From 7bcadeca395ff41d5aa5ae3c438c1024f875c133 Mon Sep 17 00:00:00 2001
From: Om Patel <ompatel@google.com>
Date: Mon, 18 May 2026 16:22:39 -0400
Subject: [PATCH] feat(core): add defense-in-depth workspace validation for
 directory expansion

Re-validate every file found during directory expansion to prevent traversal
via symlinks or other methods during recursion.

Related to #1489
---
 packages/core/src/utils/pathReader.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/core/src/utils/pathReader.ts b/packages/core/src/utils/pathReader.ts
index 54a95e179d..1eab4212b2 100644
--- a/packages/core/src/utils/pathReader.ts
+++ b/packages/core/src/utils/pathReader.ts
@@ -87,6 +87,11 @@ export async function readPathFromWorkspace(
     );
 
     for (const filePath of finalFiles) {
+      // Defense in depth: validate each file found within the directory.
+      if (!workspace.isPathWithinWorkspace(filePath)) {
+        continue;
+      }
+
       const relativePathForDisplay = path.relative(absolutePath, filePath);
       allParts.push({ text: `--- ${relativePathForDisplay} ---\n` });
       const result = await processSingleFileContent(