@schoolai/shipyard 3.2.2 → 3.2.3-rc.20260422.1

package/dist/{serve-O4AHOTL4.js → serve-KNOYKFPQ.js}

@@ -47,11 +47,11 @@ import {
   VaultKeyPutRequestSchema,
   VaultKeyPutResponseSchema,
   classifyClaudeCodeCompatibility
-} from "./chunk-N4ZTO3K3.js";
+} from "./chunk-AWHTFJIM.js";
 import "./chunk-EHQITHQX.js";
 import {
   loadAuthToken
-} from "./chunk-5RH5JP3R.js";
+} from "./chunk-GLH3V7NG.js";
 import {
   DiscoveryStateSchema,
   detectMCPServers,
@@ -62,19 +62,19 @@ import {
   redactEnv,
   resolveEnabledMcpServers,
   resolveStdioEnv
-} from "./chunk-NZFMJMJN.js";
+} from "./chunk-67VJDX7G.js";
 import {
   createChildLogger,
   flushLogger,
   logger
-} from "./chunk-DB5R6SKT.js";
+} from "./chunk-DNIC3FOH.js";
 import {
   external_exports,
   getShipyardHome,
   isVanillaAgentMode,
   toJSONSchema,
   validateEnv
-} from "./chunk-KUV4J6NI.js";
+} from "./chunk-M5M6VC5F.js";
 import {
   detectSkills
 } from "./chunk-DPMRSLYJ.js";
@@ -83,8 +83,8 @@ import {
 } from "./chunk-2H7UOFLK.js";
 
 // src/services/serve.ts
-import { mkdir as mkdir25, realpath as realpath2 } from "fs/promises";
-import { join as join56 } from "path";
+import { mkdir as mkdir25, realpath as realpath3 } from "fs/promises";
+import { join as join57 } from "path";
 import { query as query2 } from "@anthropic-ai/claude-agent-sdk";
 
 // ../../node_modules/.pnpm/@loro-extended+change@6.0.0-beta.0_loro-crdt@1.11.1/node_modules/@loro-extended/change/dist/index.js
@@ -27270,7 +27270,8 @@ var PlanDetectionSchema = external_exports.object({
   filePath: external_exports.string(),
   planDocId: external_exports.string(),
   allowedPrompts: external_exports.array(AllowedPromptSchema).optional(),
-  originalMarkdown: external_exports.string().optional()
+  originalMarkdown: external_exports.string().optional(),
+  approved: external_exports.boolean().optional()
 });
 var TaskRecordSchema = external_exports.object({
   taskId: external_exports.string(),
@@ -28220,7 +28221,8 @@ var DaemonToBrowserControlMessageSchema = external_exports.discriminatedUnion("t
       tool: external_exports.string(),
       prompt: external_exports.string()
     })).optional(),
-    isRevision: external_exports.boolean().optional()
+    isRevision: external_exports.boolean().optional(),
+    approved: external_exports.boolean().optional()
   }),
   external_exports.object({
     type: external_exports.literal("plan_continuation_timeout"),
@@ -28633,7 +28635,12 @@ var HunkRangeSchema = external_exports.object({
   modifiedEnd: external_exports.number()
 });
 var BrowserToFileIOMessageSchema = external_exports.discriminatedUnion("type", [
-  external_exports.object({ type: external_exports.literal("read_file"), requestId: external_exports.string(), path: external_exports.string() }),
+  external_exports.object({
+    type: external_exports.literal("read_file"),
+    requestId: external_exports.string(),
+    path: external_exports.string(),
+    external: external_exports.boolean().optional()
+  }),
   external_exports.object({
     type: external_exports.literal("write_file"),
     requestId: external_exports.string(),
@@ -28641,7 +28648,12 @@ var BrowserToFileIOMessageSchema = external_exports.discriminatedUnion("type", [
     content: external_exports.string()
   }),
   external_exports.object({ type: external_exports.literal("readdir"), requestId: external_exports.string(), path: external_exports.string() }),
-  external_exports.object({ type: external_exports.literal("stat"), requestId: external_exports.string(), path: external_exports.string() }),
+  external_exports.object({
+    type: external_exports.literal("stat"),
+    requestId: external_exports.string(),
+    path: external_exports.string(),
+    external: external_exports.boolean().optional()
+  }),
   external_exports.object({ type: external_exports.literal("git_status"), requestId: external_exports.string() }),
   external_exports.object({
     type: external_exports.literal("git_diff_file"),
@@ -31690,7 +31702,7 @@ function nanoid(size2 = 21) {
 }
 
 // src/services/bootstrap/signaling.ts
-var DAEMON_NPM_VERSION = true ? "3.2.2" : "unknown";
+var DAEMON_NPM_VERSION = true ? "3.2.3" : "unknown";
 function createDaemonSignaling(config2) {
