npm - @pellux/goodvibes-agent - Versions diffs - 0.1.0 - Mend

@pellux/goodvibes-agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (398) hide show

package/.goodvibes/GOODVIBES.md +35 -0
package/.goodvibes/agents/reviewer.md +48 -0
package/.goodvibes/skills/add-provider/SKILL.md +199 -0
package/CHANGELOG.md +25 -0
package/README.md +74 -0
package/bin/goodvibes-agent.ts +2 -0
package/docs/README.md +23 -0
package/docs/deployment-and-services.md +57 -0
package/docs/getting-started.md +53 -0
package/docs/release-and-publishing.md +46 -0
package/package.json +134 -0
package/scripts/check-bun.sh +20 -0
package/src/audio/player.ts +156 -0
package/src/audio/spoken-turn-controller.ts +203 -0
package/src/audio/spoken-turn-model-routing.ts +117 -0
package/src/audio/spoken-turn-wiring.ts +44 -0
package/src/audio/text-chunker.ts +110 -0
package/src/cli/bundle-command.ts +227 -0
package/src/cli/completion.ts +90 -0
package/src/cli/config-overrides.ts +159 -0
package/src/cli/endpoints.ts +63 -0
package/src/cli/entrypoint.ts +172 -0
package/src/cli/help.ts +299 -0
package/src/cli/index.ts +11 -0
package/src/cli/management-commands.ts +426 -0
package/src/cli/management.ts +744 -0
package/src/cli/network-posture.ts +46 -0
package/src/cli/package-verification.ts +123 -0
package/src/cli/parser.ts +369 -0
package/src/cli/provider-auth-routes.ts +22 -0
package/src/cli/provider-classification.ts +107 -0
package/src/cli/redaction.ts +105 -0
package/src/cli/service-command.ts +26 -0
package/src/cli/service-posture.ts +482 -0
package/src/cli/status.ts +383 -0
package/src/cli/surface-command.ts +247 -0
package/src/cli/tui-startup.ts +32 -0
package/src/cli/types.ts +69 -0
package/src/cli-flags.ts +21 -0
package/src/config/goodvibes-home-audit.ts +465 -0
package/src/config/index.ts +57 -0
package/src/config/provider-model.ts +23 -0
package/src/config/secret-config.ts +119 -0
package/src/config/secrets.ts +71 -0
package/src/config/surface.ts +1 -0
package/src/core/composer-state.ts +61 -0
package/src/core/conversation-rendering.ts +359 -0
package/src/core/conversation.ts +551 -0
package/src/core/history.ts +45 -0
package/src/core/orchestrator.ts +7 -0
package/src/core/system-message-router.ts +171 -0
package/src/daemon/cli.ts +55 -0
package/src/daemon/safe-serve.ts +61 -0
package/src/input/agent-workspace.ts +428 -0
package/src/input/autocomplete.ts +96 -0
package/src/input/bookmark-modal.ts +115 -0
package/src/input/command-args-hint.ts +36 -0
package/src/input/command-registry.ts +329 -0
package/src/input/commands/agent-externalized-tui.ts +73 -0
package/src/input/commands/agent-workspace-runtime.ts +17 -0
package/src/input/commands/branch-runtime.ts +72 -0
package/src/input/commands/cloudflare-runtime.ts +370 -0
package/src/input/commands/config.ts +18 -0
package/src/input/commands/control-room-runtime.ts +255 -0
package/src/input/commands/conversation-runtime.ts +207 -0
package/src/input/commands/discovery-runtime.ts +52 -0
package/src/input/commands/eval.ts +204 -0
package/src/input/commands/experience-runtime.ts +278 -0
package/src/input/commands/guidance-runtime.ts +106 -0
package/src/input/commands/health-runtime.ts +434 -0
package/src/input/commands/hooks-runtime.ts +148 -0
package/src/input/commands/incident-runtime.ts +95 -0
package/src/input/commands/integration-runtime.ts +394 -0
package/src/input/commands/intelligence-runtime.ts +223 -0
package/src/input/commands/knowledge.ts +531 -0
package/src/input/commands/local-auth-runtime.ts +105 -0
package/src/input/commands/local-provider-runtime.ts +170 -0
package/src/input/commands/local-runtime.ts +392 -0
package/src/input/commands/local-setup-review.ts +199 -0
package/src/input/commands/local-setup-transfer.ts +135 -0
package/src/input/commands/local-setup.ts +282 -0
package/src/input/commands/managed-runtime.ts +209 -0
package/src/input/commands/marketplace-runtime.ts +290 -0
package/src/input/commands/mcp-runtime.ts +432 -0
package/src/input/commands/memory-product-runtime.ts +111 -0
package/src/input/commands/memory.ts +151 -0
package/src/input/commands/notify-runtime.ts +83 -0
package/src/input/commands/onboarding-runtime.ts +14 -0
package/src/input/commands/operator-panel-runtime.ts +146 -0
package/src/input/commands/operator-runtime.ts +392 -0
package/src/input/commands/planning-runtime.ts +205 -0
package/src/input/commands/platform-access-runtime.ts +422 -0
package/src/input/commands/platform-services-runtime.ts +246 -0
package/src/input/commands/policy-dispatch.ts +339 -0
package/src/input/commands/policy.ts +17 -0
package/src/input/commands/product-runtime.ts +351 -0
package/src/input/commands/profile-sync-runtime.ts +99 -0
package/src/input/commands/provider-accounts-runtime.ts +113 -0
package/src/input/commands/provider.ts +363 -0
package/src/input/commands/qrcode-runtime.ts +20 -0
package/src/input/commands/quit-shared.ts +162 -0
package/src/input/commands/recall-bundle.ts +132 -0
package/src/input/commands/recall-capture.ts +152 -0
package/src/input/commands/recall-query.ts +229 -0
package/src/input/commands/recall-review.ts +98 -0
package/src/input/commands/recall-shared.ts +22 -0
package/src/input/commands/remote-runtime-pool.ts +106 -0
package/src/input/commands/remote-runtime-setup.ts +199 -0
package/src/input/commands/remote-runtime.ts +431 -0
package/src/input/commands/replay-runtime.ts +18 -0
package/src/input/commands/runtime-services.ts +291 -0
package/src/input/commands/schedule-runtime.ts +91 -0
package/src/input/commands/services-runtime.ts +209 -0
package/src/input/commands/session-content.ts +408 -0
package/src/input/commands/session-workflow.ts +464 -0
package/src/input/commands/session.ts +375 -0
package/src/input/commands/settings-sync-runtime.ts +174 -0
package/src/input/commands/share-runtime.ts +119 -0
package/src/input/commands/shell-core.ts +307 -0
package/src/input/commands/skills-runtime.ts +221 -0
package/src/input/commands/subscription-runtime.ts +434 -0
package/src/input/commands/tasks-runtime.ts +230 -0
package/src/input/commands/teamwork-runtime.ts +339 -0
package/src/input/commands/teleport-runtime.ts +57 -0
package/src/input/commands/tts-runtime.ts +29 -0
package/src/input/commands/work-plan-runtime.ts +169 -0
package/src/input/commands.ts +131 -0
package/src/input/feed-context-factory.ts +254 -0
package/src/input/file-picker.ts +192 -0
package/src/input/handler-command-route.ts +180 -0
package/src/input/handler-content-actions.ts +497 -0
package/src/input/handler-feed-routes.ts +648 -0
package/src/input/handler-feed.ts +452 -0
package/src/input/handler-interactions.ts +281 -0
package/src/input/handler-modal-routes.ts +418 -0
package/src/input/handler-modal-stack.ts +263 -0
package/src/input/handler-modal-token-routes.ts +329 -0
package/src/input/handler-onboarding-cloudflare.ts +391 -0
package/src/input/handler-onboarding.ts +620 -0
package/src/input/handler-picker-routes.ts +472 -0
package/src/input/handler-prompt-buffer.ts +320 -0
package/src/input/handler-shortcuts.ts +213 -0
package/src/input/handler-ui-state.ts +372 -0
package/src/input/handler.ts +729 -0
package/src/input/input-history.ts +297 -0
package/src/input/keybindings.ts +292 -0
package/src/input/mcp-workspace.ts +554 -0
package/src/input/model-picker-provider-filter.ts +28 -0
package/src/input/model-picker-types.ts +137 -0
package/src/input/model-picker.ts +797 -0
package/src/input/onboarding/handler-onboarding-routes.ts +125 -0
package/src/input/onboarding/onboarding-runtime-status.ts +87 -0
package/src/input/onboarding/onboarding-wizard-apply.ts +277 -0
package/src/input/onboarding/onboarding-wizard-cloudflare-step.ts +494 -0
package/src/input/onboarding/onboarding-wizard-cloudflare.ts +204 -0
package/src/input/onboarding/onboarding-wizard-constants.ts +158 -0
package/src/input/onboarding/onboarding-wizard-external-surface-extra-specs.ts +130 -0
package/src/input/onboarding/onboarding-wizard-external-surfaces.ts +762 -0
package/src/input/onboarding/onboarding-wizard-helpers.ts +167 -0
package/src/input/onboarding/onboarding-wizard-rules.ts +256 -0
package/src/input/onboarding/onboarding-wizard-state.ts +365 -0
package/src/input/onboarding/onboarding-wizard-steps.ts +798 -0
package/src/input/onboarding/onboarding-wizard-types.ts +195 -0
package/src/input/onboarding/onboarding-wizard.ts +711 -0
package/src/input/panel-integration-actions.ts +78 -0
package/src/input/profile-picker-modal.ts +222 -0
package/src/input/search.ts +100 -0
package/src/input/selection-modal.ts +163 -0
package/src/input/selection.ts +135 -0
package/src/input/session-picker-modal.ts +136 -0
package/src/input/settings-modal-behavior.ts +37 -0
package/src/input/settings-modal-secrets.ts +41 -0
package/src/input/settings-modal-subscriptions.ts +95 -0
package/src/input/settings-modal-types.ts +91 -0
package/src/input/settings-modal.ts +793 -0
package/src/input/submission-intent.ts +17 -0
package/src/input/submission-router.ts +59 -0
package/src/input/tts-settings-actions.ts +100 -0
package/src/main.ts +792 -0
package/src/mcp/runtime-reload.ts +81 -0
package/src/panels/agent-inspector-panel.ts +521 -0
package/src/panels/agent-inspector-shared.ts +94 -0
package/src/panels/agent-logs-panel.ts +559 -0
package/src/panels/agent-logs-shared.ts +129 -0
package/src/panels/approval-panel.ts +150 -0
package/src/panels/automation-control-panel.ts +212 -0
package/src/panels/base-panel.ts +254 -0
package/src/panels/builtin/agent.ts +117 -0
package/src/panels/builtin/development.ts +31 -0
package/src/panels/builtin/knowledge.ts +26 -0
package/src/panels/builtin/operations.ts +349 -0
package/src/panels/builtin/session.ts +129 -0
package/src/panels/builtin/shared.ts +274 -0
package/src/panels/builtin-panels.ts +23 -0
package/src/panels/cockpit-panel.ts +183 -0
package/src/panels/communication-panel.ts +153 -0
package/src/panels/confirm-state.ts +61 -0
package/src/panels/context-visualizer-panel.ts +204 -0
package/src/panels/control-plane-panel.ts +211 -0
package/src/panels/cost-tracker-panel.ts +444 -0
package/src/panels/debug-panel.ts +432 -0
package/src/panels/diff-panel.ts +520 -0
package/src/panels/docs-panel.ts +283 -0
package/src/panels/eval-panel.ts +399 -0
package/src/panels/file-explorer-panel.ts +584 -0
package/src/panels/file-preview-panel.ts +434 -0
package/src/panels/forensics-panel.ts +364 -0
package/src/panels/git-panel.ts +638 -0
package/src/panels/hooks-panel.ts +239 -0
package/src/panels/incident-review-panel.ts +197 -0
package/src/panels/index.ts +46 -0
package/src/panels/intelligence-panel.ts +176 -0
package/src/panels/knowledge-panel.ts +345 -0
package/src/panels/local-auth-panel.ts +130 -0
package/src/panels/marketplace-panel.ts +212 -0
package/src/panels/memory-panel.ts +225 -0
package/src/panels/ops-control-panel.ts +150 -0
package/src/panels/ops-strategy-panel.ts +235 -0
package/src/panels/orchestration-panel.ts +273 -0
package/src/panels/panel-list-panel.ts +509 -0
package/src/panels/panel-manager.ts +570 -0
package/src/panels/panel-picker.ts +106 -0
package/src/panels/plan-dashboard-panel.ts +274 -0
package/src/panels/plugins-panel.ts +178 -0
package/src/panels/policy-panel.ts +308 -0
package/src/panels/polish.ts +717 -0
package/src/panels/project-planning-panel.ts +711 -0
package/src/panels/provider-account-snapshot.ts +259 -0
package/src/panels/provider-accounts-panel.ts +218 -0
package/src/panels/provider-health-domains.ts +215 -0
package/src/panels/provider-health-panel.ts +727 -0
package/src/panels/provider-health-tracker.ts +115 -0
package/src/panels/provider-stats-panel.ts +366 -0
package/src/panels/qr-panel.ts +182 -0
package/src/panels/remote-panel.ts +449 -0
package/src/panels/routes-panel.ts +178 -0
package/src/panels/sandbox-panel.ts +283 -0
package/src/panels/schedule-panel.ts +329 -0
package/src/panels/scrollable-list-panel.ts +491 -0
package/src/panels/search-focus.ts +32 -0
package/src/panels/security-panel.ts +295 -0
package/src/panels/services-panel.ts +231 -0
package/src/panels/session-browser-panel.ts +400 -0
package/src/panels/session-maintenance.ts +125 -0
package/src/panels/settings-sync-panel.ts +120 -0
package/src/panels/skills-panel.ts +431 -0
package/src/panels/subscription-panel.ts +263 -0
package/src/panels/symbol-outline-panel.ts +486 -0
package/src/panels/system-messages-panel.ts +230 -0
package/src/panels/tasks-panel.ts +399 -0
