@lousy-agents/mcp 3.1.3 → 4.0.0

package/dist/mcp-server.js

@@ -29898,7 +29898,7 @@ function schemas_preprocess(fn, schema) {
 // Zod 3 compat layer
 
 /** @deprecated Use the raw string literal codes instead, e.g. "invalid_type". */
-const ZodIssueCode = (/* unused pure expression or super */ null && ({
+const ZodIssueCode = {
     invalid_type: "invalid_type",
     too_big: "too_big",
     too_small: "too_small",
@@ -29910,7 +29910,7 @@ const ZodIssueCode = (/* unused pure expression or super */ null && ({
     invalid_element: "invalid_element",
     invalid_value: "invalid_value",
     custom: "custom",
-}));
+};
 
 /** @deprecated Use `z.config(params)` instead. */
 function setErrorMap(map) {
@@ -42830,8 +42830,9 @@ var external_node_path_ = __webpack_require__(6760);
 /**
  * Shared file system utilities for gateways.
  */ 
+
 /**
- * Checks if a file or directory exists
+ * Checks if a file or directory exists.
  */ async function file_system_utils_fileExists(path) {
     try {
         await (0,promises_.access)(path);
@@ -42840,6 +42841,65 @@ var external_node_path_ = __webpack_require__(6760);
         return false;
     }
 }
+function isPathWithinRoot(rootPath, candidatePath) {
+    return candidatePath === rootPath || candidatePath.startsWith(`${rootPath}${external_node_path_.sep}`);
+}
+/**
+ * Resolves a relative path under targetDir and rejects traversal outside the root.
+ */ async function resolvePathWithinRoot(targetDir, relativePath) {
+    if (!relativePath) {
+        throw new Error("Path must not be empty");
+    }
+    const rootPath = await (0,promises_.realpath)(targetDir);
+    const resolvedPath = (0,external_node_path_.resolve)(rootPath, relativePath);
+    if (!isPathWithinRoot(rootPath, resolvedPath)) {
+        throw new Error(`Resolved path is outside target directory: ${relativePath}`);
+    }
+    return resolvedPath;
+}
+/**
+ * Ensures existing path segments under targetDir are not symbolic links.
+ */ async function assertPathHasNoSymbolicLinks(targetDir, absolutePath) {
+    const rootPath = await (0,promises_.realpath)(targetDir);
+    if (!isPathWithinRoot(rootPath, absolutePath)) {
+        throw new Error(`Resolved path is outside target directory: ${absolutePath}`);
+    }
+    const relativePath = (0,external_node_path_.relative)(rootPath, absolutePath);
+    if (!relativePath || relativePath === ".") {
+        return;
+    }
+    const segments = relativePath.split(external_node_path_.sep);
+    let currentPath = rootPath;
+    for (const segment of segments){
+        currentPath = (0,external_node_path_.join)(currentPath, segment);
+        try {
+            const stats = await (0,promises_.lstat)(currentPath);
+            if (stats.isSymbolicLink()) {
+                throw new Error(`Path contains symbolic link: ${currentPath}`);
+            }
+        } catch (error) {
+            if (error instanceof Error && "code" in error && error.code === "ENOENT") {
+                return;
+            }
+            throw error;
+        }
+    }
+}
+/**
+ * Resolves a relative path under targetDir and validates it does not pass through symlinks.
+ */ async function file_system_utils_resolveSafePath(targetDir, relativePath) {
+    const resolvedPath = await resolvePathWithinRoot(targetDir, relativePath);
+    await assertPathHasNoSymbolicLinks(targetDir, resolvedPath);
+    return resolvedPath;
+}
+/**
+ * Enforces a maximum file size before reading/parsing.
+ */ async function assertFileSizeWithinLimit(filePath, maxBytes, context) {
+    const fileStats = await (0,promises_.stat)(filePath);
+    if (fileStats.size > maxBytes) {
+        throw new Error(`${context} exceeds size limit (${fileStats.size} bytes > ${maxBytes} bytes)`);
+    }
+}
 
 ;// CONCATENATED MODULE: ../core/src/gateways/agent-file-gateway.ts
 /**
@@ -42859,13 +42919,13 @@ var external_node_path_ = __webpack_require__(6760);
         return fileExists(filePath);
     }
     async ensureAgentsDirectory(targetDir) {
-        const agentsDir = join(targetDir, ".github", "agents");
+        const agentsDir = await resolveSafePath(targetDir, ".github/agents");
         await mkdir(agentsDir, {
             recursive: true
         });
     }
     async writeAgentFile(targetDir, agentName, content) {
-        const filePath = this.getAgentFilePath(targetDir, agentName);
+        const filePath = await resolveSafePath(targetDir, `.github/agents/${agentName}.md`);
         await writeFile(filePath, content, {
             encoding: "utf-8"
         });
@@ -42883,12 +42943,11 @@ var external_node_path_ = __webpack_require__(6760);
  * Handles reading and writing .claude/settings.json and CLAUDE.md files.
  */ 
 
