i-repo 2.3.0 → 2.4.0

package/dist/commands/auth.js

@@ -6,19 +6,24 @@
 import { Command } from "commander";
 import { input, password as passwordPrompt, select, confirm } from "@inquirer/prompts";
 import { IReporterClient } from "../sdk/index.js";
-import { getConfig, getConfigWithSource, setConfig, deleteConfig, } from "../config/store.js";
-import { getUserConfigPath, getProjectConfigPath, getLocalConfigPath, getConfigPath, findProjectRoot, } from "../config/scoped-store.js";
+import { getConfig, getConfigWithSource, clearStoredCredentials, } from "../config/store.js";
+import { getUserConfigPath, getProjectConfigPath, getLocalConfigPath, findProjectRoot, } from "../config/scoped-store.js";
+import { assertEndpointAllowed, persistCredentials } from "../config/client.js";
 import { logHttp } from "../core/logger.js";
 import { printSuccess, printError, printWarning, printInfo, printDetails, printInteractionHint, withSpinner, t, } from "../ui/index.js";
 import { t as tr } from "../i18n/index.js";
 function saveCredentials(endpoint, user, password, scope, savePassword) {
-    setConfig("endpoint", endpoint, scope);
-    setConfig("user", user, scope);
-    if (savePassword) {
-        setConfig("password", password, scope);
-    }
-    const savedPath = getConfigPath(scope);
+    const { savedPath, redirectedToUser, userPath } = persistCredentials({
+        endpoint,
+        user,
+        password,
+        scope,
+        savePassword,
+    });
     printInfo(tr("auth.savedTo", { path: savedPath }));
+    if (redirectedToUser) {
+        printInfo(tr("auth.userOnlyRedirected", { path: userPath }));
+    }
     if (!savePassword) {
         printInfo(tr("auth.passwordNotStored"));
     }
@@ -47,7 +52,15 @@ authCommand
         if (!endpoint) {
             endpoint = await input({
                 message: tr("auth.endpoint"),
-                validate: (v) => v.startsWith("http") || tr("auth.validUrl"),
+                validate: (v) => {
+                    try {
+                        const u = new URL(v);
+                        return u.protocol === "https:" || u.protocol === "http:" || tr("auth.validUrl");
+                    }
+                    catch {
+                        return tr("auth.validUrl");
+                    }
+                },
             });
         }
         if (!user) {
@@ -63,6 +76,8 @@ authCommand
                 validate: (v) => v.length > 0 || tr("auth.passwordRequired"),
             });
         }
+        // Block plain-http / non-https endpoints before sending credentials.
+        assertEndpointAllowed(endpoint);
         // Authenticate via login() and verify with a lightweight API call
         await withSpinner("authenticating", async () => {
             const client = new IReporterClient({
@@ -124,7 +139,9 @@ authCommand
     .description("Clear stored credentials")
     .action(() => {
     try {
-        deleteConfig("user");
+        // Remove BOTH user and password from every scope (shared with the Ink
+        // logout executor so the two surfaces never diverge).
+        clearStoredCredentials();
         printSuccess(tr("auth.logoutSuccess"));
     }
     catch (error) {

package/dist/commands/config.js

@@ -6,7 +6,7 @@
 import { Command } from "commander";
 import { getConfigWithSource, setConfig, resetConfig, validKeys, isValidKey, } from "../config/store.js";
 import { parseDisabledCommands, isConfigPath } from "../config/command-gate.js";
-import { getAllConfigPaths, } from "../config/scoped-store.js";
+import { getAllConfigPaths, USER_ONLY_KEYS, } from "../config/scoped-store.js";
 import { setLocale, t as tr } from "../i18n/index.js";
 import { printSuccess, printError, printWarning, printDetails, printInfo, out, t, } from "../ui/index.js";
 const validScopes = ["user", "project", "local"];
@@ -82,6 +82,11 @@ configCommand
         if (key === "password") {
             printWarning(tr("config.passwordWarning"));
         }
+        // A user-only key written to project/local is silently ignored at
+        // runtime (see USER_ONLY_KEYS) — warn so the value isn't trusted to apply.
+        if (USER_ONLY_KEYS.has(key) && opts.scope !== "user") {
+            printWarning(tr("config.userOnlyScopeWarning", { key, scope: opts.scope }));
+        }
         const coerced = coerceValue(key, value);
         if (coerced === null) {
             process.exitCode = 1;

package/dist/config/client.d.ts

@@ -13,11 +13,64 @@
  *   6. TTY prompt:     interactive password input (if terminal is attached)
  */
 import { IReporterClient } from "../sdk/index.js";
+import type { ConfigScope } from "./scoped-store.js";
 export interface CreateClientOptions {
     endpoint?: string;
     user?: string;
     password?: string;
 }
+/** Env var that opts in to plain-http on ANY host (including public ones). */
+export declare const INSECURE_ENV = "IREPO_ALLOW_INSECURE";
+/** Whether the user has explicitly opted in to insecure (plain http) endpoints. */
+export declare function isInsecureAllowed(): boolean;
+/**
+ * Whether a host is on the local machine or a private/internal network, where
+ * plain http is the common (and far lower risk) reality for on-prem i-Reporter
+ * servers. Covers loopback, RFC1918 private IPv4, link-local, IPv6
+ * loopback/unique-local/link-local, *.local (mDNS), *.localhost, and bare
+ * single-label intranet hostnames (which can't be reached from the public
+ * internet without a search domain).
+ */
+export declare function isPrivateOrLocalHost(hostname: string): boolean;
+/**
+ * Validate that an endpoint is safe to send credentials to.
+ *
+ * Plain http sends the Login user/password and the session cookie in clear
+ * text, readable by any passive eavesdropper on the path. Policy:
+ *   - https            → always allowed.
+ *   - http to a local/private host (loopback, RFC1918, *.local, intranet name)
+ *                      → allowed with a warning. On-prem i-Reporter servers
+ *                        commonly run plain http on the internal LAN.
+ *   - http to a public host → rejected, unless IREPO_ALLOW_INSECURE=1 (warned).
+ *   - any other scheme (file:, data:, ...) → always rejected.
+ * Throws ConfigError so the failure is classified (config-error exit code).
+ */
+export declare function assertEndpointAllowed(endpoint: string): void;
+export interface PersistCredentialsResult {
+    /** Path of the requested scope, where the shareable `user` was written. */
+    savedPath: string | undefined;
+    /** endpoint/password were forced to the user scope (requested scope ≠ user). */
+    redirectedToUser: boolean;
+    /** The user-scope config path (where endpoint/password actually live). */
+    userPath: string;
+}
+/**
+ * Persist login credentials, honoring USER_ONLY_KEYS. `endpoint` and `password`
+ * only take effect from the user scope at runtime, so they are ALWAYS written
+ * there — writing them to project/local would create config that silently does
+ * nothing, and a project-scoped password would risk a plaintext VCS leak. Only
+ * the shareable, non-sensitive `user` goes to the requested scope.
+ *
+ * Shared by the CLI `auth login` and the Ink AuthLoginScreen so both surfaces
+ * apply the same trust policy.
+ */
+export declare function persistCredentials(args: {
+    endpoint: string;
+    user: string;
+    password: string;
+    scope: ConfigScope;
+    savePassword: boolean;
+}): PersistCredentialsResult;
 /**
  * Create an IReporterClient, resolving credentials from
  * CLI flags -> environment variables -> config store (scoped) -> interactive prompt.

package/dist/config/client.js

@@ -16,7 +16,120 @@ import { IReporterClient } from "../sdk/index.js";
 import { password as passwordPrompt } from "@inquirer/prompts";
 import { logHttp } from "../core/logger.js";
 import { ConfigError } from "../core/errors.js";
-import { getConfig } from "./store.js";
+import { getConfig, setConfig } from "./store.js";
+import { getConfigPath, getUserConfigPath } from "./scoped-store.js";
+/** Env var that opts in to plain-http on ANY host (including public ones). */
+export const INSECURE_ENV = "IREPO_ALLOW_INSECURE";
+/** Whether the user has explicitly opted in to insecure (plain http) endpoints. */
+export function isInsecureAllowed() {
+    const v = process.env[INSECURE_ENV];
+    return v === "1" || v?.toLowerCase() === "true";
+}
+/**
+ * Whether a host is on the local machine or a private/internal network, where
+ * plain http is the common (and far lower risk) reality for on-prem i-Reporter
+ * servers. Covers loopback, RFC1918 private IPv4, link-local, IPv6
+ * loopback/unique-local/link-local, *.local (mDNS), *.localhost, and bare
+ * single-label intranet hostnames (which can't be reached from the public
+ * internet without a search domain).
+ */
+export function isPrivateOrLocalHost(hostname) {
+    const h = hostname.toLowerCase().replace(/^\[|\]$/g, ""); // strip IPv6 [] brackets
+    if (h === "localhost" || h.endsWith(".localhost"))
+        return true;
+    if (h.endsWith(".local"))
+        return true;
+    // bare single-label hostname (no dots) — an intranet name, not a public FQDN
+    if (!h.includes(".") && !h.includes(":"))
+        return true;
+    if (h === "::1")
+        return true; // IPv6 loopback
+    if (/^f[cd][0-9a-f]{2}:/.test(h))
+        return true; // IPv6 unique-local fc00::/7
+    if (h.startsWith("fe80:"))
+        return true; // IPv6 link-local
+    const m = h.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (m) {
+        const a = Number(m[1]);
+        const b = Number(m[2]);
+        if (a === 127)
+            return true; // loopback 127/8
+        if (a === 10)
+            return true; // 10/8
+        if (a === 192 && b === 168)
+            return true; // 192.168/16
+        if (a === 172 && b >= 16 && b <= 31)
+            return true; // 172.16/12
+        if (a === 169 && b === 254)
+            return true; // link-local 169.254/16
+    }
+    return false;
+}
+/**
+ * Validate that an endpoint is safe to send credentials to.
+ *
+ * Plain http sends the Login user/password and the session cookie in clear
+ * text, readable by any passive eavesdropper on the path. Policy:
+ *   - https            → always allowed.
+ *   - http to a local/private host (loopback, RFC1918, *.local, intranet name)
+ *                      → allowed with a warning. On-prem i-Reporter servers
+ *                        commonly run plain http on the internal LAN.
+ *   - http to a public host → rejected, unless IREPO_ALLOW_INSECURE=1 (warned).
+ *   - any other scheme (file:, data:, ...) → always rejected.
+ * Throws ConfigError so the failure is classified (config-error exit code).
+ */
+export function assertEndpointAllowed(endpoint) {
+    let url;
+    try {
+        url = new URL(endpoint);
+    }
+    catch {
+        throw new ConfigError(`Invalid API endpoint URL: ${endpoint}\n` +
+            "  Expected an absolute URL, e.g. https://host/ConMasAPI/Rests/APIExecute.aspx");
+    }
+    if (url.protocol === "https:")
+        return;
+    if (url.protocol === "http:") {
+        if (isPrivateOrLocalHost(url.hostname)) {
+            process.stderr.write(`Warning: using plain HTTP to ${url.origin} — credentials are not encrypted. ` +
+                "Acceptable on a trusted local/private network; prefer https where available.\n");
+            return;
+        }
+        if (isInsecureAllowed()) {
+            process.stderr.write(`Warning: sending credentials over plain HTTP to the public host ${url.origin} ` +
+                `(${INSECURE_ENV} is set). Traffic can be intercepted on the network.\n`);
+            return;
+        }
+        throw new ConfigError(`Refusing to send credentials over plain http to a public host: ${endpoint}\n` +
+            "  They would be transmitted in clear text and can be intercepted.\n" +
+            "  Use an https:// endpoint. Local/private hosts (localhost, 10.x, 192.168.x, *.local)\n" +
+            `  are allowed over http; for a public http host set ${INSECURE_ENV}=1 to override (not recommended).`);
+    }
+    throw new ConfigError(`Unsupported endpoint scheme "${url.protocol}": ${endpoint}\n` +
+        `  Only https:// (or http:// to a local/private host) is allowed.`);
+}
+/**
+ * Persist login credentials, honoring USER_ONLY_KEYS. `endpoint` and `password`
+ * only take effect from the user scope at runtime, so they are ALWAYS written
+ * there — writing them to project/local would create config that silently does
+ * nothing, and a project-scoped password would risk a plaintext VCS leak. Only
+ * the shareable, non-sensitive `user` goes to the requested scope.
+ *
+ * Shared by the CLI `auth login` and the Ink AuthLoginScreen so both surfaces
+ * apply the same trust policy.
+ */
+export function persistCredentials(args) {
+    setConfig("user", args.user, args.scope);
+    setConfig("endpoint", args.endpoint, "user");
+    if (args.savePassword) {
+        setConfig("password", args.password, "user");
+    }
+    return {
+        savedPath: getConfigPath(args.scope),
+        redirectedToUser: args.scope !== "user",
+        userPath: getUserConfigPath(),
+    };
+}
 // In-memory password cache for the CLI session lifetime.
 let cachedPassword;
 /**
@@ -34,6 +147,8 @@ export async function createClient(opts = {}) {
             '  Run "i-repo config set endpoint <url>"\n' +
             "  or set IREPO_ENDPOINT environment variable.");
     }
+    // Block plain-http / non-https endpoints before any credential is sent.
+    assertEndpointAllowed(endpoint);
     if (!user) {
         throw new ConfigError("User is not configured.\n" +
             '  Run "i-repo config set user <name>"\n' +

