nubos-pilot 1.1.3 → 1.2.0

package/CHANGELOG.md

@@ -0,0 +1,23 @@
+# Changelog
+
+All notable changes to nubos-pilot are documented in this file. Format
+follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/); versioning
+follows [SemVer](https://semver.org/spec/v2.0.0.html).
+
+## [1.1.4] — 2026-05-25
+
+Public release.
+
+- Plan, execute, and verify code changes through a researcher + critic
+  agent loop.
+- Wave-based milestone execution; one atomic git commit per task.
+- Multi-runtime install for 14 host CLIs (Claude Code, Codex, Gemini,
+  OpenCode, Cursor, and more) via `npx nubos-pilot`.
+- Local vector memory for cross-task learnings.
+- Inter-agent messages, handoffs, and project archive with crash-safe
+  resume.
+- Hardened filesystem operations: symlink-rejecting locks, restricted
+  permissions on audit logs, path containment for file-input flags,
+  frontmatter sanitisation, and a memory-model allow-list.
+
+Full documentation at <https://pilot.nubos.cloud>.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Nubos AI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -146,6 +146,35 @@ npm test                         # all unit tests via node:test
 node bin/check-workflows.cjs     # workflow linter
 ```
 
+See [`CONTRIBUTING.md`](./CONTRIBUTING.md) for setup, code conventions, ADR
+map and commit format.
+
+## Architecture Decisions
+
+ADRs live in the VitePress at
+[`pilot.nubos.cloud/v1/adr/`](https://pilot.nubos.cloud/v1/adr/). The
+load-bearing ones for users and contributors:
+
+| ADR | What it pins |
+|---|---|
+| 0004 | `workflow.commit_artifacts` controls whether `.nubos-pilot/` is committed |
+| 0010 | Nubosloop — researcher → executor → critic-schwarm is mandatory in `/np:execute-phase` |
+| 0012 | Completeness doctrine (12 rules in `templates/COMPLETENESS.md`) |
+| 0013 | Learnings-store schema evolution |
+| 0017 | Strict output-schema enforcement |
+| 0019 | Plan-side trust layer (`lib/plan-lint.cjs`) |
+
+## Security
+
+See [`SECURITY.md`](./SECURITY.md) for the vulnerability disclosure policy
+and threat model.
+
+## Support
+
+- Bugs / features: [GitHub issues](https://github.com/Nubos-AI/nubos-pilot/issues)
+- Security: `security@nubos.ai` (see [`SECURITY.md`](./SECURITY.md))
+- Docs: <https://pilot.nubos.cloud>
+
 ## License
 
-MIT
+MIT — see [`LICENSE`](./LICENSE).

package/SECURITY.md

@@ -0,0 +1,60 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security issue in nubos-pilot, **do not open a public issue**.
+Email **security@nubos.ai** with:
+
+- A description of the issue and its impact.
+- Steps to reproduce (PoC if possible).
+- The affected version (`npx nubos-pilot --version` or check `package.json`).
+- Your preferred contact channel for follow-up.
+
+We will acknowledge receipt within **3 business days** and provide a
+resolution plan within **14 business days**. Fixes are released as patch
+versions and announced in `CHANGELOG.md`.
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 0.2.x   | ✅ active |
+| < 0.2   | ❌ end of life |
+
+Only the latest minor on the current major receives security patches until
+1.0 is reached.
+
+## Threat Model
+
+nubos-pilot is a **local CLI** distributed via npm to developer workstations
+and CI. It is **not** a hosted service. The threat surface and assumptions:
+
+| What nubos-pilot reads | What it writes | What it executes |
+|---|---|---|
+| `.nubos-pilot/`, project source for context | `.nubos-pilot/` state, `~/.codex/`, `~/.claude/` config (install only) | `git`, `claude`/`codex` headless via `child_process.spawn` |
+
+**Trust boundaries:**
+
+- **Project source code** — untrusted in the sense that agent-authored
+  files (`PLAN.md`, `RESEARCH.md` etc.) may contain hostile YAML. nubos-pilot
+  rejects prototype-pollution keys, refuses symlink-escape via `safe-path`,
+  caps message bodies, and whitelists ML model identifiers.
+- **`.nubos-pilot/messages/`** — multi-agent inbox; entries are written
+  atomically with `O_CREAT|O_EXCL|O_NOFOLLOW` (POSIX) so a pre-planted
+  symlink cannot redirect writes.
