@cotal-ai/cli 0.6.0 → 0.8.0

package/dist/lib/manifest/live.js

@@ -0,0 +1,61 @@
+/**
+ * Live-mesh helpers for `cotal spawn -f` — the network half: a transient, invisible probe endpoint
+ * for reading the roster + membership feed, and the admin-tier control calls that drive the running
+ * manager's `launch` op. (Channel-registry reads use `readChannelRegistry`, which connects itself.)
+ */
+import { CotalEndpoint, CONTROL_ADMIN } from "@cotal-ai/core";
+const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+/** Connect a transient, presence-invisible endpoint (it watches the roster but doesn't register
+ *  itself) used to read live state + drive control. The caller stops it. */
+export async function connectProbe(conn) {
+    const ep = new CotalEndpoint({
+        space: conn.space,
+        servers: conn.server,
+        creds: conn.creds,
+        channels: [],
+        consume: false,
+        registerPresence: false, // an invisible probe — don't add ourselves to the roster we read
+        watchPresence: true,
+        card: { name: "spawn-f", kind: "endpoint" },
+    });
+    ep.on("error", () => { }); // a presence/control hiccup must never crash the deploy
+    await ep.start();
+    return ep;
+}
+/** Let the presence KV replay settle (roster count steady across two polls, ≤1s), then snapshot the
+ *  live peers — mirrors the dedup probe in `cotal spawn`. */
+export async function settleRoster(ep) {
+    let prev = -1;
+    for (let i = 0; i < 10; i++) {
+        await sleep(100);
+        const n = ep.getRoster().length;
+        if (n === prev)
+            break;
+        prev = n;
+    }
+    return ep.getRoster();
+}
+/** Poll the manager's control plane until it answers `ps` — it may have just been started detached,
+ *  so it needs a moment to connect + come up. Returns false on timeout. */
+export async function waitManagerReady(ep, timeoutMs = 20_000) {
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+        try {
+            const r = await ep.requestControl(CONTROL_ADMIN, { op: "ps" });
+            if (r.ok)
+                return true;
+        }
+        catch {
+            /* manager not answering yet */
+        }
+        await sleep(500);
+    }
+    return false;
+}
+/** Ask the running manager to launch one resolved agent from the run spec, on the ADMIN tier (the
+ *  `launch` op is operator-only — a spawn-capable agent must not reach it). The manager derives
+ *  `.cotal/run/<runId>.json` itself; we pass the runId, never a path. */
+export async function launchAgent(ep, runId, name) {
+    return ep.requestControl(CONTROL_ADMIN, { op: "launch", args: { runId, name } });
+}
+//# sourceMappingURL=live.js.map

package/dist/lib/manifest/live.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"live.js","sourceRoot":"","sources":["../../../src/lib/manifest/live.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAoC,MAAM,gBAAgB,CAAC;AAQhG,MAAM,KAAK,GAAG,CAAC,EAAU,EAAiB,EAAE,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAEnF;4EAC4E;AAC5E,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAc;IAC/C,MAAM,EAAE,GAAG,IAAI,aAAa,CAAC;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,OAAO,EAAE,IAAI,CAAC,MAAM;QACpB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE,KAAK;QACd,gBAAgB,EAAE,KAAK,EAAE,iEAAiE;QAC1F,aAAa,EAAE,IAAI;QACnB,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE;KAC5C,CAAC,CAAC;IACH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,wDAAwD;IAClF,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC;IACjB,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;6DAC6D;AAC7D,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAiB;IAClD,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC;QAChC,IAAI,CAAC,KAAK,IAAI;YAAE,MAAM;QACtB,IAAI,GAAG,CAAC,CAAC;IACX,CAAC;IACD,OAAO,EAAE,CAAC,SAAS,EAAE,CAAC;AACxB,CAAC;AAED;2EAC2E;AAC3E,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,EAAiB,EAAE,SAAS,GAAG,MAAM;IAC1E,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IACxC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/D,IAAI,CAAC,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;QACD,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;yEAEyE;AACzE,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,EAAiB,EAAE,KAAa,EAAE,IAAY;IAC9E,OAAO,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;AACnF,CAAC"}

package/dist/lib/manifest/model.d.ts

@@ -0,0 +1,71 @@
+/**
+ * The resolved manifest model — the typed output of the pure pipeline (parse → schema →
+ * normalize/invert → semantic), with channel-centric membership inverted into per-agent ACLs.
+ * Preflight (persona reads + the `include` merge) and the plan/apply stages consume this.
+ */
+import type { ChannelDefaults, DeliveryClass } from "@cotal-ai/core";
+export type PersonaPermissions = "reject" | "include";
+/** A channel after normalization: `allowSubscribe` defaulted to `subscribe`, dedup'd. The
+ *  registry-card fields (description/instructions/replay…) seed the channel registry verbatim. */
+export interface ResolvedChannel {
+    name: string;
+    description?: string;
+    instructions?: string;
+    /** Active read set (boot subscription). */
+    subscribe: string[];
+    /** Read ACL — may read/join. Defaults to {@link subscribe}; always a superset of it. */
+    allowSubscribe: string[];
+    /** Post ACL (default-deny: empty ⇒ nobody posts). */
+    allowPublish: string[];
+    replay?: boolean;
+    replayWindow?: string;
+    deliveryClass?: DeliveryClass;
+}
+/** Per-agent ACLs inverted from the channel membership lists — the manifest-declared access only
+ *  (a persona's own grants, under `include`, are merged on top in preflight). 1:1 with AgentDef. */
+export interface AgentPolicy {
+    subscribe: string[];
+    allowSubscribe: string[];
+    allowPublish: string[];
+}
+/** A resolved agent: its identity/behavior source (a persona file or fully inline) plus the
+ *  manifest-declared policy. Behavior fields here are the manifest's overrides; the persona
+ *  default is filled in during preflight (which reads the file). */
+export interface ResolvedAgent {
+    /** The `agents:` key — also the requested spawn name in v1. */
+    name: string;
+    /** Connector type to spawn with (agent-entry `agent:` ?? top-level `agent:`). */
+    agentType: string;
+    /** Resolved persona path (absolute), or undefined for an inline agent. */
+    persona?: string;
+    /** Manifest override of the persona's model (or the inline model). */
+    model?: string;
+    role?: string;
+    /** Manifest card blurb (override / inline). */
+    description?: string;
+    /** Manifest persona body (REPLACES the file body when set; the sole body for inline). */
+    instructions?: string;
+    /** Manifest capabilities — win over the persona's when present. */
+    capabilities?: string[];
+    /** Effective policy for THIS agent: per-agent override ?? top-level ?? "reject". */
+    personaPermissions: PersonaPermissions;
+    /** ACLs inverted from the channels this agent appears in (pre persona-merge). */
+    policy: AgentPolicy;
+}
+/** The fully resolved, validated manifest — channel-centric on disk, per-agent here. */
+export interface ResolvedManifest {
+    space: string;
+    broker?: {
+        servers?: string;
+        host?: string;
+        auth?: boolean;
+    };
+    runtime?: "pty" | "tmux" | "cmux";
+    personaPermissions: PersonaPermissions;
+    defaults?: ChannelDefaults;
+    agents: ResolvedAgent[];
+    channels: ResolvedChannel[];
+    /** Absolute path the manifest was loaded from — anchors relative persona refs + error output. */
+    sourcePath: string;
+}
+//# sourceMappingURL=model.d.ts.map

package/dist/lib/manifest/model.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"model.d.ts","sourceRoot":"","sources":["../../../src/lib/manifest/model.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAErE,MAAM,MAAM,kBAAkB,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEtD;kGACkG;AAClG,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,wFAAwF;IACxF,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,qDAAqD;IACrD,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B;AAED;oGACoG;AACpG,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;oEAEoE;AACpE,MAAM,WAAW,aAAa;IAC5B,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,iFAAiF;IACjF,SAAS,EAAE,MAAM,CAAC;IAClB,0EAA0E;IAC1E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sEAAsE;IACtE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yFAAyF;IACzF,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,oFAAoF;IACpF,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,iFAAiF;IACjF,MAAM,EAAE,WAAW,CAAC;CACrB;AAED,wFAAwF;AACxF,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC7D,OAAO,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,iGAAiG;IACjG,UAAU,EAAE,MAAM,CAAC;CACpB"}

package/dist/lib/manifest/model.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=model.js.map

package/dist/lib/manifest/model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"model.js","sourceRoot":"","sources":["../../../src/lib/manifest/model.ts"],"names":[],"mappings":""}

package/dist/lib/manifest/preflight.d.ts

@@ -0,0 +1,12 @@
+import type { ResolvedManifest } from "./model.js";
+import { type AgentWarning, type PreparedAgent } from "./prepare.js";
+export interface PreparedManifest {
+    manifest: ResolvedManifest;
+    agents: PreparedAgent[];
+    /** Non-fatal diagnostics to render in dry-run / topology view. */
+    warnings: AgentWarning[];
+}
+/** Read personas + merge. Behavior defaults always come from the file (under both policies); only
+ *  the persona's *permissions* are gated by `personaPermissions`. */
+export declare function preparePersonas(manifest: ResolvedManifest): PreparedManifest;
+//# sourceMappingURL=preflight.d.ts.map

package/dist/lib/manifest/preflight.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preflight.d.ts","sourceRoot":"","sources":["../../../src/lib/manifest/preflight.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAgB,KAAK,YAAY,EAAE,KAAK,aAAa,EAAE,MAAM,cAAc,CAAC;AAGnF,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,kEAAkE;IAClE,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B;AAED;qEACqE;AACrE,wBAAgB,eAAe,CAAC,QAAQ,EAAE,gBAAgB,GAAG,gBAAgB,CA4B5E"}

package/dist/lib/manifest/preflight.js

@@ -0,0 +1,43 @@
+/**
+ * Preflight — the I/O half of resolution: read each agent's persona file and merge it with the
+ * manifest (via the pure {@link prepareAgent}). Returns the launch-ready {@link PreparedManifest}
+ * (agents + diagnostics) or throws {@link ManifestError} with every persona problem located.
+ *
+ * Live checks that need the network (broker reachability for `up -f` vs `spawn -f`) or the connector
+ * registry stay in the command wiring; this is the fail-fast, file-level half.
+ */
+import { loadAgentFile } from "@cotal-ai/core";
+import { prepareAgent } from "./prepare.js";
+import { ManifestError } from "./errors.js";
+/** Read personas + merge. Behavior defaults always come from the file (under both policies); only
+ *  the persona's *permissions* are gated by `personaPermissions`. */
+export function preparePersonas(manifest) {
+    const declared = new Set(manifest.channels.map((c) => c.name));
+    const issues = [];
+    const warnings = [];
+    const agents = [];
+    for (const a of manifest.agents) {
+        let persona;
+        if (a.persona) {
+            try {
+                persona = loadAgentFile(a.persona);
+            }
+            catch (e) {
+                const code = e.code;
+                issues.push({
+                    message: code === "ENOENT" ? `persona file not found: ${a.persona}` : e.message,
+                    path: ["agents", a.name],
+                });
+                continue;
+            }
+        }
+        const r = prepareAgent(a, persona, declared);
+        issues.push(...r.issues);
+        warnings.push(...r.warnings);
+        agents.push(r.prepared);
+    }
+    if (issues.length)
+        throw new ManifestError(manifest.sourcePath, issues);
+    return { manifest, agents, warnings };
+}
+//# sourceMappingURL=preflight.js.map

package/dist/lib/manifest/preflight.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"preflight.js","sourceRoot":"","sources":["../../../src/lib/manifest/preflight.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,aAAa,EAAiB,MAAM,gBAAgB,CAAC;AAE9D,OAAO,EAAE,YAAY,EAAyC,MAAM,cAAc,CAAC;AACnF,OAAO,EAAE,aAAa,EAAsB,MAAM,aAAa,CAAC;AAShE;qEACqE;AACrE,MAAM,UAAU,eAAe,CAAC,QAA0B;IACxD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QAChC,IAAI,OAA6B,CAAC;QAClC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,IAAI,CAAC;gBACH,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,GAAI,CAA2B,CAAC,IAAI,CAAC;gBAC/C,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAE,CAAW,CAAC,OAAO;oBAC1F,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC;iBACzB,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;QACH,CAAC;QACD,MAAM,CAAC,GAAG,YAAY,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,MAAM,CAAC,MAAM;QAAE,MAAM,IAAI,aAAa,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACxE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AACxC,CAAC"}

package/dist/lib/manifest/prepare.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Prepare stage — resolve each agent's effective launch identity + ACLs by merging its persona
+ * (read from disk) with the manifest. Pure: it takes already-loaded {@link AgentDef}s so it stays
+ * unit-testable; the fs/live I/O lives in {@link ./preflight.js}.
+ *
+ * Behavior fields (model/role/description/body) are persona-default + manifest-override. Access is
+ * governed by {@link PersonaPermissions}: under `reject` the manifest is the sole source; under
+ * `include` a persona's own grants are inherited **only for channels the manifest does not declare**
+ * (one authority per channel), concrete-only (wildcards rejected), and surfaced loudly.
+ */
+import { type AgentDef } from "@cotal-ai/core";
+import type { AgentPolicy, ResolvedAgent } from "./model.js";
+import type { ManifestIssue } from "./errors.js";
+/** Persona grants that fall outside the manifest's channels (unmanaged credential scopes) + the
+ *  capabilities inherited from the persona — the data the loud dry-run section renders. */
+export interface InheritedScopes {
+    subscribe: string[];
+    allowSubscribe: string[];
+    allowPublish: string[];
+    capabilities: string[];
+}
+/** A non-fatal diagnostic to surface in dry-run / topology view. `loud` = call it out prominently
+ *  (e.g. an agent with capabilities but no channel access). */
+export interface AgentWarning {
+    agent: string;
+    message: string;
+    loud?: boolean;
+}
+/** The fully resolved launch form for one agent — what the spawn path needs. */
+export interface PreparedAgent {
+    name: string;
+    agentType: string;
+    /** Persona file path (or undefined for an inline agent). */
+    persona?: string;
+    /** Effective values (manifest override ?? persona default). */
+    model?: string;
+    role?: string;
+    description?: string;
+    /** Effective persona body (manifest `instructions` REPLACES the file body; sole body for inline). */
+    body?: string;
+    /** Effective merged capabilities. */
+    capabilities: string[];
+    capabilitySource: "manifest" | "persona" | "none";
+    /** Effective merged per-channel ACLs (manifest + persona-undeclared under `include`). */
+    policy: AgentPolicy;
+    /** Persona grants outside manifest channels + inherited caps (empty under `reject`/inline). */
+    inherited: InheritedScopes;
+}
+export interface PreparedResult {
+    prepared: PreparedAgent;
+    issues: ManifestIssue[];
+    warnings: AgentWarning[];
+}
+/** Merge one resolved agent with its (optional) loaded persona, given the set of channel names the
+ *  manifest declares. Returns the launch form plus any errors/warnings. */
+export declare function prepareAgent(agent: ResolvedAgent, persona: AgentDef | undefined, declared: Set<string>): PreparedResult;
+//# sourceMappingURL=prepare.d.ts.map

package/dist/lib/manifest/prepare.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prepare.d.ts","sourceRoot":"","sources":["../../../src/lib/manifest/prepare.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAqB,KAAK,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAClE,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEjD;2FAC2F;AAC3F,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;+DAC+D;AAC/D,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,gFAAgF;AAChF,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,4DAA4D;IAC5D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qGAAqG;IACrG,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,gBAAgB,EAAE,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;IAClD,yFAAyF;IACzF,MAAM,EAAE,WAAW,CAAC;IACpB,+FAA+F;IAC/F,SAAS,EAAE,eAAe,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,aAAa,CAAC;IACxB,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B;AAED;2EAC2E;AAC3E,wBAAgB,YAAY,CAAC,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,GAAG,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,cAAc,CAqFvH"}

package/dist/lib/manifest/prepare.js

@@ -0,0 +1,95 @@
+/**
+ * Prepare stage — resolve each agent's effective launch identity + ACLs by merging its persona
+ * (read from disk) with the manifest. Pure: it takes already-loaded {@link AgentDef}s so it stays
+ * unit-testable; the fs/live I/O lives in {@link ./preflight.js}.
+ *
+ * Behavior fields (model/role/description/body) are persona-default + manifest-override. Access is
+ * governed by {@link PersonaPermissions}: under `reject` the manifest is the sole source; under
+ * `include` a persona's own grants are inherited **only for channels the manifest does not declare**
+ * (one authority per channel), concrete-only (wildcards rejected), and surfaced loudly.
+ */
+import { isConcreteChannel } from "@cotal-ai/core";
+/** Merge one resolved agent with its (optional) loaded persona, given the set of channel names the
+ *  manifest declares. Returns the launch form plus any errors/warnings. */
+export function prepareAgent(agent, persona, declared) {
+    const issues = [];
+    const warnings = [];
+    const at = ["agents", agent.name];
+    // Behavior: persona default, manifest override wins. Inline `instructions` REPLACE the body.
+    const model = agent.model ?? persona?.model;
+    const role = agent.role ?? persona?.role;
+    const description = agent.description ?? persona?.description;
+    const body = agent.instructions ?? persona?.persona;
+    // Capabilities: manifest wins; else inherited from the persona only under `include`.
+    let capabilities = [];
+    let capabilitySource = "none";
+    if (agent.capabilities?.length) {
+        capabilities = [...agent.capabilities];
+        capabilitySource = "manifest";
+    }
+    else if (agent.personaPermissions === "include" && persona?.capabilities?.length) {
+        capabilities = [...persona.capabilities];
+        capabilitySource = "persona";
+    }
+    // Access. Start from the manifest-inverted policy (all its channels are declared by construction).
+    const policy = {
+        subscribe: [...agent.policy.subscribe],
+        allowSubscribe: [...agent.policy.allowSubscribe],
+        allowPublish: [...agent.policy.allowPublish],
+    };
+    const inherited = { subscribe: [], allowSubscribe: [], allowPublish: [], capabilities: [] };
+    if (agent.personaPermissions === "include" && persona) {
+        const personaAllowSub = persona.allowSubscribe ?? persona.subscribe ?? [];
+        // Reject persona WILDCARD grants in v1 (they'd re-introduce wildcards via the persona file and
+        // break the per-channel partition).
+        for (const [field, list] of [["subscribe", persona.subscribe], ["allowSubscribe", personaAllowSub], ["allowPublish", persona.allowPublish]])
+            for (const ch of list ?? [])
+                if (!isConcreteChannel(ch))
+                    issues.push({ message: `persona ${field} "${ch}" is a wildcard — not supported in v1 (declare concrete channels)`, path: at });
+        // Persona grants apply ONLY to channels the manifest does not declare (manifest owns its own).
+        const undeclared = (list) => (list ?? []).filter((c) => isConcreteChannel(c) && !declared.has(c));
+        inherited.subscribe = undeclared(persona.subscribe);
+        inherited.allowSubscribe = undeclared(personaAllowSub);
+        inherited.allowPublish = undeclared(persona.allowPublish);
+        inherited.capabilities = capabilitySource === "persona" ? capabilities : [];
+        policy.subscribe = dedupe([...policy.subscribe, ...inherited.subscribe]);
+        policy.allowSubscribe = dedupe([...policy.allowSubscribe, ...inherited.allowSubscribe]);
+        policy.allowPublish = dedupe([...policy.allowPublish, ...inherited.allowPublish]);
+    }
+    // Defensive: the merged read set must stay within the merged read ACL.
+    const missing = policy.subscribe.filter((c) => !policy.allowSubscribe.includes(c));
+    if (missing.length)
+        issues.push({ message: `merged subscribe [${missing.join(", ")}] not within allowSubscribe`, path: at });
+    // Warn on an agent the manifest declares but never grants channel access — likely a typo, but
+    // valid (a DM/control-only peer). Loud when it nonetheless carries capabilities.
+    const noAccess = !policy.subscribe.length && !policy.allowSubscribe.length && !policy.allowPublish.length;
+    if (noAccess)
+        warnings.push({
+            agent: agent.name,
+            loud: capabilities.length > 0,
+            message: capabilities.length
+                ? `declared with capabilities [${capabilities.join(", ")}] but NO channel access (DM/control-only — a powerful non-channel grant)`
+                : `declared but has no channel access from the manifest (DM/control-only unless a persona under \`include\` grants scopes)`,
+        });
+    return {
+        prepared: {
+            name: agent.name,
+            agentType: agent.agentType,
+            persona: agent.persona,
+            model,
+            role,
+            description,
+            body,
+            capabilities,
+            capabilitySource,
+            policy,
+            inherited,
+        },
+        issues,
+        warnings,
+    };
+}
+function dedupe(xs) {
+    return [...new Set(xs)];
+}
+//# sourceMappingURL=prepare.js.map

package/dist/lib/manifest/prepare.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prepare.js","sourceRoot":"","sources":["../../../src/lib/manifest/prepare.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,iBAAiB,EAAiB,MAAM,gBAAgB,CAAC;AAgDlE;2EAC2E;AAC3E,MAAM,UAAU,YAAY,CAAC,KAAoB,EAAE,OAA6B,EAAE,QAAqB;IACrG,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,EAAE,GAAwB,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAEvD,6FAA6F;IAC7F,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,OAAO,EAAE,KAAK,CAAC;IAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,OAAO,EAAE,IAAI,CAAC;IACzC,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,OAAO,EAAE,WAAW,CAAC;IAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,IAAI,OAAO,EAAE,OAAO,CAAC;IAEpD,qFAAqF;IACrF,IAAI,YAAY,GAAa,EAAE,CAAC;IAChC,IAAI,gBAAgB,GAAsC,MAAM,CAAC;IACjE,IAAI,KAAK,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;QAC/B,YAAY,GAAG,CAAC,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;QACvC,gBAAgB,GAAG,UAAU,CAAC;IAChC,CAAC;SAAM,IAAI,KAAK,CAAC,kBAAkB,KAAK,SAAS,IAAI,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;QACnF,YAAY,GAAG,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;QACzC,gBAAgB,GAAG,SAAS,CAAC;IAC/B,CAAC;IAED,mGAAmG;IACnG,MAAM,MAAM,GAAgB;QAC1B,SAAS,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,cAAc,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC;QAChD,YAAY,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC;KAC7C,CAAC;IACF,MAAM,SAAS,GAAoB,EAAE,SAAS,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;IAE7G,IAAI,KAAK,CAAC,kBAAkB,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC;QACtD,MAAM,eAAe,GAAG,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;QAC1E,+FAA+F;QAC/F,oCAAoC;QACpC,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,OAAO,CAAC,YAAY,CAAC,CAAU;YAClJ,KAAK,MAAM,EAAE,IAAI,IAAI,IAAI,EAAE;gBACzB,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBACxB,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,KAAK,KAAK,EAAE,mEAAmE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAErI,+FAA+F;QAC/F,MAAM,UAAU,GAAG,CAAC,IAA0B,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxH,SAAS,CAAC,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACpD,SAAS,CAAC,cAAc,GAAG,UAAU,CAAC,eAAe,CAAC,CAAC;QACvD,SAAS,CAAC,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,SAAS,CAAC,YAAY,GAAG,gBAAgB,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5E,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;QACzE,MAAM,CAAC,cAAc,GAAG,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,cAAc,EAAE,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC;QACxF,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,YAAY,EAAE,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,uEAAuE;IACvE,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACnF,IAAI,OAAO,CAAC,MAAM;QAChB,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,qBAAqB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAE3G,8FAA8F;IAC9F,iFAAiF;IACjF,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC;IAC1G,IAAI,QAAQ;QACV,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,KAAK,CAAC,IAAI;YACjB,IAAI,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC;YAC7B,OAAO,EAAE,YAAY,CAAC,MAAM;gBAC1B,CAAC,CAAC,+BAA+B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,0EAA0E;gBAClI,CAAC,CAAC,yHAAyH;SAC9H,CAAC,CAAC;IAEL,OAAO;QACL,QAAQ,EAAE;YACR,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,KAAK;YACL,IAAI;YACJ,WAAW;YACX,IAAI;YACJ,YAAY;YACZ,gBAAgB;YAChB,MAAM;YACN,SAAS;SACV;QACD,MAAM;QACN,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,SAAS,MAAM,CAAI,EAAO;IACxB,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1B,CAAC"}

package/dist/lib/manifest/render.d.ts

@@ -0,0 +1,41 @@
+import type { PreparedManifest } from "./preflight.js";
+import type { AgentWarning } from "./prepare.js";
+import type { AgentPlan, ChannelPlan, UnmanagedReport } from "./spawn-plan.js";
+/** The full `topology view`: header, channel access, agent access, persona-inherited scopes, warnings. */
+export declare function renderTopology(p: PreparedManifest): string;
+/** The `cotal up -f --dry-run` plan: a fresh mesh creates everything, so the grouping is simply
+ *  "will create" — broker + channels + agents — followed by the full access view. Mutates nothing. */
+export declare function renderUpPlan(p: PreparedManifest, server: string): string;
+/** The loud "persona grants outside manifest channels" section — unmanaged credential scopes that
+ *  an old persona ref drags in under `personaPermissions: include`. Returns "" when there are none. */
+export declare function renderInherited(p: PreparedManifest): string;
+/** Render the non-fatal warnings (empty-ACL agents, loud when they carry capabilities). */
+export declare function renderWarnings(warnings: AgentWarning[]): string;
+/** The `cotal spawn -f` plan / `--dry-run`: deploy onto a RUNNING mesh. Groups channels and agents
+ *  by disposition (create / exists-unmanaged / owned · will-create / already-owned / stale), then the
+ *  SECURITY block + persona-inherited access. Creation-only — an existing unmanaged card is shown
+ *  desired-vs-live, never patched. */
+export declare function renderSpawnPlan(p: PreparedManifest, channels: ChannelPlan, agents: AgentPlan, unmanaged: UnmanagedReport, ctx: {
+    server: string;
+    runId: string;
+    dryRun: boolean;
+}): string;
+/** The SECURITY block: unmanaged actors observed with read access to a manifest-declared channel —
+ *  an isolation conflict on the shared mesh — phrased as an explicit LOWER BOUND (presence + the
+ *  broker membership feed; live-only core subscriptions aren't observable when the feed is absent).
+ *  Returns "" only when there's nothing to say AND the feed was readable. */
+export declare function renderUnmanaged(u: UnmanagedReport): string;
+/** Post-apply summary for `cotal spawn -f`: what was created/launched, what was left untouched, the
+ *  SECURITY block, and the exact ownership-scoped teardown command + ledger path. */
+export declare function renderSpawnSummary(ctx: {
+    space: string;
+    server: string;
+    runId: string;
+    ledgerPath: string;
+    manifestPath: string;
+    created: string[];
+    launched: string[];
+    existsUnmanaged: string[];
+    unmanaged: UnmanagedReport;
+}): string;
+//# sourceMappingURL=render.d.ts.map

package/dist/lib/manifest/render.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"render.d.ts","sourceRoot":"","sources":["../../../src/lib/manifest/render.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAU/E,0GAA0G;AAC1G,wBAAgB,cAAc,CAAC,CAAC,EAAE,gBAAgB,GAAG,MAAM,CAwC1D;AAED;sGACsG;AACtG,wBAAgB,YAAY,CAAC,CAAC,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAWxE;AAED;uGACuG;AACvG,wBAAgB,eAAe,CAAC,CAAC,EAAE,gBAAgB,GAAG,MAAM,CAqB3D;AAED,2FAA2F;AAC3F,wBAAgB,cAAc,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,CAG/D;AAED;;;sCAGsC;AACtC,wBAAgB,eAAe,CAC7B,CAAC,EAAE,gBAAgB,EACnB,QAAQ,EAAE,WAAW,EACrB,MAAM,EAAE,SAAS,EACjB,SAAS,EAAE,eAAe,EAC1B,GAAG,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,GACtD,MAAM,CA+BR;AAED;;;6EAG6E;AAC7E,wBAAgB,eAAe,CAAC,CAAC,EAAE,eAAe,GAAG,MAAM,CAmB1D;AAED;qFACqF;AACrF,wBAAgB,kBAAkB,CAAC,GAAG,EAAE;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,SAAS,EAAE,eAAe,CAAC;CAC5B,GAAG,MAAM,CAWT"}

package/dist/lib/manifest/render.js

@@ -0,0 +1,177 @@
+/**
+ * Human-readable rendering of a prepared manifest — the `cotal topology view` output and the shared
+ * pieces of `--dry-run`. The native verbs get humane labels here so the field names aren't the only
+ * explanation (UX): `subscribe (auto-listens at boot)` etc. No mutation, no live state.
+ */
+import { c } from "../../ui.js";
+const LABEL = {
+    subscribe: "subscribe (auto-listens at boot)",
+    allowSubscribe: "allowSubscribe (may read/join)",
+    allowPublish: "allowPublish (may post)",
+};
+const list = (xs) => (xs.length ? xs.join(", ") : c.dim("(none)"));
+/** The full `topology view`: header, channel access, agent access, persona-inherited scopes, warnings. */
+export function renderTopology(p) {
+    const m = p.manifest;
+    const out = [];
+    const broker = m.broker?.servers ?? "fresh local broker";
+    out.push(c.bold(`Mesh "${m.space}"`) +
+        c.dim(`  (broker: ${broker} · runtime ${m.runtime ?? "pty"} · personaPermissions: ${m.personaPermissions})`));
+    // Channels — who subscribes / may read / may post (agent names).
+    out.push("", c.bold(`Channels (${m.channels.length})`));
+    for (const ch of m.channels) {
+        out.push(`  ${c.cyan("#" + ch.name)}${ch.description ? c.dim("  " + ch.description) : ""}`);
+        out.push(`      ${c.dim(LABEL.subscribe + ":")}      ${list(ch.subscribe)}`);
+        out.push(`      ${c.dim(LABEL.allowSubscribe + ":")}    ${list(ch.allowSubscribe)}`);
+        out.push(`      ${c.dim(LABEL.allowPublish + ":")}      ${list(ch.allowPublish)}`);
+        if (ch.instructions)
+            out.push(`      ${c.dim("instructions: " + ch.instructions)}`);
+    }
+    // Agents — effective merged access (manifest + any persona-inherited under `include`).
+    out.push("", c.bold(`Agents (${p.agents.length})`));
+    for (const a of p.agents) {
+        const src = a.persona ? `persona ${a.persona}` : "inline";
+        const meta = [a.agentType, a.model ? `model ${a.model}` : undefined, a.role ? `role ${a.role}` : undefined]
+            .filter(Boolean)
+            .join(" · ");
+        out.push(`  ${c.bold(a.name)}  ${c.dim(meta + " · " + src)}`);
+        out.push(`      ${c.dim(LABEL.subscribe + ":")}      ${list(a.policy.subscribe)}`);
+        out.push(`      ${c.dim(LABEL.allowSubscribe + ":")}    ${list(a.policy.allowSubscribe)}`);
+        out.push(`      ${c.dim(LABEL.allowPublish + ":")}      ${list(a.policy.allowPublish)}`);
+        if (a.capabilities.length)
+            out.push(`      ${c.dim("capabilities:")}      ${a.capabilities.join(", ")}${a.capabilitySource === "persona" ? c.dim(" (persona-inherited)") : ""}`);
+    }
+    const inherited = renderInherited(p);
+    if (inherited)
+        out.push("", inherited);
+    if (p.warnings.length)
+        out.push("", renderWarnings(p.warnings));
+    return out.join("\n");
+}
+/** The `cotal up -f --dry-run` plan: a fresh mesh creates everything, so the grouping is simply
+ *  "will create" — broker + channels + agents — followed by the full access view. Mutates nothing. */
+export function renderUpPlan(p, server) {
+    const m = p.manifest;
+    const head = [
+        c.bold("Plan — cotal up -f (fresh mesh)"),
+        c.bold("Will create:"),
+        `  ${c.green("+")} broker + space ${c.cyan(`"${m.space}"`)} at ${server}`,
+        `  ${c.green("+")} ${m.channels.length} channel(s): ${m.channels.map((ch) => c.cyan("#" + ch.name)).join(", ")}`,
+        `  ${c.green("+")} ${p.agents.length} agent(s): ${p.agents.map((a) => a.name).join(", ")}`,
+        "",
+    ].join("\n");
+    return `${head}${renderTopology(p)}\n\n${c.dim("Dry run — nothing was changed. Re-run without --dry-run to apply.")}`;
+}
+/** The loud "persona grants outside manifest channels" section — unmanaged credential scopes that
+ *  an old persona ref drags in under `personaPermissions: include`. Returns "" when there are none. */
+export function renderInherited(p) {
+    const rows = [];
+    for (const a of p.agents) {
+        const i = a.inherited;
+        const hasAcl = i.subscribe.length || i.allowSubscribe.length || i.allowPublish.length;
+        if (!hasAcl && !i.capabilities.length)
+            continue;
+        // Capabilities first — they are NOT channel-scoped (spawn/tool power), so they're easiest to miss
+        // and most security-significant (security review, round-8).
+        if (i.capabilities.length)
+            rows.push(`  ${c.yellow("‼")} ${c.bold(a.name)} capabilities: ${i.capabilities.join(", ")}  ${c.dim(`(persona ${a.persona} — not channel-scoped)`)}`);
+        if (hasAcl) {
+            const parts = [
+                i.subscribe.length ? `subscribe ${i.subscribe.join(",")}` : "",
+                i.allowSubscribe.length ? `read ${i.allowSubscribe.join(",")}` : "",
+                i.allowPublish.length ? `post ${i.allowPublish.join(",")}` : "",
+            ].filter(Boolean);
+            rows.push(`  ${c.bold(a.name)} → ${parts.join(" · ")}  ${c.dim(`(persona ${a.persona} · unmanaged by manifest, no card)`)}`);
+        }
+    }
+    if (!rows.length)
+        return "";
+    return [c.yellow(c.bold("⚠ Persona-inherited access + capabilities outside manifest channels")), ...rows].join("\n");
+}
+/** Render the non-fatal warnings (empty-ACL agents, loud when they carry capabilities). */
+export function renderWarnings(warnings) {
+    const rows = warnings.map((w) => `  ${w.loud ? c.yellow("‼") : c.dim("•")} ${c.bold(w.agent)}: ${w.message}`);
+    return [c.yellow(c.bold(`⚠ Warnings (${warnings.length})`)), ...rows].join("\n");
+}
+/** The `cotal spawn -f` plan / `--dry-run`: deploy onto a RUNNING mesh. Groups channels and agents
+ *  by disposition (create / exists-unmanaged / owned · will-create / already-owned / stale), then the
+ *  SECURITY block + persona-inherited access. Creation-only — an existing unmanaged card is shown
+ *  desired-vs-live, never patched. */
+export function renderSpawnPlan(p, channels, agents, unmanaged, ctx) {
+    const out = [c.bold(`Plan — cotal spawn -f (deploy onto running mesh ${ctx.server})`)];
+    out.push("", c.bold("Channels:"));
+    for (const ch of channels.create)
+        out.push(`  ${c.green("+")} create ${c.cyan("#" + ch.name)} ${c.dim("(seed + own)")}`);
+    for (const { channel, live } of channels.existsUnmanaged) {
+        out.push(`  ${c.yellow("~")} ${c.cyan("#" + channel.name)} ${c.yellow("exists — unmanaged")} ${c.dim("(card left untouched)")}`);
+        if ((channel.description ?? "") !== (live.description ?? ""))
+            out.push(`      ${c.dim(`desired: ${channel.description ?? "(none)"}  ·  live: ${live.description ?? "(none)"}`)}`);
+        if ((channel.instructions ?? "") !== (live.instructions ?? ""))
+            out.push(`      ${c.dim(`desired instructions differ from live — not applied (use a future --patch flag)`)}`);
+    }
+    for (const ch of channels.owned)
+        out.push(`  ${c.dim("=")} ${c.cyan("#" + ch.name)} ${c.dim("(already owned by this run)")}`);
+    if (!channels.create.length && !channels.existsUnmanaged.length && !channels.owned.length)
+        out.push(`  ${c.dim("(none)")}`);
+    out.push("", c.bold("Agents:"));
+    for (const e of agents.willCreate)
+        out.push(`  ${c.green("+")} ${c.bold(e.agent.name)} ${c.dim(`${e.agent.agentType} — will launch`)}`);
+    for (const e of agents.alreadyOwned)
+        out.push(`  ${c.dim("=")} ${c.bold(e.agent.name)} ${c.dim(`(already running as ${e.prior?.name} — no-op)`)}`);
+    for (const e of agents.stale)
+        out.push(`  ${c.yellow("!")} ${c.bold(e.agent.name)} ${c.yellow("stale — restart required")} ` +
+            c.dim(`(${e.prior?.name}: hash ${e.prior?.hash.slice(0, 8)} → ${e.hash.slice(0, 8)}${e.running ? "" : ", not running"})`));
+    if (!agents.entries.length)
+        out.push(`  ${c.dim("(none)")}`);
+    const sec = renderUnmanaged(unmanaged);
+    if (sec)
+        out.push("", sec);
+    const inherited = renderInherited(p);
+    if (inherited)
+        out.push("", inherited);
+    if (ctx.dryRun)
+        out.push("", c.dim(`Dry run — nothing was changed. Run ${ctx.runId} not written. Re-run without --dry-run to apply.`));
+    return out.join("\n");
+}
+/** The SECURITY block: unmanaged actors observed with read access to a manifest-declared channel —
+ *  an isolation conflict on the shared mesh — phrased as an explicit LOWER BOUND (presence + the
+ *  broker membership feed; live-only core subscriptions aren't observable when the feed is absent).
+ *  Returns "" only when there's nothing to say AND the feed was readable. */
+export function renderUnmanaged(u) {
+    const rows = [];
+    for (const ce of u.perChannel) {
+        const who = ce.actors.map((a) => `${a.name ?? a.id.slice(0, 8)} (${a.via})`).join(", ");
+        rows.push(`  ${c.red("‼")} ${c.cyan("#" + ce.channel)}: unmanaged ${who}`);
+    }
+    const caveat = u.feedAvailable
+        ? c.dim(`  detected via presence + membership feed (asOf ${new Date(u.asOf).toISOString()}); live-only core subscriptions are a lower bound`)
+        : c.dim("  membership feed unavailable — detection is PRESENCE-ONLY (a lower bound; channel membership/live subscriptions not observable)");
+    // Show the block when there are conflicts, or when the feed was unavailable (so an empty result is
+    // never mistaken for "provably isolated").
+    if (!rows.length && u.feedAvailable) {
+        return u.presentUnowned.length
+            ? c.dim(`note: ${u.presentUnowned.length} unmanaged peer(s) present on the mesh; none on a declared channel (${caveat.trim()})`)
+            : "";
+    }
+    const head = c.red(c.bold("⚠ SECURITY — unmanaged actors with access to declared channels"));
+    const tail = u.presentUnowned.length ? [c.dim(`  (${u.presentUnowned.length} unmanaged peer(s) present on the mesh in total)`)] : [];
+    return [head, ...rows, caveat, ...tail].join("\n");
+}
+/** Post-apply summary for `cotal spawn -f`: what was created/launched, what was left untouched, the
+ *  SECURITY block, and the exact ownership-scoped teardown command + ledger path. */
+export function renderSpawnSummary(ctx) {
+    const out = [c.green(`✓ deployed onto "${ctx.space}" (${ctx.server})`)];
+    if (ctx.created.length)
+        out.push(`  ${c.green("+")} created ${ctx.created.length} channel(s): ${ctx.created.map((n) => c.cyan("#" + n)).join(", ")}`);
+    if (ctx.launched.length)
+        out.push(`  ${c.green("+")} launched ${ctx.launched.length} agent(s): ${ctx.launched.join(", ")}`);
+    if (ctx.existsUnmanaged.length)
+        out.push(`  ${c.yellow("~")} left ${ctx.existsUnmanaged.length} existing channel(s) untouched: ${ctx.existsUnmanaged.map((n) => c.cyan("#" + n)).join(", ")}`);
+    const sec = renderUnmanaged(ctx.unmanaged);
+    if (sec)
+        out.push("", sec);
+    out.push("", c.dim(`Run ${ctx.runId} · ledger ${ctx.ledgerPath}`));
+    out.push(c.dim(`Tear down ONLY this deploy: `) + `cotal down -f ${ctx.manifestPath} --run ${ctx.runId}`);
+    return out.join("\n");
+}
+//# sourceMappingURL=render.js.map