@phren/cli 0.0.15 → 0.0.16

package/mcp/dist/capabilities/cli.js

@@ -1,6 +1,6 @@
 export const cliManifest = {
     surface: "cli",
-    version: "0.0.15",
+    version: "0.0.16",
     actions: {
         // Finding management
         "finding.add": { implemented: true, handler: "cli-actions.ts:handleAddFinding" },

package/mcp/dist/capabilities/mcp.js

@@ -1,6 +1,6 @@
 export const mcpManifest = {
     surface: "mcp",
-    version: "0.0.15",
+    version: "0.0.16",
     actions: {
         // Finding management
         "finding.add": { implemented: true, handler: "index.ts:add_finding" },

package/mcp/dist/capabilities/vscode.js

@@ -1,6 +1,6 @@
 export const vscodeManifest = {
     surface: "vscode",
-    version: "0.0.15",
+    version: "0.0.16",
     actions: {
         // Finding management
         "finding.add": { implemented: true, handler: "extension.ts:phren.addFinding" },

package/mcp/dist/capabilities/web-ui.js

@@ -1,6 +1,6 @@
 export const webUiManifest = {
     surface: "web-ui",
-    version: "0.0.15",
+    version: "0.0.16",
     actions: {
         // Finding management
         "finding.add": { implemented: false, reason: "Web UI is read-only for findings (review queue only)" },

package/mcp/dist/cli-graph.js

@@ -146,7 +146,10 @@ export async function handleGraphLink(args) {
                 try {
                     existing = JSON.parse(fs.readFileSync(manualLinksPath, "utf8"));
                 }
-                catch { /* fresh start */ }
+                catch (err) {
+                    process.stderr.write(`[phren] link_fragment: manual-links.json is malformed — aborting to avoid data loss: ${err instanceof Error ? err.message : String(err)}\n`);
+                    throw err;
+                }
             }
             const newEntry = { entity: normalizedFragment, entityType: "fragment", sourceDoc, relType: "mentions" };
             const alreadyStored = existing.some((e) => e.entity === newEntry.entity && e.entityType === newEntry.entityType && e.sourceDoc === newEntry.sourceDoc && e.relType === newEntry.relType);

package/mcp/dist/cli-hooks-context.js

@@ -1,7 +1,7 @@
 // cli-hooks-context.ts — HookContext: everything a hook handler needs as plain data + helpers.
 // Centralizes the "resolve state and check guards" pattern so hook handlers don't
 // reach into governance, init, project-config, hooks, init-setup, etc. directly.
-import { appendAuditLog, getPhrenPath, readRootManifest, } from "./shared.js";
+import { getPhrenPath, readRootManifest, appendAuditLog, } from "./shared.js";
 import { updateRuntimeHealth, } from "./shared-governance.js";
 import { detectProject } from "./shared-index.js";
 import { getHooksEnabledPreference } from "./init.js";