   const agentId = config2.agentId ?? nanoid();
   function send(msg) {
@@ -34005,7 +34017,6 @@ async function deleteAdvertisement(shipyardHome) {
 
 // src/services/local-direct/local-direct-wiring.ts
 async function setupLocalDirect(deps) {
-  if (!deps.env.SHIPYARD_LOCAL_DIRECT) return null;
   const token = generateLocalDirectToken();
   const server = await createLocalDirectServer({
     token,
@@ -66609,22 +66620,22 @@ function isTextSelectionAcrossCells({ $from, $to }) {
 function normalizeSelection(state, tr2, allowTableNodeSelection) {
   const sel = (tr2 || state).selection;
   const doc3 = (tr2 || state).doc;
-  let normalize7;
+  let normalize8;
   let role;
   if (sel instanceof NodeSelection && (role = sel.node.type.spec.tableRole)) {
-    if (role == "cell" || role == "header_cell") normalize7 = CellSelection.create(doc3, sel.from);
+    if (role == "cell" || role == "header_cell") normalize8 = CellSelection.create(doc3, sel.from);
     else if (role == "row") {
       const $cell = doc3.resolve(sel.from + 1);
-      normalize7 = CellSelection.rowSelection($cell, $cell);
+      normalize8 = CellSelection.rowSelection($cell, $cell);
     } else if (!allowTableNodeSelection) {
       const map3 = TableMap.get(sel.node);
       const start = sel.from + 1;
       const lastCell = start + map3.map[map3.width * map3.height - 1];
-      normalize7 = CellSelection.create(doc3, start + 1, lastCell);
+      normalize8 = CellSelection.create(doc3, start + 1, lastCell);
     }
-  } else if (sel instanceof TextSelection && isCellBoundarySelection(sel)) normalize7 = TextSelection.create(doc3, sel.from);
-  else if (sel instanceof TextSelection && isTextSelectionAcrossCells(sel)) normalize7 = TextSelection.create(doc3, sel.$from.start(), sel.$from.end());
-  if (normalize7) (tr2 || (tr2 = state.tr)).setSelection(normalize7);
+  } else if (sel instanceof TextSelection && isCellBoundarySelection(sel)) normalize8 = TextSelection.create(doc3, sel.from);
+  else if (sel instanceof TextSelection && isTextSelectionAcrossCells(sel)) normalize8 = TextSelection.create(doc3, sel.$from.start(), sel.$from.end());
+  if (normalize8) (tr2 || (tr2 = state.tr)).setSelection(normalize8);
   return tr2;
 }
 var fixTablesKey = new PluginKey("fix-tables");
@@ -84572,16 +84583,18 @@ async function buildRateLimitStore(dataDir, opts) {
     }
   };
 }
+function deriveWindowFromEvent(incoming, eventTime) {
+  if (!isWindowKey(incoming.rateLimitType)) return void 0;
+  const utilization = typeof incoming.utilization === "number" ? incoming.utilization : incoming.status === "rejected" ? 1 : void 0;
+  if (utilization === void 0) return void 0;
+  return { utilization, resetsAt: incoming.resetsAt, updatedAt: eventTime };
+}
 function mergeEvent(prev, incoming, eventTime) {
   const prevByWindow = prev?.byWindow ?? {};
   const byWindow = { ...prevByWindow };
-  if (isWindowKey(incoming.rateLimitType) && typeof incoming.utilization === "number") {
-    const window2 = {
-      utilization: incoming.utilization,
-      resetsAt: incoming.resetsAt,
-      updatedAt: eventTime
-    };
-    byWindow[incoming.rateLimitType] = window2;
+  const derived = deriveWindowFromEvent(incoming, eventTime);
+  if (derived && isWindowKey(incoming.rateLimitType)) {
+    byWindow[incoming.rateLimitType] = derived;
   }
   const nowInOverage = incoming.isUsingOverage === true;
   const wasInOverage = prev?.overageStartedAt !== void 0;
@@ -84635,12 +84648,15 @@ function migrateV1toV2(v1) {
   for (const [accountKey, record] of Object.entries(v1.records)) {
     const { info, updatedAt } = record;
     const byWindow = {};
-    if (isWindowKey(info.rateLimitType) && typeof info.utilization === "number") {
-      byWindow[info.rateLimitType] = {
-        utilization: info.utilization,
-        resetsAt: info.resetsAt,
-        updatedAt
-      };
+    if (isWindowKey(info.rateLimitType)) {
+      const utilization = typeof info.utilization === "number" ? info.utilization : info.status === "rejected" ? 1 : void 0;
+      if (utilization !== void 0) {
+        byWindow[info.rateLimitType] = {
+          utilization,
+          resetsAt: info.resetsAt,
+          updatedAt
+        };
+      }
     }
     const nowInOverage = info.isUsingOverage === true;
