opencode-swarm 6.69.0 → 6.70.0

package/dist/cli/index.js

@@ -16947,7 +16947,7 @@ var require_signal_exit = __commonJS((exports, module) => {
       emitter.count -= 1;
     };
     module.exports.unload = unload;
-    emit = function emit2(event, code, signal) {
+    emit2 = function emit3(event, code, signal) {
       if (emitter.emitted[event]) {
         return;
       }
@@ -16963,8 +16963,8 @@ var require_signal_exit = __commonJS((exports, module) => {
         var listeners = process3.listeners(sig);
         if (listeners.length === emitter.count) {
           unload();
-          emit("exit", null, sig);
-          emit("afterexit", null, sig);
+          emit2("exit", null, sig);
+          emit2("afterexit", null, sig);
           if (isWin && sig === "SIGHUP") {
             sig = "SIGINT";
           }
@@ -17000,8 +17000,8 @@ var require_signal_exit = __commonJS((exports, module) => {
         return;
       }
       process3.exitCode = code || 0;
-      emit("exit", process3.exitCode, null);
-      emit("afterexit", process3.exitCode, null);
+      emit2("exit", process3.exitCode, null);
+      emit2("afterexit", process3.exitCode, null);
       originalProcessReallyExit.call(process3, process3.exitCode);
     };
     originalProcessEmit = process3.emit;
@@ -17011,8 +17011,8 @@ var require_signal_exit = __commonJS((exports, module) => {
           process3.exitCode = arg;
         }
         var ret = originalProcessEmit.apply(this, arguments);
-        emit("exit", process3.exitCode, null);
-        emit("afterexit", process3.exitCode, null);
+        emit2("exit", process3.exitCode, null);
+        emit2("afterexit", process3.exitCode, null);
         return ret;
       } else {
         return originalProcessEmit.apply(this, arguments);
@@ -17025,7 +17025,7 @@ var require_signal_exit = __commonJS((exports, module) => {
   var EE;
   var emitter;
   var unload;
-  var emit;
+  var emit2;
   var sigListeners;
   var loaded;
   var load;
@@ -19205,7 +19205,8 @@ var AgentAuthorityRuleSchema = exports_external.object({
 });
 var AuthorityConfigSchema = exports_external.object({
   enabled: exports_external.boolean().default(true),
-  rules: exports_external.record(exports_external.string(), AgentAuthorityRuleSchema).default({})
+  rules: exports_external.record(exports_external.string(), AgentAuthorityRuleSchema).default({}),
+  universal_deny_prefixes: exports_external.array(exports_external.string().min(1)).default([])
 });
 var CouncilConfigSchema = exports_external.object({
   enabled: exports_external.boolean().default(false),
@@ -19464,6 +19465,416 @@ init_manager2();
 
 // src/state.ts
 init_plan_schema();
+
+// src/hooks/delegation-gate.ts
+init_telemetry();
+
+// node_modules/quick-lru/index.js
+class QuickLRU extends Map {
+  #size = 0;
+  #cache = new Map;
+  #oldCache = new Map;
+  #maxSize;
+  #maxAge;
+  #onEviction;
+  constructor(options = {}) {
+    super();
+    if (!(options.maxSize && options.maxSize > 0)) {
+      throw new TypeError("`maxSize` must be a number greater than 0");
+    }
+    if (typeof options.maxAge === "number" && options.maxAge === 0) {
+      throw new TypeError("`maxAge` must be a number greater than 0");
+    }
+    this.#maxSize = options.maxSize;
+    this.#maxAge = options.maxAge || Number.POSITIVE_INFINITY;
+    this.#onEviction = options.onEviction;
+  }
+  get __oldCache() {
+    return this.#oldCache;
