Skip to content

fix(server): open symlinked files (e.g. .env) in the file explorer#36

Merged
DanielGGordon merged 2 commits into
mainfrom
t3code/issue-35-fix
Jul 15, 2026
Merged

fix(server): open symlinked files (e.g. .env) in the file explorer#36
DanielGGordon merged 2 commits into
mainfrom
t3code/issue-35-fix

Conversation

@DanielGGordon

Copy link
Copy Markdown
Owner

What changed

readFile (workspace file explorer/preview) no longer rejects an in-tree file whose symlink target resolves outside the workspace root. It now follows the symlink and reads the file it points at, mirroring what writeFile already does.

Also added an AGENTS.md section documenting how to test in a fresh worktree (one-time pnpm install, isolated single-file test/typecheck loop, Effect/vitest gotchas), since that was the main friction hitting this bug.

Why

Fixes #35 ("Cannot open file in file explorer" — .env).

The dotfiles feature made .env visible in the explorer, but opening one could still error with WorkspaceFilePathEscapeError ("error when opening the file"). Root cause: readFile had a realpath-based containment check that rejected any in-tree file whose symlink target pointed outside the root.

.env is very commonly a symlink — and especially so in this project's worktree-heavy workflow, where .env is symlinked into each git worktree from the main checkout so branches share secrets. In a worktree the symlink target resolves outside the worktree root, so it was rejected.

The tell was the asymmetry: writeFile has no such check and writes straight through the symlink. So the same .env could be saved but not opened — matching the reporter's "error when opening… should be able to move the file" and their hunch that it was "an issue with the files themselves."

The lexical containment in resolveRelativePathWithinRoot still rejects ../absolute relativePaths and remains the security boundary. The explorer already lets users re-root anywhere (Home / root bar), so blocking in-tree symlinks added no real confidentiality boundary — it only broke reads.

How it was verified

Reproduced against the real server services with a scratch test (plain .env read fine; symlinked-outside .env failed with the escape error; listing surfaced .env correctly). After the fix:

  • Updated the intentional "rejects symlinks that resolve outside the root" test to assert the new behavior (reads the target), and added a test confirming .. traversal is still rejected.
  • apps/server/src/workspace suite: 44 passing
  • tsgo --noEmit (server): clean
  • vp lint (workspace): clean

No UI change (server-side only), so no before/after images.

DanielGGordon and others added 2 commits July 15, 2026 16:46
readFile rejected any in-tree file whose symlink target resolved outside
the workspace root, so opening a `.env` symlinked into a git worktree from
the main checkout (a common secrets-sharing pattern) failed with
WorkspaceFilePathEscapeError — "error when opening the file". writeFile had
no such check and already wrote straight through the symlink, so the file
could be saved but not opened.

Drop readFile's realpath-containment check so it follows symlinks like
writeFile (and every editor) does. The lexical containment in
resolveRelativePathWithinRoot still rejects `..`/absolute relativePaths, so
that remains the security boundary; the explorer already lets users re-root
anywhere (Home/root bar), so blocking in-tree symlinks added no real
confidentiality boundary.

Fixes #35

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
New t3code/* worktrees ship without node_modules; document the one-time
pnpm install and the isolated single-file test/typecheck loop (plus the
Effect.either/console.log gotchas) so future agents can reproduce
server-behavior bugs in seconds instead of rediscovering the basics.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@github-actions github-actions Bot added vouch:trusted PR author is trusted by repo permissions or the VOUCHED list. size:M labels Jul 15, 2026
@DanielGGordon DanielGGordon merged commit 58e69b5 into main Jul 15, 2026
6 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:M vouch:trusted PR author is trusted by repo permissions or the VOUCHED list.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: Cannot open file in file explorer

1 participant