fix(install): validate APM_LIB_DIR before rm -rf to prevent data loss (closes #1690)

[dohwi]

Summary

Adds four safety guards that run before install.sh deletes APM_LIB_DIR, fix the broken Quickstart Installation link, and document the new requirements. 32 pytest regression tests included.

Problem

install.sh exposes APM_LIB_DIR as an environment override and unconditionally runs rm -rf "$APM_LIB_DIR". A user who set APM_LIB_DIR=$HOME/.local/share while installing to $HOME/.local/bin lost unrelated application data (Atuin's local history DB). The Quickstart's Installation link is also a 404: ./getting-started/installation/ resolves to /apm/quickstart/getting-started/installation/ instead of /apm/getting-started/installation/.

Closes #1690.

Approach

Four guards, ordered so the cheapest checks fire first:

Guard	Check	rc	Failure example
1. Absolute path	Must start with /	11	./apm
2. Suffix	Must end with /apm or /lib/apm	12	$HOME/.local/share (the reported incident)
3. Blocklist	Must not be an exact match for a shared system directory (resolved via readlink -f/realpath to catch symlinks)	13	$HOME, /usr, /opt, /tmp, /
4. Marker file	If the directory exists and is non-empty, at least one of apm/apm.cmd/VERSION/.apm-installed must be present	14	non-empty dir with random files

The blocklist checks for exact path matches only (resolved). A path like $HOME/apm is allowed because the user has explicitly named an APM-specific directory. Suffix guard is the primary defence against accidentally broad paths.

Implementation

• install.sh: Extracted guards into apm_lib_dir_validate() with INSTALL_SAFETY_BEGIN/INSTALL_SAFETY_END sentinel markers so tests can source the function without running the full installer.
• tests/unit/install/test_install_safety.py: 32 regression tests that source the extracted function in a fresh bash subprocess. No Python build dependencies needed — conftest.py shadows the autouse fixtures from tests/conftest.py.
• Docs: Fixed the Quickstart link and documented APM_LIB_DIR requirements in the installation page table and troubleshooting section.

Trade-offs

• Blocklist is exact-match: /home/user/apm passes (suffix guard alone). A prefix-blocklist (e.g., "any child of $HOME") would accidentally reject $HOME/.local/lib/apm, which is the documented safe path. Future hardening could add a separate prefix blacklist.
• macOS readlink: BSD readlink lacks -f. Falls back to realpath, then raw path. Suffix guard still blocks the reported incident on macOS regardless.

How to test

# Run the regression suite
python3 -m pytest tests/unit/install/test_install_safety.py -v

# Manual: the reported command should now fail safely (in a sandbox, no sudo)
bash -c '
  source <(sed -n "/^# INSTALL_SAFETY_BEGIN/,/^# INSTALL_SAFETY_END/p" install.sh)
  apm_lib_dir_validate "$HOME/.local/share" && echo "PASS" || echo "BLOCKED (rc=$?)"
'

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a safety validation layer for APM_LIB_DIR in install.sh to prevent destructive deletes on broad/shared directories (regression for issue #1690), plus a pytest-based harness that sources the exact shell function for verification and updates docs to reflect the new constraints.

Changes:

• Added apm_lib_dir_validate() in install.sh with 4 guards (absolute path, suffix, blocklist, marker-file) and a refusal flow on unsafe paths.
• Added pytest regression tests that extract and execute the sentinel-bounded validator block directly from install.sh, plus a local conftest.py to avoid unrelated autouse fixtures.
• Updated installation docs/quickstart to document/point to the safety constraints.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
tests/unit/install/test_install_safety.py	New regression tests that source the exact install.sh validator block and assert return codes for safety cases.
tests/unit/install/conftest.py	Overrides unrelated autouse fixtures to keep shell-script safety tests independent of Python CLI setup.
install.sh	Introduces APM_LIB_DIR validation function (sentinel-bounded for tests) and refusal messaging prior to rm -rf.
docs/src/content/docs/quickstart.mdx	Updates the “Installation” link target.
docs/src/content/docs/getting-started/installation.md	Documents APM_LIB_DIR safety validation behavior and adds an “Important” callout.

[dohwi]

Addressed in afa54c4 — removed local, fixed _rc capture, added begin sentinel assertion, switched to pytest.main().

[dohwi]

Addressed in afa54c4 — removed local, fixed _rc capture, added begin sentinel assertion, switched to pytest.main().

[dohwi]

Addressed in afa54c4 — removed local, fixed _rc capture, added begin sentinel assertion, switched to pytest.main().

[dohwi]

Addressed in afa54c4 — removed local, fixed _rc capture, added begin sentinel assertion, switched to pytest.main().

[dohwi]

Addressed in afa54c4 — removed local, fixed _rc capture, added begin sentinel assertion, switched to pytest.main().

[danielmeppiel]

Shepherd-driver advisory

Panel stance: ship_with_followups. In-scope follow-ups were folded into this PR; no out-of-scope deferrals remain.

Folded in this run

• (panel) User-local installs now create the derived lib parent before choosing sudo, so APM_INSTALL_DIR=$HOME/.local/bin uses $HOME/.local/lib/apm without a password prompt when $HOME/.local is writable -- resolved in d9d166e.
• (panel) Installer writes .apm-installed after copying the bundle and rechecks APM_LIB_DIR immediately before removal -- resolved in d9d166e.
• (panel) Docs now explain the prior-install marker guard and user-local no-sudo path -- resolved in d9d166e.
• (panel) Added fallback coverage for apm_prepare_lib_parent returning 1 when parent creation is not writable, and aligned /apm suffix wording -- resolved in 18f221d.

Copilot signals reviewed

• Copilot posted a summary review and no inline comments; no Copilot fold items were open.

Regression-trap evidence (mutation-break gate)

• tests/unit/install/test_install_safety.py::TestUserLocalInstall::test_prepare_parent_creates_missing_user_local_lib_without_sudo -- removed parent creation from apm_prepare_lib_parent; test FAILED as expected; guard restored.
• tests/unit/install/test_install_safety.py::TestUserLocalInstall::test_prepare_parent_falls_back_when_parent_unwritable -- changed the helper failure return to success; test FAILED as expected; guard restored.

Lint and local validation

• uv run --extra dev pytest tests/unit/install/test_install_safety.py -q: 43 passed.
• uv run --extra dev ruff check src/ tests/: silent success.
• uv run --extra dev ruff format --check src/ tests/: silent success.
• uv run --extra dev python -m pylint --disable=all --enable=R0801 --min-similarity-lines=10 --fail-on=R0801 src/apm_cli/: 10.00/10.
• bash scripts/lint-auth-signals.sh: clean.
• shellcheck install.sh and bash -n install.sh: clean.

CI

gh pr checks 1694 --repo microsoft/apm --watch observed license/cla still queued after the watch window; no failing checks were reported, but CI is not green yet.

Mergeability status

PR	head SHA	ship recommendation	iters	folds	defers	Copilot rounds	CI	mergeable	mergeStateStatus	notes
#1694	18f221d	ship_with_followups	2	4	0	1	yellow	MERGEABLE	BLOCKED	waiting on license/cla

Ready for maintainer review once the pending CLA/status check resolves.

[dohwi]

@microsoft-github-policy-service agree

[danielmeppiel]

APM Review Panel: ship_now

The installer data-loss fix now validates APM_LIB_DIR before any destructive delete, has regression coverage for the reported incident, and keeps the new safety output/docs aligned with repo conventions.

cc @dohwi @sergio-sisternes-epam -- a fresh advisory pass is ready for your review.

The panel weighed this as a security-sensitive installer change. Supply-chain and test-coverage signals converged on the important point: the guard runs before rm -rf, broad/shared paths are rejected, non-empty non-APM directories are refused, and the exact issue #1690 reproduction is covered by tests. CLI/output and docs review surfaced two in-scope polish items, both folded in this shepherd pass.

Aligned with: secure by default: fail closed before deleting installer state; pragmatic as npm: user-local installs still work without sudo; oss community driven: the contributor fix is preserved and hardened in place.

Panel summary

Persona	B	R	N	Takeaway
Python Architect	0	0	0	Shell guard extraction is narrow and testable; no architecture concern remains.
CLI Logging Expert	0	1	0	New refusal output now uses printable ASCII instead of box-drawing glyphs.
DevX UX Expert	0	0	0	Safe paths still work and failures are actionable.
Supply Chain Security Expert	0	0	0	The destructive path is guarded before deletion with regression coverage.
OSS Growth Hacker	0	0	0	The quickstart link and install safety docs protect the first-run funnel.
Doc Writer	0	1	0	The troubleshooting callout now avoids repeating the env-var table.
Test Coverage Expert	0	0	0	43 installer safety tests passed, including broad-path and marker-file traps.

B = blocking-severity findings, R = recommended, N = nits.
Counts are signal strength, not gates. The maintainer ships.

Top follow-ups

None. The in-scope follow-ups surfaced by the panel were folded in this pass.

Folded in this run

• (panel) Replaced new installer box-drawing refusal output with printable ASCII and converted the existing banner to match -- resolved in 4383c2c4.
• (panel) Trimmed duplicate APM_LIB_DIR troubleshooting prose and kept the callout focused on marker-file/no-sudo behavior -- resolved in 4383c2c4.

Copilot signals reviewed

• No inline copilot-pull-request-reviewer[bot] comments were present on the latest diff after shepherd re-fetch.

Regression-trap evidence (mutation-break gate)

• tests/unit/install/test_install_safety.py::TestReportedIncident::test_reproduces_reported_issue -- deleted the suffix guard from apm_lib_dir_validate; test FAILED as expected (assert 13 == 12); guard restored.

Lint contract

uv run --extra dev ruff check src/ tests/ and uv run --extra dev ruff format --check src/ tests/ both passed before push.

CI

gh pr checks 1694 --repo microsoft/apm reports 13 successful, 1 skipped, 0 failing, 0 pending checks on 4383c2c4 after 1 CI approval/recovery iteration.

Mergeability status

Captured from gh pr view 1694 --json mergeable,mergeStateStatus,statusCheckRollup immediately after the last push of this run.

PR	head SHA	CEO stance	iters	folds	defers	Copilot rounds	CI	mergeable	mergeStateStatus	notes
#1694	4383c2c	ship_now	1	2	0	2	green	MERGEABLE	BLOCKED	pending required review

Convergence

1 outer iteration; 2 Copilot fetch rounds. Final panel stance: ship_now.

Ready for maintainer review.

---

_{This panel is advisory. It does not block merge. Re-apply the panel-review label after addressing feedback to re-run.}