@amistio/cli 0.1.0 → 0.1.1

package/dist/index.js

@@ -1,698 +1,2507 @@
 #!/usr/bin/env node
-import { createHash, randomUUID } from "node:crypto";
-import { writeFile } from "node:fs/promises";
-import path from "node:path";
+
+// src/index.ts
+import { createHash as createHash2, randomUUID } from "node:crypto";
+import { writeFile as writeFile7 } from "node:fs/promises";
+import path8 from "node:path";
 import { Command } from "commander";
-import { AMISTIO_API_URL_ENV, isOfficialAmistioApiUrl, officialAmistioApiUrl, parseRepositoryCloneUrl } from "@amistio/shared";
-import { cloneOrValidateRepository } from "./bootstrap.js";
-import { credentialKey, LocalCredentialStore } from "./credential-store.js";
-import { initControlPlane, inspectControlPlane, readProjectLink, writeProjectLink } from "./control-plane.js";
-import { ApiClient } from "./api-client.js";
-import { createOrchestrationPrompt, writePromptFile } from "./orchestrator.js";
-import { createToolRunPreview, detectLocalTools, runLocalTool } from "./local-tool-runner.js";
-import { normalizeSessionPolicy, selectToolSession } from "./session-policy.js";
-import { collectDirtyDocumentsForPush, collectSyncStatus, materializeBrainDocuments } from "./sync.js";
-import { LocalToolSessionStore } from "./tool-session-store.js";
-import { createWorkExecutionPrompt, parseBrainGenerationArtifacts } from "./work-runner.js";
-const program = new Command();
-const defaultRoot = process.env.INIT_CWD ?? process.cwd();
-const apiUrlOptionDescription = `Amistio API URL override (or ${AMISTIO_API_URL_ENV})`;
-program.name("amistio").description("Amistio project brain CLI").version("0.1.0");
-const CLI_VERSION = "0.1.0";
-program
-    .command("init")
-    .description("Create Amistio control-plane folders for a new project")
-    .option("--root <path>", "Repository root", defaultRoot)
-    .action(async (options) => {
-    const created = await initControlPlane(options.root);
-    console.log(created.length ? `Created ${created.length} control-plane folders.` : "Control-plane folders already exist.");
-});
-program
-    .command("onboard")
-    .description("Inspect and prepare an existing repository for Amistio")
-    .option("--root <path>", "Repository root", defaultRoot)
-    .action(async (options) => {
-    const result = await inspectControlPlane(options.root);
-    console.log(`Present: ${result.present.length ? result.present.join(", ") : "none"}`);
-    console.log(`Missing: ${result.missing.length ? result.missing.join(", ") : "none"}`);
-    if (result.missing.length) {
-        console.log("Run `amistio init` to create missing control-plane folders without overwriting existing files.");
-    }
-});
-program
-    .command("bootstrap")
-    .description("Clone a linked repository locally, prepare the control plane, and pair it with Amistio")
-    .requiredOption("--repo-url <url>", "Linked repository clone URL")
-    .requiredOption("--target <path>", "Local checkout target path")
-    .requiredOption("--account <accountId>", "Amistio account ID")
-    .requiredOption("--project <projectId>", "Amistio project ID")
-    .requiredOption("--repository-link <repositoryLinkId>", "Existing repository link ID")
-    .option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl())
-    .requiredOption("--pairing-code <code>", "Short-lived pairing code from the Amistio app")
-    .option("--default-branch <branch>", "Default branch", "main")
-    .action(async (options) => {
-    const parsedRepoUrl = parseRepositoryCloneUrl(options.repoUrl);
-    const checkout = await cloneOrValidateRepository({ repoUrl: parsedRepoUrl.cloneUrl, targetDir: options.target });
-    await initControlPlane(checkout.targetDir);
-    const pairing = await new ApiClient({
-        apiUrl: options.apiUrl,
-        accountId: options.account
-    }).consumePairingSession({
-        projectId: options.project,
-        pairingCode: options.pairingCode,
-        repositoryLinkId: options.repositoryLink,
-        repoName: parsedRepoUrl.repoName,
-        repoFingerprint: createRepoFingerprint(options.account, options.project, options.repositoryLink),
-        defaultBranch: options.defaultBranch
-    });
-    const filePath = await writeProjectLink(checkout.targetDir, {
-        amistioAccountId: options.account,
-        amistioProjectId: options.project,
-        repositoryLinkId: pairing.repositoryLink.repositoryLinkId,
-        defaultBranch: options.defaultBranch,
-        lastSyncedRevision: 0
-    });
-    await new LocalCredentialStore().set(credentialKey(options.account, options.project, pairing.repositoryLink.repositoryLinkId), pairing.token);
-    console.log(checkout.status === "cloned" ? `Cloned repository to ${checkout.targetDir}.` : `Validated existing checkout at ${checkout.targetDir}.`);
-    console.log(`Pairing confirmed for ${pairing.repositoryLink.repoName}.`);
-    console.log(`Wrote non-secret project metadata to ${filePath}.`);
-    console.log(`Next: cd ${formatShellArg(checkout.targetDir)} && amistio run${formatApiUrlFlag(options.apiUrl)} --watch`);
-});
-program
-    .command("pair")
-    .description("Pair this repository with an Amistio web project")
-    .requiredOption("--account <accountId>", "Amistio account ID")
-    .requiredOption("--project <projectId>", "Amistio project ID")
-    .option("--repository-link <repositoryLinkId>", "Existing repository link ID")
-    .option("--default-branch <branch>", "Default branch", "main")
-    .option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl())
-    .option("--pairing-code <code>", "Short-lived pairing code from the Amistio app")
-    .option("--token <token>", "Runner/device credential to store outside the repository")
-    .option("--root <path>", "Repository root", defaultRoot)
-    .action(async (options, command) => {
-    let repositoryLinkId = options.repositoryLink ?? `repo_${randomUUID()}`;
-    let credential = options.token;
-    if (options.pairingCode) {
-        const pairing = await new ApiClient({
-            apiUrl: options.apiUrl,
-            accountId: options.account,
-            ...(credential ? { token: credential } : {})
-        }).consumePairingSession({
-            projectId: options.project,
-            pairingCode: options.pairingCode,
-            repositoryLinkId,
-            repoName: inferRepoName(options.root),
-            repoFingerprint: createRepoFingerprint(options.account, options.project, repositoryLinkId),
-            defaultBranch: options.defaultBranch
-        });
-        repositoryLinkId = pairing.repositoryLink.repositoryLinkId;
-        credential = credential ?? pairing.token;
-        console.log(`Pairing confirmed for ${pairing.repositoryLink.repoName}.`);
-    }
-    const filePath = await writeProjectLink(options.root, {
-        amistioAccountId: options.account,
-        amistioProjectId: options.project,
-        repositoryLinkId,
-        defaultBranch: options.defaultBranch,
-        lastSyncedRevision: 0
-    });
-    if (credential) {
-        await new LocalCredentialStore().set(credentialKey(options.account, options.project, repositoryLinkId), credential);
-    }
-    if (!options.pairingCode && apiUrlOverrideWasRequested(command)) {
-        const session = await new ApiClient({
-            apiUrl: options.apiUrl,
-            accountId: options.account,
-            ...(credential ? { token: credential } : {})
-        }).createPairingSession(options.project);
-        console.log(`Pairing code: ${session.pairingCode}`);
-        console.log(`Expires at: ${session.expiresAt}`);
-    }
-    console.log(`Wrote non-secret project metadata to ${filePath}.`);
-});
-const sync = program.command("sync").description("Inspect or move project brain changes between the repo and Amistio");
-sync
-    .command("status")
-    .description("Show local sync status")
-    .option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl())
-    .option("--root <path>", "Repository root", defaultRoot)
-    .action(async (options) => {
-    const metadata = await readProjectLink(options.root);
-    if (!metadata) {
-        console.log("Repository is not paired. Run `amistio pair` first.");
-        return;
-    }
-    const context = await loadPairedApiContext(options.root, options.apiUrl);
-    const webDocuments = context ? await context.client.listBrainDocuments(metadata.amistioProjectId).then((result) => result.documents).catch(() => []) : [];
-    const report = await collectSyncStatus(options.root, webDocuments);
-    console.log(`Paired project: ${metadata.amistioProjectId}`);
-    console.log(`Repository link: ${metadata.repositoryLinkId}`);
-    console.log(`Last synced revision: ${metadata.lastSyncedRevision}`);
-    console.log(`Sync status: ${report.status}`);
-    console.log(`Clean: ${report.counts.clean}; Pending: ${report.counts.pending}; Dirty: ${report.counts.dirty}; Conflicted: ${report.counts.conflicted}`);
-    for (const item of report.items.filter((entry) => entry.status !== "clean")) {
-        console.log(`${item.status}: ${item.repoPath} - ${item.reason}`);
-    }
-});
-sync
-    .command("pull")
-    .description("Pull approved web changes into the repository")
-    .option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl())
-    .option("--root <path>", "Repository root", defaultRoot)
-    .action(async (options) => {
-    const context = await loadPairedApiContext(options.root, options.apiUrl);
-    if (!context) {
-        console.log("Repository is not paired. Run `amistio pair` first.");
-        return;
-    }
-    const { documents } = await context.client.listBrainDocuments(context.metadata.amistioProjectId);
-    const approvedDocuments = documents.filter((document) => document.syncState === "approved" || document.syncState === "synced");
-    const result = await materializeBrainDocuments(options.root, approvedDocuments);
-    for (const conflict of result.conflicts) {
-        console.log(`conflicted: ${conflict}`);
-    }
-    if (result.conflicts.length) {
-        process.exitCode = 1;
-        return;
-    }
-    const latestRevision = Math.max(context.metadata.lastSyncedRevision, ...approvedDocuments.map((document) => document.revision));
-    if (latestRevision !== context.metadata.lastSyncedRevision) {
-        await writeProjectLink(options.root, { ...context.metadata, lastSyncedRevision: latestRevision });
-    }
-    console.log(result.written.length ? `Pulled ${result.written.length} approved document${result.written.length === 1 ? "" : "s"}.` : "No approved web changes were pulled.");
-});
-sync
-    .command("push")
-    .description("Push local brain changes to Amistio for review")
-    .option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl())
-    .option("--root <path>", "Repository root", defaultRoot)
-    .action(async (options) => {
-    const context = await loadPairedApiContext(options.root, options.apiUrl);
-    if (!context) {
-        console.log("Repository is not paired. Run `amistio pair` first.");
-        return;
-    }
-    const dirtyDocuments = await collectDirtyDocumentsForPush(options.root, context.metadata);
-    if (!dirtyDocuments.length) {
-        console.log("No local brain changes were pushed.");
-        return;
-    }
-    const { documents } = await context.client.pushBrainDocuments(context.metadata.amistioProjectId, dirtyDocuments);
-    const conflictedDocuments = documents.filter((document) => document.syncState === "conflicted" || document.status === "conflicted");
-    if (conflictedDocuments.length) {
-        for (const document of conflictedDocuments) {
-            console.log(`conflicted: ${document.repoPath} - web and repository revisions both changed`);
-        }
-        process.exitCode = 1;
-        return;
-    }
-    await materializeBrainDocuments(options.root, documents, { allowDirtyOverwrite: true });
-    console.log(`Pushed ${documents.length} local document${documents.length === 1 ? "" : "s"} for web review.`);
-});
-const work = program.command("work").description("Inspect approved work items");
-work
-    .command("list")
-    .description("List queued work without claiming it")
-    .option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl())
-    .option("--root <path>", "Repository root", defaultRoot)
-    .action(async (options) => {
-    const context = await loadPairedApiContext(options.root, options.apiUrl);
-    if (!context) {
-        console.log("Repository is not paired. Run `amistio pair` first.");
-        return;
-    }
-    const { workItems } = await context.client.listWorkItems(context.metadata.amistioProjectId);
-    if (!workItems.length) {
-        console.log("No work items are queued for this project.");
-        return;
-    }
-    for (const item of workItems) {
-        console.log(`${item.workItemId} [${item.status}] ${item.title}`);
-    }
-});
-work
-    .command("prompt")
-    .description("Print or write an approved work prompt without claiming a runner lease")
-    .argument("[workItemId]", "Work item ID. Defaults to the newest approved work item.")
-    .option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl())
-    .option("--root <path>", "Repository root", defaultRoot)
-    .option("--out <path>", "Write the prompt to a file instead of stdout")
-    .action(async (workItemId, options) => {
-    const context = await loadPairedApiContext(options.root, options.apiUrl);
-    if (!context) {
-        console.log("Repository is not paired. Run `amistio pair` first.");
-        return;
-    }
-    const { workItems } = await context.client.listWorkItems(context.metadata.amistioProjectId);
-    const workItem = selectPromptWorkItem(workItems, workItemId);
-    if (!workItem) {
-        console.log(workItemId ? `No work item found for ${workItemId}.` : "No approved work item is ready for prompt export.");
-        return;
-    }
-    const prompt = createWorkExecutionPrompt(workItem);
-    if (options.out) {
-        await writeFile(options.out, prompt, "utf8");
-        console.log(`Wrote work prompt to ${options.out}.`);
-    }
-    else {
-        console.log(prompt);
-    }
-});
-program
-    .command("tools")
-    .description("List local AI coding tools that the Amistio CLI can use")
-    .action(async () => {
-    const tools = await detectLocalTools();
-    for (const tool of tools) {
-        const mode = tool.execution === "sdk" ? "sdk" : tool.execution === "command" ? "cli" : "--";
-        console.log(`${tool.available ? "yes" : "no "} ${mode} ${tool.name} - ${tool.description}`);
-    }
-    console.log("custom - pass --tool-command to use any other local runner command.");
-});
-program
-    .command("orchestrate")
-    .description("Update the Amistio control plane through a user-installed local AI tool")
-    .argument("[goal...]", "Goal or next-step instruction for the orchestration pass")
-    .option("--root <path>", "Repository root", defaultRoot)
-    .option("--tool <name>", "Local tool to use: auto, none, opencode, claude, codex, copilot, gemini, aider, cursor-agent", "auto")
-    .option("--tool-command <command>", "Custom local command. Use {promptFile} and {root} placeholders when supported")
-    .option("--session <policy>", "Tool session policy: auto, new, continue:<toolSessionId>, or none", "auto")
-    .option("--prompt-out <path>", "Write the generated orchestration prompt to a file before running")
-    .option("--dry-run", "Print the generated orchestration prompt without running a tool")
-    .option("--no-stream", "Capture local tool output instead of streaming it")
-    .action(async (goalParts, options) => {
-    const goal = goalParts?.join(" ").trim() || "Review the current repository state and update the Amistio control plane with the next useful orchestration steps.";
-    const prompt = await createOrchestrationPrompt({ rootDir: options.root, goal });
-    if (options.promptOut) {
-        const promptPath = await writePromptFile(options.promptOut, prompt);
-        console.log(`Wrote orchestration prompt to ${promptPath}.`);
-    }
-    if (options.dryRun || options.tool === "none") {
-        console.log(prompt);
-        return;
-    }
-    const sessionPolicy = normalizeSessionPolicy(options.session);
-    const preview = await createToolRunPreview({ rootDir: options.root, prompt, tool: options.tool, ...(options.toolCommand ? { toolCommand: options.toolCommand } : {}) });
-    console.log(`Running ${preview.toolName}: ${preview.displayCommand}`);
-    const result = await runLocalTool({
-        rootDir: options.root,
-        prompt,
-        tool: options.tool,
-        ...(options.toolCommand ? { toolCommand: options.toolCommand } : {}),
-        streamOutput: options.stream,
-        ...(sessionPolicy === "none" ? {} : { session: { toolSessionId: `local_orchestration_${randomUUID()}`, policy: sessionPolicy, decision: localSessionDecision(sessionPolicy) } })
-    });
-    if (!options.stream && result.stdout.trim()) {
-        console.log(result.stdout.trim());
+
+// ../shared/src/schemas.ts
+import { z } from "zod";
+var isoDateTimeSchema = z.string().datetime({ offset: true });
+var itemTypeSchema = z.enum([
+  "account",
+  "accountUser",
+  "accountInvite",
+  "accountSettings",
+  "user",
+  "project",
+  "repositoryLink",
+  "brainDocument",
+  "generatedDraft",
+  "syncCursor",
+  "syncConflict",
+  "workItem",
+  "runnerHeartbeat",
+  "runnerExecutionLog",
+  "toolSession",
+  "activityEvent",
+  "pairingSession"
+]);
+var documentTypeSchema = z.enum([
+  "architecture",
+  "context",
+  "decision",
+  "feature",
+  "memory",
+  "plan",
+  "prompt",
+  "workflow"
+]);
+var syncStateSchema = z.enum([
+  "draft",
+  "approved",
+  "synced",
+  "dirtyInRepo",
+  "dirtyInWeb",
+  "conflicted",
+  "archived"
+]);
+var workStatusSchema = z.enum([
+  "drafted",
+  "approved",
+  "synced",
+  "running",
+  "blocked",
+  "completed",
+  "changesRequested",
+  "failed",
+  "conflicted"
+]);
+var sourceSchema = z.enum(["web", "repo", "generated", "runner"]);
+var executionModeSchema = z.enum(["localRunner", "cloudSandbox"]);
+var workKindSchema = z.enum(["brainGeneration", "implementation"]);
+var generatedDraftStatusSchema = z.enum(["queued", "generating", "reviewing", "approved", "rejected", "changesRequested", "failed"]);
+var generatedBrainArtifactSchema = z.object({
+  documentType: documentTypeSchema,
+  title: z.string().trim().min(1),
+  repoPath: z.string().trim().min(1),
+  content: z.string().min(1)
+});
+var brainGenerationResultSchema = z.object({
+  artifacts: z.array(generatedBrainArtifactSchema).min(1),
+  summary: z.string().optional()
+});
+var sessionPolicySchema = z.union([z.enum(["auto", "new", "none"]), z.string().regex(/^continue:[A-Za-z0-9_.:-]+$/)]);
+var sessionDecisionSchema = z.enum(["created", "continued", "forcedNew", "forcedContinue", "notSupported", "skipped"]);
+var toolSessionStatusSchema = z.enum(["open", "active", "closed", "archived", "blocked", "unavailable"]);
+var sessionResumabilityScopeSchema = z.enum(["none", "localMachine", "repository", "account", "providerCloud"]);
+var repositoryLinkSourceSchema = z.enum(["web", "cli"]);
+var repositoryCloneStatusSchema = z.enum(["notCloned", "cloned", "validated", "failed"]);
+var baseItemSchema = z.object({
+  id: z.string().min(1),
+  type: itemTypeSchema,
+  schemaVersion: z.number().int().positive().default(1),
+  accountId: z.string().min(1),
+  projectId: z.string().min(1).optional(),
+  createdAt: isoDateTimeSchema,
+  updatedAt: isoDateTimeSchema
+});
+var accountItemSchema = baseItemSchema.extend({
+  type: z.literal("account"),
+  name: z.string().min(1),
+  slug: z.string().min(1)
+});
+var userItemSchema = baseItemSchema.extend({
+  type: z.literal("user"),
+  userId: z.string().min(1),
+  email: z.string().email(),
+  firstName: z.string(),
+  lastName: z.string()
+});
+var projectItemSchema = baseItemSchema.extend({
+  type: z.literal("project"),
+  projectId: z.string().min(1),
+  name: z.string().min(1),
+  slug: z.string().min(1),
+  description: z.string().optional()
+});
+var repositoryLinkItemSchema = baseItemSchema.extend({
+  type: z.literal("repositoryLink"),
+  projectId: z.string().min(1),
+  repositoryLinkId: z.string().min(1),
+  repoName: z.string().min(1),
+  repoFingerprint: z.string().min(1).optional(),
+  defaultBranch: z.string().min(1),
+  cloneUrl: z.string().min(1).optional(),
+  provider: z.string().min(1).optional(),
+  repoOwner: z.string().min(1).optional(),
+  repoFullName: z.string().min(1).optional(),
+  linkedByUserId: z.string().min(1).optional(),
+  linkSource: repositoryLinkSourceSchema.optional(),
+  cloneStatus: repositoryCloneStatusSchema.optional(),
+  lastValidatedAt: isoDateTimeSchema.optional(),
+  status: z.enum(["active", "revoked"]).default("active")
+});
+var brainDocumentItemSchema = baseItemSchema.extend({
+  type: z.literal("brainDocument"),
+  projectId: z.string().min(1),
+  documentId: z.string().min(1),
+  documentType: documentTypeSchema,
+  title: z.string().min(1),
+  status: z.string().min(1),
+  repoPath: z.string().min(1),
+  content: z.string(),
+  contentHash: z.string().min(1),
+  frontmatter: z.record(z.string(), z.unknown()).default({}),
+  revision: z.number().int().nonnegative(),
+  approvedRevision: z.number().int().nonnegative().optional(),
+  source: sourceSchema,
+  syncState: syncStateSchema
+});
+var generatedDraftItemSchema = baseItemSchema.extend({
+  type: z.literal("generatedDraft"),
+  projectId: z.string().min(1),
+  wishId: z.string().min(1),
+  title: z.string().min(1),
+  status: generatedDraftStatusSchema,
+  documentIds: z.array(z.string()).default([]),
+  wish: z.string().min(1).optional(),
+  requestedByUserId: z.string().min(1).optional(),
+  workItemId: z.string().min(1).optional(),
+  runnerId: z.string().min(1).optional(),
+  generationAttempt: z.number().int().nonnegative().optional(),
+  lastGenerationError: z.string().optional()
+});
+var syncCursorItemSchema = baseItemSchema.extend({
+  type: z.literal("syncCursor"),
+  projectId: z.string().min(1),
+  repositoryLinkId: z.string().min(1),
+  lastSyncedRevision: z.number().int().nonnegative(),
+  lastSyncedAt: isoDateTimeSchema.optional()
+});
+var syncConflictItemSchema = baseItemSchema.extend({
+  type: z.literal("syncConflict"),
+  projectId: z.string().min(1),
+  conflictId: z.string().min(1),
+  documentId: z.string().min(1),
+  repoPath: z.string().min(1),
+  webRevision: z.number().int().nonnegative(),
+  repoContentHash: z.string().min(1),
+  status: z.enum(["open", "resolved", "ignored"])
+});
+var workItemSchema = baseItemSchema.extend({
+  type: z.literal("workItem"),
+  projectId: z.string().min(1),
+  workItemId: z.string().min(1),
+  workKind: workKindSchema.optional(),
+  status: workStatusSchema,
+  executionMode: executionModeSchema.optional(),
+  title: z.string().min(1),
+  requestedBy: z.string().min(1),
+  approvedBy: z.string().min(1).optional(),
+  sourceWish: z.string().min(1).optional(),
+  generatedDraftId: z.string().min(1).optional(),
+  claimedByRunnerId: z.string().optional(),
+  leaseExpiresAt: isoDateTimeSchema.optional(),
+  attempt: z.number().int().nonnegative().default(0),
+  idempotencyKey: z.string().min(1),
+  sessionPolicy: sessionPolicySchema.optional(),
+  sessionGroupKey: z.string().min(1).optional(),
+  toolSessionId: z.string().min(1).optional(),
+  sessionDecision: sessionDecisionSchema.optional(),
+  sessionDecisionReason: z.string().min(1).optional(),
+  lastStatusMessage: z.string().optional(),
+  lastStatusAt: isoDateTimeSchema
+});
+var runnerHeartbeatItemSchema = baseItemSchema.extend({
+  type: z.literal("runnerHeartbeat"),
+  projectId: z.string().min(1),
+  runnerId: z.string().min(1),
+  repositoryLinkId: z.string().min(1),
+  status: z.enum(["online", "offline", "running", "blocked"]),
+  version: z.string().optional(),
+  lastSeenAt: isoDateTimeSchema
+});
+var runnerExecutionLogItemSchema = baseItemSchema.extend({
+  type: z.literal("runnerExecutionLog"),
+  projectId: z.string().min(1),
+  runnerLogId: z.string().min(1),
+  runnerId: z.string().min(1),
+  workKind: workKindSchema.optional(),
+  workItemId: z.string().min(1).optional(),
+  workTitle: z.string().min(1).optional(),
+  initiatedBy: z.string().min(1).optional(),
+  approvedBy: z.string().min(1).optional(),
+  status: z.enum(["claimed", "running", "completed", "failed", "blocked", "idle"]),
+  executionMode: executionModeSchema.optional(),
+  tool: z.string().min(1).optional(),
+  model: z.string().min(1).optional(),
+  attempt: z.number().int().nonnegative().optional(),
+  startedAt: isoDateTimeSchema.optional(),
+  endedAt: isoDateTimeSchema.optional(),
+  durationMs: z.number().int().nonnegative().optional(),
+  costUsd: z.number().nonnegative().optional(),
+  tokensIn: z.number().int().nonnegative().optional(),
+  tokensOut: z.number().int().nonnegative().optional(),
+  sessionPolicy: sessionPolicySchema.optional(),
+  sessionGroupKey: z.string().min(1).optional(),
+  toolSessionId: z.string().min(1).optional(),
+  sessionDecision: sessionDecisionSchema.optional(),
+  sessionDecisionReason: z.string().min(1).optional(),
+  message: z.string().optional(),
+  error: z.string().optional()
+});
+var toolSessionItemSchema = baseItemSchema.extend({
+  type: z.literal("toolSession"),
+  projectId: z.string().min(1),
+  toolSessionId: z.string().min(1),
+  repositoryLinkId: z.string().min(1).optional(),
+  tool: z.string().min(1),
+  provider: z.string().min(1).optional(),
+  model: z.string().min(1).optional(),
+  resumabilityScope: sessionResumabilityScopeSchema,
+  title: z.string().min(1),
+  summary: z.string().optional(),
+  tags: z.array(z.string().min(1)).default([]),
+  relatedDocumentIds: z.array(z.string().min(1)).default([]),
+  status: toolSessionStatusSchema,
+  createdByUserId: z.string().min(1).optional(),
+  runnerId: z.string().min(1).optional(),
+  lastWorkItemId: z.string().min(1).optional(),
+  lastActivityAt: isoDateTimeSchema,
+  messageCount: z.number().int().nonnegative().optional(),
+  estimatedInputTokens: z.number().int().nonnegative().optional(),
+  estimatedOutputTokens: z.number().int().nonnegative().optional(),
+  costUsd: z.number().nonnegative().optional(),
+  sessionGroupKey: z.string().min(1).optional(),
+  reusePolicy: sessionPolicySchema.optional(),
+  closedReason: z.string().optional()
+});
+var pairingSessionItemSchema = baseItemSchema.extend({
+  type: z.literal("pairingSession"),
+  pairingCodeHash: z.string().min(1),
+  projectId: z.string().min(1),
+  createdByUserId: z.string().min(1),
+  expiresAt: isoDateTimeSchema,
+  status: z.enum(["pending", "confirmed", "expired", "revoked"])
+});
+var projectItemUnionSchema = z.discriminatedUnion("type", [
+  projectItemSchema,
+  repositoryLinkItemSchema,
+  brainDocumentItemSchema,
+  generatedDraftItemSchema,
+  syncCursorItemSchema,
+  syncConflictItemSchema,
+  workItemSchema,
+  runnerHeartbeatItemSchema,
+  runnerExecutionLogItemSchema,
+  toolSessionItemSchema
+]);
+
+// ../shared/src/api-url.ts
+var AMISTIO_API_URL_ENV = "AMISTIO_API_URL";
+var OFFICIAL_AMISTIO_WEB_ORIGIN = "https://www.amistio.com";
+var API_PATH = "/api";
+var officialAmistioApiUrl = normalizeAmistioApiUrl(new URL(API_PATH, OFFICIAL_AMISTIO_WEB_ORIGIN).toString());
+function normalizeAmistioApiUrl(value) {
+  const parsed = new URL(value);
+  parsed.hash = "";
+  parsed.search = "";
+  if (parsed.pathname.length > 1 && parsed.pathname.endsWith("/")) {
+    parsed.pathname = parsed.pathname.slice(0, -1);
+  }
+  return parsed.toString().replace(/\/$/, "");
+}
+function isOfficialAmistioApiUrl(value) {
+  try {
+    return normalizeAmistioApiUrl(value) === officialAmistioApiUrl;
+  } catch {
+    return false;
+  }
+}
+
+// ../shared/src/repo-metadata.ts
+import { z as z2 } from "zod";
+var repoLinkMetadataSchema = z2.object({
+  amistioProjectId: z2.string().min(1),
+  amistioAccountId: z2.string().min(1),
+  repositoryLinkId: z2.string().min(1),
+  defaultBranch: z2.string().min(1).default("main"),
+  lastSyncedRevision: z2.coerce.number().int().nonnegative().default(0)
+});
+var syncedDocumentFrontmatterSchema = z2.object({
+  amistioDocumentId: z2.string().min(1),
+  amistioDocumentType: z2.string().min(1),
+  amistioRevision: z2.coerce.number().int().nonnegative(),
+  amistioContentHash: z2.string().min(1),
+  status: z2.string().optional()
+});
+function createProjectLinkMarkdown(metadata) {
+  return [
+    "---",
+    `amistioProjectId: ${metadata.amistioProjectId}`,
+    `amistioAccountId: ${metadata.amistioAccountId}`,
+    `repositoryLinkId: ${metadata.repositoryLinkId}`,
+    `defaultBranch: ${metadata.defaultBranch}`,
+    `lastSyncedRevision: ${metadata.lastSyncedRevision}`,
+    "---",
+    "",
+    "# Amistio Project Link",
+    "",
+    "This repository is paired with an Amistio project. Credentials are stored outside the repository on each user's machine.",
+    ""
+  ].join("\n");
+}
+
+// ../shared/src/repository-link.ts
+var scpStyleSshPattern = /^([A-Za-z0-9._-]+)@([A-Za-z0-9.-]+):(.+)$/;
+function parseRepositoryCloneUrl(input) {
+  const cloneUrl = input.trim();
+  if (!cloneUrl) {
+    throw new Error("Repository URL is required.");
+  }
+  if (isLocalPathLike(cloneUrl)) {
+    throw new Error("Use an HTTPS or SSH repository clone URL, not a local path.");
+  }
+  const scpMatch = scpStyleSshPattern.exec(cloneUrl);
+  if (scpMatch) {
+    const host = scpMatch[2];
+    const rawPath = scpMatch[3];
+    if (!host || !rawPath) {
+      throw new Error("Repository URL must include an owner and repository name.");
     }
-    if (!options.stream && result.stderr.trim()) {
-        console.error(result.stderr.trim());
+    return buildParsedRepositoryCloneUrl({ cloneUrl, protocol: "ssh", host, rawPath });
+  }
+  let url;
+  try {
+    url = new URL(cloneUrl);
+  } catch {
+    throw new Error("Repository URL must be a valid HTTPS or SSH clone URL.");
+  }
+  if (url.protocol === "file:") {
+    throw new Error("Use an HTTPS or SSH repository clone URL, not a local path.");
+  }
+  if (url.protocol !== "https:" && url.protocol !== "ssh:") {
+    throw new Error("Repository URL must use HTTPS or SSH.");
+  }
+  if (url.protocol === "https:" && (url.username || url.password)) {
+    throw new Error("Repository URL must not include embedded credentials.");
+  }
+  if (url.protocol === "ssh:" && url.password) {
+    throw new Error("Repository SSH URL must not include a password.");
+  }
+  if (url.search || url.hash) {
+    throw new Error("Repository URL must not include query strings or fragments.");
+  }
+  return buildParsedRepositoryCloneUrl({
+    cloneUrl,
+    protocol: url.protocol === "https:" ? "https" : "ssh",
+    host: url.hostname,
+    rawPath: url.pathname
+  });
+}
+function repositoryCloneUrlsMatch(firstUrl, secondUrl) {
+  try {
+    return parseRepositoryCloneUrl(firstUrl).normalizedKey === parseRepositoryCloneUrl(secondUrl).normalizedKey;
+  } catch {
+    return false;
+  }
+}
+function buildParsedRepositoryCloneUrl({ cloneUrl, host, protocol, rawPath }) {
+  const normalizedHost = host.trim().toLowerCase();
+  if (!normalizedHost) {
+    throw new Error("Repository URL must include a host.");
+  }
+  const pathWithoutSlash = normalizeRepoPath(rawPath);
+  const segments = pathWithoutSlash.split("/").filter(Boolean);
+  if (segments.length < 2) {
+    throw new Error("Repository URL must include an owner and repository name.");
+  }
+  const repoSegment = segments[segments.length - 1];
+  const ownerSegment = segments[segments.length - 2];
+  const repoName = stripGitSuffix(repoSegment ?? "");
+  if (!repoName || !ownerSegment) {
+    throw new Error("Repository URL must include an owner and repository name.");
+  }
+  const normalizedSegments = [...segments.slice(0, -1), repoName].map((segment) => segment.toLowerCase());
+  const provider = inferRepositoryProvider(normalizedHost);
+  const repoOwner = ownerSegment;
+  const repoFullName = `${repoOwner}/${repoName}`;
+  return {
+    cloneUrl,
+    protocol,
+    host: normalizedHost,
+    path: pathWithoutSlash,
+    repoName,
+    normalizedKey: `${normalizedHost}/${normalizedSegments.join("/")}`,
+    ...provider ? { provider } : {},
+    repoOwner,
+    repoFullName
+  };
+}
+function normalizeRepoPath(rawPath) {
+  const withoutLeadingSlash = rawPath.trim().replace(/^\/+/, "").replace(/\/+$/, "");
+  if (!withoutLeadingSlash || withoutLeadingSlash.includes("..")) {
+    throw new Error("Repository URL path is not supported.");
+  }
+  return withoutLeadingSlash;
+}
+function stripGitSuffix(value) {
+  return value.replace(/\.git$/i, "");
+}
+function inferRepositoryProvider(host) {
+  if (host === "github.com" || host.endsWith(".github.com")) return "github";
+  if (host === "gitlab.com" || host.endsWith(".gitlab.com")) return "gitlab";
+  if (host === "bitbucket.org" || host.endsWith(".bitbucket.org")) return "bitbucket";
+  if (host.endsWith("dev.azure.com") || host.endsWith("visualstudio.com")) return "azureDevOps";
+  return "other";
+}
+function isLocalPathLike(value) {
+  return value.startsWith("/") || value.startsWith("./") || value.startsWith("../") || value.startsWith("~/") || /^[A-Za-z]:[\\/]/.test(value);
+}
+
+// ../shared/src/sync.ts
+import { createHash } from "node:crypto";
+function sha256ContentHash(content) {
+  return createHash("sha256").update(content, "utf8").digest("hex");
+}
+function decideSyncState(state) {
+  const webChanged = Boolean(state.webHash && state.webHash !== state.lastSyncedHash);
+  const repoChanged = Boolean(state.repoHash && state.repoHash !== state.lastSyncedHash);
+  if (webChanged && repoChanged && state.webHash !== state.repoHash) {
+    return "conflict";
+  }
+  if (webChanged) {
+    return "pullWeb";
+  }
+  if (repoChanged) {
+    return "pushRepo";
+  }
+  return "clean";
+}
+
+// src/bootstrap.ts
+import { execFile } from "node:child_process";
+import { mkdir, readdir, stat } from "node:fs/promises";
+import path from "node:path";
+import { promisify } from "node:util";
+var execFileAsync = promisify(execFile);
+function buildGitCloneArgs(repoUrl, targetDir) {
+  return ["clone", repoUrl, targetDir];
+}
+async function cloneOrValidateRepository({ repoUrl, targetDir }) {
+  const resolvedTarget = path.resolve(targetDir);
+  const targetStat = await stat(resolvedTarget).catch((error) => {
+    if (isNotFoundError(error)) return void 0;
+    throw error;
+  });
+  if (!targetStat) {
+    await mkdir(path.dirname(resolvedTarget), { recursive: true });
+    await runGit(buildGitCloneArgs(repoUrl, resolvedTarget), "clone");
+    return { status: "cloned", targetDir: resolvedTarget };
+  }
+  if (!targetStat.isDirectory()) {
+    throw new Error("Bootstrap target exists and is not a directory.");
+  }
+  if (await isGitCheckout(resolvedTarget)) {
+    const originUrl = await runGit(["-C", resolvedTarget, "remote", "get-url", "origin"], "remote");
+    if (!repositoryCloneUrlsMatch(repoUrl, originUrl)) {
+      throw new Error("Bootstrap target is a Git checkout for a different repository.");
     }
-    if (result.exitCode !== 0) {
-        process.exitCode = result.exitCode;
+    return { status: "validated", targetDir: resolvedTarget, originUrl };
+  }
+  const entries = await readdir(resolvedTarget);
+  if (entries.length > 0) {
+    throw new Error("Bootstrap target exists, is not empty, and is not the linked repository checkout.");
+  }
+  await runGit(buildGitCloneArgs(repoUrl, resolvedTarget), "clone");
+  return { status: "cloned", targetDir: resolvedTarget };
+}
+async function isGitCheckout(targetDir) {
+  try {
+    const result = await runGit(["-C", targetDir, "rev-parse", "--is-inside-work-tree"], "rev-parse");
+    return result.trim() === "true";
+  } catch {
+    return false;
+  }
+}
+async function runGit(args, operation) {
+  try {
+    const { stdout } = await execFileAsync("git", args, { maxBuffer: 1024 * 1024 });
+    return stdout.trim();
+  } catch {
+    if (operation === "clone") {
+      throw new Error("git clone failed. Confirm local Git credentials can access the repository.");
     }
-});
-program
-    .command("run")
-    .description("Claim and run approved Amistio work locally")
-    .option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl())
-    .option("--runner-id <runnerId>", "Stable runner ID", `runner_${randomUUID()}`)
-    .option("--root <path>", "Repository root", defaultRoot)
-    .option("--tool <name>", "Local tool to use: auto, none, opencode, claude, codex, copilot, gemini, aider, cursor-agent", "auto")
-    .option("--tool-command <command>", "Custom local command. Use {promptFile} and {root} placeholders when supported")
-    .option("--session <policy>", "Tool session policy: auto, new, continue:<toolSessionId>, or none", "auto")
-    .option("--dry-run", "Claim work and print the generated execution prompt without running a tool")
-    .option("--watch", "Keep polling for approved work until stopped")
-    .option("--interval-seconds <seconds>", "Polling interval for --watch", parsePositiveInteger, 10)
-    .option("--max-iterations <count>", "Stop watch mode after this many polling attempts", parsePositiveInteger)
-    .option("--no-stream", "Capture local tool output instead of streaming it")
-    .action(async (options) => {
-    const context = await loadPairedApiContext(options.root, options.apiUrl);
-    if (!context) {
-        console.log("Repository is not paired. Run `amistio pair` first.");
-        return;
-    }
-    if (!context.token) {
-        console.log("No local runner credential found. Run `amistio pair --pairing-code <code>` to store this machine credential.");
-        process.exitCode = 1;
-        return;
-    }
-    if (options.watch) {
-        console.log(`Runner ${options.runnerId} is watching ${context.metadata.amistioProjectId} every ${options.intervalSeconds}s. Press Ctrl+C to stop.`);
-    }
-    let iterations = 0;
-    while (true) {
-        iterations += 1;
-        const result = await runNextWorkItem({
-            apiClient: context.client,
-            projectId: context.metadata.amistioProjectId,
-            repositoryLinkId: context.metadata.repositoryLinkId,
-            runnerId: options.runnerId,
-            root: options.root,
-            sessionPolicy: normalizeSessionPolicy(options.session),
-            tool: options.tool,
-            ...(options.toolCommand ? { toolCommand: options.toolCommand } : {}),
-            dryRun: Boolean(options.dryRun),
-            stream: options.stream
-        });
-        if (!options.watch || options.dryRun) {
-            if (result.exitCode !== 0) {
-                process.exitCode = result.exitCode;
-            }
-            return;
-        }
-        if (options.maxIterations !== undefined && iterations >= options.maxIterations) {
-            console.log(`Runner stopped after ${iterations} polling attempt${iterations === 1 ? "" : "s"}.`);
-            return;
-        }
-        if (result.status === "idle") {
-            console.log(`No approved work item is available. Checking again in ${options.intervalSeconds}s.`);
-        }
-        await delay(options.intervalSeconds * 1000);
+    if (operation === "remote") {
+      throw new Error("Could not read the target checkout origin remote.");
     }
-});
-async function runNextWorkItem({ apiClient, dryRun, projectId, repositoryLinkId, root, runnerId, sessionPolicy, stream, tool, toolCommand }) {
-    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
-    const result = await apiClient.claimWork(projectId, runnerId, repositoryLinkId);
-    if (!result.workItem) {
-        console.log("No approved work item is available.");
-        return { status: "idle", exitCode: 0 };
-    }
-    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "running", CLI_VERSION);
-    const prompt = createWorkExecutionPrompt(result.workItem);
-    if (dryRun || tool === "none") {
-        console.log(prompt);
-        await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
-        return { status: "preview", exitCode: 0 };
-    }
-    const preview = await createToolRunPreview({ rootDir: root, prompt, tool, ...(toolCommand ? { toolCommand } : {}) });
-    const sessionContext = await prepareToolSession({
-        apiClient,
-        projectId,
-        repositoryLinkId,
-        runnerId,
-        sessionPolicy: result.workItem.sessionPolicy ?? sessionPolicy,
-        toolName: preview.toolName,
-        supportsSessionReuse: preview.supportsSessionReuse,
-        resumabilityScope: preview.resumabilityScope,
-        workItem: result.workItem
+    throw new Error("Could not inspect the target Git checkout.");
+  }
+}
+function isNotFoundError(error) {
+  return Boolean(error && typeof error === "object" && "code" in error && error.code === "ENOENT");
+}
+
+// src/credential-store.ts
+import { chmod, mkdir as mkdir2, readFile, writeFile } from "node:fs/promises";
+import os from "node:os";
+import path2 from "node:path";
+var LocalCredentialStore = class {
+  constructor(filePath = path2.join(os.homedir(), ".config", "amistio", "credentials.json")) {
+    this.filePath = filePath;
+  }
+  filePath;
+  async set(key, value) {
+    const data = await this.read();
+    data.credentials[key] = value;
+    await mkdir2(path2.dirname(this.filePath), { recursive: true });
+    await writeFile(this.filePath, JSON.stringify(data, null, 2), { encoding: "utf8", mode: 384 });
+    await chmod(this.filePath, 384);
+  }
+  async get(key) {
+    const data = await this.read();
+    return data.credentials[key];
+  }
+  async read() {
+    try {
+      return JSON.parse(await readFile(this.filePath, "utf8"));
+    } catch {
+      return { credentials: {} };
+    }
+  }
+};
+function credentialKey(accountId, projectId, repositoryLinkId) {
+  return `${accountId}:${projectId}:${repositoryLinkId}`;
+}
+
+// src/control-plane.ts
+import { mkdir as mkdir3, readFile as readFile2, stat as stat2, writeFile as writeFile2 } from "node:fs/promises";
+import path3 from "node:path";
+var controlPlaneFolders = [
+  "architecture",
+  "context",
+  "decisions",
+  "features",
+  "memory",
+  "plans",
+  path3.join("prompts", "shared"),
+  "workflows"
+];
+async function initControlPlane(rootDir) {
+  const created = [];
+  for (const folder of controlPlaneFolders) {
+    const fullPath = path3.join(rootDir, folder);
+    if (!await exists(fullPath)) {
+      await mkdir3(fullPath, { recursive: true });
+      created.push(folder);
+    }
+  }
+  await writeIfMissing(
+    path3.join(rootDir, "AGENTS.md"),
+    "# Agents\n\nRoot control-plane folders are the project brain. Keep architecture, context, decisions, features, memory, plans, prompts, and workflows in sync with product intent.\n"
+  );
+  await writeIfMissing(path3.join(rootDir, "context", "product.md"), "# Product Context\n\nDescribe the product direction here.\n");
+  await writeIfMissing(path3.join(rootDir, "architecture", "overview.md"), "# Architecture Overview\n\nDescribe the system shape here.\n");
+  return created;
+}
+async function inspectControlPlane(rootDir) {
+  const present = [];
+  const missing = [];
+  for (const folder of controlPlaneFolders) {
+    if (await exists(path3.join(rootDir, folder))) {
+      present.push(folder);
+    } else {
+      missing.push(folder);
+    }
+  }
+  return { present, missing };
+}
+async function writeProjectLink(rootDir, metadata) {
+  const contextDir = path3.join(rootDir, "context");
+  await mkdir3(contextDir, { recursive: true });
+  const filePath = path3.join(contextDir, "amistio-project.md");
+  await writeFile2(filePath, createProjectLinkMarkdown(metadata), "utf8");
+  return filePath;
+}
+async function readProjectLink(rootDir) {
+  const filePath = path3.join(rootDir, "context", "amistio-project.md");
+  if (!await exists(filePath)) {
+    return void 0;
+  }
+  const content = await readFile2(filePath, "utf8");
+  const frontmatter = parseFrontmatter(content);
+  return repoLinkMetadataSchema.parse(frontmatter);
+}
+function parseFrontmatter(content) {
+  if (!content.startsWith("---\n")) {
+    return {};
+  }
+  const end = content.indexOf("\n---", 4);
+  if (end === -1) {
+    return {};
+  }
+  const lines = content.slice(4, end).split("\n");
+  return Object.fromEntries(
+    lines.map((line) => {
+      const separator = line.indexOf(":");
+      if (separator === -1) {
+        return void 0;
+      }
+      return [line.slice(0, separator).trim(), line.slice(separator + 1).trim()];
+    }).filter((entry) => Boolean(entry))
+  );
+}
+async function writeIfMissing(filePath, content) {
+  if (await exists(filePath)) {
+    return;
+  }
+  await writeFile2(filePath, content, "utf8");
+}
+async function exists(filePath) {
+  try {
+    await stat2(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/api-client.ts
+import { z as z3 } from "zod";
+var ApiClient = class {
+  constructor(options) {
+    this.options = options;
+  }
+  options;
+  async createPairingSession(projectId) {
+    return this.request(
+      "pairing-sessions",
+      z3.object({ pairingCode: z3.string(), expiresAt: z3.string() }),
+      {
+        method: "POST",
+        body: JSON.stringify({ projectId })
+      }
+    );
+  }
+  async consumePairingSession(input) {
+    return this.request(
+      "pairing-sessions",
+      z3.object({ repositoryLink: repositoryLinkItemSchema, token: z3.string().min(1) }),
+      {
+        method: "PATCH",
+        body: JSON.stringify(input)
+      }
+    );
+  }
+  async claimWork(projectId, runnerId, repositoryLinkId, leaseSeconds = 300) {
+    return this.request(
+      `/projects/${projectId}/work-items/claim`,
+      z3.object({ workItem: workItemSchema.optional() }).transform(({ workItem }) => ({ workItem })),
+      {
+        method: "POST",
+        body: JSON.stringify({ runnerId, repositoryLinkId, leaseSeconds })
+      }
+    );
+  }
+  async listWorkItems(projectId) {
+    return this.request(
+      `/projects/${projectId}/work-items`,
+      z3.object({ workItems: z3.array(workItemSchema) }),
+      { method: "GET" }
+    );
+  }
+  async listBrainDocuments(projectId) {
+    return this.request(
+      `/projects/${projectId}/brain-documents`,
+      z3.object({ documents: z3.array(brainDocumentItemSchema) }),
+      { method: "GET" }
+    );
+  }
+  async pushBrainDocuments(projectId, documents) {
+    return this.request(
+      `/projects/${projectId}/brain-documents`,
+      z3.object({ documents: z3.array(brainDocumentItemSchema) }),
+      {
+        method: "POST",
+        body: JSON.stringify({ documents })
+      }
+    );
+  }
+  async sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, status, version) {
+    return this.request(
+      `/projects/${projectId}/runners`,
+      z3.object({ runner: runnerHeartbeatItemSchema }),
+      {
+        method: "POST",
+        body: JSON.stringify({ runnerId, repositoryLinkId, status, ...version ? { version } : {}, lastSeenAt: (/* @__PURE__ */ new Date()).toISOString() })
+      }
+    );
+  }
+  async listToolSessions(projectId) {
+    return this.request(
+      `/projects/${projectId}/tool-sessions`,
+      z3.object({ toolSessions: z3.array(toolSessionItemSchema) }),
+      { method: "GET" }
+    );
+  }
+  async createToolSession(projectId, session) {
+    return this.request(
+      `/projects/${projectId}/tool-sessions`,
+      z3.object({ toolSession: toolSessionItemSchema }),
+      {
+        method: "POST",
+        body: JSON.stringify(session)
+      }
+    );
+  }
+  async updateToolSession(projectId, toolSessionId, session) {
+    return this.request(
+      `/projects/${projectId}/tool-sessions/${toolSessionId}`,
+      z3.object({ toolSession: toolSessionItemSchema }),
+      {
+        method: "PATCH",
+        body: JSON.stringify(session)
+      }
+    );
+  }
+  async updateWorkStatus(projectId, workItemId, status, idempotencyKey, runnerId, telemetry = {}) {
+    return this.request(
+      `/projects/${projectId}/work-items/${workItemId}/status`,
+      z3.object({ workItem: workItemSchema }),
+      {
+        method: "PATCH",
+        body: JSON.stringify({ status, idempotencyKey, ...runnerId ? { runnerId } : {}, ...telemetry })
+      }
+    );
+  }
+  async submitBrainGenerationResult(projectId, workItemId, result) {
+    return this.request(
+      `/projects/${projectId}/work-items/${workItemId}/generation-result`,
+      z3.object({ draft: generatedDraftItemSchema, documents: z3.array(brainDocumentItemSchema), workItem: workItemSchema }),
+      {
+        method: "POST",
+        body: JSON.stringify(result)
+      }
+    );
+  }
+  async request(urlPath, schema, init) {
+    const response = await fetch(resolveApiUrl(this.options.apiUrl, urlPath), {
+      ...init,
+      headers: {
+        "content-type": "application/json",
+        "x-amistio-account-id": this.options.accountId,
+        ...this.options.token ? { authorization: `Bearer ${this.options.token}` } : {}
+      }
     });
-    console.log(`Claimed ${result.workItem.workItemId}. Running ${preview.toolName}: ${preview.displayCommand}`);
-    const startedAt = Date.now();
-    const providerSessionStore = new LocalToolSessionStore();
-    const providerSessionId = sessionContext.toolSession
-        ? await providerSessionStore.getProviderSessionId(sessionContext.toolSession.toolSessionId, preview.toolName)
-        : undefined;
-    const toolResult = await runLocalTool({
-        rootDir: root,
-        prompt,
-        tool,
-        ...(toolCommand ? { toolCommand } : {}),
-        streamOutput: stream,
-        ...(sessionContext.toolSession
-            ? {
-                session: {
-                    toolSessionId: sessionContext.toolSession.toolSessionId,
-                    policy: sessionContext.policy,
-                    decision: sessionContext.decision,
-                    ...(providerSessionId ? { providerSessionId } : {})
-                }
-            }
-            : {})
-    }).catch(async (error) => {
-        await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "blocked", CLI_VERSION);
-        await markToolSessionBlocked(apiClient, projectId, sessionContext.toolSession, errorMessage(error));
-        throw error;
+    if (!response.ok) {
+      const detail = await response.text().catch(() => "");
+      throw new Error(`Amistio API request failed: ${response.status} ${response.statusText}${detail ? ` - ${detail}` : ""}`);
+    }
+    return schema.parse(await response.json());
+  }
+};
+var toolSessionMutationSchema = z3.object({
+  toolSessionId: z3.string().min(1).optional(),
+  repositoryLinkId: z3.string().min(1).optional(),
+  tool: z3.string().min(1).optional(),
+  provider: z3.string().min(1).optional(),
+  model: z3.string().min(1).optional(),
+  resumabilityScope: sessionResumabilityScopeSchema.optional(),
+  title: z3.string().min(1).optional(),
+  summary: z3.string().optional(),
+  tags: z3.array(z3.string()).optional(),
+  relatedDocumentIds: z3.array(z3.string()).optional(),
+  status: toolSessionStatusSchema.optional(),
+  createdByUserId: z3.string().min(1).optional(),
+  runnerId: z3.string().min(1).optional(),
+  lastWorkItemId: z3.string().min(1).optional(),
+  messageCount: z3.number().int().nonnegative().optional(),
+  estimatedInputTokens: z3.number().int().nonnegative().optional(),
+  estimatedOutputTokens: z3.number().int().nonnegative().optional(),
+  costUsd: z3.number().nonnegative().optional(),
+  sessionGroupKey: z3.string().min(1).optional(),
+  reusePolicy: sessionPolicySchema.optional(),
+  sessionDecision: sessionDecisionSchema.optional(),
+  closedReason: z3.string().optional()
+});
+function resolveApiUrl(apiUrl, urlPath) {
+  const base = apiUrl.endsWith("/") ? apiUrl.slice(0, -1) : apiUrl;
+  const path9 = urlPath.startsWith("/") ? urlPath : `/${urlPath}`;
+  return new URL(`${base}${path9}`);
+}
+
+// src/orchestrator.ts
+import { mkdir as mkdir4, writeFile as writeFile3 } from "node:fs/promises";
+import path4 from "node:path";
+async function createOrchestrationPrompt(options) {
+  const controlPlane = await inspectControlPlane(options.rootDir);
+  return [
+    "# Amistio Orchestration Task",
+    "",
+    "You are running locally through the Amistio CLI inside the user's repository.",
+    "Your job is to keep future agents on the same track by updating the Amistio control plane, not by rewriting the project from scratch.",
+    "",
+    "## Goal",
+    "",
+    options.goal,
+    "",
+    "## Orchestrator Principle",
+    "",
+    "The root control-plane files are the project brain. They exist so agentic coding sessions can continue from established context, decisions, memory, plans, workflows, and prompts instead of drifting into a fresh interpretation each time.",
+    "",
+    "## Repository Rules",
+    "",
+    "- Read AGENTS.md first when it exists.",
+    "- Read existing architecture, context, decisions, features, memory, plans, prompts, and workflows before proposing changes.",
+    "- Preserve existing intent. Add the next useful orchestration layer instead of replacing old content wholesale.",
+    "- Prefer small additive edits, dated notes, explicit decisions, focused plans, and executable prompts.",
+    "- Do not modify product source code unless the user's goal explicitly asks for implementation.",
+    "- Do not create a repo-local .amistio folder.",
+    "- Do not write access tokens, API keys, refresh tokens, local filesystem secrets, or machine-specific credentials into the repository.",
+    "- Do not commit changes.",
+    "",
+    "## Control-Plane Areas",
+    "",
+    "- AGENTS.md for agent operating rules.",
+    "- architecture/**/*.md for system shape and boundaries.",
+    "- context/**/*.md for product, stack, and implementation context.",
+    "- decisions/**/*.md for ADRs and durable choices.",
+    "- features/**/*.md for behavior specs and acceptance criteria.",
+    "- memory/**/*.md for lessons, patterns, and known pitfalls.",
+    "- plans/**/*.md for near-term execution plans.",
+    "- prompts/**/*.md for model-agnostic implementation prompts.",
+    "- workflows/**/*.md for repeatable procedures.",
+    "",
+    "## Current Control-Plane Folder Status",
+    "",
+    `Present: ${controlPlane.present.length ? controlPlane.present.join(", ") : "none"}`,
+    `Missing: ${controlPlane.missing.length ? controlPlane.missing.join(", ") : "none"}`,
+    "",
+    "## Expected Result",
+    "",
+    "- Update the smallest useful set of control-plane files needed to orient the next coding agent.",
+    "- Record any new decision, plan, prompt, workflow, memory, or context that prevents future drift.",
+    "- Keep old decisions visible. If something is superseded, say so explicitly instead of silently deleting it.",
+    "- Summarize changed files, why they changed, and the recommended next agent action."
+  ].join("\n");
+}
+async function writePromptFile(filePath, prompt) {
+  await mkdir4(path4.dirname(filePath), { recursive: true });
+  await writeFile3(filePath, prompt, "utf8");
+  return filePath;
+}
+
+// src/local-tool-runner.ts
+import { spawn } from "node:child_process";
+import { mkdtemp, rm, writeFile as writeFile4 } from "node:fs/promises";
+import os2 from "node:os";
+import path5 from "node:path";
+var localToolNames = ["opencode", "claude", "codex", "copilot", "gemini", "aider", "cursor-agent"];
+var localToolAdapters = [
+  {
+    name: "opencode",
+    description: "opencode SDK adapter using @opencode-ai/sdk, with CLI fallback.",
+    sdkPackageName: "@opencode-ai/sdk",
+    sdkDisplayCommand: "@opencode-ai/sdk createOpencode().client.session.prompt()",
+    sdkRequiresExecutable: true,
+    executable: "opencode",
+    supportsSessionReuse: true,
+    resumabilityScope: "localMachine",
+    runWithSdk: runOpencodeSdk,
+    buildInvocation: ({ prompt }) => ({
+      command: "opencode",
+      args: ["run", prompt],
+      displayCommand: "opencode run <generated prompt>"
+    })
+  },
+  {
+    name: "claude",
+    description: "Claude Agent SDK adapter using @anthropic-ai/claude-agent-sdk, with CLI fallback.",
+    sdkPackageName: "@anthropic-ai/claude-agent-sdk",
+    sdkDisplayCommand: "@anthropic-ai/claude-agent-sdk query()",
+    executable: "claude",
+    supportsSessionReuse: false,
+    resumabilityScope: "none",
+    runWithSdk: runClaudeSdk,
+    buildInvocation: ({ prompt }) => ({
+      command: "claude",
+      args: ["-p", prompt],
+      displayCommand: "claude -p <generated prompt>"
+    })
+  },
+  {
+    name: "codex",
+    description: "Codex SDK adapter using @openai/codex-sdk, with CLI fallback.",
+    sdkPackageName: "@openai/codex-sdk",
+    sdkDisplayCommand: "@openai/codex-sdk Codex.startThread().run()",
+    executable: "codex",
+    supportsSessionReuse: false,
+    resumabilityScope: "none",
+    runWithSdk: runCodexSdk,
+    buildInvocation: ({ prompt }) => ({
+      command: "codex",
+      args: ["exec", prompt],
+      displayCommand: "codex exec <generated prompt>"
+    })
+  },
+  {
+    name: "copilot",
+    description: "GitHub Copilot SDK adapter using @github/copilot-sdk.",
+    sdkPackageName: "@github/copilot-sdk",
+    sdkDisplayCommand: "@github/copilot-sdk CopilotClient.createSession().sendAndWait()",
+    supportsSessionReuse: false,
+    resumabilityScope: "none",
+    runWithSdk: runCopilotSdk
+  },
+  {
+    name: "gemini",
+    description: "Gemini CLI adapter using prompt mode.",
+    executable: "gemini",
+    supportsSessionReuse: false,
+    resumabilityScope: "none",
+    buildInvocation: ({ prompt }) => ({
+      command: "gemini",
+      args: ["-p", prompt],
+      displayCommand: "gemini -p <generated prompt>"
+    })
+  },
+  {
+    name: "aider",
+    description: "Aider CLI adapter using a one-shot message.",
+    executable: "aider",
+    supportsSessionReuse: false,
+    resumabilityScope: "none",
+    buildInvocation: ({ prompt }) => ({
+      command: "aider",
+      args: ["--yes", "--message", prompt],
+      displayCommand: "aider --yes --message <generated prompt>"
+    })
+  },
+  {
+    name: "cursor-agent",
+    description: "Cursor agent CLI adapter using prompt mode when installed.",
+    executable: "cursor-agent",
+    supportsSessionReuse: false,
+    resumabilityScope: "none",
+    buildInvocation: ({ prompt }) => ({
+      command: "cursor-agent",
+      args: ["-p", prompt],
+      displayCommand: "cursor-agent -p <generated prompt>"
+    })
+  }
+];
+function isLocalToolName(value) {
+  return localToolNames.includes(value);
+}
+async function detectLocalTools() {
+  return Promise.all(
+    localToolAdapters.map(async (adapter) => {
+      const sdkAvailable = await isSdkAvailable(adapter);
+      const commandAvailable = adapter.executable ? await commandExists(adapter.executable) : false;
+      return {
+        name: adapter.name,
+        description: adapter.description,
+        available: sdkAvailable || commandAvailable,
+        sdkAvailable,
+        commandAvailable,
+        execution: sdkAvailable ? "sdk" : commandAvailable ? "command" : "unavailable",
+        supportsSessionReuse: Boolean(adapter.supportsSessionReuse),
+        resumabilityScope: adapter.resumabilityScope ?? "none"
+      };
+    })
+  );
+}
+async function runLocalTool(options) {
+  const promptTempDir = await mkdtemp(path5.join(os2.tmpdir(), "amistio-prompt-"));
+  const promptFilePath = path5.join(promptTempDir, "prompt.md");
+  await writeFile4(promptFilePath, options.prompt, "utf8");
+  try {
+    const runnerOptions = {
+      rootDir: options.rootDir,
+      prompt: options.prompt,
+      promptFilePath,
+      tool: options.tool ?? "auto"
+    };
+    if (options.toolCommand) {
+      runnerOptions.toolCommand = options.toolCommand;
+    }
+    const runner = await createToolRunner(runnerOptions);
+    const result = await executeToolRunner(runner, {
+      rootDir: options.rootDir,
+      prompt: options.prompt,
+      promptFilePath,
+      streamOutput: Boolean(options.streamOutput),
+      ...options.session ? { session: options.session } : {}
     });
-    if (sessionContext.toolSession && toolResult.providerSessionId) {
-        await providerSessionStore.setProviderSessionId(sessionContext.toolSession.toolSessionId, preview.toolName, toolResult.providerSessionId);
-    }
-    if (!stream && toolResult.stdout.trim()) {
-        console.log(toolResult.stdout.trim());
-    }
-    if (!stream && toolResult.stderr.trim()) {
-        console.error(toolResult.stderr.trim());
-    }
-    if (result.workItem.workKind === "brainGeneration") {
-        return finalizeBrainGenerationWork({
-            apiClient,
-            durationMs: Date.now() - startedAt,
-            projectId,
-            repositoryLinkId,
-            runnerId,
-            sessionContext,
-            toolName: preview.toolName,
-            toolResult,
-            workItem: result.workItem
-        });
+    return {
+      toolName: runner.toolName,
+      displayCommand: runner.kind === "sdk" ? runner.displayCommand : runner.invocation.displayCommand,
+      supportsSessionReuse: runner.kind === "sdk" ? Boolean(runner.adapter.supportsSessionReuse) : false,
+      resumabilityScope: runner.kind === "sdk" ? runner.adapter.resumabilityScope ?? "none" : "none",
+      ...result
+    };
+  } finally {
+    await rm(promptTempDir, { recursive: true, force: true });
+  }
+}
+async function createToolRunPreview(options) {
+  const promptFilePath = path5.join(os2.tmpdir(), "amistio-generated-prompt.md");
+  const runnerOptions = {
+    rootDir: options.rootDir,
+    prompt: options.prompt,
+    promptFilePath,
+    tool: options.tool ?? "auto"
+  };
+  if (options.toolCommand) {
+    runnerOptions.toolCommand = options.toolCommand;
+  }
+  const runner = await createToolRunner(runnerOptions);
+  return {
+    toolName: runner.toolName,
+    displayCommand: runner.kind === "sdk" ? runner.displayCommand : runner.invocation.displayCommand,
+    supportsSessionReuse: runner.kind === "sdk" ? Boolean(runner.adapter.supportsSessionReuse) : false,
+    resumabilityScope: runner.kind === "sdk" ? runner.adapter.resumabilityScope ?? "none" : "none"
+  };
+}
+function createCustomToolInvocation(commandTemplate, input) {
+  const displayCommand = commandTemplate.replaceAll("{promptFile}", shellQuote(input.promptFilePath)).replaceAll("{root}", shellQuote(input.rootDir));
+  return {
+    command: displayCommand,
+    args: [],
+    displayCommand,
+    shell: true,
+    ...commandTemplate.includes("{promptFile}") ? {} : { stdin: input.prompt }
+  };
+}
+async function createToolRunner(options) {
+  if (options.toolCommand) {
+    return {
+      toolName: "custom",
+      kind: "command",
+      invocation: createCustomToolInvocation(options.toolCommand, options)
+    };
+  }
+  const tool = normalizeToolRequest(options.tool);
+  if (tool === "none") {
+    throw new Error("No local tool selected. Use --tool auto, a supported tool name, or --tool-command.");
+  }
+  const adapter = tool === "auto" ? await selectFirstAvailableAdapter() : await selectRequestedAdapter(tool);
+  if (adapter.runWithSdk && await isSdkAvailable(adapter)) {
+    return {
+      toolName: adapter.name,
+      kind: "sdk",
+      displayCommand: adapter.sdkDisplayCommand ?? `${adapter.name} SDK`,
+      adapter
+    };
+  }
+  if (adapter.buildInvocation && adapter.executable && await commandExists(adapter.executable)) {
+    return {
+      toolName: adapter.name,
+      kind: "command",
+      invocation: adapter.buildInvocation(options)
+    };
+  }
+  throw new Error(`The ${adapter.name} SDK or executable was not found. Install the SDK/runtime or pass --tool-command.`);
+}
+async function executeToolRunner(runner, input) {
+  if (runner.kind === "command") {
+    return executeToolInvocation(runner.invocation, input.rootDir, input.streamOutput);
+  }
+  try {
+    return await runner.adapter.runWithSdk(input);
+  } catch (error) {
+    if (runner.adapter.buildInvocation && runner.adapter.executable && await commandExists(runner.adapter.executable)) {
+      const fallback = runner.adapter.buildInvocation(input);
+      const result = await executeToolInvocation(fallback, input.rootDir, input.streamOutput);
+      const sdkFailure = `SDK execution for ${runner.adapter.name} failed, fell back to ${fallback.displayCommand}: ${errorMessage(error)}`;
+      return {
+        ...result,
+        stderr: result.stderr ? `${sdkFailure}
+${result.stderr}` : sdkFailure
+      };
+    }
+    throw error;
+  }
+}
+function normalizeToolRequest(value) {
+  if (value === "auto" || value === "none" || isLocalToolName(value)) {
+    return value;
+  }
+  throw new Error(`Unsupported local tool: ${value}. Supported tools: auto, none, ${localToolNames.join(", ")}.`);
+}
+async function selectFirstAvailableAdapter() {
+  for (const adapter of localToolAdapters) {
+    const sdkAvailable = await isSdkAvailable(adapter);
+    const commandAvailable = adapter.executable ? await commandExists(adapter.executable) : false;
+    if (sdkAvailable || commandAvailable) {
+      return adapter;
     }
-    const finalStatus = toolResult.exitCode === 0 ? "completed" : "failed";
-    const durationMs = Date.now() - startedAt;
-    const failureExcerpt = toolResult.exitCode === 0 ? undefined : truncateLogExcerpt(toolResult.stderr || toolResult.stdout);
-    const updatedToolSession = await finalizeToolSession({
-        apiClient,
-        projectId,
-        status: finalStatus,
-        runnerId,
-        workItemId: result.workItem.workItemId,
-        stdout: toolResult.stdout,
-        ...(sessionContext.toolSession ? { session: sessionContext.toolSession } : {}),
-        ...(toolResult.messageCount !== undefined ? { messageCount: toolResult.messageCount } : {}),
-        ...(toolResult.tokensIn !== undefined ? { tokensIn: toolResult.tokensIn } : {}),
-        ...(toolResult.tokensOut !== undefined ? { tokensOut: toolResult.tokensOut } : {}),
-        ...(toolResult.costUsd !== undefined ? { costUsd: toolResult.costUsd } : {})
+  }
+  throw new Error(
+    `No supported local AI tool was found. Install one of ${localToolNames.join(", ")} or pass --tool-command "your-tool --prompt-file {promptFile}".`
+  );
+}
+async function selectRequestedAdapter(tool) {
+  const adapter = localToolAdapters.find((candidate) => candidate.name === tool);
+  if (!adapter) {
+    throw new Error(`Unsupported local tool: ${tool}.`);
+  }
+  if (await isSdkAvailable(adapter)) {
+    return adapter;
+  }
+  if (adapter.executable && await commandExists(adapter.executable)) {
+    return adapter;
+  }
+  throw new Error(`The ${tool} SDK or executable was not found. Install it or pass --tool-command.`);
+}
+async function isSdkAvailable(adapter) {
+  if (!adapter.sdkPackageName || !adapter.runWithSdk) {
+    return false;
+  }
+  if (adapter.sdkRequiresExecutable && adapter.executable && !await commandExists(adapter.executable)) {
+    return false;
+  }
+  return packageAvailable(adapter.sdkPackageName);
+}
+async function packageAvailable(packageName) {
+  try {
+    await import(packageName);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function commandExists(command) {
+  const lookupCommand = process.platform === "win32" ? "where" : "which";
+  return new Promise((resolve) => {
+    const lookup = spawn(lookupCommand, [command], { stdio: "ignore" });
+    lookup.on("error", () => resolve(false));
+    lookup.on("close", (exitCode) => resolve(exitCode === 0));
+  });
+}
+async function executeToolInvocation(invocation, rootDir, streamOutput) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(invocation.command, invocation.args, {
+      cwd: rootDir,
+      env: process.env,
+      shell: invocation.shell ?? false,
+      stdio: ["pipe", "pipe", "pipe"]
     });
-    const statusResult = await apiClient.updateWorkStatus(projectId, result.workItem.workItemId, finalStatus, `run_${result.workItem.workItemId}_${randomUUID()}`, runnerId, {
-        tool: preview.toolName,
-        durationMs,
-        message: `${preview.toolName} exited with code ${toolResult.exitCode}.`,
-        sessionPolicy: sessionContext.policy,
-        sessionDecision: sessionContext.decision,
-        sessionDecisionReason: sessionContext.reason,
-        ...(updatedToolSession ? { toolSessionId: updatedToolSession.toolSessionId } : {}),
-        ...(updatedToolSession?.sessionGroupKey ? { sessionGroupKey: updatedToolSession.sessionGroupKey } : {}),
-        ...(toolResult.tokensIn !== undefined ? { tokensIn: toolResult.tokensIn } : {}),
-        ...(toolResult.tokensOut !== undefined ? { tokensOut: toolResult.tokensOut } : {}),
-        ...(toolResult.costUsd !== undefined ? { costUsd: toolResult.costUsd } : {}),
-        ...(failureExcerpt ? { error: failureExcerpt } : {})
+    let stdout = "";
+    let stderr = "";
+    child.on("error", reject);
+    child.stdout.setEncoding("utf8");
+    child.stderr.setEncoding("utf8");
+    child.stdout.on("data", (chunk) => {
+      stdout += chunk;
+      if (streamOutput) {
+        process.stdout.write(chunk);
+      }
     });
-    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
-    const durationSeconds = Math.round(durationMs / 1000);
-    console.log(`Marked ${statusResult.workItem.workItemId} ${statusResult.workItem.status} after ${durationSeconds}s.`);
-    return { status: finalStatus, exitCode: toolResult.exitCode };
-}
-async function finalizeBrainGenerationWork({ apiClient, durationMs, projectId, repositoryLinkId, runnerId, sessionContext, toolName, toolResult, workItem }) {
-    let artifacts;
-    let generationError;
-    if (toolResult.exitCode === 0) {
-        try {
-            artifacts = parseBrainGenerationArtifacts(`${toolResult.stdout}\n${toolResult.stderr}`);
+    child.stderr.on("data", (chunk) => {
+      stderr += chunk;
+      if (streamOutput) {
+        process.stderr.write(chunk);
+      }
+    });
+    child.stdin.on("error", () => void 0);
+    if (invocation.stdin) {
+      child.stdin.write(invocation.stdin);
+    }
+    child.stdin.end();
+    child.on("close", (exitCode) => {
+      resolve({ exitCode: exitCode ?? 1, stdout, stderr });
+    });
+  });
+}
+async function runOpencodeSdk(input) {
+  const { createOpencode } = await import("@opencode-ai/sdk");
+  const previousDirectory = process.cwd();
+  process.chdir(input.rootDir);
+  try {
+    const opencode = await createOpencode({ timeout: 1e4 });
+    try {
+      let providerSessionId = input.session?.providerSessionId;
+      if (!providerSessionId) {
+        const sessionResult = await opencode.client.session.create({
+          query: { directory: input.rootDir },
+          body: { title: "Amistio orchestration" }
+        });
+        if (sessionResult.error || !sessionResult.data) {
+          throw new Error(`opencode session create failed: ${JSON.stringify(sessionResult.error ?? "missing data")}`);
         }
-        catch (error) {
-            generationError = errorMessage(error);
+        providerSessionId = sessionResult.data.id;
+      }
+      const promptResult = await opencode.client.session.prompt({
+        path: { id: providerSessionId },
+        query: { directory: input.rootDir },
+        body: { parts: [{ type: "text", text: input.prompt }] }
+      });
+      if (promptResult.error || !promptResult.data) {
+        throw new Error(`opencode prompt failed: ${JSON.stringify(promptResult.error ?? "missing data")}`);
+      }
+      const stdout = extractTextParts(promptResult.data.parts);
+      if (input.streamOutput && stdout) {
+        process.stdout.write(stdout);
+      }
+      return { exitCode: 0, stdout, stderr: "", providerSessionId, messageCount: 1 };
+    } finally {
+      opencode.server.close();
+    }
+  } finally {
+    process.chdir(previousDirectory);
+  }
+}
+async function runClaudeSdk(input) {
+  const { query } = await import("@anthropic-ai/claude-agent-sdk");
+  let stdout = "";
+  let stderr = "";
+  let exitCode = 0;
+  for await (const message of query({
+    prompt: input.prompt,
+    options: {
+      cwd: input.rootDir,
+      permissionMode: "default",
+      tools: { type: "preset", preset: "claude_code" },
+      env: {
+        ...process.env,
+        CLAUDE_AGENT_SDK_CLIENT_APP: "amistio-cli/0.1.0"
+      }
+    }
+  })) {
+    if (isRecord(message) && message.type === "result") {
+      if (message.subtype === "success" && typeof message.result === "string") {
+        stdout += message.result;
+        if (input.streamOutput) {
+          process.stdout.write(message.result);
         }
+      } else {
+        exitCode = 1;
+        const resultMessage = message;
+        const errors = Array.isArray(resultMessage.errors) ? resultMessage.errors.map(String).join("\n") : "Claude Agent SDK execution failed.";
+        stderr += errors;
+      }
     }
-    else {
-        generationError = truncateLogExcerpt(toolResult.stderr || toolResult.stdout) || `${toolName} exited with code ${toolResult.exitCode}.`;
-    }
-    const finalStatus = artifacts ? "completed" : "failed";
-    const updatedToolSession = await finalizeToolSession({
-        apiClient,
-        projectId,
-        status: finalStatus,
-        runnerId,
-        workItemId: workItem.workItemId,
-        stdout: toolResult.stdout,
-        ...(sessionContext.toolSession ? { session: sessionContext.toolSession } : {}),
-        ...(toolResult.messageCount !== undefined ? { messageCount: toolResult.messageCount } : {}),
-        ...(toolResult.tokensIn !== undefined ? { tokensIn: toolResult.tokensIn } : {}),
-        ...(toolResult.tokensOut !== undefined ? { tokensOut: toolResult.tokensOut } : {}),
-        ...(toolResult.costUsd !== undefined ? { costUsd: toolResult.costUsd } : {})
+  }
+  return { exitCode, stdout, stderr };
+}
+async function runCodexSdk(input) {
+  const { Codex } = await import("@openai/codex-sdk");
+  const codex = new Codex();
+  const thread = codex.startThread({
+    workingDirectory: input.rootDir,
+    sandboxMode: "workspace-write",
+    approvalPolicy: "on-request",
+    skipGitRepoCheck: true
+  });
+  const result = await thread.run(input.prompt);
+  if (input.streamOutput && result.finalResponse) {
+    process.stdout.write(result.finalResponse);
+  }
+  return { exitCode: 0, stdout: result.finalResponse, stderr: "" };
+}
+async function runCopilotSdk(input) {
+  const { CopilotClient, approveAll } = await import("@github/copilot-sdk");
+  const client = new CopilotClient({
+    cwd: input.rootDir,
+    logLevel: "error"
+  });
+  try {
+    await client.start();
+    const session = await client.createSession({
+      clientName: "amistio-cli",
+      model: process.env.AMISTIO_COPILOT_MODEL ?? "gpt-5",
+      workingDirectory: input.rootDir,
+      enableConfigDiscovery: true,
+      streaming: input.streamOutput,
+      onPermissionRequest: approveAll
     });
-    const sessionTelemetry = {
-        sessionPolicy: sessionContext.policy,
-        sessionDecision: sessionContext.decision,
-        sessionDecisionReason: sessionContext.reason,
-        ...(updatedToolSession ? { toolSessionId: updatedToolSession.toolSessionId } : {}),
-        ...(updatedToolSession?.sessionGroupKey ? { sessionGroupKey: updatedToolSession.sessionGroupKey } : {})
+    try {
+      let streamedOutput = "";
+      const unsubscribe = input.streamOutput ? session.on("assistant.message_delta", (event) => {
+        streamedOutput += event.data.deltaContent;
+        process.stdout.write(event.data.deltaContent);
+      }) : void 0;
+      try {
+        const response = await session.sendAndWait({ prompt: input.prompt }, 10 * 60 * 1e3);
+        const stdout = response?.data.content ?? streamedOutput;
+        return { exitCode: 0, stdout, stderr: "" };
+      } finally {
+        unsubscribe?.();
+      }
+    } finally {
+      await session.disconnect();
+    }
+  } finally {
+    await client.stop();
+  }
+}
+function extractTextParts(parts) {
+  if (!Array.isArray(parts)) {
+    return "";
+  }
+  return parts.filter(isRecord).map((part) => part.type === "text" && typeof part.text === "string" ? part.text : "").filter(Boolean).join("\n");
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+function shellQuote(value) {
+  return `'${value.replaceAll("'", "'\\''")}'`;
+}
+
+// src/session-policy.ts
+var maxIdleMs = 24 * 60 * 60 * 1e3;
+var maxTotalMs = 7 * 24 * 60 * 60 * 1e3;
+var maxMessageCount = 80;
+var maxEstimatedTokens = 12e4;
+var maxCostUsd = 25;
+var relatednessThreshold = 20;
+function normalizeSessionPolicy(value) {
+  if (!value || value === "auto" || value === "new" || value === "none") {
+    return value ?? "auto";
+  }
+  if (/^continue:[A-Za-z0-9_.:-]+$/.test(value)) {
+    return value;
+  }
+  throw new Error(`Unsupported session policy: ${value}. Use auto, new, continue:<toolSessionId>, or none.`);
+}
+function selectToolSession(input) {
+  if (input.policy === "none") {
+    return { policy: input.policy, decision: "skipped", reason: "Session reuse was disabled for this run." };
+  }
+  if (!input.supportsSessionReuse) {
+    return {
+      policy: input.policy,
+      decision: "notSupported",
+      reason: `${input.toolName} does not expose reusable provider sessions; Amistio will record this as a one-shot tool session.`
     };
-    if (artifacts) {
-        const result = await apiClient.submitBrainGenerationResult(projectId, workItem.workItemId, {
-            status: "completed",
-            runnerId,
-            idempotencyKey: `generation_${workItem.workItemId}_${randomUUID()}`,
-            artifacts,
-            tool: toolName,
-            durationMs,
-            ...sessionTelemetry,
-            message: `${toolName} generated ${artifacts.length} brain artifact${artifacts.length === 1 ? "" : "s"}.`
-        });
-        await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
-        console.log(`Generated ${result.documents.length} brain artifact${result.documents.length === 1 ? "" : "s"} for review.`);
-        return { status: "completed", exitCode: 0 };
-    }
-    await apiClient.submitBrainGenerationResult(projectId, workItem.workItemId, {
-        status: "failed",
-        runnerId,
-        idempotencyKey: `generation_${workItem.workItemId}_${randomUUID()}`,
-        tool: toolName,
-        durationMs,
-        ...sessionTelemetry,
-        message: `${toolName} did not produce valid brain artifacts.`,
-        ...(generationError ? { error: generationError } : {})
+  }
+  if (input.policy === "new") {
+    return { policy: input.policy, decision: "forcedNew", reason: "The user requested a fresh tool session." };
+  }
+  const forcedSessionId = forcedContinueSessionId(input.policy);
+  if (forcedSessionId) {
+    const forced = input.sessions.find((session) => session.toolSessionId === forcedSessionId);
+    if (!forced) {
+      return { policy: input.policy, decision: "forcedNew", reason: `Requested session ${forcedSessionId} was not found; creating a fresh session.` };
+    }
+    const ineligibleReason = sessionIneligibleReason(forced, input, input.now ?? /* @__PURE__ */ new Date());
+    if (ineligibleReason) {
+      return { policy: input.policy, decision: "forcedNew", reason: `Requested session ${forcedSessionId} cannot be resumed: ${ineligibleReason}` };
+    }
+    return { policy: input.policy, decision: "forcedContinue", reason: `The user requested session ${forcedSessionId}.`, toolSession: forced };
+  }
+  const now = input.now ?? /* @__PURE__ */ new Date();
+  const candidates = input.sessions.map((session) => ({ session, ineligibleReason: sessionIneligibleReason(session, input, now), score: relatednessScore(session, input.workItem) })).filter((candidate) => !candidate.ineligibleReason).sort((a, b) => b.score - a.score || Date.parse(b.session.lastActivityAt) - Date.parse(a.session.lastActivityAt));
+  const best = candidates[0];
+  if (!best || best.score < relatednessThreshold) {
+    return {
+      policy: input.policy,
+      decision: "created",
+      reason: best ? `Best related session score ${best.score} was below ${relatednessThreshold}; creating a fresh session.` : "No eligible related session was found."
+    };
+  }
+  return {
+    policy: input.policy,
+    decision: "continued",
+    reason: `Reusing ${best.session.toolSessionId}; relatedness score ${best.score}.`,
+    toolSession: best.session
+  };
+}
+function forcedContinueSessionId(policy) {
+  return typeof policy === "string" && policy.startsWith("continue:") ? policy.slice("continue:".length) : void 0;
+}
+function sessionIneligibleReason(session, input, now) {
+  if (session.tool !== input.toolName) {
+    return `tool mismatch (${session.tool} != ${input.toolName})`;
+  }
+  if (session.repositoryLinkId && session.repositoryLinkId !== input.repositoryLinkId) {
+    return "repository link mismatch";
+  }
+  if (session.resumabilityScope === "localMachine" && session.runnerId && session.runnerId !== input.runnerId) {
+    return "session is scoped to another runner machine";
+  }
+  if (session.status === "closed" || session.status === "archived" || session.status === "blocked" || session.status === "unavailable") {
+    return `session is ${session.status}`;
+  }
+  if (Date.parse(session.lastActivityAt) + maxIdleMs < now.getTime()) {
+    return "session is idle past the reuse window";
+  }
+  if (Date.parse(session.createdAt) + maxTotalMs < now.getTime()) {
+    return "session is older than the reuse window";
+  }
+  if ((session.messageCount ?? 0) >= maxMessageCount) {
+    return "session message count is too high";
+  }
+  if ((session.estimatedInputTokens ?? 0) + (session.estimatedOutputTokens ?? 0) >= maxEstimatedTokens) {
+    return "session token estimate is too high";
+  }
+  if ((session.costUsd ?? 0) >= maxCostUsd) {
+    return "session cost is too high";
+  }
+  return void 0;
+}
+function relatednessScore(session, workItem) {
+  let score = 0;
+  if (session.sessionGroupKey && workItem.sessionGroupKey && session.sessionGroupKey === workItem.sessionGroupKey) {
+    score += 60;
+  }
+  if (session.lastWorkItemId && session.lastWorkItemId === workItem.workItemId) {
+    score += 40;
+  }
+  const titleOverlap = tokenOverlap(session.title, workItem.title);
+  score += titleOverlap * 8;
+  if (session.summary) {
+    score += tokenOverlap(session.summary, workItem.title) * 4;
+  }
+  for (const tag of session.tags) {
+    if (workItem.title.toLowerCase().includes(tag.toLowerCase())) {
+      score += 10;
+    }
+  }
+  return score;
+}
+function tokenOverlap(firstValue, secondValue) {
+  const firstTokens = new Set(tokens(firstValue));
+  return tokens(secondValue).filter((token) => firstTokens.has(token)).length;
+}
+function tokens(value) {
+  return value.toLowerCase().split(/[^a-z0-9]+/).filter((token) => token.length >= 4);
+}
+
+// src/sync.ts
+import { mkdir as mkdir5, readdir as readdir2, readFile as readFile3, stat as stat3, writeFile as writeFile5 } from "node:fs/promises";
+import path6 from "node:path";
+var syncRoots = ["architecture", "context", "decisions", "features", "memory", "plans", "prompts", "workflows"];
+async function collectSyncStatus(rootDir, webDocuments = []) {
+  const localDocuments = await readLocalSyncedDocuments(rootDir);
+  const webByDocumentId = new Map(webDocuments.map((document) => [document.documentId, document]));
+  const pullableWebDocuments = webDocuments.filter((document) => document.status === "approved" || document.syncState === "approved" || document.syncState === "synced");
+  const localByDocumentId = new Map(localDocuments.map((document) => [document.frontmatter.amistioDocumentId, document]));
+  const items = [];
+  for (const localDocument of localDocuments) {
+    const webDocument = webByDocumentId.get(localDocument.frontmatter.amistioDocumentId);
+    const localDirty = localDocument.contentHash !== localDocument.frontmatter.amistioContentHash;
+    const webHash = webDocument?.contentHash;
+    const decision = decideSyncState({
+      lastSyncedHash: localDocument.frontmatter.amistioContentHash,
+      repoHash: localDocument.contentHash,
+      ...webHash ? { webHash } : {}
     });
-    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
-    console.error(generationError ?? "Local runner generation failed.");
-    return { status: "failed", exitCode: toolResult.exitCode || 1 };
+    if (decision === "conflict") {
+      items.push({
+        repoPath: localDocument.repoPath,
+        documentId: localDocument.frontmatter.amistioDocumentId,
+        status: "conflicted",
+        reason: "web and repository revisions both changed"
+      });
+    } else if (localDirty || decision === "pushRepo") {
+      items.push({
+        repoPath: localDocument.repoPath,
+        documentId: localDocument.frontmatter.amistioDocumentId,
+        status: "dirty",
+        reason: "repository content changed since last synced hash"
+      });
+    } else if (decision === "pullWeb") {
+      items.push({
+        repoPath: localDocument.repoPath,
+        documentId: localDocument.frontmatter.amistioDocumentId,
+        status: "pending",
+        reason: "approved web revision is newer"
+      });
+    } else if (localDocument.frontmatter.status && !["approved", "synced"].includes(localDocument.frontmatter.status)) {
+      items.push({
+        repoPath: localDocument.repoPath,
+        documentId: localDocument.frontmatter.amistioDocumentId,
+        status: "pending",
+        reason: `local document is ${localDocument.frontmatter.status}`
+      });
+    } else {
+      items.push({
+        repoPath: localDocument.repoPath,
+        documentId: localDocument.frontmatter.amistioDocumentId,
+        status: "clean",
+        reason: "repository and web hashes match"
+      });
+    }
+  }
+  for (const webDocument of pullableWebDocuments) {
+    if (!localByDocumentId.has(webDocument.documentId)) {
+      items.push({
+        repoPath: webDocument.repoPath,
+        documentId: webDocument.documentId,
+        status: "pending",
+        reason: "approved web document has not been pulled"
+      });
+    }
+  }
+  const counts = {
+    clean: items.filter((item) => item.status === "clean").length,
+    pending: items.filter((item) => item.status === "pending").length,
+    dirty: items.filter((item) => item.status === "dirty").length,
+    conflicted: items.filter((item) => item.status === "conflicted").length
+  };
+  const status = counts.conflicted ? "conflicted" : counts.dirty ? "dirty" : counts.pending ? "pending" : "clean";
+  return { status, items, counts };
 }
-async function loadPairedApiContext(root, apiUrl) {
-    const metadata = await readProjectLink(root);
-    if (!metadata) {
-        return undefined;
+async function readLocalSyncedDocuments(rootDir) {
+  const markdownFiles = await findMarkdownFiles(rootDir);
+  const documents = [];
+  for (const fullPath of markdownFiles) {
+    const raw = await readFile3(fullPath, "utf8");
+    const parsed = parseSyncedMarkdown(raw);
+    if (!parsed) {
+      continue;
+    }
+    documents.push({
+      fullPath,
+      repoPath: toRepoPath(rootDir, fullPath),
+      frontmatter: parsed.frontmatter,
+      content: parsed.content,
+      contentHash: sha256ContentHash(parsed.content)
+    });
+  }
+  return documents;
+}
+async function materializeBrainDocuments(rootDir, documents, options = {}) {
+  const result = { written: [], skipped: [], conflicts: [] };
+  for (const inputDocument of documents) {
+    const document = brainDocumentItemSchema.parse(inputDocument);
+    const fullPath = safeRepoPath(rootDir, document.repoPath);
+    if (!isControlPlanePath(document.repoPath)) {
+      result.conflicts.push(`${document.repoPath}: refusing to write outside root control-plane folders`);
+      continue;
+    }
+    const existing = await readExistingSyncedDocument(fullPath);
+    if (existing.exists && !existing.document) {
+      result.conflicts.push(`${document.repoPath}: file exists without Amistio document metadata`);
+      continue;
+    }
+    if (existing.document && existing.document.frontmatter.amistioDocumentId !== document.documentId) {
+      result.conflicts.push(`${document.repoPath}: file belongs to ${existing.document.frontmatter.amistioDocumentId}`);
+      continue;
+    }
+    if (existing.document && existing.document.contentHash !== existing.document.frontmatter.amistioContentHash && !options.allowDirtyOverwrite) {
+      result.conflicts.push(`${document.repoPath}: local edits would be overwritten`);
+      continue;
+    }
+    if (existing.document && existing.document.frontmatter.amistioRevision >= document.revision && existing.document.contentHash === document.contentHash) {
+      result.skipped.push(document.repoPath);
+      continue;
+    }
+    await mkdir5(path6.dirname(fullPath), { recursive: true });
+    await writeFile5(fullPath, createSyncedDocumentMarkdown(document), "utf8");
+    result.written.push(document.repoPath);
+  }
+  return result;
+}
+async function collectDirtyDocumentsForPush(rootDir, metadata) {
+  const localDocuments = await readLocalSyncedDocuments(rootDir);
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return localDocuments.filter((document) => document.contentHash !== document.frontmatter.amistioContentHash).map((document) => {
+    const documentType = documentTypeSchema.parse(document.frontmatter.amistioDocumentType);
+    return brainDocumentItemSchema.parse({
+      id: document.frontmatter.amistioDocumentId,
+      type: "brainDocument",
+      schemaVersion: 1,
+      accountId: metadata.amistioAccountId,
+      projectId: metadata.amistioProjectId,
+      documentId: document.frontmatter.amistioDocumentId,
+      documentType,
+      title: inferTitle(document.content, document.repoPath),
+      status: "reviewing",
+      repoPath: document.repoPath,
+      content: document.content,
+      contentHash: document.contentHash,
+      frontmatter: parseFrontmatterFromSyncedDocument(document.frontmatter),
+      revision: document.frontmatter.amistioRevision + 1,
+      source: "repo",
+      syncState: "dirtyInRepo",
+      createdAt: now,
+      updatedAt: now
+    });
+  });
+}
+function createSyncedDocumentMarkdown(document) {
+  return [
+    "---",
+    `amistioDocumentId: ${document.documentId}`,
+    `amistioDocumentType: ${document.documentType}`,
+    `amistioRevision: ${document.revision}`,
+    `amistioContentHash: ${document.contentHash}`,
+    `status: ${document.status}`,
+    "---",
+    document.content,
+    ""
+  ].join("\n");
+}
+function parseSyncedMarkdown(content) {
+  const rawFrontmatter = parseFrontmatter(content);
+  const frontmatter = syncedDocumentFrontmatterSchema.safeParse(rawFrontmatter);
+  if (!frontmatter.success) {
+    return void 0;
+  }
+  const closingMarker = content.indexOf("\n---", 4);
+  if (closingMarker === -1) {
+    return void 0;
+  }
+  const closingLineEnd = content.indexOf("\n", closingMarker + 4);
+  const bodyStart = closingLineEnd === -1 ? content.length : closingLineEnd + 1;
+  return { frontmatter: frontmatter.data, content: content.slice(bodyStart).replace(/\n$/, "") };
+}
+async function readExistingSyncedDocument(fullPath) {
+  try {
+    const raw = await readFile3(fullPath, "utf8");
+    const parsed = parseSyncedMarkdown(raw);
+    if (!parsed) {
+      return { exists: true };
     }
-    const token = await new LocalCredentialStore().get(credentialKey(metadata.amistioAccountId, metadata.amistioProjectId, metadata.repositoryLinkId));
     return {
-        metadata,
-        ...(token ? { token } : {}),
-        client: new ApiClient({
-            apiUrl,
-            accountId: metadata.amistioAccountId,
-            ...(token ? { token } : {})
-        })
+      exists: true,
+      document: {
+        fullPath,
+        repoPath: fullPath,
+        frontmatter: parsed.frontmatter,
+        content: parsed.content,
+        contentHash: sha256ContentHash(parsed.content)
+      }
     };
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return { exists: false };
+    }
+    throw error;
+  }
 }
-function selectPromptWorkItem(workItems, workItemId) {
-    if (workItemId) {
-        return workItems.find((item) => item.workItemId === workItemId || item.id === workItemId);
+async function findMarkdownFiles(rootDir) {
+  const files = [];
+  for (const syncRoot of syncRoots) {
+    const fullRoot = path6.join(rootDir, syncRoot);
+    if (!await exists2(fullRoot)) {
+      continue;
     }
-    return workItems.find((item) => isPromptReadyStatus(item.status));
+    await walkMarkdownFiles(fullRoot, files);
+  }
+  return files;
 }
-function isPromptReadyStatus(status) {
-    return status === "approved" || status === "running" || status === "blocked" || status === "changesRequested";
-}
-async function prepareToolSession({ apiClient, projectId, repositoryLinkId, runnerId, sessionPolicy, supportsSessionReuse, resumabilityScope, toolName, workItem }) {
-    const { toolSessions } = await apiClient.listToolSessions(projectId);
-    const selection = selectToolSession({
-        policy: sessionPolicy,
-        workItem,
-        sessions: toolSessions,
-        toolName,
-        runnerId,
-        repositoryLinkId,
-        supportsSessionReuse
+async function walkMarkdownFiles(directory, files) {
+  for (const entry of await readdir2(directory, { withFileTypes: true })) {
+    const fullPath = path6.join(directory, entry.name);
+    if (entry.isDirectory()) {
+      await walkMarkdownFiles(fullPath, files);
+    } else if (entry.isFile() && entry.name.endsWith(".md")) {
+      files.push(fullPath);
+    }
+  }
+}
+function safeRepoPath(rootDir, repoPath) {
+  if (path6.isAbsolute(repoPath)) {
+    throw new Error(`Refusing to use absolute repo path: ${repoPath}`);
+  }
+  const normalized = path6.normalize(repoPath);
+  if (normalized === ".." || normalized.startsWith(`..${path6.sep}`)) {
+    throw new Error(`Refusing to use path outside the repository: ${repoPath}`);
+  }
+  const root = path6.resolve(rootDir);
+  const fullPath = path6.resolve(root, normalized);
+  if (!fullPath.startsWith(`${root}${path6.sep}`)) {
+    throw new Error(`Refusing to use path outside the repository: ${repoPath}`);
+  }
+  return fullPath;
+}
+function isControlPlanePath(repoPath) {
+  const normalized = path6.normalize(repoPath);
+  return syncRoots.some((syncRoot) => normalized === syncRoot || normalized.startsWith(`${syncRoot}${path6.sep}`));
+}
+function toRepoPath(rootDir, fullPath) {
+  return path6.relative(rootDir, fullPath).split(path6.sep).join("/");
+}
+function inferTitle(content, repoPath) {
+  const heading = content.split("\n").find((line) => line.startsWith("# "))?.replace(/^#\s+/, "").trim();
+  return heading || path6.basename(repoPath, path6.extname(repoPath));
+}
+function parseFrontmatterFromSyncedDocument(frontmatter) {
+  return {
+    amistioDocumentId: frontmatter.amistioDocumentId,
+    amistioDocumentType: frontmatter.amistioDocumentType,
+    amistioRevision: frontmatter.amistioRevision,
+    amistioContentHash: frontmatter.amistioContentHash,
+    ...frontmatter.status ? { status: frontmatter.status } : {}
+  };
+}
+async function exists2(filePath) {
+  try {
+    await stat3(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/tool-session-store.ts
+import { mkdir as mkdir6, readFile as readFile4, writeFile as writeFile6 } from "node:fs/promises";
+import os3 from "node:os";
+import path7 from "node:path";
+var LocalToolSessionStore = class {
+  constructor(filePath = defaultSessionStorePath()) {
+    this.filePath = filePath;
+  }
+  filePath;
+  async getProviderSessionId(toolSessionId, toolName) {
+    const data = await this.read();
+    const record = data[toolSessionId];
+    return record?.toolName === toolName ? record.providerSessionId : void 0;
+  }
+  async setProviderSessionId(toolSessionId, toolName, providerSessionId) {
+    const data = await this.read();
+    data[toolSessionId] = { toolName, providerSessionId, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
+    await mkdir6(path7.dirname(this.filePath), { recursive: true });
+    await writeFile6(this.filePath, JSON.stringify(data, null, 2), "utf8");
+  }
+  async read() {
+    try {
+      return JSON.parse(await readFile4(this.filePath, "utf8"));
+    } catch {
+      return {};
+    }
+  }
+};
+function defaultSessionStorePath() {
+  if (process.platform === "darwin") {
+    return path7.join(os3.homedir(), "Library", "Application Support", "Amistio", "tool-sessions.json");
+  }
+  if (process.platform === "win32") {
+    return path7.join(process.env.APPDATA ?? os3.homedir(), "Amistio", "tool-sessions.json");
+  }
+  return path7.join(process.env.XDG_STATE_HOME ?? path7.join(os3.homedir(), ".local", "state"), "amistio", "tool-sessions.json");
+}
+
+// src/work-runner.ts
+var generationResultStart = "AMISTIO_BRAIN_GENERATION_RESULT_START";
+var generationResultEnd = "AMISTIO_BRAIN_GENERATION_RESULT_END";
+function createWorkExecutionPrompt(workItem) {
+  if (workItem.workKind === "brainGeneration") {
+    return createBrainGenerationPrompt(workItem);
+  }
+  return [
+    "# Amistio Work Execution",
+    "",
+    "You are running locally through the Amistio CLI inside the user's repository.",
+    "Execute the approved work item below using the repository's existing orchestration files, instructions, and constraints.",
+    "",
+    "## Work Item",
+    "",
+    `Title: ${workItem.title}`,
+    `Work item ID: ${workItem.workItemId}`,
+    `Project ID: ${workItem.projectId}`,
+    "",
+    "## Rules",
+    "",
+    "- Read AGENTS.md first when it exists.",
+    "- Read the relevant root control-plane files before implementation so the work stays aligned with existing direction.",
+    "- Keep changes focused on this work item.",
+    "- Preserve old decisions, plans, memory, and prompts unless the work item explicitly supersedes them.",
+    "- Do not commit changes.",
+    "- Do not write secrets into the repository.",
+    "- Do not create a repo-local .amistio folder.",
+    "- Run relevant verification commands when feasible and summarize results."
+  ].join("\n");
+}
+function parseBrainGenerationArtifacts(output) {
+  const start = output.indexOf(generationResultStart);
+  const end = output.indexOf(generationResultEnd, start + generationResultStart.length);
+  if (start === -1 || end === -1 || end <= start) {
+    throw new Error("Local AI generation did not return an Amistio brain generation result block.");
+  }
+  const payload = output.slice(start + generationResultStart.length, end).trim();
+  const parsed = JSON.parse(stripJsonFence(payload));
+  return brainGenerationResultSchema.parse(parsed).artifacts;
+}
+function createBrainGenerationPrompt(workItem) {
+  const wish = workItem.sourceWish ?? workItem.title;
+  return [
+    "# Amistio Brain Generation",
+    "",
+    "You are running locally through the Amistio CLI inside the user's repository.",
+    "Generate reviewable project-brain artifacts from the submitted wish. Do not implement product/source code changes in this pass.",
+    "",
+    "## Submitted Wish",
+    "",
+    wish,
+    "",
+    "## Work Item",
+    "",
+    `Title: ${workItem.title}`,
+    `Work item ID: ${workItem.workItemId}`,
+    `Project ID: ${workItem.projectId}`,
+    `Generated draft ID: ${workItem.generatedDraftId ?? "unknown"}`,
+    "",
+    "## Read First",
+    "",
+    "- Read AGENTS.md first when it exists.",
+    "- Read relevant files under architecture/, context/, decisions/, features/, memory/, plans/, prompts/, and workflows/ before drafting.",
+    "- Keep source code and secrets local. Do not include source-code payloads, access tokens, API keys, local credential paths, or provider session references in the result.",
+    "",
+    "## Generate Artifacts",
+    "",
+    "Return Markdown artifacts that should enter human review before implementation. Use only these document types and matching repo roots:",
+    "",
+    "- architecture -> architecture/",
+    "- context -> context/",
+    "- decision -> decisions/",
+    "- feature -> features/",
+    "- memory -> memory/",
+    "- plan -> plans/",
+    "- prompt -> prompts/",
+    "- workflow -> workflows/",
+    "",
+    "Each artifact needs documentType, title, repoPath, and content. Include at least a plan and an implementation prompt when implementation work is implied. Use model-agnostic prompt wording.",
+    "",
+    "## Output Contract",
+    "",
+    "Print exactly one JSON object between the markers below. The CLI will submit only this structured result back to Amistio.",
+    "",
+    generationResultStart,
+    '{"artifacts":[{"documentType":"plan","title":"Plan: Example","repoPath":"plans/PLAN-example.md","content":"# Plan: Example\\n\\n## Goal\\n..."}]}',
+    generationResultEnd,
+    "",
+    "Do not put Markdown fences around the markers. Do not claim implementation is complete."
+  ].join("\n");
+}
+function stripJsonFence(value) {
+  const trimmed = value.trim();
+  if (!trimmed.startsWith("```")) {
+    return trimmed;
+  }
+  return trimmed.replace(/^```(?:json)?\s*/i, "").replace(/```$/i, "").trim();
+}
+
+// src/index.ts
+var program = new Command();
+var defaultRoot = process.env.INIT_CWD ?? process.cwd();
+var apiUrlOptionDescription = `Amistio API URL override (or ${AMISTIO_API_URL_ENV})`;
+program.name("amistio").description("Amistio project brain CLI").version("0.1.1");
+var CLI_VERSION = "0.1.1";
+program.command("init").description("Create Amistio control-plane folders for a new project").option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
+  const created = await initControlPlane(options.root);
+  console.log(created.length ? `Created ${created.length} control-plane folders.` : "Control-plane folders already exist.");
+});
+program.command("onboard").description("Inspect and prepare an existing repository for Amistio").option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
+  const result = await inspectControlPlane(options.root);
+  console.log(`Present: ${result.present.length ? result.present.join(", ") : "none"}`);
+  console.log(`Missing: ${result.missing.length ? result.missing.join(", ") : "none"}`);
+  if (result.missing.length) {
+    console.log("Run `amistio init` to create missing control-plane folders without overwriting existing files.");
+  }
+});
+program.command("bootstrap").description("Clone a linked repository locally, prepare the control plane, and pair it with Amistio").requiredOption("--repo-url <url>", "Linked repository clone URL").requiredOption("--target <path>", "Local checkout target path").requiredOption("--account <accountId>", "Amistio account ID").requiredOption("--project <projectId>", "Amistio project ID").requiredOption("--repository-link <repositoryLinkId>", "Existing repository link ID").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).requiredOption("--pairing-code <code>", "Short-lived pairing code from the Amistio app").option("--default-branch <branch>", "Default branch", "main").action(async (options) => {
+  const parsedRepoUrl = parseRepositoryCloneUrl(options.repoUrl);
+  const checkout = await cloneOrValidateRepository({ repoUrl: parsedRepoUrl.cloneUrl, targetDir: options.target });
+  await initControlPlane(checkout.targetDir);
+  const pairing = await new ApiClient({
+    apiUrl: options.apiUrl,
+    accountId: options.account
+  }).consumePairingSession({
+    projectId: options.project,
+    pairingCode: options.pairingCode,
+    repositoryLinkId: options.repositoryLink,
+    repoName: parsedRepoUrl.repoName,
+    repoFingerprint: createRepoFingerprint(options.account, options.project, options.repositoryLink),
+    defaultBranch: options.defaultBranch
+  });
+  const filePath = await writeProjectLink(checkout.targetDir, {
+    amistioAccountId: options.account,
+    amistioProjectId: options.project,
+    repositoryLinkId: pairing.repositoryLink.repositoryLinkId,
+    defaultBranch: options.defaultBranch,
+    lastSyncedRevision: 0
+  });
+  await new LocalCredentialStore().set(credentialKey(options.account, options.project, pairing.repositoryLink.repositoryLinkId), pairing.token);
+  console.log(checkout.status === "cloned" ? `Cloned repository to ${checkout.targetDir}.` : `Validated existing checkout at ${checkout.targetDir}.`);
+  console.log(`Pairing confirmed for ${pairing.repositoryLink.repoName}.`);
+  console.log(`Wrote non-secret project metadata to ${filePath}.`);
+  console.log(`Next: cd ${formatShellArg(checkout.targetDir)} && amistio run${formatApiUrlFlag(options.apiUrl)} --watch`);
+});
+program.command("pair").description("Pair this repository with an Amistio web project").requiredOption("--account <accountId>", "Amistio account ID").requiredOption("--project <projectId>", "Amistio project ID").option("--repository-link <repositoryLinkId>", "Existing repository link ID").option("--default-branch <branch>", "Default branch", "main").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--pairing-code <code>", "Short-lived pairing code from the Amistio app").option("--token <token>", "Runner/device credential to store outside the repository").option("--root <path>", "Repository root", defaultRoot).action(async (options, command) => {
+  let repositoryLinkId = options.repositoryLink ?? `repo_${randomUUID()}`;
+  let credential = options.token;
+  if (options.pairingCode) {
+    const pairing = await new ApiClient({
+      apiUrl: options.apiUrl,
+      accountId: options.account,
+      ...credential ? { token: credential } : {}
+    }).consumePairingSession({
+      projectId: options.project,
+      pairingCode: options.pairingCode,
+      repositoryLinkId,
+      repoName: inferRepoName(options.root),
+      repoFingerprint: createRepoFingerprint(options.account, options.project, repositoryLinkId),
+      defaultBranch: options.defaultBranch
     });
-    if (selection.decision === "skipped") {
-        return selection;
-    }
-    if (selection.toolSession) {
-        const { toolSession } = await apiClient.updateToolSession(projectId, selection.toolSession.toolSessionId, {
-            status: "active",
-            runnerId,
-            lastWorkItemId: workItem.workItemId,
-            reusePolicy: sessionPolicy
-        });
-        return { ...selection, toolSession };
-    }
-    const toolSessionId = `tool_session_${randomUUID()}`;
-    const { toolSession } = await apiClient.createToolSession(projectId, {
-        toolSessionId,
-        repositoryLinkId,
-        tool: toolName,
-        provider: toolName,
-        resumabilityScope: supportsSessionReuse ? resumabilityScope : "none",
-        title: workItem.title,
-        summary: selection.reason,
-        status: "active",
-        runnerId,
-        lastWorkItemId: workItem.workItemId,
-        messageCount: 0,
-        reusePolicy: sessionPolicy,
-        ...(workItem.sessionGroupKey ? { sessionGroupKey: workItem.sessionGroupKey } : {})
+    repositoryLinkId = pairing.repositoryLink.repositoryLinkId;
+    credential = credential ?? pairing.token;
+    console.log(`Pairing confirmed for ${pairing.repositoryLink.repoName}.`);
+  }
+  const filePath = await writeProjectLink(options.root, {
+    amistioAccountId: options.account,
+    amistioProjectId: options.project,
+    repositoryLinkId,
+    defaultBranch: options.defaultBranch,
+    lastSyncedRevision: 0
+  });
+  if (credential) {
+    await new LocalCredentialStore().set(credentialKey(options.account, options.project, repositoryLinkId), credential);
+  }
+  if (!options.pairingCode && apiUrlOverrideWasRequested(command)) {
+    const session = await new ApiClient({
+      apiUrl: options.apiUrl,
+      accountId: options.account,
+      ...credential ? { token: credential } : {}
+    }).createPairingSession(options.project);
+    console.log(`Pairing code: ${session.pairingCode}`);
+    console.log(`Expires at: ${session.expiresAt}`);
+  }
+  console.log(`Wrote non-secret project metadata to ${filePath}.`);
+});
+var sync = program.command("sync").description("Inspect or move project brain changes between the repo and Amistio");
+sync.command("status").description("Show local sync status").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
+  const metadata = await readProjectLink(options.root);
+  if (!metadata) {
+    console.log("Repository is not paired. Run `amistio pair` first.");
+    return;
+  }
+  const context = await loadPairedApiContext(options.root, options.apiUrl);
+  const webDocuments = context ? await context.client.listBrainDocuments(metadata.amistioProjectId).then((result) => result.documents).catch(() => []) : [];
+  const report = await collectSyncStatus(options.root, webDocuments);
+  console.log(`Paired project: ${metadata.amistioProjectId}`);
+  console.log(`Repository link: ${metadata.repositoryLinkId}`);
+  console.log(`Last synced revision: ${metadata.lastSyncedRevision}`);
+  console.log(`Sync status: ${report.status}`);
+  console.log(`Clean: ${report.counts.clean}; Pending: ${report.counts.pending}; Dirty: ${report.counts.dirty}; Conflicted: ${report.counts.conflicted}`);
+  for (const item of report.items.filter((entry) => entry.status !== "clean")) {
+    console.log(`${item.status}: ${item.repoPath} - ${item.reason}`);
+  }
+});
+sync.command("pull").description("Pull approved web changes into the repository").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
+  const context = await loadPairedApiContext(options.root, options.apiUrl);
+  if (!context) {
+    console.log("Repository is not paired. Run `amistio pair` first.");
+    return;
+  }
+  const { documents } = await context.client.listBrainDocuments(context.metadata.amistioProjectId);
+  const approvedDocuments = documents.filter((document) => document.syncState === "approved" || document.syncState === "synced");
+  const result = await materializeBrainDocuments(options.root, approvedDocuments);
+  for (const conflict of result.conflicts) {
+    console.log(`conflicted: ${conflict}`);
+  }
+  if (result.conflicts.length) {
+    process.exitCode = 1;
+    return;
+  }
+  const latestRevision = Math.max(context.metadata.lastSyncedRevision, ...approvedDocuments.map((document) => document.revision));
+  if (latestRevision !== context.metadata.lastSyncedRevision) {
+    await writeProjectLink(options.root, { ...context.metadata, lastSyncedRevision: latestRevision });
+  }
+  console.log(result.written.length ? `Pulled ${result.written.length} approved document${result.written.length === 1 ? "" : "s"}.` : "No approved web changes were pulled.");
+});
+sync.command("push").description("Push local brain changes to Amistio for review").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
+  const context = await loadPairedApiContext(options.root, options.apiUrl);
+  if (!context) {
+    console.log("Repository is not paired. Run `amistio pair` first.");
+    return;
+  }
+  const dirtyDocuments = await collectDirtyDocumentsForPush(options.root, context.metadata);
+  if (!dirtyDocuments.length) {
+    console.log("No local brain changes were pushed.");
+    return;
+  }
+  const { documents } = await context.client.pushBrainDocuments(context.metadata.amistioProjectId, dirtyDocuments);
+  const conflictedDocuments = documents.filter((document) => document.syncState === "conflicted" || document.status === "conflicted");
+  if (conflictedDocuments.length) {
+    for (const document of conflictedDocuments) {
+      console.log(`conflicted: ${document.repoPath} - web and repository revisions both changed`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+  await materializeBrainDocuments(options.root, documents, { allowDirtyOverwrite: true });
+  console.log(`Pushed ${documents.length} local document${documents.length === 1 ? "" : "s"} for web review.`);
+});
+var work = program.command("work").description("Inspect approved work items");
+work.command("list").description("List queued work without claiming it").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--root <path>", "Repository root", defaultRoot).action(async (options) => {
+  const context = await loadPairedApiContext(options.root, options.apiUrl);
+  if (!context) {
+    console.log("Repository is not paired. Run `amistio pair` first.");
+    return;
+  }
+  const { workItems } = await context.client.listWorkItems(context.metadata.amistioProjectId);
+  if (!workItems.length) {
+    console.log("No work items are queued for this project.");
+    return;
+  }
+  for (const item of workItems) {
+    console.log(`${item.workItemId} [${item.status}] ${item.title}`);
+  }
+});
+work.command("prompt").description("Print or write an approved work prompt without claiming a runner lease").argument("[workItemId]", "Work item ID. Defaults to the newest approved work item.").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--root <path>", "Repository root", defaultRoot).option("--out <path>", "Write the prompt to a file instead of stdout").action(async (workItemId, options) => {
+  const context = await loadPairedApiContext(options.root, options.apiUrl);
+  if (!context) {
+    console.log("Repository is not paired. Run `amistio pair` first.");
+    return;
+  }
+  const { workItems } = await context.client.listWorkItems(context.metadata.amistioProjectId);
+  const workItem = selectPromptWorkItem(workItems, workItemId);
+  if (!workItem) {
+    console.log(workItemId ? `No work item found for ${workItemId}.` : "No approved work item is ready for prompt export.");
+    return;
+  }
+  const prompt = createWorkExecutionPrompt(workItem);
+  if (options.out) {
+    await writeFile7(options.out, prompt, "utf8");
+    console.log(`Wrote work prompt to ${options.out}.`);
+  } else {
+    console.log(prompt);
+  }
+});
+program.command("tools").description("List local AI coding tools that the Amistio CLI can use").action(async () => {
+  const tools = await detectLocalTools();
+  for (const tool of tools) {
+    const mode = tool.execution === "sdk" ? "sdk" : tool.execution === "command" ? "cli" : "--";
+    console.log(`${tool.available ? "yes" : "no "} ${mode} ${tool.name} - ${tool.description}`);
+  }
+  console.log("custom - pass --tool-command to use any other local runner command.");
+});
+program.command("orchestrate").description("Update the Amistio control plane through a user-installed local AI tool").argument("[goal...]", "Goal or next-step instruction for the orchestration pass").option("--root <path>", "Repository root", defaultRoot).option("--tool <name>", "Local tool to use: auto, none, opencode, claude, codex, copilot, gemini, aider, cursor-agent", "auto").option("--tool-command <command>", "Custom local command. Use {promptFile} and {root} placeholders when supported").option("--session <policy>", "Tool session policy: auto, new, continue:<toolSessionId>, or none", "auto").option("--prompt-out <path>", "Write the generated orchestration prompt to a file before running").option("--dry-run", "Print the generated orchestration prompt without running a tool").option("--no-stream", "Capture local tool output instead of streaming it").action(async (goalParts, options) => {
+  const goal = goalParts?.join(" ").trim() || "Review the current repository state and update the Amistio control plane with the next useful orchestration steps.";
+  const prompt = await createOrchestrationPrompt({ rootDir: options.root, goal });
+  if (options.promptOut) {
+    const promptPath = await writePromptFile(options.promptOut, prompt);
+    console.log(`Wrote orchestration prompt to ${promptPath}.`);
+  }
+  if (options.dryRun || options.tool === "none") {
+    console.log(prompt);
+    return;
+  }
+  const sessionPolicy = normalizeSessionPolicy(options.session);
+  const preview = await createToolRunPreview({ rootDir: options.root, prompt, tool: options.tool, ...options.toolCommand ? { toolCommand: options.toolCommand } : {} });
+  console.log(`Running ${preview.toolName}: ${preview.displayCommand}`);
+  const result = await runLocalTool({
+    rootDir: options.root,
+    prompt,
+    tool: options.tool,
+    ...options.toolCommand ? { toolCommand: options.toolCommand } : {},
+    streamOutput: options.stream,
+    ...sessionPolicy === "none" ? {} : { session: { toolSessionId: `local_orchestration_${randomUUID()}`, policy: sessionPolicy, decision: localSessionDecision(sessionPolicy) } }
+  });
+  if (!options.stream && result.stdout.trim()) {
+    console.log(result.stdout.trim());
+  }
+  if (!options.stream && result.stderr.trim()) {
+    console.error(result.stderr.trim());
+  }
+  if (result.exitCode !== 0) {
+    process.exitCode = result.exitCode;
+  }
+});
+program.command("run").description("Claim and run approved Amistio work locally").option("--api-url <url>", apiUrlOptionDescription, defaultApiUrl()).option("--runner-id <runnerId>", "Stable runner ID", `runner_${randomUUID()}`).option("--root <path>", "Repository root", defaultRoot).option("--tool <name>", "Local tool to use: auto, none, opencode, claude, codex, copilot, gemini, aider, cursor-agent", "auto").option("--tool-command <command>", "Custom local command. Use {promptFile} and {root} placeholders when supported").option("--session <policy>", "Tool session policy: auto, new, continue:<toolSessionId>, or none", "auto").option("--dry-run", "Claim work and print the generated execution prompt without running a tool").option("--watch", "Keep polling for approved work until stopped").option("--interval-seconds <seconds>", "Polling interval for --watch", parsePositiveInteger, 10).option("--max-iterations <count>", "Stop watch mode after this many polling attempts", parsePositiveInteger).option("--no-stream", "Capture local tool output instead of streaming it").action(async (options) => {
+  const context = await loadPairedApiContext(options.root, options.apiUrl);
+  if (!context) {
+    console.log("Repository is not paired. Run `amistio pair` first.");
+    return;
+  }
+  if (!context.token) {
+    console.log("No local runner credential found. Run `amistio pair --pairing-code <code>` to store this machine credential.");
+    process.exitCode = 1;
+    return;
+  }
+  if (options.watch) {
+    console.log(`Runner ${options.runnerId} is watching ${context.metadata.amistioProjectId} every ${options.intervalSeconds}s. Press Ctrl+C to stop.`);
+  }
+  let iterations = 0;
+  while (true) {
+    iterations += 1;
+    const result = await runNextWorkItem({
+      apiClient: context.client,
+      projectId: context.metadata.amistioProjectId,
+      repositoryLinkId: context.metadata.repositoryLinkId,
+      runnerId: options.runnerId,
+      root: options.root,
+      sessionPolicy: normalizeSessionPolicy(options.session),
+      tool: options.tool,
+      ...options.toolCommand ? { toolCommand: options.toolCommand } : {},
+      dryRun: Boolean(options.dryRun),
+      stream: options.stream
     });
-    return { ...selection, toolSession };
-}
-async function finalizeToolSession({ apiClient, costUsd, messageCount, projectId, runnerId, session, status, stdout, tokensIn, tokensOut, workItemId }) {
-    if (!session) {
-        return undefined;
-    }
-    const summary = summarizeToolOutput(stdout) ?? session.summary;
-    const { toolSession } = await apiClient.updateToolSession(projectId, session.toolSessionId, {
-        status: status === "completed" ? "open" : "blocked",
-        runnerId,
-        lastWorkItemId: workItemId,
-        messageCount: (session.messageCount ?? 0) + (messageCount ?? 1),
-        ...(summary ? { summary } : {}),
-        ...(tokensIn !== undefined ? { estimatedInputTokens: (session.estimatedInputTokens ?? 0) + tokensIn } : {}),
-        ...(tokensOut !== undefined ? { estimatedOutputTokens: (session.estimatedOutputTokens ?? 0) + tokensOut } : {}),
-        ...(costUsd !== undefined ? { costUsd: (session.costUsd ?? 0) + costUsd } : {}),
-        ...(status === "failed" ? { closedReason: "Last run failed or returned a non-zero exit code." } : {})
+    if (!options.watch || options.dryRun) {
+      if (result.exitCode !== 0) {
+        process.exitCode = result.exitCode;
+      }
+      return;
+    }
+    if (options.maxIterations !== void 0 && iterations >= options.maxIterations) {
+      console.log(`Runner stopped after ${iterations} polling attempt${iterations === 1 ? "" : "s"}.`);
+      return;
+    }
+    if (result.status === "idle") {
+      console.log(`No approved work item is available. Checking again in ${options.intervalSeconds}s.`);
+    }
+    await delay(options.intervalSeconds * 1e3);
+  }
+});
+async function runNextWorkItem({
+  apiClient,
+  dryRun,
+  projectId,
+  repositoryLinkId,
+  root,
+  runnerId,
+  sessionPolicy,
+  stream,
+  tool,
+  toolCommand
+}) {
+  await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
+  const result = await apiClient.claimWork(projectId, runnerId, repositoryLinkId);
+  if (!result.workItem) {
+    console.log("No approved work item is available.");
+    return { status: "idle", exitCode: 0 };
+  }
+  await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "running", CLI_VERSION);
+  const prompt = createWorkExecutionPrompt(result.workItem);
+  if (dryRun || tool === "none") {
+    console.log(prompt);
+    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
+    return { status: "preview", exitCode: 0 };
+  }
+  const preview = await createToolRunPreview({ rootDir: root, prompt, tool, ...toolCommand ? { toolCommand } : {} });
+  const sessionContext = await prepareToolSession({
+    apiClient,
+    projectId,
+    repositoryLinkId,
+    runnerId,
+    sessionPolicy: result.workItem.sessionPolicy ?? sessionPolicy,
+    toolName: preview.toolName,
+    supportsSessionReuse: preview.supportsSessionReuse,
+    resumabilityScope: preview.resumabilityScope,
+    workItem: result.workItem
+  });
+  console.log(`Claimed ${result.workItem.workItemId}. Running ${preview.toolName}: ${preview.displayCommand}`);
+  const startedAt = Date.now();
+  const providerSessionStore = new LocalToolSessionStore();
+  const providerSessionId = sessionContext.toolSession ? await providerSessionStore.getProviderSessionId(sessionContext.toolSession.toolSessionId, preview.toolName) : void 0;
+  const toolResult = await runLocalTool({
+    rootDir: root,
+    prompt,
+    tool,
+    ...toolCommand ? { toolCommand } : {},
+    streamOutput: stream,
+    ...sessionContext.toolSession ? {
+      session: {
+        toolSessionId: sessionContext.toolSession.toolSessionId,
+        policy: sessionContext.policy,
+        decision: sessionContext.decision,
+        ...providerSessionId ? { providerSessionId } : {}
+      }
+    } : {}
+  }).catch(async (error) => {
+    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "blocked", CLI_VERSION);
+    await markToolSessionBlocked(apiClient, projectId, sessionContext.toolSession, errorMessage2(error));
+    throw error;
+  });
+  if (sessionContext.toolSession && toolResult.providerSessionId) {
+    await providerSessionStore.setProviderSessionId(sessionContext.toolSession.toolSessionId, preview.toolName, toolResult.providerSessionId);
+  }
+  if (!stream && toolResult.stdout.trim()) {
+    console.log(toolResult.stdout.trim());
+  }
+  if (!stream && toolResult.stderr.trim()) {
+    console.error(toolResult.stderr.trim());
+  }
+  if (result.workItem.workKind === "brainGeneration") {
+    return finalizeBrainGenerationWork({
+      apiClient,
+      durationMs: Date.now() - startedAt,
+      projectId,
+      repositoryLinkId,
+      runnerId,
+      sessionContext,
+      toolName: preview.toolName,
+      toolResult,
+      workItem: result.workItem
     });
-    return toolSession;
+  }
+  const finalStatus = toolResult.exitCode === 0 ? "completed" : "failed";
+  const durationMs = Date.now() - startedAt;
+  const failureExcerpt = toolResult.exitCode === 0 ? void 0 : truncateLogExcerpt(toolResult.stderr || toolResult.stdout);
+  const updatedToolSession = await finalizeToolSession({
+    apiClient,
+    projectId,
+    status: finalStatus,
+    runnerId,
+    workItemId: result.workItem.workItemId,
+    stdout: toolResult.stdout,
+    ...sessionContext.toolSession ? { session: sessionContext.toolSession } : {},
+    ...toolResult.messageCount !== void 0 ? { messageCount: toolResult.messageCount } : {},
+    ...toolResult.tokensIn !== void 0 ? { tokensIn: toolResult.tokensIn } : {},
+    ...toolResult.tokensOut !== void 0 ? { tokensOut: toolResult.tokensOut } : {},
+    ...toolResult.costUsd !== void 0 ? { costUsd: toolResult.costUsd } : {}
+  });
+  const statusResult = await apiClient.updateWorkStatus(
+    projectId,
+    result.workItem.workItemId,
+    finalStatus,
+    `run_${result.workItem.workItemId}_${randomUUID()}`,
+    runnerId,
+    {
+      tool: preview.toolName,
+      durationMs,
+      message: `${preview.toolName} exited with code ${toolResult.exitCode}.`,
+      sessionPolicy: sessionContext.policy,
+      sessionDecision: sessionContext.decision,
+      sessionDecisionReason: sessionContext.reason,
+      ...updatedToolSession ? { toolSessionId: updatedToolSession.toolSessionId } : {},
+      ...updatedToolSession?.sessionGroupKey ? { sessionGroupKey: updatedToolSession.sessionGroupKey } : {},
+      ...toolResult.tokensIn !== void 0 ? { tokensIn: toolResult.tokensIn } : {},
+      ...toolResult.tokensOut !== void 0 ? { tokensOut: toolResult.tokensOut } : {},
+      ...toolResult.costUsd !== void 0 ? { costUsd: toolResult.costUsd } : {},
+      ...failureExcerpt ? { error: failureExcerpt } : {}
+    }
+  );
+  await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
+  const durationSeconds = Math.round(durationMs / 1e3);
+  console.log(`Marked ${statusResult.workItem.workItemId} ${statusResult.workItem.status} after ${durationSeconds}s.`);
+  return { status: finalStatus, exitCode: toolResult.exitCode };
 }
-async function markToolSessionBlocked(apiClient, projectId, session, reason) {
-    if (!session) {
-        return;
+async function finalizeBrainGenerationWork({
+  apiClient,
+  durationMs,
+  projectId,
+  repositoryLinkId,
+  runnerId,
+  sessionContext,
+  toolName,
+  toolResult,
+  workItem
+}) {
+  let artifacts;
+  let generationError;
+  if (toolResult.exitCode === 0) {
+    try {
+      artifacts = parseBrainGenerationArtifacts(`${toolResult.stdout}
+${toolResult.stderr}`);
+    } catch (error) {
+      generationError = errorMessage2(error);
     }
-    await apiClient.updateToolSession(projectId, session.toolSessionId, {
-        status: "blocked",
-        summary: reason,
-        closedReason: reason
+  } else {
+    generationError = truncateLogExcerpt(toolResult.stderr || toolResult.stdout) || `${toolName} exited with code ${toolResult.exitCode}.`;
+  }
+  const finalStatus = artifacts ? "completed" : "failed";
+  const updatedToolSession = await finalizeToolSession({
+    apiClient,
+    projectId,
+    status: finalStatus,
+    runnerId,
+    workItemId: workItem.workItemId,
+    stdout: toolResult.stdout,
+    ...sessionContext.toolSession ? { session: sessionContext.toolSession } : {},
+    ...toolResult.messageCount !== void 0 ? { messageCount: toolResult.messageCount } : {},
+    ...toolResult.tokensIn !== void 0 ? { tokensIn: toolResult.tokensIn } : {},
+    ...toolResult.tokensOut !== void 0 ? { tokensOut: toolResult.tokensOut } : {},
+    ...toolResult.costUsd !== void 0 ? { costUsd: toolResult.costUsd } : {}
+  });
+  const sessionTelemetry = {
+    sessionPolicy: sessionContext.policy,
+    sessionDecision: sessionContext.decision,
+    sessionDecisionReason: sessionContext.reason,
+    ...updatedToolSession ? { toolSessionId: updatedToolSession.toolSessionId } : {},
+    ...updatedToolSession?.sessionGroupKey ? { sessionGroupKey: updatedToolSession.sessionGroupKey } : {}
+  };
+  if (artifacts) {
+    const result = await apiClient.submitBrainGenerationResult(projectId, workItem.workItemId, {
+      status: "completed",
+      runnerId,
+      idempotencyKey: `generation_${workItem.workItemId}_${randomUUID()}`,
+      artifacts,
+      tool: toolName,
+      durationMs,
+      ...sessionTelemetry,
+      message: `${toolName} generated ${artifacts.length} brain artifact${artifacts.length === 1 ? "" : "s"}.`
     });
+    await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
+    console.log(`Generated ${result.documents.length} brain artifact${result.documents.length === 1 ? "" : "s"} for review.`);
+    return { status: "completed", exitCode: 0 };
+  }
+  await apiClient.submitBrainGenerationResult(projectId, workItem.workItemId, {
+    status: "failed",
+    runnerId,
+    idempotencyKey: `generation_${workItem.workItemId}_${randomUUID()}`,
+    tool: toolName,
+    durationMs,
+    ...sessionTelemetry,
+    message: `${toolName} did not produce valid brain artifacts.`,
+    ...generationError ? { error: generationError } : {}
+  });
+  await apiClient.sendRunnerHeartbeat(projectId, runnerId, repositoryLinkId, "online", CLI_VERSION);
+  console.error(generationError ?? "Local runner generation failed.");
+  return { status: "failed", exitCode: toolResult.exitCode || 1 };
+}
+async function loadPairedApiContext(root, apiUrl) {
+  const metadata = await readProjectLink(root);
+  if (!metadata) {
+    return void 0;
+  }
+  const token = await new LocalCredentialStore().get(
+    credentialKey(metadata.amistioAccountId, metadata.amistioProjectId, metadata.repositoryLinkId)
+  );
+  return {
+    metadata,
+    ...token ? { token } : {},
+    client: new ApiClient({
+      apiUrl,
+      accountId: metadata.amistioAccountId,
+      ...token ? { token } : {}
+    })
+  };
+}
+function selectPromptWorkItem(workItems, workItemId) {
+  if (workItemId) {
+    return workItems.find((item) => item.workItemId === workItemId || item.id === workItemId);
+  }
+  return workItems.find((item) => isPromptReadyStatus(item.status));
+}
+function isPromptReadyStatus(status) {
+  return status === "approved" || status === "running" || status === "blocked" || status === "changesRequested";
+}
+async function prepareToolSession({
+  apiClient,
+  projectId,
+  repositoryLinkId,
+  runnerId,
+  sessionPolicy,
+  supportsSessionReuse,
+  resumabilityScope,
+  toolName,
+  workItem
+}) {
+  const { toolSessions } = await apiClient.listToolSessions(projectId);
+  const selection = selectToolSession({
+    policy: sessionPolicy,
+    workItem,
+    sessions: toolSessions,
+    toolName,
+    runnerId,
+    repositoryLinkId,
+    supportsSessionReuse
+  });
+  if (selection.decision === "skipped") {
+    return selection;
+  }
+  if (selection.toolSession) {
+    const { toolSession: toolSession2 } = await apiClient.updateToolSession(projectId, selection.toolSession.toolSessionId, {
+      status: "active",
+      runnerId,
+      lastWorkItemId: workItem.workItemId,
+      reusePolicy: sessionPolicy
+    });
+    return { ...selection, toolSession: toolSession2 };
+  }
+  const toolSessionId = `tool_session_${randomUUID()}`;
+  const { toolSession } = await apiClient.createToolSession(projectId, {
+    toolSessionId,
+    repositoryLinkId,
+    tool: toolName,
+    provider: toolName,
+    resumabilityScope: supportsSessionReuse ? resumabilityScope : "none",
+    title: workItem.title,
+    summary: selection.reason,
+    status: "active",
+    runnerId,
+    lastWorkItemId: workItem.workItemId,
+    messageCount: 0,
+    reusePolicy: sessionPolicy,
+    ...workItem.sessionGroupKey ? { sessionGroupKey: workItem.sessionGroupKey } : {}
+  });
+  return { ...selection, toolSession };
+}
+async function finalizeToolSession({
+  apiClient,
+  costUsd,
+  messageCount,
+  projectId,
+  runnerId,
+  session,
+  status,
+  stdout,
+  tokensIn,
+  tokensOut,
+  workItemId
+}) {
+  if (!session) {
+    return void 0;
+  }
+  const summary = summarizeToolOutput(stdout) ?? session.summary;
+  const { toolSession } = await apiClient.updateToolSession(projectId, session.toolSessionId, {
+    status: status === "completed" ? "open" : "blocked",
+    runnerId,
+    lastWorkItemId: workItemId,
+    messageCount: (session.messageCount ?? 0) + (messageCount ?? 1),
+    ...summary ? { summary } : {},
+    ...tokensIn !== void 0 ? { estimatedInputTokens: (session.estimatedInputTokens ?? 0) + tokensIn } : {},
+    ...tokensOut !== void 0 ? { estimatedOutputTokens: (session.estimatedOutputTokens ?? 0) + tokensOut } : {},
+    ...costUsd !== void 0 ? { costUsd: (session.costUsd ?? 0) + costUsd } : {},
+    ...status === "failed" ? { closedReason: "Last run failed or returned a non-zero exit code." } : {}
+  });
+  return toolSession;
+}
+async function markToolSessionBlocked(apiClient, projectId, session, reason) {
+  if (!session) {
+    return;
+  }
+  await apiClient.updateToolSession(projectId, session.toolSessionId, {
+    status: "blocked",
+    summary: reason,
+    closedReason: reason
+  });
 }
 function localSessionDecision(policy) {
-    if (policy === "new") {
-        return "forcedNew";
-    }
-    if (typeof policy === "string" && policy.startsWith("continue:")) {
-        return "forcedContinue";
-    }
-    return "created";
+  if (policy === "new") {
+    return "forcedNew";
+  }
+  if (typeof policy === "string" && policy.startsWith("continue:")) {
+    return "forcedContinue";
+  }
+  return "created";
 }
 function summarizeToolOutput(value) {
-    const trimmed = value.trim();
-    if (!trimmed) {
-        return undefined;
-    }
-    return trimmed.length > 300 ? `${trimmed.slice(0, 300)}...` : trimmed;
+  const trimmed = value.trim();
+  if (!trimmed) {
+    return void 0;
+  }
+  return trimmed.length > 300 ? `${trimmed.slice(0, 300)}...` : trimmed;
 }
-function errorMessage(error) {
-    return error instanceof Error ? error.message : String(error);
+function errorMessage2(error) {
+  return error instanceof Error ? error.message : String(error);
 }
 function truncateLogExcerpt(value) {
-    const trimmed = value.trim();
-    return trimmed.length > 1200 ? `${trimmed.slice(0, 1200)}...` : trimmed;
+  const trimmed = value.trim();
+  return trimmed.length > 1200 ? `${trimmed.slice(0, 1200)}...` : trimmed;
 }
 function parsePositiveInteger(value) {
-    const parsed = Number(value);
-    if (!Number.isInteger(parsed) || parsed <= 0) {
-        throw new Error(`Expected a positive integer, received ${value}.`);
-    }
-    return parsed;
+  const parsed = Number(value);
+  if (!Number.isInteger(parsed) || parsed <= 0) {
+    throw new Error(`Expected a positive integer, received ${value}.`);
+  }
+  return parsed;
 }
 function inferRepoName(root) {
-    return path.basename(path.resolve(root)) || "repository";
+  return path8.basename(path8.resolve(root)) || "repository";
 }
 function createRepoFingerprint(accountId, projectId, repositoryLinkId) {
-    return createHash("sha256").update(`${accountId}:${projectId}:${repositoryLinkId}`).digest("hex");
+  return createHash2("sha256").update(`${accountId}:${projectId}:${repositoryLinkId}`).digest("hex");
 }
 function defaultApiUrl() {
-    const envApiUrl = process.env[AMISTIO_API_URL_ENV]?.trim();
-    return envApiUrl || officialAmistioApiUrl;
+  const envApiUrl = process.env[AMISTIO_API_URL_ENV]?.trim();
+  return envApiUrl || officialAmistioApiUrl;
 }
 function apiUrlOverrideWasRequested(command) {
-    return command.getOptionValueSource("apiUrl") === "cli" || Boolean(process.env[AMISTIO_API_URL_ENV]?.trim());
+  return command.getOptionValueSource("apiUrl") === "cli" || Boolean(process.env[AMISTIO_API_URL_ENV]?.trim());
 }
 function formatApiUrlFlag(apiUrl) {
-    return isOfficialAmistioApiUrl(apiUrl) ? "" : ` --api-url ${formatShellArg(apiUrl)}`;
+  return isOfficialAmistioApiUrl(apiUrl) ? "" : ` --api-url ${formatShellArg(apiUrl)}`;
 }
 function formatShellArg(value) {
-    return /^[A-Za-z0-9_./:@-]+$/.test(value) ? value : `'${value.replace(/'/g, "'\\''")}'`;
+  return /^[A-Za-z0-9_./:@-]+$/.test(value) ? value : `'${value.replace(/'/g, "'\\''")}'`;
 }
 async function delay(milliseconds) {
-    await new Promise((resolve) => setTimeout(resolve, milliseconds));
+  await new Promise((resolve) => setTimeout(resolve, milliseconds));
 }
 program.parseAsync().catch((error) => {
-    console.error(error instanceof Error ? error.message : String(error));
-    process.exitCode = 1;
+  console.error(error instanceof Error ? error.message : String(error));
+  process.exitCode = 1;
 });
-//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map