-
 /**
  * File system implementation of ClaudeFileGateway
  */ class FileSystemClaudeFileGateway {
     async readSettings(targetDir) {
-        const settingsPath = (0,external_node_path_.join)(targetDir, ".claude", "settings.json");
+        const settingsPath = await file_system_utils_resolveSafePath(targetDir, ".claude/settings.json");
         if (!await file_system_utils_fileExists(settingsPath)) {
             return null;
         }
@@ -42901,8 +42960,8 @@ var external_node_path_ = __webpack_require__(6760);
         }
     }
     async writeSettings(targetDir, settings) {
-        const claudeDir = (0,external_node_path_.join)(targetDir, ".claude");
-        const settingsPath = (0,external_node_path_.join)(claudeDir, "settings.json");
+        const claudeDir = await file_system_utils_resolveSafePath(targetDir, ".claude");
+        const settingsPath = await file_system_utils_resolveSafePath(targetDir, ".claude/settings.json");
         // Ensure .claude directory exists
         await (0,promises_.mkdir)(claudeDir, {
             recursive: true
@@ -42912,14 +42971,14 @@ var external_node_path_ = __webpack_require__(6760);
         await (0,promises_.writeFile)(settingsPath, content, "utf-8");
     }
     async readDocumentation(targetDir) {
-        const docPath = (0,external_node_path_.join)(targetDir, "CLAUDE.md");
+        const docPath = await file_system_utils_resolveSafePath(targetDir, "CLAUDE.md");
         if (!await file_system_utils_fileExists(docPath)) {
             return null;
         }
         return (0,promises_.readFile)(docPath, "utf-8");
     }
     async writeDocumentation(targetDir, content) {
-        const docPath = (0,external_node_path_.join)(targetDir, "CLAUDE.md");
+        const docPath = await file_system_utils_resolveSafePath(targetDir, "CLAUDE.md");
         // Ensure content has trailing newline
         const normalizedContent = content.endsWith("\n") ? content : `${content}\n`;
         await (0,promises_.writeFile)(docPath, normalizedContent, "utf-8");
@@ -45169,13 +45228,27 @@ async function watchConfig(options) {
 
