mustflow 2.22.4 → 2.22.9

package/dist/core/change-classification.js

@@ -1,47 +1,21 @@
+import { CHANGE_CLASSIFICATION_RULE_DEFINITIONS, UNKNOWN_SURFACE, listChangeClassificationPolicyRuleDescriptors, } from './change-classification-policy.js';
 export const PUBLIC_SURFACE_UPDATE_POLICIES = [
     'update',
     'update_or_mark_stale',
     'not_applicable',
 ];
-function surface(kind, category, isPublicSurface, validationReasons, affectedContracts, updatePolicy, driftChecks) {
+function compileRule(definition) {
     return {
-        kind,
-        category,
-        isPublicSurface,
-        validationReasons,
-        affectedContracts,
-        updatePolicy,
-        driftChecks,
-    };
-}
-const UNKNOWN_CHANGE_REASON = 'unknown_change';
-const UNKNOWN_SURFACE = surface('unclassified_path', 'unknown', false, [UNKNOWN_CHANGE_REASON], ['unclassified repository path'], 'not_applicable', ['classification rule coverage']);
-function rule(id, match, changeKinds, surfaceContract) {
-    return {
-        id,
+        id: definition.id,
         patternKind: 'regexp',
-        pattern: match.source,
-        patternFlags: match.flags,
-        match,
-        changeKinds,
-        surface: surfaceContract,
+        pattern: definition.match.source,
+        patternFlags: definition.match.flags,
+        match: definition.match,
+        changeKinds: definition.changeKinds,
+        surface: definition.surface,
     };
 }
-const CHANGE_CLASSIFICATION_RULES = [
-    rule('readme_page', /^README\.md$/u, ['documentation'], surface('readme_page', 'documentation', true, ['docs_change', 'copy_change'], ['public documentation', 'command examples'], 'update', ['link targets', 'command examples', 'package metadata references'])),
-    rule('docs_site_translation', /^docs-site\/src\/content\/docs\/(?!en\/)[^/]+\//u, ['documentation', 'translation'], surface('docs_site_translation', 'documentation', true, ['docs_change', 'i18n_change'], ['documentation site', 'localized content', 'navigation links'], 'update_or_mark_stale', ['source page parity', 'navigation links', 'localized examples'])),
-    rule('docs_site_page', /^docs-site\/src\/content\/docs\//u, ['documentation'], surface('docs_site_page', 'documentation', true, ['docs_change'], ['documentation site', 'navigation links', 'localized content'], 'update', ['navigation links', 'localized copies', 'command examples'])),
-    rule('installed_template_translation', /^templates\/[^/]+\/locales\/[^/]+\//u, ['installed_template', 'translation'], surface('installed_template_translation', 'installed-template', true, ['i18n_change', 'template_version_change'], ['installed template files', 'localized workflow documents', 'template i18n metadata'], 'update_or_mark_stale', ['template i18n metadata', 'localized frontmatter', 'source revision'])),
-    rule('installed_template', /^templates\/[^/]+\//u, ['installed_template'], surface('installed_template', 'installed-template', true, ['template_version_change', 'packaging_change'], ['installed template files', 'package contents', 'template manifest'], 'update', ['template manifest', 'package inventory', 'localized copies'])),
-    rule('workflow_root', /^(AGENTS\.md|\.mustflow\/(?:docs|context|skills|config)\/)/u, ['workflow'], surface('workflow_root', 'workflow', true, ['mustflow_docs_change', 'mustflow_config_change'], ['agent workflow contract', 'command contract', 'installed workflow files'], 'update', ['strict workflow validation', 'installed template parity', 'skill route alignment'])),
-    rule('host_instruction', /^(CLAUDE\.md|GEMINI\.md|\.github\/copilot-instructions\.md|\.cursor\/rules\/[^/]+\.(?:md|mdc))$/u, ['workflow', 'host_instruction'], surface('host_instruction', 'workflow', true, ['mustflow_docs_change'], ['host instruction compatibility', 'agent workflow contract', 'command contract boundary'], 'update_or_mark_stale', ['host instruction conflicts', 'command contract boundary'])),
-    rule('example', /^examples\//u, ['example'], surface('example', 'example', true, ['docs_change', 'public_api_change'], ['generated examples', 'human-readable examples'], 'update', ['example commands', 'linked docs', 'public behavior claims'])),
-    rule('schema_contract', /^schemas\//u, ['schema'], surface('schema_contract', 'contract', true, ['public_api_change', 'release_risk'], ['JSON schema', 'machine-readable output contract'], 'update', ['schema tests', 'documented JSON fields', 'package inventory'])),
-    rule('package_metadata', /^package\.json$/u, ['package_metadata'], surface('package_metadata', 'release', true, ['package_metadata_change', 'release_risk'], ['npm package metadata', 'published package contents'], 'update', ['package metadata tests', 'version source discovery', 'published file inventory'])),
-    rule('test_fixture', /^tests\/fixtures\//u, ['test_fixture'], surface('test_fixture', 'test', false, ['test_change'], ['regression fixture inputs'], 'not_applicable', ['fixture safety', 'test route coverage'])),
-    rule('test_contract', /^tests\//u, ['test'], surface('test_contract', 'test', false, ['test_change'], ['test behavior contract'], 'not_applicable', ['related test selection'])),
-    rule('implementation', /^(src|scripts)\//u, ['implementation'], surface('implementation', 'code', false, ['code_change'], ['runtime behavior when exported through CLI or package output'], 'not_applicable', ['related tests', 'build output'])),
-];
+const CHANGE_CLASSIFICATION_RULES = CHANGE_CLASSIFICATION_RULE_DEFINITIONS.map(compileRule);
 function uniqueSorted(values) {
     return [...new Set(values)].sort((left, right) => left.localeCompare(right));
 }
@@ -93,14 +67,7 @@ export function classifyChangePath(relativePath) {
     };
 }
 export function listChangeClassificationRuleDescriptors() {
-    return CHANGE_CLASSIFICATION_RULES.map((classificationRule) => ({
-        id: classificationRule.id,
-        patternKind: classificationRule.patternKind,
-        pattern: classificationRule.pattern,
-        patternFlags: classificationRule.patternFlags,
-        changeKinds: classificationRule.changeKinds,
-        surface: classificationRule.surface,
-    }));
+    return listChangeClassificationPolicyRuleDescriptors();
 }
 export function listChangeClassificationValidationReasons() {
     return uniqueSorted([

