@pellux/goodvibes-agent 0.1.70 → 0.1.72

package/src/cli/surface-command.ts

@@ -1,247 +0,0 @@
-import type { ConfigKey } from '../config/index.ts';
-import {
-  GOODVIBES_NTFY_AGENT_TOPIC,
-  GOODVIBES_NTFY_CHAT_TOPIC,
-  GOODVIBES_NTFY_REMOTE_TOPIC,
-  resolveGoodVibesNtfyTopics,
-} from '@pellux/goodvibes-sdk/platform/integrations';
-import { getMissingSurfaceFeatureFlags } from '../runtime/surface-feature-flags.ts';
-import { resolveRuntimeEndpointBinding } from './endpoints.ts';
-import { classifyBindPosture, isNetworkFacing } from './network-posture.ts';
-import type { CliCommandRuntime } from './management.ts';
-import {
-  formatJsonOrText,
-  isPresentConfigValue,
-  probeTcp,
-  readAuthPaths,
-  yesNo,
-} from './management.ts';
-
-export const SURFACE_CONFIGS = [
-  ['slack', 'Slack', ['surfaces.slack.signingSecret', 'surfaces.slack.botToken']],
-  ['discord', 'Discord', ['surfaces.discord.publicKey', 'surfaces.discord.botToken', 'surfaces.discord.applicationId']],
-  ['telegram', 'Telegram', ['surfaces.telegram.botToken']],
-  ['webhook', 'Webhook', ['surfaces.webhook.secret']],
-  ['ntfy', 'ntfy', ['surfaces.ntfy.baseUrl']],
-  ['googleChat', 'Google Chat', ['surfaces.googleChat.webhookUrl']],
-  ['signal', 'Signal', ['surfaces.signal.bridgeUrl', 'surfaces.signal.account']],
-  ['whatsapp', 'WhatsApp', ['surfaces.whatsapp.accessToken', 'surfaces.whatsapp.phoneNumberId']],
-  ['imessage', 'iMessage', ['surfaces.imessage.bridgeUrl', 'surfaces.imessage.account']],
-  ['msteams', 'Microsoft Teams', ['surfaces.msteams.appId', 'surfaces.msteams.appPassword']],
-  ['bluebubbles', 'BlueBubbles', ['surfaces.bluebubbles.serverUrl', 'surfaces.bluebubbles.password']],
-  ['mattermost', 'Mattermost', ['surfaces.mattermost.baseUrl', 'surfaces.mattermost.botToken']],
-  ['matrix', 'Matrix', ['surfaces.matrix.homeserverUrl', 'surfaces.matrix.accessToken', 'surfaces.matrix.userId']],
-] as const;
-
-export async function handleSurfacesCommand(runtime: CliCommandRuntime): Promise<{ readonly output: string; readonly exitCode: number }> {
-  const config = runtime.configManager;
-  const [sub = 'list', ...rest] = runtime.cli.commandArgs;
-  const target = rest[0];
-  if (sub === 'enable' || sub === 'disable') {
-    if (!target) return { output: `Usage: goodvibes-agent surfaces ${sub} <web|listener|control-plane|surfaceId>`, exitCode: 2 };
-    const text = [
-      'GoodVibes Agent does not mutate runtime, listener, web, or channel surface posture.',
-      'Configure those surfaces from GoodVibes TUI or the external GoodVibes runtime host, then use `goodvibes-agent surfaces check` for read-only diagnostics.',
-    ].join(' ');
-    return {
-      output: formatJsonOrText(runtime.cli)({
-        ok: false,
-        kind: 'daemon_lifecycle_external',
-        action: `surfaces.${sub}`,
-        target,
-        error: text,
-      }, text),
-      exitCode: 2,
-    };
-  }
-  if (sub !== 'list' && sub !== 'status' && sub !== 'check' && sub !== 'show') {
-    return { output: 'Usage: goodvibes-agent surfaces [list|check|show <surfaceId>]', exitCode: 2 };
-  }
-  const controlPlane = resolveRuntimeEndpointBinding(config, 'controlPlane');
-  const web = resolveRuntimeEndpointBinding(config, 'web');
-  const httpListener = resolveRuntimeEndpointBinding(config, 'httpListener');
-  const includeProbe = sub === 'check';
-  const targetExternalSurface = target && SURFACE_CONFIGS.some(([id]) => id === target);
-  const shouldProbeControlPlane = includeProbe && !target;
-  const shouldProbeWeb = includeProbe && !target;
-  const shouldProbeListener = includeProbe && (!target || targetExternalSurface);
-  const [controlPlaneReachable, webReachable, listenerReachable] = includeProbe
-    ? await Promise.all([
-      shouldProbeControlPlane ? probeTcp(controlPlane.host, controlPlane.port) : Promise.resolve(undefined),
-      shouldProbeWeb ? probeTcp(web.host, web.port) : Promise.resolve(undefined),
-      shouldProbeListener ? probeTcp(httpListener.host, httpListener.port) : Promise.resolve(undefined),
-    ])
-    : [undefined, undefined, undefined];
-  const externalSurfaces = SURFACE_CONFIGS.map(([id, label, requiredKeys]) => {
-    const enabled = config.get(`surfaces.${id}.enabled` as ConfigKey);
-    const missing = requiredKeys.filter((key) => !isPresentConfigValue(config.get(key as ConfigKey)));
-    const missingFeatureFlags = enabled === true ? getMissingSurfaceFeatureFlags(config, id) : [];
-    return {
-      id,
-      label,
-      enabled,
-      ready: !enabled || (missing.length === 0 && missingFeatureFlags.length === 0),
-      missing,
-      missingFeatureFlags,
-    };
-  });
-  const filteredSurfaces = target ? externalSurfaces.filter((surface) => surface.id === target) : externalSurfaces;
-  if (target && filteredSurfaces.length === 0) return { output: `Unknown surface: ${target}`, exitCode: 1 };
-  const ntfyTopics = resolveGoodVibesNtfyTopics({
-    chatTopic: String(config.get('surfaces.ntfy.chatTopic' as ConfigKey) || GOODVIBES_NTFY_CHAT_TOPIC),
-    agentTopic: String(config.get('surfaces.ntfy.agentTopic' as ConfigKey) || GOODVIBES_NTFY_AGENT_TOPIC),
-    remoteTopic: String(config.get('surfaces.ntfy.remoteTopic' as ConfigKey) || GOODVIBES_NTFY_REMOTE_TOPIC),
-  });
-  const readinessIssues: string[] = [];
-  if (shouldProbeControlPlane && config.get('controlPlane.enabled') === true && !controlPlaneReachable) {
-    readinessIssues.push(`Control plane is enabled but not reachable on ${controlPlane.host}:${controlPlane.port}.`);
-  }
-  if (shouldProbeWeb && config.get('web.enabled') === true && !webReachable) {
-    readinessIssues.push(`Web surface is enabled but not reachable on ${web.host}:${web.port}.`);
-  }
-  if (shouldProbeListener && config.get('danger.httpListener') === true && !listenerReachable) {
-    readinessIssues.push(`HTTP listener is enabled but not reachable on ${httpListener.host}:${httpListener.port}.`);
-  }
-  for (const surface of filteredSurfaces) {
-    if (surface.enabled !== true) continue;
-    if (config.get('danger.httpListener') !== true) {
-      readinessIssues.push(`${surface.label} is enabled but the HTTP listener is disabled.`);
-    }
-    if (surface.missing.length > 0) {
-      readinessIssues.push(`${surface.label} is enabled but missing ${surface.missing.join(', ')}.`);
-    }
-    if (surface.missingFeatureFlags.length > 0) {
-      readinessIssues.push(`${surface.label} is enabled but feature gates are disabled: ${surface.missingFeatureFlags.join(', ')}.`);
-    }
-  }
-  const value = {
-    controlPlane: {
-      enabled: config.get('controlPlane.enabled'),
-      hostMode: controlPlane.hostMode,
-      configuredHost: controlPlane.configuredHost,
-      host: controlPlane.host,
-      port: controlPlane.port,
-      reachable: controlPlaneReachable,
-    },
-    web: {
-      enabled: config.get('web.enabled'),
-      hostMode: web.hostMode,
-      configuredHost: web.configuredHost,
-      host: web.host,
-      port: web.port,
-      reachable: webReachable,
-    },
-    httpListener: {
-      enabled: config.get('danger.httpListener'),
-      hostMode: httpListener.hostMode,
-      configuredHost: httpListener.configuredHost,
-      host: httpListener.host,
-      port: httpListener.port,
-      reachable: listenerReachable,
-    },
-    surfaces: filteredSurfaces,
-    readinessIssues,
-  };
-  const output = formatJsonOrText(runtime.cli)(value, [
-    'GoodVibes Agent surfaces',
-    `  control-plane: ${yesNo(value.controlPlane.enabled)} (${value.controlPlane.hostMode} ${value.controlPlane.host}:${value.controlPlane.port})${includeProbe ? ` reachable=${yesNo(value.controlPlane.reachable)}` : ''}`,
-    `  web: ${yesNo(value.web.enabled)} (${value.web.hostMode} ${value.web.host}:${value.web.port})${includeProbe ? ` reachable=${yesNo(value.web.reachable)}` : ''}`,
-    `  http-listener: ${yesNo(value.httpListener.enabled)} (${value.httpListener.hostMode} ${value.httpListener.host}:${value.httpListener.port})${includeProbe ? ` reachable=${yesNo(value.httpListener.reachable)}` : ''}`,
-    '',
-    'External surfaces:',
-    ...value.surfaces.map((surface) => `  ${surface.label.padEnd(16)} enabled=${yesNo(surface.enabled)} ready=${yesNo(surface.ready)}${surface.enabled && surface.missing.length > 0 ? ` missing=${surface.missing.join(',')}` : ''}${surface.enabled && surface.missingFeatureFlags.length > 0 ? ` featureGates=${surface.missingFeatureFlags.join(',')}` : ''}`),
-    ...(filteredSurfaces.some((surface) => surface.id === 'ntfy') ? [
-      '',
-      'ntfy inbound topics:',
-      `  chat: ${ntfyTopics.chatTopic}`,
-      `  agent: ${ntfyTopics.agentTopic}`,
-      `  runtime-only remote: ${ntfyTopics.remoteTopic}`,
-      `  default delivery topic: ${String(config.get('surfaces.ntfy.topic') || '(none)')}`,
-    ] : []),
-    ...(includeProbe ? [
-      readinessIssues.length === 0 ? 'Readiness: ready' : 'Readiness: needs attention',
-      ...readinessIssues.map((issue) => `  - ${issue}`),
-    ] : []),
-  ].join('\n'));
-  return { output, exitCode: includeProbe && readinessIssues.length > 0 ? 1 : 0 };
-}
-
-export interface ListenerTestResult {
-  readonly enabled: unknown;
-  readonly hostMode: string;
-  readonly configuredHost: string;
-  readonly host: string;
-  readonly port: number;
-  readonly posture: ReturnType<typeof classifyBindPosture>;
-  readonly reachable: boolean;
-  readonly service: {
-    readonly enabled: unknown;
-    readonly autostart: unknown;
-    readonly restartOnFailure: unknown;
-  };
-  readonly auth: ReturnType<typeof readAuthPaths>;
-  readonly surfaces: readonly {
-    readonly id: string;
-    readonly label: string;
-    readonly enabled: unknown;
-    readonly ready: boolean;
-    readonly missing: readonly string[];
-    readonly missingFeatureFlags: readonly string[];
-  }[];
-  readonly issues: readonly string[];
-}
-
-export async function buildListenerTestResult(runtime: CliCommandRuntime): Promise<ListenerTestResult> {
-  const enabled = runtime.configManager.get('danger.httpListener');
-  const binding = resolveRuntimeEndpointBinding(runtime.configManager, 'httpListener');
-  const posture = classifyBindPosture(binding);
-  const reachable = enabled === true ? await probeTcp(binding.host, binding.port) : false;
-  const auth = readAuthPaths(runtime);
-  const service = {
-    enabled: runtime.configManager.get('service.enabled'),
-    autostart: runtime.configManager.get('service.autostart'),
-    restartOnFailure: runtime.configManager.get('service.restartOnFailure'),
-  };
-  const surfaces = SURFACE_CONFIGS.map(([id, label, requiredKeys]) => {
-    const surfaceEnabled = runtime.configManager.get(`surfaces.${id}.enabled` as ConfigKey);
-    const missing = requiredKeys.filter((key) => !isPresentConfigValue(runtime.configManager.get(key as ConfigKey)));
-    const missingFeatureFlags = surfaceEnabled === true ? getMissingSurfaceFeatureFlags(runtime.configManager, id) : [];
-    return {
-      id,
-      label,
-      enabled: surfaceEnabled,
-      ready: surfaceEnabled !== true || (missing.length === 0 && missingFeatureFlags.length === 0),
-      missing,
-      missingFeatureFlags,
-    };
-  }).filter((surface) => surface.enabled === true);
-  const issues: string[] = [];
-  if (enabled !== true) issues.push('HTTP listener is disabled.');
-  if (enabled === true && service.enabled !== true) issues.push('HTTP listener is enabled on the external runtime config, but Agent service ownership is disabled.');
-  if (enabled === true && service.autostart !== true) issues.push('HTTP listener is enabled on the external runtime config, but autostart is off.');
-  if (enabled === true && service.restartOnFailure !== true) issues.push('HTTP listener is enabled on the external runtime config, but restart-on-failure is off.');
-  if (isNetworkFacing(enabled, binding) && !auth.userStorePresent) issues.push('Network-facing listener has no local auth user store.');
-  if (isNetworkFacing(enabled, binding) && auth.bootstrapCredentialPresent) issues.push('Network-facing listener still has a bootstrap credential file.');
-  for (const surface of surfaces) {
-    if (surface.missing.length > 0) issues.push(`${surface.label} is enabled but missing ${surface.missing.join(', ')}.`);
-    if (surface.missingFeatureFlags.length > 0) issues.push(`${surface.label} is enabled but feature gates are disabled: ${surface.missingFeatureFlags.join(', ')}.`);
-  }
-  return { enabled, ...binding, posture, reachable, service, auth, surfaces, issues };
-}
-
-export function formatListenerTestResult(runtime: CliCommandRuntime, value: ListenerTestResult): string {
-  return formatJsonOrText(runtime.cli)(value, [
-    'GoodVibes Agent listener test',
-    `  enabled: ${yesNo(value.enabled)}`,
-    `  endpoint: ${value.hostMode} ${value.host}:${value.port}`,
-    `  bind posture: ${value.posture.label}`,
-    `  reachable: ${yesNo(value.reachable)}`,
-    `  service: enabled=${yesNo(value.service.enabled)} autostart=${yesNo(value.service.autostart)} restartOnFailure=${yesNo(value.service.restartOnFailure)}`,
-    `  local auth users: ${value.auth.userStorePresent ? 'present' : 'missing'}`,
-    `  bootstrap credential: ${value.auth.bootstrapCredentialPresent ? 'present' : 'missing'}`,
-    value.surfaces.length === 0 ? '  enabled webhook surfaces: none' : '  enabled webhook surfaces:',
-    ...value.surfaces.map((surface) => `    ${surface.label}: ready=${yesNo(surface.ready)}${surface.missing.length > 0 ? ` missing=${surface.missing.join(',')}` : ''}${surface.missingFeatureFlags.length > 0 ? ` featureGates=${surface.missingFeatureFlags.join(',')}` : ''}`),
-    value.issues.length === 0 ? '  readiness: ready' : '  readiness: needs attention',
-    ...value.issues.map((issue) => `    - ${issue}`),
-  ].join('\n'));
-}

package/src/input/commands/branch-runtime.ts

@@ -1,72 +0,0 @@
-import type { CommandRegistry } from '../command-registry.ts';
-
-export function registerBranchRuntimeCommands(registry: CommandRegistry): void {
-  registry.register({
-    name: 'fork',
-    aliases: ['branch-save'],
-    description: 'Save a named snapshot of the current conversation',
-    usage: '[name]',
-    argsHint: '[name]',
-    handler(args, ctx) {
-      const name = args[0];
-      const branchName = ctx.session.conversationManager.forkBranch(name);
-      const msgCount = ctx.session.conversationManager.getMessageCount();
-      ctx.print(`Forked conversation as "${branchName}" (${msgCount} message${msgCount === 1 ? '' : 's'}).`);
-    },
-  });
-
-  registry.register({
-    name: 'branch',
-    aliases: ['br'],
-    description: 'List conversation branches or switch to one',
-    usage: '[name]',
-    argsHint: '[name]',
-    handler(args, ctx) {
-      if (args.length === 0) {
-        const branches = ctx.session.conversationManager.listBranches();
-        if (branches.length === 0) {
-          ctx.print('No branches. Use /fork [name] to create one.');
-          return;
-        }
-        const current = ctx.session.conversationManager.getCurrentBranch();
-        const lines = [`Branches (current: ${current}):`];
-        for (const branch of branches) {
-          const marker = branch.isCurrent ? '▶' : ' ';
-          lines.push(`  ${marker} ${branch.name}  (${branch.messageCount} message${branch.messageCount === 1 ? '' : 's'})`);
-        }
-        ctx.print(lines.join('\n'));
-        return;
-      }
-      const name = args[0];
-      const ok = ctx.session.conversationManager.switchBranch(name);
-      if (!ok) {
-        ctx.print(`Branch "${name}" not found. Use /fork [name] to create one, or /branch to list.`);
-        return;
-      }
-      ctx.print(`Switched to branch "${name}".`);
-      ctx.renderRequest();
-    },
-  });
-
-  registry.register({
-    name: 'merge',
-    aliases: [],
-    description: 'Append messages from a branch after the fork point',
-    usage: '<name>',
-    argsHint: '<name>',
-    handler(args, ctx) {
-      const name = args[0];
-      if (!name) {
-        ctx.print('Usage: /merge <branch-name>\nSee /branch for available branches.');
-        return;
-      }
-      const ok = ctx.session.conversationManager.mergeBranch(name);
-      if (!ok) {
-        ctx.print(`Branch "${name}" not found. Use /branch to list available branches.`);
-        return;
-      }
-      ctx.print(`Merged branch "${name}" into current conversation.`);
-      ctx.renderRequest();
-    },
-  });
-}

package/src/input/commands/control-room-runtime.ts

@@ -1,234 +0,0 @@
-import type { CommandRegistry } from '../command-registry.ts';
-import { buildMcpAttackPathReview } from '@/runtime/index.ts';
-import { buildKnowledgeInjectionPrompt, selectKnowledgeForTask } from '@pellux/goodvibes-sdk/platform/state';
-import { listBuiltinSubscriptionProviders } from '@pellux/goodvibes-sdk/platform/config';
-import { requireReadModels, requireSubscriptionManager, requireTokenAuditor } from './runtime-services.ts';
-import { getMemoryApi } from './recall-query.ts';
-
-export function registerControlRoomRuntimeCommands(registry: CommandRegistry): void {
-  registry.register({
-    name: 'cockpit',
-    aliases: [],
-    description: 'Open the unified operator cockpit',
-    usage: '',
-    handler(_args, ctx) {
-      if (ctx.openCockpitPanel) {
-        ctx.openCockpitPanel();
-        return;
-      }
-      ctx.print('Cockpit panel is not available in this runtime.');
-    },
-  });
-
-  registry.register({
-    name: 'orchestration',
-    aliases: ['orch'],
-    description: 'Inspect orchestration graphs; local Agent graph cancellation is blocked',
-    usage: '[show [graphId]]',
-    handler(args, ctx) {
-      const graphs = [...requireReadModels(ctx).orchestration.getSnapshot().graphs];
-      if (args.length === 0) {
-        if (ctx.openOrchestrationPanel) {
-          ctx.openOrchestrationPanel();
-          return;
-        }
-        if (graphs.length === 0) {
-          ctx.print('Orchestration panel is not available in this runtime.');
-          return;
-        }
-      }
-      const subcommand = args[0]?.toLowerCase() ?? 'show';
-
-      if (subcommand === 'show') {
-        const graphId = args[1];
-        const graph = graphId ? graphs.find((entry) => entry.id === graphId) : graphs[0];
-        if (!graph) {
-          ctx.print(graphId ? `Unknown orchestration graph: ${graphId}` : 'No orchestration graphs recorded yet.');
-          return;
-        }
-        const lines = [
-          `Graph ${graph.id}`,
-          `  title: ${graph.title}`,
-          `  status: ${graph.status}`,
-          `  mode: ${graph.mode}`,
-          `  nodes: ${graph.nodeOrder.length}`,
-        ];
-        if (graph.lastRecursionGuard) {
-          lines.push(`  last guard: depth ${graph.lastRecursionGuard.depth}, active ${graph.lastRecursionGuard.activeAgents}, ${graph.lastRecursionGuard.reason}`);
-        }
-        for (const nodeId of graph.nodeOrder.slice(0, 12)) {
-          const node = graph.nodes.get(nodeId);
-          if (!node) continue;
-          lines.push(`  - ${node.id} ${node.role} ${node.status} ${node.title}`);
-        }
-        ctx.print(lines.join('\n'));
-        return;
-      }
-
-      if (subcommand === 'cancel') {
-        ctx.print([
-          'GoodVibes Agent orchestration is read-only.',
-          'Local graph/subtree cancellation belongs to the copied coding runtime and is blocked here.',
-          'For explicit build/fix/review work, use /delegate so GoodVibes TUI owns the execution chain.',
-        ].join('\n'));
-        return;
-      }
-
-      ctx.print(`Unknown orchestration subcommand: ${subcommand}`);
-    },
-  });
-
-  registry.register({
-    name: 'communication',
-    aliases: ['comms'],
-    description: 'Inspect structured agent communication routes and recent activity',
-    usage: '',
-    handler(_args, ctx) {
-      if (ctx.openCommunicationPanel) {
-        ctx.openCommunicationPanel();
-        return;
-      }
-      ctx.print('Communication panel is not available in this runtime.');
-    },
-  });
-
-  registry.register({
-    name: 'security',
-    aliases: [],
-    description: 'Inspect security posture, attack paths, and review state',
-    usage: '[review | attack-paths | tokens]',
-    handler(args, ctx) {
-      if (args.length === 0) {
-        if (ctx.openSecurityPanel) {
-          ctx.openSecurityPanel();
-          return;
-        }
-        ctx.print('Security panel is not available in this runtime.');
-        return;
-      }
-
-      const subcommand = args[0]?.toLowerCase() ?? 'review';
-      const audit = requireTokenAuditor(ctx).auditAll(Date.now());
-      const securitySnapshot = requireReadModels(ctx).security.getSnapshot();
-      const policySnapshot = ctx.extensions.policyRuntimeState?.getSnapshot();
-      if (!policySnapshot) {
-        ctx.print('Policy runtime state is not available in this runtime.');
-        return;
-      }
-      const attackPaths = buildMcpAttackPathReview({
-        servers: securitySnapshot.mcpServers,
-        recentDecisions: securitySnapshot.recentMcpDecisions,
-      });
-
-      if (subcommand === 'tokens') {
-        if (audit.results.length === 0) {
-          ctx.print('No registered API tokens are currently under audit.');
-          return;
-        }
-        ctx.print([
-          `Token Audit (${audit.results.length})`,
-          ...audit.results.map((result) => (
-            `  ${result.label}  policy=${result.scope.policyId}  scope=${result.scope.outcome}  rotation=${result.rotation.outcome}  blocked=${result.blocked ? 'yes' : 'no'}`
-          )),
-        ].join('\n'));
-        return;
-      }
-
-      if (subcommand === 'attack-paths') {
-        if (attackPaths.findings.length === 0) {
-          ctx.print('No MCP attack-path findings are currently active.');
-          return;
-        }
-        ctx.print([
-          `MCP Attack-Path Review`,
-          `  summary: ${attackPaths.summary}`,
-          ...attackPaths.findings.slice(0, 12).map((finding) => (
-            `  ${finding.severity.toUpperCase()} ${finding.serverName}  ${finding.route}\n    ${finding.reason}`
-          )),
-        ].join('\n'));
-        return;
-      }
-
-      const plugins = ctx.extensions.pluginManager?.list() ?? [];
-      const subscriptions = requireSubscriptionManager(ctx);
-      const builtinProviders = listBuiltinSubscriptionProviders();
-      ctx.print([
-        'Security Review',
-        `  tokens: ${audit.results.length}`,
-        `  blocked tokens: ${audit.blocked.length}`,
-        `  scope violations: ${audit.scopeViolations.length}`,
-        `  rotation overdue: ${audit.rotationOverdue.length}`,
-        `  rotation warnings: ${audit.rotationWarnings.length}`,
-        `  built-in subscription providers: ${builtinProviders.length}`,
-        `  active subscriptions: ${subscriptions.list().length}`,
-        `  pending subscriptions: ${subscriptions.listPending().length}`,
-        `  policy lint findings: ${policySnapshot.lintFindings.length}`,
-        `  policy preflight: ${policySnapshot.lastPreflightReview?.status ?? 'n/a'}`,
-        `  mcp servers: ${securitySnapshot.mcpServers.length}`,
-        `  mcp quarantined: ${securitySnapshot.mcpServers.filter((server) => server.schemaFreshness === 'quarantined').length}`,
-        `  mcp elevated: ${securitySnapshot.mcpServers.filter((server) => server.trustMode === 'allow-all').length}`,
-        `  mcp attack-path findings: ${attackPaths.findings.length}`,
-        `  quarantined plugins: ${plugins.filter((plugin) => plugin.quarantined).length}`,
-        `  untrusted plugins: ${plugins.filter((plugin) => plugin.trustTier === 'untrusted').length}`,
-      ].join('\n'));
-    },
-  });
-
-  registry.register({
-    name: 'knowledge',
-    aliases: ['know'],
-    description: 'Inspect durable project knowledge, risks, runbooks, and architecture notes',
-    usage: '[open | queue [limit] | explain <task...> [--scope <path> ...]]',
-    handler(args, ctx) {
-      const subcommand = (args[0] ?? 'open').toLowerCase();
-      if (subcommand === 'open') {
-        if (ctx.openKnowledgePanel) {
-          ctx.openKnowledgePanel();
-          return;
-        }
-        ctx.print('Knowledge panel is not available in this runtime.');
-        return;
-      }
-      const memory = getMemoryApi(ctx);
-      if (!memory) return;
-      if (subcommand === 'queue') {
-        const limit = Math.max(1, parseInt(args[1] ?? '10', 10) || 10);
-        const queue = memory.reviewQueue(limit);
-        if (queue.length === 0) {
-          ctx.print('Knowledge review queue is empty.');
-          return;
-        }
-        ctx.print([
-          `Knowledge Review Queue (${queue.length})`,
-          ...queue.map((record) => `  ${record.id}  [${record.scope}/${record.cls}] ${record.reviewState} ${record.confidence}%  ${record.summary}`),
-        ].join('\n'));
-        return;
-      }
-      if (subcommand === 'explain') {
-        const scopeIdx = args.indexOf('--scope');
-        const scopeValues = scopeIdx !== -1
-          ? args.slice(scopeIdx + 1).filter((token) => !token.startsWith('--'))
-          : [];
-        const taskTokens = args.slice(1).filter((token, index) => {
-          if (token === '--scope') return false;
-          if (scopeIdx !== -1 && index + 1 > scopeIdx) return false;
-          return true;
-        });
-        const task = taskTokens.join(' ').trim();
-        if (!task) {
-          ctx.print('Usage: /knowledge explain <task...> [--scope <path> ...]');
-          return;
-        }
-        const injections = selectKnowledgeForTask(memory, task, scopeValues);
-        const prompt = buildKnowledgeInjectionPrompt(injections);
-        ctx.print(prompt ?? 'No reviewed project knowledge matched that task.');
-        return;
-      }
-      if (ctx.openKnowledgePanel) {
-        ctx.openKnowledgePanel();
-        return;
-      }
-      ctx.print(`Unknown knowledge subcommand: ${subcommand}`);
-    },
-  });
-}

package/src/input/commands/discovery-runtime.ts

@@ -1,61 +0,0 @@
-import type { CommandRegistry } from '../command-registry.ts';
-import { scan, persistProviders } from '@pellux/goodvibes-sdk/platform/discovery';
-import { requireProviderApi, requireShellPaths } from './runtime-services.ts';
-import { summarizeError } from '@pellux/goodvibes-sdk/platform/utils';
-import { GOODVIBES_AGENT_SURFACE_ROOT } from '../../config/surface.ts';
-import { requireYesFlag, stripYesFlag } from './confirmation.ts';
-
-export function registerDiscoveryRuntimeCommands(registry: CommandRegistry): void {
-  registry.register({
-    name: 'scan',
-    aliases: [],
-    description: 'Scan localhost and LAN for local LLM servers',
-    usage: '[--yes]',
-    async handler(args, ctx) {
-      const { yes } = stripYesFlag(args);
-      ctx.print('Scanning for local LLM servers...');
-      ctx.renderRequest();
-
-      const result = await scan();
-
-      if (result.servers.length === 0) {
-        ctx.print(
-          `[Scan] No local LLM servers found (scanned ${result.scannedHosts} hosts, ` +
-          `${result.scannedPorts} ports in ${Math.round(result.durationMs / 1000)}s)`,
-        );
-      } else {
-        const lines = [
-          `[Scan] Found ${result.servers.length} server(s) in ${Math.round(result.durationMs / 1000)}s:`,
-          '',
-          ...result.servers.map((server) =>
-            `  ${server.name.padEnd(30)} ${server.models.length} model(s)  ${server.host}:${server.port}`,
-          ),
-          '',
-          'Use /model to select a discovered model.',
-        ];
-        ctx.print(lines.join('\n'));
-      }
-
-      if (result.servers.length > 0) {
-        if (!yes) {
-          requireYesFlag(ctx, 'persist discovered local provider configuration', '/scan --yes');
-          ctx.print('[Scan] Discovery results were not saved. Rerun /scan --yes to register and persist providers.');
-          ctx.renderRequest();
-          return;
-        }
-        try {
-          await requireProviderApi(ctx).registerDiscoveredProviders(result.servers);
-        } catch (err) {
-          ctx.print(`[Scan] Warning: failed to register some providers: ${summarizeError(err)}`);
-        }
-        const shellPaths = requireShellPaths(ctx);
-        persistProviders({
-          homeDirectory: shellPaths.homeDirectory,
-          surfaceRoot: GOODVIBES_AGENT_SURFACE_ROOT,
-        }, result.servers);
-        ctx.print('[Scan] Discovered providers registered and persisted.');
-      }
-      ctx.renderRequest();
-    },
-  });
-}