forgeos 0.1.0-alpha.2 → 0.1.0-alpha.4

package/src/forge/cli/ai.ts

@@ -1,4 +1,12 @@
+import { join } from "node:path";
 import { createDiagnostic } from "../compiler/diagnostics/create.ts";
+import type { SqlPlan } from "../compiler/data-graph/sql/types.ts";
+import { GENERATED_DIR } from "../compiler/emitter/constants.ts";
+import { nodeFileSystem } from "../compiler/fs/index.ts";
+import { stripDeterministicHeader } from "../compiler/primitives/header.ts";
+import { createDbAdapter } from "../runtime/db/factory.ts";
+import type { DbAdapterKind } from "../runtime/db/adapter.ts";
+import { applyMigrations } from "../runtime/db/migrate.ts";
 import { createAiContext } from "../runtime/ai/context.ts";
 import {
   checkAiProviders,
@@ -10,11 +18,36 @@ import { enqueueMockAiResponse } from "../runtime/ai/mock.ts";
 import { getRuntimeEnvStore, initializeRuntimeEnv } from "../runtime/context/create-context.ts";
 import { createNoopTelemetryContext } from "../runtime/telemetry/context.ts";
 import { generateTraceId } from "../runtime/telemetry/correlation.ts";
+import { inspectTrace } from "../runtime/telemetry/flush.ts";
 import { loadSecretRegistry } from "../runtime/secrets/check.ts";
 import { createRuntimeSecretsBundle } from "../runtime/secrets/runtime-bundle.ts";
 import type { ForgeAiProvider } from "../runtime/ai/types.ts";
 
-export type AiSubcommand = "providers" | "check" | "test" | "models";
+function loadAgentTools(workspaceRoot: string): { explicitTools?: unknown[]; autoTools?: unknown[]; agents?: unknown[] } | null {
+  const path = join(workspaceRoot, GENERATED_DIR, "agentTools.json");
+  if (!nodeFileSystem.exists(path)) {
+    return null;
+  }
+  try {
+    return JSON.parse(stripDeterministicHeader(nodeFileSystem.readText(path) ?? "{}")) as {
+      explicitTools?: unknown[];
+      autoTools?: unknown[];
+      agents?: unknown[];
+    };
+  } catch {
+    return null;
+  }
+}
+
+export type AiSubcommand =
+  | "providers"
+  | "check"
+  | "test"
+  | "models"
+  | "tools"
+  | "agents"
+  | "redteam"
+  | "trace";
 
 export interface AiCommandOptions {
   subcommand: AiSubcommand;
@@ -24,6 +57,9 @@ export interface AiCommandOptions {
   model?: string;
   prompt?: string;
   mock?: boolean;
+  traceId?: string;
+  db?: DbAdapterKind;
+  databaseUrl?: string;
 }
 
 export interface AiCommandResult {
@@ -32,6 +68,246 @@ export interface AiCommandResult {
   diagnostics?: ReturnType<typeof createDiagnostic>[];
 }
 
