@wrongstack/tools 0.250.0 → 0.255.0

package/dist/audit.js

@@ -1,18 +1,504 @@
 import { spawn } from 'node:child_process';
-import { buildChildEnv } from '@wrongstack/core';
+import { buildChildEnv, expectDefined, wstackGlobalRoot } from '@wrongstack/core';
 import * as fs from 'node:fs';
-import * as path2 from 'node:path';
+import { mkdirSync, createWriteStream } from 'node:fs';
+import * as fsp from 'node:fs/promises';
+import * as path3 from 'node:path';
+import * as os from 'node:os';
 
 // src/_spawn-stream.ts
+var SPOOL_RETENTION_MS = 7 * 24 * 60 * 60 * 1e3;
+var SPOOL_WRITE_HWM_BYTES = 4 * 1024 * 1024;
+var sweepStarted = false;
+function toolOutputDir() {
+  return path3.join(wstackGlobalRoot(), "tool-output");
+}
+function sweepOldSpoolFiles(dir) {
+  if (sweepStarted) return;
+  sweepStarted = true;
+  void (async () => {
+    try {
+      const now = Date.now();
+      for (const name of await fsp.readdir(dir)) {
+        if (!name.endsWith(".log")) continue;
+        const p = path3.join(dir, name);
+        try {
+          const st = await fsp.stat(p);
+          if (now - st.mtimeMs > SPOOL_RETENTION_MS) await fsp.unlink(p);
+        } catch {
+        }
+      }
+    } catch {
+    }
+  })();
+}
+function spoolNote(info) {
+  const dropped = info.droppedBytes > 0 ? `, ~${info.droppedBytes} bytes dropped under backpressure` : "";
+  return `
+[output truncated \u2014 full ${info.bytes} bytes at ${info.path}${dropped}; read/grep that file selectively instead of re-running with more output]`;
+}
+function createOutputSpool(opts) {
+  const threshold = opts.thresholdBytes;
+  const safeTool = opts.tool.replace(/[^a-zA-Z0-9._-]+/g, "_").slice(0, 40) || "tool";
+  let head = "";
+  let headBytes = 0;
+  let totalBytes = 0;
+  let droppedBytes = 0;
+  let stream = null;
+  let filePath = null;
+  let failed = false;
+  let finalized = false;
+  const open = () => {
+    if (stream || failed) return;
+    try {
+      const dir = toolOutputDir();
+      mkdirSync(dir, { recursive: true });
+      sweepOldSpoolFiles(dir);
+      const stamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+      const rand = Math.random().toString(36).slice(2, 6);
+      filePath = path3.join(dir, `${stamp}-${safeTool}-${rand}.log`);
+      stream = createWriteStream(filePath, { flags: "w", encoding: "utf8" });
+      stream.on("error", () => {
+        failed = true;
+        stream = null;
+        filePath = null;
+      });
+      stream.write(head);
+    } catch {
+      failed = true;
+      stream = null;
+      filePath = null;
+    }
+  };
+  return {
+    write(text) {
+      if (finalized || !text) return;
+      totalBytes += Buffer.byteLength(text, "utf8");
+      if (!stream && !failed) {
+        if (headBytes + text.length <= threshold) {
+          head += text;
+          headBytes += text.length;
+          return;
+        }
+        head += text;
+        open();
+        head = "";
+        return;
+      }
+      if (stream) {
+        if (stream.writableLength > SPOOL_WRITE_HWM_BYTES) {
+          droppedBytes += Buffer.byteLength(text, "utf8");
+          return;
+        }
+        stream.write(text);
+      }
+    },
+    finalize() {
+      if (finalized) {
+        return filePath ? { path: filePath, bytes: totalBytes, droppedBytes } : null;
+      }
+      finalized = true;