+- **Subprocess spawn** — `claude`/`codex` are invoked via `spawnSync` (no
+  shell). The binary path is overridable via `NUBOS_PILOT_CLAUDE_BIN` /
+  `NUBOS_PILOT_CODEX_BIN`; treat operators who can set those env vars as
+  trusted.
+- **`workflow.commit_artifacts`** flag controls whether `.nubos-pilot/`
+  artifacts are committed to git. Default is `true`; downstream projects
+  that consider artifacts sensitive should set it to `false`.
+
+## What is Out of Scope
+
+- Vulnerabilities in `@huggingface/transformers`, `usearch`, or the
+  `yaml` package — report those upstream.
+- Operator-controlled config (`config.json`) that the operator themselves
+  wrote — config is trusted input from the project owner.
+- DoS from running nubos-pilot in obviously bad conditions
+  (no disk space, no Node 22+, broken `git`).

package/bin/install.js

@@ -5,7 +5,7 @@ const fs = require('node:fs');
 const path = require('node:path');
 const os = require('node:os');
 
-const { atomicWriteFileSync, withFileLock, NubosPilotError } = require('../lib/core.cjs');
+const { atomicWriteFileSync, withFileLock, installSignalCleanup, NubosPilotError } = require('../lib/core.cjs');
 const { askUser: defaultAskUser } = require('../lib/askuser.cjs');
 const manifestMod = require('../lib/install/manifest.cjs');
 const stagingMod = require('../lib/install/staging.cjs');
@@ -159,6 +159,10 @@ function _renderShim(target, mode) {
     return '#!/usr/bin/env node\n'
       + "'use strict';\n"
       + 'const fs = require(\'node:fs\');\n'
+      + 'if (Number(process.versions.node.split(\'.\')[0]) < 22) {\n'
+      + '  process.stderr.write("nubos-pilot: requires Node >= 22 (running " + process.versions.node + ")\\n");\n'
+      + '  process.exit(1);\n'
+      + '}\n'
       + 'const TARGET = ' + JSON.stringify(target) + ';\n'
       + 'if (!fs.existsSync(TARGET)) {\n'
       + '  process.stderr.write("nubos-pilot: tool binary fehlt unter " + TARGET + "\\nFix: npx nubos-pilot@latest update\\n");\n'
@@ -170,12 +174,18 @@ function _renderShim(target, mode) {
     + "'use strict';\n"
     + 'const fs = require(\'node:fs\');\n'
     + 'const { spawn } = require(\'node:child_process\');\n'
+    + 'if (Number(process.versions.node.split(\'.\')[0]) < 22) {\n'
+    + '  process.stderr.write("nubos-pilot: requires Node >= 22 (running " + process.versions.node + ")\\n");\n'
+    + '  process.exit(1);\n'
+    + '}\n'
     + 'const TARGET = ' + JSON.stringify(target) + ';\n'
     + 'if (!fs.existsSync(TARGET)) {\n'
     + '  process.stderr.write("nubos-pilot: tool binary fehlt unter " + TARGET + "\\nFix: npx nubos-pilot@latest update\\n");\n'
     + '  process.exit(1);\n'
     + '}\n'
     + 'const child = spawn(process.execPath, [TARGET, ...process.argv.slice(2)], { stdio: \'inherit\' });\n'
+    + 'child.on(\'error\', (err) => { process.stderr.write("nubos-pilot shim: " + (err && err.message ? err.message : String(err)) + "\\n"); process.exit(1); });\n'
+    + 'for (const s of [\'SIGINT\', \'SIGTERM\', \'SIGHUP\']) { process.on(s, () => { try { child.kill(s); } catch {} }); }\n'
     + 'child.on(\'exit\', (code, sig) => { if (sig) process.kill(process.pid, sig); else process.exit(code == null ? 1 : code); });\n';
 }
 
@@ -197,24 +207,38 @@ function _stateDirFor(projectRoot) {
   return path.join(projectRoot, STATE_SUBPATH);
 }
 
-function _readExistingScope(projectRoot) {
+function _readInstallConfig(projectRoot) {
   const cfgPath = path.join(_stateDirFor(projectRoot), 'config.json');
   if (!fs.existsSync(cfgPath)) return null;
+  const { _CONFIG_PARSE_CODES, readConfig } = require('../lib/config.cjs');
+  const { NubosPilotError } = require('../lib/core.cjs');
   try {
-    const cfg = JSON.parse(fs.readFileSync(cfgPath, 'utf-8'));
-    return cfg && cfg.scope ? cfg.scope : null;
-  } catch { return null; }
+    return readConfig(projectRoot);
+  } catch (err) {
+    if (err && err.code === 'not-in-project') return null;
+    if (err && _CONFIG_PARSE_CODES.has(err.code)) {
+      throw new NubosPilotError(
+        'install-config-unusable',
+        'install refused — .nubos-pilot/config.json is unusable (' + err.code
+          + '). Repair or delete the file and re-run.',
