@hegemonart/get-design-done 1.59.7 → 1.59.9

package/sdk/dashboard/data/source.cjs

@@ -24,9 +24,10 @@
  *     `degraded[]` (so gsd-health + the TUI can surface what is missing).
  *   - Absent .design entirely -> every data section null/[] + degraded
  *     populated, still no throw.
- *   - Root resolution: opts.root || GDD_PROJECT_ROOT || package-root walk-up
- *     || cwd. (Package-root walk-up resolves the GDD repo root, where
- *     .design/.planning live.)
+ *   - Root resolution: opts.root || GDD_PROJECT_ROOT || cwd marker walk-up
+ *     (.design/.planning/.claude-plugin) || package-root walk-up. The cwd
+ *     marker walk resolves the USER's project; package-root is a last-resort
+ *     fallback (it would otherwise always pin the installed plugin's own dir).
  *   - The .ts libs (sdk/state, sdk/event-stream) cannot be static-require()d
  *     from a .cjs — they are loaded via dynamic import(pathToFileURL),
  *     memoized once per process. The .cjs libs are require()d directly via the
@@ -100,15 +101,59 @@ function importEventStream() {
 // ---------------------------------------------------------------------------
 // Root resolution
 // ---------------------------------------------------------------------------
+/**
+ * Walk UP from `startCwd` looking for a GDD project marker — `.design/` OR
+ * `.planning/` OR `.claude-plugin/plugin.json`. First match wins; returns the
+ * directory that holds the marker, or null if none is found before the
+ * filesystem root.
+ *
+ * This mirrors `resolveProjectRoot()` in
+ * `sdk/mcp/gdd-mcp/tools/shared.ts` (the canonical D-05 marker walk) so the
+ * dashboard resolves the USER's project, not the plugin's own install dir.
+ *
+ * @param {string} [startCwd]
+ * @returns {string|null}
+ */
+function cwdMarkerWalk(startCwd = process.cwd()) {
+  let dir = path.resolve(startCwd);
+  // Bound the climb defensively (deep trees / odd mounts).
+  for (let i = 0; i < 64; i++) {
+    if (
+      fs.existsSync(path.join(dir, '.design')) ||
+      fs.existsSync(path.join(dir, '.planning')) ||
+      fs.existsSync(path.join(dir, '.claude-plugin', 'plugin.json'))
+    ) {
+      return dir;
+    }
+    const parent = path.dirname(dir);
+    if (parent === dir) return null; // reached filesystem root
+    dir = parent;
+  }
+  return null;
+}
+
 /**
  * Resolve the project root the dashboard reads from:
- *   opts.root || GDD_PROJECT_ROOT (env) || package-root walk-up || cwd.
+ *   opts.root || GDD_PROJECT_ROOT (env) || cwd marker walk-up || package-root.
+ *
+ * D2 fix: `packageRoot()` ALWAYS succeeds (it walks up from __dirname and
+ * lands on the installed plugin's own package.json, e.g.
+ * node_modules/@hegemonart/get-design-done), so when it preceded the cwd
+ * resolution an installed `gdd-dashboard` always showed the PLUGIN's own
+ * (empty) data instead of the user's project. We now resolve the user's
+ * project FIRST via a cwd-upward marker walk (the same D-05 algorithm the
+ * gdd-mcp tools use), and only fall back to the package root as a last
+ * resort. Running the dashboard INSIDE the gdd repo still works — the marker
+ * walk finds the repo's own .design/.planning, which IS the project root.
+ *
  * @param {{root?: string}} [opts]
  * @returns {string}
  */
 function resolveRoot(opts = {}) {
   if (opts.root) return path.resolve(opts.root);
   if (process.env.GDD_PROJECT_ROOT) return path.resolve(process.env.GDD_PROJECT_ROOT);
+  const fromCwd = cwdMarkerWalk();
+  if (fromCwd) return fromCwd;
   try {
     return packageRoot();
   } catch {
@@ -610,6 +655,7 @@ module.exports = {
   loadDashboardModel,
   // Exposed for tests + sibling reuse (executors D/F may want the scrapers).
   resolveRoot,
+  cwdMarkerWalk,
   scrapeStateFile,
   scrapeEventsFile,
 };

