vgxness 1.15.0 → 1.16.0

package/dist/agents/canonical-agent-manifest.js

@@ -2,7 +2,7 @@ import { canonicalBehaviorContractVersion } from '../behavior/behavior-contract-
 export const canonicalDefaultAgentName = 'vgxness-manager';
 export const canonicalOpenCodeDefaultModel = 'openai/gpt-5.5';
 export const canonicalOpenCodeManagerReasoningEffort = 'high';
-export const canonicalPromptContractVersion = 11;
+export const canonicalPromptContractVersion = 12;
 export const canonicalSddSubagentNames = [
     'vgxness-sdd-explore',
     'vgxness-sdd-propose',
@@ -146,50 +146,52 @@ export function createCanonicalOpenCodeSddSubagentPrompt(name) {
  * This feeds the OpenCode default config and Claude generated agent files; it is
  * intentionally separate from registry/seed instructions below.
  */
-export const canonicalOpenCodeManagerPrompt = `# VGXNESS Manager - compact SDD orchestrator
+export const canonicalOpenCodeManagerPrompt = `# VGXNESS Manager
 
-Bind only to the primary \`vgxness-manager\` agent. Executor agents use their own prompts.
+Bind to \`vgxness-manager\` only. Executors use their own prompts.
 
 ## Role
-Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to smallest exact hidden SDD subagent, synthesize evidence. Coach while coordinating: teach briefly; explain practical tradeoffs, risk/effort/unknowns; challenge weak assumptions; keep user in control; avoid lectures.
+Coordinate SDD; keep chat thin, use VGXNESS MCP state, delegate to exact SDD subagent. Coach while coordinating: teach briefly; explain practical tradeoffs, risk/effort/unknowns; challenge weak assumptions; keep user in control; avoid lectures.
 
 ## Non-negotiable governance
-- SDD artifact acceptance is human-only. Never infer or fabricate acceptance from generated output, subagent/model output, file presence, confidence, or legacy artifacts. Treat draft/rejected/superseded/stale/unaccepted artifacts as not accepted until a human acceptance record exists.
-- Before phase advancement, call readiness/status tools: \`vgxness_sdd_status\`/\`vgxness_sdd_next\` and \`vgxness_sdd_ready\` or \`vgxness_sdd_get_readiness\`.
-- Before risky VGX-managed side effects (edit, shell/tests, git, network, provider-tool, secrets, external-directory, destructive, privileged, ambiguous), call \`vgxness_run_preflight\` with runId/workflow/phase/agent context when available. If approval/block is required, stop; do not invent approval.
-- Direct human acceptance of an exact SDD artifact via \`vgxness_sdd_accept_artifact\` is not a generic SDD write for manager routing: do not call \`vgxness_run_preflight\` solely for that acceptance when the user explicitly accepted the exact project/change/phase artifact, \`acceptedBy.type\` is \`"human"\`, \`acceptedBy.id\` is non-empty, and status/readiness confirms the artifact is eligible. This shortcut applies only to \`vgxness_sdd_accept_artifact\` and the trusted draft autorun chain described below; it does not apply to edits, shell/tests, git, provider config, memory writes, external paths, secrets, destructive/privileged/ambiguous operations.
+- VGXNESS uses SQLite artifacts/control-plane; OpenCode as primary provider; artifacts are not openspec files. Do not write to \`openspec/\`.
+- SDD artifact acceptance is human-only. Artifact presence is not acceptance. Never infer or fabricate acceptance from generated output, subagent/model output, file presence, confidence, or legacy artifacts; draft/rejected/superseded/stale/unaccepted artifacts are not accepted until a human acceptance record exists.
+- Before phase advancement, call \`vgxness_sdd_status\`/\`vgxness_sdd_next\` plus \`vgxness_sdd_ready\` or \`vgxness_sdd_get_readiness\`.
+- Before risky VGX-managed side effects (edit, shell/tests, git, network, provider-tool, secrets, external-directory, destructive, privileged, ambiguous), call \`vgxness_run_preflight\` with runId/workflow/phase/agent when available. Stop on approval/block; never invent approval.
+- Direct human acceptance of an exact SDD artifact via \`vgxness_sdd_accept_artifact\` is not a generic SDD write for manager routing: do not call \`vgxness_run_preflight\` solely for that acceptance; require the user explicitly accepted the exact project/change/phase artifact, \`acceptedBy.type\` is \`"human"\`, \`acceptedBy.id\` is non-empty, and status/readiness confirms the artifact is eligible. This shortcut applies only to \`vgxness_sdd_accept_artifact\` and the trusted draft autorun chain described below; excludes edits, shell/tests, git, provider config, memory writes, external paths, secrets, destructive/privileged/ambiguous operations.
 - OpenCode native/provider tools are governance-v1 audit-only/non-hard-blocking. Report warnings; do not say native OpenCode tools are hard-blocked by config.
-- Do not mutate provider/global OpenCode config. Do not write to \`openspec/\`. Do not publish packages unless explicitly requested. Never revert/overwrite unrelated user work. Preserve \`permission.task\` deny-by-default with only exact known SDD subagents allowed.
+- Do not mutate provider/global OpenCode config. Do not publish packages unless explicitly requested. Never revert/overwrite unrelated user work. Preserve \`permission.task\` deny-by-default with only exact known SDD subagents.
 - Do not change provider model/reasoning config unless explicitly requested.
 
 ## Flexible governance routing
-Use the lightest safe path: Tier 0-2 direct; Tier 3 preflight; Tier 4 formal SDD for governance, permissions, acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff are read-only/audit-only; writes stay gated.
+Use lightest safe path: T0-2 direct, T3 preflight, T4 formal SDD for governance, permissions, acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff read-only/audit-only; writes gated.
 
 ## Provider-native daily flow
-SDD happens in OpenCode via conversation, VGXNESS MCP, and SDD subagents. No terminal SDD phase commands for normal flow. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
+SDD happens in OpenCode via conversation, VGXNESS MCP, and SDD subagents. No terminal SDD phase commands. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
 
 ## MCP playbook
-- For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\`; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with current session id and actor \`manager\`; if no id, do not invent one and summarize.
-- SDD artifacts: guide state with \`vgxness_sdd_next\`/\`vgxness_sdd_cockpit\`; list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; prefer \`payloadMode: "compact"\` so the primary context stays clean; use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` only after the appropriate flow. Use \`vgxness_sdd_reopen_artifact\` only for rejected artifacts returning to draft, with explicit human actor/audit context.
-- Trusted draft autorun: when the exact \`proposal\` artifact is already accepted, you may run exactly \`spec -> design -> tasks\` without extra human confirmation via exact hidden subagents and save drafts with \`vgxness_sdd_save_artifact\`. This is draft-only planning, not acceptance or completion. Do not use for explore/proposal/apply-progress/verify/archive, rejected/superseded artifacts, accepted overwrites, or risky side effects (provider config, edits, shell/tests, git, secrets, external/destructive/privileged/ambiguous). Re-check status/readiness before and after; generated spec/design drafts may feed downstream design/tasks but remain unaccepted.
-- Acceptance/readiness: check SDD status/readiness for the exact project/change/phase, confirm explicit human acceptance of that exact artifact, call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId), then re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, and audit warnings.
-- Memory: call \`vgxness_memory_search\`/\`vgxness_memory_get\` for prior work or unclear context; call \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; use \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
-- Agents/profile/payloads: resolve phase with \`vgxness_agent_resolve\`. Preview mode does not execute a provider or write provider config for \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, or \`vgxness_skill_payload\`. Use \`vgxness_manager_profile_get\` before changes; \`vgxness_manager_profile_set\` requires explicit human authorization.
-- Runs/recovery: use \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\` for run work; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, and close with \`vgxness_run_finalize\`. Unknown runId: \`vgxness_run_resume_candidates\`. For interrupted runs, inspect with \`vgxness_run_resume_inspect\`, then call \`vgxness_run_resume_gate\` with approvalId from pendingApprovals/inspect before advice; never pass runId as approvalId. Follow safe \`recommendedActions[]\`.
-- Provider diagnostics: \`vgxness_provider_status\`/\`vgxness_provider_doctor\` read-only; report \`providerEvidence.evidenceLevel\`/\`hostToolPresenceVerified\` limits.
+- For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\`; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with session id and actor \`manager\`; if no id, do not invent one and summarize.
+- Proposal clarity: if product/business clarity is missing, run a proposal question round.
+- SDD artifacts: guide with \`vgxness_sdd_next\`/\`vgxness_sdd_cockpit\`; list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; prefer \`payloadMode: "compact"\` so primary context stays clean; use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` after the right flow. Use \`vgxness_sdd_reopen_artifact\` only for rejected artifacts returning to draft, with explicit human actor/audit context.
+- Trusted draft autorun: when the exact \`proposal\` artifact is already accepted, run exactly \`spec -> design -> tasks\` without extra human confirmation via exact subagents; save drafts with \`vgxness_sdd_save_artifact\`. This is draft-only planning, not acceptance or completion. Not for explore/proposal/apply-progress/verify/archive, rejected/superseded artifacts, accepted overwrites, or risky side effects (provider config, edits, shell/tests, git, secrets, external/destructive/privileged/ambiguous). Re-check status/readiness before/after; generated spec/design drafts can feed design/tasks but remain unaccepted.
+- Acceptance/readiness: check SDD status/readiness for the exact project/change/phase; confirm explicit human acceptance; call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId); re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, audit warnings.
+- Memory: \`vgxness_memory_search\`/\`vgxness_memory_get\` for prior work/unclear context; \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
+- Agents/skills: Skill registry index-first; resolve skills by registry, exact path, and task context; read exact paths; do not invent summaries. Resolve phase with \`vgxness_agent_resolve\`. Preview mode does not execute a provider or write provider config for \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, or \`vgxness_skill_payload\`. \`vgxness_manager_profile_get\` before changes; \`vgxness_manager_profile_set\` needs explicit human authorization.
+- Runs/recovery: \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\`; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, close with \`vgxness_run_finalize\`. Unknown runId: \`vgxness_run_resume_candidates\`. For interrupted runs, inspect with \`vgxness_run_resume_inspect\`, then call \`vgxness_run_resume_gate\` with approvalId from pendingApprovals/inspect; never pass runId as approvalId. Follow safe \`recommendedActions[]\`.
+- Provider diagnostics: \`vgxness_provider_status\`/\`vgxness_provider_doctor\` read-only; report \`providerEvidence.evidenceLevel\` and \`hostToolPresenceVerified\` limits.
 
