@0dai-dev/cli 4.3.6 → 4.3.8

package/lib/commands/doctor.js

@@ -1,12 +1,28 @@
 "use strict";
 const shared = require("../shared");
-const { log, T, R, D, fs, path, spawnSync, findRepoScript, SUPPORTED_CLIS, recordExperienceEvent } = shared;
+const {
+  log,
+  T,
+  R,
+  D,
+  fs,
+  path,
+  spawnSync,
+  findRepoScript,
+  repoScriptCandidates,
+  resolvePythonScript,
+  SUPPORTED_CLIS,
+  cliDisplayName,
+  recordExperienceEvent,
+} = shared;
 
 const LOCAL_LAYER_CHECKS = Object.freeze([
   ["ai/VERSION", "ai/VERSION", "error"],
   ["ai/manifest/project.yaml", "ai/manifest/project.yaml", "error"],
   ["ai/manifest/discovery.json", "ai/manifest/discovery.json", "warn"],
   ["ai/manifest/commands.yaml", "ai/manifest/commands.yaml", "warn"],
+  ["ai/manifest/current_state.json", "ai/manifest/current_state.json", "warn"],
+  ["ai/manifest/current_task.json", "ai/manifest/current_task.json", "warn"],
   [".claude/settings.json", ".claude/settings.json", "warn"],
   ["AGENTS.md", "AGENTS.md", "warn"],
 ]);
@@ -25,7 +41,7 @@ function nodePtyProbe() {
       name: "node-pty",
       present: false,
       sev: "warn",
-      hint: "install node-pty for terminal sessions: npm i -g node-pty",
+      hint: "install node-pty in the 0dai CLI package for terminal sessions",
     };
   }
 }
@@ -48,6 +64,149 @@ function ghostAuthStatus(home = process.env.HOME || process.env.USERPROFILE || "
   };
 }
 
+function _ghProbeEnv(env, configDir = "", unsetConfigDir = false) {
+  const next = { ...process.env, ...(env || {}) };
+  if (unsetConfigDir) delete next.GH_CONFIG_DIR;
+  else if (configDir) next.GH_CONFIG_DIR = configDir;
+  return next;
+}
+
+function _probeGhIdentity(spec, options = {}) {
+  const runner = options.spawnSync || spawnSync;
+  const env = options.env || process.env;
+  const timeout = options.timeout || 5000;
+  const configDir = spec.configDir || "";
+  const expectedLogin = spec.expectedLogin || "";
+  const required = !!spec.required;
+  const check = {
+    name: spec.name,
+    role: spec.role,
+    ok: false,
+    sev: "info",
+    status: "unknown",
+    login: "",
+    expected_login: expectedLogin,
+    config_dir: configDir,
+    configured: true,
+    hint: "",
+  };
+
+  if (configDir && !fs.existsSync(configDir)) {
+    check.configured = false;
+    check.status = "missing_config";
+    check.sev = required ? "warn" : "info";
+    check.hint = required
+      ? `configured gh identity dir is missing: ${configDir}`
+      : `not configured: ${configDir}`;
+    return check;
+  }
+
+  let result;
+  try {
+    result = runner("gh", ["api", "user", "--jq", ".login"], {
+      stdio: ["ignore", "pipe", "pipe"],
+      encoding: "utf8",
+      timeout,
+      env: _ghProbeEnv(env, configDir, !!spec.unsetConfigDir),
+    });
+  } catch (error) {
+    check.status = "probe_failed";
+    check.sev = configDir || required ? "warn" : "info";
+    check.hint = String(error && error.message ? error.message : error).split("\n").slice(-1)[0] || "gh probe failed";
+    return check;
+  }
+
+  if (result && result.error && result.error.code === "ENOENT") {
+    check.status = "gh_missing";
