chainlesschain 0.162.148 → 0.162.150

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (322) hide show
  1. package/README.md +1 -1
  2. package/package.json +1 -1
  3. package/src/assets/web-panel/.build-hash +1 -1
  4. package/src/assets/web-panel/assets/{AIOps-DwpCCp64.js → AIOps-CBLvrjeG.js} +1 -1
  5. package/src/assets/web-panel/assets/{ActionButton-C9pBYocA.js → ActionButton-DYv2GtE0.js} +1 -1
  6. package/src/assets/web-panel/assets/{Analytics-BWAkeXxK.js → Analytics-CL6PZ-Ww.js} +3 -3
  7. package/src/assets/web-panel/assets/{AppLayout-CivFGH6B.js → AppLayout-xuyHt4uA.js} +3 -3
  8. package/src/assets/web-panel/assets/{Audit-Cm8hRpZm.js → Audit-DOvSVycq.js} +1 -1
  9. package/src/assets/web-panel/assets/{Backup-DXdFMsE8.js → Backup-DMhfTswr.js} +1 -1
  10. package/src/assets/web-panel/assets/{BaseInput-uAwSTeql.js → BaseInput-CQxDdm63.js} +1 -1
  11. package/src/assets/web-panel/assets/{Chat-KU8eeJJE.js → Chat-BEeNhK2a.js} +5 -5
  12. package/src/assets/web-panel/assets/ChatBubbleRenderer-8nul8eTq.js +1 -0
  13. package/src/assets/web-panel/assets/{Checkbox-C6AMDkjd.js → Checkbox-CL04O-ER.js} +1 -1
  14. package/src/assets/web-panel/assets/{Codegen-t2moDxcO.js → Codegen-C50o-n7x.js} +1 -1
  15. package/src/assets/web-panel/assets/{Col-DCcsRRhN.js → Col-CH-bDkzs.js} +1 -1
  16. package/src/assets/web-panel/assets/{Community-DtB-8SAC.js → Community-DqAIMvSe.js} +1 -1
  17. package/src/assets/web-panel/assets/{Compact-CZm8THYA.js → Compact-C43fo_my.js} +1 -1
  18. package/src/assets/web-panel/assets/{Compliance-LiQgC7g1.js → Compliance-BERnMrdP.js} +1 -1
  19. package/src/assets/web-panel/assets/{Cowork-CA8SAxht.js → Cowork-Baw3w1gp.js} +4 -4
  20. package/src/assets/web-panel/assets/{Cron-CtRaF1wD.js → Cron-BEqAHF1-.js} +2 -2
  21. package/src/assets/web-panel/assets/{Crosschain-6-br6Hub.js → Crosschain-CvnmKwK4.js} +1 -1
  22. package/src/assets/web-panel/assets/{DID-Do2EccrL.js → DID-iMPxgVdt.js} +2 -2
  23. package/src/assets/web-panel/assets/{Dashboard-wrXcbzGe.js → Dashboard--4SJX3YR.js} +2 -2
  24. package/src/assets/web-panel/assets/{Dropdown-p3FsT245.js → Dropdown-BgLV6xgz.js} +1 -1
  25. package/src/assets/web-panel/assets/{EmailListRenderer-D95A2L8q.js → EmailListRenderer-Bvb8oUD8.js} +1 -1
  26. package/src/assets/web-panel/assets/{FamilyGuardDashboard-cLuJW2zo.js → FamilyGuardDashboard-DpXPjJB5.js} +1 -1
  27. package/src/assets/web-panel/assets/{Federation-Brgq_cbN.js → Federation-BbFfJ1Xi.js} +1 -1
  28. package/src/assets/web-panel/assets/{FormItemContext-DWLCkNgh.js → FormItemContext-DeGq1B-q.js} +1 -1
  29. package/src/assets/web-panel/assets/{GenericCardRenderer-BBqUfQd6.js → GenericCardRenderer-CNW7s9zM.js} +1 -1
  30. package/src/assets/web-panel/assets/{Git-8F090w4I.js → Git-L1PjW-lT.js} +2 -2
  31. package/src/assets/web-panel/assets/{Governance-CCogEbxb.js → Governance-PK-X58to.js} +1 -1
  32. package/src/assets/web-panel/assets/{Inference-CfLD7v7C.js → Inference-BePWEH-d.js} +1 -1
  33. package/src/assets/web-panel/assets/{KnowledgeGraph-DDuHJewd.js → KnowledgeGraph-LF_sBvdL.js} +1 -1
  34. package/src/assets/web-panel/assets/{Logs-CE8KSEVC.js → Logs-BKkfk9hy.js} +2 -2
  35. package/src/assets/web-panel/assets/{Marketplace-DmwpZmhT.js → Marketplace-BNMqUDla.js} +1 -1
  36. package/src/assets/web-panel/assets/{McpTools-Bf7AazU8.js → McpTools-w4WPiyz2.js} +5 -5
  37. package/src/assets/web-panel/assets/{Memory-D0QU_00S.js → Memory-DUKMVGNi.js} +2 -2
  38. package/src/assets/web-panel/assets/{MobileBridge-yXS9xdhx.js → MobileBridge-BWhiEyTJ.js} +1 -1
  39. package/src/assets/web-panel/assets/{MobileProjects-BuDUoGUP.js → MobileProjects-Ocf5JEkX.js} +1 -1
  40. package/src/assets/web-panel/assets/{Mtc-BYyHy28p.js → Mtc-D2B6MMhU.js} +4 -4
  41. package/src/assets/web-panel/assets/{MtcAudit-CK0aqpiZ.js → MtcAudit-DdYjCq1O.js} +4 -4
  42. package/src/assets/web-panel/assets/{Multisig-mNimKYeb.js → Multisig-Cb1hfuUZ.js} +3 -3
  43. package/src/assets/web-panel/assets/{NLProgramming-AioAJ0YA.js → NLProgramming-CTeImGp7.js} +1 -1
  44. package/src/assets/web-panel/assets/{Notes-CVVNCLHE.js → Notes-BjYNc7eQ.js} +4 -4
  45. package/src/assets/web-panel/assets/{NotificationSettings-C4ABj-TK.js → NotificationSettings-Dn_NtRXQ.js} +1 -1
  46. package/src/assets/web-panel/assets/{OrderTableRenderer-DIp8Xcbd.js → OrderTableRenderer-DVYYIizh.js} +1 -1
  47. package/src/assets/web-panel/assets/{Organization-uozl_gWK.js → Organization-Be2Kmr5j.js} +4 -4
  48. package/src/assets/web-panel/assets/{Overflow-BCZOM2hK.js → Overflow-Cu_-qRlR.js} +1 -1
  49. package/src/assets/web-panel/assets/{P2P-CArcaiaj.js → P2P-DD2HoGzE.js} +2 -2
  50. package/src/assets/web-panel/assets/{PdhVaultBrowser-Sgq2Srr8.js → PdhVaultBrowser-BRI7DVth.js} +3 -3
  51. package/src/assets/web-panel/assets/{Permissions-BYrQrXnH.js → Permissions-C9Srcs2M.js} +4 -4
  52. package/src/assets/web-panel/assets/{PersonalDataHub-BzHStAbz.js → PersonalDataHub-CUqcMgo1.js} +3 -3
  53. package/src/assets/web-panel/assets/{Pipeline-k7KqxX1M.js → Pipeline-HBrQGLXt.js} +1 -1
  54. package/src/assets/web-panel/assets/{Privacy-IumTUWqx.js → Privacy-D-B0vjwh.js} +1 -1
  55. package/src/assets/web-panel/assets/{ProjectInit-BRyImYTf.js → ProjectInit-eTeLIu9e.js} +2 -2
  56. package/src/assets/web-panel/assets/{ProjectSettings-BFIqTBFk.js → ProjectSettings-DrRqCsC6.js} +2 -2
  57. package/src/assets/web-panel/assets/{Projects-Dpid9CDg.js → Projects-1G9DNOhI.js} +1 -1
  58. package/src/assets/web-panel/assets/{Providers-CyyFnUPs.js → Providers-RkTZzpxP.js} +1 -1
  59. package/src/assets/web-panel/assets/{QrScannerModal-C82cRx-X.js → QrScannerModal-BSCUgsgC.js} +1 -1
  60. package/src/assets/web-panel/assets/{QuickAsk-DGxDF521.js → QuickAsk-CHgyM3Bz.js} +1 -1
  61. package/src/assets/web-panel/assets/{Recommend-Cns-Am1y.js → Recommend-0lry4OZq.js} +1 -1
  62. package/src/assets/web-panel/assets/{RemoteSession-R7OqAIlg.js → RemoteSession-Cn45UroZ.js} +2 -2
  63. package/src/assets/web-panel/assets/{Reputation-D7mgPIYV.js → Reputation-Q-Zjb707.js} +1 -1
  64. package/src/assets/web-panel/assets/{Row-B3lEURyd.js → Row-BdM70oda.js} +1 -1
  65. package/src/assets/web-panel/assets/{RssFeed-9_UVrpBt.js → RssFeed-DmOAKKap.js} +2 -2
  66. package/src/assets/web-panel/assets/{Search-ClZeO80q.js → Search-Dwavbm07.js} +1 -1
  67. package/src/assets/web-panel/assets/{Security-BNNJczEp.js → Security-DukXFCnk.js} +3 -3
  68. package/src/assets/web-panel/assets/{Services-C5SjrWUj.js → Services-BIlRnITu.js} +2 -2
  69. package/src/assets/web-panel/assets/{Skeleton-Ci_obQ-g.js → Skeleton-YYVQdhhQ.js} +1 -1
  70. package/src/assets/web-panel/assets/{Skills-DdebN15P.js → Skills-B8_iYHz2.js} +1 -1
  71. package/src/assets/web-panel/assets/{Sla-OinZP2vi.js → Sla-BdVrhT31.js} +1 -1
