mustflow 2.18.21 → 2.21.2

package/dist/cli/commands/classify.js

@@ -1,6 +1,6 @@
-import { mkdirSync, writeFileSync } from 'node:fs';
 import path from 'node:path';
 import { createChangeClassificationReport, } from '../../core/change-classification.js';
+import { writeJsonFileInsideWithoutSymlinks } from '../../core/safe-filesystem.js';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { requireGitChangedFiles } from '../lib/git-changes.js';
 import { t } from '../lib/i18n.js';
@@ -111,8 +111,7 @@ function resolveWritePath(projectRoot, inputPath) {
 }
 function writeClassifyOutput(projectRoot, inputPath, output) {
     const outputPath = resolveWritePath(projectRoot, inputPath);
-    mkdirSync(path.dirname(outputPath), { recursive: true });
-    writeFileSync(outputPath, `${JSON.stringify(output, null, 2)}\n`, 'utf8');
+    writeJsonFileInsideWithoutSymlinks(projectRoot, outputPath, output);
 }
 export function runClassify(args, reporter, lang = 'en') {
     if (args.includes('--help') || args.includes('-h')) {

package/dist/cli/commands/doctor.js

@@ -5,7 +5,9 @@ import { getAgentContext, } from '../lib/agent-context.js';
 import { t } from '../lib/i18n.js';
 import { getLocalIndexDatabasePath } from '../lib/local-index.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
-import { checkMustflowProject } from '../lib/validation.js';
+import { checkMustflowProjectReport } from '../lib/validation.js';
+import { findCommandEnvInheritanceWarnings } from '../../core/command-contract-validation.js';
+import { readCommandContract } from '../../core/config-loading.js';
 import { summarizeSkillRouteAlignment } from '../../core/skill-route-alignment.js';
 const DOCTOR_SCHEMA_VERSION = '1';
 export function getDoctorHelp(lang = 'en') {
@@ -46,6 +48,7 @@ function createDiagnostics(output) {
     const localIndexExists = existsSync(getLocalIndexDatabasePath(output.mustflow_root));
     const runnableIntentCount = output.context.runnable_intents.length;
     const skillRouteAlignment = summarizeSkillRouteAlignment(output.check.issues);
+    const inheritedEnvIntentCount = output.command_environment.inherited_intents.length;
     diagnostics.push({
         id: 'install',
         status: output.installed ? 'ok' : 'fail',
@@ -55,7 +58,9 @@ function createDiagnostics(output) {
     diagnostics.push({
         id: 'validation',
         status: output.check.ok ? 'ok' : 'fail',
-        summary: `${output.check.issue_count} ${pluralize(output.check.issue_count, 'issue', 'issues')}`,
+        summary: output.check.warning_count === 0
+            ? `${output.check.issue_count} ${pluralize(output.check.issue_count, 'issue', 'issues')}`
+            : `${output.check.issue_count} ${pluralize(output.check.issue_count, 'issue', 'issues')}, ${output.check.warning_count} ${pluralize(output.check.warning_count, 'warning', 'warnings')}`,
         action: output.check.ok ? null : checkCommand,
     });
     diagnostics.push({
@@ -72,6 +77,16 @@ function createDiagnostics(output) {
             : 'missing',
         action: output.context.command_contract_exists ? 'mf help commands' : 'mf init --dry-run',
     });
+    diagnostics.push({
+        id: 'environment',
+        status: output.context.command_contract_exists ? (inheritedEnvIntentCount > 0 ? 'warn' : 'ok') : 'info',
+        summary: output.context.command_contract_exists
+            ? inheritedEnvIntentCount === 0
+                ? 'no inherited host-environment intents'
+                : `${inheritedEnvIntentCount} inherited host-environment ${pluralize(inheritedEnvIntentCount, 'intent', 'intents')}: ${output.command_environment.inherited_intents.join(', ')}`
+            : 'command contract missing',
+        action: inheritedEnvIntentCount > 0 ? 'mf check --strict --json' : null,
+    });
     diagnostics.push({
         id: 'read_order',
         status: output.context.missing_read_order.length === 0 ? 'ok' : 'fail',
@@ -124,15 +139,37 @@ function getNextSteps(output) {
     }
     return nextSteps;
 }
+function readCommandEnvironmentSummary(projectRoot) {
+    try {
+        const contract = readCommandContract(projectRoot);
+        const warnings = findCommandEnvInheritanceWarnings(contract);
+        return {
+            inherited_intents: warnings.map((warning) => warning.intentName).sort((left, right) => left.localeCompare(right)),
+            inherited_network_intents: warnings
+                .filter((warning) => warning.network)
+                .map((warning) => warning.intentName)
+                .sort((left, right) => left.localeCompare(right)),
+        };
+    }
+    catch {
+        return {
+            inherited_intents: [],
+            inherited_network_intents: [],
+        };
+    }
+}
 function createDoctorOutput(strict) {
     const mustflowRoot = resolveMustflowRoot();
     const context = getAgentContext(mustflowRoot);
-    const issues = checkMustflowProject(mustflowRoot, { strict });
+    const checkReport = checkMustflowProjectReport(mustflowRoot, { strict });
     const check = {
-        ok: issues.length === 0,
-        issue_count: issues.length,
-        issues,
+        ok: checkReport.issues.length === 0,
+        issue_count: checkReport.issues.length,
+        issues: checkReport.issues,
+        warning_count: checkReport.warnings.length,
+        warnings: checkReport.warnings,
     };
+    const commandEnvironment = readCommandEnvironmentSummary(mustflowRoot);
     const baseOutput = {
         schema_version: DOCTOR_SCHEMA_VERSION,
         command: 'doctor',
@@ -150,6 +187,7 @@ function createDoctorOutput(strict) {
             missing_optional_read_order: context.optional_read_order.filter((entry) => !entry.exists).map((entry) => entry.path),
             latest_run_exists: context.latest_run.exists,
         },
+        command_environment: commandEnvironment,
         effective_policy: context.effective_policy,
         state_policy: context.state_policy,
         blocked_actions: context.blocked_actions,
@@ -171,6 +209,8 @@ function getDiagnosticLabel(id, lang) {
             return t(lang, 'doctor.diagnostic.skillRoutes');
         case 'commands':
             return t(lang, 'doctor.diagnostic.commands');
+        case 'environment':
+            return t(lang, 'doctor.diagnostic.environment');
         case 'read_order':
             return t(lang, 'doctor.diagnostic.readOrder');
         case 'optional_read_order':

