refactor: extrair execWithSudo() e eliminar shell injection na escalação sudo

Extrai lógica duplicada de sudo re-exec para helper compartilhado,
troca execSync com template literal por execFileSync com array de args
(elimina shell injection), e propaga bunPath no PreflightResult para
evitar chamada redundante a findBunBinary().

Author: othavi0

src/patcher/binary-finder.ts

@@ -186,6 +186,10 @@ export function findClaudeBinary(): string {
 }
 
 export function findBunBinary(): string {
+  if (process.env.ANYBUDDY_BUN_PATH && existsSync(process.env.ANYBUDDY_BUN_PATH)) {
+    return process.env.ANYBUDDY_BUN_PATH;
+  }
+
   const onPath = which('bun');
   if (onPath) return onPath;
 

src/patcher/preflight.ts

@@ -16,10 +16,12 @@ export function runPreflight({ requireBinary = true } = {}): PreflightResult {
 
   // 1. Check bun is installed (deferred — may not be needed for Node-based installs)
   let bunVersion: string | null = null;
+  let bunPath: string | null = null;
   let bunMissing = false;
   try {
-    const bunPath = findBunBinary();
-    bunVersion = execSync(`"${bunPath}" --version`, { encoding: 'utf-8', timeout: 5000 }).trim();
+    const resolved = findBunBinary();
+    bunVersion = execSync(`"${resolved}" --version`, { encoding: 'utf-8', timeout: 5000 }).trim();
+    bunPath = resolved;
   } catch {
     bunMissing = true;
   }
@@ -176,8 +178,8 @@ export function runPreflight({ requireBinary = true } = {}): PreflightResult {
     for (const e of errors) {
       console.log(chalk.red(`  Error: ${e}\n`));
     }
-    return { ok: false, binaryPath, userId, saltCount, bunVersion, needsSudo };
+    return { ok: false, binaryPath, userId, saltCount, bunVersion, bunPath, needsSudo };
   }
 
-  return { ok: true, binaryPath, userId, saltCount, bunVersion, needsSudo };
+  return { ok: true, binaryPath, userId, saltCount, bunVersion, bunPath, needsSudo };
 }

src/patcher/sudo.ts

@@ -0,0 +1,23 @@
+import { execFileSync } from 'child_process';
+import chalk from 'chalk';
+import type { PreflightResult } from '@/types.js';
+
+/** Re-exec the current CLI under sudo, forwarding resolved paths as env vars. */
+export function execWithSudo(preflight: PreflightResult): never {
+  const args = process.argv.slice(1);
+  console.log(chalk.yellow('  Binary requires elevated permissions. Re-running with sudo...\n'));
+
+  const env: string[] = [`HOME=${process.env.HOME ?? ''}`];
+  if (preflight.bunPath) env.push(`ANYBUDDY_BUN_PATH=${preflight.bunPath}`);
+  if (preflight.binaryPath) env.push(`CLAUDE_BINARY=${preflight.binaryPath}`);
+
+  try {
+    execFileSync('sudo', ['env', ...env, process.execPath, ...args], {
+      stdio: 'inherit',
+    });
+    process.exit(0);
+  } catch {
+    console.error(chalk.red('  Sudo failed. Try: sudo any-buddy'));
+    process.exit(1);
+  }
+}

src/tui/commands/buddies.ts

@@ -1,12 +1,13 @@
 import chalk from 'chalk';
-import { execSync } from 'child_process';
+
 import { select } from '@inquirer/prompts';
 import { ORIGINAL_SALT, RARITY_STARS } from '@/constants.js';
 import { roll } from '@/generation/index.js';
 import { DEFAULT_PERSONALITIES } from '@/personalities.js';
 import { isNodeRuntime, verifySalt, isClaudeRunning, getMinSaltCount } from '@/patcher/salt-ops.js';
 import { patchBinary } from '@/patcher/patch.js';
 import { runPreflight } from '@/patcher/preflight.js';
+import { execWithSudo } from '@/patcher/sudo.js';
 import {
   loadPetConfigV2,
   savePetConfigV2,
@@ -53,20 +54,7 @@ export async function runBuddies(): Promise<void> {
   }
 
   if (preflight.needsSudo && process.getuid?.() !== 0) {
-    const args = process.argv.slice(1);
-    console.log(chalk.yellow('  Binary requires elevated permissions. Re-running with sudo...\n'));
-    try {
-      execSync(
-        `sudo --preserve-env=HOME ${process.execPath} ${args.map((a) => `"${a}"`).join(' ')}`,
-        {
-          stdio: 'inherit',
-        },
-      );
-      process.exit(0);
-    } catch {
-      console.error(chalk.red('  Sudo failed. Try: sudo any-buddy'));
-      process.exit(1);
-    }
+    execWithSudo(preflight);
   }
 
   const config = loadPetConfigV2();

src/tui/commands/interactive.ts

@@ -1,5 +1,5 @@
 import chalk from 'chalk';
-import { execSync } from 'child_process';
+
 import { confirm, input, select } from '@inquirer/prompts';
 import type { CliFlags, DesiredTraits } from '@/types.js';
 import { SPECIES, EYES, RARITIES, HATS, STAT_NAMES, ORIGINAL_SALT } from '@/constants.js';
@@ -14,6 +14,7 @@ import {
 } from '@/patcher/salt-ops.js';
 import { patchBinary } from '@/patcher/patch.js';
 import { runPreflight } from '@/patcher/preflight.js';
+import { execWithSudo } from '@/patcher/sudo.js';
 import {
   loadPetConfig,
   loadPetConfigV2,
@@ -174,20 +175,7 @@ function runSetup(): SetupResult {
   }
 
   if (preflight.needsSudo && process.getuid?.() !== 0) {
-    const args = process.argv.slice(1);
-    console.log(chalk.yellow('  Binary requires elevated permissions. Re-running with sudo...\n'));
-    try {
-      execSync(
-        `sudo --preserve-env=HOME ${process.execPath} ${args.map((a) => `"${a}"`).join(' ')}`,
-        {
-          stdio: 'inherit',
-        },
-      );
-      process.exit(0);
-    } catch {
-      console.error(chalk.red('  Sudo failed. Try: sudo any-buddy'));
-      process.exit(1);
-    }
+    execWithSudo(preflight);
   }
   const userId = preflight.userId;
   const binaryPath = preflight.binaryPath;

src/types.ts

@@ -96,6 +96,7 @@ export interface PreflightResult {
   userId: string;
   saltCount: number;
   bunVersion: string | null;
+  bunPath: string | null;
   needsSudo: boolean;
 }