@pellux/goodvibes-agent 0.1.104 → 0.1.106

package/src/input/commands/platform-access-runtime.ts

@@ -9,32 +9,17 @@ import { requireYesFlag, stripYesFlag } from './confirmation.ts';
 interface AuthReviewBundle {
   readonly version: 1;
   readonly exportedAt: number;
-  readonly runtimeLoginUrl: string;
-  readonly listenerLoginUrl: string;
+  readonly externalRuntimeAuth: 'managed-outside-agent';
   readonly secretKeys: readonly string[];
   readonly activeSubscriptions: readonly string[];
   readonly pendingSubscriptions: readonly string[];
 }
 
-type AuthServiceLoginTarget = 'runtime' | 'listener';
-
-function normalizeAuthServiceLoginTarget(value: string | undefined): AuthServiceLoginTarget | null {
-  const normalized = value?.trim().toLowerCase();
-  if (normalized === 'runtime' || normalized === 'daemon') return 'runtime';
-  if (normalized === 'listener' || normalized === 'inbound-listener') return 'listener';
-  return null;
-}
-
-function authServiceSecretPrefix(target: AuthServiceLoginTarget): string {
-  return target === 'runtime' ? 'RUNTIME' : 'LISTENER';
-}
-
 function inspectAuthBundle(bundle: AuthReviewBundle): string {
   return [
     'Auth Review Bundle',
     `  exportedAt: ${new Date(bundle.exportedAt).toISOString()}`,
-    `  runtimeLoginUrl: ${bundle.runtimeLoginUrl}`,
-    `  listenerLoginUrl: ${bundle.listenerLoginUrl}`,
+    `  externalRuntimeAuth: ${bundle.externalRuntimeAuth}`,
     `  stored secrets: ${bundle.secretKeys.length}`,
     `  active subscriptions: ${bundle.activeSubscriptions.length}`,
     `  pending subscriptions: ${bundle.pendingSubscriptions.length}`,
@@ -44,12 +29,11 @@ function inspectAuthBundle(bundle: AuthReviewBundle): string {
 export function registerPlatformAccessRuntimeCommands(registry: CommandRegistry): void {
   registry.register({
     name: 'login',
-    description: 'Front-door login flow for provider subscriptions and local service sessions',
-    usage: '[provider <name> start|finish <code> --yes|service <runtime|listener> <baseUrl> <username> <password> [secretKey] --yes]',
+    description: 'Front-door login flow for provider subscriptions',
+    usage: 'provider <name> start|finish <code> --yes',
     async handler(args, ctx) {
       const parsed = stripYesFlag(args);
       const commandArgs = [...parsed.rest];
-      const shellPaths = requireShellPaths(ctx);
       const target = (commandArgs[0] ?? '').toLowerCase();
       if (target === 'provider') {
         const provider = commandArgs[1];
@@ -69,19 +53,16 @@ export function registerPlatformAccessRuntimeCommands(registry: CommandRegistry)
         ctx.print(`Use /subscription login ${provider} ${mode}${commandArgs[3] ? ` ${commandArgs[3]}` : ''} --yes`);
         return;
       }
-      if (target === 'service') {
-        if (!parsed.yes) {
-          requireYesFlag(ctx, 'store a local service session token', '/login service <runtime|listener> <baseUrl> <username> <password> [secretKey] --yes');
-          return;
-        }
-        if (ctx.executeCommand) {
-          await ctx.executeCommand('auth', ['login', ...commandArgs.slice(1), '--yes']);
-          return;
-        }
-        ctx.print('Use /auth login <runtime|listener> <baseUrl> <username> <password> [secretKey] --yes');
+      if (target === 'service' || target === 'runtime' || target === 'listener' || target === 'daemon') {
+        ctx.print([
+          'Runtime service login is external to GoodVibes Agent.',
+          'Agent does not create, exchange, store, rotate, revoke, or clear runtime/listener service sessions.',
+          'Use the runtime-owning GoodVibes TUI or host tooling for runtime auth administration.',
+          'Agent login supports provider subscriptions only: /login provider <name> start|finish <code> --yes.',
+        ].join('\n'));
         return;
       }
-      ctx.print('Usage: /login [provider <name> start|finish <code> --yes|service <runtime|listener> <baseUrl> <username> <password> [secretKey] --yes]');
+      ctx.print('Usage: /login provider <name> start|finish <code> --yes');
     },
   });
 
@@ -111,25 +92,34 @@ export function registerPlatformAccessRuntimeCommands(registry: CommandRegistry)
 
   registry.register({
     name: 'auth',
-    description: 'Review auth posture and exchange session login tokens with local services',
-    usage: '[review|show <provider>|repair <provider>|bundle export <path> --yes|bundle inspect <path>|login <runtime|listener> <baseUrl> <username> <password> [secretKey] --yes]',
+    description: 'Review provider auth posture and export redacted auth review bundles',
+    usage: '[review|show <provider>|repair <provider>|bundle export <path> --yes|bundle inspect <path>]',
     async handler(args, ctx) {
       const parsed = stripYesFlag(args);
       const commandArgs = [...parsed.rest];
-      const shellPaths = requireShellPaths(ctx);
       const sub = commandArgs[0] ?? 'review';
-      const subscriptions = requireSubscriptionManager(ctx);
-      const serviceRegistry = requireServiceRegistry(ctx);
-      const secretsManager = requireSecretsManager(ctx);
       if (sub === 'local') {
         ctx.print([
           'Local runtime auth management is external to GoodVibes Agent.',
           'Agent connects to an already-running GoodVibes runtime and does not create, delete, rotate, revoke, or clear runtime auth users, sessions, or bootstrap credentials.',
           'Use the runtime-owning GoodVibes TUI or host tooling for runtime auth administration.',
-          'Agent auth commands available here: /auth review, /auth show <provider>, /auth repair <provider>, /auth login <runtime|listener> ... --yes.',
+          'Agent auth commands available here: /auth review, /auth show <provider>, /auth repair <provider>, /auth bundle export <path> --yes, /auth bundle inspect <path>.',
         ].join('\n'));
         return;
       }
+      if (sub === 'login') {
+        ctx.print([
+          'Runtime service login is external to GoodVibes Agent.',
+          'Agent does not create, exchange, store, rotate, revoke, or clear runtime/listener service sessions.',
+          'Use the runtime-owning GoodVibes TUI or host tooling for runtime auth administration.',
+        ].join('\n'));
+        return;
+      }
+
+      const shellPaths = requireShellPaths(ctx);
+      const subscriptions = requireSubscriptionManager(ctx);
+      const serviceRegistry = requireServiceRegistry(ctx);
+      const secretsManager = requireSecretsManager(ctx);
       if (sub === 'review') {
         const snapshot = await buildAuthInspectionSnapshot({
           serviceRegistry,
@@ -139,8 +129,7 @@ export function registerPlatformAccessRuntimeCommands(registry: CommandRegistry)
         const builtinProviders = listBuiltinSubscriptionProviders().map((entry) => entry.provider);
         ctx.print([
           'Auth Review',
-          '  runtime login route: /login',
-          '  listener login route: /login',
+          '  runtime auth: managed outside goodvibes-agent',
           `  stored secrets: ${snapshot.secretKeyCount}`,
           `  built-in providers: ${builtinProviders.length}${builtinProviders.length > 0 ? ` (${builtinProviders.join(', ')})` : ''}`,
           `  active subscriptions: ${snapshot.activeSubscriptions}${snapshot.activeSubscriptions > 0 ? ` (${snapshot.providers.filter((provider) => provider.activeSubscription).map((provider) => provider.provider).join(', ')})` : ''}`,
@@ -221,8 +210,7 @@ export function registerPlatformAccessRuntimeCommands(registry: CommandRegistry)
           const bundle: AuthReviewBundle = {
             version: 1,
             exportedAt: Date.now(),
-            runtimeLoginUrl: 'http://127.0.0.1:3421/login',
-            listenerLoginUrl: 'http://127.0.0.1:3422/login',
+            externalRuntimeAuth: 'managed-outside-agent',
             secretKeys,
             activeSubscriptions: subscriptions.list().map((entry) => entry.provider),
             pendingSubscriptions: subscriptions.listPending().map((entry) => entry.provider),
@@ -238,43 +226,7 @@ export function registerPlatformAccessRuntimeCommands(registry: CommandRegistry)
           return;
         }
       }
-
-      if (sub === 'login') {
-        const target = normalizeAuthServiceLoginTarget(commandArgs[1]);
-        const baseUrl = commandArgs[2];
-        const username = commandArgs[3];
-        const password = commandArgs[4];
-        const secretKey = commandArgs[5] ?? `${target ? authServiceSecretPrefix(target) : 'SERVICE'}_SESSION_TOKEN`;
-        if (!target || !baseUrl || !username || !password) {
-          ctx.print('Usage: /auth login <runtime|listener> <baseUrl> <username> <password> [secretKey] --yes');
-          return;
-        }
-        if (!parsed.yes) {
-          requireYesFlag(ctx, `store ${target} session token`, '/auth login <runtime|listener> <baseUrl> <username> <password> [secretKey] --yes');
-          return;
-        }
-        const url = new URL('/login', baseUrl).toString();
-        const response = await fetch(url, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ username, password }),
-        });
-        if (!response.ok) {
-          const body = await response.text();
-          ctx.print(`Auth login failed (${response.status}): ${body}`);
-          return;
-        }
-        const body = await response.json() as { token?: unknown };
-        if (typeof body.token !== 'string') {
-          ctx.print('Auth login response did not include a session token.');
-          return;
-        }
-        await requireSecretsManager(ctx).set(secretKey, body.token);
-        ctx.print(`Stored ${target} session token in secure storage as ${secretKey}.`);
-        return;
-      }
-
-      ctx.print('Usage: /auth [review|show <provider>|bundle export <path> --yes|bundle inspect <path>|login <runtime|listener> <baseUrl> <username> <password> [secretKey] --yes]');
+      ctx.print('Usage: /auth [review|show <provider>|bundle export <path> --yes|bundle inspect <path>]');
     },
   });
 }

package/src/input/commands/session-content.ts

@@ -144,7 +144,7 @@ export function registerSessionContentCommands(registry: CommandRegistry): void
         if (meta.title) ctx.session.conversationManager.title = meta.title;
         ctx.session.conversationManager.rebuildHistory();
         ctx.renderRequest();
-        ctx.print(`Session loaded: ${args[0]} (${messages.length} messages)${agentRecords.length > 0 ? ` [ignored ${agentRecords.length} copied local agent record${agentRecords.length !== 1 ? 's' : ''}]` : ''}`);
+        ctx.print(`Session loaded: ${args[0]} (${messages.length} messages)${agentRecords.length > 0 ? ` [ignored ${agentRecords.length} runtime-owned local agent record${agentRecords.length !== 1 ? 's' : ''}]` : ''}`);
       } catch (e) {
         ctx.print(`Failed to load session: ${summarizeError(e)}`);
       }
@@ -154,58 +154,40 @@ export function registerSessionContentCommands(registry: CommandRegistry): void
   registry.register({
     name: 'undo',
     aliases: [],
-    description: 'Undo last action. /undo file — revert last file write/edit. /undo — remove last conversation turn.',
-    usage: '[file]',
-    argsHint: '[file]',
+    description: 'Undo the last conversation turn',
+    usage: '',
+    argsHint: '',
     handler(args, ctx) {
-      if (args[0] === 'file') {
-        if (!ctx.workspace.fileUndoManager) {
-          ctx.print('File undo not available.');
-          return;
-        }
-        try {
-          const result = ctx.workspace.fileUndoManager.undo();
-          ctx.print(result ? `File reverted: ${result.path} (${result.tool} tool). Use /redo file to re-apply.` : 'Nothing to undo. No file operations recorded.');
-        } catch (err) {
-          ctx.print(`File undo failed: ${summarizeError(err)}`);
-        }
+      if (args.length > 0) {
+        ctx.print('Usage: /undo\n  Removes the last conversation turn. File edit undo belongs to the delegated GoodVibes TUI session.');
         return;
       }
       const success = ctx.session.conversationManager.undo();
       if (success) {
-        ctx.print('Last turn undone. Use /redo to restore. Tip: /undo file to revert a file write/edit.');
+        ctx.print('Last turn undone. Use /redo to restore.');
         ctx.renderRequest();
       } else {
-        ctx.print('Nothing to undo. Tip: use /undo file to revert the last file write/edit.');
+        ctx.print('Nothing to undo.');
       }
     },
   });
 
   registry.register({
     name: 'redo',
-    description: 'Redo last undone action. /redo file — re-apply last reverted file. /redo — restore conversation turn.',
-    usage: '[file]',
-    argsHint: '[file]',
+    description: 'Redo the last undone conversation turn',
+    usage: '',
+    argsHint: '',
     handler(args, ctx) {
-      if (args[0] === 'file') {
-        if (!ctx.workspace.fileUndoManager) {
-          ctx.print('File redo not available.');
-          return;
-        }
-        try {
-          const result = ctx.workspace.fileUndoManager.redo();
-          ctx.print(result ? `File re-applied: ${result.path} (${result.tool} tool).` : 'Nothing to redo.');
-        } catch (err) {
-          ctx.print(`File redo failed: ${summarizeError(err)}`);
-        }
+      if (args.length > 0) {
+        ctx.print('Usage: /redo\n  Restores the last undone conversation turn. File edit redo belongs to the delegated GoodVibes TUI session.');
         return;
       }
       const success = ctx.session.conversationManager.redo();
       if (success) {
-        ctx.print('Turn restored. Tip: /redo file to re-apply a reverted file.');
+        ctx.print('Turn restored.');
         ctx.renderRequest();
       } else {
-        ctx.print('Nothing to redo. Tip: use /redo file to re-apply the last reverted file.');
+        ctx.print('Nothing to redo.');
       }
     },
   });
@@ -260,8 +242,9 @@ export function registerSessionContentCommands(registry: CommandRegistry): void
   });
 
   registry.register({
-    name: 'memory',
-    description: 'Manage session memories (pinned across context compaction)',
+    name: 'session-memory',
+    aliases: ['smemory'],
+    description: 'Manage conversation-pinned memories used during context compaction',
     usage: '[list|add <text>|remove <id> --yes]',
     argsHint: '[list|add|remove]',
     handler(args, ctx) {
@@ -269,12 +252,12 @@ export function registerSessionContentCommands(registry: CommandRegistry): void
       if (sub === 'list' || args.length === 0) {
         const memories = requireSessionMemoryStore(ctx).list();
         ctx.print(memories.length === 0
-          ? 'No session memories. Use !# prefix or /memory add <text> to create one.'
-          : [`Session Memories (${memories.length}):`, ...memories.map(m => `  [${m.id}] ${m.text}`)].join('\n'));
+          ? 'No conversation-pinned memories. Use !# prefix or /session-memory add <text> to create one.'
+          : [`Conversation-Pinned Memories (${memories.length}):`, ...memories.map(m => `  [${m.id}] ${m.text}`)].join('\n'));
       } else if (sub === 'add') {
         const text = args.slice(1).join(' ').trim();
         if (!text) {
-          ctx.print('Usage: /memory add <text>');
+          ctx.print('Usage: /session-memory add <text>');
           return;
         }
         const id = requireSessionMemoryStore(ctx).add(text);
@@ -283,17 +266,17 @@ export function registerSessionContentCommands(registry: CommandRegistry): void
         const parsed = stripYesFlag(args);
         const id = parsed.rest[1];
         if (!id) {
-          ctx.print('Usage: /memory remove <id> --yes');
+          ctx.print('Usage: /session-memory remove <id> --yes');
           return;
         }
         if (!parsed.yes) {
-          requireYesFlag(ctx, `remove session memory ${id}`, '/memory remove <id> --yes');
+          requireYesFlag(ctx, `remove conversation-pinned memory ${id}`, '/session-memory remove <id> --yes');
           return;
         }
         const store = requireSessionMemoryStore(ctx);
         ctx.print(store.remove(id) ? `Memory removed: [${id}]` : `Memory not found: ${id}`);
       } else {
-        ctx.print('Usage: /memory [list|add <text>|remove <id> --yes]\n  /memory                    — list all session memories\n  /memory list               — list all session memories\n  /memory add <text>         — add a memory without sending a message\n  /memory remove <id> --yes  — remove a specific memory');
+        ctx.print('Usage: /session-memory [list|add <text>|remove <id> --yes]\n  /session-memory                    — list conversation-pinned memories\n  /session-memory list               — list conversation-pinned memories\n  /session-memory add <text>         — add a memory without sending a message\n  /session-memory remove <id> --yes  — remove a specific memory');
       }
     },
   });

package/src/input/commands.ts

@@ -1,4 +1,5 @@
 import type { CommandRegistry } from './command-registry.ts';
+import type { CommandContext } from './command-registry.ts';
 import { policyCommand } from './commands/policy.ts';
 import { sessionCommand } from './commands/session.ts';
 import { recallCommand } from './commands/memory.ts';
@@ -35,6 +36,19 @@ import { registerPersonasRuntimeCommands } from './commands/personas-runtime.ts'
 import { registerAgentSkillsRuntimeCommands } from './commands/agent-skills-runtime.ts';
 import { registerRoutinesRuntimeCommands } from './commands/routines-runtime.ts';
 
+function registerAgentMemoryCommand(registry: CommandRegistry): void {
+  registry.register({
+    name: 'memory',
+    aliases: ['mem'],
+    description: 'Agent-local memory: add, search, review, stale, and delete durable memory records',
+    usage: '<list|add|search|queue|review|stale|remove> [args]',
+    argsHint: 'list|add|search|queue|review|stale|remove',
+    handler: async (args: string[], context: CommandContext): Promise<void> => {
+      await recallCommand.handler(args.length === 0 ? ['list'] : args, context);
+    },
+  });
+}
+
 /**
  * registerBuiltinCommands - Register all built-in slash commands into the registry.
  * Call once during application startup.
@@ -71,6 +85,7 @@ export function registerBuiltinCommands(registry: CommandRegistry): void {
   registerPlanningRuntimeCommands(registry);
   registerScheduleRuntimeCommands(registry);
   registerSessionContentCommands(registry);
+  registerAgentMemoryCommand(registry);
 
   // ── /policy ───────────────────────────────────────────────────────────────
   registry.register(policyCommand);

package/src/input/handler-content-actions.ts

@@ -304,7 +304,7 @@ export function handleBlockSave(
     requestRender();
     return;
   }
-  conversationManager.log('[Block save blocked in GoodVibes Agent: use /share <html|json|md> <path> --yes or copy the block explicitly.]', { fg: '#f59e0b' });
+  conversationManager.log('[Block file save is disabled in GoodVibes Agent: copy the block explicitly or use /export markdown <path> --yes for the conversation.]', { fg: '#f59e0b' });
   requestRender();
 }
 

package/src/input/keybindings.ts

@@ -68,9 +68,9 @@ export const ACTION_DESCRIPTIONS: Record<KeyAction, string> = {
   'search':                'Toggle conversation search',
   'block-copy':            'Copy nearest block to clipboard',
   'bookmark':              'Bookmark / unbookmark nearest block',
-  'block-save':            'Block file save blocked; use /share --yes',
+  'block-save':            'Block file save disabled; copy block or export conversation',
   'delete-word':           'Delete word backward',
-  'apply-diff-line-start': 'Apply nearest diff / move to line start',
+  'apply-diff-line-start': 'Delegate diff changes / move to line start',
   'next-error-line-end':   'Navigate to next error / move to line end',
   'kill-line':             'Kill to end of line',
   'clear-prompt':          'Clear the prompt',

package/src/input/onboarding/onboarding-wizard-operator-steps.ts

@@ -0,0 +1,295 @@
+import type { OnboardingWizardStepDefinition } from './onboarding-wizard-types.ts';
+
+export function buildCommunicationStep(): OnboardingWizardStepDefinition {
+  return {
+    id: 'agent-communication',
+    title: 'Channels and notifications',
+    shortLabel: 'Channels',
+    description: 'Prepare the Agent for companion pairing, messaging-channel awareness, notification delivery, and safe outbound communication while leaving runtime hosting external.',
+    summaryTitle: 'Communication posture',
+    summaryLines: [
+      'Companion chat: paired through the GoodVibes runtime',
+      'Channel accounts: inspect readiness before using them',
+      'Outbound messages: explicit user action only',
+    ],
+    fields: [
+      {
+        kind: 'status',
+        id: 'agent-communication.companion',
+        label: 'Companion pairing',
+        hint: 'Use /pair from the Agent workspace to pair companion clients through the already-running GoodVibes runtime.',
+        defaultValue: 'External runtime route',
+      },
+      {
+        kind: 'status',
+        id: 'agent-communication.channels',
+        label: 'Messaging channels',
+        hint: 'Use the Channels workspace to inspect account readiness, delivery posture, and recent communication without changing runtime hosting.',
+        defaultValue: 'Inspectable',
+      },
+      {
+        kind: 'status',
+        id: 'agent-communication.notifications',
+        label: 'Notification delivery',
+        hint: 'Routine, approval, and work-plan notifications require an explicit delivery target and command; Agent never silently sends external messages.',
+        defaultValue: 'Explicit only',
+      },
+      {
+        kind: 'status',
+        id: 'agent-communication.inbound-policy',
+        label: 'Inbound command policy',
+        hint: 'Incoming channel commands stay constrained by runtime policy, allowlists, and account posture.',
+        defaultValue: 'Policy gated',
+      },
+    ],
+  };
+}
+
+export function buildToolsStep(): OnboardingWizardStepDefinition {
+  return {
+    id: 'agent-tools',
+    title: 'Tools and MCP',
+    shortLabel: 'Tools',
+    description: 'Review tool access for the Agent operator: MCP servers, browser/media helpers, safe read-only inspection, and explicit approval before side effects.',
+    summaryTitle: 'Tool posture',
+    summaryLines: [
+      'MCP and tools: inspect before use',
+      'Read/search/summarize: safe by default',
+      'Writes, installs, external sends, and account changes: require explicit user action',
+    ],
+    fields: [
+      {
+        kind: 'status',
+        id: 'agent-tools.mcp',
+        label: 'MCP servers and tools',
+        hint: 'Use /mcp servers and the Agent workspace Tools area to inspect connected servers, roles, and tool readiness.',
+        defaultValue: 'Inspectable',
+      },
+      {
+        kind: 'status',
+        id: 'agent-tools.browser-media',
+        label: 'Browser and media helpers',
+        hint: 'Browser, image, audio, and file helpers are task-scoped tools. Agent uses them only when the current task needs them and policy allows it.',
+        defaultValue: 'Task scoped',
+      },
+      {
+        kind: 'status',
+        id: 'agent-tools.approval-boundary',
+        label: 'Power action boundary',
+        hint: 'Workspace writes, package installs, external sends, and account changes require an explicit command or confirmation.',
+        defaultValue: 'Approval required',
+      },
+      {
+        kind: 'status',
+        id: 'agent-tools.no-hidden-work',
+        label: 'Hidden work policy',
+        hint: 'Tool use stays visible in the main Agent conversation or explicit command workspace; no hidden background work is started from onboarding.',
+        defaultValue: 'Visible',
+      },
+    ],
+  };
+}
+
+export function buildAgentKnowledgeStep(): OnboardingWizardStepDefinition {
+  return {
+    id: 'agent-knowledge',
+    title: 'Agent Knowledge',
+    shortLabel: 'Knowledge',
+    description: 'Agent Knowledge is isolated to the GoodVibes Agent product segment. It never falls back to default Knowledge/Wiki or any non-Agent product segment.',
+    summaryTitle: 'Knowledge isolation',
+    summaryLines: [
+      'Route segment: /api/goodvibes-agent/knowledge/*',
+      'Default wiki fallback: disabled',
+      'Non-Agent route fallback: disabled',
+    ],
+    fields: [
+      {
+        kind: 'status',
+        id: 'agent-knowledge.route',
+        label: 'Isolated Agent Knowledge route',
+        hint: 'Ask, search, status, and ingest use /api/goodvibes-agent/knowledge/* only.',
+        defaultValue: 'Isolated',
+      },
+      {
+        kind: 'status',
+        id: 'agent-knowledge.no-default-wiki',
+        label: 'Default Knowledge/Wiki fallback',
+        hint: 'Agent setup and Agent ask/search must not query the default wiki when Agent Knowledge has no answer.',
+        defaultValue: 'Blocked',
+      },
+      {
+        kind: 'status',
+        id: 'agent-knowledge.no-non-agent-routes',
+        label: 'Non-Agent route fallback',
+        hint: 'Other product routes are not part of Agent Knowledge.',
+        defaultValue: 'Blocked',
+      },
+    ],
+  };
+}
+
+export function buildLocalStateStep(): OnboardingWizardStepDefinition {
+  return {
+    id: 'agent-local-state',
+    title: 'Local memory and behavior',
+    shortLabel: 'Memory',
+    description: 'Review the Agent-local behavior model. Memory, personas, skills, routines, and Agent profiles stay local until a stable shared registry exists.',
+    summaryTitle: 'Local Agent state',
+    summaryLines: [
+      'Memory/personas/skills/routines: local Agent registries',
+      'Secrets: rejected or stored by secret reference',
+      'Profiles: isolated Agent homes',
+    ],
+    fields: [
+      {
+        kind: 'status',
+        id: 'agent-local-state.memory',
+        label: 'Local memory',
+        hint: 'Use /memory to create, review, stale, search, and delete Agent-local memory records.',
+        defaultValue: 'Local registry',
+      },
+      {
+        kind: 'status',
+        id: 'agent-local-state.personas',
+        label: 'Personas',
+        hint: 'Use /personas to create and activate serial operating modes for the main conversation.',
+        defaultValue: 'Local registry',
+      },
+      {
+        kind: 'status',
+        id: 'agent-local-state.skills',
+        label: 'Skills',
+        hint: 'Use /agent-skills and /skills local to manage reusable Agent procedures.',
+        defaultValue: 'Local registry',
+      },
+      {
+        kind: 'status',
+        id: 'agent-local-state.routines',
+        label: 'Routines',
+        hint: 'Use /routines for reusable local procedures. Starting a routine prints steps in the main conversation and does not spawn hidden work.',
+        defaultValue: 'Local registry',
+      },
+    ],
+  };
+}
+
+export function buildAutomationStep(): OnboardingWizardStepDefinition {
+  return {
+    id: 'agent-automation',
+    title: 'Routines and automation',
+    shortLabel: 'Routines',
+    description: 'Set the Agent automation posture: local routines run in the main conversation, while external schedules remain explicit.',
+    summaryTitle: 'Routine and schedule posture',
+    summaryLines: [
+      'Local routines: reusable main-conversation workflows',
+      'External schedules: explicit promotion only',
+      'Runs/cancels/retries: command-confirmed side effects',
+    ],
+    fields: [
+      {
+        kind: 'status',
+        id: 'agent-automation.local-routines',
+        label: 'Local routine library',
+        hint: 'Use /routines or the Agent workspace to create, review, enable, and start local routines without spawning hidden jobs.',
+        defaultValue: 'Local registry',
+      },
+      {
+        kind: 'status',
+        id: 'agent-automation.schedule-observability',
+        label: 'Schedule observability',
+        hint: 'Use /schedule list, /schedule reconcile, and automation views to inspect externally owned jobs and runs.',
+        defaultValue: 'Read first',
+      },
+      {
+        kind: 'status',
+        id: 'agent-automation.schedule-promotion',
+        label: 'Routine-to-schedule promotion',
+        hint: 'Creating external schedules from routines requires a reviewed routine, a real timing expression, optional delivery target, and explicit confirmation.',
+        defaultValue: 'Explicit command',
+      },
+      {
+        kind: 'status',
+        id: 'agent-automation.mutations',
+        label: 'Automation mutations',
+        hint: 'Run, pause, resume, cancel, retry, approve, and deny actions are never inferred from chat; they require exact commands and confirmation.',
+        defaultValue: 'Confirmed only',
+      },
+    ],
+  };
+}
+
+export function buildVoiceMediaStep(): OnboardingWizardStepDefinition {
+  return {
+    id: 'agent-voice-media',
+    title: 'Voice and media',
+    shortLabel: 'Voice',
+    description: 'Prepare voice, speech, image input, and media understanding as Agent operator tools rather than runtime lifecycle features.',
+    summaryTitle: 'Voice and media posture',
+    summaryLines: [
+      'Voice and speech: optional operator tools',
+      'Image/audio inputs: explicit attachment workflows',
+      'Media generation and playback: provider-backed and policy-gated',
+    ],
+    fields: [
+      {
+        kind: 'status',
+        id: 'agent-voice-media.voice',
+        label: 'Voice interaction',
+        hint: 'Use the voice/media workspace and TTS settings to configure spoken responses for the Agent conversation.',
+        defaultValue: 'Optional',
+      },
+      {
+        kind: 'status',
+        id: 'agent-voice-media.attachments',
+        label: 'Image and audio input',
+        hint: 'Attach files explicitly to a prompt or command. Agent does not ingest media into Knowledge without an Agent Knowledge ingest action.',
+        defaultValue: 'Explicit input',
+      },
+      {
+        kind: 'status',
+        id: 'agent-voice-media.output',
+        label: 'Generated media and playback',
+        hint: 'Media output uses configured providers and visible command/turn flow; external publication still requires explicit approval.',
+        defaultValue: 'Policy gated',
+      },
+    ],
+  };
+}
+
+export function buildDelegationPolicyStep(): OnboardingWizardStepDefinition {
+  return {
+    id: 'agent-delegation',
+    title: 'Build delegation',
+    shortLabel: 'Delegate',
+    description: 'GoodVibes Agent is not the coding TUI. Explicit build, fix, review, or implementation work is delegated to GoodVibes TUI; ordinary assistant work stays serial in this conversation.',
+    summaryTitle: 'Delegation policy',
+    summaryLines: [
+      'Normal chat: main Agent conversation',
+      'Build/fix/review: explicit GoodVibes TUI delegation',
+      'WRFC: only when explicitly requested for build/fix/review',
+    ],
+    fields: [
+      {
+        kind: 'status',
+        id: 'agent-delegation.normal-chat',
+        label: 'Normal assistant work',
+        hint: 'Planning, research, summaries, local memory updates, and safe read-only checks stay in the main Agent conversation.',
+        defaultValue: 'Serial',
+      },
+      {
+        kind: 'status',
+        id: 'agent-delegation.build-work',
+        label: 'Build/fix/review work',
+        hint: 'Use /delegate with the full original task. GoodVibes TUI owns coding execution and WRFC chains.',
+        defaultValue: 'Explicit delegation',
+      },
+      {
+        kind: 'status',
+        id: 'agent-delegation.wrfc',
+        label: 'WRFC policy',
+        hint: 'Agent never uses WRFC by default; request it only for explicit build, fix, review, or implementation work.',
+        defaultValue: 'Explicit only',
+      },
+    ],
+  };
+}