 'bin', 'opencode'),
	path.join(homeDir, '.config', 'yarn', 'global', 'node_modules', '.bin', 'opencode'),
	// Go installation (if OpenCode is a Go binary)
	path.join(homeDir, 'go', 'bin', 'opencode'),
	path.join(process.env.GOPATH \|\| path.join(homeDir, 'go'), 'bin', 'opencode'),
	// Snap packages
	'/snap/bin/opencode',
	// NVM paths
	...nvmBinPaths,
	// fnm paths
	...fnmBinPaths,
	];
	}

	/**
	* Get the OpenCode data directory path
	* macOS/Linux: ~/.local/share/opencode
	* Windows: %USERPROFILE%\.local\share\opencode
	*/
	export function getOpenCodeConfigDir(): string {
	return path.join(os.homedir(), OPENCODE_DATA_DIR);
	}

	/**
	* Get path to OpenCode auth file
	*/
	export function getOpenCodeAuthPath(): string {
	return path.join(getOpenCodeConfigDir(), OPENCODE_AUTH_FILENAME);
	}

	/**
	* Check if OpenCode CLI is installed and return its path
	*/
	export async function findOpenCodeCliPath(): Promise<string \| null> {
	return findFirstExistingPath(getOpenCodeCliPaths());
	}

	export interface OpenCodeAuthIndicators {
	hasAuthFile: boolean;
	hasOAuthToken: boolean;
	hasApiKey: boolean;
	}

	const OPENCODE_OAUTH_KEYS = ['access_token', 'oauth_token'] as const;
	const OPENCODE_API_KEY_KEYS = ['api_key', 'OPENAI_API_KEY', 'ANTHROPIC_API_KEY'] as const;

	// Provider names that OpenCode uses for provider-specific auth entries
	// NOTE: github-copilot uses refresh tokens, so 'access' may be empty but 'refresh' is valid
	const OPENCODE_PROVIDERS = [
	'anthropic',
	'openai',
	'google',
	'bedrock',
	'amazon-bedrock',
	'github-copilot',
	'copilot',
	] as const;

	function getOpenCodeNestedTokens(record: Record<string, unknown>): Record<string, unknown> \| null {
	const tokens = record[OPENCODE_TOKENS_KEY];
	if (tokens && typeof tokens === 'object' && !Array.isArray(tokens)) {
	return tokens as Record<string, unknown>;
	}
	return null;
	}

	/**
	* Check if the auth JSON has provider-specific OAuth credentials
	* OpenCode stores auth in format: { "anthropic": { "type": "oauth", "access": "...", "refresh": "..." } }
	* GitHub Copilot uses refresh tokens, so 'access' may be empty but 'refresh' is valid
	*/
	function hasProviderOAuth(authJson: Record<string, unknown>): boolean {
	for (const provider of OPENCODE_PROVIDERS) {
	const providerAuth = authJson[provider];
	if (providerAuth && typeof providerAuth === 'object' && !Array.isArray(providerAuth)) {
	const auth = providerAuth as Record<string, unknown>;
	// Check for OAuth type with access token OR refresh token (GitHub Copilot uses refresh tokens)
	if (auth.type === 'oauth') {
	if (
	(typeof auth.access === 'string' && auth.access) \|\|
	(typeof auth.refresh === 'string' && auth.refresh)
	) {
	return true;
	}
	}
	// Also check for access_token field directly
	if (typeof auth.access_token === 'string' && auth.access_token) {
	return true;
	}
	// Check for refresh_token field directly
	if (typeof auth.refresh_token === 'string' && auth.refresh_token) {
	return true;
	}
	}
	}
	return false;
	}

	/**
	* Check if the auth JSON has provider-specific API key credentials
	*/
	function hasProviderApiKey(authJson: Record<string, unknown>): boolean {
	for (const provider of OPENCODE_PROVIDERS) {
	const providerAuth = authJson[provider];
	if (providerAuth && typeof providerAuth === 'object' && !Array.isArray(providerAuth)) {
	const auth = providerAuth as Record<string, unknown>;
	// Check for API key type
	if (auth.type === 'api_key' && typeof auth.key === 'string' && auth.key) {
	return true;
	}
	// Also check for api_key field directly
	if (typeof auth.api_key === 'string' && auth.api_key) {
	return true;
	}
	}
	}
	return false;
	}

	/**
	* Get OpenCode authentication status by checking auth file indicators
	*/
	export async function getOpenCodeAuthIndicators(): Promise<OpenCodeAuthIndicators> {
	const result: OpenCodeAuthIndicators = {
	hasAuthFile: false,
	hasOAuthToken: false,
	hasApiKey: false,
	};

	try {
	const authContent = await systemPathReadFile(getOpenCodeAuthPath());
	result.hasAuthFile = true;

	try {
	const authJson = JSON.parse(authContent) as Record<string, unknown>;

	// Check for legacy top-level keys
	result.hasOAuthToken = hasNonEmptyStringField(authJson, OPENCODE_OAUTH_KEYS);
	result.hasApiKey = hasNonEmptyStringField(authJson, OPENCODE_API_KEY_KEYS);

	// Check for nested tokens object (legacy format)
	const nestedTokens = getOpenCodeNestedTokens(authJson);
	if (nestedTokens) {
	result.hasOAuthToken =
	result.hasOAuthToken \|\| hasNonEmptyStringField(nestedTokens, OPENCODE_OAUTH_KEYS);
	result.hasApiKey =
	result.hasApiKey \|\| hasNonEmptyStringField(nestedTokens, OPENCODE_API_KEY_KEYS);
	}

	// Check for provider-specific auth entries (current OpenCode format)
	// Format: { "anthropic": { "type": "oauth", "access": "...", "refresh": "..." } }
	result.hasOAuthToken = result.hasOAuthToken \|\| hasProviderOAuth(authJson);
	result.hasApiKey = result.hasApiKey \|\| hasProviderApiKey(authJson);
	} catch {
	// Ignore parse errors; file exists but contents are unreadable
	}
	} catch {
	// Auth file not found or inaccessible
	}

	return result;
	}