@viberaven/cli 1.1.6 → 1.1.7

package/dist/cli.js

@@ -31,9 +31,9 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
-// ../../node_modules/picocolors/picocolors.js
+// ../../../../node_modules/picocolors/picocolors.js
 var require_picocolors = __commonJS({
-  "../../node_modules/picocolors/picocolors.js"(exports2, module2) {
+  "../../../../node_modules/picocolors/picocolors.js"(exports2, module2) {
     var p2 = process || {};
     var argv = p2.argv || [];
     var env = p2.env || {};
@@ -103,9 +103,9 @@ var require_picocolors = __commonJS({
   }
 });
 
-// ../../node_modules/sisteransi/src/index.js
+// ../../../../node_modules/sisteransi/src/index.js
 var require_src = __commonJS({
-  "../../node_modules/sisteransi/src/index.js"(exports2, module2) {
+  "../../../../node_modules/sisteransi/src/index.js"(exports2, module2) {
     "use strict";
     var ESC = "\x1B";
     var CSI = `${ESC}[`;
@@ -170,8 +170,8 @@ __export(cli_exports, {
   runScanCommand: () => runScanCommand
 });
 module.exports = __toCommonJS(cli_exports);
-var import_promises19 = require("node:fs/promises");
-var import_node_path25 = require("node:path");
+var import_promises25 = require("node:fs/promises");
+var import_node_path31 = require("node:path");
 
 // src/config.ts
 var import_node_os = require("node:os");
@@ -655,6 +655,7 @@ var PUBLIC_INIT_ALL_COMMAND = `${PUBLIC_COMMAND} init --agents all`;
 var PUBLIC_AUDIT_COMMAND = `${PUBLIC_COMMAND} audit --vercel-supabase`;
 var PUBLIC_NEXT_JSON_COMMAND = `${PUBLIC_COMMAND} next --json`;
 var PUBLIC_CLEAN_PLAN_COMMAND = `${PUBLIC_COMMAND} clean --plan`;
+var PUBLIC_ACTIONS_COMMAND = `${PUBLIC_COMMAND} actions`;
 function promptGapCommand(gapId) {
   return `${PUBLIC_COMMAND} prompt --gap ${gapId}`;
 }
@@ -2215,20 +2216,20 @@ function mapEvidenceSourceToLegacyEvidenceClass(source, status) {
   }
   return "mcp-verifier";
 }
-function isProviderLayerCheck(check2) {
-  return check2.evidenceSource === "provider" || check2.evidenceSource === "mcp";
+function isProviderLayerCheck(check) {
+  return check.evidenceSource === "provider" || check.evidenceSource === "mcp";
 }
-function isRepoLayerCheck(check2) {
-  return check2.evidenceSource === "repo";
+function isRepoLayerCheck(check) {
+  return check.evidenceSource === "repo";
 }
 function computeLayerReadinessPercent(checks, layer) {
   const filtered = checks.filter(
-    (check2) => layer === "repo" ? isRepoLayerCheck(check2) : isProviderLayerCheck(check2)
+    (check) => layer === "repo" ? isRepoLayerCheck(check) : isProviderLayerCheck(check)
   );
   if (filtered.length === 0) {
     return 100;
   }
-  const verified = filtered.filter((check2) => check2.status === "verified").length;
+  const verified = filtered.filter((check) => check.status === "verified").length;
   return Math.round(verified / filtered.length * 100);
 }
 function aggregateReadinessPercents(providerResults) {
@@ -2260,7 +2261,7 @@ function mergeVerificationIntoMissionGraph(graph, layer) {
     if (!mission) {
       continue;
     }
-    if (mission.checks.some((check2) => check2.verificationCheckId === layerCheck.id || check2.id === missionRowId(layerCheck.id))) {
+    if (mission.checks.some((check) => check.verificationCheckId === layerCheck.id || check.id === missionRowId(layerCheck.id))) {
       continue;
     }
     mission.checks.push(verificationCheckToMissionCheck(layerCheck, mission));
@@ -2351,7 +2352,7 @@ function readinessPercentForRepoChecks(checks) {
   if (repoChecks.length === 0) {
     return 100;
   }
-  const verified = repoChecks.filter((check2) => isVerifiedMissionCheck(check2)).length;
+  const verified = repoChecks.filter((check) => isVerifiedMissionCheck(check)).length;
   return Math.round(verified / repoChecks.length * 100);
 }
 function readinessPercentForProviderChecks(checks) {
@@ -2359,29 +2360,29 @@ function readinessPercentForProviderChecks(checks) {
   if (providerChecks.length === 0) {
     return 100;
   }
-  const verified = providerChecks.filter((check2) => isVerifiedMissionCheck(check2)).length;
+  const verified = providerChecks.filter((check) => isVerifiedMissionCheck(check)).length;
   return Math.round(verified / providerChecks.length * 100);
 }
-function isRepoLayerMissionCheck(check2) {
-  if (check2.evidenceSource === "provider" || check2.evidenceSource === "mcp" || check2.evidenceSource === "manual") {
+function isRepoLayerMissionCheck(check) {
+  if (check.evidenceSource === "provider" || check.evidenceSource === "mcp" || check.evidenceSource === "manual") {
     return false;
   }
-  if (check2.evidenceSource === "repo") {
+  if (check.evidenceSource === "repo") {
     return true;
   }
-  return check2.evidenceClass === "repo-verified" || check2.evidenceClass === "missing-repo-fix";
+  return check.evidenceClass === "repo-verified" || check.evidenceClass === "missing-repo-fix";
 }
-function isProviderLayerMissionCheck(check2) {
-  if (check2.evidenceSource === "provider" || check2.evidenceSource === "mcp") {
+function isProviderLayerMissionCheck(check) {
+  if (check.evidenceSource === "provider" || check.evidenceSource === "mcp") {
     return true;
   }
-  return check2.evidenceClass === "mcp-verifier";
+  return check.evidenceClass === "mcp-verifier";
 }
-function isVerifiedMissionCheck(check2) {
-  if (check2.verificationStatus) {
-    return check2.verificationStatus === "verified";
+function isVerifiedMissionCheck(check) {
+  if (check.verificationStatus) {
+    return check.verificationStatus === "verified";
   }
-  return check2.status === "passed" || check2.status === "user-confirmed";
+  return check.status === "passed" || check.status === "user-confirmed";
 }
 function rebuildAreas(providerMissions) {
   const byArea = /* @__PURE__ */ new Map();
@@ -2410,7 +2411,7 @@ function rebuildAreas(providerMissions) {
     const repoReadinessPercent = percentVerified(repoChecks);
     const providerReadinessPercent = percentVerified(providerChecks);
     const criticalCount = missions.flatMap((m2) => m2.checks).filter(
-      (check2) => isProviderLayerMissionCheck(check2) && (check2.verificationStatus === "missing" || check2.status === "missing" || check2.status === "failed")
+      (check) => isProviderLayerMissionCheck(check) && (check.verificationStatus === "missing" || check.status === "missing" || check.status === "failed")
     ).length;
     return {
       key,
@@ -2427,7 +2428,7 @@ function percentVerified(checks) {
   if (checks.length === 0) {
     return 100;
   }
-  const verified = checks.filter((check2) => isVerifiedMissionCheck(check2)).length;
+  const verified = checks.filter((check) => isVerifiedMissionCheck(check)).length;
   return Math.round(verified / checks.length * 100);
 }
 
@@ -2492,7 +2493,7 @@ function toProviderMission(summary) {
     promptSubject: summary.promptSubject,
     readinessPercent: summary.readinessPercent,
     repoReadinessPercent: summary.readinessPercent,
-    providerReadinessPercent: checks.some((check2) => check2.evidenceClass === "mcp-verifier") ? 0 : 100,
+    providerReadinessPercent: checks.some((check) => check.evidenceClass === "mcp-verifier") ? 0 : 100,
     checks
   };
 }
@@ -2537,7 +2538,7 @@ function overlaySifgLeaks(providerMissions, graph) {
   const providerCheckIds = new Map(
     providerMissions.map((mission) => [
       mission.key,
-      new Set(mission.checks.map((check2) => check2.id))
+      new Set(mission.checks.map((check) => check.id))
     ])
   );
   for (const leak of graph.leaks) {
@@ -2556,9 +2557,9 @@ function overlaySifgLeaks(providerMissions, graph) {
       continue;
     }
     const usedCheckIds = providerCheckIds.get(mission.key) ?? /* @__PURE__ */ new Set();
-    const check2 = toSifgMissionCheck(mission, pipeline, pipelineId, leaks, usedCheckIds);
-    mission.checks.push(check2);
-    usedCheckIds.add(check2.id);
+    const check = toSifgMissionCheck(mission, pipeline, pipelineId, leaks, usedCheckIds);
+    mission.checks.push(check);
+    usedCheckIds.add(check.id);
     providerCheckIds.set(mission.key, usedCheckIds);
   }
   for (const mission of providerMissions) {
@@ -2609,11 +2610,11 @@ function stableSifgSuffix(id) {
 }
 function readinessPercentForChecks(checks) {
   const actionableChecks = checks.filter(isActionableCheck);
-  const passed = actionableChecks.filter((check2) => check2.status === "passed").length;
+  const passed = actionableChecks.filter((check) => check.status === "passed").length;
   return Math.round(passed / Math.max(actionableChecks.length, 1) * 100);
 }
-function isActionableCheck(check2) {
-  return check2.evidenceClass !== "manual-dashboard" && check2.evidenceClass !== "mcp-verifier";
+function isActionableCheck(check) {
+  return check.evidenceClass !== "manual-dashboard" && check.evidenceClass !== "mcp-verifier";
 }
 function buildAreas(providerMissions) {
   const byArea = /* @__PURE__ */ new Map();
@@ -2624,15 +2625,15 @@ function buildAreas(providerMissions) {
   }
   return [...byArea.entries()].map(([key, missions]) => {
     const actionableChecks = missions.flatMap((mission) => mission.checks).filter(isActionableCheck);
-    const passed = actionableChecks.filter((check2) => check2.status === "passed").length;
-    const missing = actionableChecks.filter((check2) => check2.status === "missing" || check2.status === "failed").length;
+    const passed = actionableChecks.filter((check) => check.status === "passed").length;
+    const missing = actionableChecks.filter((check) => check.status === "missing" || check.status === "failed").length;
     return {
       key,
       label: AREA_LABELS[key],
       readinessPercent: Math.round(passed / Math.max(actionableChecks.length, 1) * 100),
       repoReadinessPercent: Math.round(passed / Math.max(actionableChecks.length, 1) * 100),
       providerReadinessPercent: missions.some(
-        (mission) => mission.checks.some((check2) => check2.evidenceClass === "mcp-verifier")
+        (mission) => mission.checks.some((check) => check.evidenceClass === "mcp-verifier")
       ) ? 0 : 100,
       criticalCount: missing,
       providerMissions: missions
@@ -7586,9 +7587,9 @@ function runVerifier(verifier, ctx) {
   }
   const connectionState = verifier.connectStatus(ctx);
   const rawChecks = verifier.runChecks(ctx);
-  const checks = rawChecks.map((check2) => ({
-    ...check2,
-    status: coerceProviderVerificationStatus(check2.status, connectionState)
+  const checks = rawChecks.map((check) => ({
+    ...check,
+    status: coerceProviderVerificationStatus(check.status, connectionState)
   }));
   const diffs = verifier.buildDiffs(ctx);
   return {
@@ -7991,8 +7992,8 @@ async function runProjectScan(options) {
 }
 
 // src/artifacts.ts
-var import_promises5 = require("node:fs/promises");
-var import_node_path8 = require("node:path");
+var import_promises7 = require("node:fs/promises");
+var import_node_path10 = require("node:path");
 
 // src/capabilities/classify.ts
 function gapText(gap) {
@@ -8313,24 +8314,24 @@ var CHECK_TO_PLAYBOOK = {
   "stripe-product": "stripe",
   "stripe-keys": "stripe"
 };
-function mapCheckToPlaybook(check2) {
-  if (CHECK_TO_PLAYBOOK[check2.id]) {
-    return CHECK_TO_PLAYBOOK[check2.id];
+function mapCheckToPlaybook(check) {
+  if (CHECK_TO_PLAYBOOK[check.id]) {
+    return CHECK_TO_PLAYBOOK[check.id];
   }
-  const providerKey = check2.providerKey.toLowerCase();
-  if (providerKey.includes("vercel") || check2.area === "deployment") {
+  const providerKey = check.providerKey.toLowerCase();
+  if (providerKey.includes("vercel") || check.area === "deployment") {
     return "vercel";
   }
-  if (providerKey.includes("stripe") || check2.area === "payments") {
+  if (providerKey.includes("stripe") || check.area === "payments") {
     return "stripe";
   }
-  if (providerKey.includes("supabase") && check2.area === "auth") {
+  if (providerKey.includes("supabase") && check.area === "auth") {
     return "auth-supabase";
   }
-  if (providerKey.includes("supabase") || check2.area === "database") {
+  if (providerKey.includes("supabase") || check.area === "database") {
     return "supabase";
   }
-  if (check2.area === "auth") {
+  if (check.area === "auth") {
     return "auth-supabase";
   }
   return "vercel";
@@ -8471,21 +8472,21 @@ function loadPlaybookSync(provider2) {
 }
 
 // src/playbooks/manualChecks.ts
-function isManualProviderCheck(check2) {
-  return check2.evidenceClass === "manual-dashboard" || check2.evidenceClass === "mcp-verifier" || check2.evidenceSource === "provider" || check2.evidenceSource === "mcp" || check2.status === "needs-connection" || check2.status === "unknown";
+function isManualProviderCheck(check) {
+  return check.evidenceClass === "manual-dashboard" || check.evidenceClass === "mcp-verifier" || check.evidenceSource === "provider" || check.evidenceSource === "mcp" || check.status === "needs-connection" || check.status === "unknown";
 }
 function collectManualChecks(artifact) {
   const refs = [];
   for (const area of artifact.missionGraph.areas ?? []) {
     for (const mission of area.providerMissions) {
-      for (const check2 of mission.checks) {
-        if (!isManualProviderCheck(check2)) {
+      for (const check of mission.checks) {
+        if (!isManualProviderCheck(check)) {
           continue;
         }
         refs.push({
           areaLabel: area.label,
           providerLabel: mission.providerLabel,
-          check: check2,
+          check,
           mapCategory: area.key
         });
       }
@@ -8751,8 +8752,8 @@ function generateAgentSummary(artifact) {
   const manualChecks = (artifact.missionGraph.areas ?? []).flatMap(
     (area) => area.providerMissions.flatMap(
       (mission) => mission.checks.filter(
-        (check2) => check2.evidenceClass === "manual-dashboard" || check2.evidenceClass === "mcp-verifier" || check2.evidenceSource === "provider" || check2.evidenceSource === "mcp" || check2.status === "needs-connection" || check2.status === "unknown"
-      ).map((check2) => ({ area: area.label, provider: mission.providerLabel, check: check2 }))
+        (check) => check.evidenceClass === "manual-dashboard" || check.evidenceClass === "mcp-verifier" || check.evidenceSource === "provider" || check.evidenceSource === "mcp" || check.status === "needs-connection" || check.status === "unknown"
+      ).map((check) => ({ area: area.label, provider: mission.providerLabel, check }))
     )
   );
   lines.push("");
@@ -9407,28 +9408,379 @@ function sanitizeArtifactForDisk(artifact) {
   return redactUnknown(artifact);
 }
 
