@pellux/goodvibes-agent 0.1.10 → 0.1.12

package/src/input/commands/knowledge.ts

@@ -1,5 +1,6 @@
 import type { KnowledgeService } from '@pellux/goodvibes-sdk/platform/knowledge';
 import type { CommandContext, SlashCommand } from '../command-registry.ts';
+import { requireYesFlag, stripYesFlag } from './confirmation.ts';
 
 const KNOWLEDGE_REVIEW_ACTIONS = ['accept', 'reject', 'resolve', 'reopen', 'edit', 'forget'] as const;
 
@@ -158,7 +159,7 @@ export const knowledgeCommand: SlashCommand = {
   aliases: ['know', 'kb'],
   description: 'Agent Knowledge/Wiki: isolated Agent-owned sources, graph, review queue, and compact prompt packets.',
   usage: '<subcommand> [args]',
-  argsHint: 'status|ask|ingest-url|import-bookmarks|import-urls|list|search|get|queue|review-issue|candidates|reports|schedules|lint|packet|explain|reindex|consolidate',
+  argsHint: 'status|ask|ingest-url --yes|import-bookmarks --yes|list|search|get|queue|review-issue --yes',
   handler: async (args: string[], context: CommandContext): Promise<void> => {
     const knowledge = requireAgentKnowledgeApi(context);
     if (!knowledge) {
@@ -169,7 +170,8 @@ export const knowledgeCommand: SlashCommand = {
       return;
     }
     const sub = (args[0] ?? 'status').toLowerCase();
-    const rest = args.slice(1);
+    const confirmation = stripYesFlag(args.slice(1));
+    const rest = [...confirmation.rest];
     const disallowedScopeFlag = findDisallowedKnowledgeScopeFlag(rest);
     if (disallowedScopeFlag) {
       printScopeFlagRejection(context, disallowedScopeFlag);
@@ -219,7 +221,11 @@ export const knowledgeCommand: SlashCommand = {
       case 'ingest-url': {
         const [url] = positionalArgs(rest, ['--title', '--tags', '--folder']);
         if (!url) {
-          context.print('[knowledge] Usage: /knowledge ingest-url <url> [--title <title>] [--tags <a,b>] [--folder <path>]');
+          context.print('[knowledge] Usage: /knowledge ingest-url <url> [--title <title>] [--tags <a,b>] [--folder <path>] --yes');
+          return;
+        }
+        if (!confirmation.yes) {
+          requireYesFlag(context, `ingest URL into Agent Knowledge ${url}`, '/knowledge ingest-url <url> [--title <title>] [--tags <a,b>] [--folder <path>] --yes');
           return;
         }
         const result = await knowledge.ingest.url({
@@ -240,7 +246,11 @@ export const knowledgeCommand: SlashCommand = {
       case 'import-bookmarks': {
         const [path] = positionalArgs(rest);
         if (!path) {
-          context.print('[knowledge] Usage: /knowledge import-bookmarks <path>');
+          context.print('[knowledge] Usage: /knowledge import-bookmarks <path> --yes');
+          return;
+        }
+        if (!confirmation.yes) {
+          requireYesFlag(context, `import bookmark file into Agent Knowledge ${path}`, '/knowledge import-bookmarks <path> --yes');
           return;
         }
         const result = await knowledge.ingest.bookmarksFile({ path, sessionId: context.session.runtime.sessionId });
@@ -254,7 +264,11 @@ export const knowledgeCommand: SlashCommand = {
       case 'import-urls': {
         const [path] = positionalArgs(rest);
         if (!path) {
-          context.print('[knowledge] Usage: /knowledge import-urls <path>');
+          context.print('[knowledge] Usage: /knowledge import-urls <path> --yes');
+          return;
+        }
+        if (!confirmation.yes) {
+          requireYesFlag(context, `import URL list into Agent Knowledge ${path}`, '/knowledge import-urls <path> --yes');
           return;
         }
         const result = await knowledge.ingest.urlsFile({ path, sessionId: context.session.runtime.sessionId });
@@ -401,7 +415,11 @@ export const knowledgeCommand: SlashCommand = {
         const [issueId, actionValue] = positionalArgs(rest, ['--reviewer', '--value']);
         const action = actionValue?.toLowerCase();
         if (!issueId || !action || !KNOWLEDGE_REVIEW_ACTIONS.includes(action as KnowledgeReviewAction)) {
-          context.print('[knowledge] Usage: /knowledge review-issue <issueId> <accept|reject|resolve|reopen|edit|forget> [--reviewer <name>] [--value <json-object>]');
+          context.print('[knowledge] Usage: /knowledge review-issue <issueId> <accept|reject|resolve|reopen|edit|forget> [--reviewer <name>] [--value <json-object>] --yes');
+          return;
+        }
+        if (!confirmation.yes) {
+          requireYesFlag(context, `review Agent Knowledge issue ${issueId}`, '/knowledge review-issue <issueId> <action> [--reviewer <name>] [--value <json-object>] --yes');
           return;
         }
         const value = readJsonObjectFlag(rest, '--value');
@@ -513,6 +531,10 @@ export const knowledgeCommand: SlashCommand = {
       }
 
