@modelstatus/cli 0.1.41 → 0.1.42

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@modelstatus/cli",
-  "version": "0.1.41",
+  "version": "0.1.42",
   "description": "Track which AI models you use, where, and never get surprised by a retirement. Free offline model-health for any repo (mm status), browser sign-in for cloud inventory + alerts.",
   "keywords": [
     "llm",

package/src/index.js

@@ -10,7 +10,7 @@ import {
   getEnvTag, setEnabled, setEnvTag,
 } from "./integrations.js";
 import { redactValue } from "./redact.js";
-import { assignProjects } from "./upload.js";
+import { assignProjects, buildUsages } from "./upload.js";
 import { loginViaBrowser } from "./auth.js";
 import { maybeCheckForUpdate } from "./updater.js";
 import { track, maybeAnalyticsNotice } from "./telemetry.js";
@@ -109,12 +109,6 @@ function parseArgs(argv) {
 
 const uuidish = (s) => /^[0-9a-f]{8}-[0-9a-f]{4}-/i.test(s || "");
 
-/** The "owner/name" repo slug for source deep-links. In GitHub Actions
- * GITHUB_REPOSITORY is exactly that and the checkout is repo-root-relative (so
- * our source_path lines up). Outside CI we return "" (omit it) rather than guess
- * from a git remote, since a local scan root may not be the repo root. */
-const ghRepoSlug = () => (process.env.GITHUB_REPOSITORY || "").trim();
-
 /** The set of source ids the user named VERBATIM in --sources (empty for the
  * default / "all"). Naming a live integration here overrides its enabled-gate. */
 function explicitSources(flags) {
@@ -312,17 +306,12 @@ async function cmdScan(positional, flags) {
       return true;
     });
 
-  const usages = rows.map((r) => ({
-    model_id: r.model_id ?? undefined,
-    // Redact + bound the custom id: a generic-glob hit on an .env line can over-
-    // capture a secret-ish fragment, and only the snippet was being redacted.
-    custom_model_name: r.model_id ? undefined : redactValue(r.model_string).slice(0, 120),
-    environment: r.environment,
-    location_label: r.location_label,
-    source_repo: ghRepoSlug() || undefined,
-    source_path: r.source_path,
-    source_line: r.source_line ?? undefined,
-  }));
+  // Build the upload payload via the SHARED helper so the command, the TUI Scan
+  // tab, and the Here push produce byte-identical usages (model resolution +
+  // redaction + the location_label scheme prefix that carries provenance). Parity-
+  // only: buildUsages reads the same fields the inline map did and falls back to
+  // GITHUB_REPOSITORY for source_repo. No new data is uploaded.
+  const usages = await buildUsages(client, rows);
 
   // --dry-run: show exactly what WOULD upload (secret-source safety check).
   if (flags["dry-run"]) {

package/src/sources/shell.js

@@ -2,6 +2,31 @@ import { execFile } from "node:child_process";
 import fs from "node:fs";
 import path from "node:path";
 
+/** Test-only fixture file name for a command+args, e.g. run("vercel",["env","ls",
+ * "production","--scope","team"]) → "vercel.env.ls.production.txt". Per-run scoping
+ * flags (--scope/--project-ref/--region) AND the value that follows each are
+ * dropped so a fixture is keyed on the stable command shape. Lowercased, path
+ * separators → dots. */
+const FIXTURE_SKIP_FLAGS = new Set(["--scope", "--project-ref", "--region"]);
+export function fixtureName(cmd, args = []) {
+  const kept = [];
+  for (let i = 0; i < args.length; i++) {
+    if (FIXTURE_SKIP_FLAGS.has(String(args[i]))) {
+      i++; // also skip the flag's value
+      continue;
+    }
+    kept.push(args[i]);
+  }
+  return (
+    [cmd, ...kept]
+      .join(".")
+      .toLowerCase()
+      .replace(/[/\\]/g, ".")
+      .replace(/[^a-z0-9._-]/g, "")
+      .slice(0, 120) + ".txt"
+  );
+}
+
 /** Is `name` an executable on PATH? Pure PATH scan — no shell, no spawn. */
 export function hasCmd(name) {
   const PATH = process.env.PATH || "";
@@ -18,8 +43,25 @@ export function hasCmd(name) {
 }
 
 /** Run a command WITHOUT a shell (execFile → no injection). Read-only by
- * convention. Never throws; resolves { ok, stdout, stderr, code }. */
+ * convention. Never throws; resolves { ok, stdout, stderr, code }.
+ *
+ * TEST-ONLY: when process.env.MM_SOURCE_FIXTURE is set (a directory of canned
+ * vendor outputs), this REPLAYS a fixture file instead of spawning — so the full
+ * vercel/supabase collect() flow runs with zero cloud access. It is strictly less
+ * capable than the real path (read-only, no spawn / write / network), a pure no-op
+ * when the env var is unset (prod default), and a missing fixture degrades exactly
+ * like a missing CLI ({ok:false, code:127}). It is the symmetric twin of the
+ * LLMSTATUS_INTEGRATIONS_FILE / LLMSTATUS_IGNORE_FILE test redirects. */
 export function run(cmd, args, { timeout = 25000, input, maxBuffer = 48 * 1024 * 1024 } = {}) {
+  const fixtureDir = process.env.MM_SOURCE_FIXTURE;
+  if (fixtureDir) {
+    try {
+      const stdout = fs.readFileSync(path.join(fixtureDir, fixtureName(cmd, args)), "utf8");
+      return Promise.resolve({ ok: true, stdout, stderr: "", code: 0 });
+    } catch {
+      return Promise.resolve({ ok: false, stdout: "", stderr: "no fixture", code: 127 });
+    }
+  }
   return new Promise((resolve) => {
     const child = execFile(cmd, args, { timeout, maxBuffer }, (err, stdout, stderr) => {
       resolve({ ok: !err, stdout: stdout || "", stderr: stderr || "", code: err?.code ?? 0 });

package/src/sources/supabase-edge.js

@@ -114,7 +114,9 @@ export const supabaseEdgeSource = {
   integration: true,
   envTag: "unknown",
   async available() {
-    return hasCmd("supabase") || !!process.env.SUPABASE_ACCESS_TOKEN;
+    // MM_SOURCE_FIXTURE is a test-only OR (no CLI / token needed for the no-cred
+    // fixture flow); the real hasCmd PATH check is unchanged.
+    return hasCmd("supabase") || !!process.env.SUPABASE_ACCESS_TOKEN || !!process.env.MM_SOURCE_FIXTURE;
   },
   /** Read-only identity probe (MAY spawn). Used by the TUI "test" key + verbose
    * `mm sources`, NOT by the hot collect path. */
@@ -135,8 +137,10 @@ export const supabaseEdgeSource = {
     const out = [];
 
     // (a) Secret NAMES only (never values). Requires the CLI; skipped gracefully
-    // when only a token is present (no shell to list through).
-    if (hasCmd("supabase")) {
+    // when only a token is present (no shell to list through). Under the test-only
+    // MM_SOURCE_FIXTURE, `run` replays a canned table so this branch is exercised
+    // end-to-end without the CLI.
+    if (hasCmd("supabase") || process.env.MM_SOURCE_FIXTURE) {
       const refArg = opts?.supabaseProjectRef ? ["--project-ref", opts.supabaseProjectRef] : [];
       const secrets = await run("supabase", ["secrets", "list", ...refArg]);
       if (secrets.ok) {

package/src/sources/vercel.js

@@ -44,7 +44,9 @@ export const vercelSource = {
   integration: true,
   envTag: "unknown",
   async available() {
-    return hasCmd("vercel") || !!process.env.VERCEL_TOKEN;
+    // MM_SOURCE_FIXTURE is a test-only OR (lights up the spawn surface with no CLI
+    // / token so the no-cred fixture flow runs); the real hasCmd PATH check stays.
+    return hasCmd("vercel") || !!process.env.VERCEL_TOKEN || !!process.env.MM_SOURCE_FIXTURE;
   },
   async authState() {
     const r = await run("vercel", ["whoami"]);

package/src/tui/source-meta.js

@@ -0,0 +1,83 @@
+/* Shared, PURE provenance mapping for the CLI (no React, no I/O). It answers one
+ * question for any tracked usage: WHERE was this model discovered? — filesystem,
+ * an env var, Vercel, Supabase Edge, an AWS Lambda / Bedrock / Secrets / SSM, a
+ * GitHub Actions config, Kubernetes, Helm, a SQL/config table, or added by hand.
+ *
+ * STORAGE: we DERIVE provenance with zero migration. Two non-secret signals that
+ * already reach + persist in the DB drive it:
+ *   (1) the scheme prefix every integration source stamps into `location_label`
+ *       (vercel://, supabase-edge://, aws-lambda://, aws-bedrock://, aws-secrets://,
+ *        aws-ssm://, github-actions://, env://, k8s://, helm://, sql://), and
+ *   (2) `discovered_by` (manual vs cli) for the prefix-less filesystem/manual case.
+ * The scheme prefix + the labels/badges below are NON-SECRET — we never surface a
+ * secret VALUE, so this keeps the redaction invariant intact.
+ *
+ * This file MUST stay byte-for-byte equivalent in keys/labels/badges to the web
+ * counterpart apps/web/lib/source-meta.ts — CLI↔web parity is the contract. */
+
+import { GLYPH, C } from "./ui.js";
+
+// scheme (from location_label `^scheme://`) → canonical source_type.
+// NOTE: the AWS Lambda source emits TWO schemes — `aws-lambda://` for an env var
+// found on a Lambda and `aws-bedrock://` for an enabled Bedrock foundation model —
+// so they map to DISTINCT source types. Likewise aws.js emits aws-secrets:// AND
+// aws-ssm://. An unknown/future scheme falls through to "filesystem" (safe default).
+const SCHEME_TO_SOURCE = {
+  vercel: "vercel",
+  "supabase-edge": "supabase-edge",
+  "aws-lambda": "aws-lambda",
+  "aws-bedrock": "aws-bedrock",
+  "aws-secrets": "aws-secrets",
+  "aws-ssm": "aws-ssm",
+  "github-actions": "github-actions",
+  env: "env",
+  k8s: "k8s",
+  helm: "helm",
+  sql: "sql",
+};
+
+/**
+ * Derive a usage's source_type from its persisted location_label + discovered_by.
+ *  - a known `scheme://` prefix → that scheme's source_type
+ *  - literal "manual" label OR discovered_by === "manual" → manual
+ *  - otherwise (plain repo path, discovered_by "cli", or empty) → filesystem
+ */
+export function sourceOf(locationLabel, discoveredBy) {
+  const label = String(locationLabel || "");
+  // Scheme allows digits (k8s://). Unknown scheme → falls through to filesystem.
+  const m = /^([a-z][a-z0-9-]*):\/\//.exec(label);
+  if (m && SCHEME_TO_SOURCE[m[1]]) return SCHEME_TO_SOURCE[m[1]];
+  if (label === "manual" || discoveredBy === "manual") return "manual";
+  return "filesystem";
+}
+
+// source_type → display metadata. `badge` is ≤8 chars (the inventory SOURCE
+// column width). `glyph`/`ascii` are a unicode/ASCII pair so the column degrades
+// on dumb terminals exactly like the rest of the TUI. Colors reuse the SAME hexes
+// as tui/views/integrations.js KIND_COLOR so the Sources tab + Inventory match.
+export const SOURCE_META = {
+  filesystem: { label: "Repo file", badge: "repo", glyph: GLYPH.dot, color: C.FG_DIM },
+  env: { label: "Env var", badge: "env", glyph: "=", color: C.FG_DIM },
+  vercel: { label: "Vercel env", badge: "vercel", glyph: GLYPH.retiring, color: C.FG_STRONG },
+  "supabase-edge": { label: "Supabase Edge", badge: "supabase", glyph: "~", color: "#3ecf8e" },
+  "aws-lambda": { label: "AWS Lambda", badge: "aws", glyph: "λ", ascii: "L", color: "#ff9900" },
+  "aws-bedrock": { label: "AWS Bedrock", badge: "bedrock", glyph: "λ", ascii: "L", color: "#ff9900" },
+  "aws-secrets": { label: "AWS Secrets", badge: "secrets", glyph: "λ", ascii: "L", color: "#ff9900" },
+  "aws-ssm": { label: "AWS SSM", badge: "ssm", glyph: "λ", ascii: "L", color: "#ff9900" },
+  "github-actions": { label: "GitHub Actions", badge: "github", glyph: "⎇", ascii: "gh", color: "#a78bfa" },
+  k8s: { label: "Kubernetes", badge: "k8s", glyph: "⎈", ascii: "k8s", color: "#326ce5" },
+  helm: { label: "Helm", badge: "helm", glyph: "⎈", ascii: "helm", color: "#0f6fd1" },
+  sql: { label: "SQL/config", badge: "sql", glyph: "▦", ascii: "sql", color: C.FG_DIM },
+  manual: { label: "Manual", badge: "manual", glyph: GLYPH.repl === "->" ? "+" : "✎", ascii: "+", color: C.FG_FAINT },
+};
+
+// Whether the GLYPH table is the ASCII fallback (MM_ASCII=1 / TERM=dumb). When it
+// is, prefer each meta's `ascii` variant for the non-ASCII-safe unicode glyphs
+// (λ/⎇/⎈/▦/✎). GLYPH.repl is "->" only in the ASCII table, so it's a stable probe.
+const ASCII = GLYPH.repl === "->";
+
+/** The terminal-safe glyph for a source_type (ASCII fallback when MM_ASCII). */
+export function sourceGlyph(sourceType) {
+  const meta = SOURCE_META[sourceType] || SOURCE_META.filesystem;
+  return ASCII && meta.ascii ? meta.ascii : meta.glyph;
+}

package/src/tui/views/inventory.js

@@ -10,6 +10,7 @@ import {
   relativeTime, envTag, cell, cellE, snippetLines, SPINNER, useTick, useAsync, clampCursor,
 } from "../ui.js";
 import { readSnippet, findSourceFile } from "../snippet.js";
+import { sourceOf, SOURCE_META, sourceGlyph } from "../source-meta.js";
 
 const ENV_ORDER = ["prod", "staging", "dev", "unknown"];
 
@@ -158,9 +159,13 @@ export function InventoryView({ client, ui, dir = ".", active, width = 78, heigh
   // ----- layout: left list pane + right detail drawer -----
   const drawerW = 34;
   const leftWidth = Math.max(24, width - drawerW - 2);
-  // left columns: glyph(2) + slug + sp(1) + env(7) + sp(1) + project; rail is col 1.
+  // left columns: glyph(2) + slug + sp(1) + env(7) + sp(1) + SOURCE + sp(1) + project.
+  // SOURCE is a fixed badge column on wide layouts, a 1-char glyph when tight, so it
+  // shrinks projW (which keeps a floor) rather than overflowing on narrow terminals.
   const ENV_W = 7;
-  const FIXED = 2 + 1 + ENV_W + 1; // glyph+sp, sp, env, sp
+  const wideSrc = leftWidth >= 70;
+  const SOURCE_W = wideSrc ? 8 : 1; // badge (≤8) vs glyph-only
+  const FIXED = 2 + 1 + ENV_W + 1 + SOURCE_W + 1; // glyph+sp, sp, env, sp, source, sp
   const slugW = Math.max(10, Math.floor((leftWidth - 1 - FIXED) * 0.5));
   const projW = Math.max(8, leftWidth - 1 - FIXED - slugW);
 
@@ -187,19 +192,24 @@ export function InventoryView({ client, ui, dir = ".", active, width = 78, heigh
   const header = h(
     Text,
     { color: C.FG_FAINT },
-    " " + cell("MODEL", 2 + slugW) + cell("ENV", 1 + ENV_W) + "PROJECT",
+    " " + cell("MODEL", 2 + slugW) + cell("ENV", 1 + ENV_W) + cell(wideSrc ? "SRC" : "S", SOURCE_W + 1) + "PROJECT",
   );
 
   const rowNodes = view.map((u, i) => {
     const isCur = start + i === c;
     const et = envTag(u.environment);
     const slug = u.model_display || u.custom_model_name || "?";
+    const st = sourceOf(u.location_label, u.discovered_by);
+    const meta = SOURCE_META[st];
+    const srcText = wideSrc ? meta.badge : sourceGlyph(st);
     const cells = [
       { text: `${healthGlyph(u.health)} `, color: healthColor(u.health) },
       { text: cellE(slug, slugW), color: isCur ? C.FG_STRONG : C.FG, bold: isCur },
       { text: " ", color: C.FG },
       { text: cell(et.text, ENV_W), color: et.color },
       { text: " ", color: C.FG },
+      { text: cell(srcText, SOURCE_W), color: meta.color },
+      { text: " ", color: C.FG },
       { text: cellE(projName(u.project_id), projW), color: C.FG_DIM },
     ];
     return h(ListRow, { key: u.id, active: isCur, cells, width: leftWidth });
@@ -242,6 +252,14 @@ export function InventoryView({ client, ui, dir = ".", active, width = 78, heigh
           h(Text, {}, h(Text, { color: C.FG_DIM }, "project "), h(Text, { color: C.FG }, projName(cur.project_id))),
           cur.source_repo ? h(Text, {}, h(Text, { color: C.FG_DIM }, "repo "), h(Text, { color: C.FG }, cur.source_repo)) : null,
           h(Text, {}, h(Text, { color: C.FG_DIM }, "where "), h(Text, { color: C.FG_DIM }, where)),
+          (() => {
+            // Human SOURCE label (derived from the location_label scheme prefix +
+            // discovered_by). The raw scheme stays in `where` (it's the locator);
+            // this is the friendly name, and `via <discovered_by>` below reads as a
+            // sub-detail. Non-secret — never surfaces a value.
+            const meta = SOURCE_META[sourceOf(cur.location_label, cur.discovered_by)];
+            return h(Text, {}, h(Text, { color: C.FG_DIM }, "source "), h(Text, { color: meta.color }, meta.label));
+          })(),
           rt && rt.text
             ? h(Text, {}, h(Text, { color: C.FG_DIM }, "retires "), h(Text, { color: rt.color, bold: rt.bold }, rt.text))
             : null,