dashclaw 2.10.0 → 2.11.1

package/README.md

@@ -1,4 +1,4 @@
-# DashClaw SDK (v2.10.0)
+# DashClaw SDK (v2.11.1)
 
 **Minimal governance runtime for AI agents.**
 
@@ -70,16 +70,44 @@ claw.update_outcome(action_id, status="completed")
 
 ---
 
-## SDK Surface Area (v2.10.0)
+## SDK Tiers
 
-The v2 SDK exposes **67 methods** optimized for stability and zero-overhead governance:
+DashClaw currently exposes a canonical Node SDK surface plus a legacy compatibility layer:
+
+| | Node SDK | Python SDK |
+|---|---|---|
+| **Focus** | Canonical product surface for new work | Broader current surface |
+| **Methods** | Core runtime + execution surfaces | Broad platform surface |
+| **Core governance** | ✅ | ✅ |
+| **Scoring profiles** | ✅ | ✅ |
+| **Learning loop** | ✅ | ✅ |
+| **Framework integrations** | — | LangChain, CrewAI, AutoGen, Claude Managed Agents |
+| **Compliance engine** | — | ✅ |
+| **Execution graphs** | — | ✅ |
+| **Webhooks management** | — | ✅ |
+
+**Node** is designed for most agents — fast, minimal, covers the governance loop and common workflows. **Python** is the enterprise/power-user surface with compliance reporting, execution graph traversal, and framework-native integrations.
+
+**Policy:** new product work should target the main `dashclaw` client first. `dashclaw/legacy` exists for compatibility with older integrations and older method shapes.
+
+See:
+
+- [SDK Consolidation RFC](../docs/rfcs/2026-04-07-sdk-consolidation.md)
+- [SDK Migration Matrix](../docs/planning/2026-04-07-sdk-migration-matrix.md)
+- [SDK Parity Matrix](../docs/sdk-parity.md)
+
+---
+
+## SDK Surface Area (v2.11.1)
+
+The v2 SDK exposes the stable governance runtime plus promoted execution domains in the canonical Node client:
 
 ### Core Runtime
 - `guard(context)` -- Policy evaluation ("Can I do X?"). Returns `risk_score` (server-computed) and `agent_risk_score` (raw agent value)
 - `createAction(action)` -- Lifecycle tracking ("I am doing X")
 - `updateOutcome(id, outcome)` -- Result recording ("X finished with Y")
 - `recordAssumption(assumption)` -- Integrity tracking ("I believe Z while doing X")
-- `waitForApproval(id)` -- Polling helper for human-in-the-loop approvals
+- `waitForApproval(id)` -- Real-time SSE listener for human-in-the-loop approvals (automatic polling fallback)
 - `approveAction(id, decision, reasoning?)` -- Submit approval decisions from code
 - `getPendingApprovals()` -- List actions awaiting human review
 
@@ -89,7 +117,7 @@ The v2 SDK exposes **67 methods** optimized for stability and zero-overhead gove
 - `getSignals()` -- Get current risk signals across all agents.
 
 ### Swarm & Connectivity
-- `heartbeat(status, metadata)` -- Report agent presence and health.
+- `heartbeat(status, metadata)` -- Report agent presence and health. **As of DashClaw 2.13.0, heartbeats are implicit on `createAction()` — you only need this if you want to report presence without recording an action.**
 - `reportConnections(connections)` -- Report active provider connections.
 
 ### Learning & Optimization
@@ -360,6 +388,26 @@ dashclaw deny <actionId>        # deny a specific action
 
 When an agent calls `waitForApproval()`, it prints the action ID and replay link to stdout. Approve from any terminal or the dashboard, and the agent unblocks instantly.
 
+## MCP Server (Zero-Code Integration)
+
+If your agent supports MCP (Claude Code, Claude Desktop, Managed Agents), you can skip the SDK entirely:
+
+```json
+{
+  "mcpServers": {
+    "dashclaw": {
+      "command": "npx",
+      "args": ["@dashclaw/mcp-server"],
+      "env": { "DASHCLAW_URL": "...", "DASHCLAW_API_KEY": "oc_live_..." }
+    }
+  }
+}
+```
+
+The MCP server exposes the same governance surface as the SDK (guard, record, invoke, wait for approval) plus discovery (capabilities, policies) and session lifecycle.
+
+---
+
 ## Claude Code Hooks
 
