fullstackgtm 0.25.2 → 0.27.0

package/dist/connector.js

@@ -1,4 +1,69 @@
+import { dedupeKey } from "./dedupe.js";
 import { requiresHumanInput } from "./rules.js";
+const IRREVERSIBLE_OPERATIONS = new Set(["merge_records", "archive_record"]);
+const IDENTITY_KEY_BY_TYPE = {
+    account: "domain",
+    contact: "email",
+};
+/** snapshot collection for an object type */
+function collectionFor(objectType) {
+    if (objectType === "account")
+        return "accounts";
+    if (objectType === "contact")
+        return "contacts";
+    if (objectType === "deal")
+        return "deals";
+    return null;
+}
+/**
+ * Drift/safety check for the two IRREVERSIBLE operations against a fresh
+ * snapshot. Returns a conflict detail string, or null if the op is safe to
+ * apply. These operations get NO field compare-and-set (there is no single
+ * field to compare), so this snapshot check is their only guard.
+ */
+function checkIrreversibleOp(operation, snapshot) {
+    const collection = collectionFor(operation.objectType);
+    if (!collection)
+        return null;
+    const records = snapshot[collection];
+    const byId = (id) => records.find((record) => String(record.id) === id);
+    if (operation.operation === "archive_record") {
+        if (!byId(operation.objectId)) {
+            return `Record ${operation.objectType}/${operation.objectId} no longer exists (already archived or merged). Re-plan against current data.`;
+        }
+        // Archiving a duplicate discards data a merge would keep — refuse unless the
+        // human explicitly forced it. This catches every archive_record path (agent,
+        // hand-edited plan, audit), not just `bulk-update --archive`.
+        if (!operation.forceArchiveDuplicate) {
+            const keyName = IDENTITY_KEY_BY_TYPE[operation.objectType];
+            if (keyName) {
+                const target = byId(operation.objectId);
+                const key = dedupeKey(target, keyName);
+                if (key) {
+                    const sharers = records.filter((record) => String(record.id) !== operation.objectId && dedupeKey(record, keyName) === key);
+                    if (sharers.length > 0) {
+                        return (`Refusing to archive ${operation.objectType}/${operation.objectId}: it shares ${keyName} "${key}" with ` +
+                            `${sharers.length} other record(s) — that's a duplicate, and archiving discards its data where merging keeps it. ` +
+                            `Merge with \`fullstackgtm dedupe ${operation.objectType} --key ${keyName}\` instead, or rebuild the op with --force-archive-duplicates.`);
+                    }
+                }
+            }
+        }
+        return null;
+    }
+    if (operation.operation === "merge_records") {
+        if (!byId(operation.objectId)) {
+            return `Merge survivor ${operation.objectType}/${operation.objectId} no longer exists (archived or merged away since the plan was built). Re-plan — merges are irreversible.`;
+        }
+        const groupIds = Array.isArray(operation.beforeValue) ? operation.beforeValue.map(String) : [];
+        const losersStillPresent = groupIds.filter((id) => id !== operation.objectId && byId(id));
+        if (groupIds.length > 0 && losersStillPresent.length === 0) {
+            return `Every record to merge into ${operation.objectType}/${operation.objectId} is already gone (merge already applied?). Nothing to do — re-plan if duplicates remain.`;
+        }
+        return null;
+    }
+    return null;
+}
 const FIELD_WRITE_OPERATIONS = new Set(["set_field", "clear_field", "link_record"]);
 function normalizeForComparison(value) {
     if (value === undefined || value === null || value === "")
@@ -35,9 +100,16 @@ export async function applyPatchPlan(connector, plan, options) {
     // closed — but it can be shrunk: re-run the snapshot checks after the
     // first write and every `recheckEvery` writes, conflicting out any
     // operation whose record went stale mid-run.
-    const needsSnapshot = ((plan.guards && plan.guards.length > 0) || plan.filter) && connector.fetchSnapshot;
+    // Irreversible ops (merge/archive) need a fresh snapshot too — it is their
+    // only drift/safety guard (no field to compare-and-set). Respect a caller's
+    // explicit checkConflicts:false opt-out (a stub/known-stale snapshot).
+    const hasIrreversibleApproved = checkConflicts &&
+        plan.operations.some((operation) => approved.has(operation.id) && IRREVERSIBLE_OPERATIONS.has(operation.operation));
+    const needsSnapshot = ((plan.guards && plan.guards.length > 0) || plan.filter || hasIrreversibleApproved) &&
+        connector.fetchSnapshot;
     const recheckEvery = Math.max(1, options.recheckEvery ?? 25);
     const staleIds = new Set();
+    const irreversibleStale = new Map();
     let guardFailure = null;
     const refreshSnapshotChecks = async () => {
         if (!needsSnapshot)
@@ -52,6 +124,16 @@ export async function applyPatchPlan(connector, plan, options) {
                     staleIds.add(operation.objectId);
             }
         }
+        irreversibleStale.clear();
+        if (checkConflicts) {
+            for (const operation of plan.operations) {
+                if (!approved.has(operation.id) || !IRREVERSIBLE_OPERATIONS.has(operation.operation))
+                    continue;
+                const detail = checkIrreversibleOp(operation, liveSnapshot);
+                if (detail)
+                    irreversibleStale.set(operation.id, detail);
+            }
+        }
         for (const guard of plan.guards ?? []) {
             const failure = evaluateGuard(liveSnapshot, guard);
             if (failure) {
@@ -182,6 +264,13 @@ export async function applyPatchPlan(connector, plan, options) {
                 poisonedGroups.add(operation.groupId);
             continue;
         }
+        const irreversibleConflict = irreversibleStale.get(operation.id);
+        if (irreversibleConflict) {
+            results.push({ operationId: operation.id, status: "conflict", detail: irreversibleConflict });
+            if (operation.groupId)
+                poisonedGroups.add(operation.groupId);
+            continue;
+        }
         if (operation.groupId && poisonedGroups.has(operation.groupId)) {
             results.push({
                 operationId: operation.id,

package/dist/dedupe.d.ts

@@ -9,6 +9,12 @@ export type DedupeOptions = {
     /** refuse to build plans larger than this (default 500 operations) */
     maxOperations?: number;
 };
+/**
+ * The subset of a record worth keeping as a merge-recovery artifact: its id (to
+ * reference) plus every populated data field, dropping bulky/plumbing fields
+ * (raw, identities, provenance) that aren't needed to recreate it by hand.
+ */
+export declare function recoverableFields(record: Record<string, unknown>): Record<string, unknown>;
 /** Normalize a record's identity key; undefined when the field is empty. */
 export declare function dedupeKey(record: Record<string, unknown>, key: DedupeOptions["key"]): string | undefined;
 export declare function buildDedupePlan(snapshot: CanonicalGtmSnapshot, options: DedupeOptions): PatchPlan;

package/dist/dedupe.js

@@ -40,6 +40,22 @@ const NON_DATA_FIELDS = new Set(["id", "provider", "crmId", "identities", "raw",
 function populatedDataFields(record) {
     return Object.entries(record).filter(([field, value]) => !NON_DATA_FIELDS.has(field) && value !== undefined && value !== null && value !== "").length;
 }
+/**
+ * The subset of a record worth keeping as a merge-recovery artifact: its id (to
+ * reference) plus every populated data field, dropping bulky/plumbing fields
+ * (raw, identities, provenance) that aren't needed to recreate it by hand.
+ */
+export function recoverableFields(record) {
+    const out = { id: String(record.id) };
+    for (const [field, value] of Object.entries(record)) {
+        if (NON_DATA_FIELDS.has(field))
+            continue;
+        if (value === undefined || value === null || value === "")
+            continue;
+        out[field] = value;
+    }
+    return out;
+}
 /** True when id `a` sorts before id `b` — numeric when both ids are numeric. */
 function idBefore(a, b) {
     const numericA = Number(a);
@@ -102,6 +118,12 @@ export function buildDedupePlan(snapshot, options) {
         const groupIds = members
             .map((member) => String(member.id))
             .sort((a, b) => (idBefore(a, b) ? -1 : 1));
+        // Recovery artifact: the records that will be merged away (everyone but the
+        // survivor), captured with their field values so a human can recreate one by
+        // hand if the merge was wrong. Merges are irreversible — the plan is the backup.
+        const recoverySnapshot = members
+            .filter((member) => String(member.id) !== String(survivor.id))
+            .map((member) => recoverableFields(member));
         const survivorName = typeof survivor.name === "string" && survivor.name
             ? survivor.name
             : typeof survivor.email === "string" && survivor.email
@@ -124,7 +146,8 @@ export function buildDedupePlan(snapshot, options) {
             approvalRequired: true,
             sourceRuleOrPolicy: "dedupe",
             groupId: `grp_${options.objectType}_${String(survivor.id)}`,
-            rollback: "IRREVERSIBLE: provider merges cannot be unmerged. The pre-apply snapshot retains every record's field values; recreate a record manually from it if a merge was wrong.",
+            recoverySnapshot,
+            rollback: "IRREVERSIBLE: provider merges cannot be unmerged. recoverySnapshot on this operation retains every merged-away record's field values; recreate a record manually from it if a merge was wrong.",
         });
     }
     return {

package/dist/index.d.ts

@@ -16,6 +16,8 @@ export { apolloPullKeysForAppend, apolloPullKeysForRefresh, createApolloClient,
 export { diffFindings, diffSnapshots, diffToMarkdown, type CollectionDiff, type FieldChange, type FindingsDrift, type RecordChange, type SnapshotDiff, } from "./diff.ts";
 export { mergeSnapshots, type MergeConflict, type MergeMatch, type MergeReport, type MergeSuggestion, } from "./merge.ts";
 export { createFilePlanStore, type PlanStore, type StoredPlan } from "./planStore.ts";
+export { computeApprovalDigests, loadOrCreateSigningKey, loadSigningKey, signApproval, verifyApprovalDigests, type ApprovalVerification, } from "./integrity.ts";
+export { buildAuditLog, verifyAuditLog, type AuditLogEntry, type AuditLogExport, type AuditLogVerification, } from "./auditLog.ts";
 export { formatPatchPlanRun, patchPlanToMarkdown } from "./format.ts";
 export { auditReportToHtml, auditReportToMarkdown, type ReportOptions } from "./report.ts";
 export { HUBSPOT_DEFAULT_FIELD_MAPPINGS, SALESFORCE_DEFAULT_FIELD_MAPPINGS, mappedField, mappedFields, normalizeFieldMappings, readMappedValue, type CrmObjectType, type FieldMappings, } from "./mappings.ts";

package/dist/index.js

@@ -16,6 +16,8 @@ export { apolloPullKeysForAppend, apolloPullKeysForRefresh, createApolloClient,
 export { diffFindings, diffSnapshots, diffToMarkdown, } from "./diff.js";
 export { mergeSnapshots, } from "./merge.js";
 export { createFilePlanStore } from "./planStore.js";
+export { computeApprovalDigests, loadOrCreateSigningKey, loadSigningKey, signApproval, verifyApprovalDigests, } from "./integrity.js";
+export { buildAuditLog, verifyAuditLog, } from "./auditLog.js";
 export { formatPatchPlanRun, patchPlanToMarkdown } from "./format.js";
 export { auditReportToHtml, auditReportToMarkdown } from "./report.js";
 export { HUBSPOT_DEFAULT_FIELD_MAPPINGS, SALESFORCE_DEFAULT_FIELD_MAPPINGS, mappedField, mappedFields, normalizeFieldMappings, readMappedValue, } from "./mappings.js";

package/dist/integrity.d.ts

@@ -0,0 +1,30 @@
+import type { PatchOperation } from "./types.ts";
+/** Read the signing key, or null if it has not been created yet. */
+export declare function loadSigningKey(): Buffer | null;
+/** Read the signing key, creating a fresh 32-byte one (0600) on first use. */
+export declare function loadOrCreateSigningKey(): Buffer;
+/** HMAC-SHA256 signature of one operation's approved content. */
+export declare function signApproval(operation: PatchOperation, override: unknown, key: Buffer): string;
+/**
+ * Compute the approval signature map for a set of approved operation ids,
+ * resolving each op from the plan and its (approved) value override.
+ */
+export declare function computeApprovalDigests(operations: PatchOperation[], approvedOperationIds: string[], valueOverrides: Record<string, unknown>, key: Buffer): Record<string, string>;
+export type ApprovalVerification = {
+    ok: true;
+} | {
+    ok: false;
+    reason: "no_key";
+    tampered: string[];
+} | {
+    ok: false;
+    reason: "mismatch";
+    tampered: string[];
+};
+/**
+ * Verify that every approved operation still matches what was signed. Returns
+ * ok:true when there are no stored digests (a pre-integrity plan — nothing to
+ * verify), when all match, or fails with the list of operation ids whose
+ * content changed since approval.
+ */
+export declare function verifyApprovalDigests(operations: PatchOperation[], approvedOperationIds: string[], valueOverrides: Record<string, unknown>, storedDigests: Record<string, string> | undefined): ApprovalVerification;

package/dist/integrity.js

@@ -0,0 +1,128 @@
+import { createHmac, randomBytes } from "node:crypto";
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { credentialsDir, ensureSecureHomeDir, writeSecureFile } from "./credentials.js";
+/**
+ * Approval integrity.
+ *
+ * The plan store records WHICH operation ids a human approved, but the apply
+ * path re-reads the operation BODIES fresh from the (user-editable) plan file.
+ * Nothing bound the approval to the content: an approved op's afterValue or
+ * objectId could be changed on disk between `plans approve` and `apply` — by a
+ * compromised dependency, a co-tenant, or a plan file synced/edited on another
+ * machine — and the changed value would be written under the prior approval.
+ *
+ * Fix: at approval time, HMAC-sign each approved operation's security-relevant
+ * content (including the approved value override) with a per-install secret key
+ * stored 0600 alongside the credentials. At apply time, recompute and verify.
+ * Any post-approval edit to the operations or the approved overrides changes the
+ * signature; a tamper must now also forge an HMAC it cannot compute without the
+ * key. The key never leaves the machine, so a plan approved here and applied
+ * elsewhere fails closed ("re-approve on this machine") rather than open.
+ *
+ * This raises the bar from "trust the plan JSON" to "trust the plan JSON only
+ * insofar as it still matches what was signed with the local key." It is not a
+ * defense against an attacker who already holds the signing key (same-dir, same
+ * permissions as the credential store) — that is the documented boundary.
+ */
+const SIGNING_KEY_FILE = ".plan-signing-key";
+function signingKeyPath() {
+    return join(credentialsDir(), SIGNING_KEY_FILE);
+}
+/** Read the signing key, or null if it has not been created yet. */
+export function loadSigningKey() {
+    const path = signingKeyPath();
+    if (!existsSync(path))
+        return null;
+    try {
+        return Buffer.from(readFileSync(path, "utf8").trim(), "hex");
+    }
+    catch {
+        return null;
+    }
+}
+/** Read the signing key, creating a fresh 32-byte one (0600) on first use. */
+export function loadOrCreateSigningKey() {
+    const existing = loadSigningKey();
+    if (existing && existing.length >= 32)
+        return existing;
+    ensureSecureHomeDir();
+    const key = randomBytes(32);
+    writeSecureFile(signingKeyPath(), `${key.toString("hex")}\n`);
+    return key;
+}
+/**
+ * Canonical, stable string of the operation content an approval binds to. Only
+ * the fields that determine WHAT gets written: changing any of them must
+ * invalidate the approval. `override` is the approved value override for this op
+ * (the value actually written when set), so tampering with stored overrides is
+ * caught too.
+ */
+function canonicalApprovalContent(operation, override) {
+    return JSON.stringify([
+        operation.id,
+        operation.operation,
+        operation.objectType,
+        operation.objectId,
+        operation.field ?? null,
+        operation.beforeValue ?? null,
+        operation.afterValue ?? null,
+        operation.groupId ?? null,
+        // Safety-relevant fields too: editing a precondition could relax a drift
+        // guard, and forging forceArchiveDuplicate could suppress the archive-of-
+        // duplicate refusal — the signed approval must pin apply BEHAVIOR, not just
+        // the written value. `reason` is human-reviewed AND written verbatim into
+        // create_task bodies (afterValue ?? reason fallback in the connectors), so a
+        // create_task with a null afterValue would otherwise let a disk edit to
+        // reason write unapproved text under a still-valid digest.
+        operation.preconditions ?? null,
+        operation.forceArchiveDuplicate ?? false,
+        operation.reason ?? null,
+        override === undefined ? null : ["__override__", override],
+    ]);
+}
+/** HMAC-SHA256 signature of one operation's approved content. */
+export function signApproval(operation, override, key) {
+    return createHmac("sha256", key).update(canonicalApprovalContent(operation, override)).digest("hex");
+}
+/**
+ * Compute the approval signature map for a set of approved operation ids,
+ * resolving each op from the plan and its (approved) value override.
+ */
+export function computeApprovalDigests(operations, approvedOperationIds, valueOverrides, key) {
+    const byId = new Map(operations.map((operation) => [operation.id, operation]));
+    const digests = {};
+    for (const id of approvedOperationIds) {
+        const operation = byId.get(id);
+        if (!operation)
+            continue;
+        digests[id] = signApproval(operation, valueOverrides[id], key);
+    }
+    return digests;
+}
+/**
+ * Verify that every approved operation still matches what was signed. Returns
+ * ok:true when there are no stored digests (a pre-integrity plan — nothing to
+ * verify), when all match, or fails with the list of operation ids whose
+ * content changed since approval.
+ */
+export function verifyApprovalDigests(operations, approvedOperationIds, valueOverrides, storedDigests) {
+    if (!storedDigests || Object.keys(storedDigests).length === 0)
+        return { ok: true };
+    const key = loadSigningKey();
+    if (!key)
+        return { ok: false, reason: "no_key", tampered: approvedOperationIds };
+    const byId = new Map(operations.map((operation) => [operation.id, operation]));
+    const tampered = [];
+    for (const id of approvedOperationIds) {
+        const operation = byId.get(id);
+        const expected = storedDigests[id];
+        if (!operation || !expected) {
+            tampered.push(id);
+            continue;
+        }
+        if (signApproval(operation, valueOverrides[id], key) !== expected)
+            tampered.push(id);
+    }
+    return tampered.length === 0 ? { ok: true } : { ok: false, reason: "mismatch", tampered };
+}

package/dist/llm.js

@@ -70,8 +70,23 @@ export async function extractInsightsLlm(transcript, options) {
     const text = truncateTranscript(transcript);
     const prompt = `${EXTRACT_INSTRUCTIONS}\n\n${options.title ? `Call: ${options.title}\n` : ""}Transcript:\n${text}`;
     const result = (await forcedToolCall(prompt, "extract_call_insights", EXTRACT_SCHEMA, model, options));
+    const normalizedTranscript = normalizeSpan(text);
     const insights = (result.insights ?? [])
         .filter((insight) => INSIGHT_TYPES.includes(insight.type))
+        // Mechanical verbatim gate (mirrors market classify): the prompt asks for a
+        // verbatim quote, but a prompt-injected or hallucinated transcript could
+        // fabricate a grounded-looking insight that drives a governed writeback.
+        // (1) The evidence quote must be a non-trivial verbatim span of the transcript.
+        .filter((insight) => {
+        const quote = normalizeSpan(insight.evidence ?? "");
+        return quote.length >= 12 && normalizedTranscript.includes(quote);
+    })
+        // (2) For next_step — the only insight type whose `text` is WRITTEN to the CRM
+        // (set_field nextStep / create_task body) — the written action must itself be
+        // grounded in the verified quote, not just accompanied by an innocuous one.
+        // This closes the decoupling attack: a prompt-injected transcript that emits a
+        // malicious `text` while quoting an unrelated real span no longer survives.
+        .filter((insight) => insight.type !== "next_step" || actionGroundedInEvidence(insight.text, insight.evidence ?? ""))
         .map((insight) => ({
         ...insight,
         title: insight.type.replace(/_/g, " "),
@@ -81,6 +96,39 @@ export async function extractInsightsLlm(transcript, options) {
         .sort((a, b) => b.importance - a.importance || b.confidence - a.confidence);
     return { insights, model };
 }
+/** Whitespace/punctuation-spacing-normalized match (same rule as market spans). */
+function normalizeSpan(value) {
+    return value
+        .replace(/\s+([.,;:!?])/g, "$1")
+        .replace(/\s+/g, " ")
+        .trim()
+        .toLowerCase();
+}
+/**
+ * Is the written next-step action grounded in its (already transcript-verified)
+ * evidence quote? A legitimate next step paraphrases the quote, so it reuses the
+ * quote's salient terms; a prompt-injected action ("wire $50,000 to account
+ * 1234") quoting an unrelated innocuous span does not. Two checks: every
+ * number/amount in the action must appear in the evidence (defeats the
+ * financial-exfil class cleanly), and a meaningful share of the action's
+ * distinctive (≥4-char) words must appear in the evidence.
+ */
+function actionGroundedInEvidence(text, evidence) {
+    const action = normalizeSpan(text);
+    const quote = normalizeSpan(evidence);
+    if (!action)
+        return false;
+    const numbers = action.match(/\d[\d,.]*/g) ?? [];
+    for (const n of numbers) {
+        if (!quote.includes(n))
+            return false; // an ungrounded amount/account/id is a red flag
+    }
+    const distinctive = [...new Set(action.split(/[^a-z0-9$]+/).filter((token) => token.length >= 4))];
+    if (distinctive.length === 0)
+        return true; // nothing distinctive to ground (a short generic step)
+    const grounded = distinctive.filter((token) => quote.includes(token)).length;
+    return grounded / distinctive.length >= 0.4;
+}
 export const DEFAULT_RUBRIC = {
     scale: 5,
     dimensions: [

package/dist/marketTaxonomy.d.ts

@@ -0,0 +1,41 @@
+import { type LlmCallOptions } from "./llm.ts";
+import { type FetchPage, type MarketConfig } from "./market.ts";
+/**
+ * Cold-start taxonomy bootstrap. `market init` writes a stub for a human
+ * analyst to fill in; the self-serve hosted map has no analyst in the loop, so
+ * this proposes the claim taxonomy automatically from the seed vendors' own
+ * pages.
+ *
+ * Posture matches the rest of the market layer: the LLM is a *proposal* layer
+ * grounded in captured evidence (it only sees text we actually fetched), and
+ * everything downstream — capture, classify with verbatim-span verification,
+ * front states, the report — stays deterministic over the stored observations.
+ * The taxonomy it emits is a normal `market.config.json` a human can still edit.
+ */
+export type SeedVendor = {
+    url: string;
+    /** Display name; derived from the host when omitted. */
+    name?: string;
+    /** Marks the user's own company as the anchor vendor. */
+    anchor?: boolean;
+};
+export type SuggestTaxonomyOptions = {
+    category: string;
+    vendors: SeedVendor[];
+    llm: LlmCallOptions;
+    /** Upper bound on proposed claims, to keep classification bounded. */
+    maxClaims?: number;
+    /** Per-vendor captured-text budget fed to the proposer (chars). */
+    perVendorChars?: number;
+    /** Test injectables. */
+    fetchPage?: FetchPage;
+    capturesDir?: string;
+    now?: () => Date;
+};
+export type SuggestTaxonomyResult = {
+    config: MarketConfig;
+    /** Vendors whose homepage capture was empty/failed (excluded from grounding). */
+    unreadableVendorIds: string[];
+    model: string;
+};
+export declare function suggestMarketConfig(options: SuggestTaxonomyOptions): Promise<SuggestTaxonomyResult>;

package/dist/marketTaxonomy.js

@@ -0,0 +1,193 @@
+import { DEFAULT_MODELS, forcedToolCall, } from "./llm.js";
+import { captureMarket, loadCaptureTexts, } from "./market.js";
+const DEFAULT_MAX_CLAIMS = 16;
+const DEFAULT_PER_VENDOR_CHARS = 6_000;
+/** Stable, human-readable id from a string (claim capability or host). */
+function slugify(value, maxWords = 6) {
+    const slug = value
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, "-")
+        .replace(/^-+|-+$/g, "")
+        .split("-")
+        .filter(Boolean)
+        .slice(0, maxWords)
+        .join("-");
+    return slug || "item";
+}
+/** Second-level domain as a vendor id seed: https://www.stripe.com/ -> stripe. */
+function vendorIdFromUrl(url) {
+    let host;
+    try {
+        host = new URL(url).hostname;
+    }
+    catch {
+        return slugify(url);
+    }
+    const labels = host.replace(/^www\./, "").split(".");
+    const sld = labels.length >= 2 ? labels[labels.length - 2] : labels[0];
+    return slugify(sld || host);
+}
+/** Disambiguate repeated ids by suffixing -2, -3, … */
+function uniqueId(base, taken) {
+    if (!taken.has(base)) {
+        taken.add(base);
+        return base;
+    }
+    for (let n = 2;; n += 1) {
+        const candidate = `${base}-${n}`;
+        if (!taken.has(candidate)) {
+            taken.add(candidate);
+            return candidate;
+        }
+    }
+}
+function provisionalVendors(seeds) {
+    const taken = new Set();
+    return seeds.map((seed) => {
+        const id = uniqueId(vendorIdFromUrl(seed.url), taken);
+        const host = (() => {
+            try {
+                return new URL(seed.url).hostname.replace(/^www\./, "");
+            }
+            catch {
+                return seed.url;
+            }
+        })();
+        return {
+            id,
+            name: seed.name?.trim() || host,
+            urls: { home: seed.url, pricing: null, product: [] },
+        };
+    });
+}
+const TAXONOMY_SCHEMA = {
+    type: "object",
+    required: ["claims"],
+    properties: {
+        surfaceRule: {
+            type: "string",
+            description: "One sentence stating how a reader judges LOUD vs QUIET vs ABSENT for this category (e.g. hero/top-nav = LOUD, deeper pages = QUIET, nowhere = ABSENT).",
+        },
+        claims: {
+            type: "array",
+            description: "The distinct capability positions vendors in this category compete on. 8-16 of them. Only include claims you can actually see evidence for on the supplied pages.",
+            items: {
+                type: "object",
+                required: ["capability", "icp", "pricingStructure", "definition"],
+                properties: {
+                    capability: {
+                        type: "string",
+                        description: "What is being claimed, precise enough to judge loud/quiet/absent. Max ~10 words.",
+                    },
+                    icp: { type: "string", description: "Which buyer/ICP this claim cell addresses (category vocabulary)." },
+                    pricingStructure: {
+                        type: "string",
+                        description: "Which pricing structure the claim implies (e.g. per-seat, usage-based, flat, free-tier).",
+                    },
+                    definition: {
+                        type: "string",
+                        description: "Operational definition a human (or classifier) uses to score any vendor's page LOUD/QUIET/ABSENT on this claim.",
+                    },
+                    terms: {
+                        type: "array",
+                        items: { type: "string" },
+                        description: "Exact buyer phrasings for this claim, for deterministic mention matching. 2-5 terms.",
+                    },
+                },
+            },
+        },
+        vendors: {
+            type: "array",
+            description: "Optional refinements: a clean display name per seed URL, and a pricing-page URL if one is clearly linked.",
+            items: {
+                type: "object",
+                required: ["seedUrl"],
+                properties: {
+                    seedUrl: { type: "string" },
+                    name: { type: "string" },
+                    pricingUrl: { type: ["string", "null"] },
+                },
+            },
+        },
+    },
+};
+function buildDossier(vendors, capture, perVendorChars) {
+    const { entries, textByHash } = capture;
+    const unreadable = [];
+    const blocks = [];
+    for (const vendor of vendors) {
+        const hash = entries.find((e) => e.vendorId === vendor.id && e.captureHash)?.captureHash ?? null;
+        const text = hash ? textByHash.get(hash) ?? "" : "";
+        if (!text.trim()) {
+            unreadable.push(vendor.id);
+            continue;
+        }
+        blocks.push(`### ${vendor.name} (${vendor.urls.home})\n${text.slice(0, perVendorChars)}`);
+    }
+    return { dossier: blocks.join("\n\n"), unreadable };
+}
+const INSTRUCTIONS = `You are seeding a competitive "market map" for a category. A market map breaks the category into CLAIMS — the distinct capability positions vendors compete on — so each (vendor x claim) cell can later be scored LOUD / QUIET / ABSENT from that vendor's pages.
+
+Propose the claim taxonomy for this category from the competitor homepages below. Rules:
+- Ground every claim in what is actually visible on the supplied pages. Do not invent positions no vendor mentions.
+- Each claim is a cell: a precise capability, the ICP it targets, and the pricing structure it implies.
+- Write each definition so a reader could judge ANY vendor's page LOUD/QUIET/ABSENT against it.
+- Aim for the 8-16 claims that genuinely differentiate vendors. Prefer specific, contested positions over generic table stakes.
+- Provide 2-5 verbatim buyer terms per claim for later mention matching.
+- Optionally return a cleaned display name and a pricing-page URL per seed vendor when evident.`;
+export async function suggestMarketConfig(options) {
+    const { category } = options;
+    if (options.vendors.length === 0)
+        throw new Error("suggestMarketConfig requires at least one seed vendor");
+    const maxClaims = options.maxClaims ?? DEFAULT_MAX_CLAIMS;
+    const perVendorChars = options.perVendorChars ?? DEFAULT_PER_VENDOR_CHARS;
+    const model = options.llm.model ?? DEFAULT_MODELS[options.llm.provider];
+    const vendors = provisionalVendors(options.vendors);
+    const anchorSeed = options.vendors.find((seed) => seed.anchor);
+    const anchorId = anchorSeed ? vendors[options.vendors.indexOf(anchorSeed)]?.id : undefined;
+    // Capture the seed homepages so the proposer only sees text we actually
+    // fetched (the SSRF guard in captureMarket applies to these user-supplied URLs).
+    await captureMarket({ category, vendors, claims: [] }, { dir: options.capturesDir, runLabel: "bootstrap", fetchPage: options.fetchPage, now: options.now });
+    const capture = loadCaptureTexts(category, options.capturesDir);
+    const { dossier, unreadable } = buildDossier(vendors, capture, perVendorChars);
+    if (!dossier.trim()) {
+        throw new Error(`market init --auto: none of the ${vendors.length} seed pages returned readable text — check the URLs are public homepages.`);
+    }
+    const prompt = `${INSTRUCTIONS}\n\nCategory: ${category}\n\nCompetitor homepages:\n${dossier}`;
+    const result = (await forcedToolCall(prompt, "propose_market_taxonomy", TAXONOMY_SCHEMA, model, options.llm));
+    const takenClaimIds = new Set();
+    const claims = (result.claims ?? [])
+        .filter((claim) => claim?.capability && claim?.definition)
+        .slice(0, maxClaims)
+        .map((claim) => ({
+        id: uniqueId(slugify(claim.capability), takenClaimIds),
+        capability: claim.capability.trim(),
+        icp: (claim.icp ?? "").trim() || "general",
+        pricingStructure: (claim.pricingStructure ?? "").trim() || "unspecified",
+        definition: claim.definition.trim(),
+        ...(claim.terms?.length ? { terms: claim.terms.map((t) => t.trim()).filter(Boolean) } : {}),
+    }));
+    if (claims.length === 0) {
+        throw new Error("market init --auto: the model proposed no usable claims — try again or seed the taxonomy by hand.");
+    }
+    // Apply optional vendor refinements (display name + pricing URL), matched by seed URL.
+    const refinementByUrl = new Map((result.vendors ?? []).map((v) => [v.seedUrl, v]));
+    const refinedVendors = vendors.map((vendor) => {
+        const refinement = refinementByUrl.get(vendor.urls.home);
+        const pricing = refinement?.pricingUrl && /^https?:\/\//i.test(refinement.pricingUrl) ? refinement.pricingUrl : vendor.urls.pricing;
+        return {
+            ...vendor,
+            name: refinement?.name?.trim() || vendor.name,
+            urls: { ...vendor.urls, pricing },
+        };
+    });
+    const config = {
+        category,
+        ...(anchorId ? { anchorVendor: anchorId } : {}),
+        vendors: refinedVendors,
+        claims,
+        surfaceRule: result.surfaceRule?.trim() ||
+            "LOUD = hero copy OR top-level-nav named product with a dedicated page; QUIET = present on any indexed page below that; ABSENT = nowhere observed; UNOBSERVABLE = capture empty/failed — never score ABSENT from a failed capture.",
+    };
+    return { config, unreadableVendorIds: unreadable, model };
+}