textus 0.20.0 → 0.22.0

data/lib/textus/manifest/resolver.rb

@@ -1,6 +1,8 @@
 module Textus
   class Manifest
     class Resolver
+      Resolution = Data.define(:entry, :path, :remaining)
+
       def initialize(manifest)
         @manifest = manifest
       end
@@ -40,7 +42,7 @@ module Textus
       # entry with nested: true in the raw YAML — e.g. Intake entries covering
       # a directory of leaf files).
       def nested_entry?(entry)
-        entry.is_a?(Textus::Manifest::Entry::Nested) || entry.raw["nested"] == true
+        entry.nested?
       end
 
       def build_resolution(entry, remaining, key)
@@ -49,7 +51,7 @@ module Textus
         else
           raise UnknownKey.new(key, suggestions: suggestions_for(key)) unless nested_entry?(entry)
 
-          index_fn = entry.respond_to?(:index_filename) ? entry.index_filename : nil
+          index_fn = entry.index_filename
           path = if index_fn
                    File.join(@manifest.root, "zones", entry.path, *remaining, index_fn)
                  else
@@ -69,21 +71,22 @@ module Textus
         base = File.join(@manifest.root, "zones", entry.path)
         return [] unless File.directory?(base)
 
-        entry_index_filename = entry.respond_to?(:index_filename) ? entry.index_filename : nil
+        entry_index_filename = entry.index_filename
         glob_pattern = entry_index_filename ? "**/#{entry_index_filename}" : nested_glob(entry.format)
         Dir.glob(File.join(base, glob_pattern)).filter_map { |path| nested_row_for(entry, base, path) }
       end
 
       def nested_row_for(entry, base, path)
         rel = path.sub(%r{\A#{Regexp.escape(base)}/?}, "")
-        entry_if = entry.respond_to?(:index_filename) ? entry.index_filename : nil
+        entry_if = entry.index_filename
         stripped = entry_if ? File.dirname(rel) : rel.sub(/#{Regexp.escape(File.extname(rel))}\z/, "")
         segs = stripped.split("/").reject { |s| s.empty? || s == "." }
         return nil if segs.empty?
 
         illegal = segs.find { |s| !valid_segment?(s) }
         if illegal
-          warn("textus: skipping illegal key segment '#{illegal}' at #{path} — run 'textus key normalize --dry-run'")
+          warn("textus: skipping illegal key segment '#{illegal}' at #{path} — " \
+               "rename to match [a-z0-9][a-z0-9-]* (run 'textus doctor' for the full list)")
           return nil
         end
 

data/lib/textus/manifest/role_kinds.rb

@@ -0,0 +1,21 @@
+module Textus
+  class Manifest
+    module RoleKinds
+      DEFAULT_MAPPING = {
+        "human" => :accept_authority,
+        "agent" => :proposer,
+        "builder" => :generator,
+        "runner" => :runner,
+      }.freeze
+
+      # Returns { role_name => kind_symbol }. When `roles:` is declared we use
+      # exactly that; defaults are *not* layered in (declaring roles is an opt-in
+      # to a fully user-defined vocabulary).
+      def self.resolve(raw_roles)
+        return DEFAULT_MAPPING if raw_roles.nil?
+
+        raw_roles.to_h { |r| [r["name"], r["kind"].to_sym] }.freeze
+      end
+    end
+  end
+end

