npm - ghost-dragon - Versions diffs - 4.2.1 - Mend

ghost-dragon 4.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (226) hide show

package/.github/workflows/ci.yml +23 -0
package/CHANGELOG.md +96 -0
package/README.md +193 -0
package/bootstrap.ps1 +83 -0
package/bootstrap.sh +71 -0
package/dist/agent/loop.d.ts +68 -0
package/dist/agent/loop.d.ts.map +1 -0
package/dist/agent/loop.js +135 -0
package/dist/agent/mcp.d.ts +33 -0
package/dist/agent/mcp.d.ts.map +1 -0
package/dist/agent/mcp.js +107 -0
package/dist/agent/session.d.ts +16 -0
package/dist/agent/session.d.ts.map +1 -0
package/dist/agent/session.js +55 -0
package/dist/agent/skills.d.ts +36 -0
package/dist/agent/skills.d.ts.map +1 -0
package/dist/agent/skills.js +153 -0
package/dist/agent/stack.d.ts +21 -0
package/dist/agent/stack.d.ts.map +1 -0
package/dist/agent/stack.js +158 -0
package/dist/agent/task.d.ts +21 -0
package/dist/agent/task.d.ts.map +1 -0
package/dist/agent/task.js +45 -0
package/dist/agent/tools.d.ts +44 -0
package/dist/agent/tools.d.ts.map +1 -0
package/dist/agent/tools.js +262 -0
package/dist/agent/trace.d.ts +34 -0
package/dist/agent/trace.d.ts.map +1 -0
package/dist/agent/trace.js +72 -0
package/dist/agent.d.ts +46 -0
package/dist/agent.d.ts.map +1 -0
package/dist/agent.js +103 -0
package/dist/auth.d.ts +74 -0
package/dist/auth.d.ts.map +1 -0
package/dist/auth.js +116 -0
package/dist/brain/anthropic.d.ts +19 -0
package/dist/brain/anthropic.d.ts.map +1 -0
package/dist/brain/anthropic.js +74 -0
package/dist/brain/claude-cli.d.ts +20 -0
package/dist/brain/claude-cli.d.ts.map +1 -0
package/dist/brain/claude-cli.js +79 -0
package/dist/brain/ghost-ember.d.ts +28 -0
package/dist/brain/ghost-ember.d.ts.map +1 -0
package/dist/brain/ghost-ember.js +97 -0
package/dist/brain/index.d.ts +22 -0
package/dist/brain/index.d.ts.map +1 -0
package/dist/brain/index.js +95 -0
package/dist/brain/openai-compat.d.ts +21 -0
package/dist/brain/openai-compat.d.ts.map +1 -0
package/dist/brain/openai-compat.js +119 -0
package/dist/brain/router/classify.d.ts +23 -0
package/dist/brain/router/classify.d.ts.map +1 -0
package/dist/brain/router/classify.js +160 -0
package/dist/brain/router/execute.d.ts +23 -0
package/dist/brain/router/execute.d.ts.map +1 -0
package/dist/brain/router/execute.js +84 -0
package/dist/brain/router/index.d.ts +26 -0
package/dist/brain/router/index.d.ts.map +1 -0
package/dist/brain/router/index.js +118 -0
package/dist/brain/router/routing-memory.d.ts +27 -0
package/dist/brain/router/routing-memory.d.ts.map +1 -0
package/dist/brain/router/routing-memory.js +77 -0
package/dist/brain/router/select.d.ts +32 -0
package/dist/brain/router/select.d.ts.map +1 -0
package/dist/brain/router/select.js +146 -0
package/dist/brain/router/two-hop.d.ts +23 -0
package/dist/brain/router/two-hop.d.ts.map +1 -0
package/dist/brain/router/two-hop.js +39 -0
package/dist/brain/router/verify.d.ts +37 -0
package/dist/brain/router/verify.d.ts.map +1 -0
package/dist/brain/router/verify.js +111 -0
package/dist/brain/types.d.ts +55 -0
package/dist/brain/types.d.ts.map +1 -0
package/dist/brain/types.js +16 -0
package/dist/brain/worker.d.ts +27 -0
package/dist/brain/worker.d.ts.map +1 -0
package/dist/brain/worker.js +71 -0
package/dist/commands/ai.d.ts +24 -0
package/dist/commands/ai.d.ts.map +1 -0
package/dist/commands/ai.js +137 -0
package/dist/commands/alerts.d.ts +19 -0
package/dist/commands/alerts.d.ts.map +1 -0
package/dist/commands/alerts.js +114 -0
package/dist/commands/billing.d.ts +13 -0
package/dist/commands/billing.d.ts.map +1 -0
package/dist/commands/billing.js +55 -0
package/dist/commands/chat.d.ts +22 -0
package/dist/commands/chat.d.ts.map +1 -0
package/dist/commands/chat.js +422 -0
package/dist/commands/config.d.ts +18 -0
package/dist/commands/config.d.ts.map +1 -0
package/dist/commands/config.js +136 -0
package/dist/commands/doctor.d.ts +11 -0
package/dist/commands/doctor.d.ts.map +1 -0
package/dist/commands/doctor.js +73 -0
package/dist/commands/global.d.ts +11 -0
package/dist/commands/global.d.ts.map +1 -0
package/dist/commands/global.js +253 -0
package/dist/commands/keep.d.ts +12 -0
package/dist/commands/keep.d.ts.map +1 -0
package/dist/commands/keep.js +58 -0
package/dist/commands/lifecycle.d.ts +17 -0
package/dist/commands/lifecycle.d.ts.map +1 -0
package/dist/commands/lifecycle.js +267 -0
package/dist/commands/login.d.ts +16 -0
package/dist/commands/login.d.ts.map +1 -0
package/dist/commands/login.js +234 -0
package/dist/commands/maintenance.d.ts +12 -0
package/dist/commands/maintenance.d.ts.map +1 -0
package/dist/commands/maintenance.js +76 -0
package/dist/commands/mcp.d.ts +16 -0
package/dist/commands/mcp.d.ts.map +1 -0
package/dist/commands/mcp.js +56 -0
package/dist/commands/memory.d.ts +13 -0
package/dist/commands/memory.d.ts.map +1 -0
package/dist/commands/memory.js +218 -0
package/dist/commands/osint.d.ts +14 -0
package/dist/commands/osint.d.ts.map +1 -0
package/dist/commands/osint.js +161 -0
package/dist/commands/pentest.d.ts +13 -0
package/dist/commands/pentest.d.ts.map +1 -0
package/dist/commands/pentest.js +131 -0
package/dist/commands/scale.d.ts +14 -0
package/dist/commands/scale.d.ts.map +1 -0
package/dist/commands/scale.js +191 -0
package/dist/commands/serve.d.ts +16 -0
package/dist/commands/serve.d.ts.map +1 -0
package/dist/commands/serve.js +167 -0
package/dist/commands/tui.d.ts +17 -0
package/dist/commands/tui.d.ts.map +1 -0
package/dist/commands/tui.js +138 -0
package/dist/commands/wyrm.d.ts +20 -0
package/dist/commands/wyrm.d.ts.map +1 -0
package/dist/commands/wyrm.js +274 -0
package/dist/config.d.ts +67 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +54 -0
package/dist/index.d.ts +16 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +85 -0
package/dist/manifest.d.ts +31 -0
package/dist/manifest.d.ts.map +1 -0
package/dist/manifest.js +83 -0
package/dist/ui.d.ts +57 -0
package/dist/ui.d.ts.map +1 -0
package/dist/ui.js +174 -0
package/dist/utils.d.ts +33 -0
package/dist/utils.d.ts.map +1 -0
package/dist/utils.js +155 -0
package/dist/wyrm/mcp.d.ts +37 -0
package/dist/wyrm/mcp.d.ts.map +1 -0
package/dist/wyrm/mcp.js +137 -0
package/docs/SYSTEM-PREMORTEM.md +397 -0
package/dragon-manifest.toml +241 -0
package/dragon.py +177 -0
package/install/launchd/lk.ghosts.dragonkeep.plist +57 -0
package/install/systemd/dragonkeep.service +40 -0
package/media/dragon-silver-lockup.svg +931 -0
package/media/dragon-silver-mark.svg +931 -0
package/media/dragon-silver.png +0 -0
package/package.json +45 -0
package/specs/001-godmode/constitution.md +54 -0
package/specs/001-godmode/plan.md +30 -0
package/specs/001-godmode/spec.md +64 -0
package/specs/001-godmode/tasks.md +35 -0
package/specs/002-premortem-positioning/premortem.md +211 -0
package/src/agent/loop.ts +165 -0
package/src/agent/mcp.ts +92 -0
package/src/agent/session.ts +48 -0
package/src/agent/skills.ts +138 -0
package/src/agent/stack.ts +154 -0
package/src/agent/task.ts +55 -0
package/src/agent/tools.ts +255 -0
package/src/agent/trace.ts +76 -0
package/src/agent.ts +114 -0
package/src/auth.ts +133 -0
package/src/brain/anthropic.ts +83 -0
package/src/brain/claude-cli.ts +78 -0
package/src/brain/ghost-ember.ts +94 -0
package/src/brain/index.ts +99 -0
package/src/brain/openai-compat.ts +115 -0
package/src/brain/router/classify.ts +167 -0
package/src/brain/router/execute.ts +80 -0
package/src/brain/router/index.ts +125 -0
package/src/brain/router/routing-memory.ts +71 -0
package/src/brain/router/select.ts +156 -0
package/src/brain/router/two-hop.ts +62 -0
package/src/brain/router/verify.ts +123 -0
package/src/brain/types.ts +61 -0
package/src/brain/worker.ts +72 -0
package/src/commands/ai.ts +144 -0
package/src/commands/alerts.ts +131 -0
package/src/commands/billing.ts +59 -0
package/src/commands/chat.ts +318 -0
package/src/commands/config.ts +137 -0
package/src/commands/doctor.ts +71 -0
package/src/commands/global.ts +256 -0
package/src/commands/keep.ts +67 -0
package/src/commands/lifecycle.ts +273 -0
package/src/commands/login.ts +184 -0
package/src/commands/maintenance.ts +54 -0
package/src/commands/mcp.ts +57 -0
package/src/commands/memory.ts +229 -0
package/src/commands/osint.ts +171 -0
package/src/commands/pentest.ts +140 -0
package/src/commands/scale.ts +185 -0
package/src/commands/serve.ts +171 -0
package/src/commands/tui.ts +126 -0
package/src/commands/wyrm.ts +269 -0
package/src/config.ts +93 -0
package/src/index.ts +92 -0
package/src/manifest.ts +104 -0
package/src/ui.ts +188 -0
package/src/utils.ts +153 -0
package/src/wyrm/mcp.ts +130 -0
package/test/auth.test.ts +70 -0
package/test/brain.test.ts +39 -0
package/test/security.test.ts +104 -0
package/test/skills.test.ts +38 -0
package/test/ui.test.ts +46 -0
package/tsconfig.json +19 -0
package/worker/package-lock.json +1527 -0
package/worker/package.json +17 -0
package/worker/src/index.ts +76 -0
package/worker/tsconfig.json +15 -0
package/worker/wrangler.toml +26 -0

package/src/commands/ai.ts ADDED Viewed

@@ -0,0 +1,144 @@
+/**
+ * dragon ai — Bridge the dragon stack to AI clients (Claude Code,
+ * Codex, Copilot CLI, Aider, Cursor, etc.)
+ *
+ *   ai context <target>       — Print a compact context dump suitable
+ *                               for splicing into any LLM system prompt
+ *   ai mcp-config              — Print Claude Desktop MCP JSON config
+ *   ai brief <target>          — Print engagement brief Markdown
+ *   ai prompt <target>         — Print operator-ready prompt with
+ *                               memory context + suggested actions
+ *
+ * Designed so an operator running Claude Code in another window can do:
+ *
+ *   $ dragon ai prompt upalis.com | claude
+ *
+ * and Claude picks up the engagement context immediately.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import type { Command } from 'commander'
+import type { DragonConfig } from '../config.js'
+import { fetchJSON, label, error, info } from '../utils.js'
+import chalk from 'chalk'
+function api(config: DragonConfig, path: string): string {
+  const port = config.products.pentest.controlPort ?? 4091
+  return `http://localhost:${port}${path}`
+}
+interface Suggestion {
+  verb: string
+  title: string
+  rationale: string
+  command: string
+}
+export function registerAiCommands(program: Command, config: DragonConfig) {
+  const ai = program.command('ai').description('Bridge the dragon stack to AI clients')
+  // --- context ---
+  ai.command('context <target>')
+    .description('Print compact context for splicing into an LLM system prompt')
+    .action(async (target) => {
+      try {
+        const port = config.products.pentest.controlPort ?? 4091
+        const res = await fetch(`http://localhost:${port}/v1/memory/target/${encodeURIComponent(target)}/context`)
+        if (!res.ok) { error(`HTTP ${res.status}`); return }
+        process.stdout.write(await res.text())
+      } catch (e) {
+        error(String(e))
+      }
+    })
+  // --- prompt ---
+  ai.command('prompt <target>')
+    .description('Operator-ready prompt block: identity + memory + suggested actions')
+    .action(async (target) => {
+      try {
+        const port = config.products.pentest.controlPort ?? 4091
+        const [ctxR, sugR] = await Promise.all([
+          fetch(`http://localhost:${port}/v1/memory/target/${encodeURIComponent(target)}/context`),
+          fetchJSON<{ suggestions: Suggestion[] }>(api(config, `/v1/memory/target/${encodeURIComponent(target)}/copilot`)),
+        ])
+        const ctx = ctxR.ok ? await ctxR.text() : "# No prior memory."
+        process.stdout.write([
+          "You are operating inside Ghost Protocol's offensive-security stack.",
+          "Target context follows. Cite scan_ids when referring to prior findings.",
+          "",
+          "---",
+          "",
+          ctx,
+          "",
+          "## Suggested next actions",
+          "",
+          ...sugR.suggestions.map((s) => `- **${s.title}** — ${s.rationale}\n  Command: \`${s.command}\``),
+          "",
+          "---",
+          "",
+          "When the operator asks a question, prefer concrete actions from above.",
+          "Never invent findings; if memory is empty, say so and propose a baseline scan.",
+          "",
+        ].join("\n"))
+      } catch (e) {
+        error(String(e))
+      }
+    })
+  // --- brief ---
+  ai.command('brief <target>')
+    .description('Print engagement-brief Markdown for paste into any client')
+    .action(async (target) => {
+      try {
+        const port = config.products.pentest.controlPort ?? 4091
+        const res = await fetch(`http://localhost:${port}/v1/memory/target/${encodeURIComponent(target)}/brief`)
+        if (!res.ok) { error(`HTTP ${res.status}`); return }
+        process.stdout.write(await res.text())
+      } catch (e) {
+        error(String(e))
+      }
+    })
+  // --- mcp-config ---
+  ai.command('mcp-config')
+    .description('Print Claude Desktop MCP server configuration')
+    .option('--name <name>', 'Server profile name', 'dragon-stack')
+    .action((opts) => {
+      const cfg = {
+        mcpServers: {
+          "phantom-memory": {
+            command: "phantom-memory-mcp",
+            env: { PD_CONTROL_API: `http://localhost:${config.products.pentest.controlPort ?? 4091}` },
+          },
+          "dragonkeep": {
+            command: "dragonkeep-mcp",
+          },
+          "dragonnet": {
+            command: "dragonnet-mcp",
+            env: { DRAGONNET_API: `http://localhost:${config.products.net.apiPort ?? 4080}` },
+          },
+        },
+      }
+      console.log(label('Dragon AI'), `MCP config for ${chalk.bold(opts.name)}:\n`)
+      console.log(JSON.stringify(cfg, null, 2))
+      console.log()
+      info('Linux: paste into ~/.config/Claude/claude_desktop_config.json')
+      info('macOS: ~/Library/Application Support/Claude/claude_desktop_config.json')
+      info('Restart Claude Desktop after editing.')
+    })
+  // --- skills ---
+  ai.command('skills')
+    .description('Print Claude Code skill paths and an install hint')
+    .action(() => {
+      const skills = [
+        "scan", "memory", "osint", "chronicle", "triage",
+      ]
+      console.log(label('Dragon AI'), 'Claude Code skills available:\n')
+      skills.forEach((s) => console.log(`  /${s.padEnd(12)}  ~/.claude/skills/dragon-${s}/SKILL.md`))
+      console.log()
+      info('These are pre-installed in ~/.copilot/skills/ — symlinked into ~/.claude/skills/.')
+    })
+}

package/src/commands/alerts.ts ADDED Viewed

@@ -0,0 +1,131 @@
+/**
+ * dragon alerts — Webhook alert pipeline (Slack / Discord / generic)
+ *
+ *   alerts list
+ *   alerts add <url> --label NAME --kind slack|discord|generic
+ *   alerts remove <id>
+ *   alerts test                — fire a test event to every webhook
+ *
+ * Backed by PhantomDragon Control's /v1/alerts/webhooks endpoints. Any
+ * defensive Critical/High finding (DragonKeep → Phantom Memory) auto-
+ * fan-outs to every webhook that has on_critical / on_high enabled.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import type { Command } from 'commander'
+import type { DragonConfig } from '../config.js'
+import { fetchJSON, label, success, error, info, table } from '../utils.js'
+import chalk from 'chalk'
+function api(config: DragonConfig, path: string): string {
+  const port = config.products.pentest.controlPort ?? 4091
+  return `http://localhost:${port}${path}`
+}
+interface Webhook {
+  id: string
+  label: string
+  url: string
+  kind: string
+  on_critical: boolean
+  on_high: boolean
+  on_scan_complete: boolean
+  enabled: boolean
+}
+async function postJSON<T>(url: string, body: unknown): Promise<T> {
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  })
+  if (!res.ok) throw new Error(`HTTP ${res.status}: ${await res.text()}`)
+  return res.json() as Promise<T>
+}
+async function del(url: string): Promise<void> {
+  const res = await fetch(url, { method: 'DELETE' })
+  if (!res.ok) throw new Error(`HTTP ${res.status}`)
+}
+export function registerAlertsCommands(program: Command, config: DragonConfig) {
+  const alerts = program
+    .command('alerts')
+    .description('Webhook alert pipeline (Slack / Discord / generic)')
+  alerts
+    .command('list')
+    .description('List configured webhooks')
+    .action(async () => {
+      try {
+        const d = await fetchJSON<{ webhooks: Webhook[] }>(api(config, '/v1/alerts/webhooks'))
+        if (d.webhooks.length === 0) {
+          info('No webhooks configured. Try: dragon alerts add <url> --label slack')
+          return
+        }
+        console.log(label('Alerts'), 'Webhooks:\n')
+        table(d.webhooks.map((w) => ({
+          ID: w.id,
+          Label: w.label,
+          Kind: w.kind,
+          'Crit/High/Scan': `${w.on_critical ? '✓' : '·'}${w.on_high ? '✓' : '·'}${w.on_scan_complete ? '✓' : '·'}`,
+          Enabled: w.enabled ? 'yes' : 'no',
+          URL: w.url.slice(0, 50),
+        })))
+      } catch (e) {
+        error(String(e))
+      }
+    })
+  alerts
+    .command('add <url>')
+    .description('Register a new webhook')
+    .option('--label <label>', 'Display label', 'webhook')
+    .option('--kind <kind>', 'slack | discord | generic', 'generic')
+    .option('--on-high', 'Also fire on HIGH (default: CRITICAL only)')
+    .option('--on-scan-complete', 'Fire on scan completion events')
+    .action(async (url, opts) => {
+      try {
+        const created = await postJSON<Webhook>(api(config, '/v1/alerts/webhooks'), {
+          label: opts.label,
+          url,
+          kind: opts.kind,
+          on_critical: true,
+          on_high: !!opts.onHigh,
+          on_scan_complete: !!opts.onScanComplete,
+          enabled: true,
+        })
+        success(`Registered webhook ${chalk.bold(created.id)} (${created.kind})`)
+      } catch (e) {
+        error(String(e))
+      }
+    })
+  alerts
+    .command('remove <id>')
+    .description('Delete a webhook')
+    .action(async (id) => {
+      try {
+        await del(api(config, `/v1/alerts/webhooks/${encodeURIComponent(id)}`))
+        success(`Removed webhook ${id}`)
+      } catch (e) {
+        error(String(e))
+      }
+    })
+  alerts
+    .command('test')
+    .description('Fire a test CRITICAL event to every webhook')
+    .action(async () => {
+      try {
+        const r = await postJSON<{ fired: number; webhooks_total: number }>(
+          api(config, '/v1/alerts/test'), {},
+        )
+        success(`Fired to ${r.fired} of ${r.webhooks_total} webhook(s)`)
+      } catch (e) {
+        error(String(e))
+      }
+    })
+}

package/src/commands/billing.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * dragon billing — License management (Paddle / DragonSeal)
+ *
+ *   billing licenses         — list active product licences
+ *   billing check <product>  — quick check whether <product> is licensed
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import type { Command } from 'commander'
+import type { DragonConfig } from '../config.js'
+import { fetchJSON, label, error, info } from '../utils.js'
+import chalk from 'chalk'
+function api(config: DragonConfig, path: string): string {
+  const port = config.products.pentest.controlPort ?? 4091
+  return `http://localhost:${port}${path}`
+}
+export function registerBillingCommands(program: Command, config: DragonConfig) {
+  const billing = program.command('billing').description('License management — Paddle / DragonSeal')
+  billing.command('licenses')
+    .description('Active product licences on this host')
+    .option('--email <email>', 'Restrict to a specific operator email')
+    .action(async (opts) => {
+      try {
+        const params = new URLSearchParams()
+        if (opts.email) params.set('email', opts.email)
+        const d = await fetchJSON<{ licenses: string[] }>(api(config, `/v1/billing/licenses?${params}`))
+        if (d.licenses.length === 0) {
+          info('No active licences. Free tier active for every product.')
+          return
+        }
+        console.log(label('Licenses'), 'Active products:\n')
+        d.licenses.forEach((p) => console.log(`  ${chalk.green('●')} ${p}`))
+      } catch (e) {
+        error(String(e))
+      }
+    })
+  billing.command('check <product>')
+    .description('Check whether <product> is licensed')
+    .option('--email <email>', 'Restrict to a specific operator email')
+    .action(async (product, opts) => {
+      try {
+        const params = new URLSearchParams({ product })
+        if (opts.email) params.set('email', opts.email)
+        const d = await fetchJSON<{ product: string; licensed: boolean }>(
+          api(config, `/v1/billing/check?${params}`),
+        )
+        const sym = d.licensed ? chalk.green('✓ licensed') : chalk.yellow('· free tier')
+        console.log(`${product.padEnd(28)} ${sym}`)
+      } catch (e) {
+        error(String(e))
+      }
+    })
+}

package/src/commands/chat.ts ADDED Viewed

@@ -0,0 +1,318 @@
+/**
+ * dragon chat / dragon ask — the Dragon agent: a Claude-Code-style terminal
+ * coding agent that runs tools locally, reasons with a pluggable brain (Claude
+ * by default), and is wired into Wyrm long-term memory by default.
+ *
+ *   dragon chat                 interactive agent — edits files, runs commands,
+ *                               remembers across sessions via Wyrm
+ *   dragon ask "…"              one-shot (read-only unless --auto); pipeable
+ *
+ *   --brain claude|openai|local   reasoning model        (default: config/claude)
+ *   --model <id>                  override the model
+ *   --no-wyrm                     disable Wyrm memory for this run
+ *   --no-portal                   don't expose the hosted account assistant tool
+ *   --auto                        auto-approve file writes + shell (use with care)
+ *   --cwd <dir>                   run the agent against another directory
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ */
+import type { Command } from 'commander'
+import { loadConfig, saveConfig, type DragonConfig } from '../config.js'
+import { C, error, info, success } from '../utils.js'
+import { saveSession, loadLastSession, exportMarkdown } from '../agent/session.js'
+import { panel, chrome, kv, statusDot, tidyPath } from '../ui.js'
+import { getBrain, BrainConfigError, type Provider } from '../brain/index.js'
+import type { Brain, BrainMessage, ToolSpec } from '../brain/types.js'
+import { Wyrm } from '../wyrm/mcp.js'
+import { BWRAP, type ToolContext } from '../agent/tools.js'
+import { runAgent, buildSystemPrompt, buildToolSpecs, type AgentDeps, type AgentRender, type PortalTool } from '../agent/loop.js'
+import { recordTurn, traceEnabled } from '../agent/trace.js'
+import { loadSkillLibrary, type SkillLibrary } from '../agent/skills.js'
+import { makeStackTools } from '../agent/stack.js'
+import { loadMcpHub } from '../agent/mcp.js'
+import { makeTaskTool } from '../agent/task.js'
+import { resolveAuth } from '../auth.js'
+import { streamAgent, AgentError, SURFACES } from '../agent.js'
+import { readFileSync, existsSync } from 'node:fs'
+import { createInterface, type Interface } from 'node:readline/promises'
+import { stdin, stdout } from 'node:process'
+function expandFileRefs(text: string): string {
+  return text.replace(/@(\S+)/g, (match, path) => {
+    if (path === '-' || !existsSync(path)) return match
+    try { return `\n\n--- ${path} ---\n${readFileSync(path, 'utf-8')}\n--- end ${path} ---\n\n` } catch { return match }
+  })
+}
+async function readStdinAll(): Promise<string> {
+  const chunks: Buffer[] = []
+  for await (const c of stdin) chunks.push(c as Buffer)
+  return Buffer.concat(chunks).toString('utf-8')
+}
+/** The hosted account.ghosts.lk assistant, exposed to the agent as one tool. */
+function makePortalTool(): PortalTool | null {
+  if (resolveAuth().mode === 'none') return null
+  const spec: ToolSpec = {
+    name: 'portal_ask',
+    description: "Ask the Ghost Protocol account portal assistant about the operator's licenses, product catalog, security services/pricing, or to book an engagement. Account/business questions only — not coding.",
+    parameters: { type: 'object', properties: { question: { type: 'string' }, surface: { type: 'string', enum: [...SURFACES] } }, required: ['question'] },
+  }
+  return {
+    spec,
+    async call(args) {
+      const surface = (SURFACES as readonly string[]).includes(String(args.surface)) ? String(args.surface) : 'dashboard'
+      try {
+        return await streamAgent({ messages: [{ role: 'user', content: String(args.question ?? '') }], surface, onDelta: () => {} })
+      } catch (e) {
+        return e instanceof AgentError ? `portal error: ${e.message}` : `portal error: ${String(e instanceof Error ? e.message : e)}`
+      }
+    },
+  }
+}
+interface SetupOpts { brain?: string; model?: string; wyrm?: boolean; portal?: boolean; cwd?: string; sovereign?: boolean }
+function hasKey(p: 'anthropic' | 'openai'): boolean {
+  const cfg = loadConfig()
+  return p === 'anthropic' ? !!(process.env.ANTHROPIC_API_KEY || cfg.brain?.keys?.anthropic) : !!(process.env.OPENAI_API_KEY || cfg.brain?.keys?.openai)
+}
+/** First-launch model picker (interactive). Persists the choice to config. */
+async function runPicker(): Promise<void> {
+  const signedIn = resolveAuth().mode !== 'none'
+  const ready = (ok: boolean, need: string) => (ok ? C.accent('● ready') : C.faint('○ ' + need))
+  console.log()
+  console.log(`  ${chrome("CHOOSE DRAGON'S BRAIN")}`)
+  console.log(`  ${C.faint('Tools always run locally — this only picks the reasoning model.')}`)
+  console.log()
+  console.log(`  ${C.accent('1')}  Cloudflare worker  ${C.faint('· free · our infra')}   ${ready(signedIn, 'needs `dragon login`')}`)
+  console.log(`  ${C.accent('2')}  Claude             ${C.faint('· best for code')}    ${ready(hasKey('anthropic'), 'needs ANTHROPIC_API_KEY')}`)
+  console.log(`  ${C.accent('3')}  Local Ollama       ${C.faint('· private · free')}`)
+  console.log(`  ${C.accent('4')}  OpenAI             ${C.faint('· hosted')}         ${ready(hasKey('openai'), 'needs OPENAI_API_KEY')}`)
+  console.log()
+  const rl = createInterface({ input: stdin, output: stdout })
+  let ans = ''
+  try { ans = (await rl.question(`  ${C.accent('▸')} pick ${C.faint('[1-4, default 1]')} `)).trim() } finally { rl.close() }
+  const provider: Provider = ({ '1': 'worker', '2': 'claude', '3': 'local', '4': 'openai' } as Record<string, Provider>)[ans] ?? 'worker'
+  const cfg = loadConfig(); cfg.brain = { ...(cfg.brain ?? {}), provider }; saveConfig(cfg)
+  info(`brain → ${C.accent(provider)}. Change anytime with ${C.info('dragon config brain <name>')}.`)
+}
+/** Resolve the brain: explicit --brain, else configured (with a first-launch picker),
+ *  else gracefully fall back to the free Cloudflare worker / local Ollama. */
+const HOSTED = ['claude', 'worker', 'openai']
+async function chooseBrain(opts: SetupOpts): Promise<Brain | null> {
+  const tryGet = (provider?: string): Brain | null => {
+    try { return getBrain({ provider, model: opts.model }) }
+    catch (e) { error(e instanceof BrainConfigError ? e.message : String(e instanceof Error ? e.message : e)); return null }
+  }
+  if (opts.sovereign) {
+    // local brain only — nothing leaves the host
+    if (opts.brain && HOSTED.includes(opts.brain)) info(`sovereign mode — ignoring hosted brain '${opts.brain}', using local.`)
+    return tryGet(opts.brain && !HOSTED.includes(opts.brain) ? opts.brain : 'local')
+  }
+  if (opts.brain) return tryGet(opts.brain)
+  if (!loadConfig().brain?.provider && stdin.isTTY) await runPicker()
+  try {
+    return getBrain({ model: opts.model })
+  } catch (e) {
+    if (!(e instanceof BrainConfigError)) { error(String(e instanceof Error ? e.message : e)); return null }
+    if (resolveAuth().mode !== 'none') { info(`${e.provider} brain unavailable — using the free Cloudflare brain.`); return getBrain({ provider: 'worker' }) }
+    info(`${e.provider} brain unavailable — using local Ollama. (Run \`dragon login\` for the free Cloudflare brain.)`)
+    return tryGet('local')
+  }
+}
+/** Build brain + wyrm + portal + system prompt. Returns null after printing on a brain config error. */
+async function setup(opts: SetupOpts, announce: boolean) {
+  const brain = await chooseBrain(opts)
+  if (!brain) return null
+  const cwd = opts.cwd ? (opts.cwd.startsWith('/') ? opts.cwd : `${process.cwd()}/${opts.cwd}`) : process.cwd()
+  let wyrm: Wyrm | null = null
+  let primed: string | null = null
+  if (opts.wyrm !== false) {
+    wyrm = new Wyrm()
+    const ok = await wyrm.connect()
+    if (ok) primed = await wyrm.prime(cwd)
+    else { if (announce) info('Wyrm memory unavailable — continuing without it.'); wyrm = null }
+  }
+  const portal = (opts.portal === false || opts.sovereign) ? null : makePortalTool()
+  const skills = loadSkillLibrary()
+  const stack = makeStackTools()
+  const mcp = await loadMcpHub(loadConfig().mcpServers)
+  if (mcp && announce) info(`MCP: ${mcp.serverCount} server(s) connected (${mcp.toolSpecs().length} tools).`)
+  const task = makeTaskTool({ brain, skills, cwd })
+  const system = buildSystemPrompt({ cwd, wyrm: !!wyrm, portal: !!portal, brainId: `${brain.id}:${brain.model}`, skills: skills.count || undefined, primed })
+  return { brain, wyrm, portal, skills, stack, mcp, task, cwd, system, primed }
+}
+function banner(s: { brain: { id: string; model: string }; wyrm: Wyrm | null; portal: PortalTool | null; skills?: SkillLibrary | null; cwd: string }, tools: ToolSpec[]): void {
+  const lines = [
+    kv('brain', C.info(`${s.brain.id}:${s.brain.model}`)),
+    kv('cwd', C.info(tidyPath(s.cwd))),
+    kv('state', `memory ${statusDot(!!s.wyrm)} ${s.wyrm ? C.info('wyrm') : C.faint('off')}   portal ${statusDot(!!s.portal)}   skills ${C.info(String(s.skills?.count ?? 0))}   tools ${C.info(String(tools.length))}`),
+  ]
+  console.log()
+  console.log(panel(lines, { title: chrome('DRAGON AGENT') }))
+  console.log(`  ${C.faint('/exit · /reset · /brain · /tools · /memory <q> · /auto · /plan · /save · @<file>')}`)
+}
+function makeRender(): AgentRender {
+  return {
+    onAssistantStart() { process.stdout.write(`\n  ${C.hot('◆')} `) },
+    onDelta(s) { process.stdout.write(s) },
+    onToolStart(summary) { process.stdout.write(`\n  ${C.faint('⚙ ' + summary)}`) },
+    onToolEnd(_summary, preview, ok) { process.stdout.write(`  ${ok ? C.accent('✓') : C.critical('✗')} ${C.faint(preview)}\n`) },
+  }
+}
+function makeApprove(rl: Interface, state: { auto: boolean; plan: boolean }) {
+  return async (summary: string, opts?: { detail?: string; dangerous?: boolean }): Promise<boolean> => {
+    if (state.plan) { console.log(`  ${C.faint('⊘ plan mode — declined: ' + summary)}`); return false } // read-only
+    const dangerous = !!opts?.dangerous
+    if (state.auto && !dangerous) return true // --auto covers safe in-cwd edits only — NEVER bash / outside-cwd
+    if (opts?.detail) console.log('\n' + C.faint(opts.detail.split('\n').map((l) => '    ' + l).join('\n')))
+    const tag = dangerous ? C.critical('?') : C.accent('?')
+    const hint = dangerous ? (state.auto ? '[y/N — auto-approve does NOT cover this]' : '[y/N]') : '[y/N/a=always-safe]'
+    const ans = (await rl.question(`\n  ${tag} ${summary}  ${C.faint(hint)} `)).trim().toLowerCase()
+    if (ans === 'a' && !dangerous) { state.auto = true; return true }
+    return ans === 'y' || ans === 'yes'
+  }
+}
+export function registerChatCommands(program: Command, _config: DragonConfig) {
+  program
+    .command('chat')
+    .description('Dragon agent — codes, runs tools, remembers via Wyrm (interactive)')
+    .option('--brain <provider>', 'reasoning brain: claude | worker | local | openai | ghost')
+    .option('--model <id>', 'override the model id')
+    .option('--no-wyrm', 'disable Wyrm long-term memory for this session')
+    .option('--no-portal', "don't expose the hosted account assistant as a tool")
+    .option('--auto', 'auto-approve file writes + shell commands', false)
+    .option('--plan', 'read-only: the agent explores but makes no writes/shell', false)
+    .option('--sovereign', 'local brain + Wyrm only — nothing leaves the host', false)
+    .option('--sandbox', 'run shell in a bwrap jail (cwd writable, rest read-only)', false)
+    .option('--no-trace', 'do not record tool-use traces for DragonSpark training')
+    .option('--resume', 'resume the previous session', false)
+    .option('--cwd <dir>', 'run against a different working directory')
+    .action(async (opts: SetupOpts & { auto?: boolean; plan?: boolean; sandbox?: boolean; trace?: boolean; resume?: boolean }) => {
+      const s = await setup(opts, true)
+      if (!s) { process.exitCode = 1; return }
+      const rl = createInterface({ input: stdin, output: stdout, terminal: stdin.isTTY === true })
+      const state = { auto: !!opts.auto, plan: !!opts.plan }
+      const toolCtx: ToolContext = { cwd: s.cwd, approve: makeApprove(rl, state), sandbox: !!opts.sandbox }
+      const messages: BrainMessage[] = []
+      if (opts.resume) {
+        const prior = loadLastSession()
+        if (prior) { messages.push(...prior); info(`resumed ${prior.length} messages from your last session`) }
+        else info('no previous session to resume')
+      }
+      const deps: AgentDeps = { ...s, toolCtx, messages }
+      const render = makeRender()
+      banner(s, buildToolSpecs(s))
+      if (state.plan) info('plan mode ON — read-only: the agent explores but makes no writes/shell (/plan to toggle).')
+      else if (state.auto) info('auto-approve ON — safe in-cwd writes run without asking (bash still prompts).')
+      if (opts.sovereign) info('sovereign mode — local brain + Wyrm only; nothing leaves the host.')
+      if (opts.sandbox) info(BWRAP ? 'sandbox ON — shell runs in bwrap (cwd writable, secrets masked, network shared).' : 'sandbox requested but bwrap not found — shell runs unsandboxed (approval still applies).')
+      if (traceEnabled(opts.trace === false)) info('flywheel ON — turns logged to ~/.dragon/traces for DragonSpark (--no-trace to disable).')
+      let aborter: AbortController | null = null
+      const onSigint = () => { if (aborter) { aborter.abort(); aborter = null } else { void cleanup().then(() => process.exit(0)) } }
+      const cleanup = async () => { process.off('SIGINT', onSigint); rl.close(); saveSession(messages, { cwd: s.cwd, brain: `${s.brain.id}:${s.brain.model}` }); await s.wyrm?.close(); await s.mcp?.close() }
+      process.on('SIGINT', onSigint)
+      for (;;) {
+        let userIn: string
+        try { userIn = (await rl.question(`${C.accent('▸')} `)).trim() } catch { break }
+        if (!userIn) continue
+        if (userIn === '/exit' || userIn === '/quit') break
+        if (userIn === '/reset') { messages.length = 0; state.auto = false; info('conversation reset · auto-approve re-armed'); continue }
+        if (userIn === '/auto') { state.auto = !state.auto; if (state.auto) state.plan = false; info(`auto-approve ${state.auto ? 'ON' : 'OFF'}`); continue }
+        if (userIn === '/plan') { state.plan = !state.plan; if (state.plan) state.auto = false; info(`plan mode ${state.plan ? 'ON — read-only' : 'OFF'}`); continue }
+        if (userIn === '/brain') { console.log(`  ${C.faint('brain:')} ${C.info(s.brain.id + ':' + s.brain.model)}`); continue }
+        if (userIn === '/tools') { console.log('  ' + buildToolSpecs(s).map((t) => t.name).join('  ')); continue }
+        if (userIn === '/clear') { console.clear(); banner(s, buildToolSpecs(s)); continue }
+        if (userIn.startsWith('/save')) { success(`transcript → ${exportMarkdown(messages, userIn.slice(5).trim() || undefined)}`); continue }
+        if (userIn.startsWith('/memory')) {
+          const q = userIn.slice(7).trim()
+          if (!s.wyrm) { error('Wyrm is off this session'); continue }
+          if (!q) { info('usage: /memory <query>'); continue }
+          console.log(C.faint(await s.wyrm.call('wyrm_recall', { query: q })))
+          continue
+        }
+        if (userIn.startsWith('/')) { error(`unknown command ${userIn}`); continue }
+        aborter = new AbortController()
+        const before = messages.length
+        try {
+          await runAgent(deps, expandFileRefs(userIn), render, aborter.signal)
+          process.stdout.write('\n\n')
+          if (traceEnabled(opts.trace === false)) recordTurn(messages.slice(before), { cwd: s.cwd, brain: `${s.brain.id}:${s.brain.model}`, context: s.primed })
+        } catch (e) {
+          aborter = null
+          if ((e as { name?: string })?.name === 'AbortError') { process.stdout.write(`\n  ${C.faint('⊘ interrupted')}\n\n`); continue }
+          process.stdout.write('\n')
+          if (e instanceof BrainConfigError) error(e.message)
+          else error(String(e instanceof Error ? e.message : e))
+        }
+        aborter = null
+      }
+      await cleanup()
+    })
+  program
+    .command('ask [prompt...]')
+    .description('One-shot Dragon agent question (read-only unless --auto; pipeable)')
+    .option('--brain <provider>', 'reasoning brain: claude | worker | local | openai | ghost')
+    .option('--model <id>', 'override the model id')
+    .option('--no-wyrm', 'disable Wyrm memory')
+    .option('--no-portal', "don't expose the hosted account assistant")
+    .option('--auto', 'allow file writes + shell (off = read-only)', false)
+    .option('--plan', 'read-only (deny all writes/shell)', false)
+    .option('--sovereign', 'local brain + Wyrm only — nothing leaves the host', false)
+    .option('--sandbox', 'run shell in a bwrap jail', false)
+    .option('--no-trace', 'do not record a trace for DragonSpark training')
+    .option('--cwd <dir>', 'working directory')
+    .action(async (parts: string[] = [], opts: SetupOpts & { auto?: boolean; plan?: boolean; sandbox?: boolean; trace?: boolean }) => {
+      let prompt = parts.join(' ').trim()
+      if (prompt === '-' || (!prompt && !stdin.isTTY)) prompt = (await readStdinAll()).trim()
+      if (!prompt) { error('no prompt. Pass args, pipe stdin, or use "-".'); process.exit(1) }
+      const s = await setup(opts, false)
+      if (!s) { process.exit(1) }
+      const denied: string[] = []
+      const toolCtx: ToolContext = {
+        cwd: s!.cwd,
+        sandbox: !!opts.sandbox,
+        approve: async (summary, o) => { if (opts.auto && !opts.plan && !o?.dangerous) return true; denied.push(summary); return false },
+      }
+      const messages: BrainMessage[] = []
+      const deps: AgentDeps = { ...s!, toolCtx, messages }
+      const render: AgentRender = {
+        onAssistantStart() {},
+        onDelta(t) { process.stdout.write(t) },
+        onToolStart(summary) { process.stderr.write(C.faint(`⚙ ${summary}\n`)) },
+        onToolEnd(_s, preview, ok) { process.stderr.write(C.faint(`  ${ok ? '✓' : '✗'} ${preview}\n`)) },
+      }
+      try {
+        await runAgent(deps, expandFileRefs(prompt), render, new AbortController().signal)
+        process.stdout.write('\n')
+        if (traceEnabled(opts.trace === false)) recordTurn(messages, { cwd: s!.cwd, brain: `${s!.brain.id}:${s!.brain.model}`, context: s!.primed })
+        if (denied.length) process.stderr.write(C.faint(`\n(${denied.length} mutating action(s) skipped — re-run with --auto to allow)\n`))
+      } catch (e) {
+        if (e instanceof BrainConfigError) error(e.message)
+        else error(String(e instanceof Error ? e.message : e))
+        await s!.wyrm?.close(); await s!.mcp?.close()
+        process.exit(1)
+      }
+      await s!.wyrm?.close()
+    })
+}