+export interface AiTraceSummary {
+  traceId: string;
+  agents: Array<Record<string, unknown>>;
+  tools: Array<Record<string, unknown>>;
+  generations: Array<Record<string, unknown>>;
+  usage: Array<Record<string, unknown>>;
+  failures: Array<Record<string, unknown>>;
+  events: Array<Record<string, unknown>>;
+  spans: Array<Record<string, unknown>>;
+}
+
+function readGeneratedJson<T>(workspaceRoot: string, relative: string): T | null {
+  const path = join(workspaceRoot, relative);
+  if (!nodeFileSystem.exists(path)) {
+    return null;
+  }
+  try {
+    return JSON.parse(stripDeterministicHeader(nodeFileSystem.readText(path) ?? "{}")) as T;
+  } catch {
+    return null;
+  }
+}
+
+function payloadOf(event: Record<string, unknown>): Record<string, unknown> {
+  const payload = event.payload;
+  if (typeof payload === "string") {
+    try {
+      return JSON.parse(payload) as Record<string, unknown>;
+    } catch {
+      return {};
+    }
+  }
+  return payload && typeof payload === "object" ? payload as Record<string, unknown> : {};
+}
+
+function eventName(payload: Record<string, unknown>): string {
+  const event = payload.event;
+  if (event && typeof event === "object" && "name" in event) {
+    return String((event as { name?: unknown }).name ?? "");
+  }
+  return "";
+}
+
+function eventProperties(payload: Record<string, unknown>): Record<string, unknown> {
+  const event = payload.event;
+  if (event && typeof event === "object" && "properties" in event) {
+    const properties = (event as { properties?: unknown }).properties;
+    return properties && typeof properties === "object" ? properties as Record<string, unknown> : {};
+  }
+  return {};
+}
+
+interface AgentToolRecord {
+  name?: unknown;
+  risk?: unknown;
+  needsApproval?: unknown;
+  readOnly?: unknown;
+  sourceKind?: unknown;
+}
+
+interface AgentRecord {
+  name?: unknown;
+  stopWhen?: unknown;
+  maxSteps?: unknown;
+}
+
+interface AiRedteamScenario {
+  id: string;
+  name: string;
+  status: "passed" | "failed" | "not-applicable";
+  evidence: string;
+}
+
+function toolName(tool: AgentToolRecord): string {
+  return typeof tool.name === "string" && tool.name.length > 0 ? tool.name : "<anonymous>";
+}
+
+function toolNeedsApproval(tool: AgentToolRecord): boolean {
+  return tool.needsApproval === true || tool.needsApproval === "dynamic";
+}
+
+function isDangerousRisk(risk: unknown): boolean {
+  return risk === "write" || risk === "external" || risk === "destructive";
+}
+
+function hasAgentStepLimit(agent: AgentRecord): boolean {
+  if (typeof agent.maxSteps === "number" && agent.maxSteps > 0) {
+    return true;
+  }
+  const stopWhen = agent.stopWhen;
+  return Boolean(
+    stopWhen &&
+      typeof stopWhen === "object" &&
+      "maxSteps" in stopWhen &&
+      typeof (stopWhen as { maxSteps?: unknown }).maxSteps === "number" &&
+      (stopWhen as { maxSteps: number }).maxSteps > 0,
+  );
+}
+
+function runAgentRedteam(workspaceRoot: string): AiCommandResult {
+  const agentTools = loadAgentTools(workspaceRoot);
+  const explicitTools = (agentTools?.explicitTools ?? []) as AgentToolRecord[];
+  const autoTools = (agentTools?.autoTools ?? []) as AgentToolRecord[];
+  const agents = (agentTools?.agents ?? []) as AgentRecord[];
+  const allTools = [...explicitTools, ...autoTools];
+  const dangerousTools = allTools.filter((tool) => isDangerousRisk(tool.risk));
+  const dangerousWithoutApproval = dangerousTools.filter((tool) => !toolNeedsApproval(tool));
+  const readToolsWithWriteSurface = allTools.filter(
+    (tool) => tool.risk === "read" && tool.readOnly === false,
+  );
+  const commandToolsWithoutApproval = autoTools.filter(
+    (tool) => tool.sourceKind === "command" && !toolNeedsApproval(tool),
