@oscharko-dev/keiko-cli 0.2.0

package/dist/repair.js

@@ -0,0 +1,402 @@
+// `keiko repair` — an offline, deterministic remediation pass that fixes a broken or
+// half-installed local Keiko state so a user gets a working install without a full
+// reinstall. CLI-only surface; no model call, no network, no server change.
+//
+// Each check reports one of: `ok` (healthy), `would-fix`/`fixed` (a safe automatic
+// remediation), or `action` (needs a user step the command will not take for them).
+// Checks REUSE existing modules rather than reimplementing their logic:
+//   - stale UI pid + state-dir permissions via `state-paths.ts` / `lifecycle.ts` semantics
+//   - launcher record drift via `launcher-state.ts` (home-contained, content-hash verified)
+//   - build/install layout via `install-layout.ts`
+//   - stale global-vs-local launch path via `doctor.ts`
+//   - gateway config presence via `gateway-config.ts`
+//
+// Exit code: 0 when the system is healthy or every issue was repaired; 1 when an
+// `action` item remains (so scripts can detect "manual step required"). `--dry-run`
+// reports without changing anything and exits 1 if any issue (fixable or action) exists.
+import { chmodSync, existsSync, readFileSync, rmSync, statSync } from "node:fs";
+import { homedir as defaultHomedir } from "node:os";
+import { isAbsolute, join } from "node:path";
+import { collectDoctorReport } from "./doctor.js";
+import { resolvePreferredInstallLayout } from "./install-layout.js";
+import { resolveConfigPathFromArgs } from "./gateway-config.js";
+import { hashContent, loadState, removeEntry, saveState, } from "./launcher-state.js";
+import { RUNTIME_STATE_DIR_MODE, RUNTIME_STATE_FILE_MODE, classifyPid, defaultIsProcessAlive, inspectStateRoot, resolveStateDir, scanRuntimeState, } from "./state-paths.js";
+import { credentialStorePath, hasPlaintextGatewayCredentials, } from "@oscharko-dev/keiko-server/credential-vault";
+import { readLocalVaultReferences } from "@oscharko-dev/keiko-security/secret-vault";
+const USAGE = `Usage:
+  keiko repair [--state-dir PATH] [--config PATH] [--dry-run]
+
+Runs an offline diagnostic-and-repair pass over the local Keiko install:
+  - removes a stale UI pid file left by an unclean shutdown
+  - tightens the .keiko state directory permissions to 0o700
+  - tightens known Keiko-owned runtime artifacts (DBs, Evidence/QI, credential
+    vaults, sidecars) to owner-only 0o700/0o600 without touching customer files
+  - prunes launcher records whose shortcut files were deleted
+  - verifies the built CLI/UI assets and the launch path
+  - validates a configured model-gateway config file
+  - flags lingering plaintext credentials in the config
+
+Options:
+  --state-dir PATH  inspect this state directory instead of <cwd>/.keiko.
+  --config PATH     validate this model-gateway config file (else KEIKO_CONFIG_FILE).
+  --dry-run         report findings without changing anything.
+
+Exit code: 0 when the install is healthy or every issue was repaired; 1 when an item
+needs manual action (with --dry-run, also when a fixable item is found).
+`;
+function ok(name, detail) {
+    return { name, status: "ok", detail };
+}
+function fixed(name, detail) {
+    return { name, status: "fixed", detail };
+}
+function fixable(name, detail) {
+    return { name, status: "fixable", detail };
+}
+function action(name, detail) {
+    return { name, status: "action-required", detail };
+}
+function readFlagValue(args, index) {
+    const value = args[index + 1];
+    return value === undefined || value.startsWith("--") ? null : value;
+}
+function parseRepairArgs(args) {
+    let dryRun = false;
+    let stateDirArg;
+    for (let i = 0; i < args.length; i += 1) {
+        const arg = args[i];
+        if (arg === "--help" || arg === "-h")
+            return "help";
+        if (arg === "--dry-run")
+            dryRun = true;
+        else if (arg === "--state-dir" || arg === "--config") {
+            const value = readFlagValue(args, i);
+            if (value === null)
+                return null;
+            if (arg === "--state-dir")
+                stateDirArg = value;
+            i += 1;
+        }
+        else
+            return null;
+    }
+    return { dryRun, stateDirArg };
+}
+function checkStalePid(stateDir, isAlive, dryRun) {
+    const pidPath = join(stateDir, "ui.pid");
+    const probe = classifyPid(pidPath, isAlive);
+    if (probe.state === "absent")
+        return ok("UI process state", "no pid file recorded");
+    if (probe.state === "running")
+        return ok("UI process state", `running (pid ${String(probe.pid)})`);
+    if (dryRun)
+        return fixable("UI process state", `stale pid file (pid ${String(probe.pid)} not running)`);
+    rmSync(pidPath, { force: true });
+    return fixed("UI process state", `removed stale pid file (pid ${String(probe.pid)})`);
+}
+function checkStateDirPerms(stateDir, dryRun) {
+    if (!existsSync(stateDir))
+        return ok("State directory", "not present (created on next start)");
+    if (process.platform === "win32")
+        return ok("State directory", "permission check not applicable on Windows");
+    const mode = statSync(stateDir).mode & 0o777;
+    if (mode === 0o700)
+        return ok("State directory", "permissions are 0o700");
+    const observed = `0o${mode.toString(8)}`;
+    if (dryRun)
+        return fixable("State directory", `permissions ${observed} (expected 0o700)`);
+    chmodSync(stateDir, 0o700);
+    return fixed("State directory", `tightened permissions ${observed} -> 0o700`);
+}
+function stateRootRefusal(root) {
+    if (root.status === "symlink")
+        return action("State directory", `refusing to inspect symlinked state directory: ${root.absPath}`);
+    if (root.status === "not-directory")
+        return action("State directory", `refusing to inspect non-directory state path: ${root.absPath}`);
+    return undefined;
+}
+// Issue #1321: audit and tighten the permissions of EVERY Keiko-owned artifact under the
+// state directory — UI/Memory/Knowledge DBs and their WAL/SHM sidecars, Evidence/QI records,
+// the sealed credential vaults, config, and lifecycle/launcher files — not just the state
+// directory itself. The set is the allowlisted manifest in `state-paths.ts`; an unrecognized
+// customer file is never chmod-ed. Content-free: reports relative paths and octal modes only.
+const RUNTIME_STATE_LABEL = {
+    lifecycle: "lifecycle files",
+    launcher: "launcher state",
+    "ui-database": "UI database",
+    "gateway-config": "gateway config",
+    "credential-vault": "credential vault",
+    "memory-vault": "memory vault",
+    "local-knowledge": "Local Knowledge store",
+    evidence: "Evidence store",
+    "quality-intelligence": "Quality Intelligence store",
+};
+// Records every node not already at `targetMode`, applying the fix unless this is a dry-run.
+function tightenNodes(nodes, targetMode, dryRun, findings) {
+    for (const node of nodes) {
+        const mode = statSync(node.absPath).mode & 0o777;
+        if (mode === targetMode)
+            continue;
+        findings.push({
+            category: node.category,
+            relPath: node.relPath,
+            observed: `0o${mode.toString(8)}`,
+        });
+        if (!dryRun)
+            chmodSync(node.absPath, targetMode);
+    }
+}
+function summarizeLooseCategory(category, findings, dryRun) {
+    const matches = findings.filter((f) => f.category === category);
+    const example = matches[0];
+    const detail = `${String(matches.length)} ${RUNTIME_STATE_LABEL[category]} artifact(s) group/world-readable (e.g. ${example?.relPath ?? "?"} ${example?.observed ?? "?"})`;
+    const name = "Runtime state artifacts";
+    return dryRun ? fixable(name, detail) : fixed(name, detail);
+}
+function checkRuntimeStateArtifacts(stateDir, dryRun) {
+    if (process.platform === "win32") {
+        return [
+            ok("Runtime state artifacts", "POSIX permission normalization not applicable on Windows (NTFS ACLs govern access)"),
+        ];
+    }
+    const scan = scanRuntimeState(stateDir);
+    if (!scan.present)
+        return [ok("Runtime state artifacts", "state directory not present")];
+    const ownedCount = scan.files.length + scan.directories.length;
+    const refusedOwned = scan.retained.filter((r) => r.owned && (r.reason === "symlink" || r.reason === "hardlink"));
+    if (ownedCount === 0 && refusedOwned.length === 0) {
+        return [ok("Runtime state artifacts", "no Keiko-owned artifacts present")];
+    }
+    const findings = [];
+    tightenNodes(scan.directories, RUNTIME_STATE_DIR_MODE, dryRun, findings);
+    tightenNodes(scan.files, RUNTIME_STATE_FILE_MODE, dryRun, findings);
+    const results = [];
+    for (const category of new Set(findings.map((f) => f.category))) {
+        results.push(summarizeLooseCategory(category, findings, dryRun));
+    }
+    for (const entry of refusedOwned) {
+        const kind = entry.reason === "symlink" ? "symlink" : "hardlink";
+        results.push(action("Runtime state artifacts", `${kind} occupies a Keiko-owned path and was left untouched: ${entry.relPath}`));
+    }
+    if (results.length === 0) {
+        results.push(ok("Runtime state artifacts", `${String(ownedCount)} artifact(s) have owner-only permissions`));
+    }
+    return results;
+}
+function classifyLauncherEntry(entry) {
+    if (!existsSync(entry.path))
+        return "missing";
+    try {
+        return hashContent(readFileSync(entry.path, "utf8")) === entry.contentSha256
+            ? "ok"
+            : "modified";
+    }
+    catch {
+        return "modified";
+    }
+}
+function summarizeLauncher(state, stateDir, dryRun) {
+    let missing = 0;
+    let modified = 0;
+    let healthy = 0;
+    let next = state;
+    for (const entry of state.entries) {
+        const health = classifyLauncherEntry(entry);
+        if (health === "missing") {
+            missing += 1;
+            next = removeEntry(next, entry.path);
+        }
+        else if (health === "modified")
+            modified += 1;
+        else
+            healthy += 1;
+    }
+    if (modified > 0)
+        return action("Launcher records", `${String(modified)} shortcut(s) modified — run \`keiko launcher remove\` then re-install`);
+    if (missing === 0)
+        return ok("Launcher records", `${String(healthy)} shortcut(s) verified`);
+    if (dryRun)
+        return fixable("Launcher records", `${String(missing)} dangling record(s) for deleted shortcut(s)`);
+    saveState(stateDir, next);
+    return fixed("Launcher records", `pruned ${String(missing)} dangling record(s)`);
+}
+function checkLauncherRecords(stateDir, homedir, io, dryRun) {
+    const state = loadState(stateDir, {
+        homedir,
+        onWarn: (msg) => {
+            io.err(msg);
+        },
+    });
+    if (state.entries.length === 0)
+        return ok("Launcher records", "no shortcuts recorded");
+    return summarizeLauncher(state, stateDir, dryRun);
+}
+function checkInstallLayout(cwd, env) {
+    // The UI static export is what `keiko start` / `keiko ui` serve. The bin shim exports
+    // KEIKO_UI_STATIC_ROOT for the running install (so a global install resolves even when
+    // run outside a project), while a local checkout/install resolves via
+    // resolvePreferredInstallLayout. Either reachable -> ok.
+    const staticRoot = env.KEIKO_UI_STATIC_ROOT ?? process.env.KEIKO_UI_STATIC_ROOT;
+    if (typeof staticRoot === "string" &&
+        staticRoot.length > 0 &&
+        existsSync(join(staticRoot, "index.html")))
+        return ok("Install layout", "UI static export present");
+    if (resolvePreferredInstallLayout(cwd) !== undefined)
+        return ok("Install layout", "built CLI and UI assets present");
+    return action("Install layout", "UI assets not found — reinstall `npm install @oscharko-dev/keiko` or rebuild `npm run build`");
+}
+function checkLaunchPath(cwd, argv) {
+    const report = collectDoctorReport({ cwd, argv });
+    if (report.warning === undefined)
+        return ok("Launch path", "no stale-launch mismatch detected");
+    return action("Launch path", report.warning.split("\n")[0] ?? "stale launch path detected (see `keiko doctor`)");
+}
+function checkGatewayConfig(args, env) {
+    const resolution = resolveConfigPathFromArgs(args, env);
+    if (resolution.kind === "not-configured")
+        return ok("Gateway config", "no config file configured (set up on first run)");
+    if (resolution.kind === "missing-value")
+        return action("Gateway config", "--config flag is missing its value");
+    if (!existsSync(resolution.path))
+        return action("Gateway config", `configured file not found: ${resolution.path}`);
+    try {
+        JSON.parse(readFileSync(resolution.path, "utf8"));
+    }
+    catch {
+        return action("Gateway config", `configured file is not valid JSON: ${resolution.path}`);
+    }
+    return ok("Gateway config", `valid JSON at ${resolution.path}`);
+}
+// Issue #1320: detect an unmigrated or partially migrated config — one that still holds a plaintext
+// provider apiKey or Figma accessToken. Credentials must live in encrypted local storage, with only
+// non-secret references in the JSON file; `keiko ui` performs the one-time, crash-aware migration, so
+// lingering plaintext here is the signal that a migration never ran or was interrupted.
+function defaultLocalGatewayConfigPath(env, homedir) {
+    const dataDir = env.KEIKO_UI_DATA_DIR;
+    if (dataDir !== undefined && dataDir.length > 0 && isAbsolute(dataDir)) {
+        return join(dataDir, "keiko.config.json");
+    }
+    return join(homedir, ".keiko", "keiko.config.json");
+}
+function credentialConfigPath(args, env, defaultConfigPath) {
+    const resolution = resolveConfigPathFromArgs(args, env);
+    if (resolution.kind === "path") {
+        return resolution.path;
+    }
+    if (resolution.kind === "not-configured") {
+        return defaultConfigPath;
+    }
+    return undefined;
+}
+function checkCredentialStorage(args, env, defaultConfigPath) {
+    const configPath = credentialConfigPath(args, env, defaultConfigPath);
+    if (configPath === undefined || !existsSync(configPath)) {
+        return ok("Credential storage", "no config file to inspect");
+    }
+    let raw;
+    try {
+        raw = JSON.parse(readFileSync(configPath, "utf8"));
+    }
+    catch {
+        // Invalid JSON is already reported by the gateway-config check; avoid a duplicate action item.
+        return ok("Credential storage", "config not parseable (reported above)");
+    }
+    if (hasPlaintextGatewayCredentials(raw)) {
+        return action("Credential storage", "plaintext credentials present in config — start `keiko ui` to migrate them into encrypted storage");
+    }
+    const orphaned = orphanedSecretRefs(raw, configPath);
+    if (orphaned > 0) {
+        return action("Credential storage", `${String(orphaned)} credential reference(s) have no encrypted entry — incomplete or interrupted migration; start \`keiko ui\` to complete it`);
+    }
+    return ok("Credential storage", "no plaintext credentials in config");
+}
+// Counts provider `apiKeySecretRef` values in the config that have no matching entry in the encrypted
+// credential vault — the signature of an interrupted migration or a deleted/corrupt vault store.
+// Reads only the non-secret reference index (no vault key resolution, no decryption).
+function orphanedSecretRefs(raw, configPath) {
+    if (typeof raw !== "object" || raw === null)
+        return 0;
+    const providers = raw.providers;
+    if (!Array.isArray(providers))
+        return 0;
+    const refs = providers
+        .map((provider) => typeof provider === "object" && provider !== null
+        ? provider.apiKeySecretRef
+        : undefined)
+        .filter((ref) => typeof ref === "string" && ref.length > 0);
+    if (refs.length === 0)
+        return 0;
+    const vaulted = new Set(readLocalVaultReferences(credentialStorePath(configPath)));
+    return refs.filter((ref) => !vaulted.has(ref)).length;
+}
+function resolveDeps(deps) {
+    return {
+        cwd: deps.cwd ?? process.cwd(),
+        argv: deps.argv ?? process.argv,
+        homedir: deps.homedir ?? defaultHomedir,
+        isProcessAlive: deps.isProcessAlive ?? defaultIsProcessAlive,
+    };
+}
+const TAG = {
+    ok: "ok",
+    fixed: "fixed",
+    fixable: "would-fix",
+    "action-required": "action",
+};
+function reportResults(io, results) {
+    io.out("Keiko repair\n");
+    for (const r of results) {
+        io.out(`  [${TAG[r.status]}] ${r.name}: ${r.detail}\n`);
+    }
+}
+function exitCodeFor(results, dryRun) {
+    const hasAction = results.some((r) => r.status === "action-required");
+    const hasFixable = results.some((r) => r.status === "fixable");
+    if (dryRun)
+        return hasAction || hasFixable ? 1 : 0;
+    return hasAction ? 1 : 0;
+}
+export function runRepairCli(args, io, env, deps = {}) {
+    const parsed = parseRepairArgs(args);
+    if (parsed === "help") {
+        io.out(USAGE);
+        return 0;
+    }
+    if (parsed === null) {
+        io.err(USAGE);
+        return 2;
+    }
+    const resolved = resolveDeps(deps);
+    const stateDir = resolveStateDir(resolved.cwd, env, parsed.stateDirArg);
+    const defaultConfigPath = defaultLocalGatewayConfigPath(env, resolved.homedir());
+    const stateRoot = inspectStateRoot(stateDir);
+    const stateRootAction = stateRootRefusal(stateRoot);
+    const stateResults = stateRootAction === undefined
+        ? [
+            checkStalePid(stateDir, resolved.isProcessAlive, parsed.dryRun),
+            checkStateDirPerms(stateDir, parsed.dryRun),
+            ...checkRuntimeStateArtifacts(stateDir, parsed.dryRun),
+            checkLauncherRecords(stateDir, resolved.homedir(), io, parsed.dryRun),
+        ]
+        : [stateRootAction];
+    const results = [
+        ...stateResults,
+        checkInstallLayout(resolved.cwd, env),
+        checkLaunchPath(resolved.cwd, resolved.argv),
+        checkGatewayConfig(args, env),
+        checkCredentialStorage(args, env, defaultConfigPath),
+    ];
+    reportResults(io, results);
+    const code = exitCodeFor(results, parsed.dryRun);
+    io.out(summaryMessage(results, code));
+    return code;
+}
+function summaryMessage(results, code) {
+    if (code === 0)
+        return "\nKeiko repair: system is healthy.\n";
+    if (results.some((r) => r.status === "action-required"))
+        return "\nKeiko repair: review the items marked `action` above.\n";
+    // dry-run with only fixable items: nothing needs manual action, the fixes are pending.
+    return "\nKeiko repair: run `keiko repair` (without --dry-run) to apply the fixes above.\n";
+}

package/dist/run.d.ts

@@ -0,0 +1,10 @@
+import { type EnvSource } from "@oscharko-dev/keiko-model-gateway";
+import { type ModelPort } from "@oscharko-dev/keiko-harness";
+import { type EvidenceStore } from "@oscharko-dev/keiko-evidence";
+import type { CliIo } from "./runner.js";
+export interface RunDeps {
+    readonly store?: EvidenceStore | undefined;
+    readonly model?: ModelPort | undefined;
+}
+export declare function runAgentCli(args: readonly string[], io: CliIo, env?: EnvSource, deps?: RunDeps): Promise<number>;
+//# sourceMappingURL=run.d.ts.map

package/dist/run.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../src/run.ts"],"names":[],"mappings":"AAUA,OAAO,EAQL,KAAK,SAAS,EACf,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAoC,KAAK,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAQ/F,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,8BAA8B,CAAC;AAGtC,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAyBzC,MAAM,WAAW,OAAO;IACtB,QAAQ,CAAC,KAAK,CAAC,EAAE,aAAa,GAAG,SAAS,CAAC;IAC3C,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,GAAG,SAAS,CAAC;CACxC;AA4PD,wBAAsB,WAAW,CAC/B,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,EAAE,EAAE,KAAK,EACT,GAAG,GAAE,SAAc,EACnB,IAAI,GAAE,OAAY,GACjB,OAAO,CAAC,MAAM,CAAC,CAsCjB"}

package/dist/run.js

@@ -0,0 +1,269 @@
+// `keiko run` — the dry-run task command. It builds an AgentSession with the configured model
+// gateway and a dry-run tool port (provider call is real, tools are non-mutating) and renders the
+// HarnessEvent stream to CliIo. Since ADR-0010 it ALSO writes a redacted evidence manifest by
+// default (evidence is the product value): a tee EventSink forwards every event to BOTH a
+// MemoryEventSink (which retains raw content to assemble the replay manifest) and the existing
+// CliEventSink (whose summarisers never print sensitive fields). After the run resolves, the audit
+// layer builds + redacts + persists the manifest and the EvidenceReport is printed. Writing is on by
+// default; --no-evidence disables it, --evidence-dir relocates it. Tests inject an in-memory
+// EvidenceStore via deps so no write ever touches the repository tree.
+import { ConfigInvalidError, Gateway, GatewayError, assertConfiguredModel, redact, resolveCostClass, selectConfiguredModel, } from "@oscharko-dev/keiko-model-gateway";
+import { DryRunToolPort, GatewayModelPort } from "@oscharko-dev/keiko-harness";
+import { createSession, HARNESS_VERSION } from "@oscharko-dev/keiko-harness";
+import { CliEventSink, MemoryEventSink } from "@oscharko-dev/keiko-harness";
+import { DEFAULT_LIMITS } from "@oscharko-dev/keiko-harness";
+import { persistEvidence } from "@oscharko-dev/keiko-evidence";
+import { renderEvidenceReport } from "@oscharko-dev/keiko-evidence";
+import { createNodeEvidenceStore, resolveEvidenceDir, } from "@oscharko-dev/keiko-evidence";
+import { AuditError } from "@oscharko-dev/keiko-evidence";
+import { loadGatewayConfigFromFile } from "./gateway-config.js";
+const TASK_TYPES = new Set([
+    "generate-unit-tests",
+    "investigate-bug",
+    "explain-plan",
+]);
+const USAGE = `Usage:
+  keiko run explain-plan --file PATH [--question TEXT]
+  keiko run generate-unit-tests --file PATH [--function NAME]
+  keiko run investigate-bug --description TEXT [--file PATH]
+
+  Evidence flags (a redacted manifest is written by default):
+    --no-evidence            Do not write an evidence manifest.
+    --evidence-dir PATH      Write evidence under PATH (default $KEIKO_EVIDENCE_DIR or ./.keiko/evidence).
+    --include-reasoning      Include redacted reasoning entries in the manifest.
+    --include-diff           Include the redacted proposed diff in the manifest.
+    --config PATH            Gateway config file (or set KEIKO_CONFIG_FILE).
+    --model MODEL_ID         Configured model id to use.
+
+All tasks run in dry-run mode for tools/files: a patch is proposed as an event, never written to disk.
+`;
+function flag(args, name) {
+    const i = args.indexOf(name);
+    if (i === -1) {
+        return undefined;
+    }
+    const value = args[i + 1];
+    return value === undefined || value.startsWith("--") ? undefined : value;
+}
+function parseEvidenceFlags(args) {
+    return {
+        write: !args.includes("--no-evidence"),
+        evidenceDirFlag: flag(args, "--evidence-dir"),
+        includeReasoning: args.includes("--include-reasoning"),
+        includeDiff: args.includes("--include-diff"),
+        model: flag(args, "--model"),
+        config: flag(args, "--config"),
+    };
+}
+function parseTask(taskType, args) {
+    const file = flag(args, "--file");
+    if (taskType === "explain-plan") {
+        if (file === undefined) {
+            return null;
+        }
+        return { taskType, input: { filePath: file, question: flag(args, "--question") } };
+    }
+    if (taskType === "generate-unit-tests") {
+        if (file === undefined) {
+            return null;
+        }
+        return { taskType, input: { filePath: file, targetFunction: flag(args, "--function") } };
+    }
+    const description = flag(args, "--description");
+    if (description === undefined) {
+        return null;
+    }
+    return { taskType, input: { description, filePaths: file === undefined ? undefined : [file] } };
+}
+// Forwards each event to every wrapped sink. retainsRawContent is true so the harness emits raw
+// SENSITIVE fields — required for the MemoryEventSink's faithful replay manifest. The CliEventSink
+// summarisers never print those fields, and the audit layer redacts before anything is persisted.
+function teeSink(sinks) {
+    return {
+        retainsRawContent: true,
+        emit: (event) => {
+            const redacted = redactEventForNonRetainingSink(event);
+            for (const sink of sinks) {
+                sink.emit(sink.retainsRawContent === true ? event : redacted);
+            }
+        },
+    };
+}
+function redactEventForNonRetainingSink(event) {
+    if (event.type === "run:failed") {
+        return redactRunFailedEvent(event);
+    }
+    if (event.type === "run:completed") {
+        return redactRunCompletedEvent(event);
+    }
+    if (event.type === "reasoning:trace") {
+        return redactReasoningTraceEvent(event);
+    }
+    if (event.type === "run:cancelled" && event.reason !== undefined) {
+        return { ...event, reason: redact(event.reason) };
+    }
+    if (event.type === "model:call:failed" || event.type === "tool:call:failed") {
+        return { ...event, message: redact(event.message) };
+    }
+    if (event.type === "patch:proposed")
+        return { ...event, diff: redact(event.diff) };
+    if (event.type === "verification:result")
+        return { ...event, detail: redact(event.detail) };
+    return event;
+}
+function redactRunFailedEvent(event) {
+    return {
+        ...event,
+        failure: {
+            ...event.failure,
+            message: redact(event.failure.message),
+            ...(event.failure.detail === undefined ? {} : { detail: redact(event.failure.detail) }),
+        },
+    };
+}
+function redactRunCompletedEvent(event) {
+    return {
+        ...event,
+        report: redact(event.report),
+        ...(event.patchDiff === undefined ? {} : { patchDiff: redact(event.patchDiff) }),
+    };
+}
+function redactReasoningTraceEvent(event) {
+    return {
+        ...event,
+        rationale: redact(event.rationale),
+        ...(event.modelResponse === undefined ? {} : { modelResponse: redact(event.modelResponse) }),
+    };
+}
+function seedFor(task, result, modelId) {
+    return {
+        runId: result.runId,
+        fingerprint: result.fingerprint,
+        harnessVersion: HARNESS_VERSION,
+        taskType: task.taskType,
+        taskInput: task,
+        limits: DEFAULT_LIMITS,
+        modelId,
+        workingDirectory: ".",
+        dryRun: true,
+        startedAt: new Date(result.startedAt).toISOString(),
+    };
+}
+// Persists the evidence manifest. This is a system boundary (filesystem write), so try/catch is
+// correct here (CLAUDE.md): on any failure — typed AuditError or otherwise — print a REDACTED
+// message and return exit 1 rather than rejecting out of runAgentCli as an unhandled rejection (C3).
+// Returns undefined on success so the caller falls through to the run-outcome exit code.
+function writeEvidence(result, memory, task, ctx, io, modelId) {
+    try {
+        const manifest = memory.collectManifest(seedFor(task, result, modelId));
+        const store = ctx.deps.store ??
+            createNodeEvidenceStore(resolveEvidenceDir(ctx.flags.evidenceDirFlag, ctx.env));
+        const out = persistEvidence({
+            result,
+            manifest,
+            options: {
+                includeReasoning: ctx.flags.includeReasoning,
+                includeDiff: ctx.flags.includeDiff,
+            },
+        }, { store, env: ctx.env, costClassResolver: resolveCostClass });
+        io.out(renderEvidenceReport(out.report));
+        return undefined;
+    }
+    catch (error) {
+        const detail = error instanceof AuditError ? error.message : redact(String(error));
+        io.err(`keiko run: failed to write evidence: ${detail}\n`);
+        return 1;
+    }
+}
+function configuredModelId(flags, env) {
+    const path = flags.config ?? env.KEIKO_CONFIG_FILE;
+    if (path === undefined) {
+        return flags.model;
+    }
+    const config = loadGatewayConfigFromFile(path, env);
+    if (flags.model !== undefined) {
+        assertConfiguredModel(config, flags.model);
+        return flags.model;
+    }
+    return selectConfiguredModel(config, { kind: "chat" });
+}
+function resolveModel(flags, io, env, deps) {
+    try {
+        if (deps.model !== undefined) {
+            const modelId = configuredModelId(flags, env);
+            if (modelId === undefined) {
+                io.err("Error: no model id available; pass --model MODEL_ID for injected test runs.\n");
+                return 1;
+            }
+            return { port: deps.model, modelId };
+        }
+        const path = flags.config ?? env.KEIKO_CONFIG_FILE;
+        if (path === undefined) {
+            throw new ConfigInvalidError("no config source; pass --config PATH or set KEIKO_CONFIG_FILE");
+        }
+        const config = loadGatewayConfigFromFile(path, env);
+        if (flags.model !== undefined) {
+            assertConfiguredModel(config, flags.model);
+        }
+        const modelId = flags.model ?? selectConfiguredModel(config, { kind: "chat" });
+        if (modelId === undefined) {
+            io.err("Error: no configured chat model is available.\n");
+            return 1;
+        }
+        return { port: new GatewayModelPort(new Gateway(config)), modelId };
+    }
+    catch (error) {
+        if (error instanceof GatewayError) {
+            io.err(`Error: model gateway configuration problem — ${redact(error.message)}\n` +
+                `Provide a gateway config with --config PATH or KEIKO_CONFIG_FILE.\n`);
+            return 1;
+        }
+        throw error;
+    }
+}
+function outcomeToExitCode(result, io) {
+    if (result.outcome === "completed") {
+        io.out(`run ${result.runId} completed (fingerprint ${result.fingerprint})\n`);
+        return 0;
+    }
+    if (result.outcome === "cancelled") {
+        io.err(`run ${result.runId} cancelled\n`);
+        return 1;
+    }
+    const category = result.failure?.category ?? "HARNESS_INTERNAL";
+    const message = redact(result.failure?.message ?? "");
+    io.err(`run ${result.runId} ${result.outcome} [${category}]: ${message}\n`);
+    return 1;
+}
+export async function runAgentCli(args, io, env = {}, deps = {}) {
+    const taskType = args[0];
+    if (taskType === undefined || !TASK_TYPES.has(taskType)) {
+        io.err(taskType === undefined ? USAGE : `keiko run: unknown task type: ${taskType}\n${USAGE}`);
+        return 2;
+    }
+    const task = parseTask(taskType, args.slice(1));
+    if (task === null) {
+        io.err(`keiko run: missing required argument for ${taskType}.\n${USAGE}`);
+        return 2;
+    }
+    const flags = parseEvidenceFlags(args);
+    const model = resolveModel(flags, io, env, deps);
+    if (typeof model === "number") {
+        return model;
+    }
+    const memory = new MemoryEventSink();
+    const config = { model: model.modelId, workingDirectory: ".", dryRun: true };
+    const session = createSession(task, config, {
+        model: model.port,
+        tools: new DryRunToolPort(),
+        sink: teeSink([memory, new CliEventSink(io)]),
+    });
+    const result = await session.result;
+    if (flags.write) {
+        const evidenceFailure = writeEvidence(result, memory, task, { flags, env, deps }, io, model.modelId);
+        if (evidenceFailure !== undefined) {
+            return evidenceFailure;
+        }
+    }
+    return outcomeToExitCode(result, io);
+}