package/src/panels/thinking-panel.ts +304 -0
package/src/panels/token-budget-panel.ts +475 -0
package/src/panels/tool-inspector-panel.ts +429 -0
package/src/panels/types.ts +54 -0
package/src/panels/watchers-panel.ts +193 -0
package/src/panels/work-plan-panel.ts +175 -0
package/src/panels/worktree-panel.ts +182 -0
package/src/panels/wrfc-panel.ts +609 -0
package/src/permissions/prompt.ts +165 -0
package/src/planning/project-planning-coordinator.ts +543 -0
package/src/plugins/loader.ts +15 -0
package/src/renderer/agent-detail-modal.ts +331 -0
package/src/renderer/agent-workspace.ts +238 -0
package/src/renderer/ansi-sanitize.ts +76 -0
package/src/renderer/autocomplete-overlay.ts +154 -0
package/src/renderer/block-actions.ts +76 -0
package/src/renderer/bookmark-modal.ts +101 -0
package/src/renderer/bottom-bar.ts +58 -0
package/src/renderer/buffer.ts +113 -0
package/src/renderer/code-block.ts +373 -0
package/src/renderer/compositor.ts +283 -0
package/src/renderer/context-inspector.ts +219 -0
package/src/renderer/conversation-layout.ts +67 -0
package/src/renderer/conversation-overlays.ts +140 -0
package/src/renderer/conversation-surface.ts +260 -0
package/src/renderer/diff-view.ts +132 -0
package/src/renderer/diff.ts +130 -0
package/src/renderer/file-picker-overlay.ts +101 -0
package/src/renderer/file-tree.ts +153 -0
package/src/renderer/fullscreen-primitives.ts +130 -0
package/src/renderer/fullscreen-workspace.ts +199 -0
package/src/renderer/git-status.ts +89 -0
package/src/renderer/help-overlay.ts +267 -0
package/src/renderer/history-search-overlay.ts +73 -0
package/src/renderer/layout-engine.ts +97 -0
package/src/renderer/layout.ts +32 -0
package/src/renderer/live-tail-modal.ts +156 -0
package/src/renderer/markdown.ts +635 -0
package/src/renderer/mcp-workspace.ts +237 -0
package/src/renderer/modal-factory.ts +467 -0
package/src/renderer/modal-utils.ts +24 -0
package/src/renderer/model-picker-overlay.ts +473 -0
package/src/renderer/model-workspace.ts +488 -0
package/src/renderer/onboarding/onboarding-wizard.ts +615 -0
package/src/renderer/overlay-box.ts +146 -0
package/src/renderer/overlay-viewport.ts +104 -0
package/src/renderer/panel-composite.ts +158 -0
package/src/renderer/panel-picker-overlay.ts +202 -0
package/src/renderer/panel-tab-bar.ts +69 -0
package/src/renderer/panel-workspace-bar.ts +42 -0
package/src/renderer/process-indicator.ts +96 -0
package/src/renderer/process-modal.ts +656 -0
package/src/renderer/process-summary.ts +67 -0
package/src/renderer/profile-picker-modal.ts +129 -0
package/src/renderer/progress.ts +98 -0
package/src/renderer/qr-renderer.ts +120 -0
package/src/renderer/search-overlay.ts +54 -0
package/src/renderer/selection-modal-overlay.ts +214 -0
package/src/renderer/semantic-diff.ts +369 -0
package/src/renderer/session-picker-modal.ts +127 -0
package/src/renderer/settings-modal-helpers.ts +193 -0
package/src/renderer/settings-modal.ts +537 -0
package/src/renderer/shell-surface.ts +88 -0
package/src/renderer/status-glyphs.ts +21 -0
package/src/renderer/status-token.ts +67 -0
package/src/renderer/surface-layout.ts +101 -0
package/src/renderer/syntax-highlighter.ts +542 -0
package/src/renderer/system-message.ts +83 -0
package/src/renderer/tab-strip.ts +108 -0
package/src/renderer/text-layout.ts +31 -0
package/src/renderer/thinking.ts +17 -0
package/src/renderer/tool-call.ts +234 -0
package/src/renderer/ui-factory.ts +524 -0
package/src/renderer/ui-primitives.ts +96 -0
package/src/runtime/bootstrap-command-context.ts +278 -0
package/src/runtime/bootstrap-command-parts.ts +386 -0
package/src/runtime/bootstrap-core.ts +540 -0
package/src/runtime/bootstrap-hook-bridge.ts +112 -0
package/src/runtime/bootstrap-shell.ts +283 -0
package/src/runtime/bootstrap.ts +575 -0
package/src/runtime/cloudflare-control-plane.ts +349 -0
package/src/runtime/context.ts +142 -0
package/src/runtime/diagnostics/panels/index.ts +24 -0
package/src/runtime/diagnostics/panels/ops.ts +156 -0
package/src/runtime/diagnostics/panels/panel-resources.ts +118 -0
package/src/runtime/diagnostics/panels/policy.ts +177 -0
package/src/runtime/index.ts +662 -0
package/src/runtime/onboarding/apply.ts +642 -0
package/src/runtime/onboarding/derivation.ts +534 -0
package/src/runtime/onboarding/index.ts +7 -0
package/src/runtime/onboarding/markers.ts +148 -0
package/src/runtime/onboarding/snapshot.ts +406 -0
package/src/runtime/onboarding/state.ts +141 -0
package/src/runtime/onboarding/types.ts +404 -0
package/src/runtime/onboarding/verify.ts +171 -0
package/src/runtime/operator-token-cleanup.ts +27 -0
package/src/runtime/perf/panel-contracts.ts +32 -0
package/src/runtime/perf/panel-health-monitor.ts +18 -0
package/src/runtime/sandbox-public-gaps.ts +358 -0
package/src/runtime/services.ts +670 -0
package/src/runtime/store/domains/domain-read-matrix.ts +15 -0
package/src/runtime/store/domains/index.ts +222 -0
package/src/runtime/store/domains/panels.ts +117 -0
package/src/runtime/store/domains/ui-perf.ts +103 -0
package/src/runtime/store/index.ts +305 -0
package/src/runtime/store/selectors/index.ts +359 -0
package/src/runtime/store/state.ts +145 -0
package/src/runtime/surface-feature-flags.ts +65 -0
package/src/runtime/terminal-output-guard.ts +228 -0
package/src/runtime/ui/index.ts +39 -0
package/src/runtime/ui/model-picker/data-provider.ts +182 -0
package/src/runtime/ui/model-picker/health-enrichment.ts +228 -0
package/src/runtime/ui/model-picker/index.ts +59 -0
package/src/runtime/ui/model-picker/types.ts +149 -0
package/src/runtime/ui/provider-health/data-provider.ts +244 -0
package/src/runtime/ui/provider-health/fallback-visualizer.ts +71 -0
package/src/runtime/ui/provider-health/index.ts +46 -0
package/src/runtime/ui/provider-health/types.ts +146 -0
package/src/runtime/ui-events.ts +1 -0
package/src/runtime/ui-read-model-helpers.ts +1 -0
package/src/runtime/ui-read-models-observability-maintenance.ts +1 -0
package/src/runtime/ui-read-models-observability-options.ts +1 -0
package/src/runtime/ui-read-models-observability-remote.ts +1 -0
package/src/runtime/ui-read-models-observability-security.ts +1 -0
package/src/runtime/ui-read-models-observability-system.ts +1 -0
package/src/runtime/ui-read-models-observability.ts +1 -0
package/src/runtime/ui-read-models.ts +61 -0
package/src/runtime/ui-service-queries.ts +1 -0
package/src/runtime/ui-services.ts +190 -0
package/src/scripts/process-messages.ts +42 -0
package/src/shell/blocking-input.ts +98 -0
package/src/shell/service-settings-sync.ts +273 -0
package/src/shell/ui-openers.ts +352 -0
package/src/tools/index.ts +1 -0
package/src/tools/wrfc-agent-guard.ts +49 -0
package/src/types/grid.ts +48 -0
package/src/types/sql-js.d.ts +15 -0
package/src/utils/clipboard.ts +22 -0
package/src/utils/splash-lines.ts +46 -0
package/src/utils/terminal-width.ts +185 -0
package/src/verification/live-verifier.ts +430 -0
package/src/verification/verification-ledger.ts +242 -0
package/src/version.ts +17 -0
package/src/widget/index.ts +2 -0
package/src/widget/types.ts +9 -0
package/src/widget/widget.ts +8 -0
package/src/work-plans/work-plan-store.ts +374 -0
package/tsconfig.json +18 -0

package/src/input/commands/cloudflare-runtime.ts ADDED Viewed

@@ -0,0 +1,370 @@
+import {
+  CLOUDFLARE_COMPONENT_IDS,
+  CLOUDFLARE_COMPONENT_LABELS,
+  DEFAULT_CLOUDFLARE_COMPONENT_SELECTION,
+  CloudflareDaemonRouteError,
+  createCloudflareDaemonClient,
+  type CloudflareComponent,
+  type CloudflareComponentSelection,
+  type CloudflareDaemonClient,
+  type CloudflareProvisionStep,
+} from '../../runtime/cloudflare-control-plane.ts';
+import type { CommandContext, CommandRegistry } from '../command-registry.ts';
+import { requireShellPaths } from './runtime-services.ts';
+interface ParsedCloudflareArgs {
+  readonly positional: readonly string[];
+  readonly flags: ReadonlyMap<string, readonly string[]>;
+}
+export function registerCloudflareRuntimeCommands(registry: CommandRegistry): void {
+  registry.register({
+    name: 'cloudflare',
+    aliases: ['cf'],
+    description: 'Inspect and manage optional Cloudflare batch/control-plane integration through daemon SDK routes',
+    usage: '[status|setup|requirements|create-token|discover|validate|provision|verify|disable] [flags]',
+    async handler(args, ctx) {
+      const subcommand = (args[0] ?? 'status').toLowerCase();
+      const parsed = parseCloudflareArgs(args.slice(1));
+      if (subcommand === 'setup' || subcommand === 'onboarding') {
+        ctx.openOnboardingWizard?.({ mode: 'edit', reset: true });
+        ctx.print('Opening onboarding wizard. Select the Cloudflare batch capability to configure Cloudflare.');
+        return;
+      }
+      let client: CloudflareDaemonClient;
+      try {
+        client = createCloudflareClient(ctx);
+      } catch (error) {
+        ctx.print(`Cloudflare command unavailable: ${formatCloudflareError(error)}`);
+        return;
+      }
+      try {
+        if (subcommand === 'status' || subcommand === 'show') {
+          const status = await client.status();
+          ctx.print([
+            'Cloudflare Status',
+            `  enabled: ${status.enabled ? 'yes' : 'no'}`,
+            `  ready: ${status.ready ? 'yes' : 'no'}`,
+            `  account: ${status.config.accountId || '(not set)'}`,
+            `  token ref: ${status.config.apiTokenRef || '(CLOUDFLARE_API_TOKEN fallback)'}`,
+            `  worker: ${status.config.workerName || '(not set)'}`,
+            `  worker URL: ${status.config.workerBaseUrl || '(not set)'}`,
+            `  queue: ${status.config.queueName || '(not set)'}`,
+            `  DLQ: ${status.config.deadLetterQueueName || '(not set)'}`,
+            `  tunnel: ${status.config.tunnelName || '(not set)'} ${status.config.tunnelId ? `(${status.config.tunnelId})` : ''}`.trimEnd(),
+            `  access app: ${status.config.accessAppId || '(not set)'}`,
+            `  batch mode: ${String(ctx.platform.configManager.get('batch.mode') ?? 'off')}`,
+            `  queue backend: ${String(ctx.platform.configManager.get('batch.queueBackend') ?? 'local')}`,
+            ...status.warnings.map((warning) => `  warning: ${warning}`),
+          ].join('\n'));
+          return;
+        }
+        if (subcommand === 'requirements') {
+          const result = await client.tokenRequirements({
+            components: componentsFromArgs(parsed),
+            includeBootstrap: true,
+          });
+          ctx.print([
+            'Cloudflare Token Requirements',
+            `  components: ${formatComponents(result.components)}`,
+            '  permissions:',
+            ...result.permissions.map((permission) => `    ${permission.scope}: ${permission.permission} (${permission.component}) - ${permission.reason}`),
+            ...(result.bootstrapToken.instructions.length > 0
+              ? ['  bootstrap token:', ...result.bootstrapToken.instructions.map((line) => `    ${line}`)]
+              : []),
+          ].join('\n'));
+          return;
+        }
+        if (subcommand === 'create-token') {
+          const bootstrapToken = getFlag(parsed, 'bootstrap-token') || readTokenEnv(parsed, 'bootstrap-env');
+          if (!bootstrapToken) {
+            ctx.print('Usage: /cloudflare create-token --account <account-id> --bootstrap-token <token> or --bootstrap-env <env-name>');
+            return;
+          }
+          const result = await client.createOperationalToken({
+            components: componentsFromArgs(parsed),
+            ...optionalString('accountId', getFlag(parsed, 'account') || getFlag(parsed, 'account-id')),
+            ...optionalString('zoneId', getFlag(parsed, 'zone-id')),
+            ...optionalString('zoneName', getFlag(parsed, 'zone') || getFlag(parsed, 'zone-name')),
+            bootstrapToken,
+            storeApiToken: true,
+            persistConfig: true,
+          });
+          ctx.print([
+            'Cloudflare Operational Token Created',
+            `  token: ${result.tokenName}${result.tokenId ? ` (${result.tokenId})` : ''}`,
+            `  account: ${result.accountId}`,
+            `  zone: ${result.zoneId || '(none)'}`,
+            `  stored ref: ${result.apiTokenRef ?? '(not stored)'}`,
+            '  revoke or expire the temporary bootstrap token after validation.',
+          ].join('\n'));
+          return;
+        }
+        if (subcommand === 'discover') {
+          const result = await client.discover({
+            ...cloudflareAuthInput(parsed),
+            components: componentsFromArgs(parsed),
+            ...optionalString('zoneId', getFlag(parsed, 'zone-id')),
+            ...optionalString('zoneName', getFlag(parsed, 'zone') || getFlag(parsed, 'zone-name')),
+            includeResources: !hasFlag(parsed, 'fast'),
+          });
+          ctx.print([
+            'Cloudflare Discovery',
+            `  token source: ${result.tokenSource}`,
+            `  accounts: ${result.accounts.length}`,
+            ...result.accounts.slice(0, 12).map((account) => `    account ${account.id}: ${account.name}`),
+            `  zones: ${result.zones.length}`,
+            ...result.zones.slice(0, 12).map((zone) => `    zone ${zone.id}: ${zone.name}${zone.status ? ` (${zone.status})` : ''}`),
+            `  worker subdomain: ${result.workerSubdomain || '(not detected)'}`,
+            `  queues: ${result.queues?.length ?? 0}`,
+            `  KV namespaces: ${result.kvNamespaces?.length ?? 0}`,
+            `  R2 buckets: ${result.r2Buckets?.length ?? 0}`,
+            ...result.warnings.map((warning) => `  warning: ${warning}`),
+          ].join('\n'));
+          return;
+        }
+        if (subcommand === 'validate') {
+          const result = await client.validate(cloudflareAuthInput(parsed));
+          ctx.print([
+            'Cloudflare Token Validation',
+            `  ok: ${result.ok ? 'yes' : 'no'}`,
+            `  token source: ${result.tokenSource}`,
+            result.account ? `  account: ${result.account.name} (${result.account.id})` : '  account: not resolved',
+          ].join('\n'));
+          return;
+        }
+        if (subcommand === 'provision') {
+          const result = await client.provision({
+            ...cloudflareAuthInput(parsed),
+            components: componentsFromArgs(parsed),
+            ...optionalString('accountId', getFlag(parsed, 'account') || getFlag(parsed, 'account-id')),
+            ...optionalString('zoneId', getFlag(parsed, 'zone-id')),
+            ...optionalString('zoneName', getFlag(parsed, 'zone') || getFlag(parsed, 'zone-name')),
+            ...optionalString('daemonBaseUrl', getFlag(parsed, 'daemon-url')),
+            ...optionalString('daemonHostname', getFlag(parsed, 'daemon-hostname')),
+            ...optionalString('workerName', getFlag(parsed, 'worker-name')),
+            ...optionalString('workerSubdomain', getFlag(parsed, 'worker-subdomain')),
+            ...optionalString('workerHostname', getFlag(parsed, 'worker-hostname')),
+            ...optionalString('workerBaseUrl', getFlag(parsed, 'worker-url')),
+            ...optionalString('queueName', getFlag(parsed, 'queue') || getFlag(parsed, 'queue-name')),
+            ...optionalString('deadLetterQueueName', getFlag(parsed, 'dlq') || getFlag(parsed, 'dead-letter-queue')),
+            ...optionalString('tunnelName', getFlag(parsed, 'tunnel-name')),
+            ...optionalString('tunnelId', getFlag(parsed, 'tunnel-id')),
+            ...optionalString('tunnelServiceUrl', getFlag(parsed, 'tunnel-service-url')),
+            ...optionalString('tunnelTokenRef', getFlag(parsed, 'tunnel-token-ref')),
+            ...optionalString('accessAppId', getFlag(parsed, 'access-app-id')),
+            ...optionalString('accessServiceTokenId', getFlag(parsed, 'access-service-token-id')),
+            ...optionalString('accessServiceTokenRef', getFlag(parsed, 'access-service-token-ref')),
+            ...optionalString('kvNamespaceName', getFlag(parsed, 'kv-namespace-name')),
+            ...optionalString('kvNamespaceId', getFlag(parsed, 'kv-namespace-id')),
+            ...optionalString('durableObjectNamespaceName', getFlag(parsed, 'do-namespace-name') || getFlag(parsed, 'durable-object-namespace-name')),
+            ...optionalString('durableObjectNamespaceId', getFlag(parsed, 'do-namespace-id') || getFlag(parsed, 'durable-object-namespace-id')),
+            ...optionalString('r2BucketName', getFlag(parsed, 'r2-bucket-name')),
+            ...optionalString('secretsStoreName', getFlag(parsed, 'secrets-store-name')),
+            ...optionalString('secretsStoreId', getFlag(parsed, 'secrets-store-id')),
+            ...optionalString('workerCron', getFlag(parsed, 'worker-cron')),
+            ...optionalString('operatorToken', getFlag(parsed, 'operator-token')),
+            ...optionalString('operatorTokenRef', getFlag(parsed, 'operator-token-ref')),
+            ...optionalString('workerClientToken', getFlag(parsed, 'worker-client-token')),
+            ...optionalString('workerClientTokenRef', getFlag(parsed, 'worker-client-token-ref')),
+            ...optionalBatchMode(readBatchMode(parsed)),
+            persistConfig: true,
+            verify: !hasFlag(parsed, 'no-verify'),
+            storeApiToken: !hasFlag(parsed, 'no-store-token'),
+            enableWorkersDev: !hasFlag(parsed, 'no-workers-dev'),
+          });
+          ctx.print([
+            'Cloudflare Provisioning',
+            `  ok: ${result.ok ? 'yes' : 'no'}`,
+            ...(result.worker ? [`  worker: ${result.worker.name}${result.worker.baseUrl ? ` at ${result.worker.baseUrl}` : ''}`] : []),
+            ...(result.queues ? [`  queues: ${result.queues.queueName}; DLQ ${result.queues.deadLetterQueueName}`] : []),
+            ...(result.tunnel ? [`  tunnel: ${result.tunnel.name} (${result.tunnel.id})${result.tunnel.hostname ? ` ${result.tunnel.hostname}` : ''}`] : []),
+            ...(result.access ? [`  access: app=${result.access.appId || '(none)'} serviceToken=${result.access.serviceTokenId || '(none)'}`] : []),
+            ...(result.dns ? [`  dns: ${result.dns.zoneName || result.dns.zoneId} records=${result.dns.records.length}`] : []),
+            ...(result.kv ? [`  kv: ${result.kv.namespaceName} (${result.kv.namespaceId})`] : []),
+            ...(result.r2 ? [`  r2: ${result.r2.bucketName}`] : []),
+            ...(result.secretsStore ? [`  secrets store: ${result.secretsStore.storeName} (${result.secretsStore.storeId})`] : []),
+            ...formatProvisionSteps(result.steps),
+          ].join('\n'));
+          return;
+        }
+        if (subcommand === 'verify') {
+          const result = await client.verify({
+            ...optionalString('workerBaseUrl', getFlag(parsed, 'worker-url')),
+            ...optionalString('workerClientToken', getFlag(parsed, 'worker-token')),
+            ...optionalString('workerClientTokenRef', getFlag(parsed, 'worker-token-ref')),
+          });
+          ctx.print([
+            'Cloudflare Verification',
+            `  ok: ${result.ok ? 'yes' : 'no'}`,
+            `  worker health: ${result.workerHealth.ok ? 'ok' : 'failed'} (HTTP ${result.workerHealth.status})${result.workerHealth.error ? ` - ${result.workerHealth.error}` : ''}`,
+            ...(result.daemonBatchProxy ? [`  daemon batch proxy: ${result.daemonBatchProxy.ok ? 'ok' : 'failed'} (HTTP ${result.daemonBatchProxy.status})${result.daemonBatchProxy.error ? ` - ${result.daemonBatchProxy.error}` : ''}`] : []),
+          ].join('\n'));
+          return;
+        }
+        if (subcommand === 'disable') {
+          const result = await client.disable({
+            ...cloudflareAuthInput(parsed),
+            ...optionalString('workerName', getFlag(parsed, 'worker-name')),
+            disableWorkerSubdomain: hasFlag(parsed, 'disable-worker-subdomain'),
+            disableCron: !hasFlag(parsed, 'keep-cron'),
+            persistConfig: true,
+          });
+          ctx.print([
+            'Cloudflare Disabled',
+            `  ok: ${result.ok ? 'yes' : 'no'}`,
+            ...formatProvisionSteps(result.steps),
+          ].join('\n'));
+          return;
+        }
+        ctx.print('Usage: /cloudflare [status|setup|requirements|create-token|discover|validate|provision|verify|disable] [flags]');
+      } catch (error) {
+        ctx.print(`Cloudflare ${subcommand} failed: ${formatCloudflareError(error)}`);
+      }
+    },
+  });
+}
+function createCloudflareClient(ctx: CommandContext): CloudflareDaemonClient {
+  const shellPaths = requireShellPaths(ctx);
+  return createCloudflareDaemonClient({
+    configManager: ctx.platform.configManager,
+    homeDirectory: shellPaths.homeDirectory,
+  });
+}
+function parseCloudflareArgs(args: readonly string[]): ParsedCloudflareArgs {
+  const positional: string[] = [];
+  const flags = new Map<string, string[]>();
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index]!;
+    if (!arg.startsWith('--')) {
+      positional.push(arg);
+      continue;
+    }
+    const raw = arg.slice(2);
+    const equalsIndex = raw.indexOf('=');
+    if (equalsIndex >= 0) {
+      const key = raw.slice(0, equalsIndex);
+      const value = raw.slice(equalsIndex + 1);
+      flags.set(key, [...(flags.get(key) ?? []), value]);
+      continue;
+    }
+    const next = args[index + 1];
+    if (next && !next.startsWith('--')) {
+      flags.set(raw, [...(flags.get(raw) ?? []), next]);
+      index += 1;
+    } else {
+      flags.set(raw, [...(flags.get(raw) ?? []), 'true']);
+    }
+  }
+  return { positional, flags };
+}
+function hasFlag(args: ParsedCloudflareArgs, key: string): boolean {
+  return args.flags.has(key);
+}
+function getFlag(args: ParsedCloudflareArgs, key: string): string {
+  const values = args.flags.get(key);
+  const value = values?.[values.length - 1] ?? '';
+  return value === 'true' ? '' : value.trim();
+}
+function getFlagValues(args: ParsedCloudflareArgs, key: string): readonly string[] {
+  return args.flags.get(key)?.map((value) => value.trim()).filter(Boolean) ?? [];
+}
+function componentsFromArgs(args: ParsedCloudflareArgs): Record<CloudflareComponent, boolean> {
+  const components: Record<CloudflareComponent, boolean> = { ...DEFAULT_CLOUDFLARE_COMPONENT_SELECTION };
+  if (hasFlag(args, 'all') || hasFlag(args, 'advanced')) {
+    for (const component of CLOUDFLARE_COMPONENT_IDS) components[component] = true;
+  }
+  for (const raw of [...args.positional, ...getFlagValues(args, 'component')]) {
+    const normalized = normalizeComponent(raw);
+    if (normalized) components[normalized] = true;
+  }
+  for (const raw of getFlagValues(args, 'no-component')) {
+    const normalized = normalizeComponent(raw);
+    if (normalized) components[normalized] = false;
+  }
+  return components;
+}
+function normalizeComponent(value: string): CloudflareComponent | null {
+  const normalized = value.trim().toLowerCase().replace(/[-_]/g, '');
+  for (const component of CLOUDFLARE_COMPONENT_IDS) {
+    if (component.toLowerCase() === normalized) return component;
+  }
+  if (normalized === 'workerscript' || normalized === 'worker') return 'workers';
+  if (normalized === 'queue') return 'queues';
+  if (normalized === 'tunnel') return 'zeroTrustTunnel';
+  if (normalized === 'access') return 'zeroTrustAccess';
+  if (normalized === 'domain' || normalized === 'hostname') return 'dns';
+  if (normalized === 'do' || normalized === 'durableobject') return 'durableObjects';
+  if (normalized === 'secret' || normalized === 'secrets') return 'secretsStore';
+  return null;
+}
+function formatComponents(components: CloudflareComponentSelection): string {
+  const selected = CLOUDFLARE_COMPONENT_IDS
+    .filter((component) => components[component] === true)
+    .map((component) => CLOUDFLARE_COMPONENT_LABELS[component]);
+  return selected.length > 0 ? selected.join(', ') : 'none';
+}
+function cloudflareAuthInput(args: ParsedCloudflareArgs): {
+  readonly accountId?: string;
+  readonly apiToken?: string;
+  readonly apiTokenRef?: string;
+} {
+  const token = getFlag(args, 'token') || readTokenEnv(args, 'token-env');
+  const tokenRef = getFlag(args, 'token-ref');
+  return {
+    ...optionalString('accountId', getFlag(args, 'account') || getFlag(args, 'account-id')),
+    ...(token ? { apiToken: token } : tokenRef ? { apiTokenRef: tokenRef } : {}),
+  };
+}
+function readTokenEnv(args: ParsedCloudflareArgs, key: string): string {
+  const envName = getFlag(args, key);
+  if (!envName) return '';
+  return process.env[envName] ?? '';
+}
+function readBatchMode(args: ParsedCloudflareArgs): 'off' | 'explicit' | 'eligible-by-default' | undefined {
+  const value = getFlag(args, 'batch-mode');
+  if (value === 'off' || value === 'explicit' || value === 'eligible-by-default') return value;
+  return undefined;
+}
+function optionalString<K extends string>(key: K, value: string): Partial<Record<K, string>> {
+  return value.trim().length > 0 ? { [key]: value.trim() } as Partial<Record<K, string>> : {};
+}
+function optionalBatchMode(value: ReturnType<typeof readBatchMode>): { readonly batchMode?: 'off' | 'explicit' | 'eligible-by-default' } {
+  return value ? { batchMode: value } : {};
+}
+function formatProvisionSteps(steps: readonly CloudflareProvisionStep[]): string[] {
+  return steps.length > 0
+    ? steps.map((step) => `  ${step.status}: ${step.name}${step.message ? ` - ${step.message}` : ''}`)
+    : ['  no steps returned'];
+}
+function formatCloudflareError(error: unknown): string {
+  if (error instanceof CloudflareDaemonRouteError) {
+    return `${error.message} (HTTP ${error.status}, ${error.code})`;
+  }
+  return error instanceof Error ? error.message : String(error);
+}

package/src/input/commands/config.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import type { CommandRegistry } from '../command-registry.ts';
+export function registerConfigCommand(registry: CommandRegistry): void {
+  registry.register({
+    name: 'config',
+    aliases: ['cfg'],
+    description: 'Open the fullscreen configuration workspace',
+    usage: '[category|key]',
+    argsHint: '[category|key]',
+    handler(args, ctx) {
+      if (ctx.openSettingsModal) {
+        ctx.openSettingsModal(args[0]);
+        return;
+      }
+      ctx.print('Fullscreen config workspace is not available in this runtime.');
+    },
+  });
+}

package/src/input/commands/control-room-runtime.ts ADDED Viewed

@@ -0,0 +1,255 @@
+import type { CommandRegistry } from '../command-registry.ts';
+import { buildMcpAttackPathReview } from '@/runtime/index.ts';
+import { buildKnowledgeInjectionPrompt, selectKnowledgeForTask } from '@pellux/goodvibes-sdk/platform/state';
+import { listBuiltinSubscriptionProviders } from '@pellux/goodvibes-sdk/platform/config';
+import { requireReadModels, requireSubscriptionManager, requireTokenAuditor } from './runtime-services.ts';
+import { getMemoryApi } from './recall-query.ts';
+export function registerControlRoomRuntimeCommands(registry: CommandRegistry): void {
+  registry.register({
+    name: 'cockpit',
+    aliases: [],
+    description: 'Open the unified operator cockpit',
+    usage: '',
+    handler(_args, ctx) {
+      if (ctx.openCockpitPanel) {
+        ctx.openCockpitPanel();
+        return;
+      }
+      ctx.print('Cockpit panel is not available in this runtime.');
+    },
+  });
+  registry.register({
+    name: 'orchestration',
+    aliases: ['orch'],
+    description: 'Inspect orchestration graphs and cancel active graphs or subtrees',
+    usage: '[show [graphId] | cancel graph <graphId> | cancel subtree <agentId>]',
+    handler(args, ctx) {
+      const graphs = [...requireReadModels(ctx).orchestration.getSnapshot().graphs];
+      if (args.length === 0) {
+        if (ctx.openOrchestrationPanel) {
+          ctx.openOrchestrationPanel();
+          return;
+        }
+        if (graphs.length === 0) {
+          ctx.print('Orchestration panel is not available in this runtime.');
+          return;
+        }
+      }
+      const subcommand = args[0]?.toLowerCase() ?? 'show';
+      if (subcommand === 'show') {
+        const graphId = args[1];
+        const graph = graphId ? graphs.find((entry) => entry.id === graphId) : graphs[0];
+        if (!graph) {
+          ctx.print(graphId ? `Unknown orchestration graph: ${graphId}` : 'No orchestration graphs recorded yet.');
+          return;
+        }
+        const lines = [
+          `Graph ${graph.id}`,
+          `  title: ${graph.title}`,
+          `  status: ${graph.status}`,
+          `  mode: ${graph.mode}`,
+          `  nodes: ${graph.nodeOrder.length}`,
+        ];
+        if (graph.lastRecursionGuard) {
+          lines.push(`  last guard: depth ${graph.lastRecursionGuard.depth}, active ${graph.lastRecursionGuard.activeAgents}, ${graph.lastRecursionGuard.reason}`);
+        }
+        for (const nodeId of graph.nodeOrder.slice(0, 12)) {
+          const node = graph.nodes.get(nodeId);
+          if (!node) continue;
+          lines.push(`  - ${node.id} ${node.role} ${node.status} ${node.title}`);
+        }
+        ctx.print(lines.join('\n'));
+        return;
+      }
+      if (subcommand === 'cancel') {
+        const mode = args[1]?.toLowerCase();
+        const target = args[2];
+        const manager = ctx.ops.agentManager;
+        if (!manager) {
+          ctx.print('Agent manager is not available in this runtime.');
+          return;
+        }
+        if (!mode || !target) {
+          ctx.print('Usage: /orchestration cancel graph <graphId> | /orchestration cancel subtree <agentId>');
+          return;
+        }
+        if (mode === 'graph') {
+          const cancelled = manager.cancelGraph(target);
+          ctx.print(cancelled.length > 0
+            ? `Cancelled ${cancelled.length} agent${cancelled.length !== 1 ? 's' : ''} in graph ${target}.`
+            : `No cancellable agents found in graph ${target}.`);
+          return;
+        }
+        if (mode === 'subtree') {
+          const cancelled = manager.cancelSubtree(target);
+          ctx.print(cancelled.length > 0
+            ? `Cancelled ${cancelled.length} agent${cancelled.length !== 1 ? 's' : ''} in subtree rooted at ${target}.`
+            : `No cancellable agents found in subtree rooted at ${target}.`);
+          return;
+        }
+        ctx.print(`Unknown orchestration cancel target: ${mode}`);
+        return;
+      }
+      ctx.print(`Unknown orchestration subcommand: ${subcommand}`);
+    },
+  });
+  registry.register({
+    name: 'communication',
+    aliases: ['comms'],
+    description: 'Inspect structured agent communication routes and recent activity',
+    usage: '',
+    handler(_args, ctx) {
+      if (ctx.openCommunicationPanel) {
+        ctx.openCommunicationPanel();
+        return;
+      }
+      ctx.print('Communication panel is not available in this runtime.');
+    },
+  });
+  registry.register({
+    name: 'security',
+    aliases: [],
+    description: 'Inspect security posture, attack paths, and review state',
+    usage: '[review | attack-paths | tokens]',
+    handler(args, ctx) {
+      if (args.length === 0) {
+        if (ctx.openSecurityPanel) {
+          ctx.openSecurityPanel();
+          return;
+        }
+        ctx.print('Security panel is not available in this runtime.');
+        return;
+      }
+      const subcommand = args[0]?.toLowerCase() ?? 'review';
+      const audit = requireTokenAuditor(ctx).auditAll(Date.now());
+      const securitySnapshot = requireReadModels(ctx).security.getSnapshot();
+      const policySnapshot = ctx.extensions.policyRuntimeState?.getSnapshot();
+      if (!policySnapshot) {
+        ctx.print('Policy runtime state is not available in this runtime.');
+        return;
+      }
+      const attackPaths = buildMcpAttackPathReview({
+        servers: securitySnapshot.mcpServers,
+        recentDecisions: securitySnapshot.recentMcpDecisions,
+      });
+      if (subcommand === 'tokens') {
+        if (audit.results.length === 0) {
+          ctx.print('No registered API tokens are currently under audit.');
+          return;
+        }
+        ctx.print([
+          `Token Audit (${audit.results.length})`,
+          ...audit.results.map((result) => (
+            `  ${result.label}  policy=${result.scope.policyId}  scope=${result.scope.outcome}  rotation=${result.rotation.outcome}  blocked=${result.blocked ? 'yes' : 'no'}`
+          )),
+        ].join('\n'));
+        return;
+      }
+      if (subcommand === 'attack-paths') {
+        if (attackPaths.findings.length === 0) {
+          ctx.print('No MCP attack-path findings are currently active.');
+          return;
+        }
+        ctx.print([
+          `MCP Attack-Path Review`,
+          `  summary: ${attackPaths.summary}`,
+          ...attackPaths.findings.slice(0, 12).map((finding) => (
+            `  ${finding.severity.toUpperCase()} ${finding.serverName}  ${finding.route}\n    ${finding.reason}`
+          )),
+        ].join('\n'));
+        return;
+      }
+      const plugins = ctx.extensions.pluginManager?.list() ?? [];
+      const subscriptions = requireSubscriptionManager(ctx);
+      const builtinProviders = listBuiltinSubscriptionProviders();
+      ctx.print([
+        'Security Review',
+        `  tokens: ${audit.results.length}`,
+        `  blocked tokens: ${audit.blocked.length}`,
+        `  scope violations: ${audit.scopeViolations.length}`,
+        `  rotation overdue: ${audit.rotationOverdue.length}`,
+        `  rotation warnings: ${audit.rotationWarnings.length}`,
+        `  built-in subscription providers: ${builtinProviders.length}`,
+        `  active subscriptions: ${subscriptions.list().length}`,
+        `  pending subscriptions: ${subscriptions.listPending().length}`,
+        `  policy lint findings: ${policySnapshot.lintFindings.length}`,
+        `  policy preflight: ${policySnapshot.lastPreflightReview?.status ?? 'n/a'}`,
+        `  mcp servers: ${securitySnapshot.mcpServers.length}`,
+        `  mcp quarantined: ${securitySnapshot.mcpServers.filter((server) => server.schemaFreshness === 'quarantined').length}`,
+        `  mcp elevated: ${securitySnapshot.mcpServers.filter((server) => server.trustMode === 'allow-all').length}`,
+        `  mcp attack-path findings: ${attackPaths.findings.length}`,
+        `  quarantined plugins: ${plugins.filter((plugin) => plugin.quarantined).length}`,
+        `  untrusted plugins: ${plugins.filter((plugin) => plugin.trustTier === 'untrusted').length}`,
+      ].join('\n'));
+    },
+  });
+  registry.register({
+    name: 'knowledge',
+    aliases: ['know'],
+    description: 'Inspect durable project knowledge, risks, runbooks, and architecture notes',
+    usage: '[open | queue [limit] | explain <task...> [--scope <path> ...]]',
+    handler(args, ctx) {
+      const subcommand = (args[0] ?? 'open').toLowerCase();
+      if (subcommand === 'open') {
+        if (ctx.openKnowledgePanel) {
+          ctx.openKnowledgePanel();
+          return;
+        }
+        ctx.print('Knowledge panel is not available in this runtime.');
+        return;
+      }
+      const memory = getMemoryApi(ctx);
+      if (!memory) return;
+      if (subcommand === 'queue') {
+        const limit = Math.max(1, parseInt(args[1] ?? '10', 10) || 10);
+        const queue = memory.reviewQueue(limit);
+        if (queue.length === 0) {
+          ctx.print('Knowledge review queue is empty.');
+          return;
+        }
+        ctx.print([
+          `Knowledge Review Queue (${queue.length})`,
+          ...queue.map((record) => `  ${record.id}  [${record.scope}/${record.cls}] ${record.reviewState} ${record.confidence}%  ${record.summary}`),
+        ].join('\n'));
+        return;
+      }
+      if (subcommand === 'explain') {
+        const scopeIdx = args.indexOf('--scope');
+        const scopeValues = scopeIdx !== -1
+          ? args.slice(scopeIdx + 1).filter((token) => !token.startsWith('--'))
+          : [];
+        const taskTokens = args.slice(1).filter((token, index) => {
+          if (token === '--scope') return false;
+          if (scopeIdx !== -1 && index + 1 > scopeIdx) return false;
+          return true;
+        });
+        const task = taskTokens.join(' ').trim();
+        if (!task) {
+          ctx.print('Usage: /knowledge explain <task...> [--scope <path> ...]');
+          return;
+        }
+        const injections = selectKnowledgeForTask(memory, task, scopeValues);
+        const prompt = buildKnowledgeInjectionPrompt(injections);
+        ctx.print(prompt ?? 'No reviewed project knowledge matched that task.');
+        return;
+      }
+      if (ctx.openKnowledgePanel) {
+        ctx.openKnowledgePanel();
+        return;
+      }
+      ctx.print(`Unknown knowledge subcommand: ${subcommand}`);
+    },
+  });
+}