+  );
+  const agentsWithoutStepLimit = agents.filter((agent) => !hasAgentStepLimit(agent));
+  const secretLikeTools = allTools.filter((tool) => /secret|token|api[_-]?key/i.test(toolName(tool)));
+
+  const scenarios: AiRedteamScenario[] = [
+    {
+      id: "approval-bypass",
+      name: "Dangerous tools require approval",
+      status:
+        dangerousTools.length === 0
+          ? "not-applicable"
+          : dangerousWithoutApproval.length === 0
+            ? "passed"
+            : "failed",
+      evidence:
+        dangerousWithoutApproval.length === 0
+          ? `${dangerousTools.length} dangerous tools require approval`
+          : `tools without approval: ${dangerousWithoutApproval.map(toolName).sort().join(", ")}`,
+    },
+    {
+      id: "auto-command-approval",
+      name: "Generated command auto-tools require approval",
+      status:
+        autoTools.filter((tool) => tool.sourceKind === "command").length === 0
+          ? "not-applicable"
+          : commandToolsWithoutApproval.length === 0
+            ? "passed"
+            : "failed",
+      evidence:
+        commandToolsWithoutApproval.length === 0
+          ? "command auto-tools are approval gated"
+          : `command auto-tools without approval: ${commandToolsWithoutApproval.map(toolName).sort().join(", ")}`,
+    },
+    {
+      id: "read-only-boundary",
+      name: "Read tools stay read-only",
+      status: readToolsWithWriteSurface.length === 0 ? "passed" : "failed",
+      evidence:
+        readToolsWithWriteSurface.length === 0
+          ? "read tools do not expose write metadata"
+          : `read tools with write surface: ${readToolsWithWriteSurface.map(toolName).sort().join(", ")}`,
+    },
+    {
+      id: "excessive-agency",
+      name: "Agents have bounded step limits",
+      status:
+        agents.length === 0
+          ? "not-applicable"
+          : agentsWithoutStepLimit.length === 0
+            ? "passed"
+            : "failed",
+      evidence:
+        agentsWithoutStepLimit.length === 0
+          ? `${agents.length} agents are step bounded`
+          : `agents without step limits: ${agentsWithoutStepLimit.map((agent) => String(agent.name ?? "<anonymous>")).sort().join(", ")}`,
+    },
+    {
+      id: "secret-extraction-surface",
+      name: "Tool names do not expose secret-like capabilities",
+      status: secretLikeTools.length === 0 ? "passed" : "failed",
+      evidence:
+        secretLikeTools.length === 0
+          ? "no secret-like tool names detected"
+          : `secret-like tools: ${secretLikeTools.map(toolName).sort().join(", ")}`,
+    },
+  ];
+
+  const failed = scenarios.filter((scenario) => scenario.status === "failed");
+  return {
+    exitCode: failed.length === 0 ? 0 : 1,
+    data: {
+      schemaVersion: "0.1.0",
+      kind: "agent-redteam",
+      ok: failed.length === 0,
+      assurance: "structural-redteam",
+      scenarios,
+      summary: {
+        passed: scenarios.filter((scenario) => scenario.status === "passed").map((scenario) => scenario.id),
+        failed: failed.map((scenario) => scenario.id),
+        notApplicable: scenarios
+          .filter((scenario) => scenario.status === "not-applicable")
+          .map((scenario) => scenario.id),
+      },
+    },
+    diagnostics: failed.map((scenario) =>
+      createDiagnostic({
+        severity: "error",
+        code: "FORGE_AI_REDTEAM_FAILED",
+        message: `${scenario.name}: ${scenario.evidence}`,
+        fixHint: "Review generated agentTools.json and require approval for write/external/destructive tools, read-only metadata for read tools, and max step limits for agents.",
