From 1267d6f370900498176d4c9ad539f5182cb0ed44 Mon Sep 17 00:00:00 2001
From: Roo Code <roomote@roocode.com>
Date: Sat, 2 Aug 2025 04:55:10 +0000
Subject: [PATCH] fix: handle paths outside cwd in RooProtectedController to
 prevent RangeError

- Add check for paths starting with ".." before calling ignore library
- Return false (not protected) for paths outside the cwd
- Add test cases to verify paths outside cwd are handled gracefully
- Fixes #6583
---
 src/core/protect/RooProtectedController.ts          |  6 ++++++
 .../__tests__/RooProtectedController.spec.ts        | 13 +++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/src/core/protect/RooProtectedController.ts b/src/core/protect/RooProtectedController.ts
index e6d57b22b5..38f41e096d 100644
--- a/src/core/protect/RooProtectedController.ts
+++ b/src/core/protect/RooProtectedController.ts
@@ -41,6 +41,12 @@ export class RooProtectedController {
 			const absolutePath = path.resolve(this.cwd, filePath)
 			const relativePath = path.relative(this.cwd, absolutePath).toPosix()
 
+			// Check if the path goes outside the cwd (starts with ..)
+			if (relativePath.startsWith("..")) {
+				// Paths outside the cwd are not protected
+				return false
+			}
+
 			// Use ignore library to check if file matches any protected pattern
 			return this.ignoreInstance.ignores(relativePath)
 		} catch (error) {
diff --git a/src/core/protect/__tests__/RooProtectedController.spec.ts b/src/core/protect/__tests__/RooProtectedController.spec.ts
index 0ee6135e81..e1fc593fb6 100644
--- a/src/core/protect/__tests__/RooProtectedController.spec.ts
+++ b/src/core/protect/__tests__/RooProtectedController.spec.ts
@@ -80,6 +80,19 @@ describe("RooProtectedController", () => {
 			expect(controller.isWriteProtected(".roo\\config.json")).toBe(true)
 			expect(controller.isWriteProtected(".roo/config.json")).toBe(true)
 		})
+
+		it("should handle paths outside the cwd gracefully", () => {
+			// Paths that go outside the cwd should not be protected
+			expect(controller.isWriteProtected("../../.roo/rules")).toBe(false)
+			expect(controller.isWriteProtected("../../../.rooignore")).toBe(false)
+			expect(controller.isWriteProtected("../.roo/config.json")).toBe(false)
+		})
+
+		it("should not throw error for paths outside cwd", () => {
+			// This should not throw an error
+			expect(() => controller.isWriteProtected("../../.roo/rules")).not.toThrow()
+			expect(() => controller.isWriteProtected("../outside/path/.rooignore")).not.toThrow()
+		})
 	})
 
 	describe("getProtectedFiles", () => {