atris 2.6.3 → 3.0.1

package/commands/push.js

@@ -1,10 +1,11 @@
 const fs = require('fs');
 const path = require('path');
+const crypto = require('crypto');
 const { loadCredentials } = require('../utils/auth');
 const { apiRequestJson } = require('../utils/api');
 const { loadBusinesses, saveBusinesses } = require('./business');
-const { loadManifest, saveManifest, computeFileHash, buildManifest, computeLocalHashes, threeWayCompare, SKIP_DIRS } = require('../lib/manifest');
-const { sectionMerge } = require('../lib/section-merge');
+const { loadManifest, saveManifest, buildManifest, computeLocalHashes } = require('../lib/manifest');
+const { normalizeWikiOnlyPrefix } = require('../lib/wiki');
 
 async function pushAtris() {
   let slug = process.argv[3];
@@ -18,55 +19,45 @@ async function pushAtris() {
         slug = biz.slug || biz.name;
       } catch {}
     }
-    // If still no slug (no .atris/business.json), need explicit name
-    if (!slug || slug.startsWith('-')) {
-      slug = null;
-    }
+    if (!slug || slug.startsWith('-')) slug = null;
   }
 
   if (!slug || slug === '--help') {
-    console.log('Usage: atris push [business-slug] [--from <path>] [--force]');
-    console.log('');
-    console.log('Push local files to a Business Computer.');
-    console.log('If run inside a pulled folder, business is auto-detected.');
+    console.log('Usage: atris push [business] [--from <path>] [--only <prefix>] [--force]');
     console.log('');
-    console.log('Options:');
-    console.log('  --from <path>   Push from a custom directory');
-    console.log('  --force         Push everything, overwrite conflicts');
+    console.log('  Push requires a fresh pull. If cloud has changed since your last pull,');
+    console.log('  the push will be blocked until you run `atris pull`. Use --force to override.');
     console.log('');
-    console.log('Examples:');
-    console.log('  atris push                           Auto-detect from current folder');
-    console.log('  atris push pallet                    Push from atris/pallet/ or ./pallet/');
-    console.log('  atris push pallet --from ./my-dir/   Push from a custom directory');
+    console.log('  atris push                   Push from current folder (auto-detect business)');
+    console.log('  atris push pallet            Push pallet/ or atris/pallet/');
+    console.log('  atris push pallet --only team/nate   Only push files in team/nate/');
+    console.log('  atris push --force           Bypass freshness check (force-push, may overwrite cloud changes)');
     process.exit(0);
   }
 
   const force = process.argv.includes('--force');
+  const dryRun = process.argv.includes('--dry-run');
 
-  // Parse --only flag: filter which files to push
+  // Parse --only
   let onlyRaw = null;
-  const onlyEqArg = process.argv.find(a => a.startsWith('--only='));
-  if (onlyEqArg) {
-    onlyRaw = onlyEqArg.slice('--only='.length);
-  } else {
-    const onlyIdx = process.argv.indexOf('--only');
-    if (onlyIdx !== -1 && process.argv[onlyIdx + 1] && !process.argv[onlyIdx + 1].startsWith('-')) {
-      onlyRaw = process.argv[onlyIdx + 1];
-    }
+  const onlyEq = process.argv.find(a => a.startsWith('--only='));
+  if (onlyEq) onlyRaw = onlyEq.slice(7);
+  else {
+    const oi = process.argv.indexOf('--only');
+    if (oi !== -1 && process.argv[oi + 1] && !process.argv[oi + 1].startsWith('-')) onlyRaw = process.argv[oi + 1];
   }
   const onlyPrefixes = onlyRaw
     ? onlyRaw.split(',').map(p => {
-        let norm = p.replace(/^\//, '');
-        if (norm && !norm.endsWith('/') && !norm.includes('.')) norm += '/';
-        return '/' + norm;
-      }).filter(Boolean)
+        const wikiPrefix = normalizeWikiOnlyPrefix(p);
+        if (wikiPrefix) return `/${wikiPrefix.replace(/^\//, '')}`;
+        let n = '/' + p.replace(/^\//, '');
+        if (!n.endsWith('/') && !n.includes('.')) n += '/';
+        return n;
+      })
     : null;
 
   const creds = loadCredentials();
-  if (!creds || !creds.token) {
-    console.error('Not logged in. Run: atris login');
-    process.exit(1);
-  }
+  if (!creds || !creds.token) { console.error('Not logged in. Run: atris login'); process.exit(1); }
 
