vgxness 1.13.0 → 1.14.1

package/README.md

@@ -8,7 +8,7 @@ This package is proprietary software. The npm package ships inspectable JavaScri
 
 OpenCode is the primary supported provider. Claude setup support is secondary. VGX-managed OpenCode and Claude provider configuration is user-global only; provider config writes require explicit CLI confirmation.
 
-VGXNESS v1.10.x has a current project health audit describing the implemented CLI/MCP/SDD control plane, OpenCode health, known docs drift, interrupted runs, and the remaining execution/recovery gaps. See [Project health audit v1.10.x](./docs/project-health-audit-v1.10.x.md) for the current system snapshot; [v1.9.1](./docs/project-health-audit-v1.9.1.md) remains historical validation evidence for that release.
+VGXNESS v1.14.x has a current project health audit describing the implemented CLI/MCP/SDD control plane, OpenCode-first workflow, release-readiness checks, and the remaining execution/recovery gaps. See [Project health audit v1.14.x](./docs/project-health-audit-v1.14.x.md) for the current system snapshot; [v1.10.x](./docs/project-health-audit-v1.10.x.md) and [v1.9.1](./docs/project-health-audit-v1.9.1.md) remain historical validation evidence for those releases.
 
 ## Requirements
 
@@ -256,6 +256,7 @@ Remove any user-global OpenCode/Claude config entries and local/global VGXNESS d
 ## More docs
 
 - [CLI reference](./docs/cli.md)
+- [Project health audit v1.14.x](./docs/project-health-audit-v1.14.x.md)
 - [Project health audit v1.10.x](./docs/project-health-audit-v1.10.x.md)
 - [Project health audit v1.9.1](./docs/project-health-audit-v1.9.1.md)
 - [Architecture](./docs/architecture.md)

package/dist/agents/canonical-agent-manifest.js

@@ -2,7 +2,7 @@ import { canonicalBehaviorContractVersion } from '../behavior/behavior-contract-
 export const canonicalDefaultAgentName = 'vgxness-manager';
 export const canonicalOpenCodeDefaultModel = 'openai/gpt-5.5';
 export const canonicalOpenCodeManagerReasoningEffort = 'high';
-export const canonicalPromptContractVersion = 10;
+export const canonicalPromptContractVersion = 11;
 export const canonicalSddSubagentNames = [
     'vgxness-sdd-explore',
     'vgxness-sdd-propose',
@@ -78,7 +78,7 @@ function managerDefinition() {
         builtIn: true,
         name: canonicalDefaultAgentName,
         description: 'Coordinates VGXNESS MCP state and SDD sub-agents while routing Tier 0-2 lightweight work, Tier 3 preflight validation, and Tier 4 formal SDD.',
-        instructions: { kind: 'inline', value: registryManagerInstructionsV10 },
+        instructions: { kind: 'inline', value: registryManagerInstructionsV11 },
         capabilities: ['sdd-orchestration', 'agent-routing', 'mcp-coordination', 'project-local-automation'],
         permissions: { read: 'allow', edit: 'ask', shell: 'ask', git: 'ask', memory: 'allow', 'provider-tool': 'deny', secrets: 'deny' },
         memory: { scopes: ['project'] },
@@ -166,7 +166,7 @@ Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to sm
 Use the lightest safe path: Tier 0-2 direct; Tier 3 preflight; Tier 4 formal SDD for governance, permissions, acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff are read-only/audit-only; writes stay gated.
 
 ## Provider-native daily flow
-Daily SDD happens inside OpenCode through conversation, VGXNESS MCP, and hidden SDD subagents. Do not tell users to run terminal SDD phase commands for normal flow. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
+SDD happens in OpenCode via conversation, VGXNESS MCP, and SDD subagents. No terminal SDD phase commands for normal flow. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
 
 ## MCP playbook
 - For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\`; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with current session id and actor \`manager\`; if no id, do not invent one and summarize.
@@ -174,9 +174,9 @@ Daily SDD happens inside OpenCode through conversation, VGXNESS MCP, and hidden
 - Trusted draft autorun: when the exact \`proposal\` artifact is already accepted, you may run exactly \`spec -> design -> tasks\` without extra human confirmation via exact hidden subagents and save drafts with \`vgxness_sdd_save_artifact\`. This is draft-only planning, not acceptance or completion. Do not use for explore/proposal/apply-progress/verify/archive, rejected/superseded artifacts, accepted overwrites, or risky side effects (provider config, edits, shell/tests, git, secrets, external/destructive/privileged/ambiguous). Re-check status/readiness before and after; generated spec/design drafts may feed downstream design/tasks but remain unaccepted.
 - Acceptance/readiness: check SDD status/readiness for the exact project/change/phase, confirm explicit human acceptance of that exact artifact, call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId), then re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, and audit warnings.
 - Memory: call \`vgxness_memory_search\`/\`vgxness_memory_get\` for prior work or unclear context; call \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; use \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
-- Agents/profile/payloads: resolve exact phase with \`vgxness_agent_resolve\`. \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, and \`vgxness_skill_payload\` are preview context only; agent_activate does not execute a provider or write provider config. Use \`vgxness_manager_profile_get\` before behavior changes; \`vgxness_manager_profile_set\` requires explicit human authorization.
-- Runs/recovery: use \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\` for run work; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, and close with \`vgxness_run_finalize\`. Unknown runId: \`vgxness_run_resume_candidates\`. For interrupted runs, inspect with \`vgxness_run_resume_inspect\`, then call \`vgxness_run_resume_gate\` with approvalId from pendingApprovals/inspect before advice; never pass runId as approvalId
-- Provider diagnostics: \`vgxness_provider_status\`/\`vgxness_provider_doctor\` are read-only reports.
+- Agents/profile/payloads: resolve phase with \`vgxness_agent_resolve\`. Preview mode does not execute a provider or write provider config for \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, or \`vgxness_skill_payload\`. Use \`vgxness_manager_profile_get\` before changes; \`vgxness_manager_profile_set\` requires explicit human authorization.
+- Runs/recovery: use \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\` for run work; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, and close with \`vgxness_run_finalize\`. Unknown runId: \`vgxness_run_resume_candidates\`. For interrupted runs, inspect with \`vgxness_run_resume_inspect\`, then call \`vgxness_run_resume_gate\` with approvalId from pendingApprovals/inspect before advice; never pass runId as approvalId. Follow safe \`recommendedActions[]\`.
+- Provider diagnostics: \`vgxness_provider_status\`/\`vgxness_provider_doctor\` read-only; report \`providerEvidence.evidenceLevel\`/\`hostToolPresenceVerified\` limits.
 
