@neurcode-ai/cli 0.14.0 → 0.15.0

package/dist/index.js

@@ -66,6 +66,18 @@ const control_plane_1 = require("./commands/control-plane");
 const workspace_1 = require("./commands/workspace");
 const replay_1 = require("./commands/replay");
 const governance_1 = require("./commands/governance");
+const profile_1 = require("./commands/profile");
+const session_hook_1 = require("./commands/session-hook");
+const runtime_adapter_1 = require("./commands/runtime-adapter");
+const agent_1 = require("./commands/agent");
+const activate_1 = require("./commands/activate");
+const run_1 = require("./commands/run");
+const runtime_doctor_1 = require("./commands/runtime-doctor");
+const runtime_report_1 = require("./commands/runtime-report");
+const runtime_sync_1 = require("./commands/runtime-sync");
+const runtime_1 = require("./commands/runtime");
+const admission_1 = require("./commands/admission");
+const demo_1 = require("./commands/demo");
 const execution_bus_1 = require("./utils/execution-bus");
 const execution_actions_1 = require("./utils/execution-actions");
 // Read version from package.json
@@ -81,31 +93,71 @@ catch (error) {
 const program = new commander_1.Command();
 const CORE_WORKFLOW_STEPS = [
     {
-        command: 'neurcode start "<intent>"',
-        description: 'Declare governance context and bounded implementation scope',
+        command: 'neurcode agent start codex --goal "<task>"',
+        description: 'Start a governed session for non-Claude agents using the universal runtime handshake',
     },
     {
-        command: 'neurcode verify --evidence',
-        description: 'Verify the current diff against intent, policy, and change contracts',
+        command: 'neurcode run claude --goal "<task>"',
+        description: 'Start a governed AI coding session and print the agent runtime handshake',
     },
     {
-        command: 'neurcode replay --json',
-        description: 'Inspect deterministic replay and provenance receipts from the last run',
+        command: 'neurcode activate claude --connect <token>',
+        description: 'Install Claude Code governance hooks, pair the repo, and enable runtime evidence auto-sync',
+    },
+    {
+        command: 'neurcode status',
+        description: 'Inspect the active in-flow governance session and latest boundary block',
+    },
+    {
+        command: 'neurcode runtime cloud-status',
+        description: 'Read dashboard-visible live session, approval, transport, and ingestion state',
+    },
+    {
+        command: 'neurcode report --runtime',
+        description: 'Summarize blocked edits, approvals, owners, and replay records across sessions',
+    },
+    {
+        command: 'neurcode sync --runtime',
+        description: 'Manual fallback upload for finished in-flow session records',
     },
     {
-        command: 'neurcode remediate-export --finding-index 0',
-        description: 'Export bounded remediation context for an external remediation tool',
+        command: 'neurcode admission export',
+        description: 'Export the latest source-free runtime admission record for the GitHub Action',
     },
     {
-        command: 'neurcode verify --ci',
-        description: 'Re-verify in CI with deterministic receipts and governance artifacts',
+        command: 'neurcode demo rehearse',
+        description: 'Print the canonical production demo rehearsal protocol',
+    },
+    {
+        command: 'neurcode login',
+        description: 'Connect this machine/runtime to Neurcode with browser approval',
+    },
+    {
+        command: 'neurcode init',
+        description: 'Bind this repository to a personal or organization workspace',
+    },
+    {
+        command: 'neurcode start "<intent>"',
+        description: 'Declare governance context for a bounded implementation scope',
+    },
+    {
+        command: 'neurcode replay --json',
+        description: 'Inspect deterministic replay and source-free runtime receipts',
     },
 ];
 const CANONICAL_OPERATOR_COMMAND_NAMES = new Set([
+    'activate',
+    'agent',
+    'run',
+    'status',
+    'runtime',
+    'sessions',
+    'report',
+    'sync',
+    'admission',
+    'demo',
     'start',
     'quickstart',
-    'verify',
-    'remediate-export',
     'replay',
 ]);
 const ENTERPRISE_OPERATIONS_COMMAND_NAMES = new Set([
@@ -200,12 +252,12 @@ function buildAdvancedLegacyHints(root) {
     return fallbackCommands.map((commandName) => `neurcode ${commandName}`);
 }
 function configurePrimaryHelpView(root) {
