@f-o-h/cli 0.1.65 → 0.1.66

package/README.md

@@ -86,19 +86,23 @@ prints the fallback URL. `auth login --web` starts browser device
 authorization, opens `/cli-auth`, waits for console approval, and stores the
 returned short-lived token. Credential auth remains available as fallback.
 
-`foh prove` produces a compact signed proof report across auth, org context,
-agent validation, contact phone readiness, voice provider health, widget
-channel/embed readiness, widget smoke, and simulation certification. It is
-read-only by default; pass `--mutation-mode ensure` or `--repair` only when you
-explicitly want proof to ensure missing widget state. Use `--strict` in
-automation when holds should fail the command, and `--mission voice` or
-`--require-phone` when a voice/contact number is mandatory for the demo.
+`foh prove` produces a compact signed proof report across auth, org context,
+agent validation, contact phone readiness, voice provider health, widget
+channel/embed readiness, and widget smoke. It does not run release
+certification by default; run `foh certify run --agent <id> --profile release`
+before publish, or pass `--include-certification` only when you intentionally
+want the slower certification check inside proof. It is read-only by default;
+pass `--mutation-mode ensure` or `--repair` only when you explicitly want proof
+to ensure missing widget state. Use `--strict` in automation when holds should
+fail the command, and `--mission voice` or `--require-phone` when a
+voice/contact number is mandatory for the demo.
 Use `--contact-path byon` when the proof is meant to validate a
 customer-owned/BYON phone route; missing BYON config then reports
 `byon_voice_number_not_configured` instead of suggesting FOH number purchase.
-For repeated or parallel proof missions in AI-agent evals, pass
-`--proof-cache-dir .foh/proof-cache` so simulation certification runs once and
-sibling proofs reuse the same signed certification detail.
+For repeated or parallel explicit-certification proof missions in AI-agent
+evals, pass `--include-certification --proof-cache-dir .foh/proof-cache` so
+simulation certification runs once and sibling proofs reuse the same signed
+certification detail.
 
 For mass AI-agent evals and repeated demo rehearsals, keep setup on the free
 scaffold lane:
@@ -176,8 +180,9 @@ than creating a second bronze-tier agent.
 | Start | `foh start` |
 | Setup | `foh setup --phone-mode observe --json` |
 | Prove | `foh prove --agent <agent_id> --mission widget --json` |
+| Certify | `foh certify run --agent <agent_id> --profile release --json` |
 | Debug | `foh debug --out test-results/foh-cli-diag.latest.json --json` |
-| Improve | `foh bug improve --from-file <artifact.json> --json` |
+| Platform feedback | `foh bug improve --from-file <artifact.json> --json` |
 | Publish | `foh agent publish --agent <agent_id> --json` |
 
 For a planted knowledge-miss benchmark:

package/dist/foh.js

@@ -14311,12 +14311,6 @@ function registerAgentPreviewCommands(agent) {
   }));
 }
 
-// src/lib/cert-mode.ts
-var agentCertModeValues = ["quick", "full", "stress"];
-function normalizeAgentCertMode(value) {
-  return agentCertModeValues.includes(value) ? value : "quick";
-}
-
 // src/lib/setup-api.ts
 function resolvePublishOptions(options) {
   if (typeof options === "string") return { apiUrlOverride: options };
@@ -14389,61 +14383,7 @@ async function runSetupCertifyLoop(agentId, params) {
 }
 
 // src/lib/agent-publish-gate.ts
-function boundedInt(value, params) {
-  const parsed = Number(value);
-  if (!Number.isFinite(parsed)) return params.fallback;
-  return Math.max(params.min, Math.min(params.max, Math.trunc(parsed)));
-}
-function certModeFlag(mode) {
-  if (mode === "full") return ["--full"];
-  if (mode === "stress") return ["--stress"];
-  return [];
-}
-function buildCertificationFailureCommands(params) {
-  const modeFlags = certModeFlag(params.certMode);
-  const orgFlags = params.orgId ? ["--org", params.orgId] : [];
-  const scenarioFlags = params.topBlocker?.scenario_id ? ["--scenario-ids", params.topBlocker.scenario_id] : [];
-  const command = [
-    "foh",
-    "sim",
-    "certify-loop",
-    "--agent",
-    params.agentId,
-    ...orgFlags,
-    ...modeFlags,
-    ...scenarioFlags,
-    "--json"
-  ].join(" ");
-  return [
-    command,
-    `foh bug improve --from external-agent-run --file <run_dir>/run.json --json`
-  ];
-}
-function resolveCertifiedPublishOptions(opts) {
-  const rawMode = String(opts.certMode || "quick").toLowerCase();
-  const certMode = normalizeAgentCertMode(rawMode);
-  if (certMode !== rawMode) {
-    throw new FohError({
-      step: "agent.publish",
-      error: `Invalid cert mode: ${opts.certMode}`,
-      remediation: "Use --cert-mode quick, full, or stress.",
-      statusCode: 400
-    });
-  }
-  return {
-    certMode,
-    adaptiveRuns: boundedInt(opts.adaptiveRuns, { min: 1, max: 120, fallback: 30 }),
-    maxImprovementRounds: boundedInt(opts.maxImprovementRounds, { min: 0, max: 5, fallback: 1 }),
-    scenarioIds: Array.isArray(opts.scenarioIds) ? opts.scenarioIds.map((item) => String(item).trim()).filter(Boolean) : String(opts.scenarioIds || "").split(",").map((item) => item.trim()).filter(Boolean)
-  };
-}
 async function validateCertifyAndPublishAgent(opts) {
-  const { certMode, adaptiveRuns, maxImprovementRounds, scenarioIds } = resolveCertifiedPublishOptions({
-    certMode: opts.certMode,
-    adaptiveRuns: opts.adaptiveRuns,
-    maxImprovementRounds: opts.maxImprovementRounds,
-    scenarioIds: opts.scenarioIds
-  });
   const validation = await apiFetch(
     `/v1/console/agents/${opts.agentId}/validate`,
     {
@@ -14459,44 +14399,18 @@ async function validateCertifyAndPublishAgent(opts) {
       remediation: `Run: foh agent validate --agent ${opts.agentId}  to see details.`
     });
   }
-  const certification = await runSetupCertifyLoop(opts.agentId, {
-    mode: certMode,
-    adaptiveRuns,
-    maxImprovementRounds,
-    scenarioIds,
-    orgId: opts.orgId,
-    apiUrlOverride: opts.apiUrlOverride
-  });
-  const certificate = certification.certificate;
-  if (!certification.ok || !certification.overall_pass || !certificate) {
-    const topBlocker = certificate?.blockers?.[0];
-    const blockerLabel = topBlocker?.invariant && topBlocker?.scenario_id ? `${topBlocker.invariant} in ${topBlocker.scenario_id}` : "unknown";
-    const nextCommands = buildCertificationFailureCommands({
-      agentId: opts.agentId,
-      orgId: opts.orgId,
-      certMode,
-      topBlocker
-    });
-    throw new FohError({
-      step: "agent.publish",
-      error: `Simulation certification failed before publish: ${certificate?.scenario_summary?.failed ?? "unknown"}/${certificate?.scenario_summary?.total ?? "unknown"} scenario(s) failed. Top blocker: ${blockerLabel}.`,
-      remediation: [
-        topBlocker?.suggested_fix ?? certificate?.recommendations?.[0] ?? "Fix the top simulation blocker before publishing.",
-        `Re-run: ${nextCommands[0]}`
-      ].filter(Boolean).join(" "),
-      reasonCode: "simulation_certification_failed",
-      nextCommands,
-      detail: {
-        certification,
-        top_blocker: topBlocker ?? null
-      }
-    });
-  }
   await publishAgentFromCurrentDraft(opts.agentId, {
     apiUrlOverride: opts.apiUrlOverride,
     orgId: opts.orgId
   });
-  return { validation, certification, publish: { ok: true } };
+  return {
+    validation,
+    certification: {
+      status: "not_run",
+      reason_code: "publish_consumes_existing_certification_evidence"
+    },
+    publish: { ok: true }
+  };
 }
 
 // src/commands/agent-validation.ts
@@ -14545,7 +14459,7 @@ function registerAgentValidationCommands(agent) {
     format(data, { json: opts.json ?? false });
     if (Array.isArray(data.issues) && data.issues.length > 0) markCommandFailed(1);
   }));
-  agent.command("publish").description("Validate, simulation-certify, then publish an agent").requiredOption("--agent <id>", "Agent ID").option("--cert-mode <m>", "Simulation cert mode before publish: quick, full, stress", "quick").option("--cert-scenario-ids <csv>", "Comma-separated scenario IDs to certify before publish").option("--cert-adaptive-runs <n>", "Adaptive runs for full/stress certification (default: 30)", "30").option("--cert-max-improvement-rounds <n>", "Max prompt improvement rounds before publish (0-5)", "1").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--break-glass-reason <reason>", "Break-glass reason for publish override").option("--break-glass-incident <id>", "Break-glass incident ID for publish override").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON").action(async (opts) => withCommandErrorHandling(async () => {
+  agent.command("publish").description("Validate and publish an agent using existing certification evidence").requiredOption("--agent <id>", "Agent ID").option("--cert-mode <m>", "Deprecated compatibility flag; publish consumes existing certification evidence", "quick").option("--cert-scenario-ids <csv>", "Deprecated compatibility flag; run foh sim certify before publish").option("--cert-adaptive-runs <n>", "Deprecated compatibility flag; run foh sim certify before publish", "30").option("--cert-max-improvement-rounds <n>", "Deprecated compatibility flag; run foh sim certify before publish", "1").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--break-glass-reason <reason>", "Break-glass reason for publish override").option("--break-glass-incident <id>", "Break-glass incident ID for publish override").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON").action(async (opts) => withCommandErrorHandling(async () => {
     if (opts.breakGlassReason || opts.breakGlassIncident) {
       if (!opts.breakGlassReason || !opts.breakGlassIncident) {
         throw new FohError({
@@ -14568,7 +14482,7 @@ function registerAgentValidationCommands(agent) {
       });
       format({
         status: "published_with_break_glass",
-        warning: "break-glass bypassed the normal validate -> sim-certify/loop -> publish CLI sequence",
+        warning: "break-glass bypassed the normal validate -> publish evidence gate CLI sequence",
         publish: data2
       }, { json: opts.json ?? false });
       return;
@@ -14583,13 +14497,8 @@ function registerAgentValidationCommands(agent) {
       maxImprovementRounds: Number(opts.certMaxImprovementRounds)
     });
     format({
-      status: "validated_certified_published",
-      certification: {
-        mode: data.certification.mode,
-        overall_pass: data.certification.overall_pass,
-        attempts: data.certification.attempts?.length ?? 0,
-        improvement_runs: data.certification.improvement_runs
-      },
+      status: "validated_published",
+      certification: data.certification,
       publish: data.publish
     }, { json: opts.json ?? false });
   }));
@@ -14810,9 +14719,9 @@ function registerAgent(program3) {
       process.stdout.write(yaml);
       return;
     }
-    const { writeFileSync: writeFileSync11 } = await import("fs");
+    const { writeFileSync: writeFileSync12 } = await import("fs");
     const outputPath = opts.output ?? "tenant.yaml";
-    writeFileSync11(
+    writeFileSync12(
       outputPath,
       `# tenant.yaml - Front Of House agent manifest
 # Edit this file and run: foh plan tenant.yaml
@@ -14954,7 +14863,7 @@ function registerTemplates(program3) {
     const data = await apiFetch(`/v1/console/templates/${opts.template}`, { apiUrlOverride: opts.apiUrl });
     format(data, { json: opts.json ?? false });
   }));
-  templates.command("apply").description("Create a new agent in your org from a template (clones draft config, leaves unpublished unless --publish)").requiredOption("--template <id>", "Template ID").requiredOption("--name <name>", "Name for the new agent").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--publish", "Validate, simulation-certify, then publish the agent after creating").option("--cert-mode <m>", "Simulation cert mode before publish: quick, full, stress", "full").option("--cert-adaptive-runs <n>", "Adaptive runs for full/stress certification (default: 30)", "30").option("--cert-max-improvement-rounds <n>", "Max prompt improvement rounds before publish (0-5)", "1").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON").action(async (opts) => withCommandErrorHandling(async () => {
+  templates.command("apply").description("Create a new agent in your org from a template (clones draft config, leaves unpublished unless --publish)").requiredOption("--template <id>", "Template ID").requiredOption("--name <name>", "Name for the new agent").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--publish", "Validate and publish using existing certification evidence after creating").option("--cert-mode <m>", "Deprecated compatibility flag; run foh sim certify before publish", "full").option("--cert-adaptive-runs <n>", "Deprecated compatibility flag; run foh sim certify before publish", "30").option("--cert-max-improvement-rounds <n>", "Deprecated compatibility flag; run foh sim certify before publish", "1").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON").action(async (opts) => withCommandErrorHandling(async () => {
     const result = await apiFetch(`/v1/console/templates/${opts.template}/apply`, {
       method: "POST",
       body: JSON.stringify({ name: opts.name }),
@@ -16025,9 +15934,9 @@ function buildCommonOptions(command) {
   return command.option("--org <id>", "Org ID (default: stored org from foh org use)").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON");
 }
 function registerChannel(program3) {
-  const channel = program3.command("channel").description("Manage external channel onboarding and readiness");
-  const whatsapp = channel.command("whatsapp").description("Manage WhatsApp channel onboarding");
-  const instagram = channel.command("instagram").description("Manage Instagram channel onboarding");
+  const channel2 = program3.command("channel").description("Manage external channel onboarding and readiness");
+  const whatsapp = channel2.command("whatsapp").description("Manage WhatsApp channel onboarding");
+  const instagram = channel2.command("instagram").description("Manage Instagram channel onboarding");
   registerWhatsAppChannelCommands(whatsapp, buildCommonOptions);
   registerInstagramChannelCommands(instagram, buildCommonOptions);
 }
@@ -16260,11 +16169,11 @@ function registerVoice(program3) {
     }
     const outputPath = String(opts.out || `foh-voice-preview-${provider}-${voiceId}.mp3`).trim();
     const audio = Buffer.from(await res.arrayBuffer());
-    const { mkdirSync: mkdirSync8, writeFileSync: writeFileSync11 } = await import("fs");
+    const { mkdirSync: mkdirSync8, writeFileSync: writeFileSync12 } = await import("fs");
     const { dirname: dirname8, resolve: resolve13 } = await import("path");
     const absolutePath = resolve13(outputPath);
     mkdirSync8(dirname8(absolutePath), { recursive: true });
-    writeFileSync11(absolutePath, audio);
+    writeFileSync12(absolutePath, audio);
     format({
       status: "ok",
       provider,
@@ -16285,7 +16194,7 @@ function registerVoice(program3) {
     const allReady = providers.length > 0 && providers.every((provider) => provider?.ready === true);
     if (!allReady) markCommandFailed(1);
   }));
-  voice.command("configure").description("Configure voice settings for an agent (does not publish unless --publish)").requiredOption("--agent <id>", "Agent ID").requiredOption("--provider <p>", "TTS provider: openai, azure, twilio").requiredOption("--voice <id>", "Voice ID").option("--stt-provider <p>", "STT provider (default: best available, preferring deepgram)").option("--publish", "Validate, simulation-certify, then publish after configuring").option("--cert-mode <m>", "Simulation cert mode before publish: quick, full, stress", "full").option("--cert-adaptive-runs <n>", "Adaptive runs for full/stress certification (default: 30)", "30").option("--cert-max-improvement-rounds <n>", "Max prompt improvement rounds before publish (0-5)", "1").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON").action(async (opts) => withCommandErrorHandling(async () => {
+  voice.command("configure").description("Configure voice settings for an agent (does not publish unless --publish)").requiredOption("--agent <id>", "Agent ID").requiredOption("--provider <p>", "TTS provider: openai, azure, twilio").requiredOption("--voice <id>", "Voice ID").option("--stt-provider <p>", "STT provider (default: best available, preferring deepgram)").option("--publish", "Validate and publish using existing certification evidence after configuring").option("--cert-mode <m>", "Deprecated compatibility flag; run foh sim certify before publish", "full").option("--cert-adaptive-runs <n>", "Deprecated compatibility flag; run foh sim certify before publish", "30").option("--cert-max-improvement-rounds <n>", "Deprecated compatibility flag; run foh sim certify before publish", "1").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON").action(async (opts) => withCommandErrorHandling(async () => {
     const provider = String(opts.provider || "").trim().toLowerCase();
     const voiceId = String(opts.voice || "").trim();
     const catalog = await getSpeechCatalog(opts.apiUrl);
@@ -16330,7 +16239,7 @@ function registerVoice(program3) {
       apiUrlOverride: opts.apiUrl
     });
     if (!opts.publish) {
-      format({ status: "configured", note: "Run: foh agent publish --agent " + opts.agent + "  to validate, certify, and make live." }, { json: opts.json ?? false });
+      format({ status: "configured", note: "Run: foh sim certify --agent " + opts.agent + " --full, then foh agent publish --agent " + opts.agent + " to make live." }, { json: opts.json ?? false });
       return;
     }
     const pub = await validateCertifyAndPublishAgent({
@@ -32877,7 +32786,7 @@ var StdioServerTransport = class {
 };
 
