@jaguilar87/gaia 5.0.7 → 5.0.9

package/bin/cli/approvals.py

@@ -42,16 +42,12 @@ for _p in [str(_HOOKS_DIR), str(_PLUGIN_ROOT)]:
 def _import_approval_grants():
     """Import approval_grants lazily to allow mocking in tests."""
     from modules.security.approval_grants import (
-        cleanup_expired_grants,
         get_pending_approvals_for_session,
         load_pending_by_nonce_prefix,
-        reject_pending,
     )
     return {
-        "cleanup_expired_grants": cleanup_expired_grants,
         "get_pending_approvals_for_session": get_pending_approvals_for_session,
         "load_pending_by_nonce_prefix": load_pending_by_nonce_prefix,
-        "reject_pending": reject_pending,
     }
 
 
@@ -76,18 +72,6 @@ def _import_grants_dir():
     return _get_grants_dir()
 
 
-def _import_approval_grants_module():
-    """Return the approval_grants module object for direct attribute access.
-
-    Separate from _import_approval_grants() so cmd_clean can reset
-    _last_cleanup_time and call cleanup_expired_grants atomically on the
-    same module reference.  Kept as a separate injectable function so tests
-    can mock it without touching sys.modules.
-    """
-    import modules.security.approval_grants as ag_mod
-    return ag_mod
-
-
 def _import_writer():
     """Import gaia.store.writer lazily to allow mocking in tests."""
     from gaia.store import writer
@@ -152,42 +136,96 @@ def _pending_to_display(p: dict) -> dict:
 def _scan_pending_shared(exclude_live_sessions: bool = False) -> list:
     """Return all non-expired, non-rejected pending approvals across all sessions.
 
-    Thin wrapper around the shared ``scan_pending_approvals`` in
-    ``modules.session.pending_scanner`` so CLI and hook consumers share one
-    implementation of pending discovery + liveness filtering.
+    DB-primary since Task E: queries gaia.approvals.store (all_sessions=True).
+    All pending types (T3 commands, COMMAND_SET batches, SCOPE_FILE_PATH
+    file-write blocks) are now written exclusively to the DB.
 
     When ``exclude_live_sessions=True``, only pendings whose owning session
-    is NOT currently alive (orphans) are returned — this backs the
-    ``--orphans-only`` flag.
+    is NOT currently alive (orphans) are returned -- this backs the
+    ``--orphans-only`` flag.  Session liveness is checked via
+    session_registry.get_live_sessions() when available.
+
+    Returns a list of dicts in the shape _pending_to_display() expects.
 
     Raises:
-        Exception: propagated from ``_import_grants_dir()`` so ``cmd_list``
-            can catch it and return exit code 1 consistently.
+        Exception: propagated from the store import so cmd_list can catch it
+            and return exit code 1 consistently.
     """
-    # Let ImportError / other failures from _import_grants_dir propagate up.
-    grants_dir = _import_grants_dir()
+    store = _import_approval_store()
+    rows = store.list_pending(all_sessions=True)
 
-    from modules.session.pending_scanner import scan_pending_approvals
-
-    scanned = scan_pending_approvals(
-        grants_dir, exclude_live_sessions=exclude_live_sessions
-    )
+    # Optional liveness filter.
+    if exclude_live_sessions:
+        try:
+            import sys as _sys
+            import pathlib as _pl
+            # Ensure hooks/ is importable (mirrors the top-of-file sys.path setup).
+            _hooks_dir = str(_PLUGIN_ROOT / "hooks")
+            if _hooks_dir not in _sys.path:
+                _sys.path.insert(0, _hooks_dir)
+            from modules.session.session_registry import get_live_sessions
+            live = get_live_sessions(include_headless=False)
+            rows = [r for r in rows if r.get("session_id") not in live]
+        except Exception:
+            pass  # Conservative: return all on registry failure
 
-    # scan_pending_approvals returns a display-ish shape; we rehydrate each
-    # scanned result back into the on-disk pending dict keys that
-    # _pending_to_display expects. Single source of truth for the scan,
-    # but the CLI's display contract is preserved unchanged.
     results = []
-    for s in scanned:
+    for row in rows:
+        payload_json = row.get("payload_json") or "{}"
+        try:
+            payload = json.loads(payload_json)
+        except (json.JSONDecodeError, TypeError):
+            payload = {}
+
+        # Extract command: prefer exact_content, fall back to first command.
+        command = (
+            payload.get("exact_content")
+            or (payload.get("commands") or [None])[0]
+            or payload.get("operation")
+            or ""
+        )
+
+        # Extract verb and category from operation field.
+        operation = payload.get("operation", "")
+        danger_verb = "unknown"
+        danger_category = "MUTATIVE"
+        if ": " in operation:
+            danger_verb = operation.rsplit(": ", 1)[-1].strip()
+        if " command intercepted" in operation:
+            danger_category = operation.split(" command intercepted")[0].strip()
+
+        # Compute timestamp from created_at.
+        created_at_str = row.get("created_at", "")
+        ts: float = 0.0
+        if created_at_str:
+            try:
+                from datetime import datetime as _dt, timezone as _tz
+                dt = _dt.strptime(created_at_str, "%Y-%m-%dT%H:%M:%SZ").replace(
+                    tzinfo=_tz.utc
+                )
+                ts = dt.timestamp()
+            except (ValueError, TypeError):
+                ts = 0.0
+
+        approval_id = row.get("id", "")
+        # nonce: strip the "P-" prefix so _pending_to_display's
+        # _approval_id_label("P-" + nonce_prefix) works correctly.
+        nonce = approval_id[2:] if approval_id.startswith("P-") else approval_id
+
         results.append({
-            "nonce": s.get("nonce_full") or s.get("nonce_short", ""),
-            "session_id": s.get("pending_session_id", ""),
-            "command": s.get("command", ""),
-            "danger_verb": s.get("verb", ""),
-            "danger_category": s.get("category", ""),
-            "scope_type": s.get("scope_type", ""),
-            "timestamp": s.get("timestamp", 0),
-            "context": s.get("context", {}),
+            "nonce": nonce,
+            "session_id": row.get("session_id", ""),
+            "command": command,
+            "danger_verb": danger_verb,
+            "danger_category": danger_category,
+            "scope_type": payload.get("scope", "semantic_signature"),
+            "timestamp": ts,
+            "context": {
+                "description": payload.get("rationale", ""),
+                "risk": payload.get("risk_level", "medium"),
+                "rollback": payload.get("rollback_hint"),
+                "source": "db",
+            },
         })
 
     results.sort(key=lambda d: d.get("timestamp", 0), reverse=True)
@@ -243,13 +281,13 @@ def _grant_to_display(g: dict) -> dict:
 
 
 def cmd_list(args) -> int:
-    """List approval grants from the DB.
+    """List approval grants and pending approvals from the DB.
 
     Without ``--session``, all grants are shown.  With ``--session SESSION_ID``,
     only that session's grants are shown.
 
-    Also supports ``--orphans-only`` (filesystem pending approvals from dead
-    sessions) via the legacy scan path for backward compatibility.
+    ``--orphans-only`` filters pending approvals to rows whose owning session
+    is no longer alive (orphaned pendings from dead sessions).
     """
     session_id = getattr(args, "session", None)
     orphans_only = getattr(args, "orphans_only", False)
@@ -264,22 +302,12 @@ def cmd_list(args) -> int:
     except Exception:
         db_grants = []
 
-    # Legacy filesystem pending listing (for filesystem-based pending approvals)
+    # DB-backed pending listing (canonical since Task E FS retirement)
     fs_pending = []
-    if not orphans_only:
-        try:
-            if session_id is None:
-                fs_pending = _scan_pending_shared(exclude_live_sessions=False)
-            else:
-                ag = _import_approval_grants()
-                fs_pending = ag["get_pending_approvals_for_session"](session_id)
-        except Exception:
-            pass
-    else:
-        try:
-            fs_pending = _scan_pending_shared(exclude_live_sessions=True)
-        except Exception:
-            pass
+    try:
+        fs_pending = _scan_pending_shared(exclude_live_sessions=orphans_only)
+    except Exception:
+        pass
 
     db_items = [_grant_to_display(g) for g in db_grants]
     fs_items = [_pending_to_display(p) for p in fs_pending]
@@ -513,38 +541,45 @@ def cmd_reject(args) -> int:
     if nonce.upper().startswith("P-"):
         nonce = nonce[2:]
 
+    # DB-primary since Task E: find the pending DB row whose approval_id matches
+    # the prefix, then revoke it (pending -> revoked, append-only event chain).
+    session_id = os.environ.get("CLAUDE_SESSION_ID") or "cli-reject"
     try:
-        ag = _import_approval_grants()
-        ok = ag["reject_pending"](nonce)
+        store = _import_approval_store()
+        rows = store.list_pending(all_sessions=True)
+        matched_id = None
+        for row in rows:
+            row_id = row.get("id", "")
+            if row_id.startswith(f"P-{nonce}"):
+                matched_id = row_id
+                break
+        if matched_id is None:
+            _print_error(f"No pending approval found for P-{nonce}", args)
+            return 1
+        store.revoke(matched_id, session_id)
     except Exception as exc:
         _print_error(f"Failed to reject approval: {exc}", args)
         return 1
 
-    if ok:
-        msg = f"Rejected P-{nonce}"
-        if reason:
-            msg += f" (reason: {reason})"
-        if getattr(args, "json", False):
-            print(json.dumps({"status": "rejected", "nonce_prefix": nonce, "reason": reason}))
-        else:
-            print(msg)
-        return 0
+    msg = f"Rejected P-{nonce}"
+    if reason:
+        msg += f" (reason: {reason})"
+    if getattr(args, "json", False):
+        print(json.dumps({"status": "rejected", "nonce_prefix": nonce, "reason": reason}))
     else:
-        _print_error(f"No pending approval found for P-{nonce}", args)
-        return 1
+        print(msg)
+    return 0
 
 
 def _cmd_reject_all(args, reason: str | None) -> int:
     """Reject all pending approvals across all sessions.
 
-    Scans the same queue that ``gaia approvals list`` shows, then calls
-    ``reject_pending`` for each non-expired, non-rejected pending approval.
-    Exits 0 always -- an empty queue is not an error.
+    DB-primary since Task E: queries gaia.approvals.store for all pending
+    rows and revokes each via store.revoke(). Exits 0 always -- an empty
+    queue is not an error.
     """
     try:
-        # Bulk reject operates on the full queue regardless of liveness;
-        # we intentionally pass exclude_live_sessions=False so the operator
-        # can clear orphaned and live-session pendings in one call.
+        # Bulk reject operates on the full queue regardless of liveness.
         raw = _scan_pending_shared(exclude_live_sessions=False)
     except Exception as exc:
         _print_error(f"Failed to load approvals: {exc}", args)
@@ -557,11 +592,11 @@ def _cmd_reject_all(args, reason: str | None) -> int:
             print("No pending approvals to reject.")
         return 0
 
+    session_id = os.environ.get("CLAUDE_SESSION_ID") or "cli-reject-all"
     try:
-        ag = _import_approval_grants()
-        reject_fn = ag["reject_pending"]
+        store = _import_approval_store()
     except Exception as exc:
-        _print_error(f"Failed to load approval module: {exc}", args)
+        _print_error(f"Failed to load approval store: {exc}", args)
         return 1
 
     rejected_ids = []
@@ -569,12 +604,10 @@ def _cmd_reject_all(args, reason: str | None) -> int:
     for pending in raw:
         nonce = pending.get("nonce", "")
         nonce_prefix = _nonce_short(nonce)
+        approval_id = f"P-{nonce}"
         try:
-            ok = reject_fn(nonce_prefix)
-            if ok:
-                rejected_ids.append(f"P-{nonce_prefix}")
-            else:
-                failed_ids.append(f"P-{nonce_prefix}")
+            store.revoke(approval_id, session_id)
+            rejected_ids.append(f"P-{nonce_prefix}")
         except Exception:
             failed_ids.append(f"P-{nonce_prefix}")
 
@@ -621,9 +654,9 @@ def _grants_dir_for_workspace(workspace: str | None):
 def cmd_reject_all(args) -> int:
     """Reject all active pending approvals in one pass.
 
