@lamentis/naome 1.3.8 → 1.3.9

package/crates/naome-core/src/quality/cache.rs

@@ -1,5 +1,6 @@
-use std::fs;
-use std::path::{Path, PathBuf};
+use std::fs::{self, OpenOptions};
+use std::io::Write;
+use std::path::{Component, Path, PathBuf};
 
 use serde::{Deserialize, Serialize};
 use sha2::{Digest, Sha256};
@@ -49,7 +50,11 @@ impl QualityCache {
     }
 
     pub(crate) fn read(&self, path: &str, content_hash: &str) -> Option<FileAnalysis> {
-        let entry = fs::read_to_string(self.entry_path(path, content_hash)).ok()?;
+        let cache_path = self.safe_entry_path(path, content_hash).ok()?;
+        if !regular_file_without_symlink(&cache_path) {
+            return None;
+        }
+        let entry = fs::read_to_string(cache_path).ok()?;
         let entry: CacheEntry = serde_json::from_str(&entry).ok()?;
         if entry.schema == CACHE_SCHEMA
             && entry.naome_version == env!("CARGO_PKG_VERSION")
@@ -70,10 +75,7 @@ impl QualityCache {
         content_hash: &str,
         analysis: &FileAnalysis,
     ) -> Result<(), NaomeError> {
-        let cache_path = self.entry_path(path, content_hash);
-        if let Some(parent) = cache_path.parent() {
-            fs::create_dir_all(parent)?;
-        }
+        let cache_path = self.safe_entry_path(path, content_hash)?;
         let entry = CacheEntry {
             schema: CACHE_SCHEMA.to_string(),
             naome_version: env!("CARGO_PKG_VERSION").to_string(),
@@ -84,31 +86,29 @@ impl QualityCache {
             analysis: analysis.clone(),
         };
         let content = format!("{}\n", serde_json::to_string(&entry)?);
-        if fs::read_to_string(&cache_path).map_or(true, |current| current != content) {
-            fs::write(cache_path, content)?;
-        }
-        Ok(())
+        write_cache_entry(&cache_path, &content)
     }
 
-    fn entry_path(&self, path: &str, content_hash: &str) -> PathBuf {
-        self.root.join(CACHE_RELATIVE_PATH).join(stable_key(&[
+    fn safe_entry_path(&self, path: &str, content_hash: &str) -> Result<PathBuf, NaomeError> {
+        let cache_root = safe_cache_root(&self.root, true)?;
+        Ok(cache_root.join(stable_key(&[
             env!("CARGO_PKG_VERSION"),
             &self.config_hash,
             ADAPTER_VERSION,
             path,
             content_hash,
-        ]))
+        ])))
     }
 }
 
 pub fn quality_cache_status(root: &Path) -> Result<QualityCacheStatus, NaomeError> {
-    let path = root.join(CACHE_RELATIVE_PATH);
+    let path = safe_cache_root(root, false)?;
     let mut entry_count = 0;
     let mut bytes = 0;
-    if path.is_dir() {
+    if regular_directory_without_symlink(&path) {
         for entry in fs::read_dir(&path)? {
             let entry = entry?;
-            let metadata = entry.metadata()?;
+            let metadata = fs::symlink_metadata(entry.path())?;
             if metadata.is_file() {
                 entry_count += 1;
                 bytes += metadata.len();
@@ -124,13 +124,116 @@ pub fn quality_cache_status(root: &Path) -> Result<QualityCacheStatus, NaomeErro
 }
 
 pub fn clear_quality_cache(root: &Path) -> Result<QualityCacheStatus, NaomeError> {
-    let path = root.join(CACHE_RELATIVE_PATH);
-    if path.exists() {
+    let path = safe_cache_root(root, false)?;
+    if regular_directory_without_symlink(&path) {
         fs::remove_dir_all(&path)?;
     }
     quality_cache_status(root)
 }
 
