@0dai-dev/cli 4.3.5 → 4.3.7

package/lib/scripts/mcp_tier_config.py

@@ -0,0 +1,240 @@
+"""MCP tool tier configuration - single source of truth for Free vs Pro tool access.
+
+FREE_TOOLS (49): Basic read-only tools and Mode A baseline helpers.
+PRO_TOOLS (64): Advanced tools requiring Pro/Team plan ($15/mo).
+
+Total: 113 unique tools. Must match all @mcp.tool registrations in mcp_server.py + mcp_tools/.
+"""
+
+PLAN_LEVELS = {"free": 0, "pro": 1, "team": 2, "enterprise": 3}
+
+FREE_TOOLS: list[str] = [
+    # Core read tools — project context
+    "get_project_manifest",
+    "get_project_context",
+    "get_codebase_map",
+    "get_commands",
+    "get_environment",
+    "get_ai_version",
+    "get_project_health",
+    "mcp_tier_load",
+    "get_bulletins",
+    "get_applied_lock",
+    "get_custom_stacks",
+    "get_discovery",
+    "get_personas",
+    "get_registry",
+    "get_telemetry_summary",
+    "citation_audit",
+    "get_specs",
+    "master_plan_read",
+    # Knowledge tools
+    "search_experience",
+    "record_experience",
+    "score_candidates",
+    # Federation & graph
+    "get_federation",
+    "get_project_graph",
+    # Model selection
+    "get_model_ratings",
+    # Agent anomaly observability
+    "get_anomaly_taxonomy",
+    "get_anomaly_events",
+    "get_anomaly_summary",
+    "get_agent_activity",
+    "get_ghost_critiques",
+    "get_token_telemetry",
+    "verdict_count",
+    "idle_watchdog_status",
+    "get_pool_state",
+    "pool_query_free",
+    "pool_health",
+    # Solution utility tools (read-only, local-safe)
+    "debug_probe",
+    "parse_content",
+    # Memory tools — core feature, free tier (makes product sticky)
+    "memory_add",
+    "memory_search",
+    "memory_list",
+    "memory_delete",
+    "memory_verify",
+    "memory_inject",
+    # GitHub helpers (Tier 1, Mode A) - added 2026-04-26 per #1132.
+    "gh_label_create",
+    "gh_issue_edit_body",
+    "gh_pr_diff",
+    "propose_file_change",
+    # Session productivity scoring - added 2026-01-XX per #1727.
+    "session_productivity",
+    "session_productivity_pool",
+]
+
+CORE_DISCOVERY_TOOLS: list[str] = [
+    "mcp_tier_load",
+    "memory_search",
+    "get_project_health",
+    "get_session",
+    "get_bulletins",
+    "get_project_manifest",
+    "get_codebase_map",
+    "get_commands",
+    "get_discovery",
+    "get_specs",
+    "search_experience",
+    "record_experience",
+    "get_activity_feed",
+    "check_approval",
+    "get_role_policy",
+]
+
+HIDDEN_DISCOVERY_TOOLS: list[str] = [
+    "memory_delete",
+    "memory_inject",
+    "gh_label_create",
+    "gh_issue_edit_body",
+    "propose_file_change",
+    "create_spec",
+    "update_decision",
+    "submit_feedback",
+    "undo_mutation",
+    "record_anomaly",
+    "pool_checkin",
+    "pool_checkout",
+    "task_cancel",
+    "idle_watchdog_pause",
+    "gh_pr_merge_safe",
+    "rebase_orchestrator",
+    "fallback_chain_resolver",
+]
+
+PRO_TOOLS: list[str] = [
+    # Swarm tools (8)
+    "get_swarm_status",
+    "swarm_delegate",
+    "peer_delegate_request",
+    "peer_delegate_list",
+    "peer_delegate_status",
+    "peer_delegate_accept",
+    "peer_delegate_decline",
+    "peer_delegate_complete",
+    "peer_delegate_sessions",
+    "swarm_run",
+    "run_task",
+    "watch_tasks",
+    "get_portfolio",
+    "estimate_task_cost",
+    "recommend_model",
+    # Working group tools (4)
+    "get_working_group_profiles",
+    "working_group_deliberate",
+    "get_working_group_history",
+    "working_group_research",
+    # Audit tools (4)
+    "get_audit_log",
+    "scan_secrets",
+    "get_compliance_report",
+    "get_role_policy",
+    # Specs write tool
+    "create_spec",
+    # Write / mutation tools
+    "update_decision",
+    "save_session",
+    "submit_feedback",
+    "undo_mutation",
+    "record_anomaly",
+    "pool_checkin",
+    "pool_checkout",
+    "loop_kick",
+    "task_cancel",
+    "idle_watchdog_pause",
+    # Solution utility tools (external/browser providers)
+    "web_search",
+    "capture_screenshot",
+    # OpenRouter BYOK tools (SPEC-024 Phase 1)
+    "mcp__openrouter__list_models",
+    "mcp__openrouter__invoke",
+    # Advanced read tools
+    "get_org_policy",
+    "get_maturity_score",
+    "get_mcp_catalog",
+    "get_agent_teams",
+    "get_plugins",
+    "check_approval",
+    "list_projects",
+    "get_project_health_multi",
+    "get_daily_digest",
+    "get_session",
+    "check_conflicts",
+    "get_activity_feed",
+    "get_knowledge_base",
+    "get_wal",
+    "get_prompt_history",
+    "get_observability",
+    "get_orchestration",
+    "get_graph_context",
+    "trace_task",
+    "get_distilled_rules",
+    "get_substrate_health",
+    # Ops-wrappers suite (3) — added 2026-04-28 per ops-wrappers-suite task.
+    "gh_pr_merge_safe",
+    "rebase_orchestrator",
+    "fallback_chain_resolver",
+    # Graph memory (Phase D) — read-only Cypher over AGE memory_graph (#2104).
+    "memory_traverse",
+    # Hybrid pgvector+AGE search (#3638) — Pro; v1 short-circuit when flag off.
+    "memory_search_v2",
+]
+
+# Sentinel value for unknown/local-only plan (treated as Free)
+UNKNOWN_PLAN = "free"
+
+# Minimum plan level required for Pro tools
+PRO_MIN_LEVEL = 1  # pro
+
+UPGRADE_MESSAGE = "This tool requires Pro plan ($15/mo). Run: 0dai upgrade"
+
+
+def validate_completeness(all_tool_names: set[str]) -> list[str]:
+    """Validate that FREE_TOOLS + PRO_TOOLS covers all registered tools.
+
+    Returns list of error messages (empty = valid).
+    """
+    errors: list[str] = []
+    free_set = set(FREE_TOOLS)
+    pro_set = set(PRO_TOOLS)
+
+    # Check for duplicates between lists
+    overlap = free_set & pro_set
+    if overlap:
+        errors.append(f"Tools in both FREE and PRO lists: {sorted(overlap)}")
+
+    # Check for duplicates within lists
+    if len(FREE_TOOLS) != len(free_set):
+        from collections import Counter
+        dupes = [k for k, v in Counter(FREE_TOOLS).items() if v > 1]
+        errors.append(f"Duplicate tools in FREE_TOOLS: {dupes}")
+
+    if len(PRO_TOOLS) != len(pro_set):
+        from collections import Counter
+        dupes = [k for k, v in Counter(PRO_TOOLS).items() if v > 1]
+        errors.append(f"Duplicate tools in PRO_TOOLS: {dupes}")
+
+    # Check completeness
+    all_declared = free_set | pro_set
+    missing = all_tool_names - all_declared
+    extra = all_declared - all_tool_names
+
+    if missing:
+        errors.append(f"Tools not in any tier list: {sorted(missing)}")
+    if extra:
+        errors.append(f"Tools in tier list but not registered: {sorted(extra)}")
+
+    # Check counts (49 free / 64 pro / 113 total after memory_search_v2 #3718).
+    if len(free_set) != 49:
+        errors.append(f"FREE_TOOLS has {len(free_set)} items, expected 49")
+    if len(pro_set) != 64:
+        errors.append(f"PRO_TOOLS has {len(pro_set)} items, expected 64")
+    if len(free_set) + len(pro_set) != 113:
+        errors.append(f"Total tools: {len(free_set) + len(pro_set)}, expected 113")
+
+    return errors

package/lib/shared.js

@@ -17,11 +17,14 @@ const { spawnSync } = require("child_process");
 const VERSION = require("../package.json").version;
 
 // --- Re-export from extracted modules ---
-const { SUPPORTED_CLIS, MANIFEST_FILES, PROBE_DIRS, SETTINGS_PRESERVE_FIELDS } = require("./utils/constants");
+const { SUPPORTED_CLIS, MANIFEST_FILES, PROBE_DIRS, SETTINGS_PRESERVE_FIELDS, cliDisplayName } = require("./utils/constants");
 const {
   deviceFingerprint, registerProject, projectIdFor,
   getGitRemoteOrigin, inferProjectName, detectStackHint,
-  collectMetadata, buildProjectIdentity,
+  collectMetadata, buildProjectIdentity, hashManifestFiles,
+  loadProjectBinding, validProjectId, validateProjectDisplayName,
+  bindingTargetMatches, projectTargetInfo, boundProjectIdentityFromBinding,
+  applyBoundProjectIdentity, writeProjectBinding,
 } = require("./utils/identity");
 const { PLAN_LEVELS, _detectPlanLocal, requirePlan, getSwarmQuotaLocal } = require("./utils/plan");
 
@@ -58,6 +61,32 @@ const DRIFT_TRACKED_CONFIGS = [
   ".windsurfrules",
   ".aider.conf.yml",
 ];
+const LIVE_MANIFEST_DEFAULTS = Object.freeze({
+  "ai/manifest/current_state.json": JSON.stringify({
+    managed: true,
+    schema: "0dai.current_state.v1",
+    status: "initialized",
+    phase: "bootstrap",
+    current_milestone: "initialization",
+    current_sprint: "bootstrap",
+    release_posture: "local",
+    notes: "Initial 0dai live-state scaffold. Update this file as the project execution state changes.",
+  }, null, 2) + "\n",
+  "ai/manifest/current_task.json": JSON.stringify({
+    managed: true,
+    schema: "0dai.current_task.v1",
+    task_id: "bootstrap",
+    title: "Initialize 0dai project context",
+    status: "active",
+    phase: "bootstrap",
+    acceptance: [
+      "ai/manifest/project.yaml reflects project identity",
+      "ai/manifest/commands.yaml reflects safe project commands",
+      "ai/docs/roadmap.md captures the next work",
+    ],
+    linked: [],
+  }, null, 2) + "\n",
+});
 
 // --- API ---
 function apiCall(endpoint, data, options = {}) {
@@ -84,10 +113,10 @@ function apiCall(endpoint, data, options = {}) {
     const opts = {
       hostname: url.hostname,
       port: url.port || (url.protocol === "https:" ? 443 : 80),
-      path: url.pathname,
+      path: url.pathname + url.search,
       method: body ? "POST" : "GET",
       headers,
-      timeout: 60000,
+      timeout: Number(options && options.timeoutMs) > 0 ? Number(options.timeoutMs) : 60000,
     };
     if (body) opts.headers["Content-Length"] = Buffer.byteLength(body);
     const req = mod.request(opts, (res) => {
@@ -98,6 +127,11 @@ function apiCall(endpoint, data, options = {}) {
         catch { resolve({ error: `HTTP ${res.statusCode}` }); }
       });
     });
+    if (options && options.background) {
+      req.on("socket", (socket) => {
+        if (socket && typeof socket.unref === "function") socket.unref();
+      });
+    }
     req.on("error", (e) => resolve({ error: `${e.message}. Is ${API_URL} reachable?` }));
     req.on("timeout", () => { req.destroy(); resolve({ error: "request timed out after 60s. Check your internet connection or try again." }); });
     if (body) req.write(body);
@@ -345,33 +379,78 @@ function writeFiles(target, files) {
   return created + updated;
 }
 
+function missingLiveManifestDefaults(target, pendingFiles = {}) {
+  const missing = {};
+  for (const [rel, content] of Object.entries(LIVE_MANIFEST_DEFAULTS)) {
+    if (Object.prototype.hasOwnProperty.call(pendingFiles, rel)) continue;
+    if (!fs.existsSync(path.join(target, rel))) missing[rel] = content;
+  }
+  return missing;
+}
+
+function ensureLiveManifestDefaults(target) {
+  const missing = missingLiveManifestDefaults(target);
+  for (const [rel, content] of Object.entries(missing)) {
+    const p = path.join(target, rel);
+    fs.mkdirSync(path.dirname(p), { recursive: true });
+    fs.writeFileSync(p, content, "utf8");
+  }
+  return Object.keys(missing);
+}
+
 // --- Repo Script Lookup ---
-function findRepoScript(target, scriptName) {
-  const candidates = [
+function repoScriptCandidates(target, scriptName) {
+  return [
     path.join(target, "scripts", scriptName),
     path.join(process.cwd(), "scripts", scriptName),
+    path.join(__dirname, "..", "scripts", scriptName),
     path.join(__dirname, "..", "..", "..", "scripts", scriptName),
     path.join(__dirname, "..", "..", "..", "..", "scripts", scriptName),
   ];
+}
+
+function findRepoScript(target, scriptName) {
+  const candidates = repoScriptCandidates(target, scriptName);
   for (const c of candidates) { if (fs.existsSync(c)) return c; }
   return null;
 }
 
+// Python scripts copied into the package at lib/python/ on prepack
+// (scripts/build-python-bundle.js). Lets pure-stdlib commands work for npm
+// end-users who have no repo checkout of scripts/. Mirrors experience.js (#4360).
+function resolveBundledScript(scriptName) {
+  const bundled = path.join(__dirname, "python", scriptName);
+  return fs.existsSync(bundled) ? bundled : null;
+}
+
+// Prefer a repo copy (operator/dev checkout); fall back to the bundled copy.
+function resolvePythonScript(target, scriptName) {
+  return findRepoScript(target, scriptName) || resolveBundledScript(scriptName);
+}
+
 // --- Version Check ---
-async function checkVersion() {
+async function checkVersion(options = {}) {
   try {
+    const force = Boolean(options && options.force);
+    const background = options && Object.prototype.hasOwnProperty.call(options, "background")
+      ? Boolean(options.background)
+      : true;
     const intervalSec = parseInt(process.env.ODAI_UPDATE_CHECK_INTERVAL || "3600");
     let lastCheck = 0;
     try { lastCheck = parseFloat(fs.readFileSync(VERSION_CHECK_FILE, "utf8")); } catch {}
-    if (Date.now() / 1000 - lastCheck < intervalSec) return;
+    if (!force && Date.now() / 1000 - lastCheck < intervalSec) return;
     fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
     fs.writeFileSync(VERSION_CHECK_FILE, String(Date.now() / 1000));
-    const result = await apiCall("/v1/version");
+    const result = await apiCall("/v1/version", null, {
+      background,
+      timeoutMs: options && options.timeoutMs,
+    });
     if (result.version && result.version !== VERSION) {
       const cmp = (a, b) => { const [a1,a2,a3] = a.split(".").map(Number); const [b1,b2,b3] = b.split(".").map(Number); return a1 - b1 || a2 - b2 || a3 - b3; };
       if (cmp(result.version, VERSION) > 0) {
         log(`Update available: ${VERSION} → ${result.version}`);
-        console.log(`  Run: npm update -g @0dai-dev/cli\n`);
+        const suffix = options && options.initHint ? ", then rerun 0dai init" : "";
+        console.log(`  Run: npm update -g @0dai-dev/cli${suffix}\n`);
       }
     }
   } catch {}
@@ -379,7 +458,7 @@ async function checkVersion() {
 
 // --- Experience ---
 function recordExperienceEvent(target, payload) {
-  const script = findRepoScript(target, "experience_pipeline.py");
+  const script = resolvePythonScript(target, "experience_pipeline.py");
   if (!script) return;
   try {
     spawnSync("python3", [script, "record-json", "--target", target], {
@@ -394,7 +473,7 @@ module.exports = {
   VERSION, API_URL, T, R, D, E, G, W,
   log, CONFIG_DIR, AUTH_FILE, VERSION_CHECK_FILE, PROJECTS_FILE,
   // Constants
-  PLAN_LEVELS, MANIFEST_FILES, PROBE_DIRS, SUPPORTED_CLIS, SETTINGS_PRESERVE_FIELDS,
+  PLAN_LEVELS, MANIFEST_FILES, PROBE_DIRS, SUPPORTED_CLIS, SETTINGS_PRESERVE_FIELDS, cliDisplayName,
   // API
   apiCall,
   // Auth
@@ -402,14 +481,18 @@ module.exports = {
   fetchAuthStatus, makeEnsureAuthenticated, ensureLicenseActivation,
   // Identity
   deviceFingerprint, registerProject, projectIdFor,
+  loadProjectBinding, validProjectId, validateProjectDisplayName,
+  bindingTargetMatches, projectTargetInfo, boundProjectIdentityFromBinding,
+  applyBoundProjectIdentity, writeProjectBinding,
   getGitRemoteOrigin, inferProjectName, detectStackHint,
-  collectMetadata, buildProjectIdentity,
+  collectMetadata, buildProjectIdentity, hashManifestFiles,
   // Plan / Tier
   _detectPlanLocal, requirePlan, getSwarmQuotaLocal,
   // Project
   sendProjectHeartbeat, recordExperienceEvent, logFirstRunSuccess,
   // Files
-  mergeSettingsJson, writeFiles, findRepoScript,
+  mergeSettingsJson, writeFiles, missingLiveManifestDefaults, ensureLiveManifestDefaults,
+  findRepoScript, repoScriptCandidates, resolveBundledScript, resolvePythonScript,
   // Version
   checkVersion,
   // Re-exports for convenience