@meetless/mla 0.1.4

package/dist/commands/activate.js

@@ -0,0 +1,781 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.renderActivationCard = void 0;
+exports.parseActivateArgs = parseActivateArgs;
+exports.resolveBootstrapTier = resolveBootstrapTier;
+exports.bootstrapTierEmitsMission = bootstrapTierEmitsMission;
+exports.bootstrapTierIsDeepNotYet = bootstrapTierIsDeepNotYet;
+exports.writeActivationMarker = writeActivationMarker;
+exports.clearDeactivateSentinel = clearDeactivateSentinel;
+exports.removeStaleGitignoreEntry = removeStaleGitignoreEntry;
+exports.bootstrapCurrentSession = bootstrapCurrentSession;
+exports.runActivate = runActivate;
+exports.onboardRecommendation = onboardRecommendation;
+exports.runMute = runMute;
+exports.runUnmute = runUnmute;
+exports.runDeactivate = runDeactivate;
+const child_process_1 = require("child_process");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const readline = __importStar(require("readline"));
+const activation_1 = require("../lib/activation");
+const config_1 = require("../lib/config");
+const http_1 = require("../lib/http");
+const bootstrap_summary_1 = require("../lib/scanner/bootstrap-summary");
+Object.defineProperty(exports, "renderActivationCard", { enumerable: true, get: function () { return bootstrap_summary_1.renderActivationCard; } });
+const scout_mission_1 = require("../lib/scanner/scout-mission");
+const scan_context_1 = require("./scan-context");
+const workspace_1 = require("../lib/workspace");
+const BOOTSTRAP_TIERS = ["fast", "agentic", "full"];
+const VALUE_FLAGS = new Set(["--name", "--note", "--bootstrap"]);
+const BOOLEAN_FLAGS = new Set(["--here", "--create", "--repair"]);
+function parseActivateArgs(argv) {
+    const out = {};
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (VALUE_FLAGS.has(a)) {
+            const v = argv[i + 1];
+            if (v === undefined || v.startsWith("-")) {
+                throw new Error(`Missing value for ${a}`);
+            }
+            if (a === "--name")
+                out.name = v;
+            else if (a === "--note")
+                out.note = v;
+            else if (a === "--bootstrap") {
+                if (!BOOTSTRAP_TIERS.includes(v)) {
+                    throw new Error(`Invalid value for --bootstrap: ${v}. Supported tiers: ${BOOTSTRAP_TIERS.join(", ")}.`);
+                }
+                out.bootstrap = v;
+            }
+            i += 1;
+            continue;
+        }
+        if (BOOLEAN_FLAGS.has(a)) {
+            if (a === "--here")
+                out.here = true;
+            else if (a === "--create")
+                out.create = true;
+            else if (a === "--repair")
+                out.repair = true;
+            continue;
+        }
+        throw new Error(`Unknown argument: ${a}. Supported: ${[...VALUE_FLAGS, ...BOOLEAN_FLAGS].sort().join(", ")}`);
+    }
+    return out;
+}
+// The activation tail defaults to the `fast` tier when no `--bootstrap` was given,
+// so the long-standing behavior is unchanged unless the operator opts into a
+// deeper tier.
+function resolveBootstrapTier(flags) {
+    return flags.bootstrap ?? "fast";
+}
+// Whether a tier emits the agentic scout mission after the review bundle. Only the
+// deterministic `fast` tier stays silent; `agentic` and `full` both invite the
+// deep read.
+function bootstrapTierEmitsMission(tier) {
+    return tier !== "fast";
+}
+// Whether a tier asks for the deep temporal scan that is not built in this lane
+// yet. Only `full` does; the activation tail uses this to print an honest "not yet,
+// running agentic instead" note rather than silently under-delivering.
+function bootstrapTierIsDeepNotYet(tier) {
+    return tier === "full";
+}
+// Pure marker writer (no console output). Writes a `.meetless.json` into `cwd`
+// unless one already exists and `force` is not set. Returns whether a NEW marker
+// was written (created=false means an existing marker was left untouched). The
+// marker is strictly non-secret: workspaceId is an opaque tenant pointer and
+// workspaceName is display-only, so the default note tells the human it is safe
+// to commit.
+function writeActivationMarker(cwd, workspaceId, opts = {}) {
+    const markerPath = path.join(cwd, activation_1.ACTIVATION_FILENAME);
+    if (fs.existsSync(markerPath) && !opts.force) {
+        return { markerPath, created: false };
+    }
+    const marker = {
+        workspaceId,
+        ...(opts.workspaceName ? { workspaceName: opts.workspaceName } : {}),
+        activatedAt: new Date().toISOString(),
+        note: opts.note ??
+            "Meetless workspace binding for this folder. Non-secret and safe to commit " +
+                "(it holds no credentials). Run `mla deactivate` to remove it.",
+    };
+    fs.writeFileSync(markerPath, JSON.stringify(marker, null, 2) + "\n", "utf8");
+    return { markerPath, created: true };
+}
+// Clear the per-session OFF sentinel for the CURRENT live session, if present.
+// Returns the session id when a sentinel was removed (so the caller can report
+// it), or null when there was nothing to clear / no live session. Pure fs; no
+// console output. Used by `mla activate` to re-enable a session that was muted
+// with `mla mute`.
+function clearDeactivateSentinel() {
+    const liveSid = process.env.CLAUDE_CODE_SESSION_ID;
+    if (!liveSid)
+        return null;
+    const sentinel = path.join(config_1.SESSION_GATE_DIR, `${liveSid}.off`);
+    if (!fs.existsSync(sentinel))
+        return null;
+    fs.rmSync(sentinel, { force: true });
+    return liveSid;
+}
+// Best-effort: undo the OLD auto-gitignore behavior. The marker is committable
+// and no longer force-ignored, so if a prior `mla activate` left a
+// `.meetless.json` entry (and its banner comment) in the local `.gitignore`,
+// strip it so the user is free to commit the marker. Returns a human message
+// when something changed, else null. Never creates a `.gitignore`.
+function removeStaleGitignoreEntry(dir) {
+    const gitignorePath = path.join(dir, ".gitignore");
+    if (!fs.existsSync(gitignorePath))
+        return null;
+    const body = fs.readFileSync(gitignorePath, "utf8");
+    const lines = body.split("\n");
+    const kept = lines.filter((l) => l.trim() !== activation_1.ACTIVATION_FILENAME &&
+        !l.startsWith("# Meetless per-folder activation marker"));
+    if (kept.length === lines.length)
+        return null;
+    fs.writeFileSync(gitignorePath, kept.join("\n"), "utf8");
+    return `removed stale ${activation_1.ACTIVATION_FILENAME} entry from ${gitignorePath}`;
+}
+// Bootstrap the CURRENT Claude Code session so capture takes effect NOW,
+// without waiting for the next session. The current session's SessionStart
+// hook already fired and exited dormant (no marker existed yet), so there is
+// no AgentRun, no `session_started` spool line, and no repoPath sidecar for it.
+// We reuse the installed session-start.sh as the canonical writer: with the
+// marker now present its activation gate passes, and it writes the sidecar,
+// spools session_started, and spawns the detached flush exactly as a real
+// SessionStart would. Claude Code exports CLAUDE_CODE_SESSION_ID to hook
+// subprocesses (and it equals the stdin session_id the hooks parse), so we can
+// learn the live session id and feed it on stdin.
+//
+// Best-effort: a failure here never fails `mla activate`. The NEXT session in
+// this folder still captures via the marker gate; this only buys the current
+// one. Production stays dir-wise; this is the "get one session working now"
+// affordance.
+function bootstrapCurrentSession(dir) {
+    const sessionId = process.env.CLAUDE_CODE_SESSION_ID;
+    if (!sessionId) {
+        return { ok: false, detail: "not inside a Claude Code session (CLAUDE_CODE_SESSION_ID unset)" };
+    }
+    const sessionStart = path.join(config_1.HOOKS_DIR, "session-start.sh");
+    if (!fs.existsSync(sessionStart)) {
+        return {
+            ok: false,
+            sessionId,
+            detail: `installed hooks not found at ${sessionStart}; run 'mla init' to wire capture`,
+        };
+    }
+    try {
+        (0, child_process_1.execFileSync)("bash", [sessionStart], {
+            cwd: dir,
+            input: JSON.stringify({ session_id: sessionId, transcript_path: "" }),
+            env: process.env,
+            stdio: ["pipe", "ignore", "ignore"],
+            timeout: 15000,
+        });
+        return { ok: true, sessionId, detail: "bootstrapped" };
+    }
+    catch (e) {
+        return { ok: false, sessionId, detail: e.message };
+    }
+}
+// Probe a directory's Git context: whether cwd is inside a work tree, and the
+// repo root if so. Both `git` calls swallow stderr and any non-Git failure maps
+// to insideWorkTree=false, so a missing git binary or a non-repo directory is
+// handled the same way (not inside Git).
+function gitInfo(dir) {
+    try {
+        const inside = (0, child_process_1.execFileSync)("git", ["rev-parse", "--is-inside-work-tree"], {
+            cwd: dir,
+            encoding: "utf8",
+            stdio: ["ignore", "pipe", "ignore"],
+        }).trim();
+        if (inside !== "true")
+            return { insideWorkTree: false };
+        const root = (0, child_process_1.execFileSync)("git", ["rev-parse", "--show-toplevel"], {
+            cwd: dir,
+            encoding: "utf8",
+            stdio: ["ignore", "pipe", "ignore"],
+        }).trim();
+        return { insideWorkTree: true, root };
+    }
+    catch {
+        return { insideWorkTree: false };
+    }
+}
+// Compare two directory paths for identity, resolving symlinks. On macOS
+// `process.cwd()` reports the physical path (/private/var/...) while
+// `git rev-parse --show-toplevel` may report through the /var symlink; realpath
+// on both sides makes the repo-root check robust to that.
+function sameDir(a, b) {
+    try {
+        return fs.realpathSync(a) === fs.realpathSync(b);
+    }
+    catch {
+        return path.resolve(a) === path.resolve(b);
+    }
+}
+// Loads machine credentials (controlUrl, controlToken, actor) from
+// cli-config.json. cli-config no longer carries the workspaceId (T1.1); this
+// only fetches the creds the provision POST / repair probe need.
+function loadCfgOrExplain() {
+    if (!(0, config_1.configExists)()) {
+        console.error(`cli-config.json not found at ${config_1.CFG_PATH}. Run 'mla init --control-token <token>' first.`);
+        return 2;
+    }
+    try {
+        return (0, config_1.readConfig)();
+    }
+    catch (e) {
+        console.error(e.message);
+        return 2;
+    }
+}
+async function runActivate(argv) {
+    let flags;
+    try {
+        flags = parseActivateArgs(argv);
+    }
+    catch (e) {
+        console.error(e.message);
+        return 2;
+    }
+    const cwd = process.cwd();
+    // `--repair` re-checks an existing binding's membership/connectivity ONLY. It
+    // never mints a new id (An, 2026-06-04): re-creation is an explicit
+    // `mla deactivate` then `mla activate`.
+    if (flags.repair) {
+        return runRepair(cwd);
+    }
+    // `--here` (in-Git subdir override) and `--create` (non-Git override) are two
+    // distinct flags, never overloaded (INV-FLAGS-1). Passing both is a category
+    // error, refused before any side effect.
+    if (flags.here && flags.create) {
+        console.error("`--here` and `--create` cannot be combined: --here is the in-Git subdir " +
+            "override, --create is the non-Git override.");
+        return 2;
+    }
+    // Create-vs-bind keys on marker PRESENCE. Under `--here` the resolution is
+    // narrowed to a marker exactly AT cwd (INV-ACTIVATE-1): a parent marker does
+    // NOT bind, so `--here` provisions a shadowing sub-project workspace even when
+    // a parent marker exists (the monorepo sub-project case).
+    const cwdMarkerPath = path.join(cwd, activation_1.ACTIVATION_FILENAME);
+    const existing = flags.here
+        ? fs.existsSync(cwdMarkerPath)
+            ? (0, activation_1.findActivation)(cwd)
+            : null
+        : (0, activation_1.findActivation)(cwd);
+    if (existing) {
+        return runBind(existing, cwd, resolveBootstrapTier(flags));
+    }
+    const git = gitInfo(cwd);
+    const guard = checkCreateGuard(flags, git, cwd);
+    if (guard !== 0)
+        return guard;
+    return runProvision(cwd, flags);
+}
+// Repo-root guard (INV-FLAGS-1). Returns 0 to allow provisioning, or a non-zero
+// exit code after printing the refusal. Called only when no marker resolves.
+function checkCreateGuard(flags, git, cwd) {
+    if (flags.here) {
+        // --here is the in-Git subdir override; it only applies inside a Git tree.
+        if (!git.insideWorkTree) {
+            console.error("`--here` only applies inside a Git repository.");
+            console.error("This directory is not inside a Git repository. To create a workspace " +
+                "here anyway, use `mla activate --create`.");
+            return 2;
+        }
+        return 0;
+    }
+    if (flags.create) {
+        // --create is the non-Git override; it is refused inside a Git tree, where
+        // the safe paths are the repo root (no flag) or a subdir (`--here`).
+        if (git.insideWorkTree) {
+            const atRoot = git.root ? sameDir(cwd, git.root) : false;
+            console.error("`--create` is for directories that are NOT inside a Git repository.");
+            if (atRoot) {
+                console.error("You are at a Git repo root; run `mla activate` (no flag) to provision here.");
+            }
+            else {
+                console.error("You are in a Git subdir; run `mla activate --here` to bind this subdir, " +
+                    "or cd to the repo root and run `mla activate`.");
+            }
+            return 2;
+        }
+        return 0;
+    }
+    // No override flag. Outside Git, refuse and point at --create.
+    if (!git.insideWorkTree) {
+        console.error("No Meetless workspace is bound here, and this directory is not inside a Git repository.");
+        console.error("To create a workspace here, run `mla activate --create`.");
+        return 2;
+    }
+    // Inside Git with no flag: auto-create only at the repo root.
+    const atRoot = git.root ? sameDir(cwd, git.root) : false;
+    if (atRoot)
+        return 0;
+    console.error("No Meetless workspace is bound here.");
+    console.error("");
+    console.error("You are inside a Git repository but not at its root:");
+    console.error(`  repo root: ${git.root}`);
+    console.error(`  cwd:       ${cwd}`);
+    console.error("");
+    console.error("Run one of:");
+    console.error(`  cd ${git.root} && mla activate`);
+    console.error("  mla activate --here");
+    return 2;
+}
+// Provision a fresh workspace server-side and write its id into the marker at
+// cwd. The owner is the authenticated caller (resolved server-side from the
+// actor identity), never the request body, so a caller cannot mint a workspace
+// owned by someone else.
+async function runProvision(cwd, flags) {
+    const loaded = loadCfgOrExplain();
+    if (typeof loaded === "number")
+        return loaded;
+    const cfg = loaded;
+    const name = (flags.name && flags.name.trim()) || path.basename(cwd);
+    let resp;
+    try {
+        resp = await (0, http_1.post)(cfg, "/internal/v1/workspaces", { name });
+    }
+    catch (e) {
+        const err = e;
+        if (err.status === 401 || err.status === 403) {
+            console.error("Control rejected the provision request (not authorized). Check `mla doctor` and your token.");
+        }
+        else if (err.status !== undefined) {
+            console.error(`Control could not provision the workspace (HTTP ${err.status}).`);
+        }
+        else {
+            console.error("Could not reach control to provision the workspace. Is it running? (`mla doctor`)");
+        }
+        return 1;
+    }
+    const { markerPath } = writeActivationMarker(cwd, resp.id, {
+        force: true,
+        workspaceName: resp.name,
+        note: flags.note,
+    });
+    console.log(`Provisioned workspace ${resp.id} (${resp.name}).`);
+    console.log(`  marker:      ${markerPath}`);
+    console.log(`  workspaceId: ${resp.id}`);
+    console.log("");
+    console.log("Commit guidance:");
+    console.log(`  ${activation_1.ACTIVATION_FILENAME} is untracked and not gitignored; it holds no secrets.`);
+    console.log("  Commit it to share this workspace binding with the team, or leave it");
+    console.log("  uncommitted to keep the binding local to this clone.");
+    const giResult = removeStaleGitignoreEntry(cwd);
+    if (giResult)
+        console.log(`  gitignore:   ${giResult}`);
+    // Fresh workspace = empty governed KB: invite onboarding (one-time per workspace).
+    return finishActivate(cwd, resolveBootstrapTier(flags), true);
+}
+// Bind to an already-resolved marker. Provisions nothing; the marker is local
+// truth for "which workspace this folder runs under".
+function runBind(found, cwd, tier) {
+    const nameSuffix = found.workspaceName ? ` (${found.workspaceName})` : "";
+    const id = found.workspaceId ?? "(no workspaceId in marker)";
+    console.log(`Already activated: ${found.path} -> ${id}${nameSuffix}`);
+    console.log("  Marker unchanged; this folder is already bound to a workspace.");
+    const giResult = removeStaleGitignoreEntry(found.dir);
+    if (giResult)
+        console.log(`  gitignore:   ${giResult}`);
+    return finishActivate(cwd, tier);
+}
+// `mla activate --repair`: re-check an existing binding's health WITHOUT ever
+// minting a new id (An, 2026-06-04). A missing/inaccessible workspace is
+// surfaced loudly and the user is pointed at deactivate+activate to re-create;
+// repair itself never re-creates.
+async function runRepair(cwd) {
+    const found = (0, activation_1.findActivation)(cwd);
+    if (!found) {
+        console.error("Nothing to repair: no .meetless.json is bound to this folder.");
+        console.error("  Run `mla activate` to create or bind a workspace here.");
+        return 2;
+    }
+    if (!found.workspaceId) {
+        console.error(`Nothing to repair: ${found.path} has no usable workspaceId (stale marker).`);
+        console.error("  Re-create the binding with `mla deactivate` then `mla activate`.");
+        return 2;
+    }
+    const loaded = loadCfgOrExplain();
+    if (typeof loaded === "number")
+        return loaded;
+    const cfg = loaded;
+    console.log(`Checking binding: ${found.workspaceId} (${found.path})`);
+    try {
+        await (0, http_1.get)(cfg, `/internal/v1/workspaces/me?workspaceId=${encodeURIComponent(found.workspaceId)}`, 5000);
+        console.log("  Status: active (exists and reachable). Nothing to repair.");
+        return 0;
+    }
+    catch (e) {
+        const err = e;
+        if (err.status === 404) {
+            console.error(`  Status: bound to ${found.workspaceId}, but the workspace does not exist or is inaccessible.`);
+            console.error("  `mla activate --repair` never re-creates a workspace; run `mla deactivate` " +
+                "then `mla activate` to mint a new one.");
+            return 1;
+        }
+        if (err.status === 401 || err.status === 403) {
+            console.error(`  Status: bound to ${found.workspaceId}, but your token is not a member. ` +
+                "Ask a workspace owner to add you.");
+            return 1;
+        }
+        // Network error / control down: never fail repair on transient unreachability.
+        console.log(`  Status: could not verify with control (${err.status ?? "offline"}). ` +
+            "The local binding still applies.");
+        return 0;
+    }
+}
+// One-time nudge toward `/mla onboard`, the agent-driven repo onboarding that seeds
+// the governed KB from the repo's docs and git history (the mla-onboard skill wired
+// by `mla init`/`rewire`). Pure: returns the text to print, or null to stay silent.
+//
+// Shown only when BOTH hold:
+//   - inSession: there is a live Claude Code session, so the `/mla onboard` slash
+//     command is actually invokable (it is a no-op suggestion from a bare shell).
+//   - justProvisioned: this run created a brand-new workspace, whose governed KB is
+//     empty: exactly the moment onboarding pays off. Re-running `mla activate` on an
+//     already-bound folder takes the bind path (no provision), so the nudge is
+//     naturally one-time per workspace without any sentinel state.
+function onboardRecommendation(opts) {
+    if (!opts.inSession || !opts.justProvisioned)
+        return null;
+    return [
+        "Next: seed this workspace's governed memory from the repo.",
+        "  Run `/mla onboard` to dispatch two read-only scouts over your docs and git",
+        "  history. They surface constraints, decisions, conventions, boundaries, and",
+        "  deprecations as candidates born PENDING for you to review; nothing is accepted",
+        "  automatically. You can run it now or any time later.",
+    ].join("\n");
+}
+// Shared tail for the provision/bind paths: clear any per-session OFF sentinel,
+// then bootstrap the current session so capture starts NOW (not next session). The
+// bootstrap tier decides whether the activation preview also emits the agentic
+// scout mission (fast = review bundle only; agentic/full = bundle + mission).
+// recommendOnboard is set only by the provision path, so the `/mla onboard` nudge
+// fires once per fresh workspace (see onboardRecommendation).
+function finishActivate(cwd, tier, recommendOnboard = false) {
+    // Re-running `mla activate` inside a session that was previously muted with
+    // `mla mute` is one supported way to turn it back ON (the other is
+    // `mla unmute`): clear the per-session sentinel FIRST, so the bootstrap below
+    // (and every subsequent hook) is no longer short-circuited by
+    // meetless_session_disabled.
+    const clearedSid = clearDeactivateSentinel();
+    if (clearedSid) {
+        console.log("");
+        console.log(`Cleared a prior \`mla mute\` for this session (${clearedSid.slice(0, 8)}); capture is back ON.`);
+    }
+    // Deterministic preview (Regime 1): scan + cache, then show the review bundle.
+    // Never block activation on the preview; it is reassurance, not a gate.
+    try {
+        const scanWorkspaceId = (0, workspace_1.tryResolveWorkspaceId)(cwd); // existing resolver from ../lib/workspace
+        if (scanWorkspaceId) {
+            const result = (0, scan_context_1.rescanAndCache)({ cwd, workspaceId: scanWorkspaceId });
+            console.log("");
+            console.log((0, bootstrap_summary_1.renderBootstrapSummary)(result));
+            // Deeper tiers invite the agentic scout to read the messy Tier-2 docs the
+            // deterministic pass could only count. `full` additionally asks for the
+            // temporal legacy-note graph, which is the canonical agent's lane and not
+            // built here, so we say so plainly and fall back to the agentic mission.
+            if (bootstrapTierEmitsMission(tier)) {
+                if (bootstrapTierIsDeepNotYet(tier)) {
+                    console.log("");
+                    console.log("The `full` tier (temporal legacy-note graph) is not built yet; it depends on the");
+                    console.log("coordination graph. Running the agentic tier below, the deepest available now.");
+                }
+                console.log("");
+                console.log("Agentic scout mission (hand this to a coding agent):");
+                console.log("");
+                console.log((0, scout_mission_1.renderManualScoutMission)(result));
+            }
+            else {
+                // Fast tier: do not hide the deeper bootstrap. When deep docs went unread,
+                // nudge the operator toward `mla activate --bootstrap agentic`.
+                const invite = (0, scout_mission_1.renderAgenticInvitation)(result);
+                if (invite) {
+                    console.log("");
+                    console.log(invite);
+                }
+            }
+        }
+    }
+    catch {
+        // swallow: the preview must never fail activation
+    }
+    const boot = bootstrapCurrentSession(cwd);
+    console.log("");
+    if (boot.ok) {
+        console.log(`Capture is active NOW for this session (${boot.sessionId.slice(0, 8)}); no restart needed.`);
+        console.log("Run `mla review` inside this session to see the console URLs + captured review.");
+    }
+    else {
+        console.log("Capture takes effect on the NEXT Claude Code session started from this folder.");
+        // Only explain when we were inside a session but the bootstrap could not
+        // run (e.g. hooks not installed); a plain non-session invocation needs no
+        // scary detail.
+        if (boot.sessionId) {
+            console.log(`  (current session not bootstrapped: ${boot.detail})`);
+        }
+    }
+    // A live Claude Code session is what makes `/mla onboard` invokable; key off the
+    // session id (present even if the bootstrap hook itself could not run), not boot.ok.
+    const onboard = onboardRecommendation({
+        inSession: !!boot.sessionId,
+        justProvisioned: recommendOnboard,
+    });
+    if (onboard) {
+        console.log("");
+        console.log(onboard);
+    }
+    return 0;
+}
+// `mla mute` (per-session capture OFF, folder = workspace T2.3).
+//
+// Silences the CURRENT live Claude Code session, both capture AND Push, even
+// inside an activated folder, by dropping a `<sid>.off` sentinel into
+// SESSION_GATE_DIR. The capture hooks check meetless_session_disabled (after the
+// folder gate, once the session id is parsed) and exit 0 when the sentinel
+// exists. This is the dogfooding A/B affordance: run the same repo with the
+// pipeline on in one session and off in another, with no folder churn.
+//
+// Scope is deliberately the SESSION, not the folder: `mute` never touches
+// `.meetless.json`. To unbind a whole folder from its workspace, run
+// `mla deactivate`. Re-enable this session with `mla unmute` (or `mla activate`).
+async function runMute(argv) {
+    if (argv.length > 0) {
+        console.error(`Unknown argument: ${argv[0]}. \`mla mute\` takes no arguments.`);
+        return 2;
+    }
+    const sessionId = process.env.CLAUDE_CODE_SESSION_ID;
+    if (!sessionId) {
+        console.error("mla mute must run INSIDE a live Claude Code session (CLAUDE_CODE_SESSION_ID is unset).");
+        console.error("It silences the CURRENT session only. To unbind a whole folder from its workspace, run `mla deactivate`.");
+        return 2;
+    }
+    fs.mkdirSync(config_1.SESSION_GATE_DIR, { recursive: true });
+    const sentinel = path.join(config_1.SESSION_GATE_DIR, `${sessionId}.off`);
+    fs.writeFileSync(sentinel, new Date().toISOString() + "\n", "utf8");
+    console.log(`Muted this session (${sessionId.slice(0, 8)}): capture AND Push are now OFF.`);
+    console.log(`  sentinel: ${sentinel}`);
+    console.log("  Takes effect on the next hook fire (prompt, tool use, or stop).");
+    console.log("  Re-run `mla unmute` (or `mla activate`) in this session to turn it back on.");
+    return 0;
+}
+// `mla unmute` (per-session capture back ON, folder = workspace T2.3).
+//
+// Removes the `<sid>.off` sentinel for the CURRENT live session, undoing a prior
+// `mla mute`. Like `mute`, it is strictly session-scope and never touches
+// `.meetless.json`. A no-op (exit 0) when the session was not muted.
+async function runUnmute(argv) {
+    if (argv.length > 0) {
+        console.error(`Unknown argument: ${argv[0]}. \`mla unmute\` takes no arguments.`);
+        return 2;
+    }
+    const sessionId = process.env.CLAUDE_CODE_SESSION_ID;
+    if (!sessionId) {
+        console.error("mla unmute must run INSIDE a live Claude Code session (CLAUDE_CODE_SESSION_ID is unset).");
+        console.error("It re-enables the CURRENT session only.");
+        return 2;
+    }
+    const sentinel = path.join(config_1.SESSION_GATE_DIR, `${sessionId}.off`);
+    if (!fs.existsSync(sentinel)) {
+        console.log(`This session (${sessionId.slice(0, 8)}) was not muted; nothing to do.`);
+        return 0;
+    }
+    fs.rmSync(sentinel, { force: true });
+    console.log(`Unmuted this session (${sessionId.slice(0, 8)}): capture is back ON.`);
+    console.log("  Takes effect on the next hook fire (prompt, tool use, or stop).");
+    return 0;
+}
+function parseDeactivateArgs(argv) {
+    const out = {};
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (a === "--marker") {
+            const v = argv[i + 1];
+            if (v === undefined || v.startsWith("-"))
+                throw new Error("Missing value for --marker");
+            out.marker = v;
+            i += 1;
+            continue;
+        }
+        if (a === "--yes") {
+            out.yes = true;
+            continue;
+        }
+        if (a === "--from-root") {
+            out.fromRoot = true;
+            continue;
+        }
+        throw new Error(`Unknown argument: ${a}. \`mla deactivate\` accepts --yes, --from-root, --marker <path>.`);
+    }
+    return out;
+}
+// Best-effort read of a marker's workspaceId for human-facing messages. A
+// malformed or missing file yields undefined; never throws.
+function readMarkerWorkspaceId(markerPath) {
+    try {
+        const raw = JSON.parse(fs.readFileSync(markerPath, "utf8"));
+        return typeof raw.workspaceId === "string" && raw.workspaceId.trim()
+            ? raw.workspaceId
+            : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+// Interactive y/N prompt. Only reached on a real TTY (the non-interactive path
+// refuses before calling this), so reading stdin can never hang a script.
+function promptYesNo(question) {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+        rl.question(question, (answer) => {
+            rl.close();
+            const a = answer.trim().toLowerCase();
+            resolve(a === "y" || a === "yes");
+        });
+    });
+}
+// `mla deactivate` (workspace-binding removal, folder = workspace T2.2).
+//
+// Removes the nearest `.meetless.json`, unbinding this folder from its
+// workspace (future sessions under it stop capturing). This is NOT a per-session
+// off switch any more; that is `mla mute`.
+//
+// Guards (INV-DEACTIVATE-1 + nested-dir safety):
+//   - Confirms before deleting; `--yes` skips the prompt. In a non-interactive
+//     context (no TTY) it refuses without `--yes` rather than hang.
+//   - When the nearest marker lives in an ANCESTOR of cwd (the monorepo case),
+//     a plain run refuses: removing it would unbind the whole subtree. The user
+//     opts in with `--from-root` (remove the resolved ancestor) or
+//     `--marker <path>` (target a specific marker explicitly).
+async function runDeactivate(argv) {
+    let flags;
+    try {
+        flags = parseDeactivateArgs(argv);
+    }
+    catch (e) {
+        console.error(e.message);
+        return 2;
+    }
+    if (flags.marker && flags.fromRoot) {
+        console.error("`--marker` and `--from-root` cannot be combined: --marker already names an " +
+            "explicit target; --from-root is for the resolved ancestor marker.");
+        return 2;
+    }
+    const cwd = process.cwd();
+    // Resolve the target marker path + the directory it binds.
+    let targetPath;
+    let targetDir;
+    let workspaceId;
+    if (flags.marker) {
+        // Explicit path = explicit intent: no locality guard. Resolve, accept a
+        // directory by appending the marker filename, and require the basename to
+        // be the marker so we never `rm` an arbitrary file.
+        let p = path.resolve(cwd, flags.marker);
+        if (fs.existsSync(p) && fs.statSync(p).isDirectory()) {
+            p = path.join(p, activation_1.ACTIVATION_FILENAME);
+        }
+        if (path.basename(p) !== activation_1.ACTIVATION_FILENAME) {
+            console.error(`--marker must point at a ${activation_1.ACTIVATION_FILENAME} file (got ${flags.marker}).`);
+            return 2;
+        }
+        if (!fs.existsSync(p)) {
+            console.error(`No marker at ${p}.`);
+            return 1;
+        }
+        targetPath = p;
+        targetDir = path.dirname(p);
+        workspaceId = readMarkerWorkspaceId(p);
+    }
+    else {
+        const found = (0, activation_1.findActivation)(cwd);
+        if (!found) {
+            console.error("Nothing to deactivate: no .meetless.json binding resolves from here.");
+            console.error("  (Use `mla mute` to silence just the current session.)");
+            return 1;
+        }
+        // Nested-dir safety: an ancestor marker is not removed from a subdir without
+        // an explicit opt-in, even with `--yes` (which only skips the y/N prompt).
+        if (!sameDir(found.dir, cwd) && !flags.fromRoot) {
+            console.error("The nearest workspace binding is in a parent directory, not here:");
+            console.error(`  marker: ${found.path}`);
+            console.error(`  cwd:    ${cwd}`);
+            console.error("");
+            console.error("Removing it would unbind the whole subtree, not just this folder.");
+            console.error("Re-run with `--from-root` to remove that parent binding, or");
+            console.error("`--marker <path>` to target a specific .meetless.json.");
+            return 1;
+        }
+        targetPath = found.path;
+        targetDir = found.dir;
+        workspaceId = found.workspaceId;
+    }
+    // Confirm-before-delete context (INV-DEACTIVATE-1). Shown on every path so the
+    // operator sees what would change even when the run refuses.
+    console.log("Found marker:");
+    console.log(`  ${targetPath}`);
+    console.log("");
+    console.log("`mla deactivate` REMOVES this folder workspace binding (it no longer");
+    console.log("just suppresses this session; that is `mla mute`).");
+    console.log("");
+    if (!flags.yes) {
+        if (!process.stdin.isTTY) {
+            console.error("Refusing to remove a workspace binding without confirmation in a non-interactive context.");
+            console.error("Re-run with `--yes` to deactivate non-interactively.");
+            return 1;
+        }
+        const ok = await promptYesNo("Deactivate this workspace binding? [y/N] ");
+        if (!ok) {
+            console.log("Aborted; marker left in place.");
+            return 0;
+        }
+    }
+    fs.rmSync(targetPath, { force: true });
+    const wasBound = workspaceId ? ` (was bound to ${workspaceId})` : "";
+    console.log(`Removed ${targetPath}.${wasBound}`);
+    console.log(`Future sessions under ${targetDir} will not be captured unless another parent marker applies.`);
+    // Helpful for monorepos: after removing the nearer marker, re-resolve from the
+    // same dir to see whether a parent marker now governs the subtree, and say so.
+    const stillApplies = (0, activation_1.findActivation)(targetDir);
+    if (stillApplies) {
+        const sfx = stillApplies.workspaceId ? ` -> ${stillApplies.workspaceId}` : "";
+        console.log(`  Note: a parent marker still governs this subtree: ${stillApplies.path}${sfx}`);
+    }
+    return 0;
+}