+fn write_cache_entry(cache_path: &Path, content: &str) -> Result<(), NaomeError> {
+    validate_cache_entry_parent(cache_path)?;
+    match fs::symlink_metadata(cache_path) {
+        Ok(metadata) if metadata.file_type().is_symlink() || !metadata.is_file() => {
+            return Err(NaomeError::new(format!(
+                "quality cache entry must be a regular file: {}",
+                cache_path.display()
+            )));
+        }
+        Ok(_) => {
+            if fs::read_to_string(cache_path).map_or(false, |current| current == content) {
+                return Ok(());
+            }
+        }
+        Err(error) if error.kind() == std::io::ErrorKind::NotFound => {}
+        Err(error) => return Err(error.into()),
+    }
+
+    let temp_path = cache_path.with_extension(format!(
+        "tmp.{}.{}",
+        std::process::id(),
+        stable_key(&[content]).trim_end_matches(".json")
+    ));
+    validate_cache_entry_parent(&temp_path)?;
+    let mut temp = OpenOptions::new()
+        .write(true)
+        .create_new(true)
+        .open(&temp_path)?;
+    if let Err(error) = temp.write_all(content.as_bytes()) {
+        let _ = fs::remove_file(&temp_path);
+        return Err(error.into());
+    }
+    if let Err(error) = temp.sync_all() {
+        let _ = fs::remove_file(&temp_path);
+        return Err(error.into());
+    }
+    drop(temp);
+    validate_cache_entry_parent(cache_path)?;
+    if let Err(error) = fs::rename(&temp_path, cache_path) {
+        let _ = fs::remove_file(&temp_path);
+        return Err(error.into());
+    }
+    Ok(())
+}
+
+fn validate_cache_entry_parent(cache_path: &Path) -> Result<(), NaomeError> {
+    let Some(parent) = cache_path.parent() else {
+        return Err(NaomeError::new("quality cache entry path has no parent"));
+    };
+    if !regular_directory_without_symlink(parent) {
+        return Err(NaomeError::new(format!(
+            "quality cache path must be a regular directory without symlinks: {}",
+            parent.display()
+        )));
+    }
+    Ok(())
+}
+
+fn safe_cache_root(root: &Path, create: bool) -> Result<PathBuf, NaomeError> {
+    let mut current = root.to_path_buf();
+    for component in Path::new(CACHE_RELATIVE_PATH).components() {
+        let Component::Normal(component) = component else {
+            return Err(NaomeError::new(
+                "quality cache path must be repository-relative",
+            ));
+        };
+        current.push(component);
+        match fs::symlink_metadata(&current) {
+            Ok(metadata) if metadata.file_type().is_symlink() => {
+                return Err(NaomeError::new(format!(
+                    "quality cache path must not contain symlinks: {}",
+                    current.display()
+                )));
+            }
+            Ok(metadata) if metadata.is_dir() => {}
+            Ok(_) => {
+                return Err(NaomeError::new(format!(
+                    "quality cache path component is not a directory: {}",
+                    current.display()
+                )));
+            }
+            Err(error) if error.kind() == std::io::ErrorKind::NotFound && create => {
+                fs::create_dir(&current)?;
+            }
+            Err(error) if error.kind() == std::io::ErrorKind::NotFound => return Ok(current),
+            Err(error) => return Err(error.into()),
+        }
+    }
+    Ok(current)
+}
+
+fn regular_directory_without_symlink(path: &Path) -> bool {
+    fs::symlink_metadata(path)
+        .map(|metadata| metadata.is_dir() && !metadata.file_type().is_symlink())
+        .unwrap_or(false)
+}
+
+fn regular_file_without_symlink(path: &Path) -> bool {
+    fs::symlink_metadata(path)
+        .map(|metadata| metadata.is_file() && !metadata.file_type().is_symlink())
+        .unwrap_or(false)
+}
+
 pub(crate) fn content_hash(content: &str) -> String {
     stable_key(&[content])
 }

package/crates/naome-core/src/quality/scanner/analysis.rs

@@ -8,6 +8,8 @@ use super::{FileAnalysis, NormalizedLine, SymbolAnalysis};
 use crate::quality::cache::{content_hash, QualityCache};
 use normalize::{normalize_line, token_set};
 
+use super::repo_paths::regular_repo_file_path;
+
 pub(super) fn analyze_repo_file(
     root: &Path,
     path: &str,
@@ -16,8 +18,8 @@ pub(super) fn analyze_repo_file(
     cache: &QualityCache,
     allow_cache: bool,
 ) -> Option<(FileAnalysis, bool)> {
-    let full_path = root.join(path);
-    if !full_path.is_file() || is_binary_extension(path) {
+    let full_path = regular_repo_file_path(root, path)?;
+    if is_binary_extension(path) {
         return None;
     }
     if allow_cache {

package/crates/naome-core/src/quality/scanner/repo_paths.rs

@@ -1,6 +1,6 @@
 use std::collections::{HashMap, HashSet};
 use std::fs;
-use std::path::Path;
+use std::path::{Component, Path};
 use std::process::Command;
 
 use crate::models::NaomeError;
@@ -44,8 +44,10 @@ pub(super) fn added_lines_by_path(
         if !target_paths.contains(&path) {
             continue;
         }
-        if let Ok(content) = fs::read_to_string(root.join(&path)) {
-            added.insert(path, content.lines().count());
+        if let Some(file_path) = regular_repo_file_path(root, &path) {
+            if let Ok(content) = fs::read_to_string(file_path) {
+                added.insert(path, content.lines().count());
+            }
         }
     }
     Ok(added)
@@ -92,3 +94,25 @@ fn untracked_paths(root: &Path) -> Result<Vec<String>, NaomeError> {
         .map(|entry| String::from_utf8_lossy(entry).replace('\\', "/"))
         .collect())
 }
+
+pub(super) fn regular_repo_file_path(root: &Path, path: &str) -> Option<std::path::PathBuf> {
+    let relative = Path::new(path);
+    if relative.is_absolute() {
+        return None;
+    }
+    let mut current = root.to_path_buf();
+    for component in relative.components() {
+        let Component::Normal(component) = component else {
+            return None;
+        };
+        current.push(component);
+        let metadata = fs::symlink_metadata(&current).ok()?;
+        if metadata.file_type().is_symlink() {
+            return None;
+        }
+    }
+    fs::symlink_metadata(&current)
+        .ok()
+        .filter(|metadata| metadata.is_file())
+        .map(|_| current)
+}

package/crates/naome-core/src/quality/scanner.rs

@@ -9,7 +9,7 @@ use sha2::{Digest, Sha256};
 
 use crate::{git, models::NaomeError, paths};
 pub(crate) use repo_paths::collect_repo_paths;
-use repo_paths::{added_lines_by_path, tracked_blob_hashes};
+use repo_paths::{added_lines_by_path, regular_repo_file_path, tracked_blob_hashes};
 
 use super::cache::QualityCache;
 use super::types::{
@@ -317,7 +317,10 @@ fn max_file_bytes(mode: QualityMode) -> u64 {
 }
 
 fn file_exceeds_budget(root: &Path, path: &str, mode: QualityMode) -> bool {
-    fs::metadata(root.join(path)).map_or(false, |metadata| {
+    let Some(full_path) = regular_repo_file_path(root, path) else {
+        return false;
+    };
+    fs::symlink_metadata(full_path).map_or(false, |metadata| {
         metadata.is_file() && metadata.len() > max_file_bytes(mode)
     })
 }

package/crates/naome-core/src/workflow/integrity_support.rs

@@ -23,8 +23,14 @@ pub(super) fn refresh_support_files(
             changed.push(path.to_string());
         }
     }
-    if replace_native_integrity(root, integrity)? {
-        changed.push(NAOME_COMMAND_PATH.to_string());
+    for path in [
+        NAOME_COMMAND_PATH,
+        HEALTH_CHECKER_PATH,
+        TASK_STATE_CHECKER_PATH,
+    ] {
+        if replace_native_integrity(root, path, integrity)? {
+            changed.push(path.to_string());
+        }
     }
     Ok(changed)
 }
@@ -76,12 +82,13 @@ fn render_expected_integrity_block(integrity: &BTreeMap<String, String>) -> Stri
 
 fn replace_native_integrity(
     root: &Path,
+    relative_path: &str,
     integrity: &BTreeMap<String, String>,
 ) -> Result<bool, NaomeError> {
     let Some(native_hash) = integrity.get(NATIVE_BINARY_PATH) else {
         return Ok(false);
     };
-    let path = root.join(NAOME_COMMAND_PATH);
+    let path = root.join(relative_path);
     if !path.is_file() {
         return Ok(false);
     }

package/crates/naome-core/tests/harness_health.rs

@@ -24,6 +24,11 @@ const MACHINE_OWNED_PATHS: &[&str] = &[
     "docs/naome/upgrade.md",
 ];
 
+#[cfg(windows)]
+const NATIVE_BINARY_PATH: &str = ".naome/bin/naome-rust.exe";
+#[cfg(not(windows))]
+const NATIVE_BINARY_PATH: &str = ".naome/bin/naome-rust";
+
 const PROJECT_OWNED_PATHS: &[&str] = &[
     ".naomeignore",
     ".naome/init-state.json",
@@ -78,6 +83,99 @@ fn rejects_drifted_machine_owned_files() {
     assert!(joined.contains("docs/naome/execution.md"));
 }
 
