@thecorporation/cli 26.3.20 → 26.3.22

package/dist/index.js

@@ -90,9 +90,13 @@ function allowUnsafeApiUrl() {
   return process.env.CORP_UNSAFE_API_URL === "1";
 }
 function validateApiUrl(value) {
+  const trimmed = value.trim();
+  if (trimmed.startsWith("process://")) {
+    return trimmed;
+  }
   let parsed;
   try {
-    parsed = new URL(value.trim());
+    parsed = new URL(trimmed);
   } catch {
     throw new Error("api_url must be a valid absolute URL");
   }
@@ -217,6 +221,7 @@ function normalizeConfig(raw) {
   cfg.workspace_id = normalizeString(raw.workspace_id) ?? cfg.workspace_id;
   cfg.hosting_mode = normalizeString(raw.hosting_mode) ?? cfg.hosting_mode;
   cfg.active_entity_id = normalizeString(raw.active_entity_id) ?? cfg.active_entity_id;
+  cfg.data_dir = normalizeString(raw.data_dir) ?? cfg.data_dir;
   if (isObject(raw.llm)) {
     cfg.llm.provider = normalizeString(raw.llm.provider) ?? cfg.llm.provider;
     cfg.llm.api_key = normalizeString(raw.llm.api_key) ?? cfg.llm.api_key;
@@ -263,7 +268,8 @@ function serializeConfig(cfg) {
       name: normalized.user.name,
       email: normalized.user.email
     },
-    active_entity_id: normalized.active_entity_id
+    active_entity_id: normalized.active_entity_id,
+    ...normalized.data_dir ? { data_dir: normalized.data_dir } : {}
   };
   if (normalized.active_entity_ids && Object.keys(normalized.active_entity_ids).length > 0) {
     serialized.active_entity_ids = normalized.active_entity_ids;
@@ -283,6 +289,20 @@ function serializeAuth(cfg) {
   if (normalized.llm.api_key) {
     serialized.llm = { api_key: normalized.llm.api_key };
   }
+  const existingAuth = readJsonFile(AUTH_FILE);
+  if (isObject(existingAuth) && isObject(existingAuth.server_secrets)) {
+    const ss = existingAuth.server_secrets;
+    if (typeof ss.jwt_secret === "string" && typeof ss.secrets_master_key === "string" && typeof ss.internal_worker_token === "string") {
+      serialized.server_secrets = {
+        jwt_secret: ss.jwt_secret,
+        secrets_master_key: ss.secrets_master_key,
+        internal_worker_token: ss.internal_worker_token
+      };
+    }
+  }
+  if (cfg._server_secrets) {
+    serialized.server_secrets = cfg._server_secrets;
+  }
   return JSON.stringify(serialized, null, 2) + "\n";
 }
 function requireSupportedConfigKey(dotPath) {
@@ -292,7 +312,9 @@ function requireSupportedConfigKey(dotPath) {
 }
 function validateSensitiveConfigUpdate(dotPath, forceSensitive = false) {
   if (SENSITIVE_CONFIG_KEYS.has(dotPath) && !forceSensitive) {
-    throw new Error(`refusing to update security-sensitive key '${dotPath}' without --force`);
+    throw new Error(
+      `refusing to update security-sensitive key '${dotPath}' without --force; this key controls authentication or API routing, so explicit confirmation is required`
+    );
   }
 }
 function setKnownConfigValue(cfg, dotPath, value) {
@@ -309,6 +331,9 @@ function setKnownConfigValue(cfg, dotPath, value) {
     case "hosting_mode":
       cfg.hosting_mode = value.trim();
       return;
+    case "data_dir":
+      cfg.data_dir = value.trim();
+      return;
     case "llm.provider":
       cfg.llm.provider = value.trim();
       return;
@@ -490,7 +515,8 @@ var init_config = __esm({
       "llm.base_url",
       "user.name",
       "user.email",
-      "active_entity_id"
+      "active_entity_id",
+      "data_dir"
     ]);
     SENSITIVE_CONFIG_KEYS = /* @__PURE__ */ new Set(["api_url", "api_key", "workspace_id"]);
     DEFAULTS = {
@@ -505,7 +531,8 @@ var init_config = __esm({
         base_url: process.env.CORP_LLM_BASE_URL || void 0
       },
       user: { name: "", email: "" },
-      active_entity_id: ""
+      active_entity_id: "",
+      data_dir: ""
     };
   }
 });
@@ -656,7 +683,11 @@ function describeReferenceRecord(kind, record) {
       idFields: ["share_class_id", "id"],
       labelFields: ["class_code", "name", "share_class"]
     },
-    round: { idFields: ["round_id", "equity_round_id", "id"], labelFields: ["name"] }
+    round: { idFields: ["round_id", "equity_round_id", "id"], labelFields: ["name"] },
+    service_request: {
+      idFields: ["request_id", "service_request_id", "id"],
+      labelFields: ["service_slug", "status"]
+    }
   };
   const spec = specs[kind];
   const id = extractId(record, spec.idFields);
@@ -724,7 +755,8 @@ var init_references = __esm({
       "safe_note",
       "instrument",
       "share_class",
-      "round"
+      "round",
+      "service_request"
     ];
     VALID_RESOURCE_KINDS = new Set(RESOURCE_KINDS);
     MAX_REFERENCE_INPUT_LEN = 256;
@@ -753,6 +785,7 @@ var init_references = __esm({
       valuationsCache = /* @__PURE__ */ new Map();
       safeNotesCache = /* @__PURE__ */ new Map();
       roundsCache = /* @__PURE__ */ new Map();
+      serviceRequestsCache = /* @__PURE__ */ new Map();
       capTableCache = /* @__PURE__ */ new Map();
       agentsCache;
       constructor(client, cfg) {
@@ -775,6 +808,29 @@ var init_references = __esm({
       async resolveContact(entityId, ref) {
         return this.resolve("contact", ref, { entityId });
       }
+      async resolveWorkItemActor(entityId, ref) {
+        const trimmed = validateReferenceInput(ref, "actor reference");
+        const [contactResult, agentResult] = await Promise.allSettled([
+          this.resolveContact(entityId, trimmed),
+          this.resolveAgent(trimmed)
+        ]);
+        const contactId = contactResult.status === "fulfilled" ? contactResult.value : void 0;
+        const agentId = agentResult.status === "fulfilled" ? agentResult.value : void 0;
+        if (contactId && agentId && contactId !== agentId) {
+          throw new Error(
+            `Actor reference '${trimmed}' is ambiguous between a contact and an agent. Use a unique ref or explicit @last:contact / @last:agent.`
+          );
+        }
+        if (contactId) {
+          return { actor_type: "contact", actor_id: contactId };
+        }
+        if (agentId) {
+          return { actor_type: "agent", actor_id: agentId };
+        }
+        throw new Error(
+          `No matching contact or agent found for '${trimmed}'. Try 'corp find contact <query>' or 'corp find agent <query>'.`
+        );
+      }
       async resolveShareTransfer(entityId, ref) {
         return this.resolve("share_transfer", ref, { entityId });
       }
@@ -844,6 +900,9 @@ var init_references = __esm({
       async resolveRound(entityId, ref) {
         return this.resolve("round", ref, { entityId });
       }
+      async resolveServiceRequest(entityId, ref) {
+        return this.resolve("service_request", ref, { entityId });
+      }
       async find(kind, query, scope = {}) {
         const trimmedQuery = validateReferenceInput(query, "query", { allowEmpty: true });
         const records = await this.listRecords(kind, scope);
@@ -1031,6 +1090,8 @@ var init_references = __esm({
               return this.listShareClasses(scope.entityId);
             case "round":
               return this.listRounds(scope.entityId);
+            case "service_request":
+              return this.listServiceRequestRecords(scope.entityId);
           }
         })();
         return this.attachStableHandles(kind, records, scope.entityId);
@@ -1295,51 +1356,19 @@ var init_references = __esm({
         const capTable = await this.getCapTable(entityId);
         return Array.isArray(capTable.share_classes) ? capTable.share_classes : [];
       }
+      async listServiceRequestRecords(entityId) {
+        if (!entityId) throw new Error("An entity context is required to resolve service requests.");
+        const cached = this.serviceRequestsCache.get(entityId);
+        if (cached) return cached;
+        const requests = await this.client.listServiceRequests(entityId);
+        this.serviceRequestsCache.set(entityId, requests);
+        return requests;
+      }
     };
   }
 });
 
 // src/output.ts
-var output_exports = {};
-__export(output_exports, {
-  printAgendaItemsTable: () => printAgendaItemsTable,
-  printAgentsTable: () => printAgentsTable,
-  printApprovalsTable: () => printApprovalsTable,
-  printBankAccountsTable: () => printBankAccountsTable,
-  printBillingPanel: () => printBillingPanel,
-  printCapTable: () => printCapTable,
-  printClassificationsTable: () => printClassificationsTable,
-  printContactsTable: () => printContactsTable,
-  printDeadlinesTable: () => printDeadlinesTable,
-  printDistributionsTable: () => printDistributionsTable,
-  printDocumentsTable: () => printDocumentsTable,
-  printDryRun: () => printDryRun,
-  printEntitiesTable: () => printEntitiesTable,
-  printError: () => printError,
-  printGovernanceTable: () => printGovernanceTable,
-  printInstrumentsTable: () => printInstrumentsTable,
-  printInvoicesTable: () => printInvoicesTable,
-  printJson: () => printJson,
-  printMeetingsTable: () => printMeetingsTable,
-  printObligationsTable: () => printObligationsTable,
-  printPaymentsTable: () => printPaymentsTable,
-  printPayrollRunsTable: () => printPayrollRunsTable,
-  printReconciliationsTable: () => printReconciliationsTable,
-  printReferenceSummary: () => printReferenceSummary,
-  printResolutionsTable: () => printResolutionsTable,
-  printRoundsTable: () => printRoundsTable,
-  printSafesTable: () => printSafesTable,
-  printSeatsTable: () => printSeatsTable,
-  printShareClassesTable: () => printShareClassesTable,
-  printStatusPanel: () => printStatusPanel,
-  printSuccess: () => printSuccess,
-  printTaxFilingsTable: () => printTaxFilingsTable,
-  printTransfersTable: () => printTransfersTable,
-  printValuationsTable: () => printValuationsTable,
-  printWarning: () => printWarning,
-  printWorkItemsTable: () => printWorkItemsTable,
-  printWriteResult: () => printWriteResult
-});
 import chalk from "chalk";
 import Table from "cli-table3";
 function printError(msg) {
@@ -1420,6 +1449,30 @@ function printStatusPanel(data) {
   }
   console.log(chalk.blue("\u2500".repeat(50)));
 }
+function printFinanceSummaryPanel(data) {
+  const invoices = data.invoices ?? {};
+  const bankAccounts = data.bank_accounts ?? {};
+  const payments = data.payments ?? {};
+  const payrollRuns = data.payroll_runs ?? {};
+  const distributions = data.distributions ?? {};
+  const reconciliations = data.reconciliations ?? {};
+  const classifications = data.contractor_classifications ?? {};
+  console.log(chalk.green("\u2500".repeat(54)));
+  console.log(chalk.green.bold("  Finance Summary"));
+  console.log(chalk.green("\u2500".repeat(54)));
+  console.log(`  ${chalk.bold("Entity:")} ${s(data.entity_id) || "N/A"}`);
+  console.log(`  ${chalk.bold("Invoices:")} ${s(invoices.count)} total, ${s(invoices.open_count)} open, ${money(invoices.total_amount_cents)}`);
+  if (invoices.latest_due_date) {
+    console.log(`  ${chalk.bold("Invoice Horizon:")} next due ${date(invoices.latest_due_date)}`);
+  }
+  console.log(`  ${chalk.bold("Bank Accounts:")} ${s(bankAccounts.active_count)}/${s(bankAccounts.count)} active`);
+  console.log(`  ${chalk.bold("Payments:")} ${s(payments.count)} total, ${s(payments.pending_count)} pending, ${money(payments.total_amount_cents)}`);
+  console.log(`  ${chalk.bold("Payroll Runs:")} ${s(payrollRuns.count)} total${payrollRuns.latest_period_end ? `, latest ${date(payrollRuns.latest_period_end)}` : ""}`);
+  console.log(`  ${chalk.bold("Distributions:")} ${s(distributions.count)} total, ${money(distributions.total_amount_cents)}`);
+  console.log(`  ${chalk.bold("Reconciliations:")} ${s(reconciliations.balanced_count)}/${s(reconciliations.count)} balanced`);
+  console.log(`  ${chalk.bold("Contractors:")} ${s(classifications.count)} classifications, ${s(classifications.high_risk_count)} high risk`);
+  console.log(chalk.green("\u2500".repeat(54)));
+}
 function makeTable(title, columns) {
   console.log(`
 ${chalk.bold(title)}`);
@@ -1443,6 +1496,17 @@ function date(val) {
   const parsed = new Date(str);
   return Number.isNaN(parsed.getTime()) ? str : parsed.toISOString().slice(0, 10);
 }
+function actorLabel(record, field) {
+  const actor = record[`${field}_actor`];
+  if (actor && typeof actor === "object" && !Array.isArray(actor)) {
+    const label = s(actor.label);
+    const actorType = s(actor.actor_type);
+    if (label) {
+      return actorType ? `${label} (${actorType})` : label;
+    }
+  }
+  return s(record[field]);
+}
 function printEntitiesTable(entities) {
   const table = makeTable("Entities", ["Ref", "Name", "Type", "Jurisdiction", "Status"]);
   for (const e of entities) {
@@ -1848,7 +1912,7 @@ function printWorkItemsTable(items) {
       s(w.category),
       colored,
       w.asap ? chalk.red.bold("ASAP") : s(w.deadline ?? ""),
-      s(w.claimed_by ?? "")
+      actorLabel(w, "claimed_by")
     ]);
   }
   console.log(table.toString());
@@ -1862,17 +1926,29 @@ function printAgentsTable(agents) {
   }
   console.log(table.toString());
 }
-function printApprovalsTable(approvals) {
-  const table = makeTable("Pending Approvals", ["ID", "Type", "Requested By", "Description", "Created"]);
-  for (const a of approvals) {
-    let desc = s(a.description ?? a.summary);
-    if (desc.length > 60) desc = desc.slice(0, 57) + "...";
+function printServiceCatalogTable(items) {
+  const table = makeTable("Service Catalog", ["Slug", "Name", "Price", "Type"]);
+  for (const item of items) {
     table.push([
-      s(a.approval_id ?? a.id, 12),
-      s(a.approval_type ?? a.type),
-      s(a.requested_by ?? a.requester),
-      desc,
-      s(a.created_at)
+      s(item.slug),
+      s(item.name),
+      money(item.amount_cents),
+      s(item.price_type)
+    ]);
+  }
+  console.log(table.toString());
+}
+function printServiceRequestsTable(requests) {
+  const table = makeTable("Service Requests", ["Ref", "Service", "Amount", "Status", "Created"]);
+  for (const r of requests) {
+    const status = s(r.status);
+    const colored = status === "fulfilled" ? chalk.green(status) : status === "paid" ? chalk.cyan(status) : status === "checkout" ? chalk.yellow(status) : status === "failed" ? chalk.dim(status) : status;
+    table.push([
+      formatReferenceCell("service_request", r),
+      s(r.service_slug),
+      money(r.amount_cents),
+      colored,
+      date(r.created_at)
     ]);
   }
   console.log(table.toString());
@@ -1930,7 +2006,15 @@ var setup_exports = {};
 __export(setup_exports, {
   setupCommand: () => setupCommand
 });
-import { input, confirm } from "@inquirer/prompts";
+import { input, select } from "@inquirer/prompts";
+import { homedir as homedir2 } from "os";
+import { join as join2 } from "path";
+import { existsSync as existsSync2, mkdirSync as mkdirSync2, readdirSync } from "fs";
+import {
+  generateSecret,
+  generateFernetKey,
+  processRequest
+} from "@thecorporation/corp-tools";
 async function requestMagicLink(apiUrl, email, tosAccepted) {
   const resp = await fetch(`${apiUrl}/v1/auth/magic-link`, {
     method: "POST",
@@ -1966,9 +2050,6 @@ async function verifyMagicLinkCode(apiUrl, code) {
     workspace_id: data.workspace_id
   };
 }
-function isCloudApi(url) {
-  return url.replace(/\/+$/, "").includes("thecorporation.ai");
-}
 async function magicLinkAuth(apiUrl, email) {
   console.log("\nSending magic link to " + email + "...");
   await requestMagicLink(apiUrl, email, true);
@@ -1984,22 +2065,46 @@ async function magicLinkAuth(apiUrl, email) {
   console.log("Verifying...");
   return verifyMagicLinkCode(apiUrl, trimmed);
 }
+function setupDataDir(dirPath) {
+  if (!existsSync2(dirPath)) {
+    mkdirSync2(dirPath, { recursive: true });
+    return { isNew: true };
+  }
+  try {
+    const entries = readdirSync(dirPath);
+    if (entries.length > 0) {
+      console.log("Found existing data, reusing.");
+      return { isNew: false };
+    }
+  } catch {
+  }
+  return { isNew: true };
+}
+async function localProvision(dataDir, name) {
+  const resp = processRequest(
+    "process://",
+    "POST",
+    "/v1/workspaces/provision",
+    { "Content-Type": "application/json" },
+    JSON.stringify({ name }),
+    { dataDir }
+  );
+  if (!resp.ok) {
+    const detail = await resp.text();
+    throw new Error(`Provision failed: HTTP ${resp.status} \u2014 ${detail}`);
+  }
+  const body = await resp.json();
+  if (!body.api_key || !body.workspace_id) {
+    throw new Error("Provision response missing api_key or workspace_id");
+  }
+  return {
+    api_key: body.api_key,
+    workspace_id: body.workspace_id
+  };
+}
 async function setupCommand() {
   const cfg = loadConfig();
   console.log("Welcome to corp \u2014 corporate governance from the terminal.\n");
-  const customUrl = process.env.CORP_API_URL;
-  if (customUrl) {
-    try {
-      cfg.api_url = validateApiUrl(customUrl);
-    } catch (err) {
-      printError(`Invalid CORP_API_URL: ${err}`);
-      process.exit(1);
-    }
-    console.log(`Using API: ${cfg.api_url}
-`);
-  } else {
-    cfg.api_url = CLOUD_API_URL;
-  }
   console.log("--- User Info ---");
   const user = cfg.user ?? { name: "", email: "" };
   user.name = await input({
@@ -2011,10 +2116,53 @@ async function setupCommand() {
     default: user.email || void 0
   });
   cfg.user = user;
-  const needsAuth = !cfg.api_key || !cfg.workspace_id;
-  const cloud = isCloudApi(cfg.api_url);
-  if (needsAuth) {
-    if (cloud) {
+  console.log("\n--- Hosting Mode ---");
+  const hostingMode = await select({
+    message: "How would you like to run corp?",
+    choices: [
+      { value: "local", name: "Local (your machine)" },
+      { value: "cloud", name: "TheCorporation cloud" },
+      { value: "self-hosted", name: "Self-hosted server (custom URL)" }
+    ],
+    default: cfg.hosting_mode || "local"
+  });
+  cfg.hosting_mode = hostingMode;
+  if (hostingMode === "local") {
+    const dataDir = await input({
+      message: "Data directory",
+      default: cfg.data_dir || DEFAULT_DATA_DIR
+    });
+    cfg.data_dir = dataDir;
+    cfg.api_url = "process://";
+    const { isNew } = setupDataDir(dataDir);
+    const serverSecrets = {
+      jwt_secret: generateSecret(),
+      secrets_master_key: generateFernetKey(),
+      internal_worker_token: generateSecret()
+    };
+    process.env.JWT_SECRET = serverSecrets.jwt_secret;
+    process.env.SECRETS_MASTER_KEY = serverSecrets.secrets_master_key;
+    process.env.INTERNAL_WORKER_TOKEN = serverSecrets.internal_worker_token;
+    cfg._server_secrets = serverSecrets;
+    if (isNew || !cfg.workspace_id) {
+      console.log("\nProvisioning workspace...");
+      try {
+        const result = await localProvision(dataDir, `${user.name}'s workspace`);
+        cfg.api_key = result.api_key;
+        cfg.workspace_id = result.workspace_id;
+        printSuccess(`Local workspace ready: ${result.workspace_id}`);
+      } catch (err) {
+        printError(`Workspace provisioning failed: ${err}`);
+        console.log("You can retry with 'corp setup'.");
+      }
+    } else {
+      console.log("\nExisting workspace found.");
+    }
+  } else if (hostingMode === "cloud") {
+    cfg.api_url = CLOUD_API_URL;
+    cfg.data_dir = "";
+    const needsAuth = !cfg.api_key || !cfg.workspace_id;
+    if (needsAuth) {
       try {
         const result = await magicLinkAuth(cfg.api_url, user.email);
         cfg.api_key = result.api_key;
@@ -2027,6 +2175,22 @@ async function setupCommand() {
         );
       }
     } else {
+      console.log("\nExisting credentials found. Run 'corp status' to verify.");
+    }
+  } else {
+    const url = await input({
+      message: "Server URL",
+      default: cfg.api_url !== CLOUD_API_URL && !cfg.api_url.startsWith("process://") ? cfg.api_url : void 0
+    });
+    try {
+      cfg.api_url = validateApiUrl(url);
+    } catch (err) {
+      printError(`Invalid URL: ${err}`);
+      process.exit(1);
+    }
+    cfg.data_dir = "";
+    const needsAuth = !cfg.api_key || !cfg.workspace_id;
+    if (needsAuth) {
       console.log("\nProvisioning workspace...");
       try {
         const result = await provisionWorkspace(
@@ -2043,57 +2207,13 @@ async function setupCommand() {
         );
       }
     }
-  } else {
-    console.log("\nVerifying existing credentials...");
-    let keyValid = false;
-    try {
-      const resp = await fetch(
-        `${cfg.api_url.replace(/\/+$/, "")}/v1/workspaces/${cfg.workspace_id}/status`,
-        { headers: { Authorization: `Bearer ${cfg.api_key}` } }
-      );
-      keyValid = resp.status !== 401;
-    } catch {
-    }
-    if (keyValid) {
-      console.log("Credentials OK.");
-    } else {
-      console.log("API key is no longer valid.");
-      const reauth = await confirm({
-        message: cloud ? "Re-authenticate via magic link?" : "Provision a new workspace? (This will replace your current credentials)",
-        default: true
-      });
-      if (reauth) {
-        try {
-          if (cloud) {
-            const result = await magicLinkAuth(cfg.api_url, user.email);
-            cfg.api_key = result.api_key;
-            cfg.workspace_id = result.workspace_id;
-            printSuccess(`Authenticated. Workspace: ${result.workspace_id}`);
-          } else {
-            const result = await provisionWorkspace(
-              cfg.api_url,
-              `${user.name}'s workspace`
-            );
-            cfg.api_key = result.api_key;
-            cfg.workspace_id = result.workspace_id;
-            console.log(`Workspace provisioned: ${result.workspace_id}`);
-          }
-        } catch (err) {
-          printError(`Authentication failed: ${err}`);
-        }
-      } else {
-        console.log(
-          "Keeping existing credentials. You can manually update with: corp config set api_key <key>"
-        );
-      }
-    }
   }
   saveConfig(cfg);
   console.log("\nSettings saved to ~/.corp/config.json");
   console.log("Credentials saved to ~/.corp/auth.json");
   console.log("Run 'corp status' to verify your connection.");
 }
-var CLOUD_API_URL;
+var CLOUD_API_URL, DEFAULT_DATA_DIR;
 var init_setup = __esm({
   "src/commands/setup.ts"() {
     "use strict";
@@ -2101,6 +2221,7 @@ var init_setup = __esm({
     init_api_client();
     init_output();
     CLOUD_API_URL = "https://api.thecorporation.ai";
+    DEFAULT_DATA_DIR = join2(homedir2(), ".corp", "data");
   }
 });
 
@@ -3109,11 +3230,11 @@ import {
   isWriteTool as _isWriteTool,
   executeTool as _executeTool
 } from "@thecorporation/corp-tools";
-import { join as join2 } from "path";
-import { homedir as homedir2 } from "os";
+import { join as join3 } from "path";
+import { homedir as homedir3 } from "os";
 async function executeTool(name, args, client) {
   return _executeTool(name, args, client, {
-    dataDir: join2(homedir2(), ".corp"),
+    dataDir: join3(homedir3(), ".corp"),
     onEntityFormed: (entityId) => {
       try {
         updateConfig((cfg) => {
@@ -3828,7 +3949,26 @@ async function fourOhNineACommand(opts) {
   } catch (err) {
     const msg = String(err);
     if (msg.includes("404")) {
-      console.log("No 409A valuation found for this entity. Create one with:\n  corp cap-table create-valuation --type four_oh_nine_a --date YYYY-MM-DD --methodology <method>");
+      try {
+        const eid = await resolver.resolveEntity(opts.entityId);
+        const valuations = await client.getValuations(eid);
+        const pending409a = valuations.filter((valuation) => valuation.valuation_type === "four_oh_nine_a").find((valuation) => valuation.status === "pending_approval");
+        if (pending409a) {
+          const effectiveDate = pending409a.effective_date ?? "unknown date";
+          console.log(
+            `No current approved 409A valuation found. A 409A valuation is pending approval (${effectiveDate}).
+  Complete board approval, then re-run: corp cap-table 409a`
+          );
+        } else {
+          console.log(
+            "No 409A valuation found for this entity. Create one with:\n  corp cap-table create-valuation --type four_oh_nine_a --date YYYY-MM-DD --methodology <method>"
+          );
+        }
+      } catch {
+        console.log(
+          "No 409A valuation found for this entity. Create one with:\n  corp cap-table create-valuation --type four_oh_nine_a --date YYYY-MM-DD --methodology <method>"
+        );
+      }
     } else {
       printError(`Failed to fetch 409A valuation: ${err}`);
     }
@@ -4361,8 +4501,112 @@ __export(finance_exports, {
   financePayrollCommand: () => financePayrollCommand,
   financePayrollRunsCommand: () => financePayrollRunsCommand,
   financeReconcileCommand: () => financeReconcileCommand,
-  financeReconciliationsCommand: () => financeReconciliationsCommand
-});
+  financeReconciliationsCommand: () => financeReconciliationsCommand,
+  financeSummaryCommand: () => financeSummaryCommand
+});
+function sumAmounts(records, candidates) {
+  return records.reduce((sum, record) => {
+    for (const key of candidates) {
+      if (typeof record[key] === "number" && Number.isFinite(record[key])) {
+        return sum + Number(record[key]);
+      }
+    }
+    return sum;
+  }, 0);
+}
+function latestDate(records, candidates) {
+  const values = records.flatMap((record) => candidates.map((key) => record[key])).filter((value) => typeof value === "string" && value.trim().length > 0).map((value) => ({ raw: value, time: new Date(value).getTime() })).filter((value) => Number.isFinite(value.time)).sort((a, b) => b.time - a.time);
+  return values[0]?.raw;
+}
+function countByStatus(records, statuses) {
+  const expected = new Set(statuses.map((status) => status.toLowerCase()));
+  return records.filter((record) => expected.has(String(record.status ?? "").toLowerCase())).length;
+}
+function countByField(records, field, values) {
+  const expected = new Set(values.map((value) => value.toLowerCase()));
+  return records.filter((record) => expected.has(String(record[field] ?? "").toLowerCase())).length;
+}
+async function financeSummaryCommand(opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const [
+      invoices,
+      accounts,
+      payments,
+      payrollRuns,
+      distributions,
+      reconciliations,
+      classifications
+    ] = await Promise.all([
+      client.listInvoices(eid),
+      client.listBankAccounts(eid),
+      client.listPayments(eid),
+      client.listPayrollRuns(eid),
+      client.listDistributions(eid),
+      client.listReconciliations(eid),
+      client.listContractorClassifications(eid)
+    ]);
+    await Promise.all([
+      resolver.stabilizeRecords("invoice", invoices, eid),
+      resolver.stabilizeRecords("bank_account", accounts, eid),
+      resolver.stabilizeRecords("payment", payments, eid),
+      resolver.stabilizeRecords("payroll_run", payrollRuns, eid),
+      resolver.stabilizeRecords("distribution", distributions, eid),
+      resolver.stabilizeRecords("reconciliation", reconciliations, eid),
+      resolver.stabilizeRecords("classification", classifications, eid)
+    ]);
+    const summary = {
+      entity_id: eid,
+      invoices: {
+        count: invoices.length,
+        open_count: invoices.length - countByStatus(invoices, ["paid", "cancelled", "void"]),
+        overdue_count: countByStatus(invoices, ["overdue"]),
+        total_amount_cents: sumAmounts(invoices, ["amount_cents", "total_amount_cents"]),
+        latest_due_date: latestDate(invoices, ["due_date", "created_at"])
+      },
+      bank_accounts: {
+        count: accounts.length,
+        active_count: countByStatus(accounts, ["active", "approved", "open"])
+      },
+      payments: {
+        count: payments.length,
+        pending_count: countByStatus(payments, ["pending", "submitted", "queued"]),
+        total_amount_cents: sumAmounts(payments, ["amount_cents"]),
+        latest_submitted_at: latestDate(payments, ["submitted_at", "created_at"])
+      },
+      payroll_runs: {
+        count: payrollRuns.length,
+        latest_period_end: latestDate(payrollRuns, ["pay_period_end", "created_at"])
+      },
+      distributions: {
+        count: distributions.length,
+        total_amount_cents: sumAmounts(distributions, ["amount_cents", "distribution_amount_cents"]),
+        latest_declared_at: latestDate(distributions, ["declared_at", "created_at"])
+      },
+      reconciliations: {
+        count: reconciliations.length,
+        balanced_count: reconciliations.filter((record) => record.is_balanced === true).length,
+        latest_as_of_date: latestDate(reconciliations, ["as_of_date", "created_at"])
+      },
+      contractor_classifications: {
+        count: classifications.length,
+        high_risk_count: countByField(classifications, "risk_level", ["high"]),
+        medium_risk_count: countByField(classifications, "risk_level", ["medium"])
+      }
+    };
+    if (opts.json) {
+      printJson(summary);
+      return;
+    }
+    printFinanceSummaryPanel(summary);
+  } catch (err) {
+    printError(`Failed to fetch finance summary: ${err}`);
+    process.exit(1);
+  }
+}
 async function financeInvoicesCommand(opts) {
   const cfg = requireConfig("api_url", "api_key", "workspace_id");
   const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
@@ -5102,12 +5346,206 @@ var init_governance = __esm({
   }
 });
 
+// src/formation-automation.ts
+function normalizeRole(value) {
+  return String(value ?? "").trim().toLowerCase();
+}
+function fallbackSignerEmail(requirement) {
+  const slug = String(requirement.signer_name ?? "signer").toLowerCase().replace(/[^a-z0-9]+/g, ".").replace(/^\.+|\.+$/g, "");
+  return `${slug || "signer"}@example.com`;
+}
+function getSignatureRequirements(document) {
+  const content = document.content;
+  if (!content || typeof content !== "object" || Array.isArray(content)) {
+    return [];
+  }
+  const requirements = content.signature_requirements;
+  if (!Array.isArray(requirements)) {
+    return [];
+  }
+  return requirements.filter((item) => typeof item === "object" && item !== null && !Array.isArray(item)).map((item) => ({
+    role: String(item.role ?? "").trim(),
+    signer_name: String(item.signer_name ?? "").trim(),
+    signer_email: typeof item.signer_email === "string" && item.signer_email.trim() ? item.signer_email.trim() : void 0
+  })).filter((item) => item.role.length > 0 && item.signer_name.length > 0);
+}
+function getSignedRoles(document) {
+  const signatures = Array.isArray(document.signatures) ? document.signatures : [];
+  return new Set(
+    signatures.filter((item) => typeof item === "object" && item !== null && !Array.isArray(item)).map((item) => normalizeRole(item.signer_role)).filter(Boolean)
+  );
+}
+function deterministicEin(entityId) {
+  const digits = entityId.replace(/\D/g, "");
+  const nineDigits = `${digits}123456789`.slice(0, 9).padEnd(9, "0");
+  return `${nineDigits.slice(0, 2)}-${nineDigits.slice(2)}`;
+}
+function filingIdentifier(prefix, entityId) {
+  const token = entityId.replace(/[^a-zA-Z0-9]/g, "").slice(0, 12).toLowerCase() || "formation";
+  return `${prefix}-${token}`;
+}
+async function autoSignFormationDocument(client, entityId, documentId) {
+  const document = await client.getDocument(documentId, entityId);
+  const requiredSignatures = getSignatureRequirements(document);
+  if (requiredSignatures.length === 0) {
+    return { document, signatures_added: 0 };
+  }
+  const signedRoles = getSignedRoles(document);
+  let signaturesAdded = 0;
+  for (const requirement of requiredSignatures) {
+    if (signedRoles.has(normalizeRole(requirement.role))) {
+      continue;
+    }
+    await client.signDocument(documentId, entityId, {
+      signer_name: requirement.signer_name,
+      signer_role: requirement.role,
+      signer_email: requirement.signer_email ?? fallbackSignerEmail(requirement),
+      signature_text: requirement.signer_name,
+      consent_text: DEFAULT_SIGNATURE_CONSENT
+    });
+    signedRoles.add(normalizeRole(requirement.role));
+    signaturesAdded += 1;
+  }
+  const refreshed = await client.getDocument(documentId, entityId);
+  return { document: refreshed, signatures_added: signaturesAdded };
+}
+async function autoSignFormationDocuments(client, resolver, entityId) {
+  const summaries = await client.getEntityDocuments(entityId);
+  await resolver.stabilizeRecords("document", summaries, entityId);
+  let signaturesAdded = 0;
+  let documentsSigned = 0;
+  const documents = [];
+  for (const summary of summaries) {
+    const documentId = String(summary.document_id ?? "");
+    if (!documentId) {
+      continue;
+    }
+    const { document, signatures_added } = await autoSignFormationDocument(
+      client,
+      entityId,
+      documentId
+    );
+    signaturesAdded += signatures_added;
+    if (signatures_added > 0) {
+      documentsSigned += 1;
+    }
+    documents.push(document);
+  }
+  return {
+    documents_seen: summaries.length,
+    documents_signed: documentsSigned,
+    signatures_added: signaturesAdded,
+    documents
+  };
+}
+async function activateFormationEntity(client, resolver, entityId, options = {}) {
+  let formation = await client.getFormation(entityId);
+  const initialStatus = String(formation.formation_status ?? "");
+  const steps = [];
+  let signaturesAdded = 0;
+  let documentsSigned = 0;
+  for (let i = 0; i < 10; i += 1) {
+    const status = String(formation.formation_status ?? "");
+    if (status === "active") {
+      return {
+        entity_id: entityId,
+        initial_status: initialStatus,
+        final_status: status,
+        signatures_added: signaturesAdded,
+        documents_signed: documentsSigned,
+        steps,
+        formation
+      };
+    }
+    if (status === "pending") {
+      throw new Error("Formation is still pending. Finalize it before activation.");
+    }
+    if (status === "documents_generated") {
+      const signed = await autoSignFormationDocuments(client, resolver, entityId);
+      signaturesAdded += signed.signatures_added;
+      documentsSigned += signed.documents_signed;
+      await client.markFormationDocumentsSigned(entityId);
+      steps.push(`signed ${signed.signatures_added} signatures across ${signed.documents_signed} documents`);
+      formation = await client.getFormation(entityId);
+      continue;
+    }
+    if (status === "documents_signed") {
+      const gates = await client.getFormationGates(entityId);
+      if (gates.requires_natural_person_attestation && !gates.attestation_recorded) {
+        await client.recordFilingAttestation(entityId, {
+          signer_name: gates.designated_attestor_name,
+          signer_role: gates.designated_attestor_role,
+          signer_email: gates.designated_attestor_email ?? fallbackSignerEmail({
+            role: String(gates.designated_attestor_role ?? "attestor"),
+            signer_name: String(gates.designated_attestor_name ?? "attestor")
+          }),
+          consent_text: DEFAULT_ATTESTATION_CONSENT,
+          notes: "Recorded automatically by corp form activate"
+        });
+        steps.push("recorded filing attestation");
+      }
+      const gatesAfterAttestation = await client.getFormationGates(entityId);
+      if (gatesAfterAttestation.requires_registered_agent_consent_evidence && Number(gatesAfterAttestation.registered_agent_consent_evidence_count ?? 0) === 0) {
+        await client.addRegisteredAgentConsentEvidence(entityId, {
+          evidence_uri: options.evidenceUri ?? `generated://registered-agent-consent/${entityId}`,
+          evidence_type: options.evidenceType ?? "generated",
+          notes: "Recorded automatically by corp form activate"
+        });
+        steps.push("recorded registered-agent consent evidence");
+      }
+      const finalGates = await client.getFormationGates(entityId);
+      if (Array.isArray(finalGates.filing_submission_blockers) && finalGates.filing_submission_blockers.length > 0) {
+        throw new Error(
+          `Formation filing is still blocked: ${finalGates.filing_submission_blockers.join("; ")}`
+        );
+      }
+      await client.submitFiling(entityId);
+      steps.push("submitted filing");
+      formation = await client.getFormation(entityId);
+      continue;
+    }
+    if (status === "filing_submitted") {
+      await client.confirmFiling(entityId, {
+        external_filing_id: options.filingId ?? filingIdentifier("sim", entityId),
+        receipt_reference: options.receiptReference ?? filingIdentifier("receipt", entityId)
+      });
+      steps.push("confirmed filing");
+      formation = await client.getFormation(entityId);
+      continue;
+    }
+    if (status === "filed") {
+      await client.applyEin(entityId);
+      steps.push("submitted EIN application");
+      formation = await client.getFormation(entityId);
+      continue;
+    }
+    if (status === "ein_applied") {
+      await client.confirmEin(entityId, { ein: options.ein ?? deterministicEin(entityId) });
+      steps.push("confirmed EIN");
+      formation = await client.getFormation(entityId);
+      continue;
+    }
+    throw new Error(`Unsupported formation status for activation: ${status || "unknown"}`);
+  }
+  throw new Error("Formation activation did not converge within 10 steps.");
+}
+var DEFAULT_SIGNATURE_CONSENT, DEFAULT_ATTESTATION_CONSENT;
+var init_formation_automation = __esm({
+  "src/formation-automation.ts"() {
+    "use strict";
+    DEFAULT_SIGNATURE_CONSENT = "I agree to sign this document electronically.";
+    DEFAULT_ATTESTATION_CONSENT = "I attest the filing information is accurate and authorized.";
+  }
+});
+
 // src/commands/documents.ts
 var documents_exports = {};
 __export(documents_exports, {
   documentsGenerateCommand: () => documentsGenerateCommand,
   documentsListCommand: () => documentsListCommand,
   documentsPreviewPdfCommand: () => documentsPreviewPdfCommand,
+  documentsSignAllCommand: () => documentsSignAllCommand,
+  documentsSignCommand: () => documentsSignCommand,
   documentsSigningLinkCommand: () => documentsSigningLinkCommand
 });
 function formatSigningLink(docId, result) {
@@ -5213,7 +5651,78 @@ function coerceParamValue(raw) {
   }
   return raw;
 }
+async function documentsSignCommand(docId, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const resolvedDocumentId = await resolver.resolveDocument(eid, docId);
+    if (opts.signerName || opts.signerRole || opts.signerEmail || opts.signatureText) {
+      if (!opts.signerName || !opts.signerRole || !opts.signerEmail) {
+        throw new Error("Manual signing requires --signer-name, --signer-role, and --signer-email.");
+      }
+      const result2 = await client.signDocument(resolvedDocumentId, eid, {
+        signer_name: opts.signerName,
+        signer_role: opts.signerRole,
+        signer_email: opts.signerEmail,
+        signature_text: opts.signatureText ?? opts.signerName
+      });
+      await resolver.stabilizeRecord("document", { document_id: resolvedDocumentId, title: docId }, eid);
+      printWriteResult(result2, `Document ${resolvedDocumentId} signed.`, opts.json);
+      return;
+    }
+    const result = await autoSignFormationDocument(client, eid, resolvedDocumentId);
+    await resolver.stabilizeRecord("document", result.document, eid);
+    resolver.rememberFromRecord("document", result.document, eid);
+    if (opts.json) {
+      printJson({
+        document_id: resolvedDocumentId,
+        signatures_added: result.signatures_added,
+        document: result.document
+      });
+      return;
+    }
+    printSuccess(
+      result.signatures_added > 0 ? `Applied ${result.signatures_added} signature(s) to ${resolvedDocumentId}.` : `No signatures were needed for ${resolvedDocumentId}.`
+    );
+    printReferenceSummary("document", result.document, { showReuseHint: true });
+    printJson(result.document);
+  } catch (err) {
+    printError(`Failed to sign document: ${err}`);
+    process.exit(1);
+  }
+}
+async function documentsSignAllCommand(opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const result = await autoSignFormationDocuments(client, resolver, eid);
+    if (opts.json) {
+      printJson(result);
+      return;
+    }
+    printSuccess(
+      `Processed ${result.documents_seen} formation document(s); added ${result.signatures_added} signature(s) across ${result.documents_signed} document(s).`
+    );
+    printJson(result.documents.map((document) => ({
+      document_id: document.document_id,
+      title: document.title,
+      status: document.status,
+      signatures: Array.isArray(document.signatures) ? document.signatures.length : document.signatures
+    })));
+  } catch (err) {
+    printError(`Failed to sign formation documents: ${err}`);
+    process.exit(1);
+  }
+}
 async function documentsPreviewPdfCommand(opts) {
+  if (!opts.documentId || opts.documentId.trim().length === 0) {
+    printError("preview-pdf requires --definition-id (or deprecated alias --document-id)");
+    process.exit(1);
+  }
   const cfg = requireConfig("api_url", "api_key", "workspace_id");
   const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
   const resolver = new ReferenceResolver(client, cfg);
@@ -5236,6 +5745,7 @@ var init_documents = __esm({
     init_api_client();
     init_output();
     init_references();
+    init_formation_automation();
     HUMANS_APP_ORIGIN = "https://humans.thecorporation.ai";
   }
 });
@@ -5560,6 +6070,18 @@ __export(work_items_exports, {
   workItemsShowCommand: () => workItemsShowCommand
 });
 import chalk10 from "chalk";
+function actorLabel2(record, key) {
+  const actor = record[`${key}_actor`];
+  if (actor && typeof actor === "object" && !Array.isArray(actor)) {
+    const label = actor.label;
+    const actorType = actor.actor_type;
+    if (typeof label === "string" && label.trim()) {
+      return typeof actorType === "string" && actorType.trim() ? `${label} (${actorType})` : label;
+    }
+  }
+  const legacy = record[key];
+  return typeof legacy === "string" && legacy.trim() ? legacy : void 0;
+}
 async function workItemsListCommand(opts) {
   const cfg = requireConfig("api_url", "api_key", "workspace_id");
   const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
@@ -5602,13 +6124,16 @@ async function workItemsShowCommand(workItemId, opts) {
     if (w.description) console.log(`  ${chalk10.bold("Description:")} ${w.description}`);
     if (w.deadline) console.log(`  ${chalk10.bold("Deadline:")} ${w.deadline}`);
     if (w.asap) console.log(`  ${chalk10.bold("Priority:")} ${chalk10.red.bold("ASAP")}`);
-    if (w.claimed_by) console.log(`  ${chalk10.bold("Claimed by:")} ${w.claimed_by}`);
+    const claimedBy = actorLabel2(w, "claimed_by");
+    const completedBy = actorLabel2(w, "completed_by");
+    const createdBy = actorLabel2(w, "created_by");
+    if (claimedBy) console.log(`  ${chalk10.bold("Claimed by:")} ${claimedBy}`);
     if (w.claimed_at) console.log(`  ${chalk10.bold("Claimed at:")} ${w.claimed_at}`);
     if (w.claim_ttl_seconds) console.log(`  ${chalk10.bold("Claim TTL:")} ${w.claim_ttl_seconds}s`);
-    if (w.completed_by) console.log(`  ${chalk10.bold("Completed by:")} ${w.completed_by}`);
+    if (completedBy) console.log(`  ${chalk10.bold("Completed by:")} ${completedBy}`);
     if (w.completed_at) console.log(`  ${chalk10.bold("Completed at:")} ${w.completed_at}`);
     if (w.result) console.log(`  ${chalk10.bold("Result:")} ${w.result}`);
-    if (w.created_by) console.log(`  ${chalk10.bold("Created by:")} ${w.created_by}`);
+    if (createdBy) console.log(`  ${chalk10.bold("Created by:")} ${createdBy}`);
     console.log(`  ${chalk10.bold("Created at:")} ${w.created_at ?? "N/A"}`);
     console.log(chalk10.cyan("\u2500".repeat(40)));
   } catch (err) {
@@ -5630,7 +6155,7 @@ async function workItemsCreateCommand(opts) {
     if (opts.description) data.description = opts.description;
     if (opts.deadline) data.deadline = opts.deadline;
     if (opts.asap) data.asap = true;
-    if (opts.createdBy) data.created_by = await resolver.resolveContact(eid, opts.createdBy);
+    if (opts.createdBy) data.created_by_actor = await resolver.resolveWorkItemActor(eid, opts.createdBy);
     const result = await client.createWorkItem(eid, data);
     await resolver.stabilizeRecord("work_item", result, eid);
     resolver.rememberFromRecord("work_item", result, eid);
@@ -5652,7 +6177,7 @@ async function workItemsClaimCommand(workItemId, opts) {
     const eid = await resolver.resolveEntity(opts.entityId);
     const resolvedWorkItemId = await resolver.resolveWorkItem(eid, workItemId);
     const data = {
-      claimed_by: await resolver.resolveContact(eid, opts.claimedBy)
+      claimed_by_actor: await resolver.resolveWorkItemActor(eid, opts.claimedBy)
     };
     if (opts.ttl != null) data.ttl_seconds = opts.ttl;
     const result = await client.claimWorkItem(eid, resolvedWorkItemId, data);
@@ -5670,7 +6195,7 @@ async function workItemsCompleteCommand(workItemId, opts) {
     const eid = await resolver.resolveEntity(opts.entityId);
     const resolvedWorkItemId = await resolver.resolveWorkItem(eid, workItemId);
     const data = {
-      completed_by: await resolver.resolveContact(eid, opts.completedBy)
+      completed_by_actor: await resolver.resolveWorkItemActor(eid, opts.completedBy)
     };
     if (opts.result) data.result = opts.result;
     const result = await client.completeWorkItem(eid, resolvedWorkItemId, data);
@@ -5718,6 +6243,171 @@ var init_work_items = __esm({
   }
 });
 
+// src/commands/services.ts
+var services_exports = {};
+__export(services_exports, {
+  servicesBuyCommand: () => servicesBuyCommand,
+  servicesCancelCommand: () => servicesCancelCommand,
+  servicesCatalogCommand: () => servicesCatalogCommand,
+  servicesFulfillCommand: () => servicesFulfillCommand,
+  servicesListCommand: () => servicesListCommand,
+  servicesShowCommand: () => servicesShowCommand
+});
+import chalk11 from "chalk";
+async function servicesCatalogCommand(opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  try {
+    const items = await client.listServiceCatalog();
+    if (opts.json) {
+      printJson(items);
+      return;
+    }
+    printServiceCatalogTable(items);
+  } catch (err) {
+    printError(`Failed to list service catalog: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesBuyCommand(slug, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const payload = { entity_id: eid, service_slug: slug };
+    if (opts.dryRun) {
+      printDryRun("services.create_request", payload);
+      return;
+    }
+    const result = await client.createServiceRequest(payload);
+    await resolver.stabilizeRecord("service_request", result, eid);
+    resolver.rememberFromRecord("service_request", result, eid);
+    const requestId = String(result.request_id ?? result.id ?? "");
+    if (requestId) {
+      const checkout = await client.beginServiceCheckout(requestId, { entity_id: eid });
+      if (opts.json) {
+        printJson(checkout);
+        return;
+      }
+      printSuccess(`Service request created: ${requestId}`);
+      printReferenceSummary("service_request", result, { showReuseHint: true });
+      if (checkout.checkout_url) {
+        console.log(`
+  ${chalk11.bold("Checkout URL:")} ${checkout.checkout_url}`);
+      }
+      console.log(chalk11.dim("\n  Next steps:"));
+      console.log(chalk11.dim("    Complete payment at the checkout URL above"));
+      console.log(chalk11.dim("    corp services list --entity-id <id>"));
+    } else {
+      printWriteResult(result, "Service request created", {
+        referenceKind: "service_request",
+        showReuseHint: true
+      });
+    }
+  } catch (err) {
+    printError(`Failed to create service request: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesListCommand(opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const requests = await client.listServiceRequests(eid);
+    const stable = await resolver.stabilizeRecords("service_request", requests, eid);
+    if (opts.json) {
+      printJson(stable);
+      return;
+    }
+    printServiceRequestsTable(stable);
+  } catch (err) {
+    printError(`Failed to list service requests: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesShowCommand(ref_, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const requestId = await resolver.resolveServiceRequest(eid, ref_);
+    const result = await client.getServiceRequest(requestId, eid);
+    await resolver.stabilizeRecord("service_request", result, eid);
+    resolver.rememberFromRecord("service_request", result, eid);
+    if (opts.json) {
+      printJson(result);
+      return;
+    }
+    printReferenceSummary("service_request", result);
+    printJson(result);
+  } catch (err) {
+    printError(`Failed to show service request: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesFulfillCommand(ref_, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const requestId = await resolver.resolveServiceRequest(eid, ref_);
+    const result = await client.fulfillServiceRequest(requestId, {
+      entity_id: eid,
+      note: opts.note
+    });
+    await resolver.stabilizeRecord("service_request", result, eid);
+    resolver.rememberFromRecord("service_request", result, eid);
+    if (opts.json) {
+      printJson(result);
+      return;
+    }
+    printSuccess(`Service request fulfilled: ${requestId}`);
+    printReferenceSummary("service_request", result, { showReuseHint: true });
+    printJson(result);
+  } catch (err) {
+    printError(`Failed to fulfill service request: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesCancelCommand(ref_, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const requestId = await resolver.resolveServiceRequest(eid, ref_);
+    const result = await client.cancelServiceRequest(requestId, {
+      entity_id: eid
+    });
+    await resolver.stabilizeRecord("service_request", result, eid);
+    resolver.rememberFromRecord("service_request", result, eid);
+    if (opts.json) {
+      printJson(result);
+      return;
+    }
+    printSuccess(`Service request cancelled: ${requestId}`);
+    printReferenceSummary("service_request", result, { showReuseHint: true });
+    printJson(result);
+  } catch (err) {
+    printError(`Failed to cancel service request: ${err}`);
+    process.exit(1);
+  }
+}
+var init_services = __esm({
+  "src/commands/services.ts"() {
+    "use strict";
+    init_config();
+    init_api_client();
+    init_output();
+    init_references();
+  }
+});
+
 // src/commands/billing.ts
 var billing_exports = {};
 __export(billing_exports, {
@@ -5794,16 +6484,42 @@ var init_billing = __esm({
   }
 });
 
+// src/commands/approvals.ts
+var approvals_exports = {};
+__export(approvals_exports, {
+  approvalsListCommand: () => approvalsListCommand,
+  approvalsRespondCommand: () => approvalsRespondCommand
+});
+async function approvalsListCommand(_opts) {
+  printError(
+    "Approvals are managed through governance meetings.\n  Use: corp governance convene ... to schedule a board meeting\n  Use: corp governance vote <meeting-ref> <item-ref> ... to cast votes"
+  );
+  process.exit(1);
+}
+async function approvalsRespondCommand(_approvalId, _decision, _opts) {
+  printError(
+    "Approvals are managed through governance meetings.\n  Use: corp governance vote <meeting-ref> <item-ref> --voter <contact-ref> --vote for"
+  );
+  process.exit(1);
+}
+var init_approvals = __esm({
+  "src/commands/approvals.ts"() {
+    "use strict";
+    init_output();
+  }
+});
+
 // src/commands/form.ts
 var form_exports = {};
 __export(form_exports, {
+  formActivateCommand: () => formActivateCommand,
   formAddFounderCommand: () => formAddFounderCommand,
   formCommand: () => formCommand,
   formCreateCommand: () => formCreateCommand,
   formFinalizeCommand: () => formFinalizeCommand
 });
-import { input as input2, select, confirm as confirm2, number } from "@inquirer/prompts";
-import chalk11 from "chalk";
+import { input as input2, select as select2, confirm as confirm2, number } from "@inquirer/prompts";
+import chalk12 from "chalk";
 import Table3 from "cli-table3";
 import { readFileSync as readFileSync3, realpathSync as realpathSync2 } from "fs";
 import { relative as relative2, resolve as resolve2 } from "path";
@@ -5813,9 +6529,9 @@ function isCorp(entityType) {
 }
 function sectionHeader(title) {
   console.log();
-  console.log(chalk11.blue("\u2500".repeat(50)));
-  console.log(chalk11.blue.bold(`  ${title}`));
-  console.log(chalk11.blue("\u2500".repeat(50)));
+  console.log(chalk12.blue("\u2500".repeat(50)));
+  console.log(chalk12.blue.bold(`  ${title}`));
+  console.log(chalk12.blue("\u2500".repeat(50)));
 }
 function officerTitleLabel(title) {
   switch (title) {
@@ -5975,7 +6691,7 @@ async function phaseEntityDetails(opts, serverCfg, scripted) {
     if (scripted) {
       entityType = "llc";
     } else {
-      entityType = await select({
+      entityType = await select2({
         message: "Entity type",
         choices: [
           { value: "llc", name: "LLC" },
@@ -6034,13 +6750,13 @@ async function phasePeople(opts, entityType, scripted) {
   }
   const founderCount = await number({ message: "Number of founders (1-6)", default: 1 }) ?? 1;
   for (let i = 0; i < founderCount; i++) {
-    console.log(chalk11.dim(`
+    console.log(chalk12.dim(`
   Founder ${i + 1} of ${founderCount}:`));
     const name = await input2({ message: `  Name` });
     const email = await input2({ message: `  Email` });
     let role = "member";
     if (isCorp(entityType)) {
-      role = await select({
+      role = await select2({
         message: "  Role",
         choices: [
           { value: "director", name: "Director" },
@@ -6055,7 +6771,7 @@ async function phasePeople(opts, entityType, scripted) {
     if (isCorp(entityType)) {
       const wantOfficer = role === "officer" || await confirm2({ message: "  Assign officer title?", default: i === 0 });
       if (wantOfficer) {
-        officerTitle = await select({
+        officerTitle = await select2({
           message: "  Officer title",
           choices: OfficerTitle.map((t) => ({
             value: t,
@@ -6080,7 +6796,7 @@ async function phaseStock(opts, entityType, founders, scripted) {
   const rofr = opts.rofr ?? (!scripted && isCorp(entityType) ? await confirm2({ message: "Right of first refusal?", default: true }) : isCorp(entityType));
   if (!scripted) {
     for (const f of founders) {
-      console.log(chalk11.dim(`
+      console.log(chalk12.dim(`
   Equity for ${f.name}:`));
       if (isCorp(entityType)) {
         const shares = await number({ message: `  Shares to purchase`, default: 0 });
@@ -6101,7 +6817,7 @@ async function phaseStock(opts, entityType, founders, scripted) {
         if (wantVesting) {
           const totalMonths = await number({ message: "  Total vesting months", default: 48 }) ?? 48;
           const cliffMonths = await number({ message: "  Cliff months", default: 12 }) ?? 12;
-          const acceleration = await select({
+          const acceleration = await select2({
             message: "  Acceleration",
             choices: [
               { value: "none", name: "None" },
@@ -6126,17 +6842,17 @@ async function phaseStock(opts, entityType, founders, scripted) {
 }
 function printSummary(entityType, name, jurisdiction, fiscalYearEnd, sCorpElection, founders, transferRestrictions, rofr) {
   sectionHeader("Formation Summary");
-  console.log(`  ${chalk11.bold("Entity:")} ${name}`);
-  console.log(`  ${chalk11.bold("Type:")} ${entityType}`);
-  console.log(`  ${chalk11.bold("Jurisdiction:")} ${jurisdiction}`);
-  console.log(`  ${chalk11.bold("Fiscal Year End:")} ${fiscalYearEnd}`);
+  console.log(`  ${chalk12.bold("Entity:")} ${name}`);
+  console.log(`  ${chalk12.bold("Type:")} ${entityType}`);
+  console.log(`  ${chalk12.bold("Jurisdiction:")} ${jurisdiction}`);
+  console.log(`  ${chalk12.bold("Fiscal Year End:")} ${fiscalYearEnd}`);
   if (isCorp(entityType)) {
-    console.log(`  ${chalk11.bold("S-Corp Election:")} ${sCorpElection ? "Yes" : "No"}`);
-    console.log(`  ${chalk11.bold("Transfer Restrictions:")} ${transferRestrictions ? "Yes" : "No"}`);
-    console.log(`  ${chalk11.bold("Right of First Refusal:")} ${rofr ? "Yes" : "No"}`);
+    console.log(`  ${chalk12.bold("S-Corp Election:")} ${sCorpElection ? "Yes" : "No"}`);
+    console.log(`  ${chalk12.bold("Transfer Restrictions:")} ${transferRestrictions ? "Yes" : "No"}`);
+    console.log(`  ${chalk12.bold("Right of First Refusal:")} ${rofr ? "Yes" : "No"}`);
   }
   const table = new Table3({
-    head: [chalk11.dim("Name"), chalk11.dim("Email"), chalk11.dim("Role"), chalk11.dim("Equity"), chalk11.dim("Officer")]
+    head: [chalk12.dim("Name"), chalk12.dim("Email"), chalk12.dim("Role"), chalk12.dim("Equity"), chalk12.dim("Officer")]
   });
   for (const f of founders) {
     const equity = f.shares_purchased ? `${f.shares_purchased.toLocaleString()} shares` : f.ownership_pct ? `${f.ownership_pct}%` : "\u2014";
@@ -6163,7 +6879,7 @@ async function formCommand(opts) {
     printSummary(entityType, name, jurisdiction, fiscalYearEnd, sCorpElection, founders, transferRestrictions, rofr);
     const shouldProceed = scripted ? true : await confirm2({ message: "Proceed with formation?", default: true });
     if (!shouldProceed) {
-      console.log(chalk11.yellow("Formation cancelled."));
+      console.log(chalk12.yellow("Formation cancelled."));
       return;
     }
     const members = founders.map((f) => {
@@ -6219,17 +6935,17 @@ async function formCommand(opts) {
     if (holders.length > 0) {
       console.log();
       const table = new Table3({
-        head: [chalk11.dim("Holder"), chalk11.dim("Shares"), chalk11.dim("Ownership %")]
+        head: [chalk12.dim("Holder"), chalk12.dim("Shares"), chalk12.dim("Ownership %")]
       });
       for (const h of holders) {
         const pct = typeof h.ownership_pct === "number" ? `${h.ownership_pct.toFixed(1)}%` : "\u2014";
         table.push([String(h.name ?? "?"), String(h.shares ?? 0), pct]);
       }
-      console.log(chalk11.bold("  Cap Table:"));
+      console.log(chalk12.bold("  Cap Table:"));
       console.log(table.toString());
     }
     if (result.next_action) {
-      console.log(chalk11.yellow(`
+      console.log(chalk12.yellow(`
   Next: ${result.next_action}`));
     }
   } catch (err) {
@@ -6300,7 +7016,7 @@ async function formCreateCommand(opts) {
     console.log(`  Type: ${result.entity_type}`);
     console.log(`  Jurisdiction: ${result.jurisdiction}`);
     console.log(`  Status: ${result.formation_status}`);
-    console.log(chalk11.yellow(`
+    console.log(chalk12.yellow(`
   Next: corp form add-founder @last:entity --name "..." --email "..." --role member --pct 50`));
   } catch (err) {
     printError(`Failed to create pending entity: ${err}`);
@@ -6338,7 +7054,7 @@ async function formAddFounderCommand(entityId, opts) {
       const pct = typeof m.ownership_pct === "number" ? ` (${m.ownership_pct}%)` : "";
       console.log(`  - ${m.name} <${m.email ?? "no email"}> [${m.role ?? "member"}]${pct}`);
     }
-    console.log(chalk11.yellow(`
+    console.log(chalk12.yellow(`
   Next: add more founders or run: corp form finalize @last:entity`));
   } catch (err) {
     printError(`Failed to add founder: ${err}`);
@@ -6402,17 +7118,17 @@ async function formFinalizeCommand(entityId, opts) {
     if (holders.length > 0) {
       console.log();
       const table = new Table3({
-        head: [chalk11.dim("Holder"), chalk11.dim("Shares"), chalk11.dim("Ownership %")]
+        head: [chalk12.dim("Holder"), chalk12.dim("Shares"), chalk12.dim("Ownership %")]
       });
       for (const h of holders) {
         const pct = typeof h.ownership_pct === "number" ? `${h.ownership_pct.toFixed(1)}%` : "\u2014";
         table.push([String(h.name ?? "?"), String(h.shares ?? 0), pct]);
       }
-      console.log(chalk11.bold("  Cap Table:"));
+      console.log(chalk12.bold("  Cap Table:"));
       console.log(table.toString());
     }
     if (result.next_action) {
-      console.log(chalk11.yellow(`
+      console.log(chalk12.yellow(`
   Next: ${result.next_action}`));
     }
   } catch (err) {
@@ -6420,6 +7136,55 @@ async function formFinalizeCommand(entityId, opts) {
     process.exit(1);
   }
 }
+async function formActivateCommand(entityId, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const resolvedEntityId = await resolveEntityRefForFormCommand(resolver, entityId, opts.dryRun);
+    const payload = { entity_id: resolvedEntityId };
+    if (opts.evidenceUri) payload.evidence_uri = opts.evidenceUri;
+    if (opts.evidenceType) payload.evidence_type = opts.evidenceType;
+    if (opts.filingId) payload.filing_id = opts.filingId;
+    if (opts.receiptReference) payload.receipt_reference = opts.receiptReference;
+    if (opts.ein) payload.ein = opts.ein;
+    if (opts.dryRun) {
+      printDryRun("formation.activate", payload);
+      return;
+    }
+    const result = await activateFormationEntity(client, resolver, resolvedEntityId, {
+      evidenceUri: opts.evidenceUri,
+      evidenceType: opts.evidenceType,
+      filingId: opts.filingId,
+      receiptReference: opts.receiptReference,
+      ein: opts.ein
+    });
+    const formation = await client.getFormation(resolvedEntityId);
+    await resolver.stabilizeRecord("entity", formation);
+    resolver.rememberFromRecord("entity", formation);
+    if (opts.json) {
+      printJson({
+        ...result,
+        formation
+      });
+      return;
+    }
+    printSuccess(`Formation advanced to ${result.final_status}.`);
+    printReferenceSummary("entity", formation, { showReuseHint: true });
+    if (result.steps.length > 0) {
+      console.log("  Steps:");
+      for (const step of result.steps) {
+        console.log(`    - ${step}`);
+      }
+    }
+    console.log(`  Signatures added: ${result.signatures_added}`);
+    console.log(`  Documents updated: ${result.documents_signed}`);
+    printJson(formation);
+  } catch (err) {
+    printError(`Failed to activate formation: ${err}`);
+    process.exit(1);
+  }
+}
 var init_form = __esm({
   "src/commands/form.ts"() {
     "use strict";
@@ -6427,6 +7192,7 @@ var init_form = __esm({
     init_api_client();
     init_output();
     init_references();
+    init_formation_automation();
   }
 });
 
@@ -6435,7 +7201,7 @@ var api_keys_exports = {};
 __export(api_keys_exports, {
   apiKeysCommand: () => apiKeysCommand
 });
-import chalk12 from "chalk";
+import chalk13 from "chalk";
 import Table4 from "cli-table3";
 async function apiKeysCommand(opts) {
   const cfg = requireConfig("api_url", "api_key", "workspace_id");
@@ -6455,9 +7221,9 @@ async function apiKeysCommand(opts) {
       return;
     }
     console.log(`
-${chalk12.bold("API Keys")}`);
+${chalk13.bold("API Keys")}`);
     const table = new Table4({
-      head: [chalk12.dim("ID"), chalk12.dim("Name"), chalk12.dim("Key"), chalk12.dim("Created")]
+      head: [chalk13.dim("ID"), chalk13.dim("Name"), chalk13.dim("Key"), chalk13.dim("Created")]
     });
     for (const k of keys) {
       table.push([
@@ -6487,12 +7253,235 @@ var demo_exports = {};
 __export(demo_exports, {
   demoCommand: () => demoCommand
 });
+function scenarioConfig(name, scenario) {
+  switch (scenario) {
+    case "llc":
+      return {
+        entity_type: "llc",
+        legal_name: name,
+        jurisdiction: "US-WY",
+        members: [
+          {
+            name: "Alice Chen",
+            email: "alice@example.com",
+            role: "member",
+            investor_type: "natural_person",
+            ownership_pct: 60
+          },
+          {
+            name: "Bob Martinez",
+            email: "bob@example.com",
+            role: "member",
+            investor_type: "natural_person",
+            ownership_pct: 40
+          }
+        ],
+        fiscal_year_end: "12-31",
+        company_address: {
+          street: "251 Little Falls Dr",
+          city: "Wilmington",
+          state: "DE",
+          zip: "19808"
+        }
+      };
+    case "restaurant":
+      return {
+        entity_type: "llc",
+        legal_name: name,
+        jurisdiction: "US-DE",
+        members: [
+          {
+            name: "Rosa Alvarez",
+            email: "rosa@example.com",
+            role: "manager",
+            investor_type: "natural_person",
+            ownership_pct: 55
+          },
+          {
+            name: "Noah Patel",
+            email: "noah@example.com",
+            role: "member",
+            investor_type: "natural_person",
+            ownership_pct: 45
+          }
+        ],
+        fiscal_year_end: "12-31",
+        company_address: {
+          street: "18 Market St",
+          city: "Wilmington",
+          state: "DE",
+          zip: "19801"
+        }
+      };
+    case "startup":
+    default:
+      return {
+        entity_type: "c_corp",
+        legal_name: name,
+        jurisdiction: "US-DE",
+        authorized_shares: 1e7,
+        par_value: "0.0001",
+        transfer_restrictions: true,
+        right_of_first_refusal: true,
+        members: [
+          {
+            name: "Alice Chen",
+            email: "alice@example.com",
+            role: "chair",
+            investor_type: "natural_person",
+            shares_purchased: 6e6,
+            officer_title: "ceo",
+            is_incorporator: true
+          },
+          {
+            name: "Bob Martinez",
+            email: "bob@example.com",
+            role: "director",
+            investor_type: "natural_person",
+            shares_purchased: 4e6,
+            officer_title: "cto"
+          }
+        ],
+        fiscal_year_end: "12-31",
+        company_address: {
+          street: "251 Little Falls Dr",
+          city: "Wilmington",
+          state: "DE",
+          zip: "19808"
+        }
+      };
+  }
+}
+function meetingTypeForBody(body) {
+  return String(body.body_type) === "llc_member_vote" ? "member_meeting" : "board_meeting";
+}
 async function demoCommand(opts) {
   const cfg = requireConfig("api_url", "api_key", "workspace_id");
   const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  const scenario = opts.scenario ?? "startup";
   try {
-    const result = await withSpinner("Loading", () => client.seedDemo(opts.name));
-    printSuccess(`Demo seeded: ${result.entity_id ?? "OK"}`);
+    if (opts.minimal) {
+      const result2 = await withSpinner("Loading", () => client.seedDemo({
+        name: opts.name,
+        scenario
+      }));
+      if (opts.json) {
+        printJson(result2);
+        return;
+      }
+      printSuccess("Minimal demo seeded.");
+      printJson(result2);
+      return;
+    }
+    const formationPayload = scenarioConfig(opts.name, scenario);
+    const created = await withSpinner(
+      "Creating demo entity",
+      () => client.createFormationWithCapTable(formationPayload)
+    );
+    const entityId = String(created.entity_id ?? created.formation_id ?? "");
+    if (!entityId) {
+      throw new Error("demo formation did not return an entity_id");
+    }
+    await resolver.stabilizeRecord("entity", created);
+    resolver.rememberFromRecord("entity", created);
+    const activation = await withSpinner(
+      "Activating formation",
+      () => activateFormationEntity(client, resolver, entityId)
+    );
+    const agent = await withSpinner(
+      "Creating demo agent",
+      () => client.createAgent({
+        name: `${opts.name} Operator`,
+        entity_id: entityId,
+        system_prompt: `Operate ${opts.name} and keep the workspace data clean.`,
+        scopes: []
+      })
+    );
+    await resolver.stabilizeRecord("agent", agent);
+    resolver.rememberFromRecord("agent", agent);
+    const bodies = await client.listGovernanceBodies(entityId);
+    await resolver.stabilizeRecords("body", bodies, entityId);
+    let meeting;
+    if (bodies.length > 0) {
+      meeting = await client.scheduleMeeting({
+        entity_id: entityId,
+        body_id: bodies[0].body_id,
+        meeting_type: meetingTypeForBody(bodies[0]),
+        title: "Demo kickoff meeting",
+        agenda_item_titles: [
+          "Approve demo operating budget",
+          "Review founder vesting and cap table"
+        ]
+      });
+      await resolver.stabilizeRecord("meeting", meeting, entityId);
+      resolver.rememberFromRecord("meeting", meeting, entityId);
+    }
+    const workItem = await client.createWorkItem(entityId, {
+      title: "Review demo workspace",
+      description: "Check documents, governance, cap table, and treasury setup.",
+      category: "ops",
+      created_by_actor: {
+        actor_type: "agent",
+        actor_id: String(agent.agent_id)
+      }
+    });
+    await resolver.stabilizeRecord("work_item", workItem, entityId);
+    resolver.rememberFromRecord("work_item", workItem, entityId);
+    const claimedWorkItem = await client.claimWorkItem(entityId, String(workItem.work_item_id), {
+      claimed_by_actor: {
+        actor_type: "agent",
+        actor_id: String(agent.agent_id)
+      }
+    });
+    const bankAccount = await client.openBankAccount({
+      entity_id: entityId,
+      bank_name: "Mercury"
+    });
+    await resolver.stabilizeRecord("bank_account", bankAccount, entityId);
+    resolver.rememberFromRecord("bank_account", bankAccount, entityId);
+    const invoice = await client.createInvoice({
+      entity_id: entityId,
+      customer_name: "Acme Customer",
+      amount_cents: 25e4,
+      due_date: "2026-04-01",
+      description: "Demo advisory services"
+    });
+    await resolver.stabilizeRecord("invoice", invoice, entityId);
+    resolver.rememberFromRecord("invoice", invoice, entityId);
+    const contract = await client.generateContract({
+      entity_id: entityId,
+      template_type: "nda",
+      counterparty_name: "Example Counterparty",
+      effective_date: "2026-03-12",
+      parameters: {}
+    });
+    await resolver.stabilizeRecord("document", contract, entityId);
+    resolver.rememberFromRecord("document", contract, entityId);
+    const result = {
+      scenario,
+      entity: created,
+      activation,
+      agent,
+      meeting,
+      work_item: claimedWorkItem,
+      bank_account: bankAccount,
+      invoice,
+      contract
+    };
+    if (opts.json) {
+      printJson(result);
+      return;
+    }
+    printSuccess(`Demo environment created for ${opts.name}.`);
+    printReferenceSummary("entity", created, { showReuseHint: true });
+    printReferenceSummary("agent", agent, { showReuseHint: true });
+    if (meeting) {
+      printReferenceSummary("meeting", meeting, { showReuseHint: true });
+    }
+    printReferenceSummary("work_item", claimedWorkItem, { showReuseHint: true });
+    printReferenceSummary("invoice", invoice, { showReuseHint: true });
+    printReferenceSummary("bank_account", bankAccount, { showReuseHint: true });
     printJson(result);
   } catch (err) {
     printError(`Failed to seed demo: ${err}`);
@@ -6506,6 +7495,8 @@ var init_demo = __esm({
     init_api_client();
     init_output();
     init_spinner();
+    init_references();
+    init_formation_automation();
   }
 });
 
@@ -6514,7 +7505,7 @@ var feedback_exports = {};
 __export(feedback_exports, {
   feedbackCommand: () => feedbackCommand
 });
-import chalk13 from "chalk";
+import chalk14 from "chalk";
 async function feedbackCommand(message, opts) {
   if (!message || message.trim().length === 0) {
     printError("Feedback message cannot be empty");
@@ -6533,9 +7524,17 @@ async function feedbackCommand(message, opts) {
       return;
     }
     console.log(`
-${chalk13.green("\u2713")} Feedback submitted (${chalk13.dim(result.feedback_id)})`);
+${chalk14.green("\u2713")} Feedback submitted (${chalk14.dim(result.feedback_id)})`);
   } catch (err) {
-    printError("Failed to submit feedback", err);
+    const detail = String(err);
+    if (detail.includes("404")) {
+      printError(
+        `Failed to submit feedback: ${detail}
+  This server does not expose /v1/feedback. Local api-rs dev servers currently do not support feedback submission.`
+      );
+    } else {
+      printError(`Failed to submit feedback: ${detail}`);
+    }
     process.exit(1);
   }
 }
@@ -6555,38 +7554,8 @@ var serve_exports = {};
 __export(serve_exports, {
   serveCommand: () => serveCommand
 });
-import { readFileSync as readFileSync4, writeFileSync as writeFileSync2, existsSync as existsSync2 } from "fs";
 import { resolve as resolve3 } from "path";
-import { randomBytes } from "crypto";
-function generateFernetKey() {
-  return randomBytes(32).toString("base64url") + "=";
-}
-function generateSecret(length = 32) {
-  return randomBytes(length).toString("hex");
-}
-function loadEnvFile(path) {
-  if (!existsSync2(path)) return;
-  const content = readFileSync4(path, "utf-8");
-  for (const line of content.split("\n")) {
-    const trimmed = line.trim();
-    if (!trimmed || trimmed.startsWith("#")) continue;
-    const eqIdx = trimmed.indexOf("=");
-    if (eqIdx === -1) continue;
-    const key = trimmed.slice(0, eqIdx).trim();
-    const value = trimmed.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, "");
-    if (!process.env[key]) {
-      process.env[key] = value;
-    }
-  }
-}
-function ensureEnvFile(envPath) {
-  if (existsSync2(envPath)) return;
-  console.log("No .env file found. Generating one with dev defaults...\n");
-  const content = ENV_TEMPLATE.replace("{{JWT_SECRET}}", generateSecret()).replace("{{SECRETS_MASTER_KEY}}", generateFernetKey()).replace("{{INTERNAL_WORKER_TOKEN}}", generateSecret());
-  writeFileSync2(envPath, content, "utf-8");
-  console.log(`  Created ${envPath}
-`);
-}
+import { ensureEnvFile, loadEnvFile } from "@thecorporation/corp-tools";
 async function serveCommand(opts) {
   let server;
   try {
@@ -6631,40 +7600,9 @@ async function serveCommand(opts) {
     process.exit(code ?? 0);
   });
 }
-var ENV_TEMPLATE;
 var init_serve = __esm({
   "src/commands/serve.ts"() {
     "use strict";
-    ENV_TEMPLATE = `# Corporation API server configuration
-# Generated by: corp serve
-
-# Required \u2014 secret for signing JWTs
-JWT_SECRET={{JWT_SECRET}}
-
-# Required \u2014 Fernet key for encrypting secrets at rest (base64url, 32 bytes)
-SECRETS_MASTER_KEY={{SECRETS_MASTER_KEY}}
-
-# Required \u2014 bearer token for internal worker-to-server auth
-INTERNAL_WORKER_TOKEN={{INTERNAL_WORKER_TOKEN}}
-
-# Server port (default: 8000)
-# PORT=8000
-
-# Data directory for git repos (default: ./data/repos)
-# DATA_DIR=./data/repos
-
-# Redis URL for agent job queue (optional)
-# REDIS_URL=redis://localhost:6379/0
-
-# LLM proxy upstream (default: https://openrouter.ai/api/v1)
-# LLM_UPSTREAM_URL=https://openrouter.ai/api/v1
-
-# PEM-encoded Ed25519 key for signing git commits (optional)
-# COMMIT_SIGNING_KEY=
-
-# Max agent queue depth (default: 1000)
-# MAX_QUEUE_DEPTH=1000
-`;
   }
 });
 
@@ -6699,6 +7637,12 @@ var TAX_DOCUMENT_TYPE_CHOICES = [
   "w2",
   "form_w2"
 ];
+var FINALIZE_ITEM_STATUS_CHOICES = [
+  "discussed",
+  "voted",
+  "tabled",
+  "withdrawn"
+];
 var program = new Command();
 program.name("corp").description("corp \u2014 Corporate governance from the terminal").version(pkg.version);
 program.command("setup").description("Interactive setup wizard").action(async () => {
@@ -6949,7 +7893,10 @@ capTableCmd.command("approve-valuation <valuation-ref>").option("--resolution-id
     json: inheritOption(opts.json, parent.json)
   });
 });
-var financeCmd = program.command("finance").description("Invoicing, payroll, payments, banking").option("--entity-id <ref>", "Entity reference (ID, short ID, @last, or unique name)").option("--json", "Output as JSON");
+var financeCmd = program.command("finance").description("Invoicing, payroll, payments, banking").option("--entity-id <ref>", "Entity reference (ID, short ID, @last, or unique name)").option("--json", "Output as JSON").action(async (opts) => {
+  const { financeSummaryCommand: financeSummaryCommand2 } = await Promise.resolve().then(() => (init_finance(), finance_exports));
+  await financeSummaryCommand2(opts);
+});
 financeCmd.command("invoices").option("--json", "Output as JSON").description("List invoices").action(async (opts, cmd) => {
   const parent = cmd.parent.opts();
   const { financeInvoicesCommand: financeInvoicesCommand2 } = await Promise.resolve().then(() => (init_finance(), finance_exports));
@@ -7173,7 +8120,12 @@ governanceCmd.command("agenda-items <meeting-ref>").description("List agenda ite
   const { listAgendaItemsCommand: listAgendaItemsCommand2 } = await Promise.resolve().then(() => (init_governance(), governance_exports));
   await listAgendaItemsCommand2(meetingId, { entityId: parent.entityId, json: parent.json });
 });
-governanceCmd.command("finalize-item <meeting-ref> <item-ref>").requiredOption("--status <status>", "Status: voted, discussed, tabled, withdrawn").option("--json", "Output as JSON").option("--dry-run", "Show the request without finalizing the item").description("Finalize an agenda item").action(async (meetingId, itemId, opts, cmd) => {
+governanceCmd.command("finalize-item <meeting-ref> <item-ref>").addOption(
+  new Option(
+    "--status <status>",
+    `Status (${FINALIZE_ITEM_STATUS_CHOICES.join(", ")})`
+  ).choices([...FINALIZE_ITEM_STATUS_CHOICES]).makeOptionMandatory()
+).option("--json", "Output as JSON").option("--dry-run", "Show the request without finalizing the item").description("Finalize an agenda item").action(async (meetingId, itemId, opts, cmd) => {
   const parent = cmd.parent.opts();
   const { finalizeAgendaItemCommand: finalizeAgendaItemCommand2 } = await Promise.resolve().then(() => (init_governance(), governance_exports));
   await finalizeAgendaItemCommand2(meetingId, itemId, {
@@ -7209,6 +8161,24 @@ documentsCmd.command("signing-link <doc-ref>").option("--entity-id <ref>", "Enti
   const { documentsSigningLinkCommand: documentsSigningLinkCommand2 } = await Promise.resolve().then(() => (init_documents(), documents_exports));
   await documentsSigningLinkCommand2(docId, { entityId: opts.entityId ?? parent.entityId });
 });
+documentsCmd.command("sign <doc-ref>").option("--entity-id <ref>", "Entity reference (overrides active entity and parent command)").option("--signer-name <name>", "Manual signer name").option("--signer-role <role>", "Manual signer role").option("--signer-email <email>", "Manual signer email").option("--signature-text <text>", "Manual signature text (defaults to signer name)").option("--json", "Output as JSON").description("Sign a formation document, or auto-sign all missing required signatures").action(async (docId, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { documentsSignCommand: documentsSignCommand2 } = await Promise.resolve().then(() => (init_documents(), documents_exports));
+  await documentsSignCommand2(docId, {
+    ...opts,
+    entityId: opts.entityId ?? parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+documentsCmd.command("sign-all").option("--entity-id <ref>", "Entity reference (overrides active entity and parent command)").option("--json", "Output as JSON").description("Auto-sign all outstanding formation documents for an entity").action(async (opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { documentsSignAllCommand: documentsSignAllCommand2 } = await Promise.resolve().then(() => (init_documents(), documents_exports));
+  await documentsSignAllCommand2({
+    ...opts,
+    entityId: opts.entityId ?? parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
 documentsCmd.command("generate").requiredOption("--template <type>", "Template type (consulting_agreement, employment_offer, contractor_agreement, nda, custom)").requiredOption("--counterparty <name>", "Counterparty name").option("--effective-date <date>", "Effective date (ISO 8601, defaults to today)").option("--base-salary <amount>", "Employment offer base salary (for employment_offer)").option("--param <key=value>", "Additional template parameter (repeatable)", (value, values) => [...values, value], []).option("--json", "Output as JSON").description("Generate a contract from a template").action(async (opts, cmd) => {
   const parent = cmd.parent.opts();
   const { documentsGenerateCommand: documentsGenerateCommand2 } = await Promise.resolve().then(() => (init_documents(), documents_exports));
@@ -7218,7 +8188,7 @@ documentsCmd.command("generate").requiredOption("--template <type>", "Template t
     json: inheritOption(opts.json, parent.json)
   });
 });
-documentsCmd.command("preview-pdf").requiredOption("--definition-id <id>", "AST document definition ID (e.g. 'bylaws')").option("--document-id <id>", "Deprecated alias for --definition-id").description("Validate and print the authenticated PDF preview URL for a governance document").action(async (opts, cmd) => {
+documentsCmd.command("preview-pdf").option("--definition-id <id>", "AST document definition ID (e.g. 'bylaws')").option("--document-id <id>", "Deprecated alias for --definition-id").description("Validate and print the authenticated PDF preview URL for a governance document").action(async (opts, cmd) => {
   const parent = cmd.parent.opts();
   const { documentsPreviewPdfCommand: documentsPreviewPdfCommand2 } = await Promise.resolve().then(() => (init_documents(), documents_exports));
   await documentsPreviewPdfCommand2({
@@ -7390,6 +8360,59 @@ workItemsCmd.command("cancel <item-ref>").option("--json", "Output as JSON").des
     json: inheritOption(opts.json, parent.json)
   });
 });
+var servicesCmd = program.command("services").description("Service catalog and fulfillment").option("--entity-id <ref>", "Entity reference (ID, short ID, @last, or unique name)").option("--json", "Output as JSON");
+servicesCmd.command("catalog").option("--json", "Output as JSON").description("List the service catalog").action(async (opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesCatalogCommand: servicesCatalogCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesCatalogCommand2({
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("buy <slug>").option("--json", "Output as JSON").option("--dry-run", "Show the request without executing").description("Purchase a service from the catalog").action(async (slug, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesBuyCommand: servicesBuyCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesBuyCommand2(slug, {
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("list").option("--json", "Output as JSON").description("List service requests for an entity").action(async (opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesListCommand: servicesListCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesListCommand2({
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("show <ref>").option("--json", "Output as JSON").description("Show service request detail").action(async (ref_, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesShowCommand: servicesShowCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesShowCommand2(ref_, {
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("fulfill <ref>").option("--note <note>", "Fulfillment note").option("--json", "Output as JSON").description("Mark a service request as fulfilled (operator)").action(async (ref_, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesFulfillCommand: servicesFulfillCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesFulfillCommand2(ref_, {
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("cancel <ref>").option("--json", "Output as JSON").description("Cancel a service request").action(async (ref_, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesCancelCommand: servicesCancelCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesCancelCommand2(ref_, {
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
 var billingCmd = program.command("billing").description("Billing status, plans, and subscription management").option("--json", "Output as JSON").action(async (opts) => {
   const { billingCommand: billingCommand2 } = await Promise.resolve().then(() => (init_billing(), billing_exports));
   await billingCommand2(opts);
@@ -7403,10 +8426,8 @@ billingCmd.command("upgrade").option("--plan <plan>", "Plan ID to upgrade to (fr
   await billingUpgradeCommand2(opts);
 });
 program.command("approvals").description("Approvals are managed through governance meetings and execution intents").action(async () => {
-  const { printError: printError2 } = await Promise.resolve().then(() => (init_output(), output_exports));
-  printError2(
-    "Approvals are managed through governance meetings.\n  Use: corp governance convene ... to schedule a board meeting\n  Use: corp governance vote <meeting-ref> <item-ref> ... to cast votes"
-  );
+  const { approvalsListCommand: approvalsListCommand2 } = await Promise.resolve().then(() => (init_approvals(), approvals_exports));
+  await approvalsListCommand2({});
 });
 var formCmd = program.command("form").description("Form a new entity with founders and cap table").option("--entity-type <type>", "Entity type (llc, c_corp)").option("--legal-name <name>", "Legal name").option("--jurisdiction <jurisdiction>", "Jurisdiction (e.g. US-DE, US-WY)").option("--member <member>", "Founder as 'name,email,role[,pct[,address[,officer_title[,is_incorporator]]]]' with address as street|city|state|zip, or key=value pairs like 'name=...,email=...,role=...,officer_title=cto,is_incorporator=true,address=street|city|state|zip' (repeatable)", (v, a) => [...a, v], []).option("--member-json <json>", "Founder JSON object (repeatable)", (v, a) => [...a, v], []).option("--members-file <path>", 'Path to a JSON array of founders or {"members": [...]}').option("--address <address>", "Company address as 'street,city,state,zip'").option("--fiscal-year-end <date>", "Fiscal year end (MM-DD)", "12-31").option("--s-corp", "Elect S-Corp status").option("--transfer-restrictions", "Enable transfer restrictions").option("--rofr", "Enable right of first refusal").option("--json", "Output as JSON").option("--dry-run", "Show the request without creating the entity").action(async (opts) => {
   if (opts.entityType && !opts.type) opts.type = opts.entityType;
@@ -7415,11 +8436,13 @@ var formCmd = program.command("form").description("Form a new entity with founde
   await formCommand2(opts);
 });
 formCmd.command("create").description("Create a pending entity (staged flow step 1)").requiredOption("--type <type>", "Entity type (llc, c_corp)").requiredOption("--name <name>", "Legal name").option("--jurisdiction <jurisdiction>", "Jurisdiction (e.g. US-DE, US-WY)").option("--registered-agent-name <name>", "Registered agent legal name").option("--registered-agent-address <address>", "Registered agent address line").option("--formation-date <date>", "Formation date (RFC3339 or YYYY-MM-DD)").option("--fiscal-year-end <date>", "Fiscal year end (MM-DD)").option("--s-corp", "Elect S-Corp status").option("--transfer-restrictions", "Enable transfer restrictions").option("--rofr", "Enable right of first refusal").option("--company-address <address>", "Company address as 'street,city,state,zip'").option("--json", "Output as JSON").option("--dry-run", "Show the request without creating the pending entity").action(async (opts, cmd) => {
+  const parent = cmd.parent.opts();
   const { formCreateCommand: formCreateCommand2 } = await Promise.resolve().then(() => (init_form(), form_exports));
   await formCreateCommand2({
     ...opts,
-    json: inheritOption(opts.json, cmd.parent.opts().json),
-    dryRun: inheritOption(opts.dryRun, cmd.parent.opts().dryRun)
+    jurisdiction: inheritOption(opts.jurisdiction, parent.jurisdiction),
+    json: inheritOption(opts.json, parent.json),
+    dryRun: inheritOption(opts.dryRun, parent.dryRun)
   });
 });
 formCmd.command("add-founder <entity-ref>").description("Add a founder to a pending entity (staged flow step 2)").requiredOption("--name <name>", "Founder name").requiredOption("--email <email>", "Founder email").requiredOption("--role <role>", "Role: director|officer|manager|member|chair").requiredOption("--pct <pct>", "Ownership percentage").addOption(new Option("--officer-title <title>", "Officer title (corporations only)").choices(["ceo", "cfo", "cto", "coo", "secretary", "treasurer", "president", "vp", "other"])).option("--incorporator", "Mark as sole incorporator (corporations only)").option("--address <address>", "Founder address as 'street,city,state,zip'").option("--json", "Output as JSON").option("--dry-run", "Show the request without adding the founder").action(async (entityId, opts, cmd) => {
@@ -7438,11 +8461,19 @@ formCmd.command("finalize <entity-ref>").description("Finalize formation and gen
     dryRun: inheritOption(opts.dryRun, cmd.parent.opts().dryRun)
   });
 });
+formCmd.command("activate <entity-ref>").description("Programmatically sign formation documents and advance an entity to active").option("--evidence-uri <uri>", "Registered-agent consent evidence URI placeholder").option("--evidence-type <type>", "Registered-agent consent evidence type", "generated").option("--filing-id <id>", "External filing identifier to record").option("--receipt-reference <ref>", "External receipt reference to record").option("--ein <ein>", "EIN to confirm (defaults to a deterministic simulated EIN)").option("--json", "Output as JSON").option("--dry-run", "Show the activation plan without mutating").action(async (entityId, opts, cmd) => {
+  const { formActivateCommand: formActivateCommand2 } = await Promise.resolve().then(() => (init_form(), form_exports));
+  await formActivateCommand2(entityId, {
+    ...opts,
+    json: inheritOption(opts.json, cmd.parent.opts().json),
+    dryRun: inheritOption(opts.dryRun, cmd.parent.opts().dryRun)
+  });
+});
 program.command("api-keys").description("List API keys").option("--json", "Output as JSON").action(async (opts) => {
   const { apiKeysCommand: apiKeysCommand2 } = await Promise.resolve().then(() => (init_api_keys(), api_keys_exports));
   await apiKeysCommand2(opts);
 });
-program.command("demo").description("Seed a fully-populated demo corporation").requiredOption("--name <name>", "Corporation name").action(async (opts) => {
+program.command("demo").description("Create a usable demo workspace environment").requiredOption("--name <name>", "Corporation name").option("--scenario <scenario>", "Scenario to create (startup, llc, restaurant)", "startup").option("--minimal", "Use the minimal server-side demo seed instead of the full CLI workflow").option("--json", "Output as JSON").action(async (opts) => {
   const { demoCommand: demoCommand2 } = await Promise.resolve().then(() => (init_demo(), demo_exports));
   await demoCommand2(opts);
 });