From c6316272003917fa233c7ab1f00b774a74bf205e Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Fri, 14 Nov 2025 13:18:24 +0100
Subject: [PATCH] Add safety checks to prevent dangerous deletions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added multiple safety validations before executing rm -rf commands:
- Check WORKTREE_PATH is not empty, /, /Users, or $HOME
- Verify we're actually in a git repository (.git exists)

This prevents accidental deletion of critical directories if the script
is run in the wrong location or with unexpected environment variables.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 scripts/conductor-setup.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/scripts/conductor-setup.sh b/scripts/conductor-setup.sh
index b7e8ccb36..effad78fc 100755
--- a/scripts/conductor-setup.sh
+++ b/scripts/conductor-setup.sh
@@ -14,6 +14,18 @@ mkdir -p "$CONDUCTOR_ROOT_PATH/vendor"
 # Get current worktree path
 WORKTREE_PATH=$(pwd)
 
+# Safety check: ensure WORKTREE_PATH is valid and not a dangerous location
+if [ -z "$WORKTREE_PATH" ] || [ "$WORKTREE_PATH" = "/" ] || [ "$WORKTREE_PATH" = "/Users" ] || [ "$WORKTREE_PATH" = "$HOME" ]; then
+    echo "ERROR: Invalid or dangerous WORKTREE_PATH: $WORKTREE_PATH"
+    exit 1
+fi
+
+# Additional safety: ensure we're in a git worktree
+if [ ! -f ".git" ] && [ ! -d ".git" ]; then
+    echo "ERROR: Not in a git repository"
+    exit 1
+fi
+
 # Remove existing directories if they exist and are not symlinks
 [ -d "node_modules" ] && [ ! -L "node_modules" ] && rm -rf "$WORKTREE_PATH/node_modules"
 [ -d "vendor" ] && [ ! -L "vendor" ] && rm -rf "$WORKTREE_PATH/vendor"