fix: add safeguards against deletes (#221)

k11kirky · web-flow · commit 54be0a8262c0 · 2025-12-08T15:52:47.000-08:00
diff --git a/apps/array/package.json b/apps/array/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@posthog/array",
-  "version": "0.10.0",
+  "version": "0.11.0",
   "description": "Array - PostHog desktop task manager",
   "main": ".vite/build/index.js",
   "versionHash": "dynamic",
diff --git a/apps/array/src/main/services/workspace/workspaceService.ts b/apps/array/src/main/services/workspace/workspaceService.ts
@@ -449,11 +449,43 @@ export class WorkspaceService {
     const repoName = path.basename(folderPath);
     const repoWorktreeFolderPath = path.join(worktreeBasePath, repoName);
 
+    // Safety check 1: Never delete the project folder itself
+    if (path.resolve(repoWorktreeFolderPath) === path.resolve(folderPath)) {
+      log.warn(
+        `Skipping cleanup of worktree folder: path matches project folder (${folderPath})`,
+      );
+      return;
+    }
+
     if (!fs.existsSync(repoWorktreeFolderPath)) {
       return;
     }
 
+    // Safety check 2: Check if any other registered folder shares the same basename
+    const allFolders = foldersStore.get("folders", []);
+    const otherFoldersWithSameName = allFolders.filter(
+      (f) => f.path !== folderPath && path.basename(f.path) === repoName,
+    );
+
+    if (otherFoldersWithSameName.length > 0) {
+      log.info(
+        `Skipping cleanup of worktree folder ${repoWorktreeFolderPath}: used by other folders: ${otherFoldersWithSameName.map((f) => f.path).join(", ")}`,
+      );
+      return;
+    }
+
     try {
+      // Safety check 3: Only delete if empty (ignoring .DS_Store)
+      const files = fs.readdirSync(repoWorktreeFolderPath);
+      const validFiles = files.filter((f) => f !== ".DS_Store");
+
+      if (validFiles.length > 0) {
+        log.info(
+          `Skipping cleanup of worktree folder ${repoWorktreeFolderPath}: folder not empty (contains: ${validFiles.slice(0, 3).join(", ")}${validFiles.length > 3 ? "..." : ""})`,
+        );
+        return;
+      }
+
       fs.rmSync(repoWorktreeFolderPath, { recursive: true, force: true });
       log.info(`Cleaned up worktree folder at ${repoWorktreeFolderPath}`);
     } catch (error) {
diff --git a/packages/agent/package.json b/packages/agent/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@posthog/agent",
-  "version": "1.27.0",
+  "version": "1.28.0",
   "repository": "https://github.com/PostHog/array",
   "description": "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   "main": "./dist/index.js",
diff --git a/packages/agent/src/worktree-manager.ts b/packages/agent/src/worktree-manager.ts
@@ -686,6 +686,51 @@ export class WorktreeManager {
   }
 
   async deleteWorktree(worktreePath: string): Promise<void> {
+    const resolvedWorktreePath = path.resolve(worktreePath);
+    const resolvedMainRepoPath = path.resolve(this.mainRepoPath);
+
+    // Safety check 1: Never delete the main repo path
+    if (resolvedWorktreePath === resolvedMainRepoPath) {
+      const error = new Error(
+        "Cannot delete worktree: path matches main repo path",
+      );
+      this.logger.error("Safety check failed", { worktreePath, error });
+      throw error;
+    }
+
+    // Safety check 2: Never delete a parent of the main repo path
+    if (
+      resolvedMainRepoPath.startsWith(resolvedWorktreePath) &&
+      resolvedMainRepoPath !== resolvedWorktreePath
+    ) {
+      const error = new Error(
+        "Cannot delete worktree: path is a parent of main repo path",
+      );
+      this.logger.error("Safety check failed", { worktreePath, error });
+      throw error;
+    }
+
+    // Safety check 3: Check for .git directory (indicates main repo)
+    try {
+      const gitPath = path.join(resolvedWorktreePath, ".git");
+      const stat = await fs.stat(gitPath);
+      if (stat.isDirectory()) {
+        const error = new Error(
+          "Cannot delete worktree: path appears to be a main repository (contains .git directory)",
+        );
+        this.logger.error("Safety check failed", { worktreePath, error });
+        throw error;
+      }
+    } catch (error) {
+      // If .git doesn't exist or we can't read it, proceed (unless it was the directory check above)
+      if (
+        error instanceof Error &&
+        error.message.includes("Cannot delete worktree")
+      ) {
+        throw error;
+      }
+    }
+
     this.logger.info("Deleting worktree", { worktreePath });
 
     try {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@posthog/array",`
`3`		`- "version": "0.10.0",`
	`3`	`+ "version": "0.11.0",`
`4`	`4`	`"description": "Array - PostHog desktop task manager",`
`5`	`5`	`"main": ".vite/build/index.js",`
`6`	`6`	`"versionHash": "dynamic",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@posthog/agent",`
`3`		`- "version": "1.27.0",`
	`3`	`+ "version": "1.28.0",`
`4`	`4`	`"repository": "https://github.com/PostHog/array",`
`5`	`5`	`"description": "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",`
`6`	`6`	`"main": "./dist/index.js",`