  72. package/src/assets/web-panel/assets/{SpeechSettings-CxzbNF51.js → SpeechSettings-CD3ggRx7.js} +1 -1
  73. package/src/assets/web-panel/assets/{SyncSettings-D06N_66b.js → SyncSettings-Bp02VZFH.js} +2 -2
  74. package/src/assets/web-panel/assets/{Tasks-BdEdW0AZ.js → Tasks-DEVmCEsr.js} +1 -1
  75. package/src/assets/web-panel/assets/{Templates-F1ctKmPa.js → Templates-B6czWc4N.js} +1 -1
  76. package/src/assets/web-panel/assets/{Tenant-CVz1Urot.js → Tenant-BCJLv17r.js} +1 -1
  77. package/src/assets/web-panel/assets/Terminal-CD132d2Y.js +3 -0
  78. package/src/assets/web-panel/assets/{TimelineRenderer-Doitzjmf.js → TimelineRenderer-ZB-CvkZl.js} +1 -1
  79. package/src/assets/web-panel/assets/{Tokens-BpyVRpVA.js → Tokens-BnSY0S-s.js} +1 -1
  80. package/src/assets/web-panel/assets/{Trigger-nWhWYTbU.js → Trigger-VZw9Oy2w.js} +1 -1
  81. package/src/assets/web-panel/assets/{Trust-DK_G-wLx.js → Trust-pZq7Hjd2.js} +1 -1
  82. package/src/assets/web-panel/assets/{UkeySign-B5yBUojO.js → UkeySign-DnQaqk4q.js} +1 -1
  83. package/src/assets/web-panel/assets/{VideoEditing-C5D51qAe.js → VideoEditing-BEUfmvJV.js} +1 -1
  84. package/src/assets/web-panel/assets/{Wallet-CLbL9K7v.js → Wallet-CoZKMXJ2.js} +4 -4
  85. package/src/assets/web-panel/assets/{WebAuthn-DZUelI3V.js → WebAuthn-CBOGVx1I.js} +5 -5
  86. package/src/assets/web-panel/assets/{WorkflowEditor-8RPxt4KW.js → WorkflowEditor-huSKn7TT.js} +1 -1
  87. package/src/assets/web-panel/assets/{chat-4N4tOA3d.js → chat-A_3w6FBO.js} +1 -1
  88. package/src/assets/web-panel/assets/{colors-zbbGVrua.js → colors-D1Bem9Oy.js} +1 -1
  89. package/src/assets/web-panel/assets/{compact-item-D7iMkbnE.js → compact-item-CJYJj0oO.js} +1 -1
  90. package/src/assets/web-panel/assets/{createContext-CBzPJv-w.js → createContext-BkbFiKT4.js} +1 -1
  91. package/src/assets/web-panel/assets/devWarning-WDr3_M_N.js +1 -0
  92. package/src/assets/web-panel/assets/{hasIn-bHdrQSqZ.js → hasIn-CKvUafVY.js} +1 -1
  93. package/src/assets/web-panel/assets/{index-DbE5D0WL.js → index-AjrSPnvv.js} +1 -1
  94. package/src/assets/web-panel/assets/{index-BCr0geV9.js → index-B8i0lViZ.js} +1 -1
  95. package/src/assets/web-panel/assets/{index-CiG1IZao.js → index-B9Svn0zc.js} +1 -1
  96. package/src/assets/web-panel/assets/{index-B1s0Bz9O.js → index-BHdHSX06.js} +1 -1
  97. package/src/assets/web-panel/assets/{index-QFObYeo1.js → index-BHdailyo.js} +1 -1
  98. package/src/assets/web-panel/assets/{index-BnBOpqv3.js → index-BJwlEnYo.js} +1 -1
  99. package/src/assets/web-panel/assets/{index-CdmMoYN1.js → index-BOoAQjJz.js} +1 -1
  100. package/src/assets/web-panel/assets/{index-DUyjUkY7.js → index-BSgWxAOG.js} +1 -1
  101. package/src/assets/web-panel/assets/{index-CqdPyWm5.js → index-BdutMsne.js} +1 -1
  102. package/src/assets/web-panel/assets/{index-DmqlJed-.js → index-BiDWxzbn.js} +1 -1
  103. package/src/assets/web-panel/assets/{index-S74FpAIn.js → index-By5a0T_W.js} +1 -1
  104. package/src/assets/web-panel/assets/{index-kmh1TxRa.js → index-C-WIY-FQ.js} +1 -1
  105. package/src/assets/web-panel/assets/{index-BTIjjXry.js → index-C37f6iey.js} +1 -1
  106. package/src/assets/web-panel/assets/{index-BS4_Mwk6.js → index-C9bWmTcO.js} +1 -1
  107. package/src/assets/web-panel/assets/{index-BBNr77E1.js → index-CBaosWRO.js} +1 -1
  108. package/src/assets/web-panel/assets/{index-QNAG4JtR.js → index-CBlBVJ_m.js} +1 -1
  109. package/src/assets/web-panel/assets/{index-Bqmx24kh.js → index-CD62EEGo.js} +1 -1
  110. package/src/assets/web-panel/assets/{index-CQfu1U78.js → index-CUj-l7GM.js} +1 -1
  111. package/src/assets/web-panel/assets/{index-BJ4ZGyW0.js → index-CVS8Ymuq.js} +1 -1
  112. package/src/assets/web-panel/assets/{index-Ci009ijp.js → index-ChkXUj3f.js} +1 -1
  113. package/src/assets/web-panel/assets/{index-oDKNgCsP.js → index-Cj0OZ-37.js} +1 -1
  114. package/src/assets/web-panel/assets/{index-BZb8F8YG.js → index-Co3OFL0t.js} +1 -1
  115. package/src/assets/web-panel/assets/{index-308gCGh7.js → index-Crp8CbRg.js} +1 -1
  116. package/src/assets/web-panel/assets/{index-CPxkoKgA.js → index-D22zNXiS.js} +1 -1
  117. package/src/assets/web-panel/assets/{index-xYCm6W2h.js → index-DTs_D1OL.js} +1 -1
  118. package/src/assets/web-panel/assets/{index-BtbbdLnf.js → index-DfgCdFrN.js} +3 -3
  119. package/src/assets/web-panel/assets/{index-BsKehmmS.js → index-DjYrecNb.js} +1 -1
  120. package/src/assets/web-panel/assets/{index-CkxK86vf.js → index-DpW9cf3e.js} +1 -1
  121. package/src/assets/web-panel/assets/index-Dwix3p4g.js +1 -0
  122. package/src/assets/web-panel/assets/{index-CvRMA9uT.js → index-F--HuPG1.js} +1 -1
  123. package/src/assets/web-panel/assets/{index-DE9j5YgT.js → index-Fuk6t_3K.js} +1 -1
  124. package/src/assets/web-panel/assets/{index-B7b1hGry.js → index-JEAGMii9.js} +1 -1
  125. package/src/assets/web-panel/assets/{index-D1YDh7Wr.js → index-PF-mpv8K.js} +1 -1
  126. package/src/assets/web-panel/assets/index-SHaoZ0CA.js +1 -0
  127. package/src/assets/web-panel/assets/{index-CQ6NcfWz.js → index-b-sbVdjQ.js} +1 -1
  128. package/src/assets/web-panel/assets/{index-DyoNgbXl.js → index-pyvMVX8r.js} +1 -1
  129. package/src/assets/web-panel/assets/{index-DISWAYce.js → index-qNTtOVi_.js} +1 -1
  130. package/src/assets/web-panel/assets/{index-D4XKpj6c.js → index-tgO8iza6.js} +1 -1
  131. package/src/assets/web-panel/assets/{index-CahryTX0.js → index-ttDQVhZy.js} +1 -1
  132. package/src/assets/web-panel/assets/{initDefaultProps-BD55yNBt.js → initDefaultProps-DtrnfsZH.js} +1 -1
  133. package/src/assets/web-panel/assets/{motion-B5Bbe77U.js → motion-D4zqSaX3.js} +1 -1
  134. package/src/assets/web-panel/assets/{move-CTvIqHEH.js → move-CGFGOUQj.js} +1 -1
  135. package/src/assets/web-panel/assets/{mtc-parser-BkNyPQKB.js → mtc-parser-DH2HvkJl.js} +1 -1
  136. package/src/assets/web-panel/assets/{omit-BaXJXgHA.js → omit-jJ2at5HX.js} +1 -1
  137. package/src/assets/web-panel/assets/{pickAttrs-Bw6-YTxH.js → pickAttrs-CRyMT1Fv.js} +1 -1
  138. package/src/assets/web-panel/assets/{placementArrow-BLdbkLqJ.js → placementArrow-DZ_CX0Pt.js} +1 -1
  139. package/src/assets/web-panel/assets/{responsiveObserve-IVYkzntU.js → responsiveObserve-wruHk-h5.js} +1 -1
  140. package/src/assets/web-panel/assets/{slide-DFMFwwtY.js → slide-BGgx8q67.js} +1 -1
  141. package/src/assets/web-panel/assets/{statusUtils-CURYRtZ1.js → statusUtils-Do5M7gKm.js} +1 -1
  142. package/src/assets/web-panel/assets/{styleChecker-Cfz63s1r.js → styleChecker-CRa-GZpX.js} +1 -1
  143. package/src/assets/web-panel/assets/{useFlexGapSupport-COJL0KE3.js → useFlexGapSupport-BxPcq6pj.js} +1 -1
  144. package/src/assets/web-panel/assets/{useFs-YLLojQQf.js → useFs-v5O2ZcJm.js} +1 -1
  145. package/src/assets/web-panel/assets/{usePersonalDataHub-BF_21qUC.js → usePersonalDataHub--z2FU0Px.js} +1 -1
