@pellux/goodvibes-agent 0.1.44 → 0.1.45

package/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 All notable changes to GoodVibes Agent will be recorded here.
 
+## 0.1.45 - 2026-05-31
+
+- 0aa4b3e Add daemon route risk approval review
+
 ## 0.1.44 - 2026-05-31
 
 - fdee09e Add daemon capability gap report

package/README.md

@@ -18,6 +18,7 @@ goodvibes-agent status
 goodvibes-agent capabilities
 goodvibes-agent capabilities daemon
 goodvibes-agent capabilities daemon gaps
+goodvibes-agent capabilities daemon risk
 ```
 
 If Bun reports untrusted lifecycle dependencies, trust only the package and dependencies required by this package:
@@ -46,7 +47,7 @@ bun run publish:check
 
 Inside the Agent TUI, use `/agent`, `/home`, or `/operator` to open the operator workspace. It is the Agent-first fullscreen surface for setup, status, live daemon capability coverage, knowledge, local memory/skills, work-plan/approval review, automation observability, and explicit build delegation to GoodVibes TUI.
 
-Use `goodvibes-agent capabilities` or `/capabilities` to inspect the OpenClaw/Hermes benchmark, current Agent posture, configuration commands, usage paths, and remaining gaps. Use `goodvibes-agent capabilities daemon` or `/capabilities daemon` for a live read-only audit of the GoodVibes daemon method catalog, route risk posture, and isolated Agent Knowledge route coverage. Use `goodvibes-agent capabilities daemon gaps` or `/capabilities daemon gaps` to turn that live daemon audit into a prioritized gap plan that separates missing daemon routes from Agent UX work.
+Use `goodvibes-agent capabilities` or `/capabilities` to inspect the OpenClaw/Hermes benchmark, current Agent posture, configuration commands, usage paths, and remaining gaps. Use `goodvibes-agent capabilities daemon` or `/capabilities daemon` for a live read-only audit of the GoodVibes daemon method catalog, route risk posture, and isolated Agent Knowledge route coverage. Use `goodvibes-agent capabilities daemon gaps` or `/capabilities daemon gaps` to turn that live daemon audit into a prioritized gap plan that separates missing daemon routes from Agent UX work. Use `goodvibes-agent capabilities daemon risk` or `/approval risk` for route-risk-aware approval posture without mutating approval state.
 
 Inside the workspace, use `/agent-profile guide` to author custom profile starters without leaving the Agent TUI. The guided flow lists starters, exports starter JSON, imports edited local starters, and creates isolated runtime profiles from them.
 
@@ -89,9 +90,10 @@ To verify what the running daemon can expose for the Agent/OpenClaw/Hermes capab
 goodvibes-agent capabilities daemon
 goodvibes-agent capabilities daemon --json
 goodvibes-agent capabilities daemon gaps
+goodvibes-agent capabilities daemon risk
 ```
 
-This audit checks `/api/control-plane/methods` and `/api/goodvibes-agent/knowledge/status`. The gap plan is derived from the same read-only calls. Neither command queries default Knowledge/Wiki or HomeGraph.
+This audit checks `/api/control-plane/methods` and `/api/goodvibes-agent/knowledge/status`. The gap plan and route-risk review are derived from the same read-only calls. None of these commands query default Knowledge/Wiki or HomeGraph.
 
 Agent intentionally blocks daemon lifecycle commands:
 

package/docs/operator-capability-benchmark.md

@@ -18,6 +18,7 @@ goodvibes-agent capabilities hermes
 goodvibes-agent capabilities daemon
 goodvibes-agent capabilities daemon --json
 goodvibes-agent capabilities daemon gaps
+goodvibes-agent capabilities daemon risk
 goodvibes-agent capabilities daemon knowledge
 ```
 
@@ -29,6 +30,7 @@ Inside the TUI:
 /capabilities knowledge
 /capabilities daemon
 /capabilities daemon gaps
+/approval risk
 ```
 
 ## Research Baseline
@@ -58,7 +60,7 @@ The benchmark measures two different GoodVibes layers:
 
 If the daemon already has a route but Agent lacks a good setup/workspace/CLI surface, the gap is treated as an Agent product gap rather than a missing platform capability.
 
