npm - mova-claude-import - Versions diffs - 0.1.1 → 0.1.2 - Mend

mova-claude-import 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/dist/observability_writer_v0.js ADDED Viewed

@@ -0,0 +1,157 @@
+export function getMovaObserveScriptV0() {
+    return [
+        "#!/usr/bin/env node",
+        "import fs from \"node:fs/promises\";",
+        "import path from \"node:path\";",
+        "import crypto from \"node:crypto\";",
+        "const KEY_RE = /(api[_-]?key|token|secret|password|authorization|bearer)/i;",
+        "const INLINE_SECRET_RE = /(sk-[a-zA-Z0-9]{8,})/g;",
+        "const PLACEHOLDER_RE = /^\\$\\{[A-Z0-9_]+(?::-?[^}]+)?\\}$/;",
+        "const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();",
+        "const args = process.argv.slice(2);",
+        "const readArg = (name) => {",
+        "  const idx = args.indexOf(name);",
+        "  if (idx === -1) return undefined;",
+        "  return args[idx + 1];",
+        "};",
+        "const eventType = readArg(\"--event\") || process.env.CLAUDE_HOOK_EVENT || \"post_tool_use\";",
+        "const stdoutTailBytes = Number(readArg(\"--stdout-tail-bytes\") || process.env.MOVA_OBS_STDOUT_TAIL_BYTES || 4000);",
+        "const stderrTailBytes = Number(readArg(\"--stderr-tail-bytes\") || process.env.MOVA_OBS_STDERR_TAIL_BYTES || 4000);",
+        "const maxEventBytes = Number(readArg(\"--max-event-bytes\") || process.env.MOVA_OBS_MAX_EVENT_BYTES || 20000);",
+        "const tailLines = Number(readArg(\"--tail-lines\") || process.env.MOVA_OBS_TAIL_LINES || 50);",
+        "const outputDir = readArg(\"--output-dir\") || process.env.MOVA_OBS_OUTPUT_DIR || \".mova/episodes\";",
+        "const now = new Date();",
+        "const iso = now.toISOString();",
+        "const env = process.env;",
+        "const sessionId = env.CLAUDE_SESSION_ID || env.CLAUDE_RUN_ID;",
+        "async function ensureRunId(root) {",
+        "  if (sessionId) return sessionId;",
+        "  const currentPath = path.join(root, \".current_run_id\");",
+        "  try {",
+        "    const raw = await fs.readFile(currentPath, \"utf8\");",
+        "    if (raw.trim()) return raw.trim();",
+        "  } catch {}",
+        "  const runId = `run_${Date.now()}_${crypto.randomBytes(4).toString(\"hex\")}`;",
+        "  await fs.mkdir(root, { recursive: true });",
+        "  await fs.writeFile(currentPath, runId, \"utf8\");",
+        "  return runId;",
+        "}",
+        "function tailLinesFn(text, maxLines) {",
+        "  const lines = text.split(/\\r?\\n/);",
+        "  if (lines.length <= maxLines) return text;",
+        "  return lines.slice(-maxLines).join(\"\\n\");",
+        "}",
+        "function tailBytesFn(text, maxBytes) {",
+        "  if (!maxBytes || maxBytes <= 0) return \"\";",
+        "  const buf = Buffer.from(text, \"utf8\");",
+        "  if (buf.length <= maxBytes) return text;",
+        "  return buf.slice(buf.length - maxBytes).toString(\"utf8\");",
+        "}",
+        "function trimText(text, maxBytes, maxLines) {",
+        "  return tailBytesFn(tailLinesFn(text, maxLines), maxBytes);",
+        "}",
+        "function redactText(input) {",
+        "  let out = input;",
+        "  out = out.replace(INLINE_SECRET_RE, () => \"[REDACTED_TOKEN]\");",
+        "  out = out.replace(/^([A-Z0-9_]{3,80})\\s*=\\s*(.+)$/gmi, (line, k, v) => {",
+        "    if (!KEY_RE.test(k)) return line;",
+        "    if (PLACEHOLDER_RE.test(String(v).trim())) return line;",
+        "    return `${k}=[REDACTED_VALUE_LEN_${String(v).length}]`;",
+        "  });",
+        "  return out;",
+        "}",
+        "function stableStringify(value) {",
+        "  if (Array.isArray(value)) return `[${value.map(stableStringify).join(\",\")}]`;",
+        "  if (value && typeof value === \"object\") {",
+        "    const keys = Object.keys(value).sort();",
+        "    const parts = keys.map((k) => `${JSON.stringify(k)}:${stableStringify(value[k])}`);",
+        "    return `{${parts.join(\",\")}}`;",
+        "  }",
+        "  return JSON.stringify(value);",
+        "}",
+        "function sha(text) {",
