npm - 0nmcp - Versions diffs - 2.0.0 → 2.2.0 - Mend

0nmcp 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/cli.js CHANGED Viewed

@@ -271,6 +271,13 @@ ${c.bright}Links:${c.reset}
     return;
   }
+  // Business Deed
+  if (command === 'deed') {
+    console.log(BANNER);
+    await handleDeed(args.slice(1));
+    return;
+  }
   // Engine
   if (command === 'engine') {
     console.log(BANNER);
@@ -763,6 +770,273 @@ ${c.bright}7 Semantic Layers:${c.reset}
   console.log(`Run ${c.cyan}0nmcp vault help${c.reset} for usage.`);
 }
+async function handleDeed(args) {
+  const sub = args[0];
+  if (!sub || sub === 'help') {
+    console.log(`
+${c.bright}Business Deed — Digital Asset Transfer System${c.reset} ${c.yellow}(Patent Pending #63/990,046)${c.reset}
+  ${c.cyan}deed create${c.reset}                 Create a Business Deed (.0nv)
+    --name <name>              Business name (required)
+    --from <file>              Import credentials from .env, .json, or .csv
+    --passphrase <pass>        Encryption passphrase
+    --output <file>            Output file path
+  ${c.cyan}deed open <file>${c.reset}            Open/decrypt a Business Deed
+    --passphrase <pass>        Decryption passphrase
+    --layer <name>             Only decrypt this layer
+  ${c.cyan}deed inspect <file>${c.reset}         Inspect deed metadata (no passphrase needed)
+  ${c.cyan}deed verify <file>${c.reset}          Verify Seal of Truth + Ed25519 signature
+  ${c.cyan}deed accept <file>${c.reset}          Accept a deed transfer (buyer)
+    --passphrase <pass>        Current deed passphrase
+    --buyer-name <name>        Buyer's name
+    --buyer-email <email>      Buyer's email
+    --new-passphrase <pass>    New passphrase for re-encrypted deed
+  ${c.cyan}deed import <file>${c.reset}          Import deed to live system config
+    --passphrase <pass>        Decryption passphrase
+    --target <dir>             Target directory (default: ~/.0n/)
+  ${c.cyan}deed export${c.reset}                 Collect + package in one step
+    --from <file>              Source file (.env, .json, .csv)
+    --name <name>              Business name
+    --passphrase <pass>        Encryption passphrase
+    --output <file>            Output file path
+${c.bright}Lifecycle:${c.reset} CREATE > PACKAGE > ESCROW > ACCEPT > IMPORT > FLIP
+`);
+    return;
+  }
+  if (sub === 'create') {
+    const { BusinessDeed } = await import('./vault/deed.js');
+    const deed = new BusinessDeed();
+    const name = getFlag(args, '--name') || await promptInput('Business name: ');
+    const passphrase = getFlag(args, '--passphrase') || await promptInput('Passphrase: ');
+    const output = getFlag(args, '--output');
+    const from = getFlag(args, '--from');
+    let createOpts = { name, passphrase, output };
+    if (from) {
+      // Collect from file
+      const { collectCredentials } = await import('./vault/deed-collector.js');
+      console.log(`\n${c.bright}Collecting credentials from ${from}...${c.reset}`);
+      const collected = await collectCredentials({ envFile: from, jsonFile: from, csvFile: from });
+      createOpts.credentials = collected.credentials;
+      createOpts.envVars = collected.envVars;
+      console.log(`  Found ${collected.credentialCount} credentials across ${collected.services.length} services`);
+      if (collected.services.length > 0) {
+        console.log(`  Services: ${collected.services.join(', ')}`);
+      }
+    }
+    console.log(`\n${c.bright}Creating Business Deed...${c.reset}`);
+    try {
+      const result = await deed.create(createOpts);
+      console.log(`\n${c.green}✓ Business Deed created${c.reset}`);
+      console.log(`  Business:      ${c.cyan}${name}${c.reset}`);
+      console.log(`  Transfer ID:   ${c.cyan}${result.transferId}${c.reset}`);