+        { cause: err.code },
+      );
+    }
+    throw err;
+  }
+}
+
+function _readExistingScope(projectRoot) {
+  const cfg = _readInstallConfig(projectRoot);
+  return cfg && cfg.scope ? cfg.scope : null;
 }
 
 function _readExistingRuntimes(projectRoot) {
-  const cfgPath = path.join(_stateDirFor(projectRoot), 'config.json');
-  if (!fs.existsSync(cfgPath)) return null;
-  try {
-    const cfg = JSON.parse(fs.readFileSync(cfgPath, 'utf-8'));
-    if (Array.isArray(cfg.runtimes) && cfg.runtimes.length) return cfg.runtimes.slice();
-    if (cfg.runtime) return [cfg.runtime];
-    return null;
-  } catch { return null; }
+  const cfg = _readInstallConfig(projectRoot);
+  if (!cfg) return null;
+  if (Array.isArray(cfg.runtimes) && cfg.runtimes.length) return cfg.runtimes.slice();
+  if (cfg.runtime) return [cfg.runtime];
+  return null;
 }
 
 function detectMode(projectRoot, scope) {
@@ -277,10 +301,19 @@ async function _runInitQuestions(detectedRuntime, askUser, flags) {
   const model_profile = (await askUser({ type: 'select', question: 'Model-Profile?',
     options: ['frontier', 'quality', 'balanced', 'budget', 'inherit'], default: 'frontier' })).value;
   const response_language = (await askUser({ type: 'input', question: 'Response language (ISO-639 code)?', default: 'en' })).value;
+  // Wizard / --yes default is intentionally `false` (safer-by-default per
+  // FIX-B2) even though the implicit code default lives at `true` in
+  // DEFAULT_WORKFLOW (ADR-0004). The two are NOT in drift: explicit answer
+  // overrides default; absent key falls back to ADR-0004 true. This is
+  // covered by tests/install/install-flags.test.cjs:85.
+  const commit_artifacts = (await askUser({ type: 'confirm',
+    question: 'Auto-commit nubos-pilot planning artefacts (.nubos-pilot/ — milestones, roadmap, learnings) into your git repo?',
+    default: false })).value;
   return configDefaults.buildInstallConfig({
     runtime, runtimes, scope,
     model_profile,
     response_language,
+    commit_artifacts,
   });
 }
 
@@ -476,8 +509,19 @@ async function _runInstallLocked(ctx) {
   }
 
   stagingMod.finalizeSwap(payloadBase);
+  const resolvedPayloadDir = path.resolve(payloadDir);
   for (const rel of diff.stale) {
-    try { fs.unlinkSync(path.join(payloadDir, rel)); } catch {}
+    manifestMod.assertSafeManifestKey(rel, 'install-stale-cleanup');
+    const abs = path.join(payloadDir, rel);
+    const resolvedAbs = path.resolve(abs);
+    if (!(resolvedAbs === resolvedPayloadDir || resolvedAbs.startsWith(resolvedPayloadDir + path.sep))) {
+      throw new NubosPilotError(
+        'manifest-unlink-outside-base',
+        'Refusing unlink that escapes payloadDir',
+        { rel, base: path.basename(payloadDir) },
+      );
+    }
+    try { fs.unlinkSync(abs); } catch {}
   }
 
   if (opencodeManifest) {
@@ -503,9 +547,20 @@ async function _runInstallLocked(ctx) {
     const opencodeBase = resolvedScope === 'global' ? os.homedir() : projectRoot;
     for (const rel of diff.stale) {
       if (rel.startsWith(opencodeManifestPrefix)) {
+        manifestMod.assertSafeManifestKey(rel, 'install-opencode-stale');
         const relFs = rel.startsWith('~/')
           ? path.join(os.homedir(), rel.slice(2))
           : path.join(opencodeBase, rel);
+        const expectedBase = rel.startsWith('~/') ? os.homedir() : opencodeBase;
+        const resolvedRelFs = path.resolve(relFs);
+        const resolvedExpected = path.resolve(expectedBase);
+        if (!(resolvedRelFs === resolvedExpected || resolvedRelFs.startsWith(resolvedExpected + path.sep))) {
+          throw new NubosPilotError(
+            'manifest-unlink-outside-base',
+            'Refusing opencode unlink that escapes its base',
+            { rel, base: path.basename(expectedBase) },
+          );
+        }
         try { fs.unlinkSync(relFs); } catch {}
       }
     }
@@ -594,14 +649,11 @@ function _runUninstallLocked(projectRoot) {
     return { uninstalled: false };
   }
 
+  // Reuse the SAME validator as readManifest so a legitimate key like
+  // `..bar` (no traversal segment) isn't false-rejected here while passing
+  // validation upstream. Single source of truth lives in manifest.cjs.
