mdkg 0.2.0 → 0.3.1

package/README.md

@@ -133,6 +133,8 @@ mdkg show child_repo:work.example
 mdkg pack child_repo:work.example --dry-run --stats
 mdkg capability resolve "child capability" --json
 mdkg subgraph verify child_repo --json
+mdkg subgraph audit child_repo --target .mdkg/subgraphs --json
+mdkg subgraph upgrade-plan child_repo --json
 ```
 
 When the child repo is available under a configured root-relative `source_path`, refresh the root-owned bundle snapshot explicitly:
@@ -142,6 +144,8 @@ mdkg subgraph sync child_repo --dry-run --json
 mdkg subgraph sync child_repo --json
 ```
 
+`audit` is read-only and reports source-path Git state, dirty tracked child files, bundle validity/freshness, root-owned bundle-path safety, optional materialized-target marker safety, and count-only capability summaries. `upgrade-plan` is also read-only, returns `apply_supported: false`, and proposes safe sync/verify/materialize next steps without writing bundles or child files.
+
 `sync` inspects the child Git repo, refuses dirty tracked changes by default, builds the configured private/public bundle into the root-owned source path, verifies it, and records `<branch>@<sha>` in `source_repo`. It never commits, pulls, pushes, checks out, resets, or mutates child mdkg Markdown. Use `--allow-dirty` only when the dirty state is intentional and must be recorded in the receipt.
 
 Generate a local read-only inspection tree when humans need to browse extracted child graph files:
@@ -167,8 +171,16 @@ mdkg index
 mdkg capability list --kind skill --json
 mdkg capability search "image worker" --kind work --json
 mdkg capability show <id-or-qid-or-slug> --json
+mdkg spec list --json
+mdkg spec show <id-or-qid-or-alias> --json
 ```
 
+`SPEC.md` is optional. Repos with no SPEC files still validate; when present,
+SPEC records describe reusable capability surfaces rather than general planning
+notes. `mdkg spec list/show/validate` is the focused SPEC command family, while
+`mdkg capability ...` remains the broader read-only discovery surface for
+skills, SPECs, WORK contracts, core docs, and design docs.
+
 Register source and artifact files as committed archive sidecars:
 
 ```bash
@@ -181,11 +193,20 @@ Create semantic mirror work contracts, orders, receipts, and artifacts:
 
 ```bash
 mdkg work contract new "generate image" --id work.generate-image --agent-id agent.image-worker --kind image_generation --inputs prompt:text:required --outputs image_url:url:required
-mdkg work order new "generate image request" --id order.generate-image-1 --work-id work.generate-image --requester user://example --input-refs archive://archive.key-input-doc
+mdkg work trigger work.generate-image --id order.generate-image-1 --requester user://example
+mdkg work order status order.generate-image-1 --json
 mdkg work receipt new "generate image receipt" --id receipt.generate-image-1 --work-order-id order.generate-image-1 --outcome success --receipt-status recorded
+mdkg work receipt verify receipt.generate-image-1 --json
 mdkg work artifact add receipt.generate-image-1 ./outputs/image.png --id archive.generated-image --kind artifact
 ```
 
+Create a manual order instead of a trigger-created order when you need to supply
+input refs at order creation time:
+
+```bash
+mdkg work order new "generate image request" --id order.generate-image-manual --work-id work.generate-image --requester user://example --input-refs archive://archive.key-input-doc
+```
+
 Receipt statuses are `recorded`, `verified`, `rejected`, and `superseded`.
 Update and artifact commands accept local ids or local qids; subgraph qids are read-only and must be changed in their source workspace.
 
@@ -254,11 +275,14 @@ These are the commands new users and agents should learn first:
 - `mdkg pack`
 - `mdkg skill`
 - `mdkg capability`
+- `mdkg spec`
 - `mdkg archive`
 - `mdkg work`
 - `mdkg goal`
 - `mdkg task`
 - `mdkg validate`
+- `mdkg status`
+- `mdkg fix`
 
 Advanced / maintenance commands still exist, but they are not the first-run story:
 - `mdkg event`
@@ -266,9 +290,34 @@ Advanced / maintenance commands still exist, but they are not the first-run stor
 - `mdkg index`
 - `mdkg guide`
 - `mdkg format`
-- `mdkg doctor`
+- `mdkg doctor --strict --json`
+- `mdkg fix plan --json`
 - `mdkg workspace`
 
