vgxness 1.12.0 → 1.14.0

package/dist/mcp/stdio-server.js

@@ -2,7 +2,7 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { runBootAgentSeedUpgrade } from '../agents/boot-upgrade.js';
 import { createVgxMcpControlPlane } from './control-plane.js';
-import { EXPOSED_VGX_MCP_TOOL_NAMES, toInternalVgxMcpToolName, VGX_MCP_TOOL_INPUT_SCHEMAS, } from './schema.js';
+import { EXPOSED_VGX_MCP_TOOL_NAMES, toInternalVgxMcpToolName, VGX_MCP_TOOL_INPUT_SCHEMAS, VGX_MCP_TOOL_OUTPUT_SCHEMAS, } from './schema.js';
 export async function startVgxMcpStdioServer(options = {}) {
     const controlPlane = createVgxMcpControlPlane(options.databasePath === undefined ? {} : { databasePath: options.databasePath });
     runBootAgentSeedUpgrade(controlPlane.database);
@@ -39,18 +39,20 @@ export async function startVgxMcpStdioServer(options = {}) {
 function registerVgxTools(server, controlPlane) {
     for (const publicToolName of EXPOSED_VGX_MCP_TOOL_NAMES) {
         const toolName = toInternalVgxMcpToolName(publicToolName);
+        const outputSchema = VGX_MCP_TOOL_OUTPUT_SCHEMAS[toolName];
         server.registerTool(publicToolName, {
             title: publicToolName,
             description: descriptionForTool(publicToolName),
             inputSchema: VGX_MCP_TOOL_INPUT_SCHEMAS[toolName],
+            ...(outputSchema === undefined ? {} : { outputSchema }),
         }, async (args) => toMcpTextResult(controlPlane.callVgxTool(toolName, argsForTool(args))));
     }
 }
 function descriptionForTool(publicToolName) {
     if (publicToolName === 'provider_status')
-        return 'Read-only provider status report; inspects OpenCode config paths without installing, repairing, or writing files.';
+        return 'Agent-callable read-only provider status report; inspects expected config paths without installing, repairing, or writing provider config, and does not verify true host tool presence. Use it to decide whether to inspect doctor output or request explicit setup consent.';
     if (publicToolName === 'provider_doctor')
-        return 'Read-only provider doctor checks; reports OpenCode MCP configuration health without repair/install side effects.';
+        return 'Agent-callable read-only provider doctor advisory; checks VGXNESS-known provider config health without install/repair/config writes and without proving true host tool presence. Use it to decide the next setup or troubleshooting recommendation.';
     if (publicToolName === 'provider_change_plan')
         return 'Read-only provider change plan preview; composes status, doctor, and OpenCode install planning without writing provider config.';
     if (publicToolName === 'opencode_handoff_preview')
@@ -66,9 +68,21 @@ function descriptionForTool(publicToolName) {
     if (publicToolName === 'context_cockpit')
         return 'Read-only context cockpit for start/resume/recovery; returns latest restorable session plus bounded memory previews without traces, provider config writes, repository writes, runs, artifacts, or session mutations.';
     if (publicToolName === 'sdd_cockpit')
-        return 'Read-only SDD cockpit summary with raw compatibility fields plus additive readModel; metadata-only artifact summaries, no artifact bodies, and explicit human acceptance semantics.';
+        return 'Agent-callable read-only SDD cockpit summary; returns phase metadata/readModel without artifact bodies or state changes and preserves explicit human acceptance semantics. Use it to decide the next safe SDD action or blocker.';
     if (publicToolName === 'sdd_continue')
-        return 'Read-only SDD continuation planner; returns blocker actions, safe suggested commands, related interrupted run context, and safety notes without provider execution, run creation, artifact mutation, provider config writes, or openspec writes.';
+        return 'Agent-callable read-only SDD continuation advisory; returns blocker actions, suggested next steps, interrupted-run context, and safety notes without provider execution, run creation, artifact mutation, provider config writes, or openspec writes. Use it to choose the next manual or agent-safe action.';
+    if (publicToolName === 'sdd_status')
+        return 'Agent-callable read-only SDD status summary; reports phase presence/state and next ready phase without creating, accepting, or mutating artifacts. Use it to decide whether to inspect, draft, mark ready, or wait for human acceptance.';
+    if (publicToolName === 'sdd_get_readiness')
+        return 'Agent-callable read-only SDD readiness check; reports whether a phase can proceed and why, without marking ready or changing artifacts. Use it to decide whether to call sdd_ready or resolve prerequisites first.';
+    if (publicToolName === 'sdd_ready')
+        return 'Agent-callable state-changing SDD readiness marker; marks an existing phase artifact ready when prerequisites allow, but does not human-accept it. Use only after readiness is clear, then ask a human to accept when governance requires acceptance.';
+    if (publicToolName === 'sdd_accept_artifact')
+        return 'Human-only mutating SDD acceptance gate; records explicit human acceptance for an artifact and must not be called by agents on their own behalf. Use only after a human approval decision, then continue to the next phase.';
+    if (publicToolName === 'sdd_reopen_artifact')
+        return 'Human-only mutating SDD reopen gate; records an explicit human decision to reopen an artifact and must not be called by agents on their own behalf. Use only after human instruction, then revise or re-review the phase.';
+    if (publicToolName === 'run_preflight')
+        return 'Agent-callable advisory/planning-only run preflight; evaluates permissions and records a plan but does not execute the checked shell/git/install/network/provider/secrets operation. Use it to decide whether human approval or a separate executor step is required.';
     const toolName = toInternalVgxMcpToolName(publicToolName);
     return `VGX control-plane tool ${toolName}`;
 }
@@ -78,6 +92,7 @@ function argsForTool(args) {
 function toMcpTextResult(envelope) {
     const result = {
         content: [{ type: 'text', text: JSON.stringify(envelope, null, 2) }],
+        structuredContent: envelope,
     };
     if (!envelope.ok)
         result.isError = true;

