npm - @sechroom/cli - Versions diffs - 2026.6.9 → 2026.6.11 - Mend

@sechroom/cli 2026.6.9 → 2026.6.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -146,12 +146,11 @@ The CLI mirrors the sechroom MCP tool surface — every command is a thin wrappe
 | `continuity` | snapshot-create / -get · snapshots · resume-me / resume-lane · changed-since · load-set · grant / revoke-grant |
 | `id` | next / peek (FR-_/D-_ sequence allocation) |
 | `account` | profile / set-profile · feed · reviews / review-get / review-accept · lookup-batch |
-| `chat` | messages · replies · stop-tracking (Slack / Discord, via `--surface`) |
+| `chat` | send · messages · replies · stop-tracking (Slack / Discord, via `--surface`) |
 | `worklog` · `lookup` | append · resolve any id |
 Notes on deliberate gaps (API-rooted, not CLI):
 - **No `memory delete`** — the API exposes no hard DELETE; `memory archive` is the soft-delete path.
-- **No `chat send`** — the unified `/chat/*` surface has no POST send endpoint yet, so the Slack/Discord *send* tools can't be wrapped. Reading works today; `send` lands once the route is added to the spec.
 - **`memory revert`** needs `--text` + `--content` — the revert endpoint doesn't reconstruct a version's body from its number; pull them from `memory versions` / `memory get` first.
 ## Onboarding (`init` / `setup`)

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 // src/index.ts
-import { readFileSync as readFileSync3 } from "fs";
+import { readFileSync as readFileSync6 } from "fs";
 import { Command } from "commander";
 // src/auth.ts
@@ -12,7 +12,7 @@ import open from "open";
 // src/config.ts
 import { homedir } from "os";
 import { join, dirname } from "path";
-import { mkdirSync, readFileSync, writeFileSync, existsSync } from "fs";
+import { mkdirSync, readFileSync, writeFileSync, existsSync, rmSync } from "fs";
 var CONFIG_DIR = join(homedir(), ".config", "sechroom");
 var CONFIG_FILE = join(CONFIG_DIR, "config.json");
 var TOKEN_FILE = join(CONFIG_DIR, "token.json");
@@ -53,6 +53,16 @@ function writeToken(tok) {
   ensureDir();
   writeFileSync(TOKEN_FILE, JSON.stringify(tok, null, 2), { mode: 384 });
 }
+function clearToken() {
+  if (!existsSync(TOKEN_FILE)) return void 0;
+  rmSync(TOKEN_FILE);
+  return TOKEN_FILE;
+}
+function clearPersisted() {
+  if (!existsSync(CONFIG_FILE)) return void 0;
+  rmSync(CONFIG_FILE);
+  return CONFIG_FILE;
+}
 function findLocalConfigPath(start = process.cwd()) {
   let dir = start;
   for (; ; ) {
@@ -453,6 +463,7 @@ async function makeClient(cfg) {
     onRequest({ request }) {
       request.headers.set("authorization", `Bearer ${token}`);
       request.headers.set("tenant", cfg.tenant);
+      request.headers.set("x-sechroom-surface", "cli");
       return request;
     }
   });
@@ -468,6 +479,12 @@ function emit(data, json) {
 function publicUrl(url) {
   return url.replace(/^https?:\/\/localhost:5012/, "https://sechroom.yi.ocd.codes");
 }
+function resolveViewUrl(baseUrl, url) {
+  if (!url) return void 0;
+  if (/^https?:\/\//i.test(url)) return publicUrl(url);
+  const origin = baseUrl.replace(/\/api\/?$/i, "").replace(/\/+$/, "");
+  return publicUrl(`${origin}${url.startsWith("/") ? url : `/${url}`}`);
+}
 function emitAction(summary, data, json) {
   if (json) {
     process.stdout.write(JSON.stringify(data) + "\n");
@@ -538,7 +555,8 @@ Examples:
       });
     });
     const titlePart = opts.title ? ` ${style.dim(`"${opts.title}"`)}` : "";
-    const urlPart = data.url ? ` ${style.dim("\u2192")} ${publicUrl(data.url)}` : "";
+    const view = resolveViewUrl(cfg.baseUrl, data.url);
+    const urlPart = view ? ` ${style.dim("\u2192")} ${view}` : "";
     emitAction(`created memory ${style.bold(data.id)}${titlePart}${urlPart}`, data, cmd.optsWithGlobals().json);
   });
   memory.command("get <memoryId>").description("Fetch a memory by id (GET /memories/{memoryId})").action(async (memoryId, _opts, cmd) => {
