@switchbot/openapi-cli 3.4.1 → 3.6.0

package/dist/index.js

@@ -7622,6 +7622,15 @@ function deriveStatusQueries(entry) {
     safetyTier: "read"
   }));
 }
+function canonicalizeDeviceType(deviceType) {
+  const catalog = getEffectiveCatalog();
+  const lower = deviceType.toLowerCase();
+  for (const entry of catalog) {
+    if (entry.type.toLowerCase() === lower) return entry.type;
+    if (entry.aliases?.some((a) => a.toLowerCase() === lower)) return entry.type;
+  }
+  return deviceType;
+}
 function findCatalogEntry(query) {
   const q = query.trim().toLowerCase();
   if (!q) return null;
@@ -7735,7 +7744,7 @@ function getEffectiveCatalog() {
   }
   return Array.from(byType.values());
 }
-var CATALOG_SCHEMA_VERSION, STATUS_FIELD_DESCRIPTIONS, onOff, onOffToggle, lightControls, DEVICE_CATALOG, overlayCache;
+var CATALOG_SCHEMA_VERSION, STATUS_FIELD_DESCRIPTIONS, onOff, onOffToggle, lightControls, rgbLightControls0To100, rgbOnlyLightControls0To100, DEVICE_CATALOG, overlayCache;
 var init_catalog = __esm({
   "src/devices/catalog.ts"() {
     "use strict";
@@ -7803,6 +7812,15 @@ var init_catalog = __esm({
       { command: "setColor", parameter: "R:G:B (0-255 each)", description: 'Set RGB color, e.g. "255:0:0"', idempotent: true, exampleParams: ["255:0:0", "255:255:255"] },
       { command: "setColorTemperature", parameter: "2700-6500", description: "Set color temperature (Kelvin)", idempotent: true, exampleParams: ["2700", "4000", "6500"] }
     ];
+    rgbLightControls0To100 = [
+      { command: "setBrightness", parameter: "0-100", description: "Set brightness percentage", idempotent: true, exampleParams: ["0", "50", "100"] },
+      { command: "setColor", parameter: "R:G:B (0-255 each)", description: 'Set RGB color, e.g. "255:0:0"', idempotent: true, exampleParams: ["255:0:0", "255:255:255"] },
+      { command: "setColorTemperature", parameter: "2700-6500", description: "Set color temperature (Kelvin)", idempotent: true, exampleParams: ["2700", "4000", "6500"] }
+    ];
+    rgbOnlyLightControls0To100 = [
+      { command: "setBrightness", parameter: "0-100", description: "Set brightness percentage", idempotent: true, exampleParams: ["0", "50", "100"] },
+      { command: "setColor", parameter: "R:G:B (0-255 each)", description: 'Set RGB color, e.g. "255:0:0"', idempotent: true, exampleParams: ["255:0:0", "255:255:255"] }
+    ];
     DEVICE_CATALOG = [
       // ---------- Physical devices ----------
       {
@@ -7835,7 +7853,7 @@ var init_catalog = __esm({
         category: "physical",
         description: "Bluetooth/Wi-Fi electronic deadbolt that locks and unlocks a door via cloud API.",
         role: "security",
-        aliases: ["Smart Lock Pro"],
+        aliases: ["Lock", "Smart Lock Pro", "Lock Pro"],
         commands: [
           { command: "lock", parameter: "\u2014", description: "Lock the door", idempotent: true },
           { command: "unlock", parameter: "\u2014", description: "Unlock the door", idempotent: true, safetyTier: "destructive", safetyReason: "Physically unlocks the door \u2014 anyone nearby can open it." },
@@ -7848,6 +7866,7 @@ var init_catalog = __esm({
         category: "physical",
         description: "Compact electronic deadbolt with lock and unlock control; no deadbolt mode.",
         role: "security",
+        aliases: ["Lock Lite"],
         commands: [
           { command: "lock", parameter: "\u2014", description: "Lock the door", idempotent: true },
           { command: "unlock", parameter: "\u2014", description: "Unlock the door", idempotent: true, safetyTier: "destructive", safetyReason: "Physically unlocks the door \u2014 anyone nearby can open it." }
@@ -7859,6 +7878,7 @@ var init_catalog = __esm({
         category: "physical",
         description: "Premium electronic deadbolt with full lock, unlock, and deadbolt control.",
         role: "security",
+        aliases: ["Lock Ultra"],
         commands: [
           { command: "lock", parameter: "\u2014", description: "Lock the door", idempotent: true },
           { command: "unlock", parameter: "\u2014", description: "Unlock the door", idempotent: true, safetyTier: "destructive", safetyReason: "Physically unlocks the door \u2014 anyone nearby can open it." },
@@ -7869,9 +7889,9 @@ var init_catalog = __esm({
       {
         type: "Plug",
         category: "physical",
-        description: "Smart wall outlet plug with on/off/toggle control and basic power status.",
+        description: "Smart wall outlet plug with on/off control and basic power status.",
         role: "power",
-        commands: onOffToggle,
+        commands: onOff,
         statusFields: ["power", "version"]
       },
       {
@@ -7879,7 +7899,7 @@ var init_catalog = __esm({
         category: "physical",
         description: "Compact smart plug with voltage, current, and daily energy consumption reporting.",
         role: "power",
-        aliases: ["Plug Mini (JP)"],
+        aliases: ["Plug Mini (JP)", "Plug Mini (EU)"],
         commands: onOffToggle,
         statusFields: ["voltage", "weight", "electricityOfDay", "electricCurrent", "power", "version"]
       },
@@ -7957,12 +7977,63 @@ var init_catalog = __esm({
       {
         type: "Strip Light",
         category: "physical",
-        description: "Addressable LED strip with on/off, brightness, RGB color, and color temperature control.",
+        description: "Addressable LED strip with on/off, brightness, and RGB color control.",
         role: "lighting",
-        aliases: ["Strip Light 3"],
-        commands: [...onOffToggle, ...lightControls],
+        commands: [
+          ...onOffToggle,
+          { command: "setBrightness", parameter: "1-100", description: "Set brightness percentage", idempotent: true, exampleParams: ["50", "80"] },
+          { command: "setColor", parameter: "R:G:B (0-255 each)", description: 'Set RGB color, e.g. "255:0:0"', idempotent: true, exampleParams: ["255:0:0", "255:255:255"] }
+        ],
+        statusFields: ["power", "brightness", "color", "colorTemperature", "version"]
+      },
+      {
+        type: "Floor Lamp",
+        category: "physical",
+        description: "Smart floor lamp with 0-100 brightness, RGB color, and color temperature control.",
+        role: "lighting",
+        commands: [...onOffToggle, ...rgbLightControls0To100],
         statusFields: ["power", "brightness", "color", "colorTemperature", "version"]
       },
+      {
+        type: "Strip Light 3",
+        category: "physical",
+        description: "Third-generation strip light with 0-100 brightness, RGB color, and color temperature control.",
+        role: "lighting",
+        commands: [...onOffToggle, ...rgbLightControls0To100],
+        statusFields: ["power", "brightness", "color", "colorTemperature", "version"]
+      },
+      {
+        type: "RGBICWW Strip Light",
+        category: "physical",
+        description: "RGBICWW strip light with 0-100 brightness, RGB color, and color temperature control.",
+        role: "lighting",
+        commands: [...onOffToggle, ...rgbLightControls0To100],
+        statusFields: ["power", "brightness", "color", "colorTemperature", "version"]
+      },
+      {
+        type: "RGBICWW Floor Lamp",
+        category: "physical",
+        description: "RGBICWW floor lamp with 0-100 brightness, RGB color, and color temperature control.",
+        role: "lighting",
+        commands: [...onOffToggle, ...rgbLightControls0To100],
+        statusFields: ["power", "brightness", "color", "colorTemperature", "version"]
+      },
+      {
+        type: "RGBIC Neon Wire Rope Light",
+        category: "physical",
+        description: "RGBIC neon wire rope light with 0-100 brightness and RGB color control.",
+        role: "lighting",
+        commands: [...onOffToggle, ...rgbOnlyLightControls0To100],
+        statusFields: ["power", "brightness", "color", "version"]
+      },
+      {
+        type: "RGBIC Neon Rope Light",
+        category: "physical",
+        description: "RGBIC neon rope light with 0-100 brightness and RGB color control.",
+        role: "lighting",
+        commands: [...onOffToggle, ...rgbOnlyLightControls0To100],
+        statusFields: ["power", "brightness", "color", "version"]
+      },
       {
         type: "Ceiling Light",
         category: "physical",
@@ -7984,7 +8055,7 @@ var init_catalog = __esm({
         commands: [
           ...onOff,
           { command: "setMode", parameter: "0=schedule 1=manual 2=off 3=eco 4=comfort 5=quickHeat", description: "Operating mode", idempotent: true, exampleParams: ["1", "3"] },
-          { command: "setManualModeTemperature", parameter: "5-30 (\xB0C)", description: "Target temperature in manual mode", idempotent: true, exampleParams: ["20", "22"] }
+          { command: "setManualModeTemperature", parameter: "4-35 (\xB0C)", description: "Target temperature in manual mode", idempotent: true, exampleParams: ["20", "22"] }
         ],
         statusFields: ["power", "temperature", "humidity", "battery", "version", "mode", "targetTemperature"]
       },
@@ -7993,7 +8064,7 @@ var init_catalog = __esm({
         category: "physical",
         description: "Entry-level robot vacuum with start/stop/dock and four suction power levels.",
         role: "cleaning",
-        aliases: ["Robot Vacuum", "Robot Vacuum Cleaner S1 Plus", "K10+"],
+        aliases: ["Robot Vacuum", "Robot Vacuum Cleaner S1 Plus", "K10+", "K10+ Pro"],
         commands: [
           { command: "start", parameter: "\u2014", description: "Start cleaning", idempotent: true },
           { command: "stop", parameter: "\u2014", description: "Stop cleaning", idempotent: true },
@@ -8003,17 +8074,17 @@ var init_catalog = __esm({
         statusFields: ["workingStatus", "onlineStatus", "battery", "version"]
       },
       {
-        type: "K10+ Pro Combo",
+        type: "Robot Vacuum Cleaner K10+ Pro Combo",
         category: "physical",
         description: "Compact robot vacuum and mop combo with sweep/mop sessions, fan level, and water level.",
         role: "cleaning",
-        aliases: ["K20+ Pro"],
+        aliases: ["K10+ Pro Combo", "K20+ Pro", "K11+", "Robot Vacuum Cleaner K11+"],
         commands: [
           { command: "startClean", parameter: `'{"action":"sweep"|"mop","param":{"fanLevel":1-4,"times":1-2639999}}'`, description: "Begin a cleaning session", idempotent: false, exampleParams: ['{"action":"sweep","param":{"fanLevel":2,"times":1}}'] },
           { command: "pause", parameter: "\u2014", description: "Pause cleaning", idempotent: true },
           { command: "dock", parameter: "\u2014", description: "Return to dock", idempotent: true },
           { command: "setVolume", parameter: "0-100", description: "Set voice volume", idempotent: true, exampleParams: ["0", "50", "100"] },
-          { command: "changeParam", parameter: `'{"fanLevel":1-4,"waterLevel":1-2,"times":1-2639999}'`, description: "Change parameters mid-run", idempotent: true, exampleParams: ['{"fanLevel":3,"waterLevel":1,"times":1}'] }
+          { command: "changeParam", parameter: `'{"fanLevel":1-4,"times":1-2639999}'`, description: "Change parameters mid-run", idempotent: true, exampleParams: ['{"fanLevel":3,"times":1}'] }
         ],
         statusFields: ["workingStatus", "onlineStatus", "battery", "taskType"]
       },
@@ -8022,7 +8093,7 @@ var init_catalog = __esm({
         category: "physical",
         description: "Advanced floor cleaning robot with sweep/mop modes, self-wash dock, and humidifier refill.",
         role: "cleaning",
-        aliases: ["Robot Vacuum Cleaner S10", "Robot Vacuum Cleaner S20"],
+        aliases: ["Robot Vacuum Cleaner S10", "Robot Vacuum Cleaner S20", "S20"],
         commands: [
           { command: "startClean", parameter: `'{"action":"sweep"|"sweep_mop","param":{"fanLevel":1-4,"waterLevel":1-2,"times":1-2639999}}'`, description: "Begin a cleaning session", idempotent: false, exampleParams: ['{"action":"sweep","param":{"fanLevel":2,"waterLevel":1,"times":1}}'] },
           { command: "pause", parameter: "\u2014", description: "Pause cleaning", idempotent: true },
@@ -8039,7 +8110,7 @@ var init_catalog = __esm({
         category: "physical",
         description: "Rechargeable table/floor fan with wind modes, speed control, night-light, and auto-off timer.",
         role: "fan",
-        aliases: ["Circulator Fan"],
+        aliases: ["Circulator Fan", "Standing Circulator Fan"],
         commands: [
           ...onOffToggle,
           { command: "setNightLightMode", parameter: "off | 1 | 2", description: "Night-light mode", idempotent: true, exampleParams: ["off", "1", "2"] },
@@ -8101,7 +8172,7 @@ var init_catalog = __esm({
         category: "physical",
         description: "PIN-pad access controller that creates and deletes door passcodes for a Smart Lock.",
         role: "security",
-        aliases: ["Keypad Touch"],
+        aliases: ["Keypad Touch", "Keypad Vision", "Keypad Vision Pro"],
         commands: [
           { command: "createKey", parameter: `'{"name":"...","type":"permanent|timeLimit|disposable|urgent","password":"6-12 digits","startTime":<s>,"endTime":<s>}'`, description: "Create a passcode (async; result via webhook)", idempotent: false, safetyTier: "destructive", safetyReason: "Provisions a new access credential \u2014 anyone with this passcode can unlock the door." },
           { command: "deleteKey", parameter: `'{"id":<passcode_id>}'`, description: "Delete a passcode (async; result via webhook)", idempotent: true, safetyTier: "destructive", safetyReason: "Permanently removes a passcode \u2014 the holder immediately loses door access." }
@@ -8111,15 +8182,25 @@ var init_catalog = __esm({
       {
         type: "Candle Warmer Lamp",
         category: "physical",
-        description: "Decorative candle-warmer lamp with adjustable brightness and color temperature.",
+        description: "Decorative candle-warmer lamp with adjustable 0-100 brightness.",
         role: "lighting",
         commands: [
           ...onOffToggle,
-          { command: "setBrightness", parameter: "1-100", description: "Set brightness percentage", idempotent: true, exampleParams: ["50", "80"] },
-          { command: "setColorTemperature", parameter: "2700-6500", description: "Set color temperature (Kelvin)", idempotent: true, exampleParams: ["2700", "4000"] }
+          { command: "setBrightness", parameter: "0-100", description: "Set brightness percentage", idempotent: true, exampleParams: ["0", "50", "100"] }
         ],
         statusFields: ["power", "brightness", "colorTemperature", "version"]
       },
+      {
+        type: "AI Art Frame",
+        category: "physical",
+        description: "Digital art frame that can switch to the next or previous image.",
+        role: "other",
+        commands: [
+          { command: "next", parameter: "\u2014", description: "Switch to the next image", idempotent: false },
+          { command: "previous", parameter: "\u2014", description: "Switch to the previous image", idempotent: false }
+        ],
+        statusFields: ["version"]
+      },
       // Status-only devices (no commands)
       {
         type: "Meter",
@@ -8155,6 +8236,7 @@ var init_catalog = __esm({
         description: "Water sensor that reports leak status; read-only, no control commands.",
         role: "sensor",
         readOnly: true,
+        aliases: ["Water Detector"],
         commands: [],
         statusFields: ["battery", "version", "status"]
       },
@@ -8380,9 +8462,8 @@ function updateCacheFromDeviceList(body) {
   for (const d of body.deviceList) {
     if (!d.deviceId) continue;
     devices[d.deviceId] = {
-      // Some real devices omit deviceType entirely (for example AI accessories).
-      // Keep them in cache with an empty type string rather than dropping the row.
-      type: d.deviceType ?? "",
+      type: d.deviceType || d.controlType || "Unknown Device",
+      typeSource: d.deviceType ? "deviceType" : d.controlType ? "controlType" : "deviceType",
       name: d.deviceName,
       category: "physical",
       hubDeviceId: d.hubDeviceId,
@@ -8397,6 +8478,7 @@ function updateCacheFromDeviceList(body) {
     if (!d.deviceId) continue;
     devices[d.deviceId] = {
       type: d.remoteType,
+      typeSource: "remoteType",
       name: d.deviceName,
       category: "ir",
       hubDeviceId: d.hubDeviceId,
@@ -8793,10 +8875,11 @@ async function fetchDeviceList(client, options = {}) {
       const infraredRemoteList = [];
       for (const [deviceId, entry] of Object.entries(cached2.devices)) {
         if (entry.category === "physical") {
+          const cachedDeviceType = entry.typeSource === "deviceType" ? entry.type : entry.typeSource === void 0 && entry.type !== entry.controlType ? entry.type : void 0;
           deviceList.push({
             deviceId,
             deviceName: entry.name,
-            ...entry.type ? { deviceType: entry.type } : {},
+            ...cachedDeviceType && cachedDeviceType !== "Unknown Device" ? { deviceType: cachedDeviceType } : {},
             enableCloudService: entry.enableCloudService ?? true,
             hubDeviceId: entry.hubDeviceId ?? "",
             roomID: entry.roomID,
@@ -8867,10 +8950,12 @@ async function executeCommand(deviceId, cmd, parameter, commandType, client, opt
       if (err instanceof Error && err.name === "DryRunSignal") {
         writeAudit({ ...baseAudit, result: "dry-run" });
       } else {
+        const statusCode = err instanceof ApiError ? err.code : void 0;
         writeAudit({
           ...baseAudit,
           result: "error",
-          error: err instanceof Error ? err.message : String(err)
+          error: err instanceof Error ? err.message : String(err),
+          ...statusCode !== void 0 ? { statusCode } : {}
         });
       }
       throw err;
@@ -8991,7 +9076,23 @@ async function describeDevice(deviceId, options = {}, client) {
     ir = infraredRemoteList.find((d) => d.deviceId === deviceId);
   }
   if (!physical && !ir) throw new DeviceNotFoundError(deviceId);
-  const typeName = physical ? physical.deviceType ?? "" : ir.remoteType;
+  let typeName;
+  let typeSource;
+  if (physical) {
+    if (physical.deviceType) {
+      typeName = physical.deviceType;
+      typeSource = "deviceType";
+    } else if (physical.controlType) {
+      typeName = physical.controlType;
+      typeSource = "controlType";
+    } else {
+      typeName = "Unknown Device";
+      typeSource = "deviceType";
+    }
+  } else {
+    typeName = ir.remoteType;
+    typeSource = "remoteType";
+  }
   const match = typeName ? findCatalogEntry(typeName) : null;
   const catalogEntry = !match || Array.isArray(match) ? null : match;
   let liveStatus;
@@ -9027,6 +9128,7 @@ async function describeDevice(deviceId, options = {}, client) {
     device: selectedDevice,
     isPhysical: Boolean(physical),
     typeName,
+    typeSource,
     controlType: physical?.controlType ?? ir?.controlType ?? null,
     catalog: catalogEntry,
     capabilities,
@@ -31710,6 +31812,162 @@ function applyFilter(clauses, deviceList, infraredRemoteList, hubLocation) {
 // src/devices/param-validator.ts
 init_cjs_shim();
 init_output();
+
+// src/devices/css-colors.ts
+init_cjs_shim();
+var CSS_COLORS = {
+  aliceblue: [240, 248, 255],
+  antiquewhite: [250, 235, 215],
+  aqua: [0, 255, 255],
+  aquamarine: [127, 255, 212],
+  azure: [240, 255, 255],
+  beige: [245, 245, 220],
+  bisque: [255, 228, 196],
+  black: [0, 0, 0],
+  blanchedalmond: [255, 235, 205],
+  blue: [0, 0, 255],
+  blueviolet: [138, 43, 226],
+  brown: [165, 42, 42],
+  burlywood: [222, 184, 135],
+  cadetblue: [95, 158, 160],
+  chartreuse: [127, 255, 0],
+  chocolate: [210, 105, 30],
+  coral: [255, 127, 80],
+  cornflowerblue: [100, 149, 237],
+  cornsilk: [255, 248, 220],
+  crimson: [220, 20, 60],
+  cyan: [0, 255, 255],
+  darkblue: [0, 0, 139],
+  darkcyan: [0, 139, 139],
+  darkgoldenrod: [184, 134, 11],
+  darkgray: [169, 169, 169],
+  darkgreen: [0, 100, 0],
+  darkgrey: [169, 169, 169],
+  darkkhaki: [189, 183, 107],
+  darkmagenta: [139, 0, 139],
+  darkolivegreen: [85, 107, 47],
+  darkorange: [255, 140, 0],
+  darkorchid: [153, 50, 204],
+  darkred: [139, 0, 0],
+  darksalmon: [233, 150, 122],
+  darkseagreen: [143, 188, 143],
+  darkslateblue: [72, 61, 139],
+  darkslategray: [47, 79, 79],
+  darkslategrey: [47, 79, 79],
+  darkturquoise: [0, 206, 209],
+  darkviolet: [148, 0, 211],
+  deeppink: [255, 20, 147],
+  deepskyblue: [0, 191, 255],
+  dimgray: [105, 105, 105],
+  dimgrey: [105, 105, 105],
+  dodgerblue: [30, 144, 255],
+  firebrick: [178, 34, 34],
+  floralwhite: [255, 250, 240],
+  forestgreen: [34, 139, 34],
+  fuchsia: [255, 0, 255],
+  gainsboro: [220, 220, 220],
+  ghostwhite: [248, 248, 255],
+  gold: [255, 215, 0],
+  goldenrod: [218, 165, 32],
+  gray: [128, 128, 128],
+  green: [0, 128, 0],
+  greenyellow: [173, 255, 47],
+  grey: [128, 128, 128],
+  honeydew: [240, 255, 240],
+  hotpink: [255, 105, 180],
+  indianred: [205, 92, 92],
+  indigo: [75, 0, 130],
+  ivory: [255, 255, 240],
+  khaki: [240, 230, 140],
+  lavender: [230, 230, 250],
+  lavenderblush: [255, 240, 245],
+  lawngreen: [124, 252, 0],
+  lemonchiffon: [255, 250, 205],
+  lightblue: [173, 216, 230],
+  lightcoral: [240, 128, 128],
+  lightcyan: [224, 255, 255],
+  lightgoldenrodyellow: [250, 250, 210],
+  lightgray: [211, 211, 211],
+  lightgreen: [144, 238, 144],
+  lightgrey: [211, 211, 211],
+  lightpink: [255, 182, 193],
+  lightsalmon: [255, 160, 122],
+  lightseagreen: [32, 178, 170],
+  lightskyblue: [135, 206, 250],
+  lightslategray: [119, 136, 153],
+  lightslategrey: [119, 136, 153],
+  lightsteelblue: [176, 196, 222],
+  lightyellow: [255, 255, 224],
+  lime: [0, 255, 0],
+  limegreen: [50, 205, 50],
+  linen: [250, 240, 230],
+  magenta: [255, 0, 255],
+  maroon: [128, 0, 0],
+  mediumaquamarine: [102, 205, 170],
+  mediumblue: [0, 0, 205],
+  mediumorchid: [186, 85, 211],
+  mediumpurple: [147, 111, 219],
+  mediumseagreen: [60, 179, 113],
+  mediumslateblue: [123, 104, 238],
+  mediumspringgreen: [0, 250, 154],
+  mediumturquoise: [72, 209, 204],
+  mediumvioletred: [199, 21, 133],
+  midnightblue: [25, 25, 112],
+  mintcream: [245, 255, 250],
+  mistyrose: [255, 228, 225],
+  moccasin: [255, 228, 181],
+  navajowhite: [255, 222, 173],
+  navy: [0, 0, 128],
+  oldlace: [253, 245, 230],
+  olive: [128, 128, 0],
+  olivedrab: [107, 142, 35],
+  orange: [255, 165, 0],
+  orangered: [255, 69, 0],
+  orchid: [218, 112, 214],
+  palegoldenrod: [238, 232, 170],
+  palegreen: [152, 251, 152],
+  paleturquoise: [175, 238, 238],
+  palevioletred: [219, 112, 147],
+  papayawhip: [255, 239, 213],
+  peachpuff: [255, 218, 185],
+  peru: [205, 133, 63],
+  pink: [255, 192, 203],
+  plum: [221, 160, 221],
+  powderblue: [176, 224, 230],
+  purple: [128, 0, 128],
+  rebeccapurple: [102, 51, 153],
+  red: [255, 0, 0],
+  rosybrown: [188, 143, 143],
+  royalblue: [65, 105, 225],
+  saddlebrown: [139, 69, 19],
+  salmon: [250, 128, 114],
+  sandybrown: [244, 164, 96],
+  seagreen: [46, 139, 87],
+  seashell: [255, 245, 238],
+  sienna: [160, 82, 45],
+  silver: [192, 192, 192],
+  skyblue: [135, 206, 235],
+  slateblue: [106, 90, 205],
+  slategray: [112, 128, 144],
+  slategrey: [112, 128, 144],
+  snow: [255, 250, 250],
+  springgreen: [0, 255, 127],
+  steelblue: [70, 130, 180],
+  tan: [210, 180, 140],
+  teal: [0, 128, 128],
+  thistle: [216, 191, 216],
+  tomato: [255, 99, 71],
+  turquoise: [64, 224, 208],
+  violet: [238, 130, 238],
+  wheat: [245, 222, 179],
+  white: [255, 255, 255],
+  whitesmoke: [245, 245, 245],
+  yellow: [255, 255, 0],
+  yellowgreen: [154, 205, 50]
+};
+
+// src/devices/param-validator.ts
+init_catalog();
 var AC_MODE_MAP = { auto: 1, cool: 2, dry: 3, fan: 4, heat: 5 };
 var AC_FAN_MAP = { auto: 1, low: 2, mid: 3, high: 4 };
 var CURTAIN_MODE_MAP = { default: "ff", performance: "0", silent: "1" };
@@ -31761,6 +32019,9 @@ function buildBlindTiltSetPosition(opts) {
   if (!Number.isFinite(angle) || angle < 0 || angle > 100) {
     throw new UsageError(`--angle must be an integer between 0 and 100 (got "${opts.angle}")`);
   }
+  if (angle % 2 !== 0) {
+    throw new UsageError(`--angle must be a multiple of 2 (got "${opts.angle}"). Example: --angle 50`);
+  }
   return `${dir};${angle}`;
 }
 function buildRelaySetMode(opts) {
@@ -31776,11 +32037,12 @@ function buildRelaySetMode(opts) {
   }
   return `${ch};${modeInt}`;
 }
-function buildBrightnessSet(opts) {
-  if (!opts.brightness) throw new UsageError("--brightness is required (1-100)");
+function buildBrightnessSet(opts, deviceType) {
+  const [min, max] = deviceType && brightnessRange(deviceType) || [1, 100];
+  if (!opts.brightness) throw new UsageError(`--brightness is required (${min}-${max})`);
   const b2 = parseInt(opts.brightness, 10);
-  if (!Number.isFinite(b2) || b2 < 1 || b2 > 100) {
-    throw new UsageError(`--brightness must be an integer between 1 and 100 (got "${opts.brightness}")`);
+  if (!Number.isFinite(b2) || b2 < min || b2 > max) {
+    throw new UsageError(`--brightness must be an integer between ${min} and ${max} (got "${opts.brightness}")`);
   }
   return String(b2);
 }
@@ -31796,94 +32058,203 @@ function buildColorTemperatureSet(opts) {
   if (!result.ok) throw new UsageError(result.error);
   return result.normalized ?? opts.colorTemp;
 }
+function parseParameterForWire(parameter) {
+  if (parameter === void 0) return "default";
+  const trimmed = parameter.trim();
+  if (trimmed.startsWith("{") && trimmed.endsWith("}") || trimmed.startsWith("[") && trimmed.endsWith("]")) {
+    try {
+      return JSON.parse(parameter);
+    } catch {
+      return parameter;
+    }
+  }
+  return parameter;
+}
 function validateParameter(deviceType, command, raw) {
   if (!deviceType) return { ok: true };
-  if (deviceType === "Air Conditioner" && command === "setAll") {
+  const dt = canonicalizeDeviceType(deviceType);
+  if (dt === "Air Conditioner" && command === "setAll") {