+      head = "";
+      if (!stream || !filePath) return null;
+      try {
+        stream.end();
+      } catch {
+      }
+      return { path: filePath, bytes: totalBytes, droppedBytes };
+    }
+  };
+}
+
+// src/circuit-breaker.ts
+var DEFAULT_MAX_CONSECUTIVE_FAILURES = 5;
+var DEFAULT_SLOW_CALL_THRESHOLD_MS = 18e4;
+var DEFAULT_MAX_SLOW_CALLS = 3;
+var DEFAULT_WINDOW_MS = 6e4;
+var DEFAULT_MAX_CALLS_PER_WINDOW = 30;
+var DEFAULT_COOLDOWN_MS = 3e4;
+var CircuitBreaker = class {
+  maxConsecutiveFailures;
+  slowCallThresholdMs;
+  maxSlowCalls;
+  windowMs;
+  maxCallsPerWindow;
+  cooldownMs;
+  state = "closed";
+  consecutiveFailures = 0;
+  window = [];
+  lastFailureAt = null;
+  lastSlowAt = null;
+  /** Timestamp when the breaker was opened (for cooldown calculation). */
+  openedAt = null;
+  constructor(config = {}) {
+    this.maxConsecutiveFailures = config.maxConsecutiveFailures ?? DEFAULT_MAX_CONSECUTIVE_FAILURES;
+    this.slowCallThresholdMs = config.slowCallThresholdMs ?? DEFAULT_SLOW_CALL_THRESHOLD_MS;
+    this.maxSlowCalls = config.maxSlowCalls ?? DEFAULT_MAX_SLOW_CALLS;
+    this.windowMs = config.windowMs ?? DEFAULT_WINDOW_MS;
+    this.maxCallsPerWindow = config.maxCallsPerWindow ?? DEFAULT_MAX_CALLS_PER_WINDOW;
+    this.cooldownMs = config.cooldownMs ?? DEFAULT_COOLDOWN_MS;
+  }
+  /**
+   * Returns true if the circuit allows a new call to proceed.
+   * When false, callers should abort the tool call and return a
+   * circuit-breaker error instead of spawning a process.
+   */
+  get canProceed() {
+    this._checkStateTransition();
+    return this.state !== "open";
+  }
+  /**
+   * Snapshot of the current breaker state for observability (`/kill`).
+   */
+  snapshot() {
+    this._checkStateTransition();
+    const now = Date.now();
+    let cooldownRemaining = null;
+    if (this.openedAt !== null && this.state === "open") {
+      const elapsed = now - this.openedAt;
+      cooldownRemaining = Math.max(0, this.cooldownMs - elapsed);
+    }
+    return {
+      state: this.state,
+      consecutiveFailures: this.consecutiveFailures,
+      slowCallsInWindow: this.window.filter((c) => c.slow).length,
+      callsInWindow: this.window.length,
+      windowMs: this.windowMs,
+      cooldownRemainingMs: cooldownRemaining,
+      lastFailureAt: this.lastFailureAt,
+      lastSlowAt: this.lastSlowAt
+    };
+  }
+  /**
+   * Call this BEFORE spawning a bash/exec process.
+   * Returns true if the call is allowed; false if the breaker is open.
+   * When false, callers MUST NOT spawn a process.
+   *
+   * @param bypass - If true, skip the circuit breaker check entirely.
+   *                  Use for background/fire-and-forget processes that should
+   *                  not affect breaker state.
+   */
+  beforeCall(bypass = false) {
+    if (bypass) return true;
+    this._checkStateTransition();
+    if (this.state === "open") return false;
+    return true;
+  }
+  /**
+   * Call this AFTER a bash/exec process finishes (success or failure).
+   * `durationMs` is the wall-clock time the process ran.
+   * `failed` is true when the process returned a non-zero exit code or
+   * threw an exception before spawning.
+   *
+   * @param bypass - If true, do not update breaker state.
+   *                  Use for background/fire-and-forget processes.
+   */
+  afterCall(durationMs, failed, bypass = false) {
+    if (bypass) return;
+    const now = Date.now();
+    if (this.state === "half-open") {
+      if (failed) {
+        this._trip();
+        return;
+      }
+      this._reset();
+      return;
+    }
+    this._pruneWindow(now);
+    const slow = durationMs >= this.slowCallThresholdMs;
+    this.window.push({ at: now, failed, slow });
+    if (failed) {
+      this.consecutiveFailures++;
+      this.lastFailureAt = now;
+      if (this.consecutiveFailures >= this.maxConsecutiveFailures) {
+        this._trip();
+      }
+      return;
+    }
+    this.consecutiveFailures = 0;
+    if (slow) {
+      this.lastSlowAt = now;
+      const slowCount = this.window.filter((c) => c.slow).length;
+      if (slowCount >= this.maxSlowCalls) {
+        this._trip();
+      }
+    }
+    const callCount = this.window.length;
+    if (callCount >= this.maxCallsPerWindow) {
+      this._trip();
+    }
+  }
+  /** Force the breaker open. Used by /kill force and Ctrl+C. */
+  forceOpen() {
+    this._trip();
+  }
+  /** Force a reset to closed. Used by tests and /kill reset. */
+  forceReset() {
+    this._reset();
+  }
+  _trip() {
+    if (this.state === "open") return;
+    this.state = "open";
+    this.openedAt = Date.now();
+  }
+  _reset() {
+    this.state = "closed";
+    this.consecutiveFailures = 0;
+    this.window = [];
+    this.openedAt = null;
+  }
+  /** Transition from open → half-open when cooldown elapses. */
+  _checkStateTransition() {
+    if (this.state !== "open" || this.openedAt === null) return;
+    const elapsed = Date.now() - this.openedAt;
+    if (elapsed >= this.cooldownMs) {
+      this.state = "half-open";
+      this.openedAt = null;
+    }
+  }
+  _pruneWindow(now) {
+    const cutoff = now - this.windowMs;
+    this.window = this.window.filter((c) => c.at >= cutoff);
+  }
+};
+
+// src/process-registry.ts
+var SENSITIVE_FLAG_PATTERNS = [
+  // --flag=value  or  --flag "value"  (value captured up to next space or comma)
+  /--(?:token|password|passwd|pwd|secret|api[-_]?key|api[-_]?secret|auth|credential|private[-_]?key|access[-_]?key|github[-_]?token|gh[-_]?token|bearer|jwt|oauth|pin|pincode|passphrase|access[-_]?token)(?:[=\s,][^\s]*)?/gi,
+  // -f "value" style short flags
+  /(?<!\w)-t(?:\s+|\s*=\s*)[^\s,]+/g,
+  /(?<!\w)-p(?:ssword)?(?:\s+|\s*=\s*)[^\s,]+/gi,
+  // env var–style secrets: TOKEN=x, API_KEY=y, etc.
+  /(?:TOKEN|API_KEY|API_SECRET|AUTH_TOKEN|GITHUB_TOKEN|GH_TOKEN|BEARER|JWT|OAUTH|CREDENTIAL|SECRET|PRIVATE_KEY|PASSWORD|PASSWD)\s*[=:]\s*[^\s,]+/gi,
+  // Generic high-entropy look: base64 strings >32 chars or hex strings >32 digits — but only
+  // when preceded by a flag name (e.g. --github-token=EyJ...).
+  /--\w*(?:token|key|secret|password|passwd|auth|credential)\w*[=\s,][A-Za-z0-9+/=]{32,}/
+];
+function redactCommand(cmd) {
+  let result = cmd;
+  for (const pattern of SENSITIVE_FLAG_PATTERNS) {
+    result = result.replace(pattern, (match) => {
+      const eq = match.indexOf("=");
+      const sp = match.search(/\s/);
+      const delim = eq !== -1 ? "=" : sp !== -1 ? match[sp] : null;
+      if (delim !== null) {
+        const flag = match.slice(0, match.indexOf(expectDefined(delim)) + 1);
+        return `${flag}[REDACTED]`;
+      }
+      const flagEnd = match.match(/^--?[a-zA-Z][a-zA-Z0-9_-]*/)?.[0] ?? match;
+      return `${flagEnd}=**redacted**`;
+    });
+  }
+  return result;
+}
+var DEFAULT_GRACE_MS = 2e3;
+function killWin32Tree(pid) {
+  try {
+    spawn("taskkill", ["/pid", String(pid), "/T", "/F"], {
+      stdio: "ignore",
+      windowsHide: true
+    }).unref();
+    return true;
+  } catch {
+    return false;
+  }
+}
+var ProcessRegistryImpl = class {
+  processes = /* @__PURE__ */ new Map();
+  breaker;
+  constructor(breakerConfig) {
+    this.breaker = new CircuitBreaker(breakerConfig);
+  }
+  register(info) {
+    this.processes.set(info.pid, { ...info, killed: false, protected: info.protected ?? false });
+  }
+  /** Unregister a process by PID. Called on 'close' / 'exit' events. */
+  unregister(pid) {
+    this.processes.delete(pid);
+  }
+  /** Get a single process by PID. */
+  get(pid) {
+    return this.processes.get(pid);
+  }
+  /** Get all tracked processes. */
+  list() {
+    return Array.from(this.processes.values());
+  }
+  /** Get processes filtered by name (e.g. 'bash', 'exec'). */
+  byName(name) {
+    return this.list().filter((p) => p.name === name);
+  }
+  /** Get processes filtered by session. */
+  bySession(sessionId) {
+    return this.list().filter((p) => p.sessionId === sessionId);
+  }
+  /** Count of active (non-killed) processes. */
+  get activeCount() {
+    let n = 0;
+    for (const p of this.processes.values()) {
+      if (!p.killed) n++;
+    }
+    return n;
+  }
+  /**
+   * Combined stats for observability — used by /ps and the TUI status bar.