+// src/actions/artifacts.ts
+var import_promises6 = require("node:fs/promises");
+var import_node_path9 = require("node:path");
+
+// src/actions/canonical.ts
+var REPO_MARKERS = [
+  "/app/",
+  "/src/",
+  "/pages/",
+  "/components/",
+  "/lib/",
+  "/server/",
+  "/api/",
+  "/supabase/",
+  "/prisma/",
+  "/drizzle/",
+  "/db/",
+  "/migrations/",
+  "/vercel/",
+  "/.github/"
+];
+function slashPath(value) {
+  return value.replace(/\\/g, "/").replace(/\/+/g, "/").trim();
+}
+function stripQueryAndHash(value) {
+  const queryIndex = value.search(/[?#]/);
+  return queryIndex === -1 ? value : value.slice(0, queryIndex);
+}
+function trimSlashes(value) {
+  return value.replace(/^\/+/, "").replace(/\/+$/, "");
+}
+function stripWindowsDrive(value) {
+  return value.replace(/^[a-z]:\//i, "");
+}
+function stripAbsolutePrefix(value) {
+  const normalized = slashPath(value);
+  const isAbsolute2 = /^[a-z]:\//i.test(normalized) || normalized.startsWith("/");
+  if (!isAbsolute2) {
+    return normalized;
+  }
+  const lower = normalized.toLowerCase();
+  for (const marker of REPO_MARKERS) {
+    const index = lower.lastIndexOf(marker);
+    if (index !== -1) {
+      return normalized.slice(index + 1);
+    }
+  }
+  return stripWindowsDrive(normalized).replace(/^users\/[^/]+\//i, "").replace(/^home\/[^/]+\//i, "");
+}
+function normalizeActionPath(path) {
+  return trimSlashes(stripAbsolutePrefix(stripQueryAndHash(path))).toLowerCase();
+}
+function displayRepoPath(path) {
+  return trimSlashes(stripAbsolutePrefix(stripQueryAndHash(path)));
+}
+function normalizeActionValues(values = []) {
+  return Array.from(new Set(values.map((value) => value.trim().toLowerCase()).filter(Boolean))).sort();
+}
+function normalizeSegment(value) {
+  const normalized = value?.trim().toLowerCase();
+  return normalized || void 0;
+}
+function buildActionKey(input) {
+  const segments = [
+    normalizeSegment(input.kind),
+    normalizeSegment(input.provider),
+    normalizeSegment(input.category),
+    input.target ? normalizeActionPath(input.target) : void 0
+  ].filter((segment) => Boolean(segment));
+  const values = normalizeActionValues(input.values);
+  if (values.length > 0) {
+    segments.push(values.join(","));
+  }
+  return segments.join(":");
+}
+function normalizeFingerprintValue(value) {
+  if (Array.isArray(value)) {
+    const normalized = value.map((entry) => normalizeFingerprintValue(entry)).filter((entry) => entry !== void 0);
+    if (normalized.every((entry) => typeof entry === "string")) {
+      return Array.from(new Set(normalized)).sort();
+    }
+    return normalized;
+  }
+  if (value && typeof value === "object") {
+    return Object.fromEntries(
+      Object.entries(value).filter(([, entry]) => entry !== void 0).sort(([left], [right]) => left.localeCompare(right)).map(([key, entry]) => [key, normalizeFingerprintValue(entry)])
+    );
+  }
+  if (typeof value === "string") {
+    return value.trim();
+  }
+  return value;
+}
+function actionFingerprint(value) {
+  return JSON.stringify(normalizeFingerprintValue(value));
+}
+
+// src/actions/derive.ts
+function verifyActionCommand(id) {
+  return `${PUBLIC_COMMAND} verify --action ${id}`;
+}
+function providerTitle(task) {
+  const provider2 = task.providerAction?.provider.toLowerCase();
+  if (provider2 === "stripe") {
+    return "Connect Stripe Webhook";
+  }
+  if (provider2 === "supabase") {
+    return "Confirm Supabase Production Proof";
+  }
+  if (provider2 === "vercel") {
+    return "Confirm Vercel Production Setup";
+  }
+  return task.title;
+}
+function deriveProviderAction(task) {
+  const provider2 = task.providerAction?.provider.toLowerCase() ?? "provider";
+  const exactStep = task.providerAction?.exactStep ?? task.title;
+  const title = providerTitle(task);
+  const actionKey = buildActionKey({
+    kind: "provider-action",
+    provider: provider2,
+    category: task.gapId,
+    target: exactStep,
+    values: [task.providerAction?.doneSignal ?? ""]
+  });
+  return {
+    id: "pending",
+    actionKey,
+    revision: 1,
+    kind: "provider-action",
+    provider: provider2,
+    title,
+    status: provider2 === "supabase" ? "waiting-on-database-proof" : "waiting-on-provider",
+    severity: task.severity,
+    gapId: task.gapId,
+    readiness: [task.providerAction?.doneSignal ?? "Provider step identified"],
+    target: {
+      type: "provider",
+      label: exactStep,
+      provider: provider2
+    },
+    verifyCommand: verifyActionCommand("pending"),
+    resumeInstruction: `${title} is complete. Continue VibeRaven from pending.`
+  };
+}
+function deriveRepoCodeAction(task) {
+  const targetSource = task.file ?? task.gapId;
+  const canonicalFile = normalizeActionPath(targetSource);
+  const displayFile = displayRepoPath(targetSource);
+  const actionKey = buildActionKey({
+    kind: "repo-code",
+    provider: "repo",
+    category: task.gapId,
+    target: canonicalFile,
+    values: [task.mcpTool ?? "", task.exactFix ?? ""]
+  });
+  return {
+    id: "pending",
+    actionKey,
+    revision: 1,
+    kind: "repo-code",
+    title: task.title,
+    status: "active",
+    severity: task.severity,
+    gapId: task.gapId,
+    readiness: [task.exactFix ?? "Repo-code fix is available"],
+    target: task.file ? { type: "file", label: "Repo target", path: displayFile } : { type: "command", label: "Apply repo fix", command: task.mcpTool ?? `${PUBLIC_COMMAND} prompt --gap ${task.gapId}` },
+    fileTargets: task.file ? [{ path: displayFile, reason: task.exactFix }] : void 0,
+    verifyCommand: verifyActionCommand("pending"),
+    resumeInstruction: `${task.title} is complete. Continue VibeRaven from pending.`,
+    mcpTool: task.mcpTool,
+    mcpArgs: task.mcpArgs,
+    fallbackCommand: `${PUBLIC_COMMAND} --heal --apply --gap ${task.gapId} --yes`
+  };
+}
+function deriveVerifyAction() {
+  return {
+    id: "pending",
+    actionKey: buildActionKey({
+      kind: "verify",
+      provider: "gate",
+      category: "final",
+      target: `${PUBLIC_COMMAND} --strict`
+    }),
+    revision: 1,
+    kind: "verify",
+    title: "Run Final Verification",
+    status: "blocked",
+    readiness: ["Run after provider and repo-code actions are complete"],
+    target: { type: "command", label: "Final strict gate", command: `${PUBLIC_COMMAND} --strict` },
+    verifyCommand: `${PUBLIC_COMMAND} --strict`,
+    resumeInstruction: "Final verification finished. Continue VibeRaven from pending."
+  };
+}
+function deriveCurrentActions(input) {
+  const primaryActions = input.tasks.filter((task) => task.fixType === "provider-action" || task.fixType === "repo-code").map((task) => task.fixType === "provider-action" ? deriveProviderAction(task) : deriveRepoCodeAction(task));
+  return [...primaryActions, deriveVerifyAction()];
+}
+
+// src/actions/registry.ts
+var import_promises5 = require("node:fs/promises");
+var import_node_path8 = require("node:path");
+function emptyActionRegistry() {
+  return { version: 1, nextId: 1, actions: {} };
+}
+function actionRegistryPath(cwd) {
+  return (0, import_node_path8.join)(getProjectArtifactsDir(cwd), "action-registry.json");
+}
+async function loadActionRegistry(cwd) {
+  try {
+    const parsed = JSON.parse(await (0, import_promises5.readFile)(actionRegistryPath(cwd), "utf8"));
+    if (parsed.version === 1 && Number.isInteger(parsed.nextId) && parsed.actions) {
+      return parsed;
+    }
+  } catch {
+  }
+  return emptyActionRegistry();
+}
+async function saveActionRegistry(cwd, registry) {
+  const dir = getProjectArtifactsDir(cwd);
+  await (0, import_promises5.mkdir)(dir, { recursive: true });
+  await (0, import_promises5.writeFile)(actionRegistryPath(cwd), `${JSON.stringify(registry, null, 2)}
+`, "utf8");
+}
+function nextActionId(registry) {
+  const id = `VR-A${registry.nextId}`;
+  registry.nextId += 1;
+  return id;
+}
+function currentFingerprint(action) {
+  return actionFingerprint({
+    kind: action.kind,
+    title: action.title,
+    provider: action.provider,
+    readiness: action.readiness ?? [],
+    target: action.target,
+    copyPayloads: action.copyPayloads ?? [],
+    fileTargets: action.fileTargets ?? [],
+    verifyCommand: action.verifyCommand,
+    resumeInstruction: action.resumeInstruction
+  });
+}
+function replaceActionHandle(value, id) {
+  return value?.replace(/pending|VR-A\d+/g, id);
+}
+function replaceActionTarget(action, id) {
+  const { target } = action;
+  if (!target) {
+    return void 0;
+  }
+  if (target.type === "url") {
+    return { ...target, href: replaceActionHandle(target.href, id) ?? target.href };
+  }
+  if (target.type === "command" || target.type === "verify") {
+    return { ...target, command: replaceActionHandle(target.command, id) ?? target.command };
+  }
+  return target;
+}
+async function assignActionIds(input) {
+  const now = input.now ?? (/* @__PURE__ */ new Date()).toISOString();
+  const registry = await loadActionRegistry(input.cwd);
+  const seen = /* @__PURE__ */ new Set();
+  const actions = input.actions.map((action) => {
+    seen.add(action.actionKey);
+    const fingerprint = currentFingerprint(action);
+    let entry = registry.actions[action.actionKey];
+    if (!entry) {
+      entry = {
+        id: nextActionId(registry),
+        actionKey: action.actionKey,
+        status: "active",
+        createdAt: now,
+        lastSeenAt: now,
+        revision: 1,
+        fingerprint,
+        title: action.title,
+        gapId: action.gapId,
+        kind: action.kind,
+        provider: action.provider
+      };
+    } else {
+      entry.status = "active";
+      entry.lastSeenAt = now;
+      entry.title = action.title;
+      entry.gapId = action.gapId;
+      entry.kind = action.kind;
+      entry.provider = action.provider;
+      if (entry.fingerprint !== fingerprint) {
+        entry.revision += 1;
+        entry.fingerprint = fingerprint;
+      }
+    }
+    registry.actions[action.actionKey] = entry;
+    return {
+      ...action,
+      id: entry.id,
+      revision: entry.revision,
+      verifyCommand: replaceActionHandle(action.verifyCommand, entry.id),
+      resumeInstruction: replaceActionHandle(action.resumeInstruction, entry.id),
+      target: replaceActionTarget(action, entry.id)
+    };
+  });
+  for (const entry of Object.values(registry.actions)) {
+    if (entry.status === "active" && !seen.has(entry.actionKey)) {
+      entry.status = entry.gapId && input.currentGapIds && !input.currentGapIds.has(entry.gapId) ? "resolved" : "stale";
+    }
+  }
+  await saveActionRegistry(input.cwd, registry);
+  return { actions, registry };
+}
+async function resolveActionById(cwd, id) {
+  const registry = await loadActionRegistry(cwd);
+  return Object.values(registry.actions).find((entry) => entry.id === id);
+}
+
+// src/actions/artifacts.ts
+function gateStatus2(artifact) {
+  if (!Array.isArray(artifact.gaps)) {
+    return "unknown";
+  }
+  return artifact.gaps.length === 0 ? "clear" : "not_clear";
+}
+async function writeActionArtifacts(input) {
+  const derived = deriveCurrentActions({
+    artifact: input.artifact,
+    tasks: input.tasks,
+    paths: input.paths
+  });
+  const currentGapIds = new Set(input.artifact.gaps.map((gap) => gap.id));
+  const assigned = await assignActionIds({
+    cwd: input.cwd,
+    actions: derived,
+    currentGapIds
+  });
+  const manifest = {
+    version: 1,
+    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    workspaceRoot: ".",
+    gateStatus: gateStatus2(input.artifact),
+    actions: assigned.actions
+  };
+  const actionsPath = (0, import_node_path9.join)(getProjectArtifactsDir(input.cwd), "actions.json");
+  await (0, import_promises6.writeFile)(actionsPath, `${JSON.stringify(manifest, null, 2)}
+`, "utf8");
+  return {
+    actionsPath,
+    actionRegistryPath: actionRegistryPath(input.cwd),
+    manifest
+  };
+}
+
 // src/artifacts.ts
 async function copyReportAssets(reportAssetsDir) {
   const sourceDir = getBundledReportAssetsDir();
-  await (0, import_promises5.mkdir)((0, import_node_path8.join)(reportAssetsDir, "assets"), { recursive: true });
+  await (0, import_promises7.mkdir)((0, import_node_path10.join)(reportAssetsDir, "assets"), { recursive: true });
   for (const rel of REPORT_ASSET_FILES) {
-    await (0, import_promises5.copyFile)((0, import_node_path8.join)(sourceDir, rel), (0, import_node_path8.join)(reportAssetsDir, rel));
+    await (0, import_promises7.copyFile)((0, import_node_path10.join)(sourceDir, rel), (0, import_node_path10.join)(reportAssetsDir, rel));
   }
 }
 async function writeScanArtifacts(options) {
   const cwd = options.cwd ?? options.artifact.workspacePath;
   const dir = getProjectArtifactsDir(cwd);
-  await (0, import_promises5.mkdir)(dir, { recursive: true });
-  const jsonPath = (0, import_node_path8.join)(dir, "last-scan.json");
-  const gateResultPath = (0, import_node_path8.join)(dir, "gate-result.json");
-  const contextMapPath = (0, import_node_path8.join)(dir, "context-map.json");
-  const gapsDir = (0, import_node_path8.join)(dir, "gaps");
-  const tasklistPath = (0, import_node_path8.join)(dir, "agent-tasklist.md");
-  const summaryPath = (0, import_node_path8.join)(dir, "agent-summary.md");
-  const playbookPath = (0, import_node_path8.join)(dir, "launch-playbook.md");
-  const reportPath = (0, import_node_path8.join)(dir, "report.html");
-  const reportAssetsDir = (0, import_node_path8.join)(dir, "report");
-  await (0, import_promises5.mkdir)(gapsDir, { recursive: true });
+  await (0, import_promises7.mkdir)(dir, { recursive: true });
+  const jsonPath = (0, import_node_path10.join)(dir, "last-scan.json");
+  const gateResultPath = (0, import_node_path10.join)(dir, "gate-result.json");
+  const contextMapPath = (0, import_node_path10.join)(dir, "context-map.json");
+  const gapsDir = (0, import_node_path10.join)(dir, "gaps");
+  const tasklistPath = (0, import_node_path10.join)(dir, "agent-tasklist.md");
+  const summaryPath = (0, import_node_path10.join)(dir, "agent-summary.md");
+  const playbookPath = (0, import_node_path10.join)(dir, "launch-playbook.md");
+  const reportPath = (0, import_node_path10.join)(dir, "report.html");
+  const reportAssetsDir = (0, import_node_path10.join)(dir, "report");
+  await (0, import_promises7.mkdir)(gapsDir, { recursive: true });
   const safe = sanitizeArtifactForDisk(options.artifact);
   const json = `${JSON.stringify(safe, null, 2)}
 `;
@@ -9443,17 +9795,23 @@ async function writeScanArtifacts(options) {
 `;
   const gapEvidenceFiles = generateGapEvidenceFiles(safe);
   await copyReportAssets(reportAssetsDir);
-  await (0, import_promises5.writeFile)(gateResultPath, gateResult, "utf-8");
-  await (0, import_promises5.writeFile)(contextMapPath, contextMap, "utf-8");
+  await (0, import_promises7.writeFile)(gateResultPath, gateResult, "utf-8");
+  await (0, import_promises7.writeFile)(contextMapPath, contextMap, "utf-8");
   for (const gap of gapEvidenceFiles) {
-    await (0, import_promises5.writeFile)((0, import_node_path8.join)(dir, "gaps", `${gap.content.id}.json`), `${JSON.stringify(gap.content, null, 2)}
+    await (0, import_promises7.writeFile)((0, import_node_path10.join)(dir, "gaps", `${gap.content.id}.json`), `${JSON.stringify(gap.content, null, 2)}
 `, "utf-8");
   }
-  await (0, import_promises5.writeFile)(tasklistPath, tasklist, "utf-8");
-  await (0, import_promises5.writeFile)(jsonPath, json, "utf-8");
-  await (0, import_promises5.writeFile)(summaryPath, summary, "utf-8");
-  await (0, import_promises5.writeFile)(playbookPath, playbook, "utf-8");
-  await (0, import_promises5.writeFile)(reportPath, html, "utf-8");
+  await (0, import_promises7.writeFile)(tasklistPath, tasklist, "utf-8");
+  await (0, import_promises7.writeFile)(jsonPath, json, "utf-8");
+  await (0, import_promises7.writeFile)(summaryPath, summary, "utf-8");
+  await (0, import_promises7.writeFile)(playbookPath, playbook, "utf-8");
+  await (0, import_promises7.writeFile)(reportPath, html, "utf-8");
+  const actionArtifacts = await writeActionArtifacts({
+    cwd,
+    artifact: safe,
+    tasks,
+    paths: { reportPath, playbookPath }
+  });
   return {
     dir,
     jsonPath,
@@ -9464,7 +9822,9 @@ async function writeScanArtifacts(options) {
     summaryPath,
     playbookPath,
     reportPath,
-    reportAssetsDir
+    reportAssetsDir,
+    actionsPath: actionArtifacts.actionsPath,
+    actionRegistryPath: actionArtifacts.actionRegistryPath
   };
 }
 
@@ -9573,9 +9933,9 @@ function missionMatchesProvider(mission, provider2) {
   return normalizeProviderToken2(mission.provider || mission.providerLabel || mission.key) === current || normalizeProviderToken2(mission.providerLabel || mission.provider || mission.key) === current;
 }
 function missionEvidenceScore(mission) {
-  const repoVerified = mission.checks.filter((check2) => check2.evidenceClass === "repo-verified" || check2.status === "passed").length;
+  const repoVerified = mission.checks.filter((check) => check.evidenceClass === "repo-verified" || check.status === "passed").length;
   const missing = mission.checks.filter(
-    (check2) => check2.evidenceClass === "missing-repo-fix" || check2.status === "missing" || check2.status === "failed"
+    (check) => check.evidenceClass === "missing-repo-fix" || check.status === "missing" || check.status === "failed"
   ).length;
   return repoVerified * 100 + (mission.readinessPercent ?? 0) - missing;
 }
@@ -9595,7 +9955,7 @@ function openChecksForMission(mission) {
     return 0;
   }
   return mission.checks.filter(
-    (check2) => check2.status === "missing" || check2.status === "failed" || check2.status === "needs-connection"
+    (check) => check.status === "missing" || check.status === "failed" || check.status === "needs-connection"
   ).length;
 }
 
@@ -9627,7 +9987,7 @@ function manualActionCheckCount(artifact) {
   return (artifact.missionGraph.areas ?? []).reduce((areaTotal, area) => {
     return areaTotal + area.providerMissions.reduce((missionTotal, mission) => {
       return missionTotal + mission.checks.filter(
-        (check2) => check2.evidenceClass === "manual-dashboard" || check2.evidenceClass === "mcp-verifier" || check2.evidenceSource === "provider" || check2.evidenceSource === "mcp" || check2.status === "needs-connection" || check2.status === "unknown"
+        (check) => check.evidenceClass === "manual-dashboard" || check.evidenceClass === "mcp-verifier" || check.evidenceSource === "provider" || check.evidenceSource === "mcp" || check.status === "needs-connection" || check.status === "unknown"
       ).length;
     }, 0);
   }, 0);
@@ -9679,7 +10039,7 @@ function printScanSummary(artifact, paths) {
   if (next.upgradeUrl) {
     console.log(`Upgrade: ${next.upgradeUrl}`);
   }
-  console.log(formatAgentStatus(AGENT_ACTION, "Keep operating: read .viberaven/agent-tasklist.md, apply the next safe repo fix, then continue the VibeRaven loop."));
+  console.log(formatAgentStatus(AGENT_ACTION, "Read .viberaven/agent-tasklist.md, run the next command above, then rescan."));
   console.log("");
   if (artifact.usage) {
     const lanes = artifact.usage.unlockedMapCategoryKeys.length;
@@ -9704,8 +10064,8 @@ function printScanSummary(artifact, paths) {
 }
 
 // src/runnerConnect.ts
-var import_promises6 = require("node:fs/promises");
-var import_node_path9 = require("node:path");
+var import_promises8 = require("node:fs/promises");
+var import_node_path11 = require("node:path");
 var import_node_child_process3 = require("node:child_process");
 var import_node_crypto = require("node:crypto");
 
@@ -10048,12 +10408,12 @@ async function executeSafeFixJob(job, workspaceRoot) {
 }
 async function createSafeFixFile(job, input, targetPath) {
   try {
-    await (0, import_promises6.access)(targetPath);
+    await (0, import_promises8.access)(targetPath);
     return safeFixNeedsUser(job, "SAFE_FIX_TARGET_EXISTS", `Refusing to overwrite ${input.path}.`);
   } catch {
   }
   try {
-    await (0, import_promises6.mkdir)((0, import_node_path9.dirname)(targetPath), { recursive: true });
+    await (0, import_promises8.mkdir)((0, import_node_path11.dirname)(targetPath), { recursive: true });
     await writeNewFileAtomically(targetPath, input.content);
   } catch {
     return safeFixNeedsUser(job, "SAFE_FIX_WRITE_FAILED", `Could not create ${input.path}.`);
@@ -10063,7 +10423,7 @@ async function createSafeFixFile(job, input, targetPath) {
 async function applySafeFixReplacement(job, input, targetPath) {
   let current;
   try {
-    current = await (0, import_promises6.readFile)(targetPath, "utf-8");
+    current = await (0, import_promises8.readFile)(targetPath, "utf-8");
   } catch {
     return safeFixNeedsUser(job, "SAFE_FIX_TARGET_MISSING", `Cannot update missing file ${input.path}.`);
   }
@@ -10121,17 +10481,17 @@ function safeFixNeedsUser(job, code, message) {
   };
 }
 async function resolveSafeFixTarget(workspaceRoot, relativePath) {
-  const root = await (0, import_promises6.realpath)(workspaceRoot).catch(() => (0, import_node_path9.resolve)(workspaceRoot));
-  const target = (0, import_node_path9.resolve)(root, relativePath);
+  const root = await (0, import_promises8.realpath)(workspaceRoot).catch(() => (0, import_node_path11.resolve)(workspaceRoot));
+  const target = (0, import_node_path11.resolve)(root, relativePath);
   if (!isInsideRoot(root, target)) {
     return { ok: false, reason: "Safe fix target escaped the workspace root." };
   }
-  const parent = (0, import_node_path9.dirname)(target);
+  const parent = (0, import_node_path11.dirname)(target);
   const parentReal = await realpathNearestExisting(parent, root);
   if (!isInsideRoot(root, parentReal)) {
     return { ok: false, reason: "Safe fix parent path escaped the workspace root." };
   }
-  const targetReal = await (0, import_promises6.realpath)(target).catch(() => null);
+  const targetReal = await (0, import_promises8.realpath)(target).catch(() => null);
   if (targetReal && !isInsideRoot(root, targetReal)) {
     return { ok: false, reason: "Safe fix target path escaped the workspace root." };
   }
@@ -10141,10 +10501,10 @@ async function realpathNearestExisting(path, root) {
   let candidate = path;
   while (isInsideRoot(root, candidate)) {
     try {
-      await (0, import_promises6.lstat)(candidate);
-      return (0, import_promises6.realpath)(candidate);
+      await (0, import_promises8.lstat)(candidate);
+      return (0, import_promises8.realpath)(candidate);
     } catch {
-      const next = (0, import_node_path9.dirname)(candidate);
+      const next = (0, import_node_path11.dirname)(candidate);
       if (next === candidate) {
         break;
       }
@@ -10154,29 +10514,29 @@ async function realpathNearestExisting(path, root) {
   return root;
 }
 function isInsideRoot(root, candidate) {
-  const rel = (0, import_node_path9.relative)(root, candidate);
-  return rel === "" || !rel.startsWith("..") && !(0, import_node_path9.isAbsolute)(rel);
+  const rel = (0, import_node_path11.relative)(root, candidate);
+  return rel === "" || !rel.startsWith("..") && !(0, import_node_path11.isAbsolute)(rel);
 }
 async function writeNewFileAtomically(targetPath, content) {
   const tempPath = tempPathFor(targetPath);
   try {
-    await (0, import_promises6.writeFile)(tempPath, content, { encoding: "utf-8", flag: "wx" });
-    await (0, import_promises6.link)(tempPath, targetPath);
+    await (0, import_promises8.writeFile)(tempPath, content, { encoding: "utf-8", flag: "wx" });
+    await (0, import_promises8.link)(tempPath, targetPath);
   } finally {
-    await (0, import_promises6.rm)(tempPath, { force: true }).catch(() => void 0);
+    await (0, import_promises8.rm)(tempPath, { force: true }).catch(() => void 0);
   }
 }
 async function replaceFileAtomically(targetPath, content) {
   const tempPath = tempPathFor(targetPath);
   try {
-    await (0, import_promises6.writeFile)(tempPath, content, { encoding: "utf-8", flag: "wx" });
-    await (0, import_promises6.rename)(tempPath, targetPath);
+    await (0, import_promises8.writeFile)(tempPath, content, { encoding: "utf-8", flag: "wx" });
+    await (0, import_promises8.rename)(tempPath, targetPath);
   } finally {
-    await (0, import_promises6.rm)(tempPath, { force: true }).catch(() => void 0);
+    await (0, import_promises8.rm)(tempPath, { force: true }).catch(() => void 0);
   }
 }
 function tempPathFor(targetPath) {
-  return (0, import_node_path9.join)((0, import_node_path9.dirname)(targetPath), `.${(0, import_node_path9.basename)(targetPath)}.${(0, import_node_crypto.randomUUID)()}.tmp`);
+  return (0, import_node_path11.join)((0, import_node_path11.dirname)(targetPath), `.${(0, import_node_path11.basename)(targetPath)}.${(0, import_node_crypto.randomUUID)()}.tmp`);
 }
 async function executePackageScriptJob(job, scriptName, options) {
   const packageJson = await readPackageJson(options.workspaceRoot);
@@ -10350,7 +10710,7 @@ function proofItemForJob(job, kind, label, summary, evidence, redactionSecrets =
 }
 async function readPackageJson(workspaceRoot) {
   try {
-    const raw = await (0, import_promises6.readFile)((0, import_node_path9.join)(workspaceRoot, "package.json"), "utf-8");
+    const raw = await (0, import_promises8.readFile)((0, import_node_path11.join)(workspaceRoot, "package.json"), "utf-8");
     const parsed = JSON.parse(raw);
     if (isRecord6(parsed) && isRecord6(parsed.scripts)) {
       return { scripts: Object.fromEntries(Object.entries(parsed.scripts).filter(([, value]) => typeof value === "string")) };
@@ -10433,7 +10793,7 @@ async function collectLocalRepoMetadata(workspaceRoot, commandRunner = runComman
   const headSha = headResult.ok ? normalizeSha(headResult.stdout) : null;
   const dirty = statusResult.ok ? statusResult.stdout.trim().length > 0 : void 0;
   return {
-    rootName: (0, import_node_path9.basename)(workspaceRoot) || "workspace",
+    rootName: (0, import_node_path11.basename)(workspaceRoot) || "workspace",
     remotes: remoteResult.ok ? parseGitRemotes(remoteResult.stdout) : [],
     branch,
     headSha,
@@ -10451,7 +10811,7 @@ async function detectPackageManager(workspaceRoot) {
   ];
   for (const [manager, file] of checks) {
     try {
-      await (0, import_promises6.access)((0, import_node_path9.join)(workspaceRoot, file));
+      await (0, import_promises8.access)((0, import_node_path11.join)(workspaceRoot, file));
       return manager;
     } catch {
     }
@@ -10642,9 +11002,9 @@ function isRecord6(value) {
 }
 
 // src/tui/runInteractive.ts
-var import_node_path14 = require("node:path");
+var import_node_path16 = require("node:path");
 
-// ../../node_modules/@clack/core/dist/index.mjs
+// ../../../../node_modules/@clack/core/dist/index.mjs
 var import_sisteransi = __toESM(require_src(), 1);
 var import_node_process = require("node:process");
 var g = __toESM(require("node:readline"), 1);
@@ -11002,7 +11362,7 @@ var LD = class extends x {
   }
 };
 
-// ../../node_modules/@clack/prompts/dist/index.mjs
+// ../../../../node_modules/@clack/prompts/dist/index.mjs
 var import_node_process2 = __toESM(require("node:process"), 1);
 var import_picocolors2 = __toESM(require_picocolors(), 1);
 var import_sisteransi2 = __toESM(require_src(), 1);
@@ -11229,7 +11589,7 @@ function buildAgentFixPrompt(artifact, gap) {
 }
 
 // src/version.ts
-var VERSION = "1.1.6";
+var VERSION = "1.1.7";
 
 // src/commands/guide.ts
 var import_picocolors3 = __toESM(require_picocolors());
@@ -11298,8 +11658,8 @@ async function runGuideCommand(options) {
 }
 
 // src/commands/audit.ts
-var import_promises7 = require("node:fs/promises");
-var import_node_path10 = require("node:path");
+var import_promises9 = require("node:fs/promises");
+var import_node_path12 = require("node:path");
 var ENV_FILES = [
   ".env",
   ".env.local",
@@ -11390,7 +11750,7 @@ function buildVercelSupabaseAudit(input) {
     buildPoolerCheck(input.files),
     buildServiceRoleCheck(input.files)
   ];
-  const status = checks.every((check2) => check2.status === "pass") ? "pass" : "needs_work";
+  const status = checks.every((check) => check.status === "pass") ? "pass" : "needs_work";
   return {
     status,
     summary: status === "pass" ? "Repo evidence passes the local Vercel/Supabase audit checks." : "Repo evidence needs work before claiming Vercel/Supabase production readiness.",
@@ -11399,23 +11759,23 @@ function buildVercelSupabaseAudit(input) {
 }
 async function readIfExists(projectRoot, relativePath) {
   try {
-    const absolutePath = (0, import_node_path10.join)(projectRoot, relativePath);
-    const fileStat = await (0, import_promises7.stat)(absolutePath);
+    const absolutePath = (0, import_node_path12.join)(projectRoot, relativePath);
+    const fileStat = await (0, import_promises9.stat)(absolutePath);
     if (!fileStat.isFile()) {
       return void 0;
     }
     return {
       path: relativePath,
-      content: await (0, import_promises7.readFile)(absolutePath, "utf8")
+      content: await (0, import_promises9.readFile)(absolutePath, "utf8")
     };
   } catch {
     return void 0;
   }
 }
 async function collectSqlFiles(projectRoot, root) {
-  const base = (0, import_node_path10.join)(projectRoot, root);
+  const base = (0, import_node_path12.join)(projectRoot, root);
   try {
-    const rootStat = await (0, import_promises7.stat)(base);
+    const rootStat = await (0, import_promises9.stat)(base);
     if (!rootStat.isDirectory()) {
       return [];
     }
@@ -11426,25 +11786,25 @@ async function collectSqlFiles(projectRoot, root) {
   async function visit(dir) {
     let entries;
     try {
-      entries = await (0, import_promises7.readdir)(dir, { withFileTypes: true });
+      entries = await (0, import_promises9.readdir)(dir, { withFileTypes: true });
     } catch {
       return;
     }
     for (const entry of entries) {
       if (entry.isDirectory()) {
         if (!SKIP_DIRS.has(entry.name)) {
-          await visit((0, import_node_path10.join)(dir, entry.name));
+          await visit((0, import_node_path12.join)(dir, entry.name));
         }
         continue;
       }
       if (!entry.isFile() || !entry.name.toLowerCase().endsWith(".sql")) {
         continue;
       }
-      const absolutePath = (0, import_node_path10.join)(dir, entry.name);
+      const absolutePath = (0, import_node_path12.join)(dir, entry.name);
       try {
         files.push({
-          path: (0, import_node_path10.relative)(projectRoot, absolutePath).replace(/\\/g, "/"),
-          content: await (0, import_promises7.readFile)(absolutePath, "utf8")
+          path: (0, import_node_path12.relative)(projectRoot, absolutePath).replace(/\\/g, "/"),
+          content: await (0, import_promises9.readFile)(absolutePath, "utf8")
         });
       } catch {
       }
@@ -11477,13 +11837,13 @@ function renderVercelSupabaseAudit(result) {
     "Boundary: this audit uses local repo evidence only. Provider dashboard settings still need manual verification or read-only provider MCP confirmation.",
     ""
   ];
-  for (const check2 of result.checks) {
-    lines.push(`${check2.status === "pass" ? "PASS" : "NEEDS_WORK"} ${check2.id}`);
-    lines.push(`  ${check2.summary}`);
-    for (const evidence of check2.evidence.slice(0, 5)) {
+  for (const check of result.checks) {
+    lines.push(`${check.status === "pass" ? "PASS" : "NEEDS_WORK"} ${check.id}`);
+    lines.push(`  ${check.summary}`);
+    for (const evidence of check.evidence.slice(0, 5)) {
       lines.push(`  - ${evidence}`);
     }
-    if (check2.evidence.length === 0) {
+    if (check.evidence.length === 0) {
       lines.push("  - No local evidence found.");
     }
     lines.push("");
@@ -11492,8 +11852,8 @@ function renderVercelSupabaseAudit(result) {
 }
 
 // src/commands/initRules.ts
-var import_promises10 = require("node:fs/promises");
-var import_node_path13 = require("node:path");
+var import_promises12 = require("node:fs/promises");
+var import_node_path15 = require("node:path");
 
 // src/commands/agentRulesBlock.ts
 var VIBERAVEN_BLOCK_START = "<!-- VIBERAVEN:START -->";
@@ -11515,15 +11875,6 @@ Maps repo evidence to OWASP LLM Top 10 launch risks. Supports SAFECode-style dep
 var STACK_FRAMING = `Stack context for this repo: Next.js, Supabase, Vercel, VibeRaven.
 Do NOT deploy to Vercel or ship to production users without running \`${PUBLIC_AGENT_MODE_COMMAND}\`.
 Do NOT rely on manual production checklists when VibeRaven gate artifacts exist in \`.viberaven/\`.`;
-var PRODUCTION_PROTOCOL = `## VibeRaven Production Protocol
-
-Before making deploy, auth, database, payment, API, or scaling changes:
-
-1. Read \`.viberaven/prp.json\`.
-2. Follow \`.viberaven/mission-map.md\`.
-3. Do not deploy if \`decision.status\` is \`blocked\`.
-4. Fix \`nextActions\` in order.
-5. Re-run \`${PUBLIC_AGENT_MODE_COMMAND}\`.`;
 var AGENT_NEGATIVE_CONSTRAINTS = `## Event-Triggered Production Verification
 
 Trigger: modifications to \`package.json\`, \`vercel.json\`, \`supabase/migrations/**/*\`, \`.env.example\`, auth/billing/webhook paths, or deploy workflow files.
@@ -11549,8 +11900,6 @@ var AGENT_RULES_BODY = `${AGENT_RULES_PREAMBLE}
 
 ${STACK_FRAMING}
 
-${PRODUCTION_PROTOCOL}
-
 ${AGENT_NEGATIVE_CONSTRAINTS}
 
 ## VibeRaven Production-Readiness Gate
@@ -11600,11 +11949,10 @@ var AGENT_CONTEXT_BODY = `${AGENT_RULES_PREAMBLE}
 
 After \`--agent-mode\`, read these artifacts in order:
 
-1. \`.viberaven/prp.json\`
-2. \`.viberaven/mission-map.md\`
-3. \`.viberaven/agent-tasklist.md\`
-4. \`.viberaven/gate-result.json\`
-5. \`.viberaven/context-map.json\``;
+1. \`.viberaven/mission-map.md\`
+2. \`.viberaven/agent-tasklist.md\`
+3. \`.viberaven/gate-result.json\`
+4. \`.viberaven/context-map.json\``;
 var MISSION_MAP_BODY = `${AGENT_RULES_PREAMBLE}
 
 ## Mission Map loop
@@ -11742,8 +12090,8 @@ function escapeRegExp3(value) {
 }
 
 // src/commands/cursorRulesPack.ts
-var import_promises8 = require("node:fs/promises");
-var import_node_path11 = require("node:path");
+var import_promises10 = require("node:fs/promises");
+var import_node_path13 = require("node:path");
 var CURSOR_RULES_DIR = ".cursor/rules";
 var LEGACY_CURSOR_RULE_FILE = `${CURSOR_RULES_DIR}/viberaven.mdc`;
 var DOMAIN_PATH_POINTER = "Before editing these files, read `.viberaven/agent-context.md` and `.viberaven/mission-map.md`.";
@@ -11827,25 +12175,25 @@ async function initCursorRulesPack(options) {
   const pack = buildCursorRulesPack();
   for (const rule of pack) {
     const file = `${CURSOR_RULES_DIR}/${rule.filename}`;
-    const path = (0, import_node_path11.join)(options.cwd, file);
+    const path = (0, import_node_path13.join)(options.cwd, file);
     const existing = await readExistingFile(path);
     const changed = !existing.exists || existing.content !== rule.content;
     const action = !existing.exists ? "created" : changed ? "updated" : "unchanged";
     if (!options.dryRun && changed) {
-      await (0, import_promises8.mkdir)((0, import_node_path11.join)(options.cwd, CURSOR_RULES_DIR), { recursive: true });
-      await (0, import_promises8.writeFile)(path, rule.content, "utf-8");
+      await (0, import_promises10.mkdir)((0, import_node_path13.join)(options.cwd, CURSOR_RULES_DIR), { recursive: true });
+      await (0, import_promises10.writeFile)(path, rule.content, "utf-8");
     }
     results.push({ target: "cursor", file, path, action });
   }
-  const legacyPath = (0, import_node_path11.join)(options.cwd, LEGACY_CURSOR_RULE_FILE);
+  const legacyPath = (0, import_node_path13.join)(options.cwd, LEGACY_CURSOR_RULE_FILE);
   if (!options.dryRun && await fileExists(legacyPath)) {
-    await (0, import_promises8.rm)(legacyPath, { force: true });
+    await (0, import_promises10.rm)(legacyPath, { force: true });
   }
   return results;
 }
 async function readExistingFile(path) {
   try {
-    return { exists: true, content: await (0, import_promises8.readFile)(path, "utf-8") };
+    return { exists: true, content: await (0, import_promises10.readFile)(path, "utf-8") };
   } catch (error) {
     if (isFileNotFoundError(error)) {
       return { exists: false, content: "" };
@@ -11855,7 +12203,7 @@ async function readExistingFile(path) {
 }
 async function fileExists(path) {
   try {
-    await (0, import_promises8.access)(path);
+    await (0, import_promises10.access)(path);
     return true;
   } catch {
     return false;
@@ -11949,19 +12297,19 @@ function getAgentRulesTargets(value) {
 
 // src/commands/seedPackageJsonScripts.ts
 var import_node_fs7 = require("node:fs");
-var import_promises9 = require("node:fs/promises");
-var import_node_path12 = require("node:path");
+var import_promises11 = require("node:fs/promises");
+var import_node_path14 = require("node:path");
 var VIBERAVEN_PACKAGE_JSON_SCRIPTS = {
   "viberaven:gate": PUBLIC_AGENT_MODE_COMMAND,
   "viberaven:verify": PUBLIC_VERIFY_COMMAND,
   "viberaven:strict": PUBLIC_STRICT_COMMAND
 };
 async function seedPackageJsonScripts(options) {
-  const packageJsonPath = (0, import_node_path12.join)(options.cwd, "package.json");
+  const packageJsonPath = (0, import_node_path14.join)(options.cwd, "package.json");
   if (!(0, import_node_fs7.existsSync)(packageJsonPath)) {
     return null;
   }
-  const raw = await (0, import_promises9.readFile)(packageJsonPath, "utf-8");
+  const raw = await (0, import_promises11.readFile)(packageJsonPath, "utf-8");
   let pkg;
   try {
     pkg = JSON.parse(raw);
@@ -11991,7 +12339,7 @@ async function seedPackageJsonScripts(options) {
     pkg.scripts = scripts;
     const output = `${JSON.stringify(pkg, null, 2)}
 `;
-    await (0, import_promises9.writeFile)(packageJsonPath, output, "utf-8");
+    await (0, import_promises11.writeFile)(packageJsonPath, output, "utf-8");
   }
   return { action: "updated", added, skipped, changed: true };
 }
@@ -12006,13 +12354,13 @@ async function initAgentRules(options) {
       continue;
     }
     const file = AGENT_RULE_TARGETS[target].file;
-    const path = (0, import_node_path13.join)(options.cwd, file);
+    const path = (0, import_node_path15.join)(options.cwd, file);
     const existing = await readExistingFile2(path);
     const injected = injectAgentRulesBlock(existing.content, renderAgentRulesForTarget(target));
     const action = !existing.exists ? "created" : injected.changed ? "updated" : "unchanged";
     if (!options.dryRun && injected.changed) {
-      await (0, import_promises10.mkdir)((0, import_node_path13.dirname)(path), { recursive: true });
-      await (0, import_promises10.writeFile)(path, injected.content, "utf-8");
+      await (0, import_promises12.mkdir)((0, import_node_path15.dirname)(path), { recursive: true });
+      await (0, import_promises12.writeFile)(path, injected.content, "utf-8");
     }
     results.push({ target, file, path, action });
   }
@@ -12080,7 +12428,7 @@ function formatAgentRulesInitSummary(output) {
 }
 async function readExistingFile2(path) {
   try {
-    return { exists: true, content: await (0, import_promises10.readFile)(path, "utf-8") };
+    return { exists: true, content: await (0, import_promises12.readFile)(path, "utf-8") };
   } catch (error) {
     if (isFileNotFoundError2(error)) {
       return { exists: false, content: "" };
@@ -12388,7 +12736,7 @@ async function runInteractiveSession(startDir = process.cwd()) {
   Ie(`${import_picocolors4.default.bold("VibeRaven")} ${import_picocolors4.default.dim(VERSION)}`);
   const cwd = await resolveWorkspaceRoot(startDir);
   const artifactsAt = await findArtifactsWorkspace(startDir);
-  if (artifactsAt && (0, import_node_path14.resolve)(artifactsAt) !== (0, import_node_path14.resolve)(startDir)) {
+  if (artifactsAt && (0, import_node_path16.resolve)(artifactsAt) !== (0, import_node_path16.resolve)(startDir)) {
     M2.message(import_picocolors4.default.dim(`Using scan from: ${artifactsAt}`));
   } else {
     M2.message(import_picocolors4.default.dim(`Project folder: ${cwd}`));
@@ -12455,29 +12803,29 @@ async function runInteractiveSession(startDir = process.cwd()) {
 }
 
 // src/commands/condense.ts
-var import_promises11 = require("node:fs/promises");
-var import_node_path15 = require("node:path");
+var import_promises13 = require("node:fs/promises");
+var import_node_path17 = require("node:path");
 async function runCondenseCommand(options) {
   const dir = getProjectArtifactsDir(options.cwd);
-  const artifact = JSON.parse(await (0, import_promises11.readFile)((0, import_node_path15.join)(dir, "last-scan.json"), "utf8"));
-  const contextMapPath = (0, import_node_path15.join)(dir, "context-map.json");
-  await (0, import_promises11.writeFile)(contextMapPath, `${JSON.stringify(generateContextMap(artifact), null, 2)}
+  const artifact = JSON.parse(await (0, import_promises13.readFile)((0, import_node_path17.join)(dir, "last-scan.json"), "utf8"));
+  const contextMapPath = (0, import_node_path17.join)(dir, "context-map.json");
+  await (0, import_promises13.writeFile)(contextMapPath, `${JSON.stringify(generateContextMap(artifact), null, 2)}
 `, "utf8");
   return { contextMapPath };
 }
 
 // src/heal/apply.ts
-var import_promises13 = require("node:fs/promises");
+var import_promises15 = require("node:fs/promises");
 var import_node_fs10 = require("node:fs");
-var import_node_path19 = require("node:path");
+var import_node_path21 = require("node:path");
 
 // src/heal/pathSafety.ts
-var import_node_path16 = require("node:path");
+var import_node_path18 = require("node:path");
 var BLOCKED_SEGMENTS = /* @__PURE__ */ new Set([".git", "node_modules", "dist", "build", ".next", ".viberaven"]);
 function assertSafeHealTarget(cwd, target) {
-  const root = (0, import_node_path16.resolve)(cwd);
-  const absolute = (0, import_node_path16.resolve)(root, target);
-  const rel = (0, import_node_path16.relative)(root, absolute);
+  const root = (0, import_node_path18.resolve)(cwd);
+  const absolute = (0, import_node_path18.resolve)(root, target);
+  const rel = (0, import_node_path18.relative)(root, absolute);
   if (rel.startsWith("..") || rel === "" || /^[A-Za-z]:/.test(rel)) {
     throw new Error("Heal target must stay inside the workspace");
   }
@@ -12501,8 +12849,8 @@ function applyEmptyCatchRecipe(source) {
 
 // src/heal/recipes/index.ts
 var import_node_fs9 = require("node:fs");
-var import_promises12 = require("node:fs/promises");
-var import_node_path18 = require("node:path");
+var import_promises14 = require("node:fs/promises");
+var import_node_path20 = require("node:path");
 
 // src/heal/recipes/envAuthSecret.ts
 function applyAuthSecretRecipe(source) {
@@ -12884,7 +13232,7 @@ function applyRateLimitRecipe(source, hasUpstash) {
 
 // src/heal/recipes/eslintRestrictedImports.ts
 var import_node_fs8 = require("node:fs");
-var import_node_path17 = require("node:path");
+var import_node_path19 = require("node:path");
 var VIBERAVEN_ESLINT_MARKER = "VibeRaven heal: eslint_restricted_imports";
 var RESTRICTED_IMPORTS_MESSAGE = `Restricted import. Run ${PUBLIC_AGENT_MODE_COMMAND} before substituting packages.`;
 var RESTRICTED_PATHS = [
@@ -12914,7 +13262,7 @@ var ESLINT_CONFIG_CANDIDATES = [
 ];
 function detectEslintConfigFile(cwd) {
   for (const candidate of ESLINT_CONFIG_CANDIDATES) {
-    if ((0, import_node_fs8.existsSync)((0, import_node_path17.join)(cwd, candidate))) {
+    if ((0, import_node_fs8.existsSync)((0, import_node_path19.join)(cwd, candidate))) {
       return candidate;
     }
   }
@@ -13090,13 +13438,13 @@ function defaultTargetFile(gapId) {
 }
 async function readSourceOrEmpty(absolutePath) {
   if (!(0, import_node_fs9.existsSync)(absolutePath)) return "";
-  return (0, import_promises12.readFile)(absolutePath, "utf8");
+  return (0, import_promises14.readFile)(absolutePath, "utf8");
 }
 async function detectUpstash(cwd) {
   try {
-    const pkgPath = (0, import_node_path18.join)(cwd, "package.json");
+    const pkgPath = (0, import_node_path20.join)(cwd, "package.json");
     if (!(0, import_node_fs9.existsSync)(pkgPath)) return false;
-    const raw = await (0, import_promises12.readFile)(pkgPath, "utf8");
+    const raw = await (0, import_promises14.readFile)(pkgPath, "utf8");
     const pkg = JSON.parse(raw);
     const deps = {
       ...pkg["dependencies"] ?? {},
@@ -13111,7 +13459,7 @@ async function dispatchRecipeByGapId(gapId, cwd, explicitTarget) {
   const targetFile = explicitTarget ?? defaultTargetFile(gapId);
   if (targetFile === void 0) return null;
   if (gapId === "auth_secret_missing" || gapId === "node_env_not_set" || gapId === "database_url_missing") {
-    const absolutePath = (0, import_node_path18.join)(cwd, targetFile);
+    const absolutePath = (0, import_node_path20.join)(cwd, targetFile);
     const source = await readSourceOrEmpty(absolutePath);
     let result;
     if (gapId === "auth_secret_missing") result = applyAuthSecretRecipe(source);
@@ -13125,25 +13473,25 @@ async function dispatchRecipeByGapId(gapId, cwd, explicitTarget) {
     };
   }
   if (gapId === "missing_error_boundary") {
-    const absolutePath = (0, import_node_path18.join)(cwd, "app/error.tsx");
+    const absolutePath = (0, import_node_path20.join)(cwd, "app/error.tsx");
     const source = await readSourceOrEmpty(absolutePath);
     const result = applyErrorBoundaryRecipe(source);
     return { ...result, canAutoApply: true, recipeName: gapId };
   }
   if (gapId === "missing_health_route") {
-    const absolutePath = (0, import_node_path18.join)(cwd, "app/api/health/route.ts");
+    const absolutePath = (0, import_node_path20.join)(cwd, "app/api/health/route.ts");
     const source = await readSourceOrEmpty(absolutePath);
     const result = applyHealthRouteRecipe(source);
     return { ...result, canAutoApply: true, recipeName: gapId };
   }
   if (gapId === "missing_loading_state") {
-    const absolutePath = (0, import_node_path18.join)(cwd, "app/loading.tsx");
+    const absolutePath = (0, import_node_path20.join)(cwd, "app/loading.tsx");
     const source = await readSourceOrEmpty(absolutePath);
     const result = applyLoadingStateRecipe(source);
     return { ...result, canAutoApply: true, recipeName: gapId };
   }
   if (gapId === "missing_404_page") {
-    const absolutePath = (0, import_node_path18.join)(cwd, "app/not-found.tsx");
+    const absolutePath = (0, import_node_path20.join)(cwd, "app/not-found.tsx");
     const source = await readSourceOrEmpty(absolutePath);
     const result = applyNotFoundRecipe(source);
     return { ...result, canAutoApply: true, recipeName: gapId };
@@ -13161,10 +13509,10 @@ async function dispatchRecipeByGapId(gapId, cwd, explicitTarget) {
   }
   if (gapId === "missing_csp_header") {
     let configFile = "next.config.js";
-    let absolutePath = (0, import_node_path18.join)(cwd, configFile);
+    let absolutePath = (0, import_node_path20.join)(cwd, configFile);
     if (!(0, import_node_fs9.existsSync)(absolutePath)) {
       configFile = "next.config.mjs";
-      absolutePath = (0, import_node_path18.join)(cwd, configFile);
+      absolutePath = (0, import_node_path20.join)(cwd, configFile);
     }
     const source = await readSourceOrEmpty(absolutePath);
     const result = applyCspHeaderRecipe(source);
@@ -13176,7 +13524,7 @@ async function dispatchRecipeByGapId(gapId, cwd, explicitTarget) {
   }
   if (gapId === "missing_rate_limit") {
     const hasUpstash = await detectUpstash(cwd);
-    const middlewarePath = (0, import_node_path18.join)(cwd, "middleware.ts");
+    const middlewarePath = (0, import_node_path20.join)(cwd, "middleware.ts");
     const source = await readSourceOrEmpty(middlewarePath);
     const result = applyRateLimitRecipe(source, hasUpstash);
     return {
@@ -13198,7 +13546,7 @@ async function dispatchRecipeByGapId(gapId, cwd, explicitTarget) {
         recipeName: gapId
       };
     }
-    const absolutePath = (0, import_node_path18.join)(cwd, configFile);
+    const absolutePath = (0, import_node_path20.join)(cwd, configFile);
     const source = await readSourceOrEmpty(absolutePath);
     const result = applyEslintRestrictedImportsRecipe(source, configFile);
     return {
@@ -13273,14 +13621,14 @@ async function applyHeal(options) {
           rollback: { available: false, instructions: "Recipe matched but no change was needed (already applied or file already exists)." }
         };
       }
-      const absoluteTarget = (0, import_node_path19.join)(options.cwd, dispatched.targetFile);
+      const absoluteTarget = (0, import_node_path21.join)(options.cwd, dispatched.targetFile);
       assertSafeHealTarget(options.cwd, dispatched.targetFile);
-      await (0, import_promises13.mkdir)((0, import_node_path19.dirname)(absoluteTarget), { recursive: true });
-      const healDir2 = (0, import_node_path19.join)(options.cwd, ".viberaven", "heal", id);
-      await (0, import_promises13.mkdir)((0, import_node_path19.join)(healDir2, "before"), { recursive: true });
-      const beforeContent = (0, import_node_fs10.existsSync)(absoluteTarget) ? await (0, import_promises13.readFile)(absoluteTarget, "utf8") : "";
-      await (0, import_promises13.writeFile)((0, import_node_path19.join)(healDir2, "before", "target.txt"), beforeContent, "utf8");
-      await (0, import_promises13.writeFile)(absoluteTarget, dispatched.output, "utf8");
+      await (0, import_promises15.mkdir)((0, import_node_path21.dirname)(absoluteTarget), { recursive: true });
+      const healDir2 = (0, import_node_path21.join)(options.cwd, ".viberaven", "heal", id);
+      await (0, import_promises15.mkdir)((0, import_node_path21.join)(healDir2, "before"), { recursive: true });
+      const beforeContent = (0, import_node_fs10.existsSync)(absoluteTarget) ? await (0, import_promises15.readFile)(absoluteTarget, "utf8") : "";
+      await (0, import_promises15.writeFile)((0, import_node_path21.join)(healDir2, "before", "target.txt"), beforeContent, "utf8");
+      await (0, import_promises15.writeFile)(absoluteTarget, dispatched.output, "utf8");
       const patch2 = [
         `--- ${dispatched.targetFile}`,
         `+++ ${dispatched.targetFile}`,
@@ -13290,7 +13638,7 @@ async function applyHeal(options) {
         dispatched.output,
         ""
       ].join("\n");
-      await (0, import_promises13.writeFile)((0, import_node_path19.join)(healDir2, "patch.diff"), patch2, "utf8");
+      await (0, import_promises15.writeFile)((0, import_node_path21.join)(healDir2, "patch.diff"), patch2, "utf8");
       const result2 = {
         $schema: "https://viberaven.dev/schemas/heal-result.schema.json",
         schemaVersion: "v1",
@@ -13301,7 +13649,7 @@ async function applyHeal(options) {
         gapId: options.gapId,
         recipe: dispatched.recipeName,
         target: dispatched.targetFile,
-        changedFiles: [(0, import_node_path19.relative)(options.cwd, absoluteTarget).replace(/\\/g, "/")],
+        changedFiles: [(0, import_node_path21.relative)(options.cwd, absoluteTarget).replace(/\\/g, "/")],
         artifacts: {
           patch: `.viberaven/heal/${id}/patch.diff`,
           result: `.viberaven/heal/${id}/result.json`
@@ -13311,7 +13659,7 @@ async function applyHeal(options) {
           instructions: "Restore .viberaven/heal/<healId>/before/target.txt to the target file or apply the reverse patch."
         }
       };
-      await (0, import_promises13.writeFile)((0, import_node_path19.join)(healDir2, "result.json"), `${JSON.stringify(result2, null, 2)}
+      await (0, import_promises15.writeFile)((0, import_node_path21.join)(healDir2, "result.json"), `${JSON.stringify(result2, null, 2)}
 `, "utf8");
       return result2;
     }
@@ -13331,7 +13679,7 @@ async function applyHeal(options) {
     };
   }
   const absolute = assertSafeHealTarget(options.cwd, options.target);
-  const before = await (0, import_promises13.readFile)(absolute, "utf8");
+  const before = await (0, import_promises15.readFile)(absolute, "utf8");
   const recipe = applyEmptyCatchRecipe(before);
   if (!recipe.changed) {
     return {
@@ -13348,10 +13696,10 @@ async function applyHeal(options) {
       rollback: { available: false, instructions: "No supported heal recipe matched this file." }
     };
   }
-  const healDir = (0, import_node_path19.join)(options.cwd, ".viberaven", "heal", id);
-  await (0, import_promises13.mkdir)((0, import_node_path19.join)(healDir, "before"), { recursive: true });
-  await (0, import_promises13.writeFile)((0, import_node_path19.join)(healDir, "before", "target.txt"), before, "utf8");
-  await (0, import_promises13.writeFile)(absolute, recipe.output, "utf8");
+  const healDir = (0, import_node_path21.join)(options.cwd, ".viberaven", "heal", id);
+  await (0, import_promises15.mkdir)((0, import_node_path21.join)(healDir, "before"), { recursive: true });
+  await (0, import_promises15.writeFile)((0, import_node_path21.join)(healDir, "before", "target.txt"), before, "utf8");
+  await (0, import_promises15.writeFile)(absolute, recipe.output, "utf8");
   const patch = [
     `--- ${options.target}`,
     `+++ ${options.target}`,
@@ -13361,7 +13709,7 @@ async function applyHeal(options) {
     recipe.output,
     ""
   ].join("\n");
-  await (0, import_promises13.writeFile)((0, import_node_path19.join)(healDir, "patch.diff"), patch, "utf8");
+  await (0, import_promises15.writeFile)((0, import_node_path21.join)(healDir, "patch.diff"), patch, "utf8");
   const result = {
     $schema: "https://viberaven.dev/schemas/heal-result.schema.json",
     schemaVersion: "v1",
@@ -13372,7 +13720,7 @@ async function applyHeal(options) {
     gapId: options.gapId,
     recipe: "empty-catch-safe-response",
     target: options.target,
-    changedFiles: [(0, import_node_path19.relative)(options.cwd, absolute).replace(/\\/g, "/")],
+    changedFiles: [(0, import_node_path21.relative)(options.cwd, absolute).replace(/\\/g, "/")],
     artifacts: {
       patch: `.viberaven/heal/${id}/patch.diff`,
       result: `.viberaven/heal/${id}/result.json`
@@ -13382,20 +13730,20 @@ async function applyHeal(options) {
       instructions: "Restore .viberaven/heal/<healId>/before/target.txt to the target file or apply the reverse patch."
     }
   };
-  await (0, import_promises13.writeFile)((0, import_node_path19.join)(healDir, "result.json"), `${JSON.stringify(result, null, 2)}
+  await (0, import_promises15.writeFile)((0, import_node_path21.join)(healDir, "result.json"), `${JSON.stringify(result, null, 2)}
 `, "utf8");
   return result;
 }
 
 // src/heal/plan.ts
-var import_promises14 = require("node:fs/promises");
-var import_node_path20 = require("node:path");
+var import_promises16 = require("node:fs/promises");
+var import_node_path22 = require("node:path");
 function healId2() {
   return `heal_${(/* @__PURE__ */ new Date()).toISOString().replace(/\D/g, "").slice(0, 14)}`;
 }
 async function writeHealPlan(options) {
-  const dir = (0, import_node_path20.join)(options.cwd, ".viberaven");
-  await (0, import_promises14.mkdir)(dir, { recursive: true });
+  const dir = (0, import_node_path22.join)(options.cwd, ".viberaven");
+  await (0, import_promises16.mkdir)(dir, { recursive: true });
   const id = healId2();
   const target = options.target ?? `gap:${options.gapId}`;
   const markdown = [
@@ -13422,21 +13770,21 @@ async function writeHealPlan(options) {
     artifacts: { plan: ".viberaven/heal-plan.md" },
     rollback: { available: false, instructions: "No source files were changed." }
   };
-  await (0, import_promises14.writeFile)((0, import_node_path20.join)(dir, "heal-plan.md"), markdown, "utf8");
-  await (0, import_promises14.writeFile)((0, import_node_path20.join)(dir, "heal-plan.json"), `${JSON.stringify(result, null, 2)}
+  await (0, import_promises16.writeFile)((0, import_node_path22.join)(dir, "heal-plan.md"), markdown, "utf8");
+  await (0, import_promises16.writeFile)((0, import_node_path22.join)(dir, "heal-plan.json"), `${JSON.stringify(result, null, 2)}
 `, "utf8");
   return result;
 }
 
 // src/heal/prompt.ts
-var import_promises15 = require("node:fs/promises");
-var import_node_path21 = require("node:path");
+var import_promises17 = require("node:fs/promises");
+var import_node_path23 = require("node:path");
 function healId3() {
   return `heal_${(/* @__PURE__ */ new Date()).toISOString().replace(/\D/g, "").slice(0, 14)}`;
 }
 async function writeHealPrompt(options) {
-  const dir = (0, import_node_path21.join)(options.cwd, ".viberaven");
-  await (0, import_promises15.mkdir)(dir, { recursive: true });
+  const dir = (0, import_node_path23.join)(options.cwd, ".viberaven");
+  await (0, import_promises17.mkdir)(dir, { recursive: true });
   const id = healId3();
   const target = options.target ?? `gap:${options.gapId}`;
   const prompt = [
@@ -13463,12 +13811,12 @@ async function writeHealPrompt(options) {
     artifacts: { prompt: ".viberaven/heal-prompt.md" },
     rollback: { available: false, instructions: "No source files were changed." }
   };
-  await (0, import_promises15.writeFile)((0, import_node_path21.join)(dir, "heal-prompt.md"), prompt, "utf8");
+  await (0, import_promises17.writeFile)((0, import_node_path23.join)(dir, "heal-prompt.md"), prompt, "utf8");
   return result;
 }
 
 // src/loopState.ts
-var import_promises16 = require("fs/promises");
+var import_promises18 = require("fs/promises");
 var import_path = require("path");
 var DEFAULT_LOOP_STATE = {
   batchApplied: 0,
@@ -13481,7 +13829,7 @@ function loopStatePath(workspaceRoot) {
 }
 async function loadLoopState(workspaceRoot) {
   try {
-    const raw = await (0, import_promises16.readFile)(loopStatePath(workspaceRoot), "utf8");
+    const raw = await (0, import_promises18.readFile)(loopStatePath(workspaceRoot), "utf8");
     const parsed = JSON.parse(raw);
     if (parsed !== null && typeof parsed === "object" && !Array.isArray(parsed) && typeof parsed.batchApplied === "number" && typeof parsed.lastGapCount === "number" && typeof parsed.stalledScans === "number") {
       const p2 = parsed;
@@ -13501,8 +13849,8 @@ async function loadLoopState(workspaceRoot) {
 async function saveLoopState(workspaceRoot, state) {
   try {
     const dir = (0, import_path.join)(workspaceRoot, ".viberaven");
-    await (0, import_promises16.mkdir)(dir, { recursive: true });
-    await (0, import_promises16.writeFile)(loopStatePath(workspaceRoot), JSON.stringify(state, null, 2) + "\n", "utf8");
+    await (0, import_promises18.mkdir)(dir, { recursive: true });
+    await (0, import_promises18.writeFile)(loopStatePath(workspaceRoot), JSON.stringify(state, null, 2) + "\n", "utf8");
   } catch (err) {
     console.warn("[VibeRaven] Could not save loop-state.json:", err instanceof Error ? err.message : String(err));
   }
@@ -13548,9 +13896,9 @@ async function runHealCommand(options) {
 }
 
 // src/stackRecommend.ts
-var import_promises17 = require("node:fs/promises");
+var import_promises19 = require("node:fs/promises");
 var import_node_fs11 = require("node:fs");
-var import_node_path22 = require("node:path");
+var import_node_path24 = require("node:path");
 var DEFAULT_STACK = {
   frontend: "react",
   ui: "tailwind + shadcn/ui",
@@ -13561,11 +13909,11 @@ var DEFAULT_STACK = {
   reason: "Agent-default stack for lowest launch friction when repo signals are ambiguous"
 };
 async function recommendStack(cwd = process.cwd()) {
-  const pkgPath = (0, import_node_path22.join)(cwd, "package.json");
+  const pkgPath = (0, import_node_path24.join)(cwd, "package.json");
   if (!(0, import_node_fs11.existsSync)(pkgPath)) {
     return DEFAULT_STACK;
   }
-  const pkg = JSON.parse(await (0, import_promises17.readFile)(pkgPath, "utf-8"));
+  const pkg = JSON.parse(await (0, import_promises19.readFile)(pkgPath, "utf-8"));
   const deps = { ...pkg.dependencies, ...pkg.devDependencies };
   const names = Object.keys(deps).join(" ").toLowerCase();
   const rec = {
@@ -13617,8 +13965,8 @@ async function runInitCommand(options) {
 }
 
 // src/commands/doctorAgents.ts
-var import_promises18 = require("node:fs/promises");
-var import_node_path23 = require("node:path");
+var import_promises20 = require("node:fs/promises");
+var import_node_path25 = require("node:path");
 var REQUIRED_EXISTENCE_CHECKS = [
   { id: "agents-md", file: "AGENTS.md" },
   { id: "claude-md", file: "CLAUDE.md" },
@@ -13638,7 +13986,7 @@ var STALE_PATTERNS = [
 async function checkAgentInjection(cwd) {
   const checks = [];
   for (const item3 of REQUIRED_EXISTENCE_CHECKS) {
-    const exists = await fileExists2((0, import_node_path23.join)(cwd, item3.file));
+    const exists = await fileExists2((0, import_node_path25.join)(cwd, item3.file));
     checks.push({
       id: item3.id,
       status: exists ? "pass" : "fail",
@@ -13646,17 +13994,17 @@ async function checkAgentInjection(cwd) {
     });
   }
   for (const item3 of OPTIONAL_CURSOR_PACK_CHECKS) {
-    const exists = await fileExists2((0, import_node_path23.join)(cwd, item3.file));
+    const exists = await fileExists2((0, import_node_path25.join)(cwd, item3.file));
     checks.push({
       id: item3.id,
       status: exists ? "pass" : "fail",
       message: exists ? `${item3.file} exists` : `Missing ${item3.file} \u2014 run npx -y viberaven init --agents all`
     });
   }
-  const legacyCursorPath = (0, import_node_path23.join)(cwd, ".cursor/rules/viberaven.mdc");
+  const legacyCursorPath = (0, import_node_path25.join)(cwd, ".cursor/rules/viberaven.mdc");
   if (await fileExists2(legacyCursorPath)) {
-    const legacyContent = await (0, import_promises18.readFile)(legacyCursorPath, "utf-8");
-    const hasCoreSplit = await fileExists2((0, import_node_path23.join)(cwd, ".cursor/rules/viberaven-core.mdc"));
+    const legacyContent = await (0, import_promises20.readFile)(legacyCursorPath, "utf-8");
+    const hasCoreSplit = await fileExists2((0, import_node_path25.join)(cwd, ".cursor/rules/viberaven-core.mdc"));
     if (!hasCoreSplit || legacyContent.includes("alwaysApply: true")) {
       checks.push({
         id: "cursor-legacy-mdc",
@@ -13667,7 +14015,7 @@ async function checkAgentInjection(cwd) {
   }
   for (const target of CORE_AGENT_INJECTION_TARGETS) {
     const file = target === "cursor" ? ".cursor/rules/viberaven-core.mdc" : AGENT_RULE_TARGETS[target].file;
-    const path = (0, import_node_path23.join)(cwd, file);
+    const path = (0, import_node_path25.join)(cwd, file);
     const exists = await fileExists2(path);
     if (!exists) {
       checks.push({
@@ -13677,7 +14025,7 @@ async function checkAgentInjection(cwd) {
       });
       continue;
     }
-    const content = await (0, import_promises18.readFile)(path, "utf-8");
+    const content = await (0, import_promises20.readFile)(path, "utf-8");
     const hasCommand = content.includes(PUBLIC_AGENT_MODE_COMMAND);
     checks.push({
       id: `canonical-${target}`,
@@ -13695,15 +14043,15 @@ async function checkAgentInjection(cwd) {
     }
   }
   return {
-    ok: checks.every((check2) => check2.status === "pass"),
+    ok: checks.every((check) => check.status === "pass"),
     checks
   };
 }
 function formatDoctorAgentsReport(report) {
   const lines = ["VibeRaven agent injection doctor", ""];
-  for (const check2 of report.checks) {
-    const icon = check2.status === "pass" ? "\u2713" : "\u2717";
-    lines.push(`${icon} ${check2.message}`);
+  for (const check of report.checks) {
+    const icon = check.status === "pass" ? "\u2713" : "\u2717";
+    lines.push(`${icon} ${check.message}`);
   }
   lines.push("");
   lines.push(report.ok ? "All agent injection checks passed." : "Agent injection checks failed.");
@@ -13711,7 +14059,7 @@ function formatDoctorAgentsReport(report) {
 }
 async function fileExists2(path) {
   try {
-    await (0, import_promises18.access)(path);
+    await (0, import_promises20.access)(path);
     return true;
   } catch {
     return false;
@@ -13924,8 +14272,673 @@ async function runAuditCommand(input) {
   return result.status === "pass" ? 0 : 1;
 }
 
-// src/commands/preview.ts
-var import_picocolors5 = __toESM(require_picocolors());
+// src/commands/actions.ts
+var import_promises21 = require("node:fs/promises");
+var import_node_path26 = require("node:path");
+
+// src/actions/render.ts
+function redact(text) {
+  return text.replace(
+    /\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|DATABASE_URL|POSTGRES_URL|SERVICE_ROLE)[A-Z0-9_]*)=([^,\s]+)/gi,
+    "$1=<redacted>"
+  ).replace(/\bpostgres(?:ql)?:\/\/[^@\s]+@/gi, "postgresql://<redacted>@").replace(/[A-Za-z]:\\[^\s`"]+/g, "<repo-relative-path>").replace(/\b\/Users\/[^\s`"]+/g, "<repo-relative-path>").replace(/\b\/home\/[^\s`"]+/g, "<repo-relative-path>").replace(/\beyJ[A-Za-z0-9._-]*\b/g, "<redacted>");
+}
+function stringifyPayload(value) {
+  if (Array.isArray(value)) {
+    return value.map((entry) => String(entry)).join("\n");
+  }
+  if (value && typeof value === "object") {
+    return JSON.stringify(value, null, 2);
+  }
+  return String(value ?? "");
+}
+function fenceFor(format) {
+  if (format === "bash" || format === "sql" || format === "json") {
+    return format;
+  }
+  return "txt";
+}
+function renderTarget(target) {
+  if (!target) {
+    return [];
+  }
+  if (target.type === "url") {
+    return [`Open: ${redact(target.href || target.label)}`];
+  }
+  if (target.type === "file") {
+    return [`File: ${redact(target.path)}`];
+  }
+  if (target.type === "command") {
+    return ["Run:", "```bash", redact(target.command), "```"];
+  }
+  if (target.type === "provider") {
+    return [`Provider: ${redact(target.label)}`];
+  }
+  return ["Verify:", "```bash", redact(target.command), "```"];
+}
+function renderReadiness(action) {
+  const readiness = action.readiness?.slice(0, 2).map(redact).filter(Boolean);
+  if (!readiness || readiness.length === 0) {
+    return void 0;
+  }
+  return `Ready: ${readiness.join(", ")}`;
+}
+function renderCopyPayload(action) {
+  const payload = action.copyPayloads?.[0];
+  if (!payload) {
+    return [];
+  }
+  const raw = stringifyPayload(payload.value);
+  if (raw.length > 500) {
+    return [];
+  }
+  return [`Copy: ${redact(payload.label)}`, `\`\`\`${fenceFor(payload.format)}`, redact(raw), "```"];
+}
+function renderVerifyCommand(action) {
+  if (!action.verifyCommand) {
+    return [];
+  }
+  if (action.target?.type === "verify" && action.target.command === action.verifyCommand) {
+    return [];
+  }
+  return ["Verify:", "```bash", redact(action.verifyCommand), "```"];
+}
+function renderAction(action) {
+  return [
+    `[${action.id}] ${redact(action.title)}`,
+    `Status: ${action.status}`,
+    renderReadiness(action),
+    ...renderTarget(action.target),
+    ...renderCopyPayload(action),
+    ...renderVerifyCommand(action),
+    action.resumeInstruction ? `Resume: "${redact(action.resumeInstruction)}"` : void 0
+  ].filter((line) => Boolean(line));
+}
+function renderActionSurface(manifest, options = {}) {
+  const visibleActions = typeof options.limit === "number" ? manifest.actions.slice(0, options.limit) : manifest.actions;
+  const lines = [
+    "VibeRaven Production Actions",
+    `Gate: ${manifest.gateStatus}`,
+    `Showing: ${visibleActions.length} of ${manifest.actions.length} current actions`,
+    "Full state: .viberaven/actions.json",
+    ""
+  ];
+  for (const action of visibleActions) {
+    lines.push(...renderAction(action), "");
+  }
+  return `${lines.join("\n").trimEnd()}
+`;
+}
+
+// src/commands/actions.ts
+async function runActionsCommand(input) {
+  const actionsPath = (0, import_node_path26.join)(getProjectArtifactsDir(input.cwd), "actions.json");
+  let raw;
+  try {
+    raw = await (0, import_promises21.readFile)(actionsPath, "utf8");
+  } catch {
+    process.stderr.write("No VibeRaven actions found. Run `npx -y viberaven --agent-mode` first.\n");
+    return 1;
+  }
+  if (input.json) {
+    process.stdout.write(raw.endsWith("\n") ? raw : `${raw}
+`);
+    return 0;
+  }
+  const manifest = JSON.parse(raw);
+  process.stdout.write(renderActionSurface(manifest));
+  return 0;
+}
+
+// src/commands/verifyAction.ts
+var import_promises22 = require("node:fs/promises");
+var import_node_path27 = require("node:path");
+async function currentActionExists(cwd, actionId) {
+  try {
+    const raw = await (0, import_promises22.readFile)((0, import_node_path27.join)(getProjectArtifactsDir(cwd), "actions.json"), "utf8");
+    const manifest = JSON.parse(raw);
+    return manifest.actions.some((action) => action.id === actionId);
+  } catch {
+    return false;
+  }
+}
+async function runVerifyActionCommand(input) {
+  const entry = await resolveActionById(input.cwd, input.actionId);
+  if (!entry) {
+    process.stdout.write(
+      `Action ${input.actionId} is not in the registry. Run \`npx -y viberaven actions\` for current actions.
+`
+    );
+    return 1;
+  }
+  if (entry.status === "resolved") {
+    process.stdout.write(
+      `Action ${entry.id} (${entry.title ?? "untitled action"}) is already resolved. Run \`npx -y viberaven actions\` for current actions.
+`
+    );
+    return 0;
+  }
+  if (entry.status === "replaced") {
+    process.stdout.write(
+      `Action ${entry.id} (${entry.title ?? "untitled action"}) was replaced${entry.replacedBy ? ` by ${entry.replacedBy}` : ""}. Run \`npx -y viberaven actions\` for current actions.
+`
+    );
+    return 1;
+  }
+  if (entry.status === "stale" || !await currentActionExists(input.cwd, input.actionId)) {
+    process.stdout.write(
+      `Action ${entry.id} (${entry.title ?? "untitled action"}) is not in the current action surface. Run \`npx -y viberaven actions\` or rescan with \`npx -y viberaven --agent-mode\`.
+`
+    );
+    return 1;
+  }
+  process.stdout.write(
+    `Verifying ${entry.id} (${entry.title ?? "untitled action"}).
+Run \`npx -y viberaven --verify\` to refresh the production gate for this action.
+`
+  );
+  return 0;
+}
+
+// src/console/server.ts
+var import_node_http = require("node:http");
+var import_node_fs12 = require("node:fs");
+var import_promises24 = require("node:fs/promises");
+var import_node_path29 = require("node:path");
+
+// src/console/commands.ts
+var import_node_child_process4 = require("node:child_process");
+var ACTION_ID_RE = /^VR-A[1-9][0-9]*$/;
+function isPlainRequestObject(request) {
+  return typeof request === "object" && request !== null && !Array.isArray(request);
+}
+function hasOnlyKeys(request, keys) {
+  const actualKeys = Object.keys(request);
+  return actualKeys.length === keys.length && keys.every((key) => Object.prototype.hasOwnProperty.call(request, key));
+}
+function resolveConsoleCommandArgs(request) {
+  if (!isPlainRequestObject(request) || typeof request.type !== "string") {
+    throw new Error("Unsupported console command.");
+  }
+  if (request.type === "actions-json" && hasOnlyKeys(request, ["type"])) return ["actions", "--json"];
+  if (request.type === "verify-gate" && hasOnlyKeys(request, ["type"])) return ["--verify"];
+  if (request.type === "agent-mode" && hasOnlyKeys(request, ["type"])) return ["--agent-mode"];
+  if (request.type === "verify-action" && hasOnlyKeys(request, ["type", "actionId"])) {
+    if (typeof request.actionId !== "string" || !ACTION_ID_RE.test(request.actionId)) {
+      throw new Error("Invalid VibeRaven action ID.");
+    }
+    return ["verify", "--action", request.actionId];
+  }
+  throw new Error("Unsupported console command.");
+}
+async function runAllowedConsoleCommand(input) {
+  const args = resolveConsoleCommandArgs(input.request);
+  return new Promise((resolve5, reject) => {
+    let settled = false;
+    const settle = (callback) => {
+      if (settled) return;
+      settled = true;
+      callback();
+    };
+    const child = (0, import_node_child_process4.spawn)(process.execPath, [input.cliPath, ...args], {
+      cwd: input.cwd,
+      shell: false,
+      windowsHide: true
+    });
+    let stdout = "";
+    let stderr = "";
+    child.stdout?.on("data", (chunk) => {
+      stdout += String(chunk);
+    });
+    child.stderr?.on("data", (chunk) => {
+      stderr += String(chunk);
+    });
+    child.on("error", (error) => {
+      settle(() => reject(error));
+    });
+    child.on("close", (exitCode) => {
+      settle(() => resolve5({ exitCode, stdout, stderr }));
+    });
+  });
+}
+
+// src/console/manifest.ts
+var import_promises23 = require("node:fs/promises");
+var import_node_path28 = require("node:path");
+var ACTIONS_ARTIFACT_PATH = ".viberaven/actions.json";
+var REPO_PATH_PLACEHOLDER = "<repo-relative-path>";
+var REDACTED_PLACEHOLDER = "<redacted>";
+function isSensitiveKey(key) {
+  return /secret|token|key|password|database_url|postgres_url|service_role/i.test(key);
+}
+function isAbsoluteLocalPath(value) {
+  return /^[A-Za-z]:[\\/]/.test(value) || /^\/(?:Users|home|tmp|workspace|workspaces|var)\//.test(value);
+}
+function redactConsoleSecrets(text) {
+  return redactString(text).replace(/\[REDACTED(?:_(?:SECRET|PRIVATE_KEY))?\]/g, REDACTED_PLACEHOLDER);
+}
+function redactConsoleValue(text) {
+  return redactConsoleSecrets(text).replace(
+    /\b([A-Z0-9_]*(?:SECRET|TOKEN|KEY|PASSWORD|DATABASE_URL|POSTGRES_URL|SERVICE_ROLE)[A-Z0-9_]*)=([^,\s]+)/gi,
+    `$1=${REDACTED_PLACEHOLDER}`
+  ).replace(/\bpostgres(?:ql)?:\/\/[^@\s]+@/gi, `postgresql://${REDACTED_PLACEHOLDER}@`).replace(/(["'`])([A-Za-z]:[\\/][\s\S]*?)\1/g, `$1${REPO_PATH_PLACEHOLDER}$1`).replace(/(["'`])(\/(?:Users|home|tmp|workspace|workspaces|var)\/[\s\S]*?)\1/g, `$1${REPO_PATH_PLACEHOLDER}$1`).replace(/[A-Za-z]:[\\/][^"'`,;\n|]+[\\/][^"'`,;\n|]*/g, REPO_PATH_PLACEHOLDER).replace(/(^|[\s"'=])\/(?:Users|home|tmp|workspace|workspaces|var)\/[^"'`,;\n|]+\/[^"'`,;\n|]*/g, `$1${REPO_PATH_PLACEHOLDER}`).replace(/[A-Za-z]:[\\/][^\s`"]+/g, REPO_PATH_PLACEHOLDER).replace(/(^|[\s"'=])\/(?:Users|home|tmp|workspace|workspaces|var)\/[^\s`"]+/g, `$1${REPO_PATH_PLACEHOLDER}`).replace(/\beyJ[A-Za-z0-9._-]*\b/g, REDACTED_PLACEHOLDER);
+}
+function redactPayloadValue(value) {
+  if (typeof value === "string") {
+    return redactConsoleValue(value);
+  }
+  if (Array.isArray(value)) {
+    return value.map((entry) => redactConsoleValue(entry));
+  }
+  return Object.fromEntries(Object.entries(value).map(([key, entry]) => [key, redactUnknown2(entry, key)]));
+}
+function redactUnknown2(value, key) {
+  if (key && isSensitiveKey(key)) {
+    return REDACTED_PLACEHOLDER;
+  }
+  if (typeof value === "string") {
+    return redactConsoleValue(value);
+  }
+  if (Array.isArray(value)) {
+    return value.map((entry) => redactUnknown2(entry));
+  }
+  if (value && typeof value === "object") {
+    return Object.fromEntries(Object.entries(value).map(([entryKey, entry]) => [entryKey, redactUnknown2(entry, entryKey)]));
+  }
+  return value;
+}
+function primaryControlFor(action) {
+  if (!action.target) {
+    return action.verifyCommand ? "verify" : "none";
+  }
+  if (action.target.type === "provider") return "provider";
+  if (action.target.type === "file") return "file";
+  if (action.target.type === "command") return "run";
+  if (action.target.type === "verify") return "verify";
+  if (action.target.type === "url") return "open";
+  return "none";
+}
+function targetValue(target) {
+  if (!target) return void 0;
+  if (target.type === "url") return target.href;
+  if (target.type === "file") return target.path;
+  if (target.type === "command" || target.type === "verify") return target.command;
+  return target.provider;
+}
+function targetView(target) {
+  if (!target) {
+    return { type: "none", label: "" };
+  }
+  const value = targetValue(target);
+  const redactedValue = target.type === "file" && value && isAbsoluteLocalPath(value) ? REPO_PATH_PLACEHOLDER : value ? redactConsoleValue(value) : void 0;
+  return {
+    type: target.type,
+    label: redactConsoleValue(target.label),
+    ...redactedValue ? { value: redactedValue } : {}
+  };
+}
+function copyPayloadView(payload) {
+  return {
+    label: redactConsoleValue(payload.label),
+    format: payload.format,
+    value: redactPayloadValue(payload.value)
+  };
+}
+function toConsoleActionViewModel(action) {
+  const verifyCommand = action.verifyCommand ?? `npx -y viberaven verify --action ${action.id}`;
+  return {
+    id: action.id,
+    title: redactConsoleValue(action.title),
+    kind: action.kind,
+    status: action.status,
+    provider: action.provider ? redactConsoleValue(action.provider) : void 0,
+    readiness: (action.readiness ?? []).map(redactConsoleValue),
+    primaryControl: primaryControlFor(action),
+    target: targetView(action.target),
+    copyPayloads: (action.copyPayloads ?? []).map(copyPayloadView),
+    verify: {
+      actionId: action.id,
+      command: redactConsoleValue(verifyCommand),
+      fallbackCommand: action.fallbackCommand ? redactConsoleValue(action.fallbackCommand) : void 0
+    },
+    resumeInstruction: redactConsoleValue(action.resumeInstruction ?? ""),
+    lifecycle: {
+      replacedBy: action.replacedBy,
+      supersedes: action.supersedes ?? []
+    }
+  };
+}
+function isV1ActionsManifest(value) {
+  if (!value || typeof value !== "object") return false;
+  const candidate = value;
+  return candidate.version === 1 && Array.isArray(candidate.actions);
+}
+async function loadConsoleActionState(cwd) {
+  const actionsPath = (0, import_node_path28.join)(getProjectArtifactsDir(cwd), "actions.json");
+  try {
+    const manifest = JSON.parse(await (0, import_promises23.readFile)(actionsPath, "utf8"));
+    if (!isV1ActionsManifest(manifest)) {
+      return {
+        ok: false,
+        reason: "invalid",
+        message: "Invalid VibeRaven actions manifest. Run npx -y viberaven --agent-mode.",
+        artifactPath: ACTIONS_ARTIFACT_PATH
+      };
+    }
+    return {
+      ok: true,
+      generatedAt: String(manifest.generatedAt ?? ""),
+      gateStatus: String(manifest.gateStatus ?? ""),
+      artifactPath: ACTIONS_ARTIFACT_PATH,
+      actions: manifest.actions.map(toConsoleActionViewModel)
+    };
+  } catch (error) {
+    if (error && typeof error === "object" && "code" in error && error.code === "ENOENT") {
+      return {
+        ok: false,
+        reason: "missing",
+        message: "No VibeRaven actions found. Run npx -y viberaven --agent-mode.",
+        artifactPath: ACTIONS_ARTIFACT_PATH
+      };
+    }
+    return {
+      ok: false,
+      reason: "invalid",
+      message: "Unable to read VibeRaven actions manifest. Run npx -y viberaven --agent-mode.",
+      artifactPath: ACTIONS_ARTIFACT_PATH
+    };
+  }
+}
+
+// src/console/security.ts
+var import_node_crypto2 = require("node:crypto");
+function createConsoleSessionToken() {
+  return (0, import_node_crypto2.randomBytes)(32).toString("hex");
+}
+function isAllowedConsoleOrigin(origin, port) {
+  if (!origin) return true;
+  return origin === `http://127.0.0.1:${port}` || origin === `http://localhost:${port}`;
+}
+function requireConsoleToken(authorizationHeader, expectedToken) {
+  const prefix = "Bearer ";
+  if (!authorizationHeader?.startsWith(prefix)) return false;
+  const received = Buffer.from(authorizationHeader.slice(prefix.length));
+  const expected = Buffer.from(expectedToken);
+  return received.length === expected.length && (0, import_node_crypto2.timingSafeEqual)(received, expected);
+}
+
+// src/console/server.ts
+var PUBLIC_COMMAND_ERROR_MESSAGES = /* @__PURE__ */ new Set(["Unsupported console command.", "Invalid VibeRaven action ID."]);
+var STATIC_ASSETS = /* @__PURE__ */ new Map([
+  ["/", { filename: "index.html", contentType: "text/html; charset=utf-8" }],
+  ["/styles.css", { filename: "styles.css", contentType: "text/css; charset=utf-8" }],
+  ["/app.js", { filename: "app.js", contentType: "application/javascript; charset=utf-8" }]
+]);
+var ACTION_EVENT_FILES = /* @__PURE__ */ new Set(["actions.json", "action-registry.json", "gate-result.json"]);
+function sendJson(response, status, body) {
+  response.writeHead(status, { "Content-Type": "application/json" });
+  response.end(JSON.stringify(body));
+}
+function sendText(response, status, contentType, body) {
+  response.writeHead(status, { "Content-Type": contentType });
+  response.end(body);
+}
+function injectConsoleToken(html, token) {
+  const tokenScript = `<script>window.__VIBERAVEN_TOKEN__ = ${JSON.stringify(token)};</script>`;
+  return html.includes("</head>") ? html.replace("</head>", `    ${tokenScript}
+  </head>`) : `${html}
+${tokenScript}`;
+}
+async function readJsonBody(request) {
+  const chunks = [];
+  for await (const chunk of request) {
+    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+  }
+  const body = Buffer.concat(chunks).toString("utf8").trim();
+  if (!body) return {};
+  try {
+    return JSON.parse(body);
+  } catch {
+    throw new Error("Invalid JSON body.");
+  }
+}
+function getHeader(request, name) {
+  const value = request.headers[name.toLowerCase()];
+  return Array.isArray(value) ? value[0] : value;
+}
+function getServerPort(server) {
+  const address = server.address();
+  if (!address || typeof address === "string") {
+    throw new Error("Console server is not listening on a TCP port.");
+  }
+  return address.port;
+}
+function publicCommandErrorMessage(error) {
+  if (error instanceof Error && PUBLIC_COMMAND_ERROR_MESSAGES.has(error.message)) {
+    return error.message;
+  }
+  return "Console command failed.";
+}
+function sanitizeCommandOutput(output) {
+  return redactConsoleValue(output).split(/\r?\n/).filter((line) => !/^\s*(?:stack\b|at\s+)/i.test(line)).join("\n");
+}
+function sanitizeCommandResult(result) {
+  return {
+    exitCode: result.exitCode,
+    stdout: sanitizeCommandOutput(result.stdout),
+    stderr: sanitizeCommandOutput(result.stderr)
+  };
+}
+function resolveConsoleAsset(filename) {
+  const candidates = [
+    (0, import_node_path29.join)(__dirname, "console", filename),
+    (0, import_node_path29.join)(__dirname, "..", "..", "assets", "console", filename)
+  ];
+  return candidates.find((candidate) => (0, import_node_fs12.existsSync)(candidate));
+}
+function removeEventClient(eventClients, client) {
+  eventClients.delete(client);
+}
+function destroyEventClient(eventClients, client) {
+  removeEventClient(eventClients, client);
+  if (client.response.writableEnded || client.response.destroyed) return;
+  if (typeof client.response.destroy === "function") {
+    client.response.destroy();
+    return;
+  }
+  client.response.socket?.destroy();
+}
+function sendActionChangedEvent(eventClients, client) {
+  const { response } = client;
+  if (response.writableEnded || response.destroyed) {
+    removeEventClient(eventClients, client);
+    return;
+  }
+  const didFlush = response.write('event: actions\ndata: {"type":"actions-changed"}\n\n');
+  if (!didFlush) {
+    destroyEventClient(eventClients, client);
+  }
+}
+async function createConsoleServer(input) {
+  const token = createConsoleSessionToken();
+  const cliPath = input.cliPath ?? process.argv[1] ?? "";
+  const runCommand2 = input.runCommand ?? runAllowedConsoleCommand;
+  const watchDirectory = input.watchDirectory ?? import_node_fs12.watch;
+  const eventClients = /* @__PURE__ */ new Set();
+  const viberavenDir = (0, import_node_path29.join)(input.cwd, ".viberaven");
+  let watcher;
+  function closeWatcher() {
+    watcher?.close();
+    watcher = void 0;
+  }
+  if ((0, import_node_fs12.existsSync)(viberavenDir)) {
+    try {
+      watcher = watchDirectory(viberavenDir, (_eventType, filename) => {
+        const changedFile = typeof filename === "string" ? filename : void 0;
+        if (!changedFile || !ACTION_EVENT_FILES.has(changedFile)) return;
+        for (const client of Array.from(eventClients)) {
+          sendActionChangedEvent(eventClients, client);
+        }
+      });
+      watcher.on("error", closeWatcher);
+    } catch {
+      closeWatcher();
+    }
+  }
+  const server = (0, import_node_http.createServer)(async (request, response) => {
+    const actualPort2 = getServerPort(server);
+    const origin = getHeader(request, "origin");
+    const authorization = getHeader(request, "authorization");
+    const hasValidToken = requireConsoleToken(authorization, token);
+    const hasAllowedOrigin = isAllowedConsoleOrigin(origin, actualPort2);
+    const url = new URL(request.url ?? "/", `http://127.0.0.1:${actualPort2}`);
+    const staticAsset = STATIC_ASSETS.get(url.pathname);
+    if (request.method === "GET" && staticAsset) {
+      const assetPath = resolveConsoleAsset(staticAsset.filename);
+      if (!assetPath) {
+        sendJson(response, 404, { ok: false, error: "Console asset not found." });
+        return;
+      }
+      const assetBody = await (0, import_promises24.readFile)(assetPath, "utf8");
+      sendText(
+        response,
+        200,
+        staticAsset.contentType,
+        staticAsset.filename === "index.html" ? injectConsoleToken(assetBody, token) : assetBody
+      );
+      return;
+    }
+    if (request.method === "GET" && url.pathname === "/api/actions") {
+      if (!hasValidToken && !hasAllowedOrigin) {
+        sendJson(response, 403, { ok: false, error: "Disallowed origin." });
+        return;
+      }
+      sendJson(response, 200, await loadConsoleActionState(input.cwd));
+      return;
+    }
+    if (request.method === "GET" && url.pathname === "/api/events") {
+      if (!hasValidToken && !hasAllowedOrigin) {
+        sendJson(response, 403, { ok: false, error: "Disallowed origin." });
+        return;
+      }
+      response.writeHead(200, {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive"
+      });
+      response.write(": connected\n\n");
+      input.onEventResponse?.(response);
+      const client = { response };
+      const removeClient = () => removeEventClient(eventClients, client);
+      eventClients.add(client);
+      request.on("close", removeClient);
+      request.on("error", removeClient);
+      response.on("close", removeClient);
+      response.on("error", removeClient);
+      return;
+    }
+    if (request.method === "POST" && url.pathname === "/api/command") {
+      if (!hasAllowedOrigin) {
+        sendJson(response, 403, { ok: false, error: "Disallowed origin." });
+        return;
+      }
+      if (!hasValidToken) {
+        sendJson(response, 401, { ok: false, error: "Unauthorized." });
+        return;
+      }
+      let commandRequest;
+      try {
+        commandRequest = await readJsonBody(request);
+      } catch {
+        sendJson(response, 400, { ok: false, error: "Invalid JSON body." });
+        return;
+      }
+      try {
+        const result = await runCommand2({ cliPath, cwd: input.cwd, request: commandRequest });
+        sendJson(response, 200, { ok: true, result: sanitizeCommandResult(result) });
+      } catch (error) {
+        sendJson(response, 400, { ok: false, error: publicCommandErrorMessage(error) });
+      }
+      return;
+    }
+    sendJson(response, 404, { ok: false, error: "Not found." });
+  });
+  await new Promise((resolve5, reject) => {
+    const handleListenError = (error) => {
+      closeWatcher();
+      reject(error);
+    };
+    server.once("error", handleListenError);
+    server.listen(input.port ?? 0, "127.0.0.1", () => {
+      server.off("error", handleListenError);
+      resolve5();
+    });
+  });
+  const actualPort = getServerPort(server);
+  return {
+    url: `http://127.0.0.1:${actualPort}`,
+    token,
+    close: () => new Promise((resolve5, reject) => {
+      closeWatcher();
+      for (const client of eventClients) {
+        client.response.end();
+      }
+      eventClients.clear();
+      server.close((error) => {
+        if (error) {
+          reject(error);
+          return;
+        }
+        resolve5();
+      });
+    })
+  };
+}
+
+// src/commands/console.ts
+async function runConsoleCliCommand(input) {
+  const closeServer = async (serverToClose) => {
+    try {
+      await serverToClose.close();
+      return 0;
+    } catch (error) {
+      process.stderr.write(
+        `Could not stop console server: ${error instanceof Error ? error.message : String(error)}
+`
+      );
+      return 1;
+    }
+  };
+  const start = input.start ?? createConsoleServer;
+  const server = await start({
+    cwd: input.cwd,
+    port: input.port,
+    open: false
+  });
+  process.stdout.write(`VibeRaven Console: ${server.url}
+`);
+  process.stdout.write("Local only. Press Ctrl+C to stop.\n");
+  if (input.open) {
+    try {
+      await openUrlInBrowser(server.url);
+    } catch (error) {
+      process.stderr.write(
+        `Could not open browser: ${error instanceof Error ? error.message : String(error)}. Open manually: ${server.url}
+`
+      );
+    }
+  }
+  if (input.once) {
+    return closeServer(server);
+  }
+  return new Promise((resolve5) => {
+    const onSigint = () => {
+      process.off("SIGINT", onSigint);
+      void closeServer(server).then(resolve5);
+    };
+    process.once("SIGINT", onSigint);
+  });
+}
 