package/dist/core/check-issues.js

@@ -7,6 +7,7 @@ const CHECK_ISSUE_ID_RULES = [
     ['mustflow.command_contract.max_output_bytes_exceeds_limit', /^\[commands\.(?:defaults|intents\.[^\]]+)\]\.max_output_bytes must be less than or equal to \d+ per output stream$/u],
     ['mustflow.command_contract.oneshot_stdin_not_closed', /^Oneshot intent [^\s]+ must set stdin = "closed"$/u],
     ['mustflow.command_contract.long_running_agent_allowed', /^Long-running intent [^\s]+ must not use run_policy = "agent_allowed"$/u],
+    ['mustflow.command_contract.agent_shell_requires_allow', /^Agent-runnable shell intent [^\s]+ must set allow_shell = true$/u],
     ['mustflow.command_contract.executable_source_missing', /^Configured intent [^\s]+ must define argv or mode = "shell" with cmd$/u],
     ['mustflow.command_contract.shell_background_pattern', /^Shell intent [^\s]+ contains a blocked long-running or background pattern$/u],
     ['mustflow.command_contract.long_running_command_pattern', /^Intent [^\s]+ contains a blocked long-running or background command pattern$/u],
@@ -17,7 +18,7 @@ const CHECK_ISSUE_ID_RULES = [
     ['mustflow.command_contract.effects_invalid', /^(?:Strict: )?(?:\[commands\.(?:resources|intents\.[^\]]+\.effects)[^\]]*\]|Command effect for intent [^\s]+ must define path, paths, or lock)/u],
     ['mustflow.command_contract.effect_path_escape', /^Strict: Command effect path must stay inside the current root:/u],
     ['mustflow.command_contract.shared_writes_without_effects', /^Strict warning: configured agent-runnable intents .+ share path:.+ through writes without explicit effects or resource locks$/u],
-    ['mustflow.command_contract.broad_env_inheritance', /^Strict warning: configured agent-runnable intent [^\s]+ (?:implicitly inherits the host environment|uses env_policy = "inherit")/u],
+    ['mustflow.command_contract.broad_env_inheritance', /^Strict(?: warning)?: configured agent-runnable intent [^\s]+ (?:implicitly inherits the host environment|uses env_policy = "inherit")/u],
     ['mustflow.command_contract.project_local_bin_bare_executable', /^Strict warning: configured agent-runnable intent [^\s]+ uses bare executable "[^"]+" that matches project-local node_modules\/\.bin/u],
     ['mustflow.prompt_cache.required', /^Strict: \[prompt_cache\] table is required$/u],
     ['mustflow.prompt_cache.volatile_in_stable', /^Strict: \[prompt_cache\.layers\.stable\]\.read must not include volatile path /u],
@@ -48,6 +49,11 @@ const CHECK_ISSUE_ID_RULES = [
     ['mustflow.skill.route_metadata_category_mismatch', /^Strict: \.mustflow\/skills\/INDEX\.md route "[^"]+" must appear under the .+ category section from \.mustflow\/skills\/routes\.toml$/u],
     ['mustflow.skill.route_metadata_unknown_reference', /^Strict: \.mustflow\/skills\/routes\.toml route "[^"]+" references unknown mutually exclusive route "[^"]+"$/u],
     ['mustflow.skill.route_metadata_asymmetric_exclusion', /^Strict warning: \.mustflow\/skills\/routes\.toml route "[^"]+" lists "[^"]+" as mutually exclusive but the reverse route does not$/u],
+    ['mustflow.skill.template_profile_empty_category', /^Strict: template profile "[^"]+" (?:skill index category ".+" has no route rows|route category gate references ".+" without route rows)$/u],
+    ['mustflow.skill.template_profile_dead_route', /^Strict: template profile "[^"]+" (?:\.mustflow\/skills\/INDEX\.md route "[^"]+" points to a skill not installed by that profile|\.mustflow\/skills\/routes\.toml route "[^"]+" points to a skill not installed by that profile|skill "[^"]+" is installed but not listed in \.mustflow\/skills\/INDEX\.md)$/u],
+    ['mustflow.skill.template_profile_missing_main_route', /^Strict: template profile "[^"]+" skill category ".+" must include at least one primary or authoring route$/u],
+    ['mustflow.skill.template_profile_command_intent_drift', /^Strict: template profile "[^"]+" \.mustflow\/skills\/INDEX\.md route "[^"]+" references (?:unknown command intent "[^"]+"|command intent "[^"]+" not declared by the skill frontmatter)$/u],
+    ['mustflow.skill.template_profile_metadata_mismatch', /^Strict: template profile "[^"]+" (?:\.mustflow\/skills\/routes\.toml is missing metadata for route "[^"]+"|\.mustflow\/skills\/routes\.toml route "[^"]+" is not listed in \.mustflow\/skills\/INDEX\.md|\.mustflow\/skills\/INDEX\.md route "[^"]+" must appear under the .+ category section from \.mustflow\/skills\/routes\.toml)$/u],
     ['mustflow.skill.resource_unknown_command_intent', /^Strict: \.mustflow\/skills\/[^/]+\/resources\.toml script [^\s]+ references unknown command intent "[^"]+"$/u],
     ['mustflow.source_anchor.invalid_format', /^Strict: source anchor .+ has invalid format:/u],
     ['mustflow.source_anchor.duplicate_id', /^Strict: source anchor id "[^"]+" is duplicated:/u],

package/dist/core/command-contract-validation.js

@@ -160,6 +160,7 @@ function validateCommandIntent(intentName, intent, issues) {
     validateAllowedStringField(intent, 'lifecycle', `[commands.intents.${intentName}].lifecycle`, COMMAND_LIFECYCLES, issues);
     validateAllowedStringField(intent, 'run_policy', `[commands.intents.${intentName}].run_policy`, COMMAND_RUN_POLICIES, issues);
     validateAllowedStringField(intent, 'env_policy', `[commands.intents.${intentName}].env_policy`, COMMAND_ENV_POLICIES, issues);
+    validateBooleanField(intent, 'allow_shell', `[commands.intents.${intentName}].allow_shell`, issues);
     validateStringArrayField(intent, 'env_allowlist', `[commands.intents.${intentName}].env_allowlist`, issues);
     validateMaxOutputBytesField(intent, 'max_output_bytes', `[commands.intents.${intentName}].max_output_bytes`, issues);
     validatePositiveIntegerField(intent, 'kill_after_seconds', `[commands.intents.${intentName}].kill_after_seconds`, issues);
@@ -187,6 +188,9 @@ function validateCommandIntent(intentName, intent, issues) {
     if (lifecycle && LONG_RUNNING_LIFECYCLES.has(lifecycle) && runPolicy === 'agent_allowed') {
         issues.push(commandContractIssue(`Long-running intent ${intentName} must not use run_policy = "agent_allowed"`));
     }
+    if (intent.mode === 'shell' && runPolicy === 'agent_allowed' && intent.allow_shell !== true) {
+        issues.push(commandContractIssue(`Agent-runnable shell intent ${intentName} must set allow_shell = true`));
+    }
     if (!commandIntentHasCommandSource(intent)) {
         issues.push(commandContractIssue(`Configured intent ${intentName} must define argv or mode = "shell" with cmd`));
     }
@@ -238,26 +242,46 @@ export function findCommandEnvInheritanceWarnings(commandsToml) {
         if (envPolicy.policy !== 'inherit') {
             continue;
         }
+        const reasons = readCommandEnvInheritanceRiskReasons(intent);
         warnings.push({
             intentName,
             source: envPolicy.source,
+            severity: reasons.length > 0 ? 'error' : 'warning',
             network: intent.network === true,
+            reasons,
         });
     }
     return warnings;
 }
+function readCommandEnvInheritanceRiskReasons(intent) {
+    const reasons = [];
+    if (intent.network === true) {
+        reasons.push('network = true');
+    }
+    if (intent.destructive === true) {
+        reasons.push('destructive = true');
+    }
+    if (intent.mode === 'shell') {
+        reasons.push('mode = "shell"');
+    }
+    if (Array.isArray(intent.writes) && intent.writes.length > 0) {
+        reasons.push('declared writes');
+    }
+    return reasons;
+}
 function formatCommandEnvInheritanceWarning(warning) {
-    const networkScope = warning.network ? ' with network = true' : '';
+    const reasonScope = warning.reasons.length > 0 ? ` (${warning.reasons.join(', ')})` : '';
     const migration = 'set env_policy = "minimal" or "allowlist" unless broad host state is required';
     if (warning.source === 'implicit') {
-        return `configured agent-runnable intent ${warning.intentName} implicitly inherits the host environment${networkScope}; ${migration}`;
+        return `configured agent-runnable intent ${warning.intentName} implicitly inherits the host environment${reasonScope}; ${migration}`;
     }
-    return `configured agent-runnable intent ${warning.intentName} uses env_policy = "inherit"${networkScope}; ${migration}`;
+    return `configured agent-runnable intent ${warning.intentName} uses env_policy = "inherit"${reasonScope}; ${migration}`;
 }
 function validateCommandEnvInheritanceWarnings(commandsToml) {
     const issues = [];
     for (const warning of findCommandEnvInheritanceWarnings(commandsToml)) {
-        issues.push(commandContractWarning(formatCommandEnvInheritanceWarning(warning)));
+        const message = formatCommandEnvInheritanceWarning(warning);
+        issues.push(warning.severity === 'warning' ? commandContractWarning(message) : commandContractIssue(message));
     }
     return issues;
 }

package/dist/core/command-env.js

@@ -1,7 +1,7 @@
 import path from 'node:path';
 import { readString, readStringArray } from './config-loading.js';
 export const COMMAND_ENV_POLICIES = new Set(['inherit', 'minimal', 'allowlist']);
-export const DEFAULT_COMMAND_ENV_POLICY = 'inherit';
+export const DEFAULT_COMMAND_ENV_POLICY = 'minimal';
 const BASE_MINIMAL_ENV_KEYS = [
     'CI',
     'COLORTERM',

package/dist/core/config-loading.js

@@ -1,6 +1,7 @@
 import { existsSync } from 'node:fs';
 import path from 'node:path';
-import { readTomlFile } from './toml.js';
+import { readUtf8FileInsideWithoutSymlinks } from './safe-filesystem.js';
+import { parseTomlText } from './toml.js';
 export const COMMAND_LIFECYCLES = new Set(['oneshot', 'server', 'watch', 'interactive', 'browser', 'background']);
 export const LONG_RUNNING_LIFECYCLES = new Set(['server', 'watch', 'interactive', 'browser', 'background']);
 export const COMMAND_RUN_POLICIES = new Set(['agent_allowed', 'requires_explicit_user_request', 'manual_only']);
@@ -12,8 +13,13 @@ export function isRecord(value) {
 export function resolveMustflowConfigPath(projectRoot, relativePath) {
     return path.join(projectRoot, ...relativePath.split('/'));
 }
+export function readMustflowOwnedTomlFile(projectRoot, relativePath) {
+    return parseTomlText(readUtf8FileInsideWithoutSymlinks(projectRoot, resolveMustflowConfigPath(projectRoot, relativePath), {
+        maxBytes: 256 * 1024,
+    }));
+}
 export function readMustflowConfig(projectRoot) {
-    const parsed = readTomlFile(resolveMustflowConfigPath(projectRoot, MUSTFLOW_CONFIG_RELATIVE_PATH));
+    const parsed = readMustflowOwnedTomlFile(projectRoot, MUSTFLOW_CONFIG_RELATIVE_PATH);
     if (!isRecord(parsed)) {
         throw new Error(`${MUSTFLOW_CONFIG_RELATIVE_PATH} must contain a TOML table`);
     }
@@ -24,7 +30,7 @@ export function readMustflowConfigIfExists(projectRoot) {
     return existsSync(configPath) ? readMustflowConfig(projectRoot) : undefined;
 }
 export function readCommandContract(projectRoot) {
-    const parsed = readTomlFile(resolveMustflowConfigPath(projectRoot, COMMANDS_CONFIG_RELATIVE_PATH));
+    const parsed = readMustflowOwnedTomlFile(projectRoot, COMMANDS_CONFIG_RELATIVE_PATH);
     if (!isRecord(parsed)) {
         throw new Error(`${COMMANDS_CONFIG_RELATIVE_PATH} must contain a TOML table`);
     }