+  }
+  #emitEvictions(cache) {
+    if (typeof this.#onEviction !== "function") {
+      return;
+    }
+    for (const [key, item] of cache) {
+      this.#onEviction(key, item.value);
+    }
+  }
+  #deleteIfExpired(key, item) {
+    if (typeof item.expiry === "number" && item.expiry <= Date.now()) {
+      if (typeof this.#onEviction === "function") {
+        this.#onEviction(key, item.value);
+      }
+      return this.delete(key);
+    }
+    return false;
+  }
+  #getOrDeleteIfExpired(key, item) {
+    const deleted = this.#deleteIfExpired(key, item);
+    if (deleted === false) {
+      return item.value;
+    }
+  }
+  #getItemValue(key, item) {
+    return item.expiry ? this.#getOrDeleteIfExpired(key, item) : item.value;
+  }
+  #peek(key, cache) {
+    const item = cache.get(key);
+    return this.#getItemValue(key, item);
+  }
+  #set(key, value) {
+    this.#cache.set(key, value);
+    this.#size++;
+    if (this.#size >= this.#maxSize) {
+      this.#size = 0;
+      this.#emitEvictions(this.#oldCache);
+      this.#oldCache = this.#cache;
+      this.#cache = new Map;
+    }
+  }
+  #moveToRecent(key, item) {
+    this.#oldCache.delete(key);
+    this.#set(key, item);
+  }
+  *#entriesAscending() {
+    for (const item of this.#oldCache) {
+      const [key, value] = item;
+      if (!this.#cache.has(key)) {
+        const deleted = this.#deleteIfExpired(key, value);
+        if (deleted === false) {
+          yield item;
+        }
+      }
+    }
+    for (const item of this.#cache) {
+      const [key, value] = item;
+      const deleted = this.#deleteIfExpired(key, value);
+      if (deleted === false) {
+        yield item;
+      }
+    }
+  }
+  get(key) {
+    if (this.#cache.has(key)) {
+      const item = this.#cache.get(key);
+      return this.#getItemValue(key, item);
+    }
+    if (this.#oldCache.has(key)) {
+      const item = this.#oldCache.get(key);
+      if (this.#deleteIfExpired(key, item) === false) {
+        this.#moveToRecent(key, item);
+        return item.value;
+      }
+    }
+  }
+  set(key, value, { maxAge = this.#maxAge } = {}) {
+    const expiry = typeof maxAge === "number" && maxAge !== Number.POSITIVE_INFINITY ? Date.now() + maxAge : undefined;
+    if (this.#cache.has(key)) {
+      this.#cache.set(key, {
+        value,
+        expiry
+      });
+    } else {
+      this.#set(key, { value, expiry });
+    }
+    return this;
+  }
+  has(key) {
+    if (this.#cache.has(key)) {
+      return !this.#deleteIfExpired(key, this.#cache.get(key));
+    }
+    if (this.#oldCache.has(key)) {
+      return !this.#deleteIfExpired(key, this.#oldCache.get(key));
+    }
+    return false;
+  }
+  peek(key) {
+    if (this.#cache.has(key)) {
+      return this.#peek(key, this.#cache);
+    }
+    if (this.#oldCache.has(key)) {
+      return this.#peek(key, this.#oldCache);
+    }
+  }
+  expiresIn(key) {
+    const item = this.#cache.get(key) ?? this.#oldCache.get(key);
+    if (item) {
+      return item.expiry ? item.expiry - Date.now() : Number.POSITIVE_INFINITY;
+    }
+  }
+  delete(key) {
+    const deleted = this.#cache.delete(key);
+    if (deleted) {
+      this.#size--;
+    }
+    return this.#oldCache.delete(key) || deleted;
+  }
+  clear() {
+    this.#cache.clear();
+    this.#oldCache.clear();
+    this.#size = 0;
+  }
+  resize(newSize) {
+    if (!(newSize && newSize > 0)) {
+      throw new TypeError("`maxSize` must be a number greater than 0");
+    }
+    const items = [...this.#entriesAscending()];
+    const removeCount = items.length - newSize;
+    if (removeCount < 0) {
+      this.#cache = new Map(items);
+      this.#oldCache = new Map;
+      this.#size = items.length;
+    } else {
+      if (removeCount > 0) {
+        this.#emitEvictions(items.slice(0, removeCount));
+      }
+      this.#oldCache = new Map(items.slice(removeCount));
+      this.#cache = new Map;
+      this.#size = 0;
+    }
+    this.#maxSize = newSize;
+  }
+  evict(count = 1) {
+    const requested = Number(count);
+    if (!requested || requested <= 0) {
+      return;
+    }
+    const items = [...this.#entriesAscending()];
+    const evictCount = Math.trunc(Math.min(requested, Math.max(items.length - 1, 0)));
+    if (evictCount <= 0) {
+      return;
+    }
+    this.#emitEvictions(items.slice(0, evictCount));
+    this.#oldCache = new Map(items.slice(evictCount));
+    this.#cache = new Map;
+    this.#size = 0;
+  }
+  *keys() {
+    for (const [key] of this) {
+      yield key;
+    }
+  }
+  *values() {
+    for (const [, value] of this) {
+      yield value;
+    }
+  }
+  *[Symbol.iterator]() {
+    for (const item of this.#cache) {
+      const [key, value] = item;
+      const deleted = this.#deleteIfExpired(key, value);
+      if (deleted === false) {
+        yield [key, value.value];
+      }
+    }
+    for (const item of this.#oldCache) {
+      const [key, value] = item;
+      if (!this.#cache.has(key)) {
+        const deleted = this.#deleteIfExpired(key, value);
+        if (deleted === false) {
+          yield [key, value.value];
+        }
+      }
+    }
+  }
+  *entriesDescending() {
+    let items = [...this.#cache];
+    for (let i = items.length - 1;i >= 0; --i) {
+      const item = items[i];
+      const [key, value] = item;
+      const deleted = this.#deleteIfExpired(key, value);
+      if (deleted === false) {
+        yield [key, value.value];
+      }
+    }
+    items = [...this.#oldCache];
+    for (let i = items.length - 1;i >= 0; --i) {
+      const item = items[i];
+      const [key, value] = item;
+      if (!this.#cache.has(key)) {
+        const deleted = this.#deleteIfExpired(key, value);
+        if (deleted === false) {
+          yield [key, value.value];
+        }
+      }
+    }
+  }
+  *entriesAscending() {
+    for (const [key, value] of this.#entriesAscending()) {
+      yield [key, value.value];
+    }
+  }
+  get size() {
+    if (!this.#size) {
+      return this.#oldCache.size;
+    }
+    let oldCacheSize = 0;
+    for (const key of this.#oldCache.keys()) {
+      if (!this.#cache.has(key)) {
+        oldCacheSize++;
+      }
+    }
+    return Math.min(this.#size + oldCacheSize, this.#maxSize);
+  }
+  get maxSize() {
+    return this.#maxSize;
+  }
+  get maxAge() {
+    return this.#maxAge;
+  }
+  entries() {
+    return this.entriesAscending();
+  }
+  forEach(callbackFunction, thisArgument = this) {
+    for (const [key, value] of this.entriesAscending()) {
+      callbackFunction.call(thisArgument, value, key, this);
+    }
+  }
+  get [Symbol.toStringTag]() {
+    return "QuickLRU";
+  }
+  toString() {
+    return `QuickLRU(${this.size}/${this.maxSize})`;
+  }
+  [Symbol.for("nodejs.util.inspect.custom")]() {
+    return this.toString();
+  }
+}
+
+// src/config/index.ts
+init_evidence_schema();
+init_plan_schema();
