@devtrack-solution/codesdd 1.2.3 → 1.2.4-rc3

package/README.md

@@ -73,6 +73,9 @@ Para a iniciativa EPIC-0065, o projeto formaliza a seguinte fronteira canonica:
 - CodeSDD e o control plane soberano: estado canonico (`.sdd/state/*.yaml`), lifecycle, EPIC/FEAT, ADR, politicas, qualidade, evidencia e finalize.
 - DeepAgents e execution plane governado: planejamento tatico, delegacao de subagentes, execucao em sandbox, memoria tatica controlada e coleta de evidencia estruturada.
 - Plugins operam como plano de construcao deterministico via broker e envelopes; Reversa opera como pipeline especializado de engenharia reversa.
+- Planos de plugin standalone validam `package_governance`, runtime de linguagem e fronteira de storage antes de qualquer adaptador tratar a operacao como executavel.
+- O core agora possui uma casca Foundation-like incremental em `src/domains`, `src/applications`, `src/infrastructures`, `src/presentations` e `src/shared`; detalhes em `docs/codesdd-foundation-layer-migration.md`.
+- Gates de qualidade para SDK/agentes/plugins agregam governanca de pacote, runtime de linguagem, artifact map, planos DeepAgents/Codex/OpenCode, compliance de plugin e cobertura por escopo em `src/core/sdd/sdk-agent-plugin-quality-gates.ts`.
 - Nenhum runtime de agente pode virar fonte paralela de verdade para o estado operacional do projeto.
 
 Pacote ADR obrigatorio da iniciativa:
@@ -116,6 +119,14 @@ bloqueado sem instanciar agente; no modo `fake`, executa o adapter
 deterministico sem credenciais; e no modo `deepagents-js`, so materializa o
 adapter nativo quando os feature toggles, modelo, credencial de launcher e
 politicas passam. Falhas de prontidao viram evidencia estruturada fail-closed.
+Para validar uma mudanca antes de invocar runtime, use
+`codesdd sdd preflight <FEAT-ID> --intent-operation <op> --write-scope <glob> --planned-writes <path> --json`.
+Esse comando executa os mesmos guardrails de mutacao com `runtime_skipped: true`
+e emite telemetria segura em `evidence.guardrail_telemetry`, contendo apenas
+decisao, status por gate, nivel de risco e classificacoes agregadas, sem paths
+brutos, texto de objetivo ou valores de override. Os cenarios golden de
+EPIC-0078 cobrem catalogo aditivo permitido, substituicao bloqueada, override
+valido, override invalido e refactor amplo legitimo.
 O smoke operacional padrao esta em `pnpm run test:deepagents-smoke`, cobrindo
 `disabled` e `fake` sem segredos nem rede; o smoke real de provedor so roda com
 `CODESDD_DEEPAGENTS_PROVIDER_SMOKE=1`, modelo, chave de launcher e dominio de
@@ -144,7 +155,7 @@ a precedencia valida usa `AZURE_OPENAI_DEPLOYMENT_NAME`, depois
 
 Redis e uma fronteira opcional para coordenacao tecnica de locks, cache, filas e eventos. Ele nao substitui a autoridade operacional de `.sdd/state/*.yaml`.
 
-Por padrao, CodeSDD usa locks em filesystem, cache L1 em memoria e cache L2 em `~/.codesdd/cache/projects/<fingerprint>/coordination`. A fabrica `createFilesystemFirstCoordinationAdapters` em `src/core/sdd/coordination/` mantem esse comportamento mesmo quando Redis e solicitado, ate que um adaptador Redis real seja instalado.
+Por padrao, CodeSDD usa locks em filesystem, cache L1 em memoria e cache L2 em `~/.codesdd/cache/projects/<fingerprint>/coordination`. Quando Redis esta configurado e responde a ping, o runtime usa o cliente oficial `redis` para operar em modo `hybrid`: L1 em memoria, Redis como acelerador/coordenador distribuido e filesystem como fallback descartavel.
 
 Variaveis reconhecidas:
 
