From f63fbbb3fe6527bd0037e9ddf49cd1ae6df41907 Mon Sep 17 00:00:00 2001
From: B <6723574+louisgv@users.noreply.github.com>
Date: Wed, 25 Mar 2026 21:34:19 +0000
Subject: [PATCH] fix(security): add input validation to makeDockerExec

Adds non-empty guard to makeDockerExec to make the security boundary
explicit and prevent silent misuse with empty commands.

Fixes #2985

Agent: code-health
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 packages/cli/package.json              | 2 +-
 packages/cli/src/shared/orchestrate.ts | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/cli/package.json b/packages/cli/package.json
index 078c6c12..3b82ebf6 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openrouter/spawn",
-  "version": "0.26.1",
+  "version": "0.26.2",
   "type": "module",
   "bin": {
     "spawn": "cli.js"
diff --git a/packages/cli/src/shared/orchestrate.ts b/packages/cli/src/shared/orchestrate.ts
index 59f0098f..3427fc5c 100644
--- a/packages/cli/src/shared/orchestrate.ts
+++ b/packages/cli/src/shared/orchestrate.ts
@@ -41,6 +41,9 @@ export const DOCKER_REGISTRY = "ghcr.io/openrouterteam";
 
 /** Wrap a command to run inside the Docker container instead of the host. */
 export function makeDockerExec(cmd: string): string {
+  if (!cmd || cmd.length === 0) {
+    throw new Error("makeDockerExec: command must be non-empty");
+  }
   return `docker exec ${DOCKER_CONTAINER_NAME} bash -c ${shellQuote(cmd)}`;
 }