 //#endregion
 
-;// CONCATENATED MODULE: ../core/src/lib/copilot-setup-config.ts
-/**
- * Configuration for the copilot-setup command.
- * Uses c12 for configuration loading, allowing runtime customization.
- */ 
+;// CONCATENATED MODULE: ../core/src/entities/copilot-setup-config.ts
+/**
+ * Canonical install command per package manager type.
+ * Commands are intentionally fixed to a safe allowlist.
+ */ const PACKAGE_MANAGER_INSTALL_COMMANDS = {
+    npm: "npm ci",
+    yarn: "yarn install --frozen-lockfile",
+    pnpm: "pnpm install --frozen-lockfile",
+    pip: "pip install -r requirements.txt",
+    pipenv: "pipenv install --deploy",
+    poetry: "poetry install --no-root",
+    bundler: "bundle install",
+    cargo: "cargo build",
+    composer: "composer install",
+    maven: "mvn install -DskipTests",
+    gradle: "gradle build -x test",
+    gomod: "go mod download",
+    pub: "dart pub get"
+};
 /**
- * Default version file mappings
+ * Default version file mappings.
  */ const DEFAULT_VERSION_FILES = [
     {
         filename: ".nvmrc",
@@ -45203,7 +45276,7 @@ async function watchConfig(options) {
     }
 ];
 /**
- * Default setup action configurations
+ * Default setup action configurations.
  */ const DEFAULT_SETUP_ACTIONS = [
     {
         action: "actions/setup-node",
@@ -45232,7 +45305,7 @@ async function watchConfig(options) {
     }
 ];
 /**
- * Default setup action patterns to detect in workflows
+ * Default setup action patterns to detect in workflows.
  */ const DEFAULT_SETUP_ACTION_PATTERNS = [
     "actions/setup-node",
     "actions/setup-python",
@@ -45242,112 +45315,212 @@ async function watchConfig(options) {
     "jdx/mise-action"
 ];
 /**
- * Default package manager mappings
- * Based on Dependabot supported ecosystems
+ * Default package manager mappings based on common ecosystems.
  */ const DEFAULT_PACKAGE_MANAGERS = [
-    // Node.js package managers
     {
         type: "npm",
         manifestFile: "package.json",
         lockfile: "package-lock.json",
-        installCommand: "npm ci"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.npm
     },
     {
         type: "yarn",
         manifestFile: "package.json",
         lockfile: "yarn.lock",
-        installCommand: "yarn install --frozen-lockfile"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.yarn
     },
     {
         type: "pnpm",
         manifestFile: "package.json",
         lockfile: "pnpm-lock.yaml",
-        installCommand: "pnpm install --frozen-lockfile"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.pnpm
     },
-    // Python package managers
     {
         type: "pip",
         manifestFile: "requirements.txt",
-        installCommand: "pip install -r requirements.txt"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.pip
     },
     {
         type: "pipenv",
         manifestFile: "Pipfile",
         lockfile: "Pipfile.lock",
-        installCommand: "pipenv install --deploy"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.pipenv
     },
     {
         type: "poetry",
         manifestFile: "pyproject.toml",
         lockfile: "poetry.lock",
         requiresLockfile: true,
-        installCommand: "poetry install --no-root"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.poetry
     },
-    // Ruby
     {
         type: "bundler",
         manifestFile: "Gemfile",
         lockfile: "Gemfile.lock",
-        installCommand: "bundle install"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.bundler
     },
-    // Rust
     {
         type: "cargo",
         manifestFile: "Cargo.toml",
         lockfile: "Cargo.lock",
-        installCommand: "cargo build"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.cargo
     },
-    // PHP
     {
         type: "composer",
         manifestFile: "composer.json",
         lockfile: "composer.lock",
-        installCommand: "composer install"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.composer
     },
-    // Java
     {
         type: "maven",
         manifestFile: "pom.xml",
-        installCommand: "mvn install -DskipTests"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.maven
     },
     {
         type: "gradle",
         manifestFile: "build.gradle",
-        installCommand: "gradle build -x test"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.gradle
     },
-    // Go
     {
         type: "gomod",
         manifestFile: "go.mod",
         lockfile: "go.sum",
-        installCommand: "go mod download"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.gomod
     },
-    // Dart/Flutter
     {
         type: "pub",
         manifestFile: "pubspec.yaml",
         lockfile: "pubspec.lock",
-        installCommand: "dart pub get"
+        installCommand: PACKAGE_MANAGER_INSTALL_COMMANDS.pub
     }
 ];
 /**
- * Default copilot-setup configuration
- */ const DEFAULT_CONFIG = {
+ * Default copilot-setup configuration.
+ */ const DEFAULT_COPILOT_SETUP_CONFIG = {
     versionFiles: DEFAULT_VERSION_FILES,
     setupActions: DEFAULT_SETUP_ACTIONS,
     setupActionPatterns: DEFAULT_SETUP_ACTION_PATTERNS,
     packageManagers: DEFAULT_PACKAGE_MANAGERS
 };
+
+;// CONCATENATED MODULE: ../core/src/lib/copilot-setup-config.ts
+/**
+ * Configuration for the copilot-setup command.
+ * Uses c12 for configuration loading, allowing runtime customization.
+ */ 
+
+
+const SAFE_BASENAME_PATTERN = /^[A-Za-z0-9._-]+$/;
+const SAFE_ACTION_PATTERN = /^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+$/;
