cxlinux-ai · Copilot · Jan 29, 2026 · Jan 29, 2026
@@ -42,13 +42,14 @@ wezterm-gui-subcommands.workspace = true
 wezterm-term.workspace = true
 
 # CX Security dependencies
-rusqlite = { version = "0.31", features = ["bundled"] }
+rusqlite = { workspace = true, features = ["bundled"] }
 ureq = { version = "2.9", features = ["json"] }
 uuid = { version = "1.6", features = ["v4"] }
 dirs = "5.0"
 
 [target."cfg(unix)".dependencies]
 termios.workspace = true
+nix = { workspace = true, features = ["user"] }
 
 [target."cfg(windows)".dependencies.winapi]
 features = [

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2026 CX Linux
  * Licensed under the Business Source License 1.1
  * You may not use this file except in compliance with the License.

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2026 CX Linux
  * Licensed under the Business Source License 1.1
  * You may not use this file except in compliance with the License.
@@ -220,7 +220,7 @@ impl std::str::FromStr for OutputFormat {
 }
 
 /// Patching strategy
-#[derive(Debug, Clone, Copy, Default)]
+#[derive(Debug, Clone, Copy, Default, serde::Serialize, serde::Deserialize)]
 pub enum PatchStrategy {
     /// Only patch critical vulnerabilities (CVSS >= 9.0)
     #[default]
@@ -247,7 +247,7 @@ impl std::str::FromStr for PatchStrategy {
 }
 
 /// Schedule frequency
-#[derive(Debug, Clone, Copy, Default)]
+#[derive(Debug, Clone, Copy, Default, serde::Serialize, serde::Deserialize)]
 pub enum ScheduleFrequency {
     Daily,
     Weekly,

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2026 CX Linux
  * Licensed under the Business Source License 1.1
  * You may not use this file except in compliance with the License.
@@ -13,6 +13,7 @@
 //! - Rollback capability via installation history
 
 use anyhow::{Context, Result};
+use log::warn;
 use serde::{Deserialize, Serialize};
 use std::collections::HashSet;
 use std::process::Command;
@@ -277,10 +278,29 @@ pub fn run_patch(cmd: PatchCommand) -> Result<()> {
 
 /// Get available update version for a package
 fn get_available_update(package_name: &str) -> Result<Option<String>> {
-    // First, update package cache (silently)
-    let _ = Command::new("apt-get")
+    // First, update package cache
+    match Command::new("apt-get")
         .args(["update", "-qq"])
-        .output();
+        .output()
+    {
+        Ok(output) => {
+            if !output.status.success() {
+                warn!(
+                    "apt-get update failed with status: {}. Package cache may be stale.",
+                    output.status
+                );
+                if !output.stderr.is_empty() {
+                    warn!(
+                        "apt-get update stderr: {}",
+                        String::from_utf8_lossy(&output.stderr)
+                    );
+                }
+            }
+        }
+        Err(e) => {
+            warn!("Failed to execute apt-get update: {}. Package cache may be stale.", e);
+        }
+    }
 
     // Check for available updates
     let output = Command::new("apt-cache")

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2026 CX Linux
  * Licensed under the Business Source License 1.1
  * You may not use this file except in compliance with the License.

@@ -1,4 +1,4 @@
-/**
+/*
  * Copyright (c) 2026 CX Linux
  * Licensed under the Business Source License 1.1
  * You may not use this file except in compliance with the License.
@@ -15,6 +15,9 @@ use std::fs;
 use std::path::PathBuf;
 use std::process::Command;
 
+#[cfg(unix)]
+use nix::unistd::geteuid;
+
 use super::{ScheduleCommand, ScheduleSubCommand, ScheduleCreateCommand, ScheduleFrequency, PatchStrategy};
 use super::database::SecurityDatabase;
 
@@ -443,8 +446,14 @@ fn send_notification(schedule: &Schedule) -> Result<()> {
 }
 
 /// Check if running as root
+#[cfg(unix)]
+fn is_root() -> bool {
+    geteuid().is_root()
+}
+
+#[cfg(not(unix))]
 fn is_root() -> bool {
-    unsafe { libc::geteuid() == 0 }
+    false
 }
 
 /// Sanitize name for use in systemd unit names