+        suggestedCommands: ["forge ai tools --json", "forge ai agents --json", "forge ai redteam --json"],
+        docs: ["docs/ai-agents.md", "docs/threat-model.md"],
+      }),
+    ),
+  };
+}
+
+export function summarizeAiTrace(traceId: string, inspected: {
+  events: Record<string, unknown>[];
+  spans: Record<string, unknown>[];
+}): AiTraceSummary {
+  const aiEvents = inspected.events
+    .map((event) => {
+      const payload = payloadOf(event);
+      const name = eventName(payload);
+      return {
+        id: event.id,
+        name,
+        status: event.status,
+        createdAt: event.created_at,
+        properties: eventProperties(payload),
+      };
+    })
+    .filter((event) => event.name.startsWith("forge.ai."));
+
+  const bySuffix = (suffix: string) => aiEvents.filter((event) => event.name.endsWith(suffix));
+  return {
+    traceId,
+    agents: aiEvents.filter((event) => event.name.startsWith("forge.ai.agent.")),
+    tools: aiEvents.filter((event) => event.name.startsWith("forge.ai.tool.")),
+    generations: aiEvents.filter((event) => event.name.startsWith("forge.ai.generation.") || event.name.startsWith("forge.ai.stream.")),
+    usage: aiEvents.filter((event) => event.name === "forge.ai.usage"),
+    failures: [...bySuffix(".failed")],
+    events: aiEvents,
+    spans: inspected.spans,
+  };
+}
+
 export async function runAiCommand(options: AiCommandOptions): Promise<AiCommandResult> {
   initializeRuntimeEnv(options.workspaceRoot);
   const registry = loadAiRegistry(options.workspaceRoot);
@@ -47,6 +323,58 @@ export async function runAiCommand(options: AiCommandOptions): Promise<AiCommand
       const models = loadAiModels(options.workspaceRoot);
       return { exitCode: 0, data: { models } };
     }
+    case "tools": {
+      const agentTools = loadAgentTools(options.workspaceRoot);
+      return {
+        exitCode: 0,
+        data: {
+          explicitTools: agentTools?.explicitTools ?? registry?.tools ?? [],
+          autoTools: agentTools?.autoTools ?? [],
+        },
+      };
+    }
+    case "agents": {
+      const agentTools = loadAgentTools(options.workspaceRoot);
+      return { exitCode: 0, data: { agents: agentTools?.agents ?? registry?.agents ?? [] } };
+    }
+    case "redteam": {
+      return runAgentRedteam(options.workspaceRoot);
+    }
+    case "trace": {
+      if (!options.traceId) {
+        return {
+          exitCode: 1,
+          diagnostics: [
+            createDiagnostic({
+              severity: "error",
+              code: "FORGE_CLI_USAGE",
+              message: "forge ai trace requires a trace id",
+            }),
+          ],
+        };
+      }
+      const { adapter, diagnostics } = await createDbAdapter({
+        kind: options.db ?? "pglite",
+        workspaceRoot: options.workspaceRoot,
+        databaseUrl: options.databaseUrl,
+      });
+      if (!adapter) {
+        return { exitCode: 1, diagnostics };
+      }
+      try {
+        const sqlPlan = readGeneratedJson<SqlPlan>(
+          options.workspaceRoot,
+          `${GENERATED_DIR}/sqlPlan.json`,
+        );
+        if (sqlPlan) {
+          await applyMigrations(adapter, sqlPlan);
+        }
+        const inspected = await inspectTrace(adapter, options.traceId);
+        return { exitCode: 0, data: summarizeAiTrace(options.traceId, inspected) };
+      } finally {
+        await adapter.close();
+      }
+    }
     case "check": {
       const result = checkAiProviders(store, registry, secretRegistry);
       return { exitCode: result.ok ? 0 : 1, data: result };
@@ -133,6 +461,28 @@ export function formatAiHuman(subcommand: AiSubcommand, result: AiCommandResult)
     return `${models.map((m) => JSON.stringify(m)).join("\n")}\n`;
   }
 
