@modelstatus/cli 0.1.40 → 0.1.42

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelstatus/cli",
-  "version": "0.1.40",
+  "version": "0.1.42",
   "description": "Track which AI models you use, where, and never get surprised by a retirement. Free offline model-health for any repo (mm status), browser sign-in for cloud inventory + alerts.",
   "keywords": [
     "llm",

package/src/index.js

@@ -10,7 +10,7 @@ import {
   getEnvTag, setEnabled, setEnvTag,
 } from "./integrations.js";
 import { redactValue } from "./redact.js";
-import { assignProjects } from "./upload.js";
+import { assignProjects, buildUsages } from "./upload.js";
 import { loginViaBrowser } from "./auth.js";
 import { maybeCheckForUpdate } from "./updater.js";
 import { track, maybeAnalyticsNotice } from "./telemetry.js";
@@ -109,12 +109,6 @@ function parseArgs(argv) {
 
 const uuidish = (s) => /^[0-9a-f]{8}-[0-9a-f]{4}-/i.test(s || "");
 
-/** The "owner/name" repo slug for source deep-links. In GitHub Actions
- * GITHUB_REPOSITORY is exactly that and the checkout is repo-root-relative (so
- * our source_path lines up). Outside CI we return "" (omit it) rather than guess
- * from a git remote, since a local scan root may not be the repo root. */
-const ghRepoSlug = () => (process.env.GITHUB_REPOSITORY || "").trim();
-
 /** The set of source ids the user named VERBATIM in --sources (empty for the
  * default / "all"). Naming a live integration here overrides its enabled-gate. */
 function explicitSources(flags) {
@@ -312,17 +306,12 @@ async function cmdScan(positional, flags) {
       return true;
     });
 
-  const usages = rows.map((r) => ({
-    model_id: r.model_id ?? undefined,
-    // Redact + bound the custom id: a generic-glob hit on an .env line can over-
-    // capture a secret-ish fragment, and only the snippet was being redacted.
-    custom_model_name: r.model_id ? undefined : redactValue(r.model_string).slice(0, 120),
-    environment: r.environment,
-    location_label: r.location_label,
-    source_repo: ghRepoSlug() || undefined,
-    source_path: r.source_path,
-    source_line: r.source_line ?? undefined,
-  }));
+  // Build the upload payload via the SHARED helper so the command, the TUI Scan
+  // tab, and the Here push produce byte-identical usages (model resolution +
+  // redaction + the location_label scheme prefix that carries provenance). Parity-
+  // only: buildUsages reads the same fields the inline map did and falls back to
+  // GITHUB_REPOSITORY for source_repo. No new data is uploaded.
+  const usages = await buildUsages(client, rows);
 
   // --dry-run: show exactly what WOULD upload (secret-source safety check).
   if (flags["dry-run"]) {

package/src/sources/shell.js

@@ -2,6 +2,31 @@ import { execFile } from "node:child_process";
 import fs from "node:fs";
 import path from "node:path";
 
+/** Test-only fixture file name for a command+args, e.g. run("vercel",["env","ls",
+ * "production","--scope","team"]) → "vercel.env.ls.production.txt". Per-run scoping
+ * flags (--scope/--project-ref/--region) AND the value that follows each are
+ * dropped so a fixture is keyed on the stable command shape. Lowercased, path
+ * separators → dots. */
+const FIXTURE_SKIP_FLAGS = new Set(["--scope", "--project-ref", "--region"]);
+export function fixtureName(cmd, args = []) {
+  const kept = [];
+  for (let i = 0; i < args.length; i++) {
+    if (FIXTURE_SKIP_FLAGS.has(String(args[i]))) {
+      i++; // also skip the flag's value
+      continue;
+    }
+    kept.push(args[i]);
+  }
+  return (
+    [cmd, ...kept]
+      .join(".")
+      .toLowerCase()
+      .replace(/[/\\]/g, ".")
+      .replace(/[^a-z0-9._-]/g, "")
+      .slice(0, 120) + ".txt"
+  );
+}
+
 /** Is `name` an executable on PATH? Pure PATH scan — no shell, no spawn. */
 export function hasCmd(name) {
   const PATH = process.env.PATH || "";
@@ -18,8 +43,25 @@ export function hasCmd(name) {
 }
 