package/dist/core/contract-lint.js

@@ -6,6 +6,7 @@ import { commandIntentBlockedCommandPattern, commandIntentHasCommandSource, comm
 import { MAX_COMMAND_OUTPUT_BYTES } from './command-output-limits.js';
 import { commandEffectsConflict, normalizeCommandEffects } from './command-effects.js';
 import { listChangeClassificationValidationReasons } from './change-classification.js';
+import { readUtf8FileInsideWithoutSymlinks } from './safe-filesystem.js';
 import { parseSkillIndexRoutes } from './skill-route-alignment.js';
 import { SUCCESS_EXIT_CODES_CONTRACT_DESCRIPTION, successExitCodesAreValid as successExitCodeValuesAreValid, } from './success-exit-codes.js';
 const CONTRACT_LINT_SOURCE_FILES = [
@@ -13,6 +14,7 @@ const CONTRACT_LINT_SOURCE_FILES = [
     '.mustflow/docs/agent-workflow.md',
     'AGENTS.md',
     'src/core/change-classification.ts',
+    'src/core/change-classification-policy.ts',
 ];
 export const DOCUMENTED_VERIFICATION_REASONS = [
     'before_publish',
@@ -48,7 +50,10 @@ const RELEASE_SENSITIVE_REASONS = new Set([
 ]);
 const COMMANDS_CONFIG_PATH = '.mustflow/config/commands.toml';
 const SKILL_INDEX_PATH = '.mustflow/skills/INDEX.md';
-const CHANGE_CLASSIFICATION_SOURCE_PATH = 'src/core/change-classification.ts';
+const CHANGE_CLASSIFICATION_SOURCE_PATHS = [
+    'src/core/change-classification.ts',
+    'src/core/change-classification-policy.ts',
+];
 const AGENT_WORKFLOW_PATH = '.mustflow/docs/agent-workflow.md';
 const PACKAGE_SCRIPT_RUNNERS = new Set(['bun', 'npm', 'pnpm', 'yarn']);
 const MAKEFILE_CANDIDATES = ['Makefile', 'makefile'];
@@ -392,7 +397,7 @@ function readSkillPathsByIntent(projectRoot) {
     if (!existsSync(skillIndexPath)) {
         return skillPathsByIntent;
     }
-    const routes = parseSkillIndexRoutes(readFileSync(skillIndexPath, 'utf8'));
+    const routes = parseSkillIndexRoutes(readUtf8FileInsideWithoutSymlinks(projectRoot, skillIndexPath, { maxBytes: 1024 * 1024 }));
     for (const route of routes) {
         for (const intent of route.commandIntents) {
             skillPathsByIntent.set(intent, [...(skillPathsByIntent.get(intent) ?? []), route.skillPath]);
@@ -412,7 +417,7 @@ function classifyReasonSource(reason, knownClassificationReasons, documentedVeri
 function buildRelatedDocs(source, relatedSkills) {
     const docs = [COMMANDS_CONFIG_PATH];
     if (source === 'classification') {
-        docs.push(CHANGE_CLASSIFICATION_SOURCE_PATH);
+        docs.push(...CHANGE_CLASSIFICATION_SOURCE_PATHS);
     }
     if (source === 'documented') {
         docs.push(AGENT_WORKFLOW_PATH);

package/dist/core/correlation-id.js

@@ -0,0 +1,16 @@
+import { randomBytes } from 'node:crypto';
+export const CORRELATION_ID_PATTERN = '^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$';
+const CORRELATION_ID_REGEX = new RegExp(CORRELATION_ID_PATTERN);
+function normalizeCorrelationScope(scope) {
+    const normalized = scope
+        .toLowerCase()
+        .replace(/[^a-z0-9_-]+/g, '_')
+        .replace(/^_+|_+$/g, '');
+    return /^[a-z][a-z0-9_-]*$/.test(normalized) ? normalized : 'event';
+}
+export function createCorrelationId(scope) {
+    return `mf-${normalizeCorrelationScope(scope)}-${randomBytes(8).toString('hex')}`;
+}
+export function isCorrelationId(value) {
+    return typeof value === 'string' && CORRELATION_ID_REGEX.test(value);
+}

package/dist/core/run-receipt.js

@@ -225,6 +225,7 @@ export function createRunReceipt(input) {
     return {
         schema_version: RUN_RECEIPT_SCHEMA_VERSION,
         command: 'run',
+        correlation_id: input.correlationId,
         intent: input.intent,
         status: input.status,
         timed_out: input.timedOut,

package/dist/core/safe-filesystem.js

@@ -1,4 +1,4 @@
-import { closeSync, constants, lstatSync, mkdirSync, openSync, readFileSync, renameSync, unlinkSync, writeFileSync, } from 'node:fs';
+import { closeSync, constants, fstatSync, lstatSync, mkdirSync, openSync, readFileSync, renameSync, unlinkSync, writeFileSync, } from 'node:fs';
 import { randomBytes } from 'node:crypto';
 import path from 'node:path';
 const NOFOLLOW_FLAG = typeof constants.O_NOFOLLOW === 'number' ? constants.O_NOFOLLOW : 0;
@@ -103,19 +103,26 @@ export function ensureFileTargetInsideWithoutSymlinks(parentPath, childPath, opt
         throw error;
     }
 }
-export function readFileInsideWithoutSymlinks(parentPath, childPath) {
+export function readFileInsideWithoutSymlinks(parentPath, childPath, options = {}) {
     const absoluteChildPath = path.resolve(childPath);
     ensureInsideWithoutSymlinks(parentPath, absoluteChildPath);
     const fileDescriptor = openSync(absoluteChildPath, constants.O_RDONLY | NOFOLLOW_FLAG);
     try {
+        const stats = fstatSync(fileDescriptor);
+        if (!stats.isFile()) {
+            throw new Error(`Path must be a regular file: ${childPath}`);
+        }
+        if (options.maxBytes !== undefined && stats.size > options.maxBytes) {
+            throw new Error(`File exceeds maximum size ${options.maxBytes} bytes: ${childPath}`);
+        }
         return readFileSync(fileDescriptor);
     }
     finally {
         closeSync(fileDescriptor);
     }
 }
-export function readUtf8FileInsideWithoutSymlinks(parentPath, childPath) {
-    return readFileInsideWithoutSymlinks(parentPath, childPath).toString('utf8');
+export function readUtf8FileInsideWithoutSymlinks(parentPath, childPath, options = {}) {
+    return readFileInsideWithoutSymlinks(parentPath, childPath, options).toString('utf8');
 }
 export function writeFileInsideWithoutSymlinks(parentPath, childPath, content) {
     const absoluteChildPath = path.resolve(childPath);

package/dist/core/skill-route-alignment.js

@@ -172,6 +172,7 @@ export function isSkillRouteAlignmentIssue(issue) {
     return (issue.includes('.mustflow/skills/INDEX.md route') ||
         issue.includes('.mustflow/skills/INDEX.md .mustflow/skills/') ||
         issue.includes('.mustflow/skills/INDEX.md has duplicate route') ||
+        issue.includes('template profile "') ||
         issue.endsWith(' is not listed in .mustflow/skills/INDEX.md'));
 }
 export function summarizeSkillRouteAlignment(issues) {

package/dist/core/skill-route-explanation.js

@@ -1,6 +1,8 @@
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync } from 'node:fs';
 import path from 'node:path';
+import { readUtf8FileInsideWithoutSymlinks } from './safe-filesystem.js';
 import { parseSkillIndexRoutes } from './skill-route-alignment.js';
+const MUSTFLOW_TEXT_MAX_BYTES = 1024 * 1024;
 const SKILL_INDEX_PATH = '.mustflow/skills/INDEX.md';
 const SKILL_ROUTE_SOURCE_FILES = [
     SKILL_INDEX_PATH,
@@ -84,11 +86,15 @@ function routeToSummary(route, skillContent) {
 }
 export function explainSkillRoute(projectRoot, target) {
     const indexPath = path.join(projectRoot, ...SKILL_INDEX_PATH.split('/'));
-    const indexContent = existsSync(indexPath) ? readFileSync(indexPath, 'utf8') : '';
+    const indexContent = existsSync(indexPath)
+        ? readUtf8FileInsideWithoutSymlinks(projectRoot, indexPath, { maxBytes: MUSTFLOW_TEXT_MAX_BYTES })
+        : '';
     const routes = parseSkillIndexRoutes(indexContent);
     for (const route of routes) {
         const absoluteSkillPath = path.join(projectRoot, ...route.skillPath.split('/'));
-        const skillContent = existsSync(absoluteSkillPath) ? readFileSync(absoluteSkillPath, 'utf8') : null;
+        const skillContent = existsSync(absoluteSkillPath)
+            ? readUtf8FileInsideWithoutSymlinks(projectRoot, absoluteSkillPath, { maxBytes: MUSTFLOW_TEXT_MAX_BYTES })
+            : null;
         if (!targetMatchesRoute(target, route, skillContent)) {
             continue;
         }

package/dist/core/test-selection.js

@@ -1,6 +1,5 @@
 import { existsSync } from 'node:fs';
-import { isRecord, readStringArray, resolveMustflowConfigPath, } from './config-loading.js';
-import { readTomlFile } from './toml.js';
+import { isRecord, readMustflowOwnedTomlFile, readStringArray, resolveMustflowConfigPath, } from './config-loading.js';
 import { classifyVerificationCandidate, } from './verification-plan.js';
 export const TEST_SELECTION_CONFIG_RELATIVE_PATH = '.mustflow/config/test-selection.toml';
 const STALE_OR_MISSING_RULES_NOTE = 'Project-declared test selection rules did not cover the current changed files; review .mustflow/config/test-selection.toml for stale or missing rules.';
@@ -73,7 +72,7 @@ function readRules(projectRoot) {
         };
     }
     try {
-        const parsed = readTomlFile(configPath);
+        const parsed = readMustflowOwnedTomlFile(projectRoot, TEST_SELECTION_CONFIG_RELATIVE_PATH);
         if (!isRecord(parsed) || parsed.schema_version !== '1' || !Array.isArray(parsed.rules)) {
             return {
                 status: 'invalid',

package/dist/core/verification-scheduler.js

@@ -1,6 +1,7 @@
-import { readFileSync } from 'node:fs';
 import path from 'node:path';
 import { commandEffectsConflict, normalizeCommandEffects, } from './command-effects.js';
+import { readUtf8FileInsideWithoutSymlinks } from './safe-filesystem.js';
+const MUSTFLOW_JSON_MAX_BYTES = 1024 * 1024;
 function uniqueSorted(values) {
     return [...new Set(values)].sort((left, right) => left.localeCompare(right));
 }
@@ -18,9 +19,9 @@ function toScheduleEffect(effect) {
 function isObject(value) {
     return !!value && typeof value === 'object';
 }
-function readJsonFile(filePath) {
+function readJsonFile(projectRoot, filePath) {
     try {
-        return JSON.parse(readFileSync(filePath, 'utf8'));
+        return JSON.parse(readUtf8FileInsideWithoutSymlinks(projectRoot, filePath, { maxBytes: MUSTFLOW_JSON_MAX_BYTES }));
     }
     catch {
         return null;
@@ -56,7 +57,7 @@ function readVerifyManifestUndeclaredWriteIntents(projectRoot, latest) {
     if (!manifestPath) {
         return new Set();
     }
-    const manifest = readJsonFile(manifestPath);
+    const manifest = readJsonFile(projectRoot, manifestPath);
     if (!isObject(manifest) || manifest.command !== 'verify' || !Array.isArray(manifest.receipts)) {
         return new Set();
     }
@@ -69,7 +70,7 @@ function readVerifyManifestUndeclaredWriteIntents(projectRoot, latest) {
         if (!receiptPath) {
             continue;
         }
-        const intent = getUndeclaredWriteIntent(readJsonFile(receiptPath));
+        const intent = getUndeclaredWriteIntent(readJsonFile(projectRoot, receiptPath));
         if (intent) {
             intents.add(intent);
         }
@@ -78,7 +79,7 @@ function readVerifyManifestUndeclaredWriteIntents(projectRoot, latest) {
 }
 function readLatestUndeclaredWriteIntents(projectRoot) {
     const latestPath = path.join(projectRoot, '.mustflow', 'state', 'runs', 'latest.json');
-    const parsed = readJsonFile(latestPath);
+    const parsed = readJsonFile(projectRoot, latestPath);
     const directIntent = getUndeclaredWriteIntent(parsed);
     if (directIntent) {
         return new Set([directIntent]);

package/dist/core/version-sources.js

@@ -1,7 +1,6 @@
 import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
 import path from 'node:path';
-import { isRecord } from './config-loading.js';
-import { readTomlFile } from './toml.js';
+import { isRecord, readMustflowOwnedTomlFile } from './config-loading.js';
 const RELEASE_VERSIONING_ACTIVE_FIELDS = [
     'impact_check',
     'suggest_bump',
@@ -155,7 +154,7 @@ function hasGoModuleVersionSource(projectRoot) {
 }
 export function readDeclaredVersionSources(projectRoot) {
     try {
-        const versioningConfig = readTomlFile(path.join(projectRoot, VERSIONING_CONFIG_PATH));
+        const versioningConfig = readMustflowOwnedTomlFile(projectRoot, VERSIONING_CONFIG_PATH);
         if (!isRecord(versioningConfig) || !Array.isArray(versioningConfig.sources)) {
             return [];
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mustflow",
-  "version": "2.22.4",
+  "version": "2.22.9",
   "description": "Agent workflow documents and CLI for mustflow repository roots.",
   "type": "module",
   "license": "MIT-0",
@@ -36,10 +36,13 @@
     "test:coverage": "bun run build && node scripts/run-cli-tests.mjs coverage",
     "test:audit": "node scripts/audit-tests.mjs --json",
     "test:release": "bun run build && node scripts/run-cli-tests.mjs release",
+    "test:fast:node": "npm run build && node scripts/run-cli-tests.mjs fast",
+    "test:release:node": "npm run build && node scripts/run-cli-tests.mjs release",
     "test:full": "bun run build && node scripts/run-cli-tests.mjs full-auto",
     "test:full:auto": "bun run build && node scripts/run-cli-tests.mjs full-auto",
     "test:full:serial": "bun run build && node scripts/run-cli-tests.mjs full",
     "check": "bun run check:package && bun run test:full",
+    "check:core:node": "node scripts/run-node-core-check.mjs",
     "check:package": "node -e \"const fs=require('fs'); JSON.parse(fs.readFileSync('package.json','utf8')); console.log('package.json ok')\"",
     "check:typecheck": "tsc -p tsconfig.json --noEmit",
     "prepack": "npm run build",

package/schemas/README.md

@@ -48,6 +48,10 @@ Current schemas:
 These schemas define stable, automation-facing fields. Human-readable command  
 output is intentionally excluded.
 
+Current `classify`, `verify`, `run`, dashboard export, and verify state outputs may include
+`correlation_id` so local artifacts from one work incident can be connected without storing raw
+transcripts, environment values, or hidden reasoning.
+
 The published schema surface is tracked in `src/core/public-json-contracts.ts`.  
 Release tests verify consistency between this manifest, `schemas/*.schema.json`,  
 `npm pack --dry-run --json`, and the installed package’s JSON command output.

package/schemas/change-verification-report.schema.json

@@ -29,6 +29,10 @@
     "classification_summary": {
       "$ref": "#/$defs/classificationSummary"
     },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "verification_plan_id": {
       "type": "string",
       "pattern": "^sha256:[0-9a-f]{64}$"

package/schemas/classify-report.schema.json

@@ -16,6 +16,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "classify" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "mustflow_root": { "type": "string" },
     "source": { "enum": ["changed", "paths"] },
     "files": {

package/schemas/commands.schema.json

@@ -135,6 +135,7 @@
           "items": { "type": "string" }
         },
         "cmd": { "type": "string" },
+        "allow_shell": { "type": "boolean" },
         "cwd": { "type": "string" },
         "timeout_seconds": { "type": "integer" },
         "kill_after_seconds": { "type": "integer" },

package/schemas/dashboard-export.schema.json

@@ -20,6 +20,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "dashboard export" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "format": { "enum": ["html", "json"] },
     "generated_at": { "type": "string" },
     "mustflow_root": { "type": "string" },

package/schemas/latest-run-pointer.schema.json

@@ -23,6 +23,10 @@
     "schema_version": { "const": "1" },
     "command": { "const": "verify" },
     "kind": { "const": "verify_run_summary" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "reason": { "type": "string" },
     "reasons": {
       "type": "array",

package/schemas/run-receipt.schema.json

@@ -34,6 +34,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "run" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "intent": { "type": "string" },
     "status": { "enum": ["passed", "failed", "timed_out", "start_failed", "output_limit_exceeded"] },
     "timed_out": { "type": "boolean" },

package/schemas/verify-report.schema.json

@@ -23,6 +23,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "verify" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "mustflow_root": { "type": "string" },
     "reason": { "type": "string" },
     "reasons": {

package/schemas/verify-run-manifest.schema.json

@@ -20,6 +20,10 @@
   "properties": {
     "schema_version": { "const": "1" },
     "command": { "const": "verify" },
+    "correlation_id": {
+      "type": "string",
+      "pattern": "^mf-[a-z][a-z0-9_-]*-[0-9a-f]{16}$"
+    },
     "reason": { "type": "string" },
     "reasons": {
       "type": "array",

package/templates/default/i18n.toml

@@ -74,7 +74,7 @@ translations = {}
 [documents."skill.architecture-deepening-review"]
 source = "locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md"
 source_locale = "en"
-revision = 1
+revision = 2
 translations = {}
 
 [documents."skill.behavior-preserving-refactor"]
@@ -325,7 +325,7 @@ translations = {}
 [documents."skill.security-privacy-review"]
 source = "locales/en/.mustflow/skills/security-privacy-review/SKILL.md"
 source_locale = "en"
-revision = 16
+revision = 17
 translations = {}
 
 [documents."skill.security-regression-tests"]
@@ -349,7 +349,7 @@ translations = {}
 [documents."skill.test-design-guard"]
 source = "locales/en/.mustflow/skills/test-design-guard/SKILL.md"
 source_locale = "en"
-revision = 1
+revision = 2
 translations = {}
 
 [documents."skill.test-maintenance"]