+      console.log(`  Seal of Truth: ${c.cyan}${result.sealHex}${c.reset}`);
+      console.log(`  Services:      ${result.services.join(', ') || 'none'}`);
+      console.log(`  Credentials:   ${result.credentialCount}`);
+      console.log(`  Layers:        ${result.layerCount}`);
+      console.log(`  Size:          ${result.containerSize} bytes`);
+      console.log(`  File:          ${c.yellow}${result.file}${c.reset}`);
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+  if (sub === 'open') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: deed open <file.0nv>${c.reset}`); process.exit(1); }
+    const { BusinessDeed } = await import('./vault/deed.js');
+    const deed = new BusinessDeed();
+    const passphrase = getFlag(args, '--passphrase') || await promptInput('Passphrase: ');
+    const layer = getFlag(args, '--layer');
+    try {
+      const result = await deed.open(file, passphrase, layer ? [layer] : null);
+      console.log(`\n${c.green}✓ Business Deed opened${c.reset}`);
+      console.log(`  Transfer ID: ${c.cyan}${result.metadata.transferId}${c.reset}`);
+      console.log(`  Seal valid:  ${result.seal.valid ? c.green + '✓' : c.red + '✗'}${c.reset}`);
+      console.log(`  Sig valid:   ${result.signature.valid ? c.green + '✓' : c.red + '✗'}${c.reset}`);
+      if (result.deed) {
+        console.log(`  Business:    ${c.cyan}${result.deed.business?.name || 'Unknown'}${c.reset}`);
+        console.log(`  Services:    ${(result.deed.services || []).join(', ')}`);
+        console.log(`  Transfers:   ${(result.deed.transfer_history || []).length}`);
+      }
+      console.log(`\n${c.bright}Layers:${c.reset}`);
+      for (const [name, data] of Object.entries(result.layers)) {
+        if (name === 'audit_trail') continue;
+        const preview = JSON.stringify(data).substring(0, 100);
+        console.log(`  ${c.cyan}${name}${c.reset}: ${preview}${preview.length >= 100 ? '...' : ''}`);
+      }
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+  if (sub === 'inspect') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: deed inspect <file.0nv>${c.reset}`); process.exit(1); }
+    const { BusinessDeed } = await import('./vault/deed.js');
+    const deed = new BusinessDeed();
+    try {
+      const info = deed.inspect(file);
+      console.log(`\n${c.bright}Business Deed Inspection${c.reset}`);
+      console.log(JSON.stringify(info, null, 2));
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+  if (sub === 'verify') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: deed verify <file.0nv>${c.reset}`); process.exit(1); }
+    const { BusinessDeed } = await import('./vault/deed.js');
+    const deed = new BusinessDeed();
+    try {
+      const v = deed.verify(file);
+      console.log(`\n${v.verified ? c.green + '✓ VERIFIED' : c.red + '✗ FAILED'}${c.reset}`);
+      console.log(`  Seal of Truth: ${v.seal.valid ? c.green + 'Valid' : c.red + 'Invalid'}${c.reset} (${v.seal.algorithm})`);
+      console.log(`  Signature:     ${v.signature.valid ? c.green + 'Valid' : c.red + 'Invalid'}${c.reset} (${v.signature.algorithm})`);
+      console.log(`  Transfer ID:   ${v.transferId}`);
+      console.log(`  Created:       ${v.created}`);
+      console.log(`  Patent:        ${v.patent}`);
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+  if (sub === 'accept') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: deed accept <file.0nv>${c.reset}`); process.exit(1); }
+    const { BusinessDeed } = await import('./vault/deed.js');
+    const deed = new BusinessDeed();
+    const passphrase = getFlag(args, '--passphrase') || await promptInput('Current passphrase: ');
+    const buyerName = getFlag(args, '--buyer-name') || await promptInput('Buyer name: ');
+    const buyerEmail = getFlag(args, '--buyer-email') || await promptInput('Buyer email: ');
+    const newPassphrase = getFlag(args, '--new-passphrase');
