fix(wizard): tighten dlx allowlist + cover yarn dlx + dedupe e2e import

auxesis · auxesis · commit 17b63dd08ecf · 2026-05-04T17:18:59.000+10:00
Three small follow-ups from the latest review pass:

- isAllowedDlxCommand used \`rest.startsWith(t)\`, which would let
  \`bunx drizzle-kit-malicious\` slip through on \`drizzle-kit\`.
  Tighten to a token-boundary match (\`rest === t || rest.startsWith(\`\${t} \`)\`)
  so only the exact tool or the tool followed by a space matches.
- errors-runner.test.ts covered npx/bunx/pnpm dlx but not yarn dlx —
  add the missing case to both \`classifyError\` and \`classifyHttpError\`
  suites for symmetry.
- e2e/tests/package-managers.e2e.test.ts had two separate
  \`node:child_process\` imports (\`execFileSync\` and \`spawnSync\`).
  Merge into one.

Out of scope from the same review pass: the pre-existing
\`excludeOperatorFamily || true\` in supabase-migration.ts (introduced
2026-04-28, before this branch); the duplicate \`migrationHeader\` in
the test file (already triaged in prior review); the runner.ts
duplication between protect/drizzle (explicitly out-of-scope per the
plan).
diff --git a/e2e/tests/package-managers.e2e.test.ts b/e2e/tests/package-managers.e2e.test.ts
@@ -1,9 +1,8 @@
-import { execFileSync } from 'node:child_process'
+import { execFileSync, spawnSync } from 'node:child_process'
 import { existsSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs'
 import { tmpdir } from 'node:os'
 import { dirname, join, resolve } from 'node:path'
 import { fileURLToPath } from 'node:url'
-import { spawnSync } from 'node:child_process'
 import { afterEach, beforeAll, beforeEach, describe, expect, it } from 'vitest'
 
 import { createBaseProvider } from '../../packages/cli/src/commands/init/providers/base.js'
diff --git a/packages/wizard/src/__tests__/errors-runner.test.ts b/packages/wizard/src/__tests__/errors-runner.test.ts
@@ -19,6 +19,12 @@ describe('classifyError runner', () => {
       'Run: pnpm dlx stash auth login',
     )
   })
+
+  it('uses yarn dlx when runner=yarn dlx for auth failure', () => {
+    expect(classifyError('authentication_failed', '', 'yarn dlx')).toContain(
+      'Run: yarn dlx stash auth login',
+    )
+  })
 })
 
 describe('classifyHttpError runner', () => {
@@ -39,4 +45,10 @@ describe('classifyHttpError runner', () => {
       'Run: pnpm dlx stash auth login',
     )
   })
+
+  it('uses yarn dlx when runner=yarn dlx for 401', () => {
+    expect(classifyHttpError(401, '', 'yarn dlx')).toContain(
+      'Run: yarn dlx stash auth login',
+    )
+  })
 })
diff --git a/packages/wizard/src/agent/interface.ts b/packages/wizard/src/agent/interface.ts
@@ -84,7 +84,10 @@ function isAllowedDlxCommand(cmd: string): boolean {
   for (const prefix of RUNNER_PREFIXES) {
     if (cmd.startsWith(`${prefix} `)) {
       const rest = cmd.slice(prefix.length + 1)
-      return ALLOWED_DLX_TOOLS.some((t) => rest.startsWith(t))
+      // Token-boundary match: the tool name must be the entire remainder, or
+      // the tool name followed by a space (then args). A bare `startsWith`
+      // would let `drizzle-kit-malicious` slip through `drizzle-kit`.
+      return ALLOWED_DLX_TOOLS.some((t) => rest === t || rest.startsWith(`${t} `))
     }
   }
   return false

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,10 @@ function isAllowedDlxCommand(cmd: string): boolean {`
`84`	`84`	`for (const prefix of RUNNER_PREFIXES) {`
`85`	`85`	if (cmd.startsWith(`${prefix} `)) {
`86`	`86`	`const rest = cmd.slice(prefix.length + 1)`
`87`		`- return ALLOWED_DLX_TOOLS.some((t) => rest.startsWith(t))`
	`87`	`+ // Token-boundary match: the tool name must be the entire remainder, or`
	`88`	+ // the tool name followed by a space (then args). A bare `startsWith`
	`89`	+ // would let `drizzle-kit-malicious` slip through `drizzle-kit`.
	`90`	+ return ALLOWED_DLX_TOOLS.some((t) => rest === t \|\| rest.startsWith(`${t} `))
`88`	`91`	`}`
`89`	`92`	`}`
`90`	`93`	`return false`