mustflow 2.17.0 → 2.18.0

package/dist/cli/lib/local-index/index.js

@@ -7,7 +7,7 @@ import { readTomlFile } from '../toml.js';
 import { collectSourceAnchorIndexRecords, hasHighRiskSourceAnchorRiskTags, } from '../../../core/source-anchor-status.js';
 import { normalizeCommandEffects } from '../../../core/command-effects.js';
 import { listChangeClassificationRuleDescriptors } from '../../../core/change-classification.js';
-import { DEFAULT_DATABASE_RELATIVE_PATH, DEFAULT_PROMPT_CACHE_STABLE_READ, DEFAULT_PROMPT_CACHE_TASK_SOURCES, DEFAULT_PROMPT_CACHE_VOLATILE_SOURCES, INDEX_CONFIG_RELATIVE_PATH, LOCAL_INDEX_CONTENT_MODE, LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS, LOCAL_INDEX_PARSER_VERSION, LOCAL_INDEX_SCHEMA_VERSION, LOCAL_INDEX_STORE_FULL_CONTENT, LATEST_RUN_STATE_RELATIVE_PATH, MAX_SEARCH_MATCH_SNIPPET_CHARS, MAX_SNIPPET_BYTES_PER_DOCUMENT, MUSTFLOW_RELATIVE_PATH, SEARCH_BACKEND_FTS5, SEARCH_BACKEND_TABLE_SCAN, SEARCH_MATCH_CONTEXT_AFTER_CHARS, SEARCH_MATCH_CONTEXT_BEFORE_CHARS, SEARCH_MATCH_TRUNCATION_MARKER, SEARCH_NGRAM_MAX_LENGTH, SEARCH_NGRAM_MIN_LENGTH, TEST_DISABLE_FTS5_ENV, } from './constants.js';
+import { DEFAULT_DATABASE_RELATIVE_PATH, DEFAULT_PROMPT_CACHE_STABLE_READ, DEFAULT_PROMPT_CACHE_TASK_SOURCES, DEFAULT_PROMPT_CACHE_VOLATILE_SOURCES, INDEX_CONFIG_RELATIVE_PATH, LOCAL_INDEX_CONTENT_MODE, LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS, LOCAL_INDEX_PARSER_VERSION, LOCAL_INDEX_SCHEMA_VERSION, LOCAL_INDEX_STORE_FULL_CONTENT, LATEST_RUN_STATE_RELATIVE_PATH, MAX_SEARCH_MATCH_SNIPPET_CHARS, MAX_SNIPPET_BYTES_PER_DOCUMENT, MUSTFLOW_RELATIVE_PATH, SEARCH_BACKEND_FTS5, SEARCH_BACKEND_TABLE_SCAN, SEARCH_MATCH_CONTEXT_AFTER_CHARS, SEARCH_MATCH_CONTEXT_BEFORE_CHARS, SEARCH_MATCH_TRUNCATION_MARKER, SEARCH_NGRAM_MAX_GRAMS_PER_TARGET, SEARCH_NGRAM_MAX_LENGTH, SEARCH_NGRAM_MAX_TOKEN_CHARS, SEARCH_NGRAM_MIN_LENGTH, SOURCE_INDEX_MAX_FILE_BYTES, TEST_DISABLE_FTS5_ENV, } from './constants.js';
 import { loadSqlJs } from './sql.js';
 export function getLocalIndexDatabasePath(projectRoot) {
     return path.join(projectRoot, ...DEFAULT_DATABASE_RELATIVE_PATH.split('/'));
@@ -83,11 +83,12 @@ function readPositiveInteger(table, key) {
 }
 function readLocalIndexSourceConfig(projectRoot) {
     const sourceIndexTable = readNestedTable(readIndexToml(projectRoot), 'source_index');
+    const configuredMaxFileBytes = readPositiveInteger(sourceIndexTable, 'max_file_bytes');
     return {
         enabledByDefault: readBoolean(sourceIndexTable, 'enabled_by_default') === true,
         include: readOptionalStringArray(sourceIndexTable, 'include') ?? [],
         exclude: readOptionalStringArray(sourceIndexTable, 'exclude') ?? [],
-        maxFileBytes: readPositiveInteger(sourceIndexTable, 'max_file_bytes'),
+        maxFileBytes: Math.min(configuredMaxFileBytes ?? SOURCE_INDEX_MAX_FILE_BYTES, SOURCE_INDEX_MAX_FILE_BYTES),
         allowedExtensions: readOptionalStringArray(sourceIndexTable, 'allowed_extensions') ?? [],
     };
 }
@@ -321,10 +322,14 @@ function buildSearchNgrams(values) {
     const grams = new Set();
     for (const value of values) {
         for (const token of extractSearchTokens(value)) {
-            const maxLength = Math.min(SEARCH_NGRAM_MAX_LENGTH, token.length);
+            const boundedToken = token.slice(0, SEARCH_NGRAM_MAX_TOKEN_CHARS);
+            const maxLength = Math.min(SEARCH_NGRAM_MAX_LENGTH, boundedToken.length);
             for (let length = SEARCH_NGRAM_MIN_LENGTH; length <= maxLength; length += 1) {
-                for (let index = 0; index <= token.length - length; index += 1) {
-                    grams.add(token.slice(index, index + length));
+                for (let index = 0; index <= boundedToken.length - length; index += 1) {
+                    grams.add(boundedToken.slice(index, index + length));
+                    if (grams.size >= SEARCH_NGRAM_MAX_GRAMS_PER_TARGET) {
+                        return [...grams].sort((left, right) => left.localeCompare(right));
+                    }
                 }
             }
         }
@@ -1650,6 +1655,18 @@ function populateDatabase(database, capabilities, documents, skills, skillRoutes
         'max_snippet_bytes_per_document',
         String(MAX_SNIPPET_BYTES_PER_DOCUMENT),
     ]);
+    database.run('INSERT INTO metadata (key, value) VALUES (?, ?)', [
+        'search_ngram_max_token_chars',
+        String(SEARCH_NGRAM_MAX_TOKEN_CHARS),
+    ]);
+    database.run('INSERT INTO metadata (key, value) VALUES (?, ?)', [
+        'search_ngram_max_grams_per_target',
+        String(SEARCH_NGRAM_MAX_GRAMS_PER_TARGET),
+    ]);
+    database.run('INSERT INTO metadata (key, value) VALUES (?, ?)', [
+        'source_index_max_file_bytes',
+        String(SOURCE_INDEX_MAX_FILE_BYTES),
+    ]);
     database.run('INSERT INTO metadata (key, value) VALUES (?, ?)', [
         'excluded_raw_data_kinds',
         LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS.join(','),

