vgxness 1.15.0 → 1.17.0

package/README.md

@@ -8,7 +8,7 @@ This package is proprietary software. The npm package ships inspectable JavaScri
 
 OpenCode is the primary supported provider. Claude setup support is secondary. VGX-managed OpenCode and Claude provider configuration is user-global only; provider config writes require explicit CLI confirmation.
 
-VGXNESS v1.14.x has a current project health audit describing the implemented CLI/MCP/SDD control plane, OpenCode-first workflow, release-readiness checks, and the remaining execution/recovery gaps. See [Project health audit v1.14.x](./docs/project-health-audit-v1.14.x.md) for the current system snapshot; [v1.10.x](./docs/project-health-audit-v1.10.x.md) and [v1.9.1](./docs/project-health-audit-v1.9.1.md) remain historical validation evidence for those releases.
+VGXNESS is currently versioned from `package.json` (`1.16.0`). The latest full project health audit is the historical [v1.14.x snapshot](./docs/project-health-audit-v1.14.x.md), which documents the implemented CLI/MCP/SDD control plane, OpenCode-first workflow, release-readiness checks, and the remaining execution/recovery gaps at that point in time. [v1.10.x](./docs/project-health-audit-v1.10.x.md) and [v1.9.1](./docs/project-health-audit-v1.9.1.md) remain historical validation evidence for those releases.
 
 ## Requirements
 
@@ -256,7 +256,7 @@ Remove any user-global OpenCode/Claude config entries and local/global VGXNESS d
 ## More docs
 
 - [CLI reference](./docs/cli.md)
-- [Project health audit v1.14.x](./docs/project-health-audit-v1.14.x.md)
+- [Project health audit v1.14.x](./docs/project-health-audit-v1.14.x.md) — historical snapshot
 - [Project health audit v1.10.x](./docs/project-health-audit-v1.10.x.md)
 - [Project health audit v1.9.1](./docs/project-health-audit-v1.9.1.md)
 - [Architecture](./docs/architecture.md)

package/dist/agents/canonical-agent-manifest.js

@@ -2,7 +2,7 @@ import { canonicalBehaviorContractVersion } from '../behavior/behavior-contract-
 export const canonicalDefaultAgentName = 'vgxness-manager';
 export const canonicalOpenCodeDefaultModel = 'openai/gpt-5.5';
 export const canonicalOpenCodeManagerReasoningEffort = 'high';
-export const canonicalPromptContractVersion = 11;
+export const canonicalPromptContractVersion = 12;
 export const canonicalSddSubagentNames = [
     'vgxness-sdd-explore',
     'vgxness-sdd-propose',
@@ -131,8 +131,15 @@ export function createCanonicalOpenCodeSddMcpToolPermissions() {
         vgxness_sdd_get_artifact: 'allow',
         vgxness_sdd_list_artifacts: 'allow',
         vgxness_sdd_cockpit: 'allow',
+        vgxness_context_cockpit: 'allow',
         vgxness_agent_resolve: 'allow',
         vgxness_sdd_save_artifact: 'allow',
+        vgxness_memory_search: 'allow',
+        vgxness_memory_get: 'allow',
+        vgxness_memory_save: 'allow',
+        vgxness_memory_update: 'allow',
+        vgxness_skill_payload: 'allow',
+        vgxness_run_preflight: 'allow',
     };
 }
 export function createCanonicalOpenCodeSddSubagentPrompt(name) {
@@ -146,50 +153,52 @@ export function createCanonicalOpenCodeSddSubagentPrompt(name) {
  * This feeds the OpenCode default config and Claude generated agent files; it is
  * intentionally separate from registry/seed instructions below.
  */
-export const canonicalOpenCodeManagerPrompt = `# VGXNESS Manager - compact SDD orchestrator
+export const canonicalOpenCodeManagerPrompt = `# VGXNESS Manager
 
-Bind only to the primary \`vgxness-manager\` agent. Executor agents use their own prompts.
+Bind to \`vgxness-manager\` only. Executors use their own prompts.
 
 ## Role
-Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to smallest exact hidden SDD subagent, synthesize evidence. Coach while coordinating: teach briefly; explain practical tradeoffs, risk/effort/unknowns; challenge weak assumptions; keep user in control; avoid lectures.
+Coordinate SDD; keep chat thin, use VGXNESS MCP state, delegate to exact SDD subagent. Coach while coordinating: teach briefly; explain practical tradeoffs, risk/effort/unknowns; challenge weak assumptions; keep user in control; avoid lectures.
 