package/mcp/dist/cli-namespaces.js

@@ -1,7 +1,7 @@
 import * as fs from "fs";
 import * as path from "path";
 import { execFileSync } from "child_process";
-import { expandHomePath, findProjectNameCaseInsensitive, getPhrenPath, getProjectDirs, homePath, hookConfigPath, normalizeProjectNameForCreate, readRootManifest, } from "./shared.js";
+import { expandHomePath, findArchivedProjectNameCaseInsensitive, findProjectNameCaseInsensitive, getPhrenPath, getProjectDirs, homePath, hookConfigPath, normalizeProjectNameForCreate, readRootManifest, } from "./shared.js";
 import { isValidProjectName, errorMessage } from "./utils.js";
 import { readInstallPreferences, writeInstallPreferences } from "./init-preferences.js";
 import { buildSkillManifest, findLocalSkill, findSkill, getAllSkills } from "./skill-registry.js";
@@ -13,7 +13,7 @@ import { buildTaskIssueBody, createGithubIssueForTask, parseGithubIssueUrl, reso
 import { PROJECT_HOOK_EVENTS, PROJECT_OWNERSHIP_MODES, isProjectHookEnabled, parseProjectOwnershipMode, readProjectConfig, writeProjectConfig, writeProjectHookConfig, } from "./project-config.js";
 import { addFinding, removeFinding } from "./core-finding.js";
 import { supersedeFinding, retractFinding, resolveFindingContradiction } from "./finding-lifecycle.js";
-import { readCustomHooks, getHookTarget, HOOK_EVENT_VALUES } from "./hooks.js";
+import { readCustomHooks, getHookTarget, HOOK_EVENT_VALUES, validateCustomHookCommand } from "./hooks.js";
 import { runtimeFile } from "./shared.js";
 const HOOK_TOOLS = ["claude", "copilot", "cursor", "codex"];
 function printSkillsUsage() {
@@ -334,6 +334,11 @@ export function handleHooksNamespace(args) {
             console.error(`Invalid event "${event}". Valid events: ${HOOK_EVENT_VALUES.join(", ")}`);
             process.exit(1);
         }
+        const commandErr = validateCustomHookCommand(command);
+        if (commandErr) {
+            console.error(commandErr);
+            process.exit(1);
+        }
         const phrenPath = getPhrenPath();
         const prefs = readInstallPreferences(phrenPath);
         const existing = Array.isArray(prefs.customHooks) ? prefs.customHooks : [];
@@ -790,9 +795,10 @@ export async function handleProjectsNamespace(args, profile) {
             process.exit(1);
         }
         const phrenPath = getPhrenPath();
-        const projectDir = path.join(phrenPath, name);
-        const archiveDir = path.join(phrenPath, `${name}.archived`);
         if (subcommand === "archive") {
+            const activeProject = findProjectNameCaseInsensitive(phrenPath, name);
+            const projectDir = activeProject ? path.join(phrenPath, activeProject) : path.join(phrenPath, name);
+            const archiveDir = path.join(phrenPath, `${activeProject ?? name}.archived`);
             if (!fs.existsSync(projectDir)) {
                 console.error(`Project "${name}" not found.`);
                 process.exit(1);
@@ -812,10 +818,14 @@ export async function handleProjectsNamespace(args, profile) {
             }
         }
         else {
-            if (fs.existsSync(projectDir)) {
-                console.error(`Project "${name}" already exists as an active project.`);
+            const activeProject = findProjectNameCaseInsensitive(phrenPath, name);
+            if (activeProject) {
+                console.error(`Project "${activeProject}" already exists as an active project.`);
                 process.exit(1);
             }
+            const archivedProject = findArchivedProjectNameCaseInsensitive(phrenPath, name);
+            const projectDir = path.join(phrenPath, archivedProject ?? name);
+            const archiveDir = path.join(phrenPath, `${archivedProject ?? name}.archived`);
             if (!fs.existsSync(archiveDir)) {
                 const available = fs.readdirSync(phrenPath)
                     .filter((e) => e.endsWith(".archived"))
@@ -830,7 +840,7 @@ export async function handleProjectsNamespace(args, profile) {
             }
             try {
                 fs.renameSync(archiveDir, projectDir);
-                console.log(`Unarchived project "${name}". It is now active again.`);
+                console.log(`Unarchived project "${archivedProject ?? name}". It is now active again.`);
                 console.log("Note: the search index will be updated on next search.");
             }
             catch (err) {