+    try {
+      const result = await deed.accept(
+        file, passphrase,
+        { name: buyerName, email: buyerEmail },
+        newPassphrase,
+      );
+      console.log(`\n${c.green}✓ Business Deed accepted${c.reset}`);
+      console.log(`  New Transfer ID: ${c.cyan}${result.transferId}${c.reset}`);
+      console.log(`  New Seal:        ${c.cyan}${result.sealHex}${c.reset}`);
+      console.log(`  Buyer:           ${buyerName} <${buyerEmail}>`);
+      console.log(`  Prev Transfer:   ${result.previousTransferId}`);
+      console.log(`  File:            ${c.yellow}${result.file}${c.reset}`);
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+  if (sub === 'import') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: deed import <file.0nv>${c.reset}`); process.exit(1); }
+    const { BusinessDeed } = await import('./vault/deed.js');
+    const deed = new BusinessDeed();
+    const passphrase = getFlag(args, '--passphrase') || await promptInput('Passphrase: ');
+    const target = getFlag(args, '--target');
+    try {
+      const report = await deed.importDeed(file, passphrase, target);
+      console.log(`\n${report.success ? c.green + '✓ Import complete' : c.red + '✗ Import had errors'}${c.reset}`);
+      if (report.connections.written.length > 0) {
+        console.log(`  Connections: ${report.connections.written.join(', ')}`);
+      }
+      if (report.envFile) {
+        console.log(`  Env file:    ${report.envFile.file} (${report.envFile.written} vars)`);
+      }
+      if (report.workflows.count > 0) {
+        console.log(`  Workflows:   ${report.workflows.count}`);
+      }
+      if (report.brain.written.length > 0) {
+        console.log(`  AI Brain:    ${report.brain.written.join(', ')}`);
+      }
+      if (report.deed) {
+        console.log(`  Business:    ${c.cyan}${report.deed.business?.name || 'Unknown'}${c.reset}`);
+      }
+      if (report.errors.length > 0) {
+        console.log(`  ${c.red}Errors: ${report.errors.join(', ')}${c.reset}`);
+      }
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+  if (sub === 'export') {
+    const { BusinessDeed } = await import('./vault/deed.js');
+    const deed = new BusinessDeed();
+    const from = getFlag(args, '--from');
+    if (!from) { console.log(`${c.red}Usage: deed export --from <file> --name <name> --passphrase <pass>${c.reset}`); process.exit(1); }
+    const name = getFlag(args, '--name') || await promptInput('Business name: ');
+    const passphrase = getFlag(args, '--passphrase') || await promptInput('Passphrase: ');
+    const output = getFlag(args, '--output');
+    console.log(`\n${c.bright}Exporting Business Deed from ${from}...${c.reset}`);
+    try {
+      const result = await deed.export(
+        { envFile: from, jsonFile: from, csvFile: from },
+        { name, passphrase, output }
+      );
+      console.log(`\n${c.green}✓ Business Deed exported${c.reset}`);
+      console.log(`  Business:      ${c.cyan}${name}${c.reset}`);
+      console.log(`  Transfer ID:   ${c.cyan}${result.transferId}${c.reset}`);
+      console.log(`  Services:      ${result.services.join(', ') || 'none'}`);
+      console.log(`  Credentials:   ${result.credentialCount}`);
+      console.log(`  File:          ${c.yellow}${result.file}${c.reset}`);
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+  console.log(`${c.red}Unknown deed command: ${sub}${c.reset}`);
+  console.log(`Run ${c.cyan}0nmcp deed help${c.reset} for usage.`);
+}
 async function handleEngine(args) {
   const sub = args[0];

package/index.js CHANGED Viewed

@@ -29,6 +29,7 @@ import { registerAllTools } from "./tools.js";
 import { registerCrmTools } from "./crm/index.js";
 import { registerVaultTools, autoUnseal } from "./vault/index.js";
 import { registerContainerTools } from "./vault/tools-container.js";