 ## Minimum flows
-- Simple answer: inline; memory only for prior context; no run by default.
-- Proposal/spec/design/tasks: status/next -> readiness -> prerequisites -> exact subagent -> delegate -> persist by governance; if proposal is accepted, spec/design/tasks may run as the trusted draft autorun chain without extra confirmation, but drafts remain unaccepted.
-- Apply/verify: require prerequisites -> artifacts -> exact subagent -> start/recover run -> preflight writes/shell/git/tests -> delegate -> checkpoint -> save -> finalize.
-- Config/provider/prompt change: inspect manager/profile or payload first; persistent changes need explicit human authorization.
+- Simple answer: inline; no run by default.
+- Proposal/spec/design/tasks: status/next -> readiness -> prereqs -> exact subagent -> delegate -> persist; if proposal is accepted, spec/design/tasks may use trusted draft autorun without extra confirmation; drafts remain unaccepted.
+- Apply/verify: prereqs -> artifacts -> exact subagent -> start/recover run -> preflight writes/shell/git/tests -> delegate -> checkpoint -> save -> finalize. Before apply/PR, review workload guard: estimate size/risk/reviewer load; recommend slicing into work units or chained PRs when large.
+- Config/provider/prompt change: inspect manager/profile/payload first; persistence needs explicit human authorization.
 - Recovery: MCP first. Continue: use \`vgxness_sdd_continue\`; read-only/advisory: no provider execution, run creation, artifact mutation, provider config/openspec writes, or acceptance/apply-progress bypass. CLI \`vgxness sdd continue\` is human fallback only. \`vgxness resume --project\` is for candidate runs. The removed experimental \`vgxness code\` runtime is not an SDD fallback.
 
 ## Delegation thresholds
-Default to delegation for SDD phase-shaped work, repository exploration beyond one narrow lookup, implementation, verification, incident recovery, or multi-step analysis. Inline only conversational guidance, single-fact lookup, MCP/status/readiness checks, and trivial mechanical edits when safe. When uncertain between inline work and subagent work, delegate to the exact smallest SDD subagent. Never delegate to unknown agents; use exact SDD phase mapping.
+Default to delegation for SDD phase-shaped work, repository exploration beyond one narrow lookup, implementation, verification, incident recovery, or multi-step analysis. Inline only conversational guidance, single-fact lookup, MCP/status/readiness checks, and trivial mechanical edits when safe. When uncertain between inline work and subagent work, delegate to the exact smallest SDD subagent. Never delegate to unknown agents; use exact phase mapping.
 
 ## Output
-Be concise: delegated work, results, files/decisions, evidence/tests, risks, next step.`;
+Be concise.`;
 /**
  * Registry/seed instructions for the manager agent definition.
  * These feed the canonical manifest, checked-in seed, boot upgrade, registry

package/dist/cli/cli-help.js

@@ -144,6 +144,7 @@ Areas:
   runs finish --run-id <id> --status completed|failed|blocked|cancelled --outcome <outcome> [--reason <text>]
   runs permission-check --run-id <id> --category <category> --operation <name> [--path <path>] [--agent-id <id>] [--destructive] [--external] [--privileged] [--ambiguous]
   runs preflight --run-id <id> --category <category> --operation <name> [--workspace <path>] [--path <path>] [--provider-tool <name>] [--agent-id <id>] [--destructive] [--external] [--privileged] [--ambiguous]
+  runs preflight output includes workspaceStrategy recommendation JSON and does not create branches, worktrees, or PRs.
   runs approvals --run <run-id>
   runs approve|reject|cancel-approval --approval <id> --actor <name> [--reason <text>]
   runs retry-check --approval <id> [--policy <json>]

package/dist/cli/home-tui-app.js

@@ -1,17 +1,18 @@
 import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
 import { Box } from 'ink';
+import { renderSddAdviceLines } from './sdd-renderer.js';
 import { TuiCard, TuiFooter, TuiHeader, TuiSummaryBar, TuiTabs } from './tui/ink/components.js';
 import { inkTuiTheme, normalizeInkTuiWidth } from './tui/ink/theme.js';
 export const homeTuiTabs = ['setup', 'status', 'runs', 'sdd', 'skills', 'provider'];
 const homeTuiTabItems = homeTuiTabs.map((tab) => ({ key: tab, label: labelForHomeTab(tab) }));
-export function HomeTuiApp({ plan, width, selectedTab, view = 'overview', runsReadModel = { state: 'not-loaded' }, skillsReadModel = { state: 'not-loaded' }, sddInput = { change: '' } }) {
+export function HomeTuiApp({ plan, width, selectedTab, view = 'overview', runsReadModel = { state: 'not-loaded' }, skillsReadModel = { state: 'not-loaded' }, sddInput = { change: '' }, sddReadModel = { state: 'not-loaded' } }) {
     const cardWidth = normalizeInkTuiWidth(width);
     if (view === 'status-focus')
         return _jsx(FocusedStatusView, { plan: plan, width: cardWidth });
     if (view === 'runs-focus')
         return _jsx(FocusedRunsView, { plan: plan, width: cardWidth, runs: runsReadModel });
     if (view === 'sdd-focus')
-        return _jsx(FocusedSddView, { plan: plan, width: cardWidth, sddInput: sddInput });
+        return _jsx(FocusedSddView, { plan: plan, width: cardWidth, sddInput: sddInput, sdd: sddReadModel });
     if (view === 'skills-focus')
         return _jsx(FocusedSkillsView, { plan: plan, width: cardWidth, skills: skillsReadModel });
     if (view === 'provider-focus')
@@ -26,10 +27,13 @@ function FocusedSkillsView({ plan, width, skills }) {
 function FocusedRunsView({ plan, width, runs }) {
     const badge = runs.state === 'ready' ? 'read-only' : runs.state === 'unavailable' ? 'unavailable' : 'loading';
     const tone = runs.state === 'unavailable' ? 'warning' : 'info';
-    return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS Runs", subtitle: "Run recovery cockpit \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: "Runs", badge: badge, tone: tone, lines: focusedRunsLines(plan, runs) }) }), _jsx(TuiFooter, { text: "Keys: Esc/b back to Home \u00B7 q exits \u00B7 read-only \u00B7 no writes" })] }));
+    const title = runs.state === 'ready' && runs.selected !== undefined ? 'Run detail' : 'Runs';
+    return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS Runs", subtitle: "Run recovery cockpit \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: title, badge: badge, tone: tone, lines: focusedRunsLines(plan, runs) }) }), _jsx(TuiFooter, { text: "Keys: Enter opens first run detail \u00B7 Esc/b back to Home \u00B7 q exits \u00B7 read-only \u00B7 no writes" })] }));
 }
-function FocusedSddView({ plan, width, sddInput }) {
-    return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS SDD", subtitle: "Spec-driven development cockpit \u00B7 change required \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: "SDD change gate", badge: sddInput.change.length === 0 ? 'change required' : 'change selected', tone: "info", lines: focusedSddLines(plan, sddInput) }) }), _jsx(TuiFooter, { text: "Keys: type change id \u00B7 Backspace edits \u00B7 Esc back \u00B7 Ctrl-C exits \u00B7 local SDD state not opened" })] }));
+function FocusedSddView({ plan, width, sddInput, sdd }) {
+    const badge = sddInput.change.length === 0 ? 'change required' : sdd.state === 'ready' ? sdd.next.status : sdd.state === 'unavailable' ? 'unavailable' : 'change selected';
+    const tone = sdd.state === 'unavailable' ? 'warning' : 'info';
+    return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS SDD", subtitle: "Spec-driven development cockpit \u00B7 change required \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: "SDD change gate", badge: badge, tone: tone, lines: focusedSddLines(plan, sddInput, sdd) }) }), _jsx(TuiFooter, { text: `Keys: type change id · Backspace edits · Esc back · Ctrl-C exits · ${sdd.state === 'ready' ? 'SDD state read-only' : 'local SDD state not opened'}` })] }));
 }
 function FocusedStatusView({ plan, width }) {
     return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS Status", subtitle: "Focused setup readiness \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: "Current setup status", badge: plan.status === 'ready' ? 'ready' : statusTitle(plan.status), tone: plan.status === 'ready' ? 'success' : plan.status === 'conflict' ? 'danger' : 'warning', lines: focusedStatusLines(plan) }) }), _jsx(TuiFooter, { text: "Keys: Esc/b back to Home \u00B7 q exits \u00B7 read-only \u00B7 no provider config writes" })] }));
@@ -108,6 +112,8 @@ function focusedRunsLines(plan, runs) {
         ];
     }
     if (runs.state === 'ready') {
+        if (runs.selected !== undefined)
+            return focusedRunDetailLines(plan, runs.databasePath, runs.selected);
         return [
             field('Project', plan.project),
             field('Store', 'opened read-only'),
@@ -119,7 +125,8 @@ function focusedRunsLines(plan, runs) {
             '',
             ...runSummarySection('Recent runs', runs.recent),
             '',
-            'Inspect one run: `vgxness runs get --id <run-id>`.',
+            runs.details.length === 0 ? 'No run is available for detail inspection.' : 'Press Enter to inspect the first interrupted/recent run here.',
+            'CLI fallback: `vgxness runs get --id <run-id>`.',
         ];
     }
     return [
@@ -134,6 +141,28 @@ function focusedRunsLines(plan, runs) {
         'Next implementation slice can wire this panel to the run read model.',
     ];
 }
+function focusedRunDetailLines(plan, databasePath, run) {
+    return [
+        field('Project', plan.project),
+        field('Store', 'opened read-only'),
+        field('Database', databasePath),
+        field('Run', shortRunId(run.id)),
+        field('Status', run.status),
+        field('Workflow/phase', `${run.workflow}/${run.phase}`),
+        field('Events', String(run.events)),
+        field('Checkpoints', String(run.checkpoints)),
+        field('Approvals', String(run.approvals)),
+        field('Attempts', String(run.attempts)),
+        ...(run.latestCheckpointLabel === undefined ? [] : [field('Latest checkpoint', run.latestCheckpointLabel)]),
+        ...(run.latestEventTitle === undefined ? [] : [field('Latest event', run.latestEventTitle)]),
+        ...(run.outcome === undefined ? [] : [field('Outcome', run.outcome)]),
+        ...(run.outcomeReason === undefined ? [] : [field('Outcome reason', run.outcomeReason)]),
+        ...(run.userIntent === undefined ? [] : ['', `Intent: ${run.userIntent}`]),
+        '',
+        `Inspect JSON: vgxness runs get --id ${run.id}`,
+        'No retry, approval, or execution is performed from this TUI detail.',
+    ];
+}
 function runSummarySection(title, runs) {
     if (runs.length === 0)
         return [title, '- none'];
@@ -142,8 +171,51 @@ function runSummarySection(title, runs) {
 function shortRunId(id) {
     return id.length <= 8 ? id : id.slice(0, 8);
 }
-function focusedSddLines(plan, input) {
+function focusedSddLines(plan, input, sdd) {
     const change = input.change.length === 0 ? '<id>' : input.change;
+    if (input.change.length > 0 && sdd.state === 'unavailable') {
+        return [
+            field('Project', plan.project),
+            field('Change', input.change),
+            field('Input', `${input.change}_`),
+            field('Store', 'unavailable'),
+            field('Database', sdd.databasePath),
+            field('Acceptance', 'human-only'),
+            field('Safety', 'read-only'),
+            '',
+            sdd.message,
+            '',
+            `Continue: vgxness sdd continue --project ${plan.project} --change ${change}`,
+            `Status:   vgxness sdd status --project ${plan.project} --change ${change}`,
+            'Human acceptance remains explicit; artifact presence is not acceptance.',
+        ];
+    }
+    if (input.change.length > 0 && sdd.state === 'ready') {
+        return [
+            field('Project', plan.project),
+            field('Change', input.change),
+            field('Input', `${input.change}_`),
+            field('Store', 'opened read-only'),
+            field('Database', sdd.databasePath),
+            field('Status', sdd.next.status),
+            field('Next phase', sdd.next.nextPhase ?? 'none'),
+            field('Accepted', `${sdd.cockpit.acceptedCount}/${sdd.cockpit.phases.length}`),
+            field('Artifacts', String(sdd.cockpit.artifacts.length)),
+            field('Blockers', String(sdd.cockpit.aggregateBlockers.length)),
+            field('Recommended', sdd.cockpit.recommendedAction),
+            field('Acceptance', sdd.cockpit.gates?.requiresHumanAcceptance === true ? 'human review needed' : 'human-only'),
+            field('Safety', 'read-only'),
+            '',
+            sdd.next.reason,
+            '',
+            ...sddBlockerLines(sdd.cockpit.aggregateBlockers),
+            ...(sdd.continuation.advice.length === 0 ? [] : ['', ...renderSddAdviceLines(sdd.continuation.advice)]),
+            '',
+            `Inspect: ${sdd.continuation.inspectCommand}`,
+            `Continue: vgxness sdd continue --project ${plan.project} --change ${change}`,
+            'Human acceptance remains explicit; artifact presence is not acceptance.',
+        ];
+    }
     return [
         field('Project', plan.project),
         field('Change', input.change.length === 0 ? 'not selected' : input.change),
@@ -163,6 +235,11 @@ function focusedSddLines(plan, input) {
         'Next implementation slice can ask for/select a change id before loading SDD state.',
     ];
 }
+function sddBlockerLines(blockers) {
+    if (blockers.length === 0)
+        return ['Blockers', '- none'];
+    return ['Blockers', ...blockers.slice(0, 4).map((blocker) => `- ${blocker.phase}: ${blocker.reason}`), ...(blockers.length > 4 ? [`- +${blockers.length - 4} more`] : [])];
+}
 function focusedSkillsLines(plan, skills) {
     if (skills.state === 'unavailable') {
         return [

