@westbayberry/dg 2.0.8 → 2.0.10

package/dist/config/settings.js

@@ -1,7 +1,7 @@
 import { existsSync, mkdirSync, readFileSync, renameSync, rmSync, writeFileSync } from "node:fs";
 import { randomUUID } from "node:crypto";
 import { dirname, join } from "node:path";
-import { resolveDgPaths } from "../state/index.js";
+import { acquireLockSyncWithRetry, resolveDgPaths } from "../state/index.js";
 export const CONFIG_KEYS = Object.freeze([
     "api.baseUrl",
     "org.id",
@@ -59,10 +59,12 @@ export function loadUserConfig(env = process.env) {
         return DEFAULT_CONFIG;
     }
     try {
-        const parsed = JSON.parse(readFileSync(path, "utf8"));
-        return normalizeConfig(parsed);
+        return normalizeConfig(JSON.parse(readFileSync(path, "utf8")));
     }
     catch (error) {
+        if (error instanceof ConfigError) {
+            throw new ConfigError(`Invalid dg config at ${path}: ${error.message}`);
+        }
         throw new ConfigError(`Malformed dg config at ${path}: ${error instanceof Error ? error.message : "unknown error"}`);
     }
 }
@@ -70,6 +72,28 @@ export function saveUserConfig(config, env = process.env) {
     const paths = resolveDgPaths(env);
     writeJsonAtomic(userConfigPath(paths), config);
 }
+export const USER_CONFIG_LOCK = "user-config";
+const USER_CONFIG_LOCK_TIMEOUT_MS = 5_000;
+const USER_CONFIG_LOCK_STALE_MS = 60_000;
+export function withUserConfigLock(env, action) {
+    const lock = acquireLockSyncWithRetry(resolveDgPaths(env), USER_CONFIG_LOCK, {
+        staleMs: USER_CONFIG_LOCK_STALE_MS,
+        timeoutMs: USER_CONFIG_LOCK_TIMEOUT_MS
+    });
+    try {
+        return action();
+    }
+    finally {
+        lock.release();
+    }
+}
+export function updateUserConfig(apply, env = process.env) {
+    return withUserConfigLock(env, () => {
+        const next = apply(loadUserConfig(env));
+        saveUserConfig(next, env);
+        return next;
+    });
+}
 export function getConfigValue(config, key) {
     if (key === "api.baseUrl") {
         return config.api.baseUrl;
@@ -166,7 +190,7 @@ export function setConfigValue(config, key, rawValue) {
         return {
             ...config,
             audit: {
-                upload: parseBoolean(rawValue)
+                upload: parseBoolean(rawValue, key)
             }
         };
     }
@@ -174,14 +198,14 @@ export function setConfigValue(config, key, rawValue) {
         return {
             ...config,
             telemetry: {
-                enabled: parseBoolean(rawValue)
+                enabled: parseBoolean(rawValue, key)
             }
         };
     }
     return {
         ...config,
         webhooks: {
-            enabled: parseBoolean(rawValue)
+            enabled: parseBoolean(rawValue, key)
         }
     };
 }
@@ -192,38 +216,93 @@ export function isConfigKey(value) {
     return CONFIG_KEYS.includes(value);
 }
 function normalizeConfig(raw) {
+    if (!isPlainObject(raw)) {
+        throw new ConfigError(`config must be a JSON object, got ${describeJsonType(raw)}`);
+    }
     if (raw.version !== undefined && raw.version !== 1) {
         throw new ConfigError("unsupported config version");
     }
+    const api = fieldObject(raw, "api");
+    const org = fieldObject(raw, "org");
+    const policy = fieldObject(raw, "policy");
+    const gitHook = fieldObject(raw, "gitHook");
+    const audit = fieldObject(raw, "audit");
+    const telemetry = fieldObject(raw, "telemetry");
