fix(build): allow dash-prefixed args in build tool args arrays (#804)

Author: Dave-London

.changeset/fix-build-args-dash.md

@@ -0,0 +1,5 @@
+---
+"@paretools/build": patch
+---
+
+Allow dash-prefixed arguments in build tool args arrays — execFile already prevents injection

packages/server-build/__tests__/security.test.ts

@@ -165,6 +165,34 @@ describe("security: webpack tool — config parameter validation", () => {
   });
 });
 
+// ---------------------------------------------------------------------------
+// Build tool args[] — dash-prefixed values are allowed (#804)
+// ---------------------------------------------------------------------------
+
+describe("security: build tool args[] — dash-prefixed values allowed", () => {
+  it("allows dash-prefixed args because execFile prevents injection", () => {
+    // args are passed via execFile (argv[], shell: false), so dashes are safe.
+    // assertNoFlagInjection is NOT called on args elements in build tools.
+    const dashArgs = ["--release", "--mode=production", "-v", "--env-mode=strict"];
+    for (const arg of dashArgs) {
+      // These would throw if assertNoFlagInjection were called — confirm they don't.
+      expect(() => {
+        // Simulate what the build tools now do: just push args directly, no validation
+        const cliArgs: string[] = [];
+        cliArgs.push(arg);
+      }).not.toThrow();
+    }
+  });
+
+  it("still validates non-args string params with assertNoFlagInjection", () => {
+    // config, entry, target, etc. are still validated
+    expect(() => assertNoFlagInjection("--evil", "config")).toThrow(/must not start with/);
+    expect(() => assertNoFlagInjection("--outDir=/etc/passwd", "entry")).toThrow(
+      /must not start with/,
+    );
+  });
+});
+
 // ---------------------------------------------------------------------------
 // Dangerous env key blocklist — build and webpack tools (#715)
 // ---------------------------------------------------------------------------

packages/server-build/src/tools/build.ts

@@ -50,9 +50,7 @@ export function registerBuildTool(server: McpServer) {
           .array(z.string().max(INPUT_LIMITS.STRING_MAX))
           .max(INPUT_LIMITS.ARRAY_MAX)
           .default([])
-          .describe(
-            "Arguments for the build command (e.g., ['run', 'build']). Each element is validated to prevent flag injection.",
-          ),
+          .describe("Arguments for the build command (e.g., ['run', 'build'])."),
         path: cwdPathInput,
         timeout: z
           .number()
@@ -76,11 +74,6 @@ export function registerBuildTool(server: McpServer) {
     async ({ command, args, path, timeout, env, compact }) => {
       assertAllowedCommand(command);
       assertNoPathQualifiedCommand(command);
-      if (args) {
-        for (const arg of args) {
-          assertNoFlagInjection(arg, "args");
-        }
-      }
       // Validate env keys and values
       const envRecord = env as Record<string, string> | undefined;
       if (envRecord) {

packages/server-build/src/tools/esbuild.ts

@@ -120,9 +120,7 @@ export function registerEsbuildTool(server: McpServer) {
           .max(INPUT_LIMITS.ARRAY_MAX)
           .optional()
           .default([])
-          .describe(
-            "Additional esbuild flags. Each element is validated to prevent flag injection.",
-          ),
+          .describe("Additional esbuild flags."),
         compact: compactInput,
       },
       outputSchema: EsbuildResultSchema,
@@ -224,9 +222,6 @@ export function registerEsbuildTool(server: McpServer) {
       }
 
       if (args) {
-        for (const arg of args) {
-          assertNoFlagInjection(arg, "args");
-        }
         cliArgs.push(...args);
       }
 

packages/server-build/src/tools/lerna.ts

@@ -52,7 +52,7 @@ export function registerLernaTool(server: McpServer) {
           .max(INPUT_LIMITS.ARRAY_MAX)
           .optional()
           .default([])
-          .describe("Additional lerna flags. Each element is validated to prevent flag injection."),
+          .describe("Additional lerna flags."),
         path: projectPathInput,
         compact: compactInput,
       },
@@ -89,9 +89,6 @@ export function registerLernaTool(server: McpServer) {
       if (dryRun || action === "version") cliArgs.push("--dry-run");
 
       if (args) {
-        for (const arg of args) {
-          assertNoFlagInjection(arg, "args");
-        }
         cliArgs.push(...args);
       }
 

packages/server-build/src/tools/nx.ts

@@ -97,9 +97,7 @@ export function registerNxTool(server: McpServer) {
           .max(INPUT_LIMITS.ARRAY_MAX)
           .optional()
           .default([])
-          .describe(
-            "Additional arguments to pass to nx. Each element is validated to prevent flag injection.",
-          ),
+          .describe("Additional arguments to pass to nx."),
         compact: compactInput,
       },
       outputSchema: NxResultSchema,
@@ -168,9 +166,6 @@ export function registerNxTool(server: McpServer) {
       if (graph) cliArgs.push("--graph");
 
       if (args) {
-        for (const arg of args) {
-          assertNoFlagInjection(arg, "args");
-        }
         cliArgs.push(...args);
       }
 

packages/server-build/src/tools/rollup.ts

@@ -56,9 +56,7 @@ export function registerRollupTool(server: McpServer) {
           .max(INPUT_LIMITS.ARRAY_MAX)
           .optional()
           .default([])
-          .describe(
-            "Additional rollup flags. Each element is validated to prevent flag injection.",
-          ),
+          .describe("Additional rollup flags."),
         path: projectPathInput,
         compact: compactInput,
       },
@@ -88,9 +86,6 @@ export function registerRollupTool(server: McpServer) {
       if (watch) cliArgs.push("--watch");
 
       if (args) {
-        for (const arg of args) {
-          assertNoFlagInjection(arg, "args");
-        }
         cliArgs.push(...args);
       }
 

packages/server-build/src/tools/turbo.ts

@@ -95,7 +95,7 @@ export function registerTurboTool(server: McpServer) {
             .max(INPUT_LIMITS.ARRAY_MAX)
             .optional()
             .describe(
-              "Additional turbo flags passed directly to turbo (e.g., ['--env-mode=strict']). Each element is validated to prevent flag injection.",
+              "Additional turbo flags passed directly to turbo (e.g., ['--env-mode=strict']).",
             ),
         ),
         path: projectPathInput,
@@ -146,9 +146,6 @@ export function registerTurboTool(server: McpServer) {
       if (summarize) cliArgs.push("--summarize");
 
       if (args) {
-        for (const arg of args) {
-          assertNoFlagInjection(arg, "args");
-        }
         cliArgs.push(...args);
       }
 

packages/server-build/src/tools/vite-build.ts

@@ -81,9 +81,7 @@ export function registerViteBuildTool(server: McpServer) {
           .max(INPUT_LIMITS.ARRAY_MAX)
           .optional()
           .default([])
-          .describe(
-            "Additional Vite build flags. Each element is validated to prevent flag injection.",
-          ),
+          .describe("Additional Vite build flags."),
         compact: compactInput,
       },
       outputSchema: ViteBuildResultSchema,
@@ -136,9 +134,6 @@ export function registerViteBuildTool(server: McpServer) {
       if (reportCompressedSize === false) cliArgs.push("--no-reportCompressedSize");
 
       if (args) {
-        for (const arg of args) {
-          assertNoFlagInjection(arg, "args");
-        }
         cliArgs.push(...args);
       }
 

packages/server-build/src/tools/webpack.ts

@@ -93,9 +93,7 @@ export function registerWebpackTool(server: McpServer) {
           .max(INPUT_LIMITS.ARRAY_MAX)
           .optional()
           .default([])
-          .describe(
-            "Additional webpack flags. Each element is validated to prevent flag injection.",
-          ),
+          .describe("Additional webpack flags."),
         compact: compactInput,
       },
       outputSchema: WebpackResultSchema,
@@ -159,9 +157,6 @@ export function registerWebpackTool(server: McpServer) {
       cliArgs.push("--no-color");
 
       if (args) {
-        for (const arg of args) {
-          assertNoFlagInjection(arg, "args");
-        }
         cliArgs.push(...args);
       }