data/lib/textus/manifest/schema.rb

@@ -1,12 +1,14 @@
 module Textus
   class Manifest
     module Schema
-      ROOT_KEYS    = %w[version zones entries rules].freeze
+      ROOT_KEYS    = %w[version roles zones entries rules audit].freeze
+      ROLE_KEYS    = %w[name kind].freeze
+      ROLE_KINDS   = %w[accept_authority generator proposer runner].freeze
       ZONE_KEYS    = %w[name write_policy read_policy].freeze
       ENTRY_KEYS   = %w[
         key path zone kind schema owner nested format
         compute template publish_to publish_each
-        intake events inject_intro index_filename
+        intake events inject_boot index_filename
       ].freeze
       COMPUTE_KEYS = %w[kind select pluck sort_by limit transform command sources].freeze
       INTAKE_KEYS  = %w[handler config].freeze
@@ -14,21 +16,37 @@ module Textus
       REFRESH_KEYS = %w[ttl on_stale sync_budget_ms fetch_timeout_seconds].freeze
       FETCH_TIMEOUT_SECONDS_CEILING = 3600
       PROMOTION_KEYS = %w[requires].freeze
+      AUDIT_KEYS     = %w[max_size keep].freeze
 
       def self.validate!(raw)
         raise BadManifest.new("manifest must be a hash") unless raw.is_a?(Hash)
 
         walk(raw, ROOT_KEYS, "$")
-        Array(raw["zones"]).each_with_index do |z, i|
+        validate_roles!(raw["roles"])
+        validate_zones!(raw["zones"])
+        validate_entries!(raw["entries"])
+        validate_rules!(raw["rules"])
+        walk(raw["audit"], AUDIT_KEYS, "$.audit") if raw["audit"].is_a?(Hash)
+        validate_zone_writers_declared!(raw)
+      end
+
+      def self.validate_zones!(zones)
+        Array(zones).each_with_index do |z, i|
           walk(z, ZONE_KEYS, "$.zones[#{i}]")
         end
-        Array(raw["entries"]).each_with_index do |e, i|
+      end
+
+      def self.validate_entries!(entries)
+        Array(entries).each_with_index do |e, i|
           path = "$.entries[#{i}]"
           walk(e, ENTRY_KEYS, path)
           walk(e["compute"], COMPUTE_KEYS, "#{path}.compute") if e["compute"].is_a?(Hash)
           walk(e["intake"], INTAKE_KEYS, "#{path}.intake") if e["intake"].is_a?(Hash)
         end
-        Array(raw["rules"]).each_with_index do |r, i|
+      end
+
+      def self.validate_rules!(rules)
+        Array(rules).each_with_index do |r, i|
           path = "$.rules[#{i}]"
           walk(r, RULE_KEYS, path)
           if r["refresh"].is_a?(Hash)
@@ -39,6 +57,46 @@ module Textus
         end
       end
 
+      def self.validate_zone_writers_declared!(raw)
+        return if raw["roles"].nil? # default mapping is permissive
+
+        declared = Array(raw["roles"]).map { |r| r["name"] }.compact.to_set
+        Array(raw["zones"]).each do |z|
+          Array(z["write_policy"]).each_with_index do |w, j|
+            next if declared.include?(w)
+
+            raise BadManifest.new(
+              "zone '#{z["name"]}' write_policy[#{j}] references undeclared role '#{w}' " \
+              "(declared roles: #{declared.to_a.join(", ")})",
+            )
+          end
+        end
+      end
+
+      def self.validate_roles!(roles)
+        return if roles.nil?
+        raise BadManifest.new("roles: must be a list") unless roles.is_a?(Array)
+
+        accept_authority_count = 0
+        roles.each_with_index do |r, i|
+          path = "$.roles[#{i}]"
+          walk(r, ROLE_KEYS, path)
+          name = r["name"] or raise BadManifest.new("role at '#{path}' missing name")
+          kind = r["kind"] or raise BadManifest.new("role '#{name}' at '#{path}' missing kind")
+          unless ROLE_KINDS.include?(kind)
+            raise BadManifest.new("unknown role kind '#{kind}' at '#{path}' (known: #{ROLE_KINDS.join(", ")})")
+          end
+
+          accept_authority_count += 1 if kind == "accept_authority"
+        end
+        return unless accept_authority_count > 1
+
+        raise BadManifest.new(
+          "manifest declares #{accept_authority_count} accept_authority roles; " \
+          "at most one accept_authority role is allowed",
+        )
+      end
+
       def self.validate_fetch_timeout!(value, path)
         return if value.nil?
         return if value.is_a?(Integer) && value.positive? && value <= FETCH_TIMEOUT_SECONDS_CEILING

data/lib/textus/manifest.rb

@@ -1,7 +1,7 @@
 require "yaml"
 require_relative "manifest/schema"
-require_relative "manifest/resolution"
 require_relative "manifest/resolver"
+require_relative "manifest/role_kinds"
 
 module Textus
   class Manifest
@@ -30,6 +30,36 @@ module Textus
       )
     end
 