+const SAFE_VERSION_KEY_PATTERN = /^[a-z][a-z0-9-]*$/;
+const MAX_FILENAME_LENGTH = 255;
+const VERSION_FILE_TYPES = [
+    "node",
+    "python",
+    "java",
+    "ruby",
+    "go"
+];
+const PACKAGE_MANAGER_TYPES = [
+    "npm",
+    "yarn",
+    "pnpm",
+    "pip",
+    "pipenv",
+    "poetry",
+    "bundler",
+    "cargo",
+    "composer",
+    "maven",
+    "gradle",
+    "gomod",
+    "pub"
+];
+function isSafeBasename(value) {
+    return value.length > 0 && value.length <= MAX_FILENAME_LENGTH && SAFE_BASENAME_PATTERN.test(value) && !value.includes("..");
+}
+const VersionFileMappingSchema = schemas_object({
+    filename: schemas_string(),
+    type: schemas_enum(VERSION_FILE_TYPES)
+}).strict().superRefine((value, context)=>{
+    if (!isSafeBasename(value.filename)) {
+        context.addIssue({
+            code: ZodIssueCode.custom,
+            path: [
+                "filename"
+            ],
+            message: "versionFiles.filename must be a safe basename without traversal or directory separators"
+        });
+    }
+});
+const SetupActionConfigSchema = schemas_object({
+    action: schemas_string().regex(SAFE_ACTION_PATTERN, {
+        message: "setupActions.action must be in owner/repo format"
+    }),
+    type: schemas_enum(VERSION_FILE_TYPES),
+    versionFileKey: schemas_string().regex(SAFE_VERSION_KEY_PATTERN, {
+        message: "setupActions.versionFileKey must use lowercase kebab-case"
+    })
+}).strict();
+const PackageManagerMappingSchema = schemas_object({
+    type: schemas_enum(PACKAGE_MANAGER_TYPES),
+    manifestFile: schemas_string(),
+    lockfile: schemas_string().optional(),
+    requiresLockfile: schemas_boolean().optional(),
+    installCommand: schemas_string()
+}).strict().superRefine((value, context)=>{
+    if (!isSafeBasename(value.manifestFile)) {
+        context.addIssue({
+            code: ZodIssueCode.custom,
+            path: [
+                "manifestFile"
+            ],
+            message: "packageManagers.manifestFile must be a safe basename without traversal or directory separators"
+        });
+    }
+    if (value.lockfile && !isSafeBasename(value.lockfile)) {
+        context.addIssue({
+            code: ZodIssueCode.custom,
+            path: [
+                "lockfile"
+            ],
+            message: "packageManagers.lockfile must be a safe basename without traversal or directory separators"
+        });
+    }
+    const expectedInstallCommand = PACKAGE_MANAGER_INSTALL_COMMANDS[value.type];
+    if (value.installCommand !== expectedInstallCommand) {
+        context.addIssue({
+            code: ZodIssueCode.custom,
+            path: [
+                "installCommand"
+            ],
+            message: `packageManagers.installCommand for ${value.type} must be '${expectedInstallCommand}'`
+        });
+    }
+});
+const CopilotSetupConfigSchema = schemas_object({
+    versionFiles: schemas_array(VersionFileMappingSchema).min(1),
+    setupActions: schemas_array(SetupActionConfigSchema).min(1),
+    setupActionPatterns: schemas_array(schemas_string().regex(SAFE_ACTION_PATTERN, {
+        message: "setupActionPatterns entries must be in owner/repo format"
+    })).min(1),
+    packageManagers: schemas_array(PackageManagerMappingSchema).min(1)
+});
+/**
+ * Validates loaded copilot-setup configuration and rejects unsafe values.
+ */ function validateCopilotSetupConfig(config) {
+    return CopilotSetupConfigSchema.parse(config);
+}
 /**
- * Loads the copilot-setup configuration using c12
- * Falls back to defaults if no configuration is found
+ * Loads the copilot-setup configuration using c12.
+ * Falls back to defaults if no configuration is found.
  */ async function loadCopilotSetupConfig() {
     const { config } = await loadConfig({
         name: "lousy-agents",
-        defaults: DEFAULT_CONFIG,
+        defaults: DEFAULT_COPILOT_SETUP_CONFIG,
         packageJson: "copilotSetup"
     });
-    return config || DEFAULT_CONFIG;
+    return validateCopilotSetupConfig(config ?? DEFAULT_COPILOT_SETUP_CONFIG);
 }
 /**
  * Resets the cached configuration (useful for testing)
@@ -45358,8 +45531,8 @@ async function watchConfig(options) {
 // no in-memory cache to reset
 }
 /**
- * Gets a version file type to action mapping from config
- * Returns a partial record as not all types may be configured
+ * Gets a version file type to action mapping from config.
+ * Returns a partial record as not all types may be configured.
  */ function getVersionTypeToActionMap(config) {
     const map = {};
     for (const action of config.setupActions){
@@ -45368,8 +45541,8 @@ async function watchConfig(options) {
     return map;
 }
 /**
- * Gets a version file type to config key mapping from config
- * Returns a partial record as not all types may be configured
+ * Gets a version file type to config key mapping from config.
+ * Returns a partial record as not all types may be configured.
  */ function getVersionFileConfigKeyMap(config) {
     const map = {};
     for (const action of config.setupActions){
@@ -45378,7 +45551,7 @@ async function watchConfig(options) {
     return map;
 }
 /**
- * Gets a filename to version type mapping from config
+ * Gets a filename to version type mapping from config.
  */ function getVersionFilenameToTypeMap(config) {
     const map = {};
     for (const file of config.versionFiles){
@@ -45395,15 +45568,14 @@ async function watchConfig(options) {
 
