vgxness 1.9.2 → 1.9.3

package/README.md

@@ -8,7 +8,7 @@ This package is proprietary software. The npm package ships inspectable JavaScri
 
 OpenCode is the primary supported provider. Other providers remain preview/manual only. Provider config writes require explicit CLI confirmation.
 
-VGXNESS v1.9.1 has a canonical project health audit with validated evidence: 38 MCP tools, 106 test files, and the official Bun validation path passing, including package evidence with `releaseReadiness: pass`. See [Project health audit v1.9.1](./docs/project-health-audit-v1.9.1.md) for the versioned matrix and safety taxonomy.
+VGXNESS v1.9.1 has a canonical project health audit with validated evidence: 38 MCP tools, 106 test files, and the official Bun validation path passing, including package evidence with `releaseReadiness: pass`. Current unreleased builds expose 41 MCP tools after adding read-only SDD/run recovery parity. See [Project health audit v1.9.1](./docs/project-health-audit-v1.9.1.md) for the versioned matrix and safety taxonomy.
 
 ## Requirements
 
@@ -144,7 +144,9 @@ In non-TTY shells, `vgxness init` prints the same read-only setup plan instead o
 vgxness setup plan
 vgxness setup apply --yes
 vgxness doctor
-vgxness sdd next --project <project> --change <change>
+vgxness status --project <project> --change <change>
+vgxness next --project <project> --change <change>
+vgxness sdd continue --project <project> --change <change>
 ```
 
 Stable defaults are: package `vgxness`, provider `opencode`, global user data DB, user/global OpenCode scope (`$HOME/.config/opencode/opencode.json`), and `mcp-plus-agents` mode. Use `--scope project` only when you intentionally want `<workspace>/.opencode/opencode.json`. The generated MCP command for the global DB default is:
@@ -159,7 +161,9 @@ Apply only after reviewing the plan:
 vgxness setup apply --yes
 ```
 
-`vgxness setup plan` and `vgxness setup status` are human-readable and do not write provider config by default; local VGXNESS store initialization may occur when a command needs the selected SQLite store. `vgxness doctor`, `vgxness sdd status`, `vgxness sdd next`, and `vgxness sdd accept-artifact` are also human-readable by default. Pass `--json` when you need parseable automation output. `vgxness setup apply --yes` is the explicit provider-config write path.
+`vgxness setup plan` and `vgxness setup status` are human-readable and do not write provider config by default; local VGXNESS store initialization may occur when a command needs the selected SQLite store. `vgxness doctor`, `vgxness status`, `vgxness next`, `vgxness sdd status`, `vgxness sdd next`, `vgxness sdd continue`, and `vgxness sdd accept-artifact` are also human-readable by default. Pass `--json` when you need parseable automation output. `vgxness setup apply --yes` is the explicit provider-config write path.
+
+The SDD happy path is `status` -> `next` -> `sdd continue` -> `code sdd` or `resume` -> `accept-artifact` or `reopen-artifact`. `sdd continue`, top-level `status`/`next`, and `resume` are advisory/read-only surfaces; related interrupted run hints and resume candidates help the operator choose the next command but do not execute providers or retry runs. Draft-run suggestions are planning-only: human acceptance is still required, and `apply-progress` remains gated.
 
 ## Code runtime (`vgxness code`)
 
@@ -181,8 +185,9 @@ Edits, shell, network, git mutations, SDD persistence, and memory saves route th
 - Setup/status TUI surfaces are preview-oriented; run copied commands explicitly when you choose to act.
 - SDD artifacts are SQLite-backed through VGXNESS services. Do not create or write `openspec/`.
 - `vgxness sdd accept-artifact` records explicit human-only acceptance; saving a draft never implies acceptance.
+- `vgxness sdd reopen-artifact` is the explicit path from a rejected artifact back to draft before revision.
 - OpenCode is the primary supported provider; other providers are preview/manual extension points.
-- VGXNESS exposes 38 typed MCP tools across SDD, memory, sessions, agents, skills, runs, providers, and verification. See [MCP tools](./docs/mcp.md).
+- VGXNESS exposes 41 typed MCP tools across SDD, memory, sessions, agents, skills, runs, providers, and verification. See [MCP tools](./docs/mcp.md).
 
