0nmcp 1.7.0 → 2.0.0

package/README.md

@@ -20,19 +20,19 @@
 [![MCP](https://img.shields.io/badge/MCP-Compatible-blueviolet?style=flat-square)](https://modelcontextprotocol.io)
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
 [![Services](https://img.shields.io/badge/services-26+-blue?style=flat-square)](#-supported-services)
-[![Tools](https://img.shields.io/badge/tools-535-orange?style=flat-square)](#-all-tools)
+[![Tools](https://img.shields.io/badge/tools-550-orange?style=flat-square)](#-all-tools)
 [![Community](https://img.shields.io/badge/community-1000%2B_devs-ff6600?style=flat-square)](#-community)
 [![GitHub Discussions](https://img.shields.io/github/discussions/0nork/0nMCP?style=flat-square&label=discussions)](https://github.com/0nork/0nMCP/discussions)
 
-**535 tools. 26 services. Zero configuration. One natural language interface.**
+**550 tools. 26 services. Zero configuration. One natural language interface.**
 
-[Quick Start](#-installation) · [Services](#-supported-services) · [535 Tools](#-all-tools) · [.0n Standard](#-the-0n-standard) · [Unlocks](#-unlocks) · [Community](#-community) · [Contributing](#-contributing)
+[Quick Start](#-installation) · [Services](#-supported-services) · [550 Tools](#-all-tools) · [.0n Standard](#-the-0n-standard) · [Unlocks](#-unlocks) · [Community](#-community) · [Contributing](#-contributing)
 
 </div>
 
 ---
 
-> **v1.3.0** — 535 tools across 26 services in 13 categories. Gmail, Google Sheets, Google Drive, Jira, Zendesk, Mailchimp, Zoom, Microsoft 365, and MongoDB now live. Full CRM coverage (245 tools), rate limiting, webhooks, TypeScript definitions, and a growing open source community. [See what's new](#-whats-new-in-v13).
+> **v1.7.0** — 550 tools across 26 services in 13 categories. Now with the **.0n Conversion Engine** (portable AI Brain bundles), **Vault** (machine-bound encrypted credential storage), **Application Engine** (build + distribute .0n apps), **Workflow Runtime** + **HTTP Server**, and a **CLI with named runs**. [See what's new](#-whats-new-in-v17).
 
 ---
 
@@ -157,7 +157,7 @@ Add to `~/Library/Application Support/Claude/claude_desktop_config.json` (Mac) o
 | **MongoDB** | Database | Find, insert, update, delete, aggregate documents via Atlas Data API |
 | **CRM** | CRM | **245 tools** — contacts, conversations, calendars, invoices, payments, products, pipelines, social media, custom objects, and more |
 
-**26 services. 535 tools. 13 categories. One interface.**
+**26 services. 550 tools. 13 categories. One interface.**
 
 > **More coming:** QuickBooks, Asana, Intercom, AWS S3, Vercel, Cloudflare, Firebase, Figma...
 
@@ -267,24 +267,25 @@ The deepest CRM integration available in any MCP server. 245 tools across 12 mod
 | **Users** | 24 | Users, forms, surveys, funnels, media, companies, businesses |
 | **Objects** | 34 | Custom objects, associations, email, workflows, snapshots, links, campaigns, courses, SaaS |
 
-**535 total tools.** Universal orchestration (290 catalog tools across 26 services) + the most comprehensive CRM integration in the MCP ecosystem (245 dedicated tools).
+**550 total tools.** Universal orchestration (290 catalog tools across 26 services) + the most comprehensive CRM integration in the MCP ecosystem (245 dedicated tools).
 
 > Every CRM tool is data-driven — defined as configuration, not code. Adding new endpoints takes minutes, not hours. See [CONTRIBUTING.md](CONTRIBUTING.md).
 
 ---
 
-## What's New in v1.3
-
-- **26 services, 535 tools** — up from 17 services and 252 tools
-- **9 new integrations** — Gmail, Google Sheets, Google Drive, Jira, Zendesk, Mailchimp, Zoom, Microsoft 365, MongoDB
-- **13 categories** — added Storage, Support, and Marketing categories
-- **Three-Level Execution Hierarchy** (Patent Pending) — Pipeline → Assembly Line → Radial Burst
+## What's New in v1.7
+
+- **550 tools across 26 services** in 13 categories — 708 total capabilities
+- **.0n Conversion Engine** — import credentials from .env/CSV/JSON, auto-map to 26 services, verify API keys, generate configs for 7 AI platforms (Claude Desktop, Cursor, Windsurf, Gemini, Continue, Cline, OpenAI)
+- **Vault** — machine-bound encrypted credential storage (AES-256-GCM + PBKDF2-SHA512 + hardware fingerprint)
+- **Application Engine** — build, distribute, inspect, and validate portable .0n application bundles
+- **Workflow Runtime** — load and execute `.0n` workflow files with template engine, conditions, and step chaining
+- **HTTP Server** — Express-based REST API, MCP over HTTP, and webhook receivers
+- **Named Runs / Hotkeys** — define command aliases in your SWITCH file, run them as `0nmcp launch`, `0nmcp hello`
+- **Interactive Shell** — `0nmcp shell` starts a REPL for `/command` execution
+- **Portable encryption** — passphrase-only AES-256-GCM (no machine fingerprint, works anywhere)
 - **245 CRM tools** — full API coverage across 12 modules
-- **Data-driven tool factory** — every tool is a config object, new endpoints in minutes
-- **Rate limiting** — built-in per-service rate limits with automatic retry
-- **Webhook support** — receive and process external events
-- **TypeScript definitions** — full type coverage for all exports
-- **CLI improvements** — interactive setup, legacy migration, colored output
+- **Three-Level Execution** (Patent Pending) — Pipeline → Assembly Line → Radial Burst
 
 ---
 
@@ -323,7 +324,7 @@ The orchestrator uses keyword matching to route tasks to the right service. Less
 | **Flexibility** | Say what you want | Triggers/actions only | Unlimited but complex |
 | **Maintenance** | Zero | Update broken zaps | Fix API changes |
 | **Open source** | Yes (MIT) | No | Depends |
-| **Tools available** | 535 | Varies | Whatever you build |
+| **Tools available** | 550 | Varies | Whatever you build |
 
 ---
 
@@ -505,7 +506,7 @@ The tool factory handles registration, validation, API calls, error handling —
 
 ### Phase 0 — Foundation (Current)
 
-- [x] **26 services, 535 tools, 13 categories**
+- [x] **26 services, 550 tools, 13 categories**
 - [x] Core orchestration engine with AI planning
 - [x] **245 CRM tools** — full API coverage across 12 modules
 - [x] Gmail, Google Sheets, Google Drive, Jira, Zendesk, Mailchimp, Zoom, Microsoft 365, MongoDB
@@ -588,7 +589,7 @@ We ship weekly. The codebase is active. The community is real. If you're buildin
 
 | Metric | |
 |--------|---|
-| **Tools shipped** | 535 |
+| **Tools shipped** | 550 |
 | **Services integrated** | 26 |
 | **Categories** | 13 |
 | **CRM endpoints covered** | 245 / 245 (100%) |
@@ -639,7 +640,7 @@ node index.js
 
 | Project | Description |
 |---------|-------------|
-| **[0nMCP](https://github.com/0nork/0nMCP)** | Universal AI API Orchestrator — 535 tools, 26 services, natural language interface |
+| **[0nMCP](https://github.com/0nork/0nMCP)** | Universal AI API Orchestrator — 550 tools, 26 services, natural language interface |
 | **[0n-spec](https://github.com/0nork/0n-spec)** | The .0n Standard — universal configuration format for AI orchestration |
 | **[0nork](https://github.com/0nork/0nork)** | The parent org — AI orchestration infrastructure |
 
@@ -654,7 +655,7 @@ node index.js
 
 <div align="center">
 
-**[Sponsor on GitHub](https://github.com/sponsors/0nork)** · **[Star the repo](https://github.com/0nork/0nMCP)** · **[Tell a friend](https://twitter.com/intent/tweet?text=0nMCP%20-%20535%20tools,%2026%20services,%20zero%20config.%20The%20universal%20AI%20API%20orchestrator.%20Free%20and%20open%20source.&url=https://github.com/0nork/0nMCP)**
+**[Sponsor on GitHub](https://github.com/sponsors/0nork)** · **[Star the repo](https://github.com/0nork/0nMCP)** · **[Tell a friend](https://twitter.com/intent/tweet?text=0nMCP%20-%20550%20tools,%2026%20services,%20zero%20config.%20The%20universal%20AI%20API%20orchestrator.%20Free%20and%20open%20source.&url=https://github.com/0nork/0nMCP)**
 
 </div>
 
@@ -664,7 +665,7 @@ node index.js
 
 ### Stop building workflows. Start describing outcomes.
 
-**535 tools. 26 services. Zero config. MIT licensed. Community driven.**
+**550 tools. 26 services. Zero config. MIT licensed. Community driven.**
 
 **[Get Started](https://github.com/0nork/0nMCP)** · **[Join the Community](https://0nmcp.com/community)** · **[Unlock Schedule](https://0nmcp.com/sponsor)** · **[Read the Docs](https://github.com/0nork/0n-spec)**
 

package/cli.js

@@ -11,6 +11,9 @@
  *   npx 0nmcp init         Initialize ~/.0n directory
  *   npx 0nmcp connect      Interactive connection setup
  *   npx 0nmcp list         List connected services
+ *   npx 0nmcp commands     List named RUNs from SWITCH file
+ *   npx 0nmcp shell        Interactive REPL (type /command)
+ *   npx 0nmcp <alias>      Run a named command from SWITCH file
  *   npx 0nmcp migrate      Migrate from ~/.0nmcp to ~/.0n
  *   npx 0nmcp engine       Engine commands (import, verify, platforms, export, open)
  *   npx 0nmcp app          Application commands (run, build, inspect, validate, list)
@@ -24,6 +27,8 @@ import { fileURLToPath } from 'url';
 import fs from 'fs';
 import os from 'os';
 import readline from 'readline';
+import { loadCommands, listCommands } from './commands.js';
+import { runCommand } from './command-runner.js';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
@@ -88,6 +93,17 @@ ${c.bright}Engine commands:${c.reset}
   ${c.cyan}npx 0nmcp engine export${c.reset}           Export .0n bundle (AI Brain)
   ${c.cyan}npx 0nmcp engine open <bundle>${c.reset}    Open/inspect a .0n bundle
 
+${c.bright}Vault Container commands (Patent Pending #63/990,046):${c.reset}
+
+  ${c.cyan}npx 0nmcp vault create${c.reset}             Create a .0nv vault container
+  ${c.cyan}npx 0nmcp vault open <file>${c.reset}        Open/decrypt a .0nv container
+  ${c.cyan}npx 0nmcp vault inspect <file>${c.reset}     Inspect container metadata (no passphrase)
+  ${c.cyan}npx 0nmcp vault verify <file>${c.reset}      Verify Seal of Truth + signature
+  ${c.cyan}npx 0nmcp vault escrow create${c.reset}      Generate escrow keypairs
+  ${c.cyan}npx 0nmcp vault escrow unwrap${c.reset}      Unwrap container with escrow key
+  ${c.cyan}npx 0nmcp vault transfer <file>${c.reset}    Register a vault transfer
+  ${c.cyan}npx 0nmcp vault revoke <id>${c.reset}        Revoke a transfer ID
+
 ${c.bright}Application commands:${c.reset}
 
   ${c.cyan}npx 0nmcp app run <file>${c.reset}          Start application server
@@ -96,6 +112,21 @@ ${c.bright}Application commands:${c.reset}
   ${c.cyan}npx 0nmcp app validate <file>${c.reset}     Validate application structure
   ${c.cyan}npx 0nmcp app list${c.reset}                List installed applications
 
+${c.bright}Named Runs (Hotkeys):${c.reset}
+
+  ${c.cyan}npx 0nmcp commands${c.reset}                    List named RUNs from SWITCH file
+  ${c.cyan}npx 0nmcp <alias>${c.reset}                     Execute a named RUN
+  ${c.cyan}npx 0nmcp shell${c.reset}                       Interactive REPL (type /command)
+
+  Define commands in ~/.0n/0n-setup.0n:
+
+  {
+    "commands": {
+      "launch": { "type": "pipeline", "steps": [{ "action": "verify" }] },
+      "score":  { "type": "workflow", "workflow": "lead-scoring" }
+    }
+  }
+
 ${c.bright}Serve options:${c.reset}
 
   ${c.cyan}npx 0nmcp serve --port 3000 --host 0.0.0.0${c.reset}
@@ -226,6 +257,13 @@ ${c.bright}Links:${c.reset}
     }
   }
 
+  // Vault Container
+  if (command === 'vault') {
+    console.log(BANNER);
+    await handleVault(args.slice(1));
+    return;
+  }
+
   // App
   if (command === 'app') {
     console.log(BANNER);
@@ -249,9 +287,57 @@ ${c.bright}Links:${c.reset}
     return;
   }
 
+  // Commands — list named RUNs from SWITCH file
+  if (command === 'commands' || command === 'aliases') {
+    console.log(BANNER);
+    const cmds = listCommands();
+    if (cmds.length === 0) {
+      console.log(`${c.yellow}No commands defined.${c.reset}`);
+      console.log(`\nAdd a ${c.cyan}"commands"${c.reset} section to ${c.cyan}~/.0n/0n-setup.0n${c.reset}`);
+      console.log(`\nExample:`);
+      console.log(`  {`);
+      console.log(`    "commands": {`);
+      console.log(`      "launch": { "type": "pipeline", "steps": [{ "action": "verify" }] }`);
+      console.log(`    }`);
+      console.log(`  }`);
+      return;
+    }
+    console.log(`${c.bright}Named Runs:${c.reset}\n`);
+    for (const cmd of cmds) {
+      const typeTag = cmd.type === 'pipeline' ? `${c.blue}pipeline${c.reset}` : `${c.green}workflow${c.reset}`;
+      console.log(`  ${c.cyan}0nmcp ${cmd.alias}${c.reset}  ${cmd.description || cmd.name}  [${typeTag}]`);
+    }
+    console.log(`\n${c.bright}Tip:${c.reset} Run ${c.cyan}0nmcp shell${c.reset} for an interactive REPL where you can type ${c.cyan}/launch${c.reset}, ${c.cyan}/hello${c.reset}, etc.`);
+    return;
+  }
+
+  // Shell — interactive REPL
+  if (command === 'shell' || command === 'repl') {
+    console.log(BANNER);
+    await startShell();
+    return;
+  }
+
+  // Dynamic command aliases from SWITCH file
+  const switchCommands = loadCommands();
+  if (switchCommands.has(command)) {
+    console.log(BANNER);
+    const def = switchCommands.get(command);
+    const cliArgs = args.slice(1);
+    await runCommand(command, def, cliArgs);
+    return;
+  }
+
   // Unknown command
   console.log(`${c.red}Unknown command: ${command}${c.reset}`);
-  console.log(`Run ${c.cyan}npx 0nmcp help${c.reset} for usage`);
+  const switchCmds = listCommands();
+  if (switchCmds.length > 0) {
+    console.log(`\n${c.bright}Available named RUNs:${c.reset}`);
+    for (const cmd of switchCmds) {
+      console.log(`  ${c.cyan}0nmcp ${cmd.alias}${c.reset}  ${cmd.description || cmd.name}`);
+    }
+  }
+  console.log(`\nRun ${c.cyan}npx 0nmcp help${c.reset} for usage`);
   process.exit(1);
 }
 
@@ -454,6 +540,229 @@ async function interactiveConnect() {
   console.log(`  Saved to: ${filePath}`);
 }
 
+// ═══════════════════════════════════════════════════════════
+// Vault Container Commands (Patent Pending #63/990,046)
+// ═══════════════════════════════════════════════════════════
+
+function promptInput(prompt) {
+  return new Promise(resolve => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(prompt, answer => { rl.close(); resolve(answer); });
+  });
+}
+
+async function handleVault(args) {
+  const sub = args[0];
+
+  if (!sub || sub === 'help') {
+    console.log(`
+${c.bright}Vault Container Commands${c.reset} ${c.yellow}(Patent Pending #63/990,046)${c.reset}
+
+  ${c.cyan}vault create${c.reset}              Create a .0nv vault container
+    --layers <names>          Comma-separated layer names (default: all)
+    --passphrase <pass>       Encryption passphrase
+    --output <file>           Output file path
+
+  ${c.cyan}vault open <file>${c.reset}          Open/decrypt a .0nv container
+    --passphrase <pass>       Decryption passphrase
+    --layer <name>            Only decrypt this layer
+
+  ${c.cyan}vault inspect <file>${c.reset}       Inspect without decrypting
+
+  ${c.cyan}vault verify <file>${c.reset}        Verify Seal of Truth + Ed25519 signature
+
+  ${c.cyan}vault escrow create${c.reset}        Generate escrow keypairs
+    --parties <n>             Number of parties (1-8)
+
+  ${c.cyan}vault transfer <file>${c.reset}      Register a transfer
+    --to <recipient>          Recipient identifier
+
+  ${c.cyan}vault revoke <id>${c.reset}          Revoke a transfer ID
+
+${c.bright}7 Semantic Layers:${c.reset}
+  workflows, credentials, env_vars, mcp_configs,
+  site_profiles, ai_brain, audit_trail
+`);
+    return;
+  }
+
+  if (sub === 'create') {
+    const { assembleContainer, saveContainer } = await import('./vault/container.js');
+    const { LAYER_NAMES } = await import('./vault/layers.js');
+
+    const passphrase = getFlag(args, '--passphrase') || await promptInput('Passphrase: ');
+    const output = getFlag(args, '--output');
+    const layerStr = getFlag(args, '--layers');
+    const requestedLayers = layerStr ? layerStr.split(',').map(s => s.trim()) : LAYER_NAMES;
+
+    // Build layer data from ~/.0n directory
+    const layers = {};
+    for (const name of requestedLayers) {
+      if (!LAYER_NAMES.includes(name)) {
+        console.log(`${c.red}Invalid layer: ${name}${c.reset}`);
+        process.exit(1);
+      }
+      layers[name] = { placeholder: true, created: new Date().toISOString() };
+    }
+
+    console.log(`\n${c.bright}Creating vault container...${c.reset}`);
+    console.log(`  Layers: ${Object.keys(layers).join(', ')}`);
+
+    try {
+      const result = await assembleContainer({ layers, passphrase });
+      const homePath = path.join(os.homedir(), '.0n', 'vault');
+      if (!fs.existsSync(homePath)) fs.mkdirSync(homePath, { recursive: true });
+      const filePath = output || path.join(homePath, `${result.transferId}.0nv`);
+      saveContainer(result.buffer, filePath);
+
+      console.log(`\n${c.green}✓ Container created${c.reset}`);
+      console.log(`  Transfer ID:   ${c.cyan}${result.transferId}${c.reset}`);
+      console.log(`  Seal of Truth: ${c.cyan}${result.sealHex}${c.reset}`);
+      console.log(`  Layers:        ${result.layerCount}`);
+      console.log(`  Size:          ${result.buffer.length} bytes`);
+      console.log(`  File:          ${c.yellow}${filePath}${c.reset}`);
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'open') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: vault open <file.0nv>${c.reset}`); process.exit(1); }
+
+    const { disassembleContainer, loadContainer } = await import('./vault/container.js');
+    const passphrase = getFlag(args, '--passphrase') || await promptInput('Passphrase: ');
+    const layer = getFlag(args, '--layer');
+
+    try {
+      const buffer = loadContainer(file);
+      const result = await disassembleContainer(buffer, passphrase, layer ? [layer] : null);
+
+      console.log(`\n${c.green}✓ Container opened${c.reset}`);
+      console.log(`  Transfer ID: ${c.cyan}${result.metadata.transferId}${c.reset}`);
+      console.log(`  Seal valid:  ${result.seal.valid ? c.green + '✓' : c.red + '✗'}${c.reset}`);
+      console.log(`  Sig valid:   ${result.signature.valid ? c.green + '✓' : c.red + '✗'}${c.reset}`);
+      console.log(`  Layers:`);
+      for (const [name, data] of Object.entries(result.layers)) {
+        const preview = JSON.stringify(data).substring(0, 80);
+        console.log(`    ${c.cyan}${name}${c.reset}: ${preview}...`);
+      }
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'inspect') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: vault inspect <file.0nv>${c.reset}`); process.exit(1); }
+
+    const { inspectContainer, loadContainer } = await import('./vault/container.js');
+    try {
+      const buffer = loadContainer(file);
+      const info = inspectContainer(buffer);
+      console.log(`\n${c.bright}Container Inspection${c.reset}`);
+      console.log(JSON.stringify(info, null, 2));
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'verify') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: vault verify <file.0nv>${c.reset}`); process.exit(1); }
+
+    const { inspectContainer, loadContainer } = await import('./vault/container.js');
+    try {
+      const buffer = loadContainer(file);
+      const info = inspectContainer(buffer);
+      const verified = info.seal.valid && info.signature.valid;
+
+      console.log(`\n${verified ? c.green + '✓ VERIFIED' : c.red + '✗ FAILED'}${c.reset}`);
+      console.log(`  Seal of Truth: ${info.seal.valid ? c.green + 'Valid' : c.red + 'Invalid'}${c.reset} (${info.seal.algorithm})`);
+      console.log(`  Signature:     ${info.signature.valid ? c.green + 'Valid' : c.red + 'Invalid'}${c.reset} (${info.signature.algorithm})`);
+      console.log(`  Transfer ID:   ${info.metadata.transferId}`);
+      console.log(`  Created:       ${info.metadata.created}`);
+      console.log(`  Patent:        ${info.patent}`);
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'escrow') {
+    const escrowSub = args[1];
+    if (escrowSub === 'create') {
+      const { generatePartyKeys } = await import('./vault/escrow.js');
+      const count = parseInt(getFlag(args, '--parties') || '3');
+
+      console.log(`\n${c.bright}Generating ${count} escrow keypairs...${c.reset}`);
+      const parties = [];
+      for (let i = 0; i < count; i++) {
+        const party = generatePartyKeys();
+        parties.push(party);
+        console.log(`\n  ${c.cyan}Party ${i + 1}${c.reset} (${party.partyId}):`);
+        console.log(`    Public:  ${party.publicKey.toString('hex').substring(0, 32)}...`);
+        console.log(`    Secret:  ${party.secretKey.toString('hex').substring(0, 32)}...`);
+      }
+      console.log(`\n${c.green}✓ ${count} keypairs generated${c.reset}`);
+      console.log(`  ${c.yellow}Save secret keys securely. Share public keys for container creation.${c.reset}`);
+    }
+    return;
+  }
+
+  if (sub === 'transfer') {
+    const file = args[1];
+    if (!file) { console.log(`${c.red}Usage: vault transfer <file.0nv>${c.reset}`); process.exit(1); }
+
+    const { inspectContainer, loadContainer } = await import('./vault/container.js');
+    const { registerTransfer } = await import('./vault/registry.js');
+    const recipient = getFlag(args, '--to');
+
+    try {
+      const buffer = loadContainer(file);
+      const info = inspectContainer(buffer);
+      const result = registerTransfer(info.metadata.transferId, info.seal.hash, { recipient });
+
+      if (result.success) {
+        console.log(`\n${c.green}✓ Transfer registered${c.reset}`);
+        console.log(`  Transfer ID: ${c.cyan}${info.metadata.transferId}${c.reset}`);
+        if (recipient) console.log(`  Recipient:   ${recipient}`);
+      } else {
+        console.log(`\n${c.red}✗ ${result.error}${c.reset}`);
+      }
+    } catch (err) {
+      console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  if (sub === 'revoke') {
+    const transferId = args[1];
+    if (!transferId) { console.log(`${c.red}Usage: vault revoke <transferId>${c.reset}`); process.exit(1); }
+
+    const { revokeTransfer } = await import('./vault/registry.js');
+    const result = revokeTransfer(transferId);
+
+    if (result.success) {
+      console.log(`\n${c.green}✓ Transfer revoked: ${transferId}${c.reset}`);
+    } else {
+      console.log(`\n${c.red}✗ ${result.error}${c.reset}`);
+    }
+    return;
+  }
+
+  console.log(`${c.red}Unknown vault command: ${sub}${c.reset}`);
+  console.log(`Run ${c.cyan}0nmcp vault help${c.reset} for usage.`);
+}
+
 async function handleEngine(args) {
   const sub = args[0];
 
@@ -913,4 +1222,125 @@ async function handleApp(args) {
   process.exit(1);
 }
 
+async function startShell() {
+  const cmds = loadCommands();
+  const aliases = [...cmds.keys()];
+  const builtins = ['help', 'commands', 'list', 'exit', 'quit'];
+  const allCompletions = [...builtins, ...aliases];
+
+  console.log(`${c.bright}0nMCP Interactive Shell${c.reset}`);
+  console.log(`Type ${c.cyan}/command${c.reset} to run a named RUN, ${c.cyan}/commands${c.reset} to list, ${c.cyan}/exit${c.reset} to quit.\n`);
+
+  if (aliases.length > 0) {
+    console.log(`${c.bright}Available commands:${c.reset} ${aliases.map(a => c.cyan + '/' + a + c.reset).join(', ')}\n`);
+  }
+
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+    prompt: `${c.green}0n>${c.reset} `,
+    completer: (line) => {
+      const input = line.startsWith('/') ? line.slice(1) : line;
+      const hits = allCompletions.filter(c2 => c2.startsWith(input));
+      return [hits.map(h => '/' + h), line];
+    },
+  });
+
+  rl.prompt();
+
+  rl.on('line', async (line) => {
+    const input = line.trim();
+    if (!input) {
+      rl.prompt();
+      return;
+    }
+
+    // Strip leading / if present
+    const raw = input.startsWith('/') ? input.slice(1) : input;
+    const parts = raw.split(/\s+/);
+    const cmd = parts[0];
+    const cmdArgs = parts.slice(1);
+
+    if (cmd === 'exit' || cmd === 'quit') {
+      console.log(`\n${c.cyan}Goodbye!${c.reset}`);
+      rl.close();
+      process.exit(0);
+    }
+
+    if (cmd === 'help') {
+      console.log(`\n${c.bright}Shell Commands:${c.reset}`);
+      console.log(`  ${c.cyan}/commands${c.reset}   List all named RUNs`);
+      console.log(`  ${c.cyan}/list${c.reset}       Show connected services`);
+      console.log(`  ${c.cyan}/exit${c.reset}       Exit the shell`);
+      if (aliases.length > 0) {
+        console.log(`\n${c.bright}Named RUNs:${c.reset}`);
+        for (const a of aliases) {
+          const def = cmds.get(a);
+          console.log(`  ${c.cyan}/${a}${c.reset}  ${def.description || def.name || ''}`);
+        }
+      }
+      console.log('');
+      rl.prompt();
+      return;
+    }
+
+    if (cmd === 'commands') {
+      if (aliases.length === 0) {
+        console.log(`\n${c.yellow}No commands defined in SWITCH file.${c.reset}\n`);
+      } else {
+        console.log(`\n${c.bright}Named RUNs:${c.reset}`);
+        for (const a of aliases) {
+          const def = cmds.get(a);
+          console.log(`  ${c.cyan}/${a}${c.reset}  ${def.description || def.name || ''}`);
+        }
+        console.log('');
+      }
+      rl.prompt();
+      return;
+    }
+
+    if (cmd === 'list') {
+      const connectionsDir = path.join(DOT_ON_DIR, 'connections');
+      if (fs.existsSync(connectionsDir)) {
+        const files = fs.readdirSync(connectionsDir).filter(f => f.endsWith('.0n'));
+        console.log(`\n${c.bright}Connected Services:${c.reset}`);
+        for (const file of files) {
+          try {
+            const data = JSON.parse(fs.readFileSync(path.join(connectionsDir, file), 'utf8'));
+            console.log(`  ${c.green}●${c.reset} ${data.$0n?.name || data.service}`);
+          } catch {
+            console.log(`  ${c.red}●${c.reset} ${file} (error)`);
+          }
+        }
+        console.log('');
+      } else {
+        console.log(`\n${c.yellow}No connections found.${c.reset}\n`);
+      }
+      rl.prompt();
+      return;
+    }
+
+    // Try to run as a named command
+    if (cmds.has(cmd)) {
+      console.log('');
+      try {
+        await runCommand(cmd, cmds.get(cmd), cmdArgs);
+      } catch (err) {
+        console.log(`${c.red}Error: ${err.message}${c.reset}`);
+      }
+      console.log('');
+      rl.prompt();
+      return;
+    }
+
+    console.log(`${c.yellow}Unknown command: ${cmd}${c.reset}`);
+    console.log(`Type ${c.cyan}/help${c.reset} for available commands.`);
+    rl.prompt();
+  });
+
+  rl.on('close', () => {
+    process.exit(0);
+  });
+}
+
 main().catch(console.error);