@@ -152,10 +163,39 @@ Variaveis reconhecidas:
 - `REDIS_URL`: fallback quando `CODESDD_REDIS_URL` nao estiver definida.
 - `CODESDD_REDIS_ENABLED=true`: marca Redis como solicitado mesmo sem URL.
 - `CODESDD_REDIS_NAMESPACE`: namespace logico; padrao `codesdd`.
+- `CODESDD_REDIS_TLS=true`: ativa TLS quando a URL nao usar `rediss://`.
+- `CODESDD_REDIS_FALLBACK=filesystem|none`: controla degradacao quando Redis falha.
+- `CODESDD_REDIS_CONNECT_TIMEOUT_MS`, `CODESDD_REDIS_COMMAND_TIMEOUT_MS`, `CODESDD_REDIS_MAX_RETRIES`, `CODESDD_REDIS_CACHE_TTL_MS`, `CODESDD_REDIS_LOCK_TTL_MS`.
+
+Exemplo seguro em `~/.codesdd/config.toml`:
+
+```toml
+[redis]
+enabled = true
+url_env = "CODESDD_REDIS_URL"
+namespace = "codesdd"
+fallback = "filesystem"
+connect_timeout_ms = 500
+command_timeout_ms = 1000
+max_retries = 2
+cache_default_ttl_ms = 300000
+lock_ttl_ms = 30000
+stream_max_len = 10000
+```
+
+Mantenha a URL real no shell, password manager ou secret store do CI:
+
+```bash
+export CODESDD_REDIS_URL="redis://localhost:6379"
+```
+
+`codesdd config doctor --json` e `codesdd config redis status --json` reportam `disabled`, `requested-unavailable`, `ready`, `degraded` ou `blocked` sem imprimir usuario, senha ou token da URL. Operacoes adicionais:
 
-Enquanto o cliente Redis nao existir no runtime, o status exposto e `requested-unavailable` e os defaults filesystem-first continuam autoritativos.
+- `codesdd config redis ping`
+- `codesdd config redis bench --iterations 20`
+- `codesdd config redis flush-namespace --yes`
 
-`codesdd config list` exibe o status atual da fronteira Redis e o namespace efetivo sem imprimir segredos.
+Redis nunca deve armazenar estado canonico do projeto, chaves de API, tokens, senhas, respostas cruas de providers ou dados pessoais. Use `docs/redis-operations.md` para o runbook completo.
 
 ## Contrato de nomenclatura
 
@@ -247,6 +287,9 @@ Se o terminal nao encontrar `codesdd`, a instalacao provavelmente foi concluida,
 - O tier `projects` usa fingerprint por raiz de projeto para evitar colisao de cache entre repositorios.
 - `codesdd config init` cria/normaliza `~/.codesdd/config.toml`, `~/.codesdd/cache/**` e `~/.codesdd/env.zsh` com conteudo nao secreto.
 - Em shell Zsh, `codesdd config init` garante um bloco idempotente no `~/.zshrc` para `source ~/.codesdd/env.zsh`.
+- A fronteira funcional e validavel: estado versionado do projeto fica em `.sdd`; config/runtime/cache comum fica em `~/.codesdd`; `.codesdd` dentro do repositorio e invalido para novo estado.
+- `codesdd config doctor --json` expoe `storage_boundary` com `project_state_dir`, `global_runtime_dir`, `global_cache_dir`, tiers de cache e regras de separacao.
+- `codesdd sdd plugin plan --project-root <path>` reutiliza essa fronteira para bloquear writes de plugin em `.codesdd` local e expor `workcell_runner.standalone.storage_boundary`.
 - O perfil gerado por `codesdd config init` e fail-closed: DeepAgents fica
   desabilitado, runtime `disabled`, provider smoke `0` e rede `disabled` ate
   que um operador habilite explicitamente um provedor live.
@@ -330,6 +373,18 @@ pnpm run quality:review
 - `cleanup:install`: faz a limpeza acima e tambem remove `node_modules/` e lockfiles alternativos locais (`package-lock.json`, `yarn.lock`, `bun.lock*`), preservando o `pnpm-lock.yaml` versionado.
 - `quality:review`: executa build, lint, testes, cobertura, validacao SDD e pack-version sem remover `node_modules/` nem executar `pnpm install`; use em revisoes/auditorias que nao devem limpar o workspace.
 
+Antes de release, gere o resumo nao mutante de prontidao:
+
+```bash
+codesdd sdd release-readiness --strict
+```
+
+O comando verifica saude SDD, FEATs ativos, scripts de CI parity, metadata do
+pacote, fronteira de `.npmrc`, allowlist de publicacao, varredura de segredos
+de alta confianca, proveniencia/SBOM, smoke de instalacao via tarball com
+bootstrap da CLI, plano de rollback com `npm deprecate`, schemas essenciais e
+docs de release/seguranca.
+
 ## Como iniciar em um projeto novo
 
 Entre no repositorio onde voce quer usar o sistema e rode:
@@ -467,6 +522,19 @@ If there is no ready FEAT, onboarding now returns guided steps such as creating
 codesdd sdd next
 ```
 
+Para operar o plano sem adivinhar, use:
+
+```bash
+codesdd sdd plan-status
+codesdd sdd execute-next --dry-run
+codesdd sdd execute-next
+```
+
+`plan-status` mostra FEATs ativas, a proxima lista ranqueada e a acao
+recomendada. `execute-next` usa o mesmo ranking de `next` e chama `sdd start`
+para a primeira FEAT pronta; use `--dry-run` para auditar a escolha sem mudar
+estado.
+
 Auditar a saude de evolucao do proprio processo SDD (ciclo recomendado: semestral):
 
 ```bash
@@ -567,6 +635,42 @@ workspace ativa.
 codesdd sdd context FEAT-0001
 ```
 
+Para reduzir consumo de contexto, `sdd context` aceita modos de budget:
+`--budget compact`, `--budget standard` e `--budget full` (`--compact` e
+`--full` sao atalhos). O modo `compact` preserva os campos principais e reduz
+listas grandes como `read_order`, `core_docs`, contratos, servicos e
+predecessores; a resposta inclui `context_budget` com estimativa de caracteres
+e campos truncados. Antes de truncar, listas conhecidas passam por dedupe
+deterministico, preservando a primeira ocorrencia e registrando a reducao em
+`context_budget.deduped_fields`.
+
+Quando o budget omite itens, a resposta tambem inclui
+`progressive_disclosure`, com contagem por campo e um `reveal_command` para
+reemitir o contexto completo (`codesdd sdd context <REF> --full --json`). Isso
+permite usar o pacote compacto como plano inicial sem perder a trilha de como
+expandir detalhes sob demanda.
+
+O pacote budgetado tambem usa cache descartavel em
+`~/.codesdd/cache/projects/<project-fingerprint>/context-summary`, isolado pelo
+fingerprint do projeto e por um fingerprint dos arquivos `.sdd/state` e da
+workspace da entidade. A resposta inclui `context_cache` com `hit`, `key`,
+`project_fingerprint` e `source_fingerprint`; quando a fonte muda, a chave muda
+e o pacote e recalculado.
+
+Quando a tarefa depende de economia de contexto, registre a medicao em
+`5-quality.yaml` usando `token_budget_gates.telemetry`. O gate aceita
+`budget_chars`, `actual_chars`, `efficiency_percent`, `gate` e `evidence_ref`;
+o Q95 usa a pior eficiencia estruturada e trata `gate: fail` ou eficiencia
+abaixo de `fail_below_percent` como bloqueio de qualidade.
+
+Para estabilizar validacoes longas, `5-quality.yaml` tambem aceita
+`runtime_quality_gates`. Use `performance[]` para registrar duracao, p95,
+memoria ou CPU com `threshold`, `actual` e `gate`; use `flakiness[]` para
+registrar `attempts`, `failures` ou `failure_rate_percent`. Quando houver
+telemetria, o Q95 incorpora o pior sinal de performance/flakiness no eixo de
+integridade; sem telemetria, o score permanece neutro para manter compatibilidade
+com workspaces antigos.
+
 4.1 Expor a fundacao MCP para agentes externos
 
 No repositorio local, use o entrypoint versionado do checkout atual para validar
@@ -621,6 +725,13 @@ A fundacao MCP do CodeSDD e agnostica a provedor e publica o envelope
 `codesdd.context`, `codesdd.query`, `codesdd.read` e os demais nomes
 `codesdd.*` documentados pelo manifest.
 
+Agent Runtime v2 exporta planos de comando para DeepAgents, Codex exec e
+OpenCode run. Para OpenCode, o contrato
+`agent-runtime-opencode-run-evidence.schema.json` registra execucao,
+artefatos, validacoes e trechos redigidos sem permitir escrita direta em
+estado SDD; o `finalize` do CodeSDD continua sendo o unico escritor canonico
+do ciclo de vida.
+
 Perfis aceitos por `--provider`: `codex`, `claude-code`, `kimmy-code`,
 `kilo-code`, `open-code` e `generic`. Para OpenCode/Open Code, o bridge MCP usa
 o identificador `open-code`; `opencode` aparece em contratos antigos de
@@ -643,6 +754,16 @@ Se você já estiver dentro de `.sdd/active/FEAT-####/`, o `finalize` também po
 inferir a FEAT alvo sem `--ref`, priorizando o workspace ativo atual antes de
 cair para a fila pendente padrão.
 
+Após consolidar uma FEAT, o resultado de `sdd finalize` inclui
+`post_finalize_replan` com as próximas FEATs prontas, ondas e contagens de
+bloqueios/conflitos recalculadas a partir do estado canônico. Em saída texto, o
+CLI mostra as primeiras próximas FEATs para orientar execução encadeada.
+
+`.sdd/state/finalize-queue.yaml` separa fila ativa de historico: `items` guarda
+somente finalizacoes `PENDING`, enquanto `history` guarda finalizacoes `DONE`.
+O `check` reporta pendentes e concluidas separadamente, e a view
+`.sdd/planning/finalize-queue.md` mostra a fila ativa mais o historico recente.
+
 Quando `requires_adr: true` ou o `2-plan.yaml` ativo declara impacto
 arquitetural sensivel, o `finalize` exige ADR existente e válido pela lente `adr`
 (seções `Contexto`, `Decisão`, `Consequências` e sem frase proibida de
@@ -659,6 +780,24 @@ contrato operacional das skills: registre uma entrada em
 Sem esse rastro, o fluxo fica bloqueado como qualquer outra evidência de
 qualidade obrigatória.
 
+O `2-plan.yaml` gerado inclui `governance`, que declara a fronteira canônica
+`codesdd-canonical-sdd-state`, os artefatos de planejamento envolvidos, refs de
+decisão, escritas de estado previstas, plano de rollback e gates de validação.
+O schema aceita workspaces históricos sem esse bloco por compatibilidade, mas
+novos planos devem manter esse contrato preenchido.
+
+O mesmo `2-plan.yaml` também inclui `execution_plan`, que explicita se a FEAT
+roda como `single-feature`, `parallel-wave` ou `chained-features`, sempre com
+`state_boundary_ref: codesdd-canonical-sdd-state`. O plano lista comandos,
+quais passos podem escrever estado, `allowed_state_writes`, escritas proibidas
+como `.codesdd/**` e os artefatos de handoff esperados. Planos de automação
+paralela exportados em `schemas/sdd/parallel-feat-automation-plan.schema.json`
+carregam a mesma fronteira para que execução encadeada não crie estado oculto.
+O scheduler encadeado consome FEATs com `blocked_by`, `status` e `lock_domains`,
+trata predecessores `DONE` como âncoras já satisfeitas, divide ondas para evitar
+locks concorrentes e reporta dependências não agendáveis no resultado exportado
+em `schemas/sdd/parallel-feat-scheduler-result.schema.json`.
+
 O `5-quality.yaml` agora também precisa fechar a rastreabilidade viva da
 workspace: preencha `traceability.spec_anchor` com o `updated_at` atual do
 `1-spec.yaml`, referencie a entrada correspondente do `4-changelog.yaml`, e
@@ -667,6 +806,11 @@ requisito -> `code_refs` -> `test_refs` -> `evidence_refs`. O `finalize`,
 `check` e `diagnose` passam a bloquear ou sinalizar drift quando a spec muda e
 esse vínculo não é revisitado.
 
+O ledger `q95_ledger` limita todos os percentuais a `0..100`, exige pesos que
+somam `100` e impede `status: pass` quando `score` fica abaixo de `threshold`.
+Isso mantém o Q95 auditável antes de qualquer automação de release ou execução
+encadeada consumir o resultado.
+
 O `finalize` também executa validação pós-active de lifecycle: a FEAT não pode
 ter cópia semântica em `.sdd/archive/<FEAT-ID>`, deve sair de `.sdd/active/` e
 deve aparecer uma única vez em `.sdd/archived/<FEAT-ID>`. `sdd check` e
@@ -804,7 +948,7 @@ The SDD bootstrap installs local curation in:
 .sdd/skills/curated/
 ```
 
-The default curation currently includes 66 skills across 8 bundles (canonical source: `.sdd/state/skill-catalog.yaml`).
+The default curation currently includes 79 skills across 11 bundles (canonical source: `.sdd/state/skill-catalog.yaml`).
 Skill catalog entries now follow the v2 metadata contract with `token_budget`, `integrity_hash`, `deterministic_pair`, `deprecated_at`, and `superseded_by` for routing governance and lifecycle traceability.
 `codesdd sdd skills sync` now enforces SHA-256 drift detection by layer: canonical curated skills block sync on `missing/modified` manifest hash, while user-extension skills emit non-blocking alerts so local customization remains possible.
 
@@ -817,13 +961,19 @@ Entre elas:
 - `planning-normalizer-sdd`
 - `api-clean-flask-langgraph` (bundle `python-agentic-backend`)
 - `devtrack-api` (bundle `architecture-backend`, canonical DevTrack/NestJS/TypeORM API architecture)
+- `devtrack-angular` (bundle `frontend-product`, canonical DevTrack Angular Admin architecture)
+- `devtrack-flutter` (bundle `frontend-product`, canonical DevTrack Flutter/Dart architecture)
 
-Skill routing is operational, not decorative. When `codesdd sdd context <FEAT-ID>` returns `recommended_skills`, or when a user explicitly directs a skill, the agent must read and follow that skill before implementation and record one `skill_evidence` entry per required skill in `.sdd/active/<FEAT-ID>/5-quality.yaml` before finalize. For API/backend work without an explicit alternative skill/profile, `devtrack-api` is the default architecture and naming source. Explicit Python/Flask API work remains routed to `api-clean-flask-langgraph`.
+Skill routing is operational, not decorative. When `codesdd sdd context <FEAT-ID>` returns `recommended_skills`, or when a user explicitly directs a skill, the agent must read and follow that skill before implementation and record one `skill_evidence` entry per required skill in `.sdd/active/<FEAT-ID>/5-quality.yaml` before finalize. For API/backend work without an explicit alternative skill/profile, `devtrack-api` is the default architecture and naming source. Angular Admin/backoffice work that names admin pages, dashboards, CRUD, data grids, admin Formly, admin NGXS/state, official Angular framework patterns, permissions, reports, workflow, admin realtime, or admin chat uses `devtrack-angular`. Flutter/Dart work that names Flutter apps, widgets, routing, localization, responsive layout, JSON, HTTP, previews, widget tests, integration tests, go_router, ARB, or l10n uses `devtrack-flutter`. Explicit Python/Flask API work remains routed to `api-clean-flask-langgraph`.
 
 The `devtrack-api` skill has a Foundation-layout conformance test. When the Foundation checkout is not at `/Volumes/WORKSPACE/DEVTRACK_TOOLS/devtrack-foundation-api`, set `CODESDD_FOUNDATION_API_ROOT=/path/to/devtrack-foundation-api` before running `pnpm test -- test/specs/devtrack-api-foundation-layout.test.ts`.
 
 The executable `devtrack-api` contract pack lives in `.sdd/skills/curated/devtrack-api/references/contract-pack.yaml`. It defines the `prototype`, `foundation-compatible`, and `enterprise-strict` profiles, P0/P1/P2 severity semantics, early package-preview expectations, import/alias and TypeORM drift rules, and the `codesdd-validate` plus field-evidence drift maps consumed by later governance gates.
 
+The executable `devtrack-angular` contract pack lives in `.sdd/skills/curated/devtrack-angular/references/contract-pack.yaml`. It defines portable agent adapters, `prototype`, `production-admin`, and `enterprise-admin` profiles, pages-first Angular Admin architecture rules, Formly/NGXS/realtime/admin gates, official Angular skills mapping, and evidence expectations for Angular Admin delivery.
+
+The executable `devtrack-flutter` contract pack lives in `.sdd/skills/curated/devtrack-flutter/references/contract-pack.yaml`. It defines portable agent adapters, `prototype`, `production-flutter`, and `enterprise-flutter` profiles, layered Flutter architecture rules, routing/localization/layout/data/test gates, official Flutter skills mapping, and evidence expectations for Flutter/Dart delivery.
+
 Consumer copies of `devtrack-api` are one-way CodeSDD materializations, not durable edit targets. The sync policy lives in `.sdd/skills/curated/devtrack-api/references/consumer-sync-policy.md`: update the consumer project through its CodeSDD update/bootstrap flow, compare the consumer copy with the canonical CodeSDD source, and record source version plus diff evidence in the consumer FEAT quality or handoff.
 
 Field validation for `devtrack-api` is governed by `.sdd/skills/curated/devtrack-api/references/field-validation-protocol.md`. A consumer project must keep its own evidence showing at least two detailed implementation debates and closure of divergence classes D-01 through D-08; CodeSDD keeps the protocol and external reference, not private consumer ledgers.
@@ -891,6 +1041,8 @@ Onboarding e operacao:
 - `codesdd sdd orientar system`
 - `codesdd sdd next`
 - `codesdd sdd next --max-agents <N>` (limita o tamanho da primeira onda e lista itens adiados)
+- `codesdd sdd plan-status`
+- `codesdd sdd execute-next --dry-run`
 - `codesdd sdd start FEAT-0001 --fluxo direto|padrao|rigoroso`
 - `codesdd sdd aprovar FEAT-0001 --etapa proposta|planejamento|tarefas`
 - `codesdd sdd context FEAT-0001`
@@ -1004,6 +1156,8 @@ Operational authority:
 
 Initial operational directives:
 - CodeSDD is the official planner for any build request; other planners or agent-native plans are secondary execution aids only.
+- In initialized CodeSDD repositories, any user request that implies implementation, file edits, validation, execution, or finalize must be treated as requiring CodeSDD planning unless the user explicitly marks it as read-only or outside CodeSDD.
+- For change requests, agents must bind the work to an active or ready FEAT through `codesdd sdd next` and `codesdd sdd context <FEAT-ID>` before implementation; agent-native plans may only decompose execution after that CodeSDD context exists.
 - For API/backend work, use `devtrack-api` by default unless the user or SDD context explicitly selects another skill/profile; Python/Flask API work stays routed to `api-clean-flask-langgraph`.
 - During init, onboard, insight, and debate flows, CodeSDD-managed agent instruction blocks must be inspected and reconfigured when they drift from this contract.
 - Commit requests must follow Conventional Commits, selective staging, and grouping by modified directory plus change protocol (`src`, `.sdd`, docs, config, infra, dependencies, or generated files).

package/dist/applications/sdd/index.d.ts

@@ -0,0 +1,16 @@
+export { ApproveService } from '../../core/sdd/services/approve.service.js';
+export { BreakdownService } from '../../core/sdd/services/breakdown.service.js';
+export { ContextService } from '../../core/sdd/services/context.service.js';
+export { DebateService } from '../../core/sdd/services/debate.service.js';
+export { DecideService } from '../../core/sdd/services/decide.service.js';
+export { DeepAgentsRunService, type DeepAgentsRunRequest, type DeepAgentsRunResult } from '../../core/sdd/services/agent-run.service.js';
+export { FeatureLintService, collectTaskCommands, formatFeatureLintReport, isFoundationPrescriptiveFeature, type FeatureLintFinding, type FeatureLintOptions, type FeatureLintReport, } from '../../core/sdd/services/feature-lint.service.js';
+export { FinalizeService } from '../../core/sdd/services/finalize.service.js';
+export { FrontendGapService } from '../../core/sdd/services/frontend-gap.service.js';
+export { FrontendImpactService } from '../../core/sdd/services/frontend-impact.service.js';
+export { GovernanceControlPlaneService } from '../../core/sdd/services/governance-control-plane.service.js';
+export { InsightService } from '../../core/sdd/services/insight.service.js';
+export { NextService } from '../../core/sdd/services/next.service.js';
+export { OnboardService } from '../../core/sdd/services/onboard.service.js';
+export { StartService } from '../../core/sdd/services/start.service.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/applications/sdd/index.js

@@ -0,0 +1,16 @@
+export { ApproveService } from '../../core/sdd/services/approve.service.js';
+export { BreakdownService } from '../../core/sdd/services/breakdown.service.js';
+export { ContextService } from '../../core/sdd/services/context.service.js';
+export { DebateService } from '../../core/sdd/services/debate.service.js';
+export { DecideService } from '../../core/sdd/services/decide.service.js';
+export { DeepAgentsRunService } from '../../core/sdd/services/agent-run.service.js';
+export { FeatureLintService, collectTaskCommands, formatFeatureLintReport, isFoundationPrescriptiveFeature, } from '../../core/sdd/services/feature-lint.service.js';
+export { FinalizeService } from '../../core/sdd/services/finalize.service.js';
+export { FrontendGapService } from '../../core/sdd/services/frontend-gap.service.js';
+export { FrontendImpactService } from '../../core/sdd/services/frontend-impact.service.js';
+export { GovernanceControlPlaneService } from '../../core/sdd/services/governance-control-plane.service.js';
+export { InsightService } from '../../core/sdd/services/insight.service.js';
+export { NextService } from '../../core/sdd/services/next.service.js';
+export { OnboardService } from '../../core/sdd/services/onboard.service.js';
+export { StartService } from '../../core/sdd/services/start.service.js';
+//# sourceMappingURL=index.js.map

package/dist/commands/config.js

@@ -8,7 +8,8 @@ import { CORE_WORKFLOWS, ALL_WORKFLOWS, getProfileWorkflows } from '../core/prof
 import { hasProjectConfigDrift } from '../core/profile-sync-drift.js';
 import { CLI_NAME } from '../core/branding.js';
 import { resolveLegacySpecLiveRoot } from '../core/sdd/services/legacy-capability.service.js';
-import { resolveRedisBoundaryConfig } from '../core/sdd/coordination/index.js';
+import { buildRedisOperationalReport, deleteKeysByPrefix, RedisClientFactory, resolveRedisBoundaryConfig, runRedisBenchmark, } from '../core/sdd/coordination/index.js';
+import { buildCodesddStorageBoundaryReport } from '../core/sdd/runtime-boundary-contract.js';
 import { buildDeepAgentsOperationalPreflight, createDeepAgentsPolicySnapshot, } from '../core/sdd/deepagents/policy.js';
 import { detectShell } from '../utils/shell-detection.js';
 import { ZshInstaller } from '../core/completions/installers/zsh-installer.js';
@@ -70,6 +71,10 @@ function buildCodesddEnvTemplate() {
         'export CODESDD_DEEPAGENTS_RUNTIME="${CODESDD_DEEPAGENTS_RUNTIME:-disabled}"',
         'export CODESDD_AGENT_NETWORK_POLICY="${CODESDD_AGENT_NETWORK_POLICY:-disabled}"',
         'export CODESDD_DEEPAGENTS_PROVIDER_SMOKE="${CODESDD_DEEPAGENTS_PROVIDER_SMOKE:-0}"',
+        'export CODESDD_REDIS_ENABLED="${CODESDD_REDIS_ENABLED:-false}"',
+        'export CODESDD_REDIS_NAMESPACE="${CODESDD_REDIS_NAMESPACE:-codesdd}"',
+        '# export CODESDD_REDIS_URL="redis://localhost:6379"',
+        '# export CODESDD_REDIS_FALLBACK="filesystem"',
         '# Optional live-provider launcher references. Keep values in your shell,',
         '# password manager, CI secret store, or another untracked launcher context.',
         '# export CODESDD_DEEPAGENTS_ENABLED=true',
@@ -255,11 +260,15 @@ export function registerConfigCommand(program) {
         .command('doctor')
         .description('Run operational readiness checks for DeepAgents/Azure, cache, and Redis boundary')
         .option('--json', 'Output as JSON')
-        .action((options) => {
+        .action(async (options) => {
         const snapshot = createDeepAgentsPolicySnapshot(process.env);
         const preflight = buildDeepAgentsOperationalPreflight(snapshot, process.env);
-        const redisBoundary = resolveRedisBoundaryConfig(process.env);
+        const redisReport = await buildRedisOperationalReport({
+            env: process.env,
+            globalConfig: getGlobalConfig(),
+        });
         const cacheTiers = getGlobalCacheTierDirs();
+        const storageBoundary = buildCodesddStorageBoundaryReport(process.cwd());
         const report = {
             schema_version: 1,
             global_config_path: getGlobalConfigPath(),
@@ -267,10 +276,17 @@ export function registerConfigCommand(program) {
                 root: getGlobalCacheDir(),
                 tiers: Object.keys(cacheTiers),
             },
+            storage_boundary: storageBoundary,
             redis: {
-                requested: redisBoundary.requested,
-                namespace: redisBoundary.namespace,
-                status: redisBoundary.requested ? 'requested-unavailable' : 'disabled',
+                requested: redisReport.requested,
+                namespace: redisReport.namespace,
+                status: redisReport.status,
+                fallback: redisReport.fallback,
+                redacted_url: redisReport.redacted_url,
+                latency_ms: redisReport.latency_ms,
+                reason: redisReport.reason,
+                validation_errors: redisReport.validation_errors,
+                warnings: redisReport.warnings,
             },
             deepagents: preflight,
         };
@@ -281,16 +297,153 @@ export function registerConfigCommand(program) {
             console.log(`Global config: ${report.global_config_path}`);
             console.log(`Cache root: ${report.cache.root}`);
             console.log(`Cache tiers: ${report.cache.tiers.join(', ')}`);
-            console.log(`Redis: ${report.redis.status} (namespace=${report.redis.namespace})`);
+            console.log(`Project state: ${report.storage_boundary.project_state_dir}`);
+            console.log(`Global runtime: ${report.storage_boundary.global_runtime_dir}`);
+            console.log(`Redis: ${report.redis.status} (namespace=${report.redis.namespace}, fallback=${report.redis.fallback})`);
+            if (report.redis.redacted_url) {
+                console.log(`Redis URL: ${report.redis.redacted_url}`);
+            }
+            if (report.redis.latency_ms !== undefined) {
+                console.log(`Redis latency: ${report.redis.latency_ms}ms`);
+            }
+            console.log(`Redis reason: ${report.redis.reason}`);
+            for (const warning of report.redis.warnings) {
+                console.log(`- ${warning}`);
+            }
+            for (const error of report.redis.validation_errors) {
+                console.log(`- ${error}`);
+            }
             console.log(`DeepAgents preflight: ${preflight.status}`);
             for (const reason of preflight.reasons) {
                 console.log(`- ${reason}`);
             }
         }
-        if (preflight.status === 'blocked') {
+        if (preflight.status === 'blocked' || redisReport.status === 'blocked') {
             process.exitCode = 1;
         }
     });
+    const redisCmd = configCmd
+        .command('redis')
+        .description('Inspect and operate the optional Redis runtime backend');
+    redisCmd
+        .command('status')
+        .description('Show Redis runtime status')
+        .option('--json', 'Output as JSON')
+        .action(async (options) => {
+        const report = await buildRedisOperationalReport({
+            env: process.env,
+            globalConfig: getGlobalConfig(),
+        });
+        if (options.json) {
+            console.log(JSON.stringify(report, null, 2));
+            return;
+        }
+        console.log(`Redis: ${report.status}`);
+        console.log(`Namespace: ${report.namespace}`);
+        console.log(`Fallback: ${report.fallback}`);
+        if (report.redacted_url)
+            console.log(`URL: ${report.redacted_url}`);
+        if (report.latency_ms !== undefined)
+            console.log(`Latency: ${report.latency_ms}ms`);
+        console.log(`Reason: ${report.reason}`);
+        if (report.status === 'blocked')
+            process.exitCode = 1;
+    });
+    redisCmd
+        .command('ping')
+        .description('Ping Redis using the effective CodeSDD configuration')
+        .option('--json', 'Output as JSON')
+        .action(async (options) => {
+        const report = await buildRedisOperationalReport({
+            env: process.env,
+            globalConfig: getGlobalConfig(),
+        });
+        if (options.json) {
+            console.log(JSON.stringify(report, null, 2));
+        }
+        else {
+            console.log(`Redis ping: ${report.status}`);
+            if (report.latency_ms !== undefined)
+                console.log(`Latency: ${report.latency_ms}ms`);
+            console.log(report.reason);
+        }
+        if (report.status !== 'ready')
+            process.exitCode = 1;
+    });
+    redisCmd
+        .command('bench')
+        .description('Run a short redacted Redis latency benchmark')
+        .option('--json', 'Output as JSON')
+        .option('--iterations <n>', 'Number of benchmark iterations')
+        .action(async (options) => {
+        const iterations = options.iterations ? Number.parseInt(options.iterations, 10) : undefined;
+        const report = await runRedisBenchmark({
+            env: process.env,
+            globalConfig: getGlobalConfig(),
+            iterations,
+        });
+        if (options.json) {
+            console.log(JSON.stringify(report, null, 2));
+        }
+        else {
+            console.log(`Redis benchmark: ${report.status}`);
+            console.log(`Namespace: ${report.namespace}`);
+            console.log(`Iterations: ${report.iterations}`);
+            if (report.p50_ms !== undefined)
+                console.log(`p50: ${report.p50_ms}ms`);
+            if (report.p95_ms !== undefined)
+                console.log(`p95: ${report.p95_ms}ms`);
+            console.log(`Reason: ${report.reason}`);
+        }
+        if (report.status !== 'ready')
+            process.exitCode = 1;
+    });
+    redisCmd
+        .command('flush-namespace')
+        .description('Delete only keys under the effective CodeSDD Redis namespace')
+        .option('--json', 'Output as JSON')
+        .option('-y, --yes', 'Confirm namespace-scoped deletion')
+        .action(async (options) => {
+        const config = resolveRedisBoundaryConfig(process.env, getGlobalConfig());
+        if (!options.yes) {
+            console.error('Error: --yes is required to flush the CodeSDD Redis namespace.');
+            process.exitCode = 1;
+            return;
+        }
+        const report = await buildRedisOperationalReport({
+            env: process.env,
+            globalConfig: getGlobalConfig(),
+        });
+        if (report.status !== 'ready') {
+            if (options.json) {
+                console.log(JSON.stringify({ ...report, deleted_keys: 0 }, null, 2));
+            }
+            else {
+                console.log(`Redis namespace flush skipped: ${report.reason}`);
+            }
+            process.exitCode = 1;
+            return;
+        }
+        const factory = new RedisClientFactory(config);
+        try {
+            const deleted = await deleteKeysByPrefix(factory, `${config.namespace}:`);
+            const payload = {
+                schema_version: 1,
+                namespace: config.namespace,
+                deleted_keys: deleted,
+                status: 'ok',
+            };
+            if (options.json) {
+                console.log(JSON.stringify(payload, null, 2));
+            }
+            else {
+                console.log(`Deleted ${deleted} Redis key(s) under namespace ${config.namespace}.`);
+            }
+        }
+        finally {
+            await factory.close();
+        }
+    });
     // config list
     configCmd
         .command('list')
@@ -331,11 +484,19 @@ export function registerConfigCommand(program) {
             console.log(`\nCache settings:`);
             console.log(`  root: ${getGlobalCacheDir()}`);
             console.log(`  tiers: ${Object.keys(cacheTiers).join(', ')}`);
-            const redisBoundary = resolveRedisBoundaryConfig(process.env);
-            const redisStatus = redisBoundary.requested ? 'requested-unavailable (filesystem-first fallback)' : 'disabled';
+            const redisBoundary = resolveRedisBoundaryConfig(process.env, config);
+            const redisStatus = redisBoundary.validationErrors.length > 0
+                ? 'blocked'
+                : redisBoundary.requested
+                    ? 'requested-unavailable or ready after ping'
+                    : 'disabled';
             console.log(`\nRedis boundary:`);
             console.log(`  status: ${redisStatus}`);
             console.log(`  namespace: ${redisBoundary.namespace}`);
+            console.log(`  fallback: ${redisBoundary.fallback}`);
+            if (redisBoundary.redactedUrl) {
+                console.log(`  url: ${redisBoundary.redactedUrl}`);
+            }
         }
     });
     // config get