@0dai-dev/cli 4.3.4 → 4.3.6

package/README.md

@@ -1,6 +1,6 @@
 # 0dai
 
-One config layer for <!-- canonical-count:agent_clis_total -->6<!-- /canonical-count --> AI agent CLIs — Claude Code, Codex, OpenCode, Gemini, Aider, Qoder.
+One config layer for <!-- canonical-count:agent_clis_total -->7<!-- /canonical-count --> AI agent CLIs — Claude Code, Codex, OpenCode, Gemini, Aider, Qoder, Cursor.
 
 ## Install
 
@@ -8,22 +8,85 @@ One config layer for <!-- canonical-count:agent_clis_total -->6<!-- /canonical-c
 npm install -g @0dai-dev/cli
 ```
 
-## Usage
+## Five commands that matter
 
 ```bash
 cd your-project
-0dai init       # guides OAuth/device auth + activation, then generates ai/ layer
-0dai init --auth-code <browser-code> --code <TEAM-CODE>
-0dai auth login # sign in separately when needed
-0dai activate code <TEAM-CODE>
-0dai sync       # update after changes
-0dai detect     # show detected stack
-0dai doctor     # check health
-0dai status     # maturity, swarm tasks, session
-0dai feedback retry # retry queued feedback after an API failure
-0dai persona-simulate "topic"  # run synthetic focus-group simulation
+0dai init      # create ai/ layer, auth, and MCP bootstrap
+0dai status    # maturity, swarm tasks, and session state
+0dai sync      # refresh ai/ after repo or server changes
+0dai run "…"   # split a backlog item into agent tasks
+0dai doctor    # health check for credentials, drift, and env
 ```
 
+## All commands
+
+Start (first 5 minutes):
+
+```bash
+0dai init                           # create ai/ layer + MCP [--local] [--dry-run] [--minimal]
+0dai init --auth-code <code> --code <TEAM-CODE>   # non-interactive auth + activation
+0dai doctor                         # check health, credentials, and drift [--drift]
+0dai status                         # maturity, swarm, and session state [--json]
+0dai quickstart                     # auth, init, doctor, and status in one pass
+0dai detect                         # show detected stack
+0dai auth login                     # OAuth/device flow [--device] [--no-browser] [--code CODE] [--mcp]
+0dai auth mcp                       # store MCP token from current auth or device code
+0dai auth status                    # account and usage
+0dai activate free                  # claim free activation license
+```
+
+Daily (regular work):
+
+```bash
+0dai sync                           # update ai/ after repo or server changes [--dry-run] [--yes] [--quiet] [--force]
+0dai run <goal>                     # split a backlog item into agent tasks [--dry-run] [--dry-cost] [--agent claude|codex|gemini]
+0dai swarm status                   # show queued, active, and done tasks
+0dai swarm add                      # queue one task [--task '...' --to agent]
+0dai swarm-run                      # add, dispatch, and wait for one swarm task as JSON
+0dai harvest                        # convert experience events into candidate lessons
+0dai watch                          # live task monitor [--interval N]
+0dai reflect                        # session reflection: delivered, delegation, blockers
+0dai standup                        # morning voice briefing about overnight agent work
+0dai feedback push                  # send feedback to 0dai
+0dai feedback retry                 # retry queued feedback after a failed push
+0dai persona-simulate "topic"       # focus-group report and optional issue drafts
+```
+
+Pro / advanced:
+
+```bash
+0dai init-existing                  # existing-repo setup alias for init
+0dai project bind                   # bind repository to your 0dai account [--json]
+0dai project status                 # local project binding and health [--json]
+0dai graph push                     # upload local graph (Pro: edges, Free: nodes)
+0dai graph pull                     # download server graph and merge locally
+0dai graph status                   # local graph stats and sync state
