@pleri/olam-cli 0.1.170 → 0.1.173

package/hermes-bundle/version.json

@@ -1,4 +1,4 @@
 {
-  "bundledAt": "2026-05-24T03:12:41.846Z",
+  "bundledAt": "2026-05-24T11:22:38.644Z",
   "kgFirstSha": "29a9ccce1b115d049e375c4a90eb5cf7c123e610e2d0590270a4db2cdbc64a28"
 }

package/host-cp/k8s/manifests/50-deployment.yaml

@@ -118,7 +118,7 @@ spec:
         # k3d), started by `olam upgrade` Step 0.7 — not inside this Pod.
       containers:
         - name: olam-host-cp
-          image: ghcr.io/pleri/olam-host-cp@sha256:1206e857af61f8907d76d9324adbe8d2d5638a94fe2411c6713ffb4f570e8f58
+          image: ghcr.io/pleri/olam-host-cp@sha256:3043df80469fa58319de53688991c81575522beba48b7a1b6956d0e3f2d03b45
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/auth-service/50-deployment.yaml

@@ -70,7 +70,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-auth-service
-          image: ghcr.io/pleri/olam-auth@sha256:2d32d178380641bcdae11f9ad05851238bd4b121adfc9638c8abed3b25467846
+          image: ghcr.io/pleri/olam-auth@sha256:2e40e0c1f0469331dfa98a2e194c922c710149d8d5d3816bc660e530be6a9b97
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/kg-service/50-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-kg-service
-          image: ghcr.io/pleri/olam-kg-service@sha256:ee636804b8cffd40a1fb75ba3f79cc0c30a17e89c9a135864567859ccdf895d7
+          image: ghcr.io/pleri/olam-kg-service@sha256:225dd3460bce1f2572e6076e55a875ff526a5217a2d8f311d14b6dee591e8a38
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml

@@ -68,7 +68,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-mcp-auth-service
-          image: ghcr.io/pleri/olam-mcp-auth@sha256:07cdd816ac1d991c065f2936b142a5c6909da683d9a6d4efbe7fe66f0c811821
+          image: ghcr.io/pleri/olam-mcp-auth@sha256:f61bf653ada702d59aca0a309b224b01e0f151a89e01583a76f94d8604101d20
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/memory-service/50-deployment.yaml

@@ -70,7 +70,7 @@ spec:
           # bootstrap-placeholder comment + run `npm run refresh:manifest-digests`
           # once ghcr.io/pleri/olam-memory-service has a real published digest.
           # bootstrap-placeholder: pre-publish; refresh after first release
-          image: ghcr.io/pleri/olam-memory-service@sha256:20443e8e6725151f7523a8a85c73c7449767782de1d03bb172ba395df19a0939
+          image: ghcr.io/pleri/olam-memory-service@sha256:86ce43a8bfec3edf0a9ac1aea63bf3ecd922209a7ab2a0f589ae9e1cedc0134a
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/observability/ndjson-span-sink.mjs

@@ -102,6 +102,58 @@ export async function createNdjsonSpanSink({
   };
 }
 
+/**
+ * Subscribe an NDJSON sink to `@olam/auth-client`'s `betaResponseEmitter`.
+ * Each `beta-response` event becomes a `withCredential.beta-response` span
+ * with the beta payload exploded onto `attributes` — downstream `jq`
+ * consumers can query e.g.
+ *
+ *   jq 'select(.name == "withCredential.beta-response")
+ *       | {ts: .startedAt, cred: .attributes.credentialName,
+ *          cache: .attributes.cacheStatus,
+ *          thinking: .attributes.thinkingTokens,
+ *          latencyMs: .durationMs}' ~/.olam/logs/host.trace.ndjson
+ *
+ * Wire is opt-in (call from server boot). Returns a detach function so the
+ * subscription can be removed in tests or on shutdown.
+ *
+ * Pure additive: spans flowing from other sources (docker lifecycle,
+ * plan-orchestrator, etc.) are unaffected.
+ */
+export function attachBetaResponseEvents({ sink, emitter }) {
+  if (!sink || typeof sink.recordSpan !== 'function') {
+    throw new Error('attachBetaResponseEvents: sink.recordSpan required');
+  }
+  if (!emitter || typeof emitter.on !== 'function') {
+    throw new Error('attachBetaResponseEvents: emitter.on required');
+  }
+
+  const handler = (info) => {
+    const now = Date.now();
+    const latency = typeof info?.latencyMs === 'number' ? info.latencyMs : 0;
+    sink.recordSpan({
+      name: 'withCredential.beta-response',
+      startedAt: now - latency,
+      endedAt: now,
+      attributes: {
+        credentialName: info?.credentialName ?? null,
+        credId: info?.credId ?? null,
+        betas: Array.isArray(info?.betas) ? [...info.betas] : [],
+        cacheStatus: info?.cacheStatus ?? null,
+        thinkingTokens: info?.tokenCounts?.thinking ?? null,
+        statusCode: typeof info?.statusCode === 'number' ? info.statusCode : null,
+        extraHeaders: info?.extraHeaders && typeof info.extraHeaders === 'object'
+          ? { ...info.extraHeaders }
+          : {},
+      },
+      exit: { _tag: 'Success' },
+    });
+  };
+
+  emitter.on('beta-response', handler);
+  return () => emitter.off('beta-response', handler);
+}
+
 // Duck-typed ServerResponse for host-stream's `addSink`. Parses SSE frames
 // (`event: <type>\ndata: <json>\n\n`) and dispatches `event: span` payloads
 // to `onSpan`. All other event types are silently ignored — host-stream