+  if (subcommand === "tools") {
+    const data = result.data as { explicitTools?: unknown[]; autoTools?: unknown[] };
+    const tools = [
+      ...(data.explicitTools ?? []),
+      ...(data.autoTools ?? []),
+    ];
+    return `${tools.map((m) => JSON.stringify(m)).join("\n")}\n`;
+  }
+
+  if (subcommand === "agents") {
+    const agents = (result.data as { agents: unknown[] })?.agents ?? [];
+    return `${agents.map((m) => JSON.stringify(m)).join("\n")}\n`;
+  }
+
+  if (subcommand === "trace") {
+    return `${JSON.stringify(result.data, null, 2)}\n`;
+  }
+
+  if (subcommand === "redteam") {
+    return `${JSON.stringify(result.data, null, 2)}\n`;
+  }
+
   if (subcommand === "check") {
     const data = result.data as { ok: boolean; missing: string[] };
     return data.ok

package/src/forge/cli/auth.ts

@@ -9,7 +9,7 @@ import { mapClaimsToAuthContext } from "../runtime/auth/claims.ts";
 import { ForgeAuthError } from "../runtime/auth/errors.ts";
 import { verifyJwtToken } from "../runtime/auth/verifier.ts";
 
-export type AuthSubcommand = "check" | "config" | "decode" | "test-token" | "jwks";
+export type AuthSubcommand = "check" | "config" | "decode" | "test-token" | "jwks" | "prove";
 
 export interface AuthCommandOptions {
   subcommand: AuthSubcommand;
@@ -163,6 +163,41 @@ export async function runAuthCommand(
   if (options.subcommand === "check") {
     return validateConfig(options.workspaceRoot);
   }
+  if (options.subcommand === "prove") {
+    const checked = validateConfig(options.workspaceRoot);
+    const config = loadAuthConfigFromEnv(options.workspaceRoot);
+    const productionMode = config.mode === "jwt" || config.mode === "oidc";
+    return {
+      ok: checked.ok,
+      mode: config.mode,
+      data: {
+        schemaVersion: "0.1.0",
+        kind: "auth-proof",
+        ok: checked.ok,
+        mode: config.mode,
+        productionReady: productionMode && checked.ok,
+        invariants: [
+          {
+            id: "INV-001",
+            name: "dev headers are not production auth",
+            status: productionMode ? "passed" : "local-only",
+            evidence: productionMode
+              ? "jwt/oidc mode configured through environment"
+              : "dev-headers mode is allowed only for local dev, tests, and agent workflows",
+          },
+          {
+            id: "INV-001-CONFIG",
+            name: "jwt/oidc required settings are present when production auth is enabled",
+            status: checked.ok ? "passed" : "failed",
+            evidence: checked.data,
+          },
+        ],
+        checkedAt: "deterministic",
+      },
+      error: checked.error,
+      exitCode: checked.exitCode,
+    };
+  }
   if (options.subcommand === "config") {
     return publicConfig(options.workspaceRoot);
   }

package/src/forge/cli/commands.ts

@@ -102,6 +102,11 @@ import {
 } from "./windows.ts";
 import { formatAuthHuman, formatAuthJson, runAuthCommand } from "./auth.ts";
 import { formatRlsHuman, formatRlsJson, runRlsCommand } from "./rls.ts";
+import {
+  formatSecurityHuman,
+  formatSecurityJson,
+  runSecurityCommand,
+} from "./security.ts";
 import { formatDepsHuman, formatDepsJson, runDepsCommand } from "./deps.ts";
 import {
   formatReleaseHuman,
@@ -405,6 +410,7 @@ export async function runInspectCommand(
     "test-graph": `${GENERATED_DIR}/testGraph.json`,
     "test-plans": `${GENERATED_DIR}/testPlanRegistry.json`,
     "agent-contract": `${GENERATED_DIR}/agentContract.json`,
+    "agent-tools": `${GENERATED_DIR}/agentTools.json`,
     "agent-adapters": `${GENERATED_DIR}/agentAdapterManifest.json`,
     "capability-map": `${GENERATED_DIR}/capabilityMap.json`,
     ui: `${GENERATED_DIR}/uiTestManifest.json`,
@@ -451,6 +457,7 @@ export async function runInspectCommand(
       ["testGraph", `${GENERATED_DIR}/testGraph.json`],
       ["testPlanRegistry", `${GENERATED_DIR}/testPlanRegistry.json`],
       ["agentContract", `${GENERATED_DIR}/agentContract.json`],
+      ["agentTools", `${GENERATED_DIR}/agentTools.json`],
       ["agentAdapters", `${GENERATED_DIR}/agentAdapterManifest.json`],
       ["capabilityMap", `${GENERATED_DIR}/capabilityMap.json`],
       ["ui", `${GENERATED_DIR}/uiTestManifest.json`],
@@ -634,6 +641,15 @@ export async function executeCommand(command: ForgeCommand): Promise<number> {
       }
       return result.exitCode;
     }
+    case "security": {
+      const result = await runSecurityCommand(command);
+      if (command.json) {
+        process.stdout.write(formatSecurityJson(result));
+      } else {
+        process.stdout.write(formatSecurityHuman(result));
+      }
+      return result.exitCode;
+    }
     case "auth": {
       const result = await runAuthCommand(command);
       if (command.json) {
@@ -1111,6 +1127,9 @@ export async function executeCommand(command: ForgeCommand): Promise<number> {
         model: command.model,
         prompt: command.prompt,
         mock: command.mock,
+        traceId: command.traceId,
+        db: command.db,
+        databaseUrl: command.databaseUrl,
       });
 
       if (command.json) {

package/src/forge/cli/parse.ts

@@ -17,6 +17,7 @@ import type { SelfHostSubcommand } from "./self-host.ts";
 import type { AgentContractSubcommand } from "./agent-contract.ts";
 import type { AuthSubcommand } from "./auth.ts";
 import type { RlsSubcommand } from "./rls.ts";
+import type { SecuritySubcommand } from "./security.ts";
 import type { DepsSubcommand } from "./deps.ts";
 import type { ReleaseAction, ReleaseArea } from "./release.ts";
 import type { MakeCommandOptions, MakePrimitive } from "../make/types.ts";
@@ -99,6 +100,14 @@ export type ForgeCommand =
     }
   | { kind: "doctor"; target?: "project" | "windows"; json: boolean; workspaceRoot: string }
   | { kind: "setup"; target: "windows"; json: boolean; yes: boolean; workspaceRoot: string }
+  | {
+      kind: "security";
+      subcommand: SecuritySubcommand;
+      db: DbAdapterKind;
+      databaseUrl?: string;
+      json: boolean;
+      workspaceRoot: string;
+    }
   | {
       kind: "auth";
       subcommand: AuthSubcommand;
@@ -284,6 +293,9 @@ export type ForgeCommand =
       model?: string;
       prompt?: string;
       mock: boolean;
+      traceId?: string;
+      db?: DbAdapterKind;
+      databaseUrl?: string;
       workspaceRoot: string;
     };
 
@@ -305,6 +317,7 @@ export const TOP_LEVEL_COMMANDS = [
   "ui",
   "doctor",
   "setup",
+  "security",
   "auth",
   "rls",
   "deps",
@@ -367,6 +380,7 @@ export const INSPECT_TARGETS: InspectTarget[] = [
   "test-graph",
   "test-plans",
   "agent-contract",
+  "agent-tools",
   "agent-adapters",
   "capability-map",
   "framework",
@@ -392,8 +406,10 @@ const AUTH_SUBCOMMANDS: AuthSubcommand[] = [
   "decode",
   "test-token",
   "jwks",
+  "prove",
 ];
-const RLS_SUBCOMMANDS: RlsSubcommand[] = ["generate", "check", "apply", "test"];
+const SECURITY_SUBCOMMANDS: SecuritySubcommand[] = ["prove"];
+const RLS_SUBCOMMANDS: RlsSubcommand[] = ["generate", "check", "apply", "test", "mutate-test"];
 const DEPS_SUBCOMMANDS: DepsSubcommand[] = [
   "outdated",
   "inspect",
@@ -430,6 +446,7 @@ const MAKE_PRIMITIVES: MakePrimitive[] = [
   "component",
   "page",
   "ui",
+  "ai-chat",
   "resource",
   "apply",
   "rollback",
@@ -518,6 +535,16 @@ const UI_BROWSERS: UiBrowserName[] = ["chromium", "firefox", "webkit"];
 const UI_TRACE_MODES: UiTraceMode[] = ["on", "off", "retain-on-failure"];
 const UI_SCREENSHOT_MODES: UiScreenshotMode[] = ["on", "off", "only-on-failure"];
 const UI_VIDEO_MODES: UiVideoMode[] = ["on", "off", "retain-on-failure"];
+const AI_SUBCOMMANDS: AiSubcommand[] = [
+  "providers",
+  "check",
+  "test",
+  "models",
+  "tools",
+  "agents",
+  "redteam",
+  "trace",
+];
 
 function parseFlag(args: string[], flag: string): boolean {
   return args.includes(flag);
@@ -549,6 +576,10 @@ function parseDbKind(value: string | undefined): "pglite" | "postgres" | "none"
   return "pglite";
 }
 