 // src/output/nextActionBlock.ts
 function buildNextActionBlock(tasks, loopState, plan) {
@@ -13941,11 +14954,7 @@ function buildNextActionBlock(tasks, loopState, plan) {
     return {
       ...base,
       type: "stalled",
-      title: "Loop stalled - no gap reduction after 2+ consecutive scans",
-      agentInstruction: "Stop the scan loop. Explain the blocker plainly, then either guide the provider/user action or report that no safe repo-code recipe is available.",
-      executionPlan: [
-        { kind: "stop", note: "Do not keep spending scans while the loop is stalled." }
-      ],
+      title: "Loop stalled \u2014 no gap reduction after 2+ consecutive scans",
       requiresUserAction: true,
       stallReason
     };
@@ -13954,67 +14963,42 @@ function buildNextActionBlock(tasks, loopState, plan) {
     return {
       ...base,
       type: "verify",
-      title: "Batch complete - run verify to rescan before next batch",
-      agentInstruction: "Run verify now, read the refreshed VibeRaven artifacts, then continue with the next safe repo fix or provider step. Do not stop at a summary.",
-      executionPlan: [
-        { kind: "verify", command: "viberaven_verify" },
-        { kind: "continue-loop", note: "After verify, continue until the gate is clear or a provider/user blocker remains." }
-      ],
+      title: "Batch complete \u2014 run verify to rescan before next batch",
       mcpTool: "viberaven_verify",
       mcpArgs: {},
       requiresUserAction: false
     };
   }
-  const repoCodeTask = tasks.find((task) => task.fixType === "repo-code" && !task.requiresUserAction);
+  const repoCodeTask = tasks.find((t) => t.fixType === "repo-code" && !t.requiresUserAction);
   if (repoCodeTask) {
-    const fallbackCommand = repoCodeTask.mcpArgs ? `npx -y viberaven --heal --apply --gap ${repoCodeTask.gapId} --yes` : void 0;
     return {
       ...base,
       type: "repo-code",
       gapId: repoCodeTask.gapId,
       title: repoCodeTask.title,
-      agentInstruction: "Apply this repo-code fix now using the MCP tool or fallback command, then continue the local VibeRaven loop. Do not stop at a summary.",
-      executionPlan: [
-        {
-          kind: "apply-repo-fix",
-          command: repoCodeTask.mcpTool ?? fallbackCommand,
-          note: "Patch only this gap and preserve unrelated user changes."
-        },
-        { kind: "continue-loop", note: "Apply remaining safe repo fixes until the batch is full, then verify once." }
-      ],
       mcpTool: repoCodeTask.mcpTool,
       mcpArgs: repoCodeTask.mcpArgs,
-      fallbackCommand,
+      fallbackCommand: repoCodeTask.mcpArgs ? `npx -y viberaven --heal --apply --gap ${repoCodeTask.gapId} --yes` : void 0,
       requiresUserAction: false
     };
   }
-  const providerTask = tasks.find((task) => task.fixType === "provider-action");
+  const providerTask = tasks.find((t) => t.fixType === "provider-action");
   if (providerTask) {
     return {
       ...base,
       type: "provider-action",
       gapId: providerTask.gapId,
       title: providerTask.title,
-      agentInstruction: "Open or present the provider step now. If browser/tool access is available, open the dashboard link for the user; otherwise show the exact step and copy values. Do not keep telling the user to verify until the provider step is done.",
-      executionPlan: [
-        { kind: "open-provider-step", note: "Use VIBERAVEN_PROVIDER_ACTION for the exact dashboard step and URL." },
-        { kind: "wait-for-user", note: "Wait for confirmation or read-only MCP evidence before verifying." }
-      ],
       requiresUserAction: true
     };
   }
-  const upgradeTask = tasks.find((task) => task.fixType === "upgrade-required");
+  const upgradeTask = tasks.find((t) => t.fixType === "upgrade-required");
   if (upgradeTask) {
     return {
       ...base,
       type: "upgrade-required",
       gapId: upgradeTask.gapId,
       title: upgradeTask.title,
-      agentInstruction: "Explain that this production lane needs an upgrade or connected provider evidence. Continue with any remaining unlocked repo-code fixes if present; otherwise stop cleanly.",
-      executionPlan: [
-        { kind: "upgrade", command: "https://viberaven.dev/pricing" },
-        { kind: "stop", note: "Do not pretend locked lanes or provider state were fixed locally." }
-      ],
       requiresUserAction: true,
       upgradeUrl: "https://viberaven.dev/pricing"
     };
@@ -14022,20 +15006,15 @@ function buildNextActionBlock(tasks, loopState, plan) {
   return {
     ...base,
     type: "done",
-    title: "All gaps resolved - production gate is clear",
-    agentInstruction: "The repo-code gate is clear. Run strict before deploy and still verify provider dashboard state through MCP or the provider dashboard.",
-    executionPlan: [
-      { kind: "verify", command: "npx -y viberaven --strict" },
-      { kind: "stop", note: "Do not deploy until provider dashboard state is verified where applicable." }
-    ],
+    title: "All gaps resolved \u2014 production gate is clear",
     requiresUserAction: false
   };
 }
 function resolveStallReason(tasks) {
   if (tasks.length === 0) return "no-recipes";
-  const allUpgradeOrEmpty = tasks.every((task) => task.fixType === "upgrade-required");
+  const allUpgradeOrEmpty = tasks.every((t) => t.fixType === "upgrade-required");
   if (allUpgradeOrEmpty) return "no-recipes";
-  const allProviderAction = tasks.every((task) => task.fixType === "provider-action");
+  const allProviderAction = tasks.every((t) => t.fixType === "provider-action");
   if (allProviderAction) return "provider-action-required";
   return "unknown";
 }
@@ -14064,7 +15043,7 @@ function buildProviderActionBlock(task) {
 }
 function printProviderActionBlock(tasks) {
   const task = tasks.find(
-    (entry) => entry.fixType === "provider-action" && entry.requiresUserAction === true
+    (t) => t.fixType === "provider-action" && t.requiresUserAction === true
   );
   if (!task) return;
   const block = buildProviderActionBlock(task);
@@ -14079,138 +15058,10 @@ function printNextActionBlock(block) {
   console.log(NEXT_ACTION_END);
 }
 
