fix(processor): ensure correct error for parent-is-file on Linux

The `ensure_path_safe` function previously called `canonicalize()` on the target path directly. On Linux, this fails early with a "Not a directory" error if the target path doesn't exist but its parent path exists and is a file. This prevented the intended `ParentIsNotDirectory` error from being generated during the create operation, leading to an incorrect `failed_io` summary count instead of `failed_parent_isdir`.

This commit modifies `ensure_path_safe` to first check if the target path exists using `fs::metadata()`.
- If the target exists, it's canonicalized directly for the safety check.
- If the target does not exist, the safety check relies on canonicalizing the *parent* path (`check_nonexistent_target_safety`), deferring the specific check for the parent's type to the `create::ensure_parent_directory` function.

This ensures that the correct `ProcessError::ParentIsNotDirectory` is raised and reported in the summary when attempting to create a file where the parent path exists but is a file, resolving the test failure on Linux.

Author: Romelium

src/processor/safety.rs

@@ -1,40 +1,49 @@
 //! Path safety validation logic.
 
 use crate::errors::ProcessError;
+use std::fs; // Use fs::metadata
 use std::io::ErrorKind;
 use std::path::Path;
 
 /// Checks if the target path is safely within the base directory.
-/// Canonicalizes both paths for reliable comparison.
+/// Canonicalizes paths for reliable comparison.
 pub(crate) fn ensure_path_safe(base_dir: &Path, target_path: &Path) -> Result<(), ProcessError> {
     // Canonicalize base directory (must succeed as it's resolved in process_actions)
     let canonical_base = base_dir
         .canonicalize()
         .map_err(|e| ProcessError::Io { source: e })?;
 
-    // Attempt to canonicalize the target path.
-    match target_path.canonicalize() {
-        Ok(canonical_target) => {
-            // If target exists and canonicalizes, check if it starts with the base
-            if canonical_target.starts_with(&canonical_base) {
-                Ok(()) // Path is safe
-            } else {
-                Err(ProcessError::PathNotSafe {
-                    resolved_path: canonical_target,
-                    base_path: canonical_base,
-                })
+    // Check if the target path *exists* first using metadata.
+    match fs::metadata(target_path) {
+        Ok(_) => {
+            // Target exists. Canonicalize it for the safety check.
+            match target_path.canonicalize() {
+                Ok(canonical_target) => {
+                    if canonical_target.starts_with(&canonical_base) {
+                        Ok(()) // Path exists and is safe
+                    } else {
+                        Err(ProcessError::PathNotSafe {
+                            resolved_path: canonical_target,
+                            base_path: canonical_base,
+                        })
+                    }
+                }
+                Err(e) => {
+                    // Error canonicalizing an *existing* path (permissions?)
+                    Err(ProcessError::PathResolution {
+                        path: target_path.to_path_buf(),
+                        details: format!("Failed to canonicalize existing target path: {}", e),
+                    })
+                }
             }
         }
         Err(ref e) if e.kind() == ErrorKind::NotFound => {
             // Target doesn't exist: Check safety based on its intended parent.
             check_nonexistent_target_safety(target_path, &canonical_base)
         }
         Err(e) => {
-            // Other error during canonicalization (e.g., permission denied)
-            Err(ProcessError::PathResolution {
-                path: target_path.to_path_buf(),
-                details: format!("Failed to canonicalize target path: {}", e),
-            })
+            // Other error getting metadata (permissions?)
+            Err(ProcessError::Io { source: e }) // Map other metadata errors to IO
         }
     }
 }