+   */
+  stats() {
+    return {
+      activeCount: this.activeCount,
+      totalCount: this.processes.size,
+      breaker: this.breaker.snapshot()
+    };
+  }
+  /**
+   * Returns true if the circuit allows a new bash/exec call to proceed.
+   * When false, callers MUST NOT spawn a process.
+   */
+  get canProceed() {
+    return this.breaker.canProceed;
+  }
+  /**
+   * Called before spawning a process. Returns true if allowed; false if
+   * the circuit breaker is open.
+   *
+   * @param bypass - If true, skip circuit breaker check (for background processes).
+   */
+  beforeCall(bypass = false) {
+    return this.breaker.beforeCall(bypass);
+  }
+  /**
+   * Called after a process finishes. `durationMs` is wall-clock time;
+   * `failed` is true for non-zero exit codes.
+   *
+   * @param bypass - If true, do not update circuit breaker state (for background processes).
+   */
+  afterCall(durationMs, failed, bypass = false) {
+    this.breaker.afterCall(durationMs, failed, bypass);
+  }
+  /** Force-open the circuit breaker (Ctrl+C, /kill force). */
+  forceBreakerOpen() {
+    this.breaker.forceOpen();
+  }
+  /** Force-reset the circuit breaker to closed (/kill reset). */
+  forceBreakerReset() {
+    this.breaker.forceReset();
+  }
+  /** Kill a single process by PID.
+   *
+   *  On POSIX: sends SIGTERM to the *process group* (-pid) so that
+   *  runaway grandchild processes (`sleep 9999 & disown`) are also killed.
+   *  After `graceMs` a SIGKILL is sent if the process hasn't exited.
+   *
+   *  On Windows: `child.kill()` maps to TerminateProcess — process groups
+   *  are not meaningfully supported. A second `force=true` call sends
+   *  SIGKILL (which maps to TerminateProcess again — the distinction is
+   *  in the exit code, not the signal).
+   *
+   *  Returns true if the process was found and kill was attempted.
+   */
+  kill(pid, opts = {}) {
+    const p = this.processes.get(pid);
+    if (!p) return false;
+    if (p.killed) return true;
+    if (p.protected) return false;
+    const { force = false, graceMs = DEFAULT_GRACE_MS } = opts;
+    const isWin = os.platform() === "win32";
+    if (isWin) {
+      const liveRealChild = p.child.exitCode === null && typeof p.child.pid === "number";
+      if (liveRealChild && killWin32Tree(pid)) {
+        const fallback = setTimeout(() => {
+          if (p.child.exitCode === null) {
+            try {
+              p.child.kill("SIGKILL");
+            } catch {
+            }
+          }
+        }, graceMs);
+        fallback.unref?.();
+      } else {
+        try {
+          p.child.kill(force ? "SIGKILL" : "SIGTERM");
+        } catch {
+        }
+      }
+      p.killed = true;
+      return true;
+    }
+    try {
+      if (force) {
+        try {
+          process.kill(-pid, "SIGKILL");
+        } catch {
+          p.child.kill("SIGKILL");
+        }
+      } else {
+        try {
+          process.kill(-pid, "SIGTERM");
+        } catch {
+          p.child.kill("SIGTERM");
+        }
+        const timer = setTimeout(() => {
+          if (this.processes.has(pid) && !p.child.killed) {
+            try {
+              process.kill(-pid, "SIGKILL");
+            } catch {
+              try {
+                p.child.kill("SIGKILL");
+              } catch {
+              }
+            }
+          }
+        }, graceMs);
+        timer.unref?.();
+      }
+    } catch {
+    }
+    p.killed = true;
+    return true;
+  }
+  /**
+   * Kill all tracked processes.
+   * Returns the PIDs that were kill()ed.
