aiden-runtime 4.8.1 → 4.9.1

package/dist/cli/v4/commands/daemonStatus.js

@@ -22,44 +22,63 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.daemonStatus = void 0;
+exports.daemonStatus = exports.DAEMON_SHELL_ONLY = void 0;
+exports.dispatchDaemonSlash = dispatchDaemonSlash;
 const node_fs_1 = __importDefault(require("node:fs"));
 const node_os_1 = __importDefault(require("node:os"));
 const node_path_1 = __importDefault(require("node:path"));
-const daemon_1 = require("../../../core/v4/daemon");
+const daemon_1 = require("./daemon");
+const daemon_2 = require("../../../core/v4/daemon");
 const paths_1 = require("../../../core/v4/paths");
+/**
+ * v4.9.1 amendment — `/daemon` defaults to `doctor` and routes
+ * `doctor` / `logs` to the existing `runDaemonSubcommand`. The pure-
+ * REPL `/daemon status` (in-process snapshot) stays inline. Lifecycle
+ * ops shell-hint — they need terminal control we can't grant inside chat.
+ */
+exports.DAEMON_SHELL_ONLY = new Set(['install', 'uninstall', 'start', 'stop', 'restart']);
+async function dispatchDaemonSlash(opts) {
+    const a = (opts.action || 'doctor').toLowerCase();
+    if (exports.DAEMON_SHELL_ONLY.has(a)) {
+        opts.write(`⚠ /daemon ${a} not available inside chat (requires terminal control)\n`);
+        opts.write('  Quit (/quit) and run from shell:\n\n');
+        const tail = opts.args.length > 0 ? ' ' + opts.args.join(' ') : '';
+        opts.write(`    aiden daemon ${a}${tail}\n`);
+        return;
+    }
+    if (a === 'status' && opts.paintStatus) {
+        try {
+            opts.paintStatus();
+        }
+        catch (e) {
+            opts.warn(`/daemon status: failed to read state (${e instanceof Error ? e.message : String(e)})`);
+        }
+        return;
+    }
+    await opts.runDaemon(a, opts.args, { writeOut: opts.write, writeErr: opts.write });
+}
 exports.daemonStatus = {
     name: 'daemon',
-    description: 'Show v4.5 daemon status (read-only). Use `aiden daemon` for lifecycle.',
+    description: 'Daemon diagnostics (doctor / status / logs).',
     category: 'system',
     icon: '⚙',
     handler: async (ctx) => {
-        const sub = (ctx.args[0] ?? 'status').toLowerCase();
-        if (sub !== 'status') {
-            ctx.display.printError('Usage: /daemon status\n' +
-                'For lifecycle commands (install / start / stop / restart / logs), use the top-level CLI:\n' +
-                '  aiden daemon install\n' +
-                '  aiden daemon start\n' +
-                '  aiden daemon stop\n' +
-                '  aiden daemon status\n' +
-                '  aiden daemon logs');
-            return {};
-        }
-        try {
-            const snapshot = readSnapshot();
-            printSnapshot(snapshot, ctx);
-        }
-        catch (e) {
-            ctx.display.warn(`/daemon status: failed to read state (${e instanceof Error ? e.message : String(e)})`);
-        }
+        await dispatchDaemonSlash({
+            action: ctx.args[0] ?? 'doctor',
+            args: ctx.args.slice(1),
+            write: (s) => ctx.display.write(s),
+            warn: (s) => ctx.display.warn(s),
+            runDaemon: daemon_1.runDaemonSubcommand,
+            paintStatus: () => printSnapshot(readSnapshot(), ctx),
+        });
         return {};
     },
 };
 // ── Snapshot collector ─────────────────────────────────────────────────────
 function readSnapshot() {
     const aidenRoot = (0, paths_1.resolveAidenRoot)();
-    const dbPath = (0, daemon_1.daemonDbPath)(aidenRoot);
-    const lockPath = (0, daemon_1.daemonRuntimeLockPath)(aidenRoot);
+    const dbPath = (0, daemon_2.daemonDbPath)(aidenRoot);
+    const lockPath = (0, daemon_2.daemonRuntimeLockPath)(aidenRoot);
     // ── Liveness via the in-process bootstrap handle first, then fall
     // back to the runtime.lock PID check (covers the case where the
     // daemon is another process and we're a REPL inspecting its db).
