mustflow 1.15.97

package/dist/core/source-anchor-status.js

@@ -0,0 +1,269 @@
+import { createHash } from 'node:crypto';
+import { existsSync, readFileSync, statSync } from 'node:fs';
+import path from 'node:path';
+import { listSourceAnchorFiles, parseSourceAnchorsInContent, splitSourceAnchorList, } from './source-anchors.js';
+import { extractSourceAnchorSymbol, } from './source-anchor-symbols.js';
+const HIGH_RISK_SOURCE_ANCHOR_TAGS = new Set([
+    'authn',
+    'authz',
+    'authorization',
+    'data_loss',
+    'file_upload',
+    'injection',
+    'migration',
+    'payment',
+    'pii',
+    'privacy',
+    'secrets',
+    'security',
+    'ssrf',
+    'xss',
+]);
+function sha256(value) {
+    return `sha256:${createHash('sha256').update(value).digest('hex')}`;
+}
+function hashStringList(values) {
+    return values.length > 0 ? sha256(values.join('\n')) : null;
+}
+function contextForAnchor(content, lineStart) {
+    const lines = content.split(/\r?\n/u);
+    const anchorIndex = Math.max(0, lineStart - 1);
+    const from = Math.max(0, anchorIndex - 3);
+    const to = Math.min(lines.length, anchorIndex + 4);
+    return lines.slice(from, to).join('\n');
+}
+function createFingerprint(content, anchor, search, risk) {
+    const invariant = anchor.fields.get('invariant') ?? null;
+    const metadata = {
+        purpose: anchor.fields.get('purpose') ?? null,
+        search,
+        invariant,
+        risk,
+    };
+    return {
+        anchorMetadataHash: sha256(JSON.stringify(metadata)),
+        anchorTextHash: sha256(anchor.rawText),
+        contextHash: sha256(contextForAnchor(content, anchor.lineStart)),
+        searchTermsHash: hashStringList(search),
+        invariantHash: invariant ? sha256(invariant) : null,
+        riskHash: sha256(risk.join('\n')),
+        symbol: extractSourceAnchorSymbol(content, anchor.lineStart),
+    };
+}
+function currentAnchorSignals(risk) {
+    return {
+        identity: 'current_anchor_id_valid',
+        location: 'current_file_and_line_indexed',
+        symbol: 'current_symbol_fingerprinted',
+        body: 'current_body_fingerprinted',
+        metadata: 'current_anchor_metadata_fingerprinted',
+        semantic: 'search_terms_and_invariant_fingerprinted',
+        risk: risk.length > 0 ? 'risk_tags_fingerprinted' : 'no_risk_tags',
+    };
+}
+function hasHighRisk(risk) {
+    return risk.some((tag) => HIGH_RISK_SOURCE_ANCHOR_TAGS.has(tag));
+}
+function sameSymbolIdentity(left, right) {
+    return left.kind === right.kind && left.name !== null && left.name === right.name;
+}
+function sameSymbolTarget(left, right) {
+    if (!sameSymbolIdentity(left, right)) {
+        return false;
+    }
+    if (left.signatureHash && right.signatureHash && left.signatureHash !== right.signatureHash) {
+        return false;
+    }
+    if (left.bodyHash && right.bodyHash && left.bodyHash !== right.bodyHash) {
+        return false;
+    }
+    return true;
+}
+function sourceAnchorSignals(current, previous) {
+    if (!previous) {
+        return currentAnchorSignals(current.risk);
+    }
+    return {
+        identity: current.id === previous.id ? 'anchor_id_matched_previous_snapshot' : 'anchor_id_from_previous_snapshot',
+        location: current.path === previous.path && current.lineStart === previous.lineStart
+            ? 'same_path_and_line'
+            : current.path === previous.path
+                ? 'same_path_line_changed'
+                : 'path_changed',
+        symbol: current.fingerprint.symbol.kind === 'unknown'
+            ? 'current_symbol_unknown'
+            : sameSymbolIdentity(current.fingerprint.symbol, previous.fingerprint.symbol)
+                ? 'symbol_identity_matched'
+                : 'symbol_identity_changed',
+        body: current.fingerprint.symbol.bodyHash && current.fingerprint.symbol.bodyHash === previous.fingerprint.symbol.bodyHash
+            ? 'symbol_body_hash_matched'
+            : current.fingerprint.symbol.signatureHash && current.fingerprint.symbol.signatureHash === previous.fingerprint.symbol.signatureHash
+                ? 'signature_hash_matched_body_changed_or_unknown'
+                : 'symbol_body_or_signature_changed',
+        metadata: current.fingerprint.anchorMetadataHash === previous.fingerprint.anchorMetadataHash
+            ? 'anchor_metadata_hash_matched'
+            : 'anchor_metadata_hash_changed',
+        semantic: current.fingerprint.searchTermsHash === previous.fingerprint.searchTermsHash &&
+            current.fingerprint.invariantHash === previous.fingerprint.invariantHash
+            ? 'search_terms_and_invariant_matched'
+            : 'search_terms_or_invariant_changed',
+        risk: current.fingerprint.riskHash === previous.fingerprint.riskHash
+            ? hasHighRisk(current.risk)
+                ? 'high_risk_tags_matched'
+                : current.risk.length > 0
+                    ? 'risk_tags_matched'
+                    : 'no_risk_tags'
+            : 'risk_tags_changed',
+    };
+}
+function compareSourceAnchorStatus(current, previous) {
+    if (!previous) {
+        return {
+            status: 'valid',
+            confidence: 1,
+            signals: currentAnchorSignals(current.risk),
+        };
+    }
+    const signals = sourceAnchorSignals(current, previous);
+    const locationChanged = current.path !== previous.path || current.lineStart !== previous.lineStart;
+    const metadataChanged = current.fingerprint.anchorMetadataHash !== previous.fingerprint.anchorMetadataHash;
+    const semanticChanged = current.fingerprint.searchTermsHash !== previous.fingerprint.searchTermsHash ||
+        current.fingerprint.invariantHash !== previous.fingerprint.invariantHash;
+    const signatureChanged = current.fingerprint.symbol.signatureHash !== previous.fingerprint.symbol.signatureHash &&
+        (current.fingerprint.symbol.signatureHash !== null || previous.fingerprint.symbol.signatureHash !== null);
+    const bodyChanged = current.fingerprint.symbol.bodyHash !== previous.fingerprint.symbol.bodyHash &&
+        (current.fingerprint.symbol.bodyHash !== null || previous.fingerprint.symbol.bodyHash !== null);
+    const contextChanged = current.fingerprint.contextHash !== previous.fingerprint.contextHash;
+    const symbolIdentityChanged = !sameSymbolIdentity(current.fingerprint.symbol, previous.fingerprint.symbol);
+    if (hasHighRisk(current.risk) && (bodyChanged || signatureChanged || semanticChanged || metadataChanged)) {
+        return {
+            status: 'review',
+            confidence: 0.55,
+            signals: {
+                ...signals,
+                risk: signals.risk.startsWith('high_risk') ? 'high_risk_anchor_requires_review_after_change' : signals.risk,
+            },
+        };
+    }
+    if (symbolIdentityChanged && previous.fingerprint.symbol.kind !== 'unknown') {
+        return {
+            status: 'review',
+            confidence: 0.5,
+            signals,
+        };
+    }
+    if (locationChanged && sameSymbolTarget(current.fingerprint.symbol, previous.fingerprint.symbol)) {
+        return {
+            status: 'moved',
+            confidence: 0.85,
+            signals,
+        };
+    }
+    if (bodyChanged || signatureChanged || contextChanged || metadataChanged || semanticChanged) {
+        return {
+            status: 'changed',
+            confidence: signatureChanged ? 0.65 : 0.75,
+            signals,
+        };
+    }
+    return {
+        status: 'valid',
+        confidence: 1,
+        signals,
+    };
+}
+function staleAnchorSignals(previous, replacement) {
+    if (replacement) {
+        return {
+            identity: 'previous_anchor_id_missing_unique_symbol_candidate_found',
+            location: replacement.path === previous.path ? 'same_path_candidate' : 'path_changed_candidate',
+            symbol: 'symbol_identity_candidate_matched',
+            body: sameSymbolTarget(replacement.fingerprint.symbol, previous.fingerprint.symbol)
+                ? 'symbol_body_hash_matched'
+                : 'symbol_body_or_signature_changed',
+            metadata: 'previous_anchor_metadata_only',
+            semantic: 'previous_anchor_semantic_metadata_only',
+            risk: hasHighRisk(previous.risk) ? 'high_risk_previous_anchor_requires_review' : 'previous_risk_tags_only',
+        };
+    }
+    return {
+        identity: 'previous_anchor_id_missing',
+        location: 'previous_location_missing',
+        symbol: 'no_unique_symbol_candidate',
+        body: 'previous_body_fingerprint_only',
+        metadata: 'previous_anchor_metadata_only',
+        semantic: 'previous_anchor_semantic_metadata_only',
+        risk: hasHighRisk(previous.risk) ? 'high_risk_previous_anchor_stale' : 'previous_risk_tags_only',
+    };
+}
+function findUniqueSymbolCandidate(previous, currentRecords) {
+    if (previous.fingerprint.symbol.kind === 'unknown' || previous.fingerprint.symbol.name === null) {
+        return null;
+    }
+    const matches = currentRecords.filter((record) => sameSymbolTarget(record.fingerprint.symbol, previous.fingerprint.symbol));
+    return matches.length === 1 ? matches[0] ?? null : null;
+}
+/**
+ * mf:anchor core.source-anchor-status.index-records
+ * purpose: Build source anchor index records with fingerprints and navigation-only status metadata.
+ * search: source anchor status, fingerprint, sqlite, navigation only
+ * invariant: Status records are derived search metadata and do not grant command or verification authority.
+ * risk: cache, config
+ */
+export function collectSourceAnchorIndexRecords(projectRoot, previousSnapshots = []) {
+    const currentRecords = [];
+    for (const relativePath of listSourceAnchorFiles(projectRoot)) {
+        const filePath = path.join(projectRoot, ...relativePath.split('/'));
+        if (!existsSync(filePath) || !statSync(filePath).isFile()) {
+            continue;
+        }
+        const content = readFileSync(filePath, 'utf8');
+        for (const anchor of parseSourceAnchorsInContent(relativePath, content)) {
+            if (!anchor.idValid) {
+                continue;
+            }
+            const search = splitSourceAnchorList(anchor.fields.get('search'));
+            const risk = splitSourceAnchorList(anchor.fields.get('risk'));
+            currentRecords.push({
+                id: anchor.rawId,
+                path: relativePath,
+                lineStart: anchor.lineStart,
+                purpose: anchor.fields.get('purpose') ?? null,
+                search,
+                invariant: anchor.fields.get('invariant') ?? null,
+                risk,
+                navigationOnly: true,
+                canInstructAgent: false,
+                fingerprint: createFingerprint(content, anchor, search, risk),
+            });
+        }
+    }
+    const previousById = new Map(previousSnapshots.map((snapshot) => [snapshot.id, snapshot]));
+    const currentById = new Set(currentRecords.map((record) => record.id));
+    const records = currentRecords.map((record) => ({
+        ...record,
+        ...compareSourceAnchorStatus(record, previousById.get(record.id) ?? null),
+    }));
+    for (const previous of previousSnapshots) {
