fraim-framework 2.0.162 → 2.0.164

package/dist/src/ai-hub/desktop-main.js

@@ -273,7 +273,10 @@ async function bootstrap() {
     const options = parseArgs(process.argv.slice(2));
     // Single-instance lock — if another instance is already running, focus it
     // and exit rather than spawning a second server + window.
-    const gotLock = electron_1.app.requestSingleInstanceLock();
+    // Skip when FRAIM_AI_HUB_FAKE_HOST=1 (test mode) so Playwright can launch
+    // a test instance alongside the real desktop app without the lock killing it.
+    const skipSingleInstance = process.env.FRAIM_AI_HUB_FAKE_HOST === '1';
+    const gotLock = skipSingleInstance || electron_1.app.requestSingleInstanceLock();
     if (!gotLock) {
         electron_1.app.quit();
         return;

package/dist/src/ai-hub/hosts.js

@@ -319,7 +319,13 @@ const EMPLOYEE_LABELS = {
     codex: 'Codex',
     claude: 'Claude Code',
     gemini: 'Gemini CLI',
+    copilot: 'GitHub Copilot CLI',
 };
+// GitHub Copilot CLI binary name after `npm install -g @github/copilot`.
+// The @github/copilot package installs a binary named `copilot` on PATH.
+// Note: the package name is @github/copilot (NOT @github/copilot-cli which
+// does not exist on npm). The binary is `copilot` (NOT `github-copilot-cli`).
+const COPILOT_BINARY = 'copilot';
 const executableName = (command) => command;
 function quoteWindowsArg(value) {
     if (value.length === 0) {
@@ -348,9 +354,15 @@ const availableByVersionProbe = (command) => {
     });
     return result.status === 0;
 };
+// Resolve the binary name for each agent tool.
+function agentBinaryName(id) {
+    if (id === 'copilot')
+        return COPILOT_BINARY;
+    return executableName(id);
+}
 function detectEmployees() {
     return Object.keys(EMPLOYEE_LABELS).map((id) => {
-        const available = availableByVersionProbe(executableName(id));
+        const available = availableByVersionProbe(agentBinaryName(id));
         return {
             id,
             label: EMPLOYEE_LABELS[id],
@@ -424,17 +436,10 @@ function machineLevelStorageGuard(jobId) {
             '- If the exact machine-level paths cannot be written, fail the phase and report the concrete filesystem error.',
         ].join('\n');
     }
-    if (normalized === 'organization-onboarding') {
-        const orgContext = path_1.default.join(userFraim, 'personalized-employee', 'context', 'org_context.md');
-        const orgRules = path_1.default.join(userFraim, 'personalized-employee', 'rules', 'org_rules.md');
-        return [
-            'Storage scope guardrail:',
-            '- Organization onboarding artifacts are machine-level, not repo-level.',
-            `- Required write targets: ${orgContext} and ${orgRules}.`,
-            '- Do not write, validate, call canonical, commit, or open a PR for repo-local fraim/personalized-employee/context/org_context.md or fraim/personalized-employee/rules/org_rules.md as substitutes.',
-            '- If the exact machine-level paths cannot be written, fail the phase and report the concrete filesystem error.',
-        ].join('\n');
-    }
+    // organization-onboarding intentionally has no guardrail here: the job's
+    // submit phase is backend-aware and owns the write-path procedure (git PR /
+    // cloud publish / machine-level fallback), so duplicating it in runtime
+    // prompt text would be redundant (issue #563 review).
     return null;
 }
 // If ~/.gemini/settings.json has a wrong/test FRAIM_API_KEY, patch it with the
@@ -560,6 +565,15 @@ function sharedBrowserHostConfig(hostId, env = process.env) {
         }
         return { args: [], env: { GEMINI_CLI_SYSTEM_SETTINGS_PATH: file } };
     }
+    if (hostId === 'copilot') {
+        // GitHub Copilot CLI does not yet publish a documented per-invocation
+        // settings-file env var analogous to GEMINI_CLI_SYSTEM_SETTINGS_PATH.
