CLI reference
Complete command and flag reference for the SEIF CLI, generated from the binary's command tree.
Generated page. Do not edit by hand — built from the SEIF CLI command tree by
scripts/sync-docs.mjsand refreshed whenmainis updated.
Auto-generated from the registered Cobra tree. Regenerate:
go run ./tools/generate_cli_reference --commands-only docs/reference/commands.md| Command | Summary |
|---|---|
admin audit | Audit workspace .seif/ integrity (read-only) |
admin circuit | Circuit heartbeat/liveness — use seif daemon (circuit capability) + engine /v1/inbox |
admin client add | Register (or override) a client |
admin client list | List registered clients |
admin client parity | Report cross-client SEIF integration parity (read-only) |
admin client remove | Remove a registered client |
admin client set-default | Mark a registered client as THE default |
admin cycle audit-coherence | Report cycle-internal coherence (parent refs + per-track OPEN lock) |
admin cycle close | Seal the open cycle + clear the host pointer [free] |
admin cycle gc | (moved) garbage-collect stale OPEN cycles — use seif gov cycle gc |
admin cycle list | List cycles in .seif/cycles/ (filter with --status) |
admin cycle open | Open a new cycle + bind the host pointer [free] |
admin cycle seal | (moved) seal a cycle — use seif gov cycle close |
admin cycle sealed-list | List sealed cycles (alias for list --status sealed) |
admin cycle status | Show the active cycle from the per-workspace active-cycle pointer |
admin cycle verify | (no crypto verify exists for cycles) use seif admin cycle audit-coherence |
admin hooks | Hook installation — both surfaces are native: seif setup <adapter> (AI) / seif setup git-hooks (git) |
admin parity | CLI × MCP × hooks parity matrix (read-only inventory) |
admin proxy | Local-LLM (Ollama) proxy — native home pending (not a daemon capability) |
admin seed amend | (moved) append to a seed's _amendments[] — use seif gov amend |
admin seed consume | (deprecated) → seif gov seed consume |
admin seed create | (moved) create a seed — use seif gov seed create |
admin seed list | (deprecated) → seif gov seed list |
admin session convert-ext | Rename envelope-bearing session-.json → session-.seif (dry-run default) |
admin session gc | Inventory (dry-run) or archive legacy template-only session records |
admin watch | File vigilant/watcher — engine-hosted; native register surface pending |
artifact format | Canonicalize .seif envelope (sorted JSON body, standard frontmatter order) |
audit-coherence | Report workspace coherence (free local; --signed = engine-mediated paid envelope) |
audit-cross-refs | Audit decision↔cycle edge integrity (c260 D8): cycle_ref ↔ cycle.decisions[] |
audit-discipline | Report observed Write/Edit on reserved .seif/ subdirs (s83 t3 audit log) |
audit-layout | Audit per-role canonical filesystem layout for this host |
claim acquire | Mint a claim record under .seif/claims/active/ |
claim check | Check a path against active claims (informational; exit 3 on conflict) |
claim list | List active (default), released, or all claims |
claim override | Record a human override for a conflicting claim (does NOT release it) |
claim release | Move an active claim to released/ |
claim show | Print a claim record (active or released) as JSON |
claim sweep | Release stale claims (TTL expired or holder PID gone) |
claim validate | Validate a claim record file against SEIF-CLAIM-v1 |
classify | Classify content sensitivity (PUBLIC | INTERNAL | CONFIDENTIAL) |
clone | Clone a workspace's remote HEAD into a new directory [PAID] |
compress | Compress a source project into a code_topology SEIF module |
config get | Print value at key |
config list | Show all keys and values |
config set | Write value at key |
confirm-action | Pre-action human gate for hookless AI clients (exit 0/1/2) [free, local] |
container bootstrap | Scaffold an envelope-native SEIF container (no Python required) |
container-acknowledge | Clear container-dirty.seif after reviewing local changes |
context absorb | Absorb a directory into a SEIF-KNOWLEDGE-v1 unit |
context bootstrap | Print the verified constitutional core (grounding + axioms) from the embedded kernel |
context query | Lexical pre-filter over structural chunks (dogfood --refs for hybrid C) |
context reindex | Register forward orphan .seif artifacts in mapper.json (one-shot K4 migration) |
context retrieve | Orchestrator retrieval loop (local refs → engine slices) |
context sow | Plant a garden's structural roots: conduct roots + the coherence layer |
context sync | Re-extract git context into .seif/projects//project.seif |
contribute | Capture a signal: classify + sign stdin, append to .seif/contributions/.jsonl |
daemon adopt-legacy | Re-home legacy launchd seif daemons as capability legs (dry-run; --apply; stays PAUSED) |
daemon clear-command | Remove a capability's leg (revert to pure toggle) |
daemon disable | Disable a capability (record --reason) |
daemon down | Stop a running daemon (or reap a stale socket) |
daemon enable | Enable a capability |
daemon publish | Publish a real-time event to the daemon bus (R2) |
daemon set-command | Declare the leg command the daemon runs for a capability |
daemon status | Show capability toggle state + daemon liveness |
daemon subscribe | Stream real-time events for a topic (R2) |
daemon up | Lazily spawn the daemon host process |
debate | Multi-AI debate: ask several models, measure agreement, synthesize [free, local] |
diff | Compare two SEIF artifact-local refs (free, local) |
doctor | Diagnose workspace + runtime install health — one read-only report [free, local] |
embed verify | Verify an embedded C2PA manifest (signature + hard binding) |
extract | Extract knowledge from files/dirs into a SEIF module |
gate check | Run a discipline gate check on stdin JSON or an explicit command |
gate classify | Classify a file's sensitivity tier; --strict applies sensitivity-based escalation |
gate emit-block | Print the canonical block message for a reserved .seif// and exit 2 |
gate quality | Measure text quality natively, or blend caller-supplied scores [free tier] |
gov amend | Append an _amendments[] entry to a SEIF JSON artifact (append-only, no re-sign) [free] |
gov cycle close | Seal the open cycle + clear the host pointer [free] |
gov cycle close-ritual | Run the full 7-step closure ritual locally [free]: checkpoint→audit→quality→meditate→absorb→seal →seed |
gov cycle decision-add | Bind a decision to a cycle: cycle.decisions[] += id + decision.cycle_ref (D8) [free] |
gov cycle gc | Garbage-collect stale OPEN cycles (dry-run by default) [free] |
gov cycle list | List cycles in .seif/cycles/ (alias for seif admin cycle list; filter with --status) |
gov cycle open | Open a new cycle + bind the host pointer [free] |
gov cycle set-manifest | Update OPEN cycle title, vision, branches [free] |
gov decision create | Create a SEIF-DECISION-v1 module skeleton [free] |
gov decision promote-retroactive | Retroactively derive decisions for a curated top-N backlog of memos (D4) [free] |
gov invariant add | Append a new invariant to the PIR [free] |
gov invariant amend | Append an append-only _amendments[] entry scoped to an invariant [free] |
gov memo classify | Classify a memo as load-bearing or not (decision-required gate) [free] |
gov memo coherence-register | Create/refresh a memo's coherence node WITHOUT rewriting the .md [free] |
gov memo new | Write a new design memo + register its coherence node [free] |
gov memo ratify | Ratify a memo in one step: flip status to RATIFIED + derive its decision [free] |
gov memo update | Rewrite an existing memo + optionally update its coherence node [free] |
gov memory add | Create a memory (.md + MEMORY.md pointer) locally [free tier] |
gov memory audit | Audit .seif/memory/ ↔ MEMORY.md integrity |
gov memory audit-lifecycle | Report memory lifecycle operations from audit log |
gov memory delete | Hard-delete a memory with conjugate-pair confirmation [gated] |
gov memory flag | Flag a memory for accelerated decay [architect] |
gov memory purge approve | Approve a pending purge request |
gov memory purge execute | Execute purge after cooling + approvals |
gov memory purge status | Show pending purge request status |
gov memory remove | Deprecate a memory (reversible; file kept) [free] |
gov memory security-purge | Immediate security-exception purge [gated] |
gov memory security-ratify | Ratify a security-exception purge within 24h |
gov memory update | Replace a memory's content + refresh its MEMORY.md pointer [free tier] |
gov orchestration init | Create default .seif/orchestration.json when missing |
gov orchestration set | Update registry fields (maestro, dispatch mode) |
gov orchestration show | Show .seif/orchestration.json |
gov pending consume | Mark a registered pending module consumed [free] |
gov pending consume-path | Consume a pending module by filesystem path [free] |
gov pending create | Create a SEIF-PENDING-v1 module skeleton in .seif/modules/pending/ [free] |
gov pending list | List pending modules (current workspace + owner-targeted) [free] |
gov pending quarantine | Quarantine a pending module (move to modules/_quarantine/) [free] |
gov pending register | Register a pending module into the global registry [free] |
gov seed consume | Print a seed and mark it consumed (writes a .consumed_at sidecar) |
gov seed create | Write a new SEIF-SEED-v2 seed file [free] |
gov seed list | List seeds in .seif/seeds/ (active vs consumed) |
gov session close | Close session (deferred — use dev-tool or MCP) |
gov session contribute | Append a message to the conversation payload (SEIF-CONVERSATION-v1) |
gov session create | Create a SEIF-SESSION-v1 contract (explicit only — not auto-created by hooks) |
gov session list | List SEIF-SESSION-v1 session-*.{json,seif} files [free] |
gov session log | Print the conversation payload (messages + sync points) |
gov session seal | Seal an ACTIVE/CLOSED session contract → SEALED (≠ close; mirrors --session-seal) [free] |
gov session show | Print a session contract [free] |
heal | Self-heal workspace cycle/session coherence (dry-run by default) [free, local] |
how | Find the most relevant SEIF verbs for a natural-language intent [free, local] |
inbox disable | Remove a receptor registration |
inbox enable | Register this workspace as an inbox receptor on a named engine |
inbox list | List all configured receptors (merged view) |
inbox status | Query the engine for pending inbound artifacts addressed to the receptor |
ingest | Append external prose into a SEIF-KNOWLEDGE-v1 unit via the native quality gate |
init | Initialize a SEIF-WORKSPACE-v2 workspace in the current directory |
key generate | Generate an Ed25519 signing key under ~/.seif/keys/ |
key show | Show the public key + key path |
link add | Register a peer workspace (creates stub import if missing) |
link export-list | List configured SEIF-LINK exports |
link import-pull | Pull a scoped, read-only export from a linked peer (SEIF-LINK phase B, §7.10) |
log get | Fetch a single transparency-log entry by id |
log list | List recent transparency-log entries |
log ping | Probe the configured log endpoint (/healthz) |
log verify | Independently verify an entry's inclusion proof |
login | Authenticate with the SEIF engine and store credentials |
logout | Clear stored SEIF engine credentials |
mcp serve | Run the SEIF MCP server over stdio (or Streamable HTTP with --http) |
memory proposals | List pending memory proposals awaiting review [free, local] |
memory propose | Propose a memory for owner review (autonomous-memory curation) [free, local] |
memory query | Recall the most relevant memories + absorbed knowledge for a query [free, local] |
memory reindex | Rebuild the derived semantic embedding cache for memory query |
memory review | Approve (absorb) or reject a pending memory proposal [free, local] |
memory surface | Emit capped cross-AI memory bootstrap from .seif/memory/MEMORY.md |
objectmodel build | Compute the merkle tree over .seif/ and write the shadow store |
objectmodel preflight | Run client-side write-path gates (G0, secret-scan, G1, G3) |
objectmodel verify | Re-hash the live store and compare to the shadow nucleus |
open | Open SEIF Desktop on a workspace (local cockpit) |
orchestrate init | Create default orchestration.json if missing |
orchestrate status | Show orchestration.json summary |
pod add-workspace | Add a workspace to a pod's composition (D2) |
pod bind | Bind this local workspace to an existing engine pod |
pod create | Create a pod on the engine (like gh repo create, but for a pod) |
pod list | List the pods in your account |
pod remove-workspace | Remove a workspace from a pod's composition (D2) |
pod show | Show one pod by its namespace (user-slug/pod-slug) |
publish | Sign locally and publish to the transparency log (sign → log → verify URL) |
pull | Materialize the workspace's remote HEAD into the local .seif/ [PAID] |
push | Push .seif/ workspace state to the engine mirror, gated [PAID] |
quality-gate | Score text quality via the SEIF engine [PAID] |
quota | Show current usage, limits, and tier [PAID — engine] |
recap | What you & your AI did — a standup / accountability narrative from the captured record |
reconstruct | Materialize a historical workspace tree as a hardlink farm |
relay assignments | List ACTIVE handoff assignments (optionally by executor) |
relay board | Relay accountability board (SEIF-RELAY-BOARD-v1) |
relay brief | Create .seif/relay/brief/.md with a starter template |
relay claim | Claim ACTIVE ownership of a relay slug for an executor |
relay close | Terminally close an assignment (or sweep stale claims) |
relay draft publish | Write a draft to the draft/ lane and publish a draft bus event |
relay handback | Create .seif/relay/handback/.md with a starter template |
relay handoff init | Create handoff//HANDOFF.md with worktree metadata |
relay handoff show | Print path to handoff//HANDOFF.md |
relay heartbeat | Renew relay claim TTL and update last_activity |
relay inbox | Leave a durable, append-only note in a peer's relay inbox |
relay list | List relay artifacts by kind |
relay migrate-anonymous | Classify or migrate anonymous ACTIVE handoffs |
relay next | Atomically claim the oldest queued brief (executor_id: auto) |
relay notify | Durable inbox note PLUS a bus pointer to the peer (decide + notify) |
relay path | Resolve and print the absolute path to a relay artifact |
relay pointer | Print a 2-line chat pointer for an existing brief or handback |
relay poll | Single-shot filtered relay poll (daemonless tabs) |
relay release | Release an ACTIVE claim back to the dispatch queue |
relay watch | Watch relay dirs and stream metadata events as JSONL (foreground) |
remote add | Add a remote |
remote get-default | Print the resolved engine URL and its source |
remote list | List all remotes (merged view) |
remote remove | Remove a remote |
remote rename | Rename a remote |
remote set-default | Mark a remote as the default for its scope |
render cursor-rules | Refresh .cursor/rules/*.mdc from the active SEIF store (one-way) |
render pointers | Render pointers/*.tmpl to umbrella-root pointer files |
render-pointers | Render pointers/*.tmpl to umbrella-root pointer files |
report | Structured workspace snapshot — identity, pending, cycles, memory, audit, paid counters |
runtime attach | Injection rank hints for an AI client (claude-code, cursor, …) |
runtime heal | Converge this machine's seif install to doctor-green (binary, PATH, hooks) [free, local] |
runtime up | Idempotent container runtime bootstrap |
secret-scan | Scan content for secret VALUES (API keys, PATs, PEM private keys, JWTs) |
session | Manage sessions (alias: use seif gov session) |
setup | Install SEIF runtime integration for an AI client (claude-code, cursor, gemini, grok, generic) |
show | Print a historical workspace blob or list its reconstructed tree |
sign | Sign an artifact and emit a SEIF evidence frame |
stamp | Anchor a file on Bitcoin via OpenTimestamps (deferred — engine endpoint pending) |
start | Bootstrap a grounded SEIF session and launch your AI client (the maestro) |
status | Show workspace status, identity, and counts |
store hygiene | Run the STORE-v2 retention sweeper (dry-run by default) [free] |
store inventory | Self-describe every .seif/ as JSONL (STORE-v2 Fase-0 ritual) [free] |
store move | Relocate module artifacts between ratified module dirs (mutates; --dry-run to preview) [free] |
stream emit | Emit a single event onto the workspace stream |
stream follow | Subscribe to the SSE stream and print events to stdout |
sync | Local self-healing maestro — diagnose, plan, and apply store cures [free, local] |
tier | Report the verification-depth chain for a SEIF artifact |
update | Update the seif binary in-place from the latest GitHub release [FREE] |
verify | Verify a SEIF evidence frame (local file or public engine proof) |
verify-pins | Alias for workspace pins verify |
watermark embed | Sign a watermark-embed envelope for a pre-watermarked audio pair |
watermark extract | Look up the signed envelope for a recovered watermarked audio |
workspace bind | Bind this local workspace to an existing engine workspace |
workspace config init | Create default workspace-config.json if missing |
workspace config show | Print workspace-config.json |
workspace config validate | Validate workspace-config.json |
workspace create | Create a workspace on the engine |
workspace delete | Soft-delete a workspace on the engine (cascade-detaches it from pods) [requires --yes] |
workspace list | List engine workspaces for the signed-in user |
workspace open | Generate and open a multi-root VS Code workspace for the SEIF container |
workspace pins repin | Re-pin members to origin/main (writes container-dirty.seif) |
workspace pins verify | Compare member HEAD vs pin_commit |
workspace profile apply | Merge profiles/.json into workspace-config.json |
workspace remote-config | Show the engine (cloud) workspace config — type, store_profile, visibility, ceiling (D6) |
workspace repair | Repair the container marker + .seif/config.json protocol defaults [free] |
workspace set-classification-ceiling | Set the workspace classification ceiling |
workspace set-store-profile | Set the engine store_profile |
workspace set-type | Set the engine workspace_type (D1) |
workspace set-visibility | Set workspace visibility — private (default) or public (D5) |
worktree create | git worktree add + write .seif-pointer.json at birth |
wrapper antigravity post-tool-use | PostToolUse hook: advisory (always emits {} per the agy contract) |
wrapper antigravity pre-invocation | PreInvocation hook: inject SEIF grounding/context on the first invocation (reads agy JSON on stdin) |
wrapper antigravity pre-tool-use | PreToolUse hook: shell + classification gates for .seif/ workspace writes (reads agy JSON on stdin) |
wrapper antigravity stop | Stop hook: session-end closure + CIRCLE auto-sync when fully idle (reads agy JSON on stdin) |
wrapper claude-code post-tool-use | PostToolUse hook: advisory quality gate over a written file (reads hook JSON on stdin) |
wrapper claude-code pre-tool-use | PreToolUse hook: shell + classification gates + claim-conflict surface (reads hook JSON on stdin) |
wrapper claude-code session-end | SessionEnd hook: closure/audit/absorb phases + local CIRCLE git commit (reads hook JSON on stdin) |
wrapper claude-code session-start | SessionStart hook: emit SEIF context payload (reads hook JSON on stdin) |
wrapper claude-code user-prompt-submit | UserPromptSubmit hook: lazy session materialization on first human prompt (reads hook JSON on stdin) |
wrapper cursor before-file-edit | beforeFileEdit hook: advisory SEIF-CLAIM conflict notice (reads hook JSON on stdin) |
wrapper cursor session-start | SessionStart hook: emit additional_context JSON (reads hook JSON on stdin) |
wrapper gemini before-tool | BeforeTool hook: shell + classification gates for .seif/ workspace writes (reads hook JSON on stdin) |
wrapper gemini session-start | SessionStart hook: emit SEIF context payload as additionalContext JSON (reads hook JSON on stdin) |
Details
admin audit
Audit workspace .seif/ integrity (read-only)
audit walks .seif/{cycles,seeds,modules} in the given workspace, parses each artifact as JSON, and reports counts + any parse failures.
