import { spawnSync } from "child_process";
import path from "path";

const WORKSPACE_ROOT = process.env.CONDUIT_ROOT || "/workspace";

// Resolve a path param relative to WORKSPACE_ROOT, preventing traversal.
export function resolvePath(userPath) {
	const resolved = path.resolve(WORKSPACE_ROOT, userPath.replace(/^\//, ""));
	if (!resolved.startsWith(WORKSPACE_ROOT)) {
		throw new Error(`Path escapes workspace root: ${userPath}`);
	}
	return resolved;
}

// Execute a binary with an argument list — no shell interpolation.
export function exec(bin, args = []) {
	return new Promise((resolve, reject) => {
		const result = spawnSync(bin, args, { stdio: "inherit" });
		if (result.error) {
			reject(result.error);
		} else {
			resolve(result.status);
		}
	});
}