+    const webhooks = fieldObject(raw, "webhooks");
     return {
         version: 1,
         api: {
-            baseUrl: parseUrl(raw.api?.baseUrl ?? DEFAULT_CONFIG.api.baseUrl)
+            baseUrl: parseUrl(fieldString(api, "api.baseUrl", "baseUrl") ?? DEFAULT_CONFIG.api.baseUrl)
         },
         org: {
-            id: raw.org?.id ?? DEFAULT_CONFIG.org.id
+            id: fieldString(org, "org.id", "id") ?? DEFAULT_CONFIG.org.id
         },
         policy: {
-            mode: parsePolicyMode(raw.policy?.mode ?? DEFAULT_CONFIG.policy.mode),
-            trustProjectAllowlists: raw.policy?.trustProjectAllowlists ?? DEFAULT_CONFIG.policy.trustProjectAllowlists,
-            allowForceOverride: raw.policy?.allowForceOverride ?? DEFAULT_CONFIG.policy.allowForceOverride,
-            scriptHardening: raw.policy?.scriptHardening ?? DEFAULT_CONFIG.policy.scriptHardening
+            mode: parsePolicyMode(fieldString(policy, "policy.mode", "mode") ?? DEFAULT_CONFIG.policy.mode),
+            trustProjectAllowlists: fieldBoolean(policy, "policy.trustProjectAllowlists", "trustProjectAllowlists") ?? DEFAULT_CONFIG.policy.trustProjectAllowlists,
+            allowForceOverride: fieldBoolean(policy, "policy.allowForceOverride", "allowForceOverride") ?? DEFAULT_CONFIG.policy.allowForceOverride,
+            scriptHardening: fieldBoolean(policy, "policy.scriptHardening", "scriptHardening") ?? DEFAULT_CONFIG.policy.scriptHardening
         },
         gitHook: {
-            onWarn: parseOnWarn(raw.gitHook?.onWarn ?? DEFAULT_CONFIG.gitHook.onWarn),
-            onIncomplete: parseOnIncomplete(raw.gitHook?.onIncomplete ?? DEFAULT_CONFIG.gitHook.onIncomplete)
+            onWarn: parseOnWarn(fieldString(gitHook, "gitHook.onWarn", "onWarn") ?? DEFAULT_CONFIG.gitHook.onWarn),
+            onIncomplete: parseOnIncomplete(fieldString(gitHook, "gitHook.onIncomplete", "onIncomplete") ?? DEFAULT_CONFIG.gitHook.onIncomplete)
         },
         audit: {
-            upload: raw.audit?.upload ?? DEFAULT_CONFIG.audit.upload
+            upload: fieldBoolean(audit, "audit.upload", "upload") ?? DEFAULT_CONFIG.audit.upload
         },
         telemetry: {
-            enabled: raw.telemetry?.enabled ?? DEFAULT_CONFIG.telemetry.enabled
+            enabled: fieldBoolean(telemetry, "telemetry.enabled", "enabled") ?? DEFAULT_CONFIG.telemetry.enabled
         },
         webhooks: {
-            enabled: raw.webhooks?.enabled ?? DEFAULT_CONFIG.webhooks.enabled
+            enabled: fieldBoolean(webhooks, "webhooks.enabled", "enabled") ?? DEFAULT_CONFIG.webhooks.enabled
         }
     };
 }
+function fieldObject(root, field) {
+    const value = root[field];
+    if (value === undefined) {
+        return {};
+    }
+    if (!isPlainObject(value)) {
+        throw new ConfigError(`${field} must be a JSON object, got ${describeJsonType(value)}`);
+    }
+    return value;
+}
+function fieldBoolean(section, field, key) {
+    const value = section[key];
+    if (value === undefined) {
+        return undefined;
+    }
+    if (typeof value === "boolean") {
+        return value;
+    }
+    throw new ConfigError(`${field} must be a JSON boolean (true or false), got ${describeJsonType(value)}`);
+}
+function fieldString(section, field, key) {
+    const value = section[key];
+    if (value === undefined) {
+        return undefined;
+    }
+    if (typeof value === "string") {
+        return value;
+    }
+    throw new ConfigError(`${field} must be a string, got ${describeJsonType(value)}`);
+}
+function isPlainObject(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function describeJsonType(value) {
+    if (value === null) {
+        return "null";
+    }
+    if (Array.isArray(value)) {
+        return "an array";
+    }
+    if (typeof value === "string") {
+        return `the string "${value.length > 32 ? `${value.slice(0, 32)}…` : value}"`;
+    }
+    return `a ${typeof value}`;
+}
 function withPolicyBoolean(config, key, rawValue) {
     if (key === "mode") {
         return config;
@@ -232,7 +311,7 @@ function withPolicyBoolean(config, key, rawValue) {
         ...config,
         policy: {
             ...config.policy,
-            [key]: parseBoolean(rawValue)
+            [key]: parseBoolean(rawValue, `policy.${key}`)
         }
     };
 }
@@ -254,21 +333,22 @@ function parseOnIncomplete(value) {
     }
     throw new ConfigError("gitHook.onIncomplete must be one of: allow, block");
 }
-function parseBoolean(value) {
+function parseBoolean(value, field) {
     if (value === "true") {
         return true;
     }
     if (value === "false") {
         return false;
     }
-    throw new ConfigError("boolean config values must be true or false");
+    throw new ConfigError(`${field} must be true or false`);
 }
 function parseUrl(value) {
     const trimmed = value.trim();
     try {
         const url = new URL(trimmed);
-        if (url.protocol !== "https:" && url.hostname !== "localhost" && url.hostname !== "127.0.0.1") {
-            throw new ConfigError("api.baseUrl must use https unless it targets localhost");
+        const localhost = url.hostname === "localhost" || url.hostname === "127.0.0.1";
+        if (url.protocol !== "https:" && !(url.protocol === "http:" && localhost)) {
+            throw new ConfigError("api.baseUrl must use https, or http for localhost");
         }
         return url.toString().replace(/\/$/, "");
     }

package/dist/launcher/install-preflight.js

@@ -1,11 +1,40 @@
 import { spawn } from "node:child_process";
+import { createInterface } from "node:readline";
 import { analyzePackages } from "../api/analyze.js";
-import { defaultPromptIo, promptYesNo } from "../install-ui/prompt.js";
-import { parsePipReportInstallSet } from "./pip-report.js";
+import { defaultPromptIo } from "../install-ui/prompt.js";
+import { parsePipReportInstallCount, parsePipReportInstallSet } from "./pip-report.js";
 const PROCEED = { proceed: true };
+const UNRESOLVED = { set: undefined, count: undefined };
+const approvedFlagRanks = new Map();
+const pipResolutions = new Map();
+export function resetInstallPreflightSession() {
+    approvedFlagRanks.clear();
+    pipResolutions.clear();
+}
+export function actionRank(action) {
+    return { pass: 0, analysis_incomplete: 1, warn: 2, block: 3 }[action];
+}
+export function recordPreflightApprovals(packages) {
+    for (const pkg of packages) {
+        const key = `${pkg.name}@${pkg.version}`;
+        const rank = actionRank(pkg.action);
+        if ((approvedFlagRanks.get(key) ?? -1) < rank) {
+            approvedFlagRanks.set(key, rank);
+        }
+    }
+}
+function isPreflightApproved(pkg) {
+    return (approvedFlagRanks.get(`${pkg.name}@${pkg.version}`) ?? -1) >= actionRank(pkg.action);
+}
+export function cachedPipResolution(binary, args) {
+    return pipResolutions.get(pipResolutionKey(binary, args));
+}
+function pipResolutionKey(binary, args) {
+    return JSON.stringify([binary, ...args]);
+}
 function resolvePipInstallSet(binary, args, env) {
