fix(vscode): add path validation to ACP writeTextFile handler

[ossaidqadri]

TLDR

Fixes #2294 - Adds path validation to the ACP writeTextFile handler in the VSCode extension to prevent invalid path errors when creating new files.

Changes:

• Validate path parameter is a non-empty string before processing
• Trim whitespace from paths to handle common input errors
• Detect and reject paths containing null bytes (security improvement)
• Provide specific, actionable error messages for different error codes (EINVAL, EACCES, ENOSPC, EISDIR)
• Add comprehensive test coverage (10 new test cases)

Dive Deeper

Problem

When using ACP's writeTextFile to create a new file that doesn't exist, the operation was failing with an invalid path error. The root cause was missing input validation in the handleWriteTextFile method.

Solution

Added comprehensive path validation in packages/vscode-ide-companion/src/services/acpFileHandler.ts:

1. Type and emptiness check: Ensures path is a non-empty string
2. Whitespace trimming: Handles paths with leading/trailing whitespace
3. Null byte detection: Prevents path injection attacks via null bytes
4. Specific error handling: Different error codes get actionable messages:
   • EINVAL: Invalid path format
   • EACCES: Permission denied
   • ENOSPC: No space left on device
   • EISDIR: Target is a directory

Testing

All 16 tests pass including 10 new test cases covering:

• Empty path rejection
• Whitespace-only path rejection
• Null byte path rejection
• Path trimming behavior
• Specific error code handling

Reviewer Test Plan

1. Pull the branch and run the VSCode extension in development mode
2. Test file creation via ACP:
   • Create a new file in an existing directory
   • Create a new file in a non-existent directory (should create parent dirs)
   • Try to create a file with an empty path (should fail with clear error)
   • Try to create a file with whitespace-only path (should fail)
3. Run tests: bunx vitest run packages/vscode-ide-companion/src/services/acpFileHandler.test.ts
4. Verify build: bun run build in vscode-ide-companion package

Testing Matrix

	macOS	Windows	Linux
npm run	✅	✅	❓
npx	✅	✅	❓
Docker	❓	❓	❓

Linked issues

Fixes #2294

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

JSON.stringify(params.path) can itself throw (e.g., when params.path is a bigint), which would replace the intended validation error with a different exception. Use a non-throwing representation for the received value (e.g., String(params.path) or a safe-stringify helper that handles BigInt/circular structures) so the validation reliably throws the intended "Invalid path" error.

Suggested change

	`Invalid path: path must be a non-empty string, received ${JSON.stringify(params.path)}`,
	`Invalid path: path must be a non-empty string, received ${String(params.path)}`,

[ossaidqadri]

Review Comments Resolved ✅

All 3 Copilot review comments have been addressed:

1. JSON.stringify pitfall - Changed to String(params.path) which never throws
2. Preserve original error - Added { cause: error } to all Error constructions
3. Missing test cases - Added tests for non-string path values (number, null, undefined)

All changes have been pushed and tests pass (19/19).

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Mingholy]

LGTM!

[yiliang114]

@ossaidqadri Thank you for your contribution. It seems that there is still a small conflict. Can you help me solve it again?

[ossaidqadri]

@yiliang114 I've resolved the merge conflict by rebasing the branch on the latest upstream/main. The PR now includes:

• Path type and emptiness validation
• Whitespace trimming
• Null byte detection (security)
• Specific error handling (EINVAL, EACCES, ENOSPC, EISDIR)
• Error preservation with { cause: error }
• 16 comprehensive tests covering all edge cases

The branch is now up to date with main and should merge cleanly. Could you please try merging again?

Thanks for reviewing!

[ossaidqadri]

@yiliang114 reminder to look on this

[tanzhenxin]

We reproduced the issue and found that the "invalid path" on the Zed editor side was caused by permission check of the editor itself. It is by design, no need to fix. The other issue has been resolved in another PR already.