package/mcp/dist/hooks.js

@@ -1,7 +1,9 @@
 import * as fs from "fs";
 import * as path from "path";
 import { createHmac } from "crypto";
+import { lookup } from "dns/promises";
 import { execFileSync } from "child_process";
+import { isIP } from "net";
 import { fileURLToPath } from "url";
 import { EXEC_TIMEOUT_QUICK_MS, PhrenError, debugLog, runtimeFile, homePath, installPreferencesFile, atomicWriteText } from "./shared.js";
 import { errorMessage } from "./utils.js";
@@ -61,6 +63,9 @@ function resolveCliEntryScript() {
 function phrenPackageSpec() {
     return PACKAGE_SPEC;
 }
+function shellSingleQuote(value) {
+    return `'${value.replace(/'/g, `'\"'\"'`)}'`;
+}
 function buildPackageLifecycleCommands() {
     const packageSpec = phrenPackageSpec();
     return {
@@ -74,8 +79,10 @@ export function buildLifecycleCommands(phrenPath) {
     const entry = resolveCliEntryScript();
     const isWindows = process.platform === "win32";
     const escapedPhren = phrenPath.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+    const quotedPhren = shellSingleQuote(phrenPath);
     if (entry) {
         const escapedEntry = entry.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+        const quotedEntry = shellSingleQuote(entry);
         if (isWindows) {
             return {
                 sessionStart: `set "PHREN_PATH=${escapedPhren}" && node "${escapedEntry}" hook-session-start`,
@@ -85,10 +92,10 @@ export function buildLifecycleCommands(phrenPath) {
             };
         }
         return {
-            sessionStart: `PHREN_PATH="${escapedPhren}" node "${escapedEntry}" hook-session-start`,
-            userPromptSubmit: `PHREN_PATH="${escapedPhren}" node "${escapedEntry}" hook-prompt`,
-            stop: `PHREN_PATH="${escapedPhren}" node "${escapedEntry}" hook-stop`,
-            hookTool: `PHREN_PATH="${escapedPhren}" node "${escapedEntry}" hook-tool`,
+            sessionStart: `PHREN_PATH=${quotedPhren} node ${quotedEntry} hook-session-start`,
+            userPromptSubmit: `PHREN_PATH=${quotedPhren} node ${quotedEntry} hook-prompt`,
+            stop: `PHREN_PATH=${quotedPhren} node ${quotedEntry} hook-stop`,
+            hookTool: `PHREN_PATH=${quotedPhren} node ${quotedEntry} hook-tool`,
         };
     }
     const packageSpec = phrenPackageSpec();
@@ -101,10 +108,10 @@ export function buildLifecycleCommands(phrenPath) {
         };
     }
     return {
-        sessionStart: `PHREN_PATH="${escapedPhren}" npx -y ${packageSpec} hook-session-start`,
-        userPromptSubmit: `PHREN_PATH="${escapedPhren}" npx -y ${packageSpec} hook-prompt`,
-        stop: `PHREN_PATH="${escapedPhren}" npx -y ${packageSpec} hook-stop`,
-        hookTool: `PHREN_PATH="${escapedPhren}" npx -y ${packageSpec} hook-tool`,
+        sessionStart: `PHREN_PATH=${quotedPhren} npx -y ${packageSpec} hook-session-start`,
+        userPromptSubmit: `PHREN_PATH=${quotedPhren} npx -y ${packageSpec} hook-prompt`,
+        stop: `PHREN_PATH=${quotedPhren} npx -y ${packageSpec} hook-stop`,
+        hookTool: `PHREN_PATH=${quotedPhren} npx -y ${packageSpec} hook-tool`,
     };
 }
 export function buildSharedLifecycleCommands() {
@@ -114,7 +121,7 @@ function withHookToolEnv(command, tool) {
     if (process.platform === "win32") {
         return `set "PHREN_HOOK_TOOL=${tool}" && ${command}`;
     }
-    return `PHREN_HOOK_TOOL="${tool}" ${command}`;
+    return `PHREN_HOOK_TOOL=${shellSingleQuote(tool)} ${command}`;
 }
 function withHookToolLifecycleCommands(lifecycle, tool) {
     return {
@@ -131,9 +138,6 @@ function installSessionWrapper(tool, phrenPath) {
     const entry = resolveCliEntryScript();
     const localBinDir = homePath(".local", "bin");
     const wrapperPath = path.join(localBinDir, tool);
-    const escapedBinary = realBinary.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
-    const escapedPhren = phrenPath.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
-    const escapedEntry = entry ? entry.replace(/\\/g, "\\\\").replace(/"/g, '\\"') : "";
     const packageSpec = phrenPackageSpec();
     const sessionStartCmd = entry
         ? `env PHREN_PATH="$PHREN_PATH" node "$ENTRY_SCRIPT" hook-session-start`
@@ -144,9 +148,10 @@ function installSessionWrapper(tool, phrenPath) {
     const content = `#!/bin/sh
 set -u
 
-REAL_BIN="${escapedBinary}"
-PHREN_PATH="\${PHREN_PATH:-${escapedPhren}}"
-ENTRY_SCRIPT="${escapedEntry}"
+REAL_BIN=${shellSingleQuote(realBinary)}
+DEFAULT_PHREN_PATH=${shellSingleQuote(phrenPath)}
+PHREN_PATH="\${PHREN_PATH:-$DEFAULT_PHREN_PATH}"
+ENTRY_SCRIPT=${shellSingleQuote(entry || "")}
 export PHREN_HOOK_TOOL="${tool}"
 
 if [ ! -x "$REAL_BIN" ]; then
@@ -268,21 +273,107 @@ const VALID_HOOK_EVENTS = new Set(HOOK_EVENT_VALUES);
 export function getHookTarget(h) {
     return "webhook" in h ? h.webhook : h.command;
 }
-/** Re-validate a command hook at execution time (mirrors mcp-hooks.ts validateHookCommand). */
-function validateCommandAtExecution(command) {
+export function validateCustomHookCommand(command) {
     const trimmed = command.trim();
     if (!trimmed)
         return "Command cannot be empty.";
     if (trimmed.length > 1000)
         return "Command too long (max 1000 characters).";
-    if (/[`$(){}&|;<>]/.test(trimmed))
-        return "Command contains disallowed shell characters.";
+    if (/[`$(){}&|;<>\n\r#]/.test(trimmed)) {
+        return "Command contains disallowed shell characters: ` $ ( ) { } & | ; < >";
+    }
     if (/\b(eval|source)\b/.test(trimmed))
         return "eval and source are not permitted in hook commands.";
     if (!/^[\w./~"'"]/.test(trimmed))
         return "Command must begin with an executable name or path.";
     return null;
 }
+function normalizeWebhookHostname(hostname) {
+    return hostname.toLowerCase().replace(/^\[|\]$/g, "");
+}
+function isPrivateOrLoopbackIpv4(address) {
+    const octets = address.split(".").map((part) => Number.parseInt(part, 10));
+    if (octets.length !== 4 || octets.some((part) => !Number.isInteger(part) || part < 0 || part > 255))
+        return false;
+    if (octets[0] === 0 || octets[0] === 10 || octets[0] === 127)
+        return true;
+    if (octets[0] === 169 && octets[1] === 254)
+        return true;
+    if (octets[0] === 172 && octets[1] >= 16 && octets[1] <= 31)
+        return true;
+    if (octets[0] === 192 && octets[1] === 168)
+        return true;
+    return false;
+}
+function isPrivateOrLoopbackAddress(address) {
+    const normalized = address.toLowerCase();
+    const ipVersion = isIP(normalized);
+    if (ipVersion === 4)
+        return isPrivateOrLoopbackIpv4(normalized);
+    if (ipVersion !== 6)
+        return false;
+    if (normalized === "::" || normalized === "::1")
+        return true;
+    if (normalized.startsWith("::ffff:"))
+        return true;
+    if (normalized.startsWith("fc") || normalized.startsWith("fd"))
+        return true;
+    if (/^fe[89ab]/.test(normalized))
+        return true;
+    const mapped = normalized.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/);
+    if (mapped)
+        return isPrivateOrLoopbackIpv4(mapped[1]);
+    return false;
+}
+function blockedWebhookHostnameReason(hostname) {
+    const normalized = normalizeWebhookHostname(hostname);
+    if (normalized === "localhost" ||
+        normalized.endsWith(".local") ||
+        normalized.endsWith(".internal") ||
+        /^(0x[0-9a-f]+|0\d+)$/i.test(normalized) ||
+        /^\d{8,10}$/.test(normalized)) {
+        return `webhook hostname "${hostname}" is a private or loopback address.`;
+    }
+    if (isPrivateOrLoopbackAddress(normalized)) {
+        return `webhook hostname "${hostname}" is a private or loopback address.`;
+    }
+    return null;
+}
+export function validateCustomWebhookUrl(webhook) {
+    let parsed;
+    try {
+        parsed = new URL(webhook.trim());
+    }
+    catch {
+        return "webhook is not a valid URL.";
+    }
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        return "webhook must be an http:// or https:// URL.";
+    }
+    return blockedWebhookHostnameReason(parsed.hostname);
+}
+async function validateWebhookAtExecution(webhook) {
+    let parsed;
+    try {
+        parsed = new URL(webhook);
+    }
+    catch {
+        return "webhook is not a valid URL.";
+    }
+    const literalBlock = blockedWebhookHostnameReason(parsed.hostname);
+    if (literalBlock)
+        return literalBlock;
+    try {
+        const records = await lookup(parsed.hostname, { all: true, verbatim: true });
+        if (records.some((record) => isPrivateOrLoopbackAddress(record.address))) {
+            return `webhook hostname "${parsed.hostname}" resolved to a private or loopback address.`;
+        }
+    }
+    catch (err) {
+        debugLog(`validateWebhookAtExecution lookup failed for ${parsed.hostname}: ${errorMessage(err)}`);
+    }
+    return null;
+}
 const DEFAULT_CUSTOM_HOOK_TIMEOUT = 5000;
 const HOOK_TIMEOUT_MS = parseInt(process.env.PHREN_HOOK_TIMEOUT_MS || '14000', 10);
 const HOOK_ERROR_LOG_MAX_LINES = 1000;
@@ -337,12 +428,21 @@ export function runCustomHooks(phrenPath, event, env = {}) {
             if (hook.secret) {
                 headers["X-Phren-Signature"] = `sha256=${createHmac("sha256", hook.secret).update(payload).digest("hex")}`;
             }
-            fetch(hook.webhook, {
-                method: "POST",
-                headers,
-                body: payload,
-                redirect: "manual",
-                signal: AbortSignal.timeout(hook.timeout ?? DEFAULT_CUSTOM_HOOK_TIMEOUT),
+            void validateWebhookAtExecution(hook.webhook)
+                .then((blockReason) => {
+                if (blockReason) {
+                    const message = `${event}: skipped webhook ${hook.webhook}: ${blockReason}`;
+                    debugLog(`runCustomHooks webhook: ${message}`);
+                    appendHookErrorLog(phrenPath, event, message);
+                    return;
+                }
+                return fetch(hook.webhook, {
+                    method: "POST",
+                    headers,
+                    body: payload,
+                    redirect: "manual",
+                    signal: AbortSignal.timeout(hook.timeout ?? DEFAULT_CUSTOM_HOOK_TIMEOUT),
+                });
             })
                 .catch((err) => {
                 const message = `${event}: ${hook.webhook}: ${errorMessage(err)}`;
@@ -357,7 +457,7 @@ export function runCustomHooks(phrenPath, event, env = {}) {
             });
             continue;
         }
-        const cmdErr = validateCommandAtExecution(hook.command);
+        const cmdErr = validateCustomHookCommand(hook.command);
         if (cmdErr) {
             const message = `${event}: skipped hook (re-validation failed): ${cmdErr}`;
             debugLog(`runCustomHooks: ${message}`);

