@pellux/goodvibes-agent 1.0.34 → 1.0.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/CHANGELOG.md +28 -13
  2. package/README.md +11 -8
  3. package/dist/package/main.js +1592 -921
  4. package/docs/README.md +6 -5
  5. package/docs/channels-remote-and-api.md +3 -3
  6. package/docs/connected-host.md +3 -3
  7. package/docs/getting-started.md +20 -12
  8. package/docs/knowledge-artifacts-and-multimodal.md +9 -4
  9. package/docs/project-planning.md +3 -3
  10. package/docs/providers-and-routing.md +2 -2
  11. package/docs/release-and-publishing.md +8 -8
  12. package/docs/tools-and-commands.md +34 -17
  13. package/docs/voice-and-live-tts.md +1 -1
  14. package/package.json +1 -1
  15. package/release/live-verification/live-verification.json +15 -15
  16. package/release/live-verification/live-verification.md +19 -21
  17. package/release/release-notes.md +6 -6
  18. package/release/release-readiness.json +64 -64
  19. package/src/agent/harness-control.ts +35 -9
  20. package/src/agent/reminder-schedule-format.ts +2 -5
  21. package/src/agent/reminder-schedule.ts +4 -11
  22. package/src/agent/routine-schedule-format.ts +3 -6
  23. package/src/agent/routine-schedule-promotion.ts +5 -14
  24. package/src/agent/routine-schedule-receipts.ts +4 -9
  25. package/src/cli/agent-knowledge-command.ts +6 -11
  26. package/src/cli/agent-knowledge-format.ts +4 -9
  27. package/src/cli/agent-knowledge-runtime.ts +7 -14
  28. package/src/cli/external-runtime.ts +3 -46
  29. package/src/cli/help.ts +2 -2
  30. package/src/cli/status.ts +6 -7
  31. package/src/input/agent-workspace-categories.ts +23 -23
  32. package/src/input/agent-workspace-channels.ts +3 -3
  33. package/src/input/agent-workspace-operations-command-editors.ts +1 -1
  34. package/src/input/command-registry.ts +1 -1
  35. package/src/input/commands/compat-runtime.ts +1 -1
  36. package/src/input/commands/planning-runtime.ts +1 -1
  37. package/src/input/commands/runtime-services.ts +1 -1
  38. package/src/input/mcp-workspace.ts +1 -1
  39. package/src/input/submission-router.ts +1 -1
  40. package/src/panels/builtin/shared.ts +1 -1
  41. package/src/panels/project-planning-panel.ts +4 -4
  42. package/src/panels/qr-panel.ts +2 -2
  43. package/src/renderer/conversation-overlays.ts +1 -0
  44. package/src/runtime/bootstrap-command-parts.ts +1 -1
  45. package/src/runtime/bootstrap-core.ts +3 -1
  46. package/src/runtime/bootstrap-hook-bridge.ts +1 -1
  47. package/src/runtime/bootstrap-shell.ts +1 -1
  48. package/src/runtime/bootstrap.ts +7 -4
  49. package/src/runtime/context.ts +2 -2
  50. package/src/runtime/index.ts +88 -5
  51. package/src/runtime/store/state.ts +1 -1
  52. package/src/tools/agent-channel-send-tool.ts +1 -1
  53. package/src/tools/agent-harness-channel-metadata.ts +36 -25
  54. package/src/tools/agent-harness-cli-metadata.ts +19 -1
  55. package/src/tools/agent-harness-command-catalog.ts +15 -4
  56. package/src/tools/agent-harness-connected-host-status.ts +7 -6
  57. package/src/tools/agent-harness-delegation-posture.ts +15 -4
  58. package/src/tools/agent-harness-keybinding-metadata.ts +67 -16
  59. package/src/tools/agent-harness-mcp-metadata.ts +11 -3
  60. package/src/tools/agent-harness-media-posture.ts +25 -14
  61. package/src/tools/agent-harness-metadata.ts +140 -37
  62. package/src/tools/agent-harness-mode-catalog.ts +258 -0
  63. package/src/tools/agent-harness-model-routing.ts +18 -3
  64. package/src/tools/agent-harness-model-tool-catalog.ts +85 -7
  65. package/src/tools/agent-harness-notification-metadata.ts +30 -19
  66. package/src/tools/agent-harness-operator-methods.ts +15 -10
  67. package/src/tools/agent-harness-pairing-posture.ts +17 -5
  68. package/src/tools/agent-harness-panel-metadata.ts +10 -4
  69. package/src/tools/agent-harness-provider-account-metadata.ts +46 -35
  70. package/src/tools/agent-harness-release-evidence.ts +31 -3
  71. package/src/tools/agent-harness-release-readiness.ts +30 -0
  72. package/src/tools/agent-harness-security-posture.ts +18 -4
  73. package/src/tools/agent-harness-service-posture.ts +9 -2
  74. package/src/tools/agent-harness-session-metadata.ts +24 -8
  75. package/src/tools/agent-harness-setup-posture.ts +32 -21
  76. package/src/tools/agent-harness-text.ts +6 -0
  77. package/src/tools/agent-harness-tool-schema.ts +1 -1
  78. package/src/tools/agent-harness-tool.ts +38 -36
  79. package/src/tools/agent-harness-ui-surface-metadata.ts +105 -101
  80. package/src/tools/agent-harness-workspace-actions.ts +64 -3
  81. package/src/tools/agent-knowledge-ingest-tool.ts +1 -1
  82. package/src/tools/agent-knowledge-tool.ts +1 -1
  83. package/src/tools/agent-media-generate-tool.ts +2 -2
  84. package/src/tools/agent-notify-tool.ts +1 -1
  85. package/src/tools/agent-reminder-schedule-tool.ts +1 -1
  86. package/src/tools/tool-definition-compaction.ts +76 -0
  87. package/src/version.ts +2 -8
@@ -40,7 +40,7 @@
40
40
  },
41
41
  {
42
42
  "id": "goodvibes-connected-host",
43
- "kind": "connected-host-sdk",
43
+ "kind": "connected-host",
44
44
  "observedAt": "2026-06-04",
45
45
  "evidence": "Connected-host route, operator, channel, media, pairing, and automation contracts reviewed under runtime-contract-review; packaged Agent docs mirror the owned boundaries."
46
46
  },
@@ -53,17 +53,17 @@
53
53
  ],
54
54
  "items": [
55
55
  {
56
- "id": "operator-tui-front-door",
56
+ "id": "operator-workspace-primary-surface",
57
57
  "capability": "Terminal-first personal operator workspace launches by default and exposes the high-signal workflows from one TUI surface.",
58
58
  "owner": "agent",
59
59
  "status": "covered",
60
60
  "evidence": "src/input/agent-workspace-categories.ts; src/renderer/agent-workspace.ts; docs/getting-started.md",
61
- "action": "Keep Agent workspace as the first-screen product surface and avoid adding a marketing or coding-first front door.",
61
+ "action": "Keep Agent workspace as the first-screen product surface and avoid adding a marketing or coding-first entrypoint.",
62
62
  "quality": {
63
63
  "capabilityCoverage": "Matches the release expectation that the product opens into the real operator workspace, with setup, runtime posture, local context, channels, media, planning, and delegation reachable from one first-screen TUI.",
64
64
  "userAccess": "The user can open the workspace by default or through /agent, /home, and /operator, then browse workspace categories and actions directly.",
65
- "modelAccess": "agent_harness summary, workspace_categories, workspace_actions, workspace_action, run_workspace_action, ui_surfaces, and open_ui_surface expose the same workspace map and visible navigation routes to the model.",
66
- "safetyBoundary": "The workspace stays Agent-first and avoids hidden connected-host lifecycle control, coding-first front doors, and marketing-only surfaces.",
65
+ "modelAccess": "agent_harness mode:\"summary\", mode:\"workspace\", mode:\"workspace_categories\", mode:\"workspace_actions\", mode:\"workspace_action\", mode:\"run_workspace_action\", mode:\"panels\", mode:\"panel\", mode:\"open_panel\", mode:\"ui_surfaces\", mode:\"ui_surface\", mode:\"open_ui_surface\", mode:\"shortcuts\", mode:\"keybindings\", mode:\"keybinding\", mode:\"run_keybinding\", mode:\"set_keybinding\", and mode:\"reset_keybinding\" expose the same workspace map, visible navigation routes, and keyboard route controls to the model, with compact workspace action, panel, UI surface, and keybinding modelRoute hints for route selection.",
66
+ "safetyBoundary": "The workspace stays Agent-first and avoids hidden connected-host lifecycle control, coding-first entrypoints, and marketing-only surfaces.",
67
67
  "releaseEvidence": "release-readiness inventory plus package-facing README and getting-started docs cite the workspace files and keep this as a required release item."