 Govern Claude Code tool calls without any SDK instrumentation. Copy two files from the `hooks/` directory in the repo into your `.claude/hooks/` folder:
@@ -376,7 +424,9 @@ Then merge the hooks block from `hooks/settings.json` into your `.claude/setting
 
 ## Legacy SDK (v1)
 
-The v2 SDK covers the 45 methods most critical to agent governance. If you require the full platform surface (188+ methods including Calendar, Workflows, Routing, Pairing, etc.), the v1 SDK is available via the `dashclaw/legacy` sub-path in Node.js or via the full client in Python.
+`dashclaw/legacy` is a compatibility layer for older integrations. It is not the preferred target for new feature design.
+
+Use it only when you need methods that have not yet been promoted into the canonical SDK surface.
 
 ```javascript
 // v1 legacy import
@@ -385,6 +435,19 @@ import { DashClaw } from 'dashclaw/legacy';
 
 Methods moved to v1 only: `createWebhook`, `getActivityLogs`, `mapCompliance`, `getProofReport`.
 
+Legacy also exposes flat compatibility wrappers for the capability runtime routes:
+
+- `claw.listCapabilities(...)`
+- `claw.createCapability(...)`
+- `claw.getCapability(...)`
+- `claw.updateCapability(...)`
+- `claw.invokeCapability(...)`
+- `claw.testCapability(...)`
+- `claw.getCapabilityHealth(...)`
+- `claw.listCapabilityHealth(...)`
+
+Those wrappers exist to keep older integrations working. New product work should still target `claw.execution.capabilities.*` on the main SDK first.
+
 ---
 
 ## Execution Studio
@@ -427,6 +490,60 @@ await claw.duplicateWorkflowTemplate(templateId);
 // If the template links a model_strategy_id, the resolved config is snapshotted.
 const { launch } = await claw.launchWorkflowTemplate(templateId, { agent_id: 'deploy-bot' });
 console.log(launch.action_id); // act_... — view it in /decisions/<action_id>
+
+// List past runs for a template (HTTP only — no SDK wrapper yet)
+const runs = await fetch(`${baseUrl}/api/workflows/templates/${templateId}/runs?limit=10`, {
+  headers: { 'x-api-key': apiKey },
+}).then(r => r.json());
+
+// Get full run detail with step inputs/outputs
+const run = await fetch(`${baseUrl}/api/workflows/templates/${templateId}/runs/${runActionId}`, {
+  headers: { 'x-api-key': apiKey },
+}).then(r => r.json());
+// run.steps[].input / run.steps[].output contain full JSON (no truncation)
+
+// Resume a failed run from the last completed checkpoint
+const resumed = await fetch(`${baseUrl}/api/workflows/templates/${templateId}/runs/${runActionId}/resume`, {
+  method: 'POST',
+  headers: { 'x-api-key': apiKey, 'Content-Type': 'application/json' },
+  body: JSON.stringify({}),
+}).then(r => r.json());
+// resumed.action_id is the new run; reused steps have status='reused'
+
+// Cancel a running workflow
+await fetch(`${baseUrl}/api/workflows/templates/${templateId}/runs/${runActionId}/cancel`, {
+  method: 'POST',
+  headers: { 'x-api-key': apiKey },
+});
+```
+
+### Artifacts
+
+```javascript
+// List artifacts (optionally filter by action, step, agent, type)
+const { artifacts } = await fetch(`${baseUrl}/api/artifacts?action_id=${actionId}`, {
+  headers: { 'x-api-key': apiKey },
+}).then(r => r.json());
+
+// Create an artifact
+const { artifact } = await fetch(`${baseUrl}/api/artifacts`, {
+  method: 'POST',
+  headers: { 'x-api-key': apiKey, 'Content-Type': 'application/json' },
+  body: JSON.stringify({
+    artifact_type: 'json',
+    name: 'Analysis results',
+    content_json: { findings: ['...'] },
+    source_action_id: actionId,
+  }),
+}).then(r => r.json());
+
+// Generate an evidence bundle for a governed action
+const bundle = await fetch(`${baseUrl}/api/artifacts/evidence-bundle`, {
+  method: 'POST',
+  headers: { 'x-api-key': apiKey, 'Content-Type': 'application/json' },
+  body: JSON.stringify({ action_id: actionId }),
+}).then(r => r.json());
+// bundle.action + bundle.steps + bundle.artifacts
 ```
 
