mustflow 2.22.3 → 2.22.5

package/README.md

@@ -147,7 +147,9 @@ mustflow is not an automatic project editor and is not tied to a single agent pr
 
 ## Installed files
 
-`mf init` installs only the agent workflow into the current directory.
+`mf init` installs only the agent workflow into the current directory. The exact skill files depend
+on the selected profile; run `mf init --dry-run --profile <profile>` to preview the concrete plan
+for a project before writing files.
 
 ```text
 your-project/
@@ -166,83 +168,15 @@ your-project/
    │  └─ agent-workflow.md
    └─ skills/
       ├─ INDEX.md
-      ├─ artifact-integrity-check/
-      │  └─ SKILL.md
-      ├─ behavior-preserving-refactor/
-      │  └─ SKILL.md
-      ├─ code-review/
-      │  └─ SKILL.md
-      ├─ codebase-orientation/
-      │  └─ SKILL.md
-      ├─ contract-sync-check/
-      │  └─ SKILL.md
-      ├─ date-number-audit/
-      │  └─ SKILL.md
-      ├─ database-change-safety/
-      │  └─ SKILL.md
-      ├─ dependency-reality-check/
-      │  └─ SKILL.md
-      ├─ diff-risk-review/
-      │  └─ SKILL.md
-      ├─ docs-prose-review/
-      │  └─ SKILL.md
-      ├─ docs-update/
-      │  └─ SKILL.md
-      ├─ external-prompt-injection-defense/
-      │  └─ SKILL.md
-      ├─ external-skill-intake/
-      │  └─ SKILL.md
-      ├─ failure-triage/
-      │  └─ SKILL.md
-      ├─ instruction-conflict-scope-check/
-      │  └─ SKILL.md
-      ├─ migration-safety-check/
-      │  └─ SKILL.md
-      ├─ multi-agent-work-coordination/
-      │  └─ SKILL.md
-      ├─ performance-budget-check/
-      │  └─ SKILL.md
-      ├─ project-context-authoring/
-      │  └─ SKILL.md
-      ├─ pattern-scout/
-      │  └─ SKILL.md
-      ├─ repo-improvement-loop/
-      │  └─ SKILL.md
-      ├─ requirement-regression-guard/
-      │  └─ SKILL.md
-      ├─ repro-first-debug/
-      │  └─ SKILL.md
-      ├─ security-privacy-review/
-      │  └─ SKILL.md
-      ├─ source-freshness-check/
-      │  └─ SKILL.md
-      ├─ structure-discovery-gate/
-      │  └─ SKILL.md
-      ├─ security-regression-tests/
-      │  └─ SKILL.md
-      ├─ skill-authoring/
-      │  └─ SKILL.md
-      ├─ test-design-guard/
-      │  └─ SKILL.md
-      ├─ test-maintenance/
-      │  └─ SKILL.md
-      ├─ vertical-slice-tdd/
-      │  └─ SKILL.md
-      ├─ llm-service-ux-review/
-      │  └─ SKILL.md
-      ├─ search-ad-content-authoring/
-      │  └─ SKILL.md
-      ├─ ui-quality-gate/
-      │  └─ SKILL.md
-      ├─ visual-review-artifact/
-      │  ├─ SKILL.md
-      │  ├─ resources.toml
-      │  └─ assets/
-      │     └─ review-template.html
-      └─ web-asset-optimization/
+      ├─ routes.toml
+      └─ <profile-selected-skill>/
          └─ SKILL.md
 ```
 
+Profiles select the installed skill surface. The package can include optional skill files that are
+not copied into every project profile. Non-English workflow documents are localized when available;
+skill procedures currently fall back to the canonical English skill files.
+
 The default template does not create project-owned root documents or contract files such as `README.md`, `PROJECT.md`, `ROADMAP.md`, `DESIGN.md`, `GOVERNANCE.md`, `TESTING.md`, `API.md`, `project.contract.json`, or `openapi.yaml`. It also does not create CI configuration, general `docs/`, or general `skills/`. User projects may already use those names for their own files.
 