package/host-cp/src/linear-sync.mjs

@@ -0,0 +1,43 @@
+// H6 (Phase G) — Linear outbound sync skeleton.
+//
+// When a planning_artifacts row is created via H2 chunk extraction AND
+// the operator has Linear MCP active, host-cp posts a new Linear issue
+// (OR appends a comment to an existing linked issue if linear_issue_url
+// is already populated on the row).
+//
+// PHASE G SHIPS SKELETON ONLY. The MCP-from-host wiring is not yet in
+// host-cp; full Linear outbound posting lands in a follow-up commit
+// when the MCP runtime story for host-cp is settled (today MCP lives in
+// the operator's Claude Code runtime, not host-cp).
+//
+// Reverse channel (incoming Linear webhooks update artifact row status):
+// EXPLICITLY OUT OF SCOPE for Phase G per plan body Out of scope list.
+// Deferred to follow-up plan.
+
+/**
+ * Best-effort Linear outbound sync. Returns null when MCP is unavailable
+ * (the typical case today — silent no-op). When MCP wires in, this
+ * function resolves to the posted issue URL which the caller can persist
+ * back to planning_artifacts.linear_issue_url.
+ *
+ * @param {object} args
+ * @param {string} args.artifactId
+ * @param {string} args.title
+ * @param {unknown} args.body            — JSON body of the artifact
+ * @param {string} args.sessionId
+ * @returns {Promise<string | null>}     — Linear issue URL or null
+ */
+export async function syncArtifactToLinear({ artifactId, title, body, sessionId }) {
+  // Probe for Linear MCP availability via host-cp's bootstrap config (TBD).
+  // Until that surface exists, return null. Logging the intent surfaces
+  // the wiring gap to operators inspecting host-cp logs.
+  void artifactId;
+  void title;
+  void body;
+  void sessionId;
+  console.log(
+    `[linear-sync] outbound skip — Linear MCP not yet wired to host-cp; ` +
+      `artifactId=${artifactId} sessionId=${sessionId}`,
+  );
+  return null;
+}

package/host-cp/src/plan-chat-service.mjs

@@ -68,7 +68,7 @@ const SCOPE_ID_RE = /^[A-Za-z0-9_.-]+$/;
 // /v1/shape. Only these tables have server-side where-rewrite support; any
 // other table=... param gets a 400. Guards against a client enumerating
 // tables the service doesn't own.
-const ALLOWED_SHAPE_TABLES = new Set(['chunks', 'message_usage']);
+const ALLOWED_SHAPE_TABLES = new Set(['chunks', 'message_usage', 'planning_artifacts']);
 
