nexarch 0.6.3 → 0.6.5

package/dist/commands/check-in.js

@@ -1,5 +1,5 @@
 import process from "process";
-import { existsSync, readFileSync, readdirSync, statSync } from "fs";
+import { existsSync, readFileSync } from "fs";
 import { join } from "path";
 import { homedir } from "os";
 import { requireCredentials } from "../lib/credentials.js";
@@ -23,136 +23,65 @@ function parseToolText(result) {
 function loadIdentity() {
     const identityPath = join(homedir(), ".nexarch", "identity.json");
     if (!existsSync(identityPath))
-        return { agentKey: null, projectKeys: [] };
+        return { agentKey: null, companyId: null };
     try {
         const data = JSON.parse(readFileSync(identityPath, "utf8"));
-        return {
-            agentKey: data.agentKey ?? null,
-            projectKeys: Array.isArray(data.projectKeys) ? data.projectKeys : [],
-        };
+        return { agentKey: data.agentKey ?? null, companyId: data.companyId ?? null };
     }
     catch {
-        return { agentKey: null, projectKeys: [] };
+        return { agentKey: null, companyId: null };
     }
 }
-function safeReadText(path, maxChars = 6000) {
-    if (!existsSync(path))
-        return null;
-    try {
-        return readFileSync(path, "utf8").slice(0, maxChars);
-    }
-    catch {
-        return null;
-    }
-}
-function collectEvidenceFromRepo() {
-    const cwd = process.cwd();
-    const readme = safeReadText(join(cwd, "README.md"), 8000)
-        ?? safeReadText(join(cwd, "readme.md"), 8000)
-        ?? undefined;
-    const packageJson = safeReadText(join(cwd, "package.json"), 5000);
-    const notes = [];
-    if (packageJson)
-        notes.push("package.json detected");
-    const files = [];
-    if (packageJson)
-        files.push({ path: "package.json", content: packageJson });
-    const srcDir = join(cwd, "src");
-    if (existsSync(srcDir)) {
-        try {
-            const entries = readdirSync(srcDir)
-                .filter((name) => /\.(ts|tsx|js|jsx)$/i.test(name))
-                .slice(0, 8);
-            for (const name of entries) {
-                const full = join(srcDir, name);
-                try {
-                    if (!statSync(full).isFile())
-                        continue;
-                    const content = safeReadText(full, 4000);
-                    if (content)
-                        files.push({ path: `src/${name}`, content });
-                }
-                catch {
-                    // ignore per-file failures
-                }
-            }
-            if (entries.length > 0)
-                notes.push(`included ${entries.length} source file snippet(s)`);
-        }
-        catch {
-            // ignore directory read issues
-        }
-    }
-    const summary = [
-        `cwd=${cwd}`,
-        readme ? "README included" : "README missing",
-        files.length > 0 ? `evidence files=${files.length}` : "no evidence files collected",
-    ].join("; ");
-    return {
-        summary,
-        ...(readme ? { readme } : {}),
-        ...(notes.length ? { notes: notes.join("; ") } : {}),
-        ...(files.length ? { files } : {}),
-    };
-}
 export async function checkIn(args) {
     const asJson = parseFlag(args, "--json");
     const agentKeyArg = parseOptionValue(args, "--agent-key");
-    const projectKey = parseOptionValue(args, "--project");
     const creds = requireCredentials();
     const identity = loadIdentity();
     const agentKey = agentKeyArg ?? identity.agentKey;
-    // Use --project flag as a single override, otherwise send all stored keys
-    const resolvedProjectKeys = projectKey ? [projectKey] : identity.projectKeys;
     if (!agentKey) {
         if (asJson) {
-            process.stdout.write(JSON.stringify({ command: null, reason: "no-agent-key" }) + "\n");
+            process.stdout.write(JSON.stringify({ commands: [], reason: "no-agent-key" }) + "\n");
         }
         else {
             console.log("No agent key found. Pass --agent-key or run nexarch init-agent first.");
         }
         return;
     }
-    const mcpOpts = { companyId: creds.companyId };
-    const evidence = collectEvidenceFromRepo();
     const raw = await callMcpTool("nexarch_claim_command", {
         agentKey,
-        ...(resolvedProjectKeys.length > 0 ? { projectKeys: resolvedProjectKeys } : {}),
-        evidence,
         companyId: creds.companyId,
-    }, mcpOpts);
+    }, { companyId: creds.companyId });
     const result = parseToolText(raw);
     if (asJson) {
         process.stdout.write(JSON.stringify(result) + "\n");
         return;
     }
-    if (!result.command) {
-        console.log("No pending commands. Nothing to do.");
+    const commands = result.commands ?? [];
+    if (commands.length === 0) {
+        console.log("No pending application-target commands found.");
         return;
     }
-    const cmd = result.command;
-    console.log(`\n╔══════════════════════════════════════════════════════════════════╗`);
-    console.log(`║  COMMAND QUEUED — action required                                ║`);
-    console.log(`╚══════════════════════════════════════════════════════════════════╝`);
-    console.log(`\nCommand ID : ${cmd.id}`);
-    console.log(`Type       : ${cmd.command_type}`);
-    console.log(`Target     : ${cmd.target_entity_key ?? "(any)"}`);
-    console.log(`Priority   : ${cmd.priority}`);
-    if (cmd.resolved_runtime_handler)
-        console.log(`Runtime    : ${cmd.resolved_runtime_handler}`);
-    if (cmd.command_type_version != null)
-        console.log(`Type ver   : ${cmd.command_type_version}`);
-    if (Object.keys(cmd.command_params).length > 0) {
-        console.log(`Params     : ${JSON.stringify(cmd.command_params)}`);
-    }
-    if (cmd.resolved_playbook_text?.trim()) {
-        console.log(`\nPlaybook:\n${cmd.resolved_playbook_text}`);
+    console.log("\nPending application-target commands (preview only; nothing claimed):");
+    console.log(`Company scope is resolved server-side from companyId=${creds.companyId}.`);
+    if (identity.companyId && identity.companyId !== creds.companyId) {
+        console.log(`Note: local identity companyId ${identity.companyId} differs from current credentials companyId ${creds.companyId}.`);
     }
-    if (cmd.instructions) {
-        console.log(`\nInstructions:\n${cmd.instructions}`);
+    for (const cmd of commands) {
+        const claimable = cmd.claimable ? "yes" : "no";
+        const reason = cmd.claimReason ?? (cmd.claimable ? "application_access_confirmed" : "application_not_found_for_company");
+        console.log(`\n- ID         : ${cmd.id}`);
+        console.log(`  Type       : ${cmd.command_type}`);
+        console.log(`  Target     : ${cmd.target_entity_key ?? "(none)"}`);
+        console.log(`  Priority   : ${cmd.priority}`);
+        console.log(`  Claimable  : ${claimable} (${reason})`);
+        if (cmd.command_type_version != null)
+            console.log(`  Type ver   : ${cmd.command_type_version}`);
+        if (cmd.resolved_runtime_handler)
+            console.log(`  Runtime    : ${cmd.resolved_runtime_handler}`);
+        if (cmd.claimable) {
+            console.log(`  Claim cmd  : npx nexarch command-claim --id "${cmd.id}"`);
+        }
     }
-    console.log(`\nWhen done, run:`);
-    console.log(`  npx nexarch command-done --id "${cmd.id}" --summary "..."`);
-    console.log(`\nIf it fails, run:`);
-    console.log(`  npx nexarch command-fail --id "${cmd.id}" --error "..."`);
+    console.log("\nTo validate an application target is accessible in Nexarch before claiming:");
+    console.log("  npx nexarch policy-controls --entity <application:key> --json");
 }

package/dist/commands/command-claim.js

@@ -0,0 +1,91 @@
+import process from "process";
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { requireCredentials } from "../lib/credentials.js";
+import { callMcpTool } from "../lib/mcp.js";
+function parseFlag(args, flag) {
+    return args.includes(flag);
+}
+function parseOptionValue(args, option) {
+    const idx = args.indexOf(option);
+    if (idx === -1)
+        return null;
+    const v = args[idx + 1];
+    if (!v || v.startsWith("--"))
+        return null;
+    return v;
+}
+function parseToolText(result) {
+    const text = result.content?.[0]?.text ?? "{}";
+    return JSON.parse(text);
+}
+function loadIdentity() {
+    const identityPath = join(homedir(), ".nexarch", "identity.json");
+    if (!existsSync(identityPath))
+        return { agentKey: null };
+    try {
+        const data = JSON.parse(readFileSync(identityPath, "utf8"));
+        return { agentKey: data.agentKey ?? null };
+    }
+    catch {
+        return { agentKey: null };
+    }
+}
+export async function commandClaim(args) {
+    const asJson = parseFlag(args, "--json");
+    const id = parseOptionValue(args, "--id");
+    const agentKeyArg = parseOptionValue(args, "--agent-key");
+    if (!id) {
+        console.error("error: --id <commandId> is required");
+        process.exit(1);
+    }
+    const creds = requireCredentials();
+    const identity = loadIdentity();
+    const agentKey = agentKeyArg ?? identity.agentKey;
+    if (!agentKey) {
+        console.error("error: no agent key found. Pass --agent-key or run nexarch init-agent first.");
+        process.exit(1);
+    }
+    const raw = await callMcpTool("nexarch_claim_command_by_id", {
+        commandId: id,
+        agentKey,
+        companyId: creds.companyId,
+    }, { companyId: creds.companyId });
+    const result = parseToolText(raw);
+    if (asJson) {
+        process.stdout.write(JSON.stringify(result) + "\n");
+        return;
+    }
+    if (!result.command) {
+        console.log(`Command ${id} was not claimed.`);
+        if (result.reason)
+            console.log(`Reason: ${result.reason}`);
+        return;
+    }
+    const cmd = result.command;
+    console.log(`\n╔══════════════════════════════════════════════════════════════════╗`);
+    console.log(`║  COMMAND CLAIMED — action required                               ║`);
+    console.log(`╚══════════════════════════════════════════════════════════════════╝`);
+    console.log(`\nCommand ID : ${cmd.id}`);
+    console.log(`Type       : ${cmd.command_type}`);
+    console.log(`Target     : ${cmd.target_entity_key ?? "(any)"}`);
+    console.log(`Priority   : ${cmd.priority}`);
+    if (cmd.resolved_runtime_handler)
+        console.log(`Runtime    : ${cmd.resolved_runtime_handler}`);
+    if (cmd.command_type_version != null)
+        console.log(`Type ver   : ${cmd.command_type_version}`);
+    if (Object.keys(cmd.command_params).length > 0) {
+        console.log(`Params     : ${JSON.stringify(cmd.command_params)}`);
+    }
+    if (cmd.resolved_playbook_text?.trim()) {
+        console.log(`\nPlaybook:\n${cmd.resolved_playbook_text}`);
+    }
+    if (cmd.instructions) {
+        console.log(`\nInstructions:\n${cmd.instructions}`);
+    }
+    console.log(`\nWhen done, run:`);
+    console.log(`  npx nexarch command-done --id "${cmd.id}" --summary "..."`);
+    console.log(`\nIf it fails, run:`);
+    console.log(`  npx nexarch command-fail --id "${cmd.id}" --error "..."`);
+}

package/dist/commands/init-agent.js

@@ -756,7 +756,7 @@ export async function initAgent(args) {
             // Save identity so check-in can find the agent key
             const identityDir = join(homedir(), ".nexarch");
             mkdirSync(identityDir, { recursive: true });
-            writeFileSync(join(identityDir, "identity.json"), JSON.stringify({ agentKey: `agent:${agentId}` }, null, 2), { mode: 0o600 });
+            writeFileSync(join(identityDir, "identity.json"), JSON.stringify({ agentKey: `agent:${agentId}`, companyId: creds.companyId }, null, 2), { mode: 0o600 });
         }
         catch {
             // non-fatal

package/dist/commands/init-project.js

@@ -1,8 +1,7 @@
 import process from "process";
 import { execFileSync } from "node:child_process";
-import { existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
+import { existsSync, readFileSync, readdirSync, statSync } from "node:fs";
 import { basename, join, relative, resolve as resolvePath } from "node:path";
-import { homedir } from "node:os";
 import { requireCredentials } from "../lib/credentials.js";
 import { callMcpTool } from "../lib/mcp.js";
 import { buildVersionAttributes } from "../lib/version-normalization.js";
@@ -1234,30 +1233,6 @@ ${subPkgSection}${gapCheckSection}`;
         relationshipErrors: relsResult?.errors ?? [],
         enrichmentTask,
     };
-    // Persist all application entity keys to ~/.nexarch/identity.json so nexarch check-in
-    // can automatically claim commands targeted at any application in this project.
-    if (output.ok) {
-        try {
-            const allAppKeys = [
-                projectExternalKey,
-                ...subPackages
-                    .filter((sp) => sp.entityType === "application" && sp.externalKey)
-                    .map((sp) => sp.externalKey),
-            ];
-            const identityDir = join(homedir(), ".nexarch");
-            mkdirSync(identityDir, { recursive: true });
-            const identityPath = join(identityDir, "identity.json");
-            const existing = existsSync(identityPath)
-                ? JSON.parse(readFileSync(identityPath, "utf8"))
-                : {};
-            const stored = Array.isArray(existing.projectKeys) ? existing.projectKeys : [];
-            const merged = Array.from(new Set([...allAppKeys, ...stored]));
-            writeFileSync(identityPath, JSON.stringify({ ...existing, projectKeys: merged }, null, 2), { mode: 0o600 });
-        }
-        catch {
-            // non-fatal
-        }
-    }
     if (asJson) {
         process.stdout.write(`${JSON.stringify(output, null, 2)}\n`);
         if (!output.ok)

package/dist/commands/login.js

@@ -3,6 +3,9 @@ import { createServer as createNetServer } from "net";
 import { randomBytes } from "crypto";
 import { execFile } from "child_process";
 import { saveCredentials } from "../lib/credentials.js";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
 const NEXARCH_URL = "https://nexarch.ai";
 const LOGIN_TIMEOUT_MS = 5 * 60 * 1000;
 function printLoginBanner() {
@@ -152,6 +155,20 @@ export async function login(args) {
         companyId,
         expiresAt: expiresAt.toISOString(),
     });
+    try {
+        const identityDir = join(homedir(), ".nexarch");
+        mkdirSync(identityDir, { recursive: true });
+        const identityPath = join(identityDir, "identity.json");
+        const existing = existsSync(identityPath)
+            ? JSON.parse(readFileSync(identityPath, "utf8"))
+            : {};
+        const next = { ...existing, companyId };
+        delete next.projectKeys;
+        writeFileSync(identityPath, JSON.stringify(next, null, 2), { mode: 0o600 });
+    }
+    catch {
+        // non-fatal
+    }
     console.log("✓ Logged in successfully");
     console.log("\nRun `nexarch status` to verify your connection.");
 }

package/dist/commands/logout.js

@@ -1,4 +1,7 @@
 import { loadCredentials, removeCredentials } from "../lib/credentials.js";
+import { existsSync, rmSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
 export async function logout(_args) {
     const creds = loadCredentials();
     if (!creds) {
@@ -6,7 +9,11 @@ export async function logout(_args) {
         return;
     }
     removeCredentials();
+    const identityPath = join(homedir(), ".nexarch", "identity.json");
+    if (existsSync(identityPath))
+        rmSync(identityPath);
     console.log("✓ Logged out. Credentials removed from ~/.nexarch/credentials.json");
+    console.log("✓ Local identity removed from ~/.nexarch/identity.json");
     console.log("\nNote: the token still exists in your Nexarch workspace until revoked.");
     console.log("To revoke it, visit Workspace → Agents → Manage tokens.");
 }

package/dist/index.js

@@ -15,6 +15,7 @@ import { resolveNames } from "./commands/resolve-names.js";
 import { checkIn } from "./commands/check-in.js";
 import { commandDone } from "./commands/command-done.js";
 import { commandFail } from "./commands/command-fail.js";
+import { commandClaim } from "./commands/command-claim.js";
 import { policyControls } from "./commands/policy-controls.js";
 import { policyAuditSubmit } from "./commands/policy-audit-submit.js";
 const [, , command, ...args] = process.argv;
@@ -35,6 +36,7 @@ const commands = {
     "check-in": checkIn,
     "command-done": commandDone,
     "command-fail": commandFail,
+    "command-claim": commandClaim,
     "policy-controls": policyControls,
     "policy-audit-submit": policyAuditSubmit,
 };
@@ -117,11 +119,14 @@ Usage:
                       results before calling add-relationship.
                       Options: --names <csv>  (required, e.g. "vercel,neon")
                                --json
-  nexarch check-in    Poll the command queue and claim the next pending command
-                      for this agent. Reads agent key from ~/.nexarch/identity.json
-                      (written by init-agent) or via --agent-key.
+  nexarch check-in    Preview pending application-target commands (no auto-claim).
+                      Scope is resolved server-side from active company context.
                       Options: --agent-key <key>   override stored agent key
-                               --project <key>     application entity key
+                               --json
+  nexarch command-claim
+                      Explicitly claim a pending command by ID.
+                      Options: --id <commandId>    (required)
+                               --agent-key <key>   override stored agent key
                                --json
   nexarch command-done
                       Mark a claimed command as completed.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexarch",
-  "version": "0.6.3",
+  "version": "0.6.5",
   "description": "Your architecture workspace for AI delivery.",
   "keywords": [
     "nexarch",