Deployability Profiles | CALL ANYTHING

Local Agent Loop · ready now

Prove one Hotline call on your machine first

Use this path for local development and first proof. dev:local:plan, up, status, logs, and down cover the managed local loop boot order, startup steps, relay/supervisor state, log-file metadata, and stop steps, with --json for dashboards or scripts. The core acceptance commands are dev:doctor, dev:doctor -- --json, test:agent-e2e, test:mcp-golden-four, and mcp:golden-four; they check supervisor health, caller-skill, MCP adapter wiring, the bundled workspace-summary Hotline, and signed result recovery. The command catalog labels dev:doctor as runtime_diagnostic and test:agent-e2e plus mcp:golden-four as runtime_acceptance, with no unmapped fallback. dev:doctor JSON emits prerequisites, runtime health, caller-skill checks, blockers, and next commands without raw logs or secret values.

Selfhost Platform · ready now

Run Platform as a private control plane

Use this path when a team wants private routing, catalog, token, and console management. selfhost:profiles first lists built-in profiles, deploy directories, services, and host ports, and --json makes the same profile selector data available to consoles, dashboards, or scripts; selfhost:quickstart gives the copy-paste command sequence for the selected profile, and --json lets management surfaces render those steps; selfhost:plan gives the selected profile purpose, deploy paths, services, URLs, safety checks, and notes, and --json lets generated docs, dashboards, or management scripts consume that map; selfhost:readiness -- --all gives a read-only readiness matrix for every built-in profile, while selfhost:readiness combines selected-profile files, .env, secret hygiene, public-stack origin/routes, URLs, host ports, and next commands into a deployment overview, and both forms can use corepack pnpm --silent run ... --json for clean JSON in CI, dashboards, or management scripts; selfhost:doctor then diagnoses local tools, profile files, .env, and secret/public-origin hygiene, and --json lets diagnostic panels show blockers; selfhost:init creates or hardens the .env with strong generated secrets, while corepack pnpm --silent run selfhost:init -- --json emits created/hardened metadata, secret hygiene, warnings, and next commands without printing secret values or URL prose; selfhost:summary gives a read-only one-screen overview of deploy paths, URLs, host ports, secret status, and next commands, and --json lets dashboards render that overview card; selfhost:urls shows URLs before startup, and --json lets dashboards or deployment scripts consume the URL inventory; selfhost:ports shows host ports before startup, and --json lets dashboards or deployment scripts consume the declared port inventory; selfhost:ops-report writes a non-secret handoff report with URLs, host ports, and secret status, and --json lets dashboards or management scripts consume the same handoff data; selfhost:preflight checks compose config, routes, and secret hygiene before services start, and --json lets deployment controllers consume the same gate; selfhost:status summarizes Docker compose service state, secret hygiene, and health endpoints after startup, and --json lets dashboards or management scripts consume runtime blockers; selfhost:config validates Docker compose config, and --json gives CI, dashboards, or management scripts pass/fail, blockers, and stderr metadata while omitting compose stdout that may contain environment values; selfhost:security-review is the pre-exposure review, and --json lets dashboards or deployment controllers consume blockers and the route contract; selfhost:audit-export saves audit evidence; selfhost:backup-plan emits a non-executing backup plan, and --json lets recovery rehearsal scripts consume the backup directory, steps, and next validation command; selfhost:backup-validate checks backup artifacts, and --json lets recovery rehearsal scripts consume file status and blockers; selfhost:restore-plan explains recovery rehearsal, and --json emits ordered recovery steps without running them; selfhost:rotate-plan emits a non-executing secret rotation checklist, and --json lets operator runbooks render backup-first, dry-run, confirm, restart, and smoke steps; selfhost:rotate --json / --confirm --json emits secret rotation dry-run or confirmed rotation metadata without printing new secret values.

All-in-One Demo · ready now

See the full product shape in one local profile

Use this path when a fresh operator wants caller, responder, relay, and platform together before splitting components. selfhost:quickstart -- --profile all-in-one gives the copy-paste path; selfhost:readiness -- --profile all-in-one, selfhost:init -- --profile all-in-one, selfhost:preflight -- --profile all-in-one, selfhost:up -- --profile all-in-one, selfhost:status -- --profile all-in-one, and selfhost:smoke -- --profile all-in-one form the inspect, env, start, and acceptance loop. The matching --json entry points appear in the deployability:commands all_in_one_demo pipeline / track and inherit the selfhost inherited safety posture without printing secret values into dashboards or handoff reports.

Recovery & Evidence · ready now

Make handoff, audit, backup, and rotation a filterable path

Use this path when an operator needs recovery readiness and evidence before launch or handoff. deployability:overview, deployability:dashboard, deployability:action-plan, deployability:handoff, and deployability:commands now expose recovery_evidence as a ready_now pipeline; corepack pnpm run deployability:commands -- --pipeline recovery_evidence filters the catalog to selfhost:ops-report, selfhost:audit-export, selfhost:backup-plan, selfhost:backup-validate, selfhost:restore-plan, selfhost:rotate-plan, and selfhost:rotate. The ops report writes a non-secret Markdown handoff, audit export reports export metadata, and backup / restore / rotate plans rehearse before execution; the safety matrix labels the commands as writes_report, exports_evidence, read_only, or writes_env so dashboards can show risk posture before services start.