This is a Wave-6 light audit. Heavier modes (host-discipline, canonical-layout, integrity-signature verification, cross-file reference validation) are implemented in the Python seif CLI's --audit-* family and are not yet ported to Go.
Exit codes: 0 clean (all files parsed) 1 partial (one or more parse failures) — see Report.parse_errors 2 workspace has no .seif/ directory
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit structured JSON report instead of human-readable text |
--workspace | — | — | Workspace root directory (default: current working directory) |
admin circuit
Circuit heartbeat/liveness — use seif daemon (circuit capability) + engine /v1/inbox
admin client add
Register (or override) a client
add registers a client. When --adapter is omitted it is inferred from the bin basename (claude→claude-code, gemini→gemini, agy/antigravity→antigravity). No confident match → error listing the available adapters (register explicitly with --adapter raw for a launch-only wrapper). raw is never auto-selected and cannot be the default.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--adapter | — | — | Adapter id (claude-code | gemini | antigravity | raw); inferred from --bin when omitted |
--bin | — | — | Launch binary: a PATH name or an absolute path |
--default | — | false | Make this the default client seif start launches |
--name | — | — | Client name (free label; identity for re-add/override) |
admin client list
List registered clients
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit structured JSON instead of a table |
admin client parity
Report cross-client SEIF integration parity (read-only)
parity renders the SEIF client capability matrix as a measured parity report: one row per client, a ✓/◑/✗ per canonical lifecycle event (session-start, user-prompt-submit, pre-tool, post-tool, session-end), the integration channel + grounding delivery, and a trailing parity percentage.
claude-code is the 100% reference. Weighting: Full=1.0, Partial=0.5, Advisory=0.25, Absent=0; Pct = weighted / 5 canonical events.
This is read-only — it inspects the static capability matrix and changes no installer or hook behavior.
seif admin client parity # full matrix, human table seif admin client parity --json # machine-readable matrix + scores seif admin client parity --client gemini # one client
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--client | — | — | Report a single client by id (default: all) |
--json | — | false | Emit the capability matrix + parity scores as JSON |
admin client remove
Remove a registered client
admin client set-default
Mark a registered client as THE default
admin cycle audit-coherence
Report cycle-internal coherence (parent refs + per-track OPEN lock)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--verbose | — | false | Include suppressed D-2 lineage gaps (INFO) in text output |
--workspace | — | — | Workspace root (default: cwd) |
admin cycle close
Seal the open cycle + clear the host pointer [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--track | — | — | Track id (default: $SEIF_TRACK or 'default') |
--workspace | — | — | Workspace root (default: cwd, honoring .seif-pointer.json) |
admin cycle gc
(moved) garbage-collect stale OPEN cycles — use seif gov cycle gc
admin cycle list
List cycles in .seif/cycles/ (filter with --status)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--status | — | all | Filter: open|sealed|archived|all |
--track | — | — | Filter to cycles on this track (default: all tracks) |
--workspace | — | — | Workspace root (default: cwd) |
admin cycle open
Open a new cycle + bind the host pointer [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--parent | — | — | parent_cycle id (default: latest sealed cycle) |
--track | — | — | Track id (default: $SEIF_TRACK or 'default') |
--workspace | — | — | Workspace root (default: cwd, honoring .seif-pointer.json) |
admin cycle seal
(moved) seal a cycle — use seif gov cycle close
admin cycle sealed-list
List sealed cycles (alias for list --status sealed)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
admin cycle status
Show the active cycle from the per-workspace active-cycle pointer
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--track | — | — | Track id for the active-cycle pointer (default: /.seif/active-cycle.json) |
--workspace | — | — | Workspace root (default: cwd) |
admin cycle verify
(no crypto verify exists for cycles) use seif admin cycle audit-coherence
admin hooks
Hook installation — both surfaces are native: seif setup <adapter> (AI) / seif setup git-hooks (git)
admin parity
CLI × MCP × hooks parity matrix (read-only inventory)
parity walks the Cobra command tree, MCP tool registry, and embedded hook assets to emit a capability × surface matrix (CLI / MCP / Claude Code / Cursor / Generic).
Use --markdown to print the matrix or --output to write docs/PARITY.md. Use --check to verify the committed matrix matches live registries (exit 1 on drift).
This is admin maintenance tooling — not part of the public stable CLI surface.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--check | — | false | Exit 1 if output would differ from --output file |
--markdown | — | false | Emit markdown matrix to stdout (default when no --output) |
--output | — | — | Write markdown matrix to file (e.g. docs/PARITY.md) |
admin proxy
Local-LLM (Ollama) proxy — native home pending (not a daemon capability)
admin seed amend
(moved) append to a seed's _amendments[] — use seif gov amend
admin seed consume
(deprecated) → seif gov seed consume
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
admin seed create
(moved) create a seed — use seif gov seed create
admin seed list
(deprecated) → seif gov seed list
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
admin session convert-ext
Rename envelope-bearing session-.json → session-.seif (dry-run default)
convert-ext scans session-*.json and classifies each file:
envelope — SEIF-ENVELOPE-v1 content; rename candidate (--apply) raw_json — plain JSON legacy record; NOT converted (GC path, separate pending) skip_* — already .seif, missing, or target exists
Default = dry-run inventory. --apply git-style renames envelope files only (content untouched) and appends a JSONL manifest under .seif/sessions/.convert-ext-archive//. Idempotent.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--apply | — | false | Rename envelope session-.json → session-.seif (owner-gated; default dry-run) |
--json | — | false | Emit structured JSON report |
--manifest-dir | — | — | Manifest directory (--apply; default .seif/sessions/.convert-ext-archive//) |
--workspace | — | — | Workspace root (default: cwd) |
admin session gc
Inventory (dry-run) or archive legacy template-only session records
gc scans .seif/sessions/session-*.{json,seif} using the c282 dual-parser and classifies each record:
template_only — eager-era writeSessionContract pollution, zero contributions dup_redundant — redundant numbered copy in a session_id dup group real — conversation payload or non-skeleton closure substance protected — keep-since cutoff, open-cycle reference, or post-lazy record unparseable — reported, never moved silently named_record — *.seif named records (report only)
Default = dry-run. --apply moves template_only + dup_redundant to --archive-dir and reconciles mapper.json session_count in the same run.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--apply | — | false | Move candidates to archive dir (owner-gated; default dry-run) |
--archive-dir | — | — | Archive destination (--apply; default .seif/sessions/.gc-archive//) |
--json | — | false | Emit structured JSON inventory |
--keep-since | — | 2026-06-03 | Protect records with started_at on/after this date (YYYY-MM-DD) |
--workspace | — | — | Workspace root (default: cwd) |
admin watch
File vigilant/watcher — engine-hosted; native register surface pending
artifact format
Canonicalize .seif envelope (sorted JSON body, standard frontmatter order)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON result |
audit-coherence
Report workspace coherence (free local; --signed = engine-mediated paid envelope)
audit-coherence — fsck for AI artifacts.
Phase A (free, local): --scope=workspace (default) reports cycle-internal coherence over .seif/cycles/ — multiple OPEN cycles on the same track and parent_cycle refs that do not resolve to a known cycle_id.
Phase B (engine-mediated, paid): --signed POSTs the audit to the engine, which re-runs the audit, signs the result with its Ed25519 key, and writes an entry to the transparency log. Use --verify-trail to verify the trust chain offline: depth-2 (engine_signature over the report body) and depth-3 (RFC-6962 inclusion proof fetched from the transparency log + Ed25519 STH signature over the reconstructed tree root). Use --output FILE.seif to render the result as a SEIF-ENVELOPE-v1 archival artifact.
Auth (priority): --token VALUE | --token-file PATH | SEIF_ENGINE_URL | https://api.seifprotocol.com Log URL (priority): --log-url URL | SEIF_WORKSPACE_ID Engine pubkey (priority): --engine-pubkey-file PATH | $SEIF_ENGINE_PUBKEY | ~/.seif/keys/engine_pubkey
Memo↔PIR corpus audit (free, local): --scope=memo — audit the whole design-memo corpus against the Product Invariant Registry + coherence-graph (.seif/coherence/): missing-grounding, dangling-ref, superseded-ref [HIGH], stale-grounding, invariant-source-integrity, assertion-guard [REVIEW], and decision↔cycle symmetry. Exits non-zero on HIGH. --scope=memo: — same audit, findings filtered to that memo's subject.
Still deferred (not yet implemented): --scope=cycle: — single-cycle filter. Not yet implemented.
The same audit is also exposed at 'seif admin cycle audit-coherence' for back-compat; both verbs share the same implementation.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--audit-coherence-strict | — | false | Strict policy: promote decision-cycle-asymmetry MEDIUM→HIGH so it fails the gate (default MEDIUM, phased-rollout; --scope=memo only) |
--ceiling | — | INTERNAL | Classification ceiling: PUBLIC | INTERNAL | CONFIDENTIAL |
--engine-pubkey-file | — | — | Path to engine pubkey file (overrides $SEIF_ENGINE_PUBKEY and ~/.seif/keys/engine_pubkey) |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--include-supporting-evidence | — | true | Include memo/pir/graph hashes in the engine response |
--json | — | false | Emit JSON |
--log-url | — | — | Transparency-log base URL for --verify-trail depth-3 inclusion proof (overrides $SEIF_LOG_URL) |
--output | — | — | Write the signed envelope to FILE.seif as SEIF-ENVELOPE-v1. Requires --signed. |
--scope | — | workspace | Audit scope: workspace (cycle-internal) | memo | memo: (memo↔PIR corpus) |
--signed | — | false | Fetch engine-signed coherence report via POST /v1/audit-coherence (paid tier) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--verify-trail | — | false | Verify the engine signature offline (depth-2). Requires --signed. |
--workspace | — | — | Workspace root (default: walk up from cwd) |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
audit-cross-refs
Audit decision↔cycle edge integrity (c260 D8): cycle_ref ↔ cycle.decisions[]
audit-cross-refs reports decision↔cycle edge coherence (c260 D8=C):
HIGH dangling-cycle-ref decision.cycle_ref names a cycle that does not exist HIGH dangling-decision-ref cycle.decisions[] names a decision that does not exist HIGH edge-mismatch cycle lists decision D, but D.cycle_ref names another cycle MEDIUM one-sided-d2c decision.cycle_ref=X, but X.decisions[] omits the decision MEDIUM one-sided-c2d cycle lists decision D, but D has no cycle_ref
One-sided edges are repairable with 'seif gov cycle decision-add'. By default only HIGH findings fail the audit; --strict fails on MEDIUM too.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--strict | — | false | Fail on MEDIUM (one-sided) findings too |
--workspace | — | — | Workspace root (default: walk up from cwd) |
audit-discipline
Report observed Write/Edit on reserved .seif/ subdirs (s83 t3 audit log)
audit-discipline — retrospective view over .seif/audit/discipline.jsonl.
Reads the runtime observer log (populated by the PreToolUse discipline hook on .seif/{cycles,sessions,seeds,memory,memos,modules,coherence}/**) and reports:
- per-subdir counts + the seif CLI verb each subdir SHOULD route through;
- top-N most-rewritten file paths;
- cross-workspace + shell-bypass + refused (hard-block) + unauthorized_write counters surfaced for forensics.
Read-only: never writes or clears the log. Hard-block enforcement lives in the PreToolUse hook; this verb is for prioritization (which subdirs lack CLI coverage?) and post-hard-block audit.
Parity target: seif-dev --audit-discipline in the Python dev-tool.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--format | — | text | Output format: text | json |
--since | — | — | Only consider entries on/after this date (YYYY-MM-DD or RFC3339) |
--workspace | — | — | Workspace root (default: walk up from cwd) |
audit-layout
Audit per-role canonical filesystem layout for this host
audit-layout — per-role canonical filesystem audit.
Loads the embedded SEIF-CANONICAL-NODE-LAYOUT-v1 schema, detects this host's role (via ~/.seif/machine_id::label first, then hostname pattern), and verifies:
- common_to_all_roles artifacts (CLI symlink, venv, kernel envelope, owner state directory, …)
- role-specific expected_artifacts (admin volume, install cache, launch agents, …)
- drift_violations (with severity HIGH/MEDIUM/LOW)
- forbidden_artifacts (with reason)
Read-only: NEVER mutates the filesystem.
Distinct from audit-host: audit-host audits the 5-layer SEIF init artifact structure inside ~/.seif/. audit-layout audits the per-role canonical layout across the whole machine. They are sibling verbs.
Exit codes (per schema audit_exit_codes): 0 all required artifacts present, no HIGH/MEDIUM drift 1 drift violation(s) detected (any severity), or forbidden artifact 2 required artifact missing (kernel envelope, CLI symlink, owner state) 3 role detection failed (no machine_id::label and no hostname pattern match)
Parity target: seif-dev --audit-layout in the Python dev-tool (seif/src/seif/cli/cli.py:5126).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--format | — | text | Output format: text | json |
claim acquire
Mint a claim record under .seif/claims/active/
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--intent | — | — | Short human-readable intent (mirrored to a8_intent_measurement) |
--repos | — | — | Comma-separated repo list (default: workspace dir name) |
--scope | — | [] | Repeatable: path or glob covered by the claim |
--ttl | — | 600 | TTL in seconds (default 600 per Q2-B) |
claim check
Check a path against active claims (informational; exit 3 on conflict)
claim list
List active (default), released, or all claims
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--all-claims | — | false | Show both active and released claims |
--released | — | false | Show released claims instead of active |
claim override
Record a human override for a conflicting claim (does NOT release it)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--reason | — | — | Required text reason (appended to overrides.jsonl) |
claim release
Move an active claim to released/
claim show
Print a claim record (active or released) as JSON
claim sweep
Release stale claims (TTL expired or holder PID gone)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--quiet | — | false | Suppress stdout (session-start reaper path) |
claim validate
Validate a claim record file against SEIF-CLAIM-v1
classify
Classify content sensitivity (PUBLIC | INTERNAL | CONFIDENTIAL)
Classify reads (or stdin when given "-"), scans for sensitive markers and keywords, and reports the resulting classification level.
By default, prints only the level (one of PUBLIC, INTERNAL, CONFIDENTIAL). With --json, prints the full reasoning record (level, matched patterns, escalation chain, classifier version).
PUBLIC is never auto-assigned — that classification requires explicit user assertion (this matches the Python reference implementation).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit full reasoning record as JSON instead of just the level |
clone
Clone a workspace's remote HEAD into a new directory [PAID]
clone materializes a workspace's current engine HEAD into (a
fresh directory). Refuses to overwrite an existing /.seif/ unless --force;
to update an existing workspace use seif pull.
Login-required; entries classification-filtered server-side.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | List what would be materialized without writing files |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--force | — | false | Overwrite an existing .seif/ at the destination |
--json | — | false | Emit raw JSON output |
--remote | — | — | Named remote from seif remote list (alternative to --engine-url) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
compress
Compress a source project into a code_topology SEIF module
compress scans a source project, extracts its semantic topology (imports, functions, types, routes, classification) and writes a compact SEIF-ENVELOPE-v1 module to .seif/projects//code.seif — "webpack for machines": an AI can read the topology instead of every file.
input_kind is code_topology (non-prose), so the quality gate is skipped. The output slug is git-root-aware (--name to override); an existing module from the same source needs --force to overwrite (fails closed in non-interactive mode).
Parser scope: Go + python (regex) + a generic fallback (Rust/Java/Kotlin/ others). JavaScript/Dart and the Python AST path are not yet ported. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)
Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans). Slug derivation (git-root-aware): Slugs combine the git repository basename with the target path so same-named subdirs in different repos stay distinct — e.g. repo-a/docs → repo-a-docs, repo-b/docs → repo-b-docs. Override with --name on any verb.
ingest: --name is required for stdin/raw string sources; file paths derive the slug from the filename when --name is omitted. Image binding (--image): Every knowledge unit belongs to one workspace image (never Pod-global). Resolution order: explicit --image > workspace.seif.json container.name (walk-up from cwd) > git-root basename (standalone). In a multi-image Pod (SEIF_POD_CONTEXT=pod) with no resolvable image, verbs fail closed — pass --image explicitly.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | code-compressor | Author recorded on the module |
--classification | — | INTERNAL | Classification ceiling: PUBLIC|INTERNAL|CONFIDENTIAL (files above it are excluded) |
--force | — | false | Overwrite an existing module from the same source |
--image | — | — | Image binding for the mapper registration (default: current image from workspace.seif.json) |
--max-files | — | 0 | Maximum files to scan (default 500) |
--name | — | — | Slug override (default: git-root-aware derived slug) |
--root | — | — | Workspace root to resolve .seif/ from (default: target's walk-up) |
--via | — | seif-compress | Tool identifier recorded on the module |
config get
Print value at key
config list
Show all keys and values
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit list output as JSON |
config set
Write value at key
confirm-action
Pre-action human gate for hookless AI clients (exit 0/1/2) [free, local]
confirm-action is the pre-action human gatekeeper for AI clients WITHOUT hooks (Copilot, Cursor, AGENTS.md) — the cross-platform stand-in for the PreToolUse classification gate. A SEIF-aware AI calls it before any destructive operation:
- Non-interactive (an AI reading stdout): prints AWAITING_HUMAN_CONFIRMATION and exits 2 — the AI MUST stop and surface the block to the human, never proceed.
- Interactive (a real terminal): prompts y/N — exit 0 approve, 1 deny.
Every call is audit-logged to /.seif/circuit/confirmations.log and, inside a workspace, to .seif/sessions/session--confirmations.log. With --target-path it also warns about active claims held by other sessions. Free and local — no engine.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--action | — | — | The action to confirm (alternative to the positional arg) |
--caller | — | — | Who is requesting (e.g. an AI id or the shim name) |
--reason | — | — | Why the action is needed |
--target-path | — | — | Path the action will write/edit (enables the claim-conflict warning) |
--workspace | — | — | Workspace root (default: cwd) |
container bootstrap
Scaffold an envelope-native SEIF container (no Python required)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--legacy | — | — | Optional legacy umbrella to copy memory/memos/seeds from |
--target | — | — | Destination container root (required) |
container-acknowledge
Clear container-dirty.seif after reviewing local changes
context absorb
Absorb a directory into a SEIF-KNOWLEDGE-v1 unit
absorb ingests text-bearing files from [path] (default: cwd) into the local sovereign store as a SEIF-KNOWLEDGE-v1 unit under .seif/knowledge/, registered in the mapper so it is consumable at next session-start.
When [path] is a git repository, project.seif is refreshed first (same as sync). Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)
Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans). Slug derivation (git-root-aware): Slugs combine the git repository basename with the target path so same-named subdirs in different repos stay distinct — e.g. repo-a/docs → repo-a-docs, repo-b/docs → repo-b-docs. Override with --name on any verb.
ingest: --name is required for stdin/raw string sources; file paths derive the slug from the filename when --name is omitted. Image binding (--image): Every knowledge unit belongs to one workspace image (never Pod-global). Resolution order: explicit --image > workspace.seif.json container.name (walk-up from cwd) > git-root basename (standalone). In a multi-image Pod (SEIF_POD_CONTEXT=pod) with no resolvable image, verbs fail closed — pass --image explicitly.
