npm - mustflow - Versions diffs - 2.18.7 → 2.18.21 - Mend

mustflow 2.18.7 → 2.18.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/README.md CHANGED Viewed

@@ -228,6 +228,10 @@ your-project/
       │  └─ SKILL.md
       ├─ vertical-slice-tdd/
       │  └─ SKILL.md
+      ├─ llm-service-ux-review/
+      │  └─ SKILL.md
+      ├─ search-ad-content-authoring/
+      │  └─ SKILL.md
       ├─ ui-quality-gate/
       │  └─ SKILL.md
       ├─ visual-review-artifact/

package/dist/cli/commands/dashboard.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { randomBytes } from 'node:crypto';
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync, readFileSync, statSync } from 'node:fs';
 import http from 'node:http';
 import path from 'node:path';
 import { openPathInFileManager, openUrlInBrowser } from '../lib/browser-open.js';
@@ -14,8 +14,8 @@ import { readGitChangedFiles } from '../lib/git-changes.js';
 import { isRecord, readCommandContract, readPositiveInteger, readString, readStringArray, } from '../lib/command-contract.js';
 import { readDashboardPreferences, updateDashboardPreferences, } from '../lib/dashboard-preferences.js';
 import { DOC_REVIEW_LEDGER_RELATIVE_PATH, isDocReviewStatus, isReviewerKind, listDocReviewEntries, markDocReviewEntry, } from '../lib/doc-review-ledger.js';
-import { inspectManifestLock } from '../lib/manifest-lock.js';
-import { readLatestLocalVerificationReadModelQueries, readLocalCommandEffectGraphs, } from '../lib/local-index.js';
+import { MANIFEST_LOCK_RELATIVE_PATH, inspectManifestLock } from '../lib/manifest-lock.js';
+import { getLocalIndexDatabasePath, readLatestLocalVerificationReadModelQueries, readLocalCommandEffectGraphs, } from '../lib/local-index.js';
 import { readPackageMetadata } from '../lib/package-info.js';
 import { t } from '../lib/i18n.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
@@ -36,6 +36,61 @@ const RELEASE_FILE_PATTERNS = [
 ];
 const SKILL_INDEX_RELATIVE_PATH = '.mustflow/skills/INDEX.md';
 const LATEST_RUN_RELATIVE_PATH = '.mustflow/state/runs/latest.json';
+const COMMANDS_RELATIVE_PATH = '.mustflow/config/commands.toml';
+const AGENTS_RELATIVE_PATH = 'AGENTS.md';
+const STATUS_BLOCK_CACHE_TTL_MS = 750;
+const dashboardStatusBlockCache = new Map();
+function dashboardStatusBlockCacheKey(projectRoot, blockName) {
+    return `${path.resolve(projectRoot)}\0${blockName}`;
+}
+function readFileSignature(filePath) {
+    try {
+        const stat = statSync(filePath);
+        return `${stat.mtimeMs}:${stat.size}`;
+    }
+    catch {
+        return 'missing';
+    }
+}
+function readProjectFileSignature(projectRoot, relativePath) {
+    return `${relativePath}=${readFileSignature(path.join(projectRoot, ...relativePath.split('/')))}`;
+}
+function readStatusBlockSignature(projectRoot, relativePaths) {
+    return relativePaths.map((relativePath) => readProjectFileSignature(projectRoot, relativePath)).join('|');
+}
+function readLocalIndexSignature(projectRoot) {
+    return `local_index=${readFileSignature(getLocalIndexDatabasePath(projectRoot))}`;
+}
+function readDashboardStatusBlock(projectRoot, blockName, signature, readBlock) {
+    const key = dashboardStatusBlockCacheKey(projectRoot, blockName);
+    const cached = dashboardStatusBlockCache.get(key);
+    const now = Date.now();
+    if (cached && cached.signature === signature && cached.expiresAt > now) {
+        return cached.value;
+    }
+    const value = readBlock();
+    dashboardStatusBlockCache.set(key, {
+        signature,
+        expiresAt: Date.now() + STATUS_BLOCK_CACHE_TTL_MS,
+        value,
+    });
+    return value;
+}
+async function readDashboardStatusBlockAsync(projectRoot, blockName, signature, readBlock) {
+    const key = dashboardStatusBlockCacheKey(projectRoot, blockName);
+    const cached = dashboardStatusBlockCache.get(key);
+    const now = Date.now();
+    if (cached && cached.signature === signature && cached.expiresAt > now) {
+        return cached.value;
+    }
+    const value = await readBlock();
+    dashboardStatusBlockCache.set(key, {
+        signature,
+        expiresAt: Date.now() + STATUS_BLOCK_CACHE_TTL_MS,
+        value,
+    });
+    return value;
+}
 function readFrontmatterLines(content) {
     if (!content.startsWith('---')) {
         return [];
@@ -677,16 +732,17 @@ function renderRunHistoryResponse(projectRoot) {
 }
 async function renderStatusResponse(projectRoot) {
     const context = getAgentContext(projectRoot);
-    const manifest = inspectManifestLock(projectRoot);
+    const manifest = readDashboardStatusBlock(projectRoot, 'manifest', readStatusBlockSignature(projectRoot, [MANIFEST_LOCK_RELATIVE_PATH]), () => inspectManifestLock(projectRoot));
     const lock = manifest.readResult.kind === 'present' ? manifest.readResult.lock : undefined;
-    const activeDocuments = listDocReviewEntries(projectRoot);
-    const rawCommandContract = readDashboardCommandContract(projectRoot);
-    const commandContract = await renderCommandContractResponse(projectRoot, rawCommandContract);
+    const activeDocuments = readDashboardStatusBlock(projectRoot, 'doc_review', readStatusBlockSignature(projectRoot, [DOC_REVIEW_LEDGER_RELATIVE_PATH]), () => listDocReviewEntries(projectRoot));
+    const rawCommandContractSignature = readStatusBlockSignature(projectRoot, [COMMANDS_RELATIVE_PATH]);
+    const rawCommandContract = readDashboardStatusBlock(projectRoot, 'raw_command_contract', rawCommandContractSignature, () => readDashboardCommandContract(projectRoot));
+    const commandContract = await readDashboardStatusBlockAsync(projectRoot, 'command_contract', `${rawCommandContractSignature}|${readLocalIndexSignature(projectRoot)}`, () => renderCommandContractResponse(projectRoot, rawCommandContract));
     const gitChangedFilesResult = readGitChangedFiles(projectRoot);
     const gitChangedFiles = gitChangedFilesResult.ok ? gitChangedFilesResult.files : [];
     const packageMetadata = readPackageMetadata();
     const verification = createDashboardVerificationSnapshot(projectRoot, rawCommandContract, commandContract.intents, gitChangedFiles, manifest.changedFiles, manifest.missingFiles);
-    const readModel = await readLatestLocalVerificationReadModelQueries(projectRoot);
+    const readModel = await readDashboardStatusBlockAsync(projectRoot, 'verification_read_model', readLocalIndexSignature(projectRoot), () => readLatestLocalVerificationReadModelQueries(projectRoot));
     return {
         schema_version: '1',
         command: 'dashboard status',
@@ -696,12 +752,12 @@ async function renderStatusResponse(projectRoot) {
         release: {
             package_name: packageMetadata.name,
             package_version: packageMetadata.version,
-            version_sources: detectVersionSources(projectRoot),
+            version_sources: readDashboardStatusBlock(projectRoot, 'version_sources', readStatusBlockSignature(projectRoot, ['package.json']), () => detectVersionSources(projectRoot)),
             release_sensitive_changed_files: matchingFiles(gitChangedFiles, RELEASE_FILE_PATTERNS),
         },
-        update: renderUpdateResponse(projectRoot),
-        run_history: renderRunHistoryResponse(projectRoot),
-        skills: renderSkillsResponse(projectRoot),
+        update: readDashboardStatusBlock(projectRoot, 'update', readStatusBlockSignature(projectRoot, [AGENTS_RELATIVE_PATH, MANIFEST_LOCK_RELATIVE_PATH]), () => renderUpdateResponse(projectRoot)),
+        run_history: readDashboardStatusBlock(projectRoot, 'run_history', readStatusBlockSignature(projectRoot, [LATEST_RUN_RELATIVE_PATH]), () => renderRunHistoryResponse(projectRoot)),
+        skills: readDashboardStatusBlock(projectRoot, 'skills', readStatusBlockSignature(projectRoot, [SKILL_INDEX_RELATIVE_PATH]), () => renderSkillsResponse(projectRoot)),
         tracked_files: lock?.files.length ?? 0,
         changed_files: manifest.changedFiles,
         missing_files: manifest.missingFiles,

package/dist/cli/commands/init.js CHANGED Viewed

@@ -1,9 +1,9 @@
-import { copyFileSync, existsSync, mkdirSync, readFileSync } from 'node:fs';
+import { existsSync, readFileSync } from 'node:fs';
 import path from 'node:path';
 import { stdin as processStdin, stdout as processStdout } from 'node:process';
 import { createInterface } from 'node:readline/promises';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
-import { ensureFileTargetInsideWithoutSymlinks, ensureInside, readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks, } from '../lib/filesystem.js';
+import { copyFileInsideWithoutSymlinks, ensureFileTargetInsideWithoutSymlinks, ensureInside, readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks, } from '../lib/filesystem.js';
 import { localeMessage, t } from '../lib/i18n.js';
 import { isLocaleTag } from '../lib/locale-tags.js';
 import { MANIFEST_LOCK_RELATIVE_PATH, sha256File } from '../lib/manifest-lock.js';
@@ -463,8 +463,11 @@ function parseOptions(args, reporter, lang) {
         preferenceOverrides,
     };
 }
-function sameTemplateFileContent(projectRoot, source, targetPath) {
-    return (source.content ?? readFileSync(source.sourcePath, 'utf8')) === readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath);
+function readTemplateSourceText(templateRoot, sourcePath) {
+    return readUtf8FileInsideWithoutSymlinks(templateRoot, sourcePath);
+}
+function sameTemplateFileContent(projectRoot, templateRoot, source, targetPath) {
+    return (source.content ?? readTemplateSourceText(templateRoot, source.sourcePath)) === readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath);
 }
 function formatLocaleChoice(locale) {
     const label = LOCALE_LABELS[locale] ?? locale;
@@ -605,11 +608,11 @@ async function promptInitOptions(template, options, reporter, lang) {
 function escapeRegExp(value) {
     return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
 }
-function planStatus(projectRoot, source, targetPath, options) {
+function planStatus(projectRoot, templateRoot, source, targetPath, options) {
     if (!existsSync(targetPath)) {
         return 'create';
     }
-    if (sameTemplateFileContent(projectRoot, source, targetPath)) {
+    if (sameTemplateFileContent(projectRoot, templateRoot, source, targetPath)) {
         return 'unchanged';
     }
     if (options.force) {
@@ -620,17 +623,15 @@ function planStatus(projectRoot, source, targetPath, options) {
     }
     return 'conflict';
 }
-function writeTemplateFile(projectRoot, source, targetPath) {
+function writeTemplateFile(projectRoot, templateRoot, source, targetPath) {
     if (source.content !== undefined) {
         writeUtf8FileInsideWithoutSymlinks(projectRoot, targetPath, source.content);
         return;
     }
-    ensureFileTargetInsideWithoutSymlinks(projectRoot, targetPath, { allowMissingLeaf: true });
-    mkdirSync(path.dirname(targetPath), { recursive: true });
-    copyFileSync(source.sourcePath, targetPath);
+    copyFileInsideWithoutSymlinks(templateRoot, source.sourcePath, projectRoot, targetPath);
 }
 function writePlannedFile(projectRoot, file) {
-    writeTemplateFile(projectRoot, file, file.targetPath);
+    writeTemplateFile(projectRoot, file.sourceRoot, file, file.targetPath);
 }
 function gitignoreFragmentPath(template) {
     return path.join(template.templateRoot, template.manifest.commonRoot, GITIGNORE_FRAGMENT_RELATIVE_PATH);
@@ -646,11 +647,11 @@ function mergeGitignoreContent(existingContent, fragmentContent) {
     }
     return `${existingContent.trimEnd()}\n\n${normalizedFragment}\n`;
 }
-function planGitignoreStatus(projectRoot, sourcePath, targetPath) {
+function planGitignoreStatus(projectRoot, sourceRoot, sourcePath, targetPath) {
     if (!existsSync(targetPath)) {
         return 'create';
     }
-    const mergedContent = mergeGitignoreContent(readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath), readFileSync(sourcePath, 'utf8'));
+    const mergedContent = mergeGitignoreContent(readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath), readTemplateSourceText(sourceRoot, sourcePath));
     return mergedContent === readUtf8FileInsideWithoutSymlinks(projectRoot, targetPath) ? 'unchanged' : 'merge';
 }
 function renderPlanVerb(status) {
@@ -699,10 +700,11 @@ function buildPlannedFiles(template, selectedLocale, targetRoot, options) {
         return {
             relativePath: source.relativePath,
             sourcePath: source.sourcePath,
+            sourceRoot: template.templateRoot,
             sourceKind: source.sourceKind,
             content: source.content,
             targetPath,
-            status: planStatus(targetRoot, source, targetPath, options),
+            status: planStatus(targetRoot, template.templateRoot, source, targetPath, options),
             lock: true,
         };
     });
@@ -714,9 +716,10 @@ function buildPlannedFiles(template, selectedLocale, targetRoot, options) {
     plannedFiles.push({
         relativePath: GITIGNORE_RELATIVE_PATH,
         sourcePath,
+        sourceRoot: template.templateRoot,
         sourceKind: 'common',
         targetPath,
-        status: planGitignoreStatus(targetRoot, sourcePath, targetPath),
+        status: planGitignoreStatus(targetRoot, template.templateRoot, sourcePath, targetPath),
         lock: false,
     });
     return plannedFiles;
@@ -730,10 +733,7 @@ function backupConflictingFiles(projectRoot, conflicts) {
     for (const conflict of conflicts) {
         const backupPath = path.join(backupRoot, conflict.relativePath);
         ensureInside(backupRoot, backupPath);
-        ensureFileTargetInsideWithoutSymlinks(projectRoot, conflict.targetPath);
-        ensureFileTargetInsideWithoutSymlinks(projectRoot, backupPath, { allowMissingLeaf: true });
-        mkdirSync(path.dirname(backupPath), { recursive: true });
-        copyFileSync(conflict.targetPath, backupPath);
+        copyFileInsideWithoutSymlinks(projectRoot, conflict.targetPath, projectRoot, backupPath);
     }
     return backupRoot;
 }
@@ -960,7 +960,7 @@ export async function runInit(args, reporter, lang = 'en') {
         if (file.status === 'merge') {
             ensureFileTargetInsideWithoutSymlinks(targetRoot, file.targetPath);
             const mergedContent = file.relativePath === GITIGNORE_RELATIVE_PATH
-                ? mergeGitignoreContent(readUtf8FileInsideWithoutSymlinks(targetRoot, file.targetPath), readFileSync(file.sourcePath, 'utf8'))
+                ? mergeGitignoreContent(readUtf8FileInsideWithoutSymlinks(targetRoot, file.targetPath), readTemplateSourceText(file.sourceRoot, file.sourcePath))
                 : mergeAgentsContent(readUtf8FileInsideWithoutSymlinks(targetRoot, file.targetPath), selectedLocale);
             writeUtf8FileInsideWithoutSymlinks(targetRoot, file.targetPath, mergedContent);
             merged += 1;

package/dist/cli/commands/run.js CHANGED Viewed

@@ -5,12 +5,11 @@ import { readCommandContract, readMustflowConfigIfExists } from '../../core/conf
 import { resolveRunReceiptRetentionPolicy } from '../../core/retention-policy.js';
 import { t } from '../lib/i18n.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
-import { createRunPlan, createRunPreview, isMustflowBuiltinIntent, renderRunPreviewText, } from '../lib/run-plan.js';
+import { createRunPlan, createRunPreview, renderRunPreviewText, } from '../lib/run-plan.js';
 import { writeRunReceipt, } from '../../core/run-receipt.js';
 import { recordRunPerformanceHistory } from '../../core/run-performance-history.js';
 import { RunProfiler } from '../../core/run-profile.js';
 import { finishRunWriteTracking, startRunWriteTracking } from '../../core/run-write-drift.js';
-import { runBuiltinArgvInProcess } from './run/builtin-dispatch.js';
 import { getRunStatus, runArgvCommandStreaming, runShellCommandStreaming } from './run/executor.js';
 import { emitOutput, isOutputLimitExceededError } from './run/output.js';
 import { createPendingTimeoutTermination, getKillMethod, terminateProcessTree } from './run/process-tree.js';
@@ -179,12 +178,6 @@ export async function runRun(args, reporter, lang = 'en', options = {}) {
     const childStartedAtMs = performance.now();
     const startedAt = new Date();
     const result = await profiler.measureAsync('child_command', async () => {
-        if (plan.commandArgv && isMustflowBuiltinIntent(plan.intent)) {
-            const builtinResult = await runBuiltinArgvInProcess(plan.commandArgv, plan.cwd, lang);
-            if (builtinResult) {
-                return builtinResult;
-            }
-        }
         if (plan.commandArgv) {
             streamedOutput = !json;
             return runArgvCommandStreaming(plan.argvCommand, plan.cwd, env, plan.timeoutSeconds, plan.killAfterSeconds, plan.maxOutputBytes, stdoutTailBytes, stderrTailBytes, reporter, !json, true);

package/dist/cli/commands/update.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { createHash } from 'node:crypto';
-import { copyFileSync, existsSync, mkdirSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
-import { ensureFileTargetInsideWithoutSymlinks, ensureInside, writeUtf8FileInsideWithoutSymlinks, } from '../lib/filesystem.js';
+import { copyFileInsideWithoutSymlinks, ensureFileTargetInsideWithoutSymlinks, ensureInside, writeUtf8FileInsideWithoutSymlinks, } from '../lib/filesystem.js';
 import { MANIFEST_LOCK_RELATIVE_PATH, readManifestLock, sha256File } from '../lib/manifest-lock.js';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { t } from '../lib/i18n.js';
@@ -70,14 +70,12 @@ function lockedTemplateSkillNames(files) {
 function getInstalledTemplateFiles(projectRoot, template, lock) {
     return getTemplateFiles(template, lock.templateLocale ?? template.manifest.defaultLocale, lock.templateProfile ?? template.manifest.defaultProfile, { extraSkillNames: lockedTemplateSkillNames(lock.files) });
 }
-function writeTemplateFile(projectRoot, source, targetPath) {
+function writeTemplateFile(projectRoot, templateRoot, source, targetPath) {
     if (source.content !== undefined) {
         writeUtf8FileInsideWithoutSymlinks(projectRoot, targetPath, source.content);
         return;
     }
-    ensureFileTargetInsideWithoutSymlinks(projectRoot, targetPath, { allowMissingLeaf: true });
-    mkdirSync(path.dirname(targetPath), { recursive: true });
-    copyFileSync(source.sourcePath, targetPath);
+    copyFileInsideWithoutSymlinks(templateRoot, source.sourcePath, projectRoot, targetPath);
 }
 function templateTargetSafetyIssue(projectRoot, targetPath, allowMissingLeaf) {
     try {
@@ -223,7 +221,7 @@ function copyTemplateFile(projectRoot, relativePath) {
     ensureInside(template.templateRoot, source.sourcePath);
     ensureInside(projectRoot, targetPath);
     ensureFileTargetInsideWithoutSymlinks(projectRoot, targetPath, { allowMissingLeaf: true });
-    writeTemplateFile(projectRoot, source, targetPath);
+    writeTemplateFile(projectRoot, template.templateRoot, source, targetPath);
 }
 function backupUpdateFiles(projectRoot, items, reporter, lang) {
     const updateItems = items.filter((item) => item.action === 'update');
@@ -237,10 +235,7 @@ function backupUpdateFiles(projectRoot, items, reporter, lang) {
         const backupPath = path.join(backupRoot, item.relativePath);
         ensureInside(projectRoot, sourcePath);
         ensureInside(backupRoot, backupPath);
-        ensureFileTargetInsideWithoutSymlinks(projectRoot, sourcePath);
-        ensureFileTargetInsideWithoutSymlinks(projectRoot, backupPath, { allowMissingLeaf: true });
-        mkdirSync(path.dirname(backupPath), { recursive: true });
-        copyFileSync(sourcePath, backupPath);
+        copyFileInsideWithoutSymlinks(projectRoot, sourcePath, projectRoot, backupPath);
     }
     reporter.stdout(t(lang, 'update.backup.files', {
         count: updateItems.length,

package/dist/cli/commands/verify.js CHANGED Viewed

@@ -16,7 +16,7 @@ import { readCommandContract } from '../../core/config-loading.js';
 import { DEFAULT_VERIFY_PARALLELISM, parseVerifyArgs } from './verify/args.js';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { t } from '../lib/i18n.js';
-import { readLocalCommandEffectGraph, readLocalPathSurfaces, readLocalSourceAnchorVerdictRisks, } from '../lib/local-index.js';
+import { readLocalCommandEffectGraphs, readLocalPathSurfaces, readLocalSourceAnchorVerdictRisks, } from '../lib/local-index.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
 const VERIFY_SCHEMA_VERSION = '1';
 const RUN_STATE_DIR = path.join('.mustflow', 'state', 'runs');
@@ -578,6 +578,20 @@ function skippedResult(candidate) {
         receipt: null,
     };
 }
+function stoppedAfterFailedBatchResult(entry, verificationPlanId) {
+    return {
+        intent: entry.intent,
+        status: 'skipped',
+        skipped: true,
+        reason: 'stopped_after_failed_batch',
+        detail: 'Skipped because an earlier verification batch failed and the schedule failure policy stops before the next batch.',
+        exit_code: null,
+        verification_plan_id: verificationPlanId,
+        receipt_path: null,
+        receipt_sha256: null,
+        receipt: null,
+    };
+}
 function candidateResultKey(candidate) {
     return candidate.intent
         ? `intent:${candidate.intent}`
@@ -670,21 +684,40 @@ async function runVerificationEntriesInParallelChunks(entries, parallelism, lang
     }
     return results;
 }
+function verificationResultFailed(result) {
+    return (!result.skipped &&
+        (result.status === 'failed' ||
+            result.status === 'timed_out' ||
+            result.status === 'start_failed' ||
+            result.status === 'output_limit_exceeded'));
+}
 async function runScheduledVerificationIntents(report, lang, verificationPlanId, scheduledTestTargets, parallelism) {
-    if (parallelism <= DEFAULT_VERIFY_PARALLELISM) {
-        return runVerificationEntriesSequentially(report.schedule.entries, lang, verificationPlanId, scheduledTestTargets);
-    }
     const results = [];
-    for (const batch of report.schedule.batches) {
+    for (let batchIndex = 0; batchIndex < report.schedule.batches.length; batchIndex += 1) {
+        const batch = report.schedule.batches[batchIndex];
         const entries = entriesForScheduleBatch(report.schedule.entries, batch);
         if (entries.length === 0) {
             continue;
         }
+        let batchResults;
         if (entries.length > 1 && entries.every((entry) => entry.parallelEligible)) {
-            results.push(...(await runVerificationEntriesInParallelChunks(entries, parallelism, lang, verificationPlanId, scheduledTestTargets)));
+            batchResults =
+                parallelism > DEFAULT_VERIFY_PARALLELISM
+                    ? await runVerificationEntriesInParallelChunks(entries, parallelism, lang, verificationPlanId, scheduledTestTargets)
+                    : await runVerificationEntriesSequentially(entries, lang, verificationPlanId, scheduledTestTargets);
+        }
+        else {
+            batchResults = await runVerificationEntriesSequentially(entries, lang, verificationPlanId, scheduledTestTargets);
+        }
+        results.push(...batchResults);
+        if (!batchResults.some(verificationResultFailed)) {
             continue;
         }
-        results.push(...(await runVerificationEntriesSequentially(entries, lang, verificationPlanId, scheduledTestTargets)));
+        const remainingEntries = report.schedule.batches
+            .slice(batchIndex + 1)
+            .flatMap((remainingBatch) => entriesForScheduleBatch(report.schedule.entries, remainingBatch));
+        results.push(...remainingEntries.map((entry) => stoppedAfterFailedBatchResult(entry, verificationPlanId)));
+        break;
     }
     return results;
 }
@@ -1276,14 +1309,11 @@ async function createPlanOnlyOutput(input, projectRoot) {
     if (!firstEntry) {
         return { ...report, verification_plan_id: verificationPlanId, requirements };
     }
-    const firstGraph = await readLocalCommandEffectGraph(projectRoot, firstEntry.intent);
-    const graphsByIntent = new Map([[firstEntry.intent, firstGraph]]);
-    if (firstGraph.status === 'fresh') {
-        for (const entry of report.schedule.entries.slice(1)) {
-            if (!graphsByIntent.has(entry.intent)) {
-                graphsByIntent.set(entry.intent, await readLocalCommandEffectGraph(projectRoot, entry.intent));
-            }
-        }
+    const scheduledIntents = Array.from(new Set(report.schedule.entries.map((entry) => entry.intent)));
+    const graphsByIntent = await readLocalCommandEffectGraphs(projectRoot, scheduledIntents);
+    const firstGraph = graphsByIntent.get(firstEntry.intent);
+    if (!firstGraph) {
+        return { ...report, verification_plan_id: verificationPlanId, requirements };
     }
     return {
         ...report,

package/dist/cli/lib/dashboard-preferences.js CHANGED Viewed

@@ -1,10 +1,11 @@
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
 import { isRecord } from './command-contract.js';
+import { readUtf8FileInsideWithoutSymlinks, writeUtf8FileInsideWithoutSymlinks } from './filesystem.js';
 import { isLocaleTag } from './locale-tags.js';
-import { markManifestLockFileCustomized } from './manifest-lock.js';
+import { ensureManifestLockTargetSafe, markManifestLockFileCustomized } from './manifest-lock.js';
 import { COMMIT_MESSAGE_STYLES, TEST_AUTHORING_POLICIES } from './preferences-options.js';
-import { readTomlFile } from './toml.js';
+import { parseTomlText } from './toml.js';
 const PREFERENCES_RELATIVE_PATH = '.mustflow/config/preferences.toml';
 export const DASHBOARD_PREFERENCE_SETTINGS = [
     {
@@ -281,7 +282,7 @@ export function readDashboardPreferences(projectRoot) {
     if (!existsSync(preferencesPath)) {
         throw new Error('Missing .mustflow/config/preferences.toml. Run mf init first or switch to a mustflow root.');
     }
-    const parsed = readTomlFile(preferencesPath);
+    const parsed = parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath));
     if (!isRecord(parsed)) {
         throw new Error('.mustflow/config/preferences.toml must contain a TOML table.');
     }
@@ -390,7 +391,7 @@ function coerceUpdateValue(definition, value) {
 export function updateDashboardPreferences(projectRoot, updates) {
     const preferencesPath = getPreferencesPath(projectRoot);
     const definitionsById = new Map(DASHBOARD_PREFERENCE_SETTINGS.map((definition) => [definition.id, definition]));
-    let content = readFileSync(preferencesPath, 'utf8');
+    let content = readUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath);
     for (const update of updates) {
         const definition = definitionsById.get(update.id);
         if (!definition) {
@@ -399,7 +400,8 @@ export function updateDashboardPreferences(projectRoot, updates) {
         const value = coerceUpdateValue(definition, update.value);
         content = setTomlScalar(content, definition.path, value);
     }
-    writeFileSync(preferencesPath, content);
+    ensureManifestLockTargetSafe(projectRoot);
+    writeUtf8FileInsideWithoutSymlinks(projectRoot, preferencesPath, content);
     markManifestLockFileCustomized(projectRoot, PREFERENCES_RELATIVE_PATH);
     return readDashboardPreferences(projectRoot);
 }

package/dist/cli/lib/filesystem.js CHANGED Viewed

@@ -48,11 +48,14 @@ export function ensureInsideWithoutSymlinks(parentPath, childPath, options = {})
     }
 }
 export function readUtf8FileInsideWithoutSymlinks(parentPath, childPath) {
+    return readFileInsideWithoutSymlinks(parentPath, childPath).toString('utf8');
+}
+export function readFileInsideWithoutSymlinks(parentPath, childPath) {
     const absoluteChildPath = path.resolve(childPath);
     ensureInsideWithoutSymlinks(parentPath, absoluteChildPath);
     const fileDescriptor = openSync(absoluteChildPath, constants.O_RDONLY | NOFOLLOW_FLAG);
     try {
-        return readFileSync(fileDescriptor, 'utf8');
+        return readFileSync(fileDescriptor);
     }
     finally {
         closeSync(fileDescriptor);
@@ -79,6 +82,9 @@ export function ensureFileTargetInsideWithoutSymlinks(parentPath, childPath, opt
     }
 }
 export function writeUtf8FileInsideWithoutSymlinks(parentPath, childPath, content) {
+    writeFileInsideWithoutSymlinks(parentPath, childPath, content);
+}
+export function writeFileInsideWithoutSymlinks(parentPath, childPath, content) {
     const absoluteChildPath = path.resolve(childPath);
     const directoryPath = path.dirname(absoluteChildPath);
     ensureInsideWithoutSymlinks(parentPath, directoryPath, { allowMissingLeaf: true });
@@ -92,6 +98,10 @@ export function writeUtf8FileInsideWithoutSymlinks(parentPath, childPath, conten
         closeSync(fileDescriptor);
     }
 }
+export function copyFileInsideWithoutSymlinks(sourceParentPath, sourcePath, targetParentPath, targetPath) {
+    const content = readFileInsideWithoutSymlinks(sourceParentPath, sourcePath);
+    writeFileInsideWithoutSymlinks(targetParentPath, targetPath, content);
+}
 export function copyFileIfMissing(sourcePath, targetPath, relativePath) {
     if (existsSync(targetPath)) {
         return { status: 'skipped', relativePath };

package/dist/cli/lib/git-changes.js CHANGED Viewed

@@ -1,5 +1,7 @@
 import { spawnSync } from 'node:child_process';
 import { parseGitStatusOutput } from '../../core/change-classification.js';
+const GIT_STATUS_TIMEOUT_MS = 10_000;
+const GIT_STATUS_MAX_BUFFER_BYTES = 16 * 1024 * 1024;
 export class GitChangedFilesError extends Error {
     result;
     constructor(result) {
@@ -9,9 +11,13 @@ export class GitChangedFilesError extends Error {
     }
 }
 export function readGitChangedFiles(projectRoot) {
-    const result = spawnSync('git', ['status', '--short', '--untracked-files=all'], {
+    const result = spawnSync('git', ['status', '--porcelain=v1', '-z', '--untracked-files=all'], {
         cwd: projectRoot,
         encoding: 'utf8',
+        input: '',
+        maxBuffer: GIT_STATUS_MAX_BUFFER_BYTES,
+        stdio: ['ignore', 'pipe', 'pipe'],
+        timeout: GIT_STATUS_TIMEOUT_MS,
         windowsHide: true,
     });
     if (result.status !== 0 || typeof result.stdout !== 'string') {