quadwork 1.10.1 → 1.11.0

package/server/index.js

@@ -6,7 +6,7 @@ const os = require("os");
 const { WebSocketServer } = require("ws");
 const pty = require("node-pty");
 const { spawn } = require("child_process");
-const { readConfig, resolveAgentCwd, resolveAgentCommand, resolveProjectChattr, resolveChattrSpawn, syncChattrToken, CONFIG_PATH } = require("./config");
+const { readConfig, resolveAgentCwd, resolveAgentCommand, resolveProjectChattr, resolveChattrSpawn, syncChattrToken, CONFIG_PATH, ensureSecureDir, writeSecureFile, writeConfig } = require("./config");
 const routes = require("./routes");
 const {
   patchAgentchattrConfigForDiscordBridge,
@@ -43,11 +43,11 @@ app.get("/api/health", (_req, res) => {
 
 // --- CLI status detection ---
 
-const { execSync } = require("child_process");
+const { execFileSync } = require("child_process");
 
 function isCliInstalled(cmd) {
   try {
-    execSync(`which ${cmd}`, { encoding: "utf-8", stdio: "pipe" });
+    execFileSync("which", [cmd], { encoding: "utf-8", stdio: "pipe" });
     return true;
   } catch {
     return false;
@@ -264,8 +264,8 @@ function readPersistedAgentToken(projectId, agentId) {
 function writePersistedAgentToken(projectId, agentId, token) {
   try {
     const configDir = path.join(os.homedir(), ".quadwork", projectId);
-    if (!fs.existsSync(configDir)) fs.mkdirSync(configDir, { recursive: true });
-    fs.writeFileSync(_agentTokenPath(projectId, agentId), token, { mode: 0o600 });
+    ensureSecureDir(configDir);
+    writeSecureFile(_agentTokenPath(projectId, agentId), token);
   } catch {
     // non-fatal — stale-slot reclaim will degrade but registration still works
   }
@@ -278,7 +278,7 @@ function clearPersistedAgentToken(projectId, agentId) {
 function writeMcpConfigFile(projectId, agentId, mcpHttpPort, token) {
   const os = require("os");
   const configDir = path.join(os.homedir(), ".quadwork", projectId);
-  if (!fs.existsSync(configDir)) fs.mkdirSync(configDir, { recursive: true });
+  ensureSecureDir(configDir);
   const filePath = path.join(configDir, `mcp-${agentId}.json`);
   const url = `http://127.0.0.1:${mcpHttpPort}/mcp`;
   const config = {
@@ -290,7 +290,7 @@ function writeMcpConfigFile(projectId, agentId, mcpHttpPort, token) {
       },
     },
   };
-  fs.writeFileSync(filePath, JSON.stringify(config, null, 2));
+  writeSecureFile(filePath, JSON.stringify(config, null, 2));
   return filePath;
 }
 
@@ -431,7 +431,7 @@ function buildAgentEnv(projectId, agentId) {
   if (cliBase === "gemini" && project.mcp_http_port) {
     const os = require("os");
     const configDir = path.join(os.homedir(), ".quadwork", projectId);
-    if (!fs.existsSync(configDir)) fs.mkdirSync(configDir, { recursive: true });
+    ensureSecureDir(configDir);
     const settingsPath = path.join(configDir, `mcp-${agentId}-settings.json`);
     const url = `http://127.0.0.1:${project.mcp_http_port}/mcp`;
     const settings = {
@@ -443,7 +443,7 @@ function buildAgentEnv(projectId, agentId) {
         },
       },
     };
-    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
+    writeSecureFile(settingsPath, JSON.stringify(settings, null, 2));
     env.GEMINI_CLI_SYSTEM_SETTINGS_PATH = settingsPath;
   }
 
@@ -555,6 +555,7 @@ async function spawnAgentPty(project, agent) {
       queueWatcherHandle: null,
       // #418: ring buffer of recent PTY output so reconnecting WS
       // clients see the terminal state instead of a blank panel.
+      // #538: scrollback is scrubbed of likely secrets before replay.
       scrollback: Buffer.alloc(0),
     };
     agentSessions.set(key, session);
@@ -730,7 +731,7 @@ const HISTORY_SNAPSHOT_LIMIT = 5;
 async function snapshotProjectHistory(projectId) {
   try {
     const snapDir = path.join(require("os").homedir(), ".quadwork", projectId, "history-snapshots");
-    if (!fs.existsSync(snapDir)) fs.mkdirSync(snapDir, { recursive: true });
+    ensureSecureDir(snapDir);
     const res = await fetch(`http://127.0.0.1:${PORT}/api/project-history?project=${encodeURIComponent(projectId)}`, {
       signal: AbortSignal.timeout(30000),
     });
@@ -809,7 +810,7 @@ async function handleAgentChattr(req, res) {
     try {
       let content = fs.readFileSync(projectConfigToml, "utf-8");
       content = content.replace(/^port = \d+/m, `port = ${chattrPort}`);
-      fs.writeFileSync(projectConfigToml, content);
+      writeSecureFile(projectConfigToml, content);
     } catch {}
   }
 
@@ -866,7 +867,7 @@ async function handleAgentChattr(req, res) {
   // lose their tracked reference when the Node process recycles).
   function killProcessOnPort(port) {
     try {
-      const pids = execSync(`lsof -ti TCP:${port} -sTCP:LISTEN`, {
+      const pids = execFileSync("lsof", ["-ti", `TCP:${port}`, "-sTCP:LISTEN"], {
         encoding: "utf-8",
         timeout: 5000,
         stdio: ["pipe", "pipe", "pipe"],
@@ -889,7 +890,7 @@ async function handleAgentChattr(req, res) {
     return new Promise((resolve) => {
       function check() {
         try {
-          execSync(`lsof -ti TCP:${port} -sTCP:LISTEN`, {
+          execFileSync("lsof", ["-ti", `TCP:${port}`, "-sTCP:LISTEN"], {
             encoding: "utf-8",
             timeout: 2000,
             stdio: ["pipe", "pipe", "pipe"],
@@ -1045,8 +1046,6 @@ async function handleAgentChattr(req, res) {
       return res.status(400).json({ ok: false, error: "AgentChattr not installed at " + (acDir || "unknown") });
     }
     try {
-      const { execSync } = require("child_process");
-
       // Stop running process before pulling. Snapshot first so a
       // botched git pull can still be rolled back from disk.
       // #424 / quadwork#304: best-effort.
@@ -1070,14 +1069,14 @@ async function handleAgentChattr(req, res) {
         await waitForPortFree(chattrPort, 3000);
       }
 
-      const pullResult = execSync("git pull 2>&1", { cwd: acDir, encoding: "utf-8", timeout: 30000 }).trim();
+      const pullResult = execFileSync("git", ["pull"], { cwd: acDir, encoding: "utf-8", timeout: 30000, stdio: "pipe" }).trim();
       // #388: re-apply sender-overflow CSS patch after git pull
       patchAgentchattrCss(acDir);
       const venvPython = path.join(acDir, ".venv", "bin", "python");
       let pipResult = "";
       const reqFile = path.join(acDir, "requirements.txt");
       if (fs.existsSync(venvPython) && fs.existsSync(reqFile)) {
-        pipResult = execSync(`"${venvPython}" -m pip install -r requirements.txt 2>&1`, { cwd: acDir, encoding: "utf-8", timeout: 120000 }).trim();
+        pipResult = execFileSync(venvPython, ["-m", "pip", "install", "-r", "requirements.txt"], { cwd: acDir, encoding: "utf-8", timeout: 120000, stdio: "pipe" }).trim();
       }
 
       // Restart if it was running before the update
@@ -1533,7 +1532,7 @@ app.post("/api/triggers/:project/start", (req, res) => {
       if (typeof message === "string" && message.length > 0) entry.trigger_message = message;
       if (Number.isFinite(interval) && interval > 0) entry.trigger_interval_min = interval;
       if (Number.isFinite(duration) && duration >= 0) entry.trigger_duration_min = duration;
-      fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2));
+      writeConfig(cfg);
     }
   } catch (e) { /* non-fatal — timer still runs with its in-memory values */ }
 
@@ -1624,7 +1623,7 @@ app.put("/api/queue", express.json({ limit: "512kb" }), (req, res) => {
   if (content === null) return res.status(400).json({ error: "Missing content" });
   const p = queuePathFor(projectId);
   try {
-    fs.mkdirSync(path.dirname(p), { recursive: true });
+    ensureSecureDir(path.dirname(p));
     fs.writeFileSync(p, content);
     return res.json({ ok: true });
   } catch (e) { return res.status(500).json({ error: e.message }); }
@@ -1642,7 +1641,7 @@ app.post("/api/queue", (req, res) => {
     let content = fs.readFileSync(tpl, "utf-8");
     content = content.replace(/\{\{project_name\}\}/g, project.name || projectId);
     content = content.replace(/\{\{repo\}\}/g, project.repo || "");
-    fs.mkdirSync(path.dirname(p), { recursive: true });
+    ensureSecureDir(path.dirname(p));
     fs.writeFileSync(p, content);
     return res.json({ ok: true, existed: false });
   } catch (e) { return res.status(500).json({ error: e.message }); }
@@ -1719,6 +1718,56 @@ app.use((req, res, next) => {
   }
 });
 
+// --- #538: PTY output secret scrubbing ---
+// Redact likely secrets from both live PTY streaming and scrollback
+// replay so echoed credentials are not exposed to dashboard clients.
+//
+// Threat model: QuadWork binds to 127.0.0.1 only. The scrub is
+// defense-in-depth — it reduces exposure if a secret is accidentally
+// echoed, but cannot catch every possible format. Operators who handle
+// highly sensitive credentials should avoid echoing them in agent
+// terminals.
+//
+// Live chunks from term.onData() are typically line-aligned (shell
+// flushes on newline), so per-chunk scrubbing catches the vast majority
+// of secrets. A secret split across two chunks is a theoretical edge
+// case that the scrollback scrub (which sees the full buffer) covers
+// on reconnect.
+
+// Patterns that indicate a line contains a secret value.
+const _SECRET_NAME_RE = /\b\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|PASSPHRASE|AUTH)\w*\s*[=:]/i;
+// Known API key prefixes (Anthropic, GitHub, OpenAI, etc.).
+const _API_KEY_PREFIX_RE = /\b(sk-ant-api\d{2}-[A-Za-z0-9_-]{20,}|ghp_[A-Za-z0-9]{36,}|ghu_[A-Za-z0-9]{36,}|ghs_[A-Za-z0-9]{36,}|sk-[A-Za-z0-9]{20,}|xoxb-[A-Za-z0-9-]{20,}|xoxp-[A-Za-z0-9-]{20,})\b/;
+// Bearer authorization headers.
+const _BEARER_RE = /\bBearer\s+[A-Za-z0-9_.+/=-]{20,}/i;
+const _REDACTED = "[REDACTED]";
+
+function scrubSecrets(text) {
+  if (!text) return text;
+  return text.split("\n").map((line) => {
+    // Strip ANSI escape codes for pattern matching, but redact the
+    // original line (preserves terminal formatting around non-secret
+    // lines while ensuring secrets inside styled output are caught).
+    const plain = line.replace(/\x1b\[[0-9;]*[A-Za-z]/g, "");
+    if (_SECRET_NAME_RE.test(plain)) {
+      // Redact the value portion after the = or : delimiter.
+      return line.replace(/([=:])\s*\S.*/, `$1 ${_REDACTED}`);
+    }
+    if (_API_KEY_PREFIX_RE.test(plain)) {
+      return line.replace(_API_KEY_PREFIX_RE, _REDACTED);
+    }
+    if (_BEARER_RE.test(plain)) {
+      return line.replace(/\bBearer\s+[A-Za-z0-9_.+/=-]{20,}/gi, `Bearer ${_REDACTED}`);
+    }
+    return line;
+  }).join("\n");
+}
+
+function scrubScrollback(buf) {
+  if (!buf || buf.length === 0) return buf;
+  return Buffer.from(scrubSecrets(buf.toString("utf-8")), "utf-8");
+}
+
 // --- WebSocket + PTY ---
 // WS connects to an existing PTY session (started via lifecycle API)
 // or spawns a new one if none exists.
@@ -1760,10 +1809,10 @@ wss.on("connection", async (ws, req) => {
   // {"type":"replay"} to avoid the timing race where eager replay
   // arrived before the client's onmessage handler was registered.
 
-  // PTY → client
+  // PTY → client (#538: scrub secrets from live output)
   const dataHandler = session.term.onData((data) => {
     if (ws.readyState === ws.OPEN) {
-      ws.send(data);
+      ws.send(scrubSecrets(data));
     }
   });
 
@@ -1773,8 +1822,17 @@ wss.on("connection", async (ws, req) => {
     const str = msg.toString();
     try {
       const parsed = JSON.parse(str);
-      if (parsed.type === "resize" && parsed.cols && parsed.rows) {
-        session.term.resize(parsed.cols, parsed.rows);
+      if (parsed.type === "resize") {
+        // #541: strict numeric type check and bounds validation before
+        // passing to PTY. The dashboard client (TerminalPanel.tsx) sends
+        // xterm.js cols/rows which are always numbers. Reject anything
+        // else at the boundary.
+        if (typeof parsed.cols === "number" && typeof parsed.rows === "number" &&
+            Number.isFinite(parsed.cols) && Number.isFinite(parsed.rows) &&
+            parsed.cols >= 1 && parsed.cols <= 500 &&
+            parsed.rows >= 1 && parsed.rows <= 500) {
+          session.term.resize(parsed.cols, parsed.rows);
+        }
         return;
       }
       // #461: client requests scrollback replay after xterm is fully
@@ -1784,7 +1842,8 @@ wss.on("connection", async (ws, req) => {
       // synthetic status line so the terminal isn't completely blank.
       if (parsed.type === "replay") {
         if (session.scrollback && session.scrollback.length > 0) {
-          ws.send(session.scrollback);
+          // #538: scrub likely secrets before replaying accumulated output.
+          ws.send(scrubScrollback(session.scrollback));
         } else {
           ws.send(`\x1b[2m[agent online — waiting for input]\x1b[0m\r\n`);
         }

package/server/install-agentchattr.js

@@ -14,7 +14,7 @@
 // Self-contained — depends only on Node built-ins so it's safe to require
 // from anywhere in the project (CLI bin, server routes, future tests).
 
-const { execSync } = require("child_process");
+const { execFileSync } = require("child_process");
 const fs = require("fs");
 const path = require("path");
 
@@ -28,8 +28,8 @@ const INSTALL_LOCK_STALE_MS = 10 * 60 * 1000; // 10 min
 const INSTALL_LOCK_WAIT_TOTAL_MS = 30 * 1000;  // wait up to 30s for a peer
 const INSTALL_LOCK_POLL_MS = 500;
 
-function _run(cmd, opts = {}) {
-  try { return execSync(cmd, { encoding: "utf-8", stdio: "pipe", ...opts }).trim(); }
+function _run(cmd, args = [], opts = {}) {
+  try { return execFileSync(cmd, args, { encoding: "utf-8", stdio: "pipe", ...opts }).trim(); }
   catch { return null; }
 }
 
@@ -102,14 +102,15 @@ function installAgentChattr(dir) {
 
   // --- Per-target lock ---
   const lockFile = `${dir}.install.lock`;
-  try { fs.mkdirSync(path.dirname(lockFile), { recursive: true }); }
+  try { fs.mkdirSync(path.dirname(lockFile), { recursive: true, mode: 0o700 }); }
   catch (e) { return setError(`Cannot create parent of ${dir}: ${e.message}`); }
 
