Sync dev to main (#90)

* deps(deps): bump github.com/gdamore/tcell/v2 from 2.13.1 to 2.13.2 in the security-patches group (#88)

deps(deps): bump github.com/gdamore/tcell/v2

Bumps the security-patches group with 1 update: [github.com/gdamore/tcell/v2](https://github.com/gdamore/tcell).


Updates `github.com/gdamore/tcell/v2` from 2.13.1 to 2.13.2
- [Release notes](https://github.com/gdamore/tcell/releases)
- [Changelog](https://github.com/gdamore/tcell/blob/main/CHANGESv3.md)
- [Commits](gdamore/tcell@v2.13.1...v2.13.2)

---
updated-dependencies:
- dependency-name: github.com/gdamore/tcell/v2
  dependency-version: 2.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security-patches
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Improve permission checks and test coverage

Refactors permission checking logic to better handle transient I/O errors, adds error codes to CheckResult, and improves logging of failed checks. Extends test coverage for permission checks, backup safety, system compatibility, decryption workflow, and TUI wizards. Adds indirection for file creation to facilitate testing, and introduces new test helpers and runners for TUI flows.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: tis24dev

go.mod

@@ -6,7 +6,7 @@ toolchain go1.25.5
 
 require (
 	filippo.io/age v1.2.1
-	github.com/gdamore/tcell/v2 v2.13.1
+	github.com/gdamore/tcell/v2 v2.13.2
 	github.com/rivo/tview v0.42.0
 	golang.org/x/crypto v0.45.0
 	golang.org/x/term v0.37.0

go.sum

@@ -6,8 +6,8 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/gdamore/encoding v1.0.1 h1:YzKZckdBL6jVt2Gc+5p82qhrGiqMdG/eNs6Wy0u3Uhw=
 github.com/gdamore/encoding v1.0.1/go.mod h1:0Z0cMFinngz9kS1QfMjCP8TY7em3bZYeeklsSDPivEo=
-github.com/gdamore/tcell/v2 v2.13.1 h1:Ca2N6mHxhXuElCgn+nfKuZjS7gwNiIRKHFiljrZQ26A=
-github.com/gdamore/tcell/v2 v2.13.1/go.mod h1:+Wfe208WDdB7INEtCsNrAN6O2m+wsTPk1RAovjaILlo=
+github.com/gdamore/tcell/v2 v2.13.2 h1:5j4srfF8ow3HICOv/61/sOhQtA25qxEB2XR3Q/Bhx2g=
+github.com/gdamore/tcell/v2 v2.13.2/go.mod h1:+Wfe208WDdB7INEtCsNrAN6O2m+wsTPk1RAovjaILlo=
 github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag=
 github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/rivo/tview v0.42.0 h1:b/ftp+RxtDsHSaynXTbJb+/n/BxDEi+W3UfF5jILK6c=

internal/checks/checks.go

@@ -2,6 +2,7 @@ package checks
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"math"
 	"os"
@@ -12,6 +13,11 @@ import (
 	"github.com/tis24dev/proxsave/internal/logging"
 )
 
+// createTestFile is a small indirection over os.Create used by permission
+// checks to allow tests to inject controlled failures (e.g., EIO) without
+// depending on specific filesystem behavior.
+var createTestFile = os.Create
+
 // Checker performs pre-backup validation checks
 type Checker struct {
 	logger *logging.Logger
@@ -83,6 +89,7 @@ type CheckResult struct {
 	Passed  bool
 	Message string
 	Error   error
+	Code    string
 }
 
 // NewChecker creates a new pre-backup checker
@@ -260,13 +267,17 @@ func (c *Checker) CheckLockFile() CheckResult {
 // CheckPermissions verifies write permissions on required directories
 func (c *Checker) CheckPermissions() CheckResult {
 	result := CheckResult{
-		Name:   "Permissions",
-		Passed: false,
+		Name:    "Permissions",
+		Passed:  false,
+		Code:    "PERMISSION_CHECK",
 	}
 
 	dirs := []string{c.config.BackupPath, c.config.LogPath}
 
-	for _, dir := range dirs {
+	const maxAttempts = 3
+	const retryDelay = 100 * time.Millisecond
+
+		for _, dir := range dirs {
 		// Check if directory is writable
 		testFile := filepath.Join(dir, fmt.Sprintf(".permission_test_%d", os.Getpid()))
 
@@ -275,14 +286,55 @@ func (c *Checker) CheckPermissions() CheckResult {
 			continue
 		}
 
-		f, err := os.Create(testFile)
-		if err != nil {
-			result.Error = fmt.Errorf("no write permission in %s: %w", dir, err)
+		var lastErr error
+
+		for attempt := 1; attempt <= maxAttempts; attempt++ {
+			f, err := createTestFile(testFile)
+			if err == nil {
+				f.Close()
+				lastErr = nil
+				break
+			}
+
+			lastErr = err
+
+			// Treat filesystem I/O errors as potentially transient and retry
+			if errors.Is(err, syscall.EIO) && attempt < maxAttempts {
+				c.logger.Warning("I/O error while testing write in %s (attempt %d/%d), will retry: %v",
+					dir, attempt, maxAttempts, err)
+				time.Sleep(retryDelay)
+				continue
+			}
+
+			// For non-transient errors or after exhausting retries, stop retrying
+			break
+		}
+
+		if lastErr != nil {
+			err := lastErr
+			var reason string
+			code := "PERMISSION_CHECK_FAILED"
+
+			switch {
+			case errors.Is(err, os.ErrPermission) || errors.Is(err, syscall.EACCES) || errors.Is(err, syscall.EPERM):
+				reason = "no write permission"
+				code = "PERMISSION_DENIED"
+			case errors.Is(err, syscall.EROFS):
+				reason = "filesystem is read-only"
+				code = "FS_READONLY"
+			case errors.Is(err, syscall.EIO):
+				reason = "filesystem I/O error while testing write"
+				code = "FS_IO_ERROR"
+			default:
+				reason = "failed to test write permission"
+			}
+
+			result.Code = code
+			result.Error = fmt.Errorf("%s in %s: %w", reason, dir, err)
 			result.Message = result.Error.Error()
 			c.logger.Error("%s", result.Message)
 			return result
 		}
-		f.Close()
 
 		// Clean up test file
 		if err := os.Remove(testFile); err != nil {

internal/checks/checks_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"os"
 	"path/filepath"
+	"syscall"
 	"testing"
 	"time"
 
@@ -147,6 +148,109 @@ func TestCheckPermissions(t *testing.T) {
 	if !result.Passed {
 		t.Errorf("CheckPermissions failed: %s", result.Message)
 	}
+	if result.Code != "PERMISSION_CHECK" {
+		t.Errorf("expected Code PERMISSION_CHECK on success, got %q", result.Code)
+	}
+}
+
+func TestCheckPermissionsPermissionDenied(t *testing.T) {
+	logger := logging.New(types.LogLevelInfo, false)
+	tmpDir := t.TempDir()
+
+	// When running tests as root, permission checks based on chmod may not
+	// behave as expected because root can bypass filesystem permissions.
+	// In that case, skip this test.
+	if os.Geteuid() == 0 {
+		t.Skip("skipping permission-denied check when running as root")
+	}
+
+	// Create a directory that is not writable
+	protectedDir := filepath.Join(tmpDir, "protected")
+	if err := os.Mkdir(protectedDir, 0755); err != nil {
+		t.Fatalf("failed to create protected dir: %v", err)
+	}
+	if err := os.Chmod(protectedDir, 0555); err != nil {
+		t.Fatalf("failed to chmod protected dir: %v", err)
+	}
+
+	config := &CheckerConfig{
+		BackupPath:          protectedDir,
+		LogPath:             tmpDir,
+		LockDirPath:         tmpDir,
+		SkipPermissionCheck: false,
+		DryRun:              false,
+	}
+
+	checker := NewChecker(logger, config)
+	result := checker.CheckPermissions()
+
+	if result.Passed {
+		t.Fatalf("CheckPermissions should fail for non-writable directory")
+	}
+	if result.Code != "PERMISSION_DENIED" {
+		t.Errorf("expected Code PERMISSION_DENIED, got %q", result.Code)
+	}
+}
+
+func TestCheckPermissionsDryRun(t *testing.T) {
+	logger := logging.New(types.LogLevelInfo, false)
+	tmpDir := t.TempDir()
+
+	config := &CheckerConfig{
+		BackupPath:          tmpDir,
+		LogPath:             tmpDir,
+		LockDirPath:         tmpDir,
+		SkipPermissionCheck: false,
+		DryRun:              true,
+	}
+
+	checker := NewChecker(logger, config)
+	result := checker.CheckPermissions()
+
+	if !result.Passed {
+		t.Fatalf("CheckPermissions should pass in dry-run mode, got: %s", result.Message)
+	}
+	if result.Code != "PERMISSION_CHECK" {
+		t.Errorf("expected Code PERMISSION_CHECK in dry-run mode, got %q", result.Code)
+	}
+}
+
+func TestCheckPermissionsEIORetryAndFailure(t *testing.T) {
+	logger := logging.New(types.LogLevelInfo, false)
+	tmpDir := t.TempDir()
+
+	// Save and restore original createTestFile to avoid side effects
+	origCreate := createTestFile
+	defer func() {
+		createTestFile = origCreate
+	}()
+
+	attempts := 0
+	createTestFile = func(name string) (*os.File, error) {
+		attempts++
+		return nil, syscall.EIO
+	}
+
+	config := &CheckerConfig{
+		BackupPath:          tmpDir,
+		LogPath:             tmpDir,
+		LockDirPath:         tmpDir,
+		SkipPermissionCheck: false,
+		DryRun:              false,
+	}
+
+	checker := NewChecker(logger, config)
+	result := checker.CheckPermissions()
+
+	if result.Passed {
+		t.Fatalf("CheckPermissions should fail when all attempts return EIO")
+	}
+	if result.Code != "FS_IO_ERROR" {
+		t.Errorf("expected Code FS_IO_ERROR, got %q", result.Code)
+	}
+	if attempts != 3 {
+		t.Errorf("expected 3 attempts on EIO, got %d", attempts)
+	}
 }
 
 func TestCheckDirectories(t *testing.T) {
@@ -257,6 +361,39 @@ func TestRunAllChecks(t *testing.T) {
 	checker.ReleaseLock()
 }
 
+func TestRunAllChecksSkipPermissionCheck(t *testing.T) {
+	logger := logging.New(types.LogLevelInfo, false)
+	tmpDir := t.TempDir()
+
+	config := &CheckerConfig{
+		BackupPath:          tmpDir,
+		LogPath:             tmpDir,
+		LockDirPath:         tmpDir,
+		MinDiskPrimaryGB:    0.001,
+		MinDiskSecondaryGB:  0,
+		MinDiskCloudGB:      0,
+		LockFilePath:        filepath.Join(tmpDir, ".backup.lock"),
+		MaxLockAge:          1 * time.Hour,
+		SkipPermissionCheck: true,
+		DryRun:              false,
+	}
+
+	checker := NewChecker(logger, config)
+	ctx := context.Background()
+
+	results, err := checker.RunAllChecks(ctx)
+	if err != nil {
+		t.Fatalf("RunAllChecks (SkipPermissionCheck=true) failed unexpectedly: %v", err)
+	}
+
+	// Permissions check should be skipped: assert that no result is named "Permissions".
+	for _, r := range results {
+		if r.Name == "Permissions" {
+			t.Fatalf("expected Permissions check to be skipped, but it was executed")
+		}
+	}
+}
+
 func TestDryRunMode(t *testing.T) {
 	logger := logging.New(types.LogLevelInfo, false)
 	tmpDir := t.TempDir()

internal/orchestrator/.backup.lock

@@ -1,3 +1,3 @@
-pid=3086032
+pid=37703
 host=pve1
-time=2025-12-07T11:05:54+01:00
+time=2025-12-08T16:51:00+01:00

internal/orchestrator/backup_safety_test.go

@@ -175,6 +175,98 @@ func TestCleanupOldSafetyBackups(t *testing.T) {
 	_ = os.Remove(newBackup)
 }
 
+func TestCreateSafetyBackupArchivesSelectedPaths(t *testing.T) {
+	fake := NewFakeFS()
+	origFS := safetyFS
+	safetyFS = fake
+	t.Cleanup(func() { safetyFS = origFS })
+
+	fixed := time.Date(2024, time.March, 1, 15, 4, 5, 0, time.UTC)
+	origNow := safetyNow
+	safetyNow = func() time.Time { return fixed }
+	t.Cleanup(func() { safetyNow = origNow })
+
+	destRoot := "/restore-target"
+	if err := fake.AddFile(filepath.Join(destRoot, "etc/config.txt"), []byte("config-data")); err != nil {
+		t.Fatalf("add config file: %v", err)
+	}
+	if err := fake.AddDir(filepath.Join(destRoot, "var/lib/app")); err != nil {
+		t.Fatalf("add directory: %v", err)
+	}
+	if err := fake.WriteFile(filepath.Join(destRoot, "var/lib/app/state.txt"), []byte("state"), 0o640); err != nil {
+		t.Fatalf("add state file: %v", err)
+	}
+
+	categories := []Category{
+		{ID: "etc", Paths: []string{"./etc/config.txt"}},
+		{ID: "var", Paths: []string{"./var/lib/app"}},
+	}
+
+	logger := logging.New(types.LogLevelInfo, false)
+
+	result, err := CreateSafetyBackup(logger, categories, destRoot)
+	if err != nil {
+		t.Fatalf("CreateSafetyBackup error: %v", err)
+	}
+
+	expectedName := "restore_backup_" + fixed.Format("20060102_150405") + ".tar.gz"
+	expectedPath := filepath.Join("/tmp", "proxsave", expectedName)
+	if result.BackupPath != expectedPath {
+		t.Fatalf("unexpected backup path: got %s want %s", result.BackupPath, expectedPath)
+	}
+	if !result.Timestamp.Equal(fixed) {
+		t.Fatalf("timestamp mismatch: got %v want %v", result.Timestamp, fixed)
+	}
+	if result.FilesBackedUp != 2 {
+		t.Fatalf("expected 2 files backed up, got %d", result.FilesBackedUp)
+	}
+	if result.TotalSize == 0 {
+		t.Fatalf("expected non-zero total size")
+	}
+
+	archiveFile, err := os.Open(fake.onDisk(result.BackupPath))
+	if err != nil {
+		t.Fatalf("open archive: %v", err)
+	}
+	defer archiveFile.Close()
+
+	gzr, err := gzip.NewReader(archiveFile)
+	if err != nil {
+		t.Fatalf("gzip reader: %v", err)
+	}
+	defer gzr.Close()
+	tr := tar.NewReader(gzr)
+
+	var entries []string
+	for {
+		hdr, err := tr.Next()
+		if err != nil {
+			break
+		}
+		entries = append(entries, filepath.ToSlash(hdr.Name))
+	}
+
+	assertContains := func(name string) {
+		for _, entry := range entries {
+			if entry == name {
+				return
+			}
+		}
+		t.Fatalf("archive missing %s; entries=%v", name, entries)
+	}
+
+	assertContains("etc/config.txt")
+	assertContains("var/lib/app/state.txt")
+
+	locationData, err := os.ReadFile(fake.onDisk(filepath.Join("/tmp", "proxsave", "restore_backup_location.txt")))
+	if err != nil {
+		t.Fatalf("location file: %v", err)
+	}
+	if strings.TrimSpace(string(locationData)) != result.BackupPath {
+		t.Fatalf("location file contents mismatch: %q", string(locationData))
+	}
+}
+
 func TestRestoreSafetyBackup_MaliciousSymlinks(t *testing.T) {
 	logger := logging.New(types.LogLevelInfo, false)