68
68
  }
69
69
  },
@@ -77,7 +77,7 @@
77
77
  "quality": {
78
78
  "capabilityCoverage": "Covers first-run provider setup, Agent Knowledge readiness, local behavior libraries, channels, voice/media, support posture, and connected-host compatibility as a single setup path.",
79
79
  "userAccess": "The user gets onboarding and setup workspaces with preloaded current settings and reviewable readiness state.",
80
- "modelAccess": "agent_harness setup_posture/setup_item exposes onboarding snapshot posture, setup marker state, derived capability flags, provider route, provider-account counts, subscription counts, local behavior discovery, channel/media/setup signals, and single setup-item lookup; visible UI, settings, workspace, and command routes remain for confirmed setup mutations.",
80
+ "modelAccess": "agent_harness mode:\"setup_posture\" and mode:\"setup_item\" exposes onboarding snapshot posture, setup marker state, derived capability flags, provider route, provider-account counts, subscription counts, local behavior discovery, channel/media/setup signals, and single setup-item lookup; settings rows include compact modelRoute hints, and visible UI, workspace, and command routes remain for confirmed setup mutations.",
81
81
  "safetyBoundary": "Setup reads and writes Agent-owned settings only, keeps token values redacted, and does not start or install connected-host services.",
82
82
  "releaseEvidence": "Readiness evidence cites onboarding wizard, verification, and direct harness sources, while ledger accounting and package-facing docs cover model-visible setup/onboarding posture."
83
83
  }
@@ -92,7 +92,7 @@
92
92
  "quality": {
93
93
  "capabilityCoverage": "Covers active model visibility, custom provider setup, model refresh, favorites, pinned models, context windows, provider health, and reasoning effort controls.",
94
94
  "userAccess": "The user can operate provider and model routing from the Agent workspace, /model, /provider, model picker, provider workspace, and scriptable CLI mirrors.",
95
- "modelAccess": "agent_harness model_routing/model_route exposes current provider/model route, selectable models, provider ids, pinned models, reasoning support, context windows, safe route setting keys, and single route/model lookup; visible picker, settings, workspace, and command routes remain for confirmed selection, refresh, pin/unpin, custom provider, and setting mutations.",
95
+ "modelAccess": "agent_harness mode:\"model_routing\" and mode:\"model_route\" exposes current provider/model route, selectable models, provider ids, pinned models, reasoning support, context windows, safe route setting keys, and single route/model lookup; visible picker, settings, workspace, and command routes remain for confirmed selection, refresh, pin/unpin, custom provider, and setting mutations.",
96
96
  "safetyBoundary": "Provider auth and model changes are explicit, secret-backed where needed, and do not print raw credentials.",
97
97
  "releaseEvidence": "Provider routing docs, direct harness source, package-facing text checks, and readiness item evidence keep this feature required for stable releases."
98
98
  }
@@ -107,7 +107,7 @@
107
107
  "quality": {
108
108
  "capabilityCoverage": "Covers account snapshots, subscriptions, usage windows, auth route posture, and login/logout safety without token leakage.",
109
109
  "userAccess": "The user can inspect provider accounts and subscription state through Agent workspace routes and /accounts, /auth, and /subscription commands.",
110
- "modelAccess": "agent_harness provider_accounts/provider_account exposes provider auth route posture, subscription freshness, usage windows, route issues, repair guidance, and single-provider lookup; model_routing/model_route, settings/get_setting/set_setting, and connected_host_status expose related routing/readiness context while login/logout remains a visible confirmation-gated user flow.",
110
+ "modelAccess": "agent_harness mode:\"provider_accounts\" and mode:\"provider_account\" exposes provider auth route posture, subscription freshness, usage windows, route issues, repair guidance, and single-provider lookup; mode:\"model_routing\" and mode:\"model_route\", mode:\"settings\", mode:\"get_setting\", mode:\"set_setting\", and mode:\"reset_setting\" expose related routing/readiness context with per-setting modelRoute hints while login/logout remains a visible confirmation-gated user flow.",
111
111
  "safetyBoundary": "Account inspection is read-only by default, auth mutations require explicit confirmation, and captured output redacts tokens.",
112
112
  "releaseEvidence": "Readiness evidence points to provider account and subscription command implementations, with package policy guarding token-safe docs and release smoke."
113
113
  }
@@ -122,8 +122,8 @@
122
122
  "quality": {
123
123
  "capabilityCoverage": "Covers isolated Agent Knowledge ask, search, source review, connectors, ingest, reindex, consolidation, graph operations, and status without default knowledge fallback.",
124
124
  "userAccess": "The user can operate Agent Knowledge from the workspace, /knowledge, and goodvibes-agent knowledge CLI mirrors.",
125
- "modelAccess": "agent_knowledge and agent_knowledge_ingest expose status, ask/search, source/node/issue lists, item lookup, map summary, connector inspection, and ingest; agent_harness operator_methods/operator_method and tool/schema lookup expose route metadata to the model.",
126
- "safetyBoundary": "All Knowledge traffic targets only /api/goodvibes-agent/knowledge/*, rejects non-Agent space-selection flags, and fails closed when successful responses expose default scope metadata or known non-Agent payload markers.",
125
+ "modelAccess": "agent_knowledge and agent_knowledge_ingest expose status, ask/search, source/node/issue lists, item lookup, map summary, connector inspection, and ingest; agent_harness mode:\"workspace_actions\", mode:\"workspace_action\", mode:\"run_workspace_action\", mode:\"commands\", mode:\"command\", mode:\"run_command\", mode:\"operator_methods\", mode:\"operator_method\", mode:\"tools\", and mode:\"tool\" expose review, packet/explain, consolidation, reindex, tool schemas, and route metadata to the model.",
126
+ "safetyBoundary": "Connected-host Knowledge traffic targets only /api/goodvibes-agent/knowledge/*, rejects non-Agent space-selection flags, and fails closed when successful responses expose default scope metadata or known non-Agent payload markers; local Knowledge service review/consolidation routes remain isolated to Agent Knowledge.",
127
127
  "releaseEvidence": "Package-facing required text, architecture policy, readiness evidence, and live verification checks require isolated Knowledge status, ask, search, library, item, map, connector outcomes, and response-scope contamination detection."
128
128
  }
129
129
  },
@@ -137,7 +137,7 @@
137
137
  "quality": {
138
138
  "capabilityCoverage": "Covers explicit handling for artifacts, files, URL lists, bookmarks, browser history, generated media, and reviewed source promotion.",
139
139
  "userAccess": "The user can use workspace ingest forms, media generation, notes, bookmarks, and Knowledge ingest mirrors with clear review steps.",
140
- "modelAccess": "agent_knowledge_ingest exposes URL/file/URL-list/bookmarks/browser-history/connector ingest, agent_media_generate exposes confirmed generated artifacts, media_posture/media_provider exposes media readiness, and sessions/session exposes bookmark/session artifact posture.",
140
+ "modelAccess": "agent_knowledge_ingest exposes URL/file/URL-list/bookmarks/browser-history/connector ingest, agent_media_generate exposes confirmed generated artifacts, mode:\"media_posture\" and mode:\"media_provider\" exposes media readiness, and mode:\"sessions\" and mode:\"session\" exposes bookmark/session artifact posture.",
141
141
  "safetyBoundary": "No artifact, generated media, or research source is silently promoted into durable memory or non-Agent knowledge.",
142
142
  "releaseEvidence": "Readiness and docs cite Knowledge/artifact/media boundaries, and package policy requires those docs in the installable package."