-Use `goodvibes-agent capabilities daemon` for the live read-only daemon audit. It checks the public control-plane method catalog, route risk posture, and the isolated Agent Knowledge status route. Use `goodvibes-agent capabilities daemon gaps` to convert that daemon-measured audit into a prioritized gap plan with `version_mismatch`, `agent_route_missing`, `required_method_missing`, `route_risk_review`, and `agent_ux_gap` rows. Both commands intentionally avoid default `/api/knowledge/*`, HomeGraph, and Home Assistant routes.
+Use `goodvibes-agent capabilities daemon` for the live read-only daemon audit. It checks the public control-plane method catalog, route risk posture, and the isolated Agent Knowledge status route. Use `goodvibes-agent capabilities daemon gaps` to convert that daemon-measured audit into a prioritized gap plan with `version_mismatch`, `agent_route_missing`, `required_method_missing`, `route_risk_review`, and `agent_ux_gap` rows. Use `goodvibes-agent capabilities daemon risk` or `/approval risk` for a route-risk-aware approval-center view over read-only, mutating, dangerous, and authenticated route metadata. These commands intentionally avoid default `/api/knowledge/*`, HomeGraph, and Home Assistant routes.
 
 ## Capability Targets
 
@@ -80,7 +82,7 @@ Use `goodvibes-agent capabilities daemon` for the live read-only daemon audit. I
 
 GoodVibes Agent should exceed OpenClaw/Hermes by making these properties true from day one:
 
-- Capability surfaces are discoverable through `goodvibes-agent capabilities`, `goodvibes-agent capabilities daemon`, `goodvibes-agent capabilities daemon gaps`, `/capabilities`, `/capabilities daemon`, onboarding, and the operator workspace.
+- Capability surfaces are discoverable through `goodvibes-agent capabilities`, `goodvibes-agent capabilities daemon`, `goodvibes-agent capabilities daemon gaps`, `goodvibes-agent capabilities daemon risk`, `/capabilities`, `/capabilities daemon`, `/approval risk`, onboarding, and the operator workspace.
 - Agent Knowledge isolation is a release gate, not a convention.
 - Routine-to-schedule promotion preserves Agent Knowledge isolation, uses only public external daemon schedule routes, supports explicit delivery targets, and stores redacted receipts.
 - Model-visible tools are policy-gated for serial, non-secret, non-destructive use.
@@ -96,5 +98,5 @@ GoodVibes Agent should exceed OpenClaw/Hermes by making these properties true fr
 - Artifact and multimodal Agent Knowledge ingestion when the isolated Agent route accepts artifact-backed media.
 - Deeper live run/delivery history and delivery error surfacing for promoted routines.
 - Delegation receipts and artifact review inside the operator workspace.
-- Approval center with route risk labels and saved policy presets.
+- Saved policy presets for the route-risk-aware approval center.
 - Intent-gated tool exposure so the model sees fewer irrelevant tools per turn while retaining broad capability coverage.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pellux/goodvibes-agent",
-  "version": "0.1.44",
+  "version": "0.1.45",
   "private": false,
   "description": "Near-fork GoodVibes operator assistant with the GoodVibes TUI shell, renderer, input, fullscreen workspace, and daemon-connected Agent product brain.",
   "type": "module",

package/src/cli/capabilities-command.ts

@@ -7,17 +7,20 @@ import {
 } from '../operator/capability-benchmark.ts';
 import {
   buildDaemonCapabilityGapReport,
+  buildDaemonCapabilityRouteRiskReport,
   fetchLiveDaemonCapabilityAudit,
   filterDaemonCapabilityAuditAreas,
   filterDaemonCapabilityGaps,
+  filterDaemonCapabilityRouteRiskAreas,
   renderDaemonCapabilityAudit,
   renderDaemonCapabilityFailure,
   renderDaemonCapabilityGaps,
+  renderDaemonCapabilityRouteRisk,
 } from '../operator/daemon-capability-audit.ts';
 import { resolveAgentDaemonConnection } from '../agent/routine-schedule-promotion.ts';
 
 interface CapabilityCommandArgs {
-  readonly mode: 'benchmark' | 'daemon' | 'daemon-gaps';
+  readonly mode: 'benchmark' | 'daemon' | 'daemon-gaps' | 'daemon-risk';
   readonly query: string | undefined;
 }
 
@@ -32,6 +35,10 @@ function readCapabilityArgs(args: readonly string[]): CapabilityCommandArgs {
       const query = values.slice(2).join(' ').trim();
       return { mode: 'daemon-gaps', query: query.length > 0 ? query : undefined };
     }
+    if (values[1] === 'risk' || values[1] === 'route-risk') {
+      const query = values.slice(2).join(' ').trim();
+      return { mode: 'daemon-risk', query: query.length > 0 ? query : undefined };
+    }
     const query = values.slice(1).join(' ').trim();
     return { mode: 'daemon', query: query.length > 0 ? query : undefined };
   }
@@ -79,6 +86,26 @@ export async function handleCapabilitiesCommand(runtime: CliCommandRuntime): Pro
       exitCode: 0,
     };
   }
+  if (args.mode === 'daemon-risk') {
+    const connection = resolveAgentDaemonConnection(runtime.configManager, runtime.homeDirectory);
+    const audit = await fetchLiveDaemonCapabilityAudit(connection);
+    if (!audit.ok) {
+      return {
+        output: runtime.cli.flags.outputFormat === 'json'
+          ? JSON.stringify(audit, null, 2)
+          : renderDaemonCapabilityFailure(audit),
+        exitCode: audit.kind === 'auth_required' || audit.kind === 'daemon_unavailable' ? 1 : 2,
+      };
+    }
+    const report = buildDaemonCapabilityRouteRiskReport(audit);
+    const areas = filterDaemonCapabilityRouteRiskAreas(report.areas, args.query);
+    return {
+      output: runtime.cli.flags.outputFormat === 'json'
+        ? JSON.stringify({ ...report, matchedAreaCount: areas.length, areas }, null, 2)
+        : renderDaemonCapabilityRouteRisk(report, areas),
+      exitCode: 0,
+    };
+  }
   const report = buildOperatorCapabilityBenchmarkReport();
   const capabilities = filterOperatorCapabilities(report.capabilities, args.query);
   if (runtime.cli.flags.outputFormat === 'json') {

package/src/cli/help.ts

@@ -104,6 +104,7 @@ export function renderGoodVibesHelp(binary = 'goodvibes-agent'): string {
     `  ${binary} capabilities`,
     `  ${binary} capabilities daemon`,
     `  ${binary} capabilities daemon gaps`,
+    `  ${binary} capabilities daemon risk`,
     `  ${binary} knowledge status`,
     `  ${binary} knowledge ask "What is GoodVibes Agent?"`,
     `  ${binary} ask "What is GoodVibes Agent?"`,
@@ -198,9 +199,9 @@ const COMMAND_HELP: Record<string, CommandHelp> = {
     examples: ['compat', 'compat --json'],
   },
   capabilities: {
-    usage: ['capabilities [openclaw|hermes|query]', 'capabilities daemon [query]', 'capabilities daemon gaps [query]', 'capabilities --json'],
+    usage: ['capabilities [openclaw|hermes|query]', 'capabilities daemon [query]', 'capabilities daemon gaps [query]', 'capabilities daemon risk [query]', 'capabilities --json'],
     summary: 'Show the OpenClaw/Hermes capability benchmark, Agent readiness, live GoodVibes daemon method coverage, and daemon-measured product gaps.',
-    examples: ['capabilities', 'capabilities hermes', 'capabilities daemon', 'capabilities daemon gaps', 'capabilities daemon knowledge --json'],
+    examples: ['capabilities', 'capabilities hermes', 'capabilities daemon', 'capabilities daemon gaps', 'capabilities daemon risk --json', 'capabilities daemon knowledge --json'],
   },
   knowledge: {
     usage: [

package/src/input/agent-workspace.ts

@@ -490,6 +490,7 @@ export const AGENT_WORKSPACE_CATEGORIES: readonly AgentWorkspaceCategory[] = [
       { id: 'capabilities-benchmark', label: 'Benchmark report', detail: 'Show the OpenClaw/Hermes parity benchmark with Agent posture, setup commands, usage paths, and remaining product gaps.', command: '/capabilities', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon', label: 'Live daemon audit', detail: 'Inspect the public daemon method catalog plus isolated Agent Knowledge route coverage. Does not query default Knowledge/Wiki or HomeGraph.', command: '/capabilities daemon', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon-gaps', label: 'Daemon gap plan', detail: 'Classify live daemon coverage into platform gaps, Agent route gaps, route-risk reviews, and Agent UX work without querying default Knowledge/Wiki or HomeGraph.', command: '/capabilities daemon gaps', kind: 'command', safety: 'read-only' },
+      { id: 'capabilities-daemon-risk', label: 'Route risk review', detail: 'Inspect daemon read-only, mutating, dangerous, and authenticated route metadata for approval-center planning.', command: '/capabilities daemon risk', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon-knowledge', label: 'Knowledge coverage', detail: 'Filter the live daemon audit to the isolated Agent Knowledge segment.', command: '/capabilities daemon knowledge', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon-channels', label: 'Channel coverage', detail: 'Filter the live daemon audit to channel and delivery gateway route coverage.', command: '/capabilities daemon channels', kind: 'command', safety: 'read-only' },
       { id: 'capabilities-daemon-automation', label: 'Automation coverage', detail: 'Filter the live daemon audit to automation, schedule, run, and capacity route coverage.', command: '/capabilities daemon automation', kind: 'command', safety: 'read-only' },
@@ -581,6 +582,7 @@ export const AGENT_WORKSPACE_CATEGORIES: readonly AgentWorkspaceCategory[] = [
       { id: 'workplan', label: 'Open work plan', detail: 'Open the workspace-scoped work plan panel.', command: '/workplan panel', kind: 'command', safety: 'read-only' },
       { id: 'workplan-list', label: 'List work plan', detail: 'Print a concise work plan summary.', command: '/workplan list', kind: 'command', safety: 'read-only' },
       { id: 'approvals', label: 'Review approvals', detail: 'Open/read approval posture. This workspace does not approve or deny requests.', command: '/approval open', kind: 'command', safety: 'read-only' },
+      { id: 'approval-risk', label: 'Route risk review', detail: 'Inspect daemon route risk and dangerous method metadata without approving, denying, or mutating requests.', command: '/approval risk', kind: 'command', safety: 'read-only' },
     ],
   },
   {

package/src/input/commands/capabilities-runtime.ts

@@ -6,12 +6,15 @@ import {
 } from '../../operator/capability-benchmark.ts';
 import {
   buildDaemonCapabilityGapReport,
+  buildDaemonCapabilityRouteRiskReport,
   fetchLiveDaemonCapabilityAudit,
   filterDaemonCapabilityAuditAreas,
   filterDaemonCapabilityGaps,
+  filterDaemonCapabilityRouteRiskAreas,
   renderDaemonCapabilityAudit,
   renderDaemonCapabilityFailure,
   renderDaemonCapabilityGaps,
+  renderDaemonCapabilityRouteRisk,
 } from '../../operator/daemon-capability-audit.ts';
 import { resolveAgentDaemonConnection } from '../../agent/routine-schedule-promotion.ts';
 
@@ -37,6 +40,13 @@ export function registerCapabilitiesRuntimeCommands(registry: CommandRegistry):
           ctx.print(renderDaemonCapabilityGaps(report, gaps));
           return;
         }
+        if (args[1] === 'risk' || args[1] === 'route-risk') {
+          const report = buildDaemonCapabilityRouteRiskReport(audit);
+          const query = args.slice(2).join(' ').trim() || undefined;
+          const areas = filterDaemonCapabilityRouteRiskAreas(report.areas, query);
+          ctx.print(renderDaemonCapabilityRouteRisk(report, areas));
+          return;
+        }
         const query = args.slice(1).join(' ').trim() || undefined;
         const areas = filterDaemonCapabilityAuditAreas(audit.areas, query);
         ctx.print(renderDaemonCapabilityAudit(audit, areas));

package/src/input/commands/experience-runtime.ts

@@ -3,6 +3,14 @@ import { dirname, resolve } from 'node:path';
 import type { CommandRegistry } from '../command-registry.ts';
 import { requirePanelManager, requireShellPaths } from './runtime-services.ts';
 import { requireYesFlag, stripYesFlag } from './confirmation.ts';
+import { resolveAgentDaemonConnection } from '../../agent/routine-schedule-promotion.ts';
+import {
+  buildDaemonCapabilityRouteRiskReport,
+  fetchLiveDaemonCapabilityAudit,
+  filterDaemonCapabilityRouteRiskAreas,
+  renderDaemonCapabilityFailure,
+  renderDaemonCapabilityRouteRisk,
+} from '../../operator/daemon-capability-audit.ts';
 
 interface VoiceBundle {
   readonly version: 1;
@@ -178,8 +186,8 @@ export function registerExperienceRuntimeCommands(registry: CommandRegistry): vo
     name: 'approval',
     aliases: ['approvals'],
     description: 'Review action-specific approval classes and the specialized security UX matrix',
-    usage: '[matrix|review <kind>]',
-    handler(args, ctx) {
+    usage: '[matrix|risk|review <kind>]',
+    async handler(args, ctx) {
       const sub = (args[0] ?? 'matrix').toLowerCase();
       if (sub === 'open' || sub === 'panel') {
         if (ctx.showPanel) ctx.showPanel('approval');
@@ -205,9 +213,25 @@ export function registerExperienceRuntimeCommands(registry: CommandRegistry): vo
         ctx.print([
           'Approval Matrix',
           ...matrix.map(([kind, summary]) => `  ${kind.padEnd(10)} ${summary}`),
+          '',
+          'Live daemon route risk: /approval risk',
         ].join('\n'));
         return;
       }
+      if (sub === 'risk' || sub === 'route-risk') {
+        const shellPaths = requireShellPaths(ctx);
+        const connection = resolveAgentDaemonConnection(ctx.platform.configManager, shellPaths.homeDirectory);
+        const audit = await fetchLiveDaemonCapabilityAudit(connection);
+        if (!audit.ok) {
+          ctx.print(renderDaemonCapabilityFailure(audit));
+          return;
+        }
+        const report = buildDaemonCapabilityRouteRiskReport(audit);
+        const query = args.slice(1).join(' ').trim() || undefined;
+        const areas = filterDaemonCapabilityRouteRiskAreas(report.areas, query);
+        ctx.print(renderDaemonCapabilityRouteRisk(report, areas));
+        return;
+      }
       if (sub === 'review') {
         const kind = (args[1] ?? '').toLowerCase();
         const entry = matrix.find(([id]) => id === kind);
@@ -222,7 +246,7 @@ export function registerExperienceRuntimeCommands(registry: CommandRegistry): vo
         ].join('\n'));
         return;
       }
-      ctx.print('Usage: /approval [open|matrix|review <kind>]');
+      ctx.print('Usage: /approval [open|matrix|risk|review <kind>]');
     },
   });
 

package/src/operator/daemon-capability-audit.ts

@@ -49,6 +49,9 @@ export interface DaemonCapabilityAuditArea {
     readonly coverage: DaemonCapabilityRouteCoverage;
   }[];
   readonly routeRisk: {
+    readonly readOnlyMethodIds: readonly string[];
+    readonly mutatingMethodIds: readonly string[];
+    readonly authenticatedMethodIds: readonly string[];
     readonly readOnlyMethodCount: number;
     readonly mutatingMethodCount: number;
     readonly authenticatedMethodCount: number;
@@ -100,6 +103,38 @@ export interface DaemonCapabilityGapReport {
   readonly gaps: readonly DaemonCapabilityGap[];
 }
 
+export interface DaemonCapabilityRouteRiskArea {
+  readonly areaId: string;
+  readonly title: string;
+  readonly coverage: DaemonCapabilityCoverage;
+  readonly readOnlyMethodIds: readonly string[];
+  readonly mutatingMethodIds: readonly string[];
+  readonly authenticatedMethodIds: readonly string[];
+  readonly readOnlyMethodCount: number;
+  readonly mutatingMethodCount: number;
+  readonly authenticatedMethodCount: number;
+  readonly dangerousMethodIds: readonly string[];
+}
+
+export interface DaemonCapabilityRouteRiskReport {
+  readonly ok: true;
+  readonly kind: 'daemon.capabilities.route_risk';
+  readonly baseUrl: string;
+  readonly daemonVersion: string;
+  readonly expectedSdkVersion: string;
+  readonly daemonCompatible: boolean;
+  readonly methodCatalogRoute: typeof DAEMON_METHOD_CATALOG_ROUTE;
+  readonly agentKnowledgeRoute: typeof AGENT_KNOWLEDGE_STATUS_ROUTE;
+  readonly agentKnowledgeRouteReady: boolean;
+  readonly defaultKnowledgeFallback: false;
+  readonly homeGraphFallback: false;
+  readonly totalReadOnlyMethodCount: number;
+  readonly totalMutatingMethodCount: number;
+  readonly totalAuthenticatedMethodCount: number;
+  readonly totalDangerousMethodCount: number;
+  readonly areas: readonly DaemonCapabilityRouteRiskArea[];
+}
+
 export interface DaemonCapabilityAuditFailure {
   readonly ok: false;
   readonly kind: DaemonCapabilityAuditFailureKind;
@@ -452,15 +487,17 @@ export function buildDaemonCapabilityAuditAreas(
       const method = methodsById.get(methodId);
       return method ? [method] : [];
     });
-    const readOnlyMethodCount = areaMethods.filter((method) => {
+    const readOnlyMethodIds = areaMethods.filter((method) => {
       const verb = method.http?.method?.toUpperCase();
       return verb === 'GET' || verb === 'HEAD';
-    }).length;
-    const mutatingMethodCount = areaMethods.filter((method) => {
+    }).map((method) => method.id);
+    const mutatingMethodIds = areaMethods.filter((method) => {
       const verb = method.http?.method?.toUpperCase();
       return Boolean(verb) && verb !== 'GET' && verb !== 'HEAD';
-    }).length;
-    const authenticatedMethodCount = areaMethods.filter((method) => method.access === 'authenticated').length;
+    }).map((method) => method.id);
+    const authenticatedMethodIds = areaMethods
+      .filter((method) => method.access === 'authenticated')
+      .map((method) => method.id);
     const dangerousMethodIds = areaMethods
       .filter((method) => method.dangerous === true)
       .map((method) => method.id);
@@ -484,9 +521,12 @@ export function buildDaemonCapabilityAuditAreas(
       missingOptionalMethodIds,
       agentRoutes,
       routeRisk: {
-        readOnlyMethodCount,
-        mutatingMethodCount,
-        authenticatedMethodCount,
+        readOnlyMethodIds,
+        mutatingMethodIds,
+        authenticatedMethodIds,
+        readOnlyMethodCount: readOnlyMethodIds.length,
+        mutatingMethodCount: mutatingMethodIds.length,
+        authenticatedMethodCount: authenticatedMethodIds.length,
         dangerousMethodIds,
       },
       next: requirement.next,
@@ -721,6 +761,102 @@ export function renderDaemonCapabilityGaps(
   return lines.join('\n').trimEnd();
 }
 
+export function buildDaemonCapabilityRouteRiskReport(
+  audit: DaemonCapabilityAuditSuccess,
+  areas: readonly DaemonCapabilityAuditArea[] = audit.areas,
+): DaemonCapabilityRouteRiskReport {
+  const riskAreas = areas.map((area): DaemonCapabilityRouteRiskArea => ({
+    areaId: area.id,
+    title: area.title,
+    coverage: area.coverage,
+    readOnlyMethodIds: area.routeRisk.readOnlyMethodIds,
+    mutatingMethodIds: area.routeRisk.mutatingMethodIds,
+    authenticatedMethodIds: area.routeRisk.authenticatedMethodIds,
+    readOnlyMethodCount: area.routeRisk.readOnlyMethodCount,
+    mutatingMethodCount: area.routeRisk.mutatingMethodCount,
+    authenticatedMethodCount: area.routeRisk.authenticatedMethodCount,
+    dangerousMethodIds: area.routeRisk.dangerousMethodIds,
+  }));
+  const readOnlyMethodIds = new Set(riskAreas.flatMap((area) => area.readOnlyMethodIds));
+  const mutatingMethodIds = new Set(riskAreas.flatMap((area) => area.mutatingMethodIds));
+  const authenticatedMethodIds = new Set(riskAreas.flatMap((area) => area.authenticatedMethodIds));
+  const dangerousMethodIds = new Set(riskAreas.flatMap((area) => area.dangerousMethodIds));
+
+  return {
+    ok: true,
+    kind: 'daemon.capabilities.route_risk',
+    baseUrl: audit.baseUrl,
+    daemonVersion: audit.daemonVersion,
+    expectedSdkVersion: audit.expectedSdkVersion,
+    daemonCompatible: audit.daemonCompatible,
+    methodCatalogRoute: audit.methodCatalogRoute,
+    agentKnowledgeRoute: audit.agentKnowledgeRoute,
+    agentKnowledgeRouteReady: audit.agentKnowledgeRouteReady,
+    defaultKnowledgeFallback: false,
+    homeGraphFallback: false,
+    totalReadOnlyMethodCount: readOnlyMethodIds.size,
+    totalMutatingMethodCount: mutatingMethodIds.size,
+    totalAuthenticatedMethodCount: authenticatedMethodIds.size,
+    totalDangerousMethodCount: dangerousMethodIds.size,
+    areas: riskAreas,
+  };
+}
+
+export function filterDaemonCapabilityRouteRiskAreas(
+  areas: readonly DaemonCapabilityRouteRiskArea[],
+  query: string | undefined,
+): readonly DaemonCapabilityRouteRiskArea[] {
+  const normalized = query?.trim().toLowerCase();
+  if (!normalized) return areas;
+  return areas.filter((area) => {
+    return area.areaId.includes(normalized)
+      || area.title.toLowerCase().includes(normalized)
+      || area.coverage.includes(normalized)
+      || area.dangerousMethodIds.some((methodId) => methodId.includes(normalized));
+  });
+}
+
+export function renderDaemonCapabilityRouteRisk(
+  report: DaemonCapabilityRouteRiskReport,
+  areas: readonly DaemonCapabilityRouteRiskArea[] = report.areas,
+): string {
+  const lines: string[] = [
+    'GoodVibes daemon route risk review',
+    `  daemon: ${report.baseUrl}`,
+    `  SDK: Agent expects ${report.expectedSdkVersion}; daemon reports ${report.daemonVersion}`,
+    `  compatibility: ${report.daemonCompatible ? 'matched' : 'mismatch'}`,
+    `  method catalog: ${report.methodCatalogRoute}`,
+    `  Agent Knowledge: ${report.agentKnowledgeRouteReady ? 'ready' : 'missing'} ${report.agentKnowledgeRoute}`,
+    '  isolation: default Knowledge/Wiki fallback no; HomeGraph fallback no',
+    `  totals: ${report.totalReadOnlyMethodCount} read-only; ${report.totalMutatingMethodCount} mutating; ${report.totalDangerousMethodCount} dangerous; ${report.totalAuthenticatedMethodCount} authenticated`,
+    '  policy: exact command plus confirmation for side effects; ordinary chat never triggers mutating routes',
+    '',
+  ];
+
+  const visibleAreas = areas.filter((area) => {
+    return area.readOnlyMethodCount > 0
+      || area.mutatingMethodCount > 0
+      || area.authenticatedMethodCount > 0
+      || area.dangerousMethodIds.length > 0;
+  });
+  if (visibleAreas.length === 0) {
+    lines.push('No route risk metadata matched this query.');
+    return lines.join('\n');
+  }
+
+  for (const area of visibleAreas) {
+    lines.push(`${area.title} [${area.coverage}]`);
+    lines.push(`  methods: ${area.readOnlyMethodCount} read-only; ${area.mutatingMethodCount} mutating; ${area.dangerousMethodIds.length} dangerous; ${area.authenticatedMethodCount} authenticated`);
+    if (area.dangerousMethodIds.length > 0) {
+      lines.push(`  dangerous methods: ${area.dangerousMethodIds.join(', ')}`);
+    }
+    lines.push('  approval posture: read-only by default; exact command and confirmation required for side effects.');
+    lines.push('');
+  }
+
+  return lines.join('\n').trimEnd();
+}
+
 export function renderDaemonCapabilityAudit(
   audit: DaemonCapabilityAuditSuccess,
   areas: readonly DaemonCapabilityAuditArea[] = audit.areas,

package/src/version.ts

@@ -6,7 +6,7 @@ import { join } from 'node:path';
 // The prebuild script updates the fallback value before compilation.
 // Uses import.meta.dir (Bun) to locate package.json relative to this file,
 // which is correct regardless of the process working directory.
-let _version = '0.1.44';
+let _version = '0.1.45';
 let _sdkVersion = '0.33.35';
 try {
   const pkg = JSON.parse(readFileSync(join(import.meta.dir, '..', 'package.json'), 'utf-8')) as {