feat(security): vault wall, path guard, and utils

- utils/paths.py: pyra_home(), ensure_dir(), safe_chmod(), expand() - security/boundaries.py: VaultAccessError, PyraSecurityError, assert_safe_path() (called before every file read), check_vault_lock() Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 12:48:50 +02:00
parent 0a04e04490
commit a96b540234
2 changed files with 62 additions and 0 deletions
@@ -0,0 +1,21 @@
+import os
+from pathlib import Path
+
+
+def pyra_home() -> Path:
+    return Path.home() / ".pyra"
+
+
+def ensure_dir(path: Path, mode: int = 0o700) -> Path:
+    path.mkdir(parents=True, exist_ok=True)
+    safe_chmod(path, mode)
+    return path
+
+
+def safe_chmod(path: Path, mode: int) -> None:
+    if os.name != "nt":
+        path.chmod(mode)
+
+
+def expand(p: str) -> Path:
+    return Path(p).expanduser().resolve()