@appfleet-cli/cli 0.1.0

package/dist/project-memory.js

@@ -0,0 +1,1529 @@
+import { randomUUID } from "node:crypto";
+import { execFile } from "node:child_process";
+import { request as httpRequest } from "node:http";
+import { request as httpsRequest } from "node:https";
+import { mkdir, readFile, readdir, stat, writeFile } from "node:fs/promises";
+import { promisify } from "node:util";
+import { basename, dirname, extname, join, resolve } from "node:path";
+import { createAppProjectMemory, createDemoFleetProjectMemories, createProjectDoctorReport, createProjectMemorySyncRequest, createProjectMemorySyncResult, createProjectStatusSummary, } from "@appfleet/domain";
+const defaultStorePath = defaultProjectMemoryStorePath(process.cwd());
+const redirectStatusCodes = new Set([301, 302, 303, 307, 308]);
+const execFileAsync = promisify(execFile);
+export function parseProjectMemoryCommand(argv) {
+    const normalizedArgv = argv[0] === "--" ? argv.slice(1) : argv;
+    if (normalizedArgv[0] !== "projects") {
+        throw new Error("usage: projects <create|edit|env|discover|remember|brief|status|doctor|dashboard|check|sync|seed-demo-fleet> [arguments]");
+    }
+    const action = normalizedArgv[1];
+    if (action === "seed-demo-fleet") {
+        return { action };
+    }
+    if (action === "discover") {
+        return {
+            action,
+            rootPath: readOptionalPositional(normalizedArgv, 2),
+            appId: readFlag(normalizedArgv, "--project"),
+            name: readFlag(normalizedArgv, "--name"),
+            canonicalUrl: readFlag(normalizedArgv, "--url"),
+            remember: hasFlag(normalizedArgv, "--remember"),
+            outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+        };
+    }
+    if (action === "brief") {
+        return {
+            action,
+            appId: readOptionalPositional(normalizedArgv, 2),
+            outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+        };
+    }
+    if (action === "status" || action === "doctor" || action === "dashboard") {
+        return {
+            action,
+            appId: readOptionalPositional(normalizedArgv, 2),
+            outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+        };
+    }
+    if (action === "check") {
+        const appId = normalizedArgv[2];
+        if (!appId) {
+            throw new Error("usage: projects check <project>");
+        }
+        return { action, appId };
+    }
+    if (action === "sync") {
+        return {
+            action,
+            workspaceId: readFlag(normalizedArgv, "--workspace") ?? "workspace_local",
+            outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+        };
+    }
+    if (action === "create" || action === "remember") {
+        const appId = normalizedArgv[2];
+        const canonicalUrl = readFlag(normalizedArgv, "--url");
+        if (!appId || !canonicalUrl) {
+            throw new Error(`usage: projects ${action} <project> --url <url>`);
+        }
+        return {
+            action,
+            appId,
+            name: readFlag(normalizedArgv, "--name") ?? appId,
+            canonicalUrl,
+            repoUrl: readFlag(normalizedArgv, "--repo"),
+            gitRemoteFingerprint: readFlag(normalizedArgv, "--git-remote-fingerprint"),
+            localPaths: readRepeatedFlag(normalizedArgv, "--path"),
+            rememberedUrls: readRepeatedFlag(normalizedArgv, "--remembered-url"),
+            providers: readRepeatedFlag(normalizedArgv, "--provider").map(providerMemoryFromInput),
+            environmentAliases: readRepeatedFlag(normalizedArgv, "--env-alias").map(envAliasFromInput),
+            notes: readRepeatedFlag(normalizedArgv, "--note"),
+            outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+        };
+    }
+    if (action === "edit") {
+        const appId = normalizedArgv[2];
+        if (!appId) {
+            throw new Error("usage: projects edit <project> [options]");
+        }
+        return {
+            action,
+            appId,
+            name: readFlag(normalizedArgv, "--name"),
+            canonicalUrl: readFlag(normalizedArgv, "--url"),
+            repoUrl: readFlag(normalizedArgv, "--repo"),
+            gitRemoteFingerprint: readFlag(normalizedArgv, "--git-remote-fingerprint"),
+            rememberedUrls: readRepeatedFlag(normalizedArgv, "--remembered-url"),
+            providers: readRepeatedFlag(normalizedArgv, "--provider").map(providerMemoryFromInput),
+            environmentAliases: readRepeatedFlag(normalizedArgv, "--env-alias").map(envAliasFromInput),
+            notes: readRepeatedFlag(normalizedArgv, "--note"),
+            outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+        };
+    }
+    if (action === "env") {
+        const envAction = normalizedArgv[2];
+        const appId = normalizedArgv[3];
+        if (envAction === "list") {
+            if (!appId) {
+                throw new Error("usage: projects env list <project> [--json]");
+            }
+            return {
+                action: "env-list",
+                appId,
+                outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+            };
+        }
+        if (envAction === "add") {
+            const environment = normalizedArgv[4];
+            if (!appId || !environment) {
+                throw new Error("usage: projects env add <project> <environment> [options]");
+            }
+            return {
+                action: "env-add",
+                appId,
+                environment,
+                environmentAliases: readRepeatedFlag(normalizedArgv, "--env-alias").map(envAliasFromInput),
+                outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+            };
+        }
+        if (envAction === "remove") {
+            const environment = normalizedArgv[4];
+            if (!appId || !environment) {
+                throw new Error("usage: projects env remove <project> <environment> [options]");
+            }
+            return {
+                action: "env-remove",
+                appId,
+                environment,
+                environmentAliasNames: readRepeatedFlag(normalizedArgv, "--env-alias").map(envAliasNameFromInput),
+                outputFormat: hasFlag(normalizedArgv, "--json") ? "json" : "human",
+            };
+        }
+        throw new Error("usage: projects env <list|add|remove> [arguments]");
+    }
+    throw new Error("usage: projects <create|edit|env|discover|remember|brief|status|doctor|dashboard|check|sync|seed-demo-fleet> [arguments]");
+}
+export async function runProjectMemoryCommand(argv, options = {}) {
+    const checkUrl = options.checkUrl ?? checkHttpStatus;
+    const now = options.now ?? (() => new Date());
+    let parsed;
+    try {
+        parsed = parseProjectMemoryCommand(argv);
+    }
+    catch (error) {
+        return {
+            exitCode: 1,
+            stdout: "",
+            stderr: `AppFleet project memory failed: ${errorMessage(error)}\n`,
+        };
+    }
+    const storePath = options.storePath ?? defaultStorePathForCommand(parsed, options);
+    try {
+        if (parsed.action === "seed-demo-fleet") {
+            const memories = createDemoFleetProjectMemories({
+                checkedAt: now().toISOString(),
+            });
+            await upsertProjectMemories(storePath, memories);
+            return {
+                exitCode: 0,
+                stdout: formatDemoFleetSaved(memories),
+                stderr: "",
+            };
+        }
+        if (parsed.action === "discover") {
+            const rootPath = resolve(parsed.rootPath ?? options.projectRoot ?? process.cwd());
+            const gitRemoteFingerprint = options.currentGitRemoteFingerprint ??
+                (await (options.detectGitRemoteFingerprint ??
+                    (() => detectCurrentGitRemoteFingerprint(rootPath)))());
+            const discovery = await discoverLocalProject({
+                rootPath,
+                appId: parsed.appId,
+                name: parsed.name,
+                canonicalUrl: parsed.canonicalUrl,
+                gitRemoteFingerprint,
+                remember: parsed.remember,
+            });
+            if (parsed.remember) {
+                if (!discovery.project.canonicalUrl) {
+                    return {
+                        exitCode: 1,
+                        stdout: "",
+                        stderr: "AppFleet project discovery failed: --remember requires --url or package.json homepage\n",
+                    };
+                }
+                await upsertProjectMemory(storePath, memoryFromDiscovery(discovery));
+            }
+            const report = parsed.remember
+                ? { ...discovery, remembered: true }
+                : discovery;
+            return {
+                exitCode: 0,
+                stdout: parsed.outputFormat === "json"
+                    ? formatJson(report)
+                    : formatProjectDiscovery(report),
+                stderr: "",
+            };
+        }
+        if (parsed.action === "create" || parsed.action === "remember") {
+            const gitRemoteFingerprint = parsed.gitRemoteFingerprint ??
