@vibecodr/cli 1.0.7 → 1.0.9

package/docs/RELEASE-CHECKLIST.md

@@ -4,7 +4,7 @@ Use this checklist before publishing `@vibecodr/cli`.
 
 ## Repository Boundary
 
-- `git rev-parse --show-toplevel` prints the `tools/vc-tools` repository root.
+- `git rev-parse --show-toplevel` prints the `tools/mcp/Vibecodr-CLI` repository root.
 - No files are staged or committed from the parent Vibecodr repository.
 - The package name is `@vibecodr/cli`.
 - The canonical bin name is `vibecodr`; `vibecodr-mcp` and `vc-tools` are
@@ -22,10 +22,13 @@ npm run check:worker
 npm test
 npm run build
 npm run verify:artifact
-npm run verify:goal
 npm run verify:release
 npm run verify
 node dist/bin/vibecodr-mcp.js --help
+node dist/bin/vibecodr-mcp.js help mcp
+node dist/bin/vibecodr-mcp.js login mcp --help
+node dist/bin/vibecodr-mcp.js login agent --help
+node dist/bin/vibecodr-mcp.js logout agent --help
 node dist/bin/vibecodr-mcp.js help agent
 node dist/bin/vibecodr-mcp.js help computer
 node dist/bin/vibecodr-mcp.js help browser
@@ -48,7 +51,6 @@ Expected results:
 - Tests exit `0`.
 - Build exits `0`.
 - Package artifact verifier exits `0`.
-- Goal coverage verifier exits `0`.
 - Release readiness verifier exits `0` for `VC_TOOLS_RELEASE_CHANNEL=cli-contract`.
 - `VC_TOOLS_RELEASE_CHANNEL=live npm run verify:release` exits `0` only after
   `live-hosted-production` is marked locally verified by fresh production smoke
@@ -74,8 +76,9 @@ Expected results:
 - `inspect` reports one hosted-required check for CLI-contract releases and zero
   hosted-required checks after live production smoke.
 - Unsafe browser URL smoke exits non-zero before any hosted request.
-- The Worker returns health, MCP metadata, and fail-closed auth responses; tests
-  keep contract-mode coverage for no-cost route validation.
+- The Worker returns health, MCP metadata, protected-resource discovery, Bearer
+  auth challenges, and fail-closed auth responses; tests keep contract-mode
+  coverage for no-cost route validation.
 - The contract-mode Worker supports MCP `initialize`, `tools/list`, and
   `tools/call` JSON-RPC requests.
 - Hosted dashboard sections render overview, usage, activity, artifacts, grants,
@@ -206,8 +209,9 @@ Expected hosted guarantees:
   `hosted.worker_5xx` operator alert through the same fanout path. Keep this
   code in parent internal-api `ALERT_CODES`; payloads must stay sanitized to
   method, path pattern, status, and redacted error text only.
-- Hosted API/MCP auth failures write anonymous `auth.failed` audit rows. The
-  scheduled Worker aggregates them and emits the account-scoped
+- Hosted API/MCP auth failures write anonymous `auth.failed` audit rows. OAuth
+  discovery probes are served before auth and must not enter this metric. The
+  scheduled Worker aggregates auth failures and emits the account-scoped
   `E-VIBECODR-VC-TOOLS-AUTH-FAILURE-ANOMALY` /
   `auth.failure_anomaly` operator alert when
   `VC_TOOLS_AUTH_FAILURE_ALERT_THRESHOLD` is crossed inside

package/docs/SECURITY.md

@@ -7,12 +7,16 @@ Cloudflare credential custody.
 
 ## Local Rules
 
-- Plain `vibecodr login` is the default human path. It starts a browser/device
-  approval session, prints a user-checkable code, optionally opens the Vibecodr
-  approval page, and stores the durable credential returned to the polling CLI
-  when the parent API issues one. The browser approval response must never
-  include the signed grant, API key, OAuth token, refresh token, or private
-  device code.
+- Plain `vibecodr login` is the default MCP Gateway OAuth path. It stores only
+  the CLI profile's MCP OAuth session under the historical `@vibecodr/mcp`
+  service; it does not log editor clients into MCP and does not create an Agent
+  Computer credential.
+- `vibecodr login agent` and `vibecodr start` are the hosted Agent Computer
+  human paths. They start a browser/device approval session, print a
+  user-checkable code, optionally open the Vibecodr approval page, and store the
+  durable credential returned to the polling CLI when the parent API issues one.
+  The browser approval response must never include the signed grant, API key,
+  OAuth token, refresh token, or private device code.
 - Non-interactive credentials are preferably accepted through
   `--credential-file`, `--credential-stdin`, `VC_TOOLS_CREDENTIAL_FILE`, or
   local credentials. The input may be an existing Vibecodr grant, a Clerk OAuth

package/docs/VALIDATION-MATRIX.md

@@ -9,8 +9,8 @@ artifacts and tests.
 | CLI Guidelines compliance | `src/cli/parser.ts`, `src/cli/run.ts`, `src/cli/output.ts`, `docs/CLI-GUIDELINES-AUDIT.md` | tests verify command-specific help, docs/support links, typo suggestions, stable JSON, product-safe default output, quiet mode, agent-computer primary nouns, and secure credential file/stdin sources |
 | Agent Computer first-use path | `vibecodr start`, `vibecodr setup`, `vibecodr try`, `vibecodr agent connect/status`, `vibecodr computer status` | tests verify `start` checks account identity, hosted health, MCP connection metadata, usage state, safe readiness output, and agent-native connection details without exposing tokens; `try` proves auth, hosted API, browser, computer, proof saving, and usage readback |
 | CLI login and auth diagnostics | `vibecodr login`, `vibecodr auth status`, `vibecodr auth diagnose`, `vibecodr auth export-agent-env`, safe generic credential file/stdin forms | tests verify browser/device auth starts when no credential is provided, `start` recovers from unreadable stored approval state by opening the normal browser login path, cost-bearing browser commands treat unreadable stored approval as missing auth instead of failing on credential storage shape, the private device code is never printed or stored, approval metadata points to `/settings/vc-tools/approve`, `--no-input` refuses interactive login without network calls, direct token grant caching, generic credential classification for Clerk OAuth/API-key exchange through Vibecodr Auth, durable API-key/OAuth local storage, expired grant refresh from stored API keys, file/stdin credential paths, one-off env credential auth without persistence, status reporting for active credential sources without exposing internal profiles, ambiguous credential denial, redaction, optional API verification, explicit file-store test mode, friendly expired-login errors, isolated config warnings, strict-permission agent credential-file export without printing the secret, and no stored-token forwarding to insecure local API URLs unless explicitly allowed |
-| Remote agent connection setup | `vibecodr agent connect`, advanced `vibecodr connect` | tests verify Streamable HTTP metadata, agent-native tool names, and no token leakage |
-| Remote MCP tool server | `/mcp` in `src/hosted/worker.ts` | tests verify MCP `initialize`, `tools/list`, and `tools/call` JSON-RPC contract flow with agent-native `browser.*`, `computer.*`, `work.*`, `proof.*`, and `usage.status` tool names mapped to hosted canonical capabilities |
+| Remote agent connection setup | `vibecodr agent connect`, advanced `vibecodr connect` | tests verify Streamable HTTP metadata, agent-native tool names, no token leakage, and refusal to write bare named-client configs for `tools.vibecodr.space/mcp` until a supported `vc_tools` client auth flow is proven |
+| Remote MCP tool server | `/mcp` in `src/hosted/worker.ts` | tests verify protected-resource discovery, Bearer `WWW-Authenticate` challenge metadata, MCP `initialize`, `tools/list`, and `tools/call` JSON-RPC contract flow with agent-native `browser.*`, `computer.*`, `work.*`, `proof.*`, and `usage.status` tool names mapped to hosted canonical capabilities |
 | Browser render/screenshot/markdown/PDF tests, crawl, snapshot, and paid agent tasks | `vibecodr browser *`, advanced `vibecodr tools test browser.*` | tests verify capability aliases including `browser.snapshot`, canonical browser and crawl payloads, default submit/wait behavior, `--out` proof saving without exposed IDs, Creator `browser.agent_task` acceptance up to 20 minutes, Pro acceptance up to 1 hour, Free denial, Quick Actions staying short, HTTPS-only validation, localhost/private/internal denial with safe-next-action messaging, URL credential denial, direct cookie/header/storage-state auth material denial, IPv4/IPv6 private, link-local, mapped, NAT64, and 6to4 denial, hosted unsafe redirect-chain denial before cost-bearing dispatch, and Workflow dispatch for paid browser agent tasks |
 | Agent Computer run/tests | `vibecodr computer run/test`, advanced `vibecodr tools test sandbox.*`, hosted Sandbox SDK queue execution | tests verify no local shell execution, bounded command payload, default submit/wait behavior, `--out` proof saving without exposed IDs, public HTTP(S) package/docs egress by default for paid Agent Computer jobs, explicit `--network public`/`--network off` payloads, no private-network opt-in flag, no per-command host allowlist requirement, Cloudflare host policy plus hosted outbound handler denial for private/local/internal destinations and private-resolving DNS, per-command Sandbox SDK timeout forwarding, timeout/fork-storm failure cleanup through sandbox teardown, minimal sandbox env injection, stdout/stderr truncation, sandbox-returned files/output-file paths ignored in favor of one fixed transcript artifact, artifact storage accounting, and sandbox-minute metering |
 | Proof store/read/save/delete | `vibecodr proof list/show/save/delete`, advanced `vibecodr artifacts list/get/pull/create/delete` | tests verify metadata shape, bounded list limits, safe filenames, overwrite guard, explicit in-workspace pull file targets, automatic proof saving from browser/computer aliases and `work follow --out`, explicit confirmation before delete, actor-scoped hosted deletion of D1 shelf rows plus R2 bytes, hosted plan-owned upload caps, hard total artifact storage caps, R2 cleanup after D1 reservation races, workspace-bounded upload/download paths, and symlink/junction escape denial |
@@ -33,11 +33,11 @@ artifacts and tests.
 | Browser Run crawl provider path | `browser.crawl_site`, hosted `/crawl` Quick Action integration | CLI tests verify `browser.crawl` payloads; hosted tests verify crawl start, result fetch, artifact storage, browser-minute usage, and crawl-page usage |
 | Browser Run provider retry/defer | `src/hosted/worker.ts` queue failure handling | hosted tests verify provider 429 responses return jobs to queued/retryable state and do not mark them failed on first rate-limit pressure |
 | Human-use security hardening | CLI and hosted Worker trust-boundary controls | tests verify insecure local API opt-in, workspace-bounded artifacts including symlink/junction denial, scoped Vibecodr CLI grants with per-tool capability scopes, actor-scoped live job/artifact/usage/audit SQL, DNS address-record and redirect-chain enforcement with denial metrics, authenticated-browser material denial, Browser Run Quick Action routing and metered time, crawl metering, paid sandbox public HTTP(S) egress with private/local/internal denial, quota denial metrics, pre-execution and during-execution cancellation guards, hard artifact storage caps, D1/R2 artifact write cleanup, explicit artifact deletion cleanup, and retention-backed artifact expiry |
-| Hosted API/MCP scaffold | `src/hosted/worker.ts`, `wrangler.jsonc`, `migrations/0001_live_schema.sql`, `migrations/0002_actor_scope.sql`, `migrations/0003_quota_reservations.sql`, `migrations/0004_sandbox_quota_reservations.sql`, `migrations/0005_operator_alert_dedupe.sql`, `migrations/0006_scheduled_qa.sql`, `migrations/0007_job_queue_metadata.sql` | `npm run check:worker` and `test/hosted-worker.test.ts` verify health, auth fail-closed behavior, auth-failure audit metrics, user-safe public readiness, protected inspection/dashboard routes, scoped CLI grants, capability-scope denial, MCP metadata, MCP tool flow, dashboard contract, actor-scoped live acceptance, atomic quota reservation including sandbox seconds and parallel race conflict handling, queued-ahead metadata without interactive fairness delay, Workflow-owned paid agent browser dispatch without a Queue binding, Queue rejection for Browser Agent execution, Browser Run Quick Action hard-cap deferral, Browser Session hard-cap deferral, Sandbox hard-cap deferral, provider retry/defer handling, Browser Run large-page timeout bounds, failed-job DLQ retry-boundary behavior without provider re-execution, exhausted failed-job loop prevention, scheduled Queue/DLQ/artifact-storage/retention-cleanup/execution-health/auth-failure/Cloudflare-spend alerting, unexpected hosted 500 alerting, crawl artifacts, scheduled QA config/create/list/run-now enqueue/cron enqueue, sandbox execution timeout/env/output/teardown behavior, sandbox timeout/fork-storm failure cleanup, sandbox-returned file/path suppression, sandbox reservation reconciliation, unsafe redirect rejection before cost-bearing dispatch, D1-backed operator alert dedupe, and contract-mode tool acceptance |
+| Hosted API/MCP scaffold | `src/hosted/worker.ts`, `wrangler.jsonc`, `migrations/0001_live_schema.sql`, `migrations/0002_actor_scope.sql`, `migrations/0003_quota_reservations.sql`, `migrations/0004_sandbox_quota_reservations.sql`, `migrations/0005_operator_alert_dedupe.sql`, `migrations/0006_scheduled_qa.sql`, `migrations/0007_job_queue_metadata.sql` | `npm run check:worker` and `test/hosted-worker.test.ts` verify health, auth fail-closed behavior, OAuth discovery routes that do not emit `auth.failed`, auth-failure audit metrics, user-safe public readiness, protected inspection/dashboard routes, scoped CLI grants, capability-scope denial, MCP protected-resource metadata, MCP auth challenge headers, MCP metadata, MCP tool flow, dashboard contract, actor-scoped live acceptance, atomic quota reservation including sandbox seconds and parallel race conflict handling, queued-ahead metadata without interactive fairness delay, Workflow-owned paid agent browser dispatch without a Queue binding, Queue rejection for Browser Agent execution, Browser Run Quick Action hard-cap deferral, Browser Session hard-cap deferral, Sandbox hard-cap deferral, provider retry/defer handling, Browser Run large-page timeout bounds, failed-job DLQ retry-boundary behavior without provider re-execution, exhausted failed-job loop prevention, scheduled Queue/DLQ/artifact-storage/retention-cleanup/execution-health/auth-failure/Cloudflare-spend alerting, unexpected hosted 500 alerting, crawl artifacts, scheduled QA config/create/list/run-now enqueue/cron enqueue, sandbox execution timeout/env/output/teardown behavior, sandbox timeout/fork-storm failure cleanup, sandbox-returned file/path suppression, sandbox reservation reconciliation, unsafe redirect rejection before cost-bearing dispatch, D1-backed operator alert dedupe, and contract-mode tool acceptance |
 | Live Cloudflare provider | `src/hosted/worker.ts`, `wrangler.jsonc`, `Dockerfile`, `migrations/0001_live_schema.sql`, `migrations/0002_actor_scope.sql`, `migrations/0003_quota_reservations.sql`, `migrations/0004_sandbox_quota_reservations.sql`, `migrations/0005_operator_alert_dedupe.sql`, `migrations/0006_scheduled_qa.sql`, `migrations/0007_job_queue_metadata.sql` | hosted-required for live releases: apply all migrations, set Browser Run Quick Actions secrets and `BROWSER_AGENT_WORKFLOW`, deploy, then smoke health, authenticated login, real Quick Action browser job, real scheduled QA create/list/run-now enqueue/job-readback/monthly-cap denial plus natural cron-tick readback at a real trigger time, real Creator browser agent-task job through `BROWSER_AGENT_WORKFLOW`/`BROWSER`, real Pro browser agent-task job through `BROWSER_AGENT_WORKFLOW`/`BROWSER`, real crawl job, real Creator `standard-1` sandbox job capped at 10 minutes, real Pro `standard-2` sandbox job capped at 30 minutes, R2 artifact download, actor-scoped user-safe usage, crawl-page usage, sandbox-second quota denial, operator-alert dedupe/readback on operator surfaces, COGS dashboard readback, and audit rows against `https://tools.vibecodr.space` |
 | Cloudflare dynamic primitive fit | `docs/CLOUDFLARE-PRIMITIVE-FIT.md`, `docs/API-CONTRACT.md`, `wrangler.jsonc` | docs verify Cloudflare Workflows are the v1 durable `browser.agent_task` lane; Dynamic Workers/Facets/Dynamic Workflows remain future supervised dynamic-code capabilities, not replacements for v1 Browser Run Quick Actions, Sandbox SDK, D1, R2, Queue/DLQ, or platform-owned quota/audit/billing authority |
 | Production-grade packaging | build, typecheck, test, explicit npm exports, CLI-only runtime dependencies, pack verifier, CI | `npm run verify`; pack verifier rejects `docs/`, hosted Worker source, migrations, deployment config, tests, scripts, and Cloudflare primitive runtime dependencies from the public npm artifact |
-| Inspectable goal coverage | `vibecodr inspect`, `src/core/goal-coverage.ts`, `scripts/check-goal-coverage.mjs` | `npm run verify:goal` and `test/cli.behavior.test.ts` verify coverage output |
+| Inspectable goal coverage | `vibecodr inspect`, `src/legacy/core/goal-coverage.ts` | `npm run verify:release` and `test/legacy/cli.behavior.test.ts` verify coverage output |
 
 ## Completion Gate
 
@@ -48,7 +48,7 @@ Before shipping:
 3. `npm test`
 4. `npm run build`
 5. `npm run verify:artifact`
-6. `npm run verify:goal`
+6. `npm run verify:release`
 7. Manual CLI smoke against a mock or real API
 8. Hosted service smoke against `https://tools.vibecodr.space`
 

package/docs/architecture.md

@@ -1,22 +1,25 @@
 # Architecture
 
-The Vibecodr CLI is a client of the hosted Vibecodr MCP gateway.
+The Vibecodr CLI is the unified user-facing command surface for the hosted MCP Gateway and the hosted Agent Computer.
 
 ## Boundary
 
 - hosted MCP gateway/server repo: `Vibecodr-MCP`
-- CLI client repo: `Vibecodr-MCP-CLI`
+- CLI and hosted Agent Computer worker repo: `Vibecodr-CLI`
 - CLI package: `@vibecodr/cli`
 - primary executable: `vibecodr`
-- compatibility executable: `vibecodr-mcp`
+- compatibility executables: `vibecodr-mcp`, `vc-tools`
 - legacy package compatibility: `@vibecodr/mcp`
 - default MCP URL: `https://openai.vibecodr.space/mcp`
+- Agent Computer API URL: `https://tools.vibecodr.space`
 
-This repo does not run the hosted server. It installs client config, performs CLI-owned OAuth, discovers the live tool catalog, and calls tools over Streamable HTTP MCP.
+This repo does not run the hosted MCP gateway. It does own the distributable CLI and the hosted Agent Computer worker source. The CLI installs client config, performs CLI-owned OAuth for the MCP Gateway, discovers the live gateway tool catalog, calls tools over Streamable HTTP MCP, and routes Agent Computer commands to `tools.vibecodr.space`.
 
 ## Auth Ownership
 
-`vibecodr login` stores OAuth tokens for the CLI profile only.
+`vibecodr login` and `vibecodr login mcp` store OAuth tokens for the CLI profile only.
+
+`vibecodr login agent` and `vibecodr start` store the hosted Agent Computer credential only.
 
 Codex, Cursor, VS Code, Windsurf, ChatGPT, and other MCP clients own separate OAuth sessions. Installing MCP config into those clients points them at the same server, but it does not copy CLI tokens into them.
 
@@ -26,7 +29,7 @@ The CLI is permissively licensed and safe to distribute as a public client packa
 
 The package name is `@vibecodr/cli` because this repo distributes the user-facing command-line client. The older `@vibecodr/mcp` package name is kept only as a compatibility/deprecation surface; the bare `vibecodr` executable remains the canonical user command.
 
-Local config directories and secure-token service names intentionally keep their historical `vibecodr-mcp` / `@vibecodr/mcp` identifiers during this migration. Those names are storage compatibility keys, not the public npm package identity.
+Local config directories and secure-token service names intentionally keep their historical `vibecodr-mcp`, `vc-tools`, `@vibecodr/mcp`, and `@vibecodr/vc-tools` identifiers during this migration. Those names are storage compatibility keys, not the public npm package identity.
 
 Keeping the repos separate makes the contract clear:
 

package/docs/auth.md

@@ -1,12 +1,18 @@
 # Auth
 
-`vibecodr login` authenticates the CLI itself to the hosted Vibecodr MCP server. It does not log Codex, Cursor, VS Code, Windsurf, ChatGPT, or any other MCP client into MCP.
+`vibecodr login` defaults to authenticating the CLI itself to the hosted Vibecodr MCP server. It does not log Codex, Cursor, VS Code, Windsurf, ChatGPT, or any other MCP client into MCP.
 
-Vibecodr has one hosted MCP gateway. The CLI is one client of that gateway, with its own local OAuth token store.
+Vibecodr now has two CLI credential lanes:
+
+- MCP Gateway: `vibecodr login` or `vibecodr login mcp`, stored under the historical `@vibecodr/mcp` service.
+- Hosted Agent Computer: `vibecodr login agent` or the automatic `vibecodr start` approval flow, stored under the historical `@vibecodr/vc-tools` service.
+
+The token types are intentionally separate. Status and doctor can read both lanes, but the CLI does not merge or copy credentials between them.
 
 Compatibility alias:
 
 - `vibecodr-mcp login`
+- `vc-tools login` for the Agent Computer compatibility path
 
 ## Implemented now
 
@@ -15,7 +21,8 @@ Compatibility alias:
 - loopback callback on `127.0.0.1`
 - secure token storage in the OS credential store via `@napi-rs/keyring`
 - proactive refresh before protected runtime commands when a refresh token is available
-- `logout` local token deletion plus best-effort revocation
+- `logout` local token deletion plus best-effort revocation for MCP Gateway sessions
+- `logout agent --yes` local Agent Computer credential deletion through the compatibility lane
 
 The plaintext file secret store is for local automated tests only. It is ignored unless both `VIBECDR_MCP_INSECURE_SECRET_STORE_PATH` and `VIBECDR_MCP_ENABLE_INSECURE_SECRET_STORE=true` are set.
 
@@ -48,10 +55,11 @@ Current repo reality:
 
 ## Runtime behavior
 
-- `login` prints the authorization URL by default so the browser step is explicit and reliable across shells
-- `login --browser open` opts into automatic browser launch
-- `status` reads local session state without requiring the network unless `--probe` is used
-- `tools` and `call` will attempt to reuse the stored session
+- `login` and `login mcp` print the authorization URL by default so the browser step is explicit and reliable across shells
+- `login mcp --browser open` opts into automatic browser launch
+- `login agent` starts the hosted Agent Computer approval flow; `start` also opens this flow when no Agent Computer credential is stored
+- `status` reads local MCP Gateway and Agent Computer credential state without requiring the network unless `--probe` is used
+- `mcp tools`, `tools`, `mcp call`, and `call` will attempt to reuse the stored MCP Gateway session
 - if the access token is close to expiry and a refresh token is present, the CLI refreshes before making the MCP request
 
 ## Verified now

package/docs/commands.md

@@ -10,6 +10,12 @@ The Vibecodr CLI talks to two hosted endpoints. Every command targets exactly on
 
 The three bin entries — `vibecodr`, `vibecodr-mcp`, `vc-tools` — all resolve to the same dispatcher. The `vc-tools` bin remains for back-compat and routes every command through the legacy code path so output is byte-equivalent to `@vibecodr/vc-tools@0.1.4`. The `vibecodr` bin runs the MCP-gateway commands inline and cross-routes the hosted Agent Computer commands into the legacy code path. The `vibecodr-mcp` bin is the alias preserved from `@vibecodr/cli@0.2.x`.
 
+The human-facing command experience is deliberately guided: `vibecodr`,
+`vibecodr status`, and `vibecodr doctor` should answer what to do next before
+they teach service names. The architecture underneath remains explicit:
+commands still route to one hosted endpoint, JSON stays stable for scripts, and
+diagnostics preserve the real credential/service boundary.
+
 ## Global flags
 
 All commands accept:
@@ -36,23 +42,31 @@ Alternate MCP servers are profile-scoped, not runtime overrides. Use `vibecodr c
 
 ## Authentication
 
-### `vibecodr login` (M)
+### `vibecodr login [mcp|agent]` (*)
+
+`vibecodr login [mcp] [--scope <oauth-scope>] [--registration auto|preregistered|cimd|dcr|manual] [--browser open|print] [--timeout-sec <n>]`
+
+Authenticates this CLI against the MCP gateway via CIMD/PKCE. Prints the authorization URL by default; `--browser open` launches the browser automatically. Stores the encrypted session under the `@vibecodr/mcp` keyring service. The explicit `mcp` scope is accepted for clarity and is equivalent to the default.
 
-`vibecodr login [--scope <oauth-scope>] [--registration auto|preregistered|cimd|dcr|manual] [--browser open|print] [--timeout-sec <n>]`
+`vibecodr login agent [--no-browser] [--credential-file <path> | --credential-stdin]`
 
-Authenticates this CLI against the MCP gateway via CIMD/PKCE. Prints the authorization URL by default; `--browser open` launches the browser automatically. Stores the encrypted session under the `@vibecodr/mcp` keyring service.
+Authenticates this machine for the hosted Agent Computer. This is the explicit spelling for the device-code/API-key lane that `vibecodr start` also opens when no Agent Computer credential is available. It stores the durable credential under the historical `@vibecodr/vc-tools` keyring service.
 
-### `vibecodr logout` (M)
+### `vibecodr logout [mcp|agent]` (*)
 
-`vibecodr logout [--all] [--no-revoke]`
+`vibecodr logout [mcp] [--all] [--no-revoke]`
 
 Clears the MCP gateway session. Does not touch editor-owned auth or the hosted Agent Computer credential.
 
-### `vibecodr status` (M)
+`vibecodr logout agent --yes`
+
+Clears the hosted Agent Computer credential lane. This preserves the historical confirmation requirement from the `vc-tools` compatibility surface.
+
+### `vibecodr status` (*)
 
 `vibecodr status [--probe] [--show-installs]`
 
-Without `--probe`, reads only local state. `--show-installs` distinguishes configured, missing, and external managed installs.
+Without `--probe`, reads only local state, including both the MCP Gateway and hosted Agent Computer credential lanes. `--show-installs` distinguishes configured, missing, and external managed installs.
 
 ### `vibecodr whoami` (M)
 
@@ -60,6 +74,12 @@ Without `--probe`, reads only local state. `--show-installs` distinguishes confi
 
 Calls the protected `get_account_capabilities` MCP tool. Prints account identity, plan, CLI profile, server URL, and session state. Same refresh + interactive login retry path as `call`.
 
+### `vibecodr feedback` (M)
+
+`vibecodr feedback [message] [--message <text>] [--subject <text>] [--category feedback|idea|bug|question|praise|other] [--page-url <url>] [--no-login]`
+
+Sends product feedback to the MCP Gateway `submit_feedback` tool. The platform stores the note for review and queues founder notification. This is for product feedback, ideas, questions, praise, or rough edges; do not use it for secrets or vulnerability details.
+
 ### `vibecodr start` / `vibecodr setup` (H)
 
 `vibecodr start [--api-url <url>] [--browser open|print] [--credential ...] [--token ...] [--no-input]`
@@ -70,19 +90,19 @@ Calls the protected `get_account_capabilities` MCP tool. Prints account identity
 
 `auth diagnose` reports local credential health and which surface owns the active session. `auth export-agent-env` emits `VC_TOOLS_*` environment variables so an isolated agent shell can pick up the cached credential.
 
-## Agent client installation (*)
+## Add Vibecodr To An App (*)
 
 ### `vibecodr install <client>` / `vibecodr uninstall <client>`
 
 `vibecodr install <codex|cursor|vscode|windsurf|claude-desktop|claude-code> [--scope user|project] [--path <dir>] [--name <server-name>] [--open-client] [--overwrite] [--dry-run]`
 
-Adds (or removes) the hosted Vibecodr MCP server to the client's MCP catalog. `codex`, `vscode`, and `claude-code` prefer their own CLI shim (`codex mcp add`, `code --add-mcp`, `claude mcp add`) and fall back to writing the client's config file. `cursor`, `windsurf`, `claude-desktop` always write the client's config file directly. Records the install in `installs.json` so `uninstall` can find it.
+Adds (or removes) the OAuth-backed Vibecodr MCP Gateway server to an app such as Codex, Cursor, VS Code, Windsurf, Claude Desktop, or Claude Code. In command syntax we call that app a `client`. `codex`, `vscode`, and `claude-code` prefer their own CLI shim (`codex mcp add`, `code --add-mcp`, `claude mcp add`) and fall back to writing the app config file. `cursor`, `windsurf`, and `claude-desktop` always write the app config file directly. Records the install in `installs.json` so `uninstall` can find it. Profiles pointed at `tools.vibecodr.space/mcp` are refused here because that hosted Agent Computer endpoint uses `vc_tools` grants, not editor-owned MCP Gateway OAuth sessions.
 
 ### `vibecodr connect` / `vibecodr agent connect` (H)
 
 `vibecodr connect --client <codex|cursor|vscode|windsurf|claude-desktop|claude-code> [--print] [--name <server-name>] [--install] [--overwrite]`
 
-Prints (`--print`) or installs (`--install`) the MCP connection details for the hosted Agent Computer. The `vibecodr agent connect` form is the agent-shaped alias; both reach the same code path.
+Prints (`--print`) the MCP connection details for the hosted Agent Computer. The `vibecodr agent connect` form is the agent-shaped alias; both reach the same code path. Named editor/client installs are skipped for `tools.vibecodr.space/mcp` until that client has a proven `vc_tools` grant flow; use `vibecodr install <client>` for the OAuth-backed MCP Gateway and `vibecodr start`/`vibecodr try` for CLI-owned Agent Computer credentials.
 
 ## Hosted browser (H)
 
@@ -159,17 +179,23 @@ Prints the URL of the hosted supervision dashboard. Does not open a browser; tha
 
 ## MCP gateway tooling (M)
 
-### `vibecodr tools` / `vibecodr tools test`
+### `vibecodr mcp tools`
+
+`vibecodr mcp tools [<tool-name>] [--search <text>] [--schema] [--no-login]`
+
+Lists the live MCP tool catalog from `openai.vibecodr.space/mcp`. With `<tool-name>`, prints the schema for that tool. `--schema` includes the full JSON schema. `vibecodr tools` remains a compatibility alias for this MCP gateway catalog.
+
+### `vibecodr mcp call <tool-name>`
 
-`vibecodr tools [<tool-name>] [--search <text>] [--schema] [--no-login]`
+`vibecodr mcp call <tool-name> [--input-json <json>] [--input-file <path>] [--stdin] [--interactive] [--timeout-sec <n>] [--no-login] [--confirm]`
 
-Lists the live MCP tool catalog from `openai.vibecodr.space/mcp`. With `<tool-name>`, prints the schema for that tool. `--schema` includes the full JSON schema. `tools test <tool-name>` runs the gateway's `validators` against a sample input.
+Invokes the named MCP tool. `vibecodr call` remains a compatibility alias for this gateway command. `--interactive` supports top-level scalar object fields; richer schemas should use `--input-json` or `--input-file`. `--confirm` is required for known mutating tools. The CLI redacts source, descriptor, token, secret, and inline file-content fields from displayed arguments and results while preserving safe operator handles (`artifactId`, `jobId`, `requestId`, `traceId`, `errorCode`, `credentialType`, `tokenCount`, `tokenKind`). The gateway remains the authority boundary for OAuth, owner scoping, confirmation policy, and output shaping. `--timeout-sec <n>` changes only the local MCP transport timeout and is not forwarded as a server tool argument.
 
-### `vibecodr call <tool-name>`
+### `vibecodr tools test`
 
-`vibecodr call <tool-name> [--input-json <json>] [--input-file <path>] [--stdin] [--interactive] [--timeout-sec <n>] [--no-login] [--confirm]`
+`vibecodr tools test <capability> [target] [--command <cmd>] [--timeout-ms <ms>] [--max-pages n] [--max-depth n] [--no-render]`
 
-Invokes the named MCP tool. `--interactive` supports top-level scalar object fields; richer schemas should use `--input-json` or `--input-file`. `--confirm` is required for known mutating tools. The CLI redacts source, descriptor, token, secret, and inline file-content fields from displayed arguments and results while preserving safe operator handles (`artifactId`, `jobId`, `requestId`, `traceId`, `errorCode`, `credentialType`, `tokenCount`, `tokenKind`). The gateway remains the authority boundary for OAuth, owner scoping, confirmation policy, and output shaping. `--timeout-sec <n>` changes only the local MCP transport timeout and is not forwarded as a server tool argument.
+Compatibility route for hosted Agent Computer capability checks. New docs should prefer the explicit Agent Computer commands (`vibecodr browser ...`, `vibecodr computer ...`, `vibecodr work ...`, `vibecodr proof ...`) and the explicit MCP namespace (`vibecodr mcp tools`, `vibecodr mcp call ...`).
 
 For `quick_publish_creation` with `payload.importMode: "direct_files"`, pass file paths as normal slash-separated project paths (`src/main.tsx`, `src/server/binding-proof.js`). Do not pre-encode slashes as `%2F`; the hosted gateway encodes each URL segment when it writes files to Vibecodr.
 
@@ -185,7 +211,7 @@ Direct-to-R2 staged uploads (no base64 payloads). Hosted gateway returns a presi
 
 `vibecodr pulse-setup [--descriptor-setup-json <json> | --descriptor-setup-file <path>]`
 
-Walks live Pulse setup (provider connections, secret bindings, Stripe-first webhook helper). Without args, prompts interactively.
+Calls the MCP gateway tool `get_pulse_setup_guidance` and relays descriptor-derived setup guidance. When `--descriptor-setup-json` or `--descriptor-setup-file` is provided, the input must be a `PulseDescriptorSetupProjection` derived from the platform `PulseDescriptor` source of truth, not handwritten setup copy. Without args, the command asks the gateway for general setup guidance.
 
 ### `vibecodr pulse-publish`
 
@@ -216,7 +242,7 @@ Runs a small browser + computer + proof + usage check end-to-end to verify the a
 
 ### `vibecodr doctor` (*)
 
-`vibecodr doctor [--json]` walks local health: secret store availability, browser launcher, network reachability, MCP gateway handshake, hosted worker handshake. Includes device-code surface checks for the hosted Agent Computer.
+`vibecodr doctor [--json]` walks local health: secret store availability, browser launcher, MCP gateway reachability, PKCE support, refresh-token state, and both local credential lanes. It does not print token values.
 
 ### `vibecodr config` (*)
 

package/docs/install.md

@@ -18,12 +18,12 @@ After the package is published:
 npx -y -p @vibecodr/cli vibecodr install codex
 ```
 
-Direct CLI-only usage:
-
-```bash
+Direct CLI-only usage:
+
+```bash
 npx -y -p @vibecodr/cli vibecodr login
-npx -y -p @vibecodr/cli vibecodr tools --json
-```
+npx -y -p @vibecodr/cli vibecodr mcp tools --json
+```
 
 ## Client commands
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecodr/cli",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": "The official Vibecodr CLI: hosted browser, hosted computer, capsule uploads, Pulse operations, and agent-client MCP setup under one command.",
   "license": "Apache-2.0",
   "type": "module",
@@ -33,7 +33,7 @@
   ],
   "repository": {
     "type": "git",
-    "url": "https://github.com/BradenHartsell/Vibecodr-CLI.git"
+    "url": "git+https://github.com/BradenHartsell/Vibecodr-CLI.git"
   },
   "bugs": {
     "url": "https://github.com/BradenHartsell/Vibecodr-CLI/issues"
@@ -55,7 +55,8 @@
     "test:integration:worker": "node --import tsx --test test/worker-gateway.integration.test.ts",
     "verify:artifact": "node scripts/check-pack-artifact.mjs",
     "verify:release": "node scripts/check-release-readiness.mjs",
-    "verify": "npm run check && npm run build && npm test && npm run verify:artifact && npm run verify:release"
+    "verify": "npm run check && npm run build && npm test && npm run verify:artifact && npm run verify:release",
+    "publish:release": "node scripts/publish-release.mjs"
   },
   "dependencies": {
     "@iarna/toml": "^2.2.5",