Reject negative --cooldown values from the CLI

hsbt · claude · hsbt · commit 45e54d5b4c55 · 2026-06-02T12:41:33.000+09:00
The Gemfile DSL already rejects `cooldown: -7`, but `--cooldown -7` on
install/update/add/outdated slipped through Thor and ended up
disabling the filter silently via the `days &lt;= 0` short-circuit in
the resolver. Add a shared CLI::Common.validate_cooldown! guard so the
CLI surface fails loud with the same message as the DSL.

Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
diff --git a/bundler/lib/bundler/cli/add.rb b/bundler/lib/bundler/cli/add.rb
@@ -14,6 +14,7 @@ def initialize(options, gems)
     def run
       Bundler.ui.level = "warn" if options[:quiet]
 
+      Bundler::CLI::Common.validate_cooldown!(options[:cooldown])
       Bundler.settings.set_command_option_if_given :cooldown, options[:cooldown]
 
       validate_options!
diff --git a/bundler/lib/bundler/cli/common.rb b/bundler/lib/bundler/cli/common.rb
@@ -2,6 +2,12 @@
 
 module Bundler
   module CLI::Common
+    def self.validate_cooldown!(value)
+      return if value.nil?
+      return if value.is_a?(Integer) && value >= 0
+      raise InvalidOption, "Expected `--cooldown` to be a non-negative integer, got #{value.inspect}"
+    end
+
     def self.output_post_install_messages(messages)
       return if Bundler.settings["ignore_messages"]
       messages.to_a.each do |name, msg|
diff --git a/bundler/lib/bundler/cli/install.rb b/bundler/lib/bundler/cli/install.rb
@@ -112,6 +112,7 @@ def normalize_settings
 
       Bundler.settings.set_command_option_if_given :jobs, options["jobs"]
 
+      Bundler::CLI::Common.validate_cooldown!(options["cooldown"])
       Bundler.settings.set_command_option_if_given :cooldown, options["cooldown"]
 
       Bundler.settings.set_command_option_if_given :no_prune, options["no-prune"]
diff --git a/bundler/lib/bundler/cli/outdated.rb b/bundler/lib/bundler/cli/outdated.rb
@@ -26,6 +26,7 @@ def initialize(options, gems)
     def run
       check_for_deployment_mode!
 
+      Bundler::CLI::Common.validate_cooldown!(options[:cooldown])
       Bundler.settings.set_command_option_if_given :cooldown, options[:cooldown]
 
       Bundler.definition.validate_runtime!
diff --git a/bundler/lib/bundler/cli/update.rb b/bundler/lib/bundler/cli/update.rb
@@ -66,6 +66,7 @@ def run
       opts["force"] = options[:redownload] if options[:redownload]
 
       Bundler.settings.set_command_option_if_given :jobs, opts["jobs"]
+      Bundler::CLI::Common.validate_cooldown!(options[:cooldown])
       Bundler.settings.set_command_option_if_given :cooldown, options[:cooldown]
 
       Bundler.definition.validate_runtime!
