From f83b5aacf0a030a8c662c5f28ecf320d365fe616 Mon Sep 17 00:00:00 2001
From: Amolith <amolith@secluded.site>
Date: Sun, 5 Apr 2026 21:16:42 -0600
Subject: [PATCH] handoff: Fix session_query signal and path checks

The signal guard `if (!signal || signal.aborted)` treated a missing
signal as cancelled, preventing session_query from running when the SDK
passes no AbortSignal. Change to `if (signal?.aborted)` so only an
actually-aborted signal triggers cancellation.

sessionPathAllowed() returned true when sessionsRoot was undefined,
allowing any absolute path to pass validation. Flip the default to false
so queries fail closed when the sessions root cannot be determined.
---
 packages/handoff/src/index.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/handoff/src/index.ts b/packages/handoff/src/index.ts
index 98af756843864e3e9c33b1da45b090a864fce7d9..7c770475aba1a35dbc880464acc2115619c74fde 100644
--- a/packages/handoff/src/index.ts
+++ b/packages/handoff/src/index.ts
@@ -138,7 +138,7 @@ function normalizeSessionPath(sessionPath: string, sessionsRoot: string | undefi
 }
 
 function sessionPathAllowed(candidate: string, sessionsRoot: string | undefined): boolean {
-	if (!sessionsRoot) return true;
+	if (!sessionsRoot) return false; // fail closed when root unknown
 	const root = path.resolve(sessionsRoot);
 	const resolved = path.resolve(candidate);
 	return resolved === root || resolved.startsWith(`${root}${path.sep}`);
@@ -539,7 +539,7 @@ export default function (pi: ExtensionAPI) {
 				details: { cancelled: true } as const,
 			});
 
-			if (!signal || signal.aborted) {
+			if (signal?.aborted) {
 				return cancelled();
 			}