agentsmesh 0.14.0 → 0.16.0

package/dist/engine.d.ts

@@ -1,5 +1,5 @@
-import { V as ValidatedConfig, b as CanonicalFiles } from './schema-o4oXUVBP.js';
-import { G as GenerateResult, h as TargetLayoutScope, L as LintDiagnostic, d as ImportResult } from './target-descriptor--Nw5i4v3.js';
+import { V as ValidatedConfig, b as CanonicalFiles } from './schema-CD2qcmDL.js';
+import { G as GenerateResult, h as TargetLayoutScope, L as LintDiagnostic, d as ImportResult } from './target-descriptor-CvB1qzPn.js';
 import 'zod';
 
 /**

package/dist/engine.js

@@ -1,8 +1,8 @@
 import { z } from 'zod';
 import { stringify, parse } from 'yaml';
-import { readFile, rm, mkdir, readdir, stat, lstat, unlink, writeFile, rename, access, realpath } from 'fs/promises';
 import { join, basename, dirname, relative, win32, posix, resolve, extname } from 'path';
-import { constants, existsSync, realpathSync, statSync } from 'fs';
+import { readFile, rm, mkdir, readdir, stat, lstat, unlink, writeFile, rename, chmod, access, realpath } from 'fs/promises';
+import { constants, existsSync, realpathSync, statSync, readFileSync } from 'fs';
 import { parse as parse$1 } from 'smol-toml';
 import { Buffer } from 'buffer';
 import { homedir } from 'os';
@@ -619,6 +619,104 @@ function shouldNormalizeLineEndings(path) {
 function normalizeLineEndings(content) {
   return content.replace(/\r\n?/g, "\n");
 }
+function executableModeFor(path) {
+  return EXECUTABLE_SCRIPT_EXTENSIONS.has(extname(path).toLowerCase()) ? 493 : void 0;
+}
+var UTF8_BOM, TEXT_EXTENSIONS, TEXT_DOTFILES, EXECUTABLE_SCRIPT_EXTENSIONS;
+var init_fs_text_encoding = __esm({
+  "src/utils/filesystem/fs-text-encoding.ts"() {
+    UTF8_BOM = "\uFEFF";
+    TEXT_EXTENSIONS = /* @__PURE__ */ new Set([
+      ".md",
+      ".mdc",
+      ".mdx",
+      ".markdown",
+      ".txt",
+      ".json",
+      ".jsonc",
+      ".yaml",
+      ".yml",
+      ".toml",
+      ".ini",
+      ".sh",
+      ".bash",
+      ".zsh",
+      ".ps1",
+      ".js",
+      ".mjs",
+      ".cjs",
+      ".ts",
+      ".tsx",
+      ".html",
+      ".css"
+    ]);
+    TEXT_DOTFILES = /* @__PURE__ */ new Set([
+      ".gitignore",
+      ".cursorignore",
+      ".cursorindexingignore",
+      ".aiignore",
+      ".agentignore",
+      ".clineignore",
+      ".geminiignore",
+      ".codeiumignore",
+      ".continueignore",
+      ".copilotignore",
+      ".windsurfignore",
+      ".junieignore",
+      ".kiroignore",
+      ".rooignore",
+      ".antigravityignore"
+    ]);
+    EXECUTABLE_SCRIPT_EXTENSIONS = /* @__PURE__ */ new Set([".sh", ".bash", ".zsh"]);
+  }
+});
+async function readDirRecursive(dir, visited) {
+  let canonicalDir;
+  try {
+    canonicalDir = await realpath(dir);
+  } catch (err) {
+    const e = err;
+    if (e.code === "ENOENT" || e.code === "ENOTDIR" || e.code === "ELOOP") return [];
+    throw new FileSystemError(
+      dir,
+      `Failed to read directory ${dir}: ${e.message}. Check permissions.`,
+      { cause: err, errnoCode: e.code }
+    );
+  }
+  const seen = visited ?? /* @__PURE__ */ new Set();
+  if (seen.has(canonicalDir)) return [];
+  seen.add(canonicalDir);
+  try {
+    const entries = await readdir(dir, { withFileTypes: true });
+    const files = [];
+    for (const ent of entries) {
+      const full = join(dir, ent.name);
+      const walkChild = ent.isDirectory() || ent.isSymbolicLink() && await stat(full).then(
+        (s) => s.isDirectory(),
+        () => false
+      );
+      if (walkChild) {
+        files.push(...await readDirRecursive(full, seen));
+      } else {
+        files.push(full);
+      }
+    }
+    return files;
+  } catch (err) {
+    const e = err;
+    if (e.code === "ENOENT" || e.code === "ENOTDIR" || e.code === "EACCES") return [];
+    throw new FileSystemError(
+      dir,
+      `Failed to read directory ${dir}: ${e.message}. Check permissions.`,
+      { cause: err, errnoCode: e.code }
+    );
+  }
+}
+var init_fs_traverse = __esm({
+  "src/utils/filesystem/fs-traverse.ts"() {
+    init_errors();
+  }
+});
 async function readFileSafe(path) {
   try {
     const data = await readFile(path, "utf-8");
@@ -633,7 +731,7 @@ async function readFileSafe(path) {
     );
   }
 }
-async function writeFileAtomic(path, content) {
+async function writeFileAtomic(path, content, options) {
   const dir = dirname(path);
   await mkdir(dir, { recursive: true });
   try {
@@ -657,6 +755,7 @@ async function writeFileAtomic(path, content) {
   }
   const tmpPath = `${path}.tmp`;
   const payload = shouldNormalizeLineEndings(path) ? normalizeLineEndings(content) : content;
+  const mode = executableModeFor(path);
   try {
     try {
       const tmpInfo = await lstat(tmpPath);
@@ -666,8 +765,16 @@ async function writeFileAtomic(path, content) {
     } catch (tmpErr) {
       if (tmpErr.code !== "ENOENT") throw tmpErr;
     }
-    await writeFile(tmpPath, payload, { encoding: "utf-8", flag: "w" });
+    const writeOpts = {
+      encoding: "utf-8",
+      flag: "w"
+    };
+    if (mode !== void 0) writeOpts.mode = mode;
+    await writeFile(tmpPath, payload, writeOpts);
     await rename(tmpPath, path);
+    if (mode !== void 0) {
+      await chmod(path, mode);
+    }
   } catch (err) {
     await rm(tmpPath, { force: true }).catch(() => {
     });
@@ -690,94 +797,12 @@ async function exists(path) {
 async function mkdirp(path) {
   await mkdir(path, { recursive: true });
 }
-async function readDirRecursive(dir, visited) {
-  let canonicalDir;
-  try {
-    canonicalDir = await realpath(dir);
-  } catch (err) {
-    const e = err;
-    if (e.code === "ENOENT" || e.code === "ENOTDIR" || e.code === "ELOOP") return [];
-    throw new FileSystemError(
-      dir,
-      `Failed to read directory ${dir}: ${e.message}. Check permissions.`,
-      { cause: err, errnoCode: e.code }
-    );
-  }
-  const seen = visited ?? /* @__PURE__ */ new Set();
-  if (seen.has(canonicalDir)) return [];
-  seen.add(canonicalDir);
-  try {
-    const entries = await readdir(dir, { withFileTypes: true });
-    const files = [];
-    for (const ent of entries) {
-      const full = join(dir, ent.name);
-      const walkChild = ent.isDirectory() || ent.isSymbolicLink() && await stat(full).then(
-        (s) => s.isDirectory(),
-        () => false
-      );
-      if (walkChild) {
-        files.push(...await readDirRecursive(full, seen));
-      } else {
-        files.push(full);
-      }
-    }
-    return files;
-  } catch (err) {
-    const e = err;
-    if (e.code === "ENOENT" || e.code === "ENOTDIR" || e.code === "EACCES") return [];
-    throw new FileSystemError(
-      dir,
-      `Failed to read directory ${dir}: ${e.message}. Check permissions.`,
-      { cause: err, errnoCode: e.code }
-    );
-  }
-}
-var UTF8_BOM, TEXT_EXTENSIONS, TEXT_DOTFILES;
 var init_fs = __esm({
   "src/utils/filesystem/fs.ts"() {
     init_errors();
-    UTF8_BOM = "\uFEFF";
-    TEXT_EXTENSIONS = /* @__PURE__ */ new Set([
-      ".md",
-      ".mdc",
-      ".mdx",
-      ".markdown",
-      ".txt",
-      ".json",
-      ".jsonc",
-      ".yaml",
-      ".yml",
-      ".toml",
-      ".ini",
-      ".sh",
-      ".bash",
-      ".zsh",
-      ".ps1",
-      ".js",
-      ".mjs",
-      ".cjs",
-      ".ts",
-      ".tsx",
-      ".html",
-      ".css"
-    ]);
-    TEXT_DOTFILES = /* @__PURE__ */ new Set([
-      ".gitignore",
-      ".cursorignore",
-      ".cursorindexingignore",
-      ".aiignore",
-      ".agentignore",
-      ".clineignore",
-      ".geminiignore",
-      ".codeiumignore",
-      ".continueignore",
-      ".copilotignore",
-      ".windsurfignore",
-      ".junieignore",
-      ".kiroignore",
-      ".rooignore",
-      ".antigravityignore"
-    ]);
+    init_fs_text_encoding();
+    init_fs_traverse();
+    init_fs_text_encoding();
   }
 });
 function escapeRegExp(value) {
@@ -5173,13 +5198,16 @@ function generateAgents4(canonical) {
 function safeEventName(event) {
   return event.replace(/[^a-zA-Z0-9]/g, "-").toLowerCase();
 }
+function safeShellLine(value) {
+  return value.replace(/[\r\n]+/g, " ");
+}
 function buildHookScript(event, command, matcher) {
   return [
     "#!/usr/bin/env bash",
-    `# agentsmesh-event: ${event}`,
-    `# agentsmesh-matcher: ${matcher}`,
-    `# agentsmesh-command: ${command}`,
-    "set -e",
+    `# agentsmesh-event: ${safeShellLine(event)}`,
+    `# agentsmesh-matcher: ${safeShellLine(matcher)}`,
+    `# agentsmesh-command: ${safeShellLine(command)}`,
+    "set -eu",
     command,
     ""
   ].join("\n");
@@ -7636,7 +7664,7 @@ function extractMatcher(comment) {
 function extractWrapperCommand(content) {
   const metadataMatch = content.match(/^# agentsmesh-command:\s*(.+)$/m);
   if (metadataMatch?.[1]) return metadataMatch[1].trim();
-  return content.replace(/^#!.*\n/, "").replace(/^#.*\n/gm, "").replace(/^HOOK_DIR=.*\n/gm, "").replace(/^set -e\n?/m, "").trim();
+  return content.replace(/^#!.*\n/, "").replace(/^#.*\n/gm, "").replace(/^HOOK_DIR=.*\n/gm, "").replace(/^set -e[u]?\n?/m, "").trim();
 }
 async function importHooks(projectRoot, results) {
   const hooksDir = join(projectRoot, COPILOT_HOOKS_DIR);
@@ -7958,12 +7986,15 @@ async function buildAssetOutput(projectRoot, command) {
 function wrapperPath(event, index) {
   return `${COPILOT_HOOKS_DIR}/scripts/${safePhaseName(event)}-${index}.sh`;
 }
+function safeShellLine2(value) {
+  return value.replace(/[\r\n]+/g, " ");
+}
 function buildWrapper(command, matcher) {
   return [
     "#!/usr/bin/env bash",
-    `# agentsmesh-matcher: ${matcher}`,
-    `# agentsmesh-command: ${command}`,
-    "set -e",
+    `# agentsmesh-matcher: ${safeShellLine2(matcher)}`,
+    `# agentsmesh-command: ${safeShellLine2(command)}`,
+    "set -eu",
     command,
     ""
   ].join("\n");
@@ -7987,8 +8018,8 @@ async function addHookScriptAssets(projectRoot, canonical, outputs) {
         }
       }
       const wrapper = buildWrapper(command, entry.matcher).replace(
-        "set -e\n",
-        'set -e\nHOOK_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"\n'
+        "set -eu\n",
+        'set -eu\nHOOK_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"\n'
       );
       wrapperOutputs.push({ path: scriptPath, content: wrapper });
       index++;
@@ -15590,7 +15621,15 @@ var conversionsSchema = z.object({
 var pluginEntrySchema = z.object({
   id: z.string().regex(/^[a-z][a-z0-9-]*$/),
   source: z.string(),
-  version: z.string().optional()
+  version: z.string().optional(),
+  /**
+   * When true, a failure to import or validate this plugin throws and
+   * aborts the run. Default `false` keeps the lenient behavior of logging
+   * a warning and continuing. Use strict mode in CI when missing
+   * descriptors should fail the build instead of silently shrinking the
+   * generation matrix.
+   */
+  strict: z.boolean().optional()
 }).strict();
 var configSchema = z.object({
   version: z.literal(1),
@@ -15758,6 +15797,13 @@ init_fs();
 init_fs();
 var execFileAsync = promisify(execFile);
 var REPO_DIRNAME = "repo";
+function ensureNotFlag(value, kind) {
+  if (value.startsWith("-")) {
+    throw new Error(
+      `agentsmesh refuses ${kind} starting with "-" (option-injection guard): ${value}`
+    );
+  }
+}
 async function fetchGitRemoteExtend(parsed, extendName, options, cacheDir, buildCacheKey2) {
   const provider = "cloneUrl" in parsed ? "gitlab" : "git";
   const identifier = "cloneUrl" in parsed ? `${parsed.namespace}/${parsed.project}` : parsed.url;
@@ -15815,9 +15861,11 @@ function resolveCloneUrl(parsed) {
   return parsed.url;
 }
 async function cloneRepo(cloneUrl, repoDir) {
+  ensureNotFlag(cloneUrl, "clone-url");
   await runGit(["clone", cloneUrl, repoDir]);
 }
 async function checkoutRef(repoDir, ref) {
+  ensureNotFlag(ref, "ref");
   await runGit(["checkout", ref], repoDir);
 }
 async function getHeadSha(repoDir) {
@@ -15836,6 +15884,46 @@ async function runGit(args, cwd) {
 
 // src/config/remote/github-remote.ts
 init_fs();
+var MAX_TARBALL_BYTES = 500 * 1024 * 1024;
+async function readBoundedResponse(res, maxBytes) {
+  const lenHeader = typeof res.headers?.get === "function" ? res.headers.get("content-length") : null;
+  if (lenHeader !== null) {
+    const declared = Number(lenHeader);
+    if (Number.isFinite(declared) && declared > maxBytes) {
+      throw new Error(`remote response declared ${declared} bytes; exceeds cap of ${maxBytes}`);
+    }
+  }
+  const stream = res.body;
+  if (!stream) {
+    const buf = await res.arrayBuffer();
+    if (buf.byteLength > maxBytes) {
+      throw new Error(`remote response is ${buf.byteLength} bytes; exceeds cap of ${maxBytes}`);
+    }
+    return new Uint8Array(buf);
+  }
+  const reader = stream.getReader();
+  const chunks = [];
+  let total = 0;
+  for (; ; ) {
+    const { done, value } = await reader.read();
+    if (done) break;
+    if (!value) continue;
+    total += value.byteLength;
+    if (total > maxBytes) {
+      await reader.cancel().catch(() => {
+      });
+      throw new Error(`remote response exceeded cap of ${maxBytes} bytes during streaming`);
+    }
+    chunks.push(value);
+  }
+  const out2 = new Uint8Array(total);
+  let offset = 0;
+  for (const c2 of chunks) {
+    out2.set(c2, offset);
+    offset += c2.byteLength;
+  }
+  return out2;
+}
 async function resolveLatestTag(org, repo, token) {
   const url = `https://api.github.com/repos/${org}/${repo}/releases/latest`;
   const headers = {
@@ -15875,11 +15963,11 @@ async function fetchGithubRemoteExtend(parsed, extendName, options, cacheDir, bu
   const tarballUrl = `https://github.com/${parsed.org}/${parsed.repo}/tarball/${tag}`;
   const headers = {};
   if (token) headers.Authorization = `Bearer ${token}`;
-  let tarballBuffer;
+  let tarballBytes;
   try {
     const res = await globalThis.fetch(tarballUrl, { headers, redirect: "follow" });
     if (!res.ok) throw new Error(`HTTP ${res.status}: ${res.statusText}`);
-    tarballBuffer = await res.arrayBuffer();
+    tarballBytes = await readBoundedResponse(res, MAX_TARBALL_BYTES);
   } catch (err) {
     const allowFallback = options.allowOfflineFallback !== false;
     if (allowFallback && await exists(extractDir)) {
@@ -15896,7 +15984,7 @@ async function fetchGithubRemoteExtend(parsed, extendName, options, cacheDir, bu
   await rm(extractDir, { recursive: true, force: true });
   await mkdir(extractDir, { recursive: true });
   const tarPath = join(extractDir, "archive.tar.gz");
-  await writeFile(tarPath, new Uint8Array(tarballBuffer));
+  await writeFile(tarPath, tarballBytes);
   try {
     await tar.extract({
       file: tarPath,
@@ -16068,7 +16156,20 @@ function buildCacheKey(provider, identifier, ref) {
 }
 function getCacheDir() {
   const env = process.env.AGENTSMESH_CACHE;
-  if (env) return env;
+  if (env) {
+    const trimmed = env.trim();
+    if (!trimmed) {
+      return join(homedir(), ".agentsmesh", "cache");
+    }
+    const isAbs = /^([A-Za-z]:[\\/]|\/)/.test(trimmed);
+    if (!isAbs) {
+      throw new Error(`AGENTSMESH_CACHE must be an absolute path (got: "${trimmed}").`);
+    }
+    if (trimmed === "/" || /^[A-Za-z]:[\\/]?$/.test(trimmed)) {
+      throw new Error(`AGENTSMESH_CACHE must not be the filesystem root (got: "${trimmed}").`);
+    }
+    return trimmed;
+  }
   return join(homedir(), ".agentsmesh", "cache");
 }
 async function fetchRemoteExtend(source, extendName, options = {}) {
@@ -16160,6 +16261,98 @@ async function resolveExtendPaths(config, configDir, options = {}) {
 // src/canonical/features/rules.ts
 init_fs();
 init_markdown();
+
+// src/utils/filesystem/windows-path-safety.ts
+var WINDOWS_RESERVED_NAMES = /* @__PURE__ */ new Set([
+  "CON",
+  "PRN",
+  "AUX",
+  "NUL",
+  "COM1",
+  "COM2",
+  "COM3",
+  "COM4",
+  "COM5",
+  "COM6",
+  "COM7",
+  "COM8",
+  "COM9",
+  "LPT1",
+  "LPT2",
+  "LPT3",
+  "LPT4",
+  "LPT5",
+  "LPT6",
+  "LPT7",
+  "LPT8",
+  "LPT9"
+]);
+var WINDOWS_ILLEGAL_CHARS = new RegExp('[<>:"|?*\\u0000-\\u001F]');
+function segmentReservedName(segment) {
+  const stem = segment.replace(/\.[^.]*$/, "").toUpperCase();
+  return WINDOWS_RESERVED_NAMES.has(stem);
+}
+function findWindowsPathIssues(path) {
+  const issues = [];
+  const segments = path.split(/[\\/]/);
+  for (const segment of segments) {
+    if (segment === "" || segment === "." || segment === "..") continue;
+    if (WINDOWS_ILLEGAL_CHARS.test(segment)) {
+      issues.push({ segment, reason: "illegal-character" });
+      continue;
+    }
+    if (/[. ]$/.test(segment)) {
+      issues.push({ segment, reason: "trailing-dot-or-space" });
+      continue;
+    }
+    if (segmentReservedName(segment)) {
+      issues.push({ segment, reason: "reserved-name" });
+    }
+  }
+  return issues;
+}
+
+// src/canonical/features/validate-name.ts
+var CanonicalNameError = class extends Error {
+  feature;
+  name;
+  constructor(feature, name, message) {
+    super(message);
+    this.feature = feature;
+    this.name = name;
+  }
+};
+function assertCanonicalName(feature, name) {
+  const issues = findWindowsPathIssues(name);
+  if (issues.length === 0) return;
+  const reasons = issues.map((i) => `${i.segment} (${i.reason})`).join(", ");
+  throw new CanonicalNameError(
+    feature,
+    name,
+    `canonical ${feature} name "${name}" is not portable to Windows: ${reasons}. Rename the file.`
+  );
+}
+function assertNoBasenameCollisions(feature, paths, stripExt) {
+  const seen = /* @__PURE__ */ new Map();
+  for (const p of paths) {
+    const fwdIdx = p.lastIndexOf("/");
+    const bckIdx = p.lastIndexOf("\\");
+    const idx = Math.max(fwdIdx, bckIdx);
+    const base = idx === -1 ? p : p.slice(idx + 1);
+    const slug = base.endsWith(stripExt) ? base.slice(0, -stripExt.length) : base;
+    const prior = seen.get(slug);
+    if (prior !== void 0 && prior !== p) {
+      throw new CanonicalNameError(
+        feature,
+        slug,
+        `canonical ${feature} files collide on slug "${slug}": ${prior} vs ${p}. Rename one.`
+      );
+    }
+    seen.set(slug, p);
+  }
+}
+
+// src/canonical/features/rules.ts
 var VALID_TRIGGERS = ["always_on", "model_decision", "glob", "manual"];
 function toStrArray(v) {
   if (Array.isArray(v)) return v.filter((x) => typeof x === "string");
@@ -16179,6 +16372,7 @@ async function parseRules(rulesDir) {
     if (!content) continue;
     const { frontmatter, body } = parseFrontmatter(content);
     const name = basename(path, ".md");
+    assertCanonicalName("rule", name);
     const rootFromFilename = name === "_root";
     const rootFromFm = frontmatter.root === true;
     const triggerRaw = frontmatter.trigger;
@@ -16220,12 +16414,14 @@ function toToolsArray2(v) {
 async function parseCommands(commandsDir) {
   const files = await readDirRecursive(commandsDir);
   const mdFiles = files.filter((f) => f.endsWith(".md") && !basename(f).startsWith("_"));
+  assertNoBasenameCollisions("command", mdFiles, ".md");
   const commands = [];
   for (const path of mdFiles) {
     const content = await readFileSafe(path);
     if (!content) continue;
     const { frontmatter, body } = parseFrontmatter(content);
     const name = basename(path, ".md");
+    assertCanonicalName("command", name);
     const fromCamel = toToolsArray2(frontmatter.allowedTools);
     const fromKebab = toToolsArray2(frontmatter["allowed-tools"]);
     const allowedTools = fromCamel.length > 0 ? fromCamel : fromKebab;
@@ -16273,12 +16469,14 @@ function toHooks2(v) {
 async function parseAgents(agentsDir) {
   const files = await readDirRecursive(agentsDir);
   const mdFiles = files.filter((f) => f.endsWith(".md") && !basename(f).startsWith("_"));
+  assertNoBasenameCollisions("agent", mdFiles, ".md");
   const agents = [];
   for (const path of mdFiles) {
     const content = await readFileSafe(path);
     if (!content) continue;
     const { frontmatter, body } = parseFrontmatter(content);
     const name = basename(path, ".md");
+    assertCanonicalName("agent", name);
     const toolsCamel = toStrArray2(frontmatter.tools);
     const toolsKebab = toStrArray2(frontmatter["tools"]);
     const tools = toolsCamel.length > 0 ? toolsCamel : toolsKebab;
@@ -16346,9 +16544,11 @@ async function parseSkillDirectory(skillDir) {
   const { frontmatter, body } = parseFrontmatter(content);
   const supportingFiles = await listSupportingFiles(skillDir);
   const fmName = typeof frontmatter.name === "string" ? sanitizeSkillName(frontmatter.name) : "";
+  const name = fmName || basename(skillDir);
+  assertCanonicalName("skill", name);
   return {
     source: skillPath,
-    name: fmName || basename(skillDir),
+    name,
     description: typeof frontmatter.description === "string" ? frontmatter.description : "",
     body,
     supportingFiles
@@ -16365,6 +16565,7 @@ async function parseSkills(skillsDir) {
   for (const ent of entries) {
     if (!ent.isDirectory()) continue;
     if (ent.name.startsWith("_")) continue;
+    assertCanonicalName("skill", ent.name);
     const skillDir = join(skillsDir, ent.name);
     const skillPath = join(skillDir, SKILL_FILE);
     const content = await readFileSafe(skillPath);
@@ -17218,15 +17419,35 @@ async function loadCanonicalWithExtends(config, configDir, options = {}, canonic
 // src/plugins/load-plugin.ts
 init_target_descriptor_schema();
 init_registry();
+function resolveNpmSpecifier(source, projectRoot) {
+  const pkgDir = join(projectRoot, "node_modules", source);
+  const pkgJsonPath = join(pkgDir, "package.json");
+  if (!existsSync(pkgJsonPath)) {
+    throw new Error(`Cannot find package '${source}' in ${join(projectRoot, "node_modules")}`);
+  }
+  const pkgJson = JSON.parse(readFileSync(pkgJsonPath, "utf-8"));
+  const entry = (typeof pkgJson.exports === "string" ? pkgJson.exports : null) ?? (typeof pkgJson.main === "string" ? pkgJson.main : null) ?? "index.js";
+  const resolved = resolve(pkgDir, entry);
+  if (!existsSync(resolved)) {
+    throw new Error(`Package '${source}' entry '${entry}' does not exist at ${resolved}`);
+  }
+  return resolved;
+}
+function isLocalSource(source) {
+  return source.startsWith("file:") || source.startsWith("./") || source.startsWith("../") || source.startsWith("/") || // Windows absolute paths: `D:\foo`, `C:/bar`, etc. `node:path`'s `resolve()` produces
+  // these on win32, and they must not be misinterpreted as bare npm package names.
+  /^[A-Za-z]:[/\\]/.test(source);
+}
 async function importPluginModule(entry, projectRoot) {
   const { source } = entry;
   let importTarget;
-  if (source.startsWith("file:") || source.startsWith("./") || source.startsWith("../") || source.startsWith("/")) {
+  if (isLocalSource(source)) {
     const raw = source.startsWith("file:") ? fileURLToPath(source) : source;
     const resolved = resolve(projectRoot, raw);
     importTarget = pathToFileURL(resolved).href;
   } else {
-    importTarget = source;
+    const resolved = resolveNpmSpecifier(source, projectRoot);
+    importTarget = pathToFileURL(resolved).href;
   }
   const mod = await import(importTarget);
   return mod;
@@ -17265,18 +17486,29 @@ async function loadPlugin(entry, projectRoot) {
 }
 async function loadAllPlugins(entries, projectRoot) {
   const results = [];
-  await Promise.all(
+  const envStrict = process.env.AGENTSMESH_STRICT_PLUGINS === "1" || process.env.AGENTSMESH_STRICT_PLUGINS === "true";
+  const settled = await Promise.all(
     entries.map(async (entry) => {
       try {
         const loaded = await loadPlugin(entry, projectRoot);
         results.push(loaded);
+        return null;
       } catch (err) {
-        logger.warn(
-          `Plugin '${entry.source}' failed to load: ${err instanceof Error ? err.message : String(err)}`
-        );
+        const message = `Plugin '${entry.source}' failed to load: ${err instanceof Error ? err.message : String(err)}`;
+        if (entry.strict === true || envStrict) {
+          return new Error(message);
+        }
+        logger.warn(message);
+        return null;
       }
     })
   );
+  const fatal = settled.filter((e) => e !== null);
+  if (fatal.length > 0) {
+    const summary = fatal.map((e) => `  - ${e.message}`).join("\n");
+    throw new Error(`agentsmesh: ${fatal.length} plugin(s) failed strict load:
+${summary}`);
+  }
   return results;
 }