package/dist/cli/home-tui-controller.js

@@ -1,6 +1,10 @@
 import { render as renderInk } from 'ink';
 import React from 'react';
+import { MemoryService } from '../memory/memory-service.js';
+import { openMemoryDatabase } from '../memory/sqlite/database.js';
 import { RunService } from '../runs/run-service.js';
+import { SddWorkflowService } from '../sdd/sdd-workflow-service.js';
+import { sddContinuationPlanFrom } from '../sdd/sdd-continuation-plan.js';
 import { SkillRegistryService } from '../skills/skill-registry-service.js';
 import { SkillIndexService } from '../skills/skill-index-service.js';
 import { okText } from './cli-help.js';
@@ -9,7 +13,6 @@ import { renderSetupPlan } from './setup-plan-renderer.js';
 import { runSetupTuiController } from './setup-tui-controller.js';
 import { navigationIntentFromInput } from './tui/keymap.js';
 import { nextItem } from './tui/navigation.js';
-import { openMemoryDatabase } from '../memory/sqlite/database.js';
 const enter = '\r';
 const escape = '\u001B';
 const ctrlC = '\u0003';
@@ -26,7 +29,8 @@ export async function runHomeTuiController(input) {
     let runsReadModel = { state: 'not-loaded' };
     let skillsReadModel = { state: 'not-loaded' };
     let sddInput = { change: '' };
-    const app = renderInk(React.createElement(HomeTuiApp, { plan: input.plan, width, selectedTab, view, runsReadModel, skillsReadModel, sddInput }), {
+    let sddReadModel = { state: 'not-loaded' };
+    const app = renderInk(React.createElement(HomeTuiApp, { plan: input.plan, width, selectedTab, view, runsReadModel, skillsReadModel, sddInput, sddReadModel }), {
         stdin: stdin,
         stdout: stdout,
         interactive: true,
@@ -34,7 +38,7 @@ export async function runHomeTuiController(input) {
         exitOnCtrlC: false,
     });
     const rerender = () => {
-        app.rerender(React.createElement(HomeTuiApp, { plan: input.plan, width, selectedTab, view, runsReadModel, skillsReadModel, sddInput }));
+        app.rerender(React.createElement(HomeTuiApp, { plan: input.plan, width, selectedTab, view, runsReadModel, skillsReadModel, sddInput, sddReadModel }));
     };
     stdin.setRawMode?.(true);
     stdin.resume?.();
@@ -54,12 +58,14 @@ export async function runHomeTuiController(input) {
                 }
                 if (value === backspace || value === ctrlH) {
                     sddInput = { change: sddInput.change.slice(0, -1) };
+                    sddReadModel = readHomeSdd(input.plan, sddInput.change);
                     rerender();
                     return;
                 }
                 const nextSddChange = appendSddChangeInput(sddInput.change, value);
                 if (nextSddChange !== sddInput.change) {
                     sddInput = { change: nextSddChange };
+                    sddReadModel = readHomeSdd(input.plan, nextSddChange);
                     rerender();
                     return;
                 }
@@ -77,6 +83,11 @@ export async function runHomeTuiController(input) {
                 rerender();
                 return;
             }
+            if (view === 'runs-focus' && (value === enter || value === '\n' || intent === 'select')) {
+                runsReadModel = selectFirstHomeRunDetail(runsReadModel);
+                rerender();
+                return;
+            }
             if (intent === 'cancel') {
                 cleanup();
                 resolve('quit');
@@ -99,6 +110,7 @@ export async function runHomeTuiController(input) {
                 return;
             }
             if ((value === enter || value === '\n' || intent === 'select') && selectedTab === 'sdd') {
+                sddReadModel = readHomeSdd(input.plan, sddInput.change);
                 view = 'sdd-focus';
                 rerender();
                 return;
@@ -179,12 +191,55 @@ function readHomeRuns(plan) {
                 phase: run.phase,
                 ...(run.userIntent === undefined ? {} : { userIntent: run.userIntent }),
             })),
+            details: collectRunDetails(service, [...interrupted.value.map((run) => run.runId), ...recent.value.map((run) => run.id)]),
         };
     }
     finally {
         opened.value.close();
     }
 }
+function collectRunDetails(service, runIds) {
+    const uniqueRunIds = [...new Set(runIds)];
+    const details = [];
+    for (const runId of uniqueRunIds) {
+        const run = service.getRun(runId);
+        if (!run.ok)
+            continue;
+        details.push(runDetailSummary(run.value));
+    }
+    return details;
+}
+function runDetailSummary(run) {
+    const userIntent = run.userIntent.trim();
+    const latestCheckpoint = run.checkpoints.at(-1);
+    const latestEvent = run.events.at(-1);
+    return {
+        id: run.id,
+        status: run.status,
+        workflow: run.workflow,
+        phase: run.phase,
+        ...(userIntent.length === 0 ? {} : { userIntent }),
+        ...(run.outcome === undefined ? {} : { outcome: run.outcome }),
+        ...(run.outcomeReason === undefined ? {} : { outcomeReason: run.outcomeReason }),
+        events: run.events.length,
+        checkpoints: run.checkpoints.length,
+        approvals: run.approvals.length,
+        attempts: run.operationAttempts.length,
+        ...(latestCheckpoint === undefined ? {} : { latestCheckpointLabel: latestCheckpoint.label }),
+        ...(latestEvent === undefined ? {} : { latestEventTitle: latestEvent.title }),
+    };
+}
+function selectFirstHomeRunDetail(runs) {
+    if (runs.state !== 'ready' || runs.selected !== undefined)
+        return runs;
+    const firstInterruptedId = runs.interrupted[0]?.id;
+    const firstRecentId = runs.recent[0]?.id;
+    const selectedId = firstInterruptedId ?? firstRecentId;
+    if (selectedId === undefined)
+        return runs;
+    const selected = runs.details.find((detail) => detail.id === selectedId);
+    return selected === undefined ? runs : { ...runs, selected };
+}
 function runRecordSummary(run) {
     const userIntent = run.userIntent.trim();
     return {
@@ -210,6 +265,30 @@ function readHomeSkills(plan) {
         opened.value.close();
     }
 }
+function readHomeSdd(plan, change) {
+    if (change.length === 0)
+        return { state: 'not-loaded' };
+    const opened = openMemoryDatabase({ path: plan.db.path, readonly: true });
+    if (!opened.ok)
+        return { state: 'unavailable', databasePath: plan.db.path, message: opened.error.message };
+    try {
+        const sdd = new SddWorkflowService(new MemoryService(opened.value));
+        const status = sdd.getStatus({ project: plan.project, change });
+        if (!status.ok)
+            return { state: 'unavailable', databasePath: plan.db.path, message: status.error.message };
+        const next = sdd.getNext({ project: plan.project, change });
+        if (!next.ok)
+            return { state: 'unavailable', databasePath: plan.db.path, message: next.error.message };
+        const cockpit = sdd.getCockpit({ project: plan.project, change });
+        if (!cockpit.ok)
+            return { state: 'unavailable', databasePath: plan.db.path, message: cockpit.error.message };
+        const continuation = sddContinuationPlanFrom({ project: plan.project, next: next.value, cockpit: cockpit.value });
+        return { state: 'ready', databasePath: plan.db.path, status: status.value, next: next.value, cockpit: cockpit.value, continuation };
+    }
+    finally {
+        opened.value.close();
+    }
+}
 function tuiWidth(stdout) {
     const columns = stdout.columns;
     const width = typeof columns === 'number' && Number.isFinite(columns) ? Math.floor(columns) : 88;

package/dist/cli/sdd-renderer.js

@@ -91,6 +91,8 @@ export function renderSddContinuationPlan(plan) {
         `- ${suggestedCommandLabel}: ${plan.suggestedCommand}`,
         `- Diagnostic command: ${plan.inspectCommand}`,
         '',
+        ...renderSddAdviceLines(plan.advice),
+        ...(plan.advice.length === 0 ? [] : ['']),
         'Blocker-specific next actions:',
         ...(plan.blockerActions.length === 0
             ? ['- none']
@@ -119,6 +121,11 @@ export function renderSddContinuationPlan(plan) {
     ];
     return `${lines.join('\n')}\n`;
 }
+export function renderSddAdviceLines(advice) {
+    if (advice.length === 0)
+        return [];
+    return ['Advice:', ...advice.map((item) => `- ${item.title}: ${item.message}`)];
+}
 export function renderSddCockpit(cockpit) {
     const readModel = cockpit.readModel;
     const blockers = readModel.blockers;

package/dist/mcp/schema.js

@@ -223,6 +223,22 @@ const sddRecommendedActionOutputSchema = z
         .passthrough()),
 })
     .passthrough();
+const sddContinuationAdviceOutputSchema = z
+    .object({
+    id: z.string(),
+    kind: z.enum(['proposal-question-round', 'review-workload-guard']),
+    title: z.string(),
+    message: z.string(),
+    readOnly: z.literal(true),
+    advisoryOnly: z.literal(true),
+    mutating: z.literal(false),
+    providerExecution: z.literal(false),
+    artifactMutation: z.literal(false),
+    runCreation: z.literal(false),
+    openspecWrite: z.literal(false),
+    reason: z.string(),
+})
+    .passthrough();
 const mcpSuccessOutputSchema = (value) => z
     .object({
     ok: z.literal(true),
@@ -672,6 +688,7 @@ export const VGX_MCP_TOOL_OUTPUT_SCHEMAS = {
         kind: z.literal('sdd-continuation-plan'),
         project: z.string(),
         change: z.string(),
+        advice: z.array(sddContinuationAdviceOutputSchema),
         recommendedActions: z.array(sddRecommendedActionOutputSchema),
     })
         .passthrough()),

package/dist/mcp/stdio-server.js

@@ -84,7 +84,7 @@ function descriptionForTool(publicToolName) {
     if (publicToolName === 'sdd_reopen_artifact')
         return 'Human-only mutating SDD reopen gate; records an explicit human decision to reopen an artifact and must not be called by agents on their own behalf. Use only after human instruction, then revise or re-review the phase.';
     if (publicToolName === 'run_preflight')
-        return 'Agent-callable advisory/planning-only run preflight; evaluates permissions and records a plan but does not execute the checked shell/git/install/network/provider/secrets operation. Use it to decide whether human approval or a separate executor step is required.';
+        return 'Agent-callable advisory/planning-only run preflight; evaluates permissions, records a plan, and returns a workspace strategy recommendation, but does not execute the checked shell/git/install/network/provider/secrets operation and does not create branches, worktrees, or pull requests. Use it to decide whether human approval or a separate executor step is required.';
     const toolName = toInternalVgxMcpToolName(publicToolName);
     return `VGX control-plane tool ${toolName}`;
 }

package/dist/runs/execution-planning.js

@@ -1,5 +1,6 @@
 import { existsSync } from 'node:fs';
 import { join } from 'node:path';
+import { recommendWorkspaceStrategy } from '../workspace-strategy/index.js';
 import { planWorktreeSandbox } from './sandbox-worktree-planning.js';
 const filesystemCategories = new Set(['read', 'edit', 'external-directory']);
 export function planExecutionIsolation(input) {
@@ -23,6 +24,27 @@ export function planExecutionIsolation(input) {
         createsWorktree: false,
     };
 }
+export function recommendWorkspaceStrategyForExecution(input) {
+    return recommendWorkspaceStrategy(workspaceStrategyInputForExecution(input));
+}
+export function workspaceStrategyInputForExecution(input) {
+    const categories = workspaceStrategyCategories(input.operation, input.decision);
+    const mutationSignal = hasWorkspaceMutationSignal(input.operation, categories);
+    return {
+        categories,
+        intentSignals: workspaceStrategyIntentSignals(input.operation, input.decision),
+        risk: workspaceStrategyRisk(input.decision),
+        readOnly: isReadOnlyWorkspaceOperation(input.operation, input.decision),
+        expectedWrites: mutationSignal,
+        mutatesRepository: mutationSignal,
+        destructive: input.operation.destructive === true,
+        external: input.operation.external === true || input.operation.category === 'external-directory',
+        privileged: input.operation.privileged === true,
+        ambiguous: input.operation.ambiguous === true,
+        changeSize: workspaceStrategyChangeSize(input.decision),
+        ...(mutationSignal ? { workspace: { checkout: 'unknown' } } : {}),
+    };
+}
 function selectStrategy(operation, decision) {
     if (operation.sandboxStrategy === 'worktree')
         return 'worktree';
@@ -109,3 +131,48 @@ const defaultGitBoundaryInspector = ({ workspaceRoot }) => {
     }
     return { status: 'compatible', reason: 'workspace has no git metadata to conflict with a planned worktree boundary' };
 };
+function workspaceStrategyCategories(operation, decision) {
+    const categories = [operation.category];
+    if (decision.riskReasonCodes?.includes('git_write') === true && !categories.includes('git-write'))
+        categories.push('git-write');
+    return categories;
+}
+function workspaceStrategyIntentSignals(operation, decision) {
+    return [
+        `permission:${decision.reason}`,
+        ...(decision.riskReasonCodes ?? []).map((code) => `risk:${code}`),
+        ...(operation.workflow === undefined ? [] : [`workflow:${operation.workflow}`]),
+        ...(operation.phase === undefined ? [] : [`phase:${operation.phase}`]),
+    ];
+}
+function workspaceStrategyRisk(decision) {
+    if (decision.riskTier === 0)
+        return 'none';
+    if (decision.riskTier === 1)
+        return 'low';
+    if (decision.riskTier === 2)
+        return 'medium';
+    if (decision.riskTier === 3)
+        return 'high';
+    if (decision.riskTier === 4)
+        return 'critical';
+    return 'unknown';
+}
+function workspaceStrategyChangeSize(decision) {
+    if (decision.riskReasonCodes?.some((code) => code === 'architecture_change' || code === 'cross_surface_change' || code === 'governance_change') === true)
+        return 'large';
+    if (decision.riskTier === 2)
+        return 'medium';
+    if (decision.riskTier === 1)
+        return 'small';
+    return 'unknown';
+}
+function isReadOnlyWorkspaceOperation(operation, decision) {
+    return decision.riskTier === 0 || operation.category === 'read' || (operation.category === 'git' && decision.riskReasonCodes?.includes('git_write') !== true);
+}
+function hasWorkspaceMutationSignal(operation, categories) {
+    if (operation.destructive === true || operation.privileged === true || operation.external === true || operation.ambiguous === true)
+        return true;
+    return categories.some((category) => workspaceMutationCategories.has(category));
+}
+const workspaceMutationCategories = new Set(['edit', 'implementation-edit', 'spec-write', 'design-write', 'task-write', 'git-write']);

