@litmers/cursorflow-orchestrator 0.1.18 → 0.1.20

package/src/cli/run.ts

@@ -9,6 +9,7 @@ import { orchestrate } from '../core/orchestrator';
 import { getLogsDir, loadConfig } from '../utils/config';
 import { runDoctor, getDoctorStatus } from '../utils/doctor';
 import { areCommandsInstalled, setupCommands } from './setup-commands';
+import { safeJoin } from '../utils/path';
 
 interface RunOptions {
   tasksDir?: string;
@@ -90,8 +91,8 @@ async function run(args: string[]): Promise<void> {
     path.isAbsolute(options.tasksDir)
       ? options.tasksDir
       : (fs.existsSync(options.tasksDir)
-        ? path.resolve(process.cwd(), options.tasksDir)
-        : path.join(config.projectRoot, options.tasksDir));
+        ? path.resolve(process.cwd(), options.tasksDir) // nosemgrep
+        : safeJoin(config.projectRoot, options.tasksDir));
 
   if (!fs.existsSync(tasksDir)) {
     throw new Error(`Tasks directory not found: ${tasksDir}`);

package/src/cli/signal.ts

@@ -9,6 +9,7 @@ import * as fs from 'fs';
 import * as logger from '../utils/logger';
 import { loadConfig, getLogsDir } from '../utils/config';
 import { appendLog, createConversationEntry } from '../utils/state';
+import { safeJoin } from '../utils/path';
 
 interface SignalOptions {
   lane: string | null;
@@ -51,7 +52,7 @@ function parseArgs(args: string[]): SignalOptions {
 }
 
 function findLatestRunDir(logsDir: string): string | null {
-  const runsDir = path.join(logsDir, 'runs');
+  const runsDir = safeJoin(logsDir, 'runs');
   if (!fs.existsSync(runsDir)) return null;
   
   const runs = fs.readdirSync(runsDir)
@@ -59,7 +60,7 @@ function findLatestRunDir(logsDir: string): string | null {
     .sort()
     .reverse();
     
-  return runs.length > 0 ? path.join(runsDir, runs[0]!) : null;
+  return runs.length > 0 ? safeJoin(runsDir, runs[0]!) : null;
 }
 
 async function signal(args: string[]): Promise<void> {
@@ -86,14 +87,14 @@ async function signal(args: string[]): Promise<void> {
     throw new Error(`Run directory not found: ${runDir || 'latest'}`);
   }
 
-  const laneDir = path.join(runDir, 'lanes', options.lane);
+  const laneDir = safeJoin(runDir, 'lanes', options.lane);
   if (!fs.existsSync(laneDir)) {
     throw new Error(`Lane directory not found: ${laneDir}`);
   }
 
   // Case 1: Timeout update
   if (options.timeout !== null) {
-    const timeoutPath = path.join(laneDir, 'timeout.txt');
+    const timeoutPath = safeJoin(laneDir, 'timeout.txt');
     fs.writeFileSync(timeoutPath, String(options.timeout));
     logger.success(`Timeout update signal sent to ${options.lane}: ${options.timeout}ms`);
     return;
@@ -101,8 +102,8 @@ async function signal(args: string[]): Promise<void> {
 
   // Case 2: Intervention message
   if (options.message) {
-    const interventionPath = path.join(laneDir, 'intervention.txt');
-    const convoPath = path.join(laneDir, 'conversation.jsonl');
+    const interventionPath = safeJoin(laneDir, 'intervention.txt');
+    const convoPath = safeJoin(laneDir, 'conversation.jsonl');
     
     logger.info(`Sending signal to lane: ${options.lane}`);
     logger.info(`Message: "${options.message}"`);

package/src/core/orchestrator.ts

@@ -9,13 +9,14 @@ import * as path from 'path';
 import { spawn, ChildProcess } from 'child_process';
 