     return validateAcSetAll(raw);
   }
-  if (deviceType.startsWith("Curtain") && command === "setPosition") {
+  if (dt.startsWith("Curtain") && command === "setPosition") {
     return validateCurtainSetPosition(raw);
   }
-  if (deviceType.startsWith("Blind Tilt") && command === "setPosition") {
+  if (dt.startsWith("Blind Tilt") && command === "setPosition") {
     return validateBlindTiltSetPosition(raw);
   }
-  if (deviceType.startsWith("Relay Switch") && command === "setMode") {
-    return validateRelaySetMode(raw);
+  if ((dt === "Relay Switch 1" || dt === "Relay Switch 1PM") && command === "setMode") {
+    return validateIntRange(raw, "setMode", 0, 3, "Relay Switch mode (0=toggle 1=edge 2=detached 3=momentary)");
+  }
+  if (dt === "Relay Switch 2PM" && command === "setMode") {
+    return validateRelay2PmSetMode(raw);
+  }
+  if (dt === "Relay Switch 2PM" && (command === "turnOn" || command === "turnOff" || command === "toggle")) {
+    return validateRelayChannel(raw);
+  }
+  if (dt === "Relay Switch 2PM" && command === "setPosition") {
+    return validateIntRange(raw, "setPosition", 0, 100, "Relay Switch 2PM roller-shade percentage");
   }
-  if (command === "setBrightness" && isBrightnessDevice(deviceType)) {
-    return validateSetBrightness(raw);
+  if (command === "setBrightness" && isBrightnessDevice(dt)) {
+    return validateSetBrightness(raw, dt);
   }
-  if (command === "setColor" && isColorDevice(deviceType)) {
+  if (command === "setColor" && isColorDevice(dt)) {
     return validateSetColor(raw);
   }
-  if (command === "setColorTemperature" && isBrightnessDevice(deviceType)) {
+  if (command === "setColorTemperature" && isColorTemperatureDevice(dt)) {
     return validateSetColorTemperature(raw);
   }
+  if (dt === "Humidifier" && command === "setMode") {
+    return validateHumidifierSetMode(raw);
+  }
+  if (dt === "Humidifier2" && command === "setMode") {
+    return validateHumidifier2SetMode(raw);
+  }
+  if (dt === "Humidifier2" && command === "setChildLock") {
+    return validateEnum(raw, "setChildLock", ["true", "false"]);
+  }
+  if (isAirPurifierDevice(dt) && command === "setMode") {
+    return validateAirPurifierSetMode(raw);
+  }
+  if (isAirPurifierDevice(dt) && command === "setChildLock") {
+    return validateEnum(raw, "setChildLock", ["0", "1"]);
+  }
+  if (isPowLevelVacuum(dt) && command === "PowLevel") {
+    return validateIntRange(raw, "PowLevel", 0, 3, "suction level (0=Quiet 1=Standard 2=Strong 3=Max)");
+  }
+  if ((isComboVacuum(dt) || isFloorCleaningVacuum(dt)) && command === "startClean") {
+    return validateVacuumStartClean(raw, dt);
+  }
+  if ((isComboVacuum(dt) || isFloorCleaningVacuum(dt)) && command === "setVolume") {
+    return validateIntRange(raw, "setVolume", 0, 100, "volume percentage");
+  }
+  if ((isComboVacuum(dt) || isFloorCleaningVacuum(dt)) && command === "changeParam") {
+    return validateVacuumChangeParam(raw, dt);
+  }
+  if (isFloorCleaningVacuum(dt) && command === "selfClean") {
+    return validateEnum(raw, "selfClean", ["1", "2", "3"], "1=wash mop, 2=dry, 3=terminate");
+  }
+  if (isCirculatorFan(dt) && command === "setNightLightMode") {
+    return validateEnum(raw, "setNightLightMode", ["off", "1", "2"]);
+  }
+  if (isCirculatorFan(dt) && command === "setWindMode") {
+    return validateEnum(raw, "setWindMode", ["direct", "natural", "sleep", "baby"]);
+  }
+  if (isCirculatorFan(dt) && command === "setWindSpeed") {
+    return validateIntRange(raw, "setWindSpeed", 1, 100, "fan speed percentage");
+  }
+  if (isCirculatorFan(dt) && command === "closeDelay") {
+    return validateIntRange(raw, "closeDelay", 1, 36e3, "auto-off delay in seconds");
+  }
+  if (dt === "Smart Radiator Thermostat" && command === "setMode") {
+    return validateIntRange(raw, "setMode", 0, 5, "mode (0=schedule 1=manual 2=off 3=eco 4=comfort 5=quickHeat)");
+  }
+  if (dt === "Smart Radiator Thermostat" && command === "setManualModeTemperature") {
+    return validateIntRange(raw, "setManualModeTemperature", 4, 35, "temperature in \xB0C");
+  }
+  if (dt.startsWith("Keypad") && command === "createKey") {
+    return validateKeypadCreateKey(raw);
+  }
+  if (dt.startsWith("Keypad") && command === "deleteKey") {
+    return validateKeypadDeleteKey(raw);
+  }
+  if (dt === "TV" && command === "SetChannel") {
+    return validateIntRange(raw, "SetChannel", 1, 999, "channel number");
+  }
+  if (dt === "Roller Shade" && command === "setPosition") {
+    return validateIntRange(raw, "setPosition", 0, 100, "position percentage (0=open, 100=closed)");
+  }
   return { ok: true };
 }
 function isBrightnessDevice(deviceType) {
-  return deviceType === "Color Bulb" || deviceType === "Strip Light" || deviceType === "Strip Light 3" || deviceType === "Ceiling Light" || deviceType === "Ceiling Light Pro" || deviceType === "Floor Lamp" || deviceType === "Light Strip" || deviceType === "Dimmer" || deviceType === "Fill Light";
+  return brightnessRange(deviceType) !== null;
+}
+function brightnessRange(deviceType) {
+  if (deviceType === "Color Bulb" || deviceType === "Strip Light" || deviceType === "Ceiling Light" || deviceType === "Ceiling Light Pro") {
+    return [1, 100];
+  }
+  if (deviceType === "Floor Lamp" || deviceType === "Strip Light 3" || deviceType === "RGBICWW Strip Light" || deviceType === "RGBICWW Floor Lamp" || deviceType === "RGBIC Neon Wire Rope Light" || deviceType === "RGBIC Neon Rope Light" || deviceType === "Candle Warmer Lamp") {
+    return [0, 100];
+  }
+  if (deviceType === "Light Strip" || deviceType === "Dimmer" || deviceType === "Fill Light") {
+    return [1, 100];
+  }
+  return null;
 }
 function isColorDevice(deviceType) {
-  return deviceType === "Color Bulb" || deviceType === "Strip Light" || deviceType === "Strip Light 3" || deviceType === "Floor Lamp" || deviceType === "Light Strip" || deviceType === "Fill Light";
+  return deviceType === "Color Bulb" || deviceType === "Strip Light" || deviceType === "Strip Light 3" || deviceType === "Floor Lamp" || deviceType === "RGBICWW Strip Light" || deviceType === "RGBICWW Floor Lamp" || deviceType === "RGBIC Neon Wire Rope Light" || deviceType === "RGBIC Neon Rope Light" || deviceType === "Light Strip" || deviceType === "Fill Light";
+}
+function isColorTemperatureDevice(deviceType) {
+  return deviceType === "Color Bulb" || deviceType === "Floor Lamp" || deviceType === "Strip Light 3" || deviceType === "Ceiling Light" || deviceType === "Ceiling Light Pro" || deviceType === "RGBICWW Strip Light" || deviceType === "RGBICWW Floor Lamp" || deviceType === "Light Strip" || deviceType === "Dimmer" || deviceType === "Fill Light";
+}
+function isAirPurifierDevice(deviceType) {
+  return deviceType === "Air Purifier VOC" || deviceType === "Air Purifier Table VOC" || deviceType === "Air Purifier PM2.5" || deviceType === "Air Purifier Table PM2.5";
+}
+function isPowLevelVacuum(deviceType) {
+  return deviceType === "Robot Vacuum Cleaner S1" || deviceType === "Robot Vacuum Cleaner S1 Plus" || deviceType === "K10+" || deviceType === "K10+ Pro";
+}
+function isComboVacuum(deviceType) {
+  return deviceType === "K10+ Pro Combo" || deviceType === "Robot Vacuum Cleaner K10+ Pro Combo" || deviceType === "K20+ Pro" || deviceType === "K11+" || deviceType === "Robot Vacuum Cleaner K11+";
+}
+function isFloorCleaningVacuum(deviceType) {
+  return deviceType === "Floor Cleaning Robot S10" || deviceType === "S20" || deviceType === "Robot Vacuum Cleaner S20";
+}
+function isCirculatorFan(deviceType) {
+  return deviceType === "Battery Circulator Fan" || deviceType === "Circulator Fan" || deviceType === "Standing Circulator Fan";
 }
 function isLightingCommandSupported(deviceType, command) {
-  if (command === "setBrightness" || command === "setColorTemperature") return isBrightnessDevice(deviceType);
-  if (command === "setColor") return isColorDevice(deviceType);
+  const dt = canonicalizeDeviceType(deviceType);
+  if (command === "setBrightness") return isBrightnessDevice(dt);
+  if (command === "setColorTemperature") return isColorTemperatureDevice(dt);
+  if (command === "setColor") return isColorDevice(dt);
+  return false;
+}
+function isNumericish(v2) {
+  if (typeof v2 === "number") return true;
+  if (typeof v2 === "string" && v2.trim() !== "") return true;
   return false;
 }
-function validateSetBrightness(raw) {
+function validateSetBrightness(raw, deviceType) {
+  const [min, max] = brightnessRange(deviceType) ?? [1, 100];
   if (raw === void 0 || raw === "" || raw === "default") {
     return {
       ok: false,
-      error: `setBrightness requires an integer 1-100 (percent). Example: "50".`
+      error: `setBrightness requires an integer ${min}-${max} (percent). Example: "50".`
     };
   }
-  const trimmed = raw.trim();
+  const trimmed = stripQuotes(raw.trim());
   if (!/^-?\d+$/.test(trimmed)) {
     return {
       ok: false,
-      error: `setBrightness must be an integer 1-100, got ${JSON.stringify(raw)}. ${hintBrightnessRetry()}`
+      error: `setBrightness must be an integer ${min}-${max}, got ${JSON.stringify(raw)}. ${hintBrightnessRetry(min, max)}`
     };
   }
   const n = Number(trimmed);
-  if (!Number.isInteger(n) || n < 1 || n > 100) {
+  if (!Number.isInteger(n) || n < min || n > max) {
     return {
       ok: false,
-      error: `setBrightness must be an integer 1-100, got "${raw}". ${hintBrightnessRetry()}`
+      error: `setBrightness must be an integer ${min}-${max}, got "${raw}". ${hintBrightnessRetry(min, max)}`
     };
   }
   return { ok: true, normalized: String(n) };
 }
-function hintBrightnessRetry() {
-  return `Ask the user whether they meant a percentage (1-100). Example: "50".`;
+function hintBrightnessRetry(min = 1, max = 100) {
+  return `Ask the user whether they meant a percentage (${min}-${max}). Example: "50".`;
 }
-var NAMED_COLORS = {
-  red: [255, 0, 0],
-  green: [0, 128, 0],
-  lime: [0, 255, 0],
-  blue: [0, 0, 255],
-  yellow: [255, 255, 0],
-  cyan: [0, 255, 255],
-  magenta: [255, 0, 255],
-  white: [255, 255, 255],
-  black: [0, 0, 0],
-  orange: [255, 165, 0],
-  purple: [128, 0, 128],
-  pink: [255, 192, 203],
-  brown: [165, 42, 42],
-  grey: [128, 128, 128],
-  gray: [128, 128, 128],
+var CUSTOM_COLORS = {
   warm: [255, 180, 100]
 };
+var NAMED_COLORS = {
+  ...CSS_COLORS,
+  ...CUSTOM_COLORS
+};
 function validateSetColor(raw) {
   if (raw === void 0 || raw === "" || raw === "default") {
     return {
       ok: false,
-      error: `setColor requires a color. Expected one of: "R:G:B" (e.g. "255:0:0"), "#RRGGBB" (e.g. "#FF0000"), "#RGB", "R,G,B", or a named color (${Object.keys(NAMED_COLORS).slice(0, 8).join(", ")}, ...).`
+      error: `setColor requires a color. Use a CSS color name (e.g. coral, teal, salmon), hex (#RRGGBB / #RGB), or R:G:B format.`
     };
   }
-  const trimmed = raw.trim();
+  const trimmed = stripQuotes(raw.trim());
   const named = NAMED_COLORS[trimmed.toLowerCase()];
   if (named) {
     return { ok: true, normalized: `${named[0]}:${named[1]}:${named[2]}` };
@@ -31950,7 +32321,7 @@ function validateSetColorTemperature(raw) {
       error: `setColorTemperature requires an integer Kelvin value 2700-6500. Example: "4000".`
     };
   }
-  const trimmed = raw.trim();
+  const trimmed = stripQuotes(raw.trim());
   if (!/^-?\d+$/.test(trimmed)) {
     return {
       ok: false,
@@ -31973,13 +32344,14 @@ function validateAcSetAll(raw) {
       error: `setAll requires a parameter "<temp>,<mode>,<fan>,<on|off>". Example: "26,2,2,on".`
     };
   }
-  if (raw.startsWith("{") || raw.startsWith("[")) {
+  const stripped = stripQuotes(raw.trim());
+  if (stripped.startsWith("{") || stripped.startsWith("[")) {
     return {
       ok: false,
       error: `setAll parameter must be a CSV string like "26,2,2,on", not JSON (got ${JSON.stringify(raw)}).`
     };
   }
-  const parts = raw.split(",");
+  const parts = stripped.split(",");
   if (parts.length !== 4) {
     return {
       ok: false,
@@ -32024,8 +32396,9 @@ function validateCurtainSetPosition(raw) {
       error: `setPosition requires a parameter. Expected: "<0-100>" or "<index>,<ff|0|1>,<0-100>". Example: "50" or "0,ff,50".`
     };
   }
-  if (!raw.includes(",")) {
-    const pos2 = Number(raw);
+  const stripped = stripQuotes(raw.trim());
+  if (!stripped.includes(",")) {
+    const pos2 = Number(stripped);
     if (!Number.isInteger(pos2) || pos2 < 0 || pos2 > 100) {
       return {
         ok: false,
@@ -32034,7 +32407,7 @@ function validateCurtainSetPosition(raw) {
     }
     return { ok: true, normalized: String(pos2) };
   }
-  const parts = raw.split(",").map((s2) => s2.trim());
+  const parts = stripped.split(",").map((s2) => s2.trim());
   if (parts.length !== 3) {
     return {
       ok: false,
@@ -32072,7 +32445,8 @@ function validateBlindTiltSetPosition(raw) {
       error: `Blind Tilt setPosition requires a parameter. Expected: "<up|down>;<0-100>". Example: "up;50".`
     };
   }
-  const parts = raw.split(";");
+  const stripped = stripQuotes(raw.trim());
+  const parts = stripped.split(";");
   if (parts.length !== 2) {
     return {
       ok: false,
@@ -32093,16 +32467,23 @@ function validateBlindTiltSetPosition(raw) {
       error: `Blind Tilt setPosition angle must be an integer 0-100, got "${parts[1]}".`
     };
   }
+  if (angle % 2 !== 0) {
+    return {
+      ok: false,
+      error: `Blind Tilt setPosition angle must be a multiple of 2, got "${parts[1]}". Example: "up;48".`
+    };
+  }
   return { ok: true, normalized: `${dir};${angle}` };
 }
-function validateRelaySetMode(raw) {
+function validateRelay2PmSetMode(raw) {
   if (raw === void 0 || raw === "" || raw === "default") {
     return {
       ok: false,
       error: `Relay Switch setMode requires a parameter. Expected: "<1|2>;<0|1|2|3>". Example: "1;1" (channel 1, edge mode).`
     };
   }
-  const parts = raw.split(";");
+  const stripped = stripQuotes(raw.trim());
+  const parts = stripped.split(";");
   if (parts.length !== 2) {
     return {
       ok: false,
@@ -32125,6 +32506,342 @@ function validateRelaySetMode(raw) {
   }
   return { ok: true, normalized: `${ch};${mode}` };
 }
+function validateRelayChannel(raw) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `Relay Switch 2PM turnOn/turnOff/toggle requires a channel parameter: "1" or "2". Example: turnOff 1`
+    };
+  }
+  const n = stripQuotes(raw.trim());
+  if (n !== "1" && n !== "2") {
+    return {
+      ok: false,
+      error: `Relay Switch 2PM channel must be "1" or "2", got ${JSON.stringify(raw)}.`
+    };
+  }
+  return { ok: true, normalized: n };
+}
+function stripQuotes(s2) {
+  if (s2.length >= 2 && s2.startsWith('"') && s2.endsWith('"')) {
+    return s2.slice(1, -1);
+  }
+  return s2;
+}
+function validateIntRange(raw, command, min, max, label) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `${command} requires an integer ${min}-${max} (${label}). Example: "${Math.round((min + max) / 2)}".`
+    };
+  }
+  const trimmed = stripQuotes(raw.trim());
+  if (!/^-?\d+$/.test(trimmed)) {
+    return {
+      ok: false,
+      error: `${command} must be an integer ${min}-${max} (${label}), got ${JSON.stringify(raw)}.`
+    };
+  }
+  const n = Number(trimmed);
+  if (n < min || n > max) {
+    return {
+      ok: false,
+      error: `${command} must be an integer ${min}-${max} (${label}), got ${n}.`
+    };
+  }
+  return { ok: true, normalized: String(n) };
+}
+function validateEnum(raw, command, allowed, hint) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `${command} requires a parameter: ${allowed.join(" | ")}${hint ? ` (${hint})` : ""}. Example: "${allowed[0]}".`
+    };
+  }
+  const trimmed = stripQuotes(raw.trim()).toLowerCase();
+  const match = allowed.find((a) => a.toLowerCase() === trimmed);
+  if (!match) {
+    return {
+      ok: false,
+      error: `${command} must be one of: ${allowed.join(", ")}. Got ${JSON.stringify(raw)}.`
+    };
+  }
+  return { ok: true, normalized: match };
+}
+function validateHumidifierSetMode(raw) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `Humidifier setMode requires a parameter: "auto", "101", "102", "103", or 0-100 (humidity %). Example: "auto".`
+    };
+  }
+  const trimmed = stripQuotes(raw.trim()).toLowerCase();
+  if (trimmed === "auto") return { ok: true, normalized: "auto" };
+  if (["101", "102", "103"].includes(trimmed)) return { ok: true, normalized: trimmed };
+  if (/^\d+$/.test(trimmed)) {
+    const n = Number(trimmed);
+    if (n >= 0 && n <= 100) return { ok: true, normalized: String(n) };
+  }
+  return {
+    ok: false,
+    error: `Humidifier setMode must be "auto", "101" (34%), "102" (67%), "103" (100%), or 0-100. Got ${JSON.stringify(raw)}.`
+  };
+}
+function validateHumidifier2SetMode(raw) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `Humidifier2 setMode requires a JSON parameter: {"mode":1-8,"targetHumidify":0-100}. Example: '{"mode":7,"targetHumidify":50}'.`
+    };
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return {
+      ok: false,
+      error: `Humidifier2 setMode expects JSON: {"mode":1-8,"targetHumidify":0-100}. Got ${JSON.stringify(raw)}.`
+    };
+  }
+  if (typeof obj !== "object" || obj === null || Array.isArray(obj)) {
+    return { ok: false, error: `Humidifier2 setMode expects a JSON object, got ${typeof obj}.` };
+  }
+  const o = obj;
+  if (!isNumericish(o.mode)) {
+    return { ok: false, error: `Humidifier2 setMode "mode" must be a number or numeric string, got ${JSON.stringify(o.mode)}.` };
+  }
+  const mode = Number(o.mode);
+  if (!Number.isInteger(mode) || mode < 1 || mode > 8) {
+    return { ok: false, error: `Humidifier2 setMode "mode" must be 1-8, got ${JSON.stringify(o.mode)}.` };
+  }
+  if (!isNumericish(o.targetHumidify)) {
+    return { ok: false, error: `Humidifier2 setMode "targetHumidify" must be a number or numeric string, got ${JSON.stringify(o.targetHumidify)}.` };
+  }
+  const hum = Number(o.targetHumidify);
+  if (!Number.isInteger(hum) || hum < 0 || hum > 100) {
+    return { ok: false, error: `Humidifier2 setMode "targetHumidify" must be 0-100, got ${JSON.stringify(o.targetHumidify)}.` };
+  }
+  return { ok: true, normalized: JSON.stringify({ mode, targetHumidify: hum }) };
+}
+function validateAirPurifierSetMode(raw) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `Air Purifier setMode requires a JSON parameter: {"mode":1-4} or {"mode":1,"fanGear":1-3}. Example: '{"mode":2}'.`
+    };
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return {
+      ok: false,
+      error: `Air Purifier setMode expects JSON: {"mode":1-4,"fanGear":1-3}. Got ${JSON.stringify(raw)}.`
+    };
+  }
+  if (typeof obj !== "object" || obj === null || Array.isArray(obj)) {
+    return { ok: false, error: `Air Purifier setMode expects a JSON object, got ${typeof obj}.` };
+  }
+  const o = obj;
+  if (!isNumericish(o.mode)) {
+    return { ok: false, error: `Air Purifier setMode "mode" must be a number or numeric string, got ${JSON.stringify(o.mode)}.` };
+  }
+  const mode = Number(o.mode);
+  if (!Number.isInteger(mode) || mode < 1 || mode > 4) {
+    return { ok: false, error: `Air Purifier setMode "mode" must be 1-4 (1=normal 2=auto 3=sleep 4=pet), got ${JSON.stringify(o.mode)}.` };
+  }
+  const normalized = { mode };
+  if (o.fanGear !== void 0) {
+    if (mode !== 1) {
+      return { ok: false, error: `Air Purifier setMode "fanGear" can only be set when "mode" is 1 (normal/fan mode).` };
+    }
+    if (!isNumericish(o.fanGear)) {
+      return { ok: false, error: `Air Purifier setMode "fanGear" must be a number or numeric string, got ${JSON.stringify(o.fanGear)}.` };
+    }
+    const fg = Number(o.fanGear);
+    if (!Number.isInteger(fg) || fg < 1 || fg > 3) {
+      return { ok: false, error: `Air Purifier setMode "fanGear" must be 1-3, got ${JSON.stringify(o.fanGear)}.` };
+    }
+    normalized.fanGear = fg;
+  }
+  return { ok: true, normalized: JSON.stringify(normalized) };
+}
+function validateVacuumStartClean(raw, deviceType) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    const actions = isFloorCleaningVacuum(deviceType) ? "sweep | sweep_mop" : "sweep | mop";
+    return {
+      ok: false,
+      error: `${deviceType} startClean requires a JSON parameter: {"action":"${actions.split(" | ")[0]}","param":{"fanLevel":1-4,"times":1}}. Example: '{"action":"${actions.split(" | ")[0]}","param":{"fanLevel":2,"times":1}}'.`
+    };
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return {
+      ok: false,
+      error: `${deviceType} startClean expects JSON. Got ${JSON.stringify(raw)}.`
+    };
+  }
+  if (typeof obj !== "object" || obj === null || Array.isArray(obj)) {
+    return { ok: false, error: `${deviceType} startClean expects a JSON object.` };
+  }
+  const o = obj;
+  const validActions = isFloorCleaningVacuum(deviceType) ? ["sweep", "sweep_mop"] : ["sweep", "mop"];
+  if (typeof o.action !== "string" || !validActions.includes(o.action)) {
+    return { ok: false, error: `${deviceType} startClean "action" must be one of: ${validActions.join(", ")}. Got ${JSON.stringify(o.action)}.` };
+  }
+  const normalized = { action: o.action };
+  if (o.param !== void 0) {
+    if (typeof o.param !== "object" || o.param === null || Array.isArray(o.param)) {
+      return { ok: false, error: `${deviceType} startClean "param" must be an object.` };
+    }
+    const p2 = o.param;
+    const normalizedParam = {};
+    if (p2.fanLevel !== void 0) {
+      if (!isNumericish(p2.fanLevel)) {
+        return { ok: false, error: `${deviceType} startClean "param.fanLevel" must be a number or numeric string, got ${JSON.stringify(p2.fanLevel)}.` };
+      }
+      const fl = Number(p2.fanLevel);
+      if (!Number.isInteger(fl) || fl < 1 || fl > 4) {
+        return { ok: false, error: `${deviceType} startClean "param.fanLevel" must be 1-4, got ${JSON.stringify(p2.fanLevel)}.` };
+      }
+      normalizedParam.fanLevel = fl;
+    }
+    if (p2.waterLevel !== void 0) {
+      if (!isFloorCleaningVacuum(deviceType)) {
+        return { ok: false, error: `${deviceType} startClean "param.waterLevel" is only supported for Floor Cleaning Robot S10/S20.` };
+      }
+      if (!isNumericish(p2.waterLevel)) {
+        return { ok: false, error: `${deviceType} startClean "param.waterLevel" must be a number or numeric string, got ${JSON.stringify(p2.waterLevel)}.` };
+      }
+      const wl = Number(p2.waterLevel);
+      if (!Number.isInteger(wl) || wl < 1 || wl > 2) {
+        return { ok: false, error: `${deviceType} startClean "param.waterLevel" must be 1-2, got ${JSON.stringify(p2.waterLevel)}.` };
+      }
+      normalizedParam.waterLevel = wl;
+    }
+    if (p2.times !== void 0) {
+      if (!isNumericish(p2.times)) {
+        return { ok: false, error: `${deviceType} startClean "param.times" must be a number or numeric string, got ${JSON.stringify(p2.times)}.` };
+      }
+      const t = Number(p2.times);
+      if (!Number.isInteger(t) || t < 1 || t > 2639999) {
+        return { ok: false, error: `${deviceType} startClean "param.times" must be an integer 1-2639999, got ${JSON.stringify(p2.times)}.` };
+      }
+      normalizedParam.times = t;
+    }
+    normalized.param = normalizedParam;
+  }
+  return { ok: true, normalized: JSON.stringify(normalized) };
+}
+function validateVacuumChangeParam(raw, deviceType) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `changeParam requires a JSON parameter: {"fanLevel":1-4,"waterLevel":1-2,"times":1}. Example: '{"fanLevel":3,"waterLevel":1,"times":1}'.`
+    };
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return {
+      ok: false,
+      error: `changeParam expects JSON: {"fanLevel":1-4,"waterLevel":1-2,"times":...}. Got ${JSON.stringify(raw)}.`
+    };
+  }
+  if (typeof obj !== "object" || obj === null || Array.isArray(obj)) {
+    return { ok: false, error: `changeParam expects a JSON object.` };
+  }
+  const p2 = obj;
+  const normalized = {};
+  if (p2.fanLevel !== void 0) {
+    if (!isNumericish(p2.fanLevel)) {
+      return { ok: false, error: `changeParam "fanLevel" must be a number or numeric string, got ${JSON.stringify(p2.fanLevel)}.` };
+    }
+    const fl = Number(p2.fanLevel);
+    if (!Number.isInteger(fl) || fl < 1 || fl > 4) {
+      return { ok: false, error: `changeParam "fanLevel" must be 1-4, got ${JSON.stringify(p2.fanLevel)}.` };
+    }
+    normalized.fanLevel = fl;
+  }
+  if (p2.waterLevel !== void 0) {
+    if (isComboVacuum(deviceType)) {
+      return { ok: false, error: `${deviceType} changeParam does not support "waterLevel" according to the API docs.` };
+    }
+    if (!isNumericish(p2.waterLevel)) {
+      return { ok: false, error: `changeParam "waterLevel" must be a number or numeric string, got ${JSON.stringify(p2.waterLevel)}.` };
+    }
+    const wl = Number(p2.waterLevel);
+    if (!Number.isInteger(wl) || wl < 1 || wl > 2) {
+      return { ok: false, error: `changeParam "waterLevel" must be 1-2, got ${JSON.stringify(p2.waterLevel)}.` };
+    }
+    normalized.waterLevel = wl;
+  }
+  if (p2.times !== void 0) {
+    if (!isNumericish(p2.times)) {
+      return { ok: false, error: `changeParam "times" must be a number or numeric string, got ${JSON.stringify(p2.times)}.` };
+    }
+    const t = Number(p2.times);
+    if (!Number.isInteger(t) || t < 1 || t > 2639999) {
+      return { ok: false, error: `changeParam "times" must be an integer 1-2639999, got ${JSON.stringify(p2.times)}.` };
+    }
+    normalized.times = t;
+  }
+  return { ok: true, normalized: JSON.stringify(normalized) };
+}
+function validateKeypadCreateKey(raw) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `createKey requires a JSON parameter: {"name":"...","type":"permanent|timeLimit|disposable|urgent","password":"6-12 digits",...}.`
+    };
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return { ok: false, error: `createKey expects a JSON object. Got ${JSON.stringify(raw)}.` };
+  }
+  if (typeof obj !== "object" || obj === null || Array.isArray(obj)) {
