hjworktree-cli 2.1.0 → 2.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hjworktree-cli",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "Web-based git worktree parallel AI coding agent runner",
   "type": "module",
   "main": "dist/server/index.js",

package/server/routes/api.ts

@@ -125,6 +125,13 @@ export function apiRouter(cwd: string): Router {
         return;
       }
 
+      // SECURITY: Never delete main worktree
+      if (worktree.isMainWorktree) {
+        console.warn(`[SECURITY] API blocked attempt to delete main worktree: ${name}`);
+        res.status(403).json({ error: 'Cannot delete main worktree' });
+        return;
+      }
+
       await worktreeService.removeWorktree(worktree.path);
       res.json({ success: true });
     } catch (error) {

package/server/services/worktreeService.ts

@@ -1,6 +1,7 @@
 import { simpleGit, SimpleGit } from 'simple-git';
 import path from 'path';
 import fs from 'fs/promises';
+import { realpathSync, statSync } from 'fs';
 import type { Worktree } from '../../shared/types/index.js';
 
 export class WorktreeService {
@@ -13,11 +14,56 @@ export class WorktreeService {
     this.git = simpleGit(cwd);
   }
 
+  /**
+   * Safely resolves a path to its real path, handling symlinks.
+   * Returns null if path cannot be resolved.
+   */
+  private safeRealpath(targetPath: string): string | null {
+    try {
+      return realpathSync(targetPath);
+    } catch {
+      return null;
+    }
+  }
+
+  /**
+   * Checks if a path is a linked worktree (has .git file) vs main repo (has .git directory).
+   * Linked worktrees have a .git FILE that points to the main .git directory.
+   * Main repo has a .git DIRECTORY.
+   */
+  private isLinkedWorktree(worktreePath: string): boolean {
+    const gitPath = path.join(worktreePath, '.git');
+    try {
+      const stat = statSync(gitPath);
+      // .git is a directory = main repository
+      // .git is a file = linked worktree
+      return !stat.isDirectory();
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Checks if the given path is the main repository.
+   */
+  private isMainRepository(targetPath: string): boolean {
+    const resolvedTarget = this.safeRealpath(targetPath);
+    const resolvedRoot = this.safeRealpath(this.rootDir);
+
+    if (!resolvedTarget || !resolvedRoot) {
+      // If we can't resolve paths, assume it might be main repo (fail safe)
+      return true;
+    }
+
+    return resolvedTarget === resolvedRoot;
+  }
+
   async listWorktrees(): Promise<Worktree[]> {
     const result = await this.git.raw(['worktree', 'list', '--porcelain']);
     const worktrees: Worktree[] = [];
 
     const entries = result.trim().split('\n\n').filter(Boolean);
+    const resolvedRootDir = this.safeRealpath(this.rootDir);
 
     for (const entry of entries) {
       const lines = entry.split('\n');
@@ -26,10 +72,17 @@ export class WorktreeService {
       const branch = branchLine?.replace('branch refs/heads/', '');
 
       if (worktreePath) {
+        // Determine if this is the main worktree using realpath comparison
+        const resolvedWorktreePath = this.safeRealpath(worktreePath);
+        const isMainWorktree = resolvedWorktreePath !== null &&
+                               resolvedRootDir !== null &&
+                               resolvedWorktreePath === resolvedRootDir;
+
         worktrees.push({
           path: worktreePath,
           branch: branch || 'detached',
           name: path.basename(worktreePath),
+          isMainWorktree,
         });
       }
     }
@@ -72,6 +125,7 @@ export class WorktreeService {
       path: worktreePath,
       branch: newBranchName,
       name: worktreeName,
+      isMainWorktree: false,  // Created worktrees are always linked, not main
     };
   }
 
@@ -103,28 +157,66 @@ export class WorktreeService {
   }
 
   async removeWorktree(worktreePath: string): Promise<void> {
+    // SECURITY GUARD 1: Use realpathSync for symlink resolution
+    const resolvedWorktreePath = this.safeRealpath(worktreePath);
+    const resolvedRootDir = this.safeRealpath(this.rootDir);
+
+    // If we cannot resolve paths, abort for safety
+    if (!resolvedWorktreePath) {
+      console.warn(`[SECURITY] Cannot resolve worktree path: ${worktreePath}. Aborting deletion.`);
+      return;
+    }
+
+    if (!resolvedRootDir) {
+      console.warn(`[SECURITY] Cannot resolve root directory path. Aborting deletion.`);
+      return;
+    }
+
+    // SECURITY GUARD 2: Check exact match with main repo
+    if (resolvedWorktreePath === resolvedRootDir) {
+      console.warn(`[SECURITY] Attempted to remove main repository: ${worktreePath}. Ignoring.`);
+      return;
+    }
+
+    // SECURITY GUARD 3: Check if path is inside main repo
+    if (resolvedWorktreePath.startsWith(resolvedRootDir + path.sep)) {
+      console.warn(`[SECURITY] Attempted to remove path inside main repository: ${worktreePath}. Ignoring.`);
+      return;
+    }
+
+    // SECURITY GUARD 4: Check if main repo is inside target path (catastrophic prevention)
+    if (resolvedRootDir.startsWith(resolvedWorktreePath + path.sep)) {
+      console.warn(`[SECURITY] Attempted to remove parent of main repository: ${worktreePath}. Ignoring.`);
+      return;
+    }
+
+    // SECURITY GUARD 5: Verify it's actually a linked worktree (has .git FILE, not directory)
+    const isLinked = this.isLinkedWorktree(worktreePath);
+    if (!isLinked) {
+      console.warn(`[SECURITY] Path is not a linked worktree (missing .git file or has .git directory): ${worktreePath}. Ignoring.`);
+      return;
+    }
+
     const branchName = path.basename(worktreePath);
 
+    // CRITICAL: Only use git worktree remove - NEVER use fs.rm() as fallback
     try {
-      // 1. Force remove worktree
       await this.git.raw(['worktree', 'remove', worktreePath, '--force']);
-    } catch {
-      // 2. If worktree remove fails, try to remove directory manually
-      try {
-        await fs.rm(worktreePath, { recursive: true, force: true });
-      } catch {
-        // Ignore errors
-      }
+    } catch (error) {
+      // Log the error but DO NOT fall back to fs.rm
+      console.error(`[SECURITY] Failed to remove worktree via git: ${worktreePath}`, error);
+      // Propagate error instead of dangerous fallback
+      throw new Error(`Failed to remove worktree: ${error instanceof Error ? error.message : 'Unknown error'}`);
     }
 
-    // 3. CRITICAL: Prune orphan worktree references
+    // Prune orphan worktree references
     try {
       await this.git.raw(['worktree', 'prune']);
     } catch {
-      // Ignore prune errors
+      // Ignore prune errors - non-critical
     }
 
-    // 4. Now we can safely delete the branch
+    // Delete the branch
     try {
       await this.git.branch(['-D', branchName]);
     } catch {
@@ -137,8 +229,25 @@ export class WorktreeService {
   async removeAllWorktrees(): Promise<void> {
     const worktrees = await this.listWorktrees();
 
-    // Filter out the main worktree (usually the first one / the main repo)
-    const additionalWorktrees = worktrees.filter(wt => wt.path !== this.rootDir);
+    // Filter out the main worktree using the isMainWorktree flag and path comparison
+    const additionalWorktrees = worktrees.filter(wt => {
+      // Primary check: use isMainWorktree flag
+      if (wt.isMainWorktree) {
+        console.log(`[SECURITY] Skipping main worktree in removeAll: ${wt.path}`);
+        return false;
+      }
+
+      // Secondary check: realpath comparison as defense in depth
+      const resolvedPath = this.safeRealpath(wt.path);
+      const resolvedRoot = this.safeRealpath(this.rootDir);
+
+      if (resolvedPath && resolvedRoot && resolvedPath === resolvedRoot) {
+        console.warn(`[SECURITY] Detected main worktree via realpath (flag was false): ${wt.path}`);
+        return false;
+      }
+
+      return true;
+    });
 
     for (const worktree of additionalWorktrees) {
       try {
@@ -187,6 +296,13 @@ export class WorktreeService {
         continue;
       }
 
+      // SECURITY: Never delete main worktree
+      if (worktree.isMainWorktree) {
+        console.warn(`[SECURITY] Blocked attempt to delete main worktree by name: ${name}`);
+        results.failed.push({ name, error: 'Cannot delete main worktree' });
+        continue;
+      }
+
       try {
         await this.removeWorktree(worktree.path);
         results.deleted.push(name);

package/server/socketHandlers.ts

@@ -1,6 +1,6 @@
 import { Server, Socket } from 'socket.io';
 import * as pty from 'node-pty';
-import type { IPty } from 'node-pty';
+import type { IPty, IPtyForkOptions } from 'node-pty';
 import type {
   TerminalCreateData,
   TerminalInputData,
@@ -9,6 +9,80 @@ import type {
   AgentId
 } from '../shared/types/index.js';
 import { AI_AGENTS } from '../shared/constants.js';
+import fs from 'fs';
+import { promisify } from 'util';
+
+const access = promisify(fs.access);
+
+// Validation utilities
+async function validatePath(pathToCheck: string): Promise<{ valid: boolean; error?: string }> {
+  try {
+    await access(pathToCheck, fs.constants.R_OK | fs.constants.X_OK);
+    return { valid: true };
+  } catch (error) {
+    return {
+      valid: false,
+      error: error instanceof Error ? error.message : 'Path not accessible'
+    };
+  }
+}
+
+async function validateShell(shell: string): Promise<{ valid: boolean; error?: string }> {
+  if (process.platform === 'win32') {
+    return { valid: true };
+  }
+  try {
+    await access(shell, fs.constants.X_OK);
+    return { valid: true };
+  } catch (error) {
+    return {
+      valid: false,
+      error: `Shell not executable: ${shell}`
+    };
+  }
+}
+
+// PTY spawn with retry logic
+async function spawnWithRetry(
+  shell: string,
+  args: string[],
+  options: IPtyForkOptions,
+  maxRetries: number = 3
+): Promise<IPty> {
+  let lastError: Error | null = null;
+
+  for (let attempt = 0; attempt < maxRetries; attempt++) {
+    try {
+      const ptyProcess = pty.spawn(shell, args, options);
+      return ptyProcess;
+    } catch (error) {
+      lastError = error instanceof Error ? error : new Error(String(error));
+      console.error(`[PTY] Spawn attempt ${attempt + 1}/${maxRetries} failed:`, lastError.message);
+
+      if (attempt < maxRetries - 1) {
+        const delay = Math.pow(2, attempt) * 100;
+        await new Promise(resolve => setTimeout(resolve, delay));
+      }
+    }
+  }
+
+  throw lastError || new Error('Failed to spawn PTY after retries');
+}
+
+// Spawn interval control to prevent resource contention
+let lastSpawnTime = 0;
+const MIN_SPAWN_INTERVAL = 150;
+
+async function waitForSpawnInterval(): Promise<void> {
+  const now = Date.now();
+  const elapsed = now - lastSpawnTime;
+
+  if (elapsed < MIN_SPAWN_INTERVAL) {
+    await new Promise(resolve => setTimeout(resolve, MIN_SPAWN_INTERVAL - elapsed));
+  }
+
+  lastSpawnTime = Date.now();
+}
 
 interface TerminalSession {
   pty: IPty;
@@ -42,7 +116,22 @@ export function setupSocketHandlers(io: Server, cwd: string) {
         const shell = getShell();
         const agentCommand = getAgentCommand(agentType);
 
-        const ptyProcess = pty.spawn(shell, [], {
+        // Validate path before spawning
+        const pathValidation = await validatePath(worktreePath);
+        if (!pathValidation.valid) {
+          throw new Error(`Invalid worktree path: ${pathValidation.error}`);
+        }
+
+        // Validate shell before spawning
+        const shellValidation = await validateShell(shell);
+        if (!shellValidation.valid) {
+          throw new Error(`Invalid shell: ${shellValidation.error}`);
+        }
+
+        // Wait for spawn interval to prevent resource contention
+        await waitForSpawnInterval();
+
+        const ptyProcess = await spawnWithRetry(shell, [], {
           name: 'xterm-256color',
           cols: 120,
           rows: 30,

package/shared/types/index.ts

@@ -51,6 +51,7 @@ export interface Worktree {
   path: string;
   branch: string;
   name: string;
+  isMainWorktree: boolean;
 }
 
 // Socket.IO event types