mustflow 2.18.21 → 2.21.1

package/dist/cli/commands/classify.js

@@ -1,6 +1,6 @@
-import { mkdirSync, writeFileSync } from 'node:fs';
 import path from 'node:path';
 import { createChangeClassificationReport, } from '../../core/change-classification.js';
+import { writeJsonFileInsideWithoutSymlinks } from '../../core/safe-filesystem.js';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { requireGitChangedFiles } from '../lib/git-changes.js';
 import { t } from '../lib/i18n.js';
@@ -111,8 +111,7 @@ function resolveWritePath(projectRoot, inputPath) {
 }
 function writeClassifyOutput(projectRoot, inputPath, output) {
     const outputPath = resolveWritePath(projectRoot, inputPath);
-    mkdirSync(path.dirname(outputPath), { recursive: true });
-    writeFileSync(outputPath, `${JSON.stringify(output, null, 2)}\n`, 'utf8');
+    writeJsonFileInsideWithoutSymlinks(projectRoot, outputPath, output);
 }
 export function runClassify(args, reporter, lang = 'en') {
     if (args.includes('--help') || args.includes('-h')) {

package/dist/cli/commands/doctor.js

@@ -5,7 +5,9 @@ import { getAgentContext, } from '../lib/agent-context.js';
 import { t } from '../lib/i18n.js';
 import { getLocalIndexDatabasePath } from '../lib/local-index.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
-import { checkMustflowProject } from '../lib/validation.js';
+import { checkMustflowProjectReport } from '../lib/validation.js';
+import { findCommandEnvInheritanceWarnings } from '../../core/command-contract-validation.js';
+import { readCommandContract } from '../../core/config-loading.js';
 import { summarizeSkillRouteAlignment } from '../../core/skill-route-alignment.js';
 const DOCTOR_SCHEMA_VERSION = '1';
 export function getDoctorHelp(lang = 'en') {
@@ -46,6 +48,7 @@ function createDiagnostics(output) {
     const localIndexExists = existsSync(getLocalIndexDatabasePath(output.mustflow_root));
     const runnableIntentCount = output.context.runnable_intents.length;
     const skillRouteAlignment = summarizeSkillRouteAlignment(output.check.issues);
+    const inheritedEnvIntentCount = output.command_environment.inherited_intents.length;
     diagnostics.push({
         id: 'install',
         status: output.installed ? 'ok' : 'fail',
@@ -55,7 +58,9 @@ function createDiagnostics(output) {
     diagnostics.push({
         id: 'validation',
         status: output.check.ok ? 'ok' : 'fail',
-        summary: `${output.check.issue_count} ${pluralize(output.check.issue_count, 'issue', 'issues')}`,
+        summary: output.check.warning_count === 0
+            ? `${output.check.issue_count} ${pluralize(output.check.issue_count, 'issue', 'issues')}`
+            : `${output.check.issue_count} ${pluralize(output.check.issue_count, 'issue', 'issues')}, ${output.check.warning_count} ${pluralize(output.check.warning_count, 'warning', 'warnings')}`,
         action: output.check.ok ? null : checkCommand,
     });
     diagnostics.push({
@@ -72,6 +77,16 @@ function createDiagnostics(output) {
             : 'missing',
         action: output.context.command_contract_exists ? 'mf help commands' : 'mf init --dry-run',
     });
+    diagnostics.push({
+        id: 'environment',
+        status: output.context.command_contract_exists ? (inheritedEnvIntentCount > 0 ? 'warn' : 'ok') : 'info',
+        summary: output.context.command_contract_exists
+            ? inheritedEnvIntentCount === 0
+                ? 'no inherited host-environment intents'
+                : `${inheritedEnvIntentCount} inherited host-environment ${pluralize(inheritedEnvIntentCount, 'intent', 'intents')}: ${output.command_environment.inherited_intents.join(', ')}`
+            : 'command contract missing',
+        action: inheritedEnvIntentCount > 0 ? 'mf check --strict --json' : null,
+    });
     diagnostics.push({
         id: 'read_order',
         status: output.context.missing_read_order.length === 0 ? 'ok' : 'fail',
@@ -124,15 +139,37 @@ function getNextSteps(output) {
     }
     return nextSteps;
 }
+function readCommandEnvironmentSummary(projectRoot) {
+    try {
+        const contract = readCommandContract(projectRoot);
+        const warnings = findCommandEnvInheritanceWarnings(contract);
+        return {
+            inherited_intents: warnings.map((warning) => warning.intentName).sort((left, right) => left.localeCompare(right)),
+            inherited_network_intents: warnings
+                .filter((warning) => warning.network)
+                .map((warning) => warning.intentName)
+                .sort((left, right) => left.localeCompare(right)),
+        };
+    }
+    catch {
+        return {
+            inherited_intents: [],
+            inherited_network_intents: [],
+        };
+    }
+}
 function createDoctorOutput(strict) {
     const mustflowRoot = resolveMustflowRoot();
     const context = getAgentContext(mustflowRoot);
-    const issues = checkMustflowProject(mustflowRoot, { strict });
+    const checkReport = checkMustflowProjectReport(mustflowRoot, { strict });
     const check = {
-        ok: issues.length === 0,
-        issue_count: issues.length,
-        issues,
+        ok: checkReport.issues.length === 0,
+        issue_count: checkReport.issues.length,
+        issues: checkReport.issues,
+        warning_count: checkReport.warnings.length,
+        warnings: checkReport.warnings,
     };
+    const commandEnvironment = readCommandEnvironmentSummary(mustflowRoot);
     const baseOutput = {
         schema_version: DOCTOR_SCHEMA_VERSION,
         command: 'doctor',
@@ -150,6 +187,7 @@ function createDoctorOutput(strict) {
             missing_optional_read_order: context.optional_read_order.filter((entry) => !entry.exists).map((entry) => entry.path),
             latest_run_exists: context.latest_run.exists,
         },
+        command_environment: commandEnvironment,
         effective_policy: context.effective_policy,
         state_policy: context.state_policy,
         blocked_actions: context.blocked_actions,
@@ -171,6 +209,8 @@ function getDiagnosticLabel(id, lang) {
             return t(lang, 'doctor.diagnostic.skillRoutes');
         case 'commands':
             return t(lang, 'doctor.diagnostic.commands');
+        case 'environment':
+            return t(lang, 'doctor.diagnostic.environment');
         case 'read_order':
             return t(lang, 'doctor.diagnostic.readOrder');
         case 'optional_read_order':

