From 2df028457a83485b5a7006b538f2a573ac8083b9 Mon Sep 17 00:00:00 2001 From: Jinwoo-H Date: Sun, 19 Apr 2026 18:05:20 -0400 Subject: [PATCH] fix: improve assertManagedHomePath error for cross-environment accounts In dev mode, userData points to orca-dev/ while the packaged app uses orca/. Accounts created by the packaged app have production paths baked into settings. When a dev instance iterates these accounts during config sync, realpathSync throws ENOENT (production path doesn't exist under orca-dev/) producing a confusing "escaped Orca account storage" error. Add a prefix check before realpathSync and an existence check so the error message clearly explains the mismatch instead of implying a security violation. --- src/main/codex-accounts/service.ts | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/main/codex-accounts/service.ts b/src/main/codex-accounts/service.ts index 16e798bf..67d42642 100644 --- a/src/main/codex-accounts/service.ts +++ b/src/main/codex-accounts/service.ts @@ -245,6 +245,20 @@ export class CodexAccountService { const resolvedCandidate = resolve(candidatePath) const resolvedRoot = resolve(rootPath) + // Why: in dev mode, userData points to orca-dev/ while production uses + // orca/. Accounts created by the packaged app store production paths in + // settings. A quick prefix check before realpathSync avoids noisy errors + // when dev instances encounter production-rooted managed home paths. + if (!resolvedCandidate.startsWith(resolvedRoot + sep)) { + throw new Error( + `Managed Codex home is outside current storage root (expected under ${resolvedRoot}).` + ) + } + + if (!existsSync(resolvedCandidate)) { + throw new Error('Managed Codex home directory does not exist on disk.') + } + // realpath() requires the leaf to exist. For pre-login add flow we create // the home directory first so the containment check still verifies the // canonical on-disk target rather than trusting persisted text blindly.