@agentbridge1/cli 0.0.4 → 0.0.6

package/dist/error-catalog.js

@@ -44,7 +44,7 @@ const CATALOG = {
         title: "No active tracked work session.",
         what: "No active tracked work session was found for this command.",
         why: "Proof, verify, accept, and handoff require a bound work session.",
-        next: 'Run `agentbridge start --summary "<work>" --scope "<path>"` then `agentbridge watch`.',
+        next: "Run `agentbridge watch` beside Cursor for live supervision, or `agentbridge verify -- <test command>` to record proof.",
         blocksAcceptance: true,
     },
     WORK_CONTEXT_BINDING_REQUIRED: {
@@ -53,7 +53,7 @@ const CATALOG = {
         title: "Work session binding required.",
         what: "This command needs a linked local/server work session.",
         why: "The CLI and server must agree on the active change request and session.",
-        next: 'Run `agentbridge start --summary "<task>" --scope "<path>"` to create and bind a new session, or `agentbridge watch --change-request <id>` to bind an existing one.',
+        next: 'Run `agentbridge watch --allow-dirty` for default review, or `agentbridge watch --task "<task>" --scope "<path>"` for strict mode.',
         blocksAcceptance: true,
     },
     PROOF_STALE_AFTER_CHANGE: {
@@ -70,8 +70,8 @@ const CATALOG = {
         category: "SCOPE_DRIFT_ERROR",
         title: "Scope drift detected.",
         what: "The agent changed a file outside the declared scope.",
-        why: "Out-of-scope edits block acceptance until reviewed or rescoped.",
-        next: 'Options: (1) revert the out-of-scope file, (2) restart with an expanded scope via `agentbridge start --scope "<wider-path>"`, or (3) run `agentbridge handoff` before switching to a new scoped job.',
+        why: "Out-of-scope edits are not safe to trust until reviewed or rescoped.",
+        next: 'Options: (1) revert the out-of-scope file, (2) widen strict scope via `agentbridge watch --task "<work>" --scope "<wider-path>"`, or (3) split into a separate task.',
         blocksAcceptance: true,
     },
     HANDOFF_REQUIRED: {
@@ -176,9 +176,12 @@ const CATALOG = {
         code: "START_MISSING_ACTIVE_AGENT",
         category: "IDENTITY_ERROR",
         title: "No active agent configured.",
-        what: "Neither activeAgentId nor --agent was provided for start.",
-        why: "Start must bind work to a WorkIdentity in this project.",
-        next: "Run `agentbridge identity list` then `agentbridge use <agent-id>`, or pass --agent.",
+        what: "Neither activeAgentId nor --agent was provided for strict tracked start.",
+        why: "Strict tracked work (--summary/--scope, --resume, or --change-request) must bind to a WorkIdentity in this project.",
+        next: [
+            "For strict tracked work: run `agentbridge identity list` then `agentbridge use <agent-id>`, or pass --agent.",
+            "For room-level watching only: run `agentbridge start` with no strict flags.",
+        ].join("\n"),
     },
     START_EXECUTION_SURFACE_REQUIRED: {
         code: "START_EXECUTION_SURFACE_REQUIRED",
@@ -186,7 +189,13 @@ const CATALOG = {
         title: "Execution surface missing.",
         what: "No executionSurfaceId is saved in .agentbridge/config.json.",
         why: "The server needs a stable execution surface to open a tracked session.",
-        next: "Run `agentbridge watch --execution-surface <surface-id>` once to persist it.",
+        next: [
+            "Run:",
+            "  agentbridge connect --project <project-id> --api-key <key> --api-base-url <url>",
+            "Then:",
+            "  agentbridge doctor",
+            "If this continues, AgentBridge could not create an AgentConnection/execution surface for this project.",
+        ].join("\n"),
     },
     START_AGENT_INVALID: {
         code: "START_AGENT_INVALID",
@@ -231,10 +240,10 @@ const CATALOG = {
     START_CR_OWNERSHIP_MISMATCH: {
         code: "START_CR_OWNERSHIP_MISMATCH",
         category: "START_ERROR",
-        title: "Change request ownership mismatch.",
-        what: "The change request is owned by a different WorkIdentity than this API key.",
-        why: "Start cannot reassign an existing CR to another agent without authorization.",
-        next: "Use an API key bound to the CR owner, or start a new change request.",
+        title: "Tracked task belongs to another connected agent.",
+        what: "AgentBridge found an old tracked task owned by a different connected agent.",
+        why: "AgentBridge will not let one connected agent automatically take over another agent's tracked work.",
+        next: "Run `agentbridge watch` for live supervision, or switch back to the original connected agent if you intend to resume old tracked work.",
     },
     START_CR_NOT_EXECUTABLE: {
         code: "START_CR_NOT_EXECUTABLE",
@@ -287,6 +296,33 @@ const CATALOG = {
         next: "Run `agentbridge verify -- <command>` then `agentbridge check`.",
         blocksAcceptance: true,
     },
+    PROOF_TOO_WEAK: {
+        code: "PROOF_TOO_WEAK",
+        category: "PROOF_ERROR",
+        title: "Proof too weak.",
+        what: "Verification ran, but proof strength is below what this change requires.",
+        why: "High-risk or source changes need stronger proof than file-existence checks.",
+        next: "Rerun with a stronger command from proof guidance (e.g. `agentbridge verify -- npm test`).",
+        blocksAcceptance: true,
+    },
+    PROOF_NOT_RELEVANT: {
+        code: "PROOF_NOT_RELEVANT",
+        category: "PROOF_ERROR",
+        title: "Proof not relevant.",
+        what: "Recorded proof does not cover the files or impact of this change.",
+        why: "Proof must match the changed files — unrelated passing tests do not count.",
+        next: "Rerun verification scoped to the changed files listed in the acceptance report.",
+        blocksAcceptance: true,
+    },
+    PROOF_IMPACT_COVERAGE_GAP: {
+        code: "PROOF_IMPACT_COVERAGE_GAP",
+        category: "PROOF_ERROR",
+        title: "Proof impact coverage gap.",
+        what: "Proof exists but does not cover required impact areas for this work type.",
+        why: "Some change profiles require broader verification than a single lightweight check.",
+        next: "Run the minimum commands listed under proof guidance in `agentbridge check`.",
+        blocksAcceptance: true,
+    },
     PROOF_EVIDENCE_NOT_RECORDED: {
         code: "PROOF_EVIDENCE_NOT_RECORDED",
         category: "PROOF_ERROR",
@@ -335,7 +371,7 @@ const CATALOG = {
         title: "Work already closed.",
         what: "This change request or session is already in a terminal acceptance state.",
         why: "Accept and verify cannot mutate closed work.",
-        next: "Start a new scoped job with `agentbridge start`.",
+        next: "Run `agentbridge watch --allow-dirty` to review new coding work.",
         blocksAcceptance: true,
     },
     WORK_CONTEXT_SESSION_CR_MISMATCH: {
@@ -353,7 +389,7 @@ const CATALOG = {
         title: "Stale local session.",
         what: "Local session id no longer exists on the server.",
         why: "Watch and verify would track orphaned state.",
-        next: 'Local session state has been cleared. Run `agentbridge start --summary "<task>" --scope "<path>"` to begin fresh.',
+        next: 'Local session state has been cleared. Run `agentbridge watch --allow-dirty` to review current work.',
         blocksAcceptance: true,
     },
     WORK_CONTEXT_SCOPE_MISMATCH: {
@@ -362,7 +398,7 @@ const CATALOG = {
         title: "Session scope or task mismatch.",
         what: "The active session was started with a different task or scope than requested.",
         why: "Resuming the wrong session would silently corrupt proof and scope boundaries.",
-        next: 'Finish or abandon the current session (`agentbridge session abandon --reason "..."`) then rerun `agentbridge start --summary "<task>" --scope "<path>"`.',
+        next: 'Finish or abandon the current session (`agentbridge session abandon --reason "..."`) then rerun `agentbridge watch --task "<task>" --scope "<path>"`.',
         blocksAcceptance: true,
     },
     WORK_CONTEXT_AMBIGUOUS_SESSIONS: {
@@ -408,6 +444,9 @@ const SERVER_CODE_ALIASES = {
     proof_stale: "PROOF_STALE_AFTER_CHANGE",
     stale_evidence_after_change: "PROOF_STALE_AFTER_CHANGE",
     evidence_missing: "PROOF_MISSING",
+    proof_too_weak: "PROOF_TOO_WEAK",
+    proof_not_relevant: "PROOF_NOT_RELEVANT",
+    proof_impact_coverage_gap: "PROOF_IMPACT_COVERAGE_GAP",
     scope_drift: "SCOPE_DRIFT_OUT_OF_SCOPE_FILE",
     out_of_scope_file: "SCOPE_DRIFT_OUT_OF_SCOPE_FILE",
     cr_no_owner: "START_OWNER_UNRESOLVED",
@@ -418,11 +457,13 @@ const SERVER_CODE_ALIASES = {
     local_session_not_found: "WORK_CONTEXT_STALE_LOCAL_SESSION",
 };
 function mapServerCodeToCatalog(code) {
+    if (typeof code !== "string" || code.trim().length === 0)
+        return "";
     const normalized = code.toLowerCase();
     return SERVER_CODE_ALIASES[normalized] ?? code;
 }
 function catalogEntryForCode(code) {
-    if (!code)
+    if (!code || typeof code !== "string")
         return null;
     const direct = CATALOG[code];
     if (direct)

package/dist/gates.js

@@ -19,9 +19,9 @@ exports.ensureGatesFile = ensureGatesFile;
 const node_fs_1 = __importDefault(require("node:fs"));
 const node_path_1 = __importDefault(require("node:path"));
 exports.DEFAULT_GATES = {
-    rollout_proof_too_weak: "warn_only",
-    rollout_proof_not_relevant: "warn_only",
-    rollout_impact_coverage_gap: "warn_only",
+    rollout_proof_too_weak: "hard_fail",
+    rollout_proof_not_relevant: "hard_fail",
+    rollout_impact_coverage_gap: "hard_fail",
 };
 exports.STATS_HISTORY_CAP = 20;
 exports.GITIGNORE_SESSION_LINE = ".agentbridge/session.json";

package/dist/git-evidence.js

@@ -23,6 +23,8 @@ const PREFERRED_PREFIXES = [
     "db/",
     "prisma/",
     "supabase/",
+    "backend/",
+    "Hitch/",
     "lib/",
     "services/",
     "modules/",

package/dist/http.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CliMissingConfigError = exports.CliHttpError = void 0;
 exports.isCliHttpError = isCliHttpError;
 exports.parseCliHttpErrorBody = parseCliHttpErrorBody;
+exports.extractHttpErrorCode = extractHttpErrorCode;
 exports.postJson = postJson;
 exports.putJson = putJson;
 exports.getJson = getJson;
@@ -33,6 +34,34 @@ function parseCliHttpErrorBody(err) {
     }
     return null;
 }
+/** Extract a string error code from a parsed HTTP error body (handles nested error objects). */
+function extractHttpErrorCode(parsed) {
+    if (!parsed)
+        return "";
+    const topCode = parsed["code"];
+    if (typeof topCode === "string" && topCode.trim().length > 0) {
+        return topCode.trim();
+    }
+    const err = parsed["error"];
+    if (typeof err === "string" && err.trim().length > 0) {
+        return err.trim();
+    }
+    if (err !== null && typeof err === "object" && !Array.isArray(err)) {
+        const nested = err["code"];
+        if (typeof nested === "string" && nested.trim().length > 0) {
+            return nested.trim();
+        }
+        const nestedMessage = err["message"];
+        if (typeof nestedMessage === "string" && nestedMessage.trim().length > 0) {
+            return nestedMessage.trim();
+        }
+    }
+    const message = parsed["message"];
+    if (typeof message === "string" && message.trim().length > 0) {
+        return message.trim();
+    }
+    return "";
+}
 class CliMissingConfigError extends Error {
     code = "CONFIG_INCOMPLETE";
     constructor(message) {

package/dist/index.js

@@ -30,9 +30,10 @@ const bug_1 = require("./commands/bug");
 const autopilot_1 = require("./commands/autopilot");
 const attention_1 = require("./commands/attention");
 const recover_1 = require("./commands/recover");
+const proof_guidance_1 = require("./commands/proof-guidance");
 const node_path_1 = require("node:path");
 const node_child_process_1 = require("node:child_process");
-const node_fs_1 = require("node:fs");
+const mcp_runtime_1 = require("./mcp-runtime");
 const errors_1 = require("./errors");
 const cli_failure_log_1 = require("./cli-failure-log");
 const session_state_1 = require("./session-state");
@@ -48,15 +49,19 @@ const COMMAND_HELP = {
         "    Run `agentbridge connect` first to save credentials.\n",
     use: "  agentbridge use <agent-id>\n" +
         "    Set the active agent identity used by `watch` and `start`.\n",
-    start: "  agentbridge start [\"intent\"] [\"scope\"]\n" +
-        "  Advanced: agentbridge start --summary \"<summary>\" --scope \"<path-or-glob>\" [--domain <name>] [--agent <id>] [--change-request <cr_id>] [--resume]\n" +
-        "    Start supervised work. Without flags, proposes a smart work contract and asks for confirmation.\n" +
-        "    --resume  Continue the active change request/session instead of creating a new one.\n",
-    watch: "  agentbridge watch [--change-request <cr_id>] [--execution-surface <es_id>] [--allow-dirty] [--daemon] [--once]\n" +
-        "    Product entrypoint: AgentBridge infers coding context and reviews proof/scope risk.\n" +
-        "    --allow-dirty   Skip the pre-existing dirty-files prompt.\n" +
-        "    --daemon        Non-interactive mode: skip all prompts, auto-deny domain crossings.\n" +
-        "    --once          Run one startup/supervision pass and exit.\n",
+    start: "  agentbridge start [\"intent\"] [--details] [--yes]\n" +
+        "    Open or close a task checkpoint (not the live watcher).\n" +
+        "    For live supervision beside Cursor, run `agentbridge watch`.\n" +
+        "    Record proof: `agentbridge verify -- <test command>`.\n",
+    watch: "  agentbridge watch [--allow-dirty] [--once] [--daemon] [--details] [--task \"<summary>\"] [--scope \"<path>\"]\n" +
+        "    Primary live supervision command — run beside Cursor while the agent codes.\n" +
+        "    Shows MCP-declared intent and disk changes; warns on scope drift.\n" +
+        "    No --task or --scope required for normal use.\n" +
+        "    --task / --scope  Optional strict mode (both required together).\n" +
+        "    --allow-dirty     Skip the pre-existing dirty-files prompt.\n" +
+        "    --once            Run one supervision pass and exit.\n" +
+        "    --daemon          Non-interactive mode: skip prompts, auto-deny domain crossings.\n" +
+        "    --change-request / --execution-surface  Advanced session binding.\n",
     "setup-mcp": "  agentbridge setup-mcp [--editor cursor|windsurf|vscode]\n" +
         "    Print the MCP server configuration snippet to add to your editor.\n",
     mcp: "  agentbridge mcp\n" +
@@ -64,6 +69,8 @@ const COMMAND_HELP = {
     status: "  agentbridge status [--repair] [--json]\n    Show current work session status.\n",
     health: "  agentbridge health [--json]\n    Check project health against server.\n",
     check: "  agentbridge check [--json]\n    Check whether current work session can be accepted.\n",
+    "proof-guidance": "  agentbridge proof-guidance [--work-session <id>] [--change-request <id>] [--rollout-proof-too-weak warn_only|soft_fail|hard_fail]\n" +
+        "    Print deterministic proof guidance JSON for the current or specified session.\n",
     next: "  agentbridge next [--json]\n    Show the recommended next action.\n",
     verify: "  agentbridge verify [--json] -- <command>\n" +
         "    Run a command and verify output meets acceptance criteria.\n",
@@ -103,30 +110,26 @@ function usage(command, opts) {
         "Usage: agentbridge <command> [flags]",
         "",
         "Quick start:",
-        "  New repo:",
-        "    agentbridge doctor",
-        "    agentbridge start",
-        "  Existing repo:",
-        "    agentbridge doctor",
-        "    agentbridge recover",
-        "    agentbridge start",
+        "  agentbridge recover              Understand an existing repo (first time)",
+        "  agentbridge watch                Live supervision beside Cursor (primary watcher)",
+        "  agentbridge start [\"intent\"]     Task checkpoint / close (not the live watcher)",
+        "  agentbridge verify -- <command>  Record verification proof AgentBridge trusts",
         "",
-        "Commands:",
-        "  doctor         Check AgentBridge connection and repo readiness",
-        "  recover        Understand an existing repo before agents continue",
-        "  start          Start or attach to supervised agent work",
+        "Setup:",
+        "  agentbridge doctor               Check connection and repo readiness",
+        "  agentbridge connect              Save credentials (cloud projects)",
         "",
         "Advanced commands:",
-        "  connect        Save credentials and verify connection to a project",
+        "  start --task ... --scope ...     Strict scoped session (both flags required)",
         "  init           Recover domain map from git history and bootstrap the project",
         "  use            Set active agent identity",
-        "  watch          Watch for file changes (advanced/manual)",
-        "  start --summary ... --scope ...  Backward-compatible explicit start mode",
+        "  watch --task ... --scope ...     Strict scope mode (optional flags on watch)",
         "  setup-mcp      Print MCP server config for your editor",
         "  mcp            Start local MCP stdio server",
         "  status         Show current session status",
         "  health         Check project health",
         "  check          Check acceptance readiness",
+        "  proof-guidance Print deterministic proof guidance JSON",
         "  next           Show recommended next action",
         "  verify         Run command and verify output",
         "  handoff        Submit a handoff with proof of work",
@@ -269,27 +272,27 @@ async function main() {
         return;
     }
     if (command === "mcp") {
-        const repoRoot = (0, node_path_1.resolve)(__dirname, "..", "..");
-        const localMcpEntrypoint = (0, node_path_1.resolve)(repoRoot, "mcp", "agentbridge-mcp.ts");
-        if (!(0, node_fs_1.existsSync)(localMcpEntrypoint)) {
+        const runtime = (0, mcp_runtime_1.resolveMcpRuntime)(__dirname);
+        if (!runtime) {
             process.stderr.write([
                 "",
                 "AgentBridge MCP runtime is unavailable in this installation.",
                 "",
                 "Try:",
-                "  npm install -g @agentbridge/cli",
+                "  npm install -g @agentbridge1/cli@latest",
                 "  agentbridge doctor",
                 "",
             ].join("\n"));
             process.exit(2);
             return;
         }
-        const child = (0, node_child_process_1.spawnSync)("npx", ["tsx", localMcpEntrypoint], {
+        const child = (0, node_child_process_1.spawnSync)(runtime.command, runtime.args, {
             stdio: "inherit",
             env: process.env,
         });
         if (child.error) {
-            process.stderr.write(`Failed to start MCP server via npx/tsx: ${child.error.message}\n`);
+            const via = runtime.mode === "bundled" ? "node" : "npx/tsx";
+            process.stderr.write(`Failed to start MCP server via ${via}: ${child.error.message}\n`);
             process.exit(2);
             return;
         }
@@ -336,6 +339,7 @@ async function main() {
             allowDirty: flags["--allow-dirty"] === "true",
             daemon: flags["--daemon"] === "true",
             once: flags["--once"] === "true",
+            details: flags["--details"] === "true",
         });
         return;
     }
@@ -350,8 +354,11 @@ async function main() {
             scopeFlagProvided,
             domain: flags["--domain"],
             agentId: flags["--agent"],
+            executionSurfaceId: flags["--execution-surface"],
             changeRequestId: flags["--change-request"],
             resume: flags["--resume"] === "true",
+            details: flags["--details"] === "true",
+            confirmClose: flags["--yes"] === "true",
         });
         return;
     }
@@ -380,6 +387,16 @@ async function main() {
         await (0, check_1.runCheck)({ json: flags["--json"] === "true" });
         return;
     }
+    if (command === "proof-guidance") {
+        await (0, proof_guidance_1.runProofGuidance)({
+            workSessionId: flags["--work-session"],
+            changeRequestId: flags["--change-request"],
+            rolloutProofTooWeak: flags["--rollout-proof-too-weak"],
+            rolloutProofNotRelevant: flags["--rollout-proof-not-relevant"],
+            rolloutImpactCoverageGap: flags["--rollout-impact-coverage-gap"],
+        });
+        return;
+    }
     if (command === "next") {
         await (0, next_1.runNext)({ json: flags["--json"] === "true" });
         return;