package/dist/cli/lib/repo-map.js

@@ -1,8 +1,8 @@
 import { spawnSync } from 'node:child_process';
 import { createHash } from 'node:crypto';
-import { existsSync, readdirSync, statSync, writeFileSync } from 'node:fs';
+import { existsSync, lstatSync, readdirSync, realpathSync, statSync, writeFileSync } from 'node:fs';
 import path from 'node:path';
-import { listFilesRecursive, toPosixPath } from './filesystem.js';
+import { toPosixPath } from './filesystem.js';
 import { readTomlFile } from './toml.js';
 const DEFAULT_DEPTH = 3;
 const REPO_MAP_DOC_ID = 'repo-map';
@@ -241,7 +241,7 @@ function getRepoMapConfig(projectRoot) {
     };
 }
 function getGitFiles(projectRoot) {
-    const result = spawnSync('git', ['ls-files'], {
+    const result = spawnSync('git', ['ls-files', '-z'], {
         cwd: projectRoot,
         encoding: 'utf8',
     });
@@ -249,16 +249,43 @@ function getGitFiles(projectRoot) {
         return [];
     }
     return result.stdout
-        .split(/\r?\n/)
-        .map((line) => line.trim())
+        .split('\0')
+        .map((line) => toPosixPath(line))
         .filter(Boolean);
 }
-function getRepositoryFiles(projectRoot) {
+function isAnchorCandidatePath(relativePath, priorityPaths) {
+    return priorityPaths.has(relativePath) || Boolean(getAnchorDescription(relativePath));
+}
+function listAnchorCandidateFilesRecursive(rootPath, depth, priorityPaths) {
+    const results = [];
+    function visit(currentPath, directoryDepth) {
+        for (const entry of readdirSync(currentPath, { withFileTypes: true })) {
+            const entryPath = path.join(currentPath, entry.name);
+            const relativePath = toPosixPath(path.relative(rootPath, entryPath));
+            if (entry.isDirectory()) {
+                if (EXCLUDED_SEGMENTS.has(entry.name) || directoryDepth >= depth) {
+                    continue;
+                }
+                visit(entryPath, directoryDepth + 1);
+                continue;
+            }
+            if (entry.isFile() && isAnchorCandidatePath(relativePath, priorityPaths)) {
+                results.push(relativePath);
+            }
+        }
+    }
+    if (!existsSync(rootPath) || !statSync(rootPath).isDirectory()) {
+        return [];
+    }
+    visit(rootPath, 0);
+    return results.sort();
+}
+function getRepositoryFiles(projectRoot, depth, priorityPaths) {
     const files = new Set();
     for (const relativePath of getGitFiles(projectRoot)) {
         files.add(relativePath);
     }
-    for (const relativePath of listFilesRecursive(projectRoot, { ignoredDirectoryNames: EXCLUDED_SEGMENTS })) {
+    for (const relativePath of listAnchorCandidateFilesRecursive(projectRoot, depth, priorityPaths)) {
         files.add(relativePath);
     }
     return Array.from(files);
@@ -306,7 +333,7 @@ function isUnderExcludedPrefix(relativePath, excludedPrefixes) {
     return excludedPrefixes.some((prefix) => relativePath === prefix.slice(0, -1) || relativePath.startsWith(prefix));
 }
 function discoverAnchors(projectRoot, depth, priorityPaths, nestedRepositories, excludedPrefixes) {
-    return getRepositoryFiles(projectRoot)
+    return getRepositoryFiles(projectRoot, depth, priorityPaths)
         .filter(shouldIncludePath)
         .filter((relativePath) => !isUnderNestedRepository(relativePath, nestedRepositories))
         .filter((relativePath) => !isUnderExcludedPrefix(relativePath, excludedPrefixes))
@@ -350,13 +377,9 @@ function renderDirectoryAnchors(anchors) {
 function hasGitMarker(directoryPath) {
     return existsSync(path.join(directoryPath, '.git'));
 }
-function isDirectory(directoryPath) {
-    try {
-        return statSync(directoryPath).isDirectory();
-    }
-    catch {
-        return false;
-    }
+function isRealPathInside(parentRealPath, childRealPath) {
+    const relative = path.relative(parentRealPath, childRealPath);
+    return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative));
 }
 function isSafeWorkspaceRoot(projectRoot, workspaceRoot) {
     const absoluteRoot = path.resolve(projectRoot, workspaceRoot);
@@ -371,6 +394,32 @@ function getWorkspaceRootPrefixes(projectRoot, workspaceConfig) {