Public Stack · ready now

Expose edge routes only after safety checks

Use this path when an operator is preparing public gateway, relay, platform-api, and console exposure. The public-stack profile lists the /healthz, /platform/healthz, /relay/healthz, /gateway/healthz, and /console/ route contract and fails when localhost public origins or placeholder secrets are still present.

Management Console · ready now

Move status, logs, approval, and onboarding into a surface

The console direction is to reduce terminal-only debugging. deployability:console / corepack pnpm --silent run deployability:console -- --json emits console_management_index, a read-only management index for runtime_status, settings_approval_policy, logs_guidance, billing_readiness, public_stack_console, and gateway_session surfaces. Runtime, Preferences, and Help explain profiles, adapter health, approval policy, logs, and billing readiness. Platform Console now also includes an admin-only Billing page. Public Stack exposes verifiable Operator Onboarding through /console/, the gateway session flow, published-image:plan --json, published-image:smoke, published-image:smoke -- --dry-run --json, published-image:smoke -- --image-tag <candidate-tag>, and operator:onboarding:check; operator:onboarding:plan --json emits the first-use phases, while operator:onboarding:check --json emits check results and blockers for CI, dashboards, or management scripts.

Safety contract

Fail before public exposure

secrets are generated instead of leaving TOKEN_SECRET, admin key, or bootstrap secret as change-me values
deployability:overview is a read-only map that does not read .env, call Docker, bind ports, or probe networks; --json emits pipeline, command, safety-note, and next-command metadata
deployability:quickstart is the read-only first-use guide after a fresh checkout; --json emits daily development, self-host, public-stack, and release-review tracks, steps, safety notes, and next commands without running commands, reading .env, or calling Docker
deployability:safety is a read-only safety posture matrix that explains whether each deployability, selfhost, dev, or release command writes files, starts or stops services, calls Docker, probes networks, prints private terminal text, or gates public exposure; --json emits the same matrix without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:explain / corepack pnpm --silent run deployability:explain -- --json emits operator_explainer, the read-only architecture, truth-source boundary, profile selection, public exposure gate, production hardening, and cross-repo validation explainer for operators and management UIs. It only projects existing metadata without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:production / corepack pnpm --silent run deployability:production -- --json emits production_hardening_review, the read-only production hardening boundary view that separates daily deployability from public exposure and formal production readiness, reports production_ready=false, and surfaces billing, email, marketplace, and formal release gates without reading .env, calling Docker, binding ports, probing networks, executing deployment commands, or printing secret values
The same deployability:production JSON also emits production_readiness_remediation_plan, the formal_production_readiness_remediation read-only management queue that orders prove_public_exposure_gate, define_billing_production_gate, define_email_transport_gate, define_marketplace_readiness_gate, define_formal_release_gate, and export_management_evidence for dashboards or agents. It shows evidence ownership and commands without presenting daily deployability as formal production readiness
corepack pnpm run deployability:hardening-plan / corepack pnpm --silent run deployability:hardening-plan -- --json emits production_hardening_plan, the hardening_plan_visible read-only management plan for public_exposure, billing_production, email_transport, marketplace_readiness, and formal_release. It breaks each track into owner_repo, stages, blocked_by, guardrails, next_commands, and evidence commands so management surfaces can show which owning repo must provide evidence next, without presenting the plan as production_ready or reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:readiness / corepack pnpm --silent run deployability:readiness -- --json emits the standalone daily-deployable scorecard for humans, CI, and management UIs, including profile choice, generated secrets, startup path, doctor path, runtime inspection, boundary understanding, brand-site story evidence, summary counts, blockers, warnings, safety notes, and next commands without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:prd / corepack pnpm --silent run deployability:prd -- --json emits prd_index, the read-only PRD document, audience, pipeline, management-surface, and safety-boundary index for planning reviews, dashboards, and brand-site alignment before the roadmap. It connects the ecosystem PRD and pipeline PRD to the daily-deployable with explicit safety gates goal without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:roadmap / corepack pnpm --silent run deployability:roadmap -- --json emits the read-only PRD milestone view for management UIs and planning reviews, returning daily_deployable_with_planned_hardening, satisfied / gated / planned milestones, console_management_surface, production_hardening_plan, PRD sources, evidence commands, remaining work, source status, and next commands without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:status / corepack pnpm --silent run deployability:status -- --json emits operator_status, the compact operator status for management first screens, projecting readiness and roadmap metadata into status cards, including the roadmap's console management, hardening plan, and public-stack recipe milestones, plus console_management_status, hardening_plan_status, source health, primary next commands, and safety defaults without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:gates / corepack pnpm --silent run deployability:gates -- --json emits gate_checklist, the read-only public exposure and production hardening gate checklist, projecting roadmap and command catalog metadata into gate cards without running security-review, Docker, network, or release commands or printing secret values
