cfa-kernel 0.1.0__py3-none-any.whl

cfa/cli/formatters.py

@@ -0,0 +1,280 @@
+"""
+CFA CLI — formatters
+====================
+Output formatters for CLI results: table, JSON, summary.
+Zero external dependencies — uses only stdlib.
+"""
+
+from __future__ import annotations
+
+import json
+import re
+import sys
+from typing import Any
+
+_ANSI_RE = re.compile(r"\x1b\[[0-9;]*m")
+
+# Force UTF-8 on Windows if possible
+if sys.platform == "win32":
+    try:
+        sys.stdout.reconfigure(encoding="utf-8")  # type: ignore[attr-defined]
+    except Exception:
+        pass
+
+# ANSI color codes (only when stdout is a TTY)
+_RESET = "\033[0m"
+_BOLD = "\033[1m"
+_DIM = "\033[2m"
+_RED = "\033[31m"
+_GREEN = "\033[32m"
+_YELLOW = "\033[33m"
+_BLUE = "\033[34m"
+_CYAN = "\033[36m"
+
+
+def _use_color() -> bool:
+    return hasattr(sys.stdout, "isatty") and sys.stdout.isatty()
+
+
+def _c(code: str, text: str) -> str:
+    return f"{code}{text}{_RESET}" if _use_color() else text
+
+
+_ICONS_UTF8 = {
+    "approved": "✓", "approved_with_warnings": "⚠", "blocked": "✗",
+    "replanned": "↻", "rolled_back": "↩", "quarantined": "⊘",
+    "partially_committed": "◐", "promotion_candidate": "★",
+}
+_ICONS_ASCII = {
+    "approved": "[OK]", "approved_with_warnings": "[!!]", "blocked": "[XX]",
+    "replanned": "[>>]", "rolled_back": "[<<]", "quarantined": "[??]",
+    "partially_committed": "[~]", "promotion_candidate": "[**]",
+}
+_BOX_UTF8 = {"tl": "┌", "tr": "┐", "bl": "└", "br": "┘", "h": "─", "v": "│", "ml": "├", "mr": "┤", "x": "┼"}
+_BOX_ASCII = {"tl": "+", "tr": "+", "bl": "+", "br": "+", "h": "-", "v": "|", "ml": "+", "mr": "+", "x": "+"}
+
+_UTF8_OK = True
+try:
+    "┌─✓".encode(sys.stdout.encoding or "ascii")
+except (UnicodeEncodeError, UnicodeDecodeError):
+    _UTF8_OK = False
+
+# Force ASCII on Windows unless explicitly using UTF-8 terminal
+if sys.platform == "win32" and (sys.stdout.encoding or "").lower() not in ("utf-8", "utf8"):
+    _UTF8_OK = False
+
+
+def _visible_len(text: str) -> int:
+    """String length excluding ANSI color codes."""
+    return len(_ANSI_RE.sub("", text))
+
+
+def _pad_right(text: str, width: int) -> str:
+    """Pad text to visible width, accounting for ANSI codes."""
+    visible = _visible_len(text)
+    if visible >= width:
+        return text
+    return text + " " * (width - visible)
+
+
+def _pad_center(text: str, width: int, fillchar: str = " ") -> str:
+    """Center text accounting for ANSI codes."""
+    visible = _visible_len(text)
+    if visible >= width:
+        return text
+    left = (width - visible) // 2
+    right = width - visible - left
+    return (fillchar * left) + text + (fillchar * right)
+
+
+def _icon(state: str) -> str:
+    icons = _ICONS_UTF8 if _UTF8_OK else _ICONS_ASCII
+    return icons.get(state, "?")
+
+
+def _box(key: str) -> str:
+    b = _BOX_UTF8 if _UTF8_OK else _BOX_ASCII
+    return b.get(key, key)
+
+
+def _status_icon(state: str) -> str:
+    icon = _icon(state)
+    colors = {
+        "✓": _GREEN, "[OK]": _GREEN,
+        "⚠": _YELLOW, "[!!]": _YELLOW,
+        "✗": _RED, "[XX]": _RED,
+        "↻": _YELLOW, "[>>]": _YELLOW,
+        "↩": _RED, "[<<]": _RED,
+        "⊘": _YELLOW, "[??]": _YELLOW,
+        "◐": _YELLOW, "[~]": _YELLOW,
+        "★": _GREEN, "[**]": _GREEN,
+    }
+    code = colors.get(icon, "")
+    return _c(code, icon)
+
+
+def _severity_color(severity: str) -> str:
+    return {
+        "critical": _c(_RED, severity.upper()),
+        "high": _c(_RED, severity.upper()),
+        "warning": _c(_YELLOW, severity.upper()),
+        "info": _c(_BLUE, severity.upper()),
+    }.get(severity, severity.upper())
+
+
+def _table_line(widths: list[int], cells: list[str], pad: int = 1) -> str:
+    parts: list[str] = []
+    v = _box("v")
+    for w, cell in zip(widths, cells, strict=False):
+        if w > 2:
+            inner = " " + _pad_right(cell, w - 2) + " "
+        else:
+            inner = cell
+        parts.append(inner)
+    return v + v.join(parts) + v
+
+
+def _table_sep(widths: list[int], left: str | None = None, mid: str | None = None, right: str | None = None) -> str:
+    left = left or _box("ml")
+    mid = mid or _box("x")
+    right = right or _box("mr")
+    parts = [left]
+    for i, w in enumerate(widths):
+        parts.append(_box("h") * w)
+        if i < len(widths) - 1:
+            parts.append(mid)
+    parts.append(right)
+    return "".join(parts)
+
+
+def format_evaluate_table(result: dict[str, Any], faults: list[dict[str, Any]]) -> str:
+    """Format an evaluate result as a bordered table."""
+    state = result.get("state", "unknown")
+    lines: list[str] = []
+    h = _box("h")
+    tl, tr, bl, br = _box("tl"), _box("tr"), _box("bl"), _box("br")
+
+    width = 60
+    title = " CFA Evaluation Result "
+    lines.append(f"{tl}{_pad_center(title, width - 2, h)}{tr}")
+    lines.append(_table_line([width], [""]))
+    lines.append(_table_line([width], [f"Intent: {result.get('intent', '')[:width - 12]}"]))
+    icon = _status_icon(state)
+    lines.append(_table_line([width], [f"State:  {icon} {state}"]))
+    hash_val = result.get("signature_hash", "")
+    if hash_val:
+        lines.append(_table_line([width], [f"Hash:   {hash_val}"]))
+    lines.append(_table_line([width], [f"Policy: {result.get('policy_bundle', '')}  |  Replans: {result.get('replan_count', 0)}"]))
+    lines.append(_table_line([width], [""]))
+
+    if faults:
+        lines.append(_table_line([width], [_c(_BOLD, "Faults")]))
+        lines.append(_table_line([width], [""]))
+        for f in faults:
+            sev = _severity_color(f.get("severity", "high"))
+            code = f.get("code", "")
+            msg = f.get("message", "")
+            lines.append(_table_line([width], [f" {sev}  {code}"]))
+            lines.append(_table_line([width], [f"     {msg[:width - 10]}"]))
+            remediation = f.get("remediation", [])
+            if remediation:
+                for i, r in enumerate(remediation[:3]):
+                    lines.append(_table_line([width], [f"     {_c(_DIM, f'{i+1}. {r[:width - 12]}')}"]))
+            lines.append(_table_line([width], [""]))
+
+    lines.append(f"{bl}{h * (width - 2)}{br}")
+    return "\n".join(lines)
+
+
+def format_json(data: Any) -> str:
+    return json.dumps(data, indent=2, default=str, ensure_ascii=False)
+
+
+def format_summary(result: dict[str, Any], faults: list[dict[str, Any]]) -> str:
+    """Human-readable paragraph summary."""
+    state = result.get("state", "unknown")
+    icon = _status_icon(state)
+    lines = [
+        f"{icon}  CFA: {state.upper()}",
+        f"Intent: {result.get('intent', '')}",
+        f"Hash:   {result.get('signature_hash', 'n/a')}",
+        f"Policy: {result.get('policy_bundle', '')}",
+        f"Replans: {result.get('replan_count', 0)}",
+    ]
+    if faults:
+        lines.append(f"Faults: {len(faults)}")
+        for f in faults:
+            lines.append(f"  [{_severity_color(f.get('severity', 'high'))}] {f.get('code', '')}")
+    return "\n".join(lines)
+
+
+def format_rules_table(rules: list[dict[str, str]]) -> str:
+    h, tl, tr, bl, br = _box("h"), _box("tl"), _box("tr"), _box("bl"), _box("br")
+    width = 80
+    lines: list[str] = []
+    title = " CFA Policy Rules "
+    lines.append(f"{tl}{title.center(width - 2, h)}{tr}")
+
+    header_w = [28, 12, 20, 8, 8]
+    lines.append(_table_line(header_w, ["NAME", "ACTION", "FAULT CODE", "SEVERITY", "FAMILY"]))
+    lines.append(_table_sep(header_w))
+    for r in rules:
+        lines.append(_table_line(header_w, [
+            r.get("name", "")[:26],
+            r.get("action", "").upper()[:10],
+            r.get("fault_code", "")[:18],
+            r.get("severity", "")[:6],
+            r.get("family", "")[:6],
+        ]))
+    lines.append(f"{bl}{h * (width - 2)}{br}")
+    return "\n".join(lines)
+
+
+def format_backends_list(backends: list[dict[str, Any]]) -> str:
+    h, tl, tr, bl, br = _box("h"), _box("tl"), _box("tr"), _box("bl"), _box("br")
+    width = 60
+    lines: list[str] = []
+    title = " CFA Registered Backends "
+    lines.append(f"{tl}{title.center(width - 2, h)}{tr}")
+    header_w = [20, 18, 18]
+    lines.append(_table_line(header_w, ["NAME", "MERGE", "ANONYMIZE"]))
+    lines.append(_table_sep(header_w))
+    ok, fail = _c(_GREEN, _icon("approved")), _c(_RED, _icon("blocked"))
+    for b in backends:
+        lines.append(_table_line(header_w, [
+            b.get("name", "")[:18],
+            ok if b.get("supports_merge") else fail,
+            ok if b.get("supports_anonymization") else fail,
+        ]))
+    lines.append(f"{bl}{h * (width - 2)}{br}")
+    return "\n".join(lines)
+
+
+def format_audit_table(events: list[dict[str, Any]], chain_intact: bool = True) -> str:
+    h, tl, tr, bl, br = _box("h"), _box("tl"), _box("tr"), _box("bl"), _box("br")
+    width = 80
+    lines: list[str] = []
+    title = " CFA Audit Trail "
+    lines.append(f"{tl}{title.center(width - 2, h)}{tr}")
+
+    chain_status = _c(_GREEN, f"{_icon('approved')} INTACT") if chain_intact else _c(_RED, f"{_icon('blocked')} BROKEN")
+    lines.append(_table_line([width], [f"Chain: {chain_status}  |  Events: {len(events)}"]))
+    lines.append(_table_line([width], [""]))
+
+    if events:
+        header_w = [4, 21, 16, 14, 19]
+        lines.append(_table_line(header_w, ["#", "TIMESTAMP", "PHASE", "EVENT", "OUTCOME"]))
+        lines.append(_table_sep(header_w))
+        for i, e in enumerate(events[:50]):
+            ts = e.get("timestamp", "")[:19]
+            lines.append(_table_line(header_w, [
+                str(i + 1),
+                ts,
+                e.get("phase", e.get("stage", ""))[:14],
+                e.get("event_type", "")[:12],
+                e.get("outcome", "")[:17],
+            ]))
+        if len(events) > 50:
+            lines.append(_table_line([width], [f"  ... and {len(events) - 50} more events"]))
+    lines.append(f"{bl}{h * (width - 2)}{br}")
+    return "\n".join(lines)

cfa/cli/governance/audit.py

@@ -0,0 +1,65 @@
+"""cfa audit — audit trail operations."""
+
+from __future__ import annotations
+
+import sys
+from pathlib import Path
+
+
+def cmd_audit_show(args) -> int:
+    from cfa.audit.trail import AuditTrail, JsonLinesAuditStorage
+    from cfa.cli.formatters import format_audit_table, format_json
+
+    audit_path = args.file or args.data_dir
+    storage = JsonLinesAuditStorage(audit_path) if audit_path else None
+    trail = AuditTrail(storage=storage)
+    events = trail.get_events_for_intent(args.id)
+    event_dicts = [
+        {
+            "timestamp": e.timestamp.isoformat() if hasattr(e.timestamp, "isoformat") else str(e.timestamp),
+            "phase": e.stage,
+            "event_type": e.event_type,
+            "outcome": e.outcome,
+            "intent_id": e.intent_id,
+        }
+        for e in events
+    ]
+    chain_ok = trail.verify_chain()
+
+    fmt = args.format or "table"
+    if fmt == "json":
+        print(format_json({"intent_id": args.id, "chain_intact": chain_ok, "events": event_dicts}))
+    else:
+        print(format_audit_table(event_dicts, chain_ok))
+
+    if args.output:
+        out = Path(args.output)
+        out.write_text(format_json({"intent_id": args.id, "chain_intact": chain_ok, "events": event_dicts}), encoding="utf-8")
+        print(f"Saved to {out}")
+    return 0
+
+
+def cmd_audit_verify(args) -> int:
+    from cfa.audit.trail import AuditTrail, JsonLinesAuditStorage
+
+    audit_path = args.file or args.data_dir
+    storage = JsonLinesAuditStorage(audit_path) if audit_path else None
+    trail = AuditTrail(storage=storage)
+
+    if args.id:
+        events = trail.get_events_for_intent(args.id)
+        chain_ok = trail.verify_chain()
+        if chain_ok:
+            print(f"\u2713 Chain INTACT for intent {args.id} ({len(events)} events)")
+            return 0
+        else:
+            print(f"\u2717 Chain BROKEN for intent {args.id}", file=sys.stderr)
+            return 1
+    else:
+        all_ok = trail.verify_chain()
+        if all_ok:
+            print(f"\u2713 Chain INTACT ({trail.event_count} events total)")
+            return 0
+        else:
+            print("\u2717 Chain BROKEN", file=sys.stderr)
+            return 1

cfa/cli/governance/catalog.py

@@ -0,0 +1,28 @@
+"""cfa catalog — validate catalog files."""
+
+from __future__ import annotations
+
+from .._helpers import load_catalog
+
+
+def cmd_catalog_validate(args) -> int:
+    from cfa.cli.formatters import format_json
+    from cfa.policy.catalog import validate_catalog
+
+    catalog = load_catalog(args.path)
+    result = validate_catalog(catalog, require_datasets=args.require_datasets)
+    output = {
+        "path": args.path,
+        "valid": result.valid,
+        "issue_count": len(result.issues),
+        "issues": [{"path": i.path, "message": i.message} for i in result.issues],
+    }
+
+    if args.format == "json":
+        print(format_json(output))
+    else:
+        status = "VALID" if result.valid else "INVALID"
+        print(f"Catalog {status}: {args.path}")
+        for msg in result.messages:
+            print(f"  - {msg}")
+    return 0 if result.valid else 1

cfa/cli/governance/policy.py

@@ -0,0 +1,119 @@
+"""cfa policy — evaluate and validate policy bundles."""
+
+from __future__ import annotations
+
+import uuid
+from pathlib import Path
+
+from .._helpers import load_catalog, load_policy, load_structured_file
+
+
+def _cross_validate_signature_against_catalog(signature, catalog: dict) -> list[dict[str, str]]:
+    errors: list[dict[str, str]] = []
+    catalog_datasets = catalog.get("datasets", {})
+    if not isinstance(catalog_datasets, dict):
+        errors.append({"path": "catalog.datasets", "message": "must be an object keyed by dataset name"})
+        return errors
+    for idx, ds in enumerate(signature.datasets):
+        base = f"signature.datasets[{idx}]"
+        cat_entry = catalog_datasets.get(ds.name)
+        if cat_entry is None:
+            errors.append({"path": f"{base}.name", "message": f"dataset '{ds.name}' not found in catalog"})
+            continue
+        if not isinstance(cat_entry, dict):
+            errors.append({"path": f"{base}.name", "message": f"catalog entry for '{ds.name}' is not an object"})
+            continue
+        cat_classification = cat_entry.get("classification", "internal")
+        if ds.classification.value != cat_classification:
+            errors.append({"path": f"{base}.classification", "message": f"signature says '{ds.classification.value}' but catalog says '{cat_classification}'"})
+        cat_pii = set(cat_entry.get("pii_columns", []))
+        sig_pii = set(ds.pii_columns)
+        if cat_pii - sig_pii:
+            errors.append({"path": f"{base}.pii_columns", "message": f"signature missing PII columns from catalog: {sorted(cat_pii - sig_pii)}"})
+        if sig_pii - cat_pii:
+            errors.append({"path": f"{base}.pii_columns", "message": f"signature declares PII columns not in catalog: {sorted(sig_pii - cat_pii)}"})
+        cat_partition = cat_entry.get("partition_column")
+        if cat_partition and ds.partition_column and cat_partition != ds.partition_column:
+            errors.append({"path": f"{base}.partition_column", "message": f"signature says '{ds.partition_column}' but catalog says '{cat_partition}'"})
+    return errors
+
+
+def cmd_policy_check(args) -> int:
+    from cfa.audit.hashing import hash_file_content, hash_governance_artifact
+    from cfa.audit.trail import AuditTrail, JsonLinesAuditStorage
+    from cfa.cli.formatters import format_json
+    from cfa.policy.engine import PolicyEngine
+    from cfa.types import PolicyAction, StateSignature
+    from cfa.validation.signature import unwrap_signature_data, validate_signature_data
+
+    data = load_structured_file(args.signature, "Error: PyYAML required for YAML signatures.")
+    validation = validate_signature_data(data, require_datasets=args.require_datasets)
+    if not validation.valid:
+        output = {"signature": args.signature, "valid": False, "issue_count": len(validation.issues), "issues": [{"path": i.path, "message": i.message} for i in validation.issues]}
+        if args.format == "json": print(format_json(output))
+        else:
+            print(f"StateSignature INVALID: {args.signature}")
+            for msg in validation.messages: print(f"  - {msg}")
+        return 1
+
+    signature_data = unwrap_signature_data(data)
+    signature = StateSignature.from_dict(signature_data)
+    catalog = load_catalog(args.catalog)
+
+    if args.strict and catalog:
+        strict_errors = _cross_validate_signature_against_catalog(signature, catalog)
+        if strict_errors:
+            output = {"signature": args.signature, "valid": False, "issue_count": len(strict_errors), "issues": strict_errors}
+            if args.format == "json": print(format_json(output))
+            else:
+                print(f"StateSignature/catalog mismatch: {args.signature}")
+                for issue in strict_errors: print(f"  - {issue['path']}: {issue['message']}")
+            return 1
+
+    policy_rules, bundle_version = load_policy(args.policy_bundle)
+    engine = PolicyEngine(rules=policy_rules, policy_bundle_version=bundle_version)
+    result = engine.evaluate(signature)
+    decision_id = str(uuid.uuid4())
+
+    catalog_hash = hash_governance_artifact(catalog) if catalog else ""
+    policy_bundle_hash = ""
+    if Path(args.policy_bundle).suffix in (".yaml", ".yml", ".json"):
+        policy_bundle_hash = hash_file_content(args.policy_bundle)
+
+    faults = [{"code": f.code, "severity": f.severity.value, "family": f.family.value, "message": f.message, "remediation": list(f.remediation)} for f in result.faults]
+    audit_event_hash = ""
+    if args.audit_log:
+        audit = AuditTrail(storage=JsonLinesAuditStorage(args.audit_log))
+        event = audit.record(intent_id=signature.intent_id, stage="policy_check", event_type="policy_evaluation", outcome=result.action.value, policy_bundle_version=engine.policy_bundle_version, decision_id=decision_id, signature_hash=signature.signature_hash, catalog_hash=catalog_hash, policy_bundle_hash=policy_bundle_hash, faults=[f["code"] for f in faults], interventions=result.interventions, reasoning=result.reasoning)
+        audit_event_hash = event.event_hash
+
+    output = {"schema_version": "cfa.policy_check.v1", "decision_id": decision_id, "signature_hash": signature.signature_hash, "policy_bundle": engine.policy_bundle_version, "catalog_hash": catalog_hash, "policy_bundle_hash": policy_bundle_hash, "action": result.action.value, "passed": result.action == PolicyAction.APPROVE, "faults": faults, "interventions": result.interventions, "reasoning": result.reasoning, "audit_event_hash": audit_event_hash}
+
+    if args.format == "json":
+        print(format_json(output))
+    else:
+        print(f"Policy check {result.action.value.upper()}: {args.signature}")
+        print(f"  decision_id:        {decision_id}")
+        print(f"  signature_hash:     {signature.signature_hash}")
+        print(f"  policy_bundle:      {engine.policy_bundle_version}")
+        if catalog_hash: print(f"  catalog_hash:       {catalog_hash}")
+        if policy_bundle_hash: print(f"  policy_bundle_hash: {policy_bundle_hash}")
+        if audit_event_hash: print(f"  audit_hash:         {audit_event_hash}")
+        if result.reasoning: print(f"  reasoning:          {result.reasoning}")
+        for fault in faults: print(f"  - [{fault['severity']}] {fault['code']}: {fault['message']}")
+    return 1 if (args.exit_code and result.action != PolicyAction.APPROVE) else 0
+
+
+def cmd_policy_validate(args) -> int:
+    from cfa.cli.formatters import format_json
+    from cfa.policy.bundle import validate_policy_bundle_data
+
+    data = load_structured_file(args.path, "Error: PyYAML required for YAML policy bundles.")
+    result = validate_policy_bundle_data(data)
+    output = {"path": args.path, "valid": result.valid, "issue_count": len(result.issues), "issues": [{"path": i.path, "message": i.message} for i in result.issues]}
+    if args.format == "json": print(format_json(output))
+    else:
+        status = "VALID" if result.valid else "INVALID"
+        print(f"Policy bundle {status}: {args.path}")
+        for msg in result.messages: print(f"  - {msg}")
+    return 0 if result.valid else 1

cfa/cli/governance/rules.py

@@ -0,0 +1,42 @@
+"""cfa rules — policy rule operations."""
+
+from __future__ import annotations
+
+import sys
+
+
+def cmd_rules_list(args) -> int:
+    from cfa.cli.formatters import format_json, format_rules_table
+    from cfa.policy.engine import PolicyEngine
+
+    engine = PolicyEngine(policy_bundle_version=args.policy_bundle)
+    rule_dicts = engine.describe_rules()
+    fmt = args.format or "table"
+
+    if fmt == "json":
+        print(format_json(rule_dicts))
+    else:
+        print(format_rules_table(rule_dicts))
+    print(f"\nPolicy bundle: {args.policy_bundle}  |  Rules: {len(rule_dicts)}")
+    return 0
+
+
+def cmd_rules_explain(args) -> int:
+    from cfa.policy.engine import PolicyEngine
+
+    engine = PolicyEngine(policy_bundle_version=args.policy_bundle)
+    for r in engine.rules:
+        if r.fault_code == args.code:
+            print(f"Fault Code:    {r.fault_code}")
+            print(f"Rule:          {r.name}")
+            print(f"Action:        {r.action.value.upper()}")
+            print(f"Severity:      {r.severity.value.upper()}")
+            print(f"Family:        {r.fault_family.value}")
+            print(f"Message:       {r.message}")
+            if r.remediation:
+                print("Remediation:")
+                for i, rem in enumerate(r.remediation):
+                    print(f"  {i+1}. {rem}")
+            return 0
+    print(f"Unknown fault code: {args.code}", file=sys.stderr)
+    return 1

cfa/cli/governance/signature.py

@@ -0,0 +1,31 @@
+"""cfa signature — validate StateSignature files."""
+
+from __future__ import annotations
+
+from .._helpers import load_structured_file
+
+
+def cmd_signature_validate(args) -> int:
+    from cfa.cli.formatters import format_json
+    from cfa.validation.signature import validate_signature_data
+
+    data = load_structured_file(
+        args.path,
+        "Error: PyYAML required for YAML signatures. Install: pip install pyyaml",
+    )
+    result = validate_signature_data(data, require_datasets=args.require_datasets)
+    output = {
+        "path": args.path,
+        "valid": result.valid,
+        "issue_count": len(result.issues),
+        "issues": [{"path": i.path, "message": i.message} for i in result.issues],
+    }
+
+    if args.format == "json":
+        print(format_json(output))
+    else:
+        status = "VALID" if result.valid else "INVALID"
+        print(f"StateSignature {status}: {args.path}")
+        for msg in result.messages:
+            print(f"  - {msg}")
+    return 0 if result.valid else 1

cfa/cli/infrastructure/backend_list.py

@@ -0,0 +1,24 @@
+"""cfa backend list — list registered backends."""
+
+from __future__ import annotations
+
+from typing import Any
+
+
+def cmd_backend_list(args) -> int:
+    from cfa.backends import BackendRegistry
+    from cfa.cli.formatters import format_backends_list, format_json
+
+    registry = BackendRegistry.singleton()
+    names = registry.list()
+    backends: list[dict[str, Any]] = []
+    for name in names:
+        factory = registry.get(name)
+        backend = factory()
+        caps = backend.get_capabilities() if hasattr(backend, "get_capabilities") else None
+        backends.append({"name": name, "supports_merge": caps.supports_merge if caps else False, "supports_anonymization": caps.supports_anonymization if caps else False, "supports_partition_overwrite": caps.supports_partition_overwrite if caps else False, "cost_model_available": caps.cost_model_available if caps else False})
+
+    fmt = args.format or "table"
+    if fmt == "json": print(format_json(backends))
+    else: print(format_backends_list(backends))
+    return 0