chore: fix cross-platform path check in classifyWriteEdit

amondnet · amondnet · commit 8f8cc0fc933d · 2026-04-01T00:29:45.000+09:00
Remove POSIX-only startsWith('/') guard so absolute Windows paths
(e.g. C:\Users\...) are no longer auto-allowed outside the project root.
Now relies solely on resolvedPath.startsWith(process.cwd()) and uses
path.sep for node_modules detection, making the check portable.
diff --git a/plugins/gatekeeper/dist/pre-tool-use.js b/plugins/gatekeeper/dist/pre-tool-use.js
@@ -218,7 +218,7 @@ function classifyWriteEdit(filePath) {
     }
   }
   const resolvedPath = path.resolve(filePath);
-  if (!resolvedPath.startsWith("/") || resolvedPath.startsWith(process.cwd()) || resolvedPath.includes("/node_modules/")) {
+  if (resolvedPath.startsWith(process.cwd()) || resolvedPath.includes(`${path.sep}node_modules${path.sep}`)) {
     return { decision: "allow", reason: "Safe project file write" };
   }
   return null;
diff --git a/plugins/gatekeeper/src/pre-tool-use.ts b/plugins/gatekeeper/src/pre-tool-use.ts
@@ -151,9 +151,9 @@ export function classifyWriteEdit(filePath: string): { decision: Decision, reaso
     }
   }
 
-  // Project-relative paths are generally safe; resolve to absolute path first to prevent path traversal
+  // Resolve to absolute path first to prevent path traversal; allow only within project root
   const resolvedPath = path.resolve(filePath)
-  if (!resolvedPath.startsWith('/') || resolvedPath.startsWith(process.cwd()) || resolvedPath.includes('/node_modules/')) {
+  if (resolvedPath.startsWith(process.cwd()) || resolvedPath.includes(`${path.sep}node_modules${path.sep}`)) {
     return { decision: 'allow', reason: 'Safe project file write' }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -218,7 +218,7 @@ function classifyWriteEdit(filePath) {`
`218`	`218`	`}`
`219`	`219`	`}`
`220`	`220`	`const resolvedPath = path.resolve(filePath);`
`221`		`- if (!resolvedPath.startsWith("/") \|\| resolvedPath.startsWith(process.cwd()) \|\| resolvedPath.includes("/node_modules/")) {`
	`221`	+ if (resolvedPath.startsWith(process.cwd()) \|\| resolvedPath.includes(`${path.sep}node_modules${path.sep}`)) {
`222`	`222`	`return { decision: "allow", reason: "Safe project file write" };`
`223`	`223`	`}`
`224`	`224`	`return null;`
Original file line number	Diff line number	Diff line change
`@@ -151,9 +151,9 @@ export function classifyWriteEdit(filePath: string): { decision: Decision, reaso`
`151`	`151`	`}`
`152`	`152`	`}`
`153`	`153`
`154`		`- // Project-relative paths are generally safe; resolve to absolute path first to prevent path traversal`
	`154`	`+ // Resolve to absolute path first to prevent path traversal; allow only within project root`
`155`	`155`	`const resolvedPath = path.resolve(filePath)`
`156`		`- if (!resolvedPath.startsWith('/') \|\| resolvedPath.startsWith(process.cwd()) \|\| resolvedPath.includes('/node_modules/')) {`
	`156`	+ if (resolvedPath.startsWith(process.cwd()) \|\| resolvedPath.includes(`${path.sep}node_modules${path.sep}`)) {
`157`	`157`	`return { decision: 'allow', reason: 'Safe project file write' }`
`158`	`158`	`}`
`159`	`159`