-    const primaryOrder = ['start', 'quickstart', 'verify', 'remediate-export', 'replay'];
+    const primaryOrder = ['activate', 'agent', 'run', 'status', 'runtime', 'sessions', 'report', 'sync', 'admission', 'demo', 'login', 'init', 'start', 'quickstart', 'replay'];
     root.configureHelp({
         visibleCommands: (command) => {
             const filtered = command.commands.filter((subcommand) => {
                 const commandName = subcommand.name();
-                return commandName === 'help' || CANONICAL_OPERATOR_COMMAND_NAMES.has(commandName);
+                return commandName === 'help' || commandName === 'login' || commandName === 'init' || CANONICAL_OPERATOR_COMMAND_NAMES.has(commandName);
             });
             return filtered.sort((left, right) => {
                 const leftIndex = primaryOrder.indexOf(left.name());
@@ -219,19 +271,19 @@ function configurePrimaryHelpView(root) {
 }
 function printCoreWorkflowGuide() {
     // Operational lifecycle guide. Same aesthetic as the welcome banner and
-    // neurcode home — subtle sophistication, no emoji ornaments, info dense.
+    // neurcode home - subtle sophistication, no emoji ornaments, info dense.
     // The lifecycle bar mirrors what the welcome banner shows so identity is
     // coherent across surfaces. (See docs/ux/final-operational-experience-report.md.)
     console.log('');
     console.log(`${chalk.bold('neurcode')}${chalk.dim('  ·  operational lifecycle')}`);
     console.log('');
-    console.log(chalk.dim('  start  ▸  verify  ▸  replay  ▸  remediate-export  ▸  re-verify'));
+    console.log(chalk.dim('  connect repo  ->  activate agent  ->  govern session  ->  approve exact path  ->  export evidence'));
     console.log('');
     console.log(`  ${chalk.bold('Canonical commands')}`);
     CORE_WORKFLOW_STEPS.forEach((step) => console.log(chalk.dim(formatCoreWorkflowStep(step))));
     console.log('');
     console.log(chalk.dim('  See ') + chalk.cyan('neurcode home') + chalk.dim(' for current runtime state. ') +
-        chalk.dim('Run ') + chalk.cyan('neurcode --help') + chalk.dim(' for the full command surface.'));
+        chalk.dim('Run ') + chalk.cyan('neurcode whoami') + chalk.dim(' to inspect user/workspace/repo identity.'));
     console.log('');
 }
 function formatCommandList(commandNames) {
@@ -385,6 +437,42 @@ program
 (0, brain_1.brainCommand)(program);
 (0, policy_1.policyCommand)(program);
 (0, governance_1.governanceCommand)(program);
+// V0: in-flow governance
+(0, profile_1.profileCommand)(program);
+(0, session_hook_1.sessionHookCommand)(program);
+(0, runtime_adapter_1.runtimeAdapterCommand)(program);
+(0, agent_1.agentCommand)(program);
+(0, activate_1.activateCommand)(program);
+(0, run_1.runCommand)(program);
+(0, runtime_report_1.reportCommand)(program);
+(0, runtime_sync_1.syncCommand)(program);
+(0, runtime_1.runtimeCommand)(program);
+(0, admission_1.admissionCommand)(program);
+(0, demo_1.demoCommand)(program);
+program
+    .command('status')
+    .description('Show the active in-flow governance session for this repository')
+    .option('--session-id <id>', 'Local governance session ID (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.localGovernanceStatusCommand)({
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+program
+    .command('sessions')
+    .description('List local in-flow governance sessions for this repository')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.listRuntimeSessionsCommand)({
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
 (0, control_plane_1.controlPlaneCommand)(program);
 (0, workspace_1.workspaceCommand)(program);
 (0, replay_1.replayCommand)(program);
@@ -461,16 +549,16 @@ program
 });
 program
     .command('login')
-    .description('Authenticate CLI with Neurcode (opens browser for approval)')
-    .option('--org <id>', 'Authenticate for a specific organization (internal UUID)')
+    .description('Connect this machine/runtime to a Neurcode workspace')
+    .option('--org <id>', 'Connect to a specific workspace/organization (internal UUID)')
     .action((options) => {
     (0, login_1.loginCommand)({ orgId: options.org });
 });
 program
     .command('logout')
-    .description('Log out from Neurcode CLI (removes API key)')
-    .option('--all', 'Remove all saved API keys (all organizations)')
-    .option('--org <id>', 'Remove saved API key for a specific organization (internal UUID)')
+    .description('Disconnect Neurcode runtime credentials from this machine')
+    .option('--all', 'Remove all saved runtime credentials (all workspaces)')
+    .option('--org <id>', 'Remove saved runtime credential for a specific workspace/organization')
     .action((options) => {
     (0, logout_1.logoutCommand)({
         all: options.all || false,
@@ -479,8 +567,8 @@ program
 });
 program
     .command('init')
-    .description('Initialize project configuration (select a project)')
-    .option('--org <id>', 'Preselect organization by internal UUID')
+    .description('Bind this repository to a workspace governance boundary')
+    .option('--org <id>', 'Preselect workspace/organization by internal UUID')
     .option('--project-id <id>', 'Link an existing project by internal UUID (non-interactive)')
     .option('--create <name>', 'Create and link a new project (non-interactive)')
     .action((options) => {
@@ -493,8 +581,17 @@ program
 program
     .command('doctor')
     .description('Enterprise readiness diagnostics (config, artifacts, API compatibility, CORS)')
+    .option('--runtime', 'Run local in-flow runtime diagnostics for Claude Code governance')
+    .option('--dir <path>', 'Repository root for --runtime diagnostics')
     .option('--json', 'Output machine-readable diagnostics JSON')
     .action((options) => {
+    if (options.runtime === true) {
+        (0, runtime_doctor_1.runtimeDoctorCommand)({
+            json: options.json === true,
+            dir: options.dir,
+        });
+        return;
+    }
     (0, doctor_1.doctorCommand)({
         json: options.json,
         cliVersion: version,
@@ -502,7 +599,7 @@ program
 });
 program
     .command('quickstart')
-    .description('Guided onboarding — first deterministic finding in under 2 minutes (no network required)')
+    .description('Local-only governance sandbox for first deterministic finding')
     .option('--force', 'Overwrite existing starter files')
     .option('--json', 'Output machine-readable JSON')
     .action(async (options) => {
@@ -566,7 +663,7 @@ program
 });
 program
     .command('whoami')
-    .description('Show current identity and project scope')
+    .description('Show user, workspace, repo ownership, session, and governance boundary')
     .action(() => {
     (0, whoami_1.whoamiCommand)();
 });
@@ -844,10 +941,68 @@ sessionCmd
     .description('List all sessions for the current project')
     .option('--project-id <id>', 'Project ID')
     .option('--all', 'Show all sessions (including completed)')
+    .option('--local', 'List local in-flow governance sessions from .neurcode/sessions')
+    .option('--dir <path>', 'Repository root for --local')
+    .option('--json', 'Output machine-readable JSON for --local')
     .action((options) => {
     (0, session_1.listSessionsCommand)({
         projectId: options.projectId,
         all: options.all || false,
+        local: options.local === true,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('show')
+    .description('Show one local in-flow governance session record')
+    .argument('<session-id>', 'Local governance session ID')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((sessionId, options) => {
+    (0, session_1.showRuntimeSessionCommand)(sessionId, {
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('record')
+    .description('Build the source-free AI Change Record for a governed coding session')
+    .option('--session-id <id>', 'Local governance session ID (default: active, then latest)')
+    .option('--latest', 'Use the latest local session even if another session is active')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.aiChangeRecordCommand)({
+        sessionId: options.sessionId,
+        latest: options.latest === true,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('understanding')
+    .description('Build local TypeScript structural understanding for the active governed change')
+    .option('--session-id <id>', 'Local governance session ID (default: active, then latest)')
+    .option('--latest', 'Use the latest local session even if another session is active')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--staged', 'Analyze staged changes only')
+    .option('--head', 'Analyze working tree against HEAD (default)')
+    .option('--base <ref>', 'Analyze working tree against a specific git ref')
+    .option('--max-program-files <n>', 'Maximum TypeScript/JavaScript files to analyze', (value) => Number.parseInt(value, 10))
+    .option('--time-budget-ms <n>', 'Static analysis time budget in milliseconds', (value) => Number.parseInt(value, 10))
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.structuralUnderstandingCommand)({
+        sessionId: options.sessionId,
+        latest: options.latest === true,
+        dir: options.dir,
+        staged: options.staged === true,
+        head: options.head === true,
+        base: options.base,
+        maxProgramFiles: Number.isFinite(options.maxProgramFiles) ? options.maxProgramFiles : undefined,
+        timeBudgetMs: Number.isFinite(options.timeBudgetMs) ? options.timeBudgetMs : undefined,
+        json: options.json === true,
     });
 });
 sessionCmd
@@ -866,10 +1021,262 @@ sessionCmd
     .description('Show status of the current session or a specific session')
     .option('--session-id <id>', 'Session ID to check (defaults to current session)')
     .option('--project-id <id>', 'Project ID')
+    .option('--local', 'Force local in-flow governance session status')
+    .option('--dir <path>', 'Repository root for local in-flow session status')
+    .option('--json', 'Output machine-readable JSON')
     .action((options) => {
     (0, session_1.sessionStatusCommand)({
         sessionId: options.sessionId,
         projectId: options.projectId,
+        local: options.local === true,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('export-admission [sessionId]')
+    .description('Export a source-free runtime admission record into .neurcode-admission/')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--receipt <path>', 'Attach source-free backend receipt summary from a receipt/control-plane JSON file')
+    .option('--explain', 'Explain what the record contains, excludes, and how the GitHub Action consumes it')
+    .option('--json', 'Output machine-readable JSON')
+    .action((sessionId, options) => {
+    try {
+        const summary = (0, admission_1.exportAdmissionRecordForCli)({
+            dir: options.dir,
+            sessionId,
+            receiptPath: options.receipt,
+            explain: options.explain === true,
+            json: options.json === true,
+        });
+        if (options.json) {
+            console.log(JSON.stringify(summary, null, 2));
+            return;
+        }
+        console.log('Admission record exported');
+        console.log(`  Session:     ${summary.sessionId}`);
+        console.log(`  PR artifact: ${summary.publicRelativePath}`);
+        console.log(`  Trust:       ${summary.trustLevel}`);
+        if (summary.receipt.present) {
+            console.log(`  Receipt:     ${summary.receipt.receiptId || 'attached'} (${summary.receipt.verificationStatus || 'unknown'})`);
+        }
+        console.log(`  Note:        ${summary.trustLevel === 'backend_signed' ? 'backend-signed metadata is attached; verify the receipt before treating it as enterprise evidence.' : 'self-attested local records are claims, not cryptographic proof.'}`);
+        if (options.explain) {
+            console.log('');
+            console.log('What it contains:');
+            for (const item of summary.contains)
+                console.log(`  - ${item}`);
+            console.log('');
+            console.log('What it intentionally excludes:');
+            for (const item of summary.excludes)
+                console.log(`  - ${item}`);
+            console.log('');
+            console.log('How the GitHub Action consumes it:');
+            for (const item of summary.actionConsumption)
+                console.log(`  - ${item}`);
+        }
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (options.json) {
+            console.log(JSON.stringify({ ok: false, error: message }, null, 2));
+        }
+        else {
+            console.error(`Admission export failed: ${message}`);
+        }
+        process.exitCode = 1;
+    }
+});
+sessionCmd
+    .command('approve')
+    .description('Approve a file path or glob for the active in-flow governance session')
+    .requiredOption('--path <path>', 'File path or glob to approve')
+    .option('--reason <text>', 'Human-readable approval reason')
+    .option('--session-id <id>', 'Session ID to approve against (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.approveGovernanceSessionCommand)({
+        path: options.path,
+        reason: options.reason,
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('reset-stale')
+    .description('Finish and clear an abandoned active in-flow governance session')
+    .option('--max-age-minutes <n>', 'Only reset sessions idle at least this many minutes (default: 120)', (value) => Number.parseFloat(value))
+    .option('--force', 'Reset even if the session is fresh or waiting on approval')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.resetStaleGovernanceSessionCommand)({
+        maxAgeMinutes: Number.isFinite(options.maxAgeMinutes) ? options.maxAgeMinutes : undefined,
+        force: options.force === true,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('obligations')
+    .description('Show live source-free architecture obligations for the active in-flow session')
+    .option('--session-id <id>', 'Session ID to inspect (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action((options) => {
+    (0, session_1.showGovernanceObligationsCommand)({
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('waive-obligation')
+    .description('Waive one pending architecture obligation for the active in-flow session')
+    .requiredOption('--id <obligation-id>', 'Architecture obligation ID to waive')
+    .requiredOption('--reason <text>', 'Human-readable waiver reason')
+    .option('--session-id <id>', 'Session ID to update (default: active session)')
+    .option('--expires-at <iso>', 'Absolute waiver expiry timestamp')
+    .option('--ttl-minutes <n>', 'Waiver TTL in minutes (default: 60)', (value) => Number.parseFloat(value))
+    .option('--waived-by <identity>', 'Human identity recording the waiver')
+    .option('--source <source>', 'Waiver source: local_cli | dashboard | mcp | unknown', 'local_cli')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.waiveGovernanceObligationCommand)({
+        obligationId: options.id,
+        reason: options.reason,
+        sessionId: options.sessionId,
+        expiresAt: options.expiresAt,
+        ttlMinutes: Number.isFinite(options.ttlMinutes) ? options.ttlMinutes : undefined,
+        waivedBy: options.waivedBy,
+        waiverSource: ['local_cli', 'dashboard', 'mcp', 'unknown'].includes(options.source) ? options.source : 'local_cli',
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+function collectOption(value, previous = []) {
+    return [...previous, value];
+}
+sessionCmd
+    .command('replan')
+    .description('Amend or replace the active in-flow agent plan')
+    .option('--plan <text>', 'Full replacement plan text')
+    .option('--plan-file <path>', 'Read replacement plan text from a file')
+    .option('--summary <text>', 'Replace the active plan summary')
+    .option('--add-step <text>', 'Add a plan step', collectOption, [])
+    .option('--remove-step <text>', 'Remove a plan step by exact text', collectOption, [])
+    .option('--add-file <path>', 'Add an expected file to the active plan', collectOption, [])
+    .option('--remove-file <path>', 'Remove an expected file from the active plan', collectOption, [])
+    .option('--add-glob <glob>', 'Add an expected glob to the active plan', collectOption, [])
+    .option('--remove-glob <glob>', 'Remove an expected glob from the active plan', collectOption, [])
+    .option('--add-constraint <text>', 'Add a stated plan constraint', collectOption, [])
+    .option('--remove-constraint <text>', 'Remove a stated plan constraint by exact text', collectOption, [])
+    .option('--add-risk <text>', 'Add a stated plan risk/caveat', collectOption, [])
+    .option('--remove-risk <text>', 'Remove a stated plan risk/caveat by exact text', collectOption, [])
+    .option('--reason <text>', 'Why the plan changed')
+    .option('--proposed-by <actor>', 'Proposal actor: human | agent', 'human')
+    .option('--decided-by <identity>', 'Human identity when a human-authored re-plan is applied')
+    .option('--session-id <id>', 'Session ID to update (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.replanGovernanceSessionCommand)({
+        plan: options.plan,
+        planFile: options.planFile,
+        summary: options.summary,
+        addStep: options.addStep,
+        removeStep: options.removeStep,
+        addFile: options.addFile,
+        removeFile: options.removeFile,
+        addGlob: options.addGlob,
+        removeGlob: options.removeGlob,
+        addConstraint: options.addConstraint,
+        removeConstraint: options.removeConstraint,
+        addRisk: options.addRisk,
+        removeRisk: options.removeRisk,
+        reason: options.reason,
+        proposedBy: options.proposedBy === 'agent' ? 'agent' : 'human',
+        decidedBy: options.decidedBy,
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+// `amend-plan` is the human-facing alias of `replan`, matching the documented
+// `neurcode session amend-plan --summary "..." --reason "..." --scope "<glob>"`.
+// It shares the same revisioning engine; `--scope` is sugar for `--add-glob`.
+sessionCmd
+    .command('amend-plan')
+    .description('Amend the active in-flow agent plan (alias of replan; supports --scope)')
+    .option('--plan <text>', 'Full replacement plan text')
+    .option('--plan-file <path>', 'Read replacement plan text from a file')
+    .option('--summary <text>', 'Replace the active plan summary')
+    .option('--scope <glob>', 'Add an expected scope glob to the active plan', collectOption, [])
+    .option('--add-step <text>', 'Add a plan step', collectOption, [])
+    .option('--remove-step <text>', 'Remove a plan step by exact text', collectOption, [])
+    .option('--add-file <path>', 'Add an expected file to the active plan', collectOption, [])
+    .option('--remove-file <path>', 'Remove an expected file from the active plan', collectOption, [])
+    .option('--add-glob <glob>', 'Add an expected glob to the active plan', collectOption, [])
+    .option('--remove-glob <glob>', 'Remove an expected glob from the active plan', collectOption, [])
+    .option('--add-constraint <text>', 'Add a stated plan constraint', collectOption, [])
+    .option('--remove-constraint <text>', 'Remove a stated plan constraint by exact text', collectOption, [])
+    .option('--add-risk <text>', 'Add a stated plan risk/caveat', collectOption, [])
+    .option('--remove-risk <text>', 'Remove a stated plan risk/caveat by exact text', collectOption, [])
+    .option('--reason <text>', 'Why the plan changed')
+    .option('--proposed-by <actor>', 'Proposal actor: human | agent', 'human')
+    .option('--decided-by <identity>', 'Human identity when a human-authored re-plan is applied')
+    .option('--session-id <id>', 'Session ID to update (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    await (0, session_1.replanGovernanceSessionCommand)({
+        plan: options.plan,
+        planFile: options.planFile,
+        summary: options.summary,
+        scope: options.scope,
+        addStep: options.addStep,
+        removeStep: options.removeStep,
+        addFile: options.addFile,
+        removeFile: options.removeFile,
+        addGlob: options.addGlob,
+        removeGlob: options.removeGlob,
+        addConstraint: options.addConstraint,
+        removeConstraint: options.removeConstraint,
+        addRisk: options.addRisk,
+        removeRisk: options.removeRisk,
+        reason: options.reason,
+        proposedBy: options.proposedBy === 'agent' ? 'agent' : 'human',
+        decidedBy: options.decidedBy,
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
+    });
+});
+sessionCmd
+    .command('replan-decide')
+    .description('Accept or reject a pending agent-authored plan amendment')
+    .requiredOption('--proposal-id <id>', 'Pending plan amendment proposal ID')
+    .requiredOption('--decision <decision>', 'Decision: accept | reject')
+    .option('--reason <text>', 'Human-readable decision reason')
+    .option('--decided-by <identity>', 'Human identity recording the decision')
+    .option('--session-id <id>', 'Session ID to update (default: active session)')
+    .option('--dir <path>', 'Repository root (default: current directory)')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    if (options.decision !== 'accept' && options.decision !== 'reject') {
+        throw new Error('decision must be accept or reject');
+    }
+    await (0, session_1.decideGovernanceReplanCommand)({
+        proposalId: options.proposalId,
+        decision: options.decision,
+        reason: options.reason,
+        decidedBy: options.decidedBy,
+        sessionId: options.sessionId,
+        dir: options.dir,
+        json: options.json === true,
     });
 });
 sessionCmd
@@ -982,9 +1389,11 @@ program
     .option('--finding-id <id>', 'Alias for --finding (backward compatible)')
     .option('--finding-index <n>', 'Export payload for finding at 0-based index')
     .option('--all', 'Export payloads for all findings from last verify')
-    .option('--format <fmt>', 'Output format: json | mcp (default: json)', 'json')
+    .option('--format <fmt>', 'Output format: json | mcp | prompt | markdown (default: json)', 'json')
+    .option('--provider <provider>', 'Provider handoff: claude | codex | cursor | gemini')
     .option('--out <path>', 'Write output to file instead of stdout')
     .option('--copy', 'Copy output to clipboard (macOS pbcopy)')
+    .option('--open', 'Open provider workflow when a documented local deep link is available')
     .option('--verify-output-file <path>', 'Path to verify JSON output (default: .neurcode/last-verify-output.json)')
     .option('--project-root <path>', 'Project root override')
     .option('--json', 'Output machine-readable JSON')
@@ -994,9 +1403,42 @@ program
         finding,
         findingIndex: options.findingIndex,
         all: options.all === true,
-        format: options.format === 'mcp' ? 'mcp' : 'json',
+        format: ['json', 'mcp', 'prompt', 'markdown'].includes(options.format) ? options.format : 'json',
+        provider: ['claude', 'codex', 'cursor', 'gemini'].includes(options.provider) ? options.provider : undefined,
         out: options.out,
         copy: options.copy === true,
+        open: options.open === true,
+        json: options.json === true,
+        verifyOutputFile: options.verifyOutputFile,
+        projectRoot: options.projectRoot,
+    });
+});
+program
+    .command('remediation-export')
+    .description('Alias for remediate-export.')
+    .option('--finding <id>', 'Export payload for a specific finding ID')
+    .option('--finding-id <id>', 'Alias for --finding (backward compatible)')
+    .option('--finding-index <n>', 'Export payload for finding at 0-based index')
+    .option('--all', 'Export payloads for all findings from last verify')
+    .option('--format <fmt>', 'Output format: json | mcp | prompt | markdown (default: json)', 'json')
+    .option('--provider <provider>', 'Provider handoff: claude | codex | cursor | gemini')
+    .option('--out <path>', 'Write output to file instead of stdout')
+    .option('--copy', 'Copy output to clipboard (macOS pbcopy)')
+    .option('--open', 'Open provider workflow when a documented local deep link is available')
+    .option('--verify-output-file <path>', 'Path to verify JSON output (default: .neurcode/last-verify-output.json)')
+    .option('--project-root <path>', 'Project root override')
+    .option('--json', 'Output machine-readable JSON')
+    .action(async (options) => {
+    const finding = options.finding ?? options.findingId;
+    await (0, remediate_export_1.remediateExportCommand)({
+        finding,
+        findingIndex: options.findingIndex,
+        all: options.all === true,
+        format: ['json', 'mcp', 'prompt', 'markdown'].includes(options.format) ? options.format : 'json',
+        provider: ['claude', 'codex', 'cursor', 'gemini'].includes(options.provider) ? options.provider : undefined,
+        out: options.out,
+        copy: options.copy === true,
+        open: options.open === true,
         json: options.json === true,
         verifyOutputFile: options.verifyOutputFile,
         projectRoot: options.projectRoot,
@@ -1407,7 +1849,8 @@ program
     });
     if (options.json === true) {
         console.log(JSON.stringify(run.execution, null, 2));
-        process.exit(run.execution.result?.success === true ? 0 : 1);
+        process.exitCode = run.execution.result?.success === true ? 0 : 1;
+        return;
     }
     const execution = run.execution;
     const statusIcon = execution.result?.success ? '✅' : '❌';