navada-edge-cli 3.4.1 → 3.5.1

package/lib/agent.js

@@ -21,7 +21,7 @@ const IDENTITY = {
 You are professional, technical, concise, and helpful. You speak with authority about distributed systems, Docker, AI, and cloud infrastructure.
 You have FULL ACCESS to the user's computer — you CAN and SHOULD use your tools to execute tasks:
   - shell: run ANY bash, PowerShell, or system command on the user's machine
-  - read_file / write_file / list_files: full filesystem access — create, read, modify any file
+  - read_file / write_file / edit_file / delete_file / list_files: full filesystem CRUD — create, read, edit, delete any file
   - python_exec / python_pip / python_script: run Python code directly
   - sandbox_run: run code with syntax-highlighted output
   - system_info: check CPU, RAM, disk, OS
@@ -34,6 +34,7 @@ You also connect to the NAVADA Edge Network (4 nodes via Tailscale VPN):
 When users ask you to DO something — DO IT. Use write_file to create files. Use shell to run commands. Never say "I can't" when you have a tool for it.
 When asked to generate diagrams — use write_file to create Mermaid (.mmd), SVG, or HTML files. You can also use python_exec with matplotlib/graphviz for complex diagrams.
 When asked to create, edit, or delete files — use the file tools directly. You are a terminal agent with FULL access.
+PLATFORM: This machine runs ` + (process.platform === 'win32' ? `Windows. Use Windows paths (C:\\Users\\...) not Unix paths (~/...). Desktop = ${path.join(os.homedir(), 'Desktop')}. Home = ${os.homedir()}.` : `${process.platform}. Home = ${os.homedir()}.`) + `
 Keep responses short. Code blocks when needed. No fluff.`,
   founder: {
     name: 'Leslie (Lee) Akpareva',
@@ -67,6 +68,7 @@ Keep responses short. Code blocks when needed. No fluff.`,
 };
 
 function getSystemPrompt() {
+  // Learning mode overrides everything
   if (sessionState.learningMode) {
     try {
       const { MODES } = require('./commands/learn');
@@ -74,9 +76,41 @@ function getSystemPrompt() {
       if (mode) return mode.system;
     } catch {}
   }
+
+  // Load user's agent.md customisation if it exists
+  const agentMdPath = path.join(config.CONFIG_DIR, 'agent.md');
+  let userPrompt = '';
+  try {
+    if (fs.existsSync(agentMdPath)) {
+      userPrompt = fs.readFileSync(agentMdPath, 'utf-8').trim();
+    }
+  } catch {}
+
+  // Load active sub-agent if selected
+  if (sessionState.subAgent) {
+    const subPath = path.join(config.CONFIG_DIR, 'agents', `${sessionState.subAgent}.md`);
+    try {
+      if (fs.existsSync(subPath)) {
+        return fs.readFileSync(subPath, 'utf-8').trim();
+      }
+    } catch {}
+  }
+
+  // Combine: base personality + user customisation
+  if (userPrompt) {
+    return `${IDENTITY.personality}\n\n--- USER CUSTOMISATION (from agent.md) ---\n${userPrompt}`;
+  }
   return IDENTITY.personality;
 }
 
+function listSubAgents() {
+  const dir = path.join(config.CONFIG_DIR, 'agents');
+  try {
+    if (!fs.existsSync(dir)) return [];
+    return fs.readdirSync(dir).filter(f => f.endsWith('.md')).map(f => f.replace('.md', ''));
+  } catch { return []; }
+}
+
 // ---------------------------------------------------------------------------
 // Session state — exposed for UI panels
 // ---------------------------------------------------------------------------
@@ -88,6 +122,7 @@ const sessionState = {
   messages: 0,
   startTime: Date.now(),
   learningMode: null,  // 'python' | 'csharp' | 'node' | null
+  subAgent: null,      // active sub-agent name (loads from ~/.navada/agents/<name>.md)
   history: [],         // conversation history for context continuity
 };
 
@@ -190,6 +225,36 @@ const localTools = {
     },
   },
 
+  editFile: {
+    description: 'Edit a file by replacing a search string with new content',
+    execute: (filePath, search, replace) => {
+      try {
+        const resolved = path.resolve(filePath);
+        const content = fs.readFileSync(resolved, 'utf-8');
+        if (!content.includes(search)) return `Error: search string not found in ${resolved}`;
+        const updated = content.replace(search, replace);
+        fs.writeFileSync(resolved, updated);
+        return `Edited: ${resolved} (replaced ${search.length} chars)`;
+      } catch (e) { return `Error: ${e.message}`; }
+    },
+  },
+
+  deleteFile: {
+    description: 'Delete a file or empty directory from this machine',
+    execute: (filePath) => {
+      try {
+        const resolved = path.resolve(filePath);
+        const stat = fs.statSync(resolved);
+        if (stat.isDirectory()) {
+          fs.rmdirSync(resolved);
+        } else {
+          fs.unlinkSync(resolved);
+        }
+        return `Deleted: ${resolved}`;
+      } catch (e) { return `Error: ${e.message}`; }
+    },
+  },
+
   systemInfo: {
     description: 'Get system information',
     execute: () => {
@@ -656,6 +721,8 @@ function openAITools() {
     { name: 'read_file', description: 'Read the contents of a file on the user\'s machine.', parameters: { type: 'object', properties: { path: { type: 'string', description: 'Absolute or relative file path' } }, required: ['path'] } },
     { name: 'write_file', description: 'Write content to a file. Creates parent directories if needed. Use for creating new files, scripts, configs, diagrams (Mermaid, SVG, HTML), code files.', parameters: { type: 'object', properties: { path: { type: 'string', description: 'File path to write' }, content: { type: 'string', description: 'Full content to write to the file' } }, required: ['path', 'content'] } },
     { name: 'list_files', description: 'List files and directories.', parameters: { type: 'object', properties: { path: { type: 'string', description: 'Directory path (default: current dir)' } } } },
+    { name: 'edit_file', description: 'Edit a file by finding and replacing text. Use for targeted edits.', parameters: { type: 'object', properties: { path: { type: 'string', description: 'File path' }, search: { type: 'string', description: 'Exact text to find' }, replace: { type: 'string', description: 'Replacement text' } }, required: ['path', 'search', 'replace'] } },
+    { name: 'delete_file', description: 'Delete a file or empty directory.', parameters: { type: 'object', properties: { path: { type: 'string', description: 'Path to delete' } }, required: ['path'] } },
     { name: 'system_info', description: 'Get local system information (CPU, RAM, disk, OS, hostname).', parameters: { type: 'object', properties: {} } },
     { name: 'python_exec', description: 'Execute Python code inline. Use for data analysis, calculations, generating content, processing files, ML tasks.', parameters: { type: 'object', properties: { code: { type: 'string', description: 'Python code to execute' } }, required: ['code'] } },
     { name: 'python_pip', description: 'Install a Python package via pip.', parameters: { type: 'object', properties: { package: { type: 'string', description: 'Package name' } }, required: ['package'] } },
@@ -837,6 +904,16 @@ async function chat(userMessage, conversationHistory = []) {
       description: 'List files and directories.',
       input_schema: { type: 'object', properties: { path: { type: 'string', description: 'Directory path (default: current dir)' } } },
     },
+    {
+      name: 'edit_file',
+      description: 'Edit a file by finding and replacing text. Use for targeted edits without rewriting the whole file.',
+      input_schema: { type: 'object', properties: { path: { type: 'string', description: 'File path' }, search: { type: 'string', description: 'Exact text to find' }, replace: { type: 'string', description: 'Text to replace it with' } }, required: ['path', 'search', 'replace'] },
+    },
+    {
+      name: 'delete_file',
+      description: 'Delete a file or empty directory from the user\'s machine.',
+      input_schema: { type: 'object', properties: { path: { type: 'string', description: 'File or directory path to delete' } }, required: ['path'] },
+    },
     {
       name: 'system_info',
       description: 'Get local system information (CPU, RAM, disk, OS, hostname).',
@@ -961,6 +1038,8 @@ async function executeTool(name, input) {
       case 'read_file': return localTools.readFile.execute(input.path);
       case 'write_file': return localTools.writeFile.execute(input.path, input.content);
       case 'list_files': return localTools.listFiles.execute(input.path);
+      case 'edit_file': return localTools.editFile.execute(input.path, input.search, input.replace);
+      case 'delete_file': return localTools.deleteFile.execute(input.path);
       case 'system_info': return localTools.systemInfo.execute();
       case 'network_status': return JSON.stringify(await navada.network.ping());
       case 'lucas_exec': return JSON.stringify(await navada.lucas.exec(input.command));
@@ -1142,4 +1221,4 @@ async function reportTelemetry(event, data = {}) {
   }
 }
 
-module.exports = { IDENTITY, chat, localTools, reportTelemetry, fallbackChat, checkForUpdate, getUpdateInfo, rateTracker, sessionState, addToHistory, getConversationHistory, clearHistory };
+module.exports = { IDENTITY, chat, localTools, reportTelemetry, fallbackChat, checkForUpdate, getUpdateInfo, rateTracker, sessionState, addToHistory, getConversationHistory, clearHistory, listSubAgents };

package/lib/commands/audit.js

@@ -0,0 +1,355 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const ui = require('../ui');
+const config = require('../config');
+
+// ─────────────────────────────────────────────
+// CONFIG
+// ─────────────────────────────────────────────
+const NAVADA_DIR = path.join(os.homedir(), '.navada');
+const REPORTS_DIR = path.join(NAVADA_DIR, 'audit-reports');
+const CONFIG_FILE = path.join(NAVADA_DIR, 'config.json');
+
+// ─────────────────────────────────────────────
+// SOURCE SCANNER
+// ─────────────────────────────────────────────
+function findInSource(pattern, dir) {
+  const searchDirs = dir ? [dir] : ['src', 'lib', 'bin', 'server', 'api', 'routes', '.'];
+  const extensions = ['js', 'ts', 'mjs', 'cjs'];
+
+  for (const d of searchDirs) {
+    if (!fs.existsSync(d)) continue;
+    const files = walkDir(d, extensions);
+    for (const file of files) {
+      try {
+        const content = fs.readFileSync(file, 'utf8');
+        if (new RegExp(pattern, 'i').test(content)) return { found: true, file };
+      } catch { continue; }
+    }
+  }
+  return { found: false };
+}
+
+function walkDir(dir, extensions, files = []) {
+  try {
+    for (const entry of fs.readdirSync(dir)) {
+      if (entry === 'node_modules' || entry.startsWith('.')) continue;
+      const full = path.join(dir, entry);
+      try {
+        const stat = fs.statSync(full);
+        if (stat.isDirectory()) walkDir(full, extensions, files);
+        else if (extensions.some(ext => full.endsWith(`.${ext}`))) files.push(full);
+      } catch { continue; }
+    }
+  } catch {}
+  return files;
+}
+
+// ─────────────────────────────────────────────
+// STATIC CHECKS — current real-world state
+// ─────────────────────────────────────────────
+const CHECKS = {
+
+  cli: [
+    { id: 'CLI-01', name: 'Entry file has shebang', severity: 'CRITICAL', check: () => {
+      for (const f of ['bin/navada.js', 'bin/index.js', 'index.js']) {
+        if (fs.existsSync(f)) return fs.readFileSync(f, 'utf8').split('\n')[0].startsWith('#!/usr/bin/env node');
+      }
+      return { skipped: true, reason: 'No entry file found' };
+    }},
+    { id: 'CLI-02', name: 'package.json has bin field', severity: 'CRITICAL', check: () => {
+      if (!fs.existsSync('package.json')) return { skipped: true, reason: 'No package.json' };
+      const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
+      return !!(pkg.bin && Object.keys(pkg.bin).length > 0);
+    }},
+    { id: 'CLI-03', name: 'NO_COLOR respected', severity: 'MEDIUM', check: () => findInSource('NO_COLOR').found },
+    { id: 'CLI-04', name: 'Semantic versioning', severity: 'HIGH', check: () => {
+      if (!fs.existsSync('package.json')) return false;
+      return /^\d+\.\d+\.\d+/.test(JSON.parse(fs.readFileSync('package.json', 'utf8')).version || '');
+    }},
+    { id: 'CLI-05', name: 'Config in ~/.navada/', severity: 'HIGH', check: () => findInSource('.navada').found },
+    { id: 'CLI-06', name: 'Non-zero exit on failure', severity: 'HIGH', check: () => findInSource('process.exit\\(1\\)').found },
+    { id: 'CLI-07', name: 'README exists and >500 chars', severity: 'MEDIUM', check: () => {
+      if (!fs.existsSync('README.md')) return false;
+      return fs.readFileSync('README.md', 'utf8').length > 500;
+    }},
+    { id: 'CLI-08', name: 'LICENSE file exists', severity: 'LOW', check: () => fs.existsSync('LICENSE') || fs.existsSync('LICENSE.md') },
+  ],
+
+  security: [
+    { id: 'SEC-01', name: 'No hardcoded API keys in source', severity: 'CRITICAL', check: () => {
+      for (const p of ['sk-ant-api', 'sk-proj-', 'xai-[a-zA-Z]']) {
+        const r = findInSource(p);
+        if (r.found) return { pass: false, detail: `Pattern ${p} in ${r.file}` };
+      }
+      return true;
+    }},
+    { id: 'SEC-02', name: 'No plaintext passwords in source', severity: 'CRITICAL', check: () => !findInSource('password.*=.*["\'][^"\']{8,}["\']').found },
+    { id: 'SEC-03', name: '.gitignore covers .env', severity: 'CRITICAL', check: () => {
+      if (!fs.existsSync('.gitignore')) return { pass: false, detail: 'No .gitignore' };
+      return fs.readFileSync('.gitignore', 'utf8').includes('.env');
+    }},
+    { id: 'SEC-04', name: 'Config file permissions 600', severity: 'HIGH', check: () => {
+      if (!fs.existsSync(CONFIG_FILE)) return { skipped: true, reason: 'No config file' };
+      try { return (fs.statSync(CONFIG_FILE).mode & 0o777).toString(8) === '600'; }
+      catch { return { skipped: true, reason: 'Cannot read permissions' }; }
+    }},
+    { id: 'SEC-05', name: 'crypto.randomBytes for key gen', severity: 'CRITICAL', check: () => findInSource('randomBytes').found },
+    { id: 'SEC-06', name: 'IP sanitiser strips internal IPs', severity: 'CRITICAL', check: () => findInSource('100\\\\.\\d|192\\\\.168|sanitise').found },
+    { id: 'SEC-07', name: 'No Tailscale IPs in published npm files', severity: 'CRITICAL', check: () => {
+      const r = findInSource('100\\.88\\.118\\.128|100\\.98\\.118\\.33|100\\.77\\.206\\.9|100\\.121\\.187\\.67');
+      return !r.found;
+    }},
+  ],
+
+  api: [
+    { id: 'API-01', name: 'Versioned routes (/v1/)', severity: 'HIGH', check: () => findInSource('/v1/').found },
+    { id: 'API-02', name: 'Rate limiting implemented', severity: 'HIGH', check: () => findInSource('rateLimit|rate.*limit|rateTracker').found },
+    { id: 'API-03', name: 'Health endpoint exists', severity: 'HIGH', check: () => findInSource('/health').found },
+    { id: 'API-04', name: 'CORS configured', severity: 'HIGH', check: () => findInSource('Access-Control-Allow-Origin|cors').found },
+    { id: 'API-05', name: 'Clerk auth on user routes', severity: 'HIGH', check: () => findInSource('requireUser|clerkUser|verifySession').found },
+    { id: 'API-06', name: 'WebSocket server implemented', severity: 'MEDIUM', check: () => findInSource('WebSocketServer|wss|/ws').found },
+  ],
+
+  data: [
+    { id: 'DATA-01', name: 'User keys file-based (PG migration pending)', severity: 'MEDIUM', check: () => findInSource('user-keys.json').found },
+    { id: 'DATA-02', name: 'Key validation endpoint exists', severity: 'HIGH', check: () => findInSource('validate-key|validateKey').found },
+    { id: 'DATA-03', name: 'Keys masked in API responses', severity: 'CRITICAL', check: () => findInSource('substring.*12|slice\\(-4\\)').found },
+    { id: 'DATA-04', name: 'User-scoped key queries (userId filter)', severity: 'CRITICAL', check: () => findInSource('userId.*filter|filter.*userId').found },
+    { id: 'DATA-05', name: 'Azure Key Vault sync on key ops', severity: 'HIGH', check: () => findInSource('keyvault|syncKeyToVault|navada-edge-vault').found },
+    { id: 'DATA-06', name: 'Telemetry hashes hostname (no PII)', severity: 'HIGH', check: () => findInSource('createHash.*hostname|sha256.*hostname').found },
+  ],
+
+  docker: [
+    { id: 'DOCK-01', name: 'Docker Compose exists', severity: 'HIGH', check: () => fs.existsSync('docker-compose.yml') || fs.existsSync('Dockerfile') },
+    { id: 'DOCK-02', name: 'Restart policy: always', severity: 'HIGH', check: () => {
+      if (!fs.existsSync('docker-compose.yml')) return { skipped: true, reason: 'No compose file' };
+      return fs.readFileSync('docker-compose.yml', 'utf8').includes('restart: always');
+    }},
+    { id: 'DOCK-03', name: 'Healthchecks defined', severity: 'MEDIUM', check: () => {
+      if (!fs.existsSync('docker-compose.yml') && !fs.existsSync('Dockerfile')) return { skipped: true, reason: 'No Docker files' };
+      const content = fs.existsSync('docker-compose.yml') ? fs.readFileSync('docker-compose.yml', 'utf8') : fs.readFileSync('Dockerfile', 'utf8');
+      return content.toLowerCase().includes('healthcheck');
+    }},
+    { id: 'DOCK-04', name: 'Non-root user in Dockerfile', severity: 'MEDIUM', check: () => {
+      if (!fs.existsSync('Dockerfile')) return { skipped: true, reason: 'No Dockerfile' };
+      const content = fs.readFileSync('Dockerfile', 'utf8');
+      return content.includes('USER ') && !content.includes('USER root');
+    }},
+  ],
+
+  compliance: [
+    { id: 'COMP-01', name: 'Privacy Policy exists', severity: 'HIGH', check: () => fs.existsSync('privacy.md') || fs.existsSync('PRIVACY.md') || findInSource('/privacy').found },
+    { id: 'COMP-02', name: 'Terms of Service exists', severity: 'HIGH', check: () => fs.existsSync('terms.md') || fs.existsSync('TERMS.md') || findInSource('/terms').found },
+    { id: 'COMP-03', name: 'CHANGELOG exists', severity: 'MEDIUM', check: () => fs.existsSync('CHANGELOG.md') },
+  ],
+};
+
+// ─────────────────────────────────────────────
+// AI AUDIT PROMPT — matches current deployed state
+// ─────────────────────────────────────────────
+const AI_PROMPT = `You are auditing the NAVADA Edge Platform as deployed TODAY. Be precise — only reference what actually exists.
+
+CURRENT STATE (March 2026):
+- CLI: navada-edge-cli v3.4.1 on npm, 75 commands, 10 local tools (shell, files, python, sandbox)
+- SDK: navada-edge-sdk v1.2.0 on npm, zero deps
+- AI Providers: 6 (NAVADA free via OpenAI proxy, Anthropic, OpenAI, Gemini, NVIDIA, HuggingFace)
+- Free tier: Full tool use via GPT-4o-mini proxied through NAVADA dashboard, no API key needed
+- Auth: Clerk on portal (portal.navada-edge-server.uk), API keys (nv_edge_ format, 56 chars)
+- Key storage: File-based JSON (data/user-keys.json) — NOT in a database yet
+- Keys: Generated with crypto.randomBytes(24), stored as plaintext JSON — NOT hashed with bcrypt yet
+- IP sanitiser: Strips 100.x.x.x, 192.168.x.x, 10.x.x.x from user-facing responses
+- Dashboard: Express on :7900, WebSocket on /ws, SSE for metrics
+- Portal: Next.js + Clerk on :3500, via Cloudflare tunnel
+- Infrastructure: 4 Docker nodes (ASUS 9, EC2 7, Oracle 8, HP 2 = 26 containers)
+- Networking: Tailscale VPN mesh, Cloudflare tunnel (18 subdomains), navada-edge Docker network
+- Database: PostgreSQL 17 on HP :5433 (host, not Docker) — used for projects, NOT for user data yet
+- Registry: Private Docker registry at ASUS:5000
+- Portainer: Oracle :9000 managing all 4 nodes via agents
+- Azure Key Vault: navada-edge-vault stores all secrets, user keys synced on create/revoke
+
+NOT YET BUILT:
+- Edge Compute MCP (/offload, /sessions, /attach)
+- Agent customisation (agent.md, sub-agents)
+- Azure compute node
+- Billing/metering
+- User data in PostgreSQL (still file-based)
+- bcrypt key hashing
+- GDPR endpoints (deletion, export)
+- OpenAPI spec
+- Privacy Policy / Terms of Service
+
+Based on the static check results, audit:
+1. SECURITY: Key handling, auth, IP exposure, file permissions, secret management
+2. API DESIGN: Versioning, rate limiting, error handling, CORS, WebSocket auth
+3. DATA: User isolation, key masking, storage security, vault sync
+4. DOCKER: Compose management, healthchecks, restart policies, network isolation
+5. GAPS: What must be fixed before first paying customer (prioritised)
+
+For each finding: [PASS/FAIL/PARTIAL] — ID — Item — Severity — One-line fix
+End with: Top 5 priorities before first customer (numbered, actionable).`;
+
+// ─────────────────────────────────────────────
+// RUN CHECKS
+// ─────────────────────────────────────────────
+function runCheck(check) {
+  try {
+    const r = check.check();
+    if (r === true) return 'PASS';
+    if (r === false) return 'FAIL';
+    if (r && r.skipped) return 'SKIP';
+    if (r && r.pass === false) return 'FAIL';
+    return 'PASS';
+  } catch { return 'ERROR'; }
+}
+
+async function runAIAudit(staticSummary) {
+  const apiKey = config.get('anthropicKey') || process.env.ANTHROPIC_API_KEY;
+  if (!apiKey) return null;
+
+  const https = require('https');
+  const body = JSON.stringify({
+    model: 'claude-sonnet-4-20250514',
+    max_tokens: 4000,
+    messages: [{ role: 'user', content: `${AI_PROMPT}\n\nSTATIC RESULTS:\n${staticSummary}` }],
+  });
+
+  return new Promise((resolve) => {
+    const req = https.request('https://api.anthropic.com/v1/messages', {
+      method: 'POST',
+      headers: { 'x-api-key': apiKey, 'anthropic-version': '2023-06-01', 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) },
+      timeout: 60000,
+    }, (res) => {
+      let data = '';
+      res.on('data', c => data += c);
+      res.on('end', () => {
+        try {
+          const d = JSON.parse(data);
+          resolve(d.content?.[0]?.text || d.error?.message || 'No response');
+        } catch { resolve('Failed to parse AI response'); }
+      });
+    });
+    req.on('error', (e) => resolve(`AI audit error: ${e.message}`));
+    req.on('timeout', () => { req.destroy(); resolve('AI audit timed out'); });
+    req.write(body);
+    req.end();
+  });
+}
+
+// ─────────────────────────────────────────────
+// CLI COMMAND REGISTRATION
+// ─────────────────────────────────────────────
+module.exports = function(reg) {
+
+  reg('audit', 'Enterprise security and compliance audit', async (args) => {
+    const section = args[0];
+    const saveFlag = args.includes('--save');
+    const jsonFlag = args.includes('--json');
+
+    if (section === 'help') {
+      console.log(ui.header('NAVADA ENTERPRISE AUDIT'));
+      console.log(ui.cmd('audit', 'Full audit (all sections)'));
+      console.log(ui.cmd('audit cli', 'CLI standards checks'));
+      console.log(ui.cmd('audit security', 'Security checks'));
+      console.log(ui.cmd('audit api', 'API design checks'));
+      console.log(ui.cmd('audit data', 'Data management checks'));
+      console.log(ui.cmd('audit docker', 'Docker/infrastructure checks'));
+      console.log(ui.cmd('audit compliance', 'Compliance checks'));
+      console.log('');
+      console.log(ui.dim('Flags: --save (save report)  --json (machine output)'));
+      return;
+    }
+
+    const startTime = Date.now();
+    if (!jsonFlag) console.log(ui.header('NAVADA ENTERPRISE AUDIT'));
+
+    // Determine sections to run
+    const validSections = Object.keys(CHECKS);
+    const sections = section && validSections.includes(section) ? { [section]: CHECKS[section] } : CHECKS;
+
+    if (section && !validSections.includes(section) && section !== '--save' && section !== '--json') {
+      console.log(ui.error(`Unknown section: ${section}`));
+      console.log(ui.dim(`Available: ${validSections.join(', ')}`));
+      return;
+    }
+
+    // Run static checks
+    const results = {};
+    let pass = 0, fail = 0, skip = 0;
+    const criticals = [];
+
+    for (const [name, checks] of Object.entries(sections)) {
+      results[name] = [];
+      if (!jsonFlag) console.log(`\n  ${ui.dim(name.toUpperCase())}`);
+
+      for (const check of checks) {
+        const status = runCheck(check);
+        results[name].push({ id: check.id, name: check.name, severity: check.severity, status });
+
+        if (status === 'PASS') pass++;
+        else if (status === 'FAIL') { fail++; if (check.severity === 'CRITICAL') criticals.push(check); }
+        else skip++;
+
+        if (!jsonFlag) {
+          const icon = status === 'PASS' ? '\x1b[32mPASS\x1b[0m' : status === 'FAIL' ? '\x1b[31mFAIL\x1b[0m' : '\x1b[2mSKIP\x1b[0m';
+          const sev = check.severity === 'CRITICAL' ? '\x1b[31m' : check.severity === 'HIGH' ? '\x1b[33m' : '\x1b[2m';
+          console.log(`    ${icon}  ${sev}${check.severity.padEnd(8)}\x1b[0m  ${check.id}  ${check.name}`);
+        }
+      }
+    }
+
+    // Summary
+    const total = pass + fail + skip;
+    const rate = Math.round((pass / (total - skip)) * 100);
+    const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+
+    if (!jsonFlag) {
+      console.log(ui.header('SUMMARY'));
+      console.log(ui.label('PASS', String(pass)));
+      console.log(ui.label('FAIL', String(fail)));
+      console.log(ui.label('SKIP', String(skip)));
+      console.log(ui.label('Pass rate', `${rate}%`));
+      console.log(ui.label('Time', `${elapsed}s`));
+
+      if (criticals.length > 0) {
+        console.log('');
+        console.log(ui.error('CRITICAL FAILURES:'));
+        for (const c of criticals) console.log(ui.error(`  ${c.id} — ${c.name}`));
+      }
+    }
+
+    // AI audit (if no specific section and API key available)
+    let aiResult = null;
+    if (!section || section === '--save') {
+      const summary = Object.entries(results).map(([s, checks]) =>
+        `[${s.toUpperCase()}]\n` + checks.map(c => `  ${c.status.padEnd(5)} ${c.id} — ${c.name}`).join('\n')
+      ).join('\n');
+
+      if (!jsonFlag) console.log(ui.dim('\n  Running AI audit...'));
+      aiResult = await runAIAudit(summary);
+      if (aiResult && !jsonFlag) {
+        console.log(ui.header('AI AUDIT FINDINGS'));
+        console.log(`  ${aiResult}`);
+      }
+    }
+
+    // Save report
+    if (saveFlag) {
+      const report = { meta: { date: new Date().toISOString(), elapsed, cwd: process.cwd() }, summary: { total, pass, fail, skip, rate }, results, aiAudit: aiResult };
+      try {
+        fs.mkdirSync(REPORTS_DIR, { recursive: true });
+        const file = path.join(REPORTS_DIR, `audit-${new Date().toISOString().replace(/[:.]/g, '-')}.json`);
+        fs.writeFileSync(file, JSON.stringify(report, null, 2));
+        if (!jsonFlag) console.log(ui.success(`Report saved: ${file}`));
+      } catch (e) { if (!jsonFlag) console.log(ui.warn(`Could not save: ${e.message}`)); }
+    }
+
+    if (jsonFlag) {
+      console.log(JSON.stringify({ summary: { total, pass, fail, skip, rate }, results, aiAudit: aiResult }, null, 2));
+    }
+
+  }, { category: 'SYSTEM', subs: ['cli', 'security', 'api', 'data', 'docker', 'compliance', 'help'] });
+};

package/lib/commands/compute.js

@@ -0,0 +1,225 @@
+'use strict';
+
+const navada = require('navada-edge-sdk');
+const ui = require('../ui');
+const config = require('../config');
+const https = require('https');
+const http = require('http');
+
+const COMPUTE_ENDPOINT = 'https://edge-compute.navada-edge-server.uk';
+
+function getEdgeKey() {
+  return config.get('edgeKey') || '';
+}
+
+function request(method, path, body) {
+  const key = getEdgeKey();
+  if (!key) return Promise.reject(new Error('Not connected. Run /edge login <key> first.'));
+
+  const url = new URL(COMPUTE_ENDPOINT + path);
+  const transport = url.protocol === 'https:' ? https : http;
+  const payload = body ? JSON.stringify(body) : '';
+
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, {
+      method,
+      headers: {
+        'Content-Type': 'application/json',
+        'x-api-key': key,
+        ...(payload ? { 'Content-Length': Buffer.byteLength(payload) } : {}),
+      },
+      timeout: 30000,
+    }, (res) => {
+      let data = '';
+      res.on('data', c => data += c);
+      res.on('end', () => {
+        try { resolve({ status: res.statusCode, data: JSON.parse(data) }); }
+        catch { resolve({ status: res.statusCode, data }); }
+      });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => { req.destroy(); reject(new Error('Timeout')); });
+    if (payload) req.write(payload);
+    req.end();
+  });
+}
+
+module.exports = function(reg) {
+
+  // ── /offload ── Send a task to the cloud
+  reg('offload', 'Run a task on the Edge Network (24/7 cloud)', async (args) => {
+    if (!args.length) {
+      console.log(ui.header('EDGE COMPUTE — OFFLOAD'));
+      console.log(ui.cmd('offload <command>', 'Run a shell command on EC2'));
+      console.log(ui.cmd('offload --python <code>', 'Run Python code on EC2'));
+      console.log(ui.cmd('offload --js <code>', 'Run JavaScript on EC2'));
+      console.log(ui.cmd('offload --name <name> <cmd>', 'Name the task'));
+      console.log('');
+      console.log(ui.dim('Examples:'));
+      console.log(ui.dim('  /offload npm test'));
+      console.log(ui.dim('  /offload --python "import time; time.sleep(60); print(\'done\')"'));
+      console.log(ui.dim('  /offload --name "nightly-backup" tar czf backup.tar.gz /data'));
+      console.log('');
+      console.log(ui.dim('Requires Edge Network connection: /edge login <key>'));
+      return;
+    }
+
+    const isPython = args.includes('--python');
+    const isJs = args.includes('--js');
+    const nameIdx = args.indexOf('--name');
+    let name = 'task';
+    let filteredArgs = [...args];
+
+    if (nameIdx >= 0) {
+      name = args[nameIdx + 1] || 'task';
+      filteredArgs.splice(nameIdx, 2);
+    }
+    filteredArgs = filteredArgs.filter(a => a !== '--python' && a !== '--js');
+
+    const body = {};
+    if (isPython) {
+      body.code = filteredArgs.join(' ');
+      body.language = 'python';
+    } else if (isJs) {
+      body.code = filteredArgs.join(' ');
+      body.language = 'javascript';
+    } else {
+      body.command = filteredArgs.join(' ');
+    }
+    body.name = name;
+
+    const ora = require('ora');
+    const spinner = ora({ text: '  Offloading to Edge Network...', color: 'white' }).start();
+
+    try {
+      const r = await request('POST', '/offload', body);
+      spinner.stop();
+
+      if (r.status === 201) {
+        console.log(ui.success(`Task offloaded: ${r.data.session.id}`));
+        console.log(ui.label('Session', r.data.session.id));
+        console.log(ui.label('Task', r.data.session.task));
+        console.log(ui.label('Status', r.data.session.status));
+        console.log('');
+        console.log(ui.dim(`Track: /sessions`));
+        console.log(ui.dim(`Output: /attach ${r.data.session.id}`));
+      } else if (r.status === 401) {
+        console.log(ui.error('Invalid API key. Run /edge login <key>'));
+      } else if (r.status === 429) {
+        console.log(ui.warn(r.data.error || 'Concurrent task limit reached'));
+      } else {
+        console.log(ui.error(r.data.error || `HTTP ${r.status}`));
+      }
+    } catch (e) {
+      spinner.stop();
+      console.log(ui.error(`Edge Compute unreachable: ${e.message}`));
+      console.log(ui.dim('The Edge Network may be offline. Try /doctor'));
+    }
+  }, { category: 'EDGE' });
+
+  // ── /sessions ── List cloud sessions
+  reg('sessions', 'View Edge Network task sessions', async () => {
+    const ora = require('ora');
+    const spinner = ora({ text: '  Loading sessions...', color: 'white' }).start();
+
+    try {
+      const r = await request('GET', '/sessions');
+      spinner.stop();
+
+      if (r.status === 401) { console.log(ui.error('Not connected. /edge login <key>')); return; }
+      if (r.status !== 200) { console.log(ui.error(r.data.error || `HTTP ${r.status}`)); return; }
+
+      console.log(ui.header('EDGE SESSIONS'));
+      const sessions = r.data.sessions || [];
+
+      if (sessions.length === 0) {
+        console.log(ui.dim('No sessions yet. /offload <command> to start one.'));
+        return;
+      }
+
+      for (const s of sessions) {
+        const statusColor = s.status === 'completed' ? '\x1b[32m' : s.status === 'running' ? '\x1b[33m' : '\x1b[31m';
+        const statusLabel = `${statusColor}${s.status.toUpperCase()}\x1b[0m`;
+        const age = s.completedAt ? timeSince(s.completedAt) : timeSince(s.createdAt);
+        console.log(`  ${statusLabel}  ${s.id.slice(0, 16)}  ${(s.task || '').padEnd(20)}  ${age}`);
+      }
+
+      console.log('');
+      console.log(ui.label('Total', String(r.data.total)));
+      console.log(ui.label('Limits', `${r.data.limits.concurrent} concurrent, ${Math.round(r.data.limits.maxRuntime / 60000)}min max`));
+      console.log('');
+      console.log(ui.dim('Details: /attach <session-id>'));
+    } catch (e) {
+      spinner.stop();
+      console.log(ui.error(`Edge Compute unreachable: ${e.message}`));
+    }
+  }, { category: 'EDGE' });
+
+  // ── /attach ── Stream session output
+  reg('attach', 'Attach to a running Edge session (stream output)', async (args) => {
+    const id = args[0];
+    if (!id) {
+      console.log(ui.dim('Usage: /attach <session-id>'));
+      console.log(ui.dim('List sessions: /sessions'));
+      return;
+    }
+
+    // If short ID, try to match
+    const sessionId = id.startsWith('ses_') ? id : `ses_${id}`;
+
+    try {
+      const r = await request('GET', `/session/${sessionId}`);
+      if (r.status === 404) { console.log(ui.error('Session not found')); return; }
+      if (r.status === 401) { console.log(ui.error('Not connected. /edge login <key>')); return; }
+
+      const s = r.data;
+      console.log(ui.header(`SESSION ${s.id}`));
+      console.log(ui.label('Task', s.task?.name || s.task?.command?.slice(0, 60) || '?'));
+      console.log(ui.label('Status', s.status));
+      console.log(ui.label('Created', s.createdAt));
+      if (s.completedAt) console.log(ui.label('Completed', s.completedAt));
+      if (s.exitCode !== null) console.log(ui.label('Exit code', String(s.exitCode)));
+      if (s.error) console.log(ui.label('Error', s.error));
+
+      if (s.output) {
+        console.log('');
+        console.log(ui.dim('── OUTPUT ──'));
+        console.log(s.output);
+      }
+
+      if (s.status === 'running') {
+        console.log('');
+        console.log(ui.dim('Session is running. Output will update on refresh.'));
+        console.log(ui.dim('Kill: /kill ' + s.id));
+      }
+    } catch (e) {
+      console.log(ui.error(`Edge Compute unreachable: ${e.message}`));
+    }
+  }, { category: 'EDGE' });
+
+  // ── /kill ── Kill a running session
+  reg('kill', 'Kill a running Edge session', async (args) => {
+    const id = args[0];
+    if (!id) { console.log(ui.dim('Usage: /kill <session-id>')); return; }
+    const sessionId = id.startsWith('ses_') ? id : `ses_${id}`;
+
+    try {
+      const r = await request('DELETE', `/session/${sessionId}`);
+      if (r.status === 200) {
+        console.log(ui.success(`Session ${sessionId} killed`));
+      } else {
+        console.log(ui.error(r.data.error || `HTTP ${r.status}`));
+      }
+    } catch (e) {
+      console.log(ui.error(e.message));
+    }
+  }, { category: 'EDGE' });
+};
+
+function timeSince(iso) {
+  const ms = Date.now() - new Date(iso).getTime();
+  if (ms < 60000) return `${Math.round(ms / 1000)}s ago`;
+  if (ms < 3600000) return `${Math.round(ms / 60000)}m ago`;
+  if (ms < 86400000) return `${Math.round(ms / 3600000)}h ago`;
+  return `${Math.round(ms / 86400000)}d ago`;
+}

package/lib/commands/edge.js

@@ -9,6 +9,8 @@ const VALIDATE_ENDPOINTS = [
   'https://api.navada-edge-server.uk/api/v1/public/validate-key',
 ];
 
+const { sessionState, listSubAgents } = require('../agent');
+
 module.exports = function(reg) {
 
   // /onboard — open portal in browser
@@ -51,9 +53,10 @@ module.exports = function(reg) {
       console.log(ui.cmd('edge status', 'Check your Edge Network connection'));
       console.log(ui.cmd('edge logout', 'Disconnect from Edge Network'));
       console.log(ui.cmd('edge tier', 'Show your current tier and limits'));
+      console.log(ui.cmd('edge setup', 'Create agent.md and sub-agents directory'));
       console.log(ui.cmd('onboard', 'Create account and get API key'));
       console.log('');
-      console.log(ui.dim('Get started: /onboard'));
+      console.log(ui.dim('Get started: /onboard  |  Customise: /edge setup'));
       return;
     }
 
@@ -179,8 +182,133 @@ module.exports = function(reg) {
       return;
     }
 
+    // /edge setup — create agent.md and agents/ directory
+    if (sub === 'setup') {
+      const fs = require('fs');
+      const path = require('path');
+      const agentDir = path.join(config.CONFIG_DIR, 'agents');
+      const agentMd = path.join(config.CONFIG_DIR, 'agent.md');
+
+      console.log(ui.header('NAVADA EDGE — AGENT SETUP'));
+
+      // Create directories
+      if (!fs.existsSync(config.CONFIG_DIR)) fs.mkdirSync(config.CONFIG_DIR, { recursive: true });
+      if (!fs.existsSync(agentDir)) fs.mkdirSync(agentDir, { recursive: true });
+
+      // Create agent.md if it doesn't exist
+      if (!fs.existsSync(agentMd)) {
+        fs.writeFileSync(agentMd, `# My NAVADA Agent
+
+## About Me
+<!-- Tell the agent who you are, what you do, what stack you use -->
+I am a developer working on...
+
+## My Infrastructure
+<!-- Describe your servers, services, databases -->
+- ...
+
+## Preferences
+<!-- How should the agent behave? What tone? What conventions? -->
+- Be concise and technical
+- Use TypeScript for new code
+- Always explain changes before making them
+
+## Automation Rules
+<!-- What should the agent do automatically? -->
+- ...
+`);
+        console.log(ui.success('Created ~/.navada/agent.md'));
+        console.log(ui.dim('  Edit this file to customise your agent\'s personality and context.'));
+      } else {
+        console.log(ui.dim('  agent.md already exists'));
+      }
+
+      // Create example sub-agent
+      const exampleAgent = path.join(agentDir, 'deploy-bot.md');
+      if (!fs.existsSync(exampleAgent)) {
+        fs.writeFileSync(exampleAgent, `You are a deployment specialist agent. When the user asks you to deploy, you:
+1. Check the current git status
+2. Run tests if a test script exists
+3. Build the Docker image
+4. Push to the registry at 100.88.118.128:5000
+5. Deploy to the target node via SSH
+
+Be methodical. Confirm each step before proceeding. Report any failures immediately.
+`);
+        console.log(ui.success('Created ~/.navada/agents/deploy-bot.md (example)'));
+      }
+
+      console.log('');
+      console.log(ui.label('Agent config', agentMd));
+      console.log(ui.label('Sub-agents', agentDir));
+      console.log('');
+      console.log(ui.dim('Your agent.md is loaded every time you chat.'));
+      console.log(ui.dim('Sub-agents: /agent list | /agent use deploy-bot'));
+      return;
+    }
+
     console.log(ui.dim('Unknown subcommand. Try /edge help'));
 
-  }, { category: 'EDGE', subs: ['login', 'status', 'logout', 'tier', 'help'] });
+  }, { category: 'EDGE', subs: ['login', 'status', 'logout', 'tier', 'setup', 'help'] });
+
+  // ── /agent ── Manage sub-agents
+  reg('agent', 'Manage NAVADA sub-agents', (args) => {
+    const sub = args[0];
+    const fs = require('fs');
+    const path = require('path');
+
+    if (!sub || sub === 'list') {
+      const agents = listSubAgents();
+      console.log(ui.header('SUB-AGENTS'));
+      if (agents.length === 0) {
+        console.log(ui.dim('No sub-agents. Create one: /edge setup'));
+        return;
+      }
+      for (const a of agents) {
+        const active = sessionState.subAgent === a ? ' \x1b[32m(active)\x1b[0m' : '';
+        console.log(ui.label(a, active));
+      }
+      console.log('');
+      console.log(ui.dim('Use: /agent use <name>  |  Off: /agent off'));
+      return;
+    }
+
+    if (sub === 'use' && args[1]) {
+      const name = args[1];
+      const agentFile = path.join(config.CONFIG_DIR, 'agents', `${name}.md`);
+      if (!fs.existsSync(agentFile)) {
+        console.log(ui.error(`Sub-agent not found: ${name}`));
+        console.log(ui.dim('Available: ' + (listSubAgents().join(', ') || 'none')));
+        return;
+      }
+      sessionState.subAgent = name;
+      console.log(ui.success(`Sub-agent activated: ${name}`));
+      console.log(ui.dim('The agent will now use this persona. /agent off to reset.'));
+      return;
+    }
+
+    if (sub === 'off' || sub === 'reset') {
+      sessionState.subAgent = null;
+      console.log(ui.success('Sub-agent deactivated. Using default NAVADA agent.'));
+      return;
+    }
+
+    if (sub === 'show' && args[1]) {
+      const agentFile = path.join(config.CONFIG_DIR, 'agents', `${args[1]}.md`);
+      if (!fs.existsSync(agentFile)) { console.log(ui.error('Not found')); return; }
+      console.log(ui.header(`AGENT: ${args[1]}`));
+      console.log(fs.readFileSync(agentFile, 'utf-8'));
+      return;
+    }
+
+    console.log(ui.header('AGENT COMMANDS'));
+    console.log(ui.cmd('agent list', 'List all sub-agents'));
+    console.log(ui.cmd('agent use <name>', 'Activate a sub-agent'));
+    console.log(ui.cmd('agent off', 'Deactivate sub-agent'));
+    console.log(ui.cmd('agent show <name>', 'View sub-agent prompt'));
+    console.log('');
+    console.log(ui.dim('Create agents: /edge setup'));
+    console.log(ui.dim('Agents live in: ~/.navada/agents/<name>.md'));
+  }, { category: 'EDGE', subs: ['list', 'use', 'off', 'show', 'reset'] });
 
 };

package/lib/commands/files.js

@@ -0,0 +1,164 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const ui = require('../ui');
+
+module.exports = function(reg) {
+
+  // ── /read <path> ── Read a file
+  reg('read', 'Read a file from your machine', (args) => {
+    if (!args[0]) { console.log(ui.dim('Usage: /read <file-path>')); return; }
+    const filePath = path.resolve(args.join(' '));
+    try {
+      const content = fs.readFileSync(filePath, 'utf-8');
+      const lines = content.split('\n');
+      console.log(ui.header(`FILE: ${filePath}`));
+      console.log(ui.dim(`${lines.length} lines, ${Buffer.byteLength(content)} bytes`));
+      console.log('');
+      // Show with line numbers, cap at 200 lines
+      const show = lines.slice(0, 200);
+      show.forEach((line, i) => console.log(`  ${String(i + 1).padStart(4)}  ${line}`));
+      if (lines.length > 200) console.log(ui.dim(`  ... ${lines.length - 200} more lines`));
+    } catch (e) {
+      console.log(ui.error(e.code === 'ENOENT' ? `File not found: ${filePath}` : e.message));
+    }
+  }, { category: 'FILES', aliases: ['cat'] });
+
+  // ── /write <path> <content> ── Write/create a file
+  reg('write', 'Write content to a file (creates dirs if needed)', (args) => {
+    if (args.length < 2) {
+      console.log(ui.dim('Usage: /write <file-path> <content>'));
+      console.log(ui.dim('  /write hello.txt Hello World'));
+      console.log(ui.dim('  /write src/config.json {"key":"value"}'));
+      return;
+    }
+    const filePath = path.resolve(args[0]);
+    const content = args.slice(1).join(' ');
+    try {
+      const dir = path.dirname(filePath);
+      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+      fs.writeFileSync(filePath, content);
+      console.log(ui.success(`Written: ${filePath} (${Buffer.byteLength(content)} bytes)`));
+    } catch (e) {
+      console.log(ui.error(e.message));
+    }
+  }, { category: 'FILES' });
+
+  // ── /edit <path> <search> -> <replace> ── Find and replace in a file
+  reg('edit', 'Edit a file (find and replace)', (args) => {
+    const raw = args.join(' ');
+    const sepIdx = raw.indexOf(' -> ');
+    if (!args[0] || sepIdx === -1) {
+      console.log(ui.dim('Usage: /edit <file-path> <search-text> -> <replace-text>'));
+      console.log(ui.dim('  /edit config.json "port": 3000 -> "port": 8080'));
+      return;
+    }
+    // First arg is the file path, rest is search -> replace
+    const filePath = path.resolve(args[0]);
+    const afterPath = raw.slice(raw.indexOf(args[0]) + args[0].length + 1);
+    const arrowIdx = afterPath.indexOf(' -> ');
+    if (arrowIdx === -1) {
+      console.log(ui.dim('Use " -> " to separate search and replace text'));
+      return;
+    }
+    const search = afterPath.slice(0, arrowIdx);
+    const replace = afterPath.slice(arrowIdx + 4);
+
+    try {
+      const content = fs.readFileSync(filePath, 'utf-8');
+      if (!content.includes(search)) {
+        console.log(ui.error('Search text not found in file'));
+        return;
+      }
+      const updated = content.replace(search, replace);
+      fs.writeFileSync(filePath, updated);
+      console.log(ui.success(`Edited: ${filePath}`));
+      console.log(ui.dim(`  "${search.slice(0, 40)}${search.length > 40 ? '...' : ''}" → "${replace.slice(0, 40)}${replace.length > 40 ? '...' : ''}"`));
+    } catch (e) {
+      console.log(ui.error(e.code === 'ENOENT' ? `File not found: ${filePath}` : e.message));
+    }
+  }, { category: 'FILES' });
+
+  // ── /delete <path> ── Delete a file
+  reg('delete', 'Delete a file or empty directory', (args) => {
+    if (!args[0]) { console.log(ui.dim('Usage: /delete <file-path>')); return; }
+    const filePath = path.resolve(args.join(' '));
+    try {
+      const stat = fs.statSync(filePath);
+      if (stat.isDirectory()) {
+        fs.rmdirSync(filePath);
+        console.log(ui.success(`Deleted directory: ${filePath}`));
+      } else {
+        fs.unlinkSync(filePath);
+        console.log(ui.success(`Deleted: ${filePath} (${stat.size} bytes)`));
+      }
+    } catch (e) {
+      if (e.code === 'ENOENT') console.log(ui.error(`Not found: ${filePath}`));
+      else if (e.code === 'ENOTEMPTY') console.log(ui.error('Directory not empty. Use /run rm -rf <path> for recursive delete.'));
+      else console.log(ui.error(e.message));
+    }
+  }, { category: 'FILES', aliases: ['rm'] });
+
+  // ── /ls [path] ── List files
+  reg('ls', 'List files and directories', (args) => {
+    const dir = path.resolve(args.join(' ') || '.');
+    try {
+      const items = fs.readdirSync(dir, { withFileTypes: true });
+      console.log(ui.header(`DIR: ${dir}`));
+      if (items.length === 0) { console.log(ui.dim('  (empty)')); return; }
+
+      const dirs = items.filter(i => i.isDirectory()).sort((a, b) => a.name.localeCompare(b.name));
+      const files = items.filter(i => !i.isDirectory()).sort((a, b) => a.name.localeCompare(b.name));
+
+      for (const d of dirs) console.log(`  \x1b[34md\x1b[0m  ${d.name}/`);
+      for (const f of files) {
+        try {
+          const stat = fs.statSync(path.join(dir, f.name));
+          const size = stat.size < 1024 ? `${stat.size}B` : stat.size < 1048576 ? `${(stat.size / 1024).toFixed(1)}K` : `${(stat.size / 1048576).toFixed(1)}M`;
+          console.log(`  f  ${f.name.padEnd(40)} ${size}`);
+        } catch {
+          console.log(`  f  ${f.name}`);
+        }
+      }
+      console.log('');
+      console.log(ui.dim(`  ${dirs.length} dirs, ${files.length} files`));
+    } catch (e) {
+      console.log(ui.error(e.code === 'ENOENT' ? `Not found: ${dir}` : e.message));
+    }
+  }, { category: 'FILES', aliases: ['dir'] });
+
+  // ── /mkdir <path> ── Create directory
+  reg('mkdir', 'Create a directory (including parents)', (args) => {
+    if (!args[0]) { console.log(ui.dim('Usage: /mkdir <dir-path>')); return; }
+    const dirPath = path.resolve(args.join(' '));
+    try {
+      fs.mkdirSync(dirPath, { recursive: true });
+      console.log(ui.success(`Created: ${dirPath}`));
+    } catch (e) {
+      console.log(ui.error(e.message));
+    }
+  }, { category: 'FILES' });
+
+  // ── /touch <path> ── Create empty file
+  reg('touch', 'Create an empty file', (args) => {
+    if (!args[0]) { console.log(ui.dim('Usage: /touch <file-path>')); return; }
+    const filePath = path.resolve(args.join(' '));
+    try {
+      const dir = path.dirname(filePath);
+      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+      if (fs.existsSync(filePath)) {
+        // Update mtime like Unix touch
+        const now = new Date();
+        fs.utimesSync(filePath, now, now);
+        console.log(ui.success(`Touched: ${filePath}`));
+      } else {
+        fs.writeFileSync(filePath, '');
+        console.log(ui.success(`Created: ${filePath}`));
+      }
+    } catch (e) {
+      console.log(ui.error(e.message));
+    }
+  }, { category: 'FILES' });
+
+};

package/lib/commands/index.js

@@ -6,7 +6,7 @@ const { register } = require('../registry');
 const moduleNames = [
   'network', 'mcp', 'lucas', 'docker', 'database', 'cloudflare',
   'ai', 'azure', 'agents', 'tasks', 'keys', 'setup', 'system',
-  'learn', 'sandbox', 'nvidia', 'edge', 'conversations',
+  'learn', 'sandbox', 'nvidia', 'edge', 'conversations', 'audit', 'compute', 'files',
 ];
 
 function loadAll() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "navada-edge-cli",
-  "version": "3.4.1",
+  "version": "3.5.1",
   "description": "Interactive CLI for the NAVADA Edge Network — explore nodes, agents, Cloudflare, AI, Docker, and MCP from your terminal",
   "main": "lib/cli.js",
   "bin": {