@kirrosh/zond 0.22.0 → 0.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (282) hide show
  1. package/CHANGELOG.md +811 -0
  2. package/README.md +59 -6
  3. package/package.json +9 -7
  4. package/src/CLAUDE.md +112 -0
  5. package/src/cli/argv.ts +122 -0
  6. package/src/cli/commands/add-api.ts +146 -0
  7. package/src/cli/commands/api/annotate/idempotency.ts +59 -0
  8. package/src/cli/commands/api/annotate/index.ts +880 -0
  9. package/src/cli/commands/api/annotate/lifecycle.ts +74 -0
  10. package/src/cli/commands/api/annotate/overlay.ts +206 -0
  11. package/src/cli/commands/api/annotate/pagination.ts +64 -0
  12. package/src/cli/commands/api/annotate/prompts.ts +220 -0
  13. package/src/cli/commands/api/annotate/readback.ts +58 -0
  14. package/src/cli/commands/api/annotate/resources.ts +91 -0
  15. package/src/cli/commands/api/annotate/seed-bodies.ts +61 -0
  16. package/src/cli/commands/audit.ts +786 -0
  17. package/src/cli/commands/catalog.ts +35 -0
  18. package/src/cli/commands/check.ts +361 -0
  19. package/src/cli/commands/checks.ts +1072 -0
  20. package/src/cli/commands/ci-init.ts +43 -0
  21. package/src/cli/commands/clean.ts +212 -0
  22. package/src/cli/commands/cleanup.ts +236 -0
  23. package/src/cli/commands/completions.ts +16 -0
  24. package/src/cli/commands/coverage.ts +823 -132
  25. package/src/cli/commands/db.ts +486 -12
  26. package/src/cli/commands/describe.ts +37 -2
  27. package/src/cli/commands/discover.ts +1356 -0
  28. package/src/cli/commands/doctor.ts +661 -0
  29. package/src/cli/commands/fixtures.ts +402 -0
  30. package/src/cli/commands/generate.ts +438 -47
  31. package/src/cli/commands/init/bootstrap.ts +34 -2
  32. package/src/cli/commands/{init.ts → init/index.ts} +99 -5
  33. package/src/cli/commands/init/skills.ts +99 -3
  34. package/src/cli/commands/init/templates/agents.md +77 -64
  35. package/src/cli/commands/init/templates/skills/warm-up-target.md +122 -0
  36. package/src/cli/commands/init/templates/skills/zond-checks.md +621 -0
  37. package/src/cli/commands/init/templates/skills/zond-seed.md +114 -0
  38. package/src/cli/commands/init/templates/skills/zond-triage.md +272 -0
  39. package/src/cli/commands/init/templates/skills/zond.md +802 -125
  40. package/src/cli/commands/init/templates/zond-config.yml +8 -9
  41. package/src/cli/commands/prepare-fixtures.ts +97 -0
  42. package/src/cli/commands/probe/_seed-bodies.ts +52 -0
  43. package/src/cli/commands/probe/mass-assignment.ts +594 -0
  44. package/src/cli/commands/probe/security.ts +537 -0
  45. package/src/cli/commands/probe/static.ts +255 -0
  46. package/src/cli/commands/probe/webhooks.ts +163 -0
  47. package/src/cli/commands/probe.ts +535 -0
  48. package/src/cli/commands/reference.ts +87 -0
  49. package/src/cli/commands/refresh-api.ts +227 -0
  50. package/src/cli/commands/remove-api.ts +150 -0
  51. package/src/cli/commands/report-bundle.ts +310 -0
  52. package/src/cli/commands/report.ts +241 -0
  53. package/src/cli/commands/request.ts +495 -4
  54. package/src/cli/commands/run.ts +870 -53
  55. package/src/cli/commands/schema-from-runs.ts +128 -0
  56. package/src/cli/commands/secrets.ts +133 -0
  57. package/src/cli/commands/session.ts +244 -0
  58. package/src/cli/commands/use.ts +18 -1
  59. package/src/cli/index.ts +20 -3
  60. package/src/cli/json-envelope.ts +92 -3
  61. package/src/cli/json-schemas.ts +314 -0
  62. package/src/cli/output.ts +17 -1
  63. package/src/cli/program.ts +199 -635
  64. package/src/cli/resolve.ts +105 -0
  65. package/src/cli/safe-live.ts +24 -0
  66. package/src/cli/status-filter.ts +114 -0
  67. package/src/cli/util/api-context.ts +85 -0
  68. package/src/cli/version.ts +5 -0
  69. package/src/core/audit/persist.ts +183 -0
  70. package/src/core/checks/budget.ts +59 -0
  71. package/src/core/checks/checks/_crud-helpers.ts +133 -0
  72. package/src/core/checks/checks/_negative_mutator.ts +133 -0
  73. package/src/core/checks/checks/_readback-helpers.ts +133 -0
  74. package/src/core/checks/checks/content_type_conformance.ts +39 -0
  75. package/src/core/checks/checks/cross_call_references.ts +147 -0
  76. package/src/core/checks/checks/cursor_boundary_fuzzing.ts +219 -0
  77. package/src/core/checks/checks/ensure_resource_availability.ts +62 -0
  78. package/src/core/checks/checks/idempotency_replay.ts +242 -0
  79. package/src/core/checks/checks/ignored_auth.ts +254 -0
  80. package/src/core/checks/checks/index.ts +68 -0
  81. package/src/core/checks/checks/lifecycle_transitions.ts +416 -0
  82. package/src/core/checks/checks/missing_required_header.ts +40 -0
  83. package/src/core/checks/checks/negative_data_rejection.ts +148 -0
  84. package/src/core/checks/checks/not_a_server_error.ts +35 -0
  85. package/src/core/checks/checks/open_cors_on_sensitive.ts +160 -0
  86. package/src/core/checks/checks/pagination_invariants.ts +419 -0
  87. package/src/core/checks/checks/positive_data_acceptance.ts +33 -0
  88. package/src/core/checks/checks/rate_limit_headers_absent.ts +77 -0
  89. package/src/core/checks/checks/response_headers_conformance.ts +74 -0
  90. package/src/core/checks/checks/response_schema_conformance.ts +30 -0
  91. package/src/core/checks/checks/status_code_conformance.ts +132 -0
  92. package/src/core/checks/checks/unsupported_method.ts +63 -0
  93. package/src/core/checks/checks/use_after_free.ts +78 -0
  94. package/src/core/checks/index.ts +30 -0
  95. package/src/core/checks/mode.ts +82 -0
  96. package/src/core/checks/recommended-action.ts +68 -0
  97. package/src/core/checks/registry.ts +78 -0
  98. package/src/core/checks/runner.ts +1461 -0
  99. package/src/core/checks/sarif.ts +230 -0
  100. package/src/core/checks/spec-findings.ts +308 -0
  101. package/src/core/checks/stateful.ts +121 -0
  102. package/src/core/checks/types.ts +305 -0
  103. package/src/core/checks/zond-extensions.ts +73 -0
  104. package/src/core/classifier/recommended-action.ts +251 -0
  105. package/src/core/context/current.ts +22 -6
  106. package/src/core/context/session.ts +78 -0
  107. package/src/core/coverage/loader.ts +216 -0
  108. package/src/core/coverage/reasons.ts +300 -0
  109. package/src/core/diagnostics/db-analysis.ts +293 -59
  110. package/src/core/diagnostics/failure-class.ts +140 -0
  111. package/src/core/diagnostics/failure-hints.ts +88 -89
  112. package/src/core/diagnostics/spec-pointer.ts +99 -0
  113. package/src/core/diagnostics/suggested-fixes.ts +155 -0
  114. package/src/core/exporter/case-study/index.ts +270 -0
  115. package/src/core/exporter/curl.ts +40 -0
  116. package/src/core/exporter/exporter.ts +48 -0
  117. package/src/core/exporter/html-report/escape.ts +24 -0
  118. package/src/core/exporter/html-report/index.ts +479 -0
  119. package/src/core/exporter/html-report/script.ts +100 -0
  120. package/src/core/exporter/html-report/styles.ts +408 -0
  121. package/src/core/generator/chunker.ts +38 -19
  122. package/src/core/generator/coverage-phase.ts +0 -0
  123. package/src/core/generator/data-factory.ts +586 -22
  124. package/src/core/generator/describe.ts +1 -1
  125. package/src/core/generator/fixtures-builder.ts +332 -0
  126. package/src/core/generator/index.ts +5 -5
  127. package/src/core/generator/openapi-reader.ts +135 -7
  128. package/src/core/generator/path-param-disambig.ts +140 -0
  129. package/src/core/generator/resources-builder.ts +898 -0
  130. package/src/core/generator/schema-utils.ts +33 -3
  131. package/src/core/generator/serializer.ts +103 -13
  132. package/src/core/generator/suite-generator.ts +583 -122
  133. package/src/core/generator/types.ts +14 -0
  134. package/src/core/identity/identity-file.ts +0 -0
  135. package/src/core/lint/affects.ts +28 -0
  136. package/src/core/lint/config.ts +96 -0
  137. package/src/core/lint/format.ts +42 -0
  138. package/src/core/lint/index.ts +94 -0
  139. package/src/core/lint/reporter.ts +128 -0
  140. package/src/core/lint/rules/consistency.ts +158 -0
  141. package/src/core/lint/rules/heuristics.ts +97 -0
  142. package/src/core/lint/rules/strictness.ts +109 -0
  143. package/src/core/lint/types.ts +96 -0
  144. package/src/core/lint/walker.ts +248 -0
  145. package/src/core/meta/meta-store.ts +6 -73
  146. package/src/core/output/README.md +73 -0
  147. package/src/core/output/index.ts +13 -0
  148. package/src/core/output/run.ts +91 -0
  149. package/src/core/output/types.ts +122 -0
  150. package/src/core/parser/dynamic-values.ts +160 -0
  151. package/src/core/parser/env-interpolation.ts +104 -0
  152. package/src/core/parser/filter.ts +57 -0
  153. package/src/core/parser/schema.ts +129 -4
  154. package/src/core/parser/types.ts +19 -1
  155. package/src/core/parser/variables.ts +0 -0
  156. package/src/core/parser/yaml-parser.ts +58 -12
  157. package/src/core/probe/bootstrap.ts +34 -0
  158. package/src/core/probe/dry-run-envelope.ts +61 -0
  159. package/src/core/probe/mass-assignment/classify.ts +175 -0
  160. package/src/core/probe/mass-assignment/cleanup.ts +52 -0
  161. package/src/core/probe/mass-assignment/digest.ts +114 -0
  162. package/src/core/probe/mass-assignment/orchestrator.ts +459 -0
  163. package/src/core/probe/mass-assignment/regression.ts +141 -0
  164. package/src/core/probe/mass-assignment/suspects.ts +92 -0
  165. package/src/core/probe/mass-assignment/types.ts +135 -0
  166. package/src/core/probe/mass-assignment-probe-class.ts +198 -0
  167. package/src/core/probe/mass-assignment-probe.ts +27 -0
  168. package/src/core/probe/mass-assignment-template.ts +240 -0
  169. package/src/core/probe/method-probe.ts +43 -76
  170. package/src/core/probe/method-shared.ts +69 -0
  171. package/src/core/probe/negative-probe.ts +183 -149
  172. package/src/core/probe/orphan-tracker.ts +188 -0
  173. package/src/core/probe/path-discovery.ts +439 -0
  174. package/src/core/probe/probe-harness.ts +119 -0
  175. package/src/core/probe/registry.ts +89 -0
  176. package/src/core/probe/runner.ts +136 -0
  177. package/src/core/probe/security/baseline.ts +174 -0
  178. package/src/core/probe/security/classify.ts +341 -0
  179. package/src/core/probe/security/cleanup.ts +125 -0
  180. package/src/core/probe/security/detectors.ts +71 -0
  181. package/src/core/probe/security/digest.ts +104 -0
  182. package/src/core/probe/security/orchestrator.ts +398 -0
  183. package/src/core/probe/security/regression.ts +103 -0
  184. package/src/core/probe/security/types.ts +151 -0
  185. package/src/core/probe/security-probe-class.ts +207 -0
  186. package/src/core/probe/security-probe.ts +32 -0
  187. package/src/core/probe/shared.ts +531 -0
  188. package/src/core/probe/static-probe-class.ts +125 -0
  189. package/src/core/probe/types.ts +165 -0
  190. package/src/core/probe/verdict-aggregator.ts +33 -0
  191. package/src/core/probe/webhooks-probe.ts +282 -0
  192. package/src/core/reporter/console.ts +41 -2
  193. package/src/core/reporter/index.ts +2 -3
  194. package/src/core/reporter/json.ts +11 -1
  195. package/src/core/reporter/junit.ts +27 -12
  196. package/src/core/reporter/ndjson.ts +37 -0
  197. package/src/core/reporter/types.ts +3 -0
  198. package/src/core/runner/assertions.ts +59 -2
  199. package/src/core/runner/async-pool.ts +108 -0
  200. package/src/core/runner/auth-path.ts +8 -0
  201. package/src/core/runner/ci-context.ts +72 -0
  202. package/src/core/runner/executor.ts +265 -36
  203. package/src/core/runner/form-encode.ts +41 -0
  204. package/src/core/runner/http-client.ts +112 -2
  205. package/src/core/runner/learn-drift.ts +293 -0
  206. package/src/core/runner/preflight-vars.ts +153 -0
  207. package/src/core/runner/progress-tracker.ts +73 -0
  208. package/src/core/runner/rate-limiter.ts +87 -33
  209. package/src/core/runner/run-kind.ts +45 -0
  210. package/src/core/runner/schema-validator.ts +308 -0
  211. package/src/core/runner/send-request.ts +158 -20
  212. package/src/core/runner/types.ts +44 -0
  213. package/src/core/secrets/registry.ts +164 -0
  214. package/src/core/secrets/secrets-file.ts +115 -0
  215. package/src/core/selectors/operation-filter.ts +144 -0
  216. package/src/core/setup-api.ts +457 -20
  217. package/src/core/severity/category.ts +94 -0
  218. package/src/core/severity/index.ts +58 -0
  219. package/src/core/spec/infer-schema.ts +102 -0
  220. package/src/core/spec/layers.ts +154 -0
  221. package/src/core/spec/merge-specs.ts +156 -0
  222. package/src/core/spec/schema-from-runs.ts +117 -0
  223. package/src/core/spec/schema-overlay.ts +130 -0
  224. package/src/core/util/ajv.ts +13 -0
  225. package/src/core/util/format-eta.ts +21 -0
  226. package/src/core/util/headers.ts +9 -0
  227. package/src/core/util/url.ts +24 -0
  228. package/src/core/utils.ts +5 -1
  229. package/src/core/workspace/config.ts +129 -0
  230. package/src/core/workspace/fixture-gap-report.ts +84 -0
  231. package/src/core/workspace/fixture-gaps.ts +71 -0
  232. package/src/core/workspace/manifest.ts +283 -0
  233. package/src/core/workspace/output-rotation.ts +62 -0
  234. package/src/core/workspace/root.ts +13 -11
  235. package/src/core/workspace/triage-path.ts +87 -0
  236. package/src/db/lint-runs.ts +47 -0
  237. package/src/db/migrate.ts +128 -0
  238. package/src/db/migrations/0001_run_kind.sql +25 -0
  239. package/src/db/migrations/0002_run_kind_request.sql +59 -0
  240. package/src/db/migrations/sql.d.ts +4 -0
  241. package/src/db/queries/collections.ts +133 -0
  242. package/src/db/queries/coverage.ts +9 -0
  243. package/src/db/queries/dashboard.ts +59 -0
  244. package/src/db/queries/results.ts +216 -0
  245. package/src/db/queries/runs.ts +289 -0
  246. package/src/db/queries/sessions.ts +42 -0
  247. package/src/db/queries/settings.ts +28 -0
  248. package/src/db/queries/types.ts +172 -0
  249. package/src/db/queries.ts +75 -802
  250. package/src/db/schema.ts +178 -50
  251. package/src/cli/commands/export.ts +0 -144
  252. package/src/cli/commands/guide.ts +0 -127
  253. package/src/cli/commands/init/templates/skills/scenarios.md +0 -97
  254. package/src/cli/commands/probe-methods.ts +0 -108
  255. package/src/cli/commands/probe-validation.ts +0 -124
  256. package/src/cli/commands/serve.ts +0 -114
  257. package/src/cli/commands/sync.ts +0 -268
  258. package/src/cli/commands/update.ts +0 -189
  259. package/src/cli/commands/validate.ts +0 -34
  260. package/src/core/diagnostics/render-md.ts +0 -112
  261. package/src/core/exporter/postman.ts +0 -963
  262. package/src/core/generator/guide-builder.ts +0 -253
  263. package/src/core/meta/types.ts +0 -19
  264. package/src/core/parser/index.ts +0 -21
  265. package/src/core/runner/execute-run.ts +0 -132
  266. package/src/core/runner/index.ts +0 -12
  267. package/src/core/sync/spec-differ.ts +0 -38
  268. package/src/web/data/collection-state.ts +0 -362
  269. package/src/web/routes/api.ts +0 -314
  270. package/src/web/routes/dashboard.ts +0 -350
  271. package/src/web/routes/runs.ts +0 -64
  272. package/src/web/schemas.ts +0 -121
  273. package/src/web/server.ts +0 -134
  274. package/src/web/static/htmx.min.cjs +0 -1
  275. package/src/web/static/style.css +0 -1148
  276. package/src/web/views/endpoints-tab.ts +0 -174
  277. package/src/web/views/explorer-tab.ts +0 -402
  278. package/src/web/views/health-strip.ts +0 -92
  279. package/src/web/views/layout.ts +0 -48
  280. package/src/web/views/results.ts +0 -210
  281. package/src/web/views/runs-tab.ts +0 -126
  282. package/src/web/views/suites-tab.ts +0 -181
@@ -0,0 +1,128 @@
1
+ /**
2
+ * ARV-175: `zond schema-from-runs` — mine 2xx response bodies from a
3
+ * persisted run and emit `patch.schema.json` (inferred JSON Schema per
4
+ * endpoint+status). Pairs with `refresh-api --merge-schema` (ARV-176).
5
+ */
6
+ import { writeFile } from "node:fs/promises";
7
+ import type { Command } from "commander";
8
+ import { readOpenApiSpec, extractEndpoints } from "../../core/generator/index.ts";
9
+ import { schemaFromRuns, type ResultRow } from "../../core/spec/schema-from-runs.ts";
10
+ import { getResultsByRunId, getLatestRunId } from "../../db/queries.ts";
11
+ import { getDb } from "../../db/schema.ts";
12
+ import { resolveApiCollection, globalJson } from "../resolve.ts";
13
+ import { getApi } from "../util/api-context.ts";
14
+ import { jsonOk, jsonError, printJson } from "../json-envelope.ts";
15
+ import { printError, printSuccess, printWarning } from "../output.ts";
16
+ import { parsePositiveInt } from "../argv.ts";
17
+
18
+ export interface SchemaFromRunsCliOptions {
19
+ api?: string;
20
+ spec?: string;
21
+ db?: string;
22
+ run?: number;
23
+ minSamples?: number;
24
+ out?: string;
25
+ engine?: string;
26
+ json?: boolean;
27
+ }
28
+
29
+ export async function schemaFromRunsCommand(
30
+ opts: SchemaFromRunsCliOptions,
31
+ cmd: Command,
32
+ ): Promise<number> {
33
+ const json = opts.json === true || globalJson(cmd);
34
+ const label = "schema-from-runs";
35
+
36
+ // ARV-175 AC#2: only `builtin` is wired. quicktype/genson would each pull
37
+ // a large dependency tree, which contradicts zond's minimal-deps charter.
38
+ const engine = (opts.engine ?? "builtin").toLowerCase();
39
+ if (engine !== "builtin") {
40
+ const msg = `--engine "${opts.engine}" is not available. Only 'builtin' is wired (quicktype/genson would add heavy deps; see src/CLAUDE.md).`;
41
+ if (json) printJson(jsonError(label, [msg])); else printError(msg);
42
+ return 2;
43
+ }
44
+
45
+ // Resolve spec: --spec wins, else --api / current-api collection.
46
+ let spec = opts.spec;
47
+ const apiFlag = opts.spec ? opts.api : getApi(cmd, opts as Record<string, unknown>);
48
+ if (!spec && apiFlag) {
49
+ const resolved = resolveApiCollection(apiFlag, opts.db);
50
+ if ("error" in resolved) {
51
+ if (json) printJson(jsonError(label, [resolved.error])); else printError(resolved.error);
52
+ return resolved.error.startsWith("Failed") ? 2 : 1;
53
+ }
54
+ if (resolved.spec) spec = resolved.spec;
55
+ }
56
+ if (!spec) {
57
+ const msg = "No spec: pass --spec <path> or --api <name> (or set a current API).";
58
+ if (json) printJson(jsonError(label, [msg])); else printError(msg);
59
+ return 2;
60
+ }
61
+
62
+ getDb(opts.db);
63
+ const runId = opts.run ?? getLatestRunId();
64
+ if (runId == null) {
65
+ const msg = "No runs in the database. Run `zond run` / `zond checks run` first, then re-run schema-from-runs.";
66
+ if (json) printJson(jsonError(label, [msg])); else printError(msg);
67
+ return 2;
68
+ }
69
+
70
+ let doc;
71
+ try {
72
+ doc = await readOpenApiSpec(spec);
73
+ } catch (err) {
74
+ const msg = `Failed to read spec at "${spec}": ${(err as Error).message}`;
75
+ if (json) printJson(jsonError(label, [msg])); else printError(msg);
76
+ return 2;
77
+ }
78
+ const endpoints = extractEndpoints(doc);
79
+
80
+ const rows = getResultsByRunId(runId) as unknown as ResultRow[];
81
+ const minSamples = opts.minSamples ?? 2;
82
+ const result = schemaFromRuns({ results: rows, endpoints, minSamples });
83
+
84
+ const emitted = result.groups.filter((g) => g.emitted);
85
+ const skipped = result.groups.filter((g) => !g.emitted);
86
+ const out = opts.out ?? "patch.schema.json";
87
+
88
+ if (emitted.length > 0) {
89
+ await writeFile(out, JSON.stringify(result.patch, null, 2) + "\n", "utf-8");
90
+ }
91
+
92
+ if (json) {
93
+ printJson(jsonOk(label, {
94
+ run_id: runId,
95
+ out: emitted.length > 0 ? out : null,
96
+ min_samples: minSamples,
97
+ emitted: emitted.map((g) => ({ endpoint: g.endpoint, status: g.status, samples: g.samples })),
98
+ skipped: skipped.map((g) => ({ endpoint: g.endpoint, status: g.status, samples: g.samples, reason: g.reason })),
99
+ }));
100
+ return 0;
101
+ }
102
+
103
+ if (emitted.length === 0) {
104
+ printWarning(`No schemas emitted from run #${runId}: no (endpoint, status) group reached --min-samples ${minSamples}. ${skipped.length} group(s) had too few 2xx JSON samples.`);
105
+ return 0;
106
+ }
107
+ printSuccess(`Wrote ${emitted.length} response schema(s) from run #${runId} to ${out}`);
108
+ for (const g of emitted) console.log(` ${g.endpoint} → ${g.status} (${g.samples} samples)`);
109
+ for (const g of skipped) printWarning(`skipped ${g.endpoint} → ${g.status}: ${g.reason} (${g.samples} sample(s))`);
110
+ console.log(`\nNext: zond refresh-api --api <name> --merge-schema ${out}`);
111
+ return 0;
112
+ }
113
+
114
+ export function registerSchemaFromRuns(program: Command): void {
115
+ program
116
+ .command("schema-from-runs")
117
+ .description("ARV-175: infer response JSON Schemas from a run's 2xx bodies → patch.schema.json (pairs with refresh-api --merge-schema). Revives response_schema_conformance on specs that declare no response schemas.")
118
+ .option("--api <name>", "Registered API (spec + DB lookup)")
119
+ .option("--spec <path>", "Explicit OpenAPI spec path (overrides --api)")
120
+ .option("--run <id>", "Run id to mine (default: latest)", parsePositiveInt("--run"))
121
+ .option("--min-samples <n>", "Minimum 2xx samples per endpoint+status to emit (default 2)", parsePositiveInt("--min-samples"))
122
+ .option("--out <path>", "Output path for patch.schema.json (default: patch.schema.json)")
123
+ .option("--engine <name>", "Schema engine. Only 'builtin' is wired (default).", "builtin")
124
+ .option("--db <path>", "SQLite path")
125
+ .action(async (opts, cmd: Command) => {
126
+ process.exitCode = await schemaFromRunsCommand(opts, cmd);
127
+ });
128
+ }
@@ -0,0 +1,133 @@
1
+ /**
2
+ * `zond secrets set <key> <value>` — write a raw secret into
3
+ * `apis/<name>/.secrets.yaml` (ARV-377). Before this, rotating an expired
4
+ * token meant hand-editing the gitignored file (or a python script), since
5
+ * `zond fixtures add` only writes `.env.yaml` and the iron rules forbid an
6
+ * agent reading `.secrets.yaml` directly.
7
+ *
8
+ * Two safety properties:
9
+ * • the value is NEVER echoed back (stdout, stderr, or JSON envelope) —
10
+ * only the key name and whether a Bearer prefix was stripped;
11
+ * • a `.secrets.yaml.bak` backup is written before the file is touched,
12
+ * mirroring `fixtures add --apply`.
13
+ *
14
+ * Bearer trap (ARV-367/AC3): `.secrets.yaml` holds the RAW token — zond's
15
+ * runner adds the scheme prefix itself (`Authorization: Bearer <token>`).
16
+ * A pasted `Bearer eyJ…` is therefore always a mistake, so we strip a
17
+ * leading `Bearer ` (case-insensitive) and warn once. `--literal` keeps the
18
+ * value verbatim for the rare case someone really means to store it.
19
+ */
20
+ import type { Command } from "commander";
21
+ import { join } from "node:path";
22
+ import { copyFile } from "node:fs/promises";
23
+
24
+ import { getApi, MISSING_API_MESSAGE } from "../util/api-context.ts";
25
+ import { resolveApiCollection } from "../resolve.ts";
26
+ import { upsertEnvLine } from "./discover.ts";
27
+ import { jsonOk, jsonError, printJson } from "../json-envelope.ts";
28
+ import { printError, printSuccess } from "../output.ts";
29
+ import { globalJson } from "../resolve.ts";
30
+
31
+ interface SecretsSetOptions {
32
+ api?: string;
33
+ literal?: boolean;
34
+ json?: boolean;
35
+ }
36
+
37
+ const BEARER_PREFIX_RE = /^\s*Bearer\s+/i;
38
+
39
+ /** Normalise a pasted secret value: strip a leading `Bearer ` prefix (unless
40
+ * `literal`) so `.secrets.yaml` holds the raw token zond's runner expects.
41
+ * Exported for unit tests. */
42
+ export function normalizeSecretValue(raw: string, literal?: boolean): { value: string; bearerStripped: boolean } {
43
+ if (!literal && BEARER_PREFIX_RE.test(raw)) {
44
+ return { value: raw.replace(BEARER_PREFIX_RE, ""), bearerStripped: true };
45
+ }
46
+ return { value: raw, bearerStripped: false };
47
+ }
48
+
49
+ /** Upsert one `key: "value"` line into `.secrets.yaml`, backing up first.
50
+ * Exported for unit tests. */
51
+ export async function applySecretWrite(
52
+ secretsPath: string,
53
+ key: string,
54
+ value: string,
55
+ ): Promise<{ backup: string | null }> {
56
+ const file = Bun.file(secretsPath);
57
+ const exists = await file.exists();
58
+ let text = exists ? await file.text() : "";
59
+ let backup: string | null = `${secretsPath}.bak`;
60
+ if (exists) {
61
+ try { await copyFile(secretsPath, backup); } catch { backup = null; }
62
+ } else {
63
+ backup = null;
64
+ }
65
+ text = upsertEnvLine(text, key, value);
66
+ if (!text.endsWith("\n")) text += "\n";
67
+ await Bun.write(secretsPath, text);
68
+ return { backup };
69
+ }
70
+
71
+ async function setAction(key: string, valueParts: string[], cmd: Command): Promise<void> {
72
+ const opts = cmd.opts<SecretsSetOptions>();
73
+ const json = opts.json === true || globalJson(cmd);
74
+
75
+ const fail = (m: string, code = 2) => {
76
+ if (json) printJson(jsonError("secrets set", [m])); else printError(m);
77
+ process.exit(code);
78
+ };
79
+
80
+ const apiName = getApi(cmd, { api: opts.api } as Record<string, unknown>);
81
+ if (!apiName) return fail(MISSING_API_MESSAGE);
82
+ const col = resolveApiCollection(apiName, undefined);
83
+ if ("error" in col) return fail(col.error);
84
+ if (!col.baseDir) return fail(`API '${apiName}' has no base_dir registered.`);
85
+
86
+ const k = key.trim();
87
+ if (!k) return fail("Secret key must not be empty. Usage: zond secrets set <key> <value>");
88
+
89
+ // Join variadic value parts so an unquoted `Bearer eyJ…` paste (two argv
90
+ // tokens) still lands as one value instead of dropping the token.
91
+ const rawValue = valueParts.join(" ");
92
+ const { value, bearerStripped } = normalizeSecretValue(rawValue, opts.literal);
93
+ const warnings: string[] = [];
94
+ if (bearerStripped) {
95
+ warnings.push(
96
+ "Stripped a leading 'Bearer ' prefix — .secrets.yaml stores the raw token; zond adds the scheme prefix itself. Pass --literal to keep it verbatim.",
97
+ );
98
+ }
99
+
100
+ const secretsPath = join(col.baseDir, ".secrets.yaml");
101
+ const { backup } = await applySecretWrite(secretsPath, k, value);
102
+
103
+ // NEVER echo the value — key + metadata only.
104
+ if (json) {
105
+ printJson(jsonOk("secrets set", {
106
+ api: apiName,
107
+ secrets: secretsPath,
108
+ key: k,
109
+ bearer_stripped: bearerStripped,
110
+ backup,
111
+ }, warnings));
112
+ } else {
113
+ printSuccess(`Set secret '${k}' in ${secretsPath}` + (backup ? ` (backup: ${backup})` : ""));
114
+ process.stdout.write(" (value not echoed)\n");
115
+ for (const w of warnings) process.stderr.write(`Warning: ${w}\n`);
116
+ }
117
+ process.exit(0);
118
+ }
119
+
120
+ export function registerSecrets(program: Command): void {
121
+ const secrets = program
122
+ .command("secrets")
123
+ .description("Manage apis/<name>/.secrets.yaml (gitignored raw secret values, TASK-170). Values are never echoed back.");
124
+
125
+ secrets
126
+ .command("set <key> <value...>")
127
+ .description("Write a secret to .secrets.yaml (with .secrets.yaml.bak backup). Auto-strips a pasted 'Bearer ' prefix unless --literal. Never prints the value.")
128
+ .option("--api <name>", "Registered API (apis/<name>/.secrets.yaml). Falls back to ZOND_API / .zond/current-api.")
129
+ .option("--literal", "Store the value verbatim; do not strip a leading 'Bearer ' prefix.")
130
+ .action(async (key: string, value: string[], _opts, cmd: Command) => {
131
+ await setAction(key, value, cmd);
132
+ });
133
+ }
@@ -0,0 +1,244 @@
1
+ import { randomUUID } from "node:crypto";
2
+ import {
3
+ clearCurrentSession,
4
+ readCurrentSession,
5
+ sessionFilePath,
6
+ writeCurrentSession,
7
+ type SessionRecord,
8
+ } from "../../core/context/session.ts";
9
+ import { jsonError, jsonOk, printJson } from "../json-envelope.ts";
10
+ import { printError, printSuccess } from "../output.ts";
11
+ import { listSessions, countSessions } from "../../db/queries.ts";
12
+ import { getDb } from "../../db/schema.ts";
13
+ import { parsePositiveInt } from "../argv.ts";
14
+
15
+ export interface SessionStartOptions {
16
+ label?: string;
17
+ id?: string;
18
+ json?: boolean;
19
+ /** ARV-155: replace the existing active session instead of erroring out
20
+ * ("Session already active …"). Useful in ralph-loop iterations where a
21
+ * previous turn left a stale `.zond/current-session` behind. */
22
+ force?: boolean;
23
+ }
24
+
25
+ export interface SessionEndOptions {
26
+ json?: boolean;
27
+ }
28
+
29
+ export interface SessionStatusOptions {
30
+ json?: boolean;
31
+ }
32
+
33
+ function isValidUuid(s: string): boolean {
34
+ // Permissive — accept any RFC4122-shaped UUID (v1-v8) and zero-UUID for tests.
35
+ return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(s);
36
+ }
37
+
38
+ export async function sessionStartCommand(opts: SessionStartOptions): Promise<number> {
39
+ const existing = readCurrentSession();
40
+ if (existing && !opts.force) {
41
+ const message =
42
+ `Session already active (${existing.id}). Run 'zond session end' first, or pass --force to replace it.`;
43
+ if (opts.json) printJson(jsonError("session", [message]));
44
+ else printError(message);
45
+ return 1;
46
+ }
47
+ if (existing && opts.force) {
48
+ clearCurrentSession();
49
+ if (!opts.json) {
50
+ process.stdout.write(` Replaced active session ${existing.id}${existing.label ? ` (${existing.label})` : ""}.\n`);
51
+ }
52
+ }
53
+
54
+ let id = opts.id?.trim();
55
+ if (id && !isValidUuid(id)) {
56
+ const message = `Invalid --id: ${id} is not a UUID`;
57
+ if (opts.json) printJson(jsonError("session", [message]));
58
+ else printError(message);
59
+ return 1;
60
+ }
61
+ if (!id) id = randomUUID();
62
+
63
+ const record: SessionRecord = {
64
+ id,
65
+ label: opts.label?.trim() || undefined,
66
+ started_at: new Date().toISOString(),
67
+ };
68
+
69
+ let path: string;
70
+ try {
71
+ path = writeCurrentSession(record);
72
+ } catch (err) {
73
+ const message = err instanceof Error ? err.message : String(err);
74
+ if (opts.json) printJson(jsonError("session", [message]));
75
+ else printError(message);
76
+ return 1;
77
+ }
78
+
79
+ if (opts.json) {
80
+ printJson(jsonOk("session", { action: "started", ...record, path }));
81
+ } else {
82
+ printSuccess(`Session ${record.id} started${record.label ? ` (${record.label})` : ""}`);
83
+ process.stdout.write(` All subsequent 'zond run' calls in this workspace inherit this session_id.\n`);
84
+ process.stdout.write(` Stored at ${path}. Run 'zond session end' to clear.\n`);
85
+ }
86
+ return 0;
87
+ }
88
+
89
+ export async function sessionEndCommand(opts: SessionEndOptions): Promise<number> {
90
+ const existing = readCurrentSession();
91
+ const path = sessionFilePath();
92
+ const removed = clearCurrentSession();
93
+
94
+ if (opts.json) {
95
+ printJson(jsonOk("session", {
96
+ action: "ended",
97
+ removed,
98
+ previous_id: existing?.id ?? null,
99
+ path,
100
+ }));
101
+ return 0;
102
+ }
103
+
104
+ if (!removed) {
105
+ process.stdout.write(`No active session (${path} not present).\n`);
106
+ return 0;
107
+ }
108
+ printSuccess(`Session ${existing?.id ?? "(unknown)"} ended`);
109
+ return 0;
110
+ }
111
+
112
+ export async function sessionStatusCommand(opts: SessionStatusOptions): Promise<number> {
113
+ const record = readCurrentSession();
114
+ const path = sessionFilePath();
115
+ const env = process.env.ZOND_SESSION_ID?.trim() || null;
116
+
117
+ if (opts.json) {
118
+ printJson(jsonOk("session", {
119
+ action: "status",
120
+ active: !!record,
121
+ session: record,
122
+ env_session_id: env,
123
+ path,
124
+ }));
125
+ return 0;
126
+ }
127
+
128
+ if (record) {
129
+ process.stdout.write(`session_id: ${record.id}\n`);
130
+ if (record.label) process.stdout.write(`label: ${record.label}\n`);
131
+ process.stdout.write(`started_at: ${record.started_at}\n`);
132
+ process.stdout.write(`path: ${path}\n`);
133
+ if (env && env !== record.id) {
134
+ process.stdout.write(`\nNote: ZOND_SESSION_ID is set to '${env}' and overrides the file.\n`);
135
+ }
136
+ return 0;
137
+ }
138
+
139
+ if (env) {
140
+ process.stdout.write(`No active session file. ZOND_SESSION_ID is set to '${env}' (env wins).\n`);
141
+ return 0;
142
+ }
143
+ process.stdout.write(
144
+ `No active session. Run 'zond session start' to group subsequent 'zond run' calls.\n`,
145
+ );
146
+ return 0;
147
+ }
148
+
149
+ // ARV-43: list past sessions surfaced from the runs table so users can
150
+ // discover session_ids for `zond coverage --union session --session-id <id>`
151
+ // without dropping into sqlite. Labels live only in .zond/current-session
152
+ // (not persisted per run), so we only show what's stored in the DB.
153
+ export interface SessionListOptions {
154
+ limit?: number;
155
+ json?: boolean;
156
+ dbPath?: string;
157
+ }
158
+
159
+ export async function sessionListCommand(opts: SessionListOptions): Promise<number> {
160
+ const limit = opts.limit ?? 20;
161
+ let sessions: ReturnType<typeof listSessions>;
162
+ let total: number;
163
+ try {
164
+ getDb(opts.dbPath);
165
+ sessions = listSessions(limit);
166
+ total = countSessions();
167
+ } catch (err) {
168
+ const message = err instanceof Error ? err.message : String(err);
169
+ if (opts.json) printJson(jsonError("session", [message]));
170
+ else printError(message);
171
+ return 1;
172
+ }
173
+
174
+ if (opts.json) {
175
+ printJson(jsonOk("session", { action: "list", limit, total, sessions }));
176
+ return 0;
177
+ }
178
+
179
+ if (sessions.length === 0) {
180
+ process.stdout.write("No sessions recorded yet. Run 'zond session start' before 'zond run' to group runs.\n");
181
+ return 0;
182
+ }
183
+ process.stdout.write(`Showing ${sessions.length} of ${total} session(s):\n\n`);
184
+ process.stdout.write("session_id started_at finished_at runs pass/fail/skip\n");
185
+ for (const s of sessions) {
186
+ const started = s.started_at ? s.started_at.replace("T", " ").slice(0, 19) : "—".padEnd(19);
187
+ const finished = s.finished_at ? s.finished_at.replace("T", " ").slice(0, 19) : "(open)".padEnd(19);
188
+ const runs = String(s.run_count).padStart(4);
189
+ const counts = `${s.passed}/${s.failed}/${s.skipped}`;
190
+ process.stdout.write(`${s.session_id} ${started} ${finished} ${runs} ${counts}\n`);
191
+ }
192
+ return 0;
193
+ }
194
+
195
+ import type { Command } from "commander";
196
+ import { globalJson } from "../resolve.ts";
197
+
198
+ export function registerSession(program: Command): void {
199
+ // Group multiple `zond run` calls under one session_id without juggling env
200
+ // vars. `start` writes a UUID to .zond/current-session; subsequent `run`
201
+ // calls auto-pick it up (priority: --session-id flag > ZOND_SESSION_ID env
202
+ // > current-session file).
203
+ const session = program.command("session").description("Manage run grouping (campaigns)");
204
+ session
205
+ .command("start")
206
+ .description("Begin a session — group all subsequent 'zond run' calls under one session_id (.zond/current-session)")
207
+ .option("--label <text>", "Optional human-readable label shown alongside the session in the UI")
208
+ .option("--id <uuid>", "Reuse a specific UUID instead of generating one (useful for CI)")
209
+ .option("--force", "Replace any already-active session instead of erroring out (ARV-155)")
210
+ .action(async (opts, cmd: Command) => {
211
+ process.exitCode = await sessionStartCommand({
212
+ label: opts.label,
213
+ id: opts.id,
214
+ force: opts.force === true,
215
+ json: globalJson(cmd),
216
+ });
217
+ });
218
+ session
219
+ .command("end")
220
+ .description("End the current session — remove .zond/current-session")
221
+ .action(async (_opts, cmd: Command) => {
222
+ process.exitCode = await sessionEndCommand({ json: globalJson(cmd) });
223
+ });
224
+ session
225
+ .command("status")
226
+ .description("Show the active session (if any)")
227
+ .action(async (_opts, cmd: Command) => {
228
+ process.exitCode = await sessionStatusCommand({ json: globalJson(cmd) });
229
+ });
230
+ // ARV-43: complete the start/end/status/list quartet so coverage --union
231
+ // session --session-id <id> is discoverable without sqlite spelunking.
232
+ session
233
+ .command("list")
234
+ .description("List recent sessions (id, started_at, finished_at, run counts) so coverage --session-id is discoverable")
235
+ .option("--limit <n>", "Max sessions to print (default 20)", parsePositiveInt("--limit"))
236
+ .option("--db <path>", "Path to SQLite database file")
237
+ .action(async (opts, cmd: Command) => {
238
+ process.exitCode = await sessionListCommand({
239
+ limit: opts.limit,
240
+ dbPath: opts.db,
241
+ json: globalJson(cmd),
242
+ });
243
+ });
244
+ }
@@ -23,7 +23,7 @@ export async function useCommand(opts: UseOptions): Promise<number> {
23
23
  } else if (removed) {
24
24
  printSuccess(`Cleared ${path}`);
25
25
  } else {
26
- process.stdout.write(`No .zond-current file in ${process.cwd()}\n`);
26
+ process.stdout.write(`No .zond/current-api file in ${process.cwd()}\n`);
27
27
  }
28
28
  return 0;
29
29
  }
@@ -55,3 +55,20 @@ export async function useCommand(opts: UseOptions): Promise<number> {
55
55
  }
56
56
  return 0;
57
57
  }
58
+
59
+ import type { Command } from "commander";
60
+ import { globalJson } from "../resolve.ts";
61
+
62
+ export function registerUse(program: Command): void {
63
+ program
64
+ .command("use [api]")
65
+ .description("Set or show the current API for this workspace (.zond/current-api). TASK-290: resolution chain is per-cmd --api > global --api > ZOND_API env > this file.")
66
+ .option("--clear", "Remove .zond/current-api from the workspace")
67
+ .action(async (api: string | undefined, opts, cmd: Command) => {
68
+ process.exitCode = await useCommand({
69
+ api,
70
+ clear: opts.clear === true,
71
+ json: globalJson(cmd),
72
+ });
73
+ });
74
+ }
package/src/cli/index.ts CHANGED
@@ -1,12 +1,29 @@
1
1
  #!/usr/bin/env bun
2
2
 
3
+ import { createHash } from "node:crypto";
3
4
  import { CommanderError } from "commander";
4
5
  import { buildProgram, preprocessArgv } from "./program.ts";
5
- import { printError } from "./output.ts";
6
6
  import { VERSION } from "./version.ts";
7
7
 
8
8
  export { VERSION };
9
9
 
10
+ /**
11
+ * Anything that reaches this handler is an *unexpected* throw — command
12
+ * implementations are expected to catch their own usage/config errors and
13
+ * return exit 2 themselves. Tag these with `[zond:internal]` so operators
14
+ * can tell them apart from sandbox/SIGKILL/OOM (137/143). See ZOND.md →
15
+ * "Exit codes" for the full taxonomy.
16
+ */
17
+ function reportInternalError(err: unknown): void {
18
+ const message = err instanceof Error ? err.message : String(err);
19
+ const stack = err instanceof Error && err.stack ? err.stack : message;
20
+ const stackHash = createHash("sha1").update(stack).digest("hex").slice(0, 8);
21
+ process.stderr.write(`[zond:internal] zond ${VERSION} — uncaught ${message} (stack ${stackHash})\n`);
22
+ if (err instanceof Error && err.stack) {
23
+ process.stderr.write(err.stack + "\n");
24
+ }
25
+ }
26
+
10
27
  async function main(): Promise<void> {
11
28
  const program = buildProgram();
12
29
  try {
@@ -22,8 +39,8 @@ async function main(): Promise<void> {
22
39
  process.exitCode = 2;
23
40
  return;
24
41
  }
25
- printError(err instanceof Error ? err.message : String(err));
26
- process.exitCode = 2;
42
+ reportInternalError(err);
43
+ process.exitCode = 3;
27
44
  }
28
45
  }
29
46
 
@@ -1,19 +1,108 @@
1
+ /**
2
+ * Single source of truth for `--json` output across all CLI commands.
3
+ *
4
+ * Every `--json` response carries the same envelope:
5
+ *
6
+ * { ok, command, data, warnings, errors, exit_code? }
7
+ *
8
+ * Commands construct the payload (`data`) and ask one of the helpers
9
+ * below to render it. Don't `console.log(JSON.stringify(...))` ad-hoc
10
+ * for `--json` paths — go through `printJson` / `writeEnvelope` so the
11
+ * shape stays uniform (TASK-73, TASK-74, closed by TASK-184).
12
+ *
13
+ * TASK-296: errors[] is a list of `{code, message, details?}` so an
14
+ * agent can route on `code` without parsing the human message. Helpers
15
+ * accept either a bare `string` (auto-wrapped with code `unknown_error`)
16
+ * or a structured `ZondError` to keep call sites short.
17
+ */
18
+
19
+ // TASK-295: types are derived from the zod schemas in `./json-schemas.ts`
20
+ // so the published JSON Schema (docs/json-schema/) and the runtime types
21
+ // can never drift. Edit the enum/object there, run `bun run schemas`,
22
+ // commit the regenerated docs.
23
+ import type { z } from "zod";
24
+ import {
25
+ ZondErrorCodeSchema,
26
+ ZondErrorSchema,
27
+ } from "./json-schemas.ts";
28
+
29
+ export type ZondErrorCode = z.infer<typeof ZondErrorCodeSchema>;
30
+ export type ZondError = z.infer<typeof ZondErrorSchema>;
31
+
1
32
  export interface JsonEnvelope<T = unknown> {
2
33
  ok: boolean;
3
34
  command: string;
4
35
  data: T;
5
36
  warnings: string[];
6
- errors: string[];
37
+ errors: ZondError[];
38
+ /** Exit code the process will return. Present on error envelopes so a
39
+ * caller can read the taxonomy class without re-parsing $? from a shell
40
+ * (see ZOND.md → "Exit codes"). */
41
+ exit_code?: number;
42
+ }
43
+
44
+ /** Accept either a bare string (auto-coded `unknown_error`) or a fully-
45
+ * structured `ZondError`. Lets us migrate ~100 call sites incrementally
46
+ * without breaking the schema. */
47
+ export type ErrorInput = string | ZondError;
48
+
49
+ function normalizeErrors(errs: readonly ErrorInput[]): ZondError[] {
50
+ return errs.map(e =>
51
+ typeof e === "string" ? { code: "unknown_error" as const, message: e } : e,
52
+ );
7
53
  }
8
54
 
9
55
  export function jsonOk<T>(command: string, data: T, warnings?: string[]): JsonEnvelope<T> {
10
56
  return { ok: true, command, data, warnings: warnings ?? [], errors: [] };
11
57
  }
12
58
 
13
- export function jsonError(command: string, errors: string[], warnings?: string[]): JsonEnvelope<null> {
14
- return { ok: false, command, data: null, warnings: warnings ?? [], errors };
59
+ export function jsonError(
60
+ command: string,
61
+ errors: readonly ErrorInput[],
62
+ warnings?: string[],
63
+ exitCode = 2,
64
+ ): JsonEnvelope<null> {
65
+ return {
66
+ ok: false,
67
+ command,
68
+ data: null,
69
+ warnings: warnings ?? [],
70
+ errors: normalizeErrors(errors),
71
+ exit_code: exitCode,
72
+ };
15
73
  }
16
74
 
17
75
  export function printJson(envelope: JsonEnvelope): void {
18
76
  process.stdout.write(JSON.stringify(envelope, null, 2) + "\n");
19
77
  }
78
+
79
+ /** Convenience constructor: `zerr("env_missing", "base_url not set", { var: "base_url" })`. */
80
+ export function zerr(code: ZondErrorCode, message: string, details?: Record<string, unknown>): ZondError {
81
+ return details ? { code, message, details } : { code, message };
82
+ }
83
+
84
+ /** Discriminated-union result an action can hand back to {@link writeEnvelope}. */
85
+ export type EnvelopeResult<T> =
86
+ | { ok: true; data: T; warnings?: string[] }
87
+ | { ok: false; errors: readonly ErrorInput[]; warnings?: string[]; exitCode?: number };
88
+
89
+ /**
90
+ * Render a typed `EnvelopeResult` to stdout as a JSON envelope and return
91
+ * the process exit code (0 on ok, `result.exitCode ?? 2` on error). This
92
+ * is the recommended wrapper for new commands — it lets the handler
93
+ * focus on producing a payload and surfaces the right exit code in one
94
+ * call:
95
+ *
96
+ * const result = await doWork();
97
+ * if (options.json) return writeEnvelope("my-cmd", result);
98
+ * // …human path…
99
+ */
100
+ export function writeEnvelope<T>(command: string, result: EnvelopeResult<T>): number {
101
+ if (result.ok) {
102
+ printJson(jsonOk(command, result.data, result.warnings));
103
+ return 0;
104
+ }
105
+ const exit = result.exitCode ?? 2;
106
+ printJson(jsonError(command, result.errors, result.warnings, exit));
107
+ return exit;
108
+ }