@shrkcrft/generator 0.1.0-alpha.16 → 0.1.0-alpha.18

package/dist/folder-apply.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"folder-apply.d.ts","sourceRoot":"","sources":["../src/folder-apply.ts"],"names":[],"mappings":"AAcA,OAAO,EAAuB,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEzE,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,eAAe,GAAG,eAAe,CAAC;IACjD,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC;CACtC;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,cAAc,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,MAAM,EAAE,+BAA+B,CAAC;IACjD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,SAAS,eAAe,EAAE,CAAC;IAC7C,QAAQ,CAAC,QAAQ,EAAE,SAAS,eAAe,EAAE,CAAC;CAC/C;AAMD,wBAAgB,cAAc,CAC5B,GAAG,EAAE,SAAS,cAAc,EAAE,EAC9B,OAAO,EAAE,gBAAgB,GACxB,oBAAoB,CAsGtB"}
+{"version":3,"file":"folder-apply.d.ts","sourceRoot":"","sources":["../src/folder-apply.ts"],"names":[],"mappings":"AAeA,OAAO,EAAuB,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEzE,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,eAAe,GAAG,eAAe,CAAC;IACjD,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC;CACtC;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,cAAc,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,MAAM,EAAE,+BAA+B,CAAC;IACjD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,SAAS,eAAe,EAAE,CAAC;IAC7C,QAAQ,CAAC,QAAQ,EAAE,SAAS,eAAe,EAAE,CAAC;CAC/C;AAMD,wBAAgB,cAAc,CAC5B,GAAG,EAAE,SAAS,cAAc,EAAE,EAC9B,OAAO,EAAE,gBAAgB,GACxB,oBAAoB,CAwHtB"}

package/dist/folder-apply.js

@@ -12,6 +12,7 @@
  */
 import { existsSync, renameSync, rmSync } from 'node:fs';
 import * as nodePath from 'node:path';
+import { safeResolveTargetPath } from '@shrkcrft/core';
 import { checkFolderOpSafety, FolderOpSafety } from "./folder-safety.js";
 function resolveAbs(projectRoot, p) {
     return nodePath.isAbsolute(p) ? p : nodePath.resolve(projectRoot, p);
@@ -60,7 +61,26 @@ export function applyFolderOps(ops, options) {
                 });
                 continue;
             }
-            if (existsSync(absNewPath)) {
+            // The rename DESTINATION is never validated by checkFolderOpSafety (which
+            // only checks targetPath), and resolveAbs even allows absolute newPaths —
+            // so `newPath: '../sibling'` or '/etc/x' would move the folder OUTSIDE the
+            // project root. Enforce containment through the same chokepoint as writes.
+            let safeNew;
+            try {
+                safeNew = safeResolveTargetPath(op.newPath, options.projectRoot);
+            }
+            catch (e) {
+                const pathErr = e;
+                rejected.push({
+                    ...baseResult,
+                    applied: false,
+                    safety: FolderOpSafety.Unsafe,
+                    reason: `rename-folder destination "${op.newPath}" is outside the project root (${pathErr.code}).`,
+                });
+                continue;
+            }
+            const safeAbsNewPath = safeNew.absolutePath;
+            if (existsSync(safeAbsNewPath)) {
                 rejected.push({
                     ...baseResult,
                     applied: false,
@@ -74,7 +94,7 @@ export function applyFolderOps(ops, options) {
                 continue;
             }
             try {
-                renameSync(absTarget, absNewPath);
+                renameSync(absTarget, safeAbsNewPath);
                 applied.push({ ...baseResult, applied: true });
             }
             catch (e) {

package/dist/index.d.ts

@@ -12,6 +12,7 @@ export * from './planned-change.js';
 export * from './folder-safety.js';
 export * from './folder-apply.js';
 export * from './synthetic-plan.js';
+export * from './package-delegate-plan.js';
 export * from './spec/index.js';
 export * from './grounding/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,uBAAuB,CAAC;AACtC,cAAc,cAAc,CAAC;AAC7B,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,uBAAuB,CAAC;AACtC,cAAc,cAAc,CAAC;AAC7B,cAAc,yBAAyB,CAAC;AACxC,cAAc,uBAAuB,CAAC;AACtC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,sBAAsB,CAAC"}

package/dist/index.js

@@ -12,5 +12,6 @@ export * from "./planned-change.js";
 export * from "./folder-safety.js";
 export * from "./folder-apply.js";
 export * from "./synthetic-plan.js";
+export * from "./package-delegate-plan.js";
 export * from "./spec/index.js";
 export * from "./grounding/index.js";

package/dist/package-delegate-plan.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Package a delegate worker's raw edit into a SIGNED-ready synthetic plan.
+ *
+ * This is the deterministic chokepoint between a stochastic worker and the
+ * write path. It:
+ *   1. drops ops whose `kind` is not in the recipe's `allowedOps` (reported,
+ *      never applied);
+ *   2. validates every remaining op's fields against the real operation union —
+ *      a malformed op refuses the whole package (the worker must retry);
+ *   3. evaluates the ops against the live file system via the SAME
+ *      `evaluateSavedPlanInPlace` apply uses, so anchor-not-found / ambiguous /
+ *      file-missing all surface as conflicts BEFORE anything is signed;
+ *   4. builds an `ISavedPlan` (templateId `__delegate/<recipe>`) the caller
+ *      signs + applies through the unmodified apply pipeline.
+ *
+ * No model, no network. The raw-op input type is declared locally so the
+ * generator layer carries no dependency on `@shrkcrft/ai`.
+ */
+import { type AppError, type Result } from '@shrkcrft/core';
+import type { IGenerationPlan } from './generation-plan.js';
+import type { ISavedPlan } from './saved-plan.js';
+export declare const DELEGATE_TEMPLATE_PREFIX = "__delegate/";
+/** A raw operation as parsed from a worker (structurally `IDelegateRawOp`). */
+export interface IDelegateOpInput {
+    targetPath: string;
+    operation: {
+        kind: string;
+    } & Record<string, unknown>;
+}
+export interface IPackageDelegateInput {
+    ops: readonly IDelegateOpInput[];
+    /** `IPlannedOperation` kinds the recipe permits; others are dropped. */
+    allowedOps: readonly string[];
+    /** Recipe id — becomes the synthetic templateId `__delegate/<id>`. */
+    recipeId: string;
+    projectRoot: string;
+}
+export interface IDroppedOp {
+    kind: string;
+    targetPath: string;
+    reason: string;
+}
+export interface IPackageDelegateResult {
+    /** Conflict-free, ready to sign. Present only when `ready`. */
+    plan?: ISavedPlan;
+    /** The evaluated generation plan (changes + conflicts) — always present. */
+    generation: IGenerationPlan;
+    /** Ops whose kind was not in `allowedOps`. */
+    droppedOps: readonly IDroppedOp[];
+    /** True when no conflicts — the plan is built and ready to sign + apply. */
+    ready: boolean;
+}
+export declare function packageDelegatePlan(input: IPackageDelegateInput): Result<IPackageDelegateResult, AppError>;
+//# sourceMappingURL=package-delegate-plan.d.ts.map

package/dist/package-delegate-plan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"package-delegate-plan.d.ts","sourceRoot":"","sources":["../src/package-delegate-plan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAsC,KAAK,QAAQ,EAAE,KAAK,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAChG,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAmBlD,eAAO,MAAM,wBAAwB,gBAAgB,CAAC;AAEtD,+EAA+E;AAC/E,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvD;AAED,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,SAAS,gBAAgB,EAAE,CAAC;IACjC,wEAAwE;IACxE,UAAU,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9B,sEAAsE;IACtE,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACrC,+DAA+D;IAC/D,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,4EAA4E;IAC5E,UAAU,EAAE,eAAe,CAAC;IAC5B,8CAA8C;IAC9C,UAAU,EAAE,SAAS,UAAU,EAAE,CAAC;IAClC,4EAA4E;IAC5E,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,qBAAqB,GAC3B,MAAM,CAAC,sBAAsB,EAAE,QAAQ,CAAC,CAoE1C"}

package/dist/package-delegate-plan.js

@@ -0,0 +1,253 @@
+/**
+ * Package a delegate worker's raw edit into a SIGNED-ready synthetic plan.
+ *
+ * This is the deterministic chokepoint between a stochastic worker and the
+ * write path. It:
+ *   1. drops ops whose `kind` is not in the recipe's `allowedOps` (reported,
+ *      never applied);
+ *   2. validates every remaining op's fields against the real operation union —
+ *      a malformed op refuses the whole package (the worker must retry);
+ *   3. evaluates the ops against the live file system via the SAME
+ *      `evaluateSavedPlanInPlace` apply uses, so anchor-not-found / ambiguous /
+ *      file-missing all surface as conflicts BEFORE anything is signed;
+ *   4. builds an `ISavedPlan` (templateId `__delegate/<recipe>`) the caller
+ *      signs + applies through the unmodified apply pipeline.
+ *
+ * No model, no network. The raw-op input type is declared locally so the
+ * generator layer carries no dependency on `@shrkcrft/ai`.
+ */
+import { err, ok, AppErrorImpl, ERROR_CODES } from '@shrkcrft/core';
+import { buildSavedPlan } from "./saved-plan.js";
+import { evaluateSavedPlanInPlace } from "./synthetic-plan.js";
+export const DELEGATE_TEMPLATE_PREFIX = '__delegate/';
+export function packageDelegatePlan(input) {
+    const allowed = new Set(input.allowedOps);
+    const droppedOps = [];
+    const expectedChanges = [];
+    for (const raw of input.ops) {
+        const kind = raw.operation.kind;
+        if (!allowed.has(kind)) {
+            droppedOps.push({
+                kind,
+                targetPath: raw.targetPath,
+                reason: `op kind "${kind}" is not in the recipe's allowedOps`,
+            });
+            continue;
+        }
+        const coerced = coerceOperation(raw.operation);
+        if (!coerced.ok) {
+            return err(new AppErrorImpl(ERROR_CODES.INVALID_INPUT, `delegate op for ${raw.targetPath}: ${coerced.error}`));
+        }
+        expectedChanges.push({
+            type: 'pending',
+            relativePath: raw.targetPath,
+            sizeBytes: 0,
+            operation: coerced.value,
+        });
+    }
+    if (expectedChanges.length === 0) {
+        return err(new AppErrorImpl(ERROR_CODES.INVALID_INPUT, droppedOps.length > 0
+            ? `delegate edit had ${droppedOps.length} op(s), all of disallowed kinds`
+            : 'delegate edit contained no operations'));
+    }
+    // Evaluate against the live FS through the SAME path apply uses — conflicts
+    // (ambiguous anchor, file missing, replace 0/>N) surface here, before signing.
+    const draft = {
+        schema: 'sharkcraft.plan/v2',
+        templateId: `${DELEGATE_TEMPLATE_PREFIX}${input.recipeId}`,
+        variables: {},
+        projectRoot: input.projectRoot,
+        createdAt: new Date().toISOString(),
+        expectedChanges,
+    };
+    const generation = evaluateSavedPlanInPlace(draft, input.projectRoot);
+    if (generation.hasConflicts) {
+        return ok({ generation, droppedOps, ready: false });
+    }
+    const plan = buildSavedPlan({
+        templateId: draft.templateId,
+        variables: {},
+        projectRoot: input.projectRoot,
+        plan: generation,
+    });
+    return ok({ plan, generation, droppedOps, ready: true });
+}
+function coerceOperation(raw) {
+    const k = raw.kind;
+    switch (k) {
+        case 'create': {
+            const content = reqStr(raw, 'content');
+            if (content === null)
+                return fail('content');
+            const op = { kind: 'create', content };
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'append': {
+            const snippet = reqStr(raw, 'snippet');
+            if (snippet === null)
+                return fail('snippet');
+            const op = { kind: 'append', snippet };
+            addOptStr(op, raw, 'ifMissing');
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'insert-after':
+        case 'insert-before': {
+            const anchor = reqStr(raw, 'anchor');
+            const snippet = reqStr(raw, 'snippet');
+            if (anchor === null)
+                return fail('anchor');
+            if (snippet === null)
+                return fail('snippet');
+            const op = { kind: k, anchor, snippet };
+            addOptStr(op, raw, 'ifMissing');
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'replace': {
+            const find = reqStr(raw, 'find');
+            const replaceWith = reqStrAllowEmpty(raw, 'replaceWith');
+            if (find === null)
+                return fail('find');
+            if (replaceWith === null)
+                return fail('replaceWith');
+            const op = { kind: 'replace', find, replaceWith };
+            const expectMatches = optNum(raw, 'expectMatches');
+            if (expectMatches !== undefined)
+                op.expectMatches = expectMatches;
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'export': {
+            const from = reqStr(raw, 'from');
+            if (from === null)
+                return fail('from');
+            const op = { kind: 'export', from };
+            const symbols = optStrArr(raw, 'symbols');
+            if (symbols)
+                op.symbols = symbols;
+            addOptStr(op, raw, 'ifMissing');
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'ensure-import': {
+            const from = reqStr(raw, 'from');
+            if (from === null)
+                return fail('from');
+            const op = { kind: 'ensure-import', from };
+            const symbols = optStrArr(raw, 'symbols');
+            if (symbols)
+                op.symbols = symbols;
+            const typeOnly = optBool(raw, 'typeOnly');
+            if (typeOnly !== undefined)
+                op.typeOnly = typeOnly;
+            addOptStr(op, raw, 'defaultBinding');
+            addOptStr(op, raw, 'namespaceBinding');
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'insert-enum-entry': {
+            const enumName = reqStr(raw, 'enumName');
+            const entryName = reqStr(raw, 'entryName');
+            const entryValue = reqStr(raw, 'entryValue');
+            if (enumName === null)
+                return fail('enumName');
+            if (entryName === null)
+                return fail('entryName');
+            if (entryValue === null)
+                return fail('entryValue');
+            const op = { kind: 'insert-enum-entry', enumName, entryName, entryValue };
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'insert-object-entry': {
+            const objectName = reqStr(raw, 'objectName');
+            const entryKey = reqStr(raw, 'entryKey');
+            const entryValue = reqStr(raw, 'entryValue');
+            if (objectName === null)
+                return fail('objectName');
+            if (entryKey === null)
+                return fail('entryKey');
+            if (entryValue === null)
+                return fail('entryValue');
+            const op = { kind: 'insert-object-entry', objectName, entryKey, entryValue };
+            const shorthand = optBool(raw, 'shorthand');
+            if (shorthand !== undefined)
+                op.shorthand = shorthand;
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'insert-array-entry': {
+            const arrayName = reqStr(raw, 'arrayName');
+            const entryValue = reqStr(raw, 'entryValue');
+            if (arrayName === null)
+                return fail('arrayName');
+            if (entryValue === null)
+                return fail('entryValue');
+            const op = { kind: 'insert-array-entry', arrayName, entryValue };
+            addOptStr(op, raw, 'ifMissing');
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'insert-before-closing-brace': {
+            const containerName = reqStr(raw, 'containerName');
+            const snippet = reqStr(raw, 'snippet');
+            if (containerName === null)
+                return fail('containerName');
+            if (snippet === null)
+                return fail('snippet');
+            const op = { kind: 'insert-before-closing-brace', containerName, snippet };
+            addOptStr(op, raw, 'ifMissing');
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        case 'insert-between-anchors': {
+            const beginAnchor = reqStr(raw, 'beginAnchor');
+            const endAnchor = reqStr(raw, 'endAnchor');
+            const snippet = reqStr(raw, 'snippet');
+            if (beginAnchor === null)
+                return fail('beginAnchor');
+            if (endAnchor === null)
+                return fail('endAnchor');
+            if (snippet === null)
+                return fail('snippet');
+            const op = { kind: 'insert-between-anchors', beginAnchor, endAnchor, snippet };
+            addOptStr(op, raw, 'ifMissing');
+            addOptStr(op, raw, 'description');
+            return { ok: true, value: op };
+        }
+        default:
+            return { ok: false, error: `unsupported op kind "${k}"` };
+    }
+}
+function fail(field) {
+    return { ok: false, error: `"${field}" must be a non-empty string` };
+}
+function reqStr(raw, field) {
+    const v = raw[field];
+    return typeof v === 'string' && v.length > 0 ? v : null;
+}
+function reqStrAllowEmpty(raw, field) {
+    const v = raw[field];
+    return typeof v === 'string' ? v : null;
+}
+function addOptStr(target, raw, field) {
+    const v = raw[field];
+    if (typeof v === 'string')
+        target[field] = v;
+}
+function optStrArr(raw, field) {
+    const v = raw[field];
+    if (Array.isArray(v) && v.every((s) => typeof s === 'string'))
+        return v;
+    return undefined;
+}
+function optBool(raw, field) {
+    const v = raw[field];
+    return typeof v === 'boolean' ? v : undefined;
+}
+function optNum(raw, field) {
+    const v = raw[field];
+    return typeof v === 'number' && Number.isFinite(v) ? v : undefined;
+}

