feat: 注册所有新命令到命令系统和工具注册表

- commands.ts: 注册所有新命令（memory-stores、vault、schedule 等），
  移除 require() 动态加载，统一为 ESM import
- tools.ts: 注册 LocalMemoryRecallTool、VaultHttpFetchTool
- 补充命令测试（bridge-kick、commit、commit-push-pr、init-verifiers）
- 补充工具测试（AgentTool、RemoteTrigger、SkillTool、WebFetch、WebSearch）
- 集成测试：autonomy-lifecycle-user-flow 更新
- 探测脚本和功能文档

Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>

scripts/probe-subscription-endpoints.ts

@@ -0,0 +1,136 @@
+#!/usr/bin/env bun
+/**
+ * Probe what /v1/* endpoints the subscription OAuth bearer can actually reach.
+ *
+ * Goal: ground-truth the auth-plane question. Some endpoints in the v2.1.123
+ * binary's reverse-engineered list might still accept subscription bearer
+ * tokens even though the binary itself only invokes them with workspace API
+ * keys. The only way to know is to actually call them and read the status.
+ *
+ * Strategy: send a low-risk GET to each candidate, record status + body
+ * preview. Never POST/DELETE/PATCH (could create/destroy real resources).
+ *
+ * Run: bun --feature AUTOFIX_PR scripts/probe-subscription-endpoints.ts
+ */
+
+import { getOauthConfig } from '../src/constants/oauth.ts'
+import {
+  getOAuthHeaders,
+  prepareApiRequest,
+} from '../src/utils/teleport/api.ts'
+import { enableConfigs } from '../src/utils/config.ts'
+
+// fork's config layer is gated; main entry calls enableConfigs() before any
+// reads. We bypass the entry point so we have to flip the gate ourselves.
+enableConfigs()
+
+// Endpoints harvested from `grep -aoE "/v1/[a-z_]+(/[a-z_-]+)*" claude.exe`
+const CANDIDATES: Array<{ path: string; betas: string[] }> = [
+  // Subscription plane (known-good baseline)
+  { path: '/v1/code/triggers', betas: ['ccr-triggers-2026-01-30'] },
+  { path: '/v1/code/sessions', betas: [] },
+  { path: '/v1/code/github/import-token', betas: [] },
+  { path: '/v1/sessions', betas: [] },
+
+  // Workspace plane suspects (the user wants ground-truth)
+  {
+    path: '/v1/agents',
+    betas: ['', 'managed-agents-2026-04-01', 'agents-2026-04-01'],
+  },
+  {
+    path: '/v1/vaults',
+    betas: ['', 'managed-agents-2026-04-01', 'vaults-2026-04-01'],
+  },
+  { path: '/v1/memory_stores', betas: ['', 'managed-agents-2026-04-01'] },
+  { path: '/v1/mcp_servers', betas: ['', 'managed-agents-2026-04-01'] },
+  { path: '/v1/projects', betas: [''] },
+  { path: '/v1/environments', betas: [''] },
+  { path: '/v1/environment_providers', betas: [''] },
+  { path: '/v1/skills', betas: ['', 'skills-2025-10-02'], query: '?beta=true' },
+
+  // Misc
+  { path: '/v1/models', betas: [''] },
+  { path: '/v1/files', betas: [''] },
+  { path: '/v1/oauth/hello', betas: [''] },
+  { path: '/v1/messages/count_tokens', betas: [''] },
+
+  // Workspace fact-check
+  { path: '/v1/certs', betas: [''] },
+  { path: '/v1/logs', betas: [''] },
+  { path: '/v1/traces', betas: [''] },
+  { path: '/v1/security/advisories/bulk', betas: [''] },
+  { path: '/v1/feedback', betas: [''] },
+] as Array<{ path: string; betas: string[]; query?: string }>
+
+async function probe(
+  baseUrl: string,
+  accessToken: string,
+  orgUUID: string,
+  candidate: { path: string; betas: string[]; query?: string },
+): Promise<void> {
+  for (const beta of candidate.betas) {
+    const headers: Record<string, string> = {
+      ...getOAuthHeaders(accessToken),
+      'x-organization-uuid': orgUUID,
+    }
+    if (beta) headers['anthropic-beta'] = beta
+    const url = `${baseUrl}${candidate.path}${candidate.query ?? ''}`
+    let status = 0
+    let body = ''
+    try {
+      const res = await fetch(url, {
+        method: 'GET',
+        headers,
+        signal: AbortSignal.timeout(8000),
+      })
+      status = res.status
+      body = (await res.text()).slice(0, 240).replace(/\s+/g, ' ').trim()
+    } catch (e: unknown) {
+      body = `(network) ${e instanceof Error ? e.message : String(e)}`
+    }
+    const betaLabel = beta || '<no-beta>'
+    const verdict =
+      status >= 200 && status < 300
+        ? 'OK'
+        : status === 401
+          ? 'AUTH'
+          : status === 403
+            ? 'FORBID'
+            : status === 404
+              ? 'NF'
+              : status === 400
+                ? 'BAD'
+                : status === 0
+                  ? 'NET'
+                  : `${status}`
+    const padded = candidate.path.padEnd(38)
+    const betaPad = betaLabel.padEnd(34)
+    console.log(
+      `  ${verdict.padEnd(6)} ${padded} ${betaPad}  ${body.slice(0, 110)}`,
+    )
+  }
+}
+
+async function main(): Promise<void> {
+  console.log(
+    '=== Probe subscription OAuth bearer against /v1/* candidates ===\n',
+  )
+  const { accessToken, orgUUID } = await prepareApiRequest()
+  const baseUrl = getOauthConfig().BASE_API_URL
+  console.log(`base:    ${baseUrl}`)
+  console.log(`orgUUID: ${orgUUID.slice(0, 8)}…\n`)
+  console.log(
+    '  STATUS PATH                                   BETA HEADER                         RESPONSE PREVIEW',
+  )
+  console.log(
+    '  ------ ------------------------------------   ----------------------------------  ---------------------------------------------',
+  )
+  for (const c of CANDIDATES) {
+    await probe(baseUrl, accessToken, orgUUID, c)
+  }
+  console.log(
+    '\nLegend: OK=2xx  AUTH=401  FORBID=403  NF=404  BAD=400  NET=network/timeout  <num>=other',
+  )
+}
+
+await main()