       case 'reindex': {
+        if (!confirmation.yes) {
+          requireYesFlag(context, 'reindex Agent Knowledge', '/knowledge reindex --yes');
+          return;
+        }
         const result = await knowledge.status.reindex();
         context.print([
           '[knowledge] Reindex complete',
@@ -525,6 +547,10 @@ export const knowledgeCommand: SlashCommand = {
       }
 
       case 'consolidate': {
+        if (!confirmation.yes) {
+          requireYesFlag(context, 'run Agent Knowledge consolidation', '/knowledge consolidate [light|deep] --yes');
+          return;
+        }
         const mode = (positionalArgs(rest)[0] ?? 'light').toLowerCase();
         const jobId = mode === 'deep' ? 'knowledge-deep-consolidation' : 'knowledge-light-consolidation';
         const run = await knowledge.jobs.run(jobId, { mode: 'inline' });
@@ -537,22 +563,22 @@ export const knowledgeCommand: SlashCommand = {
           'Usage: /knowledge <subcommand>',
           '  status',
           '  ask <query> [--limit <n>] [--mode <concise|standard|detailed>]',
-          '  ingest-url <url> [--title <title>] [--tags <a,b>] [--folder <path>]',
-          '  import-bookmarks <path>',
-          '  import-urls <path>',
+          '  ingest-url <url> [--title <title>] [--tags <a,b>] [--folder <path>] --yes',
+          '  import-bookmarks <path> --yes',
+          '  import-urls <path> --yes',
           '  list [--kind <sources|nodes|issues>] [--limit <n>]',
           '  search <query> [--limit <n>]',
           '  get <id>',
           '  queue [limit]',
-          '  review-issue <issueId> <accept|reject|resolve|reopen|edit|forget> [--reviewer <name>] [--value <json-object>]',
+          '  review-issue <issueId> <accept|reject|resolve|reopen|edit|forget> [--reviewer <name>] [--value <json-object>] --yes',
           '  candidates [limit]',
           '  reports [limit]',
           '  schedules',
           '  lint',
           '  packet <task...> [--scope <path> ...]',
           '  explain <task...> [--scope <path> ...]',
-          '  reindex',
-          '  consolidate [light|deep]',
+          '  reindex --yes',
+          '  consolidate [light|deep] --yes',
         ].join('\n'));
     }
   },

package/src/input/commands/local-auth-runtime.ts

@@ -1,13 +1,16 @@
 import type { CommandContext, CommandRegistry } from '../command-registry.ts';
 import { openCommandPanel, requireLocalUserAuthManager } from './runtime-services.ts';
 import { summarizeError } from '@pellux/goodvibes-sdk/platform/utils';
+import { requireYesFlag, stripYesFlag } from './confirmation.ts';
 