     if (!binary)
-        return Promise.resolve(undefined);
+        return Promise.resolve(UNRESOLVED);
     return new Promise((resolve) => {
         let stdout = "";
         let settled = false;
@@ -26,7 +55,7 @@ function resolvePipInstallSet(binary, args, env) {
             });
         }
         catch {
-            finish(undefined);
+            finish(UNRESOLVED);
             return;
         }
         timer = setTimeout(() => {
@@ -34,11 +63,13 @@ function resolvePipInstallSet(binary, args, env) {
                 child.kill();
             }
             catch { /* already exited */ }
-            finish(undefined);
+            finish(UNRESOLVED);
         }, 30_000);
         child.stdout?.on("data", (chunk) => { stdout += chunk.toString("utf8"); });
-        child.on("error", () => finish(undefined));
-        child.on("close", (code) => finish(code === 0 ? parsePipReportInstallSet(stdout) : undefined));
+        child.on("error", () => finish(UNRESOLVED));
+        child.on("close", (code) => finish(code === 0
+            ? { set: parsePipReportInstallSet(stdout), count: parsePipReportInstallCount(stdout) }
+            : UNRESOLVED));
     });
 }
 function findingSummary(pkg) {
@@ -59,7 +90,13 @@ export async function runInstallPreflight(manager, binary, childArgs, env) {
     if (manager !== "pip" || !binary) {
         return PROCEED;
     }
-    const set = await resolvePipInstallSet(binary, childArgs, env);
+    const key = pipResolutionKey(binary, childArgs);
+    let resolution = pipResolutions.get(key);
+    if (!resolution) {
+        resolution = await resolvePipInstallSet(binary, childArgs, env);
+        pipResolutions.set(key, resolution);
+    }
+    const set = resolution.set;
     if (!set || set.length === 0) {
         return PROCEED;
     }
@@ -73,17 +110,49 @@ export async function runInstallPreflight(manager, binary, childArgs, env) {
     return decideFromVerdicts(verdicts.packages, defaultPromptIo());
 }
 export async function decideFromVerdicts(packages, io) {
-    const flagged = packages.filter((pkg) => pkg.action === "warn" || pkg.action === "block");
+    const flagged = packages.filter((pkg) => (pkg.action === "warn" || pkg.action === "block") && !isPreflightApproved({ name: pkg.name, version: pkg.version, action: pkg.action }));
     if (flagged.length === 0 || !io.isTTY) {
         return PROCEED;
     }
     renderPreflight(flagged, io.output);
     const hasBlock = flagged.some((pkg) => pkg.action === "block");
-    const accepted = hasBlock
-        ? await promptYesNo("  Override and install anyway?", io, false)
-        : await promptYesNo("  Proceed?", io, true);
+    const accepted = await promptPreflightYesNo(hasBlock ? "  Override and install anyway?" : "  Proceed?", io, false);
     if (!accepted) {
         return { proceed: false };
     }
+    recordPreflightApprovals(flagged.map((pkg) => ({ name: pkg.name, version: pkg.version, action: pkg.action ?? "warn" })));
     return hasBlock ? { proceed: true, forceOverride: { force: true } } : PROCEED;
 }
+export async function promptPreflightYesNo(question, io, defaultYes) {
+    if (!io.isTTY) {
+        return false;
+    }
+    const rl = createInterface({ input: io.input, output: io.output });
+    try {
+        const answer = await new Promise((resolve) => {
+            rl.once("SIGINT", () => resolve(undefined));
+            rl.question(`${question} ${defaultYes ? "[Y/n]" : "[y/N]"} `, resolve);
+        });
