fix: address review feedback from PR #608

edenfunf · edenfunf · commit 4e9c3add97c0 · 2026-04-11T01:22:59.000+08:00
- Fix 1: include .cmd and .bat in Windows APM runtimes dir lookup so llm.cmd (installed by setup-llm.ps1) is found when ~/.apm/runtimes is not in PATH - Fix 2: rebase already picked up rust-v0.118.0 pin from origin/main (#663); resolve the setup-codex conflicts in favour of main - Fix 3: add ensure_path_within() checks in _discover_prompt_file and _resolve_prompt_file (PromptCompiler) to catch symlinks that resolve outside the project directory; also filter unsafe dependency matches from rglob results rather than silently including them - Fix runtime mis-detection: reorder _transform_runtime_command to check copilot before codex, preventing "copilot --model codex ..." from being routed to the codex path; replace substring match in _detect_runtime with Path.stem comparison so hyphenated tool names (run-codex-tool) are not mistakenly identified as a known runtime
diff --git a/src/apm_cli/core/script_runner.py b/src/apm_cli/core/script_runner.py
@@ -12,6 +12,7 @@
 
 from .token_manager import setup_runtime_environment
 from ..output.script_formatters import ScriptExecutionFormatter
+from ..utils.path_security import ensure_path_within, PathTraversalError
 
 
 class ScriptRunner:
@@ -344,38 +345,40 @@ def _transform_runtime_command(
                         return result
 
         # Handle individual runtime patterns without environment variables
+        # Note: copilot is checked before codex so that "copilot --model codex ..."
+        # is not mis-detected as a codex command.
 
-        # Handle "codex [args] file.prompt.md [more_args]" -> "codex exec [args] [more_args]"
-        if re.search(r"codex\s+.*" + re.escape(prompt_file), command):
+        # Handle "copilot [args] file.prompt.md [more_args]" -> "copilot [args] [more_args]"
+        if re.search(r"copilot\s+.*" + re.escape(prompt_file), command):
             match = re.search(
-                r"codex\s+(.*?)(" + re.escape(prompt_file) + r")(.*?)$", command
+                r"copilot\s+(.*?)(" + re.escape(prompt_file) + r")(.*?)$", command
             )
             if match:
                 args_before_file = match.group(1).strip()
                 args_after_file = match.group(3).strip()
 
-                result = "codex exec"
+                result = "copilot"
                 if args_before_file:
-                    result += f" {args_before_file}"
+                    # Remove any existing -p flag since we'll handle it in execution
+                    cleaned_args = args_before_file.replace("-p", "").strip()
+                    if cleaned_args:
+                        result += f" {cleaned_args}"
                 if args_after_file:
                     result += f" {args_after_file}"
                 return result
 
-        # Handle "copilot [args] file.prompt.md [more_args]" -> "copilot [args] [more_args]"
-        elif re.search(r"copilot\s+.*" + re.escape(prompt_file), command):
+        # Handle "codex [args] file.prompt.md [more_args]" -> "codex exec [args] [more_args]"
+        elif re.search(r"codex\s+.*" + re.escape(prompt_file), command):
             match = re.search(
-                r"copilot\s+(.*?)(" + re.escape(prompt_file) + r")(.*?)$", command
+                r"codex\s+(.*?)(" + re.escape(prompt_file) + r")(.*?)$", command
             )
             if match:
                 args_before_file = match.group(1).strip()
                 args_after_file = match.group(3).strip()
 
-                result = "copilot"
+                result = "codex exec"
                 if args_before_file:
-                    # Remove any existing -p flag since we'll handle it in execution
-                    cleaned_args = args_before_file.replace("-p", "").strip()
-                    if cleaned_args:
-                        result += f" {cleaned_args}"
+                    result += f" {args_before_file}"
                 if args_after_file:
                     result += f" {args_after_file}"
                 return result
@@ -413,12 +416,19 @@ def _detect_runtime(self, command: str) -> str:
             Name of the detected runtime (copilot, codex, llm, or unknown)
         """
         command_lower = command.lower().strip()
-        # Check for runtime keywords anywhere in the command, not just at the start
-        if "copilot" in command_lower:
+        if not command_lower:
+            return "unknown"
+        # Match on the binary stem only (e.g. "/path/to/codex.exe arg" -> "codex").
+        # This handles Windows absolute paths being prepended while avoiding false
+        # positives from tools whose names contain a runtime keyword as a component
+        # (e.g. "run-codex-tool" must not be detected as codex).
+        first_arg = command_lower.split()[0]
+        binary_stem = Path(first_arg).stem
+        if binary_stem == "copilot":
             return "copilot"
-        elif "codex" in command_lower:
+        elif binary_stem == "codex":
             return "codex"
-        elif "llm" in command_lower:
+        elif binary_stem == "llm":
             return "llm"
         else:
             return "unknown"
@@ -506,7 +516,12 @@ def _execute_runtime_command(
             exe_name = actual_command_args[0]
             apm_runtimes = Path.home() / ".apm" / "runtimes"
             # Check APM runtimes directory first
-            apm_candidates = [apm_runtimes / exe_name, apm_runtimes / f"{exe_name}.exe"]
+            apm_candidates = [
+                apm_runtimes / exe_name,
+                apm_runtimes / f"{exe_name}.exe",
+                apm_runtimes / f"{exe_name}.cmd",
+                apm_runtimes / f"{exe_name}.bat",
+            ]
             apm_resolved = next((str(c) for c in apm_candidates if c.exists()), None)
             if apm_resolved:
                 actual_command_args[0] = apm_resolved
@@ -558,21 +573,31 @@ def _discover_prompt_file(self, name: str) -> Optional[Path]:
 
