@modelstatus/cli 0.1.34 → 0.1.35

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelstatus/cli",
-  "version": "0.1.34",
+  "version": "0.1.35",
   "description": "Track which AI models you use, where, and never get surprised by a retirement. Free offline model-health for any repo (mm status), browser sign-in for cloud inventory + alerts.",
   "keywords": [
     "llm",

package/src/api.js

@@ -80,6 +80,12 @@ export function createClient({ apiBase, apiKey }) {
     createChannel: (body) => req("POST", "/channels", { action: "connect", ...body }),
     testChannel: (body) => req("POST", "/channels", { action: "test", ...body }),
 
+    // integrations — the cross-device mirror of the local integrations.json toggle.
+    // The LOCAL file is authoritative for what `mm scan` runs; these sync the web
+    // card + carry plan-gating (402 on free). Best-effort from the TUI.
+    listIntegrations: () => req("GET", "/integrations"),
+    setIntegration: (body) => req("PATCH", "/integrations", body),
+
     // notifications feed
     listNotifications: (params) => req("GET", `/notifications${qs(params)}`),
     readNotification: (id) => req("POST", `/notifications/${id}/read`),

package/src/ci.js

@@ -16,7 +16,7 @@ const BADGE = { ok: "🟢", deprecating: "🟡", retiring: "🟠", retired: "
 
 /** Evaluate `dir` and return { findings, failing, threshold, failOn, counts, snapshot }.
  * `findings` are per-(model, location) entries with health worse than ok. */
-export async function evaluateCi({ dir, sources = ["filesystem"], scanOpts = {}, failOn = "retired", offline = false, log = () => {} }) {
+export async function evaluateCi({ dir, sources = ["filesystem"], explicit = new Set(), scanOpts = {}, failOn = "retired", offline = false, log = () => {} }) {
   // Online by default so CI checks against the LATEST registry; --offline (or the
   // env) falls back to the cached snapshot. cacheFile env keeps tests hermetic.
   const snapshot = await getRegistry({
@@ -24,7 +24,7 @@ export async function evaluateCi({ dir, sources = ["filesystem"], scanOpts = {},
     cacheFile: process.env.LLMSTATUS_REGISTRY_CACHE || undefined,
     log: (m) => log(`${m}\n`),
   });
-  const candidates = await collectFrom(sources, { root: dir, ...scanOpts }, snapshot.detection);
+  const candidates = await collectFrom(sources, { root: dir, ...scanOpts }, snapshot.detection, explicit);
   const resolved = resolveLocal(snapshot, [...new Set(candidates.map((c) => c.model_string))]);
   const byStr = new Map(resolved.map((r) => [r.input.toLowerCase(), r]));
   const today = new Date();

package/src/index.js

@@ -3,7 +3,11 @@ import fs from "node:fs";
 import path from "node:path";
 import { resolveAuth, loadConfig, saveConfig, clearAuth, configFilePath } from "./config.js";
 import { createClient } from "./api.js";
-import { collectFrom, availability, ALL_SOURCE_IDS } from "./sources/index.js";
+import { collectFrom, availability, ALL_SOURCE_IDS, getSource } from "./sources/index.js";
+import {
+  INTEGRATION_IDS, INTEGRATION_META, readIntegrations, enabledIds,
+  getEnvTag, setEnabled, setEnvTag,
+} from "./integrations.js";
 import { redactValue } from "./redact.js";
 import { assignProjects } from "./upload.js";
 import { loginViaBrowser } from "./auth.js";
@@ -17,6 +21,8 @@ function parseArgs(argv) {
   const valueFlags = new Set([
     "api", "key", "project", "dir", "fail-on", "diff", "json-out",
     "sources", "region", "namespace", "kube-context", "db", "sql-table", "env",
+    // Per-integration scope flags (non-secret): consumed by the 4 live sources.
+    "vercel-project", "vercel-team", "gh-repo", "supabase-ref",
   ]);
   for (let i = 0; i < argv.length; i++) {
     const a = argv[i];
@@ -41,15 +47,33 @@ const uuidish = (s) => /^[0-9a-f]{8}-[0-9a-f]{4}-/i.test(s || "");
  * from a git remote, since a local scan root may not be the repo root. */
 const ghRepoSlug = () => (process.env.GITHUB_REPOSITORY || "").trim();
 
-/** Resolve the requested sources: default filesystem, "all", or a comma list. */
+/** The set of source ids the user named VERBATIM in --sources (empty for the
+ * default / "all"). Naming a live integration here overrides its enabled-gate. */
+function explicitSources(flags) {
+  const raw = (flags.sources || "").trim();
+  if (!raw || raw === "all") return new Set();
+  return new Set(raw.split(",").map((s) => s.trim()).filter(Boolean));
+}
+
+/** Resolve the requested sources.
+ *   - empty  → filesystem + every ENABLED live integration (toggled-on integrations
+ *              scan by default; the rest are NOT in the default set, so no surprise
+ *              network calls).
+ *   - "all"  → ALL_SOURCE_IDS, but a live integration is included only when enabled
+ *              (so `all` never silently fires a not-authorized integration); the
+ *              existing non-integration sources stay in `all` unconditionally.
+ *   - list   → honored verbatim (an explicit id overrides the enabled-gate). */
 function parseSources(flags) {
   const raw = (flags.sources || "").trim();
-  if (!raw) return ["filesystem"];
-  if (raw === "all") return ALL_SOURCE_IDS;
+  if (!raw) return ["filesystem", ...enabledIds()];
+  if (raw === "all") {
+    const enabled = enabledIds();
+    return ALL_SOURCE_IDS.filter((id) => !getSource(id)?.integration || enabled.has(id));
+  }
   return raw.split(",").map((s) => s.trim()).filter(Boolean);
 }
 
-/** Per-source options gathered from flags (region/namespace/db/…). */
+/** Per-source options gathered from flags (region/namespace/db/integration scope). */
 function scanOpts(flags, dir) {
   return {
     root: dir,
@@ -59,6 +83,10 @@ function scanOpts(flags, dir) {
     db: flags.db,
     sqlTable: flags["sql-table"],
     env: flags.env,
+    vercelProject: flags["vercel-project"],
+    vercelTeam: flags["vercel-team"],
+    ghRepo: flags["gh-repo"],
+    supabaseProjectRef: flags["supabase-ref"],
   };
 }
 
@@ -136,10 +164,13 @@ async function cmdScan(positional, flags) {
   // Non-interactive (CI / --json / --yes): scan + bulk upload, no TUI.
   const client = createClient({ apiBase, apiKey });
   const sources = parseSources(flags);
+  const explicit = explicitSources(flags);
   const opts = scanOpts(flags, dir);
 
-  // Report which sources will actually run (tool/creds/flags present).
-  const avail = await availability(sources, opts);
+  // Report which sources will actually run (tool/creds/flags present). A live
+  // integration named explicitly in --sources counts as available without being
+  // toggled on (explicit intent overrides the enabled-gate).
+  const avail = await availability(sources, opts, explicit);
   for (const a of avail) {
     if (!a.known) process.stderr.write(`! unknown source "${a.id}" — skipped\n`);
     else if (!a.available) process.stderr.write(`! ${a.id} unavailable (tool, creds, or flags missing) — skipped\n`);
@@ -148,7 +179,7 @@ async function cmdScan(positional, flags) {
   process.stderr.write(`Scanning [${active.join(", ") || "none"}] …\n`);
 
   const patterns = await client.detectionPatterns();
-  const candidates = await collectFrom(sources, opts, patterns);
+  const candidates = await collectFrom(sources, opts, patterns, explicit);
   if (candidates.length === 0) {
     console.log("No model usage found.");
     return;
@@ -305,6 +336,7 @@ async function cmdCi(positional, flags) {
   const res = await evaluateCi({
     dir,
     sources: parseSources(flags),
+    explicit: explicitSources(flags),
     scanOpts: scanOpts(flags, dir),
     failOn,
     offline: !!flags.offline,
@@ -397,19 +429,75 @@ async function cmdClear(_positional, flags) {
   console.log(`✓ Cleared ${res.usages ?? 0} usage(s)${res.projects ? ` + ${res.projects} project(s)` : ""}. Your inventory is clean — rescan to repopulate.`);
 }
 
-/** List detection sources and whether each can run right now. */
+/** List detection sources and whether each can run right now. Live integrations
+ * also show their on/off toggle (the `int` column) so toggled state is visible
+ * here too. */
 async function cmdSources(_positional, flags) {
   const dir = path.resolve(flags.dir || ".");
   const report = await availability(ALL_SOURCE_IDS, scanOpts(flags, dir));
   console.log("Detection sources:");
   for (const a of report) {
-    console.log(`  ${a.available ? "✓" : "·"} ${a.id.padEnd(13)} ${a.label}${a.available ? "" : "  (unavailable)"}`);
+    // For an integration, the toggle column shows on/off; "·" elsewhere is N/A.
+    const toggle = a.integration ? (a.enabled ? "on " : "off") : "—  ";
+    console.log(`  ${a.available ? "✓" : "·"} ${a.id.padEnd(15)} ${toggle}  ${a.label}${a.available ? "" : "  (unavailable)"}`);
   }
   console.log("\nScan with: mm scan --sources env,aws-secrets,k8s,helm,sql   (or --sources all)");
+  console.log("Integrations (toggle with `mm integrations enable <id>`): " + INTEGRATION_IDS.join(", "));
   console.log("Options:   --region <r> · --namespace <ns> · --kube-context <c> · --db <pg-dsn> --sql-table <t>");
+  console.log("           --vercel-project <p> · --vercel-team <t> · --gh-repo <owner/name> · --supabase-ref <ref>");
   console.log("Safety:    secret VALUES never leave your machine — only model ids upload. Use --dry-run to preview.");
 }
 
+/** `mm integrations [list|enable <id>|disable <id>|env <id> <tag>]` — manage the
+ * local enabled-state of the live integrations (the authoritative toggle for what
+ * `mm scan` runs by default). Non-secret only; authorization is your own CLI. */
+function cmdIntegrations(positional, flags) {
+  const sub = positional[1];
+  const id = positional[2];
+  const known = (x) => INTEGRATION_IDS.includes(x);
+
+  if (sub === "enable" || sub === "disable") {
+    if (!known(id)) {
+      console.error(`Unknown integration "${id}". One of: ${INTEGRATION_IDS.join(", ")}`);
+      process.exit(1);
+    }
+    setEnabled(id, sub === "enable");
+    console.log(`✓ ${id} ${sub === "enable" ? "enabled" : "disabled"}. It ${sub === "enable" ? "now runs" : "no longer runs"} in the default scan.`);
+    return;
+  }
+  if (sub === "env") {
+    const tag = positional[3];
+    if (!known(id)) {
+      console.error(`Unknown integration "${id}". One of: ${INTEGRATION_IDS.join(", ")}`);
+      process.exit(1);
+    }
+    try {
+      setEnvTag(id, tag);
+    } catch (e) {
+      console.error(e.message);
+      process.exit(1);
+    }
+    console.log(`✓ ${id} env set to "${tag}".${tag === "unknown" ? " (override cleared — env is now guessed)" : ""}`);
+    return;
+  }
+
+  // Default / "list": show current state.
+  const cur = readIntegrations();
+  if (flags.json) {
+    console.log(JSON.stringify({ data: INTEGRATION_IDS.map((iid) => ({ id: iid, ...INTEGRATION_META[iid], enabled: !!cur[iid]?.enabled, env_tag: getEnvTag(iid) || "unknown", ref: cur[iid]?.ref })) }, null, 2));
+    return;
+  }
+  console.log("Live integrations:");
+  for (const iid of INTEGRATION_IDS) {
+    const meta = INTEGRATION_META[iid];
+    const on = cur[iid]?.enabled ? "on " : "off";
+    const tag = getEnvTag(iid) || "unknown";
+    console.log(`  ${on}  ${iid.padEnd(15)} env=${tag.padEnd(8)} (${meta.requiresCmd})  ${meta.label}`);
+  }
+  console.log("\nToggle: mm integrations enable|disable <id>   ·   Env: mm integrations env <id> prod|staging|dev|unknown");
+  console.log("Authorization is your already-authenticated CLI (aws/gh/vercel/supabase) — we never store a token.");
+}
+
 /** Offline, account-less health check: pull the signed registry snapshot, scan
  * here, resolve + score health entirely on-device. The free tier's core value. */
 async function cmdStatus(positional, flags) {
@@ -418,7 +506,7 @@ async function cmdStatus(positional, flags) {
   const { resolveLocal, computeHealth } = await import("./registry/local.js");
   const snapshot = await getRegistry({ offline: !!flags.offline, log: (m) => process.stderr.write(`! ${m}\n`) });
 
-  const candidates = await collectFrom(parseSources(flags), scanOpts(flags, dir), snapshot.detection);
+  const candidates = await collectFrom(parseSources(flags), scanOpts(flags, dir), snapshot.detection, explicitSources(flags));
   const resolved = resolveLocal(snapshot, [...new Set(candidates.map((c) => c.model_string))]);
   const byStr = new Map(resolved.map((r) => [r.input.toLowerCase(), r]));
 
@@ -493,19 +581,24 @@ Usage:
   mm ci [dir]              CI gate: fail the build on deprecated/retiring models (GitHub annotations)
                           (--diff <base> limits findings to files changed vs base; auto on PRs via GITHUB_BASE_REF)
   mm sources               List detection sources and whether each can run here
+  mm integrations          Manage live integrations (list | enable <id> | disable <id> | env <id> <tag>)
   mm clear                 Delete all tracked usages from your inventory (--all also wipes projects/rules; --yes to skip the prompt)
   mm upgrade               Open Stripe checkout and poll until Pro is active
   mm tui                   Force-launch the TUI (logs you in first if needed)
 
-Scan sources (--sources, default filesystem; "all" for everything):
+Scan sources (--sources; default = filesystem + enabled integrations; "all" for everything):
   filesystem  repo files          aws-secrets  AWS Secrets Manager + SSM
   env         live process env    k8s          kubectl secrets + configmaps
   sql         psql --db <dsn>     helm         helm release values
+  Live integrations (toggle on with \`mm integrations enable <id>\`, or name in --sources):
+  aws-lambda  Lambda env + Bedrock  vercel  project env (names)   supabase-edge  edge fns + secrets
+  github-actions  workflow YAML + secret names
   Secret sources shell out to your already-authenticated CLIs, run read-only,
   and only ever upload model ids — secret VALUES never leave your machine.
 
 Flags: --api <url> · --key <key> · --project <id|name> · --yes · --json · --ci · --dry-run
        --sources <list> · --region <r> · --namespace <ns> · --kube-context <c> · --db <dsn> · --sql-table <t>
+       --vercel-project <p> · --vercel-team <t> · --gh-repo <owner/name> · --supabase-ref <ref>
 
 Get started: \`mm login\` (opens your browser).`;
 
@@ -553,6 +646,7 @@ async function main() {
     else if (cmd === "ci") await cmdCi(positional, flags);
     else if (cmd === "status") await cmdStatus(positional, flags);
     else if (cmd === "sources") await cmdSources(positional, flags);
+    else if (cmd === "integrations") cmdIntegrations(positional, flags);
     else if (cmd === "clear") await cmdClear(positional, flags);
     else if (cmd === "upgrade") await cmdUpgrade(positional, flags);
     else if (cmd === "tui" || !cmd) await launchTui(positional[1], flags);

package/src/integrations.js

@@ -0,0 +1,121 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+/**
+ * On-disk toggle state for the LIVE integration sources (aws-lambda, vercel,
+ * supabase-edge, github-actions). This is the SINGLE source of truth read by
+ * parseSources (index.js), availability()/collectFrom() (sources/index.js),
+ * `mm integrations`, and the TUI Integrations view.
+ *
+ * It lives in its OWN file (NOT config.json) so the API-key file's blast radius
+ * stays small, and is written 0600/0700 with the exact recipe config.js uses.
+ *
+ * SECURITY: this file is NON-SECRET scope only. `enabled` is a boolean, `envTag`
+ * is a declared env label, and `ref` holds a non-secret scope hint (an AWS
+ * account id, a vercel team/project slug, a gh repo slug). It NEVER stores a
+ * provider key/token — authorization for a live source is always the user's
+ * already-authenticated local CLI (aws/gh/vercel/supabase), never our file.
+ *
+ * On-disk shape:
+ *   {
+ *     "aws-lambda":     { "enabled": true,  "envTag": "prod", "ref": "123456789012" },
+ *     "vercel":         { "enabled": false },
+ *     "supabase-edge":  { "enabled": false },
+ *     "github-actions": { "enabled": true }
+ *   }
+ */
+
+const dir = path.join(os.homedir(), ".config", "llmstatus");
+
+/** The integrations file path. LLMSTATUS_INTEGRATIONS_FILE overrides it (tests
+ * point this at a temp file so they never touch the dev's real toggles — mirrors
+ * filesystem.js's LLMSTATUS_IGNORE_FILE). */
+export function integrationsFilePath() {
+  return process.env.LLMSTATUS_INTEGRATIONS_FILE || path.join(dir, "integrations.json");
+}
+
+/** The 4 known live-integration ids. enabledIds() intersects with this so a
+ * stale/hand-edited key can never inject an unknown source into a scan. */
+export const INTEGRATION_IDS = ["aws-lambda", "vercel", "supabase-edge", "github-actions"];
+
+/** Display + capability metadata. `requiresCmd` is the vendor CLI each one shells
+ * out to (the `available()` PATH check). Kept here so the command, the TUI view,
+ * and cmdSources all read one table. */
+export const INTEGRATION_META = {
+  "aws-lambda": { label: "AWS Lambda env/config + Bedrock", requiresCmd: "aws" },
+  vercel: { label: "Vercel project env", requiresCmd: "vercel" },
+  "supabase-edge": { label: "Supabase Edge Functions + secrets", requiresCmd: "supabase" },
+  "github-actions": { label: "GitHub Actions secrets + workflows", requiresCmd: "gh" },
+};
+
+const ENV_TAGS = new Set(["prod", "staging", "dev", "unknown"]);
+
+/** Parsed integrations.json, or {} (missing/corrupt file → {}, like loadConfig). */
+export function readIntegrations() {
+  try {
+    return JSON.parse(fs.readFileSync(integrationsFilePath(), "utf8"));
+  } catch {
+    return {};
+  }
+}
+
+/** Write the whole map. Owner-only (0600), mirroring config.js's saveConfig
+ * exactly — chmod after write also tightens a pre-existing loose-perm file
+ * (writeFileSync's mode only applies on create). Returns the file path. */
+export function writeIntegrations(next) {
+  const file = integrationsFilePath();
+  fs.mkdirSync(path.dirname(file), { recursive: true, mode: 0o700 });
+  fs.writeFileSync(file, JSON.stringify(next, null, 2), { mode: 0o600 });
+  try {
+    fs.chmodSync(file, 0o600);
+  } catch {
+    /* best-effort (e.g. Windows) */
+  }
+  return file;
+}
+
+/** Is this integration toggled on? */
+export function getEnabled(id) {
+  return !!readIntegrations()[id]?.enabled;
+}
+
+/** The declared env override for an integration, or undefined if none is set
+ * (so the source falls back to guessEnvFrom). "unknown" is never returned — it's
+ * the "clear the override" sentinel (see setEnvTag). */
+export function getEnvTag(id) {
+  const t = readIntegrations()[id]?.envTag;
+  return t && t !== "unknown" ? t : undefined;
+}
+
+/** The enabled live-integration ids, intersected with INTEGRATION_IDS so a stale
+ * key can't inject an unknown source. Returns a Set for cheap `.has()` in the gate. */
+export function enabledIds() {
+  const cur = readIntegrations();
+  return new Set(INTEGRATION_IDS.filter((id) => !!cur[id]?.enabled));
+}
+
+/** Toggle an integration on/off (merges, preserving envTag/ref). Returns the path. */
+export function setEnabled(id, enabled) {
+  const cur = readIntegrations();
+  return writeIntegrations({ ...cur, [id]: { ...cur[id], enabled: !!enabled } });
+}
+
+/** Set the declared env override. Validates the union; "unknown" CLEARS the
+ * override (so guessEnvFrom resumes) rather than force-stamping every finding as
+ * "unknown" and defeating positive-marker detection. Returns the path. */
+export function setEnvTag(id, envTag) {
+  if (!ENV_TAGS.has(envTag)) throw new Error(`envTag must be one of ${[...ENV_TAGS].join(", ")}`);
+  const cur = readIntegrations();
+  const entry = { ...cur[id] };
+  if (envTag === "unknown") delete entry.envTag;
+  else entry.envTag = envTag;
+  return writeIntegrations({ ...cur, [id]: entry });
+}
+
+/** Set a non-secret scope hint (AWS account id / vercel slug / gh repo). Returns
+ * the path. NEVER pass a secret here — this is for display + locator context only. */
+export function setRef(id, ref) {
+  const cur = readIntegrations();
+  return writeIntegrations({ ...cur, [id]: { ...cur[id], ref: ref || undefined } });
+}

package/src/sources/aws-lambda.js

@@ -0,0 +1,95 @@
+import { hasCmd, run } from "./shell.js";
+import { scanConfigEntries, entriesFromKV } from "./configscan.js";
+
+/* Pure parsers (unit-tested) — keep all JSON shape knowledge here, like aws.js.
+ * Each try/catch-es so malformed CLI output degrades to [] / {} rather than throws. */
+
+/** `aws lambda list-functions` → [FunctionName]. */
+export function parseFunctionList(stdout) {
+  try {
+    return (JSON.parse(stdout).Functions || []).map((f) => f.FunctionName).filter(Boolean);
+  } catch {
+    return [];
+  }
+}
+
+/** `aws lambda get-function-configuration` → the Environment.Variables map {K:V}. */
+export function parseFunctionEnv(stdout) {
+  try {
+    return JSON.parse(stdout)?.Environment?.Variables || {};
+  } catch {
+    return {};
+  }
+}
+
+/** `aws bedrock list-foundation-models` → [modelId] from .modelSummaries[].modelId.
+ * These are KNOWN-enabled foundation-model ids (not secrets) but still routed
+ * through the funnel for redaction + dedup parity. */
+export function parseBedrockModels(stdout) {
+  try {
+    return (JSON.parse(stdout).modelSummaries || []).map((m) => m.modelId).filter(Boolean);
+  } catch {
+    return [];
+  }
+}
+
+/** AWS Lambda env/config + Bedrock model ids. LIVE integration: gated on the
+ * enabled toggle (integrations.json) AND the `aws` CLI being present. Shells out
+ * to your already-authenticated `aws` CLI, read-only. Lambda env VALUES are
+ * scanned locally for model ids and never uploaded — only model ids leave.
+ * opts: { region, awsBedrock? }. */
+export const awsLambdaSource = {
+  id: "aws-lambda",
+  label: "AWS Lambda env/config + Bedrock",
+  kind: "cli",
+  integration: true,
+  envTag: "unknown",
+  async available() {
+    return hasCmd("aws");
+  },
+  /** Richer read-only identity probe (beyond the cheap PATH check). */
+  async authState(opts) {
+    const region = opts?.region ? ["--region", opts.region] : [];
+    const r = await run("aws", ["sts", "get-caller-identity", "--output", "json", ...region]);
+    if (!r.ok) return { connected: false, mode: "sts", reason: (r.stderr || "not authenticated").split("\n")[0] };
+    let account;
+    try {
+      account = JSON.parse(r.stdout).Account;
+    } catch {
+      /* ignore */
+    }
+    return { connected: true, mode: "sts", account };
+  },
+  async collect(opts, compiled) {
+    const region = opts?.region ? ["--region", opts.region] : [];
+    const tag = opts?.region || "default";
+    const out = [];
+
+    // (a) Lambda functions → per-function env vars (Bedrock model ids show up here).
+    const list = await run("aws", ["lambda", "list-functions", "--output", "json", ...region]);
+    if (list.ok) {
+      for (const fn of parseFunctionList(list.stdout)) {
+        const cfg = await run("aws", ["lambda", "get-function-configuration", "--function-name", fn, "--output", "json", ...region]);
+        if (!cfg.ok) continue;
+        for (const [k, v] of Object.entries(parseFunctionEnv(cfg.stdout))) {
+          const entries = entriesFromKV(k, v, `aws-lambda://${tag}/${fn}#${k}`, fn);
+          out.push(...scanConfigEntries(entries, compiled, { sourceType: "aws-lambda", env: opts?.env }));
+        }
+      }
+    }
+
+    // (b) Bedrock enabled foundation models — emitted DIRECTLY but still through
+    // the funnel (the model id is the value) for redaction + dedup parity. Default
+    // on; opts.awsBedrock === false skips the extra call.
+    if (opts?.awsBedrock !== false) {
+      const bm = await run("aws", ["bedrock", "list-foundation-models", "--output", "json", ...region]);
+      if (bm.ok) {
+        for (const modelId of parseBedrockModels(bm.stdout)) {
+          const entries = entriesFromKV("bedrock-model", modelId, `aws-bedrock://${tag}/foundation-models#${modelId}`, opts?.region);
+          out.push(...scanConfigEntries(entries, compiled, { sourceType: "aws-bedrock", env: opts?.env }));
+        }
+      }
+    }
+    return out;
+  },
+};

package/src/sources/configscan.js

@@ -10,12 +10,18 @@ import { redactValue } from "../redact.js";
 
 const isPlainObject = (v) => v !== null && typeof v === "object" && !Array.isArray(v);
 
-/** Guess an environment label from any contextual hints (namespace, key, path). */
+/** Guess an environment label from any contextual hints (namespace, key, path).
+ *  We claim an env only on a POSITIVE marker — including an explicit prod/live one
+ *  — and never fabricate "prod" from the mere absence of a hint (a k8s "default"
+ *  namespace, an unlabelled secret). No marker → "unknown", so the user can tag it
+ *  rather than trust a coin-flip. An explicit env passed to scanConfigEntries still
+ *  overrides this entirely. */
 export function guessEnvFrom(...hints) {
   const s = hints.filter(Boolean).join(" ").toLowerCase();
   if (/(^|[^a-z])(dev|development|sandbox|local)([^a-z]|$)/.test(s)) return "dev";
   if (/(^|[^a-z])(stag|staging|stg|qa|uat|test)([^a-z]|$)/.test(s)) return "staging";
-  return "prod";
+  if (/(^|[^a-z])(prod|production|prd|live)([^a-z]|$)/.test(s)) return "prod";
+  return "unknown";
 }
 
 /** Flatten a nested object/array into leaf entries with dotted locator paths. */

package/src/sources/github-actions.js

@@ -0,0 +1,156 @@
+import fs from "node:fs";
+import path from "node:path";
+import { hasCmd, run } from "./shell.js";
+import { detectInLine } from "../detect/core.js";
+import { redactValue } from "../redact.js";
+import { scanConfigEntries, entriesFromKV } from "./configscan.js";
+
+/* Pure parsers (unit-tested). */
+
+/** `gh variable list [--json name,value]` → [{name, value}]. Actions VARIABLES are
+ * NON-secret config values (unlike secrets), so we scan the VALUE for model ids via
+ * entriesFromKV. Handles `--json name,value` ([{name,value}]) and the tab-separated
+ * table (NAME\tVALUE\tUPDATED). Pure — no JSON shape knowledge leaks out. */
+export function parseVariableList(stdout) {
+  const s = String(stdout || "").trim();
+  if (!s) return [];
+  try {
+    const j = JSON.parse(s);
+    if (Array.isArray(j)) return j.map((x) => ({ name: x.name, value: x.value ?? "" })).filter((x) => x.name);
+  } catch {
+    /* fall through to table parse */
+  }
+  const out = [];
+  for (const raw of s.split(/\r?\n/)) {
+    const line = raw.trim();
+    if (!line) continue;
+    if (/^name\b/i.test(line)) continue; // header
+    if (/^[-\s|]+$/.test(line)) continue; // separator rule
+    // gh's table output is tab- or 2+-space-separated: NAME  VALUE  UPDATED.
+    const cols = line.split(/\t|\s{2,}/).map((c) => c.trim());
+    const name = cols[0];
+    if (name && /^[A-Za-z_][A-Za-z0-9_]*$/.test(name)) out.push({ name, value: cols[1] ?? "" });
+  }
+  return out;
+}
+
+/** `gh secret list [--json name]` → NAMES only. Handles `--json name` ([{name}])
+ * and the tab/space-separated table (NAME  UPDATED). We NEVER `gh secret view`. */
+export function parseGhSecretList(stdout) {
+  const s = String(stdout || "").trim();
+  try {
+    const j = JSON.parse(s);
+    if (Array.isArray(j)) return j.map((x) => x.name).filter(Boolean);
+  } catch {
+    /* fall through to table parse */
+  }
+  const names = [];
+  for (const raw of s.split(/\r?\n/)) {
+    const line = raw.trim();
+    if (!line) continue;
+    const name = line.split(/\s{2,}|\t/).map((c) => c.trim()).filter(Boolean)[0];
+    if (name && /^[A-Za-z_][A-Za-z0-9_]*$/.test(name)) names.push(name);
+  }
+  return names;
+}
+
+/** Line-scan one workflow YAML body → Candidates (model refs in workflow steps).
+ * Pure: takes text + relPath + compiled, returns #L<n>-located candidates with a
+ * redacted, 160-capped snippet. detectInLine returns a Set, iterated with for…of. */
+export function scanWorkflowText(text, relPath, compiled, env) {
+  const out = [];
+  const seen = new Set();
+  String(text || "").split(/\r?\n/).forEach((line, i) => {
+    for (const model_string of detectInLine(line, compiled)) {
+      const locator = `github-actions://workflows/${relPath}#L${i + 1}`;
+      const key = `${model_string}|${locator}`;
+      if (seen.has(key)) continue;
+      seen.add(key);
+      out.push({
+        model_string,
+        source_type: "github-actions",
+        location_label: locator,
+        source_path: relPath,
+        source_line: i + 1,
+        environment: env || "unknown",
+        snippet: redactValue(line.trim()).slice(0, 160),
+      });
+    }
+  });
+  return out;
+}
+
+/** GitHub Actions VARIABLES + secrets + workflows. LIVE integration: gated on the
+ * enabled toggle AND the `gh` CLI. Surfaces:
+ *   (a) `gh variable list` → VALUES scanned via entriesFromKV (Actions variables are
+ *       NON-secret config, the natural home for a `OPENAI_MODEL=gpt-4o` style value);
+ *   (b) `gh secret list` → NAME-only entries (NEVER a value — no value API exists);
+ *   (c) a NARROW own-walk of <root>/.github/workflows/*.yml line-scanned for model
+ *       refs (does NOT import filesystem.js — concurrency guardrail).
+ * When scoped to a GitHub Environment via opts.ghEnvironment, that environment is
+ * AUTHORITATIVE for variables (passed straight through), else the folded opts.env /
+ * guessEnvFrom applies. opts: { root, ghRepo, ghEnvironment }. */
+export const githubActionsSource = {
+  id: "github-actions",
+  label: "GitHub Actions variables + secrets + workflows",
+  kind: "cli",
+  integration: true,
+  envTag: "unknown",
+  async available() {
+    return hasCmd("gh");
+  },
+  async authState() {
+    const r = await run("gh", ["auth", "status"]);
+    // `gh auth status` writes to stderr even on success; ok is the signal.
+    if (!r.ok) return { connected: false, mode: "auth-status", reason: (r.stderr || r.stdout || "not logged in").split("\n")[0] };
+    return { connected: true, mode: "auth-status" };
+  },
+  async collect(opts, compiled) {
+    const repoArg = opts?.ghRepo ? ["--repo", opts.ghRepo] : [];
+    const repoTag = opts?.ghRepo || "repo";
+    // A GitHub Environment is authoritative for env-scoped variables — pass it as
+    // the explicit env (overriding guessEnvFrom). Else fall back to the folded opts.env.
+    const ghEnv = opts?.ghEnvironment || "";
+    const envArg = ghEnv ? ["--env", ghEnv] : [];
+    const out = [];
+
+    // (a) VARIABLES — non-secret VALUES, scanned through the redaction funnel. We
+    // ask for JSON so the value column is unambiguous; a model id in a variable
+    // value (e.g. OPENAI_MODEL=gpt-4o) is exactly what we want to catch.
+    const vars = await run("gh", ["variable", "list", ...repoArg, ...envArg, "--json", "name,value"]);
+    if (vars.ok) {
+      for (const { name, value } of parseVariableList(vars.stdout)) {
+        const entries = entriesFromKV(name, value, `github-actions://${repoTag}/variables#${name}`, ghEnv || repoTag);
+        out.push(...scanConfigEntries(entries, compiled, { sourceType: "github-actions", env: ghEnv || opts?.env }));
+      }
+    }
+
+    // (b) Secret NAMES only (never a value — there is no value API anyway).
+    const secrets = await run("gh", ["secret", "list", ...repoArg, ...envArg]);
+    if (secrets.ok) {
+      for (const name of parseGhSecretList(secrets.stdout)) {
+        const entries = entriesFromKV(name, "", `github-actions://${repoTag}/secrets#${name}`, ghEnv || repoTag);
+        out.push(...scanConfigEntries(entries, compiled, { sourceType: "github-actions", env: ghEnv || opts?.env }));
+      }
+    }
+
+    // (c) Workflow YAML bodies — own narrow walk of <root>/.github/workflows.
+    const wfDir = path.join(opts?.root || ".", ".github", "workflows");
+    let files = [];
+    try {
+      files = fs.readdirSync(wfDir).filter((f) => /\.ya?ml$/.test(f));
+    } catch {
+      /* no workflows dir — secrets-only is fine */
+    }
+    for (const f of files) {
+      let text;
+      try {
+        text = fs.readFileSync(path.join(wfDir, f), "utf8");
+      } catch {
+        continue;
+      }
+      out.push(...scanWorkflowText(text, f, compiled, opts?.env));
+    }
+    return out;
+  },
+};