Skip to content

fix(git): prevent 'external diff died' by removing broken diff.external= override#4221

Merged
gregpriday merged 1 commit intodevelopfrom
feature/issue-4214-file-diff-fails-external-diff
Mar 25, 2026
Merged

fix(git): prevent 'external diff died' by removing broken diff.external= override#4221
gregpriday merged 1 commit intodevelopfrom
feature/issue-4214-file-diff-fails-external-diff

Conversation

@gregpriday
Copy link
Copy Markdown
Collaborator

@gregpriday gregpriday commented Mar 25, 2026

Summary

  • Removed the empty diff.external= override from hardened git config that was causing fatal: external diff died errors when viewing modified file diffs in worktrees
  • Audited and removed similar broken empty-string overrides for core.sshCommand= that had the same class of bug
  • Added --no-ext-diff flag to all git diff call sites as a defense-in-depth measure, ensuring external diff tools are never invoked regardless of user/repo config

Resolves #4214

Changes

  • electron/utils/hardenedGit.ts — Removed diff.external= and core.sshCommand= from HARDENED_GIT_CONFIG (empty strings cause "cannot run" errors)
  • electron/services/GitService.ts — Added --no-ext-diff to all diff commands in getFileDiff(), getCommitDiff(), and getDiffSummary()
  • electron/workspace-host/WorkspaceService.ts — Added --no-ext-diff to the workspace diff call
  • electron/ipc/handlers/git-write.ts — Added --no-ext-diff to stash diff operations
  • electron/services/ProjectPulseService.ts — Added --no-ext-diff to pulse diff stats
  • electron/utils/git.ts — Added --no-ext-diff to utility diff helper
  • electron/utils/__tests__/hardenedGit.test.ts — Updated tests for removed config entries
  • electron/services/__tests__/GitService.test.ts — Added tests verifying --no-ext-diff is passed
  • electron/utils/__tests__/git.test.ts — Added tests for utility diff with --no-ext-diff

Testing

  • Unit tests pass for GitService, hardenedGit, and git utility modules
  • ESLint and Prettier pass with zero errors
  • Typecheck clean

@gregpriday
fix(git): prevent 'external diff died' by removing broken diff.extern…
3839857 
…al= override

- Remove empty-string diff.external= from HARDENED_GIT_CONFIG (caused git to try executing empty program)
- Remove allowUnsafeDiffExternal unsafe flag (no longer needed)
- Add --no-ext-diff to all 11 git diff call sites for security against malicious repo configs
- Update tests to verify new config and --no-ext-diff flag usage
@gregpriday gregpriday force-pushed the feature/issue-4214-file-diff-fails-external-diff branch from 62fbb57 to 3839857 Compare March 25, 2026 19:34
@gregpriday gregpriday merged commit 0906cb8 into develop Mar 25, 2026
@gregpriday gregpriday deleted the feature/issue-4214-file-diff-fails-external-diff branch March 25, 2026 19:34
@gregpriday gregpriday mentioned this pull request Apr 7, 2026
Merged
@gregpriday
Copy link
Copy Markdown
Collaborator Author

gregpriday commented Apr 7, 2026

Fixes regression from #3742. Empty diff.external= override made git try to run an empty command as the diff tool.

Regression audit for training data.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

File diff fails with 'external diff died' due to empty diff.external override

1 participant

@gregpriday