+    AUDIT_DEFAULTS = { max_size: 10_485_760, keep: 5 }.freeze
+
+    def audit_config
+      raw = @raw["audit"] || {}
+      {
+        max_size: raw["max_size"] || AUDIT_DEFAULTS[:max_size],
+        keep: raw["keep"] || AUDIT_DEFAULTS[:keep],
+      }
+    end
+
+    def role_mapping
+      @role_mapping ||= RoleKinds.resolve(@raw["roles"])
+    end
+
+    def role_kind(name)
+      role_mapping[name]
+    end
+
+    def roles_with_kind(kind)
+      role_mapping.each_with_object([]) { |(name, k), acc| acc << name if k == kind }
+    end
+
+    def zone_kinds(zone_name)
+      @zone_kinds_cache ||= {}
+      @zone_kinds_cache[zone_name] ||= zone_writers(zone_name).each_with_object(Set.new) do |w, acc|
+        k = role_kind(w)
+        acc << k if k
+      end.freeze
+    end
+
     def self.parse(yaml_text, root: ".")
       raw = YAML.safe_load(yaml_text, aliases: false)
       check_version!(raw, "<string>")

data/lib/textus/operations.rb

@@ -115,11 +115,18 @@ module Textus
     def rdeps(...)           = Application::Reads::Rdeps.new(manifest: @manifest).call(...)
     def published(...)       = Application::Reads::Published.new(manifest: @manifest).call(...)
     def stale(...)           = Application::Reads::Stale.new(manifest: @manifest).call(...)
-    def audit(...)           = Application::Reads::Audit.new(manifest: @manifest, root: @root).call(...)
+    def audit(...)           = Application::Reads::Audit.new(manifest: @manifest, root: @root, audit_log: @audit_log).call(...)
     def blame(...)           = Application::Reads::Blame.new(manifest: @manifest, root: @root).call(...)
     def policy_explain(...)  = Application::Reads::PolicyExplain.new(manifest: @manifest).call(...)
     def freshness(...)       = Application::Reads::Freshness.new(ctx: @ctx, manifest: @manifest, file_store: @file_store).call(...)
 
+    def pulse(...)
+      Application::Reads::Pulse.new(
+        ctx: @ctx, manifest: @manifest, file_store: @file_store,
+        audit_log: @audit_log, root: @root, store: @store
+      ).call(...)
+    end
+
     def validate_all(...)
       Application::Reads::ValidateAll.new(
         ctx: @ctx, manifest: @manifest, file_store: @file_store, schemas: @schemas, audit_log: @audit_log,

data/lib/textus/schema/tools.rb

@@ -49,7 +49,14 @@ module Textus
           end
         raise UsageError.new("schema migrate needs --rename=OLD:NEW or schema.evolution.migrate_from") if renames.empty?
 
-        ops = Textus::Operations.for(store, role: "human")
+        authority = store.manifest.roles_with_kind(:accept_authority).first
+        if authority.nil?
+          raise UsageError.new(
+            "schema migrate requires a role with kind :accept_authority in the manifest; " \
+            "none declared (add e.g. `- { name: owner, kind: accept_authority }` to roles:)",
+          )
+        end
+        ops = Textus::Operations.for(store, role: authority)
         touched = []
         store.manifest.resolver.enumerate.each do |row|
           env = ops.get(row[:key])