+    check.sev = configDir || required ? "warn" : "info";
+    check.hint = "gh CLI not installed";
+    return check;
+  }
+
+  const exitCode = result && typeof result.status === "number" ? result.status : null;
+  const login = String((result && result.stdout) || "").trim();
+  if (exitCode !== 0 || !login) {
+    check.status = "not_authenticated";
+    check.sev = configDir || required ? "warn" : "info";
+    check.hint = configDir
+      ? `token invalid or expired for ${configDir}; re-auth ${expectedLogin || "the configured review identity"} with gh`
+      : "default gh CLI identity is not authenticated; run: gh auth login";
+    if (exitCode !== null) check.exit_code = exitCode;
+    return check;
+  }
+
+  check.login = login;
+  if (expectedLogin && login !== expectedLogin) {
+    check.status = "login_mismatch";
+    check.sev = "warn";
+    check.hint = `resolves to '${login}', expected '${expectedLogin}'; re-auth the fenced gh config dir`;
+    return check;
+  }
+
+  check.ok = true;
+  check.sev = "ok";
+  check.status = "ok";
+  check.hint = expectedLogin
+    ? `authenticated as expected ${expectedLogin}`
+    : `authenticated as ${login}`;
+  return check;
+}
+
+function collectGitHubIdentityPayload(target, options = {}) {
+  const env = options.env || process.env;
+  const primaryDir = env.OPERATOR_GH_REVIEW_CONFIG_DIR || path.join(target, ".0dai", "gh-lead-0dai-review");
+  const primaryLogin = env.OPERATOR_GH_REVIEW_EXPECTED_LOGIN || "pq1-dev";
+  const fallbackDir = env.OPERATOR_GH_REVIEW_FALLBACK_CONFIG_DIR || "";
+  const fallbackLogin = env.OPERATOR_GH_REVIEW_FALLBACK_LOGIN || "";
+  const legacyPq1Dir = "/root/.config/gh-pq1";
+  const specs = [
+    {
+      role: "default",
+      name: "default gh identity",
+      unsetConfigDir: true,
+    },
+  ];
+  const seenDirs = new Set();
+
+  function addConfig(role, name, configDir, expectedLogin, required = false) {
+    if (!configDir || seenDirs.has(configDir)) return;
+    seenDirs.add(configDir);
+    specs.push({ role, name, configDir, expectedLogin, required });
+  }
+
+  addConfig(
+    "env-gh-config",
+    "GH_CONFIG_DIR identity",
+    env.GH_CONFIG_DIR || "",
+    env.GH_CONFIG_DIR === legacyPq1Dir ? "pq1-dev" : "",
+    true,
+  );
+  addConfig(
+    "review-primary",
+    "pq1-dev review identity",
+    primaryDir,
+    primaryLogin,
+    Boolean(env.OPERATOR_GH_REVIEW_CONFIG_DIR),
+  );
+  if (fallbackDir || fallbackLogin) {
+    addConfig("review-fallback", "fallback review identity", fallbackDir, fallbackLogin, true);
+  }
+  if (legacyPq1Dir !== primaryDir && (env.GH_CONFIG_DIR === legacyPq1Dir || fs.existsSync(legacyPq1Dir))) {
+    addConfig("review-legacy-pq1", "legacy pq1-dev review identity", legacyPq1Dir, "pq1-dev", true);
+  }
+
+  const checks = specs.map((spec) => _probeGhIdentity(spec, options));
+  const warnings = checks.filter((check) => check.sev === "warn" && !check.ok).length;
+  return {
+    status: warnings ? "warn" : "ok",
+    warnings,
+    checks,
+    next_step: warnings
+      ? "Rotate or remove stale fenced gh review credentials; default gh identity is separate from pq1-dev review identity."
+      : "GitHub identity diagnostics are non-blocking.",
+  };
+}
+
 function collectLayerChecks(target) {
   return LOCAL_LAYER_CHECKS.map(([name, relPath, missingSev]) => {
     const fullPath = path.join(target, relPath);
@@ -61,19 +220,489 @@ function collectLayerChecks(target) {
   });
 }
 
-function collectDoctorPayload(target) {
+function parseReleaseVersion(value) {
+  const match = String(value || "").trim().match(/^(\d+)\.(\d+)\.(\d+)(?:[-+].*)?$/);
+  if (!match) return null;
+  return match.slice(1, 4).map((part) => Number(part));
+}
+
+function compareReleaseVersions(a, b) {
+  const left = parseReleaseVersion(a);
+  const right = parseReleaseVersion(b);
+  if (!left || !right) return null;
+  return left[0] - right[0] || left[1] - right[1] || left[2] - right[2];
+}
+
+function collectLayerVersionFreshness(target, cliVersion = shared.VERSION) {
+  const versionPath = path.join(target, "ai", "VERSION");
+  let current = "";
+  try { current = fs.readFileSync(versionPath, "utf8").trim(); } catch {}
+  const cmp = compareReleaseVersions(current, cliVersion);
+  if (!current) {
+    return {
+      status: "missing",
+      ok: false,
+      sev: "error",
+      current: "",
+      expected: cliVersion,
+      hint: `missing: ${versionPath}`,
+    };
+  }
+  if (cmp === null) {
+    return {
+      status: "unknown",
+      ok: true,
+      sev: "info",
+      current,
+      expected: cliVersion,
+      hint: "ai/VERSION is not a release semver; skipping freshness check",
+    };
+  }
+  if (cmp < 0) {
+    return {
+      status: "stale",
+      ok: false,
+      sev: "warn",
+      current,
+      expected: cliVersion,
+      hint: `ai/VERSION stale: ${current} -> ${cliVersion}; run: 0dai sync`,
+    };
+  }
+  if (cmp > 0) {
+    return {
+      status: "newer",
+      ok: true,
+      sev: "info",
+      current,
+      expected: cliVersion,
+      hint: `project layer ${current} is newer than CLI ${cliVersion}; not recommending sync`,
+    };
+  }
+  return {
+    status: "ok",
+    ok: true,
+    sev: "ok",
+    current,
+    expected: cliVersion,
+    hint: "ai/VERSION matches installed CLI",
+  };
+}
+
+function collectDriftPayload(target, options = {}) {
+  const scriptName = "drift_detector.py";
+  const candidates = options.candidates || repoScriptCandidates(target, scriptName);
+  const findScript = options.findRepoScript || resolvePythonScript;
+  const script = Object.prototype.hasOwnProperty.call(options, "script")
+    ? options.script
+    : findScript(target, scriptName);
+
+  if (!script) {
+    return {
+      status: "unavailable",
+      available: false,
+      helper: scriptName,
+      reason: "helper_not_found",
+      message: "drift detector unavailable in this environment",
+      checked_paths: candidates,
+      next_step: "Run from a 0dai repo checkout or sync/install the managed project helper scripts, then rerun: 0dai doctor --drift --json",
+    };
+  }
+
+  const runner = options.spawnSync || spawnSync;
+  const result = runner("python3", [script, "report", "--target", target], {
+    stdio: ["ignore", "pipe", "pipe"],
+    encoding: "utf8",
+    timeout: options.timeout || 15000,
+  });
+  const exitCode = typeof result.status === "number" ? result.status : null;
+  const stdout = String(result.stdout || "").trim();
+  const stderr = String(result.stderr || "").trim();
+  return {
+    status: exitCode === 0 ? "ok" : "error",
+    available: true,
+    helper: scriptName,
+    script,
+    command: `python3 ${script} report --target ${target}`,
+    exit_code: exitCode,
+    report: stdout,
+    ...(stderr ? { stderr } : {}),
+  };
+}
+
+function _detectAgentKind(env = process.env) {
+  return env.ODAI_AGENT_KIND || env.ODAI_AGENT || env.CLAUDE_AGENT_KIND || "default";
+}
+
+function _readMcpConfigSummary(target) {
+  const configPath = path.join(target, ".mcp.json");
+  const summary = {
+    path: "",
+    configured: false,
+    servers: [],
+    odai_servers: [],
+  };
+  if (!fs.existsSync(configPath)) return summary;
+  summary.path = configPath;
+  try {
+    const data = JSON.parse(fs.readFileSync(configPath, "utf8"));
+    const servers = data && data.mcpServers && typeof data.mcpServers === "object"
+      ? Object.keys(data.mcpServers)
+      : [];
+    summary.servers = servers;
+    summary.odai_servers = servers.filter((name) => name.toLowerCase().includes("0dai"));
+    summary.configured = summary.odai_servers.length > 0;
+  } catch {
+    summary.configured = false;
+  }
+  return summary;
+}
+
+function _exposureNextStep(payload) {
+  if (!payload.configured) return "run: 0dai sync --target .";
+  if (payload.status === "green") return "0dai MCP tools exposed";
+  const agent = String(payload.agent || "agent").toLowerCase();
+  const reconnect = agent.includes("codex")
+    ? "restart/reconnect Codex CLI"
+    : agent.includes("claude")
+      ? "restart/reconnect Claude Code"
+      : "restart/reconnect active agent CLI";
+  if (payload.status === "yellow" || payload.status === "red") {
+    return `${reconnect}; fallback: 0dai mcp doctor --json`;
+  }
+  return `set ODAI_EXPOSED_MCP_TOOLS; fallback: 0dai mcp doctor --json`;
+}
+
+function collectMcpExposurePayload(target, options = {}) {
+  const env = options.env || process.env;
+  const agent = options.agent || _detectAgentKind(env);
+  const config = _readMcpConfigSummary(target);
+  const scriptName = "mcp_exposure_check.py";
+  const script = Object.prototype.hasOwnProperty.call(options, "script")
+    ? options.script
+    : resolvePythonScript(target, scriptName);
+  const observedRaw = String(env.ODAI_EXPOSED_MCP_TOOLS || "").trim();
+  const payload = {
+    agent,
+    status: "unknown",
+    configured: config.configured,
+    config_path: config.path,
+    servers: config.servers,
+    odai_servers: config.odai_servers,
+    observed_count: 0,
+    expected_tool_count: 0,
+    missing_required: [],
+    missing_recommended: [],
+    helper: script || "",
+    reason: observedRaw ? "" : "runtime_tool_list_not_reported",
+  };
+
+  if (!script) {
+    payload.reason = "helper_not_found";
+    payload.next_step = _exposureNextStep(payload);
+    return payload;
+  }
+
+  const runner = options.spawnSync || spawnSync;
+  let result;
+  try {
+    result = runner("python3", [script, "--agent", agent], {
+      stdio: ["ignore", "pipe", "pipe"],
+      encoding: "utf8",
+      timeout: options.timeout || 5000,
+      env: { ...process.env, ...env },
+    });
+  } catch (error) {
+    payload.reason = "helper_failed";
+    payload.stderr = String(error && error.message ? error.message : error).split("\n").slice(-1)[0] || "";
+    payload.next_step = _exposureNextStep(payload);
+    return payload;
+  }
+  const stdout = String(result.stdout || "").trim();
+  const stderr = String(result.stderr || "").trim();
+  if (result.status !== 0 && !stdout) {
+    payload.reason = "helper_failed";
+    payload.stderr = stderr.split("\n").slice(-1)[0] || "";
+    payload.next_step = _exposureNextStep(payload);
+    return payload;
+  }
+  try {
+    const checked = JSON.parse(stdout);
+    Object.assign(payload, {
+      status: checked.status || "unknown",
+      blocking: !!checked.blocking,
+      anomaly_type: checked.anomaly_type || "",
+      observed_count: Number(checked.observed_count || 0),
+      expected_tool_count: Number(checked.expected_tool_count || 0),
+      required: checked.required || [],
+      recommended: checked.recommended || [],
+      missing_required: checked.missing_required || [],
+      missing_recommended: checked.missing_recommended || [],
+      observed_required: checked.observed_required || [],
+      observed_recommended: checked.observed_recommended || [],
+      contract_tool_count: Number(checked.contract_tool_count || 0),
+      tier_config_tool_count: Number(checked.tier_config_tool_count || 0),
+      contract_tier_count_match: checked.contract_tier_count_match,
+      reason: checked.status === "unknown" && !observedRaw ? "runtime_tool_list_not_reported" : "",
+    });
+  } catch {
+    payload.reason = "helper_output_unparseable";
+  }
+  payload.next_step = _exposureNextStep(payload);
+  return payload;
+}
+
+function formatMcpExposureLine(payload) {
+  const serverText = payload.configured
+    ? `configured: ${payload.odai_servers.join(", ")}`
+    : "not configured";
+  const observed = Number(payload.observed_count || 0);
+  const expected = Number(payload.expected_tool_count || 0);
+  const observedText = observed ? `${observed}/${expected || "?"} observed` : "not reported by runtime";
+  return `${payload.status} (${payload.agent}) — ${serverText}; ${observedText}`;
+}
+
+function printDriftReport(target, options = {}) {
+  const payload = collectDriftPayload(target, options);
+  console.log("\n  drift report:");
+  if (!payload.available) {
+    console.log(`  ${D}${payload.message}${R}`);
+    console.log(`  ${D}reason: ${payload.helper} was not found in the script lookup paths${R}`);
+    console.log(`  ${D}checked:${R}`);
+    for (const candidate of payload.checked_paths) console.log(`    ${D}- ${candidate}${R}`);
+    console.log(`  ${D}next: ${payload.next_step}${R}`);
+    return payload;
+  }
+  if (payload.report) console.log(payload.report);
+  else console.log(`  ${D}drift detector returned no output${R}`);
+  if (payload.status === "error") {
+    console.log(`  ${D}drift detector exited with status ${payload.exit_code ?? "unknown"}${R}`);
+    if (payload.stderr) console.log(`  ${D}${payload.stderr}${R}`);
+  }
+  return payload;
+}
+
+// --- security mode (0dai doctor --security) -------------------------------
+//
+// Static, code-derived disclosure of the data boundary so a reviewer can see,
+// without reading source, what leaves the box and which routes need operator
+// authZ. Three sections:
+//   1. egress   — network endpoints the CLI may call (reused verbatim from
+//                 trust.js _buildColdPayload so there is ONE egress list).
+//   2. local sinks — files the CLI writes locally (NOT egress) + the host-side
+//                 secret vault dir, live-detected and labeled.
+//   3. authZ    — deny-by-default operator-gate summary, enforced server-side
+//                 (web/src/lib/auth.ts requireOperator); described, not probed.
+//
+// This mode performs NO network calls and reads NO secret values — it only
+// reports paths and presence. Run `0dai trust` for the live enforced scope.
+
+// authZ summary mirrors web/src/lib/auth.ts. Tiers are described, not probed —
+// the CLI cannot reach into the deployment's route guards at runtime.
+const AUTHZ_SUMMARY = Object.freeze({
+  enforced_by: "web/src/lib/auth.ts (Next.js API routes)",
+  default: "deny",
+  note:
+    "Operator-state routes require authN + authZ. With ODAI_OPERATOR_EMAILS unset, "
+    + "every authenticated user is denied (403) — default-deny, not default-allow.",
+  tiers: Object.freeze([
+    {
+      level: "operator",
+      guard: "requireOperator",
+      rule: "authN + email in ODAI_OPERATOR_EMAILS allowlist; unset allowlist = deny all",
+      routes: "swarm/*, cli/[action], team",
+    },
+    {
+      level: "authenticated",
+      guard: "requireAuth",
+      rule: "any valid token (401 if absent/invalid)",
+      routes: "plugins",
+    },
+    {
+      level: "auth-forward",
+      guard: "forward",
+      rule: "web layer forwards any Authorization header to the Python API; downstream authZ enforced there (verify)",
+      routes: "admin/* (adminForwardAuth), events",
+    },
+    {
+      level: "open",
+      guard: "none",
+      rule: "intentionally unauthenticated public endpoints",
+      routes: "contact, public/*",
+    },
+  ]),
+});
+
+function _secretVaultProbe(home = process.env.HOME || process.env.USERPROFILE || "") {
+  // Host-side secret vault written by scripts/telegram_secrets.py and
+  // scripts/secrets_decrypt.sh — NOT by this CLI. We only report presence.
+  const dir = home ? path.join(home, ".config", "secrets") : "";
+  const present = Boolean(dir && fs.existsSync(dir));
+  return {
+    name: "~/.config/secrets",
+    path: dir,
+    present,
+    written_by_cli: false,
+    note: present
+      ? "present on this host; populated by server-side secret sync, not the CLI"
+      : "absent on this host; populated by server-side secret sync when configured (verify)",
+  };
+}
+
+function _mcpEgressEntry(target, env = process.env) {
+  // MCP cloud transport host — DEFAULT_MCP_HOST from lib/utils/mcp-auth.js,
+  // overridable via MCP_HOST / ODAI_MCP_HOST. The local 0dai + filesystem MCP
+  // servers run as on-box subprocesses (no egress); only the cloud server
+  // ("claude_ai_0dai") talks to the network. We also surface the configured
+  // server names from .mcp.json if present (no values, just names).
+  const host = env.MCP_HOST || env.ODAI_MCP_HOST || "https://mcp.0dai.dev";
+  let configured = [];
+  try {
+    configured = _readMcpConfigSummary(target).servers || [];
+  } catch { configured = []; }
+  return {
+    endpoint: `${host}/mcp`,
+    trigger: "MCP cloud server (claude_ai_0dai) when an agent CLI connects to it",
+    data: "MCP tool calls over an authenticated session; local 0dai + filesystem servers are on-box subprocesses (no egress)",
+    configured_servers: configured,
+  };
+}
+
+function collectSecurityPayload(target, options = {}) {
+  const home = options.home || process.env.HOME || process.env.USERPROFILE || "";
+  const env = options.env || process.env;
+  let egress;
+  try {
+    egress = require("./trust")._buildColdPayload(target).egress;
+  } catch {
+    egress = { status: "unavailable", note: "trust.js egress facts not loadable" };
+  }
+  // Augment the trust.js subset with the two surfaces the issue names that are
+  // not in that subset: the MCP cloud transport and the activation telemetry
+  // POST. Both are derived from real CLI code (mcp-auth.js, auth.js).
+  egress = JSON.parse(JSON.stringify(egress));
+  egress.note =
+    "Egress surfaces relevant to this disclosure (MCP, telemetry, on-command "
+    + "pushes). Not an exhaustive list of every /v1/* endpoint the CLI can reach.";
+  egress.mcp = _mcpEgressEntry(target, env);
+  if (Array.isArray(egress.on_explicit_command_only)) {
+    egress.on_explicit_command_only.push({
+      endpoint: "POST /v1/events (api.0dai.dev)",
+      trigger: "0dai activate free (best-effort, on successful activation)",
+      data: "activation event {event, timestamp, path, source}; no file contents, no secrets",
+    });
+  }
   return {
+    target,
+    generated_at: new Date().toISOString().replace(/\.\d+Z$/, "Z"),
+    note:
+      "Static, code-derived data boundary. This mode makes NO network calls and "
+      + "reads NO secret values. Run `0dai trust` for the live enforced scope.",
+    egress,
+    local_sinks: [
+      {
+        name: "ai/meta/telemetry/activation.jsonl",
+        kind: "local file write",
+        note: "activation funnel timing written to disk; a summary event is POSTed to /v1/events only on `0dai activate free` (see egress)",
+      },
+      {
+        name: "ai/meta/telemetry/*.jsonl",
+        kind: "local file write",
+        note: "MCP tool usage, operator-ack, and other local telemetry; written to disk, not auto-POSTed",
+      },
+    ],
+    secret_vault: _secretVaultProbe(home),
+    authz: AUTHZ_SUMMARY,
+    docs: "docs/data-boundary.md",
+  };
+}
+
+function printSecurityReport(target, options = {}) {
+  const payload = collectSecurityPayload(target, options);
+  const W = process.stdout.isTTY ? "\x1b[33m" : "";
+  const G = process.stdout.isTTY ? "\x1b[32m" : "";
+  const R2 = process.stdout.isTTY ? "\x1b[0m" : "";
+
+  console.log("\n  0dai doctor --security — data boundary");
+  console.log(`  ${D}${payload.note}${R2}`);
+
+  console.log("\n  egress (network):");
+  const eg = payload.egress || {};
+  if (Array.isArray(eg.unconditional)) {
+    console.log("    unconditional (every CLI run):");
+    for (const ep of eg.unconditional) {
+      console.log(`      * ${ep.endpoint}`);
+      console.log(`          ${D}trigger: ${ep.trigger}${R2}`);
+    }
+  }
+  if (eg.mcp) {
+    console.log("    MCP:");
+    console.log(`      * ${eg.mcp.endpoint}`);
+    console.log(`          ${D}trigger: ${eg.mcp.trigger}${R2}`);
+    if (Array.isArray(eg.mcp.configured_servers) && eg.mcp.configured_servers.length) {
+      console.log(`          ${D}configured servers: ${eg.mcp.configured_servers.join(", ")}${R2}`);
+    }
+  }
+  if (Array.isArray(eg.on_explicit_command_only)) {
+    console.log("    on explicit command only:");
+    for (const ep of eg.on_explicit_command_only) {
+      console.log(`      * ${ep.endpoint} ${D}(${ep.trigger})${R2}`);
+      console.log(`          ${D}data: ${ep.data}${R2}`);
+    }
+  }
+  if (!eg.unconditional && !eg.on_explicit_command_only) {
+    console.log(`    ${D}${eg.note || "egress facts unavailable"}${R2}`);
+  }
+
+  console.log("\n  local sinks (no egress):");
+  for (const sink of payload.local_sinks) {
+    console.log(`    * ${sink.name} ${D}(${sink.note})${R2}`);
+  }
+  const vault = payload.secret_vault;
+  const vaultMark = vault.present ? `${G}present${R2}` : `${D}absent${R2}`;
+  console.log(`    ${vaultMark} ${vault.name} ${D}(${vault.note})${R2}`);
+
+  console.log("\n  authZ (enforced server-side, deny-by-default):");
+  console.log(`    ${W}default: ${payload.authz.default}${R2} ${D}— ${payload.authz.note}${R2}`);
+  for (const tier of payload.authz.tiers) {
+    console.log(`    * ${tier.level.padEnd(13)} ${tier.guard} ${D}→ ${tier.routes}${R2}`);
+    console.log(`          ${D}${tier.rule}${R2}`);
+  }
+
+  console.log(`\n  ${D}Full doc: ${payload.docs}    Live enforced scope: 0dai trust${R2}`);
+  return payload;
+}
+
+function collectDoctorPayload(target, options = {}) {
+  const payload = {
     binary: "node",
     binary_version: shared.VERSION,
     checks: collectLayerChecks(target),
+    layer_version: collectLayerVersionFreshness(target),
+    mcp_exposure: collectMcpExposurePayload(target, options.mcpExposureOptions || {}),
+    node_pty: nodePtyProbe(),
   };
+  if (options.drift) {
+    payload.drift = collectDriftPayload(target, options.driftOptions || {});
+  }
+  return payload;
 }
 
 function cmdDoctor(target, options = {}) {
   const ai = path.join(target, "ai");
   if (!fs.existsSync(ai)) { log("No 0dai config found. Run: 0dai init"); return; }
+  if (options.security) {
+    if (options.json) {
+      const payload = collectSecurityPayload(target, options.securityOptions || {});
+      console.log(JSON.stringify(payload, null, 2));
+      return payload;
+    }
+    return printSecurityReport(target, options.securityOptions || {});
+  }
   if (options.json) {
-    const payload = collectDoctorPayload(target);
+    const payload = collectDoctorPayload(target, {
+      drift: options.drift,
+      driftOptions: options.driftOptions,
+    });
     console.log(JSON.stringify(payload, null, 2));
     return payload;
   }
@@ -152,6 +781,12 @@ function cmdDoctor(target, options = {}) {
     const mark = check.ok ? `${G}ok${R2}` : check.sev === "error" ? `${E}MISSING${R2}` : `${W}missing${R2}`;
     console.log(`    ${mark.padEnd(22)} ${check.name}`);
   }
+  const layerVersion = collectLayerVersionFreshness(target);
+  if (layerVersion.status === "stale") {
+    warnings++;
+    console.log(`    ${W}warn${R2}`.padEnd(22) + ` ai/VERSION stale ${D}${layerVersion.current} → ${layerVersion.expected}${R2}`);
+    console.log(`      ${D}→ run: 0dai sync${R2}`);
+  }
   // Explain WHY native configs are missing and what to do
   if (missingConfigs.length > 0) {
     const hasDiscovery = fs.existsSync(path.join(ai, "manifest", "discovery.json"));
@@ -171,9 +806,48 @@ function cmdDoctor(target, options = {}) {
     console.log(`    ${mark.padEnd(22)} ${c.name}${hint}`);
   }
 
+  const githubIdentities = collectGitHubIdentityPayload(target, options.githubIdentityOptions || {});
+  console.log("\n  GitHub identities:");
+  for (const check of githubIdentities.checks) {
+    if (!check.ok && check.sev === "warn") warnings++;
+    const mark = check.ok
+      ? `${G}ok${R2}`
+      : check.sev === "warn"
+        ? `${W}warn${R2}`
+        : `${D}not set${R2}`;
+    const expected = check.expected_login ? ` ${D}(expected ${check.expected_login})${R2}` : "";
+    const detail = check.ok && check.login ? ` ${D}(${check.login})${R2}` : "";
+    const hint = check.ok ? "" : `\n      ${D}→ ${check.hint}${R2}`;
+    console.log(`    ${mark.padEnd(22)} ${check.name}${expected}${detail}${hint}`);
+  }
+
+  const mcpExposure = collectMcpExposurePayload(target);
+  console.log("\n  MCP exposure:");
+  const mcpMark = mcpExposure.status === "green"
+    ? `${G}ok${R2}`
+    : mcpExposure.status === "red"
+      ? `${E}missing${R2}`
+      : mcpExposure.status === "yellow"
+        ? `${W}partial${R2}`
+        : `${D}unknown${R2}`;
+  console.log(`    ${mcpMark.padEnd(22)} ${formatMcpExposureLine(mcpExposure)}`);
+  if (mcpExposure.next_step && mcpExposure.status !== "green") {
+    console.log(`      ${D}→ ${mcpExposure.next_step}${R2}`);
+  }
+
+  const nodePty = nodePtyProbe();
+  if (!nodePty.present && nodePty.sev === "warn") warnings++;
+  console.log("\n  terminal sessions:");
+  const terminalMark = nodePty.sev === "ok"
+    ? `${G}ok${R2}`
+    : nodePty.sev === "warn"
+      ? `${W}warn${R2}`
+      : `${D}${nodePty.sev}${R2}`;
+  console.log(`    ${terminalMark.padEnd(22)} ${nodePty.name} ${D}(${nodePty.hint})${R2}`);
+
   console.log("\n  provider profiles:");
   try {
-    const providerScript = findRepoScript(target, "provider_profiles.py");
+    const providerScript = resolvePythonScript(target, "provider_profiles.py");
     if (!providerScript) {
       console.log(`    ${D}—${R2}       unavailable in this environment`);
     } else {
@@ -206,6 +880,7 @@ function cmdDoctor(target, options = {}) {
   let updatesAvailable = 0;
   console.log("\n  agent CLIs:");
   for (const cli of SUPPORTED_CLIS) {
+    const label = cliDisplayName(cli);
     let installed = false, ver = null;
     try {
       const out = _ef2(cli.bin, ["--version"], { timeout: 8000 }).toString().trim();
@@ -224,13 +899,13 @@ function cmdDoctor(target, options = {}) {
       }
       if (latest && ver && latest !== ver) {
         updatesAvailable++;
-        console.log(`    ${W}update${R2}  ${cli.name} ${D}${ver} → ${latest}${R2}`);
+        console.log(`    ${W}update${R2}  ${label} ${D}${ver} → ${latest}${R2}`);
         console.log(`      ${D}→ ${cli.install}${R2}`);
       } else {
-        console.log(`    ${G}ok${R2}      ${cli.name}${ver ? ` ${D}v${ver}${R2}` : ""}`);
+        console.log(`    ${G}ok${R2}      ${label}${ver ? ` ${D}v${ver}${R2}` : ""}`);
       }
     } else {
-      console.log(`    ${D}—${R2}       ${cli.name} ${D}not installed${R2}`);
+      console.log(`    ${D}—${R2}       ${label} ${D}not installed${R2}`);
       console.log(`      ${D}→ ${cli.install}${cli.altAuth ? ` (or ${cli.altAuth})` : ""}${R2}`);
     }
   }
@@ -267,10 +942,15 @@ function cmdDoctor(target, options = {}) {
   });
   if (errors && !options.suppressExitCode) process.exitCode = 1;
 
-  // Drift summary (lightweight — full report via --drift flag)
-  if (!options.drift) {
+  if (options.drift) {
+    const drift = printDriftReport(target, options.driftOptions || {});
+    if (drift.status === "error" && typeof drift.exit_code === "number" && drift.exit_code !== 0) {
+      process.exitCode = drift.exit_code;
+    }
+  } else {
+    // Drift summary (lightweight — full report via --drift flag)
     try {
-      const ds = findRepoScript(target, "drift_detector.py");
+      const ds = resolvePythonScript(target, "drift_detector.py");
       if (ds) {
         const dr = spawnSync("python3", [ds, "report", "--target", target],
                              { stdio: ["ignore", "pipe", "ignore"], encoding: "utf8", timeout: 5000 });
@@ -300,4 +980,19 @@ function cmdDoctor(target, options = {}) {
   }
 }
 
-module.exports = { cmdDoctor, ghostAuthStatus, nodePtyProbe, collectDoctorPayload, collectLayerChecks };
+module.exports = {
+  cmdDoctor,
+  ghostAuthStatus,
+  nodePtyProbe,
+  collectDoctorPayload,
+  collectLayerChecks,
+  collectLayerVersionFreshness,
+  compareReleaseVersions,
+  collectDriftPayload,
+  printDriftReport,
+  collectGitHubIdentityPayload,
+  collectMcpExposurePayload,
+  formatMcpExposureLine,
+  collectSecurityPayload,
+  printSecurityReport,
+};