+                options.currentGitRemoteFingerprint ??
+                (await (options.detectGitRemoteFingerprint ??
+                    detectCurrentGitRemoteFingerprint)());
+            const memory = createMemoryFromSafeInput(parsed, gitRemoteFingerprint);
+            await upsertProjectMemory(storePath, memory);
+            return {
+                exitCode: 0,
+                stdout: parsed.outputFormat === "json"
+                    ? formatJson(createRememberResult(memory))
+                    : formatMemorySaved(memory),
+                stderr: "",
+            };
+        }
+        if (parsed.action === "edit" ||
+            parsed.action === "env-list" ||
+            parsed.action === "env-add" ||
+            parsed.action === "env-remove") {
+            const memories = await readProjectMemories(storePath);
+            const memory = memories.find((candidate) => candidate.id === parsed.appId);
+            if (!memory) {
+                return {
+                    exitCode: 1,
+                    stdout: "",
+                    stderr: `AppFleet project memory failed: no project memory for ${parsed.appId}\n`,
+                };
+            }
+            if (parsed.action === "env-list") {
+                const result = createProjectEnvResult(memory);
+                return {
+                    exitCode: 0,
+                    stdout: parsed.outputFormat === "json"
+                        ? formatJson(result)
+                        : formatProjectEnvResult(result),
+                    stderr: "",
+                };
+            }
+            const updatedMemory = parsed.action === "edit"
+                ? editProjectMemory(memory, parsed)
+                : parsed.action === "env-add"
+                    ? addProjectEnvironment(memory, parsed)
+                    : removeProjectEnvironment(memory, parsed);
+            await upsertProjectMemory(storePath, updatedMemory);
+            const result = createProjectEnvResult(updatedMemory);
+            return {
+                exitCode: 0,
+                stdout: parsed.outputFormat === "json"
+                    ? formatJson(result)
+                    : parsed.action === "edit"
+                        ? formatMemorySaved(updatedMemory)
+                        : formatProjectEnvResult(result),
+                stderr: "",
+            };
+        }
+        const memories = await readProjectMemories(storePath);
+        if (parsed.action === "brief" ||
+            parsed.action === "status" ||
+            parsed.action === "doctor" ||
+            parsed.action === "dashboard") {
+            const currentGitRemoteFingerprint = options.currentGitRemoteFingerprint ??
+                (await (options.detectGitRemoteFingerprint ??
+                    detectCurrentGitRemoteFingerprint)());
+            if (parsed.action === "dashboard") {
+                const resolvedForDashboard = resolveProjectMemory(memories, {
+                    appId: parsed.appId,
+                    currentGitRemoteFingerprint,
+                });
+                if (parsed.appId && !resolvedForDashboard.ok) {
+                    return {
+                        exitCode: 1,
+                        stdout: "",
+                        stderr: `${resolvedForDashboard.message}\n`,
+                    };
+                }
+                const guide = createDashboardGuide({
+                    memories,
+                    selectedMemory: resolvedForDashboard.ok
+                        ? resolvedForDashboard.memory
+                        : undefined,
+                    storePath,
+                });
+                return {
+                    exitCode: 0,
+                    stdout: parsed.outputFormat === "json"
+                        ? formatJson(guide)
+                        : formatDashboardGuide(guide),
+                    stderr: "",
+                };
+            }
+            const resolved = resolveProjectMemory(memories, {
+                appId: parsed.appId,
+                currentGitRemoteFingerprint,
+            });
+            if (!resolved.ok) {
+                return { exitCode: 1, stdout: "", stderr: `${resolved.message}\n` };
+            }
+            if (parsed.action === "status") {
+                const summary = createProjectStatusSummary({
+                    memory: resolved.memory,
+                    nextActions: createStatusNextActions(resolved.memory),
+                });
+                return {
+                    exitCode: 0,
+                    stdout: parsed.outputFormat === "json"
+                        ? formatJson(summary)
+                        : formatProjectStatus(summary),
+                    stderr: "",
+                };
+            }
+            if (parsed.action === "doctor") {
+                const doctorResult = await createDoctorReport({
+                    memory: resolved.memory,
+                    currentGitRemoteFingerprint,
+                    checkUrl,
+                    checkedAt: now().toISOString(),
+                });
+                const report = doctorResult.report;
+                await upsertProjectMemory(storePath, createAppProjectMemory({
+                    ...resolved.memory,
+                    latestCheck: doctorResult.latestCheck,
+                    latestDoctorReport: report,
+                }));
+                return {
+                    exitCode: 0,
+                    stdout: parsed.outputFormat === "json"
+                        ? formatJson(report)
+                        : formatProjectDoctor(report),
+                    stderr: "",
+                };
+            }
+            return {
+                exitCode: 0,
+                stdout: parsed.outputFormat === "json"
+                    ? formatJson(createProjectBriefDocument(resolved.memory))
+                    : formatProjectBrief(resolved.memory),
+                stderr: "",
+            };
+        }
+        if (parsed.action === "sync") {
+            const createdAt = now().toISOString();
+            const syncRequest = createProjectMemorySyncRequest({
+                workspaceId: parsed.workspaceId,
+                createdAt,
+                memories,
+            });
+            return {
+                exitCode: 0,
+                stdout: parsed.outputFormat === "json"
+                    ? formatJson({
+                        request: syncRequest,
+                        result: createProjectMemorySyncResult({
+                            workspaceId: parsed.workspaceId,
+                            createdAt,
+                            acceptedProjectIds: syncRequest.envelopes.map((envelope) => envelope.projectId),
+                        }),
+                    })
+                    : formatSyncScaffold(syncRequest),
+                stderr: "",
+            };
+        }
+        const memory = memories.find((candidate) => candidate.id === parsed.appId);
+        if (!memory) {
+            return {
+                exitCode: 1,
+                stdout: "",
+                stderr: `AppFleet project memory failed: no project memory for ${parsed.appId}\n`,
+            };
+        }
+        const latestCheck = normalizeStatusCheck(await checkUrl(memory.canonicalUrl));
+        const rememberedChecks = await Promise.all(memory.rememberedUrls.map(async (url) => normalizeStatusCheck(await checkUrl(url))));
+        const updatedMemory = createAppProjectMemory({ ...memory, latestCheck });
+        await upsertProjectMemory(storePath, updatedMemory);
+        return {
+            exitCode: 0,
+            stdout: formatCheckResult(updatedMemory, latestCheck, rememberedChecks),
+            stderr: "",
+        };
+    }
+    catch (error) {
