fix: prevent symbolic linking to self (#900)

Author: jonathanlab

.claude

@@ -6,6 +6,7 @@ import {
   branchExists,
   getDefaultBranch,
 } from "../queries.js";
+import { safeSymlink } from "../utils.js";
 
 export interface CreateWorktreeInput extends GitSagaInput {
   worktreePath: string;
@@ -63,23 +64,29 @@ export class CreateWorktreeSaga extends GitSaga<
       execute: async () => {
         const sourceClaudeDir = path.join(baseDir, ".claude");
         const targetClaudeDir = path.join(worktreePath, ".claude");
-        try {
-          await fs.access(sourceClaudeDir);
-          await fs.symlink(sourceClaudeDir, targetClaudeDir, "dir");
+        const linkedDir = await safeSymlink(
+          sourceClaudeDir,
+          targetClaudeDir,
+          "dir",
+        );
+        if (linkedDir) {
           await addToLocalExclude(worktreePath, ".claude", {
             abortSignal: signal,
           });
-        } catch {}
+        }
 
         const sourceClaudeLocalMd = path.join(baseDir, "CLAUDE.local.md");
         const targetClaudeLocalMd = path.join(worktreePath, "CLAUDE.local.md");
-        try {
-          await fs.access(sourceClaudeLocalMd);
-          await fs.symlink(sourceClaudeLocalMd, targetClaudeLocalMd, "file");
+        const linkedFile = await safeSymlink(
+          sourceClaudeLocalMd,
+          targetClaudeLocalMd,
+          "file",
+        );
+        if (linkedFile) {
           await addToLocalExclude(worktreePath, "CLAUDE.local.md", {
             abortSignal: signal,
           });
-        } catch {}
+        }
       },
       rollback: async () => {
         const targetClaudeDir = path.join(worktreePath, ".claude");
@@ -140,23 +147,29 @@ export class CreateWorktreeForBranchSaga extends GitSaga<
       execute: async () => {
         const sourceClaudeDir = path.join(baseDir, ".claude");
         const targetClaudeDir = path.join(worktreePath, ".claude");
-        try {
-          await fs.access(sourceClaudeDir);
-          await fs.symlink(sourceClaudeDir, targetClaudeDir, "dir");
+        const linkedDir = await safeSymlink(
+          sourceClaudeDir,
+          targetClaudeDir,
+          "dir",
+        );
+        if (linkedDir) {
           await addToLocalExclude(worktreePath, ".claude", {
             abortSignal: signal,
           });
-        } catch {}
+        }
 
         const sourceClaudeLocalMd = path.join(baseDir, "CLAUDE.local.md");
         const targetClaudeLocalMd = path.join(worktreePath, "CLAUDE.local.md");
-        try {
-          await fs.access(sourceClaudeLocalMd);
-          await fs.symlink(sourceClaudeLocalMd, targetClaudeLocalMd, "file");
+        const linkedFile = await safeSymlink(
+          sourceClaudeLocalMd,
+          targetClaudeLocalMd,
+          "file",
+        );
+        if (linkedFile) {
           await addToLocalExclude(worktreePath, "CLAUDE.local.md", {
             abortSignal: signal,
           });
-        } catch {}
+        }
       },
       rollback: async () => {
         const targetClaudeDir = path.join(worktreePath, ".claude");

packages/git/src/sagas/worktree.ts

@@ -1,8 +1,46 @@
+import * as fs from "node:fs/promises";
+import * as path from "node:path";
+
 export interface GitHubRepo {
   organization: string;
   repository: string;
 }
 
+export async function safeSymlink(
+  source: string,
+  target: string,
+  type: "file" | "dir",
+): Promise<boolean> {
+  if (path.resolve(source) === path.resolve(target)) {
+    return false;
+  }
+
+  const sourceDir = path.dirname(path.resolve(source));
+  const targetDir = path.dirname(path.resolve(target));
+  if (
+    sourceDir === targetDir &&
+    path.basename(source) === path.basename(target)
+  ) {
+    return false;
+  }
+
+  try {
+    await fs.access(source);
+  } catch {
+    return false;
+  }
+
+  try {
+    await fs.symlink(source, target, type);
+    return true;
+  } catch (error) {
+    if ((error as NodeJS.ErrnoException).code === "EEXIST") {
+      return false;
+    }
+    throw error;
+  }
+}
+
 export function parseGitHubUrl(url: string): GitHubRepo | null {
   // Trim whitespace/newlines that git commands may include
   const trimmedUrl = url.trim();

packages/git/src/utils.ts

@@ -8,6 +8,7 @@ import {
   getDefaultBranch,
   listWorktrees as listWorktreesRaw,
 } from "./queries.js";
+import { safeSymlink } from "./utils.js";
 
 export interface WorktreeInfo {
   worktreePath: string;
@@ -370,32 +371,26 @@ export class WorktreeManager {
     const sourceClaudeDir = path.join(this.mainRepoPath, ".claude");
     const targetClaudeDir = path.join(worktreePath, ".claude");
 
-    try {
-      await fs.access(sourceClaudeDir);
-      try {
-        await fs.symlink(sourceClaudeDir, targetClaudeDir, "dir");
-        await addToLocalExclude(worktreePath, ".claude");
-      } catch (error) {
-        if ((error as NodeJS.ErrnoException).code !== "EEXIST") {
-          throw error;
-        }
-      }
-    } catch {}
+    const linkedDir = await safeSymlink(
+      sourceClaudeDir,
+      targetClaudeDir,
+      "dir",
+    );
+    if (linkedDir) {
+      await addToLocalExclude(worktreePath, ".claude");
+    }
 
     const sourceClaudeLocalMd = path.join(this.mainRepoPath, "CLAUDE.local.md");
     const targetClaudeLocalMd = path.join(worktreePath, "CLAUDE.local.md");
 
-    try {
-      await fs.access(sourceClaudeLocalMd);
-      try {
-        await fs.symlink(sourceClaudeLocalMd, targetClaudeLocalMd, "file");
-        await addToLocalExclude(worktreePath, "CLAUDE.local.md");
-      } catch (error) {
-        if ((error as NodeJS.ErrnoException).code !== "EEXIST") {
-          throw error;
-        }
-      }
-    } catch {}
+    const linkedFile = await safeSymlink(
+      sourceClaudeLocalMd,
+      targetClaudeLocalMd,
+      "file",
+    );
+    if (linkedFile) {
+      await addToLocalExclude(worktreePath, "CLAUDE.local.md");
+    }
   }
 
   async cleanupOrphanedWorktrees(associatedWorktreePaths: string[]): Promise<{