+        "  return crypto.createHash(\"sha256\").update(text, \"utf8\").digest(\"hex\");",
+        "}",
+        "async function run() {",
+        "  const root = path.join(projectDir, outputDir);",
+        "  const runId = await ensureRunId(root);",
+        "  const runDir = path.join(root, runId);",
+        "  await fs.mkdir(runDir, { recursive: true });",
+        "  const event = {",
+        "    ts: iso,",
+        "    event_type: String(eventType),",
+        "    tool_name: env.CLAUDE_TOOL_NAME || null,",
+        "    ok: env.CLAUDE_TOOL_STATUS ? env.CLAUDE_TOOL_STATUS === \"0\" : null,",
+        "    durations: env.CLAUDE_TOOL_DURATION_MS ? { tool_ms: Number(env.CLAUDE_TOOL_DURATION_MS) } : null,",
+        "    paths: {",
+        "      input: env.CLAUDE_TOOL_INPUT_FILE_PATH || null,",
+        "      output: env.CLAUDE_TOOL_OUTPUT_FILE_PATH || null",
+        "    },",
+        "    stdout_tail: null,",
+        "    stderr_tail: null,",
+        "    mcp: { server_name: env.CLAUDE_MCP_SERVER || null },",
+        "    hashes: { input_hash: null, output_hash: null }",
+        "  };",
+        "  const stdoutRaw = env.CLAUDE_TOOL_STDOUT || env.CLAUDE_TOOL_OUTPUT || \"\";",
+        "  const stderrRaw = env.CLAUDE_TOOL_STDERR || \"\";",
+        "  let outputHashPayload = \"\";",
+        "  if (stdoutRaw) {",
+        "    const trimmed = trimText(stdoutRaw, stdoutTailBytes, tailLines);",
+        "    const redacted = redactText(trimmed);",
+        "    event.stdout_tail = redacted;",
+        "    outputHashPayload += redacted;",
+        "  }",
+        "  if (stderrRaw) {",
+        "    const trimmed = trimText(stderrRaw, stderrTailBytes, tailLines);",
+        "    const redacted = redactText(trimmed);",
+        "    event.stderr_tail = redacted;",
+        "    outputHashPayload += `\\n${redacted}`;",
+        "  }",
+        "  if (outputHashPayload) {",
+        "    event.hashes.output_hash = sha(outputHashPayload);",
+        "  }",
+        "  const inputRaw = env.CLAUDE_TOOL_INPUT || \"\";",
+        "  if (inputRaw) {",
+        "    const trimmed = trimText(inputRaw, stdoutTailBytes, tailLines);",
+        "    const redacted = redactText(trimmed);",
+        "    event.hashes.input_hash = sha(redacted);",
+        "  }",
+        "  let line = stableStringify(event);",
+        "  if (line.length > maxEventBytes) {",
+        "    event.stdout_tail = null;",
+        "    event.stderr_tail = null;",
+        "    line = stableStringify(event);",
+        "  }",
+        "  await fs.appendFile(path.join(runDir, \"events.jsonl\"), line + \"\\n\", \"utf8\");",
+        "  const summaryPath = path.join(runDir, \"summary.json\");",
+        "  let summary = {",
+        "    run_id: runId,",
+        "    started_at: iso,",
+        "    last_event_at: iso,",
+        "    counts: {},",
+        "    tools: {}",
+        "  };",
+        "  try {",
+        "    const raw = await fs.readFile(summaryPath, \"utf8\");",
+        "    summary = JSON.parse(raw);",
+        "  } catch {}",
+        "  summary.last_event_at = iso;",
+        "  summary.counts[event.event_type] = (summary.counts[event.event_type] || 0) + 1;",
+        "  if (event.tool_name) {",
+        "    summary.tools[event.tool_name] = (summary.tools[event.tool_name] || 0) + 1;",
+        "  }",
+        "  await fs.writeFile(summaryPath, stableStringify(summary) + \"\\n\", \"utf8\");",
+        "  await fs.appendFile(path.join(root, \"index.jsonl\"), stableStringify({ ts: iso, run_id: runId, event_type: event.event_type }) + \"\\n\", \"utf8\");",
+        "  if (String(event.event_type).toLowerCase() === \"stop\") {",
+        "    const currentPath = path.join(root, \".current_run_id\");",
+        "    try { await fs.rm(currentPath); } catch {}",
+        "  }",
+        "}",
+        "run().catch((err) => {",
+        "  const msg = String(err?.message || err || \"failed\");",
+        "  process.stdout.write(JSON.stringify({ feedback: `MOVA observe: ${msg}`, suppressOutput: true }));",
+        "  process.exit(0);",
+        "});",
+        "",
+    ].join("\n");
+}