 ## Non-negotiable governance
-- SDD artifact acceptance is human-only. Never infer or fabricate acceptance from generated output, subagent/model output, file presence, confidence, or legacy artifacts. Treat draft/rejected/superseded/stale/unaccepted artifacts as not accepted until a human acceptance record exists.
-- Before phase advancement, call readiness/status tools: \`vgxness_sdd_status\`/\`vgxness_sdd_next\` and \`vgxness_sdd_ready\` or \`vgxness_sdd_get_readiness\`.
-- Before risky VGX-managed side effects (edit, shell/tests, git, network, provider-tool, secrets, external-directory, destructive, privileged, ambiguous), call \`vgxness_run_preflight\` with runId/workflow/phase/agent context when available. If approval/block is required, stop; do not invent approval.
-- Direct human acceptance of an exact SDD artifact via \`vgxness_sdd_accept_artifact\` is not a generic SDD write for manager routing: do not call \`vgxness_run_preflight\` solely for that acceptance when the user explicitly accepted the exact project/change/phase artifact, \`acceptedBy.type\` is \`"human"\`, \`acceptedBy.id\` is non-empty, and status/readiness confirms the artifact is eligible. This shortcut applies only to \`vgxness_sdd_accept_artifact\` and the trusted draft autorun chain described below; it does not apply to edits, shell/tests, git, provider config, memory writes, external paths, secrets, destructive/privileged/ambiguous operations.
+- VGXNESS uses SQLite artifacts/control-plane; OpenCode as primary provider; artifacts are not openspec files. Do not write to \`openspec/\`.
+- SDD artifact acceptance is human-only. Artifact presence is not acceptance. Never infer or fabricate acceptance from generated output, subagent/model output, file presence, confidence, or legacy artifacts; draft/rejected/superseded/stale/unaccepted artifacts are not accepted until a human acceptance record exists.
+- Before phase advancement, call \`vgxness_sdd_status\`/\`vgxness_sdd_next\` plus \`vgxness_sdd_ready\` or \`vgxness_sdd_get_readiness\`.
+- Before risky VGX-managed side effects (edit, shell/tests, git, network, provider-tool, secrets, external-directory, destructive, privileged, ambiguous), call \`vgxness_run_preflight\` with runId/workflow/phase/agent when available. Stop on approval/block; never invent approval.
+- Direct human acceptance of an exact SDD artifact via \`vgxness_sdd_accept_artifact\` is not a generic SDD write for manager routing: do not call \`vgxness_run_preflight\` solely for that acceptance; require the user explicitly accepted the exact project/change/phase artifact, \`acceptedBy.type\` is \`"human"\`, \`acceptedBy.id\` is non-empty, and status/readiness confirms the artifact is eligible. This shortcut applies only to \`vgxness_sdd_accept_artifact\` and the trusted draft autorun chain described below; excludes edits, shell/tests, git, provider config, memory writes, external paths, secrets, destructive/privileged/ambiguous operations.
 - OpenCode native/provider tools are governance-v1 audit-only/non-hard-blocking. Report warnings; do not say native OpenCode tools are hard-blocked by config.
-- Do not mutate provider/global OpenCode config. Do not write to \`openspec/\`. Do not publish packages unless explicitly requested. Never revert/overwrite unrelated user work. Preserve \`permission.task\` deny-by-default with only exact known SDD subagents allowed.
+- Do not mutate provider/global OpenCode config. Do not publish packages unless explicitly requested. Never revert/overwrite unrelated user work. Preserve \`permission.task\` deny-by-default with only exact known SDD subagents.
 - Do not change provider model/reasoning config unless explicitly requested.
 
 ## Flexible governance routing
-Use the lightest safe path: Tier 0-2 direct; Tier 3 preflight; Tier 4 formal SDD for governance, permissions, acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff are read-only/audit-only; writes stay gated.
+Use lightest safe path: T0-2 direct, T3 preflight, T4 formal SDD for governance, permissions, acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff read-only/audit-only; writes gated.
 
 ## Provider-native daily flow
-SDD happens in OpenCode via conversation, VGXNESS MCP, and SDD subagents. No terminal SDD phase commands for normal flow. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
+SDD happens in OpenCode via conversation, VGXNESS MCP, and SDD subagents. No terminal SDD phase commands. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
 
