mustflow 2.18.7 → 2.18.20

package/README.md

@@ -228,6 +228,10 @@ your-project/
       │  └─ SKILL.md
       ├─ vertical-slice-tdd/
       │  └─ SKILL.md
+      ├─ llm-service-ux-review/
+      │  └─ SKILL.md
+      ├─ search-ad-content-authoring/
+      │  └─ SKILL.md
       ├─ ui-quality-gate/
       │  └─ SKILL.md
       ├─ visual-review-artifact/

package/dist/cli/commands/dashboard.js

@@ -1,5 +1,5 @@
 import { randomBytes } from 'node:crypto';
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync, readFileSync, statSync } from 'node:fs';
 import http from 'node:http';
 import path from 'node:path';
 import { openPathInFileManager, openUrlInBrowser } from '../lib/browser-open.js';
@@ -14,8 +14,8 @@ import { readGitChangedFiles } from '../lib/git-changes.js';
 import { isRecord, readCommandContract, readPositiveInteger, readString, readStringArray, } from '../lib/command-contract.js';
 import { readDashboardPreferences, updateDashboardPreferences, } from '../lib/dashboard-preferences.js';
 import { DOC_REVIEW_LEDGER_RELATIVE_PATH, isDocReviewStatus, isReviewerKind, listDocReviewEntries, markDocReviewEntry, } from '../lib/doc-review-ledger.js';
-import { inspectManifestLock } from '../lib/manifest-lock.js';
-import { readLatestLocalVerificationReadModelQueries, readLocalCommandEffectGraphs, } from '../lib/local-index.js';
+import { MANIFEST_LOCK_RELATIVE_PATH, inspectManifestLock } from '../lib/manifest-lock.js';
+import { getLocalIndexDatabasePath, readLatestLocalVerificationReadModelQueries, readLocalCommandEffectGraphs, } from '../lib/local-index.js';
 import { readPackageMetadata } from '../lib/package-info.js';
 import { t } from '../lib/i18n.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
@@ -36,6 +36,61 @@ const RELEASE_FILE_PATTERNS = [
 ];
 const SKILL_INDEX_RELATIVE_PATH = '.mustflow/skills/INDEX.md';
 const LATEST_RUN_RELATIVE_PATH = '.mustflow/state/runs/latest.json';
+const COMMANDS_RELATIVE_PATH = '.mustflow/config/commands.toml';
+const AGENTS_RELATIVE_PATH = 'AGENTS.md';
+const STATUS_BLOCK_CACHE_TTL_MS = 750;
+const dashboardStatusBlockCache = new Map();
+function dashboardStatusBlockCacheKey(projectRoot, blockName) {
+    return `${path.resolve(projectRoot)}\0${blockName}`;
+}
+function readFileSignature(filePath) {
+    try {
+        const stat = statSync(filePath);
+        return `${stat.mtimeMs}:${stat.size}`;
+    }
+    catch {
+        return 'missing';
+    }
+}
+function readProjectFileSignature(projectRoot, relativePath) {
+    return `${relativePath}=${readFileSignature(path.join(projectRoot, ...relativePath.split('/')))}`;
+}
+function readStatusBlockSignature(projectRoot, relativePaths) {
+    return relativePaths.map((relativePath) => readProjectFileSignature(projectRoot, relativePath)).join('|');
+}
+function readLocalIndexSignature(projectRoot) {
+    return `local_index=${readFileSignature(getLocalIndexDatabasePath(projectRoot))}`;
+}
+function readDashboardStatusBlock(projectRoot, blockName, signature, readBlock) {
+    const key = dashboardStatusBlockCacheKey(projectRoot, blockName);
+    const cached = dashboardStatusBlockCache.get(key);
+    const now = Date.now();
+    if (cached && cached.signature === signature && cached.expiresAt > now) {
+        return cached.value;
+    }
+    const value = readBlock();
+    dashboardStatusBlockCache.set(key, {
+        signature,
+        expiresAt: Date.now() + STATUS_BLOCK_CACHE_TTL_MS,
+        value,
+    });
+    return value;
+}
+async function readDashboardStatusBlockAsync(projectRoot, blockName, signature, readBlock) {
+    const key = dashboardStatusBlockCacheKey(projectRoot, blockName);
+    const cached = dashboardStatusBlockCache.get(key);
+    const now = Date.now();
+    if (cached && cached.signature === signature && cached.expiresAt > now) {
+        return cached.value;
+    }
+    const value = await readBlock();
+    dashboardStatusBlockCache.set(key, {
+        signature,
+        expiresAt: Date.now() + STATUS_BLOCK_CACHE_TTL_MS,
+        value,
+    });
+    return value;
+}
 function readFrontmatterLines(content) {
     if (!content.startsWith('---')) {
         return [];
@@ -677,16 +732,17 @@ function renderRunHistoryResponse(projectRoot) {
 }
 async function renderStatusResponse(projectRoot) {
     const context = getAgentContext(projectRoot);
-    const manifest = inspectManifestLock(projectRoot);
+    const manifest = readDashboardStatusBlock(projectRoot, 'manifest', readStatusBlockSignature(projectRoot, [MANIFEST_LOCK_RELATIVE_PATH]), () => inspectManifestLock(projectRoot));
     const lock = manifest.readResult.kind === 'present' ? manifest.readResult.lock : undefined;
-    const activeDocuments = listDocReviewEntries(projectRoot);
-    const rawCommandContract = readDashboardCommandContract(projectRoot);
-    const commandContract = await renderCommandContractResponse(projectRoot, rawCommandContract);
+    const activeDocuments = readDashboardStatusBlock(projectRoot, 'doc_review', readStatusBlockSignature(projectRoot, [DOC_REVIEW_LEDGER_RELATIVE_PATH]), () => listDocReviewEntries(projectRoot));
+    const rawCommandContractSignature = readStatusBlockSignature(projectRoot, [COMMANDS_RELATIVE_PATH]);
+    const rawCommandContract = readDashboardStatusBlock(projectRoot, 'raw_command_contract', rawCommandContractSignature, () => readDashboardCommandContract(projectRoot));
+    const commandContract = await readDashboardStatusBlockAsync(projectRoot, 'command_contract', `${rawCommandContractSignature}|${readLocalIndexSignature(projectRoot)}`, () => renderCommandContractResponse(projectRoot, rawCommandContract));
     const gitChangedFilesResult = readGitChangedFiles(projectRoot);
     const gitChangedFiles = gitChangedFilesResult.ok ? gitChangedFilesResult.files : [];
     const packageMetadata = readPackageMetadata();
     const verification = createDashboardVerificationSnapshot(projectRoot, rawCommandContract, commandContract.intents, gitChangedFiles, manifest.changedFiles, manifest.missingFiles);
-    const readModel = await readLatestLocalVerificationReadModelQueries(projectRoot);
+    const readModel = await readDashboardStatusBlockAsync(projectRoot, 'verification_read_model', readLocalIndexSignature(projectRoot), () => readLatestLocalVerificationReadModelQueries(projectRoot));
     return {
         schema_version: '1',
         command: 'dashboard status',
@@ -696,12 +752,12 @@ async function renderStatusResponse(projectRoot) {
         release: {
             package_name: packageMetadata.name,
             package_version: packageMetadata.version,
-            version_sources: detectVersionSources(projectRoot),
+            version_sources: readDashboardStatusBlock(projectRoot, 'version_sources', readStatusBlockSignature(projectRoot, ['package.json']), () => detectVersionSources(projectRoot)),
             release_sensitive_changed_files: matchingFiles(gitChangedFiles, RELEASE_FILE_PATTERNS),
         },
-        update: renderUpdateResponse(projectRoot),
-        run_history: renderRunHistoryResponse(projectRoot),
-        skills: renderSkillsResponse(projectRoot),
+        update: readDashboardStatusBlock(projectRoot, 'update', readStatusBlockSignature(projectRoot, [AGENTS_RELATIVE_PATH, MANIFEST_LOCK_RELATIVE_PATH]), () => renderUpdateResponse(projectRoot)),
+        run_history: readDashboardStatusBlock(projectRoot, 'run_history', readStatusBlockSignature(projectRoot, [LATEST_RUN_RELATIVE_PATH]), () => renderRunHistoryResponse(projectRoot)),
+        skills: readDashboardStatusBlock(projectRoot, 'skills', readStatusBlockSignature(projectRoot, [SKILL_INDEX_RELATIVE_PATH]), () => renderSkillsResponse(projectRoot)),
         tracked_files: lock?.files.length ?? 0,
         changed_files: manifest.changedFiles,
         missing_files: manifest.missingFiles,

package/dist/cli/commands/init.js

@@ -1,9 +1,9 @@
-import { copyFileSync, existsSync, mkdirSync, readFileSync } from 'node:fs';
+import { existsSync, readFileSync } from 'node:fs';
 import path from 'node:path';
 import { stdin as processStdin, stdout as processStdout } from 'node:process';
 import { createInterface } from 'node:readline/promises';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
-import { ensureFileTargetInsideWithoutSymlinks, ensureInside, readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks, } from '../lib/filesystem.js';
+import { copyFileInsideWithoutSymlinks, ensureFileTargetInsideWithoutSymlinks, ensureInside, readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks, } from '../lib/filesystem.js';
 import { localeMessage, t } from '../lib/i18n.js';
 import { isLocaleTag } from '../lib/locale-tags.js';
 import { MANIFEST_LOCK_RELATIVE_PATH, sha256File } from '../lib/manifest-lock.js';
@@ -463,8 +463,11 @@ function parseOptions(args, reporter, lang) {
         preferenceOverrides,
     };
 }
-function sameTemplateFileContent(projectRoot, source, targetPath) {
-    return (source.content ?? readFileSync(source.sourcePath, 'utf8')) === readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath);
+function readTemplateSourceText(templateRoot, sourcePath) {
+    return readUtf8FileInsideWithoutSymlinks(templateRoot, sourcePath);
+}
+function sameTemplateFileContent(projectRoot, templateRoot, source, targetPath) {
+    return (source.content ?? readTemplateSourceText(templateRoot, source.sourcePath)) === readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath);
 }
 function formatLocaleChoice(locale) {
     const label = LOCALE_LABELS[locale] ?? locale;
@@ -605,11 +608,11 @@ async function promptInitOptions(template, options, reporter, lang) {
 function escapeRegExp(value) {
     return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
 }
-function planStatus(projectRoot, source, targetPath, options) {
+function planStatus(projectRoot, templateRoot, source, targetPath, options) {
     if (!existsSync(targetPath)) {
         return 'create';
     }
-    if (sameTemplateFileContent(projectRoot, source, targetPath)) {
+    if (sameTemplateFileContent(projectRoot, templateRoot, source, targetPath)) {
         return 'unchanged';
     }
     if (options.force) {
@@ -620,17 +623,15 @@ function planStatus(projectRoot, source, targetPath, options) {
     }
     return 'conflict';
 }
-function writeTemplateFile(projectRoot, source, targetPath) {
+function writeTemplateFile(projectRoot, templateRoot, source, targetPath) {
     if (source.content !== undefined) {
         writeUtf8FileInsideWithoutSymlinks(projectRoot, targetPath, source.content);
         return;
     }
-    ensureFileTargetInsideWithoutSymlinks(projectRoot, targetPath, { allowMissingLeaf: true });
-    mkdirSync(path.dirname(targetPath), { recursive: true });
-    copyFileSync(source.sourcePath, targetPath);
+    copyFileInsideWithoutSymlinks(templateRoot, source.sourcePath, projectRoot, targetPath);
 }
 function writePlannedFile(projectRoot, file) {
-    writeTemplateFile(projectRoot, file, file.targetPath);
+    writeTemplateFile(projectRoot, file.sourceRoot, file, file.targetPath);
 }
 function gitignoreFragmentPath(template) {
     return path.join(template.templateRoot, template.manifest.commonRoot, GITIGNORE_FRAGMENT_RELATIVE_PATH);
@@ -646,11 +647,11 @@ function mergeGitignoreContent(existingContent, fragmentContent) {
     }
     return `${existingContent.trimEnd()}\n\n${normalizedFragment}\n`;
 }
-function planGitignoreStatus(projectRoot, sourcePath, targetPath) {
+function planGitignoreStatus(projectRoot, sourceRoot, sourcePath, targetPath) {
     if (!existsSync(targetPath)) {
         return 'create';
     }
-    const mergedContent = mergeGitignoreContent(readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath), readFileSync(sourcePath, 'utf8'));
+    const mergedContent = mergeGitignoreContent(readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath), readTemplateSourceText(sourceRoot, sourcePath));
     return mergedContent === readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath) ? 'unchanged' : 'merge';
 }
 function renderPlanVerb(status) {
@@ -699,10 +700,11 @@ function buildPlannedFiles(template, selectedLocale, targetRoot, options) {
         return {
             relativePath: source.relativePath,
             sourcePath: source.sourcePath,
+            sourceRoot: template.templateRoot,
             sourceKind: source.sourceKind,
             content: source.content,
             targetPath,
-            status: planStatus(targetRoot, source, targetPath, options),
+            status: planStatus(targetRoot, template.templateRoot, source, targetPath, options),
             lock: true,
         };
     });
@@ -714,9 +716,10 @@ function buildPlannedFiles(template, selectedLocale, targetRoot, options) {
     plannedFiles.push({
         relativePath: GITIGNORE_RELATIVE_PATH,
         sourcePath,
+        sourceRoot: template.templateRoot,
         sourceKind: 'common',
         targetPath,
-        status: planGitignoreStatus(targetRoot, sourcePath, targetPath),
+        status: planGitignoreStatus(targetRoot, template.templateRoot, sourcePath, targetPath),
         lock: false,
     });
     return plannedFiles;
@@ -730,10 +733,7 @@ function backupConflictingFiles(projectRoot, conflicts) {
     for (const conflict of conflicts) {
         const backupPath = path.join(backupRoot, conflict.relativePath);
         ensureInside(backupRoot, backupPath);
-        ensureFileTargetInsideWithoutSymlinks(projectRoot, conflict.targetPath);
-        ensureFileTargetInsideWithoutSymlinks(projectRoot, backupPath, { allowMissingLeaf: true });
-        mkdirSync(path.dirname(backupPath), { recursive: true });
-        copyFileSync(conflict.targetPath, backupPath);
+        copyFileInsideWithoutSymlinks(projectRoot, conflict.targetPath, projectRoot, backupPath);
     }
     return backupRoot;
 }
@@ -960,7 +960,7 @@ export async function runInit(args, reporter, lang = 'en') {
         if (file.status === 'merge') {
             ensureFileTargetInsideWithoutSymlinks(targetRoot, file.targetPath);
             const mergedContent = file.relativePath === GITIGNORE_RELATIVE_PATH
-                ? mergeGitignoreContent(readUtf8FileInsideWithoutSymlinks(targetRoot, file.targetPath), readFileSync(file.sourcePath, 'utf8'))
+                ? mergeGitignoreContent(readUtf8FileInsideWithoutSymlinks(targetRoot, file.targetPath), readTemplateSourceText(file.sourceRoot, file.sourcePath))
                 : mergeAgentsContent(readUtf8FileInsideWithoutSymlinks(targetRoot, file.targetPath), selectedLocale);
             writeUtf8FileInsideWithoutSymlinks(targetRoot, file.targetPath, mergedContent);
             merged += 1;

