@mutmutco/cli 2.40.3 → 2.41.0

package/dist/main.cjs

@@ -5678,7 +5678,16 @@ async function secretsCapabilities(deps, opts) {
     return;
   }
   if (!res.ok) {
-    deps.err(await upgradeMessage(res) ?? `access capabilities failed: HTTP ${res.status}${await readErr(res)}`);
+    const upgrade = await upgradeMessage(res);
+    if (upgrade) {
+      deps.err(upgrade);
+    } else if (res.status === 404) {
+      deps.err(
+        "access capabilities: the Hub API did not recognize /secrets/capabilities (HTTP 404). This endpoint ships in the Hub, so a 404 means the deployed Hub predates this command and should answer once a Hub release carrying this command is deployed \u2014 it is not an authorization or missing-credential error."
+      );
+    } else {
+      deps.err(`access capabilities failed: HTTP ${res.status}${await readErr(res)}`);
+    }
     return;
   }
   const report = await res.json();
@@ -6152,7 +6161,6 @@ function buildIngestPayload(args) {
 }
 
 // src/honcho-client.ts
-var HONCHO_ASSISTANT_PEER = "assistant";
 function parseHonchoQueueStatus(json) {
   const o = json && typeof json === "object" ? json : {};
   const pendingRaw = o.pending_work_units ?? o.depth ?? o.queue_depth ?? o.pending;
@@ -6205,9 +6213,9 @@ async function ingestPost(cfg, body, fetchImpl = fetch, timeoutMs = 1e4) {
     const session = String(body.session ?? "");
     const meta = body.meta && typeof body.meta === "object" ? body.meta : {};
     const rawMessages = Array.isArray(body.messages) ? body.messages : [];
-    const messages = rawMessages.filter((m) => m && typeof m.content === "string" && m.content.trim().length > 0).map((m) => ({
+    const messages = rawMessages.filter((m) => m && m.role === "user" && typeof m.content === "string" && m.content.trim().length > 0).map((m) => ({
       content: m.content,
-      peer_id: m.role === "user" ? peer : HONCHO_ASSISTANT_PEER,
+      peer_id: peer,
       metadata: { role: m.role, ...meta }
     }));
     if (!peer || !session || !messages.length) return { ok: true, threw: false, status: 204 };
@@ -6216,7 +6224,8 @@ async function ingestPost(cfg, body, fetchImpl = fetch, timeoutMs = 1e4) {
     if (res.status === 404) {
       const ensured = await request(cfg, fetchImpl, "POST", honchoRoutes.sessions(cfg.workspace), {
         id: session,
-        peers: { [peer]: {}, [HONCHO_ASSISTANT_PEER]: {} }
+        peers: { [peer]: {} }
+        // only the human peer — assistant turns are no longer ingested (#1775)
       }, timeoutMs);
       if (!ensured.ok && ensured.status !== 409) {
         if (ensured.status >= 500) return { ok: false, threw: true, message: `honcho session-ensure ${ensured.status}` };
@@ -6366,7 +6375,7 @@ function spawnHonchoFlush() {
   } catch {
   }
 }
-var DEFAULT_INGEST_MIN_INTERVAL_SEC = 60;
+var DEFAULT_INGEST_MIN_INTERVAL_SEC = 300;
 function honchoThrottlePath(key) {
   const safe = (s) => s.replace(/[^A-Za-z0-9._-]/g, "_");
   return `.mmi/head-ts/honcho/${safe(key.project)}/${safe(key.branch)}`;
@@ -6398,7 +6407,12 @@ async function resolveSummaryText(summary, messageFile) {
   }
   return "";
 }
+function isAutomatedSession(env = process.env) {
+  const v = env.GITHUB_ACTIONS;
+  return !!v && v !== "false" && v !== "0";
+}
 async function runHonchoIngest(opts) {
+  if (isAutomatedSession()) return;
   const cfg = await loadConfig();
   const peer = honchoPeerId(await honchoLogin(cfg), cfg);
   if (!peer) return;
@@ -9672,6 +9686,44 @@ function buildPrArgs({ title, body, base: base2, head, repo }) {
   return args;
 }
 
+// src/issue-check.ts
+var CHECKLIST_RE = /^([ \t]*[-*+] \[)([ xX])(\] )(.*)$/gm;
+function findChecklistItems(body) {
+  const items = [];
+  for (const m of body.matchAll(CHECKLIST_RE)) {
+    const prefix = m[1];
+    const marker = m[2];
+    const text = m[4].replace(/\r$/, "");
+    items.push({
+      markerIndex: (m.index ?? 0) + prefix.length,
+      checked: marker.toLowerCase() === "x",
+      text
+    });
+  }
+  return items;
+}
+function selectChecklistItem(items, query) {
+  const q = query.trim();
+  if (!q) return { ok: false, reason: "not-found" };
+  const exact = items.filter((it) => it.text.trim() === q);
+  if (exact.length === 1) return { ok: true, item: exact[0] };
+  if (exact.length > 1) return { ok: false, reason: "ambiguous", matches: exact };
+  const sub = items.filter((it) => it.text.includes(q));
+  if (sub.length === 1) return { ok: true, item: sub[0] };
+  if (sub.length === 0) return { ok: false, reason: "not-found" };
+  return { ok: false, reason: "ambiguous", matches: sub };
+}
+function setChecklistMarker(body, item, checked) {
+  if (item.checked === checked) return { body, changed: false };
+  const target = checked ? "x" : " ";
+  return { body: body.slice(0, item.markerIndex) + target + body.slice(item.markerIndex + 1), changed: true };
+}
+function applyChecklistCheck(body, query, checked) {
+  const sel = selectChecklistItem(findChecklistItems(body), query);
+  if (!sel.ok) return sel;
+  return { ok: true, edit: setChecklistMarker(body, sel.item, checked), item: sel.item };
+}
+
 // src/command-manifest.ts
 function buildArgument(arg) {
   const out = { name: arg.name(), required: arg.required, variadic: arg.variadic };
@@ -11913,8 +11965,8 @@ function stageLiveUpSteps(t) {
       command: `gh ${ghDispatchArgs("tenant-deploy.yml", { slug: t.slug, repo: t.repo, ref: t.ref ?? "<branch>", stage: "dev" }).join(" ")}`
     },
     {
-      label: "record your IP as the dev allowlist (box writes /opt/mmi/<slug>/dev/allowlist + reloads Caddy)",
-      command: `gh ${ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "allow-ip", ip: "<your ip>" }).join(" ")}`
+      label: `gate ${t.host} to your IP at the Cloudflare edge (ephemeral firewall_custom skip rule)`,
+      command: `gh ${ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "cf-gate-allow", host: t.host, ip: "<your ip>" }).join(" ")}`
     },
     { label: "tear down when done", command: "mmi-cli stage --live --down --apply" }
   ];
@@ -11926,8 +11978,8 @@ function stageLiveDownSteps(t) {
       command: `gh ${ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "stop" }).join(" ")}`
     },
     {
-      label: "clear the dev allowlist (the stage goes dark even if restarted)",
-      command: `gh ${ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "allow-ip", ip: "clear" }).join(" ")}`
+      label: "remove the Cloudflare edge gate (the stage goes dark even if restarted)",
+      command: `gh ${ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "cf-gate-clear", host: t.host }).join(" ")}`
     }
   ];
 }
@@ -11935,8 +11987,9 @@ async function runStageLiveUp(deps, t) {
   if (!t.ref?.trim()) throw new Error("stage --live: cannot resolve the current branch to deploy");
   const ip = (await deps.detectIp()).trim();
   if (!validStageLiveIp(ip)) throw new Error(`stage --live: detected public IP is not a literal IPv4/IPv6 address: "${ip.slice(0, 80)}"`);
+  if (!t.host?.trim()) throw new Error("stage --live: cannot resolve the dev edge host (registry edgeDomains.dev)");
   await deps.run("gh", ghDispatchArgs("tenant-deploy.yml", { slug: t.slug, repo: t.repo, ref: t.ref, stage: "dev" }));
-  await deps.run("gh", ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "allow-ip", ip }));
+  await deps.run("gh", ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "cf-gate-allow", host: t.host, ip }));
   return {
     command: "stage --live",
     mode: "up",
@@ -11945,19 +11998,20 @@ async function runStageLiveUp(deps, t) {
     ref: t.ref,
     ip,
     dispatched: ["tenant-deploy.yml", "tenant-control.yml"],
-    message: `dispatched the dev deploy of ${t.ref} and the allowlist update for ${ip}; watch the runs in ${STAGE_LIVE_HUB_REPO} Actions \u2014 tear down with: mmi-cli stage --live --down --apply`
+    message: `dispatched the dev deploy of ${t.ref} and the Cloudflare edge gate for ${t.host} \u2192 ${ip}; watch the runs in ${STAGE_LIVE_HUB_REPO} Actions \u2014 tear down with: mmi-cli stage --live --down --apply`
   };
 }
 async function runStageLiveDown(deps, t) {
+  if (!t.host?.trim()) throw new Error("stage --live: cannot resolve the dev edge host (registry edgeDomains.dev)");
   await deps.run("gh", ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "stop" }));
-  await deps.run("gh", ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "allow-ip", ip: "clear" }));
+  await deps.run("gh", ghDispatchArgs("tenant-control.yml", { slug: t.slug, stage: "dev", action: "cf-gate-clear", host: t.host }));
   return {
     command: "stage --live",
     mode: "down",
     slug: t.slug,
     repo: t.repo,
     dispatched: ["tenant-control.yml", "tenant-control.yml"],
-    message: `dispatched the dev stop and allowlist clear for ${t.slug}; the dev stage is dark until the next mmi-cli stage --live --apply`
+    message: `dispatched the dev stop and the Cloudflare edge gate clear for ${t.host}; the dev stage is dark until the next mmi-cli stage --live --apply`
   };
 }
 
@@ -15240,6 +15294,9 @@ async function upsertProject(slug, patch, deps) {
 async function attestAppGaps(slug, repo, deps) {
   return postJson(`/projects/${encodeURIComponent(slug)}/attest-app`, { repo }, deps);
 }
+async function setDeployCoords(slug, payload, deps) {
+  return postJson(`/projects/${encodeURIComponent(slug)}/deploy`, payload, deps);
+}
 async function tenantControl(payload, deps) {
   return postJson("/tenant-control", payload, deps, "POST", { noRetry: true });
 }
@@ -15634,7 +15691,7 @@ ${section}`.trim();
 }
 
 // src/project-set.ts
-var UNSET_KEYS = ["oauth", "requiredRuntimeSecrets", "edgeDomains", "requiredGcpApis", "publishRequired", "publishDir", "dashboard", "ci", "requiredChecks", "gate"];
+var UNSET_KEYS = ["oauth", "requiredRuntimeSecrets", "edgeDomains", "requiredGcpApis", "publishRequired", "publishDir", "dashboard", "fofuEnabled", "ci", "requiredChecks", "gate"];
 var UNSET_KEY_SET = new Set(UNSET_KEYS);
 var RUNTIME_SECRET_STAGES = ["dev", "rc", "main"];
 function parseRuntimeSecretsVar(raw) {
@@ -15798,6 +15855,11 @@ function parseDashboardVar(raw) {
   if (raw === "false") return false;
   throw new Error("project set: dashboard must be true or false");
 }
+function parseFofuEnabledVar(raw) {
+  if (raw === "true") return true;
+  if (raw === "false") return false;
+  throw new Error("project set: fofuEnabled must be true or false");
+}
 function parsePublishDirVar(raw) {
   const v = raw.trim();
   if (v === "" || v === ".") {
@@ -15860,6 +15922,7 @@ var SETTABLE_VAR_KEYS = [
   "publishRequired",
   "publishDir",
   "dashboard",
+  "fofuEnabled",
   "requiredGcpApis",
   "requiredRuntimeSecrets",
   "edgeDomains",
@@ -15878,6 +15941,7 @@ var SETTABLE_VAR_HINTS = {
   publishRequired: "true|false",
   publishDir: "relative subpath, e.g. packages/ui",
   dashboard: "true|false",
+  fofuEnabled: "true|false",
   repos: 'JSON array, e.g. ["mutmutco/mm-foo"]',
   oauth: "JSON {subdomains,domains,callbackPath}",
   requiredGcpApis: "comma-string",
@@ -15953,6 +16017,8 @@ function buildProjectSetPatch(input) {
       patch[key] = parsePublishRequiredVar(raw);
     } else if (key === "dashboard") {
       patch[key] = parseDashboardVar(raw);
+    } else if (key === "fofuEnabled") {
+      patch[key] = parseFofuEnabledVar(raw);
     } else if (key === "publishDir") {
       patch[key] = parsePublishDirVar(raw);
     } else if (key === "ci") {
@@ -15981,6 +16047,54 @@ function buildProjectSetPatch(input) {
   }
   return patch;
 }
+var DEPLOY_SUBSTRATES = ["hetzner-ssh"];
+var DEPLOY_STAGES = ["dev", "rc", "main"];
+var DEPLOY_DOMAIN_RE = /^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+$/;
+var DEPLOY_SHELL_SAFE_RE = /^[A-Za-z0-9./:_?&=%-]*$/;
+function buildSetDeployPatch(slug, input) {
+  const clean4 = (v) => typeof v === "string" && v.trim() !== "" ? v.trim() : void 0;
+  const stage2 = clean4(input.stage);
+  if (!stage2 || !DEPLOY_STAGES.includes(stage2)) {
+    throw new Error(`project set-deploy: --stage must be one of: ${DEPLOY_STAGES.join(", ")}`);
+  }
+  const substrate = clean4(input.substrate) ?? "hetzner-ssh";
+  if (!DEPLOY_SUBSTRATES.includes(substrate)) {
+    throw new Error(`project set-deploy: --substrate must be one of: ${DEPLOY_SUBSTRATES.join(", ")}`);
+  }
+  const sshHost = clean4(input.sshHost);
+  if (substrate === "hetzner-ssh" && !sshHost) {
+    throw new Error("project set-deploy: hetzner-ssh requires --ssh-host");
+  }
+  const sshUser = clean4(input.sshUser) ?? "root";
+  const deployPath = clean4(input.deployPath) ?? `/opt/mmi/${slug}/${stage2}`;
+  const serviceName = clean4(input.service) ?? slug;
+  for (const [label, v] of [["--ssh-host", sshHost], ["--ssh-user", sshUser], ["--deploy-path", deployPath], ["--service", serviceName]]) {
+    if (v !== void 0 && !DEPLOY_SHELL_SAFE_RE.test(v)) throw new Error(`project set-deploy: ${label} contains unsafe characters`);
+  }
+  let port;
+  if (input.port !== void 0 && input.port !== null && `${input.port}`.trim() !== "") {
+    port = Number(input.port);
+    if (!Number.isInteger(port) || port < 1 || port > 65535) throw new Error("project set-deploy: --port must be an integer 1..65535");
+  }
+  const domain = clean4(input.domain);
+  if (domain !== void 0 && !DEPLOY_DOMAIN_RE.test(domain)) throw new Error(`project set-deploy: --domain must be a DNS hostname, got ${JSON.stringify(input.domain)}`);
+  const aliases = (Array.isArray(input.aliases) ? input.aliases : []).map((a) => clean4(a)).filter((a) => a !== void 0);
+  for (const a of aliases) {
+    if (!DEPLOY_DOMAIN_RE.test(a)) throw new Error(`project set-deploy: --alias must be a DNS hostname, got ${JSON.stringify(a)}`);
+  }
+  const uniqueAliases = [...new Set(aliases)];
+  return {
+    stage: stage2,
+    substrate,
+    sshHost,
+    sshUser,
+    deployPath,
+    serviceName,
+    ...domain !== void 0 ? { domain } : {},
+    ...port !== void 0 ? { port } : {},
+    ...uniqueAliases.length ? { aliases: uniqueAliases } : {}
+  };
+}
 function repoFromRemoteUrl(remoteUrl) {
   const m = remoteUrl.trim().match(/^(?:[a-z][a-z0-9+.-]*:\/\/)?(?:[^@\s/]+@)?github\.com[:/]([^/\s:]+)\/([^/\s]+?)(?:\.git)?\/?$/i);
   return m ? `${m[1]}/${m[2]}` : void 0;
@@ -17729,7 +17843,7 @@ deploys run centrally (tenant-deploy.yml); product repos carry no deploy files.
   }
 });
 project.command("resolve <owner/repo>").description("deploy coords for a stage \u2014 for diagnosis. NOTE: /deploy-coords is OIDC-gated (a deploy job\u2019s id-token), so a gh-token CLI cannot read it from a dev machine").option("--stage <main|rc>", "deploy stage", "main").option("--json", "machine-readable output").action((_repoOrRepo, o) => {
-  const msg = "project resolve: deploy coords are served only to a deploy workflow (GitHub OIDC id-token, repo-scoped). A gh-token CLI on a dev machine cannot read /deploy-coords; inspect the DEPLOY# item via the AWS console / a master DDB read instead.";
+  const msg = "project resolve: deploy coords are served only to a deploy workflow (GitHub OIDC id-token, repo-scoped). A gh-token CLI on a dev machine cannot read /deploy-coords; inspect the DEPLOY# item via a master registry (DDB) read instead.";
   if (o.json) {
     console.log(JSON.stringify({ ok: false, stage: o.stage, error: msg }));
     process.exitCode = 1;
@@ -17829,6 +17943,34 @@ project.command("set [owner/repo]").description("upsert project META (idempotent
   const res = await upsertProject(slug, { ...patch, repo }, registryClientDeps(cfg));
   return reportWrite("project set", res);
 });
+project.command("set-deploy [owner/repo]").description("write the DEPLOY#<stage> Hetzner deploy coords for a tenant (master-only) \u2014 the explicit-coords path that seeds a freshly-bootstrapped tenant; defaults to the current repo").requiredOption("--stage <stage>", "dev | rc | main").option("--ssh-host <host>", "the box address the deploy ssh-es into (required for hetzner-ssh)").option("--ssh-user <user>", "ssh user (default root)").option("--port <port>", "loopback port the container binds / Caddy upstream (1..65535)").option("--substrate <substrate>", "hetzner-ssh (default)").option("--deploy-path <path>", "on-box per-stage release root (default /opt/mmi/<slug>/<stage>)").option("--service <name>", "systemd/compose service name (default the slug)").option("--domain <domain>", "canonical serving host (default the project edgeDomains[stage])").option("--alias <domain...>", "extra serving hostname the box Caddy answers (repeatable)").option("--json", "machine-readable output").action(async (repoOrSlug, o) => {
+  const cfg = await loadConfig();
+  let target;
+  try {
+    target = await projectTarget("project set-deploy", repoOrSlug);
+  } catch (e) {
+    return fail(e.message);
+  }
+  const slug = slugOf(target);
+  let body;
+  try {
+    body = buildSetDeployPatch(slug, {
+      stage: o.stage,
+      sshHost: o.sshHost,
+      sshUser: o.sshUser,
+      port: o.port,
+      substrate: o.substrate,
+      deployPath: o.deployPath,
+      service: o.service,
+      domain: o.domain,
+      aliases: o.alias
+    });
+  } catch (e) {
+    return fail(e.message);
+  }
+  const res = await setDeployCoords(slug, body, registryClientDeps(cfg));
+  return reportWrite("project set-deploy", res);
+});
 var registry = program2.command("registry").description("the DDB org registry \u2014 org-level constants");
 registry.command("org").description("the org config (account id, region, orgProjectId, sagaApiUrl)").option("--json", "machine-readable output").action(async (_o) => {
   const cfg = await loadConfig();
@@ -18011,6 +18153,46 @@ issue.command("link-child <parent> <child>").description("link an existing issue
     return fail(`issue link-child: ${(err.stderr || err.message || String(e)).trim()}${note ? ` (${note})` : ""}`);
   }
 });
+issue.command("check <ref>").description("tick (or with --off untick) a task-list checkbox in an issue/epic body by its item text and print {number,repo,item,checked,changed} JSON").requiredOption("--item <text>", "the checklist item to match \u2014 exact item text, else a unique substring").option("--off", "untick the item ([x] \u2192 [ ]) instead of ticking it").option("--repo <owner/repo>", "repo for a bare ref (defaults to the current repo)").action(async (ref, o) => {
+  let parsed;
+  try {
+    parsed = parseIssueRef(ref);
+  } catch (e) {
+    return fail(`issue check: ${e.message}`);
+  }
+  const repo = await resolveRepo(parsed.repo ?? o.repo);
+  if (!repo) return fail("issue check: could not resolve repo \u2014 pass --repo owner/repo");
+  const checked = o.off !== true;
+  let body;
+  try {
+    const viewed = await ghJson(["issue", "view", String(parsed.number), "--repo", repo, "--json", "body"]);
+    body = viewed.body ?? "";
+  } catch (e) {
+    return fail(`issue check: could not read ${repo}#${parsed.number}: ${e.message}`);
+  }
+  const result = applyChecklistCheck(body, o.item, checked);
+  if (!result.ok) {
+    if (result.reason === "ambiguous") {
+      const list = result.matches.map((m) => `  - ${m.text}`).join("\n");
+      return fail(`issue check: "${o.item}" matches ${result.matches.length} checklist items in ${repo}#${parsed.number} \u2014 narrow the text:
+${list}`);
+    }
+    return fail(`issue check: no checklist item matching "${o.item}" in ${repo}#${parsed.number}`);
+  }
+  if (!result.edit.changed) {
+    return console.log(JSON.stringify({ number: parsed.number, repo, item: result.item.text, checked, changed: false }));
+  }
+  const edit = await bodyArgsViaFile(["issue", "edit", String(parsed.number), "--repo", repo, "--body", result.edit.body]);
+  try {
+    await execFileP2("gh", edit.args, { timeout: GH_MUTATION_TIMEOUT_MS });
+  } catch (e) {
+    const note = timeoutKillNote(e, GH_MUTATION_TIMEOUT_MS);
+    return fail(`issue check: edit failed for ${repo}#${parsed.number}: ${e.message}${note ? ` (${note})` : ""}`);
+  } finally {
+    await edit.cleanup();
+  }
+  console.log(JSON.stringify({ number: parsed.number, repo, item: result.item.text, checked, changed: true }));
+});
 program2.command("report").description("file a friction report on the Hub board (GitHub auth, dedups open reports) and print {number,url} JSON").option("--title <title>", "one-line friction summary").option("--title-file <path|->", "read the friction summary from a UTF-8 file, or from stdin with -").option("--body <body>", "report body (markdown)").option("--body-file <path|->", "read report body from a UTF-8 file, or from stdin with -").option("--type <type>", "bug | feature | task (sets the matching label)", "task").option("--priority <priority>", "urgent | high | medium | low (sets the board Priority field only, #416)", "medium").option("--repo <owner/repo>", `target repo (defaults to the org Hub: ${HUB_REPO2})`).option("--force", "file a new issue even when an open report looks like a duplicate").option("--json", "machine-readable output (already the default \u2014 report always prints JSON; #682)").action(async (o) => {
   let body;
   let priority;
@@ -18831,7 +19013,11 @@ async function stageLiveTarget() {
   const repo = await resolveRepo();
   if (!repo) throw new Error("stage --live: cannot resolve the current repo (run inside a GitHub-remoted checkout)");
   const ref = await gitOut(["rev-parse", "--abbrev-ref", "HEAD"]).catch(() => "") || void 0;
-  return { slug: slugOf(repo), repo, ref };
+  const slug = slugOf(repo);
+  const meta = await fetchProjectBySlug(slug, registryClientDeps(await loadConfig())).catch(() => null);
+  const host = edgeDomainsByStage(meta).dev ?? `dev.${defaultSubdomain(slug)}.mutatismutandis.co`;
+  if (!host.trim()) throw new Error(`stage --live: no dev edge host for ${slug} (registry edgeDomains.dev)`);
+  return { slug, repo, host, ref };
 }
 async function runStageLiveCommand(o) {
   let target;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mutmutco/cli",
-  "version": "2.40.3",
+  "version": "2.41.0",
   "description": "MMI Future CLI — delivers the org rules (whole-file), plus saga and KB access. The cross-IDE engine the plugin's SessionStart hook drives.",
   "type": "module",
   "license": "UNLICENSED",