(
command: string,
opts: {
id: number | string
sandboxTmpDir?: string
useSandbox: boolean
},
)
| 75 | detached: true, |
| 76 | |
| 77 | async buildExecCommand( |
| 78 | command: string, |
| 79 | opts: { |
| 80 | id: number | string |
| 81 | sandboxTmpDir?: string |
| 82 | useSandbox: boolean |
| 83 | }, |
| 84 | ): Promise<{ commandString: string; cwdFilePath: string }> { |
| 85 | let snapshotFilePath = await snapshotPromise |
| 86 | // This access() check is NOT pure TOCTOU — it's the fallback decision |
| 87 | // point for getSpawnArgs. When the snapshot disappears mid-session |
| 88 | // (tmpdir cleanup), we must clear lastSnapshotFilePath so getSpawnArgs |
| 89 | // adds -l and the command gets login-shell init. Without this check, |
| 90 | // `source ... || true` silently fails and commands run with NO shell |
| 91 | // init (neither snapshot env nor login profile). The `|| true` on source |
| 92 | // still guards the race between this check and the spawned shell. |
| 93 | if (snapshotFilePath) { |
| 94 | try { |
| 95 | await access(snapshotFilePath) |
| 96 | } catch { |
| 97 | logForDebugging( |
| 98 | `Snapshot file missing, falling back to login shell: ${snapshotFilePath}`, |
| 99 | ) |
| 100 | snapshotFilePath = undefined |
| 101 | } |
| 102 | } |
| 103 | lastSnapshotFilePath = snapshotFilePath |
| 104 | |
| 105 | // Stash sandboxTmpDir for use in getEnvironmentOverrides |
| 106 | currentSandboxTmpDir = opts.sandboxTmpDir |
| 107 | |
| 108 | const tmpdir = osTmpdir() |
| 109 | const isWindows = getPlatform() === 'windows' |
| 110 | const shellTmpdir = isWindows ? windowsPathToPosixPath(tmpdir) : tmpdir |
| 111 | |
| 112 | // shellCwdFilePath: POSIX path used inside the bash command (pwd -P >| ...) |
| 113 | // cwdFilePath: native OS path used by Node.js for readFileSync/unlinkSync |
| 114 | // On non-Windows these are identical; on Windows, Git Bash needs POSIX paths |
| 115 | // but Node.js needs native Windows paths for file operations. |
| 116 | const shellCwdFilePath = opts.useSandbox |
| 117 | ? posixJoin(opts.sandboxTmpDir!, `cwd-${opts.id}`) |
| 118 | : posixJoin(shellTmpdir, `claude-${opts.id}-cwd`) |
| 119 | const cwdFilePath = opts.useSandbox |
| 120 | ? posixJoin(opts.sandboxTmpDir!, `cwd-${opts.id}`) |
| 121 | : nativeJoin(tmpdir, `claude-${opts.id}-cwd`) |
| 122 | |
| 123 | // Defensive rewrite: the model sometimes emits Windows CMD-style `2>nul` |
| 124 | // redirects. In POSIX bash (including Git Bash on Windows), this creates a |
| 125 | // literal file named `nul` — a reserved device name that breaks git. |
| 126 | // See anthropics/claude-code#4928. |
| 127 | const normalizedCommand = rewriteWindowsNullRedirect(command) |
| 128 | const addStdinRedirect = shouldAddStdinRedirect(normalizedCommand) |
| 129 | let quotedCommand = quoteShellCommand(normalizedCommand, addStdinRedirect) |
| 130 | |
| 131 | // Debug logging for heredoc/multiline commands to trace trailer handling |
| 132 | // Only log when commit attribution is enabled to avoid noise |
| 133 | if ( |
| 134 | feature('COMMIT_ATTRIBUTION') && |
nothing calls this directly
no test coverage detected