dashclaw 2.9.0 → 2.11.0

package/README.md

@@ -1,4 +1,4 @@
-# DashClaw SDK (v2.7.0)
+# DashClaw SDK (v2.10.0)
 
 **Minimal governance runtime for AI agents.**
 
@@ -70,16 +70,44 @@ claw.update_outcome(action_id, status="completed")
 
 ---
 
-## SDK Surface Area (v2.5.0)
+## SDK Tiers
 
-The v2 SDK exposes **45 methods** optimized for stability and zero-overhead governance:
+DashClaw currently exposes a canonical Node SDK surface plus a legacy compatibility layer:
+
+| | Node SDK | Python SDK |
+|---|---|---|
+| **Focus** | Canonical product surface for new work | Broader current surface |
+| **Methods** | Core runtime + execution surfaces | Broad platform surface |
+| **Core governance** | ✅ | ✅ |
+| **Scoring profiles** | ✅ | ✅ |
+| **Learning loop** | ✅ | ✅ |
+| **Framework integrations** | — | LangChain, CrewAI, AutoGen, Claude Managed Agents |
+| **Compliance engine** | — | ✅ |
+| **Execution graphs** | — | ✅ |
+| **Webhooks management** | — | ✅ |
+
+**Node** is designed for most agents — fast, minimal, covers the governance loop and common workflows. **Python** is the enterprise/power-user surface with compliance reporting, execution graph traversal, and framework-native integrations.
+
+**Policy:** new product work should target the main `dashclaw` client first. `dashclaw/legacy` exists for compatibility with older integrations and older method shapes.
+
+See:
+
+- [SDK Consolidation RFC](../docs/rfcs/2026-04-07-sdk-consolidation.md)
+- [SDK Migration Matrix](../docs/planning/2026-04-07-sdk-migration-matrix.md)
+- [SDK Parity Matrix](../docs/sdk-parity.md)
+
+---
+
+## SDK Surface Area (v2.10.0)
+
+The v2 SDK exposes the stable governance runtime plus promoted execution domains in the canonical Node client:
 
 ### Core Runtime
 - `guard(context)` -- Policy evaluation ("Can I do X?"). Returns `risk_score` (server-computed) and `agent_risk_score` (raw agent value)
 - `createAction(action)` -- Lifecycle tracking ("I am doing X")
 - `updateOutcome(id, outcome)` -- Result recording ("X finished with Y")
 - `recordAssumption(assumption)` -- Integrity tracking ("I believe Z while doing X")
-- `waitForApproval(id)` -- Polling helper for human-in-the-loop approvals
+- `waitForApproval(id)` -- Real-time SSE listener for human-in-the-loop approvals (automatic polling fallback)
 - `approveAction(id, decision, reasoning?)` -- Submit approval decisions from code
 - `getPendingApprovals()` -- List actions awaiting human review
 
@@ -89,7 +117,7 @@ The v2 SDK exposes **45 methods** optimized for stability and zero-overhead gove
 - `getSignals()` -- Get current risk signals across all agents.
 
 ### Swarm & Connectivity
-- `heartbeat(status, metadata)` -- Report agent presence and health.
+- `heartbeat(status, metadata)` -- Report agent presence and health. **As of DashClaw 2.13.0, heartbeats are implicit on `createAction()` — you only need this if you want to report presence without recording an action.**
 - `reportConnections(connections)` -- Report active provider connections.
 
 ### Learning & Optimization
@@ -360,6 +388,26 @@ dashclaw deny <actionId>        # deny a specific action
 
 When an agent calls `waitForApproval()`, it prints the action ID and replay link to stdout. Approve from any terminal or the dashboard, and the agent unblocks instantly.
 