 ## MCP playbook
-- For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\`; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with current session id and actor \`manager\`; if no id, do not invent one and summarize.
-- SDD artifacts: guide state with \`vgxness_sdd_next\`/\`vgxness_sdd_cockpit\`; list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; prefer \`payloadMode: "compact"\` so the primary context stays clean; use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` only after the appropriate flow. Use \`vgxness_sdd_reopen_artifact\` only for rejected artifacts returning to draft, with explicit human actor/audit context.
-- Trusted draft autorun: when the exact \`proposal\` artifact is already accepted, you may run exactly \`spec -> design -> tasks\` without extra human confirmation via exact hidden subagents and save drafts with \`vgxness_sdd_save_artifact\`. This is draft-only planning, not acceptance or completion. Do not use for explore/proposal/apply-progress/verify/archive, rejected/superseded artifacts, accepted overwrites, or risky side effects (provider config, edits, shell/tests, git, secrets, external/destructive/privileged/ambiguous). Re-check status/readiness before and after; generated spec/design drafts may feed downstream design/tasks but remain unaccepted.
-- Acceptance/readiness: check SDD status/readiness for the exact project/change/phase, confirm explicit human acceptance of that exact artifact, call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId), then re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, and audit warnings.
-- Memory: call \`vgxness_memory_search\`/\`vgxness_memory_get\` for prior work or unclear context; call \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; use \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
-- Agents/profile/payloads: resolve phase with \`vgxness_agent_resolve\`. Preview mode does not execute a provider or write provider config for \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, or \`vgxness_skill_payload\`. Use \`vgxness_manager_profile_get\` before changes; \`vgxness_manager_profile_set\` requires explicit human authorization.
-- Runs/recovery: use \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\` for run work; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, and close with \`vgxness_run_finalize\`. Unknown runId: \`vgxness_run_resume_candidates\`. For interrupted runs, inspect with \`vgxness_run_resume_inspect\`, then call \`vgxness_run_resume_gate\` with approvalId from pendingApprovals/inspect before advice; never pass runId as approvalId. Follow safe \`recommendedActions[]\`.
-- Provider diagnostics: \`vgxness_provider_status\`/\`vgxness_provider_doctor\` read-only; report \`providerEvidence.evidenceLevel\`/\`hostToolPresenceVerified\` limits.
+- For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\`; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with session id and actor \`manager\`; if no id, do not invent one and summarize.
+- Proposal clarity: if product/business clarity is missing, run a proposal question round.
+- SDD artifacts: guide with \`vgxness_sdd_next\`/\`vgxness_sdd_cockpit\`; list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; prefer \`payloadMode: "compact"\` so primary context stays clean; use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` after the right flow. Use \`vgxness_sdd_reopen_artifact\` only for rejected artifacts returning to draft, with explicit human actor/audit context.
+- Trusted draft autorun: when the exact \`proposal\` artifact is already accepted, run exactly \`spec -> design -> tasks\` without extra human confirmation via exact subagents; save drafts with \`vgxness_sdd_save_artifact\`. This is draft-only planning, not acceptance or completion. Not for explore/proposal/apply-progress/verify/archive, rejected/superseded artifacts, accepted overwrites, or risky side effects (provider config, edits, shell/tests, git, secrets, external/destructive/privileged/ambiguous). Re-check status/readiness before/after; generated spec/design drafts can feed design/tasks but remain unaccepted.
+- Acceptance/readiness: check SDD status/readiness for the exact project/change/phase; confirm explicit human acceptance; call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId); re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, audit warnings.
+- Memory: \`vgxness_memory_search\`/\`vgxness_memory_get\` for prior work/unclear context; \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
+- Agents/skills: Skill registry index-first; resolve skills by registry, exact path, and task context; read exact paths; do not invent summaries. Resolve phase with \`vgxness_agent_resolve\`. Preview mode does not execute a provider or write provider config for \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, or \`vgxness_skill_payload\`. \`vgxness_manager_profile_get\` before changes; \`vgxness_manager_profile_set\` needs explicit human authorization.
+- Runs/recovery: \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\`; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, close with \`vgxness_run_finalize\`. Unknown runId: \`vgxness_run_resume_candidates\`. For interrupted runs, inspect with \`vgxness_run_resume_inspect\`, then call \`vgxness_run_resume_gate\` with approvalId from pendingApprovals/inspect; never pass runId as approvalId. Follow safe \`recommendedActions[]\`.
+- Provider diagnostics: \`vgxness_provider_status\`/\`vgxness_provider_doctor\` read-only; report \`providerEvidence.evidenceLevel\` and \`hostToolPresenceVerified\` limits.
 
 ## Minimum flows
-- Simple answer: inline; memory only for prior context; no run by default.
-- Proposal/spec/design/tasks: status/next -> readiness -> prerequisites -> exact subagent -> delegate -> persist by governance; if proposal is accepted, spec/design/tasks may run as the trusted draft autorun chain without extra confirmation, but drafts remain unaccepted.
-- Apply/verify: require prerequisites -> artifacts -> exact subagent -> start/recover run -> preflight writes/shell/git/tests -> delegate -> checkpoint -> save -> finalize.
-- Config/provider/prompt change: inspect manager/profile or payload first; persistent changes need explicit human authorization.
+- Simple answer: inline; no run by default.
+- Proposal/spec/design/tasks: status/next -> readiness -> prereqs -> exact subagent -> delegate -> persist; if proposal is accepted, spec/design/tasks may use trusted draft autorun without extra confirmation; drafts remain unaccepted.
+- Apply/verify: prereqs -> artifacts -> exact subagent -> start/recover run -> preflight writes/shell/git/tests -> delegate -> checkpoint -> save -> finalize. Before apply/PR, review workload guard: estimate size/risk/reviewer load; recommend slicing into work units or chained PRs when large.
+- Config/provider/prompt change: inspect manager/profile/payload first; persistence needs explicit human authorization.
 - Recovery: MCP first. Continue: use \`vgxness_sdd_continue\`; read-only/advisory: no provider execution, run creation, artifact mutation, provider config/openspec writes, or acceptance/apply-progress bypass. CLI \`vgxness sdd continue\` is human fallback only. \`vgxness resume --project\` is for candidate runs. The removed experimental \`vgxness code\` runtime is not an SDD fallback.
 
 ## Delegation thresholds
-Default to delegation for SDD phase-shaped work, repository exploration beyond one narrow lookup, implementation, verification, incident recovery, or multi-step analysis. Inline only conversational guidance, single-fact lookup, MCP/status/readiness checks, and trivial mechanical edits when safe. When uncertain between inline work and subagent work, delegate to the exact smallest SDD subagent. Never delegate to unknown agents; use exact SDD phase mapping.
+Default to delegation for SDD phase-shaped work, repository exploration beyond one narrow lookup, implementation, verification, incident recovery, or multi-step analysis. Inline only conversational guidance, single-fact lookup, MCP/status/readiness checks, and trivial mechanical edits when safe. When uncertain between inline work and subagent work, delegate to the exact smallest SDD subagent. Never delegate to unknown agents; use exact phase mapping.
 
