security(security): close TOCTOU window in auth.json credential writers (Hermes v0.13 parity)

[subinium]

Background

Hermes v0.13 (#21194) — hermes_cli/auth.py credential writers had the same TOCTOU window as the MCP OAuth path. Fix: atomic temp-write +
O_NOFOLLOW + 0600 in a single primitive.

Current state in CrowClaw

• packages/cli/src/index.ts writes ~/.crowclaw/auth.json and ~/.crowclaw/config.json via node:fs.promises.writeFile. No atomic temp-then-rename,
  no perm enforcement.
• World-readable auth.json is silently produced when default umask is 0022.

Scope

• Modified: packages/cli/src/index.ts, any auth.json writer in packages/runtime-node/src/
• Reuses writeSecretAtomic helper from the MCP OAuth issue (sibling issue) — file this even if that one slips

Implementation sketch

1. Replace direct writeFile calls for auth.json / config.json / runtime-config.json with writeSecretAtomic
2. On startup, if auth.json exists with mode & 0o077 ≠ 0, log a warning and offer crowclaw doctor fix-perms
3. crowclaw doctor learns a fix-perms subcommand that chmod-fixes the data dir

Acceptance criteria

• Fresh auth.json is 0600
• Pre-existing world-readable file triggers warning + remediation hint
• crowclaw doctor fix-perms walks the data dir and chmods every secret-bearing file to 0600

Effort

S — same helper + CLI surface.

Effect

Prevents shoulder-surfing-via-shared-host. Pairs with the MCP OAuth fix to close the credential-write surface end-to-end.

Source

Hermes #21194, #19699 · CrowClaw current: packages/cli/src/index.ts, auth.json writers