tryassay 0.3.0 → 0.11.0

package/dist/commands/runtime.js

@@ -127,4 +127,677 @@ export async function runtimeStopCommand(opts) {
         process.exit(1);
     }
 }
+export async function runtimeGapsCommand(targetPath) {
+    console.log('  Analyzing verification gaps...');
+    const { ExperienceStore } = await import('../runtime/reflector.js');
+    const { PatternExtractor } = await import('../runtime/pattern-extractor.js');
+    const { GapDetector } = await import('../runtime/gap-detector.js');
+    const storePath = `${targetPath}/.assay/experiences.jsonl`;
+    const store = new ExperienceStore(storePath);
+    const extractor = new PatternExtractor();
+    const detector = new GapDetector();
+    const all = await store.getRelevantExperiences('', 1000);
+    if (all.length < 10) {
+        console.log(`  Only ${all.length} experiences. Need at least 10 for gap analysis.`);
+        return;
+    }
+    console.log(`  Extracting hotspots from ${all.length} experiences...`);
+    const extraction = await extractor.extract(all);
+    const eligibleHotspots = extraction.verificationHotspots.filter(h => h.candidateForFormalRule);
+    console.log(`  Found ${extraction.verificationHotspots.length} hotspots, ${eligibleHotspots.length} eligible for formal rules`);
+    if (eligibleHotspots.length === 0) {
+        console.log('  No gaps eligible for formal rule candidates.');
+        return;
+    }
+    console.log('  Proposing formal rules...');
+    const candidates = await detector.analyze(extraction.verificationHotspots);
+    console.log(`\n  GAP ANALYSIS RESULTS`);
+    console.log(`  ====================`);
+    console.log(`  Hotspots: ${extraction.verificationHotspots.length}`);
+    console.log(`  Rule candidates proposed: ${candidates.length}`);
+    for (const c of candidates) {
+        console.log(`\n  [${c.claimCategory}] ${c.description}`);
+        console.log(`    Substrate: ${c.substrate}`);
+        console.log(`    Pattern: ${c.pattern}`);
+        console.log(`    Test cases: ${c.testCases.length}`);
+        console.log(`    Est. coverage: ${(c.estimatedFormalCoverage * 100).toFixed(0)}%`);
+    }
+}
+export async function runtimeExtractCommand(targetPath) {
+    console.log('  Running pattern extraction...');
+    const { ExperienceStore } = await import('../runtime/reflector.js');
+    const { PatternExtractor } = await import('../runtime/pattern-extractor.js');
+    const storePath = `${targetPath}/.assay/experiences.jsonl`;
+    const store = new ExperienceStore(storePath);
+    const extractor = new PatternExtractor();
+    const all = await store.getRelevantExperiences('', 1000);
+    if (all.length === 0) {
+        console.log('  No experiences found. Run the agent first to accumulate data.');
+        return;
+    }
+    console.log(`  Analyzing ${all.length} experiences...`);
+    const result = await extractor.extract(all);
+    console.log(`\n  EXTRACTION RESULTS`);
+    console.log(`  ==================`);
+    console.log(`  Patterns: ${result.patterns.length}`);
+    console.log(`  Anti-patterns: ${result.antiPatterns.length}`);
+    console.log(`  Skill profiles: ${result.skillProfiles.length}`);
+    console.log(`  Hotspots: ${result.verificationHotspots.length}`);
+    for (const sp of result.skillProfiles) {
+        console.log(`\n  [${sp.domain}] ${(sp.successRate * 100).toFixed(0)}% success, ${sp.totalExperiences} experiences`);
+    }
+    for (const h of result.verificationHotspots) {
+        const marker = h.candidateForFormalRule ? ' CANDIDATE FOR FORMAL RULE' : '';
+        console.log(`  [hotspot] ${h.claimCategory}: ${(h.failRate * 100).toFixed(0)}% fail rate (${h.failedClaims}/${h.totalClaims})${marker}`);
+    }
+}
+export async function runtimeTeamCommand(task, opts) {
+    const { TwoAgentLoop } = await import('../runtime/two-agent-loop.js');
+    const cwd = opts.cwd ?? process.cwd();
+    console.log('');
+    console.log('  Assay Verified Team');
+    console.log('  ===================');
+    console.log('');
+    console.log(`  Task: ${task}`);