+0dai ci                             # portable CI pipelines and AI-MQ [list|plan|mq-status]
+0dai heatmap                        # repo treemap: LOC × agent-edit intensity
+0dai session save                   # save session for roaming
+0dai provider                       # local provider profiles and direct invoke
+0dai models                         # model ratings (--fast/--balanced/--deep/--available)
+0dai quota                          # agent subscription usage [--refresh] [--json]
+0dai usage                          # local token, task, and USD ledger [status|daily|monthly]
+0dai workspace                      # tmux workspace sessions (init|up|status)
+0dai runner                         # runner/host architecture and queues [--json]
+0dai report                         # privacy-safe project reports (preview|push|status)
+0dai compliance                     # SOC2/ISO evidence and ADR audit-trail export
+0dai experience                     # structured experience events (list|stats|sync|warnings|dismiss)
+0dai receipt                        # session receipt PNG [--last|--active|--session ID]
+0dai boneyard                       # weekly digest of worst agent moves [--week YYYY-WW|current]
+0dai gh branch-protection           # GitHub branch protection [print|apply|install]
+0dai import claude-code-agents      # import .claude/agents/*.md as personas [--dry-run]
+0dai auth logout                    # remove credentials
+0dai activate code <TEAM-CODE>      # redeem Pro/Team activation code
+0dai activate status                # activation and bound-project status
+0dai redeem <CODE>                  # redeem a plan upgrade code
+0dai upgrade                        # open pricing page (browser or printed URL)
+```
+
+Global flags: `--target PATH`, `--version`, `--help`, `--json`, `--quiet`. See `0dai --help` for the full surface.
+
 ## What it does
 
 `0dai init` and `0dai sync` are activation-first. `init` can complete auth and plan activation in one run: browser/OAuth exchange code via `--auth-code`, Team/Pro activation code via `--code` or `--activation-code`, or the interactive OAuth/device-code prompt. After that it binds the project and sends only allowlisted project metadata (file names + package/build manifests) to the API and generates:

package/bin/0dai.js

@@ -31,18 +31,58 @@ const { T, R, D, log, VERSION, fs, path, spawnSync, findRepoScript, checkVersion
 /**
  * Hot-path Go binary fallback (issue #2424).
  *
- * For read-only hot-path commands (status/doctor/version) we attempt to delegate
- * to a Go binary when:
+ * For read-only hot-path commands we attempt to delegate to a Go binary when:
  *   1. ODAI_GO_BIN is set and points at an executable file, OR a binary called
  *      `0dai-go` is found on PATH.
- *   2. The binary reports `binary_version` matching the dispatcher VERSION
- *      (we accept exact match only — drift means fall back to Python/Node).
+ *   2. The binary reports `dispatcher_compat_version` matching the dispatcher
+ *      VERSION (legacy binaries may still use `binary_version` for this).
  *   3. ODAI_GO_DISABLE is NOT set to a truthy value.
+ *   4. The command's batch flag is not disabled. SPEC-035 rollback Level 1
+ *      is `ODAI_GO_BATCH_<N>=0`, which transparently routes the whole batch
+ *      back to the Node/Python implementation without reinstalling.
+ *
+ * Only commands listed in GO_HOT_PATH_COMMANDS are eligible for automatic
+ * delegation. `status` moved into batch 2 only after the #4098 Go↔Node
+ * payload parity proof landed. Base `doctor` moved into the same batch only
+ * after #4111 made the local `doctor_checks` shadow contract explicit;
+ * `doctor --drift` stays on the full Node implementation.
  *
  * If any of these checks fail we silently fall through to the existing
  * Python/Node implementations. The goal is zero behaviour change when the Go
  * binary is missing, broken, or version-skewed.
