vgxness 1.9.4 → 1.9.6

package/dist/agents/canonical-agent-projection.js

@@ -20,7 +20,7 @@ export function projectCanonicalAgentManifestToOpenCode(manifest = canonicalAgen
             mode: 'primary',
             ...(manager.adapters?.opencode?.model !== undefined ? { model: manager.adapters.opencode.model } : {}),
             options: { reasoningEffort: canonicalOpenCodeManagerReasoningEffort, vgxnessPromptContractVersion: canonicalPromptContractVersion },
-            permission: openCodePermissionsFor(manager, { task: createCanonicalOpenCodeSddTaskPermissions() }),
+            permission: { ...openCodePermissionsFor(manager, { task: createCanonicalOpenCodeSddTaskPermissions() }), bash: 'allow' },
             prompt: canonicalOpenCodeManagerPrompt,
             reasoningEffort: canonicalOpenCodeManagerReasoningEffort,
             tools: { bash: true, delegate: true, delegation_list: true, delegation_read: true, edit: true, read: true, write: true },

package/dist/cli/cli-help.js

@@ -72,7 +72,7 @@ Areas:
   mcp doctor [--db <path>] [--project <name>] [--change <id>] [--timeout-ms <ms>]
   MCP setup preview is read-only; it does not install or write .opencode/, .claude/, or provider config.
   Without --db, MCP install and setup commands use the vgxness global default database; pass --db .vgx/memory.sqlite for project-local compatibility.
-  OpenCode install defaults to user/global scope and installs mcp.vgxness plus vgxness-manager and hidden vgxness-sdd-* agents; use --mcp-only for legacy MCP-only config.
+  OpenCode install defaults to user/global scope and installs mcp.vgxness plus top-level permission.bash=ask, vgxness-manager with bash=allow, and hidden vgxness-sdd-* agents with explicit permissions; use --mcp-only for legacy MCP-only config.
   Use --overwrite-vgxness (alias --reinstall) to reinstall only VGXNESS-managed OpenCode entries while preserving unrelated config; --yes is still required to write.
   It writes only after --yes. The default target is $HOME/.config/opencode/opencode.json; use --scope project to target .opencode/opencode.json explicitly.
   Project OpenCode config can override user config. Plans are read-only; applies refuse unsafe existing config and create backups before merge.

package/dist/cli/commands/memory-sdd-dispatcher.js

@@ -8,6 +8,7 @@ import { createNaturalLanguagePlan } from '../../orchestrator/natural-language-p
 import { OpenCodeInjectionPreviewService } from '../../providers/opencode/injection-preview.js';
 import { RunService } from '../../runs/run-service.js';
 import { ArtifactPortabilityService } from '../../sdd/artifact-portability-service.js';
+import { buildSddCockpitSurfaceResponse } from '../../sdd/cockpit-read-model.js';
 import { normalizeSddArtifact, normalizeSddPhaseInput, sddPhases } from '../../sdd/schema.js';
 import { SddWorkflowService } from '../../sdd/sdd-workflow-service.js';
 import { SkillRegistryService } from '../../skills/skill-registry-service.js';
@@ -145,9 +146,12 @@ export function runSddCommand(command, parsed, database, environment) {
     }
     if (command === 'cockpit') {
         const cockpit = service.getCockpit({ project: project.value, change: change.value });
-        if (!cockpit.ok || parsed.flags.json === true)
+        if (!cockpit.ok)
             return jsonResult(cockpit);
-        return okText(renderSddCockpit(cockpit.value));
+        const surface = buildSddCockpitSurfaceResponse(cockpit.value);
+        if (parsed.flags.json === true)
+            return jsonResult({ ok: true, value: surface });
+        return okText(renderSddCockpit(surface));
     }
     if (command === 'ready') {
         const phase = requiredFlag(parsed.flags, 'phase');

package/dist/cli/sdd-renderer.js

@@ -120,21 +120,28 @@ export function renderSddContinuationPlan(plan) {
     return `${lines.join('\n')}\n`;
 }
 export function renderSddCockpit(cockpit) {
-    const blockers = cockpit.aggregateBlockers;
+    const readModel = cockpit.readModel;
+    const blockers = readModel.blockers;
     const lines = [
         'SDD Cockpit (read-only)',
-        `Project: ${cockpit.project}`,
-        `Change: ${cockpit.change}`,
-        `Actionable phase: ${cockpit.actionablePhase ?? 'none'}`,
-        `Next: ${cockpit.next.status}${cockpit.next.nextPhase === undefined ? '' : ` / ${cockpit.next.nextPhase}`}`,
-        `Recommended action: ${cockpit.recommendedAction}`,
-        `Accepted: ${cockpit.acceptedCount}/${cockpit.phases.length}`,
-        `Legacy artifacts: ${cockpit.legacyCount}`,
-        '',
-        'Aggregate blockers:',
+        `Project: ${readModel.project}`,
+        `Change: ${readModel.change}`,
+        `Next action: ${readModel.nextAction.kind}${readModel.nextAction.phase === undefined ? '' : ` / ${readModel.nextAction.phase}`}`,
+        `Recommended action: ${readModel.nextAction.label}`,
+        `Content included: ${readModel.contentIncluded ? 'yes' : 'no'}`,
+        `Accepted: ${readModel.summary.acceptedArtifacts}/${readModel.summary.totalPhases}`,
+        `Legacy artifacts: ${readModel.summary.legacyArtifacts}`,
+        '',
+        'Phases:',
+        ...readModel.phases.map((phase) => `- ${phase.phase}: status=${phase.artifact.status}; accepted=${phase.acceptance.acceptedByHuman ? 'human' : 'no'}; content=${phase.artifact.contentAvailable ? 'metadata-only' : 'none'}; topic=${phase.topicKey}`),
+        '',
+        'Blockers:',
         ...(blockers.length === 0
             ? ['- none']
-            : blockers.map((blocker) => `- ${blocker.kind}: ${blocker.phase} at ${blocker.topicKey} - ${blocker.reason}${blocker.action === undefined ? '' : `; action=${blocker.action}`}`)),
+            : blockers.map((blocker) => `- ${blocker.severity}/${blocker.code}: ${blocker.phase ?? 'change'} at ${blocker.topicKey ?? '-'} - ${blocker.message}${blocker.action === undefined ? '' : `; action=${blocker.action}`}`)),
+        '',
+        'Guidance:',
+        ...readModel.guidance.map((item) => `- ${item}`),
         '',
         `Inspect: ${cockpit.inspectCommand}`,
         `Cockpit JSON: ${cockpit.inspectCommand}`,

package/dist/cli/tui/opentui/setup/smoke.js

@@ -13,7 +13,7 @@ try {
             workspaceRoot: '/tmp/project',
             db: { mode: 'global', path: '/tmp/db.sqlite', source: 'flag' },
             provider: 'opencode',
-            opencode: { scope: 'user', action: 'merge', targetPath: '/tmp/.config/opencode/opencode.json', installsAgents: true, agentNames: ['vgxness-manager'] },
+            opencode: { scope: 'user', action: 'merge', targetPath: '/tmp/.config/opencode/opencode.json', installsAgents: true, agentNames: ['vgxness-manager'], bashPermissionPolicy: { topLevel: 'ask', manager: 'allow' } },
             actions: [
                 {
                     id: 'opencode-merge',

package/dist/mcp/client-install-opencode-contract.js

@@ -34,8 +34,9 @@ export function planOpenCodeMcpInstall(input) {
         mcpOnly: input.mcpOnly,
     });
     const overwriteVgxness = input.overwriteVgxness === true;
+    const bashPermissionPolicy = bashPermissionPolicyFor(agentPlan);
     if (scope === 'user') {
-        return planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan, overwriteVgxness);
+        return planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     const existingTargets = supportedConfigTargets
         .map((relativePath) => ({
@@ -49,35 +50,35 @@ export function planOpenCodeMcpInstall(input) {
                 kind: 'manual-check',
                 message: 'Remove ambiguity by keeping exactly one OpenCode project config target before installing.',
             },
-        ], agentPlan, overwriteVgxness);
+        ], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (existingTargets.length === 0) {
         return {
-            ...baseContract(input.databasePath, databasePathSource, scope, join(input.cwd, '.opencode', 'opencode.json'), false, 'create', agentPlan, overwriteVgxness),
+            ...baseContract(input.databasePath, databasePathSource, scope, join(input.cwd, '.opencode', 'opencode.json'), false, 'create', agentPlan, overwriteVgxness, bashPermissionPolicy),
             status: 'would_install',
             action: 'create',
             targetPath: join(input.cwd, '.opencode', 'opencode.json'),
             backupRequired: false,
             server,
-            preservedTopLevelKeys: agentPlan.installsAgents ? ['$schema', 'instructions', 'default_agent', 'agent', 'mcp'] : ['$schema', 'mcp'],
+            preservedTopLevelKeys: createdConfigKeys(agentPlan),
             existingSchema: null,
         };
     }
     const [target] = existingTargets;
     if (target === undefined)
-        return refusal('ambiguous_target', 'Unable to resolve OpenCode project config target.', input.databasePath, databasePathSource, scope, undefined, [], undefined, overwriteVgxness);
+        return refusal('ambiguous_target', 'Unable to resolve OpenCode project config target.', input.databasePath, databasePathSource, scope, undefined, [], undefined, overwriteVgxness, bashPermissionPolicy);
     if (target.relativePath.endsWith('.jsonc')) {
-        return refusal('unsupported_jsonc', `OpenCode JSONC config ${target.relativePath} is not supported yet; use JSON or remove comments first.`, input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness);
+        return refusal('unsupported_jsonc', `OpenCode JSONC config ${target.relativePath} is not supported yet; use JSON or remove comments first.`, input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     const parsed = parseConfig(target.absolutePath);
     if (!parsed.ok)
-        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness);
+        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     const config = parsed.value;
     if (config.mcp !== undefined && !isRecord(config.mcp)) {
-        return refusal('invalid_mcp_shape', 'Existing top-level mcp must be a JSON object before vgxness can be merged.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness);
+        return refusal('invalid_mcp_shape', 'Existing top-level mcp must be a JSON object before vgxness can be merged.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (isRecord(config.mcp) && Object.hasOwn(config.mcp, 'vgxness') && !overwriteVgxness) {
-        return refusal('existing_vgxness_mcp', 'Existing OpenCode config already contains mcp.vgxness; overwrite is refused by default.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness);
+        return refusal('existing_vgxness_mcp', 'Existing OpenCode config already contains mcp.vgxness; overwrite is refused by default.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     const agentConflict = findConflictingVgxnessAgents(config, agentPlan);
     if (agentConflict.length > 0 && !overwriteVgxness) {
@@ -86,13 +87,16 @@ export function planOpenCodeMcpInstall(input) {
                 kind: 'manual-check',
                 message: `Manually reconcile conflicting VGXNESS agent entries: ${agentConflict.join(', ')}.`,
             },
-        ], agentPlan, overwriteVgxness);
+        ], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (agentPlan.installsAgents && config.agent !== undefined && !isRecord(config.agent)) {
-        return refusal('unsupported_config_shape', 'Existing top-level agent must be a JSON object before VGXNESS agent entries can be merged or overwritten.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness);
+        return refusal('unsupported_config_shape', 'Existing top-level agent must be a JSON object before VGXNESS agent entries can be merged or overwritten.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
+    }
+    if (config.permission !== undefined && !isRecord(config.permission)) {
+        return refusal('unsupported_config_shape', 'Existing top-level permission must be a JSON object before VGXNESS can set top-level permission.bash to ask.', input.databasePath, databasePathSource, scope, target.absolutePath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     return {
-        ...baseContract(input.databasePath, databasePathSource, scope, target.absolutePath, true, 'merge-preserve-existing', agentPlan, overwriteVgxness),
+        ...baseContract(input.databasePath, databasePathSource, scope, target.absolutePath, true, 'merge-preserve-existing', agentPlan, overwriteVgxness, bashPermissionPolicy),
         status: 'would_install',
         action: 'merge',
         targetPath: target.absolutePath,
@@ -102,40 +106,40 @@ export function planOpenCodeMcpInstall(input) {
         existingSchema: typeof config.$schema === 'string' ? config.$schema : opencodeConfigSchema,
     };
 }
-function planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan, overwriteVgxness) {
+function planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan, overwriteVgxness, bashPermissionPolicy) {
     const target = resolveOpenCodeMcpInstallTarget({
         cwd: input.cwd,
         scope: 'user',
         env: input.env,
     });
     if (!target.ok) {
-        return refusal('unsupported_config_shape', target.message, input.databasePath, databasePathSource, 'user', undefined, [], undefined, overwriteVgxness);
+        return refusal('unsupported_config_shape', target.message, input.databasePath, databasePathSource, 'user', undefined, [], undefined, overwriteVgxness, bashPermissionPolicy);
     }
     const jsoncPath = `${target.path}c`;
     if (existsSync(jsoncPath)) {
-        return refusal('unsupported_jsonc', 'OpenCode user JSONC config opencode.jsonc is not supported yet; use JSON or remove comments first.', input.databasePath, databasePathSource, 'user', jsoncPath, [], agentPlan, overwriteVgxness);
+        return refusal('unsupported_jsonc', 'OpenCode user JSONC config opencode.jsonc is not supported yet; use JSON or remove comments first.', input.databasePath, databasePathSource, 'user', jsoncPath, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (!existsSync(target.path)) {
         return {
-            ...baseContract(input.databasePath, databasePathSource, 'user', target.path, false, 'create', agentPlan, overwriteVgxness),
+            ...baseContract(input.databasePath, databasePathSource, 'user', target.path, false, 'create', agentPlan, overwriteVgxness, bashPermissionPolicy),
             status: 'would_install',
             action: 'create',
             targetPath: target.path,
             backupRequired: false,
             server,
-            preservedTopLevelKeys: agentPlan.installsAgents ? ['$schema', 'instructions', 'default_agent', 'agent', 'mcp'] : ['$schema', 'mcp'],
+            preservedTopLevelKeys: createdConfigKeys(agentPlan),
             existingSchema: null,
         };
     }
     const parsed = parseConfig(target.path);
     if (!parsed.ok)
-        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness);
+        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     const config = parsed.value;
     if (config.mcp !== undefined && !isRecord(config.mcp)) {
-        return refusal('invalid_mcp_shape', 'Existing top-level mcp must be a JSON object before vgxness can be merged.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness);
+        return refusal('invalid_mcp_shape', 'Existing top-level mcp must be a JSON object before vgxness can be merged.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (isRecord(config.mcp) && Object.hasOwn(config.mcp, 'vgxness') && !overwriteVgxness) {
-        return refusal('existing_vgxness_mcp', 'Existing OpenCode config already contains mcp.vgxness; overwrite is refused by default.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness);
+        return refusal('existing_vgxness_mcp', 'Existing OpenCode config already contains mcp.vgxness; overwrite is refused by default.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     const agentConflict = findConflictingVgxnessAgents(config, agentPlan);
     if (agentConflict.length > 0 && !overwriteVgxness) {
@@ -144,13 +148,16 @@ function planUserOpenCodeMcpInstall(input, databasePathSource, server, agentPlan
                 kind: 'manual-check',
                 message: `Manually reconcile conflicting VGXNESS agent entries: ${agentConflict.join(', ')}.`,
             },
-        ], agentPlan, overwriteVgxness);
+        ], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (agentPlan.installsAgents && config.agent !== undefined && !isRecord(config.agent)) {
-        return refusal('unsupported_config_shape', 'Existing top-level agent must be a JSON object before VGXNESS agent entries can be merged or overwritten.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness);
+        return refusal('unsupported_config_shape', 'Existing top-level agent must be a JSON object before VGXNESS agent entries can be merged or overwritten.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
+    }
+    if (config.permission !== undefined && !isRecord(config.permission)) {
+        return refusal('unsupported_config_shape', 'Existing top-level permission must be a JSON object before VGXNESS can set top-level permission.bash to ask.', input.databasePath, databasePathSource, 'user', target.path, [], agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     return {
-        ...baseContract(input.databasePath, databasePathSource, 'user', target.path, true, 'merge-preserve-existing', agentPlan, overwriteVgxness),
+        ...baseContract(input.databasePath, databasePathSource, 'user', target.path, true, 'merge-preserve-existing', agentPlan, overwriteVgxness, bashPermissionPolicy),
         status: 'would_install',
         action: 'merge',
         targetPath: target.path,
@@ -213,7 +220,7 @@ function deepEqual(left, right) {
     const rightKeys = Object.keys(right).sort();
     return leftKeys.length === rightKeys.length && leftKeys.every((key, index) => key === rightKeys[index] && deepEqual(left[key], right[key]));
 }
-function baseContract(databasePath, source, scope, targetPath, backupRequired, mergePolicy, agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false) {
+function baseContract(databasePath, source, scope, targetPath, backupRequired, mergePolicy, agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
     return {
         version: 1,
         kind: 'mcp-client-install-opencode',
@@ -228,17 +235,18 @@ function baseContract(databasePath, source, scope, targetPath, backupRequired, m
             mergePolicy,
         },
         scope,
-        warnings: warningsForScope(scope, overwriteVgxness, agentPlan),
+        warnings: warningsForScope(scope, overwriteVgxness, agentPlan, bashPermissionPolicy),
         verificationHints: verificationHints(databasePath, source),
         manualTest: manualTestForScope(scope, databasePath, source),
         installsAgents: agentPlan.installsAgents,
         agentNames: agentPlan.agentNames,
         overwriteVgxness,
+        bashPermissionPolicy,
         ...(agentPlan.defaultAgent !== undefined ? { defaultAgent: agentPlan.defaultAgent } : {}),
     };
 }
-function refusal(reason, message, databasePath, source, scope, targetPath, extraVerificationHints = [], agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false) {
-    const contract = baseContract(databasePath, source, scope, targetPath, false, 'refuse-no-clobber', agentPlan, overwriteVgxness);
+function refusal(reason, message, databasePath, source, scope, targetPath, extraVerificationHints = [], agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
+    const contract = baseContract(databasePath, source, scope, targetPath, false, 'refuse-no-clobber', agentPlan, overwriteVgxness, bashPermissionPolicy);
     return {
         ...contract,
         verificationHints: [...extraVerificationHints, ...contract.verificationHints],
@@ -248,20 +256,29 @@ function refusal(reason, message, databasePath, source, scope, targetPath, extra
         ...(targetPath !== undefined ? { targetPath } : {}),
     };
 }
-function warningsForScope(scope, overwriteVgxness, agentPlan) {
+function warningsForScope(scope, overwriteVgxness, agentPlan, bashPermissionPolicy) {
     const overwriteWarnings = overwriteVgxness
         ? [
             `Reinstall/overwrite is enabled: existing VGXNESS-managed OpenCode entries will be replaced (${agentPlan.installsAgents ? 'mcp.vgxness, default_agent, instructions AGENTS.md, and known VGXNESS agents' : 'mcp.vgxness only'}); unrelated OpenCode config is preserved.`,
         ]
         : [];
+    const bashWarnings = bashPermissionPolicy.manager === 'allow' ? ['OpenCode top-level permission.bash is set to ask; the VGXNESS manager agent allows bash while SDD subagents keep explicit permissions.'] : ['OpenCode top-level permission.bash is set to ask.'];
     if (scope === 'project')
-        return ['Restart OpenCode after installation so it reloads the project MCP config.', ...overwriteWarnings];
+        return ['Restart OpenCode after installation so it reloads the project MCP config.', ...overwriteWarnings, ...bashWarnings];
     return [
         'Restart OpenCode after installation so it reloads the user MCP config.',
         'OpenCode project config may override user config for a workspace; check project-level config if vgxness is not visible.',
         ...overwriteWarnings,
+        ...bashWarnings,
     ];
 }
+function bashPermissionPolicyFor(agentPlan) {
+    return agentPlan.installsAgents ? { topLevel: 'ask', manager: 'allow' } : { topLevel: 'ask' };
+}
+function createdConfigKeys(agentPlan) {
+    const keys = agentPlan.installsAgents ? ['$schema', 'instructions', 'default_agent', 'agent', 'mcp'] : ['$schema', 'mcp'];
+    return [...keys, 'permission'];
+}
 function manualTestForScope(scope, databasePath, source) {
     if (scope === 'project') {
         return {

