@brik64/cli 0.1.0-beta.1 → 0.1.0-beta.3

package/CONTRIBUTING.md

@@ -0,0 +1,38 @@
+# Contributing
+
+BRIK64 CLI is a public beta release repository maintained by BRIK64 INC.
+
+This repository is public for inspection, installation, issue reporting, release
+review, and package transparency.
+
+## Issues
+
+Issues are open for public bug reports, docs mismatches, release metadata
+problems, and reproducible CLI beta feedback.
+
+When opening an issue:
+
+- include the CLI version;
+- include the platform;
+- include the shortest reproduction command sequence;
+- redact secrets, private source, credentials, tokens, and customer data.
+
+Good issue categories:
+
+- CLI command behavior.
+- Install or package metadata mismatch.
+- GitHub Release, npm, or GitHub Packages mismatch.
+- Docs or changelog mismatch.
+- Platform packaging evidence gap.
+
+## Pull Requests
+
+External pull requests are not accepted for this repository. BRIK64 lands
+changes through authorized maintainers so release evidence, package metadata,
+public claims, licenses, checksums, workflows, and docs stay aligned.
+
+Please open an issue instead of a pull request.
+
+## Security
+
+Use `SECURITY.md` for vulnerability reporting guidance.

package/LICENSE

@@ -1,6 +1,71 @@
-All rights reserved.
+BRIK64 CLI PUBLIC BETA EVALUATION LICENSE
 
-This public beta repository is published for evaluation of the BRIK64 CLI 0.1
-candidate and its bounded local workflow. Use, redistribution, commercial use,
-and derivative works require a separate license from BRIK64 unless a later
-release explicitly states otherwise.
+Copyright (c) 2026 BRIK64 INC. All rights reserved.
+
+This package, including the BRIK64 CLI source, bundled PCD seed material,
+examples, package metadata, documentation, evidence artifacts, and release
+materials, is proprietary software and confidential know-how of BRIK64 INC
+except where a file explicitly states otherwise.
+
+1. Evaluation Permission
+
+BRIK64 INC grants you a limited, revocable, non-exclusive, non-transferable
+permission to download, install, and run this public beta release only for
+internal evaluation, local workflow testing, compatibility review, and feedback
+to BRIK64.
+
+2. Reserved Rights
+
+BRIK64 INC reserves all rights not expressly granted in this license. This
+license does not grant any ownership interest, patent license, trademark license,
+commercial distribution right, sublicensing right, hosted service right, resale
+right, or right to create derivative works for public or commercial use.
+
+3. Restrictions
+
+Without prior written permission from BRIK64 INC, you may not:
+
+- redistribute, mirror, sell, sublicense, rent, lease, or commercially exploit
+  this software;
+- publish modified versions or derivative works;
+- remove copyright, trademark, provenance, release, checksum, or evidence
+  notices;
+- use BRIK64 names, logos, marks, or release artifacts to imply endorsement or
+  certification;
+- use the beta in regulated, safety-critical, mission-critical, or production
+  systems as a certification authority.
+
+4. Beta Scope
+
+This public beta is provided for evaluation of local BRIK64 CLI workflows,
+PCD-oriented project structure, package validation, and bounded evidence review.
+Expanded platform support, production certification surfaces, and advanced
+compiler-methodology scopes are governed by BRIK64 release gates and written
+commercial terms.
+
+5. Feedback
+
+If you provide feedback, bug reports, ideas, or suggestions to BRIK64, you grant
+BRIK64 INC a perpetual, irrevocable, worldwide, royalty-free right to use that
+feedback to improve BRIK64 products and services without obligation to you.
+
+6. No Warranty
+
+This beta is provided as-is for evaluation. BRIK64 INC disclaims all warranties,
+express or implied, including merchantability, fitness for a particular purpose,
+non-infringement, and uninterrupted or error-free operation.
+
+7. Limitation Of Liability
+
+To the maximum extent permitted by law, BRIK64 INC is not liable for indirect,
+incidental, special, consequential, exemplary, punitive, or business interruption
+damages arising from this beta, even if advised of the possibility of such
+damages.
+
+8. Commercial Licensing
+
+For production, commercial, hosted, redistribution, partner, enterprise,
+regulated, or certification-oriented use, contact BRIK64 INC through the public
+company channels listed at https://brik64.com.
+
+This is not an open source license.

package/NOTICE

@@ -2,16 +2,17 @@ BRIK64 CLI Public Beta Notice
 
 Copyright (c) 2026 BRIK64 INC. All rights reserved.
 
