fix(dev): harden scaffold writes and accept case-insensitive --type

PascalThuet · claude · PascalThuet · commit dfde97065de9 · 2026-06-08T17:34:18.000+02:00
- Guard scaffold_integration() against symlinked target directories: walk
  each path component under the repo root and refuse symlinked dirs, then
  confirm the write destination resolves inside the repo (mirrors the
  manifest directory guard). Prevents scaffolding outside the repo when a
  contributor's integrations/tests path is symlinked.
- Make the `--type` click.Choice case-insensitive so `--type YAML` is
  accepted, matching scaffold_integration()'s strip()/lower() normalization
  instead of rejecting at the CLI layer.

Co-Authored-By: Claude Opus 4.8 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/specify_cli/__init__.py b/src/specify_cli/__init__.py
@@ -595,7 +595,7 @@ def dev_integration_scaffold(
     integration_type: str = typer.Option(
         "markdown",
         "--type",
-        click_type=click.Choice(INTEGRATION_SCAFFOLD_TYPES),
+        click_type=click.Choice(INTEGRATION_SCAFFOLD_TYPES, case_sensitive=False),
         help=f"Scaffold type: {', '.join(INTEGRATION_SCAFFOLD_TYPES)}",
     ),
 ):
diff --git a/src/specify_cli/integration_scaffold.py b/src/specify_cli/integration_scaffold.py
@@ -175,6 +175,37 @@ def _is_spec_kit_repo_root(project_root: Path) -> bool:
     )
 
 
+def _assert_safe_scaffold_target(project_root: Path, target: Path) -> None:
+    """Refuse to scaffold through a symlinked path that could escape the repo.
+
+    Walks each component of *target* under *project_root* and rejects any
+    existing symlinked directory (or symlinked target), then confirms the
+    write destination still resolves inside the repository root. Mirrors the
+    symlink-aware guarding used for integration manifests.
+    """
+    try:
+        rel = target.relative_to(project_root)
+    except ValueError:
+        raise ValueError(
+            f"Refusing to scaffold outside the repository root: {target}"
+        ) from None
+
+    current = project_root
+    for part in rel.parts:
+        current = current / part
+        if current.is_symlink():
+            label = current.relative_to(project_root).as_posix()
+            raise ValueError(f"Refusing to scaffold through symlinked path: {label}")
+
+    root_resolved = project_root.resolve()
+    try:
+        target.parent.resolve().relative_to(root_resolved)
+    except (OSError, ValueError):
+        raise ValueError(
+            f"Refusing to scaffold outside the repository root: {target}"
+        ) from None
+
+
 def scaffold_integration(
     project_root: Path,
     key: str,
@@ -200,6 +231,9 @@ def scaffold_integration(
     integration_file = integration_dir / "__init__.py"
     test_file = tests_root / f"test_integration_{package_name}.py"
 
+    for target in (integration_file, test_file):
+        _assert_safe_scaffold_target(project_root, target)
+
     existing = [path for path in (integration_file, test_file) if path.exists()]
     if existing:
         labels = ", ".join(path.relative_to(project_root).as_posix() for path in existing)
diff --git a/tests/integrations/test_integration_scaffold.py b/tests/integrations/test_integration_scaffold.py
@@ -135,3 +135,40 @@ def test_scaffold_requires_integration_registry_file(tmp_path):
 
     with pytest.raises(ValueError, match="Spec Kit repository root"):
         scaffold_integration(root, "my-agent", "markdown")
+
+
+def test_scaffold_refuses_symlinked_target_directory(tmp_path):
+    root = _repo_root(tmp_path)
+    # `outside` carries its own __init__.py so the repo-root heuristic still
+    # passes through the symlink, isolating the symlink guard under test.
+    outside = tmp_path / "outside"
+    outside.mkdir()
+    (outside / "__init__.py").write_text("", encoding="utf-8")
+    integrations = root / "src" / "specify_cli" / "integrations"
+    (integrations / "__init__.py").unlink()
+    integrations.rmdir()
+    try:
+        integrations.symlink_to(outside, target_is_directory=True)
+    except OSError as exc:
+        pytest.skip(f"symlinks unavailable: {exc}")
+
+    with pytest.raises(ValueError, match="symlinked path"):
+        scaffold_integration(root, "my-agent", "markdown")
+
+    assert not (outside / "my_agent").exists()
+
+
+def test_dev_integration_scaffold_accepts_uppercase_type(tmp_path, monkeypatch):
+    root = _repo_root(tmp_path)
+    monkeypatch.chdir(root)
+
+    result = runner.invoke(app, [
+        "dev", "integration", "scaffold", "my-agent",
+        "--type", "YAML",
+    ], catch_exceptions=False)
+
+    assert result.exit_code == 0, strip_ansi(result.output)
+    content = (
+        root / "src" / "specify_cli" / "integrations" / "my_agent" / "__init__.py"
+    ).read_text(encoding="utf-8")
+    assert "class MyAgentIntegration(YamlIntegration):" in content