Equivalent to the Python dev-tool's seif-dev --absorb.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | seif-absorb | Author name recorded on absorbed modules |
--force | — | false | Overwrite an existing module from the same source (required in non-interactive mode) |
--image | — | — | Image binding for the knowledge unit (default: current image from workspace.seif.json) |
--name | — | — | Slug override for the absorbed module (default: git-root-aware derived slug) |
--root | — | — | Workspace root to resolve .seif/ from (default: cwd walk-up) |
context bootstrap
Print the verified constitutional core (grounding + axioms) from the embedded kernel
bootstrap resolves the SEIF constitutional core from the kernel embedded in this binary and verified against its canonical_hash — it does NOT read a file from a private store. Use it on demand AFTER the grounding challenge to load the behavioral axioms; the full human+AI reference is SEIF.md.
seif context bootstrap # human-readable: grounding challenge + axioms seif context bootstrap --json # machine-readable constitution (protocol, axioms, pin)
Drift-immune: a tampered or stale embedded kernel makes the binary refuse to run.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit the constitution as JSON (protocol, pin, axioms) |
context query
Lexical pre-filter over structural chunks (dogfood --refs for hybrid C)
query runs the local chunk-ref pre-filter (ChunkFile + lexical rank) over files visible in the workspace under --root (same visibility rules as absorb + CompressProject per the memo §3.1).
It emits unresolved ChunkRefs only: {anchor, path, parent_hash, score}. Never bytes (resolution + CONFIDENTIAL gate is engine/MCP only).
Use --refs --top N for the dogfood JSON output. Pure offline, deterministic, read-only, INV-THIN-CLIENT. Token regex matches absorb scorer (w/ _).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--refs | — | false | Emit unresolved chunk-refs (anchor+path+parent_hash+score) JSON |
--root | — | — | Workspace root to scan for chunks (default: cwd walk-up) |
--top | — | 10 | Return at most N refs (0 = all) |
context reindex
Register forward orphan .seif artifacts in mapper.json (one-shot K4 migration)
reindex scans the sovereign .seif/ store for consumable SEIF-MODULE and SEIF-KNOWLEDGE artifacts whose on-disk path is absent from mapper.json and registers each via RegisterKnowledge (forward orphan → mapper upsert).
Ghost entries (mapper paths with no on-disk file) are left untouched by default; pass --prune-ghosts to remove them from mapper.json (this is the fix verb for the doctor mapper check). Re-pointing (K5) stays out of scope. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)
Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans).
Default is register-only at the artifact's current path. With --relocate, legacy flat outputs (modules/.seif, extract_.seif, nucleus.seif) are copy-only relocated to .seif/knowledge/.seif with provenance; originals are never deleted (memo §8).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | List forward orphans and planned actions without writing |
--image | — | — | Image binding for registered units (default: current image from workspace.seif.json) |
--prune-ghosts | — | false | Remove mapper entries whose on-disk file is missing (ghost entries) |
--relocate | — | false | Copy-only relocate legacy flat artifacts to .seif/knowledge/ with provenance |
--root | — | — | Workspace root to resolve .seif/ from (default: cwd walk-up) |
context retrieve
Orchestrator retrieval loop (local refs → engine slices)
retrieve runs the token-economy retrieval loop for code/doc lookup:
- LOCAL (always): lexical chunk-ref prefilter — anchor/path/score only, never bytes.
- ENGINE (unless --refs-only): POST /v1/retrieve-chunks with classification gate; returns resolved byte slices. Fail-soft: ~5s timeout, then degraded local refs.
Workspace ID: --workspace-id, SEIF_ENGINE_URL (default http://localhost:7331 for this verb). Auth: --token, --token-file, $SEIF_ENGINE_TOKEN, session token, or ~/.seif/serve_token.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL; default http://localhost:7331) |
--json | — | false | Emit JSON envelope |
--max-chars | — | 8192 | Cap total injected bytes from resolved slices |
--refs-only | — | false | Local chunk-refs only (skip engine leg) |
--root | — | — | Workspace root to scan (default: cwd walk-up) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--top | — | 5 | Maximum chunk refs / engine top_n |
--workspace-id | — | — | Engine workspace TEXT id (overrides marker/env) |
context sow
Plant a garden's structural roots: conduct roots + the coherence layer
sow plants the structural roots a healthy SEIF garden is born with — the
same step seif init runs at workspace creation, runnable standalone to
equip an existing garden or recover a lost/corrupted store:
- Conduct roots → .seif/memory/ — the curated process-feedback memories that bridge the grounding kernel into situated action ("measure the ground truth before hypothesizing", "a merge is not a deploy"). They surface at session_orient like any memory.
- Coherence layer → .seif/coherence/ (PIR + graph) + .seif/memos/ — the
garden's starter constitution (universal SEIF-governance invariants) so
seif gov memoworks from day one.
Idempotent and non-destructive: existing conduct roots are left as the garden evolved them, and an existing PIR/graph is NEVER overwritten. --force re-syncs existing CONDUCT ROOTS to canonical content (the coherence layer is never clobbered); --dry-run previews without writing.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | Report what would be planted without writing |
--force | — | false | Re-sync existing roots to canonical content (overwrites; default leaves evolved memories untouched) |
--root | — | — | Workspace root to resolve .seif/ from (default: cwd walk-up) |
context sync
Re-extract git context into .seif/projects//project.seif
sync extracts git metadata (commits, manifest, README, structure) from [path] (default: cwd) and writes a SEIF-MODULE-v1 summary to .seif/projects//project.seif (the repo-local git-context module, single-writer per DESIGN-MEMO-2026-05-30 §2.1). Updates the sovereign mapper.json index when reachable. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)
Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans).
Equivalent to the Python dev-tool's seif-dev --sync.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | seif-sync | Author name recorded on the module |
--root | — | — | Workspace root to resolve .seif/ from (default: cwd walk-up) |
contribute
Capture a signal: classify + sign stdin, append to .seif/contributions/.jsonl
contribute reads stdin, classifies the content (auto by default), builds a signed SEIF evidence frame, and appends one compact-JSON line to .seif/contributions/.jsonl in the workspace.
No engine call — the contribution lives entirely in the local workspace and is signature-verifiable offline.
Signing key: --key-file or $SEIF_SIGNING_KEY (base64 Ed25519 64-byte secret). Workspace ID: --workspace-id (default "ws_local").
Classification: pass --classification PUBLIC|INTERNAL|CONFIDENTIAL to override the auto-classifier (Wave 4 heuristics). Auto-classification escalates to CONFIDENTIAL when sensitive markers or keywords are present.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--classification | — | — | PUBLIC|INTERNAL|CONFIDENTIAL — overrides auto-classification |
--json | — | false | Emit result as JSON instead of human-readable text |
--key-file | — | — | Path to base64 Ed25519 secret key file (overrides $SEIF_SIGNING_KEY) |
--metadata-file | — | — | Optional JSON file with metadata object (default: {}) |
--workspace | — | — | Workspace root (default: current working directory) |
--workspace-id | — | ws_local | Workspace identifier recorded in the evidence |
daemon adopt-legacy
Re-home legacy launchd seif daemons as capability legs (dry-run; --apply; stays PAUSED)
adopt-legacy scans ~/Library/LaunchAgents for the paused seif coordination
daemons and wires each one's EXACT command as the matching capability's leg, so
the daemon supervises the existing scripts instead of launchd. It re-homes; it
does not reimplement, and it does NOT enable anything — every capability stays
PAUSED, so this changes no behavior until you run seif daemon enable <cap>.
Mapped: com.seif.circuitd→circuit, com.seif.claude-responder→responder, com.seif.hub→hub, com.seif.peer-drainer→peer-drainer, com.seif.context-sync→context-sync, (com.)seif.personal-sync→personal-sync. Infra plists (docker, cloudflared, engine, health, …) carry no mapping and are never adopted.
Without --apply this is a DRY-RUN. With --apply the legs are written to daemon.json (still paused).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--apply | — | false | Write the wired legs to daemon.json (default is dry-run; capabilities stay PAUSED either way) |
--dir | — | — | launchd agents dir to scan (default: ~/Library/LaunchAgents) |
daemon clear-command
Remove a capability's leg (revert to pure toggle)
daemon disable
Disable a capability (record --reason)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--reason | — | — | Operator note for WHY this capability is paused (recommended) |
daemon down
Stop a running daemon (or reap a stale socket)
daemon enable
Enable a capability
daemon publish
Publish a real-time event to the daemon bus (R2)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--message | — | — | Convenience: publish {"message":""} |
--payload | — | — | Raw JSON payload (overrides --message) |
daemon set-command
Declare the leg command the daemon runs for a capability
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--interval | — | 0 | Seconds between runs (required for --kind periodic) |
--kind | — | long-running | Leg kind: long-running (supervised, crash-restart) or periodic (every --interval) |
daemon status
Show capability toggle state + daemon liveness
daemon subscribe
Stream real-time events for a topic (R2)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--count | — | 0 | Exit after receiving N events (0 = stream until interrupted) |
--exclude-self | — | false | Drop events published by THIS host (derives the id from ~/.seif/machine_id) |
--exclude-source | — | — | Drop events whose payload from/source identity equals this id (self-echo filter) |
daemon up
Lazily spawn the daemon host process
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--idle-ttl | — | 0 | Idle self-shutdown window in seconds (0 = default 900s); forwarded to the spawned serve |
debate
Multi-AI debate: ask several models, measure agreement, synthesize [free, local]
debate orchestrates a multi-AI consensus over a question using the models you already have — local Ollama, an installed Claude/Gemini CLI, or your own API key (ANTHROPIC_API_KEY / XAI_API_KEY). It is FREE and LOCAL: SEIF never supplies the inference and never gates the feature; you bring your own model access.
Round 1 collects independent answers and measures Jaccard coherence between them. --rounds 2 adds a cross-examination pass (each model critiques the others and refines); --rounds 3 adds a synthesis pass (the dominant voice unifies the debate). Each answer is graded by the native quality gate.
Classification routing protects your data: CONFIDENTIAL forces local Ollama only (nothing leaves the device); SECRET is refused outright.
Examples: seif debate --list seif debate "Should we adopt trunk-based development?" seif debate "design X" --rounds 3 --backends ollama_local,claude_cli seif debate "private notes" --classification CONFIDENTIAL
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--absorb | — | false | When consensus is resonant, persist the debate as a .seif knowledge module (becomes memory) |
--backends | — | — | Comma-separated backend filter (default: all detected) |
--classification | — | INTERNAL | PUBLIC|INTERNAL|CONFIDENTIAL|SECRET (CONFIDENTIAL → local Ollama only) |
--json | — | false | Emit JSON |
--list | — | false | List detected backends and exit |
--rounds | — | 1 | Debate rounds: 1=independent, 2=+refutation, 3=+synthesis |
diff
Compare two SEIF artifact-local refs (free, local)
diff compares two .seif/ artifact refs in ARTIFACT-LOCAL mode (Phase B-early per DESIGN-MEMO-2026-05-26-seif-diff-and-time-trail-log §3).
Refs (Q-DIFF-4 — typed artifacts only): cycle: sealed or open cycle memo: DEFERRED (markdown memos route to git diff for now) pending: pending module (subdir + flat-root shim-aware) decision: ratified decision module
Output formats (Q-DIFF-3): --output unified git-diff-style unified text (default) --output structural-json AI-consumable {added,removed,modified} shape --json emit machine-readable result regardless of --output
Workspace-mode (Phase B-mid — Q-DIFF-2 ratified 2026-05-27): workspace@HEAD current shadow object-model workspace@HEAD~N walk N parents back through delta-log workspace@ 12-hex prefix (>=4) of a recorded rev_id workspace@ newest rev recorded on/before the named date
Not yet shipped: cycle:@ revision-pinning needs object-model wiring
INV-THIN-CLIENT: this verb runs entirely against local .seif/ — zero engine roundtrip, no quota, free tier.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--color | — | auto | Colorize unified output: auto|never|always (auto = TTY check) |
--context | — | 3 | Unified-diff context lines (default 3) |
--json | — | false | Emit JSON result (forces structural shape in the wire format) |
--output | — | unified | Output format: unified|structural-json |
doctor
Diagnose workspace + runtime install health — one read-only report [free, local]
doctor aggregates the SEIF workspace checks into one read-only report:
stale OPEN cycles, orphaned writer sessions (class-c), MEMORY.md index integrity,
mapper ghost modules, and active claims — plus the machine RUNTIME checks:
PATH seif vs the binary the Claude hooks invoke (shadow install), dead
shims (--version probe), binary freshness across installs, and legacy hook
entries in ~/.claude/settings.json.
It mutates nothing — each finding points at the verb that fixes it (e.g. seif gov cycle gc, seif heal, seif context reindex --prune-ghosts, seif runtime heal). Runtime install drift is a FAILURE: doctor exits nonzero on it (store-level warnings stay exit 0). Free and local, no engine.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
embed verify
Verify an embedded C2PA manifest (signature + hard binding)
verify extracts the C2PA manifest from a media file and checks the signature over the claim and the hard-binding hash over the asset bytes. It reports the signer, but does NOT evaluate trust-list membership — a sovereign self-signed key is reported as untrusted, which is expected.
extract
Extract knowledge from files/dirs into a SEIF module
extract scans a file or directory, pulls text / JSON-structure / code-signatures from supported files, classifies them, and writes a SEIF-KNOWLEDGE-v1 unit to .seif/knowledge/.seif, registered in the mapper so it is consumable at next session-start.
input_kind is resolved automatically (knowledge_extraction): prose-dominant input → prose (the native quality gate runs); code-dominant → code_sketch (gate skipped). The output slug is git-root-aware (--name to override); an existing module from the same source needs --force to overwrite.
--classification sets the ceiling: files above it (e.g. CONFIDENTIAL when the ceiling is INTERNAL) are excluded. PDF extraction is not supported. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)
Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans). Slug derivation (git-root-aware): Slugs combine the git repository basename with the target path so same-named subdirs in different repos stay distinct — e.g. repo-a/docs → repo-a-docs, repo-b/docs → repo-b-docs. Override with --name on any verb.
ingest: --name is required for stdin/raw string sources; file paths derive the slug from the filename when --name is omitted. Image binding (--image): Every knowledge unit belongs to one workspace image (never Pod-global). Resolution order: explicit --image > workspace.seif.json container.name (walk-up from cwd) > git-root basename (standalone). In a multi-image Pod (SEIF_POD_CONTEXT=pod) with no resolvable image, verbs fail closed — pass --image explicitly.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--classification | — | INTERNAL | Classification ceiling: PUBLIC|INTERNAL|CONFIDENTIAL |
--force | — | false | Overwrite an existing module from the same source |
--image | — | — | Image binding for the knowledge unit (default: current image from workspace.seif.json) |
--input-kind | — | — | Override input_kind (auto|prose|code_sketch|code_topology) |
--name | — | — | Slug override (default: git-root-aware derived slug) |
--no-recursive | — | false | Do not descend into subdirectories |
--root | — | — | Workspace root to resolve .seif/ from (default: target's walk-up) |
gate check
Run a discipline gate check on stdin JSON or an explicit command
check is the dispatcher hooks call from PreToolUse. Three modes:
seif gate check --shell --json Reads {tool, path, command} JSON from stdin (Claude Code shape: {tool_name, tool_input: {command|file_path|...}}). Routes to the shell scanner. Emits a JSON decision envelope on stdout. Exit 0 = allow, 2 = deny.
seif gate check --shell Direct invocation for testing / one-off CI checks. Emits the block message on stderr; exit 0/2.
seif gate check --classification --json Same JSON shape but routes to the classification scanner. The hook passes the file_path + content/new_string fields; the scanner dispatches on extension (.py / .md / .json / .ts / .tsx / fallback). Exit 0/2; the reason lands on stderr (text mode) or in user_message/agent_message (JSON mode).
Both modes share the same exit-code contract — 0 allow, 2 deny — so the embedded bash shims can substitute the verb wherever they previously called the Python shell_gate_cli.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--classification | — | false | Route to the classification scanner (Scan) |
--file-path | — | — | Classification mode: path used for extension dispatch (default: from stdin) |
--json | — | false | Read stdin JSON payload and emit JSON decision envelope on stdout |
--shell | — | false | Route to the shell scanner (CheckShellCommand) |
gate classify
Classify a file's sensitivity tier; --strict applies sensitivity-based escalation
classify reports the classification tier (PUBLIC | INTERNAL | CONFIDENTIAL) of a file's contents. By default it prints the base tier (protocol.Classify).
With --strict it applies the strict-mode wrapper (gate.ClassifyStrict): the base verdict escalates one tier when the density of soft-sensitivity signals crosses an internal threshold. Strict mode only ever escalates — never de-escalates, never skips a tier.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--path | — | — | Path to the file to classify ("-" for stdin) |
--strict | — | false | Apply sensitivity-based strict-mode escalation |
gate emit-block
Print the canonical block message for a reserved .seif// and exit 2
emit-block is the Go-side replacement for emit_block.py — the helper classification-gate.sh calls when refusing a raw Write/Edit on a reserved subdir. Prints the per-subdir gov/flag remediation block on stderr, exits 2. Used by the embedded bash shims to drop the Python dependency on the hard-block path. Unknown subdir → generic block message, still exit 2.
gate quality
Measure text quality natively, or blend caller-supplied scores [free tier]
quality computes a score, grade, and status for a piece of text.
With TEXT (positional argument or --text) it MEASURES natively: internal/resonance scores verifiability (stance, 6/9) and coherence (hedging, 3/9) and composes the H(0) blend bit-identically to the Python reference — free and offline, no engine roundtrip.
With --pro, it calls the SEIF engine (POST /v1/quality/assess) to get a signed, logged, and tier-gated verdict with a full component breakdown. Requires Pro tier authentication.
With no text it runs the Wave B Lite arithmetic blend (gate.Assess) over the scores you supply via --stance/--resonance(/--hedging); offline there is no stance breakdown, so flags/suggestions stay empty unless text is measured.
Weights: default two-component (stance 6/9, resonance 3/9). With --three the equal-weights variant (3/9, 3/9, 3/9) blends stance + resonance + hedging.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--hedging | — | 1 | Hedging score in [0,1] (1 - hedge_density); only used with --three |
--json | — | false | Emit QualityVerdict as JSON |
--pro | — | false | Use SEIF engine for assessment (signed + breakdown; requires Pro) |
--resonance | — | 0 | Coherence score in [0,1] (post-normalization); scalar path only |
--role | — | human | Source role: human | ai |
--stance | — | 0 | Stance score in [0,1] (verifiability_ratio); scalar path only |
--text | — | — | Text to measure natively (alternative to positional TEXT) |
--three | — | false | Use the three-component equal-weights blend (stance+resonance+hedging) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
gov amend
Append an _amendments[] entry to a SEIF JSON artifact (append-only, no re-sign) [free]
amend appends a provenance-stamped entry to a SEIF artifact's _amendments[] list — the sanctioned escape hatch for cycles, sessions, seeds, pending modules, and memos that the classification gate blocks from raw edits.
It is APPEND-ONLY: it never re-signs or recomputes the artifact's integrity_hash (amendments are out-of-band by design — they record a change without re-signing a host artifact that may be offline or immutable). Existing key order is preserved; the output matches the Python dev-tool byte-for-byte.