 import * as logger from '../utils/logger';
-import { loadState } from '../utils/state';
+import { loadState, saveState, createLaneState } from '../utils/state';
 import { LaneState, RunnerConfig, WebhookConfig, DependencyRequestPlan, EnhancedLogConfig } from '../utils/types';
 import { events } from '../utils/events';
 import { registerWebhooks } from '../utils/webhook';
 import { loadConfig, getLogsDir } from '../utils/config';
 import * as git from '../utils/git';
 import { execSync } from 'child_process';
+import { safeJoin } from '../utils/path';
 import { 
   EnhancedLogManager, 
   createLogManager, 
@@ -23,6 +24,7 @@ import {
   ParsedMessage,
   stripAnsi
 } from '../utils/enhanced-logger';
+import { formatMessageForConsole } from '../utils/log-formatter';
 
 export interface LaneInfo {
   name: string;
@@ -47,6 +49,7 @@ export function spawnLane({
   executor, 
   startIndex = 0, 
   pipelineBranch,
+  worktreeDir,
   enhancedLogConfig,
   noGit = false,
 }: { 
@@ -56,6 +59,7 @@ export function spawnLane({
   executor: string; 
   startIndex?: number;
   pipelineBranch?: string;
+  worktreeDir?: string;
   enhancedLogConfig?: Partial<EnhancedLogConfig>;
   noGit?: boolean;
 }): SpawnLaneResult {
@@ -75,6 +79,10 @@ export function spawnLane({
   if (pipelineBranch) {
     args.push('--pipeline-branch', pipelineBranch);
   }
+
+  if (worktreeDir) {
+    args.push('--worktree-dir', worktreeDir);
+  }
   
   if (noGit) {
     args.push('--no-git');
@@ -94,85 +102,11 @@ export function spawnLane({
   if (logConfig.enabled) {
     // Create callback for clean console output
     const onParsedMessage = (msg: ParsedMessage) => {
-      // Print a clean, colored version of the message to the console
-      const ts = new Date(msg.timestamp).toLocaleTimeString('en-US', { hour12: false });
-      const laneLabel = `[${laneName}]`.padEnd(12);
-      
-      let prefix = '';
-      let content = msg.content;
-      
-      switch (msg.type) {
-        case 'user':
-          prefix = `${logger.COLORS.cyan}🧑 USER${logger.COLORS.reset}`;
-          // No truncation for user prompt to ensure full command visibility
-          content = content.replace(/\n/g, ' ');
-          break;
-        case 'assistant':
-          prefix = `${logger.COLORS.green}🤖 ASST${logger.COLORS.reset}`;
-          break;
-        case 'tool':
-          prefix = `${logger.COLORS.yellow}🔧 TOOL${logger.COLORS.reset}`;
-          // Simplify tool call: [Tool: read_file] {"target_file":"..."} -> read_file(target_file: ...)
-          const toolMatch = content.match(/\[Tool: ([^\]]+)\] (.*)/);
-          if (toolMatch) {
-            const [, name, args] = toolMatch;
-            try {
-              const parsedArgs = JSON.parse(args!);
-              let argStr = '';
-              
-              if (name === 'read_file' && parsedArgs.target_file) {
-                argStr = parsedArgs.target_file;
-              } else if (name === 'run_terminal_cmd' && parsedArgs.command) {
-                argStr = parsedArgs.command;
-              } else if (name === 'write' && parsedArgs.file_path) {
-                argStr = parsedArgs.file_path;
-              } else if (name === 'search_replace' && parsedArgs.file_path) {
-                argStr = parsedArgs.file_path;
-              } else {
-                // Generic summary for other tools
-                const keys = Object.keys(parsedArgs);
-                if (keys.length > 0) {
-                  argStr = String(parsedArgs[keys[0]]).substring(0, 50);
-                }
-              }
-              content = `${logger.COLORS.bold}${name}${logger.COLORS.reset}(${argStr})`;
-            } catch {
-              content = `${logger.COLORS.bold}${name}${logger.COLORS.reset}: ${args}`;
-            }
-          }
-          break;
-        case 'tool_result':
-          prefix = `${logger.COLORS.gray}📄 RESL${logger.COLORS.reset}`;
-          // Simplify tool result: [Tool Result: read_file] ... -> read_file OK
-          const resMatch = content.match(/\[Tool Result: ([^\]]+)\]/);
-          content = resMatch ? `${resMatch[1]} OK` : 'result';
-          break;
-        case 'result':
-          prefix = `${logger.COLORS.green}✅ DONE${logger.COLORS.reset}`;
-          break;
-        case 'system':
-          prefix = `${logger.COLORS.gray}⚙️  SYS${logger.COLORS.reset}`;
-          break;
-        case 'thinking':
-          prefix = `${logger.COLORS.gray}🤔 THNK${logger.COLORS.reset}`;
-          break;
-      }
-      
-      if (prefix) {
-        const lines = content.split('\n');
-        const tsPrefix = `${logger.COLORS.gray}[${ts}]${logger.COLORS.reset} ${logger.COLORS.magenta}${laneLabel}${logger.COLORS.reset}`;
-        
-        if (msg.type === 'user' || msg.type === 'assistant' || msg.type === 'result' || msg.type === 'thinking') {
-          const header = `${prefix} ┌${'─'.repeat(60)}`;
-          process.stdout.write(`${tsPrefix} ${header}\n`);
-          for (const line of lines) {
-            process.stdout.write(`${tsPrefix} ${' '.repeat(stripAnsi(prefix).length)} │ ${line}\n`);
-          }
-          process.stdout.write(`${tsPrefix} ${' '.repeat(stripAnsi(prefix).length)} └${'─'.repeat(60)}\n`);
-        } else {
-          process.stdout.write(`${tsPrefix} ${prefix} ${content}\n`);
-        }
-      }
+      const formatted = formatMessageForConsole(msg, { 
+        laneLabel: `[${laneName}]`,
+        includeTimestamp: true 
+      });
+      process.stdout.write(formatted + '\n');
     };
 