+#[test]
+fn accepts_native_decision_binary_with_manifest_ownership_and_integrity() {
+    let mut repo = HarnessFixture::new();
+    repo.install_native_decision_binary("native decision fixture\n");
+
+    let errors = validate_harness_health(repo.path(), options(repo.integrity.clone())).unwrap();
+
+    assert!(errors.is_empty(), "{errors:#?}");
+}
+
+#[test]
+fn rejects_native_decision_binary_when_manifest_ownership_is_removed() {
+    let mut repo = HarnessFixture::new();
+    repo.install_native_decision_binary("native decision fixture\n");
+    repo.remove_native_manifest_entry();
+
+    let errors = validate_harness_health(repo.path(), options(repo.integrity.clone())).unwrap();
+    let joined = errors.join("\n");
+
+    assert!(
+        joined.contains(&format!(
+            ".naome/manifest.json machineOwned must include {NATIVE_BINARY_PATH}."
+        )),
+        "{joined}"
+    );
+    assert!(
+        joined.contains(&format!(
+            ".naome/manifest.json integrity missing {NATIVE_BINARY_PATH}."
+        )),
+        "{joined}"
+    );
+}
+
+#[test]
+fn rejects_checker_declared_native_integrity_without_native_manifest_entry() {
+    let mut repo = HarnessFixture::new();
+    let checker_path = ".naome/bin/check-task-state.js";
+    let native_hash = format!("sha256:{}", "a".repeat(64));
+    repo.write(
+        checker_path,
+        &format!("const expectedNativeBinaryIntegrity = \"{native_hash}\";\n"),
+    );
+    repo.integrity.insert(
+        checker_path.to_string(),
+        format!(
+            "sha256:{}",
+            sha256("const expectedNativeBinaryIntegrity = \"sha256:generated\";\n")
+        ),
+    );
+    write_file(
+        repo.path(),
+        ".naome/manifest.json",
+        &pretty_json(manifest_fixture(&repo.integrity)),
+    );
+
+    let errors = validate_harness_health(repo.path(), options(repo.integrity.clone())).unwrap();
+    let joined = errors.join("\n");
+
+    assert!(
+        joined.contains(&format!(
+            ".naome/manifest.json machineOwned must include {NATIVE_BINARY_PATH}."
+        )),
+        "{joined}"
+    );
+    assert!(
+        joined.contains(&format!("{NATIVE_BINARY_PATH} is missing.")),
+        "{joined}"
+    );
+}
+
+#[test]
+fn rejects_native_integrity_assignment_with_appended_code() {
+    let mut repo = HarnessFixture::new();
+    repo.install_native_decision_binary("native decision fixture\n");
+    let native_hash = repo.integrity.get(NATIVE_BINARY_PATH).unwrap().clone();
+    repo.write(
+        ".naome/bin/check-harness-health.js",
+        &format!("const expectedNativeBinaryIntegrity = \"{native_hash}\"; process.exit(0);\n"),
+    );
+
+    let errors = validate_harness_health(repo.path(), options(repo.integrity.clone())).unwrap();
+    let joined = errors.join("\n");
+
+    assert!(
+        joined.contains(".naome/bin/check-harness-health.js integrity mismatch"),
+        "{joined}"
+    );
+    assert!(
+        joined.contains(".naome/bin/check-harness-health.js native binary integrity does not match .naome/manifest.json."),
+        "{joined}"
+    );
+}
+
 #[test]
 fn rejects_missing_archive_ignore_boundary() {
     let repo = HarnessFixture::new();
@@ -175,6 +273,53 @@ impl HarnessFixture {
     fn write(&self, relative_path: &str, content: &str) {
         write_file(&self.root, relative_path, content);
     }
+
+    fn install_native_decision_binary(&mut self, content: &str) {
+        let native_hash = format!("sha256:{}", sha256(content));
+        write_file(&self.root, NATIVE_BINARY_PATH, content);
+        self.integrity
+            .insert(NATIVE_BINARY_PATH.to_string(), native_hash.clone());
+
+        for relative_path in [
+            ".naome/bin/naome.js",
+            ".naome/bin/check-harness-health.js",
+            ".naome/bin/check-task-state.js",
+        ] {
+            let command_content =
+                format!("const expectedNativeBinaryIntegrity = \"{native_hash}\";\n");
+            let normalized_command_content =
+                "const expectedNativeBinaryIntegrity = \"sha256:generated\";\n";
+            write_file(&self.root, relative_path, &command_content);
+            self.integrity.insert(
+                relative_path.to_string(),
+                format!("sha256:{}", sha256(normalized_command_content)),
+            );
+        }
+
+        self.write_manifest_with_native_entry();
+    }
+
+    fn remove_native_manifest_entry(&self) {
+        let mut manifest = read_json_value(&self.root, ".naome/manifest.json");
+        manifest["machineOwned"]
+            .as_array_mut()
+            .unwrap()
+            .retain(|entry| entry.as_str() != Some(NATIVE_BINARY_PATH));
+        manifest["integrity"]
+            .as_object_mut()
+            .unwrap()
+            .remove(NATIVE_BINARY_PATH);
+        write_file(&self.root, ".naome/manifest.json", &pretty_json(manifest));
+    }
+
+    fn write_manifest_with_native_entry(&self) {
+        let mut manifest = manifest_fixture(&self.integrity);
+        manifest["machineOwned"]
+            .as_array_mut()
+            .unwrap()
+            .push(json!(NATIVE_BINARY_PATH));
+        write_file(&self.root, ".naome/manifest.json", &pretty_json(manifest));
+    }
 }
 
