From 687513124df814c497787088c5985adc7b3db285 Mon Sep 17 00:00:00 2001
From: aniongithub <ani@anionline.me>
Date: Mon, 11 May 2026 22:09:12 -0700
Subject: [PATCH] fix: ensure ~/.mind-map is user-owned before TLS generate

On a fresh install, sudo commands (service stop/install/start) could
create ~/.mind-map owned by root before 'tls generate' runs as the
user, causing permission denied.

Fix: create ~/.mind-map early as the user, and chown the whole
directory after service install.
---
 install.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/install.sh b/install.sh
index 856d3f2..4389ae1 100755
--- a/install.sh
+++ b/install.sh
@@ -72,6 +72,10 @@ DOWNLOAD_URL="https://github.com/${REPO}/releases/download/${VERSION}/${TARBALL_
 # Create install directory
 mkdir -p "$INSTALL_DIR"
 
+# Ensure ~/.mind-map exists and is owned by the current user.
+# This must happen before any sudo commands that might create it as root.
+mkdir -p "${HOME}/.mind-map"
+
 # Stop existing service before replacing the binary
 if [ -f "${INSTALL_DIR}/mind-map" ]; then
   sudo "${INSTALL_DIR}/mind-map" service stop 2>/dev/null && \
@@ -249,6 +253,7 @@ if [[ "$INSTALL_SERVICE" =~ ^[Yy]$ ]]; then
     # Fix ownership: the service runs as root but agents run as the user.
     # Both need write access to the wiki dir and SQLite database.
     sudo chown -R "$(id -u):$(id -g)" "${SERVICE_WIKI_DIR}"
+    sudo chown -R "$(id -u):$(id -g)" "${HOME}/.mind-map"
   else
     "${INSTALL_DIR}/mind-map" service stop 2>/dev/null || true
     "${INSTALL_DIR}/mind-map" service uninstall 2>/dev/null || true