Found while dogfooding the locally built cdidx on branch codex/search-audit-issues-20260619.
Duplicate check: no open issue found for installer Process.Start upgrade script arguments shell execute policy.
Evidence:
src/CodeIndex/Cli/ProgramRunner.cs:3297 launches the downloaded installer script through Process.Start(startInfo).- Upgrade code also downloads release assets and verifies checksums before launching.
Problem:
Installer launch code is security-sensitive and should have explicit tests for argument handling, shell execution settings, working directory, environment, and failure diagnostics.
Acceptance criteria:
- Document and test
ProcessStartInfo settings used for installer execution.
- Ensure shell expansion is disabled unless explicitly required.
- Add tests for arguments with spaces/special characters and failed process start behavior.
Found while dogfooding the locally built
cdidxon branchcodex/search-audit-issues-20260619.Duplicate check: no open issue found for
installer Process.Start upgrade script arguments shell execute policy.Evidence:
src/CodeIndex/Cli/ProgramRunner.cs:3297launches the downloaded installer script throughProcess.Start(startInfo).Problem:
Installer launch code is security-sensitive and should have explicit tests for argument handling, shell execution settings, working directory, environment, and failure diagnostics.
Acceptance criteria:
ProcessStartInfosettings used for installer execution.