     logManager = createLogManager(laneRunDir, laneName, logConfig, onParsedMessage);
@@ -242,7 +176,7 @@ export function spawnLane({
     });
   } else {
     // Fallback to simple file logging
-    logPath = path.join(laneRunDir, 'terminal.log');
+    logPath = safeJoin(laneRunDir, 'terminal.log');
     const logFd = fs.openSync(logPath, 'a');
     
     child = spawn('node', args, {
@@ -289,7 +223,7 @@ export function listLaneFiles(tasksDir: string): LaneInfo[] {
     .filter(f => f.endsWith('.json'))
     .sort()
     .map(f => {
-      const filePath = path.join(tasksDir, f);
+      const filePath = safeJoin(tasksDir, f);
       const name = path.basename(f, '.json');
       let dependsOn: string[] = [];
       
@@ -316,7 +250,7 @@ export function printLaneStatus(lanes: LaneInfo[], laneRunDirs: Record<string, s
     const dir = laneRunDirs[lane.name];
     if (!dir) return { lane: lane.name, status: '(unknown)', task: '-' };
     
-    const statePath = path.join(dir, 'state.json');
+    const statePath = safeJoin(dir, 'state.json');
     const state = loadState<LaneState>(statePath);
     
     if (!state) {
@@ -364,9 +298,9 @@ async function resolveAllDependencies(
 
   // 2. Setup a temporary worktree for resolution if needed, or use the first available one
   const firstLaneName = Array.from(blockedLanes.keys())[0]!;
-  const statePath = path.join(laneRunDirs[firstLaneName]!, 'state.json');
+  const statePath = safeJoin(laneRunDirs[firstLaneName]!, 'state.json');
   const state = loadState<LaneState>(statePath);
-  const worktreeDir = state?.worktreeDir || path.join(runRoot, 'resolution-worktree');
+  const worktreeDir = state?.worktreeDir || safeJoin(runRoot, 'resolution-worktree');
 
   if (!fs.existsSync(worktreeDir)) {
     logger.info(`Creating resolution worktree at ${worktreeDir}`);
@@ -405,7 +339,7 @@ async function resolveAllDependencies(
     const laneDir = laneRunDirs[lane.name];
     if (!laneDir) continue;
 