+    return { ok: false, error: `createKey expects a JSON object.` };
+  }
+  const o = obj;
+  if (typeof o.name !== "string" || o.name.length === 0) {
+    return { ok: false, error: `createKey "name" is required and must be a non-empty string.` };
+  }
+  const validTypes = ["permanent", "timeLimit", "disposable", "urgent"];
+  if (typeof o.type !== "string" || !validTypes.includes(o.type)) {
+    return { ok: false, error: `createKey "type" must be one of: ${validTypes.join(", ")}. Got ${JSON.stringify(o.type)}.` };
+  }
+  if (typeof o.password !== "string" || !/^\d{6,12}$/.test(o.password)) {
+    return { ok: false, error: `createKey "password" must be a 6-12 digit string. Got ${JSON.stringify(o.password)}.` };
+  }
+  return { ok: true };
+}
+function validateKeypadDeleteKey(raw) {
+  if (raw === void 0 || raw === "" || raw === "default") {
+    return {
+      ok: false,
+      error: `deleteKey requires a JSON parameter: {"id":<passcode_id>}. Example: '{"id":12345}'.`
+    };
+  }
+  let obj;
+  try {
+    obj = JSON.parse(raw);
+  } catch {
+    return { ok: false, error: `deleteKey expects a JSON object: {"id":<passcode_id>}. Got ${JSON.stringify(raw)}.` };
+  }
+  if (typeof obj !== "object" || obj === null || Array.isArray(obj)) {
+    return { ok: false, error: `deleteKey expects a JSON object.` };
+  }
+  const o = obj;
+  if (o.id === void 0 || typeof o.id !== "number" && typeof o.id !== "string") {
+    return { ok: false, error: `deleteKey "id" is required (passcode ID). Got ${JSON.stringify(o.id)}.` };
+  }
+  return { ok: true };
+}
 
 // src/commands/batch.ts
 init_cjs_shim();
@@ -32354,13 +33071,7 @@ Examples:
           }
         });
       }
-      let parsedParam = parameter ?? "default";
-      if (parameter) {
-        try {
-          parsedParam = JSON.parse(parameter);
-        } catch {
-        }
-      }
+      const parsedParam = parseParameterForWire(parameter);
       const maxConcurrentRaw = options.maxConcurrent ?? options.concurrency;
       const concurrency = Math.max(1, Number.parseInt(maxConcurrentRaw, 10) || DEFAULT_CONCURRENCY);
       const staggerMs = Math.max(0, Number.parseInt(options.stagger, 10) || 0);
@@ -32395,8 +33106,11 @@ Examples:
         }
         return;
       }
+      const totalDevices = resolved.ids.length;
+      const deviceIndices = new Map(resolved.ids.map((id, i) => [id, i + 1]));
       const startedAt = Date.now();
       const outcomes = await runPool(resolved.ids, concurrency, staggerMs, async (id) => {
+        const stepIdx = deviceIndices.get(id);
         const stepStart = Date.now();
         const startedIso = new Date(stepStart).toISOString();
         try {
@@ -32408,7 +33122,7 @@ Examples:
           const durationMs = Date.now() - stepStart;
           const replayed = typeof result2 === "object" && result2 !== null && result2.replayed === true;
           if (!isJsonMode()) {
-            console.log(`\u2713 ${id}: ${cmd}${replayed ? " (replayed)" : ""}`);
+            console.log(`[${stepIdx}/${totalDevices}] \u2713 ${id}: ${cmd}${replayed ? " (replayed)" : ""}`);
           }
           return {
             ok: true,
@@ -32431,7 +33145,7 @@ Examples:
           }
           const errorPayload = buildErrorPayload(err);
           if (!isJsonMode()) {
-            console.error(`\u2717 ${id}: ${errorPayload.message}`);
+            console.error(`[${stepIdx}/${totalDevices}] \u2717 ${id}: ${errorPayload.message}`);
           }
           return {
             ok: false,
@@ -32681,7 +33395,7 @@ function registerWatchCommand(devices) {
     `Polling interval: "30s", "1m", "500ms", ... (default 30s, min ${MIN_INTERVAL_MS / 1e3}s)`,
     durationArg("--interval"),
     "30s"
-  ).option("--max <n>", "Stop after N ticks (default: run until Ctrl-C)", intArg("--max", { min: 1 })).option("--for <dur>", 'Stop after elapsed time (e.g. "5m", "30s"). Combines with --max: first limit wins.', durationArg("--for")).option("--include-unchanged", "Emit a tick even when no field changed").option("--initial <mode>", "How to handle the first poll: snapshot | emit | skip (default: snapshot)", enumArg("--initial", INITIAL_MODES), "snapshot").addHelpText(
+  ).option("--max <n>", "Stop after N ticks (default: run until Ctrl-C)", intArg("--max", { min: 1 })).option("--once", "Stop after one tick (shorthand for --max 1)").option("--for <dur>", 'Stop after elapsed time (e.g. "5m", "30s"). Combines with --max: first limit wins.', durationArg("--for")).option("--include-unchanged", "Emit a tick even when no field changed").option("--initial <mode>", "How to handle the first poll: snapshot | emit | skip (default: snapshot)", enumArg("--initial", INITIAL_MODES), "snapshot").addHelpText(
     "after",
     `
 Default output is a human-readable table of field changes per tick; add --json
@@ -32710,6 +33424,12 @@ Examples:
   ).action(
     async (deviceIds, options) => {
       try {
+        if (options.once && options.max !== void 0) {
+          throw new UsageError("--once and --max are mutually exclusive.");
+        }
+        if (options.once) {
+          options.max = "1";
+        }
         const allIds = [...deviceIds];
         if (options.name) {
           const resolved = resolveDeviceId(void 0, options.name);
@@ -32965,7 +33685,7 @@ init_catalog();
 init_flags();
 init_client();
 function registerExpandCommand(devices) {
-  devices.command("expand").description("Send a command with semantic flags instead of raw positional parameters").argument("[deviceId]", 'Target device ID from "devices list" (or use --name)').argument("[command]", "Command name: setAll (AC), setPosition (Curtain/Blind Tilt), setMode (Relay Switch 2), setBrightness/setColor/setColorTemperature (lighting)").option("--name <query>", "Resolve device by fuzzy name instead of deviceId", stringArg("--name")).option("--name-strategy <s>", `Name match strategy: ${ALL_STRATEGIES.join("|")} (default: require-unique)`, stringArg("--name-strategy")).option("--name-type <type>", 'Narrow --name by device type (e.g. "Curtain", "Air Conditioner")', stringArg("--name-type")).option("--name-category <cat>", "Narrow --name by category: physical|ir", enumArg("--name-category", ["physical", "ir"])).option("--name-room <room>", "Narrow --name by room name (substring match)", stringArg("--name-room")).option("--temp <celsius>", "AC setAll: temperature in Celsius (16-30)", intArg("--temp", { min: 16, max: 30 })).option("--mode <mode>", "AC: auto|cool|dry|fan|heat  Curtain: default|performance|silent  Relay: toggle|edge|detached|momentary", stringArg("--mode")).option("--fan <speed>", "AC setAll: fan speed auto|low|mid|high", stringArg("--fan")).option("--power <state>", "AC setAll: on|off", stringArg("--power")).option("--position <percent>", "Curtain setPosition: 0-100 (0=open, 100=closed)", intArg("--position", { min: 0, max: 100 })).option("--direction <dir>", "Blind Tilt setPosition: up|down", stringArg("--direction")).option("--angle <percent>", "Blind Tilt setPosition: 0-100 (0=closed, 100=open)", intArg("--angle", { min: 0, max: 100 })).option("--channel <n>", "Relay Switch 2 setMode: channel 1 or 2", intArg("--channel", { min: 1, max: 2 })).option("--brightness <percent>", "setBrightness: 1-100 percent", intArg("--brightness", { min: 1, max: 100 })).option("--color <value>", "setColor: R:G:B, #RRGGBB, or named color (red, blue, etc.)", stringArg("--color")).option("--color-temp <kelvin>", "setColorTemperature: 2700-6500 Kelvin", intArg("--color-temp", { min: 2700, max: 6500 })).option("--yes", "Confirm destructive commands").addHelpText("after", `
+  devices.command("expand").description("Send a command with semantic flags instead of raw positional parameters").argument("[deviceId]", 'Target device ID from "devices list" (or use --name)').argument("[command]", "Command name: setAll (AC), setPosition (Curtain/Blind Tilt), setMode (Relay Switch 2), setBrightness/setColor/setColorTemperature (lighting)").option("--name <query>", "Resolve device by fuzzy name instead of deviceId", stringArg("--name")).option("--name-strategy <s>", `Name match strategy: ${ALL_STRATEGIES.join("|")} (default: require-unique)`, stringArg("--name-strategy")).option("--name-type <type>", 'Narrow --name by device type (e.g. "Curtain", "Air Conditioner")', stringArg("--name-type")).option("--name-category <cat>", "Narrow --name by category: physical|ir", enumArg("--name-category", ["physical", "ir"])).option("--name-room <room>", "Narrow --name by room name (substring match)", stringArg("--name-room")).option("--temp <celsius>", "AC setAll: temperature in Celsius (16-30)", intArg("--temp", { min: 16, max: 30 })).option("--mode <mode>", "AC: auto|cool|dry|fan|heat  Curtain: default|performance|silent  Relay: toggle|edge|detached|momentary", stringArg("--mode")).option("--fan <speed>", "AC setAll: fan speed auto|low|mid|high", stringArg("--fan")).option("--power <state>", "AC setAll: on|off", stringArg("--power")).option("--position <percent>", "Curtain setPosition: 0-100 (0=open, 100=closed)", intArg("--position", { min: 0, max: 100 })).option("--direction <dir>", "Blind Tilt setPosition: up|down", stringArg("--direction")).option("--angle <percent>", "Blind Tilt setPosition: 0-100 (0=closed, 100=open)", intArg("--angle", { min: 0, max: 100 })).option("--channel <n>", "Relay Switch 2 setMode: channel 1 or 2", intArg("--channel", { min: 1, max: 2 })).option("--brightness <percent>", "setBrightness: 0-100 percent (minimum depends on device)", intArg("--brightness", { min: 0, max: 100 })).option("--color <value>", "setColor: R:G:B, #RRGGBB, or named color (red, blue, etc.)", stringArg("--color")).option("--color-temp <kelvin>", "setColorTemperature: 2700-6500 Kelvin", intArg("--color-temp", { min: 2700, max: 6500 })).option("--yes", "Confirm destructive commands").addHelpText("after", `
 Translates semantic flags into the wire parameter format, then sends the command.
 
 Supported expansions:
@@ -33086,7 +33806,7 @@ Examples:
           }
         }
         if (command === "setBrightness") {
-          parameter = buildBrightnessSet(options);
+          parameter = buildBrightnessSet(options, cached2?.type);
         } else if (command === "setColor") {
           parameter = buildColorSet(options);
         } else {
@@ -33258,13 +33978,16 @@ var EXPAND_HINTS = {
   "Relay Switch 2PM": { command: "setMode", flags: "--channel 1 --mode edge" }
 };
 function annotateStatusPayload(deviceId, body) {
-  const annotated = { ...body };
+  const cached2 = getCachedDevice(deviceId);
+  const deviceType = cached2?.type ?? "";
+  const annotated = { deviceId, deviceType, ...body };
+  annotated.deviceId = deviceId;
+  annotated.deviceType = deviceType;
   if (Object.keys(body).length === 0) {
     annotated.supported = false;
     annotated.note = "this device does not expose cloud status";
     return annotated;
   }
-  const cached2 = getCachedDevice(deviceId);
   const looksLikeMeter = cached2?.type?.toLowerCase().includes("meter") ?? false;
   const staleZeroReading = looksLikeMeter && !Object.prototype.hasOwnProperty.call(body, "onlineStatus") && body.battery === 0 && body.temperature === 0 && body.humidity === 0;
   if (staleZeroReading) {
@@ -33421,7 +34144,7 @@ Examples:
         rows.push([
           d.deviceId,
           d.deviceName,
-          d.deviceType || "\u2014",
+          d.deviceType || d.controlType || "Unknown Device",
           "physical",
           d.controlType || "\u2014",
           d.familyName || "\u2014",
@@ -33767,13 +34490,7 @@ ${extra}` : extra;
       if (options.yes && !destructive && !isDryRun()) {
         console.error(`Note: --yes has no effect; "${cmd}" is not a destructive command.`);
       }
-      let parsedParam = parameter ?? "default";
-      if (parameter) {
-        try {
-          parsedParam = JSON.parse(parameter);
-        } catch {
-        }
-      }
+      const parsedParam = parseParameterForWire(parameter);
       _cmd = cmd;
       _parsedParam = parsedParam;
       const body = await executeCommand(
@@ -33970,12 +34687,19 @@ Examples:
         });
         return;
       }
+      if (result.typeSource === "controlType") {
+        const deviceName2 = device.deviceName ?? deviceId;
+        console.error(`warning: ${deviceName2} (${deviceId}): deviceType not reported by API, using controlType "${result.controlType}". Capabilities may be limited.`);
+      } else if (typeName === "Unknown Device") {
+        const deviceName2 = device.deviceName ?? deviceId;
+        console.error(`warning: ${deviceName2} (${deviceId}): neither deviceType nor controlType reported by API. Capabilities may be limited.`);
+      }
       if (isPhysical) {
         const physical = device;
         printKeyValue({
           deviceId: physical.deviceId,
           deviceName: physical.deviceName,
-          deviceType: physical.deviceType || "\u2014",
+          deviceType: physical.deviceType || physical.controlType || "Unknown Device",
           controlType: physical.controlType || "\u2014",
           family: physical.familyName || "\u2014",
           roomID: physical.roomID || "\u2014",
@@ -34154,7 +34878,7 @@ Examples:
       handleError(error48);
     }
   });
-  scenes.command("execute").description("Execute a manual scene by its ID").argument("<sceneId>", 'Scene ID from "scenes list"').addHelpText("after", `
+  scenes.command("execute").alias("run").description("Execute a manual scene by its ID").argument("<sceneId>", 'Scene ID from "scenes list"').addHelpText("after", `
 Example:
   $ switchbot scenes execute T12345678
 `).action(async (sceneId) => {
@@ -49086,6 +49810,47 @@ var EventSubscriptionManager = class {
   }
 };
 
+// src/mcp/tool-profiles.ts
+init_cjs_shim();
+var CORE_READ = [
+  "list_devices",
+  "get_device_status",
+  "get_device_history",
+  "query_device_history",
+  "list_scenes",
+  "search_catalog",
+  "describe_device",
+  "aggregate_device_history",
+  "account_overview",
+  "plan_suggest"
+];
+var CORE_ACTION = ["send_command", "run_scene", "plan_run"];
+var ADMIN = [
+  "policy_validate",
+  "policy_diff",
+  "policy_new",
+  "policy_migrate",
+  "policy_add_rule",
+  "audit_query",
+  "audit_stats",
+  "rule_notifications",
+  "rules_suggest",
+  "rules_explain",
+  "rules_simulate"
+];
+var TOOL_PROFILES = {
+  readonly: new Set(CORE_READ),
+  default: /* @__PURE__ */ new Set([...CORE_READ, ...CORE_ACTION]),
+  all: /* @__PURE__ */ new Set([...CORE_READ, ...CORE_ACTION, ...ADMIN])
+};
+var VALID_PROFILES = Object.keys(TOOL_PROFILES);
+function resolveToolProfile(name) {
+  if (!name || name === "default") return "default";
+  if (name === "readonly" || name === "all") return name;
+  const valid = VALID_PROFILES.join(", ");
+  throw new Error(`Unknown tool profile "${name}". Valid profiles: ${valid}`);
+}
+
 // src/devices/history-query.ts
 init_cjs_shim();
 import fs10 from "node:fs";
@@ -49887,15 +50652,27 @@ against the live API without executing any mutations.
       handleError(err);
     }
   });
-  plan.command("run").description("Validate + preview/execute a plan. Respects --dry-run; destructive steps require the reviewed plan flow by default").argument("[file]", 'Path to plan.json, or "-" / omit to read stdin').option("--yes", "Authorize destructive commands (e.g. Smart Lock unlock, Garage open)").option("--require-approval", "Prompt for confirmation before each destructive step (TTY only; mutually exclusive with --json)").option("--continue-on-error", "Keep running after a failed step (default: stop at first error)").action(
+  plan.command("run").description("Validate + preview/execute a plan. Respects --dry-run; destructive steps require the reviewed plan flow by default").argument("[file]", 'Path to plan.json, or "-" / omit to read stdin').option("--yes", "Authorize destructive commands (e.g. Smart Lock unlock, Garage open)").option("--require-approval", "Prompt for confirmation before each destructive step (TTY only; mutually exclusive with --json)").option("--continue-on-error", "Keep running after a failed step (default: stop at first error)").option("--plan <json>", "Inline plan JSON (alternative to file argument or stdin)").action(
     async (file2, options) => {
       if (options.requireApproval && isJsonMode()) {
         console.error("error: --require-approval cannot be used with --json (no TTY available for prompts)");
         process.exit(1);
       }
+      if (options.plan !== void 0 && file2 !== void 0) {
+        console.error("error: --plan and a file argument are mutually exclusive.");
+        process.exit(2);
+      }
       let raw;
       try {
-        raw = await readPlanSource(file2);
+        if (options.plan !== void 0) {
+          try {
+            raw = JSON.parse(options.plan);
+          } catch (err) {
+            throw new UsageError(`--plan is not valid JSON: ${err.message}`);
+          }
+        } else {
+          raw = await readPlanSource(file2);
+        }
       } catch (err) {
         handleError(err);
       }
@@ -50944,6 +51721,8 @@ function buildRiskProfile(typeName, command, commandType, isDestructive) {
 }
 function createSwitchBotMcpServer(options) {
   const eventManager = options?.eventManager;
+  const allowedTools = TOOL_PROFILES[options?.toolProfile ?? "default"];
+  const profileName = options?.toolProfile ?? "default";
   const server = new McpServer(
     {
       name: "switchbot",
@@ -50967,1075 +51746,1093 @@ Recommended bootstrap sequence:
 2. search_catalog or describe_device \u2192 confirm supported commands offline/online
 3. send_command (with confirm:true for destructive commands)
 
-API docs: https://github.com/OpenWonderLabs/SwitchBotAPI`
+API docs: https://github.com/OpenWonderLabs/SwitchBotAPI
+
+Tool profile: ${profileName} (${allowedTools.size} tools loaded).${profileName !== "all" ? " Use --tools all to access admin tools (policy, audit, rules)." : ""}`
     }
   );
-  server.registerTool(
-    "list_devices",
-    {
-      title: "List all devices on the account",
-      description: "Fetch the complete inventory of physical devices and IR remotes on this SwitchBot account. Refreshes the local metadata cache and groups devices by type. Use this as the bootstrap call to discover available deviceIds. Devices without enableCloudService cannot receive commands via API. IR remotes depend on a Hub for connectivity.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({}).strict(),
-      outputSchema: {
-        deviceList: external_exports.array(external_exports.object({
-          deviceId: external_exports.string(),
-          deviceName: external_exports.string(),
-          deviceType: external_exports.string().optional(),
-          enableCloudService: external_exports.boolean(),
-          hubDeviceId: external_exports.string(),
-          roomID: external_exports.string().optional(),
-          roomName: external_exports.string().nullable().optional(),
-          familyName: external_exports.string().optional(),
-          controlType: external_exports.string().optional()
-        }).passthrough()).describe("Physical SwitchBot devices"),
-        infraredRemoteList: external_exports.array(external_exports.object({
-          deviceId: external_exports.string(),
-          deviceName: external_exports.string(),
-          remoteType: external_exports.string(),
-          hubDeviceId: external_exports.string(),
-          controlType: external_exports.string().optional()
-        }).passthrough()).describe("IR remote devices")
-      }
-    },
-    async () => {
-      const body = await fetchDeviceList();
-      return {
-        content: [{ type: "text", text: JSON.stringify(body, null, 2) }],
-        structuredContent: {
-          deviceList: body.deviceList.map(toMcpDeviceListShape),
-          infraredRemoteList: body.infraredRemoteList.map(toMcpIrDeviceShape)
+  const skip = (name) => !allowedTools.has(name);
+  if (!skip("list_devices"))
+    server.registerTool(
+      "list_devices",
+      {
+        title: "List all devices on the account",
+        description: "Fetch the complete inventory of physical devices and IR remotes on this SwitchBot account. Refreshes the local metadata cache and groups devices by type. Use this as the bootstrap call to discover available deviceIds. Devices without enableCloudService cannot receive commands via API. IR remotes depend on a Hub for connectivity.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({}).strict(),
+        outputSchema: {
+          deviceList: external_exports.array(external_exports.object({
+            deviceId: external_exports.string(),
+            deviceName: external_exports.string(),
+            deviceType: external_exports.string().optional(),
+            enableCloudService: external_exports.boolean(),
+            hubDeviceId: external_exports.string(),
+            roomID: external_exports.string().optional(),
+            roomName: external_exports.string().nullable().optional(),
+            familyName: external_exports.string().optional(),
+            controlType: external_exports.string().optional()
+          }).passthrough()).describe("Physical SwitchBot devices"),
+          infraredRemoteList: external_exports.array(external_exports.object({
+            deviceId: external_exports.string(),
+            deviceName: external_exports.string(),
+            remoteType: external_exports.string(),
+            hubDeviceId: external_exports.string(),
+            controlType: external_exports.string().optional()
+          }).passthrough()).describe("IR remote devices")
         }
-      };
-    }
-  );
-  server.registerTool(
-    "get_device_status",
-    {
-      title: "Get live status for a device",
-      description: "Query the real-time status payload for a physical device. IR remotes have no status channel and will error.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        deviceId: external_exports.string().describe("Device ID from list_devices")
-      }).strict(),
-      outputSchema: {
-        status: external_exports.object({
-          deviceId: external_exports.string().optional(),
-          deviceType: external_exports.string().optional(),
-          hubDeviceId: external_exports.string().optional(),
-          connectionStatus: external_exports.string().optional()
-        }).passthrough().describe("Live device status (deviceId + deviceType + device-specific fields)")
-      }
-    },
-    async ({ deviceId }) => {
-      const body = await fetchDeviceStatus(deviceId);
-      return {
-        content: [{ type: "text", text: JSON.stringify(body, null, 2) }],
-        structuredContent: { status: body }
-      };
-    }
-  );
-  server.registerTool(
-    "get_device_history",
-    {
-      title: "Get locally-persisted device state history",
-      description: "Return device state history recorded from MQTT events (persisted to ~/.switchbot/device-history/). No API call \u2014 zero quota cost. Use when you need recent historical readings or want to avoid a live API call. Omit deviceId to list all devices with stored history.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        deviceId: external_exports.string().optional().describe("Device MAC address (deviceId). Omit to list all devices with history."),
-        limit: external_exports.number().int().min(1).max(100).optional().describe("Max history entries to return (default 20, max 100)")
-      }).strict(),
-      outputSchema: {
-        deviceId: external_exports.string().optional(),
-        latest: external_exports.unknown().optional(),
-        history: external_exports.array(external_exports.unknown()).optional(),
-        devices: external_exports.array(external_exports.object({ deviceId: external_exports.string(), latest: external_exports.unknown() })).optional()
-      }
-    },
-    async ({ deviceId, limit }) => {
-      if (deviceId) {
-        const latest = deviceHistoryStore.getLatest(deviceId);
-        const history = deviceHistoryStore.getHistory(deviceId, limit ?? 20);
-        const result2 = { deviceId, latest, history };
+      },
+      async () => {
+        const body = await fetchDeviceList();
         return {
-          content: [{ type: "text", text: JSON.stringify(result2, null, 2) }],
-          structuredContent: result2
+          content: [{ type: "text", text: JSON.stringify(body, null, 2) }],
+          structuredContent: {
+            deviceList: body.deviceList.map(toMcpDeviceListShape),
+            infraredRemoteList: body.infraredRemoteList.map(toMcpIrDeviceShape)
+          }
         };
       }
-      const ids = deviceHistoryStore.listDevices();
-      const devices = ids.map((id) => ({ deviceId: id, latest: deviceHistoryStore.getLatest(id) }));
-      const result = { devices };
-      return {
-        content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
-        structuredContent: result
-      };
-    }
-  );
-  server.registerTool(
-    "query_device_history",
-    {
-      title: "Query time-ranged device history",
-      description: 'Return records from the append-only JSONL history (~/.switchbot/device-history/<deviceId>.jsonl) filtered by a relative duration (since) or absolute ISO-8601 range (from/to). No API call \u2014 zero quota cost. Use for trend questions like "how many times did this switch turn on last week".',
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        deviceId: external_exports.string().describe("Device ID to query"),
-        since: external_exports.string().optional().describe('Relative window ending now, e.g. "30s", "15m", "1h", "7d". Mutually exclusive with from/to.'),
-        from: external_exports.string().optional().describe("Range start (ISO-8601)."),
-        to: external_exports.string().optional().describe("Range end (ISO-8601)."),
-        fields: external_exports.array(external_exports.string()).optional().describe("Project these payload fields; omit for the full payload."),
-        limit: external_exports.number().int().min(1).max(1e4).optional().describe("Max records to return (default 1000).")
-      }).strict(),
-      outputSchema: {
-        deviceId: external_exports.string(),
-        count: external_exports.number().int(),
-        records: external_exports.array(external_exports.object({
-          t: external_exports.string(),
-          topic: external_exports.string(),
-          deviceType: external_exports.string().optional(),
-          payload: external_exports.unknown()
-        }))
-      }
-    },
-    async ({ deviceId, since, from, to, fields, limit }) => {
-      if (since && (from || to)) {
-        return mcpError("usage", 2, "--since is mutually exclusive with --from/--to.");
+    );
+  if (!skip("get_device_status"))
+    server.registerTool(
+      "get_device_status",
+      {
+        title: "Get live status for a device",
+        description: "Query the real-time status payload for a physical device. IR remotes have no status channel and will error.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          deviceId: external_exports.string().describe("Device ID from list_devices")
+        }).strict(),
+        outputSchema: {
+          status: external_exports.object({
+            deviceId: external_exports.string().optional(),
+            deviceType: external_exports.string().optional(),
+            hubDeviceId: external_exports.string().optional(),
+            connectionStatus: external_exports.string().optional()
+          }).passthrough().describe("Live device status (deviceId + deviceType + device-specific fields)")
+        }
+      },
+      async ({ deviceId }) => {
+        const body = await fetchDeviceStatus(deviceId);
+        return {
+          content: [{ type: "text", text: JSON.stringify(body, null, 2) }],
+          structuredContent: { status: body }
+        };
       }
-      try {
-        const records = await queryDeviceHistory(deviceId, { since, from, to, fields, limit });
-        const result = { deviceId, count: records.length, records };
+    );
+  if (!skip("get_device_history"))
+    server.registerTool(
+      "get_device_history",
+      {
+        title: "Get locally-persisted device state history",
+        description: "Return device state history recorded from MQTT events (persisted to ~/.switchbot/device-history/). No API call \u2014 zero quota cost. Use when you need recent historical readings or want to avoid a live API call. Omit deviceId to list all devices with stored history.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          deviceId: external_exports.string().optional().describe("Device MAC address (deviceId). Omit to list all devices with history."),
+          limit: external_exports.number().int().min(1).max(100).optional().describe("Max history entries to return (default 20, max 100)")
+        }).strict(),
+        outputSchema: {
+          deviceId: external_exports.string().optional(),
+          latest: external_exports.unknown().optional(),
+          history: external_exports.array(external_exports.unknown()).optional(),
+          devices: external_exports.array(external_exports.object({ deviceId: external_exports.string(), latest: external_exports.unknown() })).optional()
+        }
+      },
+      async ({ deviceId, limit }) => {
+        if (deviceId) {
+          const latest = deviceHistoryStore.getLatest(deviceId);
+          const history = deviceHistoryStore.getHistory(deviceId, limit ?? 20);
+          const result2 = { deviceId, latest, history };
+          return {
+            content: [{ type: "text", text: JSON.stringify(result2, null, 2) }],
+            structuredContent: result2
+          };
+        }
+        const ids = deviceHistoryStore.listDevices();
+        const devices = ids.map((id) => ({ deviceId: id, latest: deviceHistoryStore.getLatest(id) }));
+        const result = { devices };
         return {
           content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
           structuredContent: result
         };
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : "history query failed";
-        return mcpError("usage", 2, msg);
       }
-    }
-  );
-  server.registerTool(
-    "send_command",
-    {
-      title: "Send a control command to a device",
-      description: "Execute a control command on a device (turnOn, setColor, startClean, unlock, openDoor, createKey, etc.). Destructive commands require confirm:true and are still blocked in the default safety profile; use the reviewed plan workflow unless an explicit dev profile allows direct execution. Commands are validated offline against the device catalog. Use idempotencyKey to safely deduplicate retries within 60 seconds.",
-      _meta: { agentSafetyTier: "action" },
-      inputSchema: external_exports.object({
-        deviceId: external_exports.string().describe("Device ID from list_devices"),
-        command: external_exports.string().describe("Command name, case-sensitive (e.g. turnOn, setColor, unlock)"),
-        parameter: external_exports.union([external_exports.string(), external_exports.number(), external_exports.boolean(), external_exports.record(external_exports.string(), external_exports.unknown()), external_exports.array(external_exports.unknown())]).optional().describe("Command parameter. Omit for no-arg commands."),
-        commandType: external_exports.enum(["command", "customize"]).optional().default("command").describe('"command" for built-in commands; "customize" for user-defined IR buttons'),
-        confirm: external_exports.boolean().optional().default(false).describe("Required true for destructive commands (unlock, garage open, createKey, ...)"),
-        idempotencyKey: external_exports.string().optional().describe(
-          "Deduplication key \u2014 repeat calls with the same key within 60s replay the first result (adds replayed:true). Same key + different (command, parameter) within 60s returns an idempotency_conflict guard error."
-        ),
-        dryRun: external_exports.boolean().optional().describe("When true, do not call the API \u2014 return { ok:true, dryRun:true, wouldSend:{...} } instead.")
-      }).strict(),
-      outputSchema: {
-        ok: external_exports.literal(true),
-        command: external_exports.string().optional(),
-        deviceId: external_exports.string().optional(),
-        result: external_exports.unknown().optional().describe("API response body from SwitchBot (absent on dryRun)"),
-        riskProfile: external_exports.object({
-          riskLevel: external_exports.enum(["high", "medium", "low"]),
-          requiresConfirmation: external_exports.boolean(),
-          supportsDryRun: external_exports.literal(true),
-          idempotencyHint: external_exports.enum(["safe", "non-idempotent"]),
-          recommendedMode: external_exports.enum(["review-before-execute", "plan", "direct"])
-        }).optional().describe(
-          'Device+command-specific risk metadata. riskLevel:"high" means confirm:true was required. Always present on dryRun responses so agents can preview risk before committing.'
-        ),
-        verification: external_exports.object({
-          verifiable: external_exports.boolean(),
-          reason: external_exports.string(),
-          suggestedFollowup: external_exports.string()
-        }).optional().describe(
-          'Present when the target is an IR device. IR is unidirectional \u2014 agents should treat the success as "signal sent" not "state changed".'
-        ),
-        dryRun: external_exports.literal(true).optional().describe("Present when dryRun:true was requested"),
-        wouldSend: external_exports.object({
+    );
+  if (!skip("query_device_history"))
+    server.registerTool(
+      "query_device_history",
+      {
+        title: "Query time-ranged device history",
+        description: 'Return records from the append-only JSONL history (~/.switchbot/device-history/<deviceId>.jsonl) filtered by a relative duration (since) or absolute ISO-8601 range (from/to). No API call \u2014 zero quota cost. Use for trend questions like "how many times did this switch turn on last week".',
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          deviceId: external_exports.string().describe("Device ID to query"),
+          since: external_exports.string().optional().describe('Relative window ending now, e.g. "30s", "15m", "1h", "7d". Mutually exclusive with from/to.'),
+          from: external_exports.string().optional().describe("Range start (ISO-8601)."),
+          to: external_exports.string().optional().describe("Range end (ISO-8601)."),
+          fields: external_exports.array(external_exports.string()).optional().describe("Project these payload fields; omit for the full payload."),
+          limit: external_exports.number().int().min(1).max(1e4).optional().describe("Max records to return (default 1000).")
+        }).strict(),
+        outputSchema: {
           deviceId: external_exports.string(),
-          command: external_exports.string(),
-          parameter: external_exports.unknown(),
-          commandType: external_exports.string()
-        }).optional().describe("The request shape that would have been POSTed (present when dryRun:true)")
+          count: external_exports.number().int(),
+          records: external_exports.array(external_exports.object({
+            t: external_exports.string(),
+            topic: external_exports.string(),
+            deviceType: external_exports.string().optional(),
+            payload: external_exports.unknown()
+          }))
+        }
+      },
+      async ({ deviceId, since, from, to, fields, limit }) => {
+        if (since && (from || to)) {
+          return mcpError("usage", 2, "--since is mutually exclusive with --from/--to.");
+        }
+        try {
+          const records = await queryDeviceHistory(deviceId, { since, from, to, fields, limit });
+          const result = { deviceId, count: records.length, records };
+          return {
+            content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+            structuredContent: result
+          };
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : "history query failed";
+          return mcpError("usage", 2, msg);
+        }
       }
-    },
-    async ({ deviceId, command, parameter, commandType, confirm, idempotencyKey, dryRun }) => {
-      const effectiveType = commandType ?? "command";
-      let effectiveCommand = command;
-      let effectiveParameter = parameter;
-      const stringifiedParam = parameter === void 0 ? void 0 : typeof parameter === "string" ? parameter : JSON.stringify(parameter);
-      if (dryRun) {
-        const cached2 = getCachedDevice(deviceId);
-        if (!cached2) {
-          return mcpError("usage", 2, `Device "${deviceId}" not found in local cache.`, {
-            subKind: "device-not-found",
-            hint: "Run 'list_devices' first to warm the cache, then retry with dryRun:true.",
-            context: { deviceId }
-          });
+    );
+  if (!skip("send_command"))
+    server.registerTool(
+      "send_command",
+      {
+        title: "Send a control command to a device",
+        description: "Execute a control command on a device (turnOn, setColor, startClean, unlock, openDoor, createKey, etc.). Destructive commands require confirm:true and are still blocked in the default safety profile; use the reviewed plan workflow unless an explicit dev profile allows direct execution. Commands are validated offline against the device catalog. Use idempotencyKey to safely deduplicate retries within 60 seconds.",
+        _meta: { agentSafetyTier: "action" },
+        inputSchema: external_exports.object({
+          deviceId: external_exports.string().describe("Device ID from list_devices"),
+          command: external_exports.string().describe("Command name, case-sensitive (e.g. turnOn, setColor, unlock)"),
+          parameter: external_exports.union([external_exports.string(), external_exports.number(), external_exports.boolean(), external_exports.record(external_exports.string(), external_exports.unknown()), external_exports.array(external_exports.unknown())]).optional().describe("Command parameter. Omit for no-arg commands."),
+          commandType: external_exports.enum(["command", "customize"]).optional().default("command").describe('"command" for built-in commands; "customize" for user-defined IR buttons'),
+          confirm: external_exports.boolean().optional().default(false).describe("Required true for destructive commands (unlock, garage open, createKey, ...)"),
+          idempotencyKey: external_exports.string().optional().describe(
+            "Deduplication key \u2014 repeat calls with the same key within 60s replay the first result (adds replayed:true). Same key + different (command, parameter) within 60s returns an idempotency_conflict guard error."
+          ),
+          dryRun: external_exports.boolean().optional().describe("When true, do not call the API \u2014 return { ok:true, dryRun:true, wouldSend:{...} } instead.")
+        }).strict(),
+        outputSchema: {
+          ok: external_exports.literal(true),
+          command: external_exports.string().optional(),
+          deviceId: external_exports.string().optional(),
+          result: external_exports.unknown().optional().describe("API response body from SwitchBot (absent on dryRun)"),
+          riskProfile: external_exports.object({
+            riskLevel: external_exports.enum(["high", "medium", "low"]),
+            requiresConfirmation: external_exports.boolean(),
+            supportsDryRun: external_exports.literal(true),
+            idempotencyHint: external_exports.enum(["safe", "non-idempotent"]),
+            recommendedMode: external_exports.enum(["review-before-execute", "plan", "direct"])
+          }).optional().describe(
+            'Device+command-specific risk metadata. riskLevel:"high" means confirm:true was required. Always present on dryRun responses so agents can preview risk before committing.'
+          ),
+          verification: external_exports.object({
+            verifiable: external_exports.boolean(),
+            reason: external_exports.string(),
+            suggestedFollowup: external_exports.string()
+          }).optional().describe(
+            'Present when the target is an IR device. IR is unidirectional \u2014 agents should treat the success as "signal sent" not "state changed".'
+          ),
+          dryRun: external_exports.literal(true).optional().describe("Present when dryRun:true was requested"),
+          wouldSend: external_exports.object({
+            deviceId: external_exports.string(),
+            command: external_exports.string(),
+            parameter: external_exports.unknown(),
+            commandType: external_exports.string()
+          }).optional().describe("The request shape that would have been POSTed (present when dryRun:true)")
         }
-        const dryValidation = validateCommand(deviceId, effectiveCommand, stringifiedParam, effectiveType);
-        if (!dryValidation.ok) {
+      },
+      async ({ deviceId, command, parameter, commandType, confirm, idempotencyKey, dryRun }) => {
+        const effectiveType = commandType ?? "command";
+        let effectiveCommand = command;
+        let effectiveParameter = parameter;
+        const stringifiedParam = parameter === void 0 ? void 0 : typeof parameter === "string" ? parameter : JSON.stringify(parameter);
+        if (dryRun) {
+          const cached2 = getCachedDevice(deviceId);
+          if (!cached2) {
+            return mcpError("usage", 2, `Device "${deviceId}" not found in local cache.`, {
+              subKind: "device-not-found",
+              hint: "Run 'list_devices' first to warm the cache, then retry with dryRun:true.",
+              context: { deviceId }
+            });
+          }
+          const dryValidation = validateCommand(deviceId, effectiveCommand, stringifiedParam, effectiveType);
+          if (!dryValidation.ok) {
+            return mcpError(
+              "usage",
+              2,
+              dryValidation.error.message,
+              {
+                hint: dryValidation.error.hint,
+                context: {
+                  validationKind: dryValidation.error.kind,
+                  deviceType: cached2.type,
+                  command: effectiveCommand
+                }
+              }
+            );
+          }
+          if (dryValidation.normalized) {
+            effectiveCommand = dryValidation.normalized;
+          }
+          if (effectiveType !== "customize") {
+            const pv = validateParameter(cached2.type, effectiveCommand, stringifiedParam);
+            if (!pv.ok) {
+              return mcpError("usage", 2, pv.error, {
+                hint: "Dry-run rejected the parameter client-side; the API would reject it too.",
+                context: { deviceType: cached2.type, command: effectiveCommand, parameter: stringifiedParam }
+              });
+            }
+            if (pv.normalized !== void 0) {
+              effectiveParameter = parseParameterForWire(pv.normalized);
+            }
+          }
+          const wouldSend = {
+            deviceId,
+            command: effectiveCommand,
+            parameter: effectiveParameter ?? "default",
+            commandType: effectiveType
+          };
+          const dryIsDestructive = isDestructiveCommand(cached2.type, effectiveCommand, effectiveType);
+          const dryRiskProfile = buildRiskProfile(cached2.type, effectiveCommand, effectiveType, dryIsDestructive);
+          const structured2 = { ok: true, dryRun: true, riskProfile: dryRiskProfile, wouldSend };
+          return {
+            content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
+            structuredContent: structured2
+          };
+        }
+        let typeName = getCachedDevice(deviceId)?.type;
+        if (!typeName) {
+          const body = await fetchDeviceList();
+          const physical = body.deviceList.find((d) => d.deviceId === deviceId);
+          const ir = body.infraredRemoteList.find((d) => d.deviceId === deviceId);
+          if (!physical && !ir) {
+            return mcpError("runtime", 152, `Device not found: ${deviceId}`, {
+              hint: "Check the deviceId with 'switchbot devices list' (IDs are case-sensitive)."
+            });
+          }
+          typeName = physical ? physical.deviceType : ir.remoteType;
+        }
+        const destructive = isDestructiveCommand(typeName, effectiveCommand, effectiveType);
+        if (destructive && !allowsDirectDestructiveExecution()) {
+          const reason = getDestructiveReason(typeName, effectiveCommand, effectiveType);
           return mcpError(
-            "usage",
-            2,
-            dryValidation.error.message,
+            "guard",
+            3,
+            `Direct destructive execution is disabled for command "${effectiveCommand}" on device type "${typeName}".`,
             {
-              hint: dryValidation.error.hint,
+              hint: reason ? `${destructiveExecutionHint()} Reason: ${reason}` : destructiveExecutionHint(),
               context: {
-                validationKind: dryValidation.error.kind,
-                deviceType: cached2.type,
-                command: effectiveCommand
+                command: effectiveCommand,
+                deviceType: typeName,
+                directExecutionAllowed: false,
+                requiredWorkflow: "plan-approval",
+                ...reason ? { safetyReason: reason, destructiveReason: reason } : {}
               }
             }
           );
         }
-        if (dryValidation.normalized) {
-          effectiveCommand = dryValidation.normalized;
+        if (destructive && !confirm) {
+          const reason = getDestructiveReason(typeName, effectiveCommand, effectiveType);
+          const entry = typeName ? findCatalogEntry(typeName) : null;
+          const spec = entry && !Array.isArray(entry) ? entry.commands.find((c) => c.command === effectiveCommand) : void 0;
+          const hint = reason ? `Re-issue with confirm:true after confirming with the user. Reason: ${reason}` : "Re-issue the call with confirm:true to proceed.";
+          return mcpError(
+            "guard",
+            3,
+            `Command "${effectiveCommand}" on device type "${typeName}" is destructive and requires confirm:true.`,
+            {
+              hint,
+              context: {
+                command: effectiveCommand,
+                deviceType: typeName,
+                description: spec?.description ?? null,
+                ...reason ? { safetyReason: reason, destructiveReason: reason } : {}
+              }
+            }
+          );
+        }
+        const validation = validateCommand(deviceId, effectiveCommand, stringifiedParam, effectiveType);
+        if (!validation.ok) {
+          return mcpError(
+            "usage",
+            2,
+            validation.error.message,
+            {
+              hint: validation.error.hint,
+              context: { validationKind: validation.error.kind, deviceType: typeName, command: effectiveCommand }
+            }
+          );
+        }
+        if (validation.normalized) {
+          effectiveCommand = validation.normalized;
         }
         if (effectiveType !== "customize") {
-          const pv = validateParameter(cached2.type, effectiveCommand, stringifiedParam);
+          const pv = validateParameter(typeName, effectiveCommand, stringifiedParam);
           if (!pv.ok) {
             return mcpError("usage", 2, pv.error, {
-              hint: "Dry-run rejected the parameter client-side; the API would reject it too.",
-              context: { deviceType: cached2.type, command: effectiveCommand, parameter: stringifiedParam }
+              context: { deviceType: typeName, command: effectiveCommand, parameter: stringifiedParam, validationKind: "param-out-of-range" }
             });
           }
           if (pv.normalized !== void 0) {
-            effectiveParameter = pv.normalized;
+            effectiveParameter = parseParameterForWire(pv.normalized);
           }
         }
-        const wouldSend = {
-          deviceId,
-          command: effectiveCommand,
-          parameter: effectiveParameter ?? "default",
-          commandType: effectiveType
-        };
-        const dryIsDestructive = isDestructiveCommand(cached2.type, effectiveCommand, effectiveType);
-        const dryRiskProfile = buildRiskProfile(cached2.type, effectiveCommand, effectiveType, dryIsDestructive);
-        const structured2 = { ok: true, dryRun: true, riskProfile: dryRiskProfile, wouldSend };
+        let result;
+        try {
+          result = await executeCommand(deviceId, effectiveCommand, effectiveParameter, effectiveType, void 0, {
+            idempotencyKey
+          });
+        } catch (err) {
+          if (err instanceof Error && err.name === "IdempotencyConflictError") {
+            return mcpError("guard", 2, err.message, {
+              hint: "Use a fresh idempotencyKey, or wait for the prior key to expire (60s TTL).",
+              context: {
+                existingShape: err.existingShape,
+                newShape: err.newShape
+              }
+            });
+          }
+          return apiErrorToMcpError(err);
+        }
+        const isIr = getCachedDevice(deviceId)?.category === "ir";
+        const liveIsDestructive = destructive;
+        const riskProfile = buildRiskProfile(typeName, effectiveCommand, effectiveType, liveIsDestructive);
+        const structured = { ok: true, command: effectiveCommand, deviceId, result, riskProfile };
+        if (isIr) {
+          structured.verification = {
+            verifiable: false,
+            reason: "IR transmission is unidirectional; no receipt acknowledgment is possible.",
+            suggestedFollowup: "Confirm visible change manually or via a paired state sensor."
+          };
+        }
         return {
-          content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
-          structuredContent: structured2
+          content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
+          structuredContent: structured
         };
       }
-      let typeName = getCachedDevice(deviceId)?.type;
-      if (!typeName) {
-        const body = await fetchDeviceList();
-        const physical = body.deviceList.find((d) => d.deviceId === deviceId);
-        const ir = body.infraredRemoteList.find((d) => d.deviceId === deviceId);
-        if (!physical && !ir) {
-          return mcpError("runtime", 152, `Device not found: ${deviceId}`, {
-            hint: "Check the deviceId with 'switchbot devices list' (IDs are case-sensitive)."
-          });
+    );
+  if (!skip("run_scene"))
+    server.registerTool(
+      "run_scene",
+      {
+        title: "Execute a manual scene",
+        description: "Execute a manual SwitchBot scene by its sceneId (from list_scenes).",
+        _meta: { agentSafetyTier: "action" },
+        inputSchema: external_exports.object({
+          sceneId: external_exports.string().describe("Scene ID from list_scenes"),
+          dryRun: external_exports.boolean().optional().describe("When true, do not call the API \u2014 return { ok:true, dryRun:true, wouldSend:{...} } instead.")
+        }).strict(),
+        outputSchema: {
+          ok: external_exports.literal(true),
+          sceneId: external_exports.string().optional(),
+          dryRun: external_exports.literal(true).optional().describe("Present when dryRun:true was requested"),
+          wouldSend: external_exports.object({
+            sceneId: external_exports.string()
+          }).optional().describe("The request shape that would have been POSTed (present when dryRun:true)")
         }
-        typeName = physical ? physical.deviceType : ir.remoteType;
-      }
-      const destructive = isDestructiveCommand(typeName, effectiveCommand, effectiveType);
-      if (destructive && !allowsDirectDestructiveExecution()) {
-        const reason = getDestructiveReason(typeName, effectiveCommand, effectiveType);
-        return mcpError(
-          "guard",
-          3,
-          `Direct destructive execution is disabled for command "${effectiveCommand}" on device type "${typeName}".`,
-          {
-            hint: reason ? `${destructiveExecutionHint()} Reason: ${reason}` : destructiveExecutionHint(),
-            context: {
-              command: effectiveCommand,
-              deviceType: typeName,
-              directExecutionAllowed: false,
-              requiredWorkflow: "plan-approval",
-              ...reason ? { safetyReason: reason, destructiveReason: reason } : {}
-            }
-          }
-        );
-      }
-      if (destructive && !confirm) {
-        const reason = getDestructiveReason(typeName, effectiveCommand, effectiveType);
-        const entry = typeName ? findCatalogEntry(typeName) : null;
-        const spec = entry && !Array.isArray(entry) ? entry.commands.find((c) => c.command === effectiveCommand) : void 0;
-        const hint = reason ? `Re-issue with confirm:true after confirming with the user. Reason: ${reason}` : "Re-issue the call with confirm:true to proceed.";
-        return mcpError(
-          "guard",
-          3,
-          `Command "${effectiveCommand}" on device type "${typeName}" is destructive and requires confirm:true.`,
-          {
-            hint,
-            context: {
-              command: effectiveCommand,
-              deviceType: typeName,
-              description: spec?.description ?? null,
-              ...reason ? { safetyReason: reason, destructiveReason: reason } : {}
-            }
+      },
+      async ({ sceneId, dryRun }) => {
+        if (dryRun) {
+          let scenes = [];
+          try {
+            scenes = await fetchScenes();
+          } catch {
           }
-        );
-      }
-      const validation = validateCommand(deviceId, effectiveCommand, stringifiedParam, effectiveType);
-      if (!validation.ok) {
-        return mcpError(
-          "usage",
-          2,
-          validation.error.message,
-          {
-            hint: validation.error.hint,
-            context: { validationKind: validation.error.kind, deviceType: typeName, command: effectiveCommand }
+          const found = scenes.find((s2) => s2.sceneId === sceneId);
+          if (scenes.length > 0 && !found) {
+            return mcpError("usage", 2, `Scene not found: ${sceneId}`, {
+              subKind: "scene-not-found",
+              hint: "Check the sceneId with 'list_scenes' (IDs are case-sensitive).",
+              context: { sceneId, candidates: scenes.map((s2) => ({ sceneId: s2.sceneId, sceneName: s2.sceneName })).slice(0, 5) }
+            });
           }
-        );
-      }
-      if (validation.normalized) {
-        effectiveCommand = validation.normalized;
-      }
-      if (effectiveType !== "customize") {
-        const pv = validateParameter(typeName, effectiveCommand, stringifiedParam);
-        if (!pv.ok) {
-          return mcpError("usage", 2, pv.error, {
-            context: { deviceType: typeName, command: effectiveCommand, parameter: stringifiedParam, validationKind: "param-out-of-range" }
-          });
+          const wouldSend = { sceneId, sceneName: found?.sceneName ?? null };
+          const structured2 = { ok: true, dryRun: true, wouldSend };
+          return {
+            content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
+            structuredContent: structured2
+          };
         }
-        if (pv.normalized !== void 0) {
-          effectiveParameter = pv.normalized;
+        try {
+          await executeScene(sceneId);
+        } catch (err) {
+          return apiErrorToMcpError(err);
         }
+        const structured = { ok: true, sceneId };
+        return {
+          content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
+          structuredContent: structured
+        };
       }
-      let result;
-      try {
-        result = await executeCommand(deviceId, effectiveCommand, effectiveParameter, effectiveType, void 0, {
-          idempotencyKey
-        });
-      } catch (err) {
-        if (err instanceof Error && err.name === "IdempotencyConflictError") {
-          return mcpError("guard", 2, err.message, {
-            hint: "Use a fresh idempotencyKey, or wait for the prior key to expire (60s TTL).",
-            context: {
-              existingShape: err.existingShape,
-              newShape: err.newShape
-            }
-          });
+    );
+  if (!skip("list_scenes"))
+    server.registerTool(
+      "list_scenes",
+      {
+        title: "List all manual scenes",
+        description: "Fetch all manual scenes configured in the SwitchBot app.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({}).strict(),
+        outputSchema: {
+          scenes: external_exports.array(external_exports.object({ sceneId: external_exports.string(), sceneName: external_exports.string() }))
         }
-        return apiErrorToMcpError(err);
-      }
-      const isIr = getCachedDevice(deviceId)?.category === "ir";
-      const liveIsDestructive = destructive;
-      const riskProfile = buildRiskProfile(typeName, effectiveCommand, effectiveType, liveIsDestructive);
-      const structured = { ok: true, command: effectiveCommand, deviceId, result, riskProfile };
-      if (isIr) {
-        structured.verification = {
-          verifiable: false,
-          reason: "IR transmission is unidirectional; no receipt acknowledgment is possible.",
-          suggestedFollowup: "Confirm visible change manually or via a paired state sensor."
+      },
+      async () => {
+        const scenes = await fetchScenes();
+        return {
+          content: [{ type: "text", text: JSON.stringify(scenes, null, 2) }],
+          structuredContent: { scenes }
         };
       }
-      return {
-        content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
-        structuredContent: structured
-      };
-    }
-  );
-  server.registerTool(
-    "run_scene",
-    {
-      title: "Execute a manual scene",
-      description: "Execute a manual SwitchBot scene by its sceneId (from list_scenes).",
-      _meta: { agentSafetyTier: "action" },
-      inputSchema: external_exports.object({
-        sceneId: external_exports.string().describe("Scene ID from list_scenes"),
-        dryRun: external_exports.boolean().optional().describe("When true, do not call the API \u2014 return { ok:true, dryRun:true, wouldSend:{...} } instead.")