 ## Minimum flows
 - Simple answer: inline; memory only for prior context; no run by default.
@@ -196,11 +196,12 @@ Be concise: delegated work, results, files/decisions, evidence/tests, risks, nex
  * render baselines, and manager profile overlay baselines; they are
  * intentionally distinct from the provider runtime prompt above.
  */
-const registryManagerInstructionsV10 = [
+const registryManagerInstructionsV11 = [
     'You are the VGXNESS SDD coordinator, not a monolithic executor. Coach briefly while coordinating: explain useful tradeoffs, be realistic about risks and unknowns, respectfully challenge weak assumptions with better options, keep the user comfortable and in control, and stay concise.',
     'Default to delegation for SDD phase-shaped work, repository exploration beyond one narrow lookup, implementation, verification, incident recovery, or multi-step analysis. Inline only conversational guidance, single-fact lookup, MCP/status/readiness checks, and trivial mechanical edits when safe. When uncertain between inline work and subagent work, delegate to the exact smallest SDD subagent.',
     'Use VGXNESS MCP as the durable control plane: restore session context with vgxness_session_restore before inferring start/resume state from chat, and close/pause/compact with vgxness_session_close using actor manager plus an actionable summary when a current session id exists.',
     'Check SDD status/next/ready/cockpit, read prerequisites with sdd_get_artifact or sdd_list_artifacts, use public sdd_continue/internal vgxness_sdd_continue first for advisory read-only continuation plans, use sdd_reopen_artifact only for rejected artifacts returning to draft with explicit human actor/audit context, save phase output with sdd_save_artifact only by governance; when proposal is accepted, spec/design/tasks may run sequentially as draft-only autorun without extra confirmation, while acceptance remains human-only. Search/get/save/update memory only for reusable knowledge, resolve exact SDD subagents before substantial phase work, use runs/checkpoints/preflight/finalize for significant implementation or verification, use run_resume_candidates for unknown runId, inspect interrupted runs by runId with run_resume_inspect, then call run_resume_gate with approvalId from pendingApprovals/inspect; never pass runId as approvalId; use vgxness_provider_status for configured/phase/next questions plus vgxness_provider_doctor for read-only OpenCode MCP/manager health.',
+    'When sdd_continue/vgxness_sdd_continue returns recommendedActions, prefer the first safe action with agentCallable true and humanOnly false; use targetTool plus suggestedArgs as the starting point, and stop for requiresHumanConfirmation, requiresProviderWriteConsent, requiresPreflight, ambiguous, destructive, privileged, external, or outside-approval actions. For readiness, use cockpit/status/readiness to distinguish missing, draft, ready, blocked, and accepted; never infer acceptance. For provider evidence, report providerEvidence.evidenceLevel, hostToolPresenceVerified, notes, and limitations; do not claim true host presence unless evidence explicitly verifies it.',
     'Prefer payloadMode=compact for manager-facing status/context reads, SDD artifact reads/lists, and activation handoffs so the primary context stays clean; request payloadMode=verbose only when full artifact contents, provider payloads, or skill context are actually needed, preferably inside delegated phase subagents.',
     'MCP sdd_continue must not execute providers, create runs, mutate artifacts, write provider config/openspec, bypass human acceptance, or treat draft-run as apply-progress.',
     'CLI is an escape hatch for bootstrap, doctor, rollback, recovery, MCP unavailable/setup missing, or explicit user request; do not tell users to run terminal SDD phase commands for normal daily flow. CLI vgxness sdd continue is a human/manual fallback only; vgxness resume --project is for candidate runs. The removed experimental vgxness code runtime is not an SDD fallback.',

package/dist/cli/cli-flags.js

@@ -180,13 +180,13 @@ function skillTargetTypeFlag(flags, name) {
         return value;
     return isSkillTargetType(value.value)
         ? { ok: true, value: value.value }
-        : validationFailure(`--${name} must be agent, subagent, workflow-phase, or provider-adapter`);
+        : validationFailure(`--${name} must be agent, subagent, workflow-phase, provider-adapter, or intent-signal`);
 }
 function optionalSkillTargetTypeFlag(flags, name) {
     const value = optionalStringFlag(flags, name);
     if (value === undefined)
         return { ok: true, value: undefined };
-    return isSkillTargetType(value) ? { ok: true, value } : validationFailure(`--${name} must be agent, subagent, workflow-phase, or provider-adapter`);
+    return isSkillTargetType(value) ? { ok: true, value } : validationFailure(`--${name} must be agent, subagent, workflow-phase, provider-adapter, or intent-signal`);
 }
 function skillUsageOutcomeFlag(flags, name) {
     const value = requiredFlag(flags, name);
@@ -228,7 +228,7 @@ function isSkillEvaluationResultStatus(value) {
     return value === 'passed' || value === 'failed' || value === 'needs-review' || value === 'not-applicable';
 }
 function isSkillTargetType(value) {
-    return value === 'agent' || value === 'subagent' || value === 'workflow-phase' || value === 'provider-adapter';
+    return value === 'agent' || value === 'subagent' || value === 'workflow-phase' || value === 'provider-adapter' || value === 'intent-signal';
 }
 function instructionKindFlag(flags) {
     const value = optionalStringFlag(flags, 'instructions-kind') ?? 'inline';

package/dist/cli/cli-help.js

@@ -77,12 +77,12 @@ Areas:
   skills list [--project <name>] [--scope project|personal]
   skills get --id <id> | --project <name> --name <name> [--scope project|personal]
   skills add-version (--id <id> | --project <name> --name <name>) --version <version> --source-kind path|url|inline [--source-path <path>] [--source-url <url>] [--inline-metadata <json>] [--activate]
-  skills attach (--id <id> | --project <name> --name <name>) --target-type agent|subagent|workflow-phase|provider-adapter --target-key <key>
-  skills detach (--id <id> | --project <name> --name <name>) --target-type agent|subagent|workflow-phase|provider-adapter --target-key <key>
+  skills attach (--id <id> | --project <name> --name <name>) --target-type agent|subagent|workflow-phase|provider-adapter|intent-signal --target-key <key>
+  skills detach (--id <id> | --project <name> --name <name>) --target-type agent|subagent|workflow-phase|provider-adapter|intent-signal --target-key <key>
   skills record-usage (--id <id> | --project <name> --name <name>) --outcome selected|injected|helped|failed|neutral [--run-id <id>]
-  skills resolve [--agent <name> | --agent-id <id>] [--project <name>] [--workflow <name>] [--phase <name>] [--provider <name>] [--run <id>] [--record-usage selected|injected]
+  skills resolve [--agent <name> | --agent-id <id>] [--project <name>] [--workflow <name>] [--phase <name>] [--intent-signals a,b] [--provider <name>] [--run <id>] [--record-usage selected|injected]
   skills status --project <name> [--scope project|personal] [--provider opencode] [--mode agent|subagent] [--agent <name-or-id>]
-  skills payload [--agent <name> | --agent-id <id>] [--project <name>] [--workflow <name>] [--phase <name>] [--provider <name>]
+  skills payload [--agent <name> | --agent-id <id>] [--project <name>] [--workflow <name>] [--phase <name>] [--intent-signals a,b] [--provider <name>]
   skills propose (--id <id> | --project <name> --name <name>) --proposed-version <version> --source-kind path|url|inline --rationale <text>
   skills proposals [--skill-id <id>] [--status draft|pending-approval|approved|rejected|cancelled|applied]
   skills create-scenario (--id <id> --name <scenario> | --project <name> --name <skill> --scenario-name <scenario>) --criteria <json> --created-by <actor> [--proposal <id>] [--version-id <id>]

package/dist/cli/commands/agent-skill-dispatcher.js

@@ -4,6 +4,7 @@ import { ManagerProfileOverlayService } from '../../agents/manager-profile-overl
 import { getProviderRenderer } from '../../agents/renderers/index.js';
 import { ManagerProfileOverlayRepository } from '../../agents/repositories/manager-profile-overlays.js';
 import { createAgentRegistryToolHandlers } from '../../harness/tools/agents.js';
+import { runBootSkillSeed } from '../../skills/boot-seed.js';
 import { SkillRegistryService } from '../../skills/skill-registry-service.js';
 import { SkillStatusService } from '../../skills/skill-status-service.js';
 import { csvFlag, instructionKindFlag, jsonFlag, optionalJsonFlag, optionalModeFlag, optionalScopeFlag, optionalSkillEvaluationResultStatusFlag, optionalSkillImprovementProposalStatusFlag, optionalSkillResolutionUsageFlag, optionalSkillTargetTypeFlag, optionalSkillVersionStatusFlag, optionalStringFlag, requiredFlag, scopeFlag, skillEvaluationResultStatusFlag, skillSourceFromFlags, skillTargetTypeFlag, skillUsageOutcomeFlag, } from '../cli-flags.js';
@@ -37,6 +38,7 @@ function resolveSkillsInput(flags) {
     const agentName = optionalStringFlag(flags, 'agent');
     const workflow = optionalStringFlag(flags, 'workflow');
     const phase = optionalStringFlag(flags, 'phase');
+    const intentSignals = csvFlag(flags, 'intent-signals');
     const providerAdapter = optionalStringFlag(flags, 'provider');
     const runId = optionalStringFlag(flags, 'run');
     if (project !== undefined)
@@ -51,6 +53,8 @@ function resolveSkillsInput(flags) {
         input.workflow = workflow;
     if (phase !== undefined)
         input.phase = phase;
+    if (intentSignals.length > 0)
+        input.intentSignals = intentSignals;
     if (providerAdapter !== undefined)
         input.providerAdapter = providerAdapter;
     if (runId !== undefined)
@@ -658,7 +662,12 @@ export function runSkillCommand(command, parsed, database, environment) {
     }
     if (command === 'payload') {
         const input = skillPayloadInput(parsed.flags);
-        return input.ok ? jsonResult(registry.buildSkillPayload(input.value, { workspaceRoot: environment.cwd })) : resultFailure(input);
+        if (!input.ok)
+            return resultFailure(input);
+        const seeded = runBootSkillSeed(database, environment.env);
+        if (!seeded.ok)
+            return resultFailure(seeded);
+        return jsonResult(registry.buildSkillPayload(input.value, { workspaceRoot: environment.cwd }));
     }
     return usageFailure(`Unknown skills command: ${command}`);
 }