   let acquired = false;
   const deadline = Date.now() + INSTALL_LOCK_WAIT_TOTAL_MS;
   while (!acquired) {
     try {
-      fs.writeFileSync(lockFile, `${process.pid}:${Date.now()}`, { flag: "wx" });
+      fs.writeFileSync(lockFile, `${process.pid}:${Date.now()}`, { mode: 0o600, flag: "wx" });
+      try { fs.chmodSync(lockFile, 0o600); } catch {}
       acquired = true;
     } catch (e) {
       if (e.code !== "EEXIST") return setError(`Cannot create install lock ${lockFile}: ${e.message}`);
@@ -129,7 +130,7 @@ function installAgentChattr(dir) {
         const info = _readLock(lockFile) || { pid: "?", ts: 0 };
         return setError(`Another install is in progress at ${dir} (pid ${info.pid}); timed out after ${INSTALL_LOCK_WAIT_TOTAL_MS}ms. Re-run after it finishes, or remove ${lockFile} if stale.`);
       }
-      try { execSync(`sleep ${INSTALL_LOCK_POLL_MS / 1000}`); }
+      try { execFileSync("sleep", [String(INSTALL_LOCK_POLL_MS / 1000)], { stdio: "pipe" }); }
       catch { /* sleep interrupted; loop will recheck */ }
     }
   }
@@ -158,7 +159,7 @@ function _installAgentChattrLocked(dir, setError) {
         try { fs.rmSync(dir, { recursive: true, force: true }); }
         catch (e) { return setError(`Cannot remove empty dir ${dir}: ${e.message}`); }
       } else if (fs.existsSync(path.join(dir, ".git"))) {
-        const remote = _run(`git -C "${dir}" remote get-url origin 2>/dev/null`);
+        const remote = _run("git", ["-C", dir, "remote", "get-url", "origin"]);
         if (remote && remote.includes("agentchattr")) {
           try { fs.rmSync(dir, { recursive: true, force: true }); }
           catch (e) { return setError(`Cannot remove failed clone at ${dir}: ${e.message}`); }
@@ -169,16 +170,16 @@ function _installAgentChattrLocked(dir, setError) {
         return setError(`Refusing to overwrite ${dir}: directory exists with unrelated content`);
       }
     }
-    try { fs.mkdirSync(path.dirname(dir), { recursive: true }); }
+    try { fs.mkdirSync(path.dirname(dir), { recursive: true, mode: 0o700 }); }
     catch (e) { return setError(`Cannot create parent of ${dir}: ${e.message}`); }
-    const cloneResult = _run(`git clone "${AGENTCHATTR_REPO}" "${dir}" 2>&1`, { timeout: 60000 });
+    const cloneResult = _run("git", ["clone", AGENTCHATTR_REPO, dir], { timeout: 60000 });
     if (cloneResult === null) return setError(`git clone of ${AGENTCHATTR_REPO} into ${dir} failed`);
     if (!fs.existsSync(runPy)) return setError(`Clone completed but run.py missing at ${dir}`);
   }
 
   // 2. Create venv if missing.
   if (!fs.existsSync(venvPython)) {
-    const venvResult = _run(`python3 -m venv "${path.join(dir, ".venv")}" 2>&1`, { timeout: 60000 });
+    const venvResult = _run("python3", ["-m", "venv", path.join(dir, ".venv")], { timeout: 60000 });
     if (venvResult === null) return setError(`python3 -m venv failed at ${dir}/.venv (is python3 installed?)`);
     if (!fs.existsSync(venvPython)) return setError(`venv created but ${venvPython} missing`);
     venvJustCreated = true;
@@ -188,7 +189,7 @@ function _installAgentChattrLocked(dir, setError) {
   if (venvJustCreated) {
     const reqFile = path.join(dir, "requirements.txt");
     if (fs.existsSync(reqFile)) {
-      const pipResult = _run(`"${venvPython}" -m pip install -r "${reqFile}" 2>&1`, { timeout: 120000 });
+      const pipResult = _run(venvPython, ["-m", "pip", "install", "-r", reqFile], { timeout: 120000 });
       if (pipResult === null) return setError(`pip install -r ${reqFile} failed`);
     }
   }

package/server/routes.js

@@ -36,8 +36,8 @@ function readConfigFile() {
 
 function writeConfigFile(cfg) {
   const dir = path.dirname(CONFIG_PATH);
-  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-  fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2));
+  ensureSecureDir(dir);
+  writeConfig(cfg);
 }
 
 // ─── Config ────────────────────────────────────────────────────────────────
@@ -66,8 +66,8 @@ router.put("/api/config", (req, res) => {
   try {
     const body = req.body;
     const dir = path.dirname(CONFIG_PATH);
-    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-    fs.writeFileSync(CONFIG_PATH, JSON.stringify(body, null, 2));
+    ensureSecureDir(dir);
+    writeConfig(body);
     // Trigger sync is handled internally since we're in the same process now
     if (typeof req.app.get("syncTriggers") === "function") {
       req.app.get("syncTriggers")();
@@ -80,7 +80,7 @@ router.put("/api/config", (req, res) => {
 
 // ─── Chat (AgentChattr proxy) ──────────────────────────────────────────────
 
-const { resolveProjectChattr, sanitizeOperatorName } = require("./config");
+const { resolveProjectChattr, sanitizeOperatorName, ensureSecureDir, writeSecureFile, writeConfig } = require("./config");
 const { installAgentChattr, findAgentChattr } = require("./install-agentchattr");
 
