@topogram/cli 0.3.42 → 0.3.44

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@topogram/cli",
-  "version": "0.3.42",
+  "version": "0.3.44",
   "description": "Topogram CLI for checking Topogram workspaces and generating app bundles.",
   "license": "Apache-2.0",
   "repository": {

package/src/cli.js

@@ -219,6 +219,7 @@ function printUsage(options = {}) {
   console.log("   or: topogram generator show <id-or-package> [--json]");
   console.log("   or: topogram generator check <path-or-package> [--json]");
   console.log("   or: topogram generator policy init [path] [--json]");
+  console.log("   or: topogram generator policy status [path] [--json]");
   console.log("   or: topogram generator policy check [path] [--json]");
   console.log("   or: topogram generator policy explain [path] [--json]");
   console.log("   or: topogram generator policy pin [package@version] [path] [--json]");
@@ -586,6 +587,7 @@ function printGeneratorHelp() {
   console.log("   or: topogram generator show <id-or-package> [--json]");
   console.log("   or: topogram generator check <path-or-package> [--json]");
   console.log("   or: topogram generator policy init [path] [--json]");
+  console.log("   or: topogram generator policy status [path] [--json]");
   console.log("   or: topogram generator policy check [path] [--json]");
   console.log("   or: topogram generator policy explain [path] [--json]");
   console.log("   or: topogram generator policy pin [package@version] [path] [--json]");
@@ -607,6 +609,7 @@ function printGeneratorHelp() {
   console.log("  topogram generator check ./generator-package");
   console.log("  topogram generator check @scope/topogram-generator-web --json");
   console.log("  topogram generator policy init");
+  console.log("  topogram generator policy status --json");
   console.log("  topogram generator policy check --json");
   console.log("  topogram generator policy pin @topogram/generator-react-web@1");
 }
@@ -1586,9 +1589,270 @@ function effectiveGeneratorPolicy(policyInfo) {
   };
 }
 
+/**
+ * @param {string} filePath
+ * @returns {any|null}
+ */
+function readJsonIfPresent(filePath) {
+  if (!fs.existsSync(filePath)) {
+    return null;
+  }
+  try {
+    return JSON.parse(fs.readFileSync(filePath, "utf8"));
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * @param {Record<string, any>|null} projectPackage
+ * @param {string} packageName
+ * @returns {{ field: string|null, spec: string|null }}
+ */
+function dependencySpecForPackage(projectPackage, packageName) {
+  const dependencyFields = ["dependencies", "devDependencies", "optionalDependencies", "peerDependencies"];
+  for (const field of dependencyFields) {
+    const dependencies = projectPackage?.[field];
+    if (dependencies && typeof dependencies === "object" && typeof dependencies[packageName] === "string") {
+      return {
+        field,
+        spec: dependencies[packageName]
+      };
+    }
+  }
+  return {
+    field: null,
+    spec: null
+  };
+}
+
+/**
+ * @param {Record<string, any>|null} lockfile
+ * @param {string} packageName
+ * @returns {{ version: string|null, resolved: string|null, integrity: string|null, entryPath: string|null }}
+ */
+function npmLockfileInfoForPackage(lockfile, packageName) {
+  const packageEntryPath = `node_modules/${packageName}`;
+  const packageEntry = lockfile?.packages?.[packageEntryPath];
+  if (packageEntry && typeof packageEntry === "object") {
+    return {
+      version: typeof packageEntry.version === "string" ? packageEntry.version : null,
+      resolved: typeof packageEntry.resolved === "string" ? packageEntry.resolved : null,
+      integrity: typeof packageEntry.integrity === "string" ? packageEntry.integrity : null,
+      entryPath: packageEntryPath
+    };
+  }
+  const dependencyEntry = lockfile?.dependencies?.[packageName];
+  if (dependencyEntry && typeof dependencyEntry === "object") {
+    return {
+      version: typeof dependencyEntry.version === "string" ? dependencyEntry.version : null,
+      resolved: typeof dependencyEntry.resolved === "string" ? dependencyEntry.resolved : null,
+      integrity: typeof dependencyEntry.integrity === "string" ? dependencyEntry.integrity : null,
+      entryPath: packageName
+    };
+  }
+  return {
+    version: null,
+    resolved: null,
+    integrity: null,
+    entryPath: null
+  };
+}
+
+/**
+ * @param {string} projectRoot
+ * @returns {{ kind: "npm"|"pnpm"|"yarn"|"bun"|null, path: string|null, data: Record<string, any>|null, note: string|null }}
+ */
+function lockfileMetadataForProject(projectRoot) {
+  const npmLockfilePath = path.join(projectRoot, "package-lock.json");
+  if (fs.existsSync(npmLockfilePath)) {
+    return {
+      kind: "npm",
+      path: npmLockfilePath,
+      data: readJsonIfPresent(npmLockfilePath),
+      note: null
+    };
+  }
+  const candidates = [
+    { kind: "pnpm", file: "pnpm-lock.yaml" },
+    { kind: "yarn", file: "yarn.lock" },
+    { kind: "bun", file: "bun.lock" },
+    { kind: "bun", file: "bun.lockb" }
+  ];
+  for (const candidate of candidates) {
+    const lockfilePath = path.join(projectRoot, candidate.file);
+    if (fs.existsSync(lockfilePath)) {
+      return {
+        kind: /** @type {"pnpm"|"yarn"|"bun"} */ (candidate.kind),
+        path: lockfilePath,
+        data: null,
+        note: `${candidate.file} found; package versions are not inspected by this command.`
+      };
+    }
+  }
+  return {
+    kind: null,
+    path: null,
+    data: null,
+    note: null
+  };
+}
+
+/**
+ * @param {string} projectRoot
+ * @param {string} packageName
+ * @returns {{ dependencyField: string|null, dependencySpec: string|null, installedVersion: string|null, installedPackageJsonPath: string|null, lockfileKind: "npm"|"pnpm"|"yarn"|"bun"|null, lockfilePath: string|null, lockfileVersion: string|null, lockfileResolved: string|null, lockfileIntegrity: string|null, lockfileEntryPath: string|null, lockfileNote: string|null }}
+ */
+function packageInfoForGenerator(projectRoot, packageName) {
+  const projectPackage = readJsonIfPresent(path.join(projectRoot, "package.json"));
+  const dependency = dependencySpecForPackage(projectPackage, packageName);
+  const lockfile = lockfileMetadataForProject(projectRoot);
+  const lockfileInfo = lockfile.kind === "npm"
+    ? npmLockfileInfoForPackage(lockfile.data, packageName)
+    : {
+        version: null,
+        resolved: null,
+        integrity: null,
+        entryPath: null
+      };
+  const installedPackageJsonPath = path.join(projectRoot, "node_modules", ...packageName.split("/"), "package.json");
+  const installedPackage = readJsonIfPresent(installedPackageJsonPath);
+  return {
+    dependencyField: dependency.field,
+    dependencySpec: dependency.spec,
+    installedVersion: typeof installedPackage?.version === "string" ? installedPackage.version : null,
+    installedPackageJsonPath: installedPackage ? installedPackageJsonPath : null,
+    lockfileKind: lockfile.kind,
+    lockfilePath: lockfile.path,
+    lockfileVersion: lockfileInfo.version,
+    lockfileResolved: lockfileInfo.resolved,
+    lockfileIntegrity: lockfileInfo.integrity,
+    lockfileEntryPath: lockfileInfo.entryPath,
+    lockfileNote: lockfile.note
+  };
+}
+
+/**
+ * @param {ReturnType<typeof packageInfoForGenerator>} packageInfo
+ * @returns {string}
+ */
+function formatGeneratorPackageLockfile(packageInfo) {
+  if (!packageInfo.lockfileKind || !packageInfo.lockfilePath) {
+    return "(not found)";
+  }
+  const label = path.basename(packageInfo.lockfilePath);
+  if (packageInfo.lockfileVersion) {
+    return `${packageInfo.lockfileKind} ${packageInfo.lockfileVersion}`;
+  }
+  return `${label} (version not inspected)`;
+}
+
+/**
+ * @param {string} projectRoot
+ * @param {import("./generator-policy.js").GeneratorPolicy} policy
+ * @param {ReturnType<typeof packageBackedGeneratorBindings>[number]} binding
+ * @returns {ReturnType<typeof packageBackedGeneratorBindings>[number] & { allowed: boolean, packageInfo: ReturnType<typeof packageInfoForGenerator>, pin: { key: string|null, version: string|null, matches: boolean|null } }}
+ */
+function generatorPolicyBindingStatus(projectRoot, policy, binding) {
+  const packagePin = policy.pinnedVersions[binding.packageName] || null;
+  const generatorPin = policy.pinnedVersions[binding.generatorId] || null;
+  const pinnedVersion = packagePin || generatorPin;
+  return {
+    ...binding,
+    allowed: generatorPackageAllowed(policy, binding.packageName),
+    packageInfo: packageInfoForGenerator(projectRoot, binding.packageName),
+    pin: {
+      key: packagePin ? binding.packageName : generatorPin ? binding.generatorId : null,
+      version: pinnedVersion,
+      matches: pinnedVersion ? pinnedVersion === binding.version : null
+    }
+  };
+}
+
+/**
+ * @param {any[]} diagnostics
+ * @param {Array<ReturnType<typeof generatorPolicyBindingStatus>>} bindings
+ * @returns {any[]}
+ */
+function annotateGeneratorPolicyDiagnostics(diagnostics, bindings) {
+  return diagnostics.map((diagnostic) => {
+    const binding = bindings.find((item) => (
+      item.packageName === diagnostic.packageName &&
+      (!diagnostic.componentId || item.componentId === diagnostic.componentId)
+    ));
+    if (!binding) {
+      return diagnostic;
+    }
+    return {
+      ...diagnostic,
+      packageVersion: binding.packageInfo.installedVersion || binding.packageInfo.lockfileVersion || null,
+      packageDependencyField: binding.packageInfo.dependencyField,
+      packageDependencySpec: binding.packageInfo.dependencySpec,
+      packageLockfileKind: binding.packageInfo.lockfileKind,
+      packageLockfilePath: binding.packageInfo.lockfilePath,
+      packageLockVersion: binding.packageInfo.lockfileVersion
+    };
+  });
+}
+
+/**
+ * @param {Array<ReturnType<typeof generatorPolicyBindingStatus>>} bindings
+ * @returns {any[]}
+ */
+function generatorPolicyPackageMetadataDiagnostics(bindings) {
+  const diagnostics = [];
+  for (const binding of bindings) {
+    if (!binding.packageInfo.dependencySpec) {
+      diagnostics.push({
+        code: "generator_package_dependency_missing",
+        severity: "warning",
+        message: `Component '${binding.componentId}' generator package '${binding.packageName}' is not declared in package.json dependencies.`,
+        path: binding.packageInfo.installedPackageJsonPath,
+        suggestedFix: `Declare '${binding.packageName}' in package.json devDependencies so generator adoption is visible in package review.`,
+        step: "generator-policy",
+        componentId: binding.componentId,
+        generatorId: binding.generatorId,
+        packageName: binding.packageName,
+        version: binding.version,
+        packageVersion: binding.packageInfo.installedVersion || binding.packageInfo.lockfileVersion || null,
+        packageDependencyField: binding.packageInfo.dependencyField,
+        packageDependencySpec: binding.packageInfo.dependencySpec,
+        packageLockfileKind: binding.packageInfo.lockfileKind,
+        packageLockfilePath: binding.packageInfo.lockfilePath,
+        packageLockVersion: binding.packageInfo.lockfileVersion
+      });
+    }
+    if (
+      binding.packageInfo.installedVersion &&
+      binding.packageInfo.lockfileVersion &&
+      binding.packageInfo.installedVersion !== binding.packageInfo.lockfileVersion
+    ) {
+      diagnostics.push({
+        code: "generator_package_version_drift",
+        severity: "warning",
+        message: `Component '${binding.componentId}' generator package '${binding.packageName}' is installed at '${binding.packageInfo.installedVersion}', but package-lock records '${binding.packageInfo.lockfileVersion}'.`,
+        path: binding.packageInfo.lockfilePath,
+        suggestedFix: "Run the package manager install command and review the resulting lockfile before pinning generator policy.",
+        step: "generator-policy",
+        componentId: binding.componentId,
+        generatorId: binding.generatorId,
+        packageName: binding.packageName,
+        version: binding.version,
+        packageVersion: binding.packageInfo.installedVersion,
+        packageDependencyField: binding.packageInfo.dependencyField,
+        packageDependencySpec: binding.packageInfo.dependencySpec,
+        packageLockfileKind: binding.packageInfo.lockfileKind,
+        packageLockfilePath: binding.packageInfo.lockfilePath,
+        packageLockVersion: binding.packageInfo.lockfileVersion
+      });
+    }
+  }
+  return diagnostics;
+}
+
 /**
  * @param {string} projectPath
- * @returns {{ ok: boolean, path: string, exists: boolean, policy: any, defaulted: boolean, bindings: ReturnType<typeof packageBackedGeneratorBindings>, diagnostics: any[], errors: string[] }}
+ * @returns {{ ok: boolean, path: string, exists: boolean, policy: any, defaulted: boolean, bindings: Array<ReturnType<typeof generatorPolicyBindingStatus>>, diagnostics: any[], errors: string[] }}
  */
 function buildGeneratorPolicyCheckPayload(projectPath) {
   const projectConfigInfo = loadProjectConfig(projectPath);
@@ -1613,7 +1877,9 @@ function buildGeneratorPolicyCheckPayload(projectPath) {
     };
   }
   const policyInfo = loadGeneratorPolicy(projectConfigInfo.configDir);
-  const bindings = packageBackedGeneratorBindings(projectConfigInfo.config);
+  const rawBindings = packageBackedGeneratorBindings(projectConfigInfo.config);
+  const policy = policyInfo.policy || effectiveGeneratorPolicy(policyInfo);
+  const bindings = rawBindings.map((binding) => generatorPolicyBindingStatus(projectConfigInfo.configDir, policy, binding));
   const diagnostics = [];
   if (!policyInfo.exists) {
     diagnostics.push({
@@ -1625,16 +1891,18 @@ function buildGeneratorPolicyCheckPayload(projectPath) {
       step: "generator-policy"
     });
   }
-  diagnostics.push(...generatorPolicyDiagnosticsForBindings(policyInfo, bindings, "generator-policy"));
-  const errors = diagnostics.filter((diagnostic) => diagnostic.severity === "error").map((diagnostic) => diagnostic.message);
+  diagnostics.push(...generatorPolicyDiagnosticsForBindings(policyInfo, rawBindings, "generator-policy"));
+  diagnostics.push(...generatorPolicyPackageMetadataDiagnostics(bindings));
+  const annotatedDiagnostics = annotateGeneratorPolicyDiagnostics(diagnostics, bindings);
+  const errors = annotatedDiagnostics.filter((diagnostic) => diagnostic.severity === "error").map((diagnostic) => diagnostic.message);
   return {
     ok: errors.length === 0,
     path: policyInfo.path,
     exists: policyInfo.exists,
-    policy: policyInfo.policy || effectiveGeneratorPolicy(policyInfo),
+    policy,
     defaulted: !policyInfo.exists,
     bindings,
-    diagnostics,
+    diagnostics: annotatedDiagnostics,
     errors
   };
 }
@@ -1686,6 +1954,25 @@ function buildGeneratorPolicyExplainPayload(projectPath) {
   };
 }
 
+/**
+ * @param {string} projectPath
+ * @returns {ReturnType<typeof buildGeneratorPolicyExplainPayload> & { summary: { packageBackedGenerators: number, allowed: number, denied: number, pinned: number, unpinned: number, pinMismatches: number } }}
+ */
+function buildGeneratorPolicyStatusPayload(projectPath) {
+  const explain = buildGeneratorPolicyExplainPayload(projectPath);
+  return {
+    ...explain,
+    summary: {
+      packageBackedGenerators: explain.bindings.length,
+      allowed: explain.bindings.filter((binding) => binding.allowed).length,
+      denied: explain.bindings.filter((binding) => !binding.allowed).length,
+      pinned: explain.bindings.filter((binding) => Boolean(binding.pin.version)).length,
+      unpinned: explain.bindings.filter((binding) => !binding.pin.version).length,
+      pinMismatches: explain.bindings.filter((binding) => binding.pin.matches === false).length
+    }
+  };
+}
+
 /**
  * @param {ReturnType<typeof buildGeneratorPolicyCheckPayload>} payload
  * @returns {void}
@@ -1698,6 +1985,15 @@ function printGeneratorPolicyCheckPayload(payload) {
   console.log(`Package-backed generators: ${payload.bindings.length}`);
   for (const binding of payload.bindings) {
     console.log(`- ${binding.componentId}: ${binding.generatorId}@${binding.version} via ${binding.packageName}`);
+    console.log(`  npm package: ${binding.packageInfo.installedVersion || "(not installed)"}`);
+    if (binding.packageInfo.dependencySpec) {
+      console.log(`  dependency: ${binding.packageInfo.dependencyField} ${binding.packageInfo.dependencySpec}`);
+    }
+    if (binding.packageInfo.lockfileVersion) {
+      console.log(`  lockfile: ${formatGeneratorPackageLockfile(binding.packageInfo)}`);
+    } else if (binding.packageInfo.lockfileKind) {
+      console.log(`  lockfile: ${formatGeneratorPackageLockfile(binding.packageInfo)}`);
+    }
   }
   for (const diagnostic of payload.diagnostics) {
     console.log(`[${diagnostic.severity}] ${diagnostic.code}: ${diagnostic.message}`);
@@ -1710,6 +2006,51 @@ function printGeneratorPolicyCheckPayload(payload) {
   }
 }
 
+/**
+ * @param {ReturnType<typeof buildGeneratorPolicyStatusPayload>} payload
+ * @returns {void}
+ */
+function printGeneratorPolicyStatusPayload(payload) {
+  console.log(payload.ok ? "Generator policy status: allowed" : "Generator policy status: denied");
+  console.log(`Policy file: ${payload.path}`);
+  console.log(`Policy file exists: ${payload.exists ? "yes" : "no"}`);
+  console.log(`Default policy active: ${payload.defaulted ? "yes" : "no"}`);
+  console.log(`Package-backed generators: ${payload.summary.packageBackedGenerators}`);
+  console.log(`Allowed packages: ${payload.summary.allowed}`);
+  console.log(`Denied packages: ${payload.summary.denied}`);
+  console.log(`Pinned generators: ${payload.summary.pinned}`);
+  console.log(`Unpinned generators: ${payload.summary.unpinned}`);
+  console.log(`Pin mismatches: ${payload.summary.pinMismatches}`);
+  if (payload.bindings.length > 0) {
+    console.log("");
+    console.log("Generator packages:");
+  }
+  for (const binding of payload.bindings) {
+    console.log(`- ${binding.componentId}: ${binding.generatorId}@${binding.version} via ${binding.packageName}`);
+    console.log(`  allowed: ${binding.allowed ? "yes" : "no"}`);
+    console.log(`  npm package: ${binding.packageInfo.installedVersion || "(not installed)"}`);
+    console.log(`  dependency: ${binding.packageInfo.dependencyField && binding.packageInfo.dependencySpec ? `${binding.packageInfo.dependencyField} ${binding.packageInfo.dependencySpec}` : "(not declared)"}`);
+    console.log(`  lockfile: ${formatGeneratorPackageLockfile(binding.packageInfo)}`);
+    console.log(`  policy pin: ${binding.pin.version ? `${binding.pin.key}@${binding.pin.version}` : "(none)"}`);
+  }
+  for (const diagnostic of payload.diagnostics) {
+    const label = diagnostic.severity === "warning" ? "Warning" : "Error";
+    console.log(`${label}: ${diagnostic.code}: ${diagnostic.message}`);
+    if (diagnostic.packageVersion) {
+      console.log(`  package version: ${diagnostic.packageVersion}`);
+    }
+    if (diagnostic.packageDependencySpec) {
+      console.log(`  dependency: ${diagnostic.packageDependencyField} ${diagnostic.packageDependencySpec}`);
