@modelstatus/cli 0.1.34 → 0.1.36

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelstatus/cli",
-  "version": "0.1.34",
+  "version": "0.1.36",
   "description": "Track which AI models you use, where, and never get surprised by a retirement. Free offline model-health for any repo (mm status), browser sign-in for cloud inventory + alerts.",
   "keywords": [
     "llm",

package/src/api.js

@@ -80,6 +80,12 @@ export function createClient({ apiBase, apiKey }) {
     createChannel: (body) => req("POST", "/channels", { action: "connect", ...body }),
     testChannel: (body) => req("POST", "/channels", { action: "test", ...body }),
 
+    // integrations — the cross-device mirror of the local integrations.json toggle.
+    // The LOCAL file is authoritative for what `mm scan` runs; these sync the web
+    // card + carry plan-gating (402 on free). Best-effort from the TUI.
+    listIntegrations: () => req("GET", "/integrations"),
+    setIntegration: (body) => req("PATCH", "/integrations", body),
+
     // notifications feed
     listNotifications: (params) => req("GET", `/notifications${qs(params)}`),
     readNotification: (id) => req("POST", `/notifications/${id}/read`),

package/src/ci.js

@@ -16,7 +16,7 @@ const BADGE = { ok: "🟢", deprecating: "🟡", retiring: "🟠", retired: "
 
 /** Evaluate `dir` and return { findings, failing, threshold, failOn, counts, snapshot }.
  * `findings` are per-(model, location) entries with health worse than ok. */
-export async function evaluateCi({ dir, sources = ["filesystem"], scanOpts = {}, failOn = "retired", offline = false, log = () => {} }) {
+export async function evaluateCi({ dir, sources = ["filesystem"], explicit = new Set(), scanOpts = {}, failOn = "retired", offline = false, log = () => {} }) {
   // Online by default so CI checks against the LATEST registry; --offline (or the
   // env) falls back to the cached snapshot. cacheFile env keeps tests hermetic.
   const snapshot = await getRegistry({
@@ -24,7 +24,7 @@ export async function evaluateCi({ dir, sources = ["filesystem"], scanOpts = {},
     cacheFile: process.env.LLMSTATUS_REGISTRY_CACHE || undefined,
     log: (m) => log(`${m}\n`),
   });
-  const candidates = await collectFrom(sources, { root: dir, ...scanOpts }, snapshot.detection);
+  const candidates = await collectFrom(sources, { root: dir, ...scanOpts }, snapshot.detection, explicit);
   const resolved = resolveLocal(snapshot, [...new Set(candidates.map((c) => c.model_string))]);
   const byStr = new Map(resolved.map((r) => [r.input.toLowerCase(), r]));
   const today = new Date();

package/src/index.js

@@ -1,9 +1,14 @@
 #!/usr/bin/env node
 import fs from "node:fs";
+import os from "node:os";
 import path from "node:path";
 import { resolveAuth, loadConfig, saveConfig, clearAuth, configFilePath } from "./config.js";
 import { createClient } from "./api.js";
-import { collectFrom, availability, ALL_SOURCE_IDS } from "./sources/index.js";
+import { collectFrom, availability, ALL_SOURCE_IDS, getSource } from "./sources/index.js";
+import {
+  INTEGRATION_IDS, INTEGRATION_META, readIntegrations, enabledIds,
+  getEnvTag, setEnabled, setEnvTag,
+} from "./integrations.js";
 import { redactValue } from "./redact.js";
 import { assignProjects } from "./upload.js";
 import { loginViaBrowser } from "./auth.js";
@@ -11,12 +16,81 @@ import { maybeCheckForUpdate } from "./updater.js";
 import { track, maybeAnalyticsNotice } from "./telemetry.js";
 import { BUILD_VERSION } from "./version.js";
 
+// TRUE BACKGROUND SCAN — hidden worker dispatch. MUST be the first executable
+// statement, BEFORE main()/maybeAnalyticsNotice/track/maybeCheckForUpdate: those
+// write to stdout (the analytics notice) and trigger the self-updater, but the
+// worker's stdout MUST be PURE NDJSON. The dynamic import pulls in ONLY
+// filesystem.js + detect/core + registry (no ink, upload, auth, telemetry).
+//
+// argv is env-agnostic: under node argv = [node, /abs/src/index.js, sentinel, …];
+// under the bun-compiled binary argv = [/abs/binary, /$bunfs/…, sentinel, …]. In
+// BOTH the sentinel is at index 2 and worker args at index 3+. (See
+// src/sources/scan-process.js buildSpawnArgs for the matching parent spawn.)
+if (process.argv[2] === "__mm_scan_worker") {
+  const { runWorker } = await import("./sources/scan-worker.js");
+  await runWorker(process.argv.slice(3)); // never returns — calls process.exit
+}
+
+// HIDDEN bench seam (NOT a public command; absent from help). Runs the REAL
+// game loop with a per-frame timestamp tap → stdout NDJSON, AND starts the REAL
+// background scan subprocess (the production self-re-exec) so the SHIPPED binary
+// is measured doing BOTH jobs at once — the exact concurrent path `mm play`
+// drives. Used by test/game-jitter-compiled.test.mjs to gate the bun-compiled
+// artifact (where the runtime, and thus the self-re-exec branch, differs from
+// node). Headless: drives the loop via its _inject IO seams (no TTY needed).
+//   mm __bench_frames --seconds=N --with-scan=DIR [--ndjson]
+if (process.argv[2] === "__bench_frames") {
+  const args = process.argv.slice(3);
+  const getv = (k, d) => { const a = args.find((x) => x.startsWith(`--${k}=`)); return a ? a.slice(k.length + 3) : d; };
+  const seconds = Number(getv("seconds", "4")) || 4;
+  const scanDir = getv("with-scan", null);
+  const now = () => Number(process.hrtime.bigint() / 1000000n);
+  const emit = (o) => process.stdout.write(JSON.stringify(o) + "\n");
+
+  const { runGame } = await import("./tui/game/loop.js");
+  let scan = null;
+  if (scanDir) {
+    const { startScanProcess, isBunRuntime } = await import("./sources/scan-process.js");
+    scan = startScanProcess({ root: scanDir }, {});
+    // Echo the self-re-exec proof: the worker's runtime + spawn argv0, so the
+    // test KNOWS the subprocess path didn't silently fall back to in-process.
+    emit({ t: "reexec", bun: isBunRuntime(), parentExec: process.execPath, childPid: scan.child.pid, childSpawnFile: process.execPath });
+  }
+
+  // Fake IO so the loop runs without a TTY; wrap schedule to timestamp each tick.
+  const writes = [];
+  const out = { columns: 80, rows: 24, isTTY: false, write: (s) => { if (s) writes.push(s.length); return true; }, setRawMode() { return this; }, on() {}, removeListener() {}, resume() {}, pause() {} };
+  const input = { isTTY: false, isRaw: false, setRawMode(v) { this.isRaw = v; return this; }, on() {}, removeListener() {}, resume() {}, pause() {}, write() { return true; } };
+  const seqs = ["\x1b[C", "\x1b[D", " ", "\x1b[A"]; let ki = 0;
+  const drive = setInterval(() => { (input._d || []).forEach((f) => f(Buffer.from(seqs[ki++ % seqs.length]))); }, 45);
+  input.on = (ev, fn) => { if (ev === "data") (input._d ||= []).push(fn); };
+  input.removeListener = (ev, fn) => { if (ev === "data") input._d = (input._d || []).filter((f) => f !== fn); };
+
+  let prev = null;
+  const p = runGame({
+    width: 80, height: 24, scanStore: scan,
+    _inject: {
+      out, inp: input, proc: process, now,
+      schedule: (fn, ms) => setTimeout(() => { const t = now(); if (prev != null) emit({ t: "frame", dtMs: t - prev }); prev = t; fn(); }, ms),
+      cancel: (h) => clearTimeout(h),
+    },
+  });
+  setTimeout(() => { (input._d || []).forEach((f) => f(Buffer.from("q"))); }, seconds * 1000);
+  await p;
+  clearInterval(drive);
+  emit({ t: "done", filesScanned: scan ? scan.stats.filesScanned : 0, candidates: scan ? scan.stats.candidateCount : 0, phase: scan ? scan.stats.phase : "none" });
+  try { scan && scan.abort(); } catch {}
+  process.exit(0);
+}
+
 function parseArgs(argv) {
   const flags = {};
   const positional = [];
   const valueFlags = new Set([
     "api", "key", "project", "dir", "fail-on", "diff", "json-out",
     "sources", "region", "namespace", "kube-context", "db", "sql-table", "env",
+    // Per-integration scope flags (non-secret): consumed by the 4 live sources.
+    "vercel-project", "vercel-team", "gh-repo", "supabase-ref",
   ]);
   for (let i = 0; i < argv.length; i++) {
     const a = argv[i];
@@ -41,15 +115,33 @@ const uuidish = (s) => /^[0-9a-f]{8}-[0-9a-f]{4}-/i.test(s || "");
  * from a git remote, since a local scan root may not be the repo root. */
 const ghRepoSlug = () => (process.env.GITHUB_REPOSITORY || "").trim();
 
-/** Resolve the requested sources: default filesystem, "all", or a comma list. */
+/** The set of source ids the user named VERBATIM in --sources (empty for the
+ * default / "all"). Naming a live integration here overrides its enabled-gate. */
+function explicitSources(flags) {
+  const raw = (flags.sources || "").trim();
+  if (!raw || raw === "all") return new Set();
+  return new Set(raw.split(",").map((s) => s.trim()).filter(Boolean));
+}
+
+/** Resolve the requested sources.
+ *   - empty  → filesystem + every ENABLED live integration (toggled-on integrations
+ *              scan by default; the rest are NOT in the default set, so no surprise
+ *              network calls).
+ *   - "all"  → ALL_SOURCE_IDS, but a live integration is included only when enabled
+ *              (so `all` never silently fires a not-authorized integration); the
+ *              existing non-integration sources stay in `all` unconditionally.
+ *   - list   → honored verbatim (an explicit id overrides the enabled-gate). */
 function parseSources(flags) {
   const raw = (flags.sources || "").trim();
-  if (!raw) return ["filesystem"];
-  if (raw === "all") return ALL_SOURCE_IDS;
+  if (!raw) return ["filesystem", ...enabledIds()];
+  if (raw === "all") {
+    const enabled = enabledIds();
+    return ALL_SOURCE_IDS.filter((id) => !getSource(id)?.integration || enabled.has(id));
+  }
   return raw.split(",").map((s) => s.trim()).filter(Boolean);
 }
 
-/** Per-source options gathered from flags (region/namespace/db/…). */
+/** Per-source options gathered from flags (region/namespace/db/integration scope). */
 function scanOpts(flags, dir) {
   return {
     root: dir,
@@ -59,6 +151,10 @@ function scanOpts(flags, dir) {
     db: flags.db,
     sqlTable: flags["sql-table"],
     env: flags.env,
+    vercelProject: flags["vercel-project"],
+    vercelTeam: flags["vercel-team"],
+    ghRepo: flags["gh-repo"],
+    supabaseProjectRef: flags["supabase-ref"],
   };
 }
 
@@ -106,6 +202,49 @@ async function cmdUpgrade(_positional, flags) {
   }
 }
 
+/** `mm play [dir]` — the standalone game: NO Ink, ever. Runs the direct-ANSI
+ * 60Hz loop while a background scan subprocess walks `dir` (its progress feeds
+ * the in-game HUD). Pure terminal, restores cleanly on every exit path. */
+async function cmdPlay(positional, flags) {
+  if (!process.stdout.isTTY) {
+    console.error("`mm play` needs an interactive terminal (a TTY).");
+    process.exit(1);
+  }
+  const dir = path.resolve(positional[1] || flags.dir || ".");
+  const { runGame } = await import("./tui/game/loop.js");
+
+  // Best-effort background scan of `dir` so the HUD shows live progress. We
+  // pre-fetch the signed registry once and hand the worker a cache file so it
+  // skips the network; on any failure the game still plays (scanStore stays in
+  // its error/empty state, which the HUD renders as "scan unavailable").
+  let scanHandle = null;
+  let cacheFile = null;
+  try {
+    const { startScanProcess } = await import("./sources/scan-process.js");
+    try {
+      const { getRegistry } = await import("./registry/fetch.js");
+      const snapshot = await getRegistry({ offline: !!flags.offline }).catch(() => null);
+      if (snapshot) {
+        cacheFile = path.join(os.tmpdir(), `mm-reg-${process.pid}.json`);
+        fs.writeFileSync(cacheFile, JSON.stringify(snapshot));
+      }
+    } catch { /* no cache — worker fetches itself */ }
+    scanHandle = startScanProcess({ root: dir, registryCachePath: cacheFile || undefined }, {});
+  } catch { scanHandle = null; }
+
+  try {
+    await runGame({
+      width: process.stdout.columns || 80,
+      height: process.stdout.rows || 24,
+      level: 1,
+      scanStore: scanHandle,
+    });
+  } finally {
+    try { scanHandle && scanHandle.abort(); } catch { /* ignore */ }
+    try { if (cacheFile) fs.unlinkSync(cacheFile); } catch { /* ignore */ }
+  }
+}
+
 async function launchTui(initialView, flags) {
   // Pass apiKey straight through (may be null). The TUI's Bootstrap wrapper
   // renders an interactive SignIn screen when there's no key, then swaps to
@@ -136,10 +275,13 @@ async function cmdScan(positional, flags) {
   // Non-interactive (CI / --json / --yes): scan + bulk upload, no TUI.
   const client = createClient({ apiBase, apiKey });
   const sources = parseSources(flags);
+  const explicit = explicitSources(flags);
   const opts = scanOpts(flags, dir);
 
-  // Report which sources will actually run (tool/creds/flags present).
-  const avail = await availability(sources, opts);
+  // Report which sources will actually run (tool/creds/flags present). A live
+  // integration named explicitly in --sources counts as available without being
+  // toggled on (explicit intent overrides the enabled-gate).
+  const avail = await availability(sources, opts, explicit);
   for (const a of avail) {
     if (!a.known) process.stderr.write(`! unknown source "${a.id}" — skipped\n`);
     else if (!a.available) process.stderr.write(`! ${a.id} unavailable (tool, creds, or flags missing) — skipped\n`);
@@ -148,7 +290,7 @@ async function cmdScan(positional, flags) {
   process.stderr.write(`Scanning [${active.join(", ") || "none"}] …\n`);
 
   const patterns = await client.detectionPatterns();
-  const candidates = await collectFrom(sources, opts, patterns);
+  const candidates = await collectFrom(sources, opts, patterns, explicit);
   if (candidates.length === 0) {
     console.log("No model usage found.");
     return;
@@ -305,6 +447,7 @@ async function cmdCi(positional, flags) {
   const res = await evaluateCi({
     dir,
     sources: parseSources(flags),
+    explicit: explicitSources(flags),
     scanOpts: scanOpts(flags, dir),
     failOn,
     offline: !!flags.offline,
@@ -397,19 +540,75 @@ async function cmdClear(_positional, flags) {
   console.log(`✓ Cleared ${res.usages ?? 0} usage(s)${res.projects ? ` + ${res.projects} project(s)` : ""}. Your inventory is clean — rescan to repopulate.`);
 }
 
-/** List detection sources and whether each can run right now. */
+/** List detection sources and whether each can run right now. Live integrations
+ * also show their on/off toggle (the `int` column) so toggled state is visible
+ * here too. */
 async function cmdSources(_positional, flags) {
   const dir = path.resolve(flags.dir || ".");
   const report = await availability(ALL_SOURCE_IDS, scanOpts(flags, dir));
   console.log("Detection sources:");
   for (const a of report) {
-    console.log(`  ${a.available ? "✓" : "·"} ${a.id.padEnd(13)} ${a.label}${a.available ? "" : "  (unavailable)"}`);
+    // For an integration, the toggle column shows on/off; "·" elsewhere is N/A.
+    const toggle = a.integration ? (a.enabled ? "on " : "off") : "—  ";
+    console.log(`  ${a.available ? "✓" : "·"} ${a.id.padEnd(15)} ${toggle}  ${a.label}${a.available ? "" : "  (unavailable)"}`);
   }
   console.log("\nScan with: mm scan --sources env,aws-secrets,k8s,helm,sql   (or --sources all)");
+  console.log("Integrations (toggle with `mm integrations enable <id>`): " + INTEGRATION_IDS.join(", "));
   console.log("Options:   --region <r> · --namespace <ns> · --kube-context <c> · --db <pg-dsn> --sql-table <t>");
+  console.log("           --vercel-project <p> · --vercel-team <t> · --gh-repo <owner/name> · --supabase-ref <ref>");
   console.log("Safety:    secret VALUES never leave your machine — only model ids upload. Use --dry-run to preview.");
 }
 
+/** `mm integrations [list|enable <id>|disable <id>|env <id> <tag>]` — manage the
+ * local enabled-state of the live integrations (the authoritative toggle for what
+ * `mm scan` runs by default). Non-secret only; authorization is your own CLI. */
+function cmdIntegrations(positional, flags) {
+  const sub = positional[1];
+  const id = positional[2];
+  const known = (x) => INTEGRATION_IDS.includes(x);
+
+  if (sub === "enable" || sub === "disable") {
+    if (!known(id)) {
+      console.error(`Unknown integration "${id}". One of: ${INTEGRATION_IDS.join(", ")}`);
+      process.exit(1);
+    }
+    setEnabled(id, sub === "enable");
+    console.log(`✓ ${id} ${sub === "enable" ? "enabled" : "disabled"}. It ${sub === "enable" ? "now runs" : "no longer runs"} in the default scan.`);
+    return;
+  }
+  if (sub === "env") {
+    const tag = positional[3];
+    if (!known(id)) {
+      console.error(`Unknown integration "${id}". One of: ${INTEGRATION_IDS.join(", ")}`);
+      process.exit(1);
+    }
+    try {
+      setEnvTag(id, tag);
+    } catch (e) {
+      console.error(e.message);
+      process.exit(1);
+    }
+    console.log(`✓ ${id} env set to "${tag}".${tag === "unknown" ? " (override cleared — env is now guessed)" : ""}`);
+    return;
+  }
+
+  // Default / "list": show current state.
+  const cur = readIntegrations();
+  if (flags.json) {
+    console.log(JSON.stringify({ data: INTEGRATION_IDS.map((iid) => ({ id: iid, ...INTEGRATION_META[iid], enabled: !!cur[iid]?.enabled, env_tag: getEnvTag(iid) || "unknown", ref: cur[iid]?.ref })) }, null, 2));
+    return;
+  }
+  console.log("Live integrations:");
+  for (const iid of INTEGRATION_IDS) {
+    const meta = INTEGRATION_META[iid];
+    const on = cur[iid]?.enabled ? "on " : "off";
+    const tag = getEnvTag(iid) || "unknown";
+    console.log(`  ${on}  ${iid.padEnd(15)} env=${tag.padEnd(8)} (${meta.requiresCmd})  ${meta.label}`);
+  }
+  console.log("\nToggle: mm integrations enable|disable <id>   ·   Env: mm integrations env <id> prod|staging|dev|unknown");
+  console.log("Authorization is your already-authenticated CLI (aws/gh/vercel/supabase) — we never store a token.");
+}
+
 /** Offline, account-less health check: pull the signed registry snapshot, scan
  * here, resolve + score health entirely on-device. The free tier's core value. */
 async function cmdStatus(positional, flags) {
@@ -418,7 +617,7 @@ async function cmdStatus(positional, flags) {
   const { resolveLocal, computeHealth } = await import("./registry/local.js");
   const snapshot = await getRegistry({ offline: !!flags.offline, log: (m) => process.stderr.write(`! ${m}\n`) });
 
-  const candidates = await collectFrom(parseSources(flags), scanOpts(flags, dir), snapshot.detection);
+  const candidates = await collectFrom(parseSources(flags), scanOpts(flags, dir), snapshot.detection, explicitSources(flags));
   const resolved = resolveLocal(snapshot, [...new Set(candidates.map((c) => c.model_string))]);
   const byStr = new Map(resolved.map((r) => [r.input.toLowerCase(), r]));
 
@@ -493,19 +692,25 @@ Usage:
   mm ci [dir]              CI gate: fail the build on deprecated/retiring models (GitHub annotations)
                           (--diff <base> limits findings to files changed vs base; auto on PRs via GITHUB_BASE_REF)
   mm sources               List detection sources and whether each can run here
+  mm integrations          Manage live integrations (list | enable <id> | disable <id> | env <id> <tag>)
   mm clear                 Delete all tracked usages from your inventory (--all also wipes projects/rules; --yes to skip the prompt)
   mm upgrade               Open Stripe checkout and poll until Pro is active
+  mm play [dir]            Play Donkey Kong while a background scan walks the dir (just for fun)
   mm tui                   Force-launch the TUI (logs you in first if needed)
 
-Scan sources (--sources, default filesystem; "all" for everything):
+Scan sources (--sources; default = filesystem + enabled integrations; "all" for everything):
   filesystem  repo files          aws-secrets  AWS Secrets Manager + SSM
   env         live process env    k8s          kubectl secrets + configmaps
   sql         psql --db <dsn>     helm         helm release values
+  Live integrations (toggle on with \`mm integrations enable <id>\`, or name in --sources):
+  aws-lambda  Lambda env + Bedrock  vercel  project env (names)   supabase-edge  edge fns + secrets
+  github-actions  workflow YAML + secret names
   Secret sources shell out to your already-authenticated CLIs, run read-only,
   and only ever upload model ids — secret VALUES never leave your machine.
 
 Flags: --api <url> · --key <key> · --project <id|name> · --yes · --json · --ci · --dry-run
        --sources <list> · --region <r> · --namespace <ns> · --kube-context <c> · --db <dsn> · --sql-table <t>
+       --vercel-project <p> · --vercel-team <t> · --gh-repo <owner/name> · --supabase-ref <ref>
 
 Get started: \`mm login\` (opens your browser).`;
 
@@ -553,7 +758,9 @@ async function main() {
     else if (cmd === "ci") await cmdCi(positional, flags);
     else if (cmd === "status") await cmdStatus(positional, flags);
     else if (cmd === "sources") await cmdSources(positional, flags);
+    else if (cmd === "integrations") cmdIntegrations(positional, flags);
     else if (cmd === "clear") await cmdClear(positional, flags);
+    else if (cmd === "play") await cmdPlay(positional, flags);
     else if (cmd === "upgrade") await cmdUpgrade(positional, flags);
     else if (cmd === "tui" || !cmd) await launchTui(positional[1], flags);
     else if (cmd === "help" || flags.help) console.log(HELP);

package/src/integrations.js

@@ -0,0 +1,121 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+
+/**
+ * On-disk toggle state for the LIVE integration sources (aws-lambda, vercel,
+ * supabase-edge, github-actions). This is the SINGLE source of truth read by
+ * parseSources (index.js), availability()/collectFrom() (sources/index.js),
+ * `mm integrations`, and the TUI Integrations view.
+ *
+ * It lives in its OWN file (NOT config.json) so the API-key file's blast radius
+ * stays small, and is written 0600/0700 with the exact recipe config.js uses.
+ *
+ * SECURITY: this file is NON-SECRET scope only. `enabled` is a boolean, `envTag`
+ * is a declared env label, and `ref` holds a non-secret scope hint (an AWS
+ * account id, a vercel team/project slug, a gh repo slug). It NEVER stores a
+ * provider key/token — authorization for a live source is always the user's
+ * already-authenticated local CLI (aws/gh/vercel/supabase), never our file.
+ *
+ * On-disk shape:
+ *   {
+ *     "aws-lambda":     { "enabled": true,  "envTag": "prod", "ref": "123456789012" },
+ *     "vercel":         { "enabled": false },
+ *     "supabase-edge":  { "enabled": false },
+ *     "github-actions": { "enabled": true }
+ *   }
+ */
+
+const dir = path.join(os.homedir(), ".config", "llmstatus");
+
+/** The integrations file path. LLMSTATUS_INTEGRATIONS_FILE overrides it (tests
+ * point this at a temp file so they never touch the dev's real toggles — mirrors
+ * filesystem.js's LLMSTATUS_IGNORE_FILE). */
+export function integrationsFilePath() {
+  return process.env.LLMSTATUS_INTEGRATIONS_FILE || path.join(dir, "integrations.json");
+}
+
+/** The 4 known live-integration ids. enabledIds() intersects with this so a
+ * stale/hand-edited key can never inject an unknown source into a scan. */
+export const INTEGRATION_IDS = ["aws-lambda", "vercel", "supabase-edge", "github-actions"];
+
+/** Display + capability metadata. `requiresCmd` is the vendor CLI each one shells
+ * out to (the `available()` PATH check). Kept here so the command, the TUI view,
+ * and cmdSources all read one table. */
+export const INTEGRATION_META = {
+  "aws-lambda": { label: "AWS Lambda env/config + Bedrock", requiresCmd: "aws" },
+  vercel: { label: "Vercel project env", requiresCmd: "vercel" },
+  "supabase-edge": { label: "Supabase Edge Functions + secrets", requiresCmd: "supabase" },
+  "github-actions": { label: "GitHub Actions secrets + workflows", requiresCmd: "gh" },
+};
+
+const ENV_TAGS = new Set(["prod", "staging", "dev", "unknown"]);
+
+/** Parsed integrations.json, or {} (missing/corrupt file → {}, like loadConfig). */
+export function readIntegrations() {
+  try {
+    return JSON.parse(fs.readFileSync(integrationsFilePath(), "utf8"));
+  } catch {
+    return {};
+  }
+}
+
+/** Write the whole map. Owner-only (0600), mirroring config.js's saveConfig
+ * exactly — chmod after write also tightens a pre-existing loose-perm file
+ * (writeFileSync's mode only applies on create). Returns the file path. */
+export function writeIntegrations(next) {
+  const file = integrationsFilePath();
+  fs.mkdirSync(path.dirname(file), { recursive: true, mode: 0o700 });
+  fs.writeFileSync(file, JSON.stringify(next, null, 2), { mode: 0o600 });
+  try {
+    fs.chmodSync(file, 0o600);
+  } catch {
+    /* best-effort (e.g. Windows) */
+  }
+  return file;
+}
+
+/** Is this integration toggled on? */
+export function getEnabled(id) {
+  return !!readIntegrations()[id]?.enabled;
+}
+
+/** The declared env override for an integration, or undefined if none is set
+ * (so the source falls back to guessEnvFrom). "unknown" is never returned — it's
+ * the "clear the override" sentinel (see setEnvTag). */
+export function getEnvTag(id) {
+  const t = readIntegrations()[id]?.envTag;
+  return t && t !== "unknown" ? t : undefined;
+}
+
+/** The enabled live-integration ids, intersected with INTEGRATION_IDS so a stale
+ * key can't inject an unknown source. Returns a Set for cheap `.has()` in the gate. */
+export function enabledIds() {
+  const cur = readIntegrations();
+  return new Set(INTEGRATION_IDS.filter((id) => !!cur[id]?.enabled));
+}
+
+/** Toggle an integration on/off (merges, preserving envTag/ref). Returns the path. */
+export function setEnabled(id, enabled) {
+  const cur = readIntegrations();
+  return writeIntegrations({ ...cur, [id]: { ...cur[id], enabled: !!enabled } });
+}
+
+/** Set the declared env override. Validates the union; "unknown" CLEARS the
+ * override (so guessEnvFrom resumes) rather than force-stamping every finding as
+ * "unknown" and defeating positive-marker detection. Returns the path. */
+export function setEnvTag(id, envTag) {
+  if (!ENV_TAGS.has(envTag)) throw new Error(`envTag must be one of ${[...ENV_TAGS].join(", ")}`);
+  const cur = readIntegrations();
+  const entry = { ...cur[id] };
+  if (envTag === "unknown") delete entry.envTag;
+  else entry.envTag = envTag;
+  return writeIntegrations({ ...cur, [id]: entry });
+}
+
+/** Set a non-secret scope hint (AWS account id / vercel slug / gh repo). Returns
+ * the path. NEVER pass a secret here — this is for display + locator context only. */
+export function setRef(id, ref) {
+  const cur = readIntegrations();
+  return writeIntegrations({ ...cur, [id]: { ...cur[id], ref: ref || undefined } });
+}

package/src/sources/aws-lambda.js

@@ -0,0 +1,95 @@
+import { hasCmd, run } from "./shell.js";
+import { scanConfigEntries, entriesFromKV } from "./configscan.js";
+
+/* Pure parsers (unit-tested) — keep all JSON shape knowledge here, like aws.js.
+ * Each try/catch-es so malformed CLI output degrades to [] / {} rather than throws. */
+
+/** `aws lambda list-functions` → [FunctionName]. */
+export function parseFunctionList(stdout) {
+  try {
+    return (JSON.parse(stdout).Functions || []).map((f) => f.FunctionName).filter(Boolean);
+  } catch {
+    return [];
+  }
+}
+
+/** `aws lambda get-function-configuration` → the Environment.Variables map {K:V}. */
+export function parseFunctionEnv(stdout) {
+  try {
+    return JSON.parse(stdout)?.Environment?.Variables || {};
+  } catch {
+    return {};
+  }
+}
+
+/** `aws bedrock list-foundation-models` → [modelId] from .modelSummaries[].modelId.
+ * These are KNOWN-enabled foundation-model ids (not secrets) but still routed
+ * through the funnel for redaction + dedup parity. */
+export function parseBedrockModels(stdout) {
+  try {
+    return (JSON.parse(stdout).modelSummaries || []).map((m) => m.modelId).filter(Boolean);
+  } catch {
+    return [];
+  }
+}
+
+/** AWS Lambda env/config + Bedrock model ids. LIVE integration: gated on the
+ * enabled toggle (integrations.json) AND the `aws` CLI being present. Shells out
+ * to your already-authenticated `aws` CLI, read-only. Lambda env VALUES are
+ * scanned locally for model ids and never uploaded — only model ids leave.
+ * opts: { region, awsBedrock? }. */
+export const awsLambdaSource = {
+  id: "aws-lambda",
+  label: "AWS Lambda env/config + Bedrock",
+  kind: "cli",
+  integration: true,
+  envTag: "unknown",
+  async available() {
+    return hasCmd("aws");
+  },
+  /** Richer read-only identity probe (beyond the cheap PATH check). */
+  async authState(opts) {
+    const region = opts?.region ? ["--region", opts.region] : [];
+    const r = await run("aws", ["sts", "get-caller-identity", "--output", "json", ...region]);
+    if (!r.ok) return { connected: false, mode: "sts", reason: (r.stderr || "not authenticated").split("\n")[0] };
+    let account;
+    try {
+      account = JSON.parse(r.stdout).Account;
+    } catch {
+      /* ignore */
+    }
+    return { connected: true, mode: "sts", account };
+  },
+  async collect(opts, compiled) {
+    const region = opts?.region ? ["--region", opts.region] : [];
+    const tag = opts?.region || "default";
+    const out = [];
+
+    // (a) Lambda functions → per-function env vars (Bedrock model ids show up here).
+    const list = await run("aws", ["lambda", "list-functions", "--output", "json", ...region]);
+    if (list.ok) {
+      for (const fn of parseFunctionList(list.stdout)) {
+        const cfg = await run("aws", ["lambda", "get-function-configuration", "--function-name", fn, "--output", "json", ...region]);
+        if (!cfg.ok) continue;
+        for (const [k, v] of Object.entries(parseFunctionEnv(cfg.stdout))) {
+          const entries = entriesFromKV(k, v, `aws-lambda://${tag}/${fn}#${k}`, fn);
+          out.push(...scanConfigEntries(entries, compiled, { sourceType: "aws-lambda", env: opts?.env }));
+        }
+      }
+    }
+
+    // (b) Bedrock enabled foundation models — emitted DIRECTLY but still through
+    // the funnel (the model id is the value) for redaction + dedup parity. Default
+    // on; opts.awsBedrock === false skips the extra call.
+    if (opts?.awsBedrock !== false) {
+      const bm = await run("aws", ["bedrock", "list-foundation-models", "--output", "json", ...region]);
+      if (bm.ok) {
+        for (const modelId of parseBedrockModels(bm.stdout)) {
+          const entries = entriesFromKV("bedrock-model", modelId, `aws-bedrock://${tag}/foundation-models#${modelId}`, opts?.region);
+          out.push(...scanConfigEntries(entries, compiled, { sourceType: "aws-bedrock", env: opts?.env }));
+        }
+      }
+    }
+    return out;
+  },
+};

package/src/sources/configscan.js

@@ -10,12 +10,18 @@ import { redactValue } from "../redact.js";
 
 const isPlainObject = (v) => v !== null && typeof v === "object" && !Array.isArray(v);
 
-/** Guess an environment label from any contextual hints (namespace, key, path). */
+/** Guess an environment label from any contextual hints (namespace, key, path).
+ *  We claim an env only on a POSITIVE marker — including an explicit prod/live one
+ *  — and never fabricate "prod" from the mere absence of a hint (a k8s "default"
+ *  namespace, an unlabelled secret). No marker → "unknown", so the user can tag it
+ *  rather than trust a coin-flip. An explicit env passed to scanConfigEntries still
+ *  overrides this entirely. */
 export function guessEnvFrom(...hints) {
   const s = hints.filter(Boolean).join(" ").toLowerCase();
   if (/(^|[^a-z])(dev|development|sandbox|local)([^a-z]|$)/.test(s)) return "dev";
   if (/(^|[^a-z])(stag|staging|stg|qa|uat|test)([^a-z]|$)/.test(s)) return "staging";
-  return "prod";
+  if (/(^|[^a-z])(prod|production|prd|live)([^a-z]|$)/.test(s)) return "prod";
+  return "unknown";
 }
 
 /** Flatten a nested object/array into leaf entries with dotted locator paths. */