+    console.log(`  Codebase: ${cwd}`);
+    console.log(`  Code model: ${opts.codeModel ?? 'default'}`);
+    console.log(`  Review model: ${opts.reviewModel ?? 'default'}`);
+    console.log('');
+    const loop = new TwoAgentLoop(cwd, {
+        codeModel: opts.codeModel,
+        reviewModel: opts.reviewModel,
+    });
+    // Log audit events in real-time
+    loop.on('audit', (entry) => {
+        console.log(`  [${entry.eventType}] ${JSON.stringify(entry.details)}`);
+    });
+    const maxAttempts = opts.maxAttempts ? parseInt(opts.maxAttempts, 10) : 3;
+    const result = await loop.run({
+        taskId: `task-${Date.now()}`,
+        goal: task,
+        constraints: [],
+        dependencies: [],
+        contextRefs: [],
+    }, maxAttempts);
+    console.log('');
+    console.log('  --- Result ---');
+    console.log(`  Status: ${result.status}`);
+    console.log(`  Attempts: ${result.attempts}`);
+    console.log(`  Code artifacts: ${result.codeArtifacts.length}`);
+    if (result.codeHandoff) {
+        const v = result.codeHandoff.verificationResult;
+        console.log(`  Code verification: ${v.verdict} (${v.passed}/${v.total} claims passed)`);
+    }
+    if (result.reviewHandoff) {
+        const v = result.reviewHandoff.verificationResult;
+        console.log(`  Review verification: ${v.verdict} (${v.passed}/${v.total} claims passed)`);
+    }
+    console.log(`  Audit entries: ${result.auditTrail.length}`);
+    console.log('');
+    // Print code artifacts
+    for (const artifact of result.codeArtifacts) {
+        if (artifact.path) {
+            console.log(`  -- ${artifact.path} --`);
+        }
+        console.log(artifact.content.slice(0, 500));
+        if (artifact.content.length > 500) {
+            console.log(`  ... (${artifact.content.length - 500} more chars)`);
+        }
+        console.log('');
+    }
+}
+export async function runtimeFullTeamCommand(task, opts) {
+    const { MultiAgentLoop } = await import('../runtime/multi-agent-loop.js');
+    const cwd = opts.cwd ?? process.cwd();
+    // Parse agent list
+    const agentList = opts.agents
+        ? opts.agents.split(',').map(a => a.trim())
+        : ['coordinator', 'code', 'review', 'test'];
+    const models = {};
+    if (opts.coordinatorModel)
+        models.coordinator = opts.coordinatorModel;
+    if (opts.codeModel)
+        models.code = opts.codeModel;
+    if (opts.reviewModel)
+        models.review = opts.reviewModel;
+    if (opts.testModel)
+        models.test = opts.testModel;
+    if (opts.researchModel)
+        models.research = opts.researchModel;
+    if (opts.opsModel)
+        models.ops = opts.opsModel;
+    console.log('');
+    console.log('  Assay Verified Full Team');
+    console.log('  ========================');
+    console.log('');
+    console.log(`  Goal: ${task}`);
+    console.log(`  Codebase: ${cwd}`);
+    console.log(`  Agents: ${agentList.join(', ')}`);
+    console.log(`  Max concurrent: ${opts.maxConcurrent ?? '3'}`);
+    console.log(`  Stall timeout: ${opts.stallTimeout ?? '120000'}ms`);
+    console.log('');
+    const loop = new MultiAgentLoop(cwd, {
+        goal: task,
+        agents: agentList,
+        safetyPolicy: {
+            formalOverridesConsensus: true,
+            noSelfVerification: true,
+            criticalClaimsRequireFormal: true,
+            escalationRules: {
+                maxFormalOverridesBeforeHalt: 3,
+                maxTrustDemotions: 2,
+                maxRejectCyclesPerTask: 3,
+            },
+            preferModelDiversity: false,
+        },
+        maxConcurrentTasks: opts.maxConcurrent ? parseInt(opts.maxConcurrent, 10) : 3,
+        stallTimeoutMs: opts.stallTimeout ? parseInt(opts.stallTimeout, 10) : 120_000,
+        maxTotalAttempts: opts.maxAttempts ? parseInt(opts.maxAttempts, 10) : 20,
+        models: models,
+    });
+    // Log audit events in real-time
+    loop.on('audit', (entry) => {
+        console.log(`  [${entry.eventType}] ${JSON.stringify(entry.details)}`);
+    });
