@yemi33/minions 0.1.1775 → 0.1.1776

package/CHANGELOG.md

@@ -1,16 +1,17 @@
 # Changelog
 
-## 0.1.1775 (2026-05-07)
+## 0.1.1776 (2026-05-07)
+
+### Fixes
+- refuse worktree paths nested in any project root
+
+## 0.1.1774 (2026-05-07)
 
 ### Features
--  Improve dashboard API route metadata
 - suppress stale doc-chat model errors
 
 ### Fixes
 - yemi33/minions#2168
--  honor central plan work item project
--  restore canonical-home shared helpers
-- yemi33/minions#2170
 
 ## 0.1.1772 (2026-05-07)
 

package/engine/cleanup.js

@@ -366,6 +366,31 @@ async function runCleanup(config, verbose = false) {
     }
   }
 
+  // 2b. Detect git worktrees registered inside any linked project's working tree.
+  // Nested worktrees cause glob/grep tools running with cwd=projectRoot to match
+  // BOTH copies of every file; a single Edit/MultiEdit then writes the same
+  // change to both locations, producing "mirror dirty file" leaks (W-cc-doc-chat-continuity).
+  // We only WARN here — removing someone else's worktree without consent could
+  // destroy in-flight work. The operator runs `git worktree remove <path>`.
+  cleaned.nestedWorktrees = 0;
+  for (const project of projects) {
+    const root = project.localPath ? path.resolve(project.localPath) : null;
+    if (!root || !fs.existsSync(root)) continue;
+    let raw;
+    try {
+      raw = String(shared.execSilent('git worktree list --porcelain', { cwd: root, timeout: 10000, windowsHide: true }) || '');
+    } catch (e) { log('warn', `nested-worktree scan for ${project.name || root}: ${e.message}`); continue; }
+    for (const line of raw.split('\n')) {
+      if (!line.startsWith('worktree ')) continue;
+      const wt = line.slice('worktree '.length).trim();
+      if (!wt) continue;
+      if (path.resolve(wt) === root) continue; // main worktree — expected
+      if (!shared.isPathInsideOrEqual(wt, root)) continue;
+      cleaned.nestedWorktrees++;
+      log('warn', `Nested worktree in project "${project.name || root}": "${wt}" is inside "${root}". This causes glob tools to match both copies and produces mirror writes. Run: git worktree remove "${wt}"`);
+    }
+  }
+
   // 3. Clean git worktrees for merged/abandoned PRs
   const _attemptedWorktreePaths = new Set(); // dedup across projects sharing a worktreeRoot
   for (const project of projects) {
@@ -664,8 +689,8 @@ async function runCleanup(config, verbose = false) {
     }
   } catch (e) { log('warn', 'prune orphaned dispatches: ' + e.message); }
 
-  if (cleaned.tempFiles + cleaned.liveOutputs + cleaned.worktrees + cleaned.zombies + (cleaned.files || 0) + cleaned.orphanedDispatches > 0) {
-    log('info', `Cleanup: ${cleaned.tempFiles} temp, ${cleaned.liveOutputs} live outputs, ${cleaned.worktrees} worktrees, ${cleaned.zombies} zombies, ${cleaned.files || 0} archives, ${cleaned.orphanedDispatches} orphaned dispatches`);
+  if (cleaned.tempFiles + cleaned.liveOutputs + cleaned.worktrees + cleaned.zombies + (cleaned.files || 0) + cleaned.orphanedDispatches + (cleaned.nestedWorktrees || 0) > 0) {
+    log('info', `Cleanup: ${cleaned.tempFiles} temp, ${cleaned.liveOutputs} live outputs, ${cleaned.worktrees} worktrees, ${cleaned.zombies} zombies, ${cleaned.files || 0} archives, ${cleaned.orphanedDispatches} orphaned dispatches, ${cleaned.nestedWorktrees || 0} nested worktrees flagged`);
   }
 
   // 8. Clean swept KB files older than 7 days

package/engine/copilot-models.json

@@ -1,5 +1,5 @@
 {
   "runtime": "copilot",
   "models": null,
-  "cachedAt": "2026-05-07T21:35:37.002Z"
+  "cachedAt": "2026-05-07T23:06:07.639Z"
 }

package/engine/shared.js

@@ -2121,6 +2121,49 @@ function buildWorktreeDirName({
   return `${projectSlug}-${sanitizeBranch(branchName || 'worktree')}-${suffix}`;
 }
 
+/**
+ * True when `childPath` is the same as or nested within `parentPath`. Uses
+ * `path.relative` so it's cross-platform and resilient to mixed separators
+ * (Windows worktree paths often arrive with forward slashes from git output).
+ * Returns false when paths refer to different roots/drives or `childPath`
+ * escapes via `..`.
+ *
+ * Why this helper exists: a git worktree placed inside the parent repo's
+ * working tree causes glob/grep tools running with `cwd = projectRoot` to
+ * match BOTH copies of every file. A single Edit/MultiEdit then writes the
+ * same change to both locations, producing the "mirror dirty file" pattern.
+ * Worktrees must always be siblings/cousins of the project root, never
+ * descendants.
+ */
+function isPathInsideOrEqual(childPath, parentPath) {
+  if (!childPath || !parentPath) return false;
+  const childAbs = path.resolve(String(childPath));
+  const parentAbs = path.resolve(String(parentPath));
+  const rel = path.relative(parentAbs, childAbs);
+  if (rel === '') return true;
+  if (rel.startsWith('..')) return false;
+  if (path.isAbsolute(rel)) return false;
+  return true;
+}
+
+/**
+ * Throws when `worktreePath` would land inside (or equal) `projectRoot`.
+ * Called by the engine spawn path before `git worktree add`, and by the
+ * cleanup sweep that audits already-registered worktrees per linked project.
+ * The thrown Error has `code: 'WORKTREE_NESTED_IN_PROJECT'` so callers can
+ * branch on it without parsing the message.
+ */
+function assertWorktreeOutsideProject(worktreePath, projectRoot) {
+  if (!isPathInsideOrEqual(worktreePath, projectRoot)) return;
+  const err = new Error(
+    `Refusing to use worktree path "${worktreePath}" — it is inside project root "${projectRoot}". ` +
+    `A worktree nested in its parent project causes glob/grep tools to match both copies and ` +
+    `produces "mirror" dirty files. Place worktrees outside the project (engine.worktreeRoot default: "../worktrees").`
+  );
+  err.code = 'WORKTREE_NESTED_IN_PROJECT';
+  throw err;
+}
+
 // ── HTTP Origin Allowlist & Security Headers ─────────────────────────────────
 // Pure helpers used by dashboard.js to gate mutating requests against an
 // explicit allowlist of local origins and to attach uniform security response
@@ -3192,6 +3235,8 @@ module.exports = {
   sanitizePath,
   sanitizeBranch,
   buildWorktreeDirName, // exported for testing
+  isPathInsideOrEqual,
+  assertWorktreeOutsideProject,
   isLiveCommandCenterPath,
   describeCcProtectedPaths,
   renderCcSystemPrompt,

package/engine.js

@@ -625,10 +625,18 @@ async function spawnAgent(dispatchItem, config) {
       branchName,
     });
     worktreePath = path.resolve(rootDir, engineConfig.worktreeRoot || '../worktrees', wtDirName);
+    // Refuse to spawn into a worktree path that's inside the project root —
+    // nested worktrees cause glob/grep to match both copies (mirror writes).
+    // Throws on violation; caught by the outer try/catch which fails dispatch.
+    shared.assertWorktreeOutsideProject(worktreePath, rootDir);
 
     // If branch is already checked out in an existing worktree, reuse it
     const existingWt = await findExistingWorktree(rootDir, branchName);
     if (existingWt) {
+      // Same guard for reuse — a previously-created bad worktree must not
+      // be silently reused either; the cleanup sweep flags these so the
+      // operator can remove them.
+      shared.assertWorktreeOutsideProject(existingWt, rootDir);
       worktreePath = existingWt;
       log('info', `Reusing existing worktree for ${branchName}: ${existingWt}`);
       // Probe origin first — locally-created branches that were never pushed

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.1775",
+  "version": "0.1.1776",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"