+## MCP Server (Zero-Code Integration)
+
+If your agent supports MCP (Claude Code, Claude Desktop, Managed Agents), you can skip the SDK entirely:
+
+```json
+{
+  "mcpServers": {
+    "dashclaw": {
+      "command": "npx",
+      "args": ["@dashclaw/mcp-server"],
+      "env": { "DASHCLAW_URL": "...", "DASHCLAW_API_KEY": "oc_live_..." }
+    }
+  }
+}
+```
+
+The MCP server exposes the same governance surface as the SDK (guard, record, invoke, wait for approval) plus discovery (capabilities, policies) and session lifecycle.
+
+---
+
 ## Claude Code Hooks
 
 Govern Claude Code tool calls without any SDK instrumentation. Copy two files from the `hooks/` directory in the repo into your `.claude/hooks/` folder:
@@ -376,7 +424,9 @@ Then merge the hooks block from `hooks/settings.json` into your `.claude/setting
 
 ## Legacy SDK (v1)
 
-The v2 SDK covers the 45 methods most critical to agent governance. If you require the full platform surface (188+ methods including Calendar, Workflows, Routing, Pairing, etc.), the v1 SDK is available via the `dashclaw/legacy` sub-path in Node.js or via the full client in Python.
+`dashclaw/legacy` is a compatibility layer for older integrations. It is not the preferred target for new feature design.
+
+Use it only when you need methods that have not yet been promoted into the canonical SDK surface.
 
 ```javascript
 // v1 legacy import
@@ -385,6 +435,273 @@ import { DashClaw } from 'dashclaw/legacy';
 
 Methods moved to v1 only: `createWebhook`, `getActivityLogs`, `mapCompliance`, `getProofReport`.
 
+Legacy also exposes flat compatibility wrappers for the capability runtime routes:
+
+- `claw.listCapabilities(...)`
+- `claw.createCapability(...)`
+- `claw.getCapability(...)`
+- `claw.updateCapability(...)`
+- `claw.invokeCapability(...)`
+- `claw.testCapability(...)`
+- `claw.getCapabilityHealth(...)`
+- `claw.listCapabilityHealth(...)`
+
+Those wrappers exist to keep older integrations working. New product work should still target `claw.execution.capabilities.*` on the main SDK first.
+
+---
+
+## Execution Studio
+
+Governance packaging and discovery — workflow templates, model strategies, knowledge collections, a capability registry, and a read-only execution graph. Added in v2.10.0.
+
+### Execution Graph
+
+```javascript
+// Fetch the execution graph for any action (reuses existing trace data)
+const { rootActionId, nodes, edges } = await claw.getActionGraph(actionId);
+// nodes: action:<id>, assumption:<id>, loop:<id>
+// edges: parent_child | related | assumption_of | loop_from
+```
+
+### Workflow Templates
+
+```javascript
+// List templates
+const { templates } = await claw.listWorkflowTemplates({ status: 'active' });
+
+// Create a template
+const { template } = await claw.createWorkflowTemplate({
+  name: 'Release Hotfix',
+  description: 'Ship urgent production patches safely',
+  objective: 'Deploy with full policy + approval coverage',
+  linked_policy_ids: ['pol_prod_deploy'],
+  linked_capability_tags: ['deploy'],
+  model_strategy_id: 'mst_balanced_default'
+});
+
+// Get / update / duplicate
+const detail = await claw.getWorkflowTemplate(templateId);
+await claw.updateWorkflowTemplate(templateId, {
+  steps: [{ id: 'plan' }, { id: 'test' }, { id: 'deploy' }]
+}); // bumps version when steps change
+await claw.duplicateWorkflowTemplate(templateId);
+
+// Launch — creates a traceable action_records row with workflow metadata.
+// If the template links a model_strategy_id, the resolved config is snapshotted.
+const { launch } = await claw.launchWorkflowTemplate(templateId, { agent_id: 'deploy-bot' });
+console.log(launch.action_id); // act_... — view it in /decisions/<action_id>
+
+// List past runs for a template (HTTP only — no SDK wrapper yet)
+const runs = await fetch(`${baseUrl}/api/workflows/templates/${templateId}/runs?limit=10`, {
+  headers: { 'x-api-key': apiKey },
+}).then(r => r.json());
+
+// Get full run detail with step inputs/outputs
+const run = await fetch(`${baseUrl}/api/workflows/templates/${templateId}/runs/${runActionId}`, {
+  headers: { 'x-api-key': apiKey },
+}).then(r => r.json());