data/lib/textus/store.rb

@@ -33,7 +33,11 @@ module Textus
       @manifest   = Manifest.load(@root)
       @schemas    = Schemas.new(File.join(@root, "schemas"))
       @file_store = Infra::Storage::FileStore.new
-      @audit_log  = Infra::AuditLog.new(@root)
+      @audit_log  = Infra::AuditLog.new(
+        @root,
+        max_size: @manifest.audit_config[:max_size],
+        keep: @manifest.audit_config[:keep],
+      )
       @bus = Hooks::Bus.new
       Infra::AuditSubscriber.new(@audit_log).attach(@bus)
       Hooks::Builtin.register_all(@bus)

data/lib/textus/version.rb

@@ -1,4 +1,4 @@
 module Textus
-  VERSION = "0.20.0"
+  VERSION = "0.22.0"
   PROTOCOL = "textus/3"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: textus
 version: !ruby/object:Gem::Version
-  version: 0.20.0
+  version: 0.22.0
 platform: ruby
 authors:
 - Patrick
@@ -110,7 +110,7 @@ files:
 - exe/textus
 - lib/textus.rb
 - lib/textus/application/context.rb
-- lib/textus/application/policy/predicates/human_accept.rb
+- lib/textus/application/policy/predicates/accept_authority_signed.rb
 - lib/textus/application/policy/predicates/schema_valid.rb
 - lib/textus/application/policy/promotion.rb
 - lib/textus/application/projection.rb
@@ -123,6 +123,7 @@ files:
 - lib/textus/application/reads/list.rb
 - lib/textus/application/reads/policy_explain.rb
 - lib/textus/application/reads/published.rb
+- lib/textus/application/reads/pulse.rb
 - lib/textus/application/reads/rdeps.rb
 - lib/textus/application/reads/schema_envelope.rb
 - lib/textus/application/reads/stale.rb
@@ -133,9 +134,8 @@ files:
 - lib/textus/application/refresh/all.rb
 - lib/textus/application/refresh/orchestrator.rb
 - lib/textus/application/refresh/worker.rb
-- lib/textus/application/tools/migrate_keys.rb
-- lib/textus/application/tools/migrate_manifest_to_kinds.rb
 - lib/textus/application/writes/accept.rb
+- lib/textus/application/writes/authority_gate.rb
 - lib/textus/application/writes/delete.rb
 - lib/textus/application/writes/envelope_io.rb
 - lib/textus/application/writes/materializer.rb
@@ -143,6 +143,7 @@ files:
 - lib/textus/application/writes/publish.rb
 - lib/textus/application/writes/put.rb
 - lib/textus/application/writes/reject.rb
+- lib/textus/boot.rb
 - lib/textus/builder/pipeline.rb
 - lib/textus/builder/renderer.rb
 - lib/textus/builder/renderer/json.rb
@@ -160,6 +161,7 @@ files:
 - lib/textus/cli/verb/accept.rb
 - lib/textus/cli/verb/audit.rb
 - lib/textus/cli/verb/blame.rb
+- lib/textus/cli/verb/boot.rb
 - lib/textus/cli/verb/build.rb
 - lib/textus/cli/verb/delete.rb
 - lib/textus/cli/verb/deps.rb
@@ -169,11 +171,10 @@ files:
 - lib/textus/cli/verb/hook_run.rb
 - lib/textus/cli/verb/hooks.rb
 - lib/textus/cli/verb/init.rb
-- lib/textus/cli/verb/intro.rb
-- lib/textus/cli/verb/key_normalize.rb
 - lib/textus/cli/verb/list.rb
 - lib/textus/cli/verb/mv.rb
 - lib/textus/cli/verb/published.rb
+- lib/textus/cli/verb/pulse.rb
 - lib/textus/cli/verb/put.rb
 - lib/textus/cli/verb/rdeps.rb
 - lib/textus/cli/verb/refresh.rb
@@ -212,7 +213,6 @@ files:
 - lib/textus/domain/freshness/verdict.rb
 - lib/textus/domain/outcome.rb
 - lib/textus/domain/permission.rb
-- lib/textus/domain/policy.rb
 - lib/textus/domain/policy/handler_allowlist.rb
 - lib/textus/domain/policy/matcher.rb
 - lib/textus/domain/policy/promote.rb
@@ -245,7 +245,6 @@ files:
 - lib/textus/infra/refresh/lock.rb
 - lib/textus/infra/storage/file_store.rb
 - lib/textus/init.rb
-- lib/textus/intro.rb
 - lib/textus/key/distance.rb
 - lib/textus/key/grammar.rb
 - lib/textus/key/path.rb
@@ -261,10 +260,10 @@ files:
 - lib/textus/manifest/entry/validators/events.rb
 - lib/textus/manifest/entry/validators/format_matrix.rb
 - lib/textus/manifest/entry/validators/index_filename.rb
-- lib/textus/manifest/entry/validators/inject_intro.rb
+- lib/textus/manifest/entry/validators/inject_boot.rb
 - lib/textus/manifest/entry/validators/publish_each.rb
-- lib/textus/manifest/resolution.rb
 - lib/textus/manifest/resolver.rb
+- lib/textus/manifest/role_kinds.rb
 - lib/textus/manifest/rules.rb
 - lib/textus/manifest/schema.rb
 - lib/textus/mustache.rb

