@pellux/goodvibes-agent 0.1.0

package/src/input/commands/health-runtime.ts

@@ -0,0 +1,434 @@
+import { ServiceRegistry } from '@pellux/goodvibes-sdk/platform/config';
+import type { ConfigManager } from '@pellux/goodvibes-sdk/platform/config';
+import { evaluateSessionMaintenance, formatSessionMaintenanceLines } from '@/runtime/index.ts';
+import { estimateConversationTokens } from '@pellux/goodvibes-sdk/platform/core';
+import type { CommandRegistry } from '../command-registry.ts';
+import { buildSetupReviewSnapshot } from './local-setup-review.ts';
+import { buildProviderAccountSnapshot } from '@/runtime/index.ts';
+import { getSettingsControlPlaneSnapshot } from '@/runtime/index.ts';
+import { listPersistedWorktreeMeta, summarizeWorktreeOwnership } from '@/runtime/index.ts';
+import { checkRecoveryFile, readLastSessionPointer } from '@/runtime/index.ts';
+import {
+  openCommandPanel,
+  requireLocalUserAuthManager,
+  requireOperatorClient,
+  requireProviderApi,
+  requireReadModels,
+  requireSecretsManager,
+  requireServiceRegistry,
+  requireSubscriptionManager,
+  requireSessionMemoryStore,
+} from './runtime-services.ts';
+
+function renderSandboxHealthSummary(configManager: ConfigManager): string[] {
+  const backend = String(configManager.get('sandbox.vmBackend') ?? 'local');
+  const imagePath = String(configManager.get('sandbox.qemuImagePath') ?? '').trim();
+  const wrapperPath = String(configManager.get('sandbox.qemuExecWrapper') ?? '').trim();
+  const lines = [
+    `  backend: ${backend}`,
+    `  qemu image: ${imagePath || '(not configured)'}`,
+    `  qemu wrapper: ${wrapperPath || '(not configured)'}`,
+  ];
+  if (backend === 'qemu' && !imagePath) lines.push('  issue: qemu backend selected without qemuImagePath');
+  if (backend === 'qemu' && !wrapperPath) lines.push('  issue: qemu backend selected without qemuExecWrapper');
+  return lines;
+}
+
+export function registerHealthRuntimeCommands(registry: CommandRegistry): void {
+  registry.register({
+    name: 'health',
+    aliases: ['doctor'],
+    description: 'Health workspace for startup posture, service readiness, sandbox posture, and provider health',
+    usage: '[open|review|setup|services|sandbox|provider|accounts|auth|settings|intelligence|remote|mcp|continuity|worktrees|maintenance|repair [domain]]',
+    async handler(args, ctx) {
+      const sub = (args[0] ?? 'review').toLowerCase();
+      const readModels = requireReadModels(ctx);
+
+      if (sub === 'open' || sub === 'panel' || sub === 'provider') {
+        openCommandPanel(ctx, 'provider-health');
+        return;
+      }
+
+      if (sub === 'services') {
+        const registry = requireServiceRegistry(ctx);
+        const all = registry.getAll();
+        const keys = Object.keys(all);
+        const inspections = await Promise.all(keys.map((name) => registry.inspect(name)));
+        const issues = inspections
+          .filter((inspection): inspection is NonNullable<typeof inspection> => inspection !== null)
+          .flatMap((inspection) => {
+            const findings: string[] = [];
+            if (!inspection.hasPrimaryCredential) findings.push(`${inspection.config.name}: missing primary credential`);
+            if (inspection.config.authType === 'basic' && !inspection.hasPasswordCredential) findings.push(`${inspection.config.name}: missing password credential`);
+            if (!inspection.config.baseUrl) findings.push(`${inspection.config.name}: no baseUrl configured`);
+            return findings;
+          });
+        ctx.print([
+          'Health Review: Services',
+          `  configured: ${keys.length}`,
+          `  issues: ${issues.length}`,
+          ...(issues.length > 0 ? issues.map((issue) => `  ${issue}`) : ['  all configured services passed readiness checks']),
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'sandbox') {
+        ctx.print([
+          'Health Review: Sandbox',
