mindforge-cc 2.1.0 → 2.1.2

package/.agent/bin/lib/roadmap.cjs

@@ -0,0 +1,329 @@
+/**
+ * Roadmap — Roadmap parsing and update operations
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { escapeRegex, normalizePhaseName, planningPaths, output, error, findPhaseInternal, stripShippedMilestones, extractCurrentMilestone, replaceInCurrentMilestone } = require('./core.cjs');
+
+function cmdRoadmapGetPhase(cwd, phaseNum, raw) {
+  const roadmapPath = planningPaths(cwd).roadmap;
+
+  if (!fs.existsSync(roadmapPath)) {
+    output({ found: false, error: 'ROADMAP.md not found' }, raw, '');
+    return;
+  }
+
+  try {
+    const content = extractCurrentMilestone(fs.readFileSync(roadmapPath, 'utf-8'), cwd);
+
+    // Escape special regex chars in phase number, handle decimal
+    const escapedPhase = escapeRegex(phaseNum);
+
+    // Match "## Phase X:", "### Phase X:", or "#### Phase X:" with optional name
+    const phasePattern = new RegExp(
+      `#{2,4}\\s*Phase\\s+${escapedPhase}:\\s*([^\\n]+)`,
+      'i'
+    );
+    const headerMatch = content.match(phasePattern);
+
+    if (!headerMatch) {
+      // Fallback: check if phase exists in summary list but missing detail section
+      const checklistPattern = new RegExp(
+        `-\\s*\\[[ x]\\]\\s*\\*\\*Phase\\s+${escapedPhase}:\\s*([^*]+)\\*\\*`,
+        'i'
+      );
+      const checklistMatch = content.match(checklistPattern);
+
+      if (checklistMatch) {
+        // Phase exists in summary but missing detail section - malformed ROADMAP
+        output({
+          found: false,
+          phase_number: phaseNum,
+          phase_name: checklistMatch[1].trim(),
+          error: 'malformed_roadmap',
+          message: `Phase ${phaseNum} exists in summary list but missing "### Phase ${phaseNum}:" detail section. ROADMAP.md needs both formats.`
+        }, raw, '');
+        return;
+      }
+
+      output({ found: false, phase_number: phaseNum }, raw, '');
+      return;
+    }
+
+    const phaseName = headerMatch[1].trim();
+    const headerIndex = headerMatch.index;
+
+    // Find the end of this section (next ## or ### phase header, or end of file)
+    const restOfContent = content.slice(headerIndex);
+    const nextHeaderMatch = restOfContent.match(/\n#{2,4}\s+Phase\s+\d/i);
+    const sectionEnd = nextHeaderMatch
+      ? headerIndex + nextHeaderMatch.index
+      : content.length;
+
+    const section = content.slice(headerIndex, sectionEnd).trim();
+
+    // Extract goal if present (supports both **Goal:** and **Goal**: formats)
+    const goalMatch = section.match(/\*\*Goal(?::\*\*|\*\*:)\s*([^\n]+)/i);
+    const goal = goalMatch ? goalMatch[1].trim() : null;
+
+    // Extract success criteria as structured array
+    const criteriaMatch = section.match(/\*\*Success Criteria\*\*[^\n]*:\s*\n((?:\s*\d+\.\s*[^\n]+\n?)+)/i);
+    const success_criteria = criteriaMatch
+      ? criteriaMatch[1].trim().split('\n').map(line => line.replace(/^\s*\d+\.\s*/, '').trim()).filter(Boolean)
+      : [];
+
+    output(
+      {
+        found: true,
+        phase_number: phaseNum,
+        phase_name: phaseName,
+        goal,
+        success_criteria,
+        section,
+      },
+      raw,
+      section
+    );
+  } catch (e) {
+    error('Failed to read ROADMAP.md: ' + e.message);
+  }
+}
+