-    const laneState = loadState<LaneState>(path.join(laneDir, 'state.json'));
+    const laneState = loadState<LaneState>(safeJoin(laneDir, 'state.json'));
     if (!laneState || laneState.status === 'completed' || laneState.status === 'failed') continue;
 
     // Merge pipelineBranch into the lane's current task branch
@@ -465,8 +399,8 @@ export async function orchestrate(tasksDir: string, options: {
   const runId = `run-${Date.now()}`;
   // Use absolute path for runRoot to avoid issues with subfolders
   const runRoot = options.runDir 
-    ? (path.isAbsolute(options.runDir) ? options.runDir : path.resolve(process.cwd(), options.runDir))
-    : path.join(logsDir, 'runs', runId);
+    ? (path.isAbsolute(options.runDir) ? options.runDir : path.resolve(process.cwd(), options.runDir)) // nosemgrep
+    : safeJoin(logsDir, 'runs', runId);
   
   fs.mkdirSync(runRoot, { recursive: true });
 
@@ -499,9 +433,45 @@ export async function orchestrate(tasksDir: string, options: {
   }
   
   const laneRunDirs: Record<string, string> = {};
+  const laneWorktreeDirs: Record<string, string> = {};
+  const repoRoot = git.getRepoRoot();
+  
   for (const lane of lanes) {
-    laneRunDirs[lane.name] = path.join(runRoot, 'lanes', lane.name);
-    fs.mkdirSync(laneRunDirs[lane.name], { recursive: true });
+    laneRunDirs[lane.name] = safeJoin(runRoot, 'lanes', lane.name);
+    fs.mkdirSync(laneRunDirs[lane.name]!, { recursive: true });
+    
+    // Create initial state for ALL lanes so resume can find them even if they didn't start
+    try {
+      const taskConfig = JSON.parse(fs.readFileSync(lane.path, 'utf8')) as RunnerConfig;
+      
+      // Calculate unique branch and worktree for this lane
+      const lanePipelineBranch = `${pipelineBranch}/${lane.name}`;
+      
+      // Use a flat worktree directory name to avoid race conditions in parent directory creation
+      // repoRoot/_cursorflow/worktrees/cursorflow-run-xxx-lane-name
+      const laneWorktreeDir = safeJoin(
+        repoRoot, 
+        taskConfig.worktreeRoot || '_cursorflow/worktrees', 
+        lanePipelineBranch.replace(/\//g, '-')
+      );
+      
+      // Ensure the parent directory exists before spawning the runner
+      // to avoid race conditions in git worktree add or fs operations
+      const worktreeParent = path.dirname(laneWorktreeDir);
+      if (!fs.existsSync(worktreeParent)) {
+        fs.mkdirSync(worktreeParent, { recursive: true });
+      }
+      
+      laneWorktreeDirs[lane.name] = laneWorktreeDir;
+      
+      const initialState = createLaneState(lane.name, taskConfig, lane.path, {
+        pipelineBranch: lanePipelineBranch,
+        worktreeDir: laneWorktreeDir
+      });
+      saveState(safeJoin(laneRunDirs[lane.name]!, 'state.json'), initialState);
+    } catch (e) {
+      logger.warn(`Failed to create initial state for lane ${lane.name}: ${e}`);
+    }
   }
   
   logger.section('🧭 Starting Orchestration');
@@ -575,6 +545,7 @@ export async function orchestrate(tasksDir: string, options: {
         executor: options.executor || 'cursor-agent',
         startIndex: lane.startIndex,
         pipelineBranch: `${pipelineBranch}/${lane.name}`,
+        worktreeDir: laneWorktreeDirs[lane.name],
         enhancedLogConfig: options.enhancedLogging,
         noGit: options.noGit,
       });
@@ -607,7 +578,7 @@ export async function orchestrate(tasksDir: string, options: {
         });
       } else if (finished.code === 2) {
         // Blocked by dependency
-        const statePath = path.join(laneRunDirs[finished.name]!, 'state.json');
+        const statePath = safeJoin(laneRunDirs[finished.name]!, 'state.json');
         const state = loadState<LaneState>(statePath);
         
