Copy uploads into worktree on first message

[mcintyre94]

Summary

• When a file is uploaded before the first message in a chat, it lands in the original working directory (e.g. /home/sprite/project/file.txt)
• On first message send, a git worktree is created from main — which doesn't include the uncommitted upload
• This PR copies any pre-send attachments into the worktree after it's created, then rebuilds the prompt with the new paths so Claude sees files that are actually inside the worktree's git context

How it works

In sendMessage(), the raw text and attachments are captured before being cleared. After setupWorktree() succeeds, a new copyAttachmentsToWorktree() helper:

1. Constructs the equivalent path for each attachment inside the worktree
2. Batches cp commands into a single exec call on the sprite
3. Returns updated AttachedFile values with the new paths

The prompt sent to Claude is then rebuilt with the worktree paths. The display message stored in messages keeps the original paths (already appended before the task runs) — this is a minor cosmetic inconsistency but doesn't affect functionality since absolute paths remain valid.

If the copy fails, Claude falls back to the original absolute paths, which are still readable.

Test plan

• Upload a file, send first message to a git-repo sprite → verify file appears in the worktree directory and Claude can git add it
• Upload a file, send first message to a non-git sprite (no worktree) → verify original flow unchanged
• Upload a sprite-browsed file from outside the working directory → verify it's left at its original path (skip condition: attachment.path != newPath)

🤖 Generated with Claude Code

[claude]

Security: Command injection via unsanitized file paths

File paths are interpolated directly into a shell command using single quotes with no escaping:

wisp/Wisp/ViewModels/ChatViewModel.swift

Lines 1398 to 1400 in b10c5dd

	if attachment.path != newPath {
	copyCommands.append("cp '\(attachment.path)' '\(newPath)' 2>/dev/null && echo ok || echo skip")
	updated.append(AttachedFile(name: attachment.name, path: newPath))

Single quotes in POSIX shell have no escape sequence — a filename containing a single-quote character (e.g. a file named with an apostrophe) breaks out of the quoting and allows arbitrary command execution on the Sprite. Since attachment.path comes from user-uploaded filenames, this is a shell injection vulnerability.

To fix, escape single quotes in each path before interpolation. The standard POSIX idiom is to end the single-quoted string, insert an escaped literal quote, then reopen: replace each single-quote with the four-character sequence: close-single-quote, backslash, single-quote, open-single-quote.

Then build the command with cp shellEscape(attachment.path) shellEscape(newPath).

[claude]

Bug: Copy result is discarded so failed copies still return the new (non-existent) path

The updated array is populated with new worktree paths in the loop — before any copies run. The runExec result is then discarded:

wisp/Wisp/ViewModels/ChatViewModel.swift

Lines 1406 to 1411 in b10c5dd

	if !copyCommands.isEmpty {
	let command = copyCommands.joined(separator: "; ")
	_ = await apiClient.runExec(spriteName: spriteName, command: command, timeout: 30)
	}
	return updated

The doc comment promises "Files that fail to copy are left with their original paths", but this is not what happens. When a cp fails (and emits skip), the corresponding entry in updated already points to the new worktree path — a file that does not exist. Claude will then receive a prompt referencing a non-existent path.

To fix, either:

1. Parse the per-file ok/skip output from runExec and revert to the original path for any skip entries, or
2. Build a mapping of old to new paths, run the copies, then construct updated based on which copies succeeded.

[claude]

CLAUDE.md: Missing unit tests for new view model logic

The PR adds a new method copyAttachmentsToWorktree and modifies the sendMessage / streamTask flow in ChatViewModel (a view model), but includes no new tests.

CLAUDE.md requires:
"Add new unit tests when adding or modifying logic (models, parsers, utilities, view models)"

The new path-construction logic, the attachment.path != newPath guard, and the command-batching behaviour are all testable in isolation (e.g. by verifying the returned [AttachedFile] paths). Existing test files like ChatViewModelTests.swift already cover ChatViewModel, so there is a natural home for these tests.