+        if (currentById.has(previous.id)) {
+            continue;
+        }
+        const replacement = findUniqueSymbolCandidate(previous, currentRecords);
+        const status = replacement ? (hasHighRisk(previous.risk) ? 'review' : 'moved') : 'stale';
+        records.push({
+            ...(replacement ?? previous),
+            id: previous.id,
+            purpose: previous.purpose,
+            search: previous.search,
+            invariant: previous.invariant,
+            risk: previous.risk,
+            navigationOnly: true,
+            canInstructAgent: false,
+            fingerprint: replacement?.fingerprint ?? previous.fingerprint,
+            status,
+            confidence: replacement ? (status === 'review' ? 0.45 : 0.65) : 0.2,
+            signals: staleAnchorSignals(previous, replacement),
+        });
+    }
+    return records.sort((left, right) => left.id.localeCompare(right.id) || left.path.localeCompare(right.path));
+}

package/dist/core/source-anchor-symbols.js

@@ -0,0 +1,181 @@
+import { createHash } from 'node:crypto';
+function sha256(value) {
+    return `sha256:${createHash('sha256').update(value).digest('hex')}`;
+}
+function countBraceDelta(line) {
+    let delta = 0;
+    let quote = null;
+    let escaped = false;
+    for (const char of line) {
+        if (escaped) {
+            escaped = false;
+            continue;
+        }
+        if (char === '\\') {
+            escaped = true;
+            continue;
+        }
+        if (quote) {
+            if (char === quote) {
+                quote = null;
+            }
+            continue;
+        }
+        if (char === '"' || char === "'" || char === '`') {
+            quote = char;
+            continue;
+        }
+        if (char === '{') {
+            delta += 1;
+            continue;
+        }
+        if (char === '}') {
+            delta -= 1;
+        }
+    }
+    return delta;
+}
+function findBracedBodyEndLine(lines, startIndex) {
+    let depth = 0;
+    let hasBodyStart = false;
+    for (let index = startIndex; index < lines.length; index += 1) {
+        const delta = countBraceDelta(lines[index] ?? '');
+        depth += delta;
+        if (delta > 0) {
+            hasBodyStart = true;
+        }
+        if (hasBodyStart && depth <= 0) {
+            return index + 1;
+        }
+    }
+    return hasBodyStart ? lines.length : null;
+}
+function indentationWidth(line) {
+    return line.match(/^\s*/u)?.[0].length ?? 0;
+}
+function findIndentedBodyEndLine(lines, startIndex) {
+    const declarationIndent = indentationWidth(lines[startIndex] ?? '');
+    for (let index = startIndex + 1; index < lines.length; index += 1) {
+        const line = lines[index] ?? '';
+        if (line.trim().length === 0) {
+            continue;
+        }
+        if (indentationWidth(line) <= declarationIndent) {
+            return index;
+        }
+    }
+    return lines.length;
+}
+function normalizeSignature(line) {
+    return line.trim().replace(/\s+/gu, ' ');
+}
+function extractSymbolFromLine(line) {
+    const trimmed = line.trim();
+    const functionMatch = trimmed.match(/^(export\s+)?(?:default\s+)?(?:async\s+)?function\s+([A-Za-z_$][\w$]*)\s*\(/u);
+    if (functionMatch) {
+        return {
+            kind: 'function',
+            name: functionMatch[2],
+            exported: Boolean(functionMatch[1]),
+        };
+    }
+    const classMatch = trimmed.match(/^(export\s+)?(?:default\s+)?class\s+([A-Za-z_$][\w$]*)\b/u);
+    if (classMatch) {
+        return {
+            kind: 'class',
+            name: classMatch[2],
+            exported: Boolean(classMatch[1]),
+        };
+    }
+    const constMatch = trimmed.match(/^(export\s+)?(?:const|let|var)\s+([A-Za-z_$][\w$]*)\b/u);
+    if (constMatch) {
+        return {
+            kind: 'const',
+            name: constMatch[2],
+            exported: Boolean(constMatch[1]),
+        };
+    }
+    const rustFunctionMatch = trimmed.match(/^(pub(?:\([^)]*\))?\s+)?(?:async\s+)?fn\s+([A-Za-z_][\w]*)\s*[<(]/u);
+    if (rustFunctionMatch) {
+        return {
+            kind: 'function',
+            name: rustFunctionMatch[2],
+            exported: Boolean(rustFunctionMatch[1]),
+        };
+    }
+    const goFunctionMatch = trimmed.match(/^func\s+(?:\([^)]*\)\s*)?([A-Za-z_][\w]*)\s*\(/u);
+    if (goFunctionMatch) {
+        return {
+            kind: trimmed.startsWith('func (') ? 'method' : 'function',
+            name: goFunctionMatch[1],
+            exported: /^[A-Z]/u.test(goFunctionMatch[1] ?? ''),
+        };
+    }
+    const pythonFunctionMatch = trimmed.match(/^(?:async\s+)?def\s+([A-Za-z_][\w]*)\s*\(/u);
+    if (pythonFunctionMatch) {
+        return {
+            kind: 'function',
+            name: pythonFunctionMatch[1],
+            exported: !pythonFunctionMatch[1]?.startsWith('_'),
+        };
+    }
+    const pythonClassMatch = trimmed.match(/^class\s+([A-Za-z_][\w]*)\b/u);
+    if (pythonClassMatch) {
+        return {
+            kind: 'class',
+            name: pythonClassMatch[1],
+            exported: !pythonClassMatch[1]?.startsWith('_'),
+        };
+    }
+    const methodMatch = trimmed.match(/^(?:public\s+|private\s+|protected\s+|static\s+|async\s+|get\s+|set\s+)*([A-Za-z_$][\w$]*)\s*\([^)]*\)\s*(?::\s*[^={]+)?\s*\{/u);
+    if (methodMatch && !['if', 'for', 'while', 'switch', 'catch', 'function'].includes(methodMatch[1] ?? '')) {
+        return {
+            kind: 'method',
+            name: methodMatch[1],
+            exported: !trimmed.startsWith('private ') && !trimmed.startsWith('protected '),
+        };
+    }
+    return null;
+}
+export function unknownSourceAnchorSymbol() {
+    return {
+        kind: 'unknown',
+        name: null,
+        exported: false,
+        signatureHash: null,
+        bodyHash: null,
+        startLine: null,
+        endLine: null,
+    };
+}
+export function extractSourceAnchorSymbol(content, anchorLineStart) {
+    const lines = content.split(/\r?\n/u);
+    const scanStart = Math.max(0, anchorLineStart);
+    const scanEnd = Math.min(lines.length, scanStart + 24);
+    for (let index = scanStart; index < scanEnd; index += 1) {
+        const line = lines[index] ?? '';
+        const trimmed = line.trim();
+        if (trimmed.length === 0 ||
+            trimmed.startsWith('*') ||
+            trimmed.startsWith('//') ||
+            trimmed.startsWith('#') ||
+            trimmed.startsWith('@') ||
+            trimmed === '*/') {
+            continue;
+        }
+        const symbol = extractSymbolFromLine(line);
+        if (!symbol) {
+            continue;
+        }
+        const endLine = line.includes('{') ? findBracedBodyEndLine(lines, index) : findIndentedBodyEndLine(lines, index);
+        const body = endLine ? lines.slice(index, endLine).join('\n') : null;
+        return {
+            ...symbol,
+            signatureHash: sha256(normalizeSignature(line)),
+            bodyHash: body ? sha256(body) : null,
+            startLine: index + 1,
+            endLine,
+        };
+    }
+    return unknownSourceAnchorSymbol();
+}

package/dist/core/source-anchor-validation.js

@@ -0,0 +1,158 @@
+import { readFileSync } from 'node:fs';
+import path from 'node:path';
+import { SOURCE_ANCHOR_ALLOWED_RISKS, listSourceAnchorFiles, parseSourceAnchorsInContent, sourceAnchorPathIsGeneratedOrVendor, splitSourceAnchorList, } from './source-anchors.js';
+export const SOURCE_ANCHOR_IGNORED_DIRECTORIES = new Set([
+    '.git',
+    '.mustflow',
+    'coverage',
+    'dist',
+    'build',
+    'node_modules',
+    'tests',
+    '.next',
+    '.nuxt',
+]);
+const SOURCE_ANCHOR_PURPOSE_WARNING_MAX_CHARS = 180;
+const SOURCE_ANCHOR_SEARCH_WARNING_MAX_TERMS = 12;
+const SOURCE_ANCHOR_DENSITY_WARNING_MAX_PER_FILE = 5;
+const SOURCE_ANCHOR_DENSITY_WARNING_MIN_LINES_PER_ANCHOR = 120;
+const SOURCE_ANCHOR_HIGH_RISK_PURPOSE_REVIEW_MAX_CHARS = 120;
+const SOURCE_ANCHOR_HIGH_RISK_SEARCH_REVIEW_MAX_TERMS = 8;
+const SOURCE_ANCHOR_HIGH_RISK_TAGS = new Set([
+    'authz',
+    'authorization',
+    'data_loss',
+    'migration',
+    'payment',
+    'pii',
+    'privacy',
+    'secrets',
+    'security',
+]);
+const SOURCE_ANCHOR_FORBIDDEN_INSTRUCTION_PATTERNS = [
+    /\b(?:agent|agents|llm|model|assistant)\s+(?:must|should|may|can)\s+(?:not\s+)?(?:run|execute|skip|ignore|bypass|override)\b/iu,
+    /\b(?:do\s+not|don't|never|skip)\s+(?:run|execute)\s+(?:tests?|checks?|validation|mf\s+run)\b/iu,
+    /\b(?:ignore|bypass|override)\s+(?:AGENTS\.md|mustflow|command\s+contract|commands\.toml|workflow\s+rules?)\b/iu,
+    /\b(?:run|execute)\s+(?:this\s+)?(?:shell\s+)?command\b/iu,
+    /\bmf\s+run\s+[a-z0-9_.-]+\b/iu,
+    /\bthis\s+anchor\s+(?:authorizes|grants|allows)\b.*\b(?:agents?|commands?|validation|verification)\b/iu,
+    /\b(?:command_intents?|required_after|run_policy|argv|cmd|permissions?|allowed_edits|skip_validation|agent_action)\s*[:=]/iu,
+];
+const SOURCE_ANCHOR_SECRET_LIKE_PATTERNS = [
+    /\b(?:api[_-]?key|api[_-]?token|access[_-]?token|auth[_-]?token|secret|password|passwd|private[_-]?key)\b\s*[:=]\s*["']?[A-Za-z0-9_./+=:-]{8,}/iu,
+    /\b(?:sk-[A-Za-z0-9]{16,}|ghp_[A-Za-z0-9]{20,}|xox[baprs]-[A-Za-z0-9-]{20,}|AKIA[0-9A-Z]{16})\b/u,
+];
+function sourceAnchorIssue(message) {
+    return { severity: 'error', message };
+}
+function sourceAnchorWarning(message) {
+    return { severity: 'warning', message };
+}
+function sourceAnchorLabel(anchor) {
+    return `${anchor.rawId} in ${anchor.path}:${anchor.lineStart}`;
+}
+function validateSourceAnchor(anchor) {
+    const issues = [];
+    if (!anchor.idValid) {
+        return [
+            sourceAnchorIssue(`source anchor ${anchor.path}:${anchor.lineStart} has invalid format: anchor id must be lowercase letters, numbers, dots, or hyphens`),
+        ];
+    }
+    const label = sourceAnchorLabel(anchor);
+    if (sourceAnchorPathIsGeneratedOrVendor(anchor.path)) {
+        issues.push(sourceAnchorIssue(`source anchor ${anchor.rawId} is in generated or vendor path ${anchor.path}`));
+    }
+    if (SOURCE_ANCHOR_FORBIDDEN_INSTRUCTION_PATTERNS.some((pattern) => pattern.test(anchor.rawText))) {
+        issues.push(sourceAnchorIssue(`source anchor ${label} contains agent command or policy instructions`));
+    }
+    if (SOURCE_ANCHOR_SECRET_LIKE_PATTERNS.some((pattern) => pattern.test(anchor.rawText))) {
+        issues.push(sourceAnchorIssue(`source anchor ${label} contains secret-like text`));
+    }
+    for (const field of anchor.unsupportedFields) {
+        issues.push(sourceAnchorIssue(`source anchor ${anchor.rawId} in ${anchor.path}:${anchor.lineStart} has invalid format: unsupported field "${field}"`));
+    }
+    const riskTags = splitSourceAnchorList(anchor.fields.get('risk'));
+    for (const risk of riskTags) {
+        if (!SOURCE_ANCHOR_ALLOWED_RISKS.has(risk)) {
+            issues.push(sourceAnchorIssue(`source anchor ${label} uses unknown risk tag "${risk}"`));
+        }
+    }
+    const purpose = anchor.fields.get('purpose');
+    if (purpose && purpose.length > SOURCE_ANCHOR_PURPOSE_WARNING_MAX_CHARS) {
+        issues.push(sourceAnchorWarning(`source anchor ${label} purpose is long (${purpose.length} characters > ${SOURCE_ANCHOR_PURPOSE_WARNING_MAX_CHARS})`));
+    }
+    const searchTerms = splitSourceAnchorList(anchor.fields.get('search'));
+    if (searchTerms.length > SOURCE_ANCHOR_SEARCH_WARNING_MAX_TERMS) {
+        issues.push(sourceAnchorWarning(`source anchor ${label} has too many search terms (${searchTerms.length} > ${SOURCE_ANCHOR_SEARCH_WARNING_MAX_TERMS})`));
+    }
+    const highRiskTags = riskTags.filter((risk) => SOURCE_ANCHOR_HIGH_RISK_TAGS.has(risk));
+    if (highRiskTags.length === 0) {
+        return issues;
+    }
+    const reviewReasons = [];
+    if (!anchor.fields.has('invariant')) {
+        reviewReasons.push('missing invariant');
+    }
+    if (purpose && purpose.length > SOURCE_ANCHOR_HIGH_RISK_PURPOSE_REVIEW_MAX_CHARS) {
+        reviewReasons.push(`purpose ${purpose.length} characters > ${SOURCE_ANCHOR_HIGH_RISK_PURPOSE_REVIEW_MAX_CHARS}`);
+    }
+    if (searchTerms.length > SOURCE_ANCHOR_HIGH_RISK_SEARCH_REVIEW_MAX_TERMS) {
+        reviewReasons.push(`search terms ${searchTerms.length} > ${SOURCE_ANCHOR_HIGH_RISK_SEARCH_REVIEW_MAX_TERMS}`);
+    }
+    if (reviewReasons.length > 0) {
+        issues.push(sourceAnchorWarning(`source anchor ${label} uses high-risk tags and needs review: ${highRiskTags.join(', ')}; ${reviewReasons.join('; ')}`));
+    }
+    return issues;
+}
+function countNonEmptyLines(content) {
+    return content.split(/\r?\n/u).filter((line) => line.trim().length > 0).length;
+}
+function validateSourceAnchorDensity(relativePath, content, anchors) {
+    if (anchors.length <= SOURCE_ANCHOR_DENSITY_WARNING_MAX_PER_FILE) {
+        return [];
+    }
+    const nonEmptyLines = countNonEmptyLines(content);
+    const linesPerAnchor = nonEmptyLines / anchors.length;
+    if (linesPerAnchor >= SOURCE_ANCHOR_DENSITY_WARNING_MIN_LINES_PER_ANCHOR) {
+        return [];
+    }
+    return [
+        sourceAnchorWarning(`${relativePath} has high source anchor density (${anchors.length} anchors across ${nonEmptyLines} non-empty lines)`),
+    ];
+}
+/**
+ * mf:anchor core.source-anchor-validation
+ * purpose: Validate source anchors as navigation-only metadata without command, verification, or policy authority.
+ * search: source anchor validation, forbidden instruction, duplicate id, high risk review
+ * invariant: Source anchor validation reports issues but never grants command permission or verification authority.
+ * risk: config, security
+ */
+export function validateSourceAnchorsInProject(projectRoot) {
+    const sourceFiles = listSourceAnchorFiles(projectRoot, {
+        ignoredDirectoryNames: SOURCE_ANCHOR_IGNORED_DIRECTORIES,
+    });
+    const issues = [];
+    const anchorsById = new Map();
+    for (const relativePath of sourceFiles) {
+        const absolutePath = path.join(projectRoot, ...relativePath.split('/'));
+        const content = readFileSync(absolutePath, 'utf8');
+        const anchors = parseSourceAnchorsInContent(relativePath, content);
+        issues.push(...validateSourceAnchorDensity(relativePath, content, anchors));
+        for (const anchor of anchors) {
+            issues.push(...validateSourceAnchor(anchor));
+            if (!anchor.idValid) {
+                continue;
+            }
+            const anchorsForId = anchorsById.get(anchor.rawId) ?? [];
+            anchorsForId.push(anchor);
+            anchorsById.set(anchor.rawId, anchorsForId);
+        }
+    }
+    for (const [id, anchors] of anchorsById) {
+        if (anchors.length <= 1) {
+            continue;
+        }
+        issues.push(sourceAnchorIssue(`source anchor id "${id}" is duplicated: ${anchors.map((anchor) => `${anchor.path}:${anchor.lineStart}`).join(', ')}`));
+    }
+    return issues;
+}