fix: harden adapter and trust handling

Author: helizaga

lib/adapters.sh

@@ -341,6 +341,14 @@ _load_adapter() {
   # Extract first word (command name) from potentially multi-word string
   local cmd_name="${name%% *}"
 
+  case "$cmd_name" in
+    */* | *\\*)
+      log_error "$label '$name' must use a PATH command name, not a filesystem path"
+      log_info "Use a simple command name, optionally with flags (e.g., 'code --wait')"
+      return 1
+      ;;
+  esac
+
   if ! command -v "$cmd_name" >/dev/null 2>&1; then
     log_error "$label '$name' not found"
     log_info "Built-in adapters: $builtin_list"

lib/commands/init.sh

@@ -68,7 +68,7 @@ cmd_init() {
   # Generate output (cached to ~/.cache/gtr/, auto-invalidates on shell integration changes)
   local cache_dir="${XDG_CACHE_HOME:-$HOME/.cache}/gtr"
   local cache_file="$cache_dir/init-${func_name}.${shell}"
-  local cache_schema="${GTR_INIT_CACHE_VERSION:-2}"
+  local cache_schema="${GTR_INIT_CACHE_VERSION:-3}"
   local cache_stamp="# gtr-cache: version=${GTR_VERSION:-unknown} init=${cache_schema} func=$func_name shell=$shell"
 
   # Return cached output if version matches
@@ -115,6 +115,14 @@ __FUNC___hooks_hash() {
   printf '%s\n' "$_gtr_hook_defs" | shasum -a 256 | cut -d' ' -f1
 }
 
+__FUNC___hooks_trust_key() {
+  local _gtr_config_file="$1"
+  local _gtr_hook_hash _gtr_repo_root
+  _gtr_hook_hash="$(__FUNC___hooks_hash "$_gtr_config_file" 2>/dev/null)" || return 1
+  _gtr_repo_root="$(cd "$(dirname "$_gtr_config_file")" 2>/dev/null && pwd -P)" || return 1
+  printf '%s\n%s\n' "$_gtr_repo_root" "$_gtr_hook_hash" | shasum -a 256 | cut -d' ' -f1
+}
+
 __FUNC___run_post_cd_hooks() {
   local dir="$1"
   local _gtr_trust_dir="${XDG_CONFIG_HOME:-$HOME/.config}/gtr/trusted"
@@ -132,9 +140,9 @@ __FUNC___run_post_cd_hooks() {
       _gtr_file_hooks="$(git config -f "$_gtr_config_file" --get-all hooks.postCd 2>/dev/null)" || true
       if [ -n "$_gtr_file_hooks" ]; then
         # Verify trust before including .gtrconfig hooks
-        local _gtr_hook_hash
-        _gtr_hook_hash="$(__FUNC___hooks_hash "$_gtr_config_file" 2>/dev/null)" || true
-        if [ -n "$_gtr_hook_hash" ] && [ -f "$_gtr_trust_dir/$_gtr_hook_hash" ]; then
+        local _gtr_trust_key
+        _gtr_trust_key="$(__FUNC___hooks_trust_key "$_gtr_config_file" 2>/dev/null)" || true
+        if [ -n "$_gtr_trust_key" ] && [ -f "$_gtr_trust_dir/$_gtr_trust_key" ]; then
           if [ -n "$_gtr_hooks" ]; then
             _gtr_hooks="$_gtr_hooks"$'\n'"$_gtr_file_hooks"
           else
@@ -321,6 +329,15 @@ __FUNC___hooks_hash() {
   printf '%s\n' "$_gtr_hook_defs" | shasum -a 256 | cut -d' ' -f1
 }
 
+__FUNC___hooks_trust_key() {
+  emulate -L zsh
+  local _gtr_config_file="$1"
+  local _gtr_hook_hash _gtr_repo_root
+  _gtr_hook_hash="$(__FUNC___hooks_hash "$_gtr_config_file" 2>/dev/null)" || return 1
+  _gtr_repo_root="$(cd "$(dirname "$_gtr_config_file")" 2>/dev/null && pwd -P)" || return 1
+  printf '%s\n%s\n' "$_gtr_repo_root" "$_gtr_hook_hash" | shasum -a 256 | cut -d' ' -f1
+}
+
 __FUNC___run_post_cd_hooks() {
   emulate -L zsh
   local dir="$1"
@@ -339,9 +356,9 @@ __FUNC___run_post_cd_hooks() {
       _gtr_file_hooks="$(git config -f "$_gtr_config_file" --get-all hooks.postCd 2>/dev/null)" || true
       if [ -n "$_gtr_file_hooks" ]; then
         # Verify trust before including .gtrconfig hooks
-        local _gtr_hook_hash
-        _gtr_hook_hash="$(__FUNC___hooks_hash "$_gtr_config_file" 2>/dev/null)" || true
-        if [ -n "$_gtr_hook_hash" ] && [ -f "$_gtr_trust_dir/$_gtr_hook_hash" ]; then
+        local _gtr_trust_key
+        _gtr_trust_key="$(__FUNC___hooks_trust_key "$_gtr_config_file" 2>/dev/null)" || true
+        if [ -n "$_gtr_trust_key" ] && [ -f "$_gtr_trust_dir/$_gtr_trust_key" ]; then
           if [ -n "$_gtr_hooks" ]; then
             _gtr_hooks="$_gtr_hooks"$'\n'"$_gtr_file_hooks"
           else
@@ -528,6 +545,15 @@ function __FUNC___hooks_hash
   printf '%s\n' "$_gtr_hook_defs" | shasum -a 256 | cut -d' ' -f1
 end
 
