fix(webui): sanitize WorkspaceSecurityError messages in API responses (AUDIT-L2)

[konard]

Summary

Fixes [AUDIT-L2] from issue #276: workspace API error responses were returning the raw WorkspaceSecurityError message, which could include user-supplied paths such as /home/<user>/..., leaking server filesystem information to the client.

Changes

• src/webui/routes/workspace.ts: Updated errorResponse() to return a generic "Workspace path is not allowed" message for all WorkspaceSecurityError cases (HTTP 403), and log the actual attemptedPath and message server-side at warn level.
• src/webui/__tests__/workspace-raw.test.ts: Updated the path traversal test to expect the new generic message.
• src/webui/__tests__/workspace-security-leak.test.ts: New test suite verifying that /raw, /read, and /write endpoints never include /home/, /tmp/, or C:\ in 403 responses, and that the internal error message is not exposed.

How to reproduce the issue

GET /api/workspace/read?path=/home/alice/../../etc/passwd
→ {"success":false,"error":"Access denied: Path '/home/alice/../../etc/passwd' is outside the workspace..."}

After fix

GET /api/workspace/read?path=/home/alice/../../etc/passwd
→ {"success":false,"error":"Workspace path is not allowed"}

Server logs: WARN workspace-routes { attemptedPath: '/home/alice/../../etc/passwd', message: '...' } workspace path rejected

Test plan

• All existing workspace tests pass
• New workspace-security-leak.test.ts: 5 tests covering path leak prevention across endpoints
• API response never contains /home/, /tmp/, or C:\ substrings for security errors

Fixes #276

[konard]

Solution summary

The fix is complete. Here's a summary of what was done:

Root cause: errorResponse() in src/webui/routes/workspace.ts passed the raw WorkspaceSecurityError message to the client. Those messages (from validator.ts) include the user-supplied inputPath (e.g. "Access denied: Path '/home/alice/../../etc/passwd' is outside the workspace..."), leaking server filesystem structure.

Fix (src/webui/routes/workspace.ts):

• Added createLogger("workspace-routes")
• errorResponse() now catches WorkspaceSecurityError specifically: logs { attemptedPath, message } at warn level server-side, and returns the generic string "Workspace path is not allowed" to the client with HTTP 403

Tests:

• Updated workspace-raw.test.ts to expect the new generic message
• New workspace-security-leak.test.ts with 5 tests covering /raw, /read, /write endpoints, asserting no /home/, /tmp/, or C:\ substrings appear in 403 responses

PR: #277

---

This summary was automatically extracted from the AI working session output.

[konard]

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost: $1.070874

📊 Context and tokens usage:

• 57.3K / 1M (6%) input tokens, 13.2K / 64K (21%) output tokens

Total: (56.9K + 2.2M cached) input tokens, 13.2K output tokens, $1.070874 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: sonnet
• Model: Claude Sonnet 4.6 (claude-sonnet-4-6)

📎 Log file uploaded as Gist (1318KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

🔄 Auto-restart triggered (iteration 1)

Reason: Merge conflicts detected

Starting new session to address the issues.

---

Auto-restart-until-mergeable mode is active. Will continue until PR becomes mergeable.

[konard]

🔄 Auto-restart-until-mergeable Log (iteration 1)

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost: $0.180168

📊 Context and tokens usage:

• 23.1K / 1M (2%) input tokens, 2.5K / 64K (4%) output tokens

Total: (12.4K + 320.0K cached) input tokens, 2.5K output tokens, $0.180168 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: sonnet
• Model: Claude Sonnet 4.6 (claude-sonnet-4-6)

📎 Log file uploaded as Gist (1707KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.