bun-workspaces 1.9.0 → 1.11.0

package/src/affected/gitAffectedFiles.mjs

@@ -3,7 +3,29 @@ import path from "path";
 import { defineErrors } from "../internal/core/index.mjs";
 import { createSubprocess } from "../runScript/subprocesses.mjs";
 
-const GIT_AFFECTED_ERRORS = defineErrors("NoGitRepository", "GitCommandFailed");
+const GIT_AFFECTED_ERRORS = defineErrors(
+  "NoGitRepository",
+  "GitCommandFailed",
+  "InvalidGitRef",
+);
+/**
+ * Reject ref values that look like CLI options to avoid argument injection
+ * (e.g. a ref of `--upload-pack=...` being interpreted as a git option when
+ * passed as a positional argument). Git itself forbids refs starting with
+ * `-` via `git check-ref-format`, so this rejects only inputs that could
+ * never be a real ref.
+ */ const assertValidGitRef = (ref, label) => {
+  if (typeof ref !== "string" || ref.length === 0) {
+    throw new GIT_AFFECTED_ERRORS.InvalidGitRef(
+      `${label} must be a non-empty string`,
+    );
+  }
+  if (ref.startsWith("-")) {
+    throw new GIT_AFFECTED_ERRORS.InvalidGitRef(
+      `${label} cannot start with "-" (got ${JSON.stringify(ref)})`,
+    );
+  }
+};
 const GIT_AFFECTED_FILE_REASONS = ["diff", "staged", "unstaged", "untracked"];
 const runGit = async (args, cwd) => {
   const proc = createSubprocess(["git", ...args], {
@@ -61,6 +83,7 @@ const resolveGitRoot = async (rootDirectory) => {
   ref,
   projectRelativePath,
 }) => {
+  assertValidGitRef(ref, "ref");
   const gitRoot = fs.realpathSync.native(
     path.resolve(await resolveGitRoot(rootDirectory)),
   );
@@ -106,6 +129,8 @@ const getGitAffectedFiles = async (options) => {
     ignoreUnstaged,
     ignoreUncommitted,
   } = options;
+  assertValidGitRef(baseRef, "baseRef");
+  assertValidGitRef(headRef, "headRef");
   const gitRoot = fs.realpathSync.native(
     path.resolve(await resolveGitRoot(rootDirectory)),
   );

package/src/ai/mcp/bwMcpServer.mjs

@@ -1,7 +1,10 @@
 import package_0 from "../../../package.json";
 import { createMcpServer } from "./core/index.mjs";
 import { registerBwResources } from "./resources.mjs";
-import { setServerWorkingDirectory } from "./serverState.mjs";
+import {
+  setServerEnableExecutableConfigs,
+  setServerWorkingDirectory,
+} from "./serverState.mjs";
 import { registerBwTools } from "./tools.mjs";
 
 const SERVER_INSTRUCTIONS = `
@@ -32,6 +35,7 @@ $ bw run lint "alias:my-alias-*" "path:packages/**/*" "not:path:my-path/*" # use
 (end bun-workspaces MCP instructions)
 `.trim();
 const startBwMcpServer = async (options) => {
+  setServerEnableExecutableConfigs(options.enableExecutableConfigs ?? false);
   setServerWorkingDirectory(options.initialWorkingDirectory);
   const server = createMcpServer({
     name: "bun-workspaces",

package/src/ai/mcp/serverState.mjs

@@ -2,19 +2,28 @@ import { createFileSystemProject } from "../../project/implementations/fileSyste
 
 const SERVER_STATE = {
   workingDirectory: null,
+  enableExecutableConfigs: false,
 };
 const setServerWorkingDirectory = (directory) => {
   SERVER_STATE.workingDirectory = directory;
 };
+const setServerEnableExecutableConfigs = (enabled) => {
+  SERVER_STATE.enableExecutableConfigs = enabled;
+};
 const getServerProject = () => {
   if (!SERVER_STATE.workingDirectory) return null;
   try {
     return createFileSystemProject({
       rootDirectory: SERVER_STATE.workingDirectory,
+      disableExecutableConfigs: !SERVER_STATE.enableExecutableConfigs,
     });
   } catch {
     return null;
   }
 };
 
-export { getServerProject, setServerWorkingDirectory };
+export {
+  getServerProject,
+  setServerEnableExecutableConfigs,
+  setServerWorkingDirectory,
+};

package/src/ai/mcp/tools.mjs

@@ -202,7 +202,7 @@ const registerBwTools = (server) => {
     {
       name: "set_working_directory",
       description:
-        "Set the working directory used by this MCP server. All subsequent project queries will reflect the new directory.",
+        "Set the working directory used by this MCP server. All subsequent project queries will reflect the new directory. By default the server skips executable config files (bw.root.{ts,js}, bw.workspace.{ts,js}) in the target directory so that pointing the server at an unfamiliar project does not evaluate its code. Only bw.root.{jsonc,json}, bw.workspace.{jsonc,json}, and the package.json bw key are read. Start the server with --no-disable-executable-configs to allow executable configs.",
       inputSchema: {
         type: "object",
         properties: {

package/src/cli/commands/commandHandlerUtils.mjs

@@ -1,4 +1,5 @@
 import { Option } from "../../internal/bundledDeps/commander.mjs";
+import { sanitizeOutput } from "../../internal/core/index.mjs";
 import { BunWorkspacesError } from "../../internal/core/error/index.mjs";
 import { createLogger, logger } from "../../internal/logger/index.mjs";
 import { getCliCommandConfig } from "../../2392.mjs";
@@ -15,18 +16,18 @@ import { getCliCommandConfig } from "../../2392.mjs";
     .filter(Boolean)
     .map((value) => value.replace(/\\\s/g, " "));
 const createWorkspaceInfoLines = (workspace) => [
-  `Workspace: ${workspace.name}${workspace.isRoot ? " (root)" : ""}`,
-  ` - Aliases: ${workspace.aliases.join(", ")}`,
-  ` - Path: ${workspace.path}`,
-  ` - Glob Match: ${workspace.matchPattern}`,
-  ` - Scripts: ${workspace.scripts.join(", ")}`,
-  ` - Tags: ${workspace.tags.join(", ")}`,
-  ` - Dependencies: ${workspace.dependencies.join(", ")}`,
-  ` - Dependents: ${workspace.dependents.join(", ")}`,
+  `Workspace: ${sanitizeOutput(workspace.name)}${workspace.isRoot ? " (root)" : ""}`,
+  ` - Aliases: ${workspace.aliases.map(sanitizeOutput).join(", ")}`,
+  ` - Path: ${sanitizeOutput(workspace.path)}`,
+  ` - Glob Match: ${sanitizeOutput(workspace.matchPattern)}`,
+  ` - Scripts: ${workspace.scripts.map(sanitizeOutput).join(", ")}`,
+  ` - Tags: ${workspace.tags.map(sanitizeOutput).join(", ")}`,
+  ` - Dependencies: ${workspace.dependencies.map(sanitizeOutput).join(", ")}`,
+  ` - Dependents: ${workspace.dependents.map(sanitizeOutput).join(", ")}`,
 ];
 const createScriptInfoLines = (script, workspaces) => [
-  `Script: ${script}`,
-  ...workspaces.map((workspace) => ` - ${workspace.name}`),
+  `Script: ${sanitizeOutput(script)}`,
+  ...workspaces.map((workspace) => ` - ${sanitizeOutput(workspace.name)}`),
 ];
 const createJsonLines = (data, options) =>
   JSON.stringify(data, null, options.pretty ? 2 : undefined).split("\n");

package/src/cli/commands/commands.mjs

@@ -21,10 +21,10 @@ const defineProjectCommands = (context) => {
   scriptInfo(context);
   listTags(context);
   tagInfo(context);
-  mcpServer(context);
   runScript(context);
   listAffected(context);
   runAffected(context);
+  mcpServer(context);
 };
 
 export { defineGlobalCommands, defineProjectCommands };

package/src/cli/commands/handleSimpleCommands.mjs

@@ -1,4 +1,5 @@
 import { getDoctorInfo } from "../../doctor/index.mjs";
+import { sanitizeOutput } from "../../internal/core/index.mjs";
 import { logger } from "../../internal/logger/index.mjs";
 import {
   commandOutputLogger,
@@ -65,7 +66,7 @@ const listWorkspaces = handleProjectCommand(
     } else {
       workspaces.forEach((workspace) => {
         if (options.nameOnly) {
-          lines.push(workspace.name);
+          lines.push(sanitizeOutput(workspace.name));
         } else {
           lines.push(...createWorkspaceInfoLines(workspace));
         }
@@ -108,7 +109,7 @@ const listScripts = handleProjectCommand(
         .sort(({ name: nameA }, { name: nameB }) => nameA.localeCompare(nameB))
         .forEach(({ name, workspaces }) => {
           if (options.nameOnly) {
-            lines.push(name);
+            lines.push(sanitizeOutput(name));
           } else {
             lines.push(...createScriptInfoLines(name, workspaces));
           }
@@ -161,7 +162,7 @@ const scriptInfo = handleProjectCommand(
             options,
           )
         : options.workspacesOnly
-          ? scriptMetadata.workspaces.map(({ name }) => name)
+          ? scriptMetadata.workspaces.map(({ name }) => sanitizeOutput(name))
           : createScriptInfoLines(script, scriptMetadata.workspaces)
       ).join("\n"),
     );
@@ -189,10 +190,10 @@ const listTags = handleProjectCommand("listTags", ({ project }, options) => {
     }
     tags.forEach(({ tag, workspaces }) => {
       if (options.nameOnly) {
-        lines.push(tag);
+        lines.push(sanitizeOutput(tag));
       } else {
         lines.push(
-          `Tag: ${tag}\n${workspaces.map((name) => ` - ${name}`).join("\n")}`,
+          `Tag: ${sanitizeOutput(tag)}\n${workspaces.map((name) => ` - ${sanitizeOutput(name)}`).join("\n")}`,
         );
       }
     });
@@ -217,7 +218,7 @@ const handleSimpleCommands_tagInfo = handleProjectCommand(
     commandOutputLogger.info(
       options.json
         ? createJsonLines(tagInfo, options).join("\n")
-        : `Tag: ${tagInfo.name}\n${tagInfo.workspaces.map((name) => ` - ${name}`).join("\n")}`,
+        : `Tag: ${sanitizeOutput(tagInfo.name)}\n${tagInfo.workspaces.map((name) => ` - ${sanitizeOutput(name)}`).join("\n")}`,
     );
   },
 );

package/src/cli/commands/listAffected.mjs

@@ -1,4 +1,5 @@
 import path from "path";
+import { sanitizeOutput } from "../../internal/core/index.mjs";
 import { logger } from "../../internal/logger/index.mjs";
 import {
   commandOutputLogger,
@@ -19,34 +20,35 @@ const formatGitHeader = (metadata) => {
 };
 const formatDependencyChain = (dependency) => {
   const segments = dependency.chain.map((entry, index) => {
-    if (index === 0 || !entry.edgeSource) return entry.workspaceName;
-    return `\x1b[90m--[${entry.edgeSource}]->\x1b[0m ${entry.workspaceName}`;
+    const safeName = sanitizeOutput(entry.workspaceName);
+    if (index === 0 || !entry.edgeSource) return safeName;
+    return `\x1b[90m--[${entry.edgeSource}]->\x1b[0m ${safeName}`;
   });
   return segments.join(" ");
 };
 const formatSourceMarker = (change) =>
   change.source === "devDependencies" ? " (dev)" : "";
 const formatExternalDepEntryShort = (change) =>
-  `${change.name}${formatSourceMarker(change)}`;
+  `${sanitizeOutput(change.name)}${formatSourceMarker(change)}`;
 const formatExternalDepEntryDetailed = (change) => {
   const versions =
     change.baseVersion === null && change.headVersion === null
       ? "lockfile changed; precise diff unavailable"
-      : `${change.baseVersion ?? "(absent)"} -> ${change.headVersion ?? "(absent)"}`;
-  return `${change.name}${formatSourceMarker(change)} \x1b[90m[${versions}]\x1b[0m`;
+      : `${sanitizeOutput(change.baseVersion ?? "(absent)")} -> ${sanitizeOutput(change.headVersion ?? "(absent)")}`;
+  return `${sanitizeOutput(change.name)}${formatSourceMarker(change)} \x1b[90m[${versions}]\x1b[0m`;
 };
 const createWorkspaceSummaryLines = (result) => {
   const { workspace, affectedReasons } = result;
   const lines = [
-    `\x1b[1mWorkspace: ${workspace.name}\x1b[0m`,
-    `Path: ${workspace.path}`,
+    `\x1b[1mWorkspace: ${sanitizeOutput(workspace.name)}\x1b[0m`,
+    `Path: ${sanitizeOutput(workspace.path)}`,
   ];
   lines.push(
     `\x1b[96mChanged input files:\x1b[0m ${affectedReasons.changedFiles.length}`,
   );
   if (affectedReasons.dependencies.length) {
     lines.push(
-      `\x1b[96mAffected dependencies:\x1b[0m ${affectedReasons.dependencies.map(({ dependencyName }) => dependencyName).join(", ")}`,
+      `\x1b[96mAffected dependencies:\x1b[0m ${affectedReasons.dependencies.map(({ dependencyName }) => sanitizeOutput(dependencyName)).join(", ")}`,
     );
   } else {
     lines.push(`\x1b[96mAffected dependencies:\x1b[0m (none)`);
@@ -63,8 +65,8 @@ const createWorkspaceSummaryLines = (result) => {
 const createWorkspaceDetailedLines = (result) => {
   const { workspace, affectedReasons } = result;
   const lines = [
-    `\x1b[1mWorkspace: ${workspace.name}\x1b[0m`,
-    `Path: ${workspace.path}`,
+    `\x1b[1mWorkspace: ${sanitizeOutput(workspace.name)}\x1b[0m`,
+    `Path: ${sanitizeOutput(workspace.path)}`,
   ];
   if (affectedReasons.changedFiles.length) {
     lines.push("\x1b[96mChanged input files:\x1b[0m");
@@ -73,7 +75,7 @@ const createWorkspaceDetailedLines = (result) => {
         ?.filter((reason) => reason !== "diff")
         .join(", ");
       lines.push(
-        ` - ${path.relative(workspace.path, file.projectFilePath)} \x1b[90m(input: ${JSON.stringify(file.inputMatch)})${reasons ? ` [${reasons}]` : ""}\x1b[0m`,
+        ` - ${sanitizeOutput(path.relative(workspace.path, file.projectFilePath))} \x1b[90m(input: ${JSON.stringify(file.inputMatch)})${reasons ? ` [${reasons}]` : ""}\x1b[0m`,
       );
     }
   } else {
@@ -82,7 +84,7 @@ const createWorkspaceDetailedLines = (result) => {
   if (affectedReasons.dependencies.length) {
     lines.push("\x1b[96mAffected dependencies:\x1b[0m");
     for (const dependency of affectedReasons.dependencies) {
-      lines.push(` - ${dependency.dependencyName}`);
+      lines.push(` - ${sanitizeOutput(dependency.dependencyName)}`);
       lines.push(`   chain: ${formatDependencyChain(dependency)}`);
     }
   } else {
@@ -153,7 +155,9 @@ const listAffected = handleProjectCommand(
     if (!options.explain) {
       if (affectedResults.length) {
         commandOutputLogger.info(
-          affectedResults.map(({ workspace }) => workspace.name).join("\n"),
+          affectedResults
+            .map(({ workspace }) => sanitizeOutput(workspace.name))
+            .join("\n"),
         );
       } else {
         logger.info("No affected workspaces");

package/src/cli/commands/mcp.mjs

@@ -1,13 +1,23 @@
 import { startBwMcpServer } from "../../ai/mcp/index.mjs";
+import { getUserBoolEnvVar } from "../../config/userEnvVars/index.mjs";
 import { logger } from "../../internal/logger/index.mjs";
 import { handleGlobalCommand } from "./commandHandlerUtils.mjs";
 
 const mcpServer = handleGlobalCommand(
   "mcpServer",
-  async ({ workingDirectory }) => {
+  async ({ workingDirectory, disableExecutableConfigs }) => {
     logger.printLevel = "silent";
+    // mcp-server is the only command that defaults to *disabled* when
+    // neither the global flag nor the env var is set, because the server
+    // can be redirected to arbitrary directories at runtime via the
+    // set_working_directory tool. Precedence: CLI flag > env var > true.
+    const effectiveDisable =
+      disableExecutableConfigs ??
+      getUserBoolEnvVar("disableExecutableConfigsDefault") ??
+      true;
     await startBwMcpServer({
       initialWorkingDirectory: workingDirectory,
+      enableExecutableConfigs: !effectiveDisable,
     });
   },
 );

package/src/cli/commands/runScript/output/renderGroupedOutput.mjs

@@ -1,4 +1,4 @@
-import { runOnExit } from "../../../../internal/core/index.mjs";
+import { runOnExit, sanitizeOutput } from "../../../../internal/core/index.mjs";
 import {
   TypedEventTarget,
   createTypedEventFactory,
@@ -158,7 +158,8 @@ const renderGroupedOutput = async (
         statusText += ` (signal: ${state.signal})`;
       }
       const workspaceLine =
-        textOps[BORDER_COLOR]("Workspace: ") + textOps.bold(workspace.name);
+        textOps[BORDER_COLOR]("Workspace: ") +
+        textOps.bold(sanitizeOutput(workspace.name));
       const statusLine =
         textOps[BORDER_COLOR]("   Status: ") +
         textOps[STATUS_COLORS[state.status]](statusText);

package/src/cli/commands/runScript/output/renderPlainOutput.mjs

@@ -1,3 +1,4 @@
+import { sanitizeOutput } from "../../../../internal/core/index.mjs";
 import { sanitizeChunk } from "./sanitizeChunk.mjs";
 
 async function* generatePlainOutputLines(
@@ -6,7 +7,9 @@ async function* generatePlainOutputLines(
 ) {
   const workspaceLineBuffers = {};
   const formatLine = (line, workspaceName) => {
-    const prefixedLine = prefix ? `[${workspaceName}] ${line}` : line;
+    const prefixedLine = prefix
+      ? `[${sanitizeOutput(workspaceName)}] ${line}`
+      : line;
     return `\x1b[0m${prefixedLine}`;
   };
   for await (const { metadata, chunk } of output.text()) {

package/src/cli/commands/runScript/scriptRunFlow.mjs

@@ -1,6 +1,9 @@
 import fs from "fs";
 import path from "path";
-import { expandHomePath } from "../../../internal/core/index.mjs";
+import {
+  expandHomePath,
+  sanitizeOutput,
+} from "../../../internal/core/index.mjs";
 import { logger } from "../../../internal/logger/index.mjs";
 import {
   getDefaultOutputStyle,
@@ -130,13 +133,15 @@ const handleScriptRunFlow = async ({
   exitResults.scriptResults.forEach(
     ({ success, metadata: { workspace }, exitCode }) => {
       const isSkipped = exitCode === -1;
+      const safeWorkspaceName = sanitizeOutput(workspace.name);
+      const safeScriptName = sanitizeOutput(scriptName ?? "");
       if (isSkipped) {
         logger.info(
-          `➖ ${workspace.name}: ${scriptName} (skipped due to dependency failure)`,
+          `➖ ${safeWorkspaceName}: ${safeScriptName} (skipped due to dependency failure)`,
         );
       } else {
         logger.info(
-          `${success ? "✅" : "❌"} ${workspace.name}: ${scriptName}${exitCode ? ` (exited with code ${exitCode})` : ""}`,
+          `${success ? "✅" : "❌"} ${safeWorkspaceName}: ${safeScriptName}${exitCode ? ` (exited with code ${exitCode})` : ""}`,
         );
       }
     },

package/src/cli/createCli.mjs

@@ -82,8 +82,12 @@ const createCli = ({ defaultCwd = process.cwd(), defaultMiddleware } = {}) => {
         process.exit(1);
         return;
       }
-      const { project, projectError, workingDirectory } =
-        initializeWithGlobalOptions(program, args, middleware);
+      const {
+        project,
+        projectError,
+        workingDirectory,
+        disableExecutableConfigs,
+      } = initializeWithGlobalOptions(program, args, middleware);
       middleware.findProject({
         ...defaultContext,
         project,
@@ -103,6 +107,7 @@ const createCli = ({ defaultCwd = process.cwd(), defaultMiddleware } = {}) => {
         terminalWidth,
         terminalHeight,
         workingDirectory,
+        disableExecutableConfigs,
       });
       defineGlobalCommands({
         program,
@@ -112,6 +117,7 @@ const createCli = ({ defaultCwd = process.cwd(), defaultMiddleware } = {}) => {
         terminalWidth,
         terminalHeight,
         workingDirectory,
+        disableExecutableConfigs,
       });
       logger.debug(`Commands initialized. Parsing args...`);
       middleware.preParse({

package/src/cli/globalOptions/globalOptions.mjs

@@ -18,10 +18,8 @@ const ERRORS = defineErrors(
 const addGlobalOption = (program, optionName, defaultOverride) => {
   const { mainOption, shortOption, description, param, values, defaultValue } =
     getCliGlobalOptionConfig(optionName);
-  let option = new Option(
-    `${shortOption} ${mainOption}${param ? ` <${param}>` : ""}`,
-    description,
-  );
+  const flagsString = `${shortOption ? `${shortOption} ` : ""}${mainOption}${param ? ` <${param}>` : ""}`;
+  let option = new Option(flagsString, description);
   const effectiveDefaultValue = defaultOverride ?? defaultValue;
   if (effectiveDefaultValue) {
     option = option.default(effectiveDefaultValue);
@@ -106,6 +104,7 @@ const defineGlobalOptions = (program, args, middleware) => {
   }
   addGlobalOption(program, "logLevel");
   addGlobalOption(program, "includeRoot");
+  addGlobalOption(program, "disableExecutableConfigs");
   return {
     cwd,
   };
@@ -119,6 +118,7 @@ const applyGlobalOptions = (options) => {
     project = createFileSystemProject({
       rootDirectory: options.cwd,
       includeRootWorkspace: options.includeRoot,
+      disableExecutableConfigs: options.disableExecutableConfigs,
     });
     logger.debug(
       `Project: ${JSON.stringify(project.name)} (${project.workspaces.length} workspace${project.workspaces.length === 1 ? "" : "s"})`,
@@ -134,6 +134,7 @@ const applyGlobalOptions = (options) => {
     project,
     projectError: error,
     workingDirectory: options.cwd,
+    disableExecutableConfigs: options.disableExecutableConfigs,
   };
 };
 const initializeWithGlobalOptions = (program, args, middleware) => {

package/src/cli/index.d.ts

@@ -553,7 +553,7 @@ export declare const CLI_COMMANDS_CONFIG: {
     readonly command: "mcp-server";
     readonly isGlobal: true;
     readonly aliases: [];
-    readonly description: "Start the bun-workspaces MCP (Model Context Protocol) server over stdio";
+    readonly description: "Start the bun-workspaces MCP (Model Context Protocol) server over stdio. Defaults to skipping executable config files (bw.root.{ts,js}, bw.workspace.{ts,js}) for agent security. Pass the global --no-disable-executable-configs flag to allow them.";
     readonly options: {};
   };
   readonly listAffected: {
@@ -916,7 +916,7 @@ export declare const getCliCommandConfig: (commandName: CliCommandName) =>
       readonly command: "mcp-server";
       readonly isGlobal: true;
       readonly aliases: [];
-      readonly description: "Start the bun-workspaces MCP (Model Context Protocol) server over stdio";
+      readonly description: "Start the bun-workspaces MCP (Model Context Protocol) server over stdio. Defaults to skipping executable config files (bw.root.{ts,js}, bw.workspace.{ts,js}) for agent security. Pass the global --no-disable-executable-configs flag to allow them.";
       readonly options: {};
     }
   | {
@@ -1150,6 +1150,7 @@ export interface CliGlobalOptions {
   cwd: string;
   includeRoot: boolean;
   workspaceRoot: boolean;
+  disableExecutableConfigs: boolean;
 }
 export interface CliGlobalOptionConfig {
   mainOption: string;
@@ -1194,6 +1195,19 @@ export declare const getCliGlobalOptionConfig: (
       readonly defaultValue: "";
       readonly values: null;
       readonly param: "";
+    }
+  | {
+      readonly mainOption: "--disable-executable-configs";
+      readonly shortOption: "";
+      readonly description:
+        | "Skip evaluating executable config files (bw.root.{ts,js}, bw.workspace.{ts,js}). Only jsonc/json/package.json configs are read, for untrusted contexts. Can also be set via env var BW_PARALLEL_MAX_DEFAULT=true."
+        | "Skip evaluating executable config files (bw.root.{ts,js}, bw.workspace.{ts,js}). Only jsonc/json/package.json configs are read, for untrusted contexts. Can also be set via env var BW_SHELL_DEFAULT=true."
+        | "Skip evaluating executable config files (bw.root.{ts,js}, bw.workspace.{ts,js}). Only jsonc/json/package.json configs are read, for untrusted contexts. Can also be set via env var BW_INCLUDE_ROOT_WORKSPACE_DEFAULT=true."
+        | "Skip evaluating executable config files (bw.root.{ts,js}, bw.workspace.{ts,js}). Only jsonc/json/package.json configs are read, for untrusted contexts. Can also be set via env var BW_AFFECTED_BASE_REF_DEFAULT=true."
+        | "Skip evaluating executable config files (bw.root.{ts,js}, bw.workspace.{ts,js}). Only jsonc/json/package.json configs are read, for untrusted contexts. Can also be set via env var BW_DISABLE_EXECUTABLE_CONFIGS_DEFAULT=true.";
+      readonly defaultValue: "";
+      readonly values: null;
+      readonly param: "";
     };
 export declare const getCliGlobalOptionNames: () => CliGlobalOptionName[];
 /**
@@ -1375,6 +1389,17 @@ export type CreateFileSystemProjectOptions = {
   name?: string;
   /** Whether to include the root workspace as a normal workspace. This overrides any config or env var settings. */
   includeRootWorkspace?: boolean;
+  /**
+   * When true, skip discovery of `.ts`/`.js` config files (`bw.root.{ts,js}`,
+   * `bw.workspace.{ts,js}`) so no executable code is loaded from the project,
+   * for untrusted contexts.
+   *
+   * `.jsonc`/`.json` configs and the `package.json` `bw` key still resolve.
+   *
+   * When omitted, the `BW_DISABLE_EXECUTABLE_CONFIGS_DEFAULT` user env var is
+   * consulted (`"true"` or `"false"`). If neither is set, defaults to false.
+   */
+  disableExecutableConfigs?: boolean;
 };
 export type InlineScriptOptions = {
   /** A name to act as a label for the inline script */
@@ -1525,6 +1550,13 @@ export type GlobalCommandContext = {
   terminalWidth: number;
   terminalHeight: number;
   workingDirectory: string;
+  /**
+   * Value of the global `--disable-executable-configs` flag.
+   * `undefined` means the flag was not passed; commands are free to
+   * apply their own default (notably the mcp-server command defaults
+   * to disabled for security).
+   */
+  disableExecutableConfigs: boolean | undefined;
 };
 export type ProjectCommandContext = GlobalCommandContext & {
   project: FileSystemProject;
@@ -1697,6 +1729,7 @@ export declare const initializeWithGlobalOptions: (
   }>;
   projectError: Error | null;
   workingDirectory: string;
+  disableExecutableConfigs: boolean;
 };
 
 export {};

package/src/config/rootConfig/loadRootConfig.mjs

@@ -5,13 +5,14 @@ import {
   ROOT_CONFIG_PACKAGE_JSON_KEY,
 } from "../../8529.mjs";
 
-const loadRootConfig = (rootDirectory) => {
+const loadRootConfig = (rootDirectory, loadOptions = {}) => {
   const config = loadConfig(
     "root",
     rootDirectory,
     ROOT_CONFIG_FILE_NAME,
     ROOT_CONFIG_PACKAGE_JSON_KEY,
     (content) => resolveRootConfig(content),
+    loadOptions,
   );
   return config ?? createDefaultRootConfig();
 };

package/src/config/rootConfig/rootConfig.mjs

@@ -1,5 +1,5 @@
 import { resolveDefaultAffectedBaseRef } from "../../affected/affectedBaseRef.mjs";
-import validateRootConfig from "../../internal/generated/ajv/validateRootConfig.mjs";
+import { validate } from "../../internal/generated/ajv/validateRootConfig.mjs";
 import {
   determineParallelMax,
   resolveScriptShell,
@@ -9,16 +9,16 @@ import { executeValidator } from "../util/validateConfig.mjs";
 import { validateWorkspaceConfig } from "../workspaceConfig/workspaceConfig.mjs";
 import { ROOT_CONFIG_ERRORS } from "./errors.mjs";
 
-const rootConfig_validateRootConfig = (config) =>
+const validateRootConfig = (config) =>
   executeValidator(
-    validateRootConfig,
+    validate,
     "RootConfig",
     config,
     ROOT_CONFIG_ERRORS.InvalidRootConfig,
   );
 const createDefaultRootConfig = () => resolveRootConfig({});
 const resolveRootConfig = (config) => {
-  rootConfig_validateRootConfig(config);
+  validateRootConfig(config);
   for (const entry of config.workspacePatternConfigs ?? []) {
     if (typeof entry.config !== "function") {
       validateWorkspaceConfig(entry.config);
@@ -42,8 +42,4 @@ const resolveRootConfig = (config) => {
   };
 };
 
-export {
-  createDefaultRootConfig,
-  resolveRootConfig,
-  rootConfig_validateRootConfig as validateRootConfig,
-};
+export { createDefaultRootConfig, resolveRootConfig, validateRootConfig };

package/src/config/userEnvVars/userEnvVars.mjs

@@ -1,5 +1,16 @@
 import { USER_ENV_VARS } from "../../5166.mjs";
 
 const getUserEnvVar = (key) => process.env[USER_ENV_VARS[key]];
+/**
+ * Parse a user env var into a strict boolean tri-state. Returns `true` for
+ * "true", `false` for "false", and `undefined` for any other value (including
+ * unset) — so callers can distinguish "user explicitly set false" from
+ * "user did not set anything."
+ */ const getUserBoolEnvVar = (key) => {
+  const value = getUserEnvVar(key);
+  if (value === "true") return true;
+  if (value === "false") return false;
+  return undefined;
+};
 
-export { getUserEnvVar };
+export { getUserBoolEnvVar, getUserEnvVar };

package/src/config/util/loadConfig.mjs

@@ -111,9 +111,23 @@ const LOCATION_FINDERS = {
     return null;
   },
 };
-const getConfigLocation = (name, directory, fileName, packageJsonKey) => {
+const isExecutableLocationType = (locationType) =>
+  locationType === "tsFile" || locationType === "jsFile";
+const getConfigLocation = (
+  name,
+  directory,
+  fileName,
+  packageJsonKey,
+  loadOptions = {},
+) => {
   const locations = [];
   for (const locationType of CONFIG_LOCATION_TYPES) {
+    if (
+      loadOptions.disableExecutableConfigs &&
+      isExecutableLocationType(locationType)
+    ) {
+      continue;
+    }
     const location = LOCATION_FINDERS[locationType](
       directory,
       fileName,
@@ -136,8 +150,15 @@ const loadConfig = (
   fileName,
   packageJsonKey,
   processContent,
+  loadOptions = {},
 ) => {
-  const location = getConfigLocation(name, directory, fileName, packageJsonKey);
+  const location = getConfigLocation(
+    name,
+    directory,
+    fileName,
+    packageJsonKey,
+    loadOptions,
+  );
   if (!location) {
     return null;
   }