package/dist/config/scoped-store.d.ts

@@ -5,6 +5,18 @@ export interface ConfigWithSource<K extends keyof IRepoConfig = keyof IRepoConfi
     source: ConfigScope | undefined;
     path: string | undefined;
 }
+/**
+ * Keys that route credentials or relax safety gates. These are read ONLY from
+ * the user scope (plus env vars / CLI flags handled at call sites). A
+ * checked-out repository's project/local config must NOT be able to silently:
+ *   - redirect credentials to another endpoint (`endpoint`)
+ *   - ship a shared plaintext password (`password`)
+ *   - forward extra parent-env vars to plugin processes (`pluginPassEnv`)
+ *   - loosen the destructive-delete gate (`allowDelete`)
+ * `disabledCommands` is intentionally NOT here: it can only ADD restrictions
+ * (never loosen), and team-shared command hiding is a legitimate use.
+ */
+export declare const USER_ONLY_KEYS: ReadonlySet<keyof IRepoConfig>;
 /** ~/.i-repo/i-repo.json */
 export declare function getUserConfigPath(): string;
 /** ~/.i-repo/ */
@@ -34,6 +46,8 @@ export declare function writeScopedConfig(scope: ConfigScope, data: Partial<IRep
  * Priority: local > project > user
  */
 export declare function getMergedConfig(): Partial<IRepoConfig>;
+/** Test seam: reset the per-process shadow-warning memo. */
+export declare function __resetUserOnlyShadowMemo(): void;
 /**
  * Get a config value with source information.
  * Checks scopes from highest to lowest priority.

package/dist/config/scoped-store.js

@@ -11,6 +11,23 @@
 import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, renameSync, unlinkSync } from "node:fs";
 import { join, dirname, resolve } from "node:path";
 import { homedir } from "node:os";
+/**
+ * Keys that route credentials or relax safety gates. These are read ONLY from
+ * the user scope (plus env vars / CLI flags handled at call sites). A
+ * checked-out repository's project/local config must NOT be able to silently:
+ *   - redirect credentials to another endpoint (`endpoint`)
+ *   - ship a shared plaintext password (`password`)
+ *   - forward extra parent-env vars to plugin processes (`pluginPassEnv`)
+ *   - loosen the destructive-delete gate (`allowDelete`)
+ * `disabledCommands` is intentionally NOT here: it can only ADD restrictions
+ * (never loosen), and team-shared command hiding is a legitimate use.
+ */
+export const USER_ONLY_KEYS = new Set([
+    "endpoint",
+    "password",
+    "pluginPassEnv",
+    "allowDelete",
+]);
 // ── Paths ────────────────────────────────────────────────────
 const CONFIG_DIR_NAME = ".i-repo";
 const CONFIG_FILE_NAME = "i-repo.json";
@@ -191,13 +208,60 @@ export function getMergedConfig() {
     const user = readScopedConfig("user");
     const project = readScopedConfig("project");
     const local = readScopedConfig("local");
-    return { ...user, ...project, ...local };
+    const merged = { ...user, ...project, ...local };
+    // user-only keys: the effective value is the user-scope value alone, so the
+    // merged view (config list) reflects what actually takes effect at runtime.
+    for (const key of USER_ONLY_KEYS) {
+        if (key in user && user[key] !== undefined) {
+            merged[key] = user[key];
+        }
+        else {
+            delete merged[key];
+        }
+    }
+    return merged;
+}
+// A user-only key shadowed by project/local is reported once per key per
+// process (getConfigWithSource is called many times per command).
+const userOnlyShadowChecked = new Set();
+/** Resolve a user-only key from the user scope alone, warning if a lower-trust
+ *  scope tried (and failed) to set it. */
+function getUserScopeOnly(key) {
+    if (!userOnlyShadowChecked.has(key)) {
+        userOnlyShadowChecked.add(key);
+        for (const scope of ["project", "local"]) {
+            const p = getConfigPath(scope);
+            if (!p)
+                continue;
+            const c = readJsonFile(p);
+            if (key in c && c[key] !== undefined) {
+                console.error(`Warning: ignoring "${key}" from ${scope} config (${p}) — for security this ` +
+                    `key is only honored from your user config. A checked-out repository must not ` +
+                    `redirect credentials or relax safety gates. ` +
+                    `Set it with: i-repo config set ${key} <value> --scope user`);
+            }
+        }
+    }
+    const userPath = getUserConfigPath();
+    const user = readJsonFile(userPath);
+    if (key in user && user[key] !== undefined) {
+        return { value: user[key], source: "user", path: userPath };
+    }
+    return { value: undefined, source: undefined, path: undefined };
+}
+/** Test seam: reset the per-process shadow-warning memo. */
+export function __resetUserOnlyShadowMemo() {
+    userOnlyShadowChecked.clear();
 }
 /**
  * Get a config value with source information.
  * Checks scopes from highest to lowest priority.
  */
 export function getConfigWithSource(key) {
+    // Credential-routing / safety-gate keys: user scope only (ignore project/local).
+    if (USER_ONLY_KEYS.has(key)) {
+        return getUserScopeOnly(key);
+    }
     // Check local first (highest priority)
     const localPath = getLocalConfigPath();
     if (localPath) {

package/dist/config/store.d.ts

@@ -31,6 +31,13 @@ export declare function getConfigWithSource<K extends keyof IRepoConfig>(key: K)
 export declare function setConfig<K extends keyof IRepoConfig>(key: K, value: IRepoConfig[K], scope?: ConfigScope): void;
 export declare function deleteConfig<K extends keyof IRepoConfig>(key: K, scope?: ConfigScope): void;
 export declare function resetConfig(scope?: ConfigScope): void;
+/**
+ * Clear stored credentials (user AND password) from every scope that has a
+ * config file. Shared by the CLI `auth logout` and the Ink logout executor so
+ * both surfaces behave identically — leaving the password behind while
+ * reporting a successful logout is misleading and a credential-removal gap.
+ */
+export declare function clearStoredCredentials(): void;
 export declare function getAllConfig(): Partial<IRepoConfig>;
 export declare const validKeys: (keyof IRepoConfig)[];
 export declare function isValidKey(key: string): key is keyof IRepoConfig;

package/dist/config/store.js

@@ -6,7 +6,8 @@
  *   < Project (<repo>/.i-repo/i-repo.json)
  *   < Local (<repo>/.i-repo/i-repo.local.json)
  */
-import { getMergedConfig, getConfigWithSource as scopedGetConfigWithSource, setScopedConfig, deleteScopedConfig, resetScopedConfig, } from "./scoped-store.js";
+import { existsSync } from "node:fs";
+import { getMergedConfig, getConfigWithSource as scopedGetConfigWithSource, setScopedConfig, deleteScopedConfig, resetScopedConfig, getAllConfigPaths, } from "./scoped-store.js";
 export function getConfig(key) {
     return scopedGetConfigWithSource(key).value;
 }
@@ -22,6 +23,20 @@ export function deleteConfig(key, scope = "user") {
 export function resetConfig(scope = "user") {
     resetScopedConfig(scope);
 }
+/**
+ * Clear stored credentials (user AND password) from every scope that has a
+ * config file. Shared by the CLI `auth logout` and the Ink logout executor so
+ * both surfaces behave identically — leaving the password behind while
+ * reporting a successful logout is misleading and a credential-removal gap.
+ */
+export function clearStoredCredentials() {
+    for (const { scope, path } of getAllConfigPaths()) {
+        if (!path || !existsSync(path))
+            continue;
+        deleteScopedConfig("user", scope);
+        deleteScopedConfig("password", scope);
+    }
+}
 export function getAllConfig() {
     return getMergedConfig();
 }

package/dist/core/logger.js

@@ -10,6 +10,7 @@
 import { appendFileSync, chmodSync, mkdirSync, existsSync, readdirSync, unlinkSync } from "node:fs";
 import { join } from "node:path";
 import { getUserConfigDir } from "../config/scoped-store.js";
+import { sanitizeForLog } from "../ui/width.js";
 const LOG_DIR_NAME = "logs";
 const MAX_LOG_FILES = 7;
 /** Get the log directory path: ~/.i-repo/logs/ */
@@ -63,7 +64,11 @@ function appendLines(lines) {
     try {
         ensureLogDir();
         const logPath = getLogFilePath();
-        appendFileSync(logPath, lines.join("\n") + "\n", {
+        // Neutralize terminal escapes centrally so EVERY entry type (HTTP/ERROR/…),
+        // including server-derived messages/remarks/statusText/stacks, is inert when
+        // the log is viewed later. Keeps \n/\t so the log stays readable.
+        const safeLines = lines.map((line) => sanitizeForLog(line));
+        appendFileSync(logPath, safeLines.join("\n") + "\n", {
             encoding: "utf-8",
             mode: 0o600,
         });

package/dist/i18n/locales/en.js

@@ -54,7 +54,10 @@ export const en = {
         passwordRequired: "Password is required",
         authenticatedSuccessfully: "Authenticated successfully",
         authenticationFailed: "Authentication failed",
-        logoutSuccess: "Logged out successfully. Stored user cleared.",
+        logoutSuccess: "Logged out successfully. Stored user and password cleared.",
+        userOnlyRedirected: "Note: endpoint and password were saved to your user config ({path}).\n" +
+            "  For security they only take effect from the user scope (a checked-out\n" +
+            "  repository must not redirect credentials), so they are not written to project/local.",
         statusTitle: "Connection Info",
         notConfigured: 'Not configured. Run "i-repo auth login" to get started.',
         notConfiguredInk: "Not configured. Run auth login to get started.",
@@ -159,6 +162,8 @@ export const en = {
         invalidFormat: "Invalid format. Must be one of: table, json, csv, ndjson",
         invalidTimeout: "Invalid timeout. Must be a positive number (seconds).",
         invalidBoolean: "Invalid value for {key}. Must be true or false.",
+        userOnlyScopeWarning: '"{key}" is only read from the user scope for security; a value in {scope} ' +
+            "scope is ignored at runtime. Use --scope user to make it take effect.",
         keyNotSet: "{key} is not set",
         configTitle: "Configuration",
         resetSuccess: "Configuration reset to defaults [{scope}]",

package/dist/i18n/locales/ja.js

@@ -54,7 +54,10 @@ export const ja = {
         passwordRequired: "パスワードは必須です",
         authenticatedSuccessfully: "認証に成功しました",
         authenticationFailed: "認証に失敗しました",
-        logoutSuccess: "ログアウトしました。保存されたユーザー情報をクリアしました。",
+        logoutSuccess: "ログアウトしました。保存されたユーザー情報とパスワードをクリアしました。",
+        userOnlyRedirected: "注意: エンドポイントとパスワードは user 設定 ({path}) に保存しました。\n" +
+            "  セキュリティ上これらは user スコープからのみ有効なため (clone したリポジトリが\n" +
+            "  認証情報をすり替えられないように)、project/local には書き込みません。",
         statusTitle: "接続情報",
         notConfigured: '未設定です。"i-repo auth login" を実行して開始してください。',
         notConfiguredInk: "未設定です。auth login を実行して開始してください。",
@@ -159,6 +162,8 @@ export const ja = {
         invalidFormat: "無効な形式です。table, json, csv, ndjson のいずれかを指定してください",
         invalidTimeout: "無効なタイムアウト値です。正の数を指定してください（秒）。",
         invalidBoolean: "{key} の値が無効です。true または false を指定してください。",
+        userOnlyScopeWarning: "セキュリティ上「{key}」は user スコープからのみ読み込まれます。{scope} スコープの値は" +
+            "実行時に無視されます。有効にするには --scope user を使用してください。",
         keyNotSet: "{key} は未設定です",
         configTitle: "設定",
         resetSuccess: "設定をデフォルトにリセットしました [{scope}]",

package/dist/i18n/types.d.ts

@@ -61,6 +61,7 @@ export interface LocaleMessages {
         authenticatedSuccessfully: string;
         authenticationFailed: string;
         logoutSuccess: string;
+        userOnlyRedirected: string;
         statusTitle: string;
         notConfigured: string;
         notConfiguredInk: string;
@@ -161,6 +162,7 @@ export interface LocaleMessages {
         invalidFormat: string;
         invalidTimeout: string;
         invalidBoolean: string;
+        userOnlyScopeWarning: string;
         keyNotSet: string;
         configTitle: string;
         resetSuccess: string;

package/dist/ink/components/DetailView.js

@@ -2,6 +2,7 @@ import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
 import { Box, Text } from "ink";
 import { colors } from "../theme.js";
 import { t as tr } from "../../i18n/index.js";
+import { sanitizeForDisplay } from "../../ui/width.js";
 export function DetailView({ data, title }) {
     const entries = Object.entries(data);
     const maxKeyLen = Math.max(...entries.map(([k]) => k.length), 0);
@@ -10,13 +11,14 @@ export function DetailView({ data, title }) {
                 const dots = dotLeaderLen - key.length;
                 const leader = dots > 2 ? " " + "\u00B7".repeat(dots - 1) + " " : "  ";
                 const isNil = value === null || value === undefined;
-                return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: colors.text, children: key }), _jsx(Text, { color: colors.border, children: leader }), isNil ? (_jsx(Text, { dimColor: true, children: tr("common.none") })) : (_jsx(Text, { color: colors.text, children: formatValue(value) }))] }, key));
+                return (_jsxs(Box, { children: [_jsx(Text, { bold: true, color: colors.text, children: sanitizeForDisplay(key) }), _jsx(Text, { color: colors.border, children: leader }), isNil ? (_jsx(Text, { dimColor: true, children: tr("common.none") })) : (_jsx(Text, { color: colors.text, children: formatValue(value) }))] }, key));
             })] }));
 }
 function formatValue(value) {
     if (value === null || value === undefined)
         return "(none)";
-    if (typeof value === "object")
-        return JSON.stringify(value);
-    return String(value);
+    const s = typeof value === "object" ? JSON.stringify(value) : String(value);
+    // Server-derived values may carry terminal escapes (title rewrite, screen
+    // clear); neutralize before rendering to the interactive TTY.
+    return sanitizeForDisplay(s);
 }

package/dist/ink/components/ErrorView.js

@@ -2,6 +2,7 @@ import { jsxs as _jsxs, jsx as _jsx } from "react/jsx-runtime";
 import { Box, Text } from "ink";
 import { colors, icons } from "../theme.js";
 import { t as tr } from "../../i18n/index.js";
+import { sanitizeForDisplay } from "../../ui/width.js";
 export function ErrorView({ message }) {
-    return (_jsxs(Box, { flexDirection: "column", marginY: 1, borderStyle: "round", borderColor: colors.error, paddingX: 2, paddingY: 1, children: [_jsx(Box, { marginBottom: 1, children: _jsxs(Text, { inverse: true, color: colors.error, bold: true, children: [" ", icons.error, " ", tr("errors.label"), " "] }) }), _jsx(Box, { marginLeft: 1, children: _jsx(Text, { color: colors.error, children: message }) })] }));
+    return (_jsxs(Box, { flexDirection: "column", marginY: 1, borderStyle: "round", borderColor: colors.error, paddingX: 2, paddingY: 1, children: [_jsx(Box, { marginBottom: 1, children: _jsxs(Text, { inverse: true, color: colors.error, bold: true, children: [" ", icons.error, " ", tr("errors.label"), " "] }) }), _jsx(Box, { marginLeft: 1, children: _jsx(Text, { color: colors.error, children: sanitizeForDisplay(message) }) })] }));
 }

package/dist/ink/components/TableView.js

@@ -3,7 +3,7 @@ import { Box, Text, useInput } from "ink";
 import { Fragment, useMemo, useState } from "react";
 import { boxChars, colors, icons } from "../theme.js";
 import { t as tr } from "../../i18n/index.js";
-import { displayWidth, truncateToWidth } from "../../ui/width.js";
+import { displayWidth, truncateToWidth, sanitizeForDisplay } from "../../ui/width.js";
 import { decodeRawNav } from "../keymap.js";
 /** 1 ページあたりの行数 (ActionBar のページ送りヒント表示判定にも使う) */
 export const TABLE_PAGE_SIZE = 20;
@@ -33,10 +33,10 @@ export function TableView({ data, columns }) {
     // Column widths by visual width (CJK-aware), cap to avoid overflow
     const widths = useMemo(() => cols.map((col) => {
         const maxData = data.reduce((max, row) => {
-            const w = displayWidth(String(row[col] ?? ""));
+            const w = displayWidth(sanitizeForDisplay(String(row[col] ?? "")));
             return w > max ? w : max;
         }, 0);
-        const headerW = displayWidth(col);
+        const headerW = displayWidth(sanitizeForDisplay(col));
         const natural = Math.min(Math.max(headerW, maxData) + 2, MAX_COL_WIDTH);
         return Math.max(natural, MIN_COL_WIDTHS[col] ?? 0);
     }), [cols, data]);
@@ -45,13 +45,13 @@ export function TableView({ data, columns }) {
         const v = boxChars.vertical;
         const sep = boxChars.leftMid +
             widths.map((w, i) => boxChars.horizontal.repeat(w) + (i < widths.length - 1 ? boxChars.midMid : boxChars.rightMid)).join("");
-        const headerCells = cols.map((col, i) => padToVisualWidth(" " + col, widths[i]));
+        const headerCells = cols.map((col, i) => padToVisualWidth(" " + sanitizeForDisplay(col), widths[i]));
         const lines = [];
         lines.push(v + headerCells.join(v) + v);
         lines.push(sep);
         for (const row of pageData) {
             const cells = cols.map((col, i) => {
-                const raw = truncateToWidth(String(row[col] ?? "─"), widths[i] - 2);
+                const raw = truncateToWidth(sanitizeForDisplay(String(row[col] ?? "─")), widths[i] - 2);
                 return padToVisualWidth(" " + raw + " ", widths[i]);
             });
             lines.push(v + cells.join(v) + v);

