SEIF
Reference

CLI reference

Complete command and flag reference for the SEIF CLI, generated from the binary's command tree.

Generated page. Do not edit by hand — built from the SEIF CLI command tree by scripts/sync-docs.mjs and refreshed when main is updated.

Auto-generated from the registered Cobra tree. Regenerate:

go run ./tools/generate_cli_reference --commands-only docs/reference/commands.md
CommandSummary
admin auditAudit workspace .seif/ integrity (read-only)
admin circuitCircuit heartbeat/liveness — use seif daemon (circuit capability) + engine /v1/inbox
admin client addRegister (or override) a client
admin client listList registered clients
admin client parityReport cross-client SEIF integration parity (read-only)
admin client removeRemove a registered client
admin client set-defaultMark a registered client as THE default
admin cycle audit-coherenceReport cycle-internal coherence (parent refs + per-track OPEN lock)
admin cycle closeSeal the open cycle + clear the host pointer [free]
admin cycle gc(moved) garbage-collect stale OPEN cycles — use seif gov cycle gc
admin cycle listList cycles in .seif/cycles/ (filter with --status)
admin cycle openOpen a new cycle + bind the host pointer [free]
admin cycle seal(moved) seal a cycle — use seif gov cycle close
admin cycle sealed-listList sealed cycles (alias for list --status sealed)
admin cycle statusShow the active cycle from the per-workspace active-cycle pointer
admin cycle verify(no crypto verify exists for cycles) use seif admin cycle audit-coherence
admin hooksHook installation — both surfaces are native: seif setup <adapter> (AI) / seif setup git-hooks (git)
admin parityCLI × MCP × hooks parity matrix (read-only inventory)
admin proxyLocal-LLM (Ollama) proxy — native home pending (not a daemon capability)
admin seed amend(moved) append to a seed's _amendments[] — use seif gov amend
admin seed consume(deprecated) → seif gov seed consume
admin seed create(moved) create a seed — use seif gov seed create
admin seed list(deprecated) → seif gov seed list
admin session convert-extRename envelope-bearing session-.json → session-.seif (dry-run default)
admin session gcInventory (dry-run) or archive legacy template-only session records
admin watchFile vigilant/watcher — engine-hosted; native register surface pending
artifact formatCanonicalize .seif envelope (sorted JSON body, standard frontmatter order)
audit-coherenceReport workspace coherence (free local; --signed = engine-mediated paid envelope)
audit-cross-refsAudit decision↔cycle edge integrity (c260 D8): cycle_ref ↔ cycle.decisions[]
audit-disciplineReport observed Write/Edit on reserved .seif/ subdirs (s83 t3 audit log)
audit-layoutAudit per-role canonical filesystem layout for this host
claim acquireMint a claim record under .seif/claims/active/
claim checkCheck a path against active claims (informational; exit 3 on conflict)
claim listList active (default), released, or all claims
claim overrideRecord a human override for a conflicting claim (does NOT release it)
claim releaseMove an active claim to released/
claim showPrint a claim record (active or released) as JSON
claim sweepRelease stale claims (TTL expired or holder PID gone)
claim validateValidate a claim record file against SEIF-CLAIM-v1
classifyClassify content sensitivity (PUBLIC | INTERNAL | CONFIDENTIAL)
cloneClone a workspace's remote HEAD into a new directory [PAID]
compressCompress a source project into a code_topology SEIF module
config getPrint value at key
config listShow all keys and values
config setWrite value at key
confirm-actionPre-action human gate for hookless AI clients (exit 0/1/2) [free, local]
container bootstrapScaffold an envelope-native SEIF container (no Python required)
container-acknowledgeClear container-dirty.seif after reviewing local changes
context absorbAbsorb a directory into a SEIF-KNOWLEDGE-v1 unit
context bootstrapPrint the verified constitutional core (grounding + axioms) from the embedded kernel
context queryLexical pre-filter over structural chunks (dogfood --refs for hybrid C)
context reindexRegister forward orphan .seif artifacts in mapper.json (one-shot K4 migration)
context retrieveOrchestrator retrieval loop (local refs → engine slices)
context sowPlant a garden's structural roots: conduct roots + the coherence layer
context syncRe-extract git context into .seif/projects//project.seif
contributeCapture a signal: classify + sign stdin, append to .seif/contributions/.jsonl
daemon adopt-legacyRe-home legacy launchd seif daemons as capability legs (dry-run; --apply; stays PAUSED)
daemon clear-commandRemove a capability's leg (revert to pure toggle)
daemon disableDisable a capability (record --reason)
daemon downStop a running daemon (or reap a stale socket)
daemon enableEnable a capability
daemon publishPublish a real-time event to the daemon bus (R2)
daemon set-commandDeclare the leg command the daemon runs for a capability
daemon statusShow capability toggle state + daemon liveness
daemon subscribeStream real-time events for a topic (R2)
daemon upLazily spawn the daemon host process
debateMulti-AI debate: ask several models, measure agreement, synthesize [free, local]
diffCompare two SEIF artifact-local refs (free, local)
doctorDiagnose workspace + runtime install health — one read-only report [free, local]
embed verifyVerify an embedded C2PA manifest (signature + hard binding)
extractExtract knowledge from files/dirs into a SEIF module
gate checkRun a discipline gate check on stdin JSON or an explicit command
gate classifyClassify a file's sensitivity tier; --strict applies sensitivity-based escalation
gate emit-blockPrint the canonical block message for a reserved .seif// and exit 2
gate qualityMeasure text quality natively, or blend caller-supplied scores [free tier]
gov amendAppend an _amendments[] entry to a SEIF JSON artifact (append-only, no re-sign) [free]
gov cycle closeSeal the open cycle + clear the host pointer [free]
gov cycle close-ritualRun the full 7-step closure ritual locally [free]: checkpoint→audit→quality→meditate→absorb→seal →seed
gov cycle decision-addBind a decision to a cycle: cycle.decisions[] += id + decision.cycle_ref (D8) [free]
gov cycle gcGarbage-collect stale OPEN cycles (dry-run by default) [free]
gov cycle listList cycles in .seif/cycles/ (alias for seif admin cycle list; filter with --status)
gov cycle openOpen a new cycle + bind the host pointer [free]
gov cycle set-manifestUpdate OPEN cycle title, vision, branches [free]
gov decision createCreate a SEIF-DECISION-v1 module skeleton [free]
gov decision promote-retroactiveRetroactively derive decisions for a curated top-N backlog of memos (D4) [free]
gov invariant addAppend a new invariant to the PIR [free]
gov invariant amendAppend an append-only _amendments[] entry scoped to an invariant [free]
gov memo classifyClassify a memo as load-bearing or not (decision-required gate) [free]
gov memo coherence-registerCreate/refresh a memo's coherence node WITHOUT rewriting the .md [free]
gov memo newWrite a new design memo + register its coherence node [free]
gov memo ratifyRatify a memo in one step: flip status to RATIFIED + derive its decision [free]
gov memo updateRewrite an existing memo + optionally update its coherence node [free]
gov memory addCreate a memory (.md + MEMORY.md pointer) locally [free tier]
gov memory auditAudit .seif/memory/ ↔ MEMORY.md integrity
gov memory audit-lifecycleReport memory lifecycle operations from audit log
gov memory deleteHard-delete a memory with conjugate-pair confirmation [gated]
gov memory flagFlag a memory for accelerated decay [architect]
gov memory purge approveApprove a pending purge request
gov memory purge executeExecute purge after cooling + approvals
gov memory purge statusShow pending purge request status
gov memory removeDeprecate a memory (reversible; file kept) [free]
gov memory security-purgeImmediate security-exception purge [gated]
gov memory security-ratifyRatify a security-exception purge within 24h
gov memory updateReplace a memory's content + refresh its MEMORY.md pointer [free tier]
gov orchestration initCreate default .seif/orchestration.json when missing
gov orchestration setUpdate registry fields (maestro, dispatch mode)
gov orchestration showShow .seif/orchestration.json
gov pending consumeMark a registered pending module consumed [free]
gov pending consume-pathConsume a pending module by filesystem path [free]
gov pending createCreate a SEIF-PENDING-v1 module skeleton in .seif/modules/pending/ [free]
gov pending listList pending modules (current workspace + owner-targeted) [free]
gov pending quarantineQuarantine a pending module (move to modules/_quarantine/) [free]
gov pending registerRegister a pending module into the global registry [free]
gov seed consumePrint a seed and mark it consumed (writes a .consumed_at sidecar)
gov seed createWrite a new SEIF-SEED-v2 seed file [free]
gov seed listList seeds in .seif/seeds/ (active vs consumed)
gov session closeClose session (deferred — use dev-tool or MCP)
gov session contributeAppend a message to the conversation payload (SEIF-CONVERSATION-v1)
gov session createCreate a SEIF-SESSION-v1 contract (explicit only — not auto-created by hooks)
gov session listList SEIF-SESSION-v1 session-*.{json,seif} files [free]
gov session logPrint the conversation payload (messages + sync points)
gov session sealSeal an ACTIVE/CLOSED session contract → SEALED (≠ close; mirrors --session-seal) [free]
gov session showPrint a session contract [free]
healSelf-heal workspace cycle/session coherence (dry-run by default) [free, local]
howFind the most relevant SEIF verbs for a natural-language intent [free, local]
inbox disableRemove a receptor registration
inbox enableRegister this workspace as an inbox receptor on a named engine
inbox listList all configured receptors (merged view)
inbox statusQuery the engine for pending inbound artifacts addressed to the receptor
ingestAppend external prose into a SEIF-KNOWLEDGE-v1 unit via the native quality gate
initInitialize a SEIF-WORKSPACE-v2 workspace in the current directory
key generateGenerate an Ed25519 signing key under ~/.seif/keys/
key showShow the public key + key path
link addRegister a peer workspace (creates stub import if missing)
link export-listList configured SEIF-LINK exports
link import-pullPull a scoped, read-only export from a linked peer (SEIF-LINK phase B, §7.10)
log getFetch a single transparency-log entry by id
log listList recent transparency-log entries
log pingProbe the configured log endpoint (/healthz)
log verifyIndependently verify an entry's inclusion proof
loginAuthenticate with the SEIF engine and store credentials
logoutClear stored SEIF engine credentials
mcp serveRun the SEIF MCP server over stdio (or Streamable HTTP with --http)
memory proposalsList pending memory proposals awaiting review [free, local]
memory proposePropose a memory for owner review (autonomous-memory curation) [free, local]
memory queryRecall the most relevant memories + absorbed knowledge for a query [free, local]
memory reindexRebuild the derived semantic embedding cache for memory query
memory reviewApprove (absorb) or reject a pending memory proposal [free, local]
memory surfaceEmit capped cross-AI memory bootstrap from .seif/memory/MEMORY.md
objectmodel buildCompute the merkle tree over .seif/ and write the shadow store
objectmodel preflightRun client-side write-path gates (G0, secret-scan, G1, G3)
objectmodel verifyRe-hash the live store and compare to the shadow nucleus
openOpen SEIF Desktop on a workspace (local cockpit)
orchestrate initCreate default orchestration.json if missing
orchestrate statusShow orchestration.json summary
pod add-workspaceAdd a workspace to a pod's composition (D2)
pod bindBind this local workspace to an existing engine pod
pod createCreate a pod on the engine (like gh repo create, but for a pod)
pod listList the pods in your account
pod remove-workspaceRemove a workspace from a pod's composition (D2)
pod showShow one pod by its namespace (user-slug/pod-slug)
publishSign locally and publish to the transparency log (sign → log → verify URL)
pullMaterialize the workspace's remote HEAD into the local .seif/ [PAID]
pushPush .seif/ workspace state to the engine mirror, gated [PAID]
quality-gateScore text quality via the SEIF engine [PAID]
quotaShow current usage, limits, and tier [PAID — engine]
recapWhat you & your AI did — a standup / accountability narrative from the captured record
reconstructMaterialize a historical workspace tree as a hardlink farm
relay assignmentsList ACTIVE handoff assignments (optionally by executor)
relay boardRelay accountability board (SEIF-RELAY-BOARD-v1)
relay briefCreate .seif/relay/brief/.md with a starter template
relay claimClaim ACTIVE ownership of a relay slug for an executor
relay closeTerminally close an assignment (or sweep stale claims)
relay draft publishWrite a draft to the draft/ lane and publish a draft bus event
relay handbackCreate .seif/relay/handback/.md with a starter template
relay handoff initCreate handoff//HANDOFF.md with worktree metadata
relay handoff showPrint path to handoff//HANDOFF.md
relay heartbeatRenew relay claim TTL and update last_activity
relay inboxLeave a durable, append-only note in a peer's relay inbox
relay listList relay artifacts by kind
relay migrate-anonymousClassify or migrate anonymous ACTIVE handoffs
relay nextAtomically claim the oldest queued brief (executor_id: auto)
relay notifyDurable inbox note PLUS a bus pointer to the peer (decide + notify)
relay pathResolve and print the absolute path to a relay artifact
relay pointerPrint a 2-line chat pointer for an existing brief or handback
relay pollSingle-shot filtered relay poll (daemonless tabs)
relay releaseRelease an ACTIVE claim back to the dispatch queue
relay watchWatch relay dirs and stream metadata events as JSONL (foreground)
remote addAdd a remote
remote get-defaultPrint the resolved engine URL and its source
remote listList all remotes (merged view)
remote removeRemove a remote
remote renameRename a remote
remote set-defaultMark a remote as the default for its scope
render cursor-rulesRefresh .cursor/rules/*.mdc from the active SEIF store (one-way)
render pointersRender pointers/*.tmpl to umbrella-root pointer files
render-pointersRender pointers/*.tmpl to umbrella-root pointer files
reportStructured workspace snapshot — identity, pending, cycles, memory, audit, paid counters
runtime attachInjection rank hints for an AI client (claude-code, cursor, …)
runtime healConverge this machine's seif install to doctor-green (binary, PATH, hooks) [free, local]
runtime upIdempotent container runtime bootstrap
secret-scanScan content for secret VALUES (API keys, PATs, PEM private keys, JWTs)
sessionManage sessions (alias: use seif gov session)
setupInstall SEIF runtime integration for an AI client (claude-code, cursor, gemini, grok, generic)
showPrint a historical workspace blob or list its reconstructed tree
signSign an artifact and emit a SEIF evidence frame
stampAnchor a file on Bitcoin via OpenTimestamps (deferred — engine endpoint pending)
startBootstrap a grounded SEIF session and launch your AI client (the maestro)
statusShow workspace status, identity, and counts
store hygieneRun the STORE-v2 retention sweeper (dry-run by default) [free]
store inventorySelf-describe every .seif/ as JSONL (STORE-v2 Fase-0 ritual) [free]
store moveRelocate module artifacts between ratified module dirs (mutates; --dry-run to preview) [free]
stream emitEmit a single event onto the workspace stream
stream followSubscribe to the SSE stream and print events to stdout
syncLocal self-healing maestro — diagnose, plan, and apply store cures [free, local]
tierReport the verification-depth chain for a SEIF artifact
updateUpdate the seif binary in-place from the latest GitHub release [FREE]
verifyVerify a SEIF evidence frame (local file or public engine proof)
verify-pinsAlias for workspace pins verify
watermark embedSign a watermark-embed envelope for a pre-watermarked audio pair
watermark extractLook up the signed envelope for a recovered watermarked audio
workspace bindBind this local workspace to an existing engine workspace
workspace config initCreate default workspace-config.json if missing
workspace config showPrint workspace-config.json
workspace config validateValidate workspace-config.json
workspace createCreate a workspace on the engine
workspace deleteSoft-delete a workspace on the engine (cascade-detaches it from pods) [requires --yes]
workspace listList engine workspaces for the signed-in user
workspace openGenerate and open a multi-root VS Code workspace for the SEIF container
workspace pins repinRe-pin members to origin/main (writes container-dirty.seif)
workspace pins verifyCompare member HEAD vs pin_commit
workspace profile applyMerge profiles/.json into workspace-config.json
workspace remote-configShow the engine (cloud) workspace config — type, store_profile, visibility, ceiling (D6)
workspace repairRepair the container marker + .seif/config.json protocol defaults [free]
workspace set-classification-ceilingSet the workspace classification ceiling
workspace set-store-profileSet the engine store_profile
workspace set-typeSet the engine workspace_type (D1)
workspace set-visibilitySet workspace visibility — private (default) or public (D5)
worktree creategit worktree add + write .seif-pointer.json at birth
wrapper antigravity post-tool-usePostToolUse hook: advisory (always emits {} per the agy contract)
wrapper antigravity pre-invocationPreInvocation hook: inject SEIF grounding/context on the first invocation (reads agy JSON on stdin)
wrapper antigravity pre-tool-usePreToolUse hook: shell + classification gates for .seif/ workspace writes (reads agy JSON on stdin)
wrapper antigravity stopStop hook: session-end closure + CIRCLE auto-sync when fully idle (reads agy JSON on stdin)
wrapper claude-code post-tool-usePostToolUse hook: advisory quality gate over a written file (reads hook JSON on stdin)
wrapper claude-code pre-tool-usePreToolUse hook: shell + classification gates + claim-conflict surface (reads hook JSON on stdin)
wrapper claude-code session-endSessionEnd hook: closure/audit/absorb phases + local CIRCLE git commit (reads hook JSON on stdin)
wrapper claude-code session-startSessionStart hook: emit SEIF context payload (reads hook JSON on stdin)
wrapper claude-code user-prompt-submitUserPromptSubmit hook: lazy session materialization on first human prompt (reads hook JSON on stdin)
wrapper cursor before-file-editbeforeFileEdit hook: advisory SEIF-CLAIM conflict notice (reads hook JSON on stdin)
wrapper cursor session-startSessionStart hook: emit additional_context JSON (reads hook JSON on stdin)
wrapper gemini before-toolBeforeTool hook: shell + classification gates for .seif/ workspace writes (reads hook JSON on stdin)
wrapper gemini session-startSessionStart hook: emit SEIF context payload as additionalContext JSON (reads hook JSON on stdin)

Details

admin audit

Audit workspace .seif/ integrity (read-only)

audit walks .seif/{cycles,seeds,modules} in the given workspace, parses each artifact as JSON, and reports counts + any parse failures.

This is a Wave-6 light audit. Heavier modes (host-discipline, canonical-layout, integrity-signature verification, cross-file reference validation) are implemented in the Python seif CLI's --audit-* family and are not yet ported to Go.

Exit codes: 0 clean (all files parsed) 1 partial (one or more parse failures) — see Report.parse_errors 2 workspace has no .seif/ directory

FlagShorthandDefaultDescription
--jsonfalseEmit structured JSON report instead of human-readable text
--workspaceWorkspace root directory (default: current working directory)

admin circuit

Circuit heartbeat/liveness — use seif daemon (circuit capability) + engine /v1/inbox

admin client add

Register (or override) a client

add registers a client. When --adapter is omitted it is inferred from the bin basename (claude→claude-code, gemini→gemini, agy/antigravity→antigravity). No confident match → error listing the available adapters (register explicitly with --adapter raw for a launch-only wrapper). raw is never auto-selected and cannot be the default.

FlagShorthandDefaultDescription
--adapterAdapter id (claude-code | gemini | antigravity | raw); inferred from --bin when omitted
--binLaunch binary: a PATH name or an absolute path
--defaultfalseMake this the default client seif start launches
--nameClient name (free label; identity for re-add/override)

admin client list

List registered clients

FlagShorthandDefaultDescription
--jsonfalseEmit structured JSON instead of a table

admin client parity

Report cross-client SEIF integration parity (read-only)

parity renders the SEIF client capability matrix as a measured parity report: one row per client, a ✓/◑/✗ per canonical lifecycle event (session-start, user-prompt-submit, pre-tool, post-tool, session-end), the integration channel + grounding delivery, and a trailing parity percentage.

claude-code is the 100% reference. Weighting: Full=1.0, Partial=0.5, Advisory=0.25, Absent=0; Pct = weighted / 5 canonical events.

This is read-only — it inspects the static capability matrix and changes no installer or hook behavior.

seif admin client parity # full matrix, human table seif admin client parity --json # machine-readable matrix + scores seif admin client parity --client gemini # one client

FlagShorthandDefaultDescription
--clientReport a single client by id (default: all)
--jsonfalseEmit the capability matrix + parity scores as JSON

admin client remove

Remove a registered client

admin client set-default

Mark a registered client as THE default

admin cycle audit-coherence

Report cycle-internal coherence (parent refs + per-track OPEN lock)

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--verbosefalseInclude suppressed D-2 lineage gaps (INFO) in text output
--workspaceWorkspace root (default: cwd)

admin cycle close

Seal the open cycle + clear the host pointer [free]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--trackTrack id (default: $SEIF_TRACK or 'default')
--workspaceWorkspace root (default: cwd, honoring .seif-pointer.json)

admin cycle gc

(moved) garbage-collect stale OPEN cycles — use seif gov cycle gc

admin cycle list

List cycles in .seif/cycles/ (filter with --status)

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--statusallFilter: open|sealed|archived|all
--trackFilter to cycles on this track (default: all tracks)
--workspaceWorkspace root (default: cwd)

admin cycle open

Open a new cycle + bind the host pointer [free]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--parentparent_cycle id (default: latest sealed cycle)
--trackTrack id (default: $SEIF_TRACK or 'default')
--workspaceWorkspace root (default: cwd, honoring .seif-pointer.json)

admin cycle seal

(moved) seal a cycle — use seif gov cycle close

admin cycle sealed-list

List sealed cycles (alias for list --status sealed)

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

admin cycle status

Show the active cycle from the per-workspace active-cycle pointer

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--trackTrack id for the active-cycle pointer (default: /.seif/active-cycle.json)
--workspaceWorkspace root (default: cwd)

admin cycle verify

(no crypto verify exists for cycles) use seif admin cycle audit-coherence

admin hooks

Hook installation — both surfaces are native: seif setup <adapter> (AI) / seif setup git-hooks (git)

admin parity

CLI × MCP × hooks parity matrix (read-only inventory)

parity walks the Cobra command tree, MCP tool registry, and embedded hook assets to emit a capability × surface matrix (CLI / MCP / Claude Code / Cursor / Generic).

Use --markdown to print the matrix or --output to write docs/PARITY.md. Use --check to verify the committed matrix matches live registries (exit 1 on drift).

This is admin maintenance tooling — not part of the public stable CLI surface.

FlagShorthandDefaultDescription
--checkfalseExit 1 if output would differ from --output file
--markdownfalseEmit markdown matrix to stdout (default when no --output)
--outputWrite markdown matrix to file (e.g. docs/PARITY.md)

admin proxy

Local-LLM (Ollama) proxy — native home pending (not a daemon capability)

admin seed amend

(moved) append to a seed's _amendments[] — use seif gov amend

admin seed consume

(deprecated) → seif gov seed consume

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

admin seed create

(moved) create a seed — use seif gov seed create

admin seed list

(deprecated) → seif gov seed list

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

admin session convert-ext

Rename envelope-bearing session-.json → session-.seif (dry-run default)

convert-ext scans session-*.json and classifies each file:

envelope — SEIF-ENVELOPE-v1 content; rename candidate (--apply) raw_json — plain JSON legacy record; NOT converted (GC path, separate pending) skip_* — already .seif, missing, or target exists

Default = dry-run inventory. --apply git-style renames envelope files only (content untouched) and appends a JSONL manifest under .seif/sessions/.convert-ext-archive//. Idempotent.

FlagShorthandDefaultDescription
--applyfalseRename envelope session-.json → session-.seif (owner-gated; default dry-run)
--jsonfalseEmit structured JSON report
--manifest-dirManifest directory (--apply; default .seif/sessions/.convert-ext-archive//)
--workspaceWorkspace root (default: cwd)

admin session gc

Inventory (dry-run) or archive legacy template-only session records

gc scans .seif/sessions/session-*.{json,seif} using the c282 dual-parser and classifies each record:

template_only — eager-era writeSessionContract pollution, zero contributions dup_redundant — redundant numbered copy in a session_id dup group real — conversation payload or non-skeleton closure substance protected — keep-since cutoff, open-cycle reference, or post-lazy record unparseable — reported, never moved silently named_record — *.seif named records (report only)

Default = dry-run. --apply moves template_only + dup_redundant to --archive-dir and reconciles mapper.json session_count in the same run.

FlagShorthandDefaultDescription
--applyfalseMove candidates to archive dir (owner-gated; default dry-run)
--archive-dirArchive destination (--apply; default .seif/sessions/.gc-archive//)
--jsonfalseEmit structured JSON inventory
--keep-since2026-06-03Protect records with started_at on/after this date (YYYY-MM-DD)
--workspaceWorkspace root (default: cwd)

admin watch

File vigilant/watcher — engine-hosted; native register surface pending

artifact format

Canonicalize .seif envelope (sorted JSON body, standard frontmatter order)

FlagShorthandDefaultDescription
--jsonfalseEmit JSON result

audit-coherence

Report workspace coherence (free local; --signed = engine-mediated paid envelope)

audit-coherence — fsck for AI artifacts.

Phase A (free, local): --scope=workspace (default) reports cycle-internal coherence over .seif/cycles/ — multiple OPEN cycles on the same track and parent_cycle refs that do not resolve to a known cycle_id.

Phase B (engine-mediated, paid): --signed POSTs the audit to the engine, which re-runs the audit, signs the result with its Ed25519 key, and writes an entry to the transparency log. Use --verify-trail to verify the trust chain offline: depth-2 (engine_signature over the report body) and depth-3 (RFC-6962 inclusion proof fetched from the transparency log + Ed25519 STH signature over the reconstructed tree root). Use --output FILE.seif to render the result as a SEIF-ENVELOPE-v1 archival artifact.

Auth (priority): --token VALUE | --token-file PATH | SEIFENGINETOKENEngineURL(priority):engineurlURLSEIF_ENGINE_TOKEN Engine URL (priority): --engine-url URL | SEIF_ENGINE_URL | https://api.seifprotocol.com Log URL (priority): --log-url URL | SEIFLOGURLhttps://log.seifprotocol.comWorkspaceID(priority):workspaceidIDSEIF_LOG_URL | https://log.seifprotocol.com Workspace ID (priority): --workspace-id ID | SEIF_WORKSPACE_ID Engine pubkey (priority): --engine-pubkey-file PATH | $SEIF_ENGINE_PUBKEY | ~/.seif/keys/engine_pubkey

Memo↔PIR corpus audit (free, local): --scope=memo — audit the whole design-memo corpus against the Product Invariant Registry + coherence-graph (.seif/coherence/): missing-grounding, dangling-ref, superseded-ref [HIGH], stale-grounding, invariant-source-integrity, assertion-guard [REVIEW], and decision↔cycle symmetry. Exits non-zero on HIGH. --scope=memo: — same audit, findings filtered to that memo's subject.

Still deferred (not yet implemented): --scope=cycle: — single-cycle filter. Not yet implemented.

The same audit is also exposed at 'seif admin cycle audit-coherence' for back-compat; both verbs share the same implementation.

FlagShorthandDefaultDescription
--audit-coherence-strictfalseStrict policy: promote decision-cycle-asymmetry MEDIUM→HIGH so it fails the gate (default MEDIUM, phased-rollout; --scope=memo only)
--ceilingINTERNALClassification ceiling: PUBLIC | INTERNAL | CONFIDENTIAL
--engine-pubkey-filePath to engine pubkey file (overrides $SEIF_ENGINE_PUBKEY and ~/.seif/keys/engine_pubkey)
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--include-supporting-evidencetrueInclude memo/pir/graph hashes in the engine response
--jsonfalseEmit JSON
--log-urlTransparency-log base URL for --verify-trail depth-3 inclusion proof (overrides $SEIF_LOG_URL)
--outputWrite the signed envelope to FILE.seif as SEIF-ENVELOPE-v1. Requires --signed.
--scopeworkspaceAudit scope: workspace (cycle-internal) | memo | memo: (memo↔PIR corpus)
--signedfalseFetch engine-signed coherence report via POST /v1/audit-coherence (paid tier)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--verify-trailfalseVerify the engine signature offline (depth-2). Requires --signed.
--workspaceWorkspace root (default: walk up from cwd)
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

audit-cross-refs

Audit decision↔cycle edge integrity (c260 D8): cycle_ref ↔ cycle.decisions[]

audit-cross-refs reports decision↔cycle edge coherence (c260 D8=C):

HIGH dangling-cycle-ref decision.cycle_ref names a cycle that does not exist HIGH dangling-decision-ref cycle.decisions[] names a decision that does not exist HIGH edge-mismatch cycle lists decision D, but D.cycle_ref names another cycle MEDIUM one-sided-d2c decision.cycle_ref=X, but X.decisions[] omits the decision MEDIUM one-sided-c2d cycle lists decision D, but D has no cycle_ref

One-sided edges are repairable with 'seif gov cycle decision-add'. By default only HIGH findings fail the audit; --strict fails on MEDIUM too.

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--strictfalseFail on MEDIUM (one-sided) findings too
--workspaceWorkspace root (default: walk up from cwd)

audit-discipline

Report observed Write/Edit on reserved .seif/ subdirs (s83 t3 audit log)

audit-discipline — retrospective view over .seif/audit/discipline.jsonl.

Reads the runtime observer log (populated by the PreToolUse discipline hook on .seif/{cycles,sessions,seeds,memory,memos,modules,coherence}/**) and reports:

  • per-subdir counts + the seif CLI verb each subdir SHOULD route through;
  • top-N most-rewritten file paths;
  • cross-workspace + shell-bypass + refused (hard-block) + unauthorized_write counters surfaced for forensics.

Read-only: never writes or clears the log. Hard-block enforcement lives in the PreToolUse hook; this verb is for prioritization (which subdirs lack CLI coverage?) and post-hard-block audit.

Parity target: seif-dev --audit-discipline in the Python dev-tool.

FlagShorthandDefaultDescription
--formattextOutput format: text | json
--sinceOnly consider entries on/after this date (YYYY-MM-DD or RFC3339)
--workspaceWorkspace root (default: walk up from cwd)

audit-layout

Audit per-role canonical filesystem layout for this host

audit-layout — per-role canonical filesystem audit.

Loads the embedded SEIF-CANONICAL-NODE-LAYOUT-v1 schema, detects this host's role (via ~/.seif/machine_id::label first, then hostname pattern), and verifies:

  • common_to_all_roles artifacts (CLI symlink, venv, kernel envelope, owner state directory, …)
  • role-specific expected_artifacts (admin volume, install cache, launch agents, …)
  • drift_violations (with severity HIGH/MEDIUM/LOW)
  • forbidden_artifacts (with reason)

Read-only: NEVER mutates the filesystem.

Distinct from audit-host: audit-host audits the 5-layer SEIF init artifact structure inside ~/.seif/. audit-layout audits the per-role canonical layout across the whole machine. They are sibling verbs.

Exit codes (per schema audit_exit_codes): 0 all required artifacts present, no HIGH/MEDIUM drift 1 drift violation(s) detected (any severity), or forbidden artifact 2 required artifact missing (kernel envelope, CLI symlink, owner state) 3 role detection failed (no machine_id::label and no hostname pattern match)

Parity target: seif-dev --audit-layout in the Python dev-tool (seif/src/seif/cli/cli.py:5126).

FlagShorthandDefaultDescription
--formattextOutput format: text | json

claim acquire

Mint a claim record under .seif/claims/active/

FlagShorthandDefaultDescription
--intentShort human-readable intent (mirrored to a8_intent_measurement)
--reposComma-separated repo list (default: workspace dir name)
--scope[]Repeatable: path or glob covered by the claim
--ttl600TTL in seconds (default 600 per Q2-B)

claim check

Check a path against active claims (informational; exit 3 on conflict)

claim list

List active (default), released, or all claims

FlagShorthandDefaultDescription
--all-claimsfalseShow both active and released claims
--releasedfalseShow released claims instead of active

claim override

Record a human override for a conflicting claim (does NOT release it)

FlagShorthandDefaultDescription
--reasonRequired text reason (appended to overrides.jsonl)

claim release

Move an active claim to released/

claim show

Print a claim record (active or released) as JSON

claim sweep

Release stale claims (TTL expired or holder PID gone)

FlagShorthandDefaultDescription
--quietfalseSuppress stdout (session-start reaper path)

claim validate

Validate a claim record file against SEIF-CLAIM-v1

classify

Classify content sensitivity (PUBLIC | INTERNAL | CONFIDENTIAL)

Classify reads (or stdin when given "-"), scans for sensitive markers and keywords, and reports the resulting classification level.

By default, prints only the level (one of PUBLIC, INTERNAL, CONFIDENTIAL). With --json, prints the full reasoning record (level, matched patterns, escalation chain, classifier version).

PUBLIC is never auto-assigned — that classification requires explicit user assertion (this matches the Python reference implementation).

FlagShorthandDefaultDescription
--jsonfalseEmit full reasoning record as JSON instead of just the level

clone

Clone a workspace's remote HEAD into a new directory [PAID]

clone materializes a workspace's current engine HEAD into (a fresh directory). Refuses to overwrite an existing /.seif/ unless --force; to update an existing workspace use seif pull.

Login-required; entries classification-filtered server-side.

FlagShorthandDefaultDescription
--dry-runfalseList what would be materialized without writing files
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--forcefalseOverwrite an existing .seif/ at the destination
--jsonfalseEmit raw JSON output
--remoteNamed remote from seif remote list (alternative to --engine-url)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

compress

Compress a source project into a code_topology SEIF module

compress scans a source project, extracts its semantic topology (imports, functions, types, routes, classification) and writes a compact SEIF-ENVELOPE-v1 module to .seif/projects//code.seif — "webpack for machines": an AI can read the topology instead of every file.

input_kind is code_topology (non-prose), so the quality gate is skipped. The output slug is git-root-aware (--name to override); an existing module from the same source needs --force to overwrite (fails closed in non-interactive mode).

Parser scope: Go + python (regex) + a generic fallback (Rust/Java/Kotlin/ others). JavaScript/Dart and the Python AST path are not yet ported. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)

Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans). Slug derivation (git-root-aware): Slugs combine the git repository basename with the target path so same-named subdirs in different repos stay distinct — e.g. repo-a/docs → repo-a-docs, repo-b/docs → repo-b-docs. Override with --name on any verb.

ingest: --name is required for stdin/raw string sources; file paths derive the slug from the filename when --name is omitted. Image binding (--image): Every knowledge unit belongs to one workspace image (never Pod-global). Resolution order: explicit --image > workspace.seif.json container.name (walk-up from cwd) > git-root basename (standalone). In a multi-image Pod (SEIF_POD_CONTEXT=pod) with no resolvable image, verbs fail closed — pass --image explicitly.

FlagShorthandDefaultDescription
--authorcode-compressorAuthor recorded on the module
--classificationINTERNALClassification ceiling: PUBLIC|INTERNAL|CONFIDENTIAL (files above it are excluded)
--forcefalseOverwrite an existing module from the same source
--imageImage binding for the mapper registration (default: current image from workspace.seif.json)
--max-files0Maximum files to scan (default 500)
--nameSlug override (default: git-root-aware derived slug)
--rootWorkspace root to resolve .seif/ from (default: target's walk-up)
--viaseif-compressTool identifier recorded on the module

config get

Print value at key

config list

Show all keys and values

FlagShorthandDefaultDescription
--jsonfalseEmit list output as JSON

config set

Write value at key

confirm-action

Pre-action human gate for hookless AI clients (exit 0/1/2) [free, local]

confirm-action is the pre-action human gatekeeper for AI clients WITHOUT hooks (Copilot, Cursor, AGENTS.md) — the cross-platform stand-in for the PreToolUse classification gate. A SEIF-aware AI calls it before any destructive operation:

  • Non-interactive (an AI reading stdout): prints AWAITING_HUMAN_CONFIRMATION and exits 2 — the AI MUST stop and surface the block to the human, never proceed.
  • Interactive (a real terminal): prompts y/N — exit 0 approve, 1 deny.

Every call is audit-logged to /.seif/circuit/confirmations.log and, inside a workspace, to .seif/sessions/session--confirmations.log. With --target-path it also warns about active claims held by other sessions. Free and local — no engine.

FlagShorthandDefaultDescription
--actionThe action to confirm (alternative to the positional arg)
--callerWho is requesting (e.g. an AI id or the shim name)
--reasonWhy the action is needed
--target-pathPath the action will write/edit (enables the claim-conflict warning)
--workspaceWorkspace root (default: cwd)

container bootstrap

Scaffold an envelope-native SEIF container (no Python required)

FlagShorthandDefaultDescription
--legacyOptional legacy umbrella to copy memory/memos/seeds from
--targetDestination container root (required)

container-acknowledge

Clear container-dirty.seif after reviewing local changes

context absorb

Absorb a directory into a SEIF-KNOWLEDGE-v1 unit

absorb ingests text-bearing files from [path] (default: cwd) into the local sovereign store as a SEIF-KNOWLEDGE-v1 unit under .seif/knowledge/, registered in the mapper so it is consumable at next session-start.

When [path] is a git repository, project.seif is refreshed first (same as sync). Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)

Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans). Slug derivation (git-root-aware): Slugs combine the git repository basename with the target path so same-named subdirs in different repos stay distinct — e.g. repo-a/docs → repo-a-docs, repo-b/docs → repo-b-docs. Override with --name on any verb.

ingest: --name is required for stdin/raw string sources; file paths derive the slug from the filename when --name is omitted. Image binding (--image): Every knowledge unit belongs to one workspace image (never Pod-global). Resolution order: explicit --image > workspace.seif.json container.name (walk-up from cwd) > git-root basename (standalone). In a multi-image Pod (SEIF_POD_CONTEXT=pod) with no resolvable image, verbs fail closed — pass --image explicitly.

Equivalent to the Python dev-tool's seif-dev --absorb.

FlagShorthandDefaultDescription
--authorseif-absorbAuthor name recorded on absorbed modules
--forcefalseOverwrite an existing module from the same source (required in non-interactive mode)
--imageImage binding for the knowledge unit (default: current image from workspace.seif.json)
--nameSlug override for the absorbed module (default: git-root-aware derived slug)
--rootWorkspace root to resolve .seif/ from (default: cwd walk-up)

context bootstrap

Print the verified constitutional core (grounding + axioms) from the embedded kernel

bootstrap resolves the SEIF constitutional core from the kernel embedded in this binary and verified against its canonical_hash — it does NOT read a file from a private store. Use it on demand AFTER the grounding challenge to load the behavioral axioms; the full human+AI reference is SEIF.md.

seif context bootstrap # human-readable: grounding challenge + axioms seif context bootstrap --json # machine-readable constitution (protocol, axioms, pin)

Drift-immune: a tampered or stale embedded kernel makes the binary refuse to run.

FlagShorthandDefaultDescription
--jsonfalseEmit the constitution as JSON (protocol, pin, axioms)

context query

Lexical pre-filter over structural chunks (dogfood --refs for hybrid C)

query runs the local chunk-ref pre-filter (ChunkFile + lexical rank) over files visible in the workspace under --root (same visibility rules as absorb + CompressProject per the memo §3.1).

It emits unresolved ChunkRefs only: {anchor, path, parent_hash, score}. Never bytes (resolution + CONFIDENTIAL gate is engine/MCP only).

Use --refs --top N for the dogfood JSON output. Pure offline, deterministic, read-only, INV-THIN-CLIENT. Token regex matches absorb scorer (w/ _).

FlagShorthandDefaultDescription
--refsfalseEmit unresolved chunk-refs (anchor+path+parent_hash+score) JSON
--rootWorkspace root to scan for chunks (default: cwd walk-up)
--top10Return at most N refs (0 = all)

context reindex

Register forward orphan .seif artifacts in mapper.json (one-shot K4 migration)

reindex scans the sovereign .seif/ store for consumable SEIF-MODULE and SEIF-KNOWLEDGE artifacts whose on-disk path is absent from mapper.json and registers each via RegisterKnowledge (forward orphan → mapper upsert).

Ghost entries (mapper paths with no on-disk file) are left untouched by default; pass --prune-ghosts to remove them from mapper.json (this is the fix verb for the doctor mapper check). Re-pointing (K5) stays out of scope. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)

Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans).

Default is register-only at the artifact's current path. With --relocate, legacy flat outputs (modules/.seif, extract_.seif, nucleus.seif) are copy-only relocated to .seif/knowledge/.seif with provenance; originals are never deleted (memo §8).

FlagShorthandDefaultDescription
--dry-runfalseList forward orphans and planned actions without writing
--imageImage binding for registered units (default: current image from workspace.seif.json)
--prune-ghostsfalseRemove mapper entries whose on-disk file is missing (ghost entries)
--relocatefalseCopy-only relocate legacy flat artifacts to .seif/knowledge/ with provenance
--rootWorkspace root to resolve .seif/ from (default: cwd walk-up)

context retrieve

Orchestrator retrieval loop (local refs → engine slices)

retrieve runs the token-economy retrieval loop for code/doc lookup:

  1. LOCAL (always): lexical chunk-ref prefilter — anchor/path/score only, never bytes.
  2. ENGINE (unless --refs-only): POST /v1/retrieve-chunks with classification gate; returns resolved byte slices. Fail-soft: ~5s timeout, then degraded local refs.

Workspace ID: --workspace-id, SEIFWORKSPACEID,orenginebindingfromworkspacemarker.EngineURL:engineurlorSEIF_WORKSPACE_ID, or engine binding from workspace marker. Engine URL: --engine-url or SEIF_ENGINE_URL (default http://localhost:7331 for this verb). Auth: --token, --token-file, $SEIF_ENGINE_TOKEN, session token, or ~/.seif/serve_token.

FlagShorthandDefaultDescription
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL; default http://localhost:7331)
--jsonfalseEmit JSON envelope
--max-chars8192Cap total injected bytes from resolved slices
--refs-onlyfalseLocal chunk-refs only (skip engine leg)
--rootWorkspace root to scan (default: cwd walk-up)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--top5Maximum chunk refs / engine top_n
--workspace-idEngine workspace TEXT id (overrides marker/env)

context sow

Plant a garden's structural roots: conduct roots + the coherence layer

sow plants the structural roots a healthy SEIF garden is born with — the same step seif init runs at workspace creation, runnable standalone to equip an existing garden or recover a lost/corrupted store:

  1. Conduct roots → .seif/memory/ — the curated process-feedback memories that bridge the grounding kernel into situated action ("measure the ground truth before hypothesizing", "a merge is not a deploy"). They surface at session_orient like any memory.
  2. Coherence layer → .seif/coherence/ (PIR + graph) + .seif/memos/ — the garden's starter constitution (universal SEIF-governance invariants) so seif gov memo works from day one.

Idempotent and non-destructive: existing conduct roots are left as the garden evolved them, and an existing PIR/graph is NEVER overwritten. --force re-syncs existing CONDUCT ROOTS to canonical content (the coherence layer is never clobbered); --dry-run previews without writing.

FlagShorthandDefaultDescription
--dry-runfalseReport what would be planted without writing
--forcefalseRe-sync existing roots to canonical content (overwrites; default leaves evolved memories untouched)
--rootWorkspace root to resolve .seif/ from (default: cwd walk-up)

context sync

Re-extract git context into .seif/projects//project.seif

sync extracts git metadata (commits, manifest, README, structure) from [path] (default: cwd) and writes a SEIF-MODULE-v1 summary to .seif/projects//project.seif (the repo-local git-context module, single-writer per DESIGN-MEMO-2026-05-30 §2.1). Updates the sovereign mapper.json index when reachable. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)

Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans).

Equivalent to the Python dev-tool's seif-dev --sync.

FlagShorthandDefaultDescription
--authorseif-syncAuthor name recorded on the module
--rootWorkspace root to resolve .seif/ from (default: cwd walk-up)

contribute

Capture a signal: classify + sign stdin, append to .seif/contributions/.jsonl

contribute reads stdin, classifies the content (auto by default), builds a signed SEIF evidence frame, and appends one compact-JSON line to .seif/contributions/.jsonl in the workspace.

No engine call — the contribution lives entirely in the local workspace and is signature-verifiable offline.

Signing key: --key-file or $SEIF_SIGNING_KEY (base64 Ed25519 64-byte secret). Workspace ID: --workspace-id (default "ws_local").

Classification: pass --classification PUBLIC|INTERNAL|CONFIDENTIAL to override the auto-classifier (Wave 4 heuristics). Auto-classification escalates to CONFIDENTIAL when sensitive markers or keywords are present.

FlagShorthandDefaultDescription
--classificationPUBLIC|INTERNAL|CONFIDENTIAL — overrides auto-classification
--jsonfalseEmit result as JSON instead of human-readable text
--key-filePath to base64 Ed25519 secret key file (overrides $SEIF_SIGNING_KEY)
--metadata-fileOptional JSON file with metadata object (default: {})
--workspaceWorkspace root (default: current working directory)
--workspace-idws_localWorkspace identifier recorded in the evidence

daemon adopt-legacy

Re-home legacy launchd seif daemons as capability legs (dry-run; --apply; stays PAUSED)

adopt-legacy scans ~/Library/LaunchAgents for the paused seif coordination daemons and wires each one's EXACT command as the matching capability's leg, so the daemon supervises the existing scripts instead of launchd. It re-homes; it does not reimplement, and it does NOT enable anything — every capability stays PAUSED, so this changes no behavior until you run seif daemon enable <cap>.

Mapped: com.seif.circuitd→circuit, com.seif.claude-responder→responder, com.seif.hub→hub, com.seif.peer-drainer→peer-drainer, com.seif.context-sync→context-sync, (com.)seif.personal-sync→personal-sync. Infra plists (docker, cloudflared, engine, health, …) carry no mapping and are never adopted.

Without --apply this is a DRY-RUN. With --apply the legs are written to daemon.json (still paused).

FlagShorthandDefaultDescription
--applyfalseWrite the wired legs to daemon.json (default is dry-run; capabilities stay PAUSED either way)
--dirlaunchd agents dir to scan (default: ~/Library/LaunchAgents)

daemon clear-command

Remove a capability's leg (revert to pure toggle)

daemon disable

Disable a capability (record --reason)

FlagShorthandDefaultDescription
--reasonOperator note for WHY this capability is paused (recommended)

daemon down

Stop a running daemon (or reap a stale socket)

daemon enable

Enable a capability

daemon publish

Publish a real-time event to the daemon bus (R2)

FlagShorthandDefaultDescription
--messageConvenience: publish {"message":""}
--payloadRaw JSON payload (overrides --message)

daemon set-command

Declare the leg command the daemon runs for a capability

FlagShorthandDefaultDescription
--interval0Seconds between runs (required for --kind periodic)
--kindlong-runningLeg kind: long-running (supervised, crash-restart) or periodic (every --interval)

daemon status

Show capability toggle state + daemon liveness

daemon subscribe

Stream real-time events for a topic (R2)

FlagShorthandDefaultDescription
--count0Exit after receiving N events (0 = stream until interrupted)
--exclude-selffalseDrop events published by THIS host (derives the id from ~/.seif/machine_id)
--exclude-sourceDrop events whose payload from/source identity equals this id (self-echo filter)

daemon up

Lazily spawn the daemon host process

FlagShorthandDefaultDescription
--idle-ttl0Idle self-shutdown window in seconds (0 = default 900s); forwarded to the spawned serve

debate

Multi-AI debate: ask several models, measure agreement, synthesize [free, local]

debate orchestrates a multi-AI consensus over a question using the models you already have — local Ollama, an installed Claude/Gemini CLI, or your own API key (ANTHROPIC_API_KEY / XAI_API_KEY). It is FREE and LOCAL: SEIF never supplies the inference and never gates the feature; you bring your own model access.

Round 1 collects independent answers and measures Jaccard coherence between them. --rounds 2 adds a cross-examination pass (each model critiques the others and refines); --rounds 3 adds a synthesis pass (the dominant voice unifies the debate). Each answer is graded by the native quality gate.

Classification routing protects your data: CONFIDENTIAL forces local Ollama only (nothing leaves the device); SECRET is refused outright.

Examples: seif debate --list seif debate "Should we adopt trunk-based development?" seif debate "design X" --rounds 3 --backends ollama_local,claude_cli seif debate "private notes" --classification CONFIDENTIAL

FlagShorthandDefaultDescription
--absorbfalseWhen consensus is resonant, persist the debate as a .seif knowledge module (becomes memory)
--backendsComma-separated backend filter (default: all detected)
--classificationINTERNALPUBLIC|INTERNAL|CONFIDENTIAL|SECRET (CONFIDENTIAL → local Ollama only)
--jsonfalseEmit JSON
--listfalseList detected backends and exit
--rounds1Debate rounds: 1=independent, 2=+refutation, 3=+synthesis

diff

Compare two SEIF artifact-local refs (free, local)

diff compares two .seif/ artifact refs in ARTIFACT-LOCAL mode (Phase B-early per DESIGN-MEMO-2026-05-26-seif-diff-and-time-trail-log §3).

Refs (Q-DIFF-4 — typed artifacts only): cycle: sealed or open cycle memo: DEFERRED (markdown memos route to git diff for now) pending: pending module (subdir + flat-root shim-aware) decision: ratified decision module

Output formats (Q-DIFF-3): --output unified git-diff-style unified text (default) --output structural-json AI-consumable {added,removed,modified} shape --json emit machine-readable result regardless of --output

Workspace-mode (Phase B-mid — Q-DIFF-2 ratified 2026-05-27): workspace@HEAD current shadow object-model workspace@HEAD~N walk N parents back through delta-log workspace@ 12-hex prefix (>=4) of a recorded rev_id workspace@ newest rev recorded on/before the named date

Not yet shipped: cycle:@ revision-pinning needs object-model wiring

INV-THIN-CLIENT: this verb runs entirely against local .seif/ — zero engine roundtrip, no quota, free tier.

FlagShorthandDefaultDescription
--colorautoColorize unified output: auto|never|always (auto = TTY check)
--context3Unified-diff context lines (default 3)
--jsonfalseEmit JSON result (forces structural shape in the wire format)
--outputunifiedOutput format: unified|structural-json

doctor

Diagnose workspace + runtime install health — one read-only report [free, local]

doctor aggregates the SEIF workspace checks into one read-only report: stale OPEN cycles, orphaned writer sessions (class-c), MEMORY.md index integrity, mapper ghost modules, and active claims — plus the machine RUNTIME checks: PATH seif vs the binary the Claude hooks invoke (shadow install), dead shims (--version probe), binary freshness across installs, and legacy hook entries in ~/.claude/settings.json.

It mutates nothing — each finding points at the verb that fixes it (e.g. seif gov cycle gc, seif heal, seif context reindex --prune-ghosts, seif runtime heal). Runtime install drift is a FAILURE: doctor exits nonzero on it (store-level warnings stay exit 0). Free and local, no engine.

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

embed verify

Verify an embedded C2PA manifest (signature + hard binding)

verify extracts the C2PA manifest from a media file and checks the signature over the claim and the hard-binding hash over the asset bytes. It reports the signer, but does NOT evaluate trust-list membership — a sovereign self-signed key is reported as untrusted, which is expected.

extract

Extract knowledge from files/dirs into a SEIF module

extract scans a file or directory, pulls text / JSON-structure / code-signatures from supported files, classifies them, and writes a SEIF-KNOWLEDGE-v1 unit to .seif/knowledge/.seif, registered in the mapper so it is consumable at next session-start.

input_kind is resolved automatically (knowledge_extraction): prose-dominant input → prose (the native quality gate runs); code-dominant → code_sketch (gate skipped). The output slug is git-root-aware (--name to override); an existing module from the same source needs --force to overwrite.

--classification sets the ceiling: files above it (e.g. CONFIDENTIAL when the ceiling is INTERNAL) are excluded. PDF extraction is not supported. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)

Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans). Slug derivation (git-root-aware): Slugs combine the git repository basename with the target path so same-named subdirs in different repos stay distinct — e.g. repo-a/docs → repo-a-docs, repo-b/docs → repo-b-docs. Override with --name on any verb.

ingest: --name is required for stdin/raw string sources; file paths derive the slug from the filename when --name is omitted. Image binding (--image): Every knowledge unit belongs to one workspace image (never Pod-global). Resolution order: explicit --image > workspace.seif.json container.name (walk-up from cwd) > git-root basename (standalone). In a multi-image Pod (SEIF_POD_CONTEXT=pod) with no resolvable image, verbs fail closed — pass --image explicitly.

FlagShorthandDefaultDescription
--classificationINTERNALClassification ceiling: PUBLIC|INTERNAL|CONFIDENTIAL
--forcefalseOverwrite an existing module from the same source
--imageImage binding for the knowledge unit (default: current image from workspace.seif.json)
--input-kindOverride input_kind (auto|prose|code_sketch|code_topology)
--nameSlug override (default: git-root-aware derived slug)
--no-recursivefalseDo not descend into subdirectories
--rootWorkspace root to resolve .seif/ from (default: target's walk-up)

gate check

Run a discipline gate check on stdin JSON or an explicit command

check is the dispatcher hooks call from PreToolUse. Three modes:

seif gate check --shell --json Reads {tool, path, command} JSON from stdin (Claude Code shape: {tool_name, tool_input: {command|file_path|...}}). Routes to the shell scanner. Emits a JSON decision envelope on stdout. Exit 0 = allow, 2 = deny.

seif gate check --shell Direct invocation for testing / one-off CI checks. Emits the block message on stderr; exit 0/2.

seif gate check --classification --json Same JSON shape but routes to the classification scanner. The hook passes the file_path + content/new_string fields; the scanner dispatches on extension (.py / .md / .json / .ts / .tsx / fallback). Exit 0/2; the reason lands on stderr (text mode) or in user_message/agent_message (JSON mode).

Both modes share the same exit-code contract — 0 allow, 2 deny — so the embedded bash shims can substitute the verb wherever they previously called the Python shell_gate_cli.

FlagShorthandDefaultDescription
--classificationfalseRoute to the classification scanner (Scan)
--file-pathClassification mode: path used for extension dispatch (default: from stdin)
--jsonfalseRead stdin JSON payload and emit JSON decision envelope on stdout
--shellfalseRoute to the shell scanner (CheckShellCommand)

gate classify

Classify a file's sensitivity tier; --strict applies sensitivity-based escalation

classify reports the classification tier (PUBLIC | INTERNAL | CONFIDENTIAL) of a file's contents. By default it prints the base tier (protocol.Classify).

With --strict it applies the strict-mode wrapper (gate.ClassifyStrict): the base verdict escalates one tier when the density of soft-sensitivity signals crosses an internal threshold. Strict mode only ever escalates — never de-escalates, never skips a tier.

FlagShorthandDefaultDescription
--pathPath to the file to classify ("-" for stdin)
--strictfalseApply sensitivity-based strict-mode escalation

gate emit-block

Print the canonical block message for a reserved .seif// and exit 2

emit-block is the Go-side replacement for emit_block.py — the helper classification-gate.sh calls when refusing a raw Write/Edit on a reserved subdir. Prints the per-subdir gov/flag remediation block on stderr, exits 2. Used by the embedded bash shims to drop the Python dependency on the hard-block path. Unknown subdir → generic block message, still exit 2.

gate quality

Measure text quality natively, or blend caller-supplied scores [free tier]

quality computes a score, grade, and status for a piece of text.

With TEXT (positional argument or --text) it MEASURES natively: internal/resonance scores verifiability (stance, 6/9) and coherence (hedging, 3/9) and composes the H(0) blend bit-identically to the Python reference — free and offline, no engine roundtrip.

With --pro, it calls the SEIF engine (POST /v1/quality/assess) to get a signed, logged, and tier-gated verdict with a full component breakdown. Requires Pro tier authentication.

With no text it runs the Wave B Lite arithmetic blend (gate.Assess) over the scores you supply via --stance/--resonance(/--hedging); offline there is no stance breakdown, so flags/suggestions stay empty unless text is measured.

Weights: default two-component (stance 6/9, resonance 3/9). With --three the equal-weights variant (3/9, 3/9, 3/9) blends stance + resonance + hedging.

FlagShorthandDefaultDescription
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--hedging1Hedging score in [0,1] (1 - hedge_density); only used with --three
--jsonfalseEmit QualityVerdict as JSON
--profalseUse SEIF engine for assessment (signed + breakdown; requires Pro)
--resonance0Coherence score in [0,1] (post-normalization); scalar path only
--rolehumanSource role: human | ai
--stance0Stance score in [0,1] (verifiability_ratio); scalar path only
--textText to measure natively (alternative to positional TEXT)
--threefalseUse the three-component equal-weights blend (stance+resonance+hedging)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token

gov amend

Append an _amendments[] entry to a SEIF JSON artifact (append-only, no re-sign) [free]

amend appends a provenance-stamped entry to a SEIF artifact's _amendments[] list — the sanctioned escape hatch for cycles, sessions, seeds, pending modules, and memos that the classification gate blocks from raw edits.

It is APPEND-ONLY: it never re-signs or recomputes the artifact's integrity_hash (amendments are out-of-band by design — they record a change without re-signing a host artifact that may be offline or immutable). Existing key order is preserved; the output matches the Python dev-tool byte-for-byte.

Raw-markdown memos (.md with no JSON body / frontmatter envelope) cannot hold a JSON _amendments[] array, so they are amended by appending a '## _amendments' markdown section (one block per amendment, body above untouched) — the same --entry fields and provenance auto-fields apply.

The entry is a JSON object supplied via --entry (inline) or --entry-file (path, or '-' for stdin). These auto-fields are injected only when absent: id amend-NNN- (override with --id) appended_at current UTC timestamp appended_by --author, else $USER, else "anonymous"

Local-only — free tier.

FlagShorthandDefaultDescription
--authorappended_by value (default: $USER, else anonymous)
--entryInline JSON object for the amendment entry
--entry-filePath to a JSON file with the entry (or '-' for stdin)
--idExplicit amendment id (default: amend-NNN-)
--jsonfalseEmit JSON

gov cycle close

Seal the open cycle + clear the host pointer [free]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--trackTrack id (default: $SEIF_TRACK or 'default')
--workspaceWorkspace root (default: cwd, honoring .seif-pointer.json)

gov cycle close-ritual

Run the full 7-step closure ritual locally [free]: checkpoint→audit→quality→meditate→absorb→seal →seed

close-ritual runs the canonical 7-step closure ritual (CHECKPOINT, AUDIT, QUALITY, MEDITATE, ABSORB, CIRCLE, SEED) for the named cycle, honoring the EXPLICIT + --track. Every step is LOCAL and FREE — no engine, no token — at parity with the Python dev-tool.

QUALITY grades --summary with the CLI's native, language-stable resonance math (stance 6/9 + hedging 3/9, ζ-grounded grades); the engine's fragile multilingual triple-gate is intentionally NOT used. The load-bearing step is CIRCLE (the hardened cycle seal); analytical steps are non-fatal. Use --dry-run to preview.

FlagShorthandDefaultDescription
--authorAuthor attribution for the ritual (CHECKPOINT/SEED)
--dry-runfalsePreview every step without writing anything
--jsonfalseEmit JSON
--seed-session-1SEED target session number (default: next session)
--summaryWork-arc summary (recorded in CHECKPOINT, graded in QUALITY)
--trackTrack id (default: $SEIF_TRACK or 'default')
--workspaceWorkspace root (default: cwd, honoring .seif-pointer.json)

gov cycle decision-add

Bind a decision to a cycle: cycle.decisions[] += id + decision.cycle_ref (D8) [free]

decision-add records the bidirectional decision↔cycle edge (c260 D8=C). It appends the decision's module_id to the cycle's decisions[] list and sets the decision's cycle_ref to the cycle id. Both halves are written so 'seif audit-coherence' (the D8 integrity check) sees a coherent edge. Idempotent: a decision already bound to this cycle is a no-op; binding it to a DIFFERENT cycle is refused.

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd, honoring .seif-pointer.json)

gov cycle gc

Garbage-collect stale OPEN cycles (dry-run by default) [free]

gc finds OPEN cycles that should be archived or swept, and (with --apply) acts on them:

  • leftovers : a -OPEN.seif whose cycle is already SEALED (a stale APFS/sync copy) is SWEPT (removed).
  • variants : a -OPEN-.seif (excluding -OPEN-archived.seif) whose cycle is already SEALED is ARCHIVED to cycles/archive/ (preserves pause-rename state; not unlinked like plain leftovers).
  • stale : a live -OPEN.seif with no SEALED sibling, NOT named by the host active-cycle pointer, older than --threshold-days (default 7), is ARCHIVED (renamed → -OPEN-archived.seif). An unparseable opened_at is treated as stale.

Without --apply this is a DRY-RUN: it reports what WOULD happen and mutates nothing. With --apply it renames/removes the files and appends one JSONL provenance line per action to .seif/audit/cycle_gc.jsonl. Cycle CONTENT is never modified — only whole files are moved/removed.

FlagShorthandDefaultDescription
--applyfalseMutate the filesystem (default is dry-run)
--jsonfalseEmit JSON
--threshold-days7Age (days) past which an unsealed OPEN cycle is a stale candidate
--workspaceWorkspace root (default: cwd, honoring .seif-pointer.json)

gov cycle list

List cycles in .seif/cycles/ (alias for seif admin cycle list; filter with --status)

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--statusallFilter: open|sealed|archived|all
--trackFilter to cycles on this track (default: all tracks)
--workspaceWorkspace root (default: cwd)

gov cycle open

Open a new cycle + bind the host pointer [free]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--parentparent_cycle id (default: latest sealed cycle)
--trackTrack id (default: $SEIF_TRACK or 'default')
--workspaceWorkspace root (default: cwd, honoring .seif-pointer.json)

gov cycle set-manifest

Update OPEN cycle title, vision, branches [free]

set-manifest patches the OPEN cycle manifest (title, vision, branch_add, branch_done).

FlagShorthandDefaultDescription
--branch-add[]Branch "name|status|description" (repeatable; each flag adds one branch)
--branch-doneMark branch DONE by name
--cycleCycle slug (default: OPEN on track)
--titleCycle title
--trackTrack id
--visionCycle vision
--workspaceWorkspace root

gov decision create

Create a SEIF-DECISION-v1 module skeleton [free]

create emits the minimum-viable SEIF-DECISION-v1 skeleton in .seif/modules/decisions/. With --from-memo PATH the decision is derived from a design memo: slug, title, and ratification hash are auto-populated from the memo file and its coherence-graph node. Body fields are appended via 'seif gov amend' entries.

FlagShorthandDefaultDescription
--allow-non-ratifiedfalseWith --from-memo: allow memo status other than RATIFIED (sandbox/testing only).
--classificationINTERNALPUBLIC | INTERNAL | CONFIDENTIAL
--from-memo(c261 IMPL-3, c260 D1=C) Derive decision from a design memo. Auto-fills slug from memo filename and title from memo H1. Memo must be in PROPOSAL or RATIFIED status (gate checks coherence-graph node).
--titleTitle of the decision (mandatory for raw create; auto-derived from memo H1 with --from-memo)
--workspaceWorkspace root (default: walk up to a .seif/modules/; ~/.seif fallback refused)

gov decision promote-retroactive

Retroactively derive decisions for a curated top-N backlog of memos (D4) [free]

promote-retroactive (c264 IMPL-7, c260 D4=B) reads a curated critical-decisions backlog and derives a backing SEIF-DECISION-v1 for every listed memo that does not already have one. The backlog is a JSON file:

{ "entries": [ {"memo_ref": ".seif/memos/DESIGN-MEMO-YYYY-MM-DD-.md", "rationale": "why this is load-bearing", "classification": "INTERNAL", "allow_non_ratified": false} ], "curated_by": "owner+orchestrator", "curated_at": "YYYY-MM-DD" }

Dry-run by default — it prints what WOULD be created. Pass --apply to write the decisions. Entries already covered by an existing decision are skipped.

FlagShorthandDefaultDescription
--allow-non-ratifiedfalseDefault allow-non-ratified for entries that don't set it (sandbox/testing)
--applyfalseWrite the decisions (default: dry-run — print the plan only)
--jsonfalseEmit JSON
--listBacklog JSON path (default: .seif/coherence/critical-decisions-backlog.json)
--workspaceWorkspace root (default: cwd)

gov invariant add

Append a new invariant to the PIR [free]

add appends a new invariant to .seif/coherence/product-invariant-registry.seif.

The id must match INV-* and be unique; --tier must be a member of the registry's tier_priority; --statement is required. Status defaults to STARTER-UNRATIFIED (owner ratification is applied later via 'gov invariant amend' under the owner gate). A provenance entry is appended to _amendments[] (who/when).

FlagShorthandDefaultDescription
--authorappended_by value for the provenance amendment (default: $USER)
--forbids-pattern[]Regex pattern the invariant forbids (repeatable)
--jsonfalseEmit JSON
--notesOptional notes
--source[]Source reference (repeatable: memo/decision/spec paths)
--statementHuman-readable constraint (required)
--statusStatus: STARTER-UNRATIFIED (default) | RATIFIED
--tierTier (must be in registry tier_priority: CONSTITUTION|SECURITY|ARCHITECTURE|DEV-DISCIPLINE)
--workspaceWorkspace root (default: walk up to a .seif/coherence/)

gov invariant amend

Append an append-only _amendments[] entry scoped to an invariant [free]

amend appends a provenance-stamped entry to the PIR's _amendments[] list, scoped to an existing invariant (the entry's "inv" field is set to when absent). It is APPEND-ONLY: it never rewrites an invariant's statement in place (the audit trail is preserved). Mirrors 'gov amend' semantics.

The entry is a JSON object via --entry (inline) or --entry-file (path, or '-' for stdin). Auto-fields id/appended_at/appended_by are injected when absent.

FlagShorthandDefaultDescription
--authorappended_by value (default: $USER, else anonymous)
--entryInline JSON object for the amendment entry
--entry-filePath to a JSON file with the entry (or '-' for stdin)
--idExplicit amendment id (default: amend-NNN-)
--jsonfalseEmit JSON
--workspaceWorkspace root (default: walk up to a .seif/coherence/)

gov memo classify

Classify a memo as load-bearing or not (decision-required gate) [free]

FlagShorthandDefaultDescription
--formattextOutput format: text|json
--workspaceWorkspace root (default: walk up to a .seif/coherence/)

gov memo coherence-register

Create/refresh a memo's coherence node WITHOUT rewriting the .md [free]

coherence-register is the node-only counterpart to new/update: it creates or refreshes the coherence-graph node of an EXISTING memo without requiring --content. Use it for edge/status/note-only changes (which 'update' would force full --content for) and to register a node for a memo that is missing one. --constrained-by (>=1 INV-*) is mandatory only when CREATING a new node.

FlagShorthandDefaultDescription
--constrained-byComma-separated INV-* ids (mandatory to create a node)
--depends-onComma-separated memo/node ids this depends on
--jsonfalseEmit JSON
--noteShort note for the coherence node
--statusPROPOSAL|RATIFIED|ROADMAP|SUPERSEDED|UNKNOWN
--supersedesComma-separated memo names this supersedes
--workspaceWorkspace root (default: walk up to a .seif/coherence/)

gov memo new

Write a new design memo + register its coherence node [free]

FlagShorthandDefaultDescription
--constrained-byComma-separated INV-* ids (mandatory for new)
--contentPath to the memo markdown (or '-' for stdin)
--depends-onComma-separated memo/node ids this depends on
--jsonfalseEmit JSON
--noteShort note for the coherence node
--statusPROPOSAL|RATIFIED|ROADMAP|SUPERSEDED|UNKNOWN (new default: PROPOSAL)
--supersedesComma-separated memo names this supersedes
--workspaceWorkspace root (default: walk up to a .seif/coherence/)

gov memo ratify

Ratify a memo in one step: flip status to RATIFIED + derive its decision [free]

ratify is the one-step path to ratify a design memo. It flips the memo's coherence-graph node to RATIFIED and derives the backing SEIF-DECISION-v1 audit anchor as a single transaction, in the order that avoids the gate deadlock between 'gov decision create --from-memo' (needs RATIFIED) and 'gov memo update --status RATIFIED' (needs a decision). If the decision write fails, the status flip is rolled back. Idempotent: a memo already RATIFIED with a backing decision is a no-op; a RATIFIED memo missing its decision is repaired (decision derived).

FlagShorthandDefaultDescription
--classificationINTERNALClassification for the derived decision: PUBLIC | INTERNAL | CONFIDENTIAL
--jsonfalseEmit JSON
--workspaceWorkspace root (default: walk up to a .seif/coherence/)

gov memo update

Rewrite an existing memo + optionally update its coherence node [free]

FlagShorthandDefaultDescription
--bypass-reasonMandatory non-empty justification when --decision-ratify-bypass is set
--constrained-byComma-separated INV-* ids (mandatory for new)
--contentPath to the memo markdown (or '-' for stdin)
--decision-ratify-bypassfalseWith --status RATIFIED: bypass the decision-file gate (audit-logged; emergencies only)
--depends-onComma-separated memo/node ids this depends on
--jsonfalseEmit JSON
--noteShort note for the coherence node
--statusPROPOSAL|RATIFIED|ROADMAP|SUPERSEDED|UNKNOWN (new default: PROPOSAL)
--supersedesComma-separated memo names this supersedes
--workspaceWorkspace root (default: walk up to a .seif/coherence/)

gov memory add

Create a memory (.md + MEMORY.md pointer) locally [free tier]

Write a new memory file and insert its MEMORY.md pointer alphabetically under the section derived from the frontmatter type:. Local-only — free tier writes memory locally; cloud sync/validation is the paid tier.

FlagShorthandDefaultDescription
--contentPath to memory .md content (full file incl. frontmatter), or '-' for stdin
--descriptionMEMORY.md pointer hook (default: frontmatter description:)
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov memory audit

Audit .seif/memory/ ↔ MEMORY.md integrity

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov memory audit-lifecycle

Report memory lifecycle operations from audit log

Read-only aggregate over .seif/audit/memory-lifecycle.jsonl.

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--sinceFilter entries from date (YYYY-MM-DD) or RFC3339
--workspaceWorkspace root (default: cwd)

gov memory delete

Hard-delete a memory with conjugate-pair confirmation [gated]

DELETE tier (A18): irreversible removal of .md + pointer after a second actor confirms (--conjugate-confirm). Content SHA-256 is recorded in audit. For provenance tombstone use gov memory purge.

FlagShorthandDefaultDescription
--actorActor identity (default: $SEIF_ACTOR or git user.name)
--conjugate-confirmSecond actor (must match conjugate_pair.co_author when enabled)
--jsonfalseEmit JSON
--reasonOptional reason for audit log
--workspaceWorkspace root (default: cwd)

gov memory flag

Flag a memory for accelerated decay [architect]

FLAG tier (A18): apply 2× relevance decay without deleting content. Sets flagged:true in frontmatter and logs to memory-lifecycle audit.

FlagShorthandDefaultDescription
--actorActor identity (default: $SEIF_ACTOR or git user.name)
--jsonfalseEmit JSON
--reasonOptional reason for audit log
--workspaceWorkspace root (default: cwd)

gov memory purge approve

Approve a pending purge request

FlagShorthandDefaultDescription
--actorActor identity (default: $SEIF_ACTOR or git user.name)
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov memory purge execute

Execute purge after cooling + approvals

FlagShorthandDefaultDescription
--actorActor identity (default: $SEIF_ACTOR or git user.name)
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov memory purge status

Show pending purge request status

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov memory remove

Deprecate a memory (reversible; file kept) [free]

DEPRECATE tier (A18): mark .seif/memory/.md deprecated, move its MEMORY.md pointer to ## Deprecated, and append an audit row. The file is NOT deleted — irreversible erasure is gov memory purge (PR-2).

BREAKING: prior releases hard-deleted on remove. Handles canonical (file+pointer), dangling (pointer only), and orphan (file only). --force-noop makes an absent slug a no-op (exit 0). Rate limit: 5/month/actor.

FlagShorthandDefaultDescription
--actorActor identity for audit + rate limit (default: $SEIF_ACTOR or git user.name)
--force-noopfalseTreat an absent slug as a no-op (exit 0) instead of an error — for idempotent cleanups
--jsonfalseEmit JSON
--reasonOptional reason recorded in the lifecycle audit log
--workspaceWorkspace root (default: cwd)

gov memory security-purge

Immediate security-exception purge [gated]

Security exception (A18): declarer ≠ executor, immediate purge + tombstone, must be ratified by a second party within 24h via security-ratify.

FlagShorthandDefaultDescription
--declarerActor declaring the leak (required)
--executorActor executing purge (required; must differ from declarer)
--jsonfalseEmit JSON
--reasonOptional reason for audit log
--security-leak-typeEnumerated leak type (e.g. credential_exposure)
--workspaceWorkspace root (default: cwd)

gov memory security-ratify

Ratify a security-exception purge within 24h

FlagShorthandDefaultDescription
--actorRatifying actor (must differ from executor)
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov memory update

Replace a memory's content + refresh its MEMORY.md pointer [free tier]

Atomically rewrite an existing memory and refresh its MEMORY.md pointer. Idempotent: identical content + pointer is a no-op.

FlagShorthandDefaultDescription
--contentPath to memory .md content (full file incl. frontmatter), or '-' for stdin
--descriptionMEMORY.md pointer hook (default: frontmatter description:)
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov orchestration init

Create default .seif/orchestration.json when missing

FlagShorthandDefaultDescription
--workspaceWorkspace root (default: walk-up from cwd)

gov orchestration set

Update registry fields (maestro, dispatch mode)

FlagShorthandDefaultDescription
--dispatch-modeSet dispatch.mode (queue|manual)
--maestroSet maestro executor id
--workspaceWorkspace root (default: walk-up from cwd)

gov orchestration show

Show .seif/orchestration.json

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: walk-up from cwd)

gov pending consume

Mark a registered pending module consumed [free]

FlagShorthandDefaultDescription
--consumed-in-cycleRecord which cycle consumed the pending
--jsonfalseEmit JSON

gov pending consume-path

Consume a pending module by filesystem path [free]

consume-path marks a module consumed without requiring a registry entry. Updates the module status in-place (free, local). To also relocate the artifact into the resolved/ dir, run "seif store move" after consuming.

FlagShorthandDefaultDescription
--consumed-in-cycleRecord which cycle consumed the pending
--jsonfalseEmit JSON

gov pending create

Create a SEIF-PENDING-v1 module skeleton in .seif/modules/pending/ [free]

create emits the minimum-viable SEIF-PENDING-v1 skeleton. After creation use 'seif gov pending register ' to index it in the global registry so it surfaces in pending lists.

FlagShorthandDefaultDescription
--categoryCategory label for the pending item (e.g. dev-tool-architecture)
--classificationINTERNALPUBLIC | INTERNAL | CONFIDENTIAL
--severityMEDIUMCRITICAL | HIGH | MEDIUM | LOW
--target-consumerownerowner | next_cycle | vigilant | team
--titleTitle of the pending item (mandatory)

gov pending list

List pending modules (current workspace + owner-targeted) [free]

FlagShorthandDefaultDescription
--all-workspacesfalseList every registered pending, not just current-workspace + owner-targeted
--jsonfalseEmit JSON

gov pending quarantine

Quarantine a pending module (move to modules/_quarantine/) [free]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--quarantine-reasonsupersededHuman-readable reason for quarantine
--superseded-byOptional epic module_id this pending was merged into

gov pending register

Register a pending module into the global registry [free]

register indexes a SEIF-PENDING module file into ~/.seif/registry.json so it surfaces in pending lists. Required module fields: module_id, target_consumer. Visibility is --visibility, else the module's "visibility", else inferred: under ~/.seif → personal; under a workspace .seif/ → team.

Canonical usage: seif gov pending register [--visibility personal|team]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--visibilityOverride visibility tier: personal | team (default: inferred from path/module)

gov seed consume

Print a seed and mark it consumed (writes a .consumed_at sidecar)

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov seed create

Write a new SEIF-SEED-v2 seed file [free]

FlagShorthandDefaultDescription
--content-filePath to a JSON overlay object (user fields win)
--from-cycleparent_cycle_module value
--generatorgenerator field (default: gov seed create user=…)
--jsonfalseEmit JSON
--outputExplicit output path (overrides workspace)
--session-1Target session number (required)
--suffixFilename suffix for multi-agent cycles (e.g. agent-B)
--workspaceWorkspace root (default: walk up to a .seif/)

gov seed list

List seeds in .seif/seeds/ (active vs consumed)

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

gov session close

Close session (deferred — use dev-tool or MCP)

FlagShorthandDefaultDescription
--authorAuthor label
--messagePurpose or contribution text
--workspaceWorkspace root

gov session contribute

Append a message to the conversation payload (SEIF-CONVERSATION-v1)

FlagShorthandDefaultDescription
--actioncontributedMessage action verb
--authorAuthor label
--classificationPayload classification on first contribute (INTERNAL default; CONFIDENTIAL stays host-local)
--messagePurpose or contribution text
--viacliTransport leg: cli|mcp|hub|daemon
--workspaceWorkspace root

gov session create

Create a SEIF-SESSION-v1 contract (explicit only — not auto-created by hooks)

create materializes a session contract on demand. Hooks, session_orient, and ambient MCP calls do NOT create sessions — only this verb (or MCP seif_invoke action=session_create) when an agent or human explicitly requests it.

FlagShorthandDefaultDescription
--authorAuthor label
--jsonfalseEmit JSON
--messagePurpose or contribution text
--workspaceWorkspace root

gov session list

List SEIF-SESSION-v1 session-*.{json,seif} files [free]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root

gov session log

Print the conversation payload (messages + sync points)

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root

gov session seal

Seal an ACTIVE/CLOSED session contract → SEALED (≠ close; mirrors --session-seal) [free]

seal transitions a SEIF-SESSION-v1 contract from ACTIVE or CLOSED to SEALED, stamping sealed_at / sealed_by / host (and closed_at + duration when the record was still ACTIVE). With an explicit session-N it seals that record; with no argument it seals the single ACTIVE/CLOSED record (highest session_number when several qualify). When the tiered layout (sessions/active/) is in use the sealed record is moved to sessions/closed/.

Unlike 'gov session close' (deferred to the engine), seal is a local terminal state-transition on an existing contract — the Go port of 'seif-dev --session-seal'.

FlagShorthandDefaultDescription
--bysealed_by value (default: $USER, else seif-cli)
--jsonfalseEmit JSON
--workspaceWorkspace root

gov session show

Print a session contract [free]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root

heal

Self-heal workspace cycle/session coherence (dry-run by default) [free, local]

heal repairs the class-(c) coherence violation: a SEALED cycle whose declared writer session is still sitting in .seif/sessions/active/. It MOVES that session into .seif/sessions/sealed/<cycle_id>/ — move-not-delete (nothing for a sync to undo), idempotent, and the session body is preserved as audit evidence. Pure local and deterministic: no engine, no model, no token.

Dry-run by default — reports what WOULD be healed. Re-run with --apply to perform the moves (one JSONL provenance line per move under .seif/audit/cycle_heal.jsonl).

FlagShorthandDefaultDescription
--applyfalsePerform the moves (default is dry-run)
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

how

Find the most relevant SEIF verbs for a natural-language intent [free, local]

how ranks the shipped capability catalog by lexical overlap with your intent and returns the top verb-docs (verb · one-line summary · key flags · example).

Offline, free, no classification gate — the long-tail fallback behind the static capability map injected at session start. When a local embedding backend (Ollama) is available it adds a semantic rerank on top of the lexical match; otherwise it stays purely lexical. Use --lexical to force the offline ranker.

Examples: seif how "pick up the next queued task" seif how "devolver trabalho ao orquestrador" --json

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--lexicalfalseForce the offline lexical ranker (skip the semantic rerank)
--top3Maximum number of verb-docs to return

inbox disable

Remove a receptor registration

inbox enable

Register this workspace as an inbox receptor on a named engine

FlagShorthandDefaultDescription
--allow-httpfalseAccept http:// engine URLs (self-host only; default rejects cleartext)
--engine-urlEngine URL the receptor lives on (default: built-in https://api.seifprotocol.com)
--nameReceptor name (default: --workspace-id value)
--workspace-idWorkspace identifier inbound artifacts address (required)

inbox list

List all configured receptors (merged view)

inbox status

Query the engine for pending inbound artifacts addressed to the receptor

FlagShorthandDefaultDescription
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token

ingest

Append external prose into a SEIF-KNOWLEDGE-v1 unit via the native quality gate

ingest reads external text (a file path, a raw string, or "-" for stdin) and contributes it into a SEIF-KNOWLEDGE-v1 unit under .seif/knowledge/.seif as a new hash-chained version (self-bootstrapping the unit if absent).

The native quality gate (6/9 stance + 3/9 coherence) measures the prose and records a quality_assessment on the unit; weak content is contributed with a warning, never blocked. input_kind is always prose — a code_* override is ignored with a warning.

project.seif is the workspace's git-context module and is single-writer (refreshed only by seif context sync); ingest refuses to target it.

This is the OFFLINE deterministic path: it contributes the text as given. AI relevance filtering (extract only what is relevant to this project) routes through the engine and is not part of the free offline core.

Self-bootstrap: if .seif/knowledge/.seif is absent, ingest creates it. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)

Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans). Slug derivation (git-root-aware): Slugs combine the git repository basename with the target path so same-named subdirs in different repos stay distinct — e.g. repo-a/docs → repo-a-docs, repo-b/docs → repo-b-docs. Override with --name on any verb.

ingest: --name is required for stdin/raw string sources; file paths derive the slug from the filename when --name is omitted. Image binding (--image): Every knowledge unit belongs to one workspace image (never Pod-global). Resolution order: explicit --image > workspace.seif.json container.name (walk-up from cwd) > git-root basename (standalone). In a multi-image Pod (SEIF_POD_CONTEXT=pod) with no resolvable image, verbs fail closed — pass --image explicitly.

Equivalent to the Python dev-tool's seif-dev --ingest (no-AI path).

FlagShorthandDefaultDescription
--authoringestAuthor recorded on the contribution
--forcefalseExtend an existing knowledge unit without an interactive prompt (consent for version-chaining)
--imageImage binding for the knowledge unit (default: current image from workspace.seif.json)
--input-kindOverride input_kind (ignored for ingest — always prose)
--nameKnowledge unit slug → .seif/knowledge/.seif (default: derived from a file source)
--projectDEPRECATED — ingest targets a knowledge unit (--name); project.seif is rejected (single-writer)
--rootWorkspace root to resolve .seif/ from (default: cwd walk-up)
--viaingestSource label (e.g. daily, meeting, slack)

init

Initialize a SEIF-WORKSPACE-v2 workspace in the current directory

init scaffolds a SEIF-WORKSPACE-v2 workspace at [path] (default: cwd): workspace.seif.json — container marker (workspace_id, share_allowlist, members) .seif/{memory,modules,cycles,seeds} — sovereign store skeleton .seif/config.json — thin local config

When [path] is inside an existing v2 container, init writes .seif-pointer.json instead of a local scaffold (sub-project membership).

This is the local free-tier workspace — sign and sync work against it immediately once you have an engine token. Next: seif key generate then seif sign <file>.

Use --lite for a minimal SEIF Lite layout (README.md, AGENTS.md, .seif-lite/{BOOT.md,refs.md}, session-log.md, decisions-pending.md) — no kernel, no signing. Upgrade it later with seif workspace upgrade-lite.

FlagShorthandDefaultDescription
--forcefalseProceed even if .seif/ or workspace.seif.json already exists (does not overwrite identity)
--litefalseScaffold a minimal SEIF Lite layout (.seif-lite/) instead of a full workspace
--no-agentsfalseWith --lite: skip writing AGENTS.md
--titleProject title for --lite templates (default: directory name)
--wireAlso wire an AI host so the agent boots SEIF automatically: claude-code|cursor|gemini|grok|generic (bare --wire = claude-code)

key generate

Generate an Ed25519 signing key under ~/.seif/keys/

FlagShorthandDefaultDescription
--forcefalseOverwrite an existing key (WARNING: orphans signatures made with the old key)
--jsonfalseEmit JSON
--outputKey path (default: ~/.seif/keys/signing.key)

key show

Show the public key + key path

FlagShorthandDefaultDescription
--jsonfalseEmit JSON

Register a peer workspace (creates stub import if missing)

List configured SEIF-LINK exports

Pull a scoped, read-only export from a linked peer (SEIF-LINK phase B, §7.10)

import-pull resolves one import binding from orchestration.json against a linked peer and materializes the peer's scoped, ceiling-filtered export subtree READ-ONLY under its mount_as namespace.

Flow (login-required; the engine emits the manifest, the existing pull blob chain writes the blobs from the shared CAS):

  1. POST /v1/workspaces/{id}/links/{peer}/import-pull -> a scoped manifest (conflict:false) or a re-pull conflict report (conflict:true).
  2. clean -> fetch each entry blob, verify its sha, write read-only (0o444) under mount_as (quarantined; never folded into authored content).
  3. conflict-> print the upstream/local divergence and REFUSE (non-zero exit, no write). The owner resolves manually (A26).

The peer and its import bindings come from orchestration.json peers[].imports[]. --from selects the binding by export name; it may be omitted when the peer declares exactly one import.

Auth sources (priority): --token VALUE | --token-file PATH | SEIFENGINETOKEN /.seif/sessiontoken(seiflogin)EngineURL(priority):engineurlURLorchestration.jsonsync.engine.urlSEIF_ENGINE_TOKEN | ~/.seif/session_token (seif login) Engine URL (priority): --engine-url URL | orchestration.json sync.engine.url | SEIF_ENGINE_URL | https://api.seifprotocol.com Importer ID (priority): --workspace-id ID | orchestration.json sync.engine.workspace_id | workspace.seif.json

FlagShorthandDefaultDescription
--engine-urlEngine base URL (overrides orchestration.json / $SEIF_ENGINE_URL)
--fromExport name to import (default: the peer's sole import binding)
--jsonfalseEmit raw JSON output
--peerPeer workspace_id (default: first peer)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspace-idImporter workspace_id (overrides orchestration.json / workspace.seif.json)

log get

Fetch a single transparency-log entry by id

log list

List recent transparency-log entries

FlagShorthandDefaultDescription
--after-idCursor — return entries after this id
--limit20Page size (1..200)

log ping

Probe the configured log endpoint (/healthz)

log verify

Independently verify an entry's inclusion proof

Fetches the entry + the log's public key, then runs the local RFC-6962 inclusion + Ed25519 STH verification (translog.Verify). The engine's "verified" flag is never trusted on its own.

login

Authenticate with the SEIF engine and store credentials

Opens GitHub OAuth against the engine, captures the session token on localhost, and saves it to ~/.seif/session_token (mode 0600).

After login: seif workspace create , then mint an API key at /dashboard/settings (customers) or seif auth api-key create (operators, Python).

FlagShorthandDefaultDescription
--engine-urlEngine base URL (default: $SEIF_ENGINE_URL or api.seifprotocol.com)
--no-browserfalsePrint authorize URL instead of opening a browser
--port0Local OAuth loopback port (default: ephemeral)
--timeout5m0sWait for browser callback

logout

Clear stored SEIF engine credentials

Removes ~/.seif/session_token and ~/.seif/api_key if present.

mcp serve

Run the SEIF MCP server over stdio (or Streamable HTTP with --http)

FlagShorthandDefaultDescription
--engine-urlEngine base URL (default https://api.seifprotocol.com or $SEIF_ENGINE_URL)
--httpServe over Streamable HTTP on this addr (e.g. :7332) instead of stdio — the remote onramp transport; per-request engine token comes from the Authorization header
--log-urlseif-log base URL (default https://log.seifprotocol.com or $SEIF_LOG_URL)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token

memory proposals

List pending memory proposals awaiting review [free, local]

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--workspaceWorkspace root (default: cwd)

memory propose

Propose a memory for owner review (autonomous-memory curation) [free, local]

propose records a candidate memory as PENDING under .seif/proposals/. The owner later runs 'seif memory proposals' to see them and 'seif memory review' to approve (absorb as a real memory) or reject. This is the AI-self-proposes / owner-ratifies loop — free and local, no engine.

FlagShorthandDefaultDescription
--byWho proposed it (e.g. an AI id)
--contentPath to a file with the full memory content
--descriptionOne-line pointer description
--jsonfalseEmit JSON
--nameMemory name/slug (required)
--textInline memory content (alternative to --content)
--workspaceWorkspace root (default: cwd)

memory query

Recall the most relevant memories + absorbed knowledge for a query [free, local]

query ranks your .seif/memory entries AND absorbed knowledge modules (including debates persisted via 'seif debate --absorb') by lexical relevance to the query text. Pure local and offline — no embeddings, no engine, no token.

This is the recall half of autonomous durable memory: the AI absorbs knowledge, it decays over time, and query brings the relevant pieces back.

FlagShorthandDefaultDescription
--embed-modelEmbedding model for --semantic (default: nomic-embed-text, or $SEIF_EMBED_MODEL)
--include-deprecatedfalseInclude deprecated memory entries in ranking
--jsonfalseEmit JSON
--no-knowledgefalseSearch memory entries only (skip knowledge modules)
--semanticfalseBlend local Ollama embeddings into the ranking (falls back to lexical if Ollama is down)
--top5Maximum number of results
--workspaceWorkspace root (default: cwd)

memory reindex

Rebuild the derived semantic embedding cache for memory query

reindex pre-computes Ollama embeddings for all memory (+ knowledge) documents and stores them under .seif/.cache/memory-embeddings/ (rebuildable derived state).

Run when session-start surfaces [MEMORY EMBEDDINGS] STALE or before heavy --semantic query workloads. Requires local Ollama with an embedding model.

FlagShorthandDefaultDescription
--verbosevfalseLog each document to stderr
--workspaceWorkspace root (default: cwd)

memory review

Approve (absorb) or reject a pending memory proposal [free, local]

FlagShorthandDefaultDescription
--approvefalseApprove the proposal (absorb it as a memory)
--jsonfalseEmit JSON
--reasonReason recorded in the history log
--rejectfalseReject the proposal
--workspaceWorkspace root (default: cwd)

memory surface

Emit capped cross-AI memory bootstrap from .seif/memory/MEMORY.md

Emit a capped (budgeted) cross-AI memory bootstrap surface.

This is the Go thin-client implementation of the Python seif-dev --memory-surface. It delivers functional parity for session bootstrap across AI clients without invoking the genesis Python dev-tool at runtime (INV-THIN-CLIENT).

The surface includes:

  • Recent entries (by mtime within --days window) first
  • Full index (alpha) for older entries
  • Integrity note when orphans exist (run seif gov memory audit)
  • Truncation footer with guidance to increase budget

Output formats: text (default, human/MCP-friendly markdown) or json (machine).

Examples: seif memory surface seif memory surface --max-chars 4096 --format json seif memory surface --days 14 --workspace /path/to/workspace

FlagShorthandDefaultDescription
--days0Recent window in days (default: 7, matches Python --memory-surface-days)
--formattextOutput format: text (default) or json (matches Python --memory-surface-format)
--include-deprecatedfalseInclude memories in the ## Deprecated section
--max-chars0Char budget for the surface (default: 8192, matches Python --memory-surface-max-chars)
--workspaceWorkspace root (default: walk-up from cwd; requires .seif/memory/)

objectmodel build

Compute the merkle tree over .seif/ and write the shadow store

objectmodel build — content-addressed merkle build.

Walks /.seif/, hashes each artifact via the parity-locked HashArtifact dispatch (SCOPE_V3 envelopes / SCOPE_V2 JSON dicts / raw blobs), composes the tree-of-trees, and writes the shadow at /.seif-object-store/. Idempotent — re-running on an unchanged workspace re-emits the same on-disk bytes.

Exit codes: 0 success 1 scope/hash error 2 no .seif/ at workspace

FlagShorthandDefaultDescription
--forcefalseRe-emit the shadow even when no live change is detected
--jsonfalseEmit machine-readable JSON
--shadowShadow store override (default: /.seif-object-store)
--workspaceWorkspace root (default: cwd)

objectmodel preflight

Run client-side write-path gates (G0, secret-scan, G1, G3)

objectmodel preflight — composed client gates.

Composes the client-authoritative subset of the G0-G5 pipeline: G0 substrate — nucleus.git_head matches the current .seif/ store HEAD secret-scan — no secret VALUES in the staged .seif/ diff G1 coherence — cycle audit reports 0 HIGH G3 integrity — VerifyModel reports 0 HIGH

G2 doc-code, G4 nucleus regen, and G5 manifest signing are engine- authoritative and NOT part of the client preflight.

Exit codes: 0 all gates pass 1 at least one gate fails (blocked_by populated)

FlagShorthandDefaultDescription
--gates[]Comma-separated subset of gates to run (default: G0-substrate,secret-scan,G1-coherence,G3-integrity)
--jsonfalseEmit machine-readable JSON
--shadowShadow store override (default: /.seif-object-store)
--strictfalseTreat ADVISORY findings as failures
--workspaceWorkspace root (default: cwd)

objectmodel verify

Re-hash the live store and compare to the shadow nucleus

objectmodel verify — drift detection.

Re-builds the merkle tree from the live store and compares to the shadow's mapper + nucleus. Reports root-drift, missing-object, hash-mismatch, and stale-object findings.

Exit codes: 0 clean (or MEDIUM-only findings) 1 HIGH severity drift 2 no shadow built

FlagShorthandDefaultDescription
--jsonfalseEmit machine-readable JSON
--shadowShadow store override (default: /.seif-object-store)
--workspaceWorkspace root (default: cwd)

open

Open SEIF Desktop on a workspace (local cockpit)

Resolve path to a SEIF workspace/container root and launch (or focus) SEIF Desktop.

Default path is the current directory. Pointer members resolve to the container root. When the path is not a SEIF workspace, exits with code 2 and does not launch the app.

Remote mode (--remote --remote-workspace ) skips local workspace resolve, preflights SSH (exit 4) and remote .seif/ (exit 5), then spawns the desktop with --remote-host and --remote-workspace only (no loopback port/token).

Use --print-shim to emit a shell function so literal seif . works as seif open ..

Examples: seif open . seif open /path/to/project seif open --remote my-server --remote-workspace /path/to/workspace eval "$(seif open --print-shim)" # install shim in ~/.zshrc

FlagShorthandDefaultDescription
--dry-runfalsePrint launch argv without spawning desktop
--print-shimfalsePrint shell shim for 'seif .' alias and exit
--remoteSSH config alias for remote workspace (requires --remote-workspace)
--remote-workspaceAbsolute workspace path as seen on the remote host

orchestrate init

Create default orchestration.json if missing

orchestrate status

Show orchestration.json summary

pod add-workspace

Add a workspace to a pod's composition (D2)

Adds a workspace ref to the pod manifest (POST /v1/pods/{id}/workspaces).

Manifest-CRUD only — this relates the workspace into the pod; it does not materialize. Run 'seif push' (or 'seif compose push') to materialize, exactly as before (anti-syncopathy: /v1/sync stays the one orchestrator).

The workspace may be given as an engine workspace_id (ws_) or a slug resolved against your workspace list.

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--jsonfalseEmit raw JSON output instead of formatted text
--nameManifest label for the member (optional)
--podTarget pod (namespace user-slug/pod-slug or pod_id) [required]
--roleMember role: writer|observer (optional)

pod bind

Bind this local workspace to an existing engine pod

Attach the local .seif workspace to an EXISTING pod — the pod analogue of 'seif workspace bind': you created the pod on the web/engine, now point your local folder at it.

<pod_id> accepts a namespace (user-slug/pod-slug) or a bare pod slug. The ref is resolved against your signed-in pod list; use --force to skip verification (e.g. offline), binding the ref verbatim.

Writes engine_pod_id into the nearest workspace.seif.json, so pod-scoped verbs need no --pod afterwards. Idempotent: re-binding the same id is a no-op; binding a different id rebinds.

To create a NEW pod instead, use 'seif pod create '.

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--forcefalseBind the <pod_id> verbatim without verifying it against your engine pod list (offline escape hatch)

pod create

Create a pod on the engine (like gh repo create, but for a pod)

Creates a pod slug under your account. The slug is alphanumeric with optional hyphens. Pods do not count against the free-tier workspace limit.

FlagShorthandDefaultDescription
--display-nameHuman-readable pod name (optional)
--engine-urlEngine base URL
--jsonfalseEmit raw JSON output instead of formatted text

pod list

List the pods in your account

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--jsonfalseEmit raw JSON output instead of formatted text

pod remove-workspace

Remove a workspace from a pod's composition (D2)

Detaches a workspace ref from the pod manifest (DELETE /v1/pods/{id}/workspaces/{workspace_id}). Idempotent — removing a non-member is a no-op. The workspace itself is untouched.

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--jsonfalseEmit raw JSON output instead of formatted text
--podTarget pod (namespace user-slug/pod-slug or pod_id) [required]

pod show

Show one pod by its namespace (user-slug/pod-slug)

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--jsonfalseEmit raw JSON output instead of formatted text

publish

Sign locally and publish to the transparency log (sign → log → verify URL)

publish is the one-command path from a local artifact to a publicly verifiable, Merkle-logged evidence URL.

It (1) builds a locally-signed SEIF evidence frame with your workspace Ed25519 key — exactly like seif sign (sovereign: the engine never sees your secret key); (2) registers your workspace public key with the engine (idempotent); (3) submits the frame to POST /v1/evidence, which verifies your signature, appends it to the transparency log, and returns the public verify URL + log entry id.

Unlike server-side signing, publish keeps signing LOCAL. It needs an engine bearer (--token / --token-file / $SEIF_ENGINE_TOKEN / seif login) and a workspace signing key (seif key generate). Pass --workspace-id to name your registered workspace.

Examples: seif publish CHANGES.md --workspace-id ws_proj_x git diff | seif publish - --kind diff --workspace-id ws_proj_x seif publish report.txt --classification PUBLIC --quiet

FlagShorthandDefaultDescription
--classificationINTERNALPUBLIC|INTERNAL|CONFIDENTIAL
--content-typetext/plainMIME-like content type
--engine-urlEngine base URL (default: $SEIF_ENGINE_URL or https://api.seifprotocol.com)
--key-filePath to base64 Ed25519 secret key file (overrides $SEIF_SIGNING_KEY)
--kindfileArtifact kind (diff|commit|file|module|evidence_frame)
--metadata-fileOptional JSON file with metadata object
--quietfalsePrint only the verify URL
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspace-idWorkspace identifier (default: resolved from the workspace marker / $SEIF_WORKSPACE_ID; must be a workspace you own)

pull

Materialize the workspace's remote HEAD into the local .seif/ [PAID]

pull downloads the workspace's current engine HEAD (the object-model read path) and materializes it into the local .seif/ tree.

Flow (login-required; entries classification-filtered server-side):

  1. GET /v1/sync/head -> the current accepted nucleus root.
  2. GET /v1/sync/manifest/{root} -> the filtered entries (path/sha/size/class).
  3. GET /v1/sync/blob/{sha} per entry -> verify content sha -> write file.

Genesis (the remote has no accepted HEAD yet) is a successful no-op.

WARNING: pull overwrites local files covered by the remote HEAD. Use --dry-run to preview.

Auth sources (priority): --token VALUE | --token-file PATH | SEIFENGINETOKEN /.seif/sessiontoken(seiflogin)EngineURL(priority):engineurlURLremoteNAME(seifremotelist)SEIF_ENGINE_TOKEN | ~/.seif/session_token (seif login) Engine URL (priority): --engine-url URL | --remote NAME (seif remote list) | SEIF_ENGINE_URL | https://api.seifprotocol.com Workspace ID (priority): --workspace-id ID | $SEIF_WORKSPACE_ID

--from-inbox NAME shorthand: resolves BOTH engine URL and workspace_id from seif inbox list (the receiver-side store, c273 Wave 10). Mutually exclusive with --engine-url / --remote / --workspace-id — the inbox is a bound (engine, workspace_id) tuple so accepting overrides would silently target a different receptor than the named one. Pull semantics are unchanged; only the resolution layer differs.

FlagShorthandDefaultDescription
--dry-runfalseList what would be materialized without writing files
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--from-inboxNamed inbox from seif inbox list — resolves engine URL + workspace ID through the inbox store (alternative to --remote / --engine-url)
--jsonfalseEmit raw JSON output
--remoteNamed remote from seif remote list (alternative to --engine-url)
--rootWorkspace root to materialize into (default: current directory)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

push

Push .seif/ workspace state to the engine mirror, gated [PAID]

push carries the workspace object-model to the engine over the gated /v1/sync write path (protocol-spec-v0 §11.1, v0.5).

What it does (thin client — s230 FASE 3, no python dependency):

  1. Scans .seif/ natively and computes the push SCOPE: every non-layer-5 artifact under a share-allowlist-INCLUDED top-level entry (fail-closed).
  2. Reads the engine's current HEAD (GET /v1/sync/head) as the CAS parent.
  3. Submits a v0.5 manifest — flat entries[] (path, raw-content sha256, size, classification) + nucleus{parent} — uploads the blobs the engine does not yet hold, and finalizes.
  4. The ENGINE rebuilds the merkle tree, runs the G0-G5 reliability gate in-process, signs the nucleus with its own key, and advances HEAD. push surfaces the engine's gate verdict.

For local store self-healing (dry-run by default), use seif sync. Engine mirror only: seif push (or seif sync --apply --push).

Auth sources (priority): --token VALUE | --token-file PATH | SEIFENGINETOKEN /.seif/sessiontoken(seiflogin)EngineURL(priority):engineurlURLremoteNAME(seifremotelist)SEIF_ENGINE_TOKEN | ~/.seif/session_token (seif login) Engine URL (priority): --engine-url URL | --remote NAME (seif remote list) | SEIF_ENGINE_URL | https://api.seifprotocol.com Workspace ID (priority): --workspace-id ID | $SEIF_WORKSPACE_ID

With a single "seif login" the session token is used automatically — no --token needed. It is user-scoped: one login works for every workspace you own.

FlagShorthandDefaultDescription
--dry-runfalseBuild the manifest without contacting the engine
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--jsonfalseEmit raw JSON output instead of formatted text
--no-bundlefalseUpload each blob with parallel PUTs instead of one gzip bundle
--quietfalseSuppress push progress lines on stderr
--remoteNamed remote from seif remote list (alternative to --engine-url)
--rootWorkspace root containing .seif/ (default: current directory)
--sessionSession label embedded in the manifest (e.g. s161)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--upload-workers0Parallel PUT workers when bundle is off or unavailable (default 16, max 32)
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

quality-gate

Score text quality via the SEIF engine [PAID]

quality-gate reads (or stdin when given "-"), POSTs the text to the SEIF engine's POST /v1/quality-gate endpoint, and renders the resulting verdict (grade, score, stance, triple-gate breakdown, flags, suggestions).

This command is a thin engine caller — the actual heuristic computation runs server-side. Requires engine authentication (Bearer token).

Auth sources (priority): --token VALUE --token-file PATH $SEIF_ENGINE_TOKEN

Engine URL (priority): --engine-url URL $SEIF_ENGINE_URL https://api.seifprotocol.com (default)

FlagShorthandDefaultDescription
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--jsonfalseEmit raw JSON verdict instead of formatted output
--rolehumanSource role: human | ai
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token

quota

Show current usage, limits, and tier [PAID — engine]

quota fetches GET /v1/workspaces/{id}/tier and renders the workspace tier plus all counter fields returned by the engine. Counter fields (signatures_used, log_entries_used, …) are iterated dynamically, so new counters added server-side (sync_ops_used, watermark_ops_used, stream_minutes_used per the s150 E4 migration) auto-display without a follow-up CLI release.

With --account (or when no workspace is resolvable) it queries the ACCOUNT-level view (GET /v1/quota) instead: your tier + per-resource usage windows, resolved from the token — available before any workspace is pushed. A workspace lookup that 404s (not yet registered) also falls back to this.

Auth sources (priority): --token VALUE --token-file PATH $SEIF_ENGINE_TOKEN

Engine URL (priority): --engine-url URL $SEIF_ENGINE_URL https://api.seifprotocol.com (default)

Workspace ID (priority): --workspace-id ID $SEIF_WORKSPACE_ID workspace.seif.json (walk-up from cwd) .seif/workspace.json (legacy walk-up)

FlagShorthandDefaultDescription
--accountfalseShow ACCOUNT-level tier + usage (GET /v1/quota) instead of a workspace; works before any workspace is pushed
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--jsonfalseEmit raw JSON response instead of formatted output
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

recap

What you & your AI did — a standup / accountability narrative from the captured record

recap assembles a time-windowed narrative of workspace activity from records SEIF already captured — cycles opened/sealed, sessions, and decisions — and renders it as a daily standup, a manager report, or a changelog. The report writes itself; you don't fill a form.

Sister to seif report:

report — current-state snapshot (identity, pending, memory, audit) recap — narrative of what happened in a time window

--since accepts keywords or an explicit instant: today (default) | yesterday | week | month | Nd (e.g. 3d) | YYYY-MM-DD | RFC3339

--as selects the shape: standup (default) — terse bullets grouped by day report — grouped by day then category, with summaries changelog — flat reverse-chronological list

--for is a best-effort actor filter (events without attribution are kept, since they cannot be excluded).

Exit codes: 0 recap rendered (may be empty) 2 workspace has no .seif/ directory

FlagShorthandDefaultDescription
--allfalseInclude bare lifecycle sessions (no summary); default hides them
--asstandupOutput shape: standup|report|changelog
--forBest-effort actor filter (substring; unattributed events are kept)
--jsonfalseEmit structured JSON (schema SEIF-RECAP-v1-draft) instead of markdown
--sincetodayLower bound: today|yesterday|week|month|Nd|YYYY-MM-DD|RFC3339
--untilUpper bound (YYYY-MM-DD or RFC3339); default now
--workspaceWorkspace root directory (default: walk-up from cwd)

reconstruct

Materialize a historical workspace tree as a hardlink farm

reconstruct walks the delta-log to rebuild the workspace shadow tree at the named rev, then materializes every blob as a HARDLINK under

<workspace>/.seif-object-store/reconstruct/<rev-id>-<pid>/

and prints that path (one line, no trailing chatter) to stdout. The farm is walkable by any tool: find, grep -r, IDE indexers — all see the historical state as a regular directory tree.

Concurrent invocations of the same rev get separate per-pid farm subdirs (Q-FARM-4) so two operators (or two pipelines) never collide.

Cleanup is MANUAL (Q-FARM-3): farms persist until seif-dev --reconstruct-gc is run, which removes any farm whose owner pid is dead.

INV-THIN-CLIENT: pure local FS — no engine roundtrip, no quota.

relay assignments

List ACTIVE handoff assignments (optionally by executor)

FlagShorthandDefaultDescription
--allfalseInclude CLOSED and RELEASED assignments
--executor-idFilter assignments to one executor
--jsonfalseEmit JSON
--stalefalseOnly stale ACTIVE assignments
--workspaceWorkspace root (default: walk-up from cwd)

relay board

Relay accountability board (SEIF-RELAY-BOARD-v1)

board is the read-only actionability source for relay orchestration.

FlagShorthandDefaultDescription
--jsonfalseEmit SEIF-RELAY-BOARD-v1 JSON
--workspaceWorkspace root (default: walk-up from cwd)

relay brief

Create .seif/relay/brief/.md with a starter template

FlagShorthandDefaultDescription
--forcefalseOverwrite if the file already exists
--no-armfalseDo not arm wake-on-handback for this slug (skip couple-watch-to-dispatch)
--queuefalseMark brief for auto-dispatch (executor_id: auto in contract block)
--workspaceWorkspace root (default: walk-up from cwd)

relay claim

Claim ACTIVE ownership of a relay slug for an executor

FlagShorthandDefaultDescription
--also-watchfalseAllow shared watch on an ACTIVE slug held by another executor
--executor-idExecutor claiming ownership (required)
--force-path-claimfalseForce SEIF-CLAIM fusion even in a linked worktree
--no-path-claimfalseSkip SEIF-CLAIM fusion on relay claim
--workspaceWorkspace root (default: walk-up from cwd)

relay close

Terminally close an assignment (or sweep stale claims)

close sets handoff status to CLOSED (idempotent). Closed assignments leave the default assignments view; use assignments --all to list them.

Bulk hygiene: close --stale --dry-run prints a table; add --confirm to apply.

FlagShorthandDefaultDescription
--byOrchestrator actor id (may release/close any claim)
--confirmfalseApply stale sweep (requires --stale)
--dry-runfalsePrint stale table without closing
--executor-idExecutor performing the action
--forcefalseOrchestrator override when actor != holder
--jsonfalseEmit JSON
--reasonAudit reason for release/close
--stalefalseSweep stale ACTIVE claims (bulk hygiene)
--stale-after24hAge threshold for stale detection
--workspaceWorkspace root (default: walk-up from cwd)

relay draft publish

Write a draft to the draft/ lane and publish a draft bus event

publish writes the --note body to the reserved .seif/relay/draft/ lane with a unique name and publishes a {from,to:"*",kind:"draft",ref,draft_path} bus event. Semantics: thinking aloud, not yet a decision — peers can see drafts without it being a brief.

FlagShorthandDefaultDescription
--executor-idOverride self id (from); default $SEIF_EXECUTOR_ID then hostname
--jsonfalseEmit JSON
--notePath to the note body content file (required)
--refReference slug this note is about
--workspaceWorkspace root (default: walk-up from cwd)

relay handback

Create .seif/relay/handback/.md with a starter template

FlagShorthandDefaultDescription
--forcefalseOverwrite if the file already exists
--workspaceWorkspace root (default: walk-up from cwd)

relay handoff init

Create handoff//HANDOFF.md with worktree metadata

FlagShorthandDefaultDescription
--also-watchfalseAllow init when slug is ACTIVE for another executor
--branchGit branch name
--executor-idOwning executor id for this handoff
--forcefalseOrchestrator override for empty executor_id
--reposRepo scope note
--statusACTIVEHandoff status (OWNER_GATED|PARKED allow empty executor_id)
--watch-slugsComma-separated slugs this executor monitors
--workspaceWorkspace root (default: walk-up from cwd)
--worktreeAbsolute path to git worktree (required)

relay handoff show

Print path to handoff//HANDOFF.md

FlagShorthandDefaultDescription
--workspaceWorkspace root (default: walk-up from cwd)

relay heartbeat

Renew relay claim TTL and update last_activity

FlagShorthandDefaultDescription
--executor-idExecutor renewing the claim (required)
--workspaceWorkspace root (default: walk-up from cwd)

relay inbox

Leave a durable, append-only note in a peer's relay inbox

inbox writes a UNIQUE, append-only note to .seif/relay/inbox/ addressed to . Front-matter carries from (self id), to, ref, kind, ts. --note is a path to the note body. The protocol treats an inbox note to a live executor as a valid redispatch act (durable, file-first — not chat).

FlagShorthandDefaultDescription
--executor-idOverride self id (from); default $SEIF_EXECUTOR_ID then hostname
--jsonfalseEmit JSON
--kindNOTENote kind: NOTE or VERDICT
--notePath to the note body content file (required)
--refReference slug this note is about
--workspaceWorkspace root (default: walk-up from cwd)

relay list

List relay artifacts by kind

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--queuefalseShow queue stats (queued/claimed/orphaned/stale counts)
--workspaceWorkspace root (default: walk-up from cwd)

relay migrate-anonymous

Classify or migrate anonymous ACTIVE handoffs

FlagShorthandDefaultDescription
--confirmfalseApply safe migration actions
--dry-runfalseClassify without writing
--jsonfalseEmit JSON
--workspaceWorkspace root (default: walk-up from cwd)

relay next

Atomically claim the oldest queued brief (executor_id: auto)

next claims the oldest brief whose Executor contract has executor_id: auto and no ACTIVE handoff. Serialized via flock — concurrent callers never double-claim.

Use --dry-run to list the queue head without claiming.

FlagShorthandDefaultDescription
--dry-runfalseList queue head without claiming
--executor-idExecutor claiming the brief (required)
--force-path-claimfalseForce SEIF-CLAIM fusion even in a linked worktree
--jsonfalseEmit JSON
--no-path-claimfalseSkip SEIF-CLAIM fusion on relay next
--reposComma-separated repo filter
--workspaceWorkspace root (default: walk-up from cwd)

relay notify

Durable inbox note PLUS a bus pointer to the peer (decide + notify)

notify is the composite "decide + notify": it FIRST writes the durable inbox note (identical to relay inbox), THEN publishes a bus pointer to the relay topic via the daemon. The durable note is the source of truth — if the bus publish fails the note is kept and the publish error is reported (the command does not fail wholesale).

FlagShorthandDefaultDescription
--executor-idOverride self id (from); default $SEIF_EXECUTOR_ID then hostname
--jsonfalseEmit JSON
--kindNOTENote kind: NOTE or VERDICT
--notePath to the note body content file (required)
--refReference slug this note is about
--workspaceWorkspace root (default: walk-up from cwd)

relay path

Resolve and print the absolute path to a relay artifact

FlagShorthandDefaultDescription
--kindbriefbrief or handback
--workspaceWorkspace root (default: walk-up from cwd)

relay pointer

Print a 2-line chat pointer for an existing brief or handback

FlagShorthandDefaultDescription
--kindbriefbrief or handback
--workspaceWorkspace root (default: walk-up from cwd)

relay poll

Single-shot filtered relay poll (daemonless tabs)

poll scans relay dirs once (or blocks until --timeout). Emits JSON with events + next_token.

FlagShorthandDefaultDescription
--executor-idDerive slugs from ACTIVE handoffs for this executor
--sinceContinuation token from prior poll
--slug[]Filter to relay slug (repeatable)
--timeout0sBlock up to this duration waiting for events
--workspaceWorkspace root (default: walk-up from cwd)

relay release

Release an ACTIVE claim back to the dispatch queue

release sets handoff status to RELEASED so the brief may re-enter the queue (when executor_id: auto). Records actor/time/reason in the handoff Lifecycle block.

Executor must match the holder unless --force (orchestrator) or --by is set.

FlagShorthandDefaultDescription
--byOrchestrator actor id (may release/close any claim)
--executor-idExecutor performing the action
--forcefalseOrchestrator override when actor != holder
--jsonfalseEmit JSON
--reasonAudit reason for release/close
--workspaceWorkspace root (default: walk-up from cwd)

relay watch

Watch relay dirs and stream metadata events as JSONL (foreground)

watch runs the same fsnotify loop as the relay-watch daemon capability, but writes metadata-only JSONL events to stdout (no daemon required). Ctrl-C stops.

Without --slug/--executor-id: global firehose (orchestrator/maestro). With filters: only events for assigned slugs.

Event shape: {"kind","action","slug","path","ts","executor_id","assigned"}

FlagShorthandDefaultDescription
--executor-idDerive slugs from ACTIVE handoffs for this executor
--slug[]Filter to relay slug (repeatable)
--workspaceWorkspace root (default: walk-up from cwd)

remote add

Add a remote

FlagShorthandDefaultDescription
--allow-httpfalseAccept http:// URLs (self-host only; default rejects cleartext)

remote get-default

Print the resolved engine URL and its source

remote list

List all remotes (merged view)

remote remove

Remove a remote

remote rename

Rename a remote

remote set-default

Mark a remote as the default for its scope

render cursor-rules

Refresh .cursor/rules/*.mdc from the active SEIF store (one-way)

cursor-rules refreshes the workspace Cursor rules from the sovereign store.

One-way: the .seif/ store is source of truth. OPEN cycles and HIGH/CRITICAL pending modules are folded into the seif-artifacts.mdc description and written to seif-store-active.mdc; the kernel (seif.mdc) and MCP catalog (seif-mcp-tools.mdc) are (re)written too. With --no-mcp, .cursor/mcp.json is left untouched.

Go-native port of the Python dev-tool's seif-dev --render-cursor-rules.

FlagShorthandDefaultDescription
--dry-runfalseList would-write targets without writing
--jsonfalseEmit the render report as JSON
--no-mcpfalseSkip writing .cursor/mcp.json
--workspaceWorkspace root (default: cwd)

render pointers

Render pointers/*.tmpl to umbrella-root pointer files

render-pointers

Render pointers/*.tmpl to umbrella-root pointer files

report

Structured workspace snapshot — identity, pending, cycles, memory, audit, paid counters

report builds a structured, sectioned snapshot of the workspace designed to paste into an audit ticket or hand to a customer / new teammate. Sister to seif status but with a different audience:

status — live runtime probe (counts, OPEN cycles, object-model HEAD) report — structured snapshot (sections, severity tops, history, paid tier)

Sections (all soft-skip on missing data — INV-THIN-CLIENT):

  1. Workspace identity (root, owner, workspace_id, classification, threshold)
  2. Pending modules (counts by status/severity + top-5 open by severity)
  3. Cycle history (any OPEN + last 5 sealed by mtime)
  4. Memory tiers (INTERNAL always; CONFIDENTIAL when --include-private + owner key)
  5. Discipline audit findings (last 7d from .seif/audit/discipline.jsonl)
  6. Paid-tier counters (when engine creds resolve — same shape as seif quota)

Auth (paid counters) — sources in priority: --token VALUE | --token-file PATH | SEIFENGINETOKENengineurlURLSEIF_ENGINE_TOKEN --engine-url URL | SEIF_ENGINE_URL | https://api.seifprotocol.com (default) --workspace-id ID | $SEIF_WORKSPACE_ID | walk-up workspace marker

--include-private requires the owner signing key at ~/.seif/keys/signing.key (host-tier owner-identity gate — see seif key generate). Absent key → the flag is rejected to keep CONFIDENTIAL memories from accidentally showing up on a shared screen.

Exit codes: 0 report rendered (sections may be soft-skipped) 2 workspace has no .seif/ directory

FlagShorthandDefaultDescription
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--include-privatefalseInclude CONFIDENTIAL memory tier (requires ~/.seif/keys/signing.key)
--jsonfalseEmit structured JSON (schema SEIF-REPORT-v1-draft) instead of human markdown
--sinceNarrow time-bucketed sections to events at/after this date (YYYY-MM-DD or RFC3339)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspaceWorkspace root directory (default: walk-up from cwd)
--workspace-idEngine workspace identifier (overrides $SEIF_WORKSPACE_ID)

runtime attach

Injection rank hints for an AI client (claude-code, cursor, …)

runtime heal

Converge this machine's seif install to doctor-green (binary, PATH, hooks) [free, local]

runtime heal converges a fresh OR drifted machine to a healthy seif runtime, idempotently:

  1. product binary — install/refresh ~/.seif/bin/seif from the running executable
  2. PATH — back up dead seif shims (*.dead-shim.bak-) and symlink them to the product binary; healthy divergent binaries are flagged, never destroyed
  3. hooks — converge ~/.claude/settings.json onto the absolute product binary path (settings.json.bak- first; legacy entries like circuit-inbox-hook.sh and Python seif --… removed; user hooks preserved)
  4. verify — run the doctor runtime checks; success ONLY when green

Running it twice is a no-op the second time. Exits nonzero when the machine is still not doctor-green afterwards (e.g. a healthy shadow install that needs a human decision). Every overwrite is preceded by a backup — never silent-destroy.

FlagShorthandDefaultDescription
--dry-runfalsePlan steps without writing files (still verifies and exits nonzero on drift)
--jsonfalseEmit JSON

runtime up

Idempotent container runtime bootstrap

FlagShorthandDefaultDescription
--dry-runfalsePlan steps without writing files

secret-scan

Scan content for secret VALUES (API keys, PATs, PEM private keys, JWTs)

secret-scan greps for secret VALUES — not the words token/password/key — so governance artifacts that legitimately NAME secrets are not flagged.

Modes (at least one required): --staged scan ADDED lines of the git staged diff (pre-commit choke-point) --path FILE scan an explicit file (repeatable)

Lines bearing the seif:allow-secret marker are skipped.

FlagShorthandDefaultDescription
--jsonfalseEmit JSON result
--path[]Explicit file to scan (repeatable)
--stagedfalseScan the git staged diff (added lines only)
--workspaceWorkspace root for --staged (default: cwd)

session

Manage sessions (alias: use seif gov session)

session is a top-level alias for the governance namespace.

Prefer: seif gov session list|show|…

Writes are deferred on the Go product until SEIF-SESSION-v1 reconciliation; use MCP seif_invoke or the Python dev-tool for session_create/contribute/close.

setup

Install SEIF runtime integration for an AI client (claude-code, cursor, gemini, grok, generic)

setup installs the necessary hooks, skills, memory symlinks and configuration so that the target AI client can use the full SEIF protocol (classification gate, quality gate, cross-AI memory, circuit inbox, etc.) without depending on the Python dev-tool at runtime.

Supported adapters: claude-code — full hooks + skills + memory symlink (highest userbase) cursor — .cursor/rules + MCP json (command-capable, thin) gemini — GEMINI.md command-capable thin tier (axioms via 'seif context bootstrap') grok — GROK.md command-capable thin tier (grok-builder, FS-capable CLI) generic — hookless AGENTS.md baseline (Wave 8 — long-tail read-only clients) git-hooks — git auto-sync hooks (post-commit/merge/checkout → seif context sync) + pre-commit secret-scan (blocks secret VALUES in staged content)

Capability tiers: command-capable clients (claude-code, cursor, gemini, grok) reference axioms on demand via 'seif context bootstrap' (resolved from the embedded verified kernel) — they do NOT inline the 28 axioms. Only the long-tail read-only 'generic' tier may inline as a degraded fallback.

Report state with "seif setup status [--json]" — a read-only per-adapter integration report (installed? hooks/skills/memory-symlink/rules/AGENTS.md). seif-desktop consumes the --json form rather than reimplementing detection.

This is the highest-leverage step for the "single static Go binary" promise. After seif setup claude-code (or seif setup generic for any other AI client that reads AGENTS.md) a user can install the Go binary and have a working SEIF environment without ever touching Python.

Adapter-specific flags: --force (generic only) rewrite AGENTS.md even when content matches

Examples: seif setup status # human table of per-adapter integration seif setup status --json # machine report (seif-desktop consumes this) seif setup claude-code seif setup claude-code --workspace /path/to/ws seif setup claude-code uninstall # remove SEIF hooks/skills/symlink (user hooks preserved) seif setup cursor --dry-run seif setup cursor uninstall # remove .cursor SEIF rules/hook/mcp server (user content preserved) seif setup generic seif setup generic --workspace ~/repos/my-project --dry-run seif setup generic --force # bump mtime / recover from partial write seif setup generic uninstall # strip the SEIF block from AGENTS.md (user content preserved) seif setup git-hooks # install git auto-sync hooks in cwd seif setup git-hooks list # show which SEIF hooks are present seif setup git-hooks uninstall # remove only the SEIF section from each hook

FlagShorthandDefaultDescription
--dry-runfalsePrint actions without writing anything
--forcefalseGeneric adapter: rewrite AGENTS.md even when content is already current
--jsonfalsestatus: emit the per-adapter integration report as JSON
--strictfalsestatus: exit 1 if any adapter is not configured (default: exit 0 — it is a report)
--with-mcpfalseAlso configure MCP server (future)
--workspaceWorkspace root (default: walk-up from cwd)

show

Print a historical workspace blob or list its reconstructed tree

show emits either ONE historical blob's raw bytes (when :<path> is given) or LISTS the reconstructed tree at the named rev (when :<path> is omitted). Workspace-mode only — no engine roundtrip, no quota.

Rev forms (memo §8 Q-DIFF-2f, same parser as seif diff workspace@<rev>): workspace@HEAD current shadow object-model workspace@HEAD~N walk N parents back through the delta log workspace@ 12-hex prefix (>=4) of a recorded rev_id workspace@ newest rev recorded on/before the named date

Single-path mode (default — direct blob read, no farm): seif show workspace@HEAD~3:.seif/project.seif seif show workspace@HEAD:path/to/binary.png > local.png

Bare-rev mode (lists tree pathhashsize): seif show workspace@HEAD~1

Notes:

  • Output is raw bytes (Q-SHOW-3). Caller controls with shell redirects.
  • When <path> resolves to a directory the verb fails-loud with a hint to run seif reconstruct workspace@<rev> (Q-SHOW-2).
  • Rev-prefix collisions list every matching full rev-id (Q-SHOW-5).

sign

Sign an artifact and emit a SEIF evidence frame

Sign reads (or stdin when given "-"), builds a SEIF Evidence per spec §8.1, computes the canonical_hash, signs the raw 32 hash bytes with the workspace Ed25519 secret key, and emits the resulting frame as JSON.

The secret key is loaded from --key-file or, if not set, from the SEIF_SIGNING_KEY environment variable. The key must be the base64-encoded 64-byte Ed25519 secret (seed||public).

Content encoding is auto-selected: valid UTF-8 inputs use content_encoding "utf-8"; anything containing invalid UTF-8 sequences (control bytes, binary payloads) is base64-encoded.

FlagShorthandDefaultDescription
--classificationINTERNALPUBLIC|INTERNAL|CONFIDENTIAL
--content-typetext/plainMIME-like content type
--key-filePath to base64 Ed25519 secret key file (overrides $SEIF_SIGNING_KEY)
--kindfileArtifact kind (diff|commit|file|module|evidence_frame)
--metadata-fileOptional JSON file with metadata object (default: {})
--outputWrite frame to file (default: stdout)
--workspace-idWorkspace identifier (default: resolved from the workspace marker / $SEIF_WORKSPACE_ID)

stamp

Anchor a file on Bitcoin via OpenTimestamps (deferred — engine endpoint pending)

Anchor on the Bitcoin blockchain via OpenTimestamps, producing .ots that can be verified offline with seif verify --stamp.

STATUS: deferred to Phase B — the engine /v1/ots/submit endpoint is not yet implemented. The thin client must not stamp locally (would break INV-THIN-CLIENT), so submission flows through the engine.

For now, use the Python dev-tool reference:

seif-dev --stamp <file>          # creates <file>.ots via local ots binary

Once /v1/ots/submit ships, this command becomes the thin-client entry point; the .ots produced by either path is verifiable with seif verify --stamp against any esplora endpoint.

FlagShorthandDefaultDescription
--jsonfalseEmit JSON output

start

Bootstrap a grounded SEIF session and launch your AI client (the maestro)

start is the one-command path to a fully-grounded SEIF session — the Go maestro (parity with the dev-tool's seif launcher).

It guarantees the environment, then launches the AI client:

  1. no .seif/ here? → scaffolds the workspace (seif init)
  2. no SEIF hooks installed? → installs the claude-code integration (classification gate, SessionStart context, cross-AI memory symlink, skills)
  3. exports SEIF_BOOTSTRAP_PROFILE so the SessionStart hook sizes the boot surface (minimal | standard | full)
  4. execs claude — the installed hooks ground every session; no prompt injection (the deprecated path that crashed the old wrapper).

Examples: seif start # standard profile, this folder seif start --bootstrap-profile minimal # leanest (RAG-first) boot surface seif start --bootstrap-profile full # widest boot surface seif start --workspace ~/repos/app # a specific workspace seif start --no-launch # prepare + print the launch plan only seif start -- --model opus # pass args through to claude

FlagShorthandDefaultDescription
--bootstrap-profilestandardContext bootstrap profile: minimal | standard | full
--clientAI client to launch by registered name (default: the registry default — seif admin client list)
--include[]Path to an extra file to seed the conversation (repeatable)
--memory-chars0Override the cross-AI memory surface budget in chars (0 = profile default)
--memosComma-separated memo slugs under .seif/memos/ to load into the boot context
--modulesComma-separated module ids under .seif/modules/ to load into the boot context
--no-launchfalsePrepare the environment and print the launch plan, but do not exec the client
--opening-reportworkspace,memory,cycles,pendingFields the agent reports in its opening environment report (comma list of workspace,memory,cycles,pending; 'off' to disable).
--workspaceWorkspace root (default: current directory)

status

Show workspace status, identity, and counts

status introspects the current workspace .seif/ directory and prints counts of cycles/seeds/modules/memories, lists any OPEN cycles, and shows the active classification + quality threshold from .seif/config.json.

This verb is local-only — it does not call the engine. For quota and tier info use seif quota.

Exit codes: 0 .seif/ present and report rendered 2 workspace has no .seif/ directory

FlagShorthandDefaultDescription
--audit-hostfalseAudit the host-tier ~/.seif/ directory across 5 layers (protocol, init-generated, derived, per-host, heartbeat). With --fix, regenerates missing files with safe defaults.
--containerfalseContainer health: dirty state, pin summary (SEIF-WORKSPACE-v2)
--deltafalseShow drift between the live .seif/ store and the shadow object-model's last signed nucleus (added / modified / removed) — git status vs HEAD for SEIF artifacts; reads /.seif-object-store/
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--fixfalseWith --audit-host: regenerate missing files (idempotent, safe defaults).
--jsonfalseEmit structured JSON report instead of human-readable text
--object-modelfalseAlso surface the native push scope (artifact count) and, with engine creds, the engine's accepted HEAD (GET /v1/sync/head)
--shadowOverride the shadow object-store path (default: /.seif-object-store)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspaceWorkspace root directory (default: current working directory)
--workspace-idEngine workspace identifier for the remote axis (overrides $SEIF_WORKSPACE_ID)

store hygiene

Run the STORE-v2 retention sweeper (dry-run by default) [free]

hygiene applies the four ratified retention rules from .seif/memos/DESIGN-MEMO-2026-05-26-store-v2-layout-retention.md §3:

convert-store-keep-3 archive/migrations/convert-store-* >90d AND not in newest 3 delete circuit-inbox-30d runtime/circuit/inbox/* >30d delete seeds-consumed-90d seeds/consumed/* >90d → archive/seeds/ quarantine-12mo _quarantine/* (top-level only) >365d → archive/_quarantine-YYYY-MM/

Without --apply this is a DRY-RUN: it reports what WOULD happen. With --apply it mutates the filesystem; per-action failures are recorded in the report (exit 2) but do not abort the sweep.

With --check-only this runs the Fase-4 health CHECK instead of the sweep: it scans the ACTIVE tree (archive/, _quarantine/ excluded) for non-envelope .seif artifacts and duplicate pending module ids, and exits 1 on regression (non-envelope > 700, or any duplicate id). This is the gate wired into the SEIF pre-push hook. Pass -o to also append the JSON report as a JSONL audit line.

Exit codes 0 sweep completed / check passed 1 --check-only regression (non-envelope over threshold, or duplicate id) 2 at least one per-action error in apply mode 3 input error (workspace missing, .seif/ not found, invalid --now)

FlagShorthandDefaultDescription
--applyfalseMutate the filesystem (default is dry-run)
--check-onlyfalseRun the Fase-4 health check (non-envelope + duplicate-id scan) and exit 1 on regression instead of sweeping
--jsonfalseEmit ONLY the JSON envelope (skip the human-readable table)
--keep-convert-store-count0Override the keep-3 default for convert-store-* migration logs (default 3 per memo §3)
--nowReference timestamp for age math (RFC3339; default: time.Now)
--outputoWith --check-only: append the JSON report as a JSONL audit line to this path
--verbosefalseAlso emit Skipped[] (paths inspected but no rule fired)

store inventory

Self-describe every .seif/ as JSONL (STORE-v2 Fase-0 ritual) [free]

inventory is the STORE-v2 Phase-0 ritual: every image/standalone self-describes (one JSONL row per .seif/) BEFORE any hygiene or migrate verb runs, so the operator can route the next phase.

Each row carries the ratified Phase-0 fields: seif_dir, workspace_id, workspace_type, store_profile, pod_root, compose_image_name, host_label

Roots default to the current directory (walk-up to the sovereign .seif/). When a root holds a seif-compose.json, each image workspace is expanded into its own row. Rows are deduped by resolved seif_dir.

Output is JSONL on stdout (one object per line); -o writes it to a file.

FlagShorthandDefaultDescription
--jsonfalseEmit raw JSONL to stdout (default when stdout is not a TTY)
--outputoWrite JSONL to this file instead of stdout
--root[]Workspace/pod root to inventory (repeatable; default: current directory)

store move

Relocate module artifacts between ratified module dirs (mutates; --dry-run to preview) [free]

move relocates module artifacts between the ratified module dirs under .seif/modules/ — pending, resolved, decisions, capabilities, _quarantine. Paths are relative to .seif/modules/ (e.g. "pending-x.seif" → "resolved/pending-x.seif").

Single mode: seif store move pending-x.seif resolved/pending-x.seif

Bulk mode (JSON {old:new} map): seif store move --bulk moves.json

move MUTATES by default (like git mv) — it performs an atomic rename per pair. Validation is fail-fast: a missing source or pre-existing target aborts before any further pair. Pass --dry-run to validate and report what WOULD move without touching the filesystem (handy for previewing --update-refs).

--update-refs also rewrites exact "modules/" references (and quoted variants) in mapper.json and every .seif/.json/*.md under cycles/, decisions/, memos/. It never deep-rewrites envelope bodies.

Exit codes 0 completed (dry-run or apply) 3 input error (no .seif/, bad args, source missing, target exists, bad bulk map)

FlagShorthandDefaultDescription
--bulkRead a JSON {old:new} move map from this file (bulk mode)
--dry-runfalsePreview only — validate and report without moving (default mutates)
--jsonfalseEmit ONLY the JSON envelope (skip the human-readable summary)
--update-refsfalseAlso rewrite modules/ references in mapper.json + cycles/decisions/memos

stream emit

Emit a single event onto the workspace stream

FlagShorthandDefaultDescription
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--jsonfalseEmit raw JSON output instead of formatted text
--payload{}Event payload as a JSON object
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--topiccustomTopic for the emitted event
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

stream follow

Subscribe to the SSE stream and print events to stdout

FlagShorthandDefaultDescription
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--jsonfalseEmit raw JSON output instead of formatted text
--last-event-idResume from this event id (replay window 24h per spec §11.3.2)
--max-backoff1m0sMaximum reconnect backoff (default 60s per memo §5.7)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--topicsworkspace_updated,resonance,hubComma-separated topics to subscribe to (workspace_updated,resonance,hub)
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

sync

Local self-healing maestro — diagnose, plan, and apply store cures [free, local]

sync is the local self-healing maestro for .seif/ store coherence.

Default (dry-run): DIAGNOSE → PLAN — mutates nothing. Each finding maps to an existing cure verb in dependency-safe order (context sync → reindex → prune ghosts → cycle gc → heal → claim sweep → object-model repair). Memory findings are report-only (A4 gatekeeper).

With --apply: runs the plan in-process, re-diagnoses, prints before/after. With --apply --push: chains the engine mirror last (same as seif push).

Exit codes: 0 healthy or fully healed · 1 findings remain · 2 apply-step error.

FlagShorthandDefaultDescription
--applyfalseExecute the plan (default is dry-run)
--authorseif-sync-maestroAuthor recorded on context sync steps
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--jsonfalseJSON output for orchestrators
--no-bundlefalsePush: upload blobs individually instead of one bundle
--pushfalseAfter --apply, push to the engine (requires --apply)
--quietfalsePush: suppress progress on stderr
--remoteNamed remote from seif remote list
--sessionSession label embedded in the push manifest
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--upload-workers0Push: parallel PUT workers (default 16, max 32)
--workspaceWorkspace root (default: cwd)
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

tier

Report the verification-depth chain for a SEIF artifact

tier surfaces INV-VERIFICATION-DEPTH for one artifact at a time: which of the four depths carry evidence, which verifiers pass locally, and which need additional inputs (a pubkey or a --remote-fetch).

Depths 1 envelope-signature Ed25519 over canonical envelope bytes 2 engine-attestation engine_signature over coherence body 3 transparency-log RFC-6962 inclusion + STH (depth-3, H3 wire) 4 bitcoin-anchor OpenTimestamps .ots Bitcoin sequence (E2 wire)

The local-only default never touches the network; depths whose verifier needs a fetch surface as NEEDS_FETCH. Pass --remote-fetch to opt in.

Exit codes 0 max-available depth verified (or only NEEDS_KEY/NEEDS_FETCH) 1 any depth FAILED 2 artifact malformed (ref miss, parse error, wrong shape)

FlagShorthandDefaultDescription
--engine-pubkey-filePath to the engine pubkey for depth-2 attestation verification (else $SEIF_ENGINE_PUBKEY / ~/.seif/keys/engine_pubkey)
--jsonfalseEmit JSON output (AI-consumable)
--list-depthsfalsePrint the static depth catalog (definitions) and exit
--pubkey-filePath to a standard-base64 Ed25519 pubkey for depth-1 envelope verification
--remote-fetchfalseOpt-in to network roundtrips for depth-3 (log proof) and depth-4 (OTS calendar/esplora)
--stampExplicit path to a sibling .ots file for depth-4 (default: .ots)
--verify-depthArtifact ref (cycle: | memo: | pending: | decision:) or path to a .seif envelope

update

Update the seif binary in-place from the latest GitHub release [FREE]

update checks the GitHub Releases API for the latest seif-cli release, locates the asset matching this host (OS/arch), downloads it, verifies the sha256 checksum, and atomically swaps the running binary.

Tier 3 distribution: each release is a manual binary swap — there is no background auto-update.

Flow:

  1. Resolve the current version from the embedded build info.
  2. GET /repos//releases/latest (or /releases with --prerelease).
  3. Locate the asset seif--- and its .sha256 sibling.
  4. Download to .new, verify sha256.
  5. os.Rename (atomic on POSIX, restart-safe).

Requires write permission to the binary's directory. If seif is installed under /usr/local/bin and you did not use sudo to install, re-run with sudo seif update.

FlagShorthandDefaultDescription
--check-onlyfalsePrint current/latest without downloading or swapping
--jsonfalseEmit JSON output
--prereleasefalseInclude pre-release tags in the resolution

verify

Verify a SEIF evidence frame (local file or public engine proof)

Verify reads a SEIF evidence frame from (or stdin when given "-"), recomputes the canonical_hash from the embedded Evidence, checks the Ed25519 signature against the recorded public key, and re-derives the evidence_id. Any mismatch causes a non-zero exit.

With --url, the argument is a public verify URL (https://verify.seifprotocol.com/v/ev_…) or a bare evidence id (ev_…). The engine's public evidence proof is fetched (GET /v1/evidence/, no auth) and INDEPENDENTLY verified: the canonical_hash is recomputed from the returned artifact and the Ed25519 signature is checked against the embedded public key — the engine's own "verified" flag is not trusted.

Returns: exit 0 — intact (hash + signature [+ evidence_id for local frames] match) exit 1 — tampered, signature invalid, or evidence_id desynced

FlagShorthandDefaultDescription
--calendarOverride esplora HTTP endpoint (default https://blockstream.info/api, env $SEIF_ESPLORA_URL)
--engine-urlEngine base URL for --url (default https://api.seifprotocol.com or $SEIF_ENGINE_URL)
--log-idVerify a seif-log inclusion proof for this log entry id (RFC-6962 + STH)
--log-urlseif-log base URL (default https://log.seifprotocol.com or $SEIF_LOG_URL)
--quietfalseOnly exit code, no output
--stampVerify an OpenTimestamps .ots proof file (offline, against Bitcoin)
--stamp-jsonfalseEmit JSON output for --stamp verification
--stamp-sourceSource file the .ots proof anchors (default: --stamp arg with .ots stripped)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--urlfalseTreat the arg as a public verify URL or evidence id; verify the engine proof

verify-pins

Alias for workspace pins verify

FlagShorthandDefaultDescription
--jsonfalseEmit JSON

watermark embed

Sign a watermark-embed envelope for a pre-watermarked audio pair

embed posts a watermark-embed envelope. --input is the original audio file; --output is the watermarked version (produced by an out-of-band DSP path in this wave). Both must exist on disk; their sha256 + byte sizes are computed locally and included in the envelope.

FlagShorthandDefaultDescription
--amplitude-db0Watermark amplitude in dBFS (negative values typical)
--classificationINTERNALEnvelope classification tier (PUBLIC | INTERNAL | CONFIDENTIAL)
--duration-ms0Symbol duration in milliseconds
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--formatwav/pcm-s16le-44100Audio format descriptor (e.g. wav/pcm-s16le-44100)
--inputPath to the input (unmarked) audio file
--jsonfalseEmit raw JSON envelope instead of formatted output
--library-versionseif-watermark-go/v1.0.0Library version stamp for the envelope
--outputPath to the output (watermarked) audio file
--reps0Repetition count used by the DSP
--sessionSession label embedded in the envelope (e.g. s151)
--symbols0Symbol count used by the DSP (forwarded to the envelope)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

watermark extract

Look up the signed envelope for a recovered watermarked audio

extract posts a watermark-extract envelope referencing --recovered (a candidate watermarked audio). The engine looks up the matching envelope from the transparency log and returns it (or 404 if absent).

FlagShorthandDefaultDescription
--amplitude-db0Watermark amplitude in dBFS (negative values typical)
--classificationINTERNALEnvelope classification tier (PUBLIC | INTERNAL | CONFIDENTIAL)
--duration-ms0Symbol duration in milliseconds
--engine-urlEngine base URL (overrides $SEIF_ENGINE_URL)
--formatwav/pcm-s16le-44100Audio format descriptor (e.g. wav/pcm-s16le-44100)
--jsonfalseEmit raw JSON envelope instead of formatted output
--library-versionseif-watermark-go/v1.0.0Library version stamp for the envelope
--recoveredPath to the recovered (suspect) audio file
--reps0Repetition count used by the DSP
--sessionSession label embedded in the envelope (e.g. s151)
--symbols0Symbol count used by the DSP (forwarded to the envelope)
--tokenEngine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login')
--token-filePath to a file containing the engine bearer token
--workspace-idWorkspace identifier (overrides $SEIF_WORKSPACE_ID)

workspace bind

Bind this local workspace to an existing engine workspace

Attach the local .seif workspace to an EXISTING remote workspace — the 'git remote add origin' step of the local-first flow: you created the workspace on the web/engine, now point your local folder at it.

accepts a workspace_id (ws_…), a slug, or a user_slug/slug namespace. A slug or namespace is resolved against your signed-in workspace list; a ws_ is verified against it too (use --force to skip verification, e.g. offline).

Writes engine_workspace_id into the nearest workspace.seif.json, so push/pull/ clone need no --workspace-id afterwards. Idempotent: re-binding the same id is a no-op; binding a different id rebinds.

To create a NEW remote workspace instead, use 'seif workspace create '.

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--forcefalseBind a ws_ without verifying it against your engine workspace list (offline escape hatch)

workspace config init

Create default workspace-config.json if missing

workspace config show

Print workspace-config.json

workspace config validate

Validate workspace-config.json

workspace create

Create a workspace on the engine

Creates a workspace slug under your account (like gh repo create).

Free tier allows 1 workspace. Mint an API key at seifprotocol.com/dashboard/settings before seif push — the thin CLI does not mint keys.

FlagShorthandDefaultDescription
--engine-urlEngine base URL

workspace delete

Soft-delete a workspace on the engine (cascade-detaches it from pods) [requires --yes]

Soft-deletes a workspace via DELETE /v1/workspaces/{id} (§7.5).

It is a SOFT delete — reversible by design — and it cascade-detaches the workspace from every pod's composition. Owner-bound; idempotent (deleting an already-deleted workspace is a no-op).

Destructive, so it requires --yes to proceed.

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--yesfalseConfirm the (soft) deletion — required

workspace list

List engine workspaces for the signed-in user

Lists workspaces registered on the engine (GitHub-style namespaces).

Requires a session from 'seif login'. API keys from the dashboard also work when exported as SEIF_ENGINE_TOKEN.

FlagShorthandDefaultDescription
--engine-urlEngine base URL

workspace open

Generate and open a multi-root VS Code workspace for the SEIF container

Writes seif-container.code-workspace with the umbrella root plus each cloned member repo listed in workspace.seif.json members[].

Opens the file in VS Code/Cursor when 'code' or 'cursor' is on PATH, unless --no-launch is set.

FlagShorthandDefaultDescription
--editorEditor command (code, cursor); default: auto-detect
--no-launchfalseOnly write the workspace file
--outputWorkspace filename (default: seif-container.code-workspace)
--print-pathfalsePrint absolute path to workspace file and exit

workspace pins repin

Re-pin members to origin/main (writes container-dirty.seif)

FlagShorthandDefaultDescription
--dry-runfalsePreview only
--membersComma-separated subset
--reasonmanual repinAudit reason

workspace pins verify

Compare member HEAD vs pin_commit

FlagShorthandDefaultDescription
--jsonfalseEmit JSON

workspace profile apply

Merge profiles/.json into workspace-config.json

workspace remote-config

Show the engine (cloud) workspace config — type, store_profile, visibility, ceiling (D6)

Reads the control-plane config from the engine (GET /v1/workspaces/{id}/config).

This is the CLOUD-state config (engine authority), distinct from 'seif workspace config show' which reads the local on-disk marker. Auth is bound to the target workspace; a cross-workspace token gets a not-found error (anti-enumeration).

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--workspaceTarget workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker

workspace repair

Repair the container marker + .seif/config.json protocol defaults [free]

repair brings a container's workspace.seif.json marker back to a valid SEIF-WORKSPACE-v2 shape. It mints a workspace_id when one is missing, restores the protocol / workspace_type / status / container fields, and (with --store-profile) repairs the store_profile marker. It also backfills the .seif/config.json protocol defaults (session_lifecycle, persistence_routing) so a workspace created before those were seeded boots the full SessionStart pipeline instead of the degraded legacy one-liner. In-place and non-destructive: existing members, share_allowlist, and any explicitly-set config keys are preserved (only wholly-absent keys are added). A missing marker is recreated from defaults.

FlagShorthandDefaultDescription
--jsonfalseEmit JSON
--store-profileSet/repair the store_profile marker field
--workspaceContainer root to repair (default: cwd)

workspace set-classification-ceiling

Set the workspace classification ceiling

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--workspaceTarget workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker

workspace set-store-profile

Set the engine store_profile

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--workspaceTarget workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker

workspace set-type

Set the engine workspace_type (D1)

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--workspaceTarget workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker

workspace set-visibility

Set workspace visibility — private (default) or public (D5)

FlagShorthandDefaultDescription
--engine-urlEngine base URL
--workspaceTarget workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker

worktree create

git worktree add + write .seif-pointer.json at birth

create adds a git worktree and writes its .seif-pointer.json in one step, so relay/governance verbs run from inside it resolve onto THIS workspace's canonical board (never a forked per-worktree one).

It runs git worktree add [-b <branch>] <path> <base> against the current repo (or --repo), then binds /.seif-pointer.json to the canonical workspace id. The pointer redirect is relative when the worktree shares a volume with the canonical root, absolute otherwise.

Examples: seif worktree create ../wt-brief --branch brief/foo seif worktree create /tmp/wt --base origin/main --workspace ~/repos/umbrella

FlagShorthandDefaultDescription
--baseHEADStart point for the worktree (branch/commit)
--branchCreate and check out this new branch in the worktree
--no-pointerfalseSkip writing .seif-pointer.json (NOT recommended — verbs will fork the board)
--repoGit repo to add the worktree from (default: cwd)
--workspaceCanonical workspace root (default: walk up from cwd)

wrapper antigravity post-tool-use

PostToolUse hook: advisory (always emits {} per the agy contract)

post-tool-use is the Go backend for the Antigravity CLI PostToolUse hook. It fires AFTER the tool ran (cannot block) and emits the canonical agy {} decision envelope on stdout. Always exits 0.

If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.

wrapper antigravity pre-invocation

PreInvocation hook: inject SEIF grounding/context on the first invocation (reads agy JSON on stdin)

pre-invocation is the Go backend for the Antigravity CLI PreInvocation hook. On the FIRST invocation (invocationNum==0) with SEIF engaged it assembles the SEIF bootstrap payload (grounding kernel first) and injects it as an ephemeralMessage: {"injectSteps":[{"ephemeralMessage":"..."}]}. On later invocations it emits {}.

Requires the SEIF_ENGAGE=1 sentinel (set by seif start) to inject the payload; a raw agy session without it injects nothing (clean by default). Always exits 0.

If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.

wrapper antigravity pre-tool-use

PreToolUse hook: shell + classification gates for .seif/ workspace writes (reads agy JSON on stdin)

pre-tool-use is the Go backend for the Antigravity CLI PreToolUse hook. It reads agy's camelCase PreToolUse JSON on stdin and routes by tool name:

run_command → shell gate (CAN deny) write_to_file / replace_file_content / multi_replace_file_content → reserved-.seif/ + classification + credential gate (CAN deny)

agy reads a JSON DECISION on stdout (NOT an exit code): {"decision":"allow"|"deny"|"ask"|"force_ask","reason"?}. A blocked gate emits {"decision":"deny","reason":…}; everything else allows.

Scope guard: inert (allow) when the call is outside a .seif/ workspace — protection only where there is a sovereign store to guard.

If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.

wrapper antigravity stop

Stop hook: session-end closure + CIRCLE auto-sync when fully idle (reads agy JSON on stdin)

stop is the Go backend for the Antigravity CLI Stop hook. When the run is fully idle (fullyIdle==true) it runs the SEIF closure (CLOSURE/AUDIT/ABSORB/CIRCLE phases + a LOCAL git commit of .seif). It then emits a stop-ALLOWING decision — {"decision":"stop"} — and NEVER "continue" (it must not force the agent to keep running). Always exits 0.

If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.

wrapper claude-code post-tool-use

PostToolUse hook: advisory quality gate over a written file (reads hook JSON on stdin)

post-tool-use is the Go port of the SEIF PostToolUse hook (quality-gate.sh). It reads the Claude Code PostToolUse JSON on stdin and, for Write-tool calls on a text file outside .seif/, scores the first lines of the file with the native (offline, zero-Python) SEIF quality gate and prints a single advisory [SEIF METADATA] line. It never blocks: always exits 0.

wrapper claude-code pre-tool-use

PreToolUse hook: shell + classification gates + claim-conflict surface (reads hook JSON on stdin)

pre-tool-use is the Go port of the SEIF PreToolUse hooks. It reads the Claude Code PreToolUse JSON on stdin and routes by tool:

Bash → shell-write / secret-read / exfil gate (CAN block, exit 2) Write/Edit → reserved-.seif/ + classification + credential gate (CAN block), then the SEIF-CLAIM-v1 conflict surface (informational, exit 0)

Per RFC §5 (CONTEXT not COMMAND) the claim-check never blocks: it prints a [SEIF CLAIM CONFLICT] notice on stderr and exits 0. Consolidates bash-gate.sh, classification-gate.sh, and pretooluse-claim-check.sh into one zero-Python backend.

wrapper claude-code session-end

SessionEnd hook: closure/audit/absorb phases + local CIRCLE git commit (reads hook JSON on stdin)

session-end is the Go port of the SEIF SessionEnd hook (session-end.sh + session_lifecycle.session_end_logic). It reads the Claude Code SessionEnd JSON on stdin and runs, in order: registry unregister + gc, CLOSURE (mark the active session CLOSED), pending-item landed stamping, AUDIT (mapper ghost count), ABSORB (relevance decay + session_count reconcile under an exclusive lock), and the CIRCLE phase — a LOCAL git commit of .seif (provenance only). The hook does NOT push: cross-host propagation is owned by the daemon (personal-sync / compose-push capabilities — opt-in) or an explicit seif push, never the session-end hook. Informational: always exits 0.

wrapper claude-code session-start

SessionStart hook: emit SEIF context payload (reads hook JSON on stdin)

session-start is the Go port of the SEIF SessionStart hook. It reads the Claude Code SessionStart JSON on stdin, assembles the SEIF context payload (kernel seed, session contract, persistence routing, active modules, pending work, stale-session reconciliation, memory surface), writes the session contract, and prints the payload to stdout. Always exits 0 (informational).

If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr — hook verbs are meant to be invoked by the AI client, not run from a keyboard.

wrapper claude-code user-prompt-submit

UserPromptSubmit hook: lazy session materialization on first human prompt (reads hook JSON on stdin)

user-prompt-submit is the Go port of the SEIF UserPromptSubmit hook leg. It reads the Claude Code UserPromptSubmit JSON on stdin and best-effort materializes the session contract when lifecycle is enabled (memo D1 earliest trigger). Informational only: always exits 0, never blocks the prompt.

wrapper cursor before-file-edit

beforeFileEdit hook: advisory SEIF-CLAIM conflict notice (reads hook JSON on stdin)

before-file-edit is the Cursor beforeFileEdit hook backend. It reads hook JSON on stdin, probes active path claims, and prints a [SEIF CLAIM CONFLICT] notice to stderr when overlap is detected. Always exits 0 — CONTEXT not COMMAND.

wrapper cursor session-start

SessionStart hook: emit additional_context JSON (reads hook JSON on stdin)

session-start is the Go port of the Cursor sessionStart hook. It reads Cursor hook JSON on stdin, assembles the SEIF bootstrap (grounding kernel first), and prints {"additional_context":"..."} to stdout. Always exits 0.

If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.

wrapper gemini before-tool

BeforeTool hook: shell + classification gates for .seif/ workspace writes (reads hook JSON on stdin)

before-tool is the Go backend for the Gemini CLI BeforeTool hook. It reads Gemini's BeforeTool JSON on stdin and routes by tool name:

run_shell_command → shell-write / secret-read / exfil gate (CAN block, exit 2) write_file / replace → reserved-.seif/ + classification + credential gate (CAN block, exit 2)

Scope guard: inert (exit 0) when the invocation is outside a .seif/ workspace — protection only where there is a sovereign store to guard. Exit 2 sends stderr as the block reason back to the Gemini agent; the turn continues.

If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.

wrapper gemini session-start

SessionStart hook: emit SEIF context payload as additionalContext JSON (reads hook JSON on stdin)

session-start is the Go backend for the Gemini CLI SessionStart hook. It reads Gemini's hook JSON on stdin, assembles the SEIF bootstrap payload (grounding kernel first), and prints {"hookSpecificOutput":{"additionalContext":"..."}} to stdout. Always exits 0 (advisory — Gemini ignores continue/decision on SessionStart).

Requires the SEIF_ENGAGE=1 sentinel (set by seif start) to emit the payload; a raw gemini session without it emits nothing and exits 0 (clean by default).

If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.

On this page

Detailsadmin auditadmin circuitadmin client addadmin client listadmin client parityadmin client removeadmin client set-defaultadmin cycle audit-coherenceadmin cycle closeadmin cycle gcadmin cycle listadmin cycle openadmin cycle sealadmin cycle sealed-listadmin cycle statusadmin cycle verifyadmin hooksadmin parityadmin proxyadmin seed amendadmin seed consumeadmin seed createadmin seed listadmin session convert-extadmin session gcadmin watchartifact formataudit-coherenceaudit-cross-refsaudit-disciplineaudit-layoutclaim acquireclaim checkclaim listclaim overrideclaim releaseclaim showclaim sweepclaim validateclassifyclonecompressconfig getconfig listconfig setconfirm-actioncontainer bootstrapcontainer-acknowledgecontext absorbcontext bootstrapcontext querycontext reindexcontext retrievecontext sowcontext synccontributedaemon adopt-legacydaemon clear-commanddaemon disabledaemon downdaemon enabledaemon publishdaemon set-commanddaemon statusdaemon subscribedaemon updebatediffdoctorembed verifyextractgate checkgate classifygate emit-blockgate qualitygov amendgov cycle closegov cycle close-ritualgov cycle decision-addgov cycle gcgov cycle listgov cycle opengov cycle set-manifestgov decision creategov decision promote-retroactivegov invariant addgov invariant amendgov memo classifygov memo coherence-registergov memo newgov memo ratifygov memo updategov memory addgov memory auditgov memory audit-lifecyclegov memory deletegov memory flaggov memory purge approvegov memory purge executegov memory purge statusgov memory removegov memory security-purgegov memory security-ratifygov memory updategov orchestration initgov orchestration setgov orchestration showgov pending consumegov pending consume-pathgov pending creategov pending listgov pending quarantinegov pending registergov seed consumegov seed creategov seed listgov session closegov session contributegov session creategov session listgov session loggov session sealgov session showhealhowinbox disableinbox enableinbox listinbox statusingestinitkey generatekey showlink addlink export-listlink import-pulllog getlog listlog pinglog verifyloginlogoutmcp servememory proposalsmemory proposememory querymemory reindexmemory reviewmemory surfaceobjectmodel buildobjectmodel preflightobjectmodel verifyopenorchestrate initorchestrate statuspod add-workspacepod bindpod createpod listpod remove-workspacepod showpublishpullpushquality-gatequotarecapreconstructrelay assignmentsrelay boardrelay briefrelay claimrelay closerelay draft publishrelay handbackrelay handoff initrelay handoff showrelay heartbeatrelay inboxrelay listrelay migrate-anonymousrelay nextrelay notifyrelay pathrelay pointerrelay pollrelay releaserelay watchremote addremote get-defaultremote listremote removeremote renameremote set-defaultrender cursor-rulesrender pointersrender-pointersreportruntime attachruntime healruntime upsecret-scansessionsetupshowsignstampstartstatusstore hygienestore inventorystore movestream emitstream followsynctierupdateverifyverify-pinswatermark embedwatermark extractworkspace bindworkspace config initworkspace config showworkspace config validateworkspace createworkspace deleteworkspace listworkspace openworkspace pins repinworkspace pins verifyworkspace profile applyworkspace remote-configworkspace repairworkspace set-classification-ceilingworkspace set-store-profileworkspace set-typeworkspace set-visibilityworktree createwrapper antigravity post-tool-usewrapper antigravity pre-invocationwrapper antigravity pre-tool-usewrapper antigravity stopwrapper claude-code post-tool-usewrapper claude-code pre-tool-usewrapper claude-code session-endwrapper claude-code session-startwrapper claude-code user-prompt-submitwrapper cursor before-file-editwrapper cursor session-startwrapper gemini before-toolwrapper gemini session-start