package/mcp/dist/mcp-data.js

@@ -2,9 +2,9 @@ import { mcpResponse } from "./mcp-types.js";
 import { z } from "zod";
 import * as fs from "fs";
 import * as path from "path";
-import { isValidProjectName, errorMessage } from "./utils.js";
+import { isValidProjectName, errorMessage, safeProjectPath } from "./utils.js";
 import { readFindings, readTasks, resolveTaskFilePath, TASKS_FILENAME } from "./data-access.js";
-import { debugLog, findProjectNameCaseInsensitive, normalizeProjectNameForCreate } from "./shared.js";
+import { debugLog, findArchivedProjectNameCaseInsensitive, findProjectNameCaseInsensitive, normalizeProjectNameForCreate } from "./shared.js";
 const importPayloadSchema = z.object({
     project: z.string(),
     overwrite: z.boolean().optional(),
@@ -36,18 +36,19 @@ export function register(server, ctx) {
     }, async ({ project }) => {
         if (!isValidProjectName(project))
             return mcpResponse({ ok: false, error: `Invalid project name: "${project}"` });
-        const projectDir = path.join(phrenPath, project);
-        if (!fs.existsSync(projectDir))
+        const projectDir = safeProjectPath(phrenPath, project);
+        if (!projectDir || !fs.existsSync(projectDir) || !fs.statSync(projectDir).isDirectory()) {
             return mcpResponse({ ok: false, error: `Project "${project}" not found.` });
+        }
         const exported = { project, exportedAt: new Date().toISOString(), version: 1 };
-        const summaryPath = path.join(projectDir, "summary.md");
-        if (fs.existsSync(summaryPath))
+        const summaryPath = safeProjectPath(projectDir, "summary.md");
+        if (summaryPath && fs.existsSync(summaryPath))
             exported.summary = fs.readFileSync(summaryPath, "utf8");
         const learningsResult = readFindings(phrenPath, project);
         if (learningsResult.ok)
             exported.learnings = learningsResult.data;
-        const findingsPath = path.join(projectDir, "FINDINGS.md");
-        if (fs.existsSync(findingsPath))
+        const findingsPath = safeProjectPath(projectDir, "FINDINGS.md");
+        if (findingsPath && fs.existsSync(findingsPath))
             exported.findingsRaw = fs.readFileSync(findingsPath, "utf8");
         const taskResult = readTasks(phrenPath, project);
         if (taskResult.ok) {
@@ -57,8 +58,8 @@ export function register(server, ctx) {
             if (taskRawPath && fs.existsSync(taskRawPath))
                 exported.taskRaw = fs.readFileSync(taskRawPath, "utf8");
         }
-        const claudePath = path.join(projectDir, "CLAUDE.md");
-        if (fs.existsSync(claudePath))
+        const claudePath = safeProjectPath(projectDir, "CLAUDE.md");
+        if (claudePath && fs.existsSync(claudePath))
             exported.claudeMd = fs.readFileSync(claudePath, "utf8");
         return mcpResponse({ ok: true, message: `Exported project "${project}".`, data: exported });
     });
@@ -85,7 +86,7 @@ export function register(server, ctx) {
             }
             const parsed = parsedResult.data;
             // Warn about unknown fields silently discarded by .passthrough()
-            const knownTopLevel = new Set(["project", "overwrite", "summary", "claudeMd", "learnings", "task", "exportedAt", "version", "findingsRaw"]);
+            const knownTopLevel = new Set(["project", "overwrite", "summary", "claudeMd", "learnings", "task", "taskRaw", "exportedAt", "version", "findingsRaw"]);
             const unknownFields = Object.keys(decoded).filter(k => !knownTopLevel.has(k));
             if (unknownFields.length > 0) {
                 debugLog(`import_project: unknown fields will be ignored: ${unknownFields.join(", ")}`);
@@ -101,7 +102,10 @@ export function register(server, ctx) {
                     error: `Project "${existingProject}" already exists with different casing. Refusing to import "${projectName}" because it would split the same project on case-sensitive filesystems.`,
                 });
             }
-            const projectDir = path.join(phrenPath, projectName);
+            const projectDir = safeProjectPath(phrenPath, projectName);
+            if (!projectDir) {
+                return mcpResponse({ ok: false, error: `Invalid project name: "${parsed.project}"` });
+            }
             const overwrite = parsed.overwrite === true;
             if (fs.existsSync(projectDir) && !overwrite) {
                 return mcpResponse({
@@ -112,6 +116,7 @@ export function register(server, ctx) {
             const stagingRoot = fs.mkdtempSync(path.join(phrenPath, `.phren-import-${projectName}-`));
             const stagedProjectDir = path.join(stagingRoot, projectName);
             const imported = [];
+            let backupDir = null;
             const cleanupDir = (dir) => {
                 if (fs.existsSync(dir))
                     fs.rmSync(dir, { recursive: true, force: true });
@@ -181,7 +186,7 @@ export function register(server, ctx) {
                     fs.writeFileSync(path.join(stagedProjectDir, TASKS_FILENAME), taskContent);
                     imported.push(TASKS_FILENAME);
                 }
-                const backupDir = overwrite ? path.join(phrenPath, `${projectName}.import-backup-${Date.now()}`) : null;
