@nathapp/nax 0.18.5 → 0.19.0

package/src/execution/crash-recovery.ts

@@ -1,3 +1,4 @@
+import { appendFileSync } from "node:fs";
 /**
  * Crash Recovery — Signal handlers, heartbeat, and exit summary
  *
@@ -63,9 +64,8 @@ async function writeFatalLog(jsonlFilePath: string | undefined, signal: string,
     };
 
     const line = `${JSON.stringify(fatalEntry)}\n`;
-    // Use appendFileSync from node:fs to ensure file is created if it doesn't exist
-    const { appendFileSync } = await import("node:fs");
-    appendFileSync(jsonlFilePath, line, "utf8");
+    // Use Bun.write with append: true
+    appendFileSync(jsonlFilePath, line);
   } catch (err) {
     console.error("[crash-recovery] Failed to write fatal log:", err);
   }
@@ -107,8 +107,7 @@ async function writeRunComplete(ctx: CrashRecoveryContext, exitReason: string):
     };
 
     const line = `${JSON.stringify(runCompleteEntry)}\n`;
-    const { appendFileSync } = await import("node:fs");
-    appendFileSync(ctx.jsonlFilePath, line, "utf8");
+    appendFileSync(ctx.jsonlFilePath, line);
     logger?.debug("crash-recovery", "run.complete event written", { exitReason });
   } catch (err) {
     console.error("[crash-recovery] Failed to write run.complete event:", err);
@@ -279,8 +278,7 @@ export function startHeartbeat(
           },
         };
         const line = `${JSON.stringify(heartbeatEntry)}\n`;
-        const { appendFileSync } = await import("node:fs");
-        appendFileSync(jsonlFilePath, line, "utf8");
+        appendFileSync(jsonlFilePath, line);
       } catch (err) {
         logger?.warn("crash-recovery", "Failed to write heartbeat", { error: (err as Error).message });
       }
@@ -342,9 +340,8 @@ export async function writeExitSummary(
     };
 
     const line = `${JSON.stringify(summaryEntry)}\n`;
-    // Use appendFileSync from node:fs to ensure file is created if it doesn't exist
-    const { appendFileSync } = await import("node:fs");
-    appendFileSync(jsonlFilePath, line, "utf8");
+    // Use Bun.write with append: true
+    appendFileSync(jsonlFilePath, line);
     logger?.debug("crash-recovery", "Exit summary written");
   } catch (err) {
     logger?.warn("crash-recovery", "Failed to write exit summary", { error: (err as Error).message });

package/src/execution/lifecycle/acceptance-loop.ts

@@ -93,6 +93,7 @@ async function generateAndAddFixStories(
     specContent: await loadSpecContent(ctx.featureDir),
     workdir: ctx.workdir,
     modelDef,
+    config: ctx.config,
   });
   if (fixStories.length === 0) {
     logger?.error("acceptance", "Failed to generate fix stories");

package/src/execution/lifecycle/index.ts

@@ -2,7 +2,6 @@
  * Lifecycle module exports
  */
 
-export { RunLifecycle, type SetupResult, type TeardownOptions } from "./run-lifecycle";
 export { runAcceptanceLoop, type AcceptanceLoopContext, type AcceptanceLoopResult } from "./acceptance-loop";
 export { emitStoryComplete, type StoryCompleteEvent } from "./story-hooks";
 export { outputRunHeader, outputRunFooter, type RunHeaderOptions, type RunFooterOptions } from "./headless-formatter";

package/src/execution/lifecycle/precheck-runner.ts

@@ -62,7 +62,7 @@ export async function runPrecheckValidation(ctx: PrecheckContext): Promise<void>
       warnings: precheckResult.output.warnings.map((w) => ({ name: w.name, message: w.message })),
       summary: precheckResult.output.summary,
     };
-    appendFileSync(ctx.logFilePath, `${JSON.stringify(precheckLog)}\n`, "utf8");
+    require("node:fs").appendFileSync(ctx.logFilePath, `${JSON.stringify(precheckLog)}\n`);
   }
 
