If a user runs `supermodel analyze` or `supermodel` (watch mode) from `~` or `/`, the CLI will:
- Zip the entire home directory or root filesystem
- Upload it to the API (potentially GBs of data including secrets, credentials, SSH keys)
- Write thousands of `.graph.*` shard files everywhere
The zip filter already blocks `.env`, `.key`, `.pem` etc, but there's no guard against accidentally running on a scope that's clearly wrong.
Fix: Before creating the zip, check if `repoDir` is:
- `/` or `/root`
- `$HOME` or `~`
- A path with fewer than N source files and no `.git` directory (not a repo)
If so, print a warning and require `--force` to proceed:
```
Warning: You're about to analyze your home directory (/Users/jag).
This will upload all source files to the Supermodel API.
Run with --force if this is intentional, or cd into a project directory first.
```
Discovered during benchmarking when a script accidentally ran from `~`.
If a user runs `supermodel analyze` or `supermodel` (watch mode) from `~` or `/`, the CLI will:
The zip filter already blocks `.env`, `.key`, `.pem` etc, but there's no guard against accidentally running on a scope that's clearly wrong.
Fix: Before creating the zip, check if `repoDir` is:
If so, print a warning and require `--force` to proceed:
```
Warning: You're about to analyze your home directory (/Users/jag).
This will upload all source files to the Supermodel API.
Run with --force if this is intentional, or cd into a project directory first.
```
Discovered during benchmarking when a script accidentally ran from `~`.