 /** Run a command WITHOUT a shell (execFile → no injection). Read-only by
- * convention. Never throws; resolves { ok, stdout, stderr, code }. */
+ * convention. Never throws; resolves { ok, stdout, stderr, code }.
+ *
+ * TEST-ONLY: when process.env.MM_SOURCE_FIXTURE is set (a directory of canned
+ * vendor outputs), this REPLAYS a fixture file instead of spawning — so the full
+ * vercel/supabase collect() flow runs with zero cloud access. It is strictly less
+ * capable than the real path (read-only, no spawn / write / network), a pure no-op
+ * when the env var is unset (prod default), and a missing fixture degrades exactly
+ * like a missing CLI ({ok:false, code:127}). It is the symmetric twin of the
+ * LLMSTATUS_INTEGRATIONS_FILE / LLMSTATUS_IGNORE_FILE test redirects. */
 export function run(cmd, args, { timeout = 25000, input, maxBuffer = 48 * 1024 * 1024 } = {}) {
+  const fixtureDir = process.env.MM_SOURCE_FIXTURE;
+  if (fixtureDir) {
+    try {
+      const stdout = fs.readFileSync(path.join(fixtureDir, fixtureName(cmd, args)), "utf8");
+      return Promise.resolve({ ok: true, stdout, stderr: "", code: 0 });
+    } catch {
+      return Promise.resolve({ ok: false, stdout: "", stderr: "no fixture", code: 127 });
+    }
+  }
   return new Promise((resolve) => {
     const child = execFile(cmd, args, { timeout, maxBuffer }, (err, stdout, stderr) => {
       resolve({ ok: !err, stdout: stdout || "", stderr: stderr || "", code: err?.code ?? 0 });

package/src/sources/supabase-edge.js

@@ -114,7 +114,9 @@ export const supabaseEdgeSource = {
   integration: true,
   envTag: "unknown",
   async available() {
-    return hasCmd("supabase") || !!process.env.SUPABASE_ACCESS_TOKEN;
+    // MM_SOURCE_FIXTURE is a test-only OR (no CLI / token needed for the no-cred
+    // fixture flow); the real hasCmd PATH check is unchanged.
+    return hasCmd("supabase") || !!process.env.SUPABASE_ACCESS_TOKEN || !!process.env.MM_SOURCE_FIXTURE;
   },
   /** Read-only identity probe (MAY spawn). Used by the TUI "test" key + verbose
    * `mm sources`, NOT by the hot collect path. */
@@ -135,8 +137,10 @@ export const supabaseEdgeSource = {
     const out = [];
 
     // (a) Secret NAMES only (never values). Requires the CLI; skipped gracefully
-    // when only a token is present (no shell to list through).
-    if (hasCmd("supabase")) {
+    // when only a token is present (no shell to list through). Under the test-only
+    // MM_SOURCE_FIXTURE, `run` replays a canned table so this branch is exercised
+    // end-to-end without the CLI.
+    if (hasCmd("supabase") || process.env.MM_SOURCE_FIXTURE) {
       const refArg = opts?.supabaseProjectRef ? ["--project-ref", opts.supabaseProjectRef] : [];
       const secrets = await run("supabase", ["secrets", "list", ...refArg]);
       if (secrets.ok) {

package/src/sources/vercel.js

@@ -44,7 +44,9 @@ export const vercelSource = {
   integration: true,
   envTag: "unknown",
   async available() {
-    return hasCmd("vercel") || !!process.env.VERCEL_TOKEN;
+    // MM_SOURCE_FIXTURE is a test-only OR (lights up the spawn surface with no CLI
+    // / token so the no-cred fixture flow runs); the real hasCmd PATH check stays.
+    return hasCmd("vercel") || !!process.env.VERCEL_TOKEN || !!process.env.MM_SOURCE_FIXTURE;
   },
   async authState() {
     const r = await run("vercel", ["whoami"]);

package/src/tui/game/dk-core.js

@@ -85,7 +85,7 @@ export function bonusForLevel(level) {
   return 5000 + level * 1000;
 }
 
-const SCHEMA = 2;
+const SCHEMA = 3; // bumped: board contract now varies per level (N/slope/ladder placement)
 
