fix: safer os command execution

[rongquan1]

Summary by CodeRabbit

• Chores
  • Improved build script robustness for external command execution with uniform error handling for failures, signals, and non-zero exits.
  • Introduced a secure execution wrapper and standardized invocation for tooling calls, preserving existing timeouts and output behavior.

[coderabbitai]

Walkthrough

Replaces direct execSync calls in scripts/generate.v3.ts with a new runTradetrust helper that uses spawnSync, providing unified error handling for execution errors, signals, and non‑zero exit codes across all tradetrust command invocations.

Changes

Cohort / File(s)	Summary
Command execution refactor scripts/generate.v3.ts	Adds runTradetrust helper and secure wrapper using spawnSync; replaces six execSync usages (document-store revoke, document-store issue ×3, token-registry mint ×2) with runTradetrust; standardizes timeout, stdio inheritance, and exit/error handling.

Sequence Diagram(s)

sequenceDiagram
  participant DevScript as scripts/generate.v3.ts
  participant Helper as runTradetrust
  participant Spawn as spawnSync (node)
  participant ChildProc as External tradetrust CLI

  DevScript->>Helper: call runTradetrust(args, options)
  note right of Helper #DDFFDD: prepares args & options\n(inherit stdio, timeout)
  Helper->>Spawn: spawnSync(command, args, options)
  Spawn->>ChildProc: execute CLI
  alt child exits normally (status 0)
    Spawn-->>Helper: { status: 0, stdout, stderr }
    Helper-->>DevScript: returns result
  else non-zero exit or signal
    Spawn-->>Helper: { status: non-zero | signal, error? }
    Helper-->>DevScript: throw Error (includes code/signal and stderr)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I swapped exec for spawn with a hop and a grin,
Six commands now shelter beneath one warm skin,
Timeouts and signals I tidy and mend,
Errors reported — no mystery to send,
Hooray for a helper that hops to the end! 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description is entirely missing. According to the repository's description template, a complete description should include three sections: Summary (background), Changes (what was modified), and Issues (related issues or stories). The absence of any description means all required sections are missing, making it impossible for reviewers to quickly understand the motivation, specifics, or context of this change without reading the code directly.	The author should add a pull request description following the repository's template. The description should include a Summary explaining why safer command execution was needed, a Changes section detailing the refactoring from execSync to spawnSync with improved error handling, and an Issues section linking to any related GitHub issues or tickets. This will provide essential context for reviewers and future maintainers.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "fix: safer os command execution" directly reflects the main change in the changeset, which replaces execSync with a safer spawnSync-based helper that includes uniform error handling for external commands. The title is concise, clear, and specific enough for a developer scanning the repository history to quickly understand that this change focuses on improving the safety of OS command execution. The title accurately captures the essence of the refactoring without being vague or misleading.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/os-command-execution

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fa88251 and f1f339f.

📒 Files selected for processing (1)

• scripts/generate.v3.ts (5 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Tests / Run Tests (20.x)
• GitHub Check: Tests / Run Tests (18.x)

🔇 Additional comments (2)

scripts/generate.v3.ts (2)

4-4: LGTM: Import change aligns with safer execution.

The switch from execSync to spawnSync supports the security improvement, as spawnSync with array arguments (no shell) prevents command injection vulnerabilities.

---

123-134: LGTM: All command invocations are properly structured.

All six call sites correctly structure arguments as array elements, preventing command injection. The consistent use of the runTradetrust helper ensures uniform error handling and timeout management across all external command executions.

Also applies to: 248-259, 261-272, 274-285, 287-298, 329-342, 344-357

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

scripts/generate.v3.ts (1)

39-54: Past review comment addressed; consider enriching error messages.

The signal handling from the previous review has been correctly implemented. The error handling now covers execution errors, signal termination, and non-zero exit codes.

Based on learnings

For improved debugging, consider including the command and arguments in error messages:

 const runTradetrust = (args: string[], timeoutMs?: number) => {
   const result = spawnSync("tradetrust", args, {
     timeout: timeoutMs ?? ethereumDocumentConfig.timeout,
     stdio: "inherit",
   });
   if (result.error) {
-    throw result.error;
+    throw new Error(`Failed to execute tradetrust ${args.join(" ")}: ${result.error.message}`);
   }
   if (result.signal) {
-    throw new Error(`Command terminated by signal ${result.signal}`);
+    throw new Error(`tradetrust ${args.join(" ")} terminated by signal ${result.signal}`);
   }
   if (result.status !== 0) {
-    throw new Error(`Command failed with exit code ${result.status}`);
+    throw new Error(`tradetrust ${args.join(" ")} failed with exit code ${result.status}`);
   }
 };

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f1f339f and 64d018d.

📒 Files selected for processing (1)

• scripts/generate.v3.ts (5 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Tests / Run Tests (18.x)
• GitHub Check: Tests / Run Tests (20.x)

🔇 Additional comments (2)

scripts/generate.v3.ts (2)

4-4: LGTM: Safer alternative to execSync.

The switch to spawnSync provides better control over child process execution and more granular error handling.

---

126-137: LGTM: Secure command invocations with controlled arguments.

All invocations of runTradetrust use controlled arguments from configuration and derived merkle roots. No user input is directly passed, eliminating command injection risks.

Also applies to: 251-262, 264-275, 277-288, 290-301, 332-345, 347-360

[github-actions]

🎉 This PR is included in version 9.6.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