+          ...renderSandboxHealthSummary(ctx.platform.configManager),
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'accounts') {
+        const operatorClient = requireOperatorClient(ctx);
+        const accounts = await operatorClient.providers.accountSnapshot();
+        ctx.print([
+          'Health Review: Accounts',
+          `  providers: ${accounts.providers.length}`,
+          `  configured: ${accounts.configuredCount}`,
+          `  issues: ${accounts.issueCount}`,
+          ...accounts.providers.flatMap((provider) => {
+            const findings = [
+              ...provider.issues.map((issue) => `  ${provider.providerId}: ${issue}`),
+              ...(provider.fallbackRisk ? [`  ${provider.providerId}: ${provider.fallbackRisk}`] : []),
+            ];
+            return findings;
+          }),
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'auth') {
+        const auth = readModels.localAuth.getSnapshot();
+        ctx.print([
+          'Health Review: Local Auth',
+          `  users: ${auth.userCount}`,
+          `  sessions: ${auth.sessionCount}`,
+          `  bootstrap file: ${auth.bootstrapCredentialPresent ? 'present' : 'cleared'}`,
+          ...(auth.userCount <= 1 ? ['  issue: only one local auth user configured'] : []),
+          ...(auth.bootstrapCredentialPresent ? ['  issue: bootstrap credential file still present; rotate or clear it when no longer needed'] : []),
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'settings') {
+        const settings = readModels.settings.getSnapshot();
+        const issues: string[] = [];
+        if (settings.conflictCount > 0) issues.push(`${settings.conflictCount} conflicting setting import(s) need review`);
+        if (settings.recentFailureCount > 0) issues.push(`${settings.recentFailureCount} recent sync/managed failure(s) recorded`);
+        if (settings.hasStagedManagedBundle) issues.push('staged managed bundle is awaiting apply or rollback');
+        if (settings.managedLockCount > 0) issues.push(`${settings.managedLockCount} managed lock(s) currently enforced`);
+        ctx.print([
+          'Health Review: Settings',
+          `  available: ${settings.available ? 'yes' : 'no'}`,
+          `  managed locks: ${settings.managedLockCount}`,
+          `  conflicts: ${settings.conflictCount}`,
+          `  recent failures: ${settings.recentFailureCount}`,
+          `  staged bundle: ${settings.hasStagedManagedBundle ? 'present' : 'none'}`,
+          ...(issues.length > 0 ? issues.map((issue) => `  issue: ${issue}`) : ['  no active settings-control issues detected']),
+          '  next: /settingssync panel',
+          '  next: /settingssync show <key>',
+          '  next: /managed staged',
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'intelligence') {
+        const intelligence = readModels.intelligence.getSnapshot();
+        const issues: string[] = [];
+        if (intelligence.diagnosticsStatus !== 'ready') issues.push(`diagnostics=${intelligence.diagnosticsStatus}`);
+        if (intelligence.symbolSearchStatus !== 'ready') issues.push(`symbols=${intelligence.symbolSearchStatus}`);
+        if (intelligence.completionsStatus !== 'ready') issues.push(`completions=${intelligence.completionsStatus}`);
+        if (intelligence.hoverStatus !== 'ready') issues.push(`hover=${intelligence.hoverStatus}`);
+        ctx.print([
+          'Health Review: Intelligence',
+          `  diagnostics: ${intelligence.diagnosticsStatus}`,
+          `  symbols: ${intelligence.symbolSearchStatus}`,
+          `  completions: ${intelligence.completionsStatus}`,
+          `  hover: ${intelligence.hoverStatus}`,
+          `  errors: ${intelligence.errorCount}`,
+          `  warnings: ${intelligence.warningCount}`,
+          `  requests: ${intelligence.totalRequests}`,
+          `  avg latency: ${Math.round(intelligence.avgLatencyMs)}ms`,
+          ...(issues.length > 0
+            ? issues.map((issue) => `  issue: ${issue}`)