 // src/lib/cli-version.ts
-var CLI_VERSION = "0.1.65";
+var CLI_VERSION = "0.1.66";
 
 // src/commands/mcp-serve.ts
 var DEFAULT_TIMEOUT_MS = 12e4;
@@ -33266,7 +33175,7 @@ var TYPED_TOOL_SPECS = [
   {
     name: "foh_agent_publish",
     title: "FOH Agent Publish",
-    description: "Publish validated agent draft.",
+    description: "Validate and publish an agent draft using existing certification evidence.",
     commandKey: "agent publish",
     risk: "write",
     inputSchema: {
@@ -34364,7 +34273,7 @@ function registerManifest(program3) {
       throw e;
     }
   });
-  program3.command("apply").description("Apply a tenant.yaml manifest to an agent").argument("[file]", "Path to manifest file", "tenant.yaml").option("--agent <id>", "Agent ID (overrides agent_id in manifest)").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--publish", "Validate, simulation-certify, and publish after applying").option("--cert-mode <m>", "Simulation cert mode before publish: quick, full, stress", "full").option("--cert-adaptive-runs <n>", "Adaptive runs for full/stress certification (default: 30)", "30").option("--cert-max-improvement-rounds <n>", "Max prompt improvement rounds before publish (0-5)", "1").option("--dry-run", "Show diff without making any changes (same as: foh plan)").option("--api-url <url>", "API base URL override").option("--json", "Output result as JSON").action(async (file2, opts) => {
+  program3.command("apply").description("Apply a tenant.yaml manifest to an agent").argument("[file]", "Path to manifest file", "tenant.yaml").option("--agent <id>", "Agent ID (overrides agent_id in manifest)").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--publish", "Validate and publish using existing certification evidence after applying").option("--cert-mode <m>", "Deprecated compatibility flag; run foh sim certify before publish", "full").option("--cert-adaptive-runs <n>", "Deprecated compatibility flag; run foh sim certify before publish", "30").option("--cert-max-improvement-rounds <n>", "Deprecated compatibility flag; run foh sim certify before publish", "1").option("--dry-run", "Show diff without making any changes (same as: foh plan)").option("--api-url <url>", "API base URL override").option("--json", "Output result as JSON").action(async (file2, opts) => {
     try {
       const manifest = loadManifestFile(file2);
       const agentId = resolveAgentId(manifest, opts.agent);
@@ -34463,6 +34372,14 @@ function registerManifest(program3) {
 
 // src/commands/setup.ts
 var import_picocolors4 = __toESM(require_picocolors());
+
+// src/lib/cert-mode.ts
+var agentCertModeValues = ["quick", "full", "stress"];
+function normalizeAgentCertMode(value) {
+  return agentCertModeValues.includes(value) ? value : "quick";
+}
+
+// src/commands/setup.ts
 var SETUP_STEP_ORDER = [
   "check_credentials",
   "check_org_access",
@@ -35223,8 +35140,8 @@ function registerSetup(program3) {
         }
         try {
           const manifest = await agentExport(resolvedAgentId, { apiUrlOverride: opts.apiUrl });
-          const { writeFileSync: writeFileSync11 } = await import("fs");
-          writeFileSync11(
+          const { writeFileSync: writeFileSync12 } = await import("fs");
+          writeFileSync12(
             "tenant.yaml",
             `# tenant.yaml - Front Of House agent manifest
 # Edit this file and run: foh plan tenant.yaml
@@ -35374,14 +35291,14 @@ function registerSim(program3) {
       const adaptiveRuns = Math.max(1, Math.min(120, Number(opts.adaptiveRuns ?? 30)));
       const journeys = opts.journeys ? String(opts.journeys).split(",").map((j) => j.trim()).filter(Boolean) : void 0;
       const scenarioIds = opts.scenarioIds ? String(opts.scenarioIds).split(",").map((id) => id.trim()).filter(Boolean) : void 0;
-      const channel = ["chat", "voice", "mixed"].includes(String(opts.channel ?? "")) ? opts.channel : "mixed";
+      const channel2 = ["chat", "voice", "mixed"].includes(String(opts.channel ?? "")) ? opts.channel : "mixed";
       process.stderr.write(`  Running ${mode} simulation certification for agent ${opts.agent}...
 `);
       const response = await apiFetch(
         `/v1/console/agents/${opts.agent}/sim-certify`,
         {
           method: "POST",
-          body: JSON.stringify({ mode, adaptive_runs: adaptiveRuns, journeys, scenario_ids: scenarioIds, channel }),
+          body: JSON.stringify({ mode, adaptive_runs: adaptiveRuns, journeys, scenario_ids: scenarioIds, channel: channel2 }),
           apiUrlOverride: opts.apiUrl
         }
       );
@@ -35394,8 +35311,8 @@ function registerSim(program3) {
       }
       const cert = response.certificate;
       if (opts.out) {
-        const { writeFileSync: writeFileSync11 } = await import("fs");
-        writeFileSync11(opts.out, JSON.stringify(cert, null, 2) + "\n", "utf-8");
+        const { writeFileSync: writeFileSync12 } = await import("fs");
+        writeFileSync12(opts.out, JSON.stringify(cert, null, 2) + "\n", "utf-8");
         process.stderr.write(`  Certificate written to ${opts.out}
 `);
       }
@@ -35419,7 +35336,7 @@ function registerSim(program3) {
       const maxImprovementRounds = Math.max(0, Math.min(5, Number(opts.maxImprovementRounds ?? 1)));
       const journeys = opts.journeys ? String(opts.journeys).split(",").map((j) => j.trim()).filter(Boolean) : void 0;
       const scenarioIds = opts.scenarioIds ? String(opts.scenarioIds).split(",").map((id) => id.trim()).filter(Boolean) : void 0;
-      const channel = ["chat", "voice", "mixed"].includes(String(opts.channel ?? "")) ? opts.channel : "mixed";
+      const channel2 = ["chat", "voice", "mixed"].includes(String(opts.channel ?? "")) ? opts.channel : "mixed";
       process.stderr.write(`  Running ${mode} certification loop for agent ${opts.agent}...
 `);
       const response = await apiFetch(
@@ -35432,7 +35349,7 @@ function registerSim(program3) {
             max_improvement_rounds: maxImprovementRounds,
             journeys,
             scenario_ids: scenarioIds,
-            channel
+            channel: channel2
           }),
           apiUrlOverride: opts.apiUrl
         }
@@ -35445,8 +35362,8 @@ function registerSim(program3) {
         });
       }
       if (opts.out) {
-        const { writeFileSync: writeFileSync11 } = await import("fs");
-        writeFileSync11(opts.out, JSON.stringify(response.certificate, null, 2) + "\n", "utf-8");
+        const { writeFileSync: writeFileSync12 } = await import("fs");
+        writeFileSync12(opts.out, JSON.stringify(response.certificate, null, 2) + "\n", "utf-8");
         process.stderr.write(`  Final certificate written to ${opts.out}
 `);
       }
@@ -35481,6 +35398,95 @@ ${passIcon}  Certification loop summary
   });
 }
 