package/dist/mcp/control-plane.js

@@ -11,6 +11,7 @@ import { RunService } from '../runs/run-service.js';
 import { sddContinuationPlanFrom } from '../sdd/sdd-continuation-plan.js';
 import { buildSddCockpitSurfaceResponse } from '../sdd/cockpit-read-model.js';
 import { SddWorkflowService } from '../sdd/sdd-workflow-service.js';
+import { runBootSkillSeed } from '../skills/boot-seed.js';
 import { SkillRegistryService } from '../skills/skill-registry-service.js';
 import { VerificationPlanService } from '../verification/index.js';
 import { ProviderChangePlanService } from './provider-change-plan.js';
@@ -312,6 +313,7 @@ function createServices(database) {
         agents,
         managerProfiles,
         skills,
+        seedBuiltInSkills: () => runBootSkillSeed(database),
         opencodeManagerPayload,
         opencodeHandoffPreview: new OpenCodeHandoffPreviewService({ managerPayload: opencodeManagerPayload, sdd, providerStatus }),
         activation: new AgentActivationService({ agents, managerProfiles, runs, opencodeManagerPayload }),
@@ -358,6 +360,9 @@ function memoryContext(sessionId) {
     return context;
 }
 function buildSkillPayloadEnvelope(input, services) {
+    const seeded = services.seedBuiltInSkills?.();
+    if (seeded !== undefined && !seeded.ok)
+        return errorEnvelope(seeded.error.code, seeded.error.message, 'vgxness_skill_payload');
     const { workspaceRoot, maxSourceBytes, mode, ...resolverInput } = input;
     const options = { workspaceRoot, ...(maxSourceBytes === undefined ? {} : { maxSourceBytes }), ...(mode === undefined ? {} : { mode }) };
     return toEnvelope('vgxness_skill_payload', services.skills.buildSkillPayload(resolverInput, options));

package/dist/mcp/schema.js

@@ -469,6 +469,7 @@ export const VGX_MCP_TOOL_INPUT_SCHEMAS = {
         agentName: z.string().min(1).optional(),
         workflow: z.string().min(1).optional(),
         phase: z.string().min(1).optional(),
+        intentSignals: z.array(z.string().min(1)).optional(),
         providerAdapter: z.string().min(1).optional(),
         runId: z.string().min(1).optional(),
         mode: z.enum(payloadModes).optional(),

package/dist/mcp/validation.js

@@ -736,6 +736,7 @@ function validateSkillPayloadInput(input, tool) {
         'agentName',
         'workflow',
         'phase',
+        'intentSignals',
         'providerAdapter',
         'runId',
         'mode',
@@ -749,6 +750,11 @@ function validateSkillPayloadInput(input, tool) {
     const copied = copyOptionalStrings(result, record.value, tool, ['project', 'agentId', 'agentName', 'workflow', 'phase', 'providerAdapter', 'runId']);
     if (!copied.ok)
         return copied;
+    const intentSignals = readOptionalStringArray(record.value, 'intentSignals', tool);
+    if (!intentSignals.ok)
+        return intentSignals;
+    if (intentSignals.value !== undefined)
+        result.intentSignals = intentSignals.value;
     const scope = readOptionalOneOf(record.value, 'scope', scopes, tool);
     if (!scope.ok)
         return scope;

package/dist/memory/sqlite/migrations/017_intent_signal_skill_targets.sql

@@ -0,0 +1,42 @@
+CREATE TABLE IF NOT EXISTS skill_attachments_next (
+  id TEXT PRIMARY KEY,
+  skill_id TEXT NOT NULL REFERENCES skills(id) ON DELETE CASCADE,
+  version_id TEXT REFERENCES skill_versions(id) ON DELETE SET NULL,
+  target_type TEXT NOT NULL CHECK (target_type IN ('agent', 'subagent', 'workflow-phase', 'provider-adapter', 'intent-signal')),
+  target_key TEXT NOT NULL,
+  metadata_json TEXT NOT NULL,
+  created_at TEXT NOT NULL,
+  UNIQUE(skill_id, target_type, target_key)
+);
+
+INSERT INTO skill_attachments_next(id, skill_id, version_id, target_type, target_key, metadata_json, created_at)
+SELECT id, skill_id, version_id, target_type, target_key, metadata_json, created_at
+FROM skill_attachments;
+
+DROP TABLE skill_attachments;
+ALTER TABLE skill_attachments_next RENAME TO skill_attachments;
+
+CREATE INDEX IF NOT EXISTS skill_attachments_target_idx
+  ON skill_attachments(target_type, target_key);
+
+CREATE TABLE IF NOT EXISTS skill_usage_records_next (
+  id TEXT PRIMARY KEY,
+  skill_id TEXT NOT NULL REFERENCES skills(id) ON DELETE CASCADE,
+  version_id TEXT REFERENCES skill_versions(id) ON DELETE SET NULL,
+  run_id TEXT,
+  target_type TEXT CHECK (target_type IN ('agent', 'subagent', 'workflow-phase', 'provider-adapter', 'intent-signal')),
+  target_key TEXT,
+  outcome TEXT NOT NULL CHECK (outcome IN ('selected', 'injected', 'helped', 'failed', 'neutral')),
+  notes TEXT,
+  created_at TEXT NOT NULL
+);
+
+INSERT INTO skill_usage_records_next(id, skill_id, version_id, run_id, target_type, target_key, outcome, notes, created_at)
+SELECT id, skill_id, version_id, run_id, target_type, target_key, outcome, notes, created_at
+FROM skill_usage_records;
+
+DROP TABLE skill_usage_records;
+ALTER TABLE skill_usage_records_next RENAME TO skill_usage_records;
+
+CREATE INDEX IF NOT EXISTS skill_usage_records_run_idx
+  ON skill_usage_records(run_id, created_at DESC);

package/dist/orchestrator/natural-language-planner.js

@@ -27,7 +27,7 @@ const signalRules = [
     { signal: 'workflow-change', terms: [/\bworkflow\b/, /\borchestrat(e|ion|or)\b/, /\bsdd\b/, /\bphase\b/] },
     { signal: 'persistence-change', terms: [/\bpersist(ent|ence)?\b/, /\bstorage\b/, /\bsqlite\b/, /\bdatabase\b/, /\bmemory\b/, /\bmigration\b/] },
     { signal: 'security-sensitive', terms: [/\bsecurity\b/, /\bauth\b/, /\btoken\b/, /\bsecret\b/, /\bpermission\b/, /\bpermiso\b/, /\baprobaci[oó]n\b/] },
-    { signal: 'broad-change', terms: [/\bmulti[- ]file\b/, /\bacross\b/, /\bend[- ]to[- ]end\b/, /\bsystem\b/] },
+    { signal: 'broad-change', terms: [/\bmulti[- ]file\b/, /\bacross\b/, /\bend[- ]to[- ]end\b/, /\bsystem\b/, /\blarge[- ]diff\b/, /\bbig[- ]diff\b/, /\bcross[- ]cutting\b/] },
     { signal: 'execution-request', terms: [/\brun\b/, /\bexecute\b/, /\bapply\b/, /\bstart\b/, /\binstall\b/, /\bpush\b/] },
     { signal: 'provider-execution', terms: [/\bprovider\b/, /\bopencode\b/, /\bclaude\b/, /\bmodel\b/, /\bllm\b/] },
     { signal: 'file-edit-request', terms: [/\bedit\b/, /\bwrite\b/, /\bmodify\b/, /\bpatch\b/, /\barreglar\b/] },
@@ -43,6 +43,7 @@ export function createNaturalLanguagePlan(input) {
     const ambiguous = isAmbiguous(normalizedIntent);
     if (ambiguous)
         addSignal(signals, 'ambiguous');
+    const intentSignals = buildSkillIntentSignals(normalizedIntent, signals);
     const risk = classifyIntentRisk({ project: input.project, intent: input.intent });
     const flow = chooseFlow(signals, risk);
     const workflow = workflowFor(flow);
@@ -55,7 +56,7 @@ export function createNaturalLanguagePlan(input) {
         ...(suggestedChangeId !== undefined ? { change: suggestedChangeId } : {}),
         ...(input.sdd !== undefined ? { sdd: input.sdd } : {}),
     };
-    const previewActions = buildPreviewActions(actionInput, flow, needsClarification);
+    const previewActions = buildPreviewActions(actionInput, flow, workflow, intentSignals, needsClarification);
     return {
         version: 1,
         project: input.project,
@@ -65,6 +66,7 @@ export function createNaturalLanguagePlan(input) {
         confidence: confidenceFor(flow, signals, needsClarification),
         reason: reasonFor(flow, signals, needsClarification),
         signals,
+        intentSignals,
         needsClarification,
         ...(needsClarification ? { clarifyingQuestion: 'What target should this change inspect or modify, and what outcome do you want?' } : {}),
         ...(suggestedChangeId !== undefined ? { suggestedChangeId } : {}),
@@ -231,20 +233,42 @@ function buildSafety(signals) {
         notes.push('Privileged impact was detected; this preview does not request elevated access.');
     return { executed: false, callsProvider: false, editsFiles: false, writesProviderConfig: false, recordsRuns: false, notes };
 }
-function buildPreviewActions(input, flow, needsClarification) {
+function buildSkillIntentSignals(intent, signals) {
+    const skillSignals = ['workflow-selection'];
+    if (signals.includes('broad-change'))
+        addSkillSignal(skillSignals, 'broad-change');
+    if (/\b(git|commit|branch|merge|rebase|push|stage|staging|diff|checkout)\b/.test(intent))
+        addSkillSignal(skillSignals, 'git');
+    if (/\b(pr|prs|pull[- ]request|pull request|reviewer|reviewers)\b/.test(intent))
+        addSkillSignal(skillSignals, 'pull-request');
+    if (/\b(stacked[- ]pr|stacked[- ]prs|stacked pull requests?|stacked|apilad[oa]s?)\b/.test(intent))
+        addSkillSignal(skillSignals, 'stacked-prs');
+    if (/\b(tdd|test[- ]driven|red[- ]green|strict[- ]tdd)\b/.test(intent))
+        addSkillSignal(skillSignals, intent.includes('strict') ? 'strict-tdd' : 'tdd');
+    if (/\b(review[- ]size|reviewable|split|slice|slices|large[- ]diff|big[- ]diff)\b/.test(intent))
+        addSkillSignal(skillSignals, 'review-size');
+    return skillSignals;
+}
+function addSkillSignal(signals, signal) {
+    if (!signals.includes(signal))
+        signals.push(signal);
+}
+function buildPreviewActions(input, flow, workflow, intentSignals, needsClarification) {
     if (needsClarification)
         return [{ kind: 'clarification', description: 'Ask for the missing target and desired outcome before previewing write actions.' }];
+    const skillAction = skillPayloadPreviewAction(input, workflow, intentSignals);
     if (flow === 'debug' || flow === 'diagnose')
-        return [{ kind: 'diagnostic-preview', description: 'Preview read-only diagnostic commands such as status, doctor, logs, or SDD next checks.' }];
+        return [skillAction, { kind: 'diagnostic-preview', description: 'Preview read-only diagnostic commands such as status, doctor, logs, or SDD next checks.' }];
     if (flow === 'plan')
-        return [{ kind: 'manual-plan', description: 'Draft a manual implementation plan without executing providers or editing files.' }];
+        return [skillAction, { kind: 'manual-plan', description: 'Draft a manual implementation plan without executing providers or editing files.' }];
     if (flow === 'explore' || flow === 'direct')
-        return [{ kind: 'answer', description: 'Explore or answer directly without entering SDD.' }];
+        return [skillAction, { kind: 'answer', description: 'Explore or answer directly without entering SDD.' }];
     if (flow === 'quickfix')
-        return [{ kind: 'workflow-preview', description: 'Preview a small localized quickfix; no execution occurs in this planner response.' }];
+        return [skillAction, { kind: 'workflow-preview', description: 'Preview a small localized quickfix; no execution occurs in this planner response.' }];
     if (flow === 'build')
-        return [{ kind: 'workflow-preview', description: 'Preview a scoped build workflow; no execution occurs in this planner response.' }];
+        return [skillAction, { kind: 'workflow-preview', description: 'Preview a scoped build workflow; no execution occurs in this planner response.' }];
     return [
+        skillAction,
         {
             kind: 'sdd-preview',
             description: input.sdd?.next?.recommendedAction ??
@@ -252,3 +276,24 @@ function buildPreviewActions(input, flow, needsClarification) {
         },
     ];
 }
+function skillPayloadPreviewAction(input, workflow, intentSignals) {
+    const phase = input.sdd?.next?.nextPhase;
+    const command = [
+        'vgxness skills payload',
+        '--project',
+        shellQuote(input.project),
+        '--workflow',
+        shellQuote(workflow),
+        ...(phase === undefined ? [] : ['--phase', shellQuote(phase)]),
+        '--intent-signals',
+        shellQuote(intentSignals.join(',')),
+    ].join(' ');
+    return {
+        kind: 'skill-payload-preview',
+        description: 'Preview the registry/context skills that match this intent; this is read-only and does not install provider-native skills.',
+        command,
+    };
+}
+function shellQuote(value) {
+    return `'${value.replace(/'/g, `'"'"'`)}'`;
+}

package/dist/skills/boot-seed.js

@@ -0,0 +1,42 @@
+import { SkillSeedService } from './skill-seed-service.js';
+const skipEnvVar = 'VGXNESS_SKIP_SKILL_SEED_AUTO_UPGRADE';
+export function runBootSkillSeed(database, env = process.env) {
+    if (isOptOut(env))
+        return okFromSeedResult({ skipped: true });
+    const seeded = new SkillSeedService(database).seedFromDefaultManifest();
+    if (!seeded.ok)
+        return seeded;
+    return okFromSeedResult({ skipped: false, seed: seeded.value });
+}
+function isOptOut(env) {
+    const value = env[skipEnvVar];
+    return value === '1' || value === 'true';
+}
+function okFromSeedResult(input) {
+    if (input.skipped) {
+        return {
+            ok: true,
+            value: {
+                skipped: true,
+                skillsCreated: 0,
+                skillsUpdated: 0,
+                versionsCreated: 0,
+                versionsSkipped: 0,
+                attachmentsCreated: 0,
+                attachmentsSkipped: 0,
+            },
+        };
+    }
+    return {
+        ok: true,
+        value: {
+            skipped: false,
+            skillsCreated: input.seed.skillsCreated,
+            skillsUpdated: input.seed.skillsUpdated,
+            versionsCreated: input.seed.versionsCreated,
+            versionsSkipped: input.seed.versionsSkipped,
+            attachmentsCreated: input.seed.attachmentsCreated,
+            attachmentsSkipped: input.seed.attachmentsSkipped,
+        },
+    };
+}

package/dist/skills/skill-resolver.js

@@ -89,6 +89,7 @@ export class SkillResolver {
                 ...(agent.value?.name !== undefined ? { agentName: agent.value.name } : {}),
                 ...(input.workflow !== undefined ? { workflow: input.workflow } : {}),
                 ...(input.phase !== undefined ? { phase: input.phase } : {}),
+                ...(input.intentSignals !== undefined && input.intentSignals.length > 0 ? { intentSignals: normalizedIntentSignals(input.intentSignals) } : {}),
                 ...(input.providerAdapter !== undefined ? { providerAdapter: input.providerAdapter } : {}),
                 ...(input.runId !== undefined ? { runId: input.runId } : {}),
             },
@@ -99,8 +100,13 @@ export class SkillResolver {
         });
     }
     resolveAgent(input) {
-        if (input.agentId !== undefined)
-            return this.agents.getById(input.agentId);
+        if (input.agentId !== undefined) {
+            const byId = this.agents.getById(input.agentId);
+            if (byId.ok || input.project === undefined)
+                return byId;
+            const byName = this.agents.getByName(input.project, input.scope ?? 'project', input.agentId);
+            return byName.ok ? byName : byId;
+        }
         if (input.agentName === undefined)
             return ok(undefined);
         if (input.project === undefined)
@@ -121,6 +127,8 @@ export class SkillResolver {
         }
         for (const phase of phases)
             targets.push({ targetType: 'workflow-phase', targetKey: phase });
+        for (const signal of normalizedIntentSignals(input.intentSignals))
+            targets.push({ targetType: 'intent-signal', targetKey: signal });
         if (input.providerAdapter !== undefined)
             targets.push({ targetType: 'provider-adapter', targetKey: input.providerAdapter });
         return dedupeTargets(targets);
@@ -229,6 +237,9 @@ function phaseTargetKeys(workflow, phase) {
 function isSddWorkflow(workflow) {
     return workflow?.trim().toLowerCase() === 'sdd';
 }
+function normalizedIntentSignals(signals) {
+    return [...new Set((signals ?? []).map((signal) => signal.trim().toLowerCase()).filter(Boolean))];
+}
 function stringMetadata(value) {
     return typeof value === 'string' && value.trim() ? value : undefined;
 }

package/dist/skills/skill-seed-service.js

@@ -33,9 +33,8 @@ export class SkillSeedService {
                 if (!details.ok)
                     return details;
                 existingVersions.set(seed.name, details.value.versions.some((version) => version.version === seed.version));
-                for (const attachment of details.value.attachments) {
+                for (const attachment of details.value.attachments)
                     existingAttachments.set(`${seed.name}:${attachment.targetType}:${attachment.targetKey}`, true);
-                }
             }
         }
         const transaction = this.database.transaction(() => {
@@ -74,11 +73,12 @@ export class SkillSeedService {
                 const skill = this.registry.getSkillByName(manifest.project, manifest.scope, attachment.skill);
                 if (!skill.ok)
                     throw new SeedLoadError(skill.error);
-                const targetKey = `${attachment.workflow}:${attachment.phase}`;
-                const key = `${attachment.skill}:workflow-phase:${targetKey}`;
+                const targetType = attachmentTargetType(attachment);
+                const targetKey = attachmentTargetKey(attachment);
+                const key = `${attachment.skill}:${targetType}:${targetKey}`;
                 const attachInput = {
                     skillId: skill.value.id,
-                    targetType: 'workflow-phase',
+                    targetType,
                     targetKey,
                     metadata: attachmentMetadata(attachment),
                 };
@@ -138,7 +138,7 @@ function validateManifest(manifest) {
         const validation = validateAttachmentSeed(attachment, names);
         if (!validation.ok)
             return validation;
-        const key = `${attachment.workflow}:${attachment.phase}:${attachment.skill}`;
+        const key = `${attachmentTargetType(attachment)}:${attachmentTargetKey(attachment)}:${attachment.skill}`;
         if (attachments.has(key))
             return validationFailure(`Duplicate skill seed attachment: ${key}`);
         attachments.add(key);
@@ -159,10 +159,18 @@ function validateSkillSeed(skill) {
     return rejectUnsupportedNativeInputs(skill.name, skill.metadata);
 }
 function validateAttachmentSeed(attachment, names) {
-    if (!attachment.workflow?.trim())
-        return validationFailure('Skill seed attachment workflow is required');
-    if (!attachment.phase?.trim())
-        return validationFailure('Skill seed attachment phase is required');
+    if (attachment.targetType !== undefined && !isSkillAttachmentTargetType(attachment.targetType))
+        return validationFailure(`Skill seed attachment targetType is invalid: ${String(attachment.targetType)}`);
+    const targetType = attachmentTargetType(attachment);
+    if (targetType === 'workflow-phase') {
+        if (!attachment.workflow?.trim())
+            return validationFailure('Skill seed attachment workflow is required');
+        if (!attachment.phase?.trim())
+            return validationFailure('Skill seed attachment phase is required');
+    }
+    else if (!attachment.targetKey?.trim()) {
+        return validationFailure(`Skill seed attachment targetKey is required for ${targetType}`);
+    }
     if (!attachment.skill?.trim())
         return validationFailure('Skill seed attachment skill is required');
     if (!names.has(attachment.skill))
@@ -186,20 +194,35 @@ function rejectUnsupportedNativeInputs(name, metadata) {
 function compatibilityFor(seed, attachments) {
     const matching = attachments.filter((attachment) => attachment.skill === seed.name);
     return {
-        targets: ['workflow-phase'],
+        targets: [...new Set(matching.map(attachmentTargetType))],
         adapters: ['opencode'],
-        workflows: [...new Set(matching.map((attachment) => attachment.workflow))],
-        phases: [...new Set(matching.map((attachment) => attachment.phase))],
+        workflows: [...new Set(matching.map((attachment) => attachment.workflow).filter((workflow) => workflow !== undefined))],
+        phases: [...new Set(matching.map((attachment) => attachment.phase).filter((phase) => phase !== undefined))],
     };
 }
 function attachmentMetadata(attachment) {
-    return {
+    const metadata = {
         ...(attachment.metadata ?? {}),
         ...(attachment.order !== undefined ? { order: attachment.order } : {}),
         seededBy: 'vgxness',
-        workflow: attachment.workflow,
-        phase: attachment.phase,
+        targetType: attachmentTargetType(attachment),
+        targetKey: attachmentTargetKey(attachment),
     };
+    if (attachment.workflow !== undefined)
+        metadata.workflow = attachment.workflow;
+    if (attachment.phase !== undefined)
+        metadata.phase = attachment.phase;
+    return metadata;
+}
+function attachmentTargetType(attachment) {
+    return attachment.targetType ?? 'workflow-phase';
+}
+function attachmentTargetKey(attachment) {
+    const targetType = attachmentTargetType(attachment);
+    return targetType === 'workflow-phase' ? `${attachment.workflow}:${attachment.phase}` : attachment.targetKey ?? '';
+}
+function isSkillAttachmentTargetType(value) {
+    return value === 'agent' || value === 'subagent' || value === 'workflow-phase' || value === 'provider-adapter' || value === 'intent-signal';
 }
 function validationFailure(message) {
     return { ok: false, error: { code: 'validation_failed', message } };

package/docs/architecture.md

@@ -1,6 +1,6 @@
 # vgxness Architecture
 
-> **Scope:** this document describes the current v1.10.x architecture as it is actually built. It is the source of truth for how the product works today, with the latest health snapshot captured in [Project health audit v1.10.x](./project-health-audit-v1.10.x.md). Planned work that is not yet shipped lives in [Roadmap](./roadmap.md); historical planning context that no longer reflects reality has been retired. Where this doc disagrees with code, code wins — file a doc-sync task against the relevant module.
+> **Scope:** this document describes the current v1.14.x architecture as it is actually built. It is the source of truth for how the product works today, with the latest health snapshot captured in [Project health audit v1.14.x](./project-health-audit-v1.14.x.md). Planned work that is not yet shipped lives in [Roadmap](./roadmap.md); historical planning context that no longer reflects reality has been retired. Where this doc disagrees with code, code wins — file a doc-sync task against the relevant module.
 
 `vgxness` is a local-first, provider-agnostic, Gentle-AI-like harness for agentic development. Its core architecture separates the product domain from provider-specific tooling so agents, skills, memory, SDD workflows, runs, and traces can work across OpenCode, Claude Code, and future adapters such as Pi.
 
@@ -387,12 +387,13 @@ Skill improvement proposals are the current controlled foundation for self-impro
 CLI examples:
 
 ```bash
-vgxness skills register --project vgxness --name sdd-apply --description "Applies SDD tasks"
-vgxness skills add-version --project vgxness --name sdd-apply --version 1.0.0 --source-kind path --source-path .config/opencode/skills/sdd-apply/SKILL.md --activate
-vgxness skills attach --project vgxness --name sdd-apply --target-type workflow-phase --target-key sdd:apply
-vgxness skills resolve --agent apply-agent --project vgxness --workflow sdd --phase apply --provider opencode
-vgxness skills payload --agent apply-agent --project vgxness --workflow sdd --phase apply --provider opencode
-vgxness skills propose --project vgxness --name sdd-apply --proposed-version 1.1.0 --source-kind inline --inline-metadata '{"content":"Updated skill"}' --rationale "Repeated correction from trace"
+vgxness skills get --project vgxness --name vgxness-sdd-apply
+vgxness skills resolve --project vgxness --workflow sdd --phase apply-progress --intent-signals git,tdd,review-size --provider opencode
+vgxness skills payload --project vgxness --workflow sdd --phase apply-progress --intent-signals git,tdd,review-size --provider opencode
+vgxness skills register --project vgxness --name team-review-guidance --description "Team-specific review guidance"
+vgxness skills add-version --project vgxness --name team-review-guidance --version 1.0.0 --source-kind inline --inline-metadata '{"content":"Check product risk, review size, and rollback notes."}' --activate
+vgxness skills attach --project vgxness --name team-review-guidance --target-type intent-signal --target-key review-size
+vgxness skills propose --project vgxness --name team-review-guidance --proposed-version 1.1.0 --source-kind inline --inline-metadata '{"content":"Revised team guidance."}' --rationale "Repeated correction from trace"
 vgxness skills submit-proposal --proposal <proposal-id> --actor uziel
 vgxness skills approve-proposal --proposal <proposal-id> --actor uziel --reason "Reviewed diff"
 vgxness skills apply-proposal --proposal <proposal-id> --actor uziel
@@ -470,7 +471,7 @@ The envelope is always `installable:false` and `readOnly:true`. It does **not**
 
 ### OpenCode manager orchestration
 
-The checked-in OpenCode default config and `seeds/agents/agent-seed-v1.json` define `vgxness-manager` as an MCP-first orchestrator. The manager should use `vgxness_session_restore` with the project and workspace directory when starting, resuming, or recovering context, then use SDD artifact/status tools, memory tools, agent resolution, run/preflight tools, and read-only payload/profile previews before delegating substantial phase work to exact SDD subagents. Before ending, pausing, handing off, or compacting, it should call `vgxness_session_close` with the current session id, actor `manager`, and an actionable summary; if no current session id is available, it must not invent one and should preserve the summary in its final response. Its OpenCode `permission.task` remains deny-by-default: `*` is denied and only the canonical `vgxness-sdd-*` subagent names are allowed explicitly. The seed/default prompts are self-contained and do not require external `~/.config/opencode/skills/sdd-*` files; such skills are optional registry assets if a project registers them separately.
+The checked-in OpenCode default config and `seeds/agents/agent-seed-v1.json` define `vgxness-manager` as an MCP-first orchestrator. The manager should use `vgxness_session_restore` with the project and workspace directory when starting, resuming, or recovering context, then use SDD artifact/status tools, memory tools, agent resolution, run/preflight tools, and read-only payload/profile previews before delegating substantial phase work to exact SDD subagents. Before ending, pausing, handing off, or compacting, it should call `vgxness_session_close` with the current session id, actor `manager`, and an actionable summary; if no current session id is available, it must not invent one and should preserve the summary in its final response. Its OpenCode `permission.task` remains deny-by-default: `*` is denied and only the canonical `vgxness-sdd-*` subagent names are allowed explicitly. The seed/default prompts are self-contained and do not require external provider-native skill files; optional guidance should live in VGXNESS registry assets unless a future provider-native integration is explicitly designed.
 
 ## Run lifecycle