+import { registerDeedTools } from "./vault/tools-deed.js";
 import { unsealedCache } from "./vault/cache.js";
 import { registerEngineTools } from "./engine/index.js";
@@ -40,7 +41,7 @@ const workflowRunner = new WorkflowRunner(connections);
 const server = new McpServer({
   name: "0nMCP",
-  version: "2.0.0",
+  version: "2.1.0",
 });
 // ============================================================
@@ -80,6 +81,12 @@ registerEngineTools(server, z);
 registerContainerTools(server, z);
+// ============================================================
+// BUSINESS DEED TOOLS (digital asset transfer system)
+// ============================================================
+registerDeedTools(server, z);
 // ============================================================
 // START SERVER (stdio transport)
 // ============================================================

package/lib/stats.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-25T10:54:43.654Z",
+  "generated": "2026-02-28T10:15:52.734Z",
   "catalogVersion": "1.2.2",
   "services": 26,
   "tools": 290,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "0nmcp",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "mcpName": "io.github.0nork/0nMCP",
   "description": "Universal AI API Orchestrator — 550 tools, 26 services, portable AI Brain bundles + machine-bound vault encryption + Application Engine. The most comprehensive MCP server available. Free and open source from 0nORK.",
   "type": "module",
@@ -73,6 +73,15 @@
     },
     "./vault/seal": {
       "import": "./vault/seal.js"
+    },
+    "./vault/deed": {
+      "import": "./vault/deed.js"
+    },
+    "./vault/deed-collector": {
+      "import": "./vault/deed-collector.js"
+    },
+    "./vault/deed-importer": {
+      "import": "./vault/deed-importer.js"
     }
   },
   "scripts": {
@@ -154,6 +163,39 @@
     "sha3",
     "argon2",
     "digital-asset-transfer",
+    "business-deed-transfer",
+    "workflow-runtime",
+    "http-server",
+    "cli",
+    "application-engine",
+    "container",
+    "mcp-registry",
+    "quickbooks",
+    "asana",
+    "intercom",
+    "dropbox",
+    "whatsapp",
+    "instagram",
+    "twitter",
+    "x-ads",
+    "tiktok",
+    "google-ads",
+    "facebook-ads",
+    "plaid",
+    "square",
+    "tiktok-ads",
+    "linkedin-ads",
+    "instagram-ads",
+    "smartlead",
+    "zapier",
+    "mulesoft",
+    "azure",
+    "pipedrive",
+    "linkedin",
+    "advertising",
+    "cold-email",
+    "finance",
+    "accounting",
     "0n",
     "0nork",
     "0nmcp"
@@ -227,6 +269,6 @@
     "triggers": 93,
     "totalCapabilities": 708,
     "categories": 13,
-    "lastUpdated": "2026-02-25T10:54:43.654Z"
+    "lastUpdated": "2026-02-28T10:15:52.734Z"
   }
 }

package/vault/deed-collector.js ADDED Viewed

@@ -0,0 +1,286 @@
+// ============================================================
+// 0nMCP — Vault: Deed Credential Collector
+// ============================================================
+// Collects credentials from multiple sources (files, dirs,
+// manual entry) and auto-detects services using the engine
+// mapper. Feeds into BusinessDeed.create().
+//
+// Patent Pending: US Provisional Patent Application #63/990,046
+// ============================================================
+import { existsSync, readdirSync, readFileSync } from "fs";
+import { join, extname } from "path";
+import { homedir } from "os";
+import { parseFile, parseEnvString, parseJsonString, parseCsvString } from "../engine/parser.js";
+import { mapEnvVars, groupByService } from "../engine/mapper.js";
+import { verifyCredentials } from "../engine/validator.js";
+const CONNECTIONS_DIR = join(homedir(), ".0n", "connections");
+// ── Collect from .0n connection files ───────────────────────
+/**
+ * Load credentials from ~/.0n/connections/*.0n files.
+ *
+ * @param {string} [dir] - Connections directory (default: ~/.0n/connections/)
+ * @returns {{ credentials: Object, services: string[] }}
+ */
+export function collectFromConnections(dir = CONNECTIONS_DIR) {
+  const credentials = {};
+  const services = [];
+  if (!existsSync(dir)) return { credentials, services };
+  const files = readdirSync(dir).filter(f => f.endsWith(".0n"));
+  for (const file of files) {
+    try {
+      const content = readFileSync(join(dir, file), "utf-8");
+      const data = JSON.parse(content);
+      // .0n connection file format: { $0n: { type, service }, credentials: { ... } }
+      const service = data?.$0n?.service || file.replace(".0n", "");
+      if (data.credentials && typeof data.credentials === "object") {
+        credentials[service] = data.credentials;
+        services.push(service);
+      }
+    } catch {
+      // Skip invalid files
+    }
+  }
+  return { credentials, services };
+}
+// ── Collect from file (auto-detect format) ──────────────────
+/**
+ * Collect credentials from a file (.env, .json, .csv).
+ *
+ * @param {string} filePath
+ * @returns {{ credentials: Object, envVars: Object, services: string[], unmapped: Array }}
+ */
+export function collectFromFile(filePath) {
+  const { entries } = parseFile(filePath);
+  return processEntries(entries);
+}
+// ── Collect from string content ─────────────────────────────
+/**
+ * Collect from raw .env string content.
+ * @param {string} content
+ * @returns {{ credentials: Object, envVars: Object, services: string[], unmapped: Array }}
+ */
+export function collectFromEnvString(content) {
+  const entries = parseEnvString(content);
+  return processEntries(entries);
+}
+/**
+ * Collect from raw JSON string content.
+ * @param {string} content
+ * @returns {{ credentials: Object, envVars: Object, services: string[], unmapped: Array }}
+ */
+export function collectFromJsonString(content) {
+  const entries = parseJsonString(content);
+  return processEntries(entries);
+}
+/**
+ * Collect from raw CSV string content.
+ * @param {string} content
+ * @returns {{ credentials: Object, envVars: Object, services: string[], unmapped: Array }}
+ */
+export function collectFromCsvString(content) {
+  const entries = parseCsvString(content);
+  return processEntries(entries);
+}
+// ── Collect from manual key-value pairs ─────────────────────
+/**
+ * Collect from manual key-value pairs.
+ *
+ * @param {Array<{ key: string, value: string }>} pairs
+ * @returns {{ credentials: Object, envVars: Object, services: string[], unmapped: Array }}
+ */
+export function collectFromManual(pairs) {
+  return processEntries(pairs);
+}
+// ── Collect from pre-structured service credentials ─────────
+/**
+ * Collect from already-structured credentials object.
+ * Format: { stripe: { apiKey: "sk_..." }, github: { token: "ghp_..." } }
+ *
+ * @param {Object} structured
+ * @returns {{ credentials: Object, services: string[] }}
+ */
+export function collectFromStructured(structured) {
+  const services = Object.keys(structured);
+  return { credentials: structured, services };
+}
+// ── Process entries through mapper ──────────────────────────
+/**
+ * Process raw key-value entries through the mapper pipeline.
+ *
+ * @param {Array<{ key: string, value: string }>} entries
+ * @returns {{ credentials: Object, envVars: Object, services: string[], unmapped: Array }}
+ */
+function processEntries(entries) {
+  const { mapped, unmapped } = mapEnvVars(entries);
+  const grouped = groupByService(mapped);
+  // Build credentials and envVars
+  const credentials = {};
+  const envVars = {};
+  const services = [];
+  for (const [service, group] of Object.entries(grouped)) {
+    credentials[service] = group.credentials;
+    services.push(service);
+    for (const envVar of group.envVars) {
+      const entry = entries.find(e => e.key === envVar);
+      if (entry) envVars[entry.key] = entry.value;
+    }
+  }
+  // Unmapped entries go to envVars
+  for (const entry of unmapped) {
+    envVars[entry.key] = entry.value;
+  }
+  return { credentials, envVars, services, unmapped };
+}
+// ── Validate credentials live ───────────────────────────────
+/**
+ * Validate collected credentials against live API endpoints.
