From 7adb296523a1df0cd83dfc913021a782472c394e Mon Sep 17 00:00:00 2001
From: Rodin <rodin@forgedthought.ai>
Date: Fri, 15 May 2026 08:15:14 -0700
Subject: [PATCH] fix(#141): reject non-regular files in validateDocmapPath

Add IsRegular() check after Lstat so directories, FIFOs, and device nodes
produce a clear error ("docmap must be a regular file") instead of a
confusing downstream parse error.

Test: TestValidateDocmapPath_NonRegularFile

Addresses MINOR finding in review #4175.
---
 cmd/review-bot/validatedocmap.go      |  7 +++++++
 cmd/review-bot/validatedocmap_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/cmd/review-bot/validatedocmap.go b/cmd/review-bot/validatedocmap.go
index 3db4c76..988d0ea 100644
--- a/cmd/review-bot/validatedocmap.go
+++ b/cmd/review-bot/validatedocmap.go
@@ -61,6 +61,13 @@ func validateDocmapPath(localPath, resolvedRoot string) error {
 		return fmt.Errorf("symlinks are not allowed")
 	}
 
+	// Reject anything that is not a regular file (directories, FIFOs, device
+	// nodes, etc.) — ParseDocMapConfig expects a plain YAML file and would
+	// produce a confusing error on non-regular entries.
+	if !fi.Mode().IsRegular() {
+		return fmt.Errorf("docmap must be a regular file")
+	}
+
 	// Confine to resolvedRoot: use the fully-resolved path so that a directory
 	// symlink inside the repo cannot carry the path outside the root.
 	rel, err := filepath.Rel(resolvedRoot, resolvedPath)
diff --git a/cmd/review-bot/validatedocmap_test.go b/cmd/review-bot/validatedocmap_test.go
index e572ecc..2a8d241 100644
--- a/cmd/review-bot/validatedocmap_test.go
+++ b/cmd/review-bot/validatedocmap_test.go
@@ -599,3 +599,28 @@ func TestValidateDocmapPath_DirSymlinkBypass(t *testing.T) {
 		t.Error("expected rejection of dir-symlink bypass, got nil error")
 	}
 }
+
+// TestValidateDocmapPath_NonRegularFile verifies that --docmap pointing at a
+// non-regular file (e.g. a directory) is rejected with a clear error before
+// ParseDocMapConfig is called.
+func TestValidateDocmapPath_NonRegularFile(t *testing.T) {
+	dir := t.TempDir()
+
+	// Use the directory itself as the docmap path — directories pass Lstat but
+	// are not regular files.
+	reviewBotDir := filepath.Join(dir, ".review-bot")
+	if err := os.MkdirAll(reviewBotDir, 0o755); err != nil {
+		t.Fatalf("MkdirAll: %v", err)
+	}
+
+	code, _, stderr := stdinValidateDocmap(t,
+		"",
+		[]string{"--docmap", reviewBotDir, "--repo-root", dir},
+	)
+	if code != 2 {
+		t.Errorf("expected exit 2 for directory docmap, got %d; stderr: %q", code, stderr)
+	}
+	if !strings.Contains(stderr, "regular file") && !strings.Contains(stderr, "invalid") {
+		t.Errorf("expected regular-file rejection in stderr, got %q", stderr)
+	}
+}