#pragma once
#include <cstddef>

namespace fetchml::common {

// Canonicalize and validate a path
// - Uses realpath() to resolve symlinks and normalize
// - Checks that the canonical path doesn't contain ".." traversal
// - out_canonical must be at least PATH_MAX bytes
// Returns true if path is safe, false otherwise
bool canonicalize_and_validate(const char* path, char* out_canonical, size_t out_size);

// Open a directory with O_NOFOLLOW to prevent symlink attacks
// Returns fd or -1 on error
int open_dir_nofollow(const char* path);

// Open a file relative to a directory fd using openat()
// Uses O_NOFOLLOW to prevent symlink attacks
int openat_nofollow(int dir_fd, const char* filename, int flags, int mode);

} // namespace fetchml::common