mustflow 2.22.16 → 2.22.46

package/dist/cli/lib/repo-map.js

@@ -69,6 +69,8 @@ const MACHINE_CONTRACT_ANCHOR_FILES = [
     'schema.graphql',
     'schema.prisma',
 ];
+const ROOT_OPTIONAL_MARKDOWN_ANCHOR_FILE_SET = new Set(ROOT_OPTIONAL_MARKDOWN_ANCHOR_FILES);
+const MACHINE_CONTRACT_ANCHOR_FILE_SET = new Set(MACHINE_CONTRACT_ANCHOR_FILES);
 const DEFAULT_NESTED_ANCHOR_FILES = [
     'AGENTS.md',
     'REPO_MAP.md',
@@ -386,7 +388,13 @@ function renderDirectoryAnchors(anchors) {
     const grouped = new Map();
     for (const anchor of anchors) {
         const directory = getDirectoryName(anchor.relativePath);
-        grouped.set(directory, [...(grouped.get(directory) ?? []), anchor]);
+        const group = grouped.get(directory);
+        if (group) {
+            group.push(anchor);
+        }
+        else {
+            grouped.set(directory, [anchor]);
+        }
     }
     for (const directory of Array.from(grouped.keys()).sort((left, right) => {
         if (left === '/') {
@@ -469,13 +477,13 @@ function collectNestedRepository(projectRoot, repositoryPath, anchorFiles) {
         .filter((anchorFile) => EDITING_POLICY_ANCHORS.has(anchorFile) && existingAnchors.has(anchorFile))
         .map((anchorFile) => `${relativeRoot}${anchorFile}`);
     const rootDocuments = anchorFiles
-        .filter((anchorFile) => ROOT_OPTIONAL_MARKDOWN_ANCHOR_FILES.includes(anchorFile) && existingAnchors.has(anchorFile))
+        .filter((anchorFile) => ROOT_OPTIONAL_MARKDOWN_ANCHOR_FILE_SET.has(anchorFile) && existingAnchors.has(anchorFile))
         .map((anchorFile) => ({
         label: NESTED_ROOT_DOC_LABELS.get(anchorFile) ?? 'root document',
         relativePath: `${relativeRoot}${anchorFile}`,
     }));
     const machineContracts = anchorFiles
-        .filter((anchorFile) => MACHINE_CONTRACT_ANCHOR_FILES.includes(anchorFile) && existingAnchors.has(anchorFile))
+        .filter((anchorFile) => MACHINE_CONTRACT_ANCHOR_FILE_SET.has(anchorFile) && existingAnchors.has(anchorFile))
         .map((anchorFile) => `${relativeRoot}${anchorFile}`);
     const mustflowConfig = resolveAnchor('.mustflow/config/mustflow.toml');
     const commandContract = resolveAnchor('.mustflow/config/commands.toml');
@@ -502,9 +510,15 @@ function discoverNestedRepositories(projectRoot, mapConfig, workspaceConfig) {
     const repositories = [];
     const seenRepositoryPaths = new Set();
     const seenDirectoryPaths = new Set();
-    const projectRootRealPath = realpathSync(projectRoot);
+    let projectRootRealPath;
+    try {
+        projectRootRealPath = realpathSync(projectRoot);
+    }
+    catch {
+        return [];
+    }
     function visit(directoryTarget, depth) {
-        if (repositories.length >= workspaceConfig.maxRepositories || depth > workspaceConfig.maxDepth) {
+        if (repositories.length >= workspaceConfig.maxRepositories || depth >= workspaceConfig.maxDepth) {
             return;
         }
         if (seenDirectoryPaths.has(directoryTarget.realPath)) {