package/sdk/event-stream/writer.ts

@@ -38,46 +38,128 @@ import type { BaseEvent } from './types.ts';
 // anchor createRequire on the repo-root package.json discovered by
 // walking up from `process.cwd()`.
 function _findRepoRoot(): string {
-  let dir = process.cwd();
-  for (let i = 0; i < 8; i++) {
+  return _walkToPackageJson(process.cwd());
+}
+
+/**
+ * Walk up from `startDir` until a directory containing `package.json` is
+ * found; returns `startDir` itself if none is found within the bound.
+ */
+function _walkToPackageJson(startDir: string): string {
+  let dir = startDir;
+  for (let i = 0; i < 12; i++) {
     if (existsSync(join(dir, 'package.json'))) return dir;
     const parent = dirname(dir);
     if (parent === dir) break;
     dir = parent;
   }
-  return process.cwd();
+  return startDir;
+}
+
+// S2 fix: redaction now fails CLOSED. Previously, if redact.cjs could not be
+// resolved from the runtime cwd, `_redact` fell through to the IDENTITY
+// function and every event was written UNSCRUBBED — silently leaking secrets
+// into events.jsonl whenever the writer ran outside the plugin tree (hook
+// subprocesses, temp test dirs, unusual install layouts). That is a fail-open
+// security hole.
+//
+// New contract:
+//   * redact.cjs loads  → normal deep-walk scrubbing (unchanged behavior).
+//   * redact.cjs MISSING → fail closed: `redact` returns an envelope-only
+//     placeholder that DROPS the payload body (replacing it with
+//     `{ _redaction_unavailable: true }`) so no raw payload is ever persisted
+//     unscrubbed. A single visible stderr warning is emitted (once per
+//     process, guarded by `_redactWarned`) so the failure is observable.
+//
+// Resolution is also improved: we try createRequire anchored on THIS module
+// (via the runtime-resolved module path) before the cwd-anchored walk, so it
+// loads in more layouts.
+
+/** Module-level guard so the fail-closed warning prints at most once. */
+let _redactWarned = false;
+
+/** Emit the one-time fail-closed warning to stderr (guarded, best-effort). */
+function _warnRedactUnavailable(): void {
+  if (_redactWarned) return;
+  _redactWarned = true;
+  try {
+    process.stderr.write(
+      '[event-stream] WARNING: scripts/lib/redact.cjs could not be loaded — ' +
+        'failing CLOSED: event payloads are dropped (envelope-only) to avoid ' +
+        'writing unscrubbed secrets. Run the event writer from inside the ' +
+        'plugin tree or set the redact lib on PATH to restore full payloads.\n',
+    );
+  } catch {
+    // If stderr itself is broken we have no recourse; swallow.
+  }
 }
 