 /**
@@ -96,7 +96,7 @@ function writeOvernightQueueFileSafe(projectId, projectName, repo) {
     if (fs.existsSync(queuePath)) return;
     const tpl = path.join(TEMPLATES_DIR, "OVERNIGHT-QUEUE.md");
     if (!fs.existsSync(tpl)) return;
-    fs.mkdirSync(path.dirname(queuePath), { recursive: true });
+    ensureSecureDir(path.dirname(queuePath));
     let content = fs.readFileSync(tpl, "utf-8");
     content = content.replace(/\{\{project_name\}\}/g, projectName || projectId || "");
     content = content.replace(/\{\{repo\}\}/g, repo || "");
@@ -404,7 +404,7 @@ router.put("/api/loop-guard", async (req, res) => {
       const trailing = content.endsWith("\n") ? "" : "\n";
       content += `${trailing}\n[routing]\ndefault = "none"\nmax_agent_hops = ${value}\n`;
     }
-    fs.writeFileSync(tomlPath, content);
+    writeSecureFile(tomlPath, content);
   } catch (err) {
     return res.status(500).json({ error: "Failed to write config.toml", detail: err.message });
   }
@@ -838,7 +838,7 @@ router.post("/api/activity/log", (req, res) => {
   const row = { agent, start, end: ts, duration_ms: Math.max(0, ts - start) };
   try {
     const p = activityLogPath(project);
-    fs.mkdirSync(path.dirname(p), { recursive: true });
+    ensureSecureDir(path.dirname(p));
     fs.appendFileSync(p, JSON.stringify(row) + "\n");
     // Invalidate the stats cache so the next read sees the new row.
     _activityStatsCache.ts = 0;
@@ -1029,7 +1029,7 @@ const uploadStorage = multer.diskStorage({
     const projectId = req.query.project || "";
     if (!projectId || /[/\\]/.test(projectId)) return cb(new Error("Invalid project"));
     const dir = path.join(CONFIG_DIR, projectId, "uploads");
-    fs.mkdirSync(dir, { recursive: true });
+    ensureSecureDir(dir);
     cb(null, dir);
   },
   filename: (_req, file, cb) => {
@@ -1340,7 +1340,7 @@ function readBatchSnapshot(projectId) {
 function writeBatchSnapshot(projectId, snapshot) {
   try {
     const p = batchSnapshotPath(projectId);
-    fs.mkdirSync(path.dirname(p), { recursive: true });
+    ensureSecureDir(path.dirname(p));
     fs.writeFileSync(p, JSON.stringify(snapshot));
   } catch {
     // Non-fatal — panel still works from the live parse.
@@ -1850,8 +1850,8 @@ router.post("/api/setup/save-token", (req, res) => {
   if (!token) return res.status(400).json({ error: "Missing token" });
   const tokenPath = path.join(os.homedir(), ".quadwork", "reviewer-token");
   const dir = path.dirname(tokenPath);
-  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-  fs.writeFileSync(tokenPath, token.trim() + "\n", { mode: 0o600 });
+  ensureSecureDir(dir);
+  writeSecureFile(tokenPath, token.trim() + "\n");
   try { fs.chmodSync(tokenPath, 0o600); } catch {}
   res.json({ ok: true, path: tokenPath });
 });
@@ -1890,7 +1890,7 @@ router.post("/api/setup", (req, res) => {
       const workingDir = body.workingDir;
       if (!workingDir) return res.json({ ok: false, error: "Missing working directory" });
       if (!fs.existsSync(path.join(workingDir, ".git"))) {
-        if (!fs.existsSync(workingDir)) fs.mkdirSync(workingDir, { recursive: true });
+        if (!fs.existsSync(workingDir)) ensureSecureDir(workingDir);
         if (!REPO_RE.test(body.repo)) return res.json({ ok: false, error: "Invalid repo" });
         const clone = exec("gh", ["repo", "clone", body.repo, workingDir]);
         if (!clone.ok) return res.json({ ok: false, error: `Clone failed: ${clone.output}` });
@@ -2026,7 +2026,7 @@ router.post("/api/setup", (req, res) => {
         }
       }
       const dataDir = path.join(projectConfigDir, "data");
-      fs.mkdirSync(dataDir, { recursive: true });
+      ensureSecureDir(dataDir);
       const tomlPath = path.join(projectConfigDir, "config.toml");
 
       // Resolve per-project ports: prefer explicit body params (from setup wizard),
@@ -2067,7 +2067,7 @@ router.post("/api/setup", (req, res) => {
       // operator to type /continue. AC clamps to [1, 50] internally.
       content += `[routing]\ndefault = "none"\nmax_agent_hops = 30\n\n`;
       content += `[mcp]\nhttp_port = ${mcp_http}\nsse_port = ${mcp_sse}\n`;
-      fs.writeFileSync(tomlPath, content);
+      writeSecureFile(tomlPath, content);
 
       // Restart this project's AgentChattr instance (not global)
       try {
@@ -2158,8 +2158,8 @@ router.post("/api/setup", (req, res) => {
         agentchattr_dir: perProjectDir,
       });
       const dir = path.dirname(CONFIG_PATH);
-      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-      fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2));
+      ensureSecureDir(dir);
+      writeConfig(cfg);
 
       // Batch 25 / #204: seed the per-project OVERNIGHT-QUEUE.md at
       // ~/.quadwork/{id}/OVERNIGHT-QUEUE.md.
@@ -2495,8 +2495,7 @@ function writeEnvToken(key, value) {
   const line = `${key}=${value}`;
   if (regex.test(content)) content = content.replace(regex, line);
   else content = content.trimEnd() + (content ? "\n" : "") + line + "\n";
-  fs.writeFileSync(ENV_PATH, content, { mode: 0o600 });
-  fs.chmodSync(ENV_PATH, 0o600);
+  writeSecureFile(ENV_PATH, content);
 }
 
 function resolveToken(value) {
@@ -2558,7 +2557,7 @@ router.get("/api/telegram", async (req, res) => {
         if (data && data.ok && data.result && typeof data.result.username === "string") {
           botUsername = data.result.username;
           project.telegram.bot_username = botUsername;
-          try { fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2)); } catch {}
+          try { writeConfig(cfg); } catch {}
         }
       }
     } catch { /* non-fatal — widget will just show no username */ }
@@ -2718,8 +2717,7 @@ router.post("/api/telegram", async (req, res) => {
       // #383 Bug 2: write agentchattr_url inside [telegram]; the
       // bridge's load_config only reads from that section.
       const tomlContent = buildTelegramBridgeToml(tg, projectId);
-      fs.writeFileSync(tomlPath, tomlContent, { mode: 0o600 });
-      fs.chmodSync(tomlPath, 0o600);
+      writeSecureFile(tomlPath, tomlContent);
       // #353: pre-flight import check so a fresh install with no
       // `requests` module produces a readable error instead of the
       // Start → Running → Stopped flicker that the v1 code path
@@ -2852,7 +2850,7 @@ router.post("/api/telegram", async (req, res) => {
         const project = cfg.projects?.find((p) => p.id === projectId);
         if (project?.telegram) {
           project.telegram.bot_token = `env:${envKey}`;
-          fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2));
+          writeConfig(cfg);
         }
       } catch {}
       return res.json({ ok: true, env_key: envKey });
@@ -2885,7 +2883,7 @@ router.post("/api/telegram", async (req, res) => {
           // will re-fetch it from Telegram's getMe for the new token.
           bot_username: "",
         };
-        fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2));
+        writeConfig(cfg);
         return res.json({ ok: true, env_key: envKey });
       } catch (err) {
         return res.json({ ok: false, error: err.message || "Config write failed" });
@@ -3030,7 +3028,7 @@ router.get("/api/discord", async (req, res) => {
           if (r.ok && data.username) {
             botUsername = data.username;
             project.discord.bot_username = botUsername;
-            try { fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2)); } catch {}
+            try { writeConfig(cfg); } catch {}
           }
         }
       } catch { /* non-fatal — widget will just show no username */ }
@@ -3088,7 +3086,7 @@ router.post("/api/discord", async (req, res) => {
         // #506: always copy bundled bridge files (not just on first install)
         // so re-installing after a QuadWork upgrade refreshes the script.
         if (!fs.existsSync(DISCORD_BRIDGE_DIR)) {
-          fs.mkdirSync(DISCORD_BRIDGE_DIR, { recursive: true });
+          ensureSecureDir(DISCORD_BRIDGE_DIR);
         }
         fs.cpSync(
           path.join(DISCORD_BRIDGE_SRC, "discord_bridge.py"),
@@ -3165,8 +3163,7 @@ router.post("/api/discord", async (req, res) => {
       if (!dc || !dc.bot_token || !dc.channel_id) return res.json({ ok: false, error: "Save bot_token and channel_id in project settings first." });
       const tomlPath = discordConfigToml(projectId);
       const tomlContent = buildDiscordBridgeToml(dc, projectId);
-      fs.writeFileSync(tomlPath, tomlContent, { mode: 0o600 });
-      fs.chmodSync(tomlPath, 0o600);
+      writeSecureFile(tomlPath, tomlContent);
       const depCheck = checkDiscordBridgePythonDeps(venvPython);
       if (!depCheck.ok) {
         const msg =
@@ -3273,7 +3270,7 @@ router.post("/api/discord", async (req, res) => {
           channel_id,
           bot_username: "",
         };
-        fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2));
+        writeConfig(cfg);
         return res.json({ ok: true, env_key: envKey });
       } catch (err) {
         return res.json({ ok: false, error: err.message || "Config write failed" });
@@ -3345,7 +3342,7 @@ router.put("/api/project/:projectId/agent-models/:agentId", (req, res) => {
       else a.reasoning_effort = reasoning;
     }
     project.agents[agentId] = a;
-    fs.writeFileSync(CONFIG_PATH, JSON.stringify(cfg, null, 2));
+    writeConfig(cfg);
     return res.json({ ok: true, agent: { agent_id: agentId, model: a.model || "", reasoning_effort: a.reasoning_effort || "" } });
   } catch (err) {
     return res.json({ ok: false, error: err.message || "write failed" });

package/out/_next/static/chunks/turbopack-0lcwh84lrj9gi.js

@@ -1 +0,0 @@
-(globalThis.TURBOPACK||(globalThis.TURBOPACK=[])).push(["object"==typeof document?document.currentScript:void 0,{otherChunks:["static/chunks/0ze4gu236oq96.js","static/chunks/0.bbxho1vnxin.js","static/chunks/16g.ca89g7fib.js","static/chunks/0zfotsowwll1x.js","static/chunks/0pqt~8bl3ukh4.js"],runtimeModuleIds:[94553]}]),(()=>{let e;if(!Array.isArray(globalThis.TURBOPACK))return;let t="/_next/",r=(self.TURBOPACK_ASSET_SUFFIX??document?.currentScript?.getAttribute?.("src")?.replace(/^(.*(?=\?)|^.*$)/,""))||"",n=["NEXT_DEPLOYMENT_ID","NEXT_CLIENT_ASSET_SUFFIX"];var o,i=((o=i||{})[o.Runtime=0]="Runtime",o[o.Parent=1]="Parent",o[o.Update=2]="Update",o);let l=new WeakMap;function s(e,t){this.m=e,this.e=t}let u=s.prototype,a=Object.prototype.hasOwnProperty,c="u">typeof Symbol&&Symbol.toStringTag;function f(e,t,r){a.call(e,t)||Object.defineProperty(e,t,r)}function p(e,t){let r=e[t];return r||(r=h(t),e[t]=r),r}function h(e){return{exports:{},error:void 0,id:e,namespaceObject:void 0}}function d(e,t){f(e,"__esModule",{value:!0}),c&&f(e,c,{value:"Module"});let r=0;for(;r<t.length;){let n=t[r++],o=t[r++];if("number"==typeof o)if(0===o)f(e,n,{value:t[r++],enumerable:!0,writable:!1});else throw Error(`unexpected tag: ${o}`);else"function"==typeof t[r]?f(e,n,{get:o,set:t[r++],enumerable:!0}):f(e,n,{get:o,enumerable:!0})}Object.seal(e)}function m(e,t){(null!=t?p(this.c,t):this.m).exports=e}u.s=function(e,t){let r,n;null!=t?n=(r=p(this.c,t)).exports:(r=this.m,n=this.e),r.namespaceObject=n,d(n,e)},u.j=function(e,t){var r,n;let o,i,s;null!=t?i=(o=p(this.c,t)).exports:(o=this.m,i=this.e);let u=(r=o,n=i,(s=l.get(r))||(l.set(r,s=[]),r.exports=r.namespaceObject=new Proxy(n,{get(e,t){if(a.call(e,t)||"default"===t||"__esModule"===t)return Reflect.get(e,t);for(let e of s){let r=Reflect.get(e,t);if(void 0!==r)return r}},ownKeys(e){let t=Reflect.ownKeys(e);for(let e of s)for(let r of Reflect.ownKeys(e))"default"===r||t.includes(r)||t.push(r);return t}})),s);"object"==typeof e&&null!==e&&u.push(e)},u.v=m,u.n=function(e,t){let r;(r=null!=t?p(this.c,t):this.m).exports=r.namespaceObject=e};let b=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,y=[null,b({}),b([]),b(b)];function g(e,t,r){let n=[],o=-1;for(let t=e;("object"==typeof t||"function"==typeof t)&&!y.includes(t);t=b(t))for(let r of Object.getOwnPropertyNames(t))n.push(r,function(e,t){return()=>e[t]}(e,r)),-1===o&&"default"===r&&(o=n.length-1);return r&&o>=0||(o>=0?n.splice(o,1,0,e):n.push("default",0,e)),d(t,n),t}function w(e){let t=W(e,this.m);if(t.namespaceObject)return t.namespaceObject;let r=t.exports;return t.namespaceObject=g(r,"function"==typeof r?function(...e){return r.apply(this,e)}:Object.create(null),r&&r.__esModule)}function O(e){let t=e.indexOf("#");-1!==t&&(e=e.substring(0,t));let r=e.indexOf("?");return -1!==r&&(e=e.substring(0,r)),e}function k(){let e,t;return{promise:new Promise((r,n)=>{t=n,e=r}),resolve:e,reject:t}}u.i=w,u.A=function(e){return this.r(e)(w.bind(this))},u.t="function"==typeof require?require:function(){throw Error("Unexpected use of runtime require")},u.r=function(e){return W(e,this.m).exports},u.f=function(e){function t(t){if(t=O(t),a.call(e,t))return e[t].module();let r=Error(`Cannot find module '${t}'`);throw r.code="MODULE_NOT_FOUND",r}return t.keys=()=>Object.keys(e),t.resolve=t=>{if(t=O(t),a.call(e,t))return e[t].id();let r=Error(`Cannot find module '${t}'`);throw r.code="MODULE_NOT_FOUND",r},t.import=async e=>await t(e),t};let j=Symbol("turbopack queues"),v=Symbol("turbopack exports"),C=Symbol("turbopack error");function P(e){e&&1!==e.status&&(e.status=1,e.forEach(e=>e.queueCount--),e.forEach(e=>e.queueCount--?e.queueCount++:e()))}u.a=function(e,t){let r=this.m,n=t?Object.assign([],{status:-1}):void 0,o=new Set,{resolve:i,reject:l,promise:s}=k(),u=Object.assign(s,{[v]:r.exports,[j]:e=>{n&&e(n),o.forEach(e),u.catch(()=>{})}}),a={get:()=>u,set(e){e!==u&&(u[v]=e)}};Object.defineProperty(r,"exports",a),Object.defineProperty(r,"namespaceObject",a),e(function(e){let t=e.map(e=>{if(null!==e&&"object"==typeof e){if(j in e)return e;if(null!=e&&"object"==typeof e&&"then"in e&&"function"==typeof e.then){let t=Object.assign([],{status:0}),r={[v]:{},[j]:e=>e(t)};return e.then(e=>{r[v]=e,P(t)},e=>{r[C]=e,P(t)}),r}}return{[v]:e,[j]:()=>{}}}),r=()=>t.map(e=>{if(e[C])throw e[C];return e[v]}),{promise:i,resolve:l}=k(),s=Object.assign(()=>l(r),{queueCount:0});function u(e){e!==n&&!o.has(e)&&(o.add(e),e&&0===e.status&&(s.queueCount++,e.push(s)))}return t.map(e=>e[j](u)),s.queueCount?i:r()},function(e){e?l(u[C]=e):i(u[v]),P(n)}),n&&-1===n.status&&(n.status=0)};let U=function(e){let t=new URL(e,"x:/"),r={};for(let e in t)r[e]=t[e];for(let t in r.href=e,r.pathname=e.replace(/[?#].*/,""),r.origin=r.protocol="",r.toString=r.toJSON=(...t)=>e,r)Object.defineProperty(this,t,{enumerable:!0,configurable:!0,value:r[t]})};function $(e,t){throw Error(`Invariant: ${t(e)}`)}U.prototype=URL.prototype,u.U=U,u.z=function(e){throw Error("dynamic usage of require is not supported")},u.g=globalThis;let R=s.prototype,S=new Map;u.M=S;let E=new Map,_=new Map;async function T(e,t,r){let n;if("string"==typeof r)return M(e,t,q(r));let o=r.included||[],i=o.map(e=>!!S.has(e)||E.get(e));if(i.length>0&&i.every(e=>e))return void await Promise.all(i);let l=r.moduleChunks||[],s=l.map(e=>_.get(e)).filter(e=>e);if(s.length>0){if(s.length===l.length)return void await Promise.all(s);let r=new Set;for(let e of l)_.has(e)||r.add(e);for(let n of r){let r=M(e,t,q(n));_.set(n,r),s.push(r)}n=Promise.all(s)}else{for(let o of(n=M(e,t,q(r.path)),l))_.has(o)||_.set(o,n)}for(let e of o)E.has(e)||E.set(e,n);await n}R.l=function(e){return T(i.Parent,this.m.id,e)};let x=Promise.resolve(void 0),A=new WeakMap;function M(t,r,n){let o=e.loadChunkCached(t,n),l=A.get(o);if(void 0===l){let e=A.set.bind(A,o,x);l=o.then(e).catch(e=>{let o;switch(t){case i.Runtime:o=`as a runtime dependency of chunk ${r}`;break;case i.Parent:o=`from module ${r}`;break;case i.Update:o="from an HMR update";break;default:$(t,e=>`Unknown source type: ${e}`)}let l=Error(`Failed to load chunk ${n} ${o}${e?`: ${e}`:""}`,e?{cause:e}:void 0);throw l.name="ChunkLoadError",l}),A.set(o,l)}return l}function q(e){return`${t}${e.split("/").map(e=>encodeURIComponent(e)).join("/")}${r}`}R.L=function(e){return M(i.Parent,this.m.id,e)},R.R=function(e){let t=this.r(e);return t?.default??t},R.P=function(e){return`/ROOT/${e??""}`},R.q=function(e,t){m.call(this,`${e}${r}`,t)},R.b=function(e,t,o,i){let l="SharedWorker"===e.name,s=[o.map(e=>q(e)).reverse(),r];for(let e of n)s.push(globalThis[e]);let u=new URL(q(t),location.origin),a=JSON.stringify(s);return l?u.searchParams.set("params",a):u.hash="#params="+encodeURIComponent(a),new e(u,i?{...i,type:void 0}:void 0)};let N=/\.js(?:\?[^#]*)?(?:#.*)?$/,K=/\.css(?:\?[^#]*)?(?:#.*)?$/;function L(e){return K.test(e)}u.w=function(t,r,n){return e.loadWebAssembly(i.Parent,this.m.id,t,r,n)},u.u=function(t,r){return e.loadWebAssemblyModule(i.Parent,this.m.id,t,r)};let I={};u.c=I;let W=(e,t)=>{let r=I[e];if(r){if(r.error)throw r.error;return r}return B(e,i.Parent,t.id)};function B(e,t,r){let n=S.get(e);if("function"!=typeof n)throw Error(function(e,t,r){let n;switch(t){case 0:n=`as a runtime entry of chunk ${r}`;break;case 1:n=`because it was required from module ${r}`;break;case 2:n="because of an HMR update";break;default:$(t,e=>`Unknown source type: ${e}`)}return`Module ${e} was instantiated ${n}, but the module factory is not available.`}(e,t,r));let o=h(e),i=o.exports;I[e]=o;let l=new s(o,i);try{n(l,o,i)}catch(e){throw o.error=e,e}return o.namespaceObject&&o.exports!==o.namespaceObject&&g(o.exports,o.namespaceObject),o}function F(t){let r,n=function(e){if("string"==typeof e)return e;if(e)return{src:e.getAttribute("src")};if("u">typeof TURBOPACK_NEXT_CHUNK_URLS)return{src:TURBOPACK_NEXT_CHUNK_URLS.pop()};throw Error("chunk path empty but not in a worker")}(t[0]);return 2===t.length?r=t[1]:(r=void 0,!function(e,t){let r=1;for(;r<e.length;){let n,o=r+1;for(;o<e.length&&"function"!=typeof e[o];)o++;if(o===e.length)throw Error("malformed chunk format, expected a factory function");let i=e[o];for(let i=r;i<o;i++){let r=e[i],o=t.get(r);if(o){n=o;break}}let l=n??i,s=!1;for(let n=r;n<o;n++){let r=e[n];t.has(r)||(s||(l===i&&Object.defineProperty(i,"name",{value:"module evaluation"}),s=!0),t.set(r,l))}r=o+1}}(t,S)),e.registerChunk(n,r)}let X=new Map;function D(e){let t=X.get(e);if(!t){let r,n;t={resolved:!1,loadingStarted:!1,promise:new Promise((e,t)=>{r=e,n=t}),resolve:()=>{t.resolved=!0,r()},reject:n},X.set(e,t)}return t}e={async registerChunk(e,r){let n=function(e){if("string"==typeof e)return e;let r=decodeURIComponent(e.src.replace(/[?#].*$/,""));return r.startsWith(t)?r.slice(t.length):r}(e);if(D("string"==typeof e?q(e):e.src).resolve(),null!=r){for(let e of r.otherChunks)D(q("string"==typeof e?e:e.path));if(await Promise.all(r.otherChunks.map(e=>T(i.Runtime,n,e))),r.runtimeModuleIds.length>0)for(let e of r.runtimeModuleIds)!function(e,t){let r=I[t];if(r){if(r.error)throw r.error;return}B(t,i.Runtime,e)}(n,e)}},loadChunkCached:(e,t)=>(function(e,t){let r=D(t);if(r.loadingStarted)return r.promise;if(e===i.Runtime)return r.loadingStarted=!0,L(t)&&r.resolve(),r.promise;if("function"==typeof importScripts)if(L(t));else if(N.test(t))self.TURBOPACK_NEXT_CHUNK_URLS.push(t),importScripts(t);else throw Error(`can't infer type of chunk from URL ${t} in worker`);else{let e=decodeURI(t);if(L(t))if(document.querySelectorAll(`link[rel=stylesheet][href="${t}"],link[rel=stylesheet][href^="${t}?"],link[rel=stylesheet][href="${e}"],link[rel=stylesheet][href^="${e}?"]`).length>0)r.resolve();else{let e=document.createElement("link");e.rel="stylesheet",e.href=t,e.onerror=()=>{r.reject()},e.onload=()=>{r.resolve()},document.head.appendChild(e)}else if(N.test(t)){let n=document.querySelectorAll(`script[src="${t}"],script[src^="${t}?"],script[src="${e}"],script[src^="${e}?"]`);if(n.length>0)for(let e of Array.from(n))e.addEventListener("error",()=>{r.reject()});else{let e=document.createElement("script");e.src=t,e.onerror=()=>{r.reject()},document.head.appendChild(e)}}else throw Error(`can't infer type of chunk from URL ${t}`)}return r.loadingStarted=!0,r.promise})(e,t),async loadWebAssembly(e,t,r,n,o){let i=fetch(q(r)),{instance:l}=await WebAssembly.instantiateStreaming(i,o);return l.exports},async loadWebAssemblyModule(e,t,r,n){let o=fetch(q(r));return await WebAssembly.compileStreaming(o)}};let H=globalThis.TURBOPACK;globalThis.TURBOPACK={push:F},H.forEach(F)})();