i*zdZddlZddlmZddlmZejeZdededee fdZ d e de fd Z dS) zShared path validation helpers for tool implementations. Extracts the ``resolve() + relative_to()`` and ``..`` traversal check patterns previously duplicated across skill_manager_tool, skills_tool, skills_hub, cronjob_tools, and credential_files. N)Path)Optionalpathrootreturnc |}|}||n##ttf$r}d|cYd}~Sd}~wwxYwdS)auEnsure *path* resolves to a location within *root*. Returns an error message string if validation fails, or ``None`` if the path is safe. Uses ``Path.resolve()`` to follow symlinks and normalize ``..`` components. Usage:: error = validate_within_dir(user_path, allowed_root) if error: return json.dumps({"error": error}) z Path escapes allowed directory: N)resolve relative_to ValueErrorOSError)rrresolved root_resolvedexcs 8/home/ubuntu/.hermes/hermes-agent/tools/path_security.pyvalidate_within_dirrs~8<<>>  ]++++  8887#777777778 4s=AA AA A path_strc2t|j}d|vS)zReturn True if *path_str* contains ``..`` traversal components. Quick check for obvious traversal attempts before doing full resolution. z..)rparts)rrs rhas_traversal_componentr%s NN E 5=) __doc__loggingpathlibrtypingr getLogger__name__loggerstrrboolrrrr!s  8 $ $d$8C=,cdr