npm - @kbediako/codex-orchestrator - Versions diffs - 0.1.37 → 0.2.0 - Mend

@kbediako/codex-orchestrator 0.1.37 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (302) hide show

package/dist/orchestrator/src/cli/services/runPreparation.js CHANGED Viewed

@@ -3,9 +3,11 @@ import { CommandPlanner } from '../adapters/index.js';
 import { PipelineResolver } from './pipelineResolver.js';
 import { sanitizeTaskId } from '../run/environment.js';
 import { loadTaskMetadata } from '../tasks/taskMetadata.js';
+import { loadPromptPackMetadata } from '../../../../packages/orchestrator/src/instructions/promptPacks.js';
 import { resolvePipeline } from '../pipelines/index.js';
 import { findPipeline } from '../config/userConfig.js';
 import { logger } from '../../logger.js';
+import { buildTaskMemoryContext } from './plannerMemory.js';
 export function overrideTaskEnvironment(baseEnv, taskId) {
     if (!taskId) {
         return { ...baseEnv };
@@ -44,7 +46,8 @@ export async function prepareRun(options) {
     logger.info(`prepareRun resolved pipeline ${resolvedPipeline.pipeline.id}`);
     const metadata = await loadTaskMetadata(env);
     logger.info(`prepareRun loaded metadata for task ${metadata.id}`);
-    const taskContext = createTaskContext(metadata);
+    const promptPackMetadata = await loadPromptPackMetadata(env.repoRoot);
+    const taskContext = createTaskContext(metadata, buildTaskMemoryContext(promptPackMetadata));
     const targetId = resolveTargetStageId(options.targetStageId, options.planTargetFallback ?? null);
     const planner = options.planner ?? new CommandPlanner(resolvedPipeline.pipeline, { targetStageId: targetId });
     logger.info(`prepareRun running planner for pipeline ${resolvedPipeline.pipeline.id}`);
@@ -80,13 +83,14 @@ export function resolvePipelineForResume(env, manifest, config, fallbackConfig =
     const { pipeline } = resolvePipeline(env, { pipelineId: manifest.pipeline_id, config });
     return pipeline;
 }
-export function createTaskContext(metadata) {
+export function createTaskContext(metadata, memory = buildTaskMemoryContext([])) {
     return {
         id: metadata.id,
         title: metadata.title,
         description: undefined,
         metadata: {
             slug: metadata.slug
-        }
+        },
+        memory
     };
 }

package/dist/orchestrator/src/cli/services/runSummaryWriter.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { join } from 'node:path';
+import { materializeRunBlockMemory } from '../run/blockMemory.js';
 import { relativeToRepo } from '../run/runPaths.js';
 import { writeJsonAtomic } from '../utils/fs.js';
 import { persistManifest } from '../run/manifestPersister.js';
@@ -102,5 +103,13 @@ export async function persistRunSummary(env, paths, manifest, runSummary, persis
     const summaryPath = join(paths.runDir, 'run-summary.json');
     await writeJsonAtomic(summaryPath, runSummary);
     manifest.run_summary_path = relativeToRepo(env, summaryPath);
+    manifest.memory = {
+        ...(manifest.memory ?? {}),
+        ...(await materializeRunBlockMemory({
+            env,
+            paths,
+            manifest
+        }))
+    };
     await persistManifest(paths, manifest, persister, { force: true });
 }

package/dist/orchestrator/src/cli/setupBootstrapShell.js ADDED Viewed

@@ -0,0 +1,114 @@
+/* eslint-disable patterns/prefer-logger-over-console */
+import { formatDevtoolsSetupSummary, runDevtoolsSetup } from './devtoolsSetup.js';
+import { formatDelegationSetupSummary, runDelegationSetup } from './delegationSetup.js';
+import { buildCommandPreview } from './utils/commandPreview.js';
+import { formatSkillsInstallSummary, installSkills, listBundledSkills } from './skills.js';
+const DEFAULT_DEPENDENCIES = {
+    buildCommandPreview,
+    listBundledSkills,
+    installSkills,
+    runDelegationSetup,
+    runDevtoolsSetup,
+    formatSkillsInstallSummary,
+    formatDelegationSetupSummary,
+    formatDevtoolsSetupSummary,
+    log: (line) => console.log(line)
+};
+export async function runSetupBootstrapShell(params, overrides = {}) {
+    const dependencies = { ...DEFAULT_DEPENDENCIES, ...overrides };
+    const delegationCommandPreview = params.repoFlag
+        ? dependencies.buildCommandPreview('codex-orchestrator', ['delegation', 'setup', '--yes', '--repo', params.repoFlag])
+        : 'codex-orchestrator delegation setup --yes';
+    const bundledSkills = await dependencies.listBundledSkills();
+    if (bundledSkills.length === 0) {
+        throw new Error('No bundled skills detected; cannot run setup.');
+    }
+    const guidance = buildSetupGuidance();
+    if (!params.apply) {
+        const installCommand = `codex-orchestrator skills install ${params.refreshSkills ? '--force ' : ''}--only ${bundledSkills.join(',')}`;
+        const skillsNote = params.refreshSkills
+            ? 'Installs bundled skills into $CODEX_HOME/skills with overwrite enabled via --refresh-skills.'
+            : 'Installs bundled skills into $CODEX_HOME/skills without overwriting existing files by default. Add --refresh-skills to force overwrite.';
+        const delegation = await dependencies.runDelegationSetup({ repoRoot: params.repoRoot });
+        const devtools = await dependencies.runDevtoolsSetup();
+        const payload = {
+            status: 'planned',
+            steps: {
+                skills: {
+                    commandLines: [installCommand],
+                    note: skillsNote
+                },
+                delegation,
+                devtools,
+                guidance
+            }
+        };
+        if (params.format === 'json') {
+            dependencies.log(JSON.stringify(payload, null, 2));
+            return;
+        }
+        dependencies.log('Setup plan:');
+        dependencies.log('- Skills:');
+        for (const commandLine of payload.steps.skills.commandLines) {
+            dependencies.log(`  - ${commandLine}`);
+        }
+        dependencies.log(`- Delegation: ${delegationCommandPreview}`);
+        dependencies.log('- DevTools: codex-orchestrator devtools setup --yes');
+        for (const line of formatSetupGuidanceSummary(guidance)) {
+            dependencies.log(line);
+        }
+        dependencies.log('Run with --yes to apply this setup.');
+        return;
+    }
+    const skills = await dependencies.installSkills({ force: params.refreshSkills, only: bundledSkills });
+    const delegation = await dependencies.runDelegationSetup({ apply: true, repoRoot: params.repoRoot });
+    const devtools = await dependencies.runDevtoolsSetup({ apply: true });
+    for (const line of dependencies.formatSkillsInstallSummary(skills)) {
+        dependencies.log(line);
+    }
+    for (const line of dependencies.formatDelegationSetupSummary(delegation)) {
+        dependencies.log(line);
+    }
+    for (const line of dependencies.formatDevtoolsSetupSummary(devtools)) {
+        dependencies.log(line);
+    }
+    for (const line of formatSetupGuidanceSummary(guidance)) {
+        dependencies.log(line);
+    }
+    dependencies.log('Next: codex-orchestrator doctor --usage');
+}
+function buildSetupGuidance() {
+    return {
+        note: 'Agent-first default: run docs-review before implementation and implementation-gate before handoff.',
+        references: [
+            'https://github.com/Kbediako/CO#downstream-setup',
+            'https://github.com/Kbediako/CO/blob/main/docs/public/downstream-setup.md',
+            'https://github.com/Kbediako/CO/blob/main/docs/public/provider-onboarding.md',
+            'https://github.com/Kbediako/CO/blob/main/docs/guides/collab-vs-mcp.md',
+            'https://github.com/Kbediako/CO/blob/main/docs/guides/rlm-recursion-v2.md'
+        ],
+        recommended_commands: [
+            'codex-orchestrator flow --task <task-id>',
+            'codex-orchestrator doctor --format json',
+            'codex-orchestrator rlm --multi-agent auto "<goal>"',
+            'codex-orchestrator codex defaults --yes',
+            'codex-orchestrator mcp enable --servers delegation --yes'
+        ]
+    };
+}
+function formatSetupGuidanceSummary(guidance) {
+    const lines = ['Setup guidance:', `- ${guidance.note}`];
+    if (guidance.recommended_commands.length > 0) {
+        lines.push('- Recommended commands:');
+        for (const command of guidance.recommended_commands) {
+            lines.push(`  - ${command}`);
+        }
+    }
+    if (guidance.references.length > 0) {
+        lines.push('- References:');
+        for (const reference of guidance.references) {
+            lines.push(`  - ${reference}`);
+        }
+    }
+    return lines;
+}

package/dist/orchestrator/src/cli/setupCliShell.js ADDED Viewed

@@ -0,0 +1,51 @@
+/* eslint-disable patterns/prefer-logger-over-console */
+import process from 'node:process';
+import { runSetupBootstrapShell } from './setupBootstrapShell.js';
+const SETUP_CLI_HELP = `Usage: codex-orchestrator setup [--yes] [--refresh-skills] [--format json]
+One-shot bootstrap for downstream users. Installs bundled skills and configures
+delegation + DevTools MCP wiring.
+Options:
+  --yes                 Apply setup (otherwise plan only).
+  --refresh-skills      Overwrite bundled skills in $CODEX_HOME/skills during setup.
+  --repo <path>         Repo root for delegation wiring (default cwd).
+  --format json         Emit machine-readable output (dry-run only).
+`;
+const DEFAULT_DEPENDENCIES = {
+    runSetupBootstrapShell,
+    getCwd: () => process.cwd(),
+    log: (line) => console.log(line)
+};
+export async function runSetupCliShell(params, overrides = {}) {
+    const dependencies = { ...DEFAULT_DEPENDENCIES, ...overrides };
+    const format = resolveOutputFormat(params.flags);
+    const apply = Boolean(params.flags['yes']);
+    const refreshSkills = Boolean(params.flags['refresh-skills']);
+    if (format === 'json' && apply) {
+        throw new Error('setup does not support --format json with --yes.');
+    }
+    const repoFlag = readStringFlag(params.flags, 'repo');
+    const repoRoot = repoFlag ?? dependencies.getCwd();
+    await dependencies.runSetupBootstrapShell({
+        format,
+        apply,
+        refreshSkills,
+        repoRoot,
+        repoFlag: repoFlag ?? undefined
+    });
+}
+export function printSetupCliHelp(log = DEFAULT_DEPENDENCIES.log) {
+    log(SETUP_CLI_HELP);
+}
+function resolveOutputFormat(flags) {
+    return flags['format'] === 'json' ? 'json' : 'text';
+}
+function readStringFlag(flags, key) {
+    const value = flags[key];
+    if (typeof value !== 'string') {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}

package/dist/orchestrator/src/cli/skillsCliShell.js ADDED Viewed

@@ -0,0 +1,56 @@
+/* eslint-disable patterns/prefer-logger-over-console */
+import { formatSkillsInstallSummary, installSkills } from './skills.js';
+const DEFAULT_DEPENDENCIES = {
+    installSkills,
+    formatSkillsInstallSummary,
+    log: (line) => console.log(line)
+};
+export async function runSkillsCliShell(params, overrides = {}) {
+    const dependencies = { ...DEFAULT_DEPENDENCIES, ...overrides };
+    const positionals = [...params.positionals];
+    const subcommand = positionals.shift();
+    const wantsHelp = params.flags['help'] === true
+        || params.flags['--help'] === true
+        || params.flags['h'] === true
+        || !subcommand
+        || subcommand === 'help'
+        || subcommand === '--help'
+        || subcommand === '-h';
+    if (wantsHelp) {
+        params.printHelp();
+        return;
+    }
+    if (subcommand === 'install') {
+        const format = resolveOutputFormat(params.flags);
+        const result = await dependencies.installSkills({
+            force: params.flags['force'] === true,
+            codexHome: readStringFlag(params.flags, 'codex-home'),
+            only: parseOnlyFlag(params.flags['only'])
+        });
+        if (format === 'json') {
+            dependencies.log(JSON.stringify(result, null, 2));
+            return;
+        }
+        for (const line of dependencies.formatSkillsInstallSummary(result)) {
+            dependencies.log(line);
+        }
+        return;
+    }
+    throw new Error(`Unknown skills command: ${subcommand}`);
+}
+function resolveOutputFormat(flags) {
+    return flags['format'] === 'json' ? 'json' : 'text';
+}
+function readStringFlag(flags, key) {
+    const value = flags[key];
+    return typeof value === 'string' ? value : undefined;
+}
+function parseOnlyFlag(value) {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (typeof value !== 'string') {
+        throw new Error('--only requires a comma-separated list of skill names.');
+    }
+    return value.split(',').map((entry) => entry.trim()).filter(Boolean);
+}

package/dist/orchestrator/src/cli/startCliRequestShell.js ADDED Viewed

@@ -0,0 +1,53 @@
+import { runStartCliShell } from './startCliShell.js';
+const DEFAULT_DEPENDENCIES = {
+    runStartCliShell
+};
+export async function runStartCliRequestShell(params, overrides = {}) {
+    const dependencies = { ...DEFAULT_DEPENDENCIES, ...overrides };
+    const format = resolveOutputFormat(params.flags);
+    const executionMode = params.resolveExecutionModeFlag(params.flags);
+    const runtimeMode = params.resolveRuntimeModeFlag(params.flags);
+    params.applyRepoConfigRequiredPolicy(params.flags);
+    const autoIssueLogEnabled = params.resolveAutoIssueLogEnabled(params.flags);
+    const taskIdOverride = readStringFlagValue(params.flags['task']);
+    const goal = params.readStringFlag(params.flags, 'goal');
+    await dependencies.runStartCliShell({
+        orchestrator: params.orchestrator,
+        pipelineId: params.positionals[0],
+        format,
+        executionMode,
+        runtimeMode,
+        autoIssueLogEnabled,
+        taskIdOverride,
+        parentRunId: readStringFlagValue(params.flags['parent-run']),
+        approvalPolicy: readStringFlagValue(params.flags['approval-policy']),
+        issueProvider: readStringFlagValue(params.flags['issue-provider']),
+        issueId: readStringFlagValue(params.flags['issue-id']),
+        issueIdentifier: readStringFlagValue(params.flags['issue-identifier']),
+        issueUpdatedAt: readStringFlagValue(params.flags['issue-updated-at']),
+        targetStageId: params.resolveTargetStageId(params.flags),
+        runWithUi: async (action) => await params.runWithUi(format, action),
+        emitRunOutput: params.emitRunOutput,
+        maybeCaptureAutoIssueLog: params.maybeCaptureAutoIssueLog,
+        resolveTaskFilter: params.resolveTaskFilter,
+        withAutoIssueLogContext: params.withAutoIssueLogContext,
+        maybeEmitRunAdoptionHint: params.maybeEmitRunAdoptionHint,
+        isLegacyCollabEnvAliasEnabled: () => params.shouldWarnLegacyMultiAgentEnv(params.flags),
+        applyRlmEnvOverrides: () => params.applyRlmEnvOverrides(params.flags, goal),
+        resolveRlmTaskId: params.resolveRlmTaskId,
+        setTaskEnvironment: params.setTaskEnvironment,
+        log: params.log,
+        warn: params.warn,
+        setExitCode: params.setExitCode
+    });
+}
+function resolveOutputFormat(flags) {
+    return flags['format'] === 'json' ? 'json' : 'text';
+}
+function readStringFlagValue(value) {
+    if (typeof value !== 'string') {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}

package/dist/orchestrator/src/cli/startCliShell.js ADDED Viewed

@@ -0,0 +1,68 @@
+/* eslint-disable patterns/prefer-logger-over-console */
+const DEFAULT_DEPENDENCIES = {
+    warnLegacyEnvMessage: 'Warning: RLM_SYMBOLIC_COLLAB is a legacy alias; prefer RLM_SYMBOLIC_MULTI_AGENT.'
+};
+export async function runStartCliShell(params, overrides = {}) {
+    const dependencies = { ...DEFAULT_DEPENDENCIES, ...overrides };
+    const isRlm = params.pipelineId === 'rlm';
+    if (isRlm) {
+        const warnLegacyEnvAlias = params.isLegacyCollabEnvAliasEnabled();
+        params.applyRlmEnvOverrides();
+        if (warnLegacyEnvAlias) {
+            params.warn(dependencies.warnLegacyEnvMessage);
+        }
+    }
+    let taskIdOverride = params.taskIdOverride;
+    try {
+        await params.runWithUi(async (runEvents) => {
+            if (isRlm) {
+                taskIdOverride = params.resolveRlmTaskId(taskIdOverride);
+                params.setTaskEnvironment(taskIdOverride);
+                if (params.format !== 'json') {
+                    params.log(`Task: ${taskIdOverride}`);
+                }
+            }
+            const result = await params.orchestrator.start({
+                pipelineId: params.pipelineId,
+                taskId: taskIdOverride,
+                parentRunId: params.parentRunId,
+                approvalPolicy: params.approvalPolicy,
+                issueProvider: params.issueProvider,
+                issueId: params.issueId,
+                issueIdentifier: params.issueIdentifier,
+                issueUpdatedAt: params.issueUpdatedAt,
+                targetStageId: params.targetStageId,
+                executionMode: params.executionMode,
+                runtimeMode: params.runtimeMode,
+                runEvents
+            });
+            const issueLogCapture = result.manifest.status !== 'succeeded'
+                ? await params.maybeCaptureAutoIssueLog({
+                    enabled: params.autoIssueLogEnabled,
+                    issueTitle: `Auto issue log: start ${params.pipelineId ?? 'diagnostics'} failed`,
+                    issueNotes: `Automatic failure capture for run ${result.manifest.run_id} (${result.manifest.status}).`,
+                    taskFilter: params.resolveTaskFilter(result.manifest.task_id, taskIdOverride)
+                })
+                : { issueLog: null, issueLogError: null };
+            params.emitRunOutput(result, params.format, 'Run started', issueLogCapture);
+            if (result.manifest.status === 'failed' || result.manifest.status === 'cancelled') {
+                params.setExitCode(1);
+            }
+            if (result.manifest.status === 'succeeded' && result.manifest.pipeline_id !== 'rlm') {
+                await params.maybeEmitRunAdoptionHint({
+                    format: params.format,
+                    taskFilter: params.resolveTaskFilter(result.manifest.task_id, taskIdOverride)
+                });
+            }
+        });
+    }
+    catch (error) {
+        const issueLogCapture = await params.maybeCaptureAutoIssueLog({
+            enabled: params.autoIssueLogEnabled,
+            issueTitle: `Auto issue log: start ${params.pipelineId ?? 'diagnostics'} failed before run manifest`,
+            issueNotes: 'Automatic failure capture for start setup failure before run manifest creation.',
+            taskFilter: params.resolveTaskFilter(undefined, taskIdOverride)
+        });
+        throw params.withAutoIssueLogContext(error, issueLogCapture);
+    }
+}

package/dist/orchestrator/src/cli/statusCliShell.js ADDED Viewed

@@ -0,0 +1,22 @@
+const DEFAULT_DEPENDENCIES = {
+    delay: (ms) => new Promise((resolve) => setTimeout(resolve, ms)),
+    terminalStatuses: new Set(['succeeded', 'failed', 'cancelled'])
+};
+export async function runStatusCliShell(params, overrides = {}) {
+    const dependencies = { ...DEFAULT_DEPENDENCIES, ...overrides };
+    let manifest = await params.orchestrator.status({
+        runId: params.runId,
+        format: params.format
+    });
+    if (!params.watch) {
+        return manifest;
+    }
+    while (!dependencies.terminalStatuses.has(manifest.status)) {
+        await dependencies.delay(params.interval * 1000);
+        manifest = await params.orchestrator.status({
+            runId: params.runId,
+            format: params.format
+        });
+    }
+    return manifest;
+}

package/dist/orchestrator/src/cli/utils/authProvenanceFingerprint.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { createHmac } from 'node:crypto';
+import process from 'node:process';
+export const AUTH_PROVENANCE_FINGERPRINT_KEY_ENV_KEYS = [
+    'CODEX_AUTH_PROVENANCE_FINGERPRINT_KEY',
+    'CODEX_ORCHESTRATOR_AUTH_PROVENANCE_KEY'
+];
+function normalizeFingerprintValue(value) {
+    const trimmed = String(value ?? '').trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+export function resolveAuthProvenanceFingerprintKey(env = process.env) {
+    for (const key of AUTH_PROVENANCE_FINGERPRINT_KEY_ENV_KEYS) {
+        const value = normalizeFingerprintValue(env?.[key]);
+        if (value) {
+            return value;
+        }
+    }
+    return null;
+}
+export function fingerprintAuthProvenanceValue(value, env = process.env) {
+    const raw = normalizeFingerprintValue(value);
+    const key = resolveAuthProvenanceFingerprintKey(env);
+    if (!raw || !key) {
+        return null;
+    }
+    return `hmac-sha256:${createHmac('sha256', key).update(raw).digest('hex').slice(0, 16)}`;
+}

package/dist/orchestrator/src/cli/utils/cloudPreflight.js CHANGED Viewed

@@ -1,4 +1,7 @@
+import process from 'node:process';
 import { spawn } from 'node:child_process';
+import { fingerprintAuthProvenanceValue } from './authProvenanceFingerprint.js';
+import { resolveCodexCliBin } from './codexCli.js';
 function runCommand(command, args, options) {
     const timeoutMs = options.timeoutMs ?? 10_000;
     return new Promise((resolve) => {
@@ -55,6 +58,80 @@ function normalizeBranch(raw) {
     }
     return trimmed.replace(/^refs\/heads\//u, '');
 }
+function normalizeCloudPreflightRequestValue(raw) {
+    const trimmed = String(raw ?? '').trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+function readFirstCloudPreflightEnvValue(env, keys) {
+    if (!env) {
+        return null;
+    }
+    for (const key of keys) {
+        const value = normalizeCloudPreflightRequestValue(env[key]);
+        if (value) {
+            return value;
+        }
+    }
+    return null;
+}
+function readFirstCloudPreflightCredentialSource(env) {
+    if (!env) {
+        return null;
+    }
+    for (const key of [
+        'CODEX_API_KEY',
+        'OPENAI_API_KEY',
+        'CODEX_AUTH_TOKEN',
+        'OPENAI_AUTH_TOKEN',
+        'CHATGPT_AUTH_TOKEN'
+    ]) {
+        if (normalizeCloudPreflightRequestValue(env[key])) {
+            return `env:${key}`;
+        }
+    }
+    return null;
+}
+export function buildCloudPreflightAuthProvenance(params) {
+    const credentialSource = readFirstCloudPreflightCredentialSource(params.env);
+    const profile = readFirstCloudPreflightEnvValue(params.env, [
+        'CODEX_AUTH_PROFILE',
+        'CODEX_PROFILE',
+        'OPENAI_PROFILE',
+        'CHATGPT_AUTH_PROFILE',
+        'CHATGPT_PROFILE'
+    ]);
+    const account = readFirstCloudPreflightEnvValue(params.env, [
+        'CODEX_ACCOUNT_ID',
+        'CODEX_ACCOUNT',
+        'CODEX_ACCOUNT_EMAIL',
+        'OPENAI_ACCOUNT_ID',
+        'OPENAI_ORG_ID',
+        'CHATGPT_ACCOUNT_ID',
+        'CHATGPT_ACCOUNT',
+        'CHATGPT_ACCOUNT_EMAIL'
+    ]);
+    return {
+        providerKind: 'codex_cloud',
+        activeProfileFingerprint: fingerprintAuthProvenanceValue(profile, params.env),
+        activeAccountFingerprint: fingerprintAuthProvenanceValue(account, params.env),
+        cloudEnvId: params.environmentId,
+        cloudBranch: params.branch,
+        credentialSource,
+        authFreshness: credentialSource ? 'env_credential_present' : 'credential_source_unknown'
+    };
+}
+export function buildCloudPreflightRequest(params) {
+    const env = params.env ?? process.env;
+    const branch = normalizeCloudPreflightRequestValue(params.branch)
+        ?? normalizeCloudPreflightRequestValue(env.CODEX_CLOUD_BRANCH);
+    return {
+        repoRoot: params.repoRoot,
+        codexBin: resolveCodexCliBin(env),
+        environmentId: params.environmentId,
+        branch,
+        env
+    };
+}
 export async function runCloudPreflight(params) {
     const issues = [];
     const branch = normalizeBranch(params.branch);
@@ -95,7 +172,12 @@ export async function runCloudPreflight(params) {
         details: {
             codexBin: params.codexBin,
             environmentId: params.environmentId,
-            branch
+            branch,
+            authProvenance: buildCloudPreflightAuthProvenance({
+                env: params.env,
+                environmentId: params.environmentId,
+                branch
+            })
         }
     };
 }