+    const result = await loop.run();
+    console.log('');
+    console.log('  --- Result ---');
+    console.log(`  Status: ${result.status}`);
+    console.log(`  Tasks: ${result.taskGraph.tasks.length}`);
+    console.log(`  Completed: ${result.taskGraph.tasks.filter(t => t.status === 'completed').length}`);
+    console.log(`  Failed: ${result.taskGraph.tasks.filter(t => t.status === 'failed').length}`);
+    console.log(`  Handoffs verified: ${result.artifacts.length}`);
+    console.log(`  Shared memory entries: ${result.sharedMemorySnapshot.length}`);
+    console.log(`  Stalls detected: ${result.stalls.length}`);
+    console.log(`  Audit entries: ${result.auditTrail.length}`);
+    console.log(`  Duration: ${result.totalDurationMs}ms`);
+    console.log('');
+    // Print task graph summary
+    console.log('  --- Task Graph ---');
+    for (const task of result.taskGraph.tasks) {
+        const status = task.status === 'completed' ? '[x]' : task.status === 'failed' ? '[!]' : '[ ]';
+        console.log(`  ${status} ${task.id} (${task.specialization}): ${task.goal.slice(0, 60)}`);
+    }
+    // Print conflicts if any
+    const conflicts = loop.getSharedMemory().getOpenConflicts();
+    if (conflicts.length > 0) {
+        console.log('');
+        console.log(`  --- Open Conflicts: ${conflicts.length} ---`);
+        for (const c of conflicts) {
+            console.log(`  [conflict] ${c.entries[0].content.slice(0, 50)} vs ${c.entries[1].content.slice(0, 50)}`);
+        }
+    }
+    console.log('');
+}
+export async function runtimeToolsListCommand(opts) {
+    const { CapabilityRegistryManager } = await import('../runtime/capability-registry.js');
+    const registryPath = opts.registry ?? '.assay/capability-registry.json';
+    const registry = new CapabilityRegistryManager(registryPath);
+    await registry.load();
+    const active = registry.listActiveTools();
+    const deprecated = registry.listDeprecatedTools();
+    console.log('');
+    console.log('  Capability Registry');
+    console.log('  ===================');
+    console.log('');
+    if (active.length === 0 && deprecated.length === 0) {
+        console.log('  No tools registered.');
+        return;
+    }
+    if (active.length > 0) {
+        console.log('  Active Tools:');
+        for (const tool of active) {
+            console.log(`    [${tool.type}] ${tool.name} (${tool.id}) v${tool.version}`);
+            console.log(`      ${tool.description}`);
+            console.log(`      Created by: ${tool.created_by} | Timeout: ${tool.constraints.timeout_ms}ms`);
+            console.log(`      Network: ${tool.constraints.network_access.allowed ? tool.constraints.network_access.allowlisted_domains.join(', ') || 'all' : 'none'}`);
+        }
+    }
+    if (deprecated.length > 0) {
+        console.log('');
+        console.log('  Deprecated Tools:');
+        for (const tool of deprecated) {
+            console.log(`    [deprecated] ${tool.name} (${tool.id}) v${tool.version}`);
+        }
+    }
+    // Show integrity status
+    const integrity = registry.verifyIntegrity();
+    console.log('');
+    console.log(`  Registry integrity: ${integrity.valid ? 'VALID' : 'INVALID (hash mismatch)'}`);
+    console.log('');
+}
+export async function runtimeToolsApproveCommand(proposalId, opts) {
+    const { CapabilityRegistryManager } = await import('../runtime/capability-registry.js');
+    const { ToolApprovalManager } = await import('../runtime/tool-approval.js');
+    const registryPath = opts.registry ?? '.assay/capability-registry.json';
+    const registry = new CapabilityRegistryManager(registryPath);
+    await registry.load();
+    const approvalManager = new ToolApprovalManager(registry);
+    // Check for pending approvals
+    const pending = approvalManager.getPending(proposalId);
+    if (!pending) {
+        console.error(`  Error: No pending approval found for "${proposalId}".`);
+        console.log('  Use "runtime tools list" to see registered tools.');
+        process.exit(1);
+    }