@@ -847,7 +865,8 @@ Examples:
       });
     });
     const inversePart = data.inverseId ? ` ${style.dim(`(inverse ${data.inverseId})`)}` : "";
-    const urlPart = data.url ? ` ${style.dim("\u2192")} ${publicUrl(data.url)}` : "";
+    const view = resolveViewUrl(cfg.baseUrl, data.url);
+    const urlPart = view ? ` ${style.dim("\u2192")} ${view}` : "";
     emitAction(
       `created relationship ${style.bold(data.id)} ${style.dim(`${fromMemoryId} \u2192 ${toMemoryId}`)}${inversePart}${urlPart}`,
       data,
@@ -997,7 +1016,8 @@ Examples:
         }
       });
     });
-    const urlPart = data.url ? ` ${style.dim("\u2192")} ${publicUrl(data.url)}` : "";
+    const view = resolveViewUrl(cfg.baseUrl, data.url);
+    const urlPart = view ? ` ${style.dim("\u2192")} ${view}` : "";
     emitAction(
       `created workspace ${style.bold(data.id)} ${style.dim(`"${opts.name}"`)}${urlPart}`,
       data,
@@ -1140,7 +1160,8 @@ Examples:
         }
       });
     });
-    const urlPart = data.url ? ` ${style.dim("\u2192")} ${publicUrl(data.url)}` : "";
+    const view = resolveViewUrl(cfg.baseUrl, data.url);
+    const urlPart = view ? ` ${style.dim("\u2192")} ${view}` : "";
     emitAction(`created project ${style.bold(data.id)}${urlPart}`, data, cmd.optsWithGlobals().json);
   });
   project.command("list").description("List projects (GET /projects)").option("--workspace <workspaceId>", "Scope to a workspace").option("--status <status>", "Draft | Active | OnHold | Completed | Cancelled").option("--include-archived", "Include archived projects", false).action(async (opts, cmd) => {
@@ -1658,17 +1679,52 @@ Examples:
 // src/commands/chat.ts
 function registerChat(program2) {
-  const chat = program2.command("chat").description("Read Slack / Discord channel messages + thread replies").option("--surface <surface>", "slack | discord", "slack");
+  const chat = program2.command("chat").description("Send and read Slack / Discord channel messages").option("--surface <surface>", "slack | discord", "slack");
   chat.addHelpText(
     "after",
     `
 Examples:
+  $ sechroom chat send C0123456789 "deploy is green" --surface slack
+  $ sechroom chat send 987654321098765432 "deploy is green" --surface discord --guild 123456789012345678
+  $ sechroom chat send C0123456789 "lgtm" --surface slack --as user --parent 1718049600.123456
   $ sechroom chat messages --surface slack
-  $ sechroom chat messages --surface discord --json
   $ sechroom chat replies 1718049600.123456 --surface slack
-  $ sechroom chat replies 1234567890123456789 --surface discord --json
   $ sechroom chat stop-tracking 1718049600.123456 --surface slack`
   );
+  chat.command("send <channelId> <text>").description("Send a message to a channel (POST /chat/channel-messages/{surface})").option("--guild <guildId>", "Discord guild snowflake \u2014 required for --surface discord").option("--memory <memoryId>", "Attach a sechroom memory id").option("--no-track", "Don't capture replies to this message").option("--parent <parentMessage>", "Thread under a parent (Slack thread_ts / Discord message id)").option("--source <source>", "Source / lane stamp (renders an attribution footer)", "cli").option("--as <as>", "Slack only: 'bot' (default) or 'user' (your linked Slack identity)", "bot").action(async (channelId, text, opts, cmd) => {
+    const { surface, ...globals } = cmd.optsWithGlobals();
+    const json = Boolean(cmd.optsWithGlobals().json);
+    const cfg = resolveConfig(globals);
+    const data = await runApi("Sending message", async () => {
+      const client = await makeClient(cfg);
+      return client.POST("/chat/channel-messages/{surface}", {
+        params: { path: { surface: String(surface) } },
+        body: {
+          channelId,
+          text,
+          guildId: opts.guild ?? null,
+          attachedMemoryId: opts.memory ?? null,
+          trackReplies: opts.track,
+          parentMessage: opts.parent ?? null,
+          source: opts.source,
+          as: opts.as
+        }
+      });
+    });
+    if (!data.ok) {
+      if (json) {
+        emit(data, true);
+      } else {
+        process.stderr.write(
+          `${err("\u2717")} send failed: ${data.upstreamError ?? "error"}${data.errorDescription ? ` \u2014 ${data.errorDescription}` : ""}
+`
+        );
+      }
+      process.exit(1);
+    }
+    const idPart = data.persistedId ? ` ${style.dim(`(${data.persistedId})`)}` : "";
+    emitAction(`sent to ${surface} ${style.bold(channelId)}${idPart}`, data, json);
+  });
   chat.command("messages").description("List recent channel messages (GET /chat/channel-messages/{surface})").action(async (_opts, cmd) => {
     const { surface, ...globals } = cmd.optsWithGlobals();
     const cfg = resolveConfig(globals);
@@ -1955,6 +2011,129 @@ function detectInstalledClients(cwd) {
   return detected;
 }
+// src/setup/skills-offer.ts
+import { mkdirSync as mkdirSync3, writeFileSync as writeFileSync3 } from "fs";
+import { homedir as homedir3 } from "os";
+import { join as join4 } from "path";
+// src/sem.ts
+import { dirname as dirname4, join as join3 } from "path";
+import { existsSync as existsSync4, readFileSync as readFileSync3 } from "fs";
+var SEM_FILE = ".sem";
+function localSemPath(cwd = process.cwd()) {
+  return join3(cwd, SEM_FILE);
+}
+function resolveSemPathForRead(start = process.cwd()) {
+  let dir = start;
+  while (true) {
+    const candidate = join3(dir, SEM_FILE);
+    if (existsSync4(candidate)) return candidate;
+    const parent = dirname4(dir);
+    if (parent === dir) return void 0;
+    dir = parent;
+  }
+}
+function parseSem(text) {
+  const out = {};
+  for (const raw of text.split("\n")) {
+    const line = raw.trim();
+    if (!line || line.startsWith("#")) continue;
+    const eq = line.indexOf("=");
+    if (eq === -1) continue;
+    const key = line.slice(0, eq).trim();
+    const value = line.slice(eq + 1).trim();
+    if (key) out[key] = value;
+  }
+  return out;
+}
+function serializeSem(values) {
+  const header = "# sechroom lane pin (per-location fallback) \u2014 resolved at runtime by operator skills.\n";
+  const body = Object.entries(values).map(([k, v]) => `${k} = ${v}`).join("\n");
+  return header + body + "\n";
+}
+function readSem(path) {
+  const p = path ?? resolveSemPathForRead();
+  if (!p || !existsSync4(p)) return void 0;
+  return { path: p, values: parseSem(readFileSync3(p, "utf8")) };
+}
+// src/setup/skills-offer.ts
+var ROLE_TAG = "sechroom:role:skill-template";
+function tagValue(tags, prefix) {
+  return tags.find((t) => t.startsWith(prefix))?.slice(prefix.length);
+}
+async function maybeOfferSkills(cfg, personalWorkspaceId, opts) {
+  if (!personalWorkspaceId || opts.dryRun) return;
+  const surface = opts.surface ?? "claude-code";
+  let rows = [];
+  try {
+    const client = await makeClient(cfg);
+    const feed = await client.GET("/workspaces/{workspaceId}/memories/feed", {
+      params: {
+        path: { workspaceId: personalWorkspaceId },
+        query: { limit: 200, cascadeWorkspaces: true, includeText: true }
+      }
+    }).then((r) => r.data).catch(() => void 0);
+    rows = feed?.results ?? feed?.Results ?? [];
+  } catch {
+    return;
+  }
+  const skills = rows.map((r) => r.item ?? r).filter((m) => {
+    const tags = m.tags ?? m.Tags ?? [];
+    return tags.includes(ROLE_TAG) && tagValue(tags, "target:") === surface;
+  });
+  if (skills.length === 0) return;
+  const byName = /* @__PURE__ */ new Map();
+  for (const m of skills) {
+    const name = tagValue(m.tags ?? m.Tags ?? [], "skill:");
+    if (name) byName.set(name, m);
+  }
+  const names = [...byName.keys()].sort();
+  if (names.length === 0) return;
+  process.stderr.write(
+    `
+Found ${style.bold(String(names.length))} operator skill(s) installed in your workspace: ${names.join(", ")}.
