chore: sync core lib and CLAUDE.md from agent-core

[avifenesh]

Automated sync of lib/ and CLAUDE.md from agent-core.

---

Note

Medium Risk
Adds symlink checks around file read/write/backup/restore paths, which changes fixer behavior and may cause previously-fixable repos using symlinks to error out, but reduces risk of unintended writes to sensitive targets.

Overview
Hardens lib/enhance/fixer.js against symlink attacks by adding assertNotSymlink() and invoking it before reading, before writing, and when creating/restoring .backup files.

Auto-fix and restoreFromBackup now refuse to operate on symlinked targets (or pre-existing symlinked backup paths) and surface a specific error instead of following the link.

^{Reviewed by Cursor Bugbot for commit f233790. Configure here.}

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit f233790. Configure here.}

[cursor]

Backup symlink error misattributed to main file path

Low Severity

When assertNotSymlink(backupPath) throws ESYMLINK_REFUSED, it falls through to the outer catch which records the error against filePath — not the actual backupPath that has the symlink. This misattributes the problem, making it hard for users to diagnose. Additionally, unlike the filePath symlink check (which has its own try/catch, continue, and structured error with success/reason fields), this path silently prevents the fix from being written to the perfectly valid filePath and loses the computed appliedToFile entries (they appear in neither results.applied nor results.skipped).

Additional Locations (1)

• lib/enhance/fixer.js#L207-L213

 

^{Reviewed by Cursor Bugbot for commit f233790. Configure here.}