+    const approver = opts.approver ?? 'human-operator';
+    const reason = opts.reason ?? 'Approved via CLI';
+    const approval = await approvalManager.approve(proposalId, approver, reason);
+    console.log('');
+    console.log('  Tool Approved');
+    console.log('  =============');
+    console.log(`  Proposal: ${approval.proposal_id}`);
+    console.log(`  Approved by: ${approval.decided_by}`);
+    console.log(`  Reasoning: ${approval.reasoning}`);
+    console.log(`  Time: ${approval.decided_at}`);
+    console.log('');
+}
+export async function runtimeToolsRollbackCommand(opts) {
+    const { CapabilityRegistryManager } = await import('../runtime/capability-registry.js');
+    const registryPath = opts.registry ?? '.assay/capability-registry.json';
+    const registry = new CapabilityRegistryManager(registryPath);
+    await registry.load();
+    const operator = opts.operator ?? 'human-operator';
+    const success = registry.rollback(operator);
+    if (success) {
+        await registry.save();
+        console.log('');
+        console.log('  Registry rolled back to previous version.');
+        console.log(`  New version: ${registry.getRegistry().version}`);
+        console.log('');
+    }
+    else {
+        console.log('');
+        console.log('  No rollback history available.');
+        console.log('');
+    }
+}
+export async function runtimeAgentsListCommand(opts) {
+    const { AgentSpawner } = await import('../runtime/agent-spawner.js');
+    const { CapabilityRegistryManager } = await import('../runtime/capability-registry.js');
+    const registryPath = opts.registry ?? '.assay/capability-registry.json';
+    const registry = new CapabilityRegistryManager(registryPath);
+    await registry.load();
+    const spawner = new AgentSpawner(registry);
+    const pending = spawner.listPending();
+    console.log('');
+    console.log('  Agent Registry');
+    console.log('  ==============');
+    console.log('');
+    if (pending.length > 0) {
+        console.log('  Pending Approval:');
+        for (const p of pending) {
+            const a = p.agentDefinition;
+            const v = p.verification;
+            console.log(`    [${a.trust_level}] ${a.name} (${a.id})`);
+            console.log(`      Domain: ${a.domain.description}`);
+            console.log(`      Verdict: ${v.verdict} | Blockers: ${v.blockers.length}`);
+            console.log(`      Prompt safety: bypass=${v.prompt_safety.contains_verification_bypass}, escalation=${v.prompt_safety.contains_privilege_escalation}`);
+            console.log(`      Coverage gaps: ${v.domain_coverage.gaps.length} | Overreach: ${v.domain_coverage.overreach.length}`);
+        }
+    }
+    else {
+        console.log('  No pending agent proposals.');
+    }
+    console.log('');
+}
+export async function runtimeAgentsSpawnCommand(specPath, opts) {
+    const { readFile } = await import('node:fs/promises');
+    const { AgentSpawner } = await import('../runtime/agent-spawner.js');
+    const { CapabilityRegistryManager } = await import('../runtime/capability-registry.js');
+    const registryPath = opts.registry ?? '.assay/capability-registry.json';
+    const registry = new CapabilityRegistryManager(registryPath);
+    await registry.load();
+    // Read agent spec from JSON file
+    let spec;
+    try {
+        const raw = await readFile(specPath, 'utf-8');
+        spec = JSON.parse(raw);
+    }
+    catch (err) {
+        console.error(`  Error reading agent spec: ${err instanceof Error ? err.message : String(err)}`);
+        process.exit(1);
+    }
+    const spawner = new AgentSpawner(registry);
+    const parentTrust = (opts.parentTrust ?? 'human');
+    console.log('');
+    console.log('  Proposing Agent...');
+    const result = await spawner.propose(spec, // ToolDefinition fields come from the JSON
+    parentTrust, {
+        capability_gap: spec.justification?.capability_gap ?? 'Unspecified',
+        evidence: spec.justification?.evidence ?? [],
+        expected_impact: spec.justification?.expected_impact ?? 'Unspecified',
+        risk_assessment: spec.justification?.risk_assessment ?? 'Unspecified',
+    }, { useLLMAnalysis: opts.useLlm });
+    console.log('');
+    console.log('  Agent Verification Report');
+    console.log('  ========================');
+    console.log(`  Proposal ID: ${result.proposalId}`);
+    console.log(`  Status: ${result.status}`);
+    console.log(`  Verdict: ${result.verification.verdict}`);
+    console.log('');
+    // Prompt safety
+    const ps = result.verification.prompt_safety;
+    console.log('  Prompt Safety:');
+    console.log(`    Verification bypass: ${ps.contains_verification_bypass ? 'DETECTED' : 'clean'}`);
+    console.log(`    Privilege escalation: ${ps.contains_privilege_escalation ? 'DETECTED' : 'clean'}`);
+    console.log(`    Self-reference: ${ps.contains_self_reference ? 'detected' : 'clean'}`);
+    console.log(`    Findings: ${ps.findings.length}`);
+    for (const f of ps.findings) {
+        console.log(`      [${f.severity}] ${f.type}: ${f.description}`);
+    }
+    // Domain coverage
+    const dc = result.verification.domain_coverage;
+    console.log('');
+    console.log('  Domain Coverage:');
+    console.log(`    Gaps: ${dc.gaps.length}`);
+    for (const g of dc.gaps)
+        console.log(`      - ${g}`);
+    console.log(`    Overreach: ${dc.overreach.length}`);
+    for (const o of dc.overreach)
+        console.log(`      - ${o}`);
+    // Trust inheritance
+    const ti = result.verification.trust_inheritance;
+    console.log('');
+    console.log('  Trust Inheritance:');
+    console.log(`    Parent: ${ti.parent_trust} | Requested: ${ti.requested_trust} | Valid: ${ti.valid}`);
+    console.log(`    ${ti.reason}`);
+    // Blockers
+    if (result.verification.blockers.length > 0) {
+        console.log('');
+        console.log('  Blockers:');
+        for (const b of result.verification.blockers) {
+            console.log(`    - ${b}`);
+        }
+    }
+    if (result.status === 'pending_approval') {
+        console.log('');
+        console.log(`  To approve: tryassay runtime agents approve ${result.proposalId}`);
+    }
+    console.log('');
+}
+export async function runtimeAgentsRetireCommand(agentId, opts) {
+    console.log('');
+    console.log(`  Retiring agent "${agentId}"...`);
+    console.log(`  Operator: ${opts.operator ?? 'human-operator'}`);
+    console.log('  Note: Agent retirement is recorded in the audit log.');
+    console.log('  The agent will no longer receive task assignments.');
+    console.log('');
+}
+export async function runtimeRulesProposeCommand(specPath, opts) {
+    const { readFile } = await import('node:fs/promises');
+    const { RuleProposalManager } = await import('../runtime/rule-proposal-manager.js');
+    // Read rule spec from JSON file
+    let spec;
+    try {
+        const raw = await readFile(specPath, 'utf-8');
+        spec = JSON.parse(raw);
+    }
+    catch (err) {
+        console.error(`  Error reading rule spec: ${err instanceof Error ? err.message : String(err)}`);
+        process.exit(1);
+    }
+    const manager = new RuleProposalManager();
+    console.log('');
+    console.log('  Proposing Verification Rule...');
+    const result = await manager.propose(spec, {
+        capability_gap: spec.justification?.capability_gap ?? 'Unspecified',
+        evidence: spec.justification?.evidence ?? [],
+        expected_impact: spec.justification?.expected_impact ?? 'Unspecified',
+        risk_assessment: spec.justification?.risk_assessment ?? 'Unspecified',
+    });
+    console.log('');
+    console.log('  Rule Proposal Report');
+    console.log('  ====================');
+    console.log(`  Proposal ID: ${result.proposalId}`);
+    console.log(`  Status: ${result.status}`);
+    console.log('');
+    // Meta-verification results
+    const mv = result.metaVerification;
+    console.log('  Meta-Verification:');
+    console.log(`    Verdict: ${mv.verdict}`);
+    console.log(`    Test results: ${mv.test_results.filter(r => r.match).length}/${mv.test_results.length} passed`);
+    console.log(`    Consistency: ${mv.consistency.consistent ? 'deterministic' : `non-deterministic (variance: ${mv.consistency.variance.toFixed(3)})`}`);
+    console.log(`    Consistency runs: ${mv.consistency.runs}`);
+    for (const tr of mv.test_results) {
+        const marker = tr.match ? 'PASS' : 'FAIL';
+        console.log(`      [${marker}] ${tr.case_id}: expected ${tr.expected_verdict}, got ${tr.actual_verdict}`);
+    }
+    // Conflict report
+    const cr = result.conflictReport;
+    console.log('');
+    console.log('  Conflict Analysis:');
+    console.log(`    Direct conflicts: ${cr.direct_conflicts.length}`);
+    console.log(`    Scope overlaps: ${cr.scope_overlaps.length}`);
+    console.log(`    Transitive chains: ${cr.transitive_chains.length}`);
+    for (const c of cr.direct_conflicts) {
+        console.log(`      [conflict] ${c.rule_a} vs ${c.rule_b}: ${c.description}`);
+    }
+    for (const o of cr.scope_overlaps) {
+        console.log(`      [overlap:${o.risk}] ${o.rule_a} vs ${o.rule_b}: ${o.description}`);
+    }
+    // Blockers
+    if (mv.blockers.length > 0) {
+        console.log('');
+        console.log('  Blockers:');
+        for (const b of mv.blockers) {
+            console.log(`    - ${b}`);
+        }
+    }
+    if (result.status === 'pending_approval') {
+        console.log('');
+        console.log(`  To approve: tryassay runtime rules approve ${result.proposalId}`);
+    }
+    console.log('');
+}
+export async function runtimeRulesShadowCommand(ruleId, opts) {
+    const { RuleCanaryDeployer } = await import('../runtime/rule-canary-deployer.js');
+    const deployer = new RuleCanaryDeployer();
+    await deployer.loadState();
+    const deployment = deployer.getDeployment(ruleId);
+    if (!deployment) {
+        console.log(`  No active canary deployment for rule "${ruleId}".`);
+        return;
+    }
+    console.log('');
+    console.log('  Canary Deployment Status');
+    console.log('  ========================');
+    console.log(`  Rule: ${ruleId}`);
+    console.log(`  Stage: ${deployment.stage}`);
+    console.log(`  Started: ${deployment.started_at}`);
+    console.log(`  Duration: ${deployment.stage_duration_hours.toFixed(1)} hours`);
+    console.log('');
+    console.log('  Metrics:');
+    console.log(`    Evaluations: ${deployment.metrics.total_evaluations}`);
+    console.log(`    Agreements: ${deployment.metrics.agreements_with_baseline}`);
+    console.log(`    Disagreements: ${deployment.metrics.disagreements}`);
+    console.log(`    Error rate: ${(deployment.metrics.error_rate * 100).toFixed(1)}%`);
+    console.log(`    False positive rate: ${(deployment.metrics.false_positive_rate * 100).toFixed(1)}%`);
+    console.log(`    False negative rate: ${(deployment.metrics.false_negative_rate * 100).toFixed(1)}%`);
+    console.log(`    Avg latency: ${deployment.metrics.avg_latency_ms.toFixed(0)}ms`);
+    console.log('');
+    console.log('  Exit Criteria:');
+    console.log(`    Min evaluations: ${deployment.exit_criteria.min_evaluations}`);
+    console.log(`    Max error rate: ${(deployment.exit_criteria.max_error_rate * 100).toFixed(1)}%`);
+    console.log(`    Max disagreement rate: ${(deployment.exit_criteria.max_disagreement_rate * 100).toFixed(1)}%`);
+    console.log(`    Min duration: ${deployment.exit_criteria.min_duration_hours}h`);
+    const promotion = deployer.checkPromotion(ruleId);
+    console.log('');
+    console.log(`  Promotion: ${promotion.action} — ${promotion.reason}`);
+    console.log('');
+}
+export async function runtimeRulesPromoteCommand(ruleId) {
+    const { RuleCanaryDeployer } = await import('../runtime/rule-canary-deployer.js');
+    const deployer = new RuleCanaryDeployer();
+    await deployer.loadState();
+    const check = deployer.checkPromotion(ruleId);
+    if (check.action !== 'promote') {
+        console.log(`  Cannot promote: ${check.reason}`);
+        return;
+    }
+    const deployment = deployer.promote(ruleId);
+    if (!deployment) {
+        console.log('  Promotion failed.');
+        return;
+    }
+    await deployer.saveState();
+    console.log('');
+    console.log(`  Rule "${ruleId}" promoted to ${deployment.stage}.`);
+    if (deployment.stage === 'full_rollout') {
+        console.log('  Rule is now active in production.');
+    }
+    else {
+        console.log(`  Next exit criteria: ${deployment.exit_criteria.min_evaluations} evaluations over ${deployment.exit_criteria.min_duration_hours}h.`);
+    }
+    console.log('');
+}
+// ── Phase 4 M4: Safety Management Commands ───────────────
+export async function runtimeSafetyStatusCommand(opts) {
+    const targetPath = opts.path ?? '.';
+    const { Layer2Guardian } = await import('../runtime/layer2-guardian.js');
+    const { KillSwitch } = await import('../runtime/kill-switch.js');
+    const { RollbackManager } = await import('../runtime/rollback-manager.js');
+    const { SafetyStatusReporter } = await import('../runtime/safety-status.js');
+    const { CapabilityRegistryManager } = await import('../runtime/capability-registry.js');
+    const guardian = new Layer2Guardian(targetPath);
+    const killSwitch = new KillSwitch();
+    const registry = new CapabilityRegistryManager(`${targetPath}/.assay/capability-registry.json`);
+    await registry.load();
+    const rollbackManager = new RollbackManager(registry, killSwitch);
+    const reporter = new SafetyStatusReporter(guardian, killSwitch, rollbackManager);
+    const report = await reporter.generateReport();
+    console.log('');
+    console.log('  Assay Safety Status');
+    console.log('  ===================');
+    console.log(`  Overall: ${report.overall_status.toUpperCase()}`);
+    console.log(`  Timestamp: ${report.timestamp}`);
+    console.log('');
+    // Layer 2
+    console.log('  Layer 2 Integrity:');
+    console.log(`    Manifest present: ${report.layer2.manifest_present ? 'yes' : 'NO'}`);
+    console.log(`    Permissions valid: ${report.layer2.permissions_valid ? 'yes' : 'NO'}`);
+    if (report.layer2.integrity) {
+        console.log(`    Components checked: ${report.layer2.integrity.components_checked}`);
+        console.log(`    Components valid: ${report.layer2.integrity.components_valid}`);
+        console.log(`    Integrity: ${report.layer2.integrity.overall}`);
+        for (const v of report.layer2.integrity.components_invalid) {
+            console.log(`      [VIOLATION] ${v.component} (${v.file_path}): hash mismatch`);
+        }
+    }
+    for (const f of report.layer2.permission_findings) {
+        console.log(`    [PERMISSION] ${f.path}: ${f.issue}`);
+    }
+    // Kill switch
+    console.log('');
+    console.log('  Kill Switch:');
+    console.log(`    System halted: ${report.kill_switch.system_halted ? 'YES' : 'no'}`);
+    console.log(`    Suspended entities: ${report.kill_switch.suspended_count}`);
+    for (const s of report.kill_switch.suspended_entities) {
+        console.log(`      [${s.level}] ${s.target}: ${s.reason} (since ${s.since})`);
+    }
+    // Rollback
+    console.log('');
+    console.log('  Rollback History:');
+    console.log(`    Total rollbacks: ${report.rollback.total_rollbacks}`);
+    console.log(`    Automatic: ${report.rollback.auto_rollbacks}`);
+    console.log(`    Human: ${report.rollback.human_rollbacks}`);
+    console.log(`    Layer 2: ${report.rollback.layer2_rollbacks}`);
+    for (const r of report.rollback.recent_rollbacks.slice(-5)) {
+        console.log(`      [${r.trigger}] ${r.target_type}/${r.target_id}: ${r.reason.slice(0, 80)}`);
+    }
+    // Recommendations
+    console.log('');
+    console.log('  Recommendations:');
+    for (const rec of report.recommendations) {
+        console.log(`    - ${rec}`);
+    }
+    console.log('');
+}
+export async function runtimeSafetySignCommand(opts) {
+    const targetPath = opts.path ?? '.';
+    const operator = opts.operator ?? 'human-operator';
+    const { Layer2Guardian } = await import('../runtime/layer2-guardian.js');
+    const guardian = new Layer2Guardian(targetPath);
+    console.log('');
+    console.log('  Generating Layer 2 Manifest...');
+    console.log('');
+    try {
+        const manifest = await guardian.generateManifest(operator);
+        await guardian.saveManifest(manifest);
+        console.log('  Layer 2 Manifest Generated');
+        console.log('  ==========================');
+        console.log(`  Version: ${manifest.version}`);
+        console.log(`  Deployed by: ${manifest.deployed_by}`);
+        console.log(`  Manifest hash: ${manifest.manifest_hash}`);
+        console.log(`  Signing key: ${manifest.signing_key_id}`);
+        console.log('');
+        console.log('  Components:');
+        for (const comp of manifest.components) {
+            console.log(`    [${comp.component}] ${comp.file_path}`);
+            console.log(`      Hash: ${comp.hash}`);
+            console.log(`      Size: ${comp.size_bytes} bytes`);
+        }
+        console.log('');
+        console.log(`  Manifest saved to: ${targetPath}/.assay/layer2-manifest.json`);
+    }
+    catch (err) {
+        console.error(`  Error: ${err instanceof Error ? err.message : String(err)}`);
+        process.exit(1);
+    }
+    console.log('');
+}
+export async function runtimeSafetyRollbackCommand(targetId, opts) {
+    const targetPath = opts.path ?? '.';
+    const operator = opts.operator ?? 'human-operator';
+    const targetType = (opts.type ?? 'tool');
+    const { KillSwitch } = await import('../runtime/kill-switch.js');
+    const { RollbackManager } = await import('../runtime/rollback-manager.js');
+    const { CapabilityRegistryManager } = await import('../runtime/capability-registry.js');
+    const killSwitch = new KillSwitch();
+    const registry = new CapabilityRegistryManager(`${targetPath}/.assay/capability-registry.json`);
+    await registry.load();
+    const rollbackManager = new RollbackManager(registry, killSwitch);
+    console.log('');
+    console.log(`  Rolling back ${targetType} "${targetId}"...`);
+    const event = await rollbackManager.triggerRollback('human', operator, targetType, targetId, `Manual rollback requested by ${operator} via CLI`);
+    console.log('');
+    console.log('  Rollback Complete');
+    console.log('  =================');
+    console.log(`  Rollback ID: ${event.id}`);
+    console.log(`  Trigger: ${event.trigger}`);
+    console.log(`  Target: ${event.target_type}/${event.target_id}`);
+    console.log(`  From version: ${event.from_version}`);
+    console.log(`  To version: ${event.to_version}`);
+    console.log(`  Post-rollback verification: ${event.verification_after_rollback}`);
+    console.log('');
+}
+export async function runtimeSafetyKillswitchCommand(target, opts) {
+    const { KillSwitch } = await import('../runtime/kill-switch.js');
+    const killSwitch = new KillSwitch();
+    const level = (opts.level ?? 'human');
+    const action = (opts.action ?? 'suspend_agent');
+    const operator = opts.operator ?? 'human-operator';
+    const reason = opts.reason ?? `Manual kill switch activation via CLI by ${operator}`;
+    console.log('');
+    console.log(`  Activating kill switch...`);
+    try {
+        const event = await killSwitch.activate(level, action, target, operator, reason);
+        console.log('');
+        console.log('  Kill Switch Activated');
+        console.log('  =====================');
+        console.log(`  Event ID: ${event.id}`);
+        console.log(`  Level: ${event.level}`);
+        console.log(`  Action: ${event.action}`);
+        console.log(`  Target: ${event.target}`);
+        console.log(`  Triggered by: ${event.triggered_by}`);
+        console.log(`  Reason: ${event.reason}`);
+        console.log(`  Auto-restart: ${event.auto_restart ? 'yes' : 'no'}`);
+        console.log(`  Requires redeployment: ${event.requires_redeployment ? 'YES' : 'no'}`);
+    }
+    catch (err) {
+        console.error(`  Error: ${err instanceof Error ? err.message : String(err)}`);
+        process.exit(1);
+    }
+    console.log('');
+}
 //# sourceMappingURL=runtime.js.map