fix(step): preserve cmd.exe quoting for {{files}} on Windows

[jdx]

Fixes #823.

Summary

• On Windows, Rust's Command::arg applies MSVCRT-style argv escaping that collides with cmd.exe's own quoting, so a rendered {{files}} payload (already quoted via ShellType::Cmd::quote) reaches tools with literal " characters in the arguments. In practice this silently broke ruff, biome, and any other {{files}}-based check — they'd exit 0 while processing zero files, so hk would report success on malformed invocations.
• Switch the Windows cmd.exe /c path in src/step/runner.rs to use a new CmdLineRunner::raw_arg (paired with new_direct to avoid the implicit cmd.exe /c wrapping), so the rendered command string is appended verbatim via CommandExt::raw_arg and cmd.exe can parse its own quoting without Rust interference. Also covers {{workspace_files}}, which goes through the same shell-quoting path.
• Requires ensembler PR: feat(cmd): add new_direct and raw_arg for Windows quoting ensembler#89 (submodule pointer bumped in this PR).

Test plan

• cargo check (linux) passes.
• cargo check --target x86_64-pc-windows-gnu passes.
• Added a Pester regression test {{files}} template passes clean arguments on Windows (no literal quotes) in e2e-win/check.Tests.ps1: materializes files including hello world.txt, renders python check_args.py {{files}}, and fails if any arg contains a literal " or references a missing path.
• Wired the new Pester test into the ci-windows job in .github/workflows/ci.yml.

🤖 Generated with Claude Code

---

Note

Medium Risk
Changes how step commands are executed on Windows cmd.exe by switching to a raw-argument path; this can affect argument parsing/escaping and could alter behavior for existing Windows hooks.

Overview
Fixes Windows cmd.exe execution so rendered {{files}}/{{workspace_files}} strings are passed verbatim to the shell (using CmdLineRunner::new_direct + raw_arg) instead of being re-escaped by Rust, preventing literal quote characters from reaching tools and silently dropping files.

Adds a Windows Pester regression test that validates {{files}} expands to real paths (including spaces) without embedded quotes, and wires that test into the ci-windows GitHub Actions job.

^{Reviewed by Cursor Bugbot for commit 6693338. Bugbot is set up for automated code reviews on this repo. Configure here.}

[gemini-code-assist]

Code Review

This pull request addresses an issue on Windows where Rust's default argument escaping conflicts with cmd.exe quoting, particularly when using the {{files}} template. The changes introduce the use of raw_arg for the default cmd.exe runner to bypass MSVCRT-style re-escaping and include a new regression test. Feedback suggests extending this logic to custom shells that are identified as cmd.exe on Windows to ensure the fix is applied consistently.

[gemini-code-assist]

The fix for cmd.exe quoting should also be applied when a custom shell is provided, if that shell is detected as cmd.exe. Currently, the custom shell block still uses .arg(&run), which will trigger the same MSVCRT-style escaping issue that this PR aims to fix for the default shell path. By using raw_arg when the shell type is Cmd on Windows, we ensure that the rendered command string (which already contains cmd.exe-appropriate quoting from ShellType::Cmd::quote) is passed through verbatim.

Suggested change

	cmd.arg(&run)
	if cfg!(windows) && self.shell_type() == ShellType::Cmd {
	cmd.raw_arg(&run)
	} else {
	cmd.arg(&run)
	}

[greptile-apps]

Greptile Summary

Fixes the Windows cmd.exe double-escaping bug where Rust's MSVCRT argv escaping mangled {{files}}/{{workspace_files}} payloads that were already quoted by ShellType::Cmd::quote. The fix uses CmdLineRunner::new_direct + raw_arg so cmd.exe receives the verbatim command string and parses its own quoting correctly.

One unrelated file — .claude/scheduled_tasks.lock — was accidentally included in the commit and should be removed and gitignored.

Confidence Score: 5/5

Safe to merge; the core Windows fix and test coverage are correct, with only a trivial stale lock file to clean up.

All findings are P2. The runner.rs logic is sound — use_raw_cmd is correctly scoped to Windows+Cmd at both compile time and runtime, the sh path is structurally unchanged, and the ensembler submodule bump provides the new API. The Pester test now includes the positive file-presence assertions requested in the previous review thread. The only issue is an accidentally committed .claude/scheduled_tasks.lock that has no impact on hk's behavior.

.claude/scheduled_tasks.lock should be deleted and added to .gitignore; no other files need special attention.

Important Files Changed

Filename	Overview
src/step/runner.rs	Correctly gates Windows cmd.exe path on use_raw_cmd (compile-time cfg!(windows) + runtime ShellType::Cmd check); uses new_direct + raw_arg to avoid double-escaping of already-quoted {{files}} payloads; sh path is unchanged and structurally equivalent.
e2e-win/check.Tests.ps1	New Pester regression test covers the bug with a spaced filename and validates both negative (no literal quotes, no missing files) and positive (both files appear in output) assertions; addresses the gap flagged in the previous review thread.
.github/workflows/ci.yml	Wires the new Pester test into ci-windows via -TestName "*{{files}} template*"; {{ is not a GitHub Actions expression (needs ${{), so the pattern passes through literally to Pester's wildcard filter.
.claude/scheduled_tasks.lock	Accidentally committed Claude Code session lock file (session ID, PID, timestamp); should be deleted and added to .gitignore.
ensembler	Submodule pointer bumped to provide the new CmdLineRunner::new_direct and raw_arg APIs required by the Windows fix.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Step::run] --> B{use_raw_cmd
cfg windows AND ShellType::Cmd}
    B -- Yes --> C{self.shell set?}
    B -- No --> D{self.shell set?}

    C -- Yes --> E["new_direct(shell[0])
+ arg(shell[1..])
+ raw_arg(&run)"]
    C -- No --> F["new_direct(cmd.exe)
+ arg(/c)
+ raw_arg(&run)"]

    D -- Yes --> G["new(shell[0])
+ arg(shell[1..])
+ arg(&run)"]
    D -- No --> H["new(sh)
+ arg(-o errexit -c)
+ arg(&run)"]

    E --> I[cmd.execute]
    F --> I
    G --> I
    H --> I

    style E fill:#d4edda,stroke:#28a745
    style F fill:#d4edda,stroke:#28a745

Loading

_{Reviews (5): Last reviewed commit: "test(windows): use file:// URI for pkl a..." | Re-trigger Greptile}