Local-first runtime cleanup and recovery hardening

2026-03-07 23:18:07 +03:00
parent 4e977737ee
commit 06397a6bd1
53 changed files with 1856 additions and 2080 deletions
--- a/internal/appstate/backup.go
+++ b/internal/appstate/backup.go
@@ -88,6 +88,9 @@ func EnsureRotatingLocalBackup(dbPath, configPath string) ([]string, error) {
 	}

 	root := resolveBackupRoot(dbPath)
+	if err := validateBackupRoot(root); err != nil {
+		return nil, err
+	}
 	now := backupNow()

 	created := make([]string, 0)
@@ -111,6 +114,40 @@ func resolveBackupRoot(dbPath string) string {
 	return filepath.Join(filepath.Dir(dbPath), "backups")
 }

+func validateBackupRoot(root string) error {
+	absRoot, err := filepath.Abs(root)
+	if err != nil {
+		return fmt.Errorf("resolve backup root: %w", err)
+	}
+
+	if gitRoot, ok := findGitWorktreeRoot(absRoot); ok {
+		return fmt.Errorf("backup root must stay outside git worktree: %s is inside %s", absRoot, gitRoot)
+	}
+
+	return nil
+}
+
+func findGitWorktreeRoot(path string) (string, bool) {
+	current := filepath.Clean(path)
+	info, err := os.Stat(current)
+	if err == nil && !info.IsDir() {
+		current = filepath.Dir(current)
+	}
+
+	for {
+		gitPath := filepath.Join(current, ".git")
+		if _, err := os.Stat(gitPath); err == nil {
+			return current, true
+		}
+
+		parent := filepath.Dir(current)
+		if parent == current {
+			return "", false
+		}
+		current = parent
+	}
+}
+
 func isBackupDisabled() bool {
 	val := strings.ToLower(strings.TrimSpace(os.Getenv(envBackupDisable)))
 	return val == "1" || val == "true" || val == "yes"