@0dai-dev/cli 4.3.5 → 4.3.7

package/lib/commands/runner.js

@@ -376,6 +376,31 @@ function runRouteDryRunController(target, configPath, forwarded) {
   }
 }
 
+function runHostPoolPlanController(target, forwarded) {
+  const script = findRepoScript(target, "runner_host_pool_autosize.py");
+  if (!script) {
+    log("runner host-pool plan controller not found");
+    console.log(`  ${D}expected: scripts/runner_host_pool_autosize.py${R}`);
+    process.exitCode = 1;
+    return;
+  }
+  const result = spawnSync("python3", [script, "host-pool-plan", ...forwarded], {
+    encoding: "utf8",
+    timeout: 30000,
+    maxBuffer: 8 * 1024 * 1024,
+  });
+  if (result.error) {
+    log(`runner host-pool plan controller failed: ${result.error.message}`);
+    process.exitCode = 1;
+    return;
+  }
+  if (result.stdout) process.stdout.write(result.stdout);
+  if (result.stderr) process.stderr.write(result.stderr);
+  if (typeof result.status === "number" && result.status !== 0) {
+    process.exitCode = result.status;
+  }
+}
+
 function runLabelAuditController(target, configPath, forwarded) {
   const script = findRepoScript(target, "runner_label_audit.py");
   if (!script) {
@@ -468,6 +493,11 @@ function cmdRunner(target, sub, args) {
     return;
   }
 
+  if (command === "host-pool-plan" || command === "host-pool-autosize") {
+    runHostPoolPlanController(target, forwarded);
+    return;
+  }
+
   if (command === "label-audit") {
     runLabelAuditController(target, configPath, forwarded);
     return;
@@ -485,7 +515,7 @@ function cmdRunner(target, sub, args) {
   }
 
   if (command !== "status" && command !== "plan") {
-    console.log("Usage: 0dai runner [status|plan|queue-status|label-audit|burst-plan|route-dry-run|burst-apply|burst-preflight|burst-reap|burst-reap-plan] [--json] [--offline]");
+    console.log("Usage: 0dai runner [status|plan|queue-status|label-audit|burst-plan|route-dry-run|host-pool-plan|burst-apply|burst-preflight|burst-reap|burst-reap-plan] [--json] [--offline]");
     process.exitCode = 1;
     return;
   }

package/lib/commands/status.js

@@ -4,7 +4,15 @@ const {
   log, T, R, D, fs, path, spawnSync, findRepoScript,
   getSwarmQuotaLocal, _detectPlanLocal, PLAN_LEVELS, loadAuthState,
 } = shared;
-const { getActivationDurationStats, printActivationStats } = require("../utils/activation_telemetry");
+const {
+  getActivationDurationStats,
+  getActivationMergedPrStats,
+  printActivationStats,
+} = require("../utils/activation_telemetry");
+const {
+  collectMcpExposurePayload,
+  formatMcpExposureLine,
+} = require("./doctor");
 
 function countJson(dir) {
   try { return fs.readdirSync(dir).filter(f => f.endsWith(".json")).length; } catch { return 0; }
@@ -15,17 +23,32 @@ function loadJson(file) {
 }
 
 function loadProjectBinding(target) {
-  return loadJson(path.join(target, ".0dai", "project-binding.json"));
+  return shared.loadProjectBinding(target);
 }
 
-function collectStatusPayload(target) {
+function collectStatusPayload(target, options = {}) {
   const ai = path.join(target, "ai");
-  const identity = shared.buildProjectIdentity(target, shared.collectMetadata(target));
+  const baseIdentity = shared.buildProjectIdentity(target, shared.collectMetadata(target));
   const binding = loadProjectBinding(target);
-  const bindingStatus = (binding && binding.binding_status) || "local-only";
-  const bindingReason = binding
-    ? (binding.binding_status ? "" : "project-binding.json has no binding_status")
-    : "no .0dai/project-binding.json";
+  const identity = shared.applyBoundProjectIdentity(target, baseIdentity, binding);
+  // A binding whose stored target no longer matches this path (the project was
+  // moved/copied) must not report "bound" — the identity already falls back to
+  // the path-derived one, so the status must say "moved" and prompt a re-bind,
+  // not silently claim a stale project_id/name (#4363).
+  const bindingHasTarget =
+    !!binding &&
+    !!(binding.target || binding.current_target || (Array.isArray(binding.target_aliases) && binding.target_aliases.length));
+  const boundButMoved =
+    !!binding &&
+    binding.binding_status === "bound" &&
+    bindingHasTarget &&
+    !shared.bindingTargetMatches(target, binding);
+  const bindingStatus = boundButMoved ? "moved" : ((binding && binding.binding_status) || "local-only");
+  const bindingReason = boundButMoved
+    ? "binding target does not match this path — project moved or copied; re-bind to refresh identity"
+    : binding
+      ? (binding.binding_status ? "" : "project-binding.json has no binding_status")
+      : "no .0dai/project-binding.json";
   const bindingNextAction = bindingStatus === "bound" ? "" : "run 0dai project bind";
   let v = "?", stack = "?";
   try { v = fs.readFileSync(path.join(ai, "VERSION"), "utf8").trim(); } catch {}
@@ -60,7 +83,7 @@ function collectStatusPayload(target) {
   } catch {}
 
   try {
-    const ds = findRepoScript(target, "drift_detector.py");
+    const ds = shared.resolvePythonScript(target, "drift_detector.py");
     if (ds) {
       const dr = spawnSync("python3", [ds, "report", "--target", target],
                            { stdio: ["ignore", "pipe", "ignore"], encoding: "utf8", timeout: 5000 });
@@ -89,7 +112,7 @@ function collectStatusPayload(target) {
       queued: q,
       active: a,
       done: d,
-      quota_state: quota.plan === "free" ? "locked" : "available",
+      quota_state: Number(quota.daily_limit || 0) === 0 ? "locked" : "available",
       quota_plan: quota.plan,
       used_today: Number(quota.used_today || 0),
       daily_limit: Number(quota.daily_limit || 0),
@@ -116,13 +139,15 @@ function collectStatusPayload(target) {
     drift: {
       detected: driftDetected,
     },
+    mcp_exposure: collectMcpExposurePayload(target, options.mcpExposureOptions || {}),
     warnings: warningCount,
     activation_ttfv: getActivationDurationStats(target),
+    activation_first_merged_pr: getActivationMergedPrStats(target),
   };
 }
 
 function cmdStatus(target, options = {}) {
-  const payload = collectStatusPayload(target);
+  const payload = collectStatusPayload(target, options);
   if (options.json) {
     console.log(JSON.stringify(payload, null, 2));
     return payload;
@@ -146,6 +171,14 @@ function cmdStatus(target, options = {}) {
     console.log(`  session roaming: ${T}available (${payload.session.roaming_plan})${R}`);
   }
 
+  const mcpExposure = payload.mcp_exposure || {};
+  if (mcpExposure.status && mcpExposure.status !== "green") {
+    console.log(`  mcp exposure: ${formatMcpExposureLine(mcpExposure)}`);
+    if (mcpExposure.next_step) console.log(`    → ${mcpExposure.next_step}`);
+  } else if (mcpExposure.status === "green") {
+    console.log(`  mcp exposure: ${formatMcpExposureLine(mcpExposure)}`);
+  }
+
   if (payload.session.name) {
     console.log(`  session: ${payload.session.name} (agent: ${payload.session.agent || "?"})`);
   }

package/lib/commands/swarm.js

@@ -2,32 +2,121 @@
 const shared = require("../shared");
 const { log, T, R, D, fs, path, https, requirePlan, spawnSync, findRepoScript } = shared;
 
+// The npm package ships the lightweight swarm client; the Python orchestration
+// behind pick/run/quality/sessions runs from a 0dai repo checkout or dev install
+// (it needs the full toolchain + heavier deps). Emit an honest, actionable line
+// instead of dev-internal "probed: <path>" noise that npm users can't act on.
+function logSwarmOrchestrationUnavailable(capability, envVar) {
+  log(`${capability} is not available in the npm package`);
+  console.log(`  ${D}It runs from a 0dai repo checkout with the full Python toolchain.${R}`);
+  console.log(`  ${D}You need: the repo checkout + python3 + an installed agent CLI (claude/codex/...) + the gh CLI.${R}`);
+  console.log(`  ${D}Run 0dai doctor to see which prerequisites are missing.${R}`);
+  const power = envVar ? `  ·  power users: point ${envVar} at a local helper` : "";
+  console.log(`  ${D}Docs: https://0dai.dev/docs${power}${R}`);
+}
+
+function printSwarmHelp() {
+  console.log("Usage: 0dai swarm [status|pick|run|budget|estimate|quality|sessions|swarm-run]");
+  console.log("       0dai swarm add --task '...' [--for agent]");
+  console.log("       0dai swarm delegate --task '...' [--to agent]");
+  console.log("  pick      Pick one queued task for this agent: 0dai swarm pick --agent codex");
+  console.log("  run       One-shot: 0dai swarm run \"<goal>\" creates a task and dispatches it (queue-drains if no goal)");
+  console.log("  sessions  Show live session registry table (idle/busy/stale per session) [--json]");
+  console.log("  swarm-run Repo-checkout helper: add, dispatch, and wait for one swarm task as JSON");
+}
+
+function printSwarmRunHelp() {
+  console.log("Usage: 0dai swarm swarm-run --task '...' [--agent codex] [--files path ...] [--json]");
+  console.log("");
+  console.log("Adds, dispatches, and waits for one swarm task through scripts/swarm_run.py.");
+  console.log("Requires a full repo checkout helper or ODAI_SWARM_RUN_SCRIPT; otherwise use queue-only swarm commands.");
+}
+
+function swarmRunAvailability(target) {
+  const override = process.env.ODAI_SWARM_RUN_SCRIPT || "";
+  if (override) {
+    if (fs.existsSync(override)) return { available: true, source: "ODAI_SWARM_RUN_SCRIPT", path: override };
+    return {
+      available: false,
+      source: "ODAI_SWARM_RUN_SCRIPT",
+      path: override,
+      reason: "override path does not exist",
+    };
+  }
+  const script = findRepoScript(target, "swarm_run.py");
+  if (script) return { available: true, source: "auto", path: script };
+  return {
+    available: false,
+    source: "auto",
+    reason: "swarm_run.py not found",
+    probed: [
+      path.join(target, "scripts", "swarm_run.py"),
+      path.join(process.cwd(), "scripts", "swarm_run.py"),
+    ],
+  };
+}
+
+function printSwarmRunnerHint(target) {
+  const runner = swarmRunAvailability(target);
+  if (runner.available) {
+    console.log(`  ${D}runner: available (${runner.path})${R}`);
+    return runner;
+  }
+  console.log(`  ${D}runner: queue-only (${runner.reason}; set ODAI_SWARM_RUN_SCRIPT or sync scripts/swarm_run.py)${R}`);
+  return runner;
+}
+
 function cmdSwarm(target, sub, args) {
   const swarmDir = path.join(target, "ai", "swarm");
   const queueDir = path.join(swarmDir, "queue");
 
+  if (!sub || sub === "help" || sub === "--help" || sub === "-h") {
+    printSwarmHelp();
+    return;
+  }
+
+  if (sub === "pick") {
+    cmdPythonSwarm(target, "pick", args.slice(2));
+    return;
+  }
   if (sub === "swarm-run") {
     cmdSwarmRun(target, args.slice(2));
     return;
   }
+  if (sub === "run") {
+    cmdRun(target, args.slice(2));
+    return;
+  }
   if (sub === "status") {
     const count = (d) => { try { return fs.readdirSync(d).filter(f => f.endsWith(".json")).length; } catch { return 0; } };
     const q = count(path.join(swarmDir, "queue"));
     const a = count(path.join(swarmDir, "active"));
     const d = count(path.join(swarmDir, "done"));
     log(`swarm: ${q} queued, ${a} active, ${d} done`);
+    printSwarmRunnerHint(target);
     return;
   }
   if (sub === "add" || sub === "delegate") {
+    if (args.includes("--help") || args.includes("-h")) {
+      printSwarmHelp();
+      return;
+    }
+    const taskIndex = args.indexOf("--task");
+    const task = taskIndex >= 0 ? args[taskIndex + 1] : "";
+    if (!task || task.startsWith("--")) {
+      log(`Usage: 0dai swarm ${sub} --task '...' [--for agent]`);
+      process.exitCode = 1;
+      return;
+    }
     const gate = requirePlan("pro", "Swarm", target);
     if (gate) { log(gate.error); log(gate.hint); return; }
     fs.mkdirSync(queueDir, { recursive: true });
-    const task = args.find((_, i) => args[i - 1] === "--task") || "untitled";
     const forAgent = args.find((_, i) => ["--for", "--to"].includes(args[i - 1])) || "any";
     const id = `swarm-${Date.now()}`;
     const t = { id, title: task, assigned_to: forAgent, status: "pending", created_at: new Date().toISOString(), created_by: "cli" };
     fs.writeFileSync(path.join(queueDir, `${id}.json`), JSON.stringify(t, null, 2));
     log(`task created: ${id} → ${forAgent}`);
+    printSwarmRunnerHint(target);
     return;
   }
   if (sub === "webhook") {
@@ -185,7 +274,7 @@ function cmdSwarm(target, sub, args) {
   }
   if (sub === "quality") {
     const scorerScript = findRepoScript(target, "quality_scorer.py");
-    if (!scorerScript) { log("quality scorer unavailable"); return; }
+    if (!scorerScript) { logSwarmOrchestrationUnavailable("swarm quality scoring"); return; }
     const fwd = [scorerScript, "--target", target];
     if (args.includes("--json")) fwd.push("--json");
     for (let i = 2; i < args.length; i++) {
@@ -198,7 +287,7 @@ function cmdSwarm(target, sub, args) {
   }
   if (sub === "sessions") {
     const script = findRepoScript(target, "swarm_session_registry.py");
-    if (!script) { log("swarm session registry unavailable"); return; }
+    if (!script) { logSwarmOrchestrationUnavailable("the swarm session registry"); return; }
     const fwd = [script, "rebuild", "--stale-after", "600"];
     const asJson = args.includes("--json");
     if (!asJson) fwd.push("--write", path.join(swarmDir, "session_registry.json"));
@@ -250,12 +339,44 @@ function cmdSwarm(target, sub, args) {
     console.log(`  ${G2}idle${reset}: ${idle}  ${W2}busy${reset}: ${busy}  ${M2}stale${reset}: ${stale}  total: ${rows.length}\n`);
     return;
   }
-  console.log("Usage: 0dai swarm [status|add|delegate|budget|estimate|quality|sessions|swarm-run] [--task '...'] [--to agent]");
-  console.log("  sessions  Show live session registry table (idle/busy/stale per session) [--json]");
-  console.log("  swarm-run Add, dispatch, and wait for one swarm task as JSON");
+  printSwarmHelp();
+}
+
+function cmdPythonSwarm(target, subcommand, args) {
+  // Forward Python-backed swarm operations through scripts/swarm.py so quota,
+  // dispatch gates, pick semantics, and preflight messaging have one source of
+  // truth. `swarm-run` (hyphenated add+wait helper) stays on swarm_run.py.
+  let script = process.env.ODAI_SWARM_SCRIPT || "";
+  if (script && !fs.existsSync(script)) {
+    log(`swarm helper unavailable: ODAI_SWARM_SCRIPT=${script} does not exist`);
+    process.exit(1);
+  }
+  if (!script) script = findRepoScript(target, "swarm.py");
+  if (!script) {
+    logSwarmOrchestrationUnavailable("swarm orchestration", "ODAI_SWARM_SCRIPT");
+    process.exit(1);
+  }
+  const python = process.env.ODAI_SWARM_RUN_PYTHON || "python3";
+  const result = spawnSync(python, [script, "--target", target, subcommand, ...args], { stdio: "inherit" });
+  if (result.error) {
+    log(`swarm ${subcommand} failed: ${result.error.message}`);
+    process.exit(1);
+  }
+  if (typeof result.status === "number" && result.status !== 0) process.exit(result.status);
+}
+
+function cmdRun(target, args) {
+  // `0dai swarm run "<goal>"` — one-shot: forward to the python swarm.py `run`
+  // subcommand so the per-tier daily quota (check_swarm_quota / record_swarm_task)
+  // governs identically for the goal path and the queue-drain.
+  cmdPythonSwarm(target, "run", args);
 }
 
 function cmdSwarmRun(target, args) {
+  if (args.includes("--help") || args.includes("-h")) {
+    printSwarmRunHelp();
+    return;
+  }
   // #2143 hardening:
   // 1. `ODAI_SWARM_RUN_SCRIPT` env override lets tests inject a deterministic
   //    script path, bypassing the `findRepoScript` heuristic that walks up
@@ -269,15 +390,12 @@ function cmdSwarmRun(target, args) {
   let script = process.env.ODAI_SWARM_RUN_SCRIPT || "";
   if (script && !fs.existsSync(script)) {
     log(`swarm-run helper unavailable: ODAI_SWARM_RUN_SCRIPT=${script} does not exist`);
+    log(`  hint: set ODAI_SWARM_RUN_SCRIPT to a valid helper, unset it, or create the helper at that exact path`);
     process.exit(1);
   }
   if (!script) script = findRepoScript(target, "swarm_run.py");
   if (!script) {
-    const cwd = process.cwd();
-    log("swarm-run helper unavailable");
-    log(`  probed: ${path.join(target, "scripts", "swarm_run.py")}`);
-    log(`  probed: ${path.join(cwd, "scripts", "swarm_run.py")}`);
-    log(`  hint: set ODAI_SWARM_RUN_SCRIPT to override the lookup`);
+    logSwarmOrchestrationUnavailable("the swarm-run helper", "ODAI_SWARM_RUN_SCRIPT");
     process.exit(1);
   }
   const python = process.env.ODAI_SWARM_RUN_PYTHON || "python3";
@@ -289,4 +407,4 @@ function cmdSwarmRun(target, args) {
   if (typeof result.status === "number" && result.status !== 0) process.exit(result.status);
 }
 
-module.exports = { cmdSwarm, cmdSwarmRun };
+module.exports = { cmdSwarm, cmdSwarmRun, cmdRun, cmdPythonSwarm, swarmRunAvailability };

package/lib/commands/trust.js

@@ -0,0 +1,286 @@
+"use strict";
+// 0dai trust — pre-run blast-radius disclosure (F19 G3 / issue #3919).
+//
+// Renders, before any agent run, a human-readable summary of:
+//   (a) which paths agents may write vs which are protected
+//   (b) the authority matrix in force (AUTO / PICKER / FORBIDDEN per action x CLI)
+//   (c) what data leaves the repo
+//
+// WARM PATH (trust_scope.py found): delegates entirely to trust_scope.py, which
+// imports the SAME config the guards enforce.  No invented data.
+//
+// COLD PATH (trust_scope.py absent, i.e. pre-init repo): graceful degrade —
+// prints a clearly-labeled static DEFAULT scope summary and exits 0 (issue #4007).
+// This avoids the dead-end exit(1) that blocked maintainers evaluating blast-radius
+// before running `0dai init`.
+//
+// Usage:
+//   0dai trust [--json] [--target PATH]
+
+const shared = require("../shared");
+const { log, findRepoScript, spawnSync } = shared;
+
+// ── COLD-PATH: static default-scope payload ───────────────────────────────────
+//
+// Emitted when trust_scope.py is unavailable (pre-init / fresh npm install).
+//
+// Honesty contract — mirrors trust_scope.py's section labels:
+//   [ENFORCED] = gated right now, regardless of init state
+//   [DECLARED] = policy exists but gate materialises only after `0dai init`
+//   [DEFAULT]  = structural invariant described in docs, not a config file
+//
+// Why we are categorical rather than listing specific globs here:
+//   policy_enforcer.py (edit-time gate source) is NOT shipped in the npm bundle
+//   (package.json "files" includes only bin/, lib/, and scripts/ where scripts/
+//   carries only postinstall.js and build-tui.js — not policy_enforcer.py).
+//   Fabricating globs that might diverge from the enforced list would violate the
+//   honesty contract.  Run `0dai trust` after `0dai init` for the exact enforced list.
+//
+// Egress facts are derived from shared.js code (checkVersion fires unconditionally)
+// so they are the strongest honest cold signal we can disclose.
+
+function _buildColdPayload(target) {
+  return {
+    trust_scope_available: false,
+    scope: "default-pre-init",
+    note:
+      "trust_scope.py not found — this repo has not run `0dai init` yet. " +
+      "Showing DEFAULT scope: what 0dai does BEFORE repo-specific config exists. " +
+      "This is NOT the enforced scope. Run `0dai init` then `0dai trust` again.",
+    docs: "https://0dai.dev/docs",
+    target,
+    generated_at: new Date().toISOString().replace(/\.\d+Z$/, "Z"),
+
+    // ── A. Protected paths ────────────────────────────────────────────────
+    // Edit-time patterns come from policy_enforcer.py (not in npm bundle);
+    // merge-time patterns from ai/policy/path-protect.yaml (absent pre-init).
+    // Neither can be listed verbatim.  Describe the categories honestly.
+    //
+    // NOTE: ai/policy/** and ai/contracts/** are MERGE-TIME protected (by
+    // path-protect.yaml / 0dai-merge), NOT edit-time (not in policy_enforcer.py
+    // PROTECTED_WRITE_PATTERNS).  Do not conflate the two gates.
+    protected_paths: {
+      edit_time: {
+        status: "DEFAULT",
+        note:
+          "Edit-time gate is enforced by scripts/policy_enforcer.py via the 0dai MCP server. " +
+          "That file is not bundled in the npm package, so exact globs cannot be disclosed " +
+          "without a repo checkout.  The categories below are indicative examples from the " +
+          "published source; run `0dai trust` after `0dai init` for the authoritative list.",
+        categories_indicative: [
+          "credential / secret files (.env, .env.*, secrets/**, infra/secrets/**)",
+          "AI runtime state (ai/meta/**, ai/work/**, ai/sessions/**, ai/feedback/**)",
+          "AI memory file (ai/memory/memory.jsonl)",
+          "Applied lock (ai/manifest/applied-lock.json)",
+          "Terraform state (terraform.tfstate*)",
+          "Legacy memory bank (memory-bank/**)",
+        ],
+      },
+      merge_time: {
+        status: "DECLARED",
+        note:
+          "Merge-time gate reads ai/policy/path-protect.yaml (enforced by scripts/0dai-merge). " +
+          "Covers governance files including ai/policy/**, ai/contracts/**, and repo-specific " +
+          "protected paths declared by the maintainer. " +
+          "This file is generated by `0dai init`. Not present in a pre-init repo.",
+      },
+    },
+
+    // ── B. Agent authority matrix ─────────────────────────────────────────
+    // The per-action grant table (AUTO / PICKER / FORBIDDEN per action-id x CLI)
+    // materialises from ai/contracts/agent-authority.yaml after `0dai init`.
+    // That file is NOT in the npm bundle and cannot be verified at cold runtime,
+    // so we describe the structure categorically — not a fabricated action table.
+    authority: {
+      status: "DEFAULT",
+      note:
+        "Per-action grant table (AUTO / PICKER / FORBIDDEN) materialises from " +
+        "ai/contracts/agent-authority.yaml after `0dai init`. " +
+        "Dispatch-gate enforcement (ODAI_AUTONOMY_MATRIX_GATE=1) is opt-in, not default-on. " +
+        "Before init, no repo-specific grants are enforced.",
+      structural_description: {
+        "AUTO":    "agent may proceed unattended (e.g. issue create, read, CI runs)",
+        "PICKER":  "human must confirm before action executes (e.g. admin merges, deploys, protected writes)",
+        "FORBIDDEN": "action is never permitted without an explicit override (e.g. force-push to main, editing constitution)",
+      },
+      note_on_defaults:
+        "After `0dai init`, high-risk actions (admin merge, deploy, editing governance files) " +
+        "default to PICKER or FORBIDDEN.  Low-risk read and CI actions default to AUTO. " +
+        "Run `0dai trust` post-init to see the exact per-agent x per-action table.",
+    },
+
+    // ── C. Egress / telemetry ─────────────────────────────────────────────
+    // Derived from shared.js (checkVersion, apiCall).  These apply
+    // unconditionally on every CLI run, regardless of init state.
+    egress: {
+      status: "DEFAULT",
+      note:
+        "Derived from cli source (shared.js checkVersion + apiCall). " +
+        "Unconditional items fire on every CLI run, pre-init included.",
+      unconditional: [
+        {
+          endpoint: "GET /v1/version (api.0dai.dev)",
+          trigger:
+            "Every CLI run, throttled to at most once per " +
+            "ODAI_UPDATE_CHECK_INTERVAL (default 3600 s). Checks for CLI updates.",
+          headers_sent: [
+            "X-Device-ID — sha256 of stable local machine identifiers (no PII)",
+            "X-CLI-Version — installed CLI version string",
+          ],
+          request_body: null,
+        },
+      ],
+      on_explicit_command_only: [
+        {
+          endpoint: "POST /v1/graph/push",
+          trigger: "0dai graph push",
+          data: "graph-eligible artifact classes (no credentials, no file contents)",
+        },
+        {
+          endpoint: "POST /v1/report",
+          trigger: "0dai report push",
+          data: "cloud-sync-allowed artifact classes",
+        },
+        {
+          endpoint: "POST /v1/feedback",
+          trigger: "0dai feedback push",
+          data: "user_feedback_payload",
+        },
+        {
+          endpoint: "POST /v1/licenses/activate",
+          trigger: "0dai activate",
+          data: "device_fingerprint + license_code",
+        },
+      ],
+    },
+  };
+}
+
+/**
+ * Return the static default-scope output for a cold (pre-init) repo.
+ *
+ * Exported for direct unit-testing — avoids fighting findRepoScript's
+ * __dirname-anchored candidate resolution in subprocess tests.
+ *
+ * @param {string} target - Repo path shown in output (informational; not read from disk).
+ * @param {boolean} asJson - Emit JSON string instead of human-readable text.
+ * @returns {string}
+ */
+function renderColdScope(target, asJson) {
+  const payload = _buildColdPayload(target);
+
+  if (asJson) {
+    return JSON.stringify(payload, null, 2);
+  }
+
+  const HR  = "─".repeat(64);
+  const HR2 = "═".repeat(64);
+  const lines = [];
+
+  lines.push("");
+  lines.push(HR2);
+  lines.push("  0dai trust — pre-run blast-radius disclosure  [DEFAULT (pre-init) scope]");
+  lines.push(HR2);
+  lines.push(`  target:    ${payload.target}`);
+  lines.push(`  generated: ${payload.generated_at}`);
+  lines.push("");
+  lines.push("  NOTE  trust_scope.py not found — this repo has not run `0dai init` yet.");
+  lines.push("        This output shows DEFAULT scope: what 0dai does BEFORE any");
+  lines.push("        repo-specific config exists.  It is NOT the enforced scope.");
+  lines.push("        Run `0dai init`, then re-run `0dai trust` for the real scope.");
+  lines.push("");
+  lines.push("  Key: [ENFORCED] = gated now   [DECLARED] = post-init only");
+  lines.push("       [DEFAULT]  = structural invariant, not a config file");
+  lines.push("");
+
+  // ── A. Protected paths ────────────────────────────────────────────────────
+  lines.push("  A. Protected paths");
+  lines.push("  " + HR.slice(0, 60));
+
+  const et = payload.protected_paths.edit_time;
+  lines.push(`  [${et.status}] Edit-time gate`);
+  lines.push(`    ${et.note}`);
+  lines.push("    Indicative categories (run `0dai trust` post-init for the authoritative list):");
+  for (const cat of et.categories_indicative) {
+    lines.push(`      - ${cat}`);
+  }
+  lines.push("");
+
+  const mt = payload.protected_paths.merge_time;
+  lines.push(`  [${mt.status}] Merge-time gate`);
+  lines.push(`    ${mt.note}`);
+  lines.push("");
+
+  // ── B. Agent authority matrix ─────────────────────────────────────────────
+  lines.push("  B. Agent authority matrix");
+  lines.push("  " + HR.slice(0, 60));
+
+  const auth = payload.authority;
+  lines.push(`  [${auth.status}] ${auth.note}`);
+  lines.push("");
+  lines.push("    Decision levels:");
+  for (const [level, desc] of Object.entries(auth.structural_description)) {
+    lines.push(`      ${level.padEnd(12)} ${desc}`);
+  }
+  lines.push("");
+  lines.push(`    ${auth.note_on_defaults}`);
+  lines.push("");
+
+  // ── C. Data that leaves the repo ──────────────────────────────────────────
+  lines.push("  C. Data that leaves the repo");
+  lines.push("  " + HR.slice(0, 60));
+
+  const eg = payload.egress;
+  lines.push(`  [${eg.status}] ${eg.note}`);
+  lines.push("");
+  lines.push("    Unconditional (every CLI run, pre-init included):");
+  for (const ep of eg.unconditional) {
+    lines.push(`      * ${ep.endpoint}`);
+    lines.push(`          trigger: ${ep.trigger}`);
+    for (const h of ep.headers_sent) {
+      lines.push(`          header:  ${h}`);
+    }
+  }
+  lines.push("");
+  lines.push("    On explicit command only (not triggered by `0dai trust` itself):");
+  for (const ep of eg.on_explicit_command_only) {
+    lines.push(`      * ${ep.endpoint}`);
+    lines.push(`          trigger: ${ep.trigger}`);
+    lines.push(`          data:    ${ep.data}`);
+  }
+  lines.push("");
+
+  lines.push(HR);
+  lines.push("  Next steps to get the full enforced scope:");
+  lines.push("    1. Run `0dai init` to generate ai/ config.");
+  lines.push("    2. Run `0dai trust` again to see the repo-specific enforced scope.");
+  lines.push(`  Docs: ${payload.docs}`);
+  lines.push(HR);
+  lines.push("");
+
+  return lines.join("\n");
+}
+
+function cmdTrust(target, args) {
+  const scriptPath = findRepoScript(target, "trust_scope.py");
+
+  // COLD PATH — trust_scope.py not found (pre-init / cold npm install).
+  // Graceful degrade: print static DEFAULT scope summary and exit 0.
+  // Clearly labeled as "DEFAULT (pre-init) scope" — cannot be mistaken for
+  // the repo-specific enforced scope rendered by trust_scope.py (WARM path).
+  if (!scriptPath) {
+    const asJson = !!(args && args.includes("--json"));
+    console.log(renderColdScope(target, asJson));
+    process.exit(0);
+  }
+
+  // WARM PATH — delegate to trust_scope.py (behaviour unchanged).
+  const forwarded = [scriptPath, "--target", target];
+  if (args && args.includes("--json")) forwarded.push("--json");
+
+  const result = spawnSync("python3", forwarded, { stdio: "inherit" });
+  if (typeof result.status === "number") process.exit(result.status);
+  process.exit(1);
+}
+
+module.exports = { cmdTrust, renderColdScope };