  */
+const GO_HOT_PATH_COMMANDS = new Set(["version", "status", "doctor"]);
+const GO_HOT_PATH_BATCHES = Object.freeze({
+  version: 1,
+  status: 2,
+  doctor: 2,
+});
+
+function goFlagDisabled(raw) {
+  if (raw === undefined || raw === null || raw === "") return false;
+  const value = String(raw).trim().toLowerCase();
+  return ["0", "false", "no", "off"].includes(value);
+}
+
+function goCommandEnvName(cmdName) {
+  return `ODAI_GO_COMMAND_${String(cmdName).toUpperCase().replace(/[^A-Z0-9]+/g, "_")}`;
+}
+
+function goBatchEnvName(batch) {
+  return `ODAI_GO_BATCH_${batch}`;
+}
+
+function goBatchEnabled(cmdName) {
+  const batch = GO_HOT_PATH_BATCHES[cmdName];
+  if (!batch) return false;
+  if (goFlagDisabled(process.env[goBatchEnvName(batch)])) return false;
+
+  // Drill-only per-command rollback override. Batch flags remain the release
+  // contract; this override is intentionally narrower for staging drills.
+  if (goFlagDisabled(process.env[goCommandEnvName(cmdName)])) return false;
+  return true;
+}
+
 function locateGoBinary() {
   if (process.env.ODAI_GO_DISABLE && process.env.ODAI_GO_DISABLE !== "0") return null;
   const explicit = process.env.ODAI_GO_BIN;
@@ -68,7 +108,11 @@ function goBinaryCompatible(binPath) {
     if (res.status !== 0 || !res.stdout) return false;
     const info = JSON.parse(res.stdout.toString());
     if (!info || typeof info.binary_version !== "string") return false;
-    return info.binary_version === VERSION;
+    const compatVersion =
+      typeof info.dispatcher_compat_version === "string"
+        ? info.dispatcher_compat_version
+        : info.binary_version;
+    return compatVersion === VERSION;
   } catch {
     return false;
   }
@@ -80,6 +124,8 @@ function goBinaryCompatible(binPath) {
  * caller must fall back to the existing Python/Node path.
  */
 function tryGoHotPath(cmdName, target, argv) {
+  if (!GO_HOT_PATH_COMMANDS.has(cmdName)) return false;
+  if (!goBatchEnabled(cmdName)) return false;
   const bin = locateGoBinary();
   if (!bin) return false;
   if (!goBinaryCompatible(bin)) return false;
@@ -91,7 +137,16 @@ function tryGoHotPath(cmdName, target, argv) {
 }
 
 // Export for tests; harmless at runtime.
-module.exports = { locateGoBinary, goBinaryCompatible, tryGoHotPath };
+module.exports = {
+  locateGoBinary,
+  goBinaryCompatible,
+  goBatchEnabled,
+  goBatchEnvName,
+  goCommandEnvName,
+  tryGoHotPath,
+  GO_HOT_PATH_BATCHES,
+  GO_HOT_PATH_COMMANDS,
+};
 const { loadCanonicalCounts, mcpToolsLabel } = require("../lib/utils/canonical-counts");
 
 // --- Command imports ---
@@ -99,9 +154,13 @@ const { cmdAuthLogin, cmdAuthLogout, cmdRedeem, cmdAuthStatus, cmdAuthMcp, cmdAc
 const { cmdInit, cmdSync, cmdProjectBind } = require("../lib/commands/init");
 const { cmdDetect } = require("../lib/commands/detect");
 const { cmdAudit } = require("../lib/commands/audit");
+const { cmdExport } = require("../lib/commands/export");
+const { cmdMcp } = require("../lib/commands/mcp");
+const { cmdVault } = require("../lib/commands/vault");
 const { cmdDoctor } = require("../lib/commands/doctor");
 const { cmdValidate } = require("../lib/commands/validate");
 const { cmdUpdate } = require("../lib/commands/update");
+const { cmdUpgrade } = require("../lib/commands/upgrade");
 const { cmdReflect } = require("../lib/commands/reflect");
 const { cmdMetrics } = require("../lib/commands/metrics");
 const { cmdHeatmap } = require("../lib/commands/heatmap");
@@ -109,7 +168,7 @@ const { cmdStatus } = require("../lib/commands/status");
 const { cmdPortfolio } = require("../lib/commands/portfolio");
 const { cmdRun } = require("../lib/commands/run");
 const { cmdWatch } = require("../lib/commands/watch");
-const { cmdModels } = require("../lib/commands/models");
+const { cmdModels, cmdModelsRecommend } = require("../lib/commands/models");
 const { cmdSession } = require("../lib/commands/session");
 const { cmdSwarm, cmdSwarmRun } = require("../lib/commands/swarm");
 const { cmdStandup } = require("../lib/commands/standup");
@@ -128,15 +187,24 @@ const { cmdPaste } = require("../lib/commands/paste");
 const { cmdReceipt } = require("../lib/commands/receipt");
 const { cmdBoneyard } = require("../lib/commands/boneyard");
 const { cmdQuota } = require("../lib/commands/quota");
+const { cmdUsage } = require("../lib/commands/usage");
 const { cmdGh } = require("../lib/commands/gh");
 const { cmdLoop } = require("../lib/commands/loop");
 const { cmdImportClaudeCodeAgents } = require("../lib/commands/import_claude_code_agents");
 const { cmdRunner } = require("../lib/commands/runner");
 const { cmdCi } = require("../lib/commands/ci");
+const { cmdTrust } = require("../lib/commands/trust");
 
 function printHelp() {
   const counts = loadCanonicalCounts();
   console.log(`\n  ${T}0dai${R} v${VERSION} — One config for ${counts.agent_clis_total} AI agent CLIs · ${mcpToolsLabel(counts)}\n`);
+  console.log("First-run sequence (canonical):");
+  console.log("  npm install -g @0dai-dev/cli   # install once, globally");
+  console.log("  0dai auth login                # sign in (OAuth / device code)");
+  console.log("  0dai activate free             # claim free-tier license");
+  console.log("  0dai init                      # generate ai/ layer in cwd");
+  console.log("  0dai doctor                    # verify health and drift");
+  console.log("");
   console.log("Start (first 5 minutes):");
   console.log("  init           Create ai/ layer + MCP [--local] [--dry-run] [--minimal]");
   console.log("  doctor         Check health, credentials, and drift [--drift]");
@@ -150,7 +218,7 @@ function printHelp() {
   console.log("");
   console.log("Daily (regular work):");
   console.log("  sync           Update ai/ layer after repo or server changes [--dry-run] [--yes] [--quiet] [--force]");
-  console.log("  run <goal>     Split a backlog item into agent tasks [--dry-run] [--agent claude|codex|gemini] [--provider X]");
+  console.log("  run <goal>     Split a backlog item into agent tasks [--dry-run] [--dry-cost] [--max-cost N] [--agent claude|codex|gemini] [--provider X]");
   console.log("  swarm status   Show queued, active, and done tasks");
   console.log("  swarm add      Queue one task for an agent [--task '...' --to agent]");
   console.log("  swarm-run      Add, dispatch, and wait for one swarm task as JSON");
@@ -162,21 +230,26 @@ function printHelp() {
   console.log("  feedback retry Retry queued feedback after a failed push");
   console.log("");
   console.log("Pro / advanced:");
-  console.log("  init-existing  Existing-repo setup alias for init [--minimal] [--dry-run]");
+  console.log("  init-existing  Legacy alias for init (older docs / scripted bootstraps); use 'init' [--minimal] [--dry-run]");
   console.log("  project bind   Bind current repository to your 0dai account [--json]");
   console.log("  project status Show local project binding and health state [--json]");
   console.log("  graph push     Upload local graph to server (Pro: edges, Free: nodes)");
   console.log("  graph pull     Download server graph and merge locally");
   console.log("  graph status   Show local graph stats and sync state");
   console.log("  ci             Plan portable 0dai CI pipelines and inspect AI-MQ [list|plan|mq-status] [--json]");
+  console.log("  mcp            MCP server, tools, and health [list|catalog|doctor|call] [--json]");
+  console.log("  vault          Local age-encrypted secrets vault [init|add|get] [--json]");
   console.log("  heatmap        Repo treemap: LOC x agent-edit intensity");
   console.log("  session save   Save session for roaming");