package/dist/mcp/validation.js

@@ -736,6 +736,7 @@ function validateSkillPayloadInput(input, tool) {
         'agentName',
         'workflow',
         'phase',
+        'intentSignals',
         'providerAdapter',
         'runId',
         'mode',
@@ -749,6 +750,11 @@ function validateSkillPayloadInput(input, tool) {
     const copied = copyOptionalStrings(result, record.value, tool, ['project', 'agentId', 'agentName', 'workflow', 'phase', 'providerAdapter', 'runId']);
     if (!copied.ok)
         return copied;
+    const intentSignals = readOptionalStringArray(record.value, 'intentSignals', tool);
+    if (!intentSignals.ok)
+        return intentSignals;
+    if (intentSignals.value !== undefined)
+        result.intentSignals = intentSignals.value;
     const scope = readOptionalOneOf(record.value, 'scope', scopes, tool);
     if (!scope.ok)
         return scope;

package/dist/memory/sqlite/migrations/017_intent_signal_skill_targets.sql

@@ -0,0 +1,42 @@
+CREATE TABLE IF NOT EXISTS skill_attachments_next (
+  id TEXT PRIMARY KEY,
+  skill_id TEXT NOT NULL REFERENCES skills(id) ON DELETE CASCADE,
+  version_id TEXT REFERENCES skill_versions(id) ON DELETE SET NULL,
+  target_type TEXT NOT NULL CHECK (target_type IN ('agent', 'subagent', 'workflow-phase', 'provider-adapter', 'intent-signal')),
+  target_key TEXT NOT NULL,
+  metadata_json TEXT NOT NULL,
+  created_at TEXT NOT NULL,
+  UNIQUE(skill_id, target_type, target_key)
+);
+
+INSERT INTO skill_attachments_next(id, skill_id, version_id, target_type, target_key, metadata_json, created_at)
+SELECT id, skill_id, version_id, target_type, target_key, metadata_json, created_at
+FROM skill_attachments;
+
+DROP TABLE skill_attachments;
+ALTER TABLE skill_attachments_next RENAME TO skill_attachments;
+
+CREATE INDEX IF NOT EXISTS skill_attachments_target_idx
+  ON skill_attachments(target_type, target_key);
+
+CREATE TABLE IF NOT EXISTS skill_usage_records_next (
+  id TEXT PRIMARY KEY,
+  skill_id TEXT NOT NULL REFERENCES skills(id) ON DELETE CASCADE,
+  version_id TEXT REFERENCES skill_versions(id) ON DELETE SET NULL,
+  run_id TEXT,
+  target_type TEXT CHECK (target_type IN ('agent', 'subagent', 'workflow-phase', 'provider-adapter', 'intent-signal')),
+  target_key TEXT,
+  outcome TEXT NOT NULL CHECK (outcome IN ('selected', 'injected', 'helped', 'failed', 'neutral')),
+  notes TEXT,
+  created_at TEXT NOT NULL
+);
+
+INSERT INTO skill_usage_records_next(id, skill_id, version_id, run_id, target_type, target_key, outcome, notes, created_at)
+SELECT id, skill_id, version_id, run_id, target_type, target_key, outcome, notes, created_at
+FROM skill_usage_records;
+
+DROP TABLE skill_usage_records;
+ALTER TABLE skill_usage_records_next RENAME TO skill_usage_records;
+
+CREATE INDEX IF NOT EXISTS skill_usage_records_run_idx
+  ON skill_usage_records(run_id, created_at DESC);

