mustflow 2.18.3 → 2.18.20

package/dist/cli/lib/dashboard-preferences.js

@@ -1,10 +1,11 @@
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
 import { isRecord } from './command-contract.js';
+import { readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks } from './filesystem.js';
 import { isLocaleTag } from './locale-tags.js';
-import { markManifestLockFileCustomized } from './manifest-lock.js';
+import { ensureManifestLockTargetSafe, markManifestLockFileCustomized } from './manifest-lock.js';
 import { COMMIT_MESSAGE_STYLES, TEST_AUTHORING_POLICIES } from './preferences-options.js';
-import { readTomlFile } from './toml.js';
+import { parseTomlText } from './toml.js';
 const PREFERENCES_RELATIVE_PATH = '.mustflow/config/preferences.toml';
 export const DASHBOARD_PREFERENCE_SETTINGS = [
     {
@@ -281,7 +282,7 @@ export function readDashboardPreferences(projectRoot) {
     if (!existsSync(preferencesPath)) {
         throw new Error('Missing .mustflow/config/preferences.toml. Run mf init first or switch to a mustflow root.');
     }
-    const parsed = readTomlFile(preferencesPath);
+    const parsed = parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath));
     if (!isRecord(parsed)) {
         throw new Error('.mustflow/config/preferences.toml must contain a TOML table.');
     }
@@ -390,7 +391,7 @@ function coerceUpdateValue(definition, value) {
 export function updateDashboardPreferences(projectRoot, updates) {
     const preferencesPath = getPreferencesPath(projectRoot);
     const definitionsById = new Map(DASHBOARD_PREFERENCE_SETTINGS.map((definition) => [definition.id, definition]));
-    let content = readFileSync(preferencesPath, 'utf8');
+    let content = readUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath);
     for (const update of updates) {
         const definition = definitionsById.get(update.id);
         if (!definition) {
@@ -399,7 +400,8 @@ export function updateDashboardPreferences(projectRoot, updates) {
         const value = coerceUpdateValue(definition, update.value);
         content = setTomlScalar(content, definition.path, value);
     }
-    writeFileSync(preferencesPath, content);
+    ensureManifestLockTargetSafe(projectRoot);
+    writeUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath, content);
     markManifestLockFileCustomized(projectRoot, PREFERENCES_RELATIVE_PATH);
     return readDashboardPreferences(projectRoot);
 }

package/dist/cli/lib/filesystem.js

@@ -48,11 +48,14 @@ export function ensureInsideWithoutSymlinks(parentPath, childPath, options = {})
     }
 }
 export function readUtf8FileInsideWithoutSymlinks(parentPath, childPath) {
+    return readFileInsideWithoutSymlinks(parentPath, childPath).toString('utf8');
+}
+export function readFileInsideWithoutSymlinks(parentPath, childPath) {
     const absoluteChildPath = path.resolve(childPath);
     ensureInsideWithoutSymlinks(parentPath, absoluteChildPath);
     const fileDescriptor = openSync(absoluteChildPath, constants.O_RDONLY | NOFOLLOW_FLAG);
     try {
-        return readFileSync(fileDescriptor, 'utf8');
+        return readFileSync(fileDescriptor);
     }
     finally {
         closeSync(fileDescriptor);
@@ -79,6 +82,9 @@ export function ensureFileTargetInsideWithoutSymlinks(parentPath, childPath, opt
     }
 }
 export function writeUtf8FileInsideWithoutSymlinks(parentPath, childPath, content) {
+    writeFileInsideWithoutSymlinks(parentPath, childPath, content);
+}
+export function writeFileInsideWithoutSymlinks(parentPath, childPath, content) {
     const absoluteChildPath = path.resolve(childPath);
     const directoryPath = path.dirname(absoluteChildPath);
     ensureInsideWithoutSymlinks(parentPath, directoryPath, { allowMissingLeaf: true });
@@ -92,6 +98,10 @@ export function writeUtf8FileInsideWithoutSymlinks(parentPath, childPath, conten
         closeSync(fileDescriptor);
     }
 }
+export function copyFileInsideWithoutSymlinks(sourceParentPath, sourcePath, targetParentPath, targetPath) {
+    const content = readFileInsideWithoutSymlinks(sourceParentPath, sourcePath);
+    writeFileInsideWithoutSymlinks(targetParentPath, targetPath, content);
+}
 export function copyFileIfMissing(sourcePath, targetPath, relativePath) {
     if (existsSync(targetPath)) {
         return { status: 'skipped', relativePath };

package/dist/cli/lib/html-json.js

@@ -0,0 +1,11 @@
+const INLINE_SCRIPT_JSON_ESCAPES = {
+    '<': '\\u003C',
+    '>': '\\u003E',
+    '&': '\\u0026',
+    '\u2028': '\\u2028',
+    '\u2029': '\\u2029',
+};
+export function safeJsonForInlineScript(value) {
+    const json = JSON.stringify(value);
+    return (json ?? 'null').replace(/[<>&\u2028\u2029]/gu, (character) => INLINE_SCRIPT_JSON_ESCAPES[character]);
+}

package/dist/cli/lib/local-index/index.js

@@ -5,6 +5,7 @@ import { isRecord, readCommandContract, readString, readStringArray } from '../c
 import { listFilesRecursive, toPosixPath } from '../filesystem.js';
 import { readTomlFile } from '../toml.js';
 import { collectSourceAnchorIndexRecords, hasHighRiskSourceAnchorRiskTags, } from '../../../core/source-anchor-status.js';
+import { listSourceAnchorFiles } from '../../../core/source-anchors.js';
 import { normalizeCommandEffects } from '../../../core/command-effects.js';
 import { listChangeClassificationRuleDescriptors } from '../../../core/change-classification.js';
 import { DEFAULT_DATABASE_RELATIVE_PATH, DEFAULT_PROMPT_CACHE_STABLE_READ, DEFAULT_PROMPT_CACHE_TASK_SOURCES, DEFAULT_PROMPT_CACHE_VOLATILE_SOURCES, INDEX_CONFIG_RELATIVE_PATH, LOCAL_INDEX_CONTENT_MODE, LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS, LOCAL_INDEX_PARSER_VERSION, LOCAL_INDEX_SCHEMA_VERSION, LOCAL_INDEX_STORE_FULL_CONTENT, LATEST_RUN_STATE_RELATIVE_PATH, MAX_SEARCH_MATCH_SNIPPET_CHARS, MAX_SNIPPET_BYTES_PER_DOCUMENT, MUSTFLOW_RELATIVE_PATH, SEARCH_BACKEND_FTS5, SEARCH_BACKEND_TABLE_SCAN, SEARCH_MATCH_CONTEXT_AFTER_CHARS, SEARCH_MATCH_CONTEXT_BEFORE_CHARS, SEARCH_MATCH_TRUNCATION_MARKER, SEARCH_NGRAM_MAX_GRAMS_PER_TARGET, SEARCH_NGRAM_MAX_LENGTH, SEARCH_NGRAM_MAX_TOKEN_CHARS, SEARCH_NGRAM_MIN_LENGTH, SOURCE_INDEX_MAX_FILE_BYTES, TEST_DISABLE_FTS5_ENV, } from './constants.js';
@@ -284,7 +285,21 @@ function collectCommandIntents(projectRoot) {
     }
     return intents;
 }
+function normalizeIndexedFileSourceScope(value) {
+    const sourceScope = toSearchString(value);
+    if (sourceScope === 'source_anchor' || sourceScope === 'state') {
+        return sourceScope;
+    }
+    return 'workflow';
+}
 function readIndexedFileRecord(projectRoot, relativePath, sourceScope, contentHash = null) {
+    const metadata = readIndexedFileMetadataRecord(projectRoot, relativePath, sourceScope);
+    return {
+        ...metadata,
+        contentHash: contentHash ?? sha256Bytes(readFileSync(path.join(projectRoot, ...relativePath.split('/')))),
+    };
+}
+function readIndexedFileMetadataRecord(projectRoot, relativePath, sourceScope) {
     const fullPath = path.join(projectRoot, ...relativePath.split('/'));
     const stats = statSync(fullPath);
     return {
@@ -292,19 +307,50 @@ function readIndexedFileRecord(projectRoot, relativePath, sourceScope, contentHa
         sourceScope,
         sizeBytes: stats.size,
         mtimeMs: Math.round(stats.mtimeMs),
-        contentHash: contentHash ?? sha256Bytes(readFileSync(fullPath)),
     };
 }
-function collectIndexedFileRecords(projectRoot, documents, sourceAnchors) {
+function collectIndexedFileRecords(projectRoot, documents, sourceAnchors, sourceAnchorCandidatePaths = []) {
     const records = new Map();
     for (const document of documents) {
         records.set(document.path, readIndexedFileRecord(projectRoot, document.path, 'workflow', document.contentHash));
     }
-    for (const anchorPath of [...new Set(sourceAnchors.map((anchor) => anchor.path))].sort((left, right) => left.localeCompare(right))) {
+    const sourcePaths = new Set([...sourceAnchorCandidatePaths, ...sourceAnchors.map((anchor) => anchor.path)]);
+    for (const anchorPath of [...sourcePaths].sort((left, right) => left.localeCompare(right))) {
         if (!records.has(anchorPath)) {
             records.set(anchorPath, readIndexedFileRecord(projectRoot, anchorPath, 'source_anchor'));
         }
     }
+    if (existsSync(path.join(projectRoot, ...LATEST_RUN_STATE_RELATIVE_PATH.split('/')))) {
+        records.set(LATEST_RUN_STATE_RELATIVE_PATH, readIndexedFileRecord(projectRoot, LATEST_RUN_STATE_RELATIVE_PATH, 'state'));
+    }
+    return [...records.values()].sort((left, right) => left.path.localeCompare(right.path));
+}
+function collectSourceAnchorCandidatePaths(projectRoot, sourceConfig) {
+    return listSourceAnchorFiles(projectRoot, {
+        ...sourceConfig,
+        excludeGeneratedOrVendor: true,
+    });
+}
+function collectFastPreflightIndexedFileMetadataRecords(projectRoot, includeSource, sourceConfig) {
+    const records = new Map();
+    for (const relativePath of getExistingIndexablePaths(projectRoot)) {
+        records.set(relativePath, readIndexedFileMetadataRecord(projectRoot, relativePath, 'workflow'));
+    }
+    if (includeSource) {
+        try {
+            for (const sourcePath of collectSourceAnchorCandidatePaths(projectRoot, sourceConfig)) {
+                if (!records.has(sourcePath)) {
+                    records.set(sourcePath, readIndexedFileMetadataRecord(projectRoot, sourcePath, 'source_anchor'));
+                }
+            }
+        }
+        catch {
+            return null;
+        }
+    }
+    if (existsSync(path.join(projectRoot, ...LATEST_RUN_STATE_RELATIVE_PATH.split('/')))) {
+        records.set(LATEST_RUN_STATE_RELATIVE_PATH, readIndexedFileMetadataRecord(projectRoot, LATEST_RUN_STATE_RELATIVE_PATH, 'state'));
+    }
     return [...records.values()].sort((left, right) => left.path.localeCompare(right.path));
 }
 function normalizeSearchText(value) {
@@ -1948,6 +1994,86 @@ function populateDatabase(database, capabilities, documents, skills, skillRoutes
     populatePathSurfaceReadModel(database);
     populateSearchTables(database, capabilities, documents, skills, skillRoutes, commandIntents, sourceAnchors);
 }
+function readCount(database, tableName) {
+    if (!hasTable(database, tableName)) {
+        return 0;
+    }
+    const [row] = queryRows(database, `SELECT COUNT(*) AS count FROM ${tableName}`);
+    const count = row?.count;
+    return typeof count === 'number' && Number.isFinite(count) ? count : 0;
+}
+function readStoredIndexedPaths(database) {
+    if (!hasTable(database, 'documents')) {
+        return [];
+    }
+    return queryRows(database, 'SELECT path FROM documents ORDER BY path')
+        .map((row) => toSearchString(row.path))
+        .filter(Boolean);
+}
+function createStoredLocalIndexResult(projectRoot, databasePath, dryRun, indexMode, database, capabilities) {
+    return {
+        schema_version: LOCAL_INDEX_SCHEMA_VERSION,
+        command: 'index',
+        ok: true,
+        mustflow_root: path.resolve(projectRoot),
+        database_path: databasePath,
+        dry_run: dryRun,
+        wrote_files: false,
+        index_mode: indexMode,
+        reused_existing: true,
+        rebuild_reason: null,
+        document_count: readCount(database, 'documents'),
+        skill_count: readCount(database, 'skills'),
+        skill_route_count: readCount(database, 'skill_routes'),
+        command_intent_count: readCount(database, 'command_intents'),
+        command_effect_count: readCount(database, 'command_effects'),
+        verification_evidence_summary_count: readCount(database, 'verification_evidence_summaries'),
+        verification_plan_count: readCount(database, 'verification_plans'),
+        acceptance_criteria_count: readCount(database, 'acceptance_criteria'),
+        criterion_coverage_count: readCount(database, 'criterion_coverage'),
+        verification_receipt_summary_count: readCount(database, 'verification_receipt_summaries'),
+        command_receipt_summary_count: readCount(database, 'command_receipt_summaries'),
+        verification_coverage_state_count: readCount(database, 'verification_coverage_states'),
+        verification_risk_signal_count: readCount(database, 'verification_risk_signals'),
+        validation_ratchet_signal_count: readCount(database, 'validation_ratchet_signals'),
+        completion_verdict_summary_count: readCount(database, 'completion_verdict_summaries'),
+        repro_route_count: readCount(database, 'repro_routes'),
+        repro_observation_count: readCount(database, 'repro_observations'),
+        failure_fingerprint_count: readCount(database, 'verification_failure_fingerprints'),
+        source_index_enabled: readMetadataValue(database, 'source_index_enabled') === 'true',
+        source_anchor_count: readCount(database, 'source_anchors'),
+        source_anchor_risk_signal_count: readCount(database, 'source_anchor_risk_signals'),
+        search_backend: capabilities.backend,
+        search_fts5_available: capabilities.fts5Available,
+        content_mode: LOCAL_INDEX_CONTENT_MODE,
+        store_full_content: LOCAL_INDEX_STORE_FULL_CONTENT,
+        max_snippet_bytes_per_document: MAX_SNIPPET_BYTES_PER_DOCUMENT,
+        excluded_raw_data_kinds: [...LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS],
+        indexed_file_count: readCount(database, 'indexed_files'),
+        indexed_paths: readStoredIndexedPaths(database),
+    };
+}
+function indexedFileMetadataMatch(database, currentFiles) {
+    const rows = queryRows(database, 'SELECT path, source_scope, size_bytes, mtime_ms, parser_version FROM indexed_files ORDER BY path');
+    if (rows.length !== currentFiles.length) {
+        return false;
+    }
+    const currentByPath = new Map(currentFiles.map((file) => [file.path, file]));
+    for (const row of rows) {
+        const storedPath = toSearchString(row.path);
+        const current = currentByPath.get(storedPath);
+        if (!current) {
+            return false;
+        }
+        if (normalizeIndexedFileSourceScope(row.source_scope) !== current.sourceScope ||
+            row.size_bytes !== current.sizeBytes ||
+            row.mtime_ms !== current.mtimeMs ||
+            toSearchString(row.parser_version) !== LOCAL_INDEX_PARSER_VERSION) {
+            return false;
+        }
+    }
+    return true;
+}
 function indexedFilesMatch(database, currentFiles) {
     const rows = queryRows(database, 'SELECT path, source_scope, content_hash, parser_version FROM indexed_files ORDER BY path');
     if (rows.length !== currentFiles.length) {
@@ -1960,7 +2086,7 @@ function indexedFilesMatch(database, currentFiles) {
         if (!current) {
             return false;
         }
-        if (toSearchString(row.source_scope) !== current.sourceScope ||
+        if (normalizeIndexedFileSourceScope(row.source_scope) !== current.sourceScope ||
             toSearchString(row.content_hash) !== current.contentHash ||
             toSearchString(row.parser_version) !== LOCAL_INDEX_PARSER_VERSION) {
             return false;
@@ -1968,6 +2094,44 @@ function indexedFilesMatch(database, currentFiles) {
     }
     return true;
 }
+async function readIncrementalPreflightReuse(SQL, databasePath, projectRoot, currentFiles, sourceScopeHash, dryRun, indexMode) {
+    if (!currentFiles) {
+        return { result: null, rebuildReason: null };
+    }
+    if (!existsSync(databasePath)) {
+        return { result: null, rebuildReason: 'missing_index' };
+    }
+    let database;
+    try {
+        database = new SQL.Database(readFileSync(databasePath));
+        if (readStoredSchemaVersion(database) !== LOCAL_INDEX_SCHEMA_VERSION) {
+            return { result: null, rebuildReason: 'schema_version_mismatch' };
+        }
+        if (readMetadataValue(database, 'parser_version') !== LOCAL_INDEX_PARSER_VERSION) {
+            return { result: null, rebuildReason: 'parser_version_mismatch' };
+        }
+        if (readMetadataValue(database, 'source_scope_hash') !== sourceScopeHash) {
+            return { result: null, rebuildReason: 'source_scope_mismatch' };
+        }
+        if (!hasTable(database, 'indexed_files')) {
+            return { result: null, rebuildReason: 'indexed_files_missing' };
+        }
+        if (!indexedFileMetadataMatch(database, currentFiles)) {
+            return { result: null, rebuildReason: 'file_fingerprint_mismatch' };
+        }
+        const capabilities = readStoredSearchCapabilities(database);
+        return {
+            result: createStoredLocalIndexResult(projectRoot, databasePath, dryRun, indexMode, database, capabilities),
+            rebuildReason: null,
+        };
+    }
+    catch {
+        return { result: null, rebuildReason: 'unreadable_index' };
+    }
+    finally {
+        database?.close();
+    }
+}
 async function readIncrementalReuseDecision(SQL, databasePath, currentFiles, sourceScopeHash) {
     if (!existsSync(databasePath)) {
         return { reusable: false, rebuildReason: 'missing_index', capabilities: null };
@@ -2015,16 +2179,32 @@ export async function createLocalIndex(projectRoot, options = {}) {
     const dryRun = options.dryRun === true;
     const incremental = options.incremental === true;
     const indexMode = incremental ? 'incremental' : 'full';
+    const sourceConfig = readLocalIndexSourceConfig(projectRoot);
+    const includeSource = options.includeSource === true || sourceConfig.enabledByDefault;
+    const sourceScopeHash = getSourceScopeHash(includeSource, sourceConfig);
+    let capabilities = searchCapabilities(false);
+    let reusedExisting = false;
+    let rebuildReason = null;
+    const SQL = await loadSqlJs();
+    const capabilityDatabase = new SQL.Database();
+    capabilities = detectLocalSearchCapabilities(capabilityDatabase);
+    capabilityDatabase.close();
+    if (incremental) {
+        const preflightFiles = collectFastPreflightIndexedFileMetadataRecords(projectRoot, includeSource, sourceConfig);
+        const preflightReuse = await readIncrementalPreflightReuse(SQL, databasePath, projectRoot, preflightFiles, sourceScopeHash, dryRun, indexMode);
+        if (preflightReuse.result) {
+            return preflightReuse.result;
+        }
+        rebuildReason = preflightReuse.rebuildReason;
+    }
     const documents = collectDocuments(projectRoot);
     const skills = collectSkills(documents);
     const skillRoutes = collectSkillRoutes(projectRoot);
     const commandIntents = collectCommandIntents(projectRoot);
-    const sourceConfig = readLocalIndexSourceConfig(projectRoot);
-    const includeSource = options.includeSource === true || sourceConfig.enabledByDefault;
-    const sourceScopeHash = getSourceScopeHash(includeSource, sourceConfig);
     const previousSourceAnchors = includeSource
         ? await readPreviousSourceAnchorSnapshots(databasePath).catch(() => [])
         : [];
+    const sourceAnchorCandidatePaths = includeSource ? collectSourceAnchorCandidatePaths(projectRoot, sourceConfig) : [];
     const sourceAnchors = includeSource
         ? collectSourceAnchorIndexRecords(projectRoot, previousSourceAnchors, {
             ...sourceConfig,
@@ -2032,18 +2212,11 @@ export async function createLocalIndex(projectRoot, options = {}) {
         })
         : [];
     const verificationEvidence = createVerificationEvidenceIndex(projectRoot);
-    const indexedFiles = collectIndexedFileRecords(projectRoot, documents, sourceAnchors);
-    let capabilities = searchCapabilities(false);
-    let reusedExisting = false;
-    let rebuildReason = null;
-    const SQL = await loadSqlJs();
-    const capabilityDatabase = new SQL.Database();
-    capabilities = detectLocalSearchCapabilities(capabilityDatabase);
-    capabilityDatabase.close();
+    const indexedFiles = collectIndexedFileRecords(projectRoot, documents, sourceAnchors, sourceAnchorCandidatePaths);
     if (incremental) {
         const reuseDecision = await readIncrementalReuseDecision(SQL, databasePath, indexedFiles, sourceScopeHash);
         reusedExisting = reuseDecision.reusable;
-        rebuildReason = reuseDecision.rebuildReason;
+        rebuildReason = reuseDecision.rebuildReason ?? rebuildReason;
         capabilities = reuseDecision.capabilities ?? capabilities;
     }
     if (!dryRun && !reusedExisting) {
@@ -2110,7 +2283,7 @@ function getStalePaths(projectRoot, database) {
         const indexedPaths = new Set(indexedRows.map((row) => toSearchString(row.path)));
         for (const row of indexedRows) {
             const indexedPath = toSearchString(row.path);
-            const sourceScope = toSearchString(row.source_scope) === 'source_anchor' ? 'source_anchor' : 'workflow';
+            const sourceScope = normalizeIndexedFileSourceScope(row.source_scope);
             try {
                 const current = readIndexedFileRecord(projectRoot, indexedPath, sourceScope);
                 if (current.contentHash !== toSearchString(row.content_hash)) {

package/dist/cli/lib/manifest-lock.js

@@ -1,8 +1,8 @@
 import { createHash } from 'node:crypto';
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
-import { ensureInside } from './filesystem.js';
-import { readTomlFile, stringifyToml } from './toml.js';
+import { ensureFileTargetInsideWithoutSymlinks, ensureInside, readFileInsideWithoutSymlinks, readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks, } from './filesystem.js';
+import { parseTomlText, stringifyToml } from './toml.js';
 export const MANIFEST_LOCK_RELATIVE_PATH = '.mustflow/config/manifest.lock.toml';
 function isRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
@@ -48,20 +48,31 @@ function parseManifestLock(raw) {
     };
 }
 export function sha256File(filePath) {
-    return `sha256:${createHash('sha256').update(readFileSync(filePath)).digest('hex')}`;
+    return `sha256:${createHash('sha256')
+        .update(readFileInsideWithoutSymlinks(path.dirname(filePath), filePath))
+        .digest('hex')}`;
+}
+function sha256ProjectFile(projectRoot, filePath) {
+    return `sha256:${createHash('sha256').update(readFileInsideWithoutSymlinks(projectRoot, filePath)).digest('hex')}`;
+}
+export function ensureManifestLockTargetSafe(projectRoot) {
+    const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
+    ensureInside(projectRoot, lockPath);
+    ensureFileTargetInsideWithoutSymlinks(projectRoot, lockPath, { allowMissingLeaf: true });
+    return existsSync(lockPath);
 }
 export function markManifestLockFileCustomized(projectRoot, relativePath) {
     const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
     const filePath = path.join(projectRoot, relativePath);
-    ensureInside(projectRoot, lockPath);
     ensureInside(projectRoot, filePath);
-    if (!existsSync(lockPath)) {
+    if (!ensureManifestLockTargetSafe(projectRoot)) {
         return false;
     }
+    ensureFileTargetInsideWithoutSymlinks(projectRoot, filePath, { allowMissingLeaf: true });
     if (!existsSync(filePath)) {
         throw new Error(`Cannot refresh manifest lock for missing file: ${relativePath}`);
     }
-    const parsed = readTomlFile(lockPath);
+    const parsed = parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, lockPath));
     if (!isRecord(parsed)) {
         throw new Error(`Invalid manifest lock: ${MANIFEST_LOCK_RELATIVE_PATH} must contain a TOML table`);
     }
@@ -71,20 +82,27 @@ export function markManifestLockFileCustomized(projectRoot, relativePath) {
     filesTable[relativePath] = {
         source: typeof existingTable.source === 'string' ? existingTable.source : 'template_common',
         last_action: 'customized',
-        content_hash: sha256File(filePath),
+        content_hash: sha256ProjectFile(projectRoot, filePath),
     };
     parsed.files = filesTable;
-    writeFileSync(lockPath, stringifyToml(parsed));
+    writeUtf8FileInsideWithoutSymlinks(projectRoot, lockPath, stringifyToml(parsed));
     return true;
 }
 export function readManifestLock(projectRoot) {
     const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
-    ensureInside(projectRoot, lockPath);
+    try {
+        ensureInside(projectRoot, lockPath);
+        ensureFileTargetInsideWithoutSymlinks(projectRoot, lockPath, { allowMissingLeaf: true });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return { kind: 'invalid', lockPath, message };
+    }
     if (!existsSync(lockPath)) {
         return { kind: 'missing', lockPath };
     }
     try {
-        return { kind: 'present', lockPath, lock: parseManifestLock(readTomlFile(lockPath)) };
+        return { kind: 'present', lockPath, lock: parseManifestLock(parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, lockPath))) };
     }
     catch (error) {
         const message = error instanceof Error ? error.message : String(error);
@@ -121,7 +139,15 @@ export function inspectManifestLock(projectRoot) {
             issues.push(`Locked file missing: ${lockedFile.relativePath}`);
             continue;
         }
-        const actualHash = sha256File(filePath);
+        let actualHash;
+        try {
+            actualHash = sha256ProjectFile(projectRoot, filePath);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            issues.push(`Locked file cannot be read safely: ${lockedFile.relativePath}: ${message}`);
+            continue;
+        }
         if (actualHash !== lockedFile.contentHash) {
             changedFiles.push(lockedFile.relativePath);
             issues.push(`Lock hash mismatch: ${lockedFile.relativePath}`);

package/dist/cli/lib/run-plan.js

@@ -78,6 +78,9 @@ function readEffectiveMaxOutputBytes(contract, intent) {
         readPositiveInteger(contract.defaults, 'max_output_bytes') ??
         DEFAULT_COMMAND_MAX_OUTPUT_BYTES;
 }
+function readEffectiveKillAfterSeconds(contract) {
+    return readPositiveInteger(contract.defaults, 'kill_after_seconds') ?? 5;
+}
 function getMaxOutputBytesLimitDetail(contract, intent) {
     const intentValue = readPositiveInteger(intent, 'max_output_bytes');
     if (intentValue !== undefined) {
@@ -103,6 +106,7 @@ function readRunIntentMetadata(contract, intent) {
         kind: readString(intent, 'kind') ?? null,
         configuredCwd,
         timeoutSeconds: readPositiveInteger(intent, 'timeout_seconds') ?? null,
+        killAfterSeconds: readEffectiveKillAfterSeconds(contract),
         maxOutputBytes: readEffectiveMaxOutputBytes(contract, intent),
         successExitCodes: getSuccessExitCodes(intent),
         commandArgv,
@@ -138,6 +142,7 @@ function createBlockedRunPlan(contract, intentName, intent, eligibility, reasonC
         cwd: null,
         relativeCwd: null,
         timeoutSeconds: metadata?.timeoutSeconds ?? null,
+        killAfterSeconds: metadata?.killAfterSeconds ?? null,
         maxOutputBytes: metadata?.maxOutputBytes ?? null,
         successExitCodes: metadata?.successExitCodes ?? null,
         commandArgv: metadata?.commandArgv,
@@ -199,6 +204,7 @@ export function createRunPlan(projectRoot, contract, intentName, options = {}) {
         cwd,
         relativeCwd: getRelativeProjectPath(projectRoot, cwd),
         timeoutSeconds: metadata.timeoutSeconds,
+        killAfterSeconds: metadata.killAfterSeconds,
         maxOutputBytes: metadata.maxOutputBytes,
         successExitCodes: metadata.successExitCodes,
         commandArgv,

package/dist/core/check-issues.js

@@ -15,6 +15,7 @@ const CHECK_ISSUE_ID_RULES = [
     ['mustflow.command_contract.effect_path_escape', /^Strict: Command effect path must stay inside the current root:/u],
     ['mustflow.command_contract.shared_writes_without_effects', /^Strict warning: configured agent-runnable intents .+ share path:.+ through writes without explicit effects or resource locks$/u],
     ['mustflow.command_contract.broad_env_inheritance', /^Strict warning: configured agent-runnable intent [^\s]+ (?:implicitly inherits the host environment|uses env_policy = "inherit")/u],
+    ['mustflow.command_contract.project_local_bin_bare_executable', /^Strict warning: configured agent-runnable intent [^\s]+ uses bare executable "[^"]+" that matches project-local node_modules\/\.bin/u],
     ['mustflow.prompt_cache.required', /^Strict: \[prompt_cache\] table is required$/u],
     ['mustflow.prompt_cache.volatile_in_stable', /^Strict: \[prompt_cache\.layers\.stable\]\.read must not include volatile path /u],
     ['mustflow.refresh.hash_method_required', /^Strict: \[refresh\]\.default_method should be "hash_check" for cache-friendly refresh$/u],

package/dist/core/command-classification.js

@@ -1,20 +1,4 @@
 const MUSTFLOW_BIN_NAMES = new Set(['mf', 'mustflow']);
-const IN_PROCESS_MUSTFLOW_BUILTIN_COMMANDS = new Set([
-    'check',
-    'classify',
-    'context',
-    'doctor',
-    'help',
-    'impact',
-    'line-endings',
-    'map',
-    'status',
-    'update',
-    'version-sources',
-]);
 export function isMustflowBinName(command) {
     return MUSTFLOW_BIN_NAMES.has(command.toLowerCase());
 }
-export function canRunMustflowBuiltinInProcess(command) {
-    return command !== undefined && IN_PROCESS_MUSTFLOW_BUILTIN_COMMANDS.has(command);
-}

package/dist/core/command-contract-rules.js

@@ -14,6 +14,7 @@ const INTERPRETER_EVALUATION_FLAGS = new Map([
 const PACKAGE_SCRIPT_RUNNERS = new Set(['bun', 'npm', 'pnpm', 'yarn']);
 const LONG_RUNNING_PACKAGE_SCRIPTS = new Set(['dev', 'start', 'serve', 'watch', 'preview']);
 const LONG_RUNNING_EXECUTABLES = new Set(['nodemon', 'pm2', 'serve', 'http-server', 'live-server', 'webpack-dev-server']);
+const ATTACHED_EVALUATION_FLAGS = new Set(['-command', '-commandwithargs']);
 export const BACKGROUND_SHELL_PATTERNS = [
     /(?:^|[^&])&(?!&)\s*$/u,
     /\bnohup\b/iu,
@@ -45,16 +46,26 @@ export function commandIntentHasCommandSource(intent) {
 export function shellCommandHasBlockedBackgroundPattern(command) {
     return BACKGROUND_SHELL_PATTERNS.some((pattern) => pattern.test(command));
 }
-export function commandIntentHasBlockedShellBackgroundPattern(intent) {
-    return intent.mode === 'shell' && typeof intent.cmd === 'string' && shellCommandHasBlockedBackgroundPattern(intent.cmd);
-}
 function normalizeExecutableName(value) {
     return path.basename(value).replace(/\.(?:cmd|exe|ps1)$/iu, '').toLowerCase();
 }
+function flagAllowsAttachedPayload(flag) {
+    return (flag.startsWith('-') && !flag.startsWith('--') && flag.length === 2) || flag === '/c' || ATTACHED_EVALUATION_FLAGS.has(flag);
+}
 function findFlagPayload(argv, flags) {
-    for (let index = 1; index < argv.length - 1; index += 1) {
-        if (flags.has(argv[index].toLowerCase())) {
-            return argv[index + 1];
+    for (let index = 1; index < argv.length; index += 1) {
+        const argument = argv[index] ?? '';
+        const normalizedArgument = argument.toLowerCase();
+        if (flags.has(normalizedArgument)) {
+            return argv[index + 1] ?? null;
+        }
+        for (const flag of flags) {
+            if (normalizedArgument.startsWith(`${flag}=`)) {
+                return argument.slice(flag.length + 1);
+            }
+            if (flagAllowsAttachedPayload(flag) && normalizedArgument.startsWith(flag) && argument.length > flag.length) {
+                return argument.slice(flag.length);
+            }
         }
     }
     return null;

package/dist/core/command-contract-validation.js

@@ -1,7 +1,9 @@
-import { COMMAND_LIFECYCLES, COMMAND_RUN_POLICIES, LONG_RUNNING_LIFECYCLES, isRecord, } from './config-loading.js';
+import { existsSync } from 'node:fs';
+import path from 'node:path';
+import { COMMAND_LIFECYCLES, COMMAND_RUN_POLICIES, LONG_RUNNING_LIFECYCLES, isRecord, readStringArray, } from './config-loading.js';
 import { COMMAND_ENV_POLICIES, DEFAULT_COMMAND_ENV_POLICY } from './command-env.js';
 import { COMMAND_EFFECT_CONCURRENCY, COMMAND_EFFECT_MODES, COMMAND_EFFECT_TYPES, validateCommandEffectLockWarnings, validateCommandEffects, } from './command-effects.js';
-import { commandIntentBlockedCommandPattern, commandIntentHasBlockedShellBackgroundPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
+import { commandIntentBlockedCommandPattern, commandIntentHasCommandSource, commandIntentNameIsSafe, } from './command-contract-rules.js';
 import { MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage } from './command-output-limits.js';
 function commandContractIssue(message) {
     return { message };
@@ -186,10 +188,10 @@ function validateCommandIntent(intentName, intent, issues) {
     if (!commandIntentHasCommandSource(intent)) {
         issues.push(commandContractIssue(`Configured intent ${intentName} must define argv or mode = "shell" with cmd`));
     }
-    if (commandIntentHasBlockedShellBackgroundPattern(intent)) {
+    const blockedCommandPattern = commandIntentBlockedCommandPattern(intent);
+    if (blockedCommandPattern?.code === 'shell_background_pattern') {
         issues.push(commandContractIssue(`Shell intent ${intentName} contains a blocked long-running or background pattern`));
     }
-    const blockedCommandPattern = commandIntentBlockedCommandPattern(intent);
     if (blockedCommandPattern?.code === 'long_running_command_pattern') {
         issues.push(commandContractIssue(`Intent ${intentName} contains a blocked long-running or background command pattern`));
     }
@@ -245,6 +247,41 @@ function validateCommandEnvInheritanceWarnings(commandsToml) {
     }
     return issues;
 }
+function projectLocalBinExecutableExists(projectRoot, executable) {
+    const localBinPath = path.join(projectRoot, 'node_modules', '.bin');
+    const executableName = path.basename(executable).replace(/\.(?:cmd|exe|ps1)$/iu, '');
+    const candidates = [
+        executableName,
+        `${executableName}.cmd`,
+        `${executableName}.exe`,
+        `${executableName}.ps1`,
+    ];
+    return candidates.some((candidate) => existsSync(path.join(localBinPath, candidate)));
+}
+function validateProjectLocalBinWarnings(projectRoot, commandsToml) {
+    const issues = [];
+    if (!isRecord(commandsToml?.intents)) {
+        return issues;
+    }
+    for (const [intentName, intent] of Object.entries(commandsToml.intents)) {
+        if (!isRecord(intent)) {
+            continue;
+        }
+        if (intent.status !== 'configured' || intent.lifecycle !== 'oneshot' || intent.run_policy !== 'agent_allowed') {
+            continue;
+        }
+        const argv = readStringArray(intent, 'argv');
+        const executable = argv?.[0];
+        if (!executable || executable.includes('/') || executable.includes('\\')) {
+            continue;
+        }
+        if (!projectLocalBinExecutableExists(projectRoot, executable)) {
+            continue;
+        }
+        issues.push(commandContractWarning(`configured agent-runnable intent ${intentName} uses bare executable "${executable}" that matches project-local node_modules/.bin; use a package-manager mediated command such as npm exec, pnpm exec, bun x, or yarn exec`));
+    }
+    return issues;
+}
 /**
  * mf:anchor core.command-contract-validation
  * purpose: Validate command intent declarations that gate agent-executable repository commands.
@@ -287,6 +324,7 @@ export function validateCommandContractStrictDefaults(projectRoot, commandsToml)
         }
     }
     issues.push(...validateCommandEnvInheritanceWarnings(commandsToml));
+    issues.push(...validateProjectLocalBinWarnings(projectRoot, commandsToml));
     issues.push(...validateCommandEffects(projectRoot, commandsToml));
     issues.push(...validateCommandEffectLockWarnings(commandsToml));
     return issues;