Closes Stream H Task 9 (H3). Two cosmetic fixes in tools/path-normalization.mjs
for gate error messages observed during Smoke 5 Real Fix Re-test 2026-05-30
(steps 4 and 5). Both purely affect human-readable display in block messages
— security behaviour is unchanged (path-deny still fires correctly in all
the original test scenarios).
1. Cygwin/git-bash `/c/Users/...` prefix collapsed before path.resolve.
On win32, path.resolve('/c/Users/x') treats `/c/...` as drive-relative
and prepends cwd's drive letter, producing display paths like
`c:/c/users/...` (doubled drive). The fix inserts a single-letter-drive
normalization step BEFORE resolve when the input looks Cygwin-style.
Guarded by `homedir matches ^[a-zA-Z]:` so POSIX test fixtures
(homedir='/h') still get the original behaviour.
2. PowerShell `$env:USERPROFILE` syntax expanded in expandEnvVars.
The expander handled `%NAME%`, `${NAME}`, and bare `$NAME` but not
the PowerShell-native `$env:NAME` form, so messages displayed the
literal `$env:USERPROFILE` instead of the expanded path. Added a
case-insensitive matcher (PowerShell is case-insensitive) covering
all ENV_WHITELIST names. Non-whitelisted `$env:SECRET` still passes
through unchanged.
Regression: vitest tools 1776/1776 GREEN (was 1772; +4 new tests across
"pathNormalize" (+1 cygwin), "expandEnvVars — PowerShell $env:VAR
(Stream H Task 9 cosmetic)" (+3)). One pre-existing test ("case-folds on
win32") would have broken without the homedir-drive guard — guard
preserves it.
Stream H Task 9 of 11. Plan: docs/superpowers/plans/2026-05-30-router-gate-v4-stream-H.md
Smoke 5 restart-test (chistaa session) refuted stale-process hypothesis and
identified the real bug: Stream A's pathNormalize() returned OS-native paths
(backslashes on win32) while DEFAULT_PROTECTED_PATTERNS regexes are forward-slash
only.
Trace confirmation:
Stream A pathNormalize('~/foo/bar.jsonl') on win32:
BEFORE: 'c:\\users\\admin\\foo\\bar.jsonl' — backslashes
AFTER: 'c:/users/admin/foo/bar.jsonl' — forward slashes
isProtectedPath now matches → Bash/PowerShell hooks block correctly.
Root cause: path.resolve() + fs.realpathSync() on Windows produce backslashes,
caseFold lowercases them but doesn't change separators. DEFAULT_PROTECTED_PATTERNS
in shell-content-rules.mjs are forward-slash regexes (e.g. /(^|\/)\.claude\/projects/i).
defaultPathNormalize fallback in shell-content-rules.mjs DID normalize separators,
which is why my emergency commit 25e184e5 unit-tests passed but live behavior
failed — live hooks use resolvePathNormalize() which returns Stream A's
buggy implementation.
Fix:
- path-normalization.mjs: append .split('\\').join('/') to pathNormalize output.
- path-normalization.test.mjs: +1 RED→GREEN test for win32 separator normalization.
Why previous commit 25e184e5 was incomplete:
- Added pattern to protected list ✓
- Added enforce-read-path-deny.mjs ✓ (Read tool — works because hook uses
defaultPathNormalize directly, not resolvePathNormalize)
- Did NOT detect Bash/PowerShell path-normalize integration bug (debug script
bypassed Stream A by passing defaultPathNormalize directly).
Side observation (recorded as Stream H TODO by chistaa session):
- extractPathArgs/pathDenyOverlay — non-reading path in non-first position is
not checked fully. Independent latent bug, separate fix.
Regression: 1715/1715 vitest tools GREEN (+1 separator test).
Critical: re-run Smoke 5 in clean session — expected PASS all 6 vectors now.
Дмитрий