         if (state && state.dependencyRequest) {

package/src/core/runner.ts

@@ -16,6 +16,7 @@ import { events } from '../utils/events';
 import { loadConfig } from '../utils/config';
 import { registerWebhooks } from '../utils/webhook';
 import { runReviewLoop } from './reviewer';
+import { safeJoin } from '../utils/path';
 import { 
   RunnerConfig, 
   Task, 
@@ -239,7 +240,7 @@ export async function cursorAgentSend({ workspaceDir, chatId, prompt, model, sig
     // Save PID to state if possible (avoid TOCTOU by reading directly)
     if (child.pid && signalDir) {
       try {
-        const statePath = path.join(signalDir, 'state.json');
+        const statePath = safeJoin(signalDir, 'state.json');
         // Read directly without existence check to avoid race condition
         const state = JSON.parse(fs.readFileSync(statePath, 'utf8'));
         state.pid = child.pid;
@@ -474,7 +475,7 @@ export function applyDependencyFilePermissions(worktreeDir: string, policy: Depe
   }
   
   for (const file of targets) {
-    const filePath = path.join(worktreeDir, file);
+    const filePath = safeJoin(worktreeDir, file);
     if (!fs.existsSync(filePath)) continue;
     
     try {
@@ -507,7 +508,7 @@ export async function waitForTaskDependencies(deps: string[], runDir: string): P
         continue;
       }
 
-      const depStatePath = path.join(lanesRoot, laneName, 'state.json');
+      const depStatePath = safeJoin(lanesRoot, laneName, 'state.json');
       if (fs.existsSync(depStatePath)) {
         try {
           const state = JSON.parse(fs.readFileSync(depStatePath, 'utf8')) as LaneState;
@@ -540,7 +541,7 @@ export async function mergeDependencyBranches(deps: string[], runDir: string, wo
   const lanesToMerge = new Set(deps.map(d => d.split(':')[0]!));
 
   for (const laneName of lanesToMerge) {
-    const depStatePath = path.join(lanesRoot, laneName, 'state.json');
+    const depStatePath = safeJoin(lanesRoot, laneName, 'state.json');
     if (!fs.existsSync(depStatePath)) continue;
 
     try {
@@ -589,7 +590,7 @@ export async function runTask({
 }): Promise<TaskExecutionResult> {
   const model = task.model || config.model || 'sonnet-4.5';
   const timeout = task.timeout || config.timeout;
-  const convoPath = path.join(runDir, 'conversation.jsonl');
+  const convoPath = safeJoin(runDir, 'conversation.jsonl');
   
   logger.section(`[${index + 1}/${config.tasks.length}] ${task.name}`);
   logger.info(`Model: ${model}`);
@@ -781,7 +782,7 @@ export async function runTasks(tasksFile: string, config: RunnerConfig, runDir:
   const repoRoot = noGit ? process.cwd() : git.getRepoRoot();
   
   // Load existing state if resuming
-  const statePath = path.join(runDir, 'state.json');
+  const statePath = safeJoin(runDir, 'state.json');
   let state: LaneState | null = null;
   
   if (fs.existsSync(statePath)) {
@@ -794,10 +795,12 @@ export async function runTasks(tasksFile: string, config: RunnerConfig, runDir:
   