Raw-markdown memos (.md with no JSON body / frontmatter envelope) cannot hold a JSON _amendments[] array, so they are amended by appending a '## _amendments' markdown section (one block per amendment, body above untouched) — the same --entry fields and provenance auto-fields apply.
The entry is a JSON object supplied via --entry (inline) or --entry-file (path, or '-' for stdin). These auto-fields are injected only when absent: id amend-NNN- (override with --id) appended_at current UTC timestamp appended_by --author, else $USER, else "anonymous"
Local-only — free tier.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | — | appended_by value (default: $USER, else anonymous) |
--entry | — | — | Inline JSON object for the amendment entry |
--entry-file | — | — | Path to a JSON file with the entry (or '-' for stdin) |
--id | — | — | Explicit amendment id (default: amend-NNN-) |
--json | — | false | Emit JSON |
gov cycle close
Seal the open cycle + clear the host pointer [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--track | — | — | Track id (default: $SEIF_TRACK or 'default') |
--workspace | — | — | Workspace root (default: cwd, honoring .seif-pointer.json) |
gov cycle close-ritual
Run the full 7-step closure ritual locally [free]: checkpoint→audit→quality→meditate→absorb→seal →seed
close-ritual runs the canonical 7-step closure ritual (CHECKPOINT, AUDIT, QUALITY, MEDITATE, ABSORB, CIRCLE, SEED) for the named cycle, honoring the EXPLICIT + --track. Every step is LOCAL and FREE — no engine, no token — at parity with the Python dev-tool.
QUALITY grades --summary with the CLI's native, language-stable resonance math (stance 6/9 + hedging 3/9, ζ-grounded grades); the engine's fragile multilingual triple-gate is intentionally NOT used. The load-bearing step is CIRCLE (the hardened cycle seal); analytical steps are non-fatal. Use --dry-run to preview.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | — | Author attribution for the ritual (CHECKPOINT/SEED) |
--dry-run | — | false | Preview every step without writing anything |
--json | — | false | Emit JSON |
--seed-session | — | -1 | SEED target session number (default: next session) |
--summary | — | — | Work-arc summary (recorded in CHECKPOINT, graded in QUALITY) |
--track | — | — | Track id (default: $SEIF_TRACK or 'default') |
--workspace | — | — | Workspace root (default: cwd, honoring .seif-pointer.json) |
gov cycle decision-add
Bind a decision to a cycle: cycle.decisions[] += id + decision.cycle_ref (D8) [free]
decision-add records the bidirectional decision↔cycle edge (c260 D8=C). It appends the decision's module_id to the cycle's decisions[] list and sets the decision's cycle_ref to the cycle id. Both halves are written so 'seif audit-coherence' (the D8 integrity check) sees a coherent edge. Idempotent: a decision already bound to this cycle is a no-op; binding it to a DIFFERENT cycle is refused.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd, honoring .seif-pointer.json) |
gov cycle gc
Garbage-collect stale OPEN cycles (dry-run by default) [free]
gc finds OPEN cycles that should be archived or swept, and (with --apply) acts on them:
- leftovers : a -OPEN.seif whose cycle is already SEALED (a stale APFS/sync copy) is SWEPT (removed).
- variants : a -OPEN-.seif (excluding -OPEN-archived.seif) whose cycle is already SEALED is ARCHIVED to cycles/archive/ (preserves pause-rename state; not unlinked like plain leftovers).
- stale : a live -OPEN.seif with no SEALED sibling, NOT named by the host active-cycle pointer, older than --threshold-days (default 7), is ARCHIVED (renamed → -OPEN-archived.seif). An unparseable opened_at is treated as stale.
Without --apply this is a DRY-RUN: it reports what WOULD happen and mutates nothing. With --apply it renames/removes the files and appends one JSONL provenance line per action to .seif/audit/cycle_gc.jsonl. Cycle CONTENT is never modified — only whole files are moved/removed.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--apply | — | false | Mutate the filesystem (default is dry-run) |
--json | — | false | Emit JSON |
--threshold-days | — | 7 | Age (days) past which an unsealed OPEN cycle is a stale candidate |
--workspace | — | — | Workspace root (default: cwd, honoring .seif-pointer.json) |
gov cycle list
List cycles in .seif/cycles/ (alias for seif admin cycle list; filter with --status)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--status | — | all | Filter: open|sealed|archived|all |
--track | — | — | Filter to cycles on this track (default: all tracks) |
--workspace | — | — | Workspace root (default: cwd) |
gov cycle open
Open a new cycle + bind the host pointer [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--parent | — | — | parent_cycle id (default: latest sealed cycle) |
--track | — | — | Track id (default: $SEIF_TRACK or 'default') |
--workspace | — | — | Workspace root (default: cwd, honoring .seif-pointer.json) |
gov cycle set-manifest
Update OPEN cycle title, vision, branches [free]
set-manifest patches the OPEN cycle manifest (title, vision, branch_add, branch_done).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--branch-add | — | [] | Branch "name|status|description" (repeatable; each flag adds one branch) |
--branch-done | — | — | Mark branch DONE by name |
--cycle | — | — | Cycle slug (default: OPEN on track) |
--title | — | — | Cycle title |
--track | — | — | Track id |
--vision | — | — | Cycle vision |
--workspace | — | — | Workspace root |
gov decision create
Create a SEIF-DECISION-v1 module skeleton [free]
create emits the minimum-viable SEIF-DECISION-v1 skeleton in .seif/modules/decisions/. With --from-memo PATH the decision is derived from a design memo: slug, title, and ratification hash are auto-populated from the memo file and its coherence-graph node. Body fields are appended via 'seif gov amend' entries.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--allow-non-ratified | — | false | With --from-memo: allow memo status other than RATIFIED (sandbox/testing only). |
--classification | — | INTERNAL | PUBLIC | INTERNAL | CONFIDENTIAL |
--from-memo | — | — | (c261 IMPL-3, c260 D1=C) Derive decision from a design memo. Auto-fills slug from memo filename and title from memo H1. Memo must be in PROPOSAL or RATIFIED status (gate checks coherence-graph node). |
--title | — | — | Title of the decision (mandatory for raw create; auto-derived from memo H1 with --from-memo) |
--workspace | — | — | Workspace root (default: walk up to a .seif/modules/; ~/.seif fallback refused) |
gov decision promote-retroactive
Retroactively derive decisions for a curated top-N backlog of memos (D4) [free]
promote-retroactive (c264 IMPL-7, c260 D4=B) reads a curated critical-decisions backlog and derives a backing SEIF-DECISION-v1 for every listed memo that does not already have one. The backlog is a JSON file:
{ "entries": [ {"memo_ref": ".seif/memos/DESIGN-MEMO-YYYY-MM-DD-.md", "rationale": "why this is load-bearing", "classification": "INTERNAL", "allow_non_ratified": false} ], "curated_by": "owner+orchestrator", "curated_at": "YYYY-MM-DD" }
Dry-run by default — it prints what WOULD be created. Pass --apply to write the decisions. Entries already covered by an existing decision are skipped.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--allow-non-ratified | — | false | Default allow-non-ratified for entries that don't set it (sandbox/testing) |
--apply | — | false | Write the decisions (default: dry-run — print the plan only) |
--json | — | false | Emit JSON |
--list | — | — | Backlog JSON path (default: .seif/coherence/critical-decisions-backlog.json) |
--workspace | — | — | Workspace root (default: cwd) |
gov invariant add
Append a new invariant to the PIR [free]
add appends a new invariant to .seif/coherence/product-invariant-registry.seif.
The id must match INV-* and be unique; --tier must be a member of the registry's tier_priority; --statement is required. Status defaults to STARTER-UNRATIFIED (owner ratification is applied later via 'gov invariant amend' under the owner gate). A provenance entry is appended to _amendments[] (who/when).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | — | appended_by value for the provenance amendment (default: $USER) |
--forbids-pattern | — | [] | Regex pattern the invariant forbids (repeatable) |
--json | — | false | Emit JSON |
--notes | — | — | Optional notes |
--source | — | [] | Source reference (repeatable: memo/decision/spec paths) |
--statement | — | — | Human-readable constraint (required) |
--status | — | — | Status: STARTER-UNRATIFIED (default) | RATIFIED |
--tier | — | — | Tier (must be in registry tier_priority: CONSTITUTION|SECURITY|ARCHITECTURE|DEV-DISCIPLINE) |
--workspace | — | — | Workspace root (default: walk up to a .seif/coherence/) |
gov invariant amend
Append an append-only _amendments[] entry scoped to an invariant [free]
amend appends a provenance-stamped entry to the PIR's _amendments[] list, scoped to an existing invariant (the entry's "inv" field is set to when absent). It is APPEND-ONLY: it never rewrites an invariant's statement in place (the audit trail is preserved). Mirrors 'gov amend' semantics.
The entry is a JSON object via --entry (inline) or --entry-file (path, or '-' for stdin). Auto-fields id/appended_at/appended_by are injected when absent.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | — | appended_by value (default: $USER, else anonymous) |
--entry | — | — | Inline JSON object for the amendment entry |
--entry-file | — | — | Path to a JSON file with the entry (or '-' for stdin) |
--id | — | — | Explicit amendment id (default: amend-NNN-) |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: walk up to a .seif/coherence/) |
gov memo classify
Classify a memo as load-bearing or not (decision-required gate) [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--format | — | text | Output format: text|json |
--workspace | — | — | Workspace root (default: walk up to a .seif/coherence/) |
gov memo coherence-register
Create/refresh a memo's coherence node WITHOUT rewriting the .md [free]
coherence-register is the node-only counterpart to new/update: it creates or refreshes the coherence-graph node of an EXISTING memo without requiring --content. Use it for edge/status/note-only changes (which 'update' would force full --content for) and to register a node for a memo that is missing one. --constrained-by (>=1 INV-*) is mandatory only when CREATING a new node.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--constrained-by | — | — | Comma-separated INV-* ids (mandatory to create a node) |
--depends-on | — | — | Comma-separated memo/node ids this depends on |
--json | — | false | Emit JSON |
--note | — | — | Short note for the coherence node |
--status | — | — | PROPOSAL|RATIFIED|ROADMAP|SUPERSEDED|UNKNOWN |
--supersedes | — | — | Comma-separated memo names this supersedes |
--workspace | — | — | Workspace root (default: walk up to a .seif/coherence/) |
gov memo new
Write a new design memo + register its coherence node [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--constrained-by | — | — | Comma-separated INV-* ids (mandatory for new) |
--content | — | — | Path to the memo markdown (or '-' for stdin) |
--depends-on | — | — | Comma-separated memo/node ids this depends on |
--json | — | false | Emit JSON |
--note | — | — | Short note for the coherence node |
--status | — | — | PROPOSAL|RATIFIED|ROADMAP|SUPERSEDED|UNKNOWN (new default: PROPOSAL) |
--supersedes | — | — | Comma-separated memo names this supersedes |
--workspace | — | — | Workspace root (default: walk up to a .seif/coherence/) |
gov memo ratify
Ratify a memo in one step: flip status to RATIFIED + derive its decision [free]
ratify is the one-step path to ratify a design memo. It flips the memo's coherence-graph node to RATIFIED and derives the backing SEIF-DECISION-v1 audit anchor as a single transaction, in the order that avoids the gate deadlock between 'gov decision create --from-memo' (needs RATIFIED) and 'gov memo update --status RATIFIED' (needs a decision). If the decision write fails, the status flip is rolled back. Idempotent: a memo already RATIFIED with a backing decision is a no-op; a RATIFIED memo missing its decision is repaired (decision derived).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--classification | — | INTERNAL | Classification for the derived decision: PUBLIC | INTERNAL | CONFIDENTIAL |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: walk up to a .seif/coherence/) |
gov memo update
Rewrite an existing memo + optionally update its coherence node [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--bypass-reason | — | — | Mandatory non-empty justification when --decision-ratify-bypass is set |
--constrained-by | — | — | Comma-separated INV-* ids (mandatory for new) |
--content | — | — | Path to the memo markdown (or '-' for stdin) |
--decision-ratify-bypass | — | false | With --status RATIFIED: bypass the decision-file gate (audit-logged; emergencies only) |
--depends-on | — | — | Comma-separated memo/node ids this depends on |
--json | — | false | Emit JSON |
--note | — | — | Short note for the coherence node |
--status | — | — | PROPOSAL|RATIFIED|ROADMAP|SUPERSEDED|UNKNOWN (new default: PROPOSAL) |
--supersedes | — | — | Comma-separated memo names this supersedes |
--workspace | — | — | Workspace root (default: walk up to a .seif/coherence/) |
gov memory add
Create a memory (.md + MEMORY.md pointer) locally [free tier]
Write a new memory file and insert its MEMORY.md pointer alphabetically
under the section derived from the frontmatter type:. Local-only — free
tier writes memory locally; cloud sync/validation is the paid tier.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--content | — | — | Path to memory .md content (full file incl. frontmatter), or '-' for stdin |
--description | — | — | MEMORY.md pointer hook (default: frontmatter description:) |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov memory audit
Audit .seif/memory/ ↔ MEMORY.md integrity
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov memory audit-lifecycle
Report memory lifecycle operations from audit log
Read-only aggregate over .seif/audit/memory-lifecycle.jsonl.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--since | — | — | Filter entries from date (YYYY-MM-DD) or RFC3339 |
--workspace | — | — | Workspace root (default: cwd) |
gov memory delete
Hard-delete a memory with conjugate-pair confirmation [gated]
DELETE tier (A18): irreversible removal of .md + pointer after a second
actor confirms (--conjugate-confirm). Content SHA-256 is recorded in audit.
For provenance tombstone use gov memory purge.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--actor | — | — | Actor identity (default: $SEIF_ACTOR or git user.name) |
--conjugate-confirm | — | — | Second actor (must match conjugate_pair.co_author when enabled) |
--json | — | false | Emit JSON |
--reason | — | — | Optional reason for audit log |
--workspace | — | — | Workspace root (default: cwd) |
gov memory flag
Flag a memory for accelerated decay [architect]
FLAG tier (A18): apply 2× relevance decay without deleting content. Sets flagged:true in frontmatter and logs to memory-lifecycle audit.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--actor | — | — | Actor identity (default: $SEIF_ACTOR or git user.name) |
--json | — | false | Emit JSON |
--reason | — | — | Optional reason for audit log |
--workspace | — | — | Workspace root (default: cwd) |
gov memory purge approve
Approve a pending purge request
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--actor | — | — | Actor identity (default: $SEIF_ACTOR or git user.name) |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov memory purge execute
Execute purge after cooling + approvals
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--actor | — | — | Actor identity (default: $SEIF_ACTOR or git user.name) |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov memory purge status
Show pending purge request status
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov memory remove
Deprecate a memory (reversible; file kept) [free]
DEPRECATE tier (A18): mark .seif/memory/.md deprecated, move its
MEMORY.md pointer to ## Deprecated, and append an audit row. The file is
NOT deleted — irreversible erasure is gov memory purge (PR-2).
BREAKING: prior releases hard-deleted on remove. Handles canonical (file+pointer), dangling (pointer only), and orphan (file only). --force-noop makes an absent slug a no-op (exit 0). Rate limit: 5/month/actor.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--actor | — | — | Actor identity for audit + rate limit (default: $SEIF_ACTOR or git user.name) |
--force-noop | — | false | Treat an absent slug as a no-op (exit 0) instead of an error — for idempotent cleanups |
--json | — | false | Emit JSON |
--reason | — | — | Optional reason recorded in the lifecycle audit log |
--workspace | — | — | Workspace root (default: cwd) |
gov memory security-purge
Immediate security-exception purge [gated]
Security exception (A18): declarer ≠ executor, immediate purge + tombstone, must be ratified by a second party within 24h via security-ratify.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--declarer | — | — | Actor declaring the leak (required) |
--executor | — | — | Actor executing purge (required; must differ from declarer) |
--json | — | false | Emit JSON |
--reason | — | — | Optional reason for audit log |
--security-leak-type | — | — | Enumerated leak type (e.g. credential_exposure) |
--workspace | — | — | Workspace root (default: cwd) |
gov memory security-ratify
Ratify a security-exception purge within 24h
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--actor | — | — | Ratifying actor (must differ from executor) |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov memory update
Replace a memory's content + refresh its MEMORY.md pointer [free tier]
Atomically rewrite an existing memory and refresh its MEMORY.md pointer. Idempotent: identical content + pointer is a no-op.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--content | — | — | Path to memory .md content (full file incl. frontmatter), or '-' for stdin |
--description | — | — | MEMORY.md pointer hook (default: frontmatter description:) |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov orchestration init
Create default .seif/orchestration.json when missing
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--workspace | — | — | Workspace root (default: walk-up from cwd) |
gov orchestration set
Update registry fields (maestro, dispatch mode)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dispatch-mode | — | — | Set dispatch.mode (queue|manual) |
--maestro | — | — | Set maestro executor id |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
gov orchestration show
Show .seif/orchestration.json
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
gov pending consume
Mark a registered pending module consumed [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--consumed-in-cycle | — | — | Record which cycle consumed the pending |
--json | — | false | Emit JSON |
gov pending consume-path
Consume a pending module by filesystem path [free]
consume-path marks a module consumed without requiring a registry entry. Updates the module status in-place (free, local). To also relocate the artifact into the resolved/ dir, run "seif store move" after consuming.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--consumed-in-cycle | — | — | Record which cycle consumed the pending |
--json | — | false | Emit JSON |
gov pending create
Create a SEIF-PENDING-v1 module skeleton in .seif/modules/pending/ [free]
create emits the minimum-viable SEIF-PENDING-v1 skeleton. After creation use 'seif gov pending register ' to index it in the global registry so it surfaces in pending lists.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--category | — | — | Category label for the pending item (e.g. dev-tool-architecture) |
--classification | — | INTERNAL | PUBLIC | INTERNAL | CONFIDENTIAL |
--severity | — | MEDIUM | CRITICAL | HIGH | MEDIUM | LOW |
--target-consumer | — | owner | owner | next_cycle | vigilant | team |
--title | — | — | Title of the pending item (mandatory) |
gov pending list
List pending modules (current workspace + owner-targeted) [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--all-workspaces | — | false | List every registered pending, not just current-workspace + owner-targeted |
--json | — | false | Emit JSON |
gov pending quarantine
Quarantine a pending module (move to modules/_quarantine/) [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--quarantine-reason | — | superseded | Human-readable reason for quarantine |
--superseded-by | — | — | Optional epic module_id this pending was merged into |
gov pending register
Register a pending module into the global registry [free]
register indexes a SEIF-PENDING module file into ~/.seif/registry.json so it surfaces in pending lists. Required module fields: module_id, target_consumer. Visibility is --visibility, else the module's "visibility", else inferred: under ~/.seif → personal; under a workspace .seif/ → team.
Canonical usage: seif gov pending register [--visibility personal|team]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--visibility | — | — | Override visibility tier: personal | team (default: inferred from path/module) |
gov seed consume
Print a seed and mark it consumed (writes a .consumed_at sidecar)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov seed create
Write a new SEIF-SEED-v2 seed file [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--content-file | — | — | Path to a JSON overlay object (user fields win) |
--from-cycle | — | — | parent_cycle_module value |
--generator | — | — | generator field (default: gov seed create user=…) |
--json | — | false | Emit JSON |
--output | — | — | Explicit output path (overrides workspace) |
--session | — | -1 | Target session number (required) |
--suffix | — | — | Filename suffix for multi-agent cycles (e.g. agent-B) |
--workspace | — | — | Workspace root (default: walk up to a .seif/) |
gov seed list
List seeds in .seif/seeds/ (active vs consumed)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
gov session close
Close session (deferred — use dev-tool or MCP)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | — | Author label |
--message | — | — | Purpose or contribution text |
--workspace | — | — | Workspace root |
gov session contribute
Append a message to the conversation payload (SEIF-CONVERSATION-v1)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--action | — | contributed | Message action verb |
--author | — | — | Author label |
--classification | — | — | Payload classification on first contribute (INTERNAL default; CONFIDENTIAL stays host-local) |
--message | — | — | Purpose or contribution text |
--via | — | cli | Transport leg: cli|mcp|hub|daemon |
--workspace | — | — | Workspace root |
gov session create
Create a SEIF-SESSION-v1 contract (explicit only — not auto-created by hooks)
create materializes a session contract on demand. Hooks, session_orient, and ambient MCP calls do NOT create sessions — only this verb (or MCP seif_invoke action=session_create) when an agent or human explicitly requests it.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | — | Author label |
--json | — | false | Emit JSON |
--message | — | — | Purpose or contribution text |
--workspace | — | — | Workspace root |
gov session list
List SEIF-SESSION-v1 session-*.{json,seif} files [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root |
gov session log
Print the conversation payload (messages + sync points)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root |
gov session seal
Seal an ACTIVE/CLOSED session contract → SEALED (≠ close; mirrors --session-seal) [free]
seal transitions a SEIF-SESSION-v1 contract from ACTIVE or CLOSED to SEALED, stamping sealed_at / sealed_by / host (and closed_at + duration when the record was still ACTIVE). With an explicit session-N it seals that record; with no argument it seals the single ACTIVE/CLOSED record (highest session_number when several qualify). When the tiered layout (sessions/active/) is in use the sealed record is moved to sessions/closed/.
Unlike 'gov session close' (deferred to the engine), seal is a local terminal state-transition on an existing contract — the Go port of 'seif-dev --session-seal'.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--by | — | — | sealed_by value (default: $USER, else seif-cli) |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root |
gov session show
Print a session contract [free]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root |
heal
Self-heal workspace cycle/session coherence (dry-run by default) [free, local]
heal repairs the class-(c) coherence violation: a SEALED cycle whose declared writer session is still sitting in .seif/sessions/active/. It MOVES that session into .seif/sessions/sealed/<cycle_id>/ — move-not-delete (nothing for a sync to undo), idempotent, and the session body is preserved as audit evidence. Pure local and deterministic: no engine, no model, no token.
Dry-run by default — reports what WOULD be healed. Re-run with --apply to perform the moves (one JSONL provenance line per move under .seif/audit/cycle_heal.jsonl).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--apply | — | false | Perform the moves (default is dry-run) |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
how
Find the most relevant SEIF verbs for a natural-language intent [free, local]
how ranks the shipped capability catalog by lexical overlap with your intent and returns the top verb-docs (verb · one-line summary · key flags · example).
Offline, free, no classification gate — the long-tail fallback behind the static capability map injected at session start. When a local embedding backend (Ollama) is available it adds a semantic rerank on top of the lexical match; otherwise it stays purely lexical. Use --lexical to force the offline ranker.
Examples: seif how "pick up the next queued task" seif how "devolver trabalho ao orquestrador" --json
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--lexical | — | false | Force the offline lexical ranker (skip the semantic rerank) |
--top | — | 3 | Maximum number of verb-docs to return |
inbox disable
Remove a receptor registration
inbox enable
Register this workspace as an inbox receptor on a named engine
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--allow-http | — | false | Accept http:// engine URLs (self-host only; default rejects cleartext) |
--engine-url | — | — | Engine URL the receptor lives on (default: built-in https://api.seifprotocol.com) |
--name | — | — | Receptor name (default: --workspace-id value) |
--workspace-id | — | — | Workspace identifier inbound artifacts address (required) |
inbox list
List all configured receptors (merged view)
inbox status
Query the engine for pending inbound artifacts addressed to the receptor
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
ingest
Append external prose into a SEIF-KNOWLEDGE-v1 unit via the native quality gate
ingest reads external text (a file path, a raw string, or "-" for stdin) and contributes it into a SEIF-KNOWLEDGE-v1 unit under .seif/knowledge/.seif as a new hash-chained version (self-bootstrapping the unit if absent).
The native quality gate (6/9 stance + 3/9 coherence) measures the prose and records a quality_assessment on the unit; weak content is contributed with a warning, never blocked. input_kind is always prose — a code_* override is ignored with a warning.
project.seif is the workspace's git-context module and is single-writer
(refreshed only by seif context sync); ingest refuses to target it.
This is the OFFLINE deterministic path: it contributes the text as given. AI relevance filtering (extract only what is relevant to this project) routes through the engine and is not part of the free offline core.
Self-bootstrap: if .seif/knowledge/.seif is absent, ingest creates it. Output destinations (Store-V2): absorb, ingest, extract → .seif/knowledge/.seif (+ mapper registration) compress → .seif/projects//code.seif (+ mapper registration) context sync → {repo}/.seif/projects//project.seif (+ mapper registration)
Every write registers the artifact in the sovereign mapper.json so it is consumable at next session-start (Φ×λ=1 — no unregistered orphans). Slug derivation (git-root-aware): Slugs combine the git repository basename with the target path so same-named subdirs in different repos stay distinct — e.g. repo-a/docs → repo-a-docs, repo-b/docs → repo-b-docs. Override with --name on any verb.
ingest: --name is required for stdin/raw string sources; file paths derive the slug from the filename when --name is omitted. Image binding (--image): Every knowledge unit belongs to one workspace image (never Pod-global). Resolution order: explicit --image > workspace.seif.json container.name (walk-up from cwd) > git-root basename (standalone). In a multi-image Pod (SEIF_POD_CONTEXT=pod) with no resolvable image, verbs fail closed — pass --image explicitly.
Equivalent to the Python dev-tool's seif-dev --ingest (no-AI path).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--author | — | ingest | Author recorded on the contribution |
--force | — | false | Extend an existing knowledge unit without an interactive prompt (consent for version-chaining) |
--image | — | — | Image binding for the knowledge unit (default: current image from workspace.seif.json) |
--input-kind | — | — | Override input_kind (ignored for ingest — always prose) |
--name | — | — | Knowledge unit slug → .seif/knowledge/.seif (default: derived from a file source) |
--project | — | — | DEPRECATED — ingest targets a knowledge unit (--name); project.seif is rejected (single-writer) |
--root | — | — | Workspace root to resolve .seif/ from (default: cwd walk-up) |
--via | — | ingest | Source label (e.g. daily, meeting, slack) |
init
Initialize a SEIF-WORKSPACE-v2 workspace in the current directory
init scaffolds a SEIF-WORKSPACE-v2 workspace at [path] (default: cwd): workspace.seif.json — container marker (workspace_id, share_allowlist, members) .seif/{memory,modules,cycles,seeds} — sovereign store skeleton .seif/config.json — thin local config
When [path] is inside an existing v2 container, init writes .seif-pointer.json instead of a local scaffold (sub-project membership).
This is the local free-tier workspace — sign and sync work against it
immediately once you have an engine token. Next: seif key generate then seif sign <file>.
Use --lite for a minimal SEIF Lite layout (README.md, AGENTS.md,
.seif-lite/{BOOT.md,refs.md}, session-log.md, decisions-pending.md) — no kernel,
no signing. Upgrade it later with seif workspace upgrade-lite.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--force | — | false | Proceed even if .seif/ or workspace.seif.json already exists (does not overwrite identity) |
--lite | — | false | Scaffold a minimal SEIF Lite layout (.seif-lite/) instead of a full workspace |
--no-agents | — | false | With --lite: skip writing AGENTS.md |
--title | — | — | Project title for --lite templates (default: directory name) |
--wire | — | — | Also wire an AI host so the agent boots SEIF automatically: claude-code|cursor|gemini|grok|generic (bare --wire = claude-code) |
key generate
Generate an Ed25519 signing key under ~/.seif/keys/
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--force | — | false | Overwrite an existing key (WARNING: orphans signatures made with the old key) |
--json | — | false | Emit JSON |
--output | — | — | Key path (default: ~/.seif/keys/signing.key) |
key show
Show the public key + key path
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
link add
Register a peer workspace (creates stub import if missing)
link export-list
List configured SEIF-LINK exports
link import-pull
Pull a scoped, read-only export from a linked peer (SEIF-LINK phase B, §7.10)
import-pull resolves one import binding from orchestration.json against a linked peer and materializes the peer's scoped, ceiling-filtered export subtree READ-ONLY under its mount_as namespace.
Flow (login-required; the engine emits the manifest, the existing pull blob chain writes the blobs from the shared CAS):
- POST /v1/workspaces/{id}/links/{peer}/import-pull -> a scoped manifest (conflict:false) or a re-pull conflict report (conflict:true).
- clean -> fetch each entry blob, verify its sha, write read-only (0o444) under mount_as (quarantined; never folded into authored content).
- conflict-> print the upstream/local divergence and REFUSE (non-zero exit, no write). The owner resolves manually (A26).
The peer and its import bindings come from orchestration.json peers[].imports[]. --from selects the binding by export name; it may be omitted when the peer declares exactly one import.
Auth sources (priority): --token VALUE | --token-file PATH | SEIF_ENGINE_URL | https://api.seifprotocol.com Importer ID (priority): --workspace-id ID | orchestration.json sync.engine.workspace_id | workspace.seif.json
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (overrides orchestration.json / $SEIF_ENGINE_URL) |
--from | — | — | Export name to import (default: the peer's sole import binding) |
--json | — | false | Emit raw JSON output |
--peer | — | — | Peer workspace_id (default: first peer) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace-id | — | — | Importer workspace_id (overrides orchestration.json / workspace.seif.json) |
log get
Fetch a single transparency-log entry by id
log list
List recent transparency-log entries
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--after-id | — | — | Cursor — return entries after this id |
--limit | — | 20 | Page size (1..200) |
log ping
Probe the configured log endpoint (/healthz)
log verify
Independently verify an entry's inclusion proof
Fetches the entry + the log's public key, then runs the local RFC-6962 inclusion + Ed25519 STH verification (translog.Verify). The engine's "verified" flag is never trusted on its own.
login
Authenticate with the SEIF engine and store credentials
Opens GitHub OAuth against the engine, captures the session token on localhost, and saves it to ~/.seif/session_token (mode 0600).
After login: seif workspace create , then mint an API key at /dashboard/settings (customers) or seif auth api-key create (operators, Python).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (default: $SEIF_ENGINE_URL or api.seifprotocol.com) |
--no-browser | — | false | Print authorize URL instead of opening a browser |
--port | — | 0 | Local OAuth loopback port (default: ephemeral) |
--timeout | — | 5m0s | Wait for browser callback |
logout
Clear stored SEIF engine credentials
Removes ~/.seif/session_token and ~/.seif/api_key if present.
mcp serve
Run the SEIF MCP server over stdio (or Streamable HTTP with --http)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (default https://api.seifprotocol.com or $SEIF_ENGINE_URL) |
--http | — | — | Serve over Streamable HTTP on this addr (e.g. :7332) instead of stdio — the remote onramp transport; per-request engine token comes from the Authorization header |
--log-url | — | — | seif-log base URL (default https://log.seifprotocol.com or $SEIF_LOG_URL) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
memory proposals
List pending memory proposals awaiting review [free, local]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: cwd) |
memory propose
Propose a memory for owner review (autonomous-memory curation) [free, local]
propose records a candidate memory as PENDING under .seif/proposals/. The owner later runs 'seif memory proposals' to see them and 'seif memory review' to approve (absorb as a real memory) or reject. This is the AI-self-proposes / owner-ratifies loop — free and local, no engine.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--by | — | — | Who proposed it (e.g. an AI id) |
--content | — | — | Path to a file with the full memory content |
--description | — | — | One-line pointer description |
--json | — | false | Emit JSON |
--name | — | — | Memory name/slug (required) |
--text | — | — | Inline memory content (alternative to --content) |
--workspace | — | — | Workspace root (default: cwd) |
memory query
Recall the most relevant memories + absorbed knowledge for a query [free, local]
query ranks your .seif/memory entries AND absorbed knowledge modules (including debates persisted via 'seif debate --absorb') by lexical relevance to the query text. Pure local and offline — no embeddings, no engine, no token.
This is the recall half of autonomous durable memory: the AI absorbs knowledge, it decays over time, and query brings the relevant pieces back.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--embed-model | — | — | Embedding model for --semantic (default: nomic-embed-text, or $SEIF_EMBED_MODEL) |
--include-deprecated | — | false | Include deprecated memory entries in ranking |
--json | — | false | Emit JSON |
--no-knowledge | — | false | Search memory entries only (skip knowledge modules) |
--semantic | — | false | Blend local Ollama embeddings into the ranking (falls back to lexical if Ollama is down) |
--top | — | 5 | Maximum number of results |
--workspace | — | — | Workspace root (default: cwd) |
memory reindex
Rebuild the derived semantic embedding cache for memory query
reindex pre-computes Ollama embeddings for all memory (+ knowledge) documents and stores them under .seif/.cache/memory-embeddings/ (rebuildable derived state).
Run when session-start surfaces [MEMORY EMBEDDINGS] STALE or before heavy --semantic query workloads. Requires local Ollama with an embedding model.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--verbose | v | false | Log each document to stderr |
--workspace | — | — | Workspace root (default: cwd) |
memory review
Approve (absorb) or reject a pending memory proposal [free, local]
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--approve | — | false | Approve the proposal (absorb it as a memory) |
--json | — | false | Emit JSON |
--reason | — | — | Reason recorded in the history log |
--reject | — | false | Reject the proposal |
--workspace | — | — | Workspace root (default: cwd) |
memory surface
Emit capped cross-AI memory bootstrap from .seif/memory/MEMORY.md
Emit a capped (budgeted) cross-AI memory bootstrap surface.
This is the Go thin-client implementation of the Python seif-dev --memory-surface.
It delivers functional parity for session bootstrap across AI clients without
invoking the genesis Python dev-tool at runtime (INV-THIN-CLIENT).
The surface includes:
- Recent entries (by mtime within --days window) first
- Full index (alpha) for older entries
- Integrity note when orphans exist (run
seif gov memory audit) - Truncation footer with guidance to increase budget
Output formats: text (default, human/MCP-friendly markdown) or json (machine).
Examples: seif memory surface seif memory surface --max-chars 4096 --format json seif memory surface --days 14 --workspace /path/to/workspace
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--days | — | 0 | Recent window in days (default: 7, matches Python --memory-surface-days) |
--format | — | text | Output format: text (default) or json (matches Python --memory-surface-format) |
--include-deprecated | — | false | Include memories in the ## Deprecated section |
--max-chars | — | 0 | Char budget for the surface (default: 8192, matches Python --memory-surface-max-chars) |
--workspace | — | — | Workspace root (default: walk-up from cwd; requires .seif/memory/) |
objectmodel build
Compute the merkle tree over .seif/ and write the shadow store
objectmodel build — content-addressed merkle build.
Walks /.seif/, hashes each artifact via the parity-locked HashArtifact dispatch (SCOPE_V3 envelopes / SCOPE_V2 JSON dicts / raw blobs), composes the tree-of-trees, and writes the shadow at /.seif-object-store/. Idempotent — re-running on an unchanged workspace re-emits the same on-disk bytes.
Exit codes: 0 success 1 scope/hash error 2 no .seif/ at workspace
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--force | — | false | Re-emit the shadow even when no live change is detected |
--json | — | false | Emit machine-readable JSON |
--shadow | — | — | Shadow store override (default: /.seif-object-store) |
--workspace | — | — | Workspace root (default: cwd) |
objectmodel preflight
Run client-side write-path gates (G0, secret-scan, G1, G3)
objectmodel preflight — composed client gates.
Composes the client-authoritative subset of the G0-G5 pipeline: G0 substrate — nucleus.git_head matches the current .seif/ store HEAD secret-scan — no secret VALUES in the staged .seif/ diff G1 coherence — cycle audit reports 0 HIGH G3 integrity — VerifyModel reports 0 HIGH
G2 doc-code, G4 nucleus regen, and G5 manifest signing are engine- authoritative and NOT part of the client preflight.
Exit codes: 0 all gates pass 1 at least one gate fails (blocked_by populated)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--gates | — | [] | Comma-separated subset of gates to run (default: G0-substrate,secret-scan,G1-coherence,G3-integrity) |
--json | — | false | Emit machine-readable JSON |
--shadow | — | — | Shadow store override (default: /.seif-object-store) |
--strict | — | false | Treat ADVISORY findings as failures |
--workspace | — | — | Workspace root (default: cwd) |
objectmodel verify
Re-hash the live store and compare to the shadow nucleus
objectmodel verify — drift detection.
Re-builds the merkle tree from the live store and compares to the shadow's mapper + nucleus. Reports root-drift, missing-object, hash-mismatch, and stale-object findings.
Exit codes: 0 clean (or MEDIUM-only findings) 1 HIGH severity drift 2 no shadow built
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit machine-readable JSON |
--shadow | — | — | Shadow store override (default: /.seif-object-store) |
--workspace | — | — | Workspace root (default: cwd) |
open
Open SEIF Desktop on a workspace (local cockpit)
Resolve path to a SEIF workspace/container root and launch (or focus) SEIF Desktop.
Default path is the current directory. Pointer members resolve to the container root. When the path is not a SEIF workspace, exits with code 2 and does not launch the app.
Remote mode (--remote --remote-workspace ) skips local workspace resolve, preflights SSH (exit 4) and remote .seif/ (exit 5), then spawns the desktop with --remote-host and --remote-workspace only (no loopback port/token).
Use --print-shim to emit a shell function so literal seif . works as seif open ..
Examples: seif open . seif open /path/to/project seif open --remote my-server --remote-workspace /path/to/workspace eval "$(seif open --print-shim)" # install shim in ~/.zshrc
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | Print launch argv without spawning desktop |
--print-shim | — | false | Print shell shim for 'seif .' alias and exit |
--remote | — | — | SSH config alias for remote workspace (requires --remote-workspace) |
--remote-workspace | — | — | Absolute workspace path as seen on the remote host |
orchestrate init
Create default orchestration.json if missing
orchestrate status
Show orchestration.json summary
pod add-workspace
Add a workspace to a pod's composition (D2)
Adds a workspace ref to the pod manifest (POST /v1/pods/{id}/workspaces).
Manifest-CRUD only — this relates the workspace into the pod; it does not materialize. Run 'seif push' (or 'seif compose push') to materialize, exactly as before (anti-syncopathy: /v1/sync stays the one orchestrator).
The workspace may be given as an engine workspace_id (ws_) or a slug resolved against your workspace list.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--json | — | false | Emit raw JSON output instead of formatted text |
--name | — | — | Manifest label for the member (optional) |
--pod | — | — | Target pod (namespace user-slug/pod-slug or pod_id) [required] |
--role | — | — | Member role: writer|observer (optional) |
pod bind
Bind this local workspace to an existing engine pod
Attach the local .seif workspace to an EXISTING pod — the pod analogue of 'seif workspace bind': you created the pod on the web/engine, now point your local folder at it.
<pod_id> accepts a namespace (user-slug/pod-slug) or a bare pod slug. The ref is resolved against your signed-in pod list; use --force to skip verification (e.g. offline), binding the ref verbatim.
Writes engine_pod_id into the nearest workspace.seif.json, so pod-scoped verbs need no --pod afterwards. Idempotent: re-binding the same id is a no-op; binding a different id rebinds.
To create a NEW pod instead, use 'seif pod create '.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--force | — | false | Bind the <pod_id> verbatim without verifying it against your engine pod list (offline escape hatch) |
pod create
Create a pod on the engine (like gh repo create, but for a pod)
Creates a pod slug under your account. The slug is alphanumeric with optional hyphens. Pods do not count against the free-tier workspace limit.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--display-name | — | — | Human-readable pod name (optional) |
--engine-url | — | — | Engine base URL |
--json | — | false | Emit raw JSON output instead of formatted text |
pod list
List the pods in your account
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--json | — | false | Emit raw JSON output instead of formatted text |
pod remove-workspace
Remove a workspace from a pod's composition (D2)
Detaches a workspace ref from the pod manifest (DELETE /v1/pods/{id}/workspaces/{workspace_id}). Idempotent — removing a non-member is a no-op. The workspace itself is untouched.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--json | — | false | Emit raw JSON output instead of formatted text |
--pod | — | — | Target pod (namespace user-slug/pod-slug or pod_id) [required] |
pod show
Show one pod by its namespace (user-slug/pod-slug)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--json | — | false | Emit raw JSON output instead of formatted text |
publish
Sign locally and publish to the transparency log (sign → log → verify URL)
publish is the one-command path from a local artifact to a publicly verifiable, Merkle-logged evidence URL.
It (1) builds a locally-signed SEIF evidence frame with your workspace Ed25519
key — exactly like seif sign (sovereign: the engine never sees your secret
key); (2) registers your workspace public key with the engine (idempotent);
(3) submits the frame to POST /v1/evidence, which verifies your signature,
appends it to the transparency log, and returns the public verify URL + log
entry id.
Unlike server-side signing, publish keeps signing LOCAL. It needs an engine
bearer (--token / --token-file / $SEIF_ENGINE_TOKEN / seif login) and a
workspace signing key (seif key generate). Pass --workspace-id to name your
registered workspace.
Examples: seif publish CHANGES.md --workspace-id ws_proj_x git diff | seif publish - --kind diff --workspace-id ws_proj_x seif publish report.txt --classification PUBLIC --quiet
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--classification | — | INTERNAL | PUBLIC|INTERNAL|CONFIDENTIAL |
--content-type | — | text/plain | MIME-like content type |
--engine-url | — | — | Engine base URL (default: $SEIF_ENGINE_URL or https://api.seifprotocol.com) |
--key-file | — | — | Path to base64 Ed25519 secret key file (overrides $SEIF_SIGNING_KEY) |
--kind | — | file | Artifact kind (diff|commit|file|module|evidence_frame) |
--metadata-file | — | — | Optional JSON file with metadata object |
--quiet | — | false | Print only the verify URL |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace-id | — | — | Workspace identifier (default: resolved from the workspace marker / $SEIF_WORKSPACE_ID; must be a workspace you own) |
pull
Materialize the workspace's remote HEAD into the local .seif/ [PAID]
pull downloads the workspace's current engine HEAD (the object-model read path) and materializes it into the local .seif/ tree.
Flow (login-required; entries classification-filtered server-side):
- GET /v1/sync/head -> the current accepted nucleus root.
- GET /v1/sync/manifest/{root} -> the filtered entries (path/sha/size/class).
- GET /v1/sync/blob/{sha} per entry -> verify content sha -> write file.
Genesis (the remote has no accepted HEAD yet) is a successful no-op.
WARNING: pull overwrites local files covered by the remote HEAD. Use --dry-run to preview.
Auth sources (priority): --token VALUE | --token-file PATH | SEIF_ENGINE_URL | https://api.seifprotocol.com Workspace ID (priority): --workspace-id ID | $SEIF_WORKSPACE_ID
--from-inbox NAME shorthand: resolves BOTH engine URL and workspace_id from
seif inbox list (the receiver-side store, c273 Wave 10). Mutually
exclusive with --engine-url / --remote / --workspace-id — the inbox is a
bound (engine, workspace_id) tuple so accepting overrides would silently
target a different receptor than the named one. Pull semantics are
unchanged; only the resolution layer differs.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | List what would be materialized without writing files |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--from-inbox | — | — | Named inbox from seif inbox list — resolves engine URL + workspace ID through the inbox store (alternative to --remote / --engine-url) |
--json | — | false | Emit raw JSON output |
--remote | — | — | Named remote from seif remote list (alternative to --engine-url) |
--root | — | — | Workspace root to materialize into (default: current directory) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
push
Push .seif/ workspace state to the engine mirror, gated [PAID]
push carries the workspace object-model to the engine over the gated /v1/sync write path (protocol-spec-v0 §11.1, v0.5).
What it does (thin client — s230 FASE 3, no python dependency):
- Scans .seif/ natively and computes the push SCOPE: every non-layer-5 artifact under a share-allowlist-INCLUDED top-level entry (fail-closed).
- Reads the engine's current HEAD (GET /v1/sync/head) as the CAS parent.
- Submits a v0.5 manifest — flat entries[] (path, raw-content sha256, size, classification) + nucleus{parent} — uploads the blobs the engine does not yet hold, and finalizes.
- The ENGINE rebuilds the merkle tree, runs the G0-G5 reliability gate in-process, signs the nucleus with its own key, and advances HEAD. push surfaces the engine's gate verdict.
For local store self-healing (dry-run by default), use seif sync.
Engine mirror only: seif push (or seif sync --apply --push).
Auth sources (priority): --token VALUE | --token-file PATH | SEIF_ENGINE_URL | https://api.seifprotocol.com Workspace ID (priority): --workspace-id ID | $SEIF_WORKSPACE_ID
With a single "seif login" the session token is used automatically — no --token needed. It is user-scoped: one login works for every workspace you own.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | Build the manifest without contacting the engine |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--json | — | false | Emit raw JSON output instead of formatted text |
--no-bundle | — | false | Upload each blob with parallel PUTs instead of one gzip bundle |
--quiet | — | false | Suppress push progress lines on stderr |
--remote | — | — | Named remote from seif remote list (alternative to --engine-url) |
--root | — | — | Workspace root containing .seif/ (default: current directory) |
--session | — | — | Session label embedded in the manifest (e.g. s161) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--upload-workers | — | 0 | Parallel PUT workers when bundle is off or unavailable (default 16, max 32) |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
quality-gate
Score text quality via the SEIF engine [PAID]
quality-gate reads (or stdin when given "-"), POSTs the text to the SEIF engine's POST /v1/quality-gate endpoint, and renders the resulting verdict (grade, score, stance, triple-gate breakdown, flags, suggestions).
This command is a thin engine caller — the actual heuristic computation runs server-side. Requires engine authentication (Bearer token).
Auth sources (priority): --token VALUE --token-file PATH $SEIF_ENGINE_TOKEN
Engine URL (priority): --engine-url URL $SEIF_ENGINE_URL https://api.seifprotocol.com (default)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--json | — | false | Emit raw JSON verdict instead of formatted output |
--role | — | human | Source role: human | ai |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
quota
Show current usage, limits, and tier [PAID — engine]
quota fetches GET /v1/workspaces/{id}/tier and renders the workspace tier plus all counter fields returned by the engine. Counter fields (signatures_used, log_entries_used, …) are iterated dynamically, so new counters added server-side (sync_ops_used, watermark_ops_used, stream_minutes_used per the s150 E4 migration) auto-display without a follow-up CLI release.
With --account (or when no workspace is resolvable) it queries the ACCOUNT-level view (GET /v1/quota) instead: your tier + per-resource usage windows, resolved from the token — available before any workspace is pushed. A workspace lookup that 404s (not yet registered) also falls back to this.
Auth sources (priority): --token VALUE --token-file PATH $SEIF_ENGINE_TOKEN
Engine URL (priority): --engine-url URL $SEIF_ENGINE_URL https://api.seifprotocol.com (default)
Workspace ID (priority): --workspace-id ID $SEIF_WORKSPACE_ID workspace.seif.json (walk-up from cwd) .seif/workspace.json (legacy walk-up)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--account | — | false | Show ACCOUNT-level tier + usage (GET /v1/quota) instead of a workspace; works before any workspace is pushed |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--json | — | false | Emit raw JSON response instead of formatted output |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
recap
What you & your AI did — a standup / accountability narrative from the captured record
recap assembles a time-windowed narrative of workspace activity from records SEIF already captured — cycles opened/sealed, sessions, and decisions — and renders it as a daily standup, a manager report, or a changelog. The report writes itself; you don't fill a form.
Sister to seif report:
report — current-state snapshot (identity, pending, memory, audit) recap — narrative of what happened in a time window
--since accepts keywords or an explicit instant: today (default) | yesterday | week | month | Nd (e.g. 3d) | YYYY-MM-DD | RFC3339
--as selects the shape: standup (default) — terse bullets grouped by day report — grouped by day then category, with summaries changelog — flat reverse-chronological list
--for is a best-effort actor filter (events without attribution are kept, since they cannot be excluded).
Exit codes: 0 recap rendered (may be empty) 2 workspace has no .seif/ directory
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--all | — | false | Include bare lifecycle sessions (no summary); default hides them |
--as | — | standup | Output shape: standup|report|changelog |
--for | — | — | Best-effort actor filter (substring; unattributed events are kept) |
--json | — | false | Emit structured JSON (schema SEIF-RECAP-v1-draft) instead of markdown |
--since | — | today | Lower bound: today|yesterday|week|month|Nd|YYYY-MM-DD|RFC3339 |
--until | — | — | Upper bound (YYYY-MM-DD or RFC3339); default now |
--workspace | — | — | Workspace root directory (default: walk-up from cwd) |
reconstruct
Materialize a historical workspace tree as a hardlink farm
reconstruct walks the delta-log to rebuild the workspace shadow tree at the named rev, then materializes every blob as a HARDLINK under
<workspace>/.seif-object-store/reconstruct/<rev-id>-<pid>/and prints that path (one line, no trailing chatter) to stdout. The farm is
walkable by any tool: find, grep -r, IDE indexers — all see the
historical state as a regular directory tree.
Concurrent invocations of the same rev get separate per-pid farm subdirs (Q-FARM-4) so two operators (or two pipelines) never collide.
Cleanup is MANUAL (Q-FARM-3): farms persist until seif-dev --reconstruct-gc
is run, which removes any farm whose owner pid is dead.
INV-THIN-CLIENT: pure local FS — no engine roundtrip, no quota.
relay assignments
List ACTIVE handoff assignments (optionally by executor)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--all | — | false | Include CLOSED and RELEASED assignments |
--executor-id | — | — | Filter assignments to one executor |
--json | — | false | Emit JSON |
--stale | — | false | Only stale ACTIVE assignments |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay board
Relay accountability board (SEIF-RELAY-BOARD-v1)
board is the read-only actionability source for relay orchestration.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit SEIF-RELAY-BOARD-v1 JSON |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay brief
Create .seif/relay/brief/.md with a starter template
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--force | — | false | Overwrite if the file already exists |
--no-arm | — | false | Do not arm wake-on-handback for this slug (skip couple-watch-to-dispatch) |
--queue | — | false | Mark brief for auto-dispatch (executor_id: auto in contract block) |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay claim
Claim ACTIVE ownership of a relay slug for an executor
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--also-watch | — | false | Allow shared watch on an ACTIVE slug held by another executor |
--executor-id | — | — | Executor claiming ownership (required) |
--force-path-claim | — | false | Force SEIF-CLAIM fusion even in a linked worktree |
--no-path-claim | — | false | Skip SEIF-CLAIM fusion on relay claim |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay close
Terminally close an assignment (or sweep stale claims)
close sets handoff status to CLOSED (idempotent). Closed assignments leave the default assignments view; use assignments --all to list them.
Bulk hygiene: close --stale --dry-run prints a table; add --confirm to apply.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--by | — | — | Orchestrator actor id (may release/close any claim) |
--confirm | — | false | Apply stale sweep (requires --stale) |
--dry-run | — | false | Print stale table without closing |
--executor-id | — | — | Executor performing the action |
--force | — | false | Orchestrator override when actor != holder |
--json | — | false | Emit JSON |
--reason | — | — | Audit reason for release/close |
--stale | — | false | Sweep stale ACTIVE claims (bulk hygiene) |
--stale-after | — | 24h | Age threshold for stale detection |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay draft publish
Write a draft to the draft/ lane and publish a draft bus event
publish writes the --note body to the reserved .seif/relay/draft/ lane with a unique name and publishes a {from,to:"*",kind:"draft",ref,draft_path} bus event. Semantics: thinking aloud, not yet a decision — peers can see drafts without it being a brief.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--executor-id | — | — | Override self id (from); default $SEIF_EXECUTOR_ID then hostname |
--json | — | false | Emit JSON |
--note | — | — | Path to the note body content file (required) |
--ref | — | — | Reference slug this note is about |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay handback
Create .seif/relay/handback/.md with a starter template
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--force | — | false | Overwrite if the file already exists |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay handoff init
Create handoff//HANDOFF.md with worktree metadata
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--also-watch | — | false | Allow init when slug is ACTIVE for another executor |
--branch | — | — | Git branch name |
--executor-id | — | — | Owning executor id for this handoff |
--force | — | false | Orchestrator override for empty executor_id |
--repos | — | — | Repo scope note |
--status | — | ACTIVE | Handoff status (OWNER_GATED|PARKED allow empty executor_id) |
--watch-slugs | — | — | Comma-separated slugs this executor monitors |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
--worktree | — | — | Absolute path to git worktree (required) |
relay handoff show
Print path to handoff//HANDOFF.md
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay heartbeat
Renew relay claim TTL and update last_activity
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--executor-id | — | — | Executor renewing the claim (required) |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay inbox
Leave a durable, append-only note in a peer's relay inbox
inbox writes a UNIQUE, append-only note to .seif/relay/inbox/ addressed to . Front-matter carries from (self id), to, ref, kind, ts. --note is a path to the note body. The protocol treats an inbox note to a live executor as a valid redispatch act (durable, file-first — not chat).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--executor-id | — | — | Override self id (from); default $SEIF_EXECUTOR_ID then hostname |
--json | — | false | Emit JSON |
--kind | — | NOTE | Note kind: NOTE or VERDICT |
--note | — | — | Path to the note body content file (required) |
--ref | — | — | Reference slug this note is about |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay list
List relay artifacts by kind
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--queue | — | false | Show queue stats (queued/claimed/orphaned/stale counts) |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay migrate-anonymous
Classify or migrate anonymous ACTIVE handoffs
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--confirm | — | false | Apply safe migration actions |
--dry-run | — | false | Classify without writing |
--json | — | false | Emit JSON |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay next
Atomically claim the oldest queued brief (executor_id: auto)
next claims the oldest brief whose Executor contract has executor_id: auto and no ACTIVE handoff. Serialized via flock — concurrent callers never double-claim.
Use --dry-run to list the queue head without claiming.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | List queue head without claiming |
--executor-id | — | — | Executor claiming the brief (required) |
--force-path-claim | — | false | Force SEIF-CLAIM fusion even in a linked worktree |
--json | — | false | Emit JSON |
--no-path-claim | — | false | Skip SEIF-CLAIM fusion on relay next |
--repos | — | — | Comma-separated repo filter |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay notify
Durable inbox note PLUS a bus pointer to the peer (decide + notify)
notify is the composite "decide + notify": it FIRST writes the durable inbox note (identical to relay inbox), THEN publishes a bus pointer to the relay topic via the daemon. The durable note is the source of truth — if the bus publish fails the note is kept and the publish error is reported (the command does not fail wholesale).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--executor-id | — | — | Override self id (from); default $SEIF_EXECUTOR_ID then hostname |
--json | — | false | Emit JSON |
--kind | — | NOTE | Note kind: NOTE or VERDICT |
--note | — | — | Path to the note body content file (required) |
--ref | — | — | Reference slug this note is about |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay path
Resolve and print the absolute path to a relay artifact
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--kind | — | brief | brief or handback |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay pointer
Print a 2-line chat pointer for an existing brief or handback
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--kind | — | brief | brief or handback |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay poll
Single-shot filtered relay poll (daemonless tabs)
poll scans relay dirs once (or blocks until --timeout). Emits JSON with events + next_token.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--executor-id | — | — | Derive slugs from ACTIVE handoffs for this executor |
--since | — | — | Continuation token from prior poll |
--slug | — | [] | Filter to relay slug (repeatable) |
--timeout | — | 0s | Block up to this duration waiting for events |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay release
Release an ACTIVE claim back to the dispatch queue
release sets handoff status to RELEASED so the brief may re-enter the queue (when executor_id: auto). Records actor/time/reason in the handoff Lifecycle block.
Executor must match the holder unless --force (orchestrator) or --by is set.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--by | — | — | Orchestrator actor id (may release/close any claim) |
--executor-id | — | — | Executor performing the action |
--force | — | false | Orchestrator override when actor != holder |
--json | — | false | Emit JSON |
--reason | — | — | Audit reason for release/close |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
relay watch
Watch relay dirs and stream metadata events as JSONL (foreground)
watch runs the same fsnotify loop as the relay-watch daemon capability, but writes metadata-only JSONL events to stdout (no daemon required). Ctrl-C stops.
Without --slug/--executor-id: global firehose (orchestrator/maestro). With filters: only events for assigned slugs.
Event shape: {"kind","action","slug","path","ts","executor_id","assigned"}
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--executor-id | — | — | Derive slugs from ACTIVE handoffs for this executor |
--slug | — | [] | Filter to relay slug (repeatable) |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
remote add
Add a remote
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--allow-http | — | false | Accept http:// URLs (self-host only; default rejects cleartext) |
remote get-default
Print the resolved engine URL and its source
remote list
List all remotes (merged view)
remote remove
Remove a remote
remote rename
Rename a remote
remote set-default
Mark a remote as the default for its scope
render cursor-rules
Refresh .cursor/rules/*.mdc from the active SEIF store (one-way)
cursor-rules refreshes the workspace Cursor rules from the sovereign store.
One-way: the .seif/ store is source of truth. OPEN cycles and HIGH/CRITICAL pending modules are folded into the seif-artifacts.mdc description and written to seif-store-active.mdc; the kernel (seif.mdc) and MCP catalog (seif-mcp-tools.mdc) are (re)written too. With --no-mcp, .cursor/mcp.json is left untouched.
Go-native port of the Python dev-tool's seif-dev --render-cursor-rules.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | List would-write targets without writing |
--json | — | false | Emit the render report as JSON |
--no-mcp | — | false | Skip writing .cursor/mcp.json |
--workspace | — | — | Workspace root (default: cwd) |
render pointers
Render pointers/*.tmpl to umbrella-root pointer files
render-pointers
Render pointers/*.tmpl to umbrella-root pointer files
report
Structured workspace snapshot — identity, pending, cycles, memory, audit, paid counters
report builds a structured, sectioned snapshot of the workspace
designed to paste into an audit ticket or hand to a customer / new
teammate. Sister to seif status but with a different audience:
status — live runtime probe (counts, OPEN cycles, object-model HEAD) report — structured snapshot (sections, severity tops, history, paid tier)
Sections (all soft-skip on missing data — INV-THIN-CLIENT):
- Workspace identity (root, owner, workspace_id, classification, threshold)
- Pending modules (counts by status/severity + top-5 open by severity)
- Cycle history (any OPEN + last 5 sealed by mtime)
- Memory tiers (INTERNAL always; CONFIDENTIAL when --include-private + owner key)
- Discipline audit findings (last 7d from .seif/audit/discipline.jsonl)
- Paid-tier counters (when engine creds resolve — same shape as
seif quota)
Auth (paid counters) — sources in priority: --token VALUE | --token-file PATH | SEIF_ENGINE_URL | https://api.seifprotocol.com (default) --workspace-id ID | $SEIF_WORKSPACE_ID | walk-up workspace marker
--include-private requires the owner signing key at ~/.seif/keys/signing.key
(host-tier owner-identity gate — see seif key generate). Absent key →
the flag is rejected to keep CONFIDENTIAL memories from accidentally
showing up on a shared screen.
Exit codes: 0 report rendered (sections may be soft-skipped) 2 workspace has no .seif/ directory
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--include-private | — | false | Include CONFIDENTIAL memory tier (requires ~/.seif/keys/signing.key) |
--json | — | false | Emit structured JSON (schema SEIF-REPORT-v1-draft) instead of human markdown |
--since | — | — | Narrow time-bucketed sections to events at/after this date (YYYY-MM-DD or RFC3339) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace | — | — | Workspace root directory (default: walk-up from cwd) |
--workspace-id | — | — | Engine workspace identifier (overrides $SEIF_WORKSPACE_ID) |
runtime attach
Injection rank hints for an AI client (claude-code, cursor, …)
runtime heal
Converge this machine's seif install to doctor-green (binary, PATH, hooks) [free, local]
runtime heal converges a fresh OR drifted machine to a healthy seif runtime, idempotently:
- product binary — install/refresh ~/.seif/bin/seif from the running executable
- PATH — back up dead
seifshims (*.dead-shim.bak-) and symlink them to the product binary; healthy divergent binaries are flagged, never destroyed - hooks — converge ~/.claude/settings.json onto the absolute product
binary path (settings.json.bak- first; legacy entries
like circuit-inbox-hook.sh and Python
seif --…removed; user hooks preserved) - verify — run the doctor runtime checks; success ONLY when green
Running it twice is a no-op the second time. Exits nonzero when the machine is still not doctor-green afterwards (e.g. a healthy shadow install that needs a human decision). Every overwrite is preceded by a backup — never silent-destroy.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | Plan steps without writing files (still verifies and exits nonzero on drift) |
--json | — | false | Emit JSON |
runtime up
Idempotent container runtime bootstrap
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | Plan steps without writing files |
secret-scan
Scan content for secret VALUES (API keys, PATs, PEM private keys, JWTs)
secret-scan greps for secret VALUES — not the words token/password/key — so governance artifacts that legitimately NAME secrets are not flagged.
Modes (at least one required): --staged scan ADDED lines of the git staged diff (pre-commit choke-point) --path FILE scan an explicit file (repeatable)
Lines bearing the seif:allow-secret marker are skipped.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON result |
--path | — | [] | Explicit file to scan (repeatable) |
--staged | — | false | Scan the git staged diff (added lines only) |
--workspace | — | — | Workspace root for --staged (default: cwd) |
session
Manage sessions (alias: use seif gov session)
session is a top-level alias for the governance namespace.
Prefer: seif gov session list|show|…
Writes are deferred on the Go product until SEIF-SESSION-v1 reconciliation; use MCP seif_invoke or the Python dev-tool for session_create/contribute/close.
setup
Install SEIF runtime integration for an AI client (claude-code, cursor, gemini, grok, generic)
setup installs the necessary hooks, skills, memory symlinks and configuration so that the target AI client can use the full SEIF protocol (classification gate, quality gate, cross-AI memory, circuit inbox, etc.) without depending on the Python dev-tool at runtime.
Supported adapters: claude-code — full hooks + skills + memory symlink (highest userbase) cursor — .cursor/rules + MCP json (command-capable, thin) gemini — GEMINI.md command-capable thin tier (axioms via 'seif context bootstrap') grok — GROK.md command-capable thin tier (grok-builder, FS-capable CLI) generic — hookless AGENTS.md baseline (Wave 8 — long-tail read-only clients) git-hooks — git auto-sync hooks (post-commit/merge/checkout → seif context sync) + pre-commit secret-scan (blocks secret VALUES in staged content)
Capability tiers: command-capable clients (claude-code, cursor, gemini, grok) reference axioms on demand via 'seif context bootstrap' (resolved from the embedded verified kernel) — they do NOT inline the 28 axioms. Only the long-tail read-only 'generic' tier may inline as a degraded fallback.
Report state with "seif setup status [--json]" — a read-only per-adapter integration report (installed? hooks/skills/memory-symlink/rules/AGENTS.md). seif-desktop consumes the --json form rather than reimplementing detection.
This is the highest-leverage step for the "single static Go binary" promise.
After seif setup claude-code (or seif setup generic for any other
AI client that reads AGENTS.md) a user can install the Go binary and have a
working SEIF environment without ever touching Python.
Adapter-specific flags: --force (generic only) rewrite AGENTS.md even when content matches
Examples: seif setup status # human table of per-adapter integration seif setup status --json # machine report (seif-desktop consumes this) seif setup claude-code seif setup claude-code --workspace /path/to/ws seif setup claude-code uninstall # remove SEIF hooks/skills/symlink (user hooks preserved) seif setup cursor --dry-run seif setup cursor uninstall # remove .cursor SEIF rules/hook/mcp server (user content preserved) seif setup generic seif setup generic --workspace ~/repos/my-project --dry-run seif setup generic --force # bump mtime / recover from partial write seif setup generic uninstall # strip the SEIF block from AGENTS.md (user content preserved) seif setup git-hooks # install git auto-sync hooks in cwd seif setup git-hooks list # show which SEIF hooks are present seif setup git-hooks uninstall # remove only the SEIF section from each hook
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | Print actions without writing anything |
--force | — | false | Generic adapter: rewrite AGENTS.md even when content is already current |
--json | — | false | status: emit the per-adapter integration report as JSON |
--strict | — | false | status: exit 1 if any adapter is not configured (default: exit 0 — it is a report) |
--with-mcp | — | false | Also configure MCP server (future) |
--workspace | — | — | Workspace root (default: walk-up from cwd) |
show
Print a historical workspace blob or list its reconstructed tree
show emits either ONE historical blob's raw bytes (when :<path>
is given) or LISTS the reconstructed tree at the named rev (when :<path>
is omitted). Workspace-mode only — no engine roundtrip, no quota.
Rev forms (memo §8 Q-DIFF-2f, same parser as seif diff workspace@<rev>):
workspace@HEAD current shadow object-model
workspace@HEAD~N walk N parents back through the delta log
workspace@ 12-hex prefix (>=4) of a recorded rev_id
workspace@ newest rev recorded on/before the named date
Single-path mode (default — direct blob read, no farm): seif show workspace@HEAD~3:.seif/project.seif seif show workspace@HEAD:path/to/binary.png > local.png
Bare-rev mode (lists tree pathhashsize): seif show workspace@HEAD~1
Notes:
- Output is raw bytes (Q-SHOW-3). Caller controls with shell redirects.
- When
<path>resolves to a directory the verb fails-loud with a hint to runseif reconstruct workspace@<rev>(Q-SHOW-2). - Rev-prefix collisions list every matching full rev-id (Q-SHOW-5).
sign
Sign an artifact and emit a SEIF evidence frame
Sign reads (or stdin when given "-"), builds a SEIF Evidence per spec §8.1, computes the canonical_hash, signs the raw 32 hash bytes with the workspace Ed25519 secret key, and emits the resulting frame as JSON.
The secret key is loaded from --key-file or, if not set, from the SEIF_SIGNING_KEY environment variable. The key must be the base64-encoded 64-byte Ed25519 secret (seed||public).
Content encoding is auto-selected: valid UTF-8 inputs use content_encoding "utf-8"; anything containing invalid UTF-8 sequences (control bytes, binary payloads) is base64-encoded.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--classification | — | INTERNAL | PUBLIC|INTERNAL|CONFIDENTIAL |
--content-type | — | text/plain | MIME-like content type |
--key-file | — | — | Path to base64 Ed25519 secret key file (overrides $SEIF_SIGNING_KEY) |
--kind | — | file | Artifact kind (diff|commit|file|module|evidence_frame) |
--metadata-file | — | — | Optional JSON file with metadata object (default: {}) |
--output | — | — | Write frame to file (default: stdout) |
--workspace-id | — | — | Workspace identifier (default: resolved from the workspace marker / $SEIF_WORKSPACE_ID) |
stamp
Anchor a file on Bitcoin via OpenTimestamps (deferred — engine endpoint pending)
Anchor on the Bitcoin blockchain via OpenTimestamps, producing
.ots that can be verified offline with seif verify --stamp.
STATUS: deferred to Phase B — the engine /v1/ots/submit endpoint is not yet implemented. The thin client must not stamp locally (would break INV-THIN-CLIENT), so submission flows through the engine.
For now, use the Python dev-tool reference:
seif-dev --stamp <file> # creates <file>.ots via local ots binaryOnce /v1/ots/submit ships, this command becomes the thin-client entry
point; the .ots produced by either path is verifiable with
seif verify --stamp against any esplora endpoint.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON output |
start
Bootstrap a grounded SEIF session and launch your AI client (the maestro)
start is the one-command path to a fully-grounded SEIF session — the Go
maestro (parity with the dev-tool's seif launcher).
It guarantees the environment, then launches the AI client:
- no .seif/ here? → scaffolds the workspace (seif init)
- no SEIF hooks installed? → installs the claude-code integration (classification gate, SessionStart context, cross-AI memory symlink, skills)
- exports SEIF_BOOTSTRAP_PROFILE so the SessionStart hook sizes the boot surface (minimal | standard | full)
- execs
claude— the installed hooks ground every session; no prompt injection (the deprecated path that crashed the old wrapper).
Examples: seif start # standard profile, this folder seif start --bootstrap-profile minimal # leanest (RAG-first) boot surface seif start --bootstrap-profile full # widest boot surface seif start --workspace ~/repos/app # a specific workspace seif start --no-launch # prepare + print the launch plan only seif start -- --model opus # pass args through to claude
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--bootstrap-profile | — | standard | Context bootstrap profile: minimal | standard | full |
--client | — | — | AI client to launch by registered name (default: the registry default — seif admin client list) |
--include | — | [] | Path to an extra file to seed the conversation (repeatable) |
--memory-chars | — | 0 | Override the cross-AI memory surface budget in chars (0 = profile default) |
--memos | — | — | Comma-separated memo slugs under .seif/memos/ to load into the boot context |
--modules | — | — | Comma-separated module ids under .seif/modules/ to load into the boot context |
--no-launch | — | false | Prepare the environment and print the launch plan, but do not exec the client |
--opening-report | — | workspace,memory,cycles,pending | Fields the agent reports in its opening environment report (comma list of workspace,memory,cycles,pending; 'off' to disable). |
--workspace | — | — | Workspace root (default: current directory) |
status
Show workspace status, identity, and counts
status introspects the current workspace .seif/ directory and prints counts of cycles/seeds/modules/memories, lists any OPEN cycles, and shows the active classification + quality threshold from .seif/config.json.
This verb is local-only — it does not call the engine. For quota and tier
info use seif quota.
Exit codes: 0 .seif/ present and report rendered 2 workspace has no .seif/ directory
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--audit-host | — | false | Audit the host-tier ~/.seif/ directory across 5 layers (protocol, init-generated, derived, per-host, heartbeat). With --fix, regenerates missing files with safe defaults. |
--container | — | false | Container health: dirty state, pin summary (SEIF-WORKSPACE-v2) |
--delta | — | false | Show drift between the live .seif/ store and the shadow object-model's last signed nucleus (added / modified / removed) — git status vs HEAD for SEIF artifacts; reads /.seif-object-store/ |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--fix | — | false | With --audit-host: regenerate missing files (idempotent, safe defaults). |
--json | — | false | Emit structured JSON report instead of human-readable text |
--object-model | — | false | Also surface the native push scope (artifact count) and, with engine creds, the engine's accepted HEAD (GET /v1/sync/head) |
--shadow | — | — | Override the shadow object-store path (default: /.seif-object-store) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace | — | — | Workspace root directory (default: current working directory) |
--workspace-id | — | — | Engine workspace identifier for the remote axis (overrides $SEIF_WORKSPACE_ID) |
store hygiene
Run the STORE-v2 retention sweeper (dry-run by default) [free]
hygiene applies the four ratified retention rules from .seif/memos/DESIGN-MEMO-2026-05-26-store-v2-layout-retention.md §3:
convert-store-keep-3 archive/migrations/convert-store-* >90d AND not in newest 3 delete circuit-inbox-30d runtime/circuit/inbox/* >30d delete seeds-consumed-90d seeds/consumed/* >90d → archive/seeds/ quarantine-12mo _quarantine/* (top-level only) >365d → archive/_quarantine-YYYY-MM/
Without --apply this is a DRY-RUN: it reports what WOULD happen. With --apply it mutates the filesystem; per-action failures are recorded in the report (exit 2) but do not abort the sweep.
With --check-only this runs the Fase-4 health CHECK instead of the sweep: it scans the ACTIVE tree (archive/, _quarantine/ excluded) for non-envelope .seif artifacts and duplicate pending module ids, and exits 1 on regression (non-envelope > 700, or any duplicate id). This is the gate wired into the SEIF pre-push hook. Pass -o to also append the JSON report as a JSONL audit line.
Exit codes 0 sweep completed / check passed 1 --check-only regression (non-envelope over threshold, or duplicate id) 2 at least one per-action error in apply mode 3 input error (workspace missing, .seif/ not found, invalid --now)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--apply | — | false | Mutate the filesystem (default is dry-run) |
--check-only | — | false | Run the Fase-4 health check (non-envelope + duplicate-id scan) and exit 1 on regression instead of sweeping |
--json | — | false | Emit ONLY the JSON envelope (skip the human-readable table) |
--keep-convert-store-count | — | 0 | Override the keep-3 default for convert-store-* migration logs (default 3 per memo §3) |
--now | — | — | Reference timestamp for age math (RFC3339; default: time.Now) |
--output | o | — | With --check-only: append the JSON report as a JSONL audit line to this path |
--verbose | — | false | Also emit Skipped[] (paths inspected but no rule fired) |
store inventory
Self-describe every .seif/ as JSONL (STORE-v2 Fase-0 ritual) [free]
inventory is the STORE-v2 Phase-0 ritual: every image/standalone self-describes (one JSONL row per .seif/) BEFORE any hygiene or migrate verb runs, so the operator can route the next phase.
Each row carries the ratified Phase-0 fields: seif_dir, workspace_id, workspace_type, store_profile, pod_root, compose_image_name, host_label
Roots default to the current directory (walk-up to the sovereign .seif/). When a root holds a seif-compose.json, each image workspace is expanded into its own row. Rows are deduped by resolved seif_dir.
Output is JSONL on stdout (one object per line); -o writes it to a file.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit raw JSONL to stdout (default when stdout is not a TTY) |
--output | o | — | Write JSONL to this file instead of stdout |
--root | — | [] | Workspace/pod root to inventory (repeatable; default: current directory) |
store move
Relocate module artifacts between ratified module dirs (mutates; --dry-run to preview) [free]
move relocates module artifacts between the ratified module dirs under .seif/modules/ — pending, resolved, decisions, capabilities, _quarantine. Paths are relative to .seif/modules/ (e.g. "pending-x.seif" → "resolved/pending-x.seif").
Single mode: seif store move pending-x.seif resolved/pending-x.seif
Bulk mode (JSON {old:new} map): seif store move --bulk moves.json
move MUTATES by default (like git mv) — it performs an atomic rename per pair. Validation is fail-fast: a missing source or pre-existing target aborts before any further pair. Pass --dry-run to validate and report what WOULD move without touching the filesystem (handy for previewing --update-refs).
--update-refs also rewrites exact "modules/" references (and quoted variants) in mapper.json and every .seif/.json/*.md under cycles/, decisions/, memos/. It never deep-rewrites envelope bodies.
Exit codes 0 completed (dry-run or apply) 3 input error (no .seif/, bad args, source missing, target exists, bad bulk map)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--bulk | — | — | Read a JSON {old:new} move map from this file (bulk mode) |
--dry-run | — | false | Preview only — validate and report without moving (default mutates) |
--json | — | false | Emit ONLY the JSON envelope (skip the human-readable summary) |
--update-refs | — | false | Also rewrite modules/ references in mapper.json + cycles/decisions/memos |
stream emit
Emit a single event onto the workspace stream
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--json | — | false | Emit raw JSON output instead of formatted text |
--payload | — | {} | Event payload as a JSON object |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--topic | — | custom | Topic for the emitted event |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
stream follow
Subscribe to the SSE stream and print events to stdout
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--json | — | false | Emit raw JSON output instead of formatted text |
--last-event-id | — | — | Resume from this event id (replay window 24h per spec §11.3.2) |
--max-backoff | — | 1m0s | Maximum reconnect backoff (default 60s per memo §5.7) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--topics | — | workspace_updated,resonance,hub | Comma-separated topics to subscribe to (workspace_updated,resonance,hub) |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
sync
Local self-healing maestro — diagnose, plan, and apply store cures [free, local]
sync is the local self-healing maestro for .seif/ store coherence.
Default (dry-run): DIAGNOSE → PLAN — mutates nothing. Each finding maps to an existing cure verb in dependency-safe order (context sync → reindex → prune ghosts → cycle gc → heal → claim sweep → object-model repair). Memory findings are report-only (A4 gatekeeper).
With --apply: runs the plan in-process, re-diagnoses, prints before/after. With --apply --push: chains the engine mirror last (same as seif push).
Exit codes: 0 healthy or fully healed · 1 findings remain · 2 apply-step error.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--apply | — | false | Execute the plan (default is dry-run) |
--author | — | seif-sync-maestro | Author recorded on context sync steps |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--json | — | false | JSON output for orchestrators |
--no-bundle | — | false | Push: upload blobs individually instead of one bundle |
--push | — | false | After --apply, push to the engine (requires --apply) |
--quiet | — | false | Push: suppress progress on stderr |
--remote | — | — | Named remote from seif remote list |
--session | — | — | Session label embedded in the push manifest |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--upload-workers | — | 0 | Push: parallel PUT workers (default 16, max 32) |
--workspace | — | — | Workspace root (default: cwd) |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
tier
Report the verification-depth chain for a SEIF artifact
tier surfaces INV-VERIFICATION-DEPTH for one artifact at a time: which of the four depths carry evidence, which verifiers pass locally, and which need additional inputs (a pubkey or a --remote-fetch).
Depths 1 envelope-signature Ed25519 over canonical envelope bytes 2 engine-attestation engine_signature over coherence body 3 transparency-log RFC-6962 inclusion + STH (depth-3, H3 wire) 4 bitcoin-anchor OpenTimestamps .ots Bitcoin sequence (E2 wire)
The local-only default never touches the network; depths whose verifier needs a fetch surface as NEEDS_FETCH. Pass --remote-fetch to opt in.
Exit codes 0 max-available depth verified (or only NEEDS_KEY/NEEDS_FETCH) 1 any depth FAILED 2 artifact malformed (ref miss, parse error, wrong shape)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-pubkey-file | — | — | Path to the engine pubkey for depth-2 attestation verification (else $SEIF_ENGINE_PUBKEY / ~/.seif/keys/engine_pubkey) |
--json | — | false | Emit JSON output (AI-consumable) |
--list-depths | — | false | Print the static depth catalog (definitions) and exit |
--pubkey-file | — | — | Path to a standard-base64 Ed25519 pubkey for depth-1 envelope verification |
--remote-fetch | — | false | Opt-in to network roundtrips for depth-3 (log proof) and depth-4 (OTS calendar/esplora) |
--stamp | — | — | Explicit path to a sibling .ots file for depth-4 (default: .ots) |
--verify-depth | — | — | Artifact ref (cycle: | memo: | pending: | decision:) or path to a .seif envelope |
update
Update the seif binary in-place from the latest GitHub release [FREE]
update checks the GitHub Releases API for the latest seif-cli release, locates the asset matching this host (OS/arch), downloads it, verifies the sha256 checksum, and atomically swaps the running binary.
Tier 3 distribution: each release is a manual binary swap — there is no background auto-update.
Flow:
- Resolve the current version from the embedded build info.
- GET /repos//releases/latest (or /releases with --prerelease).
- Locate the asset seif--- and its .sha256 sibling.
- Download to .new, verify sha256.
- os.Rename (atomic on POSIX, restart-safe).
Requires write permission to the binary's directory. If seif is installed
under /usr/local/bin and you did not use sudo to install, re-run with
sudo seif update.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--check-only | — | false | Print current/latest without downloading or swapping |
--json | — | false | Emit JSON output |
--prerelease | — | false | Include pre-release tags in the resolution |
verify
Verify a SEIF evidence frame (local file or public engine proof)
Verify reads a SEIF evidence frame from (or stdin when given "-"), recomputes the canonical_hash from the embedded Evidence, checks the Ed25519 signature against the recorded public key, and re-derives the evidence_id. Any mismatch causes a non-zero exit.
With --url, the argument is a public verify URL (https://verify.seifprotocol.com/v/ev_…) or a bare evidence id (ev_…). The engine's public evidence proof is fetched (GET /v1/evidence/, no auth) and INDEPENDENTLY verified: the canonical_hash is recomputed from the returned artifact and the Ed25519 signature is checked against the embedded public key — the engine's own "verified" flag is not trusted.
Returns: exit 0 — intact (hash + signature [+ evidence_id for local frames] match) exit 1 — tampered, signature invalid, or evidence_id desynced
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--calendar | — | — | Override esplora HTTP endpoint (default https://blockstream.info/api, env $SEIF_ESPLORA_URL) |
--engine-url | — | — | Engine base URL for --url (default https://api.seifprotocol.com or $SEIF_ENGINE_URL) |
--log-id | — | — | Verify a seif-log inclusion proof for this log entry id (RFC-6962 + STH) |
--log-url | — | — | seif-log base URL (default https://log.seifprotocol.com or $SEIF_LOG_URL) |
--quiet | — | false | Only exit code, no output |
--stamp | — | — | Verify an OpenTimestamps .ots proof file (offline, against Bitcoin) |
--stamp-json | — | false | Emit JSON output for --stamp verification |
--stamp-source | — | — | Source file the .ots proof anchors (default: --stamp arg with .ots stripped) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--url | — | false | Treat the arg as a public verify URL or evidence id; verify the engine proof |
verify-pins
Alias for workspace pins verify
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
watermark embed
Sign a watermark-embed envelope for a pre-watermarked audio pair
embed posts a watermark-embed envelope. --input is the original audio file; --output is the watermarked version (produced by an out-of-band DSP path in this wave). Both must exist on disk; their sha256 + byte sizes are computed locally and included in the envelope.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--amplitude-db | — | 0 | Watermark amplitude in dBFS (negative values typical) |
--classification | — | INTERNAL | Envelope classification tier (PUBLIC | INTERNAL | CONFIDENTIAL) |
--duration-ms | — | 0 | Symbol duration in milliseconds |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--format | — | wav/pcm-s16le-44100 | Audio format descriptor (e.g. wav/pcm-s16le-44100) |
--input | — | — | Path to the input (unmarked) audio file |
--json | — | false | Emit raw JSON envelope instead of formatted output |
--library-version | — | seif-watermark-go/v1.0.0 | Library version stamp for the envelope |
--output | — | — | Path to the output (watermarked) audio file |
--reps | — | 0 | Repetition count used by the DSP |
--session | — | — | Session label embedded in the envelope (e.g. s151) |
--symbols | — | 0 | Symbol count used by the DSP (forwarded to the envelope) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
watermark extract
Look up the signed envelope for a recovered watermarked audio
extract posts a watermark-extract envelope referencing --recovered (a candidate watermarked audio). The engine looks up the matching envelope from the transparency log and returns it (or 404 if absent).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--amplitude-db | — | 0 | Watermark amplitude in dBFS (negative values typical) |
--classification | — | INTERNAL | Envelope classification tier (PUBLIC | INTERNAL | CONFIDENTIAL) |
--duration-ms | — | 0 | Symbol duration in milliseconds |
--engine-url | — | — | Engine base URL (overrides $SEIF_ENGINE_URL) |
--format | — | wav/pcm-s16le-44100 | Audio format descriptor (e.g. wav/pcm-s16le-44100) |
--json | — | false | Emit raw JSON envelope instead of formatted output |
--library-version | — | seif-watermark-go/v1.0.0 | Library version stamp for the envelope |
--recovered | — | — | Path to the recovered (suspect) audio file |
--reps | — | 0 | Repetition count used by the DSP |
--session | — | — | Session label embedded in the envelope (e.g. s151) |
--symbols | — | 0 | Symbol count used by the DSP (forwarded to the envelope) |
--token | — | — | Engine bearer token (else --token-file, $SEIF_ENGINE_TOKEN, or ~/.seif/session_token from 'seif login') |
--token-file | — | — | Path to a file containing the engine bearer token |
--workspace-id | — | — | Workspace identifier (overrides $SEIF_WORKSPACE_ID) |
workspace bind
Bind this local workspace to an existing engine workspace
Attach the local .seif workspace to an EXISTING remote workspace — the 'git remote add origin' step of the local-first flow: you created the workspace on the web/engine, now point your local folder at it.
accepts a workspace_id (ws_…), a slug, or a user_slug/slug namespace. A slug or namespace is resolved against your signed-in workspace list; a ws_ is verified against it too (use --force to skip verification, e.g. offline).
Writes engine_workspace_id into the nearest workspace.seif.json, so push/pull/ clone need no --workspace-id afterwards. Idempotent: re-binding the same id is a no-op; binding a different id rebinds.
To create a NEW remote workspace instead, use 'seif workspace create '.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--force | — | false | Bind a ws_ without verifying it against your engine workspace list (offline escape hatch) |
workspace config init
Create default workspace-config.json if missing
workspace config show
Print workspace-config.json
workspace config validate
Validate workspace-config.json
workspace create
Create a workspace on the engine
Creates a workspace slug under your account (like gh repo create).
Free tier allows 1 workspace. Mint an API key at seifprotocol.com/dashboard/settings before seif push — the thin CLI does not mint keys.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
workspace delete
Soft-delete a workspace on the engine (cascade-detaches it from pods) [requires --yes]
Soft-deletes a workspace via DELETE /v1/workspaces/{id} (§7.5).
It is a SOFT delete — reversible by design — and it cascade-detaches the workspace from every pod's composition. Owner-bound; idempotent (deleting an already-deleted workspace is a no-op).
Destructive, so it requires --yes to proceed.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--yes | — | false | Confirm the (soft) deletion — required |
workspace list
List engine workspaces for the signed-in user
Lists workspaces registered on the engine (GitHub-style namespaces).
Requires a session from 'seif login'. API keys from the dashboard also work when exported as SEIF_ENGINE_TOKEN.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
workspace open
Generate and open a multi-root VS Code workspace for the SEIF container
Writes seif-container.code-workspace with the umbrella root plus each cloned member repo listed in workspace.seif.json members[].
Opens the file in VS Code/Cursor when 'code' or 'cursor' is on PATH, unless --no-launch is set.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--editor | — | — | Editor command (code, cursor); default: auto-detect |
--no-launch | — | false | Only write the workspace file |
--output | — | — | Workspace filename (default: seif-container.code-workspace) |
--print-path | — | false | Print absolute path to workspace file and exit |
workspace pins repin
Re-pin members to origin/main (writes container-dirty.seif)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--dry-run | — | false | Preview only |
--members | — | — | Comma-separated subset |
--reason | — | manual repin | Audit reason |
workspace pins verify
Compare member HEAD vs pin_commit
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
workspace profile apply
Merge profiles/.json into workspace-config.json
workspace remote-config
Show the engine (cloud) workspace config — type, store_profile, visibility, ceiling (D6)
Reads the control-plane config from the engine (GET /v1/workspaces/{id}/config).
This is the CLOUD-state config (engine authority), distinct from 'seif workspace config show' which reads the local on-disk marker. Auth is bound to the target workspace; a cross-workspace token gets a not-found error (anti-enumeration).
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--workspace | — | — | Target workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker |
workspace repair
Repair the container marker + .seif/config.json protocol defaults [free]
repair brings a container's workspace.seif.json marker back to a valid SEIF-WORKSPACE-v2 shape. It mints a workspace_id when one is missing, restores the protocol / workspace_type / status / container fields, and (with --store-profile) repairs the store_profile marker. It also backfills the .seif/config.json protocol defaults (session_lifecycle, persistence_routing) so a workspace created before those were seeded boots the full SessionStart pipeline instead of the degraded legacy one-liner. In-place and non-destructive: existing members, share_allowlist, and any explicitly-set config keys are preserved (only wholly-absent keys are added). A missing marker is recreated from defaults.
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--json | — | false | Emit JSON |
--store-profile | — | — | Set/repair the store_profile marker field |
--workspace | — | — | Container root to repair (default: cwd) |
workspace set-classification-ceiling
Set the workspace classification ceiling
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--workspace | — | — | Target workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker |
workspace set-store-profile
Set the engine store_profile
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--workspace | — | — | Target workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker |
workspace set-type
Set the engine workspace_type (D1)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--workspace | — | — | Target workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker |
workspace set-visibility
Set workspace visibility — private (default) or public (D5)
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--engine-url | — | — | Engine base URL |
--workspace | — | — | Target workspace (slug or ws_); defaults to the engine_workspace_id bound in the local marker |
worktree create
git worktree add + write .seif-pointer.json at birth
create adds a git worktree and writes its .seif-pointer.json in one step, so relay/governance verbs run from inside it resolve onto THIS workspace's canonical board (never a forked per-worktree one).
It runs git worktree add [-b <branch>] <path> <base> against the current
repo (or --repo), then binds /.seif-pointer.json to the canonical
workspace id. The pointer redirect is relative when the worktree shares a volume
with the canonical root, absolute otherwise.
Examples: seif worktree create ../wt-brief --branch brief/foo seif worktree create /tmp/wt --base origin/main --workspace ~/repos/umbrella
| Flag | Shorthand | Default | Description |
|---|---|---|---|
--base | — | HEAD | Start point for the worktree (branch/commit) |
--branch | — | — | Create and check out this new branch in the worktree |
--no-pointer | — | false | Skip writing .seif-pointer.json (NOT recommended — verbs will fork the board) |
--repo | — | — | Git repo to add the worktree from (default: cwd) |
--workspace | — | — | Canonical workspace root (default: walk up from cwd) |
wrapper antigravity post-tool-use
PostToolUse hook: advisory (always emits {} per the agy contract)
post-tool-use is the Go backend for the Antigravity CLI PostToolUse hook. It fires AFTER the tool ran (cannot block) and emits the canonical agy {} decision envelope on stdout. Always exits 0.
If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.
wrapper antigravity pre-invocation
PreInvocation hook: inject SEIF grounding/context on the first invocation (reads agy JSON on stdin)
pre-invocation is the Go backend for the Antigravity CLI PreInvocation hook. On the FIRST invocation (invocationNum==0) with SEIF engaged it assembles the SEIF bootstrap payload (grounding kernel first) and injects it as an ephemeralMessage: {"injectSteps":[{"ephemeralMessage":"..."}]}. On later invocations it emits {}.
Requires the SEIF_ENGAGE=1 sentinel (set by seif start) to inject the payload;
a raw agy session without it injects nothing (clean by default). Always exits 0.
If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.
wrapper antigravity pre-tool-use
PreToolUse hook: shell + classification gates for .seif/ workspace writes (reads agy JSON on stdin)
pre-tool-use is the Go backend for the Antigravity CLI PreToolUse hook. It reads agy's camelCase PreToolUse JSON on stdin and routes by tool name:
run_command → shell gate (CAN deny) write_to_file / replace_file_content / multi_replace_file_content → reserved-.seif/ + classification + credential gate (CAN deny)
agy reads a JSON DECISION on stdout (NOT an exit code): {"decision":"allow"|"deny"|"ask"|"force_ask","reason"?}. A blocked gate emits {"decision":"deny","reason":…}; everything else allows.
Scope guard: inert (allow) when the call is outside a .seif/ workspace — protection only where there is a sovereign store to guard.
If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.
wrapper antigravity stop
Stop hook: session-end closure + CIRCLE auto-sync when fully idle (reads agy JSON on stdin)
stop is the Go backend for the Antigravity CLI Stop hook. When the run is fully idle (fullyIdle==true) it runs the SEIF closure (CLOSURE/AUDIT/ABSORB/CIRCLE phases + a LOCAL git commit of .seif). It then emits a stop-ALLOWING decision — {"decision":"stop"} — and NEVER "continue" (it must not force the agent to keep running). Always exits 0.
If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.
wrapper claude-code post-tool-use
PostToolUse hook: advisory quality gate over a written file (reads hook JSON on stdin)
post-tool-use is the Go port of the SEIF PostToolUse hook (quality-gate.sh). It reads the Claude Code PostToolUse JSON on stdin and, for Write-tool calls on a text file outside .seif/, scores the first lines of the file with the native (offline, zero-Python) SEIF quality gate and prints a single advisory [SEIF METADATA] line. It never blocks: always exits 0.
wrapper claude-code pre-tool-use
PreToolUse hook: shell + classification gates + claim-conflict surface (reads hook JSON on stdin)
pre-tool-use is the Go port of the SEIF PreToolUse hooks. It reads the Claude Code PreToolUse JSON on stdin and routes by tool:
Bash → shell-write / secret-read / exfil gate (CAN block, exit 2) Write/Edit → reserved-.seif/ + classification + credential gate (CAN block), then the SEIF-CLAIM-v1 conflict surface (informational, exit 0)
Per RFC §5 (CONTEXT not COMMAND) the claim-check never blocks: it prints a [SEIF CLAIM CONFLICT] notice on stderr and exits 0. Consolidates bash-gate.sh, classification-gate.sh, and pretooluse-claim-check.sh into one zero-Python backend.
wrapper claude-code session-end
SessionEnd hook: closure/audit/absorb phases + local CIRCLE git commit (reads hook JSON on stdin)
session-end is the Go port of the SEIF SessionEnd hook (session-end.sh + session_lifecycle.session_end_logic). It reads the Claude Code SessionEnd JSON on stdin and runs, in order: registry unregister + gc, CLOSURE (mark the active session CLOSED), pending-item landed stamping, AUDIT (mapper ghost count), ABSORB (relevance decay + session_count reconcile under an exclusive lock), and the CIRCLE phase — a LOCAL git commit of .seif (provenance only). The hook does NOT push: cross-host propagation is owned by the daemon (personal-sync / compose-push capabilities — opt-in) or an explicit seif push, never the session-end hook. Informational: always exits 0.
wrapper claude-code session-start
SessionStart hook: emit SEIF context payload (reads hook JSON on stdin)
session-start is the Go port of the SEIF SessionStart hook. It reads the Claude Code SessionStart JSON on stdin, assembles the SEIF context payload (kernel seed, session contract, persistence routing, active modules, pending work, stale-session reconciliation, memory surface), writes the session contract, and prints the payload to stdout. Always exits 0 (informational).
If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr — hook verbs are meant to be invoked by the AI client, not run from a keyboard.
wrapper claude-code user-prompt-submit
UserPromptSubmit hook: lazy session materialization on first human prompt (reads hook JSON on stdin)
user-prompt-submit is the Go port of the SEIF UserPromptSubmit hook leg. It reads the Claude Code UserPromptSubmit JSON on stdin and best-effort materializes the session contract when lifecycle is enabled (memo D1 earliest trigger). Informational only: always exits 0, never blocks the prompt.
wrapper cursor before-file-edit
beforeFileEdit hook: advisory SEIF-CLAIM conflict notice (reads hook JSON on stdin)
before-file-edit is the Cursor beforeFileEdit hook backend. It reads hook JSON on stdin, probes active path claims, and prints a [SEIF CLAIM CONFLICT] notice to stderr when overlap is detected. Always exits 0 — CONTEXT not COMMAND.
wrapper cursor session-start
SessionStart hook: emit additional_context JSON (reads hook JSON on stdin)
session-start is the Go port of the Cursor sessionStart hook. It reads Cursor hook JSON on stdin, assembles the SEIF bootstrap (grounding kernel first), and prints {"additional_context":"..."} to stdout. Always exits 0.
If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.
wrapper gemini before-tool
BeforeTool hook: shell + classification gates for .seif/ workspace writes (reads hook JSON on stdin)
before-tool is the Go backend for the Gemini CLI BeforeTool hook. It reads Gemini's BeforeTool JSON on stdin and routes by tool name:
run_shell_command → shell-write / secret-read / exfil gate (CAN block, exit 2) write_file / replace → reserved-.seif/ + classification + credential gate (CAN block, exit 2)
Scope guard: inert (exit 0) when the invocation is outside a .seif/ workspace — protection only where there is a sovereign store to guard. Exit 2 sends stderr as the block reason back to the Gemini agent; the turn continues.
If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.
wrapper gemini session-start
SessionStart hook: emit SEIF context payload as additionalContext JSON (reads hook JSON on stdin)
session-start is the Go backend for the Gemini CLI SessionStart hook. It reads Gemini's hook JSON on stdin, assembles the SEIF bootstrap payload (grounding kernel first), and prints {"hookSpecificOutput":{"additionalContext":"..."}} to stdout. Always exits 0 (advisory — Gemini ignores continue/decision on SessionStart).
Requires the SEIF_ENGAGE=1 sentinel (set by seif start) to emit the payload;
a raw gemini session without it emits nothing and exits 0 (clean by default).
If stdin is an interactive terminal (not a piped hook event), exits 2 with a hint on stderr.