Audit path comparison, normalization, and boundary policy

[Widthdom]

Summary

Dogfood review found broad path-policy surface across case-insensitive comparisons and path normalization calls. Many comparisons are intentionally case-insensitive protocol, option, label, header, or language-keyword comparisons. Path-like comparisons and normalization paths need focused audit because status already exposes filesystem case-sensitivity through path_case_sensitive, and many user/workspace paths flow through Path.GetFullPath.

Evidence

Dogfood commands:

dotnet ./src/CodeIndex/bin/Debug/net8.0/cdidx.dll search --recipe risky-code/path-case-heuristic --path src/ --exclude-tests --count-by file --limit 120

dotnet ./src/CodeIndex/bin/Debug/net8.0/cdidx.dll search Path.GetFullPath --path src/ --exclude-tests --exact-substring --count-by file --limit 120

OrdinalIgnoreCase findings:

• 340 hits across 106 production files.
• Top files include QueryCommandRunner, ReferenceExtractor, DbReader.GraphQueries, FileIndexer, ProgramRunner, DbSearchReader, DbSymbolReader, SqlReferenceExtractor, IssueDuplicatePreflight, DbContext, LanguageReferenceExtractionSupport, SymbolExtractor.Markup, and SearchSnippetFormatter.

Path.GetFullPath findings:

• 130 hits across 55 production files.
• Top files include FileIndexer (10), DbPathResolver (7), ExportImportCommandRunner (7), IndexCommandRunner (6), LspServer (6), DbCommandRunner (5), GitHelper (5), ProgramRunner (5), QueryCommandRunner (5), SolutionProjectResolver (5), and McpToolHandlers (5).
• Additional boundary-relevant files include DataDirectorySecurity, PathCasing, PostExtractionHooks, McpPathBoundary, FileUriPolicy, plugin registry paths, hook callback worker, lock files, metrics, and URI/path normalizers.

Audit goals

• Separate non-path domains that should remain case-insensitive from path/file/workspace domains.
• For path domains, verify comparisons use the indexed filesystem case-sensitivity signal or an explicit path comparison helper.
• Verify Path.GetFullPath calls are paired with the right containment, URI, symlink/reparse, and workspace-boundary checks where user-influenced.
• Confirm database query and graph code do not conflate symbol/name comparison with path equality.
• Add comments or helper names where the intended comparison/normalization domain is not obvious.

Acceptance criteria

• Produce a classification of high-count OrdinalIgnoreCase and Path.GetFullPath files by comparison/normalization domain.
• Update path-sensitive comparisons to use the correct case-sensitivity policy where needed.
• Add or confirm containment checks for user/workspace/plugin/MCP/LSP path normalization paths.
• Add regression coverage for case-sensitive and case-insensitive workspace behavior when changes are made.
• Document any intentionally case-insensitive or intentionally out-of-workspace path behavior.

[Widthdom]

Work started on branch fix-issue4071.