+`
+  );
+  const dir = join4(homedir3(), ".claude", "skills");
+  const materialise = opts.yes ? true : canPrompt() ? await promptYesNo(`Write them to ${dir}/ so ${surface} can use them?`) : false;
+  if (!materialise) return;
+  const written = [];
+  for (const [name, m] of byName) {
+    const body = m.text ?? m.Text ?? "";
+    mkdirSync3(join4(dir, name), { recursive: true });
+    writeFileSync3(join4(dir, name, "SKILL.md"), body.endsWith("\n") ? body : body + "\n");
+    written.push(name);
+  }
+  process.stderr.write(`${style.green("\u2713")} wrote ${written.length} skill(s) to ${dir}
+`);
+  if (readSem()) return;
+  const setLane = opts.yes ? false : canPrompt() ? await promptYesNo("Set your lane now so the skills can resolve their identity slots?") : false;
+  if (!setLane) {
+    process.stderr.write(
+      `  ${style.dim("run")} ${style.cyan("sechroom skills set-lane --code-lane \u2026 --design-lane \u2026")} ${style.dim("when ready.")}
+`
+    );
+    return;
+  }
+  let wf;
+  try {
+    const client = await makeClient(cfg);
+    wf = await client.GET("/me/workflow-preferences", {}).then((r) => r.data).catch(() => void 0);
+  } catch {
+  }
+  const code = await promptText("Code-lane id (e.g. claude-code-you)?", wf?.defaultCodeLane);
+  const design = await promptText("Design-lane id (e.g. claude-design-you)?", wf?.defaultDesignLane);
+  const values = {};
+  if (code) values["code-lane"] = code;
+  if (design) values["design-lane"] = design;
+  if (Object.keys(values).length === 0) return;
+  const target = localSemPath();
+  writeFileSync3(target, serializeSem(values));
+  process.stderr.write(`${style.green("\u2713")} lane pin written \u2192 ${target}
+`);
+}
 // src/commands/setup.ts
 function copyChoice(opts) {
   return opts.copy === true ? "yes" : opts.copy === false ? "no" : "ask";
@@ -2041,6 +2220,9 @@ Examples:
       result.push({ client: key, actions });
       if (!json) printActions(target, actions);
     }
+    if (!json && !opts.dryRun && !opts.mcpOnly) {
+      await maybeOfferSkills(cfg, personalWorkspaceId, { yes: false, dryRun: Boolean(opts.dryRun), surface: "claude-code" });
+    }
     if (json) {
       emit({ dryRun: Boolean(opts.dryRun), clients: result }, true);
       return;
@@ -2250,6 +2432,9 @@ Try: ${style.cyan('sechroom memory search "..."')}  or  ${style.cyan("sechroom -
       result.push({ client: key, actions });
       if (!json) printActions(target, actions);
     }
+    if (!json && !dryRun) {
+      await maybeOfferSkills(cfg, personalWorkspaceId, { yes, dryRun, surface: "claude-code" });
+    }
     if (json) {
       emit({ dryRun, baseUrl: cfg.baseUrl, tenant: cfg.tenant, timezone: tz, wire, clients: result }, true);
       return;
@@ -2279,11 +2464,306 @@ async function chooseWire(opts, yes) {
   return opts.mcp === false ? "agent-only" : "full";
 }
+// src/commands/skills.ts
+import { homedir as homedir4 } from "os";
+import { dirname as dirname5, join as join5 } from "path";
+import { mkdirSync as mkdirSync4, writeFileSync as writeFileSync4, rmSync as rmSync2, existsSync as existsSync5, readFileSync as readFileSync4 } from "fs";
+var DEFAULT_SLUG = "operator-skills";
+var ROLE_TAGS = ["sechroom:role:skill-template", "role:skill-template"];
+var LOCK = ".sechroom-skills.json";
+function skillsDir(global) {
+  return global ? join5(homedir4(), ".claude", "skills") : join5(process.cwd(), ".claude", "skills");
+}
+function tagValue2(tags, prefix) {
+  return (tags ?? []).find((t) => t.startsWith(prefix))?.slice(prefix.length);
+}
+function hasAny(tags, candidates) {
+  return (tags ?? []).some((t) => candidates.includes(t));
+}
+function registerSkills(program2) {
+  const skills = program2.command("skills").description("Install + manage operator skills from a bundle");
+  skills.addHelpText(
+    "after",
+    `
+Examples:
+  $ sechroom skills install --code-lane claude-code-chris --design-lane claude-design-chris
+  $ sechroom skills install operator-skills --surface claude-code --local
+  $ sechroom skills list
+  $ sechroom skills set-lane --code-lane claude-code-chris --design-lane claude-design-chris
+  $ sechroom skills lane
+  $ sechroom skills clean`
+  );
+  skills.command("install [slug]").description(`Install a skills bundle (default ${DEFAULT_SLUG}) into your personal workspace + write SKILL.md files`).option("--version <v>", "bundle version (default: latest published in the catalogue)").option("--instance <name>", "install as a named, separate instance (install the same bundle more than once)").option("--code-lane <id>", "identity.code-lane binding (e.g. claude-code-chris)").option("--design-lane <id>", "identity.design-lane binding (e.g. claude-design-chris)").option("--surface <s>", "skill target surface to materialise", "claude-code").option("--local", "write to ./.claude/skills instead of ~/.claude/skills").option("--json", "machine output").action(async (slugArg, opts, cmd) => {
+    const slug = slugArg || DEFAULT_SLUG;
+    const client = await makeClient(resolveConfig(cmd.optsWithGlobals()));
+    const pw = await runApi("resolving personal workspace", () => client.GET("/me/personal-workspace", {}));
+    const personalWsId = pw?.id || pw?.workspaceId || pw?.personalWorkspaceId || pw?.item?.id;
+    if (!personalWsId) fail("Could not resolve your personal workspace.");
+    let version = opts.version;
+    if (!version) {
+      const cat = await runApi("reading the bundle catalogue", () => client.GET("/me/bundles", {}));
+      const item = (cat?.bundles ?? cat?.Bundles ?? []).find((b) => (b.slug ?? b.Slug) === slug);
+      if (!item) fail(`Bundle '${slug}' is not in your self-serve catalogue (must be UserInstallable + Published).`);
+      version = item.latestVersion ?? item.LatestVersion;
+      if (!version) fail(`Bundle '${slug}' has no installable (Published) version.`);
+    }
+    const installOptions = {};
+    if (opts.codeLane) installOptions["identity.code-lane"] = opts.codeLane;
+    if (opts.designLane) installOptions["identity.design-lane"] = opts.designLane;
+    const res = await runApi(
+      `installing ${slug}@${version}${opts.instance ? ` (${opts.instance})` : ""}`,
+      () => client.POST("/me/bundles/{slug}/versions/{version}/install", {
+        params: { path: { slug, version } },
+        // instance: null/absent = the default instance (reinstall updates in
+        // place); a name installs a separate instance.
+        body: { installOptions, instance: opts.instance ?? null }
+      })
+    );
+    const status = String(res?.status ?? res?.Status ?? "");
+    if (status && status.toLowerCase() !== "completed") {
+      fail(`Install did not complete (status=${status}; ${res?.failureReason ?? res?.FailureReason ?? ""}).`);
+    }
+    const feed = await runApi(
+      "materialising skill files",
+      () => client.GET("/workspaces/{workspaceId}/memories/feed", {
+        // cascadeWorkspaces: skills land in an "Operator Skills" SUB-workspace of
+        // the personal workspace, so we recurse from the personal-ws root.
+        // includeText: the feed omits bodies by default; we need them for SKILL.md.
+        params: {
+          path: { workspaceId: personalWsId },
+          query: { limit: 200, cascadeWorkspaces: true, includeText: true }
+        }
+      })
+    );
+    const rows = feed?.results ?? feed?.Results ?? [];
+    const dir = skillsDir(!opts.local);
+    const wantInstance = opts.instance || "default";
+    const written = [];
+    const bundleTagPrefix = `sechroom:bundle:${slug}@`;
+    for (const r of rows) {
+      const m = r.item ?? r;
+      const tags = m.tags ?? m.Tags ?? [];
+      if (!hasAny(tags, ROLE_TAGS)) continue;
+      if (tagValue2(tags, "target:") !== opts.surface) continue;
+      if (!tags.some((t) => t.startsWith(bundleTagPrefix))) continue;
+      if ((tagValue2(tags, "sechroom:skill-instance:") ?? "default") !== wantInstance) continue;
+      const name = tagValue2(tags, "skill:");
+      if (!name) continue;
+      const body = m.text ?? m.Text ?? "";
+      mkdirSync4(join5(dir, name), { recursive: true });
+      writeFileSync4(join5(dir, name, "SKILL.md"), body.endsWith("\n") ? body : body + "\n");
+      written.push(name);
+    }
+    mkdirSync4(dir, { recursive: true });
+    const lockPath = join5(dir, LOCK);
+    const lock = existsSync5(lockPath) ? JSON.parse(readFileSync4(lockPath, "utf8")) : {};
+    lock[slug] = { surface: opts.surface, version, instance: wantInstance, skills: written.sort() };
+    writeFileSync4(lockPath, JSON.stringify(lock, null, 2) + "\n");
+    if (opts.json) return emit({ slug, version, instance: wantInstance, surface: opts.surface, dir, installed: written }, true);
+    const instanceNote = opts.instance ? ` (${opts.instance})` : "";
+    console.log(style.green(`Installed ${slug}@${version}${instanceNote} \u2014 ${written.length} skill(s) \u2192 ${dir}`));
+    written.forEach((n) => console.log("  " + style.dim("\u2022") + " " + n));
+    if (written.length === 0) console.log(style.dim(`  (no '${opts.surface}' skill bodies found; check --surface)`));
+  });
+  skills.command("list").description("List your installed bundles (GET /me/bundle-installs)").option("--json", "machine output").action(async (opts, cmd) => {
+    const client = await makeClient(resolveConfig(cmd.optsWithGlobals()));
+    const data = await runApi("reading your installs", () => client.GET("/me/bundle-installs", {}));
+    if (opts.json) return emit(data, true);
+    const installs = data?.installs ?? data?.Installs ?? [];
+    if (installs.length === 0) return console.log(style.dim("No bundles installed."));
+    installs.forEach((i) => {
+      const inst = i.instance ?? i.Instance ?? "";
+      const tag = inst ? style.dim(` [${inst}]`) : "";
+      console.log(`  ${i.bundleSlug ?? i.BundleSlug}@${i.bundleVersion ?? i.BundleVersion ?? "?"}${tag}`);
+    });
+  });
+  skills.command("clean [slug]").description(`Remove materialised skill files written by install (default ${DEFAULT_SLUG})`).option("--local", "clean ./.claude/skills instead of ~/.claude/skills").option("--json", "machine output").action(async (slugArg, opts) => {
+    const slug = slugArg || DEFAULT_SLUG;
+    const dir = skillsDir(!opts.local);
+    const lockPath = join5(dir, LOCK);
+    if (!existsSync5(lockPath)) fail(`No skills lockfile at ${lockPath}; nothing to clean.`);
+    const lock = JSON.parse(readFileSync4(lockPath, "utf8"));
+    const entry = lock[slug];
+    if (!entry) fail(`No installed record for '${slug}' in ${lockPath}.`);
+    const removed = [];
+    for (const name of entry.skills) {
+      const skillPath = join5(dir, name);
+      if (existsSync5(skillPath)) {
+        rmSync2(skillPath, { recursive: true, force: true });
+        removed.push(name);
+      }
+    }
+    delete lock[slug];
+    writeFileSync4(lockPath, JSON.stringify(lock, null, 2) + "\n");
+    if (opts.json) return emit({ slug, removed, dir }, true);
+    console.log(style.green(`Removed ${removed.length} skill(s) for ${slug} from ${dir}`));
+  });
+  skills.command("set-lane").description("Write this checkout's lane pin to a local ./.sem file (read at runtime by skills)").option("--code-lane <id>", "code-surface lane id (e.g. claude-code-chris)").option("--design-lane <id>", "design / substrate-authoring lane id (e.g. claude-design-chris)").option("--json", "machine output").action((opts, cmd) => {
+    if (!opts.codeLane && !opts.designLane) fail("Provide --code-lane and/or --design-lane.");
+    const target = localSemPath();
+    const values = readSem(target)?.values ?? {};
+    if (opts.codeLane) values["code-lane"] = opts.codeLane;
+    if (opts.designLane) values["design-lane"] = opts.designLane;
+    mkdirSync4(dirname5(target), { recursive: true });
+    writeFileSync4(target, serializeSem(values));
+    if (cmd.optsWithGlobals().json) return emit({ path: target, values }, true);
+    console.log(style.green(`Wrote lane pin \u2192 ${target}`));
+    Object.entries(values).forEach(([k, v]) => console.log("  " + style.dim(k) + " = " + v));
+  });
+  skills.command("lane").description("Show the lane pin resolved from ./.sem (nearest in this checkout)").option("--json", "machine output").action((opts, cmd) => {
+    const json = cmd.optsWithGlobals().json;
+    const found = readSem();
+    if (!found) {
+      if (json) return emit({ path: null, values: {} }, true);
+      return console.log(style.dim(`No ./.sem pin in this checkout. Run 'sechroom skills set-lane'.`));
+    }
+    if (json) return emit(found, true);
+    console.log(style.dim(`from ${found.path}`));
+    Object.entries(found.values).forEach(([k, v]) => console.log("  " + style.bold(k) + " = " + v));
+  });
+  skills.command("set-workflow").description("Set your per-operator workflow defaults (server-side; follows you across tenants)").option("--default-code-lane <id>", "personal default code lane (e.g. claude-code-chris)").option("--default-design-lane <id>", "personal default design lane (e.g. claude-design-chris)").option("--handover-recipient <id>", "your daily-handover counterparty (e.g. andy)").option("--json", "machine output").action(async (opts, cmd) => {
+    if (!opts.defaultCodeLane && !opts.defaultDesignLane && !opts.handoverRecipient)
+      fail("Provide at least one of --default-code-lane / --default-design-lane / --handover-recipient.");
+    const client = await makeClient(resolveConfig(cmd.optsWithGlobals()));
+    const cur = await runApi(
+      "reading workflow preferences",
+      () => client.GET("/me/workflow-preferences", {})
+    );
+    const body = {
+      defaultCodeLane: opts.defaultCodeLane ?? cur?.defaultCodeLane ?? null,
+      defaultDesignLane: opts.defaultDesignLane ?? cur?.defaultDesignLane ?? null,
+      handoverRecipient: opts.handoverRecipient ?? cur?.handoverRecipient ?? null
+    };
+    const res = await runApi(
+      "saving workflow preferences",
+      () => client.POST("/me/workflow-preferences", { body })
+    );
+    if (cmd.optsWithGlobals().json) return emit(res, true);
+    console.log(style.green("Saved your workflow preferences"));
+    console.log("  " + style.dim("default-code-lane") + "   = " + (body.defaultCodeLane ?? "(unset)"));
+    console.log("  " + style.dim("default-design-lane") + " = " + (body.defaultDesignLane ?? "(unset)"));
+    console.log("  " + style.dim("handover-recipient") + "  = " + (body.handoverRecipient ?? "(unset)"));
+  });
+  skills.command("workflow").description("Show your per-operator workflow defaults (GET /me/workflow-preferences)").option("--json", "machine output").action(async (opts, cmd) => {
+    const client = await makeClient(resolveConfig(cmd.optsWithGlobals()));
+    const data = await runApi(
+      "reading workflow preferences",
+      () => client.GET("/me/workflow-preferences", {})
+    );
+    if (cmd.optsWithGlobals().json) return emit(data, true);
+    console.log("  " + style.bold("default-code-lane") + "   = " + (data?.defaultCodeLane ?? style.dim("(unset)")));
+    console.log("  " + style.bold("default-design-lane") + " = " + (data?.defaultDesignLane ?? style.dim("(unset)")));
+    console.log("  " + style.bold("handover-recipient") + "  = " + (data?.handoverRecipient ?? style.dim("(unset)")));
+  });
+  skills.command("resolve").description("Resolve the effective ${identity.*} slot values (per-location .sem + per-operator workflow prefs)").option("--json", "machine output (a flat slot->value map + per-slot source)").action(async (opts, cmd) => {
+    const local = readSem()?.values ?? {};
+    let operator = {};
+    try {
+      const client = await makeClient(resolveConfig(cmd.optsWithGlobals()));
+      operator = await runApi(
+        "reading workflow preferences",
+        () => client.GET("/me/workflow-preferences", {})
+      ) ?? {};
+    } catch {
+    }
+    const pick = (loc, op) => loc != null && loc !== "" ? { value: loc, source: "per-location" } : op != null && op !== "" ? { value: op, source: "per-operator" } : { value: null, source: "unset" };
+    const slots = {
+      "identity.code-lane": pick(local["code-lane"], operator?.defaultCodeLane),
+      "identity.design-lane": pick(local["design-lane"], operator?.defaultDesignLane),
+      "identity.handover-recipient": pick(void 0, operator?.handoverRecipient)
+    };
+    if (cmd.optsWithGlobals().json) {
+      const values = Object.fromEntries(Object.entries(slots).map(([k, v]) => [k, v.value]));
+      return emit({ values, sources: Object.fromEntries(Object.entries(slots).map(([k, v]) => [k, v.source])) }, true);
+    }
+    for (const [slot, { value, source }] of Object.entries(slots)) {
+      const v = value == null ? style.dim("(unset)") : value;
+      console.log("  " + style.bold(slot) + " = " + v + "  " + style.dim(`[${source}]`));
+    }
+  });
+}
+// src/commands/reset.ts
+import { homedir as homedir5 } from "os";
+import { join as join6 } from "path";
