@gempack/squad-mcp 0.3.1 → 0.6.0

package/dist/tools/score-rubric.js

@@ -0,0 +1,140 @@
+import { z } from "zod";
+import { AGENT_NAMES_TUPLE, AGENTS, DEFAULT_RUBRIC_WEIGHTS, } from "../config/ownership-matrix.js";
+/**
+ * Per-agent dimension score from an advisory pass. Scores are 0-100 (higher is
+ * better). Reports without a score (e.g. legacy clients, unsupported agents,
+ * `not_evaluated: true`) are simply omitted from the rubric.
+ */
+const dimensionScoreSchema = z.object({
+    agent: z.enum(AGENT_NAMES_TUPLE),
+    score: z.number().min(0).max(100),
+    rationale: z.string().max(2048).optional(),
+});
+/**
+ * Repo override of weights. Keys are agent names; values 0-100. The set of
+ * supplied keys must sum to 100 (validated). Agents absent from this object
+ * fall back to DEFAULT_RUBRIC_WEIGHTS for that name. Useful when a project
+ * wants to ignore a dimension entirely (set its weight to 0 and redistribute).
+ */
+const weightOverridesSchema = z
+    .record(z.enum(AGENT_NAMES_TUPLE), z.number().min(0).max(100))
+    .optional();
+const schema = z.object({
+    scores: z.array(dimensionScoreSchema).max(50),
+    weights: weightOverridesSchema,
+    threshold: z.number().min(0).max(100).optional().default(75),
+});
+const BAR_WIDTH = 20;
+function renderBar(score) {
+    const filled = Math.round((score / 100) * BAR_WIDTH);
+    return "█".repeat(filled) + "░".repeat(BAR_WIDTH - filled);
+}
+function formatScorecard(out) {
+    const header = `SQUAD RUBRIC — weighted ${out.weighted_score.toFixed(1)} / 100 (threshold ${out.threshold})`;
+    const verdictLine = out.passes_threshold ? "PASS" : "BELOW THRESHOLD";
+    const lines = out.dimensions.map((d) => {
+        const flag = d.below_threshold ? " ⚠" : "  ";
+        const dim = d.dimension.padEnd(20);
+        const bar = renderBar(d.score);
+        const score = String(d.score).padStart(3);
+        const weight = `×${d.weight.toString().padStart(2)}%`;
+        return `${dim} ${bar}  ${score}  ${weight}  ${d.agent}${flag}`;
+    });
+    return [header, "─".repeat(70), ...lines, "─".repeat(70), verdictLine].join("\n");
+}
+/**
+ * Compute the weighted-rubric scorecard from per-agent dimension scores.
+ *
+ * Math:
+ *   - Reduce supplied scores to the subset of agents present.
+ *   - Resolve weights: override (if provided AND keys sum to 100) > default.
+ *   - For each scored agent, contribution = score * weight / 100.
+ *   - weighted_score = sum of contributions normalised so weights sum to 100
+ *     across the agents that ACTUALLY scored. (If only 6 of 9 agents scored,
+ *     the rubric renormalises across those 6 instead of leaving 3 dimensions
+ *     contributing 0 to the weighted average.)
+ *   - Dimensions below `threshold` are flagged.
+ *
+ * Returns a RubricOutput; meta-agents (weight 0) and unscored agents are listed
+ * in `ignored_agents`.
+ */
+export function scoreRubric(input) {
+    const overrides = input.weights;
+    let weights;
+    let weightsSource;
+    if (overrides && Object.keys(overrides).length > 0) {
+        const overrideSum = Object.values(overrides).reduce((acc, v) => acc + v, 0);
+        if (Math.abs(overrideSum - 100) > 0.01) {
+            throw new Error(`weights override must sum to 100, got ${overrideSum}. Supplied: ${JSON.stringify(overrides)}`);
+        }
+        weights = { ...DEFAULT_RUBRIC_WEIGHTS, ...overrides };
+        weightsSource = "override";
+    }
+    else {
+        weights = { ...DEFAULT_RUBRIC_WEIGHTS };
+        weightsSource = "default";
+    }
+    // Build the dimension list from scores actually supplied.
+    const scoredAgents = new Set(input.scores.map((s) => s.agent));
+    const ignored = [];
+    for (const agentName of AGENT_NAMES_TUPLE) {
+        if (!scoredAgents.has(agentName)) {
+            // Either unscored OR weight 0 (meta-agent). Both go to ignored, distinguished by weight.
+            ignored.push(agentName);
+        }
+    }
+    // Effective weight base: sum of weights across agents that actually scored AND have weight > 0.
+    // We renormalise to this base so the weighted score reflects only the dimensions evaluated.
+    let weightBase = 0;
+    for (const s of input.scores) {
+        weightBase += weights[s.agent] ?? 0;
+    }
+    const dimensions = [];
+    let weightedScore = 0;
+    if (weightBase > 0) {
+        for (const s of input.scores) {
+            const w = weights[s.agent] ?? 0;
+            if (w === 0) {
+                // Meta-agent that somehow emitted a score — ignore from rubric, surface in ignored.
+                if (!ignored.includes(s.agent))
+                    ignored.push(s.agent);
+                continue;
+            }
+            const normalisedWeight = (w / weightBase) * 100;
+            const contribution = (s.score * normalisedWeight) / 100;
+            dimensions.push({
+                agent: s.agent,
+                dimension: AGENTS[s.agent].dimension,
+                score: s.score,
+                weight: Math.round(normalisedWeight * 10) / 10,
+                contribution: Math.round(contribution * 10) / 10,
+                rationale: s.rationale,
+                below_threshold: s.score < input.threshold,
+            });
+            weightedScore += contribution;
+        }
+    }
+    weightedScore = Math.round(weightedScore * 10) / 10;
+    // Sort dimensions by descending weight so the most important come first.
+    dimensions.sort((a, b) => b.weight - a.weight);
+    const partial = {
+        weighted_score: weightedScore,
+        threshold: input.threshold,
+        passes_threshold: weightedScore >= input.threshold,
+        dimensions,
+        ignored_agents: ignored,
+        weights_source: weightsSource,
+    };
+    return { ...partial, scorecard_text: formatScorecard(partial) };
+}
+export const scoreRubricTool = {
+    name: "score_rubric",
+    description: "Compute a weighted multi-dimensional rubric scorecard from per-agent advisory scores (0-100). " +
+        "Each agent represents one dimension (Architecture, Security, Testing, etc.) with a default weight; " +
+        "weights can be overridden per-repo via .squad.yaml. Returns weighted_score, per-dimension breakdown, " +
+        "pass/fail vs threshold (default 75), and a pre-formatted ASCII scorecard. " +
+        "Renormalises across agents that actually scored, so a partial advisory pass produces a meaningful score.",
+    schema,
+    handler: scoreRubric,
+};
+//# sourceMappingURL=score-rubric.js.map