 `mf init` creates `.gitignore` if it is missing. If `.gitignore` exists, mustflow updates only its managed block and preserves user rules.

package/dist/cli/commands/contract-lint.js

@@ -2,11 +2,11 @@ import { existsSync } from 'node:fs';
 import path from 'node:path';
 import { lintCommandContract } from '../../core/contract-lint.js';
 import { readCommandContract, isRecord } from '../../core/config-loading.js';
-import { readTomlFile } from '../../core/toml.js';
 import { releaseVersioningIsEnabled } from '../../core/version-sources.js';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { t } from '../lib/i18n.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
+import { readMustflowTomlFile } from '../lib/toml.js';
 const CONTRACT_LINT_SCHEMA_VERSION = '1';
 export function getContractLintHelp(lang = 'en') {
     return renderHelp({
@@ -30,7 +30,7 @@ function readPreferences(projectRoot) {
     if (!existsSync(preferencesPath)) {
         return undefined;
     }
-    const preferences = readTomlFile(preferencesPath);
+    const preferences = readMustflowTomlFile(projectRoot, '.mustflow/config/preferences.toml');
     return isRecord(preferences) ? preferences : undefined;
 }
 function createContractLintOutput(projectRoot, coverage, suggest) {

package/dist/cli/commands/dashboard.js

@@ -1,4 +1,4 @@
-import { randomBytes } from 'node:crypto';
+import { createHash, randomBytes } from 'node:crypto';
 import { existsSync, readFileSync, statSync } from 'node:fs';
 import http from 'node:http';
 import path from 'node:path';
@@ -18,6 +18,7 @@ import { MANIFEST_LOCK_RELATIVE_PATH, inspectManifestLock } from '../lib/manifes
 import { getLocalIndexDatabasePath, readLatestLocalVerificationReadModelQueries, readLocalCommandEffectGraphs, } from '../lib/local-index.js';
 import { readPackageMetadata } from '../lib/package-info.js';
 import { t } from '../lib/i18n.js';
+import { MUSTFLOW_JSON_MAX_BYTES, readMustflowTextFile, readMustflowTextFileIfExists, } from '../lib/mustflow-read.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
 import { detectVersionSources } from '../../core/version-sources.js';
 import { planUpdate, summarizePlan } from './update.js';
@@ -39,6 +40,7 @@ const LATEST_RUN_RELATIVE_PATH = '.mustflow/state/runs/latest.json';
 const COMMANDS_RELATIVE_PATH = '.mustflow/config/commands.toml';
 const AGENTS_RELATIVE_PATH = 'AGENTS.md';
 const STATUS_BLOCK_CACHE_TTL_MS = 750;
+const STATUS_SIGNATURE_HASH_MAX_BYTES = 1024 * 1024;
 const dashboardStatusBlockCache = new Map();
 function dashboardStatusBlockCacheKey(projectRoot, blockName) {
     return `${path.resolve(projectRoot)}\0${blockName}`;
@@ -46,7 +48,11 @@ function dashboardStatusBlockCacheKey(projectRoot, blockName) {
 function readFileSignature(filePath) {
     try {
         const stat = statSync(filePath);
-        return `${stat.mtimeMs}:${stat.size}`;
+        if (!stat.isFile() || stat.size > STATUS_SIGNATURE_HASH_MAX_BYTES) {
+            return `${stat.mtimeMs}:${stat.ctimeMs}:${stat.size}:unhashed`;
+        }
+        const digest = createHash('sha256').update(readFileSync(filePath)).digest('hex');
+        return `${stat.mtimeMs}:${stat.ctimeMs}:${stat.size}:${digest}`;
     }
     catch {
         return 'missing';
@@ -590,10 +596,12 @@ function renderSkillsResponse(projectRoot) {
             routes: [],
         };
     }
-    const routes = parseSkillIndexRoutes(readFileSync(indexPath, 'utf8')).map((route) => {
+    const indexContent = readMustflowTextFile(projectRoot, SKILL_INDEX_RELATIVE_PATH);
+    const routes = parseSkillIndexRoutes(indexContent).map((route) => {
         const skillPath = path.join(projectRoot, ...route.skillPath.split('/'));
-        const exists = existsSync(skillPath);
-        const declaredCommandIntents = exists ? readFrontmatterList(readFileSync(skillPath, 'utf8'), 'command_intents') : [];
+        const skillContent = readMustflowTextFileIfExists(projectRoot, route.skillPath);
+        const exists = skillContent !== null && existsSync(skillPath);
+        const declaredCommandIntents = skillContent ? readFrontmatterList(skillContent, 'command_intents') : [];
         const sortedRouteIntents = [...route.commandIntents].sort((left, right) => left.localeCompare(right));
         const sortedDeclaredIntents = [...declaredCommandIntents].sort((left, right) => left.localeCompare(right));
         return {
@@ -686,7 +694,7 @@ function renderRunHistoryResponse(projectRoot) {
         };
     }
     try {
-        const receipt = JSON.parse(readFileSync(receiptPath, 'utf8'));
+        const receipt = JSON.parse(readMustflowTextFile(projectRoot, LATEST_RUN_RELATIVE_PATH, { maxBytes: MUSTFLOW_JSON_MAX_BYTES }));
         if (!isRecord(receipt)) {
             throw new Error('Run receipt must be a JSON object.');
         }

package/dist/cli/commands/help.js

@@ -1,23 +1,22 @@
-import { existsSync, readFileSync } from 'node:fs';
-import path from 'node:path';
 import { printUsageError, renderCliError, renderHelp } from '../lib/cli-output.js';
 import { t } from '../lib/i18n.js';
+import { readMustflowTextFileIfExists } from '../lib/mustflow-read.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
-import { readTomlFile } from '../lib/toml.js';
+import { readMustflowTomlFile } from '../lib/toml.js';
 function isRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
 }
 function readTextIfExists(projectRoot, relativePath) {
-    const filePath = path.join(projectRoot, ...relativePath.split('/'));
-    return existsSync(filePath) ? readFileSync(filePath, 'utf8') : undefined;
+    return readMustflowTextFileIfExists(projectRoot, relativePath) ?? undefined;
 }
 function readTomlIfExists(projectRoot, relativePath) {
-    const filePath = path.join(projectRoot, ...relativePath.split('/'));
-    if (!existsSync(filePath)) {
+    try {
+        const parsed = readMustflowTomlFile(projectRoot, relativePath);
+        return isRecord(parsed) ? parsed : undefined;
+    }
+    catch {
         return undefined;
     }
-    const parsed = readTomlFile(filePath);
-    return isRecord(parsed) ? parsed : undefined;
 }
 function renderMissing(relativePath, lang) {
     return t(lang, 'help.missingFile', { path: relativePath });

package/dist/cli/commands/impact.js

@@ -1,4 +1,3 @@
-import path from 'node:path';
 import { createChangeClassificationReport } from '../../core/change-classification.js';
 import { summarizeVersionImpact } from '../../core/version-impact.js';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
@@ -6,7 +5,7 @@ import { isRecord } from '../lib/command-contract.js';
 import { requireGitChangedFiles } from '../lib/git-changes.js';
 import { t } from '../lib/i18n.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
-import { readTomlFile } from '../lib/toml.js';
+import { readMustflowTomlFile } from '../lib/toml.js';
 import { detectVersionSources, releaseVersioningIsEnabled, } from '../../core/version-sources.js';
 const IMPACT_SCHEMA_VERSION = '1';
 export function getImpactHelp(lang = 'en') {
@@ -47,7 +46,7 @@ function parseImpactArgs(args) {
 }
 function readPreferences(projectRoot) {
     try {
-        const preferences = readTomlFile(path.join(projectRoot, '.mustflow', 'config', 'preferences.toml'));
+        const preferences = readMustflowTomlFile(projectRoot, '.mustflow/config/preferences.toml');
         return isRecord(preferences) ? preferences : undefined;
     }
     catch {