+## Operator health
+
+Use `mdkg status --json` for a read-only operator summary before mutating a
+repo. It reports package/release state, Git cleanliness, graph validity,
+selected-goal state, project DB verification state, and generated cache
+freshness without rebuilding indexes, running migrations, repairing files, or
+changing selected-goal state.
+
+Use `mdkg doctor --strict --json` when a CI job or agent needs actionable
+typed checks. Strict doctor keeps the existing diagnostic command read-only and
+adds stable check fields: `id`, `status`, `severity`, `message`,
+`remediation`, and optional `refs`. Strict mode fails on invalid graph state,
+stale generated graph/capability cache state, stale or achieved selected-goal
+state, and enabled project DB verification failures. Warnings such as dirty
+runtime DB files, archive size guidance, and bundle handoff guidance remain
+warnings unless their underlying check fails.
+
+Use `mdkg fix plan --json` when you want repair guidance without mutation. It
+emits a receipt-shaped plan for generated index/cache repair, missing graph
+references, and duplicate local ids. Planned changes include affected paths,
+risk, reason codes, command hints, and `apply_supported: false`. `fix apply` is
+not exposed; apply behavior is deferred until the dry-run plan contract has
+enough evidence.
+
 ## Skills
 
 mdkg supports Agent Skills as procedural memory.
@@ -326,7 +375,7 @@ mdkg maintains `.mdkg/index/capabilities.json` as a derived access cache for det
 
 The capability cache is not the full graph and is not source of truth. Normal tasks, epics, bugs, tests, feats, and checkpoints remain in the standard graph index. Markdown remains authoritative; deleting the cache is recoverable with `mdkg index` or by running a capability command when auto-reindex is enabled.
 
-Capability records aggregate enabled registered workspaces and include deterministic source metadata such as `workspace`, `visibility`, `kind`, `id`, `qid`, `path`, headings, refs, source hash, and `indexed_at`. Workspace `visibility` also feeds mdkg's export safety checks for public/internal packs and public bundles. This is a CLI safety layer, not secret scanning, body redaction, or a replacement for private git hosting.
+Capability records aggregate enabled registered workspaces and include deterministic source metadata such as `workspace`, `visibility`, `kind`, `id`, `qid`, `path`, headings, refs, source hash, and `indexed_at`. SPEC and WORK records also expose read-only `linkage` arrays when related work contracts, work orders, and receipts exist, so an orchestrator can discover a capability from reusable surface to invocation evidence without loading the full graph. Workspace `visibility` also feeds mdkg's export safety checks for public/internal packs and public bundles. This is a CLI safety layer, not secret scanning, body redaction, or a replacement for private git hosting.
 
 ## Index backends and parallel safety
 
@@ -360,6 +409,9 @@ rows are durable local project DB history; receipts, reducers, writer leases,
 and materializers remain internal helper surfaces in this release, with no
 public `mdkg db event`, `mdkg db reducer`, `mdkg db lease`, or
 `mdkg db materializer` CLI yet.
+`mdkg work trigger --enqueue <queue>` can bridge a submitted work order mirror
+into an explicitly created active project DB queue; it writes local delivery
+state only and never executes work.
 Use `mdkg db verify` for non-mutating health checks over config, layout,
 runtime SQLite integrity, migration metadata, and transient runtime files. Use
 `mdkg db stats` for deterministic table counts, DB size, migration state,
@@ -401,7 +453,7 @@ Use `mdkg new spec|work|work_order|receipt|feedback|dispute|proposal "<title>"`
 
 Relational templates contain editable placeholder refs. `spec` and `work` scaffold as validation-clean standalone docs; `work_order`, `receipt`, `feedback`, `dispute`, and `proposal` need real refs before strict `mdkg validate` passes.
 
-For executable or purchasable capability mirrors, prefer the lifecycle helpers under `mdkg work ...`. They create and update `WORK.md`, `WORK_ORDER.md`, and `RECEIPT.md` semantic mirror files only. Production order state, receipt state, feedback, disputes, payments, ledgers, marketplace inventory, fulfillment records, and execution state remain canonical outside mdkg, such as in Postgres or another application database. Do not store raw secrets, credentials, live payment state, ledger mutations, canonical marketplace state, or bulky raw payloads in these mirrors.
+For executable or purchasable capability mirrors, prefer the lifecycle helpers under `mdkg work ...`. They create and update `WORK.md`, `WORK_ORDER.md`, and `RECEIPT.md` semantic mirror files only. `mdkg work trigger` creates a deterministic submitted `WORK_ORDER.md` from a WORK contract or a SPEC with exactly one resolvable work contract. `mdkg work order status` and `mdkg work receipt verify` are read-only review helpers for deterministic closeout. `mdkg work trigger --enqueue <queue>` optionally writes a local project DB queue delivery message after the queue has been explicitly created and is active; it still does not execute work. Production order state, receipt state, feedback, disputes, payments, ledgers, marketplace inventory, fulfillment records, and execution state remain canonical outside mdkg, such as in Postgres or another application database. Do not store raw secrets, credentials, live payment state, ledger mutations, canonical marketplace state, or bulky raw payloads in these mirrors.
 
 ## Archive sidecars
 
@@ -423,6 +475,7 @@ This release includes:
 - root-only published init seed config
 - skills indexing and search/show/list support
 - JSON capability cache for skills, `SPEC.md`, `WORK.md`, core docs, and design docs
+- optional `mdkg spec list/show/validate` for reusable SPEC capability records
 - SQLite index backend for fresh workspaces using built-in `node:sqlite`
 - mutation locking and atomic writes for parallel mdkg calls
 - first-class `goal` nodes and `mdkg goal show/next/evaluate/pause/resume/done`
@@ -436,7 +489,7 @@ This release includes:
 - shared `AGENT_START.md` startup guidance
 - conservative `mdkg upgrade` with mode-aware init manifests
 - archive sidecars with deterministic ZIP caches
-- semantic mirror helpers under `mdkg work ...`
+- semantic mirror helpers under `mdkg work ...`, including trigger/order status/receipt verification
 - explicit public/internal/private visibility enforcement for packs, bundles, archives, imports, validation, and doctor diagnostics
 - strict archive ZIP payload integrity checks during validation
 

package/dist/cli.js

@@ -18,8 +18,11 @@ const next_1 = require("./commands/next");
 const validate_1 = require("./commands/validate");
 const format_1 = require("./commands/format");
 const doctor_1 = require("./commands/doctor");
+const status_1 = require("./commands/status");
+const fix_1 = require("./commands/fix");
 const db_1 = require("./commands/db");
 const capability_1 = require("./commands/capability");
+const spec_1 = require("./commands/spec");
 const archive_1 = require("./commands/archive");
 const bundle_1 = require("./commands/bundle");
 const subgraph_1 = require("./commands/subgraph");
@@ -63,14 +66,17 @@ function printUsage(log) {
     log("  pack        Generate a context pack");
     log("  skill       Create, list, show, search, and validate skills");
     log("  capability  List, search, show, and resolve cached capability surfaces");
+    log("  spec        List, show, and validate optional SPEC.md capability records");
     log("  archive     Add, list, show, verify, and compress archive sidecars");
     log("  bundle      Create, list, show, and verify full graph snapshot bundles");
-    log("  subgraph    Register, sync, materialize, and verify read-only child graph snapshots");
+    log("  subgraph    Register, audit, plan, sync, materialize, and verify read-only child graph snapshots");
     log("  work        Create and update work contracts, orders, receipts, and artifacts");
     log("  goal        Inspect and advance recursive goal nodes");
     log("  task        Start, update, and complete task-like nodes");
     log("  next        Suggest the next work item");
     log("  validate    Validate frontmatter + graph");
+    log("  status      Show read-only operator health summary");
+    log("  fix         Plan read-only repairs with receipt-shaped JSON");
     log("\nAdvanced / maintenance commands:");
     log("  db          Project database and index-cache commands");
     log("  event       Enable or append episodic event logs");
@@ -435,6 +441,41 @@ function printCapabilityHelp(log, subcommand) {
             printGlobalOptions(log);
     }
 }
+function printSpecHelp(log, subcommand) {
+    switch ((subcommand ?? "").toLowerCase()) {
+        case "list":
+            log("Usage:");
+            log("  mdkg spec list [--json]");
+            log("\nNotes:");
+            log("  SPEC.md is optional and declares reusable capability surfaces.");
+            printGlobalOptions(log);
+            return;
+        case "show":
+            log("Usage:");
+            log("  mdkg spec show <id-or-qid-or-alias> [--json]");
+            log("\nNotes:");
+            log("  Shows one optional SPEC.md capability record from the capability index.");
+            printGlobalOptions(log);
+            return;
+        case "validate":
+            log("Usage:");
+            log("  mdkg spec validate [<id-or-qid-or-alias>] [--json]");
+            log("\nNotes:");
+            log("  With no reference, validates the graph and all optional SPEC.md capability records.");
+            log("  With a reference, also ensures that specific SPEC.md capability exists.");
+            printGlobalOptions(log);
+            return;
+        default:
+            log("Usage:");
+            log("  mdkg spec list [--json]");
+            log("  mdkg spec show <id-or-qid-or-alias> [--json]");
+            log("  mdkg spec validate [<id-or-qid-or-alias>] [--json]");
+            log("\nNotes:");
+            log("  SPEC.md is optional and reusable-capability oriented.");
+            log("  Use `mdkg capability ...` for broader skill, SPEC.md, WORK.md, core-doc, and design-doc discovery.");
+            printGlobalOptions(log);
+    }
+}
 function printArchiveHelp(log, subcommand) {
     switch ((subcommand ?? "").toLowerCase()) {
         case "add":
@@ -477,7 +518,7 @@ function printBundleHelp(log, subcommand) {
     switch ((subcommand ?? "").toLowerCase()) {
         case "import":
             log("Usage:");
-            log("  mdkg subgraph add/list/show/rm/enable/disable/verify/refresh/sync/materialize ...");
+            log("  mdkg subgraph add/list/show/rm/enable/disable/verify/refresh/audit/upgrade-plan/sync/materialize ...");
             log("\n`mdkg bundle import` has been replaced by `mdkg subgraph`.");
             break;
         case "create":
@@ -545,6 +586,20 @@ function printSubgraphHelp(log, subcommand) {
             log("Usage:");
             log("  mdkg subgraph refresh [alias|--all] [--json]");
             break;
+        case "audit":
+            log("Usage:");
+            log("  mdkg subgraph audit [alias|--all] [--target <path>] [--json]");
+            log("\nNotes:");
+            log("  - read-only audit for configured bundle health, source_path Git state, root-owned bundle paths, and optional materialize target safety");
+            log("  - exits nonzero only for error-level safety failures; warning-level drift stays in the receipt");
+            break;
+        case "upgrade-plan":
+            log("Usage:");
+            log("  mdkg subgraph upgrade-plan [alias|--all] [--json]");
+            log("\nNotes:");
+            log("  - read-only downstream upgrade planning receipt; apply_supported is false");
+            log("  - plans safe sync/verify/materialize next steps without mutating child repos or root bundles");
+            break;
         case "sync":
             log("Usage:");
             log("  mdkg subgraph sync [alias|--all] [--dry-run] [--allow-dirty] [--json]");
@@ -563,12 +618,15 @@ function printSubgraphHelp(log, subcommand) {
             log("  mdkg subgraph disable <alias> [--json]");
             log("  mdkg subgraph verify [alias|--all] [--json]");
             log("  mdkg subgraph refresh [alias|--all] [--json]");
+            log("  mdkg subgraph audit [alias|--all] [--target <path>] [--json]");
+            log("  mdkg subgraph upgrade-plan [alias|--all] [--json]");
             log("  mdkg subgraph sync [alias|--all] [--dry-run] [--allow-dirty] [--json]");
             log("  mdkg subgraph materialize [alias|--all] --target <path> [--clean] [--gitignore] [--json]");
             log("\nNotes:");
             log("  - subgraphs are read-only graph views backed by explicit bundle snapshots");
             log("  - default permissions are read-only and default freshness is 3600 seconds");
             log("  - refresh reloads configured bundle sources only; it does not build child bundles");
+            log("  - audit and upgrade-plan are read-only safety receipts for downstream orchestration");
             log("  - sync builds root-owned bundles from clean configured child source_path repos");
             log("  - materialize extracts bundle contents into generated inspection trees");
     }
@@ -580,15 +638,31 @@ function printWorkHelp(log, subcommand) {
             log("Usage:");
             log('  mdkg work contract new "<title>" --id <work.id> --agent-id <agent.id> --kind <kind> --inputs <...> --outputs <...> [--required-capabilities <...>] [--pricing-model <...>] [--json]');
             break;
+        case "trigger":
+            log("Usage:");
+            log('  mdkg work trigger <work-or-capability-ref> [--id <order.id>] [--title "<title>"] [--requester <ref>] [--enqueue <queue>] [--json]');
+            log("\nExample:");
+            log("  mdkg work trigger work.example --id order.example-1 --requester user://example --json");
+            log("\nNotes:");
+            log("  Accepted targets: direct WORK.md ref, or SPEC.md ref with exactly one resolvable work contract.");
+            log("  Creates a deterministic WORK_ORDER.md semantic mirror and does not execute work.");
+            log("  Queue enqueue requires a valid project DB plus an explicitly created active queue and never executes work.");
+            break;
         case "order":
             log("Usage:");
-            log('  mdkg work order new "<title>" --id <order.id> --work-id <work.id> --requester <ref> [--request-ref <ref>] [--input-refs <...>] [--requested-outputs <...>] [--json]');
-            log("  mdkg work order update <id-or-qid> [--status <status>] [--add-input-refs <...>] [--add-artifacts <...>] [--json]");
+            log('  mdkg work order new "<title>" --id <order.id> --work-id <work.id> --requester <ref> [--request-ref <ref>] [--trigger-ref <ref>] [--payload-hash <sha256:...>] [--input-refs <...>] [--queue-refs <...>] [--requested-outputs <...>] [--json]');
+            log("  mdkg work order status <id-or-qid> [--json]");
+            log("  mdkg work order update <id-or-qid> [--status <status>] [--add-input-refs <...>] [--add-queue-refs <...>] [--add-artifacts <...>] [--json]");
+            log("\nNotes:");
+            log("  work order status is read-only and reports deterministic JSON order state plus linked receipts.");
             break;
         case "receipt":
             log("Usage:");
-            log('  mdkg work receipt new "<title>" --id <receipt.id> --work-order-id <order.id> --outcome success|partial|failure [--receipt-status recorded|verified|rejected|superseded] [--json]');
-            log("  mdkg work receipt update <id-or-qid> [--receipt-status <status>] [--add-artifacts <...>] [--add-proof-refs <...>] [--add-attestation-refs <...>] [--json]");
+            log('  mdkg work receipt new "<title>" --id <receipt.id> --work-order-id <order.id> --outcome success|partial|failure [--receipt-status recorded|verified|rejected|superseded] [--redaction-policy refs_and_hashes_only|redacted_summary|external_private] [--evidence-hashes <sha256:...>] [--json]');
+            log("  mdkg work receipt verify <id-or-qid> [--json]");
+            log("  mdkg work receipt update <id-or-qid> [--receipt-status <status>] [--add-artifacts <...>] [--add-proof-refs <...>] [--add-attestation-refs <...>] [--add-evidence-hashes <sha256:...>] [--json]");
+            log("\nNotes:");
+            log("  work receipt verify is read-only and reports deterministic JSON linkage, evidence, hash, outcome, and redaction checks.");
             break;
         case "artifact":
             log("Usage:");
@@ -597,8 +671,9 @@ function printWorkHelp(log, subcommand) {
         default:
             log("Usage:");
             log("  mdkg work contract new ...");
-            log("  mdkg work order new|update ...");
-            log("  mdkg work receipt new|update ...");
+            log("  mdkg work trigger <work-or-capability-ref> ...");
+            log("  mdkg work order new|status|update ...");
+            log("  mdkg work receipt new|verify|update ...");
             log("  mdkg work artifact add ...");
             log("\nNotes:");
             log("  - work commands mutate semantic mirror files only");
@@ -770,6 +845,47 @@ function printValidateHelp(log) {
     log("  mdkg validate [--out <path>] [--quiet] [--json]");
     printGlobalOptions(log);
 }
+function printStatusHelp(log) {
+    log("Usage:");
+    log("  mdkg status [--json]");
+    log("\nChecks:");
+    log("  - release/package and CHANGELOG summary");
+    log("  - git branch, dirty state, and upstream ahead/behind counts");
+    log("  - graph index load, validation errors, and generated cache freshness");
+    log("  - selected goal existence, achieved state, and active node");
+    log("  - project DB enabled/verify summary");
+    log("\nBoundaries:");
+    log("  - read-only operator summary; does not rebuild indexes or repair files");
+    log("  - use `mdkg doctor` for diagnostic detail and future strict check IDs");
+    log("\nOptions:");
+    log("  --json                Emit machine-readable JSON output");
+    printGlobalOptions(log);
+}
+function printFixHelp(log, subcommand) {
+    switch ((subcommand ?? "").toLowerCase()) {
+        case "plan":
+            log("Usage:");
+            log("  mdkg fix plan [--family index|refs|ids|all] [--target <id-or-qid>] [--json]");
+            log("\nBoundaries:");
+            log("  - read-only repair planning; writes no files and does not rebuild indexes");
+            log("  - emits a deterministic receipt-shaped JSON plan with paths, risks, and reason codes");
+            log("  - initial families are index/cache, graph refs, and duplicate ids");
+            log("  - `fix apply` is intentionally not available in this release slice");
+            log("\nOptions:");
+            log("  --family <family>     Select index, refs, ids, or all (default all)");
+            log("  --target <id-or-qid>  Optional node target for family planners");
+            log("  --json                Emit machine-readable JSON output");
+            printGlobalOptions(log);
+            return;
+        default:
+            log("Usage:");
+            log("  mdkg fix plan [--family index|refs|ids|all] [--target <id-or-qid>] [--json]");
+            log("\nNotes:");
+            log("  - fix planning is dry-run only and writes nothing");
+            log("  - apply behavior is deferred until the receipt contract is proven");
+            printGlobalOptions(log);
+    }
+}
 function printFormatHelp(log) {
     log("Usage:");
     log("  mdkg format");
@@ -777,10 +893,12 @@ function printFormatHelp(log) {
 }
 function printDoctorHelp(log) {
     log("Usage:");
-    log("  mdkg doctor [--json]");
+    log("  mdkg doctor [--strict] [--json]");
     log("\nChecks:");
     log("  - Node.js version compatibility");
     log("  - mdkg repo root + .mdkg/config.json");
+    log("  - Selected-goal stale or achieved state");
+    log("  - Project DB verification when enabled");
     log("  - Template schema availability");
     log("  - Archive sidecar storage hygiene");
     log("  - Bundle snapshot storage guidance");
@@ -789,6 +907,7 @@ function printDoctorHelp(log) {
     log("  - Capability cache load/rebuild health");
     log("  - SQLite cache health when enabled");
     log("\nOptions:");
+    log("  --strict              Fail on stale selected-goal, DB, and generated cache health issues");
     log("  --json                Emit machine-readable JSON output");
     printGlobalOptions(log);
 }
@@ -837,6 +956,9 @@ function printCommandHelp(log, command, subcommand) {
         case "capability":
             printCapabilityHelp(log, subcommand);
             return;
+        case "spec":
+            printSpecHelp(log, subcommand);
+            return;
         case "archive":
             printArchiveHelp(log, subcommand);
             return;
@@ -867,6 +989,12 @@ function printCommandHelp(log, command, subcommand) {
         case "validate":
             printValidateHelp(log);
             return;
+        case "status":
+            printStatusHelp(log);
+            return;
+        case "fix":
+            printFixHelp(log, subcommand);
+            return;
         case "format":
             printFormatHelp(log);
             return;
@@ -1353,6 +1481,45 @@ function runCapabilitySubcommand(parsed, root) {
             throw new errors_1.UsageError("capability requires list/search/show/resolve");
     }
 }
+function runSpecSubcommand(parsed, root) {
+    const subcommand = (parsed.positionals[1] ?? "").toLowerCase();
+    switch (subcommand) {
+        case "list": {
+            if (parsed.positionals.length > 2) {
+                throw new errors_1.UsageError("spec list does not accept positional arguments");
+            }
+            const json = parseBooleanFlag("--json", parsed.flags["--json"]);
+            const noCache = parseBooleanFlag("--no-cache", parsed.flags["--no-cache"]);
+            const noReindex = parseBooleanFlag("--no-reindex", parsed.flags["--no-reindex"]);
+            (0, spec_1.runSpecListCommand)({ root, json, noCache, noReindex });
+            return 0;
+        }
+        case "show": {
+            const id = parsed.positionals[2];
+            if (!id || parsed.positionals.length > 3) {
+                throw new errors_1.UsageError("spec show requires <id-or-qid-or-alias>");
+            }
+            const json = parseBooleanFlag("--json", parsed.flags["--json"]);
+            const noCache = parseBooleanFlag("--no-cache", parsed.flags["--no-cache"]);
+            const noReindex = parseBooleanFlag("--no-reindex", parsed.flags["--no-reindex"]);
+            (0, spec_1.runSpecShowCommand)({ root, id, json, noCache, noReindex });
+            return 0;
+        }
+        case "validate": {
+            const id = parsed.positionals[2];
+            if (parsed.positionals.length > 3) {
+                throw new errors_1.UsageError("spec validate accepts at most one SPEC reference");
+            }
+            const json = parseBooleanFlag("--json", parsed.flags["--json"]);
+            const noCache = parseBooleanFlag("--no-cache", parsed.flags["--no-cache"]);
+            const noReindex = parseBooleanFlag("--no-reindex", parsed.flags["--no-reindex"]);
+            (0, spec_1.runSpecValidateCommand)({ root, id, json, noCache, noReindex });
+            return 0;
+        }
+        default:
+            throw new errors_1.UsageError("spec requires list/show/validate");
+    }
+}
 function runArchiveSubcommand(parsed, root) {
     const subcommand = (parsed.positionals[1] ?? "").toLowerCase();
     switch (subcommand) {
@@ -1552,6 +1719,25 @@ function runSubgraphSubcommand(parsed, root) {
             (0, subgraph_1.runSubgraphRefreshCommand)({ root, alias, all, json });
             return 0;
         }
+        case "audit": {
+            if (parsed.positionals.length > 3) {
+                throw new errors_1.UsageError("subgraph audit accepts at most one alias");
+            }
+            const alias = parsed.positionals[2];
+            const all = parseBooleanFlag("--all", parsed.flags["--all"]);
+            const target = requireFlagValue("--target", parsed.flags["--target"]);
+            (0, subgraph_1.runSubgraphAuditCommand)({ root, alias, all, target, json });
+            return 0;
+        }
+        case "upgrade-plan": {
+            if (parsed.positionals.length > 3) {
+                throw new errors_1.UsageError("subgraph upgrade-plan accepts at most one alias");
+            }
+            const alias = parsed.positionals[2];
+            const all = parseBooleanFlag("--all", parsed.flags["--all"]);
+            (0, subgraph_1.runSubgraphUpgradePlanCommand)({ root, alias, all, json });
+            return 0;
+        }
         case "sync": {
             if (parsed.positionals.length > 3) {
                 throw new errors_1.UsageError("subgraph sync accepts at most one alias");
@@ -1579,7 +1765,7 @@ function runSubgraphSubcommand(parsed, root) {
             return 0;
         }
         default:
-            throw new errors_1.UsageError("subgraph requires add/list/show/rm/enable/disable/verify/refresh/sync/materialize");
+            throw new errors_1.UsageError("subgraph requires add/list/show/rm/enable/disable/verify/refresh/audit/upgrade-plan/sync/materialize");
     }
 }
 function runWorkSubcommand(parsed, root) {
@@ -1587,6 +1773,18 @@ function runWorkSubcommand(parsed, root) {
     const action = (parsed.positionals[2] ?? "").toLowerCase();
     const ws = requireFlagValue("--ws", parsed.flags["--ws"]);
     const json = parseBooleanFlag("--json", parsed.flags["--json"]);
+    if (domain === "trigger") {
+        const targetRef = parsed.positionals[2];
+        if (!targetRef || parsed.positionals.length > 3) {
+            throw new errors_1.UsageError("work trigger requires <work-or-capability-ref>");
+        }
+        const id = requireFlagValue("--id", parsed.flags["--id"]);
+        const title = requireFlagValue("--title", parsed.flags["--title"]);
+        const requester = requireFlagValue("--requester", parsed.flags["--requester"]);
+        const enqueue = requireFlagValue("--enqueue", parsed.flags["--enqueue"]);
+        (0, work_1.runWorkTriggerCommand)({ root, ws, targetRef, id, title, requester, enqueue, json });
+        return 0;
+    }
     if (domain === "contract" && action === "new") {
         const title = parsed.positionals.slice(3).join(" ");
         const id = requireFlagValue("--id", parsed.flags["--id"]);
@@ -1623,7 +1821,10 @@ function runWorkSubcommand(parsed, root) {
             throw new errors_1.UsageError("work order new requires title, --id, --work-id, and --requester");
         }
         const requestRef = requireFlagValue("--request-ref", parsed.flags["--request-ref"]);
+        const triggerRef = requireFlagValue("--trigger-ref", parsed.flags["--trigger-ref"]);
+        const payloadHash = requireFlagValue("--payload-hash", parsed.flags["--payload-hash"]);
         const inputRefs = requireFlagValue("--input-refs", parsed.flags["--input-refs"]);
+        const queueRefs = requireFlagValue("--queue-refs", parsed.flags["--queue-refs"]);
         const requestedOutputs = requireFlagValue("--requested-outputs", parsed.flags["--requested-outputs"]);
         const constraintRefs = requireFlagValue("--constraint-refs", parsed.flags["--constraint-refs"]);
         (0, work_1.runWorkOrderNewCommand)({
@@ -1634,7 +1835,10 @@ function runWorkSubcommand(parsed, root) {
             workId,
             requester,
             requestRef,
+            triggerRef,
+            payloadHash,
             inputRefs,
+            queueRefs,
             requestedOutputs,
             constraintRefs,
             json,
@@ -1648,8 +1852,17 @@ function runWorkSubcommand(parsed, root) {
         }
         const status = requireFlagValue("--status", parsed.flags["--status"]);
         const addInputRefs = requireFlagValue("--add-input-refs", parsed.flags["--add-input-refs"]);
+        const addQueueRefs = requireFlagValue("--add-queue-refs", parsed.flags["--add-queue-refs"]);
         const addArtifacts = requireFlagValue("--add-artifacts", parsed.flags["--add-artifacts"]);
-        (0, work_1.runWorkOrderUpdateCommand)({ root, ws, id, status, addInputRefs, addArtifacts, json });
+        (0, work_1.runWorkOrderUpdateCommand)({ root, ws, id, status, addInputRefs, addQueueRefs, addArtifacts, json });
+        return 0;
+    }
+    if (domain === "order" && action === "status") {
+        const id = parsed.positionals[3];
+        if (!id || parsed.positionals.length > 4) {
+            throw new errors_1.UsageError("work order status requires <id-or-qid>");
+        }
+        (0, work_1.runWorkOrderStatusCommand)({ root, ws, id, json });
         return 0;
     }
     if (domain === "receipt" && action === "new") {
@@ -1662,9 +1875,11 @@ function runWorkSubcommand(parsed, root) {
         }
         const receiptStatus = requireFlagValue("--receipt-status", parsed.flags["--receipt-status"]);
         const costRef = requireFlagValue("--cost-ref", parsed.flags["--cost-ref"]);
+        const redactionPolicy = requireFlagValue("--redaction-policy", parsed.flags["--redaction-policy"]);
         const artifacts = requireFlagValue("--artifacts", parsed.flags["--artifacts"]);
         const proofRefs = requireFlagValue("--proof-refs", parsed.flags["--proof-refs"]);
         const attestationRefs = requireFlagValue("--attestation-refs", parsed.flags["--attestation-refs"]);
+        const evidenceHashes = requireFlagValue("--evidence-hashes", parsed.flags["--evidence-hashes"]);
         const inputHashes = requireFlagValue("--input-hashes", parsed.flags["--input-hashes"]);
         const outputHashes = requireFlagValue("--output-hashes", parsed.flags["--output-hashes"]);
         (0, work_1.runWorkReceiptNewCommand)({
@@ -1676,9 +1891,11 @@ function runWorkSubcommand(parsed, root) {
             outcome,
             receiptStatus,
             costRef,
+            redactionPolicy,
             artifacts,
             proofRefs,
             attestationRefs,
+            evidenceHashes,
             inputHashes,
             outputHashes,
             json,
@@ -1694,6 +1911,7 @@ function runWorkSubcommand(parsed, root) {
         const addArtifacts = requireFlagValue("--add-artifacts", parsed.flags["--add-artifacts"]);
         const addProofRefs = requireFlagValue("--add-proof-refs", parsed.flags["--add-proof-refs"]);
         const addAttestationRefs = requireFlagValue("--add-attestation-refs", parsed.flags["--add-attestation-refs"]);
+        const addEvidenceHashes = requireFlagValue("--add-evidence-hashes", parsed.flags["--add-evidence-hashes"]);
         (0, work_1.runWorkReceiptUpdateCommand)({
             root,
             ws,
@@ -1702,10 +1920,19 @@ function runWorkSubcommand(parsed, root) {
             addArtifacts,
             addProofRefs,
             addAttestationRefs,
+            addEvidenceHashes,
             json,
         });
         return 0;
     }
+    if (domain === "receipt" && action === "verify") {
+        const id = parsed.positionals[3];
+        if (!id || parsed.positionals.length > 4) {
+            throw new errors_1.UsageError("work receipt verify requires <id-or-qid>");
+        }
+        (0, work_1.runWorkReceiptVerifyCommand)({ root, ws, id, json });
+        return 0;
+    }
     if (domain === "artifact" && action === "add") {
         const targetId = parsed.positionals[3];
         const file = parsed.positionals[4];
@@ -2175,6 +2402,8 @@ function runCommand(parsed, root, runtime) {
             return runSkillSubcommand(parsed, root);
         case "capability":
             return runCapabilitySubcommand(parsed, root);
+        case "spec":
+            return runSpecSubcommand(parsed, root);
         case "archive":
             return runArchiveSubcommand(parsed, root);
         case "bundle":
@@ -2391,6 +2620,31 @@ function runCommand(parsed, root, runtime) {
             (0, validate_1.runValidateCommand)({ root, out, quiet, json });
             return 0;
         }
+        case "status": {
+            if (parsed.positionals.length > 1) {
+                throw new errors_1.UsageError("status does not accept positional arguments");
+            }
+            const json = parseBooleanFlag("--json", parsed.flags["--json"]);
+            (0, status_1.runStatusCommand)({ root, json });
+            return 0;
+        }
+        case "fix": {
+            const sub = (parsed.positionals[1] ?? "").toLowerCase();
+            if (!sub) {
+                throw new errors_1.UsageError("fix requires a subcommand");
+            }
+            if (sub !== "plan") {
+                throw new errors_1.UsageError(`unknown fix subcommand: ${sub}`);
+            }
+            if (parsed.positionals.length > 2) {
+                throw new errors_1.UsageError("fix plan does not accept positional arguments");
+            }
+            const family = requireFlagValue("--family", parsed.flags["--family"]);
+            const target = requireFlagValue("--target", parsed.flags["--target"]);
+            const json = parseBooleanFlag("--json", parsed.flags["--json"]);
+            (0, fix_1.runFixPlanCommand)({ root, family, target, json });
+            return 0;
+        }
         case "format":
             if (parsed.positionals.length > 1) {
                 throw new errors_1.UsageError("format does not accept positional arguments");
@@ -2404,7 +2658,8 @@ function runCommand(parsed, root, runtime) {
             const noCache = parseBooleanFlag("--no-cache", parsed.flags["--no-cache"]);
             const noReindex = parseBooleanFlag("--no-reindex", parsed.flags["--no-reindex"]);
             const json = parseBooleanFlag("--json", parsed.flags["--json"]);
-            (0, doctor_1.runDoctorCommand)({ root, noCache, noReindex, json });
+            const strict = parseBooleanFlag("--strict", parsed.flags["--strict"]);
+            (0, doctor_1.runDoctorCommand)({ root, noCache, noReindex, json, strict });
             return 0;
         }
         default: