@pellux/goodvibes-agent 0.1.42 → 0.1.44

package/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 All notable changes to GoodVibes Agent will be recorded here.
 
+## 0.1.44 - 2026-05-31
+
+- fdee09e Add daemon capability gap report
+
+## 0.1.43 - 2026-05-31
+
+- 3afba9c Add daemon route risk coverage
+
 ## 0.1.42 - 2026-05-31
 
 - 3c84649 Surface daemon capabilities in Agent workspace

package/README.md

@@ -17,6 +17,7 @@ goodvibes-agent --help
 goodvibes-agent status
 goodvibes-agent capabilities
 goodvibes-agent capabilities daemon
+goodvibes-agent capabilities daemon gaps
 ```
 
 If Bun reports untrusted lifecycle dependencies, trust only the package and dependencies required by this package:
@@ -45,7 +46,7 @@ bun run publish:check
 
 Inside the Agent TUI, use `/agent`, `/home`, or `/operator` to open the operator workspace. It is the Agent-first fullscreen surface for setup, status, live daemon capability coverage, knowledge, local memory/skills, work-plan/approval review, automation observability, and explicit build delegation to GoodVibes TUI.
 
-Use `goodvibes-agent capabilities` or `/capabilities` to inspect the OpenClaw/Hermes benchmark, current Agent posture, configuration commands, usage paths, and remaining gaps. Use `goodvibes-agent capabilities daemon` or `/capabilities daemon` for a live read-only audit of the GoodVibes daemon method catalog and isolated Agent Knowledge route coverage.
+Use `goodvibes-agent capabilities` or `/capabilities` to inspect the OpenClaw/Hermes benchmark, current Agent posture, configuration commands, usage paths, and remaining gaps. Use `goodvibes-agent capabilities daemon` or `/capabilities daemon` for a live read-only audit of the GoodVibes daemon method catalog, route risk posture, and isolated Agent Knowledge route coverage. Use `goodvibes-agent capabilities daemon gaps` or `/capabilities daemon gaps` to turn that live daemon audit into a prioritized gap plan that separates missing daemon routes from Agent UX work.
 
 Inside the workspace, use `/agent-profile guide` to author custom profile starters without leaving the Agent TUI. The guided flow lists starters, exports starter JSON, imports edited local starters, and creates isolated runtime profiles from them.
 
@@ -87,9 +88,10 @@ To verify what the running daemon can expose for the Agent/OpenClaw/Hermes capab
 ```sh
 goodvibes-agent capabilities daemon
 goodvibes-agent capabilities daemon --json
+goodvibes-agent capabilities daemon gaps
 ```
 
-This audit checks `/api/control-plane/methods` and `/api/goodvibes-agent/knowledge/status`. It does not query default Knowledge/Wiki or HomeGraph.
+This audit checks `/api/control-plane/methods` and `/api/goodvibes-agent/knowledge/status`. The gap plan is derived from the same read-only calls. Neither command queries default Knowledge/Wiki or HomeGraph.
 
 Agent intentionally blocks daemon lifecycle commands:
 

package/docs/operator-capability-benchmark.md

@@ -17,6 +17,7 @@ goodvibes-agent capabilities --json
 goodvibes-agent capabilities hermes
 goodvibes-agent capabilities daemon
 goodvibes-agent capabilities daemon --json
+goodvibes-agent capabilities daemon gaps
 goodvibes-agent capabilities daemon knowledge
 ```
 
@@ -27,6 +28,7 @@ Inside the TUI:
 /capabilities openclaw
 /capabilities knowledge
 /capabilities daemon
+/capabilities daemon gaps
 ```
 
 ## Research Baseline
@@ -56,7 +58,7 @@ The benchmark measures two different GoodVibes layers:
 
 If the daemon already has a route but Agent lacks a good setup/workspace/CLI surface, the gap is treated as an Agent product gap rather than a missing platform capability.
 
-Use `goodvibes-agent capabilities daemon` for the live read-only daemon audit. It checks the public control-plane method catalog and the isolated Agent Knowledge status route. It intentionally does not call default `/api/knowledge/*`, HomeGraph, or Home Assistant routes.
+Use `goodvibes-agent capabilities daemon` for the live read-only daemon audit. It checks the public control-plane method catalog, route risk posture, and the isolated Agent Knowledge status route. Use `goodvibes-agent capabilities daemon gaps` to convert that daemon-measured audit into a prioritized gap plan with `version_mismatch`, `agent_route_missing`, `required_method_missing`, `route_risk_review`, and `agent_ux_gap` rows. Both commands intentionally avoid default `/api/knowledge/*`, HomeGraph, and Home Assistant routes.
 
 ## Capability Targets
 
@@ -78,7 +80,7 @@ Use `goodvibes-agent capabilities daemon` for the live read-only daemon audit. I
 
 GoodVibes Agent should exceed OpenClaw/Hermes by making these properties true from day one:
 
-- Capability surfaces are discoverable through `goodvibes-agent capabilities`, `goodvibes-agent capabilities daemon`, `/capabilities`, `/capabilities daemon`, onboarding, and the operator workspace.
+- Capability surfaces are discoverable through `goodvibes-agent capabilities`, `goodvibes-agent capabilities daemon`, `goodvibes-agent capabilities daemon gaps`, `/capabilities`, `/capabilities daemon`, onboarding, and the operator workspace.
 - Agent Knowledge isolation is a release gate, not a convention.
 - Routine-to-schedule promotion preserves Agent Knowledge isolation, uses only public external daemon schedule routes, supports explicit delivery targets, and stores redacted receipts.
 - Model-visible tools are policy-gated for serial, non-secret, non-destructive use.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pellux/goodvibes-agent",
-  "version": "0.1.42",
+  "version": "0.1.44",
   "private": false,
   "description": "Near-fork GoodVibes operator assistant with the GoodVibes TUI shell, renderer, input, fullscreen workspace, and daemon-connected Agent product brain.",
   "type": "module",

package/src/cli/capabilities-command.ts

@@ -6,21 +6,32 @@ import {
   renderOperatorCapabilityBenchmark,
 } from '../operator/capability-benchmark.ts';
 import {
+  buildDaemonCapabilityGapReport,
   fetchLiveDaemonCapabilityAudit,
   filterDaemonCapabilityAuditAreas,
+  filterDaemonCapabilityGaps,
   renderDaemonCapabilityAudit,
   renderDaemonCapabilityFailure,
+  renderDaemonCapabilityGaps,
 } from '../operator/daemon-capability-audit.ts';
 import { resolveAgentDaemonConnection } from '../agent/routine-schedule-promotion.ts';
 
 interface CapabilityCommandArgs {
-  readonly mode: 'benchmark' | 'daemon';
+  readonly mode: 'benchmark' | 'daemon' | 'daemon-gaps';
   readonly query: string | undefined;
 }
 
 function readCapabilityArgs(args: readonly string[]): CapabilityCommandArgs {
   const values = args.filter((arg) => !arg.startsWith('--'));
+  if (values[0] === 'gaps') {
+    const query = values.slice(1).join(' ').trim();
+    return { mode: 'daemon-gaps', query: query.length > 0 ? query : undefined };
+  }
   if (values[0] === 'daemon') {
+    if (values[1] === 'gaps') {
+      const query = values.slice(2).join(' ').trim();
+      return { mode: 'daemon-gaps', query: query.length > 0 ? query : undefined };
+    }
     const query = values.slice(1).join(' ').trim();
     return { mode: 'daemon', query: query.length > 0 ? query : undefined };
   }
@@ -48,6 +59,26 @@ export async function handleCapabilitiesCommand(runtime: CliCommandRuntime): Pro
       exitCode: 0,
     };
   }
+  if (args.mode === 'daemon-gaps') {
+    const connection = resolveAgentDaemonConnection(runtime.configManager, runtime.homeDirectory);
+    const audit = await fetchLiveDaemonCapabilityAudit(connection);
+    if (!audit.ok) {
+      return {
+        output: runtime.cli.flags.outputFormat === 'json'
+          ? JSON.stringify(audit, null, 2)
+          : renderDaemonCapabilityFailure(audit),
+        exitCode: audit.kind === 'auth_required' || audit.kind === 'daemon_unavailable' ? 1 : 2,
+      };
+    }
+    const report = buildDaemonCapabilityGapReport(audit);
+    const gaps = filterDaemonCapabilityGaps(report.gaps, args.query);
+    return {
+      output: runtime.cli.flags.outputFormat === 'json'
+        ? JSON.stringify({ ...report, matchedGapCount: gaps.length, gaps }, null, 2)
+        : renderDaemonCapabilityGaps(report, gaps),
+      exitCode: 0,
+    };
+  }
   const report = buildOperatorCapabilityBenchmarkReport();
   const capabilities = filterOperatorCapabilities(report.capabilities, args.query);
   if (runtime.cli.flags.outputFormat === 'json') {

package/src/cli/help.ts

@@ -103,6 +103,7 @@ export function renderGoodVibesHelp(binary = 'goodvibes-agent'): string {
     `  ${binary} compat`,
     `  ${binary} capabilities`,
     `  ${binary} capabilities daemon`,
+    `  ${binary} capabilities daemon gaps`,
     `  ${binary} knowledge status`,
     `  ${binary} knowledge ask "What is GoodVibes Agent?"`,
     `  ${binary} ask "What is GoodVibes Agent?"`,
@@ -197,9 +198,9 @@ const COMMAND_HELP: Record<string, CommandHelp> = {
     examples: ['compat', 'compat --json'],
   },
   capabilities: {
-    usage: ['capabilities [openclaw|hermes|query]', 'capabilities daemon [query]', 'capabilities --json'],
-    summary: 'Show the OpenClaw/Hermes capability benchmark, Agent readiness, and live GoodVibes daemon method coverage.',
-    examples: ['capabilities', 'capabilities hermes', 'capabilities daemon', 'capabilities daemon knowledge --json'],
+    usage: ['capabilities [openclaw|hermes|query]', 'capabilities daemon [query]', 'capabilities daemon gaps [query]', 'capabilities --json'],
+    summary: 'Show the OpenClaw/Hermes capability benchmark, Agent readiness, live GoodVibes daemon method coverage, and daemon-measured product gaps.',
+    examples: ['capabilities', 'capabilities hermes', 'capabilities daemon', 'capabilities daemon gaps', 'capabilities daemon knowledge --json'],
   },
   knowledge: {
     usage: [

package/src/input/agent-workspace.ts

@@ -489,6 +489,7 @@ export const AGENT_WORKSPACE_CATEGORIES: readonly AgentWorkspaceCategory[] = [
     actions: [
       { id: 'capabilities-benchmark', label: 'Benchmark report', detail: 'Show the OpenClaw/Hermes parity benchmark with Agent posture, setup commands, usage paths, and remaining product gaps.', command: '/capabilities', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon', label: 'Live daemon audit', detail: 'Inspect the public daemon method catalog plus isolated Agent Knowledge route coverage. Does not query default Knowledge/Wiki or HomeGraph.', command: '/capabilities daemon', kind: 'command', safety: 'read-only' },
+      { id: 'capabilities-daemon-gaps', label: 'Daemon gap plan', detail: 'Classify live daemon coverage into platform gaps, Agent route gaps, route-risk reviews, and Agent UX work without querying default Knowledge/Wiki or HomeGraph.', command: '/capabilities daemon gaps', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon-knowledge', label: 'Knowledge coverage', detail: 'Filter the live daemon audit to the isolated Agent Knowledge segment.', command: '/capabilities daemon knowledge', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon-channels', label: 'Channel coverage', detail: 'Filter the live daemon audit to channel and delivery gateway route coverage.', command: '/capabilities daemon channels', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon-automation', label: 'Automation coverage', detail: 'Filter the live daemon audit to automation, schedule, run, and capacity route coverage.', command: '/capabilities daemon automation', kind: 'command', safety: 'read-only' },

package/src/input/commands/capabilities-runtime.ts

@@ -5,10 +5,13 @@ import {
   OPERATOR_CAPABILITY_BENCHMARKS,
 } from '../../operator/capability-benchmark.ts';
 import {
+  buildDaemonCapabilityGapReport,
   fetchLiveDaemonCapabilityAudit,
   filterDaemonCapabilityAuditAreas,
+  filterDaemonCapabilityGaps,
   renderDaemonCapabilityAudit,
   renderDaemonCapabilityFailure,