package/dist/cli/commands/run/output.js

@@ -46,7 +46,7 @@ export function writeStreamChunk(reporter, stream, chunk) {
     reporter.stderr(chunk.toString());
 }
 export function createOutputLimitError(stream, maxOutputBytes) {
-    return Object.assign(new Error(`${stream} exceeded max_output_bytes (${maxOutputBytes})`), {
+    return Object.assign(new Error(`${stream} exceeded per-stream max_output_bytes (${maxOutputBytes})`), {
         code: OUTPUT_LIMIT_ERROR_CODE,
     });
 }

package/dist/cli/commands/run/receipt.js

@@ -16,6 +16,7 @@ export function assembleRunReceipt(input) {
         envPolicy: input.plan.envPolicy,
         envAllowlist: input.plan.envAllowlist,
         timeoutSeconds: input.plan.timeoutSeconds,
+        killAfterSeconds: input.plan.killAfterSeconds,
         maxOutputBytes: input.plan.maxOutputBytes,
         successExitCodes: input.plan.successExitCodes,
         exitCode: input.exitCode,

package/dist/cli/commands/verify.js

@@ -1,11 +1,12 @@
 import { createHash } from 'node:crypto';
-import { mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { readFileSync } from 'node:fs';
 import path from 'node:path';
 import { createClassifyOutput } from './classify.js';
 import { runRun } from './run.js';
 import { createChangeVerificationReport, } from '../../core/change-verification.js';
+import { writeJsonFileInsideWithoutSymlinks } from '../../core/safe-filesystem.js';
 import { createVerifyCompletionVerdict, } from '../../core/completion-verdict.js';
-import { atomicWriteJsonFile, createStateRunId } from '../../core/atomic-state-write.js';
+import { createStateRunId } from '../../core/atomic-state-write.js';
 import { createExternalEvidenceRisks, } from '../../core/external-evidence.js';
 import { createRepeatedFailureRisks, createVerificationFailureFingerprint, updateRepeatedFailureState, } from '../../core/repeated-failure.js';
 import { countReproEvidenceVerdictEffects, createReproEvidenceRisks, } from '../../core/repro-evidence.js';
@@ -545,8 +546,7 @@ function createInputFromChanged(projectRoot) {
 }
 function writeChangedPlan(projectRoot, inputPath, plan) {
     const planPath = resolvePlanPath(projectRoot, inputPath);
-    mkdirSync(path.dirname(planPath), { recursive: true });
-    writeFileSync(planPath, `${JSON.stringify(plan, null, 2)}\n`, 'utf8');
+    writeJsonFileInsideWithoutSymlinks(projectRoot, planPath, plan);
 }
 export function planErrorMessageKey(code) {
     switch (code) {
@@ -1059,7 +1059,6 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
     const statePaths = createVerifyRunStatePaths(projectRoot);
     const receipts = [];
     const results = [];
-    mkdirSync(statePaths.absoluteIntentDir, { recursive: true });
     for (const [index, result] of output.results.entries()) {
         let receiptPath = null;
         let receiptSha256 = null;
@@ -1075,7 +1074,7 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
             };
             const receiptContent = `${JSON.stringify(receipt, null, 2)}\n`;
             receiptSha256 = hashTextSha256(receiptContent);