package/dist/cli/lib/run-plan.js

@@ -7,6 +7,7 @@ import { inspectActiveRunLocks, } from '../../core/active-run-locks.js';
 import { isRecord, readPositiveInteger, readString, readStringArray, } from '../../core/config-loading.js';
 import { DEFAULT_COMMAND_MAX_OUTPUT_BYTES, COMMAND_OUTPUT_LIMIT_SCOPE, MAX_COMMAND_OUTPUT_BYTES, commandMaxOutputBytesLimitMessage, } from '../../core/command-output-limits.js';
 import { normalizeSuccessExitCodes } from '../../core/success-exit-codes.js';
+import { normalizeSafeTestTargetPath, TEST_TARGET_PATH_ERROR } from '../../core/test-target-paths.js';
 import { evaluateCommandPreconditions, } from '../../core/command-preconditions.js';
 import { t } from './i18n.js';
 function getSuccessExitCodes(intent) {
@@ -28,12 +29,18 @@ function getRelativeProjectPath(projectRoot, targetPath) {
     return relativePath.length > 0 ? toPosixPath(relativePath) : '.';
 }
 function normalizeTestTargets(values) {
-    return [
-        ...new Set((values ?? [])
-            .map((value) => value.trim().replace(/\\/g, '/'))
-            .filter((value) => value.length > 0 && !path.posix.isAbsolute(value) && !path.win32.isAbsolute(value))
-            .filter((value) => value.split('/').every((segment) => segment.length > 0 && segment !== '.' && segment !== '..'))),
-    ].sort((left, right) => left.localeCompare(right));
+    const normalizedValues = [];
+    for (const value of values ?? []) {
+        const normalized = normalizeSafeTestTargetPath(value);
+        if (normalized === null) {
+            return { ok: false, detail: `Test target ${JSON.stringify(value)} is invalid: ${TEST_TARGET_PATH_ERROR}.` };
+        }
+        normalizedValues.push(normalized);
+    }
+    return {
+        ok: true,
+        values: [...new Set(normalizedValues)].sort((left, right) => left.localeCompare(right)),
+    };
 }
 function commandAcceptsTestTargets(intent) {
     return isRecord(intent.selection) && intent.selection.accepts_test_targets === true;
@@ -190,7 +197,13 @@ export function createRunPlan(projectRoot, contract, intentName, options = {}) {
     catch (error) {
         return createBlockedRunPlan(contract, intentName, rawIntent, eligibility, 'cwd_outside_project', error instanceof Error ? error.message : String(error), preconditions);
     }
-    const testTargets = commandAcceptsTestTargets(rawIntent) ? normalizeTestTargets(options.testTargets) : [];
+    const normalizedTestTargets = commandAcceptsTestTargets(rawIntent) ?
+        normalizeTestTargets(options.testTargets) :
+        { ok: true, values: [] };
+    if (!normalizedTestTargets.ok) {
+        return createBlockedRunPlan(contract, intentName, rawIntent, eligibility, 'invalid_test_target', normalizedTestTargets.detail, preconditions);
+    }
+    const testTargets = normalizedTestTargets.values;
     const commandArgv = metadata.commandArgv && testTargets.length > 0 ? [...metadata.commandArgv, ...testTargets] : metadata.commandArgv;
     if (!metadata.timeoutSeconds || !metadata.mode) {
         return createBlockedRunPlan(contract, intentName, rawIntent, eligibility, !metadata.timeoutSeconds ? 'missing_timeout' : 'missing_command_source', !metadata.timeoutSeconds ? 'Intent timeout_seconds is missing or invalid.' : 'Intent does not define argv or shell cmd.', preconditions);

package/dist/cli/lib/run-root-trust.js

@@ -1,8 +1,39 @@
-import { MANIFEST_LOCK_RELATIVE_PATH, readManifestLock } from './manifest-lock.js';
+import { MANIFEST_LOCK_RELATIVE_PATH, inspectManifestLock } from './manifest-lock.js';
 export const ALLOW_UNTRUSTED_ROOT_OPTION = '--allow-untrusted-root';
+const REQUIRED_RUN_TRUST_LOCK_PATHS = [
+    'AGENTS.md',
+    '.mustflow/config/commands.toml',
+];
 export function assessRunRootTrust(projectRoot) {
-    const readResult = readManifestLock(projectRoot);
+    const inspection = inspectManifestLock(projectRoot);
+    const { readResult } = inspection;
     if (readResult.kind === 'present') {
+        if (readResult.lock.files.length === 0) {
+            return {
+                trusted: false,
+                reason: 'manifest_lock_invalid',
+                manifestLockPath: readResult.lockPath,
+                detail: 'Manifest lock must track at least one file.',
+            };
+        }
+        const trackedPaths = new Set(readResult.lock.files.map((file) => file.relativePath));
+        const missingRequiredPath = REQUIRED_RUN_TRUST_LOCK_PATHS.find((relativePath) => !trackedPaths.has(relativePath));
+        if (missingRequiredPath) {
+            return {
+                trusted: false,
+                reason: 'manifest_lock_invalid',
+                manifestLockPath: readResult.lockPath,
+                detail: `Manifest lock must track ${missingRequiredPath}.`,
+            };
+        }
+        if (inspection.issues.length > 0) {
+            return {
+                trusted: false,
+                reason: 'manifest_lock_invalid',
+                manifestLockPath: readResult.lockPath,
+                detail: inspection.issues[0] ?? 'Manifest lock does not match the current workflow files.',
+            };
+        }
         return {
             trusted: true,
             reason: 'manifest_lock_present',

package/dist/cli/lib/validation/index.js

@@ -474,11 +474,15 @@ function validateSkills(projectRoot, issues) {
 function readSkillSectionIds(content) {
     return new Set([...content.matchAll(SKILL_SECTION_MARKER_PATTERN)].map((match) => match[1]));
 }
+function findFrontmatterEnd(content) {
+    const match = /\n---(?:\r?\n|$)/u.exec(content.slice(3));
+    return match ? 3 + match.index : -1;
+}
 function parseSimpleFrontmatter(content) {
     if (!content.startsWith('---')) {
         return {};
     }
-    const end = content.indexOf('\n---', 3);
+    const end = findFrontmatterEnd(content);
     if (end === -1) {
         return {};
     }
@@ -510,7 +514,7 @@ function readFrontmatterLines(content) {
     if (!content.startsWith('---')) {
         return [];
     }
-    const end = content.indexOf('\n---', 3);
+    const end = findFrontmatterEnd(content);
     if (end === -1) {
         return [];
     }

package/dist/cli/lib/validation/test-selection.js

@@ -2,9 +2,19 @@ import { existsSync } from 'node:fs';
 import path from 'node:path';
 import { isRecord } from '../command-contract.js';
 import { readMustflowTomlFile } from '../toml.js';
+import { normalizeSafeTestTargetPath, TEST_TARGET_PATH_ERROR } from '../../../core/test-target-paths.js';
 import { ALLOWED_TEST_SELECTION_RISKS, FORBIDDEN_TEST_SELECTION_COMMAND_AUTHORITY_FIELDS, TEST_SELECTION_CONFIG_PATH, } from './constants.js';
 import { isConfiguredCommandIntent, isDeclaredCommandIntent } from './command-intents.js';
 import { hasOwn, pushStrictIssue, validateAllowedStringField, validateNestedTable, validatePathArrayField, validateRequiredStringField, validateStringArrayField, } from './primitives.js';
+function validateTestTargetPathArrayField(table, key, label, issues) {
+    if (!hasOwn(table, key)) {
+        return;
+    }
+    const value = table[key];
+    if (!Array.isArray(value) || value.length === 0 || !value.every((entry) => normalizeSafeTestTargetPath(entry) !== null)) {
+        issues.push({ message: `${label} ${TEST_TARGET_PATH_ERROR}` });
+    }
+}
 function validateNoTestSelectionCommandAuthorityFields(label, table, issues) {
     for (const field of FORBIDDEN_TEST_SELECTION_COMMAND_AUTHORITY_FIELDS) {
         if (hasOwn(table, field)) {
@@ -59,7 +69,7 @@ function validateTestSelectionRule(rule, index, commandsToml, issues) {
         validateNoTestSelectionCommandAuthorityFields(`${label}.select`, select, issues);
         validateTestSelectionIntentReference(select.intent, `${label}.select.intent`, commandsToml, issues);
         validateTestSelectionIntentReference(select.fallback_intent, `${label}.select.fallback_intent`, commandsToml, issues);
-        validatePathArrayField(select, 'test_targets', `${TEST_SELECTION_CONFIG_PATH} ${label}.select.test_targets`, issues);
+        validateTestTargetPathArrayField(select, 'test_targets', `${TEST_SELECTION_CONFIG_PATH} ${label}.select.test_targets`, issues);
     }
 }
 export function validateStrictTestSelectionConfig(projectRoot, commandsToml, issues) {

package/dist/core/active-run-locks.js

@@ -1,5 +1,5 @@
 import { createHash } from 'node:crypto';
-import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, writeFileSync, } from 'node:fs';
+import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync, } from 'node:fs';
 import path from 'node:path';
 import { commandEffectsConflict, normalizeCommandEffects, } from './command-effects.js';
 const ACTIVE_LOCK_SCHEMA_VERSION = '1';
@@ -8,8 +8,9 @@ const LOCK_ROOT_RELATIVE_PATH = '.mustflow/state/locks';
 const LOCK_MUTEX_STALE_MS = 30_000;
 const LOCK_MUTEX_WAIT_MS = 1_000;
 const LOCK_MUTEX_SLEEP_MS = 25;
+const LOCK_MUTEX_SLEEP_BUFFER = new Int32Array(new SharedArrayBuffer(4));
 function sleep(milliseconds) {
-    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, milliseconds);
+    Atomics.wait(LOCK_MUTEX_SLEEP_BUFFER, 0, 0, milliseconds);
 }
 function sha256(value) {
     return createHash('sha256').update(value).digest('hex');
@@ -194,20 +195,38 @@ function createRecord(projectRoot, intentName, effects, commandHash) {
 function acquireMutex(projectRoot) {
     const root = activeLockRoot(projectRoot);
     const mutex = activeLockMutexDirectory(projectRoot);
+    const ownerPath = path.join(mutex, 'owner.json');
+    const ownerToken = sha256(`${process.pid}:${Date.now()}:${process.hrtime.bigint()}`);
     mkdirSync(root, { recursive: true });
     let startedAt = Date.now();
     while (true) {
         try {
             mkdirSync(mutex);
-            writeFileSync(path.join(mutex, 'owner.json'), JSON.stringify({ pid: process.pid, started_at: new Date().toISOString() }, null, 2));
-            return () => rmSync(mutex, { recursive: true, force: true });
+            const ownerRecord = { pid: process.pid, started_at: new Date().toISOString(), token: ownerToken };
+            try {
+                writeFileSync(ownerPath, JSON.stringify(ownerRecord, null, 2));
+            }
+            catch (error) {
+                rmSync(mutex, { recursive: true, force: true });
+                throw error;
+            }
+            return () => {
+                try {
+                    const owner = JSON.parse(readFileSync(ownerPath, 'utf8'));
+                    if (Number(owner.pid) === ownerRecord.pid && owner.token === ownerRecord.token) {
+                        rmSync(mutex, { recursive: true, force: true });
+                    }
+                }
+                catch {
+                    // A missing or replaced owner file means this process no longer owns the mutex.
+                }
+            };
         }
         catch (error) {
             if (!error || typeof error !== 'object' || !('code' in error) || error.code !== 'EEXIST') {
                 throw error;
             }
             if (Date.now() - startedAt > LOCK_MUTEX_WAIT_MS) {
-                const ownerPath = path.join(mutex, 'owner.json');
                 try {
                     const owner = JSON.parse(readFileSync(ownerPath, 'utf8'));
                     const ownerPid = Number(owner.pid);
@@ -220,9 +239,18 @@ function acquireMutex(projectRoot) {
                     }
                 }
                 catch {
-                    rmSync(mutex, { recursive: true, force: true });
-                    startedAt = Date.now();
-                    continue;
+                    try {
+                        const mutexStat = statSync(mutex);
+                        if (Date.now() - mutexStat.mtimeMs > LOCK_MUTEX_STALE_MS) {
+                            rmSync(mutex, { recursive: true, force: true });
+                            startedAt = Date.now();
+                            continue;
+                        }
+                    }
+                    catch {
+                        startedAt = Date.now();
+                        continue;
+                    }
                 }
                 throw new Error('active_run_lock_mutex_busy');
             }

package/dist/core/atomic-state-write.js

@@ -1,30 +1,15 @@
 import { randomBytes } from 'node:crypto';
-import { mkdirSync, renameSync, unlinkSync, writeFileSync } from 'node:fs';
+import { mkdirSync } from 'node:fs';
 import path from 'node:path';
-function tempFilePath(targetPath) {
-    const suffix = `${process.pid}-${Date.now()}-${randomBytes(6).toString('hex')}`;
-    return path.join(path.dirname(targetPath), `.${path.basename(targetPath)}.${suffix}.tmp`);
-}
+import { writeUtf8FileInsideWithoutSymlinks } from './safe-filesystem.js';
 export function createStateRunId(prefix) {
     const timestamp = new Date().toISOString().replaceAll(/[:.]/g, '-');
     return `${prefix}-${timestamp}-${process.pid}-${randomBytes(6).toString('hex')}`;
 }
 export function atomicWriteTextFile(targetPath, content) {
-    mkdirSync(path.dirname(targetPath), { recursive: true });
-    const temporaryPath = tempFilePath(targetPath);
-    try {
-        writeFileSync(temporaryPath, content, { encoding: 'utf8', flag: 'wx' });
-        renameSync(temporaryPath, targetPath);
-    }
-    catch (error) {
-        try {
-            unlinkSync(temporaryPath);
-        }
-        catch {
-            // Best-effort cleanup for a temporary file that may not have been created.
-        }
-        throw error;
-    }
+    const targetDirectory = path.dirname(targetPath);
+    mkdirSync(targetDirectory, { recursive: true });
+    writeUtf8FileInsideWithoutSymlinks(targetDirectory, targetPath, content);
 }
 export function atomicWriteJsonFile(targetPath, value) {
     atomicWriteTextFile(targetPath, `${JSON.stringify(value, null, 2)}\n`);

package/dist/core/change-verification.js

@@ -188,11 +188,24 @@ function intentIsExplicitlySubsumed(commandContract, narrowerIntent, broaderInte
     return (intentExplicitlySubsumedBy(commandContract, narrowerIntent, broaderIntent) ||
         intentExplicitlySubsumes(commandContract, broaderIntent, narrowerIntent));
 }
+function minNumber(values) {
+    let minimum = null;
+    for (const value of values) {
+        minimum = minimum === null ? value : Math.min(minimum, value);
+    }
+    return minimum;
+}
 function selectVerificationCandidates(commandContract, candidates) {
     const runnableCandidates = candidates.filter((candidate) => candidate.status === 'runnable' && candidate.intent.length > 0);
     const selectedIntents = new Set(runnableCandidates.map((candidate) => candidate.intent));
     for (const candidate of runnableCandidates) {
-        const isSubsumed = runnableCandidates.some((other) => other.intent !== candidate.intent && intentIsExplicitlySubsumed(commandContract, candidate.intent, other.intent));
+        const isSubsumed = runnableCandidates.some((other) => {
+            if (other.intent === candidate.intent) {
+                return false;
+            }
+            return (intentIsExplicitlySubsumed(commandContract, candidate.intent, other.intent) &&
+                !intentIsExplicitlySubsumed(commandContract, other.intent, candidate.intent));
+        });
         if (isSubsumed) {
             selectedIntents.delete(candidate.intent);
         }
@@ -217,7 +230,10 @@ function selectVerificationCandidates(commandContract, candidates) {
         if (costs.some((cost) => cost === null)) {
             continue;
         }
-        const minCost = Math.min(...costs);
+        const minCost = minNumber(costs);
+        if (minCost === null) {
+            continue;
+        }
         const winners = group.filter((candidate) => readIntentCostExpectedSeconds(commandContract, candidate.intent) === minCost);
         if (winners.length !== 1) {
             continue;

