Merge branch 'develop' into feature/implicit-conflict-detection

Author: adryserage

apps/frontend/src/main/claude-profile/profile-utils.ts

@@ -56,15 +56,32 @@ export async function createProfileDirectory(profileName: string): Promise<strin
 
 /**
  * Check if a profile has valid authentication
- * (checks if the config directory has credential files)
+ * (checks if the config directory has credential files or OAuth account info)
  */
 export function isProfileAuthenticated(profile: ClaudeProfile): boolean {
   const configDir = profile.configDir;
   if (!configDir || !existsSync(configDir)) {
     return false;
   }
 
-  // Claude stores auth in .claude/credentials or similar files
+  // Check for .claude.json with OAuth account info (modern Claude Code CLI)
+  // This is how Claude Code CLI stores OAuth authentication since v1.0
+  const claudeJsonPath = join(configDir, '.claude.json');
+  if (existsSync(claudeJsonPath)) {
+    try {
+      const content = readFileSync(claudeJsonPath, 'utf-8');
+      const data = JSON.parse(content);
+      // Check for oauthAccount which indicates successful OAuth authentication
+      if (data && typeof data === 'object' && (data.oauthAccount?.accountUuid || data.oauthAccount?.emailAddress)) {
+        return true;
+      }
+    } catch (error) {
+      // Log parse errors for debugging, but fall through to legacy checks
+      console.warn(`[profile-utils] Failed to read or parse ${claudeJsonPath}:`, error);
+    }
+  }
+
+  // Legacy: Claude stores auth in .claude/credentials or similar files
   // Check for common auth indicators
   const possibleAuthFiles = [
     join(configDir, 'credentials'),

apps/frontend/src/main/ipc-handlers/mcp-handlers.ts

@@ -28,6 +28,12 @@ const DANGEROUS_FLAGS = new Set([
   '--require', '-r'
 ]);
 
+/**
+ * Defense-in-depth: Shell metacharacters that could enable command injection
+ * when shell: true is used on Windows
+ */
+const SHELL_METACHARACTERS = ['&', '|', '>', '<', '^', '%', ';', '$', '`', '\n', '\r'];
+
 /**
  * Validate that a command is in the safe allowlist
  */
@@ -39,11 +45,22 @@ function isCommandSafe(command: string | undefined): boolean {
 }
 
 /**
- * Validate that args don't contain dangerous interpreter flags
+ * Validate that args don't contain dangerous interpreter flags or shell metacharacters
  */
 function areArgsSafe(args: string[] | undefined): boolean {
   if (!args || args.length === 0) return true;
-  return !args.some(arg => DANGEROUS_FLAGS.has(arg));
+
+  // Check for dangerous interpreter flags
+  if (args.some(arg => DANGEROUS_FLAGS.has(arg))) return false;
+
+  // On Windows with shell: true, check for shell metacharacters that could enable injection
+  if (process.platform === 'win32') {
+    if (args.some(arg => SHELL_METACHARACTERS.some(char => arg.includes(char)))) {
+      return false;
+    }
+  }
+
+  return true;
 }
 
 /**
@@ -171,7 +188,7 @@ async function checkCommandHealth(server: CustomMcpServer, startTime: number): P
       return resolve({
         serverId: server.id,
         status: 'unhealthy',
-        message: 'Args contain dangerous interpreter flags',
+        message: 'Args contain dangerous flags or shell metacharacters',
         checkedAt: new Date().toISOString(),
       });
     }
@@ -394,14 +411,17 @@ async function testCommandConnection(server: CustomMcpServer, startTime: number)
       return resolve({
         serverId: server.id,
         success: false,
-        message: 'Args contain dangerous interpreter flags',
+        message: 'Args contain dangerous flags or shell metacharacters',
       });
     }
 
     const args = server.args || [];
+
+    // On Windows, use shell: true to properly handle .cmd/.bat scripts like npx
     const proc = spawn(server.command!, args, {
       stdio: ['pipe', 'pipe', 'pipe'],
       timeout: 15000, // OS-level timeout for reliable process termination
+      shell: process.platform === 'win32', // Required for Windows to run npx.cmd
     });
 
     let stdout = '';