+        return {
+            exitCode: 1,
+            stdout: "",
+            stderr: `AppFleet project memory failed: ${errorMessage(error)}\n`,
+        };
+    }
+}
+function defaultStorePathForCommand(parsed, options) {
+    const rootPath = parsed.action === "discover" && parsed.rootPath
+        ? resolve(parsed.rootPath)
+        : options.projectRoot ?? process.cwd();
+    return defaultProjectMemoryStorePath(rootPath);
+}
+export async function readProjectMemories(storePath = defaultStorePath) {
+    try {
+        const raw = await readFile(storePath, "utf8");
+        const parsed = JSON.parse(raw);
+        return parsed.map(createAppProjectMemory);
+    }
+    catch (error) {
+        if (error.code === "ENOENT") {
+            return [];
+        }
+        throw error;
+    }
+}
+export async function writeProjectMemories(storePath, memories) {
+    await mkdir(dirname(storePath), { recursive: true });
+    await writeFile(storePath, `${JSON.stringify(memories, null, 2)}\n`, {
+        mode: 0o600,
+    });
+}
+export async function upsertProjectMemory(storePath, memory) {
+    await upsertProjectMemories(storePath, [memory]);
+}
+export async function upsertProjectMemories(storePath, memoriesToUpsert) {
+    const memories = await readProjectMemories(storePath);
+    const upsertIds = new Set(memoriesToUpsert.map((memory) => memory.id));
+    const withoutExisting = memories.filter((candidate) => !upsertIds.has(candidate.id));
+    await writeProjectMemories(storePath, [...withoutExisting, ...memoriesToUpsert]);
+}
+export async function discoverLocalProject(input) {
+    const rootPath = resolve(input.rootPath);
+    const packageJson = await readPackageJson(rootPath);
+    const appId = input.appId ?? slugify(packageJson?.name ?? basename(rootPath));
+    const name = input.name ?? packageJson?.name ?? titleFromSlug(appId);
+    const canonicalUrl = input.canonicalUrl ?? safeUrl(packageJson?.homepage);
+    const repoUrl = repoUrlFromPackage(packageJson);
+    const fileInventory = await collectSafeSourceFiles(rootPath);
+    const sourceText = await readSafeSourceText(fileInventory.files);
+    const providers = inferProviders({
+        packageJson,
+        rootPath,
+        sourceText,
+        filePaths: fileInventory.files,
+    });
+    const environmentAliases = inferEnvironmentAliases(sourceText);
+    return {
+        type: "project_discovery_report",
+        version: 1,
+        rootPath,
+        project: {
+            id: appId,
+            name,
+            canonicalUrl,
+            repoUrl,
+            gitRemoteFingerprint: input.gitRemoteFingerprint,
+        },
+        packageManager: detectPackageManager(fileInventory.files),
+        providers,
+        environmentAliases,
+        filesScanned: fileInventory.files.length,
+        skippedPaths: fileInventory.skippedPaths,
+        remembered: Boolean(input.remember),
+        productionCloudPersistenceImplemented: false,
+        trustBoundary: [
+            "Discovery reads package metadata and source/config filenames only.",
+            "Discovery skips .env files, .appfleet, node_modules, .git, test files, build output, and encrypted vault files.",
+            "Discovery records env alias names only; it never stores values.",
+            "Discovery does not call provider APIs or infer provider health.",
+        ],
+        nextActions: input.remember
+            ? [
+                "Run projects status for the imported project.",
+                "Run projects doctor to perform safe URL and metadata checks.",
+                "Use secrets set to store local encrypted values for discovered aliases.",
+            ]
+            : [
+                "Run projects discover --remember --url <url> to import these safe facts.",
+                "Review discovered aliases before storing any secret values in the local vault.",
+            ],
+    };
+}
+function memoryFromDiscovery(discovery) {
+    if (!discovery.project.canonicalUrl) {
+        throw new Error("discovery import requires a canonical URL");
+    }
+    return createAppProjectMemory({
+        id: discovery.project.id,
+        name: discovery.project.name,
+        identity: {
+            id: discovery.project.id,
+            name: discovery.project.name,
+            repoUrl: discovery.project.repoUrl,
+            gitRemoteFingerprint: discovery.project.gitRemoteFingerprint,
+            rememberedLocalPaths: [discovery.rootPath],
+        },
+        canonicalUrl: discovery.project.canonicalUrl,
+        rememberedUrls: [],
+        domain: {
+            canonicalUrl: discovery.project.canonicalUrl,
+            rememberedUrls: [],
+            customDomainBought: false,
+            notes: "Imported from safe local project discovery.",
+        },
+        providers: discovery.providers,
+        environments: ["unknown"],
+        environmentAliases: discovery.environmentAliases,
+        credentialReferences: [],
+        troubleshootingNotes: [
+            "Project was imported from local safe metadata discovery.",
+            "Provider health remains unknown until checked explicitly.",
+        ],
+        nextPlaceToLook: [
+            "Run projects doctor to check public URLs.",
+            "Use secrets set for local encrypted values matching discovered aliases.",
+        ],
+        cloudSync: {
+            intendedSourceOfTruth: "appfleet_cloud",
+            productionPersistenceImplemented: false,
+        },
+    });
+}
+function createMemoryFromSafeInput(parsed, gitRemoteFingerprint) {
+    return createAppProjectMemory({
+        id: parsed.appId,
+        name: parsed.name,
+        identity: {
+            id: parsed.appId,
+            name: parsed.name,
+            repoUrl: parsed.repoUrl,
+            gitRemoteFingerprint,
+            rememberedLocalPaths: parsed.localPaths,
+        },
+        canonicalUrl: parsed.canonicalUrl,
+        rememberedUrls: parsed.rememberedUrls,
+        domain: {
+            canonicalUrl: parsed.canonicalUrl,
+            rememberedUrls: parsed.rememberedUrls,
+            customDomainBought: false,
+            notes: parsed.rememberedUrls.length > 0
+                ? "Remembered URLs recorded as safe public recovery facts."
+                : "No custom domain recorded in AppFleet yet.",
+        },
+        providers: parsed.providers,
+        environments: ["unknown"],
+        environmentAliases: parsed.environmentAliases,
+        credentialReferences: [],
+        troubleshootingNotes: parsed.notes,
+        nextPlaceToLook: [
+            "Check the canonical URL first.",
+            "If the app loads but behavior is broken, check backend provider status next.",
+        ],
+        cloudSync: {
+            intendedSourceOfTruth: "appfleet_cloud",
+            productionPersistenceImplemented: false,
+        },
+    });
+}
+function editProjectMemory(memory, parsed) {
+    const name = parsed.name ?? memory.name;
+    const canonicalUrl = parsed.canonicalUrl ?? memory.canonicalUrl;
+    const rememberedUrls = dedupeStrings([
+        ...memory.rememberedUrls,
+        ...parsed.rememberedUrls,
+    ]);
+    return createAppProjectMemory({
+        ...memory,
+        name,
+        identity: {
+            ...memory.identity,
+            name,
+            repoUrl: parsed.repoUrl ?? memory.identity.repoUrl,
+            gitRemoteFingerprint: parsed.gitRemoteFingerprint ?? memory.identity.gitRemoteFingerprint,
+        },
+        canonicalUrl,
+        rememberedUrls,
+        domain: {
+            ...memory.domain,
+            canonicalUrl,
+            rememberedUrls,
+        },
+        providers: mergeProviders(memory.providers, parsed.providers),
+        environmentAliases: mergeEnvironmentAliases(memory.environmentAliases, parsed.environmentAliases),
+        troubleshootingNotes: dedupeStrings([
+            ...memory.troubleshootingNotes,
+            ...parsed.notes,
+        ]),
+    });
+}
+function addProjectEnvironment(memory, parsed) {
+    const existing = memory.environments.length === 1 && memory.environments[0] === "unknown"
+        ? []
+        : memory.environments;
+    return createAppProjectMemory({
+        ...memory,
+        environments: dedupeStrings([...existing, parsed.environment]),
+        environmentAliases: mergeEnvironmentAliases(memory.environmentAliases, parsed.environmentAliases),
+    });
+}
+function removeProjectEnvironment(memory, parsed) {
+    const environments = memory.environments.filter((environment) => environment !== parsed.environment);
+    const aliasNames = new Set(parsed.environmentAliasNames);
+    return createAppProjectMemory({
+        ...memory,
+        environments: environments.length > 0 ? environments : ["unknown"],
+        environmentAliases: aliasNames.size === 0
+            ? memory.environmentAliases
+            : memory.environmentAliases.filter((alias) => !aliasNames.has(alias.name)),
+    });
+}
+function mergeProviders(existing, incoming) {
+    const byId = new Map(existing.map((provider) => [provider.id, provider]));
+    for (const provider of incoming) {
+        byId.set(provider.id, provider);
+    }
+    return Array.from(byId.values());
+}
+function mergeEnvironmentAliases(existing, incoming) {
+    const byName = new Map(existing.map((alias) => [alias.name, alias]));
+    for (const alias of incoming) {
+        byName.set(alias.name, { ...alias, valueStored: false });
+    }
+    return Array.from(byName.values());
+}
+function dedupeStrings(values) {
+    return Array.from(new Set(values.map((value) => value.trim()).filter(Boolean)));
+}
+export function resolveProjectMemory(memories, input) {
+    if (input.appId) {
+        const memory = memories.find((candidate) => candidate.id === input.appId);
+        return memory
+            ? { ok: true, memory }
+            : {
+                ok: false,
+                message: `AppFleet project memory failed: no project memory for ${input.appId}`,
+            };
+    }
+    if (input.currentGitRemoteFingerprint) {
+        const matches = memories.filter((candidate) => candidate.identity.gitRemoteFingerprint ===
+            input.currentGitRemoteFingerprint);
+        if (matches.length === 1) {
+            return { ok: true, memory: matches[0] };
+        }
+        if (matches.length > 1) {
+            return {
+                ok: false,
+                message: "AppFleet project memory found multiple matching projects; choose one explicitly.",
+            };
+        }
+    }
+    return {
+        ok: false,
+        message: "AppFleet project memory found no matching project; run projects remember first.",
+    };
+}
+export async function detectCurrentGitRemoteFingerprint(cwd) {
+    try {
+        const { stdout } = await execFileAsync("git", ["remote", "get-url", "origin"], cwd ? { cwd } : undefined);
+        return normalizeGitRemoteFingerprint(stdout.toString());
+    }
+    catch {
+        return undefined;
+    }
+}
+export function normalizeGitRemoteFingerprint(remoteUrl) {
+    const trimmed = remoteUrl.trim();
+    if (!trimmed) {
+        return undefined;
+    }
+    const sshMatch = /^git@([^:]+):(.+?)(?:\.git)?$/i.exec(trimmed);
+    if (sshMatch) {
+        return normalizeRepositoryFingerprint(sshMatch[1], sshMatch[2]);
+    }
+    try {
+        const parsed = new URL(trimmed);
+        return normalizeRepositoryFingerprint(parsed.hostname, parsed.pathname);
+    }
+    catch {
+        return undefined;
+    }
+}
+export async function checkHttpStatus(url) {
+    return await checkHttpStatusWithRedirects(url, "HEAD", 0);
+}
+async function checkHttpStatusWithRedirects(url, method, redirectCount) {
+    const checkedAt = new Date().toISOString();
+    const startedAt = Date.now();
+    try {
+        const response = await requestUrl(url, method);
+        const latencyMs = Date.now() - startedAt;
+        if (response.statusCode &&
+            redirectStatusCodes.has(response.statusCode) &&
+            response.location &&
+            redirectCount < 5) {
+            return await checkHttpStatusWithRedirects(new URL(response.location, url).toString(), method, redirectCount + 1);
+        }
+        if (response.statusCode === 405 && method === "HEAD") {
+            return await checkHttpStatusWithRedirects(url, "GET", redirectCount);
+        }
+        const status = statusFromHttpCode(response.statusCode);
+        return {
+            checkedAt,
+            url,
+            status,
+            latencyMs,
+            httpStatusCode: response.statusCode,
+            tlsCertificateExpiresAt: response.tlsCertificateExpiresAt,
+            tlsCertificateDaysRemaining: response.tlsCertificateDaysRemaining,
+            failureCategory: status === "up" ? undefined : "http_error",
+            message: status === "up"
+                ? "HTTP check succeeded"
+                : `HTTP check returned ${response.statusCode ?? "unknown status"}`,
+        };
+    }
+    catch (error) {
+        const failureCategory = failureCategoryFromError(error);
+        return {
+            checkedAt,
+            url,
+            status: failureCategory === "tls_error" ? "misconfigured" : "down",
+            latencyMs: Date.now() - startedAt,
+            failureCategory,
+            message: errorMessage(error),
+        };
+    }
+}
+function requestUrl(url, method) {
+    return new Promise((resolvePromise, reject) => {
+        const parsed = new URL(url);
+        const request = (parsed.protocol === "http:" ? httpRequest : httpsRequest)(parsed, { method, timeout: 10_000 }, (response) => {
+            const tlsCertificate = tlsCertificateMetadata(response);
+            response.resume();
+            response.on("end", () => resolvePromise({
+                statusCode: response.statusCode,
+                location: response.headers.location,
+                ...tlsCertificate,
+            }));
+        });
+        request.on("timeout", () => {
+            request.destroy(new Error("HTTP check timed out"));
+        });
+        request.on("error", reject);
+        request.end();
+    });
+}
+function tlsCertificateMetadata(response) {
+    const socket = response.socket;
+    const certificate = socket?.getPeerCertificate?.();
+    if (!certificate?.valid_to) {
+        return {};
+    }
+    const expiresAtMs = Date.parse(certificate.valid_to);
+    if (Number.isNaN(expiresAtMs)) {
+        return {};
+    }
+    return {
+        tlsCertificateExpiresAt: new Date(expiresAtMs).toISOString(),
+        tlsCertificateDaysRemaining: Math.floor((expiresAtMs - Date.now()) / 86_400_000),
+    };
+}
+function statusFromHttpCode(statusCode) {
+    if (!statusCode) {
+        return "unknown";
+    }
+    return statusCode >= 200 && statusCode < 400 ? "up" : "down";
+}
+function failureCategoryFromError(error) {
+    const code = error.code;
+    if (code === "ENOTFOUND" || code === "EAI_AGAIN") {
+        return "dns_error";
+    }
+    if (code === "ERR_TLS_CERT_ALTNAME_INVALID" || code === "CERT_HAS_EXPIRED") {
+        return "tls_error";
+    }
+    if (error.message?.toLowerCase().includes("timed out")) {
+        return "timeout";
+    }
+    return "unknown_error";
+}
+const ignoredDiscoveryDirectories = new Set([
+    ".appfleet",
+    ".git",
+    ".next",
+    "__tests__",
+    "coverage",
+    "dist",
+    "build",
+    "node_modules",
+    "test",
+    "tests",
+]);
+const ignoredDiscoveryFilenames = new Set([
+    ".env",
+    ".env.local",
+    ".env.development",