         .filter((workspaceRoot) => isSafeWorkspaceRoot(projectRoot, workspaceRoot))
         .map((workspaceRoot) => `${toPosixPath(workspaceRoot).replace(/\/+$/, '')}/`);
 }
+function resolveSafeDirectoryTarget(projectRootRealPath, logicalPath, followSymlinks) {
+    try {
+        const stats = lstatSync(logicalPath);
+        if (stats.isSymbolicLink()) {
+            if (!followSymlinks) {
+                return undefined;
+            }
+            const realPath = realpathSync(logicalPath);
+            if (!isRealPathInside(projectRootRealPath, realPath) || !statSync(realPath).isDirectory()) {
+                return undefined;
+            }
+            return { logicalPath, realPath };
+        }
+        if (!stats.isDirectory()) {
+            return undefined;
+        }
+        const realPath = realpathSync(logicalPath);
+        if (!isRealPathInside(projectRootRealPath, realPath)) {
+            return undefined;
+        }
+        return { logicalPath, realPath };
+    }
+    catch {
+        return undefined;
+    }
+}
 function collectNestedRepository(projectRoot, repositoryPath, anchorFiles) {
     const relativeRoot = `${toPosixPath(path.relative(projectRoot, repositoryPath))}/`;
     const existingAnchors = new Set();
@@ -422,31 +471,34 @@ function discoverNestedRepositories(projectRoot, mapConfig, workspaceConfig) {
     }
     const repositories = [];
     const seenRepositoryPaths = new Set();
-    function visit(directoryPath, depth) {
+    const seenDirectoryPaths = new Set();
+    const projectRootRealPath = realpathSync(projectRoot);
+    function visit(directoryTarget, depth) {
         if (repositories.length >= workspaceConfig.maxRepositories || depth > workspaceConfig.maxDepth) {
             return;
         }
-        if (hasGitMarker(directoryPath)) {
-            const resolvedRepositoryPath = path.resolve(directoryPath);
+        if (seenDirectoryPaths.has(directoryTarget.realPath)) {
+            return;
+        }
+        seenDirectoryPaths.add(directoryTarget.realPath);
+        if (hasGitMarker(directoryTarget.logicalPath)) {
+            const resolvedRepositoryPath = directoryTarget.realPath;
             if (!seenRepositoryPaths.has(resolvedRepositoryPath)) {
                 seenRepositoryPaths.add(resolvedRepositoryPath);
-                repositories.push(collectNestedRepository(projectRoot, resolvedRepositoryPath, mapConfig.anchorFiles));
+                repositories.push(collectNestedRepository(projectRoot, directoryTarget.logicalPath, mapConfig.anchorFiles));
             }
             if (workspaceConfig.stopAtRepositoryRoot) {
                 return;
             }
         }
-        for (const entry of readdirSync(directoryPath, { withFileTypes: true })) {
-            if (!entry.isDirectory()) {
-                continue;
-            }
+        for (const entry of readdirSync(directoryTarget.logicalPath, { withFileTypes: true })) {
             if (EXCLUDED_SEGMENTS.has(entry.name)) {
                 continue;
             }
-            if (entry.isSymbolicLink() && !workspaceConfig.followSymlinks) {
-                continue;
+            const childDirectoryTarget = resolveSafeDirectoryTarget(projectRootRealPath, path.join(directoryTarget.logicalPath, entry.name), workspaceConfig.followSymlinks);
+            if (childDirectoryTarget) {
+                visit(childDirectoryTarget, depth + 1);
             }
-            visit(path.join(directoryPath, entry.name), depth + 1);
         }
     }
     for (const workspaceRoot of workspaceConfig.roots) {
@@ -454,10 +506,11 @@ function discoverNestedRepositories(projectRoot, mapConfig, workspaceConfig) {
             continue;
         }
         const absoluteWorkspaceRoot = path.resolve(projectRoot, workspaceRoot);
-        if (!isDirectory(absoluteWorkspaceRoot)) {
+        const workspaceTarget = resolveSafeDirectoryTarget(projectRootRealPath, absoluteWorkspaceRoot, workspaceConfig.followSymlinks);
+        if (!workspaceTarget) {
             continue;
         }
-        visit(absoluteWorkspaceRoot, 0);
+        visit(workspaceTarget, 0);
     }
     return repositories.sort((left, right) => left.relativePath.localeCompare(right.relativePath));
 }