+        // If one is discovered in a future release, write the ephemeral file here
+        // and return { args: [], env: { <COPILOT_SETTINGS_ENV_VAR>: file } }.
+        // Until then, return the Option-B no-op per spec R5.2 — the Hub's
+        // start-payload builder will inject a browser-guidance note instead.
+        return { args: [] };
+    }
     return { args: [] };
 }
 function buildStartPlan(hostId, message, sessionId) {
@@ -586,6 +600,22 @@ function buildStartPlan(hostId, message, sessionId) {
             env: browser.env,
         };
     }
+    if (hostId === 'copilot') {
+        // GitHub Copilot CLI headless invocation.
+        // --yolo auto-approves all tool permissions (analogous to
+        // --dangerously-skip-permissions for Claude Code). The task is provided
+        // via stdin; -p/--prompt requires inline text which is cumbersome for
+        // multi-line FRAIM instructions. The session id is self-assigned by the
+        // binary on first run; Hub captures it from the stream output
+        // (parseHostLine 'copilot' branch).
+        const browser = sharedBrowserHostConfig('copilot');
+        return {
+            command: COPILOT_BINARY,
+            args: ['--yolo', ...browser.args],
+            stdin: transformHeadlessFraimMessage(message, 'start'),
+            env: browser.env,
+        };
+    }
     const browser = sharedBrowserHostConfig('claude');
     return {
         command: executableName('claude'),
@@ -615,6 +645,17 @@ function buildContinuePlan(hostId, sessionId, message) {
             env: browser.env,
         };
     }
+    if (hostId === 'copilot') {
+        // Resume an existing GitHub Copilot CLI session.
+        // --resume <sessionId> accepts the session id returned on the first run.
+        const browser = sharedBrowserHostConfig('copilot');
+        return {
+            command: COPILOT_BINARY,
+            args: ['--yolo', '--resume', sessionId, ...browser.args],
+            stdin: transformHeadlessFraimMessage(message, 'continue'),
+            env: browser.env,
+        };
+    }
     const browser = sharedBrowserHostConfig('claude');
     return {
         command: executableName('claude'),
@@ -666,6 +707,14 @@ function buildDirectStartPlan(hostId, message, sessionId) {
             stdin: DIRECT_PREAMBLE + message,
         };
     }
+    if (hostId === 'copilot') {
+        // Direct (A/B) mode for Copilot: headless, no FRAIM MCP wiring.
+        return {
+            command: COPILOT_BINARY,
+            args: ['--yolo'],
+            stdin: DIRECT_PREAMBLE + message,
+        };
+    }
     return {
         command: executableName('claude'),
         args: [
@@ -696,6 +745,14 @@ function buildDirectContinuePlan(hostId, sessionId, message) {
             stdin: DIRECT_PREAMBLE + message,
         };
     }
+    if (hostId === 'copilot') {
+        // Direct continue mode for Copilot: resume session, no FRAIM MCP wiring.
+        return {
+            command: COPILOT_BINARY,
+            args: ['--yolo', '--resume', sessionId],
+            stdin: DIRECT_PREAMBLE + message,
+        };
+    }
     return {
         command: executableName('claude'),
         args: [
@@ -764,6 +821,32 @@ function parseHostLine(hostId, line) {
             return withSignal({ message: trimmed, raw: trimmed });
         }
     }
+    // GitHub Copilot CLI output: JSON stream where each event carries a `type`
+    // field. Known event shapes (from the agentic CLI stream):
+    //   { "type": "session.started", "session_id": "..." }  — session id
+    //   { "type": "message", "role": "assistant", "content": "..." }  — reply text
+    //   { "type": "turn.completed", "usage": { ... } }  — token usage (same shape as Codex)
+    // For any JSON event not matching the above, signal scanning (seekMentoring,
+    // agent identity) still runs because withSignal is applied to every parsed result.
+    // Non-JSON lines from Copilot are treated as plain-text employee messages.
+    if (hostId === 'copilot') {
+        try {
+            const parsed = JSON.parse(trimmed);
+            if (parsed.type === 'session.started' && typeof parsed.session_id === 'string' && parsed.session_id.length > 0) {
+                return withSignal({ sessionId: parsed.session_id, raw: trimmed });
+            }
+            if (parsed.type === 'message' && parsed.role === 'assistant' && typeof parsed.content === 'string') {
+                return withSignal({ message: parsed.content, raw: trimmed });
+            }
+            // All other JSON events: apply signal scanning and surface as raw.
+            return withSignal({ raw: trimmed });
+        }
+        catch {
+            // Non-JSON line from Copilot: treat as a plain-text employee message,
+            // same pattern as Gemini CLI's non-JSON output.
+            return withSignal({ message: trimmed, raw: trimmed });
+        }
+    }
     try {
         const parsed = JSON.parse(trimmed);
         if (parsed.type === 'system' && parsed.session_id) {
@@ -950,6 +1033,7 @@ class FakeHostRuntime {
             { id: 'codex', label: 'Codex', available: true, detail: 'Test double employee.', supportsRaw: true },
             { id: 'claude', label: 'Claude Code', available: true, detail: 'Test double employee.', supportsRaw: true },
             { id: 'gemini', label: 'Gemini CLI', available: true, detail: 'Test double employee.', supportsRaw: true },
+            { id: 'copilot', label: 'GitHub Copilot CLI', available: true, detail: 'Test double agent tool.', supportsRaw: true },
         ];
     }
     detectEmployees() {
@@ -1032,6 +1116,7 @@ class ScriptedHostRuntime {
             { id: 'codex', label: 'Codex', available: true, detail: 'Scripted test double.', supportsRaw: true },
             { id: 'claude', label: 'Claude Code', available: true, detail: 'Scripted test double.', supportsRaw: true },
             { id: 'gemini', label: 'Gemini CLI', available: true, detail: 'Scripted test double.', supportsRaw: true },
+            { id: 'copilot', label: 'GitHub Copilot CLI', available: true, detail: 'Scripted test double.', supportsRaw: true },
         ];
         // Track each active run so the test can emit signals at it. Key is the
         // sessionId we hand back on startRun; mapping sessionId → handlers

package/dist/src/ai-hub/preferences.js

@@ -29,7 +29,7 @@ class AiHubPreferencesStore {
             const raw = JSON.parse(fs_1.default.readFileSync(this.stateFilePath, 'utf8'));
             return {
                 projectPath: raw.projectPath || projectPath,
-                employeeId: (raw.employeeId === 'claude' || raw.employeeId === 'codex') ? raw.employeeId : DEFAULT_EMPLOYEE,
+                employeeId: (raw.employeeId === 'claude' || raw.employeeId === 'codex' || raw.employeeId === 'gemini' || raw.employeeId === 'copilot') ? raw.employeeId : DEFAULT_EMPLOYEE,
                 categoryId: typeof raw.categoryId === 'string' && raw.categoryId.length > 0 ? raw.categoryId : DEFAULT_CATEGORY,
                 recentJobIds: Array.isArray(raw.recentJobIds) ? raw.recentJobIds.filter((value) => typeof value === 'string') : [],
                 recentJobInstructions: (typeof raw.recentJobInstructions === 'object' && raw.recentJobInstructions !== null && !Array.isArray(raw.recentJobInstructions))

package/dist/src/ai-hub/server.js

@@ -50,30 +50,7 @@ const https_1 = __importDefault(require("https"));
 const types_1 = require("../first-run/types");
 const learning_context_builder_1 = require("../local-mcp-server/learning-context-builder");
 const project_fraim_paths_1 = require("../core/utils/project-fraim-paths");
-const PERSONA_AVATAR_SEEDS = {
-    maestro: { seed: 'MAESTRO-founder-mode', bg: 'fde68a' },
-    beza: { seed: 'BEZA-strategist', bg: 'c7d2fe' },
-    pam: { seed: 'PAM-product', bg: 'ddd6fe' },
-    swen: { seed: 'SWEN-engineer', bg: 'bfdbfe' },
-    qasm: { seed: 'QASM-quality', bg: 'a7f3d0' },
-    huxley: { seed: 'HUXLEY-design', bg: 'fbcfe8' },
-    gautam: { seed: 'Gautam-marketing', bg: 'fed7aa' },
-    cela: { seed: 'CELA-legal', bg: 'cbd5e1' },
-    sekhar: { seed: 'SEKHAR-security', bg: 'fecaca' },
-    ashley: { seed: 'Ashley-assistant', bg: 'fde68a' },
-    mandy: { seed: 'MANDY-manager', bg: 'ede9fe' },
-    hari: { seed: 'HARI-hr', bg: 'ccfbf1' },
-    careena: { seed: 'CAREENA-career-coach', bg: 'e0f2fe' },
-    ricardo: { seed: 'RICARDO-recruiter', bg: 'ede9fe' },
-    sade: { seed: 'SADE-salesforce-dev', bg: 'bae6fd' },
-    sam: { seed: 'SAM-sales-manager', bg: 'bbf7d0' },
-    casey: { seed: 'CASEY-customer-cx', bg: 'fecdd3' },
-};
-function buildPersonaAvatarUrl(personaKey) {
-    const data = PERSONA_AVATAR_SEEDS[personaKey] ?? { seed: personaKey, bg: 'f1f5f9' };
-    const params = new URLSearchParams({ seed: data.seed, backgroundColor: data.bg, radius: '50' });
-    return `https://api.dicebear.com/9.x/notionists/svg?${params.toString()}`;
-}
+const persona_hiring_1 = require("../config/persona-hiring");
 const catalog_1 = require("./catalog");
 const agent_token_prices_1 = require("../local-mcp-server/agent-token-prices");
 const hosts_1 = require("./hosts");
@@ -516,6 +493,7 @@ const HUB_TO_FIRST_RUN_ID = {
     claude: 'claude-code',
     codex: 'codex',
     gemini: 'gemini-cli',
+    copilot: 'copilot-cli',
 };
 function hubAgentOption(hubId) {
     const frId = HUB_TO_FIRST_RUN_ID[hubId];
@@ -601,19 +579,41 @@ function resolveSafeArtifactPath(rawPath, projectPath) {
     return safeRoots.some((root) => pathWithin(root, resolved)) ? resolved : null;
 }
 function hubOpenFile(filePath) {
-    if (process.platform === 'win32') {
-        (0, child_process_1.spawn)('powershell.exe', ['-NoProfile', '-Command', 'Start-Process -LiteralPath $args[0]', filePath], {
-            detached: true,
-            stdio: 'ignore',
-            windowsHide: true,
-        }).unref();
-        return;
-    }
-    if (process.platform === 'darwin') {
-        (0, child_process_1.spawn)('open', [filePath], { detached: true, stdio: 'ignore' }).unref();
-        return;
-    }
-    (0, child_process_1.spawn)('xdg-open', [filePath], { detached: true, stdio: 'ignore' }).unref();
+    return new Promise((resolve, reject) => {
+        const args = process.platform === 'win32'
+            ? [
+                '-NoProfile',
+                '-ExecutionPolicy',
+                'Bypass',
+                '-Command',
+                '& { param($p) try { Invoke-Item -LiteralPath $p; exit 0 } catch { Write-Error $_; exit 1 } }',
+                filePath,
+            ]
+            : process.platform === 'darwin'
+                ? [filePath]
+                : [filePath];
+        const command = process.platform === 'win32'
+            ? 'powershell.exe'
+            : process.platform === 'darwin'
+                ? 'open'
+                : 'xdg-open';
+        const child = (0, child_process_1.spawn)(command, args, {
+            stdio: ['ignore', 'ignore', 'pipe'],
+            windowsHide: process.platform === 'win32',
+        });
+        let stderr = '';
+        child.stderr?.on('data', (chunk) => {
+            stderr += String(chunk);
+        });
+        child.on('error', reject);
+        child.on('close', (code) => {
+            if (code === 0) {
+                resolve();
+                return;
+            }
+            reject(new Error(stderr.trim() || `Open command failed with exit code ${code ?? 'unknown'}.`));
+        });
+    });
 }
 function buildManagedLoginCommand(command) {
     const managedPath = (0, managed_agent_paths_1.buildPathWithManagedAgentBins)(process.env.PATH);
@@ -1113,36 +1113,6 @@ class AiHubServer {
     // Lightweight markdown → .docx. Shared by the GET (file path) and POST (inline
     // content) export routes so a conversational deliverable with no on-disk file
     // can still be downloaded for Word annotation.
-    async markdownToDocxBuffer(md) {
-        const html = md
-            .replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;')
-            // headings
-            .replace(/^#### (.+)$/gm, '<h4>$1</h4>')
-            .replace(/^### (.+)$/gm, '<h3>$1</h3>')
-            .replace(/^## (.+)$/gm, '<h2>$1</h2>')
-            .replace(/^# (.+)$/gm, '<h1>$1</h1>')
-            // bold, italic, code
-            .replace(/\*\*(.+?)\*\*/g, '<strong>$1</strong>')
-            .replace(/\*(.+?)\*/g, '<em>$1</em>')
-            .replace(/`(.+?)`/g, '<code>$1</code>')
-            // unordered lists
-            .replace(/^[-*] (.+)$/gm, '<li>$1</li>')
-            // horizontal rules
-            .replace(/^---+$/gm, '<hr/>')
-            // paragraphs (double newlines)
-            .replace(/\n{2,}/g, '</p><p>')
-            .replace(/^/, '<p>')
-            .replace(/$/, '</p>')
-            // clean up list items into a ul
-            .replace(/(<li>.+<\/li>\n?)+/g, (m) => `<ul>${m}</ul>`);
-        // eslint-disable-next-line @typescript-eslint/no-var-requires
-        const htmlToDocx = require('html-to-docx');
-        return await htmlToDocx(`<html><body>${html}</body></html>`, null, {
-            table: { row: { cantSplit: true } },
-            footer: false,
-            pageNumber: false,
-        });
-    }
     prepareStartPayload(projectPath, hostId, selectedJobId, instructions) {
         const explicit = (0, manager_turns_1.extractExplicitFraimInvocation)(instructions);
         const resolvedJobId = explicit?.jobId || selectedJobId;
@@ -1201,7 +1171,7 @@ class AiHubServer {
             key: bundle.personaKey,
             displayName: bundle.catalogMetadata.displayName,
             role: bundle.catalogMetadata.role,
-            avatarUrl: buildPersonaAvatarUrl(bundle.personaKey),
+            avatarUrl: (0, persona_hiring_1.buildPersonaAvatarUrl)(bundle.personaKey),
             pricingLabel: bundle.catalogMetadata.pricingLabel,
             status: 'locked',
             hireUrl: buildHubPersonaHireUrl(bundle.personaKey, bundle.defaultHireMode),
@@ -1239,7 +1209,7 @@ class AiHubServer {
                 key: bundle.personaKey,
                 displayName: bundle.catalogMetadata.displayName,
                 role: bundle.catalogMetadata.role,
-                avatarUrl: buildPersonaAvatarUrl(bundle.personaKey),
+                avatarUrl: (0, persona_hiring_1.buildPersonaAvatarUrl)(bundle.personaKey),
                 pricingLabel: hiredKeys.has(bundle.personaKey) ? '' : bundle.catalogMetadata.pricingLabel,
                 status: (hiredKeys.has(bundle.personaKey) ? 'hired' : 'locked'),
                 hireUrl: buildHubPersonaHireUrl(bundle.personaKey, bundle.defaultHireMode),
@@ -1582,6 +1552,14 @@ class AiHubServer {
                 ? path_1.default.resolve(body.projectPath)
                 : this.projectPath;
             const loc = (0, learning_context_builder_1.resolveTeamContextFile)(projectPath, body.key);
+            if (loc.managedByOrgSync || !loc.writePath) {
+                // Enforcement only: block editing a synced org file (it would be
+                // overwritten on next sync). The how-to-change procedure lives in the
+                // organization-onboarding job, not in this error body (issue #563 review).
+                return res.status(409).json({
+                    error: 'This organization file is managed by org sync and is read-only here.'
+                });
+            }
             const dest = path_1.default.resolve(loc.writePath);
             // Path-traversal guard: the resolved destination must live under a
             // personalized-employee directory (covers both ~/.fraim/... and repo-local).
@@ -1599,59 +1577,7 @@ class AiHubServer {
             // Re-read so the client gets the canonical post-write state (present flips).
             return res.json(readContextFile(projectPath, body.key));
         });
-        // ── Issue #512 R7: Artifact export (md → docx) ──────────────────────────
-        // GET /api/ai-hub/artifact/export-docx?path=<abs-path-to-md>
-        // Converts a markdown file to .docx using html-to-docx and streams the result.
-        // The manager downloads it, annotates in Word, and saves it in place on disk
-        // (no upload). The agent then reads the comments + tracked changes via the
-        // `apply-docx-changes-to-md` skill (registry script extract-docx-edits.js)
-        // during the address-feedback phase.
-        this.app.get('/api/ai-hub/artifact/export-docx', async (req, res) => {
-            const rawPath = typeof req.query.path === 'string' ? req.query.path : '';
-            if (!rawPath)
-                return res.status(400).json({ error: 'path is required.' });
-            // Safety: path must be under the current workspace or a known safe root.
-            const resolved = resolveSafeArtifactPath(rawPath, this.projectPath);
-            if (!resolved)
-                return res.status(403).json({ error: 'Path outside allowed roots.' });
-            if (!fs_1.default.existsSync(resolved))
-                return res.status(404).json({ error: 'File not found.' });
-            try {
-                const md = fs_1.default.readFileSync(resolved, 'utf8');
-                const docxBuf = await this.markdownToDocxBuffer(md);
-                const basename = path_1.default.basename(resolved, path_1.default.extname(resolved));
-                res.setHeader('Content-Type', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document');
-                res.setHeader('Content-Disposition', `attachment; filename="${basename}.docx"`);
-                res.send(docxBuf);
-            }
-            catch (err) {
-                res.status(500).json({ error: err instanceof Error ? err.message : 'Export failed.' });
-            }
-        });
-        // POST /api/ai-hub/artifact/export-docx  { content, filename? }
-        // Converts inline markdown (the employee's conversational deliverable) to .docx
-        // when the run produced no on-disk file — e.g. an onboarding answer to an empty
-        // repo. Keeps the "annotate in Word" review flow working instead of erroring
-        // with "no local artifact path available".
-        this.app.post('/api/ai-hub/artifact/export-docx', async (req, res) => {
-            const content = typeof req.body?.content === 'string' ? req.body.content : '';
-            if (!content.trim())
-                return res.status(400).json({ error: 'content is required.' });
-            const rawName = typeof req.body?.filename === 'string' && req.body.filename.trim()
-                ? req.body.filename.trim()
-                : 'deliverable';
-            const safeName = rawName.replace(/[^a-zA-Z0-9._ -]/g, '').replace(/\.docx?$/i, '').slice(0, 80) || 'deliverable';
-            try {
-                const docxBuf = await this.markdownToDocxBuffer(content);
-                res.setHeader('Content-Type', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document');
-                res.setHeader('Content-Disposition', `attachment; filename="${safeName}.docx"`);
-                res.send(docxBuf);
-            }
-            catch (err) {
-                res.status(500).json({ error: err instanceof Error ? err.message : 'Export failed.' });
-            }
-        });
-        this.app.post('/api/ai-hub/artifact/open', (req, res) => {
+        this.app.post('/api/ai-hub/artifact/open', async (req, res) => {
             const rawPath = typeof req.body?.path === 'string' ? req.body.path : '';
             const projectPath = typeof req.body?.projectPath === 'string' && req.body.projectPath.length > 0
                 ? path_1.default.resolve(req.body.projectPath)
@@ -1664,7 +1590,7 @@ class AiHubServer {
             if (!fs_1.default.existsSync(resolved))
                 return res.status(404).json({ error: 'File not found.' });
             try {
-                hubOpenFile(resolved);
+                await hubOpenFile(resolved);
                 return res.json({ ok: true, path: resolved });
             }
             catch (err) {

package/dist/src/cli/commands/init-project.js

@@ -210,22 +210,23 @@ const runInitProject = async (options = {}) => {
                 if (!isMinimalConversationMode(preferredMode)) {
                     console.log(chalk_1.default.blue(`   Platform: ${formatPlatformLabel(detection.provider)}`));
                 }
-            }
-            if (!isMinimalConversationMode(preferredMode)) {
-                const repo = detection.repository;
-                if (repo.owner && repo.name) {
-                    console.log(chalk_1.default.gray(`   Repository: ${repo.owner}/${repo.name}`));
-                }
-                else if (repo.organization && repo.project && repo.name) {
-                    console.log(chalk_1.default.gray(`   Organization: ${repo.organization}`));
-                    console.log(chalk_1.default.gray(`   Project: ${repo.project}`));
-                    console.log(chalk_1.default.gray(`   Repository: ${repo.name}`));
-                }
-                else if (repo.namespace && repo.name) {
-                    console.log(chalk_1.default.gray(`   Namespace: ${repo.namespace || '(none)'}`));
-                    console.log(chalk_1.default.gray(`   Repository: ${repo.name}`));
+                else {
+                    console.log(chalk_1.default.blue(`   Repository-backed project: ${formatPlatformLabel(detection.provider)}`));
                 }
             }
+            const repo = detection.repository;
+            if (repo.owner && repo.name) {
+                console.log(chalk_1.default.gray(`   Repository: ${repo.owner}/${repo.name}`));
+            }
+            else if (repo.organization && repo.project && repo.name) {
+                console.log(chalk_1.default.gray(`   Organization: ${repo.organization}`));
+                console.log(chalk_1.default.gray(`   Project: ${repo.project}`));
+                console.log(chalk_1.default.gray(`   Repository: ${repo.name}`));
+            }
+            else if (repo.namespace && repo.name) {
+                console.log(chalk_1.default.gray(`   Namespace: ${repo.namespace || '(none)'}`));
+                console.log(chalk_1.default.gray(`   Repository: ${repo.name}`));
+            }
         }
         else {
             result.mode = 'conversational';

package/dist/src/cli/commands/sync.js

@@ -144,6 +144,42 @@ const runSync = async (options) => {
             console.log(chalk_1.default.green('Removed legacy FRAIM sync block from .gitignore'));
         }
     };
+    // Issue #563: refresh the machine-level org cache (~/.fraim/org/) from the
+    // configured org backend. Failures never fail the sync: an existing cache is
+    // served stale with its age (R2.3, R4.3).
+    const refreshOrgCache = async (remoteUrl, apiKey) => {
+        // Org sync is a network round-trip to the org backend. In automated
+        // tests there is no org configured and no server to reach, so skip it
+        // entirely rather than emit warnings or attempt a real request. Local
+        // dev (--local / FRAIM_LOCAL_SYNC) passes the loopback URL + 'local-dev'
+        // key below, which syncOrgCache treats as "no cloud org" unless a git
+        // backend is configured, so it degrades cleanly without this guard.
+        if (process.env.TEST_MODE === 'true')
+            return;
+        const { syncOrgCache } = await Promise.resolve().then(() => __importStar(require('../utils/org-pack-sync')));
+        const outcome = await syncOrgCache({ remoteUrl, apiKey });
+        if (outcome.status === 'synced') {
+            console.log(chalk_1.default.green(`Org context synced (${outcome.metadata.backend}, version ${outcome.metadata.version.slice(0, 12)})`));
+        }
+        else if (outcome.status === 'stale') {
+            console.log(chalk_1.default.yellow(`Org source unreachable. Using cached org context from ${Math.round(outcome.ageHours)}h ago. Will refresh when reachable.`));
+        }
+        else if (outcome.status === 'absent') {
+            console.log(chalk_1.default.yellow(`Org context not synced: ${outcome.error}`));
+        }
+        // 'disabled' (no org configured) stays silent.
+        // R8.1: one-time publish offer for legacy machine-local org files. The
+        // publish itself runs through organization-onboarding (propose-and-approve);
+        // sync only surfaces the offer and never moves files on its own (R8.2).
+        if (outcome.status !== 'disabled') {
+            const { detectLegacyOrgArtifacts } = await Promise.resolve().then(() => __importStar(require('../utils/org-migration')));
+            const legacy = detectLegacyOrgArtifacts();
+            if (legacy.length > 0) {
+                console.log(chalk_1.default.yellow(`Found ${legacy.length} legacy machine-local org file(s) at ~/.fraim/personalized-employee/.`));
+                console.log(chalk_1.default.yellow('Run the organization-onboarding job to publish them to your shared org backend; the originals are archived to ~/.fraim/backups/.'));
+            }
+        }
+    };
     const isNpx = process.env.npm_config_prefix === undefined || process.env.npm_lifecycle_event === 'npx';
     const isGlobal = !isNpx && (process.env.npm_config_global === 'true' || process.env.npm_config_prefix);
     if (isGlobal && !options.skipUpdates) {
@@ -188,6 +224,7 @@ const runSync = async (options) => {
                     console.log(chalk_1.default.green(line));
                 }
             }
+            await refreshOrgCache(localUrl, 'local-dev');
             return;
         }
         console.error(chalk_1.default.red(`Local sync failed: ${result.error}`));
@@ -241,6 +278,7 @@ const runSync = async (options) => {
     if (adapterUpdates.length > 0) {
         console.log(chalk_1.default.green(`Updated FRAIM agent adapter files: ${adapterUpdates.join(', ')}`));
     }
+    await refreshOrgCache(config.remoteUrl || process.env.FRAIM_REMOTE_URL || 'https://fraim.wellnessatwork.me', apiKey);
 };
 exports.runSync = runSync;
 exports.syncCommand = new commander_1.Command('sync')

package/dist/src/cli/doctor/check-runner.js

@@ -7,7 +7,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.runChecks = runChecks;
 const CHECK_TIMEOUT = 2000; // 2 seconds per check
-const MCP_CHECK_TIMEOUT = 10000; // 10 seconds for MCP connectivity checks
+// Issue #532: stdio MCP servers need up to 15s for handshake + npm version resolution
+// on first call via fraim-mcp-latest-launcher; 20s gives a 5s buffer.
+const MCP_CHECK_TIMEOUT = 20000; // 20 seconds for MCP connectivity checks
 const TOTAL_TIMEOUT = 30000; // 30 seconds total
 // Simple logger for doctor command (optional, falls back to no-op)
 const logger = {