RooCodeInc · roomote · Aug 2, 2025
@@ -41,6 +41,12 @@ export class RooProtectedController {
 			const absolutePath = path.resolve(this.cwd, filePath)
 			const relativePath = path.relative(this.cwd, absolutePath).toPosix()
 
+			// Check if the path goes outside the cwd (starts with ..)
+			if (relativePath.startsWith("..")) {
+				// Paths outside the cwd are not protected
+				return false
+			}
+
 			// Use ignore library to check if file matches any protected pattern
 			return this.ignoreInstance.ignores(relativePath)
 		} catch (error) {

@@ -80,6 +80,19 @@ describe("RooProtectedController", () => {
 			expect(controller.isWriteProtected(".roo\\config.json")).toBe(true)
 			expect(controller.isWriteProtected(".roo/config.json")).toBe(true)
 		})
+
+		it("should handle paths outside the cwd gracefully", () => {
+			// Paths that go outside the cwd should not be protected
+			expect(controller.isWriteProtected("../../.roo/rules")).toBe(false)
+			expect(controller.isWriteProtected("../../../.rooignore")).toBe(false)
+			expect(controller.isWriteProtected("../.roo/config.json")).toBe(false)
+		})
+
+		it("should not throw error for paths outside cwd", () => {
+			// This should not throw an error
+			expect(() => controller.isWriteProtected("../../.roo/rules")).not.toThrow()
+			expect(() => controller.isWriteProtected("../outside/path/.rooignore")).not.toThrow()
+		})
 	})
 
 	describe("getProtectedFiles", () => {