From 9cf698c67d6c8b37c802e6fd4ebd4ac4fbe3b4d8 Mon Sep 17 00:00:00 2001
From: Paul Trowbridge <paul@hptrow.me>
Date: Tue, 6 Jan 2026 22:09:02 -0500
Subject: [PATCH] add safety checks to deploy script
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prevent dangerous sudo rm -rf operations:
- Check that DEPLOY_DIR is not empty
- Block deployment to critical system directories (/, /usr, /etc, etc.)
- Only remove directory if it already exists
- Show message before removal for clarity

This prevents catastrophic mistakes like accidentally deploying to /
or deleting important system directories.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 deploy.sh | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/deploy.sh b/deploy.sh
index 00acfca..45adb7f 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -4,11 +4,28 @@ set -e
 # Default deployment directory
 DEPLOY_DIR="${1:-/opt/jrunner}"
 
+# Safety checks
+if [ -z "${DEPLOY_DIR}" ]; then
+    echo "Error: Deployment directory cannot be empty"
+    exit 1
+fi
+
+# Prevent deleting critical system directories
+case "${DEPLOY_DIR}" in
+    /|/bin|/boot|/dev|/etc|/lib|/lib64|/proc|/root|/run|/sbin|/sys|/usr|/var|/home)
+        echo "Error: Cannot deploy to system directory: ${DEPLOY_DIR}"
+        exit 1
+        ;;
+esac
+
 echo "Building jrunner..."
 ./gradlew build
 
 echo "Deploying to ${DEPLOY_DIR}..."
-sudo rm -rf "${DEPLOY_DIR}"
+if [ -d "${DEPLOY_DIR}" ]; then
+    echo "Removing existing deployment..."
+    sudo rm -rf "${DEPLOY_DIR}"
+fi
 sudo mkdir -p "$(dirname "${DEPLOY_DIR}")"
 sudo unzip jrunner/build/distributions/jrunner.zip -d "$(dirname "${DEPLOY_DIR}")"