opensip-cli 0.1.8 → 0.1.9

package/dist/bootstrap/owning-tool-init.d.ts

@@ -6,7 +6,7 @@
  * per-invocation SEQUENCER; the owning-tool resolution + fail-fast init
  * semantics live here as a cohesive unit (see also `tool-lifecycle.ts`).
  */
-import { type Tool, type ToolRegistry } from '@opensip-cli/core';
+import { type Tool, type ToolProvenance, type ToolRegistry } from '@opensip-cli/core';
 /**
  * Find the registered tool that owns the invoked subcommand, matching the
  * descriptor's canonical name or any alias. Returns undefined for
@@ -25,8 +25,14 @@ export declare function resolveOwningTool(tools: ToolRegistry, cmdName: string):
  * id is recorded only on success, so a transient failure can retry in a
  * long-lived host.
  *
+ * ADR-0054 M4-F: the host does NOT run an EXTERNAL owning tool's `initialize()`
+ * (executing untrusted runtime in the kernel is the load-time hole the ADR
+ * rejects). An external command dispatches to the worker (`maybeDispatchExternal`),
+ * and the worker entry runs the dispatched tool's `initialize()` there (the
+ * isolation boundary). Bundled owning tools initialize in-host exactly as before.
+ *
  * @throws {BootstrapError} (exit 1) when the owning tool's initialize() throws —
  *   the top-level boundary renders it (human stderr / structured `--json`).
  */
-export declare function maybeInitializeOwningTool(tools: ToolRegistry, cmdName: string, runId: string): Promise<void>;
+export declare function maybeInitializeOwningTool(tools: ToolRegistry, cmdName: string, runId: string, provenance?: readonly ToolProvenance[]): Promise<void>;
 //# sourceMappingURL=owning-tool-init.d.ts.map

package/dist/bootstrap/owning-tool-init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"owning-tool-init.d.ts","sourceRoot":"","sources":["../../src/bootstrap/owning-tool-init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAIL,KAAK,IAAI,EACT,KAAK,YAAY,EAClB,MAAM,mBAAmB,CAAC;AAO3B;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAQxF;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,YAAY,EACnB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CA6Bf"}
+{"version":3,"file":"owning-tool-init.d.ts","sourceRoot":"","sources":["../../src/bootstrap/owning-tool-init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAIL,KAAK,IAAI,EACT,KAAK,cAAc,EACnB,KAAK,YAAY,EAClB,MAAM,mBAAmB,CAAC;AAQ3B;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAQxF;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,YAAY,EACnB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,UAAU,GAAE,SAAS,cAAc,EAAO,GACzC,OAAO,CAAC,IAAI,CAAC,CA+Bf"}

package/dist/bootstrap/owning-tool-init.js

@@ -9,6 +9,7 @@
 import { logger, resolveToolCommands, resolveToolHooks, } from '@opensip-cli/core';
 import { BootstrapError } from './bootstrap-error.js';
 import { initializedToolIds } from './process-idempotency.js';
+import { shouldRunHookInHost } from './tool-provenance.js';
 const MODULE_TAG = 'cli:bootstrap';
 /**
  * Find the registered tool that owns the invoked subcommand, matching the
@@ -32,13 +33,22 @@ export function resolveOwningTool(tools, cmdName) {
  * id is recorded only on success, so a transient failure can retry in a
  * long-lived host.
  *
+ * ADR-0054 M4-F: the host does NOT run an EXTERNAL owning tool's `initialize()`
+ * (executing untrusted runtime in the kernel is the load-time hole the ADR
+ * rejects). An external command dispatches to the worker (`maybeDispatchExternal`),
+ * and the worker entry runs the dispatched tool's `initialize()` there (the
+ * isolation boundary). Bundled owning tools initialize in-host exactly as before.
+ *
  * @throws {BootstrapError} (exit 1) when the owning tool's initialize() throws —
  *   the top-level boundary renders it (human stderr / structured `--json`).
  */
-export async function maybeInitializeOwningTool(tools, cmdName, runId) {
+export async function maybeInitializeOwningTool(tools, cmdName, runId, provenance = []) {
     const owningTool = resolveOwningTool(tools, cmdName);
     if (!owningTool)
         return;
+    // M4-F: skip an external owning tool host-side — its initialize runs worker-side.
+    if (!shouldRunHookInHost(owningTool, provenance))
+        return;
     const hooks = resolveToolHooks(owningTool);
     if (!hooks.initialize)
         return;

package/dist/bootstrap/owning-tool-init.js.map

@@ -1 +1 @@
-{"version":3,"file":"owning-tool-init.js","sourceRoot":"","sources":["../../src/bootstrap/owning-tool-init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,MAAM,EACN,mBAAmB,EACnB,gBAAgB,GAGjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAE9D,MAAM,UAAU,GAAG,eAAe,CAAC;AAEnC;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAmB,EAAE,OAAe;IACpE,OAAO,KAAK;SACT,IAAI,EAAE;SACN,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACb,mBAAmB,CAAC,IAAI,CAAC,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,CACrE,CACF,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,KAAmB,EACnB,OAAe,EACf,KAAa;IAEb,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU;QAAE,OAAO;IACxB,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,CAAC,UAAU;QAAE,OAAO;IAC9B,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;IACvE,IAAI,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC;QAAE,OAAO;IAChD,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC;QACzB,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,CAAC,KAAK,CAAC;YACX,GAAG,EAAE,4BAA4B;YACjC,MAAM,EAAE,UAAU;YAClB,KAAK;YACL,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,EAAE,6BAA6B;YAC7D,QAAQ,EAAE,WAAW;YACrB,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;QACH,wEAAwE;QACxE,wEAAwE;QACxE,MAAM,IAAI,cAAc,CAAC;YACvB,OAAO,EAAE,SAAS,WAAW,2BAA2B,GAAG,EAAE;YAC7D,YAAY,EAAE,WAAW,WAAW,2BAA2B,GAAG,EAAE;YACpE,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
+{"version":3,"file":"owning-tool-init.js","sourceRoot":"","sources":["../../src/bootstrap/owning-tool-init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,MAAM,EACN,mBAAmB,EACnB,gBAAgB,GAIjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAE3D,MAAM,UAAU,GAAG,eAAe,CAAC;AAEnC;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAmB,EAAE,OAAe;IACpE,OAAO,KAAK;SACT,IAAI,EAAE;SACN,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACb,mBAAmB,CAAC,IAAI,CAAC,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,CACrE,CACF,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,KAAmB,EACnB,OAAe,EACf,KAAa,EACb,aAAwC,EAAE;IAE1C,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU;QAAE,OAAO;IACxB,kFAAkF;IAClF,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,UAAU,CAAC;QAAE,OAAO;IACzD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,CAAC,UAAU;QAAE,OAAO;IAC9B,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;IACvE,IAAI,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC;QAAE,OAAO;IAChD,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC;QACzB,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,CAAC,KAAK,CAAC;YACX,GAAG,EAAE,4BAA4B;YACjC,MAAM,EAAE,UAAU;YAClB,KAAK;YACL,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,EAAE,6BAA6B;YAC7D,QAAQ,EAAE,WAAW;YACrB,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;QACH,wEAAwE;QACxE,wEAAwE;QACxE,MAAM,IAAI,cAAc,CAAC;YACvB,OAAO,EAAE,SAAS,WAAW,2BAA2B,GAAG,EAAE;YAC7D,YAAY,EAAE,WAAW,WAAW,2BAA2B,GAAG,EAAE;YACpE,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/bootstrap/register-authored-tools.d.ts

@@ -0,0 +1,49 @@
+/**
+ * register-authored-tools — admission + discovery for AUTHORED Tool sidecars
+ * (project-local + user-global), extracted from register-tools-discovery.ts so
+ * the installed-package discovery path stays a focused module under the
+ * file-length soft limit.
+ *
+ * Authored tools are authored CONTENT (a JSON sidecar, not an installed npm
+ * package): project-local is deny-by-default (allowlisted via
+ * `OPENSIP_CLI_ALLOW_PROJECT_TOOLS`), user-global is trusted-by-default. Both are
+ * EXTERNAL provenance, so ADR-0054 M4-G applies: in the HOST the registration
+ * registers a manifest-derived synthetic `Tool` (no runtime import); the dispatch
+ * WORKER (`OPENSIP_CLI_IN_TOOL_WORKER=1`) imports the real runtime.
+ */
+import { type ToolPluginManifest, type ToolProvenance, type ToolRegistry } from '@opensip-cli/core';
+import type { ToolAdmission } from './tool-admission-types.js';
+export type AuthoredAdmission = ToolAdmission;
+/**
+ * Admit or reject a PROJECT-LOCAL authored tool under the deny-by-default trust
+ * policy. The trust decision always precedes module import; a non-allowlisted
+ * tool fails closed before any authored code can run.
+ *
+ * @throws {PluginIncompatibleError} When the sidecar manifest is missing,
+ * malformed, incompatible, or not trusted by the project-tool allowlist.
+ */
+export declare function admitProjectLocalTool(args: {
+    readonly dir: string;
+    readonly env?: NodeJS.ProcessEnv;
+}): AuthoredAdmission;
+/**
+ * Admit a USER-GLOBAL authored tool — trusted-by-default because the user placed
+ * it in their own home-dir tool host, but still fail-closed on a missing or
+ * incompatible manifest.
+ */
+export declare function admitUserGlobalTool(args: {
+    readonly dir: string;
+}): AuthoredAdmission;
+/**
+ * Discover + admit + register AUTHORED Tool sidecars from the two authored
+ * roots. ADR-0054 M4-G: authored tools are always EXTERNAL provenance, so the
+ * HOST registers a manifest-derived synthetic Tool (no runtime import); the
+ * dispatch WORKER (`OPENSIP_CLI_IN_TOOL_WORKER=1`) imports the real runtime via
+ * the shared `importToolRuntime` seam.
+ */
+export declare function discoverAndRegisterAuthoredTools(registry: ToolRegistry, opts: {
+    readonly projectAuthoredDir?: string;
+    readonly globalAuthoredDir: string;
+    readonly env?: NodeJS.ProcessEnv;
+}, builtInIds: ReadonlySet<string>, provenance?: ToolProvenance[], manifests?: ToolPluginManifest[]): Promise<void>;
+//# sourceMappingURL=register-authored-tools.d.ts.map

package/dist/bootstrap/register-authored-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register-authored-tools.d.ts","sourceRoot":"","sources":["../../src/bootstrap/register-authored-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAOL,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,YAAY,EAElB,MAAM,mBAAmB,CAAC;AAO3B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE/D,MAAM,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAsC9C;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE;IAC1C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CAClC,GAAG,iBAAiB,CAgBpB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE;IAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,iBAAiB,CAErF;AAED;;;;;;GAMG;AACH,wBAAsB,gCAAgC,CACpD,QAAQ,EAAE,YAAY,EACtB,IAAI,EAAE;IACJ,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CAClC,EACD,UAAU,EAAE,WAAW,CAAC,MAAM,CAAC,EAC/B,UAAU,GAAE,cAAc,EAAO,EACjC,SAAS,GAAE,kBAAkB,EAAO,GACnC,OAAO,CAAC,IAAI,CAAC,CA0Bf"}

package/dist/bootstrap/register-authored-tools.js

@@ -0,0 +1,132 @@
+/**
+ * register-authored-tools — admission + discovery for AUTHORED Tool sidecars
+ * (project-local + user-global), extracted from register-tools-discovery.ts so
+ * the installed-package discovery path stays a focused module under the
+ * file-length soft limit.
+ *
+ * Authored tools are authored CONTENT (a JSON sidecar, not an installed npm
+ * package): project-local is deny-by-default (allowlisted via
+ * `OPENSIP_CLI_ALLOW_PROJECT_TOOLS`), user-global is trusted-by-default. Both are
+ * EXTERNAL provenance, so ADR-0054 M4-G applies: in the HOST the registration
+ * registers a manifest-derived synthetic `Tool` (no runtime import); the dispatch
+ * WORKER (`OPENSIP_CLI_IN_TOOL_WORKER=1`) imports the real runtime.
+ */
+import { admitTool, assertManifestMatchesTool, discoverAuthoredToolSidecars, loadToolManifest, PluginIncompatibleError, PROJECT_LOCAL_MANIFEST_FILE, } from '@opensip-cli/core';
+import { importToolRuntime, workerRuntimeImportPolicyFor } from './admit-tool-package.js';
+import { synthesizeExternalTool } from './synthesize-external-tool.js';
+import { isHostRuntimeImportForbidden } from './tool-provenance.js';
+import { isProjectLocalToolTrusted } from './tool-trust.js';
+/**
+ * The shared admission tail for both authored sources. When `preloadedManifest`
+ * is supplied we use that snapshot so the trust decision and compatibility gate
+ * see the identical declaration.
+ *
+ * @throws {PluginIncompatibleError} When the sidecar manifest is missing,
+ * malformed, or rejected by the compatibility gate.
+ */
+function admitAuthoredTool(source, dir, preloadedManifest) {
+    const rawManifest = preloadedManifest ?? loadToolManifest(source, dir);
+    if (rawManifest === undefined) {
+        throw new PluginIncompatibleError(`${source} tool at '${dir}' has no conformant ${PROJECT_LOCAL_MANIFEST_FILE} sidecar`, { diagnostic: 'manifest missing or malformed' });
+    }
+    const result = admitTool({
+        manifest: rawManifest,
+        source,
+        dir,
+        explicitlyRequested: true,
+    });
+    if (result.decision !== 'admit') {
+        throw new PluginIncompatibleError(`${source} tool '${rawManifest.id}' is incompatible: ${result.diagnostic ?? 'compatibility gate rejected it'}`, { diagnostic: result.diagnostic });
+    }
+    return { provenance: result.provenance, manifest: result.manifest };
+}
+/**
+ * Admit or reject a PROJECT-LOCAL authored tool under the deny-by-default trust
+ * policy. The trust decision always precedes module import; a non-allowlisted
+ * tool fails closed before any authored code can run.
+ *
+ * @throws {PluginIncompatibleError} When the sidecar manifest is missing,
+ * malformed, incompatible, or not trusted by the project-tool allowlist.
+ */
+export function admitProjectLocalTool(args) {
+    const manifest = loadToolManifest('project-local', args.dir);
+    if (manifest === undefined) {
+        throw new PluginIncompatibleError(`project-local tool at '${args.dir}' has no conformant ${PROJECT_LOCAL_MANIFEST_FILE} sidecar`, { diagnostic: 'manifest missing or malformed' });
+    }
+    if (!isProjectLocalToolTrusted(manifest.id, args.env)) {
+        throw new PluginIncompatibleError(`project-local tool '${manifest.id}' is not trusted to load (deny-by-default). ` +
+            `Allowlist it via OPENSIP_CLI_ALLOW_PROJECT_TOOLS='${manifest.id}' to admit it.`, { diagnostic: 'project-local tool not allowlisted (deny-by-default)' });
+    }
+    return admitAuthoredTool('project-local', args.dir, manifest);
+}
+/**
+ * Admit a USER-GLOBAL authored tool — trusted-by-default because the user placed
+ * it in their own home-dir tool host, but still fail-closed on a missing or
+ * incompatible manifest.
+ */
+export function admitUserGlobalTool(args) {
+    return admitAuthoredTool('user-global', args.dir);
+}
+/**
+ * Discover + admit + register AUTHORED Tool sidecars from the two authored
+ * roots. ADR-0054 M4-G: authored tools are always EXTERNAL provenance, so the
+ * HOST registers a manifest-derived synthetic Tool (no runtime import); the
+ * dispatch WORKER (`OPENSIP_CLI_IN_TOOL_WORKER=1`) imports the real runtime via
+ * the shared `importToolRuntime` seam.
+ */
+export async function discoverAndRegisterAuthoredTools(registry, opts, builtInIds, provenance = [], manifests = []) {
+    const env = opts.env ?? process.env;
+    for (const candidate of discoverAuthoredToolSidecars(opts.globalAuthoredDir)) {
+        await admitAndRegisterAuthored({
+            registry,
+            admission: admitUserGlobalTool({ dir: candidate.dir }),
+            dir: candidate.dir,
+            builtInIds,
+            provenance,
+            manifests,
+            env,
+        });
+    }
+    if (opts.projectAuthoredDir !== undefined) {
+        for (const candidate of discoverAuthoredToolSidecars(opts.projectAuthoredDir)) {
+            await admitAndRegisterAuthored({
+                registry,
+                admission: admitProjectLocalTool({ dir: candidate.dir, env: opts.env }),
+                dir: candidate.dir,
+                builtInIds,
+                provenance,
+                manifests,
+                env,
+            });
+        }
+    }
+}
+/** @throws {PluginIncompatibleError} When the authored tool runtime fails to load. */
+async function admitAndRegisterAuthored(args) {
+    const { registry, admission, dir, builtInIds, provenance, manifests, env } = args;
+    const { provenance: prov, manifest } = admission;
+    if (builtInIds.has(prov.id))
+        return;
+    // ADR-0054 M4-G (capstone): authored tools are EXTERNAL. In the HOST, register
+    // a manifest-derived synthetic Tool — never import the untrusted runtime. The
+    // dispatch WORKER imports the real runtime (the isolation boundary). The trust
+    // gate already ran in `admitProjectLocalTool` (deny-by-default), so a
+    // non-allowlisted tool never reaches here.
+    if (isHostRuntimeImportForbidden(env)) {
+        const tool = synthesizeExternalTool(manifest);
+        registry.register(tool);
+        provenance.push(prov);
+        manifests.push(manifest);
+        return;
+    }
+    const load = await importToolRuntime(dir, workerRuntimeImportPolicyFor(prov.source));
+    if (!load.ok) {
+        const detailSuffix = load.detail ? `: ${load.detail}` : '';
+        throw new PluginIncompatibleError(`${prov.source} tool '${prov.id}' failed to load via the plugin path (${load.reason}${detailSuffix})`, { diagnostic: `authored tool runtime load failed: ${load.reason}` });
+    }
+    assertManifestMatchesTool(manifest, load.tool);
+    registry.register(load.tool);
+    provenance.push(prov);
+    manifests.push(manifest);
+}
+//# sourceMappingURL=register-authored-tools.js.map

package/dist/bootstrap/register-authored-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"register-authored-tools.js","sourceRoot":"","sources":["../../src/bootstrap/register-authored-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EACL,SAAS,EACT,yBAAyB,EACzB,4BAA4B,EAC5B,gBAAgB,EAChB,uBAAuB,EACvB,2BAA2B,GAK5B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,MAAM,yBAAyB,CAAC;AAC1F,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,sBAAsB,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAM5D;;;;;;;GAOG;AACH,SAAS,iBAAiB,CACxB,MAAkB,EAClB,GAAW,EACX,iBAAuD;IAEvD,MAAM,WAAW,GAAG,iBAAiB,IAAI,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvE,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,uBAAuB,CAC/B,GAAG,MAAM,aAAa,GAAG,uBAAuB,2BAA2B,UAAU,EACrF,EAAE,UAAU,EAAE,+BAA+B,EAAE,CAChD,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC;QACvB,QAAQ,EAAE,WAAW;QACrB,MAAM;QACN,GAAG;QACH,mBAAmB,EAAE,IAAI;KAC1B,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,MAAM,IAAI,uBAAuB,CAC/B,GAAG,MAAM,UAAU,WAAW,CAAC,EAAE,sBAAsB,MAAM,CAAC,UAAU,IAAI,gCAAgC,EAAE,EAC9G,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAClC,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;AACtE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAGrC;IACC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,uBAAuB,CAC/B,0BAA0B,IAAI,CAAC,GAAG,uBAAuB,2BAA2B,UAAU,EAC9F,EAAE,UAAU,EAAE,+BAA+B,EAAE,CAChD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,uBAAuB,CAC/B,uBAAuB,QAAQ,CAAC,EAAE,8CAA8C;YAC9E,qDAAqD,QAAQ,CAAC,EAAE,gBAAgB,EAClF,EAAE,UAAU,EAAE,sDAAsD,EAAE,CACvE,CAAC;IACJ,CAAC;IACD,OAAO,iBAAiB,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAA8B;IAChE,OAAO,iBAAiB,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,QAAsB,EACtB,IAIC,EACD,UAA+B,EAC/B,aAA+B,EAAE,EACjC,YAAkC,EAAE;IAEpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,KAAK,MAAM,SAAS,IAAI,4BAA4B,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC7E,MAAM,wBAAwB,CAAC;YAC7B,QAAQ;YACR,SAAS,EAAE,mBAAmB,CAAC,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,CAAC;YACtD,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,UAAU;YACV,UAAU;YACV,SAAS;YACT,GAAG;SACJ,CAAC,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC1C,KAAK,MAAM,SAAS,IAAI,4BAA4B,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC9E,MAAM,wBAAwB,CAAC;gBAC7B,QAAQ;gBACR,SAAS,EAAE,qBAAqB,CAAC,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvE,GAAG,EAAE,SAAS,CAAC,GAAG;gBAClB,UAAU;gBACV,UAAU;gBACV,SAAS;gBACT,GAAG;aACJ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAYD,sFAAsF;AACtF,KAAK,UAAU,wBAAwB,CAAC,IAA0B;IAChE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAClF,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IACjD,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO;IAEpC,+EAA+E;IAC/E,8EAA8E;IAC9E,+EAA+E;IAC/E,sEAAsE;IACtE,2CAA2C;IAC3C,IAAI,4BAA4B,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;QAC9C,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IACrF,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,uBAAuB,CAC/B,GAAG,IAAI,CAAC,MAAM,UAAU,IAAI,CAAC,EAAE,yCAAyC,IAAI,CAAC,MAAM,GAAG,YAAY,GAAG,EACrG,EAAE,UAAU,EAAE,sCAAsC,IAAI,CAAC,MAAM,EAAE,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,yBAAyB,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAE/C,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtB,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC"}

package/dist/bootstrap/register-tools-discovery.d.ts

@@ -6,28 +6,6 @@
  */
 import { type ToolPluginManifest, type ToolProvenance, type ToolRegistry, type ToolDiscoverySource } from '@opensip-cli/core';
 import { type ToolRuntimeLoad } from './admit-tool-package.js';
-import type { ToolAdmission } from './tool-admission-types.js';
-export type AuthoredAdmission = ToolAdmission;
-/**
- * Admit or reject a PROJECT-LOCAL authored tool under the deny-by-default trust
- * policy. The trust decision always precedes module import; a non-allowlisted
- * tool fails closed before any authored code can run.
- *
- * @throws {PluginIncompatibleError} When the sidecar manifest is missing,
- * malformed, incompatible, or not trusted by the project-tool allowlist.
- */
-export declare function admitProjectLocalTool(args: {
-    readonly dir: string;
-    readonly env?: NodeJS.ProcessEnv;
-}): AuthoredAdmission;
-/**
- * Admit a USER-GLOBAL authored tool — trusted-by-default because the user placed
- * it in their own home-dir tool host, but still fail-closed on a missing or
- * incompatible manifest.
- */
-export declare function admitUserGlobalTool(args: {
-    readonly dir: string;
-}): AuthoredAdmission;
 /**
  * Emit the best-effort stderr line + structured warning for a discovered
  * INSTALLED tool whose runtime failed to load. Each failure reason maps to its
@@ -65,14 +43,4 @@ export interface DiscoveryOptions {
  */
 export declare function buildToolDiscoverySources(cwd: string, cliInstallDir: string): ToolDiscoverySource[];
 export declare function discoverAndRegisterToolPackages(registry: ToolRegistry, opts: DiscoveryOptions, builtInIds: ReadonlySet<string>, provenance?: ToolProvenance[], manifests?: ToolPluginManifest[]): Promise<void>;
-/**
- * Discover + admit + register AUTHORED Tool sidecars from the two authored
- * roots, then dynamic-import each admitted runtime through the shared
- * `importToolRuntime` seam.
- */
-export declare function discoverAndRegisterAuthoredTools(registry: ToolRegistry, opts: {
-    readonly projectAuthoredDir?: string;
-    readonly globalAuthoredDir: string;
-    readonly env?: NodeJS.ProcessEnv;
-}, builtInIds: ReadonlySet<string>, provenance?: ToolProvenance[], manifests?: ToolPluginManifest[]): Promise<void>;
 //# sourceMappingURL=register-tools-discovery.d.ts.map

package/dist/bootstrap/register-tools-discovery.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"register-tools-discovery.d.ts","sourceRoot":"","sources":["../../src/bootstrap/register-tools-discovery.ts"],"names":[],"mappings":"AACA;;;;;GAKG;AAEH,OAAO,EAYL,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,mBAAmB,EAEzB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAGL,KAAK,eAAe,EACrB,MAAM,yBAAyB,CAAC;AAIjC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE/D,MAAM,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAsC9C;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE;IAC1C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CAClC,GAAG,iBAAiB,CAgBpB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE;IAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,iBAAiB,CAErF;AAoCD;;;;GAIG;AACH,mFAAmF;AACnF,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,GACjB,IAAI,CAaN;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,OAAO,CAAC,eAAe,EAAE;IAAE,EAAE,EAAE,KAAK,CAAA;CAAE,CAAC,GAC5C,IAAI,CA0BN;AAED,MAAM,WAAW,gBAAgB;IAC/B;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,EAAE,SAAS,mBAAmB,EAAE,CAAC;IACjD,2FAA2F;IAC3F,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CAClC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,MAAM,EACX,aAAa,EAAE,MAAM,GACpB,mBAAmB,EAAE,CAqBvB;AA2DD,wBAAsB,+BAA+B,CACnD,QAAQ,EAAE,YAAY,EACtB,IAAI,EAAE,gBAAgB,EACtB,UAAU,EAAE,WAAW,CAAC,MAAM,CAAC,EAC/B,UAAU,GAAE,cAAc,EAAO,EACjC,SAAS,GAAE,kBAAkB,EAAO,GACnC,OAAO,CAAC,IAAI,CAAC,CAmCf;AAED;;;;GAIG;AACH,wBAAsB,gCAAgC,CACpD,QAAQ,EAAE,YAAY,EACtB,IAAI,EAAE;IACJ,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CAClC,EACD,UAAU,EAAE,WAAW,CAAC,MAAM,CAAC,EAC/B,UAAU,GAAE,cAAc,EAAO,EACjC,SAAS,GAAE,kBAAkB,EAAO,GACnC,OAAO,CAAC,IAAI,CAAC,CAuBf"}
+{"version":3,"file":"register-tools-discovery.d.ts","sourceRoot":"","sources":["../../src/bootstrap/register-tools-discovery.ts"],"names":[],"mappings":"AACA;;;;;GAKG;AAEH,OAAO,EASL,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACzB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAGL,KAAK,eAAe,EACrB,MAAM,yBAAyB,CAAC;AA0CjC;;;;GAIG;AACH,mFAAmF;AACnF,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,GACjB,IAAI,CAaN;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,OAAO,CAAC,eAAe,EAAE;IAAE,EAAE,EAAE,KAAK,CAAA;CAAE,CAAC,GAC5C,IAAI,CA0BN;AAED,MAAM,WAAW,gBAAgB;IAC/B;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,EAAE,SAAS,mBAAmB,EAAE,CAAC;IACjD,2FAA2F;IAC3F,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CAClC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,MAAM,EACX,aAAa,EAAE,MAAM,GACpB,mBAAmB,EAAE,CAqBvB;AAmGD,wBAAsB,+BAA+B,CACnD,QAAQ,EAAE,YAAY,EACtB,IAAI,EAAE,gBAAgB,EACtB,UAAU,EAAE,WAAW,CAAC,MAAM,CAAC,EAC/B,UAAU,GAAE,cAAc,EAAO,EACjC,SAAS,GAAE,kBAAkB,EAAO,GACnC,OAAO,CAAC,IAAI,CAAC,CAmCf"}

package/dist/bootstrap/register-tools-discovery.js

@@ -5,61 +5,12 @@
  * Extracted from register-tools.ts so the bundled registration path stays a
  * focused module under the file-length soft limit.
  */
-import { admitTool, assertManifestMatchesTool, discoverAuthoredToolSidecars, discoverToolPackagesFromAnchors, logger, PluginIncompatibleError, PROJECT_LOCAL_MANIFEST_FILE, resolveProjectContext, resolveProjectPaths, resolveUserPaths, loadToolManifest, } from '@opensip-cli/core';
-import { hostRuntimeImportPolicyFor, importToolRuntime, } from './admit-tool-package.js';
+import { admitTool, assertManifestMatchesTool, discoverToolPackagesFromAnchors, logger, resolveProjectContext, resolveProjectPaths, resolveUserPaths, loadToolManifest, } from '@opensip-cli/core';
+import { importToolRuntime, workerRuntimeImportPolicyFor, } from './admit-tool-package.js';
 import { BOOTSTRAP_MODULE } from './constants.js';
-import { isInstalledToolTrusted, isProjectLocalToolTrusted } from './tool-trust.js';
-/**
- * The shared admission tail for both authored sources. When `preloadedManifest`
- * is supplied we use that snapshot so the trust decision and compatibility gate
- * see the identical declaration.
- *
- * @throws {PluginIncompatibleError} When the sidecar manifest is missing,
- * malformed, or rejected by the compatibility gate.
- */
-function admitAuthoredTool(source, dir, preloadedManifest) {
-    const rawManifest = preloadedManifest ?? loadToolManifest(source, dir);
-    if (rawManifest === undefined) {
-        throw new PluginIncompatibleError(`${source} tool at '${dir}' has no conformant ${PROJECT_LOCAL_MANIFEST_FILE} sidecar`, { diagnostic: 'manifest missing or malformed' });
-    }
-    const result = admitTool({
-        manifest: rawManifest,
-        source,
-        dir,
-        explicitlyRequested: true,
-    });
-    if (result.decision !== 'admit') {
-        throw new PluginIncompatibleError(`${source} tool '${rawManifest.id}' is incompatible: ${result.diagnostic ?? 'compatibility gate rejected it'}`, { diagnostic: result.diagnostic });
-    }
-    return { provenance: result.provenance, manifest: result.manifest };
-}
-/**
- * Admit or reject a PROJECT-LOCAL authored tool under the deny-by-default trust
- * policy. The trust decision always precedes module import; a non-allowlisted
- * tool fails closed before any authored code can run.
- *
- * @throws {PluginIncompatibleError} When the sidecar manifest is missing,
- * malformed, incompatible, or not trusted by the project-tool allowlist.
- */
-export function admitProjectLocalTool(args) {
-    const manifest = loadToolManifest('project-local', args.dir);
-    if (manifest === undefined) {
-        throw new PluginIncompatibleError(`project-local tool at '${args.dir}' has no conformant ${PROJECT_LOCAL_MANIFEST_FILE} sidecar`, { diagnostic: 'manifest missing or malformed' });
-    }
-    if (!isProjectLocalToolTrusted(manifest.id, args.env)) {
-        throw new PluginIncompatibleError(`project-local tool '${manifest.id}' is not trusted to load (deny-by-default). ` +
-            `Allowlist it via OPENSIP_CLI_ALLOW_PROJECT_TOOLS='${manifest.id}' to admit it.`, { diagnostic: 'project-local tool not allowlisted (deny-by-default)' });
-    }
-    return admitAuthoredTool('project-local', args.dir, manifest);
-}
-/**
- * Admit a USER-GLOBAL authored tool — trusted-by-default because the user placed
- * it in their own home-dir tool host, but still fail-closed on a missing or
- * incompatible manifest.
- */
-export function admitUserGlobalTool(args) {
-    return admitAuthoredTool('user-global', args.dir);
-}
+import { synthesizeExternalTool } from './synthesize-external-tool.js';
+import { isHostRuntimeImportForbidden } from './tool-provenance.js';
+import { isInstalledToolTrusted } from './tool-trust.js';
 /**
  * Run the admission gate over a discovered INSTALLED tool package before its
  * module is imported. Installed tools are best-effort: incompatible or malformed
@@ -191,7 +142,20 @@ async function registerDiscoveredInstalledPackage(pkg, args) {
         emitInstalledTrustDenied(admission.manifest.id, pkg.name, pkg.packageDir);
         return;
     }
-    const load = await importToolRuntime(pkg.packageDir, hostRuntimeImportPolicyFor('installed'));
+    // ADR-0054 M4-G (capstone): in the HOST, NEVER import the external runtime —
+    // register a manifest-derived synthetic Tool (command shells from the static
+    // manifest; the worker imports the real runtime + runs the handler when a
+    // command dispatches). The drift guard does not run host-side (there is no
+    // runtime to compare; the manifest IS the host source of truth). Inside the
+    // dispatch WORKER (`OPENSIP_CLI_IN_TOOL_WORKER=1`) the import path runs — the
+    // isolation boundary where the untrusted runtime legitimately loads.
+    if (isHostRuntimeImportForbidden(args.env)) {
+        // Synchronous void registration (no import in the host); `void` marks the
+        // floating call as deliberately non-promise (the synthesize path never awaits).
+        void registerSyntheticExternalTool(args, admission, { sourcePackage: pkg.name });
+        return;
+    }
+    const load = await importToolRuntime(pkg.packageDir, workerRuntimeImportPolicyFor('installed'));
     if (!load.ok) {
         emitInstalledLoadFailure(pkg.name, load);
         return;
@@ -208,6 +172,23 @@ async function registerDiscoveredInstalledPackage(pkg, args) {
     args.provenance.push(admission.provenance);
     args.manifests.push(admission.manifest);
 }
+/**
+ * ADR-0054 M4-G host path: register the manifest-derived synthetic Tool for an
+ * admitted EXTERNAL tool. Honors the same stable-UUID collision + built-in skip
+ * the import path applies, keyed on the synthetic tool's `metadata.id`
+ * (`stableId ?? id`) so a re-discovered copy is deduped identically.
+ */
+function registerSyntheticExternalTool(args, admission, opts) {
+    const tool = synthesizeExternalTool(admission.manifest);
+    if (args.builtInIds.has(tool.metadata.name ?? tool.metadata.id))
+        return;
+    if (args.registeredStableIds.has(tool.metadata.id))
+        return;
+    // @fitness-ignore-next-line detached-promises -- ToolRegistry.register(...) returns void (registry.ts:46); the detached-promise heuristic misfires on the discarded non-promise call result.
+    args.registry.register(tool, opts?.sourcePackage === undefined ? undefined : opts);
+    args.provenance.push(admission.provenance);
+    args.manifests.push(admission.manifest);
+}
 export async function discoverAndRegisterToolPackages(registry, opts, builtInIds, provenance = [], manifests = []) {
     const discovered = discoverToolPackagesFromAnchors(opts.sources);
     // Stable-UUID collision guard (ADR-0048): a discovered package whose runtime
@@ -242,49 +223,4 @@ export async function discoverAndRegisterToolPackages(registry, opts, builtInIds
         }
     }
 }
-/**
- * Discover + admit + register AUTHORED Tool sidecars from the two authored
- * roots, then dynamic-import each admitted runtime through the shared
- * `importToolRuntime` seam.
- */
-export async function discoverAndRegisterAuthoredTools(registry, opts, builtInIds, provenance = [], manifests = []) {
-    for (const candidate of discoverAuthoredToolSidecars(opts.globalAuthoredDir)) {
-        await admitAndRegisterAuthored({
-            registry,
-            admission: admitUserGlobalTool({ dir: candidate.dir }),
-            dir: candidate.dir,
-            builtInIds,
-            provenance,
-            manifests,
-        });
-    }
-    if (opts.projectAuthoredDir !== undefined) {
-        for (const candidate of discoverAuthoredToolSidecars(opts.projectAuthoredDir)) {
-            await admitAndRegisterAuthored({
-                registry,
-                admission: admitProjectLocalTool({ dir: candidate.dir, env: opts.env }),
-                dir: candidate.dir,
-                builtInIds,
-                provenance,
-                manifests,
-            });
-        }
-    }
-}
-/** @throws {PluginIncompatibleError} When the authored tool runtime fails to load. */
-async function admitAndRegisterAuthored(args) {
-    const { registry, admission, dir, builtInIds, provenance, manifests } = args;
-    const { provenance: prov, manifest } = admission;
-    if (builtInIds.has(prov.id))
-        return;
-    const load = await importToolRuntime(dir, hostRuntimeImportPolicyFor(prov.source));
-    if (!load.ok) {
-        const detailSuffix = load.detail ? `: ${load.detail}` : '';
-        throw new PluginIncompatibleError(`${prov.source} tool '${prov.id}' failed to load via the plugin path (${load.reason}${detailSuffix})`, { diagnostic: `authored tool runtime load failed: ${load.reason}` });
-    }
-    assertManifestMatchesTool(manifest, load.tool);
-    registry.register(load.tool);
-    provenance.push(prov);
-    manifests.push(manifest);
-}
 //# sourceMappingURL=register-tools-discovery.js.map

package/dist/bootstrap/register-tools-discovery.js.map

@@ -1 +1 @@
-{"version":3,"file":"register-tools-discovery.js","sourceRoot":"","sources":["../../src/bootstrap/register-tools-discovery.ts"],"names":[],"mappings":"AAAA,2LAA2L;AAC3L;;;;;GAKG;AAEH,OAAO,EACL,SAAS,EACT,yBAAyB,EACzB,4BAA4B,EAC5B,+BAA+B,EAC/B,MAAM,EACN,uBAAuB,EACvB,2BAA2B,EAC3B,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GAMjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,0BAA0B,EAC1B,iBAAiB,GAElB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAMpF;;;;;;;GAOG;AACH,SAAS,iBAAiB,CACxB,MAAkB,EAClB,GAAW,EACX,iBAAuD;IAEvD,MAAM,WAAW,GAAG,iBAAiB,IAAI,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACvE,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,uBAAuB,CAC/B,GAAG,MAAM,aAAa,GAAG,uBAAuB,2BAA2B,UAAU,EACrF,EAAE,UAAU,EAAE,+BAA+B,EAAE,CAChD,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC;QACvB,QAAQ,EAAE,WAAW;QACrB,MAAM;QACN,GAAG;QACH,mBAAmB,EAAE,IAAI;KAC1B,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,MAAM,IAAI,uBAAuB,CAC/B,GAAG,MAAM,UAAU,WAAW,CAAC,EAAE,sBAAsB,MAAM,CAAC,UAAU,IAAI,gCAAgC,EAAE,EAC9G,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAClC,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;AACtE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAGrC;IACC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,uBAAuB,CAC/B,0BAA0B,IAAI,CAAC,GAAG,uBAAuB,2BAA2B,UAAU,EAC9F,EAAE,UAAU,EAAE,+BAA+B,EAAE,CAChD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,uBAAuB,CAC/B,uBAAuB,QAAQ,CAAC,EAAE,8CAA8C;YAC9E,qDAAqD,QAAQ,CAAC,EAAE,gBAAgB,EAClF,EAAE,UAAU,EAAE,sDAAsD,EAAE,CACvE,CAAC;IACJ,CAAC;IACD,OAAO,iBAAiB,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAA8B;IAChE,OAAO,iBAAiB,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;AACpD,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,GAA2D,EAC3D,UAA+B;IAE/B,MAAM,QAAQ,GAAG,gBAAgB,CAAC,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yBAAyB,GAAG,CAAC,IAAI,oEAAoE,CACtG,CAAC;QACF,MAAM,CAAC,IAAI,CAAC;YACV,GAAG,EAAE,2BAA2B;YAChC,MAAM,EAAE,gBAAgB;YACxB,IAAI,EAAE,GAAG,CAAC,IAAI;SACf,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO,SAAS,CAAC;IAElD,MAAM,MAAM,GAAG,SAAS,CAAC;QACvB,QAAQ;QACR,MAAM,EAAE,WAAW;QACnB,GAAG,EAAE,GAAG,CAAC,UAAU;QACnB,WAAW,EAAE,GAAG,CAAC,IAAI;QACrB,mBAAmB,EAAE,KAAK;KAC3B,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IAClD,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,mFAAmF;AACnF,MAAM,UAAU,wBAAwB,CACtC,MAAc,EACd,WAAmB,EACnB,UAAkB;IAElB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,2BAA2B,WAAW,KAAK,MAAM,8CAA8C;QAC7F,uDAAuD,MAAM,gBAAgB;QAC7E,8HAA8H,CACjI,CAAC;IACF,MAAM,CAAC,IAAI,CAAC;QACV,GAAG,EAAE,iCAAiC;QACtC,MAAM,EAAE,gBAAgB;QACxB,MAAM;QACN,WAAW;QACX,UAAU;KACX,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,IAAY,EACZ,IAA6C;IAE7C,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yBAAyB,IAAI,6CAA6C,CAC3E,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,mBAAmB,EAAE,MAAM,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1E,OAAO;IACT,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yBAAyB,IAAI,gDAAgD,CAC9E,CAAC;QACF,MAAM,CAAC,IAAI,CAAC;YACV,GAAG,EAAE,wBAAwB;YAC7B,MAAM,EAAE,gBAAgB;YACxB,IAAI;SACL,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,IAAI,KAAK,IAAI,CAAC,MAAM,IAAI,eAAe,IAAI,CAAC,CAAC;IAClG,MAAM,CAAC,IAAI,CAAC;QACV,GAAG,EAAE,sBAAsB;QAC3B,MAAM,EAAE,gBAAgB;QACxB,IAAI;QACJ,KAAK,EAAE,IAAI,CAAC,MAAM;KACnB,CAAC,CAAC;AACL,CAAC;AAcD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,yBAAyB,CACvC,GAAW,EACX,aAAqB;IAErB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,qBAAqB,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC;gBAChE,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sEAAsE;QACtE,qEAAqE;QACrE,mEAAmE;IACrE,CAAC;IACD,OAAO,CAAC,IAAI,CACV,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAC5B,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAC/D,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,CACvC,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,KAAK,UAAU,kCAAkC,CAC/C,GAA2D,EAC3D,IAOC;IAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAC3D,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO;IAEpC,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7D,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1E,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,0BAA0B,CAAC,WAAW,CAAC,CAAC,CAAC;IAC9F,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,wBAAwB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO;IAClF,6EAA6E;IAC7E,+DAA+D;IAC/D,IAAI,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO;IAEhE,yBAAyB,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAEzD,6LAA6L;IAC7L,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,aAAa,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,QAAsB,EACtB,IAAsB,EACtB,UAA+B,EAC/B,aAA+B,EAAE,EACjC,YAAkC,EAAE;IAEpC,MAAM,UAAU,GAAG,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEjE,6EAA6E;IAC7E,yEAAyE;IACzE,4EAA4E;IAC5E,6EAA6E;IAC7E,4EAA4E;IAC5E,uEAAuE;IACvE,0EAA0E;IAC1E,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAE/E,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,kCAAkC,CAAC,GAAG,EAAE;gBAC5C,QAAQ;gBACR,UAAU;gBACV,GAAG;gBACH,mBAAmB;gBACnB,UAAU;gBACV,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,GAAG,CAAC,IAAI,KAAK,GAAG,IAAI,CAAC,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG,EAAE,sBAAsB;gBAC3B,MAAM,EAAE,gBAAgB;gBACxB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,KAAK,EAAE,GAAG;aACX,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,QAAsB,EACtB,IAIC,EACD,UAA+B,EAC/B,aAA+B,EAAE,EACjC,YAAkC,EAAE;IAEpC,KAAK,MAAM,SAAS,IAAI,4BAA4B,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC7E,MAAM,wBAAwB,CAAC;YAC7B,QAAQ;YACR,SAAS,EAAE,mBAAmB,CAAC,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,CAAC;YACtD,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,UAAU;YACV,UAAU;YACV,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC1C,KAAK,MAAM,SAAS,IAAI,4BAA4B,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC9E,MAAM,wBAAwB,CAAC;gBAC7B,QAAQ;gBACR,SAAS,EAAE,qBAAqB,CAAC,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvE,GAAG,EAAE,SAAS,CAAC,GAAG;gBAClB,UAAU;gBACV,UAAU;gBACV,SAAS;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAWD,sFAAsF;AACtF,KAAK,UAAU,wBAAwB,CAAC,IAA0B;IAChE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IAC7E,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,SAAS,CAAC;IACjD,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO;IAEpC,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,0BAA0B,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IACnF,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,uBAAuB,CAC/B,GAAG,IAAI,CAAC,MAAM,UAAU,IAAI,CAAC,EAAE,yCAAyC,IAAI,CAAC,MAAM,GAAG,YAAY,GAAG,EACrG,EAAE,UAAU,EAAE,sCAAsC,IAAI,CAAC,MAAM,EAAE,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,yBAAyB,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAE/C,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtB,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC"}
+{"version":3,"file":"register-tools-discovery.js","sourceRoot":"","sources":["../../src/bootstrap/register-tools-discovery.ts"],"names":[],"mappings":"AAAA,2LAA2L;AAC3L;;;;;GAKG;AAEH,OAAO,EACL,SAAS,EACT,yBAAyB,EACzB,+BAA+B,EAC/B,MAAM,EACN,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,GAKjB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,iBAAiB,EACjB,4BAA4B,GAE7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,sBAAsB,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAIzD;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,GAA2D,EAC3D,UAA+B;IAE/B,MAAM,QAAQ,GAAG,gBAAgB,CAAC,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yBAAyB,GAAG,CAAC,IAAI,oEAAoE,CACtG,CAAC;QACF,MAAM,CAAC,IAAI,CAAC;YACV,GAAG,EAAE,2BAA2B;YAChC,MAAM,EAAE,gBAAgB;YACxB,IAAI,EAAE,GAAG,CAAC,IAAI;SACf,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO,SAAS,CAAC;IAElD,MAAM,MAAM,GAAG,SAAS,CAAC;QACvB,QAAQ;QACR,MAAM,EAAE,WAAW;QACnB,GAAG,EAAE,GAAG,CAAC,UAAU;QACnB,WAAW,EAAE,GAAG,CAAC,IAAI;QACrB,mBAAmB,EAAE,KAAK;KAC3B,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IAClD,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;AACtE,CAAC;AAED;;;;GAIG;AACH,mFAAmF;AACnF,MAAM,UAAU,wBAAwB,CACtC,MAAc,EACd,WAAmB,EACnB,UAAkB;IAElB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,2BAA2B,WAAW,KAAK,MAAM,8CAA8C;QAC7F,uDAAuD,MAAM,gBAAgB;QAC7E,8HAA8H,CACjI,CAAC;IACF,MAAM,CAAC,IAAI,CAAC;QACV,GAAG,EAAE,iCAAiC;QACtC,MAAM,EAAE,gBAAgB;QACxB,MAAM;QACN,WAAW;QACX,UAAU;KACX,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,IAAY,EACZ,IAA6C;IAE7C,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yBAAyB,IAAI,6CAA6C,CAC3E,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,mBAAmB,EAAE,MAAM,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1E,OAAO;IACT,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yBAAyB,IAAI,gDAAgD,CAC9E,CAAC;QACF,MAAM,CAAC,IAAI,CAAC;YACV,GAAG,EAAE,wBAAwB;YAC7B,MAAM,EAAE,gBAAgB;YACxB,IAAI;SACL,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,IAAI,KAAK,IAAI,CAAC,MAAM,IAAI,eAAe,IAAI,CAAC,CAAC;IAClG,MAAM,CAAC,IAAI,CAAC;QACV,GAAG,EAAE,sBAAsB;QAC3B,MAAM,EAAE,gBAAgB;QACxB,IAAI;QACJ,KAAK,EAAE,IAAI,CAAC,MAAM;KACnB,CAAC,CAAC;AACL,CAAC;AAcD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,yBAAyB,CACvC,GAAW,EACX,aAAqB;IAErB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,qBAAqB,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC;QACnE,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC;gBAChE,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sEAAsE;QACtE,qEAAqE;QACrE,mEAAmE;IACrE,CAAC;IACD,OAAO,CAAC,IAAI,CACV,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAC5B,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAC/D,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,CACvC,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,KAAK,UAAU,kCAAkC,CAC/C,GAA2D,EAC3D,IAOC;IAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAC3D,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO;IAEpC,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7D,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1E,OAAO;IACT,CAAC;IAED,6EAA6E;IAC7E,6EAA6E;IAC7E,0EAA0E;IAC1E,2EAA2E;IAC3E,4EAA4E;IAC5E,8EAA8E;IAC9E,qEAAqE;IACrE,IAAI,4BAA4B,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,0EAA0E;QAC1E,gFAAgF;QAChF,KAAK,6BAA6B,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,aAAa,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,UAAU,EAAE,4BAA4B,CAAC,WAAW,CAAC,CAAC,CAAC;IAChG,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,wBAAwB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO;IAClF,6EAA6E;IAC7E,+DAA+D;IAC/D,IAAI,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO;IAEhE,yBAAyB,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAEzD,6LAA6L;IAC7L,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,aAAa,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;GAKG;AACH,SAAS,6BAA6B,CACpC,IAMC,EACD,SAAwB,EACxB,IAA0C;IAE1C,MAAM,IAAI,GAAG,sBAAsB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO;IACxE,IAAI,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO;IAC3D,6LAA6L;IAC7L,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACnF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,QAAsB,EACtB,IAAsB,EACtB,UAA+B,EAC/B,aAA+B,EAAE,EACjC,YAAkC,EAAE;IAEpC,MAAM,UAAU,GAAG,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEjE,6EAA6E;IAC7E,yEAAyE;IACzE,4EAA4E;IAC5E,6EAA6E;IAC7E,4EAA4E;IAC5E,uEAAuE;IACvE,0EAA0E;IAC1E,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAE/E,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,kCAAkC,CAAC,GAAG,EAAE;gBAC5C,QAAQ;gBACR,UAAU;gBACV,GAAG;gBACH,mBAAmB;gBACnB,UAAU;gBACV,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,GAAG,CAAC,IAAI,KAAK,GAAG,IAAI,CAAC,CAAC;YAC3E,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG,EAAE,sBAAsB;gBAC3B,MAAM,EAAE,gBAAgB;gBACxB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,KAAK,EAAE,GAAG;aACX,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/bootstrap/register-tools-mount.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"register-tools-mount.d.ts","sourceRoot":"","sources":["../../src/bootstrap/register-tools-mount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAU,KAAK,IAAI,EAAE,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAY9F;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,UAAU,EACnB,GAAG,EAAE,cAAc,GAClB,IAAI,CA2BN;AAqCD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,cAAc,GAAG,IAAI,CA4BvF"}
+{"version":3,"file":"register-tools-mount.d.ts","sourceRoot":"","sources":["../../src/bootstrap/register-tools-mount.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAU,KAAK,IAAI,EAAE,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAS9F;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,UAAU,EACnB,GAAG,EAAE,cAAc,GAClB,IAAI,CA6BN;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,cAAc,GAAG,IAAI,CAsCvF"}

package/dist/bootstrap/register-tools-mount.js

@@ -1,6 +1,6 @@
 import { logger } from '@opensip-cli/core';
-import { internalCommandNames, showInternalCommands, } from '../commands/internal-command-visibility.js';
 import { mountCommandSpec } from '../commands/mount-command-spec.js';
+import { buildMaybeDispatchExternal } from './bind-external-dispatch.js';
 import { bindToolCliContext } from './bind-tool-context.js';
 import { BOOTSTRAP_MODULE } from './constants.js';
 import { decorateToolPrimary } from './decorate-tool-primary.js';
@@ -43,53 +43,19 @@ export function mountAllToolCommands(registry, program, ctx) {
             });
         }
     }
-    // tool-command-surface-taxonomy Task 1.2: hide Tier-3 internal commands from
-    // `--help`. This is the single place that has walked EVERY tool's commands, so
-    // the descriptor-driven hide policy lives here (the host owns it; tools never
-    // pass a hidden flag). The commands stay mounted + invocable — only their
-    // `--help` listing is suppressed. `OPENSIP_CLI_SHOW_INTERNAL=1` reveals them.
-    hideInternalCommands(registry, program);
+    // Tier-3 internal commands are hidden from `--help` self-enforced AT MOUNT by
+    // `mountCommandSpec` (it sets Commander's `_hidden` when a spec declares
+    // `visibility: 'internal'` and `OPENSIP_CLI_SHOW_INTERNAL` is not set). Doing it
+    // in the single mount plane — rather than a post-mount registry walk here — is
+    // order-independent: it covers tool workers AND host-mounted internal commands
+    // (the ADR-0054 M4-E `__tool-command-worker`, mounted later by
+    // `registerCliCommands`) without depending on mount order. `internalCommandNames`
+    // remains the descriptor-driven set the completion inventory filters on.
     // ADR-0021: one shared help shape across every mounted command — uniform
     // option/subcommand ordering and a docs footer — applied here (the single
     // place that has walked every tool's commands) rather than per tool.
     applySharedHelpConfiguration(program);
 }
-/**
- * Hide every mounted command the tools declared `visibility: 'internal'`
- * (Tier-3) from `--help`, unless `OPENSIP_CLI_SHOW_INTERNAL=1`
- * ({@link showInternalCommands}).
- *
- * Mechanism: Commander omits a command from help when its `_hidden` property is
- * `true`; the command stays fully invocable (`opensip graph-shard-worker <spec>`
- * still runs). That is the documented, minimal "keep the subcommand but hide it"
- * mechanism — there is no post-hoc public `.command(name, desc, { hidden })`
- * path, so we set the property Commander itself reads for help filtering.
- *
- * The internal-name set is descriptor-driven ({@link internalCommandNames}) — the
- * SAME source the completion inventory filters on — so help and completion stay
- * in lockstep. Walks the full command tree (including nested `<tool> <verb>`
- * children) so a future internal nested command is hidden too.
- */
-function hideInternalCommands(registry, program) {
-    if (showInternalCommands())
-        return; // reveal override — leave everything visible
-    const internal = internalCommandNames(registry);
-    if (internal.size === 0)
-        return;
-    const hide = (cmd) => {
-        for (const sub of cmd.commands) {
-            if (internal.has(sub.name())) {
-                // Commander 15 reads `_hidden` when filtering help; setting it true hides
-                // the command from `--help` while leaving it invocable. Typed via a
-                // narrow structural cast — `_hidden` is Commander-internal, not on the
-                // public `Command` type, but it is the property the help renderer reads.
-                sub._hidden = true;
-            }
-            hide(sub);
-        }
-    };
-    hide(program);
-}
 /**
  * Mount ONE tool's commands from its declared `commandSpecs` — the only command
  * surface (public launch). Extracted so {@link mountAllToolCommands} keeps its
@@ -119,7 +85,17 @@ export function mountOneTool(program, tool, ctx) {
         });
         return;
     }
-    const toolCtx = bindToolCliContext(tool, ctx);
+    // ADR-0054: the bound per-tool context carries the out-of-process dispatch
+    // hook. The action body calls `maybeDispatchExternal`; for an external-
+    // provenance tool it forks a worker (importing the untrusted runtime there)
+    // instead of running the handler in-host, then replays the worker's result
+    // through the SAME bound (tool-scoped) seams. Bundled tools fall through to
+    // the in-process path. Merged here so host commands (lean context) never
+    // carry it.
+    const boundCtx = bindToolCliContext(tool, ctx);
+    const toolCtx = Object.assign(boundCtx, {
+        maybeDispatchExternal: buildMaybeDispatchExternal(tool, boundCtx),
+    });
     const mountedByName = mountFlatSpecs(program, tool, toolCtx);
     // Host-owned uniform decoration of the tool PRIMARY (the flat run command
     // whose name === metadata.name): per-tool `--version`, guaranteed