package/dist/orchestrator/natural-language-planner.js

@@ -27,7 +27,7 @@ const signalRules = [
     { signal: 'workflow-change', terms: [/\bworkflow\b/, /\borchestrat(e|ion|or)\b/, /\bsdd\b/, /\bphase\b/] },
     { signal: 'persistence-change', terms: [/\bpersist(ent|ence)?\b/, /\bstorage\b/, /\bsqlite\b/, /\bdatabase\b/, /\bmemory\b/, /\bmigration\b/] },
     { signal: 'security-sensitive', terms: [/\bsecurity\b/, /\bauth\b/, /\btoken\b/, /\bsecret\b/, /\bpermission\b/, /\bpermiso\b/, /\baprobaci[oó]n\b/] },
-    { signal: 'broad-change', terms: [/\bmulti[- ]file\b/, /\bacross\b/, /\bend[- ]to[- ]end\b/, /\bsystem\b/] },
+    { signal: 'broad-change', terms: [/\bmulti[- ]file\b/, /\bacross\b/, /\bend[- ]to[- ]end\b/, /\bsystem\b/, /\blarge[- ]diff\b/, /\bbig[- ]diff\b/, /\bcross[- ]cutting\b/] },
     { signal: 'execution-request', terms: [/\brun\b/, /\bexecute\b/, /\bapply\b/, /\bstart\b/, /\binstall\b/, /\bpush\b/] },
     { signal: 'provider-execution', terms: [/\bprovider\b/, /\bopencode\b/, /\bclaude\b/, /\bmodel\b/, /\bllm\b/] },
     { signal: 'file-edit-request', terms: [/\bedit\b/, /\bwrite\b/, /\bmodify\b/, /\bpatch\b/, /\barreglar\b/] },
@@ -43,6 +43,7 @@ export function createNaturalLanguagePlan(input) {
     const ambiguous = isAmbiguous(normalizedIntent);
     if (ambiguous)
         addSignal(signals, 'ambiguous');
+    const intentSignals = buildSkillIntentSignals(normalizedIntent, signals);
     const risk = classifyIntentRisk({ project: input.project, intent: input.intent });
     const flow = chooseFlow(signals, risk);
     const workflow = workflowFor(flow);
@@ -55,7 +56,7 @@ export function createNaturalLanguagePlan(input) {
         ...(suggestedChangeId !== undefined ? { change: suggestedChangeId } : {}),
         ...(input.sdd !== undefined ? { sdd: input.sdd } : {}),
     };
-    const previewActions = buildPreviewActions(actionInput, flow, needsClarification);
+    const previewActions = buildPreviewActions(actionInput, flow, workflow, intentSignals, needsClarification);
     return {
         version: 1,
         project: input.project,
@@ -65,6 +66,7 @@ export function createNaturalLanguagePlan(input) {
         confidence: confidenceFor(flow, signals, needsClarification),
         reason: reasonFor(flow, signals, needsClarification),
         signals,
+        intentSignals,
         needsClarification,
         ...(needsClarification ? { clarifyingQuestion: 'What target should this change inspect or modify, and what outcome do you want?' } : {}),
         ...(suggestedChangeId !== undefined ? { suggestedChangeId } : {}),
@@ -231,20 +233,42 @@ function buildSafety(signals) {
         notes.push('Privileged impact was detected; this preview does not request elevated access.');
     return { executed: false, callsProvider: false, editsFiles: false, writesProviderConfig: false, recordsRuns: false, notes };
 }
-function buildPreviewActions(input, flow, needsClarification) {
+function buildSkillIntentSignals(intent, signals) {
+    const skillSignals = ['workflow-selection'];
+    if (signals.includes('broad-change'))
+        addSkillSignal(skillSignals, 'broad-change');
+    if (/\b(git|commit|branch|merge|rebase|push|stage|staging|diff|checkout)\b/.test(intent))
+        addSkillSignal(skillSignals, 'git');
+    if (/\b(pr|prs|pull[- ]request|pull request|reviewer|reviewers)\b/.test(intent))
+        addSkillSignal(skillSignals, 'pull-request');
+    if (/\b(stacked[- ]pr|stacked[- ]prs|stacked pull requests?|stacked|apilad[oa]s?)\b/.test(intent))
+        addSkillSignal(skillSignals, 'stacked-prs');
+    if (/\b(tdd|test[- ]driven|red[- ]green|strict[- ]tdd)\b/.test(intent))
+        addSkillSignal(skillSignals, intent.includes('strict') ? 'strict-tdd' : 'tdd');
+    if (/\b(review[- ]size|reviewable|split|slice|slices|large[- ]diff|big[- ]diff)\b/.test(intent))
+        addSkillSignal(skillSignals, 'review-size');
+    return skillSignals;
+}
+function addSkillSignal(signals, signal) {
+    if (!signals.includes(signal))
+        signals.push(signal);
+}
+function buildPreviewActions(input, flow, workflow, intentSignals, needsClarification) {
     if (needsClarification)
         return [{ kind: 'clarification', description: 'Ask for the missing target and desired outcome before previewing write actions.' }];
+    const skillAction = skillPayloadPreviewAction(input, workflow, intentSignals);
     if (flow === 'debug' || flow === 'diagnose')
-        return [{ kind: 'diagnostic-preview', description: 'Preview read-only diagnostic commands such as status, doctor, logs, or SDD next checks.' }];
+        return [skillAction, { kind: 'diagnostic-preview', description: 'Preview read-only diagnostic commands such as status, doctor, logs, or SDD next checks.' }];
     if (flow === 'plan')
-        return [{ kind: 'manual-plan', description: 'Draft a manual implementation plan without executing providers or editing files.' }];
+        return [skillAction, { kind: 'manual-plan', description: 'Draft a manual implementation plan without executing providers or editing files.' }];
     if (flow === 'explore' || flow === 'direct')
-        return [{ kind: 'answer', description: 'Explore or answer directly without entering SDD.' }];
+        return [skillAction, { kind: 'answer', description: 'Explore or answer directly without entering SDD.' }];
     if (flow === 'quickfix')
-        return [{ kind: 'workflow-preview', description: 'Preview a small localized quickfix; no execution occurs in this planner response.' }];
+        return [skillAction, { kind: 'workflow-preview', description: 'Preview a small localized quickfix; no execution occurs in this planner response.' }];
     if (flow === 'build')
-        return [{ kind: 'workflow-preview', description: 'Preview a scoped build workflow; no execution occurs in this planner response.' }];
+        return [skillAction, { kind: 'workflow-preview', description: 'Preview a scoped build workflow; no execution occurs in this planner response.' }];
     return [
+        skillAction,
         {
             kind: 'sdd-preview',
             description: input.sdd?.next?.recommendedAction ??
@@ -252,3 +276,24 @@ function buildPreviewActions(input, flow, needsClarification) {
         },
     ];
 }
+function skillPayloadPreviewAction(input, workflow, intentSignals) {
+    const phase = input.sdd?.next?.nextPhase;
+    const command = [
+        'vgxness skills payload',
+        '--project',
+        shellQuote(input.project),
+        '--workflow',
+        shellQuote(workflow),
+        ...(phase === undefined ? [] : ['--phase', shellQuote(phase)]),
+        '--intent-signals',
+        shellQuote(intentSignals.join(',')),
+    ].join(' ');
+    return {
+        kind: 'skill-payload-preview',
+        description: 'Preview the registry/context skills that match this intent; this is read-only and does not install provider-native skills.',
+        command,
+    };
+}
+function shellQuote(value) {
+    return `'${value.replace(/'/g, `'"'"'`)}'`;
+}

package/dist/sdd/cockpit-read-model.js

@@ -30,6 +30,7 @@ export function buildSddCockpitReadModel(cockpit) {
         phases,
         nextAction,
         blockers,
+        ...(cockpit.gates === undefined ? {} : { gates: cockpit.gates }),
         guidance: guidanceFor(cockpit, nextAction, blockers),
         summary: summarize(phases),
         contentIncluded: false,
@@ -68,6 +69,7 @@ function toPhaseReadModel(phase) {
             blocked: !phase.readiness.ready || phase.blockers.length > 0,
             reasons,
         },
+        ...(phase.gates === undefined ? {} : { gates: phase.gates }),
         guidance: guidanceForPhase(phase, status, canAccept),
     };
 }

package/dist/sdd/sdd-continuation-plan.js

@@ -5,6 +5,7 @@ export function sddContinuationPlanFrom(input) {
     const suggestedCommand = suggestedContinuationCommand(input.project, input.next, inspectCommand, dbFlag);
     const blockerGuidance = input.next.blockerGuidance ?? [];
     const blockerActions = blockerGuidance.map((blocker) => continuationBlockerAction(input.project, input.next.change, blocker, dbFlag));
+    const recommendedActions = continuationRecommendedActions(input.project, input.next, blockerGuidance);
     const relatedRunContext = relatedRunContextView(input.project, input.relatedRunContext, dbFlag);
     return {
         kind: 'sdd-continuation-plan',
@@ -18,6 +19,7 @@ export function sddContinuationPlanFrom(input) {
         suggestedCommand,
         inspectCommand,
         blockerActions,
+        recommendedActions,
         ...(relatedRunContext === undefined ? {} : { relatedRunContext }),
         ...(input.explicitDatabasePath === undefined ? {} : { explicitDatabasePath: input.explicitDatabasePath }),
         safety: [
@@ -28,6 +30,153 @@ export function sddContinuationPlanFrom(input) {
         ],
     };
 }
+function continuationRecommendedActions(project, next, blockerGuidance) {
+    const actions = [inspectCockpitAction(project, next.change)];
+    if (next.status === 'runnable' && next.nextPhase !== undefined)
+        actions.push(draftPhaseAction(project, next.change, next.nextPhase, next.reason));
+    for (const blocker of blockerGuidance) {
+        const action = recommendedActionForBlocker(project, next.change, blocker);
+        if (action !== undefined)
+            actions.push(action);
+    }
+    return actions;
+}
+function inspectCockpitAction(project, change) {
+    return {
+        id: `sdd.${change}.inspect-cockpit`,
+        label: 'Inspect SDD cockpit',
+        title: 'Inspect SDD cockpit',
+        description: 'Read the current SDD cockpit/read model before choosing the next action.',
+        kind: 'inspect',
+        category: 'inspection',
+        targetTool: 'vgxness_sdd_cockpit',
+        suggestedArgs: { project, change },
+        readOnly: true,
+        mutating: false,
+        agentCallable: true,
+        humanOnly: false,
+        requiresHumanApproval: false,
+        requiresHumanConfirmation: false,
+        requiresPreflight: false,
+        requiresProviderWriteConsent: false,
+        reason: 'Continuation plans are advisory; cockpit inspection is a safe MCP-native way to refresh state.',
+        rationale: 'Keeps agents grounded in current artifact states without mutating SDD state or provider configuration.',
+        blockingPrerequisites: [],
+    };
+}
+function draftPhaseAction(project, change, phase, reason) {
+    return {
+        id: `sdd.${change}.${phase}.draft`,
+        label: `Prepare ${phase} draft through normal SDD phase flow`,
+        title: `Prepare ${phase} draft`,
+        description: 'The next SDD phase appears runnable; draft generation must still use the normal phase workflow and any required preflight/confirmation gates.',
+        kind: 'draft-phase',
+        category: 'sdd-phase',
+        phase,
+        targetTool: 'vgxness_sdd_get_readiness',
+        suggestedArgs: { project, change, phase },
+        readOnly: false,
+        mutating: true,
+        agentCallable: true,
+        humanOnly: false,
+        requiresHumanApproval: false,
+        requiresHumanConfirmation: false,
+        requiresPreflight: true,
+        requiresProviderWriteConsent: false,
+        reason,
+        rationale: 'This continuation tool is read-only, so it can recommend the next phase but cannot execute providers or save artifacts itself.',
+        blockingPrerequisites: [],
+    };
+}
+function recommendedActionForBlocker(project, change, blocker) {
+    if (blocker.reason === 'draft' || blocker.reason === 'legacy')
+        return humanAcceptAction(project, change, blocker);
+    if (blocker.reason === 'rejected')
+        return humanReopenAction(project, change, blocker);
+    if (blocker.reason === 'missing')
+        return draftPhaseAction(project, change, blocker.phase, blocker.action);
+    return inspectArtifactAction(project, change, blocker);
+}
+function humanAcceptAction(project, change, blocker) {
+    return {
+        id: `sdd.${change}.${blocker.phase}.accept-human`,
+        label: `Human review and acceptance required for ${blocker.phase}`,
+        title: `Accept ${blocker.phase} artifact as a human`,
+        description: 'A human must explicitly accept this artifact before it counts as accepted; agents must not accept on the human’s behalf.',
+        kind: 'accept-human',
+        category: 'human-governance',
+        phase: blocker.phase,
+        targetTool: 'vgxness_sdd_accept_artifact',
+        suggestedArgs: { project, change, phase: blocker.phase },
+        readOnly: false,
+        mutating: true,
+        agentCallable: false,
+        humanOnly: true,
+        requiresHumanApproval: true,
+        requiresHumanConfirmation: true,
+        requiresPreflight: true,
+        requiresProviderWriteConsent: false,
+        reason: blocker.action,
+        rationale: 'Human-only acceptance is an explicit governance event and cannot be inferred from draft content, readiness, or artifact presence.',
+        blockingPrerequisites: [blockingPrerequisite(blocker)],
+    };
+}
+function humanReopenAction(project, change, blocker) {
+    return {
+        id: `sdd.${change}.${blocker.phase}.reopen-human`,
+        label: `Human reopen required for rejected ${blocker.phase}`,
+        title: `Reopen ${blocker.phase} artifact as a human`,
+        description: 'A human may reopen the rejected artifact to draft; agents must not perform this governance action on the human’s behalf.',
+        kind: 'reopen-human',
+        category: 'human-governance',
+        phase: blocker.phase,
+        targetTool: 'vgxness_sdd_reopen_artifact',
+        suggestedArgs: { project, change, phase: blocker.phase },
+        readOnly: false,
+        mutating: true,
+        agentCallable: false,
+        humanOnly: true,
+        requiresHumanApproval: true,
+        requiresHumanConfirmation: true,
+        requiresPreflight: true,
+        requiresProviderWriteConsent: false,
+        reason: blocker.action,
+        rationale: 'Reopen is a human governance transition from rejected back to draft and remains outside this read-only planner.',
+        blockingPrerequisites: [blockingPrerequisite(blocker)],
+    };
+}
+function inspectArtifactAction(project, change, blocker) {
+    return {
+        id: `sdd.${change}.${blocker.phase}.inspect`,
+        label: `Inspect ${blocker.phase} artifact`,
+        title: `Inspect ${blocker.phase} artifact`,
+        description: 'Inspect the blocking artifact before deciding whether human governance or phase work is needed.',
+        kind: 'inspect',
+        category: 'inspection',
+        phase: blocker.phase,
+        targetTool: 'vgxness_sdd_get_artifact',
+        suggestedArgs: { project, change, phase: blocker.phase, payloadMode: 'compact' },
+        readOnly: true,
+        mutating: false,
+        agentCallable: true,
+        humanOnly: false,
+        requiresHumanApproval: false,
+        requiresHumanConfirmation: false,
+        requiresPreflight: false,
+        requiresProviderWriteConsent: false,
+        reason: blocker.action,
+        rationale: 'Artifact inspection is read-only and helps agents understand the blocker without changing SDD state.',
+        blockingPrerequisites: [blockingPrerequisite(blocker)],
+    };
+}
+function blockingPrerequisite(blocker) {
+    return {
+        phase: blocker.phase,
+        topicKey: blocker.topicKey,
+        reason: blocker.reason,
+        ...(blocker.artifactId === undefined ? {} : { artifactId: blocker.artifactId }),
+    };
+}
 function relatedRunContextView(project, relatedRunContext, dbFlag) {
     if (relatedRunContext === undefined)
         return undefined;

package/dist/sdd/sdd-workflow-service.js

@@ -40,16 +40,18 @@ export class SddWorkflowService {
         const validated = this.validatePhaseInput(input);
         if (!validated.ok)
             return validated;
-        const phases = this.getPhaseStatuses(validated.value.project, validated.value.change);
-        if (!phases.ok)
-            return phases;
-        const readiness = getReadinessFromStatuses(validated.value.change, validated.value.phase, phases.value, this.options);
+        const snapshot = this.loadPhaseSnapshot(validated.value.project, validated.value.change);
+        if (!snapshot.ok)
+            return snapshot;
+        const phases = snapshot.value.phases;
+        const readiness = getReadinessFromStatuses(validated.value.change, validated.value.phase, phases, this.options);
         return {
             ok: true,
             value: {
                 change: validated.value.change,
                 phase: validated.value.phase,
                 ...readiness,
+                gates: readinessGatesForPhase(validated.value.change, validated.value.phase, phases, readiness),
             },
         };
     }
@@ -88,6 +90,7 @@ export class SddWorkflowService {
             };
             const artifact = phaseStatus.present ? cockpitArtifactSummaryFromSnapshotItem(phaseStatus) : undefined;
             const blockers = cockpitBlockersForPhase(phaseStatus, readiness);
+            const gates = phaseGateFromStatus(phaseStatus, readiness);
             return {
                 phase: phaseStatus.phase,
                 topicKey: phaseStatus.topicKey,
@@ -98,6 +101,7 @@ export class SddWorkflowService {
                 readiness,
                 ...(artifact === undefined ? {} : { artifact }),
                 blockers,
+                gates,
             };
         });
         const artifacts = cockpitPhases.map((phase) => phase.artifact).filter((artifact) => artifact !== undefined);
@@ -123,6 +127,7 @@ export class SddWorkflowService {
             acceptedCount: cockpitPhases.filter((phase) => phase.accepted).length,
             legacyCount: cockpitPhases.filter((phase) => phase.legacy).length,
             aggregateBlockers,
+            gates: cockpitGatesFromPhases(cockpitPhases, next),
             inspectCommand: `vgxness sdd cockpit --project ${validated.value.project} --change ${validated.value.change} --json`,
         };
         return ok(cockpit);
@@ -518,6 +523,124 @@ function cockpitArtifactSummaryFromSnapshotItem(item) {
         updatedAt: item.updatedAt,
     };
 }
+function readinessGatesForPhase(change, phase, phases, readiness) {
+    const targetStatus = phases.find((candidate) => candidate.phase === phase) ?? { phase, topicKey: sddTopicKey(change, phase), present: false, state: 'missing', accepted: false, legacy: false, warnings: [] };
+    const targetGate = phaseGateFromStatus(targetStatus, readiness);
+    const prerequisites = sddPrerequisites[phase].map((prerequisite) => {
+        const prerequisiteStatus = phases.find((candidate) => candidate.phase === prerequisite) ?? {
+            phase: prerequisite,
+            topicKey: sddTopicKey(change, prerequisite),
+            present: false,
+            state: 'missing',
+            accepted: false,
+            legacy: false,
+            warnings: [],
+        };
+        const blocker = readiness.blockedPrerequisites?.find((candidate) => candidate.phase === prerequisite);
+        return phaseGateFromStatus(prerequisiteStatus, {
+            ready: blocker === undefined,
+            blockedPrerequisites: blocker === undefined ? [] : [blocker],
+        });
+    });
+    const blockedReasons = [...targetGate.blockedReasons, ...prerequisites.flatMap((gate) => gate.blockedReasons)];
+    return {
+        phase: targetGate,
+        prerequisites,
+        runnable: readiness.ready,
+        blocked: !readiness.ready,
+        blockedReasons: [...new Set(blockedReasons)],
+        humanOnly: targetGate.humanOnly || prerequisites.some((gate) => gate.humanOnly),
+        preflightRequired: targetGate.preflightRequired,
+        agentCallable: true,
+        canDraft: targetGate.canDraft,
+        canMarkReady: targetGate.canMarkReady,
+        canAccept: targetGate.canAccept || prerequisites.some((gate) => gate.canAccept),
+        canReopen: targetGate.canReopen || prerequisites.some((gate) => gate.canReopen),
+        nextAllowedActions: [...new Set([targetGate, ...prerequisites].flatMap((gate) => gate.nextAllowedActions))],
+        requiresProviderWriteConsent: false,
+    };
+}
+function cockpitGatesFromPhases(phases, next) {
+    const phaseGates = phases.map((phase) => phase.gates ?? phaseGateFromStatus(phase, phase.readiness));
+    const blockedTransitions = phaseGates.filter((gate) => gate.blocked);
+    const blockedReasons = [...new Set(blockedTransitions.flatMap((gate) => gate.blockedReasons))];
+    const runnableNextPhases = phaseGates.filter((gate) => gate.runnable && !gate.artifactPresent).map((gate) => gate.phase);
+    return {
+        phases: phaseGates,
+        changeComplete: phases.length === sddPhases.length && phases.every((phase) => phase.accepted),
+        ...(next.nextPhase === undefined ? {} : { nextPhase: next.nextPhase }),
+        nextPhaseRunnable: next.status === 'runnable',
+        runnableNextPhases,
+        blockedTransitions,
+        blockedReasons,
+        requiresHumanAcceptance: phaseGates.some((gate) => gate.requiresHumanAcceptance),
+        humanOnly: phaseGates.some((gate) => gate.humanOnly),
+        preflightRequired: next.status === 'runnable',
+        agentCallable: true,
+        canDraft: phaseGates.some((gate) => gate.canDraft),
+        canMarkReady: phaseGates.some((gate) => gate.canMarkReady),
+        canAccept: phaseGates.some((gate) => gate.canAccept),
+        canReopen: phaseGates.some((gate) => gate.canReopen),
+        nextAllowedActions: [...new Set(phaseGates.flatMap((gate) => gate.nextAllowedActions))],
+        requiresProviderWriteConsent: false,
+    };
+}
+function phaseGateFromStatus(status, readiness) {
+    const artifactStatus = status.state ?? (status.present ? 'draft' : 'missing');
+    const acceptedByHuman = status.accepted === true && status.acceptance?.actor.type === 'human';
+    const blockedPrerequisite = readiness.blockedPrerequisites?.[0];
+    const blockedReasons = [
+        ...((readiness.blockedPrerequisites ?? []).map((blocker) => `${blocker.phase}:${blocker.reason}`)),
+        ...(status.present && status.accepted !== true ? [`${status.phase}:${blockerReasonForStatus(status)}`] : []),
+        ...(status.legacy === true ? [`${status.phase}:legacy`] : []),
+    ];
+    const requiresHumanAcceptance = status.present && !acceptedByHuman && artifactStatus !== 'missing';
+    const canDraft = readiness.ready && !status.present;
+    const canMarkReady = readiness.ready;
+    const canAccept = status.present && !acceptedByHuman && status.legacy !== true && (artifactStatus === 'draft' || artifactStatus === 'accepted');
+    const canReopen = status.present && artifactStatus === 'rejected';
+    const nextAllowedActions = phaseNextAllowedActions({ canDraft, canMarkReady, canAccept, canReopen, present: status.present });
+    return {
+        phase: status.phase,
+        topicKey: status.topicKey,
+        artifactPresent: status.present,
+        artifactStatus,
+        artifactState: status.legacy === true ? 'legacy' : artifactStatus,
+        accepted: status.accepted === true,
+        acceptedByHuman,
+        agentCallable: true,
+        requiresHumanAcceptance,
+        draftPresent: artifactStatus === 'draft',
+        contentFrozen: acceptedByHuman,
+        runnable: readiness.ready && !status.present,
+        blocked: !readiness.ready || status.legacy === true || (status.present && status.accepted !== true),
+        blockedReasons: [...new Set(blockedReasons)],
+        humanOnly: requiresHumanAcceptance,
+        preflightRequired: readiness.ready && !status.present,
+        requiresPreflight: readiness.ready && !status.present,
+        requiresProviderWriteConsent: false,
+        canDraft,
+        canMarkReady,
+        canAccept,
+        canReopen,
+        nextAllowedActions,
+        ...(blockedPrerequisite === undefined ? {} : { requiredPriorPhase: blockedPrerequisite.phase, blockerReason: blockedPrerequisite.reason }),
+    };
+}
+function phaseNextAllowedActions(input) {
+    const actions = ['vgxness_sdd_get_readiness', 'vgxness_sdd_cockpit'];
+    if (input.canDraft)
+        actions.push('vgxness_sdd_save_artifact');
+    if (input.canMarkReady)
+        actions.push('vgxness_sdd_ready');
+    if (input.present)
+        actions.push('vgxness_sdd_get_artifact');
+    if (input.canAccept)
+        actions.push('vgxness_sdd_accept_artifact');
+    if (input.canReopen)
+        actions.push('vgxness_sdd_reopen_artifact');
+    return [...new Set(actions)];
+}
 function compactGovernanceArtifact(artifact) {
     return {
         id: artifact.id,

package/dist/skills/boot-seed.js

@@ -0,0 +1,42 @@
+import { SkillSeedService } from './skill-seed-service.js';
+const skipEnvVar = 'VGXNESS_SKIP_SKILL_SEED_AUTO_UPGRADE';
+export function runBootSkillSeed(database, env = process.env) {
+    if (isOptOut(env))
+        return okFromSeedResult({ skipped: true });
+    const seeded = new SkillSeedService(database).seedFromDefaultManifest();
+    if (!seeded.ok)
+        return seeded;
+    return okFromSeedResult({ skipped: false, seed: seeded.value });
+}
+function isOptOut(env) {
+    const value = env[skipEnvVar];
+    return value === '1' || value === 'true';
+}
+function okFromSeedResult(input) {
+    if (input.skipped) {
+        return {
+            ok: true,
+            value: {
+                skipped: true,
+                skillsCreated: 0,
+                skillsUpdated: 0,
+                versionsCreated: 0,
+                versionsSkipped: 0,
+                attachmentsCreated: 0,
+                attachmentsSkipped: 0,
+            },
+        };
+    }
+    return {
+        ok: true,
+        value: {
+            skipped: false,
+            skillsCreated: input.seed.skillsCreated,
+            skillsUpdated: input.seed.skillsUpdated,
+            versionsCreated: input.seed.versionsCreated,
+            versionsSkipped: input.seed.versionsSkipped,
+            attachmentsCreated: input.seed.attachmentsCreated,
+            attachmentsSkipped: input.seed.attachmentsSkipped,
+        },
+    };
+}