data/lib/textus/application/policy/predicates/human_accept.rb

@@ -1,30 +0,0 @@
-module Textus
-  module Application
-    module Policy
-      module Predicates
-        class HumanAccept
-          attr_reader :reason
-
-          def name
-            "human_accept"
-          end
-
-          # The role is passed explicitly. In practice, Accept already enforces
-          # role == "human" before reaching the promotion gate, so this predicate
-          # trivially passes. It documents intent and future-proofs multi-actor
-          # accept flows.
-          def call(role:, entry: nil) # rubocop:disable Lint/UnusedMethodArgument
-            role_str = role&.to_s
-            # If we cannot determine the role, trust that Accept has already
-            # checked — allow through.
-            return true if role_str.nil? || role_str.empty?
-
-            ok = (role_str == "human")
-            @reason = "current role is '#{role_str}', expected 'human'" unless ok
-            ok
-          end
-        end
-      end
-    end
-  end
-end

data/lib/textus/application/tools/migrate_keys.rb

@@ -1,191 +0,0 @@
-module Textus
-  module Application
-    module Tools
-      # Run-once helper that renames files/directories whose basenames don't
-      # conform to the strict key grammar (§3 of plan-1.2). Only walks
-      # nested: true manifest entries — leaf entries with illegal declared
-      # keys are caught by Manifest load and must be fixed by hand.
-      module MigrateKeys
-        SEGMENT = /\A[a-z0-9][a-z0-9-]*\z/
-
-        module_function
-
-        # Returns the envelope hash described in plan-1.2 §3.
-        def run(store, write: false)
-          plan = build_plan(store)
-          collisions = plan[:collisions]
-          renames = plan[:renames]
-
-          ok = collisions.empty?
-          apply!(store, renames) if write && ok
-
-          {
-            "protocol" => Textus::PROTOCOL,
-            "mode" => write ? "write" : "dry-run",
-            "renames" => renames.map { |r| envelope_rename(r) },
-            "collisions" => collisions.map { |c| envelope_collision(c) },
-            "ok" => ok,
-          }
-        end
-
-        # ------------------------------------------------------------------
-        # Plan construction
-        # ------------------------------------------------------------------
-
-        # Returns { renames: [...], collisions: [...] }
-        # Each rename: { from:, to:, old_key:, new_key:, kind: :file|:dir }
-        # Each collision: { target:, sources: [...] }
-        def build_plan(store) # rubocop:disable Metrics/AbcSize
-          renames = []
-          target_buckets = Hash.new { |h, k| h[k] = [] } # target_path => [source_path, ...]
-
-          store.manifest.entries.each do |entry|
-            next unless entry.nested?
-
-            base = File.join(store.root, "zones", entry.path)
-            next unless File.directory?(base)
-
-            # Walk depth-first. Order matters when computing the "new key"
-            # for files inside a renamed directory: we record renames bottom-up,
-            # so children are renamed before their parents on apply.
-            walk(base) do |abs_path, is_dir|
-              next if abs_path == base
-
-              basename = File.basename(abs_path)
-              stem = is_dir ? basename : basename.sub(/#{Regexp.escape(File.extname(basename))}\z/, "")
-              next if stem.match?(SEGMENT)
-
-              new_stem = normalize(stem)
-              # Skip if normalization yields the same stem (e.g. already-legal
-              # under a different lens). In practice match?(SEGMENT) catches that
-              # above; this is a safety net.
-              next if new_stem == stem
-
-              new_basename = is_dir ? new_stem : new_stem + File.extname(basename)
-              target = File.join(File.dirname(abs_path), new_basename)
-              target_buckets[target] << abs_path
-
-              renames << {
-                from: abs_path,
-                to: target,
-                kind: is_dir ? :dir : :file,
-                entry: entry,
-                base: base,
-              }
-            end
-          end
-
-          collisions = target_buckets.select { |_, srcs| srcs.length > 1 }
-                                     .map { |t, srcs| { target: t, sources: srcs.sort } }
-
-          # Drop colliding entries from renames (we won't apply any of them)
-          colliding_targets = collisions.to_set { |c| c[:target] }
-          renames.reject! { |r| colliding_targets.include?(r[:to]) }
-
-          # Sort renames bottom-up (deepest path first) so children move before parents.
-          renames.sort_by! { |r| -r[:from].count("/") }
-
-          { renames: renames, collisions: collisions }
-        end
-
-        # Yields [absolute_path, is_dir] for every entry under root. Depth-first.
-        def walk(root, &block)
-          Dir.each_child(root) do |name|
-            abs = File.join(root, name)
-            if File.directory?(abs)
-              walk(abs, &block)
-              yield abs, true
-            else
-              yield abs, false
-            end
-          end
-        end
-
-        # Deterministic transform per plan §3.
-        def normalize(s)
-          s = s.downcase
-          s = s.gsub(/[^a-z0-9-]/, "-") # ., _, and anything else become -
-          s = s.gsub(/-+/, "-")
-          s.sub(/\A-+/, "").sub(/-+\z/, "")
-        end
-
-        # ------------------------------------------------------------------
-        # Apply
-        # ------------------------------------------------------------------
-
-        def apply!(store, renames)
-          audit = Textus::Infra::AuditLog.new(store.root)
-          renames.each do |r|
-            # Bottom-up order means a child's ancestors haven't moved yet, so
-            # `from`/`to` are valid as-recorded. The audit `key` reflects the
-            # eventual full key once every rename in this batch has applied.
-            from = r[:from]
-            to = r[:to]
-            File.rename(from, to)
-            new_key = compute_new_key(r, renames)
-            audit.append(
-              role: "runner",
-              verb: "migrate-keys",
-              key: new_key,
-              etag_before: nil,
-              etag_after: nil,
-              extras: { "from" => from, "to" => to },
-            )
-          end
-        end
-
-        # If an ancestor of `path` was renamed earlier in this batch, rewrite the path.
-        def resolve_current_path(path, renames)
-          out = path
-          renames.each do |r|
-            prefix = r[:from] + "/"
-            out = r[:to] + out[r[:from].length..] if out.start_with?(prefix)
-          end
-          out
-        end
-
-        # New full key after applying all renames up through this one.
-        def compute_new_key(rename, renames)
-          base = rename[:base]
-          entry = rename[:entry]
-          new_to = resolve_current_path(rename[:to], renames)
-
-          rel = new_to.sub(%r{\A#{Regexp.escape(base)}/?}, "")
-          stripped = rel.sub(/#{Regexp.escape(File.extname(rel))}\z/, "") unless rename[:kind] == :dir
-          stripped ||= rel
-          segs = stripped.split("/").reject(&:empty?)
-          (entry.key.split(".") + segs).join(".")
-        end
-
-        # ------------------------------------------------------------------
-        # Envelope helpers
-        # ------------------------------------------------------------------
-
-        def envelope_rename(r)
-          {
-            "from" => r[:from],
-            "to" => r[:to],
-            "old_key" => path_to_key(r[:from], r[:base], r[:entry], r[:kind]),
-            "new_key" => path_to_key(r[:to], r[:base], r[:entry], r[:kind]),
-          }
-        end
-
-        def envelope_collision(col)
-          { "target" => col[:target], "sources" => col[:sources] }
-        end
-
-        def path_to_key(path, base, entry, kind)
-          rel = path.sub(%r{\A#{Regexp.escape(base)}/?}, "")
-          stripped =
-            if kind == :dir
-              rel
-            else
-              rel.sub(/#{Regexp.escape(File.extname(rel))}\z/, "")
-            end
-          segs = stripped.split("/").reject(&:empty?)
-          (entry.key.split(".") + segs).join(".")
-        end
-      end
-    end
-  end
-end

data/lib/textus/application/tools/migrate_manifest_to_kinds.rb

@@ -1,31 +0,0 @@
-require "yaml"
-
-module Textus
-  module Application
-    module Tools
-      module MigrateManifestToKinds
-        module_function
-
-        def upgrade_yaml(yaml_text)
-          raw = YAML.safe_load(yaml_text, aliases: false)
-          raw["entries"] = Array(raw["entries"]).map { |row| upgrade_row(row) }
-          YAML.dump(raw)
-        end
-
-        def upgrade_row(row)
-          return row if row["kind"]
-
-          row.merge("kind" => infer_kind(row))
-        end
-
-        def infer_kind(row)
-          return "intake"  if row["intake"].is_a?(Hash) || row["intake_handler"]
-          return "derived" if row["template"] || row["compute"] || row["generator"] || row["projection"]
-          return "nested"  if row["nested"] == true
-
-          "leaf"
-        end
-      end
-    end
-  end
-end

data/lib/textus/cli/verb/key_normalize.rb

@@ -1,48 +0,0 @@
-module Textus
-  class CLI
-    class Verb
-      class KeyNormalize < Verb
-        command_name "normalize"
-        parent_group Group::Key
-
-        option :write, "--write"
-        option :dry_run, "--dry-run"
-        option :upgrade_manifest, "--upgrade-manifest"
-
-        def call(store)
-          if upgrade_manifest
-            run_upgrade_manifest(store)
-          else
-            effective_write = write && !dry_run
-            res = Textus::Application::Tools::MigrateKeys.run(store, write: effective_write || false)
-            emit(res, exit_code: res["ok"] ? 0 : 1)
-          end
-        end
-
-        private
-
-        def run_upgrade_manifest(store)
-          manifest_path = File.join(store.root, "manifest.yaml")
-          orig = File.read(manifest_path)
-          new_yaml = Textus::Application::Tools::MigrateManifestToKinds.upgrade_yaml(orig)
-
-          if dry_run
-            diff_lines = unified_diff(orig, new_yaml, manifest_path)
-            emit({ "protocol" => PROTOCOL, "dry_run" => true, "diff" => diff_lines, "ok" => true }, exit_code: 0)
-          else
-            File.write(manifest_path, new_yaml)
-            puts "upgraded manifest at #{manifest_path}"
-            emit({ "protocol" => PROTOCOL, "upgraded" => manifest_path, "ok" => true }, exit_code: 0)
-          end
-        end
-
-        def unified_diff(before, after, _path)
-          before.lines.zip(after.lines).each_with_object([]) do |(a, b), acc|
-            acc << "- #{a.chomp}" if a && a != b
-            acc << "+ #{b.chomp}" if b && a != b
-          end
-        end
-      end
-    end
-  end
-end