# Issue #274: Sanitize agent spawn command payloads (command injection risk)

## Objective

Add input validation and sanitization to agent spawn command payloads to prevent command injection vulnerabilities in git operations.

## Security Impact

**Severity:** P0 (Critical) - Blocks production deployment
**Attack Vector:** Federated instances can inject malicious commands via branch names
**Risk:** Command injection in git operations allowing arbitrary code execution

## Vulnerability Details

### Attack Flow

1. Attacker sends federation command with malicious branch name
2. Payload passes through command service without validation
3. Branch name used directly in `git worktree add` command
4. Malicious git syntax executed on orchestrator

### Vulnerable Code

**File:** `apps/orchestrator/src/git/worktree-manager.service.ts:82`

```typescript
await git.raw(["worktree", "add", worktreePath, "-b", branchName, baseBranch]);
```

**Input Source:** Federation command payload → no validation → git command

### Attack Example

```json
{
  "commandType": "agent.spawn",
  "payload": {
    "context": {
      "branch": "feature/--config user.core.sshCommand=malicious"
    }
  }
}
```

## Approach

### 1. Add Input Validation DTOs

- Strict regex for branch names (alphanumeric + hyphens + underscores + slashes)
- Repository URL validation (https/ssh only)
- Reject dangerous characters (`;`, `$`, `` ` ``, `--`, etc.)

### 2. Create Sanitization Utility

- Whitelist-based approach
- Validate before any git operation
- Clear error messages on rejection

### 3. Apply at Multiple Layers

- DTO validation (first line of defense)
- Service-level sanitization (defense in depth)
- Git operation wrapper (last resort)

## Progress

- [ ] Create validation utility
- [ ] Update SpawnAgentDto with strict validation
- [ ] Update SpawnAgentCommandPayload type
- [ ] Add sanitization in WorktreeManagerService
- [ ] Add tests for validation
- [ ] Add tests for sanitization
- [ ] Security vulnerability FIXED
- [ ] Create PR
- [ ] Merge to develop
- [ ] Close issue #274

## Implementation Status

**IN PROGRESS** - Adding input validation and sanitization