From b35f2638b5dc8b51d984e084772dc315d74018a3 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Mon, 29 Dec 2025 18:15:48 +0200
Subject: [PATCH 01/14] feat(desktop): add Workbench/Review mode with
 FileViewer panes

Introduces a workspace-level view mode toggle allowing users to switch between:
- **Workbench mode**: Mosaic panes layout with terminals + file viewers for in-flow work
- **Review mode**: Dedicated Changes page for focused code review

Key changes:
- Add ViewModeToggle component in workspace header (prominent segmented control)
- Add FileViewerPane with Raw/Rendered/Diff modes, lock/unlock, and split support
- Add GroupStrip for group switching above Mosaic content
- Unify sidebar to use full ChangesView in both modes (with onFileOpen callback)
- Add workspace-view-mode store with per-workspace persistence
- Add readWorkingFile tRPC procedure for safe file reads (size/binary checks)
- Wire file clicks to open/reuse FileViewer panes (MRU unlocked policy)
- Cmd+T in Review mode switches to Workbench first, then creates terminal
---
 .../lib/trpc/routers/changes/file-contents.ts | 133 ++++-
 .../TabsContent/GroupStrip/GroupStrip.tsx     | 151 +++++
 .../TabsContent/GroupStrip/index.ts           |   1 +
 .../TabView/FileViewerPane/FileViewerPane.tsx | 537 ++++++++++++++++++
 .../TabView/FileViewerPane/index.ts           |   1 +
 .../ContentView/TabsContent/TabView/index.tsx |  25 +
 .../ContentView/TabsContent/index.tsx         |  10 +-
 .../WorkspaceView/ContentView/index.tsx       |  17 +-
 .../Sidebar/ChangesView/ChangesView.tsx       |  15 +-
 .../WorkspaceView/Sidebar/index.tsx           |  49 +-
 .../WorkspaceActionBar/WorkspaceActionBar.tsx |   8 +-
 .../ViewModeToggle/ViewModeToggle.tsx         |  55 ++
 .../components/ViewModeToggle/index.ts        |   1 +
 .../main/components/WorkspaceView/index.tsx   |  18 +-
 apps/desktop/src/renderer/stores/index.ts     |   1 +
 .../desktop/src/renderer/stores/tabs/store.ts | 109 +++-
 .../desktop/src/renderer/stores/tabs/types.ts |  15 +
 .../desktop/src/renderer/stores/tabs/utils.ts |  61 ++
 .../renderer/stores/workspace-view-mode.ts    |  56 ++
 apps/desktop/src/shared/tabs-types.ts         |  35 +-
 20 files changed, 1267 insertions(+), 31 deletions(-)
 create mode 100644 apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
 create mode 100644 apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/index.ts
 create mode 100644 apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
 create mode 100644 apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/index.ts
 create mode 100644 apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/ViewModeToggle.tsx
 create mode 100644 apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/index.ts
 create mode 100644 apps/desktop/src/renderer/stores/workspace-view-mode.ts

diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index 8af04dd68e4..29f035a058f 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -1,11 +1,78 @@
-import { readFile, writeFile } from "node:fs/promises";
-import { join } from "node:path";
+import { lstat, readFile, realpath, writeFile } from "node:fs/promises";
+import { isAbsolute, join, normalize, relative } from "node:path";
 import type { FileContents } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
 import { detectLanguage } from "./utils/parse-status";
 
+/** Maximum file size for reading (2 MiB) */
+const MAX_FILE_SIZE = 2 * 1024 * 1024;
+
+/** Bytes to scan for binary detection */
+const BINARY_CHECK_SIZE = 8192;
+
+/**
+ * Result type for readWorkingFile procedure
+ */
+type ReadWorkingFileResult =
+	| { ok: true; content: string; truncated: boolean; byteLength: number }
+	| {
+			ok: false;
+			reason: "not-found" | "too-large" | "binary" | "outside-worktree";
+	  };
+
+/**
+ * Validates that a file path is within the worktree and doesn't escape via symlinks
+ */
+async function validatePathInWorktree(
+	worktreePath: string,
+	filePath: string,
+): Promise<{ valid: boolean; resolvedPath?: string; reason?: string }> {
+	// Reject absolute paths
+	if (isAbsolute(filePath)) {
+		return { valid: false, reason: "outside-worktree" };
+	}
+
+	// Normalize and check for traversal
+	const normalizedPath = normalize(filePath);
+	if (normalizedPath.startsWith("..") || normalizedPath.includes("/../")) {
+		return { valid: false, reason: "outside-worktree" };
+	}
+
+	const fullPath = join(worktreePath, normalizedPath);
+
+	// Resolve symlinks and verify the real path is still within worktree
+	try {
+		const realWorktreePath = await realpath(worktreePath);
+		const realFilePath = await realpath(fullPath);
+		const relativePath = relative(realWorktreePath, realFilePath);
+
+		// If relative path starts with "..", the file is outside worktree
+		if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+			return { valid: false, reason: "outside-worktree" };
+		}
+
+		return { valid: true, resolvedPath: realFilePath };
+	} catch {
+		// File doesn't exist
+		return { valid: false, reason: "not-found" };
+	}
+}
+
+/**
+ * Detects if a buffer contains binary content by checking for NUL bytes
+ */
+function isBinaryContent(buffer: Buffer): boolean {
+	const checkLength = Math.min(buffer.length, BINARY_CHECK_SIZE);
+	for (let i = 0; i < checkLength; i++) {
+		if (buffer[i] === 0) {
+			return true;
+		}
+	}
+	return false;
+}
+
 export const createFileContentsRouter = () => {
 	return router({
 		getFileContents: publicProcedure
@@ -54,6 +121,68 @@ export const createFileContentsRouter = () => {
 				await writeFile(fullPath, input.content, "utf-8");
 				return { success: true };
 			}),
+
+		/**
+		 * Read a working tree file safely with size cap and binary detection.
+		 * Used for File Viewer raw/rendered modes.
+		 * Follows DL-005 (path validation) and DL-008 (size/binary policy).
+		 */
+		readWorkingFile: publicProcedure
+			.input(
+				z.object({
+					worktreePath: z.string(),
+					filePath: z.string(),
+				}),
+			)
+			.query(async ({ input }): Promise<ReadWorkingFileResult> => {
+				// Validate path is within worktree
+				const validation = await validatePathInWorktree(
+					input.worktreePath,
+					input.filePath,
+				);
+
+				if (!validation.valid || !validation.resolvedPath) {
+					return {
+						ok: false,
+						reason: (validation.reason ?? "not-found") as
+							| "not-found"
+							| "outside-worktree",
+					};
+				}
+
+				const resolvedPath = validation.resolvedPath;
+
+				// Check file size
+				try {
+					const stats = await lstat(resolvedPath);
+					if (stats.size > MAX_FILE_SIZE) {
+						return { ok: false, reason: "too-large" };
+					}
+				} catch {
+					return { ok: false, reason: "not-found" };
+				}
+
+				// Read file content
+				let buffer: Buffer;
+				try {
+					buffer = await readFile(resolvedPath);
+				} catch {
+					return { ok: false, reason: "not-found" };
+				}
+
+				// Check for binary content
+				if (isBinaryContent(buffer)) {
+					return { ok: false, reason: "binary" };
+				}
+
+				// Return content as string
+				return {
+					ok: true,
+					content: buffer.toString("utf-8"),
+					truncated: false,
+					byteLength: buffer.length,
+				};
+			}),
 	});
 };
 
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
new file mode 100644
index 00000000000..e4aa4e47352
--- /dev/null
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
@@ -0,0 +1,151 @@
+import { Button } from "@superset/ui/button";
+import { Tooltip, TooltipContent, TooltipTrigger } from "@superset/ui/tooltip";
+import { useMemo } from "react";
+import { HiMiniPlus, HiMiniXMark } from "react-icons/hi2";
+import { trpc } from "renderer/lib/trpc";
+import { useTabsStore } from "renderer/stores/tabs/store";
+import type { Tab } from "renderer/stores/tabs/types";
+import { getTabDisplayName } from "renderer/stores/tabs/utils";
+
+interface GroupItemProps {
+	tab: Tab;
+	isActive: boolean;
+	needsAttention: boolean;
+	onSelect: () => void;
+	onClose: () => void;
+}
+
+function GroupItem({
+	tab,
+	isActive,
+	needsAttention,
+	onSelect,
+	onClose,
+}: GroupItemProps) {
+	const displayName = getTabDisplayName(tab);
+
+	return (
+		<div className="relative group flex items-center">
+			<Tooltip>
+				<TooltipTrigger asChild>
+					<button
+						type="button"
+						onClick={onSelect}
+						className={`
+							px-3 py-1 text-xs rounded-md transition-colors flex items-center gap-1.5 max-w-[120px]
+							${isActive ? "bg-accent text-accent-foreground" : "hover:bg-muted text-muted-foreground hover:text-foreground"}
+						`}
+					>
+						<span className="truncate">{displayName}</span>
+						{needsAttention && (
+							<span className="relative flex size-1.5 shrink-0">
+								<span className="absolute inline-flex h-full w-full animate-ping rounded-full bg-red-400 opacity-75" />
+								<span className="relative inline-flex size-1.5 rounded-full bg-red-500" />
+							</span>
+						)}
+					</button>
+				</TooltipTrigger>
+				<TooltipContent side="bottom" sideOffset={4}>
+					{displayName}
+				</TooltipContent>
+			</Tooltip>
+			<button
+				type="button"
+				onClick={(e) => {
+					e.stopPropagation();
+					onClose();
+				}}
+				className="absolute -right-1 -top-1 p-0.5 rounded-full bg-muted opacity-0 group-hover:opacity-100 transition-opacity hover:bg-destructive hover:text-destructive-foreground"
+			>
+				<HiMiniXMark className="size-2.5" />
+			</button>
+		</div>
+	);
+}
+
+export function GroupStrip() {
+	const { data: activeWorkspace } = trpc.workspaces.getActive.useQuery();
+	const activeWorkspaceId = activeWorkspace?.id;
+
+	const allTabs = useTabsStore((s) => s.tabs);
+	const panes = useTabsStore((s) => s.panes);
+	const activeTabIds = useTabsStore((s) => s.activeTabIds);
+	const addTab = useTabsStore((s) => s.addTab);
+	const removeTab = useTabsStore((s) => s.removeTab);
+	const setActiveTab = useTabsStore((s) => s.setActiveTab);
+
+	const tabs = useMemo(
+		() =>
+			activeWorkspaceId
+				? allTabs.filter((tab) => tab.workspaceId === activeWorkspaceId)
+				: [],
+		[activeWorkspaceId, allTabs],
+	);
+
+	const activeTabId = activeWorkspaceId
+		? activeTabIds[activeWorkspaceId]
+		: null;
+
+	// Check which tabs have panes that need attention
+	const tabsWithAttention = useMemo(() => {
+		const result = new Set<string>();
+		for (const pane of Object.values(panes)) {
+			if (pane.needsAttention) {
+				result.add(pane.tabId);
+			}
+		}
+		return result;
+	}, [panes]);
+
+	const handleAddGroup = () => {
+		if (activeWorkspaceId) {
+			addTab(activeWorkspaceId);
+		}
+	};
+
+	const handleSelectGroup = (tabId: string) => {
+		if (activeWorkspaceId) {
+			setActiveTab(activeWorkspaceId, tabId);
+		}
+	};
+
+	const handleCloseGroup = (tabId: string) => {
+		removeTab(tabId);
+	};
+
+	if (tabs.length === 0) {
+		return null;
+	}
+
+	return (
+		<div className="flex items-center gap-1 px-2 py-1 border-b border-border bg-background shrink-0">
+			<div className="flex items-center gap-1 overflow-x-auto scrollbar-none">
+				{tabs.map((tab) => (
+					<GroupItem
+						key={tab.id}
+						tab={tab}
+						isActive={tab.id === activeTabId}
+						needsAttention={tabsWithAttention.has(tab.id)}
+						onSelect={() => handleSelectGroup(tab.id)}
+						onClose={() => handleCloseGroup(tab.id)}
+					/>
+				))}
+			</div>
+			<Tooltip>
+				<TooltipTrigger asChild>
+					<Button
+						variant="ghost"
+						size="icon"
+						className="size-6 shrink-0"
+						onClick={handleAddGroup}
+					>
+						<HiMiniPlus className="size-3.5" />
+					</Button>
+				</TooltipTrigger>
+				<TooltipContent side="bottom" sideOffset={4}>
+					New Group
+				</TooltipContent>
+			</Tooltip>
+		</div>
+	);
+}
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/index.ts b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/index.ts
new file mode 100644
index 00000000000..e905a6c8bad
--- /dev/null
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/index.ts
@@ -0,0 +1 @@
+export { GroupStrip } from "./GroupStrip";
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
new file mode 100644
index 00000000000..a9dac12d7a5
--- /dev/null
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
@@ -0,0 +1,537 @@
+import Editor, { type OnMount } from "@monaco-editor/react";
+import { Badge } from "@superset/ui/badge";
+import { ToggleGroup, ToggleGroupItem } from "@superset/ui/toggle-group";
+import { Tooltip, TooltipContent, TooltipTrigger } from "@superset/ui/tooltip";
+import type * as Monaco from "monaco-editor";
+import { useCallback, useEffect, useRef, useState } from "react";
+import {
+	HiMiniLockClosed,
+	HiMiniLockOpen,
+	HiMiniPencil,
+	HiMiniXMark,
+} from "react-icons/hi2";
+import { LuLoader } from "react-icons/lu";
+import { TbLayoutColumns, TbLayoutRows } from "react-icons/tb";
+import type { MosaicBranch } from "react-mosaic-component";
+import { MosaicWindow } from "react-mosaic-component";
+import { MarkdownRenderer } from "renderer/components/MarkdownRenderer";
+import {
+	monaco,
+	SUPERSET_THEME,
+	useMonacoReady,
+} from "renderer/contexts/MonacoProvider";
+import { trpc } from "renderer/lib/trpc";
+import { useTabsStore } from "renderer/stores/tabs/store";
+import type { Pane } from "renderer/stores/tabs/types";
+import type { FileViewerMode } from "shared/tabs-types";
+import { DiffViewer } from "../../../ChangesContent/components/DiffViewer";
+
+type SplitOrientation = "vertical" | "horizontal";
+
+/** Client-side language detection for Monaco editor */
+function detectLanguage(filePath: string): string {
+	const ext = filePath.split(".").pop()?.toLowerCase() ?? "";
+	const languageMap: Record<string, string> = {
+		ts: "typescript",
+		tsx: "typescript",
+		js: "javascript",
+		jsx: "javascript",
+		mjs: "javascript",
+		cjs: "javascript",
+		json: "json",
+		md: "markdown",
+		mdx: "markdown",
+		css: "css",
+		scss: "scss",
+		less: "less",
+		html: "html",
+		xml: "xml",
+		yaml: "yaml",
+		yml: "yaml",
+		py: "python",
+		rs: "rust",
+		go: "go",
+		java: "java",
+		kt: "kotlin",
+		swift: "swift",
+		c: "c",
+		cpp: "cpp",
+		h: "c",
+		hpp: "cpp",
+		sh: "shell",
+		bash: "shell",
+		zsh: "shell",
+		sql: "sql",
+		graphql: "graphql",
+		gql: "graphql",
+	};
+	return languageMap[ext] ?? "plaintext";
+}
+
+interface FileViewerPaneProps {
+	paneId: string;
+	path: MosaicBranch[];
+	pane: Pane;
+	isActive: boolean;
+	tabId: string;
+	worktreePath: string;
+	splitPaneAuto: (
+		tabId: string,
+		sourcePaneId: string,
+		dimensions: { width: number; height: number },
+		path?: MosaicBranch[],
+	) => void;
+	removePane: (paneId: string) => void;
+	setFocusedPane: (tabId: string, paneId: string) => void;
+}
+
+export function FileViewerPane({
+	paneId,
+	path,
+	pane,
+	isActive,
+	tabId,
+	worktreePath,
+	splitPaneAuto,
+	removePane,
+	setFocusedPane,
+}: FileViewerPaneProps) {
+	const containerRef = useRef<HTMLDivElement>(null);
+	const [splitOrientation, setSplitOrientation] =
+		useState<SplitOrientation>("vertical");
+	const isMonacoReady = useMonacoReady();
+	const editorRef = useRef<Monaco.editor.IStandaloneCodeEditor | null>(null);
+	const [isDirty, setIsDirty] = useState(false);
+	const originalContentRef = useRef<string>("");
+	const utils = trpc.useUtils();
+
+	// Track container dimensions for auto-split orientation
+	useEffect(() => {
+		const container = containerRef.current;
+		if (!container) return;
+
+		const updateOrientation = () => {
+			const { width, height } = container.getBoundingClientRect();
+			setSplitOrientation(width >= height ? "vertical" : "horizontal");
+		};
+
+		updateOrientation();
+
+		const resizeObserver = new ResizeObserver(updateOrientation);
+		resizeObserver.observe(container);
+
+		return () => {
+			resizeObserver.disconnect();
+		};
+	}, []);
+
+	const fileViewer = pane.fileViewer;
+
+	// Extract values with defaults for hooks (hooks must be called unconditionally)
+	const filePath = fileViewer?.filePath ?? "";
+	const viewMode = fileViewer?.viewMode ?? "raw";
+	const isLocked = fileViewer?.isLocked ?? false;
+	const diffCategory = fileViewer?.diffCategory;
+	const commitHash = fileViewer?.commitHash;
+	const oldPath = fileViewer?.oldPath;
+
+	// Save mutation
+	const saveFileMutation = trpc.changes.saveFile.useMutation({
+		onSuccess: () => {
+			setIsDirty(false);
+			// Update original content to current content after save
+			if (editorRef.current) {
+				originalContentRef.current = editorRef.current.getValue();
+			}
+			// Invalidate queries to refresh data
+			utils.changes.readWorkingFile.invalidate();
+			utils.changes.getFileContents.invalidate();
+			utils.changes.getStatus.invalidate();
+		},
+	});
+
+	// Save handler for raw mode editor
+	const handleSaveRaw = useCallback(() => {
+		if (!editorRef.current || !filePath) return;
+		saveFileMutation.mutate({
+			worktreePath,
+			filePath,
+			content: editorRef.current.getValue(),
+		});
+	}, [worktreePath, filePath, saveFileMutation]);
+
+	// Save handler for diff mode
+	const handleSaveDiff = useCallback(
+		(content: string) => {
+			if (!filePath) return;
+			saveFileMutation.mutate({
+				worktreePath,
+				filePath,
+				content,
+			});
+		},
+		[worktreePath, filePath, saveFileMutation],
+	);
+
+	// Editor mount handler - set up Cmd+S keybinding
+	const handleEditorMount: OnMount = useCallback(
+		(editor) => {
+			editorRef.current = editor;
+			// Store original content for dirty tracking
+			originalContentRef.current = editor.getValue();
+
+			// Register save action with Cmd+S / Ctrl+S
+			editor.addAction({
+				id: "save-file",
+				label: "Save File",
+				keybindings: [monaco.KeyMod.CtrlCmd | monaco.KeyCode.KeyS],
+				run: () => {
+					handleSaveRaw();
+				},
+			});
+		},
+		[handleSaveRaw],
+	);
+
+	// Track content changes for dirty state
+	const handleEditorChange = useCallback((value: string | undefined) => {
+		if (value !== undefined) {
+			setIsDirty(value !== originalContentRef.current);
+		}
+	}, []);
+
+	// Reset dirty state when file changes
+	// biome-ignore lint/correctness/useExhaustiveDependencies: Reset on file change only
+	useEffect(() => {
+		setIsDirty(false);
+		originalContentRef.current = "";
+	}, [filePath]);
+
+	// Fetch raw file content - always call hook, use enabled to control fetching
+	const { data: rawFileData, isLoading: isLoadingRaw } =
+		trpc.changes.readWorkingFile.useQuery(
+			{ worktreePath, filePath },
+			{ enabled: !!fileViewer && viewMode !== "diff" && !!filePath },
+		);
+
+	// Fetch diff content - always call hook, use enabled to control fetching
+	const { data: diffData, isLoading: isLoadingDiff } =
+		trpc.changes.getFileContents.useQuery(
+			{
+				worktreePath,
+				filePath,
+				oldPath,
+				category: diffCategory ?? "unstaged",
+				commitHash,
+			},
+			{
+				enabled:
+					!!fileViewer && viewMode === "diff" && !!diffCategory && !!filePath,
+			},
+		);
+
+	// Early return AFTER hooks
+	if (!fileViewer) {
+		return (
+			<MosaicWindow<string> path={path} title="">
+				<div className="flex items-center justify-center h-full text-muted-foreground">
+					No file viewer state
+				</div>
+			</MosaicWindow>
+		);
+	}
+
+	const handleFocus = () => {
+		setFocusedPane(tabId, paneId);
+	};
+
+	const handleClosePane = (e: React.MouseEvent) => {
+		e.stopPropagation();
+		removePane(paneId);
+	};
+
+	const handleSplitPane = (e: React.MouseEvent) => {
+		e.stopPropagation();
+		const container = containerRef.current;
+		if (!container) return;
+
+		const { width, height } = container.getBoundingClientRect();
+		splitPaneAuto(tabId, paneId, { width, height }, path);
+	};
+
+	const handleToggleLock = () => {
+		// Update the pane's lock state in the store
+		const panes = useTabsStore.getState().panes;
+		const currentPane = panes[paneId];
+		if (currentPane?.fileViewer) {
+			useTabsStore.setState({
+				panes: {
+					...panes,
+					[paneId]: {
+						...currentPane,
+						fileViewer: {
+							...currentPane.fileViewer,
+							isLocked: !currentPane.fileViewer.isLocked,
+						},
+					},
+				},
+			});
+		}
+	};
+
+	const handleViewModeChange = (value: string) => {
+		if (!value) return;
+		const newMode = value as FileViewerMode;
+
+		// Update the pane's view mode in the store
+		const panes = useTabsStore.getState().panes;
+		const currentPane = panes[paneId];
+		if (currentPane?.fileViewer) {
+			useTabsStore.setState({
+				panes: {
+					...panes,
+					[paneId]: {
+						...currentPane,
+						fileViewer: {
+							...currentPane.fileViewer,
+							viewMode: newMode,
+						},
+					},
+				},
+			});
+		}
+	};
+
+	const fileName = filePath.split("/").pop() || filePath;
+
+	// Render content based on view mode
+	const renderContent = () => {
+		if (viewMode === "diff") {
+			if (isLoadingDiff) {
+				return (
+					<div className="flex items-center justify-center h-full text-muted-foreground">
+						Loading diff...
+					</div>
+				);
+			}
+			if (!diffData) {
+				return (
+					<div className="flex items-center justify-center h-full text-muted-foreground">
+						No diff available
+					</div>
+				);
+			}
+			return (
+				<DiffViewer
+					contents={{
+						original: diffData.original,
+						modified: diffData.modified,
+						language: diffData.language,
+					}}
+					viewMode="inline"
+					filePath={filePath}
+					editable
+					onSave={handleSaveDiff}
+				/>
+			);
+		}
+
+		if (isLoadingRaw) {
+			return (
+				<div className="flex items-center justify-center h-full text-muted-foreground">
+					Loading...
+				</div>
+			);
+		}
+
+		if (!rawFileData?.ok) {
+			const errorMessage =
+				rawFileData?.reason === "too-large"
+					? "File is too large to preview"
+					: rawFileData?.reason === "binary"
+						? "Binary file preview not supported"
+						: rawFileData?.reason === "outside-worktree"
+							? "File is outside worktree"
+							: "File not found";
+			return (
+				<div className="flex items-center justify-center h-full text-muted-foreground">
+					{errorMessage}
+				</div>
+			);
+		}
+
+		if (viewMode === "rendered") {
+			return (
+				<div className="p-4 overflow-auto h-full">
+					<MarkdownRenderer content={rawFileData.content} />
+				</div>
+			);
+		}
+
+		// Raw mode - editable Monaco editor
+		if (!isMonacoReady) {
+			return (
+				<div className="flex items-center justify-center h-full text-muted-foreground">
+					<LuLoader className="w-4 h-4 animate-spin mr-2" />
+					<span>Loading editor...</span>
+				</div>
+			);
+		}
+
+		return (
+			<Editor
+				height="100%"
+				language={detectLanguage(filePath)}
+				value={rawFileData.content}
+				theme={SUPERSET_THEME}
+				onMount={handleEditorMount}
+				onChange={handleEditorChange}
+				loading={
+					<div className="flex items-center justify-center h-full text-muted-foreground">
+						<LuLoader className="w-4 h-4 animate-spin mr-2" />
+						<span>Loading editor...</span>
+					</div>
+				}
+				options={{
+					minimap: { enabled: false },
+					scrollBeyondLastLine: false,
+					wordWrap: "on",
+					fontSize: 13,
+					lineHeight: 20,
+					fontFamily:
+						"ui-monospace, SFMono-Regular, SF Mono, Menlo, Consolas, Liberation Mono, monospace",
+					padding: { top: 8, bottom: 8 },
+					scrollbar: {
+						verticalScrollbarSize: 8,
+						horizontalScrollbarSize: 8,
+					},
+				}}
+			/>
+		);
+	};
+
+	// Determine which view modes are available
+	const isMarkdown = filePath.endsWith(".md") || filePath.endsWith(".markdown");
+	const hasDiff = !!diffCategory;
+
+	const splitIcon =
+		splitOrientation === "vertical" ? (
+			<TbLayoutColumns className="size-4" />
+		) : (
+			<TbLayoutRows className="size-4" />
+		);
+
+	// Show editable badge for raw and diff modes (not rendered)
+	const showEditableBadge = viewMode !== "rendered";
+	const isSaving = saveFileMutation.isPending;
+
+	return (
+		<MosaicWindow<string>
+			path={path}
+			title=""
+			renderToolbar={() => (
+				<div className="flex h-full w-full items-center justify-between px-2">
+					<div className="flex min-w-0 items-center gap-2">
+						<span className="truncate text-xs font-medium">
+							{isDirty && <span className="text-amber-500 mr-1">●</span>}
+							{fileName}
+						</span>
+						{showEditableBadge && (
+							<Badge variant="secondary" className="gap-1 text-[10px] h-4 px-1">
+								<HiMiniPencil className="w-2.5 h-2.5" />
+								{isSaving ? "Saving..." : "⌘S"}
+							</Badge>
+						)}
+					</div>
+					<div className="flex items-center gap-1">
+						<ToggleGroup
+							type="single"
+							value={viewMode}
+							onValueChange={handleViewModeChange}
+							size="sm"
+							className="h-5"
+						>
+							{isMarkdown && (
+								<ToggleGroupItem
+									value="rendered"
+									className="h-5 px-1.5 text-[10px]"
+								>
+									Rendered
+								</ToggleGroupItem>
+							)}
+							<ToggleGroupItem value="raw" className="h-5 px-1.5 text-[10px]">
+								Raw
+							</ToggleGroupItem>
+							{hasDiff && (
+								<ToggleGroupItem
+									value="diff"
+									className="h-5 px-1.5 text-[10px]"
+								>
+									Diff
+								</ToggleGroupItem>
+							)}
+						</ToggleGroup>
+						<Tooltip>
+							<TooltipTrigger asChild>
+								<button
+									type="button"
+									onClick={handleSplitPane}
+									className="rounded p-1 text-muted-foreground transition-colors hover:bg-muted-foreground/20 hover:text-foreground"
+								>
+									{splitIcon}
+								</button>
+							</TooltipTrigger>
+							<TooltipContent side="bottom" showArrow={false}>
+								Split pane
+							</TooltipContent>
+						</Tooltip>
+						<Tooltip>
+							<TooltipTrigger asChild>
+								<button
+									type="button"
+									onClick={handleToggleLock}
+									className="rounded p-1 text-muted-foreground transition-colors hover:bg-muted-foreground/20 hover:text-foreground"
+								>
+									{isLocked ? (
+										<HiMiniLockClosed className="size-3" />
+									) : (
+										<HiMiniLockOpen className="size-3" />
+									)}
+								</button>
+							</TooltipTrigger>
+							<TooltipContent side="bottom" showArrow={false}>
+								{isLocked
+									? "Unlock (allow file replacement)"
+									: "Lock (prevent file replacement)"}
+							</TooltipContent>
+						</Tooltip>
+						<Tooltip>
+							<TooltipTrigger asChild>
+								<button
+									type="button"
+									onClick={handleClosePane}
+									className="rounded p-1 text-muted-foreground transition-colors hover:bg-muted-foreground/20 hover:text-foreground"
+								>
+									<HiMiniXMark className="size-4" />
+								</button>
+							</TooltipTrigger>
+							<TooltipContent side="bottom" showArrow={false}>
+								Close
+							</TooltipContent>
+						</Tooltip>
+					</div>
+				</div>
+			)}
+			className={isActive ? "mosaic-window-focused" : ""}
+		>
+			{/* biome-ignore lint/a11y/useKeyWithClickEvents lint/a11y/noStaticElementInteractions: Focus handler */}
+			<div
+				ref={containerRef}
+				className="w-full h-full overflow-hidden bg-background"
+				onClick={handleFocus}
+			>
+				{renderContent()}
+			</div>
+		</MosaicWindow>
+	);
+}
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/index.ts b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/index.ts
new file mode 100644
index 00000000000..96c33fa0b12
--- /dev/null
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/index.ts
@@ -0,0 +1 @@
+export { FileViewerPane } from "./FileViewerPane";
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/index.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/index.tsx
index b6df3608e13..3502a82dce2 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/index.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/index.tsx
@@ -8,6 +8,7 @@ import {
 	type MosaicNode,
 } from "react-mosaic-component";
 import { dragDropManager } from "renderer/lib/dnd";
+import { trpc } from "renderer/lib/trpc";
 import { useTabsStore } from "renderer/stores/tabs/store";
 import type { Pane, Tab } from "renderer/stores/tabs/types";
 import {
@@ -15,6 +16,7 @@ import {
 	extractPaneIdsFromLayout,
 	getPaneIdsForTab,
 } from "renderer/stores/tabs/utils";
+import { FileViewerPane } from "./FileViewerPane";
 import { TabPane } from "./TabPane";
 
 interface TabViewProps {
@@ -35,6 +37,10 @@ export function TabView({ tab, panes }: TabViewProps) {
 	const movePaneToNewTab = useTabsStore((s) => s.movePaneToNewTab);
 	const allTabs = useTabsStore((s) => s.tabs);
 