+function __FUNC___hooks_trust_key
+  set -l _gtr_config_file "$argv[1]"
+  set -l _gtr_hook_hash (__FUNC___hooks_hash "$_gtr_config_file" 2>/dev/null)
+  test -n "$_gtr_hook_hash"; or return 1
+  set -l _gtr_repo_root (cd (dirname "$_gtr_config_file") 2>/dev/null; and pwd -P)
+  test -n "$_gtr_repo_root"; or return 1
+  printf '%s\n%s\n' "$_gtr_repo_root" "$_gtr_hook_hash" | shasum -a 256 | cut -d' ' -f1
+end
+
 function __FUNC___run_post_cd_hooks
   set -l dir "$argv[1]"
   set -l _gtr_trust_dir "$HOME/.config/gtr/trusted"
@@ -547,8 +573,8 @@ function __FUNC___run_post_cd_hooks
       set -l _gtr_candidate_hooks (git config -f "$_gtr_config_file" --get-all hooks.postCd 2>/dev/null)
       if test (count $_gtr_candidate_hooks) -gt 0
         # Verify trust before including .gtrconfig hooks
-        set -l _gtr_hook_hash (__FUNC___hooks_hash "$_gtr_config_file" 2>/dev/null)
-        if test -n "$_gtr_hook_hash"; and test -f "$_gtr_trust_dir/$_gtr_hook_hash"
+        set -l _gtr_trust_key (__FUNC___hooks_trust_key "$_gtr_config_file" 2>/dev/null)
+        if test -n "$_gtr_trust_key"; and test -f "$_gtr_trust_dir/$_gtr_trust_key"
           set _gtr_file_hooks $_gtr_candidate_hooks
         else
           echo "__FUNC__: Untrusted .gtrconfig hooks skipped — run 'git gtr trust' to approve" >&2
@@ -705,6 +731,7 @@ complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a adapter -d 'List avai
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a config -d 'Manage configuration'
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a completion -d 'Generate shell completions'
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a init -d 'Generate shell integration'
+complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a trust -d 'Trust .gtrconfig hooks'
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a version -d 'Show version'
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a help -d 'Show help'
 

lib/commands/trust.sh

@@ -26,14 +26,26 @@ cmd_trust() {
     return 0
   fi
 
+  local trust_path
+  trust_path=$(_hooks_trust_path_for_content "$config_file" "$hook_content") || {
+    log_error "Failed to compute trust marker for $config_file"
+    return 1
+  }
+
   log_warn "The following hooks are defined in $config_file:"
   echo "" >&2
   printf '%s\n' "$hook_content" >&2
   echo "" >&2
   log_warn "These commands will execute on your machine during gtr operations."
 
   if prompt_yes_no "Trust these hooks?"; then
-    if _hooks_mark_trusted "$config_file"; then
+    if _hooks_write_trust_marker "$trust_path" "$config_file"; then
+      local current_trust_path
+      current_trust_path=$(_hooks_trust_path "$config_file") || true
+      if [ -n "$current_trust_path" ] && [ "$current_trust_path" != "$trust_path" ]; then
+        log_warn "Hooks changed during review; current hooks remain untrusted"
+        return 1
+      fi
       log_info "Hooks marked as trusted"
     else
       log_error "Failed to mark hooks as trusted"

lib/hooks.sh

@@ -6,30 +6,76 @@
 # user approval before execution. This prevents malicious contributors from
 # injecting arbitrary commands via shared config files.
 #
-# Trust state is stored per-repo in ~/.config/gtr/trusted/<hash>
-# where <hash> is the SHA-256 of the .gtrconfig hooks content.
+# Trust state is stored in ~/.config/gtr/trusted/<key>
+# where <key> is a SHA-256 of the canonical repo root plus the hook content hash.
 
 _GTR_TRUST_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/gtr/trusted"
 
+# Compute a content hash for hook definitions
+# Usage: _hooks_content_hash <hook_content>
+_hooks_content_hash() {
+  local hook_content="$1"
+  [ -n "$hook_content" ] || return 1
+  printf '%s\n' "$hook_content" | shasum -a 256 | cut -d' ' -f1
+}
+
 # Compute a content hash of all hook entries in a .gtrconfig file
 # Usage: _hooks_file_hash <config_file>
 _hooks_file_hash() {
   local config_file="$1"
   local hook_content
   hook_content=$(git config -f "$config_file" --get-regexp '^hooks\.' 2>/dev/null) || true
-  if [ -z "$hook_content" ]; then
-    return 1
-  fi
-  printf '%s\n' "$hook_content" | shasum -a 256 | cut -d' ' -f1
+  _hooks_content_hash "$hook_content"
+}
+
+# Resolve the canonical repository root for a .gtrconfig file
+# Usage: _hooks_repo_root <config_file>
+_hooks_repo_root() {
+  local config_file="$1"
+  (
+    cd "$(dirname "$config_file")" 2>/dev/null &&
+    pwd -P
+  )
+}
+
+# Compute the repo-scoped trust key for a .gtrconfig file
+# Usage: _hooks_trust_key <config_file>
+_hooks_trust_key() {
+  local config_file="$1"
+  local hash repo_root
+  hash=$(_hooks_file_hash "$config_file") || return 1
+  repo_root=$(_hooks_repo_root "$config_file") || return 1
+  printf '%s\n%s\n' "$repo_root" "$hash" | shasum -a 256 | cut -d' ' -f1
+}
+
+# Compute the repo-scoped trust key for reviewed hook content
+# Usage: _hooks_trust_key_for_content <config_file> <hook_content>
+_hooks_trust_key_for_content() {
+  local config_file="$1"
+  local hook_content="$2"
+  local hash repo_root
+  hash=$(_hooks_content_hash "$hook_content") || return 1
+  repo_root=$(_hooks_repo_root "$config_file") || return 1
+  printf '%s\n%s\n' "$repo_root" "$hash" | shasum -a 256 | cut -d' ' -f1
 }
 
 # Resolve the trust marker path for a .gtrconfig file
 # Usage: _hooks_trust_path <config_file>
 _hooks_trust_path() {
   local config_file="$1"
-  local hash
-  hash=$(_hooks_file_hash "$config_file") || return 1
-  printf '%s/%s\n' "$_GTR_TRUST_DIR" "$hash"
+  local trust_key
+  trust_key=$(_hooks_trust_key "$config_file") || return 1
+  printf '%s/%s\n' "$_GTR_TRUST_DIR" "$trust_key"
+}
+
+# Resolve the trust marker path for reviewed hook content
+# Usage: _hooks_trust_path_for_content <config_file> <hook_content>
+_hooks_trust_path_for_content() {
+  local config_file="$1"
+  local hook_content="$2"
+  local trust_key
+  trust_key=$(_hooks_trust_key_for_content "$config_file" "$hook_content") || return 1
+  printf '%s/%s\n' "$_GTR_TRUST_DIR" "$trust_key"
 }
 
 # Check if .gtrconfig hooks are trusted for the current repository
@@ -45,15 +91,24 @@ _hooks_are_trusted() {
   [ -f "$trust_path" ]
 }
 
+# Write a trust marker that matches the reviewed hooks
+# Usage: _hooks_write_trust_marker <trust_path> [config_file]
+_hooks_write_trust_marker() {
+  local trust_path="$1"
+  local config_file="${2:-}"
+
+  mkdir -p "$_GTR_TRUST_DIR" || return 1
+  printf '%s\n' "$config_file" > "$trust_path"
+}
+
 # Mark .gtrconfig hooks as trusted
 # Usage: _hooks_mark_trusted <config_file>
 _hooks_mark_trusted() {
   local config_file="$1"
   local trust_path
   trust_path=$(_hooks_trust_path "$config_file") || return 0
 
-  mkdir -p "$_GTR_TRUST_DIR"
-  printf '%s\n' "$config_file" > "$trust_path"
+  _hooks_write_trust_marker "$trust_path" "$config_file"
 }
 
 # Get hooks, filtering out untrusted .gtrconfig hooks with a warning

tests/adapters.bats

@@ -141,6 +141,11 @@ EOF
   [ "$GTR_AI_CMD_NAME" = "bunx" ]
 }
 
+@test "_load_adapter rejects filesystem path commands in generic fallback" {
+  run _load_adapter "editor" "./bin/gtr" "Editor" "$(_list_registry_names "$_EDITOR_REGISTRY")" "code, vim"
+  [ "$status" -eq 1 ]
+}
+
 @test "_run_configured_command preserves quoted arguments" {
   run _run_configured_command "printf '%s\n' 'hello world'"
   [ "$status" -eq 0 ]

tests/cmd_trust.bats

@@ -33,7 +33,7 @@ EOF
 EOF
 
   prompt_yes_no() { return 0; }
-  _hooks_mark_trusted() { return 1; }
+  _hooks_write_trust_marker() { return 1; }
 
   local output_file="$BATS_TMPDIR/cmd-trust-failure.out"
   local rc=0
@@ -46,3 +46,60 @@ EOF
   [ "$rc" -eq 1 ]
   grep -F "Failed to mark hooks as trusted" "$output_file"
 }
+
+@test "cmd_trust trusts the reviewed snapshot and fails if hooks change during confirmation" {
+  cat > "$TEST_REPO/.gtrconfig" <<'EOF'
+[hooks]
+  postCd = echo reviewed
+EOF
+
+  local reviewed_trust_path
+  reviewed_trust_path=$(_hooks_trust_path "$TEST_REPO/.gtrconfig")
+
+  prompt_yes_no() {
+    cat > "$TEST_REPO/.gtrconfig" <<'EOF'
+[hooks]
+  postCd = echo changed
+EOF
+    return 0
+  }
+
+  local output_file="$BATS_TMPDIR/cmd-trust-changed.out"
+  local rc=0
+  if cmd_trust >"$output_file" 2>&1; then
+    rc=0
+  else
+    rc=$?
+  fi
+
+  [ "$rc" -eq 1 ]
+  [ -f "$reviewed_trust_path" ]
+  ! _hooks_are_trusted "$TEST_REPO/.gtrconfig"
+  grep -F "Hooks changed during review; current hooks remain untrusted" "$output_file"
+}
+
+@test "cmd_trust writes the reviewed marker when hooks change during confirmation" {
+  cat > "$TEST_REPO/.gtrconfig" <<'EOF'
+[hooks]
+  postCd = echo original
+EOF
+
+  local reviewed_marker
+  reviewed_marker="$(_hooks_trust_path "$TEST_REPO/.gtrconfig")"
+
+  prompt_yes_no() {
+    cat > "$TEST_REPO/.gtrconfig" <<'EOF'
+[hooks]
+  postCd = echo changed
+EOF
+    return 0
+  }
+
+  run cmd_trust
+  [ "$status" -eq 1 ]
+  [[ "$output" == *"Hooks changed during review; current hooks remain untrusted"* ]]
+  [ -f "$reviewed_marker" ]
+
+  run _hooks_are_trusted "$TEST_REPO/.gtrconfig"
+  [ "$status" -eq 1 ]
+}

tests/hooks.bats

@@ -41,6 +41,27 @@ EOF
   _hooks_are_trusted "$TEST_REPO/.gtrconfig"
 }
 
+@test "repo-specific trust markers differ for the same hook content" {
+  local second_repo="$BATS_TMPDIR/second-repo"
+  mkdir -p "$second_repo"
+
+  cat > "$TEST_REPO/.gtrconfig" <<'EOF'
+[hooks]
+  postCd = ./scripts/bootstrap
+EOF
+
+  cat > "$second_repo/.gtrconfig" <<'EOF'
+[hooks]
+  postCd = ./scripts/bootstrap
+EOF
+
+  local first_path second_path
+  first_path="$(_hooks_trust_path "$TEST_REPO/.gtrconfig")"
+  second_path="$(_hooks_trust_path "$second_repo/.gtrconfig")"
+
+  [ "$first_path" != "$second_path" ]
+}
+
 @test "run_hooks executes single hook" {
   git config --add gtr.hook.postCreate 'touch "$REPO_ROOT/hook-ran"'
   run_hooks postCreate REPO_ROOT="$TEST_REPO"

tests/init.bats

@@ -198,6 +198,13 @@ BASH
   [[ "$output" == *'printf '\''%s/.gtrconfig\n'\'''* ]]
 }
 
+@test "generated wrappers scope trust markers by repo root" {
+  run cmd_init bash
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"hooks_trust_key"* ]]
+  [[ "$output" == *'dirname "$_gtr_config_file"'* ]]
+}
+
 @test "zsh output includes cd completion" {
   run cmd_init zsh
   [ "$status" -eq 0 ]
@@ -216,6 +223,12 @@ BASH
   [[ "$output" == *"-a cd -d"* ]]
 }
 
+@test "fish output includes trust subcommand completion" {
+  run cmd_init fish
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"-a trust -d"* ]]
+}
+
 @test "fish output uses git gtr list --porcelain for cd completion" {
   run cmd_init fish
   [ "$status" -eq 0 ]