     records[accountKey] = {
@@ -88292,14 +88308,17 @@ var PlanHandler = class {
     });
     if (this.#approvalReceived) {
       this.#approvalReceived = false;
-      this.#persistDetection(null).catch((err) => {
-        this.#deps.log({
-          event: "plan_persist_clear_failed",
-          taskId: this.#deps.taskId,
-          toolUseId,
-          error: err instanceof Error ? err.message : String(err)
+      const previous = this.#lastPlanDetection;
+      if (previous) {
+        this.#persistDetection({ ...previous, approved: true }).catch((err) => {
+          this.#deps.log({
+            event: "plan_persist_approve_failed",
+            taskId: this.#deps.taskId,
+            toolUseId,
+            error: err instanceof Error ? err.message : String(err)
+          });
         });
-      });
+      }
       this.#deps.log({
         event: "exit_plan_mode_approved",
         taskId: this.#deps.taskId,
@@ -88402,7 +88421,7 @@ var PlanHandler = class {
    */
   replayPlanDetection(send) {
     if (!this.#lastPlanDetection) return;
-    const { toolUseId, filePath, planDocId, allowedPrompts } = this.#lastPlanDetection;
+    const { toolUseId, filePath, planDocId, allowedPrompts, approved } = this.#lastPlanDetection;
     const markdown = this.#deps.planRepo.getContent(this.#deps.taskId);
     send({
       type: "plan_detected",
@@ -88411,7 +88430,8 @@ var PlanHandler = class {
       filePath,
       planDocId,
       markdown,
-      allowedPrompts
+      allowedPrompts,
+      approved
     });
   }
   /**
@@ -91117,11 +91137,24 @@ var StructuredTaskTracker = class {
   #ccTaskWatcherDispose = null;
   #suppressWriteThrough = false;
   #ccTaskFileWriter;
-  #restoreInProgress = false;
+  /**
+   * Gate the first flush until an overlay has either been applied or the
+   * caller has explicitly signaled that none is coming. Both flags below
+   * must be false for the flush to proceed during restore.
+   */
+  #restoreNeedsOverlay = false;
+  /**
+   * Gate the first flush until the file watcher's initial disk reconcile
+   * has fired. Only set during restore for tasks with a session id.
+   */
+  #restoreNeedsDisk = false;
   constructor(deps) {
     this.#deps = deps;
     this.#ccTaskFileWriter = createCCTaskFileWriter(null, deps.log);
-    this.#restoreInProgress = deps.restoreInProgress ?? false;
+    if (deps.restoreInProgress) {
+      this.#restoreNeedsOverlay = true;
+      this.#restoreNeedsDisk = deps.restoreExpectDisk ?? false;
+    }
   }
   get currentOverlay() {
     return this.#currentOverlay;
@@ -91165,24 +91198,37 @@ var StructuredTaskTracker = class {
   }
   /**
    * Apply an overlay on top of CC tasks. Stores the overlay and re-flushes.
-   * Exits restore mode — applyOverlay is the terminal piece of restoration
-   * (disk reconcile is idempotent with the seeded overlay, so we flush once
-   * here with full inputs instead of producing a partial pre-overlay flush).
+   * Clears the overlay-pending gate. The flush still waits if a disk reconcile
+   * is expected (restoreExpectDisk=true at construction): without that second
+   * gate, the applyOverlay-first restart ordering would emit an overlay-only
+   * map to the store on every boot, bumping TaskRecord.lastActivityAt for
+   * every restored task that has an overlay.
    */
   applyOverlay(overlay) {
     this.#currentOverlay = overlay;
-    this.#restoreInProgress = false;
+    this.#restoreNeedsOverlay = false;
+    this.#flushStructuredTasks();
+  }
+  /**
+   * Signal that no overlay will be applied during this restore. Clears the
+   * overlay-pending gate but NOT the disk gate — if the restored task has a
+   * session id, the file watcher's first reconcile remains the terminal
+   * signal before the store receives a flush.
+   */
+  markNoOverlay() {
+    if (!this.#restoreNeedsOverlay) return;
+    this.#restoreNeedsOverlay = false;
     this.#flushStructuredTasks();
   }
   /**
-   * Signal that restoration has finished for tasks that have no persisted
-   * overlay to apply. Unblocks #flushStructuredTasks and runs one flush with
-   * the current state (disk-only, no overlay). Must be called by the
-   * restoration caller whenever applyOverlay will not be invoked.
+   * Clear BOTH restore gates. Used in error paths (hydration promise rejected)
+   * and by restorers that know neither an overlay nor a disk reconcile will
+   * arrive. If either signal fires after this, the natural flush handles it.
    */
   markRestoreComplete() {
-    if (!this.#restoreInProgress) return;
-    this.#restoreInProgress = false;
+    if (!this.#restoreNeedsOverlay && !this.#restoreNeedsDisk) return;
+    this.#restoreNeedsOverlay = false;
+    this.#restoreNeedsDisk = false;
     this.#flushStructuredTasks();
   }
   processStructuredTaskEvents(content) {
@@ -91292,7 +91338,7 @@ var StructuredTaskTracker = class {
    * 7. Push to updateStructuredTasks
    */
   #flushStructuredTasks() {
-    if (this.#restoreInProgress) return;
+    if (this.#restoreNeedsOverlay || this.#restoreNeedsDisk) return;
     const overlay = this.#currentOverlay ?? DEFAULT_TASK_OVERLAY;
     const merged = applyOverlayToMap(this.#structuredTasks, overlay);
     const todoProgress = computeTodoProgress(merged);
@@ -91314,6 +91360,7 @@ var StructuredTaskTracker = class {
    * - Re-flush with overlay applied
    */
   #reconcileFromDisk(ccTasks) {
+    this.#restoreNeedsDisk = false;
     const currentDiskIds = /* @__PURE__ */ new Set();
     for (const file of ccTasks) {
       currentDiskIds.add(file.id);
@@ -92497,7 +92544,12 @@ var Task = class {
       taskId: deps.taskId,
       log: deps.log,
       updateStructuredTasks: deps.updateStructuredTasks,
-      restoreInProgress: deps.restoreInProgress ?? false
+      restoreInProgress: deps.restoreInProgress ?? false,
+      /**
+       * Only wait for a disk reconcile if a CC session exists — else the file
+       * watcher never attaches and the gate would never clear.
+       */
+      restoreExpectDisk: Boolean(deps.restoreInProgress && deps.existingSessionId)
     });
     this.#pushManager = new ResourcePushManager({
       taskId: deps.taskId,
@@ -94192,6 +94244,10 @@ Use this context to maintain continuity. You have already done this work \u2014
   markStructuredTaskRestoreComplete() {
     this.#structuredTaskTracker.markRestoreComplete();
   }
+  /** See StructuredTaskTracker.markNoOverlay. */
+  markStructuredTaskNoOverlay() {
+    this.#structuredTaskTracker.markNoOverlay();
+  }
   /** ---------------------------------------------------------------- */
   /** Resource resolution                                              */
   /** ---------------------------------------------------------------- */
@@ -95132,11 +95188,14 @@ var TaskManager = class {
     const cwd = opts.cwd;
     const mode = opts.mode ?? "task";
     let orchestratorRef = null;
+    const hasSession = Boolean(opts.existingSessionId);
     const restoreHydration = async () => {
       const record = await this.#deps.taskStateStore.getTask(taskId);
       if (!orchestratorRef || !this.#tasks.has(taskId)) return;
       if (record?.taskOverlay) {
         orchestratorRef.applyOverlay(record.taskOverlay);
+      } else if (hasSession) {
+        orchestratorRef.markStructuredTaskNoOverlay();
       } else {
         orchestratorRef.markStructuredTaskRestoreComplete();
       }
@@ -99787,7 +99846,7 @@ function friendlyExecError(err) {
 async function refreshPluginCapabilities(daemon, tokenStore) {
   const [updatedMarketplace, updatedMcp, updatedSkills] = await Promise.all([
     detectMarketplacePlugins(),
-    import("./mcp-servers-YT5BADYE.js").then(
+    import("./mcp-servers-MUVTAMDT.js").then(
       (m2) => m2.detectMCPServers(daemon.capabilities.environments, tokenStore)
     ),
     import("./skills-NCKYNLUS.js").then(
@@ -102046,10 +102105,53 @@ function createCollabRoomManager(deps) {
 
 // src/services/file-io-handler.ts
 import { execFile as execFile10, spawn as spawn6 } from "child_process";
-import { readdir as readdir14, readFile as readFile34, realpath, stat as stat10, unlink as unlink10, writeFile as writeFile28 } from "fs/promises";
-import { normalize as normalize6, relative as relative3, resolve as resolve2 } from "path";
+import { readdir as readdir14, readFile as readFile34, realpath as realpath2, stat as stat10, unlink as unlink10, writeFile as writeFile28 } from "fs/promises";
+import { normalize as normalize7, relative as relative3, resolve as resolve2 } from "path";
 import { promisify as promisify7 } from "util";
 
+// src/shared/file-io-path-safety.ts
+import { realpath } from "fs/promises";
+import { basename as basename5, dirname as dirname19, join as join52, normalize as normalize6 } from "path";
+async function safeAbsolutePath(userPath, isHidden2, allowedHiddenNames) {
+  const normalized = prepareAbsolutePath(userPath, isHidden2, allowedHiddenNames);
+  if (normalized === null) return null;
+  const canonical = await canonicalizeOrRecombine(normalized);
+  if (canonical === null) return null;
+  if (!checkSegmentsAllowed(canonical, isHidden2, allowedHiddenNames)) return null;
+  return canonical;
+}
+function prepareAbsolutePath(userPath, isHidden2, allowedHiddenNames) {
+  if (!userPath.startsWith("/")) return null;
+  const normalized = normalize6(userPath);
+  if (normalized.startsWith("..") || normalized.includes("/..") || normalized.includes("\\..")) {
+    return null;
+  }
+  if (!checkSegmentsAllowed(normalized, isHidden2, allowedHiddenNames)) return null;
+  return normalized;
+}
+async function canonicalizeOrRecombine(path2) {
+  try {
+    return await realpath(path2);
+  } catch (err) {
+    if (!isEnoent2(err)) return null;
+    const parentCanonical = await realpath(dirname19(path2)).catch(() => null);
+    if (parentCanonical === null) return null;
+    return join52(parentCanonical, basename5(path2));
+  }
+}
+function isEnoent2(err) {
+  return typeof err === "object" && err !== null && "code" in err && err.code === "ENOENT";
+}
+function checkSegmentsAllowed(path2, isHidden2, allowedHiddenNames) {
+  const segments = path2.split(/[/\\]/).filter((s2) => s2.length > 0 && s2 !== ".");
+  for (const seg of segments) {
+    if (!isHidden2(seg)) continue;
+    if (allowedHiddenNames?.has(seg)) continue;
+    return false;
+  }
+  return true;
+}
+
 // src/services/channels/handlers/snapshot-diff-handler.ts
 function planSnapshotDiff(input) {
   const { fromRef, toRef, fromRefExists, toRefExists, autoFetch, parentIsMerged } = input;
@@ -102280,7 +102382,7 @@ function handleFileIOChannel(initialCwd, send, log, deps) {
     return safePathWithOverrides(userPath, /* @__PURE__ */ new Set(["node_modules"]));
   }
   function safePathWithOverrides(userPath, allowedHiddenNames) {
-    const normalized = normalize6(userPath);
+    const normalized = normalize7(userPath);
     if (normalized.startsWith("..") || normalized.includes("/..") || normalized.includes("\\..")) {
       return null;
     }
@@ -102295,6 +102397,9 @@ function handleFileIOChannel(initialCwd, send, log, deps) {
     if (rel.startsWith("..") || rel.startsWith("/")) return null;
     return abs;
   }
+  function safeAbsolutePath2(userPath, allowedHiddenNames) {
+    return safeAbsolutePath(userPath, isHidden, allowedHiddenNames);
+  }
   function onMessage(data) {
     let parsed;
     try {
@@ -102347,26 +102452,38 @@ function handleFileIOChannel(initialCwd, send, log, deps) {
         assertNever3(msg);
     }
   }
-  function dispatchFileOp(msg) {
+  async function dispatchFileOp(msg) {
     const isReadOnlyOp = msg.type === "read_file" || msg.type === "stat";
-    const abs = isReadOnlyOp ? safePathForRead(msg.path) : safePath(msg.path);
+    const isExternal = isReadOnlyOp && msg.external === true;
+    if (isExternal && !deps.allowExternalReads) {
+      log({ event: "file_io_external_denied", path: msg.path });
+      respondError(msg.requestId, `external_not_allowed:${msg.path}`);
+      return;
+    }
+    let abs;
+    if (isExternal) {
+      abs = await safeAbsolutePath2(msg.path, /* @__PURE__ */ new Set(["node_modules"]));
+    } else {
+      abs = isReadOnlyOp ? safePathForRead(msg.path) : safePath(msg.path);
+    }
     if (!abs) {
-      log({ event: "file_io_path_rejected", path: msg.path });
-      respondError(msg.requestId, `hidden_path:${msg.path}`);
+      log({ event: "file_io_path_rejected", path: msg.path, external: isExternal });
+      const code2 = isExternal ? "external_blocked" : "hidden_path";
+      respondError(msg.requestId, `${code2}:${msg.path}`);
       return;
     }
     switch (msg.type) {
       case "read_file":
-        handleReadFile(msg.requestId, abs);
+        await handleReadFile(msg.requestId, abs);
         break;
       case "write_file":
-        handleWriteFile(msg.requestId, abs, msg.content);
+        await handleWriteFile(msg.requestId, abs, msg.content);
         break;
       case "readdir":
-        handleReaddir(msg.requestId, abs);
+        await handleReaddir(msg.requestId, abs);
         break;
       case "stat":
-        handleStat(msg.requestId, abs);
+        await handleStat(msg.requestId, abs);
         break;
       default:
         assertNever3(msg);
@@ -102389,7 +102506,7 @@ function handleFileIOChannel(initialCwd, send, log, deps) {
       case "write_file":
       case "readdir":
       case "stat":
-        dispatchFileOp(msg);
+        void dispatchFileOp(msg);
         break;
       case "set_cwd":
         handleSetCwd(msg.requestId, msg.path);
@@ -102505,7 +102622,7 @@ function handleFileIOChannel(initialCwd, send, log, deps) {
   async function handleSetCwd(requestId, newPath) {
     try {
       const resolved = resolve2(newPath);
-      const canonical = await realpath(resolved);
+      const canonical = await realpath2(resolved);
       if (!deps.isAllowedCwd(canonical)) {
         respondError(requestId, "cwd not allowed");
         log({ event: "file_io_cwd_rejected", cwd: canonical });
@@ -102544,7 +102661,7 @@ function handleFileIOChannel(initialCwd, send, log, deps) {
       const { stdout } = await execFileAsync3(
         "git",
         ["ls-files", "--cached", "--others", "--exclude-standard", "-z"],
-        { cwd, maxBuffer: 10 * 1024 * 1024 }
+        { cwd, maxBuffer: 100 * 1024 * 1024 }
       );
       const files = stdout.split("\0").filter((f2) => f2.length > 0);
       respond({ type: "git_ls_files_result", requestId, files });
@@ -103332,13 +103449,13 @@ function wireThreadErrorFallback(daemon, dc, taskId, threadId, channelId, log) {
 // src/shared/pty-manager.ts
 import { accessSync, chmodSync, constants as constants2 } from "fs";
 import { createRequire as createRequire4 } from "module";
-import { dirname as dirname19, resolve as resolve3 } from "path";
+import { dirname as dirname20, resolve as resolve3 } from "path";
 import * as pty from "node-pty";
 function ensureSpawnHelperExecutable() {
   if (globalThis.process.platform === "win32") return;
   try {
     const req = createRequire4(import.meta.url);
-    const nodePtyDir = dirname19(req.resolve("node-pty/package.json"));
+    const nodePtyDir = dirname20(req.resolve("node-pty/package.json"));
     const spawnHelper = resolve3(
       nodePtyDir,
       "prebuilds",
@@ -103933,7 +104050,16 @@ function buildCollabRoomManager(deps) {
                 const taskCwd = daemon.taskManager.getTaskCwd(collabTaskId);
                 if (!taskCwd) return false;
                 return isUnderAllowedRoot2(abs, [taskCwd]);
-              }
+              },
+              /**
+               * Collab peers must NOT get external-path reads — a peer
+               * could otherwise send `{external: true, path: '/etc/hosts'}`
+               * or walk to another task's cwd via the abs-path flag, which
+               * would defeat the entire task-isolation allowlist above.
+               * The daemon rejects external:true with
+               * `external_not_allowed:...` when this flag is false.
+               */
+              allowExternalReads: false
             }
           });
           log.info("Collab file I/O channel wired");
@@ -104065,13 +104191,13 @@ function buildCollabRoomManager(deps) {
 import { execSync } from "child_process";
 import { existsSync as existsSync8 } from "fs";
 import { createRequire as createRequire5 } from "module";
-import { dirname as dirname20, join as join53 } from "path";
+import { dirname as dirname21, join as join54 } from "path";
 
 // src/services/bootstrap/self-update.ts
 import { execFile as execFile11, spawn as spawn8 } from "child_process";
 import { createHash as createHash6 } from "crypto";
 import { chmod as chmod3, mkdir as mkdir22, readFile as readFile35, rename as rename20, unlink as unlink11, writeFile as writeFile29 } from "fs/promises";
-import { join as join52 } from "path";
+import { join as join53 } from "path";
 
 // src/services/bootstrap/self-update-installer-scripts.ts
 function buildPosixInstallerScript(params) {
@@ -104473,7 +104599,7 @@ async function downloadTarball(url, destPath, fetchFn) {
       throw new Error(`download failed: HTTP ${response.status} ${response.statusText}`);
     }
     const bytes = new Uint8Array(await response.arrayBuffer());
-    await mkdir22(join52(destPath, ".."), { recursive: true });
+    await mkdir22(join53(destPath, ".."), { recursive: true });
     try {
       await writeFile29(tmpPath, bytes);
       await rename20(tmpPath, destPath);
@@ -104503,7 +104629,7 @@ async function verifyChecksum(path2, expectedHash) {
   }
 }
 async function stageInstallerScript(scriptPath, params) {
-  await mkdir22(join52(scriptPath, ".."), { recursive: true });
+  await mkdir22(join53(scriptPath, ".."), { recursive: true });
   const body = process.platform === "win32" ? buildWindowsInstallerScript(params) : buildPosixInstallerScript(params);
   await writeFile29(scriptPath, body);
   await chmod3(scriptPath, 493);
@@ -104553,16 +104679,16 @@ function buildInstallerParams(state, deps) {
     targetVersion: state.resolved.version,
     previousVersion: deps.currentVersion,
     parentPid: deps.pid,
-    statusFilePath: join52(deps.shipyardHome, "update-status.json"),
-    pidFilePath: join52(deps.shipyardHome, "daemon.pid"),
-    logPath: join52(deps.shipyardHome, "updates", `install-${deps.pid}.log`),
-    snapshotPath: join52(deps.shipyardHome, "updates", `rollback-${deps.currentVersion}`),
+    statusFilePath: join53(deps.shipyardHome, "update-status.json"),
+    pidFilePath: join53(deps.shipyardHome, "daemon.pid"),
+    logPath: join53(deps.shipyardHome, "updates", `install-${deps.pid}.log`),
+    snapshotPath: join53(deps.shipyardHome, "updates", `rollback-${deps.currentVersion}`),
     npmBin: "npm"
   };
 }
 function tarballPathFor(shipyardHome, version, shasum) {
   const shaPrefix = shasum.slice(0, 12);
-  return join52(shipyardHome, "updates", `${version}-${shaPrefix}.tgz`);
+  return join53(shipyardHome, "updates", `${version}-${shaPrefix}.tgz`);
 }
 async function runResolveStep(step, state, deps) {
   const resolver = deps.resolveVersion ?? defaultResolveVersion;
@@ -104728,7 +104854,7 @@ function resolveClaudeCodePath(log) {
   try {
     const req = createRequire5(import.meta.url);
     const sdkMain = req.resolve("@anthropic-ai/claude-agent-sdk");
-    const p2 = join53(dirname20(sdkMain), "cli.js");
+    const p2 = join54(dirname21(sdkMain), "cli.js");
     if (existsSync8(p2)) return ok("sdk_bundled", p2);
   } catch {
   }
@@ -104738,7 +104864,7 @@ function resolveClaudeCodePath(log) {
   } catch {
   }
   for (const c of [
-    join53(process.env.HOME ?? "", ".local", "bin", "claude"),
+    join54(process.env.HOME ?? "", ".local", "bin", "claude"),
     "/usr/local/bin/claude"
   ])
     if (existsSync8(c)) return ok("well_known", c);
@@ -105069,7 +105195,14 @@ function buildSharedChannelCallbacks(deps) {
           diffTurn: (taskId, turnIndex) => daemon.taskManager.diffTurn(taskId, turnIndex),
           diffTurnFile: (taskId, turnIndex, path2) => daemon.taskManager.diffTurnFile(taskId, turnIndex, path2),
           revertTurn: (taskId, turnIndex, mode, filePath) => daemon.taskManager.revertTurn(taskId, turnIndex, mode, filePath),
-          isAllowedCwd: (abs) => isUnderAllowedRoot2(abs, daemon.taskManager.getAllowedCwds())
+          isAllowedCwd: (abs) => isUnderAllowedRoot2(abs, daemon.taskManager.getAllowedCwds()),
+          /**
+           * Personal-mode: owner is operating on their own host, so reading
+           * arbitrary files outside the workspace (subject to HIDDEN_PATTERNS)
+           * is the feature that lets them open ~/.claude/plans/*.md and
+           * similar. Collab wiring must pass `false` here.
+           */
+          allowExternalReads: true
         },
         onCwdChange: (newCwd) => {
           portDetectorRef.current?.setCwd(newCwd);
@@ -105237,7 +105370,7 @@ function buildLocalDirectChannelCallbacks(deps) {
 // src/services/storage/daemon-settings-store.ts
 import { createHash as createHash7 } from "crypto";
 import { mkdir as mkdir23, readFile as readFile36, rename as rename21, writeFile as writeFile30 } from "fs/promises";
-import { join as join54 } from "path";
+import { join as join55 } from "path";
 var ProjectSettingsSchema = external_exports.object({
   disabledMcpServers: external_exports.array(external_exports.string()).optional()
 });
@@ -105245,9 +105378,9 @@ function hashProjectPath(projectPath) {
   return createHash7("sha256").update(projectPath).digest("hex").slice(0, 16);
 }
 function buildDaemonSettingsStore(dataDir) {
-  const settingsDir = join54(dataDir, "settings");
+  const settingsDir = join55(dataDir, "settings");
   function settingsPath(projectPath) {
-    return join54(settingsDir, `${hashProjectPath(projectPath)}.json`);
+    return join55(settingsDir, `${hashProjectPath(projectPath)}.json`);
   }
   async function ensureDir() {
     await mkdir23(settingsDir, { recursive: true });
@@ -105274,12 +105407,12 @@ function buildDaemonSettingsStore(dataDir) {
 
 // src/services/storage/plugin-config-store.ts
 import { mkdir as mkdir24, readFile as readFile37, rename as rename22, writeFile as writeFile31 } from "fs/promises";
-import { join as join55 } from "path";
+import { join as join56 } from "path";
 function buildPluginConfigStore(pluginsDir) {
   const cache2 = /* @__PURE__ */ new Map();
   const writeQueues = /* @__PURE__ */ new Map();
   function configPath(pluginId) {
-    return join55(pluginsDir, pluginId, "config.json");
+    return join56(pluginsDir, pluginId, "config.json");
   }
   async function ensureLoaded(pluginId) {
     const cached2 = cache2.get(pluginId);
@@ -105310,7 +105443,7 @@ function buildPluginConfigStore(pluginsDir) {
       const next = prev.then(async () => {
         const filePath = configPath(pluginId);
         const tmpPath = `${filePath}.tmp`;
-        await mkdir24(join55(pluginsDir, pluginId), { recursive: true });
+        await mkdir24(join56(pluginsDir, pluginId), { recursive: true });
         await writeFile31(tmpPath, JSON.stringify(config2, null, 2), "utf-8");
         await rename22(tmpPath, filePath);
       });
@@ -105331,13 +105464,13 @@ function buildPluginConfigStore(pluginsDir) {
 var LEGACY_EPOCH = 5;
 async function serve(options = {}) {
   const shipyardHome = options.shipyardHome ?? getShipyardHome();
-  const dataDir = join56(shipyardHome, options.isDev ? "data-dev" : "data");
+  const dataDir = join57(shipyardHome, options.isDev ? "data-dev" : "data");
   const log = createChildLogger({ mode: "serve" });
-  const workspaceRoot = await realpath2(findProjectRoot(process.cwd())).catch(
+  const workspaceRoot = await realpath3(findProjectRoot(process.cwd())).catch(
     () => findProjectRoot(process.cwd())
   );
   registerBuiltinPlugins();
-  const pluginConfigStore = buildPluginConfigStore(join56(dataDir, "plugins"));
+  const pluginConfigStore = buildPluginConfigStore(join57(dataDir, "plugins"));
   await mkdir25(dataDir, { recursive: true });
   log.info({ shipyardHome, dataDir, workspaceRoot }, "Starting daemon");
   function logAdapter(entry) {
@@ -105363,8 +105496,8 @@ async function serve(options = {}) {
   await lifecycle.acquirePidFile(shipyardHome);
   const pidTracker = buildPidTracker(shipyardHome);
   await pidTracker.sweepOrphans(logAdapter);
-  await pruneOldEpochData(join56(dataDir, "loro"), LEGACY_EPOCH, logAdapter);
-  const storage = new FileStorageAdapter(join56(dataDir, "loro"));
+  await pruneOldEpochData(join57(dataDir, "loro"), LEGACY_EPOCH, logAdapter);
+  const storage = new FileStorageAdapter(join57(dataDir, "loro"));
   const personalWebrtcAdapter = new WebRtcDataChannelAdapter();
   const peerRoleRegistry = createPeerRoleRegistry();
   const presencePoolRef = { pool: {} };
@@ -105425,7 +105558,7 @@ async function serve(options = {}) {
     previewProxy
   });
   daemon.healthMetrics.start();
-  const pluginsDir = join56(shipyardHome, "plugins");
+  const pluginsDir = join57(shipyardHome, "plugins");
   await mkdir25(pluginsDir, { recursive: true });
   let loadedPlugins = [];
   const loadedPluginsRef = {
@@ -105558,7 +105691,6 @@ async function serve(options = {}) {
   const peerManager = peerSetupDeps ? buildPeerManager(peerSetupDeps) : null;
   if (peerSetupDeps && !localDirectRef.current) {
     const handle = await setupLocalDirect({
-      env,
       shipyardHome,
       daemonId: daemonPeerId,
       userId: auth3.userId,
@@ -105701,4 +105833,4 @@ export {
   _testing,
   serve
 };
-//# sourceMappingURL=serve-O4AHOTL4.js.map
+//# sourceMappingURL=serve-KNOYKFPQ.js.map