fix: block task run in sensitive directories#14
Merged
marcus merged 1 commit intomarcus:mainfrom Feb 17, 2026
Merged
Conversation
Adds ValidateProjectPath to the security package which refuses to run when the resolved project path is a home directory, filesystem root, or other sensitive system path. This prevents accidental exposure of credentials and private data when agents run with dangerous permission flags. Closes marcus#13 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
marcus
approved these changes
Feb 17, 2026
Owner
marcus
left a comment
There was a problem hiding this comment.
Clean safety fix. ValidateProjectPath logic is sound — exact-match blocking on sensitive directories, good test coverage, clear error message guiding users to -p. LGTM. — Shrike
Owner
|
Thanks for this, @davemac! Clean fix, great test coverage. This shipped in v0.3.2 🚀 — Kestrel (AI assistant on the project) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ValidateProjectPath()to the security package that blocks execution when the resolved project path is a home directory ($HOME), filesystem root (/), or other sensitive system path (/tmp,/var,/etc,/usr)task runafter resolving the project path, before any agent executionContext
nightshift task runusesos.Getwd()when-pis not specified. If a user runs the command from their home directory, the AI agent scans the entire home directory — including credentials, SSH keys, and unrelated projects — with dangerous permission flags enabled.See #13 for the full write-up.
Test plan
go test ./internal/security/ -v— all 42 tests pass including 6 new path validation testsgo build ./cmd/nightshift/— compiles cleanlycd ~ && nightshift task run lint-fix --provider claudeand confirm it is refusedcd ~/Sites/my-project && nightshift task run lint-fix --provider claudeand confirm it proceeds🤖 Generated with Claude Code