fix(reference): harden core reference edge cases

Co-Authored-By: Virgil <virgil@lethean.io>
2026-04-17 20:31:06 +01:00 · 2026-04-17 20:31:06 +01:00 · b54daae418
commit b54daae418
parent 088927ce50
13 changed files with 149 additions and 15 deletions
--- a/.core/TODO.md
+++ b/.core/TODO.md
@ -0,0 +1 @@
+- @test pkg/monitor/harvest_test.go:49 — `go test ./...` currently fails in `TestHarvest_*` because the git commit setup command exits with code 1 when adding the binary fixture.
--- a/.core/reference/cli.go
+++ b/.core/reference/cli.go
@ -103,7 +103,18 @@ func (cl *Cli) Run(args ...string) Result {
 				opts.Set(key, true)
 			}
 		} else if !IsFlag(arg) {
-			opts.Set("_arg", arg)
+			if !opts.Has("_arg") {
+				opts.Set("_arg", arg)
+			}
+			argsResult := opts.Get("_args")
+			args := []string{}
+			if argsResult.OK {
+				if existing, ok := argsResult.Value.([]string); ok {
+					args = append(args, existing...)
+				}
+			}
+			args = append(args, arg)
+			opts.Set("_args", args)
 		}
 	}

--- a/.core/reference/error.go
+++ b/.core/reference/error.go
@ -375,6 +375,11 @@ func (h *ErrorPanic) appendReport(report CrashReport) {
 	var reports []CrashReport
 	if data, err := os.ReadFile(h.filePath); err == nil {
 		if err := json.Unmarshal(data, &reports); err != nil {
+			Default().Error(Concat("crash report file corrupted path=", h.filePath, " err=", err.Error(), " raw=", string(data)))
+			backupPath := Concat(h.filePath, ".corrupt")
+			if backupErr := os.WriteFile(backupPath, data, 0600); backupErr != nil {
+				Default().Error(Concat("crash report backup failed path=", h.filePath, " err=", backupErr.Error()))
+			}
 			reports = nil
 		}
 	}
--- a/.core/reference/fs.go
+++ b/.core/reference/fs.go
@ -177,10 +177,20 @@ func (m *Fs) WriteMode(p, content string, mode os.FileMode) Result {
 //	dir := fs.TempDir("agent-workspace")
 //	defer fs.DeleteAll(dir)
 func (m *Fs) TempDir(prefix string) string {
-	dir, err := os.MkdirTemp("", prefix)
+	root := m.root
+	if root == "" || root == "/" {
+		root = os.TempDir()
+	} else if err := os.MkdirAll(root, 0755); err != nil {
+		return ""
+	}
+	dir, err := os.MkdirTemp(root, prefix)
 	if err != nil {
 		return ""
 	}
+	if vp := m.validatePath(dir); !vp.OK {
+		os.RemoveAll(dir)
+		return ""
+	}
 	return dir
 }

@ -358,15 +368,30 @@ func WriteAll(writer any, content string) Result {
 		return Result{E("core.WriteAll", "not a writer", nil), false}
 	}
 	_, err := wc.Write([]byte(content))
+	var closeErr error
 	if closer, ok := writer.(io.Closer); ok {
-		closer.Close()
+		closeErr = closer.Close()
 	}
 	if err != nil {
 		return Result{err, false}
 	}
+	if closeErr != nil {
+		return Result{closeErr, false}
+	}
 	return Result{OK: true}
 }

+func (m *Fs) isProtectedPath(full string) bool {
+	if full == "/" {
+		return true
+	}
+	home, err := os.UserHomeDir()
+	if err != nil || home == "" {
+		return false
+	}
+	return full == home
+}
+
 // CloseStream closes any value that implements io.Closer.
 //
 //	core.CloseStream(r.Value)
@ -383,7 +408,7 @@ func (m *Fs) Delete(p string) Result {
 		return vp
 	}
 	full := vp.Value.(string)
-	if full == "/" || full == os.Getenv("HOME") {
+	if m.isProtectedPath(full) {
 		return Result{E("fs.Delete", Concat("refusing to delete protected path: ", full), nil), false}
 	}
 	if err := os.Remove(full); err != nil {
@ -399,7 +424,7 @@ func (m *Fs) DeleteAll(p string) Result {
 		return vp
 	}
 	full := vp.Value.(string)
-	if full == "/" || full == os.Getenv("HOME") {
+	if m.isProtectedPath(full) {
 		return Result{E("fs.DeleteAll", Concat("refusing to delete protected path: ", full), nil), false}
 	}
 	if err := os.RemoveAll(full); err != nil {
--- a/.core/reference/runtime.go
+++ b/.core/reference/runtime.go
@ -153,8 +153,12 @@ func (r *Runtime) ServiceName() string { return "Core" }