  146. package/src/assets/web-panel/assets/{vnode-9ZpkA7bb.js → vnode-1emidVKd.js} +1 -1
  147. package/src/assets/web-panel/assets/{zoom-DhtAfhl8.js → zoom-CcJaRyHs.js} +1 -1
  148. package/src/assets/web-panel/index.html +1 -1
  149. package/src/assets/web-panel/remote-session-sw.js +43 -0
  150. package/src/command-manifest.json +22 -1
  151. package/src/commands/a2a.js +19 -4
  152. package/src/commands/activitypub.js +20 -3
  153. package/src/commands/agent.js +71 -10
  154. package/src/commands/audit.js +40 -24
  155. package/src/commands/codeintel.js +320 -0
  156. package/src/commands/collab.js +15 -2
  157. package/src/commands/compliance.js +5 -0
  158. package/src/commands/config.js +4 -1
  159. package/src/commands/dao.js +86 -14
  160. package/src/commands/dev.js +2 -0
  161. package/src/commands/did.js +7 -1
  162. package/src/commands/dlp.js +23 -1
  163. package/src/commands/economy.js +29 -3
  164. package/src/commands/eval.js +255 -0
  165. package/src/commands/evomap.js +26 -0
  166. package/src/commands/governance.js +17 -3
  167. package/src/commands/hardening.js +18 -0
  168. package/src/commands/incentive.js +5 -0
  169. package/src/commands/init.js +46 -2
  170. package/src/commands/kg.js +4 -0
  171. package/src/commands/loop.js +6 -1
  172. package/src/commands/lowcode.js +15 -2
  173. package/src/commands/marketplace.js +40 -6
  174. package/src/commands/matrix.js +20 -1
  175. package/src/commands/memory.js +4 -1
  176. package/src/commands/mtc.js +7 -1
  177. package/src/commands/nostr.js +31 -4
  178. package/src/commands/note.js +7 -4
  179. package/src/commands/plugin.js +474 -0
  180. package/src/commands/pqc.js +5 -0
  181. package/src/commands/reputation.js +10 -1
  182. package/src/commands/scim.js +6 -0
  183. package/src/commands/session.js +32 -10
  184. package/src/commands/siem.js +11 -0
  185. package/src/commands/sla.js +18 -3
  186. package/src/commands/social.js +38 -5
  187. package/src/commands/sso.js +10 -2
  188. package/src/commands/stress.js +23 -4
  189. package/src/commands/team.js +463 -0
  190. package/src/commands/tech.js +2 -0
  191. package/src/commands/tenant.js +10 -1
  192. package/src/commands/terraform.js +6 -0
  193. package/src/commands/update.js +1 -1
  194. package/src/commands/zkp.js +20 -0
  195. package/src/gateways/ws/message-dispatcher.js +48 -2
  196. package/src/gateways/ws/remote-session-protocol.js +140 -42
  197. package/src/gateways/ws/ws-server.js +1 -1
  198. package/src/harness/jsonl-session-store.js +12 -5
  199. package/src/harness/plugin-manager.js +16 -4
  200. package/src/harness/prompt-compressor.js +27 -1
  201. package/src/harness/remote-command-ledger.js +189 -0
  202. package/src/harness/remote-session-push-apns.js +246 -0
  203. package/src/harness/remote-session-push-errors.js +15 -0
  204. package/src/harness/remote-session-push-fcm.js +9 -25
  205. package/src/harness/remote-session-push-huawei.js +174 -0
  206. package/src/harness/remote-session-push-oppo.js +171 -0
  207. package/src/harness/remote-session-push-senders.js +42 -0
  208. package/src/harness/remote-session-push-vivo.js +179 -0
  209. package/src/harness/remote-session-push-web.js +299 -0
  210. package/src/harness/remote-session-push-xiaomi.js +99 -0
  211. package/src/harness/worktree-isolator.js +16 -6
  212. package/src/index.js +6 -0
  213. package/src/lib/__tests__/logger.test.js +5 -2
  214. package/src/lib/a2a-protocol.js +25 -1
  215. package/src/lib/activitypub-bridge.js +61 -0
  216. package/src/lib/agent-core.js +4 -0
  217. package/src/lib/agent-economy.js +262 -29
  218. package/src/lib/agent-network.js +7 -1
  219. package/src/lib/agent-sandbox.js +161 -5
  220. package/src/lib/agent-team/task-lease.js +434 -0
  221. package/src/lib/agent-team/team-budget.js +165 -0
  222. package/src/lib/agent-team/team-mailbox.js +106 -0
  223. package/src/lib/agent-team/team-runner.js +282 -0
  224. package/src/lib/agent-team/team-worktree.js +236 -0
  225. package/src/lib/agents.js +18 -0
  226. package/src/lib/async-hook-supervisor.cjs +391 -0
  227. package/src/lib/audit-logger.js +7 -6
  228. package/src/lib/autonomous-developer.js +60 -0
  229. package/src/lib/chat-core.js +17 -4
  230. package/src/lib/collaboration-governance.js +56 -0
  231. package/src/lib/community-governance.js +68 -0
  232. package/src/lib/compliance-manager.js +63 -0
  233. package/src/lib/cross-chain.js +5 -0
  234. package/src/lib/dao-governance.js +151 -2
  235. package/src/lib/did-manager.js +23 -10
  236. package/src/lib/dlp-engine.js +70 -0
  237. package/src/lib/eval/runner.js +251 -0
  238. package/src/lib/eval/tasks.js +626 -0
  239. package/src/lib/eval/trend.js +200 -0
  240. package/src/lib/evolution-system.js +92 -0
  241. package/src/lib/evomap-federation.js +55 -0
  242. package/src/lib/evomap-governance.js +94 -0
  243. package/src/lib/fatal-handler.js +17 -1
  244. package/src/lib/hardening-manager.js +73 -0
  245. package/src/lib/hierarchical-memory.js +14 -8
  246. package/src/lib/knowledge-exporter.js +8 -2
  247. package/src/lib/knowledge-graph.js +79 -0
  248. package/src/lib/llm-providers.js +23 -14
  249. package/src/lib/logger.js +4 -1
  250. package/src/lib/lsp/__tests__/benchmark.test.js +88 -0
  251. package/src/lib/lsp/__tests__/code-intelligence.integration.test.js +129 -0
  252. package/src/lib/lsp/__tests__/code-intelligence.test.js +228 -0
  253. package/src/lib/lsp/__tests__/jsonrpc-stream.test.js +104 -0
  254. package/src/lib/lsp/__tests__/lsp-client.test.js +269 -0
  255. package/src/lib/lsp/__tests__/lsp-manager.test.js +333 -0
  256. package/src/lib/lsp/__tests__/lsp-server-registry.test.js +128 -0
  257. package/src/lib/lsp/benchmark.js +257 -0
  258. package/src/lib/lsp/code-intelligence.js +356 -0
  259. package/src/lib/lsp/jsonrpc-stream.js +139 -0
  260. package/src/lib/lsp/lsp-client.js +339 -0
  261. package/src/lib/lsp/lsp-manager.js +375 -0
  262. package/src/lib/lsp/lsp-server-registry.js +196 -0
  263. package/src/lib/matrix-bridge.js +84 -0
  264. package/src/lib/memory-manager.js +5 -3
  265. package/src/lib/nostr-bridge.js +53 -0
  266. package/src/lib/permission-engine.js +22 -4
  267. package/src/lib/plugin-monitor-supervisor.js +238 -0
  268. package/src/lib/plugin-runtime/__tests__/remote-source.test.js +256 -0
  269. package/src/lib/plugin-runtime/agents.js +51 -0
  270. package/src/lib/plugin-runtime/bin.js +100 -0
  271. package/src/lib/plugin-runtime/hooks.js +100 -0
  272. package/src/lib/plugin-runtime/install.js +396 -0
  273. package/src/lib/plugin-runtime/lsp.js +75 -0
  274. package/src/lib/plugin-runtime/manifest.js +458 -0