+import { existsSync as existsSync6, readFileSync as readFileSync5, rmSync as rmSync3 } from "fs";
+var SKILLS_LOCK = ".sechroom-skills.json";
+var localSkillsDir = () => join6(process.cwd(), ".claude", "skills");
+var globalSkillsDir = () => join6(homedir5(), ".claude", "skills");
+function removeMaterialisedSkills(dir) {
+  const removed = [];
+  const lockPath = join6(dir, SKILLS_LOCK);
+  if (!existsSync6(lockPath)) return removed;
+  try {
+    const lock = JSON.parse(readFileSync5(lockPath, "utf8"));
+    for (const entry of Object.values(lock)) {
+      for (const name of entry.skills ?? []) {
+        const p = join6(dir, name);
+        if (existsSync6(p)) {
+          rmSync3(p, { recursive: true, force: true });
+          removed.push(p);
+        }
+      }
+    }
+  } catch {
+  }
+  rmSync3(lockPath, { force: true });
+  removed.push(lockPath);
+  return removed;
+}
+function registerReset(program2) {
+  program2.command("logout").description("Sign out \u2014 remove the cached (global) auth token").action((_opts, cmd) => {
+    const removed = clearToken();
+    if (cmd.optsWithGlobals().json) return emit({ removed: removed ? [removed] : [] }, true);
+    console.log(
+      removed ? style.green("Signed out \u2014 auth token removed.") : style.dim("Already signed out (no token).")
+    );
+  });
+  program2.command("reset").description("Reset LOCAL CLI state for this directory (./.sechroom.json, ./.sem, ./.claude/skills); --global also wipes the machine-wide token + config + ~/.claude/skills").option("--global", "also remove the global auth token, config, and ~/.claude/skills").option("-y, --yes", "don't prompt for confirmation").option("--json", "machine output").action(async (opts, cmd) => {
+    const json = cmd.optsWithGlobals().json;
+    const global = Boolean(opts.global);
+    if (!opts.yes && canPrompt()) {
+      const scope = global ? "this directory's local state AND your global auth token + config + ~/.claude/skills" : "this directory's local state (./.sechroom.json, ./.sem, ./.claude/skills)";
+      if (!await promptYesNo(`Remove ${scope}?`)) {
+        if (!json) console.log(style.dim("Cancelled."));
+        return;
+      }
+    }
+    const removed = [];
+    const localCfg = join6(process.cwd(), ".sechroom.json");
+    if (existsSync6(localCfg)) {
+      rmSync3(localCfg, { force: true });
+      removed.push(localCfg);
+    }
+    const sem = localSemPath();
+    if (existsSync6(sem)) {
+      rmSync3(sem, { force: true });
+      removed.push(sem);
+    }
+    removed.push(...removeMaterialisedSkills(localSkillsDir()));
+    if (global) {
+      const tok = clearToken();
+      if (tok) removed.push(tok);
+      const cfg = clearPersisted();
+      if (cfg) removed.push(cfg);
+      removed.push(...removeMaterialisedSkills(globalSkillsDir()));
+    }
+    if (json) return emit({ global, removed }, true);
+    if (removed.length === 0) {
+      console.log(style.dim(global ? "Nothing to remove \u2014 already clean." : "No local CLI state in this directory."));
+      return;
+    }
+    console.log(style.green(`Reset complete \u2014 removed ${removed.length} item(s):`));
+    removed.forEach((p) => console.log("  " + style.dim("\u2022") + " " + p));
+    if (global) console.log(style.dim("Run 'sechroom onboard' to set up again."));
+  });
+}
 // src/index.ts
 function resolveVersion() {
   try {
     const pkg = JSON.parse(
-      readFileSync3(new URL("../package.json", import.meta.url), "utf8")
+      readFileSync6(new URL("../package.json", import.meta.url), "utf8")
     );
     return pkg.version ?? "0.0.0";
   } catch {
@@ -2398,6 +2878,8 @@ registerChat(program);
 registerInit(program);
 registerSetup(program);
 registerOnboard(program);
+registerSkills(program);
+registerReset(program);
 program.parseAsync().catch((err2) => {
   process.stderr.write(`error: ${err2 instanceof Error ? err2.message : String(err2)}
 `);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sechroom/cli",
-  "version": "2026.6.9",
+  "version": "2026.6.11",
   "description": "Sechroom CLI — a thin, generated client over the Sechroom HTTP API. An agent/human surface alongside MCP.",
   "type": "module",
   "license": "UNLICENSED",