143
143
  }
@@ -173,7 +173,7 @@
173
173
  }
174
174
  },
175
175
  {
176
- "id": "routine-schedule-bridge",
176
+ "id": "routine-schedule-promotion",
177
177
  "capability": "Local routines can be promoted to connected-host schedules only by explicit confirmation, with redacted receipts and reconciliation.",
178
178
  "owner": "agent",
179
179
  "status": "covered",
@@ -197,7 +197,7 @@
197
197
  "quality": {
198
198
  "capabilityCoverage": "Covers reminders, notification targets, webhook delivery, redacted readiness, and explicit one-shot sends.",
199
199
  "userAccess": "The user can schedule reminders and manage notifications from the Agent workspace and /notify or /schedule commands.",
200
- "modelAccess": "agent_reminder_schedule, agent_notify, and agent_harness notifications/notification_target plus command/workspace action metadata expose reminder and notification flows to the model.",
200
+ "modelAccess": "agent_reminder_schedule, agent_notify, and agent_harness mode:\"notifications\" and mode:\"notification_target\" plus command/workspace action metadata expose reminder and notification flows to the model.",
201
201
  "safetyBoundary": "Delivery is opt-in, exact-target, confirmation-gated where mutating, and does not render stored tokens.",
202
202
  "releaseEvidence": "Readiness evidence cites reminder, notify, and tool implementations, with live outcome certification covering externally backed delivery."
203
203
  }
@@ -212,7 +212,7 @@
212
212
  "quality": {
213
213
  "capabilityCoverage": "Covers channel readiness, account posture, setup guidance, policy, status, and one-message confirmed delivery across configured channel surfaces.",
214
214
  "userAccess": "The user can inspect and send channel messages through Agent Workspace -> Channels and /channels mirrors.",
215
- "modelAccess": "agent_harness channels/channel exposes structured readiness, setup state, delivery posture, risk labels, and safe config-key names; agent_channel_send exposes the exact confirmed send route.",
215
+ "modelAccess": "agent_harness mode:\"channels\" and mode:\"channel\" exposes structured readiness, setup state, delivery posture, risk labels, and safe config-key names; agent_channel_send exposes the exact confirmed send route.",
216
216
  "safetyBoundary": "Channel sends require explicit target and confirmation, do not infer routes from chat, and do not expose secret values.",
217
217
  "releaseEvidence": "Readiness evidence cites channel runtime/tool/docs sources, and live certification requires real external channel outcome coverage before release."
218
218
  }
@@ -227,7 +227,7 @@
227
227
  "quality": {
228
228
  "capabilityCoverage": "Covers QR-first companion pairing, manual-token fallback, shared-session posture, realtime client readiness, and safe token display.",
229
229
  "userAccess": "The user can pair through workspace access routes, /pair, and /qrcode, with manual token display requiring explicit confirmation.",
230
- "modelAccess": "agent_harness pairing_posture/pairing_route exposes companion pairing endpoint binding, pairing surface id, token presence/fingerprint, route catalog, connected-host status/capability routes, channel readiness routes, and single pairing-route lookup without returning raw tokens or QR payloads.",
230
+ "modelAccess": "agent_harness mode:\"pairing_posture\" and mode:\"pairing_route\" exposes companion pairing endpoint binding, pairing surface id, token presence/fingerprint, route catalog, connected-host status/capability routes, channel readiness routes, and single pairing-route lookup without returning raw tokens or QR payloads.",
231
231
  "safetyBoundary": "Raw pairing tokens are hidden by default and only displayed when the user explicitly requests manual output.",
232
232
  "releaseEvidence": "Readiness evidence cites workspace, QR runtime, direct harness, and help surfaces, with live certification covering connected-host pairing readiness."
233
233
  }
@@ -242,7 +242,7 @@
242
242
  "quality": {
243
243
  "capabilityCoverage": "Covers approval queues, automation jobs/runs/schedules, status views, and narrow confirmed approve, deny, cancel, run, pause, resume, retry, and run-now operations.",
244
244
  "userAccess": "The user can operate approvals and automation through workspace forms and exact /approval, /automation, and /schedule mirrors.",
245
- "modelAccess": "agent_operator_briefing, agent_operator_action, and agent_harness command/workspace metadata expose read-only status and exact confirmed actions to the model.",
245
+ "modelAccess": "agent_operator_briefing, agent_operator_action, and agent_harness command and workspace metadata expose read-only status and exact confirmed actions to the model.",
246
246
  "safetyBoundary": "Ordinary chat cannot silently create or mutate broad automation definitions; every mutation is exact and confirmation-gated.",
247
247
  "releaseEvidence": "Readiness evidence cites operator action and runtime sources, and live certification covers externally backed automation outcomes."
248
248
  }
@@ -257,7 +257,7 @@
257
257
  "quality": {
258
258
  "capabilityCoverage": "Covers planning interviews, visible work-plan state, task status, and project planning without implicit parallel execution jobs.",
259
259
  "userAccess": "The user can inspect and update planning from /plan, /workplan, workspace planning panels, and task/status surfaces.",
260
- "modelAccess": "agent_work_plan exposes list/get/create/update/status/remove/clear_completed for visible Agent-local work plans; agent_harness panels/panel and workspace metadata expose the matching TUI visibility without spawning implementation jobs.",
260
+ "modelAccess": "agent_work_plan exposes list/get/create/update/status/remove/clear_completed for visible Agent-local work plans; agent_harness mode:\"panels\" and mode:\"panel\" expose matching TUI visibility with compact panel modelRoute hints without spawning implementation jobs.",
261
261
  "safetyBoundary": "Planning stays serial and explicit until the user asks for execution, and it does not auto-spawn implementation roles.",
262
262
  "releaseEvidence": "Readiness evidence cites planning coordinator and command sources, with verification ledger accounting for onboarding and work-plan surfaces."
263
263
  }
@@ -272,7 +272,7 @@
272
272
  "quality": {
273
273
  "capabilityCoverage": "Covers build, fix, review, and implementation delegation through explicit shared-session/task routes instead of turning Agent into a coding TUI.",
274
274
  "userAccess": "The user can delegate from Agent workspace forms or /delegate when they explicitly ask for build/fix/review/implementation work.",
275
- "modelAccess": "agent_harness delegation_posture/delegation_route exposes explicit build-delegation routes, runtime availability, delegated-review policy, main-conversation ownership, blocked local coding ownership, and single delegation-route lookup; delegated work submission remains a visible confirmed workspace or slash-command flow.",
275
+ "modelAccess": "agent_harness mode:\"delegation_posture\" and mode:\"delegation_route\" exposes explicit build-delegation routes, runtime availability, delegated-review policy, main-conversation ownership, blocked local coding ownership, and single delegation-route lookup; delegated work submission remains a visible confirmed workspace or slash-command flow.",
276
276
  "safetyBoundary": "Delegated review or implementation is never the default reasoning path and requires explicit user intent.",
277
277
  "releaseEvidence": "Readiness evidence cites delegation runtime, direct harness source, and docs, with package boundary checks rejecting coding-first Agent product drift."
278
278
  }
@@ -287,7 +287,7 @@
287
287
  "quality": {
288
288
  "capabilityCoverage": "Covers MCP server setup, tool inventory, trust posture, security review, secrets, and confirmation-gated trust changes.",
289
289
  "userAccess": "The user can review MCP and tool trust through Agent workspace, /mcp, /security, /trust, and settings surfaces.",
290
- "modelAccess": "agent_harness mcp_servers/mcp_server exposes read-only server posture, trust mode, role, quarantine state, and optional per-server tool inventory; security_posture/security_finding exposes trust/security findings; tools/tool exposes model tool schema; settings/get_setting/set_setting exposes confirmed setting routes.",
290
+ "modelAccess": "agent_harness mode:\"mcp_servers\" and mode:\"mcp_server\" exposes read-only server posture, trust mode, role, quarantine state, and optional per-server tool inventory; mode:\"security_posture\" and mode:\"security_finding\" exposes trust/security findings; mode:\"tools\" and mode:\"tool\" expose compact model tool rows with direct harness inspection routes and detailed schemas on request; mode:\"settings\", mode:\"get_setting\", and mode:\"set_setting\" exposes per-setting modelRoute hints and confirmed setting routes.",
291
291
  "safetyBoundary": "Tool trust changes, secret writes, and server mutations are explicit and do not silently install or expose tools.",
292
292
  "releaseEvidence": "Readiness evidence cites MCP/security/product runtimes and the direct MCP server harness catalog, with package text policy and the verification ledger documenting model-visible harness boundaries."
293
293
  }
@@ -302,7 +302,7 @@
302
302
  "quality": {
303
303
  "capabilityCoverage": "Covers voice review, live TTS, image input, media provider readiness, transcription/voice posture, and confirmed image/video artifact generation.",
304
304
  "userAccess": "The user can operate voice and media through Agent Workspace -> Voice & Media and /tts, /voice, /image, and /media commands.",
305
- "modelAccess": "agent_harness media_posture/media_provider exposes voice/media provider readiness, selected TTS setup, browser-tool posture, artifact availability, safe secret-key names, and model routes; agent_media_generate performs confirmed media generation.",
305
+ "modelAccess": "agent_harness mode:\"media_posture\" and mode:\"media_provider\" exposes voice/media provider readiness, selected TTS setup, browser-tool posture, artifact availability, safe secret-key names, and model routes; agent_media_generate performs confirmed media generation.",
306
306
  "safetyBoundary": "Spoken output and generated media are not durable knowledge unless the user explicitly ingests reviewed artifacts.",
307
307
  "releaseEvidence": "Readiness evidence cites voice/media runtime/docs and direct harness sources, while ledger accounting and live certification cover media and connected-host outcomes."
308
308
  }
@@ -317,7 +317,7 @@
317
317
  "quality": {
318
318
  "capabilityCoverage": "Covers save/load/export/search, transcript review, bookmarks, image attachment, context references, session continuity, and artifact follow-up.",
319
319
  "userAccess": "The user can manage sessions and conversation artifacts through TUI controls, workspace actions, pickers, overlays, and /save, /load, /sessions, /conversation, /bookmarks, and /image commands.",
320
- "modelAccess": "agent_harness sessions/session exposes current session posture, saved-session metadata/search, bookmark counts, saved bookmark file counts, and single-session lookup; visible save/resume/export/delete/bookmark flows remain confirmation-gated user routes.",
320
+ "modelAccess": "agent_harness mode:\"sessions\" and mode:\"session\" exposes current session posture, saved-session metadata/search, bookmark counts, saved bookmark file counts, and single-session lookup; visible save/resume/export/delete/bookmark flows remain confirmation-gated user routes.",
321
321
  "safetyBoundary": "Conversation controls stay visible and local; file/URL context references do not silently ingest into Agent Knowledge.",
322
322
  "releaseEvidence": "Readiness evidence cites session workflow, workspace, and direct harness sources, while ledger accounting and package text checks cover sessions/bookmarks, overlays, and command catalog docs."
323
323
  }
@@ -332,7 +332,7 @@
332
332
  "quality": {
333
333
  "capabilityCoverage": "Covers support, auth, subscription, trust, recall, and portable bundle inspection/export/import with redaction and confirmation.",
334
334
  "userAccess": "The user can export and inspect bundles through workspace routes and /bundle, /auth, /trust, /subscription, and recall bundle commands.",
335
- "modelAccess": "agent_harness security_posture/security_finding exposes redacted token, policy, MCP, plugin, incident, auth, and support-bundle posture; support_bundles/support_bundle exposes bundle routes and redacted existing-bundle inspection without returning raw config, token, or secret values.",
335
+ "modelAccess": "agent_harness mode:\"security_posture\" and mode:\"security_finding\" exposes redacted token, policy, MCP, plugin, incident, auth, and support-bundle posture; mode:\"support_bundles\" and mode:\"support_bundle\" exposes bundle routes and redacted existing-bundle inspection without returning raw config, token, or secret values.",
336
336
  "safetyBoundary": "Sensitive bundle export/import and trust changes are confirmation-gated and redact secret values.",
337
337
  "releaseEvidence": "Readiness evidence cites bundle, security, auth, trust, workspace, and direct harness sources, with package policy and ledger accounting guarding token-safe documentation and install smoke."
338
338
  }
@@ -345,26 +345,26 @@
345
345
  "evidence": "src/cli/status.ts; src/cli/management.ts; src/input/commands/health-runtime.ts; src/input/commands/compat-runtime.ts",
346
346
  "action": "Keep diagnostics read-only and linked to connected-host repair guidance.",
347
347
  "quality": {
348
- "capabilityCoverage": "Covers status, doctor, compatibility, health, auth review, connected-host route posture, SDK pin checks, and Agent Knowledge readiness.",
348
+ "capabilityCoverage": "Covers status, doctor, compatibility, health, auth review, connected-host route posture, and Agent Knowledge readiness.",
349
349
  "userAccess": "The user can run workspace health routes and goodvibes-agent status, doctor, compat, and auth review mirrors.",
350
- "modelAccess": "agent_harness operator_methods, operator_method, service_posture, service_endpoint, connected_host, connected_host_capability, connected_host_status, cli_command, setup_posture/setup_item, provider_accounts/provider_account, and mcp_servers/mcp_server expose the same diagnostics to the model.",
350
+ "modelAccess": "agent_harness mode:\"operator_methods\", mode:\"operator_method\", mode:\"service_posture\", mode:\"service_endpoint\", mode:\"connected_host\", mode:\"connected_host_capability\", mode:\"connected_host_status\", mode:\"daemon\", mode:\"daemon_status\", mode:\"cli_commands\", mode:\"cli_command\", mode:\"setup_posture\", mode:\"setup_item\", mode:\"provider_accounts\", mode:\"provider_account\", mode:\"mcp_servers\", and mode:\"mcp_server\" expose the same diagnostics to the model, with compact connected-host modelRoute hints for follow-up route selection.",
351
351
  "safetyBoundary": "Diagnostics are read-only, redact token state, and provide repair guidance without lifecycle control.",
352
352
  "releaseEvidence": "Readiness evidence cites status/health/compat sources, with live verification requiring CLI status, compat, doctor, connected-host, model, and Agent Knowledge checks."
353
353
  }
354
354
  },
355
355
  {
356
356
  "id": "release-package-install",
357
- "capability": "Package metadata, docs, Bun-only install, runtime build, compiled binary smoke, performance fixture checks, publish checks, install checks, and release workflows are guarded by shared release metadata verification.",
357
+ "capability": "Package metadata, docs, Bun-only install, runtime build, compiled binary smoke, recorded performance snapshot checks, publish checks, install checks, and release workflows are guarded by shared release metadata verification.",
358
358
  "owner": "release",
359
359
  "status": "covered",
360
360
  "evidence": "release/performance-snapshot.json; src/cli/package-verification.ts; scripts/release.ts; scripts/perf-check.ts; scripts/publish-check.ts; scripts/package-install-check.ts; .github/workflows/ci.yml",
361
361
  "action": "Keep release validation centralized and package-facing docs aligned with Agent product boundaries.",
362
362
  "quality": {
363
- "capabilityCoverage": "Covers package identity, Bun-only install, runtime build, package docs, compact model tool and harness metadata policy, compiled binary smoke, pack/install smoke, publish checks, performance checks, and tarball policy.",
363
+ "capabilityCoverage": "Covers package identity, Bun-only install, runtime build, package docs, compact model tool and harness metadata policy, searchable harness mode discovery, command/CLI/tool route metadata, keyboard route metadata, operator/audit route metadata, stripped registered schema descriptions, compiled binary smoke, pack/install smoke, publish checks, performance checks, and tarball policy.",
364
364
  "userAccess": "The user receives one installable package with goodvibes-agent as the executable and package-facing docs included in the tarball.",
365
- "modelAccess": "agent_harness exposes package-facing CLI mirror metadata and docs describe model routes so the assistant can operate installed surfaces instead of hidden nested processes.",
365
+ "modelAccess": "agent_harness exposes package-facing slash-command, CLI mirror, keybinding, tool catalog, connected-host, and operator/audit route metadata plus mode:\"modes\" and mode:\"mode\" discovery so the assistant can operate installed surfaces instead of hidden nested processes.",
366
366
  "safetyBoundary": "The package excludes tests, private verification internals, connected-host binaries, lifecycle ownership, and forbidden boundary paths.",
367
- "releaseEvidence": "Shared package verification, compact model tool/harness metadata checks, release scripts, performance snapshot, and release workflow policy keep the package gate required for every release."
367
+ "releaseEvidence": "Shared package verification, compact model tool/harness metadata checks, searchable harness mode catalog ledger, command/CLI/tool route guards, keyboard route guards, connected-host route guards, operator/audit route guards, stripped schema-description checks, release scripts, performance snapshot, and release workflow policy keep the package gate required for every release."
368
368
  }
369
369
  },
370
370
  {
@@ -375,11 +375,11 @@
375
375
  "evidence": "src/verification/live-verifier.ts; scripts/verify-live.ts; docs/release-and-publishing.md",
376
376
  "action": "Run live verification for stable releases after product work is complete.",
377
377
  "quality": {
378
- "capabilityCoverage": "Covers external outcome checks for compiled CLI, connected-host status/health/model routes, SDK compatibility, isolated Agent Knowledge status/ask/search/source/node/issue/map/connector routes, and packaged evidence for item inspection.",
379
- "userAccess": "The user gets release artifacts backed by recorded live verification rather than only local static checks.",
380
- "modelAccess": "agent_harness service_posture, service_endpoint, and connected_host_status mirror service endpoint posture and live-readiness posture into the main conversation for assistant use.",
381
- "safetyBoundary": "Live reports redact local paths, private network addresses, and token values while refusing SDK mismatch as a passing state.",
382
- "releaseEvidence": "release/live-verification JSON and Markdown reports are required release evidence and must be fresh once blockers are absent."
378
+ "capabilityCoverage": "Covers external outcome checks for compiled CLI, connected-host status/health/model routes, host compatibility, isolated Agent Knowledge status/ask/search/source/node/issue/map/connector routes, and packaged evidence for item inspection.",
379
+ "userAccess": "Release operators and maintainers inspect the packaged live-verification artifacts as audit material; end users receive releases backed by recorded external outcome checks rather than a separate product surface.",
380
+ "modelAccess": "agent_harness mode:\"service_posture\", mode:\"service_endpoint\", and mode:\"connected_host_status\" mirror service endpoint posture and live-readiness posture into the main conversation for assistant use, including a compact modelRoute for follow-up diagnostics.",
381
+ "safetyBoundary": "Live reports redact local paths, private network addresses, and token values while refusing host incompatibility as a passing state.",
382
+ "releaseEvidence": "release/live-verification JSON and Markdown reports are required release evidence and are current for this release line."
383
383
  }
384
384
  },
385
385
  {
@@ -391,15 +391,15 @@
391
391
  "action": "Keep this inventory current whenever quality evidence or ownership changes.",
392
392
  "quality": {
393
393
  "capabilityCoverage": "Makes release-quality coverage a release criterion for each capability item rather than accepting a bare covered status.",
394
- "userAccess": "The user can inspect the release/release-readiness.json inventory to see every capability, owner, action, evidence, and quality dimension.",
395
- "modelAccess": "agent_harness release_evidence, release_evidence_artifact, release_readiness, and release_readiness_item expose the same release evidence bundle and inventory to the model with summary, search, single-artifact, and single-item lookup routes, while package verification keeps the packaged files present.",
394
+ "userAccess": "Release operators and maintainers inspect the packaged release-readiness inventory as audit material for every capability, owner, action, evidence, and quality dimension.",
395
+ "modelAccess": "agent_harness mode:\"release_evidence\", mode:\"release_evidence_artifact\", mode:\"release_readiness\", mode:\"release_readiness_item\", mode:\"modes\", and mode:\"mode\" expose the same operator/audit release evidence bundle, inventory, and harness capability catalog to the model with summary, search, single-artifact, single-item, and single-mode lookup routes, while package verification keeps the packaged files present.",
396
396
  "safetyBoundary": "The inventory uses neutral evidence aliases and excludes local or private evidence details from the repository.",
397
- "releaseEvidence": "Package verification requires required item ids, zero blocker statuses, quality dimensions, fresh live evidence, and release script staging."
397
+ "releaseEvidence": "Package verification requires required item ids, zero blocker statuses, quality dimensions, fresh live evidence, searchable harness mode discovery, compact tool metadata, command/CLI/tool route metadata, keyboard route metadata, connected-host route metadata, operator/audit route metadata, and release script staging."
398
398
  }
399
399
  },
400
400
  {
401
401
  "id": "connected-host-channel-core",
402
- "capability": "Core external messaging surfaces, route bindings, delivery records, ingress, egress, account lifecycle, directory lookup, target resolution, and render policy are owned by the connected host and SDK.",
402
+ "capability": "Core external messaging surfaces, route bindings, delivery records, ingress, egress, account lifecycle, directory lookup, target resolution, and render policy are owned by the connected host.",
403
403
  "owner": "connected-host",
404
404
  "status": "covered",
405
405
  "evidence": "goodvibes-connected-host: channel surface and automation contract inventory reviewed under runtime-contract-review; docs/channels-remote-and-api.md",
@@ -407,7 +407,7 @@
407
407
  "quality": {
408
408
  "capabilityCoverage": "Covers core external messaging routes, delivery records, ingress/egress, account lifecycle, directory lookup, target resolution, render policy, and adapter contracts through connected-host ownership.",
409
409
  "userAccess": "The user sees channel readiness and confirmed sends in Agent while connected-host owns adapter lifecycle and route execution.",
410
- "modelAccess": "agent_channel_send plus agent_harness channels/channel, connected-host capability, channel workspace, slash-command, and settings metadata expose channel operation boundaries to the model.",
410
+ "modelAccess": "agent_channel_send plus agent_harness mode:\"channels\" and mode:\"channel\", connected-host capability, channel workspace, slash-command, and settings metadata expose channel operation boundaries to the model.",
411
411
  "safetyBoundary": "Agent never owns host lifecycle or secret-bearing adapters; it routes exact confirmed delivery through public connected-host contracts.",
412
412
  "releaseEvidence": "Readiness evidence cites connected-host evidence alias and Agent channel docs, with live outcome certification covering real delivery before release."
413
413
  }
@@ -437,7 +437,7 @@
437
437
  "quality": {
438
438
  "capabilityCoverage": "Covers operator methods, events, auth, realtime transport, status, control-plane catalogs, WebSocket/SSE feeds, and route families.",
439
439
  "userAccess": "The user receives status, health, model route, work/approval/automation, and realtime posture through Agent diagnostics and workspace surfaces.",
440
- "modelAccess": "agent_harness operator_methods, operator_method, service_posture, service_endpoint, connected_host, connected_host_capability, connected_host_status, and first-class operator tools expose public operator routes and endpoint diagnostics to the model.",
440
+ "modelAccess": "agent_harness mode:\"operator_methods\", mode:\"operator_method\", mode:\"service_posture\", mode:\"service_endpoint\", mode:\"connected_host\", mode:\"connected_host_capability\", mode:\"connected_host_status\", and first-class operator tools expose public operator routes and endpoint diagnostics to the model, with compact connected-host route hints in posture, capability, and status results.",
441
441
  "safetyBoundary": "Agent uses public authenticated operator routes only and does not expose lifecycle or non-Agent host internals.",
442
442
  "releaseEvidence": "Readiness evidence cites connected-host operator inventory and connected-host docs, with live verification requiring status, health, and model route checks."
443
443
  }
@@ -452,7 +452,7 @@
452
452
  "quality": {
453
453
  "capabilityCoverage": "Covers Agent Knowledge handlers, ingestion, connectors, graph operations, refinement, jobs, schedules, ask, search, and status through isolated connected-host routes.",
454
454
  "userAccess": "The user can operate isolated Agent Knowledge from TUI and CLI without selecting or leaking into non-Agent knowledge spaces.",
455
- "modelAccess": "agent_knowledge, agent_knowledge_ingest, agent_harness operator_methods/operator_method, and connected-host capability reports expose isolated Knowledge operation to the model.",
455
+ "modelAccess": "agent_knowledge, agent_knowledge_ingest, agent_harness mode:\"operator_methods\" and mode:\"operator_method\", and connected-host capability reports expose isolated Knowledge operation to the model.",
456
456
  "safetyBoundary": "Only /api/goodvibes-agent/knowledge/* routes are allowed, and Agent rejects default or alternate knowledge space routing plus successful responses that carry default scope metadata.",
457
457
  "releaseEvidence": "Readiness evidence cites connected-host evidence alias and Knowledge docs, with live verification requiring isolated status, ask, search, library, item, map, connector checks, and response-scope contamination detection."
458
458
  }
@@ -467,50 +467,50 @@
467
467
  "quality": {
468
468
  "capabilityCoverage": "Covers voice synthesis, streaming voice, transcription, realtime voice setup, media analysis, artifact storage, and media provider route handlers through connected-host ownership.",
469
469
  "userAccess": "The user can inspect media readiness and generate artifacts from Agent while provider runtime ownership stays outside the package.",
470
- "modelAccess": "agent_media_generate and agent_harness media_posture/media_provider expose media provider readiness, selected TTS setup, browser-tool posture, artifact availability, safe secret-key names, model routes, and single provider lookup; connected-host capability metadata exposes ownership boundaries.",
470
+ "modelAccess": "agent_media_generate and agent_harness mode:\"media_posture\" and mode:\"media_provider\" expose media provider readiness, selected TTS setup, browser-tool posture, artifact availability, safe secret-key names, model routes, and single provider lookup; connected-host capability metadata exposes ownership boundaries.",
471
471
  "safetyBoundary": "Agent stores generated bytes as artifacts and does not print inline base64 or silently ingest media into knowledge.",
472
472
  "releaseEvidence": "Readiness evidence cites connected-host media inventory and voice/media docs, with live certification covering externally backed media outcomes."
473
473
  }
474
474
  },
475
475
  {
476
476
  "id": "connected-host-provider-accounts",
477
- "capability": "Provider account snapshots, usage windows, OAuth/service route metadata, and provider usage endpoints are owned by the connected host and SDK.",
477
+ "capability": "Provider account snapshots, usage windows, OAuth/service route metadata, and provider usage endpoints are owned by the connected host.",
478
478
  "owner": "connected-host",
479
479
  "status": "covered",
480
480
  "evidence": "goodvibes-connected-host: provider account and usage route contract inventory reviewed under runtime-contract-review; src/input/commands/provider-accounts-runtime.ts; src/tools/agent-harness-provider-account-metadata.ts",
481
481
  "action": "Agent should inspect and guide provider auth without owning provider service internals.",
482
482
  "quality": {
483
- "capabilityCoverage": "Covers provider account snapshots, usage windows, OAuth/service route metadata, auth routes, and provider usage endpoints through connected-host and SDK ownership.",
483
+ "capabilityCoverage": "Covers provider account snapshots, usage windows, OAuth/service route metadata, auth routes, and provider usage endpoints through connected-host ownership.",
484
484
  "userAccess": "The user can inspect account posture and usage from Agent surfaces while provider services remain connected-host responsibilities.",
485
- "modelAccess": "agent_harness provider_accounts/provider_account, model_routing/model_route, service_posture, service_endpoint, connected_host_status, and connected_host_capability expose account and routing posture to the model.",
485
+ "modelAccess": "agent_harness mode:\"provider_accounts\", mode:\"provider_account\", mode:\"model_routing\", mode:\"model_route\", mode:\"service_posture\", mode:\"service_endpoint\", mode:\"connected_host_status\", and mode:\"connected_host_capability\" expose account and routing posture to the model.",
486
486
  "safetyBoundary": "Agent guides and inspects auth without owning provider service internals or printing raw secrets.",
487
487
  "releaseEvidence": "Readiness evidence cites connected-host provider account inventory and Agent provider-account runtime sources."
488
488
  }
489
489
  },
490
490
  {
491
491
  "id": "connected-host-pairing-realtime",
492
- "capability": "Companion pairing, token bootstrap, realtime event delivery, browser/mobile-safe SDK surfaces, and transport compatibility are connected-host and SDK responsibilities.",
492
+ "capability": "Companion pairing, token bootstrap, realtime event delivery, browser/mobile-safe client surfaces, and transport compatibility are connected-host responsibilities.",
493
493
  "owner": "connected-host",
494
494
  "status": "covered",
495
495
  "evidence": "goodvibes-connected-host: pairing, token bootstrap, realtime, browser-safe, and mobile-safe transport inventory reviewed under runtime-contract-review; docs/channels-remote-and-api.md",
496
496
  "action": "Agent should render pairing and status UX while the connected host owns token issuance and realtime transport.",
497
497
  "quality": {
498
- "capabilityCoverage": "Covers token bootstrap, QR pairing, realtime delivery, browser/mobile-safe SDK surfaces, foreground events, and transport compatibility through connected-host and SDK ownership.",
498
+ "capabilityCoverage": "Covers token bootstrap, QR pairing, realtime delivery, browser/mobile-safe client surfaces, foreground events, and transport compatibility through connected-host ownership.",
499
499
  "userAccess": "The user pairs companion clients and sees realtime compatibility from Agent while token issuance remains outside Agent.",
500
- "modelAccess": "agent_harness pairing_posture/pairing_route, service_posture, service_endpoint, connected_host, connected_host_capability, and connected_host_status expose pairing endpoint binding, token fingerprint, route catalog, realtime/status boundaries, and single route/capability lookup without returning raw tokens or QR payloads.",
500
+ "modelAccess": "agent_harness mode:\"pairing_posture\", mode:\"pairing_route\", mode:\"service_posture\", mode:\"service_endpoint\", mode:\"connected_host\", mode:\"connected_host_capability\", and mode:\"connected_host_status\" expose pairing endpoint binding, token fingerprint, route catalog, realtime/status boundaries, and single route/capability lookup without returning raw tokens or QR payloads; connected-host rows include compact modelRoute hints for safe follow-up.",
501
501
  "safetyBoundary": "Agent renders pairing UX and status without owning token issuance or exposing raw tokens by default.",
502
502
  "releaseEvidence": "Readiness evidence cites connected-host pairing/realtime inventory and channel docs, with live certification covering pairing readiness."
503
503
  }
504
504
  },
505
505
  {
506
506
  "id": "connected-host-cloud-batch",
507
- "capability": "Batch provider jobs, queue signals, optional Cloudflare provisioning, worker proxying, DLQ posture, and batch tick processing are SDK/connected-host responsibilities.",
507
+ "capability": "Batch provider jobs, queue signals, optional Cloudflare provisioning, worker proxying, DLQ posture, and batch tick processing are connected-host responsibilities.",
508
508
  "owner": "connected-host",
509
509
  "status": "covered",
510
510
  "evidence": "goodvibes-connected-host: batch job, queue, worker proxy, DLQ, and tick-processing inventory reviewed under runtime-contract-review; docs/connected-host.md",
511
511
  "action": "Agent should not implement cloud provisioning or batch worker internals.",
512
512
  "quality": {
513
- "capabilityCoverage": "Covers batch jobs, queue signals, optional cloud provisioning, worker proxying, DLQ posture, and tick processing through SDK/connected-host ownership.",
513
+ "capabilityCoverage": "Covers batch jobs, queue signals, optional cloud provisioning, worker proxying, DLQ posture, and tick processing through connected-host ownership.",
514
514
  "userAccess": "The user sees batch and queue posture through Agent diagnostics where exposed, without Agent shipping cloud provisioning controls.",
515
515
  "modelAccess": "agent_harness connected-host capability reports and operator briefing/action tools expose allowed batch/automation posture to the model.",
516
516
  "safetyBoundary": "Agent does not implement cloud provisioning, batch workers, listener hosting, or service lifecycle internals.",
@@ -522,13 +522,13 @@
522
522
  "capability": "The release channel coverage includes additional long-tail chat surfaces beyond the current connected-host core surface set.",
523
523
  "owner": "connected-host",
524
524
  "status": "covered",
525
- "evidence": "goodvibes-connected-host: long-tail channel type, plugin, enterprise delivery, bridge delivery, and setup-schema inventory reviewed under runtime-contract-review; docs/channels-remote-and-api.md",
525
+ "evidence": "goodvibes-connected-host: long-tail channel type, plugin, enterprise delivery, routed delivery, and setup-schema inventory reviewed under runtime-contract-review; docs/channels-remote-and-api.md",
526
526
  "action": "Keep the long-tail channel matrix registered in the connected-host surface union, plugin registry, delivery strategies, setup schemas, and operator channel routes.",
527
527
  "quality": {
528
528
  "capabilityCoverage": "Covers the long-tail channel matrix through connected-host surface unions, plugin registry, delivery strategies, setup schemas, and operator channel routes.",
529
529
  "userAccess": "The user sees all configured channel readiness and exact send paths through Agent channel surfaces.",
530
- "modelAccess": "agent_channel_send and agent_harness channels/channel, channel workspace, command, settings, and connected-host capability reports expose the channel matrix to the model.",
531
- "safetyBoundary": "Agent keeps adapter setup and secret-bearing lifecycle in connected-host/SDK ownership while confirmed sends stay exact-target.",
530
+ "modelAccess": "agent_channel_send and agent_harness mode:\"channels\" and mode:\"channel\", channel workspace, command, settings, and connected-host capability reports expose the channel matrix to the model.",
531
+ "safetyBoundary": "Agent keeps adapter setup and secret-bearing lifecycle in connected-host ownership while confirmed sends stay exact-target.",
532
532
  "releaseEvidence": "Readiness evidence cites connected-host long-tail channel inventory and Agent channel docs, with live outcome certification covering external sends."
533
533
  }
534
534
  },
@@ -537,12 +537,12 @@
537
537
  "capability": "The release coverage includes phone-call style conversation or notification delivery as a channel-class surface.",
538
538
  "owner": "connected-host",
539
539
  "status": "covered",
540
- "evidence": "goodvibes-connected-host: telephony channel adapter and bridge delivery inventory reviewed under runtime-contract-review; docs/channels-remote-and-api.md; src/agent/channel-delivery.ts; src/input/agent-workspace-channels.ts; src/tools/agent-harness-channel-metadata.ts; src/agent/reminder-schedule.ts; src/agent/routine-schedule-args.ts",
541
- "action": "Keep telephony owned by the connected-host SDK and expose Agent readiness/send UX through existing channel routes.",
540
+ "evidence": "goodvibes-connected-host: telephony channel adapter and routed delivery inventory reviewed under runtime-contract-review; docs/channels-remote-and-api.md; src/agent/channel-delivery.ts; src/input/agent-workspace-channels.ts; src/tools/agent-harness-channel-metadata.ts; src/agent/reminder-schedule.ts; src/agent/routine-schedule-args.ts",
541
+ "action": "Keep telephony owned by the connected host and expose Agent readiness/send UX through existing channel routes.",
542
542
  "quality": {
543
- "capabilityCoverage": "Covers phone-call style conversation or notification delivery as a channel-class surface through connected-host telephony adapters and bridge delivery.",
543
+ "capabilityCoverage": "Covers phone-call style conversation or notification delivery as a channel-class surface through connected-host telephony adapters and routed delivery.",
544
544
  "userAccess": "The user can inspect telephony readiness and send via channel/reminder/routine delivery routes when configured.",
545
- "modelAccess": "agent_channel_send, agent_reminder_schedule, and agent_harness channels/channel plus connected-host metadata expose telephony as a routed channel surface to the model.",
545
+ "modelAccess": "agent_channel_send, agent_reminder_schedule, and agent_harness mode:\"channels\" and mode:\"channel\" plus connected-host metadata expose telephony as a routed channel surface to the model.",
546
546
  "safetyBoundary": "Agent does not own telephony adapter credentials or service lifecycle and uses explicit target/confirmation rules for delivery.",
547
547
  "releaseEvidence": "Readiness evidence cites connected-host telephony inventory and Agent channel/reminder/routine sources."
548
548
  }
@@ -553,12 +553,12 @@
553
553
  "owner": "companion",
554
554
  "status": "covered",
555
555
  "evidence": "goodvibes-companion: companion command-depth, pairing, chat, shared-session, approvals, tasks, provider/model controls, attachments, and realtime foreground-event inventory reviewed under runtime-contract-review; docs/channels-remote-and-api.md",
556
- "action": "Keep the companion app aligned with SDK contracts for secure auth, QR pairing, companion chat, shared sessions, approvals, tasks, provider/model controls, attachments, and realtime foreground events.",
556
+ "action": "Keep the companion app aligned with public connected-host contracts for secure auth, QR pairing, companion chat, shared sessions, approvals, tasks, provider/model controls, attachments, and realtime foreground events.",
557
557
  "quality": {
558
558
  "capabilityCoverage": "Covers companion command depth beyond pairing: chat, shared sessions, approvals, tasks, provider/model controls, attachments, and realtime foreground events.",
559
559
  "userAccess": "The user gets companion-facing command depth through the companion app and Agent pairing/session surfaces.",
560
- "modelAccess": "agent_harness pairing_posture/pairing_route, model_routing/model_route, connected_host, connected_host_capability, connected_host_status, operator methods, and first-class operator/channel/media tools expose pairing, shared-session, task, approval, provider/model, attachment, and mobile route boundaries for companion workflows.",
561
- "safetyBoundary": "Companion commands align to SDK contracts for secure auth and do not bypass Agent confirmation or token policy.",
560
+ "modelAccess": "agent_harness mode:\"pairing_posture\" and mode:\"pairing_route\", mode:\"model_routing\" and mode:\"model_route\", connected_host, connected_host_capability, connected_host_status, operator methods, and first-class operator/channel/media tools expose pairing, shared-session, task, approval, provider/model, attachment, and mobile route boundaries for companion workflows.",
561
+ "safetyBoundary": "Companion commands align to public connected-host contracts for secure auth and do not bypass Agent confirmation or token policy.",
562
562
  "releaseEvidence": "Readiness evidence cites companion evidence alias and channel docs, with live certification covering companion/pairing outcomes."
563
563
  }
564
564
  },
@@ -567,14 +567,14 @@
567
567
  "capability": "Every externally backed capability needs fresh live evidence before a stable release, including real channel sends, schedule execution, provider usage, media generation, pairing, and Agent Knowledge answers.",
568
568
  "owner": "release",
569
569
  "status": "covered",
570
- "evidence": "release/live-verification/live-verification.json; release/live-verification/live-verification.md; strict live verification on 2026-06-04 reported 19 pass, 0 warn, 0 fail, 0 skip against connected host SDK 0.33.36.",
570
+ "evidence": "release/live-verification/live-verification.json; release/live-verification/live-verification.md; strict live verification on 2026-06-04 reported 19 pass, 0 warn, 0 fail, 0 skip across compiled CLI, connected-host, model route, and isolated Agent Knowledge checks.",
571
571
  "action": "Keep strict live verification current for every stable release and rerun it after connected-host, provider, channel, media, pairing, Agent Knowledge, or package-runtime changes.",
572
572
  "quality": {
573
573
  "capabilityCoverage": "Requires fresh external outcome evidence for externally backed capabilities, including channel sends, schedule execution, provider usage, media generation, pairing, and Agent Knowledge answers.",
574
- "userAccess": "The user receives releases only after live outcomes are recorded for the external surfaces that cannot be fully proven locally.",
575
- "modelAccess": "The model can inspect live-verification artifacts through agent_harness release_evidence_artifact and inspect service_posture, service_endpoint, and connected_host_status for the endpoint and live posture used by the release gate.",
576
- "safetyBoundary": "Live certification redacts token values, local paths, and private addresses and treats warnings, failures, skips, and SDK mismatch as release blockers.",
577
- "releaseEvidence": "The current strict live verification artifacts record pass-only release evidence and are required by package verification once readiness blockers are absent."
574
+ "userAccess": "Release operators and maintainers inspect strict live outcome certification artifacts before stable publication; end users receive releases only after those outcomes are recorded.",
575
+ "modelAccess": "The model can inspect live-verification artifacts through agent_harness mode:\"release_evidence_artifact\" and inspect mode:\"service_posture\", mode:\"service_endpoint\", and mode:\"connected_host_status\" for the endpoint and live posture used by the release gate.",
576
+ "safetyBoundary": "Live certification redacts token values, local paths, and private addresses and treats warnings, failures, and skips as release blockers.",
577
+ "releaseEvidence": "The current strict live verification artifacts record pass-only release evidence and are required by package verification for this release line."
578
578
  }
579
579
  }
580
580
  ]
@@ -47,6 +47,7 @@ export interface HarnessSettingCandidate {
47
47
  readonly type: ConfigSetting['type'];
48
48
  readonly writable: boolean;
49
49
  readonly visibleInWorkspace: boolean;
50
+ readonly modelRoute: string;
50
51
  readonly description: string;
51
52
  }
52
53
 
@@ -71,6 +72,7 @@ export interface HarnessSettingDescriptor {
71
72
  readonly configured: boolean;
72
73
  readonly writable: boolean;
73
74
  readonly visibleInWorkspace: boolean;
75
+ readonly modelRoute: string;
74
76
  readonly lockReason?: string;
75
77
  readonly description: string;
76
78
  readonly enumValues?: readonly string[];
@@ -85,6 +87,7 @@ export interface HarnessSettingSummary {
85
87
  readonly configured: boolean;
86
88
  readonly writable: boolean;
87
89
  readonly visibleInWorkspace: boolean;
90
+ readonly modelRoute: string;
88
91
  readonly summary: string;
89
92
  readonly enumValues?: readonly string[];
90
93
  }
@@ -96,16 +99,16 @@ export interface HarnessSettingMutationResult {
96
99
  readonly current: unknown;
97
100
  }
98
101
 
99
- const DEFAULT_SETTING_LIMIT = 100;
102
+ const DEFAULT_SETTING_LIMIT = 500;
100
103
  const SENSITIVE_KEY_PATTERN = /(?:secret|token|password|api[-_.]?key|signing)/i;
101
104
 
102
105
  function valuesEqual(left: unknown, right: unknown): boolean {
103
106
  return JSON.stringify(left) === JSON.stringify(right);
104
107
  }
105
108
 
106
- function previewText(value: string, maxLength = 120): string {
109
+ function previewText(value: string, maxLength = 56): string {
107
110
  const normalized = value.replace(/\s+/g, ' ').trim();
108
- return normalized.length <= maxLength ? normalized : `${normalized.slice(0, maxLength - 1).trimEnd()}...`;
111
+ return normalized.length <= maxLength ? normalized : `${normalized.slice(0, maxLength - 3).trimEnd()}...`;
109
112
  }
110
113
 
111
114
  function clampLimit(value: unknown, fallback = DEFAULT_SETTING_LIMIT): number {
@@ -134,6 +137,7 @@ function settingCandidate(setting: ConfigSetting): HarnessSettingCandidate {
134
137
  type: setting.type,
135
138
  writable: !hostOwned,
136
139
  visibleInWorkspace: !isAgentHiddenSettingKey(setting.key),
140
+ modelRoute: settingModelRoute(setting),
137
141
  description: setting.description,
138
142
  };
139
143
  }
@@ -158,6 +162,11 @@ export function redactHarnessSettingValue(key: string, value: unknown): unknown
158
162
  return value;
159
163
  }
160
164
 
165
+ function settingModelRoute(setting: ConfigSetting): string {
166
+ if (isExternalHostOwnedSettingKey(setting.key)) return 'agent_harness mode:"get_setting" only';
167
+ return 'agent_harness mode:"set_setting" or mode:"reset_setting"';
168
+ }
169
+
161
170
  export function describeHarnessSetting(
162
171
  configManager: Pick<ConfigManager, 'get'>,
163
172
  setting: ConfigSetting,
@@ -174,6 +183,7 @@ export function describeHarnessSetting(
174
183
  configured: !valuesEqual(value, setting.default),
175
184
  writable: !hostOwned,
176
185
  visibleInWorkspace: !isAgentHiddenSettingKey(setting.key),
186
+ modelRoute: settingModelRoute(setting),
177
187
  ...(hostOwned ? { lockReason: AGENT_EXTERNAL_HOST_SETTING_LOCK_REASON } : {}),
178
188
  description: setting.description,
179
189
  ...(setting.enumValues ? { enumValues: setting.enumValues } : {}),
@@ -195,21 +205,20 @@ export function describeHarnessSettingSummary(
195
205
  configured: !valuesEqual(value, setting.default),
196
206
  writable: !hostOwned,
197
207
  visibleInWorkspace: !isAgentHiddenSettingKey(setting.key),
208
+ modelRoute: settingModelRoute(setting),
198
209
  summary: previewText(setting.description),
199
210
  ...(setting.enumValues ? { enumValues: setting.enumValues } : {}),
200
211
  };
201
212
  }
202
213
 
203
- export function listHarnessSettings(
204
- configManager: Pick<ConfigManager, 'get' | 'getSchema'>,
214
+ function filterHarnessSettingSchema(
215
+ configManager: Pick<ConfigManager, 'getSchema'>,
205
216
  filters: HarnessSettingFilters = {},
206
- options: { readonly includeParameters?: boolean } = {},
207
- ): readonly (HarnessSettingDescriptor | HarnessSettingSummary)[] {
217
+ ): readonly ConfigSetting[] {
208
218
  const key = filters.key?.trim();
209
219
  const category = filters.category?.trim();
210
220
  const prefix = filters.prefix?.trim();
211
221
  const query = filters.query?.trim().toLowerCase();
212
- const limit = clampLimit(filters.limit);
213
222
 
214
223
  return configManager.getSchema()
215
224
  .filter((setting) => {
@@ -221,13 +230,30 @@ export function listHarnessSettings(
221
230
  if (!settingMatchesSearch(setting, query)) return false;
222
231
  }
223
232
  return true;
224
- })
233
+ });
234
+ }
235
+
236
+ export function listHarnessSettings(
237
+ configManager: Pick<ConfigManager, 'get' | 'getSchema'>,
238
+ filters: HarnessSettingFilters = {},
239
+ options: { readonly includeParameters?: boolean } = {},
240
+ ): readonly (HarnessSettingDescriptor | HarnessSettingSummary)[] {
241
+ const limit = clampLimit(filters.limit);
242
+
243
+ return filterHarnessSettingSchema(configManager, filters)
225
244
  .map((setting) => options.includeParameters
226
245
  ? describeHarnessSetting(configManager, setting)
227
246
  : describeHarnessSettingSummary(configManager, setting))
228
247
  .slice(0, limit);
229
248
  }
230
249
 
250
+ export function countHarnessSettings(
251
+ configManager: Pick<ConfigManager, 'getSchema'>,
252
+ filters: HarnessSettingFilters = {},
253
+ ): number {
254
+ return filterHarnessSettingSchema(configManager, filters).length;
255
+ }
256
+
231
257
  export function getHarnessSetting(
232
258
  configManager: Pick<ConfigManager, 'get' | 'getSchema'>,
233
259
  key: string,