 ## Output
-Be concise: delegated work, results, files/decisions, evidence/tests, risks, next step.`;
+Be concise.`;
 /**
  * Registry/seed instructions for the manager agent definition.
  * These feed the canonical manifest, checked-in seed, boot upgrade, registry

package/dist/cli/cli-help.js

@@ -144,6 +144,7 @@ Areas:
   runs finish --run-id <id> --status completed|failed|blocked|cancelled --outcome <outcome> [--reason <text>]
   runs permission-check --run-id <id> --category <category> --operation <name> [--path <path>] [--agent-id <id>] [--destructive] [--external] [--privileged] [--ambiguous]
   runs preflight --run-id <id> --category <category> --operation <name> [--workspace <path>] [--path <path>] [--provider-tool <name>] [--agent-id <id>] [--destructive] [--external] [--privileged] [--ambiguous]
+  runs preflight output includes workspaceStrategy recommendation JSON and does not create branches, worktrees, or PRs.
   runs approvals --run <run-id>
   runs approve|reject|cancel-approval --approval <id> --actor <name> [--reason <text>]
   runs retry-check --approval <id> [--policy <json>]

package/dist/cli/home-tui-app.js

@@ -1,17 +1,18 @@
 import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
 import { Box } from 'ink';
+import { renderSddAdviceLines } from './sdd-renderer.js';
 import { TuiCard, TuiFooter, TuiHeader, TuiSummaryBar, TuiTabs } from './tui/ink/components.js';
 import { inkTuiTheme, normalizeInkTuiWidth } from './tui/ink/theme.js';
 export const homeTuiTabs = ['setup', 'status', 'runs', 'sdd', 'skills', 'provider'];
 const homeTuiTabItems = homeTuiTabs.map((tab) => ({ key: tab, label: labelForHomeTab(tab) }));
-export function HomeTuiApp({ plan, width, selectedTab, view = 'overview', runsReadModel = { state: 'not-loaded' }, skillsReadModel = { state: 'not-loaded' }, sddInput = { change: '' } }) {
+export function HomeTuiApp({ plan, width, selectedTab, view = 'overview', runsReadModel = { state: 'not-loaded' }, skillsReadModel = { state: 'not-loaded' }, sddInput = { change: '' }, sddReadModel = { state: 'not-loaded' } }) {
     const cardWidth = normalizeInkTuiWidth(width);
     if (view === 'status-focus')
         return _jsx(FocusedStatusView, { plan: plan, width: cardWidth });
     if (view === 'runs-focus')
         return _jsx(FocusedRunsView, { plan: plan, width: cardWidth, runs: runsReadModel });
     if (view === 'sdd-focus')
-        return _jsx(FocusedSddView, { plan: plan, width: cardWidth, sddInput: sddInput });
+        return _jsx(FocusedSddView, { plan: plan, width: cardWidth, sddInput: sddInput, sdd: sddReadModel });
     if (view === 'skills-focus')
         return _jsx(FocusedSkillsView, { plan: plan, width: cardWidth, skills: skillsReadModel });
     if (view === 'provider-focus')
@@ -26,10 +27,13 @@ function FocusedSkillsView({ plan, width, skills }) {
 function FocusedRunsView({ plan, width, runs }) {
     const badge = runs.state === 'ready' ? 'read-only' : runs.state === 'unavailable' ? 'unavailable' : 'loading';
     const tone = runs.state === 'unavailable' ? 'warning' : 'info';
-    return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS Runs", subtitle: "Run recovery cockpit \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: "Runs", badge: badge, tone: tone, lines: focusedRunsLines(plan, runs) }) }), _jsx(TuiFooter, { text: "Keys: Esc/b back to Home \u00B7 q exits \u00B7 read-only \u00B7 no writes" })] }));
+    const title = runs.state === 'ready' && runs.selected !== undefined ? 'Run detail' : 'Runs';
+    return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS Runs", subtitle: "Run recovery cockpit \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: title, badge: badge, tone: tone, lines: focusedRunsLines(plan, runs) }) }), _jsx(TuiFooter, { text: "Keys: Enter inspects first run detail \u00B7 Esc/b back to Home \u00B7 q exits \u00B7 read-only \u00B7 no writes \u00B7 no retry/approval/execution" })] }));
 }
-function FocusedSddView({ plan, width, sddInput }) {
-    return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS SDD", subtitle: "Spec-driven development cockpit \u00B7 change required \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: "SDD change gate", badge: sddInput.change.length === 0 ? 'change required' : 'change selected', tone: "info", lines: focusedSddLines(plan, sddInput) }) }), _jsx(TuiFooter, { text: "Keys: type change id \u00B7 Backspace edits \u00B7 Esc back \u00B7 Ctrl-C exits \u00B7 local SDD state not opened" })] }));
+function FocusedSddView({ plan, width, sddInput, sdd }) {
+    const badge = sddInput.change.length === 0 ? 'change required' : sdd.state === 'ready' ? sdd.next.status : sdd.state === 'unavailable' ? 'unavailable' : 'change selected';
+    const tone = sdd.state === 'unavailable' ? 'warning' : 'info';
+    return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS SDD", subtitle: "Spec-driven development cockpit \u00B7 change required \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: "SDD change gate", badge: badge, tone: tone, lines: focusedSddLines(plan, sddInput, sdd) }) }), _jsx(TuiFooter, { text: `Keys: type change id · Backspace edits · Esc back · Ctrl-C exits · ${sdd.state === 'ready' ? 'SDD state read-only' : 'local SDD state not opened'}` })] }));