+    }
+    if (diagnostic.packageLockfilePath) {
+      console.log(`  lockfile: ${path.basename(diagnostic.packageLockfilePath)}${diagnostic.packageLockVersion ? ` ${diagnostic.packageLockVersion}` : ""}`);
+    }
+    if (diagnostic.suggestedFix) {
+      console.log(`  fix: ${diagnostic.suggestedFix}`);
+    }
+  }
+}
+
 /**
  * @param {ReturnType<typeof buildGeneratorPolicyExplainPayload>} payload
  * @returns {void}
@@ -1727,6 +2068,10 @@ function printGeneratorPolicyExplainPayload(payload) {
     console.log("Package-backed generators:");
     for (const binding of payload.bindings) {
       console.log(`- ${binding.componentId}: ${binding.generatorId}@${binding.version} via ${binding.packageName}`);
+      console.log(`  npm package: ${binding.packageInfo.installedVersion || "(not installed)"}`);
+      if (binding.packageInfo.dependencySpec) {
+        console.log(`  dependency: ${binding.packageInfo.dependencyField} ${binding.packageInfo.dependencySpec}`);
+      }
     }
   }
   if (payload.rules.length > 0) {
@@ -1839,10 +2184,6 @@ function buildGeneratorPolicyPinPayload(projectPath, spec) {
     if (!allowedPackages.includes(pin.packageName)) {
       allowedPackages.push(pin.packageName);
     }
-    const scope = packageScopeFromName(pin.packageName);
-    if (scope && !allowedPackageScopes.includes(scope)) {
-      allowedPackageScopes.push(scope);
-    }
     pinnedVersions[pin.packageName] = pin.version;
   }
   const nextPolicy = {
@@ -3715,6 +4056,7 @@ function printNewProjectResult(result, cwd) {
   console.log("  npm run source:status");
   console.log("  npm run template:explain");
   console.log("  npm run check");
+  console.log("  npm run generator:policy:status");
   console.log("  npm run generator:policy:check");
   if (template.includesExecutableImplementation) {
     console.log("  npm run template:policy:explain");
@@ -7219,6 +7561,8 @@ if (args[0] === "version" || args[0] === "--version") {
   commandArgs = { generatorCheck: true, inputPath: args[2] };
 } else if (args[0] === "generator" && args[1] === "policy" && args[2] === "init") {
   commandArgs = { generatorPolicyInit: true, inputPath: commandPath(3) };
+} else if (args[0] === "generator" && args[1] === "policy" && args[2] === "status") {
+  commandArgs = { generatorPolicyStatus: true, inputPath: commandPath(3) };
 } else if (args[0] === "generator" && args[1] === "policy" && args[2] === "check") {
   commandArgs = { generatorPolicyCheck: true, inputPath: commandPath(3) };
 } else if (args[0] === "generator" && args[1] === "policy" && args[2] === "explain") {
@@ -7422,6 +7766,7 @@ const shouldGeneratorList = Boolean(commandArgs?.generatorList);
 const shouldGeneratorShow = Boolean(commandArgs?.generatorShow);
 const shouldGeneratorCheck = Boolean(commandArgs?.generatorCheck);
 const shouldGeneratorPolicyInit = Boolean(commandArgs?.generatorPolicyInit);
+const shouldGeneratorPolicyStatus = Boolean(commandArgs?.generatorPolicyStatus);
 const shouldGeneratorPolicyCheck = Boolean(commandArgs?.generatorPolicyCheck);
 const shouldGeneratorPolicyExplain = Boolean(commandArgs?.generatorPolicyExplain);
 const shouldGeneratorPolicyPin = Boolean(commandArgs?.generatorPolicyPin);
@@ -7558,7 +7903,7 @@ const outIndex = args.indexOf("--out");
 const outPath = outIndex >= 0 ? args[outIndex + 1] : null;
 const effectiveOutDir = outDir || outPath || commandArgs?.defaultOutDir || null;
 
-if ((shouldCheck || shouldComponentCheck || shouldComponentBehavior || shouldGeneratorCheck || shouldGeneratorPolicyInit || shouldGeneratorPolicyCheck || shouldGeneratorPolicyExplain || shouldGeneratorPolicyPin || shouldValidate || shouldTrustTemplate || shouldTrustStatus || shouldTrustDiff || shouldSourceStatus || shouldTemplateExplain || shouldTemplateStatus || shouldTemplateDetach || shouldTemplatePolicyInit || shouldTemplatePolicyCheck || shouldTemplatePolicyExplain || shouldTemplatePolicyPin || shouldTemplateCheck || shouldTemplateUpdate || generateTarget === "app-bundle") && !inputPath) {
+if ((shouldCheck || shouldComponentCheck || shouldComponentBehavior || shouldGeneratorCheck || shouldGeneratorPolicyInit || shouldGeneratorPolicyStatus || shouldGeneratorPolicyCheck || shouldGeneratorPolicyExplain || shouldGeneratorPolicyPin || shouldValidate || shouldTrustTemplate || shouldTrustStatus || shouldTrustDiff || shouldSourceStatus || shouldTemplateExplain || shouldTemplateStatus || shouldTemplateDetach || shouldTemplatePolicyInit || shouldTemplatePolicyCheck || shouldTemplatePolicyExplain || shouldTemplatePolicyPin || shouldTemplateCheck || shouldTemplateUpdate || generateTarget === "app-bundle") && !inputPath) {
   console.error("Missing required <path>.");
   printUsage();
   process.exit(1);
@@ -7612,7 +7957,7 @@ if (shouldQueryShow && !commandArgs?.queryShowName) {
   process.exit(1);
 }
 
-if ((shouldCheck || shouldComponentCheck || shouldComponentBehavior || shouldValidate || shouldGeneratorPolicyInit || shouldGeneratorPolicyCheck || shouldGeneratorPolicyExplain || shouldGeneratorPolicyPin || shouldTrustTemplate || shouldTrustStatus || shouldTrustDiff || shouldTemplateExplain || shouldTemplateStatus || shouldTemplatePolicyInit || shouldTemplatePolicyCheck || shouldTemplatePolicyExplain || shouldTemplatePolicyPin || shouldTemplateUpdate || generateTarget === "app-bundle") && inputPath) {
+if ((shouldCheck || shouldComponentCheck || shouldComponentBehavior || shouldValidate || shouldGeneratorPolicyInit || shouldGeneratorPolicyStatus || shouldGeneratorPolicyCheck || shouldGeneratorPolicyExplain || shouldGeneratorPolicyPin || shouldTrustTemplate || shouldTrustStatus || shouldTrustDiff || shouldTemplateExplain || shouldTemplateStatus || shouldTemplatePolicyInit || shouldTemplatePolicyCheck || shouldTemplatePolicyExplain || shouldTemplatePolicyPin || shouldTemplateUpdate || generateTarget === "app-bundle") && inputPath) {
   inputPath = normalizeTopogramPath(inputPath);
 }
 
@@ -7762,6 +8107,16 @@ try {
     process.exit(0);
   }
 
+  if (shouldGeneratorPolicyStatus) {
+    const payload = buildGeneratorPolicyStatusPayload(inputPath);
+    if (emitJson) {
+      console.log(stableStringify(payload));
+    } else {
+      printGeneratorPolicyStatusPayload(payload);
+    }
+    process.exit(payload.ok ? 0 : 1);
+  }
+
   if (shouldGeneratorPolicyCheck) {
     const payload = buildGeneratorPolicyCheckPayload(inputPath);
     if (emitJson) {

package/src/new-project.js

@@ -1975,6 +1975,7 @@ function writeProjectPackage(projectRoot, engineRoot, template) {
       "template:detach:dry-run": "topogram template detach --dry-run",
       "template:policy:check": "topogram template policy check",
       "template:policy:explain": "topogram template policy explain",
+      "generator:policy:status": "topogram generator policy status",
       "generator:policy:check": "topogram generator policy check",
       "generator:policy:explain": "topogram generator policy explain",
       "template:update:status": "topogram template update --status",
@@ -2052,6 +2053,7 @@ Useful inspection:
    npm run template:detach:dry-run
    npm run template:policy:check
    npm run template:policy:explain
+   npm run generator:policy:status
    npm run generator:policy:check
    npm run generator:policy:explain
    npm run template:update:status
@@ -2084,6 +2086,7 @@ function writeProjectReadme(projectRoot, projectConfig) {
     "npm run template:explain",
     "npm run check",
     "npm run template:policy:check",
+    "npm run generator:policy:status",
     "npm run generator:policy:check",
     ...(template.includesExecutableImplementation ? [
       "npm run template:policy:explain",