npm - @vibecheckai/cli - Versions diffs - 3.5.1 → 3.5.3 - Mend

@vibecheckai/cli 3.5.1 → 3.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/bin/registry.js +406 -154
package/bin/runners/context/analyzer.js +52 -1
package/bin/runners/context/generators/mcp.js +15 -13
package/bin/runners/context/git-context.js +3 -1
package/bin/runners/context/proof-context.js +248 -1
package/bin/runners/context/team-conventions.js +33 -7
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +304 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +86 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +162 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +189 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +321 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analysis-core.js +220 -182
package/bin/runners/lib/analyzers.js +2145 -224
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/cli-output.js +242 -210
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detectors-v2.js +547 -785
package/bin/runners/lib/doctor/modules/security.js +3 -1
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/entitlements-v2.js +152 -446
package/bin/runners/lib/error-handler.js +60 -12
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +7 -1
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/global-flags.js +37 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/route-detection.js +137 -68
package/bin/runners/lib/route-truth.js +1167 -322
package/bin/runners/lib/scan-output.js +504 -463
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/validator.js +27 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +328 -31
package/bin/runners/lib/terminal-ui.js +234 -731
package/bin/runners/lib/truth.js +1332 -308
package/bin/runners/lib/unified-cli-output.js +604 -0
package/bin/runners/lib/unified-output.js +163 -155
package/bin/runners/lib/upsell.js +104 -204
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +166 -101
package/bin/runners/runApprove.js +1200 -0
package/bin/runners/runAuth.js +373 -95
package/bin/runners/runCheckpoint.js +59 -21
package/bin/runners/runClassify.js +926 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +136 -24
package/bin/runners/runDoctor.js +115 -67
package/bin/runners/runEvidencePack.js +239 -96
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +6 -5
package/bin/runners/runGuard.js +212 -118
package/bin/runners/runInit.js +66 -21
package/bin/runners/runLabs.js +204 -121
package/bin/runners/runMcp.js +131 -60
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +43 -20
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +15 -5
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runReport.js +36 -4
package/bin/runners/runScan.js +689 -91
package/bin/runners/runShip.js +96 -40
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +21 -4
package/bin/runners/runWatch.js +118 -54
package/bin/scan.js +6 -1
package/bin/vibecheck.js +297 -52
package/mcp-server/HARDENING_SUMMARY.md +299 -0
package/mcp-server/agent-firewall-interceptor.js +500 -0
package/mcp-server/authority-tools.js +569 -0
package/mcp-server/conductor/conflict-resolver.js +588 -0
package/mcp-server/conductor/execution-planner.js +544 -0
package/mcp-server/conductor/index.js +377 -0
package/mcp-server/conductor/lock-manager.js +615 -0
package/mcp-server/conductor/request-queue.js +550 -0
package/mcp-server/conductor/session-manager.js +500 -0
package/mcp-server/conductor/tools.js +510 -0
package/mcp-server/deprecation-middleware.js +282 -0
package/mcp-server/handlers/index.ts +15 -0
package/mcp-server/handlers/tool-handler.ts +474 -591
package/mcp-server/index.js +1748 -1099
package/mcp-server/lib/api-client.cjs +13 -0
package/mcp-server/lib/cache-wrapper.cjs +383 -0
package/mcp-server/lib/error-envelope.js +138 -0
package/mcp-server/lib/executor.ts +428 -721
package/mcp-server/lib/index.ts +19 -0
package/mcp-server/lib/logger.cjs +30 -0
package/mcp-server/lib/rate-limiter.js +166 -0
package/mcp-server/lib/sandbox.test.ts +519 -0
package/mcp-server/lib/sandbox.ts +342 -284
package/mcp-server/lib/types.ts +267 -0
package/mcp-server/logger.js +173 -0
package/mcp-server/package.json +11 -27
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tool-registry.js +794 -0
package/mcp-server/registry/tools.json +507 -378
package/mcp-server/registry.test.ts +334 -0
package/mcp-server/tests/tier-gating.test.js +297 -0
package/mcp-server/tier-auth.js +492 -347
package/mcp-server/tools-v3.js +950 -0
package/mcp-server/truth-context.js +131 -90
package/mcp-server/truth-firewall-tools.js +1612 -1001
package/mcp-server/tsconfig.json +8 -5
package/mcp-server/vibecheck-2.0-tools.js +14 -1
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/package.json +4 -3
package/bin/runners/runInstall.js +0 -281
package/mcp-server/ARCHITECTURE.md +0 -339
package/mcp-server/__tests__/cache.test.ts +0 -313
package/mcp-server/__tests__/executor.test.ts +0 -239
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +0 -1
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +0 -4
package/mcp-server/__tests__/ids.test.ts +0 -345
package/mcp-server/__tests__/integration/tools.test.ts +0 -410
package/mcp-server/__tests__/registry.test.ts +0 -365
package/mcp-server/__tests__/sandbox.test.ts +0 -323
package/mcp-server/__tests__/schemas.test.ts +0 -372
package/mcp-server/benchmarks/run-benchmarks.ts +0 -304
package/mcp-server/examples/doctor.request.json +0 -14
package/mcp-server/examples/doctor.response.json +0 -53
package/mcp-server/examples/error.response.json +0 -15
package/mcp-server/examples/scan.request.json +0 -14
package/mcp-server/examples/scan.response.json +0 -108
package/mcp-server/index-v3.ts +0 -293
package/mcp-server/index.old.js +0 -4137
package/mcp-server/lib/cache.ts +0 -341
package/mcp-server/lib/errors.ts +0 -346
package/mcp-server/lib/ids.ts +0 -238
package/mcp-server/lib/logger.ts +0 -368
package/mcp-server/lib/metrics.ts +0 -365
package/mcp-server/lib/validator.ts +0 -229
package/mcp-server/package-lock.json +0 -165
package/mcp-server/schemas/error-envelope.schema.json +0 -125
package/mcp-server/schemas/finding.schema.json +0 -167
package/mcp-server/schemas/report-artifact.schema.json +0 -88
package/mcp-server/schemas/run-request.schema.json +0 -75
package/mcp-server/schemas/verdict.schema.json +0 -168
package/mcp-server/tier-auth.d.ts +0 -71
package/mcp-server/vitest.config.ts +0 -16

package/mcp-server/lib/sandbox.test.ts ADDED Viewed

@@ -0,0 +1,519 @@
+/**
+ * Sandbox Path Security Tests
+ *
+ * Tests for the MCP sandbox module ensuring path security.
+ * Covers: traversal, absolute paths, symlink escapes, exclusions, config overrides.
+ */
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import * as path from 'path';
+import * as fs from 'fs';
+import * as os from 'os';
+import {
+  resolveSandboxPath,
+  validateSandboxPaths,
+  getActiveExclusions,
+  configFromRunRequest,
+  validateRunRequest,
+  createSandboxResolver,
+  SandboxConfig,
+  DEFAULT_EXCLUSIONS,
+} from './sandbox';
+// Test workspace root
+const TEST_ROOT = path.join(os.tmpdir(), 'sandbox-test-workspace');
+describe('sandbox', () => {
+  beforeAll(() => {
+    // Create test workspace structure
+    fs.mkdirSync(TEST_ROOT, { recursive: true });
+    fs.mkdirSync(path.join(TEST_ROOT, 'src'), { recursive: true });
+    fs.mkdirSync(path.join(TEST_ROOT, 'node_modules', 'lodash'), { recursive: true });
+    fs.mkdirSync(path.join(TEST_ROOT, 'dist'), { recursive: true });
+    fs.mkdirSync(path.join(TEST_ROOT, '.git'), { recursive: true });
+    // Create test files
+    fs.writeFileSync(path.join(TEST_ROOT, 'src', 'index.ts'), '// test');
+    fs.writeFileSync(path.join(TEST_ROOT, 'package.json'), '{}');
+  });
+  afterAll(() => {
+    // Clean up test workspace
+    try {
+      fs.rmSync(TEST_ROOT, { recursive: true, force: true });
+    } catch {
+      // Ignore cleanup errors
+    }
+  });
+  const baseConfig: SandboxConfig = {
+    workspaceRoot: TEST_ROOT,
+  };
+  // ============================================================
+  // Test Case 1: Valid relative paths should resolve correctly
+  // ============================================================
+  describe('1. Valid relative paths', () => {
+    it('should accept simple relative paths within workspace', () => {
+      const result = resolveSandboxPath('src/index.ts', baseConfig);
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'src', 'index.ts'));
+      expect(result.error).toBeUndefined();
+    });
+    it('should accept nested relative paths', () => {
+      const result = resolveSandboxPath('src/utils/helpers/format.ts', baseConfig);
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'src', 'utils', 'helpers', 'format.ts'));
+    });
+    it('should accept paths with dots in filename', () => {
+      const result = resolveSandboxPath('src/config.local.ts', baseConfig);
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'src', 'config.local.ts'));
+    });
+  });
+  // ============================================================
+  // Test Case 2: Path traversal (..) should be rejected
+  // ============================================================
+  describe('2. Path traversal detection', () => {
+    it('should reject paths with ../ traversal', () => {
+      const result = resolveSandboxPath('../outside-workspace/secret.txt', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+      expect(result.error).toContain('traversal');
+    });
+    it('should reject paths with embedded ../', () => {
+      const result = resolveSandboxPath('src/../../etc/passwd', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+    });
+    it('should reject paths with ..\\  (Windows-style)', () => {
+      const result = resolveSandboxPath('src\\..\\..\\etc\\passwd', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+    });
+    it('should reject URL-encoded traversal attempts', () => {
+      const result = resolveSandboxPath('src/%2e%2e/secret.txt', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+    });
+    it('should reject null byte injection', () => {
+      const result = resolveSandboxPath('src/file.txt%00.jpg', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('TRAVERSAL_DETECTED');
+    });
+  });
+  // ============================================================
+  // Test Case 3: Absolute paths outside root should be rejected
+  // ============================================================
+  describe('3. Absolute path validation', () => {
+    it('should reject Unix absolute paths outside workspace', () => {
+      const result = resolveSandboxPath('/etc/passwd', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('ABSOLUTE_PATH_OUTSIDE_ROOT');
+      expect(result.error).toContain('escapes workspace root');
+    });
+    it('should reject Windows absolute paths outside workspace', () => {
+      const result = resolveSandboxPath('C:\\Windows\\System32\\config', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('ABSOLUTE_PATH_OUTSIDE_ROOT');
+    });
+    it('should accept absolute paths within workspace root', () => {
+      const absoluteInside = path.join(TEST_ROOT, 'src', 'index.ts');
+      const result = resolveSandboxPath(absoluteInside, baseConfig);
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(absoluteInside);
+    });
+    it('should reject UNC paths', () => {
+      const result = resolveSandboxPath('\\\\server\\share\\file.txt', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('ABSOLUTE_PATH_OUTSIDE_ROOT');
+    });
+  });
+  // ============================================================
+  // Test Case 4: Symlink escape detection
+  // ============================================================
+  describe('4. Symlink escape detection', () => {
+    const symlinkPath = path.join(TEST_ROOT, 'escape-link');
+    let symlinkCreated = false;
+    beforeAll(() => {
+      // Create a symlink pointing outside the workspace
+      try {
+        // Point to parent directory (outside workspace)
+        const targetOutside = os.tmpdir();
+        if (fs.existsSync(symlinkPath)) {
+          fs.unlinkSync(symlinkPath);
+        }
+        fs.symlinkSync(targetOutside, symlinkPath, 'dir');
+        symlinkCreated = true;
+      } catch {
+        // Symlink creation may fail on Windows without admin privileges
+        symlinkCreated = false;
+      }
+    });
+    afterAll(() => {
+      if (symlinkCreated) {
+        try {
+          fs.unlinkSync(symlinkPath);
+        } catch {
+          // Ignore
+        }
+      }
+    });
+    it('should detect symlink that points outside workspace', () => {
+      if (!symlinkCreated) {
+        // Skip on systems where symlinks cannot be created
+        console.log('Skipping symlink test - symlinks not available');
+        return;
+      }
+      const result = resolveSandboxPath('escape-link', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('SYMLINK_ESCAPE');
+      expect(result.error).toContain('Symlink escape');
+    });
+    it('should accept symlinks within workspace', () => {
+      const internalSymlink = path.join(TEST_ROOT, 'internal-link');
+      try {
+        if (fs.existsSync(internalSymlink)) {
+          fs.unlinkSync(internalSymlink);
+        }
+        fs.symlinkSync(path.join(TEST_ROOT, 'src'), internalSymlink, 'dir');
+        const result = resolveSandboxPath('internal-link', baseConfig);
+        expect(result.valid).toBe(true);
+        expect(result.resolvedPath).toBeDefined();
+        fs.unlinkSync(internalSymlink);
+      } catch {
+        // Skip if symlinks not available
+        console.log('Skipping internal symlink test - symlinks not available');
+      }
+    });
+  });
+  // ============================================================
+  // Test Case 5: Default exclusions are enforced
+  // ============================================================
+  describe('5. Default exclusions', () => {
+    it('should reject paths in node_modules by default', () => {
+      const result = resolveSandboxPath('node_modules/lodash/index.js', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+      expect(result.error).toContain('excluded');
+    });
+    it('should reject paths in dist by default', () => {
+      const result = resolveSandboxPath('dist/bundle.js', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+    });
+    it('should reject paths in .git by default', () => {
+      const result = resolveSandboxPath('.git/config', baseConfig);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+    });
+    it('should reject paths in build, .next, out, coverage', () => {
+      const paths = ['build/app.js', '.next/static/chunks', 'out/index.html', 'coverage/lcov.info'];
+      for (const p of paths) {
+        const result = resolveSandboxPath(p, baseConfig);
+        expect(result.valid).toBe(false);
+        expect(result.errorCode).toBe('EXCLUDED_PATH');
+      }
+    });
+    it('should include all expected default exclusions', () => {
+      expect(DEFAULT_EXCLUSIONS).toContain('node_modules/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('venv/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.venv/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('dist/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('build/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.next/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('out/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('coverage/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.git/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.cache/**');
+      expect(DEFAULT_EXCLUSIONS).toContain('.turbo/**');
+    });
+  });
+  // ============================================================
+  // Test Case 6: Config override - includeThirdParty
+  // ============================================================
+  describe('6. Config override: includeThirdParty', () => {
+    it('should allow node_modules when includeThirdParty is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeThirdParty: true,
+      };
+      const result = resolveSandboxPath('node_modules/lodash/index.js', config);
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'node_modules', 'lodash', 'index.js'));
+    });
+    it('should allow venv when includeThirdParty is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeThirdParty: true,
+      };
+      const result = resolveSandboxPath('venv/lib/python3.9/site-packages', config);
+      expect(result.valid).toBe(true);
+    });
+    it('should still exclude dist when only includeThirdParty is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeThirdParty: true,
+      };
+      const result = resolveSandboxPath('dist/bundle.js', config);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+    });
+  });
+  // ============================================================
+  // Test Case 7: Config override - includeGenerated
+  // ============================================================
+  describe('7. Config override: includeGenerated', () => {
+    it('should allow dist when includeGenerated is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeGenerated: true,
+      };
+      const result = resolveSandboxPath('dist/bundle.js', config);
+      expect(result.valid).toBe(true);
+      expect(result.resolvedPath).toBe(path.join(TEST_ROOT, 'dist', 'bundle.js'));
+    });
+    it('should allow build, .next, out when includeGenerated is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeGenerated: true,
+      };
+      expect(resolveSandboxPath('build/app.js', config).valid).toBe(true);
+      expect(resolveSandboxPath('.next/static/chunks/main.js', config).valid).toBe(true);
+      expect(resolveSandboxPath('out/index.html', config).valid).toBe(true);
+    });
+    it('should still exclude node_modules when only includeGenerated is true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeGenerated: true,
+      };
+      const result = resolveSandboxPath('node_modules/lodash/index.js', config);
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('EXCLUDED_PATH');
+    });
+    it('should allow both when both flags are true', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        includeThirdParty: true,
+        includeGenerated: true,
+      };
+      expect(resolveSandboxPath('node_modules/lodash/index.js', config).valid).toBe(true);
+      expect(resolveSandboxPath('dist/bundle.js', config).valid).toBe(true);
+    });
+  });
+  // ============================================================
+  // Test Case 8: RunRequest integration with config overrides
+  // ============================================================
+  describe('8. RunRequest integration', () => {
+    it('should create config from RunRequest with defaults', () => {
+      const config = configFromRunRequest({}, TEST_ROOT);
+      expect(config.workspaceRoot).toBe(TEST_ROOT);
+      expect(config.includeThirdParty).toBe(false);
