fix: restrict --system flag to known preset IDs (#1290)

2026-03-05 20:50:45 -08:00
parent c95c4a4722
commit 638204ab3c
3 changed files with 51 additions and 24 deletions
--- a/src/index.ts
+++ b/src/index.ts
@@ -576,22 +576,19 @@ async function main(): Promise<void> {
    process.exit(1);
  }

-  // Validate system prompt preset if provided (can be a system prompt ID or subagent name)
+  // Validate system prompt preset if provided.
+  // Known preset IDs are always accepted. Subagent names are only accepted
+  // for internal subagent launches (LETTA_CODE_AGENT_ROLE=subagent).
  if (systemPromptPreset) {
-    const { SYSTEM_PROMPTS } = await import("./agent/promptAssets");
-    const { getAllSubagentConfigs } = await import("./agent/subagents");
-
-    const validSystemPrompts = SYSTEM_PROMPTS.map((p) => p.id);
-    const subagentConfigs = await getAllSubagentConfigs();
-    const validSubagentNames = Object.keys(subagentConfigs);
-
-    const isValidSystemPrompt = validSystemPrompts.includes(systemPromptPreset);
-    const isValidSubagent = validSubagentNames.includes(systemPromptPreset);
-
-    if (!isValidSystemPrompt && !isValidSubagent) {
-      const allValid = [...validSystemPrompts, ...validSubagentNames];
+    const { validateSystemPromptPreset } = await import("./agent/promptAssets");
+    const allowSubagentNames = process.env.LETTA_CODE_AGENT_ROLE === "subagent";
+    try {
+      await validateSystemPromptPreset(systemPromptPreset, {
+        allowSubagentNames,
+      });
+    } catch (err) {
      console.error(
-        `Error: Invalid system prompt "${systemPromptPreset}". Must be one of: ${allValid.join(", ")}.`,
+        `Error: ${err instanceof Error ? err.message : String(err)}`,
      );
      process.exit(1);
    }