corepack pnpm run deployability:exposure / corepack pnpm --silent run deployability:exposure -- --json emits public_exposure_review, the non-destructive public-stack exposure blocker snapshot. It runs the existing security review, calls Docker only for compose config, does not start services or bind ports, and reports findings such as localhost public origin under exposure_blockers without printing secret values. It also emits operator_next_action; when PUBLIC_SITE_ADDRESS is localhost, the action is configure_public_stack_public_origin and points to repos/platform/deploy/public-stack/.env, selfhost:public-origin dry-run/apply commands, and the security-review rerun command. The same payload also emits pre_exposure_remediation_plan, an ordered pre-public-exposure checklist with configure_public_origin, rerun_security_review, run_operator_onboarding_check, run_published_image_dry_run, and export_public_stack_evidence steps
corepack pnpm run deployability:release -- --image-tag <candidate-tag> / corepack pnpm --silent run deployability:release -- --image-tag <candidate-tag> --json emits release_candidate_review, the non-destructive release candidate gate. It aggregates production hardening, public exposure, published-image plan, and dry-run smoke evidence, reports unmet items under release_blockers, and does not publish images or packages, start services, probe endpoints, or print secret values
corepack pnpm run deployability:operator-checklist -- --profile public-stack --image-tag <candidate-tag> / corepack pnpm --silent run deployability:operator-checklist -- --profile public-stack --image-tag <candidate-tag> --json emits public_stack_operator_checklist, the non-destructive public-stack operator checklist. It aggregates menu, recipe, onboarding, exposure / release gate, backup-plan, and handoff evidence into ready / blocked checklist items, reports unmet items under operator_blockers, and does not start services, probe endpoints, publish artifacts, or print secret values. It only supports public-stack; non-public-stack profiles receive an unsupported-profile blocker and should use profile-aware evidence / dashboard / handoff instead
corepack pnpm run deployability:doctor / corepack pnpm --silent run deployability:doctor -- --json emits a compatibility-ledger, top-level-script, docs, brand-site, and safety-contract alignment snapshot without reading .env, calling Docker, binding ports, probing networks, or printing secret values
top-level deployability, compatibility, release review, and daily dev doctor commands share strict option parsing: documented pnpm -- separators stay copy-pasteable, --json stays machine-readable, and typo examples such as corepack pnpm --silent run deployability:gates -- --jsno or corepack pnpm --silent run dev:doctor -- --jsno show that unknown options fail before nested checks run; release review rejects unknown options before it aggregates production, exposure, published-image plan, or dry-run smoke evidence, so typoed release arguments cannot be mistaken for a validated candidate review
corepack pnpm run deployability:dashboard / corepack pnpm --silent run deployability:dashboard -- --json emits a read-only aggregate payload for dashboards and CI, combining overview, quickstart, safety, doctor, compatibility, console_management_index, and production_hardening_plan sections, top-level profile_selector, ecosystem_readiness, and pipeline_summaries; ecosystem_readiness turns the daily-deployable definition into a scorecard for profile choice, generated secrets, startup path, doctor path, runtime inspection, boundary understanding, and brand-site story, and reports daily_deployable_with_safety_gates when every check passes; pipeline_summaries come from shared pipeline summary metadata, so dashboard and handoff expose the same contract for Local Agent Loop, All-in-One Demo, Selfhost Platform, Public Stack, Recovery & Evidence, Operator Onboarding, and Published Image: command_count, json_command_count, catalog_command_count, dashboard_safe_command_count, ci_safe_command_count, public_exposure_gate_count, next_commands, next_json_commands, and safety_notes; focused profile dashboards keep console and hardening-plan sections global because they are management context, not profile-specific runtime truth, without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:action-plan / corepack pnpm --silent run deployability:action-plan -- --json is the read-only next-action selector and operator action selector between dashboard and the full catalog; it combines dashboard and commands metadata by daily_dev, all_in_one_demo, selfhost_platform, public_stack, recovery_evidence, operator_onboarding, and published_image, then emits recommended commands, dashboard-safe commands, public-exposure gates, service-touching commands, next_json_commands, profile attention metadata, and recommended_profile_keys; attention.rank / attention.level / attention.reasons let management surfaces sort profile cards and highlight safety_gate profiles such as public_stack before public exposure; corepack pnpm run deployability:action-plan -- --list-profiles / corepack pnpm --silent run deployability:action-plan -- --list-profiles --json emits profile_list, profile keys, aliases, pipeline keys, and purposes without calling dashboard/catalog metadata; the same profile selector appears in deployability:quickstart, deployability:safety, and deployability:commands -- --track daily_dev as a first-use, read_only, dashboard-safe top-level command that management surfaces can discover; corepack pnpm run deployability:action-plan -- --profile <key-or-alias> focuses one profile, emits profile_filter, and keeps Action-plan profile-aware next_commands for dashboard, commands, and handoff on that profile, while unknown profile names return blockers; these paths do not read .env, call Docker, bind ports, probe networks, or print secret values
corepack pnpm run deployability:next / corepack pnpm --silent run deployability:next -- --json emits operator_next_decision, the single next-action decision for humans, dashboards, and agents. It combines menu, action-plan, and gates metadata, then returns selected_profile, operator_status_summary, decision, and source_status.direct_inputs. By default, while public exposure remains gated, it recommends corepack pnpm run selfhost:security-review -- --profile public-stack and includes detail_command / detail_json_command pointing to deployability:exposure, whose public_exposure_review payload can expose operator_next_action such as configure_public_stack_public_origin. corepack pnpm run deployability:next -- --profile all-in-one keeps dashboard, commands, and handoff next_commands on all-in-one. It does not execute the recommendation, read .env, call Docker, bind ports, probe networks, or print secret values
