The arg CLI is the only sanctioned way to read or modify the registry. Available system-wide via /usr/local/bin/arg (symlink to /root/.claude/system/bin/arg).
arg list <category> # list rows (id + name + state) in a category
arg show <category> <id> # full JSON for one row
arg help # full subcommand surface
Valid categories: accounts, keys, hosts, data_stores, products, channels, subsystems, agents, grants, skills, capabilities, boundaries, routines.
echo '{"id":"...","name":"..."}' | arg add <category> --json -
Sub-agents are denied this command. There is no built-in remove — manual JSON edit + arg validate to confirm. Future Phase 5++ may add arg remove if churn warrants.
arg probe <id> # run one probe, write structured result to events
arg probe-all # probe everything (slow, used after batch wires)
arg probe-all --critical # probe only critical rows whose freshness budget expired
Probe respects min_interval_seconds (cache layer at observability/probe_status.json). Force-bypass = manually delete the row from probe_status.json then re-run.
The cron entrypoint /opt/agent/scripts/arg_probe_critical.sh runs arg probe-all --critical every 30 minutes.
arg resolve <cap-id> # JSON: {state, blocking, warnings, required_actions, ...}
The heart of the system. Walks deps, applies policy, returns one of: yes, yes-after-probe, yes-after-approval, no, blocked-by-policy. Always JSON; state field is the headline.
arg status # 4-state counts (fresh/stale/red/unknown)
arg status --critical-red # JSON list of critical rows currently red
arg events tail -n 50 # tail the day's NDJSON journal
arg events grep <pattern> # search across all journals (gzip-aware)
Common patterns:
arg events grep policy_block # what the hook blocked
arg events grep autofix_run # what autofix repaired
arg events grep capability_resolved # all resolve calls
arg inbox list # pending proposals
arg inbox accept <prop-id> # promote to canonical (main Brian only)
arg inbox reject <prop-id> --reason "..."
Proposals default approval_required: True (mined proposals from arg_capability_miner.py are extra cautious).
arg render-views # regenerate /views/*.md from JSON (after manual edits)
arg validate # full validation pass (jsonschema + ad-hoc + invariants)
arg validate runs three layers:
1. Shape — JSON parses, ids match ^[a-z][a-z0-9_]*\.[a-z0-9_.]+$, no duplicates within or across files.
2. jsonschema (Draft 2020-12) — required fields, enum values, type checks.
3. Invariants — critical-needs-probe, grant-parties-resolve, money-cap-needs-money-policy, deny_unless_brian_account scope sanity.
Exit code: 0 if clean, 1 if any problems found.
# "can I publish to FB right now?"
arg resolve cap.publish.fb_page_post
# "what's blocking the daily cross-post?"
arg resolve cap.publish.daily_cross_post | jq '.blocking'
# "show me everything red"
arg status --critical-red | jq '.[].id'
# "did the policy hook block anything today?"
arg events grep '"event_type":"policy_block"'
# "what happened in the last hour"
arg events tail -n 200 | jq -r 'select(.event_type) | "\(.ts) \(.event_type) \(.target // .rule_id)"'