   const randomSuffix = Math.random().toString(36).substring(2, 7);
   const pipelineBranch = state?.pipelineBranch || config.pipelineBranch || `${config.branchPrefix || 'cursorflow/'}${Date.now().toString(36)}-${randomSuffix}`;
+  
   // In noGit mode, use a simple local directory instead of worktree
-  const worktreeDir = state?.worktreeDir || (noGit 
-    ? path.join(repoRoot, config.worktreeRoot || '_cursorflow/workdir', pipelineBranch.replace(/\//g, '-'))
-    : path.join(repoRoot, config.worktreeRoot || '_cursorflow/worktrees', pipelineBranch));
+  // Flatten the path by replacing slashes with hyphens to avoid race conditions in parent directory creation
+  const worktreeDir = state?.worktreeDir || config.worktreeDir || (noGit 
+    ? safeJoin(repoRoot, config.worktreeRoot || '_cursorflow/workdir', pipelineBranch.replace(/\//g, '-'))
+    : safeJoin(repoRoot, config.worktreeRoot || '_cursorflow/worktrees', pipelineBranch.replace(/\//g, '-')));
   
   if (startIndex === 0) {
     logger.section('🚀 Starting Pipeline');
@@ -816,10 +819,37 @@ export async function runTasks(tasksFile: string, config: RunnerConfig, runDir:
       logger.info(`Creating work directory: ${worktreeDir}`);
       fs.mkdirSync(worktreeDir, { recursive: true });
     } else {
-      git.createWorktree(worktreeDir, pipelineBranch, { 
-        baseBranch: config.baseBranch || 'main',
-        cwd: repoRoot,
-      });
+      // Use a simple retry mechanism for Git worktree creation to handle potential race conditions
+      let retries = 3;
+      let lastError: Error | null = null;
+      
+      while (retries > 0) {
+        try {
+          // Ensure parent directory exists before calling git worktree
+          const worktreeParent = path.dirname(worktreeDir);
+          if (!fs.existsSync(worktreeParent)) {
+            fs.mkdirSync(worktreeParent, { recursive: true });
+          }
+
+          git.createWorktree(worktreeDir, pipelineBranch, { 
+            baseBranch: config.baseBranch || 'main',
+            cwd: repoRoot,
+          });
+          break; // Success
+        } catch (e: any) {
+          lastError = e;
+          retries--;
+          if (retries > 0) {
+            const delay = Math.floor(Math.random() * 1000) + 500;
+            logger.warn(`Worktree creation failed, retrying in ${delay}ms... (${retries} retries left)`);
+            await new Promise(resolve => setTimeout(resolve, delay));
+          }
+        }
+      }
+      
+      if (retries === 0 && lastError) {
+        throw new Error(`Failed to create Git worktree after retries: ${lastError.message}`);
+      }
     }
   } else if (!noGit) {
     // If it exists but we are in Git mode, ensure it's actually a worktree and on the right branch
@@ -858,6 +888,9 @@ export async function runTasks(tasksFile: string, config: RunnerConfig, runDir:
     state.status = 'running';
     state.error = null;
     state.dependencyRequest = null;
+    state.pipelineBranch = pipelineBranch;
+    state.worktreeDir = worktreeDir;
+    state.label = state.label || pipelineBranch;
     state.dependsOn = config.dependsOn || [];
     state.completedTasks = state.completedTasks || [];
   }
@@ -872,8 +905,8 @@ export async function runTasks(tasksFile: string, config: RunnerConfig, runDir:
     const lanesRoot = path.dirname(runDir);
     
     for (const depName of config.dependsOn) {
-      const depRunDir = path.join(lanesRoot, depName);
-      const depStatePath = path.join(depRunDir, 'state.json');
+      const depRunDir = path.join(lanesRoot, depName); // nosemgrep
+      const depStatePath = path.join(depRunDir, 'state.json'); // nosemgrep
       
       if (!fs.existsSync(depStatePath)) {
         logger.warn(`Dependency state not found for ${depName} at ${depStatePath}`);
@@ -919,8 +952,8 @@ export async function runTasks(tasksFile: string, config: RunnerConfig, runDir:
     const lanesRoot = path.dirname(runDir);
     
     for (const depName of config.dependsOn) {
-      const depRunDir = path.join(lanesRoot, depName);
-      const depStatePath = path.join(depRunDir, 'state.json');
+      const depRunDir = safeJoin(lanesRoot, depName);
+      const depStatePath = safeJoin(depRunDir, 'state.json');
       
       if (!fs.existsSync(depStatePath)) {
         continue;
@@ -939,8 +972,8 @@ export async function runTasks(tasksFile: string, config: RunnerConfig, runDir:
             for (const entry of entries) {
               if (entry.name === '.git' || entry.name === '_cursorflow' || entry.name === 'node_modules') continue;
               
