@0dai-dev/cli 4.3.4 → 4.3.6

package/lib/commands/export.js

@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2026 0dai.dev
+//
+// F14 G4 Phase 2 — `0dai export --all` CLI command.
+//
+// Bundles user-owned tenant data into a tarball per the contract
+// at docs/governance/data-export-contract.md (F14 G4 Phase 1 /
+// PR #3569). Phase 2 ships personas + path-protect.yaml as real
+// data, plus usage-ledger.jsonl when present; the other 6 surfaces emit placeholder JSON
+// ({"_status": "not-implemented", "since": "F14 G4 Phase 2"}).
+//
+// Cosign signing is deferred to Phase 3 (stubs .sig + .crt as
+// empty files alongside the tarball so the layout contract holds).
+//
+// Usage:
+//   0dai export --all [--output PATH] [--target DIR]
+
+"use strict";
+
+const shared = require("../shared");
+const { T, R, D, log } = shared;
+const { buildExportTarball } = require("../utils/export-bundler");
+
+function parseExportArgs(args) {
+  const out = { all: false, output: null, target: process.cwd() };
+  for (let i = 0; i < args.length; i++) {
+    const a = args[i];
+    if (a === "--all") out.all = true;
+    else if (a === "--output" && args[i + 1]) { out.output = args[i + 1]; i++; }
+    else if (a === "--target" && args[i + 1]) { out.target = args[i + 1]; i++; }
+  }
+  return out;
+}
+
+function defaultOutputName() {
+  const now = new Date().toISOString().replace(/[:.]/g, "-").replace(/Z$/, "Z");
+  return `0dai-export-${now}.tar.gz`;
+}
+
+async function cmdExport(target, args) {
+  const opts = parseExportArgs(args);
+  if (!opts.all) {
+    console.error(`${T}[0dai-export]${R} --all is required (partial export is a Phase 2 follow-up)`);
+    process.exit(2);
+  }
+  const sourceRoot = opts.target || target || process.cwd();
+  const outputPath = opts.output || defaultOutputName();
+
+  log(`tenant data source: ${sourceRoot}`);
+  log(`output:             ${outputPath}`);
+
+  let result;
+  try {
+    result = await buildExportTarball({ sourceRoot, outputPath });
+  } catch (err) {
+    console.error(`${T}[0dai-export]${R} bundle failed: ${err.message}`);
+    process.exit(3);
+  }
+
+  log(`personas:       ${result.counts.personas} bundled`);
+  log(`path-protect:   ${result.counts.pathProtect} file(s)`);
+  log(`usage-ledger:   ${result.counts.usageLedger} file(s)`);
+  log(`placeholders:   ${result.counts.placeholders} surfaces (Phase 2 not-implemented)`);
+  log(`tarball:        ${result.tarballPath}`);
+  log(`sha256:         ${result.sha256}`);
+  if (result.signed) {
+    log(`signature:      cosign keyless signed (${result.sigPath})`);
+  } else {
+    log(`${D}signature:      ${result.signSkipReason} — stub .sig + .crt written${R}`);
+  }
+}
+
+module.exports = { cmdExport };

package/lib/commands/init.js

@@ -7,7 +7,7 @@ const {
   VERSION, SUPPORTED_CLIS,
   CONFIG_DIR, PROJECTS_FILE,
   apiCall, makeEnsureAuthenticated, ensureLicenseActivation, loadAuthState,
-  collectMetadata, buildProjectIdentity, registerProject,
+  collectMetadata, buildProjectIdentity, registerProject, hashManifestFiles,
   writeFiles, sendProjectHeartbeat, recordExperienceEvent,
   logFirstRunSuccess,
 } = shared;
@@ -15,6 +15,7 @@ const { cmdAuthLogin, ensureAccountForActivation, parseActivationArgs } = requir
 const { ensureGithubFlowPolicy, warnHooksPathDrift } = require("./gh");
 const { renderFileMapDiff, confirmOrExit, shouldAutoYes } = require("../utils/diff-preview");
 const { bootstrapMcp } = require("../utils/mcp-auth");
+const { recordActivationInit } = require("../utils/activation_telemetry");
 
 const ensureAuthenticated = makeEnsureAuthenticated(cmdAuthLogin);
 const SYNC_FULL_CONTENT_LIMIT = 10000;
@@ -363,11 +364,15 @@ async function cmdInit(target, args = []) {
   else if (!dryRun) log(`sending to API (${projectFiles.length} files, ${clis.length} CLIs)...`);
   const result = await apiCall("/v1/init", {
     project_files: projectFiles,
-    manifest_contents: manifestContents,
+    // Privacy: send only filenames + SHA-256 hashes, never raw content (closes #4016).
+    // Local detection (inferProjectName, detectStackHint) still reads content locally —
+    // the results are passed as project_name and stack so the server needs no raw content.
+    manifest_files: hashManifestFiles(manifestContents),
     available_clis: clis,
     dry_run: dryRun,
     minimal: minimal,
     project_name: identity.project_name,
+    stack: identity.stack,
     project_id: boundProject.project_id || identity.project_id,
     remote_origin: identity.remote_origin,
     origin: identity.origin,
@@ -463,6 +468,10 @@ async function cmdInit(target, args = []) {
   // First-run proof gate (issue #342). All 4 gates pass once we reach here:
   // license active (line above), project bound, ai/ layer written, heartbeat sent.
   // Idempotent — only fires once per project. See docs/first-run.md.
+  recordActivationInit(target, boundProject.project_id || identity.project_id, {
+    stack: result.stack || identity.stack || "unknown",
+  });
+
   const firstRun = logFirstRunSuccess(target, {
     license: true,
     project_bound: true,
@@ -557,6 +566,60 @@ function normalizeEnvironmentManifest(target) {
   return { path: filePath, changed: true };
 }
 
+// runDocLinkCheck — SPEC-028 Phase 2 (#2689). After the managed layer has been
+// written, run scripts/doc_link_check.py to surface broken/closed cross-refs
+// in ai/ and docs/. Warn-only by default so a flaky reference never blocks an
+// otherwise successful sync; --strict-links promotes failures to a non-zero
+// exit, and --skip-link-check bypasses the hook entirely.
+//
+// The hook intentionally stays silent when the script is missing (Phase 1 may
+// not have shipped to a downstream project) and when python3 is unavailable.
+// Output is streamed inline via stdio: "inherit" so authors see exact paths.
+function runDocLinkCheck(target, args = [], options = {}) {
+  if (args.includes("--skip-link-check")) {
+    return { skipped: true, reason: "flag" };
+  }
+  const script = path.join(target, "scripts", "doc_link_check.py");
+  if (!fs.existsSync(script)) {
+    return { skipped: true, reason: "missing-script" };
+  }
+  const quiet = !!options.quiet;
+  const strict = args.includes("--strict-links");
+  const { spawnSync } = require("child_process");
+  if (!quiet) log("doc-link-check: scanning ai/**/*.md docs/**/*.md");
+  const result = spawnSync(
+    "python3",
+    [
+      script,
+      "--repo-root",
+      target,
+      "--paths",
+      "ai/**/*.md",
+      "docs/**/*.md",
+      "--format",
+      "md",
+      "--fail-on",
+      "broken,closed",
+    ],
+    { stdio: "inherit", cwd: target },
+  );
+  if (result.error && result.error.code === "ENOENT") {
+    if (!quiet) console.log(`  ${D}doc-link-check skipped: python3 not found${R}`);
+    return { skipped: true, reason: "no-python" };
+  }
+  const status = typeof result.status === "number" ? result.status : 0;
+  if (status !== 0) {
+    if (strict) {
+      log(`${W}doc-link-check failed (exit ${status}); --strict-links is set${R}`);
+      process.exit(status);
+    }
+    if (!quiet) log(`${W}doc-link-check found issues (exit ${status}); warn-only (pass --strict-links to fail sync)${R}`);
+    return { ran: true, status, strict, broken: true };
+  }
+  if (!quiet) log("doc-link-check: clean");
+  return { ran: true, status: 0, strict, broken: false };
+}
+
 async function cmdSync(target, args = []) {
   const dryRun = args.includes("--dry-run");
   const quiet = args.includes("--quiet") || args.includes("-q");
@@ -608,7 +671,11 @@ async function cmdSync(target, args = []) {
 
   const result = await apiCall("/v1/sync", {
     ai_version: version, stack, agents: agents.length ? agents : clis,
-    current_files: currentFiles, manifest_contents: manifestContents,
+    current_files: currentFiles,
+    // Privacy: send only filenames + SHA-256 hashes, never raw content (closes #4031).
+    // Local detection (stack, agents) is derived locally and sent separately so the
+    // server needs no raw manifest content — mirrors the /v1/init fix from #4030.
+    manifest_files: hashManifestFiles(manifestContents),
     dry_run: dryRun, quiet, force,
     project_name: identity.project_name,
     project_id: boundProject.project_id || identity.project_id,
@@ -669,6 +736,12 @@ async function cmdSync(target, args = []) {
   } else {
     log("already up to date");
   }
+
+  // SPEC-028 Phase 2 (#2689) — scan managed docs for broken cross-refs after
+  // the layer is on disk. Warn-only unless --strict-links; --skip-link-check
+  // bypasses. Runs even when no files changed so stale local refs surface on
+  // every sync.
+  runDocLinkCheck(target, args, { quiet });
   const envManifest = normalizeEnvironmentManifest(target);
   if (!quiet && envManifest.changed) {
     log("environment manifest target normalized: ai/manifest/environment.yaml");
@@ -823,5 +896,6 @@ module.exports = {
   hashFile,
   detectRegistryDrift,
   guardRegistryDrift,
+  runDocLinkCheck,
   SYNC_FULL_CONTENT_LIMIT,
 };

package/lib/commands/mcp.js

@@ -72,7 +72,7 @@ function _toolsFromTierManifest(target, plan) {
     const section = exposure[plan] || exposure.free;
     if (!section) continue;
     const tools = Array.isArray(section.tools) ? section.tools.slice() : [];
-    return { source: candidate, plan, tools, count: tools.length };
+    return { source: candidate, plan, tools, count: tools.length, exposure };
   }
   return null;
 }
@@ -203,12 +203,33 @@ function _cmdCatalog(target, args) {
   console.log(`\n  ${T}available stacks${R}: ${available.join(", ")}\n`);
 }
 
+// Flag MCP server entries left behind by a pre-4.3 `0dai sync` that no longer
+// connect. Two dead patterns: the deprecated `/sse` operator endpoint (HTTP 404,
+// 0dai-dev/docs#56) and the `transport: "sse"` form. `mergeMcpConfig` only manages
+// its own servers and never prunes unknown user entries -- even with --reset -- so
+// these persist after upgrade until removed by hand. The current generator connects
+// operator-MCP via the headerless "claude.ai 0dai" (OAuth /mcp) entry, so the stale
+// block is dead weight. Detection stays on the unambiguous /sse signal to avoid
+// false positives on a legitimately-wired bearer host-pool config (#57).
+function _detectStaleMcpServers(mcpServers) {
+  const stale = [];
+  for (const [name, cfg] of Object.entries(mcpServers || {})) {
+    if (!cfg || typeof cfg !== "object") continue;
+    const url = typeof cfg.url === "string" ? cfg.url : "";
+    const transport = typeof cfg.transport === "string" ? cfg.transport : "";
+    if (/\/sse\/?(\?|$)/.test(url) || transport === "sse") {
+      stale.push({ name, reason: "deprecated SSE endpoint/transport (HTTP 404)" });
+    }
+  }
+  return stale;
+}
+
 function _cmdDoctor(target, args) {
   const wantJson = args.includes("--json");
   const report = {
     target,
     server_script: { path: "", ok: false },
-    mcp_config: { path: "", ok: false, servers: [] },
+    mcp_config: { path: "", ok: false, servers: [], stale: [] },
     tier_manifest: { path: "", ok: false, free_count: 0, pro_count: 0 },
     catalog: { path: "", ok: false, stacks: 0 },
   };
@@ -226,6 +247,7 @@ function _cmdDoctor(target, args) {
     if (data && data.mcpServers && typeof data.mcpServers === "object") {
       report.mcp_config.ok = true;
       report.mcp_config.servers = Object.keys(data.mcpServers);
+      report.mcp_config.stale = _detectStaleMcpServers(data.mcpServers);
     }
   }
 
@@ -268,6 +290,12 @@ function _cmdDoctor(target, args) {
   if (report.mcp_config.ok) {
     console.log(`    servers: ${report.mcp_config.servers.join(", ")}`);
   }
+  if (report.mcp_config.stale.length) {
+    console.log(`    ${W}stale${R} (remove from .mcp.json — superseded by the "claude.ai 0dai" OAuth /mcp entry):`);
+    for (const s of report.mcp_config.stale) {
+      console.log(`      ${W}!${R} ${s.name} ${D}— ${s.reason}${R}`);
+    }
+  }
   console.log(`  tier manifest   ${ok(report.tier_manifest.ok)}  ${D}${report.tier_manifest.path || "(not found)"}${R}`);
   if (report.tier_manifest.ok) {
     console.log(`    free=${report.tier_manifest.free_count} pro=${report.tier_manifest.pro_count}`);
@@ -278,7 +306,9 @@ function _cmdDoctor(target, args) {
   }
   console.log("");
 
-  const allOk = report.server_script.ok && report.mcp_config.ok && (report.tier_manifest.ok || report.catalog.ok);
+  const allOk = report.server_script.ok && report.mcp_config.ok
+    && report.mcp_config.stale.length === 0
+    && (report.tier_manifest.ok || report.catalog.ok);
   if (!allOk) process.exitCode = 1;
 }
 

package/lib/commands/run.js

@@ -1,26 +1,43 @@
 "use strict";
 const shared = require("../shared");
 const { log, T, R, D, fs, path, apiCall } = shared;
+const {
+  estimateRunCost,
+  formatTokens,
+  formatUsd,
+  formatUsdPer1k,
+} = require("../utils/run_cost");
+const { recordActivationFirstTask } = require("../utils/activation_telemetry");
 
 async function cmdRun(goal, target, args = []) {
   if (!goal) {
-    console.log(`Usage: 0dai run <goal> [--dry-run] [--agent claude|codex|gemini] [--provider deepseek|gemini-direct|codex|claude-opus]`);
+    console.log(`Usage: 0dai run <goal> [--dry-run] [--dry-cost] [--max-cost N] [--agent claude|codex|gemini] [--provider deepseek|gemini-direct|codex|claude-opus]`);
     console.log(`  Example: 0dai run "add dark mode to settings page"`);
+    console.log(`  Example: 0dai run "fix login bug" --dry-cost`);
+    console.log(`  Example: 0dai run "refactor auth" --max-cost 0.50`);
     return;
   }
 
   const dryRun = args.includes("--dry-run");
+  const dryCost = args.includes("--dry-cost");
   const agentIdx = args.indexOf("--agent");
   const agentOverride = agentIdx >= 0 ? args[agentIdx + 1] : null;
   const providerIdx = args.indexOf("--provider");
   const providerOverride = providerIdx >= 0 ? normalizeProvider(args[providerIdx + 1] || "") : null;
   const providerModelIdx = args.indexOf("--provider-model");
   const providerModel = providerModelIdx >= 0 ? (args[providerModelIdx + 1] || "") : "";
+  const maxCostIdx = args.indexOf("--max-cost");
+  const maxCostRaw = maxCostIdx >= 0 ? args[maxCostIdx + 1] : null;
+  const maxCost = maxCostRaw != null ? parseFloat(maxCostRaw) : null;
 
   if (providerIdx >= 0 && !providerOverride) {
     log("error: unsupported provider. Supported: deepseek, gemini-direct, codex, claude-opus, claude-sonnet");
     return;
   }
+  if (maxCostIdx >= 0 && (maxCostRaw == null || Number.isNaN(maxCost) || maxCost < 0)) {
+    log("error: --max-cost requires a non-negative number");
+    process.exit(1);
+  }
 
   // Read project context
   let stack = "generic", agents = ["claude"], commands = {};
@@ -30,9 +47,9 @@ async function cmdRun(goal, target, args = []) {
     agents = disc.selected_agents || ["claude"];
   } catch {}
 
-  if (!dryRun) process.stdout.write(`${T}[0dai]${R} decomposing goal...`);
+  if (!dryRun && !dryCost) process.stdout.write(`${T}[0dai]${R} decomposing goal...`);
   const result = await apiCall("/v1/run", { goal, context: { stack, agents, commands } });
-  if (!dryRun) process.stdout.write("\r" + " ".repeat(40) + "\r");
+  if (!dryRun && !dryCost) process.stdout.write("\r" + " ".repeat(40) + "\r");
 
   if (result.error) { log(`error: ${result.error}`); return; }
 
@@ -50,6 +67,23 @@ async function cmdRun(goal, target, args = []) {
     console.log(`     ${D}→ ${agent}${providerText}  [${t.model_tier}]${t.description ? "  " + t.description : ""}${R}`);
   }
 
+  const costEstimate = estimateRunCost(tasks, {
+    providerOverride,
+    resolveAgent: (task) => agentOverride || providerAgent(providerOverride) || task.assigned_to,
+  });
+
+  if (dryCost) {
+    printCostPreview(costEstimate);
+    console.log(`\n  ${D}[dry-cost] estimate only — no tasks queued${R}\n`);
+    return;
+  }
+
+  if (maxCost != null && costEstimate.totalUsd > maxCost) {
+    log(`error: estimated cost ${formatUsd(costEstimate.totalUsd)} exceeds --max-cost ${formatUsd(maxCost)}`);
+    console.log(`  ${D}Re-run with --dry-cost to inspect the breakdown, or raise --max-cost${R}`);
+    process.exit(1);
+  }
+
   if (dryRun) {
     console.log(`\n  ${D}[dry-run] would create ${tasks.length} task(s) in swarm queue${R}\n`);
     return;
@@ -88,6 +122,32 @@ async function cmdRun(goal, target, args = []) {
 
   console.log(`\n  ${T}✓${R} ${created.length} task${created.length === 1 ? "" : "s"} added to swarm queue`);
   console.log(`  ${D}Monitor: 0dai watch  |  Queue: 0dai swarm status${R}\n`);
+
+  if (created.length > 0) {
+    const identity = shared.buildProjectIdentity(target, shared.collectMetadata(target));
+    recordActivationFirstTask(target, identity.project_id, {
+      outcome: "task_queued",
+      task_count: created.length,
+    });
+  }
+}
+
+function printCostPreview(costEstimate) {
+  console.log(`\n  ${T}Cost preview${R} (estimate):\n`);
+  costEstimate.tasks.forEach((row, index) => {
+    console.log(
+      `  ${T}${index + 1}.${R} ${row.title || "task"}`
+      + `\n     ${D}→ ${row.agent} [${row.tier}]`
+      + `  ~${formatTokens(row.tokens)} tokens`
+      + `  ~${formatUsd(row.estimatedUsd)}`
+      + `  (${formatUsdPer1k(row.usdPer1k)})${R}`,
+    );
+  });
+  console.log(
+    `\n  ${T}Total:${R} ~${formatTokens(costEstimate.totalTokens)} tokens`
+    + `  ~${formatUsd(costEstimate.totalUsd)}`
+    + `  (blended ${formatUsdPer1k(costEstimate.blendedUsdPer1k)})`,
+  );
 }
 
 function normalizeProvider(provider) {
@@ -114,4 +174,4 @@ function providerAgent(provider) {
   return null;
 }
 
-module.exports = { cmdRun };
+module.exports = { cmdRun, printCostPreview };

package/lib/commands/status.js

@@ -4,6 +4,11 @@ const {
   log, T, R, D, fs, path, spawnSync, findRepoScript,
   getSwarmQuotaLocal, _detectPlanLocal, PLAN_LEVELS, loadAuthState,
 } = shared;
+const {
+  getActivationDurationStats,
+  getActivationMergedPrStats,
+  printActivationStats,
+} = require("../utils/activation_telemetry");
 
 function countJson(dir) {
   try { return fs.readdirSync(dir).filter(f => f.endsWith(".json")).length; } catch { return 0; }
@@ -116,6 +121,8 @@ function collectStatusPayload(target) {
       detected: driftDetected,
     },
     warnings: warningCount,
+    activation_ttfv: getActivationDurationStats(target),
+    activation_first_merged_pr: getActivationMergedPrStats(target),
   };
 }
 
@@ -158,6 +165,8 @@ function cmdStatus(target, options = {}) {
     console.log(`  drift: config changes detected — run: 0dai doctor --drift`);
   }
 
+  printActivationStats(target);
+
   return payload;
 }