+      expect(config.includeGenerated).toBe(false);
+    });
+    it('should honor RunRequest.includeThirdParty', () => {
+      const config = configFromRunRequest(
+        { includeThirdParty: true },
+        TEST_ROOT
+      );
+      expect(config.includeThirdParty).toBe(true);
+      const result = resolveSandboxPath('node_modules/react/index.js', config);
+      expect(result.valid).toBe(true);
+    });
+    it('should honor RunRequest.includeGenerated', () => {
+      const config = configFromRunRequest(
+        { includeGenerated: true },
+        TEST_ROOT
+      );
+      expect(config.includeGenerated).toBe(true);
+      const result = resolveSandboxPath('dist/main.js', config);
+      expect(result.valid).toBe(true);
+    });
+    it('should validate single path from RunRequest', () => {
+      const result = validateRunRequest(
+        { path: 'src/index.ts' },
+        TEST_ROOT
+      );
+      expect(result.valid).toBe(true);
+    });
+    it('should validate multiple paths from RunRequest', () => {
+      const result = validateRunRequest(
+        { paths: ['src/index.ts', 'src/utils.ts'] },
+        TEST_ROOT
+      );
+      expect(result.valid).toBe(true);
+    });
+    it('should fail RunRequest with invalid path', () => {
+      const result = validateRunRequest(
+        { path: '../../../etc/passwd' },
+        TEST_ROOT
+      );
+      expect(result.valid).toBe(false);
+      expect(result.error).toContain('traversal');
+    });
+    it('should use projectPath from RunRequest as workspace root', () => {
+      const customRoot = path.join(os.tmpdir(), 'custom-workspace');
+      fs.mkdirSync(customRoot, { recursive: true });
+      try {
+        const result = validateRunRequest(
+          {
+            path: 'src/file.ts',
+            projectPath: customRoot,
+          },
+          TEST_ROOT
+        );
+        expect(result.valid).toBe(true);
+        // Should resolve under customRoot, not TEST_ROOT
+      } finally {
+        fs.rmSync(customRoot, { recursive: true, force: true });
+      }
+    });
+  });
+  // ============================================================
+  // Additional utility tests
+  // ============================================================
+  describe('Utility functions', () => {
+    it('getActiveExclusions returns correct patterns based on config', () => {
+      const baseExclusions = getActiveExclusions(baseConfig);
+      expect(baseExclusions).toContain('node_modules/**');
+      expect(baseExclusions).toContain('dist/**');
+      expect(baseExclusions).toContain('.git/**');
+      const withThirdParty = getActiveExclusions({ ...baseConfig, includeThirdParty: true });
+      expect(withThirdParty).not.toContain('node_modules/**');
+      expect(withThirdParty).toContain('dist/**');
+      const withGenerated = getActiveExclusions({ ...baseConfig, includeGenerated: true });
+      expect(withGenerated).toContain('node_modules/**');
+      expect(withGenerated).not.toContain('dist/**');
+    });
+    it('validateSandboxPaths validates multiple paths and collects errors', () => {
+      const { valid, results, errors } = validateSandboxPaths(
+        ['src/good.ts', '../bad.ts', 'node_modules/pkg'],
+        baseConfig
+      );
+      expect(valid).toBe(false);
+      expect(results.size).toBe(3);
+      expect(errors.length).toBe(2); // traversal + exclusion
+      expect(results.get('src/good.ts')?.valid).toBe(true);
+      expect(results.get('../bad.ts')?.valid).toBe(false);
+      expect(results.get('node_modules/pkg')?.valid).toBe(false);
+    });
+    it('createSandboxResolver creates reusable resolver', () => {
+      const resolver = createSandboxResolver(baseConfig);
+      expect(resolver('src/index.ts').valid).toBe(true);
+      expect(resolver('../escape.txt').valid).toBe(false);
+      expect(resolver('node_modules/pkg').valid).toBe(false);
+    });
+    it('rejects invalid workspace root', () => {
+      const result = resolveSandboxPath('src/file.ts', {
+        workspaceRoot: 'relative/path', // Not absolute
+      });
+      expect(result.valid).toBe(false);
+      expect(result.errorCode).toBe('INVALID_ROOT');
+    });
+    it('allowlist overrides exclusions', () => {
+      const config: SandboxConfig = {
+        ...baseConfig,
+        allowlist: ['node_modules/allowed-pkg/**'],
+      };
+      // Allowed package should pass
+      const allowed = resolveSandboxPath('node_modules/allowed-pkg/index.js', config);
+      expect(allowed.valid).toBe(true);
+      // Other packages still blocked
+      const blocked = resolveSandboxPath('node_modules/other-pkg/index.js', config);
+      expect(blocked.valid).toBe(false);
+    });
+  });
+});