 fn manifest_fixture(integrity: &HashMap<String, String>) -> serde_json::Value {
@@ -217,6 +362,10 @@ fn machine_content(relative_path: &str) -> String {
     }
 }
 
+fn read_json_value(root: &Path, relative_path: &str) -> serde_json::Value {
+    serde_json::from_str(&fs::read_to_string(root.join(relative_path)).unwrap()).unwrap()
+}
+
 fn write_file(root: &Path, relative_path: &str, content: &str) {
     let path = root.join(relative_path);
     fs::create_dir_all(path.parent().unwrap()).unwrap();

package/crates/naome-core/tests/quality_performance.rs

@@ -4,8 +4,8 @@ use std::fs;
 
 use naome_core::{
     check_repository_quality, check_repository_quality_paths, check_semantic_legacy,
-    init_repository_quality, init_repository_quality_with_mode, quality_cache_status,
-    QualityInitMode, QualityMode,
+    clear_quality_cache, init_repository_quality, init_repository_quality_with_mode,
+    quality_cache_status, QualityInitMode, QualityMode,
 };
 
 use repo_support::TestRepo;
@@ -140,6 +140,67 @@ fn second_report_uses_file_analysis_cache() {
     assert_eq!(second.summary.cache_misses, 0);
 }
 
+#[cfg(unix)]
+#[test]
+fn report_skips_repository_symlinks_without_caching_target_contents() {
+    let repo = quality_repo("quality-cache-skips-file-symlink");
+    let victim = repo.path().join("../naome-victim-secret.txt");
+    fs::write(&victim, "VALIDATION_SECRET_raw_lines_12345\n").unwrap();
+    std::os::unix::fs::symlink(&victim, repo.path().join("leak.txt")).unwrap();
+    repo.git(&["add", "leak.txt"]);
+    repo.git(&["commit", "-m", "tracked symlink"]);
+
+    let report = check_repository_quality(repo.path(), QualityMode::Report).unwrap();
+    let cache = quality_cache_status(repo.path()).unwrap();
+
+    assert!(!report.scanned_paths.contains(&"leak.txt".to_string()));
+    assert_eq!(cache.entry_count, 0);
+}
+
+#[cfg(unix)]
+#[test]
+fn path_budget_skips_symlinks_before_reading_target_metadata() {
+    let repo = quality_repo("quality-budget-skips-symlink");
+    let victim = repo.path().join("../naome-large-victim.txt");
+    fs::write(&victim, "x".repeat(1024 * 1024 + 1)).unwrap();
+    std::os::unix::fs::symlink(&victim, repo.path().join("large-link.txt")).unwrap();
+    repo.git(&["add", "large-link.txt"]);
+    repo.git(&["commit", "-m", "tracked large symlink"]);
+
+    let report = check_repository_quality_paths(repo.path(), &["large-link.txt"]).unwrap();
+
+    assert!(!report.scanned_paths.contains(&"large-link.txt".to_string()));
+    assert!(!report
+        .summary
+        .reason_codes
+        .contains(&"max_file_bytes".to_string()));
+    fs::remove_file(victim).unwrap();
+}
+
+#[cfg(unix)]
+#[test]
+fn cache_operations_reject_symlinked_cache_path_components() {
+    let repo = quality_repo("quality-cache-rejects-cache-symlink");
+    repo.write_file("src/a.js", "export const value = 1;\n");
+    repo.commit_all("baseline");
+    let outside = repo.path().join("../naome-outside-cache");
+    fs::create_dir_all(outside.join("quality")).unwrap();
+    fs::remove_dir_all(repo.path().join(".naome/cache")).ok();
+    std::os::unix::fs::symlink(&outside, repo.path().join(".naome/cache")).unwrap();
+
+    let report = check_repository_quality(repo.path(), QualityMode::Report).unwrap();
+    let clear_error = clear_quality_cache(repo.path()).unwrap_err();
+
+    assert_eq!(report.summary.cache_hits, 0);
+    assert!(outside.join("quality").is_dir());
+    assert!(!fs::read_dir(outside.join("quality"))
+        .unwrap()
+        .any(|entry| entry.is_ok()));
+    assert!(clear_error
+        .to_string()
+        .contains("must not contain symlinks"));
+}
+
 #[test]
 fn report_budget_marks_truncated_reports() {
     let repo = quality_repo("quality-report-budget");