+
+// src/config/spec-schema.ts
+init_zod();
+var ObligationSchema = exports_external.enum(["MUST", "SHALL", "SHOULD", "MAY"]);
+var SpecRequirementSchema = exports_external.object({
+  id: exports_external.string().regex(/^FR-(?!000)\d{3}$/, "Requirement ID must match FR-### pattern (e.g., FR-001)"),
+  obligation: ObligationSchema,
+  text: exports_external.string().min(1)
+});
+var SpecScenarioSchema = exports_external.object({
+  name: exports_external.string().min(1),
+  given: exports_external.array(exports_external.string()).optional().default([]),
+  when: exports_external.array(exports_external.string()).min(1, 'Scenario must have at least one "when" clause'),
+  thenClauses: exports_external.array(exports_external.string()).min(1, 'Scenario must have at least one "then" clause')
+});
+var SpecSectionSchema = exports_external.object({
+  name: exports_external.string().min(1),
+  requirements: exports_external.array(SpecRequirementSchema).default([])
+});
+var SwarmSpecSchema = exports_external.object({
+  title: exports_external.string().min(1),
+  purpose: exports_external.string().min(1),
+  sections: exports_external.array(SpecSectionSchema).min(1, "Spec must have at least one section")
+});
+var SpecDeltaSchema = exports_external.object({
+  added: exports_external.array(SpecRequirementSchema).default([]),
+  modified: exports_external.array(SpecRequirementSchema).default([]),
+  removed: exports_external.array(SpecRequirementSchema).default([])
+});
+var DeltaSpecSchema = exports_external.union([
+  SwarmSpecSchema,
+  SpecDeltaSchema
+]);
+// src/agents/index.ts
+var warnedAgents = new Set;
+
+// src/hooks/guardrails.ts
+init_manager();
+init_telemetry();
+init_utils();
+
+// src/hooks/conflict-resolution.ts
+init_telemetry();
+
+// src/hooks/extractors.ts
+function extractCurrentPhase(planContent) {
+  if (!planContent) {
+    return null;
+  }
+  const lines = planContent.split(`
+`);
+  for (let i = 0;i < Math.min(20, lines.length); i++) {
+    const line = lines[i].trim();
+    const progressMatch = line.match(/^## Phase (\d+):?\s*(.*?)\s*\[IN PROGRESS\]/i);
+    if (progressMatch) {
+      const phaseNum = progressMatch[1];
+      const description = progressMatch[2]?.trim() || "";
+      return `Phase ${phaseNum}: ${description} [IN PROGRESS]`;
+    }
+  }
+  for (let i = 0;i < Math.min(3, lines.length); i++) {
+    const line = lines[i].trim();
+    const phaseMatch = line.match(/Phase:\s*(\d+)/i);
+    if (phaseMatch) {
+      const phaseNum = phaseMatch[1];
+      return `Phase ${phaseNum} [PENDING]`;
+    }
+  }
+  return null;
+}
+function extractCurrentPhaseFromPlan(plan) {
+  const phase = plan.phases.find((p) => p.id === plan.current_phase);
+  if (!phase)
+    return null;
+  const statusMap = {
+    pending: "PENDING",
+    in_progress: "IN PROGRESS",
+    complete: "COMPLETE",
+    blocked: "BLOCKED"
+  };
+  const statusText = statusMap[phase.status] || "PENDING";
+  return `Phase ${phase.id}: ${phase.name} [${statusText}]`;
+}
+
+// src/hooks/model-limits.ts
+init_utils();
+var loggedFirstCalls = new Set;
+
+// src/hooks/guardrails.ts
+var storedInputArgs = new Map;
+var toolCallsSinceLastWrite = new Map;
+var noOpWarningIssued = new Set;
+var consecutiveNoToolTurns = new Map;
+var DC_SAFE_TARGETS = new Set([
+  "node_modules",
+  ".git",
+  "dist",
+  "build",
+  "coverage",
+  ".next",
+  ".turbo",
+  ".cache",
+  ".venv",
+  "venv",
+  "__pycache__",
+  "target",
+  "out",
+  ".parcel-cache",
+  ".svelte-kit",
+  ".nuxt",
+  ".output",
+  ".angular",
+  ".gradle",
+  "vendor"
+]);
+var DC_FS_ROOTS = new Set(["/", "C:\\", "C:/", "D:\\", "D:/", "E:\\", "E:/"]);
+var pathNormalizationCache = new QuickLRU({
+  maxSize: 500
+});
+var globMatcherCache = new QuickLRU({
+  maxSize: 200
+});
+
+// src/hooks/delegation-gate.ts
+init_utils2();
+var pendingCoderScopeByTaskId = new Map;
+function clearPendingCoderScope() {
+  pendingCoderScopeByTaskId.clear();
+}
+
+// src/state.ts
 init_telemetry();
 var _rehydrationCache = null;
 var swarmState = {
@@ -19496,6 +19907,7 @@ function resetSwarmState() {
   _rehydrationCache = null;
   swarmState.fullAutoEnabledInConfig = false;
   swarmState.environmentProfiles.clear();
+  clearPendingCoderScope();
 }
 function getAgentSession(sessionId) {
   return swarmState.agentSessions.get(sessionId);
@@ -32178,43 +32590,6 @@ function tool(input) {
   return input;
 }
 tool.schema = exports_external2;
-
-// src/config/index.ts
-init_evidence_schema();
-init_plan_schema();
-
-// src/config/spec-schema.ts
-init_zod();
-var ObligationSchema = exports_external.enum(["MUST", "SHALL", "SHOULD", "MAY"]);
-var SpecRequirementSchema = exports_external.object({
-  id: exports_external.string().regex(/^FR-(?!000)\d{3}$/, "Requirement ID must match FR-### pattern (e.g., FR-001)"),
-  obligation: ObligationSchema,
-  text: exports_external.string().min(1)
-});
-var SpecScenarioSchema = exports_external.object({
-  name: exports_external.string().min(1),
-  given: exports_external.array(exports_external.string()).optional().default([]),
-  when: exports_external.array(exports_external.string()).min(1, 'Scenario must have at least one "when" clause'),
-  thenClauses: exports_external.array(exports_external.string()).min(1, 'Scenario must have at least one "then" clause')
-});
-var SpecSectionSchema = exports_external.object({
-  name: exports_external.string().min(1),
-  requirements: exports_external.array(SpecRequirementSchema).default([])
-});
-var SwarmSpecSchema = exports_external.object({
-  title: exports_external.string().min(1),
-  purpose: exports_external.string().min(1),
-  sections: exports_external.array(SpecSectionSchema).min(1, "Spec must have at least one section")
-});
-var SpecDeltaSchema = exports_external.object({
-  added: exports_external.array(SpecRequirementSchema).default([]),
-  modified: exports_external.array(SpecRequirementSchema).default([]),
-  removed: exports_external.array(SpecRequirementSchema).default([])
-});
-var DeltaSpecSchema = exports_external.union([
-  SwarmSpecSchema,
-  SpecDeltaSchema
-]);
 // src/tools/create-tool.ts
 function classifyToolError(error93) {
   const msg = (error93 instanceof Error ? error93.message ?? "" : String(error93)).toLowerCase();
@@ -37537,7 +37912,7 @@ function validatePlanPhases(plan) {
   }
   return true;
 }
-function extractCurrentPhaseFromPlan(plan) {
+function extractCurrentPhaseFromPlan2(plan) {
   if (!plan) {
     return { currentPhase: null, currentTask: null, incompleteTasks: [] };
   }
@@ -37685,7 +38060,7 @@ async function getHandoffData(directory) {
   const sessionContent = await readSwarmFileAsync(directory, "session/state.json");
   const sessionState = parseSessionState(sessionContent);
   const plan = await loadPlanJsonOnly(directory);
-  const planInfo = extractCurrentPhaseFromPlan(plan);
+  const planInfo = extractCurrentPhaseFromPlan2(plan);
   if (!plan) {
     const planMdContent = await readSwarmFileAsync(directory, "plan.md");
     if (planMdContent) {
@@ -43524,46 +43899,6 @@ async function handleSpecifyCommand(_directory, args) {
   return "[MODE: SPECIFY] Please enter MODE: SPECIFY and generate a spec for this project.";
 }
 
-// src/hooks/extractors.ts
-function extractCurrentPhase(planContent) {
-  if (!planContent) {
-    return null;
-  }
-  const lines = planContent.split(`
-`);
-  for (let i = 0;i < Math.min(20, lines.length); i++) {
-    const line = lines[i].trim();
-    const progressMatch = line.match(/^## Phase (\d+):?\s*(.*?)\s*\[IN PROGRESS\]/i);
-    if (progressMatch) {
-      const phaseNum = progressMatch[1];
-      const description = progressMatch[2]?.trim() || "";
-      return `Phase ${phaseNum}: ${description} [IN PROGRESS]`;
-    }
-  }
-  for (let i = 0;i < Math.min(3, lines.length); i++) {
-    const line = lines[i].trim();
-    const phaseMatch = line.match(/Phase:\s*(\d+)/i);
-    if (phaseMatch) {
-      const phaseNum = phaseMatch[1];
-      return `Phase ${phaseNum} [PENDING]`;
-    }
-  }
-  return null;
-}
-function extractCurrentPhaseFromPlan2(plan) {
-  const phase = plan.phases.find((p) => p.id === plan.current_phase);
-  if (!phase)
-    return null;
-  const statusMap = {
-    pending: "PENDING",
-    in_progress: "IN PROGRESS",
-    complete: "COMPLETE",
-    blocked: "BLOCKED"
-  };
-  const statusText = statusMap[phase.status] || "PENDING";
-  return `Phase ${phase.id}: ${phase.name} [${statusText}]`;
-}
-
 // src/services/status-service.ts
 init_utils2();
 init_manager();
@@ -43623,7 +43958,7 @@ var DEFAULT_CONTEXT_BUDGET_CONFIG = {
 async function getStatusData(directory, agents) {
   const plan = await loadPlan(directory);
   if (plan && plan.migration_status !== "migration_failed") {
-    const currentPhase2 = extractCurrentPhaseFromPlan2(plan) || "Unknown";
+    const currentPhase2 = extractCurrentPhaseFromPlan(plan) || "Unknown";
     let completedTasks2 = 0;
     let totalTasks2 = 0;
     for (const phase of plan.phases) {

package/dist/config/schema.d.ts

@@ -509,6 +509,7 @@ export declare const AuthorityConfigSchema: z.ZodObject<{
         blockedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
         allowedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>>;
+    universal_deny_prefixes: z.ZodDefault<z.ZodArray<z.ZodString>>;
 }, z.core.$strip>;
 export type AuthorityConfig = z.infer<typeof AuthorityConfigSchema>;
 export declare const CouncilConfigSchema: z.ZodObject<{
@@ -699,6 +700,7 @@ export declare const PluginConfigSchema: z.ZodObject<{
             blockedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
             allowedGlobs: z.ZodOptional<z.ZodArray<z.ZodString>>;
         }, z.core.$strip>>>;
+        universal_deny_prefixes: z.ZodDefault<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>;
     plan_cursor: z.ZodOptional<z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;

package/dist/hooks/delegation-gate.d.ts

@@ -11,8 +11,19 @@ import type { DelegationEnvelope, EnvelopeValidationResult } from '../types/dele
  * When messagesTransform sets declaredCoderScope on the architect session,
  * the coder session may not exist yet. This map allows scope-guard to look up
  * the scope by taskId when the session's declaredCoderScope is null.
+ *
+ * v6.70.0 gap-closure: this map is module-scoped (not inside `swarmState`) and
+ * is cleared by `resetSwarmState` via `clearPendingCoderScope()` below. Without
+ * that cleanup, a `/swarm close` followed by a new session with a colliding
+ * taskId (e.g. "1.1") would inherit stale scope from the previous swarm.
  */
 export declare const pendingCoderScopeByTaskId: Map<string, string[]>;
+/**
+ * v6.70.0 gap-closure: clears the pending coder-scope map. Exported as a
+ * helper (rather than importing the map directly from state.ts) to avoid the
+ * circular import `state.ts ↔ delegation-gate.ts`. Called by `resetSwarmState`.
+ */
+export declare function clearPendingCoderScope(): void;
 /**
  * Parses a string to extract a DelegationEnvelope.
  * Returns null if no valid envelope is found.

package/dist/hooks/guardrails.d.ts

@@ -6,6 +6,7 @@
  * - Layer 1 (Soft Warning @ warning_threshold): Sets warning flag for messagesTransform to inject warning
  * - Layer 2 (Hard Block @ 100%): Throws error in toolBefore to block further calls, injects STOP message
  */
+import * as path from 'node:path';
 import { type AuthorityConfig, type GuardrailsConfig } from '../config/schema';
 import { type FileZone } from '../context/zone-classifier';
 /**
@@ -119,10 +120,44 @@ type AgentRule = {
     allowedGlobs?: string[];
 };
 export declare const DEFAULT_AGENT_AUTHORITY_RULES: Record<string, AgentRule>;
+/**
+ * Checks whether a write target path (or any ancestor strictly inside cwd)
+ * is a symlink. Writing through a symlink can redirect the write to a
+ * location outside the working directory, bypassing scope containment.
+ *
+ * The walk stops at cwd — cwd itself is NOT lstat'd. A user's chosen
+ * working directory may legitimately be reached via a symlink (e.g.,
+ * macOS's /tmp → /private/tmp), and that symlink does not constitute a
+ * redirect *within* the workspace. Only attacker-plantable symlinks
+ * BELOW cwd are relevant to this guard.
+ *
+ * ENOENT on any node in the chain is allowed — the file/dir doesn't exist yet.
+ * Any other lstat error (EPERM, EACCES, ENAMETOOLONG, …) fails closed:
+ * an unverifiable ancestor must not be written through, even if the OS
+ * would eventually reject the write. Defense-in-depth over optimism.
+ *
+ * @returns A block reason string if a symlink is detected, null if all clear.
+ */
+export declare function checkWriteTargetForSymlink(targetPath: string, cwd: string): string | null;
+/**
+ * Returns true when `targetAbsolute` and `cwdAbsolute` resolve to different
+ * filesystem roots. On POSIX this is always false (single root `/`); on
+ * Windows it is true when the two paths sit on different drive letters or
+ * different UNC roots — the symptom Codex flagged on PR #501, where
+ * `path.relative('C:\\repo', 'D:\\secret.txt')` returns the absolute
+ * `'D:\\secret.txt'` and slips past `startsWith('../')` containment.
+ *
+ * Exposed (and accepts an injectable `pathLib`) so the cross-drive guard
+ * is falsifiable on Linux CI without depending on a Windows runner: tests
+ * pass `path.win32` / `path.posix` directly.
+ */
+export declare function isOnDifferentFilesystemRoot(targetAbsolute: string, cwdAbsolute: string, pathLib?: Pick<typeof path, 'parse'>): boolean;
 /**
  * Checks whether the given agent is authorised to write to the given file path.
  */
-export declare function checkFileAuthority(agentName: string, filePath: string, cwd: string, authorityConfig?: AuthorityConfig): {
+export declare function checkFileAuthority(agentName: string, filePath: string, cwd: string, authorityConfig?: AuthorityConfig, options?: {
+    declaredScope?: string[] | null;
+}): {
     allowed: true;
 } | {
     allowed: false;