 }
 function FocusedStatusView({ plan, width }) {
     return (_jsxs(Box, { flexDirection: "column", width: width, paddingX: 1, paddingY: 1, children: [_jsx(TuiHeader, { title: "VGXNESS Status", subtitle: "Focused setup readiness \u00B7 read-only", project: plan.project }), _jsx(TuiSummaryBar, { items: summaryItems(plan) }), _jsx(Box, { marginTop: 1, children: _jsx(TuiCard, { title: "Current setup status", badge: plan.status === 'ready' ? 'ready' : statusTitle(plan.status), tone: plan.status === 'ready' ? 'success' : plan.status === 'conflict' ? 'danger' : 'warning', lines: focusedStatusLines(plan) }) }), _jsx(TuiFooter, { text: "Keys: Esc/b back to Home \u00B7 q exits \u00B7 read-only \u00B7 no provider config writes" })] }));
@@ -103,11 +107,14 @@ function focusedRunsLines(plan, runs) {
             '',
             runs.message,
             '',
-            'Use `vgxness resume --project <name>` to inspect interrupted runs from a Bun-backed runtime.',
+            'Interrupted runs can be inspected with `vgxness runs list --project <name> --status needs-human` from a Bun-backed runtime.',
             'Use `vgxness runs list --project <name> --status needs-human` for actionable blockers.',
+            'Safety: read-only/no writes/no retry/approval/execution.',
         ];
     }
     if (runs.state === 'ready') {
+        if (runs.selected !== undefined)
+            return focusedRunDetailLines(plan, runs.databasePath, runs.selected);
         return [
             field('Project', plan.project),
             field('Store', 'opened read-only'),
@@ -115,11 +122,13 @@ function focusedRunsLines(plan, runs) {
             field('Recent runs', String(runs.recent.length)),
             field('Interrupted', String(runs.interrupted.length)),
             '',
-            ...runSummarySection('Interrupted runs', runs.interrupted),
+            ...runSummarySection('Interrupted runs', runs.interrupted, runs.details),
             '',
-            ...runSummarySection('Recent runs', runs.recent),
+            ...runSummarySection('Recent runs', runs.recent, runs.details),
             '',
-            'Inspect one run: `vgxness runs get --id <run-id>`.',
+            runs.details.length === 0 ? 'No run is available for detail inspection.' : 'Press Enter to inspect the first interrupted/recent run here.',
+            'CLI fallback: `vgxness runs get --id <run-id>`.',
+            'Safety: read-only/no writes/no retry/approval/execution.',
         ];
     }
     return [
@@ -128,22 +137,108 @@ function focusedRunsLines(plan, runs) {
         field('Safety', 'read-only placeholder'),
         '',
         'This panel does not open the local SQLite store yet.',
-        'Use `vgxness resume --project <name>` to inspect interrupted runs.',
+        'Use `vgxness runs list --project <name> --status needs-human` to inspect interrupted runs.',
         'Use `vgxness runs list --project <name> --status needs-human` for actionable blockers.',
         '',
-        'Next implementation slice can wire this panel to the run read model.',
+        'This panel is read-only/no writes/no retry/approval/execution.',
     ];
 }
-function runSummarySection(title, runs) {
+export function renderHomeRunsReadOnlyLines(plan, runs) {
+    return focusedRunsLines(plan, runs);
+}
+function focusedRunDetailLines(plan, databasePath, run) {
+    return [
+        field('Project', plan.project),
+        field('Store', 'opened read-only'),
+        field('Database', databasePath),
+        field('Run', shortRunId(run.id)),
+        field('Status', run.status),
+        field('Workflow/phase', `${run.workflow}/${run.phase}`),
+        field('Events', String(run.events)),
+        field('Checkpoints', String(run.checkpoints)),
+        field('Approvals', `${run.approvals} (${formatApprovalStatusCounts(run.approvalStatusCounts)})`),
+        field('Attempts', `${run.attempts} (${formatAttemptStatusCounts(run.attemptStatusCounts)})`),
+        ...(run.latestCheckpointLabel === undefined ? [] : [field('Latest checkpoint', run.latestCheckpointLabel)]),
+        ...(run.latestEventTitle === undefined ? [] : [field('Latest event', run.latestEventTitle)]),
+        ...(run.outcome === undefined ? [] : [field('Outcome', run.outcome)]),
+        ...(run.outcomeReason === undefined ? [] : [field('Outcome reason', run.outcomeReason)]),
+        ...(run.userIntent === undefined ? [] : ['', `Intent: ${run.userIntent}`]),
+        '',
+        `Inspect JSON: vgxness runs get --id ${run.id}`,
+        'Safety: read-only/no writes/no retry/approval/execution from this TUI detail.',
+    ];
+}
+function runSummarySection(title, runs, details = []) {
     if (runs.length === 0)
         return [title, '- none'];
-    return [title, ...runs.map((run) => `- ${shortRunId(run.id)} ${run.status} ${run.workflow}/${run.phase}${run.userIntent === undefined ? '' : ` — ${run.userIntent}`}`)];
+    return [title, ...runs.map((run) => runSummaryLine(run, details.find((detail) => detail.id === run.id)))];
+}
+function runSummaryLine(run, detail) {
+    const base = `- ${shortRunId(run.id)} ${run.status} ${run.workflow}/${run.phase}${run.userIntent === undefined ? '' : ` — ${run.userIntent}`}`;
+    if (detail === undefined)
+        return base;
+    return [
+        base,
+        `approvals ${detail.approvals} (${formatApprovalStatusCounts(detail.approvalStatusCounts)})`,
+        `attempts ${detail.attempts} (${formatAttemptStatusCounts(detail.attemptStatusCounts)})`,
+        `latest checkpoint ${detail.latestCheckpointLabel ?? 'none'}`,
+        `latest event ${detail.latestEventTitle ?? 'none'}`,
+    ].join(' · ');
+}
+function formatApprovalStatusCounts(counts) {
+    return [`pending=${counts.pending}`, `approved=${counts.approved}`, `rejected=${counts.rejected}`, `cancelled=${counts.cancelled}`].join(' ');
+}
+function formatAttemptStatusCounts(counts) {
+    return [`reserved=${counts.reserved}`, `succeeded=${counts.succeeded}`, `failed=${counts.failed}`, `abandoned=${counts.abandoned}`].join(' ');
 }
 function shortRunId(id) {
     return id.length <= 8 ? id : id.slice(0, 8);
 }
-function focusedSddLines(plan, input) {
+function focusedSddLines(plan, input, sdd) {
     const change = input.change.length === 0 ? '<id>' : input.change;
+    if (input.change.length > 0 && sdd.state === 'unavailable') {
+        return [
+            field('Project', plan.project),
+            field('Change', input.change),
+            field('Input', `${input.change}_`),
+            field('Store', 'unavailable'),
+            field('Database', sdd.databasePath),
+            field('Acceptance', 'human-only'),
+            field('Safety', 'read-only'),
+            '',
+            sdd.message,
+            '',
+            `Continue: vgxness sdd continue --project ${plan.project} --change ${change}`,
+            `Status:   vgxness sdd status --project ${plan.project} --change ${change}`,
+            'Human acceptance remains explicit; artifact presence is not acceptance.',
+        ];
+    }
+    if (input.change.length > 0 && sdd.state === 'ready') {
+        return [
+            field('Project', plan.project),
+            field('Change', input.change),
+            field('Input', `${input.change}_`),
+            field('Store', 'opened read-only'),
+            field('Database', sdd.databasePath),
+            field('Status', sdd.next.status),
+            field('Next phase', sdd.next.nextPhase ?? 'none'),
+            field('Accepted', `${sdd.cockpit.acceptedCount}/${sdd.cockpit.phases.length}`),
+            field('Artifacts', String(sdd.cockpit.artifacts.length)),
+            field('Blockers', String(sdd.cockpit.aggregateBlockers.length)),
+            field('Recommended', sdd.cockpit.recommendedAction),
+            field('Acceptance', sdd.cockpit.gates?.requiresHumanAcceptance === true ? 'human review needed' : 'human-only'),
+            field('Safety', 'read-only'),
+            '',
+            sdd.next.reason,
+            '',
+            ...sddBlockerLines(sdd.cockpit.aggregateBlockers),
+            ...(sdd.continuation.advice.length === 0 ? [] : ['', ...renderSddAdviceLines(sdd.continuation.advice)]),
+            '',
+            `Inspect: ${sdd.continuation.inspectCommand}`,
+            `Continue: vgxness sdd continue --project ${plan.project} --change ${change}`,
+            'Human acceptance remains explicit; artifact presence is not acceptance.',
+        ];
+    }
     return [
         field('Project', plan.project),
         field('Change', input.change.length === 0 ? 'not selected' : input.change),
@@ -163,6 +258,11 @@ function focusedSddLines(plan, input) {
         'Next implementation slice can ask for/select a change id before loading SDD state.',
     ];
 }
+function sddBlockerLines(blockers) {
+    if (blockers.length === 0)
+        return ['Blockers', '- none'];
+    return ['Blockers', ...blockers.slice(0, 4).map((blocker) => `- ${blocker.phase}: ${blocker.reason}`), ...(blockers.length > 4 ? [`- +${blockers.length - 4} more`] : [])];
+}
 function focusedSkillsLines(plan, skills) {
     if (skills.state === 'unavailable') {
         return [
@@ -210,7 +310,7 @@ function skillSummarySection(skills) {
     return ['Indexed skills', ...skills.slice(0, 8).map((skill) => `- ${skill.name} ${skill.status}${skill.activeVersion === null ? '' : ` @ ${skill.activeVersion}`}`), ...(skills.length > 8 ? [`- +${skills.length - 8} more`] : [])];
 }
 function runsLines() {
-    return ['Run dashboard is not loaded in this first Home TUI slice.', '', 'Use `vgxness status` or `vgxness resume --project <name>` for current CLI diagnostics.', 'Next slice can wire this panel to the run read model.'];
+    return ['Run dashboard is not loaded in this Home TUI overview.', '', 'Use `vgxness status` or `vgxness runs list --project <name>` for current CLI diagnostics.', 'Focused Runs is read-only/no writes/no retry/approval/execution.'];
 }
 function sddLines() {
     return [

package/dist/cli/home-tui-controller.js

@@ -1,6 +1,10 @@
 import { render as renderInk } from 'ink';
 import React from 'react';
+import { MemoryService } from '../memory/memory-service.js';
+import { openMemoryDatabase } from '../memory/sqlite/database.js';
 import { RunService } from '../runs/run-service.js';
+import { SddWorkflowService } from '../sdd/sdd-workflow-service.js';
+import { sddContinuationPlanFrom } from '../sdd/sdd-continuation-plan.js';
 import { SkillRegistryService } from '../skills/skill-registry-service.js';
 import { SkillIndexService } from '../skills/skill-index-service.js';
 import { okText } from './cli-help.js';
@@ -9,7 +13,6 @@ import { renderSetupPlan } from './setup-plan-renderer.js';
 import { runSetupTuiController } from './setup-tui-controller.js';
 import { navigationIntentFromInput } from './tui/keymap.js';
 import { nextItem } from './tui/navigation.js';
-import { openMemoryDatabase } from '../memory/sqlite/database.js';
 const enter = '\r';
 const escape = '\u001B';
 const ctrlC = '\u0003';
@@ -26,7 +29,8 @@ export async function runHomeTuiController(input) {
     let runsReadModel = { state: 'not-loaded' };
     let skillsReadModel = { state: 'not-loaded' };
     let sddInput = { change: '' };
-    const app = renderInk(React.createElement(HomeTuiApp, { plan: input.plan, width, selectedTab, view, runsReadModel, skillsReadModel, sddInput }), {
+    let sddReadModel = { state: 'not-loaded' };
+    const app = renderInk(React.createElement(HomeTuiApp, { plan: input.plan, width, selectedTab, view, runsReadModel, skillsReadModel, sddInput, sddReadModel }), {
         stdin: stdin,
         stdout: stdout,
         interactive: true,
@@ -34,7 +38,7 @@ export async function runHomeTuiController(input) {
         exitOnCtrlC: false,
     });
     const rerender = () => {
-        app.rerender(React.createElement(HomeTuiApp, { plan: input.plan, width, selectedTab, view, runsReadModel, skillsReadModel, sddInput }));
+        app.rerender(React.createElement(HomeTuiApp, { plan: input.plan, width, selectedTab, view, runsReadModel, skillsReadModel, sddInput, sddReadModel }));
     };
     stdin.setRawMode?.(true);
     stdin.resume?.();
@@ -54,12 +58,14 @@ export async function runHomeTuiController(input) {
                 }
                 if (value === backspace || value === ctrlH) {
                     sddInput = { change: sddInput.change.slice(0, -1) };
+                    sddReadModel = readHomeSdd(input.plan, sddInput.change);
                     rerender();
                     return;
                 }
                 const nextSddChange = appendSddChangeInput(sddInput.change, value);
                 if (nextSddChange !== sddInput.change) {
                     sddInput = { change: nextSddChange };
+                    sddReadModel = readHomeSdd(input.plan, nextSddChange);
                     rerender();
                     return;
                 }
@@ -77,6 +83,11 @@ export async function runHomeTuiController(input) {
                 rerender();
                 return;
             }
+            if (view === 'runs-focus' && (value === enter || value === '\n' || intent === 'select')) {
+                runsReadModel = selectFirstHomeRunDetail(runsReadModel);
+                rerender();
+                return;
+            }
             if (intent === 'cancel') {
                 cleanup();
                 resolve('quit');
@@ -99,6 +110,7 @@ export async function runHomeTuiController(input) {
                 return;
             }
             if ((value === enter || value === '\n' || intent === 'select') && selectedTab === 'sdd') {
+                sddReadModel = readHomeSdd(input.plan, sddInput.change);
                 view = 'sdd-focus';
                 rerender();
                 return;
@@ -179,12 +191,73 @@ function readHomeRuns(plan) {
                 phase: run.phase,
                 ...(run.userIntent === undefined ? {} : { userIntent: run.userIntent }),
             })),
+            details: collectRunDetails(service, [...interrupted.value.map((run) => run.runId), ...recent.value.map((run) => run.id)]),
         };
     }
     finally {
         opened.value.close();
     }
 }
+function collectRunDetails(service, runIds) {
+    const uniqueRunIds = [...new Set(runIds)];
+    const details = [];
+    for (const runId of uniqueRunIds) {
+        const run = service.getRun(runId);
+        if (!run.ok)
+            continue;
+        details.push(runDetailSummary(run.value));
+    }
+    return details;
+}
+function runDetailSummary(run) {
+    const userIntent = run.userIntent.trim();
+    const latestCheckpoint = run.checkpoints.at(-1);
+    const latestEvent = run.events.at(-1);
+    return {
+        id: run.id,
+        status: run.status,
+        workflow: run.workflow,
+        phase: run.phase,
+        ...(userIntent.length === 0 ? {} : { userIntent }),
+        ...(run.outcome === undefined ? {} : { outcome: run.outcome }),
+        ...(run.outcomeReason === undefined ? {} : { outcomeReason: run.outcomeReason }),
+        events: run.events.length,
+        checkpoints: run.checkpoints.length,
+        approvals: run.approvals.length,
+        approvalStatusCounts: countApprovalStatuses(run.approvals.map((approval) => approval.status)),
+        attempts: run.operationAttempts.length,
+        attemptStatusCounts: countAttemptStatuses(run.operationAttempts.map((attempt) => attempt.status)),
+        ...(latestCheckpoint === undefined ? {} : { latestCheckpointLabel: latestCheckpoint.label }),
+        ...(latestEvent === undefined ? {} : { latestEventTitle: latestEvent.title }),
+    };
+}
+function countApprovalStatuses(statuses) {
+    return {
+        pending: statuses.filter((status) => status === 'pending').length,
+        approved: statuses.filter((status) => status === 'approved').length,
+        rejected: statuses.filter((status) => status === 'rejected').length,
+        cancelled: statuses.filter((status) => status === 'cancelled').length,
+    };
+}
+function countAttemptStatuses(statuses) {
+    return {
+        reserved: statuses.filter((status) => status === 'reserved').length,
+        succeeded: statuses.filter((status) => status === 'succeeded').length,
+        failed: statuses.filter((status) => status === 'failed').length,
+        abandoned: statuses.filter((status) => status === 'abandoned').length,
+    };
+}
+function selectFirstHomeRunDetail(runs) {
+    if (runs.state !== 'ready' || runs.selected !== undefined)
+        return runs;
+    const firstInterruptedId = runs.interrupted[0]?.id;
+    const firstRecentId = runs.recent[0]?.id;
+    const selectedId = firstInterruptedId ?? firstRecentId;
+    if (selectedId === undefined)
+        return runs;
+    const selected = runs.details.find((detail) => detail.id === selectedId);
+    return selected === undefined ? runs : { ...runs, selected };
+}
 function runRecordSummary(run) {
     const userIntent = run.userIntent.trim();
     return {
@@ -210,6 +283,30 @@ function readHomeSkills(plan) {
         opened.value.close();
     }
 }
+function readHomeSdd(plan, change) {
+    if (change.length === 0)
+        return { state: 'not-loaded' };
+    const opened = openMemoryDatabase({ path: plan.db.path, readonly: true });
+    if (!opened.ok)
+        return { state: 'unavailable', databasePath: plan.db.path, message: opened.error.message };
+    try {
+        const sdd = new SddWorkflowService(new MemoryService(opened.value));
+        const status = sdd.getStatus({ project: plan.project, change });
+        if (!status.ok)
+            return { state: 'unavailable', databasePath: plan.db.path, message: status.error.message };
+        const next = sdd.getNext({ project: plan.project, change });
+        if (!next.ok)
+            return { state: 'unavailable', databasePath: plan.db.path, message: next.error.message };
+        const cockpit = sdd.getCockpit({ project: plan.project, change });
+        if (!cockpit.ok)
+            return { state: 'unavailable', databasePath: plan.db.path, message: cockpit.error.message };
+        const continuation = sddContinuationPlanFrom({ project: plan.project, next: next.value, cockpit: cockpit.value });
+        return { state: 'ready', databasePath: plan.db.path, status: status.value, next: next.value, cockpit: cockpit.value, continuation };
+    }
+    finally {
+        opened.value.close();
+    }
+}
 function tuiWidth(stdout) {
     const columns = stdout.columns;
     const width = typeof columns === 'number' && Number.isFinite(columns) ? Math.floor(columns) : 88;

package/dist/cli/sdd-renderer.js

@@ -91,6 +91,8 @@ export function renderSddContinuationPlan(plan) {
         `- ${suggestedCommandLabel}: ${plan.suggestedCommand}`,
         `- Diagnostic command: ${plan.inspectCommand}`,
         '',
+        ...renderSddAdviceLines(plan.advice),
+        ...(plan.advice.length === 0 ? [] : ['']),
         'Blocker-specific next actions:',
         ...(plan.blockerActions.length === 0
             ? ['- none']
@@ -119,6 +121,11 @@ export function renderSddContinuationPlan(plan) {
     ];
     return `${lines.join('\n')}\n`;
 }
+export function renderSddAdviceLines(advice) {
+    if (advice.length === 0)
+        return [];
+    return ['Advice:', ...advice.map((item) => `- ${item.title}: ${item.message}`)];
+}
 export function renderSddCockpit(cockpit) {
     const readModel = cockpit.readModel;
     const blockers = readModel.blockers;

package/dist/mcp/control-plane.js

@@ -46,7 +46,7 @@ export function callVgxTool(call, services) {
         case 'vgxness_sdd_next':
             return toEnvelope(validated.tool, services.sdd.getNext(validated.input));
         case 'vgxness_sdd_cockpit':
-            return toEnvelope(validated.tool, mapMemoryResult(services.sdd.getCockpit(validated.input), buildSddCockpitSurfaceResponse));
+            return toEnvelope(validated.tool, sddCockpitSurfaceResponse(validated.input, services));
         case 'vgxness_sdd_continue':
             return sddContinueEnvelope(validated.input, services);
         case 'vgxness_governance_report':
@@ -267,6 +267,15 @@ function sddContinueEnvelope(input, services) {
         ...(relatedRun.value === undefined ? {} : { relatedRunContext: relatedRun.value }),
     }));
 }
+function sddCockpitSurfaceResponse(input, services) {
+    const cockpit = services.sdd.getCockpit(input);
+    if (!cockpit.ok)
+        return cockpit;
+    const operationalEvidence = services.runs.getSddOperationalEvidence({ project: input.project, change: input.change });
+    if (!operationalEvidence.ok)
+        return { ok: true, value: buildSddCockpitSurfaceResponse(cockpit.value) };
+    return { ok: true, value: buildSddCockpitSurfaceResponse(cockpit.value, { operationalEvidenceByPhase: operationalEvidence.value }) };
+}
 export function createVgxMcpControlPlane(options = {}) {
     const databasePath = resolveControlPlaneDatabasePath(options);
     if (!databasePath.ok)

package/dist/mcp/schema.js

@@ -223,6 +223,22 @@ const sddRecommendedActionOutputSchema = z
         .passthrough()),
 })
     .passthrough();
+const sddContinuationAdviceOutputSchema = z
+    .object({
+    id: z.string(),
+    kind: z.enum(['proposal-question-round', 'review-workload-guard']),
+    title: z.string(),
+    message: z.string(),
+    readOnly: z.literal(true),
+    advisoryOnly: z.literal(true),
+    mutating: z.literal(false),
+    providerExecution: z.literal(false),
+    artifactMutation: z.literal(false),
+    runCreation: z.literal(false),
+    openspecWrite: z.literal(false),
+    reason: z.string(),
+})
+    .passthrough();
 const mcpSuccessOutputSchema = (value) => z
     .object({
     ok: z.literal(true),
@@ -672,6 +688,7 @@ export const VGX_MCP_TOOL_OUTPUT_SCHEMAS = {
         kind: z.literal('sdd-continuation-plan'),
         project: z.string(),
         change: z.string(),
+        advice: z.array(sddContinuationAdviceOutputSchema),
         recommendedActions: z.array(sddRecommendedActionOutputSchema),
     })
         .passthrough()),