 function formatRoles(roles: readonly string[]): string {
   return roles.length > 0 ? roles.join(', ') : '(none)';
 }
 
 export function handleLocalAuthCommand(args: string[], ctx: CommandContext): void {
-  const sub = (args[0] ?? 'review').toLowerCase();
+  const parsed = stripYesFlag(args);
+  const commandArgs = [...parsed.rest];
+  const sub = (commandArgs[0] ?? 'review').toLowerCase();
   const auth = requireLocalUserAuthManager(ctx);
   if (sub === 'panel' || sub === 'open') {
     openCommandPanel(ctx, 'local-auth');
@@ -15,11 +18,15 @@ export function handleLocalAuthCommand(args: string[], ctx: CommandContext): voi
   }
 
   if (sub === 'add-user') {
-    const username = args[1];
-    const password = args[2];
-    const roles = args[3]?.split(',').map((value) => value.trim()).filter(Boolean) ?? ['admin'];
+    const username = commandArgs[1];
+    const password = commandArgs[2];
+    const roles = commandArgs[3]?.split(',').map((value) => value.trim()).filter(Boolean) ?? ['admin'];
     if (!username || !password) {
-      ctx.print('Usage: /auth local add-user <username> <password> [roles]');
+      ctx.print('Usage: /auth local add-user <username> <password> [roles] --yes');
+      return;
+    }
+    if (!parsed.yes) {
+      requireYesFlag(ctx, `add local auth user ${username}`, '/auth local add-user <username> <password> [roles] --yes');
       return;
     }
     try {
@@ -32,9 +39,13 @@ export function handleLocalAuthCommand(args: string[], ctx: CommandContext): voi
   }
 
   if (sub === 'delete-user') {
-    const username = args[1];
+    const username = commandArgs[1];
     if (!username) {
-      ctx.print('Usage: /auth local delete-user <username>');
+      ctx.print('Usage: /auth local delete-user <username> --yes');
+      return;
+    }
+    if (!parsed.yes) {
+      requireYesFlag(ctx, `delete local auth user ${username}`, '/auth local delete-user <username> --yes');
       return;
     }
     try {
@@ -47,10 +58,14 @@ export function handleLocalAuthCommand(args: string[], ctx: CommandContext): voi
   }
 
   if (sub === 'rotate-password') {
-    const username = args[1];
-    const password = args[2];
+    const username = commandArgs[1];
+    const password = commandArgs[2];
     if (!username || !password) {
-      ctx.print('Usage: /auth local rotate-password <username> <password>');
+      ctx.print('Usage: /auth local rotate-password <username> <password> --yes');
+      return;
+    }
+    if (!parsed.yes) {
+      requireYesFlag(ctx, `rotate password for local auth user ${username}`, '/auth local rotate-password <username> <password> --yes');
       return;
     }
     try {
@@ -63,9 +78,13 @@ export function handleLocalAuthCommand(args: string[], ctx: CommandContext): voi
   }
 
   if (sub === 'revoke-session') {
-    const token = args[1];
+    const token = commandArgs[1];
     if (!token) {
-      ctx.print('Usage: /auth local revoke-session <token-or-fingerprint>');
+      ctx.print('Usage: /auth local revoke-session <token-or-fingerprint> --yes');
+      return;
+    }
+    if (!parsed.yes) {
+      requireYesFlag(ctx, 'revoke local auth session', '/auth local revoke-session <token-or-fingerprint> --yes');
       return;
     }
     ctx.print(auth.revokeSession(token) ? `Revoked session ${token.slice(0, 12)}…` : `Unknown session token or fingerprint: ${token}`);
@@ -73,6 +92,10 @@ export function handleLocalAuthCommand(args: string[], ctx: CommandContext): voi
   }
 
   if (sub === 'clear-bootstrap-file') {
+    if (!parsed.yes) {
+      requireYesFlag(ctx, 'clear the local auth bootstrap credential file', '/auth local clear-bootstrap-file --yes');
+      return;
+    }
     ctx.print(auth.clearBootstrapCredentialFile()
       ? 'Removed bootstrap credential file.'
       : 'No bootstrap credential file was present.');
@@ -97,7 +120,7 @@ export function registerLocalAuthRuntimeCommands(registry: CommandRegistry): voi
     name: 'local-auth',
     aliases: ['auth-local'],
     description: 'Inspect and manage local daemon/listener auth users, sessions, and bootstrap credentials',
-    usage: '[review|panel|add-user <username> <password> [roles]|delete-user <username>|rotate-password <username> <password>|revoke-session <token-or-fingerprint>|clear-bootstrap-file]',
+    usage: '[review|panel|add-user <username> <password> [roles] --yes|delete-user <username> --yes|rotate-password <username> <password> --yes|revoke-session <token-or-fingerprint> --yes|clear-bootstrap-file --yes]',
     handler(args, ctx) {
       handleLocalAuthCommand(args, ctx);
     },

package/src/input/commands/local-provider-runtime.ts

@@ -7,6 +7,7 @@ import type { CustomProviderConfig } from '@pellux/goodvibes-sdk/platform/provid
 import { requireProviderApi, requireShellPaths } from './runtime-services.ts';
 import { summarizeError } from '@pellux/goodvibes-sdk/platform/utils';
 import { GOODVIBES_AGENT_SURFACE_ROOT } from '../../config/surface.ts';
+import { requireYesFlag, stripYesFlag } from './confirmation.ts';
 
 function isValidProviderName(name: string): boolean {
   return /^[a-zA-Z0-9_-]+$/.test(name);
@@ -17,17 +18,23 @@ export function registerLocalProviderRuntimeCommands(registry: CommandRegistry):
     name: 'provider',
     aliases: ['p'],
     description: 'Switch provider or manage custom providers (add/remove)',
-    usage: '[add <name> <baseURL> [apiKey] | remove <name> | <provider-name>]',
-    argsHint: '[add|remove|name]',
+    usage: '[add <name> <baseURL> [apiKey] --yes | remove <name> --yes | <provider-name>]',
+    argsHint: '[name|add --yes|remove --yes]',
     async handler(args, ctx) {
+      const parsed = stripYesFlag(args);
+      const commandArgs = [...parsed.rest];
       const shellPaths = requireShellPaths(ctx);
-      if (args[0] === 'add') {
-        const addArgs = args.slice(1);
+      if (commandArgs[0] === 'add') {
+        const addArgs = commandArgs.slice(1);
         if (addArgs.length < 2) {
-          ctx.print('Usage: /provider add <name> <baseURL> [apiKey]\nExample: /provider add my-server http://192.168.0.85:8001/v1');
+          ctx.print('Usage: /provider add <name> <baseURL> [apiKey] --yes\nExample: /provider add my-server http://192.168.0.85:8001/v1 --yes');
           return;
         }
         const [name, baseURL, apiKey] = addArgs;
+        if (!parsed.yes) {
+          requireYesFlag(ctx, `add custom provider ${name}`, '/provider add <name> <baseURL> [apiKey] --yes');
+          return;
+        }
         if (!isValidProviderName(name)) {
           ctx.print('Error: Provider name must contain only letters, numbers, hyphens, and underscores.');
           return;
@@ -42,7 +49,7 @@ export function registerLocalProviderRuntimeCommands(registry: CommandRegistry):
         const providersDir = shellPaths.resolveUserPath(GOODVIBES_AGENT_SURFACE_ROOT, 'providers');
         const providerFile = join(providersDir, `${name}.json`);
         if (existsSync(providerFile)) {
-          ctx.print(`Error: Provider '${name}' already exists at ${providerFile}\nRemove it first with: /provider remove ${name}`);
+          ctx.print(`Error: Provider '${name}' already exists at ${providerFile}\nRemove it first with: /provider remove ${name} --yes`);
           return;
         }
 
@@ -111,10 +118,14 @@ export function registerLocalProviderRuntimeCommands(registry: CommandRegistry):
         return;
       }
 
-      if (args[0] === 'remove' || args[0] === 'rm') {
-        const name = args[1];
+      if (commandArgs[0] === 'remove' || commandArgs[0] === 'rm') {
+        const name = commandArgs[1];
         if (!name) {
-          ctx.print('Usage: /provider remove <name>');
+          ctx.print('Usage: /provider remove <name> --yes');
+          return;
+        }
+        if (!parsed.yes) {
+          requireYesFlag(ctx, `remove custom provider ${name}`, '/provider remove <name> --yes');
           return;
         }
         if (!isValidProviderName(name)) {
@@ -135,7 +146,7 @@ export function registerLocalProviderRuntimeCommands(registry: CommandRegistry):
         return;
       }
 
-      if (args.length === 0) {
+      if (commandArgs.length === 0) {
         if (ctx.openProviderPicker) {
           ctx.openProviderPicker();
           return;
@@ -145,7 +156,7 @@ export function registerLocalProviderRuntimeCommands(registry: CommandRegistry):
         return;
       }
 
-      const providerName = args[0];
+      const providerName = commandArgs[0];
       const providerApi = requireProviderApi(ctx);
       const selectable = await providerApi.listModels({
         providerId: providerName,

package/src/input/commands/local-runtime.ts

@@ -8,6 +8,7 @@ import { resolveAndValidatePath } from '@pellux/goodvibes-sdk/platform/utils';
 import { BUILTIN_SECRET_PROVIDER_SOURCES, describeSecretRef, isSecretRefInput, resolveSecretRef } from '@pellux/goodvibes-sdk/platform/config';
 import { openCommandPanel, requireBookmarkManager, requireProviderApi, requireSecretsManager } from './runtime-services.ts';
 import { summarizeError } from '@pellux/goodvibes-sdk/platform/utils';
+import { requireYesFlag, stripYesFlag } from './confirmation.ts';
 
 function isGoodVibesSecretRefInput(value: string): boolean {
   const normalized = value.trim();
@@ -143,16 +144,17 @@ export function registerLocalRuntimeCommands(registry: CommandRegistry): void {
   registry.register({
     name: 'secrets',
     description: 'Manage hierarchy-aware secrets, external secret refs, and secure/plaintext storage policy controls',
-    usage: 'set <KEY> <value> [--user|--project] [--secure|--plaintext] | link <KEY> <secret-ref> [--user|--project] [--secure|--plaintext] | get <KEY> | test <secret-ref> | providers | list | delete <KEY> [--user|--project] [--secure|--plaintext]',
+    usage: 'set <KEY> <value> [--user|--project] [--secure|--plaintext] --yes | link <KEY> <secret-ref> [--user|--project] [--secure|--plaintext] --yes | get <KEY> | test <secret-ref> | providers | list | delete <KEY> [--user|--project] [--secure|--plaintext] --yes',
     argsHint: '<set|link|get|test|providers|list|delete> [KEY]',
     async handler(args, ctx) {
       const mgr = requireSecretsManager(ctx);
-      const [sub, ...rest] = args;
+      const parsed = stripYesFlag(args);
+      const [sub, ...rest] = parsed.rest;
       if (!sub || sub === 'list') {
         const records = await mgr.listDetailed();
         const storedRecords = records.filter((record) => record.source !== 'env');
         ctx.print(storedRecords.length === 0
-          ? '[secrets] No secrets stored. Use: /secrets set <KEY> <value>'
+          ? '[secrets] No secrets stored. Use: /secrets set <KEY> <value> --yes'
           : [
             '[secrets] Stored keys:',
             ...storedRecords.map((record) => `  ${record.key} (${record.source}${record.refSource ? `, ref:${record.refSource}` : ''}${record.overriddenByEnv ? ', env override' : ''})`),
@@ -165,11 +167,11 @@ export function registerLocalRuntimeCommands(registry: CommandRegistry): void {
           ...BUILTIN_SECRET_PROVIDER_SOURCES.map((source) => `  ${source}`),
           '',
           'Examples:',
-          '  /secrets link OPENAI_API_KEY goodvibes://secrets/env/OPENAI_API_KEY',
-          '  /secrets link SLACK_BOT_TOKEN goodvibes://secrets/bitwarden?item=GoodVibes%20Slack&field=password&sessionEnv=BW_SESSION',
-          '  /secrets link SLACK_BOT_TOKEN goodvibes://secrets/vaultwarden?item=GoodVibes%20Slack&field=password&server=https%3A%2F%2Fvault.example.test',
-          '  /secrets link STRIPE_TOKEN goodvibes://secrets/bws/00000000-0000-0000-0000-000000000000?field=value&accessTokenEnv=BWS_ACCESS_TOKEN',
-          '  /secrets link OPENAI_API_KEY goodvibes://secrets/1password?vault=Private&item=GoodVibes%20OpenAI&field=API%20Key',
+          '  /secrets link OPENAI_API_KEY goodvibes://secrets/env/OPENAI_API_KEY --yes',
+          '  /secrets link SLACK_BOT_TOKEN goodvibes://secrets/bitwarden?item=GoodVibes%20Slack&field=password&sessionEnv=BW_SESSION --yes',
+          '  /secrets link SLACK_BOT_TOKEN goodvibes://secrets/vaultwarden?item=GoodVibes%20Slack&field=password&server=https%3A%2F%2Fvault.example.test --yes',
+          '  /secrets link STRIPE_TOKEN goodvibes://secrets/bws/00000000-0000-0000-0000-000000000000?field=value&accessTokenEnv=BWS_ACCESS_TOKEN --yes',
+          '  /secrets link OPENAI_API_KEY goodvibes://secrets/1password?vault=Private&item=GoodVibes%20OpenAI&field=API%20Key --yes',
         ].join('\n'));
         return;
       }
@@ -196,10 +198,14 @@ export function registerLocalRuntimeCommands(registry: CommandRegistry): void {
         const valueParts = rest.filter((value) => !value.startsWith('--'));
         const [key, ...rawValueParts] = valueParts;
         if (!key || valueParts.length === 0) {
-          ctx.print(`[secrets] Usage: /secrets ${sub} <KEY> <${sub === 'link' ? 'secret-ref' : 'value'}> [--user|--project] [--secure|--plaintext]`);
+          ctx.print(`[secrets] Usage: /secrets ${sub} <KEY> <${sub === 'link' ? 'secret-ref' : 'value'}> [--user|--project] [--secure|--plaintext] --yes`);
           return;
         }
         const value = rawValueParts.join(' ');
+        if (!parsed.yes) {
+          requireYesFlag(ctx, `${sub === 'link' ? 'link secret reference for' : 'store secret value for'} ${key}`, `/secrets ${sub} <KEY> <${sub === 'link' ? 'secret-ref' : 'value'}> [--user|--project] [--secure|--plaintext] --yes`);
+          return;
+        }
         if (sub === 'link' && !isGoodVibesSecretRefInput(value)) {
           ctx.print('[secrets] Invalid secret reference. Use /secrets providers for examples.');
           return;
@@ -230,7 +236,11 @@ export function registerLocalRuntimeCommands(registry: CommandRegistry): void {
         const flags = new Set(rest.filter((value) => value.startsWith('--')));
         const [key] = rest.filter((value) => !value.startsWith('--'));
         if (!key) {
-          ctx.print('[secrets] Usage: /secrets delete <KEY> [--user|--project] [--secure|--plaintext]');
+          ctx.print('[secrets] Usage: /secrets delete <KEY> [--user|--project] [--secure|--plaintext] --yes');
+          return;
+        }
+        if (!parsed.yes) {
+          requireYesFlag(ctx, `delete secret ${key}`, '/secrets delete <KEY> [--user|--project] [--secure|--plaintext] --yes');
           return;
         }
         await mgr.delete(key, {
@@ -240,7 +250,7 @@ export function registerLocalRuntimeCommands(registry: CommandRegistry): void {
         ctx.print(`[secrets] Deleted: ${key}`);
         return;
       }
-      ctx.print('[secrets] Usage: /secrets set <KEY> <value> [--user|--project] [--secure|--plaintext] | link <KEY> <secret-ref> [--user|--project] [--secure|--plaintext] | get <KEY> | test <secret-ref> | providers | list | delete <KEY> [--user|--project] [--secure|--plaintext]');
+      ctx.print('[secrets] Usage: /secrets set <KEY> <value> [--user|--project] [--secure|--plaintext] --yes | link <KEY> <secret-ref> [--user|--project] [--secure|--plaintext] --yes | get <KEY> | test <secret-ref> | providers | list | delete <KEY> [--user|--project] [--secure|--plaintext] --yes');
     },
   });
 