+  renderDaemonCapabilityGaps,
 } from '../../operator/daemon-capability-audit.ts';
 import { resolveAgentDaemonConnection } from '../../agent/routine-schedule-promotion.ts';
 
@@ -17,7 +20,7 @@ export function registerCapabilitiesRuntimeCommands(registry: CommandRegistry):
     name: 'capabilities',
     aliases: ['caps', 'benchmark'],
     description: 'Show the OpenClaw/Hermes capability benchmark, Agent readiness, and live daemon coverage',
-    usage: '[daemon|openclaw|hermes|query]',
+    usage: '[daemon|gaps|openclaw|hermes|query]',
     async handler(args, ctx) {
       if (args[0] === 'daemon') {
         const homeDirectory = ctx.platform.configManager.getHomeDirectory() ?? process.cwd();
@@ -27,11 +30,32 @@ export function registerCapabilitiesRuntimeCommands(registry: CommandRegistry):
           ctx.print(renderDaemonCapabilityFailure(audit));
           return;
         }
+        if (args[1] === 'gaps') {
+          const report = buildDaemonCapabilityGapReport(audit);
+          const query = args.slice(2).join(' ').trim() || undefined;
+          const gaps = filterDaemonCapabilityGaps(report.gaps, query);
+          ctx.print(renderDaemonCapabilityGaps(report, gaps));
+          return;
+        }
         const query = args.slice(1).join(' ').trim() || undefined;
         const areas = filterDaemonCapabilityAuditAreas(audit.areas, query);
         ctx.print(renderDaemonCapabilityAudit(audit, areas));
         return;
       }
+      if (args[0] === 'gaps') {
+        const homeDirectory = ctx.platform.configManager.getHomeDirectory() ?? process.cwd();
+        const connection = resolveAgentDaemonConnection(ctx.platform.configManager, homeDirectory);
+        const audit = await fetchLiveDaemonCapabilityAudit(connection);
+        if (!audit.ok) {
+          ctx.print(renderDaemonCapabilityFailure(audit));
+          return;
+        }
+        const report = buildDaemonCapabilityGapReport(audit);
+        const query = args.slice(1).join(' ').trim() || undefined;
+        const gaps = filterDaemonCapabilityGaps(report.gaps, query);
+        ctx.print(renderDaemonCapabilityGaps(report, gaps));
+        return;
+      }
       const query = args.join(' ').trim() || undefined;
       const capabilities = filterOperatorCapabilities(OPERATOR_CAPABILITY_BENCHMARKS, query);
       ctx.print(renderOperatorCapabilityBenchmark(capabilities));

package/src/operator/daemon-capability-audit.ts

@@ -15,6 +15,13 @@ export type DaemonCapabilityAuditFailureKind =
 
 export type DaemonCapabilityCoverage = 'ready' | 'partial' | 'missing';
 export type DaemonCapabilityRouteCoverage = 'ready' | 'missing' | 'not_checked';
+export type DaemonCapabilityGapKind =
+  | 'version_mismatch'
+  | 'agent_route_missing'
+  | 'required_method_missing'
+  | 'route_risk_review'
+  | 'agent_ux_gap';
+export type DaemonCapabilityGapSeverity = 'blocker' | 'high' | 'medium' | 'low';
 
 export interface DaemonCapabilityRequirement {
   readonly id: string;
@@ -41,6 +48,12 @@ export interface DaemonCapabilityAuditArea {
     readonly route: string;
     readonly coverage: DaemonCapabilityRouteCoverage;
   }[];
+  readonly routeRisk: {
+    readonly readOnlyMethodCount: number;
+    readonly mutatingMethodCount: number;
+    readonly authenticatedMethodCount: number;
+    readonly dangerousMethodIds: readonly string[];
+  };
   readonly next: readonly string[];
 }
 
@@ -61,6 +74,32 @@ export interface DaemonCapabilityAuditSuccess {
   readonly areas: readonly DaemonCapabilityAuditArea[];
 }
 
+export interface DaemonCapabilityGap {
+  readonly id: string;
+  readonly kind: DaemonCapabilityGapKind;
+  readonly severity: DaemonCapabilityGapSeverity;
+  readonly areaId?: string;
+  readonly title: string;
+  readonly detail: string;
+  readonly action: string;
+}
+
+export interface DaemonCapabilityGapReport {
+  readonly ok: true;
+  readonly kind: 'daemon.capabilities.gaps';
+  readonly baseUrl: string;
+  readonly daemonVersion: string;
+  readonly expectedSdkVersion: string;
+  readonly daemonCompatible: boolean;
+  readonly methodCatalogRoute: typeof DAEMON_METHOD_CATALOG_ROUTE;
+  readonly agentKnowledgeRoute: typeof AGENT_KNOWLEDGE_STATUS_ROUTE;
+  readonly agentKnowledgeRouteReady: boolean;
+  readonly defaultKnowledgeFallback: false;
+  readonly homeGraphFallback: false;
+  readonly gapCount: number;
+  readonly gaps: readonly DaemonCapabilityGap[];
+}
+
 export interface DaemonCapabilityAuditFailure {
   readonly ok: false;
   readonly kind: DaemonCapabilityAuditFailureKind;
@@ -75,12 +114,13 @@ export type DaemonCapabilityAuditResult =
   | DaemonCapabilityAuditSuccess
   | DaemonCapabilityAuditFailure;
 
-interface DaemonMethodSummary {
+export interface DaemonMethodSummary {
   readonly id: string;
   readonly title?: string;
   readonly category?: string;
   readonly invokable?: boolean;
   readonly access?: string;
+  readonly dangerous?: boolean;
   readonly http?: {
     readonly method?: string;
     readonly path?: string;
@@ -294,6 +334,7 @@ function readMethodSummaries(body: unknown): readonly DaemonMethodSummary[] {
       category: readString(value, 'category') ?? undefined,
       access: readString(value, 'access') ?? undefined,
       invokable: typeof value.invokable === 'boolean' ? value.invokable : undefined,
+      dangerous: typeof value.dangerous === 'boolean' ? value.dangerous : undefined,
       http: httpRecord
         ? {
             method: readString(httpRecord, 'method') ?? undefined,
@@ -389,7 +430,9 @@ function failureFromThrown(error: unknown, connection: AgentDaemonConnection, ro
 export function buildDaemonCapabilityAuditAreas(
   methodIds: ReadonlySet<string>,
   agentKnowledgeRouteReady: boolean | null,
+  methodSummaries: readonly DaemonMethodSummary[] = [],
 ): readonly DaemonCapabilityAuditArea[] {
+  const methodsById = new Map(methodSummaries.map((method) => [method.id, method]));
   return DAEMON_CAPABILITY_REQUIREMENTS.map((requirement) => {
     const presentRequiredMethodIds = requirement.requiredMethodIds.filter((methodId) => methodIds.has(methodId));
     const missingRequiredMethodIds = requirement.requiredMethodIds.filter((methodId) => !methodIds.has(methodId));
@@ -404,6 +447,23 @@ export function buildDaemonCapabilityAuditAreas(
           : 'missing',
     } satisfies DaemonCapabilityAuditArea['agentRoutes'][number]));
     const missingAgentRoutes = agentRoutes.filter((route) => route.coverage === 'missing');
+    const areaMethodIds = [...requirement.requiredMethodIds, ...requirement.optionalMethodIds];
+    const areaMethods = areaMethodIds.flatMap((methodId): DaemonMethodSummary[] => {
+      const method = methodsById.get(methodId);
+      return method ? [method] : [];
+    });
+    const readOnlyMethodCount = areaMethods.filter((method) => {
+      const verb = method.http?.method?.toUpperCase();
+      return verb === 'GET' || verb === 'HEAD';
+    }).length;
+    const mutatingMethodCount = areaMethods.filter((method) => {
+      const verb = method.http?.method?.toUpperCase();
+      return Boolean(verb) && verb !== 'GET' && verb !== 'HEAD';
+    }).length;
+    const authenticatedMethodCount = areaMethods.filter((method) => method.access === 'authenticated').length;
+    const dangerousMethodIds = areaMethods
+      .filter((method) => method.dangerous === true)
+      .map((method) => method.id);
     const requiredCount = requirement.requiredMethodIds.length + requirement.requiredAgentRoutes.length;
     const presentRequiredCount = presentRequiredMethodIds.length
       + agentRoutes.filter((route) => route.coverage === 'ready').length;
@@ -423,6 +483,12 @@ export function buildDaemonCapabilityAuditAreas(
       presentOptionalMethodIds,
       missingOptionalMethodIds,
       agentRoutes,
+      routeRisk: {
+        readOnlyMethodCount,
+        mutatingMethodCount,
+        authenticatedMethodCount,
+        dangerousMethodIds,
+      },
       next: requirement.next,
     };
   });
@@ -472,7 +538,7 @@ export async function fetchLiveDaemonCapabilityAudit(
       defaultKnowledgeFallback: false,
       homeGraphFallback: false,
       warnings,
-      areas: buildDaemonCapabilityAuditAreas(methodIds, agentKnowledge.ok),
+      areas: buildDaemonCapabilityAuditAreas(methodIds, agentKnowledge.ok, methodSummaries),
     };
   } catch (error) {
     return failureFromThrown(error, connection, daemonVersion === 'unknown' ? DAEMON_STATUS_ROUTE : DAEMON_METHOD_CATALOG_ROUTE);
@@ -498,6 +564,163 @@ export function filterDaemonCapabilityAuditAreas(
   });
 }
 
+function gapToken(value: string): string {
+  return value
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '')
+    || 'gap';
+}
+
+function gapSeverityRank(severity: DaemonCapabilityGapSeverity): number {
+  if (severity === 'blocker') return 0;
+  if (severity === 'high') return 1;
+  if (severity === 'medium') return 2;
+  return 3;
+}
+
+function sortCapabilityGaps(gaps: readonly DaemonCapabilityGap[]): readonly DaemonCapabilityGap[] {
+  return [...gaps].sort((left, right) => {
+    const severityDelta = gapSeverityRank(left.severity) - gapSeverityRank(right.severity);
+    if (severityDelta !== 0) return severityDelta;
+    return left.id.localeCompare(right.id);
+  });
+}
+
+export function buildDaemonCapabilityGapReport(
+  audit: DaemonCapabilityAuditSuccess,
+  areas: readonly DaemonCapabilityAuditArea[] = audit.areas,
+): DaemonCapabilityGapReport {
+  const gaps: DaemonCapabilityGap[] = [];
+
+  if (!audit.daemonCompatible) {
+    gaps.push({
+      id: 'daemon-version-mismatch',
+      kind: 'version_mismatch',
+      severity: audit.agentKnowledgeRouteReady ? 'high' : 'blocker',
+      title: 'Daemon SDK version does not match Agent SDK pin',
+      detail: `Agent expects ${audit.expectedSdkVersion}; daemon reports ${audit.daemonVersion}.`,
+      action: 'Update/restart the externally owned GoodVibes daemon before release validation; Agent will not start it.',
+    });
+  }
+
+  for (const area of areas) {
+    if (area.missingRequiredMethodIds.length > 0) {
+      gaps.push({
+        id: `${area.id}-missing-required-methods`,
+        kind: 'required_method_missing',
+        severity: 'high',
+        areaId: area.id,
+        title: `${area.title} missing required daemon methods`,
+        detail: area.missingRequiredMethodIds.join(', '),
+        action: 'Keep the Agent surface read-only or blocked for this area until the public daemon route contract is present.',
+      });
+    }
+
+    for (const route of area.agentRoutes) {
+      if (route.coverage !== 'missing') continue;
+      gaps.push({
+        id: `${area.id}-missing-${gapToken(route.route)}`,
+        kind: 'agent_route_missing',
+        severity: route.route === AGENT_KNOWLEDGE_STATUS_ROUTE ? 'blocker' : 'high',
+        areaId: area.id,
+        title: `${area.title} missing Agent route`,
+        detail: route.route,
+        action: 'Fail closed for this product segment. Do not query default Knowledge/Wiki, HomeGraph, or Home Assistant routes.',
+      });
+    }
+
+    if (area.routeRisk.dangerousMethodIds.length > 0) {
+      gaps.push({
+        id: `${area.id}-dangerous-route-review`,
+        kind: 'route_risk_review',
+        severity: 'medium',
+        areaId: area.id,
+        title: `${area.title} has dangerous daemon routes`,
+        detail: area.routeRisk.dangerousMethodIds.join(', '),
+        action: 'Keep these routes behind exact commands, confirmation, and concise approval UX; never trigger them from ordinary chat.',
+      });
+    }
+
+    for (const next of area.next) {
+      gaps.push({
+        id: `${area.id}-agent-ux-${gapToken(next)}`,
+        kind: 'agent_ux_gap',
+        severity: area.coverage === 'ready' ? 'medium' : 'low',
+        areaId: area.id,
+        title: `${area.title} Agent UX gap`,
+        detail: next,
+        action: 'Build a first-class Agent workspace, command, or setup flow on top of the existing daemon capability.',
+      });
+    }
+  }
+
+  const sortedGaps = sortCapabilityGaps(gaps);
+  return {
+    ok: true,
+    kind: 'daemon.capabilities.gaps',
+    baseUrl: audit.baseUrl,
+    daemonVersion: audit.daemonVersion,
+    expectedSdkVersion: audit.expectedSdkVersion,
+    daemonCompatible: audit.daemonCompatible,
+    methodCatalogRoute: audit.methodCatalogRoute,
+    agentKnowledgeRoute: audit.agentKnowledgeRoute,
+    agentKnowledgeRouteReady: audit.agentKnowledgeRouteReady,
+    defaultKnowledgeFallback: false,
+    homeGraphFallback: false,
+    gapCount: sortedGaps.length,
+    gaps: sortedGaps,
+  };
+}
+
+export function filterDaemonCapabilityGaps(
+  gaps: readonly DaemonCapabilityGap[],
+  query: string | undefined,
+): readonly DaemonCapabilityGap[] {
+  const normalized = query?.trim().toLowerCase();
+  if (!normalized) return gaps;
+  return gaps.filter((gap) => {
+    return gap.id.includes(normalized)
+      || gap.kind.includes(normalized)
+      || gap.severity.includes(normalized)
+      || gap.title.toLowerCase().includes(normalized)
+      || gap.detail.toLowerCase().includes(normalized)
+      || gap.action.toLowerCase().includes(normalized)
+      || Boolean(gap.areaId?.includes(normalized));
+  });
+}
+
+export function renderDaemonCapabilityGaps(
+  report: DaemonCapabilityGapReport,
+  gaps: readonly DaemonCapabilityGap[] = report.gaps,
+): string {
+  const lines: string[] = [
+    'GoodVibes daemon capability gaps',
+    `  daemon: ${report.baseUrl}`,
+    `  SDK: Agent expects ${report.expectedSdkVersion}; daemon reports ${report.daemonVersion}`,
+    `  compatibility: ${report.daemonCompatible ? 'matched' : 'mismatch'}`,
+    `  Agent Knowledge: ${report.agentKnowledgeRouteReady ? 'ready' : 'missing'} ${report.agentKnowledgeRoute}`,
+    '  isolation: default Knowledge/Wiki fallback no; HomeGraph fallback no',
+    `  gaps: ${gaps.length}/${report.gapCount}`,
+    '',
+  ];
+
+  if (gaps.length === 0) {
+    lines.push('No daemon capability gaps matched this query.');
+    return lines.join('\n');
+  }
+
+  for (const gap of gaps) {
+    lines.push(`${gap.title} [${gap.severity}; ${gap.kind}]`);
+    if (gap.areaId) lines.push(`  area: ${gap.areaId}`);
+    lines.push(`  detail: ${gap.detail}`);
+    lines.push(`  action: ${gap.action}`);
+    lines.push('');
+  }
+
+  return lines.join('\n').trimEnd();
+}
+
 export function renderDaemonCapabilityAudit(
   audit: DaemonCapabilityAuditSuccess,
   areas: readonly DaemonCapabilityAuditArea[] = audit.areas,
@@ -528,6 +751,10 @@ export function renderDaemonCapabilityAudit(
       lines.push(`  optional methods: ${area.presentOptionalMethodIds.length}/${optionalTotal}`);
       if (area.missingOptionalMethodIds.length > 0) lines.push(`  missing optional: ${area.missingOptionalMethodIds.join(', ')}`);
     }
+    lines.push(`  route risk: ${area.routeRisk.readOnlyMethodCount} read-only; ${area.routeRisk.mutatingMethodCount} mutating; ${area.routeRisk.dangerousMethodIds.length} dangerous; ${area.routeRisk.authenticatedMethodCount} authenticated`);
+    if (area.routeRisk.dangerousMethodIds.length > 0) {
+      lines.push(`  dangerous methods: ${area.routeRisk.dangerousMethodIds.join(', ')}`);
+    }
     for (const route of area.agentRoutes) lines.push(`  route: ${route.route} [${route.coverage}]`);
     lines.push(`  next: ${area.next.join(' | ')}`);
     lines.push('');

package/src/version.ts

@@ -6,7 +6,7 @@ import { join } from 'node:path';
 // The prebuild script updates the fallback value before compilation.
 // Uses import.meta.dir (Bun) to locate package.json relative to this file,
 // which is correct regardless of the process working directory.
-let _version = '0.1.42';
+let _version = '0.1.44';
 let _sdkVersion = '0.33.35';
 try {
   const pkg = JSON.parse(readFileSync(join(import.meta.dir, '..', 'package.json'), 'utf-8')) as {