package/dist/cli/commands/init.js

@@ -1,4 +1,4 @@
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync, readSync } from 'node:fs';
 import path from 'node:path';
 import { stdin as processStdin, stdout as processStdout } from 'node:process';
 import { createInterface } from 'node:readline/promises';
@@ -13,6 +13,9 @@ const MUSTFLOW_BLOCK_START = '<!-- mustflow:start schema=1 -->';
 const MUSTFLOW_BLOCK_END = '<!-- mustflow:end -->';
 const GITIGNORE_RELATIVE_PATH = '.gitignore';
 const GITIGNORE_FRAGMENT_RELATIVE_PATH = 'gitignore.mustflow';
+const NON_INTERACTIVE_PROMPT_MAX_BYTES = 16 * 1024;
+const NON_INTERACTIVE_PROMPT_MAX_RESPONSES = 64;
+const NON_INTERACTIVE_PROMPT_READ_CHUNK_BYTES = 4096;
 const LOCALE_LABELS = {
     en: 'English',
     ko: 'Korean',
@@ -473,9 +476,52 @@ function formatLocaleChoice(locale) {
     const label = LOCALE_LABELS[locale] ?? locale;
     return `${label} (${locale})`;
 }
-function createPromptReader(reporter) {
+function readNonInteractivePromptInput() {
+    const chunks = [];
+    let totalBytes = 0;
+    for (;;) {
+        const remainingBudget = NON_INTERACTIVE_PROMPT_MAX_BYTES + 1 - totalBytes;
+        if (remainingBudget <= 0) {
+            return {
+                lines: [],
+                errorKey: 'init.error.promptInputTooLarge',
+                limit: NON_INTERACTIVE_PROMPT_MAX_BYTES,
+            };
+        }
+        const buffer = Buffer.alloc(Math.min(NON_INTERACTIVE_PROMPT_READ_CHUNK_BYTES, remainingBudget));
+        const bytesRead = readSync(0, buffer, 0, buffer.length, null);
+        if (bytesRead === 0) {
+            break;
+        }
+        totalBytes += bytesRead;
+        chunks.push(Buffer.from(buffer.subarray(0, bytesRead)));
+        if (totalBytes > NON_INTERACTIVE_PROMPT_MAX_BYTES) {
+            return {
+                lines: [],
+                errorKey: 'init.error.promptInputTooLarge',
+                limit: NON_INTERACTIVE_PROMPT_MAX_BYTES,
+            };
+        }
+    }
+    const lines = Buffer.concat(chunks, totalBytes).toString('utf8').split(/\r?\n/u);
+    if (lines.length > NON_INTERACTIVE_PROMPT_MAX_RESPONSES) {
+        return {
+            lines: [],
+            errorKey: 'init.error.promptInputTooManyResponses',
+            limit: NON_INTERACTIVE_PROMPT_MAX_RESPONSES,
+        };
+    }
+    return { lines };
+}
+function createPromptReader(reporter, lang) {
     if (!processStdin.isTTY) {
-        const lines = readFileSync(0, 'utf8').split(/\r?\n/u);
+        const input = readNonInteractivePromptInput();
+        if (input.errorKey) {
+            const paramName = input.errorKey === 'init.error.promptInputTooLarge' ? 'maxBytes' : 'maxResponses';
+            reporter.stderr(t(lang, input.errorKey, { [paramName]: input.limit }));
+            return undefined;
+        }
+        const lines = [...input.lines];
         return {
             async question(prompt) {
                 reporter.stdout(prompt.trimEnd());
@@ -553,7 +599,10 @@ function addPromptedPreferenceOverride(overrides, key, value, reporter, lang) {
     }
 }
 async function promptInitOptions(template, options, reporter, lang) {
-    const reader = createPromptReader(reporter);
+    const reader = createPromptReader(reporter, lang);
+    if (!reader) {
+        return undefined;
+    }
     try {
         const preferenceOverrides = [...options.preferenceOverrides];
         const localeChoices = template.manifest.locales.map((locale) => ({
@@ -916,7 +965,14 @@ export async function runInit(args, reporter, lang = 'en') {
         reporter.stderr(error instanceof Error ? error.message : String(error));
         return 1;
     }
-    const options = shouldPromptForInit(args, parsedOptions) ? await promptInitOptions(template, parsedOptions, reporter, lang) : parsedOptions;
+    let options = parsedOptions;
+    if (shouldPromptForInit(args, parsedOptions)) {
+        const promptedOptions = await promptInitOptions(template, parsedOptions, reporter, lang);
+        if (!promptedOptions) {
+            return 1;
+        }
+        options = promptedOptions;
+    }
     const selectedLocale = options.locale ?? template.manifest.defaultLocale;
     if (!validateInitSelection(template, options, reporter, lang)) {
         return 1;