 
 
-
-/**
- * Reads the content of a version file and trims whitespace
- */ async function readVersionFileContent(filePath) {
+const MAX_VERSION_FILE_BYTES = 16 * 1024;
+async function readVersionFileContent(filePath) {
+    await assertFileSizeWithinLimit(filePath, MAX_VERSION_FILE_BYTES, `Version file '${filePath}'`);
     const content = await (0,promises_.readFile)(filePath, "utf-8");
     return content.trim();
 }
 /**
- * File system implementation of the environment gateway
+ * File system implementation of the environment gateway.
  */ class FileSystemEnvironmentGateway {
     config = null;
     async getConfig() {
@@ -45424,14 +45596,14 @@ async function watchConfig(options) {
         };
     }
     async detectMise(targetDir) {
-        const miseTomlPath = (0,external_node_path_.join)(targetDir, "mise.toml");
+        const miseTomlPath = await file_system_utils_resolveSafePath(targetDir, "mise.toml");
         return file_system_utils_fileExists(miseTomlPath);
     }
     async detectVersionFiles(targetDir, config) {
         const filenameToType = getVersionFilenameToTypeMap(config);
         const versionFiles = [];
         for (const fileConfig of config.versionFiles){
-            const filePath = (0,external_node_path_.join)(targetDir, fileConfig.filename);
+            const filePath = await file_system_utils_resolveSafePath(targetDir, fileConfig.filename);
             if (await file_system_utils_fileExists(filePath)) {
                 const version = await readVersionFileContent(filePath);
                 versionFiles.push({
@@ -45445,32 +45617,27 @@ async function watchConfig(options) {
     }
     async detectPackageManagers(targetDir, config) {
         const packageManagers = [];
-        // Helper to check if a package manager type is in a list
         const isPackageManagerType = (pm, types)=>types.includes(pm.type);
         const nodePackageManagers = config.packageManagers.filter((pm)=>isPackageManagerType(pm, NODE_PACKAGE_MANAGERS));
         const pythonPackageManagers = config.packageManagers.filter((pm)=>isPackageManagerType(pm, PYTHON_PACKAGE_MANAGERS));
         const otherPackageManagers = config.packageManagers.filter((pm)=>!isPackageManagerType(pm, NODE_PACKAGE_MANAGERS) && !isPackageManagerType(pm, PYTHON_PACKAGE_MANAGERS));
-        // Detect Node.js package manager (with prioritization)
         const nodePackageManager = await this.detectNodePackageManager(targetDir, nodePackageManagers);
         if (nodePackageManager) {
             packageManagers.push(nodePackageManager);
         }
-        // Detect Python package manager (with prioritization)
         const pythonPackageManager = await this.detectPythonPackageManager(targetDir, pythonPackageManagers);
         if (pythonPackageManager) {
             packageManagers.push(pythonPackageManager);
         }
-        // Detect other package managers
         const otherDetectedManagers = await this.detectOtherPackageManagers(targetDir, otherPackageManagers);
         packageManagers.push(...otherDetectedManagers);
         return packageManagers;
     }
     async detectNodePackageManager(targetDir, nodePackageManagers) {
-        const packageJsonPath = (0,external_node_path_.join)(targetDir, "package.json");
+        const packageJsonPath = await file_system_utils_resolveSafePath(targetDir, "package.json");
         if (!await file_system_utils_fileExists(packageJsonPath)) {
             return null;
         }
-        // Priority order for Node.js package managers: npm > yarn > pnpm
         const lockfileOrder = [
             "npm",
             "yarn",
@@ -45481,7 +45648,7 @@ async function watchConfig(options) {
             if (!pmConfig?.lockfile) {
                 continue;
             }
-            const lockfilePath = (0,external_node_path_.join)(targetDir, pmConfig.lockfile);
+            const lockfilePath = await file_system_utils_resolveSafePath(targetDir, pmConfig.lockfile);
             if (await file_system_utils_fileExists(lockfilePath)) {
                 return {
                     type: pmConfig.type,
@@ -45490,7 +45657,6 @@ async function watchConfig(options) {
                 };
             }
         }
-        // Default to npm if no lockfile found
         const npmConfig = nodePackageManagers.find((pm)=>pm.type === "npm");
         if (npmConfig) {
             return {
@@ -45502,17 +45668,15 @@ async function watchConfig(options) {
         return null;
     }
     async detectPythonPackageManager(targetDir, pythonPackageManagers) {
-        // Priority order for Python package managers: poetry > pipenv > pip
         for (const pmType of PYTHON_PACKAGE_MANAGERS){
             const pmConfig = pythonPackageManagers.find((pm)=>pm.type === pmType);
             if (!pmConfig) {
                 continue;
             }
-            const manifestPath = (0,external_node_path_.join)(targetDir, pmConfig.manifestFile);
+            const manifestPath = await file_system_utils_resolveSafePath(targetDir, pmConfig.manifestFile);
             if (await file_system_utils_fileExists(manifestPath)) {
-                const lockfilePath = pmConfig.lockfile ? (0,external_node_path_.join)(targetDir, pmConfig.lockfile) : undefined;
+                const lockfilePath = pmConfig.lockfile ? await file_system_utils_resolveSafePath(targetDir, pmConfig.lockfile) : undefined;
                 const hasLockfile = lockfilePath ? await file_system_utils_fileExists(lockfilePath) : false;
-                // Skip if lockfile is required but not present
                 if (pmConfig.requiresLockfile && !hasLockfile) {
                     continue;
                 }
@@ -45528,11 +45692,10 @@ async function watchConfig(options) {
     async detectOtherPackageManagers(targetDir, otherPackageManagers) {
         const packageManagers = [];
         for (const pmConfig of otherPackageManagers){
-            const manifestPath = (0,external_node_path_.join)(targetDir, pmConfig.manifestFile);
+            const manifestPath = await file_system_utils_resolveSafePath(targetDir, pmConfig.manifestFile);
             if (await file_system_utils_fileExists(manifestPath)) {
-                const lockfilePath = pmConfig.lockfile ? (0,external_node_path_.join)(targetDir, pmConfig.lockfile) : undefined;
+                const lockfilePath = pmConfig.lockfile ? await file_system_utils_resolveSafePath(targetDir, pmConfig.lockfile) : undefined;
                 const hasLockfile = lockfilePath ? await file_system_utils_fileExists(lockfilePath) : false;
-                // Skip if lockfile is required but not present
                 if (pmConfig.requiresLockfile && !hasLockfile) {
                     continue;
                 }
@@ -45547,7 +45710,7 @@ async function watchConfig(options) {
     }
 }
 /**
- * Creates and returns the default environment gateway
+ * Creates and returns the default environment gateway.
  */ function createEnvironmentGateway() {
     return new FileSystemEnvironmentGateway();
 }
@@ -46041,13 +46204,13 @@ function defaultExec(command, args, options) {
         return fileExists(dirPath);
     }
     async ensureSkillDirectory(targetDir, skillName) {
-        const skillDir = this.getSkillDirectoryPath(targetDir, skillName);
+        const skillDir = await resolveSafePath(targetDir, `.github/skills/${skillName}`);
         await mkdir(skillDir, {
             recursive: true
         });
     }
     async writeSkillFile(targetDir, skillName, content) {
-        const filePath = this.getSkillFilePath(targetDir, skillName);
+        const filePath = await resolveSafePath(targetDir, `.github/skills/${skillName}/SKILL.md`);
         await writeFile(filePath, content, {
             encoding: "utf-8"
         });
@@ -46497,17 +46660,12 @@ var yaml_dist = __webpack_require__(3519);
 
