Merge pull request #340 from ndycode/audit/pr4-windows-operator-safety

make Windows shell guards opt-in

Author: ndycode

scripts/codex.js

@@ -197,7 +197,7 @@ const POWERSHELL_PROFILE_MARKER_END = "# <<< codex-multi-auth shell guard <<<";
 
 function shouldInstallWindowsBatchShimGuard() {
 	if (process.platform !== "win32") return false;
-	const override = (process.env.CODEX_MULTI_AUTH_WINDOWS_BATCH_SHIM_GUARD ?? "1").trim();
+	const override = (process.env.CODEX_MULTI_AUTH_WINDOWS_BATCH_SHIM_GUARD ?? "0").trim();
 	return override !== "0";
 }
 
@@ -370,7 +370,7 @@ function ensureWindowsShellShim(filePath, desiredContent, options = {}) {
 
 function shouldInstallPowerShellProfileGuard() {
 	if (process.platform !== "win32") return false;
-	const override = (process.env.CODEX_MULTI_AUTH_PWSH_PROFILE_GUARD ?? "1").trim();
+	const override = (process.env.CODEX_MULTI_AUTH_PWSH_PROFILE_GUARD ?? "0").trim();
 	return override !== "0";
 }
 
@@ -455,7 +455,9 @@ function ensurePowerShellProfileGuard(shimDirectory) {
 }
 
 function ensureWindowsShellShimGuards() {
-	if (!shouldInstallWindowsBatchShimGuard()) return;
+	const shouldInstallBatchGuard = shouldInstallWindowsBatchShimGuard();
+	const shouldInstallProfileGuard = shouldInstallPowerShellProfileGuard();
+	if (!shouldInstallBatchGuard && !shouldInstallProfileGuard) return;
 	const shimDirectory = resolveWindowsShimDirectoryFromPath();
 	if (!shimDirectory) return;
 
@@ -464,23 +466,31 @@ function ensureWindowsShellShimGuards() {
 
 	const overwriteCustomShim =
 		(process.env.CODEX_MULTI_AUTH_OVERWRITE_CUSTOM_BATCH_SHIM ?? "0").trim() === "1";
-	const installedBatch = ensureWindowsShellShim(
-		join(shimDirectory, "codex.bat"),
-		buildWindowsBatchShimContent(),
-		{ overwriteCustomShim },
-	);
-	const installedCmd = ensureWindowsShellShim(
-		join(shimDirectory, "codex.cmd"),
-		buildWindowsCmdShimContent(),
-		{ overwriteCustomShim },
-	);
-	const installedPs1 = ensureWindowsShellShim(
-		join(shimDirectory, "codex.ps1"),
-		buildWindowsPowerShellShimContent(),
-		{ overwriteCustomShim },
-	);
+	const installedBatch = shouldInstallBatchGuard
+		? ensureWindowsShellShim(
+				join(shimDirectory, "codex.bat"),
+				buildWindowsBatchShimContent(),
+				{ overwriteCustomShim },
+			)
+		: false;
+	const installedCmd = shouldInstallBatchGuard
+		? ensureWindowsShellShim(
+				join(shimDirectory, "codex.cmd"),
+				buildWindowsCmdShimContent(),
+				{ overwriteCustomShim },
+			)
+		: false;
+	const installedPs1 = shouldInstallBatchGuard
+		? ensureWindowsShellShim(
+				join(shimDirectory, "codex.ps1"),
+				buildWindowsPowerShellShimContent(),
+				{ overwriteCustomShim },
+			)
+		: false;
 	const installedAny = installedBatch || installedCmd || installedPs1;
-	const installedProfileGuard = ensurePowerShellProfileGuard(shimDirectory);
+	const installedProfileGuard = shouldInstallProfileGuard
+		? ensurePowerShellProfileGuard(shimDirectory)
+		: false;
 	if (installedAny || installedProfileGuard) {
 		console.error(
 			"codex-multi-auth: installed Windows shell guards to keep multi-auth routing after codex npm updates.",

test/codex-bin-wrapper.test.ts

@@ -296,6 +296,7 @@ describe("codex bin wrapper", () => {
 			const result = runWrapper(fixtureRoot, ["--version"], {
 				CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
 				CODEX_MULTI_AUTH_WINDOWS_BATCH_SHIM_GUARD: "1",
+				CODEX_MULTI_AUTH_PWSH_PROFILE_GUARD: "1",
 				PATH: `${shimDir}${delimiter}${process.env.PATH ?? ""}`,
 				USERPROFILE: fixtureRoot,
 				HOME: fixtureRoot,
@@ -335,6 +336,114 @@ describe("codex bin wrapper", () => {
 		},
 	);
 