-              const srcPath = path.join(src, entry.name);
-              const destPath = path.join(dest, entry.name);
+              const srcPath = safeJoin(src, entry.name);
+              const destPath = safeJoin(dest, entry.name);
               
               if (entry.isDirectory()) {
                 copyFiles(srcPath, destPath);
@@ -1072,7 +1105,7 @@ export async function runTasks(tasksFile: string, config: RunnerConfig, runDir:
         
         if (entry.isDirectory()) {
           stats.dirs++;
-          const sub = getFileSummary(path.join(dir, entry.name));
+          const sub = getFileSummary(safeJoin(dir, entry.name));
           stats.files += sub.files;
           stats.dirs += sub.dirs;
         } else {
@@ -1114,11 +1147,13 @@ if (require.main === module) {
   const runDirIdx = args.indexOf('--run-dir');
   const startIdxIdx = args.indexOf('--start-index');
   const pipelineBranchIdx = args.indexOf('--pipeline-branch');
+  const worktreeDirIdx = args.indexOf('--worktree-dir');
   const noGit = args.includes('--no-git');
   
   const runDir = runDirIdx >= 0 ? args[runDirIdx + 1]! : '.';
   const startIndex = startIdxIdx >= 0 ? parseInt(args[startIdxIdx + 1] || '0') : 0;
   const forcedPipelineBranch = pipelineBranchIdx >= 0 ? args[pipelineBranchIdx + 1] : null;
+  const forcedWorktreeDir = worktreeDirIdx >= 0 ? args[worktreeDirIdx + 1] : null;
 
   // Extract runId from runDir (format: .../runs/run-123/lanes/lane-name)
   const parts = runDir.split(path.sep);
@@ -1150,6 +1185,9 @@ if (require.main === module) {
     if (forcedPipelineBranch) {
       config.pipelineBranch = forcedPipelineBranch;
     }
+    if (forcedWorktreeDir) {
+      config.worktreeDir = forcedWorktreeDir;
+    }
   } catch (error: any) {
     console.error(`Failed to load tasks file: ${error.message}`);
     process.exit(1);

package/src/utils/config.ts

@@ -7,6 +7,7 @@
 import * as path from 'path';
 import * as fs from 'fs';
 import { CursorFlowConfig } from './types';
+import { safeJoin } from './path';
 export { CursorFlowConfig };
 
 /**
@@ -16,8 +17,8 @@ export function findProjectRoot(cwd = process.cwd()): string {
   let current = cwd;
   
   while (current !== path.parse(current).root) {
-    const packagePath = path.join(current, 'package.json');
-    const configPath = path.join(current, 'cursorflow.config.js');
+    const packagePath = safeJoin(current, 'package.json');
+    const configPath = safeJoin(current, 'cursorflow.config.js');
     
     if (fs.existsSync(packagePath) || fs.existsSync(configPath)) {
       return current;
@@ -36,7 +37,7 @@ export function loadConfig(projectRoot: string | null = null): CursorFlowConfig
     projectRoot = findProjectRoot();
   }
   
-  const configPath = path.join(projectRoot, 'cursorflow.config.js');
+  const configPath = safeJoin(projectRoot, 'cursorflow.config.js');
   
   // Default configuration
   const defaults: CursorFlowConfig = {
@@ -114,14 +115,14 @@ export function loadConfig(projectRoot: string | null = null): CursorFlowConfig
  * Get absolute path for tasks directory
  */
 export function getTasksDir(config: CursorFlowConfig): string {
-  return path.join(config.projectRoot, config.tasksDir);
+  return safeJoin(config.projectRoot, config.tasksDir);
 }
 
