fix: improve assertManagedHomePath error for cross-environment accounts (#848)

2026-04-21 14:17:16 +00:00 · 2026-04-19 20:32:04 -04:00 · 2026-04-19 20:32:04 -04:00 · 096c1818f3
commit 096c1818f3
parent 6893923c73
1 changed files with 14 additions and 0 deletions
--- a/src/main/codex-accounts/service.ts
+++ b/src/main/codex-accounts/service.ts
@ -321,6 +321,20 @@ export class CodexAccountService {
    const resolvedCandidate = resolve(candidatePath)
    const resolvedRoot = resolve(rootPath)

+    // Why: in dev mode, userData points to orca-dev/ while production uses
+    // orca/. Accounts created by the packaged app store production paths in
+    // settings. A quick prefix check before realpathSync avoids noisy errors
+    // when dev instances encounter production-rooted managed home paths.
+    if (!resolvedCandidate.startsWith(resolvedRoot + sep)) {
+      throw new Error(
+        `Managed Codex home is outside current storage root (expected under ${resolvedRoot}).`
+      )
+    }
+
+    if (!existsSync(resolvedCandidate)) {
+      throw new Error('Managed Codex home directory does not exist on disk.')
+    }
+
    // realpath() requires the leaf to exist. For pre-login add flow we create
    // the home directory first so the containment check still verifies the
    // canonical on-disk target rather than trusting persisted text blindly.