@0dai-dev/cli 4.3.6 → 4.3.8

package/lib/commands/init.js

@@ -3,23 +3,38 @@ const crypto = require("crypto");
 const shared = require("../shared");
 const {
   T, R, D, W, log,
-  fs, path,
+  fs, path, os,
   VERSION, SUPPORTED_CLIS,
   CONFIG_DIR, PROJECTS_FILE,
   apiCall, makeEnsureAuthenticated, ensureLicenseActivation, loadAuthState,
-  collectMetadata, buildProjectIdentity, registerProject, hashManifestFiles,
-  writeFiles, sendProjectHeartbeat, recordExperienceEvent,
-  logFirstRunSuccess,
+  collectMetadata, inferProjectName, detectStackHint,
+  buildProjectIdentity, registerProject, projectIdFor, hashManifestFiles,
+  loadProjectBinding, boundProjectIdentityFromBinding, validateProjectDisplayName,
+  writeProjectBinding,
+  writeFiles, missingLiveManifestDefaults, ensureLiveManifestDefaults, LIVE_MANIFEST_DEFAULTS,
+  sendProjectHeartbeat, recordExperienceEvent,
+  logFirstRunSuccess, checkVersion,
 } = shared;
 const { cmdAuthLogin, ensureAccountForActivation, parseActivationArgs } = require("./auth");
 const { ensureGithubFlowPolicy, warnHooksPathDrift } = require("./gh");
 const { renderFileMapDiff, confirmOrExit, shouldAutoYes } = require("../utils/diff-preview");
 const { bootstrapMcp } = require("../utils/mcp-auth");
 const { recordActivationInit } = require("../utils/activation_telemetry");
+const { projectIdForExplicitRebindFromBinding, readProjectManifest } = require("../utils/identity");
 
 const ensureAuthenticated = makeEnsureAuthenticated(cmdAuthLogin);
 const SYNC_FULL_CONTENT_LIMIT = 10000;
 const CLOUD_INIT_CHECKPOINT_REL = path.join(".0dai", "cloud-init-checkpoint.json");
+const INIT_RUNTIME_GITIGNORE_LINES = [
+  ".0dai/",
+  "ai/.backups/",
+  "ai/manifest/audit.jsonl",
+  "ai/manifest/wal.jsonl",
+  "ai/manifest/project_graph_usage.json",
+  "ai/experience/archive/",
+  "ai/experience/events/",
+  "ai/experience/warnings.json",
+];
 
 function hashFile(filePath) {
   const hash = crypto.createHash("sha256");
@@ -123,6 +138,16 @@ function registerProjectOrExit(target, name, stack) {
   }
 }
 
+function projectBindHostRegistryInfo(target) {
+  return {
+    scope: "host-local",
+    host: os.hostname(),
+    registry: PROJECTS_FILE,
+    project_path: path.resolve(target),
+    note: "0dai project bind writes this host's registry. A remote operator MCP server reads its own host registry and will not see this bind automatically.",
+  };
+}
+
 function collectCurrentAiFiles(target) {
   const currentFiles = {};
   const aiDir = path.join(target, "ai");
@@ -225,6 +250,26 @@ function clearCloudInitCheckpoint(target) {
   try { fs.unlinkSync(cloudInitCheckpointPath(target)); } catch {}
 }
 
+function ensureRuntimeGitignore(target) {
+  const gi = path.join(target, ".gitignore");
+  try {
+    const text = fs.existsSync(gi) ? fs.readFileSync(gi, "utf8") : "";
+    const existing = new Set(text.split(/\r?\n/).map((line) => line.trim()).filter(Boolean));
+    const missing = INIT_RUNTIME_GITIGNORE_LINES.filter((line) => !existing.has(line));
+    if (!missing.length) return [];
+
+    let block = "";
+    if (text.length && !text.endsWith("\n")) block += "\n";
+    if (text.length) block += "\n";
+    block += "# 0dai runtime state\n";
+    block += `${missing.join("\n")}\n`;
+    fs.appendFileSync(gi, block, "utf8");
+    return missing;
+  } catch {
+    return [];
+  }
+}
+
 function maybePauseCloudInitForAuth(target, args = [], options = {}) {
   if (options.dryRun || options.localMode) return false;
   if (_hasAuthToken()) return false;
@@ -232,6 +277,7 @@ function maybePauseCloudInitForAuth(target, args = [], options = {}) {
   if (parsed.authCode) return false;
   if (process.stdout.isTTY && process.stdin.isTTY) return false;
 
+  ensureRuntimeGitignore(target);
   const checkpoint = writeCloudInitCheckpoint(target, {
     args,
     stage: "auth_required",
@@ -241,23 +287,89 @@ function maybePauseCloudInitForAuth(target, args = [], options = {}) {
   console.log(`  ${D}Checkpoint: ${CLOUD_INIT_CHECKPOINT_REL}${R}`);
   console.log(`  ${D}Run: ${checkpoint.next_command}${R}`);
   console.log(`  ${D}Then: ${checkpoint.resume_command}${R}`);
+  console.log(`  ${D}Or run offline without signing in: 0dai init --local${R}`);
   process.exit(1);
 }
 
+function parseProjectBindOptions(args = []) {
+  const options = { json: args.includes("--json"), name: "" };
+  for (let i = 0; i < args.length; i++) {
+    const arg = String(args[i] || "");
+    if (arg === "--name") {
+      const next = args[i + 1];
+      if (!next || String(next).startsWith("--")) {
+        return { ...options, error: "--name requires a project display name" };
+      }
+      const validated = validateProjectDisplayName(next);
+      if (!validated.ok) return { ...options, error: validated.error };
+      options.name = validated.name;
+      i++;
+      continue;
+    }
+    if (arg.startsWith("--name=")) {
+      const validated = validateProjectDisplayName(arg.slice("--name=".length));
+      if (!validated.ok) return { ...options, error: validated.error };
+      options.name = validated.name;
+    }
+  }
+  return options;
+}
+
 async function cmdProjectBind(target, args = []) {
-  const json = args.includes("--json");
+  const bindOptions = parseProjectBindOptions(args);
+  if (bindOptions.error) {
+    log(`error: ${bindOptions.error}`);
+    process.exit(1);
+  }
+  const json = bindOptions.json;
   const authStatus = await ensureAuthenticated("project bind");
   const license = await ensureLicenseActivation();
   const metadata = collectMetadata(target);
+  const existingBinding = loadProjectBinding(target);
+  const existingBoundIdentity = boundProjectIdentityFromBinding(target, existingBinding);
+  const explicitRebindProjectId = projectIdForExplicitRebindFromBinding(existingBinding);
   const identity = buildProjectIdentity(target, metadata);
+  if (bindOptions.name) {
+    identity.project_name = bindOptions.name;
+    identity.project_id = projectIdFor(target, bindOptions.name, identity.remote_origin || path.resolve(target));
+  }
+  if (existingBoundIdentity && existingBoundIdentity.project_id) {
+    identity.project_id = existingBoundIdentity.project_id;
+  } else if (explicitRebindProjectId) {
+    identity.project_id = explicitRebindProjectId;
+  }
   const boundProject = await bindProjectForCloud(target, metadata, identity);
+  const projectID = boundProject.project_id || identity.project_id;
+  const projectName = bindOptions.name || boundProject.name || identity.project_name;
+  identity.project_id = projectID;
+  identity.project_name = projectName;
   const stack = boundProject.stack || identity.stack || "unknown";
-  if (await guardRegistryDrift(target, path.basename(target), args)) {
-    registerProjectOrExit(target, path.basename(target), stack);
+  const registryName = bindOptions.name || path.basename(target);
+  if (await guardRegistryDrift(target, registryName, args)) {
+    registerProjectOrExit(target, registryName, stack);
   }
   const heartbeat = await sendProjectHeartbeat(target, identity, { stack }, {
-    project_id: boundProject.project_id || identity.project_id,
+    project_id: projectID,
   }).catch((err) => ({ error: err.message || String(err) }));
+  const savedBinding = writeProjectBinding(target, {
+    identity,
+    server_project: {
+      ...boundProject,
+      project_id: projectID,
+      name: projectName,
+      stack,
+      binding_status: boundProject.binding_status || "bound",
+    },
+    project_id: projectID,
+    project_name: projectName,
+    stack,
+    binding_status: boundProject.binding_status || "bound",
+    binding_source: bindOptions.name ? "project bind --name" : "project bind",
+    account_email: authStatus.email || "",
+    account_plan: authStatus.plan || license.plan || "free",
+    activation_status: license.status || "active",
+    activation_id: license.activation_id || "",
+  });
   const payload = {
     ok: true,
     account: {
@@ -266,12 +378,18 @@ async function cmdProjectBind(target, args = []) {
       activation: license.status || "active",
     },
     project: {
-      project_id: boundProject.project_id || identity.project_id,
-      name: boundProject.name || identity.project_name,
+      project_id: projectID,
+      name: projectName,
       stack,
       binding_status: boundProject.binding_status || "bound",
     },
     heartbeat: !(heartbeat && heartbeat.error),
+    host_registry: projectBindHostRegistryInfo(target),
+    local_binding: {
+      target: savedBinding.target,
+      target_aliases: savedBinding.target_aliases || [],
+      updated_at: savedBinding.updated_at,
+    },
   };
   if (json) {
     console.log(JSON.stringify(payload, null, 2));
@@ -279,25 +397,125 @@ async function cmdProjectBind(target, args = []) {
     log("project bound");
     console.log(`  account: ${payload.account.email || "unknown"} · plan: ${payload.account.plan} · activation: ${payload.account.activation}`);
     console.log(`  project: ${payload.project.project_id}`);
+    console.log(`  registry: ${payload.host_registry.registry}`);
+    console.log(`  ${D}${payload.host_registry.note} See #4084.${R}`);
     if (!payload.heartbeat) console.log(`  ${D}heartbeat deferred; run 0dai status to inspect local state${R}`);
   }
   return payload;
 }
 
+// buildLocalDryRunPreview — pure, offline preview for `0dai init --local --dry-run`.
+// Detects the stack and renders the configs the local (offline) init path
+// produces, entirely IN MEMORY. Makes ZERO auth/license/server/network calls:
+// it only reads the target dir via collectMetadata + the local detection helpers
+// (inferProjectName / detectStackHint), all of which run on-disk with no egress.
+// Returns { projectName, stack, clis, files, agentTargets } where:
+//   files        — { relPath: content } the offline path would write
+//   agentTargets — [{ cli, files: [...] }] the per-CLI config paths a full
+//                  (authenticated) `0dai init` would manage for each detected CLI
+function buildLocalDryRunPreview(target) {
+  const metadata = collectMetadata(target);
+  const { projectFiles, manifestContents, clis } = metadata;
+  const projectName = inferProjectName(target, manifestContents);
+  const stack = detectStackHint(projectFiles, manifestContents);
+
+  // Mirror the offline generator (lib/wizard.js stepGenerate) so the preview
+  // matches what `0dai init --local` writes without auth — no fabricated bodies.
+  const claudeMd = `# ${projectName}\n\nStack: ${stack}\nGenerated by 0dai (local mode).\n\n## Commands\n\nSee ai/manifest/ for full configuration.\n`;
+  const agentsMd = `# Agent Configuration\n\nProject: ${projectName}\nStack: ${stack}\n\nSee ai/manifest/ for configuration details.\n`;
+  const discovery = {
+    project_name: projectName,
+    stack,
+    detected_stack: [stack],
+    selected_agents: clis.length ? clis : SUPPORTED_CLIS.map((c) => c.name),
+    local: true,
+  };
+  const files = {
+    "CLAUDE.md": claudeMd,
+    "AGENTS.md": agentsMd,
+    "ai/manifest/discovery.json": JSON.stringify(discovery, null, 2) + "\n",
+    "ai/manifest/project.yaml": `plan: free\nname: ${projectName}\nstack: ${stack}\n`,
+    // Live manifest scaffolds the offline path writes via ensureLiveManifestDefaults
+    // (lib/wizard.js stepGenerate). Use the canonical bodies, not fabricated ones.
+    ...LIVE_MANIFEST_DEFAULTS,
+    "ai/VERSION": `${VERSION}\n`,
+  };
+
+  // Per-CLI native config paths the full managed init would generate. We list
+  // paths (factual, from SUPPORTED_CLIS) rather than inventing offline bodies.
+  const agentTargets = SUPPORTED_CLIS
+    .filter((c) => Array.isArray(c.agentFiles) && c.agentFiles.length)
+    .map((c) => ({ cli: c.name, files: c.agentFiles }));
+
+  return { projectName, stack, clis, files, agentTargets };
+}
+
+// cmdInitLocalDryRun — offline `0dai init --local --dry-run`. Prints the
+// preview to stdout and returns. Writes nothing to disk and makes no network
+// calls. This is the only path that bypasses the auth/license preflight, and
+// only when BOTH --local AND --dry-run are set (see cmdInit).
+function cmdInitLocalDryRun(target) {
+  const { projectName, stack, clis, files, agentTargets } = buildLocalDryRunPreview(target);
+  log(`local dry-run: no account or network needed`);
+  console.log(`  project: ${projectName}`);
+  console.log(`  stack: ${stack}`);
+  console.log(`  agent CLIs detected: ${clis.length ? clis.join(", ") : "none"}`);
+  console.log("");
+  const names = Object.keys(files);
+  log(`local dry-run: would write ${names.length} file(s) (nothing written):`);
+  for (const name of names) {
+    console.log(`  ${D}+ ${name}${R}`);
+  }
+  console.log("");
+  log(`local dry-run: per-CLI native configs a full 0dai init would manage:`);
+  for (const target_ of agentTargets) {
+    console.log(`  ${D}${target_.cli}: ${target_.files.join(", ")}${R}`);
+  }
+  console.log("");
+  for (const name of names) {
+    console.log(`${T}--- ${name} ---${R}`);
+    console.log(files[name].replace(/\n$/, ""));
+    console.log("");
+  }
+  console.log(`  ${D}Sign in to write these for real: 0dai init --local${R}`);
+  return { projectName, stack, clis, files, agentTargets };
+}
+
 async function cmdInit(target, args = []) {
   const dryRun = args.includes("--dry-run");
   const minimal = args.includes("--minimal");
   const noWizard = args.includes("--no-wizard");
   const localMode = args.includes("--local");
 
+  // Offline preview: `0dai init --local --dry-run` renders configs in memory,
+  // prints them, and returns. Bypasses the auth/license/server preflight ONLY
+  // when BOTH flags are present (issue #4475). Plain --dry-run (server plan)
+  // and plain --local (wizard, writes) are unchanged.
+  if (localMode && dryRun) {
+    cmdInitLocalDryRun(target);
+    return;
+  }
+
   if (fs.existsSync(path.join(target, "ai", "VERSION"))) {
     const v = fs.readFileSync(path.join(target, "ai", "VERSION"), "utf8").trim();
     log(`ai/ layer already exists (v${v}). Run '0dai sync' to update.`);
     if (args.includes("--resume")) clearCloudInitCheckpoint(target);
-    if (!dryRun) await runMcpBootstrap(target, args);
+    if (!dryRun) {
+      ensureRuntimeGitignore(target);
+      await runMcpBootstrap(target, args);
+    }
     return;
   }
 
+  if (!dryRun && !args.includes("--json")) {
+    await checkVersion({
+      force: true,
+      background: false,
+      timeoutMs: 1500,
+      initHint: true,
+    });
+  }
+
   // Pre-check: verify init quota before starting wizard (avoid 10 min wizard → "limit reached")
   if (!dryRun) {
     try {
@@ -319,6 +537,7 @@ async function cmdInit(target, args = []) {
       if (isInteractive()) {
         const result = await runWizard(target);
         if (result.completed) {
+          ensureRuntimeGitignore(target);
           await runMcpBootstrap(target, args);
           try {
             const ob = require("../onboarding");
@@ -335,6 +554,7 @@ async function cmdInit(target, args = []) {
     const { runWizard } = require("../wizard");
     const result = await runWizard(target, { forceLocal: true });
     if (result.completed) {
+      ensureRuntimeGitignore(target);
       await runMcpBootstrap(target, args);
       try {
         const ob = require("../onboarding");
@@ -357,7 +577,9 @@ async function cmdInit(target, args = []) {
   const { projectFiles, manifestContents, clis } = metadata;
   const authStatus = await ensureAccountForActivation("init", args);
   const license = await ensureLicenseActivation();
+  const explicitRebindProjectId = projectIdForExplicitRebindFromBinding(loadProjectBinding(target));
   const identity = buildProjectIdentity(target, metadata);
+  if (explicitRebindProjectId) identity.project_id = explicitRebindProjectId;
   const boundProject = await bindProjectForCloud(target, metadata, identity);
   if (dryRun) log(`${D}dry-run: would generate ai/ layer (${projectFiles.length} files, ${clis.length} CLIs)${R}`);
   if (spinner) spinner.start(`${dryRun ? "[dry-run] " : ""}Generating ai/ layer (${projectFiles.length} files, ${clis.length} CLIs)...`);
@@ -399,6 +621,7 @@ async function cmdInit(target, args = []) {
     return;
   }
   writeFiles(target, result.files || {});
+  ensureLiveManifestDefaults(target);
   const envManifest = normalizeEnvironmentManifest(target);
   if (envManifest.changed) {
     log("environment manifest target normalized: ai/manifest/environment.yaml");
@@ -410,12 +633,7 @@ async function cmdInit(target, args = []) {
   fs.mkdirSync(path.dirname(versionFile), { recursive: true });
   fs.writeFileSync(versionFile, VERSION + "\n", "utf8");
 
-  // Add to .gitignore
-  const gi = path.join(target, ".gitignore");
-  try {
-    const text = fs.existsSync(gi) ? fs.readFileSync(gi, "utf8") : "";
-    if (!text.includes(".0dai")) fs.appendFileSync(gi, "\n.0dai/\n");
-  } catch {}
+  ensureRuntimeGitignore(target);
 
   const gitPolicy = ensureGithubFlowPolicy(target);
   if (gitPolicy && gitPolicy.protection && gitPolicy.protection.skipped) {
@@ -501,6 +719,7 @@ async function runMcpBootstrap(target, args = []) {
     const verbs = [];
     if (result.config.added && result.config.added.length) verbs.push(`${result.config.added.length} server(s) added`);
     if (result.config.updated && result.config.updated.length) verbs.push(`${result.config.updated.length} server(s) reset`);
+    if (result.config.removed && result.config.removed.length) verbs.push(`${result.config.removed.length} server(s) removed`);
     if (result.config.changed) {
       log(`MCP config ready (${verbs.join(", ") || "updated"}): .mcp.json`);
     }
@@ -516,7 +735,7 @@ async function runMcpBootstrap(target, args = []) {
     } else if (result.auth.status === "disabled") {
       log("MCP cloud auth skipped (--no-mcp-auth)");
     } else if (result.auth.status === "skipped") {
-      console.log(`  ${D}MCP cloud auth skipped. In Claude Code, run /mcp Authenticate for claude.ai 0dai${R}`);
+      console.log(`  ${D}MCP cloud auth skipped. In Claude Code, run /mcp Authenticate for claude_ai_0dai${R}`);
     }
   }
   for (const warning of result.warnings || []) log(`warn: ${warning}`);
@@ -620,10 +839,33 @@ function runDocLinkCheck(target, args = [], options = {}) {
   return { ran: true, status: 0, strict, broken: false };
 }
 
+function printProtectedSyncUpdates(items, { quiet = false } = {}) {
+  if (quiet || !Array.isArray(items) || items.length === 0) return;
+  log(`${W}sync protected ${items.length} project-owned update(s)${R}`);
+  for (const item of items) {
+    const rel = item && item.path ? String(item.path) : "(unknown)";
+    const reason = item && item.reason ? String(item.reason) : "protected by default";
+    console.log(`  ${D}! ${rel} — ${reason}${R}`);
+  }
+  console.log(`  ${D}Pass --force-template-reset to apply these reset-style updates.${R}`);
+}
+
+function isGenericStackName(value) {
+  return ["", "generic", "unknown", "auto"].includes(String(value || "").trim().toLowerCase());
+}
+
+function chooseSyncStack(target, discoveryStack) {
+  const manifestStack = readProjectManifest(target).stack || "";
+  if (!isGenericStackName(manifestStack)) return manifestStack;
+  return discoveryStack || manifestStack || "generic";
+}
+
 async function cmdSync(target, args = []) {
-  const dryRun = args.includes("--dry-run");
-  const quiet = args.includes("--quiet") || args.includes("-q");
+  const check = args.includes("--check");
+  const dryRun = args.includes("--dry-run") || check;
+  const quiet = args.includes("--quiet") || args.includes("-q") || check;
   const force = args.includes("--force");
+  const forceTemplateReset = args.includes("--force-template-reset");
 
   // Quick local check: skip API if already at current version (unless dry-run or force)
   let version = "unknown";
@@ -631,12 +873,13 @@ async function cmdSync(target, args = []) {
 
   const metadata = collectMetadata(target);
   const { manifestContents, clis } = metadata;
-  let stack = "generic", agents = [];
+  let discoveryStack = "generic", agents = [];
   try {
     const d = JSON.parse(fs.readFileSync(path.join(target, "ai", "manifest", "discovery.json"), "utf8"));
-    stack = d.stack || "generic";
+    discoveryStack = d.stack || "generic";
     agents = d.selected_agents || [];
   } catch {}
+  const stack = chooseSyncStack(target, discoveryStack);
   const identity = buildProjectIdentity(target, metadata, stack);
 
   if (dryRun) {
@@ -677,6 +920,7 @@ async function cmdSync(target, args = []) {
     // server needs no raw manifest content — mirrors the /v1/init fix from #4030.
     manifest_files: hashManifestFiles(manifestContents),
     dry_run: dryRun, quiet, force,
+    force_template_reset: forceTemplateReset,
     project_name: identity.project_name,
     project_id: boundProject.project_id || identity.project_id,
     remote_origin: identity.remote_origin,
@@ -690,7 +934,11 @@ async function cmdSync(target, args = []) {
     process.exit(1);
   }
 
-  const updated = result.files_updated || {};
+  const updated = {
+    ...(result.files_updated || {}),
+    ...missingLiveManifestDefaults(target, result.files_updated || {}),
+  };
+  const protectedUpdates = Array.isArray(result.protected_updates) ? result.protected_updates : [];
   if (dryRun) {
     const files = Object.keys(updated);
     if (files.length) {
@@ -706,8 +954,10 @@ async function cmdSync(target, args = []) {
     } else {
       log(`${D}dry-run: nothing to update${R}`);
     }
+    printProtectedSyncUpdates(protectedUpdates, { quiet });
     return;
   }
+  printProtectedSyncUpdates(protectedUpdates, { quiet });
   const changedCount = Object.keys(updated).length;
   if (changedCount) {
     if (!quiet && !shouldAutoYes(args)) {
@@ -772,12 +1022,28 @@ async function cmdSync(target, args = []) {
   if (force && result.native_configs) {
     const NATIVE_CONFIGS = ["CLAUDE.md", "AGENTS.md", "GEMINI.md", "opencode.json", ".cursorrules", ".windsurfrules", ".aider.conf.yml"];
     let overwritten = 0;
+    let backupDir = null;
     for (const name of NATIVE_CONFIGS) {
-      if (result.native_configs[name]) {
-        fs.writeFileSync(path.join(target, name), result.native_configs[name], "utf8");
-        overwritten++;
-        if (!quiet) console.log(`  [force] ${name} overwritten from ai/ source`);
+      if (!result.native_configs[name]) continue;
+      const dest = path.join(target, name);
+      const next = result.native_configs[name];
+      // Back up a pre-existing, differing native config before overwriting, so
+      // a hand-edited CLAUDE.md/AGENTS.md/… is recoverable from ai/.backups
+      // (sync --force used to clobber these with no backup, #4363).
+      if (fs.existsSync(dest)) {
+        const existing = fs.readFileSync(dest, "utf8");
+        if (existing === next) continue;
+        if (!backupDir) {
+          const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
+          backupDir = path.join(target, "ai", ".backups", timestamp);
+          fs.mkdirSync(backupDir, { recursive: true });
+        }
+        fs.writeFileSync(path.join(backupDir, name), existing, "utf8");
+        if (!quiet) console.log(`  [force] backed up ${name} to ${path.relative(target, path.join(backupDir, name))}`);
       }
+      fs.writeFileSync(dest, next, "utf8");
+      overwritten++;
+      if (!quiet) console.log(`  [force] ${name} overwritten from ai/ source`);
     }
     if (overwritten && !quiet) {
       log(`force: ${overwritten} native config file(s) overwritten`);
@@ -834,6 +1100,8 @@ function buildLocalSyncPreview(target, { version, stack, cliVersion }) {
     "ai/manifest/project.yaml",
     "ai/manifest/commands.yaml",
     "ai/manifest/discovery.json",
+    "ai/manifest/current_state.json",
+    "ai/manifest/current_task.json",
   ];
   for (const rel of expectedAiFiles) {
     if (!fs.existsSync(path.join(target, rel))) changes.push(`${rel} (missing)`);
@@ -885,6 +1153,8 @@ module.exports = {
   cmdInit,
   cmdSync,
   cmdProjectBind,
+  buildLocalDryRunPreview,
+  cmdInitLocalDryRun,
   buildLocalSyncPreview,
   runMcpBootstrap,
   bindProjectForCloud,
@@ -892,6 +1162,7 @@ module.exports = {
   writeCloudInitCheckpoint,
   clearCloudInitCheckpoint,
   buildCloudInitResumeCommand,
+  ensureRuntimeGitignore,
   collectCurrentAiFiles,
   hashFile,
   detectRegistryDrift,