@meetless/mla 0.1.4

package/dist/commands/flush.js

@@ -0,0 +1,184 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseArgs = parseArgs;
+exports.runFlush = runFlush;
+const spool_1 = require("../lib/spool");
+const config_1 = require("../lib/config");
+// Strict argv parsing for `mla flush` (Wedge v6 Epoch 48).
+//
+// The old parser had a genuinely dangerous silent-drop trap and a dead
+// flag:
+//
+//   1. `--session` / `-s` with no following value silently bound
+//      `out.session = undefined`. Downstream, `flags.session ? [...] :
+//      listActiveSessions()` then treated undefined as falsy and
+//      drained EVERY pending session in the queue. The operator's
+//      intent ("drain just this one") flipped to "drain everything"
+//      with no diagnostic. On a busy machine that is dozens to
+//      hundreds of sessions and minutes of un-bounded fan-out.
+//
+//   2. `--all` was a dead flag. The ternary collapsed to
+//      `flags.all ? listActiveSessions() : listActiveSessions()`,
+//      so `--all` and the default both did the same thing. Operators
+//      reading the help text reasonably inferred the default behaved
+//      differently.
+//
+// Strict rules below:
+//   - Unknown `--`-prefixed token throws with the supported set.
+//   - `--session`/`-s` MUST be followed by a non-`--` value; a missing
+//     or flag-shape value throws rather than silently widening to
+//     "drain everything".
+//   - Positional argument is still allowed as a shortcut for
+//     `--session <sid>`, but a second positional throws.
+//   - `--all` and `--session` are mutually exclusive (passing both
+//     throws, rather than silently letting `--session` win).
+//   - `--all` is preserved as an explicit synonym for the default
+//     (drain every active session) but it is no longer a no-op
+//     branch; the runFlush body uses the single resolved
+//     `listActiveSessions()` call.
+//   - `--gc` additionally runs the age-gated stale-session reaper
+//     (reapQueue) AFTER the drain, removing dead-session litter
+//     (`.lock`/`.turn`/`.repoPath`/`.gitBaseline` and 0-byte spools
+//     idle longer than MEETLESS_QUEUE_GC_MAX_AGE_SEC, default 24h). It
+//     NEVER touches a session with undelivered work, so it is safe to
+//     pair with the default drain. `--gc` is whole-queue, so it is
+//     mutually exclusive with `--session` (draining one session while
+//     reaping all is contradictory intent).
+//   - `--reap-only` runs the SAME reaper but SKIPS the drain loop
+//     entirely. This is the Stop-hook path: the session that just
+//     ended already self-flushes via spawn_flush, so the hook only
+//     needs the cheap age-gated litter sweep. Tail-calling `--gc`
+//     there would re-drain EVERY active session on every Stop -- an
+//     O(sessions) fan-out per Stop, the exact pile-up that left 99
+//     stranded `.lock` files. `--reap-only` is whole-queue and pure
+//     reap, so it is mutually exclusive with `--gc` (redundant),
+//     `--all`, `--session`, and a positional id (all drain selectors).
+const KNOWN_FLAGS = new Set(["--all", "--session", "-s", "--quiet", "-q", "--gc", "--reap-only"]);
+// `--reap-only` reaps without draining; combining it with any drain
+// selector is contradictory intent. Centralized so every branch raises
+// the same message.
+const REAP_ONLY_CONFLICT = "--reap-only reaps without draining; it cannot be combined with --gc/--all/--session";
+function parseArgs(argv) {
+    const out = {};
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (a === "--reap-only") {
+            if (out.all || out.gc || out.session !== undefined) {
+                throw new Error(REAP_ONLY_CONFLICT);
+            }
+            out.reapOnly = true;
+            continue;
+        }
+        if (a === "--all") {
+            if (out.session !== undefined) {
+                throw new Error("--all and --session are mutually exclusive");
+            }
+            if (out.reapOnly) {
+                throw new Error(REAP_ONLY_CONFLICT);
+            }
+            out.all = true;
+            continue;
+        }
+        if (a === "--gc") {
+            if (out.session !== undefined) {
+                throw new Error("--gc and --session are mutually exclusive (--gc reaps the whole queue)");
+            }
+            if (out.reapOnly) {
+                throw new Error(REAP_ONLY_CONFLICT);
+            }
+            out.gc = true;
+            continue;
+        }
+        if (a === "--session" || a === "-s") {
+            if (out.all) {
+                throw new Error("--all and --session are mutually exclusive");
+            }
+            if (out.gc) {
+                throw new Error("--gc and --session are mutually exclusive (--gc reaps the whole queue)");
+            }
+            if (out.reapOnly) {
+                throw new Error(REAP_ONLY_CONFLICT);
+            }
+            const v = argv[i + 1];
+            if (v === undefined) {
+                throw new Error(`Missing value for ${a}`);
+            }
+            if (v.startsWith("--") || v.startsWith("-")) {
+                throw new Error(`Missing value for ${a} (got the next flag ${v} instead)`);
+            }
+            out.session = v;
+            i += 1;
+            continue;
+        }
+        if (a === "--quiet" || a === "-q") {
+            out.quiet = true;
+            continue;
+        }
+        if (a.startsWith("--") || a.startsWith("-")) {
+            if (!KNOWN_FLAGS.has(a)) {
+                throw new Error(`Unknown flag: ${a}. Supported flags: --all, --session/-s, --quiet/-q, --gc, --reap-only`);
+            }
+            // Should be unreachable; KNOWN_FLAGS aligns with the branches above.
+            throw new Error(`Unhandled known flag: ${a}`);
+        }
+        if (out.reapOnly) {
+            throw new Error(REAP_ONLY_CONFLICT);
+        }
+        if (out.all) {
+            throw new Error(`Unexpected positional argument: ${a}. --all already drains every session.`);
+        }
+        if (out.gc) {
+            throw new Error(`--gc and a per-session id are mutually exclusive (--gc reaps the whole queue).`);
+        }
+        if (out.session !== undefined) {
+            throw new Error(`Unexpected extra positional argument: ${a}. \`mla flush\` accepts at most one session id.`);
+        }
+        out.session = a;
+    }
+    return out;
+}
+async function runFlush(argv, opts = {}) {
+    const flags = parseArgs(argv);
+    const hookDir = opts.hookDir ?? config_1.HOOKS_DIR;
+    const quiet = opts.quiet ?? flags.quiet;
+    let bad = 0;
+    // --reap-only skips the drain loop entirely (Stop-hook path). Everything
+    // else (`--all`, `--session`, the bare default) drains. `--all` and the bare
+    // default both mean "drain every active session"; the distinction is
+    // documentation-only. Collapse to a single resolved call so the dead-branch
+    // pattern that hid the missing-value trap cannot return.
+    if (!flags.reapOnly) {
+        const sessions = flags.session ? [flags.session] : (0, spool_1.listActiveSessions)();
+        if (sessions.length === 0) {
+            if (!quiet)
+                console.log("No sessions to flush.");
+        }
+        else {
+            for (const sid of sessions) {
+                const r = (0, spool_1.runFlushScript)(sid, hookDir);
+                if (!r.ok) {
+                    bad += 1;
+                    if (!quiet)
+                        console.error(`[flush] ${sid} FAILED: ${r.stderr.slice(0, 200)}`);
+                }
+                else if (!quiet) {
+                    console.log(`[flush] ${sid} ok`);
+                }
+            }
+        }
+    }
+    // --gc reaps dead-session litter AFTER the drain; --reap-only reaps WITHOUT
+    // draining. Drain-first (for --gc) is the conservative ordering -- a session
+    // that is still deliverable gets delivered (and self-cleaned by flush.sh's
+    // RC1 path) before the reaper looks at it, and reapQueue never touches a
+    // session with undelivered work regardless. Runs even when there was nothing
+    // to drain.
+    if (flags.gc || flags.reapOnly) {
+        const gc = (0, spool_1.reapQueue)();
+        if (!quiet) {
+            console.log(`[gc] reaped ${gc.reaped.length} stale session(s), removed ${gc.removedFiles} file(s)` +
+                ` (${gc.skippedPending} with pending work and ${gc.skippedFresh} still-fresh kept)`);
+        }
+    }
+    return bad > 0 ? 1 : 0;
+}

package/dist/commands/graph.js

@@ -0,0 +1,104 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GRAPH_USAGE = void 0;
+exports.runGraph = runGraph;
+const kb_1 = require("./kb");
+const kb_pending_1 = require("./kb_pending");
+const kb_review_1 = require("./kb_review");
+// `mla graph`: the coordination-graph (relationship) surface.
+//
+// notes/20260608-mla-ml-generalization-review.md, Q1. `mla kb` had grown to span
+// two orthogonal axes:
+//   (a) document / posture: ingestion + grounding, LIVE vs SHADOW.
+//   (b) relationship / graph: typed edges between docs, decided via verdicts.
+// Calling axis (b) "kb" buries the coordination graph (the product's substrate)
+// under a storage noun. `mla graph` gives axis (b) its own home WITHOUT moving
+// axis (a): `review`/`pending` route to the EXACT same handlers as
+// `mla kb review`/`mla kb pending` (one implementation, two entry points), and the
+// overload boundary + pending-alias semantics are imported from `./kb` so the two
+// surfaces can never drift. `kb review`/`kb pending` stay as working back-compat.
+//
+// Deliberately NOT here: any document ingestion verb. The review's explicit trap
+// is `graph add <file>` reading as "ingest"; that would re-blur the two axes the
+// codebase fought to separate. Document/posture verbs typed under `graph` are
+// redirected to `mla kb`, not silently rejected.
+// The document/posture verbs that live under `mla kb`. Typing one of these under
+// `graph` is an axis mismatch, not a typo, so each gets a pointed redirect rather
+// than the generic unknown-subcommand catalog. `share` is the deprecated alias for
+// `promote`; include it so the redirect fires for muscle-memory too.
+const KB_DOC_POSTURE_VERBS = new Set([
+    "add",
+    "show",
+    "reingest",
+    "forget",
+    "purge",
+    "move",
+    "retime",
+    "promote",
+    "share",
+    "personal",
+    "summary",
+    "dump",
+]);
+// The user-facing `mla graph` catalog. It teaches the one fact that keeps the two
+// axes apart: reviewing an edge records how docs RELATE; it never changes whether a
+// doc is grounded (that is posture, under `mla kb`). The graph + control-projection
+// layers expose per-item reads as counts only today (their per-item read endpoints
+// remain deferred), so the catalog points at `mla kb summary` for graph counts
+// rather than pretending a per-edge inspector exists. Keep "Usage" present: the
+// unknown-subcommand path re-emits this block and a test locks that contract.
+exports.GRAPH_USAGE = `mla graph: the coordination graph — relationship review (typed edges between docs).
+
+The graph axis decides how docs RELATE: SUPERSEDES / CONTRADICTS / REFINES /
+REFERENCES. It is independent of the document/posture axis (ingestion + grounding,
+LIVE vs SHADOW), which lives under \`mla kb\`. Reviewing an edge records how two docs
+relate; it NEVER changes whether a doc is grounded.
+
+Usage:
+  mla graph review                              list the queue (defaults to your current session)
+  mla graph review --all                        list the full workspace queue
+  mla graph review --session <sid|current|latest>  list a specific session's candidates
+  mla graph review [scope] --json               structured output (agent policy + scope)
+  mla graph review <candidate-id> --accept | --reject [--note <text>] [--agent]
+                                                record a verdict (--accept is human-only)
+  mla graph pending [scope]                     deprecated alias for \`graph review\` (list mode)
+
+Related (the OTHER axis — document/posture, not relationships):
+  mla kb ...            ingest, ground (posture LIVE/SHADOW), and curate documents
+  mla kb summary        substrate counts (includes graph entities + knowledge_relations)`;
+// Router for the relationship/graph axis. Mirrors `runKb`'s help + dispatch
+// shape; `review`/`pending` delegate to the shared handlers, document/posture
+// verbs are redirected, everything else re-emits the catalog with exit 2.
+async function runGraph(argv) {
+    const sub = argv[0];
+    const rest = argv.slice(1);
+    // Help is workspace-free: full catalog to stdout, exit 0. Reached by
+    // `mla graph`, `mla graph help`, and `mla graph --help/-h`.
+    if (sub === undefined || sub === "help" || sub === "--help" || sub === "-h") {
+        console.log(exports.GRAPH_USAGE);
+        return 0;
+    }
+    switch (sub) {
+        case "review":
+            // Same overload boundary as `mla kb review`: a leading candidate id records
+            // a verdict; anything else (no args / leading flag) lists the queue.
+            return (0, kb_1.isReviewListInvocation)(rest) ? (0, kb_pending_1.runKbReviewList)(rest) : (0, kb_review_1.runKbReview)(rest);
+        case "pending":
+            // Deprecated alias for `review` (list mode); injects --all when no explicit
+            // scope so the historical workspace-wide default holds.
+            return (0, kb_pending_1.runKbReviewList)((0, kb_1.pendingAliasArgs)(rest));
+    }
+    // Axis mismatch: a document/posture verb typed under `graph`. Redirect to the
+    // surface that owns it instead of a generic "unknown subcommand" — this is the
+    // anti-conflation guardrail made executable.
+    if (KB_DOC_POSTURE_VERBS.has(sub)) {
+        console.error(`\`${sub}\` is a document/posture command (ingestion + grounding), not a ` +
+            `relationship (graph) command.\n` +
+            `Documents are ingested and grounded under \`mla kb\`. Run: mla kb ${sub} ...\n\n` +
+            `\`mla graph\` only reviews how docs RELATE. See \`mla graph help\`.`);
+        return 2;
+    }
+    console.error(`unknown \`mla graph\` subcommand: ${sub}\n`);
+    console.error(exports.GRAPH_USAGE);
+    return 2;
+}

package/dist/commands/init.js

@@ -0,0 +1,272 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseInitArgs = parseInitArgs;
+exports.buildInitConfig = buildInitConfig;
+exports.runInit = runInit;
+const fs = __importStar(require("fs"));
+const config_1 = require("../lib/config");
+const wire_1 = require("../lib/wire");
+// Strict argv parsing for `mla init` (Wedge v6 Epoch 54).
+//
+// The old parser used `const next = () => argv[++i]` and switched on
+// the flag name. That shape had three real silent-drop classes, the
+// first one is genuinely dangerous because it writes a corrupt
+// 0o600-mode config that breaks every subsequent CLI call:
+//
+//   1. `mla init --control-token --intel-url http://x` bound
+//      controlToken = "--intel-url" (next() ate the next flag) and
+//      then "http://x" fell through the switch's `default` branch
+//      (positional, no `--` prefix) and was silently dropped. The
+//      operator's intent ("set token AND intel url") flipped to "set
+//      token to the string '--intel-url'", and the config was written
+//      at 0o600 perms with a wrong token. Every downstream `mla` call
+//      then 401'd with no obvious cause. (The trap applies to any value
+//      flag; `--workspace-id` was the original example before T3.1
+//      removed that flag.)
+//
+//   2. `mla init -x` (any short flag) hit the `default` branch's
+//      `if (a.startsWith("--"))` guard which is `--` only -- so `-x`
+//      was silently dropped with no diagnostic.
+//
+//   3. `mla init some_positional --control-token T` silently dropped
+//      the positional. No `mla init` flow takes positionals.
+//
+// Strict rules below:
+//   - Unknown `--`-prefixed or `-`-prefixed token throws with the
+//     supported set.
+//   - Value flags MUST be followed by a non-`--`/`-` value; missing
+//     or flag-shape value throws.
+//   - Positional arguments throw; `mla init` takes none.
+const VALUE_FLAGS = new Set([
+    "--control-url",
+    "--control-token",
+    "--intel-url",
+    "--actor",
+]);
+const BOOLEAN_FLAGS = new Set([
+    "--no-post-tool-use",
+    "--unsafe-capture-non-bash",
+    "--skill-only",
+    "--no-install-flock",
+    "--no-project-rules",
+    "--no-mcp",
+]);
+function parseInitArgs(argv) {
+    const out = {};
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (VALUE_FLAGS.has(a)) {
+            const v = argv[i + 1];
+            if (v === undefined) {
+                throw new Error(`Missing value for ${a}`);
+            }
+            if (v.startsWith("--") || v.startsWith("-")) {
+                throw new Error(`Missing value for ${a} (got the next flag ${v} instead)`);
+            }
+            if (a === "--control-url")
+                out.controlUrl = v;
+            else if (a === "--control-token")
+                out.controlToken = v;
+            else if (a === "--intel-url")
+                out.intelUrl = v;
+            else if (a === "--actor")
+                out.actorUserId = v;
+            i += 1;
+            continue;
+        }
+        if (BOOLEAN_FLAGS.has(a)) {
+            if (a === "--no-post-tool-use")
+                out.noPostToolUse = true;
+            else if (a === "--unsafe-capture-non-bash")
+                out.unsafeCaptureNonBash = true;
+            else if (a === "--skill-only")
+                out.skillOnly = true;
+            else if (a === "--no-install-flock")
+                out.noInstallFlock = true;
+            else if (a === "--no-project-rules")
+                out.noProjectRules = true;
+            else if (a === "--no-mcp")
+                out.noMcp = true;
+            continue;
+        }
+        if (a.startsWith("--") || a.startsWith("-")) {
+            throw new Error(`Unknown flag: ${a}. Supported flags: ${[...VALUE_FLAGS, ...BOOLEAN_FLAGS].sort().join(", ")}`);
+        }
+        throw new Error(`Unexpected positional argument: ${a}. \`mla init\` takes no positional arguments.`);
+    }
+    return out;
+}
+// Assemble the cli-config that `mla init` writes, inheriting unset fields from a
+// prior config (idempotent re-run / token rotation). Pure (no I/O beyond
+// resolveMlaPath reading argv) so the folder = workspace contract is unit-pinned
+// in init-config-shape.spec.ts.
+//
+// Folder = workspace (T3.1): the assembled config carries NO `workspaceId`. The
+// field is omitted from the literal entirely, so even a stale workspaceId on a
+// pre-cutover `prior` is dropped rather than carried forward. The workspace
+// binding lives only in the per-folder `.meetless.json` marker.
+function buildInitConfig(flags, prior) {
+    // `mla init` is the SHARED-KEY bootstrap (scripted / CI / `--control-token`),
+    // never the browser-login path. So it only ever assembles a shared-key or a
+    // 'none' auth. The one exception is idempotence: a re-run while a browser
+    // session is live (prior.auth.mode === 'user-token') must PRESERVE that login
+    // rather than silently downgrade it to a shared key (which would also freeze a
+    // short-lived access token as if it were permanent). `mla login`/`mla logout`
+    // own the user-token lifecycle (§6.6).
+    let auth;
+    if (flags.controlToken) {
+        auth = { mode: "shared-key", accessToken: flags.controlToken };
+    }
+    else if (prior?.auth) {
+        // Preserve whatever was canonically on disk (none / shared-key / user-token).
+        auth = prior.auth;
+    }
+    else if (prior?.controlToken) {
+        // Legacy prior (pre-nested-auth) with only a top-level token: shared-key.
+        auth = { mode: "shared-key", accessToken: prior.controlToken };
+    }
+    else {
+        // Fresh init with no token: logged out until `mla login` or a later
+        // `mla init --control-token`.
+        auth = { mode: "none" };
+    }
+    // P3: under a preserved user session the actor is pinned to the authenticated
+    // user; otherwise it is the explicit flag or the inherited value.
+    const actorUserId = auth.mode === "user-token"
+        ? auth.user.id
+        : (flags.actorUserId ?? prior?.actorUserId);
+    return {
+        controlUrl: flags.controlUrl ?? prior?.controlUrl ?? config_1.DEFAULT_CONTROL_URL,
+        // Derived projection of auth (= accessToken, "" for none). Never persisted.
+        controlToken: auth.mode === "none" ? "" : auth.accessToken,
+        intelUrl: flags.intelUrl ?? prior?.intelUrl ?? config_1.DEFAULT_INTEL_URL,
+        mlaPath: (0, wire_1.resolveMlaPath)(),
+        intelRoot: prior?.intelRoot,
+        consoleUrl: prior?.consoleUrl,
+        actorUserId,
+        auth,
+    };
+}
+// Human-readable one-liner for the auth state a fresh/updated init just wrote,
+// shown in the init summary. `none` is the DEFAULT (no --control-token): the
+// machine is wired but logged out, so `mla login` is the next step. shared-key
+// is the opt-in headless path; user-token only appears on an idempotent re-run
+// over a live browser session (init preserves it, never downgrades).
+function describeInitAuthMode(mode) {
+    if (mode === "user-token")
+        return "user-token (browser login preserved)";
+    if (mode === "shared-key")
+        return "shared-key (headless)";
+    return "none (logged out; run `mla login` to sign in)";
+}
+async function runInit(argv) {
+    let flags;
+    try {
+        flags = parseInitArgs(argv);
+    }
+    catch (e) {
+        console.error(e.message);
+        return 2;
+    }
+    if (flags.unsafeCaptureNonBash) {
+        console.error("--unsafe-capture-non-bash is v0.1; rejected in v0.");
+        return 2;
+    }
+    if (flags.skillOnly) {
+        const res = (0, wire_1.runWire)({ skillOnly: true });
+        (0, wire_1.printWireResult)(res, { skillOnly: true });
+        return 0;
+    }
+    // Idempotent re-run: when cli-config.json exists, inherit each field
+    // the operator did not explicitly override. This lets `mla init` double
+    // as "rotate token" (`mla init --control-token NEW`) or "change backend"
+    // (`mla init --control-url ...`) without forcing the operator to retype
+    // every previously-set value. On a first run with nothing to inherit, the
+    // auth defaults to 'none' (see below) rather than demanding a token.
+    let prior = null;
+    if ((0, config_1.configExists)()) {
+        try {
+            prior = (0, config_1.readConfig)();
+        }
+        catch {
+            prior = null;
+        }
+    }
+    // §6.4: `mla init` DEFAULTS to auth.mode 'none' (machine wired, logged out)
+    // when no --control-token is given. The shared-key bootstrap is now opt-in via
+    // --control-token (headless / CI); the interactive path is `mla init` then
+    // `mla login`. buildInitConfig already assembles the 'none' auth, and a
+    // tokenless re-run over a live user-token PRESERVES it (no downgrade), so there
+    // is no token guard here: a tokenless first run is a supported, audited-by-login
+    // setup, not an error.
+    const cfg = buildInitConfig(flags, prior);
+    fs.mkdirSync(config_1.QUEUE_DIR, { recursive: true });
+    (0, config_1.writeConfig)(cfg);
+    const wire = (0, wire_1.runWire)({
+        noPostToolUse: !!flags.noPostToolUse,
+        noInstallFlock: !!flags.noInstallFlock,
+        noProjectRules: !!flags.noProjectRules,
+        noMcp: !!flags.noMcp,
+    });
+    const authMode = cfg.auth.mode;
+    console.log(`Wrote ${config_1.CFG_PATH}${prior ? " (updated)" : ""}`);
+    console.log(`  controlUrl:  ${cfg.controlUrl}`);
+    console.log(`  intelUrl:    ${cfg.intelUrl}`);
+    console.log(`  mlaPath:     ${cfg.mlaPath}`);
+    console.log(`  auth:        ${describeInitAuthMode(authMode)}`);
+    if (cfg.actorUserId) {
+        console.log(`  actorUserId: ${cfg.actorUserId}`);
+    }
+    else if (authMode !== "none") {
+        // Under 'none' the actor is stamped by `mla login` (pinned to auth.user.id),
+        // so only the headless shared-key path needs the explicit --actor nag.
+        console.log("  actorUserId: (unset; required for `mla kb` curation commands. " +
+            "Re-run `mla init --actor <id>` to set it.)");
+    }
+    (0, wire_1.printWireResult)(wire);
+    // 4.4 first-run telemetry disclosure. Stated once, at setup, rather than on
+    // every invocation (a per-run notice would pollute scriptable output). Crash
+    // reporting is OFF unless a Sentry DSN is configured; run traces, when a
+    // backend enables them, go ONLY to the control URL above (your own server),
+    // never to Meetless. Hard-disable everything with MEETLESS_TELEMETRY=off.
+    console.log("Telemetry: crash reporting OFF (no Sentry DSN); run traces go only to " +
+        "your configured control, never to Meetless. Disable all with " +
+        "MEETLESS_TELEMETRY=off. See TELEMETRY.md.");
+    // A logged-out machine's next step is the browser login; a headless shared-key
+    // install goes straight to doctor.
+    console.log(`Next: ${authMode === "none" ? "mla login" : "mla doctor"}`);
+    return wire.flock?.ok ? 0 : 1;
+}