npm - @neurcode-ai/cli - Versions diffs - 0.12.0 → 0.15.0 - Mend

@neurcode-ai/cli 0.12.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/README.md +60 -8
package/dist/api-client.d.ts +284 -0
package/dist/api-client.d.ts.map +1 -1
package/dist/api-client.js +111 -0
package/dist/api-client.js.map +1 -1
package/dist/commands/activate.d.ts +82 -0
package/dist/commands/activate.d.ts.map +1 -0
package/dist/commands/activate.js +551 -0
package/dist/commands/activate.js.map +1 -0
package/dist/commands/admission.d.ts +67 -0
package/dist/commands/admission.d.ts.map +1 -0
package/dist/commands/admission.js +350 -0
package/dist/commands/admission.js.map +1 -0
package/dist/commands/agent.d.ts +3 -0
package/dist/commands/agent.d.ts.map +1 -0
package/dist/commands/agent.js +2045 -0
package/dist/commands/agent.js.map +1 -0
package/dist/commands/demo.d.ts +3 -0
package/dist/commands/demo.d.ts.map +1 -0
package/dist/commands/demo.js +102 -0
package/dist/commands/demo.js.map +1 -0
package/dist/commands/governance.d.ts.map +1 -1
package/dist/commands/governance.js +12 -0
package/dist/commands/governance.js.map +1 -1
package/dist/commands/home.d.ts +21 -0
package/dist/commands/home.d.ts.map +1 -0
package/dist/commands/home.js +253 -0
package/dist/commands/home.js.map +1 -0
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +58 -44
package/dist/commands/init.js.map +1 -1
package/dist/commands/login.d.ts +1 -1
package/dist/commands/login.d.ts.map +1 -1
package/dist/commands/login.js +44 -22
package/dist/commands/login.js.map +1 -1
package/dist/commands/profile.d.ts +14 -0
package/dist/commands/profile.d.ts.map +1 -0
package/dist/commands/profile.js +118 -0
package/dist/commands/profile.js.map +1 -0
package/dist/commands/quickstart.d.ts +2 -2
package/dist/commands/quickstart.d.ts.map +1 -1
package/dist/commands/quickstart.js +33 -30
package/dist/commands/quickstart.js.map +1 -1
package/dist/commands/remediate-export.d.ts +6 -1
package/dist/commands/remediate-export.d.ts.map +1 -1
package/dist/commands/remediate-export.js +375 -8
package/dist/commands/remediate-export.js.map +1 -1
package/dist/commands/replay.d.ts.map +1 -1
package/dist/commands/replay.js +84 -0
package/dist/commands/replay.js.map +1 -1
package/dist/commands/run.d.ts +3 -0
package/dist/commands/run.d.ts.map +1 -0
package/dist/commands/run.js +98 -0
package/dist/commands/run.js.map +1 -0
package/dist/commands/runtime-adapter.d.ts +8 -0
package/dist/commands/runtime-adapter.d.ts.map +1 -0
package/dist/commands/runtime-adapter.js +375 -0
package/dist/commands/runtime-adapter.js.map +1 -0
package/dist/commands/runtime-doctor.d.ts +6 -0
package/dist/commands/runtime-doctor.d.ts.map +1 -0
package/dist/commands/runtime-doctor.js +478 -0
package/dist/commands/runtime-doctor.js.map +1 -0
package/dist/commands/runtime-report.d.ts +13 -0
package/dist/commands/runtime-report.d.ts.map +1 -0
package/dist/commands/runtime-report.js +81 -0
package/dist/commands/runtime-report.js.map +1 -0
package/dist/commands/runtime-sync.d.ts +17 -0
package/dist/commands/runtime-sync.d.ts.map +1 -0
package/dist/commands/runtime-sync.js +656 -0
package/dist/commands/runtime-sync.js.map +1 -0
package/dist/commands/runtime.d.ts +16 -0
package/dist/commands/runtime.d.ts.map +1 -0
package/dist/commands/runtime.js +380 -0
package/dist/commands/runtime.js.map +1 -0
package/dist/commands/session-hook.d.ts +35 -0
package/dist/commands/session-hook.d.ts.map +1 -0
package/dist/commands/session-hook.js +1297 -0
package/dist/commands/session-hook.js.map +1 -0
package/dist/commands/session.d.ts +91 -0
package/dist/commands/session.d.ts.map +1 -1
package/dist/commands/session.js +1226 -0
package/dist/commands/session.js.map +1 -1
package/dist/commands/verify-output.d.ts.map +1 -1
package/dist/commands/verify-output.js +22 -0
package/dist/commands/verify-output.js.map +1 -1
package/dist/commands/verify.d.ts.map +1 -1
package/dist/commands/verify.js +21 -3
package/dist/commands/verify.js.map +1 -1
package/dist/commands/whoami.d.ts +7 -4
package/dist/commands/whoami.d.ts.map +1 -1
package/dist/commands/whoami.js +59 -34
package/dist/commands/whoami.js.map +1 -1
package/dist/config.d.ts.map +1 -1
package/dist/config.js +24 -5
package/dist/config.js.map +1 -1
package/dist/daemon/routes.d.ts.map +1 -1
package/dist/daemon/routes.js +8 -0
package/dist/daemon/routes.js.map +1 -1
package/dist/daemon/server.d.ts.map +1 -1
package/dist/daemon/server.js +88 -0
package/dist/daemon/server.js.map +1 -1
package/dist/governance/canonical-pipeline.d.ts.map +1 -1
package/dist/governance/canonical-pipeline.js +29 -3
package/dist/governance/canonical-pipeline.js.map +1 -1
package/dist/governance/impact-analysis.d.ts +27 -0
package/dist/governance/impact-analysis.d.ts.map +1 -0
package/dist/governance/impact-analysis.js +274 -0
package/dist/governance/impact-analysis.js.map +1 -0
package/dist/index.js +484 -29
package/dist/index.js.map +1 -1
package/dist/intent-engine/matcher.d.ts.map +1 -1
package/dist/intent-engine/matcher.js +3 -12
package/dist/intent-engine/matcher.js.map +1 -1
package/dist/utils/admission-artifact.d.ts +59 -0
package/dist/utils/admission-artifact.d.ts.map +1 -0
package/dist/utils/admission-artifact.js +410 -0
package/dist/utils/admission-artifact.js.map +1 -0
package/dist/utils/agent-adapter-setup.d.ts +80 -0
package/dist/utils/agent-adapter-setup.d.ts.map +1 -0
package/dist/utils/agent-adapter-setup.js +577 -0
package/dist/utils/agent-adapter-setup.js.map +1 -0
package/dist/utils/agent-guard-supervisor.d.ts +75 -0
package/dist/utils/agent-guard-supervisor.d.ts.map +1 -0
package/dist/utils/agent-guard-supervisor.js +388 -0
package/dist/utils/agent-guard-supervisor.js.map +1 -0
package/dist/utils/agent-guard.d.ts +92 -0
package/dist/utils/agent-guard.d.ts.map +1 -0
package/dist/utils/agent-guard.js +326 -0
package/dist/utils/agent-guard.js.map +1 -0
package/dist/utils/agent-session-launcher.d.ts +89 -0
package/dist/utils/agent-session-launcher.d.ts.map +1 -0
package/dist/utils/agent-session-launcher.js +308 -0
package/dist/utils/agent-session-launcher.js.map +1 -0
package/dist/utils/bash-command-analysis.d.ts +19 -0
package/dist/utils/bash-command-analysis.d.ts.map +1 -0
package/dist/utils/bash-command-analysis.js +295 -0
package/dist/utils/bash-command-analysis.js.map +1 -0
package/dist/utils/consequence-nudges.d.ts +30 -0
package/dist/utils/consequence-nudges.d.ts.map +1 -0
package/dist/utils/consequence-nudges.js +313 -0
package/dist/utils/consequence-nudges.js.map +1 -0
package/dist/utils/drift-intelligence.d.ts.map +1 -1
package/dist/utils/drift-intelligence.js +29 -7
package/dist/utils/drift-intelligence.js.map +1 -1
package/dist/utils/git-coverage.d.ts +57 -0
package/dist/utils/git-coverage.d.ts.map +1 -0
package/dist/utils/git-coverage.js +302 -0
package/dist/utils/git-coverage.js.map +1 -0
package/dist/utils/gitignore.d.ts.map +1 -1
package/dist/utils/gitignore.js +2 -1
package/dist/utils/gitignore.js.map +1 -1
package/dist/utils/governed-intent.d.ts +10 -0
package/dist/utils/governed-intent.d.ts.map +1 -0
package/dist/utils/governed-intent.js +108 -0
package/dist/utils/governed-intent.js.map +1 -0
package/dist/utils/hook-heartbeat.d.ts +55 -0
package/dist/utils/hook-heartbeat.d.ts.map +1 -0
package/dist/utils/hook-heartbeat.js +116 -0
package/dist/utils/hook-heartbeat.js.map +1 -0
package/dist/utils/intent-continuity.d.ts +21 -0
package/dist/utils/intent-continuity.d.ts.map +1 -0
package/dist/utils/intent-continuity.js +192 -0
package/dist/utils/intent-continuity.js.map +1 -0
package/dist/utils/messages.d.ts +1 -1
package/dist/utils/messages.d.ts.map +1 -1
package/dist/utils/messages.js +35 -23
package/dist/utils/messages.js.map +1 -1
package/dist/utils/runtime-companion.d.ts +137 -0
package/dist/utils/runtime-companion.d.ts.map +1 -0
package/dist/utils/runtime-companion.js +231 -0
package/dist/utils/runtime-companion.js.map +1 -0
package/dist/utils/runtime-connection.d.ts +46 -0
package/dist/utils/runtime-connection.d.ts.map +1 -0
package/dist/utils/runtime-connection.js +148 -0
package/dist/utils/runtime-connection.js.map +1 -0
package/dist/utils/runtime-evidence.d.ts +68 -0
package/dist/utils/runtime-evidence.d.ts.map +1 -0
package/dist/utils/runtime-evidence.js +248 -0
package/dist/utils/runtime-evidence.js.map +1 -0
package/dist/utils/runtime-live.d.ts +33 -0
package/dist/utils/runtime-live.d.ts.map +1 -0
package/dist/utils/runtime-live.js +361 -0
package/dist/utils/runtime-live.js.map +1 -0
package/dist/utils/runtime-outbox.d.ts +76 -0
package/dist/utils/runtime-outbox.d.ts.map +1 -0
package/dist/utils/runtime-outbox.js +410 -0
package/dist/utils/runtime-outbox.js.map +1 -0
package/dist/utils/runtime-receipt.d.ts +50 -0
package/dist/utils/runtime-receipt.d.ts.map +1 -0
package/dist/utils/runtime-receipt.js +223 -0
package/dist/utils/runtime-receipt.js.map +1 -0
package/dist/utils/runtime-state.d.ts +44 -0
package/dist/utils/runtime-state.d.ts.map +1 -0
package/dist/utils/runtime-state.js +151 -0
package/dist/utils/runtime-state.js.map +1 -0
package/dist/utils/state.d.ts +21 -0
package/dist/utils/state.d.ts.map +1 -1
package/dist/utils/state.js +30 -0
package/dist/utils/state.js.map +1 -1
package/dist/utils/structural-understanding.d.ts +334 -0
package/dist/utils/structural-understanding.d.ts.map +1 -0
package/dist/utils/structural-understanding.js +2316 -0
package/dist/utils/structural-understanding.js.map +1 -0
package/dist/utils/v0-governance.d.ts +197 -0
package/dist/utils/v0-governance.d.ts.map +1 -0
package/dist/utils/v0-governance.js +904 -0
package/dist/utils/v0-governance.js.map +1 -0
package/package.json +6 -6
package/dist/utils/box.d.ts +0 -16
package/dist/utils/box.d.ts.map +0 -1
package/dist/utils/box.js +0 -85
package/dist/utils/box.js.map +0 -1

package/dist/index.js CHANGED Viewed

@@ -54,6 +54,7 @@ const feedback_1 = require("./commands/feedback");
 const guard_1 = require("./commands/guard");
 const bootstrap_1 = require("./commands/bootstrap");
 const quickstart_1 = require("./commands/quickstart");
+const home_1 = require("./commands/home");
 const bootstrap_policy_1 = require("./commands/bootstrap-policy");
 const messages_1 = require("./utils/messages");
 const config_2 = require("./config");
@@ -65,6 +66,18 @@ const control_plane_1 = require("./commands/control-plane");
 const workspace_1 = require("./commands/workspace");
 const replay_1 = require("./commands/replay");
 const governance_1 = require("./commands/governance");
+const profile_1 = require("./commands/profile");
+const session_hook_1 = require("./commands/session-hook");
+const runtime_adapter_1 = require("./commands/runtime-adapter");
+const agent_1 = require("./commands/agent");
+const activate_1 = require("./commands/activate");
+const run_1 = require("./commands/run");
+const runtime_doctor_1 = require("./commands/runtime-doctor");
+const runtime_report_1 = require("./commands/runtime-report");
+const runtime_sync_1 = require("./commands/runtime-sync");
+const runtime_1 = require("./commands/runtime");
+const admission_1 = require("./commands/admission");
+const demo_1 = require("./commands/demo");
 const execution_bus_1 = require("./utils/execution-bus");
 const execution_actions_1 = require("./utils/execution-actions");
 // Read version from package.json
@@ -80,31 +93,71 @@ catch (error) {
 const program = new commander_1.Command();
 const CORE_WORKFLOW_STEPS = [
     {
-        command: 'neurcode start "<intent>"',
-        description: 'Declare governance context and bounded implementation scope',
+        command: 'neurcode agent start codex --goal "<task>"',
+        description: 'Start a governed session for non-Claude agents using the universal runtime handshake',
     },
     {
-        command: 'neurcode verify --evidence',
-        description: 'Verify the current diff against intent, policy, and change contracts',
+        command: 'neurcode run claude --goal "<task>"',
+        description: 'Start a governed AI coding session and print the agent runtime handshake',
     },
     {
-        command: 'neurcode replay --json',
-        description: 'Inspect deterministic replay and provenance receipts from the last run',
+        command: 'neurcode activate claude --connect <token>',
+        description: 'Install Claude Code governance hooks, pair the repo, and enable runtime evidence auto-sync',
+    },
+    {
+        command: 'neurcode status',
+        description: 'Inspect the active in-flow governance session and latest boundary block',
+    },
+    {
+        command: 'neurcode runtime cloud-status',
+        description: 'Read dashboard-visible live session, approval, transport, and ingestion state',
     },
     {
-        command: 'neurcode remediate-export --finding-index 0',
-        description: 'Export bounded remediation context for an external remediation tool',
+        command: 'neurcode report --runtime',
+        description: 'Summarize blocked edits, approvals, owners, and replay records across sessions',
     },
     {
-        command: 'neurcode verify --ci',
-        description: 'Re-verify in CI with deterministic receipts and governance artifacts',
+        command: 'neurcode sync --runtime',
+        description: 'Manual fallback upload for finished in-flow session records',
+    },
+    {
+        command: 'neurcode admission export',
+        description: 'Export the latest source-free runtime admission record for the GitHub Action',
+    },
+    {
+        command: 'neurcode demo rehearse',
+        description: 'Print the canonical production demo rehearsal protocol',
+    },
+    {
+        command: 'neurcode login',
+        description: 'Connect this machine/runtime to Neurcode with browser approval',
+    },
+    {
+        command: 'neurcode init',
+        description: 'Bind this repository to a personal or organization workspace',
+    },
+    {
+        command: 'neurcode start "<intent>"',
+        description: 'Declare governance context for a bounded implementation scope',
+    },
+    {
+        command: 'neurcode replay --json',
+        description: 'Inspect deterministic replay and source-free runtime receipts',
     },
 ];
 const CANONICAL_OPERATOR_COMMAND_NAMES = new Set([
+    'activate',
+    'agent',
+    'run',
+    'status',
+    'runtime',
+    'sessions',
+    'report',
+    'sync',
+    'admission',
+    'demo',
     'start',
     'quickstart',
-    'verify',
-    'remediate-export',
     'replay',
 ]);
 const ENTERPRISE_OPERATIONS_COMMAND_NAMES = new Set([
@@ -199,12 +252,12 @@ function buildAdvancedLegacyHints(root) {
     return fallbackCommands.map((commandName) => `neurcode ${commandName}`);
 }
 function configurePrimaryHelpView(root) {
-    const primaryOrder = ['start', 'quickstart', 'verify', 'remediate-export', 'replay'];
+    const primaryOrder = ['activate', 'agent', 'run', 'status', 'runtime', 'sessions', 'report', 'sync', 'admission', 'demo', 'login', 'init', 'start', 'quickstart', 'replay'];
     root.configureHelp({
         visibleCommands: (command) => {
             const filtered = command.commands.filter((subcommand) => {
                 const commandName = subcommand.name();
-                return commandName === 'help' || CANONICAL_OPERATOR_COMMAND_NAMES.has(commandName);
+                return commandName === 'help' || commandName === 'login' || commandName === 'init' || CANONICAL_OPERATOR_COMMAND_NAMES.has(commandName);
             });
             return filtered.sort((left, right) => {
                 const leftIndex = primaryOrder.indexOf(left.name());
@@ -217,11 +270,21 @@ function configurePrimaryHelpView(root) {
     });
 }
 function printCoreWorkflowGuide() {
-    console.log(chalk.bold.cyan('\n🛡️  Neurcode Governance Workflow\n'));
-    console.log(chalk.bold.white('Canonical Workflow:'));
+    // Operational lifecycle guide. Same aesthetic as the welcome banner and
+    // neurcode home - subtle sophistication, no emoji ornaments, info dense.
+    // The lifecycle bar mirrors what the welcome banner shows so identity is
+    // coherent across surfaces. (See docs/ux/final-operational-experience-report.md.)
+    console.log('');
+    console.log(`${chalk.bold('neurcode')}${chalk.dim('  ·  operational lifecycle')}`);
+    console.log('');
+    console.log(chalk.dim('  connect repo  ->  activate agent  ->  govern session  ->  approve exact path  ->  export evidence'));
+    console.log('');
+    console.log(`  ${chalk.bold('Canonical commands')}`);
     CORE_WORKFLOW_STEPS.forEach((step) => console.log(chalk.dim(formatCoreWorkflowStep(step))));
     console.log('');
-    console.log(chalk.dim('Run `neurcode --help` to see enterprise, runtime-engineering, and compatibility commands.\n'));
+    console.log(chalk.dim('  See ') + chalk.cyan('neurcode home') + chalk.dim(' for current runtime state. ') +
+        chalk.dim('Run ') + chalk.cyan('neurcode whoami') + chalk.dim(' to inspect user/workspace/repo identity.'));
+    console.log('');
 }
 function formatCommandList(commandNames) {
     return commandNames.length > 0
@@ -374,9 +437,46 @@ program
 (0, brain_1.brainCommand)(program);
 (0, policy_1.policyCommand)(program);
 (0, governance_1.governanceCommand)(program);
+// V0: in-flow governance
+(0, profile_1.profileCommand)(program);
+(0, session_hook_1.sessionHookCommand)(program);
+(0, runtime_adapter_1.runtimeAdapterCommand)(program);
+(0, agent_1.agentCommand)(program);
+(0, activate_1.activateCommand)(program);
+(0, run_1.runCommand)(program);
+(0, runtime_report_1.reportCommand)(program);
+(0, runtime_sync_1.syncCommand)(program);
+(0, runtime_1.runtimeCommand)(program);
+(0, admission_1.admissionCommand)(program);
+(0, demo_1.demoCommand)(program);
+program
+    .command('status')
+    .description('Show the active in-flow governance session for this repository')
+    .option('--session-id <id>', 'Local governance session ID (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.localGovernanceStatusCommand)({
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+program
+    .command('sessions')
+    .description('List local in-flow governance sessions for this repository')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.listRuntimeSessionsCommand)({
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
 (0, control_plane_1.controlPlaneCommand)(program);
 (0, workspace_1.workspaceCommand)(program);
 (0, replay_1.replayCommand)(program);
+(0, home_1.homeCommand)(program);
 // Top-level discoverability alias for `neurcode replay timeline`. Reviewers
 // asking "what changed and when?" should not need to know the subcommand
 // hierarchy. Same canonical artifact source, same deterministic output.
@@ -449,16 +549,16 @@ program
 });
 program
     .command('login')
-    .description('Authenticate CLI with Neurcode (opens browser for approval)')
-    .option('--org <id>', 'Authenticate for a specific organization (internal UUID)')
+    .description('Connect this machine/runtime to a Neurcode workspace')
+    .option('--org <id>', 'Connect to a specific workspace/organization (internal UUID)')
     .action((options) => {
     (0, login_1.loginCommand)({ orgId: options.org });
 });
 program
     .command('logout')
-    .description('Log out from Neurcode CLI (removes API key)')
-    .option('--all', 'Remove all saved API keys (all organizations)')
-    .option('--org <id>', 'Remove saved API key for a specific organization (internal UUID)')
+    .description('Disconnect Neurcode runtime credentials from this machine')
+    .option('--all', 'Remove all saved runtime credentials (all workspaces)')
+    .option('--org <id>', 'Remove saved runtime credential for a specific workspace/organization')
     .action((options) => {
     (0, logout_1.logoutCommand)({
         all: options.all || false,
@@ -467,8 +567,8 @@ program
 });
 program
     .command('init')
-    .description('Initialize project configuration (select a project)')
-    .option('--org <id>', 'Preselect organization by internal UUID')
+    .description('Bind this repository to a workspace governance boundary')
+    .option('--org <id>', 'Preselect workspace/organization by internal UUID')
     .option('--project-id <id>', 'Link an existing project by internal UUID (non-interactive)')
     .option('--create <name>', 'Create and link a new project (non-interactive)')
     .action((options) => {
@@ -481,8 +581,17 @@ program
 program
     .command('doctor')
     .description('Enterprise readiness diagnostics (config, artifacts, API compatibility, CORS)')
+    .option('--runtime', 'Run local in-flow runtime diagnostics for Claude Code governance')
+    .option('--dir <path>', 'Repository root for --runtime diagnostics')
     .option('--json', 'Output machine-readable diagnostics JSON')
     .action((options) => {
+    if (options.runtime === true) {
+        (0, runtime_doctor_1.runtimeDoctorCommand)({
+            json: options.json === true,
+            dir: options.dir,
+        });
+        return;
+    }
     (0, doctor_1.doctorCommand)({
         json: options.json,
         cliVersion: version,
@@ -490,7 +599,7 @@ program
 });
 program
     .command('quickstart')
-    .description('Guided onboarding — first deterministic finding in under 2 minutes (no network required)')
+    .description('Local-only governance sandbox for first deterministic finding')
     .option('--force', 'Overwrite existing starter files')
     .option('--json', 'Output machine-readable JSON')
     .action(async (options) => {
@@ -554,7 +663,7 @@ program
 });
 program
     .command('whoami')
-    .description('Show current identity and project scope')
+    .description('Show user, workspace, repo ownership, session, and governance boundary')
     .action(() => {
     (0, whoami_1.whoamiCommand)();
 });
@@ -832,10 +941,68 @@ sessionCmd
     .description('List all sessions for the current project')
     .option('--project-id <id>', 'Project ID')
     .option('--all', 'Show all sessions (including completed)')
+    .option('--local', 'List local in-flow governance sessions from .neurcode/sessions')
+    .option('--dir <path>', 'Repository root for --local')
+    .option('--json', 'Output machine-readable JSON for --local')
     .action((options) => {
     (0, session_1.listSessionsCommand)({
         projectId: options.projectId,
         all: options.all || false,
+        local: options.local === true,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('show')
+    .description('Show one local in-flow governance session record')
+    .argument('<session-id>', 'Local governance session ID')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((sessionId, options) => {
+    (0, session_1.showRuntimeSessionCommand)(sessionId, {
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('record')
+    .description('Build the source-free AI Change Record for a governed coding session')
+    .option('--session-id <id>', 'Local governance session ID (default: active, then latest)')
+    .option('--latest', 'Use the latest local session even if another session is active')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.aiChangeRecordCommand)({
+        sessionId: options.sessionId,
+        latest: options.latest === true,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('understanding')
+    .description('Build local TypeScript structural understanding for the active governed change')
+    .option('--session-id <id>', 'Local governance session ID (default: active, then latest)')
+    .option('--latest', 'Use the latest local session even if another session is active')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--staged', 'Analyze staged changes only')
+    .option('--head', 'Analyze working tree against HEAD (default)')
+    .option('--base <ref>', 'Analyze working tree against a specific git ref')
+    .option('--max-program-files <n>', 'Maximum TypeScript/JavaScript files to analyze', (value) => Number.parseInt(value, 10))
+    .option('--time-budget-ms <n>', 'Static analysis time budget in milliseconds', (value) => Number.parseInt(value, 10))
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.structuralUnderstandingCommand)({
+        sessionId: options.sessionId,
+        latest: options.latest === true,
+        dir: options.dir,
+        staged: options.staged === true,
+        head: options.head === true,
+        base: options.base,
+        maxProgramFiles: Number.isFinite(options.maxProgramFiles) ? options.maxProgramFiles : undefined,
+        timeBudgetMs: Number.isFinite(options.timeBudgetMs) ? options.timeBudgetMs : undefined,
+        json: options.json === true,
     });
 });
 sessionCmd
@@ -854,10 +1021,262 @@ sessionCmd
     .description('Show status of the current session or a specific session')
     .option('--session-id <id>', 'Session ID to check (defaults to current session)')
     .option('--project-id <id>', 'Project ID')
+    .option('--local', 'Force local in-flow governance session status')
+    .option('--dir <path>', 'Repository root for local in-flow session status')
+    .option('--json', 'Output machine-readable JSON')
     .action((options) => {
     (0, session_1.sessionStatusCommand)({
         sessionId: options.sessionId,
         projectId: options.projectId,
+        local: options.local === true,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('export-admission [sessionId]')
+    .description('Export a source-free runtime admission record into .neurcode-admission/')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--receipt <path>', 'Attach source-free backend receipt summary from a receipt/control-plane JSON file')
+    .option('--explain', 'Explain what the record contains, excludes, and how the GitHub Action consumes it')
+    .option('--json', 'Output machine-readable JSON')
+    .action((sessionId, options) => {
+    try {
+        const summary = (0, admission_1.exportAdmissionRecordForCli)({
+            dir: options.dir,
+            sessionId,
+            receiptPath: options.receipt,
+            explain: options.explain === true,
+            json: options.json === true,
+        });
+        if (options.json) {
+            console.log(JSON.stringify(summary, null, 2));
+            return;
+        }
+        console.log('Admission record exported');
+        console.log(`  Session:     ${summary.sessionId}`);
+        console.log(`  PR artifact: ${summary.publicRelativePath}`);
+        console.log(`  Trust:       ${summary.trustLevel}`);
+        if (summary.receipt.present) {
+            console.log(`  Receipt:     ${summary.receipt.receiptId || 'attached'} (${summary.receipt.verificationStatus || 'unknown'})`);
+        }
+        console.log(`  Note:        ${summary.trustLevel === 'backend_signed' ? 'backend-signed metadata is attached; verify the receipt before treating it as enterprise evidence.' : 'self-attested local records are claims, not cryptographic proof.'}`);
+        if (options.explain) {
+            console.log('');
+            console.log('What it contains:');
+            for (const item of summary.contains)
+                console.log(`  - ${item}`);
+            console.log('');
+            console.log('What it intentionally excludes:');
+            for (const item of summary.excludes)
+                console.log(`  - ${item}`);
+            console.log('');
+            console.log('How the GitHub Action consumes it:');
+            for (const item of summary.actionConsumption)
+                console.log(`  - ${item}`);
+        }
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (options.json) {
+            console.log(JSON.stringify({ ok: false, error: message }, null, 2));
+        }
+        else {
+            console.error(`Admission export failed: ${message}`);
+        }
+        process.exitCode = 1;
+    }
+});
+sessionCmd
+    .command('approve')
+    .description('Approve a file path or glob for the active in-flow governance session')
+    .requiredOption('--path <path>', 'File path or glob to approve')
+    .option('--reason <text>', 'Human-readable approval reason')
+    .option('--session-id <id>', 'Session ID to approve against (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.approveGovernanceSessionCommand)({
+        path: options.path,
+        reason: options.reason,
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('reset-stale')
+    .description('Finish and clear an abandoned active in-flow governance session')
+    .option('--max-age-minutes <n>', 'Only reset sessions idle at least this many minutes (default: 120)', (value) => Number.parseFloat(value))
+    .option('--force', 'Reset even if the session is fresh or waiting on approval')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.resetStaleGovernanceSessionCommand)({
+        maxAgeMinutes: Number.isFinite(options.maxAgeMinutes) ? options.maxAgeMinutes : undefined,
+        force: options.force === true,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('obligations')
+    .description('Show live source-free architecture obligations for the active in-flow session')
+    .option('--session-id <id>', 'Session ID to inspect (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.showGovernanceObligationsCommand)({
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('waive-obligation')
+    .description('Waive one pending architecture obligation for the active in-flow session')
+    .requiredOption('--id <obligation-id>', 'Architecture obligation ID to waive')
+    .requiredOption('--reason <text>', 'Human-readable waiver reason')
+    .option('--session-id <id>', 'Session ID to update (default: active session)')
+    .option('--expires-at <iso>', 'Absolute waiver expiry timestamp')
+    .option('--ttl-minutes <n>', 'Waiver TTL in minutes (default: 60)', (value) => Number.parseFloat(value))
+    .option('--waived-by <identity>', 'Human identity recording the waiver')
+    .option('--source <source>', 'Waiver source: local_cli | dashboard | mcp | unknown', 'local_cli')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.waiveGovernanceObligationCommand)({
+        obligationId: options.id,
+        reason: options.reason,
+        sessionId: options.sessionId,
+        expiresAt: options.expiresAt,
+        ttlMinutes: Number.isFinite(options.ttlMinutes) ? options.ttlMinutes : undefined,
+        waivedBy: options.waivedBy,
+        waiverSource: ['local_cli', 'dashboard', 'mcp', 'unknown'].includes(options.source) ? options.source : 'local_cli',
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+function collectOption(value, previous = []) {
+    return [...previous, value];
+}
+sessionCmd
+    .command('replan')
+    .description('Amend or replace the active in-flow agent plan')
+    .option('--plan <text>', 'Full replacement plan text')
+    .option('--plan-file <path>', 'Read replacement plan text from a file')
+    .option('--summary <text>', 'Replace the active plan summary')
+    .option('--add-step <text>', 'Add a plan step', collectOption, [])
+    .option('--remove-step <text>', 'Remove a plan step by exact text', collectOption, [])
+    .option('--add-file <path>', 'Add an expected file to the active plan', collectOption, [])
+    .option('--remove-file <path>', 'Remove an expected file from the active plan', collectOption, [])
+    .option('--add-glob <glob>', 'Add an expected glob to the active plan', collectOption, [])
+    .option('--remove-glob <glob>', 'Remove an expected glob from the active plan', collectOption, [])
+    .option('--add-constraint <text>', 'Add a stated plan constraint', collectOption, [])
+    .option('--remove-constraint <text>', 'Remove a stated plan constraint by exact text', collectOption, [])
+    .option('--add-risk <text>', 'Add a stated plan risk/caveat', collectOption, [])
+    .option('--remove-risk <text>', 'Remove a stated plan risk/caveat by exact text', collectOption, [])
+    .option('--reason <text>', 'Why the plan changed')
+    .option('--proposed-by <actor>', 'Proposal actor: human | agent', 'human')
+    .option('--decided-by <identity>', 'Human identity when a human-authored re-plan is applied')
+    .option('--session-id <id>', 'Session ID to update (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.replanGovernanceSessionCommand)({
+        plan: options.plan,
+        planFile: options.planFile,
+        summary: options.summary,
+        addStep: options.addStep,
+        removeStep: options.removeStep,
+        addFile: options.addFile,
+        removeFile: options.removeFile,
+        addGlob: options.addGlob,
+        removeGlob: options.removeGlob,
+        addConstraint: options.addConstraint,
+        removeConstraint: options.removeConstraint,
+        addRisk: options.addRisk,
+        removeRisk: options.removeRisk,
+        reason: options.reason,
+        proposedBy: options.proposedBy === 'agent' ? 'agent' : 'human',
+        decidedBy: options.decidedBy,
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+// `amend-plan` is the human-facing alias of `replan`, matching the documented
+// `neurcode session amend-plan --summary "..." --reason "..." --scope "<glob>"`.
+// It shares the same revisioning engine; `--scope` is sugar for `--add-glob`.
+sessionCmd
+    .command('amend-plan')
+    .description('Amend the active in-flow agent plan (alias of replan; supports --scope)')
+    .option('--plan <text>', 'Full replacement plan text')
+    .option('--plan-file <path>', 'Read replacement plan text from a file')
+    .option('--summary <text>', 'Replace the active plan summary')
+    .option('--scope <glob>', 'Add an expected scope glob to the active plan', collectOption, [])
+    .option('--add-step <text>', 'Add a plan step', collectOption, [])
+    .option('--remove-step <text>', 'Remove a plan step by exact text', collectOption, [])
+    .option('--add-file <path>', 'Add an expected file to the active plan', collectOption, [])
+    .option('--remove-file <path>', 'Remove an expected file from the active plan', collectOption, [])
+    .option('--add-glob <glob>', 'Add an expected glob to the active plan', collectOption, [])
+    .option('--remove-glob <glob>', 'Remove an expected glob from the active plan', collectOption, [])
+    .option('--add-constraint <text>', 'Add a stated plan constraint', collectOption, [])
+    .option('--remove-constraint <text>', 'Remove a stated plan constraint by exact text', collectOption, [])
+    .option('--add-risk <text>', 'Add a stated plan risk/caveat', collectOption, [])
+    .option('--remove-risk <text>', 'Remove a stated plan risk/caveat by exact text', collectOption, [])
+    .option('--reason <text>', 'Why the plan changed')
+    .option('--proposed-by <actor>', 'Proposal actor: human | agent', 'human')
+    .option('--decided-by <identity>', 'Human identity when a human-authored re-plan is applied')
+    .option('--session-id <id>', 'Session ID to update (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.replanGovernanceSessionCommand)({
+        plan: options.plan,
+        planFile: options.planFile,
+        summary: options.summary,
+        scope: options.scope,
+        addStep: options.addStep,
+        removeStep: options.removeStep,
+        addFile: options.addFile,
+        removeFile: options.removeFile,
+        addGlob: options.addGlob,
+        removeGlob: options.removeGlob,
+        addConstraint: options.addConstraint,
+        removeConstraint: options.removeConstraint,
+        addRisk: options.addRisk,
+        removeRisk: options.removeRisk,
+        reason: options.reason,
+        proposedBy: options.proposedBy === 'agent' ? 'agent' : 'human',
+        decidedBy: options.decidedBy,
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('replan-decide')
+    .description('Accept or reject a pending agent-authored plan amendment')
+    .requiredOption('--proposal-id <id>', 'Pending plan amendment proposal ID')
+    .requiredOption('--decision <decision>', 'Decision: accept | reject')
+    .option('--reason <text>', 'Human-readable decision reason')
+    .option('--decided-by <identity>', 'Human identity recording the decision')
+    .option('--session-id <id>', 'Session ID to update (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    if (options.decision !== 'accept' && options.decision !== 'reject') {
+        throw new Error('decision must be accept or reject');
+    }
+    await (0, session_1.decideGovernanceReplanCommand)({
+        proposalId: options.proposalId,
+        decision: options.decision,
+        reason: options.reason,
+        decidedBy: options.decidedBy,
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
     });
 });
 sessionCmd
@@ -970,9 +1389,42 @@ program
     .option('--finding-id <id>', 'Alias for --finding (backward compatible)')
     .option('--finding-index <n>', 'Export payload for finding at 0-based index')
     .option('--all', 'Export payloads for all findings from last verify')
-    .option('--format <fmt>', 'Output format: json | mcp (default: json)', 'json')
+    .option('--format <fmt>', 'Output format: json | mcp | prompt | markdown (default: json)', 'json')
+    .option('--provider <provider>', 'Provider handoff: claude | codex | cursor | gemini')
+    .option('--out <path>', 'Write output to file instead of stdout')
+    .option('--copy', 'Copy output to clipboard (macOS pbcopy)')
+    .option('--open', 'Open provider workflow when a documented local deep link is available')
+    .option('--verify-output-file <path>', 'Path to verify JSON output (default: .neurcode/last-verify-output.json)')
+    .option('--project-root <path>', 'Project root override')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    const finding = options.finding ?? options.findingId;
+    await (0, remediate_export_1.remediateExportCommand)({
+        finding,
+        findingIndex: options.findingIndex,
+        all: options.all === true,
+        format: ['json', 'mcp', 'prompt', 'markdown'].includes(options.format) ? options.format : 'json',
+        provider: ['claude', 'codex', 'cursor', 'gemini'].includes(options.provider) ? options.provider : undefined,
+        out: options.out,
+        copy: options.copy === true,
+        open: options.open === true,
+        json: options.json === true,
+        verifyOutputFile: options.verifyOutputFile,
+        projectRoot: options.projectRoot,
+    });
+});
+program
+    .command('remediation-export')
+    .description('Alias for remediate-export.')
+    .option('--finding <id>', 'Export payload for a specific finding ID')
+    .option('--finding-id <id>', 'Alias for --finding (backward compatible)')
+    .option('--finding-index <n>', 'Export payload for finding at 0-based index')
+    .option('--all', 'Export payloads for all findings from last verify')
+    .option('--format <fmt>', 'Output format: json | mcp | prompt | markdown (default: json)', 'json')
+    .option('--provider <provider>', 'Provider handoff: claude | codex | cursor | gemini')
     .option('--out <path>', 'Write output to file instead of stdout')
     .option('--copy', 'Copy output to clipboard (macOS pbcopy)')
+    .option('--open', 'Open provider workflow when a documented local deep link is available')
     .option('--verify-output-file <path>', 'Path to verify JSON output (default: .neurcode/last-verify-output.json)')
     .option('--project-root <path>', 'Project root override')
     .option('--json', 'Output machine-readable JSON')
@@ -982,9 +1434,11 @@ program
         finding,
         findingIndex: options.findingIndex,
         all: options.all === true,
-        format: options.format === 'mcp' ? 'mcp' : 'json',
+        format: ['json', 'mcp', 'prompt', 'markdown'].includes(options.format) ? options.format : 'json',
+        provider: ['claude', 'codex', 'cursor', 'gemini'].includes(options.provider) ? options.provider : undefined,
         out: options.out,
         copy: options.copy === true,
+        open: options.open === true,
         json: options.json === true,
         verifyOutputFile: options.verifyOutputFile,
         projectRoot: options.projectRoot,
@@ -1395,7 +1849,8 @@ program
     });
     if (options.json === true) {
         console.log(JSON.stringify(run.execution, null, 2));
-        process.exit(run.execution.result?.success === true ? 0 : 1);
+        process.exitCode = run.execution.result?.success === true ? 0 : 1;
+        return;
     }
     const execution = run.execution;
     const statusIcon = execution.result?.success ? '✅' : '❌';