-// Soft load: if redact.cjs is unreachable from the runtime cwd (e.g. a
-// hook subprocess running in a temp test dir three directories above
-// the plugin root), fall through to the identity function. The writer
-// keeps working — events just aren't scrubbed in that environment.
-// Production callers always run from inside the plugin tree.
-let _redact: (v: unknown) => unknown;
-try {
-  const _root = _findRepoRoot();
-  const _candidate = resolve(_root, 'scripts/lib/redact.cjs');
-  if (existsSync(_candidate)) {
-    const _redactRequire = createRequire(join(_root, 'package.json'));
-    const _mod = _redactRequire(_candidate) as { redact: (v: unknown) => unknown };
-    _redact = _mod.redact;
-  } else {
-    // Fallback: also try walking up from this source file's logical
-    // position (3 dirs above writer.ts → repo root).
-    const _altRoot = resolve(_root, '..', '..');
-    const _altCandidate = resolve(_altRoot, 'scripts/lib/redact.cjs');
-    if (existsSync(_altCandidate)) {
-      const _altRequire = createRequire(join(_altRoot, 'package.json'));
-      const _altMod = _altRequire(_altCandidate) as { redact: (v: unknown) => unknown };
-      _redact = _altMod.redact;
-    } else {
-      _redact = (v) => v;
+/**
+ * Attempt to load redact.cjs from a set of candidate roots. Returns the
+ * real `redact` function on success, or `null` if no candidate resolves.
+ */
+function _loadRedact(): ((v: unknown) => unknown) | null {
+  const candidates: string[] = [];
+
+  // We cannot use `import.meta.url` (tsc Node16 classifies this .ts as CJS for
+  // typecheck), so we probe several anchors so redact.cjs loads in as many
+  // layouts as possible BEFORE the fail-closed path engages:
+  //
+  // 1) The entry script (`process.argv[1]`). For hook subprocesses (e.g.
+  //    budget-enforcer.ts spawned by the harness) the entry script lives
+  //    INSIDE the plugin tree even when cwd is a detached temp dir — this is
+  //    the same anchor the hook itself uses via resolveHookPath(). Walking up
+  //    from the entry script to its package.json reliably lands on the plugin
+  //    root regardless of cwd.
+  // 2) A cwd-walked repo root (works when cwd IS inside the plugin tree).
+  // 3) The source-relative layout (writer.ts → ../../scripts/lib/redact.cjs).
+  const entry = process.argv[1];
+  if (typeof entry === 'string' && entry.length > 0) {
+    const entryAbs = isAbsolute(entry) ? entry : resolve(entry);
+    const entryRoot = _walkToPackageJson(dirname(entryAbs));
+    candidates.push(resolve(entryRoot, 'scripts/lib/redact.cjs'));
+  }
+  const repoRoot = _findRepoRoot();
+  candidates.push(resolve(repoRoot, 'scripts/lib/redact.cjs'));
+  candidates.push(resolve(repoRoot, '..', '..', 'scripts/lib/redact.cjs'));
+
+  for (const candidate of candidates) {
+    try {
+      if (!existsSync(candidate)) continue;
+      // Anchor createRequire on the candidate file itself so resolution does
+      // not depend on a package.json being present at a particular ancestor.
+      const req = createRequire(candidate);
+      const mod = req(candidate) as { redact?: (v: unknown) => unknown };
+      if (mod && typeof mod.redact === 'function') return mod.redact;
+    } catch {
+      // Try the next candidate.
     }
   }
-} catch {
-  _redact = (v) => v;
+  return null;
 }
-const redact = _redact;
+
+const _realRedact = _loadRedact();
+
+/**
+ * The redaction function used at the write boundary. When the real redactor
+ * loaded, this is it. When it did not, this is the FAIL-CLOSED shim: it warns
+ * once and returns an envelope-only object with the payload body dropped.
+ */
+const redact: (v: unknown) => unknown =
+  _realRedact !== null
+    ? _realRedact
+    : (v: unknown): unknown => {
+        _warnRedactUnavailable();
+        if (v !== null && typeof v === 'object') {
+          // Preserve envelope metadata; drop the payload body entirely so no
+          // raw (potentially secret-bearing) content is persisted.
+          const ev = v as Record<string, unknown>;
+          const out: Record<string, unknown> = { ...ev };
+          out['payload'] = { _redaction_unavailable: true };
+          return out;
+        }
+        return { _redaction_unavailable: true };
+      };
 
 /** Default relative path for the persisted event stream. */
 export const DEFAULT_EVENTS_PATH = '.design/telemetry/events.jsonl';

package/sdk/mcp/gdd-mcp/server.js

@@ -2034,7 +2034,7 @@ __export(server_exports, {
 });
 module.exports = __toCommonJS(server_exports);
 var import_node_fs5 = require("node:fs");
-var import_node_path4 = require("node:path");
+var import_node_path5 = require("node:path");
 var import_server = require("@modelcontextprotocol/sdk/server/index.js");
 var import_stdio = require("@modelcontextprotocol/sdk/server/stdio.js");
 var import_types6 = require("@modelcontextprotocol/sdk/types.js");
@@ -2199,6 +2199,11 @@ function resolveProjectRoot(startCwd = process.cwd()) {
     if ((0, import_node_fs.existsSync)((0, import_node_path.join)(dir, ".design")) || (0, import_node_fs.existsSync)((0, import_node_path.join)(dir, ".planning")) || (0, import_node_fs.existsSync)((0, import_node_path.join)(dir, ".claude-plugin", "plugin.json"))) {
       return dir;
     }
+    if ((0, import_node_fs.existsSync)((0, import_node_path.join)(dir, ".git"))) {
+      throw new Error(
+        `gdd project root not found: hit repo boundary at ${dir} (.git) before any GDD marker, starting from ${startCwd}`
+      );
+    }
     const parent = (0, import_node_path.dirname)(dir);
     if (parent === dir) {
       throw new Error(
@@ -2249,6 +2254,8 @@ __export(gdd_cycle_recap_exports, {
 
 // sdk/state/index.ts
 var import_node_fs2 = require("node:fs");
+var import_node_path2 = require("node:path");
+var import_node_module = require("node:module");
 
