@0dai-dev/cli 4.3.5 → 4.3.7

package/lib/utils/identity.js

@@ -9,6 +9,30 @@ const path = require("path");
 const os = require("os");
 const { MANIFEST_FILES, PROBE_DIRS, SUPPORTED_CLIS } = require("./constants");
 
+const BINDING_IDENTITY_KEYS = new Set([
+  "managed",
+  "schema",
+  "target",
+  "current_target",
+  "target_aliases",
+  "project_id",
+  "project_name",
+  "display_name",
+  "stack",
+  "origin",
+  "remote_origin",
+  "path_hash",
+  "device",
+  "binding_status",
+  "binding_reason",
+  "binding_next_action",
+  "binding_source",
+  "bound_at",
+  "updated_at",
+  "last_error",
+  "server_project",
+]);
+
 function deviceFingerprint() {
   const crypto = require("crypto");
   const parts = [
@@ -93,6 +117,163 @@ function readDiscovery(target) {
   }
 }
 
+function loadProjectBinding(target) {
+  try {
+    const binding = JSON.parse(fs.readFileSync(path.join(target, ".0dai", "project-binding.json"), "utf8"));
+    return binding && typeof binding === "object" && !Array.isArray(binding) ? binding : null;
+  } catch {
+    return null;
+  }
+}
+
+function _stringValue(value) {
+  return typeof value === "string" ? value.trim() : "";
+}
+
+function validProjectId(value) {
+  return /^prj_[A-Za-z0-9_-]{8,}$/.test(_stringValue(value));
+}
+
+function validateProjectDisplayName(value) {
+  const name = _stringValue(value);
+  if (!name) return { ok: false, error: "project name must not be empty" };
+  if (name.length > 120) return { ok: false, error: "project name must be 120 characters or fewer" };
+  if (/[\x00-\x1f\x7f]/.test(name)) return { ok: false, error: "project name must not contain control characters" };
+  return { ok: true, name };
+}
+
+function _realpathOrResolved(target) {
+  const resolved = path.resolve(target);
+  try {
+    return fs.realpathSync.native(resolved);
+  } catch {
+    return resolved;
+  }
+}
+
+function _bindingPathCandidates(binding) {
+  const candidates = [];
+  if (binding && typeof binding === "object") {
+    for (const key of ["target", "current_target"]) {
+      const value = _stringValue(binding[key]);
+      if (value) candidates.push(value);
+    }
+    if (Array.isArray(binding.target_aliases)) {
+      for (const alias of binding.target_aliases) {
+        const value = _stringValue(alias);
+        if (value) candidates.push(value);
+      }
+    }
+  }
+  return candidates;
+}
+
+function bindingTargetMatches(target, binding) {
+  if (!binding || typeof binding !== "object") return false;
+  const currentTarget = path.resolve(target);
+  const canonicalTarget = _realpathOrResolved(target);
+  for (const candidate of _bindingPathCandidates(binding)) {
+    const resolved = path.resolve(candidate);
+    if (resolved === currentTarget || resolved === canonicalTarget) return true;
+    try {
+      if (fs.realpathSync.native(resolved) === canonicalTarget) return true;
+    } catch {}
+  }
+  return false;
+}
+
+function projectTargetInfo(target, binding = null) {
+  const currentTarget = path.resolve(target);
+  const canonicalTarget = _realpathOrResolved(target);
+  const seen = new Set();
+  const aliases = [];
+  const addAlias = (value) => {
+    const raw = _stringValue(value);
+    if (!raw) return;
+    const resolved = path.resolve(raw);
+    if (resolved === canonicalTarget) return;
+    if (seen.has(resolved)) return;
+    seen.add(resolved);
+    aliases.push(resolved);
+  };
+  if (currentTarget !== canonicalTarget) addAlias(currentTarget);
+  for (const candidate of _bindingPathCandidates(binding)) addAlias(candidate);
+  return { current_target: currentTarget, target: canonicalTarget, target_aliases: aliases };
+}
+
+function boundProjectIdentityFromBinding(target, binding) {
+  if (!binding || binding.binding_status !== "bound") return null;
+  if (!bindingTargetMatches(target, binding)) return null;
+  const out = {};
+  if (validProjectId(binding.project_id)) out.project_id = _stringValue(binding.project_id);
+  const displayName = _stringValue(binding.display_name) || _stringValue(binding.project_name);
+  if (displayName) out.project_name = displayName;
+  return Object.keys(out).length ? out : null;
+}
+
+function projectIdForExplicitRebindFromBinding(binding) {
+  if (!binding || typeof binding !== "object" || Array.isArray(binding)) return "";
+  return validProjectId(binding.project_id) ? _stringValue(binding.project_id) : "";
+}
+
+function applyBoundProjectIdentity(target, identity, binding) {
+  const bound = boundProjectIdentityFromBinding(target, binding);
+  if (!bound) return identity;
+  return {
+    ...identity,
+    ...(bound.project_id ? { project_id: bound.project_id } : {}),
+    ...(bound.project_name ? { project_name: bound.project_name } : {}),
+  };
+}
+
+function writeProjectBinding(target, options = {}) {
+  const existing = loadProjectBinding(target) || {};
+  const preserved = {};
+  for (const [key, value] of Object.entries(existing)) {
+    if (!BINDING_IDENTITY_KEYS.has(key)) preserved[key] = value;
+  }
+
+  const identity = options.identity || {};
+  const serverProject = options.server_project || options.serverProject || {};
+  const targetInfo = projectTargetInfo(target, bindingTargetMatches(target, existing) ? existing : null);
+  const projectID = _stringValue(options.project_id) || _stringValue(serverProject.project_id) || _stringValue(identity.project_id);
+  const projectName =
+    _stringValue(options.project_name) ||
+    _stringValue(options.display_name) ||
+    _stringValue(serverProject.name) ||
+    _stringValue(identity.project_name);
+  const now = new Date().toISOString();
+  const binding = {
+    ...preserved,
+    managed: true,
+    schema: 1,
+    target: targetInfo.target,
+    current_target: targetInfo.current_target,
+    target_aliases: targetInfo.target_aliases,
+    project_id: projectID,
+    project_name: projectName,
+    display_name: projectName,
+    stack: _stringValue(options.stack) || _stringValue(serverProject.stack) || _stringValue(identity.stack) || "unknown",
+    origin: _stringValue(identity.origin) || _stringValue(existing.origin) || "local",
+    remote_origin: _stringValue(identity.remote_origin) || _stringValue(existing.remote_origin),
+    binding_status: _stringValue(options.binding_status) || _stringValue(serverProject.binding_status) || "bound",
+    binding_source: _stringValue(options.binding_source) || "project bind",
+    bound_at: _stringValue(options.bound_at) || _stringValue(existing.bound_at) || now,
+    updated_at: now,
+    server_project: serverProject,
+    last_error: _stringValue(options.last_error),
+  };
+  if (options.account_email) binding.account_email = String(options.account_email);
+  if (options.account_plan) binding.account_plan = String(options.account_plan);
+  if (options.activation_status) binding.activation_status = String(options.activation_status);
+  if (options.activation_id) binding.activation_id = String(options.activation_id);
+
+  const file = path.join(target, ".0dai", "project-binding.json");
+  fs.mkdirSync(path.dirname(file), { recursive: true, mode: 0o700 });
+  fs.writeFileSync(file, JSON.stringify(binding, null, 2) + "\n", { mode: 0o600 });
+  return binding;
+}
+
 function projectIdFor(target, projectName, remoteOrigin) {
   const crypto = require("crypto");
   const seed = projectIdSeed(projectName, remoteOrigin || path.resolve(target));
@@ -148,6 +329,19 @@ function detectStackHint(projectFiles, manifestContents) {
   return "unknown";
 }
 