package/dist/synthetic-plan.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"synthetic-plan.d.ts","sourceRoot":"","sources":["../src/synthetic-plan.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,eAAO,MAAM,yBAAyB,OAAO,CAAC;AAE9C,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAEjE;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,UAAU,EAChB,WAAW,EAAE,MAAM,GAClB,eAAe,CAsCjB;AAuBD,OAAO,EAAsC,KAAK,QAAQ,EAAE,KAAK,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAChG,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE/D,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,EAAE,SAAS,WAAW,EAAE,CAAC;CACjC;AAED,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,eAAe,GACpB,MAAM,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAsCzC"}
+{"version":3,"file":"synthetic-plan.d.ts","sourceRoot":"","sources":["../src/synthetic-plan.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAkB,KAAK,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,eAAO,MAAM,yBAAyB,OAAO,CAAC;AAE9C,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAEjE;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,UAAU,EAChB,WAAW,EAAE,MAAM,GAClB,eAAe,CAsCjB;AAwCD,OAAO,EAAsC,KAAK,QAAQ,EAAE,KAAK,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAChG,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE/D,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,kBAAkB,CAAC;IAC5B,OAAO,EAAE,SAAS,WAAW,EAAE,CAAC;CACjC;AAWD,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,eAAe,GACpB,MAAM,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAoDzC"}

package/dist/synthetic-plan.js

@@ -15,6 +15,7 @@
  */
 import { existsSync, readFileSync } from 'node:fs';
 import * as nodePath from 'node:path';
+import { safeResolveTargetPath } from '@shrkcrft/core';
 import { evaluatePlannedChange } from "./planned-change.js";
 import { FileChangeType } from "./file-change.js";
 export const SYNTHETIC_TEMPLATE_PREFIX = '__';
@@ -62,12 +63,30 @@ export function evaluateSavedPlanInPlace(plan, projectRoot) {
     return out;
 }
 function applyOperation(projectRoot, relativePath, operation) {
-    const absolutePath = nodePath.resolve(projectRoot, relativePath);
-    const existing = existsSync(absolutePath) ? readFileSync(absolutePath, 'utf8') : null;
+    // Route through the single generator chokepoint instead of a bare resolve, so
+    // a traversal / absolute `relativePath` in a hand-crafted or tampered plan
+    // can't write OUTSIDE the project root. An unsafe path becomes a Conflict,
+    // which writeSyntheticPlan refuses (matching the template path in dry-run.ts).
+    let safe;
+    try {
+        safe = safeResolveTargetPath(relativePath, projectRoot);
+    }
+    catch (e) {
+        const pathErr = e;
+        return {
+            type: FileChangeType.Conflict,
+            absolutePath: pathErr.rawPath,
+            relativePath: pathErr.rawPath,
+            contents: '',
+            reason: `Refused unsafe target path (${pathErr.code}): ${pathErr.message}`,
+            sizeBytes: 0,
+        };
+    }
+    const existing = existsSync(safe.absolutePath) ? readFileSync(safe.absolutePath, 'utf8') : null;
     return evaluatePlannedChange({
-        change: { targetPath: relativePath, operation },
-        absolutePath,
-        relativePath,
+        change: { targetPath: safe.relativePath, operation },
+        absolutePath: safe.absolutePath,
+        relativePath: safe.relativePath,
         existing,
     });
 }
@@ -78,10 +97,27 @@ function applyOperation(projectRoot, relativePath, operation) {
  */
 import { mkdirSync, writeFileSync } from 'node:fs';
 import { AppErrorImpl, ERROR_CODES, err, ok } from '@shrkcrft/core';
+/**
+ * A CCR retrieval marker (`<<ccr:<hex>…>>`) is a pointer into the compress
+ * cache — a LOSSY/compressed view, never apply-grade source. If one ever
+ * reaches a write (e.g. a compressed diff fed into a `create`/`replace` op), it
+ * would corrupt the file. This detector enforces, at the write chokepoint, the
+ * invariant that the compression layer only documents in a comment.
+ */
+const CCR_MARKER_RE = /<<ccr:[0-9a-f]{8,}/;
 export function writeSyntheticPlan(plan) {
     if (plan.hasConflicts) {
         return err(new AppErrorImpl(ERROR_CODES.TARGET_FILE_EXISTS, 'Synthetic plan refused: conflicts present', { details: { conflicts: plan.changes.filter((c) => c.type === FileChangeType.Conflict) } }));
     }
+    // Refuse the WHOLE plan if any writeable change carries a CCR marker — a
+    // compressed/lossy blob must never be written as source.
+    for (const change of plan.changes) {
+        if (!isWriteableSyntheticChange(change.type))
+            continue;
+        if (CCR_MARKER_RE.test(change.contents)) {
+            return err(new AppErrorImpl(ERROR_CODES.INVALID_INPUT, `Refused to write ${change.relativePath}: contents carry a <<ccr:…>> marker (a compressed/lossy blob is not apply-grade source).`, { details: { path: change.relativePath } }));
+        }
+    }
     const written = [];
     let totalBytes = 0;
     let skipped = 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shrkcrft/generator",
-  "version": "0.1.0-alpha.16",
+  "version": "0.1.0-alpha.18",
   "description": "SharkCraft plan-first generator: GenerationPlan, FileChange, dry-run, safe writes.",
   "license": "MIT",
   "author": "SharkCraft contributors",
@@ -43,10 +43,10 @@
     "typecheck": "tsc --noEmit -p tsconfig.json"
   },
   "dependencies": {
-    "@shrkcrft/core": "^0.1.0-alpha.16",
-    "@shrkcrft/templates": "^0.1.0-alpha.16",
-    "@shrkcrft/rules": "^0.1.0-alpha.16",
-    "@shrkcrft/paths": "^0.1.0-alpha.16"
+    "@shrkcrft/core": "^0.1.0-alpha.18",
+    "@shrkcrft/templates": "^0.1.0-alpha.18",
+    "@shrkcrft/rules": "^0.1.0-alpha.18",
+    "@shrkcrft/paths": "^0.1.0-alpha.18"
   },
   "publishConfig": {
     "access": "public"