   // Handle blockers (Tier 1 failures)

package/src/execution/lifecycle/run-setup.ts

@@ -122,20 +122,6 @@ export async function setupRun(options: RunSetupOptions): Promise<RunSetupResult
     getStoriesCompleted: options.getStoriesCompleted,
   });
 
-  // Acquire lock to prevent concurrent execution
-  const lockAcquired = await acquireLock(workdir);
-  if (!lockAcquired) {
-    logger?.error("execution", "Another nax process is already running in this directory");
-    logger?.error("execution", "If you believe this is an error, remove nax.lock manually");
-    throw new LockAcquisitionError(workdir);
-  }
-
-  // Load plugins (before try block so it's accessible in finally)
-  const globalPluginsDir = path.join(os.homedir(), ".nax", "plugins");
-  const projectPluginsDir = path.join(workdir, "nax", "plugins");
-  const configPlugins = config.plugins || [];
-  const pluginRegistry = await loadPlugins(globalPluginsDir, projectPluginsDir, configPlugins, workdir);
-
   // Load PRD (before try block so it's accessible in finally for onRunEnd)
   let prd = await loadPRD(prdPath);
 
@@ -163,6 +149,20 @@ export async function setupRun(options: RunSetupOptions): Promise<RunSetupResult
     logger?.warn("precheck", "Precheck validations skipped (--skip-precheck)");
   }
 
+  // Acquire lock to prevent concurrent execution
+  const lockAcquired = await acquireLock(workdir);
+  if (!lockAcquired) {
+    logger?.error("execution", "Another nax process is already running in this directory");
+    logger?.error("execution", "If you believe this is an error, remove nax.lock manually");
+    throw new LockAcquisitionError(workdir);
+  }
+
+  // Load plugins (before try block so it's accessible in finally)
+  const globalPluginsDir = path.join(os.homedir(), ".nax", "plugins");
+  const projectPluginsDir = path.join(workdir, "nax", "plugins");
+  const configPlugins = config.plugins || [];
+  const pluginRegistry = await loadPlugins(globalPluginsDir, projectPluginsDir, configPlugins, workdir);
+
   // Log plugins loaded
   logger?.info("plugins", `Loaded ${pluginRegistry.plugins.length} plugins`, {
     plugins: pluginRegistry.plugins.map((p) => ({ name: p.name, version: p.version, provides: p.provides })),

package/src/execution/parallel.ts

@@ -18,7 +18,7 @@ import type { PipelineContext, RoutingResult } from "../pipeline/types";
 import type { PluginRegistry } from "../plugins/registry";
 import type { PRD, UserStory } from "../prd";
 import { markStoryFailed, markStoryPassed, savePRD } from "../prd";
-import { routeTask } from "../routing";
+import { routeTask, tryLlmBatchRoute } from "../routing";
 import { WorktreeManager } from "../worktree/manager";
 import { MergeEngine, type StoryDependencies } from "../worktree/merge";
 

package/src/execution/runner.ts

@@ -15,6 +15,7 @@ import type { StoryMetrics } from "../metrics";
 import type { PipelineEventEmitter } from "../pipeline/events";
 import { countStories, isComplete } from "../prd";
 import type { UserStory } from "../prd";
+import { tryLlmBatchRoute } from "../routing/batch-route";
 import { clearCache as clearLlmCache, routeBatch as llmRouteBatch } from "../routing/strategies/llm";
 import { precomputeBatchPlan } from "./batching";
 import { stopHeartbeat, writeExitSummary } from "./crash-recovery";
@@ -25,25 +26,6 @@ export { resolveMaxAttemptsOutcome } from "./escalation";
 