package/dist/cli/commands/run.js

@@ -5,12 +5,11 @@ import { readCommandContract, readMustflowConfigIfExists } from '../../core/conf
 import { resolveRunReceiptRetentionPolicy } from '../../core/retention-policy.js';
 import { t } from '../lib/i18n.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
-import { createRunPlan, createRunPreview, isMustflowBuiltinIntent, renderRunPreviewText, } from '../lib/run-plan.js';
+import { createRunPlan, createRunPreview, renderRunPreviewText, } from '../lib/run-plan.js';
 import { writeRunReceipt, } from '../../core/run-receipt.js';
 import { recordRunPerformanceHistory } from '../../core/run-performance-history.js';
 import { RunProfiler } from '../../core/run-profile.js';
 import { finishRunWriteTracking, startRunWriteTracking } from '../../core/run-write-drift.js';
-import { runBuiltinArgvInProcess } from './run/builtin-dispatch.js';
 import { getRunStatus, runArgvCommandStreaming, runShellCommandStreaming } from './run/executor.js';
 import { emitOutput, isOutputLimitExceededError } from './run/output.js';
 import { createPendingTimeoutTermination, getKillMethod, terminateProcessTree } from './run/process-tree.js';
@@ -179,12 +178,6 @@ export async function runRun(args, reporter, lang = 'en', options = {}) {
     const childStartedAtMs = performance.now();
     const startedAt = new Date();
     const result = await profiler.measureAsync('child_command', async () => {
-        if (plan.commandArgv && isMustflowBuiltinIntent(plan.intent)) {
-            const builtinResult = await runBuiltinArgvInProcess(plan.commandArgv, plan.cwd, lang);
-            if (builtinResult) {
-                return builtinResult;
-            }
-        }
         if (plan.commandArgv) {
             streamedOutput = !json;
             return runArgvCommandStreaming(plan.argvCommand, plan.cwd, env, plan.timeoutSeconds, plan.killAfterSeconds, plan.maxOutputBytes, stdoutTailBytes, stderrTailBytes, reporter, !json, true);

package/dist/cli/commands/update.js

@@ -1,7 +1,7 @@
 import { createHash } from 'node:crypto';
-import { copyFileSync, existsSync, mkdirSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
-import { ensureFileTargetInsideWithoutSymlinks, ensureInside, writeUtf8FileInsideWithoutSymlinks, } from '../lib/filesystem.js';
+import { copyFileInsideWithoutSymlinks, ensureFileTargetInsideWithoutSymlinks, ensureInside, writeUtf8FileInsideWithoutSymlinks, } from '../lib/filesystem.js';
 import { MANIFEST_LOCK_RELATIVE_PATH, readManifestLock, sha256File } from '../lib/manifest-lock.js';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { t } from '../lib/i18n.js';
@@ -70,14 +70,12 @@ function lockedTemplateSkillNames(files) {
 function getInstalledTemplateFiles(projectRoot, template, lock) {
     return getTemplateFiles(template, lock.templateLocale ?? template.manifest.defaultLocale, lock.templateProfile ?? template.manifest.defaultProfile, { extraSkillNames: lockedTemplateSkillNames(lock.files) });
 }
-function writeTemplateFile(projectRoot, source, targetPath) {
+function writeTemplateFile(projectRoot, templateRoot, source, targetPath) {
     if (source.content !== undefined) {
         writeUtf8FileInsideWithoutSymlinks(projectRoot, targetPath, source.content);
         return;
     }
-    ensureFileTargetInsideWithoutSymlinks(projectRoot, targetPath, { allowMissingLeaf: true });
-    mkdirSync(path.dirname(targetPath), { recursive: true });
-    copyFileSync(source.sourcePath, targetPath);
+    copyFileInsideWithoutSymlinks(templateRoot, source.sourcePath, projectRoot, targetPath);
 }
 function templateTargetSafetyIssue(projectRoot, targetPath, allowMissingLeaf) {
     try {
@@ -223,7 +221,7 @@ function copyTemplateFile(projectRoot, relativePath) {
     ensureInside(template.templateRoot, source.sourcePath);
     ensureInside(projectRoot, targetPath);
     ensureFileTargetInsideWithoutSymlinks(projectRoot, targetPath, { allowMissingLeaf: true });
-    writeTemplateFile(projectRoot, source, targetPath);
+    writeTemplateFile(projectRoot, template.templateRoot, source, targetPath);
 }
 function backupUpdateFiles(projectRoot, items, reporter, lang) {
     const updateItems = items.filter((item) => item.action === 'update');
@@ -237,10 +235,7 @@ function backupUpdateFiles(projectRoot, items, reporter, lang) {
         const backupPath = path.join(backupRoot, item.relativePath);
         ensureInside(projectRoot, sourcePath);
         ensureInside(backupRoot, backupPath);
-        ensureFileTargetInsideWithoutSymlinks(projectRoot, sourcePath);
-        ensureFileTargetInsideWithoutSymlinks(projectRoot, backupPath, { allowMissingLeaf: true });
-        mkdirSync(path.dirname(backupPath), { recursive: true });
-        copyFileSync(sourcePath, backupPath);
+        copyFileInsideWithoutSymlinks(projectRoot, sourcePath, projectRoot, backupPath);
     }
     reporter.stdout(t(lang, 'update.backup.files', {
         count: updateItems.length,

package/dist/cli/lib/dashboard-preferences.js

@@ -1,10 +1,11 @@
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
 import { isRecord } from './command-contract.js';
+import { readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks } from './filesystem.js';
 import { isLocaleTag } from './locale-tags.js';
-import { markManifestLockFileCustomized } from './manifest-lock.js';
+import { ensureManifestLockTargetSafe, markManifestLockFileCustomized } from './manifest-lock.js';
 import { COMMIT_MESSAGE_STYLES, TEST_AUTHORING_POLICIES } from './preferences-options.js';
-import { readTomlFile } from './toml.js';
+import { parseTomlText } from './toml.js';
 const PREFERENCES_RELATIVE_PATH = '.mustflow/config/preferences.toml';
 export const DASHBOARD_PREFERENCE_SETTINGS = [
     {
@@ -281,7 +282,7 @@ export function readDashboardPreferences(projectRoot) {
     if (!existsSync(preferencesPath)) {
         throw new Error('Missing .mustflow/config/preferences.toml. Run mf init first or switch to a mustflow root.');
     }
-    const parsed = readTomlFile(preferencesPath);
+    const parsed = parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath));
     if (!isRecord(parsed)) {
         throw new Error('.mustflow/config/preferences.toml must contain a TOML table.');
     }
@@ -390,7 +391,7 @@ function coerceUpdateValue(definition, value) {
 export function updateDashboardPreferences(projectRoot, updates) {
     const preferencesPath = getPreferencesPath(projectRoot);
     const definitionsById = new Map(DASHBOARD_PREFERENCE_SETTINGS.map((definition) => [definition.id, definition]));
-    let content = readFileSync(preferencesPath, 'utf8');
+    let content = readUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath);
     for (const update of updates) {
         const definition = definitionsById.get(update.id);
         if (!definition) {
@@ -399,7 +400,8 @@ export function updateDashboardPreferences(projectRoot, updates) {
         const value = coerceUpdateValue(definition, update.value);
         content = setTomlScalar(content, definition.path, value);
     }
-    writeFileSync(preferencesPath, content);
+    ensureManifestLockTargetSafe(projectRoot);
+    writeUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath, content);
     markManifestLockFileCustomized(projectRoot, PREFERENCES_RELATIVE_PATH);
     return readDashboardPreferences(projectRoot);
 }

package/dist/cli/lib/filesystem.js

@@ -48,11 +48,14 @@ export function ensureInsideWithoutSymlinks(parentPath, childPath, options = {})
     }
 }
 export function readUtf8FileInsideWithoutSymlinks(parentPath, childPath) {
+    return readFileInsideWithoutSymlinks(parentPath, childPath).toString('utf8');
+}
+export function readFileInsideWithoutSymlinks(parentPath, childPath) {
     const absoluteChildPath = path.resolve(childPath);
     ensureInsideWithoutSymlinks(parentPath, absoluteChildPath);
     const fileDescriptor = openSync(absoluteChildPath, constants.O_RDONLY | NOFOLLOW_FLAG);
     try {
-        return readFileSync(fileDescriptor, 'utf8');
+        return readFileSync(fileDescriptor);
     }
     finally {
         closeSync(fileDescriptor);
@@ -79,6 +82,9 @@ export function ensureFileTargetInsideWithoutSymlinks(parentPath, childPath, opt
     }
 }
 export function writeUtf8FileInsideWithoutSymlinks(parentPath, childPath, content) {
+    writeFileInsideWithoutSymlinks(parentPath, childPath, content);
+}
+export function writeFileInsideWithoutSymlinks(parentPath, childPath, content) {
     const absoluteChildPath = path.resolve(childPath);
     const directoryPath = path.dirname(absoluteChildPath);
     ensureInsideWithoutSymlinks(parentPath, directoryPath, { allowMissingLeaf: true });
@@ -92,6 +98,10 @@ export function writeUtf8FileInsideWithoutSymlinks(parentPath, childPath, conten
         closeSync(fileDescriptor);
     }
 }
+export function copyFileInsideWithoutSymlinks(sourceParentPath, sourcePath, targetParentPath, targetPath) {
+    const content = readFileInsideWithoutSymlinks(sourceParentPath, sourcePath);
+    writeFileInsideWithoutSymlinks(targetParentPath, targetPath, content);
+}
 export function copyFileIfMissing(sourcePath, targetPath, relativePath) {
     if (existsSync(targetPath)) {
         return { status: 'skipped', relativePath };

package/dist/cli/lib/local-index/index.js

@@ -5,6 +5,7 @@ import { isRecord, readCommandContract, readString, readStringArray } from '../c
 import { listFilesRecursive, toPosixPath } from '../filesystem.js';
 import { readTomlFile } from '../toml.js';
 import { collectSourceAnchorIndexRecords, hasHighRiskSourceAnchorRiskTags, } from '../../../core/source-anchor-status.js';
+import { listSourceAnchorFiles } from '../../../core/source-anchors.js';
 import { normalizeCommandEffects } from '../../../core/command-effects.js';
 import { listChangeClassificationRuleDescriptors } from '../../../core/change-classification.js';
 import { DEFAULT_DATABASE_RELATIVE_PATH, DEFAULT_PROMPT_CACHE_STABLE_READ, DEFAULT_PROMPT_CACHE_TASK_SOURCES, DEFAULT_PROMPT_CACHE_VOLATILE_SOURCES, INDEX_CONFIG_RELATIVE_PATH, LOCAL_INDEX_CONTENT_MODE, LOCAL_INDEX_EXCLUDED_RAW_DATA_KINDS, LOCAL_INDEX_PARSER_VERSION, LOCAL_INDEX_SCHEMA_VERSION, LOCAL_INDEX_STORE_FULL_CONTENT, LATEST_RUN_STATE_RELATIVE_PATH, MAX_SEARCH_MATCH_SNIPPET_CHARS, MAX_SNIPPET_BYTES_PER_DOCUMENT, MUSTFLOW_RELATIVE_PATH, SEARCH_BACKEND_FTS5, SEARCH_BACKEND_TABLE_SCAN, SEARCH_MATCH_CONTEXT_AFTER_CHARS, SEARCH_MATCH_CONTEXT_BEFORE_CHARS, SEARCH_MATCH_TRUNCATION_MARKER, SEARCH_NGRAM_MAX_GRAMS_PER_TARGET, SEARCH_NGRAM_MAX_LENGTH, SEARCH_NGRAM_MAX_TOKEN_CHARS, SEARCH_NGRAM_MIN_LENGTH, SOURCE_INDEX_MAX_FILE_BYTES, TEST_DISABLE_FTS5_ENV, } from './constants.js';
@@ -308,12 +309,13 @@ function readIndexedFileMetadataRecord(projectRoot, relativePath, sourceScope) {
         mtimeMs: Math.round(stats.mtimeMs),
     };
 }
-function collectIndexedFileRecords(projectRoot, documents, sourceAnchors) {
+function collectIndexedFileRecords(projectRoot, documents, sourceAnchors, sourceAnchorCandidatePaths = []) {
     const records = new Map();
     for (const document of documents) {
         records.set(document.path, readIndexedFileRecord(projectRoot, document.path, 'workflow', document.contentHash));
     }
-    for (const anchorPath of [...new Set(sourceAnchors.map((anchor) => anchor.path))].sort((left, right) => left.localeCompare(right))) {
+    const sourcePaths = new Set([...sourceAnchorCandidatePaths, ...sourceAnchors.map((anchor) => anchor.path)]);
+    for (const anchorPath of [...sourcePaths].sort((left, right) => left.localeCompare(right))) {
         if (!records.has(anchorPath)) {
             records.set(anchorPath, readIndexedFileRecord(projectRoot, anchorPath, 'source_anchor'));
         }
@@ -323,15 +325,33 @@ function collectIndexedFileRecords(projectRoot, documents, sourceAnchors) {
     }
     return [...records.values()].sort((left, right) => left.path.localeCompare(right.path));
 }
-function collectFastPreflightIndexedFileMetadataRecords(projectRoot, includeSource) {
+function collectSourceAnchorCandidatePaths(projectRoot, sourceConfig) {
+    return listSourceAnchorFiles(projectRoot, {
+        ...sourceConfig,
+        excludeGeneratedOrVendor: true,
+    });
+}
+function collectFastPreflightIndexedFileMetadataRecords(projectRoot, includeSource, sourceConfig) {
+    const records = new Map();
+    for (const relativePath of getExistingIndexablePaths(projectRoot)) {
+        records.set(relativePath, readIndexedFileMetadataRecord(projectRoot, relativePath, 'workflow'));
+    }
     if (includeSource) {
-        return null;
+        try {
+            for (const sourcePath of collectSourceAnchorCandidatePaths(projectRoot, sourceConfig)) {
+                if (!records.has(sourcePath)) {
+                    records.set(sourcePath, readIndexedFileMetadataRecord(projectRoot, sourcePath, 'source_anchor'));
+                }
+            }
+        }
+        catch {
+            return null;
+        }
     }
-    const records = getExistingIndexablePaths(projectRoot).map((relativePath) => readIndexedFileMetadataRecord(projectRoot, relativePath, 'workflow'));
     if (existsSync(path.join(projectRoot, ...LATEST_RUN_STATE_RELATIVE_PATH.split('/')))) {
-        records.push(readIndexedFileMetadataRecord(projectRoot, LATEST_RUN_STATE_RELATIVE_PATH, 'state'));
+        records.set(LATEST_RUN_STATE_RELATIVE_PATH, readIndexedFileMetadataRecord(projectRoot, LATEST_RUN_STATE_RELATIVE_PATH, 'state'));
     }
-    return records.sort((left, right) => left.path.localeCompare(right.path));
+    return [...records.values()].sort((left, right) => left.path.localeCompare(right.path));
 }
 function normalizeSearchText(value) {
     return value.trim().replace(/\s+/g, ' ');
@@ -2170,7 +2190,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
     capabilities = detectLocalSearchCapabilities(capabilityDatabase);
     capabilityDatabase.close();
     if (incremental) {
-        const preflightFiles = collectFastPreflightIndexedFileMetadataRecords(projectRoot, includeSource);
+        const preflightFiles = collectFastPreflightIndexedFileMetadataRecords(projectRoot, includeSource, sourceConfig);
         const preflightReuse = await readIncrementalPreflightReuse(SQL, databasePath, projectRoot, preflightFiles, sourceScopeHash, dryRun, indexMode);
         if (preflightReuse.result) {
             return preflightReuse.result;
@@ -2184,6 +2204,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
     const previousSourceAnchors = includeSource
         ? await readPreviousSourceAnchorSnapshots(databasePath).catch(() => [])
         : [];
+    const sourceAnchorCandidatePaths = includeSource ? collectSourceAnchorCandidatePaths(projectRoot, sourceConfig) : [];
     const sourceAnchors = includeSource
         ? collectSourceAnchorIndexRecords(projectRoot, previousSourceAnchors, {
             ...sourceConfig,
@@ -2191,7 +2212,7 @@ export async function createLocalIndex(projectRoot, options = {}) {
         })
         : [];
     const verificationEvidence = createVerificationEvidenceIndex(projectRoot);
-    const indexedFiles = collectIndexedFileRecords(projectRoot, documents, sourceAnchors);
+    const indexedFiles = collectIndexedFileRecords(projectRoot, documents, sourceAnchors, sourceAnchorCandidatePaths);
     if (incremental) {
         const reuseDecision = await readIncrementalReuseDecision(SQL, databasePath, indexedFiles, sourceScopeHash);
         reusedExisting = reuseDecision.reusable;

package/dist/cli/lib/manifest-lock.js

@@ -1,8 +1,8 @@
 import { createHash } from 'node:crypto';
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
-import { ensureInside } from './filesystem.js';
-import { readTomlFile, stringifyToml } from './toml.js';
+import { ensureFileTargetInsideWithoutSymlinks, ensureInside, readFileInsideWithoutSymlinks, readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks, } from './filesystem.js';
+import { parseTomlText, stringifyToml } from './toml.js';
 export const MANIFEST_LOCK_RELATIVE_PATH = '.mustflow/config/manifest.lock.toml';
 function isRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
@@ -48,20 +48,31 @@ function parseManifestLock(raw) {
     };
 }
 export function sha256File(filePath) {
-    return `sha256:${createHash('sha256').update(readFileSync(filePath)).digest('hex')}`;
+    return `sha256:${createHash('sha256')
+        .update(readFileInsideWithoutSymlinks(path.dirname(filePath), filePath))
+        .digest('hex')}`;
+}
+function sha256ProjectFile(projectRoot, filePath) {
+    return `sha256:${createHash('sha256').update(readFileInsideWithoutSymlinks(projectRoot, filePath)).digest('hex')}`;
+}
+export function ensureManifestLockTargetSafe(projectRoot) {
+    const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
+    ensureInside(projectRoot, lockPath);
+    ensureFileTargetInsideWithoutSymlinks(projectRoot, lockPath, { allowMissingLeaf: true });
+    return existsSync(lockPath);
 }
 export function markManifestLockFileCustomized(projectRoot, relativePath) {
     const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
     const filePath = path.join(projectRoot, relativePath);
-    ensureInside(projectRoot, lockPath);
     ensureInside(projectRoot, filePath);
-    if (!existsSync(lockPath)) {
+    if (!ensureManifestLockTargetSafe(projectRoot)) {
         return false;
     }
+    ensureFileTargetInsideWithoutSymlinks(projectRoot, filePath, { allowMissingLeaf: true });
     if (!existsSync(filePath)) {
         throw new Error(`Cannot refresh manifest lock for missing file: ${relativePath}`);
     }
-    const parsed = readTomlFile(lockPath);
+    const parsed = parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, lockPath));
     if (!isRecord(parsed)) {
         throw new Error(`Invalid manifest lock: ${MANIFEST_LOCK_RELATIVE_PATH} must contain a TOML table`);
     }
@@ -71,20 +82,27 @@ export function markManifestLockFileCustomized(projectRoot, relativePath) {
     filesTable[relativePath] = {
         source: typeof existingTable.source === 'string' ? existingTable.source : 'template_common',
         last_action: 'customized',
-        content_hash: sha256File(filePath),
+        content_hash: sha256ProjectFile(projectRoot, filePath),
     };
     parsed.files = filesTable;
-    writeFileSync(lockPath, stringifyToml(parsed));
+    writeUtf8FileInsideWithoutSymlinks(projectRoot, lockPath, stringifyToml(parsed));
     return true;
 }
 export function readManifestLock(projectRoot) {
     const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
-    ensureInside(projectRoot, lockPath);
+    try {
+        ensureInside(projectRoot, lockPath);
+        ensureFileTargetInsideWithoutSymlinks(projectRoot, lockPath, { allowMissingLeaf: true });
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return { kind: 'invalid', lockPath, message };
+    }
     if (!existsSync(lockPath)) {
         return { kind: 'missing', lockPath };
     }
     try {
-        return { kind: 'present', lockPath, lock: parseManifestLock(readTomlFile(lockPath)) };
+        return { kind: 'present', lockPath, lock: parseManifestLock(parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, lockPath))) };
     }
     catch (error) {
         const message = error instanceof Error ? error.message : String(error);
@@ -121,7 +139,15 @@ export function inspectManifestLock(projectRoot) {
             issues.push(`Locked file missing: ${lockedFile.relativePath}`);
             continue;
         }
-        const actualHash = sha256File(filePath);
+        let actualHash;
+        try {
+            actualHash = sha256ProjectFile(projectRoot, filePath);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            issues.push(`Locked file cannot be read safely: ${lockedFile.relativePath}: ${message}`);
+            continue;
+        }
         if (actualHash !== lockedFile.contentHash) {
             changedFiles.push(lockedFile.relativePath);
             issues.push(`Lock hash mismatch: ${lockedFile.relativePath}`);

package/dist/core/command-classification.js

@@ -1,20 +1,4 @@
 const MUSTFLOW_BIN_NAMES = new Set(['mf', 'mustflow']);
-const IN_PROCESS_MUSTFLOW_BUILTIN_COMMANDS = new Set([
-    'check',
-    'classify',
-    'context',
-    'doctor',
-    'help',
-    'impact',
-    'line-endings',
-    'map',
-    'status',
-    'update',
-    'version-sources',
-]);
 export function isMustflowBinName(command) {
     return MUSTFLOW_BIN_NAMES.has(command.toLowerCase());
 }
-export function canRunMustflowBuiltinInProcess(command) {
-    return command !== undefined && IN_PROCESS_MUSTFLOW_BUILTIN_COMMANDS.has(command);
-}