scriveno 2.0.8 → 2.0.10

package/README.md

@@ -2,10 +2,13 @@
 
 [![CI](https://github.com/aihxp/scriveno/actions/workflows/ci.yml/badge.svg)](https://github.com/aihxp/scriveno/actions/workflows/ci.yml)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
-[![Version](https://img.shields.io/badge/version-2.0.8-blue)](CHANGELOG.md)
+[![Version](https://img.shields.io/badge/version-2.0.10-blue)](CHANGELOG.md)
 [![npm](https://img.shields.io/npm/v/scriveno.svg)](https://www.npmjs.com/package/scriveno)
 [![Downloads](https://img.shields.io/npm/dm/scriveno.svg)](https://www.npmjs.com/package/scriveno)
 [![Status CLI](https://img.shields.io/badge/status%20CLI-scriveno%20status-blue)](docs/runtime-support.md#shared-auto-invoke-engine)
+[![Route Intelligence](https://img.shields.io/badge/route%20intelligence-agent%20lanes-blue)](docs/auto-invoke-policy.md)
+[![Runtime Smoke](https://img.shields.io/badge/runtime%20smoke-install%20checks-blue)](docs/runtime-support.md#runtime-smoke-and-agent-checks)
+[![Safe Apply](https://img.shields.io/badge/safe%20apply-visible%20gates-blue)](docs/auto-invoke-policy.md#safe-apply-and-audit-commands)
 
 **[scriveno on npm](https://www.npmjs.com/package/scriveno)**
 
@@ -22,6 +25,7 @@ npx scriveno@latest
 
 # Optional project status check
 scriveno status --project .
+scriveno sync --check
 ```
 
 ---
@@ -79,9 +83,18 @@ Scriveno ships a shared read-only status engine for every installer target. The
 ```bash
 scriveno status --project .
 scriveno status . --json
+scriveno status --project . --apply-safe
+scriveno sync --check
+scriveno smoke --json
+scriveno agents --json
+scriveno routes --json
 ```
 
-It inspects disk evidence such as `.manuscript/`, `STATE.md`, `CONTEXT.md`, review files, translation work, exports, and history, then recommends the safest next command. The engine does not mutate files and does not spawn agents by itself. Command surfaces such as `/scr-next`, `/scr:next`, `/scr:progress`, `/scr:session-report`, and `/scr:sync` call it when local command execution is available, then fall back to embedded markdown logic when a host cannot run Node. See [Auto-Invoke Policy](docs/auto-invoke-policy.md) and [Runtime Support](docs/runtime-support.md#shared-auto-invoke-engine).
+It inspects disk evidence such as `.manuscript/`, `STATE.md`, `CONTEXT.md`, plan files, drafts, review coverage, notes, revision proposals, translation work, publishing prerequisites, exports, and history, then recommends the safest next command. The engine does not mutate files and does not spawn agents by itself. Command surfaces such as `/scr-next`, `/scr:next`, `/scr:progress`, `/scr:session-report`, and `/scr:sync` call it when local command execution is available, then fall back to embedded markdown logic when a host cannot run Node. See [Auto-Invoke Policy](docs/auto-invoke-policy.md) and [Runtime Support](docs/runtime-support.md#shared-auto-invoke-engine).
+
+The status report separates `Candidate agents`, `Candidate local helpers`, and `Manual gates`. That means Scriveno can say when a route is ready for a drafter, voice-checker, translator, continuity-checker, or review worker, when a deterministic helper such as save or scan is enough, and when writer approval is required for publishing, export overwrites, track merges, or undo.
+
+`--apply-safe` runs only read-only checks and reports write-gated helpers instead of touching manuscript files. `sync --check`, `smoke`, `agents`, and `routes` expose the same cross-runtime audit layer for Claude Code, Codex, Cursor, Gemini CLI, OpenCode, GitHub Copilot, Windsurf, Antigravity, Manus, Perplexity Desktop, and the generic skill fallback.
 
 ---
 
@@ -188,7 +201,8 @@ Scriveno is built on five principles:
 - [Contributing](docs/contributing.md) -- How to add commands, agents, work types, and templates
 - [Architecture](docs/architecture.md) -- How Scriveno works under the hood
 - [Configuration](docs/configuration.md) -- Package, installer, constraints, and `.manuscript/config.json` surfaces
-- [Auto-Invoke Policy](docs/auto-invoke-policy.md) -- Shared status engine, visible automation status, and agent-spawn boundaries
+- [Auto-Invoke Policy](docs/auto-invoke-policy.md) -- Shared status engine, route intelligence lanes, visible automation status, and agent-spawn boundaries
+- [Route Graph Audit](docs/route-graph.md) -- Generated route graph, automation lanes, and priority fixtures
 - [Development](docs/development.md) -- Contributor workflow for changing commands, templates, installer logic, and docs
 - [Testing](docs/testing.md) -- What the test suite covers and which checks to run before shipping
 - [Release Notes](docs/release-notes.md) -- Public summary of what changed between package releases
@@ -213,7 +227,7 @@ Scriveno currently ships installer targets for these AI tooling environments:
 - **Perplexity Desktop** (guided local-MCP setup)
 - **Generic (SKILL.md)** fallback
 
-**Installer baseline:** `Node.js >=20.0.0` for `npx scriveno@latest`, `bin/install.js`, and `scriveno status --project .`. For new installs, use a currently supported LTS such as Node.js 24; Node.js 20 is now a compatibility floor, not the recommended fresh-install target.
+**Installer baseline:** `Node.js >=20.0.0` for `npx scriveno@latest`, `bin/install.js`, `scriveno status --project .`, and the proactive audit commands. For new installs, use a currently supported LTS such as Node.js 24; Node.js 20 is now a compatibility floor, not the recommended fresh-install target.
 
 **Support note:** Claude Code is the primary reference runtime and now installs a flat `/scr-*` command surface. The environments listed above are installer targets, not a claim that every host runtime has verified parity today. Codex currently installs a skill-native `$scr-*` surface, while Perplexity Desktop is a guided local-MCP target rather than a writable command runtime. See the [runtime compatibility matrix](docs/runtime-support.md) for install type, support level, and verification status.
 
@@ -221,11 +235,11 @@ Scriveno currently ships installer targets for these AI tooling environments:
 
 ## Status
 
-**Version:** 2.0.8
+**Version:** 2.0.10
 
- Scriveno's core command surface is stable across 112 commands, 50 work types, and 11 installer targets. The current repo baseline includes shipped planning milestones through `v2.0 Publishing Cover Packaging`, plus the creative-context, record-store, branching-next, runtime-sync, adaptive concierge, human-first writing-safeguard, authenticity-diagnostic, domain-grilling, installer-marker cleanup, cross-runtime agent metadata, visible automation status, and the shared `scriveno status --project .` auto-invoke engine through `2.0.8`. See [Shipped Assets](docs/shipped-assets.md) for the canonical asset inventory and [Runtime Support](docs/runtime-support.md) for the runtime compatibility matrix.
+ Scriveno's core command surface is stable across 112 commands, 50 work types, and 11 installer targets. The current repo baseline includes shipped planning milestones through `v2.0 Publishing Cover Packaging`, plus the creative-context, record-store, branching-next, runtime-sync, adaptive concierge, human-first writing-safeguard, authenticity-diagnostic, domain-grilling, installer-marker cleanup, cross-runtime agent metadata, visible automation status, the shared `scriveno status --project .` auto-invoke engine, route-intelligence lanes, safe apply reporting, runtime smoke checks, agent availability checks, and route graph audits through `2.0.10`. See [Shipped Assets](docs/shipped-assets.md) for the canonical asset inventory and [Runtime Support](docs/runtime-support.md) for the runtime compatibility matrix.
 
- Version `2.0.8` publishes Scriveno under the package name `scriveno`, so the current install command is `npx scriveno@latest`. The older `scriveno-cli` package name is historical and was unpublished during the rename, so npm cannot attach a deprecation notice to it while it has no active registry record. The older `scriven-cli` package remains on npm only as a deprecated legacy name that points users to `scriveno`. Do not treat either legacy package name as active unless a deliberate compatibility shim is republished. See [CHANGELOG](CHANGELOG.md) for the full list and [docs/release-notes.md](docs/release-notes.md) for the public-facing summary.
+ Version `2.0.10` publishes Scriveno under the package name `scriveno`, so the current install command is `npx scriveno@latest`. The older `scriveno-cli` package name is historical and was unpublished during the rename, so npm cannot attach a deprecation notice to it while it has no active registry record. The older `scriven-cli` package remains on npm only as a deprecated legacy name that points users to `scriveno`. Do not treat either legacy package name as active unless a deliberate compatibility shim is republished. See [CHANGELOG](CHANGELOG.md) for the full list and [docs/release-notes.md](docs/release-notes.md) for the public-facing summary.
 
 Package history is tracked in [CHANGELOG.md](CHANGELOG.md), and the public-facing summary for this release is in [docs/release-notes.md](docs/release-notes.md).
 

package/bin/install.js

@@ -823,6 +823,11 @@ function printHelp() {
   scriveno
   scriveno status --project .
   scriveno status . --json
+  scriveno status --project . --apply-safe
+  scriveno sync --check
+  scriveno smoke --json
+  scriveno agents --json
+  scriveno routes --json
   scriveno --runtimes codex,claude-code --global --writer --silent
 
 Options:
@@ -841,8 +846,15 @@ Status options:
   status              Inspect a project and recommend the next command
   --project <path>    Project root to inspect (default: current directory)
   --trigger <name>    Status trigger label (default: scriveno status)
+  --apply-safe        Run read-only checks and report write-gated helpers
   --json              Print machine-readable status JSON
 
+Audit commands:
+  sync --check        Check shared sync, runtime, and agent surfaces
+  smoke               Smoke-test installed runtime surfaces
+  agents              Inspect installed agent prompts and metadata
+  routes              Audit route graph and automation lanes
+
 Runtime keys:
   ${Object.keys(RUNTIMES).join(', ')}
 `);
@@ -861,6 +873,9 @@ function parseArgs(argv) {
     statusProjectRoot: process.cwd(),
     statusTrigger: 'scriveno status',
     statusJson: false,
+    statusApplySafe: false,
+    auditJson: false,
+    syncCheck: false,
   };
 
   if (argv[0] === 'status') {
@@ -873,6 +888,8 @@ function parseArgs(argv) {
         options.showVersion = true;
       } else if (arg === '--json') {
         options.statusJson = true;
+      } else if (arg === '--apply-safe') {
+        options.statusApplySafe = true;
       } else if (arg === '--project') {
         const value = argv[i + 1];
         if (!value) throw new Error('--project requires a value for status');
@@ -896,6 +913,36 @@ function parseArgs(argv) {
     return options;
   }
 
+  if (['sync', 'smoke', 'agents', 'routes'].includes(argv[0])) {
+    options.command = argv[0];
+    for (let i = 1; i < argv.length; i++) {
+      const arg = argv[i];
+      if (arg === '--help' || arg === '-h') {
+        options.showHelp = true;
+      } else if (arg === '--version' || arg === '-v') {
+        options.showVersion = true;
+      } else if (arg === '--json') {
+        options.auditJson = true;
+      } else if (arg === '--check' && argv[0] === 'sync') {
+        options.syncCheck = true;
+      } else if (arg === '--project') {
+        const value = argv[i + 1];
+        if (!value) throw new Error('--project requires a value');
+        options.statusProjectRoot = value;
+        i++;
+      } else if (arg.startsWith('--project=')) {
+        options.statusProjectRoot = arg.slice('--project='.length);
+      } else if (arg.startsWith('-')) {
+        throw new Error(`Unknown ${argv[0]} argument "${arg}"`);
+      } else if (argv[0] === 'sync') {
+        options.statusProjectRoot = arg;
+      } else {
+        throw new Error(`Unknown ${argv[0]} argument "${arg}"`);
+      }
+    }
+    return options;
+  }
+
   function addRuntimeList(value) {
     for (const key of String(value).split(',').map((item) => item.trim()).filter(Boolean)) {
       if (!Object.prototype.hasOwnProperty.call(RUNTIMES, key)) {
@@ -947,14 +994,73 @@ function parseArgs(argv) {
   return options;
 }
 
-function runStatus({ projectRoot, trigger, json }) {
+function runStatus({ projectRoot, trigger, json, applySafe }) {
   const analysis = autoInvokeEngine.analyzeProject(projectRoot);
+  const safeApply = applySafe
+    ? autoInvokeEngine.collectSafeApplyActions(projectRoot, { analysis, trigger })
+    : null;
   if (json) {
-    console.log(JSON.stringify(analysis, null, 2));
+    console.log(JSON.stringify(safeApply ? { analysis, safeApply } : analysis, null, 2));
   } else {
     console.log(autoInvokeEngine.formatReport(analysis, { trigger }));
+    if (safeApply) {
+      console.log('');
+      console.log(autoInvokeEngine.formatSafeApplyReport(safeApply));
+    }
+  }
+  return safeApply ? { analysis, safeApply } : analysis;
+}
+
+function runSyncCheck({ projectRoot, json }) {
+  const analysis = autoInvokeEngine.analyzeProject(projectRoot);
+  const safeApply = autoInvokeEngine.collectSafeApplyActions(projectRoot, { analysis, trigger: 'scriveno sync --check' });
+  const agents = autoInvokeEngine.inspectAgentAvailability();
+  const smoke = autoInvokeEngine.inspectRuntimeSmoke();
+  const result = { analysis, safeApply, agents, smoke };
+  if (json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log('Sync status:');
+    console.log(`Project: ${analysis.projectRoot}`);
+    console.log(`Recommendation: ${analysis.recommendation.command}`);
+    console.log('');
+    console.log(autoInvokeEngine.formatSafeApplyReport(safeApply));
+    console.log('');
+    console.log(autoInvokeEngine.formatAgentAvailabilityReport(agents));
+    console.log('');
+    console.log(autoInvokeEngine.formatRuntimeSmokeReport(smoke));
+  }
+  return result;
+}
+
+function runRuntimeSmoke({ json }) {
+  const result = autoInvokeEngine.inspectRuntimeSmoke();
+  if (json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(autoInvokeEngine.formatRuntimeSmokeReport(result));
+  }
+  return result;
+}
+
+function runAgentAvailability({ json }) {
+  const result = autoInvokeEngine.inspectAgentAvailability();
+  if (json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(autoInvokeEngine.formatAgentAvailabilityReport(result));
   }
-  return analysis;
+  return result;
+}
+
+function runRouteAudit({ json }) {
+  const result = autoInvokeEngine.buildRouteGraph();
+  if (json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(autoInvokeEngine.formatRouteGraphReport(result));
+  }
+  return result;
 }
 
 function resolveInstallRequest(parsed, detectedRuntimeKeys, { isTTY }) {
@@ -1385,10 +1491,34 @@ async function main() {
       projectRoot: parsed.statusProjectRoot,
       trigger: parsed.statusTrigger,
       json: parsed.statusJson,
+      applySafe: parsed.statusApplySafe,
+    });
+    return;
+  }
+
+  if (parsed.command === 'sync') {
+    runSyncCheck({
+      projectRoot: parsed.statusProjectRoot,
+      json: parsed.auditJson,
     });
     return;
   }
 
+  if (parsed.command === 'smoke') {
+    runRuntimeSmoke({ json: parsed.auditJson });
+    return;
+  }
+
+  if (parsed.command === 'agents') {
+    runAgentAvailability({ json: parsed.auditJson });
+    return;
+  }
+
+  if (parsed.command === 'routes') {
+    runRouteAudit({ json: parsed.auditJson });
+    return;
+  }
+
   const detectedRuntimeKeys = Object.entries(RUNTIMES).filter(([, runtime]) => runtime.detect()).map(([key]) => key);
   const installRequest = resolveInstallRequest(parsed, detectedRuntimeKeys, { isTTY: Boolean(process.stdin.isTTY) });
 
@@ -1774,6 +1904,10 @@ module.exports = {
   parseArgs,
   resolveInstallRequest,
   runStatus,
+  runSyncCheck,
+  runRuntimeSmoke,
+  runAgentAvailability,
+  runRouteAudit,
   collectCommandEntries,
   collectAgentEntries,
   assertNoSkillNameCollisions,

package/commands/scr/health.md

@@ -96,9 +96,15 @@ Automation status:
 Trigger: /scr:health {flags}
 Spawned agents:
 - none
+Candidate agents:
+- none
 Local operations:
 - health checks run: {count}
 - repairs applied: {count}
+Candidate local helpers:
+- /scr:scan or /scr:save when health detects repairable drift
+Manual gates:
+- repairs that require writer confirmation
 Auto-invoked:
 - none
 Why: health uses deterministic local checks; non-deterministic repairs stay manual

package/commands/scr/new-work.md

@@ -69,7 +69,7 @@ Always create `RECORD.md` from `templates/RECORD.md` without renaming it. It is
 Write `.manuscript/config.json` by starting from `templates/config.json` and filling the project-specific values. The generated config must include the shared settings blocks that later commands read:
 ```json
 {
-  "scriveno_version": "2.0.8",
+  "scriveno_version": "2.0.10",
   "work_type": "<chosen>",
   "group": "<group>",
   "command_unit": "<unit>",

package/commands/scr/next.md

@@ -134,9 +134,15 @@ Automation status:
 Trigger: /scr:next
 Spawned agents:
 - none
+Candidate agents:
+- <recommended agent route or none>
 Local operations:
 - proactive sweep: read-only
 - state route computed: yes/no
+Candidate local helpers:
+- <recommended helper or none>
+Manual gates:
+- <writer-owned route or none>
 Auto-invoked:
 - <recommended command>: yes/no
 Why: /scr:next routes from disk state; it only runs follow-up commands under autopilot or explicit writer intent

package/commands/scr/progress.md

@@ -51,9 +51,15 @@ Automation status:
 Trigger: /scr:progress
 Spawned agents:
 - none
+Candidate agents:
+- <recommended agent route or none>
 Local operations:
 - progress counts computed: yes/no
 - proactive sweep: read-only
+Candidate local helpers:
+- <recommended helper or none>
+Manual gates:
+- <writer-owned route or none>
 Auto-invoked:
 - none
 Why: progress is read-only; it recommends next commands without mutating files

package/commands/scr/save.md

@@ -80,11 +80,17 @@ Automation status:
 Trigger: /scr:save
 Spawned agents:
 - none
+Candidate agents:
+- none
 Local operations:
 - STATE.md updated: yes/no
 - CONTEXT.md regenerated: yes/no
 - HISTORY.log appended: yes/no
 - manuscript files saved: yes/no
+Candidate local helpers:
+- /scr:scan if saved state and disk still disagree
+Manual gates:
+- none
 Auto-invoked:
 - /scr:next route computed for CONTEXT.md: yes/no
 Why: save uses deterministic local bookkeeping, not a spawned agent

package/commands/scr/scan.md

@@ -272,10 +272,16 @@ Automation status:
 Trigger: /scr:scan {flags}
 Spawned agents:
 - none
+Candidate agents:
+- none
 Local operations:
 - drift checks run: {count}
 - auto-fixes applied: {count}
 - HISTORY.log appended: yes/no
+Candidate local helpers:
+- /scr:save if scan repairs changed state
+Manual gates:
+- fixes that require writer confirmation
 Auto-invoked:
 - none
 Why: scan compares disk state locally; fixes require writer confirmation

package/commands/scr/session-report.md

@@ -66,9 +66,15 @@ Automation status:
 Trigger: /scr:session-report
 Spawned agents:
 - none
+Candidate agents:
+- <recommended agent route or none>
 Local operations:
 - session metrics computed: yes/no
 - quality pass summary computed: yes/no
+Candidate local helpers:
+- <recommended helper or none>
+Manual gates:
+- <writer-owned route or none>
 Auto-invoked:
 - none
 Why: session-report summarizes disk state without mutating files

package/commands/scr/sync.md

@@ -14,13 +14,15 @@ This is not a package upgrade command. Do not fetch a newer Scriveno release, do
 The auto-invoke status engine is a shared runtime asset. It is copied for every install target and can be checked with one of these paths:
 
 ```bash
+scriveno sync --check
 scriveno status --project "$PWD" --trigger /scr:sync
+scriveno status --project "$PWD" --apply-safe --trigger /scr:sync
 node lib/auto-invoke-engine.js --project "$PWD" --trigger /scr:sync
 node "$HOME/.scriveno/lib/auto-invoke-engine.js" --project "$PWD" --trigger /scr:sync
 node .scriveno/lib/auto-invoke-engine.js --project "$PWD" --trigger /scr:sync
 ```
 
-Use it for read-only project status and next-command reasoning. Use `bin/install.js` for runtime file synchronization.
+Use `scriveno sync --check` for the full read-only sync audit: project status, safe apply, agent availability, and runtime smoke. Use `scriveno status --project "$PWD" --apply-safe` when you only need project routing and safe-helper reporting. Use `bin/install.js` for runtime file synchronization.
 
 ## Prerequisites
 
@@ -70,7 +72,7 @@ If you cannot find a Scriveno source root, stop and explain that `/scr:sync` nee
    - Check that installed Codex commands include current response-contract and source-marker behavior after reinstall.
    - Report each runtime as `current`, `stale`, `missing`, or `unknown`.
 5. Decide mode:
-   - `--check`: report only. Do not write files.
+   - `--check`: report only. Run `scriveno sync --check` when available. Do not write files.
    - `--apply`: run the installer.
    - No flag: if stale installed Scriveno-owned files are detected, ask the writer before applying. If everything is current, report that no sync is needed.
 6. When applying, run from the source root: