@meetless/mla 0.1.4

package/dist/commands/scan-context.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rescanAndCache = rescanAndCache;
+exports.resolveScanRoot = resolveScanRoot;
+exports.resolveScanTarget = resolveScanTarget;
+exports.runScanContext = runScanContext;
+// src/commands/scan-context.ts
+const node_os_1 = require("node:os");
+const scan_1 = require("../lib/scanner/scan");
+const cache_1 = require("../lib/scanner/cache");
+const workspace_1 = require("../lib/workspace");
+// Pure-ish core: scan, apply current verdicts, persist. Returns the applied result.
+function rescanAndCache(args) {
+    const home = args.home ?? (0, node_os_1.homedir)();
+    const now = args.now ?? (() => new Date().toISOString());
+    const raw = (0, scan_1.scanWorkspace)(args.cwd, { workspaceId: args.workspaceId, now });
+    const applied = (0, cache_1.applyVerdicts)(raw, (0, cache_1.readVerdicts)(home, args.workspaceId));
+    (0, cache_1.writeScanCache)(home, args.workspaceId, applied);
+    return applied;
+}
+// The directory a scan must run FROM: the nearest .meetless.json marker dir if we
+// are inside an activated workspace, else the start dir unchanged. `git ls-files`
+// from a package subdir only lists that subtree, so anchoring here is what keeps a
+// rescan whole-workspace (all rules, root-relative + stable ids) no matter which
+// subdir the command was invoked from. Shared by every caller that rescans.
+function resolveScanRoot(startDir) {
+    return (0, workspace_1.findWorkspaceContext)(startDir)?.markerDir ?? startDir;
+}
+// Decide which workspace to scan and which directory to scan FROM. Pure: takes
+// the start dir, env, and argv so it is fully testable without mutating process
+// state. Precedence for the id is MEETLESS_WORKSPACE_ID > --workspace > the
+// nearest .meetless.json marker. The scan ROOT is always the marker directory
+// when a marker exists, so invoking from a package subdir (apps/control) still
+// scans the whole workspace; `git ls-files` from a subdir only lists that
+// subtree, which is exactly how nested instruction files would otherwise be
+// missed. Only when there is no marker at all do we fall back to the start dir,
+// and that path requires an explicit id from env or flag.
+function resolveScanTarget(opts) {
+    const ctx = (0, workspace_1.findWorkspaceContext)(opts.startDir);
+    const envWs = (opts.env.MEETLESS_WORKSPACE_ID ?? "").trim();
+    const flagWs = (argFlag(opts.argv, "--workspace") ?? "").trim();
+    const workspaceId = envWs || flagWs || ctx?.workspaceId;
+    if (!workspaceId) {
+        return {
+            error: "scan-context: no workspace id (run inside an activated workspace, " +
+                "set MEETLESS_WORKSPACE_ID, or pass --workspace)",
+        };
+    }
+    return { workspaceId, scanRoot: resolveScanRoot(opts.startDir) };
+}
+// Thin CLI wrapper: `mla _internal scan-context`. Resolves the workspace and the
+// scan root from the marker (env/flag override the id), then scans + caches.
+async function runScanContext(argv) {
+    const target = resolveScanTarget({ startDir: process.cwd(), env: process.env, argv });
+    if ("error" in target) {
+        console.error(target.error);
+        return 2;
+    }
+    const result = rescanAndCache({ cwd: target.scanRoot, workspaceId: target.workspaceId });
+    console.log(`scanned: ${result.inventory.instructionFiles} instruction files, ` +
+        `${result.directives.length} rules, ${result.inventory.staleSignals} stale signals`);
+    return 0;
+}
+function argFlag(argv, flag) {
+    const i = argv.indexOf(flag);
+    return i >= 0 ? argv[i + 1] : undefined;
+}

package/dist/commands/session.js

@@ -0,0 +1,347 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseShowArgs = parseShowArgs;
+exports.runSessionShow = runSessionShow;
+exports.parseReconcileArgs = parseReconcileArgs;
+exports.runSessionReconcile = runSessionReconcile;
+const config_1 = require("../lib/config");
+const http_1 = require("../lib/http");
+const redactor_1 = require("../lib/redactor");
+const reconcile_sessions_1 = require("../lib/reconcile-sessions");
+const SHOW_DEFAULT_LIMIT = 100;
+const SHOW_MAX_PAGES = 50;
+function parseShowArgs(argv) {
+    const out = { json: false };
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (a === "--json") {
+            out.json = true;
+            continue;
+        }
+        if (a === "--last") {
+            const next = argv[i + 1];
+            if (!next)
+                throw new Error("--last requires a positive integer (e.g. --last 20)");
+            const n = Number.parseInt(next, 10);
+            if (!Number.isFinite(n) || n <= 0) {
+                throw new Error(`--last must be a positive integer, got: ${next}`);
+            }
+            out.last = n;
+            i++;
+            continue;
+        }
+        if (a.startsWith("--") || a.startsWith("-")) {
+            throw new Error(`Unknown flag: ${a}. Supported flags: --json, --last <N>`);
+        }
+        if (out.sessionId) {
+            throw new Error(`Unexpected extra argument: ${a}. Expected at most one sessionId.`);
+        }
+        out.sessionId = a;
+    }
+    return out;
+}
+// Session-bound resolution: positional sid -> $CLAUDE_CODE_SESSION_ID -> fail.