 /** Run options */
 
-/**
- * Try LLM batch routing for ready stories. Logs and swallows errors (falls back to per-story routing).
- */
-async function tryLlmBatchRoute(config: NaxConfig, stories: UserStory[], label = "routing"): Promise<void> {
-  const mode = config.routing.llm?.mode ?? "hybrid";
-  if (config.routing.strategy !== "llm" || mode === "per-story" || stories.length === 0) return;
-  const logger = getSafeLogger();
-  try {
-    logger?.debug("routing", `LLM batch routing: ${label}`, { storyCount: stories.length, mode });
-    await llmRouteBatch(stories, { config });
-    logger?.debug("routing", "LLM batch routing complete", { label });
-  } catch (err) {
-    logger?.warn("routing", "LLM batch routing failed, falling back to individual routing", {
-      error: (err as Error).message,
-      label,
-    });
-  }
-}
-
 export interface RunOptions {
   /** Path to prd.json */
   prdPath: string;

package/src/execution/sequential-executor.ts

@@ -12,7 +12,7 @@ import type { PipelineContext, RoutingResult } from "../pipeline/types";
 import type { PluginRegistry } from "../plugins";
 import { generateHumanHaltSummary, getNextStory, isComplete, isStalled, loadPRD } from "../prd";
 import type { PRD, UserStory } from "../prd/types";
-import { routeTask } from "../routing";
+import { routeTask, tryLlmBatchRoute } from "../routing";
 import { captureGitRef } from "../utils/git";
 import type { StoryBatch } from "./batching";
 import { startHeartbeat, stopHeartbeat, writeExitSummary } from "./crash-recovery";

package/src/hooks/runner.ts

@@ -106,7 +106,7 @@ function buildEnv(ctx: HookContext): Record<string, string> {
  * @param command - Command string to check
  * @returns true if shell operators detected
  */
-function hasShellOperators(command: string): boolean {
+export function hasShellOperators(command: string): boolean {
   // Check for common shell operators that require shell interpretation
   const shellOperators = /[|&;$`<>(){}]/;
   return shellOperators.test(command);
@@ -117,7 +117,7 @@ function hasShellOperators(command: string): boolean {
  * @param command - Command string to validate
  * @throws Error if obvious injection pattern detected
  */
-function validateHookCommand(command: string): void {
+export function validateHookCommand(command: string): void {
   // Reject commands with obvious injection patterns
   const dangerousPatterns = [
     /\$\(.*\)/, // Command substitution $(...)

package/src/interaction/plugins/auto.ts

@@ -148,8 +148,8 @@ Stage: ${request.stage}
 Feature: ${request.featureName}
 ${request.storyId ? `Story: ${request.storyId}` : ""}
 
-Summary: ${request.summary}
-${request.detail ? `\nDetail: ${request.detail}` : ""}
+Summary: ${request.summary.replace(/`/g, "\\`").replace(/\$/g, "\\$")}
+${request.detail ? `\nDetail: ${request.detail.replace(/`/g, "\\`").replace(/\$/g, "\\$")}` : ""}
 `;
 
     if (request.options && request.options.length > 0) {

package/src/logger/logger.ts

@@ -1,4 +1,4 @@
-import { appendFileSync } from "node:fs";
+import { appendFileSync, mkdirSync } from "node:fs";
 import { type FormatterOptions, type VerbosityMode, formatLogEntry } from "../logging/index.js";
 import { formatConsole, formatJsonl } from "./formatters.js";
 import type { LogEntry, LogLevel, LoggerOptions, StoryLogger } from "./types.js";
@@ -64,7 +64,7 @@ export class Logger {
     try {
       const dir = this.filePath.substring(0, this.filePath.lastIndexOf("/"));
       if (dir) {
-        Bun.spawnSync(["mkdir", "-p", dir]);
+        mkdirSync(dir, { recursive: true });
       }
     } catch (error) {
       console.error(`[logger] Failed to create log directory: ${error}`);
@@ -149,9 +149,7 @@ export class Logger {
     if (!this.filePath) return;
 
     try {
-      const line = `${formatJsonl(entry)}\n`;
-      // Use Node.js fs for simple synchronous append
-      appendFileSync(this.filePath, line, "utf8");
+      appendFileSync(this.filePath, `${formatJsonl(entry)}\n`);
     } catch (error) {
       console.error(`[logger] Failed to write to log file: ${error}`);
     }

package/src/plugins/loader.ts

@@ -10,6 +10,7 @@
 import * as fs from "node:fs/promises";
 import * as path from "node:path";
 import { getSafeLogger as _getSafeLoggerFromModule } from "../logger";
+import { validateModulePath } from "../utils/path-security";
 import { PluginRegistry } from "./registry";
 import type { NaxPlugin, PluginConfigEntry } from "./types";
 import { validatePlugin } from "./validator";
@@ -78,12 +79,13 @@ export async function loadPlugins(
   projectRoot?: string,
 ): Promise<PluginRegistry> {
   const loadedPlugins: LoadedPlugin[] = [];
+  const effectiveProjectRoot = projectRoot || projectDir;
   const pluginNames = new Set<string>();
 
   // 1. Load plugins from global directory
   const globalPlugins = await discoverPlugins(globalDir);
   for (const plugin of globalPlugins) {
-    const validated = await loadAndValidatePlugin(plugin.path, {});
+    const validated = await loadAndValidatePlugin(plugin.path, {}, [globalDir]);
     if (validated) {
       if (pluginNames.has(validated.name)) {
         const logger = getSafeLogger();
@@ -100,7 +102,7 @@ export async function loadPlugins(
   // 2. Load plugins from project directory
   const projectPlugins = await discoverPlugins(projectDir);
   for (const plugin of projectPlugins) {
-    const validated = await loadAndValidatePlugin(plugin.path, {});
+    const validated = await loadAndValidatePlugin(plugin.path, {}, [projectDir]);
     if (validated) {
       if (pluginNames.has(validated.name)) {
         const logger = getSafeLogger();
@@ -116,9 +118,14 @@ export async function loadPlugins(
 
   // 3. Load plugins from config entries
   for (const entry of configPlugins) {
-    // Resolve module path relative to project root for relative paths
-    const resolvedModule = resolveModulePath(entry.module, projectRoot);
-    const validated = await loadAndValidatePlugin(resolvedModule, entry.config ?? {}, entry.module);
+    // Resolve module path relative to effective project root for relative paths
+    const resolvedModule = resolveModulePath(entry.module, effectiveProjectRoot);
+    const validated = await loadAndValidatePlugin(
+      resolvedModule,
+      entry.config ?? {},
+      [globalDir, projectDir, effectiveProjectRoot].filter(Boolean),
+      entry.module,
+    );
     if (validated) {
       if (pluginNames.has(validated.name)) {
         const logger = getSafeLogger();
@@ -228,12 +235,32 @@ function resolveModulePath(modulePath: string, projectRoot?: string): string {
  * @returns Validated plugin or null if invalid
  */
 async function loadAndValidatePlugin(
-  modulePath: string,
+  initialModulePath: string,
   config: Record<string, unknown>,
+  allowedRoots: string[] = [],
   originalPath?: string,
 ): Promise<NaxPlugin | null> {
+  let attemptedPath = initialModulePath;
   try {
+    // SEC-1: Validate module path if it's a file path (not an npm package)
+    let modulePath = initialModulePath;
+    const isFilePath = modulePath.startsWith("/") || modulePath.startsWith("./") || modulePath.startsWith("../");
+
+    if (isFilePath && allowedRoots.length > 0) {
+      const validation = validateModulePath(modulePath, allowedRoots);
+      if (!validation.valid) {
+        const logger = getSafeLogger();
+        logger?.error("plugins", `Security: ${validation.error}`);
+        _pluginErrorSink(`[plugins] Security: ${validation.error}`);
+        return null;
+      }
+      // Use the normalized absolute path from the validator
+      const validatedPath = validation.absolutePath as string;
+      modulePath = validatedPath;
+    }
+
     // Import the module
+    attemptedPath = modulePath;
     const imported = await import(modulePath);
 
     // Try default export first, then named exports
@@ -258,7 +285,7 @@ async function loadAndValidatePlugin(
 
     return validated;
   } catch (error) {
-    const displayPath = originalPath || modulePath;
+    const displayPath = originalPath || initialModulePath;
     const errorMsg = error instanceof Error ? error.message : String(error);
     const logger = getSafeLogger();
 
@@ -266,14 +293,14 @@ async function loadAndValidatePlugin(
     if (errorMsg.includes("Cannot find module") || errorMsg.includes("ENOENT")) {
       const msg = `Failed to load plugin module '${displayPath}'`;
       logger?.error("plugins", msg);
-      logger?.error("plugins", `Attempted path: ${modulePath}`);
+      logger?.error("plugins", `Attempted path: ${attemptedPath}`);
       logger?.error(
         "plugins",
         "Ensure the module exists and the path is correct (relative paths are resolved from project root)",
       );
       // Always emit to sink so tests (and headless mode without logger) can capture output
       _pluginErrorSink(`[plugins] ${msg}`);
-      _pluginErrorSink(`[plugins] Attempted path: ${modulePath}`);
+      _pluginErrorSink(`[plugins] Attempted path: ${attemptedPath}`);
       _pluginErrorSink(
         "[plugins] Ensure the module exists and the path is correct (relative paths are resolved from project root)",
       );

package/src/routing/batch-route.ts

@@ -0,0 +1,32 @@
+/**
+ * LLM Batch Routing Helper
+ */
+
+import type { NaxConfig } from "../config";
+import { getSafeLogger } from "../logger";
+import type { UserStory } from "../prd";
+import { routeBatch as llmRouteBatch } from "./strategies/llm";
+
+/**
+ * Attempt to pre-route a batch of stories using LLM to optimize cost and consistency.
+ *
+ * @param config - Global config
+ * @param stories - Stories to route
+ * @param label - Label for logging
+ */
+export async function tryLlmBatchRoute(config: NaxConfig, stories: UserStory[], label = "routing"): Promise<void> {
+  const mode = config.routing.llm?.mode ?? "hybrid";
+  if (config.routing.strategy !== "llm" || mode === "per-story" || stories.length === 0) return;
+
+  const logger = getSafeLogger();
+  try {
+    logger?.debug("routing", `LLM batch routing: ${label}`, { storyCount: stories.length, mode });
+    await llmRouteBatch(stories, { config });
+    logger?.debug("routing", "LLM batch routing complete", { label });
+  } catch (err) {
+    logger?.warn("routing", "LLM batch routing failed, falling back to individual routing", {
+      error: (err as Error).message,
+      label,
+    });
+  }
+}

package/src/routing/index.ts

@@ -14,3 +14,4 @@ export { keywordStrategy, llmStrategy, manualStrategy } from "./strategies";
 
 // Custom strategy loader
 export { loadCustomStrategy } from "./loader";
+export { tryLlmBatchRoute } from "./batch-route";

package/src/routing/loader.ts

@@ -5,6 +5,7 @@
  */
 
 import { resolve } from "node:path";
+import { validateModulePath } from "../utils/path-security";
 import type { RoutingStrategy } from "./strategy";
 
 /**
@@ -27,6 +28,12 @@ import type { RoutingStrategy } from "./strategy";
 export async function loadCustomStrategy(strategyPath: string, workdir: string): Promise<RoutingStrategy> {
   const absolutePath = resolve(workdir, strategyPath);
 
+  // SEC-2: Validate path against workdir root
+  const validation = validateModulePath(absolutePath, [workdir]);
+  if (!validation.valid) {
+    throw new Error(`Security: ${validation.error}`);
+  }
+
   try {
     // Dynamic import (works with both .ts and .js files in Bun)
     const module = await import(absolutePath);

package/src/tui/hooks/usePty.ts

@@ -84,19 +84,25 @@ export function usePty(options: PtySpawnOptions | null): PtyState & { handle: Pt
   const [ptyProcess, setPtyProcess] = useState<ReturnType<typeof Bun.spawn> | null>(null);
 
   // Spawn PTY process
+  // BUG-2: Destructure options to prevent infinite respawn loop due to object identity
+  const command = options?.command;
+  const argsJson = JSON.stringify(options?.args);
+  const cwd = options?.cwd;
+  const envJson = JSON.stringify(options?.env);
+
   useEffect(() => {
-    if (!options) {
+    if (!command) {
       return;
     }
 
     // BUN-001: Replaced node-pty with Bun.spawn (piped stdio).
     // TERM + FORCE_COLOR preserve Claude Code output formatting.
-    const proc = Bun.spawn([options.command, ...(options.args || [])], {
-      cwd: options.cwd || process.cwd(),
-      env: { ...process.env, ...options.env, TERM: "xterm-256color", FORCE_COLOR: "1" },
+    const proc = Bun.spawn([command, ...(JSON.parse(argsJson) || [])], {
+      cwd: cwd || process.cwd(),
+      env: { ...process.env, ...JSON.parse(envJson), TERM: "xterm-256color", FORCE_COLOR: "1" },
       stdin: "pipe",
       stdout: "pipe",
-      stderr: "pipe",
+      stderr: "inherit", // MEM-1: Inherit stderr to avoid blocking on unread pipe
     });
 
     setPtyProcess(proc);
@@ -128,9 +134,14 @@ export function usePty(options: PtySpawnOptions | null): PtyState & { handle: Pt
     })();
 
     // Handle exit
-    proc.exited.then((code) => {
-      setState((prev) => ({ ...prev, isRunning: false, exitCode: code ?? undefined }));
-    });
+    proc.exited
+      .then((code) => {
+        setState((prev) => ({ ...prev, isRunning: false, exitCode: code ?? undefined }));
+      })
+      .catch(() => {
+        // BUG-22: Guard against setState throws (e.g. on unmount)
+        setState((prev) => ({ ...prev, isRunning: false }));
+      });
 
     // Create handle
     const ptyHandle: PtyHandle = {
@@ -152,7 +163,7 @@ export function usePty(options: PtySpawnOptions | null): PtyState & { handle: Pt
     return () => {
       proc.kill();
     };
-  }, [options]);
+  }, [command, argsJson, cwd, envJson]);
 
   // Handle terminal resize
   // resize is a no-op with Bun.spawn (no PTY) — kept for API compatibility

package/src/utils/path-security.ts

@@ -0,0 +1,56 @@
+/**
+ * Path security utilities for nax (SEC-1, SEC-2).
+ */
+
+import { isAbsolute, join, normalize, resolve } from "node:path";
+
+/**
+ * Result of a path validation.
+ */
+export interface PathValidationResult {
+  /** Whether the path is valid and allowed */
+  valid: boolean;
+  /** The absolute, normalized path (if valid) */
+  absolutePath?: string;
+  /** Error message if invalid */
+  error?: string;
+}
+
+/**
+ * Validates that a module path is within an allowed root directory.
+ *
+ * @param modulePath - The user-provided path to validate (relative or absolute)
+ * @param allowedRoots - Array of absolute paths that are allowed as roots
+ * @returns Validation result
+ */
+export function validateModulePath(modulePath: string, allowedRoots: string[]): PathValidationResult {
+  if (!modulePath) {
+    return { valid: false, error: "Module path is empty" };
+  }
+
+  const normalizedRoots = allowedRoots.map((r) => resolve(r));
+
+  // If absolute, just check against roots
+  if (isAbsolute(modulePath)) {
+    const absoluteTarget = normalize(modulePath);
+    const isWithin = normalizedRoots.some((root) => {
+      return absoluteTarget.startsWith(`${root}/`) || absoluteTarget === root;
+    });
+    if (isWithin) {
+      return { valid: true, absolutePath: absoluteTarget };
+    }
+  } else {
+    // If relative, check if it's within any root when resolved relative to that root
+    for (const root of normalizedRoots) {
+      const absoluteTarget = resolve(join(root, modulePath));
+      if (absoluteTarget.startsWith(`${root}/`) || absoluteTarget === root) {
+        return { valid: true, absolutePath: absoluteTarget };
+      }
+    }
+  }
+
+  return {
+    valid: false,
+    error: `Path "${modulePath}" is outside allowed roots`,
+  };
+}

package/src/verification/executor.ts

@@ -85,15 +85,13 @@ export async function executeWithTimeout(
   });
 
   const timeoutMs = timeoutSeconds * 1000;
-  let timeoutId: Timer | null = null;
+
   let timedOut = false;
 
-  const timeoutPromise = new Promise<void>((resolve) => {
-    timeoutId = setTimeout(() => {
-      timedOut = true;
-      resolve();
-    }, timeoutMs);
-  });
+  const timeoutPromise = (async () => {
+    await Bun.sleep(timeoutMs);
+    timedOut = true;
+  })();
 
   const processPromise = proc.exited;
 
@@ -115,7 +113,7 @@ export async function executeWithTimeout(
     }
 
     // Wait for graceful shutdown
-    await new Promise((resolve) => setTimeout(resolve, gracePeriodMs));
+    await Bun.sleep(gracePeriodMs);
 
     // Force SIGKILL entire process group if still running
     try {
@@ -142,11 +140,6 @@ export async function executeWithTimeout(
     };
   }
 
-  // Clear timeout if process finished in time
-  if (timeoutId) {
-    clearTimeout(timeoutId);
-  }
-
   const exitCode = raceResult as number;
   const stdout = await new Response(proc.stdout).text();
   const stderr = await new Response(proc.stderr).text();

package/test/integration/plugins/config-resolution.test.ts

@@ -230,7 +230,7 @@ describe("Plugin config path resolution (US-007)", () => {
       expect(registry.plugins[0].name).toBe("relative-plugin");
     });
 
-    test("resolves ../relative/path from project root", async () => {
+    test("blocks ../ traversal outside project root (SEC-1/SEC-2)", async () => {
       const projectRoot = path.join(tempDir, "project");
       const pluginDir = path.join(tempDir, "shared-plugins");
       await fs.mkdir(projectRoot, { recursive: true });
@@ -271,8 +271,8 @@ describe("Plugin config path resolution (US-007)", () => {
         projectRoot,
       );
 
-      expect(registry.plugins).toHaveLength(1);
-      expect(registry.plugins[0].name).toBe("parent-relative-plugin");
+      // SEC-1/SEC-2: traversal outside project root is blocked
+      expect(registry.plugins).toHaveLength(0);
     });
   });
 

package/test/integration/plugins/loader.test.ts

@@ -379,6 +379,7 @@ describe("loadPlugins", () => {
         path.join(tempDir, "nonexistent"),
         path.join(tempDir, "nonexistent"),
         configPlugins,
+        tempDir,
       );
 
       expect(registry.plugins).toHaveLength(1);
@@ -428,6 +429,7 @@ export default {
         path.join(tempDir, "nonexistent"),
         path.join(tempDir, "nonexistent"),
         configPlugins,
+        tempDir,
       );
 
       expect(registry.plugins).toHaveLength(1);
@@ -574,7 +576,7 @@ export default {
         },
       ];
 
-      const registry = await loadPlugins(globalDir, projectDir, configPlugins);
+      const registry = await loadPlugins(globalDir, projectDir, configPlugins, tempDir);
 
       expect(registry.plugins).toHaveLength(3);
       expect(registry.plugins[0].name).toBe("global");