+// run.steps[].input / run.steps[].output contain full JSON (no truncation)
+
+// Resume a failed run from the last completed checkpoint
+const resumed = await fetch(`${baseUrl}/api/workflows/templates/${templateId}/runs/${runActionId}/resume`, {
+  method: 'POST',
+  headers: { 'x-api-key': apiKey, 'Content-Type': 'application/json' },
+  body: JSON.stringify({}),
+}).then(r => r.json());
+// resumed.action_id is the new run; reused steps have status='reused'
+
+// Cancel a running workflow
+await fetch(`${baseUrl}/api/workflows/templates/${templateId}/runs/${runActionId}/cancel`, {
+  method: 'POST',
+  headers: { 'x-api-key': apiKey },
+});
+```
+
+### Artifacts
+
+```javascript
+// List artifacts (optionally filter by action, step, agent, type)
+const { artifacts } = await fetch(`${baseUrl}/api/artifacts?action_id=${actionId}`, {
+  headers: { 'x-api-key': apiKey },
+}).then(r => r.json());
+
+// Create an artifact
+const { artifact } = await fetch(`${baseUrl}/api/artifacts`, {
+  method: 'POST',
+  headers: { 'x-api-key': apiKey, 'Content-Type': 'application/json' },
+  body: JSON.stringify({
+    artifact_type: 'json',
+    name: 'Analysis results',
+    content_json: { findings: ['...'] },
+    source_action_id: actionId,
+  }),
+}).then(r => r.json());
+
+// Generate an evidence bundle for a governed action
+const bundle = await fetch(`${baseUrl}/api/artifacts/evidence-bundle`, {
+  method: 'POST',
+  headers: { 'x-api-key': apiKey, 'Content-Type': 'application/json' },
+  body: JSON.stringify({ action_id: actionId }),
+}).then(r => r.json());
+// bundle.action + bundle.steps + bundle.artifacts
+```
+
+### Model Strategies
+
+```javascript
+// List and create
+const { strategies } = await claw.listModelStrategies();
+const { strategy } = await claw.createModelStrategy({
+  name: 'Balanced Default',
+  description: 'GPT-4.1 primary, Claude Sonnet 4 fallback',
+  config: {
+    primary: { provider: 'openai', model: 'gpt-4.1' },
+    fallback: [{ provider: 'anthropic', model: 'claude-sonnet-4' }],
+    costSensitivity: 'balanced',        // 'low' | 'balanced' | 'high-quality'
+    latencySensitivity: 'medium',       // 'low' | 'medium' | 'high'
+    maxBudgetUsd: 0.5,
+    maxRetries: 2,
+    allowedProviders: ['openai', 'anthropic']
+  }
+});
+
+// Update (config patches merge over existing config)
+await claw.updateModelStrategy(strategyId, { config: { maxBudgetUsd: 1.0 } });
+
+// Delete (soft references on linked workflow_templates are nulled out)
+await claw.deleteModelStrategy(strategyId);
+
+// Execute a chat completion using the strategy (BYOK, fallback, budget enforcement)
+const result = await claw.completeWithStrategy(strategyId, [
+  { role: 'user', content: 'Summarize the deploy plan' }
+], { max_tokens: 512, temperature: 0.7, task_mode: 'reasoning' });
+console.log(result.content);    // LLM response text
+console.log(result.provider);   // e.g. 'openai'
+console.log(result.cost_usd);   // estimated cost
+console.log(result.fallback_used); // true if primary failed
+```
+
+### Knowledge Collections
+
+Metadata-only layer — no embedding or retrieval yet. Ingestion execution is planned for Phase 2b.
+
+```javascript
+// Create a collection
+const { collection } = await claw.createKnowledgeCollection({
+  name: 'Runbook Library',
+  description: 'Incident response runbooks',
+  source_type: 'files',  // 'files' | 'urls' | 'external' | 'notes'
+  tags: ['ops', 'oncall']
+});
+
+// Add items (bumps parent doc_count; transitions ingestion_status from empty → pending)
+await claw.addKnowledgeCollectionItem(collection.collection_id, {
+  source_uri: 'https://docs.example.com/runbook.md',
+  title: 'Deploy runbook',
+  mime_type: 'text/markdown'
+});
+
+// List items
+const { items } = await claw.listKnowledgeCollectionItems(collection.collection_id);
+
+// Sync — ingest pending items (fetch, chunk, embed via BYOK OpenAI key)
+const { sync } = await claw.syncKnowledgeCollection(collection.collection_id);
+console.log(sync.ingested, sync.chunks_created); // e.g. 3 ingested, 42 chunks
+
+// Search — semantic similarity over embedded chunks
+const { results } = await claw.searchKnowledgeCollection(
+  collection.collection_id,
+  'How do I roll back a deploy?',
+  { limit: 5 }
+);
+results.forEach(r => console.log(`${(r.score * 100).toFixed(1)}%: ${r.content.slice(0, 80)}...`));
+```
+
+### Capability Runtime
+
+```javascript
+// Canonical namespace for capability work
+const caps = claw.execution.capabilities;
+
+// Search the registry (category, risk_level, and search are combinable)
+const { capabilities } = await caps.list({ risk_level: 'medium', search: 'slack' });
+
+// Register a capability
+await caps.create({
+  name: 'Send Slack Message',
+  description: 'Posts to a configured Slack channel',
+  category: 'messaging',
+  source_type: 'http_api',        // 'internal_sdk' | 'http_api' | 'webhook' | 'human_approval' | 'external_marketplace'
+  auth_type: 'oauth',
+  risk_level: 'medium',           // 'low' | 'medium' | 'high' | 'critical'
+  requires_approval: false,
+  tags: ['notify', 'slack'],
+  health_status: 'healthy',
+  docs_url: 'https://docs.example.com/slack'
+});
+
+// Invoke a governed capability
+const result = await caps.invoke('cap_123', {
+  query: 'What is x402?'
+});
+console.log(result.governed, result.action_id);
+// When retry_policy is configured on the capability, the response includes retry_metadata:
+// result.retry_metadata → { total_attempts, retried, attempts: [...] }
+
+// Run a non-production validation call (bypasses circuit breaker)
+const testRun = await caps.test('cap_123', {
+  query: 'What is x402?'
+});
+console.log(testRun.tested, testRun.health_status, testRun.certification_status);
+// testRun.retry_metadata is also present when the capability has retry_policy configured
+
+// Fetch derived capability health
+const health = await caps.getHealth('cap_123');
+console.log(health.status, health.certification_status, health.last_test_status);
+
+// List derived health for matching capabilities
+const { capabilities: healthRows } = await caps.listHealth({
+  risk_level: 'medium',
+  certification_status: 'certified',
+  stale_only: false,
+  limit: 10,
+});
+console.log(healthRows.map((cap) => `${cap.slug}:${cap.status}:${cap.certification_status}`));
+
+// Fetch recent invoke/test events for one capability
+const history = await caps.getHistory('cap_123', {
+  action_type: 'capability_test',
+  status: 'failed',
+  limit: 5,
+});
+console.log(history.events.map((event) => `${event.action_type}:${event.status}`));
+```
+
+The existing flat registry methods remain available for compatibility:
+
+- `claw.listCapabilities(...)`
+- `claw.createCapability(...)`
+- `claw.getCapability(...)`
+- `claw.updateCapability(...)`
+
+Use the canonical capability runtime paths:
+
+- `claw.execution.capabilities.invoke(...)`
+- `claw.execution.capabilities.test(...)`
+- `claw.execution.capabilities.getHealth(...)`
+- `claw.execution.capabilities.listHealth(...)`
+- `claw.execution.capabilities.getHistory(...)`
+
+Health responses now include certification and recency fields such as:
+
+- `certification_status`
+- `last_tested_at`
+- `last_test_status`
+- `stale_check`
+- `success_rate_1d`
+- `success_rate_7d`
+- `p95_latency_ms`
+
 ---
 
 ## License

package/dashclaw.js

@@ -1,5 +1,5 @@
 /**
- * DashClaw SDK v2.8.0 (Stable Runtime API)
+ * DashClaw SDK v2.11.0 (Stable Runtime API)
  * Focused governance runtime client for AI agents.
  */
 
@@ -34,6 +34,20 @@ class DashClaw {
     this.baseUrl = baseUrl.replace(/\/$/, '');
     this.apiKey = apiKey;
     this.agentId = agentId;
+
+    this.execution = {
+      capabilities: {
+        list: (filters = {}) => this.listCapabilities(filters),
+        create: (data) => this.createCapability(data),
+        get: (capabilityId) => this.getCapability(capabilityId),
+        update: (capabilityId, patch) => this.updateCapability(capabilityId, patch),
+        invoke: (capabilityId, payload = {}) => this.invokeCapability(capabilityId, payload),
+        test: (capabilityId, payload = {}) => this.testCapability(capabilityId, payload),
+        getHealth: (capabilityId) => this.getCapabilityHealth(capabilityId),
+        listHealth: (filters = {}) => this.listCapabilityHealth(filters),