-// src/commands/preview.ts
-function previewArtifact(cwd) {
-  return {
-    version: 1,
-    scannedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    workspacePath: cwd,
-    score: 42,
-    scoreLabel: "Blocked",
-    summary: "Vercel, Supabase, and Stripe are detected, but launch-critical provider setup is not proven yet.",
-    archetype: "ai-built-saas",
-    plan: "free",
-    productionCorePercent: 40,
-    usage: {
-      plan: "free",
-      remainingPrompts: 0,
-      used: 0,
-      limit: 0,
-      period: "lifetime",
-      unlockedMapCategoryKeys: ["appFlow", "frontend", "backend", "auth", "database", "payments"]
-    },
-    gaps: [
-      {
-        id: "auth_secret_missing",
-        category: "SECURITY & AUTH",
-        severity: "critical",
-        title: "Create production auth secret",
-        detail: "The app needs a production session secret before real users sign in.",
-        copyPrompt: "Generate and document NEXTAUTH_SECRET or the equivalent auth secret for this stack.",
-        toolSuggestions: [],
-        mcpSuggestion: null,
-        primaryMapCategory: "auth",
-        affectedMapCategories: []
-      },
-      {
-        id: "rls_disabled",
-        category: "DATABASE & DATA",
-        severity: "critical",
-        title: "Verify Supabase RLS before launch",
-        detail: "Database access must be protected by Row Level Security or equivalent server-side controls.",
-        copyPrompt: "Open Supabase and verify RLS policies for user-owned tables.",
-        toolSuggestions: [],
-        mcpSuggestion: null,
-        primaryMapCategory: "database",
-        affectedMapCategories: []
-      },
-      {
-        id: "stripe_webhook_secret_missing",
-        category: "PAYMENTS",
-        severity: "critical",
-        title: "Connect Stripe webhook secret",
-        detail: "Stripe webhook signature verification needs STRIPE_WEBHOOK_SECRET before live payments.",
-        copyPrompt: "Create a Stripe webhook endpoint and add STRIPE_WEBHOOK_SECRET to the deployment environment.",
-        toolSuggestions: [],
-        mcpSuggestion: null,
-        primaryMapCategory: "payments",
-        affectedMapCategories: []
-      }
-    ],
-    missionGraph: {
-      areas: [],
-      byArea: {},
-      byProvider: {},
-      repositoryEvidence: { env: [], security: [] }
-    },
-    stackWiring: { items: [], byKey: {} },
-    providerRegistry: {
-      version: 1,
-      source: "bundled",
-      generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
-      status: "fresh",
-      staleAfterDays: 14,
-      providers: []
-    }
-  };
-}
-function check(done, text) {
-  const mark = done ? import_picocolors5.default.green("[x]") : import_picocolors5.default.yellow("[ ]");
-  return `  ${mark} ${text}`;
-}
-async function runPreviewCommand(options) {
-  const artifact = previewArtifact(options.cwd);
-  const tasks = buildTaskList(artifact);
-  const next = buildNextActionBlock(tasks, {
-    batchApplied: 1,
-    appliedGapIdsSinceScan: ["auth_secret_missing"],
-    lastGapCount: artifact.gaps.length,
-    stalledScans: 0
-  }, "free");
-  if (options.json) {
-    console.log(JSON.stringify({ artifact, tasks, next }, null, 2));
-    return 0;
-  }
-  console.log(import_picocolors5.default.dim(`VibeRaven ${VERSION} preview - local rehearsal, no login or API spend.`));
-  console.log(import_picocolors5.default.bold("VibeRaven"));
-  console.log("Taking this app from demo to production.");
-  console.log("");
-  console.log(`${import_picocolors5.default.bold("Status:")} ${import_picocolors5.default.red("BLOCKED")} | vercel + supabase + stripe | 3 launch gaps`);
-  console.log("");
-  console.log(import_picocolors5.default.bold("Progress"));
-  console.log(check(true, "Understand the stack and launch gaps"));
-  console.log(check(true, "Patch the first repo-owned secret gap"));
-  console.log(check(false, "Open Supabase and verify RLS policies"));
-  console.log(check(false, "Connect Stripe webhook signing secret"));
-  console.log(check(false, "Verify again before launch"));
-  console.log("");
-  console.log(import_picocolors5.default.bold("I can do now"));
-  console.log("  1. Add missing env names and agent rules.");
-  console.log("  2. Prepare focused repo fixes the coding agent can apply.");
-  console.log("  3. Keep the launch loop moving until provider proof is needed.");
-  console.log("");
-  console.log(import_picocolors5.default.bold("I need you for"));
-  console.log("  1. Supabase: open the project and confirm RLS policies.");
-  console.log("  2. Stripe: create or open the webhook endpoint.");
-  console.log("  3. Deployment: paste provider secrets into Vercel or your host.");
-  console.log("");
-  console.log(import_picocolors5.default.bold("Open"));
-  console.log(`  supabase: ${import_picocolors5.default.cyan("https://supabase.com/dashboard")}`);
-  console.log(`  stripe:   ${import_picocolors5.default.cyan("https://dashboard.stripe.com/")}`);
-  console.log("");
-  console.log(`${import_picocolors5.default.bold("Copy env names:")} NEXTAUTH_SECRET, STRIPE_WEBHOOK_SECRET`);
-  console.log(`${import_picocolors5.default.bold("Next:")} I will guide the blocked provider setup, then verify when you confirm it is done.`);
-  if (options.agentMode) {
-    console.log("");
-    console.log(import_picocolors5.default.dim("Agent note: render the checklist above as the live timeline; update [ ] to [x] as work completes."));
-  }
-  return 0;
-}
-
 // src/providerMcpBridge.ts
-var import_node_fs12 = require("node:fs");
+var import_node_fs13 = require("node:fs");
 var import_node_os2 = require("node:os");
-var import_node_path24 = require("node:path");
+var import_node_path30 = require("node:path");
 var UPGRADE_URL4 = "https://viberaven.dev/pricing";
 var FALLBACK_COMMAND = "npx -y viberaven audit --vercel-supabase --json";
 var SUPPORTED_PROVIDERS = /* @__PURE__ */ new Set(["supabase", "vercel"]);
@@ -14218,9 +15069,9 @@ var configPathsOverride;
 function defaultMcpConfigPaths() {
   const home = (0, import_node_os2.homedir)();
   return [
-    (0, import_node_path24.join)(home, ".config", "claude", "claude_desktop_config.json"),
-    (0, import_node_path24.join)(home, ".cursor", "mcp.json"),
-    (0, import_node_path24.join)(home, ".gemini", "antigravity", "mcp_config.json")
+    (0, import_node_path30.join)(home, ".config", "claude", "claude_desktop_config.json"),
+    (0, import_node_path30.join)(home, ".cursor", "mcp.json"),
+    (0, import_node_path30.join)(home, ".gemini", "antigravity", "mcp_config.json")
   ];
 }
 function resolveConfigPaths() {
@@ -14249,11 +15100,11 @@ function findServerEntry(servers, provider2) {
 function findProviderMcpConfig(provider2, configPaths) {
   const paths = configPaths ?? resolveConfigPaths();
   for (const path of paths) {
-    if (!(0, import_node_fs12.existsSync)(path)) {
+    if (!(0, import_node_fs13.existsSync)(path)) {
       continue;
     }
     try {
-      const raw = JSON.parse((0, import_node_fs12.readFileSync)(path, "utf8"));
+      const raw = JSON.parse((0, import_node_fs13.readFileSync)(path, "utf8"));
       const servers = parseMcpServers(raw);
       if (!servers) {
         continue;
@@ -14323,8 +15174,8 @@ Usage:
 
   viberaven status
 
-  viberaven preview [--agent-mode] [--json]
-                       Local production rehearsal for videos and onboarding; no login or API spend
+  viberaven actions [--json] [path]
+                       Print current chat-native production action surface
 
   viberaven connect --session <id> --token <token> [--once] [--api-url <url>]
                        Handshake, save runner session, then watch for jobs (Ctrl+C to stop)
@@ -14458,7 +15309,7 @@ function isBooleanFlag(command, key) {
     return true;
   }
   if (key === "strict") return true;
-  if (key === "open" && (command === "" || command === "scan" || command === "report")) return true;
+  if (key === "open" && (command === "" || command === "scan" || command === "report" || command === "console")) return true;
   if (key === "verify" && command === "") return true;
   if (key === "vercel-supabase" && command === "audit") return true;
   if (key === "json" && command === "validate-npm-package") return true;
@@ -14480,7 +15331,7 @@ async function guardEarlyVerifyScan(input) {
   if (!verifyLike) {
     return void 0;
   }
-  const workspacePath = input.positional[0] ? (0, import_node_path25.join)(process.cwd(), input.positional[0]) : await resolveWorkspaceRoot(process.cwd());
+  const workspacePath = input.positional[0] ? (0, import_node_path31.join)(process.cwd(), input.positional[0]) : await resolveWorkspaceRoot(process.cwd());
   const loopState = await loadLoopState(workspacePath);
   if (loopState.batchApplied <= 0) {
     return void 0;
@@ -14529,8 +15380,8 @@ async function cmdLogout() {
 }
 async function cmdProviderVerify(flags, positional) {
   const provider2 = typeof flags.provider === "string" ? flags.provider : positional[0];
-  const check2 = typeof flags.check === "string" ? flags.check : positional[1];
-  if (!provider2 || !check2) {
+  const check = typeof flags.check === "string" ? flags.check : positional[1];
+  if (!provider2 || !check) {
     console.error("Usage: viberaven provider-verify --provider <supabase|vercel> --check <id> [--plan free|pro]");
     return 1;
   }
@@ -14543,7 +15394,7 @@ async function cmdProviderVerify(flags, positional) {
   }
   const result = await verifyProviderGap({
     provider: provider2,
-    check: check2,
+    check,
     cwd: process.cwd(),
     plan
   });
@@ -14556,7 +15407,7 @@ async function cmdStatus(flags, positional) {
     console.log("Not signed in. Run: viberaven login");
     return 1;
   }
-  const startDir = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+  const startDir = positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd();
   let artifact;
   try {
     artifact = await loadLastArtifact(startDir);
@@ -14710,7 +15561,7 @@ async function cmdWatch(flags) {
   }
 }
 async function runScanCommand(flags, positional, options) {
-  const workspacePath = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : await resolveWorkspaceRoot(process.cwd());
+  const workspacePath = positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : await resolveWorkspaceRoot(process.cwd());
   const apiBaseUrl = resolveApiBaseUrl(typeof flags["api-url"] === "string" ? flags["api-url"] : void 0);
   let accessToken;
   try {
@@ -14776,6 +15627,12 @@ async function runScanCommand(flags, positional, options) {
     const block = buildNextActionBlock(tasks, updatedState, plan);
     printNextActionBlock(block);
     printProviderActionBlock(tasks);
+    try {
+      const manifest = JSON.parse(await (0, import_promises25.readFile)(paths.actionsPath, "utf8"));
+      console.log(renderActionSurface(manifest, { limit: 5 }).trimEnd());
+    } catch (error) {
+      console.warn(error instanceof Error ? error.message : String(error));
+    }
     await saveLoopState(workspacePath, updatedState);
   }
   if (flags.open) {
@@ -14788,7 +15645,7 @@ async function runScanCommand(flags, positional, options) {
   return { exitCode: 0, artifacts: paths };
 }
 async function cmdReport(flags, positional) {
-  const startDir = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+  const startDir = positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd();
   try {
     const paths = await refreshReportFromDisk(startDir);
     console.log(`Report refreshed: ${paths.reportPath}`);
@@ -14810,7 +15667,7 @@ async function cmdReport(flags, positional) {
   }
 }
 async function cmdPrompt(flags, positional) {
-  const startDir = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+  const startDir = positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd();
   let artifact;
   try {
     artifact = await loadLastArtifact(startDir);
@@ -14908,7 +15765,7 @@ async function main() {
   const wantsJsonl = hasFlag(flags, "jsonl");
   const wantsStrict = hasFlag(flags, "strict");
   if (flags.condense) {
-    const cwd = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+    const cwd = positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd();
     const result = await runCondenseCommand({ cwd });
     console.log(`VibeRaven context map refreshed: ${result.contextMapPath}`);
     return 0;
@@ -14926,6 +15783,18 @@ async function main() {
     console.log(JSON.stringify(result, null, 2));
     return result.status.startsWith("refused") || result.status === "failed" ? 1 : 0;
   }
+  if (!command && flags.verify === true && typeof flags.action === "string") {
+    return runVerifyActionCommand({
+      cwd: positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd(),
+      actionId: flags.action
+    });
+  }
+  if (command === "verify" && typeof flags.action === "string") {
+    return runVerifyActionCommand({
+      cwd: positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd(),
+      actionId: flags.action
+    });
+  }
   if (!command && (isAgentMode || flags.verify === true || wantsJson || wantsJsonl || wantsStrict)) {
     const guardedExitCode = await guardEarlyVerifyScan({ flags, positional, wantsStrict });
     if (guardedExitCode !== void 0) {
@@ -14937,7 +15806,7 @@ async function main() {
       console.error("VibeRaven could not produce machine output because scan artifacts were not written.");
       return 3;
     }
-    const gateResult = scanResult.artifacts && (wantsJson || wantsJsonl || wantsStrict) ? JSON.parse(await (0, import_promises19.readFile)(scanResult.artifacts.gateResultPath, "utf8")) : void 0;
+    const gateResult = scanResult.artifacts && (wantsJson || wantsJsonl || wantsStrict) ? JSON.parse(await (0, import_promises25.readFile)(scanResult.artifacts.gateResultPath, "utf8")) : void 0;
     const strictExitCode = wantsStrict && gateResult ? exitCodeForStrictGate(gateResult, { failOnWarnings: flags.strict === "warning" }) : scanResult.exitCode;
     if (wantsJson && gateResult) {
       process.stdout.write(renderGateResultJson(gateResult));
@@ -14969,16 +15838,27 @@ async function main() {
       return 0;
     case "status":
       return cmdStatus(flags, positional);
-    case "preview":
-      return runPreviewCommand({
-        cwd: positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd(),
-        agentMode: flags["agent-mode"] === true,
+    case "actions":
+      return runActionsCommand({
+        cwd: positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd(),
         json: Boolean(flags.json)
       });
+    case "console":
+      if (process.env.VIBERAVEN_EXPERIMENTAL_CONSOLE !== "1") {
+        console.error("The local VibeRaven Console is experimental and hidden from the public npm release.");
+        console.error("Use chat-native actions instead: viberaven actions");
+        console.error("To preview the experimental console, set VIBERAVEN_EXPERIMENTAL_CONSOLE=1.");
+        return 1;
+      }
+      return runConsoleCliCommand({
+        cwd: positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd(),
+        port: typeof flags.port === "string" ? Number.parseInt(flags.port, 10) : void 0,
+        open: flags.open === true
+      });
     case "next":
       return runNextCommand({
         json: Boolean(flags.json),
-        cwd: positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd()
+        cwd: positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd()
       });
     case "guide": {
       const provider2 = positional[0];
@@ -15016,7 +15896,7 @@ async function main() {
     case "provider-verify":
       return cmdProviderVerify(flags, positional);
     case "init": {
-      const cwd = positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd();
+      const cwd = positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd();
       const agents = typeof flags.agents === "string" ? flags.agents : void 0;
       return runInitCommand({
         cwd,
@@ -15030,7 +15910,7 @@ async function main() {
         return 1;
       }
       return runDoctorAgentsCommand({
-        cwd: positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd()
+        cwd: positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd()
       });
     case "validate-npm-package":
       return runValidateNpmPackageCommand({
@@ -15043,7 +15923,7 @@ async function main() {
         return 1;
       }
       return runAuditCommand({
-        cwd: positional[0] ? (0, import_node_path25.join)(process.cwd(), positional[0]) : process.cwd(),
+        cwd: positional[0] ? (0, import_node_path31.join)(process.cwd(), positional[0]) : process.cwd(),
         json: Boolean(flags.json)
       });
     default: