@chenpengfei/daily-brief 0.1.2 → 0.1.3

package/CHANGELOG.md

@@ -2,6 +2,28 @@
 
 All notable changes for Formal Releases are recorded here. GitHub Release notes should be derived from the matching version entry.
 
+## 0.1.3 - 2026-06-06
+
+Patch release for runtime configuration hardening and richer local status output.
+
+### User-visible Changes
+
+- Expands `daily-brief status` into a local readiness report with setup checks, today's run state, active paths, system timezone, and the next suggested action.
+- Keeps model and Discord secrets in `auth.json` referenced by `config.yaml`, removing runtime reliance on `env:NAME`, `.env`, and `DISCORD_WEBHOOK_URL` credential paths for installed usage.
+- Reports Discord delivery as explicitly skipped when delivery is disabled or the stored webhook credential is missing.
+- Keeps `daily-brief run-once --date YYYY-MM-DD` available for manual backfills while making `daily-brief status` a no-flag inspection command.
+
+### Installation and Upgrade Notes
+
+- Upgrade with `npm install -g @chenpengfei/daily-brief@latest`.
+- Run `daily-brief setup` after upgrading if your previous model or Discord configuration used environment-backed credential references.
+- Scripted environments should write `config.yaml`, `sources.yaml`, and `auth.json` directly under `DAILY_BRIEF_HOME`; use `DAILY_BRIEF_DATA_HOME` when generated data should live elsewhere.
+
+### Known Limitations
+
+- `daily-brief status` is read-only and local: it does not collect Sources, call an LLM, refresh credentials, generate a brief, or send Discord notifications.
+- Environment variables remain limited to path overrides for installed usage: `DAILY_BRIEF_HOME` and `DAILY_BRIEF_DATA_HOME`.
+
 ## 0.1.2 - 2026-06-04
 
 Patch release for the simplified public CLI setup workflow.

package/dist/src/agent/model-runtime-config.js

@@ -1,6 +1,6 @@
 import { existsSync } from "node:fs";
 import { getOAuthApiKey, loginOpenAICodex } from "@earendil-works/pi-ai/oauth";
-import { envNameFromCredentialRef, getCredential, isEnvCredentialRef, putCredential, readCredentialStore, readModelConfig, removeCredential, writeCredentialStore } from "../config/index.js";
+import { getCredential, putCredential, readCredentialStore, readModelConfig, removeCredential, writeCredentialStore } from "../config/index.js";
 import { resolveDailyBriefPaths } from "../config/paths.js";
 export const defaultOAuthHelpers = {
     getOAuthApiKey,
@@ -10,7 +10,7 @@ export function readModelRuntimeConfig(env = process.env, options = {}) {
     const paths = resolveDailyBriefPaths(env);
     const configPath = options.configPath ?? paths.configPath;
     const authPath = options.authPath ?? paths.authPath;
-    const config = readEnvModelConfig(env) ?? (existsSync(configPath) ? readModelConfig(configPath) : undefined);
+    const config = existsSync(configPath) ? readModelConfig(configPath) : undefined;
     if (!config) {
         return {
             provider: "openai-codex",
@@ -20,7 +20,7 @@ export function readModelRuntimeConfig(env = process.env, options = {}) {
             issues: [`Model config not found: ${configPath}. Run daily-brief setup or create config.yaml with model settings.`]
         };
     }
-    const issues = credentialIssues(config.provider, config.credentialRef, env, authPath);
+    const issues = credentialIssues(config.provider, config.credentialRef, authPath);
     return {
         provider: config.provider,
         model: config.model,
@@ -38,10 +38,6 @@ export async function resolveModelApiKey(config, env = process.env, options = {}
     if (!credentialRef) {
         throw new Error(`credentialRef is required for ${config.provider}`);
     }
-    if (isEnvCredentialRef(credentialRef)) {
-        const envName = envNameFromCredentialRef(credentialRef);
-        return env[envName]?.trim();
-    }
     const authPath = options.authPath ?? resolveDailyBriefPaths(env).authPath;
     const credential = getCredential(credentialRef, authPath);
     if (!credential) {
@@ -108,17 +104,13 @@ export function statusModelCredentials(env = process.env, options = {}) {
         secret: "<redacted>"
     }));
 }
-function credentialIssues(provider, credentialRef, env, authPath) {
+function credentialIssues(provider, credentialRef, authPath) {
     if (provider === "faux") {
         return [];
     }
     if (!credentialRef) {
         return [`credentialRef is required for ${provider}`];
     }
-    if (isEnvCredentialRef(credentialRef)) {
-        const envName = envNameFromCredentialRef(credentialRef);
-        return env[envName]?.trim() ? [] : [`${envName} is required for credentialRef ${credentialRef}`];
-    }
     const credential = getCredential(credentialRef, authPath);
     if (!credential) {
         return [`Credential not found: ${credentialRef}`];
@@ -128,65 +120,6 @@ function credentialIssues(provider, credentialRef, env, authPath) {
     }
     return [];
 }
-function readEnvModelConfig(env) {
-    const provider = env.DAILY_BRIEF_MODEL_PROVIDER?.trim();
-    if (!provider) {
-        return undefined;
-    }
-    const normalizedProvider = normalizeProvider(provider, env);
-    return {
-        provider: normalizedProvider,
-        model: env.DAILY_BRIEF_MODEL?.trim() || defaultModelForProvider(normalizedProvider),
-        ...(env.DAILY_BRIEF_MODEL_BASE_URL?.trim() ? { baseUrl: env.DAILY_BRIEF_MODEL_BASE_URL.trim() } : {}),
-        ...readEnvCredentialRef(env, normalizedProvider)
-    };
-}
-function normalizeProvider(value, env) {
-    const provider = value.trim().toLowerCase();
-    if (provider === "codex" || provider === "hermes") {
-        return "openai-codex";
-    }
-    if (provider === "faux") {
-        if (env.DAILY_BRIEF_ALLOW_FAUX_PROVIDER === "true") {
-            return provider;
-        }
-        throw new Error("DAILY_BRIEF_MODEL_PROVIDER=faux is only allowed when DAILY_BRIEF_ALLOW_FAUX_PROVIDER=true");
-    }
-    if (provider === "openai-codex" || provider === "openai" || provider === "deepseek" || provider === "openai-compatible") {
-        return provider;
-    }
-    throw new Error(`Unsupported DAILY_BRIEF_MODEL_PROVIDER: ${value}`);
-}
-function defaultModelForProvider(provider) {
-    if (provider === "openai-codex") {
-        return "gpt-5.5";
-    }
-    if (provider === "openai") {
-        return "gpt-4.1-mini";
-    }
-    if (provider === "deepseek") {
-        return "deepseek-chat";
-    }
-    if (provider === "openai-compatible") {
-        return "openai-compatible-model";
-    }
-    return "faux-daily-brief-renderer";
-}
-function defaultCredentialRefForProvider(provider) {
-    if (provider === "faux") {
-        return undefined;
-    }
-    if (provider === "openai") {
-        return "env:OPENAI_API_KEY";
-    }
-    if (provider === "deepseek") {
-        return "env:DEEPSEEK_API_KEY";
-    }
-    if (provider === "openai-compatible") {
-        return "env:OPENAI_API_KEY";
-    }
-    return "openai-codex.default";
-}
 function persistRefreshedOAuthCredential(ref, credential, credentials, authPath) {
     const store = readCredentialStore(authPath);
     const previous = store.credentials[ref];
@@ -198,11 +131,6 @@ function persistRefreshedOAuthCredential(ref, credential, credentials, authPath)
     };
     writeCredentialStore(store, authPath);
 }
-function readEnvCredentialRef(env, provider) {
-    const credentialRef = env.DAILY_BRIEF_MODEL_CREDENTIAL_REF?.trim() ||
-        defaultCredentialRefForProvider(provider);
-    return credentialRef ? { credentialRef } : {};
-}
 function promptForOAuth(io, message) {
     if (!io.prompt) {
         throw new Error(`OAuth login requires interactive input: ${message}`);

package/dist/src/cli.js

@@ -6,8 +6,7 @@ import { createInterface } from "node:readline/promises";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import { stringify } from "yaml";
 import { loginModelCredential, readModelRuntimeConfig, runOnce, toApiKeyCredential } from "./agent/index.js";
-import { resolveConfiguredWebhookUrl } from "./discord/index.js";
-import { defaultModelConfig, dateFromDateKey, formatDateKey, formatSourceRegistry, isEnvCredentialRef, loadSourceRegistry, putCredential, readDeliveryConfig, readDailyBriefConfig, readConfiguredTimezone, getCredential, resolveDailyBriefPaths, setSourceEnabled, validateSourceRegistry, writeDeliveryConfig, writeCredentialStore, writeModelConfig } from "./config/index.js";
+import { defaultModelConfig, dateFromDateKey, formatDateKey, formatSourceRegistry, loadSourceRegistry, putCredential, readDeliveryConfig, readDailyBriefConfig, getCredential, resolveDailyBriefPaths, setSourceEnabled, validateSourceRegistry, writeDeliveryConfig, writeCredentialStore, writeModelConfig } from "./config/index.js";
 import { getOperationalStatus } from "./workflow/index.js";
 const consoleIo = {
     interactive: Boolean(processStdin.isTTY && processStdout.isTTY),
@@ -32,11 +31,6 @@ const consoleIo = {
 };
 export async function runCli(args, io = consoleIo, env = process.env) {
     const [command, subcommand, value] = args;
-    const workflowFlags = parseFlags(args.slice(1));
-    const options = {
-        ...optionsFromEnv(env),
-        ...readWorkflowDateOption(workflowFlags, env)
-    };
     if (!command || command === "help" || command === "--help" || command === "-h") {
         printHelp(io);
         return;
@@ -46,6 +40,11 @@ export async function runCli(args, io = consoleIo, env = process.env) {
         return;
     }
     if (command === "run-once") {
+        const workflowFlags = parseFlags(args.slice(1));
+        const options = {
+            ...optionsFromEnv(env),
+            ...readWorkflowDateOption(workflowFlags)
+        };
         await assertWorkflowConfigured(options.sourceRegistryPath);
         io.stdout("Daily Brief run started");
         io.stdout(`Date: ${options.dateKey}`);
@@ -74,14 +73,16 @@ export async function runCli(args, io = consoleIo, env = process.env) {
         return;
     }
     if (command === "status") {
-        const status = await getOperationalStatus(options);
-        io.stdout(`${status.health}: ${status.message}`);
-        for (const failure of status.materialPartialFailures) {
-            io.stdout(`- ${failure}`);
+        if (args.length > 1) {
+            throw new Error("daily-brief status does not accept flags.");
         }
+        const options = optionsFromEnv(env);
+        const status = await getOperationalStatus(options);
+        printOperationalStatus(status, io);
         return;
     }
     if (command === "sources") {
+        const options = optionsFromEnv(env);
         await handleSourcesCommand(subcommand, value, io, options.sourceRegistryPath);
         return;
     }
@@ -116,7 +117,52 @@ function countAgentStageEvents(events) {
 function formatDeliveryStatus(delivery) {
     return `${delivery.status}${delivery.reason ? ` (${delivery.reason})` : ""}`;
 }
-function readWorkflowDateOption(flags, env) {
+function printOperationalStatus(status, io) {
+    io.stdout("Daily Brief status");
+    io.stdout(`Health: ${status.health} - ${status.message}`);
+    io.stdout(`Date: ${status.dateKey}`);
+    io.stdout(`System timezone: ${status.systemTimezone}`);
+    io.stdout(`Home: ${status.paths.home}`);
+    io.stdout(`Data: ${status.paths.dataHome}`);
+    io.stdout("");
+    io.stdout("Setup readiness");
+    io.stdout(formatStatusCheck("Config", status.setup.config));
+    io.stdout(formatSourceRegistryCheck(status.setup.sourceRegistry));
+    io.stdout(formatModelCheck(status.setup.model));
+    io.stdout(formatStatusCheck("Delivery", status.setup.delivery));
+    io.stdout(formatStatusCheck("Data", status.setup.data));
+    io.stdout("");
+    io.stdout("Today run state");
+    io.stdout(formatStatusCheck("Source Items", status.today.sourceItems));
+    io.stdout(formatStatusCheck("Brief Archive", status.today.briefArchive));
+    io.stdout(formatStatusCheck("Agent Run Artifacts", status.today.agentRunArtifacts));
+    io.stdout("");
+    io.stdout(`Next: ${status.nextAction}`);
+    for (const failure of status.materialPartialFailures) {
+        io.stdout(`- ${failure}`);
+    }
+}
+function formatStatusCheck(label, check) {
+    const detail = check.detail ? ` - ${check.detail}` : "";
+    const path = check.path ? ` (${check.path})` : "";
+    return `- ${label}: ${check.state} - ${check.label}${detail}${path}`;
+}
+function formatSourceRegistryCheck(check) {
+    const counts = typeof check.enabledCount === "number" && typeof check.totalCount === "number"
+        ? ` - ${check.enabledCount}/${check.totalCount} enabled`
+        : "";
+    const detail = check.detail && !counts.includes(check.detail) ? ` - ${check.detail}` : "";
+    const path = check.path ? ` (${check.path})` : "";
+    return `- Source Registry: ${check.state} - ${check.label}${counts}${detail}${path}`;
+}
+function formatModelCheck(check) {
+    const selected = check.provider && check.model ? ` - ${check.provider}/${check.model}` : "";
+    const credential = check.credentialRef ? ` - credential ${check.credentialRef}` : "";
+    const detail = check.detail ? ` - ${check.detail}` : "";
+    const path = check.path ? ` (${check.path})` : "";
+    return `- Model: ${check.state} - ${check.label}${selected}${credential}${detail}${path}`;
+}
+function readWorkflowDateOption(flags) {
     if (flags.date) {
         if (!/^\d{4}-\d{2}-\d{2}$/.test(flags.date)) {
             throw new Error("--date must use YYYY-MM-DD");
@@ -124,8 +170,7 @@ function readWorkflowDateOption(flags, env) {
         return { date: dateFromDateKey(flags.date), dateKey: flags.date };
     }
     const now = new Date();
-    const paths = resolveDailyBriefPaths(env);
-    const timezone = readConfiguredTimezone(paths.configPath) ?? env.TZ ?? Intl.DateTimeFormat().resolvedOptions().timeZone;
+    const timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
     return { date: now, dateKey: formatDateKey(now, timezone) };
 }
 async function assertWorkflowConfigured(sourceRegistryPath) {
@@ -208,14 +253,12 @@ async function handleSetupCommand(args, io, env) {
     requireInteractiveSetup(io);
     const paths = resolveDailyBriefPaths(env);
     const existingConfig = readDailyBriefConfig(paths.configPath);
-    const timezone = await promptWithDefault(io, "Timezone", readConfiguredTimezone(paths.configPath) ?? env.TZ?.trim() ?? Intl.DateTimeFormat().resolvedOptions().timeZone ?? "UTC");
     await mkdir(paths.home, { recursive: true });
     await mkdir(paths.sourceItemRoot, { recursive: true });
     await mkdir(paths.agentRunRoot, { recursive: true });
     await mkdir(paths.briefArchiveRoot, { recursive: true });
     await writeSetupBaseConfig(paths.configPath, {
         ...existingConfig,
-        timezone,
         brief: normalizeBriefConfig(existingConfig.brief)
     });
     if (!(await exists(paths.authPath))) {
@@ -254,7 +297,6 @@ async function handleSetupCommand(args, io, env) {
     const delivery = readDeliveryConfig(paths.configPath);
     io.stdout(`Daily Brief home: ${paths.home}`);
     io.stdout(`Daily Brief data: ${paths.dataHome}`);
-    io.stdout(`Timezone: ${timezone}`);
     io.stdout(`Source Registry: ${paths.sourceRegistryPath}`);
     io.stdout(`Model: ${readiness.provider}/${readiness.model}`);
     io.stdout(`Model credential: ${readiness.ready ? "configured" : "missing"}`);
@@ -292,7 +334,7 @@ async function configureModelThroughSetup(io, env) {
     const current = readDailyBriefConfig(paths.configPath).model ?? defaultModelConfig();
     const provider = readProviderFlag(await promptWithDefault(io, "LLM Provider (openai-codex/openai/deepseek/openai-compatible)", current.provider));
     const model = await promptWithDefault(io, "Model", current.provider === provider ? current.model : defaultModelForProvider(provider));
-    io.stdout("Credential name identifies where Daily Brief finds the model secret. Use the default unless you manage multiple credentials; env:NAME reads an environment variable.");
+    io.stdout("Credential name identifies where Daily Brief finds the model secret in auth.json. Use the default unless you manage multiple credentials.");
     const credentialRef = await promptWithDefault(io, "Model credential name", current.provider === provider ? current.credentialRef ?? defaultCredentialRef(provider) ?? "" : defaultCredentialRef(provider) ?? "");
     const baseUrl = provider === "openai-compatible"
         ? await promptWithDefault(io, "Base URL", current.provider === provider ? current.baseUrl ?? "" : "")
@@ -335,25 +377,6 @@ async function maybeConfigureModelCredential(input) {
         }
         return;
     }
-    if (isEnvCredentialRef(input.credentialRef)) {
-        const hasEnvValue = Boolean(input.env[input.credentialRef.slice("env:".length)]?.trim());
-        if (hasEnvValue) {
-            input.io.stdout("Model credential: configured from environment");
-            return;
-        }
-        if (!(await promptYesNo(input.io, "Store API key in credential store instead of using the environment?", false))) {
-            input.io.stdout("Model credential: missing until the environment variable is set");
-            return;
-        }
-        const storedRef = await promptWithDefault(input.io, "Stored credential name", `${input.provider}.default`);
-        const apiKey = await promptWithDefault(input.io, "API key input may be visible in this terminal. API key", "");
-        if (apiKey) {
-            putCredential(storedRef, toApiKeyCredential(input.provider, apiKey), paths.authPath);
-            writeModelConfig({ ...readDailyBriefConfig(paths.configPath).model, credentialRef: storedRef }, paths.configPath);
-            input.io.stdout(`Stored credential: ${storedRef}`);
-        }
-        return;
-    }
     if (getCredential(input.credentialRef, paths.authPath)) {
         input.io.stdout("Model credential: configured");
         return;
@@ -499,13 +522,13 @@ function defaultCredentialRef(provider) {
         return undefined;
     }
     if (provider === "openai") {
-        return "env:OPENAI_API_KEY";
+        return "openai.default";
     }
     if (provider === "deepseek") {
-        return "env:DEEPSEEK_API_KEY";
+        return "deepseek.default";
     }
     if (provider === "openai-compatible") {
-        return "env:OPENAI_API_KEY";
+        return "openai-compatible.default";
     }
     return defaultModelConfig().credentialRef;
 }
@@ -518,63 +541,19 @@ async function promptWithDefault(io, label, defaultValue) {
 }
 function optionsFromEnv(env) {
     const paths = resolveDailyBriefPaths(env);
-    const discordWebhookUrl = resolveConfiguredWebhookUrl(env);
     return {
+        env,
+        dataHome: paths.dataHome,
+        configPath: paths.configPath,
+        authPath: paths.authPath,
         sourceRegistryPath: paths.sourceRegistryPath,
         sourceItemRoot: paths.sourceItemRoot,
         agentRunRoot: paths.agentRunRoot,
         archiveRoot: paths.briefArchiveRoot,
         modelRuntimeEnv: env,
-        discordEnv: env,
-        ...(discordWebhookUrl ? { discordWebhookUrl } : {}),
-        ...(env.DAILY_BRIEF_DISCORD_TEMPLATE_PATH ? { discordTemplatePath: env.DAILY_BRIEF_DISCORD_TEMPLATE_PATH } : {})
+        discordEnv: env
     };
 }
-export async function loadDotenvFile(path = ".env", env = process.env) {
-    let contents;
-    try {
-        contents = await readFile(path, "utf8");
-    }
-    catch (error) {
-        if (isNodeError(error) && error.code === "ENOENT") {
-            return;
-        }
-        throw error;
-    }
-    for (const line of contents.split("\n")) {
-        const entry = parseDotenvLine(line);
-        if (!entry || env[entry.key] !== undefined) {
-            continue;
-        }
-        env[entry.key] = entry.value;
-    }
-}
-function parseDotenvLine(line) {
-    const trimmed = line.trim();
-    if (trimmed.length === 0 || trimmed.startsWith("#")) {
-        return undefined;
-    }
-    const equalsIndex = trimmed.indexOf("=");
-    if (equalsIndex <= 0) {
-        return undefined;
-    }
-    const key = trimmed.slice(0, equalsIndex).trim();
-    const rawValue = trimmed.slice(equalsIndex + 1).trim();
-    if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) {
-        return undefined;
-    }
-    return { key, value: unquoteDotenvValue(rawValue) };
-}
-function unquoteDotenvValue(value) {
-    if (value.length >= 2) {
-        const quote = value[0];
-        const last = value[value.length - 1];
-        if ((quote === "\"" || quote === "'") && last === quote) {
-            return value.slice(1, -1);
-        }
-    }
-    return value;
-}
 function isNodeError(error) {
     return error instanceof Error && "code" in error;
 }
@@ -601,7 +580,6 @@ isCliEntrypoint(process.argv[1])
     if (!isEntrypoint) {
         return false;
     }
-    await loadDotenvFile();
     await runCli(process.argv.slice(2));
     return true;
 })

package/dist/src/config/credential-store.js

@@ -38,9 +38,6 @@ export function removeCredential(ref, path = resolveDailyBriefPaths().authPath)
     return store;
 }
 export function getCredential(ref, path = resolveDailyBriefPaths().authPath) {
-    if (isEnvCredentialRef(ref)) {
-        return undefined;
-    }
     assertStoredCredentialRef(ref);
     return readCredentialStore(path).credentials[ref];
 }
@@ -54,18 +51,9 @@ export function redactCredentialStore(store) {
         }
     ]));
 }
-export function isEnvCredentialRef(ref) {
-    return ref.startsWith("env:") && ref.slice("env:".length).trim().length > 0;
-}
-export function envNameFromCredentialRef(ref) {
-    if (!isEnvCredentialRef(ref)) {
-        throw new Error(`Credential reference is not an env ref: ${ref}`);
-    }
-    return ref.slice("env:".length).trim();
-}
 export function assertStoredCredentialRef(ref) {
-    if (isEnvCredentialRef(ref)) {
-        throw new Error(`Credential reference ${ref} is environment-backed and cannot be stored in auth.json`);
+    if (ref.startsWith("env:")) {
+        throw new Error(`Credential reference ${ref} is not supported; use a stored credential name in auth.json`);
     }
     if (!/^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(ref)) {
         throw new Error(`Invalid credentialRef: ${ref}`);

package/dist/src/config/model-config.js

@@ -16,10 +16,6 @@ export function readDailyBriefConfig(path = resolveDailyBriefPaths().configPath)
 export function readModelConfig(path = resolveDailyBriefPaths().configPath) {
     return readDailyBriefConfig(path).model;
 }
-export function readConfiguredTimezone(path = resolveDailyBriefPaths().configPath) {
-    const timezone = readDailyBriefConfig(path).timezone;
-    return typeof timezone === "string" && timezone.trim().length > 0 ? timezone.trim() : undefined;
-}
 export function writeModelConfig(config, path = resolveDailyBriefPaths().configPath) {
     const current = readDailyBriefConfig(path);
     const next = {
@@ -72,6 +68,9 @@ export function parseModelConfig(value) {
     if ("apiKey" in value || "secret" in value || "accessToken" in value || "refreshToken" in value) {
         throw new Error("config.model must not contain secrets; use auth.json via credentialRef");
     }
+    if (credentialRef?.startsWith("env:")) {
+        throw new Error("config.model.credentialRef must be a stored credential name, not env:NAME");
+    }
     if (provider === "openai-compatible" && !baseUrl) {
         throw new Error("config.model.baseUrl is required when provider is openai-compatible");
     }
@@ -94,10 +93,11 @@ function readProvider(value) {
     if (provider === "codex" || provider === "hermes") {
         return "openai-codex";
     }
-    if (provider === "faux") {
-        throw new Error("config.model.provider must not be faux; faux is only available through test-only runtime injection");
-    }
-    if (provider === "openai-codex" || provider === "openai" || provider === "deepseek" || provider === "openai-compatible") {
+    if (provider === "faux" ||
+        provider === "openai-codex" ||
+        provider === "openai" ||
+        provider === "deepseek" ||
+        provider === "openai-compatible") {
         return provider;
     }
     throw new Error(`Unsupported model provider: ${provider}`);

package/dist/src/discord/delivery.js

@@ -22,7 +22,7 @@ export async function deliverCoreFailureNotification(failure, options = {}) {
 async function sendDiscordContent(content, options) {
     const webhookUrl = options.webhookUrl ?? resolveConfiguredWebhookUrl(options.env ?? process.env);
     if (!webhookUrl) {
-        return { status: "skipped", reason: "DISCORD_WEBHOOK_URL is not configured" };
+        return { status: "skipped", reason: "Discord delivery webhook is not configured" };
     }
     try {
         const fetchImpl = options.fetchImpl ?? fetch;
@@ -67,9 +67,6 @@ export function resolveConfiguredWebhookUrl(env = process.env) {
     if (config?.enabled === false) {
         return undefined;
     }
-    if (env.DISCORD_WEBHOOK_URL) {
-        return env.DISCORD_WEBHOOK_URL;
-    }
     if (!config?.enabled || !config.webhookRef) {
         return undefined;
     }

package/dist/src/workflow/status.js

@@ -1,6 +1,9 @@
-import { readFile } from "node:fs/promises";
-import { join } from "node:path";
-import { loadSourceRegistry, resolveDailyBriefPaths } from "../config/index.js";
+import { constants } from "node:fs";
+import { access, readdir } from "node:fs/promises";
+import { dirname, join } from "node:path";
+import { readModelRuntimeConfig } from "../agent/model-runtime-config.js";
+import { formatDateKey, getCredential, loadSourceRegistry, readDeliveryConfig, resolveDailyBriefPaths } from "../config/index.js";
+import { agentRunArtifactPath, readSourceItems, sourceItemStorePath } from "../storage/index.js";
 export function evaluateWorkflowStatus(input) {
     if (input.coreFailure) {
         return {
@@ -50,46 +53,282 @@ export function createCoreWorkflowFailureNotification(failure) {
 }
 export async function getOperationalStatus(options = {}) {
     const date = options.date ?? new Date();
+    const systemTimezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
+    const dateKey = options.dateKey ?? formatDateKey(date, systemTimezone);
+    const resolvedPaths = resolveDailyBriefPaths(options.env);
+    const paths = {
+        ...resolvedPaths,
+        ...(options.dataHome ? { dataHome: options.dataHome } : {}),
+        ...(options.configPath ? { configPath: options.configPath } : {}),
+        ...(options.authPath ? { authPath: options.authPath } : {}),
+        ...(options.sourceRegistryPath ? { sourceRegistryPath: options.sourceRegistryPath } : {}),
+        ...(options.sourceItemRoot ? { sourceItemRoot: options.sourceItemRoot } : {}),
+        ...(options.agentRunRoot ? { agentRunRoot: options.agentRunRoot } : {}),
+        ...(options.archiveRoot ? { briefArchiveRoot: options.archiveRoot } : {})
+    };
+    const archivePath = briefArchivePath(date, paths.briefArchiveRoot, dateKey);
+    const sourceItemPath = sourceItemStorePath(date, paths.sourceItemRoot, dateKey);
+    const agentRunDirectory = dirname(agentRunArtifactPath(date, "status-probe", paths.agentRunRoot, dateKey));
+    const setup = {
+        config: await inspectConfig(paths.configPath),
+        sourceRegistry: await inspectSourceRegistry(paths.sourceRegistryPath),
+        model: inspectModel(paths.configPath, paths.authPath, options.env),
+        delivery: inspectDelivery(paths.configPath, paths.authPath),
+        data: await inspectDataDirectory(paths.dataHome)
+    };
+    const today = {
+        sourceItems: await inspectSourceItems(date, paths.sourceItemRoot, dateKey, sourceItemPath),
+        briefArchive: await inspectBriefArchive(archivePath),
+        agentRunArtifacts: await inspectAgentRunArtifacts(agentRunDirectory)
+    };
+    const nextAction = chooseNextAction(setup, today);
+    const workflow = summarizeOperationalStatus(dateKey, setup, today);
+    return {
+        ...workflow,
+        dateKey,
+        systemTimezone,
+        paths: {
+            home: paths.home,
+            dataHome: paths.dataHome,
+            configPath: paths.configPath,
+            sourceRegistryPath: paths.sourceRegistryPath,
+            authPath: paths.authPath,
+            sourceItemRoot: paths.sourceItemRoot,
+            agentRunRoot: paths.agentRunRoot,
+            archiveRoot: paths.briefArchiveRoot
+        },
+        setup,
+        today,
+        nextAction
+    };
+}
+function isMaterialPartialFailure(message) {
+    const normalized = message.toLowerCase();
+    const nonMaterialPatterns = ["missing transcript", "transcript missing", "rate limit", "parse failure"];
+    return !nonMaterialPatterns.some((pattern) => normalized.includes(pattern));
+}
+function briefArchivePath(date, root, dateKey) {
+    const datePart = dateKey ?? date.toISOString().slice(0, 10);
+    const [year, month] = datePart.split("-");
+    if (!year || !month) {
+        throw new Error(`Invalid archive date: ${datePart}`);
+    }
+    return join(root, year, month, `${datePart}.md`);
+}
+async function inspectConfig(path) {
+    return (await canRead(path))
+        ? { state: "ok", label: "Config file found", path }
+        : { state: "missing", label: "Config file missing", path };
+}
+async function inspectSourceRegistry(path) {
+    try {
+        const registry = await loadSourceRegistry(path);
+        const enabledCount = registry.sources.filter((source) => source.enabled).length;
+        return {
+            state: "ok",
+            label: "Source Registry valid",
+            path,
+            enabledCount,
+            totalCount: registry.sources.length,
+            detail: `${enabledCount}/${registry.sources.length} enabled`
+        };
+    }
+    catch (error) {
+        return {
+            state: (await canRead(path)) ? "invalid" : "missing",
+            label: (await canRead(path)) ? "Source Registry invalid" : "Source Registry missing",
+            path,
+            detail: error instanceof Error ? error.message : String(error)
+        };
+    }
+}
+function inspectModel(configPath, authPath, env) {
+    try {
+        const model = readModelRuntimeConfig(env, { configPath, authPath });
+        return {
+            state: model.ready ? "ok" : "not-ready",
+            label: model.ready ? "Model ready" : "Model not ready",
+            path: configPath,
+            provider: model.provider,
+            model: model.model,
+            ...(model.credentialRef ? { credentialRef: model.credentialRef } : {}),
+            ...(model.issues.length > 0 ? { detail: model.issues.join("; ") } : {})
+        };
+    }
+    catch (error) {
+        return {
+            state: "invalid",
+            label: "Model config invalid",
+            path: configPath,
+            detail: error instanceof Error ? error.message : String(error)
+        };
+    }
+}
+function inspectDelivery(configPath, authPath) {
+    try {
+        const delivery = readDeliveryConfig(configPath);
+        if (!delivery?.enabled) {
+            return { state: "disabled", label: "Discord delivery disabled", path: configPath };
+        }
+        if (!delivery.webhookRef) {
+            return { state: "not-ready", label: "Discord delivery missing webhook credential name", path: configPath };
+        }
+        const credential = getCredential(delivery.webhookRef, authPath);
+        if (!credential) {
+            return {
+                state: "not-ready",
+                label: "Discord delivery webhook credential missing",
+                path: authPath,
+                detail: delivery.webhookRef
+            };
+        }
+        if (credential.type !== "webhook" || credential.provider !== "discord") {
+            return {
+                state: "invalid",
+                label: "Discord delivery credential is not a webhook",
+                path: authPath,
+                detail: delivery.webhookRef
+            };
+        }
+        return { state: "ok", label: "Discord delivery ready", path: authPath, detail: delivery.webhookRef };
+    }
+    catch (error) {
+        return {
+            state: "invalid",
+            label: "Discord delivery config invalid",
+            path: configPath,
+            detail: error instanceof Error ? error.message : String(error)
+        };
+    }
+}
+async function inspectDataDirectory(path) {
+    try {
+        await access(path, constants.W_OK);
+        return { state: "ok", label: "Data directory writable", path };
+    }
+    catch (error) {
+        return {
+            state: (await canRead(path)) ? "not-ready" : "missing",
+            label: (await canRead(path)) ? "Data directory is not writable" : "Data directory missing",
+            path,
+            detail: error instanceof Error ? error.message : String(error)
+        };
+    }
+}
+async function inspectSourceItems(date, root, dateKey, path) {
     try {
-        await loadSourceRegistry(options.sourceRegistryPath);
+        const items = await readSourceItems(date, root, dateKey);
+        return items.length > 0
+            ? { state: "ok", label: "Source Items found", path, itemCount: items.length, detail: `${items.length} item(s)` }
+            : { state: "missing", label: "No Source Items for today", path, itemCount: 0 };
     }
     catch (error) {
+        return {
+            state: "invalid",
+            label: "Source Items invalid",
+            path,
+            detail: error instanceof Error ? error.message : String(error)
+        };
+    }
+}
+async function inspectBriefArchive(path) {
+    return (await canRead(path))
+        ? { state: "ok", label: "Daily Brief archive found", path }
+        : { state: "missing", label: "No Daily Brief archive for today", path };
+}
+async function inspectAgentRunArtifacts(directory) {
+    try {
+        const files = (await readdir(directory)).filter((file) => file.endsWith(".json"));
+        return files.length > 0
+            ? {
+                state: "ok",
+                label: "Agent Run Artifacts found",
+                path: join(directory, files[files.length - 1] ?? ""),
+                fileCount: files.length,
+                detail: `${files.length} artifact(s)`
+            }
+            : { state: "missing", label: "No Agent Run Artifacts for today", path: directory, fileCount: 0 };
+    }
+    catch (error) {
+        if (isNodeError(error) && error.code === "ENOENT") {
+            return { state: "missing", label: "No Agent Run Artifacts for today", path: directory, fileCount: 0 };
+        }
+        return {
+            state: "invalid",
+            label: "Agent Run Artifacts unreadable",
+            path: directory,
+            detail: error instanceof Error ? error.message : String(error)
+        };
+    }
+}
+function summarizeOperationalStatus(dateKey, setup, today) {
+    if (setup.sourceRegistry.state === "missing" || setup.sourceRegistry.state === "invalid") {
         return evaluateWorkflowStatus({
             collectionResults: [],
             briefGenerated: false,
             coreFailure: {
                 kind: "unreadable-source-registry",
-                message: error instanceof Error ? error.message : String(error)
+                message: setup.sourceRegistry.detail ?? `${setup.sourceRegistry.label}: ${setup.sourceRegistry.path}`
             }
         });
     }
-    const archivePath = briefArchivePath(date, options.archiveRoot ?? resolveDailyBriefPaths().briefArchiveRoot, options.dateKey);
-    try {
-        await readFile(archivePath, "utf8");
+    const setupReady = setup.config.state === "ok" &&
+        setup.model.state === "ok" &&
+        setup.data.state === "ok" &&
+        (setup.delivery.state === "ok" || setup.delivery.state === "disabled");
+    if (!setupReady) {
+        return {
+            health: "partial-failure",
+            message: "Daily Brief setup is incomplete.",
+            materialPartialFailures: []
+        };
     }
-    catch {
+    if (today.briefArchive.state !== "ok") {
         return {
             health: "partial-failure",
-            message: `No Daily Brief archived for ${options.dateKey ?? date.toISOString().slice(0, 10)} yet.`,
+            message: `No Daily Brief archived for ${dateKey} yet.`,
             materialPartialFailures: []
         };
     }
     return {
         health: "success",
-        message: `Daily Brief archive exists for ${options.dateKey ?? date.toISOString().slice(0, 10)}.`,
+        message: `Daily Brief archive exists for ${dateKey}.`,
         materialPartialFailures: []
     };
 }
-function isMaterialPartialFailure(message) {
-    const normalized = message.toLowerCase();
-    const nonMaterialPatterns = ["missing transcript", "transcript missing", "rate limit", "parse failure"];
-    return !nonMaterialPatterns.some((pattern) => normalized.includes(pattern));
+function chooseNextAction(setup, today) {
+    if (setup.config.state !== "ok") {
+        return "daily-brief setup";
+    }
+    if (setup.sourceRegistry.state !== "ok") {
+        return setup.sourceRegistry.state === "missing" ? "daily-brief setup" : "daily-brief sources validate";
+    }
+    if (setup.sourceRegistry.enabledCount === 0) {
+        return "daily-brief sources list, then daily-brief sources enable <source-id>";
+    }
+    if (setup.model.state !== "ok") {
+        return "daily-brief setup";
+    }
+    if (setup.data.state !== "ok") {
+        return `Check data directory permissions: ${setup.data.path}`;
+    }
+    if (setup.delivery.state === "not-ready" || setup.delivery.state === "invalid") {
+        return "daily-brief setup";
+    }
+    if (today.briefArchive.state !== "ok") {
+        return "daily-brief run-once";
+    }
+    return "No action needed";
 }
-function briefArchivePath(date, root, dateKey) {
-    const datePart = dateKey ?? date.toISOString().slice(0, 10);
-    const [year, month] = datePart.split("-");
-    if (!year || !month) {
-        throw new Error(`Invalid archive date: ${datePart}`);
+async function canRead(path) {
+    try {
+        await access(path, constants.R_OK);
+        return true;
     }
-    return join(root, year, month, `${datePart}.md`);
+    catch {
+        return false;
+    }
+}
+function isNodeError(error) {
+    return error instanceof Error && "code" in error;
 }

package/docs/operations.md

@@ -36,20 +36,16 @@ npm run cli -- run-once
 npm run cli -- status
 ```
 
-`sources list` confirms which Sources are enabled, including the default `github-trending-daily` Source. `run-once` performs collection, brief generation, archive writing, and Discord Delivery once. `status` reports operational health after the run.
+`sources list` confirms which Sources are enabled, including the default `github-trending-daily` Source. `run-once` performs collection, brief generation, archive writing, and Discord Delivery once. `status` reports setup readiness, today's run state, active paths, and the next suggested action.
 
-Discord Delivery uses the configured credential reference, or `DISCORD_WEBHOOK_URL` from the shell environment or local `.env`; `.env` is loaded automatically by the Operational CLI and does not need to be sourced manually. An explicit `delivery.enabled: false` in `config.yaml` disables delivery and takes precedence over `DISCORD_WEBHOOK_URL`.
+Discord Delivery uses the configured credential reference in `config.yaml` and `auth.json`. If Discord Delivery is disabled or its webhook credential is missing, delivery is skipped with an explicit reason.
 
 ## Runtime configuration
 
-When the Operational CLI starts, it loads local `.env` values from the repository root if the file exists. Existing shell environment variables take precedence over `.env` values. The `.env` file is ignored by Git; use `.env.example` as the non-secret template.
-
 Installed operational paths can be adjusted through environment variables:
 
 - `DAILY_BRIEF_HOME`: user config directory. Defaults to `~/.daily-brief`.
 - `DAILY_BRIEF_DATA_HOME`: generated data directory. Defaults to `~/.daily-brief/data`.
-- `DAILY_BRIEF_DISCORD_TEMPLATE_PATH`: optional Discord notification template override. Defaults to the packaged Discord notification template.
-- `DISCORD_WEBHOOK_URL`: Discord webhook URL. If unset, Discord Delivery is skipped with an explicit reason.
 
 Model/provider and delivery configuration should normally be managed with:
 
@@ -57,7 +53,7 @@ Model/provider and delivery configuration should normally be managed with:
 daily-brief setup
 ```
 
-Secrets live in `~/.daily-brief/auth.json` or environment variables, never in `sources.yaml` or committed project files. `daily-brief setup` requires interactive input; CI and scripted environments should create the user configuration files directly under `DAILY_BRIEF_HOME`. Installed CLI configuration does not accept the faux provider; faux is reserved for tests through an explicit test-only runtime gate.
+Secrets live in `~/.daily-brief/auth.json`, never in environment variables, `sources.yaml`, `config.yaml`, or committed project files. `daily-brief setup` requires interactive input; CI and scripted environments should create the user configuration files directly under `DAILY_BRIEF_HOME`. Faux provider coverage belongs in test configuration files, not runtime environment variables.
 
 `run-once` does not archive a normal Daily Brief when every enabled Source fails or when no Source Items exist for the requested date. It reports a Core Workflow Failure instead, because a false low-signal brief would hide collection failure.
 

package/docs/user-manual.md

@@ -61,7 +61,7 @@ Agent Stages require an LLM Provider Configuration before real Daily Brief gener
 daily-brief setup
 ```
 
-Use the setup wizard to choose the provider, model, credential name, and optional login/API key storage path. The credential name is a stable label, such as `openai.default` or `env:OPENAI_API_KEY`, that lets `config.yaml` find the secret in `auth.json` or in the shell environment. Do not put secrets in `sources.yaml` or committed project files.
+Use the setup wizard to choose the provider, model, credential name, and optional login/API key storage path. The credential name is a stable label, such as `openai.default`, that lets `config.yaml` find the secret in `auth.json`. Do not put secrets in `sources.yaml`, `config.yaml`, or committed project files.
 
 ## Configure Delivery
 
@@ -102,7 +102,7 @@ Use status after setup, after manual runs, or when diagnosing failures:
 daily-brief status
 ```
 
-Status output is the operational surface for collection, analysis, archive, and delivery health.
+Status output reports setup readiness, today's run state, active paths, system timezone, and the next suggested action. It is a local inspection command: it does not refresh OAuth, call an LLM, collect Sources, or send Discord notifications.
 
 ## Paths and Environment
 
@@ -110,10 +110,8 @@ The installed CLI uses user-home paths by default:
 
 - `DAILY_BRIEF_HOME`: configuration directory, default `~/.daily-brief`.
 - `DAILY_BRIEF_DATA_HOME`: generated data directory, default `~/.daily-brief/data`.
-- `DAILY_BRIEF_DISCORD_TEMPLATE_PATH`: optional Discord notification template override.
-- `DISCORD_WEBHOOK_URL`: optional Discord webhook URL. If `config.yaml` explicitly sets `delivery.enabled: false`, delivery stays disabled even when this environment variable is present.
 
-Repository checkouts may use a local `.env`; installed usage should normally rely on setup, user configuration files, and environment-backed credential references.
+Model access, Discord delivery, Source choices, and secrets are configured through `config.yaml`, `sources.yaml`, and `auth.json`, not environment variables.
 
 ## Upgrade
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chenpengfei/daily-brief",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Agent-driven daily brief CLI for manually curated Agent architecture and AI Coding sources.",
   "private": false,
   "type": "module",