-    Scans the approval cache for every non-expired, non-rejected pending
-    approval and calls ``reject_pending()`` on each nonce.  This is the
-    canonical subcommand surface documented in the pending-approvals skill.
+    Scans the DB for every non-expired, non-rejected pending approval and
+    calls ``store.revoke()`` on each approval_id.  This is the canonical
+    subcommand surface documented in the pending-approvals skill.
 
     Flags:
       --dry-run     Preview what would be rejected without writing changes.
@@ -632,23 +665,24 @@ def cmd_reject_all(args) -> int:
     dry_run: bool = getattr(args, "dry_run", False)
     workspace: str | None = getattr(args, "workspace", None)
 
-    # Resolve grants directory, honoring --workspace if provided.
-    try:
-        grants_dir = _grants_dir_for_workspace(workspace)
-    except Exception as exc:
-        _print_error(f"Cannot resolve approvals directory: {exc}", args)
-        return 1
+    # Scan pending approvals from the DB (all_sessions, no workspace filter
+    # needed -- the DB is per-machine, not per-workspace).
+    # When --workspace was supplied, emit an informational note that it is
+    # ignored (the DB is the authoritative store since Task E).
+    if workspace is not None:
+        import sys as _sys
+        print(
+            f"Note: --workspace is ignored; pending approvals are stored in "
+            f"~/.gaia/gaia.db (per-machine DB), not in the workspace FS.",
+            file=_sys.stderr,
+        )
 
-    # Scan pending approvals using the resolved directory.
     try:
-        from modules.session.pending_scanner import scan_pending_approvals
-        scanned = scan_pending_approvals(grants_dir, exclude_live_sessions=False)
-        raw: list = []
-        for s in scanned:
-            raw.append({
-                "nonce": s.get("nonce_full") or s.get("nonce_short", ""),
-                "command": s.get("command", ""),
-            })
+        raw_pending = _scan_pending_shared(exclude_live_sessions=False)
+        raw: list = [
+            {"nonce": p.get("nonce", ""), "command": p.get("command", "")}
+            for p in raw_pending
+        ]
     except Exception as exc:
         _print_error(f"Failed to load approvals: {exc}", args)
         return 1
@@ -666,12 +700,12 @@ def cmd_reject_all(args) -> int:
         print(f"\n{len(raw)} pending(s) would be rejected.")
         return 0
 
-    # Live rejection via the canonical reject_pending() path.
+    # Live rejection via store.revoke() (DB path -- all pendings are in DB now).
+    session_id = os.environ.get("CLAUDE_SESSION_ID") or "cli-reject-all"
     try:
-        ag = _import_approval_grants()
-        reject_fn = ag["reject_pending"]
+        store = _import_approval_store()
     except Exception as exc:
-        _print_error(f"Failed to load approval module: {exc}", args)
+        _print_error(f"Failed to load approval store: {exc}", args)
         return 1
 
     rejected_ids = []
@@ -679,12 +713,10 @@ def cmd_reject_all(args) -> int:
     for item in raw:
         nonce = item["nonce"]
         nonce_prefix = _nonce_short(nonce)
+        approval_id = f"P-{nonce}"
         try:
-            ok = reject_fn(nonce_prefix)
-            if ok:
-                rejected_ids.append(f"P-{nonce_prefix}")
-            else:
-                failed_ids.append(f"P-{nonce_prefix}")
+            store.revoke(approval_id, session_id)
+            rejected_ids.append(f"P-{nonce_prefix}")
         except Exception:
             failed_ids.append(f"P-{nonce_prefix}")
 
@@ -702,79 +734,128 @@ def cmd_reject_all(args) -> int:
 # ---------------------------------------------------------------------------
 
 def cmd_clean(args) -> int:
-    """Remove expired and stale approvals."""
+    """Remove expired approvals and grants from the DB.
+
+    DB-only since FS retirement: all pending approvals and grants live in
+    gaia.db.  Expired DB pending rows (status='pending', older than 24h TTL)
+    are transitioned to 'revoked' so the append-only event chain is preserved.
+    Expired approval_grants rows (status='PENDING', past expires_at) are
+    transitioned to 'EXPIRED'.
+    """
     dry_run = getattr(args, "dry_run", False)
 
     if dry_run:
-        # Inspect without deleting -- count files that would be removed
+        # Count DB rows that would be cleaned (pending rows older than 24h).
+        db_expired = 0
         try:
-            grants_dir = _import_grants_dir()
-        except Exception as exc:
-            _print_error(f"Cannot access approvals directory: {exc}", args)
-            return 1
+            store = _import_approval_store()
+            rows = store.list_pending(all_sessions=True)
+            from datetime import datetime, timezone
+            now = datetime.now(timezone.utc)
+            for row in rows:
+                created_at_str = row.get("created_at", "")
+                if created_at_str:
+                    try:
+                        created_dt = datetime.strptime(
+                            created_at_str, "%Y-%m-%dT%H:%M:%SZ"
+                        ).replace(tzinfo=timezone.utc)
+                        age_hours = (now - created_dt).total_seconds() / 3600
+                        if age_hours > 24:
+                            db_expired += 1
+                    except (ValueError, TypeError):
+                        pass
+        except Exception:
+            pass
 
-        if not grants_dir.exists():
-            msg = "Approvals directory does not exist. Nothing to clean."
-            if getattr(args, "json", False):
-                print(json.dumps({"dry_run": True, "would_remove": 0, "message": msg}))
-            else:
-                print(msg)
-            return 0
+        # Count expired DB grant rows.
+        db_expired_grants = _count_expired_db_grants()
 
-        would_remove = _count_stale_files(grants_dir)
+        would_remove = db_expired + db_expired_grants
+        msg = f"Dry run: {db_expired} expired DB pending(s) + {db_expired_grants} expired DB grant(s)"
         if getattr(args, "json", False):
-            print(json.dumps({"dry_run": True, "would_remove": would_remove}))
+            print(json.dumps({
+                "dry_run": True,
+                "would_remove": would_remove,
+                "db_expired": db_expired,
+                "db_expired_grants": db_expired_grants,
+                "message": msg,
+            }))
         else:
-            print(f"Dry run: {would_remove} expired/stale file(s) would be removed.")
+            print(msg)
         return 0
 
-    # Real cleanup -- reset throttle to force run
+    # Real cleanup.
+    db_cleaned = 0
     try:
-        ag_mod = _import_approval_grants_module()
-        ag_mod._last_cleanup_time = 0.0
-        cleaned = ag_mod.cleanup_expired_grants()
+        store = _import_approval_store()
+        rows = store.list_pending(all_sessions=True)
+        from datetime import datetime, timezone
+        now = datetime.now(timezone.utc)
+        session_id = os.environ.get("CLAUDE_SESSION_ID") or "cli-cleanup"
+        for row in rows:
+            created_at_str = row.get("created_at", "")
+            if not created_at_str:
+                continue
+            try:
+                created_dt = datetime.strptime(
+                    created_at_str, "%Y-%m-%dT%H:%M:%SZ"
+                ).replace(tzinfo=timezone.utc)
+                age_hours = (now - created_dt).total_seconds() / 3600
+                if age_hours > 24:
+                    try:
+                        store.revoke(row["id"], session_id)
+                        db_cleaned += 1
+                    except Exception:
+                        pass
+            except (ValueError, TypeError):
+                pass
     except Exception as exc:
-        _print_error(f"Cleanup failed: {exc}", args)
-        return 1
+        _print_error(f"DB cleanup failed: {exc}", args)
 
+    # Expire DB grant rows whose expires_at has passed.
+    db_grants_expired = 0
+    try:
+        from datetime import datetime, timezone
+        now_iso = datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+        writer = _import_writer()
+        pending_grants = writer.list_approval_grants(status="PENDING", limit=1000)
+        for row in pending_grants:
+            expires_at = row.get("expires_at")
+            if expires_at and expires_at < now_iso:
+                try:
+                    writer.update_approval_grant_status(row["approval_id"], "EXPIRED")
+                    db_grants_expired += 1
+                except Exception:
+                    pass
+    except Exception:
+        pass
+
+    total = db_cleaned + db_grants_expired
     if getattr(args, "json", False):
-        print(json.dumps({"status": "ok", "cleaned": cleaned}))
+        print(json.dumps({
+            "status": "ok",
+            "cleaned": total,
+            "db_cleaned": db_cleaned,
+            "db_grants_expired": db_grants_expired,
+        }))
     else:
-        print(f"Cleaned {cleaned} expired/stale approval file(s).")
+        print(f"Cleaned {db_cleaned} expired DB pending(s) and {db_grants_expired} expired DB grant(s).")
     return 0
 
 
-def _count_stale_files(grants_dir: Path) -> int:
-    """Count expired grant and pending files without deleting them."""
-    count = 0
-    now = time.time()
-
-    for f in grants_dir.glob("grant-*.json"):
-        try:
-            data = json.loads(f.read_text())
-            granted_at = float(data.get("granted_at", 0))
-            ttl = int(data.get("ttl_minutes", 5))
-            if ttl > 0 and (now - granted_at) / 60 > ttl:
-                count += 1
-        except Exception:
-            count += 1
-
-    for f in grants_dir.glob("pending-*.json"):
-        if "index" in f.name:
-            continue
-        try:
-            data = json.loads(f.read_text())
-            if data.get("status") == "rejected":
-                count += 1
-                continue
-            ts = float(data.get("timestamp", 0))
-            ttl = int(data.get("ttl_minutes", 5))
-            if ttl > 0 and (now - ts) / 60 > ttl:
-                count += 1
-        except Exception:
-            count += 1
-
-    return count
+def _count_expired_db_grants() -> int:
+    """Count DB approval_grants rows with PENDING status whose expires_at has passed."""
+    try:
+        from datetime import datetime, timezone
+        now_iso = datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+        writer = _import_writer()
+        rows = writer.list_approval_grants(status="PENDING", limit=1000)
+        return sum(
+            1 for r in rows
+            if r.get("expires_at") and r["expires_at"] < now_iso
+        )
+    except Exception:
+        return 0
 
 
 # ---------------------------------------------------------------------------
@@ -782,64 +863,61 @@ def _count_stale_files(grants_dir: Path) -> int:
 # ---------------------------------------------------------------------------
 
 def cmd_stats(args) -> int:
-    """Show approval system statistics."""
+    """Show approval system statistics from the DB.
+
+    DB-only since FS retirement: all pending approvals and grants live in
+    gaia.db.  Counts are derived from the approvals table (all statuses) and
+    the approval_grants table (active grants).
+    """
+    # DB counts.
+    db_pending = 0
+    db_approved = 0
+    db_rejected = 0
+    db_revoked = 0
+    verb_counts: dict = {}
     try:
-        ag = _import_approval_grants()
-        grants_dir = _import_grants_dir()
+        store = _import_approval_store()
+        all_rows = store.list_all(limit=1000)
+        for row in all_rows:
+            status = row.get("status", "")
+            if status == "pending":
+                db_pending += 1
+                # Extract verb from payload for breakdown.
+                payload_json = row.get("payload_json") or "{}"
+                try:
+                    payload = json.loads(payload_json)
+                    operation = payload.get("operation", "")
+                    verb = "unknown"
+                    if ": " in operation:
+                        verb = operation.rsplit(": ", 1)[-1].strip()
+                    verb_counts[verb] = verb_counts.get(verb, 0) + 1
+                except Exception:
+                    pass
+            elif status == "approved":
+                db_approved += 1
+            elif status == "rejected":
+                db_rejected += 1
+            elif status == "revoked":
+                db_revoked += 1
     except Exception as exc:
-        _print_error(f"Failed to access approval system: {exc}", args)
+        _print_error(f"Failed to query DB statistics: {exc}", args)
         return 1
 
-    # Gather data
-    all_sessions_pending = []
-    active_grants = []
-    rejected_count = 0
-    expired_pending_count = 0
-    now = time.time()
-
-    if grants_dir.exists():
-        for f in grants_dir.glob("pending-*.json"):
-            if "index" in f.name:
-                continue
-            try:
-                data = json.loads(f.read_text())
-                if data.get("status") == "rejected":
-                    rejected_count += 1
-                    continue
-                ts = float(data.get("timestamp", 0))
-                ttl = int(data.get("ttl_minutes", 5))
-                if ttl > 0 and (now - ts) / 60 > ttl:
-                    expired_pending_count += 1
-                    continue
-                all_sessions_pending.append(data)
-            except Exception:
-                pass
-
-        for f in grants_dir.glob("grant-*.json"):
-            try:
-                data = json.loads(f.read_text())
-                granted_at = float(data.get("granted_at", 0))
-                ttl = int(data.get("ttl_minutes", 5))
-                if ttl == 0 or (now - granted_at) / 60 <= ttl:
-                    active_grants.append(data)
-            except Exception:
-                pass
-
-    # Current session pending
-    session_pending = ag["get_pending_approvals_for_session"]()
-
-    # Verb breakdown
-    verb_counts: dict = {}
-    for p in all_sessions_pending:
-        verb = p.get("danger_verb", "unknown")
-        verb_counts[verb] = verb_counts.get(verb, 0) + 1
+    # Active DB grants.
+    db_active_grants = 0
+    try:
+        writer = _import_writer()
+        db_grants = writer.list_approval_grants(limit=500)
+        db_active_grants = len(db_grants)
+    except Exception:
+        pass
 
     stats = {
-        "pending_current_session": len(session_pending),
-        "pending_all_sessions": len(all_sessions_pending),
-        "active_grants": len(active_grants),
-        "rejected": rejected_count,
-        "expired_pending": expired_pending_count,
+        "pending_all_sessions": db_pending,
+        "approved": db_approved,
+        "rejected": db_rejected,
+        "revoked": db_revoked,
+        "active_db_grants": db_active_grants,
         "verb_breakdown": verb_counts,
     }
 
@@ -849,13 +927,13 @@ def cmd_stats(args) -> int:
 
     print("Approval System Stats")
     print("---------------------")
-    print(f"  Pending (this session) : {stats['pending_current_session']}")
     print(f"  Pending (all sessions) : {stats['pending_all_sessions']}")
-    print(f"  Active grants          : {stats['active_grants']}")
-    print(f"  Rejected (pending)     : {stats['rejected']}")
-    print(f"  Expired (pending)      : {stats['expired_pending']}")
+    print(f"  Approved               : {stats['approved']}")
+    print(f"  Rejected               : {stats['rejected']}")
+    print(f"  Revoked                : {stats['revoked']}")
+    print(f"  Active DB grants       : {stats['active_db_grants']}")
     if verb_counts:
-        print("  Verb breakdown:")
+        print("  Verb breakdown (pending):")
         for verb, cnt in sorted(verb_counts.items(), key=lambda x: -x[1]):
             print(f"    {verb:<16} {cnt}")
     return 0
@@ -889,12 +967,6 @@ def _import_approval_display():
     return display
 
 
-def _import_approval_revert():
-    """Import gaia.approvals.revert lazily."""
-    from gaia.approvals import revert as revert_mod
-    return revert_mod
-
-
 # ---------------------------------------------------------------------------
 # T3.1: gaia approvals pending -- shortcut for list --status=pending
 # ---------------------------------------------------------------------------
@@ -902,9 +974,17 @@ def _import_approval_revert():
 def cmd_pending(args) -> int:
     """Show pending approvals from the new approvals table.
 
-    With ``--all-sessions``, returns pending approvals from all sessions
-    (cross-session recovery, D9). Without it, returns pending for the
-    current session when SESSION_ID env var is set, or all sessions.
+    With no arguments, returns all pending approvals from all sessions on this
+    machine (the DB is per-machine, so all-sessions is the correct default
+    scope).  This avoids the Bug B / P-a11d14e0 silent-drop: inside a
+    subagent ``$CLAUDE_SESSION_ID`` is the subagent's own session id, not the
+    orchestrator session id stored on the approval row, so an exact-match
+    filter would silently return nothing.
+
+    With ``--session SESSION_ID``, filters to that explicit session id only
+    (useful when the caller holds a known-good orchestrator session id).
+    With ``--all-sessions``, same as the default (kept for backwards
+    compatibility with callers that pass the flag explicitly).
 
     Exits 0 on success, 1 on error.
     """
@@ -912,10 +992,12 @@ def cmd_pending(args) -> int:
     session_id = getattr(args, "session", None)
     output_json = getattr(args, "json", False)
 
-    # If no session_id provided, default to all_sessions behavior.
-    if session_id is None and not all_sessions:
-        # Try to detect session from environment (mirrors hook behavior).
-        session_id = os.environ.get("CLAUDE_SESSION_ID") or None
+    # No auto-derivation from $CLAUDE_SESSION_ID.  Inside a subagent that env
+    # var holds the subagent's own session id, which does NOT match the
+    # orchestrator session_id stored on approval rows -- exact-match filtering
+    # would silently drop all pending rows.  When no explicit --session is
+    # supplied, pass session_id=None so get_pending() uses the all-sessions
+    # query (``WHERE status='pending'`` with no session filter).
 
     try:
         store = _import_approval_store()
@@ -1209,199 +1291,6 @@ def cmd_history(args) -> int:
     return 0
 
 
-# ---------------------------------------------------------------------------
-# T3.5: gaia approvals revert <id> -- interactive inverse-command UX (D14)
-# ---------------------------------------------------------------------------
-
-def cmd_revert(args) -> int:
-    """Revert an approval by executing inverse commands for its EXECUTED events.
-
-    Per D14:
-    - Interactive by default: shows numbered list of candidate inverse commands,
-      user selects by number, comma-separated, 'all', or 'none'.
-    - ``--yes`` suppresses per-event confirmation.
-    - ``--file ids.txt`` reads event_ids from a file (one per line) for batch mode.
-    - ``--dry-run`` shows the inverse commands without executing them.
-
-    Exits 0 on success or when no reversible events exist.
-    Exits 1 on error.
-    """
-    raw_id = _resolve_approval_id(args.approval_id)
-    skip_confirm = getattr(args, "yes", False)
-    dry_run = getattr(args, "dry_run", False)
-    batch_file = getattr(args, "file", None)
-    output_json = getattr(args, "json", False)
-
-    # Resolve the approval and its EXECUTED events.
-    try:
-        store = _import_approval_store()
-        approval = store.get_by_id(raw_id)
-        if approval is None:
-            _print_error(f"No approval found for id: {raw_id}", args)
-            return 1
-    except Exception as exc:
-        _print_error(f"Failed to look up approval: {exc}", args)
-        return 1
-
-    # Derive inverse commands.
-    try:
-        revert_mod = _import_approval_revert()
-        store = _import_approval_store()
-        con = store._open_db()
-        try:
-            inverses = revert_mod.derive_inverses_for_approval(raw_id, con)
-        finally:
-            con.close()
-    except Exception as exc:
-        _print_error(f"Failed to derive inverse commands: {exc}", args)
-        return 1
-
-    if not inverses:
-        print(f"No EXECUTED events found for approval {raw_id}. Nothing to revert.")
-        return 0
-
-    # Display the candidate inverse commands.
-    print(f"\nCandidate inverse commands for approval {raw_id}:")
-    print("-" * 60)
-    for i, ic in enumerate(inverses):
-        reversible_marker = "" if ic.reversible else " [NOT REVERSIBLE]"
-        inverse_display = ic.inverse_command if ic.inverse_command else "N/A"
-        print(f"  [{i}] Original : {ic.original_command}")
-        print(f"      Inverse  : {inverse_display}{reversible_marker}")
-        print(f"      Notes    : {ic.notes}")
-        print()
-
-    # Filter to only reversible ones.
-    reversible = [ic for ic in inverses if ic.reversible and ic.inverse_command]
-    if not reversible:
-        print("None of the events have derivable inverse commands.")
-        return 0
-
-    if dry_run:
-        print("[dry-run] Would execute the following inverse commands:")
-        for ic in reversible:
-            print(f"  {ic.inverse_command}")
-        return 0
-
-    # Batch file mode: read event_ids to revert.
-    selected = reversible
-    if batch_file:
-        try:
-            with open(batch_file) as fh:
-                event_ids_str = {line.strip() for line in fh if line.strip()}
-        except OSError as exc:
-            _print_error(f"Cannot read batch file {batch_file!r}: {exc}", args)
-            return 1
-        event_ids = set()
-        for eid in event_ids_str:
-            try:
-                event_ids.add(int(eid))
-            except ValueError:
-                pass
-        selected = [ic for ic in reversible if ic.event_id in event_ids]
-        if not selected:
-            print(f"No matching reversible events found in batch file.")
-            return 0
-    elif not skip_confirm:
-        # Interactive selection.
-        print("Select events to revert (comma-separated numbers, 'all', or 'none'):")
-        try:
-            choice = input("> ").strip().lower()
-        except EOFError:
-            choice = "none"
-
-        if choice == "none" or choice == "":
-            print("Revert cancelled.")
-            return 0
-        elif choice == "all":
-            selected = reversible
-        else:
-            try:
-                indices = [int(x.strip()) for x in choice.split(",") if x.strip()]
-                selected = [reversible[i] for i in indices if 0 <= i < len(reversible)]
-            except (ValueError, IndexError):
-                _print_error("Invalid selection. Use numbers, 'all', or 'none'.", args)
-                return 1
-
-    if not selected:
-        print("No events selected. Revert cancelled.")
-        return 0
-
-    # Final confirmation.
-    if not skip_confirm:
-        print("\nWill execute:")
-        for ic in selected:
-            print(f"  {ic.inverse_command}")
-        try:
-            confirm = input("\nProceed? [y/N] ").strip().lower()
-        except EOFError:
-            confirm = "n"
-        if confirm not in ("y", "yes"):
-            print("Revert cancelled.")
-            return 0
-
-    # Execute inverse commands.
-    import subprocess
-    results = []
-    session_id = os.environ.get("CLAUDE_SESSION_ID") or "cli-session"
-    all_ok = True
-
-    for ic in selected:
-        print(f"Executing: {ic.inverse_command}")
-        try:
-            proc = subprocess.run(
-                ic.inverse_command,
-                shell=True,
-                capture_output=True,
-                text=True,
-            )
-            ok = proc.returncode == 0
-            results.append({
-                "event_id": ic.event_id,
-                "command": ic.inverse_command,
-                "exit_code": proc.returncode,
-                "stdout": proc.stdout.strip(),
-                "stderr": proc.stderr.strip(),
-            })
-            if ok:
-                print(f"  OK (exit 0)")
-                # Record REVERTED event in the chain.
-                try:
-                    store = _import_approval_store()
-                    import json as _json
-                    metadata = _json.dumps({
-                        "original_event_id": ic.event_id,
-                        "inverse_command": ic.inverse_command,
-                    })
-                    store.record_event(
-                        raw_id,
-                        "REVERTED",
-                        session_id=session_id,
-                        metadata_json=metadata,
-                    )
-                except Exception:
-                    pass  # Chain write failure is non-fatal for the revert operation.
-            else:
-                print(f"  FAILED (exit {proc.returncode})")
-                if proc.stderr:
-                    print(f"  stderr: {proc.stderr.strip()}")
-                all_ok = False
-        except Exception as exc:
-            print(f"  ERROR: {exc}")
-            results.append({
-                "event_id": ic.event_id,
-                "command": ic.inverse_command,
-                "exit_code": -1,
-                "error": str(exc),
-            })
-            all_ok = False
-
-    if output_json:
-        print(json.dumps({"results": results, "all_ok": all_ok}))
-
-    return 0 if all_ok else 1
-
-
 # ---------------------------------------------------------------------------
 # T3.5: gaia approvals replay <id> [--dry-run]
 # ---------------------------------------------------------------------------
@@ -1522,6 +1411,114 @@ def cmd_replay(args) -> int:
     return 0 if all_ok else 1
 
 
+# ---------------------------------------------------------------------------
+# derive-id -- reproduce a plan-first COMMAND_SET approval_id from its commands
+# ---------------------------------------------------------------------------
+
+def _read_command_set_input(args) -> list:
+    """Resolve the command list for derive-id from args/stdin.
+
+    Accepts, in order of precedence:
+      1. ``--commands-json '[{"command": "..."}, ...]'`` or a bare list of
+         strings ``["cmd a", "cmd b"]`` -- the command_set as the orchestrator
+         reads it from the contract.
+      2. stdin (when ``--commands-json`` is omitted), same JSON shapes.
+
+    Returns the ordered list of command STRINGS (rationale is irrelevant to the
+    derivation). Raises ValueError on malformed input.
+    """
+    raw = getattr(args, "commands_json", None)
+    if raw is None:
+        raw = sys.stdin.read()
+    raw = (raw or "").strip()
+    if not raw:
+        raise ValueError("no command_set provided (use --commands-json or stdin)")
+
+    parsed = json.loads(raw)
+
+    # Accept either a top-level list, or {"command_set": [...]} / {"commands": [...]}.
+    if isinstance(parsed, dict):
+        parsed = parsed.get("command_set") or parsed.get("commands") or []
+
+    if not isinstance(parsed, list):
+        raise ValueError("command_set must be a JSON array")
+
+    commands: list = []
+    for item in parsed:
+        if isinstance(item, str):
+            if item:
+                commands.append(item)
+        elif isinstance(item, dict) and item.get("command"):
+            commands.append(item["command"])
+    return commands
+
+
+def cmd_derive_id(args) -> int:
+    """Derive the deterministic COMMAND_SET approval_id from its commands.
+
+    This is the orchestrator-side mirror of the intake's mint: given the
+    ``command_set`` the subagent emitted in its contract (no DB search), it
+    reproduces the EXACT ``P-...`` id the SubagentStop intake wrote as the
+    pending row, by applying the SAME mutative filter and the SAME
+    ``derive_command_set_id`` canonicalization the intake uses.
+
+    The mutative filter is shared with the intake
+    (``handoff_persister._filter_mutative_command_set``) so the CLI and the hook
+    operate on the identical post-filter command list. When fewer than 2
+    mutative commands remain, NO COMMAND_SET was minted (the singular path owns
+    it) -- the helper reports that rather than emitting a bogus id.
+
+    Exits 0 on success, 1 on error.
+    """
+    output_json = getattr(args, "json", False)
+    apply_filter = not getattr(args, "no_filter", False)
+
+    try:
+        commands = _read_command_set_input(args)
+    except Exception as exc:
+        _print_error(f"Failed to parse command_set: {exc}", args)
+        return 1
+
+    # Apply the SAME mutative filter the intake uses, so the orchestrator's
+    # derivation operates on the identical post-filter list. Skippable via
+    # --no-filter for callers that already hold the filtered list.
+    if apply_filter:
+        try:
+            from modules.agents.handoff_persister import _filter_mutative_command_set
+            filtered = _filter_mutative_command_set(
+                [{"command": c, "rationale": ""} for c in commands]
+            )
+            commands = [it["command"] for it in filtered]
+        except Exception as exc:
+            _print_error(f"Failed to apply mutative filter: {exc}", args)
+            return 1
+
+    if len(commands) < 2:
+        msg = (
+            f"Not a COMMAND_SET: {len(commands)} mutative command(s) after filter "
+            "(need >= 2). No COMMAND_SET approval was minted -- the singular path "
+            "owns this."
+        )
+        if output_json:
+            print(json.dumps({"approval_id": None, "command_count": len(commands), "reason": msg}))
+        else:
+            _print_error(msg, args)
+        return 1
+
+    try:
+        store = _import_approval_store()
+        approval_id = store.derive_command_set_id(commands)
+    except Exception as exc:
+        _print_error(f"Failed to derive id: {exc}", args)
+        return 1
+
+    if output_json:
+        print(json.dumps({"approval_id": approval_id, "command_count": len(commands)}))
+    else:
+        print(approval_id)
+    return 0
+
+
 # ---------------------------------------------------------------------------
 # Plugin registration (called by bin/gaia dispatcher)
 # ---------------------------------------------------------------------------
@@ -1531,7 +1528,7 @@ def register(subparsers) -> None:
     p = subparsers.add_parser(
         "approvals",
         help="Manage T3 pending approvals",
-        description="View, approve, reject, revert, and replay Gaia approval requests.",
+        description="View, approve, reject, and replay Gaia approval requests.",
     )
     sub = p.add_subparsers(dest="approvals_cmd", metavar="SUBCOMMAND")
     sub.required = True
@@ -1554,17 +1551,32 @@ def register(subparsers) -> None:
         help="List pending approvals from the new approvals table",
         description=(
             "Show pending T3 approvals from the DB-backed approvals table.\n\n"
-            "Use --all-sessions to see pending approvals from all sessions\n"
-            "(cross-session recovery -- local machine only)."
+            "Default (no flags): returns ALL pending approvals on this machine\n"
+            "across every session.  The DB is per-machine so all-sessions is the\n"
+            "correct default scope.  This avoids a silent-drop that occurred when\n"
+            "the command ran inside a subagent (whose $CLAUDE_SESSION_ID differs\n"
+            "from the orchestrator session_id stored on the approval row).\n\n"
+            "Use --session SESSION_ID to filter to one specific session when you\n"
+            "hold a known-good orchestrator session id.\n\n"
+            "--all-sessions is accepted for backwards compatibility but is\n"
+            "equivalent to the default behaviour."
         ),
     )
     p_pending.add_argument("--json", action="store_true", help="JSON output")
-    p_pending.add_argument("--session", metavar="SESSION_ID", help="Filter by session ID")
+    p_pending.add_argument(
+        "--session",
+        metavar="SESSION_ID",
+        help=(
+            "Filter to this exact session id.  Pass an orchestrator session id;\n"
+            "do NOT rely on $CLAUDE_SESSION_ID inside a subagent -- it holds the\n"
+            "subagent's own id, not the orchestrator's."
+        ),
+    )
     p_pending.add_argument(
         "--all-sessions",
         action="store_true",
         dest="all_sessions",
-        help="Show pending from all sessions (cross-session recovery)",
+        help="Show pending from all sessions (default; kept for backwards compatibility)",
     )
     p_pending.set_defaults(func=cmd_pending)
 
@@ -1652,33 +1664,6 @@ def register(subparsers) -> None:
     p_history.add_argument("--json", action="store_true", help="JSON output")
     p_history.set_defaults(func=cmd_history)
 
-    # revert (T3.5) -- interactive inverse-command UX
-    p_revert = sub.add_parser(
-        "revert",
-        help="Revert an approval by executing inverse commands (interactive)",
-        description=(
-            "Per D14: interactive inverse-command UX for reverting executed approvals.\n\n"
-            "Shows candidate inverse commands, prompts for selection, then executes\n"
-            "the selected inverses sequentially. Uses --yes to skip per-event prompts.\n"
-            "Use --dry-run to preview without executing."
-        ),
-    )
-    p_revert.add_argument(
-        "approval_id",
-        metavar="APPROVAL_ID",
-        help="P-{uuid4hex} of the approval to revert",
-    )
-    p_revert.add_argument("--yes", action="store_true", help="Skip confirmation prompts")
-    p_revert.add_argument("--dry-run", action="store_true", dest="dry_run", help="Preview only")
-    p_revert.add_argument(
-        "--file",
-        metavar="PATH",
-        default=None,
-        help="File of event_ids to revert (one per line) for batch mode",
-    )
-    p_revert.add_argument("--json", action="store_true", help="JSON output for results")
-    p_revert.set_defaults(func=cmd_revert)
-
     # replay (T3.5) -- re-run commands from an executed approval
     p_replay = sub.add_parser(
         "replay",
@@ -1763,6 +1748,35 @@ def register(subparsers) -> None:
     p_stats.add_argument("--json", action="store_true", help="JSON output")
     p_stats.set_defaults(func=cmd_stats)
 
+    # derive-id -- reproduce a plan-first COMMAND_SET id from its commands
+    p_derive = sub.add_parser(
+        "derive-id",
+        help="Derive the deterministic COMMAND_SET approval_id from its commands",
+        description=(
+            "Reproduce the content-derived approval_id the SubagentStop intake\n"
+            "minted for a plan-first COMMAND_SET, from the command_set in the\n"
+            "contract -- no DB search. Pass the command_set as JSON via\n"
+            "--commands-json or stdin (a list of strings, a list of\n"
+            "{command, rationale} objects, or an object with a command_set/\n"
+            "commands key). Applies the same mutative filter the intake uses."
+        ),
+    )
+    p_derive.add_argument(
+        "--commands-json",
+        dest="commands_json",
+        metavar="JSON",
+        default=None,
+        help="command_set as JSON (omit to read from stdin)",
+    )
+    p_derive.add_argument(
+        "--no-filter",
+        action="store_true",
+        dest="no_filter",
+        help="Skip the mutative filter (input is already the filtered list)",
+    )
+    p_derive.add_argument("--json", action="store_true", help="JSON output")
+    p_derive.set_defaults(func=cmd_derive_id)
+
     p.set_defaults(func=_approvals_default)
 
 
@@ -1788,13 +1802,13 @@ def _approvals_default(args) -> int:
     print("  approve APPROVAL_ID               -- cross-session approve")
     print("  revoke APPROVAL_ID                -- revoke a pending approval")
     print("  history [APPROVAL_ID] [--limit N] -- temporal history or per-approval chain")
-    print("  revert APPROVAL_ID [--dry-run]    -- interactive inverse-command revert")
     print("  replay APPROVAL_ID [--dry-run]    -- replay an executed approval")
     print("  list [--session S] [--orphans-only]  -- list (legacy + DB grants)")
     print("  reject NONCE [--all]              -- reject pending (legacy)")
     print("  reject-all [--dry-run]            -- bulk reject (legacy)")
     print("  clean [--dry-run]                 -- remove expired approvals")
     print("  stats                             -- approval system statistics")
+    print("  derive-id --commands-json JSON    -- reproduce a COMMAND_SET id (no DB)")
     print("")
     print("Run 'gaia approvals --help' for more information.")
     return 0
@@ -1850,14 +1864,6 @@ def _build_standalone_parser() -> argparse.ArgumentParser:
     p_history.add_argument("--json", action="store_true")
     p_history.set_defaults(func=cmd_history)
 
-    p_revert = subparsers.add_parser("revert", help="Revert an approval (interactive)")
-    p_revert.add_argument("approval_id", metavar="APPROVAL_ID")
-    p_revert.add_argument("--yes", action="store_true")
-    p_revert.add_argument("--dry-run", action="store_true", dest="dry_run")
-    p_revert.add_argument("--file", metavar="PATH", default=None)
-    p_revert.add_argument("--json", action="store_true")
-    p_revert.set_defaults(func=cmd_revert)
-
     p_replay = subparsers.add_parser("replay", help="Replay an executed approval")
     p_replay.add_argument("approval_id", metavar="APPROVAL_ID")
     p_replay.add_argument("--dry-run", action="store_true", dest="dry_run")
@@ -1886,6 +1892,12 @@ def _build_standalone_parser() -> argparse.ArgumentParser:
     p_stats.add_argument("--json", action="store_true")
     p_stats.set_defaults(func=cmd_stats)
 
+    p_derive = subparsers.add_parser("derive-id", help="Derive a COMMAND_SET approval_id from its commands")
+    p_derive.add_argument("--commands-json", dest="commands_json", metavar="JSON", default=None)
+    p_derive.add_argument("--no-filter", action="store_true", dest="no_filter")
+    p_derive.add_argument("--json", action="store_true")
+    p_derive.set_defaults(func=cmd_derive_id)
+
     return parser