 
 
-
-/**
- * Possible filenames for the Copilot Setup Steps workflow.
- * Supports both .yml and .yaml extensions.
- */ const COPILOT_SETUP_WORKFLOW_FILENAMES = [
+const COPILOT_SETUP_WORKFLOW_FILENAMES = [
     "copilot-setup-steps.yml",
     "copilot-setup-steps.yaml"
 ];
-/**
- * File system implementation of the workflow gateway
- */ class FileSystemWorkflowGateway {
+const MAX_WORKFLOW_FILE_BYTES = 1024 * 1024;
+class FileSystemWorkflowGateway {
     config = null;
     async getConfig() {
         if (!this.config) {
@@ -46515,13 +46673,9 @@ var yaml_dist = __webpack_require__(3519);
         }
         return this.config;
     }
-    /**
-     * Finds the path to an existing Copilot Setup Steps workflow file.
-     * @returns The full path if found, or null if no workflow exists.
-     */ async findCopilotSetupWorkflowPath(targetDir) {
-        const workflowsDir = (0,external_node_path_.join)(targetDir, ".github", "workflows");
+    async findCopilotSetupWorkflowPath(targetDir) {
         for (const filename of COPILOT_SETUP_WORKFLOW_FILENAMES){
-            const workflowPath = (0,external_node_path_.join)(workflowsDir, filename);
+            const workflowPath = await file_system_utils_resolveSafePath(targetDir, `.github/workflows/${filename}`);
             if (await file_system_utils_fileExists(workflowPath)) {
                 return workflowPath;
             }
@@ -46529,7 +46683,7 @@ var yaml_dist = __webpack_require__(3519);
         return null;
     }
     async parseWorkflowsForSetupActions(targetDir) {
-        const workflowsDir = (0,external_node_path_.join)(targetDir, ".github", "workflows");
+        const workflowsDir = await file_system_utils_resolveSafePath(targetDir, ".github/workflows");
         if (!await file_system_utils_fileExists(workflowsDir)) {
             return [];
         }
@@ -46538,15 +46692,15 @@ var yaml_dist = __webpack_require__(3519);
         const config = await this.getConfig();
         const allCandidates = [];
         for (const file of yamlFiles){
-            const filePath = (0,external_node_path_.join)(workflowsDir, file);
+            const filePath = await file_system_utils_resolveSafePath(targetDir, `.github/workflows/${file}`);
+            await assertFileSizeWithinLimit(filePath, MAX_WORKFLOW_FILE_BYTES, `Workflow file '${file}'`);
             try {
                 const content = await (0,promises_.readFile)(filePath, "utf-8");
                 const workflow = (0,yaml_dist.parse)(content);
                 const candidates = extractSetupStepsFromWorkflow(workflow, config.setupActionPatterns);
                 allCandidates.push(...candidates);
             } catch  {
-            // Skip files that can't be parsed as valid YAML workflows
-            // This is expected for malformed or non-workflow YAML files
+            // Skip unreadable or malformed YAML workflow files while continuing scan.
             }
         }
         return deduplicateCandidates(allCandidates);
@@ -46557,27 +46711,27 @@ var yaml_dist = __webpack_require__(3519);
     }
     async getCopilotSetupWorkflowPath(targetDir) {
         const existingPath = await this.findCopilotSetupWorkflowPath(targetDir);
-        return existingPath || (0,external_node_path_.join)(targetDir, ".github", "workflows", "copilot-setup-steps.yml");
+        if (existingPath) {
+            return existingPath;
+        }
+        return file_system_utils_resolveSafePath(targetDir, ".github/workflows/copilot-setup-steps.yml");
     }
     async readCopilotSetupWorkflow(targetDir) {
         const workflowPath = await this.findCopilotSetupWorkflowPath(targetDir);
         if (!workflowPath) {
             return null;
         }
+        await assertFileSizeWithinLimit(workflowPath, MAX_WORKFLOW_FILE_BYTES, "Copilot setup workflow");
         const content = await (0,promises_.readFile)(workflowPath, "utf-8");
         return (0,yaml_dist.parse)(content);
     }
     async writeCopilotSetupWorkflow(targetDir, content) {
-        // Check if an existing workflow file exists (either extension)
         const existingPath = await this.findCopilotSetupWorkflowPath(targetDir);
-        // Use existing path if found, otherwise default to .yml
-        const workflowPath = existingPath || (0,external_node_path_.join)(targetDir, ".github", "workflows", "copilot-setup-steps.yml");
+        const workflowPath = existingPath ?? await file_system_utils_resolveSafePath(targetDir, ".github/workflows/copilot-setup-steps.yml");
         await (0,promises_.writeFile)(workflowPath, content, "utf-8");
     }
 }
-/**
- * Creates and returns the default workflow gateway
- */ function createWorkflowGateway() {
+function createWorkflowGateway() {
     return new FileSystemWorkflowGateway();
 }
 
