fix(security): close remaining path validation gaps (#77)

Harden the SSH agent-state and skill-removal paths to match the local security model, and avoid rejecting valid local workspace skill removals. Made-with: Cursor Co-authored-by: iamlukethedev <lucas.guilherme@smartwayslfl.com>
2026-03-27 22:21:41 -05:00
parent e0eb73111b
commit c3556d2daa
10 changed files with 69 additions and 21 deletions
@@ -55,5 +55,8 @@ describe("agent state ssh executor", () => {
        input: expect.stringContaining('python3 - "$1" "$2"'),
      })
    );
+    const call = mockedRunSshJson.mock.calls[0]?.[0];
+    expect(call?.input).toContain('trash_root = base / "trash" / "studio-delete-agent"');
+    expect(call?.input).toContain('trashDir is not under {trash_root}');
  });
 });