fix: apply validateLaunchCmd to manifest fallback path in connect.ts (#2455)

la14-1 · louisgv · claude · web-flow · commit 3978ff6d4d45 · 2026-03-10T15:28:00.000-04:00
Security: the manifest-derived fallback path in connect.ts bypassed the validateLaunchCmd() allowlist that guards history-derived commands. A malicious or modified manifest.json cache could inject arbitrary commands executed on the remote VM via SSH. Fixes #2453 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
diff --git a/packages/cli/src/commands/connect.ts b/packages/cli/src/commands/connect.ts
@@ -138,6 +138,7 @@ export async function cmdEnterAgent(
       const sep = acc.trimEnd().endsWith("&") ? " " : "; ";
       return acc + sep + part;
     }, "");
+    validateLaunchCmd(remoteCmd);
   }
 
   const agentName = agentDef?.name || agentKey;

Original file line number	Diff line number	Diff line change
`@@ -138,6 +138,7 @@ export async function cmdEnterAgent(`
`138`	`138`	`const sep = acc.trimEnd().endsWith("&") ? " " : "; ";`
`139`	`139`	`return acc + sep + part;`
`140`	`140`	`}, "");`
	`141`	`+ validateLaunchCmd(remoteCmd);`
`141`	`142`	`}`
`142`	`143`
`143`	`144`	`const agentName = agentDef?.name \|\| agentKey;`