@@ -66216,8 +66370,7 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
  * @param environment The detected environment configuration
  * @param config Optional copilot-setup configuration (for package manager mappings)
  * @returns Array of SessionStart hooks
- */ async function buildSessionStartHooks(environment, config) {
-    const loadedConfig = config || await loadCopilotSetupConfig();
+ */ async function buildSessionStartHooks(environment, config = DEFAULT_COPILOT_SETUP_CONFIG) {
     const hooks = [];
     // If mise.toml is present, add mise install
     if (environment.hasMise) {
@@ -66226,7 +66379,7 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
             description: "Install runtimes from mise.toml"
         });
         // After mise install, add package manager install hooks
-        const packageManagerHooks = buildPackageManagerHooks(environment.packageManagers, loadedConfig);
+        const packageManagerHooks = buildPackageManagerHooks(environment.packageManagers, config);
         hooks.push(...packageManagerHooks);
         return hooks;
     }
@@ -66234,7 +66387,7 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
     const runtimeHooks = buildRuntimeHooks(environment.versionFiles);
     hooks.push(...runtimeHooks);
     // Add package manager install hooks
-    const packageManagerHooks = buildPackageManagerHooks(environment.packageManagers, loadedConfig);
+    const packageManagerHooks = buildPackageManagerHooks(environment.packageManagers, config);
     hooks.push(...packageManagerHooks);
     return hooks;
 }
@@ -66504,6 +66657,7 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
 
 
 
+
 /**
  * Creates or updates Claude Code web environment setup files.
  */ const createClaudeCodeWebSetupHandler = async (args)=>{
@@ -66515,8 +66669,9 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
     const claudeGateway = createClaudeFileGateway();
     // Detect environment configuration
     const environment = await environmentGateway.detectEnvironment(dir);
+    const copilotSetupConfig = await loadCopilotSetupConfig();
     // Build SessionStart hooks from environment
-    const hooks = await buildSessionStartHooks(environment);
+    const hooks = await buildSessionStartHooks(environment, copilotSetupConfig);
     // Read existing settings
     const existingSettings = await claudeGateway.readSettings(dir);
     // Merge settings
@@ -66728,17 +66883,29 @@ Example resolved format: actions/setup-node@1a2b3c4d5e6f  # v4.0.0`;
  */ 
 
 /**
- * Builds setup step candidates from detected environment
- * @param environment The detected environment configuration
- * @param versionGateway Optional gateway for looking up action versions (defaults to local)
- * @param config Optional copilot-setup configuration
- * @returns Array of setup step candidates
- */ async function buildCandidatesFromEnvironment(environment, versionGateway = createActionVersionGateway(), config) {
-    const loadedConfig = config || await loadCopilotSetupConfig();
-    const versionTypeToAction = getVersionTypeToActionMap(loadedConfig);
-    const versionFileConfigKeys = getVersionFileConfigKeyMap(loadedConfig);
+ * Creates an ActionVersionPort backed by a static version map.
+ */ function createActionVersionPort(versionMap) {
+    return {
+        async getVersion (actionName) {
+            return versionMap[actionName];
+        }
+    };
+}
+const candidate_builder_DEFAULT_ACTION_VERSIONS = {
+    "actions/setup-node": "v4",
+    "actions/setup-python": "v5",
+    "actions/setup-java": "v4",
+    "actions/setup-ruby": "v1",
+    "actions/setup-go": "v5",
+    "jdx/mise-action": "v2"
+};
+const defaultActionVersionPort = createActionVersionPort(candidate_builder_DEFAULT_ACTION_VERSIONS);
+/**
+ * Builds setup step candidates from detected environment.
+ */ async function buildCandidatesFromEnvironment(environment, versionGateway = defaultActionVersionPort, config = DEFAULT_COPILOT_SETUP_CONFIG) {
+    const versionTypeToAction = getVersionTypeToActionMap(config);
+    const versionFileConfigKeys = getVersionFileConfigKeyMap(config);
     const candidates = [];
-    // If mise.toml is present, add mise-action only
     if (environment.hasMise) {
         const miseVersion = await versionGateway.getVersion("jdx/mise-action");
         candidates.push({
@@ -66748,24 +66915,14 @@ Example resolved format: actions/setup-node@1a2b3c4d5e6f  # v4.0.0`;
         });
         return candidates;
     }
-    // Otherwise, add individual setup actions for each version file
     const setupCandidates = await buildCandidatesFromVersionFiles(environment.versionFiles, versionTypeToAction, versionFileConfigKeys, versionGateway);
     candidates.push(...setupCandidates);
-    // Add install steps for detected package managers
-    const installCandidates = buildInstallCandidatesFromPackageManagers(environment.packageManagers, loadedConfig);
+    const installCandidates = buildInstallCandidatesFromPackageManagers(environment.packageManagers, config);
     candidates.push(...installCandidates);
     return candidates;
 }
-/**
- * Builds setup step candidates from individual version files
- * @param versionFiles Array of version files to process
- * @param versionTypeToAction Map from version file type to action name
- * @param versionFileConfigKeys Map from version file type to config key
- * @param versionGateway Gateway for looking up action versions
- * @returns Array of setup step candidates
- */ async function buildCandidatesFromVersionFiles(versionFiles, versionTypeToAction, versionFileConfigKeys, versionGateway) {
+async function buildCandidatesFromVersionFiles(versionFiles, versionTypeToAction, versionFileConfigKeys, versionGateway) {
     const candidates = [];
-    // Track which types we've already added to deduplicate (e.g., .nvmrc and .node-version)
     const addedTypes = new Set();
     for (const versionFile of versionFiles){
         if (addedTypes.has(versionFile.type)) {
@@ -66789,30 +66946,19 @@ Example resolved format: actions/setup-node@1a2b3c4d5e6f  # v4.0.0`;
     }
     return candidates;
 }
-/**
- * Builds install step candidates from detected package managers
- * @param packageManagers Array of detected package managers
- * @param config Configuration for package manager mappings
- * @returns Array of install step candidates
- */ function buildInstallCandidatesFromPackageManagers(packageManagers, config) {
+function buildInstallCandidatesFromPackageManagers(packageManagers, config) {
     const candidates = [];
     const addedTypes = new Set();
     for (const pm of packageManagers){
-        // Skip if we've already added this package manager type
         if (addedTypes.has(pm.type)) {
             continue;
         }
         addedTypes.add(pm.type);
-        // Find the config for this package manager
         const pmConfig = config.packageManagers.find((c)=>c.type === pm.type);
         if (!pmConfig) {
             continue;
         }
-        // Determine a descriptive name for the install step
         const stepName = getInstallStepName(pm.type);
-        // Create install step candidate
-        // Note: Empty action string indicates this is a run step (uses 'run' field instead of 'uses')
-        // This is checked in workflow-generator.ts buildStepFromCandidate()
         candidates.push({
             action: "",
             source: "version-file",
@@ -66822,9 +66968,7 @@ Example resolved format: actions/setup-node@1a2b3c4d5e6f  # v4.0.0`;
     }
     return candidates;
 }
-/**
- * Gets a descriptive name for an install step based on package manager type
- */ function getInstallStepName(packageManagerType) {
+function getInstallStepName(packageManagerType) {
     const names = {
         npm: "Install Node.js dependencies",
         yarn: "Install Node.js dependencies",
@@ -67234,6 +67378,10 @@ function getGlobalWacContext() {
 