@@ -67,11 +86,11 @@ function readSnapshot() {
     let instanceId = null;
     let port = null;
     let uptimeMs = null;
-    const handle = (0, daemon_1.getDaemonHandle)();
+    const handle = (0, daemon_2.getDaemonHandle)();
     if (handle?.active && handle.instanceId) {
         running = true;
         instanceId = handle.instanceId;
-        port = (0, daemon_1.getDaemonConfig)().port;
+        port = (0, daemon_2.getDaemonConfig)().port;
         if (handle.instanceTracker) {
             // instanceTracker has a `getStartedAt` if exposed; otherwise
             // derive from daemon_instances row below.
@@ -105,7 +124,7 @@ function readSnapshot() {
             dailyBudget: null,
         };
     }
-    const db = (0, daemon_1.openDaemonDb)(dbPath);
+    const db = (0, daemon_2.openDaemonDb)(dbPath);
     // Uptime from the instance row when we have an instanceId.
     if (running && instanceId) {
         try {

package/dist/cli/v4/commands/help.js

@@ -31,6 +31,8 @@ exports.SUBSECTION_MAP = {
     providers: 'Configuration',
     personality: 'Configuration',
     skin: 'Configuration',
+    // v4.9.0 Slice 1a — unified theme system (parallel to /skin).
+    theme: 'Configuration',
     streaming: 'Configuration',
     reasoning: 'Configuration',
     verbose: 'Configuration',
@@ -74,6 +76,9 @@ exports.SUBSECTION_MAP = {
     recovery: 'System',
     // v4.6 ONB1 slice 10 — new-user guided tour.
     walkthrough: 'System',
+    // v4.9.1 amendment — REPL surfaces for memory + hooks (daemon already mapped).
+    memory: 'System',
+    hooks: 'System',
     // ── Authentication ──
     auth: 'Authentication',
     // ── Help ──

package/dist/cli/v4/commands/hooks.js

@@ -0,0 +1,466 @@
+"use strict";
+/**
+ * Copyright (c) 2026 Shiva Deore (Taracod).
+ * Licensed under AGPL-3.0. See LICENSE for details.
+ *
+ * Aiden — local-first agent.
+ */
+/**
+ * cli/v4/commands/hooks.ts — v4.9.0 Slice 12b.
+ *
+ *   aiden hooks                          alias for `list`
+ *   aiden hooks list [--json]
+ *   aiden hooks show <hook_id>
+ *   aiden hooks trust <hook_id>  [--yes] (risk warning + y/N prompt unless --yes)
+ *   aiden hooks revoke <hook_id> [--yes]
+ *   aiden hooks rescan
+ *   aiden hooks test <hook_id>   [--event <name>] [--payload <json>]
+ *   aiden hooks doctor           [--json] [--fix]
+ *   aiden hooks audit            [--hook id] [--event n] [--since iso]
+ *                                [--status s] [--limit n] [--json]
+ *
+ * Doctor's `--fix` is intentionally conservative: it creates the hooks
+ * directory and runs a rescan, but NEVER auto-trusts anything (trust
+ * remains an explicit, deliberate user action).
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runHooksSubcommand = runHooksSubcommand;
+const node_fs_1 = require("node:fs");
+const node_path_1 = __importDefault(require("node:path"));
+const node_readline_1 = __importDefault(require("node:readline"));
+const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
+const paths_1 = require("../../../core/v4/paths");
+const daemonConfig_1 = require("../../../core/v4/daemon/daemonConfig");
+const migrations_1 = require("../../../core/v4/daemon/db/migrations");
+const registry_1 = require("../../../core/v4/hooks/registry");
+const trust_1 = require("../../../core/v4/hooks/trust");
+const dispatcher_1 = require("../../../core/v4/hooks/dispatcher");
+const auditQuery_1 = require("../../../core/v4/hooks/auditQuery");
+const projectRoot_1 = require("../../../core/v4/memory/projectRoot");
+const noopOut = (s) => { process.stdout.write(s); };
+const noopErr = (s) => { process.stderr.write(s); };
+async function runHooksSubcommand(action, args, opts = {}) {
+    const out = opts.writeOut ?? noopOut;
+    const err = opts.writeErr ?? noopErr;
+    const json = args.includes('--json');
+    const yes = args.includes('--yes');
+    const positional = args.filter((a) => !a.startsWith('--'));
+    const paths = (0, paths_1.resolveAidenPaths)(opts.rootDir ? { rootOverride: opts.rootDir } : {});
+    let db;
+    try {
+        const dbp = opts.dbPath ?? (0, daemonConfig_1.daemonDbPath)(paths.root);
+        await node_fs_1.promises.mkdir(node_path_1.default.dirname(dbp), { recursive: true });
+        db = new better_sqlite3_1.default(dbp);
+        db.pragma('foreign_keys = ON');
+        (0, migrations_1.runMigrations)(db);
+    }
+    catch (e) {
+        err(`hooks: cannot open daemon db: ${e instanceof Error ? e.message : String(e)}\n`);
+        return 1;
+    }
+    const ctx = {
+        out, err, db, paths, json, yes, positional, args,
+        promptYesNo: opts.promptYesNo ?? defaultPromptYesNo,
+    };
+    const effective = action || 'list';
+    try {
+        switch (effective) {
+            case 'list': return await cmdList(ctx);
+            case 'show': return await cmdShow(ctx);
+            case 'trust': return await cmdTrust(ctx);
+            case 'revoke': return await cmdRevoke(ctx);
+            case 'rescan': return await cmdRescan(ctx);
+            case 'test': return await cmdTest(ctx);
+            case 'doctor': return await cmdDoctor(ctx);
+            case 'audit': return await cmdAudit(ctx);
+            case '--help':
+            case 'help': return cmdHelp(out);
+            default: {
+                err(`Unknown hooks action: ${effective}\n`);
+                const { closestAction } = await Promise.resolve().then(() => __importStar(require('../util/closestAction')));
+                const m = closestAction(effective, ['list', 'show', 'trust', 'revoke', 'rescan', 'test', 'doctor', 'audit']);
+                if (m)
+                    err(`Did you mean: ${m}?\n\n`);
+                cmdHelp(err);
+                return 2;
+            }
+        }
+    }
+    finally {
+        try {
+            db.close();
+        }
+        catch { /* noop */ }
+    }
+}
+function cmdHelp(w) {
+    w('Usage: aiden hooks <action> [args...] [--json] [--yes]\n\n' +
+        'Manage Aiden\'s manifest-driven hook subsystem.\n\n' +
+        'Actions:\n' +
+        '  list                                  All discovered hooks (default).\n' +
+        '  show <hook_id>                        Hook manifest + subscriptions + recent executions.\n' +
+        '  trust <hook_id> [--yes]               Mark trusted + enabled (confirmation required).\n' +
+        '  revoke <hook_id> [--yes]              Mark revoked + disabled (confirmation required).\n' +
+        '  rescan                                Walk hook dirs, surface new + drifted.\n' +
+        '  test <hook_id> [--event N] [--payload JSON]\n' +
+        '                                        Dry-run invocation (no counter mutation).\n' +
+        '  doctor [--json] [--fix]               Pre-flight diagnostics.\n' +
+        '  audit [--hook id] [--event N] [--status S] [--since ISO] [--limit N] [--json]\n' +
+        '                                        Recent hook_executions rows.\n');
+    return 0;
+}
+function defaultPromptYesNo(question) {
+    return new Promise((resolve) => {
+        const rl = node_readline_1.default.createInterface({ input: process.stdin, output: process.stderr });
+        rl.question(question, (ans) => {
+            rl.close();
+            resolve(ans.trim().toLowerCase() === 'y' || ans.trim().toLowerCase() === 'yes');
+        });
+    });
+}
+function flagValue(args, name) {
+    const i = args.indexOf(name);
+    if (i < 0 || i + 1 >= args.length)
+        return undefined;
+    return args[i + 1];
+}
+function hooksWithSubs(db) {
+    const hooks = db.prepare(`SELECT *, consecutive_failures FROM hooks ORDER BY name`).all();
+    return hooks.map((h) => ({
+        ...h,
+        subs: db.prepare(`SELECT * FROM hook_subscriptions WHERE hook_id = ? ORDER BY event, priority DESC`).all(h.hook_id),
+    }));
+}
+async function cmdList(ctx) {
+    const rows = hooksWithSubs(ctx.db);
+    if (ctx.json) {
+        ctx.out(JSON.stringify(rows, null, 2) + '\n');
+        return 0;
+    }
+    if (rows.length === 0) {
+        ctx.out('no hooks discovered (drop a HOOK.yaml under ~/.aiden/hooks/<name>/ then run `aiden hooks rescan`)\n');
+        return 0;
+    }
+    for (const h of rows) {
+        const stateLabel = `${h.trust_state}, ${h.enabled ? 'enabled' : 'disabled'}`;
+        ctx.out(`${h.hook_id}  ${h.name.padEnd(24)} ${stateLabel.padEnd(24)} ${h.source}  (${h.subs.length} subscription${h.subs.length === 1 ? '' : 's'})\n`);
+        for (const s of h.subs) {
+            ctx.out(`  ${s.event.padEnd(20)} authority=${s.authority.padEnd(18)} mode=${s.mode}\n`);
+        }
+    }
+    return 0;
+}
+async function cmdShow(ctx) {
+    const hookId = ctx.positional[0];
+    if (!hookId) {
+        ctx.err('show: missing <hook_id>\n');
+        return 2;
+    }
+    const h = ctx.db.prepare(`SELECT *, consecutive_failures FROM hooks WHERE hook_id = ?`).get(hookId);
+    if (!h) {
+        ctx.err(`show: hook not found: ${hookId}\n`);
+        return 1;
+    }
+    const subs = ctx.db.prepare(`SELECT * FROM hook_subscriptions WHERE hook_id = ? ORDER BY event, priority DESC`)
+        .all(hookId);
+    const grants = ctx.db.prepare(`SELECT capability, scope_json FROM hook_capability_grants WHERE hook_id = ?`)
+        .all(hookId);
+    const recent = (0, auditQuery_1.queryHookExecutions)(ctx.db, { hookId, limit: 10 });
+    if (ctx.json) {
+        ctx.out(JSON.stringify({ hook: h, subscriptions: subs, capabilities: grants, recent }, null, 2) + '\n');
+        return 0;
+    }
+    ctx.out(`Hook: ${h.name}  (${h.hook_id})\n`);
+    ctx.out(`  state:    ${h.trust_state}, ${h.enabled ? 'enabled' : 'disabled'}\n`);
+    ctx.out(`  source:   ${h.source}\n`);
+    ctx.out(`  manifest: ${h.manifest_path}\n`);
+    ctx.out(`  hash:     ${h.code_hash.slice(0, 16)}...\n`);
+    ctx.out(`  consecutive failures: ${h.consecutive_failures}\n`);
+    ctx.out('Subscriptions:\n');
+    for (const s of subs) {
+        ctx.out(`  ${s.event}  authority=${s.authority} mode=${s.mode} priority=${s.priority}\n`);
+        ctx.out(`    timeout=${s.timeout_ms}ms  on_error=${s.on_error}  on_timeout=${s.on_timeout}\n`);
+        if (s.matcher_json)
+            ctx.out(`    matcher=${s.matcher_json}\n`);
+    }
+    if (grants.length > 0) {
+        ctx.out('Capabilities (declared, not enforced):\n');
+        for (const g of grants)
+            ctx.out(`  ${g.capability}  ${g.scope_json}\n`);
+    }
+    ctx.out(`Recent executions (last ${recent.length}):\n`);
+    for (const r of recent) {
+        ctx.out(`  ${r.started_at}  ${r.event.padEnd(20)} ${r.status.padEnd(8)} ${r.elapsed_ms}ms\n`);
+    }
+    return 0;
+}
+async function cmdTrust(ctx) {
+    const hookId = ctx.positional[0];
+    if (!hookId) {
+        ctx.err('trust: missing <hook_id>\n');
+        return 2;
+    }
+    const h = ctx.db.prepare(`SELECT * FROM hooks WHERE hook_id = ?`).get(hookId);
+    if (!h) {
+        ctx.err(`trust: hook not found: ${hookId}\n`);
+        return 1;
+    }
+    if (!ctx.yes) {
+        ctx.err(`Hook: ${h.name}  (${h.hook_id})\n  manifest: ${h.manifest_path}\n  current state: ${h.trust_state}\n`);
+        ctx.err('RISK WARNING: This hook can affect tool execution. Only trust hooks you\'ve reviewed.\n');
+        const ok = await ctx.promptYesNo('Trust this hook? [y/N] ');
+        if (!ok) {
+            if (ctx.json)
+                ctx.out(JSON.stringify({ ok: false, reason: 'declined' }) + '\n');
+            else
+                ctx.err('trust: declined\n');
+            return 1;
+        }
+    }
+    (0, trust_1.markTrusted)(ctx.db, hookId);
+    if (ctx.json)
+        ctx.out(JSON.stringify({ ok: true, hook_id: hookId, trust_state: 'trusted', enabled: 1 }) + '\n');
+    else
+        ctx.out(`trusted ${h.name}  (${hookId})\n`);
+    return 0;
+}
+async function cmdRevoke(ctx) {
+    const hookId = ctx.positional[0];
+    if (!hookId) {
+        ctx.err('revoke: missing <hook_id>\n');
+        return 2;
+    }
+    const h = ctx.db.prepare(`SELECT * FROM hooks WHERE hook_id = ?`).get(hookId);
+    if (!h) {
+        ctx.err(`revoke: hook not found: ${hookId}\n`);
+        return 1;
+    }
+    if (!ctx.yes) {
+        ctx.err(`Hook: ${h.name}  (${h.hook_id})  current state: ${h.trust_state}\n`);
+        const ok = await ctx.promptYesNo('Revoke this hook? [y/N] ');
+        if (!ok) {
+            if (ctx.json)
+                ctx.out(JSON.stringify({ ok: false, reason: 'declined' }) + '\n');
+            else
+                ctx.err('revoke: declined\n');
+            return 1;
+        }
+    }
+    (0, trust_1.markRevoked)(ctx.db, hookId);
+    if (ctx.json)
+        ctx.out(JSON.stringify({ ok: true, hook_id: hookId, trust_state: 'revoked', enabled: 0 }) + '\n');
+    else
+        ctx.out(`revoked ${h.name}  (${hookId})\n`);
+    return 0;
+}
+async function cmdRescan(ctx) {
+    const projectRoot = (0, projectRoot_1.findProjectRoot)(process.cwd());
+    const r = await (0, registry_1.scanAndLoadHooks)(ctx.db, { aidenRoot: ctx.paths.root, projectRoot });
+    if (ctx.json) {
+        ctx.out(JSON.stringify(r, null, 2) + '\n');
+        return 0;
+    }
+    ctx.out(`scanned: loaded=${r.loaded} errored=${r.errored} drifted=${r.drifted}\n`);
+    for (const e of r.errors)
+        ctx.out(`  ERR  ${e.path}: ${e.message}\n`);
+    return 0;
+}
+async function cmdTest(ctx) {
+    const hookId = ctx.positional[0];
+    if (!hookId) {
+        ctx.err('test: missing <hook_id>\n');
+        return 2;
+    }
+    const h = ctx.db.prepare(`SELECT * FROM hooks WHERE hook_id = ?`).get(hookId);
+    if (!h) {
+        ctx.err(`test: hook not found: ${hookId}\n`);
+        return 1;
+    }
+    // Temporarily ignore enabled/trust_state by flipping to trusted+enabled
+    // ONLY in-memory for the test dispatch? Cleaner: dispatch reads its
+    // own subs filter; we'll invoke against a synthetic event matching
+    // the hook's first subscription. The CLI is opinionated: pick the
+    // hook's first subscription as the test target.
+    const sub = ctx.db.prepare(`SELECT event FROM hook_subscriptions WHERE hook_id = ? ORDER BY priority DESC LIMIT 1`)
+        .get(hookId);
+    const event = flagValue(ctx.args, '--event') ?? sub?.event ?? 'tool.call.pre';
+    let payload = { tool_name: 'echo', synthetic: true };
+    const payloadRaw = flagValue(ctx.args, '--payload');
+    if (payloadRaw) {
+        try {
+            payload = JSON.parse(payloadRaw);
+        }
+        catch (e) {
+            ctx.err(`test: invalid --payload JSON: ${e instanceof Error ? e.message : String(e)}\n`);
+            return 2;
+        }
+    }
+    // To test even when untrusted/disabled, briefly flip state in-memory.
+    // We use a savepoint to ensure the flip is rolled back after.