+function parsePersistentDbKind(value: string | undefined): DbAdapterKind {
+  return parseDbKind(value) === "postgres" ? "postgres" : "pglite";
+}
+
 function parseAdapterKind(value: string | undefined): DbAdapterKind {
   if (value === "postgres" || value === "memory") {
     return value;
@@ -969,10 +1000,29 @@ export function parseCli(argv: string[]): ParsedCli {
         errors,
       };
     }
+    case "security": {
+      const subcommand = rest[0] as SecuritySubcommand | undefined;
+      if (!subcommand || !SECURITY_SUBCOMMANDS.includes(subcommand)) {
+        errors.push("forge security requires subcommand: prove");
+        return { command: null, workspaceRoot, errors };
+      }
+      return {
+        command: {
+          kind: "security",
+          subcommand,
+          db: parseAdapterKind(parseOptionValue(argv, "--db")),
+          databaseUrl: parseOptionValue(argv, "--database-url"),
+          json: parseFlag(argv, "--json"),
+          workspaceRoot,
+        },
+        workspaceRoot,
+        errors,
+      };
+    }
     case "auth": {
       const subcommand = rest[0] as AuthSubcommand | undefined;
       if (!subcommand || !AUTH_SUBCOMMANDS.includes(subcommand)) {
-        errors.push("forge auth requires subcommand: check, config, decode, test-token, or jwks");
+        errors.push("forge auth requires subcommand: check, config, decode, test-token, jwks, or prove");
         return { command: null, workspaceRoot, errors };
       }
       return {
@@ -990,7 +1040,7 @@ export function parseCli(argv: string[]): ParsedCli {
     case "rls": {
       const subcommand = rest[0] as RlsSubcommand | undefined;
       if (!subcommand || !RLS_SUBCOMMANDS.includes(subcommand)) {
-        errors.push("forge rls requires subcommand: generate, check, apply, or test");
+        errors.push("forge rls requires subcommand: generate, check, apply, test, or mutate-test");
         return { command: null, workspaceRoot, errors };
       }
       return {
@@ -1082,6 +1132,8 @@ export function parseCli(argv: string[]): ParsedCli {
             ? undefined
             : primitive === "ui"
               ? rest[1] ?? "ui"
+              : primitive === "ai-chat"
+                ? rest[1] ?? "support"
               : rest[1];
       const explainPrimitive =
         primitive === "explain" ? (rest[1] as MakePrimitive | undefined) : undefined;
@@ -1092,7 +1144,7 @@ export function parseCli(argv: string[]): ParsedCli {
         errors.push("forge make explain requires a known primitive");
       }
       if (
-        !["list", "explain", "ui"].includes(primitive) &&
+        !["list", "explain", "ui", "ai-chat"].includes(primitive) &&
         !name
       ) {
         errors.push(`forge make ${primitive} requires a name or plan id`);
@@ -1882,10 +1934,10 @@ export function parseCli(argv: string[]): ParsedCli {
       const subcommand = rest[0] as SecretsSubcommand | undefined;
       if (
         !subcommand ||
-        !["list", "check", "print", "set", "unset"].includes(subcommand)
+        !["list", "check", "print", "set", "unset", "prove"].includes(subcommand)
       ) {
         errors.push(
-          "forge secrets requires subcommand: list, check, print, set, or unset",
+          "forge secrets requires subcommand: list, check, print, set, unset, or prove",
         );
         return { command: null, workspaceRoot, errors };
       }
@@ -1925,13 +1977,17 @@ export function parseCli(argv: string[]): ParsedCli {
     }
     case "ai": {
       const subcommand = rest[0] as AiSubcommand | undefined;
-      if (!subcommand || !["providers", "check", "test", "models"].includes(subcommand)) {
-        errors.push("forge ai requires subcommand: providers, check, test, or models");
+      if (!subcommand || !AI_SUBCOMMANDS.includes(subcommand)) {
+        errors.push("forge ai requires subcommand: providers, check, test, models, tools, agents, redteam, or trace");
         return { command: null, workspaceRoot, errors };
       }
 
       const providerRaw = parseOptionValue(argv, "--provider");
       const provider = providerRaw as ForgeAiProvider | undefined;
+      const traceId = subcommand === "trace" ? rest[1] ?? parseOptionValue(argv, "--trace") : undefined;
+      if (subcommand === "trace" && !traceId) {
+        errors.push("forge ai trace requires a trace id");
+      }
 
       return {
         command: {
@@ -1942,6 +1998,9 @@ export function parseCli(argv: string[]): ParsedCli {
           model: parseOptionValue(argv, "--model"),
           prompt: parseOptionValue(argv, "--prompt"),
           mock: parseFlag(argv, "--mock"),
+          traceId,
+          db: parsePersistentDbKind(parseOptionValue(argv, "--db")),
+          databaseUrl: parseOptionValue(argv, "--database-url"),
           workspaceRoot,
         },
         workspaceRoot,