-      }).strict(),
-      outputSchema: {
-        ok: external_exports.literal(true),
-        sceneId: external_exports.string().optional(),
-        dryRun: external_exports.literal(true).optional().describe("Present when dryRun:true was requested"),
-        wouldSend: external_exports.object({
-          sceneId: external_exports.string()
-        }).optional().describe("The request shape that would have been POSTed (present when dryRun:true)")
-      }
-    },
-    async ({ sceneId, dryRun }) => {
-      if (dryRun) {
-        let scenes = [];
-        try {
-          scenes = await fetchScenes();
-        } catch {
+    );
+  if (!skip("search_catalog"))
+    server.registerTool(
+      "search_catalog",
+      {
+        title: "Search the offline device catalog",
+        description: "Search the built-in device catalog by type name or alias. Returns matching entries with their commands, roles, destructive flags, and status fields. No API call.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          query: external_exports.string().describe("Search query (matches type and aliases, case-insensitive). Must be non-empty; use list_catalog_types to enumerate instead."),
+          limit: external_exports.number().int().min(1).max(100).optional().default(20).describe("Max entries returned (default 20)")
+        }).strict(),
+        outputSchema: {
+          results: external_exports.array(external_exports.object({
+            type: external_exports.string(),
+            category: external_exports.enum(["physical", "ir"]),
+            commands: external_exports.array(external_exports.object({
+              command: external_exports.string(),
+              parameter: external_exports.string(),
+              description: external_exports.string(),
+              commandType: external_exports.enum(["command", "customize"]).optional(),
+              idempotent: external_exports.boolean().optional(),
+              safetyTier: external_exports.enum(["read", "mutation", "ir-fire-forget", "destructive", "maintenance"]).optional(),
+              safetyReason: external_exports.string().optional()
+            }).passthrough()),
+            aliases: external_exports.array(external_exports.string()).optional(),
+            statusFields: external_exports.array(external_exports.string()).optional(),
+            role: external_exports.string().optional(),
+            readOnly: external_exports.boolean().optional()
+          }).passthrough()).describe("Matching catalog entries"),
+          total: external_exports.number().int().describe("Number of entries returned")
         }
-        const found = scenes.find((s2) => s2.sceneId === sceneId);
-        if (scenes.length > 0 && !found) {
-          return mcpError("usage", 2, `Scene not found: ${sceneId}`, {
-            subKind: "scene-not-found",
-            hint: "Check the sceneId with 'list_scenes' (IDs are case-sensitive).",
-            context: { sceneId, candidates: scenes.map((s2) => ({ sceneId: s2.sceneId, sceneName: s2.sceneName })).slice(0, 5) }
-          });
+      },
+      async ({ query, limit }) => {
+        if (query.trim() === "") {
+          return mcpError(
+            "usage",
+            2,
+            "search_catalog requires a non-empty query.",
+            {
+              hint: "Pass a search term like 'Bot' or 'Hub', or call list_catalog_types to enumerate all types without a query."
+            }
+          );
         }
-        const wouldSend = { sceneId, sceneName: found?.sceneName ?? null };
-        const structured2 = { ok: true, dryRun: true, wouldSend };
+        const hits = searchCatalog(query, limit);
+        const normalised = hits.map((e) => ({
+          ...e,
+          commands: e.commands.map((c) => {
+            const tier = deriveSafetyTier(c, e);
+            const reason = getCommandSafetyReason(c);
+            return {
+              ...c,
+              safetyTier: tier,
+              ...reason ? { safetyReason: reason } : {}
+            };
+          })
+        }));
+        const structured = { results: normalised, total: normalised.length };
         return {
-          content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
-          structuredContent: structured2
+          content: [{ type: "text", text: JSON.stringify(normalised, null, 2) }],
+          structuredContent: structured
         };
       }
-      try {
-        await executeScene(sceneId);
-      } catch (err) {
-        return apiErrorToMcpError(err);
-      }
-      const structured = { ok: true, sceneId };
-      return {
-        content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
-        structuredContent: structured
-      };
-    }
-  );
-  server.registerTool(
-    "list_scenes",
-    {
-      title: "List all manual scenes",
-      description: "Fetch all manual scenes configured in the SwitchBot app.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({}).strict(),
-      outputSchema: {
-        scenes: external_exports.array(external_exports.object({ sceneId: external_exports.string(), sceneName: external_exports.string() }))
-      }
-    },
-    async () => {
-      const scenes = await fetchScenes();
-      return {
-        content: [{ type: "text", text: JSON.stringify(scenes, null, 2) }],
-        structuredContent: { scenes }
-      };
-    }
-  );
-  server.registerTool(
-    "search_catalog",
-    {
-      title: "Search the offline device catalog",
-      description: "Search the built-in device catalog by type name or alias. Returns matching entries with their commands, roles, destructive flags, and status fields. No API call.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        query: external_exports.string().describe("Search query (matches type and aliases, case-insensitive). Must be non-empty; use list_catalog_types to enumerate instead."),
-        limit: external_exports.number().int().min(1).max(100).optional().default(20).describe("Max entries returned (default 20)")
-      }).strict(),
-      outputSchema: {
-        results: external_exports.array(external_exports.object({
-          type: external_exports.string(),
-          category: external_exports.enum(["physical", "ir"]),
-          commands: external_exports.array(external_exports.object({
-            command: external_exports.string(),
-            parameter: external_exports.string(),
-            description: external_exports.string(),
-            commandType: external_exports.enum(["command", "customize"]).optional(),
-            idempotent: external_exports.boolean().optional(),
-            safetyTier: external_exports.enum(["read", "mutation", "ir-fire-forget", "destructive", "maintenance"]).optional(),
-            safetyReason: external_exports.string().optional()
-          }).passthrough()),
-          aliases: external_exports.array(external_exports.string()).optional(),
-          statusFields: external_exports.array(external_exports.string()).optional(),
-          role: external_exports.string().optional(),
-          readOnly: external_exports.boolean().optional()
-        }).passthrough()).describe("Matching catalog entries"),
-        total: external_exports.number().int().describe("Number of entries returned")
-      }
-    },
-    async ({ query, limit }) => {
-      if (query.trim() === "") {
-        return mcpError(
-          "usage",
-          2,
-          "search_catalog requires a non-empty query.",
-          {
-            hint: "Pass a search term like 'Bot' or 'Hub', or call list_catalog_types to enumerate all types without a query."
-          }
-        );
-      }
-      const hits = searchCatalog(query, limit);
-      const normalised = hits.map((e) => ({
-        ...e,
-        commands: e.commands.map((c) => {
-          const tier = deriveSafetyTier(c, e);
-          const reason = getCommandSafetyReason(c);
+    );
+  if (!skip("describe_device"))
+    server.registerTool(
+      "describe_device",
+      {
+        title: "Describe a specific device",
+        description: "Resolve a deviceId to its metadata + catalog entry + suggested safe actions. Pass live:true to also fetch real-time status values.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          deviceId: external_exports.string().describe("Device ID from list_devices"),
+          live: external_exports.boolean().optional().default(false).describe("Also fetch live /status values (costs 1 extra API call)")
+        }).strict(),
+        outputSchema: {
+          device: external_exports.object({
+            device: external_exports.object({ deviceId: external_exports.string(), deviceName: external_exports.string() }).passthrough(),
+            isPhysical: external_exports.boolean(),
+            typeName: external_exports.string(),
+            controlType: external_exports.string().nullable(),
+            source: external_exports.enum(["catalog", "live", "catalog+live", "none"]),
+            capabilities: external_exports.unknown().nullable(),
+            suggestedActions: external_exports.array(external_exports.object({
+              command: external_exports.string(),
+              parameter: external_exports.string().optional(),
+              description: external_exports.string()
+            })).optional(),
+            inheritedLocation: external_exports.object({
+              family: external_exports.string().optional(),
+              room: external_exports.string().optional()
+            }).optional()
+          }).passthrough().describe("Device metadata, catalog entry, capabilities, and optional live status")
+        }
+      },
+      async ({ deviceId, live }) => {
+        try {
+          const result = await describeDevice(deviceId, { live });
           return {
-            ...c,
-            safetyTier: tier,
-            ...reason ? { safetyReason: reason } : {}
+            content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+            structuredContent: { device: toMcpDescribeShape(result) }
           };
-        })
-      }));
-      const structured = { results: normalised, total: normalised.length };
-      return {
-        content: [{ type: "text", text: JSON.stringify(normalised, null, 2) }],
-        structuredContent: structured
-      };
-    }
-  );
-  server.registerTool(
-    "describe_device",
-    {
-      title: "Describe a specific device",
-      description: "Resolve a deviceId to its metadata + catalog entry + suggested safe actions. Pass live:true to also fetch real-time status values.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        deviceId: external_exports.string().describe("Device ID from list_devices"),
-        live: external_exports.boolean().optional().default(false).describe("Also fetch live /status values (costs 1 extra API call)")
-      }).strict(),
-      outputSchema: {
-        device: external_exports.object({
-          device: external_exports.object({ deviceId: external_exports.string(), deviceName: external_exports.string() }).passthrough(),
-          isPhysical: external_exports.boolean(),
-          typeName: external_exports.string(),
-          controlType: external_exports.string().nullable(),
-          source: external_exports.enum(["catalog", "live", "catalog+live", "none"]),
-          capabilities: external_exports.unknown().nullable(),
-          suggestedActions: external_exports.array(external_exports.object({
-            command: external_exports.string(),
-            parameter: external_exports.string().optional(),
-            description: external_exports.string()
-          })).optional(),
-          inheritedLocation: external_exports.object({
-            family: external_exports.string().optional(),
-            room: external_exports.string().optional()
-          }).optional()
-        }).passthrough().describe("Device metadata, catalog entry, capabilities, and optional live status")
+        } catch (err) {
+          if (err instanceof DeviceNotFoundError) {
+            return mcpError("runtime", 152, err.message, {
+              hint: "Check the deviceId with 'switchbot devices list' (IDs are case-sensitive).",
+              context: { deviceId }
+            });
+          }
+          return apiErrorToMcpError(err);
+        }
       }
-    },
-    async ({ deviceId, live }) => {
-      try {
-        const result = await describeDevice(deviceId, { live });
+    );
+  if (!skip("aggregate_device_history"))
+    server.registerTool(
+      "aggregate_device_history",
+      {
+        title: "Aggregate device history",
+        description: "Bucketed statistics (count/min/max/avg/sum/p50/p95) over JSONL-recorded device history. Read-only; no network calls.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          deviceId: external_exports.string().min(1).describe("Device ID to aggregate over (must exist in ~/.switchbot/device-history/)."),
+          since: external_exports.string().optional().describe('Relative window ending now, e.g. "30s", "15m", "1h", "7d". Mutually exclusive with from/to.'),
+          from: external_exports.string().optional().describe("Range start (ISO-8601). Requires `to`."),
+          to: external_exports.string().optional().describe("Range end (ISO-8601). Requires `from`."),
+          metrics: external_exports.array(external_exports.string().min(1)).min(1).describe('One or more numeric payload field names to aggregate (e.g. ["temperature","humidity"]).'),
+          aggs: external_exports.array(external_exports.enum(ALL_AGG_FNS)).optional().describe('Aggregation functions to apply per metric (default: ["count","avg"]).'),
+          bucket: external_exports.string().optional().describe('Bucket width like "5m", "1h", "1d". Omit for a single bucket spanning the full range.'),
+          maxBucketSamples: external_exports.number().int().positive().max(MAX_SAMPLE_CAP).optional().describe(`Sample cap per bucket to bound memory (default ${1e4}, max ${MAX_SAMPLE_CAP}). partial=true in the result when any bucket was capped.`)
+        }).strict(),
+        outputSchema: {
+          deviceId: external_exports.string(),
+          bucket: external_exports.string().optional().describe("Bucket width echoed back when specified; omitted for single-bucket results."),
+          from: external_exports.string().describe("Effective range start (ISO-8601)."),
+          to: external_exports.string().describe("Effective range end (ISO-8601)."),
+          metrics: external_exports.array(external_exports.string()).describe("Metrics that were requested."),
+          aggs: external_exports.array(external_exports.enum(ALL_AGG_FNS)).describe("Aggregation functions that were applied."),
+          buckets: external_exports.array(
+            external_exports.object({
+              t: external_exports.string().describe("Bucket start timestamp (ISO-8601)."),
+              metrics: external_exports.record(
+                external_exports.string(),
+                external_exports.object({
+                  count: external_exports.number().optional(),
+                  min: external_exports.number().optional(),
+                  max: external_exports.number().optional(),
+                  avg: external_exports.number().optional(),
+                  sum: external_exports.number().optional(),
+                  p50: external_exports.number().optional(),
+                  p95: external_exports.number().optional()
+                }).describe("Per-aggregate function result for this metric in this bucket.")
+              ).describe("Per-metric result keyed by metric name.")
+            })
+          ).describe("Time-ordered buckets; empty when no records match."),
+          partial: external_exports.boolean().describe("True if any bucket was sample-capped; retry with a higher maxBucketSamples or a narrower range for exact values."),
+          notes: external_exports.array(external_exports.string()).describe('Human-readable notes about the aggregation (e.g. "metric X is non-numeric").')
+        }
+      },
+      async (args) => {
+        const opts = {
+          since: args.since,
+          from: args.from,
+          to: args.to,
+          metrics: args.metrics,
+          aggs: args.aggs,
+          bucket: args.bucket,
+          maxBucketSamples: args.maxBucketSamples
+        };
+        const res = await aggregateDeviceHistory(args.deviceId, opts);
+        const structured = {
+          deviceId: res.deviceId,
+          from: res.from,
+          to: res.to,
+          metrics: res.metrics,
+          aggs: res.aggs,
+          buckets: res.buckets,
+          partial: res.partial,
+          notes: res.notes
+        };
+        if (res.bucket !== void 0) structured.bucket = res.bucket;
         return {
-          content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
-          structuredContent: { device: toMcpDescribeShape(result) }
+          content: [{ type: "text", text: JSON.stringify(res, null, 2) }],
+          structuredContent: structured
         };
-      } catch (err) {
-        if (err instanceof DeviceNotFoundError) {
-          return mcpError("runtime", 152, err.message, {
-            hint: "Check the deviceId with 'switchbot devices list' (IDs are case-sensitive).",
-            context: { deviceId }
-          });
-        }
-        return apiErrorToMcpError(err);
       }
-    }
-  );
-  server.registerTool(
-    "aggregate_device_history",
-    {
-      title: "Aggregate device history",
-      description: "Bucketed statistics (count/min/max/avg/sum/p50/p95) over JSONL-recorded device history. Read-only; no network calls.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        deviceId: external_exports.string().min(1).describe("Device ID to aggregate over (must exist in ~/.switchbot/device-history/)."),
-        since: external_exports.string().optional().describe('Relative window ending now, e.g. "30s", "15m", "1h", "7d". Mutually exclusive with from/to.'),
-        from: external_exports.string().optional().describe("Range start (ISO-8601). Requires `to`."),
-        to: external_exports.string().optional().describe("Range end (ISO-8601). Requires `from`."),
-        metrics: external_exports.array(external_exports.string().min(1)).min(1).describe('One or more numeric payload field names to aggregate (e.g. ["temperature","humidity"]).'),
-        aggs: external_exports.array(external_exports.enum(ALL_AGG_FNS)).optional().describe('Aggregation functions to apply per metric (default: ["count","avg"]).'),
-        bucket: external_exports.string().optional().describe('Bucket width like "5m", "1h", "1d". Omit for a single bucket spanning the full range.'),
-        maxBucketSamples: external_exports.number().int().positive().max(MAX_SAMPLE_CAP).optional().describe(`Sample cap per bucket to bound memory (default ${1e4}, max ${MAX_SAMPLE_CAP}). partial=true in the result when any bucket was capped.`)
-      }).strict(),
-      outputSchema: {
-        deviceId: external_exports.string(),
-        bucket: external_exports.string().optional().describe("Bucket width echoed back when specified; omitted for single-bucket results."),
-        from: external_exports.string().describe("Effective range start (ISO-8601)."),
-        to: external_exports.string().describe("Effective range end (ISO-8601)."),
-        metrics: external_exports.array(external_exports.string()).describe("Metrics that were requested."),
-        aggs: external_exports.array(external_exports.enum(ALL_AGG_FNS)).describe("Aggregation functions that were applied."),
-        buckets: external_exports.array(
-          external_exports.object({
-            t: external_exports.string().describe("Bucket start timestamp (ISO-8601)."),
-            metrics: external_exports.record(
-              external_exports.string(),
-              external_exports.object({
-                count: external_exports.number().optional(),
-                min: external_exports.number().optional(),
-                max: external_exports.number().optional(),
-                avg: external_exports.number().optional(),
-                sum: external_exports.number().optional(),
-                p50: external_exports.number().optional(),
-                p95: external_exports.number().optional()
-              }).describe("Per-aggregate function result for this metric in this bucket.")
-            ).describe("Per-metric result keyed by metric name.")
-          })
-        ).describe("Time-ordered buckets; empty when no records match."),
-        partial: external_exports.boolean().describe("True if any bucket was sample-capped; retry with a higher maxBucketSamples or a narrower range for exact values."),
-        notes: external_exports.array(external_exports.string()).describe('Human-readable notes about the aggregation (e.g. "metric X is non-numeric").')
+    );
+  if (!skip("account_overview"))
+    server.registerTool(
+      "account_overview",
+      {
+        title: "Bootstrap account overview",
+        description: "Get a complete account snapshot: devices, scenes, quota usage, cache status, and MQTT connection state. Use this for cold-start initialization or periodic health checks.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({}).strict(),
+        outputSchema: {
+          version: external_exports.string(),
+          schemaVersion: external_exports.string(),
+          devices: external_exports.array(external_exports.object({
+            deviceId: external_exports.string(),
+            deviceName: external_exports.string(),
+            deviceType: external_exports.string().optional()
+          }).passthrough()).describe("All physical devices"),
+          infraredRemotes: external_exports.array(external_exports.object({
+            deviceId: external_exports.string(),
+            deviceName: external_exports.string(),
+            remoteType: external_exports.string()
+          }).passthrough()).describe("All IR remotes"),
+          scenes: external_exports.array(external_exports.object({
+            sceneId: external_exports.string(),
+            sceneName: external_exports.string()
+          }).passthrough()).describe("All manual scenes"),
+          quota: external_exports.object({
+            date: external_exports.string(),
+            total: external_exports.number(),
+            remaining: external_exports.number(),
+            endpoints: external_exports.record(external_exports.string(), external_exports.number()).optional()
+          }).describe("Today's quota usage"),
+          cache: external_exports.object({
+            list: external_exports.object({
+              path: external_exports.string(),
+              exists: external_exports.boolean(),
+              lastUpdated: external_exports.string().optional(),
+              ageMs: external_exports.number().optional(),
+              deviceCount: external_exports.number().optional()
+            }),
+            status: external_exports.object({
+              path: external_exports.string(),
+              exists: external_exports.boolean(),
+              entryCount: external_exports.number(),
+              oldestFetchedAt: external_exports.string().optional(),
+              newestFetchedAt: external_exports.string().optional()
+            })
+          }).describe("Cache status"),
+          mqtt: external_exports.object({
+            state: external_exports.string(),
+            subscribers: external_exports.number()
+          }).optional().describe("MQTT connection state (present when REST credentials are configured; auto-provisioned via POST /v1.1/iot/credential)")
+        }
+      },
+      async () => {
+        const deviceList = await fetchDeviceList();
+        const sceneList = await fetchScenes();
+        const cacheInfo = describeCache();
+        const quota = todayUsage();
+        const overview = {
+          version: VERSION,
+          schemaVersion: "1.1",
+          devices: deviceList.deviceList.map(toMcpDeviceListShape),
+          infraredRemotes: deviceList.infraredRemoteList.map(toMcpIrDeviceShape),
+          scenes: sceneList.map((s2) => ({
+            sceneId: s2.sceneId,
+            sceneName: s2.sceneName
+          })),
+          quota: {
+            date: quota.date,
+            total: quota.total,
+            remaining: quota.remaining,
+            endpoints: quota.endpoints
+          },
+          cache: {
+            list: cacheInfo.list,
+            status: cacheInfo.status
+          },
+          ...eventManager ? {
+            mqtt: {
+              state: eventManager.getState(),
+              subscribers: eventManager.getSubscriberCount()
+            }
+          } : {}
+        };
+        return {
+          content: [{
+            type: "text",
+            text: JSON.stringify(overview, null, 2)
+          }],
+          structuredContent: overview
+        };
       }
-    },
-    async (args) => {
-      const opts = {
-        since: args.since,
-        from: args.from,
-        to: args.to,
-        metrics: args.metrics,
-        aggs: args.aggs,
-        bucket: args.bucket,
-        maxBucketSamples: args.maxBucketSamples
-      };
-      const res = await aggregateDeviceHistory(args.deviceId, opts);
-      const structured = {
-        deviceId: res.deviceId,
-        from: res.from,
-        to: res.to,
-        metrics: res.metrics,
-        aggs: res.aggs,
-        buckets: res.buckets,
-        partial: res.partial,
-        notes: res.notes
-      };
-      if (res.bucket !== void 0) structured.bucket = res.bucket;
-      return {
-        content: [{ type: "text", text: JSON.stringify(res, null, 2) }],
-        structuredContent: structured
-      };
-    }
-  );
-  server.registerTool(
-    "account_overview",
-    {
-      title: "Bootstrap account overview",
-      description: "Get a complete account snapshot: devices, scenes, quota usage, cache status, and MQTT connection state. Use this for cold-start initialization or periodic health checks.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({}).strict(),
-      outputSchema: {
-        version: external_exports.string(),
-        schemaVersion: external_exports.string(),
-        devices: external_exports.array(external_exports.object({
-          deviceId: external_exports.string(),
-          deviceName: external_exports.string(),
-          deviceType: external_exports.string().optional()
-        }).passthrough()).describe("All physical devices"),
-        infraredRemotes: external_exports.array(external_exports.object({
-          deviceId: external_exports.string(),
-          deviceName: external_exports.string(),
-          remoteType: external_exports.string()
-        }).passthrough()).describe("All IR remotes"),
-        scenes: external_exports.array(external_exports.object({
-          sceneId: external_exports.string(),
-          sceneName: external_exports.string()
-        }).passthrough()).describe("All manual scenes"),
-        quota: external_exports.object({
-          date: external_exports.string(),
-          total: external_exports.number(),
-          remaining: external_exports.number(),
-          endpoints: external_exports.record(external_exports.string(), external_exports.number()).optional()
-        }).describe("Today's quota usage"),
-        cache: external_exports.object({
-          list: external_exports.object({
-            path: external_exports.string(),
-            exists: external_exports.boolean(),
-            lastUpdated: external_exports.string().optional(),
-            ageMs: external_exports.number().optional(),
-            deviceCount: external_exports.number().optional()
-          }),
-          status: external_exports.object({
+    );
+  if (!skip("policy_validate"))
+    server.registerTool(
+      "policy_validate",
+      {
+        title: "Validate a policy.yaml file",
+        description: "Check a policy file against the embedded JSON Schema, offline command/device semantics, and local safety guards. By default this stays offline; set live=true to resolve aliases and rule targets against the current account inventory. It still does not verify commands against live capabilities, current firmware, or other runtime-only device behavior. When no path is given, reads the resolved default (${SWITCHBOT_POLICY_PATH} or ~/.config/openclaw/switchbot/policy.yaml). Use before relying on aliases/quiet_hours/confirmations so the agent never acts on a broken policy.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          path: external_exports.string().optional().describe("Optional policy file path; defaults to the resolved default path"),
+          live: external_exports.boolean().optional().describe("When true, also resolve aliases and rule targets against the current account inventory")
+        }).strict(),
+        outputSchema: {
+          policyPath: external_exports.string(),
+          schemaVersion: external_exports.string(),
+          validationScope: external_exports.string(),
+          limitations: external_exports.array(external_exports.string()),
+          present: external_exports.boolean().describe("false when the file does not exist"),
+          valid: external_exports.boolean().nullable().describe("null when present=false"),
+          errors: external_exports.array(external_exports.object({
             path: external_exports.string(),
-            exists: external_exports.boolean(),
-            entryCount: external_exports.number(),
-            oldestFetchedAt: external_exports.string().optional(),
-            newestFetchedAt: external_exports.string().optional()
-          })
-        }).describe("Cache status"),
-        mqtt: external_exports.object({
-          state: external_exports.string(),
-          subscribers: external_exports.number()
-        }).optional().describe("MQTT connection state (present when REST credentials are configured; auto-provisioned via POST /v1.1/iot/credential)")
-      }
-    },
-    async () => {
-      const deviceList = await fetchDeviceList();
-      const sceneList = await fetchScenes();
-      const cacheInfo = describeCache();
-      const quota = todayUsage();
-      const overview = {
-        version: VERSION,
-        schemaVersion: "1.1",
-        devices: deviceList.deviceList.map(toMcpDeviceListShape),
-        infraredRemotes: deviceList.infraredRemoteList.map(toMcpIrDeviceShape),
-        scenes: sceneList.map((s2) => ({
-          sceneId: s2.sceneId,
-          sceneName: s2.sceneName
-        })),
-        quota: {
-          date: quota.date,
-          total: quota.total,
-          remaining: quota.remaining,
-          endpoints: quota.endpoints
-        },
-        cache: {
-          list: cacheInfo.list,
-          status: cacheInfo.status
-        },
-        ...eventManager ? {
-          mqtt: {
-            state: eventManager.getState(),
-            subscribers: eventManager.getSubscriberCount()
+            line: external_exports.number().optional(),
+            col: external_exports.number().optional(),
+            keyword: external_exports.string(),
+            message: external_exports.string(),
+            hint: external_exports.string().optional(),
+            schemaPath: external_exports.string()
+          })).describe("Empty when valid or when the file is missing")
+        }
+      },
+      async ({ path: pathArg, live }) => {
+        const policyPath = resolvePolicyPath({ flag: pathArg });
+        try {
+          const loaded = loadPolicyFile(policyPath);
+          let result = validateLoadedPolicy(loaded);
+          if (live) {
+            if (!tryLoadConfig()) {
+              return mcpError("runtime", 151, "policy_validate live=true requires configured SwitchBot credentials.", {
+                hint: "Run 'switchbot config set-token' first, or set SWITCHBOT_TOKEN and SWITCHBOT_SECRET."
+              });
+            }
+            const inventory = await fetchDeviceList(void 0, { bypassCache: true });
+            result = validateLoadedPolicyAgainstInventory(loaded, inventory);
           }
-        } : {}
-      };
-      return {
-        content: [{
-          type: "text",
-          text: JSON.stringify(overview, null, 2)
-        }],
-        structuredContent: overview
-      };
-    }
-  );
-  server.registerTool(
-    "policy_validate",
-    {
-      title: "Validate a policy.yaml file",
-      description: "Check a policy file against the embedded JSON Schema, offline command/device semantics, and local safety guards. By default this stays offline; set live=true to resolve aliases and rule targets against the current account inventory. It still does not verify commands against live capabilities, current firmware, or other runtime-only device behavior. When no path is given, reads the resolved default (${SWITCHBOT_POLICY_PATH} or ~/.config/openclaw/switchbot/policy.yaml). Use before relying on aliases/quiet_hours/confirmations so the agent never acts on a broken policy.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        path: external_exports.string().optional().describe("Optional policy file path; defaults to the resolved default path"),
-        live: external_exports.boolean().optional().describe("When true, also resolve aliases and rule targets against the current account inventory")
-      }).strict(),
-      outputSchema: {
-        policyPath: external_exports.string(),
-        schemaVersion: external_exports.string(),
-        validationScope: external_exports.string(),
-        limitations: external_exports.array(external_exports.string()),
-        present: external_exports.boolean().describe("false when the file does not exist"),
-        valid: external_exports.boolean().nullable().describe("null when present=false"),
-        errors: external_exports.array(external_exports.object({
-          path: external_exports.string(),
-          line: external_exports.number().optional(),
-          col: external_exports.number().optional(),
-          keyword: external_exports.string(),
-          message: external_exports.string(),
-          hint: external_exports.string().optional(),
-          schemaPath: external_exports.string()
-        })).describe("Empty when valid or when the file is missing")
-      }
-    },
-    async ({ path: pathArg, live }) => {
-      const policyPath = resolvePolicyPath({ flag: pathArg });
-      try {
-        const loaded = loadPolicyFile(policyPath);
-        let result = validateLoadedPolicy(loaded);
-        if (live) {
-          if (!tryLoadConfig()) {
-            return mcpError("runtime", 151, "policy_validate live=true requires configured SwitchBot credentials.", {
-              hint: "Run 'switchbot config set-token' first, or set SWITCHBOT_TOKEN and SWITCHBOT_SECRET."
-            });
+          const structured = {
+            policyPath: result.policyPath,
+            schemaVersion: result.schemaVersion,
+            validationScope: result.validationScope,
+            limitations: result.limitations,
+            present: true,
+            valid: result.valid,
+            errors: result.errors
+          };
+          return {
+            content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
+            structuredContent: structured
+          };
+        } catch (err) {
+          if (err instanceof PolicyFileNotFoundError) {
+            const structured = {
+              policyPath,
+              schemaVersion: CURRENT_POLICY_SCHEMA_VERSION,
+              validationScope: "schema+offline-semantics",
+              limitations: [
+                "Does not resolve aliases against the live device inventory.",
+                "Does not verify commands against the real target device, live capabilities, or current firmware."
+              ],
+              present: false,
+              valid: null,
+              errors: []
+            };
+            return {
+              content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
+              structuredContent: structured
+            };
+          }
+          if (err instanceof PolicyYamlParseError) {
+            const structured = {
+              policyPath,
+              schemaVersion: CURRENT_POLICY_SCHEMA_VERSION,
+              validationScope: "schema+offline-semantics",
+              limitations: [
+                "Does not resolve aliases against the live device inventory.",
+                "Does not verify commands against the real target device, live capabilities, or current firmware."
+              ],
+              present: true,
+              valid: false,
+              errors: err.yamlErrors.map((e) => ({
+                path: "",
+                line: e.line,
+                col: e.col,
+                keyword: "yaml-parse",
+                message: e.message,
+                schemaPath: ""
+              }))
+            };
+            return {
+              content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
+              structuredContent: structured
+            };
           }
-          const inventory = await fetchDeviceList(void 0, { bypassCache: true });
-          result = validateLoadedPolicyAgainstInventory(loaded, inventory);
+          throw err;
+        }
+      }
+    );
+  if (!skip("policy_new"))
+    server.registerTool(
+      "policy_new",
+      {
+        title: "Scaffold a starter policy.yaml",
+        description: "Write a starter policy file to the resolved default path (or a given path). Refuses to overwrite unless force=true. This is a write action: the agent should only call it after confirming with the user.",
+        _meta: { agentSafetyTier: "action" },
+        inputSchema: external_exports.object({
+          path: external_exports.string().optional().describe("Optional target path; defaults to the resolved default"),
+          force: external_exports.boolean().optional().describe("When true, overwrite an existing file")
+        }).strict(),
+        outputSchema: {
+          policyPath: external_exports.string(),
+          schemaVersion: external_exports.string(),
+          bytesWritten: external_exports.number(),
+          overwritten: external_exports.boolean()
         }
+      },
+      async ({ path: pathArg, force }) => {
+        const policyPath = resolvePolicyPath({ flag: pathArg });
+        const doForce = force === true;
+        if (fs18.existsSync(policyPath) && !doForce) {
+          return mcpError("guard", 5, `refusing to overwrite existing policy at ${policyPath}`, {
+            hint: "pass force=true to overwrite, or choose a different path",
+            context: { policyPath }
+          });
+        }
+        const template = readPolicyExampleYaml();
+        fs18.mkdirSync(pathDirname(policyPath), { recursive: true });
+        fs18.writeFileSync(policyPath, template, { encoding: "utf-8" });
         const structured = {
-          policyPath: result.policyPath,
-          schemaVersion: result.schemaVersion,
-          validationScope: result.validationScope,
-          limitations: result.limitations,
-          present: true,
-          valid: result.valid,
-          errors: result.errors
+          policyPath,
+          schemaVersion: CURRENT_POLICY_SCHEMA_VERSION,
+          bytesWritten: Buffer.byteLength(template, "utf-8"),
+          overwritten: doForce
         };
         return {
           content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
           structuredContent: structured
         };
-      } catch (err) {
-        if (err instanceof PolicyFileNotFoundError) {
-          const structured = {
-            policyPath,
-            schemaVersion: CURRENT_POLICY_SCHEMA_VERSION,
-            validationScope: "schema+offline-semantics",
-            limitations: [
-              "Does not resolve aliases against the live device inventory.",
-              "Does not verify commands against the real target device, live capabilities, or current firmware."
-            ],
-            present: false,
-            valid: null,
-            errors: []
+      }
+    );
+  if (!skip("policy_migrate"))
+    server.registerTool(
+      "policy_migrate",
+      {
+        title: "Migrate a policy file to the latest supported schema",
+        description: 'Rewrites a policy file between schema versions this CLI still supports while preserving comments. Safe by default: if the migrated document would fail schema validation, the file is NOT rewritten and the tool returns status="precheck-failed" with the list of errors. Pass dryRun=true to preview without touching the file. This release only supports v0.2, so legacy v0.1 files are reported as unsupported rather than migrated.',
+        _meta: { agentSafetyTier: "action" },
+        inputSchema: external_exports.object({
+          path: external_exports.string().optional().describe("Optional policy file path; defaults to the resolved default path"),
+          dryRun: external_exports.boolean().optional().describe("When true, report what would change without writing"),
+          to: external_exports.string().optional().describe(`Target schema version (default: latest supported, "${LATEST_SUPPORTED_VERSION}")`)
+        }).strict(),
+        outputSchema: {
+          policyPath: external_exports.string(),
+          fileVersion: external_exports.string().optional(),
+          targetVersion: external_exports.string(),
+          supportedVersions: external_exports.array(external_exports.string()),
+          status: external_exports.enum([
+            "already-current",
+            "migrated",
+            "dry-run",
+            "no-version-field",
+            "unsupported",
+            "precheck-failed",
+            "file-not-found"
+          ]),
+          from: external_exports.string().optional(),
+          to: external_exports.string().optional(),
+          bytesWritten: external_exports.number().optional(),
+          message: external_exports.string(),
+          errors: external_exports.array(external_exports.object({ path: external_exports.string(), keyword: external_exports.string(), message: external_exports.string() })).optional()
+        }
+      },
+      async ({ path: pathArg, dryRun, to }) => {
+        const policyPath = resolvePolicyPath({ flag: pathArg });
+        const target = to ?? LATEST_SUPPORTED_VERSION;
+        let loaded;
+        try {
+          loaded = loadPolicyFile(policyPath);
+        } catch (err) {
+          if (err instanceof PolicyFileNotFoundError) {
+            const structured2 = {
+              policyPath,
+              targetVersion: target,
+              supportedVersions: [...SUPPORTED_POLICY_SCHEMA_VERSIONS],
+              status: "file-not-found",
+              message: `policy file not found: ${policyPath}`
+            };
+            return {
+              content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
+              structuredContent: structured2
+            };
+          }
+          throw err;
+        }
+        const data = loaded.data;
+        const fileVersion = typeof data?.version === "string" ? data.version : void 0;
+        const base = {
+          policyPath,
+          fileVersion,
+          targetVersion: target,
+          supportedVersions: [...SUPPORTED_POLICY_SCHEMA_VERSIONS]
+        };
+        if (!fileVersion) {
+          const structured2 = {
+            ...base,
+            status: "no-version-field",
+            message: `policy has no \`version\` field \u2014 add \`version: "${CURRENT_POLICY_SCHEMA_VERSION}"\``
           };
           return {
-            content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
-            structuredContent: structured
+            content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
+            structuredContent: structured2
           };
         }
-        if (err instanceof PolicyYamlParseError) {
-          const structured = {
-            policyPath,
-            schemaVersion: CURRENT_POLICY_SCHEMA_VERSION,
-            validationScope: "schema+offline-semantics",
-            limitations: [
-              "Does not resolve aliases against the live device inventory.",
-              "Does not verify commands against the real target device, live capabilities, or current firmware."
-            ],
-            present: true,
-            valid: false,
-            errors: err.yamlErrors.map((e) => ({
-              path: "",
-              line: e.line,
-              col: e.col,
-              keyword: "yaml-parse",
-              message: e.message,
-              schemaPath: ""
-            }))
+        if (!SUPPORTED_POLICY_SCHEMA_VERSIONS.includes(fileVersion)) {
+          const isLegacy = fileVersion === "0.1";
+          const structured2 = {
+            ...base,
+            status: "unsupported",
+            message: isLegacy ? `policy schema v${fileVersion} is legacy and cannot be migrated by this CLI` : `policy schema v${fileVersion} is not supported (supports: ${SUPPORTED_POLICY_SCHEMA_VERSIONS.join(", ")})`
           };
           return {
-            content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
-            structuredContent: structured
+            content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
+            structuredContent: structured2
           };
         }
-        throw err;
-      }
-    }
-  );
-  server.registerTool(
-    "policy_new",
-    {
-      title: "Scaffold a starter policy.yaml",
-      description: "Write a starter policy file to the resolved default path (or a given path). Refuses to overwrite unless force=true. This is a write action: the agent should only call it after confirming with the user.",
-      _meta: { agentSafetyTier: "action" },
-      inputSchema: external_exports.object({
-        path: external_exports.string().optional().describe("Optional target path; defaults to the resolved default"),
-        force: external_exports.boolean().optional().describe("When true, overwrite an existing file")
-      }).strict(),
-      outputSchema: {
-        policyPath: external_exports.string(),
-        schemaVersion: external_exports.string(),
-        bytesWritten: external_exports.number(),
-        overwritten: external_exports.boolean()
-      }
-    },
-    async ({ path: pathArg, force }) => {
-      const policyPath = resolvePolicyPath({ flag: pathArg });
-      const doForce = force === true;
-      if (fs18.existsSync(policyPath) && !doForce) {
-        return mcpError("guard", 5, `refusing to overwrite existing policy at ${policyPath}`, {
-          hint: "pass force=true to overwrite, or choose a different path",
-          context: { policyPath }
-        });
-      }
-      const template = readPolicyExampleYaml();
-      fs18.mkdirSync(pathDirname(policyPath), { recursive: true });
-      fs18.writeFileSync(policyPath, template, { encoding: "utf-8" });
-      const structured = {
-        policyPath,
-        schemaVersion: CURRENT_POLICY_SCHEMA_VERSION,
-        bytesWritten: Buffer.byteLength(template, "utf-8"),
-        overwritten: doForce
-      };
-      return {
-        content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
-        structuredContent: structured
-      };
-    }
-  );
-  server.registerTool(
-    "policy_migrate",
-    {
-      title: "Migrate a policy file to the latest supported schema",
-      description: 'Rewrites a policy file between schema versions this CLI still supports while preserving comments. Safe by default: if the migrated document would fail schema validation, the file is NOT rewritten and the tool returns status="precheck-failed" with the list of errors. Pass dryRun=true to preview without touching the file. This release only supports v0.2, so legacy v0.1 files are reported as unsupported rather than migrated.',
-      _meta: { agentSafetyTier: "action" },
-      inputSchema: external_exports.object({
-        path: external_exports.string().optional().describe("Optional policy file path; defaults to the resolved default path"),
-        dryRun: external_exports.boolean().optional().describe("When true, report what would change without writing"),
-        to: external_exports.string().optional().describe(`Target schema version (default: latest supported, "${LATEST_SUPPORTED_VERSION}")`)
-      }).strict(),
-      outputSchema: {
-        policyPath: external_exports.string(),
-        fileVersion: external_exports.string().optional(),
-        targetVersion: external_exports.string(),
-        supportedVersions: external_exports.array(external_exports.string()),
-        status: external_exports.enum([
-          "already-current",
-          "migrated",
-          "dry-run",
-          "no-version-field",
-          "unsupported",
-          "precheck-failed",
-          "file-not-found"
-        ]),
-        from: external_exports.string().optional(),
-        to: external_exports.string().optional(),
-        bytesWritten: external_exports.number().optional(),
-        message: external_exports.string(),
-        errors: external_exports.array(external_exports.object({ path: external_exports.string(), keyword: external_exports.string(), message: external_exports.string() })).optional()
-      }
-    },
-    async ({ path: pathArg, dryRun, to }) => {
-      const policyPath = resolvePolicyPath({ flag: pathArg });
-      const target = to ?? LATEST_SUPPORTED_VERSION;
-      let loaded;
-      try {
-        loaded = loadPolicyFile(policyPath);
-      } catch (err) {
-        if (err instanceof PolicyFileNotFoundError) {
+        if (fileVersion === target) {
           const structured2 = {
-            policyPath,
-            targetVersion: target,
-            supportedVersions: [...SUPPORTED_POLICY_SCHEMA_VERSIONS],
-            status: "file-not-found",
-            message: `policy file not found: ${policyPath}`
+            ...base,
+            status: "already-current",
+            message: `already on schema v${target}; no migration needed`,
+            bytesWritten: 0
           };
           return {
             content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
             structuredContent: structured2
           };
         }
-        throw err;
-      }
-      const data = loaded.data;
-      const fileVersion = typeof data?.version === "string" ? data.version : void 0;
-      const base = {
-        policyPath,
-        fileVersion,
-        targetVersion: target,
-        supportedVersions: [...SUPPORTED_POLICY_SCHEMA_VERSIONS]
-      };
-      if (!fileVersion) {
-        const structured2 = {
-          ...base,
-          status: "no-version-field",
-          message: `policy has no \`version\` field \u2014 add \`version: "${CURRENT_POLICY_SCHEMA_VERSION}"\``
-        };
-        return {
-          content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
-          structuredContent: structured2
-        };
-      }
-      if (!SUPPORTED_POLICY_SCHEMA_VERSIONS.includes(fileVersion)) {
-        const isLegacy = fileVersion === "0.1";
-        const structured2 = {
-          ...base,
-          status: "unsupported",
-          message: isLegacy ? `policy schema v${fileVersion} is legacy and cannot be migrated by this CLI` : `policy schema v${fileVersion} is not supported (supports: ${SUPPORTED_POLICY_SCHEMA_VERSIONS.join(", ")})`
-        };
-        return {
-          content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
-          structuredContent: structured2
-        };
-      }
-      if (fileVersion === target) {
-        const structured2 = {
-          ...base,
-          status: "already-current",
-          message: `already on schema v${target}; no migration needed`,
-          bytesWritten: 0
-        };
-        return {
-          content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
-          structuredContent: structured2
-        };
-      }
-      const plan = planMigration(loaded, fileVersion, target);
-      if (!plan.precheck.valid) {
-        const structured2 = {
-          ...base,
-          status: "precheck-failed",
-          message: `migrated policy fails schema v${target} precheck; file not written`,
-          errors: plan.precheck.errors.map((e) => ({ path: e.path, keyword: e.keyword, message: e.message }))
-        };
-        return {
-          content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
-          structuredContent: structured2
-        };
-      }
-      const bytes = Buffer.byteLength(plan.nextSource, "utf-8");
-      if (dryRun) {
-        const structured2 = {
+        const plan = planMigration(loaded, fileVersion, target);
+        if (!plan.precheck.valid) {
+          const structured2 = {
+            ...base,
+            status: "precheck-failed",
+            message: `migrated policy fails schema v${target} precheck; file not written`,
+            errors: plan.precheck.errors.map((e) => ({ path: e.path, keyword: e.keyword, message: e.message }))
+          };
+          return {
+            content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
+            structuredContent: structured2
+          };
+        }
+        const bytes = Buffer.byteLength(plan.nextSource, "utf-8");
+        if (dryRun) {
+          const structured2 = {
+            ...base,
+            status: "dry-run",
+            from: plan.fromVersion,
+            to: plan.toVersion,
+            bytesWritten: 0,
+            message: `dry-run: would upgrade v${plan.fromVersion} \u2192 v${plan.toVersion} (${bytes} bytes)`
+          };
+          return {
+            content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
+            structuredContent: structured2
+          };
+        }
+        writeFileSync(policyPath, plan.nextSource, { encoding: "utf-8" });
+        const structured = {
           ...base,
-          status: "dry-run",
+          status: "migrated",
           from: plan.fromVersion,
           to: plan.toVersion,
-          bytesWritten: 0,
-          message: `dry-run: would upgrade v${plan.fromVersion} \u2192 v${plan.toVersion} (${bytes} bytes)`
+          bytesWritten: bytes,
+          message: `migrated ${policyPath} to schema v${plan.toVersion} (from v${plan.fromVersion})`
         };
         return {
-          content: [{ type: "text", text: JSON.stringify(structured2, null, 2) }],
-          structuredContent: structured2
+          content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
+          structuredContent: structured
         };
       }
-      writeFileSync(policyPath, plan.nextSource, { encoding: "utf-8" });
-      const structured = {
-        ...base,
-        status: "migrated",
-        from: plan.fromVersion,
-        to: plan.toVersion,
-        bytesWritten: bytes,
-        message: `migrated ${policyPath} to schema v${plan.toVersion} (from v${plan.fromVersion})`
-      };
-      return {
-        content: [{ type: "text", text: JSON.stringify(structured, null, 2) }],
-        structuredContent: structured
-      };
-    }
-  );
-  server.registerTool(
-    "policy_diff",
-    {
-      title: "Compare two policy files",
-      description: "Compare two policy YAML files and return the same contract as `switchbot --json policy diff`: { leftPath, rightPath, equal, changeCount, truncated, stats, changes, diff }.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        left_path: external_exports.string().min(1).describe("Path to the baseline policy file."),
-        right_path: external_exports.string().min(1).describe("Path to the candidate policy file.")
-      }).strict(),
-      outputSchema: {
-        leftPath: external_exports.string(),
-        rightPath: external_exports.string(),
-        equal: external_exports.boolean(),
-        changeCount: external_exports.number().int(),
-        truncated: external_exports.boolean(),
-        stats: external_exports.object({
-          added: external_exports.number().int(),
-          removed: external_exports.number().int(),
-          changed: external_exports.number().int()
-        }),
-        changes: external_exports.array(external_exports.object({
-          path: external_exports.string(),
-          kind: external_exports.enum(["added", "removed", "changed"]),
-          before: external_exports.unknown().optional(),
-          after: external_exports.unknown().optional()
-        })),
-        diff: external_exports.string()
-      }
-    },
-    ({ left_path, right_path }) => {
-      let leftSource = "";
-      let rightSource = "";
-      try {
-        leftSource = fs18.readFileSync(left_path, "utf-8");
-      } catch (err) {
-        if (err?.code === "ENOENT") {
-          return mcpError("usage", 2, `policy file not found: ${left_path}`, {
-            context: { policyPath: left_path }
-          });
+    );
+  if (!skip("policy_diff"))
+    server.registerTool(
+      "policy_diff",
+      {
+        title: "Compare two policy files",
+        description: "Compare two policy YAML files and return the same contract as `switchbot --json policy diff`: { leftPath, rightPath, equal, changeCount, truncated, stats, changes, diff }.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          left_path: external_exports.string().min(1).describe("Path to the baseline policy file."),
+          right_path: external_exports.string().min(1).describe("Path to the candidate policy file.")
+        }).strict(),
+        outputSchema: {
+          leftPath: external_exports.string(),
+          rightPath: external_exports.string(),
+          equal: external_exports.boolean(),
+          changeCount: external_exports.number().int(),
+          truncated: external_exports.boolean(),
+          stats: external_exports.object({
+            added: external_exports.number().int(),
+            removed: external_exports.number().int(),
+            changed: external_exports.number().int()
+          }),
+          changes: external_exports.array(external_exports.object({
+            path: external_exports.string(),
+            kind: external_exports.enum(["added", "removed", "changed"]),
+            before: external_exports.unknown().optional(),
+            after: external_exports.unknown().optional()
+          })),
+          diff: external_exports.string()
         }
-        return mcpError("runtime", 1, `failed to read ${left_path}: ${String(err)}`);
-      }
-      try {
-        rightSource = fs18.readFileSync(right_path, "utf-8");
-      } catch (err) {
-        if (err?.code === "ENOENT") {
-          return mcpError("usage", 2, `policy file not found: ${right_path}`, {
-            context: { policyPath: right_path }
-          });
+      },
+      ({ left_path, right_path }) => {
+        let leftSource = "";
+        let rightSource = "";
+        try {
+          leftSource = fs18.readFileSync(left_path, "utf-8");
+        } catch (err) {
+          if (err?.code === "ENOENT") {
+            return mcpError("usage", 2, `policy file not found: ${left_path}`, {
+              context: { policyPath: left_path }
+            });
+          }
+          return mcpError("runtime", 1, `failed to read ${left_path}: ${String(err)}`);
         }
-        return mcpError("runtime", 1, `failed to read ${right_path}: ${String(err)}`);
-      }
-      let leftDoc;
-      let rightDoc;
-      try {
-        leftDoc = (0, import_yaml7.parse)(leftSource);
-      } catch (err) {
-        return mcpError("usage", 2, `YAML parse error in ${left_path}: ${err.message}`);
-      }
-      try {
-        rightDoc = (0, import_yaml7.parse)(rightSource);
-      } catch (err) {
-        return mcpError("usage", 2, `YAML parse error in ${right_path}: ${err.message}`);
+        try {
+          rightSource = fs18.readFileSync(right_path, "utf-8");
+        } catch (err) {
+          if (err?.code === "ENOENT") {
+            return mcpError("usage", 2, `policy file not found: ${right_path}`, {
+              context: { policyPath: right_path }
+            });
+          }
+          return mcpError("runtime", 1, `failed to read ${right_path}: ${String(err)}`);
+        }
+        let leftDoc;
+        let rightDoc;
+        try {
+          leftDoc = (0, import_yaml7.parse)(leftSource);
+        } catch (err) {
+          return mcpError("usage", 2, `YAML parse error in ${left_path}: ${err.message}`);
+        }
+        try {
+          rightDoc = (0, import_yaml7.parse)(rightSource);
+        } catch (err) {
+          return mcpError("usage", 2, `YAML parse error in ${right_path}: ${err.message}`);
+        }
+        const result = {
+          leftPath: left_path,
+          rightPath: right_path,
+          ...diffPolicyValues(leftDoc, rightDoc, leftSource, rightSource)
+        };
+        return {
+          content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+          structuredContent: result
+        };
       }
-      const result = {
-        leftPath: left_path,
-        rightPath: right_path,
-        ...diffPolicyValues(leftDoc, rightDoc, leftSource, rightSource)
-      };
-      return {
-        content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
-        structuredContent: result
-      };
-    }
-  );
+    );
   if (eventManager) {
     server.registerResource(
       "events",
@@ -52058,559 +52855,568 @@ API docs: https://github.com/OpenWonderLabs/SwitchBotAPI`
       }
     );
   }
-  server.registerTool(
-    "plan_suggest",
-    {
-      title: "Draft a SwitchBot execution plan from intent",
-      description: "Generate a candidate Plan JSON from a natural language intent and a list of device IDs. Uses keyword heuristics (no LLM) to pick the command. The returned plan is ready to pass to `plan run` \u2014 review and edit before executing. Recognised commands: turnOn, turnOff, press, lock, unlock, open, close, pause. Falls back to turnOn with a warning when intent is unclear.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        intent: external_exports.string().min(1).describe('Natural language description of what to do (e.g. "turn off all lights").'),
-        device_ids: external_exports.array(external_exports.string().min(1)).min(1).describe("Device IDs to act on.")
-      }).strict(),
-      outputSchema: {
-        plan: external_exports.unknown().describe("Candidate Plan JSON (version 1.0) ready to pass to plan run."),
-        warnings: external_exports.array(external_exports.string()).describe("Informational warnings (e.g. unrecognized intent defaulted to turnOn).")
-      }
-    },
-    ({ intent, device_ids }) => {
-      const devices = device_ids.map((id) => {
-        const cached2 = getCachedDevice(id);
-        return { id, name: cached2?.name, type: cached2?.type };
-      });
-      try {
-        const { plan, warnings } = suggestPlan({ intent, devices });
-        return {
-          content: [{ type: "text", text: JSON.stringify({ plan, warnings }, null, 2) }],
-          structuredContent: { plan, warnings }
-        };
-      } catch (err) {
-        return apiErrorToMcpError(err);
-      }
-    }
-  );
-  server.registerTool(
-    "plan_run",
-    {
-      title: "Validate and execute a SwitchBot plan",
-      description: "Execute a Plan JSON object (version 1.0). Destructive command steps are skipped unless yes=true, and the default safety profile still refuses direct destructive execution in favor of the reviewed plan workflow. Scene and wait steps run in order. Returns per-step results and a summary.",
-      _meta: { agentSafetyTier: "action" },
-      inputSchema: external_exports.object({
-        plan: external_exports.unknown().describe("Plan JSON object (same schema as `switchbot plan run`)."),
-        yes: external_exports.boolean().optional().describe("Authorize destructive command steps."),
-        continue_on_error: external_exports.boolean().optional().describe("Keep executing later steps after a failed step.")
-      }).strict(),
-      outputSchema: {
-        ran: external_exports.boolean(),
-        plan: external_exports.unknown(),
-        results: external_exports.array(external_exports.unknown()),
-        summary: external_exports.object({
-          total: external_exports.number().int(),
-          ok: external_exports.number().int(),
-          error: external_exports.number().int(),
-          skipped: external_exports.number().int()
-        })
-      }
-    },
-    async ({ plan, yes, continue_on_error }) => {
-      const validated = validatePlan(plan);
-      if (!validated.ok) {
-        return mcpError("usage", 2, "plan invalid", {
-          context: { issues: validated.issues },
-          hint: "Fix the reported issues and retry plan_run."
-        });
-      }
-      const out = {
-        ran: true,
-        plan: validated.plan,
-        results: [],
-        summary: { total: validated.plan.steps.length, ok: 0, error: 0, skipped: 0 }
-      };
-      const continueOnError = continue_on_error === true;
-      const allowDestructive = yes === true;
-      const destructiveSteps = validated.plan.steps.map((step, index) => ({ step, index })).filter((entry) => entry.step.type === "command").map(({ step, index }) => {
-        const resolvedDeviceId = resolveDeviceId(step.deviceId, step.deviceName);
-        const commandType = step.commandType ?? "command";
-        const deviceType = getCachedDevice(resolvedDeviceId)?.type;
-        return {
-          index: index + 1,
-          deviceId: resolvedDeviceId,
-          command: step.command,
-          commandType,
-          deviceType: deviceType ?? null,
-          destructive: isDestructiveCommand(deviceType, step.command, commandType)
-        };
-      }).filter((step) => step.destructive);
-      if (allowDestructive && destructiveSteps.length > 0 && !allowsDirectDestructiveExecution()) {
-        return mcpError("guard", 3, "Direct destructive execution is disabled for plan_run.", {
-          hint: destructiveExecutionHint(),
-          context: {
-            destructiveSteps: destructiveSteps.map((step) => ({
-              step: step.index,
-              deviceId: step.deviceId,
-              deviceType: step.deviceType,
-              command: step.command,
-              commandType: step.commandType
-            })),
-            requiredWorkflow: "plan-approval"
-          }
+  if (!skip("plan_suggest"))
+    server.registerTool(
+      "plan_suggest",
+      {
+        title: "Draft a SwitchBot execution plan from intent",
+        description: "Generate a candidate Plan JSON from a natural language intent and a list of device IDs. Uses keyword heuristics (no LLM) to pick the command. The returned plan is ready to pass to `plan run` \u2014 review and edit before executing. Recognised commands: turnOn, turnOff, press, lock, unlock, open, close, pause. Falls back to turnOn with a warning when intent is unclear.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          intent: external_exports.string().min(1).describe('Natural language description of what to do (e.g. "turn off all lights").'),
+          device_ids: external_exports.array(external_exports.string().min(1)).min(1).describe("Device IDs to act on.")
+        }).strict(),
+        outputSchema: {
+          plan: external_exports.unknown().describe("Candidate Plan JSON (version 1.0) ready to pass to plan run."),
+          warnings: external_exports.array(external_exports.string()).describe("Informational warnings (e.g. unrecognized intent defaulted to turnOn).")
+        }
+      },
+      ({ intent, device_ids }) => {
+        const devices = device_ids.map((id) => {
+          const cached2 = getCachedDevice(id);
+          return { id, name: cached2?.name, type: cached2?.type };
         });
+        try {
+          const { plan, warnings } = suggestPlan({ intent, devices });
+          return {
+            content: [{ type: "text", text: JSON.stringify({ plan, warnings }, null, 2) }],
+            structuredContent: { plan, warnings }
+          };
+        } catch (err) {
+          return apiErrorToMcpError(err);
+        }
       }
-      for (let i = 0; i < validated.plan.steps.length; i++) {
-        const step = validated.plan.steps[i];
-        const idx = i + 1;
-        if (step.type === "wait") {
-          await new Promise((resolve2) => setTimeout(resolve2, step.ms));
-          out.results.push({ step: idx, type: "wait", ms: step.ms, status: "ok" });
-          out.summary.ok++;
-          continue;
+    );
+  if (!skip("plan_run"))
+    server.registerTool(
+      "plan_run",
+      {
+        title: "Validate and execute a SwitchBot plan",
+        description: "Execute a Plan JSON object (version 1.0). Destructive command steps are skipped unless yes=true, and the default safety profile still refuses direct destructive execution in favor of the reviewed plan workflow. Scene and wait steps run in order. Returns per-step results and a summary.",
+        _meta: { agentSafetyTier: "action" },
+        inputSchema: external_exports.object({
+          plan: external_exports.unknown().describe("Plan JSON object (same schema as `switchbot plan run`)."),
+          yes: external_exports.boolean().optional().describe("Authorize destructive command steps."),
+          continue_on_error: external_exports.boolean().optional().describe("Keep executing later steps after a failed step.")
+        }).strict(),
+        outputSchema: {
+          ran: external_exports.boolean(),
+          plan: external_exports.unknown(),
+          results: external_exports.array(external_exports.unknown()),
+          summary: external_exports.object({
+            total: external_exports.number().int(),
+            ok: external_exports.number().int(),
+            error: external_exports.number().int(),
+            skipped: external_exports.number().int()
+          })
         }
-        if (step.type === "scene") {
-          try {
-            await executeScene(step.sceneId);
-            out.results.push({ step: idx, type: "scene", sceneId: step.sceneId, status: "ok" });
-            out.summary.ok++;
-          } catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            out.results.push({ step: idx, type: "scene", sceneId: step.sceneId, status: "error", error: msg });
-            out.summary.error++;
-            if (!continueOnError) break;
-          }
-          continue;
+      },
+      async ({ plan, yes, continue_on_error }) => {
+        const validated = validatePlan(plan);
+        if (!validated.ok) {
+          return mcpError("usage", 2, "plan invalid", {
+            context: { issues: validated.issues },
+            hint: "Fix the reported issues and retry plan_run."
+          });
         }
-        let resolvedDeviceId = "";
-        try {
-          resolvedDeviceId = resolveDeviceId(step.deviceId, step.deviceName);
+        const out = {
+          ran: true,
+          plan: validated.plan,
+          results: [],
+          summary: { total: validated.plan.steps.length, ok: 0, error: 0, skipped: 0 }
+        };
+        const continueOnError = continue_on_error === true;
+        const allowDestructive = yes === true;
+        const destructiveSteps = validated.plan.steps.map((step, index) => ({ step, index })).filter((entry) => entry.step.type === "command").map(({ step, index }) => {
+          const resolvedDeviceId = resolveDeviceId(step.deviceId, step.deviceName);
           const commandType = step.commandType ?? "command";
           const deviceType = getCachedDevice(resolvedDeviceId)?.type;
-          const destructive = isDestructiveCommand(deviceType, step.command, commandType);
-          if (destructive && !allowDestructive) {
+          return {
+            index: index + 1,
+            deviceId: resolvedDeviceId,
+            command: step.command,
+            commandType,
+            deviceType: deviceType ?? null,
+            destructive: isDestructiveCommand(deviceType, step.command, commandType)
+          };
+        }).filter((step) => step.destructive);
+        if (allowDestructive && destructiveSteps.length > 0 && !allowsDirectDestructiveExecution()) {
+          return mcpError("guard", 3, "Direct destructive execution is disabled for plan_run.", {
+            hint: destructiveExecutionHint(),
+            context: {
+              destructiveSteps: destructiveSteps.map((step) => ({
+                step: step.index,
+                deviceId: step.deviceId,
+                deviceType: step.deviceType,
+                command: step.command,
+                commandType: step.commandType
+              })),
+              requiredWorkflow: "plan-approval"
+            }
+          });
+        }
+        for (let i = 0; i < validated.plan.steps.length; i++) {
+          const step = validated.plan.steps[i];
+          const idx = i + 1;
+          if (step.type === "wait") {
+            await new Promise((resolve2) => setTimeout(resolve2, step.ms));
+            out.results.push({ step: idx, type: "wait", ms: step.ms, status: "ok" });
+            out.summary.ok++;
+            continue;
+          }
+          if (step.type === "scene") {
+            try {
+              await executeScene(step.sceneId);
+              out.results.push({ step: idx, type: "scene", sceneId: step.sceneId, status: "ok" });
+              out.summary.ok++;
+            } catch (err) {
+              const msg = err instanceof Error ? err.message : String(err);
+              out.results.push({ step: idx, type: "scene", sceneId: step.sceneId, status: "error", error: msg });
+              out.summary.error++;
+              if (!continueOnError) break;
+            }
+            continue;
+          }
+          let resolvedDeviceId = "";
+          try {
+            resolvedDeviceId = resolveDeviceId(step.deviceId, step.deviceName);
+            const commandType = step.commandType ?? "command";
+            const deviceType = getCachedDevice(resolvedDeviceId)?.type;
+            const destructive = isDestructiveCommand(deviceType, step.command, commandType);
+            if (destructive && !allowDestructive) {
+              out.results.push({
+                step: idx,
+                type: "command",
+                deviceId: resolvedDeviceId,
+                command: step.command,
+                status: "skipped",
+                error: "destructive \u2014 rerun with yes=true"
+              });
+              out.summary.skipped++;
+              if (!continueOnError) break;
+              continue;
+            }
+            await executeCommand(resolvedDeviceId, step.command, step.parameter, commandType);
             out.results.push({
               step: idx,
               type: "command",
               deviceId: resolvedDeviceId,
               command: step.command,
-              status: "skipped",
-              error: "destructive \u2014 rerun with yes=true"
+              status: "ok"
             });
-            out.summary.skipped++;
-            if (!continueOnError) break;
-            continue;
-          }
-          await executeCommand(resolvedDeviceId, step.command, step.parameter, commandType);
-          out.results.push({
-            step: idx,
-            type: "command",
-            deviceId: resolvedDeviceId,
-            command: step.command,
-            status: "ok"
-          });
-          out.summary.ok++;
-        } catch (err) {
-          if (err instanceof Error && err.name === "DryRunSignal") {
+            out.summary.ok++;
+          } catch (err) {
+            if (err instanceof Error && err.name === "DryRunSignal") {
+              out.results.push({
+                step: idx,
+                type: "command",
+                deviceId: resolvedDeviceId || step.deviceId || "unknown",
+                command: step.command,
+                status: "ok"
+              });
+              out.summary.ok++;
+              continue;
+            }
+            const msg = err instanceof Error ? err.message : String(err);
             out.results.push({
               step: idx,
               type: "command",
               deviceId: resolvedDeviceId || step.deviceId || "unknown",
               command: step.command,
-              status: "ok"
+              status: "error",
+              error: msg
             });
-            out.summary.ok++;
-            continue;
+            out.summary.error++;
+            if (!continueOnError) break;
           }
-          const msg = err instanceof Error ? err.message : String(err);
-          out.results.push({
-            step: idx,
-            type: "command",
-            deviceId: resolvedDeviceId || step.deviceId || "unknown",
-            command: step.command,
-            status: "error",
-            error: msg
-          });
-          out.summary.error++;
-          if (!continueOnError) break;
         }
-      }
-      return {
-        content: [{ type: "text", text: JSON.stringify(out, null, 2) }],
-        structuredContent: out
-      };
-    }
-  );
-  server.registerTool(
-    "audit_query",
-    {
-      title: "Query command/rule audit log entries",
-      description: "Filter entries from the local audit log (default ~/.switchbot/audit.log) by time range, kind, device, rule, and result. Useful for review flows and rule-fire inspection without leaving MCP.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        file: external_exports.string().optional().describe("Optional audit log path; defaults to ~/.switchbot/audit.log."),
-        since: external_exports.string().optional().describe('Relative window ending now (e.g. "30m", "24h"). Mutually exclusive with from/to.'),
-        from: external_exports.string().optional().describe("Range start (ISO-8601)."),
-        to: external_exports.string().optional().describe("Range end (ISO-8601)."),
-        kinds: external_exports.array(external_exports.enum(["command", "rule-fire", "rule-fire-dry", "rule-throttled", "rule-webhook-rejected"])).optional().describe("Filter by entry kind."),
-        device_id: external_exports.string().optional().describe("Filter by deviceId."),
-        rule_name: external_exports.string().optional().describe("Filter by rule.name (rule-engine entries)."),
-        results: external_exports.array(external_exports.enum(["ok", "error", "dry-run"])).optional().describe("Filter by execution result."),
-        limit: external_exports.number().int().min(1).max(5e3).optional().describe("Max entries returned from the tail of the filtered set (default 200).")
-      }).strict(),
-      outputSchema: {
-        file: external_exports.string(),
-        totalMatched: external_exports.number().int(),
-        returned: external_exports.number().int(),
-        entries: external_exports.array(external_exports.unknown())
-      }
-    },
-    ({ file: file2, since, from, to, kinds, device_id, rule_name, results, limit }) => {
-      const filePath = file2 ?? DEFAULT_AUDIT_LOG_FILE;
-      const entries = readAudit(filePath);
-      try {
-        const filtered = filterAuditEntries(entries, {
-          since,
-          from,
-          to,
-          kinds,
-          deviceId: device_id,
-          ruleName: rule_name,
-          results
-        });
-        const bounded = filtered.slice(-Math.max(1, limit ?? 200));
-        const out = {
-          file: filePath,
-          totalMatched: filtered.length,
-          returned: bounded.length,
-          entries: bounded
-        };
         return {
           content: [{ type: "text", text: JSON.stringify(out, null, 2) }],
           structuredContent: out
         };
-      } catch (err) {
-        return mcpError("usage", 2, err instanceof Error ? err.message : "invalid audit query options");
       }
-    }
-  );
-  server.registerTool(
-    "audit_stats",
-    {
-      title: "Aggregate audit log counts for review dashboards",
-      description: "Compute summary counters over the local audit log: by kind, by result, top devices, and top rules. Supports the same filters as audit_query.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        file: external_exports.string().optional().describe("Optional audit log path; defaults to ~/.switchbot/audit.log."),
-        since: external_exports.string().optional().describe('Relative window ending now (e.g. "6h"). Mutually exclusive with from/to.'),
-        from: external_exports.string().optional().describe("Range start (ISO-8601)."),
-        to: external_exports.string().optional().describe("Range end (ISO-8601)."),
-        kinds: external_exports.array(external_exports.enum(["command", "rule-fire", "rule-fire-dry", "rule-throttled", "rule-webhook-rejected"])).optional().describe("Filter by entry kind."),
-        device_id: external_exports.string().optional().describe("Filter by deviceId."),
-        rule_name: external_exports.string().optional().describe("Filter by rule.name (rule-engine entries)."),
-        results: external_exports.array(external_exports.enum(["ok", "error", "dry-run"])).optional().describe("Filter by execution result."),
-        top_n: external_exports.number().int().min(1).max(100).optional().describe("Number of top device/rule rows to return (default 10).")
-      }).strict(),
-      outputSchema: {
-        file: external_exports.string(),
-        totalMatched: external_exports.number().int(),
-        byKind: external_exports.record(external_exports.string(), external_exports.number().int()),
-        byResult: external_exports.record(external_exports.string(), external_exports.number().int()),
-        topDevices: external_exports.array(external_exports.object({ deviceId: external_exports.string(), count: external_exports.number().int() })),
-        topRules: external_exports.array(external_exports.object({ ruleName: external_exports.string(), count: external_exports.number().int() }))
+    );
+  if (!skip("audit_query"))
+    server.registerTool(
+      "audit_query",
+      {
+        title: "Query command/rule audit log entries",
+        description: "Filter entries from the local audit log (default ~/.switchbot/audit.log) by time range, kind, device, rule, and result. Useful for review flows and rule-fire inspection without leaving MCP.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          file: external_exports.string().optional().describe("Optional audit log path; defaults to ~/.switchbot/audit.log."),
+          since: external_exports.string().optional().describe('Relative window ending now (e.g. "30m", "24h"). Mutually exclusive with from/to.'),
+          from: external_exports.string().optional().describe("Range start (ISO-8601)."),
+          to: external_exports.string().optional().describe("Range end (ISO-8601)."),
+          kinds: external_exports.array(external_exports.enum(["command", "rule-fire", "rule-fire-dry", "rule-throttled", "rule-webhook-rejected"])).optional().describe("Filter by entry kind."),
+          device_id: external_exports.string().optional().describe("Filter by deviceId."),
+          rule_name: external_exports.string().optional().describe("Filter by rule.name (rule-engine entries)."),
+          results: external_exports.array(external_exports.enum(["ok", "error", "dry-run"])).optional().describe("Filter by execution result."),
+          limit: external_exports.number().int().min(1).max(5e3).optional().describe("Max entries returned from the tail of the filtered set (default 200).")
+        }).strict(),
+        outputSchema: {
+          file: external_exports.string(),
+          totalMatched: external_exports.number().int(),
+          returned: external_exports.number().int(),
+          entries: external_exports.array(external_exports.unknown())
+        }
+      },
+      ({ file: file2, since, from, to, kinds, device_id, rule_name, results, limit }) => {
+        const filePath = file2 ?? DEFAULT_AUDIT_LOG_FILE;
+        const entries = readAudit(filePath);
+        try {
+          const filtered = filterAuditEntries(entries, {
+            since,
+            from,
+            to,
+            kinds,
+            deviceId: device_id,
+            ruleName: rule_name,
+            results
+          });
+          const bounded = filtered.slice(-Math.max(1, limit ?? 200));
+          const out = {
+            file: filePath,
+            totalMatched: filtered.length,
+            returned: bounded.length,
+            entries: bounded
+          };
+          return {
+            content: [{ type: "text", text: JSON.stringify(out, null, 2) }],
+            structuredContent: out
+          };
+        } catch (err) {
+          return mcpError("usage", 2, err instanceof Error ? err.message : "invalid audit query options");
+        }
       }
-    },
-    ({ file: file2, since, from, to, kinds, device_id, rule_name, results, top_n }) => {
-      const filePath = file2 ?? DEFAULT_AUDIT_LOG_FILE;
-      const entries = readAudit(filePath);
-      try {
-        const filtered = filterAuditEntries(entries, {
-          since,
-          from,
-          to,
-          kinds,
-          deviceId: device_id,
-          ruleName: rule_name,
-          results
-        });
-        const byKind = /* @__PURE__ */ new Map();
-        const byResult = /* @__PURE__ */ new Map();
-        const byDevice = /* @__PURE__ */ new Map();
-        const byRule = /* @__PURE__ */ new Map();
-        for (const entry of filtered) {
-          byKind.set(entry.kind, (byKind.get(entry.kind) ?? 0) + 1);
-          if (entry.result) byResult.set(entry.result, (byResult.get(entry.result) ?? 0) + 1);
-          if (entry.deviceId) byDevice.set(entry.deviceId, (byDevice.get(entry.deviceId) ?? 0) + 1);
-          if (entry.rule?.name) byRule.set(entry.rule.name, (byRule.get(entry.rule.name) ?? 0) + 1);
-        }
-        const topN = top_n ?? 10;
-        const out = {
-          file: filePath,
-          totalMatched: filtered.length,
-          byKind: Object.fromEntries([...byKind.entries()].sort((a, b2) => a[0].localeCompare(b2[0]))),
-          byResult: Object.fromEntries([...byResult.entries()].sort((a, b2) => a[0].localeCompare(b2[0]))),
-          topDevices: topNFromMap(byDevice, topN).map((item) => ({ deviceId: item.key, count: item.count })),
-          topRules: topNFromMap(byRule, topN).map((item) => ({ ruleName: item.key, count: item.count }))
-        };
+    );
+  if (!skip("audit_stats"))
+    server.registerTool(
+      "audit_stats",
+      {
+        title: "Aggregate audit log counts for review dashboards",
+        description: "Compute summary counters over the local audit log: by kind, by result, top devices, and top rules. Supports the same filters as audit_query.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          file: external_exports.string().optional().describe("Optional audit log path; defaults to ~/.switchbot/audit.log."),
+          since: external_exports.string().optional().describe('Relative window ending now (e.g. "6h"). Mutually exclusive with from/to.'),
+          from: external_exports.string().optional().describe("Range start (ISO-8601)."),
+          to: external_exports.string().optional().describe("Range end (ISO-8601)."),
+          kinds: external_exports.array(external_exports.enum(["command", "rule-fire", "rule-fire-dry", "rule-throttled", "rule-webhook-rejected"])).optional().describe("Filter by entry kind."),
+          device_id: external_exports.string().optional().describe("Filter by deviceId."),
+          rule_name: external_exports.string().optional().describe("Filter by rule.name (rule-engine entries)."),
+          results: external_exports.array(external_exports.enum(["ok", "error", "dry-run"])).optional().describe("Filter by execution result."),
+          top_n: external_exports.number().int().min(1).max(100).optional().describe("Number of top device/rule rows to return (default 10).")
+        }).strict(),
+        outputSchema: {
+          file: external_exports.string(),
+          totalMatched: external_exports.number().int(),
+          byKind: external_exports.record(external_exports.string(), external_exports.number().int()),
+          byResult: external_exports.record(external_exports.string(), external_exports.number().int()),
+          topDevices: external_exports.array(external_exports.object({ deviceId: external_exports.string(), count: external_exports.number().int() })),
+          topRules: external_exports.array(external_exports.object({ ruleName: external_exports.string(), count: external_exports.number().int() }))
+        }
+      },
+      ({ file: file2, since, from, to, kinds, device_id, rule_name, results, top_n }) => {
+        const filePath = file2 ?? DEFAULT_AUDIT_LOG_FILE;
+        const entries = readAudit(filePath);
+        try {
+          const filtered = filterAuditEntries(entries, {
+            since,
+            from,
+            to,
+            kinds,
+            deviceId: device_id,
+            ruleName: rule_name,
+            results
+          });
+          const byKind = /* @__PURE__ */ new Map();
+          const byResult = /* @__PURE__ */ new Map();
+          const byDevice = /* @__PURE__ */ new Map();
+          const byRule = /* @__PURE__ */ new Map();
+          for (const entry of filtered) {
+            byKind.set(entry.kind, (byKind.get(entry.kind) ?? 0) + 1);
+            if (entry.result) byResult.set(entry.result, (byResult.get(entry.result) ?? 0) + 1);
+            if (entry.deviceId) byDevice.set(entry.deviceId, (byDevice.get(entry.deviceId) ?? 0) + 1);
+            if (entry.rule?.name) byRule.set(entry.rule.name, (byRule.get(entry.rule.name) ?? 0) + 1);
+          }
+          const topN = top_n ?? 10;
+          const out = {
+            file: filePath,
+            totalMatched: filtered.length,
+            byKind: Object.fromEntries([...byKind.entries()].sort((a, b2) => a[0].localeCompare(b2[0]))),
+            byResult: Object.fromEntries([...byResult.entries()].sort((a, b2) => a[0].localeCompare(b2[0]))),
+            topDevices: topNFromMap(byDevice, topN).map((item) => ({ deviceId: item.key, count: item.count })),
+            topRules: topNFromMap(byRule, topN).map((item) => ({ ruleName: item.key, count: item.count }))
+          };
+          return {
+            content: [{ type: "text", text: JSON.stringify(out, null, 2) }],
+            structuredContent: out
+          };
+        } catch (err) {
+          return mcpError("usage", 2, err instanceof Error ? err.message : "invalid audit stats options");
+        }
+      }
+    );
+  if (!skip("rule_notifications"))
+    server.registerTool(
+      "rule_notifications",
+      {
+        title: "Query rule notification delivery history",
+        description: "Returns audit entries for notify actions (kind: rule-notify). Useful for confirming whether a notification rule fired and whether delivery succeeded. Filter by rule name, time range, result, or channel.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          file: external_exports.string().optional().describe("Optional audit log path; defaults to ~/.switchbot/audit.log."),
+          rule: external_exports.string().optional().describe("Filter by rule name (exact match)."),
+          since: external_exports.string().optional().describe('Relative window ending now (e.g. "30m", "24h").'),
+          from: external_exports.string().optional().describe("Range start (ISO-8601)."),
+          to: external_exports.string().optional().describe("Range end (ISO-8601)."),
+          result: external_exports.enum(["ok", "error"]).optional().describe("Filter by delivery result."),
+          channel: external_exports.enum(["webhook", "openclaw", "file"]).optional().describe("Filter by notify channel."),
+          limit: external_exports.number().int().min(1).max(500).default(100).describe("Max entries to return (newest first).")
+        }).strict(),
+        outputSchema: {
+          entries: external_exports.array(external_exports.unknown()).describe("Matching audit entries, newest first."),
+          total: external_exports.number().int().describe("Count after filtering.")
+        }
+      },
+      ({ file: file2, rule: ruleName, since, from, to, result: resultFilter, channel, limit }) => {
+        const filePath = file2 ?? DEFAULT_AUDIT_LOG_FILE;
+        let entries = readAudit(filePath).filter((e) => e.kind === "rule-notify");
+        if (ruleName) entries = entries.filter((e) => e.rule?.name === ruleName);
+        if (resultFilter) entries = entries.filter((e) => e.result === resultFilter);
+        if (channel) entries = entries.filter((e) => e.notifyChannel === channel);
+        try {
+          entries = filterAuditEntries(entries, { since, from, to });
+        } catch (err) {
+          return mcpError("usage", 2, err instanceof Error ? err.message : "invalid filter options");
+        }
+        const bounded = entries.slice(-limit).reverse();
+        const out = { entries: bounded, total: entries.length };
         return {
           content: [{ type: "text", text: JSON.stringify(out, null, 2) }],
           structuredContent: out
         };
-      } catch (err) {
-        return mcpError("usage", 2, err instanceof Error ? err.message : "invalid audit stats options");
-      }
-    }
-  );
-  server.registerTool(
-    "rule_notifications",
-    {
-      title: "Query rule notification delivery history",
-      description: "Returns audit entries for notify actions (kind: rule-notify). Useful for confirming whether a notification rule fired and whether delivery succeeded. Filter by rule name, time range, result, or channel.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        file: external_exports.string().optional().describe("Optional audit log path; defaults to ~/.switchbot/audit.log."),
-        rule: external_exports.string().optional().describe("Filter by rule name (exact match)."),
-        since: external_exports.string().optional().describe('Relative window ending now (e.g. "30m", "24h").'),
-        from: external_exports.string().optional().describe("Range start (ISO-8601)."),
-        to: external_exports.string().optional().describe("Range end (ISO-8601)."),
-        result: external_exports.enum(["ok", "error"]).optional().describe("Filter by delivery result."),
-        channel: external_exports.enum(["webhook", "openclaw", "file"]).optional().describe("Filter by notify channel."),
-        limit: external_exports.number().int().min(1).max(500).default(100).describe("Max entries to return (newest first).")
-      }).strict(),
-      outputSchema: {
-        entries: external_exports.array(external_exports.unknown()).describe("Matching audit entries, newest first."),
-        total: external_exports.number().int().describe("Count after filtering.")
       }
-    },
-    ({ file: file2, rule: ruleName, since, from, to, result: resultFilter, channel, limit }) => {
-      const filePath = file2 ?? DEFAULT_AUDIT_LOG_FILE;
-      let entries = readAudit(filePath).filter((e) => e.kind === "rule-notify");
-      if (ruleName) entries = entries.filter((e) => e.rule?.name === ruleName);
-      if (resultFilter) entries = entries.filter((e) => e.result === resultFilter);
-      if (channel) entries = entries.filter((e) => e.notifyChannel === channel);
-      try {
-        entries = filterAuditEntries(entries, { since, from, to });
-      } catch (err) {
-        return mcpError("usage", 2, err instanceof Error ? err.message : "invalid filter options");
-      }
-      const bounded = entries.slice(-limit).reverse();
-      const out = { entries: bounded, total: entries.length };
-      return {
-        content: [{ type: "text", text: JSON.stringify(out, null, 2) }],
-        structuredContent: out
-      };
-    }
-  );
-  server.registerTool(
-    "rules_suggest",
-    {
-      title: "Draft a SwitchBot automation rule from intent",
-      description: "Generate a candidate automation rule YAML from a natural language intent. Uses keyword heuristics by default; pass llm to use an LLM backend (auto | openai | anthropic). Always emits dry_run: true \u2014 the rule must be reviewed before arming. Pass the returned rule_yaml to policy_add_rule to inject it into policy.yaml.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        intent: external_exports.string().min(1).describe('Natural language description (e.g. "turn off lights at 10pm").'),
-        trigger: external_exports.enum(["mqtt", "cron", "webhook"]).optional().describe("Trigger type (inferred from intent if omitted)."),
-        device_ids: external_exports.array(external_exports.string().min(1)).optional().describe("Device IDs; first is sensor for mqtt triggers, rest are action targets."),
-        event: external_exports.string().optional().describe("MQTT event name override (e.g. motion.detected)."),
-        schedule: external_exports.string().optional().describe('5-field cron expression override (e.g. "0 22 * * *").'),
-        days: external_exports.array(external_exports.string()).optional().describe('Weekday filter (e.g. ["mon","tue","wed","thu","fri"]).'),
-        webhook_path: external_exports.string().optional().describe("Webhook path override (default /action)."),
-        llm: external_exports.enum(["auto", "openai", "anthropic"]).optional().describe("LLM backend (auto | openai | anthropic). Omit to use keyword heuristics.")
-      }).strict(),
-      outputSchema: {
-        rule: external_exports.unknown().describe("Rule object matching the v0.2 policy schema."),
-        rule_yaml: external_exports.string().describe("YAML string ready to pipe to policy_add_rule."),
-        warnings: external_exports.array(external_exports.string()).describe("Informational warnings (e.g. unrecognized intent defaulted).")
-      }
-    },
-    async ({ intent, trigger, device_ids, event, schedule, days, webhook_path, llm }) => {
-      const devices = (device_ids ?? []).map((id) => {
-        const cached2 = getCachedDevice(id);
-        return { id, name: cached2?.name, type: cached2?.type };
-      });
-      try {
-        const { rule, ruleYaml, warnings } = await suggestRule({
-          intent,
-          trigger,
-          devices,
-          event,
-          schedule,
-          days,
-          webhookPath: webhook_path,
-          llm
+    );
+  if (!skip("rules_suggest"))
+    server.registerTool(
+      "rules_suggest",
+      {
+        title: "Draft a SwitchBot automation rule from intent",
+        description: "Generate a candidate automation rule YAML from a natural language intent. Uses keyword heuristics by default; pass llm to use an LLM backend (auto | openai | anthropic). Always emits dry_run: true \u2014 the rule must be reviewed before arming. Pass the returned rule_yaml to policy_add_rule to inject it into policy.yaml.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          intent: external_exports.string().min(1).describe('Natural language description (e.g. "turn off lights at 10pm").'),
+          trigger: external_exports.enum(["mqtt", "cron", "webhook"]).optional().describe("Trigger type (inferred from intent if omitted)."),
+          device_ids: external_exports.array(external_exports.string().min(1)).optional().describe("Device IDs; first is sensor for mqtt triggers, rest are action targets."),
+          event: external_exports.string().optional().describe("MQTT event name override (e.g. motion.detected)."),
+          schedule: external_exports.string().optional().describe('5-field cron expression override (e.g. "0 22 * * *").'),
+          days: external_exports.array(external_exports.string()).optional().describe('Weekday filter (e.g. ["mon","tue","wed","thu","fri"]).'),
+          webhook_path: external_exports.string().optional().describe("Webhook path override (default /action)."),
+          llm: external_exports.enum(["auto", "openai", "anthropic"]).optional().describe("LLM backend (auto | openai | anthropic). Omit to use keyword heuristics.")
+        }).strict(),
+        outputSchema: {
+          rule: external_exports.unknown().describe("Rule object matching the v0.2 policy schema."),
+          rule_yaml: external_exports.string().describe("YAML string ready to pipe to policy_add_rule."),
+          warnings: external_exports.array(external_exports.string()).describe("Informational warnings (e.g. unrecognized intent defaulted).")
+        }
+      },
+      async ({ intent, trigger, device_ids, event, schedule, days, webhook_path, llm }) => {
+        const devices = (device_ids ?? []).map((id) => {
+          const cached2 = getCachedDevice(id);
+          return { id, name: cached2?.name, type: cached2?.type };
         });
-        return {
-          content: [{ type: "text", text: ruleYaml }],
-          structuredContent: { rule, rule_yaml: ruleYaml, warnings }
-        };
-      } catch (err) {
-        return apiErrorToMcpError(err);
-      }
-    }
-  );
-  server.registerTool(
-    "rules_explain",
-    {
-      title: "Show why a rule evaluation fired or was blocked",
-      description: 'Read rule-evaluate trace records from the audit log and format them for inspection. Pass fire_id to explain a specific evaluation; or pass rule_name with last:true for the most recent evaluation; or pass rule_name + since for a window. Returns trace records only when automation.audit.evaluate_trace is "sampled" or "full".',
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        fire_id: external_exports.string().optional().describe("Specific fireId to explain."),
-        rule_name: external_exports.string().optional().describe("Filter to this rule name."),
-        since: external_exports.string().optional().describe("Duration string (e.g. 1h, 7d) \u2014 show evaluations in this window."),
-        last: external_exports.boolean().optional().describe("Return only the most recent evaluation (requires rule_name)."),
-        audit_log: external_exports.string().optional().describe(`Audit log path (default: ${pathJoin(os14.homedir(), ".switchbot", "audit.log")}).`)
-      }).strict(),
-      outputSchema: {
-        records: external_exports.array(external_exports.unknown()).describe("Array of trace + relatedAudit objects."),
-        count: external_exports.number().describe("Number of trace records returned.")
-      }
-    },
-    async ({ fire_id, rule_name, since, last, audit_log }) => {
-      const DEFAULT_AUDIT_PATH4 = pathJoin(os14.homedir(), ".switchbot", "audit.log");
-      const auditFile = audit_log ?? DEFAULT_AUDIT_PATH4;
-      const sinceIso = since ? new Date(Date.now() - (parseDurationToMs(since) ?? 0)).toISOString() : void 0;
-      let records = loadTraceRecords(auditFile, {
-        fireId: fire_id,
-        ruleName: rule_name,
-        since: sinceIso
-      });
-      if (records.length === 0) {
-        return {
-          content: [{ type: "text", text: 'No rule-evaluate trace records found. Check that automation.audit.evaluate_trace is "sampled" or "full".' }],
-          structuredContent: { records: [], count: 0 }
-        };
-      }
-      if (last) {
-        records = [records[records.length - 1]];
-      }
-      const output = records.map((record2) => {
-        const related = loadRelatedAudit(auditFile, record2.fireId);
-        return JSON.parse(formatExplainJson(record2, related));
-      });
-      return {
-        content: [{ type: "text", text: JSON.stringify(output, null, 2) }],
-        structuredContent: { records: output, count: output.length }
-      };
-    }
-  );
-  server.registerTool(
-    "rules_simulate",
-    {
-      title: "Simulate a rule against historical events",
-      description: "Replay historical events from the audit log or a JSONL file against a rule definition and report would-fire / blocked-by-condition / throttled outcomes. Useful for validating a new or modified rule before deployment. Pass rule_yaml to test an unpublished rule, or rule_name + policy_path to test a deployed rule.",
-      _meta: { agentSafetyTier: "read" },
-      inputSchema: external_exports.object({
-        rule_yaml: external_exports.string().optional().describe("Standalone rule YAML (takes precedence over policy_path + rule_name)."),
-        policy_path: external_exports.string().optional().describe("Path to policy.yaml (defaults to ~/.switchbot/policy.yaml)."),
-        rule_name: external_exports.string().optional().describe("Name of the rule in policy.yaml to simulate."),
-        since: external_exports.string().optional().describe("Replay events from this window (e.g. 7d, 24h)."),
-        against: external_exports.string().optional().describe("JSONL file path of EngineEvent objects to replay."),
-        live_llm: external_exports.boolean().optional().describe("Allow live LLM calls for llm conditions (default: skip and report as would-call)."),
-        audit_log: external_exports.string().optional().describe(`Audit log path (default: ${pathJoin(os14.homedir(), ".switchbot", "audit.log")}).`)
-      }).strict(),
-      outputSchema: {
-        report: external_exports.unknown().describe("SimulateReport object.")
-      }
-    },
-    async ({ rule_yaml, policy_path, rule_name, since, against, live_llm, audit_log }) => {
-      const DEFAULT_AUDIT_PATH4 = pathJoin(os14.homedir(), ".switchbot", "audit.log");
-      const auditFile = audit_log ?? DEFAULT_AUDIT_PATH4;
-      let rule;
-      if (rule_yaml) {
         try {
-          rule = (0, import_yaml7.parse)(rule_yaml);
+          const { rule, ruleYaml, warnings } = await suggestRule({
+            intent,
+            trigger,
+            devices,
+            event,
+            schedule,
+            days,
+            webhookPath: webhook_path,
+            llm
+          });
+          return {
+            content: [{ type: "text", text: ruleYaml }],
+            structuredContent: { rule, rule_yaml: ruleYaml, warnings }
+          };
         } catch (err) {
+          return apiErrorToMcpError(err);
+        }
+      }
+    );
+  if (!skip("rules_explain"))
+    server.registerTool(
+      "rules_explain",
+      {
+        title: "Show why a rule evaluation fired or was blocked",
+        description: 'Read rule-evaluate trace records from the audit log and format them for inspection. Pass fire_id to explain a specific evaluation; or pass rule_name with last:true for the most recent evaluation; or pass rule_name + since for a window. Returns trace records only when automation.audit.evaluate_trace is "sampled" or "full".',
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          fire_id: external_exports.string().optional().describe("Specific fireId to explain."),
+          rule_name: external_exports.string().optional().describe("Filter to this rule name."),
+          since: external_exports.string().optional().describe("Duration string (e.g. 1h, 7d) \u2014 show evaluations in this window."),
+          last: external_exports.boolean().optional().describe("Return only the most recent evaluation (requires rule_name)."),
+          audit_log: external_exports.string().optional().describe(`Audit log path (default: ${pathJoin(os14.homedir(), ".switchbot", "audit.log")}).`)
+        }).strict(),
+        outputSchema: {
+          records: external_exports.array(external_exports.unknown()).describe("Array of trace + relatedAudit objects."),
+          count: external_exports.number().describe("Number of trace records returned.")
+        }
+      },
+      async ({ fire_id, rule_name, since, last, audit_log }) => {
+        const DEFAULT_AUDIT_PATH4 = pathJoin(os14.homedir(), ".switchbot", "audit.log");
+        const auditFile = audit_log ?? DEFAULT_AUDIT_PATH4;
+        const sinceIso = since ? new Date(Date.now() - (parseDurationToMs(since) ?? 0)).toISOString() : void 0;
+        let records = loadTraceRecords(auditFile, {
+          fireId: fire_id,
+          ruleName: rule_name,
+          since: sinceIso
+        });
+        if (records.length === 0) {
           return {
-            content: [{ type: "text", text: `Failed to parse rule_yaml: ${String(err)}` }],
-            structuredContent: { report: null }
+            content: [{ type: "text", text: 'No rule-evaluate trace records found. Check that automation.audit.evaluate_trace is "sampled" or "full".' }],
+            structuredContent: { records: [], count: 0 }
           };
         }
-      } else if (policy_path || rule_name) {
-        const { loadPolicyFile: loadPolicyFile2 } = await Promise.resolve().then(() => (init_load(), load_exports));
-        const policyFile = policy_path ?? pathJoin(os14.homedir(), ".switchbot", "policy.yaml");
-        try {
-          const policy = loadPolicyFile2(policyFile);
-          const data = policy.data ?? {};
-          const found = data.automation?.rules?.find((r) => r.name === rule_name);
-          if (!found) {
+        if (last) {
+          records = [records[records.length - 1]];
+        }
+        const output = records.map((record2) => {
+          const related = loadRelatedAudit(auditFile, record2.fireId);
+          return JSON.parse(formatExplainJson(record2, related));
+        });
+        return {
+          content: [{ type: "text", text: JSON.stringify(output, null, 2) }],
+          structuredContent: { records: output, count: output.length }
+        };
+      }
+    );
+  if (!skip("rules_simulate"))
+    server.registerTool(
+      "rules_simulate",
+      {
+        title: "Simulate a rule against historical events",
+        description: "Replay historical events from the audit log or a JSONL file against a rule definition and report would-fire / blocked-by-condition / throttled outcomes. Useful for validating a new or modified rule before deployment. Pass rule_yaml to test an unpublished rule, or rule_name + policy_path to test a deployed rule.",
+        _meta: { agentSafetyTier: "read" },
+        inputSchema: external_exports.object({
+          rule_yaml: external_exports.string().optional().describe("Standalone rule YAML (takes precedence over policy_path + rule_name)."),
+          policy_path: external_exports.string().optional().describe("Path to policy.yaml (defaults to ~/.switchbot/policy.yaml)."),
+          rule_name: external_exports.string().optional().describe("Name of the rule in policy.yaml to simulate."),
+          since: external_exports.string().optional().describe("Replay events from this window (e.g. 7d, 24h)."),
+          against: external_exports.string().optional().describe("JSONL file path of EngineEvent objects to replay."),
+          live_llm: external_exports.boolean().optional().describe("Allow live LLM calls for llm conditions (default: skip and report as would-call)."),
+          audit_log: external_exports.string().optional().describe(`Audit log path (default: ${pathJoin(os14.homedir(), ".switchbot", "audit.log")}).`)
+        }).strict(),
+        outputSchema: {
+          report: external_exports.unknown().describe("SimulateReport object.")
+        }
+      },
+      async ({ rule_yaml, policy_path, rule_name, since, against, live_llm, audit_log }) => {
+        const DEFAULT_AUDIT_PATH4 = pathJoin(os14.homedir(), ".switchbot", "audit.log");
+        const auditFile = audit_log ?? DEFAULT_AUDIT_PATH4;
+        let rule;
+        if (rule_yaml) {
+          try {
+            rule = (0, import_yaml7.parse)(rule_yaml);
+          } catch (err) {
             return {
-              content: [{ type: "text", text: `Rule "${rule_name}" not found in ${policyFile}.` }],
+              content: [{ type: "text", text: `Failed to parse rule_yaml: ${String(err)}` }],
               structuredContent: { report: null }
             };
           }
-          rule = found;
+        } else if (policy_path || rule_name) {
+          const { loadPolicyFile: loadPolicyFile2 } = await Promise.resolve().then(() => (init_load(), load_exports));
+          const policyFile = policy_path ?? pathJoin(os14.homedir(), ".switchbot", "policy.yaml");
+          try {
+            const policy = loadPolicyFile2(policyFile);
+            const data = policy.data ?? {};
+            const found = data.automation?.rules?.find((r) => r.name === rule_name);
+            if (!found) {
+              return {
+                content: [{ type: "text", text: `Rule "${rule_name}" not found in ${policyFile}.` }],
+                structuredContent: { report: null }
+              };
+            }
+            rule = found;
+          } catch (err) {
+            return {
+              content: [{ type: "text", text: `Failed to load policy: ${String(err)}` }],
+              structuredContent: { report: null }
+            };
+          }
+        } else {
+          return {
+            content: [{ type: "text", text: "Provide rule_yaml or (policy_path + rule_name) to specify the rule to simulate." }],
+            structuredContent: { report: null }
+          };
+        }
+        try {
+          const report = await simulateRule({
+            rule,
+            since,
+            against,
+            auditLog: auditFile,
+            liveLlm: live_llm ?? false
+          });
+          return {
+            content: [{ type: "text", text: JSON.stringify(report, null, 2) }],
+            structuredContent: { report }
+          };
         } catch (err) {
           return {
-            content: [{ type: "text", text: `Failed to load policy: ${String(err)}` }],
+            content: [{ type: "text", text: `Simulate error: ${String(err)}` }],
             structuredContent: { report: null }
           };
         }
-      } else {
-        return {
-          content: [{ type: "text", text: "Provide rule_yaml or (policy_path + rule_name) to specify the rule to simulate." }],
-          structuredContent: { report: null }
-        };
-      }
-      try {
-        const report = await simulateRule({
-          rule,
-          since,
-          against,
-          auditLog: auditFile,
-          liveLlm: live_llm ?? false
-        });
-        return {
-          content: [{ type: "text", text: JSON.stringify(report, null, 2) }],
-          structuredContent: { report }
-        };
-      } catch (err) {
-        return {
-          content: [{ type: "text", text: `Simulate error: ${String(err)}` }],
-          structuredContent: { report: null }
-        };
       }
-    }
-  );
-  server.registerTool(
-    "policy_add_rule",
-    {
-      title: "Append a rule to automation.rules[] in policy.yaml",
-      description: "Inject a rule YAML snippet (as produced by rules_suggest) into the automation.rules[] array in policy.yaml. Preserves existing comments and formatting. Always run with dry_run: true first so the agent can show the diff for user approval. Never set enable_automation: true without explicitly informing the user.",
-      _meta: { agentSafetyTier: "action" },
-      inputSchema: external_exports.object({
-        rule_yaml: external_exports.string().min(1).describe("YAML string of a single rule object (e.g. from rules_suggest)."),
-        policy_path: external_exports.string().optional().describe("Path to policy.yaml (defaults to $SWITCHBOT_POLICY_PATH or ~/.switchbot/policy.yaml)."),
-        enable_automation: external_exports.boolean().default(false).describe("If true, sets automation.enabled: true after inserting the rule."),
-        dry_run: external_exports.boolean().default(false).describe("If true, compute and return the diff without writing to disk."),
-        force: external_exports.boolean().default(false).describe("If true, overwrite an existing rule with the same name.")
-      }).strict(),
-      outputSchema: {
-        policyPath: external_exports.string().describe("Resolved path to the policy file."),
-        ruleName: external_exports.string().describe("Name of the rule that was (or would be) inserted."),
-        written: external_exports.boolean().describe("True when the file was actually written."),
-        diff: external_exports.string().describe("Unified-style diff showing lines added/removed.")
-      }
-    },
-    ({ rule_yaml, policy_path, enable_automation, dry_run, force }) => {
-      const policyPath = resolvePolicyPath({ flag: policy_path });
-      try {
-        const result = addRuleToPolicyFile({
-          ruleYaml: rule_yaml,
-          policyPath,
-          enableAutomation: enable_automation,
-          dryRun: dry_run,
-          force
-        });
-        const out = { policyPath, ruleName: result.ruleName, written: result.written, diff: result.diff };
-        return {
-          content: [{ type: "text", text: JSON.stringify(out, null, 2) }],
-          structuredContent: out
-        };
-      } catch (err) {
-        if (err instanceof AddRuleError) {
-          return apiErrorToMcpError(new Error(`${err.code}: ${err.message}`));
+    );
+  if (!skip("policy_add_rule"))
+    server.registerTool(
+      "policy_add_rule",
+      {
+        title: "Append a rule to automation.rules[] in policy.yaml",
+        description: "Inject a rule YAML snippet (as produced by rules_suggest) into the automation.rules[] array in policy.yaml. Preserves existing comments and formatting. Always run with dry_run: true first so the agent can show the diff for user approval. Never set enable_automation: true without explicitly informing the user.",
+        _meta: { agentSafetyTier: "action" },
+        inputSchema: external_exports.object({
+          rule_yaml: external_exports.string().min(1).describe("YAML string of a single rule object (e.g. from rules_suggest)."),
+          policy_path: external_exports.string().optional().describe("Path to policy.yaml (defaults to $SWITCHBOT_POLICY_PATH or ~/.switchbot/policy.yaml)."),
+          enable_automation: external_exports.boolean().default(false).describe("If true, sets automation.enabled: true after inserting the rule."),
+          dry_run: external_exports.boolean().default(false).describe("If true, compute and return the diff without writing to disk."),
+          force: external_exports.boolean().default(false).describe("If true, overwrite an existing rule with the same name.")
+        }).strict(),
+        outputSchema: {
+          policyPath: external_exports.string().describe("Resolved path to the policy file."),
+          ruleName: external_exports.string().describe("Name of the rule that was (or would be) inserted."),
+          written: external_exports.boolean().describe("True when the file was actually written."),
+          diff: external_exports.string().describe("Unified-style diff showing lines added/removed.")
+        }
+      },
+      ({ rule_yaml, policy_path, enable_automation, dry_run, force }) => {
+        const policyPath = resolvePolicyPath({ flag: policy_path });
+        try {
+          const result = addRuleToPolicyFile({
+            ruleYaml: rule_yaml,
+            policyPath,
+            enableAutomation: enable_automation,
+            dryRun: dry_run,
+            force
+          });
+          const out = { policyPath, ruleName: result.ruleName, written: result.written, diff: result.diff };
+          return {
+            content: [{ type: "text", text: JSON.stringify(out, null, 2) }],
+            structuredContent: out
+          };
+        } catch (err) {
+          if (err instanceof AddRuleError) {
+            return apiErrorToMcpError(new Error(`${err.code}: ${err.message}`));
+          }
+          return apiErrorToMcpError(err);
         }
-        return apiErrorToMcpError(err);
       }
-    }
-  );
+    );
   return server;
 }
 function listRegisteredTools(server) {
@@ -52636,8 +53442,8 @@ function listRegisteredToolsWithMeta(server) {
 function listRegisteredResources() {
   return ["switchbot://events"];
 }
-function printMcpToolDirectory() {
-  const server = createSwitchBotMcpServer();
+function printMcpToolDirectory(toolProfile) {
+  const server = createSwitchBotMcpServer({ toolProfile });
   const tools = listRegisteredToolsWithMeta(server);
   const resources = listRegisteredResources().map((uri) => ({ uri }));
   if (isJsonMode()) {
@@ -52709,16 +53515,30 @@ Example Claude Desktop config (~/Library/Application Support/Claude/claude_deskt
 Inspect locally:
   $ npx @modelcontextprotocol/inspector switchbot mcp serve
 `);
-  mcp.command("tools").description("Print the registered MCP tools in human or JSON form").action(() => printMcpToolDirectory());
-  mcp.command("list-tools").description("Alias of `mcp tools`").action(() => printMcpToolDirectory());
-  mcp.command("serve").description("Start the MCP server on stdio (default) or HTTP (--port)").option("--port <n>", "Listen on HTTP instead of stdio (Streamable HTTP transport)", intArg("--port", { min: 1, max: 65535 })).option("--bind <host>", "IP address to bind (default 127.0.0.1; use 0.0.0.0 to accept external connections)", stringArg("--bind"), "127.0.0.1").option("--auth-token <token>", "Bearer token for HTTP requests (required for --bind 0.0.0.0; falls back to SWITCHBOT_MCP_TOKEN env var)", stringArg("--auth-token")).option("--cors-origin <url>", "Allowed CORS origin(s) for HTTP (repeatable)", stringArg("--cors-origin")).option("--rate-limit <n>", "Max requests per minute per profile (default 60)", intArg("--rate-limit", { min: 1 }), "60").addHelpText("after", `
+  mcp.command("tools").description("Print the registered MCP tools in human or JSON form").option("--tools <profile>", "Tool profile: default, readonly, all (default: all)", stringArg("--tools"), "all").action((opts) => {
+    try {
+      printMcpToolDirectory(resolveToolProfile(opts.tools));
+    } catch (e) {
+      handleError(e);
+    }
+  });
+  mcp.command("list-tools").description("Alias of `mcp tools`").option("--tools <profile>", "Tool profile: default, readonly, all (default: all)", stringArg("--tools"), "all").action((opts) => {
+    try {
+      printMcpToolDirectory(resolveToolProfile(opts.tools));
+    } catch (e) {
+      handleError(e);
+    }
+  });
+  mcp.command("serve").description("Start the MCP server on stdio (default) or HTTP (--port)").option("--port <n>", "Listen on HTTP instead of stdio (Streamable HTTP transport)", intArg("--port", { min: 1, max: 65535 })).option("--bind <host>", "IP address to bind (default 127.0.0.1; use 0.0.0.0 to accept external connections)", stringArg("--bind"), "127.0.0.1").option("--auth-token <token>", "Bearer token for HTTP requests (required for --bind 0.0.0.0; falls back to SWITCHBOT_MCP_TOKEN env var)", stringArg("--auth-token")).option("--cors-origin <url>", "Allowed CORS origin(s) for HTTP (repeatable)", stringArg("--cors-origin")).option("--rate-limit <n>", "Max requests per minute per profile (default 60)", intArg("--rate-limit", { min: 1 }), "60").option("--tools <profile>", "Tool profile: default, readonly, all (default: default)", stringArg("--tools"), "default").addHelpText("after", `
 Examples:
   $ switchbot mcp serve
+  $ switchbot mcp serve --tools all
   $ switchbot mcp serve --port 8787
   $ switchbot mcp serve --port 8787 --bind 127.0.0.1 --auth-token your-token
   $ switchbot mcp serve --port 8787 --bind 0.0.0.0 --auth-token your-token
 `).action(async (options) => {
     try {
+      const toolProfile = resolveToolProfile(options.tools);
       if (options.port) {
         const port = Number(options.port);
         if (!Number.isFinite(port) || port < 1 || port > 65535) {
@@ -52867,7 +53687,7 @@ process_uptime_seconds ${Math.floor(process.uptime())}
             }
           }
           const reqTransport = new StreamableHTTPServerTransport({ sessionIdGenerator: void 0 });
-          const reqServer = createSwitchBotMcpServer({ eventManager: eventManager2 });
+          const reqServer = createSwitchBotMcpServer({ eventManager: eventManager2, toolProfile });
           res.on("close", () => {
             reqTransport.close();
             reqServer.close();
@@ -52919,7 +53739,7 @@ process_uptime_seconds ${Math.floor(process.uptime())}
           console.error("MQTT initialization failed:", err instanceof Error ? err.message : String(err));
         });
       }
-      const server = createSwitchBotMcpServer({ eventManager });
+      const server = createSwitchBotMcpServer({ eventManager, toolProfile });
       const transport = new StdioServerTransport();
       await server.connect(transport);
       let isShuttingDown = false;
@@ -55689,7 +56509,7 @@ Examples:
   $ switchbot history show --limit 10
   $ switchbot history replay 3
 `);
-  history.command("show").description("Print recent audit entries").option("--file <path>", `Path to the audit log (default ${DEFAULT_AUDIT})`, stringArg("--file")).option("--limit <n>", "Show only the last N entries", intArg("--limit", { min: 1 })).action((options) => {
+  history.command("show").alias("list").description("Print recent audit entries").option("--file <path>", `Path to the audit log (default ${DEFAULT_AUDIT})`, stringArg("--file")).option("--limit <n>", "Show only the last N entries", intArg("--limit", { min: 1 })).action((options) => {
     const file2 = options.file ?? DEFAULT_AUDIT;
     const entries = readAudit(file2);
     const limited = options.limit !== void 0 ? entries.slice(-Math.max(1, Number(options.limit) || 1)) : entries;
@@ -59338,6 +60158,7 @@ import os25 from "node:os";
 import path27 from "node:path";
 var DEFAULT_AUDIT_PATH3 = path27.join(os25.homedir(), ".switchbot", "audit.log");
 var AUDIT_ERROR_WINDOW_MS = 24 * 60 * 60 * 1e3;
+var EXPECTED_ERROR_CODES = /* @__PURE__ */ new Set([161, 171, 190]);
 function getHealthReport(auditPath = DEFAULT_AUDIT_PATH3) {
   const now = /* @__PURE__ */ new Date();
   const procHealth = {
@@ -59358,20 +60179,46 @@ function getHealthReport(auditPath = DEFAULT_AUDIT_PATH3) {
   };
   let auditHealth;
   if (!fs31.existsSync(auditPath)) {
-    auditHealth = { present: false, recentErrors: 0, recentTotal: 0, errorRatePercent: 0, status: "ok" };
+    auditHealth = {
+      present: false,
+      recentErrors: 0,
+      recentTotal: 0,
+      errorRatePercent: 0,
+      expectedErrors: 0,
+      unexpectedErrors: 0,
+      unexpectedRatePercent: 0,
+      breakdown: {},
+      status: "ok"
+    };
   } else {
     const entries = readAudit(auditPath);
     const windowStart = now.getTime() - AUDIT_ERROR_WINDOW_MS;
     const recent = entries.filter((e) => new Date(e.t).getTime() >= windowStart);
-    const errors = recent.filter((e) => e.result === "error").length;
+    const errorEntries = recent.filter((e) => e.result === "error");
     const total = recent.length;
+    const errors = errorEntries.length;
     const errorRate = total > 0 ? Math.round(errors / total * 100) : 0;
+    const breakdown = {};
+    let expectedErrors = 0;
+    for (const e of errorEntries) {
+      const code = e.statusCode !== void 0 ? String(e.statusCode) : "unknown";
+      breakdown[code] = (breakdown[code] ?? 0) + 1;
+      if (e.statusCode !== void 0 && EXPECTED_ERROR_CODES.has(e.statusCode)) {
+        expectedErrors++;
+      }
+    }
+    const unexpectedErrors = errors - expectedErrors;
+    const unexpectedRatePercent = total > 0 ? Math.round(unexpectedErrors / total * 100 * 10) / 10 : 0;
     auditHealth = {
       present: true,
       recentErrors: errors,
       recentTotal: total,
       errorRatePercent: errorRate,
-      status: errorRate >= 30 ? "warn" : "ok"
+      expectedErrors,
+      unexpectedErrors,
+      unexpectedRatePercent,
+      breakdown,
+      status: unexpectedRatePercent >= 30 ? "warn" : "ok"
     };
   }
   const cbStats = apiCircuitBreaker.getStats();