package/dist/core/command-intent-eligibility.js

@@ -76,6 +76,13 @@ export function evaluateCommandIntentEligibility(intentName, rawIntent) {
             detail: blockedPattern.detail,
         };
     }
+    if (rawIntent.mode === 'shell' && rawIntent.allow_shell !== true) {
+        return {
+            ok: false,
+            code: 'agent_shell_requires_allow',
+            detail: `Agent-runnable shell intent ${intentName} must set allow_shell = true.`,
+        };
+    }
     return {
         ok: true,
         code: 'ok',

package/dist/core/contract-lint.js

@@ -280,8 +280,8 @@ function pushCoverageFinding(issues, findings, severity, code, reason, intent, i
     });
     pushIssue(issues, severity, code, intent, message);
 }
-function configuredIntentIsRunnable(intent) {
-    return evaluateCommandIntentEligibility('summary', intent).ok;
+function configuredIntentIsRunnable(intentName, intent) {
+    return evaluateCommandIntentEligibility(intentName, intent).ok;
 }
 function lintIntent(name, value, issues) {
     if (!commandIntentNameIsSafe(name)) {
@@ -582,7 +582,7 @@ export function lintCommandContract(contract, options = {}) {
         summary: {
             totalIntents: intentEntries.length,
             configured: validIntents.filter((intent) => readString(intent, 'status') === 'configured').length,
-            runnable: validIntents.filter(configuredIntentIsRunnable).length,
+            runnable: intentTables.filter(([name, intent]) => configuredIntentIsRunnable(name, intent)).length,
             manualOnly: validIntents.filter((intent) => readString(intent, 'status') === 'manual_only').length,
             unknown: validIntents.filter((intent) => readString(intent, 'status') === 'unknown').length,
             errors,

package/dist/core/line-endings.js

@@ -1,6 +1,7 @@
 import { spawnSync } from 'node:child_process';
 import { existsSync } from 'node:fs';
 import path from 'node:path';
+import { createCommandEnv } from './command-env.js';
 import { readFileInsideWithoutSymlinks, writeFileInsideWithoutSymlinks } from './safe-filesystem.js';
 const GITATTRIBUTES_PATH = '.gitattributes';
 function toPosixPath(value) {
@@ -18,6 +19,7 @@ function gitList(projectRoot, args) {
     const result = spawnSync('git', [...args, '-z'], {
         cwd: projectRoot,
         encoding: 'buffer',
+        env: createCommandEnv(projectRoot, { policy: 'minimal', allowlist: [] }),
         stdio: ['ignore', 'pipe', 'pipe'],
         windowsHide: true,
     });

package/dist/core/repeated-failure.js

@@ -124,7 +124,7 @@ export function updateRepeatedFailureState(input) {
         requires_new_evidence: UNRESOLVED_VERIFY_STATUSES.has(input.status) && seenCount >= 2,
     };
     const nextFingerprints = [summary, ...state.fingerprints.filter((entry) => entry.fingerprint !== summary.fingerprint)]
-        .sort((left, right) => right.last_seen_at.localeCompare(left.last_seen_at))
+        .sort((left, right) => (left.last_seen_at > right.last_seen_at ? -1 : left.last_seen_at < right.last_seen_at ? 1 : 0))
         .slice(0, REPEATED_FAILURE_STATE_LIMIT);
     writeRepeatedFailureState(input.projectRoot, {
         schema_version: '1',