+	it.skipIf(process.platform !== "win32")(
+		"does not install Windows shell guards unless explicitly enabled",
+		() => {
+			const fixtureRoot = createWrapperFixture();
+			const fakeBin = createFakeCodexBin(fixtureRoot);
+			const shimDir = join(fixtureRoot, "shim-bin");
+			mkdirSync(shimDir, { recursive: true });
+			writeFileSync(
+				join(shimDir, "codex-multi-auth.cmd"),
+				"@ECHO OFF\r\nREM fixture codex-multi-auth shim\r\n",
+				"utf8",
+			);
+			writeFileSync(
+				join(shimDir, "codex.cmd"),
+				'@ECHO OFF\r\necho "%dp0%\\node_modules\\@openai\\codex\\bin\\codex.js"\r\n',
+				"utf8",
+			);
+			writeFileSync(
+				join(shimDir, "codex.ps1"),
+				'Write-Output "$basedir/node_modules/@openai/codex/bin/codex.js"' +
+					"\r\n",
+				"utf8",
+			);
+
+			const result = runWrapper(fixtureRoot, ["--version"], {
+				CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
+				PATH: `${shimDir}${delimiter}${process.env.PATH ?? ""}`,
+				USERPROFILE: fixtureRoot,
+				HOME: fixtureRoot,
+			});
+			expect(result.status).toBe(0);
+
+			expect(() => readFileSync(join(shimDir, "codex.bat"), "utf8")).toThrow();
+			expect(readFileSync(join(shimDir, "codex.cmd"), "utf8")).toContain(
+				"node_modules\\@openai\\codex\\bin\\codex.js",
+			);
+			expect(readFileSync(join(shimDir, "codex.ps1"), "utf8")).toContain(
+				"node_modules/@openai/codex/bin/codex.js",
+			);
+			expect(() =>
+				readFileSync(
+					join(
+						fixtureRoot,
+						"Documents",
+						"PowerShell",
+						"Microsoft.PowerShell_profile.ps1",
+					),
+					"utf8",
+				),
+			).toThrow();
+		},
+	);
+
+	it.skipIf(process.platform !== "win32")(
+		"installs the PowerShell profile guard without requiring batch shim guards",
+		() => {
+			const fixtureRoot = createWrapperFixture();
+			const fakeBin = createFakeCodexBin(fixtureRoot);
+			const shimDir = join(fixtureRoot, "shim-bin");
+			mkdirSync(shimDir, { recursive: true });
+			writeFileSync(
+				join(shimDir, "codex-multi-auth.cmd"),
+				"@ECHO OFF\r\nREM fixture codex-multi-auth shim\r\n",
+				"utf8",
+			);
+			writeFileSync(
+				join(shimDir, "codex.cmd"),
+				'@ECHO OFF\r\necho "%dp0%\\node_modules\\@openai\\codex\\bin\\codex.js"\r\n',
+				"utf8",
+			);
+			writeFileSync(
+				join(shimDir, "codex.ps1"),
+				'Write-Output "$basedir/node_modules/@openai/codex/bin/codex.js"' +
+					"\r\n",
+				"utf8",
+			);
+
+			const result = runWrapper(fixtureRoot, ["--version"], {
+				CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
+				CODEX_MULTI_AUTH_PWSH_PROFILE_GUARD: "1",
+				PATH: `${shimDir}${delimiter}${process.env.PATH ?? ""}`,
+				USERPROFILE: fixtureRoot,
+				HOME: fixtureRoot,
+			});
+			expect(result.status).toBe(0);
+
+			expect(() => readFileSync(join(shimDir, "codex.bat"), "utf8")).toThrow();
+			expect(readFileSync(join(shimDir, "codex.cmd"), "utf8")).toContain(
+				"node_modules\\@openai\\codex\\bin\\codex.js",
+			);
+			expect(readFileSync(join(shimDir, "codex.ps1"), "utf8")).toContain(
+				"node_modules/@openai/codex/bin/codex.js",
+			);
+			const pwshProfilePath = join(
+				fixtureRoot,
+				"Documents",
+				"PowerShell",
+				"Microsoft.PowerShell_profile.ps1",
+			);
+			expect(readFileSync(pwshProfilePath, "utf8")).toContain(
+				"# >>> codex-multi-auth shell guard >>>",
+			);
+			expect(readFileSync(pwshProfilePath, "utf8")).toContain(
+				"CodexMultiAuthShim",
+			);
+		},
+	);
+
 	it.skipIf(process.platform !== "win32")(
 		"prefers invocation-derived shim directory over PATH-decoy shim entries",
 		() => {
@@ -374,6 +483,7 @@ describe("codex bin wrapper", () => {
 			const scriptPath = join(scriptDir, "codex.js");
 			const result = runWrapperScript(scriptPath, ["--version"], {
 				CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
+				CODEX_MULTI_AUTH_WINDOWS_BATCH_SHIM_GUARD: "1",
 				PATH: `${decoyShimDir}${delimiter}${globalShimDir}${delimiter}${process.env.PATH ?? ""}`,
 				USERPROFILE: fixtureRoot,
 				HOME: fixtureRoot,