fix(cli): tolerate unreadable dirs when building systemd PATH

[austinpickett]

What does this PR do?

generate_systemd_unit calls _build_service_path_dirs(), which probes optional PATH entries via Path.is_dir(). Unit tests simulate sudo by patching Path.home() to /root, so Hermes paths resolve under /root/.hermes/.... Normal users cannot stat /root; that raised PermissionError and broke TestSystemUnitHermesHome (and CI on Linux runners).

Treat unreadable/absent probes like “not usable”: _path_usable_bindir wraps .is_dir() with except OSError so PATH construction skips those entries instead of failing.

Related Issue

CI-only / test breakage; no ticket linked.

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

• hermes_cli/gateway.py — add _path_usable_bindir(); use it in _build_service_path_dirs() instead of bare .is_dir().

How to Test

1. pytest tests/hermes_cli/test_gateway_service.py::TestSystemUnitHermesHome -q
2. Optional full suite sanity: ensure no regression in systemd unit generation PATH contents on a real Hermes checkout.

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run pytest tests/ -q and all tests pass
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform: Ubuntu / WSL2

Documentation & Housekeeping

• I've updated relevant documentation (README, docs/, docstrings) — or N/A
• I've updated cli-config.yaml.example if I added/changed config keys — or N/A
• I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

For New Skills

Not applicable.

Screenshots / Logs

N/A

[github-actions]

🔎 Lint report: austin/fix/systemd-path-root-probe vs origin/main

ruff

Total: 0 on HEAD, 0 on base (➖ 0)

🆕 New issues: none

✅ Fixed issues: none

Unchanged: 0 pre-existing issues carried over.

ty (type checker)

Total: 8304 on HEAD, 8304 on base (➖ 0)

🆕 New issues: none

✅ Fixed issues: none

Unchanged: 4338 pre-existing issues carried over.

Diagnostics are surfaced as warnings — this check never fails the build.

[Copilot]

Pull request overview

This PR makes systemd PATH construction more tolerant of inaccessible optional bindirs by wrapping directory probes so OSError/PermissionError skips unusable entries instead of aborting unit generation.

Changes:

• Adds _path_usable_bindir() to safely check candidate PATH directories.
• Replaces direct .is_dir() checks in _build_service_path_dirs() with the safe helper.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[austinpickett]

Addressed the two inline review threads in 1a37f20:

• Docstring now matches behavior: Path.is_dir() stat-style probe, OSError treated as absent (no overstated “readability” claim).
• Added TestPathUsableBindir with PermissionError / OSError / happy-path coverage.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

[alt-glitch]

Duplicate of #26640. Both PRs fix the same bug: _build_service_path_dirs() in hermes_cli/gateway.py propagates PermissionError from Path.is_dir() on inaccessible paths. Both add an OSError-catching wrapper around .is_dir() calls. #26640 was opened first and has more comprehensive tests.