+                backupDir = overwrite ? path.join(phrenPath, `${projectName}.import-backup-${Date.now()}`) : null;
                 try {
                     if (overwrite && fs.existsSync(projectDir)) {
                         fs.renameSync(projectDir, backupDir);
@@ -222,22 +227,14 @@ export function register(server, ctx) {
                     }
                     catch { /* best-effort */ }
                 }
-                else {
-                    // Find the backup dir that was created earlier
+                else if (backupDir) {
                     try {
-                        for (const entry of fs.readdirSync(phrenPath)) {
-                            if (entry.startsWith(`${projectName}.import-backup-`)) {
-                                const backupPath = path.join(phrenPath, entry);
-                                if (fs.existsSync(backupPath) && !fs.existsSync(projectDir)) {
-                                    fs.renameSync(backupPath, projectDir);
-                                }
-                                else if (fs.existsSync(backupPath)) {
-                                    // Active dir exists — remove imported dir then restore backup
-                                    fs.rmSync(projectDir, { recursive: true, force: true });
-                                    fs.renameSync(backupPath, projectDir);
-                                }
-                                break;
-                            }
+                        if (fs.existsSync(backupDir) && !fs.existsSync(projectDir)) {
+                            fs.renameSync(backupDir, projectDir);
+                        }
+                        else if (fs.existsSync(backupDir)) {
+                            fs.rmSync(projectDir, { recursive: true, force: true });
+                            fs.renameSync(backupDir, projectDir);
                         }
                     }
                     catch (err) {
@@ -252,13 +249,9 @@ export function register(server, ctx) {
                 });
             }
             // Backup is only deleted after successful rebuild so we can restore on failure
-            if (overwrite) {
+            if (backupDir && fs.existsSync(backupDir)) {
                 try {
-                    for (const entry of fs.readdirSync(phrenPath)) {
-                        if (entry.startsWith(`${projectName}.import-backup-`)) {
-                            fs.rmSync(path.join(phrenPath, entry), { recursive: true, force: true });
-                        }
-                    }
+                    fs.rmSync(backupDir, { recursive: true, force: true });
                 }
                 catch (err) {
                     if ((process.env.PHREN_DEBUG))
@@ -284,9 +277,13 @@ export function register(server, ctx) {
             return mcpResponse({ ok: false, error: `Invalid project name: "${project}"` });
         return withWriteQueue(async () => {
             const activeProject = findProjectNameCaseInsensitive(phrenPath, project);
-            const projectDir = path.join(phrenPath, project);
-            const archiveDir = path.join(phrenPath, `${project}.archived`);
+            const archivedProject = findArchivedProjectNameCaseInsensitive(phrenPath, project);
             if (action === "archive") {
+                if (!activeProject) {
+                    return mcpResponse({ ok: false, error: `Project "${project}" not found.` });
+                }
+                const projectDir = path.join(phrenPath, activeProject);
+                const archiveDir = path.join(phrenPath, `${activeProject}.archived`);
                 if (!fs.existsSync(projectDir)) {
                     return mcpResponse({ ok: false, error: `Project "${project}" not found.` });
                 }
@@ -311,11 +308,13 @@ export function register(server, ctx) {
             if (activeProject) {
                 return mcpResponse({ ok: false, error: `Project "${activeProject}" already exists as an active project.` });
             }
-            if (!fs.existsSync(archiveDir)) {
+            if (!archivedProject) {
                 const entries = fs.readdirSync(phrenPath).filter((e) => e.endsWith(".archived"));
                 const available = entries.map((e) => e.replace(/\.archived$/, ""));
                 return mcpResponse({ ok: false, error: `No archive found for "${project}".`, data: { availableArchives: available } });
             }
+            const projectDir = path.join(phrenPath, archivedProject);
+            const archiveDir = path.join(phrenPath, `${archivedProject}.archived`);
             fs.renameSync(archiveDir, projectDir);
             try {
                 await rebuildIndex();
@@ -326,8 +325,8 @@ export function register(server, ctx) {
             }
             return mcpResponse({
                 ok: true,
-                message: `Unarchived project "${project}". It is now active again.`,
-                data: { project, path: projectDir },
+                message: `Unarchived project "${archivedProject}". It is now active again.`,
+                data: { project: archivedProject, path: projectDir },
             });
         }); // end withWriteQueue
     });