   for (const rel of Object.keys(manifest.files)) {
-    if (rel.includes('..') || path.isAbsolute(rel)) {
-      throw new NubosPilotError(
-        'manifest-path-traversal',
-        'Manifest contains suspicious path',
-        { rel },
-      );
-    }
+    manifestMod.assertSafeManifestKey(rel, 'uninstall');
   }
 
   const payloadBase = scope === 'global' ? os.homedir() : projectRoot;
@@ -612,6 +664,20 @@ function _runUninstallLocked(projectRoot) {
     const abs = rel.startsWith('~/')
       ? path.join(os.homedir(), rel.slice(2))
       : isAsset ? path.join(payloadBase, rel) : path.join(payloadDir, rel);
+    // Defense-in-depth: even with the validator above, ensure the resolved
+    // path lives inside its expected base. A symlink or future-validator
+    // regression cannot escape this prefix check.
+    const expectedBase = rel.startsWith('~/') ? os.homedir()
+      : isAsset ? payloadBase : payloadDir;
+    const resolvedAbs = path.resolve(abs);
+    const resolvedBase = path.resolve(expectedBase);
+    if (!(resolvedAbs === resolvedBase || resolvedAbs.startsWith(resolvedBase + path.sep))) {
+      throw new NubosPilotError(
+        'manifest-unlink-outside-base',
+        'Refusing unlink that escapes its payload base',
+        { rel, base: path.basename(expectedBase) },
+      );
+    }
     try {
       fs.unlinkSync(abs);
       removed++;
@@ -639,12 +705,11 @@ function _runUninstallLocked(projectRoot) {
 
   try { fs.rmdirSync(payloadDir); } catch {}
 
-  const cfgPath = path.join(_stateDirFor(projectRoot), 'config.json');
   let installedRuntimes = [];
-  try {
-    const cfg = JSON.parse(fs.readFileSync(cfgPath, 'utf-8'));
+  const cfg = _readInstallConfig(projectRoot);
+  if (cfg) {
     installedRuntimes = cfg.runtimes || (cfg.runtime ? [cfg.runtime] : []);
-  } catch {}
+  }
 
   const legacyFiles = ['CLAUDE.md', 'AGENTS.md', 'GEMINI.md'];
   const extraFiles = [];
@@ -793,21 +858,21 @@ async function runUninstallHooks(opts) {
 }
 
 if (require.main === module) {
-  main().catch((err) => {
-    if (err && err.code) {
-      process.stderr.write(
-        JSON.stringify({
-          error: {
-            code: err.code,
-            message: err.message,
-            details: err.details || null,
-          },
-        }) + '\n',
-      );
-    } else {
-      process.stderr.write(((err && err.stack) || String(err)) + '\n');
-    }
+  if (Number(process.versions.node.split('.')[0]) < 22) {
+    process.stderr.write('nubos-pilot: requires Node >= 22 (running ' + process.versions.node + ')\n');
     process.exit(1);
+  }
+  installSignalCleanup();
+  main().catch((err) => {
+    const payload = (err && err.code)
+      ? JSON.stringify({ error: { code: err.code, message: err.message, details: err.details || null } }) + '\n'
+      : ((err && err.stack) || String(err)) + '\n';
+    // Drain stderr before exit. process.exit() can otherwise tear down the
+    // pipe mid-flush on busy CI, truncating the envelope. Set exitCode and
+    // let Node drain naturally; force-exit only as a last-resort fallback.