+    const restoreState = h.trust_state;
+    const restoreEnabled = h.enabled;
+    ctx.db.prepare(`UPDATE hooks SET trust_state='trusted', enabled=1 WHERE hook_id=?`).run(hookId);
+    try {
+        const result = await (0, dispatcher_1.dispatchHook)(ctx.db, event, payload, { testMode: true, runId: 'test', traceId: 'test' });
+        const fired = result.fired.find((f) => f.hookId === hookId);
+        const exec = ctx.db.prepare(`SELECT * FROM hook_executions WHERE hook_id = ? ORDER BY started_at DESC LIMIT 1`).get(hookId);
+        if (ctx.json) {
+            ctx.out(JSON.stringify({ event, payload, dispatched: result, exec, fired }, null, 2) + '\n');
+        }
+        else {
+            ctx.out(`Test fired ${h.name} on ${event}:\n`);
+            ctx.out(`  status:    ${fired?.status ?? 'n/a'}\n`);
+            ctx.out(`  decision:  ${fired?.decision ?? 'n/a'}\n`);
+            ctx.out(`  elapsed:   ${fired?.elapsedMs ?? 0}ms\n`);
+            if (exec?.error_message)
+                ctx.out(`  error:     ${exec.error_message}\n`);
+            if (result.decision === 'block')
+                ctx.out(`  AGGREGATE: block (reason=${result.reason ?? 'n/a'})\n`);
+        }
+    }
+    finally {
+        ctx.db.prepare(`UPDATE hooks SET trust_state=?, enabled=? WHERE hook_id=?`).run(restoreState, restoreEnabled, hookId);
+    }
+    return 0;
+}
+async function cmdDoctor(ctx) {
+    const fix = ctx.args.includes('--fix');
+    const checks = [];
+    const hooksDir = node_path_1.default.join(ctx.paths.root, 'hooks');
+    // 1. hooks dir exists
+    let dirExists = false;
+    try {
+        await node_fs_1.promises.access(hooksDir);
+        dirExists = true;
+    }
+    catch { /* missing */ }
+    if (!dirExists && fix) {
+        await node_fs_1.promises.mkdir(hooksDir, { recursive: true });
+        dirExists = true;
+    }
+    checks.push({
+        name: 'hooks_dir_exists',
+        status: dirExists ? 'ok' : 'warn',
+        detail: dirExists ? hooksDir : `missing: ${hooksDir} (run with --fix to create)`,
+        fixable: !dirExists,
+    });
+    // 2. schema v12
+    const v = ctx.db.prepare(`SELECT version FROM schema_version`).get();
+    checks.push({
+        name: 'schema_v12_current',
+        status: v && v.version >= 12 ? 'ok' : 'error',
+        detail: `db schema version = ${v?.version ?? 0}, latest = ${migrations_1.LATEST_SCHEMA_VERSION}`,
+        fixable: false,
+    });
+    // 3. parseable hooks
+    const rows = (0, registry_1.listHooks)(ctx.db);
+    const drifted = rows.filter((r) => r.trust_state === 'drifted');
+    const untrusted = rows.filter((r) => r.trust_state === 'untrusted');
+    const trustedEnabled = rows.filter((r) => r.trust_state === 'trusted' && r.enabled === 1);
+    checks.push({
+        name: 'drift_count',
+        status: drifted.length === 0 ? 'ok' : 'warn',
+        detail: `${drifted.length} drifted hook(s) (re-trust to re-enable)`,
+        fixable: false,
+    });
+    checks.push({
+        name: 'untrusted_count',
+        status: untrusted.length === 0 ? 'ok' : 'warn',
+        detail: `${untrusted.length} untrusted hook(s) installed but not yet enabled`,
+        fixable: false,
+    });
+    checks.push({
+        name: 'trusted_enabled_count',
+        status: 'ok',
+        detail: `${trustedEnabled.length} trusted + enabled hook(s)`,
+        fixable: false,
+    });
+    // 4. auto-disabled last 24h — revoked + non-zero recent executions
+    const since = new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString();
+    const recentStatus = (0, auditQuery_1.countByStatus)(ctx.db, since);
+    const recentNonOk = (recentStatus.crash ?? 0) + (recentStatus.timeout ?? 0) + (recentStatus.malformed_output ?? 0);
+    const recentRevoked = ctx.db.prepare(`SELECT COUNT(*) AS n FROM hooks WHERE trust_state='revoked' AND updated_at >= ?`).get(since);
+    checks.push({
+        name: 'auto_disabled_24h',
+        status: recentRevoked.n === 0 ? 'ok' : 'warn',
+        detail: `${recentRevoked.n} hook(s) revoked in last 24h (${recentNonOk} non-ok executions)`,
+        fixable: false,
+    });
+    // 5. high-failure-rate hooks
+    const fr = (0, auditQuery_1.failureRates)(ctx.db, 100).filter((f) => f.failureRate > 0.1);
+    checks.push({
+        name: 'high_failure_rate',
+        status: fr.length === 0 ? 'ok' : 'warn',
+        detail: fr.length === 0 ? 'no hooks > 10% failure last 100 executions' : `${fr.length} hook(s) > 10% failure: ${fr.map((r) => r.hook_id).join(', ')}`,
+        fixable: false,
+    });
+    if (ctx.json) {
+        ctx.out(JSON.stringify({ checks, fix }, null, 2) + '\n');
+        return checks.some((c) => c.status === 'error') ? 1 : 0;
+    }
+    for (const c of checks) {
+        const icon = c.status === 'ok' ? '[ok]   ' : c.status === 'warn' ? '[warn] ' : '[ERR]  ';
+        ctx.out(`${icon}${c.name.padEnd(24)} ${c.detail}\n`);
+    }
+    return checks.some((c) => c.status === 'error') ? 1 : 0;
+}
+async function cmdAudit(ctx) {
+    const limitRaw = flagValue(ctx.args, '--limit');
+    const q = {
+        hookId: flagValue(ctx.args, '--hook'),
+        event: flagValue(ctx.args, '--event'),
+        status: flagValue(ctx.args, '--status'),
+        since: flagValue(ctx.args, '--since'),
+        limit: limitRaw ? Number.parseInt(limitRaw, 10) : 50,
+    };
+    const rows = (0, auditQuery_1.queryHookExecutions)(ctx.db, q);
+    if (ctx.json) {
+        ctx.out(JSON.stringify(rows, null, 2) + '\n');
+        return 0;
+    }
+    if (rows.length === 0) {
+        ctx.out('no executions match\n');
+        return 0;
+    }
+    ctx.out(`${'started_at'.padEnd(26)} ${'hook'.padEnd(18)} ${'event'.padEnd(20)} ${'status'.padEnd(10)} ${'decision'.padEnd(10)} elapsed\n`);
+    for (const r of rows) {
+        ctx.out(`${r.started_at.padEnd(26)} ${(r.hook_name ?? r.hook_id).slice(0, 18).padEnd(18)} ${r.event.padEnd(20)} ${r.status.padEnd(10)} ${(r.decision ?? '-').padEnd(10)} ${r.elapsed_ms}ms\n`);
+    }
+    return 0;
+}

package/dist/cli/v4/commands/hooksSlash.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hooks = exports.HOOKS_SHELL_ONLY = void 0;
+exports.dispatchHooksSlash = dispatchHooksSlash;
+const hooks_1 = require("./hooks");
+/** Actions that need an interactive confirmation prompt. */
+exports.HOOKS_SHELL_ONLY = new Set(['trust', 'revoke']);
+async function dispatchHooksSlash(opts) {
+    const a = (opts.action || 'list').toLowerCase();
+    if (exports.HOOKS_SHELL_ONLY.has(a)) {
+        opts.write(`⚠ /hooks ${a} not available inside chat (needs confirmation prompt)\n`);
+        opts.write('  Quit (/quit) and run from shell:\n\n');
+        const tail = opts.args.length > 0 ? ' ' + opts.args.join(' ') : '';
+        opts.write(`    aiden hooks ${a}${tail}\n`);
+        return;
+    }
+    await opts.runHooks(a, opts.args, { writeOut: opts.write, writeErr: opts.write });
+}
+exports.hooks = {
+    name: 'hooks',
+    description: 'Manage hooks (list / show / rescan / test / doctor / audit).',
+    category: 'system',
+    icon: '🪝',
+    handler: async (ctx) => {
+        await dispatchHooksSlash({
+            action: ctx.args[0] ?? 'list',
+            args: ctx.args.slice(1),
+            write: (s) => ctx.display.write(s),
+            runHooks: hooks_1.runHooksSubcommand,
+        });
+        return {};
+    },
+};

package/dist/cli/v4/commands/index.js

@@ -12,7 +12,7 @@
