mustflow 2.22.17 → 2.22.47

package/dist/cli/lib/repo-map.js

@@ -69,6 +69,8 @@ const MACHINE_CONTRACT_ANCHOR_FILES = [
     'schema.graphql',
     'schema.prisma',
 ];
+const ROOT_OPTIONAL_MARKDOWN_ANCHOR_FILE_SET = new Set(ROOT_OPTIONAL_MARKDOWN_ANCHOR_FILES);
+const MACHINE_CONTRACT_ANCHOR_FILE_SET = new Set(MACHINE_CONTRACT_ANCHOR_FILES);
 const DEFAULT_NESTED_ANCHOR_FILES = [
     'AGENTS.md',
     'REPO_MAP.md',
@@ -386,7 +388,13 @@ function renderDirectoryAnchors(anchors) {
     const grouped = new Map();
     for (const anchor of anchors) {
         const directory = getDirectoryName(anchor.relativePath);
-        grouped.set(directory, [...(grouped.get(directory) ?? []), anchor]);
+        const group = grouped.get(directory);
+        if (group) {
+            group.push(anchor);
+        }
+        else {
+            grouped.set(directory, [anchor]);
+        }
     }
     for (const directory of Array.from(grouped.keys()).sort((left, right) => {
         if (left === '/') {
@@ -469,13 +477,13 @@ function collectNestedRepository(projectRoot, repositoryPath, anchorFiles) {
         .filter((anchorFile) => EDITING_POLICY_ANCHORS.has(anchorFile) && existingAnchors.has(anchorFile))
         .map((anchorFile) => `${relativeRoot}${anchorFile}`);
     const rootDocuments = anchorFiles
-        .filter((anchorFile) => ROOT_OPTIONAL_MARKDOWN_ANCHOR_FILES.includes(anchorFile) && existingAnchors.has(anchorFile))
+        .filter((anchorFile) => ROOT_OPTIONAL_MARKDOWN_ANCHOR_FILE_SET.has(anchorFile) && existingAnchors.has(anchorFile))
         .map((anchorFile) => ({
         label: NESTED_ROOT_DOC_LABELS.get(anchorFile) ?? 'root document',
         relativePath: `${relativeRoot}${anchorFile}`,
     }));
     const machineContracts = anchorFiles
-        .filter((anchorFile) => MACHINE_CONTRACT_ANCHOR_FILES.includes(anchorFile) && existingAnchors.has(anchorFile))
+        .filter((anchorFile) => MACHINE_CONTRACT_ANCHOR_FILE_SET.has(anchorFile) && existingAnchors.has(anchorFile))
         .map((anchorFile) => `${relativeRoot}${anchorFile}`);
     const mustflowConfig = resolveAnchor('.mustflow/config/mustflow.toml');
     const commandContract = resolveAnchor('.mustflow/config/commands.toml');
@@ -502,9 +510,15 @@ function discoverNestedRepositories(projectRoot, mapConfig, workspaceConfig) {
     const repositories = [];
     const seenRepositoryPaths = new Set();
     const seenDirectoryPaths = new Set();
-    const projectRootRealPath = realpathSync(projectRoot);
+    let projectRootRealPath;
+    try {
+        projectRootRealPath = realpathSync(projectRoot);
+    }
+    catch {
+        return [];
+    }
     function visit(directoryTarget, depth) {
-        if (repositories.length >= workspaceConfig.maxRepositories || depth > workspaceConfig.maxDepth) {
+        if (repositories.length >= workspaceConfig.maxRepositories || depth >= workspaceConfig.maxDepth) {
             return;
         }
         if (seenDirectoryPaths.has(directoryTarget.realPath)) {

package/dist/cli/lib/validation/index.js

@@ -474,11 +474,15 @@ function validateSkills(projectRoot, issues) {
 function readSkillSectionIds(content) {
     return new Set([...content.matchAll(SKILL_SECTION_MARKER_PATTERN)].map((match) => match[1]));
 }
+function findFrontmatterEnd(content) {
+    const match = /\n---(?:\r?\n|$)/u.exec(content.slice(3));
+    return match ? 3 + match.index : -1;
+}
 function parseSimpleFrontmatter(content) {
     if (!content.startsWith('---')) {
         return {};
     }
-    const end = content.indexOf('\n---', 3);
+    const end = findFrontmatterEnd(content);
     if (end === -1) {
         return {};
     }
@@ -510,7 +514,7 @@ function readFrontmatterLines(content) {
     if (!content.startsWith('---')) {
         return [];
     }
-    const end = content.indexOf('\n---', 3);
+    const end = findFrontmatterEnd(content);
     if (end === -1) {
         return [];
     }

package/dist/core/active-run-locks.js

@@ -1,5 +1,5 @@
 import { createHash } from 'node:crypto';
-import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, writeFileSync, } from 'node:fs';
+import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync, } from 'node:fs';
 import path from 'node:path';
 import { commandEffectsConflict, normalizeCommandEffects, } from './command-effects.js';
 const ACTIVE_LOCK_SCHEMA_VERSION = '1';
@@ -8,8 +8,9 @@ const LOCK_ROOT_RELATIVE_PATH = '.mustflow/state/locks';
 const LOCK_MUTEX_STALE_MS = 30_000;
 const LOCK_MUTEX_WAIT_MS = 1_000;
 const LOCK_MUTEX_SLEEP_MS = 25;
+const LOCK_MUTEX_SLEEP_BUFFER = new Int32Array(new SharedArrayBuffer(4));
 function sleep(milliseconds) {
-    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, milliseconds);
+    Atomics.wait(LOCK_MUTEX_SLEEP_BUFFER, 0, 0, milliseconds);
 }
 function sha256(value) {
     return createHash('sha256').update(value).digest('hex');
@@ -194,20 +195,38 @@ function createRecord(projectRoot, intentName, effects, commandHash) {
 function acquireMutex(projectRoot) {
     const root = activeLockRoot(projectRoot);
     const mutex = activeLockMutexDirectory(projectRoot);
+    const ownerPath = path.join(mutex, 'owner.json');
+    const ownerToken = sha256(`${process.pid}:${Date.now()}:${process.hrtime.bigint()}`);
     mkdirSync(root, { recursive: true });
     let startedAt = Date.now();
     while (true) {
         try {
             mkdirSync(mutex);
-            writeFileSync(path.join(mutex, 'owner.json'), JSON.stringify({ pid: process.pid, started_at: new Date().toISOString() }, null, 2));
-            return () => rmSync(mutex, { recursive: true, force: true });
+            const ownerRecord = { pid: process.pid, started_at: new Date().toISOString(), token: ownerToken };
+            try {
+                writeFileSync(ownerPath, JSON.stringify(ownerRecord, null, 2));
+            }
+            catch (error) {
+                rmSync(mutex, { recursive: true, force: true });
+                throw error;
+            }
+            return () => {
+                try {
+                    const owner = JSON.parse(readFileSync(ownerPath, 'utf8'));
+                    if (Number(owner.pid) === ownerRecord.pid && owner.token === ownerRecord.token) {
+                        rmSync(mutex, { recursive: true, force: true });
+                    }
+                }
+                catch {
+                    // A missing or replaced owner file means this process no longer owns the mutex.
+                }
+            };
         }
         catch (error) {
             if (!error || typeof error !== 'object' || !('code' in error) || error.code !== 'EEXIST') {
                 throw error;
             }
             if (Date.now() - startedAt > LOCK_MUTEX_WAIT_MS) {
-                const ownerPath = path.join(mutex, 'owner.json');
                 try {
                     const owner = JSON.parse(readFileSync(ownerPath, 'utf8'));
                     const ownerPid = Number(owner.pid);
@@ -220,9 +239,18 @@ function acquireMutex(projectRoot) {
                     }
                 }
                 catch {
-                    rmSync(mutex, { recursive: true, force: true });
-                    startedAt = Date.now();
-                    continue;
+                    try {
+                        const mutexStat = statSync(mutex);
+                        if (Date.now() - mutexStat.mtimeMs > LOCK_MUTEX_STALE_MS) {
+                            rmSync(mutex, { recursive: true, force: true });
+                            startedAt = Date.now();
+                            continue;
+                        }
+                    }
+                    catch {
+                        startedAt = Date.now();
+                        continue;
+                    }
                 }
                 throw new Error('active_run_lock_mutex_busy');
             }