+// No network call, no workspace-latest fallback, so this command can never
+// resolve to a session other than the one named or the one it runs inside.
+// CLAUDE_CODE_SESSION_ID is the only honored env var (it is what Claude Code
+// exports to subprocesses, and what `mla review`/`activate` both bind to). The
+// legacy $SESSION_ID was a divergent name nothing ever set, so it
+// is intentionally NOT consulted (consolidated 2026-05-31).
+function resolveSessionId(positional) {
+    const p = (positional || "").trim();
+    if (p)
+        return { sessionId: p, source: "positional" };
+    const envSid = (process.env.CLAUDE_CODE_SESSION_ID || "").trim();
+    if (envSid)
+        return { sessionId: envSid, source: "env" };
+    throw new Error("No session id provided and no $CLAUDE_CODE_SESSION_ID env. " +
+        "Pass a sessionId: mla session show <sid>");
+}
+async function fetchEventsPage(cfg, sid, cursor) {
+    const params = new URLSearchParams();
+    params.set("workspaceId", cfg.workspaceId);
+    params.set("limit", String(SHOW_DEFAULT_LIMIT));
+    if (cursor)
+        params.set("cursor", cursor);
+    return await (0, http_1.get)(cfg, `/internal/v1/agent-runs/by-session/${encodeURIComponent(sid)}/events?${params.toString()}`, 15000);
+}
+function clipForHuman(text, max) {
+    if (text.length <= max)
+        return text;
+    return text.slice(0, max) + ` ...[+${text.length - max} chars]`;
+}
+function renderEventHuman(ev) {
+    const lines = [];
+    const ts = ev.occurredAt;
+    const payload = (ev.payload || {});
+    if (ev.eventType === "prompt_submitted") {
+        const text = String(payload.prompt ?? payload.text ?? "");
+        lines.push(`[${ts}] prompt_submitted`);
+        lines.push(indent(clipForHuman(text, 2000), "  > "));
+        return lines;
+    }
+    if (ev.eventType === "tool_used_bash") {
+        const cmd = String(payload.command ?? "");
+        const exit = payload.exitCode ?? payload.exit_code ?? "?";
+        const stdout = String(payload.stdout ?? "");
+        const stderr = String(payload.stderr ?? "");
+        lines.push(`[${ts}] tool_used_bash  exit=${exit}`);
+        lines.push(indent(clipForHuman(cmd, 240), "  $ "));
+        if (stdout)
+            lines.push(indent(clipForHuman(tailLines(stdout, 20), 1200), "  | "));
+        if (stderr)
+            lines.push(indent(clipForHuman(tailLines(stderr, 20), 1200), "  ! "));
+        return lines;
+    }
+    if (ev.eventType === "session_stopped") {
+        const final = String(payload.finalMessage ?? payload.final_message ?? payload.text ?? "");
+        lines.push(`[${ts}] session_stopped`);
+        if (final)
+            lines.push(indent(clipForHuman(final, 2000), "  = "));
+        return lines;
+    }
+    lines.push(`[${ts}] ${ev.eventType}`);
+    return lines;
+}
+function tailLines(text, n) {
+    const parts = text.split(/\r?\n/);
+    if (parts.length <= n)
+        return text;
+    return parts.slice(parts.length - n).join("\n");
+}
+function indent(text, prefix) {
+    return text
+        .split(/\r?\n/)
+        .map((l) => prefix + l)
+        .join("\n");
+}
+async function runSessionShow(argv) {
+    const cfg = (0, config_1.loadWorkspaceConfig)();
+    let args;
+    try {
+        args = parseShowArgs(argv);
+    }
+    catch (e) {
+        console.error(e.message);
+        return 2;
+    }
+    let resolved;
+    try {
+        resolved = resolveSessionId(args.sessionId);
+    }
+    catch (e) {
+        console.error(e.message);
+        return 1;
+    }
+    // In --json mode the announce line goes to stderr so stdout stays a clean
+    // JSON document (pipeable into jq / a file). In human mode it leads stdout
+    // so the operator sees which rung resolved before the event stream.
+    const announce = `Session: ${resolved.sessionId} (source: ${resolved.source})`;
+    if (args.json)
+        console.error(announce);
+    else
+        console.log(announce);
+    let merged = null;
+    let cursor = null;
+    let pagesFetched = 0;
+    try {
+        while (pagesFetched < SHOW_MAX_PAGES) {
+            const page = await fetchEventsPage(cfg, resolved.sessionId, cursor);
+            pagesFetched++;
+            if (!merged) {
+                merged = {
+                    sessionId: page.sessionId,
+                    externalSessionId: page.externalSessionId,
+                    runId: page.runId,
+                    events: [...page.events],
+                    truncated: page.truncated,
+                    nextCursor: page.nextCursor ?? null,
+                };
+            }
+            else {
+                merged.events.push(...page.events);
+                merged.truncated = merged.truncated || page.truncated;
+                merged.nextCursor = page.nextCursor ?? null;
+            }
+            if (!page.nextCursor)
+                break;
+            cursor = page.nextCursor;
+        }
+        // Loop hit the page budget without exhausting the feed. Mark the merged
+        // envelope truncated so the operator never silently sees a partial dump
+        // (without this flag, SHOW_MAX_PAGES * SHOW_DEFAULT_LIMIT events would look
+        // like the complete capture). The server's own `truncated` stays sticky.
+        // Use merged.nextCursor (faithfully tracks last page's nextCursor incl. null)
+        // rather than the loop-local `cursor`, which goes stale when the last page
+        // exits via line 600's break before line 601 advances it.
+        if (merged && pagesFetched >= SHOW_MAX_PAGES && merged.nextCursor) {
+            merged.truncated = true;
+            console.error(`Note: client page budget (${SHOW_MAX_PAGES} pages of ${SHOW_DEFAULT_LIMIT}) reached; ` +
+                `feed may have more events. Follow nextCursor to continue.`);
+        }
+    }
+    catch (e) {
+        const err = e;
+        if (err.status === 404) {
+            console.error(`No agent run found for session ${resolved.sessionId} in this workspace. ` +
+                `Was it captured by the hooks?`);
+            return 1;
+        }
+        throw e;
+    }
+    if (!merged) {
+        console.error("Unexpected: no events envelope returned.");
+        return 1;
+    }
+    // Defense-in-depth: the control endpoint already redacts, but apply the
+    // shared redactor again at the render boundary (principle 7) so the failure
+    // mode for a bug on the server side is "double-redacted output", not
+    // "leaked secrets in the operator's terminal".
+    const redactedEvents = merged.events.map((ev) => ({
+        ...ev,
+        payload: (0, redactor_1.redactPayload)(ev.payload),
+    }));
+    const displayEvents = args.last && args.last > 0 && args.last < redactedEvents.length
+        ? redactedEvents.slice(redactedEvents.length - args.last)
+        : redactedEvents;
+    if (args.json) {
+        const out = {
+            sessionId: merged.sessionId,
+            externalSessionId: merged.externalSessionId ?? null,
+            runId: merged.runId ?? null,
+            source: resolved.source,
+            truncated: merged.truncated,
+            nextCursor: merged.nextCursor ?? null,
+            totalReturned: redactedEvents.length,
+            displayed: displayEvents.length,
+            events: displayEvents,
+        };
+        console.log(JSON.stringify(out, null, 2));
+        if (merged.truncated) {
+            console.error("Note: server cap clipped the event window. Re-run with `--last N` or follow nextCursor.");
+        }
+        return 0;
+    }
+    if (displayEvents.length === 0) {
+        console.log("(no events captured for this session)");
+        if (merged.truncated) {
+            console.log("output truncated; pass --last N or follow nextCursor to continue.");
+        }
+        return 0;
+    }
+    if (args.last && args.last < redactedEvents.length) {
+        console.log(`(showing last ${args.last} of ${redactedEvents.length} events)`);
+    }
+    else {
+        console.log(`(${redactedEvents.length} event(s) captured)`);
+    }
+    for (const ev of displayEvents) {
+        for (const line of renderEventHuman(ev)) {
+            // Defense-in-depth at the line level too: any future code path that
+            // pulls a string straight from payload into a render line still passes
+            // through the redactor here.
+            console.log((0, redactor_1.redact)(line) ?? line);
+        }
+    }
+    if (merged.truncated) {
+        console.log("");
+        console.log("output truncated; pass `--last N` or follow `nextCursor` to continue.");
+    }
+    return 0;
+}
+function parseReconcileArgs(argv) {
+    const out = { dryRun: false, json: false };
+    for (const a of argv) {
+        if (a === "--dry-run") {
+            out.dryRun = true;
+            continue;
+        }
+        if (a === "--json") {
+            out.json = true;
+            continue;
+        }
+        if (a.startsWith("-")) {
+            throw new Error(`Unknown flag: ${a}. Supported flags: --dry-run, --json`);
+        }
+        // reconcile sweeps the entire workspace; it intentionally takes no sid.
+        throw new Error(`Unexpected argument: ${a}. \`mla session reconcile\` takes no positional ` +
+            "arguments (it sweeps the workspace). Supported flags: --dry-run, --json");
+    }
+    return out;
+}
+// Cap each sweep at the server's max page (clamped to 500 server-side). The
+// working set is self-limiting: once a deleted session is archived it drops out of
+// the default (`archived=false`) list, so a later sweep handles any remainder.
+const RECONCILE_LIST_LIMIT = 500;
+async function runSessionReconcile(argv) {
+    let args;
+    try {
+        args = parseReconcileArgs(argv);
+    }
+    catch (e) {
+        console.error(e.message);
+        return 2;
+    }
+    const cfg = (0, config_1.loadWorkspaceConfig)();
+    const resolver = (0, reconcile_sessions_1.makeTranscriptStatusResolver)();
+    const listSessions = async () => {
+        const params = new URLSearchParams();
+        params.set("workspaceId", cfg.workspaceId);
+        // archived=false: never re-touch an already-archived row (idempotent sweeps).
+        params.set("archived", "false");
+        // Only Claude Code has the no-delete-event gap this sweep exists to close.
+        params.set("adapter", "claude_code");
+        params.set("limit", String(RECONCILE_LIST_LIMIT));
+        return await (0, http_1.get)(cfg, `/internal/v1/agent-runs?${params.toString()}`, 15000);
+    };
+    const archive = async (sid) => {
+        await (0, http_1.post)(cfg, `/internal/v1/agent-runs/by-session/${encodeURIComponent(sid)}/archive`, { workspaceId: cfg.workspaceId }, 15000);
+    };
+    let result;
+    try {
+        result = await (0, reconcile_sessions_1.executeSessionReconcile)({ listSessions, resolver, archive }, { dryRun: args.dryRun });
+    }
+    catch (e) {
+        const err = e;
+        console.error(`Could not list sessions to reconcile: ${err.message}` +
+            (err.status ? ` (HTTP ${err.status})` : ""));
+        return 1;
+    }
+    const { plan, archived, failed, dryRun } = result;
+    if (args.json) {
+        console.log(JSON.stringify({
+            workspaceId: cfg.workspaceId,
+            dryRun,
+            scanned: plan.toArchive.length + plan.skipped.length,
+            toArchive: plan.toArchive,
+            archived,
+            failed,
+            skipped: plan.skipped,
+        }, null, 2));
+        return failed.length > 0 ? 1 : 0;
+    }
+    // Human render. Lead with the headline so an operator running it ad hoc sees
+    // the outcome immediately; detail (which sessions, why skipped) follows.
+    const scanned = plan.toArchive.length + plan.skipped.length;
+    if (plan.toArchive.length === 0) {
+        console.log(`Reconcile: scanned ${scanned} claude_code session(s); none have a deleted transcript. Nothing to archive.`);
+        return 0;
+    }
+    if (dryRun) {
+        console.log(`Reconcile (dry-run): ${plan.toArchive.length} of ${scanned} session(s) have a deleted transcript and WOULD be archived:`);
+        for (const id of plan.toArchive)
+            console.log(`  - ${id}`);
+        console.log("Re-run without --dry-run to archive them.");
+        return 0;
+    }
+    console.log(`Reconcile: archived ${archived.length} of ${plan.toArchive.length} session(s) with a deleted transcript (scanned ${scanned}).`);
+    for (const id of archived)
+        console.log(`  archived ${id}`);
+    if (failed.length > 0) {
+        console.error(`${failed.length} archive(s) failed:`);
+        for (const f of failed)
+            console.error(`  ${f.sessionId}: ${f.error}`);
+        return 1;
+    }
+    return 0;
+}