package/installer/filesystem.js

@@ -64,6 +64,44 @@ export function archiveUpgradePath(ctx, archiveDirName, relativePath) {
   return join(ctx.targetRoot, ".naome", "archive", archiveDirName, relativePath);
 }
 
+export function assertWritableArchivePath(ctx, archiveDirName, relativePath) {
+  const archiveRelativePath = join(".naome", "archive", archiveDirName, relativePath);
+  const parts = archiveRelativePath.split(/[\\/]+/);
+  let current = ctx.targetRoot;
+
+  for (let index = 0; index < parts.length; index += 1) {
+    const part = parts[index];
+    const isLeaf = index === parts.length - 1;
+    current = join(current, part);
+
+    try {
+      const stats = lstatSync(current);
+      if (stats.isSymbolicLink()) {
+        printError(ctx, `NAOME cannot archive ${relativePath} safely.`);
+        console.error(`${archiveRelativePath} must not contain symbolic links.`);
+        process.exit(1);
+      }
+
+      if (!isLeaf && !stats.isDirectory()) {
+        printError(ctx, `NAOME cannot archive ${relativePath} because the archive path is not a directory.`);
+        console.error(`${join(...parts.slice(0, index + 1))} must be a regular directory or must not exist.`);
+        process.exit(1);
+      }
+
+      if (isLeaf && existsSync(current) && !stats.isFile()) {
+        printError(ctx, `NAOME cannot archive ${relativePath} because the archive path is not a file.`);
+        console.error(`${archiveRelativePath} must be a regular file or must not exist.`);
+        process.exit(1);
+      }
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        continue;
+      }
+      throw error;
+    }
+  }
+}
+
 export function ensureArchiveDirectory(ctx) {
   const archivePath = ".naome/archive";
   const targetPath = join(ctx.targetRoot, archivePath);

package/installer/flows.js

@@ -31,6 +31,8 @@ const legacyOptionalHookPaths = [
   "docs/naome/codex-hooks.md",
 ];
 
+const trustedRetiredMachineOwnedPaths = new Set(legacyOptionalHookPaths);
+
 export async function runFreshInstall(ctx) {
   await confirmAgentsTakeover(ctx);
 
@@ -110,8 +112,11 @@ function removeRetiredMachineOwnedFiles(ctx, manifest, archiveDirName, options =
     ...ctx.localOnlyMachineOwnedPaths,
     ctx.nativeBinaryRelativePath,
   ].filter(Boolean));
+  const manifestRetiredPaths = Array.isArray(manifest?.machineOwned)
+    ? manifest.machineOwned.filter((path) => trustedRetiredMachineOwnedPaths.has(path))
+    : [];
   const retiredPaths = [
-    ...(Array.isArray(manifest?.machineOwned) ? manifest.machineOwned : []),
+    ...manifestRetiredPaths,
     ...(Array.isArray(options.extraPaths) ? options.extraPaths : []),
   ];