package/dist/mcp/client-install-opencode.js

@@ -28,7 +28,7 @@ export async function installOpenCodeMcpClient(input) {
         ...(input.overwriteVgxness !== undefined ? { overwriteVgxness: input.overwriteVgxness } : {}),
     });
     if (!input.confirmed) {
-        return refusal('confirmation_required', confirmationRequiredMessage(plan.scope), input.databasePath, databasePathSource, server, confirmationRequiredSafety(plan), 'targetPath' in plan ? plan.targetPath : undefined, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness);
+        return refusal('confirmation_required', confirmationRequiredMessage(plan.scope), input.databasePath, databasePathSource, server, confirmationRequiredSafety(plan), 'targetPath' in plan ? plan.targetPath : undefined, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
     }
     if (plan.status === 'refused')
         return refusalFromPlan(plan, input.databasePath, databasePathSource, server);
@@ -36,32 +36,32 @@ export async function installOpenCodeMcpClient(input) {
         if (existsSync(plan.targetPath)) {
             const reparsed = parseConfig(plan.targetPath);
             if (!reparsed.ok)
-                return refusal(reparsed.reason, reparsed.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness);
+                return refusal(reparsed.reason, reparsed.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
             const conflictingAgents = findConflictingVgxnessAgents(reparsed.value, agentPlan, {
                 effectiveManagerInstructions: input.effectiveManagerInstructions,
             });
             if (conflictingAgents.length > 0 && input.overwriteVgxness !== true)
-                return agentConflictRefusal(conflictingAgents, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan);
-            return refusal('unsupported_config_shape', 'OpenCode config appeared after planning; rerun setup apply so it can be merged safely without overwriting user config.', input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness);
+                return agentConflictRefusal(conflictingAgents, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.bashPermissionPolicy);
+            return refusal('unsupported_config_shape', 'OpenCode config appeared after planning; rerun setup apply so it can be merged safely without overwriting user config.', input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
         }
         writeConfig(plan.targetPath, mergeVgxnessOpenCodeConfig({ $schema: opencodeConfigSchema }, plan.server, plan.installsAgents, input.effectiveManagerInstructions));
-        return validateInstalledResult(plan.targetPath, undefined, server, input.databasePath, databasePathSource, applySafety(plan), plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness);
+        return validateInstalledResult(plan.targetPath, undefined, server, input.databasePath, databasePathSource, applySafety(plan), plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
     }
     const parsed = parseConfig(plan.targetPath);
     if (!parsed.ok)
-        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness);
+        return refusal(parsed.reason, parsed.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
     const conflictingAgents = findConflictingVgxnessAgents(parsed.value, agentPlan, {
         effectiveManagerInstructions: input.effectiveManagerInstructions,
     });
     if (conflictingAgents.length > 0 && input.overwriteVgxness !== true)
-        return agentConflictRefusal(conflictingAgents, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan);
+        return agentConflictRefusal(conflictingAgents, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.bashPermissionPolicy);
     const backup = createBackup(plan.targetPath, plan.scope);
     if (!backup.ok)
-        return refusal('post_write_validation_failed', backup.error.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness);
+        return refusal('post_write_validation_failed', backup.error.message, input.databasePath, databasePathSource, server, applySafety(plan), plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
     const config = parsed.value;
     const mergedConfig = mergeVgxnessOpenCodeConfig({ ...config, $schema: plan.existingSchema ?? opencodeConfigSchema }, plan.server, plan.installsAgents, input.effectiveManagerInstructions);
     writeConfig(plan.targetPath, mergedConfig);
-    return validateInstalledResult(plan.targetPath, backup.value, server, input.databasePath, databasePathSource, applySafety(plan), plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness);
+    return validateInstalledResult(plan.targetPath, backup.value, server, input.databasePath, databasePathSource, applySafety(plan), plan.verificationHints, plan.warnings, plan.manualTest, agentPlan, plan.overwriteVgxness, plan.bashPermissionPolicy);
 }
 function mergeVgxnessOpenCodeConfig(config, server, installsAgents, effectiveManagerInstructions) {
     const merged = {
@@ -75,6 +75,7 @@ function mergeVgxnessOpenCodeConfig(config, server, installsAgents, effectiveMan
         merged.default_agent = defaults.defaultAgent;
         merged.agent = { ...(isRecord(config.agent) ? config.agent : {}), ...defaults.agents };
     }
+    merged.permission = { ...(isRecord(config.permission) ? config.permission : {}), bash: 'ask' };
     return merged;
 }
 function mergeOpenCodeInstructions(existing) {
@@ -106,21 +107,25 @@ function createBackup(path, scope) {
         description: 'Backup existing OpenCode config before merging VGXNESS MCP configuration.',
     });
 }
-function validateInstalledResult(targetPath, backup, server, databasePath, source, safety, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness = false) {
+function validateInstalledResult(targetPath, backup, server, databasePath, source, safety, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness = false, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
     const parsed = parseConfig(targetPath);
     if (!parsed.ok)
-        return refusal('post_write_validation_failed', 'OpenCode config could not be re-read after write.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan);
+        return refusal('post_write_validation_failed', 'OpenCode config could not be re-read after write.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, bashPermissionPolicy);
     const mcp = parsed.value.mcp;
     const installed = isRecord(mcp) ? mcp.vgxness : undefined;
     if (!isOpenCodeLocalMcpServerConfig(installed)) {
-        return refusal('post_write_validation_failed', 'OpenCode config was written but mcp.vgxness did not validate.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan);
+        return refusal('post_write_validation_failed', 'OpenCode config was written but mcp.vgxness did not validate.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, bashPermissionPolicy);
     }
     if (agentPlan.installsAgents) {
         const agent = parsed.value.agent;
         if (!isRecord(agent) || parsed.value.default_agent !== agentPlan.defaultAgent || agentPlan.agentNames.some((name) => !isRecord(agent[name]))) {
-            return refusal('post_write_validation_failed', 'OpenCode config was written but VGXNESS agent entries did not validate.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan);
+            return refusal('post_write_validation_failed', 'OpenCode config was written but VGXNESS agent entries did not validate.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, bashPermissionPolicy);
         }
     }
+    const permission = parsed.value.permission;
+    if (!isRecord(permission) || permission.bash !== 'ask') {
+        return refusal('post_write_validation_failed', 'OpenCode config was written but top-level permission.bash did not validate as ask.', databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, overwriteVgxness, bashPermissionPolicy);
+    }
     return {
         version: 1,
         kind: 'mcp-client-install-opencode',
@@ -135,6 +140,7 @@ function validateInstalledResult(targetPath, backup, server, databasePath, sourc
         installsAgents: agentPlan.installsAgents,
         agentNames: agentPlan.agentNames,
         overwriteVgxness,
+        bashPermissionPolicy,
         ...(agentPlan.defaultAgent !== undefined ? { defaultAgent: agentPlan.defaultAgent } : {}),
     };
 }
@@ -159,7 +165,7 @@ function isOpenCodeLocalMcpServerConfig(value) {
 function isRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
 }
-function refusal(reason, message, databasePath, source, server, safety, targetPath, verificationHints = defaultVerificationHints(databasePath, source), warningMessages = warnings(), manualTestGuidance = manualTest(databasePath, source), agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false) {
+function refusal(reason, message, databasePath, source, server, safety, targetPath, verificationHints = defaultVerificationHints(databasePath, source), warningMessages = warnings(), manualTestGuidance = manualTest(databasePath, source), agentPlan = createOpenCodeDefaultAgentInstallPlan({ mcpOnly: true }), overwriteVgxness = false, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
     return {
         version: 1,
         kind: 'mcp-client-install-opencode',
@@ -175,14 +181,15 @@ function refusal(reason, message, databasePath, source, server, safety, targetPa
         installsAgents: agentPlan.installsAgents,
         agentNames: agentPlan.agentNames,
         overwriteVgxness,
+        bashPermissionPolicy,
         ...(agentPlan.defaultAgent !== undefined ? { defaultAgent: agentPlan.defaultAgent } : {}),
     };
 }
 function refusalFromPlan(plan, databasePath, source, server) {
-    return refusal(plan.reason, plan.message, databasePath, source, server, plan.safety, plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, plan, plan.overwriteVgxness);
+    return refusal(plan.reason, plan.message, databasePath, source, server, plan.safety, plan.targetPath, plan.verificationHints, plan.warnings, plan.manualTest, plan, plan.overwriteVgxness, plan.bashPermissionPolicy);
 }
-function agentConflictRefusal(conflictingAgents, databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan) {
-    return refusal('existing_vgxness_agent', `Existing OpenCode config contains custom VGXNESS agent entries that would be overwritten: ${conflictingAgents.join(', ')}. Remove, rename, or manually reconcile them before installing.`, databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan);
+function agentConflictRefusal(conflictingAgents, databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, bashPermissionPolicy = bashPermissionPolicyFor(agentPlan)) {
+    return refusal('existing_vgxness_agent', `Existing OpenCode config contains custom VGXNESS agent entries that would be overwritten: ${conflictingAgents.join(', ')}. Remove, rename, or manually reconcile them before installing.`, databasePath, source, server, safety, targetPath, verificationHints, warningMessages, manualTestGuidance, agentPlan, false, bashPermissionPolicy);
 }
 function applySafety(plan) {
     return {
@@ -206,7 +213,7 @@ function confirmationRequiredMessage(scope) {
     return `\`mcp install opencode\` requires explicit --yes before any ${scope} config write.`;
 }
 function warnings() {
-    return ['Restart OpenCode after installation so it reloads the project MCP config.'];
+    return ['Restart OpenCode after installation so it reloads the project MCP config.', 'OpenCode top-level permission.bash is set to ask; the VGXNESS manager agent allows bash while SDD subagents keep explicit permissions.'];
 }
 function manualTest(databasePath, source) {
     return {
@@ -222,3 +229,6 @@ function defaultVerificationHints(databasePath, source) {
         { kind: 'command', message: 'Run the MCP doctor command after installation.', command: createVgxnessMcpDoctorCommand(databasePath, source) },
     ];
 }
+function bashPermissionPolicyFor(agentPlan) {
+    return agentPlan.installsAgents ? { topLevel: 'ask', manager: 'allow' } : { topLevel: 'ask' };
+}

package/dist/mcp/control-plane.js

@@ -9,6 +9,7 @@ import { prepareMemoryDatabasePath, resolveMemoryDatabasePath } from '../memory/
 import { OpenCodeManagerPayloadService } from '../providers/opencode/manager-payload.js';
 import { RunService } from '../runs/run-service.js';
 import { sddContinuationPlanFrom } from '../sdd/sdd-continuation-plan.js';
+import { buildSddCockpitSurfaceResponse } from '../sdd/cockpit-read-model.js';
 import { SddWorkflowService } from '../sdd/sdd-workflow-service.js';
 import { SkillRegistryService } from '../skills/skill-registry-service.js';
 import { VerificationPlanService } from '../verification/index.js';
@@ -43,7 +44,7 @@ export function callVgxTool(call, services) {
         case 'vgxness_sdd_next':
             return toEnvelope(validated.tool, services.sdd.getNext(validated.input));
         case 'vgxness_sdd_cockpit':
-            return toEnvelope(validated.tool, services.sdd.getCockpit(validated.input));
+            return toEnvelope(validated.tool, mapMemoryResult(services.sdd.getCockpit(validated.input), buildSddCockpitSurfaceResponse));
         case 'vgxness_sdd_continue':
             return sddContinueEnvelope(validated.input, services);
         case 'vgxness_governance_report':
@@ -405,6 +406,9 @@ function runResumeCandidatesEnvelope(input, services) {
 function toEnvelope(tool, result) {
     return result.ok ? successEnvelope(tool, result.value) : errorEnvelope(result.error.code, result.error.message, tool);
 }
+function mapMemoryResult(result, project) {
+    return result.ok ? { ok: true, value: project(result.value) } : result;
+}
 function resolveControlPlaneDatabasePath(options) {
     if (options.databasePath !== undefined)
         return { ok: true, value: options.databasePath };

package/dist/mcp/stdio-server.js

@@ -66,7 +66,7 @@ function descriptionForTool(publicToolName) {
     if (publicToolName === 'context_cockpit')
         return 'Read-only context cockpit for start/resume/recovery; returns latest restorable session plus bounded memory previews without traces, provider config writes, repository writes, runs, artifacts, or session mutations.';
     if (publicToolName === 'sdd_cockpit')
-        return 'Read-only SDD cockpit summary with next decision, explicit acceptance state, metadata-only artifact summaries, and aggregate blockers.';
+        return 'Read-only SDD cockpit summary with raw compatibility fields plus additive readModel; metadata-only artifact summaries, no artifact bodies, and explicit human acceptance semantics.';
     if (publicToolName === 'sdd_continue')
         return 'Read-only SDD continuation planner; returns blocker actions, safe suggested commands, related interrupted run context, and safety notes without provider execution, run creation, artifact mutation, provider config writes, or openspec writes.';
     const toolName = toInternalVgxMcpToolName(publicToolName);

package/dist/sdd/cockpit-read-model.js

@@ -0,0 +1,192 @@
+import { sddPhases, sddPrerequisites } from './schema.js';
+export class SddCockpitReadModelService {
+    workflow;
+    constructor(workflow) {
+        this.workflow = workflow;
+    }
+    getReadModel(input) {
+        const cockpit = this.workflow.getCockpit(input);
+        if (!cockpit.ok)
+            return cockpit;
+        return { ok: true, value: buildSddCockpitReadModel(cockpit.value) };
+    }
+    getSurfaceResponse(input) {
+        const cockpit = this.workflow.getCockpit(input);
+        if (!cockpit.ok)
+            return cockpit;
+        return { ok: true, value: buildSddCockpitSurfaceResponse(cockpit.value) };
+    }
+}
+export function buildSddCockpitSurfaceResponse(cockpit) {
+    return { ...cockpit, readModel: buildSddCockpitReadModel(cockpit) };
+}
+export function buildSddCockpitReadModel(cockpit) {
+    const phases = cockpit.phases.map((phase) => toPhaseReadModel(phase));
+    const blockers = toReadBlockers(cockpit);
+    const nextAction = chooseNextAction(cockpit, phases);
+    return {
+        project: cockpit.project,
+        change: cockpit.change,
+        phases,
+        nextAction,
+        blockers,
+        guidance: guidanceFor(cockpit, nextAction, blockers),
+        summary: summarize(phases),
+        contentIncluded: false,
+    };
+}
+function toPhaseReadModel(phase) {
+    const status = artifactReadStatus(phase);
+    const contentAvailable = phase.present && phase.artifact !== undefined;
+    const reasons = phase.blockers.map((blocker) => blocker.action ?? blocker.reason);
+    const canAccept = phase.present && !phase.accepted && status === 'draft';
+    const canReview = contentAvailable && status === 'draft';
+    return {
+        phase: phase.phase,
+        label: phaseLabel(phase.phase),
+        topicKey: phase.topicKey,
+        artifact: {
+            exists: phase.present,
+            status,
+            contentAvailable,
+            topicKey: phase.topicKey,
+            ...(phase.artifact?.artifactId === undefined ? {} : { artifactId: phase.artifact.artifactId }),
+            ...(phase.artifact?.createdAt === undefined ? {} : { createdAt: phase.artifact.createdAt }),
+            ...(phase.artifact?.updatedAt === undefined ? {} : { updatedAt: phase.artifact.updatedAt }),
+        },
+        acceptance: {
+            accepted: phase.accepted,
+            acceptedByHuman: phase.artifact?.acceptance?.actor.type === 'human',
+            ...(phase.artifact?.acceptance === undefined ? {} : { acceptance: phase.artifact.acceptance }),
+            requiredForNextPhase: isRequiredForLaterPhase(phase.phase),
+        },
+        actionability: {
+            canGenerate: !phase.present && phase.readiness.ready,
+            canReview,
+            canAccept,
+            canReopen: phase.present && status === 'rejected',
+            blocked: !phase.readiness.ready || phase.blockers.length > 0,
+            reasons,
+        },
+        guidance: guidanceForPhase(phase, status, canAccept),
+    };
+}
+function artifactReadStatus(phase) {
+    if (!phase.present)
+        return 'missing';
+    if (phase.legacy)
+        return 'legacy';
+    const state = phase.state;
+    if (state === 'draft' || state === 'accepted' || state === 'rejected' || state === 'superseded' || state === 'missing')
+        return state;
+    return 'unknown';
+}
+function chooseNextAction(cockpit, phases) {
+    const reviewable = phases.find((phase) => phase.actionability.canReview);
+    if (reviewable !== undefined) {
+        return {
+            kind: 'review-artifact',
+            phase: reviewable.phase,
+            label: `Review ${reviewable.phase} artifact and accept it only after explicit human approval.`,
+            requiresConfirmation: false,
+        };
+    }
+    const generatable = phases.find((phase) => phase.actionability.canGenerate);
+    if (generatable !== undefined) {
+        return {
+            kind: 'generate-artifact',
+            phase: generatable.phase,
+            label: `Generate or create the ${generatable.phase} SDD artifact.`,
+            requiresConfirmation: false,
+        };
+    }
+    if (cockpit.next.status === 'complete') {
+        return { kind: 'none', label: 'All SDD phases are human-accepted.', requiresConfirmation: false };
+    }
+    if (cockpit.next.nextPhase !== undefined) {
+        const nextPhase = phases.find((phase) => phase.phase === cockpit.next.nextPhase);
+        return {
+            kind: 'continue-workflow',
+            phase: cockpit.next.nextPhase,
+            label: safeRecommendedAction(cockpit.recommendedAction, nextPhase),
+            requiresConfirmation: false,
+        };
+    }
+    return { kind: 'none', label: cockpit.recommendedAction, requiresConfirmation: false };
+}
+function safeRecommendedAction(recommendedAction, phase) {
+    if (phase === undefined)
+        return recommendedAction;
+    if (!/accept/i.test(recommendedAction))
+        return recommendedAction;
+    if (phase.artifact.status === 'draft')
+        return recommendedAction;
+    if (phase.artifact.status === 'rejected')
+        return `Reopen the ${phase.phase} artifact before further review.`;
+    if (phase.artifact.status === 'superseded')
+        return `Generate or inspect the current canonical ${phase.phase} artifact; superseded metadata is not actionable.`;
+    if (phase.artifact.status === 'legacy')
+        return `Inspect legacy ${phase.phase} metadata before using it in the current SDD flow.`;
+    return recommendedAction;
+}
+function toReadBlockers(cockpit) {
+    return cockpit.aggregateBlockers.map((blocker) => ({
+        phase: blocker.phase,
+        topicKey: blocker.topicKey,
+        code: blocker.kind,
+        message: blocker.reason,
+        severity: blocker.kind === 'missing-topic-key' ? 'info' : 'blocking',
+        ...(blocker.action === undefined ? {} : { action: blocker.action }),
+        ...(blocker.artifactId === undefined ? {} : { artifactId: blocker.artifactId }),
+    }));
+}
+function summarize(phases) {
+    return {
+        totalPhases: phases.length,
+        presentArtifacts: phases.filter((phase) => phase.artifact.exists).length,
+        acceptedArtifacts: phases.filter((phase) => phase.acceptance.accepted).length,
+        missingArtifacts: phases.filter((phase) => phase.artifact.status === 'missing').length,
+        draftArtifacts: phases.filter((phase) => phase.artifact.status === 'draft').length,
+        rejectedArtifacts: phases.filter((phase) => phase.artifact.status === 'rejected').length,
+        supersededArtifacts: phases.filter((phase) => phase.artifact.status === 'superseded').length,
+        legacyArtifacts: phases.filter((phase) => phase.artifact.status === 'legacy').length,
+        isComplete: phases.length === sddPhases.length && phases.every((phase) => phase.acceptance.accepted),
+    };
+}
+function guidanceFor(cockpit, nextAction, blockers) {
+    const phaseStatusByName = new Map(cockpit.phases.map((phase) => [phase.phase, artifactReadStatus(phase)]));
+    const guidance = [nextAction.label];
+    if (cockpit.phases.some((phase) => artifactReadStatus(phase) === 'draft' && !phase.accepted)) {
+        guidance.push('Artifact presence alone does not count as acceptance; explicit human acceptance is required for drafts.');
+    }
+    if (cockpit.next.blockerGuidance !== undefined) {
+        guidance.push(...cockpit.next.blockerGuidance
+            .filter((blocker) => phaseStatusByName.get(blocker.phase) === 'draft' || !/accept/i.test(blocker.action))
+            .map((blocker) => blocker.action));
+    }
+    return [...new Set(guidance)];
+}
+function guidanceForPhase(phase, status, canAccept) {
+    if (status === 'missing')
+        return [`Create the ${phase.phase} artifact when prerequisites are ready.`];
+    if (canAccept)
+        return [`Review ${phase.topicKey}; accept only after explicit human approval.`];
+    if (status === 'accepted')
+        return ['Accepted artifact metadata is available; full content is omitted from this read model.'];
+    if (status === 'rejected')
+        return ['Rejected artifact metadata is available; reopen it before further review.'];
+    if (status === 'superseded')
+        return ['Superseded artifact metadata is available; generate or inspect the current canonical artifact instead.'];
+    if (status === 'legacy')
+        return ['Legacy artifact metadata requires inspection before it can be used for current SDD flow.'];
+    return phase.blockers.map((blocker) => blocker.action ?? blocker.reason);
+}
+function phaseLabel(phase) {
+    return phase
+        .split('-')
+        .map((part) => `${part.slice(0, 1).toUpperCase()}${part.slice(1)}`)
+        .join(' ');
+}
+function isRequiredForLaterPhase(phase) {
+    return sddPhases.some((candidate) => sddPrerequisites[candidate].includes(phase));
+}

package/dist/sdd/cockpit-types.js

@@ -0,0 +1 @@
+export {};

package/dist/setup/providers/opencode-setup-adapter.js

@@ -61,8 +61,8 @@ export const openCodeSetupAdapter = {
             writesProviderConfig: false,
             summary: contract.status === 'would_install'
                 ? contract.overwriteVgxness
-                    ? `OpenCode ${contract.action} reinstall plan is available; confirmed apply overwrites VGXNESS entries only, preserves unrelated config, and creates managed backups for existing targets.`
-                    : `OpenCode ${contract.action} plan is available for external application; confirmed merges create managed VGXNESS backups.`
+                    ? `OpenCode ${contract.action} reinstall plan is available; confirmed apply overwrites VGXNESS entries only, preserves unrelated config, sets top-level permission.bash=ask and manager bash=allow, and creates managed backups for existing targets.`
+                    : `OpenCode ${contract.action} plan is available for external application; confirmed applies mcp.vgxness, top-level permission.bash=ask, and manager bash=allow, and creates managed VGXNESS backups when merging.`
                 : contract.message,
             ...(targetPath !== undefined ? { targetPath } : {}),
             warnings: contract.warnings,
@@ -122,7 +122,7 @@ function openCodePlanPreview(visibility, plan) {
             targetPath: source.targetPath,
             backupRequired: source.backupRequired,
             confirmationRequired: Boolean(plan?.actions.some((candidate) => candidate.safety.requiresExplicitConfirmation)),
-            risks: source.overwriteVgxness ? overwriteInstallRisks(source.installsAgents) : source.action === 'create' ? createInstallRisks() : mergeInstallRisks(),
+            risks: [...(source.overwriteVgxness ? overwriteInstallRisks(source.installsAgents) : source.action === 'create' ? createInstallRisks() : mergeInstallRisks()), ...bashPermissionRisks(source.bashPermissionPolicy)],
             warnings: source.warnings,
         };
     }
@@ -154,6 +154,11 @@ function overwriteInstallRisks(installsAgents) {
         'OpenCode must be restarted after external installation before it discovers the updated vgxness MCP server.',
     ];
 }
+function bashPermissionRisks(policy) {
+    return policy.manager === 'allow'
+        ? ['OpenCode top-level permission.bash is set to ask; terminal commands prompt by default, while vgxness-manager allows bash after restart.']
+        : ['OpenCode top-level permission.bash is set to ask.'];
+}
 function refusedRepairRisks(message) {
     return [
         `Install planner refused automatic repair: ${message}`,
@@ -176,8 +181,8 @@ function externalInstallAction(scope, targetPath, overwriteVgxness = false) {
         kind: 'copy-command',
         command: ['vgxness', 'mcp', 'install', 'opencode', '--scope', scope, '--yes', ...(overwriteVgxness ? ['--overwrite-vgxness'] : [])],
         description: overwriteVgxness
-            ? 'Copy and run this outside the TUI only after reviewing that VGXNESS entries will be overwritten and unrelated config preserved.'
-            : 'Copy and run this outside the TUI only after reviewing the read-only plan.',
+            ? 'Copy and run this outside the TUI only after reviewing that VGXNESS entries will be overwritten, unrelated config preserved, top-level bash prompts, and manager bash is allowed.'
+            : 'Copy and run this outside the TUI only after reviewing the read-only plan and scoped bash permission behavior.',
         safety: externalProviderWriteSafety(targetPath),
     };
 }

package/dist/setup/setup-plan.js

@@ -131,6 +131,7 @@ function setupPlanFromOpenCode(input) {
                 installsAgents: input.opencode.installsAgents,
                 agentNames: input.opencode.agentNames,
                 ...(input.opencode.overwriteVgxness ? { overwriteVgxness: true } : {}),
+                bashPermissionPolicy: input.opencode.bashPermissionPolicy,
             },
             actions: [],
             conflicts: [
@@ -158,11 +159,12 @@ function setupPlanFromOpenCode(input) {
             installsAgents: input.opencode.installsAgents,
             agentNames: input.opencode.agentNames,
             ...(input.opencode.overwriteVgxness ? { overwriteVgxness: true } : {}),
+            bashPermissionPolicy: input.opencode.bashPermissionPolicy,
         },
         actions: [
             {
                 id: `opencode-${input.opencode.action}`,
-                description: `${input.opencode.overwriteVgxness ? 'Reinstall/overwrite VGXNESS entries in' : input.opencode.action === 'create' ? 'Create' : 'Merge'} OpenCode config with mcp.vgxness using vgxness mcp start${input.installMode === 'mcp-plus-agents' ? ' and manager/SDD agents' : ''}${input.opencode.overwriteVgxness ? '; unrelated OpenCode config is preserved' : ''}.`,
+                description: `${input.opencode.overwriteVgxness ? 'Reinstall/overwrite VGXNESS entries in' : input.opencode.action === 'create' ? 'Create' : 'Merge'} OpenCode config with mcp.vgxness using vgxness mcp start${input.installMode === 'mcp-plus-agents' ? ' and manager/SDD agents' : ''}${input.opencode.overwriteVgxness ? '; unrelated OpenCode config is preserved' : ''}${bashPermissionDescription(input.opencode.bashPermissionPolicy)}.`,
                 mutating: false,
                 targetPath: input.opencode.targetPath,
                 backupRequired: input.opencode.backupRequired,
@@ -182,6 +184,9 @@ function setupPlanFromOpenCode(input) {
         nextCommands: ['vgxness setup apply --yes', 'vgxness doctor', 'Restart OpenCode and verify the vgxness MCP server is visible.'],
     };
 }
+function bashPermissionDescription(policy) {
+    return policy.manager === 'allow' ? '; sets top-level permission.bash to ask and manager bash to allow' : '; sets top-level permission.bash to ask';
+}
 function resolveSetupDatabase(input) {
     if (input.mode === 'global') {
         const resolved = resolveMemoryDatabasePath({ cwd: input.workspaceRoot, env: input.env });

package/docs/cli.md

@@ -70,7 +70,9 @@ Daily SDD phase progression is OpenCode-first: talk to OpenCode with the VGXNESS
 
 `setup plan`, `setup status`, and non-TTY `init` planning do not write provider config. Local VGXNESS store initialization may occur when the selected SQLite store is needed. They are human-readable by default; pass `--json` when you need parseable automation output. With the default global database, the OpenCode MCP command is `vgxness mcp start`; for custom/project-local DBs it includes `--db <path>`. The default OpenCode target is `$HOME/.config/opencode/opencode.json`; pass `--scope project` to opt into `<workspace>/.opencode/opencode.json`. `setup apply --yes` is the explicit OpenCode provider-config write path. `setup rollback --backup <path>` validates a VGXNESS/OpenCode backup such as `opencode.json.backup-<timestamp>`, creates a pre-rollback backup of the current target when present, restores the selected backup byte-for-byte, and recommends `vgxness doctor`.
 
-`vgxness init` prompts in English when stdin/stdout are TTYs: project name, DB location, provider, OpenCode scope, install mode, then shows the plan and asks `Apply this setup? Type "yes" to continue:`. Any answer other than `yes` exits successfully without writes. In CI/non-TTY without `--yes`, `init` returns the read-only plan and never waits for input. `vgxness doctor`, `vgxness sdd status`, `vgxness sdd next`, `vgxness sdd get-artifact`, and `vgxness sdd list-artifacts` are also human-readable by default; use `--json` for scripts.
+`vgxness init` prompts in English when stdin/stdout are TTYs: project name, DB location, provider, OpenCode scope, install mode, then shows the plan and asks `Apply this setup? Type "yes" to continue:`. Any answer other than `yes` exits successfully without writes. In CI/non-TTY without `--yes`, `init` returns the read-only plan and never waits for input. `vgxness doctor`, `vgxness sdd status`, `vgxness sdd next`, `vgxness sdd cockpit`, `vgxness sdd get-artifact`, and `vgxness sdd list-artifacts` are also human-readable by default; use `--json` for scripts.
+
+`vgxness sdd cockpit --json` returns the same additive compatibility shape as the MCP cockpit: all existing raw `SddCockpit` top-level fields remain present, with an additional top-level `readModel`. The cockpit is read-only and metadata-only: it does not include artifact bodies, infer acceptance from artifact presence, advance phases, execute acceptance, call providers, or write provider config. Text output renders from read-model concepts such as next action, phase metadata, blockers, guidance, and `Content included: no`.
 
 ## Daily workflow front doors
 

package/docs/mcp.md

@@ -25,7 +25,7 @@ All tools:
 | `vgxness_sdd_reopen_artifact` | Move a rejected artifact back to draft for revision. | `project`, `change`, `phase`, `reopenedBy` (`{type:"human", id, displayName?}`); optional `reopenedAt`, `note`, `runId`, `agentId` | Human-only recovery path. Does not imply acceptance or bypass downstream gates. |
 | `vgxness_sdd_get_artifact` | Read one full artifact. | `project`, `change`, `phase`; optional `payloadMode` (`compact`/`verbose`) | |
 | `vgxness_sdd_list_artifacts` | List all artifacts for a change in canonical phase order. | `project`, `change`; optional `payloadMode` | |
-| `vgxness_sdd_cockpit` | Aggregate per-phase status, blockers, and recommended next action. | `project`, `change` | Returns `SddCockpit` with `aggregateBlockers` of kinds `missing-topic-key`, `unaccepted-phase`, `legacy-artifact`, `readiness`. |
+| `vgxness_sdd_cockpit` | Aggregate per-phase status, blockers, and recommended next action. | `project`, `change` | Returns the raw `SddCockpit` compatibility fields plus additive top-level `readModel`. The response is read-only and metadata-only: no artifact bodies, no phase advancement, no provider/config writes. `readModel.contentIncluded` is always `false`; accepted means explicit human acceptance, not artifact presence. |
 | `vgxness_governance_report` | Build a redacted governance report for a project/change/run. | `project`; optional `change`, `runId`, `workflow`, `phase`, `agentId`, `agent` (with `id`, `name`, `mode`, `scope`), `payloadMode` | See [Safety model](./safety.md) for redaction rules. |
 
 ## Memory (4)
@@ -114,7 +114,7 @@ vgxness_sdd_continue   { project: "vgxness", change: "new-flow" }
 vgxness_sdd_get_readiness { project: "vgxness", change: "new-flow", phase: "proposal" }
 ```
 
-The cockpit returns `aggregateBlockers`; if any are `unaccepted-phase`, the agent should not run the next phase until a human accepts the prerequisite. `vgxness_sdd_continue` uses the same SDD state to explain how to continue; it is advisory only.
+The cockpit preserves raw `SddCockpit` fields such as `phases`, `artifacts`, `aggregateBlockers`, and `inspectCommand`, and also adds `readModel` for stable UI/MCP consumption. Both raw artifact summaries and `readModel.phases[].artifact` omit artifact bodies. If any raw blocker is `unaccepted-phase`, or any read-model phase has `acceptance.acceptedByHuman: false`, do not treat the prerequisite as accepted merely because an artifact exists. `vgxness_sdd_continue` uses the same SDD state to explain how to continue; it is advisory only.
 
 Recording a phase with explicit human acceptance:
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vgxness",
-  "version": "1.9.4",
+  "version": "1.9.6",
   "description": "CLI and MCP control plane for guided AI-agent workflows, SDD, memory, and OpenCode setup.",
   "license": "SEE LICENSE IN LICENSE",
   "repository": {