package/dist/cli/lib/run-plan.js

@@ -4,6 +4,7 @@ import { resolveSafeProjectCwd } from '../../core/command-cwd.js';
 import { resolveCommandEnv } from '../../core/command-env.js';
 import { evaluateCommandIntentEligibility, } from '../../core/command-intent-eligibility.js';
 import { isRecord, readPositiveInteger, readString, readStringArray, } from '../../core/config-loading.js';
+import { DEFAULT_COMMAND_MAX_OUTPUT_BYTES, MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage, } from '../../core/command-output-limits.js';
 import { t } from './i18n.js';
 function getSuccessExitCodes(intent) {
     const value = intent.success_exit_codes;
@@ -72,6 +73,24 @@ function getRunPlanMode(commandArgv, intent) {
     }
     return intent.mode === 'shell' ? 'shell' : null;
 }
+function readEffectiveMaxOutputBytes(contract, intent) {
+    return readPositiveInteger(intent, 'max_output_bytes') ??
+        readPositiveInteger(contract.defaults, 'max_output_bytes') ??
+        DEFAULT_COMMAND_MAX_OUTPUT_BYTES;
+}
+function getMaxOutputBytesLimitDetail(contract, intent) {
+    const intentValue = readPositiveInteger(intent, 'max_output_bytes');
+    if (intentValue !== undefined) {
+        return intentValue > MAX_COMMAND_OUTPUT_BYTES ?
+            commandMaxOutputBytesLimitMessage('[commands.intents.<intent>].max_output_bytes') :
+            null;
+    }
+    const defaultValue = readPositiveInteger(contract.defaults, 'max_output_bytes');
+    if (defaultValue !== undefined && defaultValue > MAX_COMMAND_OUTPUT_BYTES) {
+        return commandMaxOutputBytesLimitMessage('[commands.defaults].max_output_bytes');
+    }
+    return null;
+}
 function readRunIntentMetadata(contract, intent) {
     const configuredCwd = readString(intent, 'cwd') ?? readString(contract.defaults, 'default_cwd') ?? '.';
     const commandArgv = readStringArray(intent, 'argv');
@@ -84,7 +103,7 @@ function readRunIntentMetadata(contract, intent) {
         kind: readString(intent, 'kind') ?? null,
         configuredCwd,
         timeoutSeconds: readPositiveInteger(intent, 'timeout_seconds') ?? null,
-        maxOutputBytes: readPositiveInteger(intent, 'max_output_bytes') ?? readPositiveInteger(contract.defaults, 'max_output_bytes') ?? 1_048_576,
+        maxOutputBytes: readEffectiveMaxOutputBytes(contract, intent),
         successExitCodes: getSuccessExitCodes(intent),
         commandArgv,
         shellCommand,
@@ -149,6 +168,10 @@ export function createRunPlan(projectRoot, contract, intentName, options = {}) {
         return createBlockedRunPlan(contract, intentName, rawIntent, eligibility, eligibility.code, eligibility.detail);
     }
     const metadata = readRunIntentMetadata(contract, rawIntent);
+    const maxOutputBytesLimitDetail = getMaxOutputBytesLimitDetail(contract, rawIntent);
+    if (maxOutputBytesLimitDetail) {
+        return createBlockedRunPlan(contract, intentName, rawIntent, eligibility, 'max_output_bytes_exceeds_limit', maxOutputBytesLimitDetail);
+    }
     let cwd;
     try {
         cwd = resolveSafeProjectCwd(projectRoot, metadata.configuredCwd);
@@ -207,7 +230,7 @@ function createSuggestedIntentSnippet(intentName, metadata, reasonCode) {
         return null;
     }
     let commandLines;
-    if (reasonCode === 'blocked_shell_background_pattern') {
+    if (reasonCode === 'blocked_shell_background_pattern' || reasonCode === 'blocked_long_running_command_pattern') {
         commandLines = [`argv = ${formatTomlStringArray(['TODO_REPLACE_WITH_FINITE_COMMAND'])}`];
     }
     else if (metadata?.shellCommand) {

package/dist/cli/lib/validation/index.js

@@ -605,7 +605,8 @@ function validateStrictVersionSources(projectRoot, preferencesToml, versioningTo
     pushStrictIssue(issues, '[release.versioning] is enabled but no version source was detected; add .mustflow/config/versioning.toml or a package/template version source');
 }
 function validateStrictTemplateVersionSync(projectRoot, preferencesToml, issues) {
-    const changedPaths = existsSync(path.join(projectRoot, '.git')) ? readGitChangedFiles(projectRoot) : undefined;
+    const changedPathResult = existsSync(path.join(projectRoot, '.git')) ? readGitChangedFiles(projectRoot) : undefined;
+    const changedPaths = changedPathResult?.ok ? changedPathResult.files : undefined;
     for (const issue of validateTemplateVersionSync(projectRoot, preferencesToml, changedPaths)) {
         if (issue.severity === 'warning') {
             pushStrictWarning(issues, issue.message);

package/dist/core/check-issues.js

@@ -4,10 +4,12 @@ const CHECK_ISSUE_ID_RULES = [
     ['mustflow.command_contract.configured_missing_lifecycle', /^Configured intent [^\s]+ must define lifecycle$/u],
     ['mustflow.command_contract.configured_missing_run_policy', /^Configured intent [^\s]+ must define run_policy$/u],
     ['mustflow.command_contract.oneshot_missing_timeout', /^Oneshot intent [^\s]+ must define timeout_seconds$/u],
+    ['mustflow.command_contract.max_output_bytes_exceeds_limit', /^\[commands\.(?:defaults|intents\.[^\]]+)\]\.max_output_bytes must be less than or equal to \d+$/u],
     ['mustflow.command_contract.oneshot_stdin_not_closed', /^Oneshot intent [^\s]+ must set stdin = "closed"$/u],
     ['mustflow.command_contract.long_running_agent_allowed', /^Long-running intent [^\s]+ must not use run_policy = "agent_allowed"$/u],
     ['mustflow.command_contract.executable_source_missing', /^Configured intent [^\s]+ must define argv or mode = "shell" with cmd$/u],
     ['mustflow.command_contract.shell_background_pattern', /^Shell intent [^\s]+ contains a blocked long-running or background pattern$/u],
+    ['mustflow.command_contract.long_running_command_pattern', /^Intent [^\s]+ contains a blocked long-running or background command pattern$/u],
     ['mustflow.command_contract.success_exit_codes_invalid', /^\[commands\.intents\.[^\]]+\]\.success_exit_codes must be an integer array$/u],
     ['mustflow.command_contract.effects_invalid', /^(?:Strict: )?(?:\[commands\.(?:resources|intents\.[^\]]+\.effects)[^\]]*\]|Command effect for intent [^\s]+ must define path, paths, or lock)/u],
     ['mustflow.command_contract.effect_path_escape', /^Strict: Command effect path must stay inside the current root:/u],

package/dist/core/command-contract-rules.js

@@ -1,16 +1,39 @@
+import path from 'node:path';
 import { readString, readStringArray } from './config-loading.js';
 const SAFE_COMMAND_INTENT_NAME_PATTERN = /^[A-Za-z0-9_-]+$/u;
+const SHELL_WRAPPER_COMMANDS = new Set(['sh', 'bash', 'zsh', 'dash', 'ksh', 'cmd', 'powershell', 'pwsh']);
+const SHELL_EVALUATION_FLAGS = new Set(['-c', '/c', '-command', '-commandwithargs']);
+const INTERPRETER_EVALUATION_FLAGS = new Map([
+    ['node', new Set(['-e', '--eval'])],
+    ['python', new Set(['-c'])],
+    ['python3', new Set(['-c'])],
+    ['py', new Set(['-c'])],
+    ['ruby', new Set(['-e'])],
+    ['perl', new Set(['-e'])],
+]);
+const PACKAGE_SCRIPT_RUNNERS = new Set(['bun', 'npm', 'pnpm', 'yarn']);
+const LONG_RUNNING_PACKAGE_SCRIPTS = new Set(['dev', 'start', 'serve', 'watch', 'preview']);
+const LONG_RUNNING_EXECUTABLES = new Set(['nodemon', 'pm2', 'serve', 'http-server', 'live-server', 'webpack-dev-server']);
 export const BACKGROUND_SHELL_PATTERNS = [
-    /\s&\s*$/u,
+    /(?:^|[^&])&(?!&)\s*$/u,
     /\bnohup\b/iu,
     /\bdisown\b/iu,
     /\bStart-Process\b/iu,
-    /\bstart\s+/iu,
+    /(?:^|[;&|]\s*)start\s+/iu,
     /\bxdg-open\b/iu,
     /\bopen\s+/iu,
     /\bchrome(?:\.exe)?\b/iu,
     /\bchromium(?:\.exe)?\b/iu,
 ];
+export const LONG_RUNNING_COMMAND_TEXT_PATTERNS = [
+    /\b(?:npm|pnpm|bun|yarn)\s+(?:run\s+)?(?:dev|start|serve|watch|preview)\b/iu,
+    /\b(?:nohup|disown)\b/iu,
+    /(?:^|[^&])&(?!&)\s*$/u,
+    /\bsetInterval\s*\(/u,
+    /\bwhile\s*(?:\(\s*true\s*\)|true)\b/iu,
+    /\bserve_forever\s*\(/iu,
+    /\bcreateServer\s*\([^)]*\)\s*\.listen\s*\(/u,
+];
 export function commandIntentNameIsSafe(intentName) {
     return SAFE_COMMAND_INTENT_NAME_PATTERN.test(intentName);
 }
@@ -25,3 +48,82 @@ export function shellCommandHasBlockedBackgroundPattern(command) {
 export function commandIntentHasBlockedShellBackgroundPattern(intent) {
     return intent.mode === 'shell' && typeof intent.cmd === 'string' && shellCommandHasBlockedBackgroundPattern(intent.cmd);
 }
+function normalizeExecutableName(value) {
+    return path.basename(value).replace(/\.(?:cmd|exe|ps1)$/iu, '').toLowerCase();
+}
+function findFlagPayload(argv, flags) {
+    for (let index = 1; index < argv.length - 1; index += 1) {
+        if (flags.has(argv[index].toLowerCase())) {
+            return argv[index + 1];
+        }
+    }
+    return null;
+}
+function commandTextHasLongRunningPattern(command) {
+    return LONG_RUNNING_COMMAND_TEXT_PATTERNS.some((pattern) => pattern.test(command));
+}
+function readPackageScriptName(command, args) {
+    if (!PACKAGE_SCRIPT_RUNNERS.has(command)) {
+        return null;
+    }
+    if (args[0] === 'run' && args[1] && !args[1].startsWith('-')) {
+        return args[1];
+    }
+    if (args[0] && LONG_RUNNING_PACKAGE_SCRIPTS.has(args[0])) {
+        return args[0];
+    }
+    return null;
+}
+function argvHasBlockedLongRunningPattern(argv) {
+    const [rawCommand = '', ...args] = argv;
+    const command = normalizeExecutableName(rawCommand);
+    const shellPayload = SHELL_WRAPPER_COMMANDS.has(command) ? findFlagPayload(argv, SHELL_EVALUATION_FLAGS) : null;
+    if (shellPayload && (shellCommandHasBlockedBackgroundPattern(shellPayload) || commandTextHasLongRunningPattern(shellPayload))) {
+        return `shell wrapper payload contains a blocked long-running or background pattern: ${shellPayload}`;
+    }
+    const interpreterFlags = INTERPRETER_EVALUATION_FLAGS.get(command);
+    const interpreterPayload = interpreterFlags ? findFlagPayload(argv, interpreterFlags) : null;
+    if (interpreterPayload && commandTextHasLongRunningPattern(interpreterPayload)) {
+        return `interpreter evaluation payload contains a blocked long-running pattern: ${interpreterPayload}`;
+    }
+    const packageScriptName = readPackageScriptName(command, args);
+    if (packageScriptName && LONG_RUNNING_PACKAGE_SCRIPTS.has(packageScriptName)) {
+        return `package-manager script "${packageScriptName}" is commonly long-running`;
+    }
+    if (LONG_RUNNING_EXECUTABLES.has(command)) {
+        return `executable "${command}" is commonly long-running`;
+    }
+    if (command === 'vite' && !args.includes('build')) {
+        return 'vite without build is commonly a development server';
+    }
+    if (command === 'next' && ['dev', 'start'].includes(args[0] ?? '')) {
+        return `next ${args[0]} is commonly long-running`;
+    }
+    if (command === 'webpack' && (args.includes('--watch') || args.includes('-w') || args.includes('serve'))) {
+        return 'webpack watch or serve mode is commonly long-running';
+    }
+    if (command === 'tsc' && (args.includes('--watch') || args.includes('-w'))) {
+        return 'tsc watch mode is long-running';
+    }
+    return null;
+}
+export function commandIntentBlockedCommandPattern(intent) {
+    if (intent.mode === 'shell' && typeof intent.cmd === 'string' && shellCommandHasBlockedBackgroundPattern(intent.cmd)) {
+        return {
+            code: 'shell_background_pattern',
+            detail: 'Shell command contains a blocked long-running or background pattern.',
+        };
+    }
+    const argv = readStringArray(intent, 'argv');
+    if (!argv) {
+        return null;
+    }
+    const detail = argvHasBlockedLongRunningPattern(argv);
+    if (!detail) {
+        return null;
+    }
+    return {
+        code: 'long_running_command_pattern',
+        detail: `Argv command contains a blocked long-running or background pattern: ${detail}.`,
+    };
+}

package/dist/core/command-contract-validation.js

@@ -1,7 +1,8 @@
 import { COMMAND_LIFECYCLES, COMMAND_RUN_POLICIES, LONG_RUNNING_LIFECYCLES, isRecord, } from './config-loading.js';
 import { COMMAND_ENV_POLICIES } from './command-env.js';
 import { COMMAND_EFFECT_CONCURRENCY, COMMAND_EFFECT_MODES, COMMAND_EFFECT_TYPES, validateCommandEffectLockWarnings, validateCommandEffects, } from './command-effects.js';
-import { commandIntentHasBlockedShellBackgroundPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
+import { commandIntentBlockedCommandPattern, commandIntentHasBlockedShellBackgroundPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
+import { MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage } from './command-output-limits.js';
 function commandContractIssue(message) {
     return { message };
 }
@@ -46,6 +47,12 @@ function validatePositiveIntegerField(table, key, label, issues) {
         issues.push(commandContractIssue(`${label} must be a positive integer`));
     }
 }
+function validateMaxOutputBytesField(table, key, label, issues) {
+    validatePositiveIntegerField(table, key, label, issues);
+    if (isPositiveInteger(table[key]) && Number(table[key]) > MAX_COMMAND_OUTPUT_BYTES) {
+        issues.push(commandContractIssue(commandMaxOutputBytesLimitMessage(label)));
+    }
+}
 function validateAllowedStringField(table, key, label, allowedValues, issues) {
     if (!hasOwn(table, key)) {
         return;
@@ -70,7 +77,7 @@ function validateCommandDefaults(commandsToml, issues) {
     validateAllowedStringField(defaults, 'env_policy', '[commands.defaults].env_policy', COMMAND_ENV_POLICIES, issues);
     validateStringArrayField(defaults, 'env_allowlist', '[commands.defaults].env_allowlist', issues);
     validatePositiveIntegerField(defaults, 'default_timeout_seconds', '[commands.defaults].default_timeout_seconds', issues);
-    validatePositiveIntegerField(defaults, 'max_output_bytes', '[commands.defaults].max_output_bytes', issues);
+    validateMaxOutputBytesField(defaults, 'max_output_bytes', '[commands.defaults].max_output_bytes', issues);
     validatePositiveIntegerField(defaults, 'kill_after_seconds', '[commands.defaults].kill_after_seconds', issues);
 }
 function validateCommandResources(commandsToml, issues) {
@@ -148,6 +155,7 @@ function validateCommandIntent(intentName, intent, issues) {
     validateAllowedStringField(intent, 'run_policy', `[commands.intents.${intentName}].run_policy`, COMMAND_RUN_POLICIES, issues);
     validateAllowedStringField(intent, 'env_policy', `[commands.intents.${intentName}].env_policy`, COMMAND_ENV_POLICIES, issues);
     validateStringArrayField(intent, 'env_allowlist', `[commands.intents.${intentName}].env_allowlist`, issues);
+    validateMaxOutputBytesField(intent, 'max_output_bytes', `[commands.intents.${intentName}].max_output_bytes`, issues);
     validateCommandIntentSelection(intentName, intent, issues);
     if (intent.status !== 'configured') {
         return;
@@ -178,6 +186,10 @@ function validateCommandIntent(intentName, intent, issues) {
     if (commandIntentHasBlockedShellBackgroundPattern(intent)) {
         issues.push(commandContractIssue(`Shell intent ${intentName} contains a blocked long-running or background pattern`));
     }
+    const blockedCommandPattern = commandIntentBlockedCommandPattern(intent);
+    if (blockedCommandPattern?.code === 'long_running_command_pattern') {
+        issues.push(commandContractIssue(`Intent ${intentName} contains a blocked long-running or background command pattern`));
+    }
     if (hasOwn(intent, 'success_exit_codes')) {
         const value = intent.success_exit_codes;
         if (!Array.isArray(value) || value.length === 0 || value.some((entry) => !Number.isInteger(entry))) {

package/dist/core/command-intent-eligibility.js

@@ -1,5 +1,5 @@
 import { isRecord, readString } from './config-loading.js';
-import { commandIntentHasBlockedShellBackgroundPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
+import { commandIntentBlockedCommandPattern, commandIntentHasBlockedShellBackgroundPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
 export function evaluateCommandIntentEligibility(intentName, rawIntent) {
     if (!commandIntentNameIsSafe(intentName)) {
         return {
@@ -68,6 +68,14 @@ export function evaluateCommandIntentEligibility(intentName, rawIntent) {
             detail: 'Shell command contains a blocked long-running or background pattern.',
         };
     }
+    const blockedPattern = commandIntentBlockedCommandPattern(rawIntent);
+    if (blockedPattern?.code === 'long_running_command_pattern') {
+        return {
+            ok: false,
+            code: 'blocked_long_running_command_pattern',
+            detail: blockedPattern.detail,
+        };
+    }
     return {
         ok: true,
         code: 'ok',

package/dist/core/command-output-limits.js

@@ -0,0 +1,5 @@
+export const DEFAULT_COMMAND_MAX_OUTPUT_BYTES = 1_048_576;
+export const MAX_COMMAND_OUTPUT_BYTES = 16 * 1024 * 1024;
+export function commandMaxOutputBytesLimitMessage(label) {
+    return `${label} must be less than or equal to ${MAX_COMMAND_OUTPUT_BYTES}`;
+}

package/dist/core/contract-lint.js

@@ -2,7 +2,8 @@ import { existsSync, readFileSync } from 'node:fs';
 import path from 'node:path';
 import { COMMAND_LIFECYCLES, COMMAND_RUN_POLICIES, LONG_RUNNING_LIFECYCLES, isRecord, readPositiveInteger, readString, readStringArray, } from './config-loading.js';
 import { evaluateCommandIntentEligibility, } from './command-intent-eligibility.js';
-import { commandIntentHasBlockedShellBackgroundPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
+import { commandIntentBlockedCommandPattern, commandIntentHasBlockedShellBackgroundPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
+import { MAX_COMMAND_OUTPUT_BYTES } from './command-output-limits.js';
 import { commandEffectsConflict, normalizeCommandEffects } from './command-effects.js';
 import { listChangeClassificationValidationReasons } from './change-classification.js';
 import { parseSkillIndexRoutes } from './skill-route-alignment.js';
@@ -309,6 +310,10 @@ function lintIntent(name, value, issues) {
     if (lifecycle === 'oneshot' && readPositiveInteger(value, 'timeout_seconds') === undefined) {
         pushIssue(issues, 'error', 'oneshot_missing_timeout', name, `Oneshot intent ${name} must define timeout_seconds.`);
     }
+    const maxOutputBytes = readPositiveInteger(value, 'max_output_bytes');
+    if (maxOutputBytes !== undefined && maxOutputBytes > MAX_COMMAND_OUTPUT_BYTES) {
+        pushIssue(issues, 'error', 'max_output_bytes_exceeds_limit', name, `Intent ${name} max_output_bytes must be less than or equal to ${MAX_COMMAND_OUTPUT_BYTES}.`);
+    }
     if (lifecycle === 'oneshot' && readString(value, 'stdin') !== 'closed') {
         pushIssue(issues, 'error', 'oneshot_stdin_not_closed', name, `Oneshot intent ${name} must set stdin to closed.`);
     }
@@ -321,6 +326,10 @@ function lintIntent(name, value, issues) {
     if (commandIntentHasBlockedShellBackgroundPattern(value)) {
         pushIssue(issues, 'error', 'shell_background_pattern', name, `Shell intent ${name} contains a blocked long-running or background pattern.`);
     }
+    const blockedCommandPattern = commandIntentBlockedCommandPattern(value);
+    if (blockedCommandPattern?.code === 'long_running_command_pattern') {
+        pushIssue(issues, 'error', 'long_running_command_pattern', name, `Intent ${name} contains a blocked long-running or background command pattern.`);
+    }
     if (!successExitCodesAreValid(value)) {
         pushIssue(issues, 'error', 'invalid_success_exit_codes', name, `Intent ${name} success_exit_codes must be an integer array.`);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mustflow",
-  "version": "2.17.0",
+  "version": "2.18.0",
   "description": "Agent workflow documents and CLI for mustflow repository roots.",
   "type": "module",
   "license": "MIT-0",

package/schemas/README.md

@@ -35,10 +35,10 @@ Current schemas:
   `mf explain verify --reason <event> --json`, `mf explain retention --json`, `mf explain skills --json`,
   and `mf explain surface --json`. Verify explanations include the shared `decisionGraph` evidence model.
 - `verify-report.schema.json`: output of `mf verify --reason <event> --json`, including an
-  evidence-based completion verdict and evidence model with a conservative coverage matrix for the
-  selected receipts and skipped checks
+  explicit execution aggregate, evidence-based completion verdict, and evidence model with a
+  conservative coverage matrix for the selected receipts and skipped checks
 - `verify-run-manifest.schema.json`: `.mustflow/state/runs/verify-latest/manifest.json`, including
-  the same completion verdict, evidence model, and coverage matrix as the verify report
+  the same execution aggregate, completion verdict, evidence model, and coverage matrix as the verify report
 - `change-verification-report.schema.json`: output of `mf verify --reason <event> --plan-only --json` and  
   `mf verify --from-classification <classify-report.json> --plan-only --json`, including the `decision_graph` that links
   changed surfaces, classification reasons, command candidates, eligibility, selected or not-selected state,

package/schemas/change-verification-report.schema.json

@@ -251,7 +251,8 @@
         "missing_timeout",
         "missing_command_source",
         "unsafe_intent_name",
-        "blocked_shell_background_pattern"
+        "blocked_shell_background_pattern",
+        "blocked_long_running_command_pattern"
       ]
     },
     "verificationCandidate": {

package/schemas/contract-lint-report.schema.json

@@ -139,7 +139,8 @@
                             "missing_timeout",
                             "missing_command_source",
                             "unsafe_intent_name",
-                            "blocked_shell_background_pattern"
+                            "blocked_shell_background_pattern",
+                            "blocked_long_running_command_pattern"
                           ]
                         },
                         "runnable": { "type": "boolean" },

package/schemas/explain-report.schema.json

@@ -829,6 +829,7 @@
             "missing_command_source",
             "unsafe_intent_name",
             "blocked_shell_background_pattern",
+            "blocked_long_running_command_pattern",
             null
           ]
         },

package/schemas/latest-run-pointer.schema.json

@@ -33,6 +33,7 @@
       "type": "string",
       "pattern": "^sha256:[0-9a-f]{64}$"
     },
+    "execution_status": { "enum": ["passed", "partial", "failed", "blocked"] },
     "status": { "enum": ["passed", "partial", "failed", "blocked"] },
     "completion_verdict": { "$ref": "#/$defs/completionVerdict" },
     "evidence_model": { "$ref": "#/$defs/evidenceModel" },

package/schemas/verify-report.schema.json

@@ -34,6 +34,7 @@
       "type": "string",
       "pattern": "^sha256:[0-9a-f]{64}$"
     },
+    "execution_status": { "enum": ["passed", "partial", "failed", "blocked"] },
     "status": { "enum": ["passed", "partial", "failed", "blocked"] },
     "completion_verdict": { "$ref": "#/$defs/completionVerdict" },
     "evidence_model": { "$ref": "#/$defs/evidenceModel" },