@bli-cockpit/cli 0.1.0 → 0.1.1

package/README.md

@@ -2,25 +2,81 @@
 
 Public BLI Cockpit command-line interface for approved operators and interns.
 
-The CLI pairs a local laptop with the private Cockpit dashboard, records safe
-metadata-only work context, and uploads that metadata after dashboard-approved
+The npm package is public; the Cockpit backend and admin tooling are not. The
+CLI pairs a local laptop with the private Cockpit dashboard, records safe
+work context, uploads consented raw Codex/diff evidence to private
+durable private storage, and uploads metadata refs after dashboard-approved
 device pairing.
 
+## One-paste install
+
+Run this from the repo where work will happen:
+
 ```bash
-npm exec --yes --package=@bli-cockpit/cli -- cockpit onboard \
-  --dashboard-url <dashboard-url> \
-  --email <approved-email> \
-  --device-name "<device-name>" \
+COCKPIT_DEVICE_NAME="$(scutil --get ComputerName 2>/dev/null || hostname -s)"
+npm exec --yes --package=@bli-cockpit/cli@latest -- cockpit onboard \
+  --dashboard-url <DASHBOARD_URL> \
+  --email <APPROVED_EMAIL> \
+  --device-name "$COCKPIT_DEVICE_NAME" \
   --repo "$PWD"
 ```
 
+What happens:
+
+1. npm downloads the public `@bli-cockpit/cli` package.
+2. `cockpit onboard` writes local user config.
+3. Cockpit prints a dashboard pairing URL and code.
+4. An Admin approves that exact code.
+5. The CLI starts general ambient capture, uploads private raw evidence objects
+   when present, then uploads one safe metadata/ref envelope.
+6. The CLI prints `PASS: Cockpit collector is ready for harvest.`
+
+`--device-name` is just a readable label in Cockpit. It can be
+`"Savina MacBook"`, `"Box VM 42"`, or the auto-filled macOS computer name.
+
+Before the command runs, an Admin must create or approve the email in the
+private dashboard. Default launch path is email + temporary password, handed
+over out of band. Magic link remains available as fallback.
+
 When ticket work starts later:
 
 ```bash
-npm exec --yes --package=@bli-cockpit/cli -- cockpit start \
+npm exec --yes --package=@bli-cockpit/cli@latest -- cockpit start \
   --ticket <ticket-id> \
   --repo "$PWD"
+
+npm exec --yes --package=@bli-cockpit/cli@latest -- cockpit sync \
+  --dashboard-url <DASHBOARD_URL> \
+  --repo "$PWD" \
+  --json
 ```
 
+No ticket is required for setup, chatting, planning, or general ambient capture.
+Only pass `--ticket` when the work really belongs to a visible ticket.
+
+## What gets saved
+
+Local files:
+
+- `~/.config/bli-cockpit/config.json`: dashboard URL and local install config.
+- `~/.config/bli-cockpit/session.json`: normal paired device session.
+- `~/.local/state/bli-cockpit/spool/`: safe retry records when upload fails.
+- `.codex-autorunner/contextspace/active_context.md` in the work repo when a
+  work context is active.
+
+Remote dashboard:
+
+- approved user and device identity;
+- repo, branch, optional ticket, source availability, risk flags, and upload
+  timestamps;
+- raw evidence refs accepted by `/api/ambient/ingest`;
+- durable private Storage objects accepted by
+  `/api/ambient/evidence/upload`.
+
+Never provide Supabase service-role keys, raw DB URLs, root env files, cookies,
+or deployment tokens to this CLI. The collector must never read env files.
+
+## Public package boundary
+
 This public package intentionally excludes Cockpit admin bootstrap commands,
 service-role credential handling, source maps, tests, and internal runbooks.

package/dist/adapters/local-sources.js

@@ -1,6 +1,7 @@
 import { collectCarState } from "./car-state.js";
 import { makeUnavailableScan, } from "./common.js";
 import { collectGitState } from "./git-state.js";
+import { collectRawEvidencePack, } from "./raw-evidence.js";
 import { generateDumbRiskFlags } from "./risk-flags.js";
 import { resolveTicketBinding, } from "./ticket-binding.js";
 export async function runLocalSourceCollectors(options) {
@@ -14,8 +15,17 @@ export async function runLocalSourceCollectors(options) {
     };
     const git = await collectGitState(context);
     const car = await collectCarState(context);
+    const rawEvidence = options.rawEvidenceStateDir
+        ? await collectRawEvidencePack(context, {
+            stateDir: options.rawEvidenceStateDir,
+            repoRoot: options.repoRoot,
+            sessionsDir: options.rawEvidenceSessionsDir,
+        })
+        : {
+            scan: makeUnavailableScan(context, "codex_jsonl", "codex-jsonl", "raw_evidence_state_dir_not_configured"),
+            facts: null,
+        };
     const unavailableScans = [
-        makeUnavailableScan(context, "codex_jsonl", "codex-jsonl", "codex_session_file_not_configured"),
         makeUnavailableScan(context, "codex_otel", "codex-otel", "codex_otel_export_not_configured"),
         makeUnavailableScan(context, "github_state", "github-state", "github_auth_not_configured"),
         makeUnavailableScan(context, "linear_state", "linear-state", "linear_auth_not_configured"),
@@ -25,6 +35,7 @@ export async function runLocalSourceCollectors(options) {
     const candidates = collectBindingCandidates([
         git.scan,
         car.scan,
+        rawEvidence.scan,
         ...unavailableScans,
     ]);
     const binding = resolveTicketBinding({
@@ -33,16 +44,20 @@ export async function runLocalSourceCollectors(options) {
     });
     const gitFacts = isGitStateFacts(git.facts) ? git.facts : null;
     const carFacts = isCarStateFacts(car.facts) ? car.facts : null;
+    const rawEvidenceFacts = isRawEvidenceFacts(rawEvidence.facts)
+        ? rawEvidence.facts
+        : null;
     const riskFlags = generateDumbRiskFlags({
         context,
         git: gitFacts,
         binding,
     });
     return {
-        scans: [git.scan, car.scan, ...unavailableScans],
+        scans: [git.scan, car.scan, rawEvidence.scan, ...unavailableScans],
         facts: {
             git: gitFacts,
             car: carFacts,
+            raw_evidence: rawEvidenceFacts,
         },
         binding,
         risk_flags: riskFlags,
@@ -56,4 +71,7 @@ function isGitStateFacts(value) {
 }
 function isCarStateFacts(value) {
     return Boolean(value && typeof value === "object" && "present" in value);
+}
+function isRawEvidenceFacts(value) {
+    return Boolean(value && typeof value === "object" && "pack_id" in value);
 }

package/dist/adapters/raw-evidence.js

@@ -0,0 +1,395 @@
+import { SourceScanResultSchema, containsSecretLikeContent, } from "@bli-cockpit/telemetry-core";
+import { execFile } from "node:child_process";
+import crypto from "node:crypto";
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { promisify } from "node:util";
+import { makeSourceAdapterIdentity, } from "./common.js";
+const execFileAsync = promisify(execFile);
+const DEFAULT_SINCE_MINUTES = 24 * 60;
+const DEFAULT_SESSION_LIMIT = 50;
+const MAX_GIT_DIFF_BYTES = 2 * 1024 * 1024;
+export const RAW_EVIDENCE_BUCKET = "ambient-raw-evidence";
+export const RAW_EVIDENCE_RETENTION_MODE = "remote_durable";
+const SECRET_FILE_SEGMENT_PATTERN = /(^|[/\\])(?:\.env(?:\..*)?|.*(?:secret|credential|private[_-]?key|service[_-]?role).*)$/i;
+export async function collectRawEvidencePack(context, options) {
+    const startedAt = context.now.toISOString();
+    const packId = rawEvidencePackId(context);
+    const evidenceDir = path.join(options.stateDir, "raw-evidence", packId);
+    const filesDir = path.join(evidenceDir, "files");
+    const entries = [];
+    const skipped = [];
+    try {
+        await ensurePrivateDir(evidenceDir);
+        await ensurePrivateDir(filesDir);
+        await collectCodexJsonlFiles({
+            context,
+            filesDir,
+            packId,
+            entries,
+            skipped,
+            sessionsDir: options.sessionsDir,
+            sinceMinutes: options.sinceMinutes ?? DEFAULT_SINCE_MINUTES,
+            limit: options.sessionLimit ?? DEFAULT_SESSION_LIMIT,
+        });
+        await collectGitDiffFiles({
+            context,
+            filesDir,
+            packId,
+            repoRoot: options.repoRoot,
+            entries,
+            skipped,
+        });
+        if (entries.length === 0) {
+            const facts = {
+                pack_id: packId,
+                manifest_path: path.join(evidenceDir, "manifest.json"),
+                evidence_dir: evidenceDir,
+                storage_bucket: RAW_EVIDENCE_BUCKET,
+                file_count: 0,
+                byte_size: 0,
+                skipped_count: skipped.length,
+                content_kinds: [],
+                pointers: [],
+                upload_files: [],
+            };
+            return {
+                facts,
+                scan: makeRawEvidenceScan({
+                    context,
+                    startedAt,
+                    status: "partial",
+                    facts,
+                }),
+            };
+        }
+        const manifestWithoutSelf = makeManifest({
+            context,
+            packId,
+            evidenceDir,
+            entries,
+            skipped,
+        });
+        const manifestPath = path.join(evidenceDir, "manifest.json");
+        const manifestBytes = Buffer.from(`${JSON.stringify(manifestWithoutSelf, null, 2)}\n`, "utf8");
+        await fs.writeFile(manifestPath, manifestBytes, { mode: 0o600 });
+        await chmodPrivate(manifestPath, 0o600);
+        const manifestEntry = evidenceEntry({
+            kind: "manifest",
+            packId,
+            operatorId: context.operatorId,
+            workContextId: context.workContextId,
+            localPath: manifestPath,
+            relativePath: "manifest.json",
+            mediaType: "application/json",
+            redactedSummary: "Local raw evidence pack manifest.",
+            bytes: manifestBytes,
+        });
+        entries.push(manifestEntry);
+        const facts = {
+            pack_id: packId,
+            manifest_path: manifestPath,
+            evidence_dir: evidenceDir,
+            storage_bucket: RAW_EVIDENCE_BUCKET,
+            file_count: entries.length,
+            byte_size: entries.reduce((sum, entry) => sum + entry.byte_size, 0),
+            skipped_count: skipped.length,
+            content_kinds: [...new Set(entries.map((entry) => entry.kind))],
+            pointers: entries.map(pointerFromEntry),
+            upload_files: entries.map((entry) => ({
+                pointer: pointerFromEntry(entry),
+                local_path: entry.local_path,
+            })),
+        };
+        return {
+            facts,
+            scan: makeRawEvidenceScan({
+                context,
+                startedAt,
+                status: entries.length > 1 ? "ok" : "partial",
+                facts,
+            }),
+        };
+    }
+    catch (error) {
+        const scan = SourceScanResultSchema.parse({
+            adapter: makeSourceAdapterIdentity("collector_runtime", "raw-evidence-pack"),
+            work_context_id: context.workContextId,
+            status: "failed",
+            started_at: startedAt,
+            finished_at: context.now.toISOString(),
+            diagnostic_labels: [
+                `raw_evidence_failed:${error instanceof Error ? error.message : String(error)}`,
+            ],
+        });
+        return { scan, facts: null };
+    }
+}
+function makeRawEvidenceScan(options) {
+    return SourceScanResultSchema.parse({
+        adapter: makeSourceAdapterIdentity("collector_runtime", "raw-evidence-pack"),
+        work_context_id: options.context.workContextId,
+        status: options.status,
+        started_at: options.startedAt,
+        finished_at: options.context.now.toISOString(),
+        events: [
+            {
+                source_event_id: `raw-evidence-pack:${options.facts.pack_id}`,
+                event_type: "raw_evidence_pack_written",
+                occurred_at: options.context.now.toISOString(),
+                redaction: {
+                    privacy_classification: "remote_durable_raw_evidence",
+                    redaction_status: "raw_remote_durable",
+                    redacted_fields: ["local_path"],
+                    raw_evidence_pointer_ids: options.facts.pointers.map((pointer) => pointer.raw_evidence_pointer_id),
+                    redacted_summary: "Raw prompt/response/tool/session/diff evidence harvested to a private durable remote evidence pack.",
+                },
+                raw_evidence_pointers: options.facts.pointers,
+            },
+        ],
+        diagnostic_labels: [
+            `pack_id:${options.facts.pack_id}`,
+            `files:${options.facts.file_count}`,
+            `bytes:${options.facts.byte_size}`,
+            `skipped:${options.facts.skipped_count}`,
+            ...options.facts.content_kinds.map((kind) => `kind:${kind}`),
+        ],
+    });
+}
+async function collectCodexJsonlFiles(options) {
+    const sessionsDir = options.sessionsDir ?? path.join(os.homedir(), ".codex", "sessions");
+    const cutoffMs = options.context.now.getTime() - options.sinceMinutes * 60 * 1000;
+    const files = (await walkJsonlFiles(sessionsDir, cutoffMs)).slice(0, options.limit);
+    let index = 0;
+    for (const filePath of files) {
+        const fileName = path.basename(filePath);
+        if (isSecretLikePath(fileName)) {
+            options.skipped.push({
+                kind: "codex_jsonl",
+                label: fileName,
+                reason: "secret_like_file_name",
+            });
+            continue;
+        }
+        const raw = await fs.readFile(filePath);
+        if (containsSecretLikeContent(raw.toString("utf8"))) {
+            options.skipped.push({
+                kind: "codex_jsonl",
+                label: fileName,
+                reason: "secret_like_content_guard",
+            });
+            continue;
+        }
+        index += 1;
+        const relativePath = path.join("files", `${String(index).padStart(3, "0")}-${shortHash(filePath)}-${fileName}`);
+        const destination = path.join(options.filesDir, path.basename(relativePath));
+        await fs.writeFile(destination, raw, { mode: 0o600 });
+        await chmodPrivate(destination, 0o600);
+        options.entries.push(evidenceEntry({
+            kind: "codex_jsonl",
+            packId: options.packId,
+            operatorId: options.context.operatorId,
+            workContextId: options.context.workContextId,
+            localPath: destination,
+            relativePath,
+            mediaType: "application/jsonl",
+            redactedSummary: "Raw Codex JSONL transcript with prompts, responses, tool arguments, and tool outputs preserved locally.",
+            bytes: raw,
+        }));
+    }
+}
+async function collectGitDiffFiles(options) {
+    const diffTargets = [
+        { label: "unstaged", args: ["diff", "--no-ext-diff", "--"] },
+        { label: "staged", args: ["diff", "--cached", "--no-ext-diff", "--"] },
+    ];
+    for (const target of diffTargets) {
+        const diff = await runGitDiff(target.args, options.repoRoot);
+        if (!diff.trim())
+            continue;
+        if (containsSecretLikeContent(diff)) {
+            options.skipped.push({
+                kind: "git_diff",
+                label: target.label,
+                reason: "secret_like_content_guard",
+            });
+            continue;
+        }
+        const raw = Buffer.from(diff.slice(0, MAX_GIT_DIFF_BYTES), "utf8");
+        const relativePath = path.join("files", `git-${target.label}.diff`);
+        const destination = path.join(options.filesDir, path.basename(relativePath));
+        await fs.writeFile(destination, raw, { mode: 0o600 });
+        await chmodPrivate(destination, 0o600);
+        options.entries.push(evidenceEntry({
+            kind: "git_diff",
+            packId: options.packId,
+            operatorId: options.context.operatorId,
+            workContextId: options.context.workContextId,
+            localPath: destination,
+            relativePath,
+            mediaType: "text/x-diff",
+            redactedSummary: `Raw git ${target.label} diff preserved locally with env/secret paths excluded.`,
+            bytes: raw,
+        }));
+    }
+}
+async function runGitDiff(args, repoRoot) {
+    const pathspec = [
+        ".",
+        ":(exclude).env",
+        ":(exclude).env.*",
+        ":(exclude)**/.env",
+        ":(exclude)**/.env.*",
+        ":(exclude)**/*secret*",
+        ":(exclude)**/*credential*",
+        ":(exclude)**/*private-key*",
+        ":(exclude)**/*.pem",
+        ":(exclude)**/*.key",
+    ];
+    const { stdout } = await execFileAsync("git", [...args, ...pathspec], {
+        cwd: repoRoot,
+        timeout: 3_000,
+        maxBuffer: MAX_GIT_DIFF_BYTES + 1024,
+    });
+    return stdout;
+}
+async function walkJsonlFiles(dir, cutoffMs) {
+    const out = [];
+    const stack = [dir];
+    while (stack.length > 0) {
+        const current = stack.pop();
+        if (!current || isSecretLikePath(current))
+            continue;
+        let entries;
+        try {
+            entries = await fs.readdir(current, { withFileTypes: true });
+        }
+        catch {
+            continue;
+        }
+        for (const entry of entries) {
+            const full = path.join(current, entry.name);
+            if (isSecretLikePath(full))
+                continue;
+            if (entry.isDirectory()) {
+                stack.push(full);
+                continue;
+            }
+            if (!entry.isFile() || !entry.name.endsWith(".jsonl"))
+                continue;
+            const stat = await fs.stat(full);
+            if (stat.mtimeMs >= cutoffMs)
+                out.push({ file: full, mtimeMs: stat.mtimeMs });
+        }
+    }
+    out.sort((a, b) => b.mtimeMs - a.mtimeMs);
+    return out.map((entry) => entry.file);
+}
+function makeManifest(options) {
+    return {
+        schema: "bli.local_raw_evidence_pack.v1",
+        pack_id: options.packId,
+        created_at: options.context.now.toISOString(),
+        work_context_id: options.context.workContextId,
+        session_id: options.context.sessionId,
+        operator_id: options.context.operatorId,
+        repo_basename: path.basename(options.context.repoRoot),
+        branch: options.context.branch,
+        storage_bucket: RAW_EVIDENCE_BUCKET,
+        raw_policy: {
+            raw_prompts: "preserved_private_durable_remote",
+            raw_responses: "preserved_private_durable_remote",
+            transcripts: "preserved_private_durable_remote",
+            tool_payloads: "preserved_private_durable_remote",
+            git_diffs: "preserved_private_durable_remote_env_secret_paths_excluded",
+            env_files: "never_read",
+            stdout: "manifest_only_no_raw_content",
+        },
+        files: options.entries.map(redactManifestEntry),
+        skipped: options.skipped,
+    };
+}
+function evidenceEntry(options) {
+    const digest = sha256(options.bytes);
+    return {
+        kind: options.kind,
+        local_path: options.localPath,
+        relative_path: options.relativePath,
+        object_key: remoteObjectKey({
+            operatorId: options.operatorId,
+            workContextId: options.workContextId,
+            packId: options.packId,
+            relativePath: options.relativePath,
+        }),
+        content_hash_sha256: digest,
+        byte_size: options.bytes.byteLength,
+        media_type: options.mediaType,
+        redacted_summary: options.redactedSummary,
+    };
+}
+function redactManifestEntry(entry) {
+    return {
+        kind: entry.kind,
+        relative_path: entry.relative_path,
+        object_key: entry.object_key,
+        content_hash_sha256: entry.content_hash_sha256,
+        byte_size: entry.byte_size,
+        media_type: entry.media_type,
+        redacted_summary: entry.redacted_summary,
+    };
+}
+function pointerFromEntry(entry) {
+    return {
+        raw_evidence_pointer_id: entry.object_key,
+        privacy_classification: "remote_durable_raw_evidence",
+        retention_policy: {
+            mode: RAW_EVIDENCE_RETENTION_MODE,
+            privacy_classification: "remote_durable_raw_evidence",
+        },
+        storage_scope: "remote_object",
+        storage_bucket: RAW_EVIDENCE_BUCKET,
+        object_key: entry.object_key,
+        content_hash_sha256: entry.content_hash_sha256,
+        byte_size: entry.byte_size,
+        media_type: entry.media_type,
+        redacted_summary: entry.redacted_summary,
+    };
+}
+function remoteObjectKey(options) {
+    return posixPath([
+        options.operatorId,
+        options.workContextId,
+        options.packId,
+        options.relativePath,
+    ]);
+}
+function posixPath(parts) {
+    return parts.join("/").replace(/\\/g, "/").replace(/\/+/g, "/");
+}
+function rawEvidencePackId(context) {
+    const material = [
+        context.workContextId,
+        context.sessionId,
+        context.now.toISOString(),
+    ].join(":");
+    return `${context.workContextId}-${shortHash(material)}`;
+}
+function shortHash(value) {
+    return crypto.createHash("sha256").update(value, "utf8").digest("hex").slice(0, 12);
+}
+function sha256(value) {
+    return crypto.createHash("sha256").update(value).digest("hex");
+}
+async function ensurePrivateDir(dir) {
+    await fs.mkdir(dir, { recursive: true, mode: 0o700 });
+    await chmodPrivate(dir, 0o700);
+}
+async function chmodPrivate(target, mode) {
+    if (process.platform === "win32")
+        return;
+    await fs.chmod(target, mode).catch(() => undefined);
+}
+function isSecretLikePath(value) {
+    return SECRET_FILE_SEGMENT_PATTERN.test(value);
+}

package/dist/commands/local.js

@@ -408,6 +408,7 @@ async function runOnboard(command, io) {
         writeLine(io.stdout, `Facts: ${sync.event_count}`);
         writeLine(io.stdout, `Sources: ${sync.source_scan_count}`);
         writeLine(io.stdout, `Risk flags: ${sync.risk_flag_count}`);
+        writeLine(io.stdout, `Raw evidence files: ${sync.raw_evidence_file_count}`);
         writeLine(io.stdout, "5/5 Status ready.");
         writeLine(io.stdout, `Upload state: ${status.upload_state}`);
         writeLine(io.stdout, "PASS: Cockpit collector is ready for harvest.");
@@ -566,6 +567,7 @@ async function runSync(command, io) {
         writeLine(io.stdout, `Context: ${result.work_context_id}`);
         writeLine(io.stdout, `Facts: ${result.event_count}`);
         writeLine(io.stdout, `Risk flags: ${result.risk_flag_count}`);
+        writeLine(io.stdout, `Raw evidence files: ${result.raw_evidence_file_count}`);
         return 0;
     }
     writeLine(io.stderr, "Cockpit ambient upload failed; safe retry metadata was spooled.");

package/dist/local-state.js

@@ -21,6 +21,10 @@ export async function installLocalCollector(options = {}) {
     const existingConfig = await readLocalCollectorConfig(paths).catch(() => null);
     const defaultRepoPaths = new Set(existingConfig?.default_repo_paths ?? []);
     defaultRepoPaths.add(repoRoot);
+    const rawEvidenceUpload = existingConfig?.raw_evidence_upload === "disabled" ||
+        existingConfig?.raw_evidence_upload === "remote_short_retention_opt_in"
+        ? "remote_durable_opt_in"
+        : (existingConfig?.raw_evidence_upload ?? "remote_durable_opt_in");
     const config = LocalCollectorConfigSchema.parse({
         schema_version: "telemetry-core.v1",
         dashboard_url: options.dashboardUrl ?? existingConfig?.dashboard_url ?? DEFAULT_DASHBOARD_URL,
@@ -33,7 +37,7 @@ export async function installLocalCollector(options = {}) {
         claimed_owner_email: existingConfig?.claimed_owner_email,
         operator_id: existingConfig?.operator_id,
         default_repo_paths: [...defaultRepoPaths],
-        raw_evidence_upload: existingConfig?.raw_evidence_upload ?? "disabled",
+        raw_evidence_upload: rawEvidenceUpload,
         session_file_path: paths.session_file,
         state_dir_path: paths.state_dir,
     });

package/dist/spool/local-spool.js

@@ -120,6 +120,7 @@ function parseUploadSpoolEntry(value) {
         event_count: optionalNumber(record["event_count"]),
         source_scan_count: optionalNumber(record["source_scan_count"]),
         risk_flag_count: optionalNumber(record["risk_flag_count"]),
+        raw_evidence_file_count: optionalNumber(record["raw_evidence_file_count"]),
         failure_reason: failureReason,
         retry_command: retryCommand ?? "cockpit sync",
     };

package/dist/upload.js

@@ -1,4 +1,5 @@
 import { TelemetryIngestEnvelopeSchema, TelemetryIngestEventDtoSchema, } from "@bli-cockpit/telemetry-core";
+import fs from "node:fs/promises";
 import path from "node:path";
 import { getCollectorRuntimePaths, LOCAL_COLLECTOR_VERSION, readLocalCollectorConfig, readLocalCollectorSessionFile, readLocalSessionReference, readLocalWorkContext, } from "./local-state.js";
 import { runLocalSourceCollectors } from "./adapters/local-sources.js";
@@ -46,6 +47,8 @@ export async function buildLocalAmbientEnvelope(options = {}) {
         sessionId: session.session_id,
         workContextId: uploadContext.work_context_id,
         activeWorkContext: activeContext,
+        rawEvidenceStateDir: paths.state_dir,
+        rawEvidenceSessionsDir: path.join(paths.home_dir, ".codex", "sessions"),
         now,
     });
     const binding = sourceCollection.binding;
@@ -67,6 +70,7 @@ export async function buildLocalAmbientEnvelope(options = {}) {
             gitAddedLines: sourceCollection.facts.git?.added_lines ?? 0,
             gitDeletedLines: sourceCollection.facts.git?.deleted_lines ?? 0,
             carOpenTicketCount: sourceCollection.facts.car?.open_ticket_count ?? 0,
+            rawEvidenceFacts: sourceCollection.facts.raw_evidence,
             riskFlags: safeRiskFlags,
         }),
     ];
@@ -89,6 +93,7 @@ export async function buildLocalAmbientEnvelope(options = {}) {
         source_scan_count: envelope.source_scan_results.length,
         risk_flag_count: safeRiskFlags.length,
         repo_label: repoLabel,
+        raw_evidence_upload_files: sourceCollection.facts.raw_evidence?.upload_files ?? [],
     };
 }
 export async function syncLocalAmbientEnvelope(options = {}) {
@@ -111,7 +116,15 @@ export async function syncLocalAmbientEnvelope(options = {}) {
     if (!fetchImpl) {
         throw new Error("global fetch is unavailable; use Node.js 20 or newer.");
     }
+    let uploadedRawEvidenceObjects = [];
     try {
+        uploadedRawEvidenceObjects = await uploadRawEvidenceFiles({
+            fetchImpl,
+            dashboardUrl: built.dashboard_url,
+            deviceToken: built.device_token,
+            envelope: built.envelope,
+            files: built.raw_evidence_upload_files,
+        });
         const response = await fetchImpl(`${built.dashboard_url}/api/ambient/ingest`, {
             method: "POST",
             headers: {
@@ -133,11 +146,22 @@ export async function syncLocalAmbientEnvelope(options = {}) {
             event_count: built.event_count,
             source_scan_count: built.source_scan_count,
             risk_flag_count: built.risk_flag_count,
+            raw_evidence_file_count: built.raw_evidence_upload_files.length,
             http_status: response.status,
         };
     }
     catch (error) {
         const failureReason = error instanceof Error ? error.message : String(error);
+        const cleanupFailureReason = await cleanupUploadedRawEvidenceObjects({
+            fetchImpl,
+            dashboardUrl: built.dashboard_url,
+            deviceToken: built.device_token,
+            envelope: built.envelope,
+            uploadedObjects: uploadedRawEvidenceObjects,
+        });
+        const spooledFailureReason = cleanupFailureReason
+            ? `${failureReason}; raw evidence cleanup failed: ${cleanupFailureReason}`
+            : failureReason;
         const entry = await recordUploadFailure(paths, {
             last_attempt_at: attemptedAt,
             dashboard_url: built.dashboard_url,
@@ -148,7 +172,8 @@ export async function syncLocalAmbientEnvelope(options = {}) {
             event_count: built.event_count,
             source_scan_count: built.source_scan_count,
             risk_flag_count: built.risk_flag_count,
-            failure_reason: failureReason,
+            raw_evidence_file_count: built.raw_evidence_upload_files.length,
+            failure_reason: spooledFailureReason,
             retry_command: "cockpit sync",
         });
         return {
@@ -159,7 +184,8 @@ export async function syncLocalAmbientEnvelope(options = {}) {
             event_count: built.event_count,
             source_scan_count: built.source_scan_count,
             risk_flag_count: built.risk_flag_count,
-            failure_reason: failureReason,
+            raw_evidence_file_count: built.raw_evidence_upload_files.length,
+            failure_reason: spooledFailureReason,
             spool_entry_id: entry.spool_id,
             retry_command: entry.retry_command,
         };
@@ -184,15 +210,23 @@ function makeSourceScanCompletedEvent(options) {
     if (!options.context.provenance) {
         throw new Error("Upload work context is missing provenance.");
     }
+    const rawEvidencePointers = options.rawEvidenceFacts?.pointers ?? [];
+    const hasRawEvidence = rawEvidencePointers.length > 0;
     return TelemetryIngestEventDtoSchema.parse({
         event_id: `ambient-sync:${options.context.work_context_id}:${options.generatedAt}`,
         event_type: "source_scan_completed",
         occurred_at: options.generatedAt,
         provenance: options.context.provenance,
-        privacy_classification: "metadata",
+        privacy_classification: hasRawEvidence
+            ? "remote_durable_raw_evidence"
+            : "metadata",
         redaction: {
-            privacy_classification: "metadata",
-            redaction_status: "metadata_only",
+            privacy_classification: hasRawEvidence
+                ? "remote_durable_raw_evidence"
+                : "metadata",
+            redaction_status: hasRawEvidence
+                ? "raw_remote_durable"
+                : "metadata_only",
             redacted_fields: [
                 "prompt_body",
                 "response_body",
@@ -201,10 +235,14 @@ function makeSourceScanCompletedEvent(options) {
                 "git.changed_paths",
                 "local_file_paths",
             ],
-            raw_evidence_pointer_ids: [],
-            redacted_summary: "Collector uploaded metadata-only local work, source scan, binding, and risk summaries.",
+            raw_evidence_pointer_ids: rawEvidencePointers.map((pointer) => pointer.raw_evidence_pointer_id),
+            redacted_summary: hasRawEvidence
+                ? "Collector uploaded raw evidence objects separately and sent only references, hashes, source scan, binding, and risk summaries to ingest."
+                : "Collector uploaded metadata-only local work, source scan, binding, and risk summaries.",
         },
-        redacted_summary: "Collector uploaded metadata-only source scan, ticket binding, and risk summaries.",
+        redacted_summary: hasRawEvidence
+            ? "Collector uploaded raw evidence objects separately, then sent evidence references and metadata summaries."
+            : "Collector uploaded metadata-only source scan, ticket binding, and risk summaries.",
         metrics: {
             git_changed_file_count: options.gitChangedFileCount,
             git_added_lines: options.gitAddedLines,
@@ -212,6 +250,9 @@ function makeSourceScanCompletedEvent(options) {
             car_open_ticket_count: options.carOpenTicketCount,
             source_scan_count: options.scans.length,
             risk_flag_count: options.riskFlags.length,
+            raw_evidence_file_count: options.rawEvidenceFacts?.file_count ?? 0,
+            raw_evidence_byte_size: options.rawEvidenceFacts?.byte_size ?? 0,
+            raw_evidence_skipped_count: options.rawEvidenceFacts?.skipped_count ?? 0,
         },
         attributes: {
             repo_label: options.context.repo,
@@ -221,12 +262,87 @@ function makeSourceScanCompletedEvent(options) {
             ticket_id: options.binding.selected_ticket_id ?? "unbound",
             source_adapters: options.scans.map((scan) => scan.adapter.adapter_name),
             source_statuses: options.scans.map((scan) => `${scan.adapter.adapter_name}:${scan.status}`),
-            redaction_mode: "metadata_only",
+            redaction_mode: hasRawEvidence
+                ? "remote_durable_raw_evidence"
+                : "metadata_only",
             raw_payload_included: false,
         },
         ticket_binding: options.ticketBinding ?? undefined,
         risk_flags: options.riskFlags,
-        raw_evidence_pointers: [],
+        raw_evidence_pointers: rawEvidencePointers,
+    });
+}
+async function uploadRawEvidenceFiles(options) {
+    if (options.files.length === 0)
+        return [];
+    const provenance = options.envelope.work_context.provenance;
+    if (!provenance) {
+        throw new Error("Raw evidence upload requires collector provenance.");
+    }
+    const files = await Promise.all(options.files.map(async (file) => ({
+        pointer: file.pointer,
+        content_base64: (await fs.readFile(file.local_path)).toString("base64"),
+    })));
+    const response = await options.fetchImpl(`${options.dashboardUrl}/api/ambient/evidence/upload`, {
+        method: "POST",
+        headers: {
+            "Authorization": `Bearer ${options.deviceToken}`,
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+            schema_version: "ambient-raw-evidence-upload.v1",
+            generated_at: options.envelope.generated_at,
+            provenance,
+            files,
+        }),
+    });
+    const responseBody = await readResponseJson(response);
+    if (!response.ok) {
+        throw new Error(responseErrorMessage(responseBody, `Raw evidence upload failed with HTTP ${response.status}`));
+    }
+    return readUploadedRawEvidenceObjects(responseBody);
+}
+async function cleanupUploadedRawEvidenceObjects(options) {
+    if (options.uploadedObjects.length === 0)
+        return null;
+    const provenance = options.envelope.work_context.provenance;
+    if (!provenance)
+        return "missing collector provenance";
+    try {
+        const response = await options.fetchImpl(`${options.dashboardUrl}/api/ambient/evidence/upload`, {
+            method: "DELETE",
+            headers: {
+                "Authorization": `Bearer ${options.deviceToken}`,
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                schema_version: "ambient-raw-evidence-cleanup.v1",
+                generated_at: options.envelope.generated_at,
+                provenance,
+                object_keys: options.uploadedObjects.map((object) => object.object_key),
+            }),
+        });
+        const responseBody = await readResponseJson(response);
+        if (!response.ok) {
+            return responseErrorMessage(responseBody, `Raw evidence cleanup failed with HTTP ${response.status}`);
+        }
+        return null;
+    }
+    catch (error) {
+        return error instanceof Error ? error.message : String(error);
+    }
+}
+function readUploadedRawEvidenceObjects(value) {
+    if (!value || typeof value !== "object")
+        return [];
+    const uploaded = value.uploaded;
+    if (!Array.isArray(uploaded))
+        return [];
+    return uploaded.flatMap((entry) => {
+        if (!entry || typeof entry !== "object")
+            return [];
+        const objectKey = entry.object_key;
+        return typeof objectKey === "string" && objectKey ? [{ object_key: objectKey }] : [];
     });
 }
 function makeCollectorProvenance(options) {

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@bli-cockpit/cli",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "private": false,
   "type": "module",
   "bin": {
-    "cockpit": "dist/cli.js"
+    "cockpit": "./dist/cli.js"
   },
   "files": [
     "dist/",
@@ -25,6 +25,6 @@
     "test": "node dist/cli.js --help && node ../../scripts/assert-public-package-pack.mjs --workspace=@bli-cockpit/cli"
   },
   "dependencies": {
-    "@bli-cockpit/telemetry-core": "0.1.0"
+    "@bli-cockpit/telemetry-core": "0.1.1"
   }
 }