Struct StdFileSystemProvider

PathNotFound is reserved for genuine “no such entry” errors; permission-denied, EBUSY, EIO and other I/O failures are returned as IoError. Pre-fix the function used path.exists() as a pre-check, but Path::exists returns false for any failure to stat (including PermissionDenied), so an unreadable file would surface as PathNotFound and operators would see the scan silently skip artifacts that actually exist.

Source §

fn list_files( &self, path: &Path, pattern: &str, recursive: bool, ) -> Result<Vec<PathBuf>, FileSystemError>

List the entries of path that match pattern.

§Symlink policy

Symlinks are deliberately NOT followed. The threat model includes scanned packages authored by untrusted parties, so a symlink like evil.json -> /etc/passwd shipped inside a malicious skill MUST NOT cause the scanner to ingest the link target. Concretely:

The recursive walk pins WalkDir::follow_links(false) so the walker neither descends into symlinked directories nor reports the link target’s type.
Both branches gate on FileType::is_file() AND !FileType::is_symlink() so a future refactor that turns follow_links on (which would make is_file() reflect the target type) does not silently re-enable symlink ingestion.

§Error policy

PathNotFound is reserved for genuine “no such directory” errors; permission-denied, EBUSY, EIO and other I/O failures on the root path are returned as IoError. Pre-fix the function used path.exists() as a pre-check, but Path::exists returns false for any failure to stat (including PermissionDenied), so an unreadable directory would surface as PathNotFound and operators would see the scan silently skip artifacts that actually exist on disk — the same failure mode read_file_bytes guards against. Errors encountered on individual child entries during a recursive walk remain warnings: the scan keeps going on the legible siblings instead of aborting the whole package.

§Non-UTF-8 filenames

Filenames containing non-UTF-8 bytes are matched against pattern using OsStr::to_string_lossy (invalid sequences become U+FFFD) and a tracing::warn! is emitted naming the lossy path. Pre-fix the chained to_str() returned None and the entry was silently skipped, allowing an attacker who packages an untrusted skill with a non-UTF-8 artifact name (zip and tar both preserve raw bytes) to evade scanning entirely. Lossy matching closes the evasion vector while the warning surfaces the attempt to operators.

Source §

fn exists(&self, path: &Path) -> bool

Use symlink_metadata to avoid following symlinks, consistent with list_files / walk_files which explicitly filter out symlinks. Path::exists() follows symlinks AND swallows permission errors (returning false for PermissionDenied), which is inconsistent with the symlink-does-not-exist policy of the listing methods.

Source §

fn is_file(&self, path: &Path) -> bool

Use symlink_metadata to avoid following symlinks, consistent with the listing methods’ !file_type.is_symlink() filter.

Source §

fn is_dir(&self, path: &Path) -> bool

Use symlink_metadata to avoid following symlinks, consistent with the listing methods’ !file_type.is_symlink() filter.

Source §

fn walk_files( &self, path: &Path, max_depth: usize, skip_dirs: &[&str], ) -> Result<Vec<PathBuf>, FileSystemError>

Recursive walk over path honouring max_depth and skip_dirs.

Symlinks are NOT followed (follow_links(false)). Errors on individual entries are logged via tracing::warn! and the walk continues, matching the asymmetry documented for list_files: the root error is fatal, child errors are non-fatal so a single unreadable subtree does not blank an entire package scan.

max_depth = 0 means unlimited (matches the documented port contract). skip_dirs is checked against the lossy filename of each directory entry; a match prunes the entire subtree.

Source §