 
 
+const workflow_generator_DEFAULT_ACTION_VERSIONS = {
+    "actions/checkout": "v4"
+};
+const workflow_generator_defaultActionVersionPort = createActionVersionPort(workflow_generator_DEFAULT_ACTION_VERSIONS);
 /**
  * Generates a human-readable step name from an action name
  * @example "actions/setup-node" -> "Setup node"
@@ -67348,7 +67496,7 @@ function getGlobalWacContext() {
  * @param versionGateway Optional gateway for looking up action versions (defaults to local)
  * @param options Optional generation options for placeholders and resolved versions
  * @returns The workflow YAML content as a string
- */ async function generateWorkflowContent(candidates, versionGateway = createActionVersionGateway(), options) {
+ */ async function generateWorkflowContent(candidates, versionGateway = workflow_generator_defaultActionVersionPort, options) {
     const stepOptions = {
         usePlaceholders: options?.usePlaceholders,
         resolvedVersions: options?.resolvedVersions
@@ -67406,7 +67554,7 @@ function getGlobalWacContext() {
  * @param versionGateway Optional gateway for looking up action versions (defaults to local)
  * @param options Optional generation options for placeholders and resolved versions
  * @returns The updated workflow YAML content
- */ async function updateWorkflowWithMissingSteps(existingWorkflow, missingCandidates, versionGateway = createActionVersionGateway(), options) {
+ */ async function updateWorkflowWithMissingSteps(existingWorkflow, missingCandidates, versionGateway = workflow_generator_defaultActionVersionPort, options) {
     if (!existingWorkflow || typeof existingWorkflow !== "object") {
         return generateWorkflowContent(missingCandidates, versionGateway, options);
     }
@@ -67459,12 +67607,13 @@ function getGlobalWacContext() {
  */ async function gatherCandidates(dir, workflowsDirExists) {
     const environmentGateway = createEnvironmentGateway();
     const workflowGateway = createWorkflowGateway();
+    const copilotSetupConfig = await loadCopilotSetupConfig();
     // Detect environment configuration
     const environment = await environmentGateway.detectEnvironment(dir);
     // Parse existing workflows for setup actions
     const workflowCandidates = workflowsDirExists ? await workflowGateway.parseWorkflowsForSetupActions(dir) : [];
     // Build candidates from environment
-    const envCandidates = await buildCandidatesFromEnvironment(environment);
+    const envCandidates = await buildCandidatesFromEnvironment(environment, undefined, copilotSetupConfig);
     // Merge candidates (workflow takes precedence)
     return mergeCandidates(workflowCandidates, envCandidates);
 }
@@ -67535,7 +67684,7 @@ function getGlobalWacContext() {
         return types_errorResponse(`Target directory does not exist: ${dir}`);
     }
     const workflowGateway = createWorkflowGateway();
-    const workflowsDir = (0,external_node_path_.join)(dir, ".github", "workflows");
+    const workflowsDir = await file_system_utils_resolveSafePath(dir, ".github/workflows");
     const workflowsDirExists = await file_system_utils_fileExists(workflowsDir);
     // Gather all candidates
     const allCandidates = await gatherCandidates(dir, workflowsDirExists);