 ### Model Strategies
@@ -453,6 +570,15 @@ await claw.updateModelStrategy(strategyId, { config: { maxBudgetUsd: 1.0 } });
 
 // Delete (soft references on linked workflow_templates are nulled out)
 await claw.deleteModelStrategy(strategyId);
+
+// Execute a chat completion using the strategy (BYOK, fallback, budget enforcement)
+const result = await claw.completeWithStrategy(strategyId, [
+  { role: 'user', content: 'Summarize the deploy plan' }
+], { max_tokens: 512, temperature: 0.7, task_mode: 'reasoning' });
+console.log(result.content);    // LLM response text
+console.log(result.provider);   // e.g. 'openai'
+console.log(result.cost_usd);   // estimated cost
+console.log(result.fallback_used); // true if primary failed
 ```
 
 ### Knowledge Collections
@@ -477,16 +603,31 @@ await claw.addKnowledgeCollectionItem(collection.collection_id, {
 
 // List items
 const { items } = await claw.listKnowledgeCollectionItems(collection.collection_id);
+
+// Sync — ingest pending items (fetch, chunk, embed via BYOK OpenAI key)
+const { sync } = await claw.syncKnowledgeCollection(collection.collection_id);
+console.log(sync.ingested, sync.chunks_created); // e.g. 3 ingested, 42 chunks
+
+// Search — semantic similarity over embedded chunks
+const { results } = await claw.searchKnowledgeCollection(
+  collection.collection_id,
+  'How do I roll back a deploy?',
+  { limit: 5 }
+);
+results.forEach(r => console.log(`${(r.score * 100).toFixed(1)}%: ${r.content.slice(0, 80)}...`));
 ```
 
-### Capability Registry
+### Capability Runtime
 
 ```javascript
+// Canonical namespace for capability work
+const caps = claw.execution.capabilities;
+
 // Search the registry (category, risk_level, and search are combinable)
-const { capabilities } = await claw.listCapabilities({ risk_level: 'medium', search: 'slack' });
+const { capabilities } = await caps.list({ risk_level: 'medium', search: 'slack' });
 
 // Register a capability
-await claw.createCapability({
+await caps.create({
   name: 'Send Slack Message',
   description: 'Posts to a configured Slack channel',
   category: 'messaging',
@@ -498,8 +639,69 @@ await claw.createCapability({
   health_status: 'healthy',
   docs_url: 'https://docs.example.com/slack'
 });
+
+// Invoke a governed capability
+const result = await caps.invoke('cap_123', {
+  query: 'What is x402?'
+});
+console.log(result.governed, result.action_id);
+// When retry_policy is configured on the capability, the response includes retry_metadata:
+// result.retry_metadata → { total_attempts, retried, attempts: [...] }
+
+// Run a non-production validation call (bypasses circuit breaker)
+const testRun = await caps.test('cap_123', {
+  query: 'What is x402?'
+});
+console.log(testRun.tested, testRun.health_status, testRun.certification_status);
+// testRun.retry_metadata is also present when the capability has retry_policy configured
+
+// Fetch derived capability health
+const health = await caps.getHealth('cap_123');
+console.log(health.status, health.certification_status, health.last_test_status);
+
+// List derived health for matching capabilities
+const { capabilities: healthRows } = await caps.listHealth({
+  risk_level: 'medium',
+  certification_status: 'certified',
+  stale_only: false,
+  limit: 10,
+});
+console.log(healthRows.map((cap) => `${cap.slug}:${cap.status}:${cap.certification_status}`));
+
+// Fetch recent invoke/test events for one capability
+const history = await caps.getHistory('cap_123', {
+  action_type: 'capability_test',
+  status: 'failed',
+  limit: 5,
+});
+console.log(history.events.map((event) => `${event.action_type}:${event.status}`));
 ```
 
+The existing flat registry methods remain available for compatibility:
+
+- `claw.listCapabilities(...)`
+- `claw.createCapability(...)`
+- `claw.getCapability(...)`
+- `claw.updateCapability(...)`
+
+Use the canonical capability runtime paths:
+
+- `claw.execution.capabilities.invoke(...)`
+- `claw.execution.capabilities.test(...)`
+- `claw.execution.capabilities.getHealth(...)`
+- `claw.execution.capabilities.listHealth(...)`
+- `claw.execution.capabilities.getHistory(...)`
+
+Health responses now include certification and recency fields such as:
+
+- `certification_status`
+- `last_tested_at`
+- `last_test_status`
+- `stale_check`
+- `success_rate_1d`
+- `success_rate_7d`
+- `p95_latency_ms`
+
 ---
 