 ## Main menu entrypoint
 

package/dist/agents/agent-resolver.js

@@ -1,3 +1,4 @@
+import { normalizeSddPhaseInput } from '../sdd/schema.js';
 export class AgentResolver {
     loadAgents;
     constructor(loadAgents) {
@@ -58,8 +59,10 @@ function normalizeInput(input) {
     const desiredCapabilities = normalizeList(input.desiredCapabilities ?? []);
     const taskDescription = normalizeText(input.taskDescription);
     const intent = normalizeText(input.intent);
+    const phase = input.phase === undefined ? undefined : (isSddWorkflow(input.workflow) ? (normalizeSddPhaseInput(input.phase) ?? input.phase) : input.phase);
     return {
         ...input,
+        ...(phase !== undefined ? { phase } : {}),
         ...(taskDescription !== undefined ? { taskDescription } : {}),
         ...(intent !== undefined ? { intent } : {}),
         desiredCapabilities,
@@ -143,7 +146,7 @@ function workflowMatches(agent, input) {
     return [...matches.broad, ...matches.phaseOnly, ...matches.exactPhase];
 }
 function workflowSignalMatches(agent, input) {
-    const requested = [input.workflow, input.phase, input.workflow !== undefined && input.phase !== undefined ? `${input.workflow}:${input.phase}` : undefined]
+    const requested = workflowRequestedSignals(input)
         .filter((value) => value !== undefined)
         .map(normalizeKey);
     if (requested.length === 0)
@@ -154,17 +157,41 @@ function workflowSignalMatches(agent, input) {
     const matches = { broad: [], phaseOnly: [], exactPhase: [] };
     for (const agentWorkflow of agent.workflows) {
         const normalizedWorkflow = normalizeKey(agentWorkflow);
-        if (!requested.includes(normalizedWorkflow))
+        const comparableWorkflow = canonicalSddWorkflowTargetKey(agentWorkflow);
+        if (!requested.includes(normalizedWorkflow) && !requested.includes(comparableWorkflow) && !sddApplyAliasMatches(agentWorkflow, input))
             continue;
-        if (exact !== undefined && normalizedWorkflow === exact)
+        if (exact !== undefined && (normalizedWorkflow === exact || comparableWorkflow === exact))
             matches.exactPhase.push(agentWorkflow);
         else if (phase !== undefined && normalizedWorkflow === phase)
             matches.phaseOnly.push(agentWorkflow);
+        else if (sddApplyAliasMatches(agentWorkflow, input))
+            matches.exactPhase.push(agentWorkflow);
         else
             matches.broad.push(agentWorkflow);
     }
     return matches;
 }
+function canonicalSddWorkflowTargetKey(workflow) {
+    const normalized = normalizeKey(workflow);
+    const separator = normalized.indexOf(':');
+    if (separator <= 0)
+        return normalized;
+    const workflowName = normalized.slice(0, separator);
+    const phase = normalized.slice(separator + 1);
+    if (workflowName !== 'sdd')
+        return normalized;
+    return `${workflowName}:${normalizeSddPhaseInput(phase) ?? phase}`;
+}
+function workflowRequestedSignals(input) {
+    return [input.workflow, input.phase, input.workflow !== undefined && input.phase !== undefined ? `${input.workflow}:${input.phase}` : undefined];
+}
+function sddApplyAliasMatches(agentWorkflow, input) {
+    if (input.phase === undefined || normalizeKey(input.phase) !== 'apply')
+        return false;
+    if (input.workflow !== undefined && !isSddWorkflow(input.workflow))
+        return false;
+    return normalizeKey(agentWorkflow) === 'sdd:apply-progress';
+}
 function phaseSemanticMatchesFor(agent, input) {
     const workflow = input.workflow !== undefined ? normalizeKey(input.workflow) : undefined;
     if (workflow !== undefined && workflow !== 'sdd')
@@ -220,6 +247,9 @@ function normalizeText(value) {
 function normalizeKey(value) {
     return value.trim().toLowerCase();
 }
+function isSddWorkflow(workflow) {
+    return workflow?.trim().toLowerCase() === 'sdd';
+}
 function tokenize(value) {
     const seen = new Set();
     return value

package/dist/agents/canonical-agent-manifest.js

@@ -1,6 +1,8 @@
 import { canonicalBehaviorContractVersion } from '../behavior/behavior-contract-manifest.js';
 export const canonicalDefaultAgentName = 'vgxness-manager';
-export const canonicalPromptContractVersion = 7;
+export const canonicalOpenCodeDefaultModel = 'openai/gpt-5.5';
+export const canonicalOpenCodeManagerReasoningEffort = 'high';
+export const canonicalPromptContractVersion = 9;
 export const canonicalSddSubagentNames = [
     'vgxness-sdd-explore',
     'vgxness-sdd-propose',
@@ -76,13 +78,13 @@ function managerDefinition() {
         builtIn: true,
         name: canonicalDefaultAgentName,
         description: 'Coordinates VGXNESS MCP state and SDD sub-agents while routing Tier 0-2 lightweight work, Tier 3 preflight validation, and Tier 4 formal SDD.',
-        instructions: { kind: 'inline', value: registryManagerInstructions },
+        instructions: { kind: 'inline', value: registryManagerInstructionsV9 },
         capabilities: ['sdd-orchestration', 'agent-routing', 'mcp-coordination', 'project-local-automation'],
         permissions: { read: 'allow', edit: 'ask', shell: 'ask', git: 'ask', memory: 'allow', 'provider-tool': 'deny', secrets: 'deny' },
         memory: { scopes: ['project'] },
         workflows: ['explore', 'quickfix', 'plan', 'build', 'debug', 'sdd', 'agent-seeding', 'opencode-install'],
         skills: ['vgxness-sdd-manager'],
-        adapters: { opencode: { model: 'openai/gpt-5.5', config: { options: { reasoningEffort: 'high', vgxnessPromptContractVersion: canonicalPromptContractVersion, vgxnessBehaviorContractVersion: canonicalBehaviorContractVersion }, permission: { task: createCanonicalOpenCodeSddTaskPermissions() } } } },
+        adapters: { opencode: { model: canonicalOpenCodeDefaultModel, config: { options: { reasoningEffort: canonicalOpenCodeManagerReasoningEffort, vgxnessPromptContractVersion: canonicalPromptContractVersion, vgxnessBehaviorContractVersion: canonicalBehaviorContractVersion }, permission: { task: createCanonicalOpenCodeSddTaskPermissions() } } } },
         providerSupport: commonSupport(),
     };
 }
@@ -101,7 +103,7 @@ function subagentDefinition(name) {
         memory: { scopes: ['project'] },
         workflows: data.workflows,
         skills: data.skills,
-        adapters: { opencode: { model: 'openai/gpt-5.5', config: { hidden: true, options: { vgxnessPromptContractVersion: canonicalPromptContractVersion, vgxnessBehaviorContractVersion: canonicalBehaviorContractVersion } } } },
+        adapters: { opencode: { model: canonicalOpenCodeDefaultModel, config: { hidden: true, options: { vgxnessPromptContractVersion: canonicalPromptContractVersion, vgxnessBehaviorContractVersion: canonicalBehaviorContractVersion } } } },
         providerSupport: commonSupport(),
     };
 }
@@ -114,12 +116,17 @@ export function createCanonicalOpenCodeSddSubagentPrompt(name) {
     const contract = subagentData[name].phaseContract;
     return `${common}\n\nPhase contract: ${contract}\n\nSDD governance v1: SDD artifact acceptance is human-only. Do not mark, describe, or persist generated phase output as accepted unless the user explicitly accepts it or an MCP acceptance record shows a human actor. Before advancing phases, use VGXNESS MCP readiness/status tools so draft, rejected, superseded, or legacy artifacts are not treated as accepted prerequisites. For risky VGX-managed side effects, use VGXNESS run preflight/reporting and include runId, phase, and agent context when available. OpenCode native/provider tools are audit-only and non-hard-blocking in governance v1; do not claim they are hard-blocked by OpenCode config.\n\nProvider-native daily progression: daily SDD progression happens inside OpenCode through conversation, VGXNESS MCP, and hidden SDD subagents. Do not instruct the user to run terminal SDD phase commands for normal daily flow. Return phase output, decisions, changed files, and evidence so the manager can persist artifacts and advance through MCP. Preserve confirmation/preflight requirements for apply, verify, init, archive, edits, shell, git, provider-tool, secrets, destructive, privileged, or ambiguous operations.`;
 }
+/**
+ * Provider runtime prompt for generated provider managers.
+ * This feeds the OpenCode default config and Claude generated agent files; it is
+ * intentionally separate from registry/seed instructions below.
+ */
 export const canonicalOpenCodeManagerPrompt = `# VGXNESS Manager - compact SDD orchestrator
 