 // ServiceStartup starts all services via the embedded Core.
 func (r *Runtime) ServiceStartup(ctx context.Context, options any) Result {
+	if r == nil || r.Core == nil {
+		return Result{OK: true}
+	}
 	return r.Core.ServiceStartup(ctx, options)
 }
+
 // ServiceShutdown stops all services via the embedded Core.
 func (r *Runtime) ServiceShutdown(ctx context.Context) Result {
 	if r.Core != nil {
--- a/pkg/lib/workspace/default/.core/reference/cli.go
+++ b/pkg/lib/workspace/default/.core/reference/cli.go
@ -103,7 +103,18 @@ func (cl *Cli) Run(args ...string) Result {
 				opts.Set(key, true)
 			}
 		} else if !IsFlag(arg) {
-			opts.Set("_arg", arg)
+			if !opts.Has("_arg") {
+				opts.Set("_arg", arg)
+			}
+			argsResult := opts.Get("_args")
+			args := []string{}
+			if argsResult.OK {
+				if existing, ok := argsResult.Value.([]string); ok {
+					args = append(args, existing...)
+				}
+			}
+			args = append(args, arg)
+			opts.Set("_args", args)
 		}
 	}

--- a/pkg/lib/workspace/default/.core/reference/error.go
+++ b/pkg/lib/workspace/default/.core/reference/error.go
@ -396,6 +396,11 @@ func (h *ErrorPanic) appendReport(report CrashReport) {
 	var reports []CrashReport
 	if data, err := os.ReadFile(h.filePath); err == nil {
 		if err := json.Unmarshal(data, &reports); err != nil {
+			Default().Error(Concat("crash report file corrupted path=", h.filePath, " err=", err.Error(), " raw=", string(data)))
+			backupPath := Concat(h.filePath, ".corrupt")
+			if backupErr := os.WriteFile(backupPath, data, 0600); backupErr != nil {
+				Default().Error(Concat("crash report backup failed path=", h.filePath, " err=", backupErr.Error()))
+			}
 			reports = nil
 		}
 	}
--- a/pkg/lib/workspace/default/.core/reference/fs.go
+++ b/pkg/lib/workspace/default/.core/reference/fs.go
@ -177,10 +177,20 @@ func (m *Fs) WriteMode(p, content string, mode os.FileMode) Result {
 //	dir := fs.TempDir("agent-workspace")
 //	defer fs.DeleteAll(dir)
 func (m *Fs) TempDir(prefix string) string {
-	dir, err := os.MkdirTemp("", prefix)
+	root := m.root
+	if root == "" || root == "/" {
+		root = os.TempDir()
+	} else if err := os.MkdirAll(root, 0755); err != nil {
+		return ""
+	}
+	dir, err := os.MkdirTemp(root, prefix)
 	if err != nil {
 		return ""
 	}
+	if vp := m.validatePath(dir); !vp.OK {
+		os.RemoveAll(dir)
+		return ""
+	}
 	return dir
 }

@ -358,15 +368,30 @@ func WriteAll(writer any, content string) Result {
 		return Result{E("core.WriteAll", "not a writer", nil), false}
 	}
 	_, err := wc.Write([]byte(content))
+	var closeErr error
 	if closer, ok := writer.(io.Closer); ok {
-		closer.Close()
+		closeErr = closer.Close()
 	}
 	if err != nil {
 		return Result{err, false}
 	}
+	if closeErr != nil {
+		return Result{closeErr, false}
+	}
 	return Result{OK: true}
 }

+func (m *Fs) isProtectedPath(full string) bool {
+	if full == "/" {
+		return true
+	}
+	home, err := os.UserHomeDir()
+	if err != nil || home == "" {
+		return false
+	}
+	return full == home
+}
+
 // CloseStream closes any value that implements io.Closer.
 //
 //	core.CloseStream(r.Value)
@ -383,7 +408,7 @@ func (m *Fs) Delete(p string) Result {
 		return vp
 	}
 	full := vp.Value.(string)
-	if full == "/" || full == os.Getenv("HOME") {
+	if m.isProtectedPath(full) {
 		return Result{E("fs.Delete", Concat("refusing to delete protected path: ", full), nil), false}
 	}
 	if err := os.Remove(full); err != nil {
@ -399,7 +424,7 @@ func (m *Fs) DeleteAll(p string) Result {
 		return vp
 	}
 	full := vp.Value.(string)
-	if full == "/" || full == os.Getenv("HOME") {
+	if m.isProtectedPath(full) {
 		return Result{E("fs.DeleteAll", Concat("refusing to delete protected path: ", full), nil), false}
 	}
 	if err := os.RemoveAll(full); err != nil {
--- a/pkg/lib/workspace/default/.core/reference/runtime.go
+++ b/pkg/lib/workspace/default/.core/reference/runtime.go
@ -167,6 +167,9 @@ func (r *Runtime) ServiceName() string { return "Core" }
 //
 //	runtime.ServiceStartup(context.Background(), nil)
 func (r *Runtime) ServiceStartup(ctx context.Context, options any) Result {
+	if r == nil || r.Core == nil {
+		return Result{OK: true}
+	}
 	return r.Core.ServiceStartup(ctx, options)
 }