 ## License

package/dashclaw.js

@@ -1,5 +1,5 @@
 /**
- * DashClaw SDK v2.10.0 (Stable Runtime API)
+ * DashClaw SDK v2.11.0 (Stable Runtime API)
  * Focused governance runtime client for AI agents.
  */
 
@@ -34,6 +34,20 @@ class DashClaw {
     this.baseUrl = baseUrl.replace(/\/$/, '');
     this.apiKey = apiKey;
     this.agentId = agentId;
+
+    this.execution = {
+      capabilities: {
+        list: (filters = {}) => this.listCapabilities(filters),
+        create: (data) => this.createCapability(data),
+        get: (capabilityId) => this.getCapability(capabilityId),
+        update: (capabilityId, patch) => this.updateCapability(capabilityId, patch),
+        invoke: (capabilityId, payload = {}) => this.invokeCapability(capabilityId, payload),
+        test: (capabilityId, payload = {}) => this.testCapability(capabilityId, payload),
+        getHealth: (capabilityId) => this.getCapabilityHealth(capabilityId),
+        listHealth: (filters = {}) => this.listCapabilityHealth(filters),
+        getHistory: (capabilityId, filters = {}) => this.getCapabilityHistory(capabilityId, filters),
+      },
+    };
   }
 
   async _request(path, method = 'GET', body = null, params = null) {
@@ -143,17 +157,112 @@ class DashClaw {
   }
 
   /**
-   * GET /api/actions/:id — Polling helper for human approval.
+   * @private Connect to SSE stream and yield parsed events.
+   */
+  async *_connectSSE(controller) {
+    const res = await fetch(`${this.baseUrl}/api/stream`, {
+      headers: { 'x-api-key': this.apiKey },
+      signal: controller.signal,
+    });
+
+    if (!res.ok || !res.body) return;
+
+    const reader = res.body.getReader();
+    const decoder = new TextDecoder();
+    let buffer = '';
+    let currentEvent = null;
+    let currentData = '';
+    let currentId = null;
+
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+
+      const lines = buffer.split('\n');
+      buffer = lines.pop();
+
+      for (const line of lines) {
+        if (line.startsWith('id: ')) {
+          currentId = line.slice(4).trim();
+        } else if (line.startsWith('event: ')) {
+          currentEvent = line.slice(7).trim();
+        } else if (line.startsWith('data: ')) {
+          currentData += line.slice(6);
+        } else if (line.startsWith(':')) {
+          // SSE comment (heartbeat)
+        } else if (line === '' && currentEvent) {
+          if (currentData) {
+            try {
+              yield { event: currentEvent, data: JSON.parse(currentData), id: currentId };
+            } catch { /* ignore parse errors */ }
+          }
+          currentEvent = null;
+          currentData = '';
+          currentId = null;
+        } else if (line === '') {
+          currentEvent = null;
+          currentData = '';
+          currentId = null;
+        }
+      }
+    }
+  }
+
+  /**
+   * Wait for human approval. SSE-first with polling fallback.
    */
   async waitForApproval(actionId, { timeout = 300000, interval = 5000 } = {}) {
     const startTime = Date.now();
+
+    const checkAction = (action) => {
+      if (action.approved_by) return { resolved: true, result: { action } };
+      if (action.status === 'failed' || action.status === 'cancelled') {
+        return { resolved: true, error: new ApprovalDeniedError(action.error_message || 'Operator denied the action.', action.status) };
+      }
+      return { resolved: false };
+    };
+
+    // Try SSE first
+    try {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), timeout);
+
+      try {
+        for await (const frame of this._connectSSE(controller)) {
+          if (frame.event === 'action.updated' && frame.data?.action_id === actionId) {
+            const check = checkAction(frame.data);
+            if (check.resolved) {
+              clearTimeout(timeoutId);
+              controller.abort();
+              if (check.error) throw check.error;
+              const confirmed = await this._request(`/api/actions/${actionId}`, 'GET');
+              return confirmed;
+            }
+          }
+
+          if (Date.now() - startTime >= timeout) {
+            clearTimeout(timeoutId);
+            controller.abort();
+            throw new Error(`Timed out waiting for approval of action ${actionId}`);
+          }
+        }
+      } finally {
+        clearTimeout(timeoutId);
+        if (!controller.signal.aborted) controller.abort();
+      }
+    } catch (err) {
+      if (err instanceof ApprovalDeniedError || err.message?.includes('Timed out')) throw err;
+      // SSE failed — fall through to polling
+    }
+
+    // Polling fallback
     let wasPending = false;
     let printedBlock = false;
 
     while (Date.now() - startTime < timeout) {
       const { action } = await this._request(`/api/actions/${actionId}`, 'GET');
 
-      // Print structured approval block on first fetch
       if (!printedBlock) {
         printedBlock = true;
         try {
@@ -178,33 +287,18 @@ class DashClaw {
             '\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d',
           ];
           process.stdout.write('\n' + lines.join('\n') + '\n\n');
-        } catch (_) {
-          // Rendering failure must not prevent the wait from proceeding
-        }
+        } catch (_) { /* rendering failure must not prevent wait */ }
       }
-      
-      if (action.status === 'pending_approval') {
-        wasPending = true;
-      }
-
-      // Explicitly unblocked by approval metadata
-      if (action.approved_by) return action;
 
-      // Denial cases
+      if (action.status === 'pending_approval') wasPending = true;
+      if (action.approved_by) return { action };
       if (action.status === 'failed' || action.status === 'cancelled') {
         throw new ApprovalDeniedError(action.error_message || 'Operator denied the action.', action.status);
       }
-
-      // Requirement 4: If an action leaves pending_approval without approval metadata, throw an error.
-      // This prevents "auto-approval" bugs where status is changed by non-approval paths.
       if (wasPending && action.status !== 'pending_approval') {
         throw new Error(`Action ${actionId} left pending_approval state without explicit approval metadata (Status: ${action.status})`);
       }
-
-      // If allowed directly (never intercepted), return immediately
-      if (!wasPending && action.status === 'running') {
-        return { action };
-      }
+      if (!wasPending && action.status === 'running') return { action };
 
       await new Promise(r => setTimeout(r, interval));
     }
@@ -743,6 +837,21 @@ class DashClaw {
     return this._request(`/api/model-strategies/${strategyId}`, 'DELETE');
   }
 
+  /**
+   * POST /api/model-strategies/:id/complete — Execute a chat completion using
+   * this strategy. Resolves BYOK provider credentials, handles fallback chain,
+   * enforces budget caps.
+   * @param {string} strategyId
+   * @param {Array<{role: string, content: string}>} messages
+   * @param {Object} [options={}] - { max_tokens, temperature, task_mode }
+   */
+  async completeWithStrategy(strategyId, messages, options = {}) {
+    return this._request(`/api/model-strategies/${strategyId}/complete`, 'POST', {
+      messages,
+      ...options,
+    });
+  }
+
   // ---------------------------------------------------------------------------
   // Execution Studio — Knowledge Collections
   // ---------------------------------------------------------------------------
@@ -795,6 +904,26 @@ class DashClaw {
     return this._request(`/api/knowledge/collections/${collectionId}/items`, 'POST', data);
   }
 