+/**
+ * Return a {filename: sha256hex} map for the given manifest contents.
+ * The raw content never leaves the machine — only the hash is exported.
+ */
+function hashManifestFiles(manifestContents) {
+  const crypto = require("crypto");
+  const hashes = {};
+  for (const [name, content] of Object.entries(manifestContents)) {
+    hashes[name] = crypto.createHash("sha256").update(content, "utf8").digest("hex");
+  }
+  return hashes;
+}
+
 function collectMetadata(target) {
   const projectFiles = [];
   const manifestContents = {};
@@ -200,6 +394,9 @@ module.exports = {
   MANIFEST_FILES, PROBE_DIRS,
   deviceFingerprint, registerProject, projectIdFor, projectIdSeed,
   scrubRemoteUrl, readProjectManifest, readDiscovery,
+  loadProjectBinding, validProjectId, validateProjectDisplayName,
+  bindingTargetMatches, projectTargetInfo, boundProjectIdentityFromBinding,
+  projectIdForExplicitRebindFromBinding, applyBoundProjectIdentity, writeProjectBinding,
   getGitRemoteOrigin, inferProjectName, detectStackHint,
-  collectMetadata, buildProjectIdentity,
+  collectMetadata, buildProjectIdentity, hashManifestFiles,
 };

package/lib/utils/mcp-auth.js

@@ -24,7 +24,7 @@ const EMBEDDED_TEMPLATE = `{
       "command": "npx",
       "args": ["-y", "@modelcontextprotocol/server-filesystem", "{{PROJECT_PATH}}"]
     },
-    "claude.ai 0dai": {
+    "claude_ai_0dai": {
       "type": "http",
       "url": "{{MCP_HOST}}/mcp"
     }
@@ -71,8 +71,8 @@ function renderTemplate(template, values) {
   });
 }
 
-function repoRootFromPackage() {
-  return path.resolve(__dirname, "..", "..", "..", "..");
+function repoRootFromPackage(options = {}) {
+  return options.repoRoot ? path.resolve(options.repoRoot) : path.resolve(__dirname, "..", "..", "..", "..");
 }
 
 function resolveTemplatePath() {
@@ -101,17 +101,22 @@ function loadTemplate() {
   return { text: EMBEDDED_TEMPLATE, source: "embedded" };
 }
 
-function resolveMcpServerScript(target) {
-  const repoRoot = repoRootFromPackage();
+function resolveMcpServerScript(target, options = {}) {
+  const explicit = String((options.env || process.env).ODAI_MCP_SERVER_SCRIPT || "").trim();
+  if (explicit) {
+    return { path: explicit, found: true, explicit: true };
+  }
+  const repoRoot = repoRootFromPackage(options);
+  const cwd = options.cwd ? path.resolve(options.cwd) : process.cwd();
   const candidates = [
     path.join(target, "scripts", "mcp_server.py"),
-    path.join(process.cwd(), "scripts", "mcp_server.py"),
+    path.join(cwd, "scripts", "mcp_server.py"),
     path.join(repoRoot, "scripts", "mcp_server.py"),
   ];
   for (const candidate of candidates) {
-    if (fs.existsSync(candidate)) return candidate;
+    if (fs.existsSync(candidate)) return { path: candidate, found: true, explicit: false };
   }
-  return "scripts/mcp_server.py";
+  return { path: "", found: false, explicit: false };
 }
 
 function readJsonFile(filePath) {
@@ -190,7 +195,7 @@ function shouldUpdateManagedServer(name, existingConfig, incomingConfig, options
     const incomingTarget = filesystemTarget(incomingConfig);
     return (incomingTarget && !existingTarget) || pathsDiffer(existingTarget, incomingTarget, base);
   }
-  if (name === DEFAULT_CLOUD_SERVER_NAME) {
+  if (name === DEFAULT_CLOUD_SERVER_ID) {
     const existingUrl = existingConfig && typeof existingConfig.url === "string" ? existingConfig.url : "";
     const incomingUrl = incomingConfig && typeof incomingConfig.url === "string" ? incomingConfig.url : "";
     return !!incomingUrl && existingUrl !== incomingUrl;
@@ -198,16 +203,48 @@ function shouldUpdateManagedServer(name, existingConfig, incomingConfig, options
   return false;
 }
 