  275. package/src/lib/plugin-runtime/mcp.js +89 -0
  276. package/src/lib/plugin-runtime/monitors.js +100 -0
  277. package/src/lib/plugin-runtime/policy.js +152 -0
  278. package/src/lib/plugin-runtime/reload.js +79 -0
  279. package/src/lib/plugin-runtime/remote-source.js +240 -0
  280. package/src/lib/plugin-runtime/scopes.js +197 -0
  281. package/src/lib/plugin-runtime/settings.js +119 -0
  282. package/src/lib/plugin-runtime/signature.js +107 -0
  283. package/src/lib/plugin-runtime/skills.js +43 -0
  284. package/src/lib/plugin-runtime/trust.js +140 -0
  285. package/src/lib/pqc-manager.js +64 -0
  286. package/src/lib/reputation-optimizer.js +101 -0
  287. package/src/lib/sandbox-egress-proxy.js +262 -0
  288. package/src/lib/sandbox-fs-policy.js +112 -0
  289. package/src/lib/sandbox-network-policy.js +151 -0
  290. package/src/lib/sandbox-v2.js +24 -18
  291. package/src/lib/scim-manager.js +36 -0
  292. package/src/lib/session-manager.js +5 -2
  293. package/src/lib/settings-hook-events.cjs +78 -6
  294. package/src/lib/settings-hooks.cjs +30 -3
  295. package/src/lib/settings-loader.cjs +35 -1
  296. package/src/lib/siem-exporter.js +45 -0
  297. package/src/lib/skill-loader.js +38 -2
  298. package/src/lib/skill-marketplace.js +83 -0
  299. package/src/lib/sla-manager.js +88 -0
  300. package/src/lib/social-manager.js +74 -0
  301. package/src/lib/stress-tester.js +65 -0
  302. package/src/lib/tech-learning-engine.js +75 -0
  303. package/src/lib/telemetry/span-recorder.js +237 -0
  304. package/src/lib/tenant-saas.js +107 -0
  305. package/src/lib/terraform-manager.js +67 -0
  306. package/src/lib/token-incentive.js +180 -29
  307. package/src/lib/wallet-manager.js +81 -35
  308. package/src/lib/zkp-engine.js +87 -0
  309. package/src/repl/agent-repl.js +417 -6
  310. package/src/runtime/__tests__/auto-pin.test.js +104 -0
  311. package/src/runtime/agent-core.js +771 -104
  312. package/src/runtime/auto-pin.js +117 -0
  313. package/src/runtime/coding-agent-contract-shared.cjs +82 -8
  314. package/src/runtime/coding-agent-policy.cjs +32 -7
  315. package/src/runtime/fallback-model.js +134 -7
  316. package/src/runtime/headless-runner.js +388 -108
  317. package/src/runtime/mcp-config.js +46 -0
  318. package/src/assets/web-panel/assets/ChatBubbleRenderer-DCNfbdlx.js +0 -1
  319. package/src/assets/web-panel/assets/Terminal-BvAK_Zel.js +0 -3
  320. package/src/assets/web-panel/assets/devWarning-C2Z5LRgq.js +0 -1
  321. package/src/assets/web-panel/assets/index-BGp6Yr-Y.js +0 -1
  322. package/src/assets/web-panel/assets/index-BXiw9dQf.js +0 -1
@@ -495,6 +495,480 @@ export function registerPluginCommand(program) {
495
495
  process.exit(1);
496
496
  }
497
497
  });
498
+
499
+ // plugin validate — parse a plugin's unified manifest and report every
500
+ // component it contributes (skills/agents/hooks/mcp/lsp/monitors/bin/settings),
501
+ // plus path-traversal / schema problems. Optional signature/hash verification
502
+ // reuses the real crypto in plugin-security. No DB, no install — pure inspection.
503
+ plugin
504
+ .command("validate <dir>")
505
+ .description("Validate a plugin manifest and list its components")
506
+ .option("--sha256 <hex>", "Expected SHA-256 of the manifest file")
507
+ .option("--signature <path>", "Detached Ed25519 signature of the manifest")
508
+ .option("--public-key <path>", "Public key for signature verification")
509
+ .option("--json", "Output as JSON")
510
+ .action(async (dir, options) => {
511
+ const { parsePluginManifest, summarizeComponents } =
512
+ await import("../lib/plugin-runtime/manifest.js");
513
+ const manifest = parsePluginManifest(dir);
514
+
515
+ // Optional integrity/signature check on the manifest file itself.
516
+ // verifyPluginManifest THROWS on any mismatch/failure and returns a
517
+ // details object on success — so a caught error means verification failed.
518
+ let verification = null;
519
+ if (manifest.manifestPath && (options.sha256 || options.signature)) {
520
+ try {
521
+ const v = verifyPluginManifest({
522
+ manifestFile: manifest.manifestPath,
523
+ expectedSha256: options.sha256,
524
+ signatureFile: options.signature,
525
+ publicKeyFile: options.publicKey,
526
+ });
527
+ verification = {
528
+ ok: true,
529
+ sha256: v?.sha256 || null,
530
+ signatureVerified: v?.signatureVerified === true,
531
+ };
532
+ } catch (err) {
533
+ verification = { ok: false, reason: err.message };
534
+ manifest.ok = false;
535
+ manifest.errors.push(`manifest verification failed: ${err.message}`);
536
+ }
537
+ }
538
+
539
+ const counts = summarizeComponents(manifest);
540
+
541
+ if (options.json) {
542
+ console.log(
543
+ JSON.stringify(
544
+ { ...manifest, componentCounts: counts, verification },
545
+ null,
546
+ 2,
547
+ ),
548
+ );
549
+ if (!manifest.ok) process.exitCode = 1;
550
+ return;
551
+ }
552
+
553
+ const m = manifest.metadata || {};
554
+ logger.log(
555
+ chalk.bold(`Plugin: `) +
556
+ `${chalk.cyan(m.name || "(no name)")} ${chalk.gray("v" + (m.version || "?"))}`,
557
+ );
558
+ if (m.description) logger.log(chalk.gray(" " + m.description));
559
+ logger.log(
560
+ chalk.gray(` manifest: ${manifest.manifestPath || "(none)"}`),
561
+ );
562
+ logger.log(chalk.bold("\nComponents:"));
563
+ for (const [kind, n] of Object.entries(counts)) {
564
+ const mark = n > 0 ? chalk.green(String(n)) : chalk.gray("0");
565
+ logger.log(` ${kind.padEnd(10)} ${mark}`);
566
+ }
567
+ if (verification) {
568
+ logger.log(
569
+ chalk.bold("\nVerification: ") +
570
+ (verification.ok ? chalk.green("passed") : chalk.red("FAILED")),
571
+ );
572
+ }
573
+ for (const w of manifest.warnings) logger.log(chalk.yellow(` ⚠ ${w}`));
574
+ for (const e of manifest.errors) logger.log(chalk.red(` ✖ ${e}`));
575
+ if (manifest.ok) {
576
+ logger.success("\nManifest is valid.");
577
+ } else {
578
+ logger.error("\nManifest is INVALID.");
579
+ process.exitCode = 1;
580
+ }
581
+ });
582
+
583
+ // ── unified plugin runtime install lifecycle (Phase 3) ──
584
+ // These operate on the scope version dirs (user/project/local), independent
585
+ // of the legacy DB-backed `install/list/remove` above. A plugin installed
586
+ // here has its skills/hooks/lsp components picked up by the agent.
587
+
588
+ const SCOPES = "user|project|local";
589
+
590
+ // plugin add <source> — install from a local dir, git URL, owner/repo, or a
591
+ // remote registry/manifest URL (with --name to pick from a multi-plugin index)
592
+ plugin
593
+ .command("add <source>")
594
+ .description(
595
+ `Install a plugin from a local dir, git URL, owner/repo[#ref], or registry URL (scope: ${SCOPES})`,
596
+ )
597
+ .option("--scope <scope>", "Install scope (user|project|local)", "user")
598