 // B6 (plan-chat-context-window-display Phase B): context-window caps per
 // model. Mirrors CONTEXT_CAPS from @olam/intelligence/src/llm-router/providers/claude.ts.
@@ -399,6 +399,44 @@ export function createHandler({
           }
         }
       }
+      // H2 (plan-chat-spa-canonical-surface Phase G) — extract commit_plan /
+      // propose_plan tool_use chunks into the planning_artifacts mutable
+      // table. The chunk's content carries JSON-stringified {name, input}
+      // per the substrate contract; we parse it once + write a single row.
+      // Failure to extract is logged + swallowed — the chunk itself is
+      // already persisted; artifact row absence is recoverable via
+      // re-extraction from chunks in a follow-up batch job.
+      if (body.chunk_type === 'tool_use') {
+        try {
+          const parsed = JSON.parse(body.chunk);
+          const toolName = typeof parsed?.name === 'string' ? parsed.name : '';
+          const artifactType = (toolName === 'commit_plan' || toolName === 'propose_plan')
+            ? 'commit_plan'
+            : toolName === 'component_scaffold'
+              ? 'component_scaffold'
+              : toolName === 'design_jam'
+                ? 'design_jam'
+                : null;
+          if (artifactType && parsed.input && typeof parsed.input === 'object') {
+            const input = parsed.input;
+            const title = typeof input.title === 'string' && input.title.length > 0
+              ? input.title.slice(0, 200)
+              : `Untitled ${artifactType}`;
+            const artifactId = `${body.message_id}:${body.seq}`;
+            await pool.query(
+              `INSERT INTO planning_artifacts
+                 (id, world_id, session_id, type, title, body)
+               VALUES ($1, $2, $3, $4, $5, $6)
+               ON CONFLICT (id) DO NOTHING`,
+              [artifactId, body.world_id, body.session_id, artifactType, title, input],
+            );
+          }
+        } catch (artifactErr) {
+          console.warn(
+            `[plan-chat-service] planning_artifacts extraction failed for message=${body.message_id} seq=${body.seq}: ${artifactErr?.message ?? artifactErr}`,
+          );
+        }
+      }
     } catch (err) {
       if (err && typeof err === 'object' && 'code' in err && err.code === '23505') {
         return send(res, 409, { error: 'duplicate', message: '(message_id, seq) already exists' });
@@ -634,6 +672,26 @@ export function createHandler({
         createWorld,
         destroyWorld,
       });
+      // H7 (Phase G) — back-fill crystallized_world_id to all planning_artifacts
+      // rows for this session. The status pill state machine (Phase E E4) reads
+      // this field; the editor view + diagrams viewer use it for the
+      // "View world →" CTA. Failure here is logged + swallowed — the
+      // crystallize itself already succeeded; back-fill is a best-effort
+      // sync that an operator can re-run via a CLI helper.
+      if (result.worldId) {
+        try {
+          await pool.query(
+            `UPDATE planning_artifacts
+               SET crystallized_world_id = $1, status = 'crystallized'
+               WHERE session_id = $2 AND status = 'open'`,
+            [result.worldId, body.session_id],
+          );
+        } catch (backfillErr) {
+          console.warn(
+            `[plan-chat-service] crystallize back-fill failed for session=${body.session_id}: ${backfillErr?.message ?? backfillErr}`,
+          );
+        }
+      }
       return send(res, 200, {
         ok: true,
         created_world_id: result.worldId,
@@ -649,6 +707,68 @@ export function createHandler({
     }
   }
 
