mstro-app 0.3.7 → 0.3.9

package/dist/server/mcp/security-patterns.js

@@ -1,5 +1,18 @@
 // Copyright (c) 2025-present Mstro, Inc. All rights reserved.
 // Licensed under the MIT License. See LICENSE file for details.
+/**
+ * Security Patterns - Single Source of Truth
+ *
+ * Consolidated pattern definitions for fast-path security checks.
+ * All pattern-based security decisions use this module to avoid duplication.
+ *
+ * PHILOSOPHY:
+ * - Most operations should be evaluated by CONTEXT, not by path or extension
+ * - Only truly catastrophic operations (rm -rf /, fork bombs) are auto-denied
+ * - Sensitive operations (system paths, credentials) get AI review with context
+ * - The question is: "Does this operation make sense given user intent?"
+ */
+import { resolve } from 'node:path';
 /**
  * Sensitive paths that require AI context review
  * These aren't auto-denied - they need context analysis to determine intent
@@ -61,7 +74,16 @@ export const CRITICAL_THREATS = [
     {
         pattern: /chmod\s+000\s+\//i,
         reason: 'Attempting to make system directories inaccessible'
-    }
+    },
+    // Reverse shells - never legitimate in a dev workflow
+    {
+        pattern: /\/dev\/tcp\//i,
+        reason: 'Reverse shell via /dev/tcp - classic backdoor technique'
+    },
+    {
+        pattern: /\bnc\b.*-[elp].*\b\d+\b/i,
+        reason: 'Netcat listener/reverse shell - common backdoor technique'
+    },
     // NOTE: curl|bash is NOT here - it goes to Haiku for context review
     // The question is "did a bad actor inject this?" not "is curl|bash dangerous?"
 ];
@@ -126,12 +148,96 @@ export const NEEDS_AI_REVIEW = [
         pattern: /rm\s+-rf/i,
         reason: 'Recursive deletion - verify target matches user intent'
     },
+    // Data exfiltration patterns — piping data to network tools
+    {
+        pattern: /\|\s*(nc|netcat|ncat)\b/i,
+        reason: 'Pipe to netcat - potential data exfiltration'
+    },
+    {
+        pattern: /\bscp\b.*@/i,
+        reason: 'SCP to remote host - potential data exfiltration'
+    },
+    {
+        pattern: /\|\s*curl\b/i,
+        reason: 'Pipe to curl - potential data exfiltration'
+    },
+    {
+        pattern: /curl\b.*-d\s*@/i,
+        reason: 'Curl with file upload - potential data exfiltration'
+    },
     // ALL Write/Edit operations that aren't to /tmp go through context review
     // This is the key change: we review based on context, not blanket allow/deny
     {
         pattern: /^(Write|Edit):\s*(?!\/tmp\/|\/var\/tmp\/)/i,
         reason: 'File modification - verify aligns with user request'
     },
+    // Reverse shells and bind shells — network-connected interactive shells
+    {
+        pattern: /\/dev\/tcp\//i,
+        reason: 'Potential reverse shell via /dev/tcp'
+    },
+    {
+        pattern: /\b(nc|netcat|ncat)\b.*-e\s/i,
+        reason: 'Netcat with -e flag - potential reverse shell'
+    },
+    {
+        pattern: /\bsocket\b.*\bconnect\b.*\b(dup2|subprocess|exec)\b/i,
+        reason: 'Programmatic reverse shell pattern (socket+connect+exec)'
+    },
+    {
+        pattern: /\bperl\b.*\bsocket\b.*\bexec\b/i,
+        reason: 'Perl reverse shell pattern'
+    },
+    // Encoded/obfuscated payloads piped to shell or eval
+    {
+        pattern: /\b(base64|base32)\b.*-d.*\|\s*(bash|sh)\b/i,
+        reason: 'Decoded payload piped to shell - obfuscated command execution'
+    },
+    {
+        pattern: /\\x[0-9a-f]{2}.*\|\s*(bash|sh)\b/i,
+        reason: 'Hex-encoded payload piped to shell'
+    },
+    {
+        pattern: /\bexec\b.*\b(base64|b64decode)\b/i,
+        reason: 'Exec with base64 decoding - obfuscated code execution'
+    },
+    {
+        pattern: /\bprintf\b.*\\x[0-9a-f].*\|\s*(bash|sh)\b/i,
+        reason: 'Printf hex payload piped to shell'
+    },
+    // Cloud metadata / SSRF — accessing cloud instance credentials
+    {
+        pattern: /169\.254\.169\.254/i,
+        reason: 'AWS/Azure IMDS access - potential credential theft'
+    },
+    {
+        pattern: /metadata\.google\.internal/i,
+        reason: 'GCP metadata access - potential credential theft'
+    },
+    // Persistence — writing to shell profiles, cron, authorized_keys via echo/append
+    {
+        pattern: />>\s*~?\/?.*\/(authorized_keys|\.bashrc|\.bash_profile|\.zshrc|\.profile)/i,
+        reason: 'Appending to sensitive file - potential persistence mechanism'
+    },
+    {
+        pattern: /\bld\.so\.preload\b/i,
+        reason: 'LD_PRELOAD injection - shared library hijacking'
+    },
+    // wget with file upload
+    {
+        pattern: /wget\b.*--post-file/i,
+        reason: 'wget file upload - potential data exfiltration'
+    },
+    // pip install from custom index (supply chain attack)
+    {
+        pattern: /pip\b.*--index-url\s+https?:\/\/(?!pypi\.org)/i,
+        reason: 'pip install from non-PyPI index - potential supply chain attack'
+    },
+    // MCP server manipulation
+    {
+        pattern: /\bclaude\b.*\bmcp\b.*\badd\b/i,
+        reason: 'Adding MCP server - verify source is trusted'
+    },
 ];
 /**
  * Check if operation matches any pattern in array
@@ -144,11 +250,64 @@ export function matchesPattern(operation, patterns) {
     }
     return null;
 }
+/**
+ * Normalize file paths in Write/Edit/Read operations to resolve .. traversal.
+ * Prevents path traversal attacks like "Write: /home/user/../../etc/passwd"
+ * from matching safe home-directory patterns.
+ */
+export function normalizeOperation(operation) {
+    const match = operation.match(/^(Write|Edit|Read):\s*(\S+)/i);
+    if (match?.[2].includes('..')) {
+        const [, tool, rawPath] = match;
+        const normalizedPath = resolve(rawPath);
+        return `${tool}: ${normalizedPath}`;
+    }
+    return operation;
+}
+/** Check if a Bash command contains chain operators that could hide dangerous ops after a safe prefix. */
+function containsChainOperators(operation) {
+    const commandPart = operation.replace(/^Bash:\s*/i, '');
+    return /;|&&|\|\||\n/.test(commandPart);
+}
+/** Check if a Bash command pipes output to known exfiltration/network tools or shells. */
+function containsDangerousPipe(operation) {
+    const commandPart = operation.replace(/^Bash:\s*/i, '');
+    return /\|\s*(nc|netcat|ncat|curl|wget|scp|bash|sh)\b/i.test(commandPart);
+}
+/** Check if a Bash command redirects output to sensitive paths (append or overwrite). */
+function containsSensitiveRedirect(operation) {
+    const commandPart = operation.replace(/^Bash:\s*/i, '');
+    return />>?\s*~?\/?.*\/(authorized_keys|\.bashrc|\.bash_profile|\.zshrc|\.profile|\.ssh\/|\.aws\/|\.gnupg\/|ld\.so\.preload|crontab|sudoers)/i.test(commandPart)
+        || />>?\s*\/etc\//i.test(commandPart);
+}
+/** Check if a Bash command contains subshell or backtick expansion (not simple ${VAR}). */
+function containsBashExpansion(operation) {
+    const commandPart = operation.replace(/^Bash:\s*/i, '');
+    return /`[^`]+`/.test(commandPart) || /\$\([^)]+\)/.test(commandPart);
+}
+/** Check if a Bash command contains any form of shell expansion: ${VAR}, $(...), or backticks. */
+function containsAnyExpansion(operation) {
+    const cmd = operation.replace(/^Bash:\s*/i, '');
+    return /\$\{[^}]+\}/.test(cmd) || /\$\([^)]+\)/.test(cmd) || /`[^`]+`/.test(cmd);
+}
+/** Check if expansion is safely used as an argument to a known-safe command prefix.
+ *  e.g., "echo ${HOME}" or "cat ${FILE}" — the expansion can't change the command itself. */
+function isSafeExpansionUse(operation) {
+    const cmd = operation.replace(/^Bash:\s*/i, '').trim();
+    // If the expansion IS the command (first token), it's never safe
+    if (/^(\$\{|\$\(|`)/.test(cmd))
+        return false;
+    // Safe command prefixes where expansion as an argument is harmless
+    const safePrefix = /^(echo|printf|cat|ls|pwd|whoami|date|env|printenv|test|true|false)\s/i;
+    return safePrefix.test(cmd);
+}
 /**
  * Determine if operation requires AI context review
  *
  * The philosophy here is:
- * - SAFE_OPERATIONS: No review needed (read-only, temp files, build artifact cleanup)
+ * - SENSITIVE_PATHS: Always require review (credentials, system configs)
+ * - SAFE_OPERATIONS: No review needed, UNLESS the bash command contains
+ *   chain operators, dangerous pipes, or subshell/backtick expansion
  * - CRITICAL_THREATS: Auto-deny, no review (catastrophic operations)
  * - Everything else: AI reviews context to determine if it matches user intent
  */
@@ -162,18 +321,43 @@ const SAFE_RM_PATTERNS = [
     /rm\s+-rf\s+(\.\/)?__pycache__($|\s)/i,
 ];
 export function requiresAIReview(operation) {
-    if (matchesPattern(operation, SAFE_OPERATIONS))
+    // Normalize paths to prevent .. traversal bypass
+    const op = normalizeOperation(operation);
+    // Check sensitive paths BEFORE safe operations — prevents home-dir
+    // safe pattern from masking .ssh, .aws, .bashrc, etc.
+    if (matchesPattern(op, SENSITIVE_PATHS))
+        return true;
+    // Bash commands with any shell expansion (${VAR}, $(...), backticks) are
+    // opaque — the bouncer can't predict what they expand to at runtime.
+    // Route to AI review BEFORE checking CRITICAL_THREATS or SAFE_OPERATIONS,
+    // UNLESS the command is clearly safe (expansion is just an argument to a
+    // known-safe prefix like "echo ${HOME}").
+    if (/^Bash:/i.test(op) && containsAnyExpansion(op) && !isSafeExpansionUse(op)) {
+        return true;
+    }
+    if (matchesPattern(op, SAFE_OPERATIONS)) {
+        // Safe bash commands must not contain chain operators, dangerous pipes,
+        // or subshell/backtick expansion that could hide dangerous operations.
+        // A safe prefix (e.g., "git clone") with chain operators (&&, ;, ||)
+        // means the full command isn't necessarily safe — route to AI review.
+        if (/^Bash:/i.test(op) && (containsChainOperators(op) ||
+            containsDangerousPipe(op) ||
+            containsBashExpansion(op) ||
+            containsSensitiveRedirect(op))) {
+            return true;
+        }
         return false;
-    if (matchesPattern(operation, CRITICAL_THREATS))
+    }
+    if (matchesPattern(op, CRITICAL_THREATS))
         return false;
-    if (matchesPattern(operation, NEEDS_AI_REVIEW)) {
-        return !SAFE_RM_PATTERNS.some(p => p.test(operation));
+    if (matchesPattern(op, NEEDS_AI_REVIEW)) {
+        return !SAFE_RM_PATTERNS.some(p => p.test(op));
     }
-    // Variable expansion and glob patterns are only concerning in Bash commands
-    if (/^Bash:/.test(operation)) {
-        if (/\$\{.*\}|\$\(.*\)/.test(operation) || /\*\*?/.test(operation))
+    // Glob patterns and script execution are concerning in Bash commands
+    if (/^Bash:/.test(op)) {
+        if (/\*\*?/.test(op))
             return true;
-        if (/^Bash:\s*\.\//.test(operation))
+        if (/^Bash:\s*\.\//.test(op))
             return true;
     }
     return false;
@@ -220,6 +404,9 @@ export function classifyRisk(operation) {
         { pattern: /chmod\s+777/i, reason: 'Dangerous permissions' },
         { pattern: /(curl|wget).*\|.*(bash|sh)/i, reason: 'Remote code execution' },
         { pattern: /pkill|killall/i, reason: 'Process termination' },
+        { pattern: /\|\s*(nc|netcat|ncat)\b/i, reason: 'Data exfiltration via netcat' },
+        { pattern: /\bscp\b.*@/i, reason: 'Data exfiltration via SCP' },
+        { pattern: /curl\b.*-d\s*@/i, reason: 'Data exfiltration via curl file upload' },
     ];
     for (const pattern of elevatedPatterns) {
         if (pattern.pattern.test(operation)) {

package/dist/server/mcp/security-patterns.js.map

@@ -1 +1 @@
-{"version":3,"file":"security-patterns.js","sourceRoot":"","sources":["../../../server/mcp/security-patterns.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAoBhE;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,qFAAqF;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,MAAM,EAAE,2CAA2C,EAAE;IAC7F,EAAE,OAAO,EAAE,qDAAqD,EAAE,MAAM,EAAE,sCAAsC,EAAE;IAClH,EAAE,OAAO,EAAE,4BAA4B,EAAE,MAAM,EAAE,qCAAqC,EAAE;IACxF,EAAE,OAAO,EAAE,4BAA4B,EAAE,MAAM,EAAE,gCAAgC,EAAE;IACnF,EAAE,OAAO,EAAE,8BAA8B,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACxF,EAAE,OAAO,EAAE,6DAA6D,EAAE,MAAM,EAAE,4CAA4C,EAAE;IAEhI,uEAAuE;IACvE,EAAE,OAAO,EAAE,+BAA+B,EAAE,MAAM,EAAE,wCAAwC,EAAE;IAC9F,EAAE,OAAO,EAAE,iCAAiC,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACvF,EAAE,OAAO,EAAE,mDAAmD,EAAE,MAAM,EAAE,sCAAsC,EAAE;IAChH,EAAE,OAAO,EAAE,+DAA+D,EAAE,MAAM,EAAE,0CAA0C,EAAE;IAEhI,kEAAkE;IAClE,EAAE,OAAO,EAAE,+EAA+E,EAAE,MAAM,EAAE,oCAAoC,EAAE;CAC3I,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAsB;IACjD,+DAA+D;IAC/D,qEAAqE;IACrE;QACE,OAAO,EAAE,0BAA0B;QACnC,MAAM,EAAE,wEAAwE;KACjF;IACD;QACE,OAAO,EAAE,4BAA4B;QACrC,MAAM,EAAE,6DAA6D;KACtE;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,MAAM,EAAE,0DAA0D;KACnE;IACD;QACE,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,0DAA0D;KACnE;IACD;QACE,OAAO,EAAE,yBAAyB;QAClC,MAAM,EAAE,iEAAiE;KAC1E;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,MAAM,EAAE,wDAAwD;KACjE;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,oDAAoD;KAC7D;IACD,oEAAoE;IACpE,+EAA+E;CAChF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,oDAAoD;IACpD,EAAE,OAAO,EAAE,SAAS,EAAE;IACtB,EAAE,OAAO,EAAE,SAAS,EAAE;IACtB,EAAE,OAAO,EAAE,SAAS,EAAE;IAEtB,iFAAiF;IACjF,gEAAgE;IAChE,EAAE,OAAO,EAAE,6BAA6B,EAAE,EAAG,0BAA0B;IACvE,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAI,yBAAyB;IACtE,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAI,0BAA0B;IACvE,EAAE,OAAO,EAAE,2BAA2B,EAAE,EAAK,yBAAyB;IAEtE,oDAAoD;IACpD,qEAAqE;IACrE,EAAE,OAAO,EAAE,yFAAyF,EAAE;IACtG,EAAE,OAAO,EAAE,yFAAyF,EAAE;IACtG,EAAE,OAAO,EAAE,6DAA6D,EAAE;IAC1E,EAAE,OAAO,EAAE,mFAAmF,EAAE;IAChG,EAAE,OAAO,EAAE,uFAAuF,EAAE;IAEpG,+DAA+D;IAC/D,EAAE,OAAO,EAAE,gDAAgD,EAAE;IAC7D,EAAE,OAAO,EAAE,wCAAwC,EAAE;IACrD,EAAE,OAAO,EAAE,yCAAyC,EAAE;IACtD,EAAE,OAAO,EAAE,2CAA2C,EAAE;IACxD,EAAE,OAAO,EAAE,0CAA0C,EAAE;IACvD,EAAE,OAAO,EAAE,0CAA0C,EAAE;IACvD,EAAE,OAAO,EAAE,+CAA+C,EAAE;IAE5D,uDAAuD;IACvD,EAAE,OAAO,EAAE,2BAA2B,EAAE;IACxC,EAAE,OAAO,EAAE,gCAAgC,EAAE;IAE7C,4DAA4D;IAC5D,EAAE,OAAO,EAAE,2DAA2D,EAAE;CACzE,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,iCAAiC;IACjC;QACE,OAAO,EAAE,+BAA+B;QACxC,MAAM,EAAE,iEAAiE;KAC1E;IAED,sBAAsB;IACtB;QACE,OAAO,EAAE,OAAO;QAChB,MAAM,EAAE,wDAAwD;KACjE;IAED,8DAA8D;IAC9D;QACE,OAAO,EAAE,WAAW;QACpB,MAAM,EAAE,wDAAwD;KACjE;IAED,0EAA0E;IAC1E,6EAA6E;IAC7E;QACE,OAAO,EAAE,4CAA4C;QACrD,MAAM,EAAE,qDAAqD;KAC9D;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,SAAiB,EAAE,QAA2B;IAC3E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,gBAAgB,GAAG;IACvB,uCAAuC;IACvC,+BAA+B;IAC/B,gCAAgC;IAChC,kCAAkC;IAClC,iCAAiC;IACjC,iCAAiC;IACjC,sCAAsC;CACvC,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,IAAI,cAAc,CAAC,SAAS,EAAE,eAAe,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,IAAI,cAAc,CAAC,SAAS,EAAE,gBAAgB,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9D,IAAI,cAAc,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,CAAC;QAC/C,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,4EAA4E;IAC5E,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,IAAI,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;QAChF,IAAI,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;IACnD,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,SAAiB;IAC/C,OAAO,cAAc,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB;IAK5C,mCAAmC;IACnC,MAAM,cAAc,GAAG,cAAc,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACnE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,UAAU;YACrB,OAAO,EAAE,CAAC,cAAc,CAAC,MAAM,IAAI,0BAA0B,CAAC;SAC/D,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IACjE,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO;YACL,aAAa,EAAE,KAAK,EAAE,6CAA6C;YACnE,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,CAAC,aAAa,CAAC,MAAM,IAAI,6CAA6C,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,2CAA2C;IAC3C,MAAM,gBAAgB,GAAsB;QAC1C,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,+BAA+B,EAAE;QAC7D,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,mBAAmB,EAAE;QACpE,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,uBAAuB,EAAE;QAC5D,EAAE,OAAO,EAAE,6BAA6B,EAAE,MAAM,EAAE,uBAAuB,EAAE;QAC3E,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,qBAAqB,EAAE;KAC7D,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,aAAa,EAAE,IAAI;gBACnB,SAAS,EAAE,MAAM;gBACjB,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,yBAAyB,CAAC;aACvD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,4EAA4E;IAC5E,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,sDAAsD;QACtD,IAAI,cAAc,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,CAAC;YAC/C,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACjE,CAAC;QACD,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE,CAAC,oBAAoB,CAAC;SAChC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,aAAa,EAAE,KAAK;QACpB,SAAS,EAAE,KAAK;QAChB,OAAO,EAAE,EAAE;KACZ,CAAC;AACJ,CAAC"}
+{"version":3,"file":"security-patterns.js","sourceRoot":"","sources":["../../../server/mcp/security-patterns.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAEhE;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAOpC;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,qFAAqF;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,MAAM,EAAE,2CAA2C,EAAE;IAC7F,EAAE,OAAO,EAAE,qDAAqD,EAAE,MAAM,EAAE,sCAAsC,EAAE;IAClH,EAAE,OAAO,EAAE,4BAA4B,EAAE,MAAM,EAAE,qCAAqC,EAAE;IACxF,EAAE,OAAO,EAAE,4BAA4B,EAAE,MAAM,EAAE,gCAAgC,EAAE;IACnF,EAAE,OAAO,EAAE,8BAA8B,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACxF,EAAE,OAAO,EAAE,6DAA6D,EAAE,MAAM,EAAE,4CAA4C,EAAE;IAEhI,uEAAuE;IACvE,EAAE,OAAO,EAAE,+BAA+B,EAAE,MAAM,EAAE,wCAAwC,EAAE;IAC9F,EAAE,OAAO,EAAE,iCAAiC,EAAE,MAAM,EAAE,+BAA+B,EAAE;IACvF,EAAE,OAAO,EAAE,mDAAmD,EAAE,MAAM,EAAE,sCAAsC,EAAE;IAChH,EAAE,OAAO,EAAE,+DAA+D,EAAE,MAAM,EAAE,0CAA0C,EAAE;IAEhI,kEAAkE;IAClE,EAAE,OAAO,EAAE,+EAA+E,EAAE,MAAM,EAAE,oCAAoC,EAAE;CAC3I,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAsB;IACjD,+DAA+D;IAC/D,qEAAqE;IACrE;QACE,OAAO,EAAE,0BAA0B;QACnC,MAAM,EAAE,wEAAwE;KACjF;IACD;QACE,OAAO,EAAE,4BAA4B;QACrC,MAAM,EAAE,6DAA6D;KACtE;IACD;QACE,OAAO,EAAE,qCAAqC;QAC9C,MAAM,EAAE,0DAA0D;KACnE;IACD;QACE,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,0DAA0D;KACnE;IACD;QACE,OAAO,EAAE,yBAAyB;QAClC,MAAM,EAAE,iEAAiE;KAC1E;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,MAAM,EAAE,wDAAwD;KACjE;IACD;QACE,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,oDAAoD;KAC7D;IACD,sDAAsD;IACtD;QACE,OAAO,EAAE,eAAe;QACxB,MAAM,EAAE,yDAAyD;KAClE;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,MAAM,EAAE,2DAA2D;KACpE;IACD,oEAAoE;IACpE,+EAA+E;CAChF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,oDAAoD;IACpD,EAAE,OAAO,EAAE,SAAS,EAAE;IACtB,EAAE,OAAO,EAAE,SAAS,EAAE;IACtB,EAAE,OAAO,EAAE,SAAS,EAAE;IAEtB,iFAAiF;IACjF,gEAAgE;IAChE,EAAE,OAAO,EAAE,6BAA6B,EAAE,EAAG,0BAA0B;IACvE,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAI,yBAAyB;IACtE,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAI,0BAA0B;IACvE,EAAE,OAAO,EAAE,2BAA2B,EAAE,EAAK,yBAAyB;IAEtE,oDAAoD;IACpD,qEAAqE;IACrE,EAAE,OAAO,EAAE,yFAAyF,EAAE;IACtG,EAAE,OAAO,EAAE,yFAAyF,EAAE;IACtG,EAAE,OAAO,EAAE,6DAA6D,EAAE;IAC1E,EAAE,OAAO,EAAE,mFAAmF,EAAE;IAChG,EAAE,OAAO,EAAE,uFAAuF,EAAE;IAEpG,+DAA+D;IAC/D,EAAE,OAAO,EAAE,gDAAgD,EAAE;IAC7D,EAAE,OAAO,EAAE,wCAAwC,EAAE;IACrD,EAAE,OAAO,EAAE,yCAAyC,EAAE;IACtD,EAAE,OAAO,EAAE,2CAA2C,EAAE;IACxD,EAAE,OAAO,EAAE,0CAA0C,EAAE;IACvD,EAAE,OAAO,EAAE,0CAA0C,EAAE;IACvD,EAAE,OAAO,EAAE,+CAA+C,EAAE;IAE5D,uDAAuD;IACvD,EAAE,OAAO,EAAE,2BAA2B,EAAE;IACxC,EAAE,OAAO,EAAE,gCAAgC,EAAE;IAE7C,4DAA4D;IAC5D,EAAE,OAAO,EAAE,2DAA2D,EAAE;CACzE,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,iCAAiC;IACjC;QACE,OAAO,EAAE,+BAA+B;QACxC,MAAM,EAAE,iEAAiE;KAC1E;IAED,sBAAsB;IACtB;QACE,OAAO,EAAE,OAAO;QAChB,MAAM,EAAE,wDAAwD;KACjE;IAED,8DAA8D;IAC9D;QACE,OAAO,EAAE,WAAW;QACpB,MAAM,EAAE,wDAAwD;KACjE;IAED,4DAA4D;IAC5D;QACE,OAAO,EAAE,0BAA0B;QACnC,MAAM,EAAE,8CAA8C;KACvD;IACD;QACE,OAAO,EAAE,aAAa;QACtB,MAAM,EAAE,kDAAkD;KAC3D;IACD;QACE,OAAO,EAAE,cAAc;QACvB,MAAM,EAAE,4CAA4C;KACrD;IACD;QACE,OAAO,EAAE,iBAAiB;QAC1B,MAAM,EAAE,qDAAqD;KAC9D;IAED,0EAA0E;IAC1E,6EAA6E;IAC7E;QACE,OAAO,EAAE,4CAA4C;QACrD,MAAM,EAAE,qDAAqD;KAC9D;IAED,wEAAwE;IACxE;QACE,OAAO,EAAE,eAAe;QACxB,MAAM,EAAE,sCAAsC;KAC/C;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,MAAM,EAAE,+CAA+C;KACxD;IACD;QACE,OAAO,EAAE,sDAAsD;QAC/D,MAAM,EAAE,0DAA0D;KACnE;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,MAAM,EAAE,4BAA4B;KACrC;IAED,qDAAqD;IACrD;QACE,OAAO,EAAE,4CAA4C;QACrD,MAAM,EAAE,+DAA+D;KACxE;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,MAAM,EAAE,oCAAoC;KAC7C;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,MAAM,EAAE,uDAAuD;KAChE;IACD;QACE,OAAO,EAAE,4CAA4C;QACrD,MAAM,EAAE,mCAAmC;KAC5C;IAED,+DAA+D;IAC/D;QACE,OAAO,EAAE,qBAAqB;QAC9B,MAAM,EAAE,oDAAoD;KAC7D;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,MAAM,EAAE,kDAAkD;KAC3D;IAED,iFAAiF;IACjF;QACE,OAAO,EAAE,4EAA4E;QACrF,MAAM,EAAE,+DAA+D;KACxE;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,MAAM,EAAE,iDAAiD;KAC1D;IAED,wBAAwB;IACxB;QACE,OAAO,EAAE,sBAAsB;QAC/B,MAAM,EAAE,gDAAgD;KACzD;IAED,sDAAsD;IACtD;QACE,OAAO,EAAE,gDAAgD;QACzD,MAAM,EAAE,iEAAiE;KAC1E;IAED,0BAA0B;IAC1B;QACE,OAAO,EAAE,+BAA+B;QACxC,MAAM,EAAE,8CAA8C;KACvD;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,SAAiB,EAAE,QAA2B;IAC3E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,SAAiB;IAClD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC9D,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC;QAChC,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QACxC,OAAO,GAAG,IAAI,KAAK,cAAc,EAAE,CAAC;IACtC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,0GAA0G;AAC1G,SAAS,sBAAsB,CAAC,SAAiB;IAC/C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IACxD,OAAO,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AAC1C,CAAC;AAED,0FAA0F;AAC1F,SAAS,qBAAqB,CAAC,SAAiB;IAC9C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IACxD,OAAO,gDAAgD,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AAC5E,CAAC;AAED,yFAAyF;AACzF,SAAS,yBAAyB,CAAC,SAAiB;IAClD,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IACxD,OAAO,uIAAuI,CAAC,IAAI,CAAC,WAAW,CAAC;WAC3J,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AAC1C,CAAC;AAED,2FAA2F;AAC3F,SAAS,qBAAqB,CAAC,SAAiB;IAC9C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IACxD,OAAO,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AACxE,CAAC;AAED,kGAAkG;AAClG,SAAS,oBAAoB,CAAC,SAAiB;IAC7C,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IAChD,OAAO,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACnF,CAAC;AAED;6FAC6F;AAC7F,SAAS,kBAAkB,CAAC,SAAiB;IAC3C,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvD,iEAAiE;IACjE,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,mEAAmE;IACnE,MAAM,UAAU,GAAG,uEAAuE,CAAC;IAC3F,OAAO,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,gBAAgB,GAAG;IACvB,uCAAuC;IACvC,+BAA+B;IAC/B,gCAAgC;IAChC,kCAAkC;IAClC,iCAAiC;IACjC,iCAAiC;IACjC,sCAAsC;CACvC,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,iDAAiD;IACjD,MAAM,EAAE,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAEzC,mEAAmE;IACnE,sDAAsD;IACtD,IAAI,cAAc,CAAC,EAAE,EAAE,eAAe,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,yEAAyE;IACzE,qEAAqE;IACrE,0EAA0E;IAC1E,yEAAyE;IACzE,0CAA0C;IAC1C,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,oBAAoB,CAAC,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,EAAE,CAAC;QAC9E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,cAAc,CAAC,EAAE,EAAE,eAAe,CAAC,EAAE,CAAC;QACxC,wEAAwE;QACxE,uEAAuE;QACvE,qEAAqE;QACrE,sEAAsE;QACtE,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CACxB,sBAAsB,CAAC,EAAE,CAAC;YAC1B,qBAAqB,CAAC,EAAE,CAAC;YACzB,qBAAqB,CAAC,EAAE,CAAC;YACzB,yBAAyB,CAAC,EAAE,CAAC,CAC9B,EAAE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,cAAc,CAAC,EAAE,EAAE,gBAAgB,CAAC;QAAE,OAAO,KAAK,CAAC;IAEvD,IAAI,cAAc,CAAC,EAAE,EAAE,eAAe,CAAC,EAAE,CAAC;QACxC,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,qEAAqE;IACrE,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACtB,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC;QAClC,IAAI,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,OAAO,IAAI,CAAC;IAC5C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,SAAiB;IAC/C,OAAO,cAAc,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB;IAK5C,mCAAmC;IACnC,MAAM,cAAc,GAAG,cAAc,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACnE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,UAAU;YACrB,OAAO,EAAE,CAAC,cAAc,CAAC,MAAM,IAAI,0BAA0B,CAAC;SAC/D,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IACjE,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO;YACL,aAAa,EAAE,KAAK,EAAE,6CAA6C;YACnE,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,CAAC,aAAa,CAAC,MAAM,IAAI,6CAA6C,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,2CAA2C;IAC3C,MAAM,gBAAgB,GAAsB;QAC1C,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,+BAA+B,EAAE;QAC7D,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,mBAAmB,EAAE;QACpE,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,uBAAuB,EAAE;QAC5D,EAAE,OAAO,EAAE,6BAA6B,EAAE,MAAM,EAAE,uBAAuB,EAAE;QAC3E,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,qBAAqB,EAAE;QAC5D,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,8BAA8B,EAAE;QAC/E,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,2BAA2B,EAAE;QAC/D,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,wCAAwC,EAAE;KACjF,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,aAAa,EAAE,IAAI;gBACnB,SAAS,EAAE,MAAM;gBACjB,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,yBAAyB,CAAC;aACvD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,4EAA4E;IAC5E,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,sDAAsD;QACtD,IAAI,cAAc,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,CAAC;YAC/C,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACjE,CAAC;QACD,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE,CAAC,oBAAoB,CAAC;SAChC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,aAAa,EAAE,KAAK;QACpB,SAAS,EAAE,KAAK;QAChB,OAAO,EAAE,EAAE;KACZ,CAAC;AACJ,CAAC"}

package/dist/server/services/plan/composer.d.ts

@@ -0,0 +1,4 @@
+import type { HandlerContext } from '../websocket/handler-context.js';
+import type { WSContext } from '../websocket/types.js';
+export declare function handlePlanPrompt(ctx: HandlerContext, ws: WSContext, userPrompt: string, workingDir: string): Promise<void>;
+//# sourceMappingURL=composer.d.ts.map

package/dist/server/services/plan/composer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"composer.d.ts","sourceRoot":"","sources":["../../../../server/services/plan/composer.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAkDvD,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,cAAc,EACnB,EAAE,EAAE,SAAS,EACb,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CA+Hf"}

package/dist/server/services/plan/composer.js

@@ -0,0 +1,181 @@
+// Copyright (c) 2025-present Mstro, Inc. All rights reserved.
+// Licensed under the MIT License. See LICENSE file for details.
+/**
+ * Plan Composer — Handles natural language prompts for PPS creation/editing.
+ *
+ * When a planPrompt message arrives, this builds a context-enriched prompt
+ * against the .pm/ (or legacy .plan/) directory and spawns a scoped
+ * HeadlessRunner session to execute it.
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { runWithFileLogger } from '../../cli/headless/headless-logger.js';
+import { HeadlessRunner } from '../../cli/headless/index.js';
+import { getNextId, parsePlanDirectory, resolvePmDir } from './parser.js';
+const PROMPT_TOOL_MESSAGES = {
+    Glob: 'Discovering project files...',
+    Read: 'Reading project structure...',
+    Grep: 'Searching codebase...',
+    Write: 'Creating project files...',
+    Edit: 'Updating project files...',
+    Bash: 'Running commands...',
+};
+function getPromptToolCompleteMessage(event) {
+    const input = event.completeInput;
+    if (!input)
+        return null;
+    if (event.toolName === 'Write' && input.file_path) {
+        const filename = String(input.file_path).split('/').pop() ?? '';
+        return `Created ${filename}`;
+    }
+    if (event.toolName === 'Edit' && input.file_path) {
+        const filename = String(input.file_path).split('/').pop() ?? '';
+        return `Updated ${filename}`;
+    }
+    if (event.toolName === 'Read' && input.file_path) {
+        return `Read ${String(input.file_path).split('/').slice(-2).join('/')}`;
+    }
+    return null;
+}
+function createPromptProgressTracker() {
+    const seenToolStarts = new Set();
+    return (event) => {
+        if (event.type === 'tool_start' && event.toolName) {
+            if (seenToolStarts.has(event.toolName))
+                return null;
+            seenToolStarts.add(event.toolName);
+            return PROMPT_TOOL_MESSAGES[event.toolName] ?? null;
+        }
+        if (event.type === 'tool_complete')
+            return getPromptToolCompleteMessage(event);
+        return null;
+    };
+}
+function readFileOrEmpty(path) {
+    try {
+        if (existsSync(path))
+            return readFileSync(path, 'utf-8');
+    }
+    catch { /* skip */ }
+    return '';
+}
+export async function handlePlanPrompt(ctx, ws, userPrompt, workingDir) {
+    const pmDir = resolvePmDir(workingDir) ?? join(workingDir, '.pm');
+    const stateContent = readFileOrEmpty(join(pmDir, 'STATE.md'));
+    const projectContent = readFileOrEmpty(join(pmDir, 'project.md'));
+    // Compute next available IDs
+    const fullState = parsePlanDirectory(workingDir);
+    let idInfo = '';
+    if (fullState) {
+        const nextIS = getNextId(fullState.issues, 'IS');
+        const nextBG = getNextId(fullState.issues, 'BG');
+        const nextEP = getNextId(fullState.issues, 'EP');
+        idInfo = `Next available IDs: ${nextIS}, ${nextBG}, ${nextEP}`;
+    }
+    // Read existing epic files to provide context
+    let epicContext = '';
+    if (fullState) {
+        const existingEpics = fullState.issues.filter((i) => i.type === 'epic');
+        if (existingEpics.length > 0) {
+            epicContext = `\nExisting epics:\n${existingEpics.map((e) => `- ${e.id}: ${e.title} (${e.path}, children: ${e.children.length})`).join('\n')}\n`;
+        }
+    }
+    const enrichedPrompt = `You are managing a project in the .pm/ directory format (Project Plan Spec).
+The project's current state is:
+
+<state>
+${stateContent || 'No STATE.md exists yet'}
+</state>
+
+<project>
+${projectContent || 'No project.md yet'}
+</project>
+
+${idInfo}
+${epicContext}
+
+Follow these rules:
+- When creating .pm/ files, use YAML front matter + markdown body
+- When modifying issues, preserve all existing YAML fields you don't change
+- After any state change, update STATE.md to reflect the new status
+- Use the next available ID for new entities
+- Respond briefly describing what you did
+
+Issue scoping rules (critical for execution quality):
+- Each issue is executed by a single AI agent with its own context window
+- Issues estimated at 1-3 story points execute well (focused, single concern)
+- Issues at 5 story points are viable if scoped to one subsystem
+- Issues at 8+ story points MUST be decomposed into smaller sub-issues
+- Issues at 13+ story points MUST become an epic with child issues
+- Each issue should touch one logical concern (one component, one service, one data flow)
+- If an issue requires work across multiple subsystems, split it into one issue per subsystem with blocked_by edges between them
+- Research/investigation issues should be separate from implementation issues
+
+Epic creation rules (when user asks for a feature with sub-tasks or an epic):
+- Create an EP-*.md file in .pm/backlog/ with type: epic and a children: [] field in front matter
+- Create individual IS-*.md (or BG-*.md) files for each child issue
+- Each child issue must have epic: backlog/EP-XXX.md in its front matter
+- The epic's children field must list all child paths: [backlog/IS-001.md, backlog/IS-002.md, ...]
+- Set blocked_by between child issues where there are natural dependencies
+- Give each child issue clear acceptance criteria and files to modify when possible
+- Set appropriate priorities (P0-P3) based on the issue's importance within the epic
+
+User request: ${userPrompt}`;
+    try {
+        ctx.broadcastToAll({
+            type: 'planPromptProgress',
+            data: { message: 'Starting project planning...' },
+        });
+        const runner = new HeadlessRunner({
+            workingDir,
+            directPrompt: enrichedPrompt,
+            outputCallback: (text) => {
+                ctx.send(ws, {
+                    type: 'planPromptStreaming',
+                    data: { token: text },
+                });
+            },
+            toolUseCallback: (() => {
+                const getProgressMessage = createPromptProgressTracker();
+                return (event) => {
+                    const message = getProgressMessage(event);
+                    if (message) {
+                        ctx.broadcastToAll({
+                            type: 'planPromptProgress',
+                            data: { message },
+                        });
+                    }
+                };
+            })(),
+        });
+        ctx.broadcastToAll({
+            type: 'planPromptProgress',
+            data: { message: 'Claude is planning your project...' },
+        });
+        const result = await runWithFileLogger('pm-compose', () => runner.run());
+        ctx.broadcastToAll({
+            type: 'planPromptProgress',
+            data: { message: 'Finalizing project plan...' },
+        });
+        ctx.send(ws, {
+            type: 'planPromptResponse',
+            data: {
+                response: result.completed ? 'Prompt executed successfully.' : (result.error || 'Unknown error'),
+                success: result.completed,
+                error: result.error || null,
+            },
+        });
+        // Re-parse and broadcast updated state
+        const updatedState = parsePlanDirectory(workingDir);
+        if (updatedState) {
+            ctx.broadcastToAll({ type: 'planStateUpdated', data: updatedState });
+        }
+    }
+    catch (error) {
+        ctx.send(ws, {
+            type: 'planError',
+            data: { error: error instanceof Error ? error.message : String(error) },
+        });
+    }
+}
+//# sourceMappingURL=composer.js.map

package/dist/server/services/plan/composer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"composer.js","sourceRoot":"","sources":["../../../../server/services/plan/composer.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,gEAAgE;AAEhE;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAqB,MAAM,6BAA6B,CAAC;AAGhF,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE1E,MAAM,oBAAoB,GAA2B;IACnD,IAAI,EAAE,8BAA8B;IACpC,IAAI,EAAE,8BAA8B;IACpC,IAAI,EAAE,uBAAuB;IAC7B,KAAK,EAAE,2BAA2B;IAClC,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE,qBAAqB;CAC5B,CAAC;AAEF,SAAS,4BAA4B,CAAC,KAAmB;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,aAAa,CAAC;IAClC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,KAAK,CAAC,QAAQ,KAAK,OAAO,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAChE,OAAO,WAAW,QAAQ,EAAE,CAAC;IAC/B,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAChE,OAAO,WAAW,QAAQ,EAAE,CAAC;IAC/B,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACjD,OAAO,QAAQ,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IAC1E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,2BAA2B;IAClC,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IAEzC,OAAO,CAAC,KAAmB,EAAiB,EAAE;QAC5C,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAClD,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC;gBAAE,OAAO,IAAI,CAAC;YACpD,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACnC,OAAO,oBAAoB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;QACtD,CAAC;QACD,IAAI,KAAK,CAAC,IAAI,KAAK,eAAe;YAAE,OAAO,4BAA4B,CAAC,KAAK,CAAC,CAAC;QAC/E,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,IAAY;IACnC,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACtB,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,GAAmB,EACnB,EAAa,EACb,UAAkB,EAClB,UAAkB;IAElB,MAAM,KAAK,GAAG,YAAY,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAClE,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;IAC9D,MAAM,cAAc,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC;IAElE,6BAA6B;IAC7B,MAAM,SAAS,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IACjD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACjD,MAAM,GAAG,uBAAuB,MAAM,KAAK,MAAM,KAAK,MAAM,EAAE,CAAC;IACjE,CAAC;IAED,8CAA8C;IAC9C,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAmB,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;QAC1F,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,WAAW,GAAG,sBAAsB,aAAa,CAAC,GAAG,CAAC,CAAC,CAAkE,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QACpN,CAAC;IACH,CAAC;IAED,MAAM,cAAc,GAAG;;;;EAIvB,YAAY,IAAI,wBAAwB;;;;EAIxC,cAAc,IAAI,mBAAmB;;;EAGrC,MAAM;EACN,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;gBA4BG,UAAU,EAAE,CAAC;IAE3B,IAAI,CAAC;QACH,GAAG,CAAC,cAAc,CAAC;YACjB,IAAI,EAAE,oBAAoB;YAC1B,IAAI,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE;SAClD,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;YAChC,UAAU;YACV,YAAY,EAAE,cAAc;YAC5B,cAAc,EAAE,CAAC,IAAY,EAAE,EAAE;gBAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE;oBACX,IAAI,EAAE,qBAAqB;oBAC3B,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;iBACtB,CAAC,CAAC;YACL,CAAC;YACD,eAAe,EAAE,CAAC,GAAG,EAAE;gBACrB,MAAM,kBAAkB,GAAG,2BAA2B,EAAE,CAAC;gBACzD,OAAO,CAAC,KAAmB,EAAE,EAAE;oBAC7B,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;oBAC1C,IAAI,OAAO,EAAE,CAAC;wBACZ,GAAG,CAAC,cAAc,CAAC;4BACjB,IAAI,EAAE,oBAAoB;4BAC1B,IAAI,EAAE,EAAE,OAAO,EAAE;yBAClB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC;YACJ,CAAC,CAAC,EAAE;SACL,CAAC,CAAC;QAEH,GAAG,CAAC,cAAc,CAAC;YACjB,IAAI,EAAE,oBAAoB;YAC1B,IAAI,EAAE,EAAE,OAAO,EAAE,oCAAoC,EAAE;SACxD,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,YAAY,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QAEzE,GAAG,CAAC,cAAc,CAAC;YACjB,IAAI,EAAE,oBAAoB;YAC1B,IAAI,EAAE,EAAE,OAAO,EAAE,4BAA4B,EAAE;SAChD,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE;YACX,IAAI,EAAE,oBAAoB;YAC1B,IAAI,EAAE;gBACJ,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,eAAe,CAAC;gBAChG,OAAO,EAAE,MAAM,CAAC,SAAS;gBACzB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,IAAI;aAC5B;SACF,CAAC,CAAC;QAEH,uCAAuC;QACvC,MAAM,YAAY,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACpD,IAAI,YAAY,EAAE,CAAC;YACjB,GAAG,CAAC,cAAc,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE;YACX,IAAI,EAAE,WAAW;YACjB,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SACxE,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/server/services/plan/dependency-resolver.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Dependency Resolver — Validates and computes the dependency DAG.
+ *
+ * Builds adjacency list from blocked_by/blocks fields, detects cycles,
+ * and computes the "ready to work" set.
+ */
+import type { Issue } from './types.js';
+/**
+ * Detect cycles in the dependency graph.
+ * Returns the first cycle found as an array of issue IDs, or null if acyclic.
+ */
+export declare function detectCycles(issues: Issue[]): string[] | null;
+/**
+ * Compute the set of issues that are ready to work on.
+ * An issue is ready if:
+ * - It's not an epic
+ * - Its status is backlog or todo (not started, done, or cancelled)
+ * - All its blocked_by items are done or cancelled
+ *
+ * If epicScope is provided, only returns issues belonging to that epic.
+ */
+export declare function resolveReadyToWork(issues: Issue[], epicScope?: string): Issue[];
+/**
+ * Compute the critical path through incomplete issues.
+ * Returns the longest chain of dependent issues.
+ */
+export declare function computeCriticalPath(issues: Issue[]): Issue[];
+//# sourceMappingURL=dependency-resolver.d.ts.map

package/dist/server/services/plan/dependency-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency-resolver.d.ts","sourceRoot":"","sources":["../../../../server/services/plan/dependency-resolver.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAExC;;;GAGG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,EAAE,GAAG,IAAI,CAsB7D;AAuCD;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,KAAK,EAAE,CA+C/E;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAuC5D"}