--- a/tests/cli/extract/.core/workspace/test-extract/.core/reference/cli.go
+++ b/tests/cli/extract/.core/workspace/test-extract/.core/reference/cli.go
@ -103,7 +103,18 @@ func (cl *Cli) Run(args ...string) Result {
 				opts.Set(key, true)
 			}
 		} else if !IsFlag(arg) {
-			opts.Set("_arg", arg)
+			if !opts.Has("_arg") {
+				opts.Set("_arg", arg)
+			}
+			argsResult := opts.Get("_args")
+			args := []string{}
+			if argsResult.OK {
+				if existing, ok := argsResult.Value.([]string); ok {
+					args = append(args, existing...)
+				}
+			}
+			args = append(args, arg)
+			opts.Set("_args", args)
 		}
 	}

--- a/tests/cli/extract/.core/workspace/test-extract/.core/reference/error.go
+++ b/tests/cli/extract/.core/workspace/test-extract/.core/reference/error.go
@ -396,6 +396,11 @@ func (h *ErrorPanic) appendReport(report CrashReport) {
 	var reports []CrashReport
 	if data, err := os.ReadFile(h.filePath); err == nil {
 		if err := json.Unmarshal(data, &reports); err != nil {
+			Default().Error(Concat("crash report file corrupted path=", h.filePath, " err=", err.Error(), " raw=", string(data)))
+			backupPath := Concat(h.filePath, ".corrupt")
+			if backupErr := os.WriteFile(backupPath, data, 0600); backupErr != nil {
+				Default().Error(Concat("crash report backup failed path=", h.filePath, " err=", backupErr.Error()))
+			}
 			reports = nil
 		}
 	}
--- a/tests/cli/extract/.core/workspace/test-extract/.core/reference/fs.go
+++ b/tests/cli/extract/.core/workspace/test-extract/.core/reference/fs.go
@ -177,10 +177,20 @@ func (m *Fs) WriteMode(p, content string, mode os.FileMode) Result {
 //	dir := fs.TempDir("agent-workspace")
 //	defer fs.DeleteAll(dir)
 func (m *Fs) TempDir(prefix string) string {
-	dir, err := os.MkdirTemp("", prefix)
+	root := m.root
+	if root == "" || root == "/" {
+		root = os.TempDir()
+	} else if err := os.MkdirAll(root, 0755); err != nil {
+		return ""
+	}
+	dir, err := os.MkdirTemp(root, prefix)
 	if err != nil {
 		return ""
 	}
+	if vp := m.validatePath(dir); !vp.OK {
+		os.RemoveAll(dir)
+		return ""
+	}
 	return dir
 }

@ -358,15 +368,30 @@ func WriteAll(writer any, content string) Result {
 		return Result{E("core.WriteAll", "not a writer", nil), false}
 	}
 	_, err := wc.Write([]byte(content))
+	var closeErr error
 	if closer, ok := writer.(io.Closer); ok {
-		closer.Close()
+		closeErr = closer.Close()
 	}
 	if err != nil {
 		return Result{err, false}
 	}
+	if closeErr != nil {
+		return Result{closeErr, false}
+	}
 	return Result{OK: true}
 }

+func (m *Fs) isProtectedPath(full string) bool {
+	if full == "/" {
+		return true
+	}
+	home, err := os.UserHomeDir()
+	if err != nil || home == "" {
+		return false
+	}
+	return full == home
+}
+
 // CloseStream closes any value that implements io.Closer.
 //
 //	core.CloseStream(r.Value)
@ -383,7 +408,7 @@ func (m *Fs) Delete(p string) Result {
 		return vp
 	}
 	full := vp.Value.(string)
-	if full == "/" || full == os.Getenv("HOME") {
+	if m.isProtectedPath(full) {
 		return Result{E("fs.Delete", Concat("refusing to delete protected path: ", full), nil), false}
 	}
 	if err := os.Remove(full); err != nil {
@ -399,7 +424,7 @@ func (m *Fs) DeleteAll(p string) Result {
 		return vp
 	}
 	full := vp.Value.(string)
-	if full == "/" || full == os.Getenv("HOME") {
+	if m.isProtectedPath(full) {
 		return Result{E("fs.DeleteAll", Concat("refusing to delete protected path: ", full), nil), false}
 	}
 	if err := os.RemoveAll(full); err != nil {
--- a/tests/cli/extract/.core/workspace/test-extract/.core/reference/runtime.go
+++ b/tests/cli/extract/.core/workspace/test-extract/.core/reference/runtime.go
@ -167,6 +167,9 @@ func (r *Runtime) ServiceName() string { return "Core" }
 //
 //	runtime.ServiceStartup(context.Background(), nil)
 func (r *Runtime) ServiceStartup(ctx context.Context, options any) Result {
+	if r == nil || r.Core == nil {
+		return Result{OK: true}
+	}
 	return r.Core.ServiceStartup(ctx, options)
 }
				`@ -0,0 +1 @@`
				- @test pkg/monitor/harvest_test.go:49 — `go test ./...` currently fails in `TestHarvest_*` because the git commit setup command exits with code 1 when adding the binary fixture.