fix: don't cause fatal issues when doing update checks inside of agent sandbox

[sean-roberts]

🎉 Thanks for submitting a pull request! 🎉

Summary

Fix: gracefully handle update check when config store is not writable

When the CLI runs with restricted permissions, update-notifier's internal configstore fails with EPERM and registers a process.on('exit') handler that prints a scary error box — which we can't catch or suppress. It also causes unrecoverable errors in clis like codex. This skips the update check entirely when the config directory isn't writable, avoiding the error without affecting normal usage.

Fixes #<replace_with_issue_number>

---

For us to review and ship your PR efficiently, please perform the following steps:

• Open a bug/issue before writing your code 🧑‍💻. This ensures we can discuss the changes and get feedback from everyone that should be involved. If you`re fixing a typo or something that`s on fire 🔥 (e.g. incident related), you can skip this step.
• Read the contribution guidelines 📖. This ensures your code follows our style guide and
  passes our tests.
• Update or add tests (if any source code was changed or added) 🧪
• Update or add documentation (if features were changed or added) 📝
• Make sure the status checks below are successful ✅

A picture of a cute animal (not mandatory, but encouraged)

[github-actions]

📊 Benchmark results

Comparing with cf93d1f

• Dependency count: 1,061 (no change)
• Package size: 355 MB (no change)
• Number of ts-expect-error directives: 356 (no change)

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes
  • Update checks and notifications are now skipped when the configuration directory is not writable, preventing noisy error logs.
  • The app detects write permission before attempting update notification, improving behavior in restricted filesystem environments.

Walkthrough

Added filesystem/path/os imports and a new canWriteConfigStore() helper in bin/run.js. The helper resolves the configstore directory (honoring XDG_CONFIG_HOME with a fallback to ~/.config/configstore, walking up to an existing parent) and uses accessSync(..., W_OK) to test writability without throwing. Update-notification (getPackageJson() + updateNotifier(...).notify()) is now executed only when canWriteConfigStore() returns true; when the directory is not writable, update checking and its “Error checking for updates” logging are skipped.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: preventing fatal issues during update checks in restricted permission environments by conditionally skipping the check.
Description check	✅ Passed	The description clearly explains the problem (update-notifier failures in restricted permissions causing blocking errors) and the solution (gracefully skip update checks when config store is not writable).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sr/ax-updater

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@bin/run.js`:
- Around line 43-47: The writability check in canWriteConfigStore() incorrectly
calls accessSync on the non-existent target configDir and returns false on
ENOENT; change it to walk up from configDir using path.dirname until you find an
existing ancestor (using fs.existsSync or try statSync) and then call
accessSync(..., constants.W_OK) on that existing ancestor (references:
canWriteConfigStore, accessSync, constants.W_OK, configDir) so the function
returns true when the parent is writable and the configstore directory can be
created.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 59079024-5cf7-4b55-ad13-f4be8703ba28

📥 Commits

Reviewing files that changed from the base of the PR and between cf93d1f and 7febb34.

📒 Files selected for processing (1)

• bin/run.js

[coderabbitai]

🧹 Nitpick comments (1)

bin/run.js (1)

41-69: Consider extracting canWriteConfigStore() into a small utility with unit tests.

This logic is now core to startup behavior; isolating it will make edge cases (missing dir, unwritable ancestor, custom XDG_CONFIG_HOME) easier to lock down with tests.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@bin/run.js` around lines 41 - 69, Extract the canWriteConfigStore function
into a small exported utility (e.g., export function canWriteConfigStore(...))
and replace the inline implementation in bin/run.js with an import and call; add
unit tests covering the key scenarios: XDG_CONFIG_HOME set to a custom
directory, missing configstore directory where an ancestor is writable vs not
(returns false), and unwritable directory/ancestors (accessSync throwing), and
ensure tests mock filesystem calls (existsSync, dirname, accessSync, homedir) to
assert behavior and error handling; keep the function signature and behavior
identical so updateNotifier usage remains unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@bin/run.js`:
- Around line 41-69: Extract the canWriteConfigStore function into a small
exported utility (e.g., export function canWriteConfigStore(...)) and replace
the inline implementation in bin/run.js with an import and call; add unit tests
covering the key scenarios: XDG_CONFIG_HOME set to a custom directory, missing
configstore directory where an ancestor is writable vs not (returns false), and
unwritable directory/ancestors (accessSync throwing), and ensure tests mock
filesystem calls (existsSync, dirname, accessSync, homedir) to assert behavior
and error handling; keep the function signature and behavior identical so
updateNotifier usage remains unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7a7f22c6-a971-4978-8e31-d57592cec327

📥 Commits

Reviewing files that changed from the base of the PR and between 7febb34 and 27bfbf4.

📒 Files selected for processing (1)

• bin/run.js