+function normalizeCloudServerIds(servers) {
+  const out = servers && typeof servers === "object" && !Array.isArray(servers) ? { ...servers } : {};
+  if (Object.prototype.hasOwnProperty.call(out, DEFAULT_CLOUD_SERVER_NAME)) {
+    if (!Object.prototype.hasOwnProperty.call(out, DEFAULT_CLOUD_SERVER_ID)) {
+      out[DEFAULT_CLOUD_SERVER_ID] = out[DEFAULT_CLOUD_SERVER_NAME];
+    }
+    delete out[DEFAULT_CLOUD_SERVER_NAME];
+  }
+  return out;
+}
+
+function mcpServerScriptArg(config) {
+  const args = Array.isArray(config && config.args) ? config.args : [];
+  for (const arg of args) {
+    const value = String(arg || "");
+    if (/(^|[/\\])mcp_server\.py$/.test(value)) return value;
+  }
+  const command = typeof (config && config.command) === "string" ? config.command : "";
+  return /(^|[/\\])mcp_server\.py$/.test(command) ? command : "";
+}
+
+function looksLikeManagedLocalOdaiServer(name, config, options = {}) {
+  if (name !== "0dai") return false;
+  if (options.reset) return true;
+  const args = Array.isArray(config && config.args) ? config.args.map((arg) => String(arg || "")) : [];
+  const command = typeof (config && config.command) === "string" ? config.command : "";
+  if (mcpServerScriptArg(config)) return true;
+  if (envTarget(config)) return true;
+  return command === "python3" && args.includes("--target");
+}
+
 function mergeMcpConfig(existing, incoming, options = {}) {
   const out = existing && typeof existing === "object" && !Array.isArray(existing) ? { ...existing } : {};
   const existingServers = out.mcpServers && typeof out.mcpServers === "object" && !Array.isArray(out.mcpServers)
-    ? { ...out.mcpServers }
+    ? normalizeCloudServerIds(out.mcpServers)
     : {};
   const incomingServers = incoming && incoming.mcpServers && typeof incoming.mcpServers === "object"
-    ? incoming.mcpServers
+    ? normalizeCloudServerIds(incoming.mcpServers)
     : {};
   const added = [];
   const updated = [];
+  const removed = [];
 
   for (const [name, config] of Object.entries(incomingServers)) {
     if (!(name in existingServers)) {
@@ -221,17 +258,24 @@ function mergeMcpConfig(existing, incoming, options = {}) {
     }
   }
 
+  if (options.removeLocalOdai && Object.prototype.hasOwnProperty.call(existingServers, "0dai")
+      && looksLikeManagedLocalOdaiServer("0dai", existingServers["0dai"], options)) {
+    delete existingServers["0dai"];
+    removed.push("0dai");
+  }
+
   out.mcpServers = existingServers;
-  return { config: out, added, updated };
+  return { config: out, added, updated, removed };
 }
 
 function ensureMcpConfig(target, options = {}) {
   const resolvedTarget = path.resolve(target);
   const { text, source } = loadTemplate();
+  const mcpServerScript = resolveMcpServerScript(resolvedTarget, options);
   const rendered = renderTemplate(text, {
     PROJECT_PATH: resolvedTarget,
     MCP_HOST: options.host || DEFAULT_MCP_HOST,
-    ODAI_MCP_SERVER_SCRIPT: resolveMcpServerScript(resolvedTarget),
+    ODAI_MCP_SERVER_SCRIPT: mcpServerScript.path,
   });
   let incoming;
   try {
@@ -239,12 +283,32 @@ function ensureMcpConfig(target, options = {}) {
   } catch (err) {
     throw new Error(`MCP template rendered invalid JSON: ${err.message}`);
   }
+  const warnings = [];
+  if (!mcpServerScript.found && incoming && incoming.mcpServers && incoming.mcpServers["0dai"]) {
+    delete incoming.mcpServers["0dai"];
+    warnings.push(
+      "local 0dai MCP skipped: mcp_server.py not found; cloud claude_ai_0dai remains configured. Set ODAI_MCP_SERVER_SCRIPT to enable local stdio MCP.",
+    );
+  }
 
   const mcpPath = path.join(resolvedTarget, ".mcp.json");
   const existing = readJsonFile(mcpPath);
-  const merged = mergeMcpConfig(existing, incoming, { reset: !!options.reset, target: resolvedTarget });
+  const merged = mergeMcpConfig(existing, incoming, {
+    reset: !!options.reset,
+    target: resolvedTarget,
+    removeLocalOdai: !mcpServerScript.found,
+  });
   const changed = writeJsonIfChanged(mcpPath, merged.config);
-  return { path: mcpPath, changed, template: source, added: merged.added, updated: merged.updated };
+  return {
+    path: mcpPath,
+    changed,
+    template: source,
+    added: merged.added,
+    updated: merged.updated,
+    removed: merged.removed,
+    localServer: mcpServerScript,
+    warnings,
+  };
 }
 
 function ensureClaudeSettings(target) {
@@ -551,6 +615,7 @@ async function bootstrapMcp(target, args = [], logger = console.log) {
 
   try {
     result.config = ensureMcpConfig(target, { host: options.host, reset: options.reset });
+    result.warnings.push(...(result.config.warnings || []));
   } catch (err) {
     result.ok = false;
     result.warnings.push(err.message);
@@ -602,6 +667,7 @@ module.exports = {
   normalizeMcpHost,
   parseMcpArgs,
   renderTemplate,
+  resolveMcpServerScript,
   runOAuthHandshake,
   writeMcpAuthTokenFromAccount,
 };

package/lib/utils/plan.js

@@ -92,7 +92,7 @@ function requirePlan(requiredPlan, featureName, target) {
 
 function getSwarmQuotaLocal(target) {
   const plan = _detectPlanLocal(target);
-  const limits = { free: 0, pro: 50, team: 200, enterprise: 999999 };
+  const limits = { free: 1, pro: 50, team: 200, enterprise: 999999 };
   const dailyLimit = limits[plan] || 0;
   const budgetPath = path.join(target, "ai", "swarm", "budget.json");
   let usedToday = 0;

package/lib/vault/index.js

@@ -78,10 +78,10 @@ const cipher = require("./cipher");
 const NAME_RE = /^[a-zA-Z0-9._-]{1,64}$/;
 
 function _validateName(name) {
-  if (typeof name !== "string" || !NAME_RE.test(name)) {
+  if (typeof name !== "string" || name === "." || name === ".." || !NAME_RE.test(name)) {
     const err = new Error(
       `invalid secret name: ${JSON.stringify(name)} — ` +
-      "must match /^[a-zA-Z0-9._-]{1,64}$/",
+      "must match /^[a-zA-Z0-9._-]{1,64}$/ and not be '.' or '..'",
     );
     err.code = "VAULT_INVALID_NAME";
     throw err;
@@ -135,9 +135,25 @@ function add(scope, name, value, options = {}) {
     throw err;
   }
   const sdir = storage.scopeDir(vdir, scope);
+  const outPath = _secretPath(vdir, scope, name);
+  // Defense in depth (#4358): even if scope/name validation were bypassed,
+  // never write a secret over the identity key/public key or outside the
+  // vault dir.
+  const vroot = path.resolve(vdir);
+  const resolvedOut = path.resolve(outPath);
+  if (
+    !resolvedOut.startsWith(vroot + path.sep) ||
+    resolvedOut === path.resolve(storage.identityPath(vdir)) ||
+    resolvedOut === path.resolve(storage.publicKeyPath(vdir))
+  ) {
+    const err = new Error(
+      `refusing to write secret to a protected vault path: ${outPath}`,
+    );
+    err.code = "VAULT_PROTECTED_PATH";
+    throw err;
+  }
   fs.mkdirSync(sdir, { recursive: true, mode: 0o700 });
   try { fs.chmodSync(sdir, 0o700); } catch (_) { /* best effort */ }
-  const outPath = _secretPath(vdir, scope, name);
   const overwritten = fs.existsSync(outPath);
   cipher.encryptToFile(value, recipient, outPath);
   const stat = fs.statSync(outPath);

package/lib/vault/storage.js

@@ -66,11 +66,30 @@ function publicKeyPath(dir) {
  * Phase 2 helper: per-scope dir under the vault. Stubbed so callers can
  * import it today; not exercised by Phase 1 tests.
  */
+// A scope must be a single, safe path segment. Critically this rejects
+// "." and ".." (which path.join collapses into the vault root or its
+// parent), preventing `vault add . identity <v>` from overwriting the
+// master key and `vault add .. <name> <v>` from escaping the vault (#4358).
+const SCOPE_RE = /^[a-zA-Z0-9._-]{1,64}$/;
+
 function scopeDir(dir, scope) {
-  if (!scope || typeof scope !== "string" || scope.includes("/") || scope.includes("\\")) {
+  if (
+    !scope ||
+    typeof scope !== "string" ||
+    scope === "." ||
+    scope === ".." ||
+    !SCOPE_RE.test(scope) ||
+    scope.includes("/") ||
+    scope.includes("\\")
+  ) {
+    throw new Error(`invalid vault scope: ${JSON.stringify(scope)}`);
+  }
+  const base = path.resolve(dir);
+  const resolved = path.resolve(base, scope);
+  if (resolved === base || path.dirname(resolved) !== base) {
     throw new Error(`invalid vault scope: ${JSON.stringify(scope)}`);
   }
-  return path.join(dir, scope);
+  return resolved;
 }
 
 module.exports = {

package/lib/wizard.js

@@ -9,7 +9,7 @@
 const fs = require("fs");
 const path = require("path");
 const readline = require("readline");
-const { writeFiles } = require("./shared");
+const { writeFiles, ensureLiveManifestDefaults } = require("./shared");
 const { loadCanonicalCounts, mcpToolsLabel } = require("./utils/canonical-counts");
 
 // ---------------------------------------------------------------------------
@@ -182,6 +182,7 @@ function stepGenerate(target, agent, stack) {
     path.join(manifestDir, "project.yaml"),
     `plan: free\nname: ${discovery.project_name}\nstack: ${discovery.stack}\n`,
   );
+  ensureLiveManifestDefaults(target);
 
   // CLAUDE.md
   const claudeMd = `# ${discovery.project_name}\n\nStack: ${stack.join(", ") || "unknown"}\nGenerated by 0dai wizard.\n\n## Commands\n\nSee ai/manifest/ for full configuration.\n`;
@@ -198,9 +199,11 @@ function stepGenerate(target, agent, stack) {
   // ai/manifest files
   console.log("  ✓ ai/manifest/discovery.json");
   console.log("  ✓ ai/manifest/project.yaml");
+  console.log("  ✓ ai/manifest/current_state.json");
+  console.log("  ✓ ai/manifest/current_task.json");
   console.log("  ✓ ai/VERSION");
 
-  const count = 5; // CLAUDE.md, AGENTS.md, discovery.json, project.yaml, VERSION
+  const count = 7; // CLAUDE.md, AGENTS.md, discovery.json, project.yaml, live manifests, VERSION
   console.log("");
   console.log(`  ${count} configs generated in ai/ directory.`);
   return count;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@0dai-dev/cli",
-  "version": "4.3.5",
-  "description": "One config layer for seven AI coding agents — Claude Code, Codex, OpenCode, Gemini, Aider, Qoder",
+  "version": "4.3.7",
+  "description": "One config layer for seven AI coding agents \u2014 Claude Code, Codex, OpenCode, Gemini, Aider, Qoder, Cursor",
   "bin": {
     "0dai": "./bin/0dai.js"
   },
@@ -29,18 +29,24 @@
     "url": "https://github.com/0dai-dev/0dai/issues"
   },
   "homepage": "https://0dai.dev",
+  "privacy": "https://0dai.dev/legal/privacy",
   "engines": {
     "node": ">=20"
   },
   "scripts": {
     "postinstall": "node scripts/postinstall.js || true",
     "build:tui": "node scripts/build-tui.js",
-    "prepack": "node scripts/build-tui.js"
+    "build:python": "node scripts/build-python-bundle.js",
+    "prepack": "node scripts/build-tui.js && node scripts/build-python-bundle.js"
   },
   "files": [
     "bin/",
     "lib/",
     "scripts/",
+    "!scripts/__pycache__/",
+    "!scripts/**/*.pyc",
+    "!lib/**/__pycache__/",
+    "!lib/**/*.pyc",
     "README.md",
     "!lib/tui/src/**"
   ],

package/scripts/build-python-bundle.js

@@ -0,0 +1,106 @@
+const path = require('path');
+const fs = require('fs');
+
+const ROOT = path.resolve(__dirname, '..');
+const REPO = path.resolve(ROOT, '..', '..');
+const SRC_DIR = path.join(REPO, 'scripts');
+const LIB_DIR = path.join(ROOT, 'lib');
+const OUT_DIR = path.join(ROOT, 'lib', 'python');
+const FILES = [
+  'experience_pipeline.py',
+  'anti_pattern_detector.py',
+  'auth.py',
+  'project_manager.py',
+  'json_utils.py',
+  // bundle-quickwins (#4363 triage): pure-stdlib single-file commands.
+  // drift_detector.py imports json_utils (above) — both land in lib/python/.
+  'heatmap.py',
+  'model_router.py',
+  'agent_quotas.py',
+  'receipt_png.py',
+  'drift_detector.py',
+  // bundle mid-wave (#4363): pure-stdlib closures, no pip deps.
+  // usage_ledger imports swarm_cost; compliance_report imports json_utils (above).
+  'usage_ledger.py',
+  'swarm_cost.py',
+  'compliance_report.py',
+  // bundle heavy-wave (#4363): doctor + graph closures, all pure-stdlib, no pip.
+  // doctor: provider check (provider_profiles -> capi_profile_guard) + mcp
+  // exposure check (mcp_exposure_check -> anomaly_alert); drift already above.
+  'provider_profiles.py',
+  'capi_profile_guard.py',
+  'mcp_exposure_check.py',
+  'anomaly_alert.py',
+  // provider registry: npm list/switch/clear wrapper + BYOK registry module.
+  'provider_registry.py',
+  'provider_registry_cli.py',
+  // graph: graph_slicer_cli + structural_memory pull the split graph_* modules
+  // via the graph.py compatibility facade.
+  'graph.py',
+  'graph_core.py',
+  'graph_io.py',
+  'graph_legacy.py',
+  'graph_legacy_helpers.py',
+  'graph_outcomes_core.py',
+  'graph_queries.py',
+  'graph_slice.py',
+  'graph_slicer.py',
+  'graph_slicer_cli.py',
+  'graph_validation.py',
+  'structural_memory.py'
+];
+const DATA_FILES = [
+  {
+    src: path.join(REPO, 'ai', 'manifest', 'mcp-exposure-contract.json'),
+    dest: path.join(LIB_DIR, 'ai', 'manifest', 'mcp-exposure-contract.json'),
+  },
+  {
+    src: path.join(REPO, 'ai', 'meta', 'manifest', 'mcp-tool-tiers.json'),
+    dest: path.join(LIB_DIR, 'ai', 'meta', 'manifest', 'mcp-tool-tiers.json'),
+  },
+  {
+    src: path.join(REPO, 'templates', 'layer', 'ai', 'registry', 'mcp-catalog.json'),
+    dest: path.join(LIB_DIR, 'ai', 'registry', 'mcp-catalog.json'),
+  },
+  {
+    src: path.join(SRC_DIR, 'mcp_tier_config.py'),
+    dest: path.join(LIB_DIR, 'scripts', 'mcp_tier_config.py'),
+  },
+];
+
+try {
+  if (!fs.existsSync(SRC_DIR)) {
+    console.error(`[py-bundle] missing required scripts directory: ${SRC_DIR}`);
+    process.exit(1);
+  }
+
+  fs.mkdirSync(OUT_DIR, { recursive: true });
+
+  for (const file of FILES) {
+    const srcPath = path.join(SRC_DIR, file);
+    const outPath = path.join(OUT_DIR, file);
+
+    if (fs.existsSync(srcPath)) {
+      fs.copyFileSync(srcPath, outPath);
+    } else {
+      console.error(`[py-bundle] missing required source file: ${file}`);
+      process.exit(1);
+    }
+  }
+
+  for (const { src, dest } of DATA_FILES) {
+    if (!fs.existsSync(src)) {
+      console.error(`[py-bundle] missing required data file: ${path.relative(REPO, src)}`);
+      process.exit(1);
+    }
+    fs.mkdirSync(path.dirname(dest), { recursive: true });
+    fs.copyFileSync(src, dest);
+  }
+
+  fs.writeFileSync(path.join(OUT_DIR, '__init__.py'), '');
+
+  console.log(`[py-bundle] wrote ${FILES.length} python files and ${DATA_FILES.length} data files to lib`);
+} catch (e) {
+  console.error('[py-bundle] failed:', e.message);
+  process.exit(1);
+}