@brainjar/cli 0.2.3 → 0.3.0

package/README.md

@@ -5,9 +5,9 @@
 [![downloads](https://img.shields.io/npm/dm/@brainjar/cli)](https://www.npmjs.com/package/@brainjar/cli)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
 
-Shape how your AI thinks — identity, soul, persona, rules.
+Shape how your AI thinks — soul, persona, rules.
 
-brainjar manages AI agent behavior through composable layers. Instead of one monolithic config file, you separate **what the agent sounds like** (soul), **how it works** (persona), and **what constraints it follows** (rules). Each layer is a markdown file. Mix and match them per project, per task, or per session.
+brainjar manages AI agent behavior through composable layers. Instead of one monolithic config file, you separate **what the agent sounds like** (soul), **how it works** (persona), and **what constraints it follows** (rules). Each layer is a markdown file. Mix, match, and switch them per project, per task, or per session.
 
 **[Documentation](https://brainjar.sh)** · **[Getting Started](https://brainjar.sh/getting-started/)**
 
@@ -46,10 +46,9 @@ brainjar soul create|list|show|use|drop
 brainjar persona create|list|show|use|drop
 brainjar rules create|list|show|add|remove
 
-brainjar identity create|list|show|use|drop|unlock|get|status|lock
 brainjar pack export|import
 brainjar hooks install|remove|status [--local]
-brainjar shell [--brain|--soul|--persona|--identity|--rules-add|--rules-remove]
+brainjar shell [--brain|--soul|--persona|--rules-add|--rules-remove]
 brainjar reset [--backend claude|codex]
 ```
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@brainjar/cli",
-  "version": "0.2.3",
-  "description": "Shape how your AI thinks — composable identity, soul, persona, and rules for AI agents",
+  "version": "0.3.0",
+  "description": "Shape how your AI thinks — composable soul, persona, and rules for AI agents",
   "type": "module",
   "license": "MIT",
   "repository": {

package/src/cli.ts

@@ -2,7 +2,6 @@
 import { Cli } from 'incur'
 import pkg from '../package.json'
 import { init } from './commands/init.js'
-import { identity } from './commands/identity.js'
 import { soul } from './commands/soul.js'
 import { persona } from './commands/persona.js'
 import { rules } from './commands/rules.js'
@@ -16,7 +15,7 @@ import { hooks } from './commands/hooks.js'
 import { pack } from './commands/pack.js'
 
 Cli.create('brainjar', {
-  description: 'Shape how your AI thinks — identity, soul, persona, rules',
+  description: 'Shape how your AI thinks — soul, persona, rules',
   version: pkg.version,
   sync: { depth: 0 },
 })
@@ -26,7 +25,6 @@ Cli.create('brainjar', {
   .command(persona)
   .command(rules)
   .command(brain)
-  .command(identity)
   .command(reset)
   .command(shell)
   .command(compose)

package/src/commands/init.ts

@@ -21,14 +21,13 @@ export const init = Cli.create('init', {
       mkdir(paths.personas, { recursive: true }),
       mkdir(paths.rules, { recursive: true }),
       mkdir(paths.brains, { recursive: true }),
-      mkdir(paths.identities, { recursive: true }),
     ])
 
     // Seed the default rule pack
     await seedDefaultRule(paths.rules)
 
     // Build .gitignore — always exclude private files, add .obsidian if vault enabled
-    const gitignoreLines = ['identities/', '.session', 'state.yaml']
+    const gitignoreLines = ['state.yaml']
     if (c.options.obsidian) {
       gitignoreLines.push('.obsidian/', 'templates/')
     }
@@ -53,7 +52,7 @@ export const init = Cli.create('init', {
     const result: Record<string, unknown> = {
       created: brainjarDir,
       backend: c.options.backend,
-      directories: ['souls/', 'personas/', 'rules/', 'brains/', 'identities/'],
+      directories: ['souls/', 'personas/', 'rules/', 'brains/'],
     }
 
     if (c.options.default) {
@@ -63,7 +62,7 @@ export const init = Cli.create('init', {
       result.personas = ['engineer', 'planner', 'reviewer']
       result.next = 'Ready to go. Run `brainjar status` to see your config.'
     } else {
-      result.next = 'Run `brainjar identity create <slug> --name <name> --email <email>` to set up your first identity.'
+      result.next = 'Run `brainjar soul create <name>` to create your first soul.'
     }
 
     if (c.options.obsidian) {

package/src/commands/shell.ts

@@ -14,20 +14,19 @@ export const shell = Cli.create('shell', {
     brain: z.string().optional().describe('Brain name — sets soul, persona, and rules from brain file'),
     soul: z.string().optional().describe('Soul override for this session'),
     persona: z.string().optional().describe('Persona override for this session'),
-    identity: z.string().optional().describe('Identity override for this session'),
     'rules-add': z.string().optional().describe('Comma-separated rules to add'),
     'rules-remove': z.string().optional().describe('Comma-separated rules to remove'),
   }),
   async run(c) {
     await requireBrainjarDir()
 
-    const individualFlags = c.options.soul || c.options.persona || c.options.identity
+    const individualFlags = c.options.soul || c.options.persona
       || c.options['rules-add'] || c.options['rules-remove']
 
     if (c.options.brain && individualFlags) {
       throw new IncurError({
         code: 'MUTUALLY_EXCLUSIVE',
-        message: '--brain is mutually exclusive with --soul, --persona, --identity, --rules-add, --rules-remove.',
+        message: '--brain is mutually exclusive with --soul, --persona, --rules-add, --rules-remove.',
         hint: 'Use --brain alone or individual flags, not both.',
       })
     }
@@ -44,7 +43,6 @@ export const shell = Cli.create('shell', {
     } else {
       if (c.options.soul) envOverrides.BRAINJAR_SOUL = c.options.soul
       if (c.options.persona) envOverrides.BRAINJAR_PERSONA = c.options.persona
-      if (c.options.identity) envOverrides.BRAINJAR_IDENTITY = c.options.identity
       if (c.options['rules-add']) envOverrides.BRAINJAR_RULES_ADD = c.options['rules-add']
       if (c.options['rules-remove']) envOverrides.BRAINJAR_RULES_REMOVE = c.options['rules-remove']
     }
@@ -53,7 +51,7 @@ export const shell = Cli.create('shell', {
       throw new IncurError({
         code: 'NO_OVERRIDES',
         message: 'No overrides specified.',
-        hint: 'Use --brain, --soul, --persona, --identity, --rules-add, or --rules-remove.',
+        hint: 'Use --brain, --soul, --persona, --rules-add, or --rules-remove.',
       })
     }
 
@@ -66,7 +64,6 @@ export const shell = Cli.create('shell', {
     const labels: string[] = []
     if (envOverrides.BRAINJAR_SOUL) labels.push(`soul: ${envOverrides.BRAINJAR_SOUL}`)
     if (envOverrides.BRAINJAR_PERSONA) labels.push(`persona: ${envOverrides.BRAINJAR_PERSONA}`)
-    if (envOverrides.BRAINJAR_IDENTITY) labels.push(`identity: ${envOverrides.BRAINJAR_IDENTITY}`)
     if (envOverrides.BRAINJAR_RULES_ADD) labels.push(`+rules: ${envOverrides.BRAINJAR_RULES_ADD}`)
     if (envOverrides.BRAINJAR_RULES_REMOVE) labels.push(`-rules: ${envOverrides.BRAINJAR_RULES_REMOVE}`)
 

package/src/commands/status.ts

@@ -1,5 +1,5 @@
 import { Cli, z } from 'incur'
-import { readState, readLocalState, readEnvState, mergeState, loadIdentity, requireBrainjarDir } from '../state.js'
+import { readState, readLocalState, readEnvState, mergeState, requireBrainjarDir } from '../state.js'
 import { sync } from '../sync.js'
 
 export const status = Cli.create('status', {
@@ -8,7 +8,7 @@ export const status = Cli.create('status', {
     sync: z.boolean().default(false).describe('Regenerate config file from active layers'),
     global: z.boolean().default(false).describe('Show only global state'),
     local: z.boolean().default(false).describe('Show only local overrides'),
-    short: z.boolean().default(false).describe('One-line output: soul | persona | identity'),
+    short: z.boolean().default(false).describe('One-line output: soul | persona'),
   }),
   async run(c) {
     await requireBrainjarDir()
@@ -19,13 +19,9 @@ export const status = Cli.create('status', {
       const local = await readLocalState()
       const env = readEnvState()
       const effective = mergeState(global, local, env)
-      const slug = effective.identity.value
-        ? (await loadIdentity(effective.identity.value).catch(() => null))?.slug ?? effective.identity.value
-        : null
       const parts = [
         `soul: ${effective.soul.value ?? 'none'}`,
         `persona: ${effective.persona.value ?? 'none'}`,
-        `identity: ${slug ?? 'none'}`,
       ]
       return parts.join(' | ')
     }
@@ -40,20 +36,10 @@ export const status = Cli.create('status', {
     // --global: show only global state (v0.1 behavior)
     if (c.options.global) {
       const state = await readState()
-      let identityFull: Record<string, unknown> | null = null
-      if (state.identity) {
-        try {
-          const { content: _, ...id } = await loadIdentity(state.identity)
-          identityFull = id
-        } catch {
-          identityFull = { slug: state.identity, error: 'File not found' }
-        }
-      }
       const result: Record<string, unknown> = {
         soul: state.soul ?? null,
         persona: state.persona ?? null,
         rules: state.rules,
-        identity: identityFull,
       }
       if (synced) result.synced = synced
       return result
@@ -66,7 +52,6 @@ export const status = Cli.create('status', {
       if ('soul' in local) result.soul = local.soul
       if ('persona' in local) result.persona = local.persona
       if (local.rules) result.rules = local.rules
-      if ('identity' in local) result.identity = local.identity
       if (Object.keys(result).length === 0) result.note = 'No local overrides'
       if (synced) result.synced = synced
       return result
@@ -78,24 +63,12 @@ export const status = Cli.create('status', {
     const env = readEnvState()
     const effective = mergeState(global, local, env)
 
-    // Resolve identity details
-    let identityFull: Record<string, unknown> | null = null
-    if (effective.identity.value) {
-      try {
-        const { content: _, ...id } = await loadIdentity(effective.identity.value)
-        identityFull = { ...id, scope: effective.identity.scope }
-      } catch {
-        identityFull = { slug: effective.identity.value, scope: effective.identity.scope, error: 'File not found' }
-      }
-    }
-
     // Agents and explicit --format get full structured data
     if (c.agent || c.formatExplicit) {
       const result: Record<string, unknown> = {
         soul: effective.soul,
         persona: effective.persona,
         rules: effective.rules,
-        identity: identityFull,
       }
       if (synced) result.synced = synced
       return result
@@ -104,14 +77,6 @@ export const status = Cli.create('status', {
     // Humans get a compact view with scope annotations
     const fmtScope = (scope: string) => `(${scope})`
 
-    const identityLabel = identityFull
-      ? identityFull.error
-        ? `${effective.identity.value} (not found)`
-        : identityFull.engine
-          ? `${identityFull.slug} ${fmtScope(effective.identity.scope)} (${identityFull.engine})`
-          : `${identityFull.slug} ${fmtScope(effective.identity.scope)}`
-      : null
-
     const rulesLabel = effective.rules.length
       ? effective.rules
           .filter(r => !r.scope.startsWith('-'))
@@ -123,7 +88,6 @@ export const status = Cli.create('status', {
       soul: effective.soul.value ? `${effective.soul.value} ${fmtScope(effective.soul.scope)}` : null,
       persona: effective.persona.value ? `${effective.persona.value} ${fmtScope(effective.persona.scope)}` : null,
       rules: rulesLabel,
-      identity: identityLabel,
     }
     if (synced) result.synced = synced
     return result

package/src/paths.ts

@@ -41,8 +41,6 @@ export const paths = {
   get personas() { return join(getBrainjarDir(), 'personas') },
   get rules() { return join(getBrainjarDir(), 'rules') },
   get brains() { return join(getBrainjarDir(), 'brains') },
-  get identities() { return join(getBrainjarDir(), 'identities') },
-  get session() { return join(getBrainjarDir(), '.session') },
   get state() { return join(getBrainjarDir(), 'state.yaml') },
   get localState() { return join(getLocalDir(), 'state.yaml') },
 }

package/src/seeds.ts

@@ -26,9 +26,7 @@ function obsidianAppConfigWithExclusions() {
     useMarkdownLinks: false,
     alwaysUpdateLinks: true,
     userIgnoreFilters: [
-      'identities/',
       'state.yaml',
-      '.session',
       '.gitignore',
     ],
   }, null, 2)

package/src/state.ts

@@ -73,13 +73,12 @@ export async function listAvailableRules(): Promise<string[]> {
 
 export interface State {
   backend: string | null
-  identity: string | null
   soul: string | null
   persona: string | null
   rules: string[]
 }
 
-const DEFAULT_STATE: State = { backend: null, identity: null, soul: null, persona: null, rules: [] }
+const DEFAULT_STATE: State = { backend: null, soul: null, persona: null, rules: [] }
 
 export async function requireBrainjarDir(): Promise<void> {
   try {
@@ -111,20 +110,6 @@ export function stripFrontmatter(content: string): string {
   return content.replace(/\r\n/g, '\n').replace(/^---\n[\s\S]*?\n---\n*/, '').trim()
 }
 
-export function parseIdentity(content: string) {
-  const parsed = parseYaml(content)
-  return {
-    name: parsed?.name as string | undefined,
-    email: parsed?.email as string | undefined,
-    engine: parsed?.engine as string | undefined,
-  }
-}
-
-export async function loadIdentity(slug: string) {
-  const content = await readFile(join(paths.identities, `${slug}.yaml`), 'utf-8')
-  return { slug, content, ...parseIdentity(content) }
-}
-
 /** Return a valid slug or null. Prevents path traversal from state.yaml. */
 function safeName(value: unknown): string | null {
   if (typeof value !== 'string' || !value) return null
@@ -151,7 +136,6 @@ export async function readState(): Promise<State> {
 
   return {
     backend: ((parsed as any).backend === 'claude' || (parsed as any).backend === 'codex') ? (parsed as any).backend : null,
-    identity: safeName((parsed as any).identity),
     soul: safeName((parsed as any).soul),
     persona: safeName((parsed as any).persona),
     rules: Array.isArray((parsed as any).rules)
@@ -209,7 +193,6 @@ export async function withStateLock<T>(fn: () => Promise<T>): Promise<T> {
 export async function writeState(state: State): Promise<void> {
   const doc = {
     backend: state.backend ?? null,
-    identity: state.identity ?? null,
     soul: state.soul ?? null,
     persona: state.persona ?? null,
     rules: state.rules,
@@ -223,7 +206,6 @@ export async function writeState(state: State): Promise<void> {
 
 /** Local state only stores overrides. undefined = cascade, null = explicit unset. */
 export interface LocalState {
-  identity?: string | null
   soul?: string | null
   persona?: string | null
   rules?: {
@@ -240,7 +222,6 @@ export type Scope = 'global' | 'local' | '+local' | '-local' | 'env' | '+env' |
 /** Effective state after merging global + local + env, with scope annotations. */
 export interface EffectiveState {
   backend: string | null
-  identity: { value: string | null; scope: Scope }
   soul: { value: string | null; scope: Scope }
   persona: { value: string | null; scope: Scope }
   rules: { value: string; scope: Scope }[]
@@ -268,7 +249,6 @@ export async function readLocalState(): Promise<LocalState> {
   const p = parsed as Record<string, unknown>
 
   // For each layer: if key is present, include it (even if null)
-  if ('identity' in p) result.identity = p.identity === null ? null : safeName(p.identity)
   if ('soul' in p) result.soul = p.soul === null ? null : safeName(p.soul)
   if ('persona' in p) result.persona = p.persona === null ? null : safeName(p.persona)
 
@@ -292,7 +272,6 @@ export async function writeLocalState(local: LocalState): Promise<void> {
 
   // Build a clean doc — only include keys that are present in local
   const doc: Record<string, unknown> = {}
-  if ('identity' in local) doc.identity = local.identity ?? null
   if ('soul' in local) doc.soul = local.soul ?? null
   if ('persona' in local) doc.persona = local.persona ?? null
   if (local.rules) {
@@ -313,9 +292,6 @@ export function readEnvState(extraEnv?: Record<string, string>): EnvState {
   const env = extraEnv ? { ...process.env, ...extraEnv } : process.env
   const result: EnvState = {}
 
-  if (env.BRAINJAR_IDENTITY !== undefined) {
-    result.identity = env.BRAINJAR_IDENTITY === '' ? null : safeName(env.BRAINJAR_IDENTITY)
-  }
   if (env.BRAINJAR_SOUL !== undefined) {
     result.soul = env.BRAINJAR_SOUL === '' ? null : safeName(env.BRAINJAR_SOUL)
   }
@@ -353,10 +329,6 @@ function applyOverrides(
   const plusScope = `+${scope}` as Scope
   const minusScope = `-${scope}` as Scope
 
-  const identity = 'identity' in overrides
-    ? { value: overrides.identity ?? null, scope: scope as Scope }
-    : base.identity
-
   const soul = 'soul' in overrides
     ? { value: overrides.soul ?? null, scope: scope as Scope }
     : base.soul
@@ -395,7 +367,7 @@ function applyOverrides(
     }
   }
 
-  return { backend: base.backend, identity, soul, persona, rules }
+  return { backend: base.backend, soul, persona, rules }
 }
 
 /** Pure merge: global → local → env, each scope overrides the previous. */
@@ -403,7 +375,6 @@ export function mergeState(global: State, local: LocalState, env?: EnvState): Ef
   // Start with global as the base effective state
   const base: EffectiveState = {
     backend: global.backend,
-    identity: { value: global.identity, scope: 'global' },
     soul: { value: global.soul, scope: 'global' },
     persona: { value: global.persona, scope: 'global' },
     rules: global.rules.map(r => ({ value: r, scope: 'global' as Scope })),

package/src/sync.ts

@@ -1,4 +1,4 @@
-import { readFile, writeFile, copyFile, mkdir, access } from 'node:fs/promises'
+import { readFile, writeFile, copyFile, mkdir } from 'node:fs/promises'
 import { join } from 'node:path'
 import { type Backend, getBackendConfig, paths } from './paths.js'
 import { type State, readState, readLocalState, readEnvState, mergeState, requireBrainjarDir, stripFrontmatter, resolveRuleContent } from './state.js'
@@ -40,17 +40,6 @@ async function inlineRules(rules: string[], sections: string[], warnings: string
   }
 }
 
-async function inlineIdentity(name: string, sections: string[]) {
-  try {
-    await access(join(paths.identities, `${name}.yaml`))
-    sections.push('')
-    sections.push('## Identity')
-    sections.push('')
-    sections.push(`See ~/.brainjar/identities/${name}.yaml for active identity.`)
-    sections.push('Manage with `brainjar identity [list|use|show]`.')
-  } catch {}
-}
-
 /** Extract content before, inside, and after brainjar markers. */
 function parseMarkers(content: string): { before: string; after: string } | null {
   const startIdx = content.indexOf(MARKER_START)
@@ -115,21 +104,16 @@ export async function sync(options?: Backend | SyncOptions) {
       // But only write rules section if local state has rules overrides
       await inlineRules(activeRules, sections, warnings)
     }
-    if ('identity' in localState && effective.identity.value) {
-      await inlineIdentity(effective.identity.value, sections)
-    }
   } else {
     // Global mode: apply env overrides on top of global state, write all layers
     const effective = mergeState(globalState, {}, envState)
     const effectiveSoul = effective.soul.value
     const effectivePersona = effective.persona.value
     const effectiveRules = effective.rules.filter(r => !r.scope.startsWith('-')).map(r => r.value)
-    const effectiveIdentity = effective.identity.value
 
     if (effectiveSoul) await inlineSoul(effectiveSoul, sections)
     if (effectivePersona) await inlinePersona(effectivePersona, sections)
     await inlineRules(effectiveRules, sections, warnings)
-    if (effectiveIdentity) await inlineIdentity(effectiveIdentity, sections)
 
     // Local Overrides note (only for global config)
     sections.push('')

package/src/commands/identity.ts

@@ -1,276 +0,0 @@
-import { Cli, z, Errors } from 'incur'
-import { stringify as stringifyYaml } from 'yaml'
-
-const { IncurError } = Errors
-import { readdir, readFile, writeFile, mkdir, rm } from 'node:fs/promises'
-import { join, basename } from 'node:path'
-import { paths } from '../paths.js'
-import { readState, writeState, withStateLock, readLocalState, writeLocalState, withLocalStateLock, readEnvState, mergeState, loadIdentity, parseIdentity, requireBrainjarDir, normalizeSlug } from '../state.js'
-import { getEngine } from '../engines/index.js'
-import { sync } from '../sync.js'
-
-function redactSession(status: Record<string, unknown>) {
-  const { session: _, ...safe } = status as any
-  return safe
-}
-
-async function requireActiveIdentity() {
-  await requireBrainjarDir()
-  const state = await readState()
-  if (!state.identity) {
-    throw new IncurError({
-      code: 'NO_ACTIVE_IDENTITY',
-      message: 'No active identity.',
-      hint: 'Run `brainjar identity use <slug>` to activate one.',
-    })
-  }
-  return loadIdentity(state.identity)
-}
-
-function requireEngine(engineName: string | undefined) {
-  if (!engineName) {
-    throw new IncurError({
-      code: 'NO_ENGINE',
-      message: 'Active identity has no engine configured.',
-    })
-  }
-  const engine = getEngine(engineName)
-  if (!engine) {
-    throw new IncurError({
-      code: 'UNKNOWN_ENGINE',
-      message: `Unknown engine: ${engineName}`,
-      hint: 'Supported engines: bitwarden',
-    })
-  }
-  return engine
-}
-
-export const identity = Cli.create('identity', {
-  description: 'Manage digital identity — one active at a time',
-})
-  .command('create', {
-    description: 'Create a new identity',
-    args: z.object({
-      slug: z.string().describe('Identity slug (e.g. personal, work)'),
-    }),
-    options: z.object({
-      name: z.string().describe('Full display name'),
-      email: z.string().describe('Email address'),
-      engine: z.literal('bitwarden').default('bitwarden').describe('Credential engine'),
-    }),
-    async run(c) {
-      await requireBrainjarDir()
-      const slug = normalizeSlug(c.args.slug, 'identity slug')
-      await mkdir(paths.identities, { recursive: true })
-
-      const content = stringifyYaml({ name: c.options.name, email: c.options.email, engine: c.options.engine })
-
-      const filePath = join(paths.identities, `${slug}.yaml`)
-      await writeFile(filePath, content)
-
-      return {
-        created: filePath,
-        identity: { slug, name: c.options.name, email: c.options.email, engine: c.options.engine },
-        next: `Run \`brainjar identity use ${slug}\` to activate.`,
-      }
-    },
-  })
-  .command('list', {
-    description: 'List available identities',
-    async run() {
-      const entries = await readdir(paths.identities).catch(() => [])
-      const identities = []
-
-      for (const file of entries.filter(f => f.endsWith('.yaml'))) {
-        const slug = basename(file, '.yaml')
-        const content = await readFile(join(paths.identities, file), 'utf-8')
-        identities.push({ slug, ...parseIdentity(content) })
-      }
-
-      return { identities }
-    },
-  })
-  .command('show', {
-    description: 'Show the active identity',
-    options: z.object({
-      local: z.boolean().default(false).describe('Show local identity override (if any)'),
-      short: z.boolean().default(false).describe('Print only the active identity slug'),
-    }),
-    async run(c) {
-      if (c.options.short) {
-        const global = await readState()
-        const local = await readLocalState()
-        const env = readEnvState()
-        const effective = mergeState(global, local, env)
-        return effective.identity.value ?? 'none'
-      }
-
-      if (c.options.local) {
-        const local = await readLocalState()
-        if (!('identity' in local)) return { active: false, scope: 'local', note: 'No local identity override (cascades from global)' }
-        if (local.identity === null) return { active: false, scope: 'local', slug: null, note: 'Explicitly unset at local scope' }
-        try {
-          const content = await readFile(join(paths.identities, `${local.identity}.yaml`), 'utf-8')
-          return { active: true, scope: 'local', slug: local.identity, ...parseIdentity(content) }
-        } catch {
-          return { active: false, scope: 'local', slug: local.identity, error: 'File not found' }
-        }
-      }
-
-      const global = await readState()
-      const local = await readLocalState()
-      const env = readEnvState()
-      const effective = mergeState(global, local, env)
-      if (!effective.identity.value) return { active: false }
-      try {
-        const content = await readFile(join(paths.identities, `${effective.identity.value}.yaml`), 'utf-8')
-        return { active: true, slug: effective.identity.value, scope: effective.identity.scope, ...parseIdentity(content) }
-      } catch {
-        return { active: false, slug: effective.identity.value, error: 'File not found' }
-      }
-    },
-  })
-  .command('use', {
-    description: 'Activate an identity',
-    args: z.object({
-      slug: z.string().describe('Identity slug to activate'),
-    }),
-    options: z.object({
-      local: z.boolean().default(false).describe('Write to local .claude/CLAUDE.md instead of global'),
-    }),
-    async run(c) {
-      await requireBrainjarDir()
-      const slug = normalizeSlug(c.args.slug, 'identity slug')
-      const source = join(paths.identities, `${slug}.yaml`)
-      try {
-        await readFile(source, 'utf-8')
-      } catch {
-        throw new IncurError({
-          code: 'IDENTITY_NOT_FOUND',
-          message: `Identity "${slug}" not found.`,
-          hint: 'Run `brainjar identity list` to see available identities.',
-        })
-      }
-
-      if (c.options.local) {
-        await withLocalStateLock(async () => {
-          const local = await readLocalState()
-          local.identity = slug
-          await writeLocalState(local)
-          await sync({ local: true })
-        })
-      } else {
-        await withStateLock(async () => {
-          const state = await readState()
-          state.identity = slug
-          await writeState(state)
-          await sync()
-        })
-      }
-
-      return { activated: slug, local: c.options.local }
-    },
-  })
-  .command('drop', {
-    description: 'Deactivate the current identity',
-    options: z.object({
-      local: z.boolean().default(false).describe('Remove local identity override or deactivate global identity'),
-    }),
-    async run(c) {
-      await requireBrainjarDir()
-      if (c.options.local) {
-        await withLocalStateLock(async () => {
-          const local = await readLocalState()
-          delete local.identity
-          await writeLocalState(local)
-          await sync({ local: true })
-        })
-      } else {
-        await withStateLock(async () => {
-          const state = await readState()
-          if (!state.identity) {
-            throw new IncurError({
-              code: 'NO_ACTIVE_IDENTITY',
-              message: 'No active identity to deactivate.',
-            })
-          }
-          state.identity = null
-          await writeState(state)
-          await sync()
-        })
-      }
-      return { deactivated: true, local: c.options.local }
-    },
-  })
-  .command('unlock', {
-    description: 'Store the credential engine session token',
-    args: z.object({
-      session: z.string().optional().describe('Session token (reads from stdin if omitted)'),
-    }),
-    async run(c) {
-      let session = c.args.session
-      if (!session) {
-        if (process.stdin.isTTY) {
-          throw new IncurError({
-            code: 'NO_SESSION',
-            message: 'No session token provided.',
-            hint: 'Pipe it in: bw unlock --raw | brainjar identity unlock',
-          })
-        }
-        let data = ''
-        for await (const chunk of process.stdin) {
-          data += typeof chunk === 'string' ? chunk : chunk.toString('utf-8')
-        }
-        session = data.trim()
-      }
-      if (!session) {
-        throw new IncurError({
-          code: 'EMPTY_SESSION',
-          message: 'Session token is empty.',
-        })
-      }
-      await writeFile(paths.session, session, { mode: 0o600 })
-      return { unlocked: true, stored: paths.session }
-    },
-  })
-  .command('get', {
-    description: 'Retrieve a credential from the active identity engine',
-    args: z.object({
-      item: z.string().describe('Item name or ID to retrieve from the vault'),
-    }),
-    async run(c) {
-      const { engine: engineName } = await requireActiveIdentity()
-      const engine = requireEngine(engineName)
-
-      const status = await engine.status()
-      if (status.state !== 'unlocked') {
-        throw new IncurError({
-          code: 'ENGINE_LOCKED',
-          message: 'Credential engine is not unlocked.',
-          hint: 'operator_action' in status ? status.operator_action : undefined,
-          retryable: true,
-        })
-      }
-
-      return engine.get(c.args.item, status.session)
-    },
-  })
-  .command('status', {
-    description: 'Check if the credential engine session is active',
-    async run() {
-      const { name, email, engine: engineName } = await requireActiveIdentity()
-      const engine = requireEngine(engineName)
-      const engineStatus = await engine.status()
-      return { identity: { name, email, engine: engineName }, ...redactSession(engineStatus) }
-    },
-  })
-  .command('lock', {
-    description: 'Lock the credential engine session',
-    async run() {
-      const { engine: engineName } = await requireActiveIdentity()
-      const engine = requireEngine(engineName)
-      await engine.lock()
-      await rm(paths.session, { force: true })
-      return { locked: true }
-    },
-  })

package/src/engines/bitwarden.ts

@@ -1,105 +0,0 @@
-import { $ } from 'bun'
-import { readFile } from 'node:fs/promises'
-import { paths } from '../paths.js'
-import type { CredentialEngine, EngineStatus } from './types.js'
-
-export async function loadSession(): Promise<string | null> {
-  // Env var takes precedence, then session file
-  if (process.env.BW_SESSION) return process.env.BW_SESSION
-  try {
-    const session = (await readFile(paths.session, 'utf-8')).trim()
-    return session || null
-  } catch {
-    return null
-  }
-}
-
-/** Thin shell wrapper — extracted so tests can replace it via spyOn. */
-export const bw = {
-  async whichBw(): Promise<void> {
-    await $`which bw`.quiet()
-  },
-
-  async status(session: string | null): Promise<any> {
-    return session
-      ? $`bw status`.env({ ...process.env, BW_SESSION: session }).json()
-      : $`bw status`.json()
-  },
-
-  async getItem(item: string, session: string): Promise<any> {
-    return $`bw get item ${item}`.env({ ...process.env, BW_SESSION: session }).json()
-  },
-
-  async lock(): Promise<void> {
-    await $`bw lock`.quiet()
-  },
-}
-
-export const bitwarden: CredentialEngine = {
-  name: 'bitwarden',
-
-  async status(): Promise<EngineStatus> {
-    try {
-      await bw.whichBw()
-    } catch {
-      return { state: 'not_installed', install: 'npm install -g @bitwarden/cli' }
-    }
-
-    try {
-      const session = await loadSession()
-      const result = await bw.status(session)
-
-      if (result.status === 'unauthenticated') {
-        return {
-          state: 'unauthenticated',
-          operator_action: `bw login ${result.userEmail ?? '<email>'}`,
-        }
-      }
-
-      if (result.status === 'unlocked' && session) {
-        return { state: 'unlocked', session }
-      }
-
-      return {
-        state: 'locked',
-        operator_action: 'Run `bw unlock` and then `brainjar identity unlock <session>`',
-      }
-    } catch {
-      return {
-        state: 'locked',
-        operator_action: 'Could not determine vault status. Run `bw unlock` and then `brainjar identity unlock <session>`',
-      }
-    }
-  },
-
-  async get(item: string, session: string) {
-    if (!item || item.length > 256 || /[\x00-\x1f]/.test(item)) {
-      return { error: `Invalid item name: "${item}"` }
-    }
-    try {
-      const result = await bw.getItem(item, session)
-
-      if (result.login?.password) {
-        return { value: result.login.password }
-      }
-      if (result.notes) {
-        return { value: result.notes }
-      }
-
-      return { error: `Item "${item}" found but has no password or notes.` }
-    } catch (e) {
-      const stderr = (e as any)?.stderr?.toString?.()?.trim?.()
-      const message = stderr || (e as Error).message || 'unknown error'
-      return { error: `Could not retrieve "${item}": ${message}` }
-    }
-  },
-
-  async lock() {
-    try {
-      await bw.lock()
-    } catch (e) {
-      const stderr = (e as any)?.stderr?.toString?.()?.trim?.()
-      throw new Error(`Failed to lock vault: ${stderr || (e as Error).message}`)
-    }
-  },
-}

package/src/engines/index.ts

@@ -1,12 +0,0 @@
-import type { CredentialEngine } from './types.js'
-import { bitwarden } from './bitwarden.js'
-
-const engines: Record<string, CredentialEngine> = {
-  bitwarden,
-}
-
-export function getEngine(name: string): CredentialEngine | null {
-  return engines[name] ?? null
-}
-
-export type { CredentialEngine }

package/src/engines/types.ts

@@ -1,12 +0,0 @@
-export type EngineStatus =
-  | { state: 'not_installed'; install: string }
-  | { state: 'unauthenticated'; operator_action: string }
-  | { state: 'locked'; operator_action: string }
-  | { state: 'unlocked'; session: string }
-
-export interface CredentialEngine {
-  name: string
-  status(): Promise<EngineStatus>
-  get(item: string, session: string): Promise<{ value: string } | { error: string }>
-  lock(): Promise<void>
-}