 /**
  * Get absolute path for logs directory
  */
 export function getLogsDir(config: CursorFlowConfig): string {
-  return path.join(config.projectRoot, config.logsDir);
+  return safeJoin(config.projectRoot, config.logsDir);
 }
 
 /**
@@ -157,7 +158,7 @@ export function validateConfig(config: CursorFlowConfig): boolean {
  * Create default config file
  */
 export function createDefaultConfig(projectRoot: string, force = false): string {
-  const configPath = path.join(projectRoot, 'cursorflow.config.js');
+  const configPath = safeJoin(projectRoot, 'cursorflow.config.js');
   
   const template = `module.exports = {
   // Directory configuration

package/src/utils/doctor.ts

@@ -18,6 +18,7 @@ import * as path from 'path';
 import * as git from './git';
 import { checkCursorAgentInstalled, checkCursorAuth } from './cursor-agent';
 import { areCommandsInstalled } from '../cli/setup-commands';
+import { safeJoin } from './path';
 
 export type DoctorSeverity = 'error' | 'warn';
 
@@ -149,7 +150,7 @@ function readLaneJsonFiles(tasksDir: string): { path: string; json: any; fileNam
     .readdirSync(tasksDir)
     .filter(f => f.endsWith('.json'))
     .sort()
-    .map(f => path.join(tasksDir, f));
+    .map(f => safeJoin(tasksDir, f));
 
   return files.map(p => {
     const raw = fs.readFileSync(p, 'utf8');
@@ -428,7 +429,7 @@ function checkDiskSpace(dir: string): { ok: boolean; freeBytes?: number; error?:
   const { spawnSync } = require('child_process');
   try {
     // Validate and normalize the directory path to prevent command injection
-    const safePath = path.resolve(dir);
+    const safePath = path.resolve(dir); // nosemgrep
     
     // Use spawnSync instead of execSync to avoid shell interpolation vulnerabilities
     // df -B1 returns bytes. We look for the line corresponding to our directory.
@@ -612,7 +613,7 @@ function validateBranchNames(
 const DOCTOR_STATUS_FILE = '.cursorflow/doctor-status.json';
 
 export function saveDoctorStatus(repoRoot: string, report: DoctorReport): void {
-  const statusPath = path.join(repoRoot, DOCTOR_STATUS_FILE);
+  const statusPath = safeJoin(repoRoot, DOCTOR_STATUS_FILE);
   const statusDir = path.dirname(statusPath);
   
   if (!fs.existsSync(statusDir)) {
@@ -630,7 +631,7 @@ export function saveDoctorStatus(repoRoot: string, report: DoctorReport): void {
 }
 
 export function getDoctorStatus(repoRoot: string): { lastRun: number; ok: boolean; issueCount: number } | null {
-  const statusPath = path.join(repoRoot, DOCTOR_STATUS_FILE);
+  const statusPath = safeJoin(repoRoot, DOCTOR_STATUS_FILE);
   if (!fs.existsSync(statusPath)) return null;
 
   try {
@@ -830,7 +831,7 @@ export function runDoctor(options: DoctorOptions = {}): DoctorReport {
     });
   } else {
     // Advanced check: .gitignore check for worktrees
-    const gitignorePath = path.join(gitCwd, '.gitignore');
+    const gitignorePath = safeJoin(gitCwd, '.gitignore');
     const worktreeDirName = '_cursorflow'; // Default directory name
     if (fs.existsSync(gitignorePath)) {
       const content = fs.readFileSync(gitignorePath, 'utf8');
@@ -853,7 +854,7 @@ export function runDoctor(options: DoctorOptions = {}): DoctorReport {
   if (options.tasksDir) {
     const tasksDirAbs = path.isAbsolute(options.tasksDir)
       ? options.tasksDir
-      : path.resolve(cwd, options.tasksDir);
+      : safeJoin(cwd, options.tasksDir);
     context.tasksDir = tasksDirAbs;
 
     if (!fs.existsSync(tasksDirAbs)) {