From 800afbfefb606f4c0f903c248d97b6993239083d Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Wed, 20 May 2026 00:30:58 +0000
Subject: [PATCH] feat(cli): block running with sudo or as root

Backport upstream Shannon PR #323. Adds privilege check at CLI startup
that prevents execution via sudo or as the root user.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 apps/cli/src/index.ts | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/apps/cli/src/index.ts b/apps/cli/src/index.ts
index 09487a7..e59d8b2 100644
--- a/apps/cli/src/index.ts
+++ b/apps/cli/src/index.ts
@@ -26,6 +26,25 @@ import { displaySplash } from './splash.js';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
+function blockSudo(): void {
+  const isSudo = !!process.env.SUDO_USER;
+  const isRoot = process.geteuid?.() === 0;
+  if (!isSudo && !isRoot) return;
+
+  if (isSudo) {
+    console.error('ERROR: Shannon must not be run with sudo.');
+    console.error('Re-run this command as your normal user.');
+  } else {
+    console.error('ERROR: Shannon must not be run as the root user.');
+    console.error('Switch to a regular user account and re-run this command.');
+  }
+  if (process.platform === 'linux') {
+    console.error('Configure Docker to run without sudo first:');
+    console.error('https://docs.docker.com/engine/install/linux-postinstall');
+  }
+  process.exit(1);
+}
+
 function getVersion(): string {
   try {
     const pkgPath = path.join(__dirname, '..', 'package.json');
@@ -179,6 +198,8 @@ function parseStartArgs(argv: string[]): ParsedStartArgs {
 
 // === Main Dispatch ===
 
+blockSudo();
+
 const args = process.argv.slice(2);
 
 // Parse --backend flag before command dispatch