fix: prevent repo-configured GitHub command execution in deliver flows by ganesh47 · Pull Request #64 · ganesh47/cstack

ganesh47 · 2026-04-23T04:49:45Z

A repo-controlled workflows.deliver.github.command could point at a local script and be auto-executed during deliver evidence collection (when issue references are inferred), enabling arbitrary code execution under the user running cstack deliver.
Deliver flows were resolving and invoking repo-configured script files (e.g. .js/.ts) via execFile, which bypasses sandbox expectations and is unsafe for untrusted repo config.
The change prevents untrusted repository configuration from selecting an arbitrary executable for GitHub interactions.

Removed the script/file extension resolution and Node-invocation path so commands are executed directly via execFile without implicitly routing scripts through node in src/github.ts (removed resolveCommand).
Pinned GitHub invocations in deliver evidence collection and deliver mutation flows to the trusted gh binary by setting ghCommand = "gh" instead of using policy.command in src/github.ts.
Updated tests in test/deliver.test.ts and test/ship.test.ts to create a fake gh binary on a temporary PATH, set the repo config command = "gh" in fixtures, and restore PATH in afterEach for deterministic behavior.

Ran npx vitest run test/deliver.test.ts -t "fails closed when the default branch cannot be resolved for PR mutation" and it passed.
Ran npx vitest run test/ship.test.ts -t "runShip" and it passed.

fix: pin deliver github cli invocation to gh binary

8be958f

ganesh47 added codex aardvark labels Apr 23, 2026 — with ChatGPT Codex Connector

ganesh47 added codex aardvark labels Apr 23, 2026

Provide feedback