feat: add Windows support for skills symlinks and secret key permissions

- Add Windows symlink support in skills/mod.rs with fallback chain: 1. symlink_dir (requires admin/developer mode) 2. mklink /J junction (works without admin) 3. copy_dir_recursive fallback - Add Windows file permissions in security/secrets.rs using icacls - Add copy_dir_recursive helper function for non-Unix platforms Fixes #28
2026-02-14 14:07:41 -05:00 · 2026-02-14 14:07:41 -05:00 · 27b7df53da
commit 27b7df53da
parent 5476195a7f
2 changed files with 71 additions and 4 deletions
--- a/src/security/secrets.rs
+++ b/src/security/secrets.rs
@ -181,13 +181,22 @@ impl SecretStore {
            fs::write(&self.key_path, hex_encode(&key))
                .context("Failed to write secret key file")?;

-            // Set restrictive permissions (Unix only)
+            // Set restrictive permissions
            #[cfg(unix)]
            {
                use std::os::unix::fs::PermissionsExt;
                fs::set_permissions(&self.key_path, fs::Permissions::from_mode(0o600))
                    .context("Failed to set key file permissions")?;
            }
+            #[cfg(windows)]
+            {
+                // On Windows, use icacls to restrict permissions to current user only
+                let _ = std::process::Command::new("icacls")
+                    .arg(&self.key_path)
+                    .args(["/inheritance:r", "/grant:r"])
+                    .arg(format!("{}:F", std::env::var("USERNAME").unwrap_or_default()))
+                    .output();
+            }

            Ok(key)
        }