Add cbm_replace_binary: unlink-before-write for update command

TDD: two tests (overwrite read-only file, create new file) written
first, then cbm_replace_binary() implemented and wired into update.

The update command failed when the existing binary had no write
permission (e.g., 0500). unlink() only requires write permission on
the parent directory, not the file itself, so removing first then
creating with O_CREAT | 0755 handles all permission combinations.

Fixes #114.

Author: DeusData

src/cli/cli.c

@@ -258,6 +258,40 @@ int cbm_copy_file(const char *src, const char *dst) {
     return rc == 0 ? 0 : -1;
 }
 
+/* Replace a binary file: unlink first (handles read-only existing files),
+ * then create with the given data and permissions. */
+int cbm_replace_binary(const char *path, const unsigned char *data, int len, int mode) {
+    if (!path || !data || len <= 0) {
+        return -1;
+    }
+
+    /* Remove existing file first — handles the case where the old binary
+     * has no write permission (e.g., 0500). unlink() only requires write
+     * permission on the parent directory, not the file itself. */
+    (void)cbm_unlink(path);
+
+#ifndef _WIN32
+    int fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, (mode_t)mode);
+    if (fd < 0) {
+        return -1;
+    }
+    FILE *f = fdopen(fd, "wb");
+    if (!f) {
+        close(fd);
+        return -1;
+    }
+#else
+    FILE *f = fopen(path, "wb");
+    if (!f) {
+        return -1;
+    }
+#endif
+
+    size_t written = fwrite(data, 1, (size_t)len, f);
+    (void)fclose(f);
+    return written == (size_t)len ? 0 : -1;
+}
+
 /* ── Skill file content (embedded) ────────────────────────────── */
 
 static const char skill_exploring_content[] =
@@ -2822,28 +2856,13 @@ int cbm_cmd_update(int argc, char **argv) {
             return 1;
         }
 
-        /* Open with final permissions atomically (no TOCTOU between write and chmod) */
-#ifndef _WIN32
-        int fd = open(bin_dest, O_WRONLY | O_CREAT | O_TRUNC, 0755);
-        if (fd < 0) {
-            fprintf(stderr, "error: cannot write to %s\n", bin_dest);
-            free(bin_data);
-            return 1;
-        }
-        FILE *out = fdopen(fd, "wb");
-#else
-        FILE *out = fopen(bin_dest, "wb");
-#endif
-        if (!out) {
+        /* Replace binary: unlink first (handles read-only existing file),
+         * then create with 0755 permissions. Fixes #114. */
+        if (cbm_replace_binary(bin_dest, bin_data, bin_len, 0755) != 0) {
             fprintf(stderr, "error: cannot write to %s\n", bin_dest);
             free(bin_data);
-#ifndef _WIN32
-            close(fd);
-#endif
             return 1;
         }
-        fwrite(bin_data, 1, (size_t)bin_len, out);
-        fclose(out);
         free(bin_data);
     } else {
         /* Zip extraction: exec unzip directly without shell interpretation */

src/cli/cli.h

@@ -45,6 +45,11 @@ const char *cbm_find_cli(const char *name, const char *home_dir);
 /* Copy a file from src to dst. Returns 0 on success, -1 on error. */
 int cbm_copy_file(const char *src, const char *dst);
 
+/* Replace a binary file: unlinks the existing file first (handles read-only),
+ * then creates a new file with the given data and permissions.
+ * Returns 0 on success, -1 on error. */
+int cbm_replace_binary(const char *path, const unsigned char *data, int len, int mode);
+
 /* ── Skill file management ────────────────────────────────────── */
 
 /* Number of skill files. */

tests/test_cli.c

@@ -2012,6 +2012,83 @@ TEST(cli_config_persists) {
     PASS();
 }
 
+/* ═══════════════════════════════════════════════════════════════════
+ *  Group H: cbm_replace_binary (update command helper)
+ * ═══════════════════════════════════════════════════════════════════ */
+
+#ifndef _WIN32
+
+TEST(replace_binary_overwrites_readonly) {
+    /* Simulate #114: existing binary has mode 0500 (no write permission).
+     * cbm_replace_binary must unlink first, then create with 0755. */
+    char tmpdir[256];
+    snprintf(tmpdir, sizeof(tmpdir), "/tmp/cli-replace-XXXXXX");
+    if (!cbm_mkdtemp(tmpdir)) {
+        SKIP("cbm_mkdtemp failed");
+    }
+
+    char path[512];
+    snprintf(path, sizeof(path), "%s/test-binary", tmpdir);
+
+    /* Create a read-only file (simulating an installed binary with 0500) */
+    FILE *f = fopen(path, "w");
+    ASSERT_NOT_NULL(f);
+    fputs("old-content", f);
+    fclose(f);
+    chmod(path, 0500); /* r-x------ */
+
+    /* Replace it with new content */
+    const unsigned char new_data[] = "new-content-replaced";
+    int rc = cbm_replace_binary(path, new_data, (int)sizeof(new_data) - 1, 0755);
+    ASSERT_EQ(rc, 0);
+
+    /* Verify new content was written */
+    FILE *check = fopen(path, "r");
+    ASSERT_NOT_NULL(check);
+    char buf[64] = {0};
+    fread(buf, 1, sizeof(buf) - 1, check);
+    fclose(check);
+    ASSERT_STR_EQ(buf, "new-content-replaced");
+
+    /* Verify permissions are 0755 */
+    struct stat st;
+    ASSERT_EQ(stat(path, &st), 0);
+    ASSERT_EQ(st.st_mode & 0777, 0755);
+
+    remove(path);
+    rmdir(tmpdir);
+    PASS();
+}
+
+TEST(replace_binary_creates_new_file) {
+    /* If no existing file, cbm_replace_binary should create it. */
+    char tmpdir[256];
+    snprintf(tmpdir, sizeof(tmpdir), "/tmp/cli-replace2-XXXXXX");
+    if (!cbm_mkdtemp(tmpdir)) {
+        SKIP("cbm_mkdtemp failed");
+    }
+
+    char path[512];
+    snprintf(path, sizeof(path), "%s/new-binary", tmpdir);
+
+    const unsigned char data[] = "brand-new";
+    int rc = cbm_replace_binary(path, data, (int)sizeof(data) - 1, 0755);
+    ASSERT_EQ(rc, 0);
+
+    FILE *check = fopen(path, "r");
+    ASSERT_NOT_NULL(check);
+    char buf[64] = {0};
+    fread(buf, 1, sizeof(buf) - 1, check);
+    fclose(check);
+    ASSERT_STR_EQ(buf, "brand-new");
+
+    remove(path);
+    rmdir(tmpdir);
+    PASS();
+}
+
+#endif /* _WIN32 */
+
 /* ═══════════════════════════════════════════════════════════════════
  *  Suite definition
  * ═══════════════════════════════════════════════════════════════════ */
@@ -2148,4 +2225,10 @@ SUITE(cli) {
     RUN_TEST(cli_config_get_int);
     RUN_TEST(cli_config_delete);
     RUN_TEST(cli_config_persists);
+
+    /* Replace binary (update command helper — group H) */
+#ifndef _WIN32
+    RUN_TEST(replace_binary_overwrites_readonly);
+    RUN_TEST(replace_binary_creates_new_file);
+#endif
 }