+  /**
+   * POST /api/knowledge/collections/:id/sync — Ingest pending items (chunk + embed).
+   */
+  async syncKnowledgeCollection(collectionId) {
+    return this._request(`/api/knowledge/collections/${collectionId}/sync`, 'POST', {});
+  }
+
+  /**
+   * POST /api/knowledge/collections/:id/search — Semantic search over chunks.
+   * @param {string} collectionId
+   * @param {string} query
+   * @param {Object} [options={}] - { limit }
+   */
+  async searchKnowledgeCollection(collectionId, query, options = {}) {
+    return this._request(`/api/knowledge/collections/${collectionId}/search`, 'POST', {
+      query,
+      ...options,
+    });
+  }
+
   // ---------------------------------------------------------------------------
   // Execution Studio — Capability Registry
   // ---------------------------------------------------------------------------
@@ -827,6 +956,47 @@ class DashClaw {
   async updateCapability(capabilityId, patch) {
     return this._request(`/api/capabilities/${capabilityId}`, 'PATCH', patch);
   }
+
+  /**
+   * POST /api/capabilities/:id/invoke — Invoke a governed capability.
+   */
+  async invokeCapability(capabilityId, payload = {}) {
+    return this._request(`/api/capabilities/${capabilityId}/invoke`, 'POST', {
+      ...payload,
+      agent_id: payload.agent_id || this.agentId,
+    });
+  }
+
+  /**
+   * POST /api/capabilities/:id/test — Run a non-production capability validation call.
+   */
+  async testCapability(capabilityId, payload = {}) {
+    return this._request(`/api/capabilities/${capabilityId}/test`, 'POST', {
+      ...payload,
+      agent_id: payload.agent_id || this.agentId,
+    });
+  }
+
+  /**
+   * GET /api/capabilities/:id/health — Fetch derived capability health.
+   */
+  async getCapabilityHealth(capabilityId) {
+    return this._request(`/api/capabilities/${capabilityId}/health`, 'GET');
+  }
+
+  /**
+   * GET /api/capabilities/health — List derived health summaries for matching capabilities.
+   */
+  async listCapabilityHealth(filters = {}) {
+    return this._request('/api/capabilities/health', 'GET', null, filters);
+  }
+
+  /**
+   * GET /api/capabilities/:id/history — Fetch recent test and invoke events for a capability.
+   */
+  async getCapabilityHistory(capabilityId, filters = {}) {
+    return this._request(`/api/capabilities/${capabilityId}/history`, 'GET', null, filters);
+  }
 }
 
 export { DashClaw, ApprovalDeniedError, GuardBlockedError };

package/legacy/dashclaw-v1.js

@@ -263,11 +263,18 @@ class DashClaw {
       try { this.guardCallback(decision); } catch { /* ignore callback errors */ }
     }
 
-    const isBlocked = decision.decision === 'block' || decision.decision === 'require_approval';
+    // Only `block` is a hard stop. `require_approval` is the normal HITL path:
+    // the server will create the action with status='pending_approval' and the
+    // approval queue / waitForApproval handles the rest. Throwing here would
+    // prevent the POST to /api/actions and break the PWA approval surface.
+    const isBlocked = decision.decision === 'block';
 
     if (this.guardMode === 'warn' && isBlocked) {
+      const reasons = Array.isArray(decision.reasons)
+        ? decision.reasons.join('; ')
+        : (decision.reason || 'no reason');
       console.warn(
-        `[DashClaw] Guard ${decision.decision}: ${decision.reasons.join('; ') || 'no reason'}. Proceeding in warn mode.`
+        `[DashClaw] Guard ${decision.decision}: ${reasons}. Proceeding in warn mode.`
       );
       return;
     }
@@ -2826,6 +2833,46 @@ class DashClaw {
     return this._request('GET', '/api/scoring/score', null, { profile_id: profileId, view: 'stats' });
   }
 
+  // --- Capability Runtime Compatibility ------------------
+
+  async listCapabilities(params = {}) {
+    return this._request('GET', '/api/capabilities', null, params);
+  }
+
+  async createCapability(data) {
+    return this._request('POST', '/api/capabilities', data);
+  }
+
+  async getCapability(capabilityId) {
+    return this._request('GET', `/api/capabilities/${capabilityId}`);
+  }
+
+  async updateCapability(capabilityId, data) {
+    return this._request('PATCH', `/api/capabilities/${capabilityId}`, data);
+  }
+
+  async invokeCapability(capabilityId, payload = {}) {
+    return this._request('POST', `/api/capabilities/${capabilityId}/invoke`, {
+      ...payload,
+      agent_id: payload.agent_id || this.agentId,
+    });
+  }
+
+  async testCapability(capabilityId, payload = {}) {
+    return this._request('POST', `/api/capabilities/${capabilityId}/test`, {
+      ...payload,
+      agent_id: payload.agent_id || this.agentId,
+    });
+  }
+
+  async getCapabilityHealth(capabilityId) {
+    return this._request('GET', `/api/capabilities/${capabilityId}/health`);
+  }
+
+  async listCapabilityHealth(params = {}) {
+    return this._request('GET', '/api/capabilities/health', null, params);
+  }
+
   // --- Risk Templates ------------------------------------
 
   async createRiskTemplate(data) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dashclaw",
-  "version": "2.10.0",
+  "version": "2.11.1",
   "description": "Minimal governance runtime for AI agents. Intercept, govern, and verify agent actions.",
   "type": "module",
   "publishConfig": {