Module fs 

Filesystem and path utilities (base dir, path-component safety, atomic write). Filesystem and path utilities shared across the engine.

These primitives back both the engine config file and credential storage: resolving the per-user base directory, validating untrusted path components, and writing files atomically with restrictive permissions. They are domain-agnostic so callers that persist their own files can reuse them rather than re-implementing the same path safety and atomic-write logic.

Functions

config_base_dir

Resolves the per-user base directory for an app’s config and data files.

is_safe_path_component

Returns true only when s is a single, non-traversal path component that is valid on all supported platforms.

write_string_atomic

Writes contents to path via a uniquely-named temp file then renames it into place. On Unix the rename is atomic, the file is created 0600, and the parent directory is best-effort restricted to 0700. On Windows the rename replaces an existing destination but is not crash-atomic.