Sudo and Scope

[potatoqualitee]

This pull request adds robust support for user-local and system-wide installation and uninstallation scopes on Linux, including proper sudo handling. It introduces helper functions to determine when sudo is needed and to prompt for credentials when required. The documentation and tests have been updated to reflect these changes.

Scope-aware installation and uninstallation with sudo handling:

• Added Invoke-SudoCommand (private/Invoke-SudoCommand.ps1) to execute commands with sudo when required, including credential validation and clear error messages.
• Added Test-SudoRequired (private/Test-SudoRequired.ps1) to determine if sudo is needed based on OS and installation scope.
• Updated Install-AITool to use Invoke-SudoCommand for system-wide (LocalMachine) pipx installs and improved Node.js installation logic to handle sudo and error reporting more gracefully. [1] [2] [3]
• Updated Uninstall-AITool to support the Scope parameter and use Invoke-SudoCommand for system-wide uninstalls on Linux. [1] [2] [3] [4]

Documentation and testing updates:

• Expanded the README with clear instructions and explanations for installation scopes on Linux and macOS.
• Added tests to verify the Scope parameter for both installation and uninstallation, including validation of allowed values and default behaviors.
• Added usage example for system-wide uninstall to the Uninstall-AITool documentation.

[claude]

Pull Request Review: Sudo and Scope Support

Strengths

• Well-architected separation of concerns with Invoke-SudoCommand and Test-SudoRequired helper functions
• Comprehensive documentation with clear examples
• Good error handling with actionable error messages
• Platform-aware logic for Linux, macOS, and Windows
• Added parameter validation and scope handling tests

Critical Issues

Inconsistent sudo handling (Install-AITool.ps1:412)
Node.js installation manually includes sudo in command string instead of using Invoke-SudoCommand like pipx does (line 347). This bypasses validation and duplicates logic.

Medium Priority

1. Temp file security - /tmp/nodesource_setup.sh vulnerable to race conditions, use mktemp
2. Error swallowing - Invoke-SudoCommand.ps1:58 hides diagnostics with 2>null
3. Missing null check - Test-SudoRequired.ps1:50 needs validation if id command fails
4. Unreachable code - Windows handling in Invoke-SudoCommand may be dead code

Testing Gaps

Tests only verify parameter attributes and already-installed path. Need unit tests for actual sudo logic, error paths, and platform-specific behavior.

Style

Inconsistent string quotes - use single quotes for literals per PowerShell conventions

Security

• Document 5-15 min sudo credential caching
• Command injection currently safe (hardcoded commands)

Performance

Consider caching sudo checks or adding -SkipSudoCheck parameter

---

Recommendation: Approve with changes

Well-designed feature! Main fixes needed:

1. Use Invoke-SudoCommand consistently for Node.js
2. Secure temp file handling with mktemp
3. Improve error handling in helper functions
4. Enhance test coverage

Great work on documentation and architecture!