 // ---- Level scaling (pure, tested monotonic) --------------------------------
 /** DK barrel-throw cadence in TICKS — faster (shorter) as you climb. */
@@ -121,16 +121,145 @@ export function boardSize(width, height) {
   return { BOARD_W, BOARD_H };
 }
 
-function buildSlope(baseRow, w, down, amp) {
+function buildSlope(baseRow, w, down, amp, slopeEvery = SLOPE_EVERY) {
   const offs = new Array(w);
   for (let x = 0; x < w; x++) {
-    const steps = Math.floor(x / SLOPE_EVERY);
+    const steps = Math.floor(x / slopeEvery);
     const off = down ? steps : -steps;
     offs[x] = baseRow + Math.max(-amp, Math.min(amp, off));
   }
   return offs;
 }
 
+// ---- Per-level layout generator (PURE, deterministic) ----------------------
+/* `levelLayout(level, BOARD_W, BOARD_H)` returns the few geometry knobs initGame
+ * reads instead of hardcoded values, keyed on k = (level-1) % 10 so levels 1-10
+ * are distinct and 11+ cycle (L11 === L1). It is a pure function of its three
+ * args only — no Math.random / Date.now / rngSeed — so the same (size, level)
+ * yields a byte-identical board on node and the bun binary (INVARIANT 4).
+ *
+ * Every knob is CLAMPED to the feasible window so it can never break an invariant:
+ *  - N is clamped to [3, Nmax(BOARD_H)] (Nmax = largest N<=5 with gap>=GAP_MIN),
+ *    so on the minimum 28x12 board every level collapses to N=3 (== today) and a
+ *    small terminal never gets an unsafe extra girder. (INVARIANT 3.)
+ *  - amp is only ever LOWERED below the existing floor((gap-1)/2) clamp, AND
+ *    further capped so every ladder spans >=2 rows (gap-2*amp>=2 → amp<=(gap-2)/2)
+ *    — so girders never cross (amp<gap/2, INVARIANT 2) and ladders are never the
+ *    1-row fragile latches the critic flagged (B3).
+ *  - ladder columns are clamped to [2, BOARD_W-3] (double-wide [col,col+1] fits,
+ *    INVARIANT 1) AND nudged so no two ladders' footprints overlap (>=2 apart),
+ *    which the critic flagged would otherwise shadow a ladder in ladderAt (B2).
+ *  - dkCol / princessCol clamped to [2, BOARD_W-3].
+ * The slope DIRECTION/cadence knobs (slopeDownFor, slopeEvery) only move points
+ * WITHIN the ±amp band, so no pattern can induce a crossing. Up-slope traversal
+ * (the critic's B1) is handled in stepPlaying's grounded branch (riser auto-mount).
+ */
+const GAP_MIN = 4; // min girder spacing for the N-delta to take effect on tall boards
+const clampInt = (v, lo, hi) => (v < lo ? lo : v > hi ? hi : v);
+// Per-k knob tables (k = (level-1) % 10). All bounded; clamps make them safe.
+const L_NDELTA   = [0, 0, 1, 0, 1, 0, 2, 1, 0, 2]; // extra girders (capped at Nmax)
+const L_AMPCAP   = [2, 1, 2, 0, 2, 1, 2, 1, 2, 0]; // some levels flatter (amp 0/1)
+const L_SLOPEEV  = [6, 5, 7, 6, 4, 6, 8, 5, 6, 4]; // stair cadence (cosmetic)
+const L_SLOPEPAT = [0, 0, 1, 2, 3, 4, 5, 6, 7, 1]; // slope-direction pattern id
+const L_LADSTY   = [0, 1, 0, 5, 4, 0, 0, 1, 5, 0]; // ladder placement style id
+const L_STAGMAG  = [3, 2, 4, 3, 5, 2, 3, 4, 2, 3]; // ladder stagger magnitude
+const L_DKSTY    = [0, 0, 1, 0, 2, 3, 1, 0, 2, 3]; // DK column style id (cosmetic)
+const L_PRSTY    = [0, 0, 1, 2, 0, 3, 4, 0, 5, 0]; // princess column style id
+
+/** Largest girder count N in [3,5] whose even spacing gap>=GAP_MIN; else 3. The
+ * Math.max(3,…) floor (not the gap gate) is what guarantees the small board. */
+function nMaxForHeight(BOARD_H) {
+  let best = 3;
+  for (let n = 3; n <= 5; n++) if (Math.floor((BOARD_H - 2) / n) >= GAP_MIN) best = n;
+  return best;
+}
+/** Per-girder slope direction (down-rightward) for a slope pattern. ANY value is
+ * safe (clamped to ±amp around distinct baseRows → never crosses). */
+function slopeDownFor(pat, i) {
+  switch (pat) {
+    case 1: return i % 2 === 1;             // alternating from odd (phase flip)
+    case 2: return true;                    // all-down
+    case 3: return false;                   // all-up
+    case 4: return Math.floor(i / 2) % 2 === 0; // zig-zag pairs
+    case 5: return true;                    // all-down (gentle via slopeEvery)
+    case 6: return false;                   // all-up
+    case 7: return i % 2 === 0;             // alternating from even
+    case 0:
+    default: return i % 2 === 0;            // alternating from even (classic)
+  }
+}
+export function levelLayout(level, BOARD_W, BOARD_H) {
+  const k = (((level - 1) % 10) + 10) % 10;
+  const Nmax = nMaxForHeight(BOARD_H);
+  const N = clampInt(3 + L_NDELTA[k], 3, Nmax);
+  const gap = Math.floor((BOARD_H - 2) / N);
+  // amp: never above today's floor((gap-1)/2); also cap so every ladder spans
+  // >=2 rows (gap - 2*amp >= 2 ⇒ amp <= (gap-2)/2). amp<gap/2 ⇒ no girder cross.
+  let amp = Math.max(0, Math.min(L_AMPCAP[k], Math.floor((gap - 1) / 2)));
+  amp = Math.max(0, Math.min(amp, Math.floor((gap - 2) / 2)));
+  const slopeEvery = L_SLOPEEV[k];
+  const pat = L_SLOPEPAT[k];
+  const sty = L_LADSTY[k];
+  const stag = L_STAGMAG[k];
+  const lo = 2, hi = BOARD_W - 3;
+
+  // Ladder columns: one per adjacent pair, per-level placement style, then nudged
+  // so no two footprints [col,col+1] overlap (>=2 apart) and all in [lo,hi].
+  const cols = [];
+  for (let i = 0; i < N - 1; i++) {
+    const frac = (i + 1) / N;
+    let base;
+    switch (sty) {
+      case 1: base = lo + 2 + i * 2 + (i % 2 ? 0 : 1); break;             // clustered-left
+      case 2: base = hi - 2 - i * 2; break;                              // clustered-right
+      case 3: base = Math.floor(frac * BOARD_W) + (i % 2 ? stag : -stag); break; // reversed stagger
+      case 4: base = hi - 3 - (N - 2 - i) * 2 - (i % 2 ? stag : 0); break; // clustered-right staggered
+      case 5: base = (i % 2 === 0) ? lo + 1 + i : hi - 1 - i; break;       // near-edges alternating
+      case 0:
+      default: base = Math.floor(frac * BOARD_W) + (i % 2 ? -stag : stag); // spread (classic)
+    }
+    cols.push(clampInt(base, lo, hi));
+  }
+  for (let i = 1; i < cols.length; i++) {
+    for (let j = 0; j < i; j++) {
+      let guard = 0;
+      while (Math.abs(cols[i] - cols[j]) < 2 && guard++ < 256) {
+        cols[i] = cols[i] + 2 <= hi ? cols[i] + 2 : cols[i] - 2;
+        if (cols[i] < lo) { cols[i] = lo; break; }
+      }
+    }
+    cols[i] = clampInt(cols[i], lo, hi);
+  }
+
+  let dkCol;
+  switch (L_DKSTY[k]) {
+    case 1: dkCol = BOARD_W - 3; break;
+    case 2: dkCol = BOARD_W - 4; break;
+    case 3: dkCol = 3; break;
+    case 0:
+    default: dkCol = 2;
+  }
+  const cen = Math.floor(BOARD_W / 2);
+  let princessCol;
+  switch (L_PRSTY[k]) {
+    case 1: princessCol = Math.floor(BOARD_W / 3); break;
+    case 2: princessCol = Math.floor((2 * BOARD_W) / 3); break;
+    case 3: princessCol = Math.floor(BOARD_W / 4); break;
+    case 4: princessCol = Math.floor((3 * BOARD_W) / 4); break;
+    case 5: princessCol = cen + 4; break;
+    case 0:
+    default: princessCol = cen;
+  }
+
+  return {
+    k, N, gap, amp, slopeEvery, slopePat: pat,
+    slopeDownFor: (i) => slopeDownFor(pat, i),
+    ladderCols: cols,
+    dkCol: clampInt(dkCol, lo, hi),
+    princessCol: clampInt(princessCol, lo, hi),
+  };
+}
+
 /** Girder index whose standing row is at-or-just-below row y at column x. */
 function girderBelow(platforms, x, y) {
   let best = -1, bestRow = Infinity;
@@ -182,34 +311,40 @@ export function initGame({
   const { BOARD_W, BOARD_H } = boardSize(width, height);
   if (BOARD_W < MIN_W || BOARD_H < MIN_H) return { tooSmall: true, BOARD_W, BOARD_H };
 
-  // Fewer girders → bigger vertical gaps → real jump headroom (a jump head-bonks
-  // the girder overhead, so girders ~3 rows apart capped jumps at ~1 cell; ~4+
-  // rows lets the higher JUMP_VY actually read as a tall jump).
-  const N = Math.max(3, Math.min(4, Math.floor(BOARD_H / 4)));
-  const gap = Math.floor((BOARD_H - 2) / N);
-  const amp = Math.max(0, Math.min(2, Math.floor((gap - 1) / 2)));
+  // Per-level layout: a PURE function of (level, BOARD_W, BOARD_H) — see
+  // levelLayout for the clamps that keep every knob within its invariant window.
+  // Fewer girders → bigger vertical gaps → real jump headroom (~4+ rows apart so
+  // the higher JUMP_VY reads as a tall jump); levelLayout's Nmax(BOARD_H) gate
+  // preserves that on small boards (N collapses to 3 exactly as the old gen did).
+  const layout = levelLayout(level, BOARD_W, BOARD_H);
+  const { N, gap, amp, slopeEvery } = layout;
   const platforms = [];
   for (let i = 0; i < N; i++) {
     const baseRow = BOARD_H - 2 - amp - i * gap; // 0 = bottom-most girder
-    const down = i % 2 === 0;
-    platforms.push({ row: baseRow, slopeOffsets: buildSlope(baseRow, BOARD_W, down, amp) });
+    const down = layout.slopeDownFor(i);
+    platforms.push({ row: baseRow, slopeOffsets: buildSlope(baseRow, BOARD_W, down, amp, slopeEvery) });
   }
   // platforms[0] is the LOWEST (largest row); platforms[N-1] the HIGHEST.
 
+  // One ladder per adjacent pair, IN ORDER (ladders[i] connects platforms[i]→[i+1])
+  // so the autopilot's ladders[gi] assumption holds verbatim. The column comes from
+  // the layout (already clamped to [2,BOARD_W-3] + footprint-deconflicted); the
+  // endpoints are recomputed from the slope AT THAT column so both rails touch both
+  // standing rows even on sloped girders.
   const ladders = [];
   for (let i = 0; i < N - 1; i++) {
     const lower = platforms[i];
     const upper = platforms[i + 1];
-    const col = Math.max(2, Math.min(BOARD_W - 3, Math.floor(((i + 1) / N) * BOARD_W) + (i % 2 ? -3 : 3)));
+    const col = layout.ladderCols[i];
     const yBottom = lower.slopeOffsets[col] - 1;
     const yTop = upper.slopeOffsets[col] - 1;
     ladders.push({ col, yTop: Math.min(yTop, yBottom), yBottom: Math.max(yTop, yBottom) });
   }
 
   const top = platforms[N - 1];
-  const dkCol = 2;
+  const dkCol = layout.dkCol;
   const donkeyKong = { x: dkCol, y: top.slopeOffsets[dkCol] - 1, throwCooldown: 2, animPhase: 0 };
-  const princessCol = Math.floor(BOARD_W / 2);
+  const princessCol = layout.princessCol;
   const princess = { x: princessCol, y: top.slopeOffsets[princessCol] - 1, animPhase: 0 };
 
   const player = makePlayer(platforms);
@@ -498,10 +633,24 @@ function stepPlaying(s, input, dt) {
       }
     } else {
       // Grounded: follow the slope at the current column, detect walk-off.
+      // A sloped girder steps ±1 row every `slopeEvery` columns, so when walking
+      // INTO a riser the girder's stand row at the next column is one ABOVE the
+      // player's current cell (girderIndexAt at cell(py)+1 then misses → the
+      // player walks off the riser and falls — the critic's B1). Re-snap to the
+      // girder whose stand row is within ±1 of the player's cell so the player
+      // auto-mounts a one-row riser (and follows a one-row drop) instead of
+      // falling off. This is the same riser the player was already standing on
+      // (girders are >=2 rows apart, so at most one girder qualifies), so it
+      // never teleports between platforms — it just walks the staircase.
       const c = cell(p.px);
-      const gi = girderIndexAt(platforms, c, cell(p.py) + 1);
+      const cy = cell(p.py);
+      // girder cell one below the player (flat / down-step → stand row stays cy).
+      let gi = girderIndexAt(platforms, c, cy + 1);
+      // up-step: the girder cell is AT the player's current row (stand row cy-1),
+      // so the next-column girder stepped up one — auto-mount it.
+      if (gi < 0) gi = girderIndexAt(platforms, c, cy);
       if (gi >= 0) {
-        p.py = toFx(platforms[gi].slopeOffsets[c] - 1); // re-snap to slope
+        p.py = toFx(platforms[gi].slopeOffsets[c] - 1); // re-snap to slope (auto-mount the riser)
         p.vy = 0;
       } else {
         // walked off the edge → coyote window, begin falling
@@ -686,5 +835,5 @@ export function deserialize(obj) {
 // Expose internals for focused unit tests.
 export const _internals = {
   girderBelow, isGirderAt, girderIndexAt, ladderAt, rng, between,
-  makePlayer, advanceBarrels, syncCell,
+  makePlayer, advanceBarrels, syncCell, levelLayout, nMaxForHeight,
 };

package/src/tui/source-meta.js

@@ -0,0 +1,83 @@
+/* Shared, PURE provenance mapping for the CLI (no React, no I/O). It answers one
+ * question for any tracked usage: WHERE was this model discovered? — filesystem,
+ * an env var, Vercel, Supabase Edge, an AWS Lambda / Bedrock / Secrets / SSM, a
+ * GitHub Actions config, Kubernetes, Helm, a SQL/config table, or added by hand.
+ *
+ * STORAGE: we DERIVE provenance with zero migration. Two non-secret signals that
+ * already reach + persist in the DB drive it:
+ *   (1) the scheme prefix every integration source stamps into `location_label`
+ *       (vercel://, supabase-edge://, aws-lambda://, aws-bedrock://, aws-secrets://,
+ *        aws-ssm://, github-actions://, env://, k8s://, helm://, sql://), and
+ *   (2) `discovered_by` (manual vs cli) for the prefix-less filesystem/manual case.
+ * The scheme prefix + the labels/badges below are NON-SECRET — we never surface a
+ * secret VALUE, so this keeps the redaction invariant intact.
+ *
+ * This file MUST stay byte-for-byte equivalent in keys/labels/badges to the web
+ * counterpart apps/web/lib/source-meta.ts — CLI↔web parity is the contract. */
+
+import { GLYPH, C } from "./ui.js";
+
+// scheme (from location_label `^scheme://`) → canonical source_type.
+// NOTE: the AWS Lambda source emits TWO schemes — `aws-lambda://` for an env var
+// found on a Lambda and `aws-bedrock://` for an enabled Bedrock foundation model —
+// so they map to DISTINCT source types. Likewise aws.js emits aws-secrets:// AND
+// aws-ssm://. An unknown/future scheme falls through to "filesystem" (safe default).
+const SCHEME_TO_SOURCE = {
+  vercel: "vercel",
+  "supabase-edge": "supabase-edge",
+  "aws-lambda": "aws-lambda",
+  "aws-bedrock": "aws-bedrock",
+  "aws-secrets": "aws-secrets",
+  "aws-ssm": "aws-ssm",
+  "github-actions": "github-actions",
+  env: "env",
+  k8s: "k8s",
+  helm: "helm",
+  sql: "sql",
+};
+
+/**
+ * Derive a usage's source_type from its persisted location_label + discovered_by.
+ *  - a known `scheme://` prefix → that scheme's source_type
+ *  - literal "manual" label OR discovered_by === "manual" → manual
+ *  - otherwise (plain repo path, discovered_by "cli", or empty) → filesystem
+ */
+export function sourceOf(locationLabel, discoveredBy) {
+  const label = String(locationLabel || "");
+  // Scheme allows digits (k8s://). Unknown scheme → falls through to filesystem.
+  const m = /^([a-z][a-z0-9-]*):\/\//.exec(label);
+  if (m && SCHEME_TO_SOURCE[m[1]]) return SCHEME_TO_SOURCE[m[1]];
+  if (label === "manual" || discoveredBy === "manual") return "manual";
+  return "filesystem";
+}
+
+// source_type → display metadata. `badge` is ≤8 chars (the inventory SOURCE
+// column width). `glyph`/`ascii` are a unicode/ASCII pair so the column degrades
+// on dumb terminals exactly like the rest of the TUI. Colors reuse the SAME hexes
+// as tui/views/integrations.js KIND_COLOR so the Sources tab + Inventory match.
+export const SOURCE_META = {
+  filesystem: { label: "Repo file", badge: "repo", glyph: GLYPH.dot, color: C.FG_DIM },
+  env: { label: "Env var", badge: "env", glyph: "=", color: C.FG_DIM },
+  vercel: { label: "Vercel env", badge: "vercel", glyph: GLYPH.retiring, color: C.FG_STRONG },
+  "supabase-edge": { label: "Supabase Edge", badge: "supabase", glyph: "~", color: "#3ecf8e" },
+  "aws-lambda": { label: "AWS Lambda", badge: "aws", glyph: "λ", ascii: "L", color: "#ff9900" },
+  "aws-bedrock": { label: "AWS Bedrock", badge: "bedrock", glyph: "λ", ascii: "L", color: "#ff9900" },
+  "aws-secrets": { label: "AWS Secrets", badge: "secrets", glyph: "λ", ascii: "L", color: "#ff9900" },
+  "aws-ssm": { label: "AWS SSM", badge: "ssm", glyph: "λ", ascii: "L", color: "#ff9900" },
+  "github-actions": { label: "GitHub Actions", badge: "github", glyph: "⎇", ascii: "gh", color: "#a78bfa" },
+  k8s: { label: "Kubernetes", badge: "k8s", glyph: "⎈", ascii: "k8s", color: "#326ce5" },
+  helm: { label: "Helm", badge: "helm", glyph: "⎈", ascii: "helm", color: "#0f6fd1" },
+  sql: { label: "SQL/config", badge: "sql", glyph: "▦", ascii: "sql", color: C.FG_DIM },
+  manual: { label: "Manual", badge: "manual", glyph: GLYPH.repl === "->" ? "+" : "✎", ascii: "+", color: C.FG_FAINT },
+};
+
+// Whether the GLYPH table is the ASCII fallback (MM_ASCII=1 / TERM=dumb). When it
+// is, prefer each meta's `ascii` variant for the non-ASCII-safe unicode glyphs
+// (λ/⎇/⎈/▦/✎). GLYPH.repl is "->" only in the ASCII table, so it's a stable probe.
+const ASCII = GLYPH.repl === "->";
+
+/** The terminal-safe glyph for a source_type (ASCII fallback when MM_ASCII). */
+export function sourceGlyph(sourceType) {
+  const meta = SOURCE_META[sourceType] || SOURCE_META.filesystem;
+  return ASCII && meta.ascii ? meta.ascii : meta.glyph;
+}

package/src/tui/views/inventory.js

@@ -10,6 +10,7 @@ import {
   relativeTime, envTag, cell, cellE, snippetLines, SPINNER, useTick, useAsync, clampCursor,
 } from "../ui.js";
 import { readSnippet, findSourceFile } from "../snippet.js";
+import { sourceOf, SOURCE_META, sourceGlyph } from "../source-meta.js";
 
 const ENV_ORDER = ["prod", "staging", "dev", "unknown"];
 
@@ -158,9 +159,13 @@ export function InventoryView({ client, ui, dir = ".", active, width = 78, heigh
   // ----- layout: left list pane + right detail drawer -----
   const drawerW = 34;
   const leftWidth = Math.max(24, width - drawerW - 2);
-  // left columns: glyph(2) + slug + sp(1) + env(7) + sp(1) + project; rail is col 1.
+  // left columns: glyph(2) + slug + sp(1) + env(7) + sp(1) + SOURCE + sp(1) + project.
+  // SOURCE is a fixed badge column on wide layouts, a 1-char glyph when tight, so it
+  // shrinks projW (which keeps a floor) rather than overflowing on narrow terminals.
   const ENV_W = 7;
-  const FIXED = 2 + 1 + ENV_W + 1; // glyph+sp, sp, env, sp
+  const wideSrc = leftWidth >= 70;
+  const SOURCE_W = wideSrc ? 8 : 1; // badge (≤8) vs glyph-only
+  const FIXED = 2 + 1 + ENV_W + 1 + SOURCE_W + 1; // glyph+sp, sp, env, sp, source, sp
   const slugW = Math.max(10, Math.floor((leftWidth - 1 - FIXED) * 0.5));
   const projW = Math.max(8, leftWidth - 1 - FIXED - slugW);
 
@@ -187,19 +192,24 @@ export function InventoryView({ client, ui, dir = ".", active, width = 78, heigh
   const header = h(
     Text,
     { color: C.FG_FAINT },
-    " " + cell("MODEL", 2 + slugW) + cell("ENV", 1 + ENV_W) + "PROJECT",
+    " " + cell("MODEL", 2 + slugW) + cell("ENV", 1 + ENV_W) + cell(wideSrc ? "SRC" : "S", SOURCE_W + 1) + "PROJECT",
   );
 
   const rowNodes = view.map((u, i) => {
     const isCur = start + i === c;
     const et = envTag(u.environment);
     const slug = u.model_display || u.custom_model_name || "?";
+    const st = sourceOf(u.location_label, u.discovered_by);
+    const meta = SOURCE_META[st];
+    const srcText = wideSrc ? meta.badge : sourceGlyph(st);
     const cells = [
       { text: `${healthGlyph(u.health)} `, color: healthColor(u.health) },
       { text: cellE(slug, slugW), color: isCur ? C.FG_STRONG : C.FG, bold: isCur },
       { text: " ", color: C.FG },
       { text: cell(et.text, ENV_W), color: et.color },
       { text: " ", color: C.FG },
+      { text: cell(srcText, SOURCE_W), color: meta.color },
+      { text: " ", color: C.FG },
       { text: cellE(projName(u.project_id), projW), color: C.FG_DIM },
     ];
     return h(ListRow, { key: u.id, active: isCur, cells, width: leftWidth });
@@ -242,6 +252,14 @@ export function InventoryView({ client, ui, dir = ".", active, width = 78, heigh
           h(Text, {}, h(Text, { color: C.FG_DIM }, "project "), h(Text, { color: C.FG }, projName(cur.project_id))),
           cur.source_repo ? h(Text, {}, h(Text, { color: C.FG_DIM }, "repo "), h(Text, { color: C.FG }, cur.source_repo)) : null,
           h(Text, {}, h(Text, { color: C.FG_DIM }, "where "), h(Text, { color: C.FG_DIM }, where)),
+          (() => {
+            // Human SOURCE label (derived from the location_label scheme prefix +
+            // discovered_by). The raw scheme stays in `where` (it's the locator);
+            // this is the friendly name, and `via <discovered_by>` below reads as a
+            // sub-detail. Non-secret — never surfaces a value.
+            const meta = SOURCE_META[sourceOf(cur.location_label, cur.discovered_by)];
+            return h(Text, {}, h(Text, { color: C.FG_DIM }, "source "), h(Text, { color: meta.color }, meta.label));
+          })(),
           rt && rt.text
             ? h(Text, {}, h(Text, { color: C.FG_DIM }, "retires "), h(Text, { color: rt.color, bold: rt.bold }, rt.text))
             : null,