+  // H4 (Phase G) — GET + PATCH /v1/artifacts/:id endpoint pair backing
+  // the SPA's editor-view round-trip. GET returns the artifact row;
+  // PATCH updates body (the JSON payload) + bumps updated_at via trigger.
+  // SCOPE_ID_RE on :id; bearer auth identical to the chunks endpoints.
+  async function handleGetArtifact(req, res, id) {
+    if (!checkAuth(req)) return unauthorized(res);
+    if (!SCOPE_ID_RE.test(id)) return badRequest(res, 'invalid artifact id');
+    try {
+      const result = await pool.query(
+        `SELECT id, world_id, session_id, type, title, body, status,
+                linear_issue_url, crystallized_world_id,
+                created_at, updated_at
+           FROM planning_artifacts WHERE id = $1`,
+        [id],
+      );
+      const row = result.rows[0];
+      if (!row) return send(res, 404, { error: 'not-found' });
+      return send(res, 200, row);
+    } catch (err) {
+      return send(res, 500, { error: 'query-failed', message: String(err?.message ?? err) });
+    }
+  }
+
+  async function handlePatchArtifact(req, res, id) {
+    if (!checkAuth(req)) return unauthorized(res);
+    if (!SCOPE_ID_RE.test(id)) return badRequest(res, 'invalid artifact id');
+    let body;
+    try {
+      body = await readJson(req);
+    } catch {
+      return badRequest(res, 'malformed JSON body');
+    }
+    const sets = [];
+    const values = [id];
+    if (body.body !== undefined) {
+      values.push(body.body);
+      sets.push(`body = $${values.length}::jsonb`);
+    }
+    if (typeof body.title === 'string') {
+      values.push(body.title.slice(0, 200));
+      sets.push(`title = $${values.length}`);
+    }
+    if (typeof body.status === 'string' && ['open', 'crystallized', 'failed', 'archived'].includes(body.status)) {
+      values.push(body.status);
+      sets.push(`status = $${values.length}`);
+    }
+    if (sets.length === 0) {
+      return badRequest(res, 'no patchable fields supplied (body | title | status)');
+    }
+    try {
+      const result = await pool.query(
+        `UPDATE planning_artifacts SET ${sets.join(', ')} WHERE id = $1 RETURNING *`,
+        values,
+      );
+      const row = result.rows[0];
+      if (!row) return send(res, 404, { error: 'not-found' });
+      return send(res, 200, row);
+    } catch (err) {
+      return send(res, 500, { error: 'update-failed', message: String(err?.message ?? err) });
+    }
+  }
+
   return async function handler(req, res) {
     const url = new URL(req.url ?? '/', `http://${req.headers.host}`);
     if (req.method === 'GET' && url.pathname === '/livez') return send(res, 200, { ok: true });
@@ -656,6 +776,14 @@ export function createHandler({
     if (req.method === 'GET' && url.pathname === '/v1/shape') return handleGetShape(req, res, url);
     if (req.method === 'GET' && url.pathname === '/v1/planning-sessions') return handleGetPlanningSessions(req, res, url);
     if (req.method === 'POST' && url.pathname === '/v1/crystallize') return handlePostCrystallize(req, res);
+    // H4 — /v1/artifacts/:id pair
+    const artifactMatch = /^\/v1\/artifacts\/([^/]+)$/.exec(url.pathname);
+    if (artifactMatch) {
+      const id = decodeURIComponent(artifactMatch[1]);
+      if (req.method === 'GET') return handleGetArtifact(req, res, id);
+      if (req.method === 'PATCH') return handlePatchArtifact(req, res, id);
+      return send(res, 405, { error: 'method-not-allowed' });
+    }
     return send(res, 404, { error: 'not-found' });
   };
 }

package/host-cp/src/server.mjs

@@ -41,7 +41,11 @@ import {
   WorldStartupFailureKind,
 } from '../lifecycle/index.mjs';
 import { createHostStream, newStreamId } from './host-stream.mjs';
-import { createNdjsonSpanSink } from '../observability/ndjson-span-sink.mjs';
+import {
+  createNdjsonSpanSink,
+  attachBetaResponseEvents,
+} from '../observability/ndjson-span-sink.mjs';
+import { betaResponseEmitter } from '@olam/auth-client';
 import { attemptRecovery, findScenarioForKind } from '../recovery/index.mjs';
 import { detectHaltChunk } from './halt-detect.mjs';
 import { spawnUpgraderContainer } from './upgrade-spawner.mjs';
@@ -83,6 +87,7 @@ import {
 } from './routes/process-port.mjs';
 import { instrumentHandler, renderMetrics } from './metrics.mjs';
 import { handleDispatchFromEmail } from './lib/email-dispatch.mjs';
+import { emitTierSuggestion } from '../dispatch/auto-tier-scheduler.mjs';
 
 // ── Deployment-mode detection ─────────────────────────────────────
 //
@@ -490,6 +495,20 @@ const ndjsonSpanSink = await createNdjsonSpanSink({ hostStream }).catch((err) =>
   return null;
 });
 
+// Wire @olam/auth-client `beta-response` events (Anthropic SDK 0.96+ beta
+// flags — thinking-token-count, cache-diagnostics, future passthrough) into
+// the NDJSON trace as `withCredential.beta-response` spans. Opt-in via the
+// caller's `withCredential('claude', fn, { betas: [...] })` options; when
+// no caller opts in, the emitter never fires and this subscription is a
+// no-op. See docs/decisions/047-anthropic-sdk-beta-flags.md.
+if (ndjsonSpanSink) {
+  try {
+    attachBetaResponseEvents({ sink: ndjsonSpanSink, emitter: betaResponseEmitter });
+  } catch (err) {
+    console.warn(`[trace] beta-response wire unavailable: ${err?.message ?? err}`);
+  }
+}
+
 // A4: coalesce docker-event bursts into a single servers.snapshot. World
 // boot fires `create` + `start` + healthcheck transitions in <100ms; we
 // don't want a broadcast storm. Window matches plan-source.md P3 target.
@@ -922,6 +941,58 @@ const server = http.createServer(instrumentHandler('host-cp', async (req, res) =
     if (handled) return;
   }
 