package/dist/runs/run-service.js

@@ -1,7 +1,7 @@
 import { evaluatePermission } from '../permissions/policy-evaluator.js';
 import { isRiskyPermissionCategory } from '../permissions/schema.js';
 import { normalizeSddPhaseInput } from '../sdd/schema.js';
-import { planExecutionIsolation } from './execution-planning.js';
+import { planExecutionIsolation, recommendWorkspaceStrategyForExecution } from './execution-planning.js';
 import { evaluateOperationRetry as evaluateOperationRetryPolicy } from './operation-retry.js';
 import { RunRepository, } from './repositories/runs.js';
 import { buildRunInsights, buildRunOperatorResumePlan } from './run-insights.js';
@@ -292,6 +292,11 @@ export class RunService {
             decision: permission.value.decision,
             ...(resolved.value.gitBoundaryInspector === undefined ? {} : { gitBoundaryInspector: resolved.value.gitBoundaryInspector }),
         });
+        const workspaceStrategy = recommendWorkspaceStrategyForExecution({
+            operation: resolved.value,
+            decision: permission.value.decision,
+            ...(resolved.value.gitBoundaryInspector === undefined ? {} : { gitBoundaryInspector: resolved.value.gitBoundaryInspector }),
+        });
         const sandboxDecision = sandboxDecisionSummary(plan.sandbox);
         const planEvent = this.runs.appendEvent({
             runId: resolved.value.runId,
@@ -303,6 +308,7 @@ export class RunService {
                 decisionEventId: permission.value.event.id,
                 approvalId: permission.value.approval?.id ?? null,
                 plan: plan,
+                workspaceStrategy: workspaceStrategy,
                 ...(sandboxDecision === undefined ? {} : { sandboxDecision: sandboxDecision }),
                 operationExecuted: false,
                 executorInvoked: false,
@@ -317,7 +323,7 @@ export class RunService {
         });
         if (!planEvent.ok)
             return { ok: false, error: planEvent.error };
-        return { ok: true, value: { ...permission.value, plan, planEvent: planEvent.value } };
+        return { ok: true, value: { ...permission.value, plan, workspaceStrategy, planEvent: planEvent.value } };
     }
     preflightOperation(input) {
         const resolved = this.buildPermissionContextForRun(input);
@@ -329,7 +335,7 @@ export class RunService {
         const planned = this.planOperationExecution(resolved.value);
         if (!planned.ok)
             return planned;
-        const { decision, event, approval, plan, planEvent } = planned.value;
+        const { decision, event, approval, plan, workspaceStrategy, planEvent } = planned.value;
         const audit = { permissionEventId: event.id, planEventId: planEvent.id };
         if (approval !== undefined)
             audit.approvalId = approval.id;
@@ -351,6 +357,7 @@ export class RunService {
                 permissionEvent: event,
                 ...(approval === undefined ? {} : { approval }),
                 plan,
+                workspaceStrategy,
                 planEvent,
                 audit,
                 eligibleForFutureExecution: plan.executable && !sandboxRejected,

package/dist/sdd/sdd-continuation-plan.js

@@ -6,6 +6,7 @@ export function sddContinuationPlanFrom(input) {
     const blockerGuidance = input.next.blockerGuidance ?? [];
     const blockerActions = blockerGuidance.map((blocker) => continuationBlockerAction(input.project, input.next.change, blocker, dbFlag));
     const recommendedActions = continuationRecommendedActions(input.project, input.next, blockerGuidance);
+    const advice = continuationAdvice(input.next, blockerGuidance);
     const relatedRunContext = relatedRunContextView(input.project, input.relatedRunContext, dbFlag);
     return {
         kind: 'sdd-continuation-plan',
@@ -18,6 +19,7 @@ export function sddContinuationPlanFrom(input) {
         reason: input.next.reason,
         suggestedCommand,
         inspectCommand,
+        advice,
         blockerActions,
         recommendedActions,
         ...(relatedRunContext === undefined ? {} : { relatedRunContext }),
@@ -30,6 +32,50 @@ export function sddContinuationPlanFrom(input) {
         ],
     };
 }
+function continuationAdvice(next, blockerGuidance) {
+    const advice = [];
+    if (next.nextPhase === 'proposal' || hasProposalMissingBlocker(next, blockerGuidance))
+        advice.push(proposalQuestionRoundAdvice(next.change));
+    if (next.nextPhase === 'apply-progress')
+        advice.push(reviewWorkloadGuardAdvice(next.change));
+    return advice;
+}
+function hasProposalMissingBlocker(next, blockerGuidance) {
+    return (blockerGuidance.some((blocker) => blocker.phase === 'proposal' && blocker.reason === 'missing') ||
+        next.missingArtifactTopicKeys.some((topicKey) => topicKey.endsWith('/proposal')));
+}
+function proposalQuestionRoundAdvice(change) {
+    return {
+        id: `sdd.${change}.advice.proposal-question-round`,
+        kind: 'proposal-question-round',
+        title: 'Run proposal question round when product clarity is missing',
+        message: 'Before drafting or accepting the proposal, run a product/business question round if clarity is still missing; this advice does not claim low clarity from metadata alone.',
+        readOnly: true,
+        advisoryOnly: true,
+        mutating: false,
+        providerExecution: false,
+        artifactMutation: false,
+        runCreation: false,
+        openspecWrite: false,
+        reason: 'Proposal work benefits from explicit business rules, product outcomes, edge cases, non-goals, and tradeoff decisions before proposal drafting or acceptance.',
+    };
+}
+function reviewWorkloadGuardAdvice(change) {
+    return {
+        id: `sdd.${change}.advice.review-workload-guard`,
+        kind: 'review-workload-guard',
+        title: 'Inspect Review Workload Forecast before apply',
+        message: 'Before apply, inspect tasks/Review Workload Forecast and ask for a delivery decision if risk is high, estimated changes exceed 400 lines, chained PRs are recommended, or a decision is pending.',
+        readOnly: true,
+        advisoryOnly: true,
+        mutating: false,
+        providerExecution: false,
+        artifactMutation: false,
+        runCreation: false,
+        openspecWrite: false,
+        reason: 'Apply work can exceed review budget; continuation advice must surface the guard without executing providers, mutating artifacts, creating runs, or writing openspec files.',
+    };
+}
 function continuationRecommendedActions(project, next, blockerGuidance) {
     const actions = [inspectCockpitAction(project, next.change)];
     if (next.status === 'runnable' && next.nextPhase !== undefined)

package/dist/workspace-strategy/diagnostics.js

@@ -0,0 +1,34 @@
+export const workspaceStrategyDiagnosticMessages = Object.freeze({
+    WS_STRATEGY_CURRENT_CHECKOUT_SAFE: 'Current checkout is sufficient for this read-only or planning-only operation.',
+    WS_STRATEGY_BRANCH_RECOMMENDED: 'A normal branch is recommended for this focused edit.',
+    WS_STRATEGY_MANUAL_WORKTREE_RECOMMENDED: 'Manual worktree isolation is recommended before making repository mutations.',
+    WS_STRATEGY_STACKED_PRS_RECOMMENDED: 'Stacked PRs are recommended conceptually for dependent review steps.',
+    WS_STRATEGY_WORKSPACE_STATE_UNKNOWN: 'Workspace state is unknown, so mutation recommendations are conservative.',
+    WS_STRATEGY_NO_MUTATION_GUARANTEE: 'This policy is advisory only and does not mutate repositories, provider config, branches, worktrees, or PRs.',
+    WS_STRATEGY_PROVIDER_CONFIG_OUT_OF_SCOPE: 'Provider configuration changes are outside the scope of workspace strategy execution.',
+    WS_STRATEGY_GIT_WRITE_IS_RISKY: 'Git write operations are risky and should be isolated manually.',
+    WS_STRATEGY_DESTRUCTIVE_OPERATION: 'Destructive operations require conservative manual isolation.',
+    WS_STRATEGY_PROTECTED_BRANCH: 'The current branch appears protected; recommendation remains advisory and non-mutating.',
+    WS_STRATEGY_DIRTY_CHECKOUT: 'Dirty checkout signals were present.',
+    WS_STRATEGY_EXTERNAL_SCOPE_WARNING: 'The operation reaches outside the repository workspace.',
+    WS_STRATEGY_LOW_CONFIDENCE: 'Confidence is low because required signals are missing or contradictory.',
+});
+export const workspaceStrategyDiagnosticCodes = Object.freeze(Object.keys(workspaceStrategyDiagnosticMessages));
+export const workspaceStrategyDiagnosticSeverities = Object.freeze({
+    WS_STRATEGY_CURRENT_CHECKOUT_SAFE: 'info',
+    WS_STRATEGY_BRANCH_RECOMMENDED: 'info',
+    WS_STRATEGY_MANUAL_WORKTREE_RECOMMENDED: 'warning',
+    WS_STRATEGY_STACKED_PRS_RECOMMENDED: 'info',
+    WS_STRATEGY_WORKSPACE_STATE_UNKNOWN: 'warning',
+    WS_STRATEGY_NO_MUTATION_GUARANTEE: 'info',
+    WS_STRATEGY_PROVIDER_CONFIG_OUT_OF_SCOPE: 'warning',
+    WS_STRATEGY_GIT_WRITE_IS_RISKY: 'warning',
+    WS_STRATEGY_DESTRUCTIVE_OPERATION: 'blocker',
+    WS_STRATEGY_PROTECTED_BRANCH: 'warning',
+    WS_STRATEGY_DIRTY_CHECKOUT: 'warning',
+    WS_STRATEGY_EXTERNAL_SCOPE_WARNING: 'warning',
+    WS_STRATEGY_LOW_CONFIDENCE: 'warning',
+});
+export function workspaceStrategyDiagnostic(code) {
+    return { code, severity: workspaceStrategyDiagnosticSeverities[code], message: workspaceStrategyDiagnosticMessages[code] };
+}

package/dist/workspace-strategy/index.js

@@ -0,0 +1,3 @@
+export * from './diagnostics.js';
+export * from './recommendation-policy.js';
+export * from './schema.js';

package/dist/workspace-strategy/recommendation-policy.js

@@ -0,0 +1,196 @@
+import { workspaceStrategyDiagnostic } from './diagnostics.js';
+const nonMutatingExecution = Object.freeze({
+    mutatesRepository: false,
+    mutatesProviderConfig: false,
+    createsBranch: false,
+    createsWorktree: false,
+    createsPullRequest: false,
+});
+export function recommendWorkspaceStrategy(input = {}) {
+    const signals = normalizeInput(input);
+    const diagnostics = [workspaceStrategyDiagnostic('WS_STRATEGY_NO_MUTATION_GUARANTEE')];
+    const reasons = [];
+    const followUpNotes = [];
+    addContextDiagnostics(signals, diagnostics);
+    const strategy = chooseStrategy(signals);
+    addStrategyDetails(strategy, signals, diagnostics, reasons, followUpNotes);
+    const confidence = calculateConfidence(signals, strategy);
+    if (confidence === 'low')
+        addDiagnostic(diagnostics, 'WS_STRATEGY_LOW_CONFIDENCE');
+    const followUp = buildFollowUp(signals, followUpNotes);
+    return {
+        strategy,
+        confidence,
+        reasons,
+        diagnostics,
+        ...(followUp === undefined ? {} : { followUp }),
+        execution: nonMutatingExecution,
+    };
+}
+function normalizeInput(input) {
+    const categories = normalizeCategories(input);
+    const signalText = (input.intentSignals ?? []).map((signal) => signal.trim().toLowerCase()).filter((signal) => signal.length > 0);
+    const workspaceCheckout = input.workspace?.checkout;
+    const dirtyCheckout = workspaceCheckout === 'dirty' || input.workspace?.hasUncommittedChanges === true || input.workspace?.hasUntrackedFiles === true;
+    const workspaceUnknown = workspaceCheckout === 'unknown' || (input.workspace === undefined && hasMutationIntent(input, categories));
+    const hasEditIntent = hasAnyCategory(categories, ['edit', 'implementation-edit', 'spec-write', 'design-write', 'task-write']) || input.expectedWrites === true || input.mutatesRepository === true;
+    const hasGitReadOnly = categories.includes('git');
+    const hasGitWrite = categories.includes('git-write');
+    const isPlanningOnly = input.planningOnly === true || signalText.some((signal) => includesAny(signal, ['planning-only', 'plan only', 'sdd planning']));
+    const isReadOnly = input.readOnly === true || categories.includes('read') || hasGitReadOnly || isPlanningOnly || (categories.includes('test-run') && input.expectedWrites !== true);
+    const stackedRequested = input.dependentSteps === true || input.expectedReviewShape === 'stacked' || signalText.some((signal) => includesAny(signal, ['stacked-prs', 'stacked prs', 'stacked pr']));
+    const largeChange = input.changeSize === 'large' || signalText.some((signal) => includesAny(signal, ['large change', 'large independent', 'big change']));
+    const providerConfigIntent = categories.includes('provider-tool') || signalText.some((signal) => includesAny(signal, ['provider config', 'provider setup', 'opencode', 'claude']));
+    const destructive = input.destructive === true || signalText.some((signal) => includesAny(signal, ['destructive', 'delete', 'remove']));
+    const privileged = input.privileged === true;
+    const external = input.external === true || categories.includes('external-directory');
+    const ambiguousMutation = input.ambiguous === true && !isReadOnly;
+    const highRisk = input.risk === 'high' || input.risk === 'critical';
+    const contradictoryRisk = (destructive || hasGitWrite || privileged || external) && (input.risk === 'low' || input.risk === 'none');
+    const criticalIsolationRequired = hasGitWrite || destructive || privileged || external || highRisk;
+    return {
+        categories,
+        signalText,
+        hasEditIntent,
+        hasGitReadOnly,
+        hasGitWrite,
+        isReadOnly,
+        isPlanningOnly,
+        workspaceUnknown,
+        dirtyCheckout,
+        protectedBranch: input.workspace?.protectedBranch === true,
+        stackedRequested,
+        largeChange,
+        providerConfigIntent,
+        destructive,
+        privileged,
+        external,
+        ambiguousMutation,
+        highRisk,
+        contradictoryRisk,
+        criticalIsolationRequired,
+    };
+}
+function normalizeCategories(input) {
+    const categories = [...(input.categories ?? [])];
+    if (input.category !== undefined)
+        categories.push(input.category);
+    return categories;
+}
+function hasMutationIntent(input, categories) {
+    return (input.expectedWrites === true ||
+        input.mutatesRepository === true ||
+        input.destructive === true ||
+        input.privileged === true ||
+        input.external === true ||
+        input.ambiguous === true ||
+        hasAnyCategory(categories, ['edit', 'implementation-edit', 'spec-write', 'design-write', 'task-write', 'shell', 'install', 'network', 'git-write', 'memory-write', 'external-directory', 'secrets']));
+}
+function chooseStrategy(signals) {
+    if (signals.criticalIsolationRequired)
+        return 'manual-worktree';
+    if (signals.stackedRequested)
+        return 'stacked-prs';
+    if (isSafeReadOrPlanningOnly(signals))
+        return 'current-checkout';
+    if (shouldUseManualWorktree(signals))
+        return 'manual-worktree';
+    if (signals.hasEditIntent || signals.largeChange)
+        return signals.largeChange ? 'manual-worktree' : 'branch';
+    if (signals.isReadOnly || signals.isPlanningOnly || signals.hasGitReadOnly)
+        return 'current-checkout';
+    return 'current-checkout';
+}
+function buildFollowUp(signals, followUpNotes) {
+    if (followUpNotes.length === 0)
+        return undefined;
+    const requiresHumanApproval = signals.criticalIsolationRequired || signals.stackedRequested;
+    return {
+        ...(requiresHumanApproval ? { requiresHumanApproval: true } : {}),
+        suggestedNextStep: followUpNotes.join(' '),
+    };
+}
+function isSafeReadOrPlanningOnly(signals) {
+    if (!signals.isReadOnly && !signals.isPlanningOnly && !signals.hasGitReadOnly)
+        return false;
+    return !(signals.hasGitWrite || signals.destructive || signals.privileged || signals.external || signals.ambiguousMutation || signals.highRisk);
+}
+function shouldUseManualWorktree(signals) {
+    return (signals.hasGitWrite ||
+        signals.destructive ||
+        signals.privileged ||
+        signals.external ||
+        signals.ambiguousMutation ||
+        signals.highRisk ||
+        signals.largeChange ||
+        (signals.hasEditIntent && (signals.dirtyCheckout || signals.workspaceUnknown)));
+}
+function addContextDiagnostics(signals, diagnostics) {
+    if (signals.workspaceUnknown)
+        addDiagnostic(diagnostics, 'WS_STRATEGY_WORKSPACE_STATE_UNKNOWN');
+    if (signals.providerConfigIntent)
+        addDiagnostic(diagnostics, 'WS_STRATEGY_PROVIDER_CONFIG_OUT_OF_SCOPE');
+    if (signals.hasGitWrite)
+        addDiagnostic(diagnostics, 'WS_STRATEGY_GIT_WRITE_IS_RISKY');
+    if (signals.destructive)
+        addDiagnostic(diagnostics, 'WS_STRATEGY_DESTRUCTIVE_OPERATION');
+    if (signals.protectedBranch)
+        addDiagnostic(diagnostics, 'WS_STRATEGY_PROTECTED_BRANCH');
+    if (signals.dirtyCheckout)
+        addDiagnostic(diagnostics, 'WS_STRATEGY_DIRTY_CHECKOUT');
+    if (signals.external)
+        addDiagnostic(diagnostics, 'WS_STRATEGY_EXTERNAL_SCOPE_WARNING');
+}
+function addStrategyDetails(strategy, signals, diagnostics, reasons, followUp) {
+    if (strategy === 'current-checkout') {
+        addDiagnostic(diagnostics, 'WS_STRATEGY_CURRENT_CHECKOUT_SAFE');
+        reasons.push('The operation is read-only, Git read-only, planning-only, or otherwise has no repository mutation signal.');
+        return;
+    }
+    if (strategy === 'branch') {
+        addDiagnostic(diagnostics, 'WS_STRATEGY_BRANCH_RECOMMENDED');
+        reasons.push('The operation looks like a focused low/medium-risk edit with no dirty or unknown checkout isolation signal.');
+        return;
+    }
+    if (strategy === 'manual-worktree') {
+        addDiagnostic(diagnostics, 'WS_STRATEGY_MANUAL_WORKTREE_RECOMMENDED');
+        reasons.push('The operation has mutation, risk, dirty checkout, unknown checkout, external, or large-change signals.');
+        followUp.push('Create and manage any worktree manually outside this pure recommendation policy before mutating repository state.');
+        if (signals.hasGitWrite)
+            followUp.push('Review and explicitly approve Git write intent before execution.');
+        if (signals.destructive)
+            followUp.push('Confirm destructive scope and rollback plan before execution.');
+        if (signals.providerConfigIntent)
+            followUp.push('Handle provider configuration through the dedicated setup/preflight flow; this policy will not write provider config.');
+        return;
+    }
+    addDiagnostic(diagnostics, 'WS_STRATEGY_STACKED_PRS_RECOMMENDED');
+    reasons.push('The change has dependent steps or an explicit stacked review signal.');
+    followUp.push('Plan stacked PR boundaries manually; this policy does not create branches or pull requests.');
+    if (signals.providerConfigIntent)
+        followUp.push('Provider configuration remains out of scope for workspace strategy execution.');
+}
+function calculateConfidence(signals, strategy) {
+    if (signals.workspaceUnknown || signals.ambiguousMutation || signals.contradictoryRisk)
+        return 'low';
+    if (strategy === 'manual-worktree' && (signals.highRisk || signals.destructive || signals.hasGitWrite))
+        return 'high';
+    if (strategy === 'current-checkout' && (signals.isReadOnly || signals.isPlanningOnly || signals.hasGitReadOnly))
+        return 'high';
+    if (strategy === 'stacked-prs' && signals.stackedRequested)
+        return 'high';
+    if (signals.protectedBranch || signals.providerConfigIntent || signals.dirtyCheckout)
+        return 'medium';
+    return 'medium';
+}
+function addDiagnostic(diagnostics, code) {
+    if (diagnostics.some((diagnostic) => diagnostic.code === code))
+        return;
+    diagnostics.push(workspaceStrategyDiagnostic(code));
+}
+function hasAnyCategory(categories, candidates) {
+    return categories.some((category) => candidates.includes(category));
+}
+function includesAny(value, candidates) {
+    return candidates.some((candidate) => value.includes(candidate));
+}

package/dist/workspace-strategy/schema.js

@@ -0,0 +1 @@
+export const workspaceStrategies = ['current-checkout', 'branch', 'manual-worktree', 'stacked-prs'];

package/docs/architecture.md

@@ -504,6 +504,17 @@ Current operation enforcement is safe-by-default and executor-injected: `RunServ
 
 Execution isolation is currently **planning-only**. `planExecutionIsolation(...)` and `RunService.planOperationExecution(...)` produce an auditable plan before any real executor exists; they do not create worktrees, launch sandboxes, run shell commands, call providers, or mutate files. Treat `strategy: "worktree"` as a recommended future/manual isolation boundary, not proof that isolation has already happened.
 
+Workspace strategy recommendation is a separate advisory layer from both risk classification and execution isolation:
+
+| Layer | Source | Responsibility | Does not do |
+|---|---|---|---|
+| Risk classification | `classifyOperationRisk(...)` / permission evaluation | Classifies category, risk tier, policy reason, and approval/default workflow evidence. | Choose branches, create worktrees, or decide PR shape. |
+| Workspace strategy recommendation | `recommendWorkspaceStrategy(...)` via the runs adapter | Recommends `current-checkout`, `branch`, `manual-worktree`, or `stacked-prs` for operator planning and review shape. | Mutate the repository, write provider config, create branches/worktrees/PRs, or prove isolation exists. |
+| Execution isolation plan | `planExecutionIsolation(...)` | Records the future/manual isolation boundary (`workspace`, `worktree`, `process-sandbox`) plus conditions and limitations. | Launch sandboxes, create worktrees, execute providers, or run commands. |
+| Real execution | Injected executor / future safe runtime | Performs the operation only after policy, approval, and enforceable execution gates. | Bypass preflight, approvals, SDD acceptance, or provider-config confirmation. |
+
+`RunService.planOperationExecution(...)` and `RunService.preflightOperation(...)` include `workspaceStrategy` in their output and in `execution-plan` events so CLI/MCP users can see the review/isolation recommendation next to the permission and isolation plan. The recommendation is intentionally conservative when checkout state is unavailable: mutating work may be represented as `checkout: "unknown"` and recommend `manual-worktree`, but the recommendation still means “create/manage this manually before mutating” rather than “VGXNESS created it.”
+
 | Operation shape | Current planned strategy | Current behavior |
 |---|---|---|
 | In-workspace read | `workspace` | Allowed when permission policy allows it; filesystem plans require realpath/symlink hardening before any future execution. |
@@ -511,7 +522,7 @@ Execution isolation is currently **planning-only**. `planExecutionIsolation(...)
 | Shell, network, provider tool, privileged operation | `process-sandbox` | Planned as sandboxed process/provider work, but approval is still required by default. No sandbox is launched yet; execution requires a separate executor with enforceable sandbox evidence. |
 | External directory or out-of-workspace path | `process-sandbox` or blocked workspace plan | Denied by default or requires explicit stronger future approval conditions; external paths are not allowed by current plans. |
 
-Every plan includes path constraints, required approvals/conditions, whether realpath hardening must happen before execution, and limitations that state the future boundary. Real sandbox/worktree executors are follow-up work after this planner is connected to a safe execution backend. Until then, large or risky edits should use a human-created branch/worktree and PR flow.
+Every plan includes path constraints, required approvals/conditions, whether realpath hardening must happen before execution, limitations that state the future boundary, and a separate workspace strategy recommendation in the surrounding run/preflight record. Real sandbox/worktree executors are follow-up work after this planner is connected to a safe execution backend. Until then, large or risky edits should use a human-created branch/worktree and PR flow.
 
 | Decision | Current behavior |
 |---|---|

package/docs/cli.md

@@ -811,6 +811,26 @@ Runs are runtime state, not long-term memory. Use event and checkpoint payloads
 
 `runs permission-check` evaluates the same core permission policy as `permissions check`, records a `permission-decision` event on the run timeline, and returns the decision plus event. When the decision is `ask`, it also creates a pending approval record linked to that decision event. `allow` and `deny` decisions do not create approvals.
 
+`runs preflight` records the permission decision, the planning-only execution isolation plan, and a separate `workspaceStrategy` recommendation. The recommendation is for operator planning/review shape only: `current-checkout`, `branch`, `manual-worktree`, or `stacked-prs`. It does **not** create branches, create worktrees, create PRs, write provider config, execute commands, call providers, or prove isolation exists. For example, `manual-worktree` means “arrange a manual worktree before mutating if you proceed,” not “VGXNESS already created a worktree.”
+
+Example workspace strategy fields in preflight JSON:
+
+```json
+{
+  "workspaceStrategy": {
+    "strategy": "manual-worktree",
+    "confidence": "high",
+    "execution": {
+      "mutatesRepository": false,
+      "mutatesProviderConfig": false,
+      "createsBranch": false,
+      "createsWorktree": false,
+      "createsPullRequest": false
+    }
+  }
+}
+```
+
 Resolving an approval appends an `approval` audit event and updates the approval status:
 
 ```bash

package/docs/glossary.md

@@ -74,6 +74,10 @@ A testable property of the harness. The 11 eval targets live in [Architecture](.
 
 A planned strategy for executing a reserved operation: `workspace`, `git-worktree`, or `process-sandbox`. Produced by `planExecutionIsolation(...)`. The execution-isolation planner is current, but real sandbox/worktree/provider execution remains future work; current execution paths use injected or deterministic executors. A `git-worktree` strategy means “recommended/planned isolation,” not “a worktree was created.”
 
+## Workspace strategy recommendation
+
+An advisory planning result that recommends how the human/operator should organize review and checkout state before risky work: `current-checkout`, `branch`, `manual-worktree`, or `stacked-prs`. Produced by `recommendWorkspaceStrategy(...)` and surfaced on run preflight records as `workspaceStrategy`. It is separate from the permission/risk decision and from the execution isolation plan. It never creates branches, worktrees, pull requests, provider config, or repository mutations; those guarantees are explicit in `workspaceStrategy.execution`.
+
 ## Governance report
 
 A redacted, structured report over SDD state, runs, and approvals. Surfaced through `vgxness_governance_report`. Useful for review before promotion.
@@ -120,7 +124,7 @@ The function that resolves a permission request. Returns `allow`, `ask`, or `den
 
 ## Preflight
 
-A permission decision plus execution isolation plan produced before a reserved operation. `vgxness_run_preflight` may create a pending approval when the decision is `ask`.
+A permission decision plus workspace strategy recommendation and execution isolation plan produced before a reserved operation. `vgxness_run_preflight` may create a pending approval when the decision is `ask`, but it does not execute the operation, create Git branches/worktrees/PRs, or write provider config.
 
 ## Project (scope)
 

package/docs/mcp.md

@@ -80,7 +80,7 @@ Payload tools that accept `agentId` resolve it as a canonical registry id first.
 | `vgxness_run_start` | Create a run record. | `CreateRunInput` shape | |
 | `vgxness_run_checkpoint` | Append a resumable JSON state. | `AppendRunCheckpointInput` shape | |
 | `vgxness_run_finalize` | Finalize a run with `outcome` and `outcomeReason`. | `FinalizeRunInput` shape | `outcome` must match a terminal `status`. Re-finalization is rejected. |
-| `vgxness_run_preflight` | Run policy evaluation and return the decision + planned execution isolation strategy. | `PreflightRunOperationInput` shape | May create a pending approval when the decision is `ask`. Does not invoke an executor. |
+| `vgxness_run_preflight` | Run policy evaluation and return the decision, workspace strategy recommendation, and planned execution isolation strategy. | `PreflightRunOperationInput` shape | May create a pending approval when the decision is `ask`. Does not invoke an executor, write provider config, create branches, create worktrees, create PRs, or prove isolation exists. |
 | `vgxness_run_resume_candidates` | List recent interrupted runs for a project when the run id is unknown. | `project`; optional `limit` (1-100, default 5) | Returns failed, blocked, and needs-human candidates with `inspectInput` for `run_resume_inspect`. Does not retry, resume, mutate runs, create sandboxes/worktrees, invoke providers, or write artifacts/config. |
 | `vgxness_run_resume_inspect` | Plan-only resume advisory. | `runId` | Returns `RunResumeOrchestrationPlan` with blockers and `nextAction` (`resolve-approval`/`inspect-run`/`retry-check`/`manual-recovery`/`no-action`). |
 | `vgxness_run_resume_gate` | Evaluate retry policy for an approval without executing. | `approvalId`; optional `policy` | Default policy is `never`. See [Safety model](./safety.md) for the policy table. |
@@ -139,6 +139,8 @@ vgxness_run_checkpoint  { runId, label: "after-step-1", state: {...} }
 vgxness_run_finalize    { runId, outcome: "success", outcomeReason: "..." }
 ```
 
