@treeseed/cli 0.4.11 → 0.5.1

package/README.md

@@ -21,11 +21,14 @@ npm install @treeseed/cli @treeseed/core @treeseed/sdk
 
 Workflow guarantees:
 
-- `treeseed init`, `treeseed config`, and `treeseed release` resolve the project from nested directories and do not rely on the currently checked-out task branch.
-- `treeseed switch` requires a clean worktree before leaving the current branch and creates new task branches from the latest `staging`.
-- `treeseed save` is the canonical checkpoint command: it syncs the current branch with origin, succeeds even when no new changes exist, and can create or refresh preview deployments with `--preview`.
-- `treeseed stage` and `treeseed close` auto-save meaningful uncommitted task-branch changes before merge or cleanup, then leave the repository on `staging`.
-- `treeseed release` completes on `staging` after promoting `staging` into `main` and pushing the release tag.
+- `treeseed` is the only supported project-management surface for market and any checked-out `packages/sdk`, `packages/core`, and `packages/cli` repos.
+- `treeseed switch` requires clean worktrees, mirrors the task branch into checked-out package repos, and only pushes the market branch on branch creation.
+- `treeseed save` is the canonical recursive checkpoint command: it verifies, commits, and pushes dirty package repos in dependency order before saving the market repo.
+- `treeseed stage` squash-merges task branches into `staging` across package repos first, refreshes market submodule pointers to package `staging` heads, then stages the market repo.
+- `treeseed close` recursively archives and deletes matching task branches across market and checked-out package repos.
+- `treeseed release` only bumps, tags, and publishes changed packages plus internal dependents, then syncs market production to package `main` heads.
+- Every mutating workflow command supports `--plan`; `--dry-run` is only an alias where it still exists for compatibility.
+- Interrupted workflow runs are journaled under `.treeseed/workflow`; use `treeseed recover` to inspect them and `treeseed resume <run-id>` to continue a resumable run.
 
 After installation, the published binary is available as:
 
@@ -42,11 +45,13 @@ The main workflow commands exposed by the current CLI are:
 - `treeseed tasks [--json]`
 - `treeseed switch <branch-name> [--preview]`
 - `treeseed dev`
-- `treeseed save [--preview] "<commit message>"`
+- `treeseed save [--preview] [--plan] "<commit message>"`
 - `treeseed stage "<resolution message>"`
 - `treeseed close "<close reason>"`
-- `treeseed release --major|--minor|--patch`
-- `treeseed destroy --environment <local|staging|prod>`
+- `treeseed release --major|--minor|--patch [--plan]`
+- `treeseed resume <run-id>`
+- `treeseed recover`
+- `treeseed destroy --environment <local|staging|prod> [--plan]`
 
 Support utilities such as `treeseed rollback`, `treeseed doctor`, `treeseed auth:*`, `treeseed template`, `treeseed sync`, `treeseed lint`, `treeseed test`, `treeseed build`, service helpers, and `treeseed agents ...` remain available.
 
@@ -57,14 +62,36 @@ Use `treeseed help` for the full command list and `treeseed help <command>` for
 ```bash
 treeseed status
 treeseed config
+treeseed switch feature/search-improvements --plan
 treeseed switch feature/search-improvements --preview
 treeseed dev
 treeseed save --preview "feat: add search filters"
 treeseed stage "feat: add search filters"
 treeseed release --patch
+treeseed recover
 treeseed status --json
 ```
 
+## Agent-Safe Workflow
+
+Use planning mode before any destructive or multi-repo mutation:
+
+```bash
+treeseed switch feature/search-improvements --plan --json
+treeseed save --plan "feat: add search filters" --json
+treeseed stage --plan "feat: add search filters" --json
+treeseed release --patch --plan --json
+```
+
+If a workflow stops partway through, inspect the journaled state and resume from the recorded run:
+
+```bash
+treeseed recover
+treeseed resume <run-id>
+```
+
+In a full checked-out workspace, `treeseed tasks`, `treeseed status`, and `treeseed doctor` also report package-branch drift, dirty embedded repos, active workflow locks, and interrupted runs.
+
 ## Maintainer Workflow
 
 All package maintenance commands are npm-based and run from the `cli/` package root. This package verifies the published command surface, parser/help behavior, and packaged artifact shape.

package/dist/cli/handlers/auth-login.js

@@ -1,66 +1,78 @@
 import { RemoteTreeseedAuthClient, RemoteTreeseedClient } from "@treeseed/sdk/remote";
 import {
   resolveTreeseedRemoteConfig,
-  setTreeseedRemoteSession
+  setTreeseedRemoteSession,
+  TreeseedKeyAgentError
 } from "@treeseed/sdk/workflow-support";
 import { guidedResult } from "./utils.js";
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
 const handleAuthLogin = async (invocation, context) => {
-  const tenantRoot = context.cwd;
-  const remoteConfig = resolveTreeseedRemoteConfig(tenantRoot, context.env);
-  const hostId = typeof invocation.args.host === "string" ? invocation.args.host : remoteConfig.activeHostId;
-  const client = new RemoteTreeseedAuthClient(new RemoteTreeseedClient({
-    ...remoteConfig,
-    activeHostId: hostId
-  }));
-  const started = await client.startDeviceFlow({
-    clientName: "treeseed-cli",
-    scopes: ["auth:me", "sdk", "operations"]
-  });
-  if (context.outputFormat !== "json") {
-    context.write(`Open ${started.verificationUriComplete}`, "stdout");
-    context.write(`User code: ${started.userCode}`, "stdout");
-    context.write("Waiting for approval...", "stdout");
-  }
-  const deadline = Date.parse(started.expiresAt);
-  while (Date.now() < deadline) {
-    const response = await client.pollDeviceFlow({ deviceCode: started.deviceCode });
-    if (response.ok && response.status === "approved") {
-      setTreeseedRemoteSession(tenantRoot, {
-        hostId,
-        accessToken: response.accessToken,
-        refreshToken: response.refreshToken,
-        expiresAt: response.expiresAt,
-        principal: response.principal
-      });
-      return guidedResult({
-        command: "auth:login",
-        summary: "Treeseed API login completed successfully.",
-        facts: [
-          { label: "Host", value: hostId },
-          { label: "Principal", value: response.principal.displayName ?? response.principal.id },
-          { label: "Scopes", value: response.principal.scopes.join(", ") }
-        ],
-        report: {
+  try {
+    const tenantRoot = context.cwd;
+    const remoteConfig = resolveTreeseedRemoteConfig(tenantRoot, context.env);
+    const hostId = typeof invocation.args.host === "string" ? invocation.args.host : remoteConfig.activeHostId;
+    const client = new RemoteTreeseedAuthClient(new RemoteTreeseedClient({
+      ...remoteConfig,
+      activeHostId: hostId
+    }));
+    const started = await client.startDeviceFlow({
+      clientName: "treeseed-cli",
+      scopes: ["auth:me", "sdk", "operations"]
+    });
+    if (context.outputFormat !== "json") {
+      context.write(`Open ${started.verificationUriComplete}`, "stdout");
+      context.write(`User code: ${started.userCode}`, "stdout");
+      context.write("Waiting for approval...", "stdout");
+    }
+    const deadline = Date.parse(started.expiresAt);
+    while (Date.now() < deadline) {
+      const response = await client.pollDeviceFlow({ deviceCode: started.deviceCode });
+      if (response.ok && response.status === "approved") {
+        setTreeseedRemoteSession(tenantRoot, {
           hostId,
+          accessToken: response.accessToken,
+          refreshToken: response.refreshToken,
+          expiresAt: response.expiresAt,
           principal: response.principal
-        }
-      });
+        });
+        return guidedResult({
+          command: "auth:login",
+          summary: "Treeseed API login completed successfully.",
+          facts: [
+            { label: "Host", value: hostId },
+            { label: "Principal", value: response.principal.displayName ?? response.principal.id },
+            { label: "Scopes", value: response.principal.scopes.join(", ") }
+          ],
+          report: {
+            hostId,
+            principal: response.principal
+          }
+        });
+      }
+      if (!response.ok && response.status !== "already_used") {
+        return {
+          exitCode: 1,
+          stderr: [response.error]
+        };
+      }
+      await sleep(started.intervalSeconds * 1e3);
     }
-    if (!response.ok && response.status !== "already_used") {
+    return {
+      exitCode: 1,
+      stderr: ["Treeseed API login expired before approval completed."]
+    };
+  } catch (error) {
+    if (error instanceof TreeseedKeyAgentError) {
       return {
         exitCode: 1,
-        stderr: [response.error]
+        stderr: [error.message],
+        report: { command: "auth:login", ok: false, code: error.code, details: error.details ?? null }
       };
     }
-    await sleep(started.intervalSeconds * 1e3);
+    throw error;
   }
-  return {
-    exitCode: 1,
-    stderr: ["Treeseed API login expired before approval completed."]
-  };
 };
 export {
   handleAuthLogin

package/dist/cli/handlers/auth-logout.js

@@ -1,19 +1,31 @@
 import {
   clearTreeseedRemoteSession,
-  resolveTreeseedRemoteConfig
+  resolveTreeseedRemoteConfig,
+  TreeseedKeyAgentError
 } from "@treeseed/sdk/workflow-support";
 import { guidedResult } from "./utils.js";
 const handleAuthLogout = async (invocation, context) => {
-  const tenantRoot = context.cwd;
-  const remoteConfig = resolveTreeseedRemoteConfig(tenantRoot, context.env);
-  const hostId = typeof invocation.args.host === "string" ? invocation.args.host : remoteConfig.activeHostId;
-  clearTreeseedRemoteSession(tenantRoot, hostId);
-  return guidedResult({
-    command: "auth:logout",
-    summary: "Cleared the local Treeseed API session.",
-    facts: [{ label: "Host", value: hostId }],
-    report: { hostId }
-  });
+  try {
+    const tenantRoot = context.cwd;
+    const remoteConfig = resolveTreeseedRemoteConfig(tenantRoot, context.env);
+    const hostId = typeof invocation.args.host === "string" ? invocation.args.host : remoteConfig.activeHostId;
+    clearTreeseedRemoteSession(tenantRoot, hostId);
+    return guidedResult({
+      command: "auth:logout",
+      summary: "Cleared the local Treeseed API session.",
+      facts: [{ label: "Host", value: hostId }],
+      report: { hostId }
+    });
+  } catch (error) {
+    if (error instanceof TreeseedKeyAgentError) {
+      return {
+        exitCode: 1,
+        stderr: [error.message],
+        report: { command: "auth:logout", ok: false, code: error.code, details: error.details ?? null }
+      };
+    }
+    throw error;
+  }
 };
 export {
   handleAuthLogout

package/dist/cli/handlers/auth-whoami.js

@@ -1,23 +1,34 @@
 import { RemoteTreeseedAuthClient, RemoteTreeseedClient } from "@treeseed/sdk/remote";
-import { resolveTreeseedRemoteConfig } from "@treeseed/sdk/workflow-support";
+import { resolveTreeseedRemoteConfig, TreeseedKeyAgentError } from "@treeseed/sdk/workflow-support";
 import { guidedResult } from "./utils.js";
 const handleAuthWhoAmI = async (_invocation, context) => {
-  const remoteConfig = resolveTreeseedRemoteConfig(context.cwd, context.env);
-  const client = new RemoteTreeseedAuthClient(new RemoteTreeseedClient(remoteConfig));
-  const response = await client.whoAmI();
-  return guidedResult({
-    command: "auth:whoami",
-    summary: "Treeseed API identity",
-    facts: [
-      { label: "Host", value: remoteConfig.activeHostId },
-      { label: "Principal", value: response.payload.displayName ?? response.payload.id },
-      { label: "Scopes", value: response.payload.scopes.join(", ") }
-    ],
-    report: {
-      hostId: remoteConfig.activeHostId,
-      principal: response.payload
+  try {
+    const remoteConfig = resolveTreeseedRemoteConfig(context.cwd, context.env);
+    const client = new RemoteTreeseedAuthClient(new RemoteTreeseedClient(remoteConfig));
+    const response = await client.whoAmI();
+    return guidedResult({
+      command: "auth:whoami",
+      summary: "Treeseed API identity",
+      facts: [
+        { label: "Host", value: remoteConfig.activeHostId },
+        { label: "Principal", value: response.payload.displayName ?? response.payload.id },
+        { label: "Scopes", value: response.payload.scopes.join(", ") }
+      ],
+      report: {
+        hostId: remoteConfig.activeHostId,
+        principal: response.payload
+      }
+    });
+  } catch (error) {
+    if (error instanceof TreeseedKeyAgentError) {
+      return {
+        exitCode: 1,
+        stderr: [error.message],
+        report: { command: "auth:whoami", ok: false, code: error.code, details: error.details ?? null }
+      };
     }
-  });
+    throw error;
+  }
 };
 export {
   handleAuthWhoAmI

package/dist/cli/handlers/close.js

@@ -3,21 +3,26 @@ import { createWorkflowSdk, renderWorkflowNextSteps, workflowErrorResult } from
 const handleClose = async (invocation, context) => {
   try {
     const result = await createWorkflowSdk(context).close({
-      message: invocation.positionals.join(" ").trim()
+      message: invocation.positionals.join(" ").trim(),
+      plan: invocation.args.plan === true || invocation.args.dryRun === true,
+      dryRun: invocation.args.dryRun === true
     });
     const payload = result.payload;
+    const deletedPackages = payload.repos.filter((repo) => repo.deletedLocal || repo.deletedRemote).length;
     return guidedResult({
       command: invocation.commandName || "close",
-      summary: "Treeseed close completed successfully.",
+      summary: result.executionMode === "plan" ? "Treeseed close plan ready." : "Treeseed close completed successfully.",
       facts: [
+        { label: "Mode", value: payload.mode },
         { label: "Closed branch", value: payload.branchName },
         { label: "Auto-saved", value: payload.autoSaved ? "yes" : "no" },
-        { label: "Deprecated tag", value: payload.deprecatedTag.tagName },
+        { label: "Deprecated tag", value: payload.rootRepo.tagName ?? payload.deprecatedTag.tagName },
+        { label: "Package branches cleaned", value: String(deletedPackages) },
         { label: "Preview cleanup", value: payload.previewCleanup.performed ? "performed" : "not needed" },
         { label: "Final branch", value: payload.finalBranch }
       ],
       nextSteps: renderWorkflowNextSteps(result),
-      report: payload
+      report: result
     });
   } catch (error) {
     return workflowErrorResult(error);

package/dist/cli/handlers/config-ui.d.ts

@@ -1,16 +1,26 @@
 import { type UiViewportLayout } from '../ui/framework.js';
-type ConfigScope = 'all' | 'local' | 'staging' | 'prod';
+type ConfigScope = 'local' | 'staging' | 'prod';
 export type ConfigViewMode = 'startup' | 'full';
+type ConfigValidation = {
+    kind: 'string' | 'nonempty' | 'boolean' | 'number' | 'url' | 'email';
+} | {
+    kind: 'enum';
+    values: string[];
+};
 type ConfigEntry = {
     id: string;
     label: string;
     group: string;
+    cluster: string;
+    startupProfile: 'core' | 'optional' | 'advanced';
+    requirement: 'required' | 'conditional' | 'optional';
     description: string;
     howToGet: string;
     sensitivity: 'secret' | 'plain' | 'derived';
     targets: string[];
     purposes: string[];
     storage: 'shared' | 'scoped';
+    validation?: ConfigValidation;
     scope: Exclude<ConfigScope, 'all'>;
     sharedScopes: Array<Exclude<ConfigScope, 'all'>>;
     required: boolean;
@@ -25,23 +35,28 @@ type ConfigContextSnapshot = {
     };
     scopes: Array<Exclude<ConfigScope, 'all'>>;
     entriesByScope: Record<Exclude<ConfigScope, 'all'>, ConfigEntry[]>;
-    authStatusByScope: Record<Exclude<ConfigScope, 'all'>, {
-        gh: {
-            authenticated: boolean;
+    configReadinessByScope: Record<Exclude<ConfigScope, 'all'>, {
+        github: {
+            configured: boolean;
         };
-        wrangler: {
-            authenticated: boolean;
+        cloudflare: {
+            configured: boolean;
         };
         railway: {
-            authenticated: boolean;
+            configured: boolean;
+        };
+        localDevelopment: {
+            configured: boolean;
         };
     }>;
 };
 export type ConfigPage = {
+    kind: 'entry';
     key: string;
     entry: ConfigEntry;
-    scope: Exclude<ConfigScope, 'all'>;
-    scopes: Array<Exclude<ConfigScope, 'all'>>;
+    scope: ConfigScope;
+    scopes: ConfigScope[];
+    requiredScopes: ConfigScope[];
     required: boolean;
     currentValue: string;
     suggestedValue: string;
@@ -56,6 +71,15 @@ export type ConfigEditorResult = {
     overrides: Record<string, string>;
     viewMode: ConfigViewMode;
 };
+type ConfigCommitUpdate = {
+    scope: Exclude<ConfigScope, 'all'>;
+    entryId: string;
+    value: string;
+};
+export type ConfigInputState = {
+    value: string;
+    cursor: number;
+};
 export type ConfigViewportLayout = UiViewportLayout & {
     sidebarWidth: number;
     contentWidth: number;
@@ -64,9 +88,41 @@ export type ConfigViewportLayout = UiViewportLayout & {
     inputHeight: number;
     actionRowHeight: number;
 };
+export declare function filterCliConfigPages(pages: ConfigPage[], query: string): ConfigPage[];
 export declare function computeConfigViewportLayout(rows: number, columns: number): ConfigViewportLayout;
 export declare function buildCliConfigPages(context: ConfigContextSnapshot, selectedFilter: ConfigScope, overrides?: Record<string, string>, viewMode?: ConfigViewMode): ConfigPage[];
+export declare function normalizeConfigInputChunk(input: string): string;
+export declare function applyConfigInputInsertion(state: ConfigInputState, input: string): ConfigInputState;
+export declare function readLinuxClipboardText(): string | null;
 export declare function runCliConfigEditor(context: ConfigContextSnapshot, options?: {
     initialViewMode?: ConfigViewMode;
+    mouseEnabled?: boolean;
+    initialStatusMessage?: string;
+    toolAvailability?: {
+        githubCli?: {
+            available: boolean;
+        };
+        wranglerCli?: {
+            available: boolean;
+        };
+        railwayCli?: {
+            available: boolean;
+        };
+        ghActExtension?: {
+            available: boolean;
+        };
+        dockerDaemon?: {
+            available: boolean;
+        };
+    };
+    secretSession?: {
+        status?: {
+            unlocked?: boolean;
+        };
+        createdWrappedKey?: boolean;
+        migratedWrappedKey?: boolean;
+        unlockSource?: string;
+    };
+    onCommit?: (update: ConfigCommitUpdate) => Promise<ConfigContextSnapshot> | ConfigContextSnapshot;
 }): Promise<ConfigEditorResult | null>;
 export {};