+   */
+  killAll(opts = {}) {
+    const pids = Array.from(this.processes.keys());
+    const killed = [];
+    for (const pid of pids) {
+      const p = this.processes.get(pid);
+      if (p && !p.protected && this.kill(pid, opts)) killed.push(pid);
+    }
+    return killed;
+  }
+  /**
+   * Kill all processes for a specific session.
+   * Returns the PIDs that were kill()ed.
+   */
+  killSession(sessionId, opts = {}) {
+    const pids = this.bySession(sessionId).map((p) => p.pid);
+    const killed = [];
+    for (const pid of pids) {
+      if (this.kill(pid, opts)) killed.push(pid);
+    }
+    return killed;
+  }
+};
+var _registry;
+function getProcessRegistry() {
+  if (!_registry) {
+    _registry = new ProcessRegistryImpl();
+  }
+  return _registry;
+}
 function resolveWin32Command(cmd) {
   if (process.platform !== "win32") return cmd;
-  if (cmd.includes("/") || cmd.includes("\\") || path2.extname(cmd)) {
+  if (cmd.includes("/") || cmd.includes("\\") || path3.extname(cmd)) {
     return cmd;
   }
   const pathext = (process.env["PATHEXT"] ?? ".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC").toLowerCase().split(";");
-  const pathDirs = (process.env["PATH"] ?? "").split(path2.delimiter);
+  const pathDirs = (process.env["PATH"] ?? "").split(path3.delimiter);
   for (const dir of pathDirs) {
-    const base = path2.join(dir, cmd);
+    const base = path3.join(dir, cmd);
     for (const ext of pathext) {
       const full = `${base}${ext}`;
       try {
@@ -34,16 +520,29 @@ async function* spawnStream(opts) {
   let stderr = "";
   let pending = "";
   let error;
+  const spool = createOutputSpool({ tool: opts.cmd, thresholdBytes: max });
   const cmd = resolveWin32Command(opts.cmd);
-  const needsShell = process.platform === "win32" && (cmd.endsWith(".cmd") || cmd.endsWith(".bat"));
+  const isWin = process.platform === "win32";
+  const needsShell = isWin && (cmd.endsWith(".cmd") || cmd.endsWith(".bat"));
   const child = spawn(cmd, opts.args, {
     cwd: opts.cwd,
-    signal: opts.signal,
     env: buildChildEnv(),
     stdio: ["ignore", "pipe", "pipe"],
     windowsHide: true,
+    ...isWin ? {} : { signal: opts.signal },
     ...needsShell ? { shell: true, windowsVerbatimArguments: true } : {}
   });
+  const registry = getProcessRegistry();
+  const pid = child.pid;
+  if (typeof pid === "number") {
+    registry.register({
+      pid,
+      name: opts.cmd,
+      command: redactCommand(`${opts.cmd} ${opts.args.join(" ")}`),
+      startedAt: Date.now(),
+      child
+    });
+  }
   const queue = [];
   let waiter;
   let paused = false;
@@ -61,9 +560,10 @@ async function* spawnStream(opts) {
       child.stderr?.resume();
     }
   };
-  child.stdout?.on("data", (c) => {
+  const onOut = (c) => {
     const s = c.toString();
     if (stdout.length < max) stdout += s;
+    spool.write(s);
     queue.push({ kind: "out", data: s });
     wake();
     if (!paused && queue.length >= maxQueue) {
@@ -71,10 +571,11 @@ async function* spawnStream(opts) {
       child.stdout?.pause();
       child.stderr?.pause();
     }
-  });
-  child.stderr?.on("data", (c) => {
+  };
+  const onErr = (c) => {
     const s = c.toString();
     if (stderr.length < max) stderr += s;
+    spool.write(s);
     queue.push({ kind: "err", data: s });
     wake();
     if (!paused && queue.length >= maxQueue) {
@@ -82,74 +583,115 @@ async function* spawnStream(opts) {
       child.stdout?.pause();
       child.stderr?.pause();
     }
-  });
+  };
+  child.stdout?.on("data", onOut);
+  child.stderr?.on("data", onErr);
   child.on("error", (e) => {
     error = e.message;
     queue.push({ kind: "error", data: e.message });
     wake();
   });
   child.on("close", (code) => {
+    if (typeof pid === "number") registry.unregister(pid);
     queue.push({ kind: "close", data: "", code: code ?? 0 });
     wake();
   });
+  const onAbort = () => {
+    if (typeof pid === "number") {
+      registry.kill(pid, { force: true });
+    } else {
+      try {
+        child.kill("SIGKILL");
+      } catch {
+      }
+    }
+    queue.push({ kind: "close", data: "", code: 124 });
+    wake();
+  };
+  if (opts.signal.aborted) onAbort();
+  else opts.signal.addEventListener("abort", onAbort, { once: true });
   let exitCode = 0;
   let spawnFailed = false;
-  for (; ; ) {
-    while (queue.length === 0) {
-      await new Promise((resolve2) => {
-        waiter = resolve2;
-      });
-    }
-    const chunk = queue.shift();
-    resume();
-    if (chunk.kind === "close") {
-      if (!spawnFailed) exitCode = chunk.code ?? 0;
-      break;
-    }
-    if (chunk.kind === "error") {
-      spawnFailed = true;
-      exitCode = 1;
-      continue;
+  try {
+    for (; ; ) {
+      while (queue.length === 0) {
+        await new Promise((resolve2) => {
+          waiter = resolve2;
+        });
+      }
+      const chunk = queue.shift();
+      resume();
+      if (chunk.kind === "close") {
+        if (!spawnFailed) exitCode = chunk.code ?? 0;
+        break;
+      }
+      if (chunk.kind === "error") {
+        spawnFailed = true;
+        exitCode = 1;
+        continue;
+      }
+      pending += chunk.data;
+      if (pending.length >= flushAt) {
+        yield { type: "partial_output", text: pending };
+        pending = "";
+      }
     }
-    pending += chunk.data;
-    if (pending.length >= flushAt) {
+    if (pending.length > 0) {
       yield { type: "partial_output", text: pending };
-      pending = "";
+    }
+    const spooled = spool.finalize();
+    return {
+      // The marker rides on stdout's tail so every consumer's head+tail
+      // normalization keeps it without per-tool changes.
+      stdout: spooled ? stdout + spoolNote(spooled) : stdout,
+      stderr,
+      exitCode,
+      truncated: stdout.length >= max || stderr.length >= max,
+      error,
+      spoolPath: spooled?.path,
+      spoolBytes: spooled?.bytes
+    };
+  } finally {
+    spool.finalize();
+    opts.signal.removeEventListener("abort", onAbort);
+    child.stdout?.off("data", onOut);
+    child.stderr?.off("data", onErr);
+    child.stdout?.destroy();
+    child.stderr?.destroy();
+    if (child.exitCode === null && !child.killed) {
+      if (typeof pid === "number") {
+        registry.kill(pid, { force: true });
+      } else {
+        try {
+          child.kill("SIGKILL");
+        } catch {
+        }
+      }
     }
   }
-  if (pending.length > 0) {
-    yield { type: "partial_output", text: pending };
-  }
-  return {
-    stdout,
-    stderr,
-    exitCode,
-    truncated: stdout.length >= max || stderr.length >= max,
-    error
-  };
 }
 async function detectPackageManager(cwd) {
-  const { stat } = await import('node:fs/promises');
+  const { stat: stat2 } = await import('node:fs/promises');
   try {
-    await stat(`${cwd}/pnpm-lock.yaml`);
+    await stat2(`${cwd}/pnpm-lock.yaml`);
     return "pnpm";
   } catch {
   }
   try {
-    await stat(`${cwd}/yarn.lock`);
+    await stat2(`${cwd}/yarn.lock`);
     return "yarn";
   } catch {
   }
   return "npm";
 }
 function resolvePath(input, ctx) {
-  return path2.isAbsolute(input) ? path2.normalize(input) : path2.resolve(ctx.workingDir ?? ctx.cwd, input);
+  return path3.isAbsolute(input) ? path3.normalize(input) : path3.resolve(ctx.workingDir ?? ctx.cwd, input);
 }
 function ensureInsideRoot(absPath, ctx) {
-  const root = path2.resolve(ctx.projectRoot);
-  const target = path2.resolve(absPath);
-  const rel = path2.relative(root, target);
-  if (rel.startsWith("..") || path2.isAbsolute(rel)) {
+  const root = path3.resolve(ctx.projectRoot);
+  const target = path3.resolve(absPath);
+  const rel = path3.relative(root, target);
+  if (rel.startsWith("..") || path3.isAbsolute(rel)) {
     throw new Error(`Path "${absPath}" is outside project root "${root}"`);
   }
   return target;