+    try { process.stderr.write(payload); } catch {}
+    process.exitCode = 1;
+    setTimeout(() => process.exit(1), 1000).unref();
   });
 }
 

package/bin/np-tools/_args.cjs

@@ -2,9 +2,15 @@
 
 const { NubosPilotError } = require('../../lib/core.cjs');
 
-function getFlag(rest, name) {
+function getFlag(rest, name, opts) {
   const idx = rest.indexOf(name);
-  return idx !== -1 ? rest[idx + 1] : undefined;
+  if (idx === -1) return undefined;
+  const next = rest[idx + 1];
+  const allowDash = opts && opts.allowDashValues === true;
+  if (!allowDash && typeof next === 'string' && next.startsWith('--')) {
+    return undefined;
+  }
+  return next;
 }
 
 function getJsonFlag(rest, name, missingCode, hint) {

package/bin/np-tools/_memory-resolve.cjs

@@ -1,7 +1,7 @@
 'use strict';
 
 const { NubosPilotError } = require('../../lib/core.cjs');
-const { readConfigPath } = require('../../lib/config.cjs');
+const { tryReadConfigPath } = require('../../lib/config.cjs');
 const { createMemory } = require('../../lib/memory.cjs');
 
 function resolveMemory(opts) {
@@ -17,7 +17,7 @@ function resolveMemory(opts) {
     });
   }
 
-  const enabled = readConfigPath(cwd, 'memory.enabled', false);
+  const enabled = tryReadConfigPath(cwd, 'memory.enabled', false);
   if (!enabled) {
     throw new NubosPilotError(
       'memory-disabled',
@@ -26,8 +26,8 @@ function resolveMemory(opts) {
     );
   }
 
-  const model = readConfigPath(cwd, 'memory.model', 'Xenova/bge-small-en-v1.5');
-  const alpha = readConfigPath(cwd, 'memory.alpha', 0.6);
+  const model = tryReadConfigPath(cwd, 'memory.model', 'Xenova/bge-small-en-v1.5');
+  const alpha = tryReadConfigPath(cwd, 'memory.alpha', 0.6);
 
   const { createLocalProvider } = require('../../lib/memory-provider-local.cjs');
   const { createUsearchIndex } = require('../../lib/memory-index-usearch.cjs');

package/bin/np-tools/checkpoint.cjs

@@ -1,5 +1,5 @@
 const { NubosPilotError } = require('../../lib/core.cjs');
-const { TASK_ID_RE } = require('../../lib/tasks.cjs');
+const { TASK_ID_RE } = require('../../lib/ids.cjs');
 const {
   startTask,
   writeCheckpoint,

package/bin/np-tools/close-project.cjs

@@ -1,36 +1,10 @@
 'use strict';
 
-const fs = require('node:fs');
-const path = require('node:path');
-const os = require('node:os');
-const crypto = require('node:crypto');
-
-const {
-  NubosPilotError,
-  projectStateDir,
-} = require('../../lib/core.cjs');
+const { NubosPilotError } = require('../../lib/core.cjs');
+const { emitInitPayload } = require('../../lib/init-emit.cjs');
 const archive = require('../../lib/archive.cjs');
 const textMode = require('../../lib/text-mode.cjs');
 
-const INLINE_THRESHOLD_BYTES = 16 * 1024;
-
-function _emit(payload, stdout, cwd) {
-  const json = JSON.stringify(payload, null, 2);
-  if (Buffer.byteLength(json, 'utf-8') <= INLINE_THRESHOLD_BYTES) {
-    stdout.write(json);
-    return;
-  }
-  let tmpDir;
-  try {
-    tmpDir = path.join(projectStateDir(cwd), '.tmp');
-    fs.mkdirSync(tmpDir, { recursive: true });
-  } catch { tmpDir = os.tmpdir(); }
-  const suffix = process.pid + '-' + crypto.randomBytes(4).toString('hex');
-  const tmpPath = path.join(tmpDir, 'init-close-project-' + suffix + '.json');
-  fs.writeFileSync(tmpPath, json, 'utf-8');
-  stdout.write('@file:' + tmpPath);
-}
-
 function _initPayload(cwd) {
   const completion = archive.computeCompletionStatus(cwd);
   const tmDetail = textMode.resolveTextModeDetail(cwd);
@@ -68,7 +42,7 @@ function run(args, ctx) {
     case 'init':
     case undefined: {
       const payload = _initPayload(cwd);
-      _emit(payload, stdout, cwd);
+      emitInitPayload(payload, stdout, cwd, 'close-project');
       return payload;
     }
     case 'check': {

package/bin/np-tools/commit-task.cjs

@@ -1,28 +1,18 @@
 const fs = require('node:fs');
 const path = require('node:path');
+const safePath = require('../../lib/safe-path.cjs');
 
 const { NubosPilotError, findProjectRoot } = require('../../lib/core.cjs');
 const { extractFrontmatter } = require('../../lib/frontmatter.cjs');
-const { TASK_ID_RE, setTaskStatus } = require('../../lib/tasks.cjs');
+const { setTaskStatus } = require('../../lib/tasks.cjs');
+const { TASK_ID_RE } = require('../../lib/ids.cjs');
 const layout = require('../../lib/layout.cjs');
 const git = require('../../lib/git.cjs');
 const { commitTask, findCommitByTaskId } = git;
-const { deleteCheckpoint, readCheckpoint, mergeCheckpoint } = require('../../lib/checkpoint.cjs');
+const { finishTask, readCheckpoint, mergeCheckpoint } = require('../../lib/checkpoint.cjs');
 
 const BYPASS_FLAG = '--bypass-nubosloop';
 
-// Evidence-based gate: a complete Nubosloop run accumulates fields on the
-// checkpoint envelope (cache_hit from preflight, verify_exit_code from
-// post-executor, findings from post-critics, committed_at from commit). A
-// gamed run that only invokes `loop-run-round --phase commit` directly leaves
-// verify_exit_code and findings undefined. Checking last_phase alone is not
-// enough — we require the cumulative signature.
-//
-// `evaluateLoop` only routes `next_action='commit'` when `findings.length === 0`
-// (see lib/nubosloop.cjs). The previous gate accepted `Array.isArray(findings)`
-// alone — a critic that returned actual findings still satisfied the shape
-// check, letting the commit slip through. Mirror the evaluator's invariant
-// here so a non-empty findings array is a hard refuse, not an accident.
 function _assertLoopGate(taskId, cwd, bypass, stderr) {
   const cp = readCheckpoint(taskId, cwd);
   const np = (cp && cp.nubosloop) || null;
@@ -85,24 +75,33 @@ function _resolveTaskFile(taskId, cwd) {
 }
 
 function _resolveSafe(root, p) {
-  const abs = path.resolve(root, p);
-  const rel = path.relative(root, abs);
-  if (rel.startsWith('..') || path.isAbsolute(rel)) {
-    throw new NubosPilotError(
-      'path-not-in-project',
-      'files_modified entry escapes project root: ' + p,
-      { path: p, root },
-    );
+  try {
+    safePath.assertInsideBase(root, path.resolve(root, p), 'commit-files');
+  } catch (err) {
+    if (err && (err.code === 'safe-path-outside-base' || err.code === 'safe-path-invalid-input' || err.code === 'safe-path-base-missing')) {
+      throw new NubosPilotError(
+        'path-not-in-project',
+        'files_modified entry escapes project root: ' + p,
+        { path: p, root, cause: err.code },
+      );
+    }
+    throw err;
   }
   return p;
 }
 
-function _extractName(frontmatter, body) {
-  if (typeof frontmatter.name === 'string' && frontmatter.name.length > 0) return frontmatter.name;
+const _COMMIT_NAME_MAX = 200;
+function _sanitizeCommitName(s) {
+  return String(s == null ? '' : s).replace(/[\r\n\t]+/g, ' ').replace(/\s+/g, ' ').trim().slice(0, _COMMIT_NAME_MAX);
+}
 
+function _extractName(frontmatter, body) {
+  if (typeof frontmatter.name === 'string' && frontmatter.name.length > 0) {
+    return _sanitizeCommitName(frontmatter.name);
+  }
   const m = String(body || '').match(/^#\s+(?:Task:\s*)?(.+?)\s*$/m);
-  if (m) return m[1].trim();
-  return frontmatter.id || 'task';
+  if (m) return _sanitizeCommitName(m[1]);
+  return _sanitizeCommitName(frontmatter.id || 'task');
 }
 
 function run(args, ctx) {
@@ -163,13 +162,6 @@ function run(args, ctx) {
   const result = commitTask(taskId, safeFiles, message);
 
   if (result.committed === false && result.reason === 'artifacts-gitignored') {
-    // Soft-skip: every files_modified entry is gitignored. The task ran the
-    // full Nubosloop (preflight → executor → critic), edits landed locally,
-    // and the workflow already stamped `committed_at` via loop-run-round.
-    // We mark the task done WITHOUT a git commit, record the skip reason on
-    // the checkpoint for audit, and let the wave continue. Symmetric to
-    // commit_artifacts=false (commit.cjs:102) and to feedback_no_container_blocker:
-    // gitignore is a routing signal, never a hard stop.
     try {
       mergeCheckpoint(taskId, (cur) => ({
         nubosloop: Object.assign({}, (cur && cur.nubosloop) || {}, {
@@ -180,7 +172,9 @@ function run(args, ctx) {
     } catch (err) {
       process.stderr.write('[nubos-pilot warn] checkpoint stamp failed for ' + taskId + ': ' + (err && err.message) + '\n');
     }
-    try { deleteCheckpoint(taskId, cwd); } catch {}
+    try { finishTask(taskId, cwd); } catch (err) {
+      process.stderr.write('[nubos-pilot warn] finishTask failed for ' + taskId + ': ' + (err && err.message) + '\n');
+    }
     try { setTaskStatus(taskId, 'done', cwd); } catch (err) {
       process.stderr.write('[nubos-pilot warn] setTaskStatus failed for ' + taskId + ': ' + (err && err.message) + '\n');
     }
@@ -201,7 +195,9 @@ function run(args, ctx) {
 
   const sha = findCommitByTaskId(taskId);
 
-  try { deleteCheckpoint(taskId, cwd); } catch {}
+  try { finishTask(taskId, cwd); } catch (err) {
+    process.stderr.write('[nubos-pilot warn] finishTask failed for ' + taskId + ': ' + (err && err.message) + '\n');
+  }
   try { setTaskStatus(taskId, 'done', cwd); } catch (err) {
     process.stderr.write('[nubos-pilot warn] setTaskStatus failed for ' + taskId + ': ' + (err && err.message) + '\n');
   }

package/bin/np-tools/commit.cjs

@@ -101,9 +101,6 @@ function run(argv, ctx) {
     const normalized = _normalizeFiles(files, cwd, root);
     const committable = assertCommittablePaths(normalized, { cwd: root });
     if (committable.length === 0) {
-      // All paths gitignored → soft-skip with structured payload (symmetric to
-      // commit_artifacts=false above). The earlier `commit-no-paths` throw
-      // turned a routing signal into a hard error.
       stdout.write(JSON.stringify({
         committed: false,
         reason: 'artifacts-gitignored',

package/bin/np-tools/config.cjs

@@ -1,6 +1,4 @@
-const fs = require('node:fs');
-const path = require('node:path');
-const { findProjectRoot, NubosPilotError } = require('../../lib/core.cjs');
+const { NubosPilotError } = require('../../lib/core.cjs');
 const { DEFAULT_CONFIG_TREE } = require('../../lib/config-defaults.cjs');
 const { emitErrorEnvelope } = require('./_args.cjs');
 
@@ -12,21 +10,14 @@ function _usage() {
 }
 
 function _readConfig(cwd) {
-  let root;
+  const { readConfig } = require('../../lib/config.cjs');
   try {
-    root = findProjectRoot(cwd);
+    const cfg = readConfig(cwd);
+    return cfg && Object.keys(cfg).length === 0 ? null : cfg;
   } catch (err) {
     if (err && err.code === 'not-in-project') return null;
     throw err;
   }
-  const p = path.join(root, '.nubos-pilot', 'config.json');
-  if (!fs.existsSync(p)) return null;
-  try {
-    const parsed = JSON.parse(fs.readFileSync(p, 'utf-8'));
-    return parsed && typeof parsed === 'object' ? parsed : null;
-  } catch (err) {
-    throw new NubosPilotError('config-parse-error', 'config.json invalid JSON', { cause: err && err.message });
-  }
 }
 
 function _walkPath(obj, segments) {