+ *
+ * @param {Object} credentials - { service: { field: value } }
+ * @returns {Promise<Object>} Validation results per service
+ */
+export async function validateCollected(credentials) {
+  const results = {};
+  const summary = { total: 0, valid: 0, invalid: 0, skipped: 0 };
+  const entries = Object.entries(credentials);
+  summary.total = entries.length;
+  // Validate in parallel batches of 5
+  const batchSize = 5;
+  for (let i = 0; i < entries.length; i += batchSize) {
+    const batch = entries.slice(i, i + batchSize);
+    const promises = batch.map(([service, creds]) =>
+      verifyCredentials(service, creds).then(r => ({ service, ...r }))
+    );
+    const batchResults = await Promise.allSettled(promises);
+    for (const result of batchResults) {
+      if (result.status === "fulfilled") {
+        const r = result.value;
+        results[r.service] = r;
+        if (r.skipped) summary.skipped++;
+        else if (r.valid) summary.valid++;
+        else summary.invalid++;
+      }
+    }
+  }
+  return { results, summary };
+}
+// ── Master collection function ──────────────────────────────
+/**
+ * Collect credentials from multiple sources at once.
+ *
+ * @param {Object} sources
+ * @param {string}  [sources.envFile] - Path to .env file
+ * @param {string}  [sources.jsonFile] - Path to JSON file
+ * @param {string}  [sources.csvFile] - Path to CSV file
+ * @param {string}  [sources.connectionsDir] - Path to connections dir
+ * @param {Array}   [sources.manual] - Manual key-value pairs
+ * @param {Object}  [sources.structured] - Pre-structured credentials
+ * @param {boolean} [sources.validate] - Validate credentials live
+ * @returns {Promise<Object>}
+ */
+export async function collectCredentials(sources) {
+  const allCredentials = {};
+  const allEnvVars = {};
+  const allServices = new Set();
+  const allUnmapped = [];
+  // Collect from each source
+  if (sources.envFile && existsSync(sources.envFile)) {
+    const result = collectFromFile(sources.envFile);
+    mergeResults(allCredentials, allEnvVars, allServices, allUnmapped, result);
+  }
+  if (sources.jsonFile && existsSync(sources.jsonFile)) {
+    const result = collectFromFile(sources.jsonFile);
+    mergeResults(allCredentials, allEnvVars, allServices, allUnmapped, result);
+  }
+  if (sources.csvFile && existsSync(sources.csvFile)) {
+    const result = collectFromFile(sources.csvFile);
+    mergeResults(allCredentials, allEnvVars, allServices, allUnmapped, result);
+  }
+  if (sources.connectionsDir || existsSync(CONNECTIONS_DIR)) {
+    const dir = sources.connectionsDir || CONNECTIONS_DIR;
+    const result = collectFromConnections(dir);
+    for (const [svc, creds] of Object.entries(result.credentials)) {
+      allCredentials[svc] = { ...allCredentials[svc], ...creds };
+      allServices.add(svc);
+    }
+  }
+  if (sources.manual && Array.isArray(sources.manual)) {
+    const result = collectFromManual(sources.manual);
+    mergeResults(allCredentials, allEnvVars, allServices, allUnmapped, result);
+  }
+  if (sources.structured && typeof sources.structured === "object") {
+    const result = collectFromStructured(sources.structured);
+    for (const [svc, creds] of Object.entries(result.credentials)) {
+      allCredentials[svc] = { ...allCredentials[svc], ...creds };
+      allServices.add(svc);
+    }
+  }
+  const output = {
+    credentials: allCredentials,
+    envVars: allEnvVars,
+    services: Array.from(allServices),
+    unmapped: allUnmapped,
+    credentialCount: Object.values(allCredentials).reduce(
+      (sum, svc) => sum + Object.keys(svc).length, 0
+    ),
+  };
+  // Optional live validation
+  if (sources.validate) {
+    output.validation = await validateCollected(allCredentials);
+  }
+  return output;
+}
+// ── Merge helper ────────────────────────────────────────────
+function mergeResults(allCreds, allEnv, allServices, allUnmapped, result) {
+  for (const [svc, creds] of Object.entries(result.credentials || {})) {
+    allCreds[svc] = { ...allCreds[svc], ...creds };
+    allServices.add(svc);
+  }
+  for (const [k, v] of Object.entries(result.envVars || {})) {
+    allEnv[k] = v;
+  }
+  if (result.unmapped) allUnmapped.push(...result.unmapped);
+}