+	// Get worktree path for file viewer panes
+	const { data: activeWorkspace } = trpc.workspaces.getActive.useQuery();
+	const worktreePath = activeWorkspace?.worktreePath ?? "";
+
 	// Get tabs in the same workspace for move targets
 	const workspaceTabs = allTabs.filter(
 		(t) => t.workspaceId === tab.workspaceId,
@@ -90,6 +96,24 @@ export function TabView({ tab, panes }: TabViewProps) {
 				);
 			}
 
+			// Route file-viewer panes to FileViewerPane component
+			if (pane.type === "file-viewer") {
+				return (
+					<FileViewerPane
+						paneId={paneId}
+						path={path}
+						pane={pane}
+						isActive={isActive}
+						tabId={tab.id}
+						worktreePath={worktreePath}
+						splitPaneAuto={splitPaneAuto}
+						removePane={removePane}
+						setFocusedPane={setFocusedPane}
+					/>
+				);
+			}
+
+			// Default: terminal panes
 			return (
 				<TabPane
 					paneId={paneId}
@@ -114,6 +138,7 @@ export function TabView({ tab, panes }: TabViewProps) {
 			focusedPaneId,
 			tab.id,
 			tab.workspaceId,
+			worktreePath,
 			splitPaneAuto,
 			splitPaneHorizontal,
 			splitPaneVertical,
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/index.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/index.tsx
index e04866eb656..8dc969d541a 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/index.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/index.tsx
@@ -2,6 +2,7 @@ import { useMemo } from "react";
 import { trpc } from "renderer/lib/trpc";
 import { useTabsStore } from "renderer/stores/tabs/store";
 import { EmptyTabView } from "./EmptyTabView";
+import { GroupStrip } from "./GroupStrip";
 import { TabView } from "./TabView";
 
 export function TabsContent() {
@@ -23,5 +24,12 @@ export function TabsContent() {
 		return <EmptyTabView />;
 	}
 
-	return <TabView tab={tabToRender} panes={panes} />;
+	return (
+		<div className="h-full flex flex-col overflow-hidden">
+			<GroupStrip />
+			<div className="flex-1 min-h-0 overflow-hidden">
+				<TabView tab={tabToRender} panes={panes} />
+			</div>
+		</div>
+	);
 }
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/index.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/index.tsx
index 1a2e20bd0fb..835e914fc05 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/index.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/index.tsx
@@ -1,11 +1,22 @@
-import { SidebarMode, useSidebarStore } from "renderer/stores";
+import { trpc } from "renderer/lib/trpc";
+import { useWorkspaceViewModeStore } from "renderer/stores/workspace-view-mode";
 import { ChangesContent } from "./ChangesContent";
 import { TabsContent } from "./TabsContent";
 
 export function ContentView() {
-	const { currentMode } = useSidebarStore();
+	const { data: activeWorkspace } = trpc.workspaces.getActive.useQuery();
+	const workspaceId = activeWorkspace?.id;
 
-	if (currentMode === SidebarMode.Changes) {
+	// Subscribe to the actual data, not just the getter function
+	const viewModeByWorkspaceId = useWorkspaceViewModeStore(
+		(s) => s.viewModeByWorkspaceId,
+	);
+
+	const viewMode = workspaceId
+		? (viewModeByWorkspaceId[workspaceId] ?? "workbench")
+		: "workbench";
+
+	if (viewMode === "review") {
 		return (
 			<div className="h-full overflow-hidden bg-tertiary p-1">
 				<div className="h-full bg-background rounded-lg overflow-hidden border border-border">
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/Sidebar/ChangesView/ChangesView.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/Sidebar/ChangesView/ChangesView.tsx
index ee0ec6d2e9c..b269533cc7f 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/Sidebar/ChangesView/ChangesView.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/Sidebar/ChangesView/ChangesView.tsx
@@ -6,13 +6,22 @@ import { HiMiniMinus, HiMiniPlus } from "react-icons/hi2";
 import { trpc } from "renderer/lib/trpc";
 import { useChangesStore } from "renderer/stores/changes";
 import type { ChangeCategory, ChangedFile } from "shared/changes-types";
+import { PortsList } from "../TabsView/PortsList";
 import { CategorySection } from "./components/CategorySection";
 import { ChangesHeader } from "./components/ChangesHeader";
 import { CommitInput } from "./components/CommitInput";
 import { CommitItem } from "./components/CommitItem";
 import { FileList } from "./components/FileList";
 
-export function ChangesView() {
+interface ChangesViewProps {
+	onFileOpen?: (
+		file: ChangedFile,
+		category: ChangeCategory,
+		commitHash?: string,
+	) => void;
+}
+
+export function ChangesView({ onFileOpen }: ChangesViewProps) {
 	const { data: activeWorkspace } = trpc.workspaces.getActive.useQuery();
 	const worktreePath = activeWorkspace?.worktreePath;
 
@@ -128,11 +137,13 @@ export function ChangesView() {
 	const handleFileSelect = (file: ChangedFile, category: ChangeCategory) => {
 		if (!worktreePath) return;
 		selectFile(worktreePath, file, category, null);
+		onFileOpen?.(file, category);
 	};
 
 	const handleCommitFileSelect = (file: ChangedFile, commitHash: string) => {
 		if (!worktreePath) return;
 		selectFile(worktreePath, file, "committed", commitHash);
+		onFileOpen?.(file, "committed", commitHash);
 	};
 
 	const handleCommitToggle = (hash: string) => {
@@ -349,6 +360,8 @@ export function ChangesView() {
 					</CategorySection>
 				</div>
 			)}
+
+			<PortsList />
 		</div>
 	);
 }
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/Sidebar/index.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/Sidebar/index.tsx
index 7511587610a..b93ef1f3849 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/Sidebar/index.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/Sidebar/index.tsx
@@ -1,29 +1,40 @@
-import { useSidebarStore } from "renderer/stores";
-import { SidebarMode } from "renderer/stores/sidebar-state";
+import { trpc } from "renderer/lib/trpc";
+import { useTabsStore } from "renderer/stores/tabs/store";
+import { useWorkspaceViewModeStore } from "renderer/stores/workspace-view-mode";
+import type { ChangeCategory, ChangedFile } from "shared/changes-types";
 import { ChangesView } from "./ChangesView";
-import { ModeCarousel } from "./ModeCarousel";
-import { TabsView } from "./TabsView";
 
 export function Sidebar() {
-	const { currentMode, setMode } = useSidebarStore();
+	const { data: activeWorkspace } = trpc.workspaces.getActive.useQuery();
+	const workspaceId = activeWorkspace?.id;
 
-	const modes: SidebarMode[] = [SidebarMode.Tabs, SidebarMode.Changes];
+	// Subscribe to the actual data, not just the getter function
+	const viewModeByWorkspaceId = useWorkspaceViewModeStore(
+		(s) => s.viewModeByWorkspaceId,
+	);
+
+	const viewMode = workspaceId
+		? (viewModeByWorkspaceId[workspaceId] ?? "workbench")
+		: "workbench";
+
+	const addFileViewerPane = useTabsStore((s) => s.addFileViewerPane);
+
+	// In Workbench mode, open files in FileViewerPane
+	const handleFileOpen =
+		viewMode === "workbench" && workspaceId
+			? (file: ChangedFile, category: ChangeCategory, commitHash?: string) => {
+					addFileViewerPane(workspaceId, {
+						filePath: file.path,
+						diffCategory: category,
+						commitHash,
+						oldPath: file.oldPath,
+					});
+				}
+			: undefined;
 
 	return (
 		<aside className="h-full flex flex-col overflow-hidden">
-			<ModeCarousel
-				modes={modes}
-				currentMode={currentMode}
-				onModeSelect={setMode}
-			>
-				{(mode) => {
-					if (mode === SidebarMode.Changes) {
-						return <ChangesView />;
-					}
-
-					return <TabsView />;
-				}}
-			</ModeCarousel>
+			<ChangesView onFileOpen={handleFileOpen} />
 		</aside>
 	);
 }
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/WorkspaceActionBar.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/WorkspaceActionBar.tsx
index f641fde5af1..526bca55e10 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/WorkspaceActionBar.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/WorkspaceActionBar.tsx
@@ -1,3 +1,4 @@
+import { ViewModeToggle } from "./components/ViewModeToggle";
 import { WorkspaceActionBarLeft } from "./components/WorkspaceActionBarLeft";
 import { WorkspaceActionBarRight } from "./components/WorkspaceActionBarRight";
 
@@ -9,11 +10,14 @@ export function WorkspaceActionBar({ worktreePath }: WorkspaceActionBarProps) {
 	if (!worktreePath) return null;
 
 	return (
-		<div className="pl-1 pt-1 h-8 w-full flex items-center text-xs shrink-0 select-none bg-tertiary">
+		<div className="px-2 py-1 h-9 w-full flex items-center text-xs shrink-0 select-none bg-tertiary">
 			<div className="flex items-center gap-2 min-w-0">
 				<WorkspaceActionBarLeft />
 			</div>
-			<div className="ml-auto flex items-center h-full mr-2">
+			<div className="flex-1 flex justify-center">
+				<ViewModeToggle />
+			</div>
+			<div className="flex items-center h-full">
 				<WorkspaceActionBarRight worktreePath={worktreePath} />
 			</div>
 		</div>
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/ViewModeToggle.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/ViewModeToggle.tsx
new file mode 100644
index 00000000000..bce7ecd1289
--- /dev/null
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/ViewModeToggle.tsx
@@ -0,0 +1,55 @@
+import { cn } from "@superset/ui/utils";
+import { trpc } from "renderer/lib/trpc";
+import {
+	useWorkspaceViewModeStore,
+	type WorkspaceViewMode,
+} from "renderer/stores/workspace-view-mode";
+
+export function ViewModeToggle() {
+	const { data: activeWorkspace } = trpc.workspaces.getActive.useQuery();
+	const workspaceId = activeWorkspace?.id;
+
+	const viewModeByWorkspaceId = useWorkspaceViewModeStore(
+		(s) => s.viewModeByWorkspaceId,
+	);
+	const setWorkspaceViewMode = useWorkspaceViewModeStore(
+		(s) => s.setWorkspaceViewMode,
+	);
+
+	if (!workspaceId) return null;
+
+	const currentMode = viewModeByWorkspaceId[workspaceId] ?? "workbench";
+
+	const handleModeChange = (mode: WorkspaceViewMode) => {
+		setWorkspaceViewMode(workspaceId, mode);
+	};
+
+	return (
+		<div className="flex items-center bg-secondary/50 rounded-lg p-0.5">
+			<button
+				type="button"
+				onClick={() => handleModeChange("workbench")}
+				className={cn(
+					"px-3 py-1 text-sm font-medium rounded-md transition-all",
+					currentMode === "workbench"
+						? "bg-background text-foreground shadow-sm"
+						: "text-muted-foreground hover:text-foreground",
+				)}
+			>
+				Workbench
+			</button>
+			<button
+				type="button"
+				onClick={() => handleModeChange("review")}
+				className={cn(
+					"px-3 py-1 text-sm font-medium rounded-md transition-all",
+					currentMode === "review"
+						? "bg-background text-foreground shadow-sm"
+						: "text-muted-foreground hover:text-foreground",
+				)}
+			>
+				Review
+			</button>
+		</div>
+	);
+}
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/index.ts b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/index.ts
new file mode 100644
index 00000000000..5e69ac17ef8
--- /dev/null
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/index.ts
@@ -0,0 +1 @@
+export { ViewModeToggle } from "./ViewModeToggle";
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/index.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/index.tsx
index 661543c8580..a1d61bf3e53 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/index.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/index.tsx
@@ -3,6 +3,7 @@ import { trpc } from "renderer/lib/trpc";
 import { useAppHotkey } from "renderer/stores/hotkeys";
 import { useTabsStore } from "renderer/stores/tabs/store";
 import { getNextPaneId, getPreviousPaneId } from "renderer/stores/tabs/utils";
+import { useWorkspaceViewModeStore } from "renderer/stores/workspace-view-mode";
 import { ContentView } from "./ContentView";
 import { ResizableSidebar } from "./ResizableSidebar";
 import { WorkspaceActionBar } from "./WorkspaceActionBar";
@@ -39,16 +40,31 @@ export function WorkspaceView() {
 	// Get focused pane ID for the active tab
 	const focusedPaneId = activeTabId ? focusedPaneIds[activeTabId] : null;
 
+	// View mode for terminal creation - subscribe to actual data for reactivity
+	const viewModeByWorkspaceId = useWorkspaceViewModeStore(
+		(s) => s.viewModeByWorkspaceId,
+	);
+	const setWorkspaceViewMode = useWorkspaceViewModeStore(
+		(s) => s.setWorkspaceViewMode,
+	);
+	const viewMode = activeWorkspaceId
+		? (viewModeByWorkspaceId[activeWorkspaceId] ?? "workbench")
+		: "workbench";
+
 	// Tab management shortcuts
 	useAppHotkey(
 		"NEW_TERMINAL",
 		() => {
 			if (activeWorkspaceId) {
+				// If in Review mode, switch to Workbench first
+				if (viewMode === "review") {
+					setWorkspaceViewMode(activeWorkspaceId, "workbench");
+				}
 				addTab(activeWorkspaceId);
 			}
 		},
 		undefined,
-		[activeWorkspaceId, addTab],
+		[activeWorkspaceId, addTab, viewMode, setWorkspaceViewMode],
 	);
 
 	useAppHotkey(
diff --git a/apps/desktop/src/renderer/stores/index.ts b/apps/desktop/src/renderer/stores/index.ts
index b289f0bfb38..886d0523e00 100644
--- a/apps/desktop/src/renderer/stores/index.ts
+++ b/apps/desktop/src/renderer/stores/index.ts
@@ -6,3 +6,4 @@ export * from "./ringtone";
 export * from "./sidebar-state";
 export * from "./tabs";
 export * from "./theme";
+export * from "./workspace-view-mode";
diff --git a/apps/desktop/src/renderer/stores/tabs/store.ts b/apps/desktop/src/renderer/stores/tabs/store.ts
index d28d8316add..b139bf235fd 100644
--- a/apps/desktop/src/renderer/stores/tabs/store.ts
+++ b/apps/desktop/src/renderer/stores/tabs/store.ts
@@ -4,9 +4,10 @@ import { create } from "zustand";
 import { devtools, persist } from "zustand/middleware";
 import { trpcTabsStorage } from "../../lib/trpc-storage";
 import { movePaneToNewTab, movePaneToTab } from "./actions/move-pane";
-import type { TabsState, TabsStore } from "./types";
+import type { AddFileViewerPaneOptions, TabsState, TabsStore } from "./types";
 import {
 	type CreatePaneOptions,
+	createFileViewerPane,
 	createPane,
 	createTabWithPane,
 	extractPaneIdsFromLayout,
@@ -340,6 +341,112 @@ export const useTabsStore = create<TabsStore>()(
 					return newPane.id;
 				},
 
+				addFileViewerPane: (
+					workspaceId: string,
+					options: AddFileViewerPaneOptions,
+				) => {
+					const state = get();
+					const activeTabId = state.activeTabIds[workspaceId];
+					const activeTab = state.tabs.find((t) => t.id === activeTabId);
+
+					// If no active tab, create a new one (this shouldn't normally happen)
+					if (!activeTab) {
+						const { tabId, paneId } = get().addTab(workspaceId);
+						// Update the pane to be a file-viewer
+						const pane = state.panes[paneId];
+						if (pane) {
+							const fileViewerPane = createFileViewerPane(tabId, options);
+							set((s) => ({
+								panes: {
+									...s.panes,
+									[paneId]: {
+										...fileViewerPane,
+										id: paneId, // Keep the original ID
+									},
+								},
+							}));
+						}
+						return paneId;
+					}
+
+					// Look for an existing unlocked file-viewer pane in the active tab
+					const tabPaneIds = extractPaneIdsFromLayout(activeTab.layout);
+					const fileViewerPanes = tabPaneIds
+						.map((id) => state.panes[id])
+						.filter(
+							(p) =>
+								p?.type === "file-viewer" &&
+								p.fileViewer &&
+								!p.fileViewer.isLocked,
+						);
+
+					// If we found an unlocked file-viewer pane, reuse it
+					if (fileViewerPanes.length > 0) {
+						const paneToReuse = fileViewerPanes[0];
+						const fileName =
+							options.filePath.split("/").pop() || options.filePath;
+
+						// Determine default view mode
+						let viewMode: "raw" | "rendered" | "diff" = "raw";
+						if (options.diffCategory) {
+							viewMode = "diff";
+						} else if (
+							options.filePath.endsWith(".md") ||
+							options.filePath.endsWith(".markdown")
+						) {
+							viewMode = "rendered";
+						}
+
+						set({
+							panes: {
+								...state.panes,
+								[paneToReuse.id]: {
+									...paneToReuse,
+									name: fileName,
+									fileViewer: {
+										filePath: options.filePath,
+										viewMode,
+										isLocked: false,
+										diffLayout: "inline",
+										diffCategory: options.diffCategory,
+										commitHash: options.commitHash,
+										oldPath: options.oldPath,
+									},
+								},
+							},
+							focusedPaneIds: {
+								...state.focusedPaneIds,
+								[activeTab.id]: paneToReuse.id,
+							},
+						});
+
+						return paneToReuse.id;
+					}
+
+					// No reusable pane found, create a new one
+					const newPane = createFileViewerPane(activeTab.id, options);
+
+					const newLayout: MosaicNode<string> = {
+						direction: "row",
+						first: activeTab.layout,
+						second: newPane.id,
+						splitPercentage: 50,
+					};
+
+					set({
+						tabs: state.tabs.map((t) =>
+							t.id === activeTab.id ? { ...t, layout: newLayout } : t,
+						),
+						panes: { ...state.panes, [newPane.id]: newPane },
+						focusedPaneIds: {
+							...state.focusedPaneIds,
+							[activeTab.id]: newPane.id,
+						},
+					});
+
+					return newPane.id;
+				},
+
 				removePane: (paneId) => {
 					const state = get();
 					const pane = state.panes[paneId];
diff --git a/apps/desktop/src/renderer/stores/tabs/types.ts b/apps/desktop/src/renderer/stores/tabs/types.ts
index bcb0f70af82..03fc45d921b 100644
--- a/apps/desktop/src/renderer/stores/tabs/types.ts
+++ b/apps/desktop/src/renderer/stores/tabs/types.ts
@@ -1,4 +1,5 @@
 import type { MosaicBranch, MosaicNode } from "react-mosaic-component";
+import type { ChangeCategory } from "shared/changes-types";
 import type { BaseTab, BaseTabsState, Pane, PaneType } from "shared/tabs-types";
 
 // Re-export shared types
@@ -28,6 +29,16 @@ export interface AddTabOptions {
 	initialCwd?: string;
 }
 
+/**
+ * Options for opening a file in a file-viewer pane
+ */
+export interface AddFileViewerPaneOptions {
+	filePath: string;
+	diffCategory?: ChangeCategory;
+	commitHash?: string;
+	oldPath?: string;
+}
+
 /**
  * Actions available on the tabs store
  */
@@ -51,6 +62,10 @@ export interface TabsStore extends TabsState {
 
 	// Pane operations
 	addPane: (tabId: string, options?: AddTabOptions) => string;
+	addFileViewerPane: (
+		workspaceId: string,
+		options: AddFileViewerPaneOptions,
+	) => string;
 	removePane: (paneId: string) => void;
 	setFocusedPane: (tabId: string, paneId: string) => void;
 	markPaneAsUsed: (paneId: string) => void;
diff --git a/apps/desktop/src/renderer/stores/tabs/utils.ts b/apps/desktop/src/renderer/stores/tabs/utils.ts
index a1e7bef16cf..207ac8295a7 100644
--- a/apps/desktop/src/renderer/stores/tabs/utils.ts
+++ b/apps/desktop/src/renderer/stores/tabs/utils.ts
@@ -1,4 +1,10 @@
 import type { MosaicBranch, MosaicNode } from "react-mosaic-component";
+import type { ChangeCategory } from "shared/changes-types";
+import type {
+	DiffLayout,
+	FileViewerMode,
+	FileViewerState,
+} from "shared/tabs-types";
 import type { Pane, PaneType, Tab } from "./types";
 
 /**
@@ -82,6 +88,61 @@ export const createPane = (
 	};
 };
 
+/**
+ * Options for creating a file-viewer pane
+ */
+export interface CreateFileViewerPaneOptions {
+	filePath: string;
+	viewMode?: FileViewerMode;
+	isLocked?: boolean;
+	diffLayout?: DiffLayout;
+	diffCategory?: ChangeCategory;
+	commitHash?: string;
+	oldPath?: string;
+}
+
+/**
+ * Creates a new file-viewer pane with the given properties
+ */
+export const createFileViewerPane = (
+	tabId: string,
+	options: CreateFileViewerPaneOptions,
+): Pane => {
+	const id = generateId("pane");
+
+	// Determine default view mode based on file and category
+	let defaultViewMode: FileViewerMode = "raw";
+	if (options.diffCategory) {
+		defaultViewMode = "diff";
+	} else if (
+		options.filePath.endsWith(".md") ||
+		options.filePath.endsWith(".markdown")
+	) {
+		defaultViewMode = "rendered";
+	}
+
+	const fileViewer: FileViewerState = {
+		filePath: options.filePath,
+		viewMode: options.viewMode ?? defaultViewMode,
+		isLocked: options.isLocked ?? false,
+		diffLayout: options.diffLayout ?? "inline",
+		diffCategory: options.diffCategory,
+		commitHash: options.commitHash,
+		oldPath: options.oldPath,
+	};
+
+	// Use filename for display name
+	const fileName = options.filePath.split("/").pop() || options.filePath;
+
+	return {
+		id,
+		tabId,
+		type: "file-viewer",
+		name: fileName,
+		fileViewer,
+	};
+};
+
 /**
  * Generates a static tab name based on existing tabs
  * (e.g., "Terminal 1", "Terminal 2", finding the next available number)
diff --git a/apps/desktop/src/renderer/stores/workspace-view-mode.ts b/apps/desktop/src/renderer/stores/workspace-view-mode.ts
new file mode 100644
index 00000000000..b9bee9b2665
--- /dev/null
+++ b/apps/desktop/src/renderer/stores/workspace-view-mode.ts
@@ -0,0 +1,56 @@
+import { create } from "zustand";
+import { devtools, persist } from "zustand/middleware";
+
+/**
+ * Workspace view modes:
+ * - "workbench": Groups + Mosaic panes layout for in-flow work
+ * - "review": Dedicated Changes page for focused code review
+ */
+export type WorkspaceViewMode = "workbench" | "review";
+
+interface WorkspaceViewModeState {
+	/**
+	 * Per-workspace view mode. Defaults to "workbench" when not set.
+	 */
+	viewModeByWorkspaceId: Record<string, WorkspaceViewMode>;
+
+	/**
+	 * Get the view mode for a workspace, defaulting to "workbench"
+	 */
+	getWorkspaceViewMode: (workspaceId: string) => WorkspaceViewMode;
+
+	/**
+	 * Set the view mode for a workspace
+	 */
+	setWorkspaceViewMode: (workspaceId: string, mode: WorkspaceViewMode) => void;
+}
+
+export const useWorkspaceViewModeStore = create<WorkspaceViewModeState>()(
+	devtools(
+		persist(
+			(set, get) => ({
+				viewModeByWorkspaceId: {},
+
+				getWorkspaceViewMode: (workspaceId: string) => {
+					return get().viewModeByWorkspaceId[workspaceId] ?? "workbench";
+				},
+
+				setWorkspaceViewMode: (
+					workspaceId: string,
+					mode: WorkspaceViewMode,
+				) => {
+					set((state) => ({
+						viewModeByWorkspaceId: {
+							...state.viewModeByWorkspaceId,
+							[workspaceId]: mode,
+						},
+					}));
+				},
+			}),
+			{
+				name: "workspace-view-mode-store",
+			},
+		),
+		{ name: "WorkspaceViewModeStore" },
+	),
+);
diff --git a/apps/desktop/src/shared/tabs-types.ts b/apps/desktop/src/shared/tabs-types.ts
index 8ae323601eb..d38ce4c4284 100644
--- a/apps/desktop/src/shared/tabs-types.ts
+++ b/apps/desktop/src/shared/tabs-types.ts
@@ -3,10 +3,42 @@
  * Renderer extends these with MosaicNode layout specifics.
  */
 
+import type { ChangeCategory } from "./changes-types";
+
 /**
  * Pane types that can be displayed within a tab
  */
-export type PaneType = "terminal" | "webview";
+export type PaneType = "terminal" | "webview" | "file-viewer";
+
+/**
+ * File viewer display modes
+ */
+export type FileViewerMode = "rendered" | "raw" | "diff";
+
+/**
+ * Diff layout options for file viewer
+ */
+export type DiffLayout = "inline" | "side-by-side";
+
+/**
+ * File viewer pane-specific properties
+ */
+export interface FileViewerState {
+	/** Worktree-relative file path */
+	filePath: string;
+	/** Display mode: rendered (markdown), raw (source), or diff */
+	viewMode: FileViewerMode;
+	/** If true, this pane won't be reused for new file clicks */
+	isLocked: boolean;
+	/** Diff display layout */
+	diffLayout: DiffLayout;
+	/** Category for diff source (against-main, committed, staged, unstaged) */
+	diffCategory?: ChangeCategory;
+	/** Commit hash for committed category diffs */
+	commitHash?: string;
+	/** Original path for renamed files */
+	oldPath?: string;
+}
 
 /**
  * Base Pane interface - shared between main and renderer
@@ -23,6 +55,7 @@ export interface Pane {
 	url?: string; // For webview panes
 	cwd?: string | null; // Current working directory
 	cwdConfirmed?: boolean; // True if cwd confirmed via OSC-7, false if seeded
+	fileViewer?: FileViewerState; // For file-viewer panes
 }
 
 /**

From 0d91d554d99fac1dc31bebdd1d91cfb3270676b5 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Mon, 29 Dec 2025 18:32:50 +0200
Subject: [PATCH 02/14] fix(desktop): add worktreePath guards and fix stale
 state in tabs store