package/dist/core/run-write-drift.js

@@ -4,6 +4,7 @@ import { existsSync, lstatSync, readFileSync, readlinkSync, readdirSync } from '
 import path from 'node:path';
 import { normalizeCommandEffects } from './command-effects.js';
 const MAX_SNAPSHOT_FILES = 20_000;
+const MAX_SNAPSHOT_DIRECTORY_DEPTH = 200;
 const MAX_REPORTED_PATHS = 200;
 const GIT_STATUS_TIMEOUT_MS = 10_000;
 const GIT_STATUS_MAX_BUFFER_BYTES = 16 * 1024 * 1024;
@@ -40,33 +41,41 @@ function signatureForPath(fullPath) {
 }
 function signatureForGitStatusPath(projectRoot, relativePath, status) {
     const fullPath = path.join(projectRoot, ...relativePath.split('/'));
-    if (!existsSync(fullPath)) {
-        return `git:${status}:missing`;
-    }
-    const stat = lstatSync(fullPath);
-    if (stat.isSymbolicLink()) {
-        return `git:${status}:symlink:${readlinkSync(fullPath)}`;
-    }
-    if (!stat.isFile()) {
-        return `git:${status}:${stat.isDirectory() ? 'directory' : 'other'}:${stat.size}:${stat.mtimeMs}`;
+    try {
+        if (!existsSync(fullPath)) {
+            return `git:${status}:missing`;
+        }
+        const stat = lstatSync(fullPath);
+        if (stat.isSymbolicLink()) {
+            return `git:${status}:symlink:${readlinkSync(fullPath)}`;
+        }
+        if (!stat.isFile()) {
+            return `git:${status}:${stat.isDirectory() ? 'directory' : 'other'}:${stat.size}:${stat.mtimeMs}`;
+        }
+        if (stat.size > MAX_HASH_BYTES) {
+            return `git:${status}:file:${stat.size}:${stat.mtimeMs}:unhashed`;
+        }
+        const digest = createHash('sha256').update(readFileSync(fullPath)).digest('hex');
+        return `git:${status}:file:${stat.size}:${digest}`;
     }
-    if (stat.size > MAX_HASH_BYTES) {
-        return `git:${status}:file:${stat.size}:${stat.mtimeMs}:unhashed`;
+    catch {
+        return `git:${status}:missing`;
     }
-    const digest = createHash('sha256').update(readFileSync(fullPath)).digest('hex');
-    return `git:${status}:file:${stat.size}:${digest}`;
 }
-function collectSnapshotEntries(projectRoot, currentPath, entries) {
+function collectSnapshotEntries(currentPath, currentRelativePath, depth, entries) {
+    if (depth > MAX_SNAPSHOT_DIRECTORY_DEPTH) {
+        throw new Error('snapshot_directory_depth_limit_exceeded');
+    }
     const names = readdirSync(currentPath).sort((left, right) => left.localeCompare(right));
     for (const name of names) {
         const fullPath = path.join(currentPath, name);
-        const relativePath = normalizeRelativePath(path.relative(projectRoot, fullPath));
+        const relativePath = currentRelativePath === '.' ? name : `${currentRelativePath}/${name}`;
         const stat = lstatSync(fullPath);
         if (stat.isDirectory()) {
             if (isExcludedDirectory(relativePath, name)) {
                 continue;
             }
-            collectSnapshotEntries(projectRoot, fullPath, entries);
+            collectSnapshotEntries(fullPath, relativePath, depth + 1, entries);
             continue;
         }
         if (entries.size >= MAX_SNAPSHOT_FILES) {
@@ -75,8 +84,8 @@ function collectSnapshotEntries(projectRoot, currentPath, entries) {
         entries.set(relativePath, signatureForPath(fullPath));
     }
 }
-function captureSnapshot(projectRoot) {
-    const gitSnapshot = captureGitStatusSnapshot(projectRoot);
+function captureSnapshot(projectRoot, env) {
+    const gitSnapshot = captureGitStatusSnapshot(projectRoot, env);
     if (gitSnapshot) {
         return gitSnapshot;
     }
@@ -90,7 +99,7 @@ function captureSnapshot(projectRoot) {
     }
     try {
         const entries = new Map();
-        collectSnapshotEntries(projectRoot, projectRoot, entries);
+        collectSnapshotEntries(projectRoot, '.', 0, entries);
         return { status: 'checked', entries, reason: null, source: 'recursive_snapshot' };
     }
     catch (error) {
@@ -102,9 +111,10 @@ function captureSnapshot(projectRoot) {
         };
     }
 }
-function captureGitStatusSnapshot(projectRoot) {
+function captureGitStatusSnapshot(projectRoot, env) {
     const result = spawnSync('git', ['-C', projectRoot, 'status', '--porcelain=v1', '-z', `--untracked-files=${GIT_STATUS_UNTRACKED_MODE}`], {
         encoding: 'utf8',
+        env,
         input: '',
         maxBuffer: GIT_STATUS_MAX_BUFFER_BYTES,
         stdio: ['ignore', 'pipe', 'pipe'],
@@ -144,6 +154,10 @@ function captureGitStatusSnapshot(projectRoot) {
         }
         entries.set(filePath, signatureForGitStatusPath(projectRoot, filePath, status));
         if (status.includes('R') || status.includes('C')) {
+            const sourcePath = normalizeRelativePath(parts[index + 1] ?? '');
+            if (status.includes('R') && sourcePath.length > 0) {
+                entries.set(sourcePath, `git:${status}:missing`);
+            }
             index += 1;
         }
     }
@@ -206,21 +220,23 @@ function createUnavailableWriteDriftReceipt(declaredPaths, reason) {
         reason,
     };
 }
-export function startRunWriteTracking(projectRoot, contract, intentName, options = {}) {
+export function startRunWriteTracking(projectRoot, contract, intentName, options) {
     const declaredPaths = [
         ...listDeclaredWritePaths(projectRoot, contract, intentName),
         ...(options.additionalDeclaredPaths ?? []).map(normalizeRelativePath),
     ];
     return {
         projectRoot,
+        env: options.env,
         declaredPaths: [...new Set(declaredPaths)].sort((left, right) => left.localeCompare(right)),
-        before: captureSnapshot(projectRoot),
+        before: captureSnapshot(projectRoot, options.env),
     };
 }
-export function startRunWriteBatchTracking(projectRoot) {
+export function startRunWriteBatchTracking(projectRoot, env) {
     return {
         projectRoot,
-        before: captureSnapshot(projectRoot),
+        env,
+        before: captureSnapshot(projectRoot, env),
     };
 }
 export function finishRunWriteBatchTracking(tracker, intents) {
@@ -232,7 +248,7 @@ export function finishRunWriteBatchTracking(tracker, intents) {
     if (tracker.before.status === 'unavailable') {
         return fallbackReceipts;
     }
-    const after = captureSnapshot(tracker.projectRoot);
+    const after = captureSnapshot(tracker.projectRoot, tracker.env);
     if (after.status === 'unavailable') {
         return new Map(intents.map((intent) => [
             intent.intentName,
@@ -309,7 +325,7 @@ export function finishRunWriteTracking(tracker) {
     if (tracker.before.status === 'unavailable') {
         return createUnavailableWriteDriftReceipt(tracker.declaredPaths, tracker.before.reason);
     }
-    const after = captureSnapshot(tracker.projectRoot);
+    const after = captureSnapshot(tracker.projectRoot, tracker.env);
     if (after.status === 'unavailable') {
         return createUnavailableWriteDriftReceipt(tracker.declaredPaths, after.reason);
     }