package/dist/cli/commands/update.js

@@ -7,7 +7,7 @@ import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { t } from '../lib/i18n.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
 import { getDefaultTemplate, getTemplateFiles, skillNameForTemplatePath } from '../lib/templates.js';
-import { readTomlFile, stringifyToml } from '../lib/toml.js';
+import { readMustflowTomlFile, stringifyToml } from '../lib/toml.js';
 import { createUpdateDiffPreview, shouldPreviewUpdateDiff } from '../lib/update-diff-preview.js';
 const UPDATE_SCHEMA_VERSION = '1';
 const CUSTOMIZED_LOCK_ACTION = 'customized';
@@ -250,7 +250,7 @@ function updateManifestLockAfterApply(projectRoot, appliedItems) {
     const lockPath = path.join(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
     ensureInside(projectRoot, lockPath);
     ensureFileTargetInsideWithoutSymlinks(projectRoot, lockPath);
-    const parsed = readTomlFile(lockPath);
+    const parsed = readMustflowTomlFile(projectRoot, MANIFEST_LOCK_RELATIVE_PATH);
     if (!isMutableTable(parsed)) {
         throw new Error(`Invalid manifest lock: ${MANIFEST_LOCK_RELATIVE_PATH} must contain a TOML table`);
     }

package/dist/cli/commands/version-sources.js

@@ -1,9 +1,8 @@
-import path from 'node:path';
 import { printUsageError, renderHelp } from '../lib/cli-output.js';
 import { isRecord } from '../lib/command-contract.js';
 import { t } from '../lib/i18n.js';
 import { resolveMustflowRoot } from '../lib/project-root.js';
-import { readTomlFile } from '../lib/toml.js';
+import { readMustflowTomlFile } from '../lib/toml.js';
 import { detectVersionSources, releaseVersioningIsEnabled, } from '../../core/version-sources.js';
 const VERSION_SOURCES_SCHEMA_VERSION = '1';
 export function getVersionSourcesHelp(lang = 'en') {
@@ -23,7 +22,7 @@ export function getVersionSourcesHelp(lang = 'en') {
 }
 function readPreferences(projectRoot) {
     try {
-        const preferences = readTomlFile(path.join(projectRoot, '.mustflow', 'config', 'preferences.toml'));
+        const preferences = readMustflowTomlFile(projectRoot, '.mustflow/config/preferences.toml');
         return isRecord(preferences) ? preferences : undefined;
     }
     catch {

package/dist/cli/i18n/en.js

@@ -583,6 +583,8 @@ Read these files before working:
     "init.error.invalidPreference": "Invalid init preference override: {value}",
     "init.error.invalidPreferenceValue": "Invalid value for {key}: {value}",
     "init.error.unsupportedPreference": "Unsupported init preference setting: {key}",
+    "init.error.promptInputTooLarge": "Interactive init stdin input is too large; expected at most {maxBytes} bytes.",
+    "init.error.promptInputTooManyResponses": "Interactive init stdin input has too many responses; expected at most {maxResponses} lines.",
     "init.prompt.locale": "Which language should mustflow documents use?",
     "init.prompt.profile": "Which project profile should mustflow use?",
     "init.prompt.agentLang": "Which language should agents use for final reports?",

package/dist/cli/i18n/es.js

@@ -583,6 +583,8 @@ Lee estos archivos antes de trabajar:
     "init.error.invalidPreference": "Anulación de preferencia de inicio no válida: {value}",
     "init.error.invalidPreferenceValue": "Valor no valido para {key}: {value}",
     "init.error.unsupportedPreference": "Ajuste de preferencia de inicio no admitido: {key}",
+    "init.error.promptInputTooLarge": "La entrada estándar de init interactivo es demasiado grande; se esperaban como máximo {maxBytes} bytes.",
+    "init.error.promptInputTooManyResponses": "La entrada estándar de init interactivo tiene demasiadas respuestas; se esperaban como máximo {maxResponses} líneas.",
     "init.prompt.locale": "¿Qué idioma deben usar los documentos mustflow?",
     "init.prompt.profile": "¿Qué perfil de proyecto debe usar mustflow?",
     "init.prompt.agentLang": "¿Qué idioma deben usar los agentes en los informes finales?",

package/dist/cli/i18n/fr.js

@@ -583,6 +583,8 @@ Lisez ces fichiers avant de travailler :
     "init.error.invalidPreference": "Remplacement de préférence d'initialisation non valide : {value}",
     "init.error.invalidPreferenceValue": "Valeur non valide pour {key} : {value}",
     "init.error.unsupportedPreference": "Paramètre de préférence d'initialisation non pris en charge : {key}",
+    "init.error.promptInputTooLarge": "L'entrée standard de l'init interactif est trop volumineuse ; {maxBytes} octets maximum sont attendus.",
+    "init.error.promptInputTooManyResponses": "L'entrée standard de l'init interactif contient trop de réponses ; {maxResponses} lignes maximum sont attendues.",
     "init.prompt.locale": "Quelle langue les documents mustflow doivent-ils utiliser ?",
     "init.prompt.profile": "Quel profil de projet mustflow doit-il utiliser ?",
     "init.prompt.agentLang": "Quelle langue les agents doivent-ils utiliser pour les rapports finaux ?",

package/dist/cli/i18n/hi.js

@@ -583,6 +583,8 @@ export const hiMessages = {
     "init.error.invalidPreference": "अमान्य init preference override: {value}",
     "init.error.invalidPreferenceValue": "{key} के लिए अमान्य मान: {value}",
     "init.error.unsupportedPreference": "असमर्थित init preference setting: {key}",
+    "init.error.promptInputTooLarge": "Interactive init stdin input बहुत बड़ा है; अधिकतम {maxBytes} bytes अपेक्षित हैं।",
+    "init.error.promptInputTooManyResponses": "Interactive init stdin input में बहुत अधिक responses हैं; अधिकतम {maxResponses} lines अपेक्षित हैं।",
     "init.prompt.locale": "mustflow दस्तावेज़ कौन सी भाषा उपयोग करें?",
     "init.prompt.profile": "mustflow कौन सा project profile उपयोग करे?",
     "init.prompt.agentLang": "एजेंट final reports के लिए कौन सी भाषा उपयोग करें?",

package/dist/cli/i18n/ko.js

@@ -583,6 +583,8 @@ export const koMessages = {
     "init.error.invalidPreference": "초기 설정 항목 형식이 올바르지 않습니다: {value}",
     "init.error.invalidPreferenceValue": "{key}에 사용할 수 없는 값입니다: {value}",
     "init.error.unsupportedPreference": "지원하지 않는 초기 설정 항목입니다: {key}",
+    "init.error.promptInputTooLarge": "대화형 init 표준입력이 너무 큽니다. 최대 {maxBytes}바이트까지만 허용됩니다.",
+    "init.error.promptInputTooManyResponses": "대화형 init 표준입력 응답이 너무 많습니다. 최대 {maxResponses}줄까지만 허용됩니다.",
     "init.prompt.locale": "mustflow 문서는 어떤 언어로 설치할까요?",
     "init.prompt.profile": "이 저장소에는 어떤 프로젝트 유형을 사용할까요?",
     "init.prompt.agentLang": "에이전트 최종 응답은 어떤 언어로 받을까요?",

package/dist/cli/i18n/zh.js

@@ -583,6 +583,8 @@ export const zhMessages = {
     "init.error.invalidPreference": "无效的初始化偏好覆盖：{value}",
     "init.error.invalidPreferenceValue": "{key} 的值无效：{value}",
     "init.error.unsupportedPreference": "不支持的初始化偏好设置：{key}",
+    "init.error.promptInputTooLarge": "交互式 init 的标准输入过大；最多允许 {maxBytes} 字节。",
+    "init.error.promptInputTooManyResponses": "交互式 init 的标准输入响应过多；最多允许 {maxResponses} 行。",
     "init.prompt.locale": "mustflow 文档应使用哪种语言？",
     "init.prompt.profile": "mustflow 应使用哪个项目配置？",
     "init.prompt.agentLang": "代理最终报告应使用哪种语言？",

package/dist/cli/lib/agent-context.js

@@ -1,4 +1,4 @@
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import { createHash } from 'node:crypto';
 import path from 'node:path';
 import { isRecord, readPositiveInteger, readString, readStringArray, } from './command-contract.js';
@@ -6,7 +6,8 @@ import { readRetentionStore } from '../../core/retention-policy.js';
 import { toPosixPath } from './filesystem.js';
 import { readLocalIndexPromptContext } from './local-index.js';
 import { inspectManifestLock } from './manifest-lock.js';
-import { readTomlFile } from './toml.js';
+import { MUSTFLOW_JSON_MAX_BYTES, readMustflowTextFile, readMustflowTextFileIfExists, } from './mustflow-read.js';
+import { readMustflowTomlFile } from './toml.js';
 const CONTEXT_SCHEMA_VERSION = '1';
 const COMMANDS_RELATIVE_PATH = '.mustflow/config/commands.toml';
 const MUSTFLOW_RELATIVE_PATH = '.mustflow/config/mustflow.toml';
@@ -49,20 +50,14 @@ function safeExists(projectRoot, relativePath) {
     return existsSync(resolved);
 }
 function safeRead(projectRoot, relativePath) {
-    const resolved = path.resolve(projectRoot, ...relativePath.split('/'));
-    const root = path.resolve(projectRoot);
-    const relative = path.relative(root, resolved);
-    if (relative.startsWith('..') || path.isAbsolute(relative) || !existsSync(resolved)) {
-        return null;
-    }
-    return readFileSync(resolved, 'utf8');
+    return readMustflowTextFileIfExists(projectRoot, relativePath);
 }
 function readTomlTableIfExists(projectRoot, relativePath) {
     const filePath = path.join(projectRoot, ...relativePath.split('/'));
     if (!existsSync(filePath)) {
         return undefined;
     }
-    const parsed = readTomlFile(filePath);
+    const parsed = readMustflowTomlFile(projectRoot, relativePath);
     return isRecord(parsed) ? parsed : undefined;
 }
 function readNestedTable(table, key) {
@@ -194,7 +189,7 @@ function readLatestRunContext(projectRoot) {
         };
     }
     try {
-        const parsed = JSON.parse(readFileSync(latestPath, 'utf8'));
+        const parsed = JSON.parse(readMustflowTextFile(projectRoot, LATEST_RUN_RELATIVE_PATH, { maxBytes: MUSTFLOW_JSON_MAX_BYTES }));
         if (!isRecord(parsed)) {
             throw new Error('latest run receipt must contain a JSON object');
         }

package/dist/cli/lib/local-index/index.js

@@ -3,7 +3,8 @@ import { createHash } from 'node:crypto';
 import path from 'node:path';
 import { isRecord, readCommandContract, readString, readStringArray } from '../command-contract.js';
 import { listFilesRecursive, toPosixPath } from '../filesystem.js';
-import { readTomlFile } from '../toml.js';
+import { readMustflowTomlFile } from '../toml.js';
+import { MUSTFLOW_JSON_MAX_BYTES, readMustflowTextFile } from '../mustflow-read.js';
 import { collectSourceAnchorIndexRecords, hasHighRiskSourceAnchorRiskTags, } from '../../../core/source-anchor-status.js';
 import { listSourceAnchorFiles } from '../../../core/source-anchors.js';
 import { normalizeCommandEffects } from '../../../core/command-effects.js';
@@ -45,14 +46,14 @@ function getExistingIndexablePaths(projectRoot) {
     return Array.from(paths).sort((left, right) => left.localeCompare(right));
 }
 function readText(projectRoot, relativePath) {
-    return readFileSync(path.join(projectRoot, ...relativePath.split('/')), 'utf8');
+    return readMustflowTextFile(projectRoot, relativePath);
 }
 function readMustflowToml(projectRoot) {
     const mustflowPath = path.join(projectRoot, ...MUSTFLOW_RELATIVE_PATH.split('/'));
     if (!existsSync(mustflowPath)) {
         return undefined;
     }
-    const parsed = readTomlFile(mustflowPath);
+    const parsed = readMustflowTomlFile(projectRoot, MUSTFLOW_RELATIVE_PATH);
     return isRecord(parsed) ? parsed : undefined;
 }
 function readIndexToml(projectRoot) {
@@ -60,7 +61,7 @@ function readIndexToml(projectRoot) {
     if (!existsSync(indexConfigPath)) {
         return undefined;
     }
-    const parsed = readTomlFile(indexConfigPath);
+    const parsed = readMustflowTomlFile(projectRoot, INDEX_CONFIG_RELATIVE_PATH);
     return isRecord(parsed) ? parsed : undefined;
 }
 function readNestedTable(table, key) {
@@ -227,7 +228,7 @@ function collectSkillRoutes(projectRoot) {
     if (!existsSync(indexPath)) {
         return [];
     }
-    const content = readFileSync(indexPath, 'utf8');
+    const content = readMustflowTextFile(projectRoot, '.mustflow/skills/INDEX.md');
     const routes = [];
     let inRouteTable = false;
     for (const line of content.split(/\r?\n/u)) {
@@ -455,10 +456,11 @@ function detectLocalSearchCapabilities(database) {
 function isJsonRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
 }
-function readJsonRecord(filePath) {
+function readJsonRecord(projectRoot, relativePath) {
     try {
-        const parsed = JSON.parse(readFileSync(filePath, 'utf8'));
-        return isJsonRecord(parsed) ? parsed : null;
+        const content = readMustflowTextFile(projectRoot, relativePath, { maxBytes: MUSTFLOW_JSON_MAX_BYTES });
+        const parsed = JSON.parse(content);
+        return isJsonRecord(parsed) ? { content, value: parsed } : null;
     }
     catch {
         return null;
@@ -567,8 +569,8 @@ function createVerificationEvidenceIndex(projectRoot) {
             failureFingerprintReadModels: [],
         };
     }
-    const latest = readJsonRecord(latestPath);
-    if (!latest) {
+    const latestRecord = readJsonRecord(projectRoot, LATEST_RUN_STATE_RELATIVE_PATH);
+    if (!latestRecord) {
         return {
             summaries: [],
             verificationPlans: [],
@@ -586,7 +588,8 @@ function createVerificationEvidenceIndex(projectRoot) {
             failureFingerprintReadModels: [],
         };
     }
-    const sourceHash = sha256Bytes(readFileSync(latestPath));
+    const latest = latestRecord.value;
+    const sourceHash = sha256Bytes(Buffer.from(latestRecord.content));
     const command = stringField(latest, 'command') ?? 'unknown';
     const kind = stringField(latest, 'kind') ?? (command === 'verify' ? 'verify_run_summary' : 'run_receipt');
     const evidenceModel = recordField(latest, 'evidence_model');

package/dist/cli/lib/mustflow-read.js

@@ -0,0 +1,41 @@
+import { existsSync } from 'node:fs';
+import path from 'node:path';
+import { readUtf8FileInsideWithoutSymlinks } from './filesystem.js';
+export const MUSTFLOW_TEXT_MAX_BYTES = 1024 * 1024;
+export const MUSTFLOW_TOML_MAX_BYTES = 256 * 1024;
+export const MUSTFLOW_JSON_MAX_BYTES = 1024 * 1024;
+export function mustflowProjectPath(projectRoot, relativePath) {
+    return path.join(projectRoot, ...relativePath.split('/'));
+}
+function missingPath(error) {
+    return error instanceof Error && 'code' in error && error.code === 'ENOENT';
+}
+export function readMustflowTextFile(projectRoot, relativePath, options = {}) {
+    return readUtf8FileInsideWithoutSymlinks(projectRoot, mustflowProjectPath(projectRoot, relativePath), { maxBytes: options.maxBytes ?? MUSTFLOW_TEXT_MAX_BYTES });
+}
+export function readMustflowTextFileResult(projectRoot, relativePath, options = {}) {
+    const filePath = mustflowProjectPath(projectRoot, relativePath);
+    if (!existsSync(filePath)) {
+        return { ok: false, exists: false, error: null };
+    }
+    try {
+        return {
+            ok: true,
+            content: readMustflowTextFile(projectRoot, relativePath, options),
+        };
+    }
+    catch (error) {
+        if (missingPath(error)) {
+            return { ok: false, exists: false, error: null };
+        }
+        return {
+            ok: false,
+            exists: true,
+            error: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
+export function readMustflowTextFileIfExists(projectRoot, relativePath, options = {}) {
+    const result = readMustflowTextFileResult(projectRoot, relativePath, options);
+    return result.ok ? result.content : null;
+}

package/dist/cli/lib/project-root.js

@@ -2,8 +2,7 @@ import { existsSync } from 'node:fs';
 import path from 'node:path';
 function hasMustflowMarker(directoryPath) {
     return (existsSync(path.join(directoryPath, '.mustflow', 'config', 'mustflow.toml')) ||
-        existsSync(path.join(directoryPath, '.mustflow', 'config', 'commands.toml')) ||
-        existsSync(path.join(directoryPath, '.mustflow')));
+        existsSync(path.join(directoryPath, '.mustflow', 'config', 'commands.toml')));
 }
 export function findMustflowRoot(startPath = process.cwd()) {
     let current = path.resolve(startPath);