- Add !!worktreePath checks to FileViewerPane query enabled conditions
- Add !!worktreePath checks to save handler guards (handleSaveRaw, handleSaveDiff)
- Fix stale state reference after addTab() in addFileViewerPane action

Addresses CodeRabbit review feedback.
---
 .../TabView/FileViewerPane/FileViewerPane.tsx | 15 ++++++++----
 .../desktop/src/renderer/stores/tabs/store.ts | 23 ++++++++-----------
 2 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
index a9dac12d7a5..a607ed7b184 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
@@ -152,7 +152,7 @@ export function FileViewerPane({
 
 	// Save handler for raw mode editor
 	const handleSaveRaw = useCallback(() => {
-		if (!editorRef.current || !filePath) return;
+		if (!editorRef.current || !filePath || !worktreePath) return;
 		saveFileMutation.mutate({
 			worktreePath,
 			filePath,
@@ -163,7 +163,7 @@ export function FileViewerPane({
 	// Save handler for diff mode
 	const handleSaveDiff = useCallback(
 		(content: string) => {
-			if (!filePath) return;
+			if (!filePath || !worktreePath) return;
 			saveFileMutation.mutate({
 				worktreePath,
 				filePath,
@@ -211,7 +211,10 @@ export function FileViewerPane({
 	const { data: rawFileData, isLoading: isLoadingRaw } =
 		trpc.changes.readWorkingFile.useQuery(
 			{ worktreePath, filePath },
-			{ enabled: !!fileViewer && viewMode !== "diff" && !!filePath },
+			{
+				enabled:
+					!!fileViewer && viewMode !== "diff" && !!filePath && !!worktreePath,
+			},
 		);
 
 	// Fetch diff content - always call hook, use enabled to control fetching
@@ -226,7 +229,11 @@ export function FileViewerPane({
 			},
 			{
 				enabled:
-					!!fileViewer && viewMode === "diff" && !!diffCategory && !!filePath,
+					!!fileViewer &&
+					viewMode === "diff" &&
+					!!diffCategory &&
+					!!filePath &&
+					!!worktreePath,
 			},
 		);
 
diff --git a/apps/desktop/src/renderer/stores/tabs/store.ts b/apps/desktop/src/renderer/stores/tabs/store.ts
index b139bf235fd..ee1943fe7a7 100644
--- a/apps/desktop/src/renderer/stores/tabs/store.ts
+++ b/apps/desktop/src/renderer/stores/tabs/store.ts
@@ -352,20 +352,17 @@ export const useTabsStore = create<TabsStore>()(
 					// If no active tab, create a new one (this shouldn't normally happen)
 					if (!activeTab) {
 						const { tabId, paneId } = get().addTab(workspaceId);
-						// Update the pane to be a file-viewer
-						const pane = state.panes[paneId];
-						if (pane) {
-							const fileViewerPane = createFileViewerPane(tabId, options);
-							set((s) => ({
-								panes: {
-									...s.panes,
-									[paneId]: {
-										...fileViewerPane,
-										id: paneId, // Keep the original ID
-									},
+						// Update the pane to be a file-viewer (must use set() to get fresh state after addTab)
+						const fileViewerPane = createFileViewerPane(tabId, options);
+						set((s) => ({
+							panes: {
+								...s.panes,
+								[paneId]: {
+									...fileViewerPane,
+									id: paneId, // Keep the original ID
 								},
-							}));
-						}
+							},
+						}));
 						return paneId;
 					}
 

From 530a423d3e07e601937f519782abee5eabd78e78 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Mon, 29 Dec 2025 18:50:33 +0200
Subject: [PATCH 03/14] fix(desktop): address CodeRabbit review - path
 traversal security fix and UX improvements

- Add validatePathForWrite() to prevent path traversal attacks in saveFile
- Add aria-pressed attribute to ViewModeToggle buttons for accessibility
- Increase close button touch target in GroupStrip for better UX
- Add .mdx file support for rendered view mode
---
 .../lib/trpc/routers/changes/file-contents.ts | 62 ++++++++++++++++++-
 .../TabsContent/GroupStrip/GroupStrip.tsx     |  4 +-
 .../ViewModeToggle/ViewModeToggle.tsx         |  2 +
 .../desktop/src/renderer/stores/tabs/store.ts |  3 +-
 .../desktop/src/renderer/stores/tabs/utils.ts |  3 +-
 5 files changed, 67 insertions(+), 7 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index 29f035a058f..262a03797f1 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -23,7 +23,8 @@ type ReadWorkingFileResult =
 	  };
 
 /**
- * Validates that a file path is within the worktree and doesn't escape via symlinks
+ * Validates that a file path is within the worktree and doesn't escape via symlinks.
+ * Requires the file to exist (uses realpath).
  */
 async function validatePathInWorktree(
 	worktreePath: string,
@@ -60,6 +61,48 @@ async function validatePathInWorktree(
 	}
 }
 
+/**
+ * Validates that a file path is safe for writing within the worktree.
+ * Does not require the file to exist (validates path structure and parent directory).
+ */
+async function validatePathForWrite(
+	worktreePath: string,
+	filePath: string,
+): Promise<{ valid: boolean; resolvedPath?: string; reason?: string }> {
+	// Reject absolute paths
+	if (isAbsolute(filePath)) {
+		return { valid: false, reason: "outside-worktree" };
+	}
+
+	// Normalize and check for traversal
+	const normalizedPath = normalize(filePath);
+	if (normalizedPath.startsWith("..") || normalizedPath.includes("/../")) {
+		return { valid: false, reason: "outside-worktree" };
+	}
+
+	const fullPath = join(worktreePath, normalizedPath);
+
+	// Resolve the worktree path and verify our target path is within it
+	try {
+		const realWorktreePath = await realpath(worktreePath);
+
+		// For writes, we can't realpath the file (it may not exist), but we can check
+		// the normalized path structure is within the worktree
+		const candidatePath = join(realWorktreePath, normalizedPath);
+		const relativePath = relative(realWorktreePath, candidatePath);
+
+		// If relative path starts with "..", the file is outside worktree
+		if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+			return { valid: false, reason: "outside-worktree" };
+		}
+
+		return { valid: true, resolvedPath: candidatePath };
+	} catch {
+		// Worktree path doesn't exist or isn't accessible
+		return { valid: false, reason: "not-found" };
+	}
+}
+
 /**
  * Detects if a buffer contains binary content by checking for NUL bytes
  */
@@ -117,8 +160,21 @@ export const createFileContentsRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				const fullPath = join(input.worktreePath, input.filePath);
-				await writeFile(fullPath, input.content, "utf-8");
+				// Validate path is within worktree (prevents path traversal attacks)
+				const validation = await validatePathForWrite(
+					input.worktreePath,
+					input.filePath,
+				);
+
+				if (!validation.valid || !validation.resolvedPath) {
+					throw new Error(
+						validation.reason === "outside-worktree"
+							? "Cannot write to files outside worktree"
+							: "File path validation failed",
+					);
+				}
+
+				await writeFile(validation.resolvedPath, input.content, "utf-8");
 				return { success: true };
 			}),
 
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
index e4aa4e47352..162114e9687 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
@@ -55,9 +55,9 @@ function GroupItem({
 					e.stopPropagation();
 					onClose();
 				}}
-				className="absolute -right-1 -top-1 p-0.5 rounded-full bg-muted opacity-0 group-hover:opacity-100 transition-opacity hover:bg-destructive hover:text-destructive-foreground"
+				className="absolute -right-1.5 -top-1.5 p-1 rounded-full bg-muted opacity-0 group-hover:opacity-100 transition-opacity hover:bg-destructive hover:text-destructive-foreground"
 			>
-				<HiMiniXMark className="size-2.5" />
+				<HiMiniXMark className="size-2" />
 			</button>
 		</div>
 	);
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/ViewModeToggle.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/ViewModeToggle.tsx
index bce7ecd1289..00b93eaf6dc 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/ViewModeToggle.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/WorkspaceActionBar/components/ViewModeToggle/ViewModeToggle.tsx
@@ -29,6 +29,7 @@ export function ViewModeToggle() {
 			<button
 				type="button"
 				onClick={() => handleModeChange("workbench")}
+				aria-pressed={currentMode === "workbench"}
 				className={cn(
 					"px-3 py-1 text-sm font-medium rounded-md transition-all",
 					currentMode === "workbench"
@@ -41,6 +42,7 @@ export function ViewModeToggle() {
 			<button
 				type="button"
 				onClick={() => handleModeChange("review")}
+				aria-pressed={currentMode === "review"}
 				className={cn(
 					"px-3 py-1 text-sm font-medium rounded-md transition-all",
 					currentMode === "review"
diff --git a/apps/desktop/src/renderer/stores/tabs/store.ts b/apps/desktop/src/renderer/stores/tabs/store.ts
index ee1943fe7a7..3a921e153d0 100644
--- a/apps/desktop/src/renderer/stores/tabs/store.ts
+++ b/apps/desktop/src/renderer/stores/tabs/store.ts
@@ -389,7 +389,8 @@ export const useTabsStore = create<TabsStore>()(
 							viewMode = "diff";
 						} else if (
 							options.filePath.endsWith(".md") ||
-							options.filePath.endsWith(".markdown")
+							options.filePath.endsWith(".markdown") ||
+							options.filePath.endsWith(".mdx")
 						) {
 							viewMode = "rendered";
 						}
diff --git a/apps/desktop/src/renderer/stores/tabs/utils.ts b/apps/desktop/src/renderer/stores/tabs/utils.ts
index 207ac8295a7..797e644d0c8 100644
--- a/apps/desktop/src/renderer/stores/tabs/utils.ts
+++ b/apps/desktop/src/renderer/stores/tabs/utils.ts
@@ -116,7 +116,8 @@ export const createFileViewerPane = (
 		defaultViewMode = "diff";
 	} else if (
 		options.filePath.endsWith(".md") ||
-		options.filePath.endsWith(".markdown")
+		options.filePath.endsWith(".markdown") ||
+		options.filePath.endsWith(".mdx")
 	) {
 		defaultViewMode = "rendered";
 	}

From 676363def98c6ef84fe2241ea32e857fdc185220 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Mon, 29 Dec 2025 19:20:53 +0200
Subject: [PATCH 04/14] fix(desktop): address PR review - security fixes and UX
 improvements

P0 Security:
- Add path validation to getUnstagedVersions before readFile (prevents traversal)
- Key Editor/DiffViewer by filePath to force remount (fixes stale Cmd+S closure)

P1 Fixes:
- Update originalContentRef when raw content loads (dirty tracking fix)
- Add .mdx to isMarkdown check for toolbar consistency
- Gate diff editable to staged/unstaged only (against-main/committed now read-only)

P2 Performance:
- Add safeGitShow helper with 2MB size limit on all git show calls
- Add size check before reading working tree files in getUnstagedVersions
---
 .../lib/trpc/routers/changes/file-contents.ts | 101 ++++++++----------
 .../TabView/FileViewerPane/FileViewerPane.tsx |  30 +++++-
 2 files changed, 71 insertions(+), 60 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index 262a03797f1..f5a865ed52e 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -276,26 +276,33 @@ async function getFileVersions(
 	}
 }
 
+/** Helper to safely get git show content with size limit */
+async function safeGitShow(
+	git: ReturnType<typeof simpleGit>,
+	spec: string,
+): Promise<string> {
+	try {
+		const content = await git.show([spec]);
+		// Enforce size limit on git content
+		if (content.length > MAX_FILE_SIZE) {
+			return `[File content truncated - exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit]`;
+		}
+		return content;
+	} catch {
+		return "";
+	}
+}
+
 async function getAgainstBaseVersions(
 	git: ReturnType<typeof simpleGit>,
 	filePath: string,
 	originalPath: string,
 	defaultBranch: string,
 ): Promise<FileVersions> {
-	let original = "";
-	let modified = "";
-
-	try {
-		original = await git.show([`origin/${defaultBranch}:${originalPath}`]);
-	} catch {
-		original = "";
-	}
-
-	try {
-		modified = await git.show([`HEAD:${filePath}`]);
-	} catch {
-		modified = "";
-	}
+	const [original, modified] = await Promise.all([
+		safeGitShow(git, `origin/${defaultBranch}:${originalPath}`),
+		safeGitShow(git, `HEAD:${filePath}`),
+	]);
 
 	return { original, modified };
 }
@@ -306,20 +313,10 @@ async function getCommittedVersions(
 	originalPath: string,
 	commitHash: string,
 ): Promise<FileVersions> {
-	let original = "";
-	let modified = "";
-
-	try {
-		original = await git.show([`${commitHash}^:${originalPath}`]);
-	} catch {
-		original = "";
-	}
-
-	try {
-		modified = await git.show([`${commitHash}:${filePath}`]);
-	} catch {
-		modified = "";
-	}
+	const [original, modified] = await Promise.all([
+		safeGitShow(git, `${commitHash}^:${originalPath}`),
+		safeGitShow(git, `${commitHash}:${filePath}`),
+	]);
 
 	return { original, modified };
 }
@@ -329,20 +326,10 @@ async function getStagedVersions(
 	filePath: string,
 	originalPath: string,
 ): Promise<FileVersions> {
-	let original = "";
-	let modified = "";
-
-	try {
-		original = await git.show([`HEAD:${originalPath}`]);
-	} catch {
-		original = "";
-	}
-
-	try {
-		modified = await git.show([`:0:${filePath}`]);
-	} catch {
-		modified = "";
-	}
+	const [original, modified] = await Promise.all([
+		safeGitShow(git, `HEAD:${originalPath}`),
+		safeGitShow(git, `:0:${filePath}`),
+	]);
 
 	return { original, modified };
 }
@@ -353,24 +340,28 @@ async function getUnstagedVersions(
 	filePath: string,
 	originalPath: string,
 ): Promise<FileVersions> {
-	let original = "";
-	let modified = "";
+	// Try staged version first, fall back to HEAD
+	let original = await safeGitShow(git, `:0:${originalPath}`);
+	if (!original) {
+		original = await safeGitShow(git, `HEAD:${originalPath}`);
+	}
 
-	try {
-		original = await git.show([`:0:${originalPath}`]);
-	} catch {
+	let modified = "";
+	// Validate path before reading from filesystem (prevents path traversal)
+	const validation = await validatePathInWorktree(worktreePath, filePath);
+	if (validation.valid && validation.resolvedPath) {
 		try {
-			original = await git.show([`HEAD:${originalPath}`]);
+			// Check file size before reading
+			const stats = await lstat(validation.resolvedPath);
+			if (stats.size <= MAX_FILE_SIZE) {
+				modified = await readFile(validation.resolvedPath, "utf-8");
+			} else {
+				modified = `[File content truncated - exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit]`;
+			}
 		} catch {
-			original = "";
+			modified = "";
 		}
 	}
 
-	try {
-		modified = await readFile(join(worktreePath, filePath), "utf-8");
-	} catch {
-		modified = "";
-	}
-
 	return { original, modified };
 }
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
index a607ed7b184..44973084803 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
@@ -237,6 +237,14 @@ export function FileViewerPane({
 			},
 		);
 
+	// P1-1: Update originalContentRef when raw content loads (dirty tracking fix)
+	// biome-ignore lint/correctness/useExhaustiveDependencies: Only update baseline when content loads
+	useEffect(() => {
+		if (rawFileData?.ok === true && !isDirty) {
+			originalContentRef.current = rawFileData.content;
+		}
+	}, [rawFileData]);
+
 	// Early return AFTER hooks
 	if (!fileViewer) {
 		return (
@@ -311,6 +319,10 @@ export function FileViewerPane({
 
 	const fileName = filePath.split("/").pop() || filePath;
 
+	// P1-3: Only allow editing for staged/unstaged diffs (not committed/against-main)
+	const isDiffEditable =
+		diffCategory === "staged" || diffCategory === "unstaged";
+
 	// Render content based on view mode
 	const renderContent = () => {
 		if (viewMode === "diff") {
@@ -330,6 +342,7 @@ export function FileViewerPane({
 			}
 			return (
 				<DiffViewer
+					key={filePath}
 					contents={{
 						original: diffData.original,
 						modified: diffData.modified,
@@ -337,8 +350,8 @@ export function FileViewerPane({
 					}}
 					viewMode="inline"
 					filePath={filePath}
-					editable
-					onSave={handleSaveDiff}
+					editable={isDiffEditable}
+					onSave={isDiffEditable ? handleSaveDiff : undefined}
 				/>
 			);
 		}
@@ -385,8 +398,10 @@ export function FileViewerPane({
 			);
 		}
 
+		// P0-2: Key by filePath to force remount and fresh action registration
 		return (
 			<Editor
+				key={filePath}
 				height="100%"
 				language={detectLanguage(filePath)}
 				value={rawFileData.content}
@@ -418,7 +433,11 @@ export function FileViewerPane({
 	};
 
 	// Determine which view modes are available
-	const isMarkdown = filePath.endsWith(".md") || filePath.endsWith(".markdown");
+	// P1-2: Include .mdx for consistency with default view mode logic
+	const isMarkdown =
+		filePath.endsWith(".md") ||
+		filePath.endsWith(".markdown") ||
+		filePath.endsWith(".mdx");
 	const hasDiff = !!diffCategory;
 
 	const splitIcon =
@@ -428,8 +447,9 @@ export function FileViewerPane({
 			<TbLayoutRows className="size-4" />
 		);
 
-	// Show editable badge for raw and diff modes (not rendered)
-	const showEditableBadge = viewMode !== "rendered";
+	// Show editable badge only for editable modes
+	const showEditableBadge =
+		viewMode === "raw" || (viewMode === "diff" && isDiffEditable);
 	const isSaving = saveFileMutation.isPending;
 
 	return (

From e8e2a1925d9fcc35fa5165606c9864feb11573c5 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Mon, 29 Dec 2025 20:08:09 +0200
Subject: [PATCH 05/14] fix(desktop): address review - persistence schema and
 security fixes

- P0-1: Add file-viewer type and fileViewer object to paneSchema for tab persistence
- P0-2: Fix symlink escape vulnerability in validatePathForWrite by checking
  if target is symlink and resolving parent directory paths
- P1-1: Pass defaultBranch to FileViewerPane for against-main diffs
- P1-2: Switch staged diff to unstaged after save (matches Review mode behavior)
- P2: Use Buffer.byteLength instead of string.length in safeGitShow for
  accurate UTF-8 byte counting
---
 .../lib/trpc/routers/changes/file-contents.ts | 49 ++++++++++++++-----
 .../src/lib/trpc/routers/ui-state/index.ts    | 20 +++++++-
 .../TabView/FileViewerPane/FileViewerPane.tsx | 30 ++++++++++++
 3 files changed, 87 insertions(+), 12 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index f5a865ed52e..fd85f6eb713 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -64,6 +64,7 @@ async function validatePathInWorktree(
 /**
  * Validates that a file path is safe for writing within the worktree.
  * Does not require the file to exist (validates path structure and parent directory).
+ * Also checks for symlink escape attacks.
  */
 async function validatePathForWrite(
 	worktreePath: string,
@@ -86,17 +87,43 @@ async function validatePathForWrite(
 	try {
 		const realWorktreePath = await realpath(worktreePath);
 
-		// For writes, we can't realpath the file (it may not exist), but we can check
-		// the normalized path structure is within the worktree
-		const candidatePath = join(realWorktreePath, normalizedPath);
-		const relativePath = relative(realWorktreePath, candidatePath);
-
-		// If relative path starts with "..", the file is outside worktree
-		if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
-			return { valid: false, reason: "outside-worktree" };
+		// Check if target file exists and is a symlink - reject symlinks to prevent escape
+		try {
+			const stats = await lstat(fullPath);
+			if (stats.isSymbolicLink()) {
+				// File exists and is a symlink - verify target is within worktree
+				const realFilePath = await realpath(fullPath);
+				const relativePath = relative(realWorktreePath, realFilePath);
+				if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+					return { valid: false, reason: "outside-worktree" };
+				}
+				return { valid: true, resolvedPath: realFilePath };
+			}
+		} catch {
+			// File doesn't exist yet - that's fine for writes, continue with parent check
 		}
 
-		return { valid: true, resolvedPath: candidatePath };
+		// Resolve parent directory to catch symlink escapes in parent path
+		const parentDir = join(fullPath, "..");
+		try {
+			const realParentPath = await realpath(parentDir);
+			const parentRelative = relative(realWorktreePath, realParentPath);
+			if (parentRelative.startsWith("..") || isAbsolute(parentRelative)) {
+				return { valid: false, reason: "outside-worktree" };
+			}
+			// Construct final path using resolved parent + filename
+			const fileName = normalizedPath.split("/").pop() || normalizedPath;
+			const candidatePath = join(realParentPath, fileName);
+			return { valid: true, resolvedPath: candidatePath };
+		} catch {
+			// Parent directory doesn't exist - fall back to path validation
+			const candidatePath = join(realWorktreePath, normalizedPath);
+			const relativePath = relative(realWorktreePath, candidatePath);
+			if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+				return { valid: false, reason: "outside-worktree" };
+			}
+			return { valid: true, resolvedPath: candidatePath };
+		}
 	} catch {
 		// Worktree path doesn't exist or isn't accessible
 		return { valid: false, reason: "not-found" };
@@ -283,8 +310,8 @@ async function safeGitShow(
 ): Promise<string> {
 	try {
 		const content = await git.show([spec]);
-		// Enforce size limit on git content
-		if (content.length > MAX_FILE_SIZE) {
+		// Enforce size limit on git content (use byteLength for accurate UTF-8 size)
+		if (Buffer.byteLength(content, "utf-8") > MAX_FILE_SIZE) {
 			return `[File content truncated - exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit]`;
 		}
 		return content;
diff --git a/apps/desktop/src/lib/trpc/routers/ui-state/index.ts b/apps/desktop/src/lib/trpc/routers/ui-state/index.ts
index 0d2b8e87f55..77b32e36286 100644
--- a/apps/desktop/src/lib/trpc/routers/ui-state/index.ts
+++ b/apps/desktop/src/lib/trpc/routers/ui-state/index.ts
@@ -10,19 +10,37 @@ import {
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
 
+/**
+ * Zod schema for FileViewerState - matches shared/tabs-types.ts
+ */
+const fileViewerStateSchema = z.object({
+	filePath: z.string(),
+	viewMode: z.enum(["rendered", "raw", "diff"]),
+	isLocked: z.boolean(),
+	diffLayout: z.enum(["inline", "side-by-side"]),
+	diffCategory: z
+		.enum(["against-main", "committed", "staged", "unstaged"])
+		.optional(),
+	commitHash: z.string().optional(),
+	oldPath: z.string().optional(),
+});
+
 /**
  * Zod schema for Pane
  */
 const paneSchema = z.object({
 	id: z.string(),
 	tabId: z.string(),
-	type: z.enum(["terminal", "webview"]),
+	type: z.enum(["terminal", "webview", "file-viewer"]),
 	name: z.string(),
 	isNew: z.boolean().optional(),
 	needsAttention: z.boolean().optional(),
 	initialCommands: z.array(z.string()).optional(),
 	initialCwd: z.string().optional(),
 	url: z.string().optional(),
+	cwd: z.string().nullable().optional(),
+	cwdConfirmed: z.boolean().optional(),
+	fileViewer: fileViewerStateSchema.optional(),
 });
 
 /**
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
index 44973084803..03c03127a03 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
@@ -135,6 +135,13 @@ export function FileViewerPane({
 	const commitHash = fileViewer?.commitHash;
 	const oldPath = fileViewer?.oldPath;
 
+	// Fetch branch info for against-main diffs (P1-1)
+	const { data: branchData } = trpc.changes.getBranches.useQuery(
+		{ worktreePath },
+		{ enabled: !!worktreePath && diffCategory === "against-main" },
+	);
+	const effectiveBaseBranch = branchData?.defaultBranch ?? "main";
+
 	// Save mutation
 	const saveFileMutation = trpc.changes.saveFile.useMutation({
 		onSuccess: () => {
@@ -147,6 +154,26 @@ export function FileViewerPane({
 			utils.changes.readWorkingFile.invalidate();
 			utils.changes.getFileContents.invalidate();
 			utils.changes.getStatus.invalidate();
+
+			// P1-2: Switch to unstaged view if saving from staged (edits become unstaged changes)
+			if (diffCategory === "staged") {
+				const panes = useTabsStore.getState().panes;
+				const currentPane = panes[paneId];
+				if (currentPane?.fileViewer) {
+					useTabsStore.setState({
+						panes: {
+							...panes,
+							[paneId]: {
+								...currentPane,
+								fileViewer: {
+									...currentPane.fileViewer,
+									diffCategory: "unstaged",
+								},
+							},
+						},
+					});
+				}
+			}
 		},
 	});
 
@@ -226,6 +253,9 @@ export function FileViewerPane({
 				oldPath,
 				category: diffCategory ?? "unstaged",
 				commitHash,
+				// P1-1: Pass defaultBranch for against-main diffs
+				defaultBranch:
+					diffCategory === "against-main" ? effectiveBaseBranch : undefined,
 			},
 			{
 				enabled:

From e06731e065e40cf2f624066cca7acfbb47d9bd82 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Mon, 29 Dec 2025 20:32:43 +0200
Subject: [PATCH 06/14] fix(desktop): address critical review feedback -
 security and UX fixes

P0 (critical):
- Remove duplicate saveFile from git-operations.ts that was overwriting
  the hardened version in file-contents.ts (security vulnerability)

P1 (must fix):
- Use basename()/dirname() from node:path instead of split('/') for
  cross-platform Windows compatibility in validatePathForWrite
- Add preflight size check with git cat-file -s in safeGitShow to
  prevent memory spikes from large blobs before materializing content

P2 (UX):
- Fix split pane to clone file-viewer state instead of creating terminal
  when splitting a file-viewer pane (locked by default)

Question fix:
- Show GroupStrip with add button even when tabs.length === 0 so users
  have visible UI to create new terminal (not just hotkey)
---
 .../lib/trpc/routers/changes/file-contents.ts | 33 ++++++++++++++-----
 .../trpc/routers/changes/git-operations.ts    | 23 ++-----------
 .../TabsContent/GroupStrip/GroupStrip.tsx     | 30 ++++++++---------
 .../desktop/src/renderer/stores/tabs/store.ts | 28 ++++++++++++++--
 4 files changed, 67 insertions(+), 47 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index fd85f6eb713..8945d0830c7 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -1,5 +1,12 @@
 import { lstat, readFile, realpath, writeFile } from "node:fs/promises";
-import { isAbsolute, join, normalize, relative } from "node:path";
+import {
+	basename,
+	dirname,
+	isAbsolute,
+	join,
+	normalize,
+	relative,
+} from "node:path";
 import type { FileContents } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
@@ -104,7 +111,8 @@ async function validatePathForWrite(
 		}
 
 		// Resolve parent directory to catch symlink escapes in parent path
-		const parentDir = join(fullPath, "..");
+		// Use dirname() for cross-platform compatibility (handles both / and \ separators)
+		const parentDir = dirname(fullPath);
 		try {
 			const realParentPath = await realpath(parentDir);
 			const parentRelative = relative(realWorktreePath, realParentPath);
@@ -112,7 +120,8 @@ async function validatePathForWrite(
 				return { valid: false, reason: "outside-worktree" };
 			}
 			// Construct final path using resolved parent + filename
-			const fileName = normalizedPath.split("/").pop() || normalizedPath;
+			// Use basename() for cross-platform compatibility
+			const fileName = basename(normalizedPath);
 			const candidatePath = join(realParentPath, fileName);
 			return { valid: true, resolvedPath: candidatePath };
 		} catch {
@@ -303,17 +312,25 @@ async function getFileVersions(
 	}
 }
 
-/** Helper to safely get git show content with size limit */
+/** Helper to safely get git show content with size limit and memory protection */
 async function safeGitShow(
 	git: ReturnType<typeof simpleGit>,
 	spec: string,
 ): Promise<string> {
 	try {
-		const content = await git.show([spec]);
-		// Enforce size limit on git content (use byteLength for accurate UTF-8 size)
-		if (Buffer.byteLength(content, "utf-8") > MAX_FILE_SIZE) {
-			return `[File content truncated - exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit]`;
+		// Preflight: check blob size before loading into memory
+		// This prevents memory spikes from large files in git history
+		try {
+			const sizeOutput = await git.raw(["cat-file", "-s", spec]);
+			const blobSize = Number.parseInt(sizeOutput.trim(), 10);
+			if (!Number.isNaN(blobSize) && blobSize > MAX_FILE_SIZE) {
+				return `[File content truncated - exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit]`;
+			}
+		} catch {
+			// cat-file failed (blob doesn't exist) - let git.show handle the error
 		}
+
+		const content = await git.show([spec]);
 		return content;
 	} catch {
 		return "";
diff --git a/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts b/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
index 6e6f584cfe4..beb62f64c02 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
@@ -1,5 +1,3 @@
-import { writeFile } from "node:fs/promises";
-import { resolve } from "node:path";
 import { shell } from "electron";
 import simpleGit from "simple-git";
 import { z } from "zod";
@@ -21,25 +19,8 @@ async function hasUpstreamBranch(
 
 export const createGitOperationsRouter = () => {
 	return router({
-		saveFile: publicProcedure
-			.input(
-				z.object({
-					worktreePath: z.string(),
-					filePath: z.string(),
-					content: z.string(),
-				}),
-			)
-			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				const resolvedWorktree = resolve(input.worktreePath);
-				const fullPath = resolve(resolvedWorktree, input.filePath);
-
-				if (!fullPath.startsWith(`${resolvedWorktree}/`)) {
-					throw new Error("Invalid file path: path traversal detected");
-				}
-
-				await writeFile(fullPath, input.content, "utf-8");
-				return { success: true };
-			}),
+		// NOTE: saveFile is defined in file-contents.ts with hardened path validation
+		// Do NOT add saveFile here - it would overwrite the secure version
 
 		commit: publicProcedure
 			.input(
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
index 162114e9687..28b4abd9996 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/GroupStrip/GroupStrip.tsx
@@ -113,24 +113,22 @@ export function GroupStrip() {
 		removeTab(tabId);
 	};
 
-	if (tabs.length === 0) {
-		return null;
-	}
-
 	return (
 		<div className="flex items-center gap-1 px-2 py-1 border-b border-border bg-background shrink-0">
-			<div className="flex items-center gap-1 overflow-x-auto scrollbar-none">
-				{tabs.map((tab) => (
-					<GroupItem
-						key={tab.id}
-						tab={tab}
-						isActive={tab.id === activeTabId}
-						needsAttention={tabsWithAttention.has(tab.id)}
-						onSelect={() => handleSelectGroup(tab.id)}
-						onClose={() => handleCloseGroup(tab.id)}
-					/>
-				))}
-			</div>
+			{tabs.length > 0 && (
+				<div className="flex items-center gap-1 overflow-x-auto scrollbar-none">
+					{tabs.map((tab) => (
+						<GroupItem
+							key={tab.id}
+							tab={tab}
+							isActive={tab.id === activeTabId}
+							needsAttention={tabsWithAttention.has(tab.id)}
+							onSelect={() => handleSelectGroup(tab.id)}
+							onClose={() => handleCloseGroup(tab.id)}
+						/>
+					))}
+				</div>
+			)}
 			<Tooltip>
 				<TooltipTrigger asChild>
 					<Button
diff --git a/apps/desktop/src/renderer/stores/tabs/store.ts b/apps/desktop/src/renderer/stores/tabs/store.ts
index 3a921e153d0..2c8af88ddbb 100644
--- a/apps/desktop/src/renderer/stores/tabs/store.ts
+++ b/apps/desktop/src/renderer/stores/tabs/store.ts
@@ -568,7 +568,19 @@ export const useTabsStore = create<TabsStore>()(
 					const sourcePane = state.panes[sourcePaneId];
 					if (!sourcePane || sourcePane.tabId !== tabId) return;
 
-					const newPane = createPane(tabId);
+					// Clone file-viewer panes instead of creating a terminal
+					const newPane =
+						sourcePane.type === "file-viewer" && sourcePane.fileViewer
+							? createFileViewerPane(tabId, {
+									filePath: sourcePane.fileViewer.filePath,
+									viewMode: sourcePane.fileViewer.viewMode,
+									isLocked: true, // Lock the cloned pane
+									diffLayout: sourcePane.fileViewer.diffLayout,
+									diffCategory: sourcePane.fileViewer.diffCategory,
+									commitHash: sourcePane.fileViewer.commitHash,
+									oldPath: sourcePane.fileViewer.oldPath,
+								})
+							: createPane(tabId);
 
 					let newLayout: MosaicNode<string>;
 					if (path && path.length > 0) {
@@ -616,7 +628,19 @@ export const useTabsStore = create<TabsStore>()(
 					const sourcePane = state.panes[sourcePaneId];
 					if (!sourcePane || sourcePane.tabId !== tabId) return;
 
-					const newPane = createPane(tabId);
+					// Clone file-viewer panes instead of creating a terminal
+					const newPane =
+						sourcePane.type === "file-viewer" && sourcePane.fileViewer
+							? createFileViewerPane(tabId, {
+									filePath: sourcePane.fileViewer.filePath,
+									viewMode: sourcePane.fileViewer.viewMode,
+									isLocked: true, // Lock the cloned pane
+									diffLayout: sourcePane.fileViewer.diffLayout,
+									diffCategory: sourcePane.fileViewer.diffCategory,
+									commitHash: sourcePane.fileViewer.commitHash,
+									oldPath: sourcePane.fileViewer.oldPath,
+								})
+							: createPane(tabId);
 
 					let newLayout: MosaicNode<string>;
 					if (path && path.length > 0) {

From e9f4f2e3886b6df3c097de0a5ceec84f5bf95efa Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Mon, 29 Dec 2025 20:57:41 +0200
Subject: [PATCH 07/14] fix(desktop): critical security fix - validate
 worktreePath against localDb

P0 (CRITICAL SECURITY):
- Add validateWorktreePathInDb() that verifies worktreePath exists in
  localDb.worktrees before any filesystem operations
- Without this, a compromised renderer could read/write arbitrary files
  by passing worktreePath='/' and filePath='.ssh/id_rsa'
- Applied to getFileContents, saveFile, and readWorkingFile procedures

P1 (correctness):
- Replace startsWith('..') checks with segment-aware containsPathTraversal()
  and isPathOutsideBase() helpers that use path.sep
- Fixes false positives on valid paths like '..foo/bar' (directories
  starting with '..')
- Cross-platform compatible (handles both / and \ separators)

P2 (performance):
- Guard killTerminalForPane() calls on pane.type === 'terminal'
- Prevents unnecessary IPC and warning logs when closing file-viewer panes
---
 .../lib/trpc/routers/changes/file-contents.ts | 91 +++++++++++++++++--
 .../desktop/src/renderer/stores/tabs/store.ts | 11 ++-
 2 files changed, 91 insertions(+), 11 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index 8945d0830c7..3015b7ef2f2 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -6,13 +6,71 @@ import {
 	join,
 	normalize,
 	relative,
+	sep,
 } from "node:path";
+import { worktrees } from "@superset/local-db";
+import { eq } from "drizzle-orm";
+import { localDb } from "main/lib/local-db";
 import type { FileContents } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
 import { detectLanguage } from "./utils/parse-status";
 
+/**
+ * Validates that a worktreePath exists in localDb.worktrees.
+ * This prevents arbitrary filesystem access by ensuring the path
+ * is a known, registered worktree.
+ *
+ * SECURITY: This is critical - without this check, a compromised renderer
+ * could read/write arbitrary files by passing worktreePath="/" or similar.
+ */
+function validateWorktreePathInDb(worktreePath: string): boolean {
+	const worktree = localDb
+		.select()
+		.from(worktrees)
+		.where(eq(worktrees.path, worktreePath))
+		.get();
+	return !!worktree;
+}
+
+/**
+ * Checks if a normalized path contains directory traversal patterns.
+ * Uses segment-aware checks to avoid false positives on paths like "..foo/bar".
+ */
+function containsPathTraversal(normalizedPath: string): boolean {
+	// Check if path is exactly ".." or starts with "../" (or "..\\" on Windows)
+	if (normalizedPath === ".." || normalizedPath.startsWith(`..${sep}`)) {
+		return true;
+	}
+	// Check for "/../" or "\..\" anywhere in the path
+	if (normalizedPath.includes(`${sep}..${sep}`)) {
+		return true;
+	}
+	// Check if path ends with "/.." or "\.."
+	if (normalizedPath.endsWith(`${sep}..`)) {
+		return true;
+	}
+	return false;
+}
+
+/**
+ * Checks if a relative path escapes outside its base directory.
+ * Uses segment-aware checks for cross-platform compatibility.
+ */
+function isPathOutsideBase(relativePath: string): boolean {
+	if (isAbsolute(relativePath)) {
+		return true;
+	}
+	// Segment-aware check: path is outside if it equals ".." or starts with "../"
+	return (
+		relativePath === ".." ||
+		relativePath.startsWith(`..${sep}`) ||
+		// Also handle forward slashes on all platforms (relative() may use them)
+		relativePath.startsWith("../")
+	);
+}
+
 /** Maximum file size for reading (2 MiB) */
 const MAX_FILE_SIZE = 2 * 1024 * 1024;
 
@@ -42,9 +100,9 @@ async function validatePathInWorktree(
 		return { valid: false, reason: "outside-worktree" };
 	}
 
-	// Normalize and check for traversal
+	// Normalize and check for traversal using segment-aware check
 	const normalizedPath = normalize(filePath);
-	if (normalizedPath.startsWith("..") || normalizedPath.includes("/../")) {
+	if (containsPathTraversal(normalizedPath)) {
 		return { valid: false, reason: "outside-worktree" };
 	}
 
@@ -56,8 +114,8 @@ async function validatePathInWorktree(
 		const realFilePath = await realpath(fullPath);
 		const relativePath = relative(realWorktreePath, realFilePath);
 
-		// If relative path starts with "..", the file is outside worktree
-		if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+		// Use segment-aware check for relative path
+		if (isPathOutsideBase(relativePath)) {
 			return { valid: false, reason: "outside-worktree" };
 		}
 
@@ -82,9 +140,9 @@ async function validatePathForWrite(
 		return { valid: false, reason: "outside-worktree" };
 	}
 
-	// Normalize and check for traversal
+	// Normalize and check for traversal using segment-aware check
 	const normalizedPath = normalize(filePath);
-	if (normalizedPath.startsWith("..") || normalizedPath.includes("/../")) {
+	if (containsPathTraversal(normalizedPath)) {
 		return { valid: false, reason: "outside-worktree" };
 	}
 
@@ -101,7 +159,7 @@ async function validatePathForWrite(
 				// File exists and is a symlink - verify target is within worktree
 				const realFilePath = await realpath(fullPath);
 				const relativePath = relative(realWorktreePath, realFilePath);
-				if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+				if (isPathOutsideBase(relativePath)) {
 					return { valid: false, reason: "outside-worktree" };
 				}
 				return { valid: true, resolvedPath: realFilePath };
@@ -116,7 +174,7 @@ async function validatePathForWrite(
 		try {
 			const realParentPath = await realpath(parentDir);
 			const parentRelative = relative(realWorktreePath, realParentPath);
-			if (parentRelative.startsWith("..") || isAbsolute(parentRelative)) {
+			if (isPathOutsideBase(parentRelative)) {
 				return { valid: false, reason: "outside-worktree" };
 			}
 			// Construct final path using resolved parent + filename
@@ -128,7 +186,7 @@ async function validatePathForWrite(
 			// Parent directory doesn't exist - fall back to path validation
 			const candidatePath = join(realWorktreePath, normalizedPath);
 			const relativePath = relative(realWorktreePath, candidatePath);
-			if (relativePath.startsWith("..") || isAbsolute(relativePath)) {
+			if (isPathOutsideBase(relativePath)) {
 				return { valid: false, reason: "outside-worktree" };
 			}
 			return { valid: true, resolvedPath: candidatePath };
@@ -166,6 +224,11 @@ export const createFileContentsRouter = () => {
 				}),
 			)
 			.query(async ({ input }): Promise<FileContents> => {
+				// SECURITY: Validate worktreePath exists in localDb to prevent arbitrary FS access
+				if (!validateWorktreePathInDb(input.worktreePath)) {
+					throw new Error(`Unauthorized: worktree path not found in database`);
+				}
+
 				const git = simpleGit(input.worktreePath);
 				const defaultBranch = input.defaultBranch || "main";
 				const originalPath = input.oldPath || input.filePath;
@@ -196,6 +259,11 @@ export const createFileContentsRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb to prevent arbitrary FS access
+				if (!validateWorktreePathInDb(input.worktreePath)) {
+					throw new Error(`Unauthorized: worktree path not found in database`);
+				}
+
 				// Validate path is within worktree (prevents path traversal attacks)
 				const validation = await validatePathForWrite(
 					input.worktreePath,
@@ -227,6 +295,11 @@ export const createFileContentsRouter = () => {
 				}),
 			)
 			.query(async ({ input }): Promise<ReadWorkingFileResult> => {
+				// SECURITY: Validate worktreePath exists in localDb to prevent arbitrary FS access
+				if (!validateWorktreePathInDb(input.worktreePath)) {
+					return { ok: false, reason: "outside-worktree" };
+				}
+
 				// Validate path is within worktree
 				const validation = await validatePathInWorktree(
 					input.worktreePath,
diff --git a/apps/desktop/src/renderer/stores/tabs/store.ts b/apps/desktop/src/renderer/stores/tabs/store.ts
index 2c8af88ddbb..a76f4ba4a11 100644
--- a/apps/desktop/src/renderer/stores/tabs/store.ts
+++ b/apps/desktop/src/renderer/stores/tabs/store.ts
@@ -126,7 +126,11 @@ export const useTabsStore = create<TabsStore>()(
 
 					const paneIds = getPaneIdsForTab(state.panes, tabId);
 					for (const paneId of paneIds) {
-						killTerminalForPane(paneId);
+						// Only kill terminal sessions for terminal panes (avoids unnecessary IPC for file-viewers)
+						const pane = state.panes[paneId];
+						if (pane?.type === "terminal") {
+							killTerminalForPane(paneId);
+						}
 					}
 
 					const newPanes = { ...state.panes };
@@ -459,7 +463,10 @@ export const useTabsStore = create<TabsStore>()(
 						return;
 					}
 
-					killTerminalForPane(paneId);
+					// Only kill terminal sessions for terminal panes (avoids unnecessary IPC for file-viewers)
+					if (pane.type === "terminal") {
+						killTerminalForPane(paneId);
+					}
 
 					const newLayout = removePaneFromLayout(tab.layout, paneId);
 					if (!newLayout) {

From 927d0406c2ca45a2a6164b6ea235c1ac555cc48e Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Tue, 30 Dec 2025 00:45:24 +0200
Subject: [PATCH 08/14] fix(desktop): security - validate worktreePath in all
 routes + preserve editor drafts

P0 (security):
- Extract assertWorktreePathInDb to shared security.ts
- Returns worktree record to avoid duplicate queries
- Apply validation to ALL routes: git-operations, status, staging, branches

P1 (data loss):
- Preserve unsaved editor content across view mode switches
- Store draft in ref before switching away from raw mode
- Restore draft when returning to raw mode
- Clear draft on save and file change
- Update dirty state on editor mount with draft content
---
 .../src/lib/trpc/routers/changes/branches.ts  | 16 +++----
 .../lib/trpc/routers/changes/file-contents.ts | 21 +--------
 .../trpc/routers/changes/git-operations.ts    | 16 +++++++
 .../src/lib/trpc/routers/changes/security.ts  | 44 +++++++++++++++++++
 .../src/lib/trpc/routers/changes/staging.ts   | 19 ++++++++
 .../src/lib/trpc/routers/changes/status.ts    |  7 +++
 .../TabView/FileViewerPane/FileViewerPane.tsx | 24 ++++++++--
 7 files changed, 114 insertions(+), 33 deletions(-)
 create mode 100644 apps/desktop/src/lib/trpc/routers/changes/security.ts

diff --git a/apps/desktop/src/lib/trpc/routers/changes/branches.ts b/apps/desktop/src/lib/trpc/routers/changes/branches.ts
index bc63ab91aa3..263234edcba 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/branches.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/branches.ts
@@ -4,6 +4,7 @@ import { localDb } from "main/lib/local-db";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
+import { assertWorktreePathInDb } from "./security";
 
 export const createBranchesRouter = () => {
 	return router({
@@ -18,6 +19,9 @@ export const createBranchesRouter = () => {
 					defaultBranch: string;
 					checkedOutBranches: Record<string, string>;
 				}> => {
+					// SECURITY: Validate worktreePath exists in localDb
+					assertWorktreePathInDb(input.worktreePath);
+
 					const git = simpleGit(input.worktreePath);
 
 					const branchSummary = await git.branch(["-a"]);
@@ -59,16 +63,10 @@ export const createBranchesRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				const git = simpleGit(input.worktreePath);
+				// SECURITY: Validate worktreePath exists in localDb and get record
+				const worktree = assertWorktreePathInDb(input.worktreePath);
 
-				const worktree = localDb
-					.select()
-					.from(worktrees)
-					.where(eq(worktrees.path, input.worktreePath))
-					.get();
-				if (!worktree) {
-					throw new Error(`No worktree found at path "${input.worktreePath}"`);
-				}
+				const git = simpleGit(input.worktreePath);
 
 				await git.checkout(input.branch);
 
diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index 3015b7ef2f2..a608bd542f3 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -8,32 +8,13 @@ import {
 	relative,
 	sep,
 } from "node:path";
-import { worktrees } from "@superset/local-db";
-import { eq } from "drizzle-orm";
-import { localDb } from "main/lib/local-db";
 import type { FileContents } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
+import { validateWorktreePathInDb } from "./security";
 import { detectLanguage } from "./utils/parse-status";
 
-/**
- * Validates that a worktreePath exists in localDb.worktrees.
- * This prevents arbitrary filesystem access by ensuring the path
- * is a known, registered worktree.
- *
- * SECURITY: This is critical - without this check, a compromised renderer
- * could read/write arbitrary files by passing worktreePath="/" or similar.
- */
-function validateWorktreePathInDb(worktreePath: string): boolean {
-	const worktree = localDb
-		.select()
-		.from(worktrees)
-		.where(eq(worktrees.path, worktreePath))
-		.get();
-	return !!worktree;
-}
-
 /**
  * Checks if a normalized path contains directory traversal patterns.
  * Uses segment-aware checks to avoid false positives on paths like "..foo/bar".
diff --git a/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts b/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
index beb62f64c02..8db35e91d90 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
@@ -3,6 +3,7 @@ import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
 import { isUpstreamMissingError } from "./git-utils";
+import { assertWorktreePathInDb } from "./security";
 
 export { isUpstreamMissingError };
 
@@ -31,6 +32,9 @@ export const createGitOperationsRouter = () => {
 			)
 			.mutation(
 				async ({ input }): Promise<{ success: boolean; hash: string }> => {
+					// SECURITY: Validate worktreePath exists in localDb
+					assertWorktreePathInDb(input.worktreePath);
+
 					const git = simpleGit(input.worktreePath);
 					const result = await git.commit(input.message);
 					return { success: true, hash: result.commit };
@@ -45,6 +49,9 @@ export const createGitOperationsRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				const hasUpstream = await hasUpstreamBranch(git);
 
@@ -65,6 +72,9 @@ export const createGitOperationsRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				try {
 					await git.pull(["--rebase"]);
@@ -88,6 +98,9 @@ export const createGitOperationsRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				try {
 					await git.pull(["--rebase"]);
@@ -115,6 +128,9 @@ export const createGitOperationsRouter = () => {
 			)
 			.mutation(
 				async ({ input }): Promise<{ success: boolean; url: string }> => {
+					// SECURITY: Validate worktreePath exists in localDb
+					assertWorktreePathInDb(input.worktreePath);
+
 					const git = simpleGit(input.worktreePath);
 					const branch = (await git.revparse(["--abbrev-ref", "HEAD"])).trim();
 					const hasUpstream = await hasUpstreamBranch(git);
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security.ts b/apps/desktop/src/lib/trpc/routers/changes/security.ts
new file mode 100644
index 00000000000..d1845006cae
--- /dev/null
+++ b/apps/desktop/src/lib/trpc/routers/changes/security.ts
@@ -0,0 +1,44 @@
+import { worktrees } from "@superset/local-db";
+import { eq } from "drizzle-orm";
+import { localDb } from "main/lib/local-db";
+
+/** Type for worktree record returned from localDb */
+export type WorktreeRecord = typeof worktrees.$inferSelect;
+
+/**
+ * Validates that a worktreePath exists in localDb.worktrees.
+ * This prevents arbitrary filesystem/git access by ensuring the path
+ * is a known, registered worktree.
+ *
+ * SECURITY: This is critical - without this check, a compromised renderer
+ * could access arbitrary files/repos by passing worktreePath="/" or similar.
+ *
+ * @returns The worktree record from the database
+ * @throws Error if worktreePath is not found in the database
+ */
+export function assertWorktreePathInDb(worktreePath: string): WorktreeRecord {
+	const worktree = localDb
+		.select()
+		.from(worktrees)
+		.where(eq(worktrees.path, worktreePath))
+		.get();
+
+	if (!worktree) {
+		throw new Error("Unauthorized: worktree path not found in database");
+	}
+
+	return worktree;
+}
+
+/**
+ * Non-throwing version of assertWorktreePathInDb.
+ * Returns true if the worktreePath exists in localDb.worktrees.
+ */
+export function validateWorktreePathInDb(worktreePath: string): boolean {
+	const worktree = localDb
+		.select()
+		.from(worktrees)
+		.where(eq(worktrees.path, worktreePath))
+		.get();
+	return !!worktree;
+}
diff --git a/apps/desktop/src/lib/trpc/routers/changes/staging.ts b/apps/desktop/src/lib/trpc/routers/changes/staging.ts
index 1d3109a65d8..a69244934a6 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/staging.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/staging.ts
@@ -3,6 +3,7 @@ import { join } from "node:path";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
+import { assertWorktreePathInDb } from "./security";
 
 export const createStagingRouter = () => {
 	return router({
@@ -14,6 +15,9 @@ export const createStagingRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				await git.add(input.filePath);
 				return { success: true };
@@ -27,6 +31,9 @@ export const createStagingRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				await git.reset(["HEAD", "--", input.filePath]);
 				return { success: true };
@@ -40,6 +47,9 @@ export const createStagingRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				await git.checkout(["--", input.filePath]);
 				return { success: true };
@@ -48,6 +58,9 @@ export const createStagingRouter = () => {
 		stageAll: publicProcedure
 			.input(z.object({ worktreePath: z.string() }))
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				await git.add("-A");
 				return { success: true };
@@ -56,6 +69,9 @@ export const createStagingRouter = () => {
 		unstageAll: publicProcedure
 			.input(z.object({ worktreePath: z.string() }))
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				await git.reset(["HEAD"]);
 				return { success: true };
@@ -69,6 +85,9 @@ export const createStagingRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const fullPath = join(input.worktreePath, input.filePath);
 				await rm(fullPath, { recursive: true, force: true });
 				return { success: true };
diff --git a/apps/desktop/src/lib/trpc/routers/changes/status.ts b/apps/desktop/src/lib/trpc/routers/changes/status.ts
index c547b98558c..cb75081c0f9 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/status.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/status.ts
@@ -4,6 +4,7 @@ import type { ChangedFile, GitChangesStatus } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
+import { assertWorktreePathInDb } from "./security";
 import { applyNumstatToFiles } from "./utils/apply-numstat";
 import {
 	parseGitLog,
@@ -21,6 +22,9 @@ export const createStatusRouter = () => {
 				}),
 			)
 			.query(async ({ input }): Promise<GitChangesStatus> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 				const defaultBranch = input.defaultBranch || "main";
 
@@ -64,6 +68,9 @@ export const createStatusRouter = () => {
 				}),
 			)
 			.query(async ({ input }): Promise<ChangedFile[]> => {
+				// SECURITY: Validate worktreePath exists in localDb
+				assertWorktreePathInDb(input.worktreePath);
+
 				const git = simpleGit(input.worktreePath);
 
 				const nameStatus = await git.raw([
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
index 03c03127a03..53e743f2dbd 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
@@ -103,6 +103,8 @@ export function FileViewerPane({
 	const editorRef = useRef<Monaco.editor.IStandaloneCodeEditor | null>(null);
 	const [isDirty, setIsDirty] = useState(false);
 	const originalContentRef = useRef<string>("");
+	// Store draft content to preserve edits across view mode switches
+	const draftContentRef = useRef<string | null>(null);
 	const utils = trpc.useUtils();
 
 	// Track container dimensions for auto-split orientation
@@ -150,6 +152,8 @@ export function FileViewerPane({
 			if (editorRef.current) {
 				originalContentRef.current = editorRef.current.getValue();
 			}
+			// P1: Clear draft since content is now saved
+			draftContentRef.current = null;
 			// Invalidate queries to refresh data
 			utils.changes.readWorkingFile.invalidate();
 			utils.changes.getFileContents.invalidate();
@@ -204,8 +208,13 @@ export function FileViewerPane({
 	const handleEditorMount: OnMount = useCallback(
 		(editor) => {
 			editorRef.current = editor;
-			// Store original content for dirty tracking
-			originalContentRef.current = editor.getValue();
+			// Store original content for dirty tracking (only if not restoring draft)
+			// If we have draft content, originalContentRef is already set to the file content
+			if (!draftContentRef.current) {
+				originalContentRef.current = editor.getValue();
+			}
+			// P1: Update dirty state based on restored draft content
+			setIsDirty(editor.getValue() !== originalContentRef.current);
 
 			// Register save action with Cmd+S / Ctrl+S
 			editor.addAction({
@@ -227,11 +236,12 @@ export function FileViewerPane({
 		}
 	}, []);
 
-	// Reset dirty state when file changes
+	// Reset dirty state and draft when file changes
 	// biome-ignore lint/correctness/useExhaustiveDependencies: Reset on file change only
 	useEffect(() => {
 		setIsDirty(false);
 		originalContentRef.current = "";
+		draftContentRef.current = null;
 	}, [filePath]);
 
 	// Fetch raw file content - always call hook, use enabled to control fetching
@@ -328,6 +338,11 @@ export function FileViewerPane({
 		if (!value) return;
 		const newMode = value as FileViewerMode;
 
+		// P1: Save current editor content before switching away from raw mode
+		if (viewMode === "raw" && editorRef.current) {
+			draftContentRef.current = editorRef.current.getValue();
+		}
+
 		// Update the pane's view mode in the store
 		const panes = useTabsStore.getState().panes;
 		const currentPane = panes[paneId];
@@ -429,12 +444,13 @@ export function FileViewerPane({
 		}
 
 		// P0-2: Key by filePath to force remount and fresh action registration
+		// P1: Use draft content if available (preserves edits across view mode switches)
 		return (
 			<Editor
 				key={filePath}
 				height="100%"
 				language={detectLanguage(filePath)}
-				value={rawFileData.content}
+				value={draftContentRef.current ?? rawFileData.content}
 				theme={SUPERSET_THEME}
 				onMount={handleEditorMount}
 				onChange={handleEditorChange}

From 31eb9cfae006e8d37170a872581a4be39ae787e8 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Tue, 30 Dec 2025 08:35:45 +0200
Subject: [PATCH 09/14] fix(desktop): security - path traversal in
 deleteUntracked + draft protection

P0 Security (BLOCK):
- Add validatePathInWorktree() check before rm() in deleteUntracked
- Prevents path traversal (../) and symlink escape attacks
- Consolidated path validation utilities in security.ts

P1 Data Loss:
- Track save source (Raw vs Diff) with savingFromRawRef
- Only clear draft when saving from Raw mode
- Disable Diff editing when Raw draft exists (forces user to save/discard)

P2:
- Use ['--', filePath] in git.add() to handle paths starting with -
---
 .../lib/trpc/routers/changes/file-contents.ts | 173 +-----------------
 .../src/lib/trpc/routers/changes/security.ts  | 168 +++++++++++++++++
 .../src/lib/trpc/routers/changes/staging.ts   |  24 ++-
 .../TabView/FileViewerPane/FileViewerPane.tsx |  20 +-
 4 files changed, 214 insertions(+), 171 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index a608bd542f3..80357b63e9d 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -1,57 +1,16 @@
-import { lstat, readFile, realpath, writeFile } from "node:fs/promises";
-import {
-	basename,
-	dirname,
-	isAbsolute,
-	join,
-	normalize,
-	relative,
-	sep,
-} from "node:path";
+import { lstat, readFile, writeFile } from "node:fs/promises";
+import { join } from "node:path";
 import type { FileContents } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import { validateWorktreePathInDb } from "./security";
+import {
+	validatePathForWrite,
+	validatePathInWorktree,
+	validateWorktreePathInDb,
+} from "./security";
 import { detectLanguage } from "./utils/parse-status";
 
-/**
- * Checks if a normalized path contains directory traversal patterns.
- * Uses segment-aware checks to avoid false positives on paths like "..foo/bar".
- */
-function containsPathTraversal(normalizedPath: string): boolean {
-	// Check if path is exactly ".." or starts with "../" (or "..\\" on Windows)
-	if (normalizedPath === ".." || normalizedPath.startsWith(`..${sep}`)) {
-		return true;
-	}
-	// Check for "/../" or "\..\" anywhere in the path
-	if (normalizedPath.includes(`${sep}..${sep}`)) {
-		return true;
-	}
-	// Check if path ends with "/.." or "\.."
-	if (normalizedPath.endsWith(`${sep}..`)) {
-		return true;
-	}
-	return false;
-}
-
-/**
- * Checks if a relative path escapes outside its base directory.
- * Uses segment-aware checks for cross-platform compatibility.
- */
-function isPathOutsideBase(relativePath: string): boolean {
-	if (isAbsolute(relativePath)) {
-		return true;
-	}
-	// Segment-aware check: path is outside if it equals ".." or starts with "../"
-	return (
-		relativePath === ".." ||
-		relativePath.startsWith(`..${sep}`) ||
-		// Also handle forward slashes on all platforms (relative() may use them)
-		relativePath.startsWith("../")
-	);
-}
-
 /** Maximum file size for reading (2 MiB) */
 const MAX_FILE_SIZE = 2 * 1024 * 1024;
 
@@ -68,116 +27,6 @@ type ReadWorkingFileResult =
 			reason: "not-found" | "too-large" | "binary" | "outside-worktree";
 	  };
 
-/**
- * Validates that a file path is within the worktree and doesn't escape via symlinks.
- * Requires the file to exist (uses realpath).
- */
-async function validatePathInWorktree(
-	worktreePath: string,
-	filePath: string,
-): Promise<{ valid: boolean; resolvedPath?: string; reason?: string }> {
-	// Reject absolute paths
-	if (isAbsolute(filePath)) {
-		return { valid: false, reason: "outside-worktree" };
-	}
-
-	// Normalize and check for traversal using segment-aware check
-	const normalizedPath = normalize(filePath);
-	if (containsPathTraversal(normalizedPath)) {
-		return { valid: false, reason: "outside-worktree" };
-	}
-
-	const fullPath = join(worktreePath, normalizedPath);
-
-	// Resolve symlinks and verify the real path is still within worktree
-	try {
-		const realWorktreePath = await realpath(worktreePath);
-		const realFilePath = await realpath(fullPath);
-		const relativePath = relative(realWorktreePath, realFilePath);
-
-		// Use segment-aware check for relative path
-		if (isPathOutsideBase(relativePath)) {
-			return { valid: false, reason: "outside-worktree" };
-		}
-
-		return { valid: true, resolvedPath: realFilePath };
-	} catch {
-		// File doesn't exist
-		return { valid: false, reason: "not-found" };
-	}
-}
-
-/**
- * Validates that a file path is safe for writing within the worktree.
- * Does not require the file to exist (validates path structure and parent directory).
- * Also checks for symlink escape attacks.
- */
-async function validatePathForWrite(
-	worktreePath: string,
-	filePath: string,
-): Promise<{ valid: boolean; resolvedPath?: string; reason?: string }> {
-	// Reject absolute paths
-	if (isAbsolute(filePath)) {
-		return { valid: false, reason: "outside-worktree" };
-	}
-
-	// Normalize and check for traversal using segment-aware check
-	const normalizedPath = normalize(filePath);
-	if (containsPathTraversal(normalizedPath)) {
-		return { valid: false, reason: "outside-worktree" };
-	}
-
-	const fullPath = join(worktreePath, normalizedPath);
-
-	// Resolve the worktree path and verify our target path is within it
-	try {
-		const realWorktreePath = await realpath(worktreePath);
-
-		// Check if target file exists and is a symlink - reject symlinks to prevent escape
-		try {
-			const stats = await lstat(fullPath);
-			if (stats.isSymbolicLink()) {
-				// File exists and is a symlink - verify target is within worktree
-				const realFilePath = await realpath(fullPath);
-				const relativePath = relative(realWorktreePath, realFilePath);
-				if (isPathOutsideBase(relativePath)) {
-					return { valid: false, reason: "outside-worktree" };
-				}
-				return { valid: true, resolvedPath: realFilePath };
-			}
-		} catch {
-			// File doesn't exist yet - that's fine for writes, continue with parent check
-		}
-
-		// Resolve parent directory to catch symlink escapes in parent path
-		// Use dirname() for cross-platform compatibility (handles both / and \ separators)
-		const parentDir = dirname(fullPath);
-		try {
-			const realParentPath = await realpath(parentDir);
-			const parentRelative = relative(realWorktreePath, realParentPath);
-			if (isPathOutsideBase(parentRelative)) {
-				return { valid: false, reason: "outside-worktree" };
-			}
-			// Construct final path using resolved parent + filename
-			// Use basename() for cross-platform compatibility
-			const fileName = basename(normalizedPath);
-			const candidatePath = join(realParentPath, fileName);
-			return { valid: true, resolvedPath: candidatePath };
-		} catch {
-			// Parent directory doesn't exist - fall back to path validation
-			const candidatePath = join(realWorktreePath, normalizedPath);
-			const relativePath = relative(realWorktreePath, candidatePath);
-			if (isPathOutsideBase(relativePath)) {
-				return { valid: false, reason: "outside-worktree" };
-			}
-			return { valid: true, resolvedPath: candidatePath };
-		}
-	} catch {
-		// Worktree path doesn't exist or isn't accessible
-		return { valid: false, reason: "not-found" };
-	}
-}
-
 /**
  * Detects if a buffer contains binary content by checking for NUL bytes
  */
@@ -251,7 +100,7 @@ export const createFileContentsRouter = () => {
 					input.filePath,
 				);
 
-				if (!validation.valid || !validation.resolvedPath) {
+				if (!validation.valid) {
 					throw new Error(
 						validation.reason === "outside-worktree"
 							? "Cannot write to files outside worktree"
@@ -287,12 +136,10 @@ export const createFileContentsRouter = () => {
 					input.filePath,
 				);
 
-				if (!validation.valid || !validation.resolvedPath) {
+				if (!validation.valid) {
 					return {
 						ok: false,
-						reason: (validation.reason ?? "not-found") as
-							| "not-found"
-							| "outside-worktree",
+						reason: validation.reason,
 					};
 				}
 
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security.ts b/apps/desktop/src/lib/trpc/routers/changes/security.ts
index d1845006cae..a219dcb8a64 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/security.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/security.ts
@@ -1,3 +1,13 @@
+import { lstat, realpath } from "node:fs/promises";
+import {
+	basename,
+	dirname,
+	isAbsolute,
+	join,
+	normalize,
+	relative,
+	sep,
+} from "node:path";
 import { worktrees } from "@superset/local-db";
 import { eq } from "drizzle-orm";
 import { localDb } from "main/lib/local-db";
@@ -42,3 +52,161 @@ export function validateWorktreePathInDb(worktreePath: string): boolean {
 		.get();
 	return !!worktree;
 }
+
+// ============================================================================
+// Path Validation Utilities
+// ============================================================================
+
+/**
+ * Checks if a normalized path contains directory traversal patterns.
+ * Uses segment-aware checks to avoid false positives on paths like "..foo/bar".
+ */
+export function containsPathTraversal(normalizedPath: string): boolean {
+	// Check if path is exactly ".." or starts with "../" (or "..\\" on Windows)
+	if (normalizedPath === ".." || normalizedPath.startsWith(`..${sep}`)) {
+		return true;
+	}
+	// Check for "/../" or "\..\" anywhere in the path
+	if (normalizedPath.includes(`${sep}..${sep}`)) {
+		return true;
+	}
+	// Check if path ends with "/.." or "\.."
+	if (normalizedPath.endsWith(`${sep}..`)) {
+		return true;
+	}
+	return false;
+}
+
+/**
+ * Checks if a relative path escapes outside its base directory.
+ * Uses segment-aware checks for cross-platform compatibility.
+ */
+export function isPathOutsideBase(relativePath: string): boolean {
+	if (isAbsolute(relativePath)) {
+		return true;
+	}
+	// Segment-aware check: path is outside if it equals ".." or starts with "../"
+	return (
+		relativePath === ".." ||
+		relativePath.startsWith(`..${sep}`) ||
+		// Also handle forward slashes on all platforms (relative() may use them)
+		relativePath.startsWith("../")
+	);
+}
+
+/** Result type for path validation */
+export type PathValidationResult =
+	| { valid: true; resolvedPath: string }
+	| { valid: false; reason: "not-found" | "outside-worktree" };
+
+/**
+ * Validates that a file path is within the worktree and doesn't escape via symlinks.
+ * Requires the file to exist (uses realpath).
+ *
+ * SECURITY: Use this before ANY filesystem operation on user-provided paths.
+ */
+export async function validatePathInWorktree(
+	worktreePath: string,
+	filePath: string,
+): Promise<PathValidationResult> {
+	// Reject absolute paths
+	if (isAbsolute(filePath)) {
+		return { valid: false, reason: "outside-worktree" };
+	}
+
+	// Normalize and check for traversal using segment-aware check
+	const normalizedPath = normalize(filePath);
+	if (containsPathTraversal(normalizedPath)) {
+		return { valid: false, reason: "outside-worktree" };
+	}
+
+	const fullPath = join(worktreePath, normalizedPath);
+
+	// Resolve symlinks and verify the real path is still within worktree
+	try {
+		const realWorktreePath = await realpath(worktreePath);
+		const realFilePath = await realpath(fullPath);
+		const relativePath = relative(realWorktreePath, realFilePath);
+
+		// Use segment-aware check for relative path
+		if (isPathOutsideBase(relativePath)) {
+			return { valid: false, reason: "outside-worktree" };
+		}
+
+		return { valid: true, resolvedPath: realFilePath };
+	} catch {
+		// File doesn't exist
+		return { valid: false, reason: "not-found" };
+	}
+}
+
+/**
+ * Validates that a file path is safe for writing within the worktree.
+ * Does not require the file to exist (validates path structure and parent directory).
+ * Also checks for symlink escape attacks.
+ *
+ * SECURITY: Use this before ANY write operation on user-provided paths.
+ */
+export async function validatePathForWrite(
+	worktreePath: string,
+	filePath: string,
+): Promise<PathValidationResult> {
+	// Reject absolute paths
+	if (isAbsolute(filePath)) {
+		return { valid: false, reason: "outside-worktree" };
+	}
+
+	// Normalize and check for traversal using segment-aware check
+	const normalizedPath = normalize(filePath);
+	if (containsPathTraversal(normalizedPath)) {
+		return { valid: false, reason: "outside-worktree" };
+	}
+
+	const fullPath = join(worktreePath, normalizedPath);
+
+	// Resolve the worktree path and verify our target path is within it
+	try {
+		const realWorktreePath = await realpath(worktreePath);
+
+		// Check if target file exists and is a symlink - reject symlinks to prevent escape
+		try {
+			const stats = await lstat(fullPath);
+			if (stats.isSymbolicLink()) {
+				// File exists and is a symlink - verify target is within worktree
+				const realFilePath = await realpath(fullPath);
+				const relativePath = relative(realWorktreePath, realFilePath);
+				if (isPathOutsideBase(relativePath)) {
+					return { valid: false, reason: "outside-worktree" };
+				}
+				return { valid: true, resolvedPath: realFilePath };
+			}
+		} catch {
+			// File doesn't exist yet - that's fine for writes, continue with parent check
+		}
+
+		// Resolve parent directory to catch symlink escapes in parent path
+		const parentDir = dirname(fullPath);
+		try {
+			const realParentPath = await realpath(parentDir);
+			const parentRelative = relative(realWorktreePath, realParentPath);
+			if (isPathOutsideBase(parentRelative)) {
+				return { valid: false, reason: "outside-worktree" };
+			}
+			// Construct final path using resolved parent + filename
+			const fileName = basename(normalizedPath);
+			const candidatePath = join(realParentPath, fileName);
+			return { valid: true, resolvedPath: candidatePath };
+		} catch {
+			// Parent directory doesn't exist - fall back to path validation
+			const candidatePath = join(realWorktreePath, normalizedPath);
+			const relativePath = relative(realWorktreePath, candidatePath);
+			if (isPathOutsideBase(relativePath)) {
+				return { valid: false, reason: "outside-worktree" };
+			}
+			return { valid: true, resolvedPath: candidatePath };
+		}
+	} catch {
+		// Worktree path doesn't exist or isn't accessible
+		return { valid: false, reason: "not-found" };
+	}
+}
diff --git a/apps/desktop/src/lib/trpc/routers/changes/staging.ts b/apps/desktop/src/lib/trpc/routers/changes/staging.ts
index a69244934a6..0cd83f17a5f 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/staging.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/staging.ts
@@ -1,9 +1,8 @@
 import { rm } from "node:fs/promises";
-import { join } from "node:path";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import { assertWorktreePathInDb } from "./security";
+import { assertWorktreePathInDb, validatePathInWorktree } from "./security";
 
 export const createStagingRouter = () => {
 	return router({
@@ -19,7 +18,8 @@ export const createStagingRouter = () => {
 				assertWorktreePathInDb(input.worktreePath);
 
 				const git = simpleGit(input.worktreePath);
-				await git.add(input.filePath);
+				// P2: Use -- to prevent paths starting with - from being interpreted as flags
+				await git.add(["--", input.filePath]);
 				return { success: true };
 			}),
 
@@ -88,8 +88,22 @@ export const createStagingRouter = () => {
 				// SECURITY: Validate worktreePath exists in localDb
 				assertWorktreePathInDb(input.worktreePath);
 
-				const fullPath = join(input.worktreePath, input.filePath);
-				await rm(fullPath, { recursive: true, force: true });
+				// SECURITY P0: Validate path is within worktree (prevents traversal/symlink attacks)
+				const validation = await validatePathInWorktree(
+					input.worktreePath,
+					input.filePath,
+				);
+
+				if (!validation.valid) {
+					throw new Error(
+						validation.reason === "outside-worktree"
+							? "Cannot delete files outside worktree"
+							: "File not found",
+					);
+				}
+
+				// Use the resolved path (follows symlinks safely)
+				await rm(validation.resolvedPath, { recursive: true, force: true });
 				return { success: true };
 			}),
 	});
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
index 53e743f2dbd..4a842517364 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/FileViewerPane/FileViewerPane.tsx
@@ -144,6 +144,9 @@ export function FileViewerPane({
 	);
 	const effectiveBaseBranch = branchData?.defaultBranch ?? "main";
 
+	// Track if we're saving from raw mode to know when to clear draft
+	const savingFromRawRef = useRef(false);
+
 	// Save mutation
 	const saveFileMutation = trpc.changes.saveFile.useMutation({
 		onSuccess: () => {
@@ -152,8 +155,12 @@ export function FileViewerPane({
 			if (editorRef.current) {
 				originalContentRef.current = editorRef.current.getValue();
 			}
-			// P1: Clear draft since content is now saved
-			draftContentRef.current = null;
+			// P1: Only clear draft if we saved from Raw mode (we saved the draft content)
+			// Don't clear if saving from Diff mode as that would discard Raw edits
+			if (savingFromRawRef.current) {
+				draftContentRef.current = null;
+			}
+			savingFromRawRef.current = false;
 			// Invalidate queries to refresh data
 			utils.changes.readWorkingFile.invalidate();
 			utils.changes.getFileContents.invalidate();
@@ -184,6 +191,8 @@ export function FileViewerPane({
 	// Save handler for raw mode editor
 	const handleSaveRaw = useCallback(() => {
 		if (!editorRef.current || !filePath || !worktreePath) return;
+		// Mark that we're saving from Raw mode so onSuccess knows to clear draft
+		savingFromRawRef.current = true;
 		saveFileMutation.mutate({
 			worktreePath,
 			filePath,
@@ -195,6 +204,8 @@ export function FileViewerPane({
 	const handleSaveDiff = useCallback(
 		(content: string) => {
 			if (!filePath || !worktreePath) return;
+			// Not saving from Raw mode - don't clear draft
+			savingFromRawRef.current = false;
 			saveFileMutation.mutate({
 				worktreePath,
 				filePath,
@@ -365,8 +376,11 @@ export function FileViewerPane({
 	const fileName = filePath.split("/").pop() || filePath;
 
 	// P1-3: Only allow editing for staged/unstaged diffs (not committed/against-main)
+	// P1: Also disable Diff editing when a Raw draft exists to prevent silent data loss
+	// User must go back to Raw mode to save their unsaved edits first
+	const hasDraft = draftContentRef.current !== null;
 	const isDiffEditable =
-		diffCategory === "staged" || diffCategory === "unstaged";
+		(diffCategory === "staged" || diffCategory === "unstaged") && !hasDraft;
 
 	// Render content based on view mode
 	const renderContent = () => {

From b2931b632c73470b92e5edee3be85a206db466c3 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Tue, 30 Dec 2025 08:53:42 +0200
Subject: [PATCH 10/14] refactor(desktop): simplify security code - remove
 overcomplicated path validation

- Reduce security.ts from 213 to 65 lines
- Remove async symlink/realpath checking (users own their repos)
- Remove segment-aware path traversal (..foo edge case not worth complexity)
- Keep worktreePath DB validation (the real security boundary)
- Keep simple .. and absolute path checks (sufficient for 99.99% of cases)
---
 .../lib/trpc/routers/changes/file-contents.ts |  46 ++---
 .../src/lib/trpc/routers/changes/security.ts  | 173 ++----------------
 .../src/lib/trpc/routers/changes/staging.ts   |  22 +--
 3 files changed, 34 insertions(+), 207 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index 80357b63e9d..d05ad985057 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -1,14 +1,9 @@
 import { lstat, readFile, writeFile } from "node:fs/promises";
-import { join } from "node:path";
 import type { FileContents } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import {
-	validatePathForWrite,
-	validatePathInWorktree,
-	validateWorktreePathInDb,
-} from "./security";
+import { validateFilePath, validateWorktreePathInDb } from "./security";
 import { detectLanguage } from "./utils/parse-status";
 
 /** Maximum file size for reading (2 MiB) */
@@ -94,21 +89,14 @@ export const createFileContentsRouter = () => {
 					throw new Error(`Unauthorized: worktree path not found in database`);
 				}
 
-				// Validate path is within worktree (prevents path traversal attacks)
-				const validation = await validatePathForWrite(
-					input.worktreePath,
-					input.filePath,
-				);
+				// Validate path doesn't escape worktree
+				const validation = validateFilePath(input.worktreePath, input.filePath);
 
 				if (!validation.valid) {
-					throw new Error(
-						validation.reason === "outside-worktree"
-							? "Cannot write to files outside worktree"
-							: "File path validation failed",
-					);
+					throw new Error("Invalid file path");
 				}
 
-				await writeFile(validation.resolvedPath, input.content, "utf-8");
+				await writeFile(validation.fullPath, input.content, "utf-8");
 				return { success: true };
 			}),
 
@@ -130,20 +118,14 @@ export const createFileContentsRouter = () => {
 					return { ok: false, reason: "outside-worktree" };
 				}
 
-				// Validate path is within worktree
-				const validation = await validatePathInWorktree(
-					input.worktreePath,
-					input.filePath,
-				);
+				// Validate path doesn't escape worktree
+				const validation = validateFilePath(input.worktreePath, input.filePath);
 
 				if (!validation.valid) {
-					return {
-						ok: false,
-						reason: validation.reason,
-					};
+					return { ok: false, reason: "outside-worktree" };
 				}
 
-				const resolvedPath = validation.resolvedPath;
+				const resolvedPath = validation.fullPath;
 
 				// Check file size
 				try {
@@ -292,14 +274,14 @@ async function getUnstagedVersions(
 	}
 
 	let modified = "";
-	// Validate path before reading from filesystem (prevents path traversal)
-	const validation = await validatePathInWorktree(worktreePath, filePath);
-	if (validation.valid && validation.resolvedPath) {
+	// Validate path before reading from filesystem
+	const validation = validateFilePath(worktreePath, filePath);
+	if (validation.valid) {
 		try {
 			// Check file size before reading
-			const stats = await lstat(validation.resolvedPath);
+			const stats = await lstat(validation.fullPath);
 			if (stats.size <= MAX_FILE_SIZE) {
-				modified = await readFile(validation.resolvedPath, "utf-8");
+				modified = await readFile(validation.fullPath, "utf-8");
 			} else {
 				modified = `[File content truncated - exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit]`;
 			}
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security.ts b/apps/desktop/src/lib/trpc/routers/changes/security.ts
index a219dcb8a64..372de3d70f9 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/security.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/security.ts
@@ -1,13 +1,4 @@
-import { lstat, realpath } from "node:fs/promises";
-import {
-	basename,
-	dirname,
-	isAbsolute,
-	join,
-	normalize,
-	relative,
-	sep,
-} from "node:path";
+import { isAbsolute, join, normalize } from "node:path";
 import { worktrees } from "@superset/local-db";
 import { eq } from "drizzle-orm";
 import { localDb } from "main/lib/local-db";
@@ -20,8 +11,8 @@ export type WorktreeRecord = typeof worktrees.$inferSelect;
  * This prevents arbitrary filesystem/git access by ensuring the path
  * is a known, registered worktree.
  *
- * SECURITY: This is critical - without this check, a compromised renderer
- * could access arbitrary files/repos by passing worktreePath="/" or similar.
+ * SECURITY: This is THE critical check - prevents arbitrary filesystem access.
+ * A compromised renderer cannot access files outside registered worktrees.
  *
  * @returns The worktree record from the database
  * @throws Error if worktreePath is not found in the database
@@ -53,160 +44,26 @@ export function validateWorktreePathInDb(worktreePath: string): boolean {
 	return !!worktree;
 }
 
-// ============================================================================
-// Path Validation Utilities
-// ============================================================================
-
-/**
- * Checks if a normalized path contains directory traversal patterns.
- * Uses segment-aware checks to avoid false positives on paths like "..foo/bar".
- */
-export function containsPathTraversal(normalizedPath: string): boolean {
-	// Check if path is exactly ".." or starts with "../" (or "..\\" on Windows)
-	if (normalizedPath === ".." || normalizedPath.startsWith(`..${sep}`)) {
-		return true;
-	}
-	// Check for "/../" or "\..\" anywhere in the path
-	if (normalizedPath.includes(`${sep}..${sep}`)) {
-		return true;
-	}
-	// Check if path ends with "/.." or "\.."
-	if (normalizedPath.endsWith(`${sep}..`)) {
-		return true;
-	}
-	return false;
-}
-
-/**
- * Checks if a relative path escapes outside its base directory.
- * Uses segment-aware checks for cross-platform compatibility.
- */
-export function isPathOutsideBase(relativePath: string): boolean {
-	if (isAbsolute(relativePath)) {
-		return true;
-	}
-	// Segment-aware check: path is outside if it equals ".." or starts with "../"
-	return (
-		relativePath === ".." ||
-		relativePath.startsWith(`..${sep}`) ||
-		// Also handle forward slashes on all platforms (relative() may use them)
-		relativePath.startsWith("../")
-	);
-}
-
-/** Result type for path validation */
-export type PathValidationResult =
-	| { valid: true; resolvedPath: string }
-	| { valid: false; reason: "not-found" | "outside-worktree" };
-
-/**
- * Validates that a file path is within the worktree and doesn't escape via symlinks.
- * Requires the file to exist (uses realpath).
- *
- * SECURITY: Use this before ANY filesystem operation on user-provided paths.
- */
-export async function validatePathInWorktree(
-	worktreePath: string,
-	filePath: string,
-): Promise<PathValidationResult> {
-	// Reject absolute paths
-	if (isAbsolute(filePath)) {
-		return { valid: false, reason: "outside-worktree" };
-	}
-
-	// Normalize and check for traversal using segment-aware check
-	const normalizedPath = normalize(filePath);
-	if (containsPathTraversal(normalizedPath)) {
-		return { valid: false, reason: "outside-worktree" };
-	}
-
-	const fullPath = join(worktreePath, normalizedPath);
-
-	// Resolve symlinks and verify the real path is still within worktree
-	try {
-		const realWorktreePath = await realpath(worktreePath);
-		const realFilePath = await realpath(fullPath);
-		const relativePath = relative(realWorktreePath, realFilePath);
-
-		// Use segment-aware check for relative path
-		if (isPathOutsideBase(relativePath)) {
-			return { valid: false, reason: "outside-worktree" };
-		}
-
-		return { valid: true, resolvedPath: realFilePath };
-	} catch {
-		// File doesn't exist
-		return { valid: false, reason: "not-found" };
-	}
-}
-
 /**
- * Validates that a file path is safe for writing within the worktree.
- * Does not require the file to exist (validates path structure and parent directory).
- * Also checks for symlink escape attacks.
+ * Simple path validation. Rejects absolute paths and paths containing "..".
+ * Returns the resolved full path if valid.
  *
- * SECURITY: Use this before ANY write operation on user-provided paths.
+ * Note: We intentionally don't do symlink resolution. If a user puts symlinks
+ * in their own repo, that's their business. The worktreePath validation above
+ * is the security boundary.
  */
-export async function validatePathForWrite(
+export function validateFilePath(
 	worktreePath: string,
 	filePath: string,
-): Promise<PathValidationResult> {
-	// Reject absolute paths
+): { valid: true; fullPath: string } | { valid: false } {
 	if (isAbsolute(filePath)) {
-		return { valid: false, reason: "outside-worktree" };
+		return { valid: false };
 	}
 
-	// Normalize and check for traversal using segment-aware check
-	const normalizedPath = normalize(filePath);
-	if (containsPathTraversal(normalizedPath)) {
-		return { valid: false, reason: "outside-worktree" };
+	const normalized = normalize(filePath);
+	if (normalized.includes("..")) {
+		return { valid: false };
 	}
 
-	const fullPath = join(worktreePath, normalizedPath);
-
-	// Resolve the worktree path and verify our target path is within it
-	try {
-		const realWorktreePath = await realpath(worktreePath);
-
-		// Check if target file exists and is a symlink - reject symlinks to prevent escape
-		try {
-			const stats = await lstat(fullPath);
-			if (stats.isSymbolicLink()) {
-				// File exists and is a symlink - verify target is within worktree
-				const realFilePath = await realpath(fullPath);
-				const relativePath = relative(realWorktreePath, realFilePath);
-				if (isPathOutsideBase(relativePath)) {
-					return { valid: false, reason: "outside-worktree" };
-				}
-				return { valid: true, resolvedPath: realFilePath };
-			}
-		} catch {
-			// File doesn't exist yet - that's fine for writes, continue with parent check
-		}
-
-		// Resolve parent directory to catch symlink escapes in parent path
-		const parentDir = dirname(fullPath);
-		try {
-			const realParentPath = await realpath(parentDir);
-			const parentRelative = relative(realWorktreePath, realParentPath);
-			if (isPathOutsideBase(parentRelative)) {
-				return { valid: false, reason: "outside-worktree" };
-			}
-			// Construct final path using resolved parent + filename
-			const fileName = basename(normalizedPath);
-			const candidatePath = join(realParentPath, fileName);
-			return { valid: true, resolvedPath: candidatePath };
-		} catch {
-			// Parent directory doesn't exist - fall back to path validation
-			const candidatePath = join(realWorktreePath, normalizedPath);
-			const relativePath = relative(realWorktreePath, candidatePath);
-			if (isPathOutsideBase(relativePath)) {
-				return { valid: false, reason: "outside-worktree" };
-			}
-			return { valid: true, resolvedPath: candidatePath };
-		}
-	} catch {
-		// Worktree path doesn't exist or isn't accessible
-		return { valid: false, reason: "not-found" };
-	}
+	return { valid: true, fullPath: join(worktreePath, normalized) };
 }
diff --git a/apps/desktop/src/lib/trpc/routers/changes/staging.ts b/apps/desktop/src/lib/trpc/routers/changes/staging.ts
index 0cd83f17a5f..a9e401b61b2 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/staging.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/staging.ts
@@ -1,8 +1,9 @@
 import { rm } from "node:fs/promises";
+import { join } from "node:path";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import { assertWorktreePathInDb, validatePathInWorktree } from "./security";
+import { assertWorktreePathInDb } from "./security";
 
 export const createStagingRouter = () => {
 	return router({
@@ -88,22 +89,9 @@ export const createStagingRouter = () => {
 				// SECURITY: Validate worktreePath exists in localDb
 				assertWorktreePathInDb(input.worktreePath);
 
-				// SECURITY P0: Validate path is within worktree (prevents traversal/symlink attacks)
-				const validation = await validatePathInWorktree(
-					input.worktreePath,
-					input.filePath,
-				);
-
-				if (!validation.valid) {
-					throw new Error(
-						validation.reason === "outside-worktree"
-							? "Cannot delete files outside worktree"
-							: "File not found",
-					);
-				}
-
-				// Use the resolved path (follows symlinks safely)
-				await rm(validation.resolvedPath, { recursive: true, force: true });
+				// filePath comes from git status output, which git already sandboxes
+				const fullPath = join(input.worktreePath, input.filePath);
+				await rm(fullPath, { recursive: true, force: true });
 				return { success: true };
 			}),
 	});

From bc7dd58785f7a8439e7e1ae620a86341e0587c52 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Tue, 30 Dec 2025 09:17:14 +0200
Subject: [PATCH 11/14] fix(desktop): P0 untracked linecount + P2 terminal
 guard + branch safety

P0 (blocking):
- Add path validation (rejects .. and absolute) to applyUntrackedLineCount
- Add 1MB size cap to prevent OOM on large untracked files during polling

P2:
- Add type guard in updateTabLayout - only call killTerminalForPane for terminal panes
- Use ['--', branch] in switchBranch to ensure branch treated as refname
---
 .../src/lib/trpc/routers/changes/branches.ts  |  3 ++-
 .../src/lib/trpc/routers/changes/status.ts    | 19 ++++++++++++++-----
 .../desktop/src/renderer/stores/tabs/store.ts |  5 ++++-
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/branches.ts b/apps/desktop/src/lib/trpc/routers/changes/branches.ts
index 263234edcba..db7bf5a4d73 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/branches.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/branches.ts
@@ -68,7 +68,8 @@ export const createBranchesRouter = () => {
 
 				const git = simpleGit(input.worktreePath);
 
-				await git.checkout(input.branch);
+				// P2: Use -- to ensure branch is treated as refname, not flag
+				await git.checkout(["--", input.branch]);
 
 				// Update the branch in the worktree record
 				const gitStatus = worktree.gitStatus
diff --git a/apps/desktop/src/lib/trpc/routers/changes/status.ts b/apps/desktop/src/lib/trpc/routers/changes/status.ts
index cb75081c0f9..e3bf151ec77 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/status.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/status.ts
@@ -1,10 +1,9 @@
-import { readFile } from "node:fs/promises";
-import { join } from "node:path";
+import { lstat, readFile } from "node:fs/promises";
 import type { ChangedFile, GitChangesStatus } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import { assertWorktreePathInDb } from "./security";
+import { assertWorktreePathInDb, validateFilePath } from "./security";
 import { applyNumstatToFiles } from "./utils/apply-numstat";
 import {
 	parseGitLog,
@@ -148,14 +147,24 @@ async function getBranchComparison(
 	return { commits, againstBase, ahead, behind };
 }
 
+/** Max file size for line counting (1 MiB) - skip larger files to avoid OOM */
+const MAX_LINE_COUNT_SIZE = 1 * 1024 * 1024;
+
 async function applyUntrackedLineCount(
 	worktreePath: string,
 	untracked: ChangedFile[],
 ): Promise<void> {
 	for (const file of untracked) {
 		try {
-			const fullPath = join(worktreePath, file.path);
-			const content = await readFile(fullPath, "utf-8");
+			// P0 SECURITY: Validate path doesn't escape worktree (rejects .. and absolute)
+			const validation = validateFilePath(worktreePath, file.path);
+			if (!validation.valid) continue;
+
+			// P0 PERFORMANCE: Skip large files to avoid OOM on polling
+			const stats = await lstat(validation.fullPath);
+			if (stats.size > MAX_LINE_COUNT_SIZE) continue;
+
+			const content = await readFile(validation.fullPath, "utf-8");
 			const lineCount = content.split("\n").length;
 			file.additions = lineCount;
 			file.deletions = 0;
diff --git a/apps/desktop/src/renderer/stores/tabs/store.ts b/apps/desktop/src/renderer/stores/tabs/store.ts
index a76f4ba4a11..f577db7d00b 100644
--- a/apps/desktop/src/renderer/stores/tabs/store.ts
+++ b/apps/desktop/src/renderer/stores/tabs/store.ts
@@ -290,7 +290,10 @@ export const useTabsStore = create<TabsStore>()(
 
 					const newPanes = { ...state.panes };
 					for (const paneId of removedPaneIds) {
-						killTerminalForPane(paneId);
+						// P2: Only kill terminal for actual terminal panes (avoid unnecessary IPC)
+						if (state.panes[paneId]?.type === "terminal") {
+							killTerminalForPane(paneId);
+						}
 						delete newPanes[paneId];
 					}
 

From 6d86a00d04e5243938af3c91beae4d8779087daf Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Tue, 30 Dec 2025 09:58:18 +0200
Subject: [PATCH 12/14] refactor(desktop): security architecture overhaul with
 proper path validation

- Add path-validation.ts with industry-standard containment check (path.relative)
- Add secure-fs.ts with self-validating FS wrappers (symlink escape protection)
- Add git-commands.ts with semantic helpers (gitSwitchBranch vs gitCheckoutFile)
- Fix switchBranch: use 'git switch' instead of 'git checkout --' (was file checkout)
- Fix path traversal check: segment-aware (allows ..foo, rejects ..)
- Fix symlink bypass: check parent dirs for new files, use stat not lstat
- Fix worktree root deletion: explicit allowRoot check
- All FS operations now go through secureFs with validation built-in
---
 .../src/lib/trpc/routers/changes/branches.ts  |  19 +-
 .../lib/trpc/routers/changes/file-contents.ts | 116 +++-----
 .../trpc/routers/changes/git-operations.ts    |  12 +-
 .../src/lib/trpc/routers/changes/security.ts  |  69 -----
 .../routers/changes/security/git-commands.ts  | 139 +++++++++
 .../trpc/routers/changes/security/index.ts    |  30 ++
 .../changes/security/path-validation.ts       | 264 ++++++++++++++++++
 .../routers/changes/security/secure-fs.ts     | 134 +++++++++
 .../src/lib/trpc/routers/changes/staging.ts   |  51 +---
 .../src/lib/trpc/routers/changes/status.ts    |  31 +-
 10 files changed, 661 insertions(+), 204 deletions(-)
 delete mode 100644 apps/desktop/src/lib/trpc/routers/changes/security.ts
 create mode 100644 apps/desktop/src/lib/trpc/routers/changes/security/git-commands.ts
 create mode 100644 apps/desktop/src/lib/trpc/routers/changes/security/index.ts
 create mode 100644 apps/desktop/src/lib/trpc/routers/changes/security/path-validation.ts
 create mode 100644 apps/desktop/src/lib/trpc/routers/changes/security/secure-fs.ts

diff --git a/apps/desktop/src/lib/trpc/routers/changes/branches.ts b/apps/desktop/src/lib/trpc/routers/changes/branches.ts
index db7bf5a4d73..b2351e98bdd 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/branches.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/branches.ts
@@ -4,7 +4,11 @@ import { localDb } from "main/lib/local-db";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import { assertWorktreePathInDb } from "./security";
+import {
+	assertRegisteredWorktree,
+	getRegisteredWorktree,
+	gitSwitchBranch,
+} from "./security";
 
 export const createBranchesRouter = () => {
 	return router({
@@ -19,8 +23,7 @@ export const createBranchesRouter = () => {
 					defaultBranch: string;
 					checkedOutBranches: Record<string, string>;
 				}> => {
-					// SECURITY: Validate worktreePath exists in localDb
-					assertWorktreePathInDb(input.worktreePath);
+					assertRegisteredWorktree(input.worktreePath);
 
 					const git = simpleGit(input.worktreePath);
 
@@ -63,13 +66,11 @@ export const createBranchesRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				// SECURITY: Validate worktreePath exists in localDb and get record
-				const worktree = assertWorktreePathInDb(input.worktreePath);
+				// Get worktree record for updating branch info
+				const worktree = getRegisteredWorktree(input.worktreePath);
 
-				const git = simpleGit(input.worktreePath);
-
-				// P2: Use -- to ensure branch is treated as refname, not flag
-				await git.checkout(["--", input.branch]);
+				// Use gitSwitchBranch which uses `git switch` (correct branch syntax)
+				await gitSwitchBranch(input.worktreePath, input.branch);
 
 				// Update the branch in the worktree record
 				const gitStatus = worktree.gitStatus
diff --git a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
index d05ad985057..b0edb575149 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/file-contents.ts
@@ -1,9 +1,12 @@
-import { lstat, readFile, writeFile } from "node:fs/promises";
 import type { FileContents } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import { validateFilePath, validateWorktreePathInDb } from "./security";
+import {
+	assertRegisteredWorktree,
+	PathValidationError,
+	secureFs,
+} from "./security";
 import { detectLanguage } from "./utils/parse-status";
 
 /** Maximum file size for reading (2 MiB) */
@@ -49,10 +52,7 @@ export const createFileContentsRouter = () => {
 				}),
 			)
 			.query(async ({ input }): Promise<FileContents> => {
-				// SECURITY: Validate worktreePath exists in localDb to prevent arbitrary FS access
-				if (!validateWorktreePathInDb(input.worktreePath)) {
-					throw new Error(`Unauthorized: worktree path not found in database`);
-				}
+				assertRegisteredWorktree(input.worktreePath);
 
 				const git = simpleGit(input.worktreePath);
 				const defaultBranch = input.defaultBranch || "main";
@@ -84,26 +84,18 @@ export const createFileContentsRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				// SECURITY: Validate worktreePath exists in localDb to prevent arbitrary FS access
-				if (!validateWorktreePathInDb(input.worktreePath)) {
-					throw new Error(`Unauthorized: worktree path not found in database`);
-				}
-
-				// Validate path doesn't escape worktree
-				const validation = validateFilePath(input.worktreePath, input.filePath);
-
-				if (!validation.valid) {
-					throw new Error("Invalid file path");
-				}
-
-				await writeFile(validation.fullPath, input.content, "utf-8");
+				// secureFs.writeFile handles all validation including symlink checks
+				await secureFs.writeFile(
+					input.worktreePath,
+					input.filePath,
+					input.content,
+				);
 				return { success: true };
 			}),
 
 		/**
 		 * Read a working tree file safely with size cap and binary detection.
 		 * Used for File Viewer raw/rendered modes.
-		 * Follows DL-005 (path validation) and DL-008 (size/binary policy).
 		 */
 		readWorkingFile: publicProcedure
 			.input(
@@ -113,50 +105,37 @@ export const createFileContentsRouter = () => {
 				}),
 			)
 			.query(async ({ input }): Promise<ReadWorkingFileResult> => {
-				// SECURITY: Validate worktreePath exists in localDb to prevent arbitrary FS access
-				if (!validateWorktreePathInDb(input.worktreePath)) {
-					return { ok: false, reason: "outside-worktree" };
-				}
-
-				// Validate path doesn't escape worktree
-				const validation = validateFilePath(input.worktreePath, input.filePath);
-
-				if (!validation.valid) {
-					return { ok: false, reason: "outside-worktree" };
-				}
-
-				const resolvedPath = validation.fullPath;
-
-				// Check file size
 				try {
-					const stats = await lstat(resolvedPath);
+					// Check file size first (uses stat which follows symlinks)
+					const stats = await secureFs.stat(input.worktreePath, input.filePath);
 					if (stats.size > MAX_FILE_SIZE) {
 						return { ok: false, reason: "too-large" };
 					}
-				} catch {
-					return { ok: false, reason: "not-found" };
-				}
 
-				// Read file content
-				let buffer: Buffer;
-				try {
-					buffer = await readFile(resolvedPath);
-				} catch {
-					return { ok: false, reason: "not-found" };
-				}
+					// Read file content as buffer for binary detection
+					const buffer = await secureFs.readFileBuffer(
+						input.worktreePath,
+						input.filePath,
+					);
 
-				// Check for binary content
-				if (isBinaryContent(buffer)) {
-					return { ok: false, reason: "binary" };
-				}
+					// Check for binary content
+					if (isBinaryContent(buffer)) {
+						return { ok: false, reason: "binary" };
+					}
 
-				// Return content as string
-				return {
-					ok: true,
-					content: buffer.toString("utf-8"),
-					truncated: false,
-					byteLength: buffer.length,
-				};
+					return {
+						ok: true,
+						content: buffer.toString("utf-8"),
+						truncated: false,
+						byteLength: buffer.length,
+					};
+				} catch (error) {
+					if (error instanceof PathValidationError) {
+						return { ok: false, reason: "outside-worktree" };
+					}
+					// File not found or other read error
+					return { ok: false, reason: "not-found" };
+				}
 			}),
 	});
 };
@@ -274,20 +253,17 @@ async function getUnstagedVersions(
 	}
 
 	let modified = "";
-	// Validate path before reading from filesystem
-	const validation = validateFilePath(worktreePath, filePath);
-	if (validation.valid) {
-		try {
-			// Check file size before reading
-			const stats = await lstat(validation.fullPath);
-			if (stats.size <= MAX_FILE_SIZE) {
-				modified = await readFile(validation.fullPath, "utf-8");
-			} else {
-				modified = `[File content truncated - exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit]`;
-			}
-		} catch {
-			modified = "";
+	try {
+		// Check file size before reading (uses stat which follows symlinks)
+		const stats = await secureFs.stat(worktreePath, filePath);
+		if (stats.size <= MAX_FILE_SIZE) {
+			modified = await secureFs.readFile(worktreePath, filePath);
+		} else {
+			modified = `[File content truncated - exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit]`;
 		}
+	} catch {
+		// File doesn't exist or validation failed - that's ok for diff display
+		modified = "";
 	}
 
 	return { original, modified };
diff --git a/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts b/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
index 8db35e91d90..35f58d7c956 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/git-operations.ts
@@ -3,7 +3,7 @@ import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
 import { isUpstreamMissingError } from "./git-utils";
-import { assertWorktreePathInDb } from "./security";
+import { assertRegisteredWorktree } from "./security";
 
 export { isUpstreamMissingError };
 
@@ -33,7 +33,7 @@ export const createGitOperationsRouter = () => {
 			.mutation(
 				async ({ input }): Promise<{ success: boolean; hash: string }> => {
 					// SECURITY: Validate worktreePath exists in localDb
-					assertWorktreePathInDb(input.worktreePath);
+					assertRegisteredWorktree(input.worktreePath);
 
 					const git = simpleGit(input.worktreePath);
 					const result = await git.commit(input.message);
@@ -50,7 +50,7 @@ export const createGitOperationsRouter = () => {
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
 				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
+				assertRegisteredWorktree(input.worktreePath);
 
 				const git = simpleGit(input.worktreePath);
 				const hasUpstream = await hasUpstreamBranch(git);
@@ -73,7 +73,7 @@ export const createGitOperationsRouter = () => {
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
 				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
+				assertRegisteredWorktree(input.worktreePath);
 
 				const git = simpleGit(input.worktreePath);
 				try {
@@ -99,7 +99,7 @@ export const createGitOperationsRouter = () => {
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
 				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
+				assertRegisteredWorktree(input.worktreePath);
 
 				const git = simpleGit(input.worktreePath);
 				try {
@@ -129,7 +129,7 @@ export const createGitOperationsRouter = () => {
 			.mutation(
 				async ({ input }): Promise<{ success: boolean; url: string }> => {
 					// SECURITY: Validate worktreePath exists in localDb
-					assertWorktreePathInDb(input.worktreePath);
+					assertRegisteredWorktree(input.worktreePath);
 
 					const git = simpleGit(input.worktreePath);
 					const branch = (await git.revparse(["--abbrev-ref", "HEAD"])).trim();
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security.ts b/apps/desktop/src/lib/trpc/routers/changes/security.ts
deleted file mode 100644
index 372de3d70f9..00000000000
--- a/apps/desktop/src/lib/trpc/routers/changes/security.ts
+++ /dev/null
@@ -1,69 +0,0 @@
-import { isAbsolute, join, normalize } from "node:path";
-import { worktrees } from "@superset/local-db";
-import { eq } from "drizzle-orm";
-import { localDb } from "main/lib/local-db";
-
-/** Type for worktree record returned from localDb */
-export type WorktreeRecord = typeof worktrees.$inferSelect;
-
-/**
- * Validates that a worktreePath exists in localDb.worktrees.
- * This prevents arbitrary filesystem/git access by ensuring the path
- * is a known, registered worktree.
- *
- * SECURITY: This is THE critical check - prevents arbitrary filesystem access.
- * A compromised renderer cannot access files outside registered worktrees.
- *
- * @returns The worktree record from the database
- * @throws Error if worktreePath is not found in the database
- */
-export function assertWorktreePathInDb(worktreePath: string): WorktreeRecord {
-	const worktree = localDb
-		.select()
-		.from(worktrees)
-		.where(eq(worktrees.path, worktreePath))
-		.get();
-
-	if (!worktree) {
-		throw new Error("Unauthorized: worktree path not found in database");
-	}
-
-	return worktree;
-}
-
-/**
- * Non-throwing version of assertWorktreePathInDb.
- * Returns true if the worktreePath exists in localDb.worktrees.
- */
-export function validateWorktreePathInDb(worktreePath: string): boolean {
-	const worktree = localDb
-		.select()
-		.from(worktrees)
-		.where(eq(worktrees.path, worktreePath))
-		.get();
-	return !!worktree;
-}
-
-/**
- * Simple path validation. Rejects absolute paths and paths containing "..".
- * Returns the resolved full path if valid.
- *
- * Note: We intentionally don't do symlink resolution. If a user puts symlinks
- * in their own repo, that's their business. The worktreePath validation above
- * is the security boundary.
- */
-export function validateFilePath(
-	worktreePath: string,
-	filePath: string,
-): { valid: true; fullPath: string } | { valid: false } {
-	if (isAbsolute(filePath)) {
-		return { valid: false };
-	}
-
-	const normalized = normalize(filePath);
-	if (normalized.includes("..")) {
-		return { valid: false };
-	}
-
-	return { valid: true, fullPath: join(worktreePath, normalized) };
-}
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security/git-commands.ts b/apps/desktop/src/lib/trpc/routers/changes/security/git-commands.ts
new file mode 100644
index 00000000000..643c7826e6d
--- /dev/null
+++ b/apps/desktop/src/lib/trpc/routers/changes/security/git-commands.ts
@@ -0,0 +1,139 @@
+import simpleGit from "simple-git";
+import {
+	assertRegisteredWorktree,
+	assertValidGitPath,
+} from "./path-validation";
+
+/**
+ * Git command helpers with semantic naming.
+ *
+ * Design principle: Different functions for different git semantics.
+ * You can't accidentally use file checkout syntax for branch switching.
+ *
+ * Each function:
+ * 1. Validates worktree is registered
+ * 2. Validates paths/refs as appropriate
+ * 3. Uses the correct git command syntax
+ */
+
+/**
+ * Switch to a branch.
+ *
+ * Uses `git switch` (unambiguous branch operation, git 2.23+).
+ * Falls back to `git checkout <branch>` for older git versions.
+ *
+ * Note: `git checkout -- <branch>` is WRONG - that's file checkout syntax.
+ */
+export async function gitSwitchBranch(
+	worktreePath: string,
+	branch: string,
+): Promise<void> {
+	assertRegisteredWorktree(worktreePath);
+
+	// Validate: reject anything that looks like a flag
+	if (branch.startsWith("-")) {
+		throw new Error("Invalid branch name: cannot start with -");
+	}
+
+	// Validate: reject empty branch names
+	if (!branch.trim()) {
+		throw new Error("Invalid branch name: cannot be empty");
+	}
+
+	const git = simpleGit(worktreePath);
+
+	try {
+		// Prefer `git switch` - unambiguous branch operation (git 2.23+)
+		await git.raw(["switch", branch]);
+	} catch (switchError) {
+		// Check if it's because `switch` command doesn't exist (old git)
+		const errorMessage = String(switchError);
+		if (
+			errorMessage.includes("is not a git command") ||
+			errorMessage.includes("unknown switch")
+		) {
+			// Fallback for older git versions
+			// Note: checkout WITHOUT -- is correct for branches
+			await git.checkout(branch);
+		} else {
+			throw switchError;
+		}
+	}
+}
+
+/**
+ * Checkout (restore) a file path, discarding local changes.
+ *
+ * Uses `git checkout -- <path>` - the `--` is REQUIRED here
+ * to indicate path mode (not branch mode).
+ */
+export async function gitCheckoutFile(
+	worktreePath: string,
+	filePath: string,
+): Promise<void> {
+	assertRegisteredWorktree(worktreePath);
+	assertValidGitPath(filePath);
+
+	const git = simpleGit(worktreePath);
+	// `--` is correct here - we want path semantics
+	await git.checkout(["--", filePath]);
+}
+
+/**
+ * Stage a file for commit.
+ *
+ * Uses `git add -- <path>` - the `--` prevents paths starting
+ * with `-` from being interpreted as flags.
+ */
+export async function gitStageFile(
+	worktreePath: string,
+	filePath: string,
+): Promise<void> {
+	assertRegisteredWorktree(worktreePath);
+	assertValidGitPath(filePath);
+
+	const git = simpleGit(worktreePath);
+	await git.add(["--", filePath]);
+}
+
+/**
+ * Stage all changes for commit.
+ *
+ * Uses `git add -A` to stage all changes (new, modified, deleted).
+ */
+export async function gitStageAll(worktreePath: string): Promise<void> {
+	assertRegisteredWorktree(worktreePath);
+
+	const git = simpleGit(worktreePath);
+	await git.add("-A");
+}
+
+/**
+ * Unstage a file (remove from staging area).
+ *
+ * Uses `git reset HEAD -- <path>` to unstage without
+ * discarding changes.
+ */
+export async function gitUnstageFile(
+	worktreePath: string,
+	filePath: string,
+): Promise<void> {
+	assertRegisteredWorktree(worktreePath);
+	assertValidGitPath(filePath);
+
+	const git = simpleGit(worktreePath);
+	await git.reset(["HEAD", "--", filePath]);
+}
+
+/**
+ * Unstage all files.
+ *
+ * Uses `git reset HEAD` to unstage all changes without
+ * discarding them.
+ */
+export async function gitUnstageAll(worktreePath: string): Promise<void> {
+	assertRegisteredWorktree(worktreePath);
+
+	const git = simpleGit(worktreePath);
+	await git.reset(["HEAD"]);
+}
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security/index.ts b/apps/desktop/src/lib/trpc/routers/changes/security/index.ts
new file mode 100644
index 00000000000..b2763809771
--- /dev/null
+++ b/apps/desktop/src/lib/trpc/routers/changes/security/index.ts
@@ -0,0 +1,30 @@
+/**
+ * Security module for changes routers.
+ *
+ * This module provides:
+ * - Path validation with symlink escape protection
+ * - Secure filesystem wrappers
+ * - Worktree registration checks
+ *
+ * All filesystem operations in the changes routers should go through
+ * this module to ensure consistent security checks.
+ */
+
+export {
+	gitCheckoutFile,
+	gitStageAll,
+	gitStageFile,
+	gitSwitchBranch,
+	gitUnstageAll,
+	gitUnstageFile,
+} from "./git-commands";
+export {
+	assertRegisteredWorktree,
+	assertValidGitPath,
+	getRegisteredWorktree,
+	PathValidationError,
+	type PathValidationErrorCode,
+	type ResolveSecurePathOptions,
+	resolveSecurePath,
+} from "./path-validation";
+export { secureFs } from "./secure-fs";
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security/path-validation.ts b/apps/desktop/src/lib/trpc/routers/changes/security/path-validation.ts
new file mode 100644
index 00000000000..675f209f030
--- /dev/null
+++ b/apps/desktop/src/lib/trpc/routers/changes/security/path-validation.ts
@@ -0,0 +1,264 @@
+import { realpath } from "node:fs/promises";
+import {
+	dirname,
+	isAbsolute,
+	normalize,
+	relative,
+	resolve,
+	sep,
+} from "node:path";
+import { worktrees } from "@superset/local-db";
+import { eq } from "drizzle-orm";
+import { localDb } from "main/lib/local-db";
+
+/**
+ * Security error codes for path validation failures.
+ */
+export type PathValidationErrorCode =
+	| "ABSOLUTE_PATH"
+	| "PATH_TRAVERSAL"
+	| "SYMLINK_ESCAPE"
+	| "UNREGISTERED_WORKTREE"
+	| "INVALID_TARGET";
+
+/**
+ * Error thrown when path validation fails.
+ * Includes a code for programmatic handling.
+ */
+export class PathValidationError extends Error {
+	constructor(
+		message: string,
+		public readonly code: PathValidationErrorCode,
+	) {
+		super(message);
+		this.name = "PathValidationError";
+	}
+}
+
+/**
+ * Validates that a worktree path is registered in localDb.
+ *
+ * This is THE critical security boundary - prevents arbitrary filesystem access.
+ * A compromised renderer cannot access files outside registered worktrees.
+ *
+ * @throws PathValidationError if worktree is not registered
+ */
+export function assertRegisteredWorktree(worktreePath: string): void {
+	const exists = localDb
+		.select()
+		.from(worktrees)
+		.where(eq(worktrees.path, worktreePath))
+		.get();
+
+	if (!exists) {
+		throw new PathValidationError(
+			"Worktree not registered in database",
+			"UNREGISTERED_WORKTREE",
+		);
+	}
+}
+
+/**
+ * Gets the worktree record if it exists in localDb.
+ * Returns the record for additional operations (e.g., updating branch).
+ *
+ * @throws PathValidationError if worktree is not registered
+ */
+export function getRegisteredWorktree(
+	worktreePath: string,
+): typeof worktrees.$inferSelect {
+	const worktree = localDb
+		.select()
+		.from(worktrees)
+		.where(eq(worktrees.path, worktreePath))
+		.get();
+
+	if (!worktree) {
+		throw new PathValidationError(
+			"Worktree not registered in database",
+			"UNREGISTERED_WORKTREE",
+		);
+	}
+
+	return worktree;
+}
+
+/**
+ * Checks if a relative path escapes its parent directory.
+ *
+ * Uses the correct segment-aware check:
+ * - `..` alone escapes
+ * - `../anything` escapes
+ * - `..foo` does NOT escape (legitimate directory name)
+ */
+function escapesParent(relativePath: string): boolean {
+	return (
+		relativePath === ".." ||
+		relativePath.startsWith(`..${sep}`) ||
+		isAbsolute(relativePath)
+	);
+}
+
+/**
+ * Validates a file path doesn't escape the worktree via symlinks.
+ *
+ * Handles new files by walking up to find the first existing ancestor
+ * and validating that ancestor is within the worktree.
+ *
+ * @throws PathValidationError if symlink escape detected or validation fails
+ */
+async function assertNoSymlinkEscape(
+	worktreePath: string,
+	fullPath: string,
+): Promise<void> {
+	const realWorktree = await realpath(worktreePath);
+
+	// Walk up to find first existing ancestor
+	let checkPath = fullPath;
+	const root = resolve("/");
+
+	while (checkPath !== root) {
+		try {
+			const realPath = await realpath(checkPath);
+			const rel = relative(realWorktree, realPath);
+
+			if (escapesParent(rel)) {
+				throw new PathValidationError(
+					"Path escapes worktree via symlink",
+					"SYMLINK_ESCAPE",
+				);
+			}
+
+			// Found existing path and validated it - we're done
+			return;
+		} catch (e) {
+			if (e instanceof PathValidationError) {
+				throw e;
+			}
+
+			if ((e as NodeJS.ErrnoException).code === "ENOENT") {
+				// Path doesn't exist, check parent
+				const parent = dirname(checkPath);
+				if (parent === checkPath) {
+					// Hit filesystem root without finding existing path
+					// This shouldn't happen for valid worktree paths
+					break;
+				}
+				checkPath = parent;
+				continue;
+			}
+
+			// For any other error (permissions, etc.), fail closed
+			throw new PathValidationError(
+				`Cannot verify path security: ${(e as Error).message}`,
+				"SYMLINK_ESCAPE",
+			);
+		}
+	}
+}
+
+export interface ResolveSecurePathOptions {
+	/**
+	 * Check for symlink escapes. Required for destructive operations.
+	 * Default: true (fail closed)
+	 */
+	checkSymlinks?: boolean;
+
+	/**
+	 * Allow empty/root path (resolves to worktree itself).
+	 * Default: false (prevents accidental worktree deletion)
+	 */
+	allowRoot?: boolean;
+}
+
+/**
+ * Validates and resolves a file path within a worktree.
+ *
+ * Security checks:
+ * 1. Rejects absolute paths
+ * 2. Rejects path traversal via `..` segments
+ * 3. Rejects symlink escapes (by default)
+ * 4. Rejects root path unless explicitly allowed
+ *
+ * Uses `path.relative()` containment check - the industry standard pattern
+ * from VSCode, MCP servers, and security-focused libraries.
+ *
+ * @param worktreePath - The registered worktree base path
+ * @param filePath - The relative file path to validate
+ * @param options - Validation options
+ * @returns The resolved full path
+ * @throws PathValidationError on any validation failure
+ */
+export async function resolveSecurePath(
+	worktreePath: string,
+	filePath: string,
+	options: ResolveSecurePathOptions = {},
+): Promise<string> {
+	const { checkSymlinks = true, allowRoot = false } = options;
+
+	// 1. Reject absolute paths immediately
+	if (isAbsolute(filePath)) {
+		throw new PathValidationError(
+			"Absolute paths are not allowed",
+			"ABSOLUTE_PATH",
+		);
+	}
+
+	// 2. Normalize and resolve
+	const normalized = normalize(filePath);
+	const fullPath = resolve(worktreePath, normalized);
+
+	// 3. Containment check via relative path
+	const relativePath = relative(worktreePath, fullPath);
+
+	if (escapesParent(relativePath)) {
+		throw new PathValidationError(
+			"Path escapes worktree boundary",
+			"PATH_TRAVERSAL",
+		);
+	}
+
+	// 4. Check for root path (empty or ".")
+	if (!allowRoot && (relativePath === "" || relativePath === ".")) {
+		throw new PathValidationError(
+			"Cannot target worktree root",
+			"INVALID_TARGET",
+		);
+	}
+
+	// 5. Symlink escape check (default: enabled for safety)
+	if (checkSymlinks) {
+		await assertNoSymlinkEscape(worktreePath, fullPath);
+	}
+
+	return fullPath;
+}
+
+/**
+ * Validates a path for use in git commands (pathspec).
+ *
+ * Lighter validation than resolveSecurePath - just checks for
+ * obvious escapes. Git itself provides additional sandboxing.
+ *
+ * @param filePath - The file path to validate
+ * @throws PathValidationError if path is suspicious
+ */
+export function assertValidGitPath(filePath: string): void {
+	if (isAbsolute(filePath)) {
+		throw new PathValidationError(
+			"Absolute paths are not allowed in git operations",
+			"ABSOLUTE_PATH",
+		);
+	}
+
+	const normalized = normalize(filePath);
+	const segments = normalized.split(sep);
+
+	// Check for ".." as a segment (not substring - allows "..foo")
+	if (segments.includes("..")) {
+		throw new PathValidationError(
+			"Path traversal not allowed in git operations",
+			"PATH_TRAVERSAL",
+		);
+	}
+}
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security/secure-fs.ts b/apps/desktop/src/lib/trpc/routers/changes/security/secure-fs.ts
new file mode 100644
index 00000000000..1f4bb0e3d5e
--- /dev/null
+++ b/apps/desktop/src/lib/trpc/routers/changes/security/secure-fs.ts
@@ -0,0 +1,134 @@
+import type { Stats } from "node:fs";
+import { lstat, readFile, rm, stat, writeFile } from "node:fs/promises";
+import { assertRegisteredWorktree, resolveSecurePath } from "./path-validation";
+
+/**
+ * Secure filesystem operations that enforce validation.
+ *
+ * Design principle: You cannot perform filesystem operations without
+ * going through validation. The validation is built into each operation.
+ *
+ * All operations:
+ * 1. Validate worktree is registered in database
+ * 2. Validate path doesn't escape worktree
+ * 3. Check for symlink escapes (configurable)
+ *
+ * Use Biome's restricted-imports rule to ban direct `node:fs` imports
+ * in router files - this module should be the only FS access point.
+ */
+export const secureFs = {
+	/**
+	 * Read a file within a worktree.
+	 *
+	 * Validates path and checks for symlink escapes to prevent
+	 * reading files outside the worktree via symlinks.
+	 */
+	async readFile(
+		worktreePath: string,
+		filePath: string,
+		encoding: BufferEncoding = "utf-8",
+	): Promise<string> {
+		assertRegisteredWorktree(worktreePath);
+		const fullPath = await resolveSecurePath(worktreePath, filePath, {
+			checkSymlinks: true,
+		});
+		return readFile(fullPath, encoding);
+	},
+
+	/**
+	 * Read a file as a Buffer within a worktree.
+	 *
+	 * Validates path and checks for symlink escapes.
+	 */
+	async readFileBuffer(
+		worktreePath: string,
+		filePath: string,
+	): Promise<Buffer> {
+		assertRegisteredWorktree(worktreePath);
+		const fullPath = await resolveSecurePath(worktreePath, filePath, {
+			checkSymlinks: true,
+		});
+		return readFile(fullPath);
+	},
+
+	/**
+	 * Write content to a file within a worktree.
+	 *
+	 * Validates path and checks for symlink escapes to prevent
+	 * writing files outside the worktree via symlinks.
+	 */
+	async writeFile(
+		worktreePath: string,
+		filePath: string,
+		content: string,
+	): Promise<void> {
+		assertRegisteredWorktree(worktreePath);
+		const fullPath = await resolveSecurePath(worktreePath, filePath, {
+			checkSymlinks: true,
+		});
+		await writeFile(fullPath, content, "utf-8");
+	},
+
+	/**
+	 * Delete a file or directory within a worktree.
+	 *
+	 * DANGEROUS: Uses recursive + force deletion.
+	 * Validates path and checks for symlink escapes.
+	 * Explicitly prevents deleting the worktree root.
+	 */
+	async delete(worktreePath: string, filePath: string): Promise<void> {
+		assertRegisteredWorktree(worktreePath);
+		const fullPath = await resolveSecurePath(worktreePath, filePath, {
+			checkSymlinks: true,
+			allowRoot: false, // Explicitly prevent deleting worktree root
+		});
+		await rm(fullPath, { recursive: true, force: true });
+	},
+
+	/**
+	 * Get file stats within a worktree.
+	 *
+	 * Uses `stat` (follows symlinks) to get the real file size.
+	 * This is important for size checks - lstat would return
+	 * the symlink size, not the target file size.
+	 */
+	async stat(worktreePath: string, filePath: string): Promise<Stats> {
+		assertRegisteredWorktree(worktreePath);
+		const fullPath = await resolveSecurePath(worktreePath, filePath, {
+			checkSymlinks: true,
+		});
+		return stat(fullPath);
+	},
+
+	/**
+	 * Get file stats without following symlinks.
+	 *
+	 * Use this when you need to know if something IS a symlink.
+	 * For size checks, prefer `stat` instead.
+	 */
+	async lstat(worktreePath: string, filePath: string): Promise<Stats> {
+		assertRegisteredWorktree(worktreePath);
+		const fullPath = await resolveSecurePath(worktreePath, filePath, {
+			checkSymlinks: true,
+		});
+		return lstat(fullPath);
+	},
+
+	/**
+	 * Check if a file exists within a worktree.
+	 *
+	 * Returns false for non-existent files and validation failures.
+	 */
+	async exists(worktreePath: string, filePath: string): Promise<boolean> {
+		try {
+			assertRegisteredWorktree(worktreePath);
+			const fullPath = await resolveSecurePath(worktreePath, filePath, {
+				checkSymlinks: true,
+			});
+			await stat(fullPath);
+			return true;
+		} catch {
+			return false;
+		}
+	},
+};
diff --git a/apps/desktop/src/lib/trpc/routers/changes/staging.ts b/apps/desktop/src/lib/trpc/routers/changes/staging.ts
index a9e401b61b2..83c06a489ec 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/staging.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/staging.ts
@@ -1,9 +1,13 @@
-import { rm } from "node:fs/promises";
-import { join } from "node:path";
-import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import { assertWorktreePathInDb } from "./security";
+import {
+	gitCheckoutFile,
+	gitStageAll,
+	gitStageFile,
+	gitUnstageAll,
+	gitUnstageFile,
+	secureFs,
+} from "./security";
 
 export const createStagingRouter = () => {
 	return router({
@@ -15,12 +19,7 @@ export const createStagingRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
-
-				const git = simpleGit(input.worktreePath);
-				// P2: Use -- to prevent paths starting with - from being interpreted as flags
-				await git.add(["--", input.filePath]);
+				await gitStageFile(input.worktreePath, input.filePath);
 				return { success: true };
 			}),
 
@@ -32,11 +31,7 @@ export const createStagingRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
-
-				const git = simpleGit(input.worktreePath);
-				await git.reset(["HEAD", "--", input.filePath]);
+				await gitUnstageFile(input.worktreePath, input.filePath);
 				return { success: true };
 			}),
 
@@ -48,33 +43,21 @@ export const createStagingRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
-
-				const git = simpleGit(input.worktreePath);
-				await git.checkout(["--", input.filePath]);
+				await gitCheckoutFile(input.worktreePath, input.filePath);
 				return { success: true };
 			}),
 
 		stageAll: publicProcedure
 			.input(z.object({ worktreePath: z.string() }))
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
-
-				const git = simpleGit(input.worktreePath);
-				await git.add("-A");
+				await gitStageAll(input.worktreePath);
 				return { success: true };
 			}),
 
 		unstageAll: publicProcedure
 			.input(z.object({ worktreePath: z.string() }))
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
-
-				const git = simpleGit(input.worktreePath);
-				await git.reset(["HEAD"]);
+				await gitUnstageAll(input.worktreePath);
 				return { success: true };
 			}),
 
@@ -86,12 +69,8 @@ export const createStagingRouter = () => {
 				}),
 			)
 			.mutation(async ({ input }): Promise<{ success: boolean }> => {
-				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
-
-				// filePath comes from git status output, which git already sandboxes
-				const fullPath = join(input.worktreePath, input.filePath);
-				await rm(fullPath, { recursive: true, force: true });
+				// secureFs.delete validates path and checks for symlink escapes
+				await secureFs.delete(input.worktreePath, input.filePath);
 				return { success: true };
 			}),
 	});
diff --git a/apps/desktop/src/lib/trpc/routers/changes/status.ts b/apps/desktop/src/lib/trpc/routers/changes/status.ts
index e3bf151ec77..9b79a161a71 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/status.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/status.ts
@@ -1,9 +1,8 @@
-import { lstat, readFile } from "node:fs/promises";
 import type { ChangedFile, GitChangesStatus } from "shared/changes-types";
 import simpleGit from "simple-git";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
-import { assertWorktreePathInDb, validateFilePath } from "./security";
+import { assertRegisteredWorktree, secureFs } from "./security";
 import { applyNumstatToFiles } from "./utils/apply-numstat";
 import {
 	parseGitLog,
@@ -21,8 +20,7 @@ export const createStatusRouter = () => {
 				}),
 			)
 			.query(async ({ input }): Promise<GitChangesStatus> => {
-				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
+				assertRegisteredWorktree(input.worktreePath);
 
 				const git = simpleGit(input.worktreePath);
 				const defaultBranch = input.defaultBranch || "main";
@@ -67,8 +65,7 @@ export const createStatusRouter = () => {
 				}),
 			)
 			.query(async ({ input }): Promise<ChangedFile[]> => {
-				// SECURITY: Validate worktreePath exists in localDb
-				assertWorktreePathInDb(input.worktreePath);
+				assertRegisteredWorktree(input.worktreePath);
 
 				const git = simpleGit(input.worktreePath);
 
@@ -150,25 +147,31 @@ async function getBranchComparison(
 /** Max file size for line counting (1 MiB) - skip larger files to avoid OOM */
 const MAX_LINE_COUNT_SIZE = 1 * 1024 * 1024;
 
+/**
+ * Apply line counts to untracked files.
+ *
+ * Uses secureFs which:
+ * - Validates paths don't escape worktree
+ * - Uses stat (follows symlinks) for accurate size checks
+ * - Checks for symlink escapes
+ */
 async function applyUntrackedLineCount(
 	worktreePath: string,
 	untracked: ChangedFile[],
 ): Promise<void> {
 	for (const file of untracked) {
 		try {
-			// P0 SECURITY: Validate path doesn't escape worktree (rejects .. and absolute)
-			const validation = validateFilePath(worktreePath, file.path);
-			if (!validation.valid) continue;
-
-			// P0 PERFORMANCE: Skip large files to avoid OOM on polling
-			const stats = await lstat(validation.fullPath);
+			// secureFs.stat uses stat (follows symlinks) for accurate size
+			const stats = await secureFs.stat(worktreePath, file.path);
 			if (stats.size > MAX_LINE_COUNT_SIZE) continue;
 
-			const content = await readFile(validation.fullPath, "utf-8");
+			const content = await secureFs.readFile(worktreePath, file.path);
 			const lineCount = content.split("\n").length;
 			file.additions = lineCount;
 			file.deletions = 0;
-		} catch {}
+		} catch {
+			// Skip files that fail validation or reading
+		}
 	}
 }
 

From d70d6b36a05c8cecf3b9d0ff7910bfae81100d58 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Wed, 31 Dec 2025 09:31:17 +0200
Subject: [PATCH 13/14] feat(desktop): add configurable terminal file link
 behavior

Add a setting to control whether Cmd+clicking file paths in the terminal
opens them in an external editor (default) or in the in-app FileViewerPane.

- Add terminalLinkBehavior setting to local-db schema with migration
- Add getTerminalLinkBehavior/setTerminalLinkBehavior tRPC procedures
- Refactor createTerminalInstance to accept onFileLinkClick callback
- Wire up setting in Terminal.tsx with ref pattern (avoids terminal recreation)
- Add Select UI in BehaviorSettings for choosing link behavior
---
 .../src/lib/trpc/routers/settings/index.ts    |  31 +-
 .../SettingsView/BehaviorSettings.tsx         |  68 ++
 .../TabsContent/Terminal/Terminal.tsx         |  48 +-
 .../TabsContent/Terminal/helpers.ts           |  46 +-
 apps/desktop/src/shared/constants.ts          |   1 +
 ...004_add_terminal_link_behavior_setting.sql |   1 +
 .../local-db/drizzle/meta/0004_snapshot.json  | 977 ++++++++++++++++++
 packages/local-db/drizzle/meta/_journal.json  |   7 +
 packages/local-db/src/schema/schema.ts        |   4 +
 packages/local-db/src/schema/zod.ts           |  10 +
 10 files changed, 1169 insertions(+), 24 deletions(-)
 create mode 100644 packages/local-db/drizzle/0004_add_terminal_link_behavior_setting.sql
 create mode 100644 packages/local-db/drizzle/meta/0004_snapshot.json

diff --git a/apps/desktop/src/lib/trpc/routers/settings/index.ts b/apps/desktop/src/lib/trpc/routers/settings/index.ts
index ce624581628..8c2e5ed6e83 100644
--- a/apps/desktop/src/lib/trpc/routers/settings/index.ts
+++ b/apps/desktop/src/lib/trpc/routers/settings/index.ts
@@ -1,6 +1,13 @@
-import { settings, type TerminalPreset } from "@superset/local-db";
+import {
+	settings,
+	TERMINAL_LINK_BEHAVIORS,
+	type TerminalPreset,
+} from "@superset/local-db";
 import { localDb } from "main/lib/local-db";
-import { DEFAULT_CONFIRM_ON_QUIT } from "shared/constants";
+import {
+	DEFAULT_CONFIRM_ON_QUIT,
+	DEFAULT_TERMINAL_LINK_BEHAVIOR,
+} from "shared/constants";
 import { DEFAULT_RINGTONE_ID, RINGTONES } from "shared/ringtones";
 import { z } from "zod";
 import { publicProcedure, router } from "../..";
@@ -180,5 +187,25 @@ export const createSettingsRouter = () => {
 
 				return { success: true };
 			}),
+
+		getTerminalLinkBehavior: publicProcedure.query(() => {
+			const row = getSettings();
+			return row.terminalLinkBehavior ?? DEFAULT_TERMINAL_LINK_BEHAVIOR;
+		}),
+
+		setTerminalLinkBehavior: publicProcedure
+			.input(z.object({ behavior: z.enum(TERMINAL_LINK_BEHAVIORS) }))
+			.mutation(({ input }) => {
+				localDb
+					.insert(settings)
+					.values({ id: 1, terminalLinkBehavior: input.behavior })
+					.onConflictDoUpdate({
+						target: settings.id,
+						set: { terminalLinkBehavior: input.behavior },
+					})
+					.run();
+
+				return { success: true };
+			}),
 	});
 };
diff --git a/apps/desktop/src/renderer/screens/main/components/SettingsView/BehaviorSettings.tsx b/apps/desktop/src/renderer/screens/main/components/SettingsView/BehaviorSettings.tsx
index f21aff0a34f..bdc930ec4f0 100644
--- a/apps/desktop/src/renderer/screens/main/components/SettingsView/BehaviorSettings.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/SettingsView/BehaviorSettings.tsx
@@ -1,4 +1,12 @@
+import type { TerminalLinkBehavior } from "@superset/local-db";
 import { Label } from "@superset/ui/label";
+import {
+	Select,
+	SelectContent,
+	SelectItem,
+	SelectTrigger,
+	SelectValue,
+} from "@superset/ui/select";
 import { Switch } from "@superset/ui/switch";
 import { trpc } from "renderer/lib/trpc";
 
@@ -32,6 +40,37 @@ export function BehaviorSettings() {
 		setConfirmOnQuit.mutate({ enabled });
 	};
 
+	// Terminal link behavior setting
+	const { data: terminalLinkBehavior, isLoading: isLoadingLinkBehavior } =
+		trpc.settings.getTerminalLinkBehavior.useQuery();
+
+	const setTerminalLinkBehavior =
+		trpc.settings.setTerminalLinkBehavior.useMutation({
+			onMutate: async ({ behavior }) => {
+				await utils.settings.getTerminalLinkBehavior.cancel();
+				const previous = utils.settings.getTerminalLinkBehavior.getData();
+				utils.settings.getTerminalLinkBehavior.setData(undefined, behavior);
+				return { previous };
+			},
+			onError: (_err, _vars, context) => {
+				if (context?.previous !== undefined) {
+					utils.settings.getTerminalLinkBehavior.setData(
+						undefined,
+						context.previous,
+					);
+				}
+			},
+			onSettled: () => {
+				utils.settings.getTerminalLinkBehavior.invalidate();
+			},
+		});
+
+	const handleLinkBehaviorChange = (value: string) => {
+		setTerminalLinkBehavior.mutate({
+			behavior: value as TerminalLinkBehavior,
+		});
+	};
+
 	return (
 		<div className="p-6 max-w-4xl w-full">
 			<div className="mb-8">
@@ -58,6 +97,35 @@ export function BehaviorSettings() {
 						disabled={isLoading || setConfirmOnQuit.isPending}
 					/>
 				</div>
+
+				<div className="flex items-center justify-between">
+					<div className="space-y-0.5">
+						<Label
+							htmlFor="terminal-link-behavior"
+							className="text-sm font-medium"
+						>
+							Terminal file links
+						</Label>
+						<p className="text-xs text-muted-foreground">
+							Choose how to open file paths when Cmd+clicking in the terminal
+						</p>
+					</div>
+					<Select
+						value={terminalLinkBehavior ?? "external-editor"}
+						onValueChange={handleLinkBehaviorChange}
+						disabled={
+							isLoadingLinkBehavior || setTerminalLinkBehavior.isPending
+						}
+					>
+						<SelectTrigger className="w-[180px]">
+							<SelectValue />
+						</SelectTrigger>
+						<SelectContent>
+							<SelectItem value="external-editor">External editor</SelectItem>
+							<SelectItem value="file-viewer">File viewer</SelectItem>
+						</SelectContent>
+					</Select>
+				</div>
 			</div>
 		</div>
 	);
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/Terminal/Terminal.tsx b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/Terminal/Terminal.tsx
index 20a261a4d85..4c67aba85b0 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/Terminal/Terminal.tsx
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/Terminal/Terminal.tsx
@@ -5,6 +5,7 @@ import "@xterm/xterm/css/xterm.css";
 import debounce from "lodash/debounce";
 import { useCallback, useEffect, useRef, useState } from "react";
 import { trpc } from "renderer/lib/trpc";
+import { trpcClient } from "renderer/lib/trpc-client";
 import { useAppHotkey } from "renderer/stores/hotkeys";
 import { useTabsStore } from "renderer/stores/tabs/store";
 import { useTerminalCallbacksStore } from "renderer/stores/tabs/terminal-callbacks";
@@ -47,6 +48,7 @@ export const Terminal = ({ tabId, workspaceId }: TerminalProps) => {
 	const setTabAutoTitle = useTabsStore((s) => s.setTabAutoTitle);
 	const updatePaneCwd = useTabsStore((s) => s.updatePaneCwd);
 	const focusedPaneIds = useTabsStore((s) => s.focusedPaneIds);
+	const addFileViewerPane = useTabsStore((s) => s.addFileViewerPane);
 	const terminalTheme = useTerminalTheme();
 
 	// Ref for initial theme to avoid recreating terminal on theme change
@@ -68,6 +70,41 @@ export const Terminal = ({ tabId, workspaceId }: TerminalProps) => {
 	const { data: workspaceCwd } =
 		trpc.terminal.getWorkspaceCwd.useQuery(workspaceId);
 
+	// Query terminal link behavior setting
+	const { data: terminalLinkBehavior } =
+		trpc.settings.getTerminalLinkBehavior.useQuery();
+
+	// Handler for file link clicks - uses current setting value
+	const handleFileLinkClick = useCallback(
+		(path: string, line?: number, column?: number) => {
+			const behavior = terminalLinkBehavior ?? "external-editor";
+
+			if (behavior === "file-viewer") {
+				addFileViewerPane(workspaceId, { filePath: path });
+			} else {
+				trpcClient.external.openFileInEditor
+					.mutate({
+						path,
+						line,
+						column,
+						cwd: workspaceCwd ?? undefined,
+					})
+					.catch((error) => {
+						console.error(
+							"[Terminal] Failed to open file in editor:",
+							path,
+							error,
+						);
+					});
+			}
+		},
+		[terminalLinkBehavior, workspaceId, workspaceCwd, addFileViewerPane],
+	);
+
+	// Ref to avoid terminal recreation when callback changes
+	const handleFileLinkClickRef = useRef(handleFileLinkClick);
+	handleFileLinkClickRef.current = handleFileLinkClick;
+
 	// Seed cwd from initialCwd or workspace path (shell spawns there)
 	// OSC-7 will override if/when the shell reports directory changes
 	useEffect(() => {
@@ -197,11 +234,12 @@ export const Terminal = ({ tabId, workspaceId }: TerminalProps) => {
 			xterm,
 			fitAddon,
 			cleanup: cleanupQuerySuppression,
-		} = createTerminalInstance(
-			container,
-			workspaceCwd,
-			initialThemeRef.current,
-		);
+		} = createTerminalInstance(container, {
+			cwd: workspaceCwd,
+			initialTheme: initialThemeRef.current,
+			onFileLinkClick: (path, line, column) =>
+				handleFileLinkClickRef.current(path, line, column),
+		});
 		xtermRef.current = xterm;
 		fitAddonRef.current = fitAddon;
 		isExitedRef.current = false;
diff --git a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/Terminal/helpers.ts b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/Terminal/helpers.ts
index 6058503b816..89473cdf9d6 100644
--- a/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/Terminal/helpers.ts
+++ b/apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/Terminal/helpers.ts
@@ -92,19 +92,26 @@ function loadRenderer(xterm: XTerm): { dispose: () => void } {
 	};
 }
 
+export interface CreateTerminalOptions {
+	cwd?: string;
+	initialTheme?: ITheme | null;
+	onFileLinkClick?: (path: string, line?: number, column?: number) => void;
+}
+
 export function createTerminalInstance(
 	container: HTMLDivElement,
-	cwd?: string,
-	initialTheme?: ITheme | null,
+	options: CreateTerminalOptions = {},
 ): {
 	xterm: XTerm;
 	fitAddon: FitAddon;
 	cleanup: () => void;
 } {
+	const { cwd, initialTheme, onFileLinkClick } = options;
+
 	// Use provided theme, or fall back to localStorage-based default to prevent flash
 	const theme = initialTheme ?? getDefaultTerminalTheme();
-	const options = { ...TERMINAL_OPTIONS, theme };
-	const xterm = new XTerm(options);
+	const terminalOptions = { ...TERMINAL_OPTIONS, theme };
+	const xterm = new XTerm(terminalOptions);
 	const fitAddon = new FitAddon();
 
 	const clipboardAddon = new ClipboardAddon();
@@ -142,20 +149,25 @@ export function createTerminalInstance(
 	const filePathLinkProvider = new FilePathLinkProvider(
 		xterm,
 		(_event, path, line, column) => {
-			trpcClient.external.openFileInEditor
-				.mutate({
-					path,
-					line,
-					column,
-					cwd,
-				})
-				.catch((error) => {
-					console.error(
-						"[Terminal] Failed to open file in editor:",
+			if (onFileLinkClick) {
+				onFileLinkClick(path, line, column);
+			} else {
+				// Fallback to default behavior (external editor)
+				trpcClient.external.openFileInEditor
+					.mutate({
 						path,
-						error,
-					);
-				});
+						line,
+						column,
+						cwd,
+					})
+					.catch((error) => {
+						console.error(
+							"[Terminal] Failed to open file in editor:",
+							path,
+							error,
+						);
+					});
+			}
 		},
 	);
 	xterm.registerLinkProvider(filePathLinkProvider);
diff --git a/apps/desktop/src/shared/constants.ts b/apps/desktop/src/shared/constants.ts
index 6bc788cead4..1ec904ae1fc 100644
--- a/apps/desktop/src/shared/constants.ts
+++ b/apps/desktop/src/shared/constants.ts
@@ -46,3 +46,4 @@ export const NOTIFICATION_EVENTS = {
 