corepack pnpm run deployability:profiles / corepack pnpm --silent run deployability:profiles -- --json is the dedicated profile_catalog and profile-card catalog for management UIs, dashboards, CI, and operator docs. It emits labels, aliases, pipeline keys, status, counts, next commands, next_json_commands, safety notes, shared attention metadata, and recommended_profile_keys; corepack pnpm --silent run deployability:profiles -- --profile public-stack --json focuses public_stack and emits profile_filter, while unknown profile names return blockers. These cards are derived from overview, command, and doctor metadata, shared pipeline/profile summary helpers, and the shared profile registry without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:commands / corepack pnpm --silent run deployability:commands -- --json emits a read-only command catalog filterable by category, posture, track, and pipeline, merging overview, quickstart, and safety metadata; the same JSON payload includes filters.profiles, profile keys, aliases, pipeline keys, and purposes so dashboards can render the profile selector from the catalog; corepack pnpm --silent run deployability:commands -- --profile public-stack --json resolves the operator profile key or alias to the public_stack pipeline, returns only that command catalog, and reports unknown profiles as blockers; ready-now command paths no longer expose unmapped category / posture values; profile-specific command variants such as --profile all-in-one or --profile public-stack inherit their base command's inherited safety posture without reading .env, calling Docker, binding ports, probing networks, or printing secret values
corepack pnpm run deployability:runbook / corepack pnpm --silent run deployability:runbook -- --json emits the read-only profile_runbook index; corepack pnpm run deployability:runbook -- --profile public-stack / corepack pnpm --silent run deployability:runbook -- --profile public-stack --json orders the public_stack commands into inspect, gate, start, verify, operate, and evidence phases, keeps gate before start, and reuses the safety posture metadata from the profile_catalog and command catalog. Profile runbook next_commands keep dashboard and handoff on the selected profile. Unknown profiles return blockers; the command does not read .env, call Docker, bind ports, probe networks, or print secret values
corepack pnpm run deployability:menu / corepack pnpm --silent run deployability:menu -- --json emits the read-only operator menu: operator_status_summary, operator_status_cards, operator_next_decision, profile choices, attention, primary command, runbook, action-plan, dashboard, handoff, and command catalog entry points on one first screen. The status summary comes from menu-local profiles, commands, and console inputs and marks avoids_recursive_status_cli so it does not recursively call the full deployability:status command. The next decision comes from the selected profile and shared operator decision helper, marks avoids_recursive_next_cli so it does not recursively call deployability:next, and public-stack decisions keep detail_command / detail_json_command links to the public_exposure_review payload that can expose operator_next_action such as configure_public_stack_public_origin. corepack pnpm run deployability:menu -- --profile <key-or-alias> focuses one profile and keeps profile-aware next_commands on that profile instead of jumping back to public-stack. The public-stack focus still includes selected_runbook metadata plus selected_onboarding_plan from operator:onboarding:plan, so management surfaces can render preflight, /console/ setup, gateway credential setup, smoke/evidence, and onboarding contract validation without a second lookup. Unknown profiles return blockers. The menu does not read .env, call Docker, bind ports, probe networks, or print secret values
corepack pnpm run deployability:recipe -- --profile public-stack / corepack pnpm --silent run deployability:recipe -- --profile public-stack --json emits a linear first-run recipe that combines readiness, menu, runbook, and onboarding metadata into inspect, gate, start, verify, operate, and evidence steps, then returns copy_paste_commands. It does not execute commands, read .env, call Docker, bind ports, probe networks, or print secret values
corepack pnpm run deployability:console / corepack pnpm --silent run deployability:console -- --json emits console_management_index, the read-only Management Console index for runtime_status, settings_approval_policy, logs_guidance, billing_readiness, public_stack_console, and gateway_session surfaces. Each surface carries owner_repo, routes, evidence_commands, guardrails, remaining_work, and next_action; top-level surface_next_actions collects the action for every surface, including connect_console_runtime_status_sources, verify_console_settings_against_client_approval_policy, connect_console_logs_to_safe_log_metadata, and run_public_stack_gate_before_console_exposure, so management UIs can render owner repo and primary command todos. runtime_status now consumes the client-owned check:ops-console-runtime-surface evidence and reports client_owned_evidence_available when the Runtime page is wired to /status, /runtime/logs, /runtime/alerts, and secret-safety copy. settings_approval_policy also consumes the client-owned check:ops-console-settings-surface evidence and reports client_owned_evidence_available when Preferences / Access Lists are wired to /caller/global-policy, manual/allow_listed/allow_all, whitelist/Blocklist, and allow_all safety copy. logs_guidance also consumes the client-owned check:ops-console-logs-surface evidence and reports client_owned_evidence_available when Runtime / Help are wired to /runtime/logs, /runtime/alerts, caller/responder/relay log services, log filtering metadata, selfhost:logs, and secret-safety copy. Roadmap presents it as console_management_surface, and status presents it as console_management_status. It does not start the console, read .env, call Docker, bind ports, probe networks, or print secret values
corepack pnpm run deployability:evidence -- --profile public-stack / corepack pnpm --silent run deployability:evidence -- --profile public-stack --json writes a non-secret evidence bundle for management review, collecting manifest, focused dashboard/menu/recipe/handoff/command-catalog JSON, and handoff Markdown; the same entry point supports --profile all-in-one, and next_commands stay on the current profile for dashboard / handoff / evidence instead of jumping back to public-stack. It does not read .env, call Docker, bind ports, probe networks, or print secret values
corepack pnpm run test:deployability is the top-level deployability regression suite covering overview, quickstart, safety, doctor, dashboard, pipeline summaries, commands, handoff, and compat status; corepack pnpm run test:deployability-operations is the operator-facing deployment and management regression gate; deployability:overview lists both in next commands, deployability:safety gives both the top-level contract_test posture, and deployability:commands exposes both in the searchable command catalog; they are CI-safe and not dashboard JSON data sources