-Bind only to the primary \`vgxness-manager\` agent. Executor agents (for example \`vgxness-sdd-apply\`) use their own prompts.
+Bind only to the primary \`vgxness-manager\` agent. Executor agents use their own prompts.
 
 ## Role
-Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to the smallest exact hidden SDD subagent, then synthesize evidence. Coach while coordinating: teach briefly, explain practical tradeoffs, stay realistic about risk/effort/unknowns, respectfully challenge weak assumptions, keep the user comfortable and in control, and avoid lectures or unnecessary verbosity.
+Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to the smallest exact hidden SDD subagent, synthesize evidence. Coach while coordinating: teach briefly, explain practical tradeoffs, stay realistic about risk/effort/unknowns, respectfully challenge weak assumptions, keep the user comfortable and in control, avoid lectures or unnecessary verbosity.
 
 ## Non-negotiable governance
 - SDD artifact acceptance is human-only. Never infer or fabricate acceptance from generated output, subagent/model output, file presence, confidence, or legacy artifacts. Treat draft/rejected/superseded/stale/unaccepted artifacts as not accepted until a human acceptance record exists.
@@ -127,9 +134,8 @@ Coordinate SDD; keep chat thin, use VGXNESS MCP as durable state, delegate to th
 - Before risky VGX-managed side effects (edit, shell/tests, git, network, provider-tool, secrets, external-directory, destructive, privileged, ambiguous), call \`vgxness_run_preflight\` with runId/workflow/phase/agent context when available. If approval/block is required, stop; do not invent approval.
 - Direct human acceptance of an exact SDD artifact via \`vgxness_sdd_accept_artifact\` is not a generic SDD write for manager routing: do not call \`vgxness_run_preflight\` solely for that acceptance when the user explicitly accepted the exact project/change/phase artifact, \`acceptedBy.type\` is \`"human"\`, \`acceptedBy.id\` is non-empty, and status/readiness confirms the artifact is eligible. This shortcut applies only to \`vgxness_sdd_accept_artifact\`, not \`vgxness_sdd_save_artifact\`, edits, shell/tests, git, provider config, memory writes, external paths, secrets, destructive/privileged/ambiguous operations.
 - OpenCode native/provider tools are governance-v1 audit-only/non-hard-blocking. Report warnings; do not say native OpenCode tools are hard-blocked by config.
-- Do not mutate provider/global OpenCode config unless explicitly requested. Do not write to \`openspec/\`. Never revert/overwrite unrelated user work. Preserve \`permission.task\` deny-by-default with only exact known SDD subagents allowed.
-- Do not publish packages unless explicitly requested.
-- Do not change model or reasoning effort.
+- Do not mutate provider/global OpenCode config. Do not write to \`openspec/\`. Do not publish packages unless explicitly requested. Never revert/overwrite unrelated user work. Preserve \`permission.task\` deny-by-default with only exact known SDD subagents allowed.
+- Do not change provider model/reasoning config unless explicitly requested.
 
 ## Flexible governance routing
 Use the lightest safe path: Tier 0-2 direct; Tier 3 preflight/explicit validation; Tier 4 formal SDD for governance, permission model, SDD acceptance, architecture/security, or cross-surface behavior. Provider status/doctor/preview/handoff are read-only audit-only; provider config writes stay gated.
@@ -138,26 +144,41 @@ Use the lightest safe path: Tier 0-2 direct; Tier 3 preflight/explicit validatio
 Daily SDD happens inside OpenCode through conversation, VGXNESS MCP, and hidden SDD subagents. Do not tell users to run terminal SDD phase commands for normal flow. CLI is an escape hatch for bootstrap, doctor, recovery, setup gaps, or explicit request.
 
