@analyticscli/growth-engineer 0.1.0-preview.9 → 0.1.0

package/dist/runtime/openclaw-growth-preflight.mjs

@@ -3,13 +3,50 @@ import { existsSync, promises as fs } from 'node:fs';
 import path from 'node:path';
 import process from 'node:process';
 import { spawn } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
 import { classifyServiceKind, getActionMode, getAllSourceEntries, getDefaultSourceCommand, getGitHubActionNoun, getGitHubConnectionSummary, getGitHubRequirementText, shouldAutoCreateGitHubArtifact, } from './openclaw-growth-shared.mjs';
 import { applyOpenClawSecretRefs, loadOpenClawGrowthSecrets } from './openclaw-growth-env.mjs';
 const DEFAULT_CONFIG_PATH = 'data/openclaw-growth-engineer/config.json';
 const DEFAULT_CONNECTION_TIMEOUT_MS = 15_000;
+const RUNTIME_DIR = path.dirname(fileURLToPath(import.meta.url));
 const ANALYTICSCLI_PACKAGE_SPEC = process.env.ANALYTICSCLI_CLI_PACKAGE || '@analyticscli/cli@preview';
 const ANALYTICSCLI_NPM_PREFIX = process.env.ANALYTICSCLI_NPM_PREFIX ||
     (process.env.HOME ? path.join(process.env.HOME, '.local') : path.join(process.cwd(), '.analyticscli-npm'));
+const ACCOUNT_SIGNAL_CONNECTORS = [
+    'stripe',
+    'lemonsqueezy',
+    'adapty',
+    'superwall',
+    'google-play',
+    'datadog',
+    'bugsnag',
+    'intercom',
+    'zendesk',
+    'apple-search-ads',
+    'google-ads',
+    'meta-ads',
+    'tiktok-ads',
+    'vercel',
+    'cloudflare',
+    'resend',
+    'customerio',
+    'mailchimp',
+    'appfollow',
+    'apptweak',
+    'linear',
+    'postiz',
+];
+const SUPPORTED_CONNECTORS = [
+    'analytics',
+    'github',
+    'asc',
+    'revenuecat',
+    'paddle',
+    'seo',
+    'sentry',
+    'coolify',
+    ...ACCOUNT_SIGNAL_CONNECTORS,
+];
 function printHelpAndExit(exitCode, reason = null) {
     if (reason) {
         process.stderr.write(`${reason}\n\n`);
@@ -26,7 +63,7 @@ Options:
   --config <file>        Config path (default: ${DEFAULT_CONFIG_PATH})
   --test-connections     Run live API/connector smoke checks for enabled channels
   --only-connectors <list>
-                         Limit live checks to analytics,github,asc,revenuecat,sentry
+                         Limit live checks to ${SUPPORTED_CONNECTORS.join(',')}
   --timeout-ms <ms>      Connection test timeout in milliseconds (default: ${DEFAULT_CONNECTION_TIMEOUT_MS})
   --progress-json        Emit machine-readable progress events on stderr
   --json                 Print JSON only (default)
@@ -97,8 +134,58 @@ function normalizeConnectorKey(value) {
         return 'asc';
     if (['revenuecat', 'revenue-cat', 'rc', 'revenuecat-mcp'].includes(normalized))
         return 'revenuecat';
+    if (['paddle', 'paddle-billing', 'billing-metrics', 'web-revenue'].includes(normalized))
+        return 'paddle';
+    if (['seo', 'gsc', 'google-search-console', 'search-console', 'dataforseo', 'organic-search'].includes(normalized))
+        return 'seo';
     if (['sentry', 'sentry-api', 'sentry-mcp', 'glitchtip', 'crashes', 'errors', 'crash-reporting'].includes(normalized))
         return 'sentry';
+    if (['coolify', 'coolify-api', 'deployment', 'deployments', 'hosting', 'infra', 'infrastructure'].includes(normalized))
+        return 'coolify';
+    if (['stripe', 'stripe-billing', 'stripe-payments'].includes(normalized))
+        return 'stripe';
+    if (['lemonsqueezy', 'lemon-squeezy', 'lemon', 'ls'].includes(normalized))
+        return 'lemonsqueezy';
+    if (['adapty', 'adapty-paywalls', 'adapty-subscriptions'].includes(normalized))
+        return 'adapty';
+    if (['superwall', 'superwall-paywalls'].includes(normalized))
+        return 'superwall';
+    if (['google-play', 'google-play-console', 'play-console', 'play-store', 'android-store'].includes(normalized))
+        return 'google-play';
+    if (['datadog', 'datadog-rum', 'datadog-apm', 'datadog-logs'].includes(normalized))
+        return 'datadog';
+    if (['bugsnag', 'bugsnag-crashes'].includes(normalized))
+        return 'bugsnag';
+    if (['intercom', 'intercom-support'].includes(normalized))
+        return 'intercom';
+    if (['zendesk', 'zendesk-support'].includes(normalized))
+        return 'zendesk';
+    if (['apple-search-ads', 'apple-ads', 'asa', 'search-ads'].includes(normalized))
+        return 'apple-search-ads';
+    if (['google-ads', 'adwords'].includes(normalized))
+        return 'google-ads';
+    if (['meta-ads', 'facebook-ads', 'instagram-ads', 'fb-ads'].includes(normalized))
+        return 'meta-ads';
+    if (['tiktok-ads', 'tiktok-business', 'tiktok-business-api'].includes(normalized))
+        return 'tiktok-ads';
+    if (['vercel', 'vercel-deployments', 'vercel-hosting'].includes(normalized))
+        return 'vercel';
+    if (['cloudflare', 'cf', 'cloudflare-workers', 'cloudflare-pages'].includes(normalized))
+        return 'cloudflare';
+    if (['resend', 'resend-email'].includes(normalized))
+        return 'resend';
+    if (['customerio', 'customer-io', 'customer.io', 'cio'].includes(normalized))
+        return 'customerio';
+    if (['mailchimp', 'mailchimp-marketing'].includes(normalized))
+        return 'mailchimp';
+    if (['appfollow', 'app-follow'].includes(normalized))
+        return 'appfollow';
+    if (['apptweak', 'app-tweak'].includes(normalized))
+        return 'apptweak';
+    if (['linear', 'linear-issues', 'linear-planning'].includes(normalized))
+        return 'linear';
+    if (['postiz', 'postiz-api', 'social-publishing', 'social-scheduler'].includes(normalized))
+        return 'postiz';
     return null;
 }
 function parseConnectorList(value) {
@@ -108,14 +195,10 @@ function parseConnectorList(value) {
     for (const entry of String(value).split(',')) {
         const connector = normalizeConnectorKey(entry);
         if (!connector) {
-            printHelpAndExit(1, `Unknown connector: ${entry.trim()}. Use analytics, github, asc, revenuecat, sentry, or all.`);
+            printHelpAndExit(1, `Unknown connector: ${entry.trim()}. Use ${SUPPORTED_CONNECTORS.join(', ')}, or all.`);
         }
         if (connector === 'all') {
-            connectors.add('analytics');
-            connectors.add('github');
-            connectors.add('asc');
-            connectors.add('revenuecat');
-            connectors.add('sentry');
+            SUPPORTED_CONNECTORS.forEach((supported) => connectors.add(supported));
         }
         else {
             connectors.add(connector);
@@ -129,6 +212,54 @@ function shellQuote(value) {
     }
     return `'${String(value).replace(/'/g, `'\\''`)}'`;
 }
+function resolveRuntimeScriptPath(scriptName) {
+    const candidates = [
+        path.join(RUNTIME_DIR, scriptName),
+        path.join(process.cwd(), 'scripts', scriptName),
+        path.join(process.cwd(), 'skills', 'openclaw-growth-engineer', 'scripts', scriptName),
+    ];
+    for (const candidate of candidates) {
+        if (existsSync(candidate))
+            return candidate;
+    }
+    return path.join(RUNTIME_DIR, scriptName);
+}
+function nodeRuntimeScriptCommand(scriptName) {
+    return `node ${shellQuote(resolveRuntimeScriptPath(scriptName))}`;
+}
+function replaceLegacyRuntimeScriptCommand(command) {
+    const trimmed = String(command || '').trim();
+    if (!trimmed)
+        return trimmed;
+    return trimmed.replace(/^node\s+scripts\/(export-analytics-summary\.mjs|export-revenuecat-summary\.mjs|export-paddle-summary\.mjs|export-seo-summary\.mjs|export-sentry-summary\.mjs|export-asc-summary\.mjs|openclaw-growth-start\.mjs|openclaw-growth-status\.mjs|openclaw-growth-preflight\.mjs|openclaw-growth-runner\.mjs|openclaw-growth-engineer\.mjs)(?=\s|$)/, (_match, scriptName) => nodeRuntimeScriptCommand(scriptName));
+}
+function commandHasConfigArg(command) {
+    return /(?:^|\s)--config(?:=|\s|$)/.test(String(command || ''));
+}
+function commandIsBuiltinExporter(command) {
+    return /(?:^|\s)(?:node\s+)?(?:\S*\/)?(?:export-analytics-summary|export-revenuecat-summary|export-paddle-summary|export-seo-summary|export-sentry-summary|export-coolify-summary|export-asc-summary)\.mjs(?:\s|$)/.test(String(command || ''));
+}
+function commandSupportsActiveConfig(command) {
+    return /(?:^|\s)(?:node\s+)?(?:\S*\/)?(?:export-sentry-summary|export-coolify-summary)\.mjs(?:\s|$)/.test(String(command || ''));
+}
+function withActiveConfigArg(command, configPath) {
+    const trimmed = String(command || '').trim();
+    if (!trimmed || !configPath || !commandIsBuiltinExporter(trimmed)) {
+        return trimmed;
+    }
+    if (!commandSupportsActiveConfig(trimmed)) {
+        return trimmed
+            .replace(/(^|\s)--config=(?:"[^"]*"|'[^']*'|\S+)/, '$1')
+            .replace(/(^|\s)--config\s+(?:"[^"]*"|'[^']*'|\S+)/, '$1')
+            .trim();
+    }
+    if (commandHasConfigArg(trimmed)) {
+        return trimmed
+            .replace(/(^|\s)--config=(?:"[^"]*"|'[^']*'|\S+)/, `$1--config ${shellQuote(configPath)}`)
+            .replace(/(^|\s)--config\s+(?:"[^"]*"|'[^']*'|\S+)/, `$1--config ${shellQuote(configPath)}`);
+    }
+    return `${trimmed} --config ${shellQuote(configPath)}`;
+}
 function resolveShellCommand() {
     const candidates = [
         process.env.OPENCLAW_SHELL,
@@ -146,12 +277,21 @@ function resolveShellCommand() {
     }
     return 'sh';
 }
+function hardenUnattendedShellCommand(command) {
+    return String(command || '').replace(/(^|[;&|]\s*)sudo(?!\s+-n(?:\s|$))(?=\s|$)/g, '$1sudo -n');
+}
 function runShell(command, options = {}) {
     return new Promise((resolve) => {
-        const child = spawn(resolveShellCommand(), ['-c', command], {
+        const child = spawn(resolveShellCommand(), ['-c', hardenUnattendedShellCommand(command)], {
             stdio: ['ignore', 'pipe', 'pipe'],
             cwd: options.cwd,
-            env: options.env ? { ...process.env, ...options.env } : process.env,
+            env: {
+                ...process.env,
+                ...(options.env || {}),
+                DEBIAN_FRONTEND: 'noninteractive',
+                SUDO_ASKPASS: '/bin/false',
+                SUDO_PROMPT: '',
+            },
         });
         let stdout = '';
         let stderr = '';
@@ -388,7 +528,8 @@ function isPortableCommandDefault(sourceName, command) {
     const expected = getDefaultSourceCommand(sourceName);
     if (!expected)
         return false;
-    return String(command || '').trim().startsWith(expected);
+    const trimmed = String(command || '').trim();
+    return trimmed.startsWith(expected) || replaceLegacyRuntimeScriptCommand(trimmed) !== trimmed;
 }
 function truncate(value, max = 240) {
     const text = String(value || '');
@@ -562,9 +703,47 @@ async function testRevenueCatConnection(revenuecatToken, timeoutMs) {
         };
     }
 }
+async function testPaddleConnection(paddleToken, timeoutMs) {
+    if (!paddleToken) {
+        return {
+            ok: false,
+            detail: 'missing token',
+        };
+    }
+    const to = new Date().toISOString().slice(0, 10);
+    const fromDate = new Date();
+    fromDate.setUTCDate(fromDate.getUTCDate() - 2);
+    const from = fromDate.toISOString().slice(0, 10);
+    try {
+        const response = await fetchWithTimeout(`https://api.paddle.com/metrics/revenue?from=${encodeURIComponent(from)}&to=${encodeURIComponent(to)}`, {
+            method: 'GET',
+            headers: {
+                Accept: 'application/json',
+                Authorization: `Bearer ${paddleToken}`,
+                'Paddle-Version': '1',
+            },
+        }, timeoutMs);
+        if (!response.ok) {
+            return {
+                ok: false,
+                detail: `HTTP ${response.status}: ${truncate(response.body)}`,
+            };
+        }
+        return {
+            ok: true,
+            detail: `HTTP ${response.status}`,
+        };
+    }
+    catch (error) {
+        return {
+            ok: false,
+            detail: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
 function describeAnalyticsConnectionFailure(detail, analyticsTokenEnv, hasAnalyticsToken) {
     if (!hasAnalyticsToken) {
-        return `AnalyticsCLI needs query access. Run \`node scripts/openclaw-growth-wizard.mjs --connectors analytics\`, create or copy a readonly CLI token in dash.analyticscli.com -> API Keys, and paste it into the local terminal wizard. Raw error: ${detail}`;
+        return `AnalyticsCLI needs query access. Run \`npx -y @analyticscli/growth-engineer@preview wizard --connectors analytics\`, create or copy a readonly CLI token in dash.analyticscli.com -> API Keys, and paste it into the local terminal wizard. Raw error: ${detail}`;
     }
     return `AnalyticsCLI connection failed with \`${analyticsTokenEnv}\` set. Verify that the pasted readonly CLI token is current and has project access. Raw error: ${detail}`;
 }
@@ -601,6 +780,62 @@ async function testSentryConnection(sentryToken, timeoutMs, baseUrl = 'https://s
         };
     }
 }
+function normalizeCoolifyBaseUrl(value) {
+    const raw = String(value || '').trim().replace(/\/+$/, '');
+    if (!raw)
+        return '';
+    return /^https?:\/\//i.test(raw) ? raw : `https://${raw}`;
+}
+function resolveCoolifyApiBaseUrl(baseUrl) {
+    const normalized = normalizeCoolifyBaseUrl(baseUrl);
+    if (!normalized)
+        return '';
+    if (/\/api\/v1$/i.test(normalized))
+        return normalized;
+    if (/\/api$/i.test(normalized))
+        return `${normalized}/v1`;
+    return `${normalized}/api/v1`;
+}
+async function testCoolifyConnection(coolifyToken, timeoutMs, baseUrl) {
+    if (!coolifyToken) {
+        return {
+            ok: false,
+            detail: 'missing token',
+        };
+    }
+    const apiBaseUrl = resolveCoolifyApiBaseUrl(baseUrl);
+    if (!apiBaseUrl) {
+        return {
+            ok: false,
+            detail: 'missing base URL',
+        };
+    }
+    try {
+        const response = await fetchWithTimeout(`${apiBaseUrl}/applications?limit=1`, {
+            method: 'GET',
+            headers: {
+                Accept: 'application/json',
+                Authorization: `Bearer ${coolifyToken}`,
+            },
+        }, timeoutMs);
+        if (!response.ok) {
+            return {
+                ok: false,
+                detail: `HTTP ${response.status}: ${truncate(response.body)}`,
+            };
+        }
+        return {
+            ok: true,
+            detail: `HTTP ${response.status}`,
+        };
+    }
+    catch (error) {
+        return {
+            ok: false,
+            detail: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
 function normalizeSentryAccounts(config, sentryTokenEnv) {
     const sentrySource = config?.sources?.sentry;
     const accounts = Array.isArray(sentrySource?.accounts) ? sentrySource.accounts : [];
@@ -612,6 +847,13 @@ function normalizeSentryAccounts(config, sentryTokenEnv) {
             label: String(account?.label || account?.name || account?.id || `Sentry ${index + 1}`).trim(),
             tokenEnv: String(account?.tokenEnv || account?.token_env || account?.secretEnv || sentryTokenEnv).trim(),
             baseUrl: String(account?.baseUrl || account?.base_url || account?.url || 'https://sentry.io').trim(),
+            org: String(account?.org || account?.organization || '').trim(),
+            projects: Array.isArray(account?.projects)
+                ? account.projects.map((project) => String(typeof project === 'string' ? project : project?.project || project?.slug || '').trim()).filter(Boolean)
+                : account?.project
+                    ? [String(account.project).trim()].filter(Boolean)
+                    : [],
+            environment: String(account?.environment || process.env.SENTRY_ENVIRONMENT || 'production').trim(),
         }));
     }
     return [
@@ -620,9 +862,24 @@ function normalizeSentryAccounts(config, sentryTokenEnv) {
             label: 'Sentry',
             tokenEnv: sentryTokenEnv,
             baseUrl: String(process.env.SENTRY_BASE_URL || 'https://sentry.io').trim(),
+            org: String(process.env.SENTRY_ORG || '').trim(),
+            projects: String(process.env.SENTRY_PROJECT || '').trim() ? [String(process.env.SENTRY_PROJECT).trim()] : [],
+            environment: String(process.env.SENTRY_ENVIRONMENT || 'production').trim(),
         },
     ];
 }
+function describeSentryAccountTarget(account) {
+    const parts = [
+        account.label,
+        `id=${account.key}`,
+        `baseUrl=${account.baseUrl || 'https://sentry.io'}`,
+        account.org ? `org=${account.org}` : null,
+        account.projects?.length ? `projects=${account.projects.join(',')}` : null,
+        account.environment ? `environment=${account.environment}` : null,
+        account.tokenEnv ? `tokenEnv=${account.tokenEnv}` : null,
+    ].filter(Boolean);
+    return parts.join(' ');
+}
 async function testGitHubConnection(githubToken, githubRepo, timeoutMs, actionMode) {
     if (!githubToken) {
         return {
@@ -727,11 +984,14 @@ async function testCommandSourceJson(command, cwd = process.cwd()) {
 function onlyAllows(onlyConnectors, connector) {
     return !Array.isArray(onlyConnectors) || onlyConnectors.length === 0 || onlyConnectors.includes(connector);
 }
-async function runConnectionChecks({ checks, config, timeoutMs, progressJson = false, onlyConnectors = [] }) {
+async function runConnectionChecks({ checks, config, configPath, timeoutMs, progressJson = false, onlyConnectors = [] }) {
     const tasks = [];
     const analyticsTokenEnv = getSecretName(config, 'analyticsTokenEnv', 'ANALYTICSCLI_ACCESS_TOKEN');
     const revenuecatTokenEnv = getSecretName(config, 'revenuecatTokenEnv', 'REVENUECAT_API_KEY');
+    const paddleTokenEnv = getSecretName(config, 'paddleTokenEnv', 'PADDLE_API_KEY');
+    const gscTokenEnv = getSecretName(config, 'gscTokenEnv', 'GOOGLE_SEARCH_CONSOLE_ACCESS_TOKEN');
     const sentryTokenEnv = getSecretName(config, 'sentryTokenEnv', 'SENTRY_AUTH_TOKEN');
+    const coolifyTokenEnv = getSecretName(config, 'coolifyTokenEnv', 'COOLIFY_API_TOKEN');
     const feedbackTokenEnv = getSecretName(config, 'feedbackTokenEnv', 'FEEDBACK_API_TOKEN');
     const githubTokenEnv = getSecretName(config, 'githubTokenEnv', 'GITHUB_TOKEN');
     const githubRepo = isConfiguredGitHubRepo(config?.project?.githubRepo)
@@ -755,7 +1015,7 @@ async function runConnectionChecks({ checks, config, timeoutMs, progressJson = f
                         ? analyticsConnection.detail
                         : describeAnalyticsConnectionFailure(analyticsConnection.detail, analyticsTokenEnv, hasAnalyticsToken), analyticsConnection.ok ? 'pass' : analyticsSource?.mode === 'command' ? 'fail' : 'warn');
                     if (analyticsSource?.mode === 'command') {
-                        const command = String(analyticsSource.command || '').trim();
+                        const command = withActiveConfigArg(replaceLegacyRuntimeScriptCommand(String(analyticsSource.command || '').trim()), configPath);
                         if (!command) {
                             addCheck(checks, 'connection:analytics-command', false, 'analytics source uses command mode but no command configured');
                         }
@@ -798,6 +1058,81 @@ async function runConnectionChecks({ checks, config, timeoutMs, progressJson = f
             },
         });
     }
+    const paddleSource = config.sources?.paddle;
+    if (onlyAllows(onlyConnectors, 'paddle')) {
+        scheduleProgressGroup(tasks, checks, progressJson, {
+            key: 'paddle',
+            label: 'Paddle',
+            detail: 'metrics API auth + revenue read',
+            run: async (groupChecks) => {
+                if (sourceEnabled(config, 'paddle')) {
+                    const token = process.env[paddleTokenEnv] || '';
+                    if (!token) {
+                        addCheck(groupChecks, 'connection:paddle', false, `${paddleTokenEnv} missing (required for live Paddle metrics API test)`, paddleSource?.mode === 'command' ? 'fail' : 'warn');
+                    }
+                    else {
+                        const paddleConnection = await testPaddleConnection(token, timeoutMs);
+                        addCheck(groupChecks, 'connection:paddle', paddleConnection.ok, paddleConnection.ok
+                            ? `Paddle metrics auth check passed (${paddleConnection.detail})`
+                            : `Paddle metrics auth check failed (${paddleConnection.detail})`);
+                    }
+                    if (paddleSource?.mode === 'command') {
+                        const command = withActiveConfigArg(replaceLegacyRuntimeScriptCommand(String(paddleSource.command || '').trim()), configPath);
+                        if (!command) {
+                            addCheck(groupChecks, 'connection:paddle-command', false, 'paddle source uses command mode but no command configured');
+                        }
+                        else {
+                            const commandCheck = await testCommandSourceJson(`${command} --last 2d --max-signals 1`, commandCwd);
+                            addCheck(groupChecks, 'connection:paddle-command', commandCheck.ok, commandCheck.ok
+                                ? 'Paddle command smoke test passed'
+                                : `Paddle command smoke test failed (${commandCheck.detail})`);
+                        }
+                    }
+                }
+                else {
+                    addCheck(groupChecks, 'connection:paddle', true, 'source disabled');
+                }
+            },
+        });
+    }
+    const seoSource = config.sources?.seo;
+    if (onlyAllows(onlyConnectors, 'seo')) {
+        scheduleProgressGroup(tasks, checks, progressJson, {
+            key: 'seo',
+            label: 'SEO / GSC',
+            detail: 'Search Console auth or CSV/DataForSEO config',
+            run: async (groupChecks) => {
+                if (sourceEnabled(config, 'seo')) {
+                    const hasGscCredential = Boolean(process.env[gscTokenEnv] ||
+                        process.env.GSC_ACCESS_TOKEN ||
+                        process.env.GOOGLE_APPLICATION_CREDENTIALS ||
+                        process.env.GSC_SERVICE_ACCOUNT_JSON ||
+                        process.env.GOOGLE_SERVICE_ACCOUNT_JSON);
+                    addCheck(groupChecks, 'connection:seo:gsc-credentials', hasGscCredential || seoSource?.mode !== 'command', hasGscCredential
+                        ? 'GSC credential is configured'
+                        : 'GSC credential missing; command can still run in CSV-only mode if --gsc-csv/--csv is configured', hasGscCredential ? 'pass' : 'warn');
+                    addCheck(groupChecks, 'connection:seo:gsc-site', true, process.env.GSC_SITE_URL || seoSource?.siteUrl || seoSource?.site_url
+                        ? 'GSC site/property is pinned intentionally'
+                        : 'no GSC site/property pinned; exporter will list and query all verified Search Console properties', 'pass');
+                    if (seoSource?.mode === 'command') {
+                        const command = withActiveConfigArg(replaceLegacyRuntimeScriptCommand(String(seoSource.command || '').trim()), configPath);
+                        if (!command) {
+                            addCheck(groupChecks, 'connection:seo-command', false, 'seo source uses command mode but no command configured');
+                        }
+                        else {
+                            const commandCheck = await testCommandSourceJson(`${command} --row-limit 5 --max-signals 1`, commandCwd);
+                            addCheck(groupChecks, 'connection:seo-command', commandCheck.ok, commandCheck.ok
+                                ? 'SEO command smoke test passed'
+                                : `SEO command smoke test failed (${commandCheck.detail})`, hasGscCredential || /--csv|--gsc-csv/.test(command) ? 'fail' : 'warn');
+                        }
+                    }
+                }
+                else {
+                    addCheck(groupChecks, 'connection:seo', true, 'source disabled');
+                }
+            },
+        });
+    }
     const sentrySource = config.sources?.sentry;
     if (onlyAllows(onlyConnectors, 'sentry')) {
         scheduleProgressGroup(tasks, checks, progressJson, {
@@ -810,17 +1145,18 @@ async function runConnectionChecks({ checks, config, timeoutMs, progressJson = f
                     for (const account of sentryAccounts) {
                         const token = process.env[account.tokenEnv] || '';
                         const checkName = sentryAccounts.length > 1 ? `connection:sentry:${account.key}` : 'connection:sentry';
+                        const accountTarget = describeSentryAccountTarget(account);
                         if (!token) {
-                            addCheck(groupChecks, checkName, false, `${account.tokenEnv} missing (required for live Sentry API test for ${account.label})`, sentrySource?.mode === 'command' ? 'fail' : 'warn');
+                            addCheck(groupChecks, checkName, false, `${account.tokenEnv} missing (required for live Sentry API test for ${accountTarget})`, sentrySource?.mode === 'command' ? 'fail' : 'warn');
                             continue;
                         }
                         const sentryConnection = await testSentryConnection(token, timeoutMs, account.baseUrl);
                         addCheck(groupChecks, checkName, sentryConnection.ok, sentryConnection.ok
-                            ? `${account.label} auth check passed (${sentryConnection.detail})`
-                            : `${account.label} auth check failed (${sentryConnection.detail})`);
+                            ? `${accountTarget} auth check passed (${sentryConnection.detail})`
+                            : `${accountTarget} auth check failed (${sentryConnection.detail})`);
                     }
                     if (sentrySource?.mode === 'command') {
-                        const command = String(sentrySource.command || '').trim();
+                        const command = withActiveConfigArg(replaceLegacyRuntimeScriptCommand(String(sentrySource.command || '').trim()), configPath);
                         if (!command) {
                             addCheck(groupChecks, 'connection:sentry-command', false, 'sentry source uses command mode but no command configured');
                         }
@@ -828,12 +1164,56 @@ async function runConnectionChecks({ checks, config, timeoutMs, progressJson = f
                             const commandCheck = await testCommandSourceJson(`${command} --limit 1 --max-signals 1 --last 24h`, commandCwd);
                             addCheck(groupChecks, 'connection:sentry-command', commandCheck.ok, commandCheck.ok
                                 ? 'Sentry command smoke test passed'
-                                : `Sentry command smoke test failed (${commandCheck.detail})`);
+                                : `Sentry command smoke test failed (${commandCheck.detail}); configured accounts: ${sentryAccounts.map(describeSentryAccountTarget).join(' | ')}`);
+                        }
+                    }
+                }
+                else {
+                    const requiredByConnectorSetup = onlyAllows(onlyConnectors, 'sentry') && onlyConnectors.length > 0;
+                    addCheck(groupChecks, 'connection:sentry', !requiredByConnectorSetup, requiredByConnectorSetup
+                        ? 'selected Sentry connector is still disabled in sources.sentry'
+                        : 'source disabled');
+                }
+            },
+        });
+    }
+    const coolifySource = config.sources?.coolify;
+    if (onlyAllows(onlyConnectors, 'coolify')) {
+        scheduleProgressGroup(tasks, checks, progressJson, {
+            key: 'coolify',
+            label: 'Coolify',
+            detail: 'API key auth + deployment/resource read',
+            run: async (groupChecks) => {
+                if (sourceEnabled(config, 'coolify')) {
+                    const token = process.env[coolifySource?.tokenEnv || coolifySource?.secretEnv || coolifyTokenEnv] || '';
+                    const baseUrl = String(coolifySource?.baseUrl || coolifySource?.base_url || process.env.COOLIFY_BASE_URL || '').trim();
+                    if (!token) {
+                        addCheck(groupChecks, 'connection:coolify', false, `${coolifySource?.tokenEnv || coolifySource?.secretEnv || coolifyTokenEnv} missing (required for live Coolify API test)`, coolifySource?.mode === 'command' ? 'fail' : 'warn');
+                    }
+                    else if (!baseUrl) {
+                        addCheck(groupChecks, 'connection:coolify', false, 'COOLIFY_BASE_URL or sources.coolify.baseUrl missing (required for live Coolify API test)', coolifySource?.mode === 'command' ? 'fail' : 'warn');
+                    }
+                    else {
+                        const coolifyConnection = await testCoolifyConnection(token, timeoutMs, baseUrl);
+                        addCheck(groupChecks, 'connection:coolify', coolifyConnection.ok, coolifyConnection.ok
+                            ? `Coolify auth check passed (${coolifyConnection.detail})`
+                            : `Coolify auth check failed (${coolifyConnection.detail})`);
+                    }
+                    if (coolifySource?.mode === 'command') {
+                        const command = withActiveConfigArg(replaceLegacyRuntimeScriptCommand(String(coolifySource.command || '').trim()), configPath);
+                        if (!command) {
+                            addCheck(groupChecks, 'connection:coolify-command', false, 'coolify source uses command mode but no command configured');
+                        }
+                        else {
+                            const commandCheck = await testCommandSourceJson(`${command} --limit 1 --max-signals 1 --last 24h`, commandCwd);
+                            addCheck(groupChecks, 'connection:coolify-command', commandCheck.ok, commandCheck.ok
+                                ? 'Coolify command smoke test passed'
+                                : `Coolify command smoke test failed (${commandCheck.detail})`);
                         }
                     }
                 }
                 else {
-                    addCheck(groupChecks, 'connection:sentry', true, 'source disabled');
+                    addCheck(groupChecks, 'connection:coolify', true, 'source disabled');
                 }
             },
         });
@@ -843,7 +1223,7 @@ async function runConnectionChecks({ checks, config, timeoutMs, progressJson = f
         // Skip feedback during focused connector checks.
     }
     else if (sourceEnabled(config, 'feedback') && feedbackSource?.mode === 'command') {
-        const command = String(feedbackSource.command || '').trim();
+        const command = withActiveConfigArg(replaceLegacyRuntimeScriptCommand(String(feedbackSource.command || '').trim()), configPath);
         if (!command) {
             addCheck(checks, 'connection:feedback', false, 'feedback source uses command mode but no command configured');
         }
@@ -867,13 +1247,20 @@ async function runConnectionChecks({ checks, config, timeoutMs, progressJson = f
     }
     for (const extraSource of getAllSourceEntries(config).filter((source) => !source.builtIn)) {
         const serviceKind = classifyServiceKind(extraSource.service || extraSource.key);
-        const connectorKind = serviceKind === 'store'
-            ? 'asc'
-            : serviceKind === 'revenue'
-                ? 'revenuecat'
-                : serviceKind === 'crash'
-                    ? 'sentry'
-                    : serviceKind;
+        const explicitConnectorKind = normalizeConnectorKey(extraSource.key || extraSource.service);
+        const connectorKind = explicitConnectorKind && explicitConnectorKind !== 'all'
+            ? explicitConnectorKind
+            : serviceKind === 'store'
+                ? 'asc'
+                : serviceKind === 'revenue'
+                    ? 'revenuecat'
+                    : serviceKind === 'crash'
+                        ? 'sentry'
+                        : serviceKind === 'infrastructure'
+                            ? 'coolify'
+                            : serviceKind === 'seo'
+                                ? 'seo'
+                                : serviceKind;
         if (!onlyAllows(onlyConnectors, connectorKind))
             continue;
         const checkName = `connection:${extraSource.key}`;
@@ -882,13 +1269,13 @@ async function runConnectionChecks({ checks, config, timeoutMs, progressJson = f
             continue;
         }
         if (extraSource.mode === 'command') {
-            const command = String(extraSource.command || '').trim();
+            const command = withActiveConfigArg(replaceLegacyRuntimeScriptCommand(String(extraSource.command || '').trim()), configPath);
             if (!command) {
                 addCheck(checks, checkName, false, 'source uses command mode but no command configured');
                 continue;
             }
             const smokeCommand = connectorKind === 'asc' && command.includes('export-asc-summary')
-                ? `${command} --skip-web-analytics --reviews-limit 1 --feedback-limit 1 --max-signals 1`
+                ? `${command} --reviews-limit 1 --feedback-limit 1 --max-signals 1`
                 : command;
             const commandCheck = await testCommandSourceJson(smokeCommand, commandCwd);
             addCheck(checks, checkName, commandCheck.ok, commandCheck.ok
@@ -999,7 +1386,7 @@ async function main() {
                 continue;
             }
             if (source.mode === 'command') {
-                const command = String(source.command || '').trim();
+                const command = replaceLegacyRuntimeScriptCommand(String(source.command || '').trim());
                 if (!command) {
                     addCheck(checks, `source:${sourceName}:command`, false, 'mode=command but no command configured');
                     continue;
@@ -1020,6 +1407,26 @@ async function main() {
                     const hasRevenuecatToken = Boolean(process.env[revenuecatTokenEnv]);
                     addCheck(checks, `secret:${revenuecatTokenEnv}`, hasRevenuecatToken, hasRevenuecatToken ? 'set (required for RevenueCat command mode)' : 'missing (required for RevenueCat command mode)');
                 }
+                if (sourceName === 'paddle') {
+                    const paddleTokenEnv = getSecretName(config, 'paddleTokenEnv', 'PADDLE_API_KEY');
+                    const hasPaddleToken = Boolean(process.env[paddleTokenEnv]);
+                    addCheck(checks, `secret:${paddleTokenEnv}`, hasPaddleToken, hasPaddleToken ? 'set (required for Paddle command mode)' : 'missing (required for Paddle command mode)');
+                }
+                if (sourceName === 'seo') {
+                    const gscTokenEnv = getSecretName(config, 'gscTokenEnv', 'GOOGLE_SEARCH_CONSOLE_ACCESS_TOKEN');
+                    const hasSearchConsoleAuth = Boolean(process.env[gscTokenEnv] ||
+                        process.env.GSC_ACCESS_TOKEN ||
+                        process.env.GOOGLE_APPLICATION_CREDENTIALS ||
+                        process.env.GSC_SERVICE_ACCOUNT_JSON ||
+                        process.env.GOOGLE_SERVICE_ACCOUNT_JSON);
+                    const commandText = String(source.command || '');
+                    const csvOnly = /--csv|--gsc-csv/.test(commandText);
+                    addCheck(checks, `secret:${gscTokenEnv}`, hasSearchConsoleAuth || csvOnly, hasSearchConsoleAuth
+                        ? 'set or service-account auth configured'
+                        : csvOnly
+                            ? 'not required for configured CSV-only SEO command'
+                            : 'missing (required for GSC API mode; CSV-only mode may use --gsc-csv/--csv)', hasSearchConsoleAuth || csvOnly ? 'pass' : 'warn');
+                }
                 if (sourceName === 'sentry') {
                     const sentryTokenEnv = getSecretName(config, 'sentryTokenEnv', 'SENTRY_AUTH_TOKEN');
                     for (const account of normalizeSentryAccounts(config, sentryTokenEnv)) {
@@ -1029,6 +1436,14 @@ async function main() {
                             : `missing (required for ${account.label} Sentry command mode)`);
                     }
                 }
+                if (sourceName === 'coolify') {
+                    const coolifyTokenEnv = getSecretName(config, 'coolifyTokenEnv', 'COOLIFY_API_TOKEN');
+                    const tokenEnv = String(source.tokenEnv || source.secretEnv || coolifyTokenEnv).trim();
+                    const hasCoolifyToken = Boolean(process.env[tokenEnv]);
+                    const hasCoolifyBaseUrl = Boolean(source.baseUrl || source.base_url || process.env.COOLIFY_BASE_URL);
+                    addCheck(checks, `secret:${tokenEnv}`, hasCoolifyToken, hasCoolifyToken ? 'set (required for Coolify command mode)' : 'missing (required for Coolify command mode)');
+                    addCheck(checks, 'source:coolify:base-url', hasCoolifyBaseUrl, hasCoolifyBaseUrl ? 'configured' : 'missing COOLIFY_BASE_URL or sources.coolify.baseUrl');
+                }
                 if (!source.builtIn && source.secretEnv) {
                     const hasConnectorToken = Boolean(process.env[source.secretEnv]);
                     addCheck(checks, `secret:${source.secretEnv}`, hasConnectorToken, hasConnectorToken
@@ -1081,6 +1496,7 @@ async function main() {
             await runConnectionChecks({
                 checks,
                 config,
+                configPath,
                 progressJson: args.progressJson,
                 timeoutMs: args.timeoutMs,
                 onlyConnectors: args.onlyConnectors,