   // Determine source directory
   const fromIdx = process.argv.indexOf('--from');
@@ -74,74 +65,71 @@ async function pushAtris() {
   if (fromIdx !== -1 && process.argv[fromIdx + 1]) {
     sourceDir = path.resolve(process.argv[fromIdx + 1]);
   } else if (fs.existsSync(path.join(process.cwd(), '.atris', 'business.json'))) {
-    // Inside a pulled folder — push from here
     sourceDir = process.cwd();
   } else {
     const atrisDir = path.join(process.cwd(), 'atris', slug);
     const cwdDir = path.join(process.cwd(), slug);
-    if (fs.existsSync(atrisDir)) {
-      sourceDir = atrisDir;
-    } else if (fs.existsSync(cwdDir)) {
-      sourceDir = cwdDir;
-    } else {
+    if (fs.existsSync(atrisDir)) sourceDir = atrisDir;
+    else if (fs.existsSync(cwdDir)) sourceDir = cwdDir;
+    else {
       console.error(`No local folder found for "${slug}".`);
-      console.error(`Expected: atris/${slug}/ or ./${slug}/`);
-      console.error('Or specify: atris push pallet --from ./path/to/folder');
+      console.error('Run from inside a pulled folder, or: atris push pallet --from ./path');
       process.exit(1);
     }
   }
 
-  if (!fs.existsSync(sourceDir)) {
-    console.error(`Source directory not found: ${sourceDir}`);
-    process.exit(1);
-  }
+  if (!fs.existsSync(sourceDir)) { console.error(`Source not found: ${sourceDir}`); process.exit(1); }
 
-  // Resolve business ID
+  // Resolve business — always refresh from API
   let businessId, workspaceId, businessName, resolvedSlug;
   const businesses = loadBusinesses();
-
-  if (businesses[slug]) {
-    businessId = businesses[slug].business_id;
-    workspaceId = businesses[slug].workspace_id;
-    businessName = businesses[slug].name || slug;
-    resolvedSlug = businesses[slug].slug || slug;
-  } else {
-    const listResult = await apiRequestJson('/businesses/', { method: 'GET', token: creds.token });
-    if (!listResult.ok) {
-      console.error(`Failed to fetch businesses: ${listResult.errorMessage || listResult.status}`);
-      process.exit(1);
-    }
-    const match = (listResult.data || []).find(
-      b => b.slug === slug || b.name.toLowerCase() === slug.toLowerCase()
-    );
-    if (!match) {
-      console.error(`Business "${slug}" not found.`);
-      process.exit(1);
-    }
+  const listResult = await apiRequestJson('/business/', { method: 'GET', token: creds.token });
+  if (listResult.ok) {
+    const match = (listResult.data || []).find(b => b.slug === slug || b.name.toLowerCase() === slug.toLowerCase());
+    if (!match) { console.error(`Business "${slug}" not found.`); process.exit(1); }
     businessId = match.id;
     workspaceId = match.workspace_id;
     businessName = match.name;
     resolvedSlug = match.slug;
-
-    businesses[slug] = {
-      business_id: businessId,
-      workspace_id: workspaceId,
-      name: businessName,
-      slug: match.slug,
-      added_at: new Date().toISOString(),
-    };
+    businesses[slug] = { business_id: businessId, workspace_id: workspaceId, name: businessName, slug: match.slug, added_at: new Date().toISOString() };
     saveBusinesses(businesses);
+  } else if (businesses[slug]) {
+    businessId = businesses[slug].business_id;
+    workspaceId = businesses[slug].workspace_id;
+    businessName = businesses[slug].name || slug;
+    resolvedSlug = businesses[slug].slug || slug;
+  } else {
+    console.error(`Failed to reach API and no cached business for "${slug}".`);
+    process.exit(1);
   }
 
-  if (!workspaceId) {
-    console.error(`Business "${slug}" has no workspace.`);
-    process.exit(1);
+  if (!workspaceId) { console.error(`Business "${slug}" has no workspace.`); process.exit(1); }
+
+  // Auto-wake the EC2 computer if --auto-wake is set, otherwise check status and warn.
+  // Without this, push silently routes to agent_files cache when computer is asleep
+  // (the silent fallback footgun from tonight's debugging).
+  const autoWake = process.argv.includes('--auto-wake');
+  if (autoWake) {
+    const statusResult = await apiRequestJson(`/business/${businessId}/ai-computer/status`, { method: 'GET', token: creds.token });
+    const computerStatus = statusResult.ok && statusResult.data ? statusResult.data.status : 'unknown';
+    if (computerStatus !== 'running' || !(statusResult.data && statusResult.data.endpoint)) {
+      process.stdout.write('  Waking EC2 computer... ');
+      await apiRequestJson(`/business/${businessId}/ai-computer/wake`, { method: 'POST', token: creds.token });
+      const wakeStart = Date.now();
+      while (Date.now() - wakeStart < 90000) {
+        await new Promise((r) => setTimeout(r, 3000));
+        const s = await apiRequestJson(`/business/${businessId}/ai-computer/status`, { method: 'GET', token: creds.token });
+        if (s.ok && s.data && s.data.status === 'running' && s.data.endpoint) {
+          const elapsed = Math.floor((Date.now() - wakeStart) / 1000);
+          console.log(`awake (${elapsed}s)`);
+          break;
+        }
+      }
+    }
   }
 
-  // Load manifest (last sync state)
+  // Load manifest and compute local hashes
   const manifest = loadManifest(resolvedSlug || slug);
-
-  // Compute local file hashes
   const localFiles = computeLocalHashes(sourceDir);
 
   if (Object.keys(localFiles).length === 0) {
@@ -149,226 +137,275 @@ async function pushAtris() {
     return;
   }
 
-  // Get remote snapshot for three-way compare
   console.log('');
   console.log(`Pushing to ${businessName}...`);
 
-  // Loading indicator
-  const startTime = Date.now();
-  const spinner = ['|', '/', '-', '\\'];
-  let spinIdx = 0;
-  const loading = setInterval(() => {
-    const elapsed = Math.floor((Date.now() - startTime) / 1000);
-    process.stdout.write(`\r  Comparing with remote... ${spinner[spinIdx++ % 4]} ${elapsed}s`);
-  }, 250);
-
-  const snapshotResult = await apiRequestJson(
-    `/businesses/${businessId}/workspaces/${workspaceId}/snapshot?include_content=true`,
-    { method: 'GET', token: creds.token, timeoutMs: 300000 }
-  );
-
-  clearInterval(loading);
-  const totalSec = Math.floor((Date.now() - startTime) / 1000);
-  process.stdout.write(`\r  Compared in ${totalSec}s.${' '.repeat(20)}\n`);
-
-  let remoteFiles = {};
-  const remoteContent = {};  // for section merge
-  if (snapshotResult.ok && snapshotResult.data && snapshotResult.data.files) {
-    for (const file of snapshotResult.data.files) {
-      if (file.path && !file.binary && file.content != null) {
-        const rawBytes = Buffer.from(file.content, 'utf-8');
-        const hash = require('crypto').createHash('sha256').update(rawBytes).digest('hex');
-        remoteFiles[file.path] = { hash, size: rawBytes.length };
-        remoteContent[file.path] = file.content;
+  // ───────────────────────────────────────────────────────────────────
+  // FRESHNESS CHECK — pull-before-push enforcement.
+  // ───────────────────────────────────────────────────────────────────
+  // Compare cloud's current state to our local manifest. If cloud has any
+  // file the manifest doesn't know about, OR a file with a different hash
+  // than what we last pulled, the user is out of date and MUST pull first.
+  // This prevents stale local state from clobbering fresh cloud changes —
+  // the "lagging version push" footgun. Use --force to bypass (e.g., for
+  // genuine local-canonical pushes like align --hard).
+  if (!force) {
+    process.stdout.write('  Checking cloud freshness... ');
+    const snapshotResult = await apiRequestJson(
+      `/business/${businessId}/workspaces/${workspaceId}/snapshot?include_content=false`,
+      { method: 'GET', token: creds.token, timeoutMs: 60000 }
+    );
+    if (snapshotResult.ok && snapshotResult.data && Array.isArray(snapshotResult.data.files)) {
+      const cloudHashes = {};
+      for (const f of snapshotResult.data.files) {
+        if (f.path && f.hash) cloudHashes[f.path] = f.hash;
+      }
+      const manifestFiles = (manifest && manifest.files) || {};
+      const driftFiles = [];
+      // Direction 1: cloud has files the manifest doesn't know about, OR
+      // cloud's hash differs from what we last pulled (someone changed it).
+      for (const [p, hash] of Object.entries(cloudHashes)) {
+        // Apply --only filter to drift detection too: if user is scoping the
+        // push to a subtree, only block on drift inside that subtree.
+        if (onlyPrefixes && !onlyPrefixes.some((pref) => p.startsWith(pref))) continue;
+        const manifestEntry = manifestFiles[p];
+        if (!manifestEntry || manifestEntry.hash !== hash) {
+          driftFiles.push(p);
+        }
+      }
+      // Direction 2: manifest has files the cloud no longer has (someone
+      // deleted them). Without this check, we'd silently re-push deleted
+      // files on the next push, undoing the deletion.
+      //
+      // CAVEAT: the warm runner's snapshot endpoint deliberately hides certain
+      // basenames (CLAUDE.md, .* dotfiles, node_modules, __pycache__, .git) —
+      // see ecs_warm_runner.py _snapshot_dir. They CAN exist on cloud but
+      // never appear in cloudHashes. Skip them in the missing-side check or
+      // every CLAUDE.md push will be flagged as drift forever.
+      const SERVER_HIDDEN_BASENAMES = new Set(['CLAUDE.md']);
+      const cloudPathSet = new Set(Object.keys(cloudHashes));
+      for (const p of Object.keys(manifestFiles)) {
+        if (onlyPrefixes && !onlyPrefixes.some((pref) => p.startsWith(pref))) continue;
+        const idx = p.lastIndexOf('/');
+        const base = idx === -1 ? p : p.slice(idx + 1);
+        if (SERVER_HIDDEN_BASENAMES.has(base)) continue;
+        if (!cloudPathSet.has(p)) {
+          driftFiles.push(p);
+        }
+      }
+      if (driftFiles.length > 0) {
+        console.log(`drift detected (${driftFiles.length} file${driftFiles.length === 1 ? '' : 's'})`);
+        console.log('');
+        console.log(`  ✗ Cloud has changed since your last pull. Refusing to push stale state.`);
+        console.log('');
+        console.log('    Files that differ on cloud:');
+        driftFiles.slice(0, 8).forEach((p) => console.log(`      ~ ${p.replace(/^\//, '')}`));
+        if (driftFiles.length > 8) console.log(`      ... +${driftFiles.length - 8} more`);
+        console.log('');
+        console.log('    Run `atris pull` first, then push your changes.');
+        console.log('    To override (force-push, may clobber cloud edits): atris push --force');
+        process.exit(1);
       }
+      console.log('fresh');
+    } else {
+      // Snapshot fetch failed — fail closed. The whole point of the freshness
+      // check is to prevent accidental stale pushes; if we can't verify cloud
+      // state, we don't push. Use --force to bypass when you know what you're
+      // doing (e.g., the workspace is genuinely unhealthy and you have a clean
+      // local copy you need to recover from).
+      console.log(`failed (status ${snapshotResult.status || 'unknown'})`);
+      console.log('');
+      console.log('  ✗ Could not verify cloud freshness. Refusing to push.');
+      console.log('    The workspace may be unreachable or the snapshot endpoint is broken.');
+      console.log('    To bypass and force-push anyway: atris push --force');
+      process.exit(1);
     }
   }
 
-  // Three-way compare
-  const diff = threeWayCompare(localFiles, remoteFiles, manifest);
-
-  // Check if user is a member (not owner) — if so, filter to allowed paths
-  // Members can only push to /team/{name}/ and /journal/
-  let skippedPermission = [];
-  const role = snapshotResult.data?._role; // not available from snapshot, so we try the push and handle 403
-
-  // Determine what to push
+  // Compare local hashes to manifest — NO server call needed
+  // Files where local hash differs from manifest = changed locally
+  const baseFiles = (manifest && manifest.files) ? manifest.files : {};
   const filesToPush = [];
-
-  // Apply --only filter
-  const matchesOnly = (filePath) => {
-    if (!onlyPrefixes) return true;
-    return onlyPrefixes.some(prefix => filePath.startsWith(prefix));
-  };
-
-  // Files we changed that remote didn't
-  for (const p of [...diff.toPush, ...diff.newLocal]) {
-    if (!matchesOnly(p)) continue;
-    const localPath = path.join(sourceDir, p.replace(/^\//, ''));
-    try {
-      const content = fs.readFileSync(localPath, 'utf8');
-      filesToPush.push({ path: p, content });
-    } catch {
-      // skip
+  const deletedPaths = [];
+
+  for (const [filePath, fileInfo] of Object.entries(localFiles)) {
+    if (onlyPrefixes && !onlyPrefixes.some(p => filePath.startsWith(p))) continue;
+    const baseHash = baseFiles[filePath] ? baseFiles[filePath].hash : null;
+    if (!baseHash || fileInfo.hash !== baseHash) {
+      // Changed or new — push it
+      const localPath = path.join(sourceDir, filePath.replace(/^\//, ''));
+      try {
+        const content = fs.readFileSync(localPath, 'utf8');
+        filesToPush.push({ path: filePath, content });
+      } catch {}
     }
   }
 
-  // Handle conflicts: try section-level merge first, then force, then flag
-  const conflictPaths = [];
-  const mergedPaths = [];
-  for (const p of diff.conflicts) {
-    const localPath = path.join(sourceDir, p.replace(/^\//, ''));
-    let localContent;
-    try { localContent = fs.readFileSync(localPath, 'utf8'); } catch { continue; }
-
-    if (force) {
-      filesToPush.push({ path: p, content: localContent });
-      continue;
+  for (const filePath of Object.keys(baseFiles)) {
+    if (onlyPrefixes && !onlyPrefixes.some(p => filePath.startsWith(p))) continue;
+    if (!localFiles[filePath]) {
+      deletedPaths.push(filePath);
     }
+  }
 
-    // Try section-level merge (only for .md files)
-    if (p.endsWith('.md') && remoteContent[p] && manifest && manifest.files && manifest.files[p]) {
-      // Get base content: we need what the file looked like at last sync.
-      // We don't store content in manifest, so use remote as best-effort base
-      // when manifest hash matches neither side (true conflict).
-      // For now, attempt merge with remote content and see if sections differ.
-      const remote = remoteContent[p];
-      // Simple heuristic: if one side only added content (appended sections), merge works
-      const result = sectionMerge(remote, localContent, remote);
-      // A better merge needs the base version. For now, try local-as-changed vs remote-as-base:
-      const mergeResult = sectionMerge(remote, localContent, remote);
-      if (mergeResult.merged && mergeResult.conflicts.length === 0 && mergeResult.merged !== remote) {
-        filesToPush.push({ path: p, content: mergeResult.merged });
-        mergedPaths.push(p);
-        continue;
-      }
-    }
+  const filteredLocalCount = Object.keys(localFiles).filter(filePath => {
+    if (!onlyPrefixes) return true;
+    return onlyPrefixes.some(prefix => filePath.startsWith(prefix));
+  }).length;
+  const unchangedCount = Math.max(0, filteredLocalCount - filesToPush.length);
 
-    conflictPaths.push(p);
+  if (filesToPush.length === 0 && deletedPaths.length === 0) {
+    console.log('\n  Already up to date.\n');
+    return;
   }
 
-  console.log('');
-
-  if (filesToPush.length === 0 && conflictPaths.length === 0) {
-    console.log('  Already up to date.');
+  // Dry run — show what would be pushed without pushing
+  if (dryRun) {
     console.log('');
+    for (const f of filesToPush) {
+      const isNew = !baseFiles[f.path];
+      console.log(`  ${isNew ? '+' : '\u2191'} ${f.path.replace(/^\//, '')}  ${isNew ? 'new file' : 'updated'}  (dry run)`);
+    }
+    for (const filePath of deletedPaths) {
+      console.log(`  x ${filePath.replace(/^\//, '')}  deleted  (dry run)`);
+    }
+    const parts = [];
+    if (filesToPush.length > 0) parts.push(`${filesToPush.length} would be pushed`);
+    if (deletedPaths.length > 0) parts.push(`${deletedPaths.length} would be deleted`);
+    if (unchangedCount > 0) parts.push(`${unchangedCount} unchanged`);
+    console.log(`\n  ${parts.join(', ')}. (--dry-run, nothing sent)\n`);
     return;
   }
 
-  // Push the files
   let pushed = 0;
+  let deleted = 0;
+  let skipped = [];
+  let result = { ok: true };
+
   if (filesToPush.length > 0) {
-    const result = await apiRequestJson(
-      `/businesses/${businessId}/workspaces/${workspaceId}/sync`,
-      {
-        method: 'POST',
-        token: creds.token,
-        body: { files: filesToPush },
-        headers: { 'X-Atris-Actor-Source': 'cli' },
-      }
+    // Push files to server
+    result = await apiRequestJson(
+      `/business/${businessId}/workspaces/${workspaceId}/sync`,
+      { method: 'POST', token: creds.token, body: { files: filesToPush }, headers: { 'X-Atris-Actor-Source': 'cli' } }
     );
 
     if (!result.ok) {
-      const msg = result.errorMessage || result.error || `HTTP ${result.status}`;
-      if (result.status === 409) {
-        console.error(`  Computer is sleeping. Wake it first, then push.`);
-      } else if (result.status === 403) {
-        // Member scoping — retry with only team/ and journal/ files
-        const memberFiles = filesToPush.filter(f => f.path.startsWith('/team/') || f.path.startsWith('/journal/'));
-        const blockedFiles = filesToPush.filter(f => !f.path.startsWith('/team/') && !f.path.startsWith('/journal/'));
-        if (memberFiles.length > 0 && blockedFiles.length > 0) {
-          console.log(`  You're a member — retrying with your team files only...`);
-          if (blockedFiles.length > 0) {
-            console.log(`  Skipped (no permission): ${blockedFiles.map(f => f.path.replace(/^\//, '')).join(', ')}`);
-          }
+      if (result.status === 403) {
+        // Permission denied — retry with only team/ and journal/ files
+        const allowed = filesToPush.filter(f => f.path.startsWith('/team/') || f.path.startsWith('/journal/'));
+        skipped = filesToPush.filter(f => !f.path.startsWith('/team/') && !f.path.startsWith('/journal/'));
+
+        if (allowed.length > 0) {
           const retry = await apiRequestJson(
-            `/businesses/${businessId}/workspaces/${workspaceId}/sync`,
-            { method: 'POST', token: creds.token, body: { files: memberFiles }, headers: { 'X-Atris-Actor-Source': 'cli' } }
+            `/business/${businessId}/workspaces/${workspaceId}/sync`,
+            { method: 'POST', token: creds.token, body: { files: allowed }, headers: { 'X-Atris-Actor-Source': 'cli' } }
           );
           if (retry.ok) {
-            for (const f of memberFiles) {
-              console.log(`  \u2191 ${f.path.replace(/^\//, '')}  pushed`);
-              pushed++;
-            }
+            pushed = allowed.length;
           } else {
-            console.error(`  Push failed after retry: ${retry.errorMessage || retry.error || retry.status}`);
+            console.error(`\n  Push failed: ${retry.errorMessage || retry.error || retry.status}`);
             process.exit(1);
           }
         } else {
-          console.error(`  Access denied: you can only push to your own team/ folder.`);
-          if (blockedFiles.length > 0) {
-            console.error(`  Blocked: ${blockedFiles.map(f => f.path.replace(/^\//, '')).join(', ')}`);
-          }
+          console.error('\n  Access denied: you can only push to your team/ folder.');
           process.exit(1);
         }
+      } else if (result.status === 409) {
+        console.error('\n  Computer is sleeping. Wake it first.');
+        process.exit(1);
       } else {
-        console.error(`  Push failed: ${msg}`);
+        console.error(`\n  Push failed: ${result.errorMessage || result.error || result.status}`);
+        process.exit(1);
       }
-      process.exit(1);
+    } else {
+      pushed = filesToPush.length;
     }
+  }
 
-    // Display results
-    for (const p of diff.toPush) {
-      console.log(`  \u2191 ${p.replace(/^\//, '')}  pushing your changes`);
-      pushed++;
+  // Delete loop — throttled, 429-aware, tracks per-file success/failure.
+  // Earlier bug: bulk deletes hit rate limit (60/min default) at request 60,
+  // then process.exit'd, leaving partial state and a manifest that thought
+  // everything was deleted. New behavior:
+  //   - 600ms throttle between deletes (≈100/min, safe under default rate limit)
+  //   - 429 → wait 20s, retry once
+  //   - 404 → counted as success (file already gone)
+  //   - other failures → collected, reported at end, do NOT exit
+  //   - manifest update only counts confirmed-deleted paths
+  const deletedConfirmed = [];
+  const deleteFailed = [];
+  for (let i = 0; i < deletedPaths.length; i++) {
+    const filePath = deletedPaths[i];
+    if (i > 0) {
+      // sleep 600ms between deletes
+      await new Promise((r) => setTimeout(r, 600));
     }
-    for (const p of diff.newLocal) {
-      console.log(`  + ${p.replace(/^\//, '')}  new file`);
-      pushed++;
+    let deleteResult = await apiRequestJson(
+      `/business/${businessId}/workspaces/${workspaceId}/file?path=${encodeURIComponent(filePath)}`,
+      { method: 'DELETE', token: creds.token }
+    );
+    if (deleteResult.status === 429) {
+      // Rate limit — wait 20s, retry once
+      await new Promise((r) => setTimeout(r, 20000));
+      deleteResult = await apiRequestJson(
+        `/business/${businessId}/workspaces/${workspaceId}/file?path=${encodeURIComponent(filePath)}`,
+        { method: 'DELETE', token: creds.token }
+      );
     }
-    if (force) {
-      for (const p of diff.conflicts) {
-        console.log(`  ! ${p.replace(/^\//, '')}  overwritten (--force)`);
-        pushed++;
-      }
+    if (deleteResult.ok || deleteResult.status === 404) {
+      deletedConfirmed.push(filePath);
+      deleted++;
+    } else {
+      deleteFailed.push({ path: filePath, status: deleteResult.status, error: deleteResult.error });
     }
-    for (const p of mergedPaths) {
-      console.log(`  \u2194 ${p.replace(/^\//, '')}  auto-merged (different sections)`);
-      pushed++;
+    // Show progress for large batches
+    if (deletedPaths.length > 20 && (i + 1) % 20 === 0) {
+      console.log(`  [delete ${i + 1}/${deletedPaths.length}] ${deletedConfirmed.length} ok, ${deleteFailed.length} failed`);
     }
   }
-
-  // Show conflicts
-  for (const p of conflictPaths) {
-    console.log(`  \u26A0 ${p.replace(/^\//, '')}  CONFLICT \u2014 skipped (use --force to override)`);
+  if (deleteFailed.length > 0) {
+    console.log('');
+    console.log(`  ⚠ ${deleteFailed.length} delete(s) failed (NOT marked as deleted in manifest):`);
+    deleteFailed.slice(0, 10).forEach((f) => console.log(`    ${f.status} ${f.path.replace(/^\//, '')}`));
+    if (deleteFailed.length > 10) console.log(`    ... +${deleteFailed.length - 10} more`);
   }
 
-  // Show unchanged
-  if (diff.unchanged.length > 0) {
-    // Don't list them all, just count
+  // Display results
+  console.log('');
+  for (const f of filesToPush) {
+    if (skipped.includes(f)) continue;
+    const isNew = !baseFiles[f.path];
+    console.log(`  ${isNew ? '+' : '\u2191'} ${f.path.replace(/^\//, '')}  ${isNew ? 'new file' : 'updated'}`);
+  }
+  for (const f of skipped) {
+    console.log(`  - ${f.path.replace(/^\//, '')}  skipped (no permission)`);
+  }
+  // Only print confirmed deletes (not failed ones — they were reported above)
+  for (const filePath of deletedConfirmed) {
+    console.log(`  x ${filePath.replace(/^\//, '')}  deleted`);
   }
 
   // Summary
   console.log('');
   const parts = [];
   if (pushed > 0) parts.push(`${pushed} pushed`);
-  if (diff.unchanged.length > 0) parts.push(`${diff.unchanged.length} unchanged`);
-  if (conflictPaths.length > 0) parts.push(`${conflictPaths.length} conflict${conflictPaths.length > 1 ? 's' : ''}`);
-  if (parts.length > 0) console.log(`  ${parts.join(', ')}.`);
-
-  // Get commit hash after push
-  let commitHash = null;
-  try {
-    const headResult = await apiRequestJson(
-      `/businesses/${businessId}/workspaces/${workspaceId}/git/head`,
-      { method: 'GET', token: creds.token }
-    );
-    if (headResult.ok && headResult.data && headResult.data.commit) {
-      commitHash = headResult.data.commit;
+  if (deleted > 0) parts.push(`${deleted} deleted`);
+  if (deleteFailed.length > 0) parts.push(`${deleteFailed.length} delete failed`);
+  if (unchangedCount > 0) parts.push(`${unchangedCount} unchanged`);
+  if (skipped.length > 0) parts.push(`${skipped.length} skipped`);
+  console.log(`  ${parts.join(', ')}.`);
+
+  // Update manifest — mark pushed files with their new hash, drop ONLY confirmed deletes.
+  // Failed deletes stay in the manifest so the next push will retry them.
+  const updatedFiles = { ...baseFiles };
+  for (const f of filesToPush) {
+    if (!skipped.includes(f)) {
+      updatedFiles[f.path] = localFiles[f.path];
     }
-  } catch {
-    // Git might not be initialized yet
   }
-
-  // Update manifest with new state (merge local + remote)
-  const mergedFiles = { ...remoteFiles };
-  for (const p of Object.keys(localFiles)) {
-    if (filesToPush.some(f => f.path === p)) {
-      mergedFiles[p] = localFiles[p]; // we pushed this, so our hash is now the truth
-    }
+  for (const filePath of deletedConfirmed) {
+    delete updatedFiles[filePath];
   }
-  const newManifest = buildManifest(mergedFiles, commitHash);
-  saveManifest(resolvedSlug || slug, newManifest);
+  saveManifest(resolvedSlug || slug, buildManifest(updatedFiles, null));
 }
 
 module.exports = { pushAtris };