+// src/commands/certify.ts
+var import_node_fs2 = require("node:fs");
+function normalizeProfile(raw) {
+  const value = String(raw || "release").trim().toLowerCase();
+  if (value === "smoke" || value === "release" || value === "stress") return value;
+  throw new FohError({
+    step: "certify.run",
+    error: `Invalid certification profile: ${raw}`,
+    remediation: "Use --profile smoke, release, or stress.",
+    statusCode: 400
+  });
+}
+function modeForProfile(profile) {
+  if (profile === "smoke") return "quick";
+  if (profile === "stress") return "stress";
+  return "full";
+}
+function csv(raw) {
+  if (!raw) return void 0;
+  const values = String(raw).split(",").map((value) => value.trim()).filter(Boolean);
+  return values.length > 0 ? values : void 0;
+}
+function channel(raw) {
+  const value = String(raw || "mixed").trim().toLowerCase();
+  if (value === "chat" || value === "voice" || value === "mixed") return value;
+  return "mixed";
+}
+function registerCertify(program3) {
+  const certify = program3.command("certify").description("Produce release certification evidence for an agent");
+  certify.command("run").description("Run certification for an exact agent draft/profile and emit release evidence").requiredOption("--agent <id>", "Agent ID to certify").option("--profile <profile>", "Certification profile: smoke, release, or stress", "release").option("--adaptive-runs <n>", "Adaptive runs for release/stress profiles", "30").option("--journeys <list>", "Comma-separated journey allowlist").option("--scenario-ids <list>", "Comma-separated scenario ID allowlist").option("--channel <channel>", "Channel filter: chat, voice, or mixed", "mixed").option("--out <path>", "Write certification run JSON to this file path").option("--api-url <url>", "API base URL override").option("--json", "Output as machine-readable JSON").action(async (opts) => {
+    try {
+      const profile = normalizeProfile(opts.profile);
+      const mode = modeForProfile(profile);
+      const adaptiveRuns = Math.max(1, Math.min(120, Number(opts.adaptiveRuns ?? 30) || 30));
+      const response = await apiFetch(
+        `/v1/console/agents/${opts.agent}/sim-certify`,
+        {
+          method: "POST",
+          body: JSON.stringify({
+            mode,
+            adaptive_runs: adaptiveRuns,
+            journeys: csv(opts.journeys),
+            scenario_ids: csv(opts.scenarioIds),
+            channel: channel(opts.channel)
+          }),
+          apiUrlOverride: opts.apiUrl
+        }
+      );
+      if (!response.ok || !response.certificate) {
+        throw new FohError({
+          step: "certify.run",
+          error: "API did not return a certificate",
+          remediation: "Check that the agent ID is valid and the API is reachable."
+        });
+      }
+      const passed = response.certificate.overall_pass === true;
+      const result = {
+        schema_version: "foh_certification_run.v1",
+        ok: passed,
+        status: passed ? "pass" : "hold",
+        reason_code: passed ? "certification_passed" : "certification_failed",
+        profile,
+        mode,
+        certificate: response.certificate,
+        next_commands: passed ? [`foh agent publish --agent ${opts.agent} --json`] : [`foh sim certify --agent ${opts.agent} --${mode === "quick" ? "full" : mode} --json`]
+      };
+      if (opts.out) {
+        (0, import_node_fs2.writeFileSync)(opts.out, JSON.stringify(result, null, 2) + "\n", "utf-8");
+      }
+      if (opts.json ?? false) {
+        format(result, { json: true });
+      } else {
+        const summary = response.certificate.scenario_summary;
+        process.stderr.write(`${passed ? "PASS" : "HOLD"} certification ${profile} (${mode})`);
+        if (summary) process.stderr.write(`: ${summary.passed}/${summary.total} scenarios passed`);
+        process.stderr.write("\n");
+      }
+      if (!passed) markCommandFailed(1);
+    } catch (error2) {
+      if (error2 instanceof FohError) {
+        formatError(error2, { json: opts.json ?? false });
+        markCommandFailed(1);
+        return;
+      }
+      throw error2;
+    }
+  });
+}
+
 // src/commands/conversations.ts
 var import_crypto4 = require("crypto");
 function registerConversations(program3) {
@@ -37423,7 +37429,7 @@ function registerBug(program3) {
 
 // src/lib/proof-cache.ts
 var import_node_crypto2 = require("node:crypto");
-var import_node_fs2 = require("node:fs");
+var import_node_fs3 = require("node:fs");
 var import_node_path = require("node:path");
 var DEFAULT_MAX_AGE_MS = 15 * 60 * 1e3;
 var DEFAULT_WAIT_MS = 180 * 1e3;
@@ -37447,7 +37453,7 @@ function publicPath(filePath) {
 }
 function readFreshCache(filePath, maxAgeMs) {
   try {
-    const payload = JSON.parse((0, import_node_fs2.readFileSync)(filePath, "utf8"));
+    const payload = JSON.parse((0, import_node_fs3.readFileSync)(filePath, "utf8"));
     const createdAt = Date.parse(String(payload.created_at || ""));
     if (!Number.isFinite(createdAt)) return null;
     if (Date.now() - createdAt > maxAgeMs) return null;
@@ -37457,8 +37463,8 @@ function readFreshCache(filePath, maxAgeMs) {
   }
 }
 function writeCache(filePath, value) {
-  (0, import_node_fs2.mkdirSync)((0, import_node_path.dirname)(filePath), { recursive: true });
-  (0, import_node_fs2.writeFileSync)(filePath, `${JSON.stringify({
+  (0, import_node_fs3.mkdirSync)((0, import_node_path.dirname)(filePath), { recursive: true });
+  (0, import_node_fs3.writeFileSync)(filePath, `${JSON.stringify({
     schema_version: "foh_proof_cache_entry.v1",
     created_at: (/* @__PURE__ */ new Date()).toISOString(),
     value
@@ -37484,7 +37490,7 @@ async function withProofCache(options, run) {
   const maxAgeMs = options.maxAgeMs ?? DEFAULT_MAX_AGE_MS;
   const waitMs = options.waitMs ?? Number(process.env.FOH_PROOF_CACHE_WAIT_MS || DEFAULT_WAIT_MS);
   const pollMs = options.pollMs ?? DEFAULT_POLL_MS;
-  (0, import_node_fs2.mkdirSync)(resolvedDir, { recursive: true });
+  (0, import_node_fs3.mkdirSync)(resolvedDir, { recursive: true });
   const existing = readFreshCache(cachePath, maxAgeMs);
   if (existing) {
     return {
@@ -37494,7 +37500,7 @@ async function withProofCache(options, run) {
   }
   let lockOwner = false;
   try {
-    (0, import_node_fs2.mkdirSync)(lockPath);
+    (0, import_node_fs3.mkdirSync)(lockPath);
     lockOwner = true;
   } catch {
     const started = Date.now();
@@ -37517,7 +37523,7 @@ async function withProofCache(options, run) {
       metadata: { hit: false, key, cache_path: publicPath(cachePath), waited_ms: 0 }
     };
   } finally {
-    if (lockOwner) (0, import_node_fs2.rmSync)(lockPath, { recursive: true, force: true });
+    if (lockOwner) (0, import_node_fs3.rmSync)(lockPath, { recursive: true, force: true });
   }
 }
 
@@ -37548,8 +37554,8 @@ function hasBlockingChecks(checks) {
 }
 function publicKeyFromEnsureResponse(response) {
   const record2 = response && typeof response === "object" ? response : {};
-  const channel = record2.channel && typeof record2.channel === "object" ? record2.channel : {};
-  const publicKey = channel.public_key ?? record2.widget_public_key ?? record2.public_key;
+  const channel2 = record2.channel && typeof record2.channel === "object" ? record2.channel : {};
+  const publicKey = channel2.public_key ?? record2.widget_public_key ?? record2.public_key;
   return typeof publicKey === "string" && publicKey.trim() ? publicKey.trim() : void 0;
 }
 function publicKeyFromEmbedResponse(response) {
@@ -37616,7 +37622,7 @@ function isProviderCapacityBlocked(onboarding) {
   return /maximum number of subaccounts|subaccount limit|reserve[- ]number pool|reserve pool exhausted|global safety limit/.test(message);
 }
 function registerProve(program3) {
-  program3.command("prove").description("Produce one setup/runtime proof bundle for an agent").option("--agent <id>", "Agent ID to prove").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--cert-mode <m>", "Simulation cert mode: quick, full, stress", "quick").option("--cert-adaptive-runs <n>", "Adaptive runs for full/stress certification", "30").option("--cert-max-improvement-rounds <n>", "Max prompt improvement rounds in cert loop (0-5)", "1").option("--mission <mission>", "Proof mission: setup, widget, voice, publish", "setup").option("--contact-path <mode>", "Voice contact path: auto, managed, or byon", "auto").option("--mutation-mode <mode>", "Proof mutation mode: read-only or ensure", "read-only").option("--repair", "Alias for --mutation-mode ensure").option("--require-phone", "Hold proof if no phone/contact number is provisioned").option("--skip-cert", "Skip simulation certification check").option("--skip-smoke", "Skip widget runtime smoke check").option("--skip-voice-health", "Skip realtime voice provider health check").option("--proof-cache-dir <path>", "Optional local proof cache directory for shared certification results").option("--out <path>", "Write signed proof report JSON to this path").option("--strict", "Exit non-zero unless all non-skipped checks pass").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON").action(async (opts) => withCommandErrorHandling(async () => {
+  program3.command("prove").description("Produce one setup/runtime proof bundle for an agent").option("--agent <id>", "Agent ID to prove").option("--org <id>", "Org ID (default: stored org from foh org use)").option("--include-certification", "Run explicit simulation certification check (slow)").option("--cert-mode <m>", "Simulation cert mode when --include-certification is set: quick, full, stress", "quick").option("--cert-adaptive-runs <n>", "Adaptive runs for full/stress certification when included", "30").option("--cert-max-improvement-rounds <n>", "Max prompt improvement rounds in included cert loop (0-5)", "1").option("--mission <mission>", "Proof mission: setup, widget, voice, publish", "setup").option("--contact-path <mode>", "Voice contact path: auto, managed, or byon", "auto").option("--mutation-mode <mode>", "Proof mutation mode: read-only or ensure", "read-only").option("--repair", "Alias for --mutation-mode ensure").option("--require-phone", "Hold proof if no phone/contact number is provisioned").option("--skip-cert", "Deprecated compatibility flag; certification is skipped unless --include-certification is set").option("--skip-smoke", "Skip widget runtime smoke check").option("--skip-voice-health", "Skip realtime voice provider health check").option("--proof-cache-dir <path>", "Optional local proof cache directory for shared certification results").option("--out <path>", "Write signed proof report JSON to this path").option("--strict", "Exit non-zero unless all non-skipped checks pass").option("--api-url <url>", "API base URL override").option("--json", "Output as JSON").action(async (opts) => withCommandErrorHandling(async () => {
     const checks = [];
     const mission = normalizeMission(opts.mission);
     const contactPath = normalizeContactPath(opts.contactPath);
@@ -37872,7 +37878,14 @@ function registerProve(program3) {
         }
       }
       if (opts.skipCert) {
-        checks.push(skipped("simulation_certification", "operator_skipped", "Skipped by --skip-cert.", `foh sim certify-loop --agent ${ctx.agentId} --json`));
+        checks.push(skipped("simulation_certification", "operator_skipped", "Skipped by --skip-cert.", `foh sim certify --agent ${ctx.agentId} --full --json`));
+      } else if (!opts.includeCertification) {
+        checks.push(skipped(
+          "simulation_certification",
+          "certification_explicitly_required",
+          "Runtime proof does not run release certification by default.",
+          `foh sim certify --agent ${ctx.agentId} --full --json`
+        ));
       } else {
         try {
           const certMode = normalizeAgentCertMode(opts.certMode);
@@ -37904,7 +37917,7 @@ function registerProve(program3) {
             proof_cache: cached2.metadata
           };
           if (!loop.overall_pass) {
-            checks.push(hold("simulation_certification", "simulation_certification_failed", "Simulation certification did not pass.", `foh sim certify-loop --agent ${agentId} --${certMode === "quick" ? "full" : certMode} --json`, loopWithCache));
+            checks.push(hold("simulation_certification", "simulation_certification_failed", "Simulation certification did not pass.", `foh sim certify --agent ${agentId} --${certMode === "quick" ? "full" : certMode} --json`, loopWithCache));
           } else {
             checks.push(pass("simulation_certification", "Simulation certification passed.", {
               mode: loop.mode,
@@ -37915,7 +37928,7 @@ function registerProve(program3) {
             }));
           }
         } catch (error2) {
-          checks.push(fail("simulation_certification", "simulation_certification_failed", error2, `foh sim certify-loop --agent ${ctx.agentId} --json`));
+          checks.push(fail("simulation_certification", "simulation_certification_failed", error2, `foh sim certify --agent ${ctx.agentId} --full --json`));
         }
       }
     } else {
@@ -40401,7 +40414,7 @@ async function executeExternalAgentExecutorPlan(plan, options = {}) {
 var DEFAULT_PROMPT_VERSION = "blank-setup.v1";
 var DEFAULT_BATCH_MODELS = "openai/codex,anthropic/claude,cursor/agent";
 var PROMPTS = {