         for path in local_search_paths:
             if path.exists():
+                ensure_path_within(path, Path.cwd())
                 return path
 
         # 2. Search in dependencies and detect collisions
         apm_modules = Path("apm_modules")
         if apm_modules.exists():
             # Collect ALL .prompt.md matches to detect collisions
-            matches = list(apm_modules.rglob(search_name))
+            raw_matches = list(apm_modules.rglob(search_name))
 
             # Also search for SKILL.md in directories matching the name
             # e.g., name="architecture-blueprint-generator" -> find */architecture-blueprint-generator/SKILL.md
             for skill_dir in apm_modules.rglob(name):
                 if skill_dir.is_dir():
                     skill_file = skill_dir / "SKILL.md"
                     if skill_file.exists():
-                        matches.append(skill_file)
+                        raw_matches.append(skill_file)
+
+            # Filter out paths that resolve outside the project directory (e.g. malicious symlinks)
+            matches = []
+            for m in raw_matches:
+                try:
+                    ensure_path_within(m, Path.cwd())
+                    matches.append(m)
+                except PathTraversalError:
+                    pass
 
             if len(matches) == 0:
                 return None
@@ -1002,13 +1027,15 @@ def _resolve_prompt_file(self, prompt_file: str) -> Path:
 
         # First check if it exists in current directory (local)
         if prompt_path.exists():
+            ensure_path_within(prompt_path, Path.cwd())
             return prompt_path
 
         # Check in common project directories
         common_dirs = [".github/prompts", ".apm/prompts"]
         for common_dir in common_dirs:
             common_path = Path(common_dir) / prompt_file
             if common_path.exists():
+                ensure_path_within(common_path, Path.cwd())
                 return common_path
 
         # If not found locally, search in dependency modules
@@ -1024,12 +1051,14 @@ def _resolve_prompt_file(self, prompt_file: str) -> Path:
                             # Check in the root of the repository
                             dep_prompt_path = repo_dir / prompt_file
                             if dep_prompt_path.exists():
+                                ensure_path_within(dep_prompt_path, Path.cwd())
                                 return dep_prompt_path
 
                             # Also check in common subdirectories
                             for subdir in ["prompts", ".", "workflows"]:
                                 sub_prompt_path = repo_dir / subdir / prompt_file
                                 if sub_prompt_path.exists():
+                                    ensure_path_within(sub_prompt_path, Path.cwd())
                                     return sub_prompt_path
 
         # If still not found, raise an error with helpful message
diff --git a/tests/unit/test_script_runner.py b/tests/unit/test_script_runner.py
@@ -162,7 +162,8 @@ def test_transform_runtime_command_copilot_with_codex_model_name(self):
     @patch('subprocess.run')
     @patch('apm_cli.core.script_runner.shutil.which', return_value=None)
     @patch('apm_cli.core.script_runner.setup_runtime_environment')
-    def test_execute_runtime_command_with_env_vars(self, mock_setup_env, mock_which, mock_subprocess):
+    @patch('apm_cli.core.script_runner.Path.home', return_value=Path('/nonexistent/home'))
+    def test_execute_runtime_command_with_env_vars(self, mock_home, mock_setup_env, mock_which, mock_subprocess):
         """Test runtime command execution with environment variables."""
         mock_setup_env.return_value = {'EXISTING_VAR': 'value'}
         mock_subprocess.return_value.returncode = 0
@@ -190,7 +191,8 @@ def test_execute_runtime_command_with_env_vars(self, mock_setup_env, mock_which,
     @patch('subprocess.run')
     @patch('apm_cli.core.script_runner.shutil.which', return_value=None)
     @patch('apm_cli.core.script_runner.setup_runtime_environment')
-    def test_execute_runtime_command_multiple_env_vars(self, mock_setup_env, mock_which, mock_subprocess):
+    @patch('apm_cli.core.script_runner.Path.home', return_value=Path('/nonexistent/home'))
+    def test_execute_runtime_command_multiple_env_vars(self, mock_home, mock_setup_env, mock_which, mock_subprocess):
         """Test runtime command execution with multiple environment variables."""
         mock_setup_env.return_value = {}
         mock_subprocess.return_value.returncode = 0