package/src/input/commands/local-setup.ts

@@ -16,6 +16,7 @@ import { buildSetupReviewSnapshot, exportSetupSupportBundle } from './local-setu
 import { openOnboardingWizard, requirePanelManager, requireShellPaths } from './runtime-services.ts';
 import { summarizeError } from '@pellux/goodvibes-sdk/platform/utils';
 import { GOODVIBES_AGENT_SURFACE_ROOT } from '../../config/surface.ts';
+import { requireYesFlag, stripYesFlag } from './confirmation.ts';
 
 type SetupSnapshot = Awaited<ReturnType<typeof buildSetupReviewSnapshot>>;
 
@@ -24,9 +25,11 @@ export function registerLocalSetupCommands(registry: CommandRegistry): void {
     name: 'setup',
     aliases: ['startup'],
     description: 'Launch the onboarding wizard and review Agent startup readiness',
-    usage: '[review|doctor|services|hooks|remote|sandbox|onboarding|support-bundle <dir>|export <path>|transfer <export|inspect|import> <path>|link <surface> [target]|open-link <uri>]',
+    usage: '[review|doctor|services|hooks|remote|sandbox|onboarding|support-bundle <dir> --yes|export <path> --yes|transfer <export|inspect|import> <path> [--yes]|link <surface> [target]|open-link <uri>]',
     async handler(args, ctx) {
-      const sub = args[0] ?? 'review';
+      const parsed = stripYesFlag(args);
+      const commandArgs = [...parsed.rest];
+      const sub = commandArgs[0] ?? 'review';
       let shellPaths: ReturnType<typeof requireShellPaths> | null = null;
       let snapshotPromise: Promise<SetupSnapshot> | null = null;
       const getShellPaths = () => (shellPaths ??= requireShellPaths(ctx));
@@ -134,12 +137,16 @@ export function registerLocalSetupCommands(registry: CommandRegistry): void {
       }
 
       if (sub === 'support-bundle') {
-        const snapshot = await getSnapshot();
-        const dirArg = args[1];
+        const dirArg = commandArgs[1];
         if (!dirArg) {
-          ctx.print('Usage: /setup support-bundle <dir>');
+          ctx.print('Usage: /setup support-bundle <dir> --yes');
+          return;
+        }
+        if (!parsed.yes) {
+          requireYesFlag(ctx, `export setup support bundle to ${dirArg}`, '/setup support-bundle <dir> --yes');
           return;
         }
+        const snapshot = await getSnapshot();
         const targetDir = exportSetupSupportBundle(dirArg, snapshot, ctx);
         writeFileSync(join(targetDir, 'remote-summary.json'), JSON.stringify({
           runners: ctx.ops.remoteRuntime?.listContracts() ?? [],
@@ -155,12 +162,16 @@ export function registerLocalSetupCommands(registry: CommandRegistry): void {
       }
 
       if (sub === 'export') {
-        const snapshot = await getSnapshot();
-        const pathArg = args[1];
+        const pathArg = commandArgs[1];
         if (!pathArg) {
-          ctx.print('Usage: /setup export <path>');
+          ctx.print('Usage: /setup export <path> --yes');
           return;
         }
+        if (!parsed.yes) {
+          requireYesFlag(ctx, `export startup review to ${pathArg}`, '/setup export <path> --yes');
+          return;
+        }
+        const snapshot = await getSnapshot();
         const targetPath = getShellPaths().resolveWorkspacePath(pathArg);
         mkdirSync(dirname(targetPath), { recursive: true });
         writeFileSync(targetPath, JSON.stringify(snapshot, null, 2) + '\n', 'utf-8');
@@ -169,14 +180,18 @@ export function registerLocalSetupCommands(registry: CommandRegistry): void {
       }
 
       if (sub === 'transfer') {
-        const mode = args[1]?.toLowerCase();
-        const pathArg = args[2];
+        const mode = commandArgs[1]?.toLowerCase();
+        const pathArg = commandArgs[2];
         if (!mode || !pathArg) {
-          ctx.print('Usage: /setup transfer <export|inspect|import> <path>');
+          ctx.print('Usage: /setup transfer <export|inspect|import> <path> [--yes]');
           return;
         }
         const targetPath = getShellPaths().resolveWorkspacePath(pathArg);
         if (mode === 'export') {
+          if (!parsed.yes) {
+            requireYesFlag(ctx, `export setup transfer bundle to ${pathArg}`, '/setup transfer export <path> --yes');
+            return;
+          }
           const snapshot = await getSnapshot();
           const bundle = buildSetupTransferBundle(ctx, snapshot);
           ctx.print(`Exported setup transfer bundle to ${exportSetupTransferBundle(ctx, pathArg, bundle)}`);
@@ -192,6 +207,10 @@ export function registerLocalSetupCommands(registry: CommandRegistry): void {
           return;
         }
         if (mode === 'import') {
+          if (!parsed.yes) {
+            requireYesFlag(ctx, `import setup transfer bundle from ${pathArg}`, '/setup transfer import <path> --yes');
+            return;
+          }
           try {
             const bundle = JSON.parse(readFileSync(targetPath, 'utf-8')) as SetupTransferBundle;
             for (const entry of CONFIG_SCHEMA) {
@@ -220,13 +239,13 @@ export function registerLocalSetupCommands(registry: CommandRegistry): void {
           }
           return;
         }
-        ctx.print('Usage: /setup transfer <export|inspect|import> <path>');
+        ctx.print('Usage: /setup transfer <export|inspect|import> <path> [--yes]');
         return;
       }
 
       if (sub === 'link') {
-        const surface = args[1];
-        const target = args[2];
+        const surface = commandArgs[1];
+        const target = commandArgs[2];
         if (!surface) {
           ctx.print('Usage: /setup link <cockpit|security|remote|knowledge|incident|hooks|orchestration|tasks> [target]');
           return;
@@ -236,7 +255,7 @@ export function registerLocalSetupCommands(registry: CommandRegistry): void {
       }
 
       if (sub === 'open-link') {
-        const link = args[1];
+        const link = commandArgs[1];
         if (!link) {
           ctx.print('Usage: /setup open-link <goodvibes://...>');
           return;
@@ -276,7 +295,7 @@ export function registerLocalSetupCommands(registry: CommandRegistry): void {
         return;
       }
 
-      ctx.print('Usage: /setup [review|doctor|services|hooks|remote|sandbox|onboarding|support-bundle <dir>|export <path>|transfer <export|inspect|import> <path>|link <surface> [target]|open-link <uri>]');
+      ctx.print('Usage: /setup [review|doctor|services|hooks|remote|sandbox|onboarding|support-bundle <dir> --yes|export <path> --yes|transfer <export|inspect|import> <path> [--yes]|link <surface> [target]|open-link <uri>]');
     },
   });
 }