package/dist/tools/score-rubric.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"score-rubric.js","sourceRoot":"","sources":["../../src/tools/score-rubric.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,iBAAiB,EACjB,MAAM,EACN,sBAAsB,GAEvB,MAAM,+BAA+B,CAAC;AAEvC;;;;GAIG;AACH,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC;IAChC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,qBAAqB,GAAG,CAAC;KAC5B,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;KAC7D,QAAQ,EAAE,CAAC;AAEd,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;IACtB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAC7C,OAAO,EAAE,qBAAqB;IAC9B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAC7D,CAAC,CAAC;AAwBH,MAAM,SAAS,GAAG,EAAE,CAAC;AAErB,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;IACrD,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,eAAe,CAAC,GAAyC;IAChE,MAAM,MAAM,GAAG,2BAA2B,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB,GAAG,CAAC,SAAS,GAAG,CAAC;IAC7G,MAAM,WAAW,GAAG,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC;IACtE,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7C,MAAM,GAAG,GAAG,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;QACtD,OAAO,GAAG,GAAG,IAAI,GAAG,KAAK,KAAK,KAAK,MAAM,KAAK,CAAC,CAAC,KAAK,GAAG,IAAI,EAAE,CAAC;IACjE,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC,IAAI,CACzE,IAAI,CACL,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,WAAW,CAAC,KAAY;IACtC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC;IAChC,IAAI,OAAkC,CAAC;IACvC,IAAI,aAAqC,CAAC;IAE1C,IAAI,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,yCAAyC,WAAW,eAAe,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAC/F,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,EAAE,GAAG,sBAAsB,EAAE,GAAG,SAAS,EAGlD,CAAC;QACF,aAAa,GAAG,UAAU,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,EAAE,GAAG,sBAAsB,EAAE,CAAC;QACxC,aAAa,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED,0DAA0D;IAC1D,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,SAAS,IAAI,iBAAiB,EAAE,CAAC;QAC1C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACjC,yFAAyF;YACzF,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,gGAAgG;IAChG,4FAA4F;IAC5F,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAC7B,UAAU,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,UAAU,GAAqB,EAAE,CAAC;IACxC,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACZ,oFAAoF;gBACpF,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;oBAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBACtD,SAAS;YACX,CAAC;YACD,MAAM,gBAAgB,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC;YAChD,MAAM,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,gBAAgB,CAAC,GAAG,GAAG,CAAC;YACxD,UAAU,CAAC,IAAI,CAAC;gBACd,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS;gBACpC,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,EAAE,CAAC,GAAG,EAAE;gBAC9C,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,EAAE,CAAC,GAAG,EAAE;gBAChD,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,eAAe,EAAE,CAAC,CAAC,KAAK,GAAG,KAAK,CAAC,SAAS;aAC3C,CAAC,CAAC;YACH,aAAa,IAAI,YAAY,CAAC;QAChC,CAAC;IACH,CAAC;IAED,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;IAEpD,yEAAyE;IACzE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAyC;QACpD,cAAc,EAAE,aAAa;QAC7B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,gBAAgB,EAAE,aAAa,IAAI,KAAK,CAAC,SAAS;QAClD,UAAU;QACV,cAAc,EAAE,OAAO;QACvB,cAAc,EAAE,aAAa;KAC9B,CAAC;IAEF,OAAO,EAAE,GAAG,OAAO,EAAE,cAAc,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;AAClE,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAA2B;IACrD,IAAI,EAAE,cAAc;IACpB,WAAW,EACT,gGAAgG;QAChG,qGAAqG;QACrG,uGAAuG;QACvG,4EAA4E;QAC5E,0GAA0G;IAC5G,MAAM;IACN,OAAO,EAAE,WAAW;CACrB,CAAC"}

package/dist/tools/slice-files-for-task.d.ts

@@ -0,0 +1,31 @@
+import { z } from "zod";
+import type { ToolDef } from "./registry.js";
+declare const schema: z.ZodObject<{
+    workspace_root: z.ZodString;
+    task_id: z.ZodNumber;
+    files: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+    files: string[];
+    workspace_root: string;
+    task_id: number;
+}, {
+    files: string[];
+    workspace_root: string;
+    task_id: number;
+}>;
+type Input = z.infer<typeof schema>;
+export interface SliceFilesForTaskOutput {
+    task_id: number;
+    scope: string | null;
+    matched: string[];
+    unmatched: string[];
+}
+/**
+ * Filter a file list down to those that fall inside a task's scope glob.
+ * When the task has no scope (repo-wide), all files match. Wraps the same
+ * `matchesGlob` primitive used by skip_paths and learnings scope filters —
+ * single source of glob semantics across squad-mcp.
+ */
+export declare function sliceFilesForTaskTool(input: Input): Promise<SliceFilesForTaskOutput>;
+export declare const sliceFilesForTaskToolDef: ToolDef<typeof schema>;
+export {};

package/dist/tools/slice-files-for-task.js

@@ -0,0 +1,52 @@
+import { z } from "zod";
+import { readTasks } from "../tasks/store.js";
+import { matchesGlob, readSquadYaml } from "../config/squad-yaml.js";
+import { resolveSafePath, createSafePathContext } from "../util/path-safety.js";
+import { SquadError } from "../errors.js";
+const schema = z.object({
+    workspace_root: z.string().min(1).max(4096),
+    task_id: z.number().int().positive(),
+    files: z.array(z.string().min(1).max(4096)).max(10_000),
+});
+/**
+ * Filter a file list down to those that fall inside a task's scope glob.
+ * When the task has no scope (repo-wide), all files match. Wraps the same
+ * `matchesGlob` primitive used by skip_paths and learnings scope filters —
+ * single source of glob semantics across squad-mcp.
+ */
+export async function sliceFilesForTaskTool(input) {
+    const ctx = createSafePathContext();
+    const safeRoot = await resolveSafePath(input.workspace_root, ".", ctx);
+    const config = await readSquadYaml(safeRoot);
+    const file = await readTasks(safeRoot, { configuredPath: config.tasks.path });
+    const task = file.tasks.find((t) => t.id === input.task_id);
+    if (!task) {
+        throw new SquadError("INVALID_INPUT", `task ${input.task_id} not found in store`);
+    }
+    if (!task.scope) {
+        return {
+            task_id: input.task_id,
+            scope: null,
+            matched: [...input.files],
+            unmatched: [],
+        };
+    }
+    const matched = [];
+    const unmatched = [];
+    for (const f of input.files) {
+        if (matchesGlob(task.scope, f)) {
+            matched.push(f);
+        }
+        else {
+            unmatched.push(f);
+        }
+    }
+    return { task_id: input.task_id, scope: task.scope, matched, unmatched };
+}
+export const sliceFilesForTaskToolDef = {
+    name: "slice_files_for_task",
+    description: "Filter a file list to those matching a task's `scope` glob. Without a scope, the task is repo-wide and all files match. Same glob primitive as skip_paths and learnings scope.",
+    schema,
+    handler: sliceFilesForTaskTool,
+};
+//# sourceMappingURL=slice-files-for-task.js.map

package/dist/tools/slice-files-for-task.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"slice-files-for-task.js","sourceRoot":"","sources":["../../src/tools/slice-files-for-task.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAChF,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;IACtB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IAC3C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;CACxD,CAAC,CAAC;AAWH;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAAY;IAEZ,MAAM,GAAG,GAAG,qBAAqB,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE7C,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,EAAE,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,OAAO,CAAC,CAAC;IAC5D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,UAAU,CAClB,eAAe,EACf,QAAQ,KAAK,CAAC,OAAO,qBAAqB,CAC3C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAChB,OAAO;YACL,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK,EAAE,IAAI;YACX,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC;YACzB,SAAS,EAAE,EAAE;SACd,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,MAAM,wBAAwB,GAA2B;IAC9D,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EACT,gLAAgL;IAClL,MAAM;IACN,OAAO,EAAE,qBAAqB;CAC/B,CAAC"}

package/dist/tools/update-task-status.d.ts

@@ -0,0 +1,29 @@
+import { z } from "zod";
+import type { ToolDef } from "./registry.js";
+import { type Task } from "../tasks/store.js";
+declare const schema: z.ZodObject<{
+    workspace_root: z.ZodString;
+    task_id: z.ZodNumber;
+    /** When set, update that subtask's status instead of the parent task's. */
+    subtask_id: z.ZodOptional<z.ZodNumber>;
+    status: z.ZodEnum<["pending", "in-progress", "review", "done", "blocked", "cancelled"]>;
+}, "strip", z.ZodTypeAny, {
+    status: "pending" | "in-progress" | "review" | "done" | "blocked" | "cancelled";
+    workspace_root: string;
+    task_id: number;
+    subtask_id?: number | undefined;
+}, {
+    status: "pending" | "in-progress" | "review" | "done" | "blocked" | "cancelled";
+    workspace_root: string;
+    task_id: number;
+    subtask_id?: number | undefined;
+}>;
+type Input = z.infer<typeof schema>;
+export interface UpdateTaskStatusOutput {
+    updated: true;
+    file: string;
+    task: Task;
+}
+export declare function updateTaskStatusTool(input: Input): Promise<UpdateTaskStatusOutput>;
+export declare const updateTaskStatusToolDef: ToolDef<typeof schema>;
+export {};

package/dist/tools/update-task-status.js

@@ -0,0 +1,35 @@
+import { z } from "zod";
+import { updateTaskStatus } from "../tasks/store.js";
+import { readSquadYaml } from "../config/squad-yaml.js";
+import { resolveSafePath, createSafePathContext } from "../util/path-safety.js";
+const schema = z.object({
+    workspace_root: z.string().min(1).max(4096),
+    task_id: z.number().int().positive(),
+    /** When set, update that subtask's status instead of the parent task's. */
+    subtask_id: z.number().int().positive().optional(),
+    status: z.enum([
+        "pending",
+        "in-progress",
+        "review",
+        "done",
+        "blocked",
+        "cancelled",
+    ]),
+});
+export async function updateTaskStatusTool(input) {
+    const ctx = createSafePathContext();
+    const safeRoot = await resolveSafePath(input.workspace_root, ".", ctx);
+    const config = await readSquadYaml(safeRoot);
+    const result = await updateTaskStatus(safeRoot, input.task_id, input.status, {
+        ...(input.subtask_id !== undefined && { subtaskId: input.subtask_id }),
+        configuredPath: config.tasks.path,
+    });
+    return { updated: true, file: result.filePath, task: result.task };
+}
+export const updateTaskStatusToolDef = {
+    name: "update_task_status",
+    description: "Flip a task (or subtask) status: pending / in-progress / review / done / blocked / cancelled. Stamps updated_at. Atomic write. Throws when the task / subtask id is unknown.",
+    schema,
+    handler: updateTaskStatusTool,
+};
+//# sourceMappingURL=update-task-status.js.map

package/dist/tools/update-task-status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"update-task-status.js","sourceRoot":"","sources":["../../src/tools/update-task-status.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,gBAAgB,EAAa,MAAM,mBAAmB,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEhF,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;IACtB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IAC3C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,2EAA2E;IAC3E,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAClD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC;QACb,SAAS;QACT,aAAa;QACb,QAAQ;QACR,MAAM;QACN,SAAS;QACT,WAAW;KACZ,CAAC;CACH,CAAC,CAAC;AAUH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAY;IAEZ,MAAM,GAAG,GAAG,qBAAqB,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,MAAM,EAAE;QAC3E,GAAG,CAAC,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC;QACtE,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI;KAClC,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AACrE,CAAC;AAED,MAAM,CAAC,MAAM,uBAAuB,GAA2B;IAC7D,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EACT,8KAA8K;IAChL,MAAM;IACN,OAAO,EAAE,oBAAoB;CAC9B,CAAC"}

package/dist/util/override-allowlist.d.ts

@@ -0,0 +1,63 @@
+import { SquadError } from '../errors.js';
+/**
+ * Validates that a directory chosen as the agent-override location lives under
+ * a known user-controlled prefix, and that per-file resolutions inside it stay
+ * under that directory after symlink resolution.
+ *
+ * This module is distinct from `path-safety.ts` because the abstraction differs:
+ *  - `path-safety` validates many files against ONE workspace root.
+ *  - `override-allowlist` validates ONE directory against MANY allowed prefixes.
+ * Merging the two would give `resolveSafePath` two operating modes selected by
+ * argument shape (SRP violation). Keep them separate.
+ *
+ * TOCTOU posture: identical to `path-safety.ts`. A symlink can be swapped between
+ * `realpath()` and `fs.readFile()`. Acceptable for a single-user dev tool — an
+ * attacker with write access to a user-allowlisted root has already won.
+ */
+export type OverrideRejectionReason = 'malformed' | 'not_absolute' | 'unc_or_device_namespace' | 'outside_allowlist' | 'symlink_escape';
+export interface AllowlistRoot {
+    source: 'home' | 'appdata' | 'localappdata' | 'xdg_config_home' | 'cwd';
+    lexical: string;
+    real: string;
+}
+export interface ValidationOk {
+    ok: true;
+    resolvedPath: string;
+    allowlistMatch: AllowlistRoot['source'] | 'unsafe_override';
+    unsafeOverride: boolean;
+}
+export interface ValidationFail {
+    ok: false;
+    reason: OverrideRejectionReason;
+    rejectedPath: string;
+}
+export type ValidationResult = ValidationOk | ValidationFail;
+/**
+ * Test-only: clears the memoized allowlist so env-var changes take effect.
+ * Production code should never call this.
+ */
+export declare function __resetOverrideAllowlistCache(): void;
+/**
+ * Validate an override directory.
+ *
+ * Returns the resolved (realpath) directory on success. Throws `OVERRIDE_REJECTED`
+ * for policy violations (UNC, malformed, not absolute, outside allowlist, symlink
+ * escape) UNLESS `SQUAD_AGENTS_ALLOW_UNSAFE=1` is set, in which case the violation
+ * is bypassed (still rejects malformed inputs hard — those are not policy choices).
+ */
+export declare function validateOverrideDir(rawDir: string): Promise<ValidationResult>;
+/**
+ * Convert a `ValidationFail` into a structured `OVERRIDE_REJECTED` error.
+ * Caller decides whether to throw or downgrade to a warn-and-fallback.
+ */
+export declare function rejectionToError(fail: ValidationFail, allowlistSize: number): SquadError;
+export declare function getAllowlistSize(): Promise<number>;
+/**
+ * Validate that a candidate file path inside a previously-validated override
+ * directory does not escape (after symlink resolution).
+ *
+ * Returns the file's realpath on success, or `null` if the file does not exist
+ * or escapes the directory. Per-file escape is NOT a policy-level error — the
+ * caller falls back to embedded for that file only and continues.
+ */
+export declare function validateOverrideFile(validatedDirReal: string, fileName: string): Promise<string | null>;

package/dist/util/override-allowlist.js

@@ -0,0 +1,191 @@
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import { SquadError } from '../errors.js';
+import { rejectIfMalformed, realpathOrSelf } from './path-internal.js';
+let allowlistCache = null;
+/**
+ * Test-only: clears the memoized allowlist so env-var changes take effect.
+ * Production code should never call this.
+ */
+export function __resetOverrideAllowlistCache() {
+    allowlistCache = null;
+}
+function isUnsafeOverrideEnabled() {
+    return process.env.SQUAD_AGENTS_ALLOW_UNSAFE === '1';
+}
+function isUncOrDeviceNamespace(absolute) {
+    if (process.platform !== 'win32')
+        return false;
+    if (absolute.startsWith('\\\\?\\'))
+        return true;
+    if (absolute.startsWith('\\\\.\\'))
+        return true;
+    if (absolute.startsWith('\\\\'))
+        return true;
+    return false;
+}
+async function buildAllowlist() {
+    if (allowlistCache !== null)
+        return allowlistCache;
+    const roots = [];
+    const seen = new Set();
+    const candidates = [
+        { source: 'home', raw: os.homedir() },
+        { source: 'cwd', raw: process.cwd() },
+    ];
+    if (process.platform === 'win32') {
+        candidates.push({ source: 'appdata', raw: process.env.APPDATA });
+        candidates.push({ source: 'localappdata', raw: process.env.LOCALAPPDATA });
+    }
+    else {
+        candidates.push({ source: 'xdg_config_home', raw: process.env.XDG_CONFIG_HOME });
+    }
+    for (const c of candidates) {
+        if (!c.raw)
+            continue;
+        if (!path.isAbsolute(c.raw))
+            continue;
+        try {
+            rejectIfMalformed(c.raw);
+        }
+        catch {
+            // hostile env var (e.g. APPDATA injected with NUL) — silently skip from allowlist
+            continue;
+        }
+        if (isUncOrDeviceNamespace(c.raw))
+            continue;
+        const lexical = path.normalize(c.raw);
+        const real = await realpathOrSelf(lexical);
+        if (seen.has(real))
+            continue;
+        seen.add(real);
+        roots.push({ source: c.source, lexical, real });
+    }
+    allowlistCache = roots;
+    return roots;
+}
+function isInsideRoot(candidate, root) {
+    if (candidate === root)
+        return true;
+    const rel = path.relative(root, candidate);
+    if (rel === '' || rel === '.')
+        return true;
+    if (path.isAbsolute(rel))
+        return false;
+    if (rel === '..')
+        return false;
+    if (rel.startsWith('..' + path.sep))
+        return false;
+    return true;
+}
+function findAllowlistMatch(candidateLexical, candidateReal, roots) {
+    // Lexical AND realpath both must be inside the same allowlist entry.
+    // (Either alone is a known bypass: a symlinked-out lexical-allowed path,
+    // or a realpath-allowed path that lexically points elsewhere.)
+    for (const r of roots) {
+        if (isInsideRoot(candidateLexical, r.lexical) && isInsideRoot(candidateReal, r.real)) {
+            return r;
+        }
+    }
+    return null;
+}
+/**
+ * Validate an override directory.
+ *
+ * Returns the resolved (realpath) directory on success. Throws `OVERRIDE_REJECTED`
+ * for policy violations (UNC, malformed, not absolute, outside allowlist, symlink
+ * escape) UNLESS `SQUAD_AGENTS_ALLOW_UNSAFE=1` is set, in which case the violation
+ * is bypassed (still rejects malformed inputs hard — those are not policy choices).
+ */
+export async function validateOverrideDir(rawDir) {
+    // Hard rejections — never bypassed by the escape hatch.
+    try {
+        rejectIfMalformed(rawDir);
+    }
+    catch (err) {
+        return { ok: false, reason: 'malformed', rejectedPath: rawDir };
+    }
+    if (!path.isAbsolute(rawDir)) {
+        return { ok: false, reason: 'not_absolute', rejectedPath: rawDir };
+    }
+    if (isUncOrDeviceNamespace(rawDir)) {
+        return { ok: false, reason: 'unc_or_device_namespace', rejectedPath: rawDir };
+    }
+    const lexical = path.normalize(rawDir);
+    const real = await realpathOrSelf(lexical);
+    const unsafe = isUnsafeOverrideEnabled();
+    const roots = await buildAllowlist();
+    const match = findAllowlistMatch(lexical, real, roots);
+    if (match) {
+        return { ok: true, resolvedPath: real, allowlistMatch: match.source, unsafeOverride: false };
+    }
+    // Distinguish lexical-only escape (likely symlink) from outright outside-allowlist.
+    // If lexical matches some root but realpath does not, the user did `ln -s /tmp/x ~/.squad`.
+    let lexicalMatchExists = false;
+    for (const r of roots) {
+        if (isInsideRoot(lexical, r.lexical)) {
+            lexicalMatchExists = true;
+            break;
+        }
+    }
+    const reason = lexicalMatchExists ? 'symlink_escape' : 'outside_allowlist';
+    if (unsafe) {
+        return { ok: true, resolvedPath: real, allowlistMatch: 'unsafe_override', unsafeOverride: true };
+    }
+    return { ok: false, reason, rejectedPath: rawDir };
+}
+/**
+ * Convert a `ValidationFail` into a structured `OVERRIDE_REJECTED` error.
+ * Caller decides whether to throw or downgrade to a warn-and-fallback.
+ */
+export function rejectionToError(fail, allowlistSize) {
+    return new SquadError('OVERRIDE_REJECTED', `override directory rejected: ${fail.reason}`, {
+        reason: fail.reason,
+        path: fail.rejectedPath,
+        allowlist_size: allowlistSize,
+    });
+}
+export async function getAllowlistSize() {
+    const roots = await buildAllowlist();
+    return roots.length;
+}
+/**
+ * Validate that a candidate file path inside a previously-validated override
+ * directory does not escape (after symlink resolution).
+ *
+ * Returns the file's realpath on success, or `null` if the file does not exist
+ * or escapes the directory. Per-file escape is NOT a policy-level error — the
+ * caller falls back to embedded for that file only and continues.
+ */
+export async function validateOverrideFile(validatedDirReal, fileName) {
+    try {
+        rejectIfMalformed(fileName);
+    }
+    catch {
+        return null;
+    }
+    // Lexical: file name must not contain traversal segments.
+    const normalized = path.normalize(fileName);
+    if (path.isAbsolute(normalized))
+        return null;
+    if (normalized === '..' || normalized.startsWith('..' + path.sep) || normalized.includes(path.sep + '..' + path.sep)) {
+        return null;
+    }
+    const candidate = path.resolve(validatedDirReal, normalized);
+    // Lexical containment.
+    if (!isInsideRoot(candidate, validatedDirReal))
+        return null;
+    // Existence check before realpath.
+    try {
+        await fs.access(candidate);
+    }
+    catch {
+        return null;
+    }
+    const real = await realpathOrSelf(candidate);
+    if (!isInsideRoot(real, validatedDirReal))
+        return null;
+    return real;
+}
+//# sourceMappingURL=override-allowlist.js.map

package/dist/util/override-allowlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"override-allowlist.js","sourceRoot":"","sources":["../../src/util/override-allowlist.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AA8CvE,IAAI,cAAc,GAA2B,IAAI,CAAC;AAElD;;;GAGG;AACH,MAAM,UAAU,6BAA6B;IAC3C,cAAc,GAAG,IAAI,CAAC;AACxB,CAAC;AAED,SAAS,uBAAuB;IAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,KAAK,GAAG,CAAC;AACvD,CAAC;AAED,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,cAAc;IAC3B,IAAI,cAAc,KAAK,IAAI;QAAE,OAAO,cAAc,CAAC;IACnD,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,MAAM,UAAU,GAAmE;QACjF,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,EAAE,EAAE;QACrC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE;KACtC,CAAC;IACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACjE,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,CAAC,CAAC,CAAC,GAAG;YAAE,SAAS;QACrB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC;YAAE,SAAS;QACtC,IAAI,CAAC;YACH,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,kFAAkF;YAClF,SAAS;QACX,CAAC;QACD,IAAI,sBAAsB,CAAC,CAAC,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,SAAS;QAC7B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,cAAc,GAAG,KAAK,CAAC;IACvB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,SAAiB,EAAE,IAAY;IACnD,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC3C,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAClD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CACzB,gBAAwB,EACxB,aAAqB,EACrB,KAAsB;IAEtB,qEAAqE;IACrE,yEAAyE;IACzE,+DAA+D;IAC/D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,YAAY,CAAC,gBAAgB,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACrF,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,MAAc;IACtD,wDAAwD;IACxD,IAAI,CAAC;QACH,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;IAClE,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;IACrE,CAAC;IAED,IAAI,sBAAsB,CAAC,MAAM,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;IAChF,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAG,uBAAuB,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,MAAM,cAAc,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,kBAAkB,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAEvD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,CAAC,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;IAC/F,CAAC;IAED,oFAAoF;IACpF,4FAA4F;IAC5F,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,kBAAkB,GAAG,IAAI,CAAC;YAC1B,MAAM;QACR,CAAC;IACH,CAAC;IACD,MAAM,MAAM,GAA4B,kBAAkB,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,mBAAmB,CAAC;IAEpG,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,iBAAiB,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IACnG,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAoB,EAAE,aAAqB;IAC1E,OAAO,IAAI,UAAU,CAAC,mBAAmB,EAAE,gCAAgC,IAAI,CAAC,MAAM,EAAE,EAAE;QACxF,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,EAAE,IAAI,CAAC,YAAY;QACvB,cAAc,EAAE,aAAa;KAC9B,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,KAAK,GAAG,MAAM,cAAc,EAAE,CAAC;IACrC,OAAO,KAAK,CAAC,MAAM,CAAC;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,gBAAwB,EAAE,QAAgB;IACnF,IAAI,CAAC;QACH,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0DAA0D;IAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACrH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;IAE7D,uBAAuB;IACvB,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,gBAAgB,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5D,mCAAmC;IACnC,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,CAAC;IAC7C,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,gBAAgB,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/util/path-internal.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Internal helpers shared between path-safety.ts and override-allowlist.ts.
+ * Exported only for intra-`util/` reuse; do not import from outside src/util/.
+ */
+export declare function rejectIfMalformed(file: string): void;
+export declare function realpathOrSelf(p: string): Promise<string>;

package/dist/util/path-internal.js

@@ -0,0 +1,27 @@
+import { promises as fs } from 'node:fs';
+import { SquadError } from '../errors.js';
+/**
+ * Internal helpers shared between path-safety.ts and override-allowlist.ts.
+ * Exported only for intra-`util/` reuse; do not import from outside src/util/.
+ */
+export function rejectIfMalformed(file) {
+    if (file.includes('\0')) {
+        throw new SquadError('PATH_INVALID', 'file path contains NUL byte', { file });
+    }
+    if (file.startsWith('~')) {
+        throw new SquadError('PATH_INVALID', 'file path starts with ~ (tilde expansion not supported)', { file });
+    }
+    const adsIndex = file.indexOf(':', 2);
+    if (adsIndex !== -1) {
+        throw new SquadError('PATH_INVALID', 'file path contains ADS marker (:) after drive letter', { file });
+    }
+}
+export async function realpathOrSelf(p) {
+    try {
+        return await fs.realpath(p);
+    }
+    catch {
+        return p;
+    }
+}
+//# sourceMappingURL=path-internal.js.map

package/dist/util/path-internal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-internal.js","sourceRoot":"","sources":["../../src/util/path-internal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C;;;GAGG;AAEH,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,6BAA6B,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,yDAAyD,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5G,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACtC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,sDAAsD,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACzG,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,CAAS;IAC5C,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC"}

package/dist/util/path-safety.js.map

@@ -1 +1 @@
-{"version":3,"file":"path-safety.js","sourceRoot":"","sources":["../../src/util/path-safety.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,MAAM,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC;AAMhC,MAAM,UAAU,qBAAqB;IACnC,OAAO,EAAE,aAAa,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC;AACtC,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY;IACrC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,6BAA6B,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,yDAAyD,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5G,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACtC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,sDAAsD,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACzG,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,CAAS;IACrC,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAAiC,EACjC,IAAY,EACZ,GAAoB;IAEpB,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAExB,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,UAAU,CAClB,yBAAyB,EACzB,4DAA4D,EAC5D,EAAE,IAAI,EAAE,CACT,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,iCAAiC,EAAE,EAAE,aAAa,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,QAAQ,GAAG,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACrD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,QAAQ,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,CAAC;QAChD,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAE5D,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACzD,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACjG,MAAM,IAAI,UAAU,CAAC,uBAAuB,EAAE,uCAAuC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACnG,CAAC;IAED,IAAI,eAAe,GAAG,KAAK,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC9B,eAAe,GAAG,IAAI,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;IAC5D,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,YAAY,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QACvD,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACxF,MAAM,IAAI,UAAU,CAAC,uBAAuB,EAAE,8CAA8C,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1G,CAAC;QACD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAOD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAAe;IAC/C,IAAI,EAAE,CAAC;IACP,IAAI,CAAC;QACH,EAAE,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACpC,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YACjD,SAAS,EAAE,SAAS,KAAK,SAAS;SACnC,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC"}
+{"version":3,"file":"path-safety.js","sourceRoot":"","sources":["../../src/util/path-safety.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACzC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEvE,MAAM,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC;AAMhC,MAAM,UAAU,qBAAqB;IACnC,OAAO,EAAE,aAAa,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC;AACtC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,aAAiC,EACjC,IAAY,EACZ,GAAoB;IAEpB,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAExB,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,UAAU,CAClB,yBAAyB,EACzB,4DAA4D,EAC5D,EAAE,IAAI,EAAE,CACT,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,UAAU,CAAC,cAAc,EAAE,iCAAiC,EAAE,EAAE,aAAa,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,QAAQ,GAAG,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACrD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,QAAQ,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,CAAC;QAChD,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAE5D,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACzD,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACjG,MAAM,IAAI,UAAU,CAAC,uBAAuB,EAAE,uCAAuC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACnG,CAAC;IAED,IAAI,eAAe,GAAG,KAAK,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC9B,eAAe,GAAG,IAAI,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;IAC5D,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,YAAY,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QACvD,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACxF,MAAM,IAAI,UAAU,CAAC,uBAAuB,EAAE,8CAA8C,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1G,CAAC;QACD,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAOD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAAe;IAC/C,IAAI,EAAE,CAAC;IACP,IAAI,CAAC;QACH,EAAE,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACpC,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC1D,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YACjD,SAAS,EAAE,SAAS,KAAK,SAAS;SACnC,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;AACH,CAAC"}