+    ".env.production",
+    ".env.test",
+    "local-vault.json",
+    "vault-audit.jsonl",
+    "prototype-audit.jsonl",
+]);
+const readableDiscoveryExtensions = new Set([
+    ".cjs",
+    ".cts",
+    ".js",
+    ".jsx",
+    ".mjs",
+    ".mts",
+    ".ts",
+    ".tsx",
+    ".json",
+    ".toml",
+    ".yaml",
+    ".yml",
+]);
+const ignoredEnvironmentAliases = new Set([
+    "CI",
+    "HOME",
+    "INIT_CWD",
+    "NODE_ENV",
+    "PATH",
+    "PORT",
+    "PWD",
+    "SHELL",
+    "TERM",
+    "TMPDIR",
+    "USER",
+]);
+async function readPackageJson(rootPath) {
+    try {
+        const raw = await readFile(join(rootPath, "package.json"), "utf8");
+        return JSON.parse(raw);
+    }
+    catch (error) {
+        if (error.code === "ENOENT") {
+            return undefined;
+        }
+        throw error;
+    }
+}
+async function collectSafeSourceFiles(rootPath) {
+    const files = [];
+    const skippedPaths = [];
+    async function visit(directory) {
+        const entries = await readdir(directory, { withFileTypes: true });
+        for (const entry of entries) {
+            const absolutePath = join(directory, entry.name);
+            const relativePath = absolutePath.replace(`${rootPath}/`, "");
+            if (entry.isDirectory()) {
+                if (ignoredDiscoveryDirectories.has(entry.name)) {
+                    skippedPaths.push(relativePath);
+                    continue;
+                }
+                await visit(absolutePath);
+                continue;
+            }
+            if (!entry.isFile()) {
+                continue;
+            }
+            if (ignoredDiscoveryFilenames.has(entry.name) ||
+                entry.name.startsWith(".env.") ||
+                isTestSourceFile(entry.name) ||
+                !readableDiscoveryExtensions.has(extname(entry.name))) {
+                if (entry.name.startsWith(".env") || ignoredDiscoveryFilenames.has(entry.name)) {
+                    skippedPaths.push(relativePath);
+                }
+                continue;
+            }
+            const fileStat = await stat(absolutePath);
+            if (fileStat.size > 256 * 1024) {
+                skippedPaths.push(relativePath);
+                continue;
+            }
+            files.push(absolutePath);
+        }
+    }
+    await visit(rootPath);
+    return { files, skippedPaths };
+}
+async function readSafeSourceText(files) {
+    const chunks = [];
+    for (const file of files) {
+        chunks.push(await readFile(file, "utf8"));
+    }
+    return chunks.join("\n");
+}
+function inferProviders(input) {
+    const packageNames = new Set([
+        ...Object.keys(input.packageJson?.dependencies ?? {}),
+        ...Object.keys(input.packageJson?.devDependencies ?? {}),
+    ]);
+    const filenames = new Set(input.filePaths.map((file) => basename(file)));
+    const providers = [];
+    const add = (name, kind, role) => {
+        if (!providers.some((provider) => provider.name === name)) {
+            providers.push({ id: slugify(name), name, kind, role, status: "known" });
+        }
+    };
+    if (packageNames.has("@supabase/supabase-js") || input.sourceText.includes("supabase")) {
+        add("Supabase", "backend", "database and auth");
+    }
+    if (packageNames.has("@netlify/functions") || filenames.has("netlify.toml")) {
+        add("Netlify", "deployment", "frontend hosting");
+    }
+    if (packageNames.has("vercel") || filenames.has("vercel.json")) {
+        add("Vercel", "deployment", "frontend hosting");
+    }
+    if (packageNames.has("stripe")) {
+        add("Stripe", "other", "payments");
+    }
+    if (packageNames.has("openai")) {
+        add("OpenAI", "other", "AI API");
+    }
+    if (packageNames.has("@anthropic-ai/sdk")) {
+        add("Anthropic", "other", "AI API");
+    }
+    if (packageNames.has("resend")) {
+        add("Resend", "other", "email");
+    }
+    if (Array.from(packageNames).some((name) => name.startsWith("@clerk/"))) {
+        add("Clerk", "other", "auth");
+    }
+    if (filenames.has("wrangler.toml")) {
+        add("Cloudflare", "deployment", "edge hosting");
+    }
+    return providers;
+}
+function inferEnvironmentAliases(sourceText) {
+    const aliases = new Set();
+    const patterns = [
+        /process\.env\.([A-Z][A-Z0-9_]*)/g,
+        /process\.env\[['"]([A-Z][A-Z0-9_]*)['"]\]/g,
+        /import\.meta\.env\.([A-Z][A-Z0-9_]*)/g,
+    ];
+    for (const pattern of patterns) {
+        for (const match of sourceText.matchAll(pattern)) {
+            const alias = match[1];
+            if (!ignoredEnvironmentAliases.has(alias) && !alias.startsWith("APPFLEET_")) {
+                aliases.add(alias);
+            }
+        }
+    }
+    return Array.from(aliases)
+        .sort()
+        .map((alias) => ({
+        name: alias,
+        purpose: purposeFromAlias(alias),
+        required: true,
+        valueStored: false,
+    }));
+}
+function purposeFromAlias(alias) {
+    if (alias.includes("SUPABASE")) {
+        return "Discovered Supabase environment alias";
+    }
+    if (alias.includes("STRIPE")) {
+        return "Discovered Stripe environment alias";
+    }
+    if (alias.includes("OPENAI")) {
+        return "Discovered OpenAI environment alias";
+    }
+    if (alias.includes("ANTHROPIC")) {
+        return "Discovered Anthropic environment alias";
+    }
+    if (alias.includes("NETLIFY")) {
+        return "Discovered Netlify environment alias";
+    }
+    if (alias.includes("VERCEL")) {
+        return "Discovered Vercel environment alias";
+    }
+    return "Discovered environment variable alias";
+}
+function detectPackageManager(files) {
+    const filenames = new Set(files.map((file) => basename(file)));
+    if (filenames.has("pnpm-lock.yaml")) {
+        return "pnpm";
+    }
+    if (filenames.has("yarn.lock")) {
+        return "yarn";
+    }
+    if (filenames.has("package-lock.json")) {
+        return "npm";
+    }
+    if (filenames.has("bun.lockb")) {
+        return "bun";
+    }
+    return undefined;
+}
+function isTestSourceFile(filename) {
+    return (filename.includes(".test.") ||
+        filename.includes(".spec.") ||
+        filename.endsWith("test.ts") ||
+        filename.endsWith("test.js"));
+}
+function repoUrlFromPackage(packageJson) {
+    const repository = packageJson?.repository;
+    if (!repository) {
+        return undefined;
+    }
+    if (typeof repository === "string") {
+        return repository;
+    }
+    return repository.url;
+}
+function safeUrl(value) {
+    if (typeof value !== "string" || !value) {
+        return undefined;
+    }
+    try {
+        const parsed = new URL(value);
+        return parsed.protocol === "http:" || parsed.protocol === "https:"
+            ? parsed.toString()
+            : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function titleFromSlug(value) {
+    return value
+        .split(/[-_]/)
+        .filter(Boolean)
+        .map((part) => `${part.charAt(0).toUpperCase()}${part.slice(1)}`)
+        .join(" ");
+}
+function providerMemoryFromInput(input) {
+    const [name, kindInput, ...roleParts] = input.split(":");
+    const kind = parseProviderKind(kindInput);
+    const role = roleParts.join(":").trim() || "manually recorded provider";
+    return {
+        id: slugify(name),
+        name: name.trim(),
+        kind,
+        role,
+        status: "known",
+    };
+}
+function parseProviderKind(value) {
+    if (value === "deployment" ||
+        value === "backend" ||
+        value === "domain" ||
+        value === "other") {
+        return value;
+    }
+    return "other";
+}
+function envAliasFromInput(input) {
+    const [name, ...purposeParts] = input.split(":");
+    const purpose = purposeParts.join(":").trim() ||
