From aedf9cdf031e99081c4f58fc2b82c31c140d9249 Mon Sep 17 00:00:00 2001 From: Greg Gauthier Date: Sat, 7 Mar 2026 16:18:29 +0000 Subject: [PATCH] refactor(recipe/runner): enhance working directory resolution and shell command safety - Rename and expand resolvePackagePath to resolveWorkDir, which now appends project_name if provided - Update discoverFiles to use workDir and add default search pattern if none specified - Modify executeShellCommands prompt to include workDir and enforce relative paths only - Add safety checks to reject shell commands with ".." or absolute paths to prevent directory escapes - Minor prompt and formatting adjustments for clarity and consistency --- internal/recipe/runner.go | 74 +++++++++++++++++++++++++++++++-------- 1 file changed, 60 insertions(+), 14 deletions(-) diff --git a/internal/recipe/runner.go b/internal/recipe/runner.go index 96ea16f..48aac91 100644 --- a/internal/recipe/runner.go +++ b/internal/recipe/runner.go @@ -24,8 +24,8 @@ func NewRunner(r *Recipe, client *grok.Client, model string) *Runner { func (r *Runner) Run() error { fmt.Printf("🍳 Starting recipe: %s v%s\n\n", r.Recipe.Name, r.Recipe.Version) - // Resolve package_path once at the start (handles ~, ., etc.) - workDir := r.resolvePackagePath() + // Resolve the final working directory once (package_path + project_name) + workDir := r.resolveWorkDir() var previousResults []string var refactorJSONs []string @@ -92,6 +92,40 @@ Execute this step now. Respond ONLY with the expected output format — no expla return nil } +// resolveWorkDir returns the absolute path where all shell commands should run +func (r *Runner) resolveWorkDir() string { + // Start with package_path param or default + root := "." + if v, ok := r.Recipe.ResolvedParams["package_path"]; ok { + if s, ok := v.(string); ok && s != "" { + root = s + } + } + + // Expand ~ + if strings.HasPrefix(root, "~/") { + home, _ := os.UserHomeDir() + root = filepath.Join(home, root[2:]) + } else if root == "~" { + root, _ = os.UserHomeDir() + } + + // Make absolute + absRoot, err := filepath.Abs(root) + if err != nil { + absRoot = root + } + + // Append project_name if provided + if name, ok := r.Recipe.ResolvedParams["project_name"]; ok { + if s, ok := name.(string); ok && s != "" { + absRoot = filepath.Join(absRoot, s) + } + } + + return absRoot +} + // resolvePackagePath expands ~, ., and makes the path absolute func (r *Runner) resolvePackagePath() string { root := "." @@ -118,7 +152,8 @@ func (r *Runner) resolvePackagePath() string { } // discoverFiles now takes the resolved absolute path -func (r *Runner) discoverFiles(root string) []string { +// discoverFiles now takes the resolved workDir +func (r *Runner) discoverFiles(workDir string) []string { var files []string allowedExt := make(map[string]bool) @@ -130,13 +165,18 @@ func (r *Runner) discoverFiles(root string) []string { } } - _ = filepath.WalkDir(root, func(path string, d os.DirEntry, err error) error { + searchFor := r.Recipe.SearchPattern + if searchFor == "" { + searchFor = "if err != nil" + } + + _ = filepath.WalkDir(workDir, func(path string, d os.DirEntry, err error) error { if err != nil || d.IsDir() { return nil } if allowedExt[filepath.Ext(path)] { b, _ := os.ReadFile(path) - if strings.Contains(string(b), r.Recipe.SearchPattern) { + if strings.Contains(string(b), searchFor) { files = append(files, path) } } @@ -259,13 +299,12 @@ func createUnifiedPatch(changes []FileChange, patchPath string) error { return nil } +// executeShellCommands — safe, whitelisted, boundary-enforced // executeShellCommands — safe, whitelisted, boundary-enforced func (r *Runner) executeShellCommands(step Step, previousResults []string, workDir string) { - prompt := fmt.Sprintf(`You are executing shell commands for this step. -Recipe Overview: -%s +Project root (current working directory for all commands): %s Previous step results: %s @@ -274,17 +313,17 @@ Previous step results: Objective: %s Instructions: %s -Return ONLY a JSON array of commands to run. Each command must be in this exact format: +Return ONLY a JSON array of commands. Use **relative paths only** (no ~, no absolute paths). Example: [ { "command": "poetry", - "args": ["new", "{{.project_name}}"] + "args": ["new", "."] } ] -Only use commands from the allowed list. Never use cd, rm -rf, or anything that could escape the project directory.`, - r.Recipe.Overview, +Never use cd, rm -rf, or anything that could escape the project directory.`, + workDir, strings.Join(previousResults, "\n\n---\n\n"), step.Objective, step.Instructions) @@ -297,7 +336,6 @@ Only use commands from the allowed list. Never use cd, rm -rf, or anything that response := r.Client.Stream(messages, r.Model) fmt.Println() - // Parse JSON... type ShellCommand struct { Command string `json:"command"` Args []string `json:"args"` @@ -337,7 +375,15 @@ Only use commands from the allowed list. Never use cd, rm -rf, or anything that continue } - // Execute with strict cwd = resolved package_path + // Safety check: no escaping the boundary + for _, arg := range cmd.Args { + if strings.Contains(arg, "..") || strings.HasPrefix(arg, "/") { + fmt.Printf(" ❌ Command rejected (tries to escape boundary): %s\n", fullCmd) + continue + } + } + + // Execute with strict cwd execCmd := exec.Command(cmd.Command, cmd.Args...) execCmd.Dir = workDir output, err := execCmd.CombinedOutput()