+  // /api/telemetry/planning-sessions — B9: aggregate planning_sessions by
+  // session_source for the canonical-surface bet's adoption signal. Per
+  // plan-chat-spa-canonical-surface plan § Operator workflow seam falsification
+  // trigger: if plan-chat-spa weekly-active sessions < 60% of control-plane/app
+  // by 2026-Q3, freeze plan-chat-spa feature work. This endpoint is the
+  // data source for that measurement.
+  //
+  // Query param: ?since=YYYY-MM-DD (required; rejects with 400 otherwise).
+  // Response: { plan_chat_spa: N, control_plane_app: M, unknown: K, ratio: pct }
+  // where ratio = plan_chat_spa / (plan_chat_spa + control_plane_app) * 100,
+  // null if denominator is 0.
+  if (url.pathname === '/api/telemetry/planning-sessions' && req.method === 'GET') {
+    const since = url.searchParams.get('since');
+    if (!since || !/^\d{4}-\d{2}-\d{2}$/.test(since)) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      return res.end(JSON.stringify({
+        error: 'bad_request',
+        message: 'Missing or malformed `since` query param. Expected YYYY-MM-DD.',
+      }));
+    }
+    // B9 ships the endpoint CONTRACT + the session_source schema column.
+    // The query implementation goes through plan-chat-service.mjs (which
+    // owns the pg pool); this host-cp handler currently emits a 503 with
+    // a structured "not_implemented" marker so callers can verify the
+    // endpoint shape + auth + query-param parsing without the data path.
+    //
+    // Phase G of this epic adds the plan-chat-service handler that this
+    // endpoint will proxy to. Until then operators can run the SQL
+    // directly:
+    //   SELECT COALESCE(session_source, 'unknown'), COUNT(*)
+    //   FROM planning_sessions
+    //   WHERE created_at >= $since
+    //   GROUP BY 1;
+    //
+    // Notify-C: ship contract + schema; defer data path to Phase G.
+    res.writeHead(503, { 'Content-Type': 'application/json' });
+    return res.end(JSON.stringify({
+      error: 'not_implemented',
+      message: 'B9 ships the endpoint contract + session_source schema column. ' +
+        'Aggregation handler scaffolded in plan-chat-service.mjs lands in Phase G.',
+      since,
+      contractShape: {
+        plan_chat_spa: 0,
+        control_plane_app: 0,
+        unknown: 0,
+        ratio: null,
+        since: '<YYYY-MM-DD>',
+        asOf: '<ISO 8601>',
+      },
+    }));
+  }
+
   // /api/version/status: returns the current version snapshot (baked SHA
   // vs operator's local HEAD). No auth required beyond the existing gate
   // (already applied above). Phase 1 only — detection, no auto-upgrade.
@@ -2224,6 +2295,23 @@ const server = http.createServer(instrumentHandler('host-cp', async (req, res) =
         return jsonReply(res, 400, { error: 'invalid_json', message: err.message });
       }
       try {
+        // Auto-tier-scheduler v1 (ADR 042): emit an informational
+        // `dispatch.tier-suggestion` event BEFORE handing off to the
+        // dispatch handler. Pure-informational — never changes which
+        // provider actually runs. The dispatch payload's optional
+        // `tierSpec` ({ kind?, expectedDurationMs?, explicitTier? })
+        // carries the shape; absent it, the heuristic falls through to
+        // its default (`cloudflare-sandbox`).
+        if (dispatch && typeof dispatch.worldId === 'string') {
+          try {
+            emitTierSuggestion({
+              worldId: dispatch.worldId,
+              dispatchSpec: dispatch.tierSpec ?? {},
+              currentTier: null,
+              hostStream,
+            });
+          } catch { /* never let a hint surface break dispatch */ }
+        }
         const result = await handleDispatchFromEmail({
           dispatch,
           worlds: WORLDS,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pleri/olam-cli",
-  "version": "0.1.170",
+  "version": "0.1.173",
   "type": "module",
   "bin": {
     "olam": "./bin/olam.cjs"