fix(security): bind system.run approvals to argv identity

2026-05-13 00:02:55 +00:00 · 2026-02-26 03:40:42 +01:00
parent baf656bc6f
commit 03e689fc89
12 changed files with 102 additions and 9 deletions
--- a/src/infra/system-run-command.ts
+++ b/src/infra/system-run-command.ts
@@ -35,15 +35,14 @@ export type ResolvedSystemRunCommand =
 export function formatExecCommand(argv: string[]): string {
  return argv
    .map((arg) => {
-      const trimmed = arg.trim();
-      if (!trimmed) {
+      if (arg.length === 0) {
        return '""';
      }
-      const needsQuotes = /\s|"/.test(trimmed);
+      const needsQuotes = /\s|"/.test(arg);
      if (!needsQuotes) {
-        return trimmed;
+        return arg;
      }
-      return `"${trimmed.replace(/"/g, '\\"')}"`;
+      return `"${arg.replace(/"/g, '\\"')}"`;
    })
    .join(" ");
 }