mdkg 0.1.3 → 0.1.4

package/dist/init/config.json

@@ -21,7 +21,7 @@
     "output_dir": ".mdkg/bundles",
     "default_profile": "private"
   },
-  "bundle_imports": {},
+  "subgraphs": {},
   "pack": {
     "default_depth": 2,
     "default_edges": [

package/dist/init/core/rule-3-cli-contract.md

@@ -69,9 +69,9 @@ Workspaces are registered in `.mdkg/config.json`.
 
 Qualified IDs may be used as input:
 - `<ws>:<id>` (example: `e2e:task-12`)
-- Imported bundle nodes use the same qualified form with the import alias:
-  - `<import-alias>:<id>` (example: `agent_image:work.generate-image`)
-  - imported nodes are read-only planning context and MUST NOT be selected by local mutation commands
+- Subgraph nodes use the same qualified form with the subgraph alias:
+  - `<subgraph-alias>:<id>` (example: `agent_image:work.generate-image`)
+  - subgraph nodes are read-only planning context and MUST NOT be selected by local mutation commands
 
 If a user provides an unqualified ID and it is ambiguous globally:
 - mdkg MUST error and suggest qualified IDs.
@@ -145,7 +145,7 @@ If a user provides an unqualified ID and it is ambiguous globally:
   - rebuild global cache `.mdkg/index/global.json`
   - rebuild skills cache `.mdkg/index/skills.json` from `.mdkg/skills/<slug>/SKILL.md`
   - rebuild capability cache `.mdkg/index/capabilities.json` from skills, `SPEC.md`, `WORK.md`, core docs, and design docs
-  - rebuild bundle import projection cache `.mdkg/index/imports.json` when bundle imports are configured
+  - rebuild subgraph projection cache `.mdkg/index/subgraphs.json` when subgraphs are configured
   - rebuild SQLite access cache `.mdkg/index/mdkg.sqlite` when `index.backend` is `sqlite`
   - tolerate `.mdkg/skills/<slug>/SKILLS.md` on read with warning
   - fail validation if both `SKILL.md` and `SKILLS.md` exist in one skill directory
@@ -183,10 +183,10 @@ Common flags:
 - `mdkg search "<query>" [--type <type>] [--status <status>] [--ws <alias>] [--tags <tag,tag,...>] [--tags-mode any|all] [--json|--xml|--toon|--md]`
   - search SHOULD match on IDs, titles, tags, path tokens, and searchable frontmatter lists (`links`, `artifacts`, `refs`, `aliases`)
 - `mdkg list [--type <type>] [--status <status>] [--ws <alias>] [--epic <id>] [--blocked] [--priority <n>] [--tags <tag,tag,...>] [--tags-mode any|all] [--json|--xml|--toon|--md]`
-- enabled bundle imports are included in `show`, `search`, `list`, `pack`, and `capability` reads by default:
-  - imported nodes surface `source.imported: true` in JSON output
-  - human output labels imported nodes as read-only and stale when applicable
-  - stale imports warn during planning reads but remain usable
+- enabled subgraphs are included in `show`, `search`, `list`, `pack`, and `capability` reads by default:
+  - subgraph nodes surface `source.imported: true` and `source.subgraph_alias` in JSON output
+  - human output labels subgraph nodes as read-only and stale when applicable
+  - stale subgraphs warn during planning reads but remain usable
 - skills are first-class under `mdkg skill ...` only:
   - `mdkg skill list [--tags <tag,tag,...>] [--tags-mode any|all] [--json|--xml|--toon|--md]`
   - `mdkg skill show <slug> [--meta] [--json|--xml|--toon|--md]`
@@ -197,7 +197,9 @@ Common flags:
   - `mdkg capability list [--kind <skill|spec|work|core|design>] [--visibility <private|internal|public>] [--json]`
   - `mdkg capability search "<query>" [--kind <kind>] [--visibility <level>] [--json]`
   - `mdkg capability show <id-or-qid-or-slug> [--json]`
+  - `mdkg capability resolve [query] [--requires <capability>] [--fresh-only] [--json]`
   - capability records are read-only derived cache entries, not source of truth
+  - `resolve` ranks local and subgraph capability candidates deterministically and degrades stale subgraphs unless `--fresh-only` is supplied
   - normal task, epic, feat, bug, test, and checkpoint nodes are not capability records
 - archives are first-class sidecar nodes under `mdkg archive ...`:
   - `mdkg archive add <file> [--id <archive.id>] [--kind source|artifact] [--visibility private|internal|public] [--title <title>] [--refs <...>] [--relates <...>] [--json]`
@@ -215,21 +217,26 @@ Common flags:
   - `mdkg bundle verify [bundle-path] [--json]`
   - `mdkg bundle show <bundle-path> [--json]`
   - `mdkg bundle list [--json]`
-  - `mdkg bundle import add <alias> <bundle-path> [--visibility private|internal|public] [--profile private|public] [--source-path <path>] [--source-repo <ref>] [--max-stale-seconds <seconds>] [--json]`
-  - `mdkg bundle import list [--json]`
-  - `mdkg bundle import rm <alias> [--json]`
-  - `mdkg bundle import enable <alias> [--json]`
-  - `mdkg bundle import disable <alias> [--json]`
-  - `mdkg bundle import verify [alias|--all] [--json]`
   - bundles are explicit transport artifacts and are not rewritten by `mdkg index`
   - default output is `.mdkg/bundles/<profile>/<workspace-or-all>.mdkg.zip`
   - public bundles must fail closed when public records reference private graph or archive records
-  - public bundles must fail closed when public records reference private/internal imported graph records
-  - bundle imports are read-only projected graph views; child repos remain owners of real mutations and commits
-  - `bundle import verify` exits nonzero for stale, missing, corrupt, profile-mismatched, or duplicate-id imports
-  - public bundle creation must not re-export imported child graph content and must fail if public local nodes reference private/internal imports
-  - public/internal imports require `expected_profile: public`; private bundle profiles cannot be promoted through import visibility
+  - public bundles must fail closed when public records reference private/internal subgraph records
+  - public bundle creation must not re-export subgraph content and must fail if public local nodes reference private/internal subgraphs
   - `mdkg pack --visibility public|internal|private` records explicit pack visibility and filters public/internal packs through the same fail-closed policy
+- subgraph orchestration lives under `mdkg subgraph ...`:
+  - `mdkg subgraph add <alias> <bundle-path> [--visibility private|internal|public] [--profile private|public] [--source-path <path>] [--source-repo <ref>] [--max-stale-seconds <seconds>] [--json]`
+  - `mdkg subgraph list [--json]`
+  - `mdkg subgraph show <alias> [--json]`
+  - `mdkg subgraph rm <alias> [--json]`
+  - `mdkg subgraph enable <alias> [--json]`
+  - `mdkg subgraph disable <alias> [--json]`
+  - `mdkg subgraph verify [alias|--all] [--json]`
+  - `mdkg subgraph refresh [alias|--all] [--json]`
+  - subgraphs are read-only projected graph views; child repos remain owners of real mutations and commits
+  - `subgraph refresh` reloads configured bundle sources only and never builds or mutates child repos
+  - `subgraph verify` exits nonzero for stale, missing, corrupt, profile-mismatched, or duplicate-id subgraphs
+  - public/internal subgraphs require `expected_profile: public`; private bundle profiles cannot be promoted through subgraph visibility
+  - legacy `mdkg bundle import ...` exits with guidance to run `mdkg upgrade --apply` and use `mdkg subgraph ...`
 - work lifecycle helpers live under `mdkg work ...`:
   - `mdkg work contract new "<title>" --id <work.id> --agent-id <agent.id> --kind <kind> --inputs <...> --outputs <...> [--required-capabilities <...>] [--pricing-model <...>] [--json]`
   - `mdkg work order new "<title>" --id <order.id> --work-id <work.id> --requester <ref> [--request-ref <ref>] [--input-refs <...>] [--requested-outputs <...>] [--json]`
@@ -240,7 +247,7 @@ Common flags:
   - these commands mutate mdkg semantic mirror files only; production order, receipt, feedback, dispute, payment, ledger, marketplace inventory, fulfillment, and execution state remains canonical outside mdkg
   - work mirrors must not store raw secrets, credentials, live payment state, ledger mutations, or canonical marketplace state
   - `artifact://...` refs identify external/runtime-managed artifacts; `archive://...` refs identify committed mdkg archive sidecars
-  - update and artifact commands accept local ids or local qids; imported bundle qids are read-only and must be changed in their source workspace
+  - update and artifact commands accept local ids or local qids; subgraph qids are read-only and must be changed in their source workspace
 - discovery/show output flags are mutually exclusive; text mode remains the default when none are supplied
 
 ### Task lifecycle mutation
@@ -251,7 +258,7 @@ Common flags:
   - supports additive list mutation for `artifacts`, `links`, `refs`, `skills`, `tags`, and `blocked_by`
   - supports scalar replacement for `status` and `priority`
   - `--clear-blocked-by` resets blockers before optional re-add
-  - imported bundle qids fail with an explicit read-only import error
+  - subgraph qids fail with an explicit read-only subgraph error
 - `mdkg task done <id-or-qid> [--checkpoint "<title>"] [...]`
   - supports `task`, `bug`, and `test` nodes only
   - sets `status: done`
@@ -308,8 +315,8 @@ Common flags:
 - `mdkg validate`
   - strict frontmatter + graph integrity checks (exit code 2 on failure)
   - validates optional node->skill references
-  - validates configured bundle imports and fails on missing/corrupt enabled bundles, malformed import config, duplicate projected ids, and invalid import refs
-  - warns, but does not fail, on stale imports
+  - validates configured subgraphs and fails on missing/corrupt enabled bundles, malformed subgraph config, duplicate projected ids, and invalid subgraph refs
+  - warns, but does not fail, on stale subgraphs
   - validates optional `.mdkg/work/events/events.jsonl` record shape when file exists
   - warns when `.agents/skills/` or `.claude/skills/` drift from canonical `.mdkg/skills/`
 - `mdkg format`

package/dist/init/core/rule-4-repo-safety-and-ignores.md

@@ -108,7 +108,7 @@ Explicit flags remain available and take precedence:
 
 - `.mdkg/bundles/` stores explicit snapshot artifacts and is not ignored by default.
 - Private bundles may include sensitive authored mdkg content and should stay in private repos.
-- Public bundles must be created with `mdkg bundle create --profile public` so private graph, archive, and imported bundle refs fail closed.
+- Public bundles must be created with `mdkg bundle create --profile public` so private graph, archive, and subgraph refs fail closed.
 - Public-safe packs must be created with `mdkg pack <id> --visibility public`; internal-safe packs use `--visibility internal`. These filters do not redact Markdown body text.
 - Bundle ZIPs must exclude `.mdkg/pack/`, existing `.mdkg/index/`, nested `.mdkg/bundles/`, and raw `.mdkg/archive/**/source/` files.
 - Repos that track archive caches or bundles should refresh in this order before commit: `mdkg archive compress --all`, `mdkg archive verify --json`, `mdkg bundle create --profile private`, then bundle verify.

package/dist/init/init-manifest.json

@@ -1,12 +1,12 @@
 {
   "schema_version": 1,
   "tool": "mdkg",
-  "mdkg_version": "0.1.3",
+  "mdkg_version": "0.1.4",
   "files": [
     {
       "path": ".mdkg/config.json",
       "category": "config",
-      "sha256": "0319f2e92ae0030d67816c025802be50ec5eecc3274e75a4e0ded3e753d945b3"
+      "sha256": "5d2cf5e773353a59178fe86f8528413a00a73e2879fb1e020d01b49c0715a9ce"
     },
     {
       "path": ".mdkg/core/core.md",
@@ -36,12 +36,12 @@
     {
       "path": ".mdkg/core/rule-3-cli-contract.md",
       "category": "core",
-      "sha256": "4ff22c60e3b4093492f00c8ddd738f7241192c7b1edbfdcbdc4ed09d95192aa6"
+      "sha256": "4ec25c6936eefe0857a2946b47f0b65c9481bd65f1159fd5456bec6cce9de7ea"
     },
     {
       "path": ".mdkg/core/rule-4-repo-safety-and-ignores.md",
       "category": "core",
-      "sha256": "4edf0efa29ec470e96cad3e0abc7b8f44e2e718d7a9959f9cefc5e1db7e02b6c"
+      "sha256": "2374e8684dfb32d24d560c83c99c33ff655cfdfe6811372dc3959ec93318a6db"
     },
     {
       "path": ".mdkg/core/rule-5-release-and-versioning.md",
@@ -61,7 +61,7 @@
     {
       "path": ".mdkg/README.md",
       "category": "mdkg_doc",
-      "sha256": "6ff69157098b5cc780f063ffadabff36b70e8567cec7fc406d7550385c467d0e"
+      "sha256": "5ee6c141c0052e78671762e69c111f7f0a5d7f79b35c8f78c5b3b41901bd6959"
     },
     {
       "path": ".mdkg/skills/build-pack-and-execute-task/SKILL.md",
@@ -76,7 +76,7 @@
     {
       "path": ".mdkg/skills/verify-close-and-checkpoint/SKILL.md",
       "category": "default_skill",
-      "sha256": "cf9d7f01eb78a3cf669b6303c2f22c7c08529fe0181e008a7b45c5e5b70ceb49"
+      "sha256": "67fc3d7e3c59b53add62306624391c1a416d0c66077729d79e1be0a303538f42"
     },
     {
       "path": ".mdkg/templates/default/archive.md",
@@ -176,7 +176,7 @@
     {
       "path": "AGENT_START.md",
       "category": "startup_doc",
-      "sha256": "e5bd54a4321443216645b11fd5f27aff2e8f6c760f21dad12b6d0dbe634b0986"
+      "sha256": "abde8671d34fcc7abd8570cf8c10b940cbe8f339edb369bd046045aa5626c0fc"
     },
     {
       "path": "AGENTS.md",
@@ -191,7 +191,7 @@
     {
       "path": "CLI_COMMAND_MATRIX.md",
       "category": "startup_doc",
-      "sha256": "6e347620120c93eb9f330d137087f9e6b3279c629fcc24b65af561bd3cf385a0"
+      "sha256": "14deecded057a99284d2dc147855d12dedffec049da51fed3b1ebdae3105d537"
     },
     {
       "path": "llms.txt",

package/dist/init/skills/default/verify-close-and-checkpoint/SKILL.md

@@ -46,7 +46,7 @@ Use this local repo-only checklist before publishing mdkg:
 
 1. Confirm package intent and version in `package.json`, `package-lock.json`, `README.md`, `CLI_COMMAND_MATRIX.md`, and `CHANGELOG.md`.
 2. Use a clean npm cache: `export NPM_CONFIG_CACHE=/private/tmp/mdkg-npm-cache`.
-3. Run `npm ci`, `npm run build`, `node scripts/assert-publish-ready.js`, `npm run test`, `npm run cli:check`, `node dist/cli.js validate`, `npm run smoke:consumer`, `npm run smoke:matrix`, `npm run smoke:upgrade`, `npm run smoke:init`, `npm run smoke:capabilities`, `npm run smoke:archive-work`, `npm run smoke:bundle`, `npm run smoke:bundle-import`, and `npm run smoke:visibility`.
+3. Run `npm ci`, `npm run build`, `node scripts/assert-publish-ready.js`, `npm run test`, `npm run cli:check`, `node dist/cli.js validate`, `npm run smoke:consumer`, `npm run smoke:matrix`, `npm run smoke:upgrade`, `npm run smoke:init`, `npm run smoke:capabilities`, `npm run smoke:archive-work`, `npm run smoke:bundle`, `npm run smoke:subgraph`, and `npm run smoke:visibility`.
 4. Run `npm pack --dry-run --json` and confirm the tarball includes `dist/cli.js`, compiled folders, `dist/init/`, release docs, and `scripts/postinstall.js`.
 5. Confirm registry state with `npm view mdkg version --registry=https://registry.npmjs.org/`.
 6. Publish only after the registry still shows the previous version and npm auth is known to have write access.

package/dist/util/argparse.js

@@ -83,6 +83,7 @@ const VALUE_FLAGS = new Set([
     "--source-path",
     "--source-repo",
     "--max-stale-seconds",
+    "--requires",
 ]);
 const BOOLEAN_FLAGS = new Set([
     "--tolerant",
@@ -116,6 +117,7 @@ const BOOLEAN_FLAGS = new Set([
     "--with-scripts",
     "--clear-blocked-by",
     "--all",
+    "--fresh-only",
 ]);
 const FLAG_ALIASES = {
     "--o": "--out",

package/package.json

@@ -1,14 +1,14 @@
 {
   "name": "mdkg",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "Markdown Knowledge Graph",
   "license": "MIT",
   "bin": {
     "mdkg": "dist/cli.js"
   },
   "scripts": {
-    "build": "tsc -p tsconfig.build.json && node scripts/add-shebang.js && node scripts/copy-init-assets.js",
-    "build:test": "tsc -p tsconfig.test.json",
+    "build": "node scripts/clean-build-output.js && tsc -p tsconfig.build.json && node scripts/add-shebang.js && node scripts/copy-init-assets.js",
+    "build:test": "node scripts/clean-build-output.js tests && tsc -p tsconfig.test.json",
     "test": "npm run build && npm run build:test && node --test dist/tests/**/*.test.js",
     "test:coverage": "npm run build && npm run build:test && node --test --experimental-test-coverage dist/tests/**/*.test.js",
     "smoke:consumer": "npm run build && node scripts/smoke-consumer.js",
@@ -18,15 +18,16 @@
     "smoke:capabilities": "npm run build && node scripts/smoke-capabilities.js",
     "smoke:archive-work": "npm run build && node scripts/smoke-archive-work.js",
     "smoke:bundle": "npm run build && node scripts/smoke-bundle.js",
-    "smoke:bundle-import": "npm run build && node scripts/smoke-bundle-import.js",
+    "smoke:bundle-import": "npm run smoke:subgraph",
     "smoke:visibility": "npm run build && node scripts/smoke-visibility.js",
     "smoke:sqlite": "npm run build && node scripts/smoke-sqlite.js",
     "smoke:parallel": "npm run build && node scripts/smoke-parallel.js",
     "cli:snapshot": "npm run build && node scripts/cli_help_snapshot.js",
     "cli:check": "npm run build && node scripts/cli_help_snapshot.js --check",
     "prepack": "npm run build && node scripts/assert-publish-ready.js",
-    "prepublishOnly": "npm run test && npm run cli:check && node dist/cli.js validate && npm run smoke:consumer && npm run smoke:matrix && npm run smoke:upgrade && npm run smoke:init && npm run smoke:capabilities && npm run smoke:archive-work && npm run smoke:bundle && npm run smoke:bundle-import && npm run smoke:visibility && npm run smoke:sqlite && npm run smoke:parallel && node scripts/assert-publish-ready.js",
-    "postinstall": "node scripts/postinstall.js"
+    "prepublishOnly": "npm run test && npm run cli:check && node dist/cli.js validate && npm run smoke:consumer && npm run smoke:matrix && npm run smoke:upgrade && npm run smoke:init && npm run smoke:capabilities && npm run smoke:archive-work && npm run smoke:bundle && npm run smoke:subgraph && npm run smoke:visibility && npm run smoke:sqlite && npm run smoke:parallel && node scripts/assert-publish-ready.js",
+    "postinstall": "node scripts/postinstall.js",
+    "smoke:subgraph": "npm run build && node scripts/smoke-subgraph.js"
   },
   "devDependencies": {
     "@types/node": "^24.0.0",

package/dist/commands/bundle_import.js

@@ -1,255 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.runBundleImportAddCommand = runBundleImportAddCommand;
-exports.runBundleImportListCommand = runBundleImportListCommand;
-exports.runBundleImportRemoveCommand = runBundleImportRemoveCommand;
-exports.runBundleImportEnableCommand = runBundleImportEnableCommand;
-exports.runBundleImportDisableCommand = runBundleImportDisableCommand;
-exports.runBundleImportVerifyCommand = runBundleImportVerifyCommand;
-const fs_1 = __importDefault(require("fs"));
-const path_1 = __importDefault(require("path"));
-const config_1 = require("../core/config");
-const migrate_1 = require("../core/migrate");
-const workspace_path_1 = require("../core/workspace_path");
-const bundle_imports_1 = require("../graph/bundle_imports");
-const errors_1 = require("../util/errors");
-const atomic_1 = require("../util/atomic");
-const lock_1 = require("../util/lock");
-const ALIAS_RE = /^[a-z][a-z0-9_]*$/;
-function writeJson(value) {
-    console.log(JSON.stringify(value, null, 2));
-}
-function normalizeAlias(alias) {
-    if (alias === "all") {
-        throw new errors_1.UsageError("bundle import alias cannot be 'all'");
-    }
-    if (alias !== alias.toLowerCase() || !ALIAS_RE.test(alias)) {
-        throw new errors_1.UsageError("bundle import alias must be lowercase and use [a-z0-9_]");
-    }
-    return alias;
-}
-function normalizeVisibility(value) {
-    const normalized = (value ?? "private").toLowerCase();
-    if (normalized === "private" || normalized === "internal" || normalized === "public") {
-        return normalized;
-    }
-    throw new errors_1.UsageError("--visibility must be private, internal, or public");
-}
-function normalizeProfile(value) {
-    const normalized = (value ?? "private").toLowerCase();
-    if (normalized === "private" || normalized === "public") {
-        return normalized;
-    }
-    throw new errors_1.UsageError("--profile must be private or public");
-}
-function normalizeContained(value, label) {
-    try {
-        return (0, workspace_path_1.normalizeContainedWorkspacePath)(value, label);
-    }
-    catch (err) {
-        throw new errors_1.UsageError(err instanceof Error ? err.message : String(err));
-    }
-}
-function readRawConfig(root) {
-    const configPath = path_1.default.join(root, ".mdkg", "config.json");
-    if (!fs_1.default.existsSync(configPath)) {
-        throw new errors_1.NotFoundError(`config not found at ${configPath}`);
-    }
-    let parsed;
-    try {
-        parsed = JSON.parse(fs_1.default.readFileSync(configPath, "utf8"));
-    }
-    catch (err) {
-        throw new errors_1.UsageError(`failed to read config: ${err instanceof Error ? err.message : String(err)}`);
-    }
-    const migrated = (0, migrate_1.migrateConfig)(parsed).config;
-    (0, config_1.validateConfigSchema)(migrated);
-    if (typeof migrated !== "object" || migrated === null || Array.isArray(migrated)) {
-        throw new errors_1.UsageError("config must be a JSON object");
-    }
-    return { configPath, raw: migrated };
-}
-function writeRawConfig(configPath, raw) {
-    (0, atomic_1.atomicWriteFile)(configPath, `${JSON.stringify(raw, null, 2)}\n`);
-}
-function getImports(raw) {
-    const imports = raw.bundle_imports;
-    if (imports === undefined) {
-        raw.bundle_imports = {};
-        return raw.bundle_imports;
-    }
-    if (typeof imports !== "object" || imports === null || Array.isArray(imports)) {
-        throw new errors_1.UsageError("config.bundle_imports must be an object");
-    }
-    return imports;
-}
-function receiptForHealth(action, health) {
-    return {
-        action,
-        import: health,
-    };
-}
-function healthByAlias(root, alias) {
-    const config = (0, config_1.loadConfig)(root);
-    const health = (0, bundle_imports_1.buildBundleImportsIndex)(root, config).index.imports.find((item) => item.alias === alias);
-    if (!health) {
-        throw new errors_1.NotFoundError(`bundle import not found: ${alias}`);
-    }
-    return health;
-}
-function withBundleImportLock(root, fn) {
-    const config = (0, config_1.loadConfig)(root);
-    return (0, lock_1.withMutationLock)(root, config.index.lock_timeout_ms, fn);
-}
-function runBundleImportAddCommandLocked(options) {
-    const alias = normalizeAlias(options.alias);
-    const bundlePath = normalizeContained(options.bundlePath, "bundle import path");
-    const visibility = normalizeVisibility(options.visibility);
-    const expected_profile = normalizeProfile(options.profile);
-    if (visibility !== "private" && expected_profile !== "public") {
-        throw new errors_1.UsageError("--profile public is required when --visibility is public or internal");
-    }
-    const source_path = options.sourcePath
-        ? normalizeContained(options.sourcePath, "bundle import source path")
-        : undefined;
-    if (options.maxStaleSeconds !== undefined && (!Number.isInteger(options.maxStaleSeconds) || options.maxStaleSeconds <= 0)) {
-        throw new errors_1.UsageError("--max-stale-seconds must be a positive integer");
-    }
-    const { configPath, raw } = readRawConfig(options.root);
-    const imports = getImports(raw);
-    if (imports[alias]) {
-        throw new errors_1.UsageError(`bundle import already exists: ${alias}`);
-    }
-    const workspaces = raw.workspaces;
-    if (workspaces && workspaces[alias]) {
-        throw new errors_1.UsageError(`bundle import alias collides with workspace: ${alias}`);
-    }
-    imports[alias] = {
-        path: bundlePath,
-        enabled: true,
-        visibility,
-        expected_profile,
-        ...(source_path ? { source_path } : {}),
-        ...(options.sourceRepo ? { source_repo: options.sourceRepo } : {}),
-        ...(options.maxStaleSeconds !== undefined ? { max_stale_seconds: options.maxStaleSeconds } : {}),
-    };
-    raw.bundle_imports = imports;
-    const validated = (0, config_1.validateConfigSchema)(raw);
-    const health = (0, bundle_imports_1.buildBundleImportsIndex)(options.root, validated).index.imports.find((item) => item.alias === alias);
-    if (!health) {
-        throw new errors_1.NotFoundError(`bundle import not found after validation: ${alias}`);
-    }
-    if (health.error_count > 0) {
-        throw new errors_1.ValidationError(`bundle import ${alias} is invalid:\n${health.errors.join("\n")}`);
-    }
-    writeRawConfig(configPath, raw);
-    const receipt = receiptForHealth("added", health);
-    if (options.json) {
-        writeJson(receipt);
-        return;
-    }
-    console.log(`bundle import added: ${alias} (${bundlePath})`);
-    if (health.warning_count > 0) {
-        console.log(`warnings: ${health.warning_count}`);
-    }
-}
-function runBundleImportAddCommand(options) {
-    return withBundleImportLock(options.root, () => runBundleImportAddCommandLocked(options));
-}
-function runBundleImportListCommand(options) {
-    const config = (0, config_1.loadConfig)(options.root);
-    const imports = (0, bundle_imports_1.buildBundleImportsIndex)(options.root, config).index.imports;
-    if (options.json) {
-        writeJson({ action: "list", count: imports.length, imports });
-        return;
-    }
-    if (imports.length === 0) {
-        console.log("no bundle imports configured");
-        return;
-    }
-    for (const item of imports) {
-        const status = item.enabled ? item.error_count > 0 ? "invalid" : item.stale ? "stale" : "ok" : "disabled";
-        console.log(`${item.alias} | ${status} | ${item.visibility} | ${item.path}`);
-    }
-}
-function runBundleImportRemoveCommandLocked(options) {
-    const alias = normalizeAlias(options.alias);
-    const { configPath, raw } = readRawConfig(options.root);
-    const imports = getImports(raw);
-    const existing = imports[alias];
-    if (!existing) {
-        throw new errors_1.NotFoundError(`bundle import not found: ${alias}`);
-    }
-    delete imports[alias];
-    raw.bundle_imports = imports;
-    (0, config_1.validateConfigSchema)(raw);
-    writeRawConfig(configPath, raw);
-    const receipt = { action: "removed", import: { alias } };
-    if (options.json) {
-        writeJson(receipt);
-        return;
-    }
-    console.log(`bundle import removed: ${alias}`);
-}
-function runBundleImportRemoveCommand(options) {
-    return withBundleImportLock(options.root, () => runBundleImportRemoveCommandLocked(options));
-}
-function setBundleImportEnabledLocked(options, enabled) {
-    const alias = normalizeAlias(options.alias);
-    const { configPath, raw } = readRawConfig(options.root);
-    const imports = getImports(raw);
-    const existing = imports[alias];
-    if (!existing || typeof existing !== "object" || Array.isArray(existing)) {
-        throw new errors_1.NotFoundError(`bundle import not found: ${alias}`);
-    }
-    imports[alias] = { ...existing, enabled };
-    raw.bundle_imports = imports;
-    (0, config_1.validateConfigSchema)(raw);
-    writeRawConfig(configPath, raw);
-    const health = healthByAlias(options.root, alias);
-    const receipt = receiptForHealth(enabled ? "enabled" : "disabled", health);
-    if (options.json) {
-        writeJson(receipt);
-        return;
-    }
-    console.log(`bundle import ${enabled ? "enabled" : "disabled"}: ${alias}`);
-}
-function runBundleImportEnableCommand(options) {
-    withBundleImportLock(options.root, () => setBundleImportEnabledLocked(options, true));
-}
-function runBundleImportDisableCommand(options) {
-    withBundleImportLock(options.root, () => setBundleImportEnabledLocked(options, false));
-}
-function runBundleImportVerifyCommand(options) {
-    const config = (0, config_1.loadConfig)(options.root);
-    const all = options.all || !options.alias;
-    const imports = (0, bundle_imports_1.buildBundleImportsIndex)(options.root, config).index.imports.filter((item) => all ? true : item.alias === options.alias);
-    if (!all && imports.length === 0) {
-        throw new errors_1.NotFoundError(`bundle import not found: ${options.alias}`);
-    }
-    const ok = imports.every((item) => item.error_count === 0 && !item.stale);
-    const receipt = { action: "verified", ok, count: imports.length, imports };
-    if (options.json) {
-        writeJson(receipt);
-    }
-    else if (ok) {
-        console.log(`bundle imports verified: ${imports.length}`);
-    }
-    else {
-        console.log(`bundle import verify failed: ${imports.length}`);
-        for (const item of imports) {
-            for (const warning of item.warnings) {
-                console.log(`warning: ${item.alias}: ${warning}`);
-            }
-            for (const error of item.errors) {
-                console.log(`error: ${item.alias}: ${error}`);
-            }
-        }
-    }
-    if (!ok) {
-        throw new errors_1.ValidationError("bundle import verify failed");
-    }
-}