package/dist/ink/registry/executors.js

@@ -8,9 +8,9 @@ import { readFile } from "node:fs/promises";
 import { basename } from "node:path";
 import { PublicStatus } from "../../sdk/index.js";
 import { saveBinaryDownload, inferFilename, isTextContent } from "../../utils/file.js";
-import { getConfig, getConfigWithSource, setConfig, deleteConfig, resetConfig, isValidKey, validKeys, } from "../../config/store.js";
+import { getConfig, getConfigWithSource, setConfig, clearStoredCredentials, resetConfig, isValidKey, validKeys, } from "../../config/store.js";
 import { parseDisabledCommands, isConfigPath } from "../../config/command-gate.js";
-import { getUserConfigPath, getProjectConfigPath, getLocalConfigPath, } from "../../config/scoped-store.js";
+import { getUserConfigPath, getProjectConfigPath, getLocalConfigPath, USER_ONLY_KEYS, } from "../../config/scoped-store.js";
 import { t as tr, setLocale } from "../../i18n/index.js";
 import { assertNumericId } from "../../core/errors.js";
 import { escapeCsv } from "../../ui/formatters/csv.js";
@@ -104,7 +104,7 @@ const authLogin = async () => {
     return { type: "message", text: tr("executors.useAuthLoginScreen") };
 };
 const authLogout = async () => {
-    deleteConfig("user");
+    clearStoredCredentials();
     return { type: "message", text: tr("auth.logoutSuccess") };
 };
 const authStatus = async () => {
@@ -144,18 +144,23 @@ const configSet = async (p) => {
         return { type: "error", message: tr("config.invalidFormat") };
     if (key === "language" && !["en", "ja"].includes(value))
         return { type: "error", message: tr("config.invalidLanguage") };
+    // user-only keys set to project/local are ignored at runtime — warn, like the
+    // CLI config setter, so the TUI doesn't report unusable config as applied.
+    const userOnlyNote = USER_ONLY_KEYS.has(key) && scope !== "user"
+        ? `${tr("config.userOnlyScopeWarning", { key, scope })}\n`
+        : "";
     if (key === "timeout") {
         const n = Number(value);
         if (isNaN(n) || n <= 0)
             return { type: "error", message: tr("config.invalidTimeout") };
         setConfig(key, n, scope);
-        return { type: "message", text: `${key} = ${value} [${scope}]` };
+        return { type: "message", text: `${userOnlyNote}${key} = ${value} [${scope}]` };
     }
     if (key === "quiet" || key === "allowDelete") {
         if (!["true", "false"].includes(value))
             return { type: "error", message: tr("config.invalidBoolean", { key }) };
         setConfig(key, value === "true", scope);
-        return { type: "message", text: `${key} = ${value} [${scope}]` };
+        return { type: "message", text: `${userOnlyNote}${key} = ${value} [${scope}]` };
     }
     if (key === "disabledCommands") {
         // The config command can never be disabled (lockout prevention),
@@ -165,13 +170,13 @@ const configSet = async (p) => {
         const joined = kept.join(", ");
         setConfig(key, joined, scope);
         const note = kept.length < paths.length ? `${tr("gate.cannotDisableConfig")}\n` : "";
-        return { type: "message", text: `${note}${key} = ${joined} [${scope}]` };
+        return { type: "message", text: `${userOnlyNote}${note}${key} = ${joined} [${scope}]` };
     }
     setConfig(key, value, scope);
     if (key === "language")
         setLocale(value);
     const displayValue = key === "password" ? "****" : value;
-    return { type: "message", text: `${key} = ${displayValue} [${scope}]` };
+    return { type: "message", text: `${userOnlyNote}${key} = ${displayValue} [${scope}]` };
 };
 const configGet = async (p) => {
     const key = p.key;

package/dist/ink/screens/AuthLoginScreen.js

@@ -6,8 +6,9 @@ import { IReporterClient } from "../../sdk/index.js";
 import { Header } from "../components/Layout.js";
 import { SpinnerView } from "../components/SpinnerView.js";
 import { colors, icons } from "../theme.js";
-import { getConfig, setConfig } from "../../config/store.js";
-import { findProjectRoot, getConfigPath, getUserConfigPath, getProjectConfigPath, getLocalConfigPath } from "../../config/scoped-store.js";
+import { getConfig } from "../../config/store.js";
+import { findProjectRoot, getUserConfigPath, getProjectConfigPath, getLocalConfigPath } from "../../config/scoped-store.js";
+import { assertEndpointAllowed, persistCredentials } from "../../config/client.js";
 import { logHttp, logInteractiveCommand } from "../../core/logger.js";
 import { t as tr } from "../../i18n/index.js";
 export function AuthLoginScreen({ onDone, onBack }) {
@@ -17,6 +18,7 @@ export function AuthLoginScreen({ onDone, onBack }) {
     const [passwordValue, setPasswordValue] = useState("");
     const [selectedScope, setSelectedScope] = useState(null);
     const [savedPath, setSavedPath] = useState(null);
+    const [redirectedUserPath, setRedirectedUserPath] = useState(null);
     const [errorMsg, setErrorMsg] = useState("");
     const timerRef = useRef(undefined);
     useEffect(() => {
@@ -49,6 +51,8 @@ export function AuthLoginScreen({ onDone, onBack }) {
         setPasswordValue(pw);
         logInteractiveCommand("auth login", { user });
         try {
+            // Block plain-http to a public host (same HTTPS policy as the CLI path).
+            assertEndpointAllowed(endpoint);
             const client = new IReporterClient({ apiEndpoint: endpoint, onHttp: logHttp });
             await client.login({ user, password: pw });
             await client.systems.getUrlScheme();
@@ -98,16 +102,22 @@ export function AuthLoginScreen({ onDone, onBack }) {
                             { label: `${icons.success} ${tr("common.yes")}`, value: "yes" },
                         ], onChange: (value) => {
                             if (selectedScope) {
-                                setConfig("endpoint", endpoint, selectedScope);
-                                setConfig("user", user, selectedScope);
-                                if (value === "yes") {
-                                    setConfig("password", passwordValue, selectedScope);
-                                }
-                                setSavedPath(getConfigPath(selectedScope) ?? null);
+                                // endpoint/password are user-only keys: persistCredentials
+                                // redirects them to the user scope (only `user` goes to the
+                                // chosen scope), matching the CLI path.
+                                const { savedPath: sp, redirectedToUser, userPath } = persistCredentials({
+                                    endpoint,
+                                    user,
+                                    password: passwordValue,
+                                    scope: selectedScope,
+                                    savePassword: value === "yes",
+                                });
+                                setSavedPath(sp ?? null);
+                                setRedirectedUserPath(redirectedToUser ? userPath : null);
                             }
                             setStep("done");
                             timerRef.current = setTimeout(() => onDone(passwordValue), 1500);
-                        } })] })), step === "done" && (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Text, { color: colors.success, children: [icons.success, " ", tr("auth.authenticatedAs", { user })] }), savedPath && (_jsxs(Text, { color: colors.dim, children: ["  ", tr("auth.savedTo", { path: savedPath })] }))] })), step === "error" && (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Text, { color: colors.error, children: [icons.error, " ", tr("auth.authFailed")] }), _jsx(Box, { marginLeft: 2, children: _jsx(Text, { color: colors.dim, children: errorMsg }) })] })), (step === "endpoint" || step === "user" || step === "password" || step === "error") && (_jsx(Box, { marginTop: 1, children: _jsx(Text, { color: colors.dim, children: step === "endpoint"
+                        } })] })), step === "done" && (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Text, { color: colors.success, children: [icons.success, " ", tr("auth.authenticatedAs", { user })] }), savedPath && (_jsxs(Text, { color: colors.dim, children: ["  ", tr("auth.savedTo", { path: savedPath })] })), redirectedUserPath && (_jsxs(Text, { color: colors.dim, children: ["  ", tr("auth.userOnlyRedirected", { path: redirectedUserPath })] }))] })), step === "error" && (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsxs(Text, { color: colors.error, children: [icons.error, " ", tr("auth.authFailed")] }), _jsx(Box, { marginLeft: 2, children: _jsx(Text, { color: colors.dim, children: errorMsg }) })] })), (step === "endpoint" || step === "user" || step === "password" || step === "error") && (_jsx(Box, { marginTop: 1, children: _jsx(Text, { color: colors.dim, children: step === "endpoint"
                         ? tr("common.escapeToGoBack")
                         : tr("optionForm.navPrev", { arrow: icons.arrow }) }) }))] }));
 }

package/dist/ink/screens/CommandScreen.js

@@ -16,6 +16,7 @@ import { colors, icons } from "../theme.js";
 import { commandGroups } from "../registry/commands.js";
 import { executors } from "../registry/executors.js";
 import { getConfig } from "../../config/store.js";
+import { assertEndpointAllowed } from "../../config/client.js";
 import { uiGateReason } from "../../config/command-gate.js";
 import { logHttp, logInteractiveCommand } from "../../core/logger.js";
 import { t as tr } from "../../i18n/index.js";
@@ -97,6 +98,8 @@ export function CommandScreen({ group, onBack, sessionPassword, onPasswordResolv
                     setPhase({ step: "password-prompt", command: cmd, params });
                     return;
                 }
+                // Block plain-http to a public host (same HTTPS policy as the CLI path).
+                assertEndpointAllowed(endpoint);
                 client = new IReporterClient({
                     apiEndpoint: endpoint,
                     credentials: { user, password: pw },

package/dist/plugins/dispatch.js

@@ -171,10 +171,24 @@ function parsePassEnv(raw) {
         const p = part.trim().toUpperCase();
         if (!p)
             continue;
-        if (p.endsWith("*"))
-            prefixes.push(p.slice(0, -1));
-        else
+        if (p.endsWith("*")) {
+            const pfx = p.slice(0, -1);
+            // A bare "*" (empty prefix) or a 1-char prefix matches almost every
+            // variable name, which silently defeats the allow-list and forwards the
+            // whole parent environment (AWS_SECRET_ACCESS_KEY, DB URLs, ...) to an
+            // arbitrary PATH binary. Require at least 2 chars; drop and warn otherwise.
+            if (pfx.length >= 2) {
+                prefixes.push(pfx);
+            }
+            else {
+                console.error(`Warning: ignoring pluginPassEnv pattern "${part.trim()}" — a wildcard ` +
+                    `prefix shorter than 2 characters is too broad and would forward most ` +
+                    `environment variables to plugins.`);
+            }
+        }
+        else {
             names.add(p);
+        }
     }
     return { names, prefixes };
 }

package/dist/sdk/core/http-client.d.ts

@@ -7,11 +7,21 @@ export declare class HttpClient {
     private readonly urlEncodedTransport;
     private readonly urlEncodedFetchBodyMode;
     private readonly onHttp?;
+    /** Node-like runtime (undici): manual redirects are readable, so the fetch
+     *  path can enforce same-origin. In browsers manual redirects are opaque. */
+    private readonly isNodeRuntime;
     private cookieJar;
     private warmupPromise;
     /** 複数の Set-Cookie ヘッダーを cookieJar に反映する */
     private applySetCookies;
     private applySetCookiesFromIncoming;
+    /**
+     * Reject a redirect target that leaves the originally-configured origin.
+     * `URL.origin` normalizes default ports (https://h:443 -> https://h), so an
+     * explicit-port redirect to the same host still passes; an https->http
+     * downgrade or a different host/port is blocked.
+     */
+    private assertSameOrigin;
     constructor(config: IReporterConfig);
     /**
      * リクエストの所要時間と成否を onHttp に通知しつつ fn を実行する。
@@ -80,6 +90,7 @@ export declare class HttpClient {
     get hasSession(): boolean;
     private createUrlEncodedHeaders;
     private createUrlEncodedRequestBody;
+    private withCookieHeader;
     private sendFetchRequest;
     private readArrayBuffer;
 }

package/dist/sdk/core/http-client.js

@@ -10,6 +10,9 @@ export class HttpClient {
     urlEncodedTransport;
     urlEncodedFetchBodyMode;
     onHttp;
+    /** Node-like runtime (undici): manual redirects are readable, so the fetch
+     *  path can enforce same-origin. In browsers manual redirects are opaque. */
+    isNodeRuntime;
     cookieJar = new Map();
     warmupPromise = null;
     /** 複数の Set-Cookie ヘッダーを cookieJar に反映する */
@@ -32,13 +35,26 @@ export class HttpClient {
         const list = Array.isArray(raw) ? raw : [raw];
         this.applySetCookies(list);
     }
+    /**
+     * Reject a redirect target that leaves the originally-configured origin.
+     * `URL.origin` normalizes default ports (https://h:443 -> https://h), so an
+     * explicit-port redirect to the same host still passes; an https->http
+     * downgrade or a different host/port is blocked.
+     */
+    assertSameOrigin(target) {
+        const base = new URL(this.baseUrl);
+        if (target.origin !== base.origin) {
+            throw new NetworkError(`Refusing to follow cross-origin redirect from ${base.origin} to ${target.origin}: ` +
+                `session cookies and login credentials would be exposed to a different host.`);
+        }
+    }
     constructor(config) {
         this.baseUrl = config.apiEndpoint.replace(/\/$/, "");
         this.timeout = config.timeout ?? 30_000;
         this.userSignal = config.signal;
+        this.isNodeRuntime = typeof process !== "undefined" && process.versions?.node != null;
         this.urlEncodedTransport =
-            config.urlEncodedTransport ??
-                (typeof process !== "undefined" && process.versions?.node != null ? "node" : "fetch");
+            config.urlEncodedTransport ?? (this.isNodeRuntime ? "node" : "fetch");
         this.urlEncodedFetchBodyMode = config.urlEncodedFetchBodyMode ?? "string";
         this.onHttp = config.onHttp;
     }
@@ -238,7 +254,17 @@ export class HttpClient {
             if (loc &&
                 [301, 302, 303, 307, 308].includes(result.statusCode) &&
                 redirectsLeft > 0) {
-                currentUrl = new URL(loc, currentUrl).href;
+                const next = new URL(loc, currentUrl);
+                // Cookies and the (credential-bearing) POST body are re-attached on every
+                // hop in singleNodePost. Unlike fetch's `redirect:"follow"`, which strips
+                // sensitive headers on a cross-origin redirect, this manual loop would
+                // re-send the session cookie and the Login user/password to wherever the
+                // server points. A malicious/compromised server (or MITM) returning
+                // `30x Location: http://attacker/` could harvest them — including an
+                // https->http downgrade. Only follow redirects that stay on the
+                // originally-configured origin.
+                this.assertSameOrigin(next);
+                currentUrl = next.href;
                 redirectsLeft--;
                 continue;
             }
@@ -377,25 +403,77 @@ export class HttpClient {
             ? body
             : body.toString();
     }
-    async sendFetchRequest(body, headers, signal = createRequestSignal(this.timeout, this.userSignal)) {
-        let response;
-        try {
-            response = await globalThis.fetch(this.baseUrl, {
-                method: "POST",
-                headers,
-                body,
-                signal,
-                redirect: "follow",
-            });
+    withCookieHeader(headers) {
+        const out = { ...headers };
+        if (this.cookieJar.size > 0) {
+            out["Cookie"] = Array.from(this.cookieJar.entries())
+                .map(([name, value]) => `${name}=${value}`)
+                .join("; ");
         }
-        catch (err) {
-            throw toNetworkError(err, this.timeout, this.baseUrl);
+        return out;
+    }
+    async sendFetchRequest(body, headers, signal = createRequestSignal(this.timeout, this.userSignal)) {
+        // Browser: redirect: "manual" yields an opaque, unfollowable response (status
+        // 0, no readable Location), so we cannot inspect the target to enforce
+        // same-origin here. Defer to the browser's native redirect handling and its
+        // built-in cross-origin credential protections — a manually-set Cookie is a
+        // forbidden header the browser drops, so session cookies are never replayed
+        // cross-origin. (Cross-origin redirect enforcement on the security-critical
+        // path is handled by the Node transport, which the CLI uses by default.)
+        if (!this.isNodeRuntime) {
+            let response;
+            try {
+                response = await globalThis.fetch(this.baseUrl, {
+                    method: "POST",
+                    headers: this.withCookieHeader(headers),
+                    body,
+                    signal,
+                    redirect: "follow",
+                });
+            }
+            catch (err) {
+                throw toNetworkError(err, this.timeout, this.baseUrl);
+            }
+            this.applySetCookies(response.headers.getSetCookie?.() ?? []);
+            if (!response.ok) {
+                throw new HttpError(response.status, response.statusText);
+            }
+            return response;
         }
-        this.applySetCookies(response.headers.getSetCookie?.() ?? []);
-        if (!response.ok) {
-            throw new HttpError(response.status, response.statusText);
+        // Node (undici): follow redirects MANUALLY so we can enforce the same-origin
+        // check before replaying the request. With redirect: "follow", a cross-origin
+        // 307/308 preserves and re-sends the URL-encoded body — which for Login
+        // carries user/password — to the redirect target. Mirrors nodePostUrlEncoded.
+        let currentUrl = this.baseUrl;
+        let redirectsLeft = 5;
+        while (true) {
+            let response;
+            try {
+                response = await globalThis.fetch(currentUrl, {
+                    method: "POST",
+                    headers: this.withCookieHeader(headers),
+                    body,
+                    signal,
+                    redirect: "manual",
+                });
+            }
+            catch (err) {
+                throw toNetworkError(err, this.timeout, currentUrl);
+            }
+            this.applySetCookies(response.headers.getSetCookie?.() ?? []);
+            const loc = response.headers.get("location");
+            if (loc && [301, 302, 303, 307, 308].includes(response.status) && redirectsLeft > 0) {
+                const next = new URL(loc, currentUrl);
+                this.assertSameOrigin(next); // throws on cross-origin / https->http downgrade
+                currentUrl = next.href;
+                redirectsLeft--;
+                continue;
+            }
+            if (!response.ok) {
+                throw new HttpError(response.status, response.statusText);
+            }
+            return response;
         }
-        return response;
     }
     async readArrayBuffer(response) {
         try {

package/dist/ui/width.d.ts

@@ -19,6 +19,17 @@ export declare function stripAnsi(str: string): string;
  * raw 忠実を壊すべきでない)。色付けは本関数より後段で適用するため除去されない。
  */
 export declare function sanitizeForDisplay(str: string): string;
+/**
+ * ログファイル向けの無害化。`sanitizeForDisplay` と違い、ログの行構造
+ * (`\n`) とインデント (`\t`) は保持し、それ以外の端末乗っ取り/破壊しうる
+ * 制御文字 (ESC/BEL/CR ほか C0・DEL・C1) を可視の `\uXXXX` にエスケープする。
+ *
+ * サーバ由来の文字列 (エラーメッセージ・remarks・statusText・スタック等) が
+ * `~/.i-repo/logs/*.log` に生で書かれると、後で cat/less -R で開いたときに
+ * タイトル書換・画面消去・偽プロンプトが発動しうる。バイトは記録しつつ無効化
+ * する (JSON 出力経路と同じ「エスケープして残す」方針)。
+ */
+export declare function sanitizeForLog(str: string): string;
 /** Terminal cell width of a single code point: 0, 1, or 2 */
 export declare function charWidth(cp: number): number;
 /** Visual display width of a string (ANSI codes stripped, CJK = 2 columns) */

package/dist/ui/width.js

@@ -27,6 +27,21 @@ export function sanitizeForDisplay(str) {
     // eslint-disable-next-line no-control-regex
     return str.replace(/[\x00-\x1f\x7f-\x9f]/g, "");
 }
+/**
+ * ログファイル向けの無害化。`sanitizeForDisplay` と違い、ログの行構造
+ * (`\n`) とインデント (`\t`) は保持し、それ以外の端末乗っ取り/破壊しうる
+ * 制御文字 (ESC/BEL/CR ほか C0・DEL・C1) を可視の `\uXXXX` にエスケープする。
+ *
+ * サーバ由来の文字列 (エラーメッセージ・remarks・statusText・スタック等) が
+ * `~/.i-repo/logs/*.log` に生で書かれると、後で cat/less -R で開いたときに
+ * タイトル書換・画面消去・偽プロンプトが発動しうる。バイトは記録しつつ無効化
+ * する (JSON 出力経路と同じ「エスケープして残す」方針)。
+ */
+export function sanitizeForLog(str) {
+    // 0x09(タブ) と 0x0a(改行) だけ残し、他の C0・DEL・C1 をエスケープ。
+    // eslint-disable-next-line no-control-regex
+    return str.replace(/[\x00-\x08\x0b-\x1f\x7f-\x9f]/g, (c) => "\\u" + c.charCodeAt(0).toString(16).padStart(4, "0"));
+}
 /** Terminal cell width of a single code point: 0, 1, or 2 */
 export function charWidth(cp) {
     // Zero-width: ZWSP, ZWJ, combining marks, Hangul jungseong/jongseong, variation selectors

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "i-repo",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "description": "Modern CLI for ConMas i-Reporter - Built for humans and AI",
   "type": "module",
   "bin": {