+        if (answer === undefined) {
+            rl.close();
+            restoreRawInput(io.input);
+            io.output.write("\n");
+            process.exit(130);
+        }
+        const normalized = answer.trim().toLowerCase();
+        if (normalized === "") {
+            return defaultYes;
+        }
+        return normalized === "y" || normalized === "yes";
+    }
+    finally {
+        rl.close();
+        restoreRawInput(io.input);
+    }
+}
+function restoreRawInput(input) {
+    const stream = input;
+    if (stream.isTTY && typeof stream.setRawMode === "function") {
+        stream.setRawMode(false);
+    }
+}

package/dist/launcher/output-redaction.js

@@ -1,21 +1,23 @@
 const credentialUrlPattern = /\b([a-z][a-z0-9+.-]{0,31}:\/\/)([^/\s:@]+):([^/\s@]+)@/gi;
 const authHeaderPattern = /\b(proxy-authorization|authorization):\s*[^\r\n]+/gi;
-const tokenAssignmentPattern = /\b((?:npm_|pypi_|dg_)?(?:token|authToken|password|secret))=([^\s]+)/gi;
+const tokenAssignmentPattern = /(?<![A-Za-z0-9])([A-Za-z0-9_-]*(?:secret[_-]key|access[_-]key|api[_-]key|token|password|secret))=([^\s]+)/gi;
 const npmrcAuthPattern = /(_authToken|_auth|_password)\s*=\s*("[^"]*"|[^\s;,]+)/gi;
+const jsonSecretPattern = /("[A-Za-z0-9_.$-]*(?:secret[_-]key|access[_-]key|api[_-]key|token|password|secret)"\s*:\s*)"(?:[^"\\]|\\.)*"/gi;
 const bearerPattern = /\bBearer\s+[A-Za-z0-9._~+/=-]{8,}/g;
-const knownTokenShapePattern = /\b(npm_[A-Za-z0-9]{36}|gh[pousr]_[A-Za-z0-9]{36,255}|pypi-[A-Za-z0-9_-]{20,})\b/g;
+const knownTokenShapePattern = /\b(npm_[A-Za-z0-9]{36}|gh[pousr]_[A-Za-z0-9]{36,255}|pypi-[A-Za-z0-9_-]{20,}|glpat-[A-Za-z0-9_-]{20,}|xox[bp]-[A-Za-z0-9-]{10,})\b/g;
 export function redactSecrets(text) {
     return text
         .replace(credentialUrlPattern, "$1<redacted>@")
         .replace(authHeaderPattern, (_match, header) => `${header}: <redacted>`)
         .replace(npmrcAuthPattern, "$1=<redacted>")
+        .replace(jsonSecretPattern, '$1"<redacted>"')
         .replace(tokenAssignmentPattern, "$1=<redacted>")
         .replace(bearerPattern, "Bearer <redacted>")
         .replace(knownTokenShapePattern, "<redacted>");
 }
 const STREAM_FLUSH_QUIET_MS = 80;
 const SECRET_TAIL_SCAN_CHARS = 80;
-const secretTailPattern = /(Bearer\s+[\w.~+/=-]*|npm_[A-Za-z0-9]*|gh[pousr]_[A-Za-z0-9]*|pypi-[\w-]*|(?:_authToken|_auth|_password|token|authToken|password|secret)=\S*)$/i;
+const secretTailPattern = /(Bearer\s+[\w.~+/=-]*|npm_[A-Za-z0-9]*|gh[pousr]_[A-Za-z0-9]*|pypi-[\w-]*|glpat-[\w-]*|xox[bp]-[\w-]*|[\w-]*(?:_authToken|_auth|_password|secret[_-]key|access[_-]key|api[_-]key|token|password|secret)=\S*|"[\w.$-]*(?:secret[_-]key|access[_-]key|api[_-]key|token|password|secret)"\s*:\s*"?[^"\n]*)$/i;
 export function createStreamRedactor(emit) {
     let pending = "";
     let timer;

package/dist/launcher/preflight-prompt.js

@@ -1,9 +1,10 @@
 import { analyzePackages } from "../api/analyze.js";
 import { isCiEnv } from "../presentation/mode.js";
 import { renderInstallDecision } from "../install-ui/block-render.js";
-import { promptYesNo, defaultPromptIo } from "../install-ui/prompt.js";
+import { defaultPromptIo } from "../install-ui/prompt.js";
 import { enforceProtectedInstall } from "../proxy/enforcement.js";
 import { classifyPackageManagerInvocation, isSupportedPackageManager } from "./classify.js";
+import { actionRank, promptPreflightYesNo, recordPreflightApprovals } from "./install-preflight.js";
 import { redactSecrets } from "./output-redaction.js";
 const ECOSYSTEM_BY_MANAGER = {
     npm: "npm",
@@ -37,25 +38,27 @@ export async function maybePreflightInstallPrompt(args, options = {}) {
     if (specs.length === 0) {
         return FALL_THROUGH;
     }
-    let worst;
+    const flagged = [];
     try {
         const response = await (options.analyze ?? analyzePackages)(specs.map((spec) => ({ name: spec.name, version: spec.version })), { ecosystem, env });
         for (const spec of specs) {
             const pkg = response.packages.find((entry) => entry.name === spec.name && entry.version === spec.version);
             const action = pkg?.action ?? "pass";
-            if (!worst || rank(action) > rank(worst.action)) {
-                worst = {
-                    action,
-                    spec,
-                    reason: pkg?.reasons[0] ?? pkg?.findings[0]?.title ?? "flagged by the scanner"
-                };
+            if (action === "pass") {
+                continue;
             }
+            flagged.push({
+                action,
+                spec,
+                reason: pkg?.reasons[0] ?? pkg?.findings[0]?.title ?? "flagged by the scanner"
+            });
         }
     }
     catch {
         return FALL_THROUGH;
     }
-    if (!worst || worst.action === "pass") {
+    const worst = flagged.reduce((top, entry) => (!top || actionRank(entry.action) > actionRank(top.action) ? entry : top), undefined);
+    if (!worst) {
         return FALL_THROUGH;
     }
     if (worst.action === "block") {
@@ -80,8 +83,20 @@ export async function maybePreflightInstallPrompt(args, options = {}) {
         return FALL_THROUGH;
     }
     const label = `${worst.spec.name}@${worst.spec.version}`;
-    const proceed = await promptYesNo(`⚠ DG flagged ${label} (warn) — ${worst.reason}. Proceed?`, io);
+    if (worst.action === "analysis_incomplete") {
+        const proceed = await promptPreflightYesNo(`? DG could not fully analyze ${label} (analysis incomplete) — ${worst.reason}. Proceed?`, io, true);
+        if (proceed) {
+            recordPreflightApprovals(flagged.map(asFlaggedPackage));
+            return FALL_THROUGH;
+        }
+        return {
+            handled: true,
+            result: { exitCode: 4, stdout: "", stderr: "Declined. Nothing was installed.\n" }
+        };
+    }
+    const proceed = await promptPreflightYesNo(`⚠ DG flagged ${label} (warn) — ${worst.reason}. Proceed?`, io, false);
     if (proceed) {
+        recordPreflightApprovals(flagged.map(asFlaggedPackage));
         return FALL_THROUGH;
     }
     return {
@@ -89,8 +104,12 @@ export async function maybePreflightInstallPrompt(args, options = {}) {
         result: { exitCode: 1, stdout: "", stderr: "Declined. Nothing was installed.\n" }
     };
 }
-function rank(action) {
-    return { pass: 0, analysis_incomplete: 1, warn: 2, block: 3 }[action];
+function asFlaggedPackage(entry) {
+    return {
+        name: entry.spec.name,
+        version: entry.spec.version,
+        action: entry.action
+    };
 }
 function stripControlArgs(args) {
     const childArgs = [];

package/dist/launcher/run.js

@@ -12,10 +12,57 @@ import { readProxySessionState } from "../proxy/server.js";
 import { cleanupSessionSync, createSessionSync, resolveDgPaths } from "../state/index.js";
 import { classifyPackageManagerInvocation } from "./classify.js";
 import { buildProxyChildEnv } from "./env.js";
+import { cachedPipResolution } from "./install-preflight.js";
 import { parsePipReportInstallCount } from "./pip-report.js";
 import { createStreamRedactor, redactSecrets } from "./output-redaction.js";
 import { resolveRealBinary } from "./resolve-real-binary.js";
 export const EXIT_INSTALL_BLOCKED = 2;
+const CMD_SCRIPT_PATTERN = /\.(cmd|bat)$/i;
+const CMD_META_CHARS = /([()\][%!^"`<>&|;, *?])/g;
+export function resolveSpawnInvocation(binary, args, platform = process.platform) {
+    if (platform !== "win32" || !CMD_SCRIPT_PATTERN.test(binary)) {
+        return { command: binary, args, windowsVerbatimArguments: false };
+    }
+    const commandLine = [escapeCmdCommand(binary), ...args.map(escapeCmdArgument)].join(" ");
+    return {
+        command: process.env.comspec ?? "cmd.exe",
+        args: ["/d", "/s", "/c", `"${commandLine}"`],
+        windowsVerbatimArguments: true
+    };
+}
+function escapeCmdCommand(command) {
+    return command.replace(CMD_META_CHARS, "^$1");
+}
+// cmd shims parse their command line twice, hence the doubled meta-char escape (cross-spawn's algorithm)
+function escapeCmdArgument(argument) {
+    const quoted = `"${argument.replace(/(\\*)"/g, '$1$1\\"').replace(/(\\*)$/, "$1$1")}"`;
+    return quoted.replace(CMD_META_CHARS, "^$1").replace(CMD_META_CHARS, "^$1");
+}
+export function shimDepth(env) {
+    const parsed = Number.parseInt(env.DG_SHIM_DEPTH ?? "", 10);
+    return Number.isInteger(parsed) && parsed > 0 ? parsed : 0;
+}
+export function rootUnprotectedNotice(env, uid = process.getuid?.()) {
+    if (uid !== 0) {
+        return "";
+    }
+    if (existsSync(resolveDgPaths(env).stateDir)) {
+        return "";
+    }
+    return "dg: running as root without dg state — bare package-manager installs by root are not protected\n";
+}
+let rootNoticeWritten = false;
+function maybeWarnRootWithoutState(env) {
+    if (rootNoticeWritten) {
+        return;
+    }
+    const notice = rootUnprotectedNotice(env);
+    if (!notice) {
+        return;
+    }
+    rootNoticeWritten = true;
+    process.stderr.write(notice);
+}
 export function createLaunchPlan(manager, args, env = process.env) {
     const classification = classifyPackageManagerInvocation(manager, args);
     const realBinary = resolveRealBinary({
@@ -28,7 +75,8 @@ export function createLaunchPlan(manager, args, env = process.env) {
         startsProxy: classification.kind === "protected",
         childEnv: {
             ...env,
-            DG_SHIM_ACTIVE: shimNonce(manager, env)
+            DG_SHIM_ACTIVE: shimNonce(manager, env),
+            DG_SHIM_DEPTH: String(shimDepth(env) + 1)
         }
     };
 }
@@ -41,6 +89,23 @@ export async function runPackageManager(manager, args, options = {}) {
     if (!plan.realBinary.path) {
         return unavailable(invoked, `real ${plan.classification.realBinaryName} binary was not found outside dg shims`);
     }
+    maybeWarnRootWithoutState(options.env ?? process.env);
+    const depth = shimDepth(options.env ?? process.env);
+    if (depth >= 2) {
+        return {
+            exitCode: EXIT_UNAVAILABLE,
+            stdout: "",
+            stderr: `dg: ${manager} shim exec loop detected (DG_SHIM_DEPTH=${depth}) — refusing to re-enter\n`
+        };
+    }
+    if (depth === 1 && plan.startsProxy) {
+        const child = await spawnPackageManager(plan, args, options);
+        return {
+            exitCode: child.exitCode,
+            stdout: streamedOut(child.stdout, options),
+            stderr: `dg: re-entered through its own shim — running the real ${plan.classification.realBinaryName} directly\n${streamedErr(child.stderr, options)}`
+        };
+    }
     if (plan.startsProxy) {
         if (!options.proxyVerdict) {
             return runWithProductionProxy(plan, args, options);
@@ -173,9 +238,11 @@ function resolvePipInstallTotal(binary, args, env, register) {
         };
         let child;
         try {
-            child = spawn(binary, [...args, "--dry-run", "--report", "-", "--quiet"], {
+            const invocation = resolveSpawnInvocation(binary, [...args, "--dry-run", "--report", "-", "--quiet"]);
+            child = spawn(invocation.command, [...invocation.args], {
                 env,
-                stdio: ["ignore", "pipe", "ignore"]
+                stdio: ["ignore", "pipe", "ignore"],
+                windowsVerbatimArguments: invocation.windowsVerbatimArguments
             });
         }
         catch {
@@ -200,6 +267,7 @@ export async function runWithProductionProxyLive(plan, args, options, onView) {
         throw new Error("live install mode renders its own UI and owns the terminal; streaming output callbacks are not supported");
     }
     const env = options.env ?? process.env;
+    maybeWarnRootWithoutState(env);
     const proxy = await startProxyWorker(plan.classification, env, options.forceOverride);
     if ("decision" in proxy) {
         return { exitCode: EXIT_INSTALL_BLOCKED, stdout: "", stderr: redactSecrets(renderInstallDecision(proxy.decision)) };
@@ -217,9 +285,15 @@ export async function runWithProductionProxyLive(plan, args, options, onView) {
         let resolvedTotal;
         let dryRunChild;
         if (plan.classification.manager === "pip") {
-            void resolvePipInstallTotal(plan.realBinary.path ?? "", args, childEnv, (child) => { dryRunChild = child; })
-                .then((count) => { resolvedTotal = count; })
-                .catch(() => undefined);
+            const cached = cachedPipResolution(plan.realBinary.path ?? "", args);
+            if (cached) {
+                resolvedTotal = cached.count;
+            }
+            else {
+                void resolvePipInstallTotal(plan.realBinary.path ?? "", args, childEnv, (child) => { dryRunChild = child; })
+                    .then((count) => { resolvedTotal = count; })
+                    .catch(() => undefined);
+            }
         }
         const poll = setInterval(() => {
             onView(deriveLiveView(readProxySessionState(proxy.session), "scanning", resolvedTotal));
@@ -292,9 +366,11 @@ async function spawnPackageManager(plan, args, options) {
     });
 }
 const defaultSpawner = (request) => new Promise((resolve) => {
-    const child = spawn(request.binary, [...request.args], {
+    const invocation = resolveSpawnInvocation(request.binary, request.args);
+    const child = spawn(invocation.command, [...invocation.args], {
         env: request.env,
-        stdio: ["inherit", "pipe", "pipe"]
+        stdio: ["inherit", "pipe", "pipe"],
+        windowsVerbatimArguments: invocation.windowsVerbatimArguments
     });
     const stdout = [];
     const stderr = [];
@@ -421,6 +497,9 @@ function stopProxyWorker(proxy) {
 function installProxySignalHandlers(proxy) {
     const registrations = ["SIGINT", "SIGTERM"].map((signal) => {
         const handler = () => {
+            if (process.stdin.isTTY) {
+                process.stdin.setRawMode(false);
+            }
             stopProxyWorker(proxy);
             process.exit(signal === "SIGINT" ? 130 : 143);
         };