opensip-cli 0.1.0

package/dist/bootstrap/deliver-envelope.js

@@ -0,0 +1,195 @@
+// @fitness-ignore-file error-handling-quality -- best-effort cloud egress (ADR-0008): repo-identity detection and signal emission degrade silently (no git, network error). A cloud failure never blocks, slows, or fails the user's run.
+/**
+ * deliver-envelope — the composition root's signal-delivery step (ADR-0011,
+ * Phase 3).
+ *
+ * After a tool returns its {@link SignalEnvelope}, the root — not the tool —
+ * delivers it to the effectful sinks:
+ *
+ *   1. **Cloud sync (best-effort).** Map the envelope → `SignalBatch`
+ *      (`@opensip-cli/core` `buildSignalBatch`, adding repo identity and
+ *      preserving the envelope's `runId`/`createdAt`; dropping `verdict`/`units`
+ *      — the cloud wire shape stays `schemaVersion: 1`) and emit it through the
+ *      run's `scope.signalSink`. The sink is a no-op for the keyless / not-
+ *      entitled majority. NEVER throws, NEVER affects the exit code (ADR-0008).
+ *      Ships the envelope's signals as-is — **no SARIF detour** on this path.
+ *
+ *   2. **`--report-to` (owns exit code 4).** When `reportTo` is set, format the
+ *      envelope to SARIF via the single shared `formatSignalSarif` formatter and
+ *      POST it through the shared chunked transport (`postChunked`). An upload
+ *      failure exits `EXIT_CODES.REPORT_FAILED` (4) — but only when the run
+ *      otherwise passed; a real check/gate failure (`runFailed`) dominates and
+ *      is never masked by a reporting failure (ADR-0008).
+ *
+ * This is the seam that keeps tool engines free of `@opensip-cli/output`:
+ * engines return envelopes, and the composition root owns formatting,
+ * delivery, and report-upload exit-code policy.
+ */
+import { mkdir, writeFile } from 'node:fs/promises';
+import { dirname } from 'node:path';
+import { EXIT_CODES } from '@opensip-cli/contracts';
+import { buildSignalBatch, currentScope, logger as defaultLogger } from '@opensip-cli/core';
+import { formatSignalSarif, postChunked, resolveRepoIdentity, } from '@opensip-cli/output';
+const MODULE_TAG = 'cli:bootstrap';
+/**
+ * Map a {@link SignalEnvelope} to the cloud {@link SignalBatch} wire shape:
+ * add repo identity, preserve the run identity, drop `verdict`/`units`.
+ */
+export function envelopeToSignalBatch(envelope, repo) {
+    return buildSignalBatch({
+        tool: envelope.tool,
+        recipe: envelope.recipe,
+        repo,
+        signals: envelope.signals,
+        runId: envelope.runId,
+        createdAt: envelope.createdAt,
+    });
+}
+/**
+ * Best-effort cloud emit through the run's selected signal sink. Never throws.
+ *
+ * Best-effort ≠ silent: when the user CONFIGURED cloud sync (an active, non-noop
+ * sink) and the run had signals to ship but none were accepted, a one-line
+ * stderr notice says so — otherwise the user reasonably believes their signals
+ * shipped. The keyless / opted-out majority (no sink or the no-op sink) stays
+ * silent: there, nothing-shipped is exactly what they asked for. Exit code is
+ * never affected (ADR-0008).
+ */
+async function emitToCloud(envelope, repo, log) {
+    try {
+        const scope = currentScope();
+        if (!scope) {
+            log.warn({
+                evt: 'cli.deliver.no_scope',
+                module: MODULE_TAG,
+            });
+            return { accepted: 0, skippedReason: 'error' };
+        }
+        const sink = scope.signalSink;
+        // Behavioral discriminator, not identity: ANY no-op sink (a host's own
+        // included) means "the user asked for no delivery" → stay silent.
+        if (!sink || sink.noop === true)
+            return { accepted: 0 };
+        const batch = envelopeToSignalBatch(envelope, repo);
+        const result = await sink.emit(batch);
+        if (result.accepted > 0) {
+            const noun = result.accepted === 1 ? 'signal' : 'signals';
+            process.stderr.write(`✓ Sent ${result.accepted} ${noun} to OpenSIP Cloud\n`);
+            return { accepted: result.accepted };
+        }
+        if (batch.signals.length === 0)
+            return { accepted: 0 };
+        const skippedReason = result.skippedReason ?? 'error';
+        // Only surface a human stderr notice for transient upload errors.
+        // "unentitled" is a steady-state property of the key/plan (configure already
+        // warned the user, and local results are always unaffected per ADR-0008).
+        // The Deliver result still carries cloudSkippedReason for hosts/observability.
+        if (skippedReason === 'error') {
+            process.stderr.write(`opensip: cloud sync skipped — the upload failed (see the run log); ` +
+                `${batch.signals.length} signal(s) were NOT uploaded. ` +
+                `Local results are unaffected (silence this with --no-cloud).\n`);
+        }
+        return { accepted: 0, skippedReason };
+    }
+    catch (error) {
+        log.warn({
+            evt: 'cli.signal-egress.error',
+            module: MODULE_TAG,
+            error: error instanceof Error ? error.message : String(error),
+        });
+        return { accepted: 0, skippedReason: 'error' };
+    }
+}
+/** POST the envelope's SARIF to a `--report-to` receiver via the chunked transport. */
+async function reportSarif(envelope, url, apiKey, fetchImpl) {
+    const sarif = formatSignalSarif(envelope);
+    // The receiver accepts a SARIF body at `<url>/sarif`; one chunk (the whole
+    // SARIF log) — the envelope is already capped upstream.
+    const target = url.endsWith('/sarif') ? url : `${url}/sarif`;
+    return postChunked({
+        url: target,
+        apiKey,
+        chunks: [JSON.parse(sarif)],
+        idempotencyKeyFor: (i) => `${envelope.runId}:report:${i}`,
+        timeoutFor: () => Math.min(300_000, 60_000 + envelope.signals.length * 100),
+        policy: { maxAttempts: 3, overallDeadlineMs: 300_000, honorRetryAfter: true },
+        evtPrefix: 'cli.report',
+        fetchImpl,
+    });
+}
+/**
+ * The root's post-run signal-delivery step. Emits the envelope to the cloud
+ * sink (best-effort) and, when `--report-to` is set, uploads its SARIF
+ * (owning exit code 4). Never throws.
+ */
+export async function deliverEnvelope(envelope, opts) {
+    const log = opts.logger ?? defaultLogger;
+    const repo = opts.repo ?? resolveRepoIdentity(opts.cwd);
+    const scope = currentScope();
+    if (!scope) {
+        log.warn({
+            evt: 'cli.deliver.no_scope',
+            module: MODULE_TAG,
+        });
+    }
+    // Record delivery start on the scope diagnostics (if any) so the 'deliver' phase
+    // of the uniform lifecycle is visible in CommandOutcome for --json consumers.
+    // This improves observability of the root-owned egress path (architecture review).
+    void scope?.diagnostics.event('deliver', 'debug', `deliver start for ${envelope.tool}`, {
+        tool: envelope.tool,
+        recipe: envelope.recipe,
+        signalCount: envelope.signals.length,
+        reportTo: !!opts.reportTo,
+    });
+    // ADR-0035: the host owns the findings exit code. For a normal run it is a pure
+    // function of the run's single verdict — `envelope.verdict.passed` — so no tool
+    // computes its own exit; gate-compare overrides with its baseline-diff verdict.
+    // Set RUNTIME_ERROR first; the `--report-to` exit-4 below only applies when the
+    // run otherwise passed, so a real failure always dominates (last-write-wins).
+    const runFailed = opts.runFailed ?? !envelope.verdict.passed;
+    if (runFailed)
+        opts.setExitCode?.(EXIT_CODES.RUNTIME_ERROR);
+    const cloud = await emitToCloud(envelope, repo, log);
+    const cloudAccepted = cloud.accepted;
+    const cloudLeg = {
+        cloudAccepted,
+        ...(cloud.skippedReason === undefined ? {} : { cloudSkippedReason: cloud.skippedReason }),
+    };
+    const cloudSuffix = cloud.skippedReason ? ` (skipped:${cloud.skippedReason})` : '';
+    void scope?.diagnostics.event('deliver', 'debug', `cloud egress: accepted=${cloudAccepted}${cloudSuffix}`);
+    if (opts.reportTo === undefined || opts.reportTo.length === 0) {
+        return cloudLeg;
+    }
+    const result = await reportSarif(envelope, opts.reportTo, opts.apiKey, opts.fetchImpl);
+    const reportSuccess = result.outcome === 'ok';
+    if (!reportSuccess) {
+        process.stderr.write(`opensip: --report-to failed (${opts.reportTo}): ` +
+            `${result.errors.length > 0 ? result.errors.join('; ') : 'unknown error'}\n`);
+    }
+    // Exit-code contract (ADR-0008): a report-upload failure exits 4 — but only
+    // when the run otherwise passed; a real failure (`runFailed`, derived from the
+    // verdict above) dominates.
+    if (!reportSuccess && !runFailed) {
+        opts.setExitCode?.(EXIT_CODES.REPORT_FAILED);
+    }
+    void scope?.diagnostics.event('deliver', reportSuccess ? 'info' : 'warn', `report-to ${reportSuccess ? 'succeeded' : 'failed'}`, {
+        url: opts.reportTo,
+        success: reportSuccess,
+    });
+    return { ...cloudLeg, reportSuccess, reportUrl: opts.reportTo };
+}
+/**
+ * Root-owned SARIF-**file** sink (ADR-0011): format the envelope to SARIF via
+ * the single shared `formatSignalSarif` formatter and write the bytes to
+ * `path`, creating parent directories as needed. This is the seam behind
+ * `ToolCliContext.writeSarif` — a tool that exports SARIF to a file (e.g.
+ * `graph sarif-export`) routes through it instead of importing
+ * `@opensip-cli/output` itself. The formatter is pure; this function owns
+ * the effect (fs write).
+ */
+export async function writeEnvelopeSarif(envelope, path) {
+    const sarif = formatSignalSarif(envelope);
+    await mkdir(dirname(path), { recursive: true });
+    await writeFile(path, sarif);
+}
+//# sourceMappingURL=deliver-envelope.js.map

package/dist/bootstrap/deliver-envelope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deliver-envelope.js","sourceRoot":"","sources":["../../src/bootstrap/deliver-envelope.ts"],"names":[],"mappings":"AAAA,0OAA0O;AAC1O;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC5F,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAK7B,MAAM,UAAU,GAAG,eAAe,CAAC;AAkCnC;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAwB,EAAE,IAAkB;IAChF,OAAO,gBAAgB,CAAC;QACtB,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,IAAI;QACJ,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,SAAS,EAAE,QAAQ,CAAC,SAAS;KAC9B,CAAC,CAAC;AACL,CAAC;AAQD;;;;;;;;;GASG;AACH,KAAK,UAAU,WAAW,CACxB,QAAwB,EACxB,IAAkB,EAClB,GAAW;IAEX,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,YAAY,EAAE,CAAC;QAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,IAAI,CAAC;gBACP,GAAG,EAAE,sBAAsB;gBAC3B,MAAM,EAAE,UAAU;aACnB,CAAC,CAAC;YACH,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;QACjD,CAAC;QACD,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC;QAC9B,uEAAuE;QACvE,kEAAkE;QAClE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QACxD,MAAM,KAAK,GAAG,qBAAqB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,MAAM,CAAC,QAAQ,IAAI,IAAI,qBAAqB,CAAC,CAAC;YAC7E,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QACvD,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC;QACtD,kEAAkE;QAClE,6EAA6E;QAC7E,0EAA0E;QAC1E,+EAA+E;QAC/E,IAAI,aAAa,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qEAAqE;gBACnE,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,gCAAgC;gBACvD,gEAAgE,CACnE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC;IACxC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,IAAI,CAAC;YACP,GAAG,EAAE,yBAAyB;YAC9B,MAAM,EAAE,UAAU;YAClB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;QACH,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;IACjD,CAAC;AACH,CAAC;AAED,uFAAuF;AACvF,KAAK,UAAU,WAAW,CACxB,QAAwB,EACxB,GAAW,EACX,MAA0B,EAC1B,SAAmC;IAEnC,MAAM,KAAK,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC1C,2EAA2E;IAC3E,wDAAwD;IACxD,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,QAAQ,CAAC;IAC7D,OAAO,WAAW,CAAC;QACjB,GAAG,EAAE,MAAM;QACX,MAAM;QACN,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAY,CAAC;QACtC,iBAAiB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,QAAQ,CAAC,KAAK,WAAW,CAAC,EAAE;QACzD,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC;QAC3E,MAAM,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,iBAAiB,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE;QAC7E,SAAS,EAAE,YAAY;QACvB,SAAS;KACV,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAwB,EACxB,IAA4B;IAE5B,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,aAAa,CAAC;IACzC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAExD,MAAM,KAAK,GAAG,YAAY,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,IAAI,CAAC;YACP,GAAG,EAAE,sBAAsB;YAC3B,MAAM,EAAE,UAAU;SACnB,CAAC,CAAC;IACL,CAAC;IAED,iFAAiF;IACjF,8EAA8E;IAC9E,mFAAmF;IACnF,KAAK,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,qBAAqB,QAAQ,CAAC,IAAI,EAAE,EAAE;QACtF,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;QACpC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;KAC1B,CAAC,CAAC;IAEH,gFAAgF;IAChF,gFAAgF;IAChF,gFAAgF;IAChF,gFAAgF;IAChF,8EAA8E;IAC9E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7D,IAAI,SAAS;QAAE,IAAI,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IAE5D,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,CAAC;IACrC,MAAM,QAAQ,GAAG;QACf,aAAa;QACb,GAAG,CAAC,KAAK,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,kBAAkB,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC;KAC1F,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,KAAK,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACnF,KAAK,KAAK,EAAE,WAAW,CAAC,KAAK,CAC3B,SAAS,EACT,OAAO,EACP,0BAA0B,aAAa,GAAG,WAAW,EAAE,CACxD,CAAC;IAEF,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9D,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACvF,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,KAAK,IAAI,CAAC;IAC9C,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gCAAgC,IAAI,CAAC,QAAQ,KAAK;YAChD,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,eAAe,IAAI,CAC/E,CAAC;IACJ,CAAC;IACD,4EAA4E;IAC5E,+EAA+E;IAC/E,4BAA4B;IAC5B,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,KAAK,EAAE,WAAW,CAAC,KAAK,CAC3B,SAAS,EACT,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAC/B,aAAa,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,EAAE,EACrD;QACE,GAAG,EAAE,IAAI,CAAC,QAAQ;QAClB,OAAO,EAAE,aAAa;KACvB,CACF,CAAC;IAEF,OAAO,EAAE,GAAG,QAAQ,EAAE,aAAa,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;AAClE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,QAAwB,EAAE,IAAY;IAC7E,MAAM,KAAK,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAC/B,CAAC"}

package/dist/bootstrap/egress-plane.d.ts

@@ -0,0 +1,22 @@
+/**
+ * egress-plane — the host's effectful-egress plane
+ * (host-owned-run-timing Phase 6 §6.1).
+ *
+ * The composition root owns all outbound delivery (ADR-0011 / ADR-0008): cloud
+ * sync via the run's signal sink + `--report-to` SARIF upload, and the
+ * SARIF-file sink. Tools never import `@opensip-cli/output`; they call these two
+ * `ToolCliContext` seams, which delegate to the existing `deliver-envelope`
+ * implementation. Extracted from `buildToolCliContext` so the egress concern has
+ * its own narrow, testable home.
+ */
+import { type Logger, type ToolCliContext } from '@opensip-cli/core';
+/** Stable dependencies the egress plane captures. */
+export interface EgressPlaneDeps {
+    /** The single exit-code write path (from the output plane) — threaded into delivery. */
+    readonly setExitCode: (code: number) => void;
+    readonly logger?: Logger;
+}
+/** The egress plane's public surface (the two `ToolCliContext` egress seams). */
+export type EgressPlane = Pick<ToolCliContext, 'deliverSignals' | 'writeSarif'>;
+export declare function createEgressPlane(deps: EgressPlaneDeps): EgressPlane;
+//# sourceMappingURL=egress-plane.d.ts.map

package/dist/bootstrap/egress-plane.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"egress-plane.d.ts","sourceRoot":"","sources":["../../src/bootstrap/egress-plane.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAA2B,KAAK,MAAM,EAAE,KAAK,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAM9F,qDAAqD;AACrD,MAAM,WAAW,eAAe;IAC9B,wFAAwF;IACxF,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7C,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,iFAAiF;AACjF,MAAM,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,EAAE,gBAAgB,GAAG,YAAY,CAAC,CAAC;AAEhF,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,eAAe,GAAG,WAAW,CAuBpE"}

package/dist/bootstrap/egress-plane.js

@@ -0,0 +1,37 @@
+/**
+ * egress-plane — the host's effectful-egress plane
+ * (host-owned-run-timing Phase 6 §6.1).
+ *
+ * The composition root owns all outbound delivery (ADR-0011 / ADR-0008): cloud
+ * sync via the run's signal sink + `--report-to` SARIF upload, and the
+ * SARIF-file sink. Tools never import `@opensip-cli/output`; they call these two
+ * `ToolCliContext` seams, which delegate to the existing `deliver-envelope`
+ * implementation. Extracted from `buildToolCliContext` so the egress concern has
+ * its own narrow, testable home.
+ */
+import { logger as defaultLogger } from '@opensip-cli/core';
+import { deliverEnvelope, writeEnvelopeSarif } from './deliver-envelope.js';
+export function createEgressPlane(deps) {
+    const log = deps.logger ?? defaultLogger;
+    return {
+        // The root owns all effectful egress (ADR-0011 / ADR-0008): cloud sync via
+        // the run's signal sink + `--report-to` SARIF upload. Tools call this once
+        // per run; `setExitCode` is threaded so a `--report-to` failure on an
+        // otherwise-passing run can claim exit 4. The delivery result (what actually
+        // shipped / why a leg was skipped) flows back to the caller — the root has
+        // already printed any user-facing notice, so callers may ignore it.
+        deliverSignals: (envelope, deliverOpts) => deliverEnvelope(envelope, {
+            cwd: deliverOpts.cwd,
+            reportTo: deliverOpts.reportTo,
+            apiKey: deliverOpts.apiKey,
+            runFailed: deliverOpts.runFailed,
+            setExitCode: deps.setExitCode,
+            logger: log,
+        }),
+        // Root-owned SARIF-file sink (ADR-0011): the one place that formats an
+        // envelope to SARIF and writes it to disk, so tools that export SARIF to a
+        // file (e.g. `graph sarif-export`) never import `@opensip-cli/output`.
+        writeSarif: (envelope, path) => writeEnvelopeSarif(envelope, path),
+    };
+}
+//# sourceMappingURL=egress-plane.js.map

package/dist/bootstrap/egress-plane.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"egress-plane.js","sourceRoot":"","sources":["../../src/bootstrap/egress-plane.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,IAAI,aAAa,EAAoC,MAAM,mBAAmB,CAAC;AAE9F,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAc5E,MAAM,UAAU,iBAAiB,CAAC,IAAqB;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,aAAa,CAAC;IACzC,OAAO;QACL,2EAA2E;QAC3E,2EAA2E;QAC3E,sEAAsE;QACtE,6EAA6E;QAC7E,2EAA2E;QAC3E,oEAAoE;QACpE,cAAc,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,CACxC,eAAe,CAAC,QAA0B,EAAE;YAC1C,GAAG,EAAE,WAAW,CAAC,GAAG;YACpB,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,GAAG;SACZ,CAAC;QACJ,uEAAuE;QACvE,2EAA2E;QAC3E,uEAAuE;QACvE,UAAU,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,kBAAkB,CAAC,QAA0B,EAAE,IAAI,CAAC;KACrF,CAAC;AACJ,CAAC"}

package/dist/bootstrap/host-planes.d.ts

@@ -0,0 +1,28 @@
+/**
+ * host-planes — builder for the `hostPlanes` evolution bag on ToolCliContext.
+ *
+ * This wires the combined Host-Owned Governance, Entitlements, and Audit Plane.
+ * Storage is delegated to the existing toolState seam / ToolStateRepo (namespaced
+ * keys under the single host-owned `tool_state` table per ADR-0042).
+ *
+ * The builder is intentionally small and host-owned (cli package). Core only
+ * defines the shape in ToolCliContext.
+ *
+ * Real method bodies for governance/audit/entitlements land in subsequent phases.
+ * This phase only ensures the bag is constructed and attached so the type is
+ * satisfied and the surface exists for tools + host commands.
+ */
+import { type DataStore } from '@opensip-cli/datastore';
+import type { Logger, ToolCliContext } from '@opensip-cli/core';
+/**
+ * Build the hostPlanes bag.
+ *
+ * Real implementations for the three sub-planes. Storage uses namespaced keys
+ * over the existing host-owned `tool_state` table (via ToolStateRepo).
+ * See the governing spec and plan for key conventions and rationale.
+ */
+export declare function buildHostPlanes(opts: {
+    getDatastore: () => DataStore;
+    logger?: Logger;
+}): ToolCliContext['hostPlanes'];
+//# sourceMappingURL=host-planes.d.ts.map

package/dist/bootstrap/host-planes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"host-planes.d.ts","sourceRoot":"","sources":["../../src/bootstrap/host-planes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAiB,KAAK,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEvE,OAAO,KAAK,EAIV,MAAM,EACN,cAAc,EACf,MAAM,mBAAmB,CAAC;AAE3B;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE;IACpC,YAAY,EAAE,MAAM,SAAS,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,cAAc,CAAC,YAAY,CAAC,CAqI/B"}

package/dist/bootstrap/host-planes.js

@@ -0,0 +1,152 @@
+/**
+ * host-planes — builder for the `hostPlanes` evolution bag on ToolCliContext.
+ *
+ * This wires the combined Host-Owned Governance, Entitlements, and Audit Plane.
+ * Storage is delegated to the existing toolState seam / ToolStateRepo (namespaced
+ * keys under the single host-owned `tool_state` table per ADR-0042).
+ *
+ * The builder is intentionally small and host-owned (cli package). Core only
+ * defines the shape in ToolCliContext.
+ *
+ * Real method bodies for governance/audit/entitlements land in subsequent phases.
+ * This phase only ensures the bag is constructed and attached so the type is
+ * satisfied and the surface exists for tools + host commands.
+ */
+import { ToolStateRepo } from '@opensip-cli/datastore';
+/**
+ * Build the hostPlanes bag.
+ *
+ * Real implementations for the three sub-planes. Storage uses namespaced keys
+ * over the existing host-owned `tool_state` table (via ToolStateRepo).
+ * See the governing spec and plan for key conventions and rationale.
+ */
+export function buildHostPlanes(opts) {
+    const log = opts.logger;
+    let repo;
+    const getRepo = () => {
+        if (!repo) {
+            const ds = opts.getDatastore();
+            repo = new ToolStateRepo(ds);
+        }
+        return repo;
+    };
+    // Simple read-modify-write helpers for object blobs under a top-level key.
+    // For production audit volume we would chunk (see spec), but this satisfies
+    // the first-cut contract and respects the 256 KiB per-payload cap.
+    const readBlob = (toolId, key) => {
+        return getRepo().get(toolId, key);
+    };
+    const writeBlob = (toolId, key, value) => {
+        getRepo().put(toolId, key, value);
+    };
+    const governanceImpl = {
+        async getGovernanceState(toolId) {
+            await Promise.resolve();
+            return readBlob(toolId, 'governance');
+        },
+        async listForProject(_projectRoot) {
+            await Promise.resolve();
+            // First-cut: the host (or future Cloud) would index; here we return empty.
+            // Real listing can be added by scanning known tools or a meta index key.
+            return [];
+        },
+        async queryAudit(toolId, _filter) {
+            await Promise.resolve();
+            const entries = readBlob(toolId, 'audit') ?? [];
+            return entries;
+        },
+        async recordInstallation(toolId, record) {
+            const current = readBlob(toolId, 'governance') ?? {};
+            writeBlob(toolId, 'governance', {
+                ...current,
+                installed: true,
+                lastInstallation: record,
+                updatedAt: Date.now(),
+            });
+            if (log)
+                log.debug({ evt: 'cli.governance.install-recorded', tool: toolId });
+            await Promise.resolve();
+        },
+        async recordApprovalDecision(toolId, decision) {
+            const current = readBlob(toolId, 'governance') ?? {};
+            const approvals = current.approvals ?? [];
+            writeBlob(toolId, 'governance', {
+                ...current,
+                approvals: [...approvals, decision],
+                updatedAt: Date.now(),
+            });
+            await Promise.resolve();
+        },
+        async setBlock(toolId, blocked, reason) {
+            const current = readBlob(toolId, 'governance') ?? {};
+            writeBlob(toolId, 'governance', {
+                ...current,
+                blocked,
+                blockReason: reason,
+                updatedAt: Date.now(),
+            });
+            await Promise.resolve();
+        },
+        async checkAllowed(toolId, _action) {
+            await Promise.resolve();
+            const state = readBlob(toolId, 'governance') ?? {};
+            // Default allow for tools without explicit governance record (additive).
+            return !state.blocked;
+        },
+    };
+    const auditImpl = {
+        async append(toolId, entry) {
+            const current = readBlob(toolId, 'audit') ?? [];
+            const withTs = { ...entry, ts: Date.now() };
+            const next = [...current, withTs];
+            // Simple (no chunking yet). If over cap the underlying repo will throw
+            // ValidationError — matches the spec's "chunk if needed" escape hatch.
+            writeBlob(toolId, 'audit', next);
+            if (log)
+                log.debug({ evt: 'cli.audit.append', tool: toolId });
+            await Promise.resolve();
+        },
+        async query(toolId, _filter) {
+            await Promise.resolve();
+            return readBlob(toolId, 'audit') ?? [];
+        },
+        async exportForCloud(..._args) {
+            await Promise.resolve();
+            // Best-effort hook. Real Cloud sync will use existing deliverSignals
+            // or a dedicated path. For now just return the current log.
+            const entries = readBlob(_args[0] || '', 'audit') ?? [];
+            return { entries };
+        },
+    };
+    const entitlementsImpl = {
+        async check(toolId, _action) {
+            await Promise.resolve();
+            const state = readBlob(toolId, 'entitlements') ?? {};
+            // Default entitled for anything not explicitly recorded (GA additive).
+            if (!state || Object.keys(state).length === 0) {
+                return { entitled: true, source: 'default' };
+            }
+            return state;
+        },
+        async recordUsage(toolId, usage) {
+            const current = readBlob(toolId, 'entitlements') ?? {};
+            writeBlob(toolId, 'entitlements', {
+                ...current,
+                lastUsage: usage,
+                updatedAt: Date.now(),
+            });
+            await Promise.resolve();
+        },
+        async getLicenseState(toolId) {
+            await Promise.resolve();
+            const state = readBlob(toolId, 'entitlements') ?? {};
+            return state.license;
+        },
+    };
+    return {
+        governance: governanceImpl,
+        audit: auditImpl,
+        entitlements: entitlementsImpl,
+    };
+}
+//# sourceMappingURL=host-planes.js.map

package/dist/bootstrap/host-planes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"host-planes.js","sourceRoot":"","sources":["../../src/bootstrap/host-planes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,aAAa,EAAkB,MAAM,wBAAwB,CAAC;AAUvE;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,IAG/B;IACC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC;IACxB,IAAI,IAA+B,CAAC;IAEpC,MAAM,OAAO,GAAG,GAAkB,EAAE;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YAC/B,IAAI,GAAG,IAAI,aAAa,CAAC,EAAE,CAAC,CAAC;QAC/B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,2EAA2E;IAC3E,4EAA4E;IAC5E,mEAAmE;IACnE,MAAM,QAAQ,GAAG,CAAI,MAAc,EAAE,GAAW,EAAiB,EAAE;QACjE,OAAO,OAAO,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAkB,CAAC;IACrD,CAAC,CAAC;IACF,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,GAAW,EAAE,KAAc,EAAE,EAAE;QAChE,OAAO,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC,CAAC;IAEF,MAAM,cAAc,GAAmB;QACrC,KAAK,CAAC,kBAAkB,CAAC,MAAc;YACrC,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,QAAQ,CAA0B,MAAM,EAAE,YAAY,CAAC,CAAC;QACjE,CAAC;QACD,KAAK,CAAC,cAAc,CAAC,YAAoB;YACvC,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACxB,2EAA2E;YAC3E,yEAAyE;YACzE,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,MAAc,EAAE,OAAiB;YAChD,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,QAAQ,CAA4B,MAAM,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;YAC3E,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,KAAK,CAAC,kBAAkB,CAAC,MAAc,EAAE,MAAe;YACtD,MAAM,OAAO,GAAG,QAAQ,CAA0B,MAAM,EAAE,YAAY,CAAC,IAAI,EAAE,CAAC;YAC9E,SAAS,CAAC,MAAM,EAAE,YAAY,EAAE;gBAC9B,GAAG,OAAO;gBACV,SAAS,EAAE,IAAI;gBACf,gBAAgB,EAAE,MAAM;gBACxB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YACH,IAAI,GAAG;gBAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,iCAAiC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7E,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC,sBAAsB,CAAC,MAAc,EAAE,QAAiB;YAC5D,MAAM,OAAO,GAAG,QAAQ,CAA0B,MAAM,EAAE,YAAY,CAAC,IAAI,EAAE,CAAC;YAC9E,MAAM,SAAS,GAAI,OAAO,CAAC,SAAmC,IAAI,EAAE,CAAC;YACrE,SAAS,CAAC,MAAM,EAAE,YAAY,EAAE;gBAC9B,GAAG,OAAO;gBACV,SAAS,EAAE,CAAC,GAAG,SAAS,EAAE,QAAQ,CAAC;gBACnC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YACH,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC,QAAQ,CAAC,MAAc,EAAE,OAAgB,EAAE,MAAe;YAC9D,MAAM,OAAO,GAAG,QAAQ,CAA0B,MAAM,EAAE,YAAY,CAAC,IAAI,EAAE,CAAC;YAC9E,SAAS,CAAC,MAAM,EAAE,YAAY,EAAE;gBAC9B,GAAG,OAAO;gBACV,OAAO;gBACP,WAAW,EAAE,MAAM;gBACnB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YACH,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,OAAgB;YACjD,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,QAAQ,CAA0B,MAAM,EAAE,YAAY,CAAC,IAAI,EAAE,CAAC;YAC5E,yEAAyE;YACzE,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC;QACxB,CAAC;KACF,CAAC;IAEF,MAAM,SAAS,GAAc;QAC3B,KAAK,CAAC,MAAM,CAAC,MAAc,EAAE,KAAc;YACzC,MAAM,OAAO,GAA8B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;YAC3E,MAAM,MAAM,GAAG,EAAE,GAAI,KAAiC,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACzE,MAAM,IAAI,GAAG,CAAC,GAAG,OAAO,EAAE,MAAM,CAAC,CAAC;YAClC,uEAAuE;YACvE,uEAAuE;YACvE,SAAS,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;YACjC,IAAI,GAAG;gBAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC9D,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC,KAAK,CAAC,MAAc,EAAE,OAAiB;YAC3C,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,QAAQ,CAA4B,MAAM,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;QACpE,CAAC;QACD,KAAK,CAAC,cAAc,CAAC,GAAG,KAAgB;YACtC,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACxB,qEAAqE;YACrE,4DAA4D;YAC5D,MAAM,OAAO,GACX,QAAQ,CAA6B,KAAK,CAAC,CAAC,CAAY,IAAI,EAAE,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;YACjF,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC;KACF,CAAC;IAEF,MAAM,gBAAgB,GAAqB;QACzC,KAAK,CAAC,KAAK,CAAC,MAAc,EAAE,OAAgB;YAC1C,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,QAAQ,CAA0B,MAAM,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;YAC9E,uEAAuE;YACvE,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC9C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;YAC/C,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,KAAc;YAC9C,MAAM,OAAO,GAAG,QAAQ,CAA0B,MAAM,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;YAChF,SAAS,CAAC,MAAM,EAAE,cAAc,EAAE;gBAChC,GAAG,OAAO;gBACV,SAAS,EAAE,KAAK;gBAChB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YACH,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC,eAAe,CAAC,MAAc;YAClC,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,QAAQ,CAA0B,MAAM,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC;YAC9E,OAAO,KAAK,CAAC,OAA8C,CAAC;QAC9D,CAAC;KACF,CAAC;IAEF,OAAO;QACL,UAAU,EAAE,cAAc;QAC1B,KAAK,EAAE,SAAS;QAChB,YAAY,EAAE,gBAAgB;KAC/B,CAAC;AACJ,CAAC"}

package/dist/bootstrap/index.d.ts

@@ -0,0 +1,76 @@
+/**
+ * bootstrap — performs the one-time (per-process) STARTUP phase registrations
+ * (language adapters + tool admission via the uniform dynamic path) and
+ * returns the populated registries + provenance/manifests to the composition
+ * root.
+ *
+ * The full 10-step canonical lifecycle (including the PER-RUN steps that
+ * happen later in the preAction hook) is documented in `tool-lifecycle.ts`.
+ * This module owns steps 1-4 (discover/compat/trust/import for bundled +
+ * installed + authored) plus the mount seam re-export.
+ *
+ * See tool-lifecycle.ts for the ordered steps and phase split.
+ */
+import { type LanguageRegistry, type ToolPluginManifest, type ToolProvenance, type ToolRegistry } from '@opensip-cli/core';
+export { mountAllToolCommands, EXPECTED_SCAFFOLDING_TOOL_IDS } from './register-tools.js';
+export { admitToolPackage, importToolRuntime, type AdmissionReport, type AdmissionSection, type AdmissionSectionResult, type AdmitToolPackageOptions, } from './admit-tool-package.js';
+export { mountToolCommands } from './tool-lifecycle.js';
+export { renderResult } from './render.js';
+export { maybeOpenReport } from './report.js';
+export { installPreActionHook } from './pre-action-hook.js';
+export { buildCommandRegistrationInput } from './build-command-registration-input.js';
+export { buildHostPlanes } from './host-planes.js';
+export interface BootstrapOptions {
+    readonly langRegistry: LanguageRegistry;
+    readonly toolRegistry: ToolRegistry;
+    /**
+     * The CLI's own install directory. Anchors discovery of graph adapters
+     * and of tools installed as siblings of a global `opensip-cli`.
+     */
+    readonly projectDir: string;
+    /**
+     * The user's working directory (process.cwd()). Anchors project-local
+     * and user-global tool discovery (a plain `npm install @tool`, the
+     * project's `.runtime/plugins/tool`, and `~/.opensip-cli/plugins/tool`).
+     */
+    readonly cwd: string;
+    /**
+     * `import.meta.url` of the CLI entry. Used to init telemetry as early as
+     * possible (reads the CLI package version for the `service.version` resource
+     * attribute). Telemetry init is a no-op unless `OTEL_EXPORTER_OTLP_ENDPOINT`
+     * is set, so this is inert for standalone runs.
+     */
+    readonly cliEntryUrl: string;
+}
+/**
+ * One-shot bootstrap: register language adapters, register the first-
+ * party tools, and discover-and-register every third-party tool +
+ * @opensip-cli/graph-* adapter pack. Datastore is NOT opened here —
+ * it's a lazy getter on ToolCliContext (cli-context.ts), so dry-runs
+ * and error paths that never read `cli.datastore` don't materialise
+ * `.runtime/datastore.sqlite`.
+ *
+ * Graph adapter discovery runs BEFORE `mountAllToolCommands`: the
+ * graph tool's `register()` method assumes adapters are already
+ * available so its lang-adapter registry isn't empty when the first
+ * `pickAdapter()` lands during a real run. PR 1a of plan
+ * docs/plans/architecture/2026-05-23-plan-graph-adapter-package-split.md.
+ */
+export declare function bootstrapCli(opts: BootstrapOptions): Promise<BootstrapResult>;
+/** What {@link bootstrapCli} hands back to the composition root. */
+export interface BootstrapResult {
+    /**
+     * Provenance for every tool admitted through the compatibility gate
+     * (bundled + installed), in registration order. Reachable by `plugin
+     * list` (Phase 4) via the cli-context per-run holder.
+     */
+    readonly provenance: readonly ToolProvenance[];
+    /**
+     * Manifests for every tool admitted through the compatibility gate
+     * (bundled + installed), in registration order. The composition root
+     * seeds the per-run capability registry from these (§5.3) via the
+     * cli-context per-run holder.
+     */
+    readonly manifests: readonly ToolPluginManifest[];
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/bootstrap/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/bootstrap/index.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAIL,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,mBAAmB,CAAC;AAkB3B,OAAO,EAAE,oBAAoB,EAAE,6BAA6B,EAAE,MAAM,qBAAqB,CAAC;AAI1F,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,6BAA6B,EAAE,MAAM,uCAAuC,CAAC;AACtF,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEnD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,YAAY,EAAE,gBAAgB,CAAC;IACxC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC;;;OAGG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B;;;;OAIG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;;;;OAKG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAyEnF;AAED,oEAAoE;AACpE,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,QAAQ,CAAC,UAAU,EAAE,SAAS,cAAc,EAAE,CAAC;IAC/C;;;;;OAKG;IACH,QAAQ,CAAC,SAAS,EAAE,SAAS,kBAAkB,EAAE,CAAC;CACnD"}