npm - mova-claude-import - Versions diffs - 0.1.1 → 0.1.3 - Mend

mova-claude-import 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/src/control_v0_schema.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import fs from "node:fs/promises";
+import { fileURLToPath } from "node:url";
+import Ajv from "ajv";
+import addFormats from "ajv-formats";
+import { CONTROL_V0_SCHEMA_ID } from "./control_v0.js";
+type ValidationResult = {
+  ok: boolean;
+  errors: any[] | null | undefined;
+};
+async function loadControlSchema() {
+  const schemaPath = fileURLToPath(new URL("../schemas/mova.control_v0.schema.json", import.meta.url));
+  const raw = await fs.readFile(schemaPath, "utf8");
+  return JSON.parse(raw);
+}
+export async function validateControlV0Schema(control: any): Promise<ValidationResult> {
+  const schema = await loadControlSchema();
+  const ajv = new (Ajv as any)({ allErrors: true, strict: true, validateSchema: false });
+  (addFormats as any)(ajv);
+  ajv.addSchema(schema, CONTROL_V0_SCHEMA_ID);
+  const validate = ajv.compile(schema);
+  const ok = Boolean(validate(control));
+  return { ok, errors: validate.errors };
+}

package/src/init_v0.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { getAnthropicProfileV0Files } from "./anthropic_profile_v0.js";
 import { stableStringify } from "./stable_json.js";
 import { createExportZipV0 } from "./export_zip_v0.js";
 import { writeCleanClaudeProfileScaffoldV0 } from "./claude_profile_scaffold_v0.js";
+import { defaultControlV0, type ControlV0 } from "./control_v0.js";
 type InitResult = {
   createdFiles: string[];
@@ -11,6 +12,11 @@ type InitResult = {
   zipSha256?: string;
 };
+type InitOptions = {
+  controlOverride?: ControlV0;
+  assetsRoot?: string;
+};
 async function writeTextFile(absPath: string, content: string) {
   await fs.mkdir(path.dirname(absPath), { recursive: true });
   await fs.writeFile(absPath, content, "utf8");
@@ -21,7 +27,38 @@ async function writeJsonFile(absPath: string, obj: any) {
   await fs.writeFile(absPath, stableStringify(obj) + "\n", "utf8");
 }
-export async function initProfileV0(outRoot: string, emitZip: boolean): Promise<InitResult> {
+async function copyPresetAssets(control: ControlV0, assetsRoot: string, outRoot: string): Promise<string[]> {
+  const created: string[] = [];
+  const assets = [
+    ...control.assets.skills,
+    ...control.assets.agents,
+    ...control.assets.commands,
+    ...control.assets.rules,
+    ...control.assets.hooks,
+    ...control.assets.workflows,
+    ...control.assets.docs,
+    ...control.assets.dotfiles,
+    ...control.assets.schemas,
+  ];
+  for (const asset of assets) {
+    const sourceRel = asset.source_path ?? asset.path;
+    const source = path.isAbsolute(sourceRel) ? sourceRel : path.join(assetsRoot, sourceRel);
+    const target = path.join(outRoot, asset.path);
+    try {
+      await fs.stat(source);
+    } catch {
+      continue;
+    }
+    await fs.mkdir(path.dirname(target), { recursive: true });
+    if (source !== target) {
+      await fs.copyFile(source, target);
+    }
+    created.push(asset.path.replace(/\\/g, "/"));
+  }
+  return created.sort();
+}
+export async function initProfileV0(outRoot: string, emitZip: boolean, options?: InitOptions): Promise<InitResult> {
   const createdFiles: string[] = [];
   await writeCleanClaudeProfileScaffoldV0(outRoot);
   const profileFiles = getAnthropicProfileV0Files();
@@ -31,6 +68,16 @@ export async function initProfileV0(outRoot: string, emitZip: boolean): Promise<
     createdFiles.push(rel);
   }
+  const controlRel = path.join("mova", "control_v0.json").replace(/\\/g, "/");
+  const control = options?.controlOverride ?? defaultControlV0();
+  await writeJsonFile(path.join(outRoot, controlRel), control);
+  createdFiles.push(controlRel);
+  if (options?.assetsRoot) {
+    const assetFiles = await copyPresetAssets(control, options.assetsRoot, outRoot);
+    createdFiles.push(...assetFiles);
+  }
   const movaBase = path.join(outRoot, "mova", "claude_import", "v0");
   const initManifestRel = path.join("mova", "claude_import", "v0", "init_manifest_v0.json").replace(/\\/g, "/");

package/src/observability_writer_v0.ts ADDED Viewed

@@ -0,0 +1,157 @@
+export function getMovaObserveScriptV0(): string {
+  return [
+    "#!/usr/bin/env node",
+    "import fs from \"node:fs/promises\";",
+    "import path from \"node:path\";",
+    "import crypto from \"node:crypto\";",
+    "const KEY_RE = /(api[_-]?key|token|secret|password|authorization|bearer)/i;",
+    "const INLINE_SECRET_RE = /(sk-[a-zA-Z0-9]{8,})/g;",
+    "const PLACEHOLDER_RE = /^\\$\\{[A-Z0-9_]+(?::-?[^}]+)?\\}$/;",
+    "const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();",
+    "const args = process.argv.slice(2);",
+    "const readArg = (name) => {",
+    "  const idx = args.indexOf(name);",
+    "  if (idx === -1) return undefined;",
+    "  return args[idx + 1];",
+    "};",
+    "const eventType = readArg(\"--event\") || process.env.CLAUDE_HOOK_EVENT || \"post_tool_use\";",
+    "const stdoutTailBytes = Number(readArg(\"--stdout-tail-bytes\") || process.env.MOVA_OBS_STDOUT_TAIL_BYTES || 4000);",
+    "const stderrTailBytes = Number(readArg(\"--stderr-tail-bytes\") || process.env.MOVA_OBS_STDERR_TAIL_BYTES || 4000);",
+    "const maxEventBytes = Number(readArg(\"--max-event-bytes\") || process.env.MOVA_OBS_MAX_EVENT_BYTES || 20000);",
+    "const tailLines = Number(readArg(\"--tail-lines\") || process.env.MOVA_OBS_TAIL_LINES || 50);",
+    "const outputDir = readArg(\"--output-dir\") || process.env.MOVA_OBS_OUTPUT_DIR || \".mova/episodes\";",
+    "const now = new Date();",
+    "const iso = now.toISOString();",
+    "const env = process.env;",
+    "const sessionId = env.CLAUDE_SESSION_ID || env.CLAUDE_RUN_ID;",
+    "async function ensureRunId(root) {",
+    "  if (sessionId) return sessionId;",
+    "  const currentPath = path.join(root, \".current_run_id\");",
+    "  try {",
+    "    const raw = await fs.readFile(currentPath, \"utf8\");",
+    "    if (raw.trim()) return raw.trim();",
+    "  } catch {}",
+    "  const runId = `run_${Date.now()}_${crypto.randomBytes(4).toString(\"hex\")}`;",
+    "  await fs.mkdir(root, { recursive: true });",
+    "  await fs.writeFile(currentPath, runId, \"utf8\");",
+    "  return runId;",
+    "}",
+    "function tailLinesFn(text, maxLines) {",
+    "  const lines = text.split(/\\r?\\n/);",
+    "  if (lines.length <= maxLines) return text;",
+    "  return lines.slice(-maxLines).join(\"\\n\");",
+    "}",
+    "function tailBytesFn(text, maxBytes) {",
+    "  if (!maxBytes || maxBytes <= 0) return \"\";",
+    "  const buf = Buffer.from(text, \"utf8\");",
+    "  if (buf.length <= maxBytes) return text;",
+    "  return buf.slice(buf.length - maxBytes).toString(\"utf8\");",
+    "}",
+    "function trimText(text, maxBytes, maxLines) {",
+    "  return tailBytesFn(tailLinesFn(text, maxLines), maxBytes);",
+    "}",
+    "function redactText(input) {",
+    "  let out = input;",
+    "  out = out.replace(INLINE_SECRET_RE, () => \"[REDACTED_TOKEN]\");",
+    "  out = out.replace(/^([A-Z0-9_]{3,80})\\s*=\\s*(.+)$/gmi, (line, k, v) => {",
+    "    if (!KEY_RE.test(k)) return line;",
+    "    if (PLACEHOLDER_RE.test(String(v).trim())) return line;",
+    "    return `${k}=[REDACTED_VALUE_LEN_${String(v).length}]`;",
+    "  });",
+    "  return out;",
+    "}",
+    "function stableStringify(value) {",
+    "  if (Array.isArray(value)) return `[${value.map(stableStringify).join(\",\")}]`;",
+    "  if (value && typeof value === \"object\") {",
+    "    const keys = Object.keys(value).sort();",
+    "    const parts = keys.map((k) => `${JSON.stringify(k)}:${stableStringify(value[k])}`);",
+    "    return `{${parts.join(\",\")}}`;",
+    "  }",
+    "  return JSON.stringify(value);",
+    "}",
+    "function sha(text) {",
+    "  return crypto.createHash(\"sha256\").update(text, \"utf8\").digest(\"hex\");",
+    "}",
+    "async function run() {",
+    "  const root = path.join(projectDir, outputDir);",
+    "  const runId = await ensureRunId(root);",
+    "  const runDir = path.join(root, runId);",
+    "  await fs.mkdir(runDir, { recursive: true });",
+    "  const event = {",
+    "    ts: iso,",
+    "    event_type: String(eventType),",
+    "    tool_name: env.CLAUDE_TOOL_NAME || null,",
+    "    ok: env.CLAUDE_TOOL_STATUS ? env.CLAUDE_TOOL_STATUS === \"0\" : null,",
+    "    durations: env.CLAUDE_TOOL_DURATION_MS ? { tool_ms: Number(env.CLAUDE_TOOL_DURATION_MS) } : null,",
+    "    paths: {",
+    "      input: env.CLAUDE_TOOL_INPUT_FILE_PATH || null,",
+    "      output: env.CLAUDE_TOOL_OUTPUT_FILE_PATH || null",
+    "    },",
+    "    stdout_tail: null,",
+    "    stderr_tail: null,",
+    "    mcp: { server_name: env.CLAUDE_MCP_SERVER || null },",
+    "    hashes: { input_hash: null, output_hash: null }",
+    "  };",
+    "  const stdoutRaw = env.CLAUDE_TOOL_STDOUT || env.CLAUDE_TOOL_OUTPUT || \"\";",
+    "  const stderrRaw = env.CLAUDE_TOOL_STDERR || \"\";",
+    "  let outputHashPayload = \"\";",
+    "  if (stdoutRaw) {",
+    "    const trimmed = trimText(stdoutRaw, stdoutTailBytes, tailLines);",
+    "    const redacted = redactText(trimmed);",
+    "    event.stdout_tail = redacted;",
+    "    outputHashPayload += redacted;",
+    "  }",
+    "  if (stderrRaw) {",
+    "    const trimmed = trimText(stderrRaw, stderrTailBytes, tailLines);",
+    "    const redacted = redactText(trimmed);",
+    "    event.stderr_tail = redacted;",
+    "    outputHashPayload += `\\n${redacted}`;",
+    "  }",
+    "  if (outputHashPayload) {",
+    "    event.hashes.output_hash = sha(outputHashPayload);",
+    "  }",
+    "  const inputRaw = env.CLAUDE_TOOL_INPUT || \"\";",
+    "  if (inputRaw) {",
+    "    const trimmed = trimText(inputRaw, stdoutTailBytes, tailLines);",
+    "    const redacted = redactText(trimmed);",
+    "    event.hashes.input_hash = sha(redacted);",
+    "  }",
+    "  let line = stableStringify(event);",
+    "  if (line.length > maxEventBytes) {",
+    "    event.stdout_tail = null;",
+    "    event.stderr_tail = null;",
+    "    line = stableStringify(event);",
+    "  }",
+    "  await fs.appendFile(path.join(runDir, \"events.jsonl\"), line + \"\\n\", \"utf8\");",
+    "  const summaryPath = path.join(runDir, \"summary.json\");",
+    "  let summary = {",
+    "    run_id: runId,",
+    "    started_at: iso,",
+    "    last_event_at: iso,",
+    "    counts: {},",
+    "    tools: {}",
+    "  };",
+    "  try {",
+    "    const raw = await fs.readFile(summaryPath, \"utf8\");",
+    "    summary = JSON.parse(raw);",
+    "  } catch {}",
+    "  summary.last_event_at = iso;",
+    "  summary.counts[event.event_type] = (summary.counts[event.event_type] || 0) + 1;",
+    "  if (event.tool_name) {",
+    "    summary.tools[event.tool_name] = (summary.tools[event.tool_name] || 0) + 1;",
+    "  }",
+    "  await fs.writeFile(summaryPath, stableStringify(summary) + \"\\n\", \"utf8\");",
+    "  await fs.appendFile(path.join(root, \"index.jsonl\"), stableStringify({ ts: iso, run_id: runId, event_type: event.event_type }) + \"\\n\", \"utf8\");",
+    "  if (String(event.event_type).toLowerCase() === \"stop\") {",
+    "    const currentPath = path.join(root, \".current_run_id\");",
+    "    try { await fs.rm(currentPath); } catch {}",
+    "  }",
+    "}",
+    "run().catch((err) => {",
+    "  const msg = String(err?.message || err || \"failed\");",
+    "  process.stdout.write(JSON.stringify({ feedback: `MOVA observe: ${msg}`, suppressOutput: true }));",
+    "  process.exit(0);",
+    "});",
+    "",
+  ].join("\n");
+}

package/src/observe_v0.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+type RunSummary = {
+  run_id?: string;
+  started_at?: string;
+  last_event_at?: string;
+  counts?: Record<string, number>;
+};
+async function exists(p: string): Promise<boolean> {
+  try {
+    await fs.stat(p);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function readJson(p: string) {
+  const raw = await fs.readFile(p, "utf8");
+  return JSON.parse(raw);
+}
+function sumCounts(summary: RunSummary | null): number {
+  if (!summary?.counts) return 0;
+  return Object.values(summary.counts).reduce((acc, value) => acc + Number(value || 0), 0);
+}
+export async function listObservabilityRuns(projectDir: string) {
+  const root = path.join(projectDir, ".mova", "episodes");
+  if (!(await exists(root))) return [];
+  const entries = await fs.readdir(root, { withFileTypes: true });
+  const runs = [];
+  for (const entry of entries) {
+    if (!entry.isDirectory()) continue;
+    const runId = entry.name;
+    const summaryPath = path.join(root, runId, "summary.json");
+    const summary = (await exists(summaryPath)) ? ((await readJson(summaryPath)) as RunSummary) : null;
+    const lastEventAt = summary?.last_event_at ?? null;
+    runs.push({
+      run_id: runId,
+      last_event_at: lastEventAt,
+      started_at: summary?.started_at ?? null,
+      events: sumCounts(summary),
+    });
+  }
+  runs.sort((a, b) => String(b.last_event_at ?? "").localeCompare(String(a.last_event_at ?? "")));
+  return runs;
+}
+export async function tailObservabilityEvents(projectDir: string, runId: string, limit = 20) {
+  const eventsPath = path.join(projectDir, ".mova", "episodes", runId, "events.jsonl");
+  if (!(await exists(eventsPath))) return [];
+  const raw = await fs.readFile(eventsPath, "utf8");
+  const lines = raw.trim().split(/\r?\n/).filter(Boolean);
+  return lines.slice(-limit);
+}
+export async function readObservabilitySummary(projectDir: string, runId: string) {
+  const summaryPath = path.join(projectDir, ".mova", "episodes", runId, "summary.json");
+  if (!(await exists(summaryPath))) return null;
+  return await readJson(summaryPath);
+}

package/src/presets_v0.ts ADDED Viewed

@@ -0,0 +1,58 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+type PresetInfo = {
+  name: string;
+  root: string;
+  control_path: string;
+  assets_root: string;
+};
+async function exists(p: string): Promise<boolean> {
+  try {
+    await fs.stat(p);
+    return true;
+  } catch {
+    return false;
+  }
+}
+export function getPresetsRoot(): string {
+  const here = path.dirname(fileURLToPath(import.meta.url));
+  const pkgRoot = path.resolve(here, "..");
+  return path.join(pkgRoot, "presets");
+}
+export async function listPresets(): Promise<string[]> {
+  const root = getPresetsRoot();
+  if (!(await exists(root))) return [];
+  const entries = await fs.readdir(root, { withFileTypes: true });
+  const names: string[] = [];
+  for (const entry of entries) {
+    if (!entry.isDirectory()) continue;
+    const controlPath = path.join(root, entry.name, "control_v0.json");
+    if (await exists(controlPath)) names.push(entry.name);
+  }
+  return names.sort();
+}
+export async function resolvePreset(name: string): Promise<PresetInfo | null> {
+  const root = getPresetsRoot();
+  const presetRoot = path.join(root, name);
+  const controlPath = path.join(presetRoot, "control_v0.json");
+  const assetsRoot = path.join(presetRoot, "assets");
+  if (!(await exists(controlPath))) return null;
+  return {
+    name,
+    root: presetRoot,
+    control_path: controlPath,
+    assets_root: assetsRoot,
+  };
+}
+export async function readPresetControlRaw(name: string): Promise<string | null> {
+  const preset = await resolvePreset(name);
+  if (!preset) return null;
+  return await fs.readFile(preset.control_path, "utf8");
+}

package/src/redaction.ts CHANGED Viewed

@@ -8,6 +8,11 @@ export type RedactionHit = {
 const KEY_RE = /(api[_-]?key|token|secret|password|authorization|bearer)/i;
 const INLINE_SECRET_RE = /(sk-[a-zA-Z0-9]{8,})/g; // best‑effort
+const PLACEHOLDER_RE = /^\$\{[A-Z0-9_]+(?::-?[^}]+)?\}$/;
+function isPlaceholderValue(value: string): boolean {
+  return PLACEHOLDER_RE.test(value.trim());
+}
 export function redactText(input: string): { redacted: string; hits: RedactionHit[] } {
   const hits: RedactionHit[] = [];
@@ -43,7 +48,7 @@ export function redactJson(obj: unknown): { redacted: unknown; hits: RedactionHi
     if (typeof x === "object") {
       const out: any = {};
       for (const [k, v] of Object.entries(x)) {
-        if (KEY_RE.test(k) && typeof v === "string") {
+        if (KEY_RE.test(k) && typeof v === "string" && !isPlaceholderValue(v)) {
           hits.push({ rule_id: "json_secret_field", key: k, len: v.length });
           out[k] = `[REDACTED_VALUE_LEN_${v.length}]`;
         } else {

package/src/run_import.ts CHANGED Viewed

@@ -11,15 +11,25 @@ import { getAnthropicProfileV0Files } from "./anthropic_profile_v0.js";
 import { lintV0, type LintReportV0 } from "./lint_v0.js";
 import { stableStringify } from "./stable_json.js";
 import { createExportZipV0 } from "./export_zip_v0.js";
-import { buildMovaOverlayV0, buildMovaControlEntryV0, MOVA_CONTROL_ENTRY_MARKER } from "./mova_overlay_v0.js";
+import { buildMovaOverlayV0, buildMovaControlEntryV0 } from "./mova_overlay_v0.js";
 import { scanInputPolicyV0 } from "./input_policy_v0.js";
 import { EvidenceWriter } from "@leryk1981/mova-core-engine";
 import { MOVA_SPEC_BINDINGS_V0 } from "./mova_spec_bindings_v0.js";
 import { writeCleanClaudeProfileScaffoldV0 } from "./claude_profile_scaffold_v0.js";
+import {
+  controlFromSettingsV0,
+  controlToMcpJson,
+  controlToSettingsV0,
+  normalizeControlV0,
+  type ControlV0,
+} from "./control_v0.js";
+import { getMovaObserveScriptV0 } from "./observability_writer_v0.js";
 type Found = {
   claudeMdPath?: string;
   mcpJsonPath?: string;
+  settingsPath?: string;
+  controlPath?: string;
   skillFiles: string[];
   skipped: Array<{ path: string; reason: string }>;
 };
@@ -33,6 +43,10 @@ async function exists(p: string): Promise<boolean> {
   }
 }
+function isObject(value: any): value is Record<string, any> {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
 async function sha256File(p: string): Promise<string> {
   const buf = await fs.readFile(p);
   return crypto.createHash("sha256").update(buf).digest("hex");
@@ -68,6 +82,12 @@ async function scanProject(opts: ImportOptions): Promise<Found> {
   const mcpJson = path.join(projectDir, ".mcp.json");
   if (await exists(mcpJson)) found.mcpJsonPath = mcpJson;
+  const settingsJson = path.join(projectDir, ".claude", "settings.json");
+  if (await exists(settingsJson)) found.settingsPath = settingsJson;
+  const controlJson = path.join(projectDir, "mova", "control_v0.json");
+  if (await exists(controlJson)) found.controlPath = controlJson;
   const skillsRoot = path.join(projectDir, ".claude", "skills");
   if (await exists(skillsRoot)) {
     const stack = [skillsRoot];
@@ -127,10 +147,15 @@ async function loadAndRedactJson(p: string) {
   return { raw, parsed, redacted, hits };
 }
-async function ensureClaudeControlEntry(claudePath: string, block: string, marker: string) {
-  const content = await fs.readFile(claudePath, "utf8");
-  if (content.includes(marker)) return;
-  await fs.writeFile(claudePath, `${block}\n${content}`, "utf8");
+function updateClaudeBlock(content: string, marker: string, block: string): string {
+  if (content.includes(marker)) {
+    const idx = content.indexOf(marker);
+    const after = content.slice(idx);
+    const split = after.split("\n\n");
+    split[0] = block.trimEnd();
+    return content.slice(0, idx) + split.join("\n\n");
+  }
+  return `${block}\n${content}`;
 }
 function orderedObject(obj: any) {
@@ -177,26 +202,75 @@ export async function runImport(opts: ImportOptions): Promise<ImportResult> {
     return redacted;
   }
+  /** Process a JSON file – redact and record */
+  async function processJsonFile(rel: string, absPath: string) {
+    const { parsed, hits } = await loadAndRedactJson(absPath);
+    inputs.push({ rel, sha256: await sha256File(absPath) });
+    redactionHits.push(...hits);
+    return parsed;
+  }
+  const controlRel = "mova/control_v0.json";
+  let controlOutput: ControlV0 | null = null;
+  let controlDefaults: string[] = [];
+  let controlSource: "control_file" | "migrated" = "migrated";
+  let controlMigrationReport: any | null = null;
+  if (found.controlPath) {
+    const controlParsed = await processJsonFile(controlRel, found.controlPath);
+    const normalized = normalizeControlV0(controlParsed);
+    controlOutput = normalized.control;
+    controlDefaults = normalized.defaults;
+    controlSource = "control_file";
+  } else {
+    let settingsParsed: any | undefined;
+    let mcpParsed: any | undefined;
+    let settingsFound = false;
+    let mcpFound = false;
+    if (found.settingsPath) {
+      settingsParsed = await processJsonFile(".claude/settings.json", found.settingsPath);
+      settingsFound = true;
+    }
+    if (found.mcpJsonPath) {
+      mcpParsed = await processJsonFile(".mcp.json", found.mcpJsonPath);
+      mcpFound = true;
+    }
+    const migrated = controlFromSettingsV0(settingsParsed, mcpParsed);
+    controlOutput = migrated.control;
+    controlDefaults = migrated.defaults;
+    controlSource = "migrated";
+    controlMigrationReport = {
+      profile_version: "v0",
+      control_version: "control_v0",
+      project_dir: projectDir,
+      control_path: controlRel,
+      found: {
+        settings_json: settingsFound,
+        mcp_json: mcpFound,
+      },
+      sources: {
+        claude_md: "default",
+        overlay: "default",
+        policy: settingsFound ? "settings_json" : "default",
+        mcp: mcpFound ? "mcp_json" : "default",
+      },
+      defaults_used: controlDefaults,
+    };
+  }
+  const control = controlOutput ?? normalizeControlV0({}).control;
+  const mcpJsonParsed = controlToMcpJson(control);
   // CLAUDE.md
   let claudeMdRedacted = "";
   if (found.claudeMdPath) {
     claudeMdRedacted = await processTextFile("CLAUDE.md", found.claudeMdPath);
   }
-  // .mcp.json
-  let mcpJsonRedacted = "";
-  let mcpJsonParsed: any | undefined;
-  if (found.mcpJsonPath) {
-    const { parsed, redacted, hits } = await loadAndRedactJson(found.mcpJsonPath);
-    mcpJsonParsed = parsed;
-    mcpJsonRedacted = stableStringify(redacted);
-    redactionHits.push(...hits);
-    inputs.push({
-      rel: ".mcp.json",
-      sha256: await sha256File(found.mcpJsonPath),
-    });
-  }
   // skill files
   const skillRedactedMap: Record<string, string> = {};
   for (const f of found.skillFiles) {
@@ -240,6 +314,14 @@ export async function runImport(opts: ImportOptions): Promise<ImportResult> {
     };
     await writeEvidenceArtifact(evidenceWriter, movaBase, "VERSION.json", versionInfo);
     await writeEvidenceArtifact(evidenceWriter, movaBase, "input_policy_report_v0.json", inputPolicy);
+    if (controlMigrationReport) {
+      await writeEvidenceArtifact(
+        evidenceWriter,
+        movaBase,
+        "control_migration_report_v0.json",
+        controlMigrationReport
+      );
+    }
   }
   if (opts.strict && !inputPolicy.ok) {
@@ -351,11 +433,16 @@ export async function runImport(opts: ImportOptions): Promise<ImportResult> {
   if (!opts.dryRun && opts.emitProfile) {
     await writeCleanClaudeProfileScaffoldV0(outRoot);
-    if (opts.emitOverlay) {
+    const overlayEnabled = opts.emitOverlay && control.overlay.enable;
+    if (overlayEnabled) {
       const controlEntry = buildMovaControlEntryV0(overlayParams);
       const claudePath = path.join(outRoot, "CLAUDE.md");
       if (await exists(claudePath)) {
-        await ensureClaudeControlEntry(claudePath, controlEntry, MOVA_CONTROL_ENTRY_MARKER);
+        if (control.claude_md.inject_control_entry) {
+          const raw = await fs.readFile(claudePath, "utf8");
+          const updated = updateClaudeBlock(raw, control.claude_md.marker, controlEntry);
+          await fs.writeFile(claudePath, updated, "utf8");
+        }
       }
       const overlayFiles = buildMovaOverlayV0(overlayParams);
       for (const [rel, content] of Object.entries(overlayFiles)) {
@@ -367,8 +454,13 @@ export async function runImport(opts: ImportOptions): Promise<ImportResult> {
       if (rel === "CLAUDE.md" || rel === ".claude/settings.json") continue;
       await writeTextFile(path.join(outRoot, rel), content);
     }
-    if (mcpJsonParsed) {
-      await writeJsonFile(path.join(outRoot, ".mcp.json"), mcpJsonParsed);
+    await writeJsonFile(path.join(outRoot, ".mcp.json"), mcpJsonParsed);
+    await writeJsonFile(path.join(outRoot, ".claude", "settings.json"), controlToSettingsV0(control));
+    await writeJsonFile(path.join(outRoot, controlRel), control);
+    if (control.observability.enable && control.observability.writer?.script_path) {
+      const scriptPath = path.join(outRoot, control.observability.writer.script_path);
+      await fs.mkdir(path.dirname(scriptPath), { recursive: true });
+      await fs.writeFile(scriptPath, getMovaObserveScriptV0(), "utf8");
     }
     for (const skill of normalizedSkills) {
       const outRel = path.join(".claude", "skills", skill.normDir, "SKILL.md");
@@ -396,9 +488,22 @@ export async function runImport(opts: ImportOptions): Promise<ImportResult> {
     })),
   };
+  const mcpServersRaw = isObject(mcpJsonParsed?.mcpServers)
+    ? mcpJsonParsed?.mcpServers
+    : mcpJsonParsed?.servers;
+  const mcpServersList = Array.isArray(mcpServersRaw)
+    ? mcpServersRaw
+    : isObject(mcpServersRaw)
+      ? Object.entries(mcpServersRaw).map(([name, server]) => ({
+          name,
+          command: typeof server?.command === "string" ? server.command : "unknown",
+          args: Array.isArray(server?.args) ? server.args : [],
+          env_keys: isObject(server?.env) ? Object.keys(server.env).sort() : [],
+        }))
+      : [];
   const mcpServers = {
     profile_version: "v0",
-    servers: Array.isArray(mcpJsonParsed?.servers) ? mcpJsonParsed?.servers : [],
+    servers: mcpServersList,
   };
   if (!opts.dryRun) {
@@ -449,6 +554,7 @@ export async function runImport(opts: ImportOptions): Promise<ImportResult> {
     },
   };
+  const mcpSourcePresent = controlSource === "control_file" || Boolean(found.mcpJsonPath);
   const manifest = {
     tool: "mova-claude-import",
     version: "v0",
@@ -458,7 +564,7 @@ export async function runImport(opts: ImportOptions): Promise<ImportResult> {
     inputs: inputs.sort((a, b) => a.rel.localeCompare(b.rel)),
     imported: {
       claude_md: Boolean(found.claudeMdPath),
-      mcp_json: Boolean(found.mcpJsonPath),
+      mcp_json: mcpSourcePresent,
       skills_count: normalizedSkills.length,
     },
     skipped: found.skipped,
@@ -498,7 +604,7 @@ export async function runImport(opts: ImportOptions): Promise<ImportResult> {
     lintReport = await lintV0({
       outRoot,
       emitProfile: opts.emitProfile,
-      mcpExpected: Boolean(found.mcpJsonPath),
+      mcpExpected: mcpSourcePresent,
     });
     await writeEvidenceArtifact(evidenceWriter, movaBase, "lint_report_v0.json", lintReport);
   }