  * and registers each on the global CommandRegistry at boot.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.allCommands = exports.walkthrough = exports.recovery = exports.spawnPause = exports.plannerGuard = exports.suggestions = exports.daemonStatus = exports.browserDepth = exports.tce = exports.sandbox = exports.update = exports.reloadSoul = exports.history = exports.show = exports.status = exports.voice = exports.channel = exports.setup = exports.cron = exports.doctor = exports.license = exports.auth = exports.plugins = exports.streaming = exports.debugPrompt = exports.identity = exports.providers = exports.quit = exports.clear = exports.verbose = exports.reasoning = exports.reloadMcp = exports.skills = exports.skin = exports.yolo = exports.usage = exports.compress = exports.title = exports.save = exports.personality = exports.model = exports.tools = exports.help = void 0;
+exports.allCommands = exports.hooks = exports.memory = exports.walkthrough = exports.recovery = exports.spawnPause = exports.plannerGuard = exports.suggestions = exports.daemonStatus = exports.browserDepth = exports.tce = exports.sandbox = exports.update = exports.reloadSoul = exports.history = exports.show = exports.status = exports.voice = exports.channel = exports.setup = exports.cron = exports.doctor = exports.license = exports.auth = exports.plugins = exports.streaming = exports.debugPrompt = exports.identity = exports.providers = exports.quit = exports.clear = exports.verbose = exports.reasoning = exports.reloadMcp = exports.skills = exports.theme = exports.skin = exports.yolo = exports.usage = exports.compress = exports.title = exports.save = exports.personality = exports.model = exports.tools = exports.help = void 0;
 const help_1 = require("./help");
 Object.defineProperty(exports, "help", { enumerable: true, get: function () { return help_1.help; } });
 const tools_1 = require("./tools");
@@ -33,6 +33,9 @@ const yolo_1 = require("./yolo");
 Object.defineProperty(exports, "yolo", { enumerable: true, get: function () { return yolo_1.yolo; } });
 const skin_1 = require("./skin");
 Object.defineProperty(exports, "skin", { enumerable: true, get: function () { return skin_1.skin; } });
+// v4.9.0 Slice 1a — unified theme system.
+const theme_1 = require("./theme");
+Object.defineProperty(exports, "theme", { enumerable: true, get: function () { return theme_1.theme; } });
 const skills_1 = require("./skills");
 Object.defineProperty(exports, "skills", { enumerable: true, get: function () { return skills_1.skills; } });
 const reloadMcp_1 = require("./reloadMcp");
@@ -103,6 +106,11 @@ Object.defineProperty(exports, "recovery", { enumerable: true, get: function ()
 // ONB1 slice 10 — new-user guided tour.
 const walkthrough_1 = require("./walkthrough");
 Object.defineProperty(exports, "walkthrough", { enumerable: true, get: function () { return walkthrough_1.walkthrough; } });
+// v4.9.1 amendment — REPL slash surfaces for memory + hooks (mirrors CLI).
+const memorySlash_1 = require("./memorySlash");
+Object.defineProperty(exports, "memory", { enumerable: true, get: function () { return memorySlash_1.memory; } });
+const hooksSlash_1 = require("./hooksSlash");
+Object.defineProperty(exports, "hooks", { enumerable: true, get: function () { return hooksSlash_1.hooks; } });
 /** All built-in system commands, in canonical order. */
 exports.allCommands = [
     help_1.help,
@@ -119,6 +127,7 @@ exports.allCommands = [
     usage_1.usage,
     yolo_1.yolo,
     skin_1.skin,
+    theme_1.theme,
     skills_1.skills,
     plugins_1.plugins,
     auth_1.auth,
@@ -154,6 +163,9 @@ exports.allCommands = [
     recovery_1.recovery,
     // ONB1 slice 10 — new-user guided tour.
     walkthrough_1.walkthrough,
+    // v4.9.1 amendment — REPL slash surfaces mirroring CLI subcommands.
+    memorySlash_1.memory,
+    hooksSlash_1.hooks,
     clear_1.clear,
     quit_1.quit,
 ];