mustflow 2.22.5 → 2.22.9

package/dist/cli/i18n/hi.js

@@ -652,6 +652,7 @@ export const hiMessages = {
     "run.help.option.dryRun": "कमांड चलाए बिना उसका plan प्रिंट करें",
     "run.help.option.planOnly": "--dry-run का alias",
     "run.help.option.json": "Run record या command plan को JSON के रूप में प्रिंट करें",
+    "run.help.option.allowUntrustedRoot": "Manual review के बाद missing या invalid manifest lock वाली root से एक execution allow करें",
     "run.help.exit.ok": "कमांड अनुमत exit code के साथ पूरी हुई",
     "run.help.exit.fail": "कमांड अमान्य थी, अस्वीकार हुई, timed out हुई या विफल हुई",
     "run.label.suggestedIntentSnippet": "Suggested command contract snippet",
@@ -674,6 +675,8 @@ export const hiMessages = {
     "run.error.maxOutputBytes": 'कमांड "{intent}" में max_output_bytes अमान्य है। {detail}',
     "run.error.maxOutputBytesDetail": "Output limit अनुमत maximum के अंदर रहनी चाहिए।",
     "run.error.conflictingPreviewModes": "--dry-run या --plan-only में से एक इस्तेमाल करें, दोनों नहीं",
+    "run.error.untrustedRootMissing": "{path} missing है, इसलिए commands execute करने से मना किया गया। Workflow install करने के लिए mf init/update चलाएँ, या AGENTS.md और .mustflow/config/commands.toml review करने के बाद --allow-untrusted-root पास करें।",
+    "run.error.untrustedRootInvalid": "Manifest lock invalid है, इसलिए commands execute करने से मना किया गया: {detail}. इसे restore या regenerate करें, या AGENTS.md और .mustflow/config/commands.toml review करने के बाद --allow-untrusted-root पास करें।",
     "run.error.timedOut": 'कमांड "{intent}" {seconds} सेकंड बाद time out हुई',
     "run.error.outputLimitExceeded": 'कमांड "{intent}" ने max_output_bytes सीमा पार की: {message}',
     "run.error.startFailed": 'कमांड "{intent}" शुरू नहीं हो सकी: {message}',

package/dist/cli/i18n/ko.js

@@ -652,6 +652,7 @@ export const koMessages = {
     "run.help.option.dryRun": "실행하지 않고 명령 계획을 출력합니다",
     "run.help.option.planOnly": "--dry-run과 같은 동작입니다",
     "run.help.option.json": "실행 결과 또는 명령 계획을 JSON으로 출력합니다",
+    "run.help.option.allowUntrustedRoot": "잠금 파일이 없거나 올바르지 않은 루트에서 수동 검토 후 이번 실행만 허용합니다",
     "run.help.exit.ok": "명령이 허용된 종료 코드로 완료되었습니다",
     "run.help.exit.fail": "명령이 잘못되었거나, 거부되었거나, 시간 초과되었거나, 실패했습니다",
     "run.label.suggestedIntentSnippet": "제안 명령 계약 조각",
@@ -674,6 +675,8 @@ export const koMessages = {
     "run.error.maxOutputBytes": '명령 "{intent}"의 max_output_bytes 값이 올바르지 않습니다. {detail}',
     "run.error.maxOutputBytesDetail": "출력 상한은 허용된 최댓값 안에 있어야 합니다.",
     "run.error.conflictingPreviewModes": "--dry-run과 --plan-only 중 하나만 사용하세요",
+    "run.error.untrustedRootMissing": "{path}이 없어 명령 실행을 거부했습니다. mf init/update로 워크플로우를 설치하거나, AGENTS.md와 .mustflow/config/commands.toml을 검토한 뒤 --allow-untrusted-root를 붙이세요.",
+    "run.error.untrustedRootInvalid": "잠금 파일이 올바르지 않아 명령 실행을 거부했습니다: {detail}. 파일을 복구하거나 다시 생성하거나, AGENTS.md와 .mustflow/config/commands.toml을 검토한 뒤 --allow-untrusted-root를 붙이세요.",
     "run.error.timedOut": '명령 "{intent}"가 {seconds}초 뒤 시간 초과되었습니다',
     "run.error.outputLimitExceeded": '명령 "{intent}"가 max_output_bytes 제한을 넘었습니다: {message}',
     "run.error.startFailed": '명령 "{intent}"를 시작하지 못했습니다: {message}',

package/dist/cli/i18n/zh.js

@@ -652,6 +652,7 @@ export const zhMessages = {
     "run.help.option.dryRun": "输出命令计划但不执行",
     "run.help.option.planOnly": "--dry-run 的别名",
     "run.help.option.json": "将运行记录或命令计划输出为 JSON",
+    "run.help.option.allowUntrustedRoot": "人工复核后，允许从缺失或无效清单锁的根目录执行一次命令",
     "run.help.exit.ok": "命令已以允许的退出码完成",
     "run.help.exit.fail": "命令无效、被拒绝、超时或失败",
     "run.label.suggestedIntentSnippet": "建议的命令契约片段",
@@ -674,6 +675,8 @@ export const zhMessages = {
     "run.error.maxOutputBytes": '命令 "{intent}" 的 max_output_bytes 无效。{detail}',
     "run.error.maxOutputBytesDetail": "输出限制必须保持在允许的最大值内。",
     "run.error.conflictingPreviewModes": "只能使用 --dry-run 或 --plan-only，不能同时使用",
+    "run.error.untrustedRootMissing": "已拒绝执行命令，因为缺少 {path}。请运行 mf init/update 安装工作流，或在检查 AGENTS.md 和 .mustflow/config/commands.toml 后传入 --allow-untrusted-root。",
+    "run.error.untrustedRootInvalid": "已拒绝执行命令，因为清单锁无效：{detail}。请恢复或重新生成它，或在检查 AGENTS.md 和 .mustflow/config/commands.toml 后传入 --allow-untrusted-root。",
     "run.error.timedOut": '命令 "{intent}" 在 {seconds} 秒后超时',
     "run.error.outputLimitExceeded": '命令 "{intent}" 超过 max_output_bytes：{message}',
     "run.error.startFailed": '命令 "{intent}" 启动失败：{message}',

package/dist/cli/lib/dashboard-export.js

@@ -1,6 +1,7 @@
 import { Buffer } from 'node:buffer';
 import path from 'node:path';
 import { createDashboardCompletionVerdict } from '../../core/completion-verdict.js';
+import { createCorrelationId } from '../../core/correlation-id.js';
 import { createDashboardEvidenceModel } from '../../core/verification-evidence.js';
 import { redactSecretLikeText } from '../../core/secret-redaction.js';
 import { ensureFileTargetInsideWithoutSymlinks, ensureInside, toPosixPath, writeUtf8FileInsideWithoutSymlinks, } from './filesystem.js';
@@ -487,6 +488,7 @@ export function createDashboardExportSnapshot(input) {
     const snapshot = {
         schema_version: '1',
         command: 'dashboard export',
+        correlation_id: createCorrelationId('dashboard'),
         format: input.format,
         generated_at: new Date().toISOString(),
         mustflow_root: input.projectRoot,