+ .option("--force", "Reinstall over an existing immutable version")
599
+ .option("--sha256 <hex>", "Expected SHA-256 of the manifest file")
600
+ .option("--signature <path>", "Detached Ed25519 signature of the manifest")
601
+ .option("--public-key <path>", "Public key for signature verification")
602
+ .option(
603
+ "--registry <url>",
604
+ "Resolve <source> as a plugin NAME in this registry URL",
605
+ )
606
+ .option(
607
+ "--name <plugin>",
608
+ "Plugin name to select from a multi-plugin registry",
609
+ )
610
+ .option("--token <token>", "Bearer token for a private registry")
611
+ .option("--json", "Output as JSON")
612
+ .action(async (source, options) => {
613
+ const { installFromSource } =
614
+ await import("../lib/plugin-runtime/install.js");
615
+
616
+ // Remote resolution: a registry/manifest URL (or --registry <url> with a
617
+ // plugin name) resolves to a git source the installer already handles.
618
+ let installSource = source;
619
+ let integritySha = null;
620
+ const { isRemoteSource, resolveRemoteSource } =
621
+ await import("../lib/plugin-runtime/remote-source.js");
622
+ if (options.registry || isRemoteSource(source)) {
623
+ const url = options.registry || source;
624
+ // With --registry the positional arg is the plugin NAME; otherwise the
625
+ // URL is positional and --name selects.
626
+ const name = options.registry ? source : options.name;
627
+ let config = null;
628
+ try {
629
+ ({ loadConfig: config } = await import("../lib/config-manager.js"));
630
+ config = config();
631
+ } catch {
632
+ config = null; // config is optional — token can come from --token/env
633
+ }
634
+ try {
635
+ const resolved = await resolveRemoteSource(url, {
636
+ name,
637
+ token: options.token,
638
+ config,
639
+ });
640
+ installSource = resolved.source;
641
+ integritySha = resolved.sha256;
642
+ if (resolved.fromCache) {
643
+ logger.warn(
644
+ chalk.yellow(
645
+ " ⚠ registry unreachable — using cached copy (offline)",
646
+ ),
647
+ );
648
+ }
649
+ } catch (err) {
650
+ logger.error(`Registry resolution failed: ${err.message}`);
651
+ process.exitCode = 1;
652
+ return;
653
+ }
654
+ }
655
+
656
+ const signature =
657
+ options.sha256 || options.signature || options.publicKey || integritySha
658
+ ? {
659
+ sha256: options.sha256 || integritySha,
660
+ signatureFile: options.signature,
661
+ publicKeyFile: options.publicKey,
662
+ requireSignature: Boolean(options.signature),
663
+ }
664
+ : null;
665
+ try {
666
+ const res = installFromSource(installSource, {
667
+ scope: options.scope,
668
+ cwd: process.cwd(),
669
+ force: options.force === true,
670
+ signature,
671
+ });
672
+ if (options.json) {
673
+ console.log(JSON.stringify(res, null, 2));
674
+ } else {
675
+ logger.success(
676
+ `Installed ${res.name} v${res.version} (${res.scope} scope)` +
677
+ (res.signatureVerified ? chalk.green(" ✔ signed") : ""),
678
+ );
679
+ logger.log(chalk.gray(` → ${res.dir}`));
680
+ for (const w of res.warnings || [])
681
+ logger.log(chalk.yellow(` ⚠ ${w}`));
682
+ }
683
+ } catch (err) {
684
+ logger.error(`Install failed: ${err.message}`);
685
+ process.exitCode = 1;
686
+ }
687
+ });
688
+
689
+ // plugin browse — browse the plugins offered by a remote registry (discovery)
690
+ plugin
691
+ .command("browse [query]")
692
+ .description(
693
+ "List plugins in a remote registry (--registry <url>); filter by [query]",
694
+ )
695
+ .requiredOption("--registry <url>", "Registry/manifest URL to browse")
696
+ .option("--token <token>", "Bearer token for a private registry")
697
+ .option("--json", "Output as JSON")
698
+ .action(async (query, options) => {
699
+ const { fetchRegistry, listRegistryPlugins, resolveRegistryToken } =
700
+ await import("../lib/plugin-runtime/remote-source.js");
701
+ let config = null;
702
+ try {
703
+ const cm = await import("../lib/config-manager.js");
704
+ config = cm.loadConfig();
705
+ } catch {
706
+ config = null;
707
+ }
708
+ try {
709
+ const token = resolveRegistryToken(options.registry, {
710
+ token: options.token,
711
+ config,
712
+ });
713
+ const { registry, fromCache } = await fetchRegistry(options.registry, {
714
+ token,
715
+ });
716
+ let rows = listRegistryPlugins(registry);
717
+ if (query) {
718
+ const q = query.toLowerCase();
719
+ rows = rows.filter(
720
+ (r) =>
721
+ r.name.toLowerCase().includes(q) ||
722
+ (r.description || "").toLowerCase().includes(q),
723
+ );
724
+ }
725
+ if (options.json) {
726
+ console.log(JSON.stringify({ fromCache, plugins: rows }, null, 2));
727
+ return;
728
+ }
729
+ if (fromCache) {
730
+ logger.warn(
731
+ chalk.yellow(
732
+ " ⚠ registry unreachable — showing cached copy (offline)",
733
+ ),
734
+ );
735
+ }
736
+ if (rows.length === 0) {
737
+ logger.info("No matching plugins in this registry.");
738
+ return;
739
+ }
740
+ logger.log(chalk.bold(`Plugins (${rows.length}):`));
741
+ for (const r of rows) {
742
+ const ver = r.version ? chalk.gray(` v${r.version}`) : "";
743
+ logger.log(
744
+ ` ${chalk.cyan(r.name)}${ver} ${chalk.gray(r.description || r.source)}`,
745
+ );
746
+ }
747
+ logger.log(
748
+ chalk.gray(
749
+ `\nInstall with: cc plugin add <name> --registry ${options.registry}`,
750
+ ),
751
+ );
752
+ } catch (err) {
753
+ logger.error(`Registry search failed: ${err.message}`);
754
+ process.exitCode = 1;
755
+ }
756
+ });
757
+
758
+ // plugin installed — list runtime-installed plugins across scopes
759
+ plugin
760
+ .command("installed")
761
+ .description("List plugins installed in the unified runtime (scope dirs)")
762
+ .option("--json", "Output as JSON")
763
+ .action(async (options) => {
764
+ const { listInstalled } =
765
+ await import("../lib/plugin-runtime/install.js");
766
+ const rows = listInstalled({ cwd: process.cwd() });
767
+ if (options.json) {
768
+ console.log(JSON.stringify(rows, null, 2));
769
+ return;
770
+ }
771
+ if (rows.length === 0) {
772
+ logger.info("No plugins installed. Add one with: cc plugin add <dir>");
773
+ return;
774
+ }
775
+ const { isPluginTrusted } =
776
+ await import("../lib/plugin-runtime/trust.js");
777
+ logger.log(chalk.bold(`Installed plugins (${rows.length}):`));
778
+ for (const r of rows) {
779
+ const ok = r.ok ? chalk.green("✔") : chalk.red("✖");
780
+ const trust = isPluginTrusted(r)
781
+ ? chalk.green("trusted")
782
+ : chalk.yellow("untrusted");
783
+ logger.log(
784
+ ` ${ok} ${chalk.cyan(r.name)} v${r.version} ${chalk.gray(`[${r.scope}]`)} ${trust}`,
785
+ );
786
+ }
787
+ });
788
+
789
+ // plugin trust <name> — allow a plugin's code-bearing components to run
790
+ plugin
791
+ .command("trust <name>")
792
+ .description("Trust a plugin so its hooks / LSP servers may run")
793
+ .option("--scope <scope>", "Scope of the plugin", "project")
794
+ .option("--list", "List all trusted plugins instead")
795
+ .action(async (name, options) => {
796
+ const { trustPlugin, listTrust } =
797
+ await import("../lib/plugin-runtime/trust.js");
798
+ const { getActiveVersion } =
799
+ await import("../lib/plugin-runtime/install.js");
800
+ if (options.list) {
801
+ for (const t of listTrust()) {
802
+ logger.log(` ${chalk.cyan(t.name)} v${t.version} [${t.scope}]`);
803
+ }
804
+ return;
805
+ }
806
+ const version = getActiveVersion(name, {
807
+ scope: options.scope,
808
+ cwd: process.cwd(),
809
+ });
810
+ if (!version) {
811
+ logger.error(`${name} is not installed at ${options.scope} scope`);
812
+ process.exitCode = 1;
813
+ return;
814
+ }
815
+ trustPlugin(name, { scope: options.scope, version });
816
+ logger.success(`Trusted ${name} v${version} (${options.scope} scope)`);
817
+ });
818
+
819
+ // plugin untrust <name> — revoke trust
820
+ plugin
821
+ .command("untrust <name>")
822
+ .description(
823
+ "Revoke trust for a plugin (its hooks / LSP servers stop running)",
824
+ )
825
+ .option("--scope <scope>", "Scope of the plugin", "project")
826
+ .action(async (name, options) => {
827
+ const { untrustPlugin } = await import("../lib/plugin-runtime/trust.js");
828
+ const res = untrustPlugin(name, { scope: options.scope });
829
+ if (res.removed) {
830
+ logger.success(`Revoked trust for ${name} (${options.scope} scope)`);
831
+ } else {
832
+ logger.info(`${name} was not trusted at ${options.scope} scope`);
833
+ }
834
+ });
835
+
836
+ // plugin monitors — list (and optionally run) trusted plugins' background
837
+ // monitors. `--run --seconds N` actually starts the supervisor for N seconds,
838
+ // prints captured output, then reaps everything (verifies no leaked process).
839
+ plugin
840
+ .command("monitors")
841
+ .description("List installed plugins' background monitors (trusted only)")
842
+ .option("--json", "Output as JSON")
843
+ .option("--run", "Actually run the monitors for a few seconds, then reap")
844
+ .option("--seconds <n>", "With --run: how long to run", "3")
845
+ .action(async (options) => {
846
+ const { collectPluginMonitors } =
847
+ await import("../lib/plugin-runtime/monitors.js");
848
+ const monitors = collectPluginMonitors({ cwd: process.cwd() });
849
+ if (options.json && !options.run) {
850
+ console.log(JSON.stringify(monitors, null, 2));
851
+ return;
852
+ }
853
+ if (monitors.length === 0) {
854
+ logger.info(
855
+ "No monitors from trusted plugins. (Untrusted project plugins are skipped — `cc plugin trust <name>`.)",
856
+ );
857
+ return;
858
+ }
859
+ logger.log(chalk.bold(`Plugin monitors (${monitors.length}):`));
860
+ for (const m of monitors) {
861
+ const cadence =
862
+ m.mode === "interval"
863
+ ? `every ${m.intervalMs || 60000}ms`
864
+ : "long-running";
865
+ logger.log(
866
+ ` ${chalk.cyan(m.id)} ${chalk.gray(`[${m.scope}]`)} ${m.command} ${m.args.join(" ")} ${chalk.gray(`(${cadence})`)}`,
867
+ );
868
+ }
869
+ if (!options.run) return;
870
+
871
+ const { PluginMonitorSupervisor } =
872
+ await import("../lib/plugin-monitor-supervisor.js");
873
+ const secs = Math.max(1, parseInt(options.seconds, 10) || 3);
874
+ const sup = new PluginMonitorSupervisor();
875
+ const started = sup.start(monitors);
876
+ logger.log(
877
+ chalk.gray(`\nRunning ${started.length} monitor(s) for ${secs}s…`),
878
+ );
879
+ await new Promise((r) => setTimeout(r, secs * 1000));
880
+ const out = sup.drainOutputs();
881
+ sup.stopAll();
882
+ logger.log(chalk.bold(`Captured ${out.length} output line(s):`));
883
+ for (const rec of out.slice(0, 50)) {
884
+ logger.log(
885
+ ` ${chalk.gray(`[${rec.monitor}/${rec.stream}]`)} ${rec.line}`,
886
+ );
887
+ }
888
+ logger.success("Monitors reaped — no process left running.");
889
+ });
890
+
891
+ // plugin uninstall <name> — remove a plugin (or one version) from a scope
892
+ plugin
893
+ .command("uninstall <name>")
894
+ .description(`Uninstall a runtime plugin from a scope (${SCOPES})`)
895
+ .option("--scope <scope>", "Scope to remove from", "user")
896
+ .option("--version <version>", "Remove only this version (default: all)")
897
+ .action(async (name, options) => {
898
+ const { uninstall } = await import("../lib/plugin-runtime/install.js");
899
+ try {
900
+ const res = uninstall(name, {
901
+ scope: options.scope,
902
+ cwd: process.cwd(),
903
+ version: options.version,
904
+ });
905
+ logger.success(
906
+ `Uninstalled ${name} (${res.removed.join(", ") || "nothing"}) from ${options.scope} scope`,
907
+ );
908
+ } catch (err) {
909
+ logger.error(`Uninstall failed: ${err.message}`);
910
+ process.exitCode = 1;
911
+ }
912
+ });
913
+
914
+ // plugin upgrade <source> — re-fetch a source and install its newer version
915
+ plugin
916
+ .command("upgrade <source>")
917
+ .description(
918
+ "Update a runtime plugin from its source (local dir or git); repoints .active",
919
+ )
920
+ .option("--scope <scope>", `Scope to update in (${SCOPES})`, "user")
921
+ .option("--force", "Reinstall even if the version is unchanged")
922
+ .action(async (source, options) => {
923
+ const { updatePlugin } = await import("../lib/plugin-runtime/install.js");
924
+ try {
925
+ const res = updatePlugin(source, {
926
+ scope: options.scope,
927
+ cwd: process.cwd(),
928
+ force: options.force,
929
+ });
930
+ if (res.updated) {
931
+ logger.success(
932
+ `Updated ${res.name}: ${res.previousVersion ? `v${res.previousVersion} → ` : ""}v${res.version} (${options.scope} scope)`,
933
+ );
934
+ } else if (res.reinstalled) {
935
+ logger.success(
936
+ `Reinstalled ${res.name} v${res.version} (${options.scope} scope)`,
937
+ );
938
+ } else {
939
+ logger.info(
940
+ `${res.name} is already up to date at v${res.version} (use --force to reinstall)`,
941
+ );
942
+ }
943
+ } catch (err) {
944
+ logger.error(`Upgrade failed: ${err.message}`);
945
+ process.exitCode = 1;
946
+ }
947
+ });
948
+
949
+ // plugin use <name> <version> — pin the active version (rollback / switch)
950
+ plugin
951
+ .command("use <name> <version>")
952
+ .description("Pin a plugin's active version (rollback or switch)")
953
+ .option("--scope <scope>", "Scope", "user")
954
+ .action(async (name, version, options) => {
955
+ const { setActiveVersion } =
956
+ await import("../lib/plugin-runtime/install.js");
957
+ try {
958
+ setActiveVersion(name, version, {
959
+ scope: options.scope,
960
+ cwd: process.cwd(),
961
+ });
962
+ logger.success(
963
+ `${name} active version → v${version} (${options.scope} scope)`,
964
+ );
965
+ } catch (err) {
966
+ logger.error(`Failed: ${err.message}`);
967
+ process.exitCode = 1;
968
+ }
969
+ });
970
+
971
+ return plugin;
498
972
  }
499
973
 
500
974
  // === Iter26 V2 governance overlay ===
@@ -8,6 +8,7 @@ import { logger } from "../lib/logger.js";
8
8
  import { bootstrap, shutdown } from "../runtime/bootstrap.js";
9
9
  import {
10
10
  ensurePQCTables,
11
+ loadFromDb,
11
12
  listKeys,
12
13
  generateKey,
13
14
  getMigrationStatus,
@@ -64,6 +65,7 @@ export function registerPqcCommand(program) {
64
65
  }
65
66
  const db = ctx.db.getDatabase();
66
67
  ensurePQCTables(db);
68
+ loadFromDb(db);
67
69
 
68
70
  const keys = listKeys({ algorithm: options.algorithm });
69
71
  if (options.json) {
@@ -103,6 +105,7 @@ export function registerPqcCommand(program) {
103
105
  }
104
106
  const db = ctx.db.getDatabase();
105
107
  ensurePQCTables(db);
108
+ loadFromDb(db);
106
109
 
107
110
  const key = generateKey(db, algorithm, options.purpose);
108
111
  logger.success("PQC key generated");
@@ -136,6 +139,7 @@ export function registerPqcCommand(program) {
136
139
  }
137
140
  const db = ctx.db.getDatabase();
138
141
  ensurePQCTables(db);
142
+ loadFromDb(db);
139
143
 
140
144
  const plans = getMigrationStatus();
141
145
  if (options.json) {
@@ -204,6 +208,7 @@ export function registerPqcCommand(program) {
204
208
  }
205
209
  const db = ctx.db.getDatabase();
206
210
  ensurePQCTables(db);
211
+ loadFromDb(db);
207
212
 
208
213
  const plan = migrate(db, planName, options.source, targetAlgorithm);
209
214
  logger.success("Migration completed");
@@ -9,6 +9,7 @@ import { logger } from "../lib/logger.js";
9
9
  import { bootstrap, shutdown } from "../runtime/bootstrap.js";
10
10
  import {
11
11
  ensureReputationTables,
12
+ loadFromDb as loadReputationFromDb,
12
13
  addObservation,
13
14
  computeScore,
14
15
  listScores,
@@ -44,6 +45,10 @@ function _dbFromCtx(ctx) {
44
45
  }
45
46
  const db = ctx.db.getDatabase();
46
47
  ensureReputationTables(db);
48
+ // Rehydrate the observation/run/analytics Maps from the reputation_* tables —
49
+ // without this every read is Map-only-empty in the fresh CLI process (scores
50
+ // read back 0, `status <runId>` throws "Optimization run not found").
51
+ loadReputationFromDb(db);
47
52
  return db;
48
53
  }
49
54
 
@@ -165,7 +170,11 @@ export function registerReputationCommand(program) {
165
170
  "Detection method (z_score|iqr)",
166
171
  "z_score",
167
172
  )
168
- .option("-t, --threshold <n>", "Detection threshold", floatArg("--threshold"))
173
+ .option(
174
+ "-t, --threshold <n>",
175
+ "Detection threshold",
176
+ floatArg("--threshold"),
177
+ )
169
178
  .option(
170
179
  "-d, --decay <model>",
171
180
  "Decay model applied before detection",
@@ -9,6 +9,7 @@ import { parseJsonOption } from "../lib/parse-json-option.js";
9
9
  import { bootstrap, shutdown } from "../runtime/bootstrap.js";
10
10
  import {
11
11
  ensureSCIMTables,
12
+ loadFromDb as loadScimFromDb,
12
13
  listUsers,
13
14
  createUser,
14
15
  getUser,
@@ -73,6 +74,7 @@ export function registerScimCommand(program) {
73
74
  }
74
75
  const db = ctx.db.getDatabase();
75
76
  ensureSCIMTables(db);
77
+ loadScimFromDb(db);
76
78
 
77
79
  const result = listUsers();
78
80
  if (options.json) {
@@ -108,6 +110,7 @@ export function registerScimCommand(program) {
108
110
  }
109
111
  const db = ctx.db.getDatabase();
110
112
  ensureSCIMTables(db);
113
+ loadScimFromDb(db);
111
114
 
112
115
  const user = createUser(db, username, options.name, options.email);
113
116
  logger.success("User created");
@@ -134,6 +137,7 @@ export function registerScimCommand(program) {
134
137
  }
135
138
  const db = ctx.db.getDatabase();
136
139
  ensureSCIMTables(db);
140
+ loadScimFromDb(db);
137
141
 
138
142
  const user = getUser(userId);
139
143
  if (!user) {
@@ -168,6 +172,7 @@ export function registerScimCommand(program) {
168
172
  }
169
173
  const db = ctx.db.getDatabase();
170
174
  ensureSCIMTables(db);
175
+ loadScimFromDb(db);
171
176
 
172
177
  deleteUser(db, userId);
173
178
  logger.success(`User ${chalk.cyan(userId.slice(0, 8))} deleted`);
@@ -216,6 +221,7 @@ export function registerScimCommand(program) {
216
221
  }
217
222
  const db = ctx.db.getDatabase();
218
223
  ensureSCIMTables(db);
224
+ loadScimFromDb(db);
219
225
 
220
226
  const result = syncProvision(db, connectorId);
221
227
  logger.success(`Sync completed via ${chalk.cyan(result.connector)}`);
@@ -61,6 +61,36 @@ import {
61
61
  readWorkflowSession,
62
62
  } from "../lib/workflow-state-reader.js";
63
63
 
64
+ // DB sessions store `updated_at` as SQLite datetime('now') → "YYYY-MM-DD
65
+ // HH:MM:SS" (UTC, space at index 10); JSONL sessions store toISOString() →
66
+ // "YYYY-MM-DDTHH:MM:SS.sssZ" (UTC, 'T' at index 10). Both are UTC, so normalize
67
+ // the space form to ISO-UTC and compare as epochs — a raw string compare
68
+ // resolves at index 10 ('T' 0x54 > ' ' 0x20) and would rank every JSONL session
69
+ // as newer than any same-date DB session regardless of the actual time.
70
+ function _sessionEpoch(ts) {
71
+ if (typeof ts !== "string" || !ts) return 0;
72
+ const iso =
73
+ ts.includes(" ") && !ts.includes("T") ? ts.replace(" ", "T") + "Z" : ts;
74
+ const n = Date.parse(iso);
75
+ return Number.isFinite(n) ? n : 0;
76
+ }
77
+
78
+ export function rankSessions(sessions, limit) {
79
+ // Dedup by id, preferring the JSONL copy when a session exists in both stores
80
+ // (the original "JSONL takes precedence" intent, previously achieved only as
81
+ // a side effect of the buggy lexicographic sort). Then rank by real time.
82
+ const byId = new Map();
83
+ for (const s of sessions) {
84
+ const prev = byId.get(s.id);
85
+ if (!prev || (s._store === "jsonl" && prev._store !== "jsonl")) {
86
+ byId.set(s.id, s);
87
+ }
88
+ }
89
+ return [...byId.values()]
90
+ .sort((a, b) => _sessionEpoch(b.updated_at) - _sessionEpoch(a.updated_at))
91
+ .slice(0, limit);
92
+ }
93
+
64
94
  export function registerSessionCommand(program) {
65
95
  const session = program
66
96
  .command("session")
@@ -98,16 +128,8 @@ export function registerSessionCommand(program) {
98
128
  );
99
129
  }
100
130
 
101
- // Deduplicate by id (JSONL takes precedence), sort by updated_at
102
- const seen = new Set();
103
- sessions = sessions
104
- .sort((a, b) => (b.updated_at > a.updated_at ? 1 : -1))
105
- .filter((s) => {
106
- if (seen.has(s.id)) return false;
107
- seen.add(s.id);
108
- return true;
109
- })
110
- .slice(0, limit);
131
+ // Deduplicate by id (JSONL takes precedence) and rank by real time.
132
+ sessions = rankSessions(sessions, limit);
111
133
 
112
134
  if (options.json) {
113
135
  console.log(JSON.stringify(sessions, null, 2));