package/dist/cli/commands/run/output.js

@@ -46,7 +46,7 @@ export function writeStreamChunk(reporter, stream, chunk) {
     reporter.stderr(chunk.toString());
 }
 export function createOutputLimitError(stream, maxOutputBytes) {
-    return Object.assign(new Error(`${stream} exceeded max_output_bytes (${maxOutputBytes})`), {
+    return Object.assign(new Error(`${stream} exceeded per-stream max_output_bytes (${maxOutputBytes})`), {
         code: OUTPUT_LIMIT_ERROR_CODE,
     });
 }

package/dist/cli/commands/run/receipt.js

@@ -16,6 +16,7 @@ export function assembleRunReceipt(input) {
         envPolicy: input.plan.envPolicy,
         envAllowlist: input.plan.envAllowlist,
         timeoutSeconds: input.plan.timeoutSeconds,
+        killAfterSeconds: input.plan.killAfterSeconds,
         maxOutputBytes: input.plan.maxOutputBytes,
         successExitCodes: input.plan.successExitCodes,
         exitCode: input.exitCode,

package/dist/cli/commands/run.js

@@ -171,7 +171,9 @@ export async function runRun(args, reporter, lang = 'en', options = {}) {
     }
     const runReceiptPolicy = profiler.measure('retention_policy', () => resolveRunReceiptRetentionPolicy(readMustflowConfigIfExists(projectRoot)));
     const env = profiler.measure('environment', () => createCommandEnv(projectRoot, { policy: plan.envPolicy, allowlist: plan.envAllowlist }));
-    const writeTracker = profiler.measure('write_drift_before', () => startRunWriteTracking(projectRoot, contract, intentName));
+    const writeTracker = profiler.measure('write_drift_before', () => startRunWriteTracking(projectRoot, contract, intentName, {
+        additionalDeclaredPaths: options.additionalDeclaredWritePaths,
+    }));
     const stdoutTailBytes = Math.min(runReceiptPolicy.stdoutTailBytes, plan.maxOutputBytes);
     const stderrTailBytes = Math.min(runReceiptPolicy.stderrTailBytes, plan.maxOutputBytes);
     let streamedOutput = false;

package/dist/cli/commands/verify.js

@@ -1,11 +1,12 @@
 import { createHash } from 'node:crypto';
-import { mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { readFileSync } from 'node:fs';
 import path from 'node:path';
 import { createClassifyOutput } from './classify.js';
 import { runRun } from './run.js';
 import { createChangeVerificationReport, } from '../../core/change-verification.js';
+import { writeJsonFileInsideWithoutSymlinks } from '../../core/safe-filesystem.js';
 import { createVerifyCompletionVerdict, } from '../../core/completion-verdict.js';
-import { atomicWriteJsonFile, createStateRunId } from '../../core/atomic-state-write.js';
+import { createStateRunId } from '../../core/atomic-state-write.js';
 import { createExternalEvidenceRisks, } from '../../core/external-evidence.js';
 import { createRepeatedFailureRisks, createVerificationFailureFingerprint, updateRepeatedFailureState, } from '../../core/repeated-failure.js';
 import { countReproEvidenceVerdictEffects, createReproEvidenceRisks, } from '../../core/repro-evidence.js';
@@ -545,8 +546,7 @@ function createInputFromChanged(projectRoot) {
 }
 function writeChangedPlan(projectRoot, inputPath, plan) {
     const planPath = resolvePlanPath(projectRoot, inputPath);
-    mkdirSync(path.dirname(planPath), { recursive: true });
-    writeFileSync(planPath, `${JSON.stringify(plan, null, 2)}\n`, 'utf8');
+    writeJsonFileInsideWithoutSymlinks(projectRoot, planPath, plan);
 }
 export function planErrorMessageKey(code) {
     switch (code) {
@@ -628,11 +628,12 @@ function testTargetsByScheduledIntent(report) {
         candidate.appliedTestTargets.length > 0)
         .map((candidate) => [candidate.intent, candidate.appliedTestTargets]));
 }
-async function runVerificationIntent(intent, lang, verificationPlanId, testTargets = []) {
+async function runVerificationIntent(intent, lang, verificationPlanId, testTargets = [], additionalDeclaredWritePaths = []) {
     const output = createBufferedOutput();
     const exitCode = await runRun([intent, '--json'], output.reporter, lang, {
         writeLatestReceipt: false,
         testTargets,
+        additionalDeclaredWritePaths,
     });
     const rawStdout = output.stdout().trim();
     let receipt = null;
@@ -680,7 +681,12 @@ async function runVerificationEntriesInParallelChunks(entries, parallelism, lang
     const results = [];
     for (let index = 0; index < entries.length; index += parallelism) {
         const chunk = entries.slice(index, index + parallelism);
-        results.push(...(await Promise.all(chunk.map((entry) => runVerificationIntent(entry.intent, lang, verificationPlanId, scheduledTestTargets.get(entry.intent) ?? [])))));
+        const batchDeclaredWritePaths = [
+            ...new Set(chunk.flatMap((entry) => entry.effects
+                .filter((effect) => effect.access === 'write' && typeof effect.path === 'string')
+                .map((effect) => effect.path))),
+        ].sort((left, right) => left.localeCompare(right));
+        results.push(...(await Promise.all(chunk.map((entry) => runVerificationIntent(entry.intent, lang, verificationPlanId, scheduledTestTargets.get(entry.intent) ?? [], batchDeclaredWritePaths)))));
     }
     return results;
 }
@@ -1059,7 +1065,6 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
     const statePaths = createVerifyRunStatePaths(projectRoot);
     const receipts = [];
     const results = [];
-    mkdirSync(statePaths.absoluteIntentDir, { recursive: true });
     for (const [index, result] of output.results.entries()) {
         let receiptPath = null;
         let receiptSha256 = null;
@@ -1075,7 +1080,7 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
             };
             const receiptContent = `${JSON.stringify(receipt, null, 2)}\n`;
             receiptSha256 = hashTextSha256(receiptContent);
-            atomicWriteJsonFile(absoluteReceiptPath, receipt);
+            writeJsonFileInsideWithoutSymlinks(projectRoot, absoluteReceiptPath, receipt);
         }
         receipts.push({
             intent: result.intent,
@@ -1181,7 +1186,7 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
         ...(outputWithReceiptPaths.external_checks ? { external_checks: outputWithReceiptPaths.external_checks } : {}),
         receipts,
     };
-    atomicWriteJsonFile(statePaths.absoluteManifestPath, manifest);
+    writeJsonFileInsideWithoutSymlinks(projectRoot, statePaths.absoluteManifestPath, manifest);
     const latest = {
         schema_version: '1',
         command: 'verify',
@@ -1202,7 +1207,7 @@ function writeVerifyRunReceipts(projectRoot, output, report, sourceAnchorRisks,
         run_dir: statePaths.runDir,
         manifest_path: statePaths.manifestPath,
     };
-    atomicWriteJsonFile(path.join(projectRoot, LATEST_RUN_RECEIPT_PATH), latest);
+    writeJsonFileInsideWithoutSymlinks(projectRoot, path.join(projectRoot, LATEST_RUN_RECEIPT_PATH), latest);
     return outputWithReceiptPaths;
 }
 async function createVerifyOutput(input, planSource, projectRoot, lang, reproEvidence = null, externalChecks = [], parallelism = DEFAULT_VERIFY_PARALLELISM) {

package/dist/cli/i18n/en.js

@@ -488,6 +488,7 @@ export const enMessages = {
     "doctor.diagnostic.validation": "Validation",
     "doctor.diagnostic.skillRoutes": "Skill routes",
     "doctor.diagnostic.commands": "Command specification",
+    "doctor.diagnostic.environment": "Environment",
     "doctor.diagnostic.readOrder": "Read order",
     "doctor.diagnostic.optionalReadOrder": "Optional read order",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/es.js

@@ -488,6 +488,7 @@ export const esMessages = {
     "doctor.diagnostic.validation": "Validación",
     "doctor.diagnostic.skillRoutes": "Rutas de skills",
     "doctor.diagnostic.commands": "Especificación de comandos",
+    "doctor.diagnostic.environment": "Entorno",
     "doctor.diagnostic.readOrder": "Orden de lectura",
     "doctor.diagnostic.optionalReadOrder": "Orden de lectura opcional",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/fr.js

@@ -488,6 +488,7 @@ export const frMessages = {
     "doctor.diagnostic.validation": "Validation",
     "doctor.diagnostic.skillRoutes": "Routage des skills",
     "doctor.diagnostic.commands": "Spécification des commandes",
+    "doctor.diagnostic.environment": "Environnement",
     "doctor.diagnostic.readOrder": "Ordre de lecture",
     "doctor.diagnostic.optionalReadOrder": "Ordre de lecture optionnel",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/hi.js

@@ -488,6 +488,7 @@ export const hiMessages = {
     "doctor.diagnostic.validation": "सत्यापन",
     "doctor.diagnostic.skillRoutes": "स्किल रूट",
     "doctor.diagnostic.commands": "कमांड विनिर्देश",
+    "doctor.diagnostic.environment": "एनवायरनमेंट",
     "doctor.diagnostic.readOrder": "पढ़ने का क्रम",
     "doctor.diagnostic.optionalReadOrder": "वैकल्पिक पढ़ने का क्रम",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/ko.js

@@ -488,6 +488,7 @@ export const koMessages = {
     "doctor.diagnostic.validation": "검증",
     "doctor.diagnostic.skillRoutes": "스킬 라우팅",
     "doctor.diagnostic.commands": "명령",
+    "doctor.diagnostic.environment": "실행 환경",
     "doctor.diagnostic.readOrder": "읽기 순서",
     "doctor.diagnostic.optionalReadOrder": "선택적 읽기 순서",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/i18n/zh.js

@@ -488,6 +488,7 @@ export const zhMessages = {
     "doctor.diagnostic.validation": "验证",
     "doctor.diagnostic.skillRoutes": "技能路由",
     "doctor.diagnostic.commands": "命令规范",
+    "doctor.diagnostic.environment": "环境",
     "doctor.diagnostic.readOrder": "读取顺序",
     "doctor.diagnostic.optionalReadOrder": "可选读取顺序",
     "doctor.diagnostic.repoMap": "REPO_MAP.md",

package/dist/cli/lib/filesystem.js

@@ -1,103 +1,10 @@
-import { closeSync, constants, copyFileSync, existsSync, lstatSync, mkdirSync, openSync, readFileSync, readdirSync, statSync, writeFileSync, } from 'node:fs';
+import { copyFileSync, existsSync, mkdirSync, readdirSync, statSync } from 'node:fs';
 import path from 'node:path';
-const NOFOLLOW_FLAG = typeof constants.O_NOFOLLOW === 'number' ? constants.O_NOFOLLOW : 0;
+export { ensureFileTargetInsideWithoutSymlinks, ensureInside, ensureInsideWithoutSymlinks, readFileInsideWithoutSymlinks, readUtf8FileInsideWithoutSymlinks, writeFileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks, } from '../../core/safe-filesystem.js';
+import { readFileInsideWithoutSymlinks, writeFileInsideWithoutSymlinks, } from '../../core/safe-filesystem.js';
 export function toPosixPath(value) {
     return value.split(path.sep).join('/');
 }
-export function ensureInside(parentPath, childPath) {
-    const parent = path.resolve(parentPath);
-    const child = path.resolve(childPath);
-    const relative = path.relative(parent, child);
-    if (relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative))) {
-        return;
-    }
-    throw new Error(`Path escapes allowed directory: ${childPath}`);
-}
-function isMissingPathError(error) {
-    return error instanceof Error && 'code' in error && error.code === 'ENOENT';
-}
-export function ensureInsideWithoutSymlinks(parentPath, childPath, options = {}) {
-    ensureInside(parentPath, childPath);
-    const parent = path.resolve(parentPath);
-    const child = path.resolve(childPath);
-    const relative = path.relative(parent, child);
-    const segments = relative === '' ? [] : relative.split(path.sep).filter((segment) => segment.length > 0);
-    let currentPath = parent;
-    const parentStats = lstatSync(parent);
-    if (parentStats.isSymbolicLink()) {
-        throw new Error(`Path must not contain symlinks: ${childPath}`);
-    }
-    for (const [index, segment] of segments.entries()) {
-        currentPath = path.join(currentPath, segment);
-        const isLeaf = index === segments.length - 1;
-        try {
-            const stats = lstatSync(currentPath);
-            if (stats.isSymbolicLink()) {
-                throw new Error(`Path must not contain symlinks: ${childPath}`);
-            }
-            if (!isLeaf && !stats.isDirectory()) {
-                throw new Error(`Path component is not a directory: ${currentPath}`);
-            }
-        }
-        catch (error) {
-            if (isMissingPathError(error) && options.allowMissingLeaf) {
-                return;
-            }
-            throw error;
-        }
-    }
-}
-export function readUtf8FileInsideWithoutSymlinks(parentPath, childPath) {
-    return readFileInsideWithoutSymlinks(parentPath, childPath).toString('utf8');
-}
-export function readFileInsideWithoutSymlinks(parentPath, childPath) {
-    const absoluteChildPath = path.resolve(childPath);
-    ensureInsideWithoutSymlinks(parentPath, absoluteChildPath);
-    const fileDescriptor = openSync(absoluteChildPath, constants.O_RDONLY | NOFOLLOW_FLAG);
-    try {
-        return readFileSync(fileDescriptor);
-    }
-    finally {
-        closeSync(fileDescriptor);
-    }
-}
-export function ensureFileTargetInsideWithoutSymlinks(parentPath, childPath, options = {}) {
-    const absoluteChildPath = path.resolve(childPath);
-    ensureInside(parentPath, absoluteChildPath);
-    ensureInsideWithoutSymlinks(parentPath, path.dirname(absoluteChildPath), { allowMissingLeaf: true });
-    try {
-        const stats = lstatSync(absoluteChildPath);
-        if (stats.isSymbolicLink()) {
-            throw new Error(`Path must not contain symlinks: ${childPath}`);
-        }
-        if (!stats.isFile()) {
-            throw new Error(`Path must be a regular file: ${childPath}`);
-        }
-    }
-    catch (error) {
-        if (isMissingPathError(error) && options.allowMissingLeaf) {
-            return;
-        }
-        throw error;
-    }
-}
-export function writeUtf8FileInsideWithoutSymlinks(parentPath, childPath, content) {
-    writeFileInsideWithoutSymlinks(parentPath, childPath, content);
-}
-export function writeFileInsideWithoutSymlinks(parentPath, childPath, content) {
-    const absoluteChildPath = path.resolve(childPath);
-    const directoryPath = path.dirname(absoluteChildPath);
-    ensureInsideWithoutSymlinks(parentPath, directoryPath, { allowMissingLeaf: true });
-    mkdirSync(directoryPath, { recursive: true });
-    ensureFileTargetInsideWithoutSymlinks(parentPath, absoluteChildPath, { allowMissingLeaf: true });
-    const fileDescriptor = openSync(absoluteChildPath, constants.O_WRONLY | constants.O_CREAT | constants.O_TRUNC | NOFOLLOW_FLAG);
-    try {
-        writeFileSync(fileDescriptor, content);
-    }
-    finally {
-        closeSync(fileDescriptor);
-    }
-}
 export function copyFileInsideWithoutSymlinks(sourceParentPath, sourcePath, targetParentPath, targetPath) {
     const content = readFileInsideWithoutSymlinks(sourceParentPath, sourcePath);
     writeFileInsideWithoutSymlinks(targetParentPath, targetPath, content);

package/dist/cli/lib/local-index/index.js

@@ -1,4 +1,4 @@
-import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from 'node:fs';
+import { existsSync, readFileSync, statSync } from 'node:fs';
 import { createHash } from 'node:crypto';
 import path from 'node:path';
 import { isRecord, readCommandContract, readString, readStringArray } from '../command-contract.js';
@@ -8,6 +8,7 @@ import { collectSourceAnchorIndexRecords, hasHighRiskSourceAnchorRiskTags, } fro
 import { listSourceAnchorFiles } from '../../../core/source-anchors.js';
 import { normalizeCommandEffects } from '../../../core/command-effects.js';
 import { listChangeClassificationRuleDescriptors } from '../../../core/change-classification.js';
+import { writeFileInsideWithoutSymlinks } from '../../../core/safe-filesystem.js';
 import { DEFAULT_DATABASE_RELATIVE_PATH, DEFAULT_PROMPT_CACHE_STABLE_READ, DEFAULT_PROMPT_CACHE_TASK_SOURCES, DEFAULT_PROMPT_CACHE_VOLATILE_SOURCES, INDEX_CONFIG_RELATIVE_PATH, LOCAL_INDEX_CONTENT_MODE, LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS, LOCAL_INDEX_PARSER_VERSION, LOCAL_INDEX_SCHEMA_VERSION, LOCAL_INDEX_STORE_FULL_CONTENT, LATEST_RUN_STATE_RELATIVE_PATH, MAX_SEARCH_MATCH_SNIPPET_CHARS, MAX_SNIPPET_BYTES_PER_DOCUMENT, MUSTFLOW_RELATIVE_PATH, SEARCH_BACKEND_FTS5, SEARCH_BACKEND_TABLE_SCAN, SEARCH_MATCH_CONTEXT_AFTER_CHARS, SEARCH_MATCH_CONTEXT_BEFORE_CHARS, SEARCH_MATCH_TRUNCATION_MARKER, SEARCH_NGRAM_MAX_GRAMS_PER_TARGET, SEARCH_NGRAM_MAX_LENGTH, SEARCH_NGRAM_MAX_TOKEN_CHARS, SEARCH_NGRAM_MIN_LENGTH, SOURCE_INDEX_MAX_FILE_BYTES, TEST_DISABLE_FTS5_ENV, } from './constants.js';
 import { loadSqlJs } from './sql.js';
 export function getLocalIndexDatabasePath(projectRoot) {
@@ -2202,8 +2203,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
         const database = new SQL.Database();
         createSchema(database, capabilities);
         populateDatabase(database, capabilities, documents, skills, skillRoutes, commandIntents, sourceAnchors, indexedFiles, verificationEvidence, indexMode, sourceScopeHash, includeSource, new Date().toISOString());
-        mkdirSync(path.dirname(databasePath), { recursive: true });
-        writeFileSync(databasePath, database.export());
+        writeFileInsideWithoutSymlinks(projectRoot, databasePath, database.export());
         database.close();
     }
     return {
@@ -2245,7 +2245,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
         max_snippet_bytes_per_document: MAX_SNIPPET_BYTES_PER_DOCUMENT,
         excluded_raw_data_kinds: [...LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS],
         indexed_file_count: indexedFiles.length,
-        indexed_paths: documents.map((document) => document.path),
+        indexed_paths: indexedFiles.map((file) => file.path),
     };
 }
 function readStoredSchemaVersion(database) {

package/dist/cli/lib/repo-map.js

@@ -1,8 +1,9 @@
 import { spawnSync } from 'node:child_process';
 import { createHash } from 'node:crypto';
-import { existsSync, lstatSync, readdirSync, realpathSync, statSync, writeFileSync } from 'node:fs';
+import { existsSync, lstatSync, readdirSync, realpathSync, statSync } from 'node:fs';
 import path from 'node:path';
 import { toPosixPath } from './filesystem.js';
+import { writeUtf8FileInsideWithoutSymlinks } from '../../core/safe-filesystem.js';
 import { readTomlFile } from './toml.js';
 const DEFAULT_DEPTH = 3;
 const REPO_MAP_DOC_ID = 'repo-map';
@@ -691,5 +692,5 @@ export function generateRepoMap(projectRoot, options = {}) {
     ].join('\n');
 }
 export function writeRepoMap(projectRoot, content) {
-    writeFileSync(path.join(projectRoot, 'REPO_MAP.md'), content);
+    writeUtf8FileInsideWithoutSymlinks(projectRoot, path.join(projectRoot, 'REPO_MAP.md'), content);
 }

package/dist/cli/lib/run-plan.js

@@ -4,7 +4,7 @@ import { resolveSafeProjectCwd } from '../../core/command-cwd.js';
 import { resolveCommandEnv } from '../../core/command-env.js';
 import { evaluateCommandIntentEligibility, } from '../../core/command-intent-eligibility.js';
 import { isRecord, readPositiveInteger, readString, readStringArray, } from '../../core/config-loading.js';
-import { DEFAULT_COMMAND_MAX_OUTPUT_BYTES, MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage, } from '../../core/command-output-limits.js';
+import { DEFAULT_COMMAND_MAX_OUTPUT_BYTES, COMMAND_OUTPUT_LIMIT_SCOPE, MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage, } from '../../core/command-output-limits.js';
 import { t } from './i18n.js';
 function getSuccessExitCodes(intent) {
     const value = intent.success_exit_codes;
@@ -78,8 +78,10 @@ function readEffectiveMaxOutputBytes(contract, intent) {
         readPositiveInteger(contract.defaults, 'max_output_bytes') ??
         DEFAULT_COMMAND_MAX_OUTPUT_BYTES;
 }
-function readEffectiveKillAfterSeconds(contract) {
-    return readPositiveInteger(contract.defaults, 'kill_after_seconds') ?? 5;
+function readEffectiveKillAfterSeconds(contract, intent) {
+    return readPositiveInteger(intent, 'kill_after_seconds') ??
+        readPositiveInteger(contract.defaults, 'kill_after_seconds') ??
+        5;
 }
 function getMaxOutputBytesLimitDetail(contract, intent) {
     const intentValue = readPositiveInteger(intent, 'max_output_bytes');
@@ -106,7 +108,7 @@ function readRunIntentMetadata(contract, intent) {
         kind: readString(intent, 'kind') ?? null,
         configuredCwd,
         timeoutSeconds: readPositiveInteger(intent, 'timeout_seconds') ?? null,
-        killAfterSeconds: readEffectiveKillAfterSeconds(contract),
+        killAfterSeconds: readEffectiveKillAfterSeconds(contract, intent),
         maxOutputBytes: readEffectiveMaxOutputBytes(contract, intent),
         successExitCodes: getSuccessExitCodes(intent),
         commandArgv,
@@ -284,7 +286,9 @@ export function createRunPreview(plan, previewMode) {
         cwd: plan.relativeCwd,
         resolved_cwd: plan.cwd,
         timeout_seconds: plan.timeoutSeconds,
+        kill_after_seconds: plan.killAfterSeconds,
         max_output_bytes: plan.maxOutputBytes,
+        max_output_bytes_scope: plan.maxOutputBytes === null ? null : COMMAND_OUTPUT_LIMIT_SCOPE,
         mode: plan.mode,
         argv: plan.commandArgv,
         resolved_argv: plan.argvCommand,

package/dist/core/check-issues.js

@@ -4,7 +4,7 @@ const CHECK_ISSUE_ID_RULES = [
     ['mustflow.command_contract.configured_missing_lifecycle', /^Configured intent [^\s]+ must define lifecycle$/u],
     ['mustflow.command_contract.configured_missing_run_policy', /^Configured intent [^\s]+ must define run_policy$/u],
     ['mustflow.command_contract.oneshot_missing_timeout', /^Oneshot intent [^\s]+ must define timeout_seconds$/u],
-    ['mustflow.command_contract.max_output_bytes_exceeds_limit', /^\[commands\.(?:defaults|intents\.[^\]]+)\]\.max_output_bytes must be less than or equal to \d+$/u],
+    ['mustflow.command_contract.max_output_bytes_exceeds_limit', /^\[commands\.(?:defaults|intents\.[^\]]+)\]\.max_output_bytes must be less than or equal to \d+ per output stream$/u],
     ['mustflow.command_contract.oneshot_stdin_not_closed', /^Oneshot intent [^\s]+ must set stdin = "closed"$/u],
     ['mustflow.command_contract.long_running_agent_allowed', /^Long-running intent [^\s]+ must not use run_policy = "agent_allowed"$/u],
     ['mustflow.command_contract.executable_source_missing', /^Configured intent [^\s]+ must define argv or mode = "shell" with cmd$/u],

package/dist/core/command-contract-validation.js

@@ -161,6 +161,7 @@ function validateCommandIntent(intentName, intent, issues) {
     validateAllowedStringField(intent, 'env_policy', `[commands.intents.${intentName}].env_policy`, COMMAND_ENV_POLICIES, issues);
     validateStringArrayField(intent, 'env_allowlist', `[commands.intents.${intentName}].env_allowlist`, issues);
     validateMaxOutputBytesField(intent, 'max_output_bytes', `[commands.intents.${intentName}].max_output_bytes`, issues);
+    validatePositiveIntegerField(intent, 'kill_after_seconds', `[commands.intents.${intentName}].kill_after_seconds`, issues);
     validateCommandIntentSelection(intentName, intent, issues);
     if (intent.status !== 'configured') {
         return;
@@ -223,10 +224,10 @@ function getEffectiveCommandEnvPolicy(defaults, intent) {
     }
     return { policy: DEFAULT_COMMAND_ENV_POLICY, source: 'implicit' };
 }
-function validateCommandEnvInheritanceWarnings(commandsToml) {
-    const issues = [];
+export function findCommandEnvInheritanceWarnings(commandsToml) {
+    const warnings = [];
     if (!commandsToml || !isRecord(commandsToml.intents)) {
-        return issues;
+        return warnings;
     }
     const defaults = isRecord(commandsToml.defaults) ? commandsToml.defaults : undefined;
     for (const [intentName, intent] of Object.entries(commandsToml.intents)) {
@@ -237,13 +238,26 @@ function validateCommandEnvInheritanceWarnings(commandsToml) {
         if (envPolicy.policy !== 'inherit') {
             continue;
         }
-        const networkScope = intent.network === true ? ' with network = true' : '';
-        const migration = 'set env_policy = "minimal" or "allowlist" unless broad host state is required';
-        if (envPolicy.source === 'implicit') {
-            issues.push(commandContractWarning(`configured agent-runnable intent ${intentName} implicitly inherits the host environment${networkScope}; ${migration}`));
-            continue;
-        }
-        issues.push(commandContractWarning(`configured agent-runnable intent ${intentName} uses env_policy = "inherit"${networkScope}; ${migration}`));
+        warnings.push({
+            intentName,
+            source: envPolicy.source,
+            network: intent.network === true,
+        });
+    }
+    return warnings;
+}
+function formatCommandEnvInheritanceWarning(warning) {
+    const networkScope = warning.network ? ' with network = true' : '';
+    const migration = 'set env_policy = "minimal" or "allowlist" unless broad host state is required';
+    if (warning.source === 'implicit') {
+        return `configured agent-runnable intent ${warning.intentName} implicitly inherits the host environment${networkScope}; ${migration}`;
+    }
+    return `configured agent-runnable intent ${warning.intentName} uses env_policy = "inherit"${networkScope}; ${migration}`;
+}
+function validateCommandEnvInheritanceWarnings(commandsToml) {
+    const issues = [];
+    for (const warning of findCommandEnvInheritanceWarnings(commandsToml)) {
+        issues.push(commandContractWarning(formatCommandEnvInheritanceWarning(warning)));
     }
     return issues;
 }

package/dist/core/command-effects.js

@@ -17,12 +17,11 @@ function validateEffectPath(projectRoot, intent, rawPath) {
     const cwd = resolveSafeProjectCwd(projectRoot, readString(intent, 'cwd'));
     const resolved = path.resolve(cwd, rawPath);
     const root = path.resolve(projectRoot);
-    const resolvedLower = resolved.toLowerCase();
-    const rootLower = root.toLowerCase();
-    if (resolvedLower !== rootLower && !resolvedLower.startsWith(`${rootLower}${path.sep}`)) {
+    const relative = path.relative(root, resolved);
+    if (relative.startsWith('..') || path.isAbsolute(relative)) {
         throw new Error(`Command effect path must stay inside the current root: ${rawPath}`);
     }
-    return normalizeRelativePath(path.relative(projectRoot, resolved));
+    return normalizeRelativePath(relative);
 }
 function readResourcePaths(commandContract, lock) {
     const resource = commandContract.resources[lock];

package/dist/core/command-output-limits.js

@@ -1,5 +1,6 @@
 export const DEFAULT_COMMAND_MAX_OUTPUT_BYTES = 1_048_576;
 export const MAX_COMMAND_OUTPUT_BYTES = 16 * 1024 * 1024;
+export const COMMAND_OUTPUT_LIMIT_SCOPE = 'per_stream';
 export function commandMaxOutputBytesLimitMessage(label) {
-    return `${label} must be less than or equal to ${MAX_COMMAND_OUTPUT_BYTES}`;
+    return `${label} must be less than or equal to ${MAX_COMMAND_OUTPUT_BYTES} per output stream`;
 }

package/dist/core/line-endings.js

@@ -1,6 +1,7 @@
 import { spawnSync } from 'node:child_process';
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
+import { readFileInsideWithoutSymlinks, writeFileInsideWithoutSymlinks } from './safe-filesystem.js';
 const GITATTRIBUTES_PATH = '.gitattributes';
 function toPosixPath(value) {
     return value.split(path.sep).join('/');
@@ -10,7 +11,7 @@ function hasLfPolicy(projectRoot) {
     if (!existsSync(attributesPath)) {
         return false;
     }
-    const content = readFileSync(attributesPath, 'utf8');
+    const content = readFileInsideWithoutSymlinks(projectRoot, attributesPath).toString('utf8');
     return /^\*\s+.*(?:^|\s)eol=lf(?:\s|$)/imu.test(content);
 }
 function gitList(projectRoot, args) {
@@ -107,14 +108,21 @@ export function inspectLineEndings(projectRoot, mode, options = {}) {
         if (!existsSync(absolutePath)) {
             continue;
         }
-        const buffer = readFileSync(absolutePath);
+        let buffer;
+        try {
+            buffer = readFileInsideWithoutSymlinks(root, absolutePath);
+        }
+        catch (error) {
+            issues.push(error instanceof Error ? error.message : String(error));
+            continue;
+        }
         const lineEnding = detectLineEnding(buffer);
         const wouldChange = policy === 'lf' && (lineEnding === 'crlf' || lineEnding === 'mixed');
         if (!wouldChange) {
             continue;
         }
         if (canApply) {
-            writeFileSync(absolutePath, normalizeLf(buffer));
+            writeFileInsideWithoutSymlinks(root, absolutePath, normalizeLf(buffer));
             changedFiles.push(toPosixPath(relativePath));
         }
         nonCompliantFiles.push({