-            atomicWriteJsonFile(absoluteReceiptPath, receipt);
+            writeJsonFileInsideWithoutSymlinks(projectRoot, absoluteReceiptPath, receipt);
         }
         receipts.push({
             intent: result.intent,
@@ -1181,7 +1180,7 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
         ...(outputWithReceiptPaths.external_checks ? { external_checks: outputWithReceiptPaths.external_checks } : {}),
         receipts,
     };
-    atomicWriteJsonFile(statePaths.absoluteManifestPath, manifest);
+    writeJsonFileInsideWithoutSymlinks(projectRoot, statePaths.absoluteManifestPath, manifest);
     const latest = {
         schema_version: '1',
         command: 'verify',
@@ -1202,7 +1201,7 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
         run_dir: statePaths.runDir,
         manifest_path: statePaths.manifestPath,
     };
-    atomicWriteJsonFile(path.join(projectRoot, LATEST_RUN_RECEIPT_PATH), latest);
+    writeJsonFileInsideWithoutSymlinks(projectRoot, path.join(projectRoot, LATEST_RUN_RECEIPT_PATH), latest);
     return outputWithReceiptPaths;
 }
 async function createVerifyOutput(input, planSource, projectRoot, lang, reproEvidence = null, externalChecks = [], parallelism = DEFAULT_VERIFY_PARALLELISM) {

package/dist/cli/i18n/en.js

@@ -488,6 +488,7 @@ export const enMessages = {
     "doctor.diagnostic.validation": "Validation",
     "doctor.diagnostic.skillRoutes": "Skill routes",
     "doctor.diagnostic.commands": "Command specification",
+    "doctor.diagnostic.environment": "Environment",
     "doctor.diagnostic.readOrder": "Read order",
     "doctor.diagnostic.optionalReadOrder": "Optional read order",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/es.js

@@ -488,6 +488,7 @@ export const esMessages = {
     "doctor.diagnostic.validation": "Validación",
     "doctor.diagnostic.skillRoutes": "Rutas de skills",
     "doctor.diagnostic.commands": "Especificación de comandos",
+    "doctor.diagnostic.environment": "Entorno",
     "doctor.diagnostic.readOrder": "Orden de lectura",
     "doctor.diagnostic.optionalReadOrder": "Orden de lectura opcional",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/fr.js

@@ -488,6 +488,7 @@ export const frMessages = {
     "doctor.diagnostic.validation": "Validation",
     "doctor.diagnostic.skillRoutes": "Routage des skills",
     "doctor.diagnostic.commands": "Spécification des commandes",
+    "doctor.diagnostic.environment": "Environnement",
     "doctor.diagnostic.readOrder": "Ordre de lecture",
     "doctor.diagnostic.optionalReadOrder": "Ordre de lecture optionnel",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/hi.js

@@ -488,6 +488,7 @@ export const hiMessages = {
     "doctor.diagnostic.validation": "सत्यापन",
     "doctor.diagnostic.skillRoutes": "स्किल रूट",
     "doctor.diagnostic.commands": "कमांड विनिर्देश",
+    "doctor.diagnostic.environment": "एनवायरनमेंट",
     "doctor.diagnostic.readOrder": "पढ़ने का क्रम",
     "doctor.diagnostic.optionalReadOrder": "वैकल्पिक पढ़ने का क्रम",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/ko.js

@@ -488,6 +488,7 @@ export const koMessages = {
     "doctor.diagnostic.validation": "검증",
     "doctor.diagnostic.skillRoutes": "스킬 라우팅",
     "doctor.diagnostic.commands": "명령",
+    "doctor.diagnostic.environment": "실행 환경",
     "doctor.diagnostic.readOrder": "읽기 순서",
     "doctor.diagnostic.optionalReadOrder": "선택적 읽기 순서",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/zh.js

@@ -488,6 +488,7 @@ export const zhMessages = {
     "doctor.diagnostic.validation": "验证",
     "doctor.diagnostic.skillRoutes": "技能路由",
     "doctor.diagnostic.commands": "命令规范",
+    "doctor.diagnostic.environment": "环境",
     "doctor.diagnostic.readOrder": "读取顺序",
     "doctor.diagnostic.optionalReadOrder": "可选读取顺序",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/lib/local-index/index.js

@@ -1,4 +1,4 @@
-import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from 'node:fs';
+import { existsSync, readFileSync, statSync } from 'node:fs';
 import { createHash } from 'node:crypto';
 import path from 'node:path';
 import { isRecord, readCommandContract, readString, readStringArray } from '../command-contract.js';
@@ -8,6 +8,7 @@ import { collectSourceAnchorIndexRecords, hasHighRiskSourceAnchorRiskTags, } fro
 import { listSourceAnchorFiles } from '../../../core/source-anchors.js';
 import { normalizeCommandEffects } from '../../../core/command-effects.js';
 import { listChangeClassificationRuleDescriptors } from '../../../core/change-classification.js';
+import { writeFileInsideWithoutSymlinks } from '../../../core/safe-filesystem.js';
 import { DEFAULT_DATABASE_RELATIVE_PATH, DEFAULT_PROMPT_CACHE_STABLE_READ, DEFAULT_PROMPT_CACHE_TASK_SOURCES, DEFAULT_PROMPT_CACHE_VOLATILE_SOURCES, INDEX_CONFIG_RELATIVE_PATH, LOCAL_INDEX_CONTENT_MODE, LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS, LOCAL_INDEX_PARSER_VERSION, LOCAL_INDEX_SCHEMA_VERSION, LOCAL_INDEX_STORE_FULL_CONTENT, LATEST_RUN_STATE_RELATIVE_PATH, MAX_SEARCH_MATCH_SNIPPET_CHARS, MAX_SNIPPET_BYTES_PER_DOCUMENT, MUSTFLOW_RELATIVE_PATH, SEARCH_BACKEND_FTS5, SEARCH_BACKEND_TABLE_SCAN, SEARCH_MATCH_CONTEXT_AFTER_CHARS, SEARCH_MATCH_CONTEXT_BEFORE_CHARS, SEARCH_MATCH_TRUNCATION_MARKER, SEARCH_NGRAM_MAX_GRAMS_PER_TARGET, SEARCH_NGRAM_MAX_LENGTH, SEARCH_NGRAM_MAX_TOKEN_CHARS, SEARCH_NGRAM_MIN_LENGTH, SOURCE_INDEX_MAX_FILE_BYTES, TEST_DISABLE_FTS5_ENV, } from './constants.js';
 import { loadSqlJs } from './sql.js';
 export function getLocalIndexDatabasePath(projectRoot) {
@@ -2202,8 +2203,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
         const database = new SQL.Database();
         createSchema(database, capabilities);
         populateDatabase(database, capabilities, documents, skills, skillRoutes, commandIntents, sourceAnchors, indexedFiles, verificationEvidence, indexMode, sourceScopeHash, includeSource, new Date().toISOString());
-        mkdirSync(path.dirname(databasePath), { recursive: true });
-        writeFileSync(databasePath, database.export());
+        writeFileInsideWithoutSymlinks(projectRoot, databasePath, database.export());
         database.close();
     }
     return {

package/dist/cli/lib/repo-map.js

@@ -1,8 +1,9 @@
 import { spawnSync } from 'node:child_process';
 import { createHash } from 'node:crypto';
-import { existsSync, lstatSync, readdirSync, realpathSync, statSync, writeFileSync } from 'node:fs';
+import { existsSync, lstatSync, readdirSync, realpathSync, statSync } from 'node:fs';
 import path from 'node:path';
 import { toPosixPath } from './filesystem.js';
+import { writeUtf8FileInsideWithoutSymlinks } from '../../core/safe-filesystem.js';
 import { readTomlFile } from './toml.js';
 const DEFAULT_DEPTH = 3;
 const REPO_MAP_DOC_ID = 'repo-map';
@@ -691,5 +692,5 @@ export function generateRepoMap(projectRoot, options = {}) {
     ].join('\n');
 }
 export function writeRepoMap(projectRoot, content) {
-    writeFileSync(path.join(projectRoot, 'REPO_MAP.md'), content);
+    writeUtf8FileInsideWithoutSymlinks(projectRoot, path.join(projectRoot, 'REPO_MAP.md'), content);
 }

package/dist/cli/lib/run-plan.js

@@ -4,7 +4,7 @@ import { resolveSafeProjectCwd } from '../../core/command-cwd.js';
 import { resolveCommandEnv } from '../../core/command-env.js';
 import { evaluateCommandIntentEligibility, } from '../../core/command-intent-eligibility.js';
 import { isRecord, readPositiveInteger, readString, readStringArray, } from '../../core/config-loading.js';
-import { DEFAULT_COMMAND_MAX_OUTPUT_BYTES, MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage, } from '../../core/command-output-limits.js';
+import { DEFAULT_COMMAND_MAX_OUTPUT_BYTES, COMMAND_OUTPUT_LIMIT_SCOPE, MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage, } from '../../core/command-output-limits.js';
 import { t } from './i18n.js';
 function getSuccessExitCodes(intent) {
     const value = intent.success_exit_codes;
@@ -78,8 +78,10 @@ function readEffectiveMaxOutputBytes(contract, intent) {
         readPositiveInteger(contract.defaults, 'max_output_bytes') ??
         DEFAULT_COMMAND_MAX_OUTPUT_BYTES;
 }
-function readEffectiveKillAfterSeconds(contract) {
-    return readPositiveInteger(contract.defaults, 'kill_after_seconds') ?? 5;
+function readEffectiveKillAfterSeconds(contract, intent) {
+    return readPositiveInteger(intent, 'kill_after_seconds') ??
+        readPositiveInteger(contract.defaults, 'kill_after_seconds') ??
+        5;
 }
 function getMaxOutputBytesLimitDetail(contract, intent) {
     const intentValue = readPositiveInteger(intent, 'max_output_bytes');
@@ -106,7 +108,7 @@ function readRunIntentMetadata(contract, intent) {
         kind: readString(intent, 'kind') ?? null,
         configuredCwd,
         timeoutSeconds: readPositiveInteger(intent, 'timeout_seconds') ?? null,
-        killAfterSeconds: readEffectiveKillAfterSeconds(contract),
+        killAfterSeconds: readEffectiveKillAfterSeconds(contract, intent),
         maxOutputBytes: readEffectiveMaxOutputBytes(contract, intent),
         successExitCodes: getSuccessExitCodes(intent),
         commandArgv,
@@ -284,7 +286,9 @@ export function createRunPreview(plan, previewMode) {
         cwd: plan.relativeCwd,
         resolved_cwd: plan.cwd,
         timeout_seconds: plan.timeoutSeconds,
+        kill_after_seconds: plan.killAfterSeconds,
         max_output_bytes: plan.maxOutputBytes,
+        max_output_bytes_scope: plan.maxOutputBytes === null ? null : COMMAND_OUTPUT_LIMIT_SCOPE,
         mode: plan.mode,
         argv: plan.commandArgv,
         resolved_argv: plan.argvCommand,

package/dist/core/check-issues.js

@@ -4,7 +4,7 @@ const CHECK_ISSUE_ID_RULES = [
     ['mustflow.command_contract.configured_missing_lifecycle', /^Configured intent [^\s]+ must define lifecycle$/u],
     ['mustflow.command_contract.configured_missing_run_policy', /^Configured intent [^\s]+ must define run_policy$/u],
     ['mustflow.command_contract.oneshot_missing_timeout', /^Oneshot intent [^\s]+ must define timeout_seconds$/u],
-    ['mustflow.command_contract.max_output_bytes_exceeds_limit', /^\[commands\.(?:defaults|intents\.[^\]]+)\]\.max_output_bytes must be less than or equal to \d+$/u],
+    ['mustflow.command_contract.max_output_bytes_exceeds_limit', /^\[commands\.(?:defaults|intents\.[^\]]+)\]\.max_output_bytes must be less than or equal to \d+ per output stream$/u],
     ['mustflow.command_contract.oneshot_stdin_not_closed', /^Oneshot intent [^\s]+ must set stdin = "closed"$/u],
     ['mustflow.command_contract.long_running_agent_allowed', /^Long-running intent [^\s]+ must not use run_policy = "agent_allowed"$/u],
     ['mustflow.command_contract.executable_source_missing', /^Configured intent [^\s]+ must define argv or mode = "shell" with cmd$/u],

package/dist/core/command-contract-validation.js

@@ -161,6 +161,7 @@ function validateCommandIntent(intentName, intent, issues) {
     validateAllowedStringField(intent, 'env_policy', `[commands.intents.${intentName}].env_policy`, COMMAND_ENV_POLICIES, issues);
     validateStringArrayField(intent, 'env_allowlist', `[commands.intents.${intentName}].env_allowlist`, issues);
     validateMaxOutputBytesField(intent, 'max_output_bytes', `[commands.intents.${intentName}].max_output_bytes`, issues);
+    validatePositiveIntegerField(intent, 'kill_after_seconds', `[commands.intents.${intentName}].kill_after_seconds`, issues);
     validateCommandIntentSelection(intentName, intent, issues);
     if (intent.status !== 'configured') {
         return;
@@ -223,10 +224,10 @@ function getEffectiveCommandEnvPolicy(defaults, intent) {
     }
     return { policy: DEFAULT_COMMAND_ENV_POLICY, source: 'implicit' };
 }
-function validateCommandEnvInheritanceWarnings(commandsToml) {
-    const issues = [];
+export function findCommandEnvInheritanceWarnings(commandsToml) {
+    const warnings = [];
     if (!commandsToml || !isRecord(commandsToml.intents)) {
-        return issues;
+        return warnings;
     }
     const defaults = isRecord(commandsToml.defaults) ? commandsToml.defaults : undefined;
     for (const [intentName, intent] of Object.entries(commandsToml.intents)) {
@@ -237,13 +238,26 @@ function validateCommandEnvInheritanceWarnings(commandsToml) {
         if (envPolicy.policy !== 'inherit') {
             continue;
         }
-        const networkScope = intent.network === true ? ' with network = true' : '';
-        const migration = 'set env_policy = "minimal" or "allowlist" unless broad host state is required';
-        if (envPolicy.source === 'implicit') {
-            issues.push(commandContractWarning(`configured agent-runnable intent ${intentName} implicitly inherits the host environment${networkScope}; ${migration}`));
-            continue;
-        }
-        issues.push(commandContractWarning(`configured agent-runnable intent ${intentName} uses env_policy = "inherit"${networkScope}; ${migration}`));
+        warnings.push({
+            intentName,
+            source: envPolicy.source,
+            network: intent.network === true,
+        });
+    }
+    return warnings;
+}
+function formatCommandEnvInheritanceWarning(warning) {
+    const networkScope = warning.network ? ' with network = true' : '';
+    const migration = 'set env_policy = "minimal" or "allowlist" unless broad host state is required';
+    if (warning.source === 'implicit') {
+        return `configured agent-runnable intent ${warning.intentName} implicitly inherits the host environment${networkScope}; ${migration}`;
+    }
+    return `configured agent-runnable intent ${warning.intentName} uses env_policy = "inherit"${networkScope}; ${migration}`;
+}
+function validateCommandEnvInheritanceWarnings(commandsToml) {
+    const issues = [];
+    for (const warning of findCommandEnvInheritanceWarnings(commandsToml)) {
+        issues.push(commandContractWarning(formatCommandEnvInheritanceWarning(warning)));
     }
     return issues;
 }

package/dist/core/command-output-limits.js

@@ -1,5 +1,6 @@
 export const DEFAULT_COMMAND_MAX_OUTPUT_BYTES = 1_048_576;
 export const MAX_COMMAND_OUTPUT_BYTES = 16 * 1024 * 1024;
+export const COMMAND_OUTPUT_LIMIT_SCOPE = 'per_stream';
 export function commandMaxOutputBytesLimitMessage(label) {
-    return `${label} must be less than or equal to ${MAX_COMMAND_OUTPUT_BYTES}`;
+    return `${label} must be less than or equal to ${MAX_COMMAND_OUTPUT_BYTES} per output stream`;
 }

package/dist/core/line-endings.js

@@ -1,6 +1,7 @@
 import { spawnSync } from 'node:child_process';
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
+import { readFileInsideWithoutSymlinks, writeFileInsideWithoutSymlinks } from './safe-filesystem.js';
 const GITATTRIBUTES_PATH = '.gitattributes';
 function toPosixPath(value) {
     return value.split(path.sep).join('/');
@@ -10,7 +11,7 @@ function hasLfPolicy(projectRoot) {
     if (!existsSync(attributesPath)) {
         return false;
     }
-    const content = readFileSync(attributesPath, 'utf8');
+    const content = readFileInsideWithoutSymlinks(projectRoot, attributesPath).toString('utf8');
     return /^\*\s+.*(?:^|\s)eol=lf(?:\s|$)/imu.test(content);
 }
 function gitList(projectRoot, args) {
@@ -107,14 +108,21 @@ export function inspectLineEndings(projectRoot, mode, options = {}) {
         if (!existsSync(absolutePath)) {
             continue;
         }
-        const buffer = readFileSync(absolutePath);
+        let buffer;
+        try {
+            buffer = readFileInsideWithoutSymlinks(root, absolutePath);
+        }
+        catch (error) {
+            issues.push(error instanceof Error ? error.message : String(error));
+            continue;
+        }
         const lineEnding = detectLineEnding(buffer);
         const wouldChange = policy === 'lf' && (lineEnding === 'crlf' || lineEnding === 'mixed');
         if (!wouldChange) {
             continue;
         }
         if (canApply) {
-            writeFileSync(absolutePath, normalizeLf(buffer));
+            writeFileInsideWithoutSymlinks(root, absolutePath, normalizeLf(buffer));
             changedFiles.push(toPosixPath(relativePath));
         }
         nonCompliantFiles.push({

package/dist/core/repeated-failure.js

@@ -1,6 +1,7 @@
 import { createHash } from 'node:crypto';
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync, readFileSync } from 'node:fs';
 import path from 'node:path';
+import { writeJsonFileInsideWithoutSymlinks } from './safe-filesystem.js';
 export const REPEATED_FAILURE_STATE_PATH = '.mustflow/state/repeated-failures.json';
 export const REPEATED_FAILURE_STATE_LIMIT = 50;
 const UNRESOLVED_VERIFY_STATUSES = new Set(['failed', 'blocked', 'partial']);
@@ -59,8 +60,7 @@ function readRepeatedFailureState(projectRoot) {
 }
 function writeRepeatedFailureState(projectRoot, state) {
     const statePath = repeatedFailureStatePath(projectRoot);
-    mkdirSync(path.dirname(statePath), { recursive: true });
-    writeFileSync(statePath, `${JSON.stringify(state, null, 2)}\n`, 'utf8');
+    writeJsonFileInsideWithoutSymlinks(projectRoot, statePath, state);
 }
 export function createVerificationFailureFingerprint(input) {
     const failedIntents = normalizeStrings(input.failedIntents);

package/dist/core/run-performance-history.js

@@ -1,5 +1,6 @@
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync, readFileSync } from 'node:fs';
 import path from 'node:path';
+import { writeJsonFileInsideWithoutSymlinks } from './safe-filesystem.js';
 const PERFORMANCE_HISTORY_SCHEMA_VERSION = '1';
 const PERFORMANCE_HISTORY_DIR = path.join('.mustflow', 'state', 'perf');
 const PERFORMANCE_SAMPLES_FILE = 'samples.json';
@@ -297,9 +298,8 @@ export function recordRunPerformanceHistory(projectRoot, receipt) {
         const samples = enforceSizeLimit(pruneSamples([...readSamples(samplesPath), sample], sample.observed_day), sample.observed_day);
         const samplesFile = createSamplesFile(samples);
         const summaryFile = createSummary(samples, sample.observed_day);
-        mkdirSync(historyDir, { recursive: true });
-        writeFileSync(samplesPath, serialize(samplesFile));
-        writeFileSync(summaryPath, serialize(summaryFile));
+        writeJsonFileInsideWithoutSymlinks(projectRoot, samplesPath, samplesFile);
+        writeJsonFileInsideWithoutSymlinks(projectRoot, summaryPath, summaryFile);
     }
     catch {
         // Performance history is a local optimization hint. A write failure must not affect command execution.

package/dist/core/run-profile.js

@@ -1,6 +1,6 @@
-import { mkdirSync, writeFileSync } from 'node:fs';
 import { performance } from 'node:perf_hooks';
 import path from 'node:path';
+import { writeJsonFileInsideWithoutSymlinks } from './safe-filesystem.js';
 const RUN_PROFILE_SCHEMA_VERSION = '1';
 const RUN_PROFILE_ENV = 'MUSTFLOW_RUN_PROFILE';
 const RUN_PROFILE_DIR = path.join('.mustflow', 'state', 'runs');
@@ -75,8 +75,7 @@ export class RunProfiler {
             profile_path: getProfileRelativePath(),
         };
         const profilePath = path.join(input.projectRoot, RUN_PROFILE_DIR, LATEST_RUN_PROFILE);
-        mkdirSync(path.dirname(profilePath), { recursive: true });
-        writeFileSync(profilePath, `${JSON.stringify(profile, null, 2)}\n`);
+        writeJsonFileInsideWithoutSymlinks(input.projectRoot, profilePath, profile);
     }
     recordPhase(name, startedAtMs) {
         this.phases.push({

package/dist/core/run-receipt.js

@@ -1,8 +1,10 @@
 import { createHash } from 'node:crypto';
 import path from 'node:path';
-import { atomicWriteJsonFile, createStateRunId } from './atomic-state-write.js';
+import { createStateRunId } from './atomic-state-write.js';
+import { COMMAND_OUTPUT_LIMIT_SCOPE } from './command-output-limits.js';
 import { decodeUtf8Tail } from './bounded-output.js';
 import { DEFAULT_RUN_RECEIPT_TAIL_BYTES } from './retention-policy.js';
+import { writeJsonFileInsideWithoutSymlinks } from './safe-filesystem.js';
 import { redactSecretLikeText } from './secret-redaction.js';
 const RUN_RECEIPT_SCHEMA_VERSION = '1';
 const RUN_RECEIPT_DIR = path.join('.mustflow', 'state', 'runs');
@@ -111,6 +113,7 @@ function createPerformanceSummary(input) {
         cwd: input.cwd,
         env_allowlist: input.envAllowlist,
         env_policy: input.envPolicy,
+        kill_after_seconds: input.killAfterSeconds,
         lifecycle: input.lifecycle,
         max_output_bytes: input.maxOutputBytes,
         mode: input.mode,
@@ -148,8 +151,10 @@ function createPerformanceSummary(input) {
         output_summary: {
             stdout_bytes: input.stdout.bytes,
             stderr_bytes: input.stderr.bytes,
+            total_bytes: input.stdout.bytes + input.stderr.bytes,
             stdout_truncated: input.stdout.truncated,
             stderr_truncated: input.stderr.truncated,
+            max_output_bytes_scope: COMMAND_OUTPUT_LIMIT_SCOPE,
         },
         result_summary: {
             status: input.status,
@@ -235,7 +240,9 @@ export function createRunReceipt(input) {
         env_policy: input.envPolicy,
         env_allowlist: input.envAllowlist,
         timeout_seconds: input.timeoutSeconds,
+        kill_after_seconds: input.killAfterSeconds,
         max_output_bytes: input.maxOutputBytes,
+        max_output_bytes_scope: COMMAND_OUTPUT_LIMIT_SCOPE,
         success_exit_codes: input.successExitCodes,
         exit_code: input.exitCode,
         signal: input.signal,
@@ -260,6 +267,7 @@ export function createRunReceipt(input) {
             envPolicy: input.envPolicy,
             envAllowlist: input.envAllowlist,
             timeoutSeconds: input.timeoutSeconds,
+            killAfterSeconds: input.killAfterSeconds,
             maxOutputBytes: input.maxOutputBytes,
             successExitCodes: input.successExitCodes,
             exitCode: input.exitCode,
@@ -285,6 +293,6 @@ export function writeRunReceipt(projectRoot, receipt) {
     if (relativeToRunDir.startsWith('..') || path.isAbsolute(relativeToRunDir)) {
         throw new Error(`Run receipt path must stay inside ${RUN_RECEIPT_DIR}`);
     }
-    atomicWriteJsonFile(receiptPath, receipt);
-    atomicWriteJsonFile(latestPath, receipt);
+    writeJsonFileInsideWithoutSymlinks(projectRoot, receiptPath, receipt);
+    writeJsonFileInsideWithoutSymlinks(projectRoot, latestPath, receipt);
 }