From a364a10d6aef9fcf08d5e44b5917dad46bb25e69 Mon Sep 17 00:00:00 2001 From: catlog22 Date: Sat, 3 Jan 2026 11:46:51 +0800 Subject: [PATCH] fix(ccw): Add path validation for --cd parameter in CLI executor Validate working directory path before passing to spawn() to prevent ENOENT errors when malformed paths are provided. Uses existing validatePath utility for path validation and existence checks. - Import validatePath from path-resolver - Validate cd parameter with mustExist check before use - Provide clear error message with invalid path details --- ccw/src/tools/cli-executor.ts | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/ccw/src/tools/cli-executor.ts b/ccw/src/tools/cli-executor.ts index 8a767fdf..c1819746 100644 --- a/ccw/src/tools/cli-executor.ts +++ b/ccw/src/tools/cli-executor.ts @@ -9,6 +9,7 @@ import type { HistoryIndexEntry } from './cli-history-store.js'; import { spawn, ChildProcess } from 'child_process'; import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync, readdirSync, statSync } from 'fs'; import { join, relative } from 'path'; +import { validatePath } from '../utils/path-resolver.js'; // Track current running child process for cleanup on interruption let currentChildProcess: ChildProcess | null = null; @@ -675,8 +676,17 @@ async function executeCliTool( const { tool, prompt, mode, format, model, cd, includeDirs, timeout, resume, id: customId, noNative, category, parentExecutionId } = parsed.data; - // Determine working directory early (needed for conversation lookup) - const workingDir = cd || process.cwd(); + // Validate and determine working directory early (needed for conversation lookup) + let workingDir: string; + if (cd) { + const validation = validatePath(cd, { mustExist: true }); + if (!validation.valid) { + throw new Error(`Invalid working directory (--cd): ${validation.error}. Path: ${cd}`); + } + workingDir = validation.path!; + } else { + workingDir = process.cwd(); + } ensureHistoryDir(workingDir); // Ensure history directory exists // NEW: Check if model is a custom LiteLLM endpoint ID