 ## MCP playbook
-- For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\` with project + workspace; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with current session id and actor \`manager\`; if no id, do not invent one and summarize.
-- SDD artifacts: list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; use \`payloadMode: "compact"\` by default so the primary context stays clean. Use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` only after the appropriate flow. SDD artifacts are not generic memory.
-- Acceptance/readiness: check SDD status/readiness for the exact project/change/phase, confirm explicit human acceptance of that exact artifact, call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId, note/rationale when useful), then re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, and audit warnings before risky/ambiguous transitions and in apply/verify summaries.
+- For starting, resuming, or recovering context: prefer \`vgxness_context_cockpit\`; treat \`vgxness_session_restore\` as one signal, not truth. For ending, pausing, handing off, or compacting: \`vgxness_session_close\` with current session id and actor \`manager\`; if no id, do not invent one and summarize.
+- SDD artifacts: guide state with \`vgxness_sdd_next\`/\`vgxness_sdd_cockpit\`; list/read with \`vgxness_sdd_get_artifact\`/\`vgxness_sdd_list_artifacts\`; prefer \`payloadMode: "compact"\` so the primary context stays clean; use verbose only when required, preferably inside the delegated phase subagent. Save with \`vgxness_sdd_save_artifact\` only after the appropriate flow. Use \`vgxness_sdd_reopen_artifact\` only for rejected artifacts returning to draft, with explicit human actor/audit context. SDD artifacts are not generic memory.
+- Acceptance/readiness: check SDD status/readiness for the exact project/change/phase, confirm explicit human acceptance of that exact artifact, call \`vgxness_sdd_accept_artifact\` directly with audit context (\`acceptedBy.type: "human"\`, non-empty \`acceptedBy.id\`, runId, agentId), then re-check status/readiness before reporting state. Do not add \`vgxness_run_preflight\` solely for that exact direct acceptance call. Ambiguous replies count only when tied to an immediate exact acceptance prompt. Use \`vgxness_governance_report\` for readiness, artifact states, preflight posture, and audit warnings.
 - Memory: call \`vgxness_memory_search\`/\`vgxness_memory_get\` for prior work or unclear context; call \`vgxness_memory_save\` for durable discoveries, decisions, bug fixes, config, patterns, or preferences; use \`vgxness_memory_update\` only to correct/evolve a known id. Do not duplicate full SDD artifacts as memory.
 - Agents/profile/payloads: resolve exact phase with \`vgxness_agent_resolve\`. \`vgxness_agent_activate\`, \`vgxness_opencode_manager_payload\`, and \`vgxness_skill_payload\` are preview context only; agent_activate does not execute a provider or write provider config. Use \`vgxness_manager_profile_get\` before behavior changes; \`vgxness_manager_profile_set\` requires explicit human authorization.
-- Runs: use \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\` for significant implementation/verification or multi-step delegated work; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, and close with \`vgxness_run_finalize\`.
-- Provider diagnostics: \`vgxness_provider_status\` and \`vgxness_provider_doctor\` are read-only reports.
+- Runs/recovery: use \`vgxness_run_start\`/\`vgxness_run_list\`/\`vgxness_run_get\` for run work; checkpoint with \`vgxness_run_checkpoint\`, preflight with \`vgxness_run_preflight\`, and close with \`vgxness_run_finalize\`. Unknown runId: \`vgxness_run_resume_candidates\`. For interrupted runs, inspect with \`vgxness_run_resume_inspect\`, then call \`vgxness_run_resume_gate\` with approvalId from pendingApprovals/inspect before advice; never pass runId as approvalId
+- Provider diagnostics: \`vgxness_provider_status\`/\`vgxness_provider_doctor\` are read-only reports.
 
 ## Minimum flows
 - Simple answer: inline; memory only for prior context; no run by default.
-- Proposal/spec/design/tasks: status/next -> readiness -> read prerequisites -> resolve exact subagent -> delegate -> persist by governance.
-- Apply/verify: require prerequisites -> read artifacts -> resolve exact subagent -> start/recover run -> preflight writes/shell/git/tests -> delegate -> checkpoint -> save output -> finalize when clear.
-- Config/provider/prompt change: inspect manager/profile or payload first; persistent changes require explicit human authorization.
+- Proposal/spec/design/tasks: status/next -> readiness -> prerequisites -> exact subagent -> delegate -> persist by governance.
+- Apply/verify: require prerequisites -> artifacts -> exact subagent -> start/recover run -> preflight writes/shell/git/tests -> delegate -> checkpoint -> save -> finalize.
+- Config/provider/prompt change: inspect manager/profile or payload first; persistent changes need explicit human authorization.
+- Recovery: MCP first. Continue: use \`vgxness_sdd_continue\`; read-only/advisory: no provider execution, run creation, artifact mutation, provider config/openspec writes, or acceptance/apply-progress bypass. CLI \`vgxness sdd continue\` is human fallback only. \`vgxness resume --project\` is for candidate runs; \`vgxness code sdd ... --draft-run\` is a planning-only path, never for apply-progress.
 
 ## Delegation thresholds
 Inline only small decisions, 1-3 file reads, status commands, and atomic one-file mechanical edits. Delegate broad exploration, substantial implementation, writes with analysis/new logic, and execution-heavy verification. Never delegate to unknown agents; use exact SDD phase mapping.
 
