getsentry
diff --git a/‎src/commands/cli/fix.ts‎
Lines changed: 311 additions & 26 deletions b/‎src/commands/cli/fix.ts‎
Lines changed: 311 additions & 26 deletions
@@ -1,10 +1,12 @@
 /**
  * sentry cli fix
  *
- * Diagnose and repair CLI database issues (schema and permissions).
+ * Diagnose and repair CLI database issues (schema, permissions, and ownership).
  */
 
-import { chmod, stat } from "node:fs/promises";
+import { execSync } from "node:child_process";
+import { chmod, chown, stat } from "node:fs/promises";
+import { userInfo } from "node:os";
 import type { SentryContext } from "../../context.js";
 import { buildCommand } from "../../lib/command.js";
 import { getConfigDir, getDbPath, getRawDatabase } from "../../lib/db/index.js";
@@ -43,6 +45,33 @@ type PermissionIssue = {
   expectedMode: number;
 };
 
+/**
+ * A file or directory that is owned by a different user (typically root),
+ * preventing the current process from writing to it.
+ */
+type OwnershipIssue = {
+  path: string;
+  kind: "directory" | "database" | "journal";
+  /** UID of the file's current owner */
+  ownerUid: number;
+};
+
+/**
+ * Determine the real username for display in chown instructions.
+ *
+ * When running under `sudo`, `SUDO_USER` holds the original user's login name.
+ * Falls back to `USER` / `USERNAME` env vars, then `os.userInfo()`.
+ */
+function getRealUsername(): string {
+  return (
+    process.env.SUDO_USER ||
+    process.env.USER ||
+    process.env.USERNAME ||
+    userInfo().username ||
+    "$(whoami)"
+  );
+}
+
 /**
  * Check if a path has the exact expected permission mode.
  *
@@ -132,6 +161,221 @@ async function checkPermissions(dbPath: string): Promise<PermissionIssue[]> {
   return results.filter((r): r is PermissionIssue => r !== null);
 }
 
+/**
+ * Check whether any config dir files or the DB are owned by a different user
+ * (typically root after a `sudo` install).
+ *
+ * We only check the config directory and the DB file — those are the gating
+ * items. If they are owned by root, chmod will fail and is pointless to attempt.
+ *
+ * @param dbPath - Absolute path to the database file
+ * @param currentUid - The UID of the running process
+ * @returns List of paths owned by a different user (empty = all owned by us)
+ */
+async function checkOwnership(
+  dbPath: string,
+  currentUid: number
+): Promise<OwnershipIssue[]> {
+  const configDir = getConfigDir();
+
+  const checks: Array<{ path: string; kind: OwnershipIssue["kind"] }> = [
+    { path: configDir, kind: "directory" },
+    { path: dbPath, kind: "database" },
+    { path: `${dbPath}-wal`, kind: "journal" },
+    { path: `${dbPath}-shm`, kind: "journal" },
+  ];
+
+  const settled = await Promise.allSettled(checks.map((c) => stat(c.path)));
+  const issues: OwnershipIssue[] = [];
+
+  for (let i = 0; i < settled.length; i++) {
+    const result = settled[i] as PromiseSettledResult<
+      Awaited<ReturnType<typeof stat>>
+    >;
+    const check = checks[i] as (typeof checks)[number];
+
+    if (result.status === "fulfilled") {
+      const ownerUid = Number(result.value.uid);
+      if (ownerUid !== currentUid) {
+        issues.push({ path: check.path, kind: check.kind, ownerUid });
+      }
+      continue;
+    }
+
+    // Missing files are fine (WAL/SHM created on demand).
+    // EACCES on a child file means the directory already blocks access — the
+    // directory check above will surface the real issue.
+    const code =
+      result.reason instanceof Error
+        ? (result.reason as NodeJS.ErrnoException).code
+        : undefined;
+    if (code !== "ENOENT" && code !== "EACCES") {
+      throw result.reason;
+    }
+  }
+
+  return issues;
+}
+
+/**
+ * Resolve the numeric UID for a username by running `id -u <username>`.
+ * Returns null if the lookup fails or returns a non-numeric result.
+ *
+ * Uses `execSync` from `node:child_process` so this works on both the Bun
+ * binary and the npm/node distribution.
+ */
+function resolveUid(username: string): number | null {
+  try {
+    const result = execSync(`id -u ${username}`, {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "ignore"],
+    });
+    const uid = Number(result.trim());
+    return Number.isNaN(uid) ? null : uid;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Perform chown on the given ownership issues, transferring files to
+ * `username`. Called only when the current process is already root.
+ *
+ * @returns Object with lists of human-readable success and failure messages
+ */
+async function repairOwnership(
+  issues: OwnershipIssue[],
+  username: string,
+  targetUid: number
+): Promise<{ fixed: string[]; failed: string[] }> {
+  const fixed: string[] = [];
+  const failed: string[] = [];
+
+  const results = await Promise.allSettled(
+    issues.map((issue) => chown(issue.path, targetUid, -1))
+  );
+
+  for (let i = 0; i < results.length; i++) {
+    const result = results[i] as PromiseSettledResult<void>;
+    const issue = issues[i] as OwnershipIssue;
+    if (result.status === "fulfilled") {
+      fixed.push(`${issue.kind} ${issue.path}: transferred to ${username}`);
+    } else {
+      const reason =
+        result.reason instanceof Error
+          ? result.reason.message
+          : "unknown error";
+      failed.push(`${issue.kind} ${issue.path}: ${reason}`);
+    }
+  }
+
+  return { fixed, failed };
+}
+
+/**
+ * Diagnose ownership issues and optionally repair them.
+ *
+ * When the running process is root (`currentUid === 0`), we can perform chown
+ * to transfer ownership back to the real user. The real username is inferred
+ * from `SUDO_USER` / `USER` / `USERNAME` env vars (set by sudo).
+ *
+ * When not root, we print the exact `sudo chown` command the user must run.
+ *
+ * @param dbPath - Absolute path to the database file
+ * @param currentUid - UID of the running process
+ * @param dryRun - If true, report issues without repairing
+ * @param output - Streams for user-facing output
+ * @returns Count of issues found and whether any repairs failed
+ */
+async function handleOwnershipIssues(
+  dbPath: string,
+  currentUid: number,
+  dryRun: boolean,
+  { stdout, stderr }: Output
+): Promise<DiagnoseResult> {
+  const issues = await checkOwnership(dbPath, currentUid);
+  if (issues.length === 0) {
+    return { found: 0, repairFailed: false };
+  }
+
+  stdout.write(`Found ${issues.length} ownership issue(s):\n`);
+  for (const issue of issues) {
+    stdout.write(
+      `  - ${issue.kind} ${issue.path}: owned by uid ${issue.ownerUid}\n`
+    );
+  }
+  stdout.write("\n");
+
+  const configDir = getConfigDir();
+  const username = getRealUsername();
+
+  if (dryRun) {
+    stdout.write(
+      printOwnershipInstructions(currentUid, username, configDir, true)
+    );
+    return { found: issues.length, repairFailed: false };
+  }
+
+  if (currentUid !== 0) {
+    // Not root — can't chown, print instructions.
+    stderr.write(
+      printOwnershipInstructions(currentUid, username, configDir, false)
+    );
+    return { found: issues.length, repairFailed: true };
+  }
+
+  // Running as root (e.g. via sudo sentry cli fix) — perform chown.
+  const targetUid = resolveUid(username);
+  if (targetUid === null) {
+    stderr.write(
+      `Warning: Could not determine UID for user "${username}".\n` +
+        "Run the following command manually:\n" +
+        `  chown -R ${username} "${configDir}"\n\n`
+    );
+    return { found: issues.length, repairFailed: true };
+  }
+
+  stdout.write(`Transferring ownership to ${username} (uid ${targetUid})...\n`);
+  const { fixed, failed } = await repairOwnership(issues, username, targetUid);
+  for (const fix of fixed) {
+    stdout.write(`  + ${fix}\n`);
+  }
+  if (failed.length > 0) {
+    stderr.write("\nSome ownership repairs failed:\n");
+    for (const fail of failed) {
+      stderr.write(`  ! ${fail}\n`);
+    }
+    return { found: issues.length, repairFailed: true };
+  }
+  stdout.write("\n");
+  return { found: issues.length, repairFailed: false };
+}
+
+/**
+ * Return the ownership fix instructions string.
+ *
+ * @param currentUid - UID of the running process
+ * @param username - The real user's login name
+ * @param configDir - The config directory path
+ * @param dryRun - Whether this is a dry-run preview
+ */
+function printOwnershipInstructions(
+  currentUid: number,
+  username: string,
+  configDir: string,
+  dryRun: boolean
+): string {
+  if (dryRun && currentUid === 0) {
+    return `Would transfer ownership of "${configDir}" to ${username}.\n`;
+  }
+  return (
+    "To fix ownership, run one of:\n\n" +
+    `  sudo chown -R ${username} "${configDir}"\n\n` +
+    "Or let sentry fix it automatically:\n\n" +
+    "  sudo sentry cli fix\n\n"
+  );
+}
+
 /**
  * Format a permission mode as an octal string (e.g., "0644").
  *
@@ -315,18 +559,53 @@ function handleSchemaIssues(
   return { found: issues.length, repairFailed: failed.length > 0 };
 }
 
+/**
+ * Run schema diagnostics, guarding against DB open failures.
+ *
+ * The schema check opens the database, which can throw if the DB or config
+ * directory is inaccessible. This wrapper catches those errors so `--dry-run`
+ * can finish all diagnostics even when the filesystem is broken.
+ *
+ * @param priorIssuesFound - Total ownership+permission issues already found.
+ *   If non-zero, a schema open failure is expected and we stay quiet about it.
+ */
+function safeHandleSchemaIssues(
+  dbPath: string,
+  dryRun: boolean,
+  out: Output,
+  priorIssuesFound: number
+): DiagnoseResult {
+  try {
+    return handleSchemaIssues(dbPath, dryRun, out);
+  } catch {
+    if (priorIssuesFound === 0) {
+      out.stderr.write("Could not open database to check schema.\n");
+      out.stderr.write(
+        `Try deleting the database and restarting: rm "${dbPath}"\n`
+      );
+    }
+    return { found: 0, repairFailed: true };
+  }
+}
+
 export const fixCommand = buildCommand({
   docs: {
     brief: "Diagnose and repair CLI database issues",
     fullDescription:
-      "Check the CLI's local SQLite database for schema and permission issues and repair them.\n\n" +
+      "Check the CLI's local SQLite database for schema, permission, and ownership\n" +
+      "issues and repair them.\n\n" +
       "This is useful when upgrading from older CLI versions, if the database\n" +
       "becomes inconsistent due to interrupted operations, or if file permissions\n" +
       "prevent the CLI from writing to its local database.\n\n" +
       "The command performs non-destructive repairs only - it adds missing tables\n" +
-      "and columns, and fixes file permissions, but never deletes data.\n\n" +
+      "and columns, fixes file permissions, and transfers ownership — but never\n" +
+      "deletes data.\n\n" +
+      "If files are owned by root (e.g. after `sudo brew install`), run with sudo\n" +
+      "to transfer ownership back to the current user:\n\n" +
+      "  sudo sentry cli fix\n\n" +
       "Examples:\n" +
       "  sentry cli fix              # Fix database issues\n" +
+      "  sudo sentry cli fix         # Fix root-owned files\n" +
       "  sentry cli fix --dry-run    # Show what would be fixed without making changes",
   },
   parameters: {
@@ -344,32 +623,38 @@ export const fixCommand = buildCommand({
     const dryRun = flags["dry-run"];
     const out = { stdout, stderr: this.stderr };
 
+    // process.getuid() is undefined on Windows
+    const currentUid =
+      typeof process.getuid === "function" ? process.getuid() : -1;
+
     stdout.write(`Database: ${dbPath}\n`);
     stdout.write(`Expected schema version: ${CURRENT_SCHEMA_VERSION}\n\n`);
 
-    const perm = await handlePermissionIssues(dbPath, dryRun, out);
-
-    // Schema check opens the database, which can throw if the DB or config
-    // directory is readonly. Guard with try/catch so --dry-run can finish
-    // diagnostics even when the filesystem is broken.
-    let schema: DiagnoseResult;
-    try {
-      schema = handleSchemaIssues(dbPath, dryRun, out);
-    } catch {
-      // If we already found permission issues, the schema check failure is
-      // expected — don't obscure the permission report with an unrelated crash.
-      // If no permission issues were found, this is unexpected so re-report it.
-      if (perm.found === 0) {
-        out.stderr.write("Could not open database to check schema.\n");
-        out.stderr.write(
-          `Try deleting the database and restarting: rm "${dbPath}"\n`
-        );
-      }
-      schema = { found: 0, repairFailed: true };
-    }
+    // 1. Check ownership first — if files are root-owned, chmod will fail anyway.
+    //    On Windows (currentUid === -1), skip the ownership check entirely.
+    const ownership: DiagnoseResult =
+      currentUid >= 0
+        ? await handleOwnershipIssues(dbPath, currentUid, dryRun, out)
+        : { found: 0, repairFailed: false };
+
+    // 2. Check permissions (skip if ownership issues already reported failures —
+    //    chmod will fail on root-owned files so the output would be misleading).
+    const skipPerm = !dryRun && ownership.repairFailed;
+    const perm: DiagnoseResult = skipPerm
+      ? { found: 0, repairFailed: false }
+      : await handlePermissionIssues(dbPath, dryRun, out);
+
+    // 3. Schema check — guarded so filesystem errors don't hide earlier reports.
+    const schema = safeHandleSchemaIssues(
+      dbPath,
+      dryRun,
+      out,
+      ownership.found + perm.found
+    );
 
-    const totalFound = perm.found + schema.found;
-    const anyFailed = perm.repairFailed || schema.repairFailed;
+    const totalFound = ownership.found + perm.found + schema.found;
+    const anyFailed =
+      ownership.repairFailed || perm.repairFailed || schema.repairFailed;
 
     if (totalFound === 0 && !anyFailed) {
       stdout.write(