compat:status is a read-only compatibility-ledger snapshot; --json emits current bundle, submodule SHA matches, dirty submodule warnings, blockers, and next validation commands without reading .env, calling Docker, or printing secret values
deployability:dashboard -- --json and deployability:handoff -- --json both lift command-catalog filters.profiles into top-level profile_selector with profile keys, aliases, pipeline keys, and purposes, so management surfaces can render profile choices without parsing sections.commands.filters.profiles or calling runtime commands; both payloads also emit profile_summaries, joining aliases, purpose, status, command counts, exposure gates, next commands, safety notes, and shared attention metadata into one UI-card-ready array, plus recommended_profile_keys so dashboard / handoff consumers can sort profile cards and highlight safety_gate without calling action-plan separately; corepack pnpm --silent run deployability:dashboard -- --profile public-stack --json and corepack pnpm --silent run deployability:handoff -- --profile public-stack --json reuse the same resolver to emit profile_filter, focus command catalog, pipeline_summaries, and profile_summaries on public_stack, and keep ecosystem_readiness as the global daily-deployable scorecard; these focused public-stack examples are also discoverable from deployability:quickstart and deployability:commands -- --track daily_dev
deployability:handoff writes a non-secret ecosystem handoff report under exports/deployability/; --json emits current bundle, compatibility status, command-map, profile_selector, ecosystem_readiness, safety-note, and next-validation metadata without reading .env, calling Docker, or probing networks; handoff JSON includes ecosystem_readiness so operators can carry the daily_deployable_with_safety_gates state into the report
dev:local:plan / up / status / logs / down --json emit machine-readable metadata for the local Agent Loop; lifecycle JSON does not print child command stdout, and logs JSON does not print raw log lines because relay/supervisor logs may contain sensitive runtime output
dev:doctor -- --json emits machine-readable daily local doctor prerequisites, runtime health, caller-skill checks, blockers, and next commands without raw logs or secret values; its command catalog posture is runtime_diagnostic, while test:agent-e2e and mcp:golden-four are runtime_acceptance
selfhost:profiles is a profile deployment map that does not read .env or touch Docker; --json can feed profile selectors
selfhost:quickstart prints the recommended command sequence for a profile without running it; --json can feed management-step rendering
selfhost:plan prints the selected profile purpose, deploy paths, services, URLs, safety checks, and notes without calling Docker or reading secrets; --json can feed generated docs, dashboards, and management scripts
selfhost:readiness -- --all gives a read-only matrix for every built-in profile; selfhost:readiness gives one selected-profile overview; corepack pnpm --silent run ... --json emits machine-readable status for CI, dashboards, and management scripts
selfhost:doctor diagnoses local tools, profile files, .env, and public-origin hygiene before startup; --json can feed diagnostic panels with blockers
selfhost:init -- --json emits created/hardened .env metadata, secret hygiene, warnings, and next commands without printing secret values or URL prose
startup, status, smoke, logs, and stop commands avoid secret values; selfhost:up --json emits startup metadata without command stdout, selfhost:status --json can feed dashboards with service state, selfhost:smoke --json emits post-start acceptance metadata without compose config stdout, selfhost:logs --json emits log command metadata without raw log stdout, and selfhost:down --json emits stop command metadata without compose stdout
public-stack does not turn unsafe public origins into a green ready state
selfhost:summary shows deploy paths, URLs, host ports, secret status, and next commands in one read-only screen; --json can render overview cards
selfhost:urls lists declared profile URLs before startup without calling Docker or probing the network; --json can feed dashboards and deployment scripts
selfhost:ports lists declared profile host ports before startup without binding sockets; --json can feed dashboards and deployment scripts
selfhost:public-origin -- --profile public-stack --origin <public-origin> is the safe PUBLIC_SITE_ADDRESS management entry for public-stack. It defaults to dry-run without writing .env; --confirm writes only PUBLIC_SITE_ADDRESS plus a sidecar backup, refuses localhost, loopback, bind addresses, missing protocols, and non-HTTPS public origins, and its JSON output does not print secret values
selfhost:preflight runs the secret hygiene, compose config, and route gate before startup; --json can feed deployment controllers with blockers and safety notes
selfhost:config --json emits compose config pass/fail, blockers, and stderr metadata, but omits compose stdout that may contain environment values
selfhost:ops-report writes a Markdown handoff report with URLs, host ports, and secret status, not secret values; --json emits the same handoff data for dashboards or management scripts
selfhost:security-review reviews secrets, routes, backup, rotation, and smoke prerequisites before public exposure; --json emits blockers, the route contract, and safety notes
selfhost:audit-export writes local audit JSON without printing the admin key; --json emits export metadata without the admin key or exported audit body
selfhost:backup-plan prints a backup plan only, without copying files, dumping the database, or reading secrets; --json emits the backup directory, steps, and next validation command for recovery rehearsal scripts
selfhost:backup-validate checks backup file presence and size without reading or printing .env secrets; --json emits file status and blockers for recovery rehearsal scripts
selfhost:restore-plan prints recovery rehearsal only; it does not stop services or import SQL; --json emits ordered steps for recovery rehearsal scripts
selfhost:rotate-plan prints a secret rotation checklist only, without reading or modifying .env; --json emits rotation steps and safety notes for operator runbooks
selfhost:rotate -- --profile public-stack --json / --confirm --json emits rotation dry-run or confirmed rotation metadata without printing secret values
published-image:smoke -- --dry-run --json emits machine-readable smoke command metadata and dry-run status for published images without starting Docker, printing delegated smoke stdout, or printing secret env values; the real published-image:smoke -- --image-tag <candidate-tag> command is delegated_smoke in the command catalog
billing is a P-1 M1.2 admin-only management surface, not a production-ready or client-facing default

Overview command map

corepack pnpm run deployability:overview
corepack pnpm --silent run deployability:overview -- --json
corepack pnpm run deployability:quickstart
corepack pnpm --silent run deployability:quickstart -- --json
corepack pnpm run deployability:safety
corepack pnpm --silent run deployability:safety -- --json
corepack pnpm run deployability:explain
corepack pnpm --silent run deployability:explain -- --json
corepack pnpm run deployability:production
corepack pnpm --silent run deployability:production -- --json
corepack pnpm run deployability:hardening-plan
corepack pnpm --silent run deployability:hardening-plan -- --json
corepack pnpm run deployability:readiness
corepack pnpm --silent run deployability:readiness -- --json
corepack pnpm run deployability:roadmap
corepack pnpm --silent run deployability:roadmap -- --json
corepack pnpm run deployability:status
corepack pnpm --silent run deployability:status -- --json
corepack pnpm run deployability:gates
corepack pnpm --silent run deployability:gates -- --json
corepack pnpm run deployability:exposure
corepack pnpm --silent run deployability:exposure -- --json
corepack pnpm run deployability:release -- --image-tag <candidate-tag>
corepack pnpm --silent run deployability:release -- --image-tag <candidate-tag> --json
corepack pnpm run deployability:operator-checklist -- --profile public-stack --image-tag <candidate-tag>
corepack pnpm --silent run deployability:operator-checklist -- --profile public-stack --image-tag <candidate-tag> --json
corepack pnpm run deployability:doctor
corepack pnpm --silent run deployability:doctor -- --json
corepack pnpm run deployability:dashboard
corepack pnpm --silent run deployability:dashboard -- --json
corepack pnpm run deployability:dashboard -- --profile public-stack
corepack pnpm --silent run deployability:dashboard -- --profile public-stack --json
corepack pnpm run deployability:next
corepack pnpm --silent run deployability:next -- --json
corepack pnpm run deployability:next -- --profile public-stack
corepack pnpm --silent run deployability:next -- --profile public-stack --json
corepack pnpm run deployability:profiles
corepack pnpm --silent run deployability:profiles -- --json
corepack pnpm run deployability:profiles -- --profile public-stack
corepack pnpm --silent run deployability:profiles -- --profile public-stack --json
corepack pnpm run deployability:action-plan
corepack pnpm --silent run deployability:action-plan -- --json
corepack pnpm run deployability:action-plan -- --list-profiles
corepack pnpm --silent run deployability:action-plan -- --list-profiles --json
corepack pnpm run deployability:action-plan -- --profile public-stack
corepack pnpm --silent run deployability:action-plan -- --profile public-stack --json
corepack pnpm run deployability:commands
corepack pnpm --silent run deployability:commands -- --json
corepack pnpm run deployability:runbook
corepack pnpm --silent run deployability:runbook -- --json
corepack pnpm run deployability:menu
corepack pnpm --silent run deployability:menu -- --json
corepack pnpm run deployability:menu -- --profile public-stack
corepack pnpm --silent run deployability:menu -- --profile public-stack --json
corepack pnpm run deployability:runbook -- --profile public-stack
corepack pnpm --silent run deployability:runbook -- --profile public-stack --json
corepack pnpm run deployability:commands -- --profile public-stack
corepack pnpm --silent run deployability:commands -- --profile public-stack --json
corepack pnpm run compat:status
corepack pnpm --silent run compat:status -- --json
corepack pnpm run deployability:handoff
corepack pnpm --silent run deployability:handoff -- --json
corepack pnpm run deployability:handoff -- --profile public-stack
corepack pnpm --silent run deployability:handoff -- --profile public-stack --json
corepack pnpm run test:deployability
corepack pnpm run test:deployability-operations

Local Agent Loop

corepack pnpm run dev:local:plan
corepack pnpm --silent run dev:local:plan -- --json
corepack pnpm run dev:local:up
corepack pnpm --silent run dev:local:up -- --json
corepack pnpm run dev:local:status
corepack pnpm --silent run dev:local:status -- --json
corepack pnpm run dev:local:logs
corepack pnpm --silent run dev:local:logs -- --json
corepack pnpm run dev:local:down
corepack pnpm --silent run dev:local:down -- --json
corepack pnpm run dev:doctor
corepack pnpm --silent run dev:doctor -- --json
corepack pnpm run test:agent-e2e
corepack pnpm run mcp:golden-four

Selfhost preflight

corepack pnpm run selfhost:profiles
corepack pnpm --silent run selfhost:profiles -- --json
corepack pnpm run selfhost:quickstart
corepack pnpm --silent run selfhost:quickstart -- --json
corepack pnpm run selfhost:plan
corepack pnpm --silent run selfhost:plan -- --json
corepack pnpm run selfhost:readiness -- --all
corepack pnpm --silent run selfhost:readiness -- --all --json
corepack pnpm run selfhost:readiness
corepack pnpm --silent run selfhost:readiness -- --json
corepack pnpm run selfhost:doctor
corepack pnpm --silent run selfhost:doctor -- --json
corepack pnpm run selfhost:init
corepack pnpm --silent run selfhost:init -- --json
corepack pnpm run selfhost:summary
corepack pnpm --silent run selfhost:summary -- --json
corepack pnpm run selfhost:urls
corepack pnpm --silent run selfhost:urls -- --json
corepack pnpm run selfhost:ports
corepack pnpm --silent run selfhost:ports -- --json
corepack pnpm run selfhost:preflight
corepack pnpm --silent run selfhost:preflight -- --json
corepack pnpm run selfhost:up
corepack pnpm --silent run selfhost:up -- --json
corepack pnpm run selfhost:status
corepack pnpm --silent run selfhost:status -- --json
corepack pnpm run selfhost:smoke
corepack pnpm --silent run selfhost:smoke -- --json
corepack pnpm run selfhost:logs
corepack pnpm --silent run selfhost:logs -- --json
corepack pnpm run selfhost:down
corepack pnpm --silent run selfhost:down -- --json
corepack pnpm run selfhost:config
corepack pnpm --silent run selfhost:config -- --json

All-in-one demo

corepack pnpm run selfhost:quickstart -- --profile all-in-one
corepack pnpm --silent run selfhost:quickstart -- --profile all-in-one --json
corepack pnpm run selfhost:readiness -- --profile all-in-one
corepack pnpm --silent run selfhost:readiness -- --profile all-in-one --json
corepack pnpm run selfhost:init -- --profile all-in-one
corepack pnpm --silent run selfhost:init -- --profile all-in-one --json
corepack pnpm run selfhost:preflight -- --profile all-in-one
corepack pnpm --silent run selfhost:preflight -- --profile all-in-one --json
corepack pnpm run selfhost:up -- --profile all-in-one
corepack pnpm --silent run selfhost:up -- --profile all-in-one --json
corepack pnpm run selfhost:status -- --profile all-in-one
corepack pnpm --silent run selfhost:status -- --profile all-in-one --json
corepack pnpm run selfhost:smoke -- --profile all-in-one
corepack pnpm --silent run selfhost:smoke -- --profile all-in-one --json

Recovery & evidence

corepack pnpm run deployability:commands -- --pipeline recovery_evidence
corepack pnpm --silent run deployability:commands -- --pipeline recovery_evidence --json
corepack pnpm run selfhost:ops-report
corepack pnpm --silent run selfhost:ops-report -- --json
corepack pnpm run selfhost:audit-export
corepack pnpm --silent run selfhost:audit-export -- --json
corepack pnpm run selfhost:backup-plan
corepack pnpm --silent run selfhost:backup-plan -- --json
corepack pnpm run selfhost:backup-validate -- --backup-dir backups/selfhost/platform/<stamp>
corepack pnpm --silent run selfhost:backup-validate -- --backup-dir backups/selfhost/platform/<stamp> --json
corepack pnpm run selfhost:restore-plan -- --backup-dir backups/selfhost/platform/<stamp>
corepack pnpm --silent run selfhost:restore-plan -- --backup-dir backups/selfhost/platform/<stamp> --json
corepack pnpm run selfhost:rotate-plan
corepack pnpm --silent run selfhost:rotate-plan -- --json
corepack pnpm --silent run selfhost:rotate -- --json

Public stack safety

corepack pnpm run selfhost:quickstart -- --profile public-stack
corepack pnpm --silent run selfhost:quickstart -- --profile public-stack --json
corepack pnpm run selfhost:plan -- --profile public-stack
corepack pnpm --silent run selfhost:plan -- --profile public-stack --json
corepack pnpm run selfhost:readiness -- --profile public-stack
corepack pnpm --silent run selfhost:readiness -- --profile public-stack --json
corepack pnpm run selfhost:doctor -- --profile public-stack
corepack pnpm --silent run selfhost:doctor -- --profile public-stack --json
corepack pnpm run selfhost:init -- --profile public-stack
corepack pnpm --silent run selfhost:init -- --profile public-stack --json
corepack pnpm run selfhost:summary -- --profile public-stack
corepack pnpm --silent run selfhost:summary -- --profile public-stack --json
corepack pnpm run selfhost:urls -- --profile public-stack
corepack pnpm --silent run selfhost:urls -- --profile public-stack --json
corepack pnpm run selfhost:ports -- --profile public-stack
corepack pnpm --silent run selfhost:ports -- --profile public-stack --json
corepack pnpm run selfhost:public-origin -- --profile public-stack --origin <public-origin>
corepack pnpm --silent run selfhost:public-origin -- --profile public-stack --origin <public-origin> --json
corepack pnpm --silent run selfhost:public-origin -- --profile public-stack --origin <public-origin> --confirm --json
corepack pnpm run selfhost:ops-report -- --profile public-stack
corepack pnpm --silent run selfhost:ops-report -- --profile public-stack --json
corepack pnpm run selfhost:preflight -- --profile public-stack
corepack pnpm --silent run selfhost:preflight -- --profile public-stack --json
corepack pnpm run selfhost:up -- --profile public-stack
corepack pnpm --silent run selfhost:up -- --profile public-stack --json
corepack pnpm run selfhost:status -- --profile public-stack
corepack pnpm --silent run selfhost:status -- --profile public-stack --json
corepack pnpm run selfhost:smoke -- --profile public-stack
corepack pnpm --silent run selfhost:smoke -- --profile public-stack --json
corepack pnpm run selfhost:logs -- --profile public-stack
corepack pnpm --silent run selfhost:logs -- --profile public-stack --json
corepack pnpm run selfhost:down -- --profile public-stack
corepack pnpm --silent run selfhost:down -- --profile public-stack --json
corepack pnpm run selfhost:config -- --profile public-stack
corepack pnpm --silent run selfhost:config -- --profile public-stack --json
corepack pnpm run selfhost:security-review -- --profile public-stack
corepack pnpm --silent run selfhost:security-review -- --profile public-stack --json
corepack pnpm run selfhost:audit-export -- --profile public-stack
corepack pnpm --silent run selfhost:audit-export -- --profile public-stack --json
corepack pnpm run selfhost:backup-plan -- --profile public-stack
corepack pnpm --silent run selfhost:backup-plan -- --profile public-stack --json
corepack pnpm run selfhost:backup-validate -- --profile public-stack --backup-dir backups/selfhost/public-stack/<stamp>
corepack pnpm --silent run selfhost:backup-validate -- --profile public-stack --backup-dir backups/selfhost/public-stack/<stamp> --json
corepack pnpm run selfhost:restore-plan -- --profile public-stack --backup-dir backups/selfhost/public-stack/<stamp>
corepack pnpm --silent run selfhost:restore-plan -- --profile public-stack --backup-dir backups/selfhost/public-stack/<stamp> --json
corepack pnpm run selfhost:rotate-plan -- --profile public-stack
corepack pnpm --silent run selfhost:rotate-plan -- --profile public-stack --json
corepack pnpm --silent run selfhost:rotate -- --profile public-stack --json
corepack pnpm --silent run selfhost:rotate -- --profile public-stack --confirm --json

Operator onboarding

corepack pnpm run operator:onboarding:plan
corepack pnpm --silent run operator:onboarding:plan -- --json
corepack pnpm run operator:onboarding:check
corepack pnpm --silent run operator:onboarding:check -- --json
corepack pnpm run published-image:plan
corepack pnpm --silent run published-image:plan -- --json
corepack pnpm run published-image:smoke -- --image-tag latest
corepack pnpm run published-image:smoke -- --image-tag <candidate-tag>
corepack pnpm --silent run published-image:smoke -- --dry-run --image-tag <candidate-tag> --json

DEPLOYABILITY FAQ

3 questions before first deployment

These answers only claim what the current stack can verify. Planned surfaces stay visibly planned.

How is this different from the quick starts?

The quick starts help you run the smallest Caller or Responder loop first. Deployability Profiles explain when to use Local Agent Loop, Selfhost Platform, Public Stack, and Management Console, including what is ready now and what remains planned.

Why should public-stack fail in some configurations?

Because public exposure should fail before unsafe defaults go live. The public-stack preflight checks placeholder secrets, unsafe public origins, compose config, and edge route contracts.

Is Selfhost a different product?

No. Selfhost is the same Platform control-plane shape deployed privately. The protocol and call shape stay the same; the operator controls data, secrets, logs, console, and exposure boundaries.

Where to continue

This page explains profiles and safety boundaries. Continue into one runnable loop, one architecture boundary page, or the console management prototype.

Caller Quick Start

Run the smallest local caller loop before choosing a larger deployment profile.

local loop · caller

Protocol Architecture

Understand control plane, data plane, and why Platform and Selfhost share the same operating shape.

architecture · boundary

Runtime Console

See how the management surface presents profiles, adapter health, logs, and billing readiness; Platform Console has an admin-only Billing page.

console · management

Responder Quick Start

Start here if your goal is to provide a capability through a Hotline.

responder · hotline

Deployability profilesmanagement and safety boundaries