package/dist/observe_v0.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export declare function listObservabilityRuns(projectDir: string): Promise<{
+    run_id: string;
+    last_event_at: string | null;
+    started_at: string | null;
+    events: number;
+}[]>;
+export declare function tailObservabilityEvents(projectDir: string, runId: string, limit?: number): Promise<string[]>;
+export declare function readObservabilitySummary(projectDir: string, runId: string): Promise<any>;

package/dist/observe_v0.js ADDED Viewed

@@ -0,0 +1,57 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+async function exists(p) {
+    try {
+        await fs.stat(p);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function readJson(p) {
+    const raw = await fs.readFile(p, "utf8");
+    return JSON.parse(raw);
+}
+function sumCounts(summary) {
+    if (!summary?.counts)
+        return 0;
+    return Object.values(summary.counts).reduce((acc, value) => acc + Number(value || 0), 0);
+}
+export async function listObservabilityRuns(projectDir) {
+    const root = path.join(projectDir, ".mova", "episodes");
+    if (!(await exists(root)))
+        return [];
+    const entries = await fs.readdir(root, { withFileTypes: true });
+    const runs = [];
+    for (const entry of entries) {
+        if (!entry.isDirectory())
+            continue;
+        const runId = entry.name;
+        const summaryPath = path.join(root, runId, "summary.json");
+        const summary = (await exists(summaryPath)) ? (await readJson(summaryPath)) : null;
+        const lastEventAt = summary?.last_event_at ?? null;
+        runs.push({
+            run_id: runId,
+            last_event_at: lastEventAt,
+            started_at: summary?.started_at ?? null,
+            events: sumCounts(summary),
+        });
+    }
+    runs.sort((a, b) => String(b.last_event_at ?? "").localeCompare(String(a.last_event_at ?? "")));
+    return runs;
+}
+export async function tailObservabilityEvents(projectDir, runId, limit = 20) {
+    const eventsPath = path.join(projectDir, ".mova", "episodes", runId, "events.jsonl");
+    if (!(await exists(eventsPath)))
+        return [];
+    const raw = await fs.readFile(eventsPath, "utf8");
+    const lines = raw.trim().split(/\r?\n/).filter(Boolean);
+    return lines.slice(-limit);
+}
+export async function readObservabilitySummary(projectDir, runId) {
+    const summaryPath = path.join(projectDir, ".mova", "episodes", runId, "summary.json");
+    if (!(await exists(summaryPath)))
+        return null;
+    return await readJson(summaryPath);
+}

package/dist/presets_v0.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+type PresetInfo = {
+    name: string;
+    root: string;
+    control_path: string;
+    assets_root: string;
+};
+export declare function getPresetsRoot(): string;
+export declare function listPresets(): Promise<string[]>;
+export declare function resolvePreset(name: string): Promise<PresetInfo | null>;
+export declare function readPresetControlRaw(name: string): Promise<string | null>;
+export {};

package/dist/presets_v0.js ADDED Viewed

@@ -0,0 +1,49 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+async function exists(p) {
+    try {
+        await fs.stat(p);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export function getPresetsRoot() {
+    return path.join(process.cwd(), "presets");
+}
+export async function listPresets() {
+    const root = getPresetsRoot();
+    if (!(await exists(root)))
+        return [];
+    const entries = await fs.readdir(root, { withFileTypes: true });
+    const names = [];
+    for (const entry of entries) {
+        if (!entry.isDirectory())
+            continue;
+        const controlPath = path.join(root, entry.name, "control_v0.json");
+        if (await exists(controlPath))
+            names.push(entry.name);
+    }
+    return names.sort();
+}
+export async function resolvePreset(name) {
+    const root = getPresetsRoot();
+    const presetRoot = path.join(root, name);
+    const controlPath = path.join(presetRoot, "control_v0.json");
+    const assetsRoot = path.join(presetRoot, "assets");
+    if (!(await exists(controlPath)))
+        return null;
+    return {
+        name,
+        root: presetRoot,
+        control_path: controlPath,
+        assets_root: assetsRoot,
+    };
+}
+export async function readPresetControlRaw(name) {
+    const preset = await resolvePreset(name);
+    if (!preset)
+        return null;
+    return await fs.readFile(preset.control_path, "utf8");
+}

package/dist/redaction.js CHANGED Viewed

@@ -1,6 +1,10 @@
 import crypto from "node:crypto";
 const KEY_RE = /(api[_-]?key|token|secret|password|authorization|bearer)/i;
 const INLINE_SECRET_RE = /(sk-[a-zA-Z0-9]{8,})/g; // best‑effort
+const PLACEHOLDER_RE = /^\$\{[A-Z0-9_]+(?::-?[^}]+)?\}$/;
+function isPlaceholderValue(value) {
+    return PLACEHOLDER_RE.test(value.trim());
+}
 export function redactText(input) {
     const hits = [];
     let out = input;
@@ -33,7 +37,7 @@ export function redactJson(obj) {
         if (typeof x === "object") {
             const out = {};
             for (const [k, v] of Object.entries(x)) {
-                if (KEY_RE.test(k) && typeof v === "string") {
+                if (KEY_RE.test(k) && typeof v === "string" && !isPlaceholderValue(v)) {
                     hits.push({ rule_id: "json_secret_field", key: k, len: v.length });
                     out[k] = `[REDACTED_VALUE_LEN_${v.length}]`;
                 }

package/dist/run_import.js CHANGED Viewed

@@ -10,11 +10,13 @@ import { getAnthropicProfileV0Files } from "./anthropic_profile_v0.js";
 import { lintV0 } from "./lint_v0.js";
 import { stableStringify } from "./stable_json.js";
 import { createExportZipV0 } from "./export_zip_v0.js";
-import { buildMovaOverlayV0, buildMovaControlEntryV0, MOVA_CONTROL_ENTRY_MARKER } from "./mova_overlay_v0.js";
+import { buildMovaOverlayV0, buildMovaControlEntryV0 } from "./mova_overlay_v0.js";
 import { scanInputPolicyV0 } from "./input_policy_v0.js";
 import { EvidenceWriter } from "@leryk1981/mova-core-engine";
 import { MOVA_SPEC_BINDINGS_V0 } from "./mova_spec_bindings_v0.js";
 import { writeCleanClaudeProfileScaffoldV0 } from "./claude_profile_scaffold_v0.js";
+import { controlFromSettingsV0, controlToMcpJson, controlToSettingsV0, normalizeControlV0, } from "./control_v0.js";
+import { getMovaObserveScriptV0 } from "./observability_writer_v0.js";
 async function exists(p) {
     try {
         await fs.stat(p);
@@ -24,6 +26,9 @@ async function exists(p) {
         return false;
     }
 }
+function isObject(value) {
+    return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
 async function sha256File(p) {
     const buf = await fs.readFile(p);
     return crypto.createHash("sha256").update(buf).digest("hex");
@@ -59,6 +64,12 @@ async function scanProject(opts) {
     const mcpJson = path.join(projectDir, ".mcp.json");
     if (await exists(mcpJson))
         found.mcpJsonPath = mcpJson;
+    const settingsJson = path.join(projectDir, ".claude", "settings.json");
+    if (await exists(settingsJson))
+        found.settingsPath = settingsJson;
+    const controlJson = path.join(projectDir, "mova", "control_v0.json");
+    if (await exists(controlJson))
+        found.controlPath = controlJson;
     const skillsRoot = path.join(projectDir, ".claude", "skills");
     if (await exists(skillsRoot)) {
         const stack = [skillsRoot];
@@ -112,11 +123,15 @@ async function loadAndRedactJson(p) {
     const { redacted, hits } = redactJson(parsed);
     return { raw, parsed, redacted, hits };
 }
-async function ensureClaudeControlEntry(claudePath, block, marker) {
-    const content = await fs.readFile(claudePath, "utf8");
-    if (content.includes(marker))
-        return;
-    await fs.writeFile(claudePath, `${block}\n${content}`, "utf8");
+function updateClaudeBlock(content, marker, block) {
+    if (content.includes(marker)) {
+        const idx = content.indexOf(marker);
+        const after = content.slice(idx);
+        const split = after.split("\n\n");
+        split[0] = block.trimEnd();
+        return content.slice(0, idx) + split.join("\n\n");
+    }
+    return `${block}\n${content}`;
 }
 function orderedObject(obj) {
     return JSON.parse(stableStringify(obj));
@@ -156,24 +171,67 @@ export async function runImport(opts) {
         redactionHits.push(...hits);
         return redacted;
     }
+    /** Process a JSON file – redact and record */
+    async function processJsonFile(rel, absPath) {
+        const { parsed, hits } = await loadAndRedactJson(absPath);
+        inputs.push({ rel, sha256: await sha256File(absPath) });
+        redactionHits.push(...hits);
+        return parsed;
+    }
+    const controlRel = "mova/control_v0.json";
+    let controlOutput = null;
+    let controlDefaults = [];
+    let controlSource = "migrated";
+    let controlMigrationReport = null;
+    if (found.controlPath) {
+        const controlParsed = await processJsonFile(controlRel, found.controlPath);
+        const normalized = normalizeControlV0(controlParsed);
+        controlOutput = normalized.control;
+        controlDefaults = normalized.defaults;
+        controlSource = "control_file";
+    }
+    else {
+        let settingsParsed;
+        let mcpParsed;
+        let settingsFound = false;
+        let mcpFound = false;
+        if (found.settingsPath) {
+            settingsParsed = await processJsonFile(".claude/settings.json", found.settingsPath);
+            settingsFound = true;
+        }
+        if (found.mcpJsonPath) {
+            mcpParsed = await processJsonFile(".mcp.json", found.mcpJsonPath);
+            mcpFound = true;
+        }
+        const migrated = controlFromSettingsV0(settingsParsed, mcpParsed);
+        controlOutput = migrated.control;
+        controlDefaults = migrated.defaults;
+        controlSource = "migrated";
+        controlMigrationReport = {
+            profile_version: "v0",
+            control_version: "control_v0",
+            project_dir: projectDir,
+            control_path: controlRel,
+            found: {
+                settings_json: settingsFound,
+                mcp_json: mcpFound,
+            },
+            sources: {
+                claude_md: "default",
+                overlay: "default",
+                policy: settingsFound ? "settings_json" : "default",
+                mcp: mcpFound ? "mcp_json" : "default",
+            },
+            defaults_used: controlDefaults,
+        };
+    }
+    const control = controlOutput ?? normalizeControlV0({}).control;
+    const mcpJsonParsed = controlToMcpJson(control);
     // CLAUDE.md
     let claudeMdRedacted = "";
     if (found.claudeMdPath) {
         claudeMdRedacted = await processTextFile("CLAUDE.md", found.claudeMdPath);
     }
-    // .mcp.json
-    let mcpJsonRedacted = "";
-    let mcpJsonParsed;
-    if (found.mcpJsonPath) {
-        const { parsed, redacted, hits } = await loadAndRedactJson(found.mcpJsonPath);
-        mcpJsonParsed = parsed;
-        mcpJsonRedacted = stableStringify(redacted);
-        redactionHits.push(...hits);
-        inputs.push({
-            rel: ".mcp.json",
-            sha256: await sha256File(found.mcpJsonPath),
-        });
-    }
     // skill files
     const skillRedactedMap = {};
     for (const f of found.skillFiles) {
@@ -214,6 +272,9 @@ export async function runImport(opts) {
         };
         await writeEvidenceArtifact(evidenceWriter, movaBase, "VERSION.json", versionInfo);
         await writeEvidenceArtifact(evidenceWriter, movaBase, "input_policy_report_v0.json", inputPolicy);
+        if (controlMigrationReport) {
+            await writeEvidenceArtifact(evidenceWriter, movaBase, "control_migration_report_v0.json", controlMigrationReport);
+        }
     }
     if (opts.strict && !inputPolicy.ok) {
         const deniedRunId = computeRunId(inputPolicy.denied.map((d) => `${d.path}:${d.kind}:${d.reason}`).sort());
@@ -321,11 +382,16 @@ export async function runImport(opts) {
     }
     if (!opts.dryRun && opts.emitProfile) {
         await writeCleanClaudeProfileScaffoldV0(outRoot);
-        if (opts.emitOverlay) {
+        const overlayEnabled = opts.emitOverlay && control.overlay.enable;
+        if (overlayEnabled) {
             const controlEntry = buildMovaControlEntryV0(overlayParams);
             const claudePath = path.join(outRoot, "CLAUDE.md");
             if (await exists(claudePath)) {
-                await ensureClaudeControlEntry(claudePath, controlEntry, MOVA_CONTROL_ENTRY_MARKER);
+                if (control.claude_md.inject_control_entry) {
+                    const raw = await fs.readFile(claudePath, "utf8");
+                    const updated = updateClaudeBlock(raw, control.claude_md.marker, controlEntry);
+                    await fs.writeFile(claudePath, updated, "utf8");
+                }
             }
             const overlayFiles = buildMovaOverlayV0(overlayParams);
             for (const [rel, content] of Object.entries(overlayFiles)) {
@@ -338,8 +404,13 @@ export async function runImport(opts) {
                 continue;
             await writeTextFile(path.join(outRoot, rel), content);
         }
-        if (mcpJsonParsed) {
-            await writeJsonFile(path.join(outRoot, ".mcp.json"), mcpJsonParsed);
+        await writeJsonFile(path.join(outRoot, ".mcp.json"), mcpJsonParsed);
+        await writeJsonFile(path.join(outRoot, ".claude", "settings.json"), controlToSettingsV0(control));
+        await writeJsonFile(path.join(outRoot, controlRel), control);
+        if (control.observability.enable && control.observability.writer?.script_path) {
+            const scriptPath = path.join(outRoot, control.observability.writer.script_path);
+            await fs.mkdir(path.dirname(scriptPath), { recursive: true });
+            await fs.writeFile(scriptPath, getMovaObserveScriptV0(), "utf8");
         }
         for (const skill of normalizedSkills) {
             const outRel = path.join(".claude", "skills", skill.normDir, "SKILL.md");
@@ -364,9 +435,22 @@ export async function runImport(opts) {
             skill_md: skill.body,
         })),
     };
+    const mcpServersRaw = isObject(mcpJsonParsed?.mcpServers)
+        ? mcpJsonParsed?.mcpServers
+        : mcpJsonParsed?.servers;
+    const mcpServersList = Array.isArray(mcpServersRaw)
+        ? mcpServersRaw
+        : isObject(mcpServersRaw)
+            ? Object.entries(mcpServersRaw).map(([name, server]) => ({
+                name,
+                command: typeof server?.command === "string" ? server.command : "unknown",
+                args: Array.isArray(server?.args) ? server.args : [],
+                env_keys: isObject(server?.env) ? Object.keys(server.env).sort() : [],
+            }))
+            : [];
     const mcpServers = {
         profile_version: "v0",
-        servers: Array.isArray(mcpJsonParsed?.servers) ? mcpJsonParsed?.servers : [],
+        servers: mcpServersList,
     };
     if (!opts.dryRun) {
         await writeJsonFile(path.join(movaBase, "contracts", "instruction_profile_v0.json"), instructionProfile);
@@ -407,6 +491,7 @@ export async function runImport(opts) {
             mcp_servers: validateMcp.errors,
         },
     };
+    const mcpSourcePresent = controlSource === "control_file" || Boolean(found.mcpJsonPath);
     const manifest = {
         tool: "mova-claude-import",
         version: "v0",
@@ -416,7 +501,7 @@ export async function runImport(opts) {
         inputs: inputs.sort((a, b) => a.rel.localeCompare(b.rel)),
         imported: {
             claude_md: Boolean(found.claudeMdPath),
-            mcp_json: Boolean(found.mcpJsonPath),
+            mcp_json: mcpSourcePresent,
             skills_count: normalizedSkills.length,
         },
         skipped: found.skipped,
@@ -453,7 +538,7 @@ export async function runImport(opts) {
         lintReport = await lintV0({
             outRoot,
             emitProfile: opts.emitProfile,
-            mcpExpected: Boolean(found.mcpJsonPath),
+            mcpExpected: mcpSourcePresent,
         });
         await writeEvidenceArtifact(evidenceWriter, movaBase, "lint_report_v0.json", lintReport);
     }

package/docs/CLAUDE_CONTROL_SURFACE_MAP_v0.md ADDED Viewed

@@ -0,0 +1,78 @@
+# Claude Control Surface Map v0
+## Как было в Claude Code
+Основные файлы контроля:
+- `CLAUDE.md` — project memory и правила.
+- `.claude/settings.json` — hooks, permissions, plugins, MCP toggles.
+- `.mcp.json` — MCP servers и env placeholders.
+- `.claude/skills/` — навыки.
+- `.claude/agents/` — агенты.
+- `.claude/commands/` — команды.
+- `.claude/rules/` — правила.
+- `.claude/hooks/` — hook scripts и skill rules.
+- `.github/workflows/` — CI сценарии.
+## Как стало с MOVA control
+Один источник истины: `mova/control_v0.json`.
+Из него генерируются:
+- `CLAUDE.md` (MOVA Control Entry block по маркеру)
+- `.claude/settings.json`
+- `.mcp.json`
+- раскладка assets (skills/agents/commands/hooks/rules/workflows/docs/dotfiles/schemas)
+## Карта: control_v0 -> поверхность
+| control_v0 поле | Выход/эффект |
+| --- | --- |
+| `claude_md.inject_control_entry` + `marker` | блок MOVA в `CLAUDE.md` |
+| `settings.*` | `.claude/settings.json` |
+| `mcp.*` | `.mcp.json` |
+| `policy.hooks.*` | hooks в `.claude/settings.json` |
+| `policy.permissions.*` | permissions в `.claude/settings.json` |
+| `policy.plugins.*` | plugins в `.claude/settings.json` |
+| `lsp.*` | `.claude/settings.json` + опциональный lsp-файл |
+| `assets.skills` | `.claude/skills/**` |
+| `assets.agents` | `.claude/agents/**` |
+| `assets.commands` | `.claude/commands/**` |
+| `assets.rules` | `.claude/rules/**` |
+| `assets.hooks` | `.claude/hooks/**` |
+| `assets.docs` | `.claude/settings.md`, `.claude/skills/README.md` |
+| `assets.dotfiles` | `.claude/.gitignore` |
+| `assets.schemas` | `.claude/hooks/*.schema.json` |
+| `assets.workflows` | `.github/workflows/**` |
+| `observability.*` | hooks в `.claude/settings.json` + артефакты в `.mova/episodes/**` |
+## Что реально блокирует, а что наблюдает
+- Блокировка: `hooks.PreToolUse` с явным `block: true` и exit 2.
+- Наблюдение: `PostToolUse`, `UserPromptSubmit`, `Stop` — без hard-stop, по умолчанию `report_only`.
+- Наблюдаемость MOVA пишет события в `.mova/episodes/**` и не блокирует работу.
+## Managed vs unmanaged LSP
+- `lsp.managed: true` — `control apply` пишет файл по `lsp.config_path`.
+- `lsp.managed: false` — файл считается внешним и не трогается.
+## Drift и как чинить
+Если `control check` сообщает drift:
+1) `control prefill` (если нужно переснять)
+2) Правка `mova/control_v0.json`
+3) `control apply --mode apply`
+4) `control check` до зелёного статуса
+## Исключения поверхности
+Если есть сознательно неуправляемые файлы, они перечисляются в `control_surface_exclusions_v0.json` с причиной.
+## Как включать/выключать строгость
+- `policy.mode` по умолчанию `report_only`.
+- Для жёсткого режима включайте блокирующие PreToolUse и задавайте строгую политику в `permissions` и `hooks`.
+- Детали CI/strict поведения — в `docs/OPERATOR_GUIDE_v0.md`.

package/docs/OPERATOR_GUIDE_v0.md CHANGED Viewed

@@ -12,6 +12,15 @@
 - `.claude/output-styles/`
 - `.claude/hooks/`
 - `.mcp.json`
+- `mova/control_v0.json` (единый источник правды для rebuild/import)
+## Единый контрольный файл
+`mova/control_v0.json` — источник истины для rebuild/import. Он синхронизирует:
+- блок MOVA в `CLAUDE.md` по маркеру
+- `.claude/settings.json`
+- `.mcp.json`
 ## Как MOVA слой добавляет наблюдаемость
@@ -41,3 +50,5 @@
 - `0` — успех или preview‑план построен.
 - `1` — неожиданный runtime‑сбой.
 - `2` — автоматизация остановлена политикой контроля (strict/CI).
+- `3` — control check обнаружил drift между control и проектом.
+- `4` — control check обнаружил отсутствующие обязательные файлы.