+function cmdRoadmapAnalyze(cwd, raw) {
+  const roadmapPath = planningPaths(cwd).roadmap;
+
+  if (!fs.existsSync(roadmapPath)) {
+    output({ error: 'ROADMAP.md not found', milestones: [], phases: [], current_phase: null }, raw);
+    return;
+  }
+
+  const rawContent = fs.readFileSync(roadmapPath, 'utf-8');
+  const content = extractCurrentMilestone(rawContent, cwd);
+  const phasesDir = planningPaths(cwd).phases;
+
+  // Extract all phase headings: ## Phase N: Name or ### Phase N: Name
+  const phasePattern = /#{2,4}\s*Phase\s+(\d+[A-Z]?(?:\.\d+)*)\s*:\s*([^\n]+)/gi;
+  const phases = [];
+  let match;
+
+  while ((match = phasePattern.exec(content)) !== null) {
+    const phaseNum = match[1];
+    const phaseName = match[2].replace(/\(INSERTED\)/i, '').trim();
+
+    // Extract goal from the section
+    const sectionStart = match.index;
+    const restOfContent = content.slice(sectionStart);
+    const nextHeader = restOfContent.match(/\n#{2,4}\s+Phase\s+\d/i);
+    const sectionEnd = nextHeader ? sectionStart + nextHeader.index : content.length;
+    const section = content.slice(sectionStart, sectionEnd);
+
+    const goalMatch = section.match(/\*\*Goal(?::\*\*|\*\*:)\s*([^\n]+)/i);
+    const goal = goalMatch ? goalMatch[1].trim() : null;
+
+    const dependsMatch = section.match(/\*\*Depends on(?::\*\*|\*\*:)\s*([^\n]+)/i);
+    const depends_on = dependsMatch ? dependsMatch[1].trim() : null;
+
+    // Check completion on disk
+    const normalized = normalizePhaseName(phaseNum);
+    let diskStatus = 'no_directory';
+    let planCount = 0;
+    let summaryCount = 0;
+    let hasContext = false;
+    let hasResearch = false;
+
+    try {
+      const entries = fs.readdirSync(phasesDir, { withFileTypes: true });
+      const dirs = entries.filter(e => e.isDirectory()).map(e => e.name);
+      const dirMatch = dirs.find(d => d.startsWith(normalized + '-') || d === normalized);
+
+      if (dirMatch) {
+        const phaseFiles = fs.readdirSync(path.join(phasesDir, dirMatch));
+        planCount = phaseFiles.filter(f => f.endsWith('-PLAN.md') || f === 'PLAN.md').length;
+        summaryCount = phaseFiles.filter(f => f.endsWith('-SUMMARY.md') || f === 'SUMMARY.md').length;
+        hasContext = phaseFiles.some(f => f.endsWith('-CONTEXT.md') || f === 'CONTEXT.md');
+        hasResearch = phaseFiles.some(f => f.endsWith('-RESEARCH.md') || f === 'RESEARCH.md');
+
+        if (summaryCount >= planCount && planCount > 0) diskStatus = 'complete';
+        else if (summaryCount > 0) diskStatus = 'partial';
+        else if (planCount > 0) diskStatus = 'planned';
+        else if (hasResearch) diskStatus = 'researched';
+        else if (hasContext) diskStatus = 'discussed';
+        else diskStatus = 'empty';
+      }
+    } catch { /* intentionally empty */ }
+
+    // Check ROADMAP checkbox status
+    const checkboxPattern = new RegExp(`-\\s*\\[(x| )\\]\\s*.*Phase\\s+${escapeRegex(phaseNum)}[:\\s]`, 'i');
+    const checkboxMatch = content.match(checkboxPattern);
+    const roadmapComplete = checkboxMatch ? checkboxMatch[1] === 'x' : false;
+
+    // If roadmap marks phase complete, trust that over disk file structure.
+    // Phases completed before MindForge tracking (or via external tools) may lack
+    // the standard PLAN/SUMMARY pairs but are still done.
+    if (roadmapComplete && diskStatus !== 'complete') {
+      diskStatus = 'complete';
+    }
+
+    phases.push({
+      number: phaseNum,
+      name: phaseName,
+      goal,
+      depends_on,
+      plan_count: planCount,
+      summary_count: summaryCount,
+      has_context: hasContext,
+      has_research: hasResearch,
+      disk_status: diskStatus,
+      roadmap_complete: roadmapComplete,
+    });
+  }
+
+  // Extract milestone info
+  const milestones = [];
+  const milestonePattern = /##\s*(.*v(\d+(?:\.\d+)+)[^(\n]*)/gi;
+  let mMatch;
+  while ((mMatch = milestonePattern.exec(content)) !== null) {
+    milestones.push({
+      heading: mMatch[1].trim(),
+      version: 'v' + mMatch[2],
+    });
+  }
+
+  // Find current and next phase
+  const currentPhase = phases.find(p => p.disk_status === 'planned' || p.disk_status === 'partial') || null;
+  const nextPhase = phases.find(p => p.disk_status === 'empty' || p.disk_status === 'no_directory' || p.disk_status === 'discussed' || p.disk_status === 'researched') || null;
+
+  // Aggregated stats
+  const totalPlans = phases.reduce((sum, p) => sum + p.plan_count, 0);
+  const totalSummaries = phases.reduce((sum, p) => sum + p.summary_count, 0);
+  const completedPhases = phases.filter(p => p.disk_status === 'complete').length;
+
+  // Detect phases in summary list without detail sections (malformed ROADMAP)
+  const checklistPattern = /-\s*\[[ x]\]\s*\*\*Phase\s+(\d+[A-Z]?(?:\.\d+)*)/gi;
+  const checklistPhases = new Set();
+  let checklistMatch;
+  while ((checklistMatch = checklistPattern.exec(content)) !== null) {
+    checklistPhases.add(checklistMatch[1]);
+  }
+  const detailPhases = new Set(phases.map(p => p.number));
+  const missingDetails = [...checklistPhases].filter(p => !detailPhases.has(p));
+
+  const result = {
+    milestones,
+    phases,
+    phase_count: phases.length,
+    completed_phases: completedPhases,
+    total_plans: totalPlans,
+    total_summaries: totalSummaries,
+    progress_percent: totalPlans > 0 ? Math.min(100, Math.round((totalSummaries / totalPlans) * 100)) : 0,
+    current_phase: currentPhase ? currentPhase.number : null,
+    next_phase: nextPhase ? nextPhase.number : null,
+    missing_phase_details: missingDetails.length > 0 ? missingDetails : null,
+  };
+
+  output(result, raw);
+}
+
+function cmdRoadmapUpdatePlanProgress(cwd, phaseNum, raw) {
+  if (!phaseNum) {
+    error('phase number required for roadmap update-plan-progress');
+  }
+
+  const roadmapPath = planningPaths(cwd).roadmap;
+
+  const phaseInfo = findPhaseInternal(cwd, phaseNum);
+  if (!phaseInfo) {
+    error(`Phase ${phaseNum} not found`);
+  }
+
+  const planCount = phaseInfo.plans.length;
+  const summaryCount = phaseInfo.summaries.length;
+
+  if (planCount === 0) {
+    output({ updated: false, reason: 'No plans found', plan_count: 0, summary_count: 0 }, raw, 'no plans');
+    return;
+  }
+
+  const isComplete = summaryCount >= planCount;
+  const status = isComplete ? 'Complete' : summaryCount > 0 ? 'In Progress' : 'Planned';
+  const today = new Date().toISOString().split('T')[0];
+
+  if (!fs.existsSync(roadmapPath)) {
+    output({ updated: false, reason: 'ROADMAP.md not found', plan_count: planCount, summary_count: summaryCount }, raw, 'no roadmap');
+    return;
+  }
+
+  let roadmapContent = fs.readFileSync(roadmapPath, 'utf-8');
+  const phaseEscaped = escapeRegex(phaseNum);
+
+  // Progress table row: update Plans/Status/Date columns (handles 4 or 5 column tables)
+  const tableRowPattern = new RegExp(
+    `^(\\|\\s*${phaseEscaped}\\.?\\s[^|]*(?:\\|[^\\n]*))$`,
+    'im'
+  );
+  const dateField = isComplete ? ` ${today} ` : '  ';
+  roadmapContent = roadmapContent.replace(tableRowPattern, (fullRow) => {
+    const cells = fullRow.split('|').slice(1, -1); // drop leading/trailing empty from split
+    if (cells.length === 5) {
+      // 5-col: Phase | Milestone | Plans | Status | Completed
+      cells[2] = ` ${summaryCount}/${planCount} `;
+      cells[3] = ` ${status.padEnd(11)}`;
+      cells[4] = dateField;
+    } else if (cells.length === 4) {
+      // 4-col: Phase | Plans | Status | Completed
+      cells[1] = ` ${summaryCount}/${planCount} `;
+      cells[2] = ` ${status.padEnd(11)}`;
+      cells[3] = dateField;
+    }
+    return '|' + cells.join('|') + '|';
+  });
+
+  // Update plan count in phase detail section
+  const planCountPattern = new RegExp(
+    `(#{2,4}\\s*Phase\\s+${phaseEscaped}[\\s\\S]*?\\*\\*Plans:\\*\\*\\s*)[^\\n]+`,
+    'i'
+  );
+  const planCountText = isComplete
+    ? `${summaryCount}/${planCount} plans complete`
+    : `${summaryCount}/${planCount} plans executed`;
+  roadmapContent = replaceInCurrentMilestone(roadmapContent, planCountPattern, `$1${planCountText}`);
+
+  // If complete: check checkbox
+  if (isComplete) {
+    const checkboxPattern = new RegExp(
+      `(-\\s*\\[)[ ](\\]\\s*.*Phase\\s+${phaseEscaped}[:\\s][^\\n]*)`,
+      'i'
+    );
+    roadmapContent = replaceInCurrentMilestone(roadmapContent, checkboxPattern, `$1x$2 (completed ${today})`);
+  }
+
+  // Mark completed plan checkboxes (e.g. "- [ ] 50-01-PLAN.md" or "- [ ] 50-01:")
+  for (const summaryFile of phaseInfo.summaries) {
+    const planId = summaryFile.replace('-SUMMARY.md', '').replace('SUMMARY.md', '');
+    if (!planId) continue;
+    const planEscaped = escapeRegex(planId);
+    const planCheckboxPattern = new RegExp(
+      `(-\\s*\\[) (\\]\\s*${planEscaped})`,
+      'i'
+    );
+    roadmapContent = roadmapContent.replace(planCheckboxPattern, '$1x$2');
+  }
+
+  fs.writeFileSync(roadmapPath, roadmapContent, 'utf-8');
+
+  output({
+    updated: true,
+    phase: phaseNum,
+    plan_count: planCount,
+    summary_count: summaryCount,
+    status,
+    complete: isComplete,
+  }, raw, `${summaryCount}/${planCount} ${status}`);
+}
+
+module.exports = {
+  cmdRoadmapGetPhase,
+  cmdRoadmapAnalyze,
+  cmdRoadmapUpdatePlanProgress,
+};

package/.agent/bin/lib/security.cjs

@@ -0,0 +1,356 @@
+/**
+ * Security — Input validation, path traversal prevention, and prompt injection guards
+ *
+ * This module centralizes security checks for MindForge tooling. Because MindForge generates
+ * markdown files that become LLM system prompts (agent instructions, workflow state,
+ * phase plans), any user-controlled text that flows into these files is a potential
+ * indirect prompt injection vector.
+ *
+ * Threat model:
+ *   1. Path traversal: user-supplied file paths escape the project directory
+ *   2. Prompt injection: malicious text in arguments/PRDs embeds LLM instructions
+ *   3. Shell metacharacter injection: user text interpreted by shell
+ *   4. JSON injection: malformed JSON crashes or corrupts state
+ *   5. Regex DoS: crafted input causes catastrophic backtracking
+ */
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+// ─── Path Traversal Prevention ──────────────────────────────────────────────
+
+/**
+ * Validate that a file path resolves within an allowed base directory.
+ * Prevents path traversal attacks via ../ sequences, symlinks, or absolute paths.
+ *
+ * @param {string} filePath - The user-supplied file path
+ * @param {string} baseDir - The allowed base directory (e.g., project root)
+ * @param {object} [opts] - Options
+ * @param {boolean} [opts.allowAbsolute=false] - Allow absolute paths (still must be within baseDir)
+ * @returns {{ safe: boolean, resolved: string, error?: string }}
+ */
+function validatePath(filePath, baseDir, opts = {}) {
+  if (!filePath || typeof filePath !== 'string') {
+    return { safe: false, resolved: '', error: 'Empty or invalid file path' };
+  }
+
+  if (!baseDir || typeof baseDir !== 'string') {
+    return { safe: false, resolved: '', error: 'Empty or invalid base directory' };
+  }
+
+  // Reject null bytes (can bypass path checks in some environments)
+  if (filePath.includes('\0')) {
+    return { safe: false, resolved: '', error: 'Path contains null bytes' };
+  }
+
+  // Resolve symlinks in base directory to handle macOS /var -> /private/var
+  // and similar platform-specific symlink chains
+  let resolvedBase;
+  try {
+    resolvedBase = fs.realpathSync(path.resolve(baseDir));
+  } catch {
+    resolvedBase = path.resolve(baseDir);
+  }
+
+  let resolvedPath;
+
+  if (path.isAbsolute(filePath)) {
+    if (!opts.allowAbsolute) {
+      return { safe: false, resolved: '', error: 'Absolute paths not allowed' };
+    }
+    resolvedPath = path.resolve(filePath);
+  } else {
+    resolvedPath = path.resolve(baseDir, filePath);
+  }
+
+  // Resolve symlinks in the target path too
+  try {
+    resolvedPath = fs.realpathSync(resolvedPath);
+  } catch {
+    // File may not exist yet (e.g., about to be created) — use logical resolution
+    // but still resolve the parent directory if it exists
+    const parentDir = path.dirname(resolvedPath);
+    try {
+      const realParent = fs.realpathSync(parentDir);
+      resolvedPath = path.join(realParent, path.basename(resolvedPath));
+    } catch {
+      // Parent doesn't exist either — keep the resolved path as-is
+    }
+  }
+
+  // Normalize both paths and check containment
+  const normalizedBase = resolvedBase + path.sep;
+  const normalizedPath = resolvedPath + path.sep;
+
+  // The resolved path must start with the base directory
+  // (or be exactly the base directory)
+  if (resolvedPath !== resolvedBase && !normalizedPath.startsWith(normalizedBase)) {
+    return {
+      safe: false,
+      resolved: resolvedPath,
+      error: `Path escapes allowed directory: ${resolvedPath} is outside ${resolvedBase}`,
+    };
+  }
+
+  return { safe: true, resolved: resolvedPath };
+}
+
+/**
+ * Validate a file path and throw on traversal attempt.
+ * Convenience wrapper around validatePath for use in CLI commands.
+ */
+function requireSafePath(filePath, baseDir, label, opts = {}) {
+  const result = validatePath(filePath, baseDir, opts);
+  if (!result.safe) {
+    throw new Error(`${label || 'Path'} validation failed: ${result.error}`);
+  }
+  return result.resolved;
+}
+
+// ─── Prompt Injection Detection ─────────────────────────────────────────────
+
+/**
+ * Patterns that indicate prompt injection attempts in user-supplied text.
+ * These patterns catch common indirect prompt injection techniques where
+ * an attacker embeds LLM instructions in text that will be read by an agent.
+ *
+ * Note: This is defense-in-depth — not a complete solution. The primary defense
+ * is proper input/output boundaries in agent prompts.
+ */
+const INJECTION_PATTERNS = [
+  // Direct instruction override attempts
+  /ignore\s+(all\s+)?previous\s+instructions/i,
+  /ignore\s+(all\s+)?above\s+instructions/i,
+  /disregard\s+(all\s+)?previous/i,
+  /forget\s+(all\s+)?(your\s+)?instructions/i,
+  /override\s+(system|previous)\s+(prompt|instructions)/i,
+
+  // Role/identity manipulation
+  /you\s+are\s+now\s+(?:a|an|the)\s+/i,
+  /act\s+as\s+(?:a|an|the)\s+(?!plan|phase|wave)/i,  // allow "act as a plan"
+  /pretend\s+(?:you(?:'re| are)\s+|to\s+be\s+)/i,
+  /from\s+now\s+on,?\s+you\s+(?:are|will|should|must)/i,
+
+  // System prompt extraction
+  /(?:print|output|reveal|show|display|repeat)\s+(?:your\s+)?(?:system\s+)?(?:prompt|instructions)/i,
+  /what\s+(?:are|is)\s+your\s+(?:system\s+)?(?:prompt|instructions)/i,
+
+  // Hidden instruction markers (XML/HTML tags that mimic system messages)
+  // Note: <instructions> is excluded — MindForge uses it as legitimate prompt structure
+  // Requires > to close the tag (not just whitespace) to avoid matching generic types like Promise<User | null>
+  /<\/?(?:system|assistant|human)>/i,
+  /\[SYSTEM\]/i,
+  /\[INST\]/i,
+  /<<\s*SYS\s*>>/i,
+
+  // Exfiltration attempts
+  /(?:send|post|fetch|curl|wget)\s+(?:to|from)\s+https?:\/\//i,
+  /(?:base64|btoa|encode)\s+(?:and\s+)?(?:send|exfiltrate|output)/i,
+
+  // Tool manipulation
+  /(?:run|execute|call|invoke)\s+(?:the\s+)?(?:bash|shell|exec|spawn)\s+(?:tool|command)/i,
+];
+
+/**
+ * Scan text for potential prompt injection patterns.
+ * Returns an array of findings (empty = clean).
+ *
+ * @param {string} text - The text to scan
+ * @param {object} [opts] - Options
+ * @param {boolean} [opts.strict=false] - Enable stricter matching (more false positives)
+ * @returns {{ clean: boolean, findings: string[] }}
+ */
+function scanForInjection(text, opts = {}) {
+  if (!text || typeof text !== 'string') {
+    return { clean: true, findings: [] };
+  }
+
+  const findings = [];
+
+  for (const pattern of INJECTION_PATTERNS) {
+    if (pattern.test(text)) {
+      findings.push(`Matched injection pattern: ${pattern.source}`);
+    }
+  }
+
+  if (opts.strict) {
+    // Check for suspicious Unicode that could hide instructions
+    // (zero-width chars, RTL override, homoglyph attacks)
+    if (/[\u200B-\u200F\u2028-\u202F\uFEFF\u00AD]/.test(text)) {
+      findings.push('Contains suspicious zero-width or invisible Unicode characters');
+    }
+
+    // Check for extremely long strings that could be prompt stuffing
+    if (text.length > 50000) {
+      findings.push(`Suspicious text length: ${text.length} chars (potential prompt stuffing)`);
+    }
+  }
+
+  return { clean: findings.length === 0, findings };
+}
+
+/**
+ * Sanitize text that will be embedded in agent prompts or planning documents.
+ * Strips known injection markers while preserving legitimate content.
+ *
+ * This does NOT alter user intent — it neutralizes control characters and
+ * instruction-mimicking patterns that could hijack agent behavior.
+ *
+ * @param {string} text - Text to sanitize
+ * @returns {string} Sanitized text
+ */
+function sanitizeForPrompt(text) {
+  if (!text || typeof text !== 'string') return text;
+
+  let sanitized = text;
+
+  // Strip zero-width characters that could hide instructions
+  sanitized = sanitized.replace(/[\u200B-\u200F\u2028-\u202F\uFEFF\u00AD]/g, '');
+
+  // Neutralize XML/HTML tags that mimic system boundaries
+  // Replace < > with full-width equivalents to prevent tag interpretation
+  // Note: <instructions> is excluded — MindForge uses it as legitimate prompt structure
+  sanitized = sanitized.replace(/<(\/?)(?:system|assistant|human)>/gi,
+    (_, slash) => `＜${slash || ''}system-text＞`);
+
+  // Neutralize [SYSTEM] / [INST] markers
+  sanitized = sanitized.replace(/\[(SYSTEM|INST)\]/gi, '[$1-TEXT]');
+
+  // Neutralize <<SYS>> markers
+  sanitized = sanitized.replace(/<<\s*SYS\s*>>/gi, '«SYS-TEXT»');
+
+  return sanitized;
+}
+
+// ─── Shell Safety ───────────────────────────────────────────────────────────
+
+/**
+ * Validate that a string is safe to use as a shell argument when quoted.
+ * This is a defense-in-depth check — callers should always use array-based
+ * exec (spawnSync) where possible.
+ *
+ * @param {string} value - The value to check
+ * @param {string} label - Description for error messages
+ * @returns {string} The validated value
+ */
+function validateShellArg(value, label) {
+  if (!value || typeof value !== 'string') {
+    throw new Error(`${label || 'Argument'}: empty or invalid value`);
+  }
+
+  // Reject null bytes
+  if (value.includes('\0')) {
+    throw new Error(`${label || 'Argument'}: contains null bytes`);
+  }
+
+  // Reject command substitution attempts
+  if (/[$`]/.test(value) && /\$\(|`/.test(value)) {
+    throw new Error(`${label || 'Argument'}: contains potential command substitution`);
+  }
+
+  return value;
+}
+
+// ─── JSON Safety ────────────────────────────────────────────────────────────
+
+/**
+ * Safely parse JSON with error handling and optional size limits.
+ * Wraps JSON.parse to prevent uncaught exceptions from malformed input.
+ *
+ * @param {string} text - JSON string to parse
+ * @param {object} [opts] - Options
+ * @param {number} [opts.maxLength=1048576] - Maximum input length (1MB default)
+ * @param {string} [opts.label='JSON'] - Description for error messages
+ * @returns {{ ok: boolean, value?: any, error?: string }}
+ */
+function safeJsonParse(text, opts = {}) {
+  const maxLength = opts.maxLength || 1048576;
+  const label = opts.label || 'JSON';
+
+  if (!text || typeof text !== 'string') {
+    return { ok: false, error: `${label}: empty or invalid input` };
+  }
+
+  if (text.length > maxLength) {
+    return { ok: false, error: `${label}: input exceeds ${maxLength} byte limit (got ${text.length})` };
+  }
+
+  try {
+    const value = JSON.parse(text);
+    return { ok: true, value };
+  } catch (err) {
+    return { ok: false, error: `${label}: parse error — ${err.message}` };
+  }
+}
+
+// ─── Phase/Argument Validation ──────────────────────────────────────────────
+
+/**
+ * Validate a phase number argument.
+ * Phase numbers must match: integer, decimal (2.1), or letter suffix (12A).
+ * Rejects arbitrary strings that could be used for injection.
+ *
+ * @param {string} phase - The phase number to validate
+ * @returns {{ valid: boolean, normalized?: string, error?: string }}
+ */
+function validatePhaseNumber(phase) {
+  if (!phase || typeof phase !== 'string') {
+    return { valid: false, error: 'Phase number is required' };
+  }
+
+  const trimmed = phase.trim();
+
+  // Standard numeric: 1, 01, 12A, 12.1, 12A.1.2
+  if (/^\d{1,4}[A-Z]?(?:\.\d{1,3})*$/i.test(trimmed)) {
+    return { valid: true, normalized: trimmed };
+  }
+
+  // Custom project IDs: PROJ-42, AUTH-101 (uppercase alphanumeric with hyphens)
+  if (/^[A-Z][A-Z0-9]*(?:-[A-Z0-9]+){1,4}$/i.test(trimmed) && trimmed.length <= 30) {
+    return { valid: true, normalized: trimmed };
+  }
+
+  return { valid: false, error: `Invalid phase number format: "${trimmed}"` };
+}
+
+/**
+ * Validate a STATE.md field name to prevent injection into regex patterns.
+ * Field names must be alphanumeric with spaces, hyphens, underscores, or dots.
+ *
+ * @param {string} field - The field name to validate
+ * @returns {{ valid: boolean, error?: string }}
+ */
+function validateFieldName(field) {
+  if (!field || typeof field !== 'string') {
+    return { valid: false, error: 'Field name is required' };
+  }
+
+  // Allow typical field names: "Current Phase", "active_plan", "Phase 1.2"
+  if (/^[A-Za-z][A-Za-z0-9 _.\-/]{0,60}$/.test(field)) {
+    return { valid: true };
+  }
+
+  return { valid: false, error: `Invalid field name: "${field}"` };
+}
+
+module.exports = {
+  // Path safety
+  validatePath,
+  requireSafePath,
+
+  // Prompt injection
+  INJECTION_PATTERNS,
+  scanForInjection,
+  sanitizeForPrompt,
+
+  // Shell safety
+  validateShellArg,
+
+  // JSON safety
+  safeJsonParse,
+
+  // Input validation
+  validatePhaseNumber,
+  validateFieldName,
+};