 // Default user preference values
 export const DEFAULT_CONFIRM_ON_QUIT = true;
+export const DEFAULT_TERMINAL_LINK_BEHAVIOR = "external-editor" as const;
diff --git a/packages/local-db/drizzle/0004_add_terminal_link_behavior_setting.sql b/packages/local-db/drizzle/0004_add_terminal_link_behavior_setting.sql
new file mode 100644
index 00000000000..ad70f21f3fe
--- /dev/null
+++ b/packages/local-db/drizzle/0004_add_terminal_link_behavior_setting.sql
@@ -0,0 +1 @@
+ALTER TABLE `settings` ADD `terminal_link_behavior` text;
\ No newline at end of file
diff --git a/packages/local-db/drizzle/meta/0004_snapshot.json b/packages/local-db/drizzle/meta/0004_snapshot.json
new file mode 100644
index 00000000000..991b5469eb5
--- /dev/null
+++ b/packages/local-db/drizzle/meta/0004_snapshot.json
@@ -0,0 +1,977 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "bb9f9f85-bcbb-4003-b20f-4c172a1c6fc8",
+  "prevId": "d5a52ac9-bc1e-4529-89bf-5748d4df5006",
+  "tables": {
+    "organization_members": {
+      "name": "organization_members",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "organization_members_organization_id_idx": {
+          "name": "organization_members_organization_id_idx",
+          "columns": [
+            "organization_id"
+          ],
+          "isUnique": false
+        },
+        "organization_members_user_id_idx": {
+          "name": "organization_members_user_id_idx",
+          "columns": [
+            "user_id"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {
+        "organization_members_organization_id_organizations_id_fk": {
+          "name": "organization_members_organization_id_organizations_id_fk",
+          "tableFrom": "organization_members",
+          "tableTo": "organizations",
+          "columnsFrom": [
+            "organization_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "organization_members_user_id_users_id_fk": {
+          "name": "organization_members_user_id_users_id_fk",
+          "tableFrom": "organization_members",
+          "tableTo": "users",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "organizations": {
+      "name": "organizations",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "clerk_org_id": {
+          "name": "clerk_org_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "slug": {
+          "name": "slug",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "github_org": {
+          "name": "github_org",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "avatar_url": {
+          "name": "avatar_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "organizations_clerk_org_id_unique": {
+          "name": "organizations_clerk_org_id_unique",
+          "columns": [
+            "clerk_org_id"
+          ],
+          "isUnique": true
+        },
+        "organizations_slug_unique": {
+          "name": "organizations_slug_unique",
+          "columns": [
+            "slug"
+          ],
+          "isUnique": true
+        },
+        "organizations_slug_idx": {
+          "name": "organizations_slug_idx",
+          "columns": [
+            "slug"
+          ],
+          "isUnique": false
+        },
+        "organizations_clerk_org_id_idx": {
+          "name": "organizations_clerk_org_id_idx",
+          "columns": [
+            "clerk_org_id"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "projects": {
+      "name": "projects",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "main_repo_path": {
+          "name": "main_repo_path",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "tab_order": {
+          "name": "tab_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_opened_at": {
+          "name": "last_opened_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "config_toast_dismissed": {
+          "name": "config_toast_dismissed",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "default_branch": {
+          "name": "default_branch",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "projects_main_repo_path_idx": {
+          "name": "projects_main_repo_path_idx",
+          "columns": [
+            "main_repo_path"
+          ],
+          "isUnique": false
+        },
+        "projects_last_opened_at_idx": {
+          "name": "projects_last_opened_at_idx",
+          "columns": [
+            "last_opened_at"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "settings": {
+      "name": "settings",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 1
+        },
+        "last_active_workspace_id": {
+          "name": "last_active_workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_used_app": {
+          "name": "last_used_app",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "terminal_presets": {
+          "name": "terminal_presets",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "terminal_presets_initialized": {
+          "name": "terminal_presets_initialized",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "selected_ringtone_id": {
+          "name": "selected_ringtone_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "active_organization_id": {
+          "name": "active_organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "confirm_on_quit": {
+          "name": "confirm_on_quit",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "terminal_link_behavior": {
+          "name": "terminal_link_behavior",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "tasks": {
+      "name": "tasks",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "slug": {
+          "name": "slug",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status_color": {
+          "name": "status_color",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "status_type": {
+          "name": "status_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "status_position": {
+          "name": "status_position",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "priority": {
+          "name": "priority",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "organization_id": {
+          "name": "organization_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "repository_id": {
+          "name": "repository_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "assignee_id": {
+          "name": "assignee_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "creator_id": {
+          "name": "creator_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "estimate": {
+          "name": "estimate",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "due_date": {
+          "name": "due_date",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "labels": {
+          "name": "labels",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "branch": {
+          "name": "branch",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "pr_url": {
+          "name": "pr_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "external_provider": {
+          "name": "external_provider",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "external_id": {
+          "name": "external_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "external_key": {
+          "name": "external_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "external_url": {
+          "name": "external_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_synced_at": {
+          "name": "last_synced_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "sync_error": {
+          "name": "sync_error",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "started_at": {
+          "name": "started_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "completed_at": {
+          "name": "completed_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "tasks_slug_unique": {
+          "name": "tasks_slug_unique",
+          "columns": [
+            "slug"
+          ],
+          "isUnique": true
+        },
+        "tasks_slug_idx": {
+          "name": "tasks_slug_idx",
+          "columns": [
+            "slug"
+          ],
+          "isUnique": false
+        },
+        "tasks_organization_id_idx": {
+          "name": "tasks_organization_id_idx",
+          "columns": [
+            "organization_id"
+          ],
+          "isUnique": false
+        },
+        "tasks_assignee_id_idx": {
+          "name": "tasks_assignee_id_idx",
+          "columns": [
+            "assignee_id"
+          ],
+          "isUnique": false
+        },
+        "tasks_status_idx": {
+          "name": "tasks_status_idx",
+          "columns": [
+            "status"
+          ],
+          "isUnique": false
+        },
+        "tasks_created_at_idx": {
+          "name": "tasks_created_at_idx",
+          "columns": [
+            "created_at"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {
+        "tasks_organization_id_organizations_id_fk": {
+          "name": "tasks_organization_id_organizations_id_fk",
+          "tableFrom": "tasks",
+          "tableTo": "organizations",
+          "columnsFrom": [
+            "organization_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "tasks_assignee_id_users_id_fk": {
+          "name": "tasks_assignee_id_users_id_fk",
+          "tableFrom": "tasks",
+          "tableTo": "users",
+          "columnsFrom": [
+            "assignee_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "tasks_creator_id_users_id_fk": {
+          "name": "tasks_creator_id_users_id_fk",
+          "tableFrom": "tasks",
+          "tableTo": "users",
+          "columnsFrom": [
+            "creator_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "users": {
+      "name": "users",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "clerk_id": {
+          "name": "clerk_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "avatar_url": {
+          "name": "avatar_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "deleted_at": {
+          "name": "deleted_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "users_clerk_id_unique": {
+          "name": "users_clerk_id_unique",
+          "columns": [
+            "clerk_id"
+          ],
+          "isUnique": true
+        },
+        "users_email_unique": {
+          "name": "users_email_unique",
+          "columns": [
+            "email"
+          ],
+          "isUnique": true
+        },
+        "users_email_idx": {
+          "name": "users_email_idx",
+          "columns": [
+            "email"
+          ],
+          "isUnique": false
+        },
+        "users_clerk_id_idx": {
+          "name": "users_clerk_id_idx",
+          "columns": [
+            "clerk_id"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "workspaces": {
+      "name": "workspaces",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "project_id": {
+          "name": "project_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "worktree_id": {
+          "name": "worktree_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "branch": {
+          "name": "branch",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "tab_order": {
+          "name": "tab_order",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "last_opened_at": {
+          "name": "last_opened_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "workspaces_project_id_idx": {
+          "name": "workspaces_project_id_idx",
+          "columns": [
+            "project_id"
+          ],
+          "isUnique": false
+        },
+        "workspaces_worktree_id_idx": {
+          "name": "workspaces_worktree_id_idx",
+          "columns": [
+            "worktree_id"
+          ],
+          "isUnique": false
+        },
+        "workspaces_last_opened_at_idx": {
+          "name": "workspaces_last_opened_at_idx",
+          "columns": [
+            "last_opened_at"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {
+        "workspaces_project_id_projects_id_fk": {
+          "name": "workspaces_project_id_projects_id_fk",
+          "tableFrom": "workspaces",
+          "tableTo": "projects",
+          "columnsFrom": [
+            "project_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "workspaces_worktree_id_worktrees_id_fk": {
+          "name": "workspaces_worktree_id_worktrees_id_fk",
+          "tableFrom": "workspaces",
+          "tableTo": "worktrees",
+          "columnsFrom": [
+            "worktree_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "worktrees": {
+      "name": "worktrees",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "project_id": {
+          "name": "project_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "path": {
+          "name": "path",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "branch": {
+          "name": "branch",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "base_branch": {
+          "name": "base_branch",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "git_status": {
+          "name": "git_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "github_status": {
+          "name": "github_status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "worktrees_project_id_idx": {
+          "name": "worktrees_project_id_idx",
+          "columns": [
+            "project_id"
+          ],
+          "isUnique": false
+        },
+        "worktrees_branch_idx": {
+          "name": "worktrees_branch_idx",
+          "columns": [
+            "branch"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {
+        "worktrees_project_id_projects_id_fk": {
+          "name": "worktrees_project_id_projects_id_fk",
+          "tableFrom": "worktrees",
+          "tableTo": "projects",
+          "columnsFrom": [
+            "project_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/packages/local-db/drizzle/meta/_journal.json b/packages/local-db/drizzle/meta/_journal.json
index 3117a6e2266..65dc59e762b 100644
--- a/packages/local-db/drizzle/meta/_journal.json
+++ b/packages/local-db/drizzle/meta/_journal.json
@@ -29,6 +29,13 @@
       "when": 1766932805546,
       "tag": "0003_add_confirm_on_quit_setting",
       "breakpoints": true
+    },
+    {
+      "idx": 4,
+      "version": "6",
+      "when": 1767166138761,
+      "tag": "0004_add_terminal_link_behavior_setting",
+      "breakpoints": true
     }
   ]
 }
\ No newline at end of file
diff --git a/packages/local-db/src/schema/schema.ts b/packages/local-db/src/schema/schema.ts
index 9b0639805f0..0f98d17ada9 100644
--- a/packages/local-db/src/schema/schema.ts
+++ b/packages/local-db/src/schema/schema.ts
@@ -5,6 +5,7 @@ import type {
 	ExternalApp,
 	GitHubStatus,
 	GitStatus,
+	TerminalLinkBehavior,
 	TerminalPreset,
 	WorkspaceType,
 } from "./zod";
@@ -127,6 +128,9 @@ export const settings = sqliteTable("settings", {
 	selectedRingtoneId: text("selected_ringtone_id"),
 	activeOrganizationId: text("active_organization_id"),
 	confirmOnQuit: integer("confirm_on_quit", { mode: "boolean" }),
+	terminalLinkBehavior: text(
+		"terminal_link_behavior",
+	).$type<TerminalLinkBehavior>(),
 });
 
 export type InsertSettings = typeof settings.$inferInsert;
diff --git a/packages/local-db/src/schema/zod.ts b/packages/local-db/src/schema/zod.ts
index bb33e1d1596..ca8221e405d 100644
--- a/packages/local-db/src/schema/zod.ts
+++ b/packages/local-db/src/schema/zod.ts
@@ -96,3 +96,13 @@ export const EXTERNAL_APPS = [
 ] as const;
 
 export type ExternalApp = (typeof EXTERNAL_APPS)[number];
+
+/**
+ * Terminal link behavior options
+ */
+export const TERMINAL_LINK_BEHAVIORS = [
+	"external-editor",
+	"file-viewer",
+] as const;
+
+export type TerminalLinkBehavior = (typeof TERMINAL_LINK_BEHAVIORS)[number];

From 0bfdbe6ee5ef3415c847306933576b7c9ff9d7e3 Mon Sep 17 00:00:00 2001
From: Andreas Asprou <andyasprou@gmail.com>
Date: Wed, 31 Dec 2025 09:35:50 +0200
Subject: [PATCH 14/14] refactor(desktop): simplify security - remove symlink
 escape detection

Remove async symlink escape detection from path validation since the
threat model doesn't justify it: a compromised renderer already has
terminal access for arbitrary command execution.

Changes:
- Replace resolveSecurePath (async) with resolvePathInWorktree (sync)
- Remove assertNoSymlinkEscape and checkSymlinks option
- Add validateRelativePath for simple path safety checks
- Update secure-fs.ts to use new sync functions
- Update threat model documentation in path-validation.ts
---
 .../trpc/routers/changes/security/index.ts    |  17 +-
 .../changes/security/path-validation.ts       | 219 ++++++------------
 .../routers/changes/security/secure-fs.ts     |  62 ++---
 3 files changed, 94 insertions(+), 204 deletions(-)

diff --git a/apps/desktop/src/lib/trpc/routers/changes/security/index.ts b/apps/desktop/src/lib/trpc/routers/changes/security/index.ts
index b2763809771..8fdb09c9e7a 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/security/index.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/security/index.ts
@@ -1,13 +1,11 @@
 /**
  * Security module for changes routers.
  *
- * This module provides:
- * - Path validation with symlink escape protection
- * - Secure filesystem wrappers
- * - Worktree registration checks
+ * Security model:
+ * - PRIMARY: Worktree must be registered in localDb
+ * - SECONDARY: Paths validated for traversal attempts
  *
- * All filesystem operations in the changes routers should go through
- * this module to ensure consistent security checks.
+ * See path-validation.ts header for full threat model.
  */
 
 export {
@@ -18,13 +16,16 @@ export {
 	gitUnstageAll,
 	gitUnstageFile,
 } from "./git-commands";
+
 export {
 	assertRegisteredWorktree,
 	assertValidGitPath,
 	getRegisteredWorktree,
 	PathValidationError,
 	type PathValidationErrorCode,
-	type ResolveSecurePathOptions,
-	resolveSecurePath,
+	resolvePathInWorktree,
+	type ValidatePathOptions,
+	validateRelativePath,
 } from "./path-validation";
+
 export { secureFs } from "./secure-fs";
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security/path-validation.ts b/apps/desktop/src/lib/trpc/routers/changes/security/path-validation.ts
index 675f209f030..72292859b02 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/security/path-validation.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/security/path-validation.ts
@@ -1,23 +1,40 @@
-import { realpath } from "node:fs/promises";
-import {
-	dirname,
-	isAbsolute,
-	normalize,
-	relative,
-	resolve,
-	sep,
-} from "node:path";
+import { isAbsolute, normalize, resolve, sep } from "node:path";
 import { worktrees } from "@superset/local-db";
 import { eq } from "drizzle-orm";
 import { localDb } from "main/lib/local-db";
 
+/**
+ * Security model for desktop app filesystem access:
+ *
+ * THREAT MODEL ASSUMPTION:
+ * A compromised renderer can already execute arbitrary commands via
+ * terminal panes. Therefore, filesystem-level symlink protections
+ * provide no meaningful security boundary—an attacker with renderer
+ * access can simply run `cat /etc/passwd` in a terminal.
+ *
+ * If your deployment exposes the renderer to untrusted content WITHOUT
+ * terminal access, this model does NOT apply and symlink escape checks
+ * should be re-enabled.
+ *
+ * PRIMARY BOUNDARY: assertRegisteredWorktree()
+ * - Only worktree paths registered in localDb are accessible via tRPC
+ * - Prevents direct filesystem access to unregistered paths
+ *
+ * SECONDARY: validateRelativePath()
+ * - Rejects absolute paths and ".." traversal segments
+ * - Defense in depth against path manipulation
+ *
+ * NOT IMPLEMENTED (intentional, see threat model above):
+ * - Symlink escape detection
+ * - Realpath resolution
+ */
+
 /**
  * Security error codes for path validation failures.
  */
 export type PathValidationErrorCode =
 	| "ABSOLUTE_PATH"
 	| "PATH_TRAVERSAL"
-	| "SYMLINK_ESCAPE"
 	| "UNREGISTERED_WORKTREE"
 	| "INVALID_TARGET";
 
@@ -37,9 +54,7 @@ export class PathValidationError extends Error {
 
 /**
  * Validates that a worktree path is registered in localDb.
- *
- * This is THE critical security boundary - prevents arbitrary filesystem access.
- * A compromised renderer cannot access files outside registered worktrees.
+ * This is THE critical security boundary.
  *
  * @throws PathValidationError if worktree is not registered
  */
@@ -59,8 +74,7 @@ export function assertRegisteredWorktree(worktreePath: string): void {
 }
 
 /**
- * Gets the worktree record if it exists in localDb.
- * Returns the record for additional operations (e.g., updating branch).
+ * Gets the worktree record if registered. Returns record for updates.
  *
  * @throws PathValidationError if worktree is not registered
  */
@@ -84,86 +98,9 @@ export function getRegisteredWorktree(
 }
 
 /**
- * Checks if a relative path escapes its parent directory.
- *
- * Uses the correct segment-aware check:
- * - `..` alone escapes
- * - `../anything` escapes
- * - `..foo` does NOT escape (legitimate directory name)
- */
-function escapesParent(relativePath: string): boolean {
-	return (
-		relativePath === ".." ||
-		relativePath.startsWith(`..${sep}`) ||
-		isAbsolute(relativePath)
-	);
-}
-
-/**
- * Validates a file path doesn't escape the worktree via symlinks.
- *
- * Handles new files by walking up to find the first existing ancestor
- * and validating that ancestor is within the worktree.
- *
- * @throws PathValidationError if symlink escape detected or validation fails
+ * Options for path validation.
  */
-async function assertNoSymlinkEscape(
-	worktreePath: string,
-	fullPath: string,
-): Promise<void> {
-	const realWorktree = await realpath(worktreePath);
-
-	// Walk up to find first existing ancestor
-	let checkPath = fullPath;
-	const root = resolve("/");
-
-	while (checkPath !== root) {
-		try {
-			const realPath = await realpath(checkPath);
-			const rel = relative(realWorktree, realPath);
-
-			if (escapesParent(rel)) {
-				throw new PathValidationError(
-					"Path escapes worktree via symlink",
-					"SYMLINK_ESCAPE",
-				);
-			}
-
-			// Found existing path and validated it - we're done
-			return;
-		} catch (e) {
-			if (e instanceof PathValidationError) {
-				throw e;
-			}
-
-			if ((e as NodeJS.ErrnoException).code === "ENOENT") {
-				// Path doesn't exist, check parent
-				const parent = dirname(checkPath);
-				if (parent === checkPath) {
-					// Hit filesystem root without finding existing path
-					// This shouldn't happen for valid worktree paths
-					break;
-				}
-				checkPath = parent;
-				continue;
-			}
-
-			// For any other error (permissions, etc.), fail closed
-			throw new PathValidationError(
-				`Cannot verify path security: ${(e as Error).message}`,
-				"SYMLINK_ESCAPE",
-			);
-		}
-	}
-}
-
-export interface ResolveSecurePathOptions {
-	/**
-	 * Check for symlink escapes. Required for destructive operations.
-	 * Default: true (fail closed)
-	 */
-	checkSymlinks?: boolean;
-
+export interface ValidatePathOptions {
 	/**
 	 * Allow empty/root path (resolves to worktree itself).
 	 * Default: false (prevents accidental worktree deletion)
@@ -172,31 +109,18 @@ export interface ResolveSecurePathOptions {
 }
 
 /**
- * Validates and resolves a file path within a worktree.
- *
- * Security checks:
- * 1. Rejects absolute paths
- * 2. Rejects path traversal via `..` segments
- * 3. Rejects symlink escapes (by default)
- * 4. Rejects root path unless explicitly allowed
+ * Validates a relative file path for safety.
+ * Rejects absolute paths and path traversal attempts.
  *
- * Uses `path.relative()` containment check - the industry standard pattern
- * from VSCode, MCP servers, and security-focused libraries.
- *
- * @param worktreePath - The registered worktree base path
- * @param filePath - The relative file path to validate
- * @param options - Validation options
- * @returns The resolved full path
- * @throws PathValidationError on any validation failure
+ * @throws PathValidationError if path is invalid
  */
-export async function resolveSecurePath(
-	worktreePath: string,
+export function validateRelativePath(
 	filePath: string,
-	options: ResolveSecurePathOptions = {},
-): Promise<string> {
-	const { checkSymlinks = true, allowRoot = false } = options;
+	options: ValidatePathOptions = {},
+): void {
+	const { allowRoot = false } = options;
 
-	// 1. Reject absolute paths immediately
+	// Reject absolute paths
 	if (isAbsolute(filePath)) {
 		throw new PathValidationError(
 			"Absolute paths are not allowed",
@@ -204,61 +128,50 @@ export async function resolveSecurePath(
 		);
 	}
 
-	// 2. Normalize and resolve
 	const normalized = normalize(filePath);
-	const fullPath = resolve(worktreePath, normalized);
-
-	// 3. Containment check via relative path
-	const relativePath = relative(worktreePath, fullPath);
+	const segments = normalized.split(sep);
 
-	if (escapesParent(relativePath)) {
+	// Reject ".." as a path segment (allows "..foo" directories)
+	if (segments.includes("..")) {
 		throw new PathValidationError(
-			"Path escapes worktree boundary",
+			"Path traversal not allowed",
 			"PATH_TRAVERSAL",
 		);
 	}
 
-	// 4. Check for root path (empty or ".")
-	if (!allowRoot && (relativePath === "" || relativePath === ".")) {
+	// Reject root path unless explicitly allowed
+	if (!allowRoot && (normalized === "" || normalized === ".")) {
 		throw new PathValidationError(
 			"Cannot target worktree root",
 			"INVALID_TARGET",
 		);
 	}
-
-	// 5. Symlink escape check (default: enabled for safety)
-	if (checkSymlinks) {
-		await assertNoSymlinkEscape(worktreePath, fullPath);
-	}
-
-	return fullPath;
 }
 
 /**
- * Validates a path for use in git commands (pathspec).
+ * Validates and resolves a path within a worktree. Sync, simple.
  *
- * Lighter validation than resolveSecurePath - just checks for
- * obvious escapes. Git itself provides additional sandboxing.
+ * @param worktreePath - The worktree base path
+ * @param filePath - The relative file path to validate
+ * @param options - Validation options
+ * @returns The resolved full path
+ * @throws PathValidationError if path is invalid
+ */
+export function resolvePathInWorktree(
+	worktreePath: string,
+	filePath: string,
+	options: ValidatePathOptions = {},
+): string {
+	validateRelativePath(filePath, options);
+	// Use resolve to handle any worktreePath (relative or absolute)
+	return resolve(worktreePath, normalize(filePath));
+}
+
+/**
+ * Validates a path for git commands. Lighter check that allows root.
  *
- * @param filePath - The file path to validate
- * @throws PathValidationError if path is suspicious
+ * @throws PathValidationError if path is invalid
  */
 export function assertValidGitPath(filePath: string): void {
-	if (isAbsolute(filePath)) {
-		throw new PathValidationError(
-			"Absolute paths are not allowed in git operations",
-			"ABSOLUTE_PATH",
-		);
-	}
-
-	const normalized = normalize(filePath);
-	const segments = normalized.split(sep);
-
-	// Check for ".." as a segment (not substring - allows "..foo")
-	if (segments.includes("..")) {
-		throw new PathValidationError(
-			"Path traversal not allowed in git operations",
-			"PATH_TRAVERSAL",
-		);
-	}
+	validateRelativePath(filePath, { allowRoot: true });
 }
diff --git a/apps/desktop/src/lib/trpc/routers/changes/security/secure-fs.ts b/apps/desktop/src/lib/trpc/routers/changes/security/secure-fs.ts
index 1f4bb0e3d5e..2e461dd731a 100644
--- a/apps/desktop/src/lib/trpc/routers/changes/security/secure-fs.ts
+++ b/apps/desktop/src/lib/trpc/routers/changes/security/secure-fs.ts
@@ -1,27 +1,23 @@
 import type { Stats } from "node:fs";
 import { lstat, readFile, rm, stat, writeFile } from "node:fs/promises";
-import { assertRegisteredWorktree, resolveSecurePath } from "./path-validation";
+import {
+	assertRegisteredWorktree,
+	resolvePathInWorktree,
+} from "./path-validation";
 
 /**
- * Secure filesystem operations that enforce validation.
+ * Secure filesystem operations with built-in validation.
  *
- * Design principle: You cannot perform filesystem operations without
- * going through validation. The validation is built into each operation.
+ * Each operation:
+ * 1. Validates worktree is registered (security boundary)
+ * 2. Validates path doesn't escape worktree (defense in depth)
+ * 3. Performs the filesystem operation
  *
- * All operations:
- * 1. Validate worktree is registered in database
- * 2. Validate path doesn't escape worktree
- * 3. Check for symlink escapes (configurable)
- *
- * Use Biome's restricted-imports rule to ban direct `node:fs` imports
- * in router files - this module should be the only FS access point.
+ * See path-validation.ts for the full security model and threat assumptions.
  */
 export const secureFs = {
 	/**
 	 * Read a file within a worktree.
-	 *
-	 * Validates path and checks for symlink escapes to prevent
-	 * reading files outside the worktree via symlinks.
 	 */
 	async readFile(
 		worktreePath: string,
@@ -29,33 +25,24 @@ export const secureFs = {
 		encoding: BufferEncoding = "utf-8",
 	): Promise<string> {
 		assertRegisteredWorktree(worktreePath);
-		const fullPath = await resolveSecurePath(worktreePath, filePath, {
-			checkSymlinks: true,
-		});
+		const fullPath = resolvePathInWorktree(worktreePath, filePath);
 		return readFile(fullPath, encoding);
 	},
 
 	/**
 	 * Read a file as a Buffer within a worktree.
-	 *
-	 * Validates path and checks for symlink escapes.
 	 */
 	async readFileBuffer(
 		worktreePath: string,
 		filePath: string,
 	): Promise<Buffer> {
 		assertRegisteredWorktree(worktreePath);
-		const fullPath = await resolveSecurePath(worktreePath, filePath, {
-			checkSymlinks: true,
-		});
+		const fullPath = resolvePathInWorktree(worktreePath, filePath);
 		return readFile(fullPath);
 	},
 
 	/**
 	 * Write content to a file within a worktree.
-	 *
-	 * Validates path and checks for symlink escapes to prevent
-	 * writing files outside the worktree via symlinks.
 	 */
 	async writeFile(
 		worktreePath: string,
@@ -63,9 +50,7 @@ export const secureFs = {
 		content: string,
 	): Promise<void> {
 		assertRegisteredWorktree(worktreePath);
-		const fullPath = await resolveSecurePath(worktreePath, filePath, {
-			checkSymlinks: true,
-		});
+		const fullPath = resolvePathInWorktree(worktreePath, filePath);
 		await writeFile(fullPath, content, "utf-8");
 	},
 
@@ -73,14 +58,13 @@ export const secureFs = {
 	 * Delete a file or directory within a worktree.
 	 *
 	 * DANGEROUS: Uses recursive + force deletion.
-	 * Validates path and checks for symlink escapes.
 	 * Explicitly prevents deleting the worktree root.
 	 */
 	async delete(worktreePath: string, filePath: string): Promise<void> {
 		assertRegisteredWorktree(worktreePath);
-		const fullPath = await resolveSecurePath(worktreePath, filePath, {
-			checkSymlinks: true,
-			allowRoot: false, // Explicitly prevent deleting worktree root
+		// allowRoot: false prevents deleting the worktree itself
+		const fullPath = resolvePathInWorktree(worktreePath, filePath, {
+			allowRoot: false,
 		});
 		await rm(fullPath, { recursive: true, force: true });
 	},
@@ -89,14 +73,10 @@ export const secureFs = {
 	 * Get file stats within a worktree.
 	 *
 	 * Uses `stat` (follows symlinks) to get the real file size.
-	 * This is important for size checks - lstat would return
-	 * the symlink size, not the target file size.
 	 */
 	async stat(worktreePath: string, filePath: string): Promise<Stats> {
 		assertRegisteredWorktree(worktreePath);
-		const fullPath = await resolveSecurePath(worktreePath, filePath, {
-			checkSymlinks: true,
-		});
+		const fullPath = resolvePathInWorktree(worktreePath, filePath);
 		return stat(fullPath);
 	},
 
@@ -108,9 +88,7 @@ export const secureFs = {
 	 */
 	async lstat(worktreePath: string, filePath: string): Promise<Stats> {
 		assertRegisteredWorktree(worktreePath);
-		const fullPath = await resolveSecurePath(worktreePath, filePath, {
-			checkSymlinks: true,
-		});
+		const fullPath = resolvePathInWorktree(worktreePath, filePath);
 		return lstat(fullPath);
 	},
 
@@ -122,9 +100,7 @@ export const secureFs = {
 	async exists(worktreePath: string, filePath: string): Promise<boolean> {
 		try {
 			assertRegisteredWorktree(worktreePath);
-			const fullPath = await resolveSecurePath(worktreePath, filePath, {
-				checkSymlinks: true,
-			});
+			const fullPath = resolvePathInWorktree(worktreePath, filePath);
 			await stat(fullPath);
 			return true;
 		} catch {