npm - @aisy/core - Versions diffs - 0.1.0 - Mend

@aisy/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (270) hide show

package/LICENSE +202 -0
package/dist/agent-loop/index.d.ts +4 -0
package/dist/agent-loop/index.d.ts.map +1 -0
package/dist/agent-loop/index.js +352 -0
package/dist/agent-loop/index.js.map +1 -0
package/dist/agent-loop/types.d.ts +183 -0
package/dist/agent-loop/types.d.ts.map +1 -0
package/dist/agent-loop/types.js +3 -0
package/dist/agent-loop/types.js.map +1 -0
package/dist/bin/aisy.d.ts +3 -0
package/dist/bin/aisy.d.ts.map +1 -0
package/dist/bin/aisy.js +14 -0
package/dist/bin/aisy.js.map +1 -0
package/dist/cli/index.d.ts +17 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +114 -0
package/dist/cli/index.js.map +1 -0
package/dist/context-engine/index.d.ts +4 -0
package/dist/context-engine/index.d.ts.map +1 -0
package/dist/context-engine/index.js +126 -0
package/dist/context-engine/index.js.map +1 -0
package/dist/context-engine/types.d.ts +54 -0
package/dist/context-engine/types.d.ts.map +1 -0
package/dist/context-engine/types.js +4 -0
package/dist/context-engine/types.js.map +1 -0
package/dist/eval/index.d.ts +20 -0
package/dist/eval/index.d.ts.map +1 -0
package/dist/eval/index.js +128 -0
package/dist/eval/index.js.map +1 -0
package/dist/eval/types.d.ts +62 -0
package/dist/eval/types.d.ts.map +1 -0
package/dist/eval/types.js +17 -0
package/dist/eval/types.js.map +1 -0
package/dist/gateway/index.d.ts +5 -0
package/dist/gateway/index.d.ts.map +1 -0
package/dist/gateway/index.js +288 -0
package/dist/gateway/index.js.map +1 -0
package/dist/gateway/types.d.ts +194 -0
package/dist/gateway/types.d.ts.map +1 -0
package/dist/gateway/types.js +94 -0
package/dist/gateway/types.js.map +1 -0
package/dist/goals/index.d.ts +11 -0
package/dist/goals/index.d.ts.map +1 -0
package/dist/goals/index.js +21 -0
package/dist/goals/index.js.map +1 -0
package/dist/goals/types.d.ts +47 -0
package/dist/goals/types.d.ts.map +1 -0
package/dist/goals/types.js +5 -0
package/dist/goals/types.js.map +1 -0
package/dist/index.d.ts +56 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +50 -0
package/dist/index.js.map +1 -0
package/dist/mcp/index.d.ts +5 -0
package/dist/mcp/index.d.ts.map +1 -0
package/dist/mcp/index.js +215 -0
package/dist/mcp/index.js.map +1 -0
package/dist/mcp/types.d.ts +148 -0
package/dist/mcp/types.d.ts.map +1 -0
package/dist/mcp/types.js +4 -0
package/dist/mcp/types.js.map +1 -0
package/dist/memory/index.d.ts +6 -0
package/dist/memory/index.d.ts.map +1 -0
package/dist/memory/index.js +419 -0
package/dist/memory/index.js.map +1 -0
package/dist/memory/types.d.ts +131 -0
package/dist/memory/types.d.ts.map +1 -0
package/dist/memory/types.js +33 -0
package/dist/memory/types.js.map +1 -0
package/dist/nightly/index.d.ts +4 -0
package/dist/nightly/index.d.ts.map +1 -0
package/dist/nightly/index.js +470 -0
package/dist/nightly/index.js.map +1 -0
package/dist/nightly/types.d.ts +326 -0
package/dist/nightly/types.d.ts.map +1 -0
package/dist/nightly/types.js +3 -0
package/dist/nightly/types.js.map +1 -0
package/dist/observability/index.d.ts +11 -0
package/dist/observability/index.d.ts.map +1 -0
package/dist/observability/index.js +396 -0
package/dist/observability/index.js.map +1 -0
package/dist/observability/types.d.ts +139 -0
package/dist/observability/types.d.ts.map +1 -0
package/dist/observability/types.js +4 -0
package/dist/observability/types.js.map +1 -0
package/dist/onboarding/index.d.ts +16 -0
package/dist/onboarding/index.d.ts.map +1 -0
package/dist/onboarding/index.js +787 -0
package/dist/onboarding/index.js.map +1 -0
package/dist/onboarding/interactive.d.ts +23 -0
package/dist/onboarding/interactive.d.ts.map +1 -0
package/dist/onboarding/interactive.js +45 -0
package/dist/onboarding/interactive.js.map +1 -0
package/dist/onboarding/types.d.ts +388 -0
package/dist/onboarding/types.d.ts.map +1 -0
package/dist/onboarding/types.js +35 -0
package/dist/onboarding/types.js.map +1 -0
package/dist/orchestration/index.d.ts +8 -0
package/dist/orchestration/index.d.ts.map +1 -0
package/dist/orchestration/index.js +706 -0
package/dist/orchestration/index.js.map +1 -0
package/dist/orchestration/types.d.ts +391 -0
package/dist/orchestration/types.d.ts.map +1 -0
package/dist/orchestration/types.js +30 -0
package/dist/orchestration/types.js.map +1 -0
package/dist/personality/index.d.ts +65 -0
package/dist/personality/index.d.ts.map +1 -0
package/dist/personality/index.js +339 -0
package/dist/personality/index.js.map +1 -0
package/dist/personality/types.d.ts +103 -0
package/dist/personality/types.d.ts.map +1 -0
package/dist/personality/types.js +15 -0
package/dist/personality/types.js.map +1 -0
package/dist/provider/index.d.ts +4 -0
package/dist/provider/index.d.ts.map +1 -0
package/dist/provider/index.js +236 -0
package/dist/provider/index.js.map +1 -0
package/dist/provider/types.d.ts +180 -0
package/dist/provider/types.d.ts.map +1 -0
package/dist/provider/types.js +4 -0
package/dist/provider/types.js.map +1 -0
package/dist/runtime/agent-cards.d.ts +14 -0
package/dist/runtime/agent-cards.d.ts.map +1 -0
package/dist/runtime/agent-cards.js +90 -0
package/dist/runtime/agent-cards.js.map +1 -0
package/dist/runtime/agent-runner.d.ts +30 -0
package/dist/runtime/agent-runner.d.ts.map +1 -0
package/dist/runtime/agent-runner.js +37 -0
package/dist/runtime/agent-runner.js.map +1 -0
package/dist/runtime/budget.d.ts +15 -0
package/dist/runtime/budget.d.ts.map +1 -0
package/dist/runtime/budget.js +24 -0
package/dist/runtime/budget.js.map +1 -0
package/dist/runtime/delegation-driver.d.ts +11 -0
package/dist/runtime/delegation-driver.d.ts.map +1 -0
package/dist/runtime/delegation-driver.js +132 -0
package/dist/runtime/delegation-driver.js.map +1 -0
package/dist/runtime/exact-cache.d.ts +10 -0
package/dist/runtime/exact-cache.d.ts.map +1 -0
package/dist/runtime/exact-cache.js +30 -0
package/dist/runtime/exact-cache.js.map +1 -0
package/dist/runtime/execute-tool.d.ts +29 -0
package/dist/runtime/execute-tool.d.ts.map +1 -0
package/dist/runtime/execute-tool.js +80 -0
package/dist/runtime/execute-tool.js.map +1 -0
package/dist/runtime/guardian.d.ts +9 -0
package/dist/runtime/guardian.d.ts.map +1 -0
package/dist/runtime/guardian.js +41 -0
package/dist/runtime/guardian.js.map +1 -0
package/dist/runtime/hook-gate.d.ts +17 -0
package/dist/runtime/hook-gate.d.ts.map +1 -0
package/dist/runtime/hook-gate.js +56 -0
package/dist/runtime/hook-gate.js.map +1 -0
package/dist/runtime/memory-adapter.d.ts +6 -0
package/dist/runtime/memory-adapter.d.ts.map +1 -0
package/dist/runtime/memory-adapter.js +38 -0
package/dist/runtime/memory-adapter.js.map +1 -0
package/dist/runtime/nightly-adapters.d.ts +48 -0
package/dist/runtime/nightly-adapters.d.ts.map +1 -0
package/dist/runtime/nightly-adapters.js +139 -0
package/dist/runtime/nightly-adapters.js.map +1 -0
package/dist/runtime/nightly-generator.d.ts +10 -0
package/dist/runtime/nightly-generator.d.ts.map +1 -0
package/dist/runtime/nightly-generator.js +335 -0
package/dist/runtime/nightly-generator.js.map +1 -0
package/dist/runtime/onboarding-node.d.ts +6 -0
package/dist/runtime/onboarding-node.d.ts.map +1 -0
package/dist/runtime/onboarding-node.js +356 -0
package/dist/runtime/onboarding-node.js.map +1 -0
package/dist/runtime/provider-anthropic.d.ts +43 -0
package/dist/runtime/provider-anthropic.d.ts.map +1 -0
package/dist/runtime/provider-anthropic.js +148 -0
package/dist/runtime/provider-anthropic.js.map +1 -0
package/dist/runtime/provider-cli.d.ts +18 -0
package/dist/runtime/provider-cli.d.ts.map +1 -0
package/dist/runtime/provider-cli.js +73 -0
package/dist/runtime/provider-cli.js.map +1 -0
package/dist/runtime/provider-openai.d.ts +30 -0
package/dist/runtime/provider-openai.d.ts.map +1 -0
package/dist/runtime/provider-openai.js +114 -0
package/dist/runtime/provider-openai.js.map +1 -0
package/dist/runtime/providers.d.ts +43 -0
package/dist/runtime/providers.d.ts.map +1 -0
package/dist/runtime/providers.js +72 -0
package/dist/runtime/providers.js.map +1 -0
package/dist/runtime/sandbox-bash.d.ts +21 -0
package/dist/runtime/sandbox-bash.d.ts.map +1 -0
package/dist/runtime/sandbox-bash.js +51 -0
package/dist/runtime/sandbox-bash.js.map +1 -0
package/dist/runtime/scoped-tool-executor.d.ts +10 -0
package/dist/runtime/scoped-tool-executor.d.ts.map +1 -0
package/dist/runtime/scoped-tool-executor.js +30 -0
package/dist/runtime/scoped-tool-executor.js.map +1 -0
package/dist/runtime/session-log.d.ts +6 -0
package/dist/runtime/session-log.d.ts.map +1 -0
package/dist/runtime/session-log.js +54 -0
package/dist/runtime/session-log.js.map +1 -0
package/dist/runtime/settings.d.ts +24 -0
package/dist/runtime/settings.d.ts.map +1 -0
package/dist/runtime/settings.js +29 -0
package/dist/runtime/settings.js.map +1 -0
package/dist/runtime/spawn-plan.d.ts +13 -0
package/dist/runtime/spawn-plan.d.ts.map +1 -0
package/dist/runtime/spawn-plan.js +107 -0
package/dist/runtime/spawn-plan.js.map +1 -0
package/dist/runtime/spend.d.ts +41 -0
package/dist/runtime/spend.d.ts.map +1 -0
package/dist/runtime/spend.js +0 -0
package/dist/runtime/spend.js.map +1 -0
package/dist/runtime/sub-agent-runner.d.ts +19 -0
package/dist/runtime/sub-agent-runner.d.ts.map +1 -0
package/dist/runtime/sub-agent-runner.js +47 -0
package/dist/runtime/sub-agent-runner.js.map +1 -0
package/dist/safety/grants.d.ts +7 -0
package/dist/safety/grants.d.ts.map +1 -0
package/dist/safety/grants.js +53 -0
package/dist/safety/grants.js.map +1 -0
package/dist/safety/index.d.ts +72 -0
package/dist/safety/index.d.ts.map +1 -0
package/dist/safety/index.js +464 -0
package/dist/safety/index.js.map +1 -0
package/dist/safety/types.d.ts +254 -0
package/dist/safety/types.d.ts.map +1 -0
package/dist/safety/types.js +3 -0
package/dist/safety/types.js.map +1 -0
package/dist/skills/index.d.ts +4 -0
package/dist/skills/index.d.ts.map +1 -0
package/dist/skills/index.js +463 -0
package/dist/skills/index.js.map +1 -0
package/dist/skills/types.d.ts +177 -0
package/dist/skills/types.d.ts.map +1 -0
package/dist/skills/types.js +3 -0
package/dist/skills/types.js.map +1 -0
package/dist/testing/clock.d.ts +8 -0
package/dist/testing/clock.d.ts.map +1 -0
package/dist/testing/clock.js +13 -0
package/dist/testing/clock.js.map +1 -0
package/dist/testing/effect-verifier.d.ts +15 -0
package/dist/testing/effect-verifier.d.ts.map +1 -0
package/dist/testing/effect-verifier.js +27 -0
package/dist/testing/effect-verifier.js.map +1 -0
package/dist/testing/index.d.ts +5 -0
package/dist/testing/index.d.ts.map +1 -0
package/dist/testing/index.js +5 -0
package/dist/testing/index.js.map +1 -0
package/dist/testing/provider-fake.d.ts +14 -0
package/dist/testing/provider-fake.d.ts.map +1 -0
package/dist/testing/provider-fake.js +18 -0
package/dist/testing/provider-fake.js.map +1 -0
package/dist/testing/sandbox-stub.d.ts +15 -0
package/dist/testing/sandbox-stub.d.ts.map +1 -0
package/dist/testing/sandbox-stub.js +15 -0
package/dist/testing/sandbox-stub.js.map +1 -0
package/dist/tools/index.d.ts +11 -0
package/dist/tools/index.d.ts.map +1 -0
package/dist/tools/index.js +0 -0
package/dist/tools/index.js.map +1 -0
package/dist/tools/types.d.ts +138 -0
package/dist/tools/types.d.ts.map +1 -0
package/dist/tools/types.js +4 -0
package/dist/tools/types.js.map +1 -0
package/dist/triggers/index.d.ts +4 -0
package/dist/triggers/index.d.ts.map +1 -0
package/dist/triggers/index.js +187 -0
package/dist/triggers/index.js.map +1 -0
package/dist/triggers/types.d.ts +74 -0
package/dist/triggers/types.d.ts.map +1 -0
package/dist/triggers/types.js +5 -0
package/dist/triggers/types.js.map +1 -0
package/package.json +36 -0

package/dist/onboarding/index.js ADDED Viewed

@@ -0,0 +1,787 @@
+import { createHash, randomUUID } from 'node:crypto';
+import { REQUIRED_ENV_KEYS, SCAFFOLD_FILES, MEMORY_TREE_FILES, MEMORY_TREE_DIRS } from './types.js';
+import { runTelegramPairing } from './interactive.js';
+export { REQUIRED_ENV_KEYS, SCAFFOLD_FILES, MEMORY_TREE_FILES, MEMORY_TREE_DIRS, } from './types.js';
+const TIERS = ['reasoning', 'critique', 'routine'];
+// ---------------------------------------------------------------------------
+// Redaction helper. The component handles credentials and exports bundles, so
+// every sink runs through here: a secret VALUE never appears in detail, an
+// InitOutcome, a journal tail, or a diagnostics file (CSO-M3, AC-13-4/5/15/16).
+// ---------------------------------------------------------------------------
+function redactWith(values, text) {
+    let out = text;
+    for (const v of values) {
+        if (v.length > 0)
+            out = out.split(v).join('«redacted»');
+    }
+    return out;
+}
+// ===========================================================================
+// makeOnboardingOps — init / doctor / diagnostics (spec §3, §5.1–5.2, §5.5)
+// All deterministic; the model is never on this path.
+// ===========================================================================
+export function makeOnboardingOps(deps) {
+    const emit = (event, payload) => deps.events?.emit(event, payload);
+    const secretValues = () => deps.vault.secretValues();
+    const redact = (s) => redactWith(secretValues(), s);
+    // ---- prereq + .env helpers --------------------------------------------
+    function parseEnvBody(body) {
+        const keys = new Set();
+        for (const line of body.split(/\r?\n/)) {
+            const m = /^([A-Z0-9_]+)=(.*)$/.exec(line.trim());
+            if (m && m[1] !== undefined && (m[2] ?? '').length > 0)
+                keys.add(m[1]);
+        }
+        return keys;
+    }
+    function envValueOf(key) {
+        return deps.env?.[key] ?? '';
+    }
+    // -------------------------------------------------------------------------
+    // init (§5.1) — resumable: every step records an InitOutcome; satisfied
+    // steps yield already-present/skipped and write nothing without --force.
+    // -------------------------------------------------------------------------
+    async function init(opts) {
+        emit('init.started');
+        const outcomes = [];
+        const scaffolded = [];
+        const force = opts.force === true;
+        let failed = false;
+        // Interactive collect (ADR-0049): when a prompt is wired and the operator
+        // did not opt into non-interactive/--yes, prompt for missing required
+        // secrets and pair the Telegram chat. Collected values override env for the
+        // rest of init (validation, vault seed). Already-set keys are not re-asked.
+        const collected = {};
+        const valueOf = (key) => collected[key] ?? envValueOf(key);
+        // ADR-0050: when a provider catalog is injected, the interactive flow offers
+        // a provider/model picker (single model or per-tier) and persists
+        // providers.json, instead of the legacy per-tier key prompts.
+        // catalogSelections drives provider-aware validation in step [2].
+        let catalogSelections = [];
+        const interactive = deps.prompt !== undefined && opts.nonInteractive !== true && opts.yes !== true;
+        if (interactive && deps.prompt) {
+            const p = deps.prompt;
+            p.info('Настройка Aisy — отвечай на вопросы (Enter — пропустить шаг).');
+            const catalog = deps.providerCatalog;
+            if (catalog && catalog.length > 0 && deps.providersOut) {
+                p.info('Доступные провайдеры:');
+                catalog.forEach((e, i) => p.info(`  ${i + 1}. ${e.label}`));
+                const pickOne = async (prefix) => {
+                    const raw = (await p.ask(`${prefix}провайдер (номер)`, { default: '1' })).trim();
+                    const n = Number.parseInt(raw, 10);
+                    const idx = Number.isFinite(n) && n >= 1 && n <= catalog.length ? n - 1 : 0;
+                    const entry = catalog[idx];
+                    const defModel = entry.defaultModels?.[0];
+                    const model = (await p.ask(`Модель (${entry.label})`, defModel ? { default: defModel } : {})).trim() || (defModel ?? '');
+                    if (entry.needsKey && entry.keyEnv) {
+                        const key = (await p.secret(`API-ключ (${entry.label}):`)).trim();
+                        if (key.length > 0)
+                            collected[entry.keyEnv] = key;
+                        // Known providers carry a catalog default base URL (buildProvider
+                        // falls back to it); only a custom endpoint must be asked.
+                        if (entry.defaultBaseUrl === undefined) {
+                            const bu = (await p.ask(`Base URL (${entry.label})`)).trim();
+                            if (bu.length > 0)
+                                collected[`AISY_PROVIDER_${entry.id.toUpperCase()}_BASE_URL`] = bu;
+                        }
+                    }
+                    return { provider: entry.id, model };
+                };
+                const single = await p.confirm('Одна модель для всех тиров?', { default: true });
+                let config;
+                if (single) {
+                    const sel = await pickOne('');
+                    config = { default: sel };
+                    catalogSelections = [sel];
+                }
+                else {
+                    const reasoning = await pickOne('reasoning · ');
+                    const critique = await pickOne('critique · ');
+                    const routine = await pickOne('routine · ');
+                    config = { tiers: { reasoning, critique, routine } };
+                    catalogSelections = [reasoning, critique, routine];
+                }
+                deps.providersOut.write(config);
+            }
+            else {
+                // Legacy: prompt the per-tier provider keys (no catalog injected).
+                for (const tier of TIERS) {
+                    const key = `AISY_PROVIDER_${tier.toUpperCase()}_KEY`;
+                    if (valueOf(key).length === 0) {
+                        const v = (await p.secret(`API-ключ провайдера (${tier}):`)).trim();
+                        if (v.length > 0)
+                            collected[key] = v;
+                    }
+                }
+            }
+            if (valueOf('AISY_TELEGRAM_BOT_TOKEN').length === 0) {
+                const t = (await p.secret('Telegram bot token:')).trim();
+                if (t.length > 0)
+                    collected['AISY_TELEGRAM_BOT_TOKEN'] = t;
+            }
+            if (valueOf('AISY_TELEGRAM_CHAT_ID').length === 0) {
+                const token = valueOf('AISY_TELEGRAM_BOT_TOKEN');
+                if (token.length > 0) {
+                    const gu = deps.validators.telegramGetUpdates;
+                    const chatId = await runTelegramPairing(token, {
+                        prompt: p,
+                        ...(gu ? { getUpdates: (t) => gu(t) } : {}),
+                        clock: () => Date.now(),
+                        genCode: () => `AISY-${randomUUID().slice(0, 4).toUpperCase()}`,
+                        sleep: (ms) => new Promise((r) => setTimeout(r, ms)),
+                    });
+                    if (chatId)
+                        collected['AISY_TELEGRAM_CHAT_ID'] = chatId;
+                }
+            }
+            for (const key of ['AISY_MEMORY_ROOT', 'AISY_DB_PATH']) {
+                if (valueOf(key).length === 0) {
+                    const v = (await p.ask(`Путь ${key}`)).trim();
+                    if (v.length > 0)
+                        collected[key] = v;
+                }
+            }
+        }
+        // Seed the redactor BEFORE any redact() on a failure detail. The vault is
+        // only persisted later (step [4], gated on success), so until then redact()
+        // over deps.vault.secretValues() would be a guaranteed no-op. Here we mask
+        // against the env secret VALUES directly so a rejection detail can never
+        // echo a secret, regardless of validation outcome (CSO-M3, AC-13-4/5).
+        const envSecretValues = new Set();
+        for (const key of REQUIRED_ENV_KEYS) {
+            const value = valueOf(key);
+            if (value.length > 0)
+                envSecretValues.add(value);
+        }
+        // Catalog-collected provider keys live outside REQUIRED_ENV_KEYS — mask them
+        // too so a rejection detail can never echo a provider secret (CSO-M3).
+        for (const value of Object.values(collected)) {
+            if (value.length > 0)
+                envSecretValues.add(value);
+        }
+        const redactInit = (s) => redactWith(envSecretValues, s);
+        // [1] Detect prerequisites — fail-closed with an actionable message (§7).
+        for (const tool of ['node', 'pnpm', 'docker']) {
+            const v = deps.prereqs.version(tool);
+            if (v === null) {
+                outcomes.push({ step: `prereq.${tool}`, result: 'failed', detail: `${tool} not found — install and re-run aisy init` });
+                failed = true;
+            }
+            else {
+                outcomes.push({ step: `prereq.${tool}`, result: 'done' });
+            }
+        }
+        // [2] Validate credentials via INJECTED validators (no real network).
+        // A secret VALUE is never written into detail — only status (AC-13-4/5).
+        if (catalogSelections.length > 0) {
+            // Catalog picker (ADR-0050): validate each DISTINCT chosen provider via the
+            // provider-aware ping. CLI providers carry no key and are skipped.
+            const catalog = deps.providerCatalog ?? [];
+            const seen = new Set();
+            for (const sel of catalogSelections) {
+                if (seen.has(sel.provider))
+                    continue;
+                seen.add(sel.provider);
+                const entry = catalog.find((e) => e.id === sel.provider);
+                if (!entry || !entry.needsKey || !entry.keyEnv) {
+                    outcomes.push({ step: `validate.provider.${sel.provider}`, result: 'done' });
+                    continue;
+                }
+                const key = valueOf(entry.keyEnv);
+                const baseUrl = valueOf(`AISY_PROVIDER_${entry.id.toUpperCase()}_BASE_URL`) || entry.defaultBaseUrl;
+                const ping = deps.validators.pingCatalogProvider
+                    ? await deps.validators.pingCatalogProvider({ providerId: sel.provider, key, ...(baseUrl ? { baseUrl } : {}) })
+                    : { ok: key.length > 0 };
+                if (ping.ok) {
+                    outcomes.push({ step: `validate.provider.${sel.provider}`, result: 'done' });
+                }
+                else {
+                    outcomes.push({
+                        step: `validate.provider.${sel.provider}`,
+                        result: 'failed',
+                        detail: redactInit(`${sel.provider} key rejected (HTTP ${ping.httpStatus ?? '???'})`),
+                    });
+                    failed = true;
+                }
+            }
+        }
+        else {
+            for (const tier of TIERS) {
+                const key = valueOf(`AISY_PROVIDER_${tier.toUpperCase()}_KEY`);
+                const ping = await deps.validators.pingProvider(tier, key);
+                if (ping.ok) {
+                    outcomes.push({ step: `validate.provider.${tier}`, result: 'done' });
+                }
+                else {
+                    outcomes.push({
+                        step: `validate.provider.${tier}`,
+                        result: 'failed',
+                        detail: redactInit(`${tier}-tier key rejected (HTTP ${ping.httpStatus ?? '???'})`),
+                    });
+                    failed = true;
+                }
+            }
+        }
+        {
+            const token = valueOf('AISY_TELEGRAM_BOT_TOKEN');
+            const me = await deps.validators.telegramGetMe(token);
+            if (me.ok) {
+                outcomes.push({ step: 'validate.telegram-token', result: 'done' });
+            }
+            else {
+                outcomes.push({
+                    step: 'validate.telegram-token',
+                    result: 'failed',
+                    detail: redactInit(`Telegram token rejected (HTTP ${me.httpStatus ?? '???'})`),
+                });
+                failed = true;
+            }
+        }
+        // [3] Scaffold files — only if absent (or populated→skip unless --force).
+        const scaffoldFile = (path) => {
+            const present = deps.fs.exists(path);
+            let populated = present && deps.fs.isPopulated(path);
+            // A template-only .env (every required key has an empty value) is NOT a
+            // real config: it must not be reported already-present, or doctor's
+            // env.required-keys check is silently masked. Re-scaffold so the operator
+            // gets a fresh template and the missing values are surfaced (AC-13-9).
+            if (present && populated && path === '.env' && parseEnvBody(deps.fs.read(path)).size === 0) {
+                populated = false;
+            }
+            if (present && populated && !force) {
+                outcomes.push({ step: `scaffold.${path}`, result: 'already-present' });
+                return;
+            }
+            if (present && !populated && path !== '.env' && !force) {
+                // present-but-empty (e.g. a crash mid-write) — leave it, treat as present.
+                outcomes.push({ step: `scaffold.${path}`, result: 'already-present' });
+                return;
+            }
+            deps.fs.write(path, templateFor(path));
+            scaffolded.push(path);
+            outcomes.push({ step: `scaffold.${path}`, result: 'done' });
+            emit('init.step', { step: `scaffold.${path}` });
+        };
+        for (const f of SCAFFOLD_FILES)
+            scaffoldFile(f);
+        for (const f of MEMORY_TREE_FILES)
+            scaffoldFile(f);
+        for (const d of MEMORY_TREE_DIRS) {
+            if (deps.fs.exists(d)) {
+                outcomes.push({ step: `scaffold.${d}`, result: 'already-present' });
+            }
+            else {
+                deps.fs.mkdirp(d);
+                outcomes.push({ step: `scaffold.${d}`, result: 'done' });
+            }
+        }
+        // [4] Seed vault (Safety 05) with validated secrets — never logged.
+        if (!failed) {
+            for (const key of REQUIRED_ENV_KEYS) {
+                const value = valueOf(key);
+                if (value.length > 0)
+                    deps.vault.seed(key, value);
+            }
+            // Catalog picker (ADR-0050) collects provider keys / base URLs under
+            // names outside REQUIRED_ENV_KEYS (e.g. AISY_PROVIDER_DEEPSEEK_KEY); seed
+            // those too so `aisy run` can resolve them from the vault.
+            const required = REQUIRED_ENV_KEYS;
+            for (const [key, value] of Object.entries(collected)) {
+                if (value.length > 0 && !required.includes(key))
+                    deps.vault.seed(key, value);
+            }
+            outcomes.push({ step: 'vault.seed', result: 'done' });
+        }
+        else {
+            outcomes.push({ step: 'vault.seed', result: 'skipped' });
+        }
+        // [5] Initialize stores: Memory.rebuildFromFiles() → SQLite FTS5 index.
+        if (!failed) {
+            await deps.memory.rebuildFromFiles();
+            outcomes.push({ step: 'stores.memory-index', result: 'done' });
+        }
+        else {
+            outcomes.push({ step: 'stores.memory-index', result: 'skipped' });
+        }
+        const completed = !failed;
+        emit('init.completed', { completed });
+        return { completed, outcomes, scaffolded };
+    }
+    // -------------------------------------------------------------------------
+    // doctor (§5.2) — read-only by default; --fix applies only fixable &&
+    // non-destructive repairs. ok:false iff any high/critical check fails.
+    // -------------------------------------------------------------------------
+    async function runChecks(opts) {
+        const checks = [];
+        const add = (c) => {
+            checks.push(c);
+            emit('doctor.check', { id: c.id, status: c.status });
+        };
+        const fix = opts.fix === true;
+        // ADR-0050: when a providers.json exists, doctor validates the CHOSEN
+        // providers (keys from the merged env/vault map) instead of legacy tiers.
+        const provCfg = deps.providersIn?.read() ?? null;
+        const catalog = deps.providerCatalog ?? [];
+        const chosenSelections = provCfg
+            ? [
+                ...(provCfg.default ? [provCfg.default] : []),
+                ...(provCfg.tiers ? Object.values(provCfg.tiers) : []),
+            ]
+            : [];
+        const distinctChosen = [...new Map(chosenSelections.map((s) => [s.provider, s])).values()];
+        const requiredKeys = provCfg
+            ? [
+                'AISY_TELEGRAM_BOT_TOKEN',
+                'AISY_TELEGRAM_CHAT_ID',
+                'AISY_MEMORY_ROOT',
+                'AISY_DB_PATH',
+                ...distinctChosen
+                    .map((s) => catalog.find((e) => e.id === s.provider))
+                    .filter((e) => !!e && e.needsKey && !!e.keyEnv)
+                    .map((e) => e.keyEnv),
+            ]
+            : REQUIRED_ENV_KEYS;
+        // env (critical) — required keys present.
+        {
+            let missing;
+            if (provCfg) {
+                missing = requiredKeys.filter((k) => envValueOf(k).length === 0);
+            }
+            else {
+                const body = deps.fs.exists('.env') ? deps.fs.read('.env') : '';
+                const present = parseEnvBody(body);
+                missing = requiredKeys.filter((k) => !present.has(k));
+            }
+            const ok = missing.length === 0;
+            add({
+                id: 'env.required-keys',
+                domain: 'env',
+                status: ok ? 'pass' : 'fail',
+                severity: 'critical',
+                detail: ok ? 'all required keys present' : `missing required keys: ${missing.join(', ')}`,
+                fixable: false,
+            });
+        }
+        // providers (high) — reachability ping. Catalog install ⇒ ping the chosen
+        // providers; otherwise the legacy per-tier ping.
+        if (provCfg) {
+            for (const sel of distinctChosen) {
+                const entry = catalog.find((e) => e.id === sel.provider);
+                if (!entry || !entry.needsKey || !entry.keyEnv) {
+                    add({
+                        id: `providers.${sel.provider}.reachable`,
+                        domain: 'providers',
+                        status: 'pass',
+                        severity: 'high',
+                        detail: `${sel.provider} needs no key`,
+                        fixable: false,
+                    });
+                    continue;
+                }
+                const key = envValueOf(entry.keyEnv);
+                const baseUrl = envValueOf(`AISY_PROVIDER_${entry.id.toUpperCase()}_BASE_URL`) || entry.defaultBaseUrl;
+                const ping = deps.validators.pingCatalogProvider
+                    ? await deps.validators.pingCatalogProvider({ providerId: sel.provider, key, ...(baseUrl ? { baseUrl } : {}) })
+                    : { ok: key.length > 0 };
+                add({
+                    id: `providers.${sel.provider}.reachable`,
+                    domain: 'providers',
+                    status: ping.ok ? 'pass' : 'fail',
+                    severity: 'high',
+                    detail: ping.ok ? `${sel.provider} key reachable` : redact(`${sel.provider} key rejected (HTTP ${ping.httpStatus ?? '???'})`),
+                    fixable: false,
+                });
+            }
+        }
+        else {
+            for (const tier of TIERS) {
+                const key = envValueOf(`AISY_PROVIDER_${tier.toUpperCase()}_KEY`);
+                const ping = await deps.validators.pingProvider(tier, key);
+                add({
+                    id: `providers.${tier}.reachable`,
+                    domain: 'providers',
+                    status: ping.ok ? 'pass' : 'fail',
+                    severity: 'high',
+                    detail: ping.ok ? `${tier} key reachable` : redact(`${tier} key rejected (HTTP ${ping.httpStatus ?? '???'})`),
+                    fixable: false,
+                });
+            }
+        }
+        // telegram (critical) — getMe + exactly one allowlisted chat_id (spec §4 matrix).
+        {
+            const token = envValueOf('AISY_TELEGRAM_BOT_TOKEN');
+            const me = await deps.validators.telegramGetMe(token);
+            add({
+                id: 'telegram.token-valid',
+                domain: 'telegram',
+                status: me.ok ? 'pass' : 'fail',
+                severity: 'critical',
+                detail: me.ok ? 'bot token valid' : redact(`token rejected (HTTP ${me.httpStatus ?? '???'})`),
+                fixable: false,
+            });
+            // Exactly one allowlisted chat_id must be configured: zero leaves the bot
+            // open to any chat; more than one is not the single-operator default.
+            const chatIds = envValueOf('AISY_TELEGRAM_CHAT_ID')
+                .split(/[\s,]+/)
+                .map((c) => c.trim())
+                .filter((c) => c.length > 0);
+            const oneChatId = chatIds.length === 1;
+            add({
+                id: 'telegram.chat-id-allowlist',
+                domain: 'telegram',
+                status: oneChatId ? 'pass' : 'fail',
+                severity: 'critical',
+                detail: oneChatId
+                    ? 'exactly one allowlisted chat_id set'
+                    : chatIds.length === 0
+                        ? 'no allowlisted chat_id set (AISY_TELEGRAM_CHAT_ID empty)'
+                        : `expected exactly one allowlisted chat_id, found ${chatIds.length}`,
+                fixable: false,
+            });
+        }
+        // memory (high) — tree exists + integrity_check. Fixable via rebuild.
+        {
+            const integrity = await deps.memory.integrityCheck();
+            const fixId = 'memory.rebuild-index';
+            if (!integrity.ok && fix) {
+                // FIXABLE, NON-DESTRUCTIVE: rebuild re-applies the forget invariant;
+                // it never deletes a fact (AC-13-10/11).
+                await deps.memory.rebuildFromFiles();
+                emit('doctor.fix', { fixId });
+                const after = await deps.memory.integrityCheck();
+                add({
+                    id: 'memory.integrity',
+                    domain: 'memory',
+                    status: after.ok ? 'pass' : 'fail',
+                    severity: 'high',
+                    detail: after.ok ? 'index rebuilt; integrity restored' : redact(after.detail ?? 'integrity check failed'),
+                    fixable: true,
+                    fixId,
+                });
+            }
+            else {
+                add({
+                    id: 'memory.integrity',
+                    domain: 'memory',
+                    status: integrity.ok ? 'pass' : 'fail',
+                    severity: 'high',
+                    detail: integrity.ok ? 'memory index consistent' : redact(integrity.detail ?? 'integrity check failed'),
+                    fixable: true,
+                    fixId,
+                });
+            }
+        }
+        // vault (critical) — loads + seeded secrets decrypt.
+        {
+            const ok = deps.vault.loads();
+            add({
+                id: 'vault.loads',
+                domain: 'vault',
+                status: ok ? 'pass' : 'fail',
+                severity: 'critical',
+                detail: ok ? 'vault loads; seeded secrets decrypt' : 'vault failed to load',
+                fixable: false,
+            });
+        }
+        // sandbox (high) — folds pnpm sandbox:doctor (AC-13-14).
+        {
+            const up = deps.sandbox.daemonUp();
+            const img = deps.sandbox.imagePresent();
+            const caps = deps.sandbox.capsDropped();
+            const ok = up && img && caps;
+            const detail = !up
+                ? 'Docker daemon down'
+                : !img
+                    ? 'sandbox image absent'
+                    : !caps
+                        ? 'caps not dropped'
+                        : `runtime=${deps.sandbox.runtime() ?? 'standard'}; caps dropped`;
+            add({
+                id: 'sandbox.docker',
+                domain: 'sandbox',
+                status: ok ? 'pass' : 'fail',
+                severity: 'high',
+                detail,
+                fixable: false,
+            });
+        }
+        // mcp (high) — allowlist parses + descriptor-hash pins match (AC-13-13).
+        {
+            const parses = deps.mcp.allowlistParses();
+            const hashes = deps.mcp.descriptorHashesMatch();
+            const ok = parses && hashes;
+            add({
+                id: 'mcp.descriptor-pins',
+                domain: 'mcp',
+                status: ok ? 'pass' : 'fail',
+                severity: 'high',
+                detail: !parses ? 'MCP allowlist failed to parse' : hashes ? 'descriptor hashes match pins' : 'descriptor hash mismatch since pin',
+                fixable: false,
+            });
+        }
+        // nightly (medium) — cron/timer registered + reachable.
+        {
+            const ok = deps.nightly.cronRegistered();
+            add({
+                id: 'nightly.cron',
+                domain: 'nightly',
+                status: ok ? 'pass' : 'fail',
+                severity: 'medium',
+                detail: ok ? 'consolidation timer registered' : 'consolidation timer not registered',
+                fixable: true,
+                fixId: 'nightly.register-cron',
+            });
+        }
+        // sidecars (medium) — Whisper model resolvable + ffmpeg on PATH.
+        {
+            const whisper = deps.whisperModelResolvable ? deps.whisperModelResolvable() : true;
+            const ffmpeg = deps.prereqs.version('ffmpeg') !== null;
+            const ok = whisper && ffmpeg;
+            add({
+                id: 'sidecars.media',
+                domain: 'sidecars',
+                status: ok ? 'pass' : 'fail',
+                severity: 'medium',
+                detail: !whisper ? 'Whisper model unresolvable' : !ffmpeg ? 'ffmpeg not on PATH' : 'Whisper + ffmpeg present',
+                fixable: false,
+            });
+        }
+        // disk (medium) — free space above threshold.
+        {
+            const free = deps.diskFreeBytes ? deps.diskFreeBytes() : Number.MAX_SAFE_INTEGER;
+            const threshold = deps.diskThresholdBytes ?? 1024 * 1024 * 1024;
+            const ok = free >= threshold;
+            add({
+                id: 'disk.free-space',
+                domain: 'disk',
+                status: ok ? 'pass' : 'fail',
+                severity: 'medium',
+                detail: ok ? 'free space above threshold' : 'free space below threshold',
+                fixable: false,
+            });
+        }
+        // clock (low) — sane + timezone resolvable, never literal "Auto".
+        {
+            const tz = deps.timezone ? deps.timezone() : 'UTC';
+            const ok = tz.length > 0 && tz !== 'Auto';
+            add({
+                id: 'clock.timezone',
+                domain: 'clock',
+                status: ok ? 'pass' : 'fail',
+                severity: 'low',
+                detail: ok ? `timezone=${tz}` : 'timezone unresolved (literal "Auto")',
+                fixable: false,
+            });
+        }
+        // Post-upgrade subset: keep the checks that catch migration breakage
+        // (env schema drift, MCP descriptor-hash mismatch, provider id resolve).
+        let filtered = checks;
+        if (opts.postUpgrade) {
+            const postUpgradeDomains = new Set(['env', 'mcp', 'providers', 'memory']);
+            filtered = filtered.filter((c) => postUpgradeDomains.has(c.domain));
+        }
+        if (opts.only) {
+            const only = new Set(opts.only);
+            filtered = filtered.filter((c) => only.has(c.domain));
+        }
+        if (opts.skip) {
+            const skip = new Set(opts.skip);
+            filtered = filtered.filter((c) => !skip.has(c.domain));
+        }
+        // Deterministic order: sorted by stable check id (§4, AC-13-12).
+        return filtered.sort((a, b) => (a.id < b.id ? -1 : a.id > b.id ? 1 : 0));
+    }
+    async function doctor(opts) {
+        const checks = await runChecks(opts);
+        // ok:false iff any high/critical check is "fail" (§3).
+        const ok = !checks.some((c) => c.status === 'fail' && (c.severity === 'high' || c.severity === 'critical'));
+        const report = { ok, ranAt: deps.clock.nowIso(), harnessVersion: deps.harnessVersion, checks };
+        emit('doctor.ran', { ok });
+        return report;
+    }
+    // -------------------------------------------------------------------------
+    // toJson — deterministic, secret-free serialization for `--json`.
+    // ranAt/harnessVersion are excluded so two runs over identical state diff
+    // byte-identically (AC-13-12); the check list is already id-sorted.
+    // -------------------------------------------------------------------------
+    function toJson(report) {
+        const stable = {
+            ok: report.ok,
+            checks: report.checks.map((c) => ({
+                id: c.id,
+                domain: c.domain,
+                status: c.status,
+                severity: c.severity,
+                detail: redact(c.detail),
+                fixable: c.fixable,
+                ...(c.fixId !== undefined ? { fixId: c.fixId } : {}),
+            })),
+        };
+        return JSON.stringify(stable, null, 2) + '\n';
+    }
+    // -------------------------------------------------------------------------
+    // diagnostics — redacted support bundle (§4, AC-13-15/16). Every secret
+    // value is replaced with «redacted»; redactedFields lists every secret key.
+    // -------------------------------------------------------------------------
+    async function diagnostics(opts) {
+        const out = opts.out ?? 'aisy-diagnostics';
+        const values = secretValues();
+        const redactedFields = [...deps.vault.secretKeys()].sort();
+        // meta.json — versions + ranAt.
+        deps.fs.write(`${out}/meta.json`, JSON.stringify({ harnessVersion: deps.harnessVersion, ranAt: deps.clock.nowIso() }, null, 2));
+        // doctor.json — the report (already redaction-safe details).
+        const report = await doctor({});
+        deps.fs.write(`${out}/doctor.json`, toJson(report));
+        // config.redacted.json — resolved config with every secret value stripped.
+        const config = {};
+        for (const key of REQUIRED_ENV_KEYS) {
+            const isSecret = /KEY$|TOKEN$/.test(key);
+            config[key] = isSecret ? '«redacted»' : redactWith(values, envValueOf(key));
+        }
+        deps.fs.write(`${out}/config.redacted.json`, JSON.stringify(config, null, 2));
+        // journal.tail.jsonl — recent events, secret-redacted (spec 12 CSO-M3).
+        const rawTail = deps.fs.exists('journal.raw') ? deps.fs.read('journal.raw') : '';
+        deps.fs.write(`${out}/journal.tail.jsonl`, redactWith(values, rawTail));
+        emit('diagnostics.exported', { bundlePath: out });
+        return { bundlePath: out, redactedFields };
+    }
+    return { init, doctor, toJson, diagnostics };
+}
+// Templates ship with the harness; the operator owns the result (§4).
+function templateFor(path) {
+    if (path === '.env') {
+        return REQUIRED_ENV_KEYS.map((k) => `${k}=`).join('\n') + '\n';
+    }
+    const name = path.split('/').pop() ?? path;
+    return `# ${name}\n\nScaffolded by aisy init. Edit this file directly.\n`;
+}
+// ===========================================================================
+// makeInSessionCommands — /status /usage /context /doctor /consolidate (§5.4)
+// Read-only commands never mutate; /consolidate only CONSTRUCTS+cards a
+// PendingAction (the Gateway tap is the only thing that runs Nightly).
+// ===========================================================================
+export function makeInSessionCommands(deps) {
+    const emit = (event, payload) => deps.events?.emit(event, payload);
+    function bucketFor(period, events) {
+        if (period === 'turn') {
+            // The "turn" bucket is the single most recent charge.
+            return events.length > 0 ? [events[events.length - 1]] : [];
+        }
+        if (period === 'day') {
+            // "day" filters to charges dated on the current calendar day (UTC),
+            // sourced from the injected clock so it stays deterministic in tests.
+            const today = deps.clock.nowIso().slice(0, 10); // YYYY-MM-DD
+            return events.filter((e) => new Date(e.at).toISOString().slice(0, 10) === today);
+        }
+        // "session" aggregates the full in-session event list (the journal only
+        // holds the current session's events).
+        return events;
+    }
+    return {
+        async status() {
+            emit('command.invoked', { command: 'status' });
+            const events = deps.cost.chargedEvents();
+            const sessionCostUsd = events.reduce((s, e) => s + e.dollars, 0);
+            const lastTurnCostUsd = events.length > 0 ? events[events.length - 1].dollars : 0;
+            return {
+                routing: deps.cost.routing(),
+                contextFill: deps.cost.contextFill(),
+                lastTurnCostUsd,
+                sessionCostUsd,
+            };
+        },
+        async usage(period = 'session') {
+            emit('command.invoked', { command: 'usage' });
+            const events = bucketFor(period, deps.cost.chargedEvents());
+            const byTier = { reasoning: 0, critique: 0, routine: 0 };
+            let totalUsd = 0;
+            for (const e of events) {
+                byTier[e.tier] += e.dollars;
+                totalUsd += e.dollars;
+            }
+            return { period, byTier, totalUsd };
+        },
+        async context() {
+            emit('command.invoked', { command: 'context' });
+            // Only metadata (kind/name/size) is surfaced — never a secret or a full
+            // fact body (AC-13-21).
+            const items = deps.contextInventory.items().map((i) => ({ kind: i.kind, name: i.name, size: i.size }));
+            const totalSize = items.reduce((s, i) => s + i.size, 0);
+            return { items, totalSize };
+        },
+        async runDoctor() {
+            emit('command.invoked', { command: 'doctor' });
+            // Read-only by contract — doctor({}) performs no writes (AC-13-22).
+            return deps.ops.doctor({});
+        },
+        async requestConsolidate() {
+            emit('command.invoked', { command: 'consolidate' });
+            const lockHeld = deps.nightly.runLockHeld();
+            // Build the PendingAction; the Gateway cards it. Issuance is never a run
+            // (AC-13-23). While the lock is held, the summary signals reject/queue so
+            // a tap cannot start a second concurrent run (AC-13-24).
+            const summary = lockHeld
+                ? 'A consolidation is already running (run-lock held) — request queued'
+                : 'Trigger a consolidation pass into the morning staging gate (not auto-promoted)';
+            const actionId = randomUUID();
+            const action = {
+                actionId,
+                actionHash: createHash('sha256').update(`consolidate:${actionId}`).digest('hex'),
+                tier: 2,
+                requiresStepUp: false,
+                summary,
+            };
+            await deps.card.issueCard(action);
+            return action;
+        },
+    };
+}
+export function makeBootstrapFlow(deps) {
+    const state = { started: false, completed: false, stepsDone: [] };
+    return {
+        async propose(span) {
+            // Setup runs strictly under operator provenance; an untrusted span never
+            // advances it and never even issues a card (AC-13-18; capability narrowing).
+            if (span.provenance !== 'operator')
+                return null;
+            const next = deps.steps.find((s) => !state.stepsDone.includes(s));
+            if (next === undefined)
+                return null;
+            if (!state.started) {
+                state.started = true;
+                deps.events?.emit('bootstrap.started');
+            }
+            // PROPOSE only: build a PendingAction and card it. Issuance is never
+            // confirmation — the operator's tap commits, exactly like any Tier-gated
+            // action (AC-13-17).
+            const actionId = randomUUID();
+            const action = {
+                actionId,
+                actionHash: createHash('sha256').update(`bootstrap:${next}:${actionId}`).digest('hex'),
+                tier: 2,
+                requiresStepUp: false,
+                summary: `BOOTSTRAP: configure "${next}"`,
+            };
+            const cardId = await deps.card.issueCard(action);
+            return { action, cardId };
+        },
+        // The ONLY setter of stepsDone — called by code on a confirmed card tap.
+        recordStepDone(stepId) {
+            if (!state.stepsDone.includes(stepId))
+                state.stepsDone.push(stepId);
+        },
+        // completed is set only by code, once all required steps are recorded
+        // (AC-13-17; the model can never self-complete setup).
+        markCompleteIfDone() {
+            const allDone = deps.steps.every((s) => state.stepsDone.includes(s));
+            if (allDone && !state.completed) {
+                state.completed = true;
+                deps.events?.emit('bootstrap.completed');
+            }
+        },
+        state() {
+            return { started: state.started, completed: state.completed, stepsDone: [...state.stepsDone] };
+        },
+    };
+}
+//# sourceMappingURL=index.js.map