+        getHistory: (capabilityId, filters = {}) => this.getCapabilityHistory(capabilityId, filters),
+      },
+    };
   }
 
   async _request(path, method = 'GET', body = null, params = null) {
@@ -143,17 +157,112 @@ class DashClaw {
   }
 
   /**
-   * GET /api/actions/:id — Polling helper for human approval.
+   * @private Connect to SSE stream and yield parsed events.
+   */
+  async *_connectSSE(controller) {
+    const res = await fetch(`${this.baseUrl}/api/stream`, {
+      headers: { 'x-api-key': this.apiKey },
+      signal: controller.signal,
+    });
+
+    if (!res.ok || !res.body) return;
+
+    const reader = res.body.getReader();
+    const decoder = new TextDecoder();
+    let buffer = '';
+    let currentEvent = null;
+    let currentData = '';
+    let currentId = null;
+
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+
+      const lines = buffer.split('\n');
+      buffer = lines.pop();
+
+      for (const line of lines) {
+        if (line.startsWith('id: ')) {
+          currentId = line.slice(4).trim();
+        } else if (line.startsWith('event: ')) {
+          currentEvent = line.slice(7).trim();
+        } else if (line.startsWith('data: ')) {
+          currentData += line.slice(6);
+        } else if (line.startsWith(':')) {
+          // SSE comment (heartbeat)
+        } else if (line === '' && currentEvent) {
+          if (currentData) {
+            try {
+              yield { event: currentEvent, data: JSON.parse(currentData), id: currentId };
+            } catch { /* ignore parse errors */ }
+          }
+          currentEvent = null;
+          currentData = '';
+          currentId = null;
+        } else if (line === '') {
+          currentEvent = null;
+          currentData = '';
+          currentId = null;
+        }
+      }
+    }
+  }
+
+  /**
+   * Wait for human approval. SSE-first with polling fallback.
    */
   async waitForApproval(actionId, { timeout = 300000, interval = 5000 } = {}) {
     const startTime = Date.now();
+
+    const checkAction = (action) => {
+      if (action.approved_by) return { resolved: true, result: { action } };
+      if (action.status === 'failed' || action.status === 'cancelled') {
+        return { resolved: true, error: new ApprovalDeniedError(action.error_message || 'Operator denied the action.', action.status) };
+      }
+      return { resolved: false };
+    };
+
+    // Try SSE first
+    try {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), timeout);
+
+      try {
+        for await (const frame of this._connectSSE(controller)) {
+          if (frame.event === 'action.updated' && frame.data?.action_id === actionId) {
+            const check = checkAction(frame.data);
+            if (check.resolved) {
+              clearTimeout(timeoutId);
+              controller.abort();
+              if (check.error) throw check.error;
+              const confirmed = await this._request(`/api/actions/${actionId}`, 'GET');
+              return confirmed;
+            }
+          }
+
+          if (Date.now() - startTime >= timeout) {
+            clearTimeout(timeoutId);
+            controller.abort();
+            throw new Error(`Timed out waiting for approval of action ${actionId}`);
+          }
+        }
+      } finally {
+        clearTimeout(timeoutId);
+        if (!controller.signal.aborted) controller.abort();
+      }
+    } catch (err) {
+      if (err instanceof ApprovalDeniedError || err.message?.includes('Timed out')) throw err;
+      // SSE failed — fall through to polling
+    }
+
+    // Polling fallback
     let wasPending = false;
     let printedBlock = false;
 
     while (Date.now() - startTime < timeout) {
       const { action } = await this._request(`/api/actions/${actionId}`, 'GET');
 
-      // Print structured approval block on first fetch
       if (!printedBlock) {
         printedBlock = true;
         try {
@@ -178,33 +287,18 @@ class DashClaw {
             '\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d',
           ];
           process.stdout.write('\n' + lines.join('\n') + '\n\n');
-        } catch (_) {