+`vgxness_run_preflight` output includes `workspaceStrategy` with one of `current-checkout`, `branch`, `manual-worktree`, or `stacked-prs`. This is advisory planning metadata only. Its execution guarantees are always non-mutating (`createsBranch:false`, `createsWorktree:false`, `createsPullRequest:false`, `mutatesRepository:false`, `mutatesProviderConfig:false`). Treat `manual-worktree` and `stacked-prs` as instructions for a human or future executor to arrange review/isolation deliberately before mutation, not as evidence that VGXNESS already created Git state.
+
 Finding interrupted runs when the run id is unknown:
 
 ```text

package/docs/roadmap.md

@@ -41,7 +41,7 @@ SQLite, scopes, migrations, and the run snapshot export are in.
 
 ## TUI
 
-The no-args TTY entrypoint now starts a read-only Home TUI with setup/provider context and placeholder panels for future read models. Broader TUI work should continue around the current MCP/CLI control-plane boundaries rather than the removed `vgxness code` runtime.
+The no-args TTY entrypoint now starts a read-only Home TUI with setup/provider context plus focused read-only panels for runs, skills, provider setup, and selected SDD change state. Broader TUI work should continue around the current MCP/CLI control-plane boundaries rather than the removed `vgxness code` runtime.
 
 - **TUI dashboard screen.** Real-time view of active runs, pending approvals, and SDD blockers. Should match the cockpit surface from MCP.
 - **TUI runs screen.** Run list, drill into a run, see events/approvals/attempts, with read-only safe actions.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vgxness",
-  "version": "1.15.0",
+  "version": "1.16.0",
   "description": "CLI and MCP control plane for guided AI-agent workflows, SDD, memory, and OpenCode setup.",
   "license": "SEE LICENSE IN LICENSE",
   "repository": {

package/seeds/skills/skill-seed-v1.json

@@ -77,21 +77,21 @@
       "name": "vgxness-git-safety",
       "description": "Protects user work and repository integrity during git-related operations.",
       "version": "2026-06-16.v1",
-      "content": "# vgxness-git-safety\n\nRole: Keep git operations explicit, reviewable, and safe.\n\nBefore any git write, inspect and report working tree status, diff, and recent commits. Preserve unrelated user changes, stage only intended files, and stop on conflicts, detached HEAD, divergent branches, dirty base, untracked build artifacts, or unclear ownership.\n\nNever commit, amend, push, merge, rebase, reset, delete branches, delete worktrees, publish releases, or create PRs unless the human explicitly asks for that exact action.\n\nOutput: git state evidence, intended files, safety blockers, and the smallest safe decision needed from the human.\n\nBoundary: This is VGXNESS registry/context skill content only. It is not a provider-native OpenCode skill, must not be installed into .opencode, must not require skills.paths, and must not load remote content.",
+      "content": "# vgxness-git-safety\n\nRole: Keep git operations explicit, reviewable, and safe.\n\nBefore any git write, inspect and report working tree status, diff, and recent commits. Preserve unrelated user changes, stage only intended files, and stop on conflicts, detached HEAD, divergent branches, dirty base, untracked build artifacts, or unclear ownership.\n\nUse `workspaceStrategy` from VGXNESS run preflight when available. Treat `manual-worktree`, `branch`, and `stacked-prs` as recommendations only; they do not prove VGXNESS created Git state. Arrange any branch/worktree/PR manually and only after explicit human approval.\n\nNever commit, amend, push, merge, rebase, reset, delete branches, delete worktrees, publish releases, or create PRs unless the human explicitly asks for that exact action.\n\nOutput: git state evidence, intended files, safety blockers, workspace strategy recommendation when present, and the smallest safe decision needed from the human.\n\nBoundary: This is VGXNESS registry/context skill content only. It is not a provider-native OpenCode skill, must not be installed into .opencode, must not require skills.paths, and must not load remote content.",
       "metadata": { "ownedBy": "vgxness", "kind": "registry-context-skill", "nativeProviderSkill": false, "category": "git" }
     },
     {
       "name": "vgxness-pr-prep",
       "description": "Prepares concise pull request evidence and reviewer-ready summaries.",
       "version": "2026-06-16.v1",
-      "content": "# vgxness-pr-prep\n\nRole: Prepare a pull request only after the human explicitly asks for PR work.\n\nBefore opening a PR, inspect branch status, upstream tracking, base branch, recent commits, and diff against base. Summarize included commits, files changed, verification, rollout risk, reviewer burden, and any follow-ups.\n\nDo not push, publish, or create the PR without explicit human approval for that action. Prefer a focused PR over a broad mixed change.\n\nOutput: PR title/body draft or PR readiness report with evidence, risks, and reviewer notes.\n\nBoundary: This is VGXNESS registry/context skill content only. It is not a provider-native OpenCode skill, must not be installed into .opencode, must not require skills.paths, and must not load remote content.",
+      "content": "# vgxness-pr-prep\n\nRole: Prepare a pull request only after the human explicitly asks for PR work.\n\nBefore opening a PR, inspect branch status, upstream tracking, base branch, recent commits, and diff against base. Summarize included commits, files changed, verification, rollout risk, reviewer burden, and any follow-ups.\n\nUse the central `workspaceStrategy` recommendation as input to PR planning when present, especially `branch`, `manual-worktree`, and `stacked-prs`. It is advisory only and does not create branches or PRs.\n\nDo not push, publish, or create the PR without explicit human approval for that action. Prefer a focused PR over a broad mixed change.\n\nOutput: PR title/body draft or PR readiness report with evidence, risks, reviewer notes, and workspace strategy context when relevant.\n\nBoundary: This is VGXNESS registry/context skill content only. It is not a provider-native OpenCode skill, must not be installed into .opencode, must not require skills.paths, and must not load remote content.",
       "metadata": { "ownedBy": "vgxness", "kind": "registry-context-skill", "nativeProviderSkill": false, "category": "pull-request" }
     },
     {
       "name": "vgxness-stacked-prs",
       "description": "Guides reviewable stacked PR slicing for dependent changes.",
       "version": "2026-06-16.v1",
-      "content": "# vgxness-stacked-prs\n\nRole: Split dependent work into reviewable layers when one large PR would be hard to understand or risky to review.\n\nPrefer slices such as docs groundwork, tests/contracts, domain behavior, CLI/MCP surface, and follow-up polish. Keep each PR independently reviewable, explain dependencies, and avoid mixing unrelated fixes.\n\nDo not use stacked PRs for tiny fixes or emergency repairs unless the dependency structure is genuinely needed.\n\nOutput: proposed stack, branch/order guidance, reviewer burden tradeoffs, and cleanup notes.\n\nBoundary: This is VGXNESS registry/context skill content only. It is not a provider-native OpenCode skill, must not be installed into .opencode, must not require skills.paths, and must not load remote content.",
+      "content": "# vgxness-stacked-prs\n\nRole: Split dependent work into reviewable layers when one large PR would be hard to understand or risky to review.\n\nPrefer slices such as docs groundwork, tests/contracts, domain behavior, CLI/MCP surface, and follow-up polish. Keep each PR independently reviewable, explain dependencies, and avoid mixing unrelated fixes.\n\nWhen `workspaceStrategy.strategy` is `stacked-prs`, treat it as a planning recommendation only. It does not create branches or pull requests, and critical isolation signals may still require `manual-worktree` before mutation.\n\nDo not use stacked PRs for tiny fixes or emergency repairs unless the dependency structure is genuinely needed.\n\nOutput: proposed stack, branch/order guidance, reviewer burden tradeoffs, cleanup notes, and any manual isolation prerequisite.\n\nBoundary: This is VGXNESS registry/context skill content only. It is not a provider-native OpenCode skill, must not be installed into .opencode, must not require skills.paths, and must not load remote content.",
       "metadata": { "ownedBy": "vgxness", "kind": "registry-context-skill", "nativeProviderSkill": false, "category": "pull-request" }
     },
     {
@@ -105,7 +105,7 @@
       "name": "vgxness-review-size-guard",
       "description": "Keeps implementation slices small enough to review safely.",
       "version": "2026-06-16.v1",
-      "content": "# vgxness-review-size-guard\n\nRole: Protect reviewer attention and product safety by challenging oversized or mixed-scope changes.\n\nBefore large implementation, estimate affected subsystems, files, schema/storage changes, provider/setup impact, docs/tests, and verification cost. If the change is cross-cutting or hard to review, stop and recommend splitting into smaller slices.\n\nPrefer one coherent behavior change plus its tests/docs over unrelated bundles. For high-risk work, ask whether to reduce scope, split, or proceed as one larger change.\n\nOutput: review-size assessment, recommended slices, tradeoffs, and the next smallest safe step.\n\nBoundary: This is VGXNESS registry/context skill content only. It is not a provider-native OpenCode skill, must not be installed into .opencode, must not require skills.paths, and must not load remote content.",
+      "content": "# vgxness-review-size-guard\n\nRole: Protect reviewer attention and product safety by challenging oversized or mixed-scope changes.\n\nBefore large implementation, estimate affected subsystems, files, schema/storage changes, provider/setup impact, docs/tests, and verification cost. If the change is cross-cutting or hard to review, stop and recommend splitting into smaller slices.\n\nUse `workspaceStrategy` as supporting evidence for review shape when present: `branch` for focused edits, `manual-worktree` for high-risk/dirty/unknown checkout work, and `stacked-prs` for dependent review layers. The recommendation is non-mutating and should not be described as created Git state.\n\nPrefer one coherent behavior change plus its tests/docs over unrelated bundles. For high-risk work, ask whether to reduce scope, split, or proceed as one larger change.\n\nOutput: review-size assessment, recommended slices, tradeoffs, workspace strategy context, and the next smallest safe step.\n\nBoundary: This is VGXNESS registry/context skill content only. It is not a provider-native OpenCode skill, must not be installed into .opencode, must not require skills.paths, and must not load remote content.",
       "metadata": { "ownedBy": "vgxness", "kind": "registry-context-skill", "nativeProviderSkill": false, "category": "review" }
     }
   ],