+            : ['  no active intelligence readiness issues detected']),
+          '  next: /intelligence review',
+          '  next: /setup review',
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'remote') {
+        const snapshot = readModels.remote.getSnapshot().supervisor;
+        const issues = snapshot.sessions.flatMap((session) => {
+          const lines: string[] = [];
+          if (session.transportState === 'degraded' || session.transportState === 'reconnecting' || session.transportState === 'terminal_failure') {
+            lines.push(`${session.runnerId}: transport=${session.transportState}`);
+          }
+          if (session.heartbeat.status !== 'fresh') {
+            lines.push(`${session.runnerId}: heartbeat=${session.heartbeat.status}`);
+          }
+          if (session.lastError) {
+            lines.push(`${session.runnerId}: ${session.lastError}`);
+          }
+          return lines;
+        });
+        ctx.print([
+          'Health Review: Remote',
+          `  sessions: ${snapshot.sessions.length}`,
+          `  active connections: ${snapshot.activeConnections}`,
+          `  degraded: ${snapshot.degradedConnections}`,
+          ...(issues.length > 0 ? issues.map((issue) => `  issue: ${issue}`) : ['  no active remote recovery issues detected']),
+          '  next: /remote supervisor',
+          '  next: /remote recover <runnerId>',
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'mcp') {
+        const mcp = readModels.mcp.getSnapshot();
+        const issues = mcp.servers.flatMap((server) => {
+          const lines: string[] = [];
+          if (server.status !== 'connected' && server.status !== 'configured') {
+            lines.push(`${server.name}: status=${server.status}`);
+          }
+          if (server.schemaFreshness !== 'fresh') {
+            lines.push(`${server.name}: schema=${server.schemaFreshness}`);
+          }
+          if (server.lastError) {
+            lines.push(`${server.name}: ${server.lastError}`);
+          }
+          return lines;
+        });
+        ctx.print([
+          'Health Review: MCP',
+          `  servers: ${mcp.servers.length}`,
+          `  connected: ${mcp.connectedServerNames.length}`,
+          `  tools: ${mcp.availableToolCount}`,
+          `  total calls: ${mcp.totalCalls}`,
+          `  total errors: ${mcp.totalErrors}`,
+          ...(issues.length > 0 ? issues.map((issue) => `  issue: ${issue}`) : ['  no active MCP lifecycle issues detected']),
+          '  next: /mcp review',
+          '  next: /mcp auth-review',
+          '  next: /mcp repair',
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'continuity') {
+        const continuity = readModels.continuity.getSnapshot();
+        const returnMode = String(ctx.platform.configManager.get('behavior.returnContextMode') ?? 'off');
+        const issues: string[] = [];
+        if (!continuity.lastSessionPointer) issues.push('no last-session pointer is recorded');
+        if (continuity.recoveryFilePresent) issues.push(`recovery file present for ${continuity.sessionId || '(unknown session)'}`);
+        if (returnMode === 'off') issues.push('return-context summaries are disabled');
+        ctx.print([
+          'Health Review: Continuity',
+          `  return context mode: ${returnMode}`,
+          `  last session pointer: ${continuity.lastSessionPointer ?? 'none'}`,
+          `  recovery file: ${continuity.recoveryFilePresent ? 'present' : 'clear'}`,
+          ...(continuity.returnContext ? [`  recovery activity: ${continuity.returnContext.activityLabel}`, `  recovery status: ${continuity.returnContext.statusLabel}`] : []),
+          ...(issues.length > 0 ? issues.map((issue) => `  issue: ${issue}`) : ['  no active session continuity issues detected']),
+          '  next: /session list',
+          '  next: /session hotspots',
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'maintenance') {
+        const session = readModels.session.getSnapshot();
+        const providerApi = requireProviderApi(ctx);
+        const currentModel = await providerApi.getCurrentModel().catch(() => null); // best-effort: null handled as unknown context window
+        const llmMessages = typeof ctx.session.conversationManager.getMessagesForLLM === 'function'
+          ? ctx.session.conversationManager.getMessagesForLLM()
+          : [];
+        const maintenance = evaluateSessionMaintenance({
+          configManager: ctx.platform.configManager,
+          currentTokens: estimateConversationTokens(llmMessages),
+          contextWindow: currentModel?.contextWindow ?? 0,
+          messageCount: llmMessages.length,
+          sessionMemoryCount: requireSessionMemoryStore(ctx).list().length,
+          session: session.session,
+        });
+        ctx.print([
+          'Health Review: Maintenance',
+          ...formatSessionMaintenanceLines(maintenance, 'guided'),
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'worktrees') {
+        const summary = readModels.worktrees.getSnapshot().summary;
+        const issues: string[] = [];
+        if (summary.discard > 0) issues.push(`${summary.discard} worktree(s) marked discard still tracked`);
+        if (summary.pendingCleanup > 0) issues.push(`${summary.pendingCleanup} worktree(s) awaiting cleanup`);
+        if ('kept' in summary && typeof (summary as { kept?: number }).kept === 'number' && (summary as { kept?: number }).kept! > 0) {
+          // read-model summary may include kept in some implementations; ignored in rendering below if absent
+        }
+        if (summary.paused > 0) issues.push(`${summary.paused} paused worktree(s) may need resume or merge review`);
+        ctx.print([
+          'Health Review: Worktrees',
+          `  total: ${summary.total}`,
+          `  active: ${summary.active}`,
+          `  paused: ${summary.paused}`,
+          `  discard: ${summary.discard}`,
+          `  cleanup pending: ${summary.pendingCleanup}`,
+          ...(issues.length > 0 ? issues.map((issue) => `  issue: ${issue}`) : ['  no active worktree lifecycle issues detected']),
+          '  next: /worktree review',
+          '  next: /worktree recover <session|task> <id>',
+        ].join('\n'));
+        return;
+      }
+
+      if (sub === 'repair') {
+        const domain = (args[1] ?? 'review').toLowerCase();
+        const lines = ['Health Repair'];
+        if (domain === 'settings') {
+          const settings = getSettingsControlPlaneSnapshot(ctx.platform.configManager);
+          lines.push('  domain: settings');
+          lines.push(...(
+            settings.conflicts.length > 0
+              ? ['  /settingssync panel', '  /settingssync show <key>', '  /managed staged']
+              : ['  no active settings repair actions suggested']
+          ));
+          lines.push('  verify: /health settings');
+        } else if (domain === 'auth') {
+          const auth = requireLocalUserAuthManager(ctx).inspect();
+          lines.push('  domain: auth');
+          lines.push(...(
+            auth.bootstrapCredentialPresent
+              ? ['  /auth local review', '  /auth local rotate-password admin <password>', '  /auth local clear-bootstrap-file']
+              : ['  /auth local review']
+          ));
+          lines.push('  verify: /health auth');
+        } else if (domain === 'accounts') {
+          lines.push('  domain: accounts');
+          lines.push('  /accounts review');
+          lines.push('  /accounts routes <provider>');
+          lines.push('  /accounts repair <provider>');
+          lines.push('  /auth show <provider>');
+          lines.push('  verify: /health accounts');
+        } else if (domain === 'services') {
+          lines.push('  domain: services');
+          lines.push('  /services doctor');
+          lines.push('  /services auth-review');
+          lines.push('  /health services');
+          lines.push('  verify: /health services');
+        } else if (domain === 'sandbox') {
+          lines.push('  domain: sandbox');
+          lines.push('  /sandbox');
+          lines.push('  delegate sandbox/QEMU setup and execution to GoodVibes TUI');
+          lines.push('  /health sandbox');
+          lines.push('  verify: /health sandbox');
+        } else if (domain === 'remote') {
+          lines.push('  domain: remote');
+          lines.push('  /remote supervisor');
+          lines.push('  /remote recover <runnerId>');
+          lines.push('  /remote setup');
+          lines.push('  verify: /health remote');
+        } else if (domain === 'mcp') {
+          lines.push('  domain: mcp');
+          lines.push('  /mcp review');
+          lines.push('  /mcp auth-review');
+          lines.push('  /mcp repair [server]');
+          lines.push('  verify: /health mcp');
+        } else if (domain === 'continuity') {
+          lines.push('  domain: continuity');
+          lines.push('  /session list');
+          lines.push('  /session resume <id>');
+          lines.push('  /session hotspots');
+          lines.push('  verify: /health continuity');
+        } else if (domain === 'maintenance') {
+          lines.push('  domain: maintenance');
+          lines.push('  /health maintenance');
+          lines.push('  /guidance review');
+          lines.push('  /compact');
+          lines.push('  /panel tokens');
+          lines.push('  verify: /health maintenance');
+        } else if (domain === 'worktrees') {
+          lines.push('  domain: worktrees');
+          lines.push('  /worktree review');
+          lines.push('  /worktree recover <session|task> <id>');
+          lines.push('  verify: /health worktrees');
+        } else if (domain === 'intelligence') {
+          lines.push('  domain: intelligence');
+          lines.push('  /intelligence review');
+          lines.push('  /intelligence symbols <file>');
+          lines.push('  /intelligence definition <file> <line> <column>');
+          lines.push('  /setup review');
+          lines.push('  verify: /health intelligence');
+        } else {
+          lines.push('  domains: settings, auth, accounts, services, sandbox, remote, mcp, continuity, maintenance, worktrees, intelligence');
+          lines.push('  use: /health repair <domain>');
+        }
+        ctx.print(lines.join('\n'));
+        return;
+      }
+
+      const session = readModels.session.getSnapshot();
+      const providerApi = requireProviderApi(ctx);
+      const currentModel = await providerApi.getCurrentModel().catch(() => null); // best-effort: null handled as unknown context window
+      const llmMessages = typeof ctx.session.conversationManager.getMessagesForLLM === 'function'
+        ? ctx.session.conversationManager.getMessagesForLLM()
+        : [];
+      const contextWindow = currentModel?.contextWindow ?? 0;
+      const maintenance = evaluateSessionMaintenance({
+        configManager: ctx.platform.configManager,
+        currentTokens: estimateConversationTokens(llmMessages),
+        contextWindow,
+        messageCount: llmMessages.length,
+        sessionMemoryCount: requireSessionMemoryStore(ctx).list().length,
+        session: session.session,
+      });
+
+      const snapshot = await buildSetupReviewSnapshot(ctx);
+      const operatorClient = requireOperatorClient(ctx);
+      const accountSnapshot = await operatorClient.providers.accountSnapshot();
+      const settingsSnapshot = getSettingsControlPlaneSnapshot(ctx.platform.configManager);
+      if (sub === 'setup') {
+        ctx.print([
+          'Health Review: Setup',
+          ...snapshot.issues.map((issue) => `  [${issue.severity.toUpperCase()}] ${issue.area}: ${issue.message}`),
+          ...(snapshot.serviceIssues.length > 0
+            ? ['', '  Service issues:', ...snapshot.serviceIssues.map((issue) => `    - ${issue}`)]
+            : []),
+        ].join('\n'));
+        return;
+      }
+
+      ctx.print([
+        'Health Review',
+        `  session: ${snapshot.sessionId}`,
+        `  setup issues: ${snapshot.issues.length}`,
+        `  service issues: ${snapshot.serviceIssues.length}`,
+        `  active subscriptions: ${snapshot.activeSubscriptionCount}`,
+        `  account issues: ${accountSnapshot.issueCount}`,
+        `  settings conflicts: ${settingsSnapshot.conflicts.length}`,
+        `  managed locks: ${settingsSnapshot.managedLockCount}`,
+        `  local auth users: ${readModels.localAuth.getSnapshot().userCount}`,
+        `  remote runners: ${snapshot.remoteRunnerCount}`,
+        ...renderSandboxHealthSummary(ctx.platform.configManager),
+        '',
+        ...formatSessionMaintenanceLines(maintenance, 'guided').map((line) => `  ${line}`),
+        ...(snapshot.issues.length > 0 ? ['', ...snapshot.issues.map((issue) => `  [${issue.severity.toUpperCase()}] ${issue.area}: ${issue.message}`)] : []),
+        ...(snapshot.serviceIssues.length > 0 ? ['', ...snapshot.serviceIssues.map((issue) => `  service: ${issue}`)] : []),
+        '',
+        'Next steps:',
+        '  /health open',
+        '  /health services',
+        '  /health sandbox',
+        '  /health accounts',
+        '  /health auth',
+        '  /health settings',
+        '  /health intelligence',
+        '  /health remote',
+        '  /health maintenance',
+        '  /health worktrees',
+        '  /health repair <domain>',
+        '  /setup onboarding',
+      ].join('\n'));
+    },
+  });
+}

package/src/input/commands/hooks-runtime.ts

@@ -0,0 +1,148 @@
+import type { CommandRegistry } from '../command-registry.ts';
+import { requireHookApi } from './runtime-services.ts';
+
+export function registerHooksRuntimeCommands(registry: CommandRegistry): void {
+  registry.register({
+    name: 'hooks',
+    aliases: [],
+    description: 'Inspect, author, simulate, and reload managed hook workflows',
+    usage: '[contracts [filter] | reload | scaffold <name> <match> <type> | chain <name> <event1,event2,...> | remove <name> | enable <name> | disable <name> | simulate <eventPath> | inspect <path> | import <path> [merge|replace] | export [path]]',
+    argsHint: '[subcommand]',
+    async handler(args, ctx) {
+      const hookApi = requireHookApi(ctx);
+      const workbench = hookApi.workbench;
+      if (args.length === 0 && ctx.openHooksPanel) {
+        ctx.openHooksPanel();
+        return;
+      }
+
+      const subcommand = (args[0] ?? 'contracts').toLowerCase();
+      if (subcommand === 'reload') {
+        await workbench.reload();
+        ctx.print(`Reloaded managed hooks from ${workbench.getFilePath()}`);
+        return;
+      }
+      if (subcommand === 'scaffold') {
+        const [name, match, type] = args.slice(1);
+        if (!name || !match || !type) {
+          ctx.print('Usage: /hooks scaffold <name> <match> <command|prompt|agent|http|ts>');
+          return;
+        }
+        if (!['command', 'prompt', 'agent', 'http', 'ts'].includes(type)) {
+          ctx.print(`Unknown hook type: ${type}`);
+          return;
+        }
+        const hook = await workbench.scaffoldHook(name, match, type as Parameters<typeof workbench.scaffoldHook>[2]);
+        ctx.print(`Scaffolded managed hook ${hook.name} at ${match} in ${workbench.getFilePath()}`);
+        return;
+      }
+      if (subcommand === 'chain') {
+        const name = args[1];
+        const matches = args[2]?.split(',').map((entry) => entry.trim()).filter(Boolean) ?? [];
+        if (!name || matches.length === 0) {
+          ctx.print('Usage: /hooks chain <name> <event1,event2,...>');
+          return;
+        }
+        const chain = await workbench.scaffoldChain(name, matches);
+        ctx.print(`Scaffolded managed hook chain ${chain.name} with ${chain.steps.length} step(s).`);
+        return;
+      }
+      if (subcommand === 'remove') {
+        const name = args[1];
+        if (!name) {
+          ctx.print('Usage: /hooks remove <name>');
+          return;
+        }
+        const removed = await workbench.remove(name);
+        if (!removed) {
+          ctx.print(`No managed hook or chain named ${name}.`);
+          return;
+        }
+        ctx.print(`Removed managed hook workflow entry ${name}.`);
+        return;
+      }
+      if (subcommand === 'enable' || subcommand === 'disable') {
+        const name = args[1];
+        if (!name) {
+          ctx.print(`Usage: /hooks ${subcommand} <name>`);
+          return;
+        }
+        const changed = await workbench.toggle(name, subcommand === 'enable');
+        if (!changed) {
+          ctx.print(`No managed hook named ${name}.`);
+          return;
+        }
+        ctx.print(`${subcommand === 'enable' ? 'Enabled' : 'Disabled'} managed hook ${name}.`);
+        return;
+      }
+      if (subcommand === 'simulate') {
+        const eventPath = args[1];
+        if (!eventPath) {
+          ctx.print('Usage: /hooks simulate <eventPath>');
+          return;
+        }
+        const result = workbench.simulate(eventPath);
+        ctx.print([
+          `Hook simulation for ${result.eventPath}`,
+          `  matched hooks: ${result.matchedHooks.length}`,
+          ...result.matchedHooks.map((entry) => `    ${entry.name}  ${entry.pattern}  ${entry.type}`),
+          `  matched chains: ${result.matchedChains.length}`,
+          ...result.matchedChains.map((entry) => `    ${entry.name}  stepMatches=${entry.stepMatches}`),
+        ].join('\n'));
+        return;
+      }
+      if (subcommand === 'export') {
+        const path = await workbench.export(args[1] ?? workbench.getFilePath());
+        ctx.print(`Exported managed hooks to ${path}`);
+        return;
+      }
+      if (subcommand === 'inspect') {
+        const path = args[1];
+        if (!path) {
+          ctx.print('Usage: /hooks inspect <path>');
+          return;
+        }
+        const inspection = workbench.inspect(path);
+        ctx.print([
+          `Hook bundle inspection: ${inspection.path}`,
+          `  hooks: ${inspection.hookCount}`,
+          `  chains: ${inspection.chainCount}`,
+          `  patterns: ${inspection.patterns.join(', ') || '(none)'}`,
+        ].join('\n'));
+        return;
+      }
+      if (subcommand === 'import') {
+        const path = args[1];
+        const strategy = args[2] === 'replace' ? 'replace' : 'merge';
+        if (!path) {
+          ctx.print('Usage: /hooks import <path> [merge|replace]');
+          return;
+        }
+        await workbench.import(path, strategy);
+        ctx.print(`Imported managed hooks from ${path} using ${strategy} strategy.`);
+        return;
+      }
+
+      const filter = (subcommand === 'contracts' ? args.slice(1) : args).join(' ').trim().toLowerCase();
+      const contracts = hookApi.contracts(filter);
+
+      if (contracts.length === 0) {
+        ctx.print(filter.length === 0 ? 'No hook contracts registered.' : `No hook contracts matched "${filter}".`);
+        return;
+      }
+
+      const lines: string[] = [`Hook Contracts (${contracts.length}):`];
+      for (const contract of contracts) {
+        lines.push(`  ${contract.pattern}`);
+        lines.push(`    authority=${contract.authority} mode=${contract.executionMode} deny=${contract.canDeny ? 'yes' : 'no'} mutate=${contract.canMutateInput ? 'yes' : 'no'} inject=${contract.canInjectContext ? 'yes' : 'no'} timeout=${contract.timeoutMs}ms policy=${contract.failurePolicy}`);
+        lines.push(`    ${contract.description}`);
+      }
+      const managedHooks = workbench.listManagedHooks();
+      const managedChains = workbench.listManagedChains();
+      lines.push('');
+      lines.push(`Managed hooks file: ${workbench.getFilePath()}`);
+      lines.push(`Managed entries: hooks=${managedHooks.length} chains=${managedChains.length}`);
+      ctx.print(lines.join('\n'));
+    },
+  });
+}

package/src/input/commands/incident-runtime.ts

@@ -0,0 +1,95 @@
+import { dirname, resolve } from 'path';
+import { mkdirSync, writeFileSync } from 'node:fs';
+import type { CommandRegistry } from '../command-registry.ts';
+import { buildIncidentMemoryAddOptions } from '@pellux/goodvibes-sdk/platform/state';
+import { requireShellPaths } from './runtime-services.ts';
+import { getMemoryApi } from './recall-query.ts';
+
+export function registerIncidentRuntimeCommands(registry: CommandRegistry): void {
+  registry.register({
+    name: 'incident',
+    aliases: [],
+    description: 'Open, export, and capture incident review bundles',
+    usage: '[open | latest | show <id|latest> | export <id|latest> <path> | capture <id|latest>]',
+    async handler(args, ctx) {
+      const shellPaths = requireShellPaths(ctx);
+      const subcommand = (args[0] ?? 'open').toLowerCase();
+      const forensicRegistry = ctx.extensions.forensicsRegistry;
+      if (subcommand === 'open') {
+        if (ctx.openIncidentPanel) {
+          ctx.openIncidentPanel();
+          return;
+        }
+        ctx.print('Incident panel is not available in this runtime.');
+        return;
+      }
+      if (!forensicRegistry) {
+        ctx.print('Forensics registry is not available in this runtime.');
+        return;
+      }
+      const requestedId = args[1];
+      const report = !requestedId || requestedId === 'latest'
+        ? forensicRegistry.latest()
+        : forensicRegistry.getById(requestedId);
+      if (subcommand === 'latest' || subcommand === 'show') {
+        if (!report) {
+          ctx.print('No incident bundle is available.');
+          return;
+        }
+        const bundle = forensicRegistry.buildBundle(report.id);
+        if (!bundle) {
+          ctx.print(`Failed to build incident bundle for ${report.id}.`);
+          return;
+        }
+        ctx.print([
+          `Incident ${report.id}`,
+          `  classification: ${report.classification}`,
+          `  summary: ${report.summary}`,
+          `  root cause: ${bundle.evidence.rootCause ?? 'n/a'}`,
+          `  denied permissions: ${bundle.evidence.deniedPermissionCount}`,
+          `  budget breaches: ${bundle.evidence.budgetBreachCount}`,
+          `  replay mismatches: ${bundle.replay.mismatchCount}`,
+        ].join('\n'));
+        return;
+      }
+      if (subcommand === 'export') {
+        const pathArg = args[2];
+        if (!requestedId || !pathArg) {
+          ctx.print('Usage: /incident export <id|latest> <path>');
+          return;
+        }
+        if (!report) {
+          ctx.print(`Incident not found: ${requestedId}`);
+          return;
+        }
+        const bundleJson = forensicRegistry.exportBundleAsJson(report.id);
+        if (!bundleJson) {
+          ctx.print(`Failed to export incident bundle for ${report.id}.`);
+          return;
+        }
+        const targetPath = shellPaths.resolveWorkspacePath(pathArg);
+        mkdirSync(dirname(targetPath), { recursive: true });
+        writeFileSync(targetPath, `${bundleJson}\n`, 'utf-8');
+        ctx.print(`Exported incident bundle ${report.id} to ${targetPath}`);
+        return;
+      }
+      if (subcommand === 'capture') {
+        const memory = getMemoryApi(ctx);
+        if (!memory) return;
+        if (!report) {
+          ctx.print(`Incident not found: ${requestedId ?? 'latest'}`);
+          return;
+        }
+        const bundle = forensicRegistry.buildBundle(report.id);
+        if (!bundle) {
+          ctx.print(`Failed to build incident bundle for ${report.id}.`);
+          return;
+        }
+        const record = await memory.add(buildIncidentMemoryAddOptions(bundle));
+        ctx.print(`Captured incident ${report.id} into durable memory as ${record.id}`);
+        return;
+      }
+      ctx.print('Usage: /incident [open | latest | show <id|latest> | export <id|latest> <path> | capture <id|latest>]');
+    },
+  });
+}