package/dist/core/atomic-state-write.js

@@ -1,30 +1,15 @@
 import { randomBytes } from 'node:crypto';
-import { mkdirSync, renameSync, unlinkSync, writeFileSync } from 'node:fs';
+import { mkdirSync } from 'node:fs';
 import path from 'node:path';
-function tempFilePath(targetPath) {
-    const suffix = `${process.pid}-${Date.now()}-${randomBytes(6).toString('hex')}`;
-    return path.join(path.dirname(targetPath), `.${path.basename(targetPath)}.${suffix}.tmp`);
-}
+import { writeUtf8FileInsideWithoutSymlinks } from './safe-filesystem.js';
 export function createStateRunId(prefix) {
     const timestamp = new Date().toISOString().replaceAll(/[:.]/g, '-');
     return `${prefix}-${timestamp}-${process.pid}-${randomBytes(6).toString('hex')}`;
 }
 export function atomicWriteTextFile(targetPath, content) {
-    mkdirSync(path.dirname(targetPath), { recursive: true });
-    const temporaryPath = tempFilePath(targetPath);
-    try {
-        writeFileSync(temporaryPath, content, { encoding: 'utf8', flag: 'wx' });
-        renameSync(temporaryPath, targetPath);
-    }
-    catch (error) {
-        try {
-            unlinkSync(temporaryPath);
-        }
-        catch {
-            // Best-effort cleanup for a temporary file that may not have been created.
-        }
-        throw error;
-    }
+    const targetDirectory = path.dirname(targetPath);
+    mkdirSync(targetDirectory, { recursive: true });
+    writeUtf8FileInsideWithoutSymlinks(targetDirectory, targetPath, content);
 }
 export function atomicWriteJsonFile(targetPath, value) {
     atomicWriteTextFile(targetPath, `${JSON.stringify(value, null, 2)}\n`);

package/dist/core/change-verification.js

@@ -188,11 +188,24 @@ function intentIsExplicitlySubsumed(commandContract, narrowerIntent, broaderInte
     return (intentExplicitlySubsumedBy(commandContract, narrowerIntent, broaderIntent) ||
         intentExplicitlySubsumes(commandContract, broaderIntent, narrowerIntent));
 }
+function minNumber(values) {
+    let minimum = null;
+    for (const value of values) {
+        minimum = minimum === null ? value : Math.min(minimum, value);
+    }
+    return minimum;
+}
 function selectVerificationCandidates(commandContract, candidates) {
     const runnableCandidates = candidates.filter((candidate) => candidate.status === 'runnable' && candidate.intent.length > 0);
     const selectedIntents = new Set(runnableCandidates.map((candidate) => candidate.intent));
     for (const candidate of runnableCandidates) {
-        const isSubsumed = runnableCandidates.some((other) => other.intent !== candidate.intent && intentIsExplicitlySubsumed(commandContract, candidate.intent, other.intent));
+        const isSubsumed = runnableCandidates.some((other) => {
+            if (other.intent === candidate.intent) {
+                return false;
+            }
+            return (intentIsExplicitlySubsumed(commandContract, candidate.intent, other.intent) &&
+                !intentIsExplicitlySubsumed(commandContract, other.intent, candidate.intent));
+        });
         if (isSubsumed) {
             selectedIntents.delete(candidate.intent);
         }
@@ -217,7 +230,10 @@ function selectVerificationCandidates(commandContract, candidates) {
         if (costs.some((cost) => cost === null)) {
             continue;
         }
-        const minCost = Math.min(...costs);
+        const minCost = minNumber(costs);
+        if (minCost === null) {
+            continue;
+        }
         const winners = group.filter((candidate) => readIntentCostExpectedSeconds(commandContract, candidate.intent) === minCost);
         if (winners.length !== 1) {
             continue;

package/dist/core/contract-lint.js

@@ -280,8 +280,8 @@ function pushCoverageFinding(issues, findings, severity, code, reason, intent, i
     });
     pushIssue(issues, severity, code, intent, message);
 }
-function configuredIntentIsRunnable(intent) {
-    return evaluateCommandIntentEligibility('summary', intent).ok;
+function configuredIntentIsRunnable(intentName, intent) {
+    return evaluateCommandIntentEligibility(intentName, intent).ok;
 }
 function lintIntent(name, value, issues) {
     if (!commandIntentNameIsSafe(name)) {
@@ -582,7 +582,7 @@ export function lintCommandContract(contract, options = {}) {
         summary: {
             totalIntents: intentEntries.length,
             configured: validIntents.filter((intent) => readString(intent, 'status') === 'configured').length,
-            runnable: validIntents.filter(configuredIntentIsRunnable).length,
+            runnable: intentTables.filter(([name, intent]) => configuredIntentIsRunnable(name, intent)).length,
             manualOnly: validIntents.filter((intent) => readString(intent, 'status') === 'manual_only').length,
             unknown: validIntents.filter((intent) => readString(intent, 'status') === 'unknown').length,
             errors,

package/dist/core/public-json-contracts.js

@@ -23,6 +23,54 @@ const PUBLIC_JSON_SCHEMA_CONTRACTS = [
         documented: true,
         installedCommand: ['mf', 'context', '--json'],
     },
+    {
+        id: 'workspace-summary',
+        schemaFile: 'workspace-summary.schema.json',
+        producer: 'mf api workspace-summary --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'api', 'workspace-summary', '--json'],
+    },
+    {
+        id: 'command-catalog',
+        schemaFile: 'command-catalog.schema.json',
+        producer: 'mf api command-catalog --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'api', 'command-catalog', '--json'],
+    },
+    {
+        id: 'verification-plan',
+        schemaFile: 'verification-plan.schema.json',
+        producer: 'mf api verification-plan --changed --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'api', 'verification-plan', '--changed', '--json'],
+    },
+    {
+        id: 'latest-evidence',
+        schemaFile: 'latest-evidence.schema.json',
+        producer: 'mf api latest-evidence --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'api', 'latest-evidence', '--json'],
+    },
+    {
+        id: 'diff-risk',
+        schemaFile: 'diff-risk.schema.json',
+        producer: 'mf api diff-risk --changed --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'api', 'diff-risk', '--changed', '--json'],
+    },
+    {
+        id: 'health',
+        schemaFile: 'health.schema.json',
+        producer: 'mf api health --json',
+        packaged: true,
+        documented: true,
+        installedCommand: ['mf', 'api', 'health', '--json'],
+    },
     {
         id: 'run-receipt',
         schemaFile: 'run-receipt.schema.json',

package/dist/core/repeated-failure.js

@@ -124,7 +124,7 @@ export function updateRepeatedFailureState(input) {
         requires_new_evidence: UNRESOLVED_VERIFY_STATUSES.has(input.status) && seenCount >= 2,
     };
     const nextFingerprints = [summary, ...state.fingerprints.filter((entry) => entry.fingerprint !== summary.fingerprint)]
-        .sort((left, right) => right.last_seen_at.localeCompare(left.last_seen_at))
+        .sort((left, right) => (left.last_seen_at > right.last_seen_at ? -1 : left.last_seen_at < right.last_seen_at ? 1 : 0))
         .slice(0, REPEATED_FAILURE_STATE_LIMIT);
     writeRepeatedFailureState(input.projectRoot, {
         schema_version: '1',

package/dist/core/run-write-drift.js

@@ -4,6 +4,7 @@ import { existsSync, lstatSync, readFileSync, readlinkSync, readdirSync } from '
 import path from 'node:path';
 import { normalizeCommandEffects } from './command-effects.js';
 const MAX_SNAPSHOT_FILES = 20_000;
+const MAX_SNAPSHOT_DIRECTORY_DEPTH = 200;
 const MAX_REPORTED_PATHS = 200;
 const GIT_STATUS_TIMEOUT_MS = 10_000;
 const GIT_STATUS_MAX_BUFFER_BYTES = 16 * 1024 * 1024;
@@ -40,33 +41,41 @@ function signatureForPath(fullPath) {
 }
 function signatureForGitStatusPath(projectRoot, relativePath, status) {
     const fullPath = path.join(projectRoot, ...relativePath.split('/'));
-    if (!existsSync(fullPath)) {
-        return `git:${status}:missing`;
-    }
-    const stat = lstatSync(fullPath);
-    if (stat.isSymbolicLink()) {
-        return `git:${status}:symlink:${readlinkSync(fullPath)}`;
-    }
-    if (!stat.isFile()) {
-        return `git:${status}:${stat.isDirectory() ? 'directory' : 'other'}:${stat.size}:${stat.mtimeMs}`;
+    try {
+        if (!existsSync(fullPath)) {
+            return `git:${status}:missing`;
+        }
+        const stat = lstatSync(fullPath);
+        if (stat.isSymbolicLink()) {
+            return `git:${status}:symlink:${readlinkSync(fullPath)}`;
+        }
+        if (!stat.isFile()) {
+            return `git:${status}:${stat.isDirectory() ? 'directory' : 'other'}:${stat.size}:${stat.mtimeMs}`;
+        }
+        if (stat.size > MAX_HASH_BYTES) {
+            return `git:${status}:file:${stat.size}:${stat.mtimeMs}:unhashed`;
+        }
+        const digest = createHash('sha256').update(readFileSync(fullPath)).digest('hex');
+        return `git:${status}:file:${stat.size}:${digest}`;
     }
-    if (stat.size > MAX_HASH_BYTES) {
-        return `git:${status}:file:${stat.size}:${stat.mtimeMs}:unhashed`;
+    catch {
+        return `git:${status}:missing`;
     }
-    const digest = createHash('sha256').update(readFileSync(fullPath)).digest('hex');
-    return `git:${status}:file:${stat.size}:${digest}`;
 }
-function collectSnapshotEntries(projectRoot, currentPath, entries) {
+function collectSnapshotEntries(currentPath, currentRelativePath, depth, entries) {
+    if (depth > MAX_SNAPSHOT_DIRECTORY_DEPTH) {
+        throw new Error('snapshot_directory_depth_limit_exceeded');
+    }
     const names = readdirSync(currentPath).sort((left, right) => left.localeCompare(right));
     for (const name of names) {
         const fullPath = path.join(currentPath, name);
-        const relativePath = normalizeRelativePath(path.relative(projectRoot, fullPath));
+        const relativePath = currentRelativePath === '.' ? name : `${currentRelativePath}/${name}`;
         const stat = lstatSync(fullPath);
         if (stat.isDirectory()) {
             if (isExcludedDirectory(relativePath, name)) {
                 continue;
             }
-            collectSnapshotEntries(projectRoot, fullPath, entries);
+            collectSnapshotEntries(fullPath, relativePath, depth + 1, entries);
             continue;
         }
         if (entries.size >= MAX_SNAPSHOT_FILES) {
@@ -90,7 +99,7 @@ function captureSnapshot(projectRoot, env) {
     }
     try {
         const entries = new Map();
-        collectSnapshotEntries(projectRoot, projectRoot, entries);
+        collectSnapshotEntries(projectRoot, '.', 0, entries);
         return { status: 'checked', entries, reason: null, source: 'recursive_snapshot' };
     }
     catch (error) {
@@ -145,6 +154,10 @@ function captureGitStatusSnapshot(projectRoot, env) {
         }
         entries.set(filePath, signatureForGitStatusPath(projectRoot, filePath, status));
         if (status.includes('R') || status.includes('C')) {
+            const sourcePath = normalizeRelativePath(parts[index + 1] ?? '');
+            if (status.includes('R') && sourcePath.length > 0) {
+                entries.set(sourcePath, `git:${status}:missing`);
+            }
             index += 1;
         }
     }

package/dist/core/safe-filesystem.js

@@ -1,7 +1,11 @@
-import { closeSync, constants, fstatSync, lstatSync, mkdirSync, openSync, readFileSync, renameSync, unlinkSync, writeFileSync, } from 'node:fs';
+import { closeSync, constants, fstatSync, lstatSync, mkdirSync, openSync, readFileSync, readSync, renameSync, unlinkSync, writeFileSync, } from 'node:fs';
 import { randomBytes } from 'node:crypto';
 import path from 'node:path';
 const NOFOLLOW_FLAG = typeof constants.O_NOFOLLOW === 'number' ? constants.O_NOFOLLOW : 0;
+const WINDOWS_RENAME_RETRY_DELAYS_MS = [10, 25, 50, 100, 200];
+const WINDOWS_RENAME_RETRY_CODES = new Set(['EBUSY', 'ENOTEMPTY', 'EPERM']);
+const WRITE_SLEEP_BUFFER = new Int32Array(new SharedArrayBuffer(4));
+const READ_CHUNK_BYTES = 64 * 1024;
 function isMissingPathError(error) {
     return error instanceof Error && 'code' in error && error.code === 'ENOENT';
 }
@@ -9,6 +13,30 @@ function tempFilePath(targetPath) {
     const suffix = `${process.pid}-${Date.now()}-${randomBytes(6).toString('hex')}`;
     return path.join(path.dirname(targetPath), `.${path.basename(targetPath)}.${suffix}.tmp`);
 }
+function sleep(milliseconds) {
+    Atomics.wait(WRITE_SLEEP_BUFFER, 0, 0, milliseconds);
+}
+function isRetryableWindowsRenameError(error) {
+    if (process.platform !== 'win32' || !error || typeof error !== 'object' || !('code' in error)) {
+        return false;
+    }
+    return WINDOWS_RENAME_RETRY_CODES.has(String(error.code));
+}
+function renameWithWindowsRetry(sourcePath, targetPath) {
+    for (let attempt = 0;; attempt += 1) {
+        try {
+            renameSync(sourcePath, targetPath);
+            return;
+        }
+        catch (error) {
+            const delay = WINDOWS_RENAME_RETRY_DELAYS_MS[attempt];
+            if (delay === undefined || !isRetryableWindowsRenameError(error)) {
+                throw error;
+            }
+            sleep(delay);
+        }
+    }
+}
 export function ensureInside(parentPath, childPath) {
     const parent = path.resolve(parentPath);
     const child = path.resolve(childPath);
@@ -42,13 +70,29 @@ export function ensureInsideWithoutSymlinks(parentPath, childPath, options = {})
             }
         }
         catch (error) {
-            if (isMissingPathError(error) && options.allowMissingLeaf) {
+            if (isMissingPathError(error) && (options.allowMissingDescendant || (isLeaf && options.allowMissingLeaf))) {
                 return;
             }
             throw error;
         }
     }
 }
+function readBoundedFileDescriptor(fileDescriptor, childPath, maxBytes) {
+    const chunks = [];
+    let totalBytes = 0;
+    while (true) {
+        const chunk = Buffer.allocUnsafe(Math.min(READ_CHUNK_BYTES, maxBytes + 1 - totalBytes));
+        const bytesRead = readSync(fileDescriptor, chunk, 0, chunk.byteLength, null);
+        if (bytesRead === 0) {
+            return Buffer.concat(chunks, totalBytes);
+        }
+        totalBytes += bytesRead;
+        if (totalBytes > maxBytes) {
+            throw new Error(`File exceeds maximum size ${maxBytes} bytes: ${childPath}`);
+        }
+        chunks.push(bytesRead === chunk.byteLength ? chunk : chunk.subarray(0, bytesRead));
+    }
+}
 function ensureDirectoryInsideWithoutSymlinks(parentPath, directoryPath) {
     ensureInside(parentPath, directoryPath);
     const parent = path.resolve(parentPath);
@@ -86,7 +130,7 @@ function ensureDirectoryInsideWithoutSymlinks(parentPath, directoryPath) {
 export function ensureFileTargetInsideWithoutSymlinks(parentPath, childPath, options = {}) {
     const absoluteChildPath = path.resolve(childPath);
     ensureInside(parentPath, absoluteChildPath);
-    ensureInsideWithoutSymlinks(parentPath, path.dirname(absoluteChildPath), { allowMissingLeaf: true });
+    ensureInsideWithoutSymlinks(parentPath, path.dirname(absoluteChildPath), { allowMissingDescendant: true });
     try {
         const stats = lstatSync(absoluteChildPath);
         if (stats.isSymbolicLink()) {
@@ -108,6 +152,9 @@ export function readFileInsideWithoutSymlinks(parentPath, childPath, options = {
     ensureInsideWithoutSymlinks(parentPath, absoluteChildPath);
     const fileDescriptor = openSync(absoluteChildPath, constants.O_RDONLY | NOFOLLOW_FLAG);
     try {
+        if (NOFOLLOW_FLAG === 0 && lstatSync(absoluteChildPath).isSymbolicLink()) {
+            throw new Error(`Path must not contain symlinks: ${childPath}`);
+        }
         const stats = fstatSync(fileDescriptor);
         if (!stats.isFile()) {
             throw new Error(`Path must be a regular file: ${childPath}`);
@@ -115,7 +162,9 @@ export function readFileInsideWithoutSymlinks(parentPath, childPath, options = {
         if (options.maxBytes !== undefined && stats.size > options.maxBytes) {
             throw new Error(`File exceeds maximum size ${options.maxBytes} bytes: ${childPath}`);
         }
-        return readFileSync(fileDescriptor);
+        return options.maxBytes === undefined
+            ? readFileSync(fileDescriptor)
+            : readBoundedFileDescriptor(fileDescriptor, childPath, options.maxBytes);
     }
     finally {
         closeSync(fileDescriptor);
@@ -137,7 +186,7 @@ export function writeFileInsideWithoutSymlinks(parentPath, childPath, content) {
         closeSync(fileDescriptor);
         fileDescriptor = null;
         ensureFileTargetInsideWithoutSymlinks(parentPath, absoluteChildPath, { allowMissingLeaf: true });
-        renameSync(temporaryPath, absoluteChildPath);
+        renameWithWindowsRetry(temporaryPath, absoluteChildPath);
     }
     catch (error) {
         if (fileDescriptor !== null) {

package/dist/core/skill-route-explanation.js

@@ -16,7 +16,8 @@ function readFrontmatterLines(content) {
     if (!content.startsWith('---')) {
         return [];
     }
-    const end = content.indexOf('\n---', 3);
+    const endMatch = /\n---(?:\r?\n|$)/u.exec(content.slice(3));
+    const end = endMatch ? 3 + endMatch.index : -1;
     if (end < 0) {
         return [];
     }

package/dist/core/source-anchors.js

@@ -21,6 +21,7 @@ export const SOURCE_ANCHOR_GENERATED_PATH_PARTS = new Set([
     'vendor',
 ]);
 export const SOURCE_ANCHOR_ALLOWED_FIELDS = new Set(['purpose', 'search', 'invariant', 'risk']);
+const MAX_SOURCE_ANCHOR_DIRECTORY_DEPTH = 200;
 export const SOURCE_ANCHOR_ALLOWED_RISKS = new Set([
     'authn',
     'authz',
@@ -79,10 +80,13 @@ function fileIsWithinSizeLimit(filePath, maxFileBytes) {
         return false;
     }
 }
-function listFilesRecursive(root, options, current = root) {
+function listFilesRecursive(root, options, current = root, depth = 0) {
     if (!existsSync(current)) {
         return [];
     }
+    if (depth > MAX_SOURCE_ANCHOR_DIRECTORY_DEPTH) {
+        return [];
+    }
     const currentRealPath = realpathSync(current);
     if (!pathIsInsideRoot(options.rootRealPath, currentRealPath) || options.visitedRealDirectories.has(currentRealPath)) {
         return [];
@@ -96,7 +100,7 @@ function listFilesRecursive(root, options, current = root) {
             continue;
         }
         if (entry.isDirectory()) {
-            files.push(...listFilesRecursive(root, options, entryPath));
+            files.push(...listFilesRecursive(root, options, entryPath, depth + 1));
             continue;
         }
         if (entry.isSymbolicLink()) {
@@ -121,7 +125,7 @@ function listFilesRecursive(root, options, current = root) {
                 continue;
             }
             if (stat.isDirectory()) {
-                files.push(...listFilesRecursive(root, options, entryPath));
+                files.push(...listFilesRecursive(root, options, entryPath, depth + 1));
                 continue;
             }
             if (stat.isFile()) {