+        "Manually recorded environment variable alias";
+    return {
+        name: name.trim(),
+        purpose,
+        required: true,
+        valueStored: false,
+    };
+}
+function envAliasNameFromInput(input) {
+    return input.split(":")[0].trim();
+}
+function formatMemorySaved(memory) {
+    return ([
+        `AppFleet project memory saved: ${memory.name}`,
+        `canonicalUrl=${memory.canonicalUrl}`,
+        `rememberedUrls=${memory.rememberedUrls.join(", ") || "none"}`,
+        `repo=${memory.identity.repoUrl ?? "unknown"}`,
+        `gitRemoteFingerprint=${memory.identity.gitRemoteFingerprint ?? "unknown"}`,
+        `providers=${memory.providers.map((provider) => provider.name).join(", ")}`,
+        `envAliases=${memory.environmentAliases.map((alias) => alias.name).join(", ")}`,
+        "cloudSync=contract_scaffold",
+    ].join("\n") + "\n");
+}
+function createRememberResult(memory) {
+    return {
+        type: "project_remember_result",
+        version: 1,
+        project: {
+            id: memory.id,
+            name: memory.name,
+            canonicalUrl: memory.canonicalUrl,
+            rememberedUrls: memory.rememberedUrls,
+            repoUrl: memory.identity.repoUrl,
+            gitRemoteFingerprint: memory.identity.gitRemoteFingerprint,
+        },
+        providers: memory.providers.map((provider) => ({
+            id: provider.id,
+            name: provider.name,
+            kind: provider.kind,
+            role: provider.role,
+            status: provider.status,
+        })),
+        environmentAliases: memory.environmentAliases.map((alias) => ({
+            name: alias.name,
+            purpose: alias.purpose,
+            required: alias.required,
+        })),
+        productionCloudPersistenceImplemented: false,
+        nextActions: createStatusNextActions(memory),
+    };
+}
+function createProjectEnvResult(memory) {
+    return {
+        type: "project_environment_result",
+        version: 1,
+        project: {
+            id: memory.id,
+            name: memory.name,
+        },
+        environments: memory.environments,
+        environmentAliases: memory.environmentAliases.map((alias) => ({
+            name: alias.name,
+            purpose: alias.purpose,
+            required: alias.required,
+        })),
+        productionCloudPersistenceImplemented: false,
+    };
+}
+function formatProjectEnvResult(result) {
+    return ([
+        `AppFleet project environments: ${result.project.name}`,
+        `environments=${result.environments.join(", ") || "none"}`,
+        `envAliases=${result.environmentAliases.map((alias) => alias.name).join(", ") || "none"}`,
+        `productionCloudPersistence=${result.productionCloudPersistenceImplemented}`,
+    ].join("\n") + "\n");
+}
+function formatDemoFleetSaved(memories) {
+    return ([
+        "AppFleet demo fleet saved.",
+        `projectCount=${memories.length}`,
+        `projectIds=${memories.map((memory) => memory.id).join(", ")}`,
+        "doctorReports=persisted_safe_mock_findings",
+        "cloudSync=contract_scaffold",
+    ].join("\n") + "\n");
+}
+function formatProjectBrief(memory) {
+    const latest = memory.latestCheck;
+    const lines = [
+        `AppFleet project brief: ${memory.name}`,
+        `repo=${memory.identity.repoUrl ?? "unknown"}`,
+        `gitRemoteFingerprint=${memory.identity.gitRemoteFingerprint ?? "unknown"}`,
+        `canonicalUrl=${memory.canonicalUrl}`,
+        `rememberedUrls=${memory.rememberedUrls.join(", ") || "none"}`,
+        `providers=${memory.providers.map((provider) => provider.name).join(", ") || "none"}`,
+        `envAliases=${memory.environmentAliases.map((alias) => alias.name).join(", ") || "none"}`,
+        `latestStatus=${latest?.status ?? "unknown"}`,
+        `supabaseHealth=unknown`,
+        "troubleshootingNotes:",
+        ...memory.troubleshootingNotes.map((note) => `- ${note}`),
+        "nextPlaceToLook:",
+        ...memory.nextPlaceToLook.map((next) => `- ${next}`),
+    ];
+    return `${lines.join("\n")}\n`;
+}
+function createProjectBriefDocument(memory) {
+    return {
+        type: "project_memory_brief",
+        version: 1,
+        project: {
+            id: memory.id,
+            name: memory.name,
+            repoUrl: memory.identity.repoUrl,
+            gitRemoteFingerprint: memory.identity.gitRemoteFingerprint,
+            canonicalUrl: memory.canonicalUrl,
+            rememberedUrls: memory.rememberedUrls,
+        },
+        providers: memory.providers.map((provider) => ({
+            id: provider.id,
+            name: provider.name,
+            kind: provider.kind,
+            role: provider.role,
+            status: provider.status,
+        })),
+        environmentAliases: memory.environmentAliases,
+        latestStatus: memory.latestCheck?.status ?? "unknown",
+        supabaseHealth: "unknown",
+        cloudSyncStatus: memory.cloudSync.lastSyncedAt
+            ? "synced"
+            : "contract_scaffold",
+        troubleshootingNotes: memory.troubleshootingNotes,
+        nextPlaceToLook: memory.nextPlaceToLook,
+    };
+}
+function createStatusNextActions(memory) {
+    const nextActions = [
+        memory.latestCheck
+            ? "Run projects doctor when the stored status needs investigation."
+            : "Run projects doctor to perform safe URL and metadata checks.",
+        "Use secrets inject for commands that need environment values.",
+    ];
+    return [...nextActions, ...memory.nextPlaceToLook];
+}
+function createDashboardGuide(input) {
+    const nextActions = input.memories.length === 0
+        ? [
+            "Run projects seed-demo-fleet to load safe mock projects.",
+            "Run projects remember <project> --url <url> to record public recovery facts.",
+            "Run pnpm --filter @appfleet/web dev, then open http://localhost:3000.",
+        ]
+        : [
+            "Run pnpm --filter @appfleet/web dev, then open http://localhost:3000.",
+            "Run projects status for the daily recovery summary.",
+            "Run projects doctor to refresh safe stored dashboard findings.",
+        ];
+    return {
+        type: "project_dashboard_guide",
+        version: 1,
+        localDashboardUrl: "http://localhost:3000",
+        devCommand: "pnpm --filter @appfleet/web dev",
+        storePath: input.storePath,
+        memoryStoreExists: input.memories.length > 0,
+        projectCount: input.memories.length,
+        selectedProject: input.selectedMemory
+            ? {
+                id: input.selectedMemory.id,
+                name: input.selectedMemory.name,
+                gitRemoteFingerprint: input.selectedMemory.identity.gitRemoteFingerprint,
+                latestDoctorCheckedAt: input.selectedMemory.latestDoctorReport?.checkedAt,
+            }
+            : undefined,
+        productionCloudPersistenceImplemented: false,
+        trustBoundary: [
+            "Dashboard reads local project memory only.",
+            "Dashboard does not read .env files or print environment values.",
+            "Dashboard does not call provider APIs or claim hosted AppFleet Cloud persistence.",
+        ],
+        nextActions,
+    };
+}
+async function createDoctorReport(input) {
+    const findings = [];
+    findings.push(createFinding("project_memory_present", "ok", "project_memory", "Project memory found", `AppFleet resolved project memory for ${input.memory.name}.`));
+    if (!input.memory.identity.gitRemoteFingerprint) {
+        findings.push(createFinding("git_remote_not_recorded", "warning", "git_remote", "Git remote fingerprint not recorded", "Record the repo fingerprint with projects remember so future recovery can auto-resolve this project.", undefined, "Run projects remember with the current repository remote."));
+    }
+    else if (input.currentGitRemoteFingerprint &&
+        input.currentGitRemoteFingerprint === input.memory.identity.gitRemoteFingerprint) {
+        findings.push(createFinding("git_remote_matches", "ok", "git_remote", "Git remote matches project memory", "The current repository remote matches this project memory.", input.memory.identity.gitRemoteFingerprint));
+    }
+    else if (input.currentGitRemoteFingerprint) {
+        findings.push(createFinding("git_remote_mismatch", "warning", "git_remote", "Git remote differs from project memory", "The current repository remote does not match the stored project fingerprint.", input.memory.identity.gitRemoteFingerprint, "Choose the project explicitly or update project memory if this repo moved."));
+    }
+    else {
+        findings.push(createFinding("git_remote_unknown", "unknown", "git_remote", "Current git remote unknown", "AppFleet could not detect a current origin remote.", undefined, "Run from inside a git repo or pass a project id explicitly."));
+    }
+    const canonicalCheck = normalizeStatusCheck(await input.checkUrl(input.memory.canonicalUrl));
+    findings.push(findingFromStatusCheck("canonical_url", canonicalCheck));
+    const canonicalTlsFinding = findingFromTlsExpiry("canonical_url", canonicalCheck);
+    if (canonicalTlsFinding) {
+        findings.push(canonicalTlsFinding);
+    }
+    const rememberedChecks = await Promise.all(input.memory.rememberedUrls.map(async (url) => normalizeStatusCheck(await input.checkUrl(url))));
+    for (const rememberedCheck of rememberedChecks) {
+        findings.push(findingFromStatusCheck("remembered_url", rememberedCheck));
+        const rememberedTlsFinding = findingFromTlsExpiry("remembered_url", rememberedCheck);
+        if (rememberedTlsFinding) {
+            findings.push(rememberedTlsFinding);
+        }
+    }
+    if (input.memory.environmentAliases.length === 0) {
+        findings.push(createFinding("env_aliases_missing", "warning", "environment_alias", "No environment aliases recorded", "AppFleet has no env alias names for this project.", undefined, "Record alias names with projects remember; do not store values in project memory."));
+    }
+    else {
+        findings.push(createFinding("env_aliases_recorded", "ok", "environment_alias", "Environment aliases recorded", `${input.memory.environmentAliases.length} alias name(s) are recorded without values.`));
+    }
+    for (const provider of input.memory.providers) {
+        if (provider.kind === "backend" || provider.status === "unknown") {
+            findings.push(createFinding(`provider_${provider.id}_unknown`, "unknown", "provider_health", `${provider.name} health unknown`, "Provider health is unknown because AppFleet does not call provider APIs, read .env files, or infer provider failures in this safe check.", provider.kind, "Check provider status outside AppFleet without exposing credentials."));
+        }
+    }
+    findings.push(createFinding("cloud_sync_scaffold", input.memory.cloudSync.lastSyncedAt ? "ok" : "unknown", "cloud_sync", input.memory.cloudSync.lastSyncedAt
+        ? "Cloud sync timestamp recorded"
+        : "Cloud sync is scaffold-only", input.memory.cloudSync.lastSyncedAt
+        ? `Last synced at ${input.memory.cloudSync.lastSyncedAt}.`
+        : "Production AppFleet Cloud persistence is not implemented in this slice.", undefined, "Use projects sync --json to inspect the cloud-safe contract."));
+    const report = createProjectDoctorReport({
+        memory: { ...input.memory, latestCheck: canonicalCheck },
+        checkedAt: input.checkedAt,
+        latestCheck: canonicalCheck,
+        findings,
+        nextActions: [
+            "Fix misconfigured URL findings first.",
+            "Use projects check to refresh the stored canonical status.",
+            "Use secrets inject for commands that need environment values.",
+        ],
+    });
+    return { report, latestCheck: canonicalCheck };
+}
+function findingFromStatusCheck(prefix, check) {
+    const severity = severityFromStatus(check.status);
+    return createFinding(`${prefix}_${slugify(check.url)}`, severity, "http_status", `${prefix === "canonical_url" ? "Canonical URL" : "Remembered URL"} is ${check.status}`, check.message ?? `HTTP status is ${check.status}.`, [
+        `${check.url} status=${check.status}`,
+        `failureCategory=${check.failureCategory ?? "none"}`,
+        `checkedAt=${check.checkedAt}`,
+        `responseTimeMs=${check.responseTimeMs ?? "unknown"}`,
+        `tlsCertificateExpiresAt=${check.tlsCertificateExpiresAt ?? "unknown"}`,
+        `tlsCertificateDaysRemaining=${check.tlsCertificateDaysRemaining ?? "unknown"}`,
+    ].join(" "), severity === "ok"
+        ? undefined
+        : prefix === "canonical_url"
+            ? "Fix the canonical project URL before debugging provider state."
+            : "Prefer the canonical URL when remembered URLs are stale or misconfigured.");
+}
+function findingFromTlsExpiry(prefix, check) {
+    if (check.tlsCertificateExpiresAt === undefined ||
+        check.tlsCertificateDaysRemaining === undefined) {
+        return undefined;
+    }
+    if (check.tlsCertificateDaysRemaining > 30) {
+        return createFinding(`${prefix}_tls_certificate_valid_${slugify(check.url)}`, "ok", "http_status", `${prefix === "canonical_url" ? "Canonical URL" : "Remembered URL"} TLS certificate is current`, `TLS certificate expires in ${check.tlsCertificateDaysRemaining} day(s).`, `${check.url} tlsCertificateExpiresAt=${check.tlsCertificateExpiresAt} tlsCertificateDaysRemaining=${check.tlsCertificateDaysRemaining}`);
+    }
+    const expired = check.tlsCertificateDaysRemaining < 0;
+    return createFinding(`${prefix}_tls_certificate_${expired ? "expired" : "expiring"}_${slugify(check.url)}`, expired ? "misconfigured" : "warning", "http_status", `${prefix === "canonical_url" ? "Canonical URL" : "Remembered URL"} TLS certificate ${expired ? "expired" : "expires soon"}`, expired
+        ? "TLS certificate has passed its public expiry date."
+        : `TLS certificate expires in ${check.tlsCertificateDaysRemaining} day(s).`, `${check.url} tlsCertificateExpiresAt=${check.tlsCertificateExpiresAt} tlsCertificateDaysRemaining=${check.tlsCertificateDaysRemaining}`, "Renew the public TLS certificate before debugging provider state.");
+}
+function severityFromStatus(status) {
+    switch (status) {
+        case "up":
+            return "ok";
+        case "misconfigured":
+            return "misconfigured";
+        case "down":
+            return "warning";
+        case "unknown":
+            return "unknown";
+    }
+}
+function createFinding(id, severity, category, title, message, evidence, nextAction) {
+    return {
+        id,
+        severity,
+        category,
+        title,
+        message,
+        evidence,
+        nextAction,
+    };
+}
+function normalizeStatusCheck(check) {
+    const responseTimeMs = check.responseTimeMs ?? check.latencyMs;
+    return {
+        ...check,
+        latencyMs: check.latencyMs ?? responseTimeMs,
+        responseTimeMs,
+    };
+}
+function formatCheckResult(memory, latestCheck, rememberedChecks) {
+    const lines = [
+        `AppFleet project check: ${memory.name}`,
+        `canonicalUrl=${latestCheck.url}`,
+        `status=${latestCheck.status}`,
+        `checkedAt=${latestCheck.checkedAt}`,
+        `responseTimeMs=${latestCheck.responseTimeMs ?? "unknown"}`,
+        `httpStatusCode=${latestCheck.httpStatusCode ?? "unknown"}`,
+        `failureCategory=${latestCheck.failureCategory ?? "none"}`,
+        `tlsCertificateExpiresAt=${latestCheck.tlsCertificateExpiresAt ?? "unknown"}`,
+        `tlsCertificateDaysRemaining=${latestCheck.tlsCertificateDaysRemaining ?? "unknown"}`,
+        `message=${latestCheck.message ?? ""}`,
+    ];
+    for (const remembered of rememberedChecks) {
+        lines.push(`rememberedUrl=${remembered.url} status=${remembered.status} checkedAt=${remembered.checkedAt} responseTimeMs=${remembered.responseTimeMs ?? "unknown"} failureCategory=${remembered.failureCategory ?? "none"} tlsCertificateExpiresAt=${remembered.tlsCertificateExpiresAt ?? "unknown"} tlsCertificateDaysRemaining=${remembered.tlsCertificateDaysRemaining ?? "unknown"}`);
+    }
+    lines.push("nextPlaceToLook:");
+    for (const next of memory.nextPlaceToLook) {
+        lines.push(`- ${next}`);
+    }
+    return `${lines.join("\n")}\n`;
+}
+function formatProjectStatus(summary) {
+    const lines = [
+        `AppFleet project status: ${summary.name}`,
+        `repo=${summary.repoUrl ?? "unknown"}`,
+        `gitRemoteFingerprint=${summary.gitRemoteFingerprint ?? "unknown"}`,
+        `canonicalUrl=${summary.canonicalUrl}`,
+        `rememberedUrls=${summary.rememberedUrls.join(", ") || "none"}`,
+        `latestStatus=${summary.latestStatus}`,
+        `lastCheckedAt=${summary.lastCheckedAt ?? "unknown"}`,
+        `responseTimeMs=${summary.responseTimeMs ?? "unknown"}`,
+        `cloudSync=${summary.cloudSyncStatus}`,
+        `productionCloudPersistence=${summary.productionCloudPersistenceImplemented}`,
+        `providers=${summary.providers.map((provider) => provider.name).join(", ") || "none"}`,
+        `envAliases=${summary.environmentAliases.map((alias) => alias.name).join(", ") || "none"}`,
+        "unknownHealthExplanations:",
+        ...summary.unknownHealthExplanations.map((explanation) => `- ${explanation}`),
+        "nextActions:",
+        ...summary.nextActions.map((action) => `- ${action}`),
+    ];
+    return `${lines.join("\n")}\n`;
+}
+function formatProjectDoctor(report) {
+    const lines = [
+        `AppFleet project doctor: ${report.name}`,
+        `checkedAt=${report.checkedAt}`,
+        `gitRemoteFingerprint=${report.gitRemoteFingerprint ?? "unknown"}`,
+        `latestStatus=${report.latestCheck?.status ?? "unknown"}`,
+        `lastCheckedAt=${report.latestCheck?.checkedAt ?? "unknown"}`,
+        `responseTimeMs=${report.latestCheck?.responseTimeMs ?? "unknown"}`,
+        `productionCloudPersistence=${report.productionCloudPersistenceImplemented}`,
+        "unknownHealthExplanations:",
+        ...report.unknownHealthExplanations.map((explanation) => `- ${explanation}`),
+        "findings:",
+        ...report.findings.map((finding) => `- ${finding.severity} ${finding.category}: ${finding.title} (${finding.message})`),
+        "nextActions:",
+        ...report.nextActions.map((action) => `- ${action}`),
+    ];
+    return `${lines.join("\n")}\n`;
+}
+function formatProjectDiscovery(report) {
+    const lines = [
+        "AppFleet project discovery",
+        `rootPath=${report.rootPath}`,
+        `projectId=${report.project.id}`,
+        `name=${report.project.name}`,
+        `canonicalUrl=${report.project.canonicalUrl ?? "unknown"}`,
+        `repo=${report.project.repoUrl ?? "unknown"}`,
+        `gitRemoteFingerprint=${report.project.gitRemoteFingerprint ?? "unknown"}`,
+        `packageManager=${report.packageManager ?? "unknown"}`,
+        `providers=${report.providers.map((provider) => provider.name).join(", ") || "none"}`,
+        `envAliases=${report.environmentAliases.map((alias) => alias.name).join(", ") || "none"}`,
+        `filesScanned=${report.filesScanned}`,
+        `skippedPaths=${report.skippedPaths.join(", ") || "none"}`,
+        `remembered=${report.remembered}`,
+        `productionCloudPersistence=${report.productionCloudPersistenceImplemented}`,
+        "trustBoundary:",
+        ...report.trustBoundary.map((item) => `- ${item}`),
+        "nextActions:",
+        ...report.nextActions.map((action) => `- ${action}`),
+    ];
+    return `${lines.join("\n")}\n`;
+}
+function formatDashboardGuide(guide) {
+    const lines = [
+        "AppFleet local dashboard",
+        `url=${guide.localDashboardUrl}`,
+        `devCommand=${guide.devCommand}`,
+        `storePath=${guide.storePath}`,
+        `memoryStoreExists=${guide.memoryStoreExists}`,
+        `projectCount=${guide.projectCount}`,
+        `productionCloudPersistence=${guide.productionCloudPersistenceImplemented}`,
+    ];
+    if (guide.selectedProject) {
+        lines.push(`selectedProject=${guide.selectedProject.name}`, `gitRemoteFingerprint=${guide.selectedProject.gitRemoteFingerprint ?? "unknown"}`, `latestDoctorCheckedAt=${guide.selectedProject.latestDoctorCheckedAt ?? "unknown"}`);
+    }
+    lines.push("trustBoundary:", ...guide.trustBoundary.map((item) => `- ${item}`), "nextActions:", ...guide.nextActions.map((action) => `- ${action}`));
+    return `${lines.join("\n")}\n`;
+}
+function formatSyncScaffold(syncRequest) {
+    return ([
+        "AppFleet sync scaffold: project memory envelopes prepared.",
+        "productionCloudPersistence=false",
+        `envelopeCount=${syncRequest.envelopes.length}`,
+        `projectIds=${syncRequest.envelopes.map((envelope) => envelope.projectId).join(", ")}`,
+    ].join("\n") + "\n");
+}
+function formatJson(value) {
+    return `${JSON.stringify(value, null, 2)}\n`;
+}
+function readFlag(argv, flag) {
+    const index = argv.indexOf(flag);
+    if (index === -1) {
+        return undefined;
+    }
+    return argv[index + 1];
+}
+function readRepeatedFlag(argv, flag) {
+    const values = [];
+    for (let index = 0; index < argv.length; index += 1) {
+        if (argv[index] === flag && argv[index + 1]) {
+            values.push(argv[index + 1]);
+        }
+    }
+    return values;
+}
+function readOptionalPositional(argv, startIndex) {
+    const flagsWithValues = new Set([
+        "--env-alias",
+        "--git-remote-fingerprint",
+        "--name",
+        "--note",
+        "--path",
+        "--project",
+        "--provider",
+        "--remembered-url",
+        "--repo",
+        "--url",
+        "--workspace",
+    ]);
+    for (let index = startIndex; index < argv.length; index += 1) {
+        const argument = argv[index];
+        if (flagsWithValues.has(argument)) {
+            index += 1;
+            continue;
+        }
+        if (!argument.startsWith("--")) {
+            return argument;
+        }
+    }
+    return undefined;
+}
+function hasFlag(argv, flag) {
+    return argv.includes(flag);
+}
+function slugify(value) {
+    return (value
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, "-")
+        .replace(/^-|-$/g, "") || randomUUID());
+}
+function normalizeRepositoryFingerprint(hostname, pathname) {
+    const normalizedPath = pathname
+        .replace(/^\/+/, "")
+        .replace(/\.git$/i, "")
+        .replace(/\/+$/, "");
+    return `${hostname.toLowerCase()}/${normalizedPath}`;
+}
+function defaultProjectMemoryStorePath(cwd) {
+    const packageParent = basename(dirname(cwd));
+    const packageName = basename(cwd);
+    if (packageParent === "apps" && packageName === "cli") {
+        return resolve(cwd, "..", "..", ".appfleet", "project-memory.json");
+    }
+    return resolve(cwd, ".appfleet", "project-memory.json");
+}
+function errorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+if (import.meta.url === `file://${process.argv[1]}`) {
+    const result = await runProjectMemoryCommand(process.argv.slice(2), {
+        storePath: process.env.APPFLEET_PROJECT_MEMORY_STORE_PATH,
+        currentGitRemoteFingerprint: process.env.APPFLEET_GIT_REMOTE_FINGERPRINT,
+    });
+    process.stdout.write(result.stdout);
+    process.stderr.write(result.stderr);
+    process.exitCode = result.exitCode;
+}