@yemi33/minions 0.1.1775 → 0.1.1777

package/CHANGELOG.md

@@ -1,16 +1,22 @@
 # Changelog
 
-## 0.1.1775 (2026-05-07)
+## 0.1.1777 (2026-05-07)
+
+### Fixes
+- tighten worktreeRoot validation everywhere worktrees are created
+
+## 0.1.1776 (2026-05-07)
+
+### Fixes
+- refuse worktree paths nested in any project root
+
+## 0.1.1774 (2026-05-07)
 
 ### Features
--  Improve dashboard API route metadata
 - suppress stale doc-chat model errors
 
 ### Fixes
 - yemi33/minions#2168
--  honor central plan work item project
--  restore canonical-home shared helpers
-- yemi33/minions#2170
 
 ## 0.1.1772 (2026-05-07)
 

package/engine/cleanup.js

@@ -366,6 +366,31 @@ async function runCleanup(config, verbose = false) {
     }
   }
 
+  // 2b. Detect git worktrees registered inside any linked project's working tree.
+  // Nested worktrees cause glob/grep tools running with cwd=projectRoot to match
+  // BOTH copies of every file; a single Edit/MultiEdit then writes the same
+  // change to both locations, producing "mirror dirty file" leaks (W-cc-doc-chat-continuity).
+  // We only WARN here — removing someone else's worktree without consent could
+  // destroy in-flight work. The operator runs `git worktree remove <path>`.
+  cleaned.nestedWorktrees = 0;
+  for (const project of projects) {
+    const root = project.localPath ? path.resolve(project.localPath) : null;
+    if (!root || !fs.existsSync(root)) continue;
+    let raw;
+    try {
+      raw = String(shared.execSilent('git worktree list --porcelain', { cwd: root, timeout: 10000, windowsHide: true }) || '');
+    } catch (e) { log('warn', `nested-worktree scan for ${project.name || root}: ${e.message}`); continue; }
+    for (const line of raw.split('\n')) {
+      if (!line.startsWith('worktree ')) continue;
+      const wt = line.slice('worktree '.length).trim();
+      if (!wt) continue;
+      if (path.resolve(wt) === root) continue; // main worktree — expected
+      if (!shared.isPathInsideOrEqual(wt, root)) continue;
+      cleaned.nestedWorktrees++;
+      log('warn', `Nested worktree in project "${project.name || root}": "${wt}" is inside "${root}". This causes glob tools to match both copies and produces mirror writes. Run: git worktree remove "${wt}"`);
+    }
+  }
+
   // 3. Clean git worktrees for merged/abandoned PRs
   const _attemptedWorktreePaths = new Set(); // dedup across projects sharing a worktreeRoot
   for (const project of projects) {
@@ -664,8 +689,8 @@ async function runCleanup(config, verbose = false) {
     }
   } catch (e) { log('warn', 'prune orphaned dispatches: ' + e.message); }
 
-  if (cleaned.tempFiles + cleaned.liveOutputs + cleaned.worktrees + cleaned.zombies + (cleaned.files || 0) + cleaned.orphanedDispatches > 0) {
-    log('info', `Cleanup: ${cleaned.tempFiles} temp, ${cleaned.liveOutputs} live outputs, ${cleaned.worktrees} worktrees, ${cleaned.zombies} zombies, ${cleaned.files || 0} archives, ${cleaned.orphanedDispatches} orphaned dispatches`);
+  if (cleaned.tempFiles + cleaned.liveOutputs + cleaned.worktrees + cleaned.zombies + (cleaned.files || 0) + cleaned.orphanedDispatches + (cleaned.nestedWorktrees || 0) > 0) {
+    log('info', `Cleanup: ${cleaned.tempFiles} temp, ${cleaned.liveOutputs} live outputs, ${cleaned.worktrees} worktrees, ${cleaned.zombies} zombies, ${cleaned.files || 0} archives, ${cleaned.orphanedDispatches} orphaned dispatches, ${cleaned.nestedWorktrees || 0} nested worktrees flagged`);
   }
 
   // 8. Clean swept KB files older than 7 days

package/engine/copilot-models.json

@@ -1,5 +1,5 @@
 {
   "runtime": "copilot",
   "models": null,
-  "cachedAt": "2026-05-07T21:35:37.002Z"
+  "cachedAt": "2026-05-07T23:17:20.330Z"
 }

package/engine/lifecycle.js

@@ -1745,6 +1745,17 @@ async function rebaseBranchOntoMain(pr, project, config) {
   const tmpWt = path.join(wtRoot, `rebase-${shared.sanitizeBranch(branch)}-${Date.now()}`).replace(/\\/g, '/');
   const _gitOpts = { cwd: root, timeout: 30000, windowsHide: true };
 
+  // Refuse to create a worktree nested in the project root — would cause
+  // glob/grep tools running with cwd=root to match both copies of every file
+  // and produce mirror writes. Misconfigured engine.worktreeRoot is the only
+  // way this lands inside root; the assert throws so the caller can recover.
+  try {
+    shared.assertWorktreeOutsideProject(tmpWt, root);
+  } catch (err) {
+    log('warn', `Post-merge rebase: refusing nested worktree path — ${err.message}`);
+    return { success: false, error: err.message };
+  }
+
   try {
     await execAsync(`git fetch origin "${mainBranch}" "${branch}"`, _gitOpts);
     try {

package/engine/preflight.js

@@ -238,8 +238,13 @@ function runPreflight(opts = {}) {
   //    us the config. checkOrExit() / cli start() / doctor() pass it; legacy
   //    callers don't, in which case we skip silently.
   if (opts && opts.config && typeof opts.config === 'object') {
+    // Hoisted: `shared` is referenced by every check block below, including
+    // workSources warnings and the worktreeRoot check. Previously declared
+    // inside the first inner try, which left later blocks reading an
+    // undefined identifier (ReferenceError silently caught by the wrapping
+    // try/catch).
+    const shared = require('./shared');
     try {
-      const shared = require('./shared');
       let runtimeNames = [];
       try { runtimeNames = require('./runtimes').listRuntimes(); }
       catch { /* registry may be missing during partial installs */ }
@@ -266,6 +271,32 @@ function runPreflight(opts = {}) {
         results.push({ name: `Project config (${w.id})`, ok: 'warn', message: w.message });
       }
     } catch { /* defensive */ }
+
+    // 5. worktreeRoot config check — for every linked project, verify that the
+    //    configured engine.worktreeRoot resolves OUTSIDE the project's
+    //    localPath. A nested worktreeRoot causes glob/grep to match both
+    //    copies of every file, producing silent mirror writes (the W-cc-doc-
+    //    chat-continuity leak class). Hard-fail at preflight so the operator
+    //    sees it before any agent dispatch — the runtime guard in spawnAgent
+    //    is the second line of defense.
+    try {
+      const path = require('path');
+      const projects = shared.getProjects(opts.config) || [];
+      const wtRoot = opts.config?.engine?.worktreeRoot || shared.ENGINE_DEFAULTS.worktreeRoot;
+      for (const project of projects) {
+        if (!project || !project.localPath) continue;
+        const root = path.resolve(project.localPath);
+        const resolved = path.resolve(root, wtRoot);
+        if (shared.isPathInsideOrEqual(resolved, root)) {
+          results.push({
+            name: `worktreeRoot (${project.name || root})`,
+            ok: false,
+            message: `engine.worktreeRoot "${wtRoot}" resolves to "${resolved}" — INSIDE project root "${root}". This causes glob/grep to match duplicate files and produces mirror writes. Set engine.worktreeRoot to a sibling path (default: "../worktrees").`,
+          });
+          allOk = false;
+        }
+      }
+    } catch { /* defensive — preflight must never throw */ }
   }
 
   return { passed: allOk, results };

package/engine/shared.js

@@ -2121,6 +2121,49 @@ function buildWorktreeDirName({
   return `${projectSlug}-${sanitizeBranch(branchName || 'worktree')}-${suffix}`;
 }
 
+/**
+ * True when `childPath` is the same as or nested within `parentPath`. Uses
+ * `path.relative` so it's cross-platform and resilient to mixed separators
+ * (Windows worktree paths often arrive with forward slashes from git output).
+ * Returns false when paths refer to different roots/drives or `childPath`
+ * escapes via `..`.
+ *
+ * Why this helper exists: a git worktree placed inside the parent repo's
+ * working tree causes glob/grep tools running with `cwd = projectRoot` to
+ * match BOTH copies of every file. A single Edit/MultiEdit then writes the
+ * same change to both locations, producing the "mirror dirty file" pattern.
+ * Worktrees must always be siblings/cousins of the project root, never
+ * descendants.
+ */
+function isPathInsideOrEqual(childPath, parentPath) {
+  if (!childPath || !parentPath) return false;
+  const childAbs = path.resolve(String(childPath));
+  const parentAbs = path.resolve(String(parentPath));
+  const rel = path.relative(parentAbs, childAbs);
+  if (rel === '') return true;
+  if (rel.startsWith('..')) return false;
+  if (path.isAbsolute(rel)) return false;
+  return true;
+}
+
+/**
+ * Throws when `worktreePath` would land inside (or equal) `projectRoot`.
+ * Called by the engine spawn path before `git worktree add`, and by the
+ * cleanup sweep that audits already-registered worktrees per linked project.
+ * The thrown Error has `code: 'WORKTREE_NESTED_IN_PROJECT'` so callers can
+ * branch on it without parsing the message.
+ */
+function assertWorktreeOutsideProject(worktreePath, projectRoot) {
+  if (!isPathInsideOrEqual(worktreePath, projectRoot)) return;
+  const err = new Error(
+    `Refusing to use worktree path "${worktreePath}" — it is inside project root "${projectRoot}". ` +
+    `A worktree nested in its parent project causes glob/grep tools to match both copies and ` +
+    `produces "mirror" dirty files. Place worktrees outside the project (engine.worktreeRoot default: "../worktrees").`
+  );
+  err.code = 'WORKTREE_NESTED_IN_PROJECT';
+  throw err;
+}
+
 // ── HTTP Origin Allowlist & Security Headers ─────────────────────────────────
 // Pure helpers used by dashboard.js to gate mutating requests against an
 // explicit allowlist of local origins and to attach uniform security response
@@ -3192,6 +3235,8 @@ module.exports = {
   sanitizePath,
   sanitizeBranch,
   buildWorktreeDirName, // exported for testing
+  isPathInsideOrEqual,
+  assertWorktreeOutsideProject,
   isLiveCommandCenterPath,
   describeCcProtectedPaths,
   renderCcSystemPrompt,

package/engine.js

@@ -625,10 +625,18 @@ async function spawnAgent(dispatchItem, config) {
       branchName,
     });
     worktreePath = path.resolve(rootDir, engineConfig.worktreeRoot || '../worktrees', wtDirName);
+    // Refuse to spawn into a worktree path that's inside the project root —
+    // nested worktrees cause glob/grep to match both copies (mirror writes).
+    // Throws on violation; caught by the outer try/catch which fails dispatch.
+    shared.assertWorktreeOutsideProject(worktreePath, rootDir);
 
     // If branch is already checked out in an existing worktree, reuse it
     const existingWt = await findExistingWorktree(rootDir, branchName);
     if (existingWt) {
+      // Same guard for reuse — a previously-created bad worktree must not
+      // be silently reused either; the cleanup sweep flags these so the
+      // operator can remove them.
+      shared.assertWorktreeOutsideProject(existingWt, rootDir);
       worktreePath = existingWt;
       log('info', `Reusing existing worktree for ${branchName}: ${existingWt}`);
       // Probe origin first — locally-created branches that were never pushed

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.1775",
+  "version": "0.1.1777",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"