 ## Output
 Be concise: delegated work, results, files/decisions, evidence/tests, risks, next step.`;
-const registryManagerInstructions = 'You are the VGXNESS SDD coordinator, not a monolithic executor. Coach briefly while coordinating: explain useful tradeoffs, be realistic about risks and unknowns, respectfully challenge weak assumptions with better options, keep the user comfortable and in control, and stay concise. Use VGXNESS MCP as the durable control plane: restore session context with vgxness_session_restore before inferring start/resume state from chat, and close/pause/compact with vgxness_session_close using actor manager plus an actionable summary when a current session id exists. Check SDD status/next/ready, read prerequisites with sdd_get_artifact or sdd_list_artifacts, save accepted phase output with sdd_save_artifact, search/get/save/update memory only for reusable knowledge, resolve exact SDD subagents before substantial phase work, use runs/checkpoints/preflight/finalize for significant implementation or verification, and use vgxness_provider_status for configured/phase/next questions plus vgxness_provider_doctor for read-only OpenCode MCP/manager health. Prefer payloadMode=compact for manager-facing status/context reads, SDD artifact reads/lists, and activation handoffs so the primary context stays clean; request payloadMode=verbose only when full artifact contents, provider payloads, or skill context are actually needed, preferably inside delegated phase subagents. CLI is an escape hatch for bootstrap, doctor, rollback, recovery, MCP unavailable/setup missing, or explicit user request; do not tell users to run terminal SDD phase commands for normal daily flow. Delegate real SDD phase work to the smallest exact vgxness-sdd-* subagent allowed by permission.task, synthesize results, and persist artifacts/checkpoints. Do not perform substantial multi-file implementation inline. Do not mutate global/provider OpenCode config, install skills, publish packages, or write openspec/ unless explicitly authorized. Checked-in manager and subagent instructions are self-contained; external sdd-* skill files are optional registry assets, not requirements.';
+/**
+ * Registry/seed instructions for the manager agent definition.
+ * These feed the canonical manifest, checked-in seed, boot upgrade, registry
+ * render baselines, and manager profile overlay baselines; they are
+ * intentionally distinct from the provider runtime prompt above.
+ */
+const registryManagerInstructionsV9 = [
+    'You are the VGXNESS SDD coordinator, not a monolithic executor. Coach briefly while coordinating: explain useful tradeoffs, be realistic about risks and unknowns, respectfully challenge weak assumptions with better options, keep the user comfortable and in control, and stay concise.',
+    'Use VGXNESS MCP as the durable control plane: restore session context with vgxness_session_restore before inferring start/resume state from chat, and close/pause/compact with vgxness_session_close using actor manager plus an actionable summary when a current session id exists.',
+    'Check SDD status/next/ready/cockpit, read prerequisites with sdd_get_artifact or sdd_list_artifacts, use public sdd_continue/internal vgxness_sdd_continue first for advisory read-only continuation plans, use sdd_reopen_artifact only for rejected artifacts returning to draft with explicit human actor/audit context, save accepted phase output with sdd_save_artifact, search/get/save/update memory only for reusable knowledge, resolve exact SDD subagents before substantial phase work, use runs/checkpoints/preflight/finalize for significant implementation or verification, use run_resume_candidates for unknown runId, inspect interrupted runs by runId with run_resume_inspect, then call run_resume_gate with approvalId from pendingApprovals/inspect; never pass runId as approvalId; use vgxness_provider_status for configured/phase/next questions plus vgxness_provider_doctor for read-only OpenCode MCP/manager health.',
+    'Prefer payloadMode=compact for manager-facing status/context reads, SDD artifact reads/lists, and activation handoffs so the primary context stays clean; request payloadMode=verbose only when full artifact contents, provider payloads, or skill context are actually needed, preferably inside delegated phase subagents.',
+    'MCP sdd_continue must not execute providers, create runs, mutate artifacts, write provider config/openspec, bypass human acceptance, or treat draft-run as apply-progress.',
+    'CLI is an escape hatch for bootstrap, doctor, rollback, recovery, MCP unavailable/setup missing, or explicit user request; do not tell users to run terminal SDD phase commands for normal daily flow. CLI vgxness sdd continue is a human/manual fallback only; vgxness resume --project is for candidate runs, and vgxness code sdd ... --draft-run is planning-only.',
+    'OpenCode native/provider tools are governance-v1 audit-only/non-hard-blocking; report warnings, never say they are hard-blocked by config.',
+].join(' ');
 const subagentData = {
     'vgxness-sdd-explore': { seedDescription: 'Investigates codebase context and identifies options before proposals.', seedInstructions: 'You are the explore phase executor, not the orchestrator. Do not delegate. Explore repository evidence for the requested SDD change. Do not implement code changes. Return concise findings, risks, and recommended next artifacts.', capabilities: ['sdd-exploration', 'codebase-research', 'discovery'], permissions: { read: 'allow', edit: 'deny', shell: 'ask', git: 'deny', memory: 'allow', 'provider-tool': 'deny', secrets: 'deny' }, workflows: ['sdd:explore'], skills: ['vgxness-sdd-explore'], phaseContract: 'Investigate codebase context, constraints, options, and risks. Do not implement code changes. Return findings and recommended next artifacts.' },
     'vgxness-sdd-propose': { seedDescription: 'Creates focused change proposals from exploration findings.', seedInstructions: 'You are the proposal phase executor, not the orchestrator. Do not delegate. Create a focused SDD proposal from exploration evidence. Do not implement code changes. Identify scope, tradeoffs, non-goals, and acceptance direction.', capabilities: ['sdd-proposal', 'proposal-planning', 'scope-definition'], permissions: { read: 'allow', edit: 'deny', shell: 'deny', git: 'deny', memory: 'allow', 'provider-tool': 'deny', secrets: 'deny' }, workflows: ['sdd:proposal'], skills: ['vgxness-sdd-proposal'], phaseContract: 'Create or refine a focused SDD proposal from exploration evidence. Do not implement code changes. Include scope, tradeoffs, non-goals, and acceptance direction.' },

package/dist/agents/canonical-agent-projection.js

@@ -1,4 +1,4 @@
-import { canonicalAgentManifest, canonicalDefaultAgentName, canonicalOpenCodeManagerPrompt, canonicalPromptContractVersion, canonicalSddSubagentNames, createCanonicalOpenCodeSddSubagentPrompt, createCanonicalOpenCodeSddTaskPermissions, validateCanonicalAgentManifest, } from './canonical-agent-manifest.js';
+import { canonicalAgentManifest, canonicalDefaultAgentName, canonicalOpenCodeManagerReasoningEffort, canonicalOpenCodeManagerPrompt, canonicalPromptContractVersion, canonicalSddSubagentNames, createCanonicalOpenCodeSddSubagentPrompt, createCanonicalOpenCodeSddTaskPermissions, validateCanonicalAgentManifest, } from './canonical-agent-manifest.js';
 export function canonicalManifestValidationErrors(manifest = canonicalAgentManifest) {
     const validation = validateCanonicalAgentManifest(manifest);
     return validation.ok ? [] : validation.errors;
@@ -19,10 +19,10 @@ export function projectCanonicalAgentManifestToOpenCode(manifest = canonicalAgen
             description: 'VGXNESS SDD Manager - coordinates MCP state and SDD sub-agents, avoids inline execution when delegation is safer',
             mode: 'primary',
             ...(manager.adapters?.opencode?.model !== undefined ? { model: manager.adapters.opencode.model } : {}),
-            options: { reasoningEffort: 'high', vgxnessPromptContractVersion: canonicalPromptContractVersion },
-            permission: { task: createCanonicalOpenCodeSddTaskPermissions() },
+            options: { reasoningEffort: canonicalOpenCodeManagerReasoningEffort, vgxnessPromptContractVersion: canonicalPromptContractVersion },
+            permission: openCodePermissionsFor(manager, { task: createCanonicalOpenCodeSddTaskPermissions() }),
             prompt: canonicalOpenCodeManagerPrompt,
-            reasoningEffort: 'high',
+            reasoningEffort: canonicalOpenCodeManagerReasoningEffort,
             tools: { bash: true, delegate: true, delegation_list: true, delegation_read: true, edit: true, read: true, write: true },
             variant: '',
         },
@@ -38,6 +38,7 @@ export function projectCanonicalAgentManifestToOpenCode(manifest = canonicalAgen
             ...(subagent.adapters?.opencode?.model !== undefined ? { model: subagent.adapters.opencode.model } : {}),
             options: { vgxnessPromptContractVersion: canonicalPromptContractVersion },
             prompt: createCanonicalOpenCodeSddSubagentPrompt(name),
+            permission: openCodePermissionsFor(subagent),
             tools: { bash: true, edit: true, read: true, write: true },
         };
     }
@@ -112,6 +113,32 @@ function assertValidCanonicalManifest(manifest) {
     if (errors.length > 0)
         throw new Error(`Invalid canonical agent manifest: ${errors.join('; ')}`);
 }
+function openCodePermissionsFor(agent, additional = {}) {
+    const adapterPermission = asRecord(agent.adapters?.opencode?.config?.permission);
+    return { ...adapterPermission, ...additional, ...mapCanonicalPermissionsToOpenCode(agent.permissions) };
+}
+function mapCanonicalPermissionsToOpenCode(permissions) {
+    const mapped = {};
+    if (permissions === undefined)
+        return mapped;
+    for (const [canonical, openCode] of openCodePermissionMappings) {
+        const decision = permissions[canonical];
+        if (decision !== undefined)
+            mapped[openCode] = decision;
+    }
+    return mapped;
+}
+function asRecord(value) {
+    if (value === null || typeof value !== 'object' || Array.isArray(value))
+        return {};
+    return value;
+}
+const openCodePermissionMappings = [
+    ['read', 'read'],
+    ['edit', 'edit'],
+    ['shell', 'bash'],
+    ['external-directory', 'external_directory'],
+];
 function toSeedAgent(agent) {
     const seed = {
         name: agent.name,

package/dist/cli/cli-help.js

@@ -6,6 +6,9 @@ Global flags:
   --version, -v    Print the installed package version.
 
 Areas:
+  status [--project <name>] [--change <id>] [--db <path>] [--json]
+  next [--project <name>] [--change <id>] [--db <path>] [--json]
+  resume [--project <name>] [--run-id <id>] [--db <path>] [--json]
   init [--project <name>] [--provider opencode|claude|none] [--scope user|project] [--db global|project-local|custom|<path>] [--db-path <path>] [--mode mcp-only|mcp-plus-agents] [--json]
   setup plan [--project <name>] [--provider opencode|claude|none] [--scope user|project] [--db global|project-local|custom|<path>] [--db-path <path>] [--mode mcp-only|mcp-plus-agents] [--json]
   setup apply --yes [--project <name>] [--provider opencode|claude|none] [--scope user|project] [--db global|project-local|custom|<path>] [--db-path <path>] [--mode mcp-only|mcp-plus-agents]
@@ -16,6 +19,10 @@ Areas:
   verification plan --type docs-only|test-only|cli|mcp|sdd-storage|provider-setup|package-release|workflow-runs [--json]
   verification report save --project <name> --change <id> --file <report.json> [--db <path>] [--json]
   verification report get --project <name> --change <id> [--db <path>] [--json]
+  Status answers "where am I?" with the human front-door cockpit.
+  Next answers "what should I do now?" with a shorter next-action view.
+  Resume answers "how do I continue interrupted work?" with run inspection guidance.
+  Without --change or --run-id they stay orientation-only and do not open local memory; with --change or --run-id they read SQLite read-only. Pass --json for automation.
   Setup plan/init default to human-readable read-only output; pass --json for automation. Setup apply writes OpenCode config only with --yes and uses the global user DB plus mcp-plus-agents by default.
   Setup status defaults to human-readable read-only output; pass --json for automation. It never writes provider config or executes providers.
   Doctor defaults to human-readable output; pass --json for automation.
@@ -38,8 +45,8 @@ Areas:
   code plan "<task>" [--json|--events-jsonl] [--max-source-bytes <n>] [--provider fake|openai-compatible] [--model <id>] [--stream] [--transcript off|summary|full] [--memory off|ask|auto]
   code craft-preview "<task>" [--events-jsonl] [--provider fake|openai-compatible] [--model <id>] [--stream]
   code craft "<task>" [--json|--events-jsonl --approval-channel stdio] [--max-source-bytes <n>] [--provider fake|openai-compatible] [--model <id>] [--stream] [--approval-policy ask|allow|deny] [--verification none|suggest|run|repair] [--transcript off|summary|full] [--memory off|ask|auto]
-  code sdd <change> <phase> [--json] [--save-artifact] [--provider fake|openai-compatible] [--model <id>] [--stream] [--verification none|suggest|run|repair] [--transcript off|summary|full] [--memory off|ask|auto]
-  VGXNESS Code inspect and plan are native read-only repository flows. Craft is bounded edit-capable work with approval-gated edits and shell verification; craft JSONL approvals require explicit --approval-channel stdio. SDD mode follows phase-specific artifact boundaries and saves only with --save-artifact.
+  code sdd <change> <phase> [--json] [--save-artifact] [--draft-run] [--provider fake|openai-compatible] [--model <id>] [--stream] [--verification none|suggest|run|repair] [--transcript off|summary|full] [--memory off|ask|auto]
+  VGXNESS Code inspect and plan are native read-only repository flows. Craft is bounded edit-capable work with approval-gated edits and shell verification; craft JSONL approvals require explicit --approval-channel stdio. SDD mode follows phase-specific artifact boundaries and saves only with --save-artifact. --draft-run lets planning phases use draft prerequisites only; human acceptance is still required and apply-progress remains gated.
 
   orchestrator preview --project <name> --intent <text> [--change <id>] [--db <path>]
   Orchestrator preview classifies natural-language requests only; it never executes providers, edits files, records runs, or writes provider config.
@@ -103,16 +110,20 @@ Areas:
 
   sdd status --project <name> --change <id> [--json]
   sdd next --project <name> --change <id> [--json]
+  sdd continue --project <name> --change <id> [--db <path>] [--json]
   sdd cockpit --project <name> --change <id> [--json]
   sdd ready --project <name> --change <id> --phase <phase>
   sdd save-artifact --project <name> --change <id> --phase <phase> --content <text>
   sdd accept-artifact --project <name> --change <id> --phase <phase> --actor <human-id> [--display-name <name>] [--note <text>] [--accepted-at <iso>] [--json] [--db <path>]
+  sdd reopen-artifact --project <name> --change <id> --phase <phase> --actor <human-id> [--display-name <name>] [--note <text>] [--json] [--db <path>]
   sdd get-artifact --project <name> --change <id> --phase <phase> [--json] [--db <path>]
   sdd list-artifacts --project <name> --change <id> [--json] [--db <path>]
   SDD artifact reads use the selected local SQLite memory store via --db, VGXNESS_DB_PATH, or the global default.
-  SDD status, next, get-artifact, and list-artifacts default to human-readable output; pass --json for existing automation shapes.
+  SDD status, next, continue, get-artifact, and list-artifacts default to human-readable output; pass --json for existing automation shapes.
+  SDD continue is a read-only continuation planner; it never executes providers, mutates artifacts, creates runs, writes provider config, or creates openspec/.
   SDD cockpit defaults to human-readable read-only output; pass --json for metadata-only artifact summaries.
   SDD accept-artifact records explicit human-only acceptance; save-artifact remains draft-only and never implies acceptance. --accepted-at requires a timezone and is normalized to UTC ISO. Human output is default; pass --json for content-free success output.
+  SDD reopen-artifact records explicit human-only reopening of rejected artifacts only, moving them back to draft so they can be edited and accepted again.
   sdd export --project <name> --change <id> [--file <package.json>]
   sdd import --project <name> --change <id> --file <package.json> [--write] [--overwrite]
 

package/dist/cli/commands/index.js

@@ -3,6 +3,7 @@ export { runCodeCliCommand, runDefaultInteractiveEntrypoint } from './interactiv
 export { runDoctorAliasCommand, runMcpDoctorCommand, runMcpDoctorOpenCodeCommand, runMcpInstallCommand, runMcpSetupCommand } from './mcp-dispatcher.js';
 export { runMemoryCommand, runMemoryImportCommand, runOpenCodeCommand, runOrchestratorCommand, runSddCommand } from './memory-sdd-dispatcher.js';
 export { runApprovalsCommand, runPermissionsCommand, runRunsCommand } from './run-permission-dispatcher.js';
+export { runProductNextCommand, runProductResumeCommand, runProductStatusCommand } from './status-dispatcher.js';
 export { applySetupPlanInput, collectRunDetails, collectRunInsights, createSetupLifecycleService, promptSetupWizard, readSetupStatus, runInitCommand, runSetupApplyCommand, runSetupBackupCommand, runSetupLifecycleCommand, runSetupPlanCommand, runSetupRollbackCommand, runSetupTuiCommand, setupMcpEvidence, setupPlanInputFromFlags, } from './setup-dispatcher.js';
 export { runWorkflowExecuteCommand, runWorkflowPreviewCommand, runWorkflowRunCommand } from './workflow-dispatcher.js';
 export { runVerificationPlanCommand, runVerificationReportCommand } from './verification-dispatcher.js';

package/dist/cli/commands/interactive-entrypoint-dispatcher.js

@@ -69,6 +69,12 @@ export async function runCodeCliCommand(parsed, environment) {
         return usageFailure('--approval-channel stdio is supported only for code craft --events-jsonl');
     if (eventsJsonl && command !== 'inspect' && command !== 'plan' && command !== 'craft-preview' && approvalChannel.value !== 'stdio')
         return usageFailure('code craft --events-jsonl requires --approval-channel stdio; JSONL without approvals is currently supported only for read-only inspect, plan, and craft-preview');
+    const draftRunFlag = parsed.flags['draft-run'];
+    if (draftRunFlag !== undefined && command !== 'sdd')
+        return usageFailure('--draft-run is supported only for code sdd');
+    if (draftRunFlag !== undefined && draftRunFlag !== true)
+        return usageFailure('--draft-run does not accept a value; use --draft-run for code sdd draft mode');
+    const sddRuntimeMode = draftRunFlag === true ? 'draft-run' : undefined;
     const maxSourceBytes = optionalNumberFlag(parsed.flags, 'max-source-bytes');
     if (!maxSourceBytes.ok)
         return resultFailure(maxSourceBytes);
@@ -109,6 +115,7 @@ export async function runCodeCliCommand(parsed, environment) {
             ...(approvalPolicy.value === undefined ? {} : { approvalPolicy: approvalPolicy.value }),
             ...(verificationMode.value === undefined ? {} : { verificationMode: verificationMode.value }),
             ...(transcriptMode.value === undefined ? {} : { transcriptMode: transcriptMode.value }),
+            ...(sddRuntimeMode === undefined ? {} : { sddRuntimeMode }),
         });
     }
     const selectedDatabasePath = databasePathFor(parsed.flags, environment);
@@ -135,6 +142,7 @@ export async function runCodeCliCommand(parsed, environment) {
             env: environment.env,
             eventsJsonl,
             persistArtifact: parsed.flags['save-artifact'] === true || parsed.flags.persist === true,
+            ...(sddRuntimeMode === undefined ? {} : { sddRuntimeMode }),
             ...(maxSourceBytes.value !== undefined ? { maxSourceBytes: maxSourceBytes.value } : {}),
             ...(approvalPolicy.value === undefined ? {} : { approvalPolicy: approvalPolicy.value }),
             ...(verificationMode.value === undefined ? {} : { verificationMode: verificationMode.value }),

package/dist/cli/commands/memory-sdd-dispatcher.js

@@ -6,14 +6,15 @@ import { planMemoryImportDryRun, validateMemoryImportPackage, writeMemoryImportO
 import { MemoryService } from '../../memory/memory-service.js';
 import { createNaturalLanguagePlan } from '../../orchestrator/natural-language-planner.js';
 import { OpenCodeInjectionPreviewService } from '../../providers/opencode/injection-preview.js';
+import { RunService } from '../../runs/run-service.js';
 import { ArtifactPortabilityService } from '../../sdd/artifact-portability-service.js';
-import { isSddPhase, sddPhases } from '../../sdd/schema.js';
+import { normalizeSddArtifact, normalizeSddPhaseInput, sddPhases } from '../../sdd/schema.js';
 import { SddWorkflowService } from '../../sdd/sdd-workflow-service.js';
 import { SkillRegistryService } from '../../skills/skill-registry-service.js';
 import { acceptedAtFlag, databasePathSelectionFor, optionalNumberFlag, optionalScopeFlag, optionalStringFlag, optionalTrimmedFlag, requiredFlag, requiredTrimmedFlag, scopeFlag, } from '../cli-flags.js';
 import { okText, usageFailure, validationFailure } from '../cli-help.js';
 import { formatMemoryImportValidationErrors, jsonResult, openCliDatabase, readJsonFile, resultFailure, validateMemoryImportMode, writeJsonFile, } from '../cli-helpers.js';
-import { renderSddArtifactAccepted, renderSddCockpit, renderSddArtifactDetail, renderSddArtifactList, renderSddNext, renderSddStatus, } from '../sdd-renderer.js';
+import { renderSddArtifactAccepted, renderSddArtifactReopened, renderSddCockpit, renderSddArtifactDetail, renderSddArtifactList, renderSddContinuationPlan, renderSddNext, renderSddStatus, sddContinuationPlanFrom, } from '../sdd-renderer.js';
 export function runMemoryCommand(command, parsed, database) {
     const handlers = createMemoryToolHandlers({ service: new MemoryService(database), config: { localMemoryEnabled: true } });
     const context = { actor: 'cli' };
@@ -122,6 +123,26 @@ export function runSddCommand(command, parsed, database, environment) {
             return jsonResult(next);
         return okText(renderSddNext({ project: project.value, decision: next.value }));
     }
+    if (command === 'continue') {
+        const next = service.getNext({ project: project.value, change: change.value });
+        if (!next.ok)
+            return jsonResult(next);
+        const cockpit = service.getCockpit({ project: project.value, change: change.value });
+        if (!cockpit.ok)
+            return jsonResult(cockpit);
+        const explicitDatabasePath = optionalStringFlag(parsed.flags, 'db');
+        const relatedRun = new RunService(database).findRelatedInterruptedSddRun({ project: project.value, change: change.value });
+        if (!relatedRun.ok)
+            return jsonResult(relatedRun);
+        const plan = sddContinuationPlanFrom({
+            project: project.value,
+            next: next.value,
+            cockpit: cockpit.value,
+            ...(relatedRun.value === undefined ? {} : { relatedRunContext: relatedRun.value }),
+            ...(explicitDatabasePath === undefined ? {} : { explicitDatabasePath }),
+        });
+        return parsed.flags.json === true ? jsonResult({ ok: true, value: plan }) : okText(renderSddContinuationPlan(plan));
+    }
     if (command === 'cockpit') {
         const cockpit = service.getCockpit({ project: project.value, change: change.value });
         if (!cockpit.ok || parsed.flags.json === true)
@@ -159,7 +180,8 @@ export function runSddCommand(command, parsed, database, environment) {
             return resultFailure(note);
         if (!acceptedAt.ok)
             return resultFailure(acceptedAt);
-        if (!isSddPhase(phase.value))
+        const canonicalPhase = normalizeSddPhaseInput(phase.value);
+        if (canonicalPhase === undefined)
             return resultFailure(validationFailure(`Unknown SDD phase: ${phase.value}. Expected one of: ${sddPhases.join(', ')}`));
         const acceptedBy = {
             type: 'human',
@@ -169,7 +191,7 @@ export function runSddCommand(command, parsed, database, environment) {
         const accepted = service.acceptArtifact({
             project: project.value,
             change: change.value,
-            phase: phase.value,
+            phase: canonicalPhase,
             acceptedBy,
             acceptedAt: acceptedAt.value,
             ...(note.value === undefined ? {} : { note: note.value }),
@@ -179,7 +201,7 @@ export function runSddCommand(command, parsed, database, environment) {
         const view = {
             project: accepted.value.project,
             change: change.value,
-            phase: phase.value,
+            phase: canonicalPhase,
             topicKey: accepted.value.topicKey,
             artifactId: accepted.value.id,
             status: 'accepted',
@@ -189,6 +211,50 @@ export function runSddCommand(command, parsed, database, environment) {
         };
         return parsed.flags.json === true ? jsonResult({ ok: true, value: view }) : okText(renderSddArtifactAccepted(view));
     }
+    if (command === 'reopen-artifact') {
+        const phase = requiredTrimmedFlag(parsed.flags, 'phase');
+        const actor = requiredTrimmedFlag(parsed.flags, 'actor');
+        const displayName = optionalTrimmedFlag(parsed.flags, 'display-name');
+        const note = optionalTrimmedFlag(parsed.flags, 'note');
+        if (!phase.ok)
+            return resultFailure(phase);
+        if (!actor.ok)
+            return resultFailure(actor);
+        if (!displayName.ok)
+            return resultFailure(displayName);
+        if (!note.ok)
+            return resultFailure(note);
+        const canonicalPhase = normalizeSddPhaseInput(phase.value);
+        if (canonicalPhase === undefined)
+            return resultFailure(validationFailure(`Unknown SDD phase: ${phase.value}. Expected one of: ${sddPhases.join(', ')}`));
+        const reopenedBy = {
+            type: 'human',
+            id: actor.value,
+            displayName: displayName.value ?? actor.value,
+        };
+        const reopened = service.reopenArtifact({
+            project: project.value,
+            change: change.value,
+            phase: canonicalPhase,
+            reopenedBy,
+            ...(note.value === undefined ? {} : { note: note.value }),
+        });
+        if (!reopened.ok)
+            return resultFailure(reopened);
+        const normalized = normalizeSddArtifact(reopened.value);
+        const view = {
+            project: reopened.value.project,
+            change: change.value,
+            phase: canonicalPhase,
+            topicKey: reopened.value.topicKey,
+            artifactId: reopened.value.id,
+            status: normalized.metadata.status,
+            reopenedBy,
+            reopenedAt: normalized.metadata.reopen?.reopenedAt ?? normalized.metadata.updatedAt ?? reopened.value.updatedAt,
+            ...(note.value === undefined ? {} : { note: note.value }),
+        };
+        return parsed.flags.json === true ? jsonResult({ ok: true, value: view }) : okText(renderSddArtifactReopened(view));
+    }
     if (command === 'get-artifact') {
         const phase = requiredFlag(parsed.flags, 'phase');
         if (!phase.ok)