package/dist/cli/lib/dashboard-mutations.js

@@ -0,0 +1,79 @@
+import { existsSync } from 'node:fs';
+import path from 'node:path';
+import { openPathInFileManager } from './browser-open.js';
+import { updateDashboardPreferences, } from './dashboard-preferences.js';
+import { isReviewerKind, markDocReviewEntry, } from './doc-review-ledger.js';
+const DOC_REVIEW_BULK_PAYLOAD_FIELDS = ['paths', 'documents', 'entries'];
+function readPreferenceUpdatePayload(value) {
+    if (typeof value !== 'object' || value === null || Array.isArray(value)) {
+        throw new Error('Request body must be a JSON object.');
+    }
+    const updates = value.updates;
+    if (!Array.isArray(updates)) {
+        throw new Error('Request body must include an updates array.');
+    }
+    return updates.map((entry) => {
+        if (typeof entry !== 'object' || entry === null || Array.isArray(entry)) {
+            throw new Error('Each update must be a JSON object.');
+        }
+        const update = entry;
+        if (typeof update.id !== 'string' || update.id.trim().length === 0) {
+            throw new Error('Each update must include an id.');
+        }
+        return { id: update.id, value: update.value };
+    });
+}
+function readOptionalStringField(value, key) {
+    const field = value[key];
+    return typeof field === 'string' && field.trim().length > 0 ? field.trim() : undefined;
+}
+function readRequiredStringField(value, key) {
+    const field = readOptionalStringField(value, key);
+    if (!field) {
+        throw new Error(`${key} is required.`);
+    }
+    return field;
+}
+function readDocReviewPayload(value) {
+    if (typeof value !== 'object' || value === null || Array.isArray(value)) {
+        throw new Error('Request body must be a JSON object.');
+    }
+    const payload = value;
+    for (const field of DOC_REVIEW_BULK_PAYLOAD_FIELDS) {
+        if (field in payload) {
+            throw new Error('Bulk documentation review updates require a separate confirmed flow.');
+        }
+    }
+    const status = readRequiredStringField(payload, 'status');
+    if (status !== 'approved' && status !== 'needs_human' && status !== 'ignored') {
+        throw new Error('status must be approved, needs_human, or ignored.');
+    }
+    const reviewerKind = readRequiredStringField(payload, 'reviewerKind');
+    if (!isReviewerKind(reviewerKind)) {
+        throw new Error('reviewerKind must be human, llm, tool, or external.');
+    }
+    return {
+        path: readRequiredStringField(payload, 'path'),
+        status,
+        reviewerKind,
+        reviewerId: readRequiredStringField(payload, 'reviewerId'),
+        reviewerLabel: readOptionalStringField(payload, 'reviewerLabel'),
+        reviewerProvider: readOptionalStringField(payload, 'reviewerProvider'),
+        reviewerModel: readOptionalStringField(payload, 'reviewerModel'),
+        reviewerCommandIntent: readOptionalStringField(payload, 'reviewerCommandIntent'),
+        summary: readOptionalStringField(payload, 'summary'),
+    };
+}
+export function updateDashboardPreferencesFromPayload(projectRoot, payload) {
+    return updateDashboardPreferences(projectRoot, readPreferenceUpdatePayload(payload));
+}
+export function markDashboardDocReviewFromPayload(projectRoot, payload) {
+    markDocReviewEntry(projectRoot, readDocReviewPayload(payload));
+}
+export function openDashboardMustflowFolder(projectRoot) {
+    const mustflowPath = path.join(projectRoot, '.mustflow');
+    if (!existsSync(mustflowPath)) {
+        return 'missing';
+    }
+    return openPathInFileManager(mustflowPath) ? 'opened' : 'unavailable';
+}

package/dist/cli/lib/local-index/command-effect-index.js

@@ -0,0 +1,25 @@
+import { existsSync } from 'node:fs';
+import path from 'node:path';
+import { isRecord, readCommandContract, readString } from '../command-contract.js';
+import { normalizeCommandEffects } from '../../../core/command-effects.js';
+export function collectCommandIntents(projectRoot) {
+    if (!existsSync(path.join(projectRoot, '.mustflow', 'config', 'commands.toml'))) {
+        return [];
+    }
+    const contract = readCommandContract(projectRoot);
+    const intents = [];
+    for (const [name, intent] of Object.entries(contract.intents).sort(([left], [right]) => left.localeCompare(right))) {
+        if (!isRecord(intent)) {
+            continue;
+        }
+        intents.push({
+            name,
+            status: readString(intent, 'status') ?? 'unknown',
+            lifecycle: readString(intent, 'lifecycle') ?? null,
+            runPolicy: readString(intent, 'run_policy') ?? null,
+            description: readString(intent, 'description') ?? null,
+            effects: normalizeCommandEffects(projectRoot, contract, name),
+        });
+    }
+    return intents;
+}

package/dist/cli/lib/local-index/hashing.js

@@ -0,0 +1,7 @@
+import { createHash } from 'node:crypto';
+export function sha256Text(content) {
+    return `sha256:${createHash('sha256').update(content).digest('hex')}`;
+}
+export function sha256Bytes(content) {
+    return `sha256:${createHash('sha256').update(content).digest('hex')}`;
+}