package/mcp/dist/mcp-graph.js

@@ -268,8 +268,8 @@ export function register(server, ctx) {
                             existing = JSON.parse(fs.readFileSync(manualLinksPath, "utf8"));
                         }
                         catch (err) {
-                            if (process.env.PHREN_DEBUG)
-                                process.stderr.write(`[phren] link_findings manualLinksRead: ${errorMessage(err)}\n`);
+                            process.stderr.write(`[phren] link_findings manualLinksRead: manual-links.json is malformed — aborting to avoid data loss: ${errorMessage(err)}\n`);
+                            throw err;
                         }
                     }
                     const newEntry = { entity: fragmentName, entityType: resolvedFragmentType, sourceDoc, relType };

package/mcp/dist/mcp-hooks.js

@@ -3,37 +3,12 @@ import { z } from "zod";
 import * as fs from "fs";
 import * as path from "path";
 import { readInstallPreferences, updateInstallPreferences } from "./init-preferences.js";
-import { readCustomHooks, getHookTarget, HOOK_EVENT_VALUES } from "./hooks.js";
+import { readCustomHooks, getHookTarget, HOOK_EVENT_VALUES, validateCustomHookCommand, validateCustomWebhookUrl } from "./hooks.js";
 import { hookConfigPath } from "./shared.js";
 import { PROJECT_HOOK_EVENTS, isProjectHookEnabled, readProjectConfig, writeProjectHookConfig } from "./project-config.js";
 import { isValidProjectName } from "./utils.js";
 const HOOK_TOOLS = ["claude", "copilot", "cursor", "codex"];
 const VALID_CUSTOM_EVENTS = HOOK_EVENT_VALUES;
-/**
- * Validate a custom hook command at registration time.
- * Rejects obviously dangerous patterns to reduce confused-deputy risk
- * if install-preferences.json is ever compromised.
- * Returns an error string, or null if valid.
- */
-function validateHookCommand(command) {
-    const trimmed = command.trim();
-    if (!trimmed)
-        return "Command cannot be empty.";
-    if (trimmed.length > 1000)
-        return "Command too long (max 1000 characters).";
-    // Reject shell metacharacters that allow injection or arbitrary execution
-    // when the command is later run via `sh -c`.
-    if (/[`$(){}&|;<>\n\r#]/.test(trimmed)) {
-        return "Command contains disallowed shell characters: ` $ ( ) { } & | ; < >";
-    }
-    // eval and source can execute arbitrary code
-    if (/\b(eval|source)\b/.test(trimmed))
-        return "eval and source are not permitted in hook commands.";
-    // Command must start with a word character, path, or quoted string
-    if (!/^[\w./~"'"]/.test(trimmed))
-        return "Command must begin with an executable name or path.";
-    return null;
-}
 function normalizeHookTool(input) {
     if (!input)
         return null;
@@ -193,47 +168,13 @@ export function register(server, ctx) {
         let newHook;
         if (webhook) {
             const trimmed = webhook.trim();
-            if (!trimmed.startsWith("http://") && !trimmed.startsWith("https://")) {
-                return mcpResponse({ ok: false, error: "webhook must be an http:// or https:// URL." });
-            }
-            // Reject private/loopback hostnames to prevent SSRF
-            try {
-                const { hostname } = new URL(trimmed);
-                const h = hostname.toLowerCase().replace(/^\[|\]$/g, ""); // strip IPv6 brackets
-                const ssrfBlocked = h === "localhost" ||
-                    // IPv4 private/loopback ranges
-                    /^127\./.test(h) ||
-                    /^10\./.test(h) ||
-                    /^172\.(1[6-9]|2\d|3[01])\./.test(h) ||
-                    /^192\.168\./.test(h) ||
-                    /^169\.254\./.test(h) ||
-                    // IPv6 loopback
-                    h === "::1" ||
-                    // IPv6 ULA (fc00::/7 covers fc:: and fd::)
-                    h.startsWith("fc") ||
-                    h.startsWith("fd") ||
-                    // IPv6 link-local (fe80::/10)
-                    h.startsWith("fe80:") ||
-                    // IPv4-mapped IPv6 (::ffff:10.x.x.x, ::ffff:127.x.x.x, etc.)
-                    /^::ffff:/i.test(h) ||
-                    // Raw numeric IPv4 forms not normalized by all URL parsers:
-                    // decimal (2130706433), hex (0x7f000001), octal (0177.0.0.1 prefix)
-                    /^(0x[0-9a-f]+|0\d+)$/i.test(h) ||
-                    // Pure decimal integer that encodes an IPv4 address (8+ digits covers 0.0.0.0+)
-                    /^\d{8,10}$/.test(h) ||
-                    h.endsWith(".local") ||
-                    h.endsWith(".internal");
-                if (ssrfBlocked) {
-                    return mcpResponse({ ok: false, error: `webhook hostname "${hostname}" is a private or loopback address.` });
-                }
-            }
-            catch {
-                return mcpResponse({ ok: false, error: "webhook is not a valid URL." });
-            }
+            const webhookErr = validateCustomWebhookUrl(trimmed);
+            if (webhookErr)
+                return mcpResponse({ ok: false, error: webhookErr });
             newHook = { event, webhook: trimmed, ...(secret ? { secret } : {}), ...(timeout !== undefined ? { timeout } : {}) };
         }
         else {
-            const cmdErr = validateHookCommand(command);
+            const cmdErr = validateCustomHookCommand(command);
             if (cmdErr)
                 return mcpResponse({ ok: false, error: cmdErr });
             newHook = { event, command: command, ...(timeout !== undefined ? { timeout } : {}) };