-          // Rendering failure must not prevent the wait from proceeding
-        }
-      }
-      
-      if (action.status === 'pending_approval') {
-        wasPending = true;
+        } catch (_) { /* rendering failure must not prevent wait */ }
       }
 
-      // Explicitly unblocked by approval metadata
-      if (action.approved_by) return action;
-
-      // Denial cases
+      if (action.status === 'pending_approval') wasPending = true;
+      if (action.approved_by) return { action };
       if (action.status === 'failed' || action.status === 'cancelled') {
         throw new ApprovalDeniedError(action.error_message || 'Operator denied the action.', action.status);
       }
-
-      // Requirement 4: If an action leaves pending_approval without approval metadata, throw an error.
-      // This prevents "auto-approval" bugs where status is changed by non-approval paths.
       if (wasPending && action.status !== 'pending_approval') {
         throw new Error(`Action ${actionId} left pending_approval state without explicit approval metadata (Status: ${action.status})`);
       }
-
-      // If allowed directly (never intercepted), return immediately
-      if (!wasPending && action.status === 'running') {
-        return { action };
-      }
+      if (!wasPending && action.status === 'running') return { action };
 
       await new Promise(r => setTimeout(r, interval));
     }
@@ -643,6 +737,266 @@ class DashClaw {
   async getSessionEvents(sessionId) {
     return this._request(`/api/sessions/${sessionId}/events`, 'GET');
   }
+
+  // ---------------------------------------------------------------------------
+  // Execution Studio — Execution Graph
+  // ---------------------------------------------------------------------------
+
+  /**
+   * GET /api/actions/:id/graph — Read-only execution graph (nodes + edges).
+   */
+  async getActionGraph(actionId) {
+    return this._request(`/api/actions/${actionId}/graph`, 'GET');
+  }
+
+  // ---------------------------------------------------------------------------
+  // Execution Studio — Workflow Templates
+  // ---------------------------------------------------------------------------
+
+  /**
+   * GET /api/workflows/templates — List workflow templates.
+   * @param {Object} [filters={}] - { status, limit, offset }
+   */
+  async listWorkflowTemplates(filters = {}) {
+    return this._request('/api/workflows/templates', 'GET', null, filters);
+  }
+
+  /**
+   * POST /api/workflows/templates — Create a workflow template.
+   */
+  async createWorkflowTemplate(data) {
+    return this._request('/api/workflows/templates', 'POST', data);
+  }
+
+  /**
+   * GET /api/workflows/templates/:id — Fetch a single template.
+   */
+  async getWorkflowTemplate(templateId) {
+    return this._request(`/api/workflows/templates/${templateId}`, 'GET');
+  }
+
+  /**
+   * PATCH /api/workflows/templates/:id — Partial update. Bumps version when steps change.
+   */
+  async updateWorkflowTemplate(templateId, patch) {
+    return this._request(`/api/workflows/templates/${templateId}`, 'PATCH', patch);
+  }
+
+  /**
+   * POST /api/workflows/templates/:id/duplicate — Clone as a new draft.
+   */
+  async duplicateWorkflowTemplate(templateId, overrides = {}) {
+    return this._request(`/api/workflows/templates/${templateId}/duplicate`, 'POST', overrides);
+  }
+
+  /**
+   * POST /api/workflows/templates/:id/launch — Create a traceable action record.
+   * Resolves any linked model strategy into a snapshot at launch time.
+   */
+  async launchWorkflowTemplate(templateId, options = {}) {
+    return this._request(`/api/workflows/templates/${templateId}/launch`, 'POST', options);
+  }
+
+  // ---------------------------------------------------------------------------
+  // Execution Studio — Model Strategies
+  // ---------------------------------------------------------------------------
+
+  /**
+   * GET /api/model-strategies — List model strategies.
+   */
+  async listModelStrategies() {
+    return this._request('/api/model-strategies', 'GET');
+  }
+
+  /**
+   * POST /api/model-strategies — Create a model strategy.
+   * @param {Object} data - { name, description, config: { primary, fallback, costSensitivity, ... } }
+   */
+  async createModelStrategy(data) {
+    return this._request('/api/model-strategies', 'POST', data);
+  }
+
+  /**
+   * GET /api/model-strategies/:id — Fetch a single strategy.
+   */
+  async getModelStrategy(strategyId) {
+    return this._request(`/api/model-strategies/${strategyId}`, 'GET');
+  }
+
+  /**
+   * PATCH /api/model-strategies/:id — Partial update. Config patches merge over existing.
+   */
+  async updateModelStrategy(strategyId, patch) {
+    return this._request(`/api/model-strategies/${strategyId}`, 'PATCH', patch);
+  }
+
+  /**
+   * DELETE /api/model-strategies/:id — Delete. Nulls soft refs on linked templates.
+   */
+  async deleteModelStrategy(strategyId) {
+    return this._request(`/api/model-strategies/${strategyId}`, 'DELETE');
+  }
+
+  /**
+   * POST /api/model-strategies/:id/complete — Execute a chat completion using
+   * this strategy. Resolves BYOK provider credentials, handles fallback chain,
+   * enforces budget caps.
+   * @param {string} strategyId
+   * @param {Array<{role: string, content: string}>} messages
+   * @param {Object} [options={}] - { max_tokens, temperature, task_mode }
+   */
+  async completeWithStrategy(strategyId, messages, options = {}) {
+    return this._request(`/api/model-strategies/${strategyId}/complete`, 'POST', {
+      messages,
+      ...options,
+    });
+  }
+
+  // ---------------------------------------------------------------------------
+  // Execution Studio — Knowledge Collections
+  // ---------------------------------------------------------------------------
+
+  /**
+   * GET /api/knowledge/collections — List knowledge collections.
+   * @param {Object} [filters={}] - { sourceType, limit, offset }
+   */
+  async listKnowledgeCollections(filters = {}) {
+    const params = {};
+    if (filters.sourceType) params.source_type = filters.sourceType;
+    if (filters.limit) params.limit = filters.limit;
+    if (filters.offset) params.offset = filters.offset;
+    return this._request('/api/knowledge/collections', 'GET', null, params);
+  }
+
+  /**
+   * POST /api/knowledge/collections — Create a knowledge collection.
+   */
+  async createKnowledgeCollection(data) {
+    return this._request('/api/knowledge/collections', 'POST', data);
+  }
+
+  /**
+   * GET /api/knowledge/collections/:id — Fetch a single collection.
+   */
+  async getKnowledgeCollection(collectionId) {
+    return this._request(`/api/knowledge/collections/${collectionId}`, 'GET');
+  }
+
+  /**
+   * PATCH /api/knowledge/collections/:id — Update collection metadata.
+   */
+  async updateKnowledgeCollection(collectionId, patch) {
+    return this._request(`/api/knowledge/collections/${collectionId}`, 'PATCH', patch);
+  }
+
+  /**
+   * GET /api/knowledge/collections/:id/items — List items in a collection.
+   * @param {Object} [filters={}] - { limit, offset }
+   */
+  async listKnowledgeCollectionItems(collectionId, filters = {}) {
+    return this._request(`/api/knowledge/collections/${collectionId}/items`, 'GET', null, filters);
+  }
+
+  /**
+   * POST /api/knowledge/collections/:id/items — Add an item. Bumps parent doc_count.
+   */
+  async addKnowledgeCollectionItem(collectionId, data) {
+    return this._request(`/api/knowledge/collections/${collectionId}/items`, 'POST', data);
+  }
+
+  /**
+   * POST /api/knowledge/collections/:id/sync — Ingest pending items (chunk + embed).
+   */
+  async syncKnowledgeCollection(collectionId) {
+    return this._request(`/api/knowledge/collections/${collectionId}/sync`, 'POST', {});
+  }
+
+  /**
+   * POST /api/knowledge/collections/:id/search — Semantic search over chunks.
+   * @param {string} collectionId
+   * @param {string} query
+   * @param {Object} [options={}] - { limit }
+   */
+  async searchKnowledgeCollection(collectionId, query, options = {}) {
+    return this._request(`/api/knowledge/collections/${collectionId}/search`, 'POST', {
+      query,
+      ...options,
+    });
+  }
+
+  // ---------------------------------------------------------------------------
+  // Execution Studio — Capability Registry
+  // ---------------------------------------------------------------------------
+
+  /**
+   * GET /api/capabilities — Search the capability registry.
+   * @param {Object} [filters={}] - { category, risk_level, search, limit, offset }
+   */
+  async listCapabilities(filters = {}) {
+    return this._request('/api/capabilities', 'GET', null, filters);
+  }
+
+  /**
+   * POST /api/capabilities — Register a capability.
+   */
+  async createCapability(data) {
+    return this._request('/api/capabilities', 'POST', data);
+  }
+
+  /**
+   * GET /api/capabilities/:id — Fetch a single capability.
+   */
+  async getCapability(capabilityId) {
+    return this._request(`/api/capabilities/${capabilityId}`, 'GET');
+  }
+
+  /**
+   * PATCH /api/capabilities/:id — Update a capability.
+   */
+  async updateCapability(capabilityId, patch) {
+    return this._request(`/api/capabilities/${capabilityId}`, 'PATCH', patch);
+  }
+
+  /**
+   * POST /api/capabilities/:id/invoke — Invoke a governed capability.
+   */
+  async invokeCapability(capabilityId, payload = {}) {
+    return this._request(`/api/capabilities/${capabilityId}/invoke`, 'POST', {
+      ...payload,
+      agent_id: payload.agent_id || this.agentId,
+    });
+  }
+
+  /**
+   * POST /api/capabilities/:id/test — Run a non-production capability validation call.
+   */
+  async testCapability(capabilityId, payload = {}) {
+    return this._request(`/api/capabilities/${capabilityId}/test`, 'POST', {
+      ...payload,
+      agent_id: payload.agent_id || this.agentId,
+    });
+  }
+
+  /**
+   * GET /api/capabilities/:id/health — Fetch derived capability health.
+   */
+  async getCapabilityHealth(capabilityId) {
+    return this._request(`/api/capabilities/${capabilityId}/health`, 'GET');
+  }
+
+  /**
+   * GET /api/capabilities/health — List derived health summaries for matching capabilities.
+   */
+  async listCapabilityHealth(filters = {}) {
+    return this._request('/api/capabilities/health', 'GET', null, filters);
+  }
+
+  /**
+   * GET /api/capabilities/:id/history — Fetch recent test and invoke events for a capability.
+   */
+  async getCapabilityHistory(capabilityId, filters = {}) {
+    return this._request(`/api/capabilities/${capabilityId}/history`, 'GET', null, filters);
+  }
 }
 
 export { DashClaw, ApprovalDeniedError, GuardBlockedError };

package/legacy/dashclaw-v1.js

@@ -2826,6 +2826,46 @@ class DashClaw {
     return this._request('GET', '/api/scoring/score', null, { profile_id: profileId, view: 'stats' });
   }
 
+  // --- Capability Runtime Compatibility ------------------
+
+  async listCapabilities(params = {}) {
+    return this._request('GET', '/api/capabilities', null, params);
+  }
+
+  async createCapability(data) {
+    return this._request('POST', '/api/capabilities', data);
+  }
+
+  async getCapability(capabilityId) {
+    return this._request('GET', `/api/capabilities/${capabilityId}`);
+  }
+
+  async updateCapability(capabilityId, data) {
+    return this._request('PATCH', `/api/capabilities/${capabilityId}`, data);
+  }
+
+  async invokeCapability(capabilityId, payload = {}) {
+    return this._request('POST', `/api/capabilities/${capabilityId}/invoke`, {
+      ...payload,
+      agent_id: payload.agent_id || this.agentId,
+    });
+  }
+
+  async testCapability(capabilityId, payload = {}) {
+    return this._request('POST', `/api/capabilities/${capabilityId}/test`, {
+      ...payload,
+      agent_id: payload.agent_id || this.agentId,
+    });
+  }
+
+  async getCapabilityHealth(capabilityId) {
+    return this._request('GET', `/api/capabilities/${capabilityId}/health`);
+  }
+
+  async listCapabilityHealth(params = {}) {
+    return this._request('GET', '/api/capabilities/health', null, params);
+  }
+
   // --- Risk Templates ------------------------------------
 
   async createRiskTemplate(data) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dashclaw",
-  "version": "2.9.0",
+  "version": "2.11.0",
   "description": "Minimal governance runtime for AI agents. Intercept, govern, and verify agent actions.",
   "type": "module",
   "publishConfig": {