-  "blank-setup.v1": "Go to https://frontofhouse.okii.uk. Use only public docs, public API docs, and the public npm CLI package. Always invoke the CLI with `npx --yes @f-o-h/cli@latest ...`; do not use unpinned `npx @f-o-h/cli ...`, because cached older packages can produce invalid evidence. Install or verify the FOH CLI, authenticate or reach a deterministic auth blocker, then create or configure a Front Of House voice agent and website widget. Mass evals reuse existing eval state: run `npx --yes @f-o-h/cli@latest org status --json` and `npx --yes @f-o-h/cli@latest agent list --json` before trying to create a fresh agent; if an existing eval agent is present, configure and prove that agent instead of creating a second bronze-tier agent. Prefer the certification-oriented buyer templates: run `npx --yes @f-o-h/cli@latest templates list --category buyer --json` and use `UK Buyer Qualification` or `Viewing Booking` when available; do not use a greeting-only template for proof/certification. Prefer `npx --yes @f-o-h/cli@latest setup --phone-mode observe` for the free scaffold path: agent, widget, voice config, smoke test, certification, and publish readiness together. Treat phone-number purchasing as an explicit paid/scarce contact-path step, not part of high-volume eval setup. If `FOH_CLI_SPEND_POLICY=no_spend` is active and a command returns `paid_resource_blocked_by_spend_policy`, do not try to bypass it; continue widget/setup proof and report that exact reason code for the phone path. If the customer/operator explicitly owns a number and asks for real PSTN proof, use `npx --yes @f-o-h/cli@latest provision byon attach --phone-number <e164> --confirm-owned --json`; do not invent ownership or buy a FOH-owned number. Run proof/smoke/certification where available, including widget proof and voice proof. When running more than one `foh prove` mission for the same agent, pass `--proof-cache-dir .foh/proof-cache` so simulation certification can be shared instead of recomputed. If voice proof returns `contact_phone_missing` or `voice_contact_expected_no_spend_hold`, report that exact reason code unless a BYON/customer-approved phone path already exists. If `FOH_EXTERNAL_AGENT_RUN_DIR` is set, write `${FOH_EXTERNAL_AGENT_RUN_DIR}/external-agent-metadata.json` with `schema_version`, `docs_pages_used`, key decisions, and blocker reason codes before finishing. Produce a final evidence summary with commands run, docs used, artifacts created, and any blocker reason codes. Do not assume access to the private source repository.",
+  "blank-setup.v1": "Go to https://frontofhouse.okii.uk. Use only public docs, public API docs, and the public npm CLI package. Always invoke the CLI with `npx --yes @f-o-h/cli@latest ...`; do not use unpinned `npx @f-o-h/cli ...`, because cached older packages can produce invalid evidence. Install or verify the FOH CLI, authenticate or reach a deterministic auth blocker, then create or configure a Front Of House voice agent and website widget. Mass evals reuse existing eval state: run `npx --yes @f-o-h/cli@latest org status --json` and `npx --yes @f-o-h/cli@latest agent list --json` before trying to create a fresh agent; if an existing eval agent is present, configure and prove that agent instead of creating a second bronze-tier agent. Prefer the certification-oriented buyer templates: run `npx --yes @f-o-h/cli@latest templates list --category buyer --json` and use `UK Buyer Qualification` or `Viewing Booking` when available; do not use a greeting-only template for proof/certification. Prefer `npx --yes @f-o-h/cli@latest setup --phone-mode observe` for the free scaffold path: agent, widget, voice config, smoke test, certification, and publish readiness together. Treat phone-number purchasing as an explicit paid/scarce contact-path step, not part of high-volume eval setup. If `FOH_CLI_SPEND_POLICY=no_spend` is active and a command returns `paid_resource_blocked_by_spend_policy`, do not try to bypass it; continue widget/setup proof and report that exact reason code for the phone path. If the customer/operator explicitly owns a number and asks for real PSTN proof, use `npx --yes @f-o-h/cli@latest provision byon attach --phone-number <e164> --confirm-owned --json`; do not invent ownership or buy a FOH-owned number. Run proof/smoke/certification where available, including widget proof, voice proof, and one explicit `foh sim certify --agent <id> --full --json` before publish. `foh prove` does not run release certification by default; only pass `--include-certification --proof-cache-dir .foh/proof-cache` when an explicit combined proof/certification run is required. If voice proof returns `contact_phone_missing` or `voice_contact_expected_no_spend_hold`, report that exact reason code unless a BYON/customer-approved phone path already exists. If `FOH_EXTERNAL_AGENT_RUN_DIR` is set, write `${FOH_EXTERNAL_AGENT_RUN_DIR}/external-agent-metadata.json` with `schema_version`, `docs_pages_used`, key decisions, and blocker reason codes before finishing. Produce a final evidence summary with commands run, docs used, artifacts created, and any blocker reason codes. Do not assume access to the private source repository.",
   "debug-proof-failure.v1": "You are given a FOH proof or debug artifact. Use public docs and FOH CLI/API behavior to classify whether the blocker is docs, auth, org setup, agent config, widget, channel, runtime, or product bug. Produce a redacted improvement packet or the exact command needed to produce one. Do not ask the human to interpret logs manually unless no machine-readable artifact exists.",
   "knowledge-miss.v1": "A FOH agent failed to answer a business question. Use CLI/API/docs to determine whether this is a knowledge-ingestion issue, retrieval issue, config issue, prompt/behavior issue, or runtime issue. Prefer foh knowledge query, transcript export, replay, and foh bug improve artifacts over screenshots.",
   "replay-failure.v1": "You are given a FOH transcript or replay artifact. Use CLI/API/docs to replay or inspect the failed interaction, identify expected vs actual behavior, and produce a scenario-test or improvement-packet candidate."
@@ -40978,6 +40991,7 @@ var CLI_MISSION_EXAMPLES = [
   { mission: "Start", command: "foh start", description: "guided setup and next action selector" },
   { mission: "Setup", command: "foh setup --phone-mode observe --json", description: "create or update agent, widget, voice config, and proof scaffold" },
   { mission: "Prove", command: "foh prove --agent <agent_id> --mission widget --json", description: "produce a machine-readable proof report" },
+  { mission: "Certify", command: "foh certify run --agent <agent_id> --profile release --json", description: "produce release evidence before publish" },
   { mission: "Debug", command: "foh debug --out test-results/foh-cli-diag.latest.json --json", description: "collect auth/org/API diagnostics" },
   { mission: "Improve", command: "foh bug improve --from-file <artifact.json> --json", description: "convert a failure artifact into a redacted improvement packet" },
   { mission: "Publish", command: "foh agent publish --agent <agent_id> --json", description: "publish after proof gates pass" }
@@ -41077,6 +41091,7 @@ registerOps(program2);
 registerSetup(program2);
 registerManifest(program2);
 registerSim(program2);
+registerCertify(program2);
 registerDiag(program2);
 registerBug(program2);
 registerProve(program2);

package/package.json

@@ -1,41 +1,41 @@
-{
-  "name": "@f-o-h/cli",
-  "version": "0.1.65",
-  "description": "FOH CLI - AI-operator provisioning tool for Front Of House",
-  "license": "UNLICENSED",
-  "bin": {
-    "foh": "dist/foh.js"
-  },
-  "main": "dist/foh.js",
-  "files": [
-    "dist/",
-    "examples/",
-    "schemas/",
-    "README.md",
-    "package.json"
-  ],
-  "publishConfig": {
-    "access": "public"
-  },
-  "engines": {
-    "node": ">=18"
-  },
-  "scripts": {
-    "build": "node build.mjs",
-    "test": "vitest run",
-    "typecheck": "tsc --noEmit"
-  },
-  "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.29.0",
-    "commander": "^12.1.0",
-    "js-yaml": "^4.1.1",
-    "picocolors": "^1.1.1",
-    "zod": "^4.3.6"
-  },
-  "devDependencies": {
-    "@types/js-yaml": "^4.0.9",
-    "@types/node": "^22.0.0",
-    "esbuild": "^0.24.0",
-    "vitest": "^2.0.0"
-  }
-}
+{
+  "name": "@f-o-h/cli",
+  "version": "0.1.66",
+  "description": "FOH CLI - AI-operator provisioning tool for Front Of House",
+  "license": "UNLICENSED",
+  "bin": {
+    "foh": "dist/foh.js"
+  },
+  "main": "dist/foh.js",
+  "files": [
+    "dist/",
+    "examples/",
+    "schemas/",
+    "README.md",
+    "package.json"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "build": "node build.mjs",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "commander": "^12.1.0",
+    "js-yaml": "^4.1.1",
+    "picocolors": "^1.1.1",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^22.0.0",
+    "esbuild": "^0.24.0",
+    "vitest": "^2.0.0"
+  }
+}