   console.log("  provider       Local provider profiles, bindings, and direct invoke");
   console.log("  models         Show model ratings (--fast/--balanced/--deep/--available)");
+  console.log("  models recommend  Ledger-ranked model pick for a task type [--task TYPE] [--goal '...'] [--json]");
   console.log("  quota          Agent subscription usage table [--refresh] [--json]");
+  console.log("  usage          Local token, task, and USD usage ledger [status|daily|monthly]");
   console.log("  workspace      Manage tmux workspace sessions (init|up|status)");
   console.log("  runner         Show runner/project-host architecture, queues, labels, and burst routing [status|plan|queue-status|label-audit|route-dry-run] [--json]");
   console.log("  report         Privacy-safe project reports (preview|push|status)");
+  console.log("  trust          Pre-run blast-radius: protected paths, authority matrix, egress [--json]");
   console.log("  compliance     SOC2/ISO evidence and ADR audit-trail export");
   console.log("  experience     Structured experience events (list|stats|sync|warnings|dismiss)");
   console.log("  persona-simulate  Produce a focus-group report and optional issue drafts");
@@ -206,6 +279,8 @@ const SYNC_ALLOWED_FLAGS = new Set([
   "--force",
   "--no-diff",
   "--no-mcp-auth",
+  "--skip-link-check",
+  "--strict-links",
 ]);
 
 function printSyncHelp() {
@@ -220,6 +295,8 @@ function printSyncHelp() {
   console.log("  --force        Also overwrite native config files from managed ai/ sources");
   console.log("  --no-diff      Hide unified diff output in previews/prompts");
   console.log("  --no-mcp-auth  Skip MCP cloud-token bootstrap during sync");
+  console.log("  --skip-link-check  Skip the SPEC-028 doc cross-link scan after sync");
+  console.log("  --strict-links Fail sync if doc_link_check reports broken or closed refs");
   console.log("  --target PATH  Run sync against another project path");
   console.log("");
 }
@@ -281,6 +358,7 @@ async function main() {
     case "run": await cmdRun(args[1] || "", target, args.slice(2)); break;
     case "watch": cmdWatch(target, args.slice(1)); break;
     case "audit": cmdAudit(target); break;
+    case "export": await cmdExport(target, args); break;
     case "security": {
       const subSec = args[1] || "";
       if (subSec === "install-hook") {
@@ -324,7 +402,7 @@ async function main() {
       if (!driftMode) {
         tryGoHotPath("doctor", target, args.slice(1));
       }
-      cmdDoctor(target, { drift: driftMode });
+      cmdDoctor(target, { drift: driftMode, json: args.includes("--json") });
       if (args.includes("--drift")) {
         const ds = findRepoScript(target, "drift_detector.py");
         console.log("\n  drift report:");
@@ -352,6 +430,7 @@ async function main() {
     case "validate": cmdValidate(target); break;
     case "reflect": cmdReflect(target, args); break;
     case "update": cmdUpdate(args); break;
+    case "upgrade": cmdUpgrade(); break;
     case "metrics": cmdMetrics(target); break;
     case "heatmap": cmdHeatmap(target, args.slice(1)); break;
     case "portfolio": cmdPortfolio(); break;
@@ -377,6 +456,8 @@ async function main() {
       else if (sub === "code" || sub === "redeem") await cmdRedeem(args[2]);
       else console.log("Usage: 0dai activate [free|status|code <CODE>]");
       break;
+    case "mcp": cmdMcp(target, sub, args); break;
+    case "vault": cmdVault(target, args[1], args.slice(2)); break;
     case "session": cmdSession(target, sub, args); break;
     case "swarm": cmdSwarm(target, sub, args); break;
     case "workspace": cmdWorkspace(target, sub, args.slice(2)); break;
@@ -408,6 +489,7 @@ async function main() {
     case "receipt": cmdReceipt(target, args.slice(1)); break;
     case "boneyard": cmdBoneyard(target, args.slice(1)); break;
     case "quota": case "quotas": cmdQuota(target, args.slice(1)); break;
+    case "usage": cmdUsage(target, args.slice(1)); break;
     case "gh": await cmdGh(target, sub, args); break;
     case "loop": cmdLoop(target, sub, args); break;
     case "import": {
@@ -429,11 +511,15 @@ async function main() {
       break;
     }
     case "report": cmdReport(target, sub, args); break;
+    case "trust": cmdTrust(target, args.slice(1)); break;
     case "compliance": cmdCompliance(target, args.slice(1)); break;
     case "experience": cmdExperience(target, sub, args); break;
     case "persona-simulate": cmdPersonaSimulate(target, args.slice(1)); break;
     case "graph": await cmdGraph(target, sub, args); break;
-    case "models": cmdModels(sub || args[1]); break;
+    case "models":
+      if (sub === "recommend") await cmdModelsRecommend(target, args.slice(2));
+      else cmdModels(sub || args[1]);
+      break;
     case "delegate": case "delegation": {
       const deScript = findRepoScript(target, "delegation_engine.py");
       if (!deScript) { log("delegation engine unavailable"); break; }

package/lib/commands/auth.js

@@ -133,16 +133,19 @@ async function loginWithExchangeCode(code) {
   if (!exchanged || exchanged.error || !exchanged.access_token) {
     throw new Error(exchanged && exchanged.error ? exchanged.error : "invalid or expired auth code");
   }
+  const status = await fetchAuthStatus(exchanged.access_token);
+  if (!status || status.error || !status.email) {
+    throw new Error(status && status.error ? status.error : "cloud validation failed after auth exchange");
+  }
   saveAuthState({
     access_token: exchanged.access_token,
-    email: exchanged.email || "",
-    name: exchanged.name || "",
+    email: status.email,
+    plan: status.plan || "free",
+    name: status.name || exchanged.name || "",
+    license: status.license || {},
+    plan_expires_at: status.plan_expires_at || "",
     authenticated_at: new Date().toISOString(),
   });
-  const status = await fetchAuthStatus();
-  if (!status || status.error || !status.email) {
-    throw new Error(status && status.error ? status.error : "cloud validation failed after auth exchange");
-  }
   return status;
 }
 
@@ -478,6 +481,54 @@ async function cmdAuthStatus() {
   }
 }
 
+// Disclosure text for the remote activation event.
+// Exported so tests can assert the notice references the real payload fields.
+const ACTIVATION_TELEMETRY_NOTICE =
+  "Telemetry: on activation, 0dai sends an event (free_tier_activated, timestamp, "
+  + "path=cli://activate-free, source=cli) to api.0dai.dev/v1/events via your "
+  + "authenticated session with a device identifier (X-Device-ID header). "
+  + "To opt out: set DO_NOT_TRACK=1 or ODAI_NO_TELEMETRY=1.";
+
+/**
+ * Post a best-effort activation event to the remote analytics endpoint.
+ *
+ * Opt-out: set DO_NOT_TRACK=1 or ODAI_NO_TELEMETRY=1 in the environment.
+ * When opted out, the local activation log (ai/meta/telemetry/activation.jsonl)
+ * is NOT affected — only the remote HTTP POST is skipped.
+ *
+ * @param {object} [deps]
+ * @param {Function} [deps.apiCallFn] - injectable stand-in for apiCall (tests)
+ * @param {object}  [deps.env]        - injectable env (defaults to process.env)
+ * @param {Function} [deps.print]     - injectable print fn (defaults to console.log)
+ */
+async function trackFreeTierActivated(deps = {}) {
+  const env = deps.env || process.env;
+  const print = deps.print || console.log;
+  const callFn = deps.apiCallFn || apiCall;
+
+  // Honour standard cross-ecosystem opt-out AND 0dai-specific form.
+  if (env.DO_NOT_TRACK === "1" || env.ODAI_NO_TELEMETRY === "1") {
+    return; // remote POST skipped; local log is unaffected
+  }
+
+  // One-time honest disclosure: what is sent, where, and how to opt out.
+  print(ACTIVATION_TELEMETRY_NOTICE);
+
+  try {
+    await callFn("/v1/events", {
+      events: [{
+        event: "free_tier_activated",
+        timestamp: new Date().toISOString(),
+        path: "cli://activate-free",
+        page: "0dai activate free",
+        props: { source: "cli" },
+      }],
+    });
+  } catch {
+    // best-effort telemetry — network failure is non-fatal
+  }
+}
+
 async function cmdActivateFree() {
   const ensureAuthenticated = makeEnsureAuthenticated(cmdAuthLogin);
   await ensureAuthenticated("activation");
@@ -485,6 +536,9 @@ async function cmdActivateFree() {
   log(`license ${license.status}`);
   console.log(`  activation id: ${license.activation_id}`);
   console.log(`  plan: ${license.plan || "free"}`);
+  if (license.status === "active") {
+    await trackFreeTierActivated();
+  }
 }
 
 async function cmdActivateStatus() {
@@ -520,4 +574,6 @@ module.exports = {
   parseActivationArgs,
   parseAuthLoginFlags,
   printDeviceLoginInstructions,
+  trackFreeTierActivated,
+  ACTIVATION_TELEMETRY_NOTICE,
 };

package/lib/commands/detect.js

@@ -1,15 +1,21 @@
 "use strict";
 const shared = require("../shared");
-const { D, R, log, apiCall, collectMetadata } = shared;
+const { D, R, log, apiCall, collectMetadata, buildProjectIdentity, hashManifestFiles } = shared;
 
 async function cmdDetect(target) {
   const OPTIONAL_CLIS = ["gemini", "aider", "opencode"];
-  const { projectFiles, manifestContents, clis: localClis } = collectMetadata(target);
-  // Send file contents AND local CLI inventory so server can do content-based detection
+  const metadata = collectMetadata(target);
+  const { projectFiles, manifestContents, clis: localClis } = metadata;
+  const identity = buildProjectIdentity(target, metadata);
+  // Privacy: send only filenames + SHA-256 hashes, never raw content (closes #4016).
+  // Local stack detection is pre-computed and passed as `stack`; server works from
+  // project_files + client-derived stack, not file content.
   const result = await apiCall("/v1/detect", {
     project_files: projectFiles,
-    manifest_contents: manifestContents,
+    manifest_files: hashManifestFiles(manifestContents),
     available_clis: localClis,
+    project_name: identity.project_name,
+    stack: identity.stack,
   });
   if (result.error) { log(`error: ${result.error}`); return; }
   console.log(`stack: ${result.stack || "?"}`);

package/lib/commands/doctor.js

@@ -2,6 +2,34 @@
 const shared = require("../shared");
 const { log, T, R, D, fs, path, spawnSync, findRepoScript, SUPPORTED_CLIS, recordExperienceEvent } = shared;
 
+const LOCAL_LAYER_CHECKS = Object.freeze([
+  ["ai/VERSION", "ai/VERSION", "error"],
+  ["ai/manifest/project.yaml", "ai/manifest/project.yaml", "error"],
+  ["ai/manifest/discovery.json", "ai/manifest/discovery.json", "warn"],
+  ["ai/manifest/commands.yaml", "ai/manifest/commands.yaml", "warn"],
+  [".claude/settings.json", ".claude/settings.json", "warn"],
+  ["AGENTS.md", "AGENTS.md", "warn"],
+]);
+
+function nodePtyProbe() {
+  try {
+    require.resolve("node-pty");
+    return {
+      name: "node-pty",
+      present: true,
+      sev: "ok",
+      hint: "node-pty available for terminal session spawn",
+    };
+  } catch {
+    return {
+      name: "node-pty",
+      present: false,
+      sev: "warn",
+      hint: "install node-pty for terminal sessions: npm i -g node-pty",
+    };
+  }
+}
+
 function ghostAuthStatus(home = process.env.HOME || process.env.USERPROFILE || "") {
   const customApiEnv = home ? path.join(home, ".custom-api", "custom-api.env") : "";
   const legacyAnthropicEnv = home ? path.join(home, ".claude-api-isolated", "anthropic.env") : "";
@@ -20,9 +48,35 @@ function ghostAuthStatus(home = process.env.HOME || process.env.USERPROFILE || "
   };
 }
 
+function collectLayerChecks(target) {
+  return LOCAL_LAYER_CHECKS.map(([name, relPath, missingSev]) => {
+    const fullPath = path.join(target, relPath);
+    const present = fs.existsSync(fullPath);
+    return {
+      name,
+      ok: present,
+      sev: present ? "ok" : missingSev,
+      hint: present ? "present" : `missing: ${fullPath}`,
+    };
+  });
+}
+
+function collectDoctorPayload(target) {
+  return {
+    binary: "node",
+    binary_version: shared.VERSION,
+    checks: collectLayerChecks(target),
+  };
+}
+
 function cmdDoctor(target, options = {}) {
   const ai = path.join(target, "ai");
   if (!fs.existsSync(ai)) { log("No 0dai config found. Run: 0dai init"); return; }
+  if (options.json) {
+    const payload = collectDoctorPayload(target);
+    console.log(JSON.stringify(payload, null, 2));
+    return payload;
+  }
   let v = "?", stack = "generic";
   try { v = fs.readFileSync(path.join(ai, "VERSION"), "utf8").trim(); } catch {}
   try { stack = JSON.parse(fs.readFileSync(path.join(ai, "manifest", "discovery.json"), "utf8")).stack || "generic"; } catch {}
@@ -33,15 +87,6 @@ function cmdDoctor(target, options = {}) {
   const R2 = process.stdout.isTTY ? "\x1b[0m" : "";
 
   // --- ai/ layer checks ---
-  const layerChecks = {
-    "ai/VERSION":                  { path: path.join(ai, "VERSION"),                   sev: "error" },
-    "ai/manifest/project.yaml":    { path: path.join(ai, "manifest", "project.yaml"),  sev: "error" },
-    "ai/manifest/commands.yaml":   { path: path.join(ai, "manifest", "commands.yaml"), sev: "warn"  },
-    "ai/manifest/discovery.json":  { path: path.join(ai, "manifest", "discovery.json"),sev: "warn"  },
-    ".claude/settings.json":       { path: path.join(target, ".claude", "settings.json"), sev: "warn" },
-    "AGENTS.md":                   { path: path.join(target, "AGENTS.md"),             sev: "warn"  },
-  };
-
   // --- credentials checklist ---
   // Detect subscription-based auth (not just env API keys)
   const { execFileSync: _execFile } = require("child_process");
@@ -99,14 +144,13 @@ function cmdDoctor(target, options = {}) {
 
   const missingConfigs = [];
   console.log("  ai/ layer:");
-  for (const [name, { path: p, sev }] of Object.entries(layerChecks)) {
-    const exists = fs.existsSync(p);
-    if (!exists) {
-      sev === "error" ? errors++ : warnings++;
-      if (sev === "warn") missingConfigs.push(name);
+  for (const check of collectLayerChecks(target)) {
+    if (!check.ok) {
+      check.sev === "error" ? errors++ : warnings++;
+      if (check.sev === "warn") missingConfigs.push(check.name);
     }
-    const mark = exists ? `${G}ok${R2}` : sev === "error" ? `${E}MISSING${R2}` : `${W}missing${R2}`;
-    console.log(`    ${mark.padEnd(22)} ${name}`);
+    const mark = check.ok ? `${G}ok${R2}` : check.sev === "error" ? `${E}MISSING${R2}` : `${W}missing${R2}`;
+    console.log(`    ${mark.padEnd(22)} ${check.name}`);
   }
   // Explain WHY native configs are missing and what to do
   if (missingConfigs.length > 0) {
@@ -256,4 +300,4 @@ function cmdDoctor(target, options = {}) {
   }
 }
 
-module.exports = { cmdDoctor, ghostAuthStatus };
+module.exports = { cmdDoctor, ghostAuthStatus, nodePtyProbe, collectDoctorPayload, collectLayerChecks };