-BRIK64 CLI 0.1 public beta is provided for evaluation of local PCD workflows,
-bounded evidence review, and claim-safe project scaffolding. The current public
-beta surface is focused on macOS local CLI usage, package validation, and
-versioned release evidence. Expanded platform support and stronger certification
-surfaces remain gated by the BRIK64 evidence process.
+BRIK64 CLI 0.1 public beta is proprietary software published for evaluation of
+local PCD workflows, bounded evidence review, and claim-safe project scaffolding.
+The current public beta surface is focused on macOS local CLI usage, package
+validation, and versioned release evidence. Expanded platform support and
+stronger certification surfaces remain governed by the BRIK64 evidence process
+and commercial licensing terms.
 
-Public product information: https://brik64.com/home-cli
+Public product information: https://brik64.com
 Documentation: https://docs.brik64.com/cli/install
 Repository: https://github.com/brik64/brik64-cli
 Package: https://www.npmjs.com/package/@brik64/cli
 
-Use, redistribution, commercial use, and derivative works require a separate
-license from BRIK64 unless a later release explicitly states otherwise.
+License: BRIK64 CLI Public Beta Evaluation License. This is not an open source
+license. See LICENSE for evaluation terms and reserved rights.

package/README.md

@@ -1,5 +1,18 @@
 # BRIK64 CLI
 
+```text
+╔══════════════════════════════════════════════════════╗
+║                                                      ║
+║   ██████╗ ██████╗  ██╗██╗  ██╗ ██████╗ ██╗  ██╗      ║
+║   ██╔══██╗██╔══██╗ ██║██║ ██╔╝██╔════╝ ██║  ██║      ║
+║   ██████╔╝██████╔╝ ██║█████╔╝ ███████╗ ███████║      ║
+║   ██╔══██╗██╔══██╗ ██║██╔═██╗ ██╔═══██╗╚════██║      ║
+║   ██████╔╝██║  ██║ ██║██║  ██╗╚██████╔╝     ██║      ║
+║   ╚═════╝ ╚═╝  ╚═╝ ╚═╝╚═╝  ╚═╝ ╚═════╝      ╚═╝      ║
+║                                                      ║
+╚══════════════════════════════════════════════════════╝
+```
+
 BRIK64 CLI is the public beta command-line surface for local BRIK64 project
 workflows. It gives developers a practical way to start working with
 PCD-oriented structure, local evidence review, and claim-safe project scaffolding
@@ -7,11 +20,65 @@ from their own machine.
 
 Generated code is easy to ship. Trust is the harder part. BRIK64 CLI is built
 for teams that want software work to carry clearer structure, repeatable
-evidence, and release language that stays aligned with verified artifacts.
+evidence, and release language that stays aligned with bounded artifacts.
+
+BRIK64 is based on Digital Circuitality: the idea that critical software should
+be shaped as inspectable, composable logic rather than treated only as text.
+In BRIK64 workflows, `.brik` project state, PCD seed material, local evidence,
+and release metadata are kept close to the code so a team can review how a
+software surface is described, packaged, and promoted.
+
+PCD, or Program Circuit Description, is the structural description layer used by
+BRIK64 to model software logic as reviewable pieces. In this beta, the CLI gives
+developers an entry point into that workflow: project scaffolding, local PCD
+examples, evidence files, package metadata, and public-beta release checks.
+Stronger certification and compiler claims remain governed by the evidence gates
+maintained in `brik64-prod`.
+
+Start from the BRIK64 homepage: https://brik64.com
+
+For install instructions, technical context, and methodology notes, read the
+docs: https://docs.brik64.com
+
+## Official Channels
+
+- Website: [brik64.com](https://brik64.com)
+- Docs: [docs.brik64.com](https://docs.brik64.com)
+- npmjs primary package:
+  [@brik64/cli](https://www.npmjs.com/package/@brik64/cli)
+- GitHub Releases:
+  [brik64/brik64-cli releases](https://github.com/brik64/brik64-cli/releases)
+- GitHub Packages mirror:
+  [@brik64/cli package mirror](https://github.com/brik64/brik64-cli/pkgs/npm/cli)
+- Agent skills:
+  [brik64-tools-skills](https://github.com/brik64/brik64-tools-skills)
+- Public beta roadmap:
+  [BRIK64 CLI beta project](https://github.com/orgs/brik64/projects/1)
+
+## Public Interaction Policy
+
+This repository is public for package inspection, release review, install
+metadata, bounded evidence review, and issue reporting.
+
+Allowed:
+
+- Open issues for reproducible CLI beta bugs.
+- Open issues for docs, release, npm, checksum, or install metadata mismatches.
+- Report security concerns through `SECURITY.md`.
+
+Not accepted:
+
+- External pull requests.
+- External direct commits.
+- Public edits to release evidence, license text, package metadata, workflows,
+  install paths, or public claim surfaces.
+
+BRIK64 lands changes through authorized maintainers so package metadata, public
+claims, checksums, licenses, release notes, and docs remain aligned.
 
 ## Status
 
-Current beta: `0.1.0-beta.1`
+Current beta: [`0.1.0-beta.3`](https://github.com/brik64/brik64-cli/releases/tag/v0.1.0-beta.3)
 
 This beta is intended for evaluation, local workflow trials, package smoke
 testing, and bounded PCD/evidence review. The current public beta surface is
@@ -37,9 +104,47 @@ brik --version
 brik help
 ```
 
-Public web surface: https://brik64.com/home-cli
+Public web surface: [brik64.com](https://brik64.com)
+
+Docs: [CLI install guide](https://docs.brik64.com/cli/install)
+
+GitHub Packages mirror:
+
+```sh
+npm install -g @brik64/cli@beta --registry=https://npm.pkg.github.com
+```
+
+The npmjs package remains the primary public install path. GitHub Packages is a
+GitHub-visible mirror for release inspection and organization package inventory.
+
+## CLI And Agent Skill
+
+BRIK64 is designed for humans and AI agents working together. Use the CLI for
+local project actions and the official `brik64` skill for agent behavior,
+claim-safe reporting, `.brik` traceability, PCD 1.0 workflow, and
+`AGENTS.md` managed-instruction rules.
+
+Skill repository:
+[brik64/brik64-tools-skills](https://github.com/brik64/brik64-tools-skills)
+
+Recommended agent workflow:
+
+```text
+read docs.brik64.com -> check current skill repo -> inspect repo state
+-> run brik commands -> preserve .brik traceability -> report bounded evidence
+```
+
+Install or read the official agent skill from the public skill repository before
+using BRIK64 agent workflows:
+
+```text
+https://github.com/brik64/brik64-tools-skills
+```
 
-Docs: https://docs.brik64.com/cli/install
+`brik init` prepares local BRIK64 metadata. It does not create or modify
+`AGENTS.md`. The current CLI beta does not expose `brik skill` subcommands; any
+agent instruction installation must remain explicit, reviewable, and
+consent-based.
 
 ## What It Does
 
@@ -51,26 +156,81 @@ Docs: https://docs.brik64.com/cli/install
 - Establishes the public package surface for controlled CLI evaluation and future
   SDK alignment.
 
+## Repository Map
+
+Use this map to understand what each public path contains before installing,
+auditing, or filing an issue.
+
+| Path | What it contains |
+| --- | --- |
+| `src/brik.js` | Executable Node.js entry point for the current public beta `brik` command. |
+| `tests/smoke.sh` | Local smoke test for version, help, init, skill install policy, status, and certify command behavior. |
+| `pcd/` | Candidate PCD seed material that describes the intended CLI command structure and composition path. |
+| `evidence/` | Public beta evidence notes and generated-review placeholders used for package inspection. |
+| `packaging/` | Platform packaging notes and local package review material for release lanes. |
+| `docs/` | Release, distribution, governance, platform, publishing, testing, and methodology documentation. |
+| `.github/` | Repository governance, CI, package publishing, CodeQL, Dependabot, issue templates, and maintainer ownership rules. |
+| `.brik/manifest.json` | BRIK64 project metadata for local traceability. It is not a certificate. |
+| `README.md` | Public entry point for installation, scope, repo map, release assets, and license summary. |
+| `LICENSE` | Proprietary beta license terms for BRIK64 CLI. |
+| `NOTICE` | Copyright and third-party notice surface. |
+| `SECURITY.md` | Security reporting policy and supported beta version scope. |
+| `CONTRIBUTING.md` | Public interaction policy: issues accepted, external pull requests not accepted. |
+| `package.json` | npm package metadata, executable mapping, scripts, package files, and beta keywords. |
+
+For a fuller file-by-file description, read
+[`docs/REPOSITORY_MAP.md`](docs/REPOSITORY_MAP.md).
+
 ## Current Scope
 
-The `0.1.0-beta.1` release is scoped to public beta evaluation. It is centered
+The `0.1.0-beta.3` release is scoped to public beta evaluation. It is centered
 on local developer workflow, macOS package validation, PCD seed material, and
 release evidence review. Production certification, expanded platform support,
 and advanced compiler-methodology claims are promoted only when the matching
 BRIK64 gates and evidence packs authorize that scope.
 
+
+## Release Assets
+
+Current beta availability:
+
+| Surface | Status | Link |
+| --- | --- | --- |
+| npmjs package | Primary public beta install path | [@brik64/cli on npm](https://www.npmjs.com/package/@brik64/cli) |
+| GitHub Release | Versioned release notes and beta asset review | [v0.1.0-beta.3](https://github.com/brik64/brik64-cli/releases/tag/v0.1.0-beta.3) |
+| GitHub Packages | GitHub-visible npm mirror for organization package inventory | [@brik64/cli mirror](https://github.com/brik64/brik64-cli/pkgs/npm/cli) |
+| Docs | Install and usage documentation | [CLI install guide](https://docs.brik64.com/cli/install) |
+| Website | Public product entry point | [brik64.com](https://brik64.com) |
+
+Current platform asset:
+
+- macOS Apple Silicon package for local CLI evaluation, listed in the
+  [v0.1.0-beta.3 GitHub Release](https://github.com/brik64/brik64-cli/releases/tag/v0.1.0-beta.3).
+
+Planned release lanes:
+
+- macOS Intel package after platform-specific package and smoke gates pass.
+- Debian/Ubuntu Linux packages after distro-specific build and install gates pass.
+- Windows PC package after Windows runner validation and install smoke pass.
+
+Each platform package should ship with its own artifact, checksum, install smoke,
+and release evidence before it is promoted on npm, GitHub Releases, docs, or
+brik64.com.
+
 ## Release Evidence
 
 The public beta package is tied to versioned release artifacts, checksums, and
 operator gates. Use the GitHub release assets and checksums to review the exact
 package candidate before treating any install path as authoritative.
 
-GitHub release: https://github.com/brik64/brik64-cli/releases/tag/v0.1.0-beta.1
+GitHub release:
+[v0.1.0-beta.3](https://github.com/brik64/brik64-cli/releases/tag/v0.1.0-beta.3)
 
 ## Copyright And License
 
 Copyright (c) 2026 BRIK64 INC. All rights reserved.
 
-See `LICENSE` and `NOTICE`. Use, redistribution, commercial use, and derivative
-works require a separate license from BRIK64 unless a later release explicitly
-states otherwise.
+See [LICENSE](LICENSE) and [NOTICE](NOTICE). BRIK64 CLI public beta is
+proprietary evaluation software from BRIK64 INC. Production, commercial,
+hosted, redistribution, partner, enterprise, regulated, or
+certification-oriented use requires written commercial terms from BRIK64 INC.

package/SECURITY.md

@@ -0,0 +1,54 @@
+# Security Policy
+
+BRIK64 CLI is public beta evaluation software from BRIK64 INC.
+
+## Supported Versions
+
+| Version | Status |
+| --- | --- |
+| `0.1.0-beta.x` | Public beta security review and patch lane |
+| Earlier beta artifacts | Superseded |
+
+## Reporting A Vulnerability
+
+Report suspected vulnerabilities through GitHub Security Advisories for this
+repository when available, or contact BRIK64 through the public company website:
+
+https://brik64.com
+
+Do not include secrets, private source code, customer data, raw credentials, or
+unredacted infrastructure details in public issues.
+
+Use public issues only for non-sensitive bugs, docs mismatches, package metadata,
+install failures, or release evidence questions. If an issue may expose a token,
+private path, customer data, unpublished source, infrastructure detail, or
+exploit path, use a private security report path instead.
+
+## Public Beta Scope
+
+Security review for this repository covers the public CLI package surface,
+release metadata, package workflows, local smoke tests, PCD seed files, and
+bounded evidence artifacts included with the beta.
+
+`brik64-prod` remains the authority for methodology, certification boundaries,
+evidence gates, compiler claim authorization, and release approval.
+
+## Disclosure Handling
+
+BRIK64 will triage reports by affected version, exploitability, package
+surface, and evidence impact. Fixes may be shipped as new beta versions,
+repository advisories, release notes, or docs updates depending on scope.
+
+## Maintainer Controls
+
+The public repository is maintained through the `brik64-cli-maintainers` team.
+External pull requests are not accepted. Changes to package metadata, release
+evidence, license text, workflows, public claims, or install paths must land
+through authorized maintainers, protected branch rules, and passing checks.
+
+## Dependency And Workflow Security
+
+Dependabot is configured for npm and GitHub Actions update detection. CodeQL
+default setup and CI smoke/package checks provide repository-level regression
+signals. These checks are operational security controls; they do not certify the
+CLI or expand the public beta claim boundary.

package/docs/BRIK_METHODOLOGY_TRANSITION.md

@@ -1,25 +1,26 @@
-# BRIK CLI Methodology Transition
+# BRIK64 CLI Methodology Transition
 
-## Rule
+This document describes how the CLI beta moves from a practical JavaScript
+package surface toward the BRIK64 PCD-first methodology.
 
-The initial beta can use scaffold and operational artifacts while the CLI is
-being made usable. Once the beta CLI is functionally validated, CLI semantics
-must move to BRIK64 methodology:
+## Transition Path
 
-1. create `.brik` project metadata;
-2. generate CLI PCDs as the semantic source;
-3. certify candidate PCDs through the active prod gates;
-4. compile the CLI through the approved compiler path;
-5. make future CLI iterations by modifying PCD logic, not by treating emitted
-   target code as the semantic source.
+The current beta can use operational source and package artifacts while the CLI
+is being made usable. As the methodology matures, the CLI should move through
+this path:
 
-## Boundary
+1. Maintain `.brik` project metadata for traceability.
+2. Expand CLI PCDs as the intended semantic source.
+3. Certify candidate PCDs through the active prod gates.
+4. Compile the CLI through the approved compiler path.
+5. Make future CLI iterations by modifying PCD logic before target output.
 
-This document does not claim current fixpoint, N5 authorization, public beta
-release readiness or Rust independence.
+## Current Boundary
 
-The transition is blocked until the initial CLI beta has real platform evidence
-and `brik64-prod` release gates allow promotion.
+The public beta remains centered on local CLI usage, package inspection, PCD
+seed review, and release evidence. Stronger methodology language should be
+promoted only after the matching `brik64-prod` gates and platform evidence
+authorize it.
 
 ## Required Evidence Before Stronger Claims
 

package/docs/DISTRIBUTION_ROADMAP.md

@@ -0,0 +1,41 @@
+# BRIK64 CLI Distribution Roadmap
+
+This roadmap tracks public beta distribution channels for BRIK64 CLI.
+
+## Current Public Channels
+
+- npmjs: primary package registry for `@brik64/cli`.
+- GitHub Releases: release notes, source archive, and platform assets.
+- GitHub Packages: organization-visible npm mirror, published separately from
+  npmjs through `publish-github-packages-beta.yml`.
+
+## Required Next Channels
+
+| Channel | Target | Status | Evidence Required |
+| --- | --- | --- | --- |
+| macOS Apple Silicon | npm/GitHub release asset | Current beta lane | package smoke, checksum, release manifest |
+| macOS Intel | GitHub release asset, curl, Homebrew | Planned | Intel runner/install smoke, checksum, release manifest |
+| Debian Linux | `.deb`, curl, apt-ready artifact | Planned | Debian build, install smoke, checksum, release manifest |
+| Ubuntu Linux | `.deb`, curl, apt-ready artifact | Planned | Ubuntu build, install smoke, checksum, release manifest |
+| Windows PC | installer/zip, GitHub release asset | Planned | Windows runner smoke, checksum, release manifest |
+| Homebrew | tap formula | Planned | formula audit, install smoke, checksum binding |
+| curl installer | GCP-hosted install script | Planned | signed script, checksum verification, HTTPS availability |
+
+## Automation Boundary
+
+Each channel must publish only after platform-specific package, install, checksum,
+and release-evidence gates pass. Docs, npm metadata, GitHub Releases,
+GitHub Packages, Homebrew, curl, and brik64.com should reference the same
+version and artifact evidence.
+
+## Project Tracking
+
+The GitHub Project should track each channel as a separate issue with:
+
+- target platform;
+- distribution channel;
+- required artifact;
+- smoke command;
+- checksum or signature requirement;
+- docs/Mintlify update requirement;
+- release blocker status.

package/docs/GITHUB_NPM_PUBLISHING.md

@@ -12,6 +12,11 @@ Use the manual workflow:
 .github/workflows/publish-npm-beta.yml
 ```
 
+This publishes to npmjs. It does not publish to GitHub Packages. Use
+`docs/GITHUB_PACKAGES_PUBLISHING.md` and
+`.github/workflows/publish-github-packages-beta.yml` for the separate GitHub
+Packages mirror.
+
 Inputs:
 
 - `version`: exact `package.json` version, for example `0.1.0-beta.1`.
@@ -20,9 +25,14 @@ Inputs:
 
 Required GitHub configuration:
 
-- Environment: `npm-beta`.
 - Secret: `NPM_TOKEN` with publish rights for `@brik64/cli`.
-- Recommended environment protection: require human approval before publish.
+- Manual confirmation input: `confirm_public_beta` must be typed for every
+  publish run.
+
+This workflow intentionally does not attach a GitHub deployment environment.
+Publishing an npm package is a package-release operation, not a web deployment,
+so keeping the workflow environment-free avoids misleading deployment-status
+labels in the public GitHub UI.
 
 ## Workflow Checks
 
@@ -35,7 +45,7 @@ The workflow:
 - requires `README.md` and `NOTICE`;
 - fails if the version already exists on npm;
 - publishes with public access and the selected dist-tag;
-- verifies npm version metadata and dist-tag after publish.
+- verifies npm version metadata, README filename/content metadata, tarball metadata, and dist-tag after publish. The workflow retries metadata reads because npm propagation can lag immediately after a successful publish.
 
 ## Trusted Publishing Upgrade
 
@@ -51,8 +61,9 @@ To migrate:
 3. Test one beta publish from GitHub Actions.
 4. After the trusted publisher works, restrict or revoke traditional npm tokens.
 
-Until the trusted publisher is configured on npmjs.com, keep using `NPM_TOKEN`
-in the protected `npm-beta` GitHub environment.
+Until the trusted publisher is configured on npmjs.com, keep using the
+repository or organization `NPM_TOKEN` secret with the manual confirmation
+input.
 
 ## Copy Boundary
 

package/docs/GITHUB_PACKAGES_PUBLISHING.md

@@ -0,0 +1,46 @@
+# GitHub Packages Publishing Runbook
+
+GitHub Packages is a separate npm registry mirror for organization visibility
+inside GitHub. Publishing `@brik64/cli` to npmjs does not create a visible
+package under the GitHub repository Packages tab.
+
+## Registry
+
+```text
+https://npm.pkg.github.com
+```
+
+Package:
+
+```text
+@brik64/cli
+```
+
+## Workflow
+
+Use the manual workflow:
+
+```text
+.github/workflows/publish-github-packages-beta.yml
+```
+
+Inputs:
+
+- `version`: exact `package.json` version, for example `0.1.0-beta.3`.
+- `dist_tag`: normally `beta`; use `latest` only when intentionally aligning the
+  GitHub Packages default install path.
+- `confirm_github_packages_beta`: must equal
+  `PUBLISH_BRIK64_CLI_GITHUB_PACKAGES`.
+
+The workflow uses `GITHUB_TOKEN` with `packages: write`. It does not need the
+npmjs `NPM_TOKEN`.
+
+## Boundary
+
+npmjs remains the primary public registry for install commands. GitHub Packages
+is a GitHub-visible mirror for release inspection, organization package
+inventory, and future internal automation.
+
+Do not treat GitHub Packages publication as new release evidence. It mirrors the
+same package version and must remain aligned with npmjs, GitHub Releases,
+docs.brik64.com, and brik64.com.