 // sdk/state/types.ts
 function isConnectionStatus(value) {
@@ -2950,6 +2957,8 @@ var GATES = Object.freeze({
 });
 
 // sdk/state/index.ts
+var _moduleDir = typeof __dirname !== "undefined" ? __dirname : (0, import_node_path2.dirname)(process.argv[1] || process.cwd());
+var _require = typeof require !== "undefined" ? require : (0, import_node_module.createRequire)(process.argv[1] || process.cwd());
 async function read(path) {
   const raw = (0, import_node_fs2.readFileSync)(path, "utf8");
   return parse(raw).state;
@@ -3017,51 +3026,55 @@ __export(gdd_events_tail_exports, {
 
 // sdk/event-stream/writer.ts
 var import_node_fs3 = require("node:fs");
-var import_node_path2 = require("node:path");
-var import_node_module = require("node:module");
+var import_node_path3 = require("node:path");
+var import_node_module2 = require("node:module");
 function _findRepoRoot() {
-  let dir = process.cwd();
-  for (let i = 0; i < 8; i++) {
-    if ((0, import_node_fs3.existsSync)((0, import_node_path2.join)(dir, "package.json"))) return dir;
-    const parent = (0, import_node_path2.dirname)(dir);
+  return _walkToPackageJson(process.cwd());
+}
+function _walkToPackageJson(startDir) {
+  let dir = startDir;
+  for (let i = 0; i < 12; i++) {
+    if ((0, import_node_fs3.existsSync)((0, import_node_path3.join)(dir, "package.json"))) return dir;
+    const parent = (0, import_node_path3.dirname)(dir);
     if (parent === dir) break;
     dir = parent;
   }
-  return process.cwd();
+  return startDir;
 }
-var _redact;
-try {
-  const _root = _findRepoRoot();
-  const _candidate = (0, import_node_path2.resolve)(_root, "scripts/lib/redact.cjs");
-  if ((0, import_node_fs3.existsSync)(_candidate)) {
-    const _redactRequire = (0, import_node_module.createRequire)((0, import_node_path2.join)(_root, "package.json"));
-    const _mod = _redactRequire(_candidate);
-    _redact = _mod.redact;
-  } else {
-    const _altRoot = (0, import_node_path2.resolve)(_root, "..", "..");
-    const _altCandidate = (0, import_node_path2.resolve)(_altRoot, "scripts/lib/redact.cjs");
-    if ((0, import_node_fs3.existsSync)(_altCandidate)) {
-      const _altRequire = (0, import_node_module.createRequire)((0, import_node_path2.join)(_altRoot, "package.json"));
-      const _altMod = _altRequire(_altCandidate);
-      _redact = _altMod.redact;
-    } else {
-      _redact = (v) => v;
+function _loadRedact() {
+  const candidates = [];
+  const entry = process.argv[1];
+  if (typeof entry === "string" && entry.length > 0) {
+    const entryAbs = (0, import_node_path3.isAbsolute)(entry) ? entry : (0, import_node_path3.resolve)(entry);
+    const entryRoot = _walkToPackageJson((0, import_node_path3.dirname)(entryAbs));
+    candidates.push((0, import_node_path3.resolve)(entryRoot, "scripts/lib/redact.cjs"));
+  }
+  const repoRoot = _findRepoRoot();
+  candidates.push((0, import_node_path3.resolve)(repoRoot, "scripts/lib/redact.cjs"));
+  candidates.push((0, import_node_path3.resolve)(repoRoot, "..", "..", "scripts/lib/redact.cjs"));
+  for (const candidate of candidates) {
+    try {
+      if (!(0, import_node_fs3.existsSync)(candidate)) continue;
+      const req = (0, import_node_module2.createRequire)(candidate);
+      const mod = req(candidate);
+      if (mod && typeof mod.redact === "function") return mod.redact;
+    } catch {
     }
   }
-} catch {
-  _redact = (v) => v;
+  return null;
 }
+var _realRedact = _loadRedact();
 var DEFAULT_EVENTS_PATH = ".design/telemetry/events.jsonl";
 var DEFAULT_MAX_LINE_BYTES = 64 * 1024;
 
 // sdk/event-stream/reader.ts
 var import_node_fs4 = require("node:fs");
-var import_node_path3 = require("node:path");
+var import_node_path4 = require("node:path");
 var import_node_readline = require("node:readline");
 function resolveReadPath(opts) {
   const raw = opts.path ?? DEFAULT_EVENTS_PATH;
-  if ((0, import_node_path3.isAbsolute)(raw)) return raw;
-  return (0, import_node_path3.resolve)(opts.baseDir ?? process.cwd(), raw);
+  if ((0, import_node_path4.isAbsolute)(raw)) return raw;
+  return (0, import_node_path4.resolve)(opts.baseDir ?? process.cwd(), raw);
 }
 async function* readEvents(opts = {}) {
   const path = resolveReadPath(opts);
@@ -3354,16 +3367,16 @@ if (TOOL_COUNT > 13) {
 var SERVER_NAME = "gdd-mcp";
 var SERVER_VERSION = "1.27.7";
 function here() {
-  const expectedRel = (0, import_node_path4.join)("sdk", "mcp", "gdd-mcp");
+  const expectedRel = (0, import_node_path5.join)("sdk", "mcp", "gdd-mcp");
   const entry = process.argv[1];
   if (typeof entry === "string" && entry.length > 0) {
-    const entryDir = (0, import_node_path4.dirname)((0, import_node_path4.resolve)(entry));
-    if ((0, import_node_fs5.existsSync)((0, import_node_path4.join)(entryDir, "tools", "index.ts"))) {
+    const entryDir = (0, import_node_path5.dirname)((0, import_node_path5.resolve)(entry));
+    if ((0, import_node_fs5.existsSync)((0, import_node_path5.join)(entryDir, "tools", "index.ts"))) {
       return entryDir;
     }
   }
-  const candidate = (0, import_node_path4.resolve)(process.cwd(), expectedRel);
-  if ((0, import_node_fs5.existsSync)((0, import_node_path4.join)(candidate, "tools", "index.ts"))) {
+  const candidate = (0, import_node_path5.resolve)(process.cwd(), expectedRel);
+  if ((0, import_node_fs5.existsSync)((0, import_node_path5.join)(candidate, "tools", "index.ts"))) {
     return candidate;
   }
   return candidate;
@@ -3371,7 +3384,7 @@ function here() {
 function loadTools() {
   const baseDir = here();
   return TOOL_MODULES.map((m) => {
-    const absPath = (0, import_node_path4.join)(baseDir, "tools", m.schemaPath);
+    const absPath = (0, import_node_path5.join)(baseDir, "tools", m.schemaPath);
     const raw = (0, import_node_fs5.readFileSync)(absPath, "utf8");
     const parsed = JSON.parse(raw);
     const rawInput = parsed.properties?.input;

package/sdk/mcp/gdd-mcp/tools/shared.ts

@@ -103,9 +103,18 @@ export function resolveSnapshotsDir(): string {
  * is returned verbatim (after path resolution). This is useful for
  * tests and for users who want to pin a project root explicitly.
  *
+ * REPO-BOUNDARY GUARD (audit S8): the upward walk STOPS at the first `.git`
+ * directory it encounters. If a `.git` boundary is hit BEFORE any GDD marker
+ * is found, the walk does NOT continue into the parent repository — that
+ * would let a nested, unrelated checkout resolve to a PARENT repo's
+ * `.design/`/`.planning/`, leaking another project's state into this one
+ * (cross-project info bleed). At a `.git` boundary we check the boundary
+ * directory itself for a marker (a repo root legitimately holds `.design/`),
+ * then treat "no marker at or below this repo root" as not-found.
+ *
  * Throws `Error('gdd project root not found: ...')` when no marker is
- * found before the filesystem root. Callers in tool handlers should
- * catch and forward via `errorResponse()`.
+ * found before either the first `.git` boundary or the filesystem root.
+ * Callers in tool handlers should catch and forward via `errorResponse()`.
  */
 export function resolveProjectRoot(startCwd: string = process.cwd()): string {
   const override = process.env['GDD_PROJECT_ROOT'];
@@ -122,6 +131,15 @@ export function resolveProjectRoot(startCwd: string = process.cwd()): string {
     ) {
       return dir;
     }
+    // S8: a `.git` here marks a repository boundary. We already checked this
+    // directory for a marker above and found none, so do not walk PAST the
+    // repo root into a parent (possibly unrelated) project.
+    if (existsSync(join(dir, '.git'))) {
+      throw new Error(
+        `gdd project root not found: hit repo boundary at ${dir} ` +
+          `(.git) before any GDD marker, starting from ${startCwd}`,
+      );
+    }
     const parent = dirname(dir);
     if (parent === dir) {
       // Reached filesystem root — give up.