@jterrats/open-orchestra 1.0.17 → 1.1.0

package/docs/release-test-matrix.md

@@ -65,20 +65,20 @@ GitHub Actions secret.
 
 ## Required Flows
 
-| Flow                   | Command                               | Evidence                                                                                                                                                               |
-| ---------------------- | ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Source quality gate    | `npm run precommit`                   | lint, typecheck, secret scan, security audit, build, unit tests, workflow validation                                                                                   |
-| Secret scanning gate   | `npm run secret-scan`                 | Gitleaks scan with `.gitleaks.toml` when the binary is installed; lightweight fallback for offline local development                                                   |
-| Duplicate-code gate    | `npm run duplicates`                  | jscpd duplicate-code report with generated/runtime outputs excluded and collection-standards follow-up for duplicated domain lists                                     |
-| Task split guard       | `node --test test/task-split-assessment.test.js` | PO/BA functional oversize, Architect technical complexity, routine small-task non-blocking behavior, and markdown evidence rendering                                    |
-| Sonar quality gate     | GitHub Actions: `Sonar` or local SonarQube import | conditional quality gate for duplication, bugs, code smells, maintainability, coverage readiness, and security hotspots when a Sonar provider is configured           |
-| Browser E2E            | `npm run test:e2e`                    | Playwright checks map scenario acceptance criteria to visible UI state, API persistence, artifact attachment, responsive layout, and recovery behavior                 |
-| Installed package init | `npm run test:e2e:init`               | Installed CLI checks map scenario acceptance criteria to stdout, stderr, exit code, filesystem state, JSON contracts, evidence records, and release-readiness outcomes |
-| Runtime manual queue   | `npm run test:e2e:runtime`            | Temporary-workspace runtime checks prove manual spawn requests queue under delegate pressure and expose queued artifacts through runtime sessions                      |
-| Public site build      | `npm run site:build`                  | production site build                                                                                                                                                  |
-| Release readiness      | `orchestra release check --json`      | `releaseReadiness` and `gaReadiness` report                                                                                                                            |
-| Package contents       | `npm pack --dry-run --json`           | package file list and provenance check                                                                                                                                 |
-| Performance budgets    | `npm run performance:bench -- --json` | CLI and web API timings on a synthetic large workspace                                                                                                                 |
+| Flow                   | Command                                           | Evidence                                                                                                                                                               |
+| ---------------------- | ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Source quality gate    | `npm run precommit`                               | lint, typecheck, secret scan, security audit, build, unit tests, workflow validation                                                                                   |
+| Secret scanning gate   | `npm run secret-scan`                             | Gitleaks scan with `.gitleaks.toml` when the binary is installed; lightweight fallback for offline local development                                                   |
+| Duplicate-code gate    | `npm run duplicates`                              | jscpd duplicate-code report with generated/runtime outputs excluded and collection-standards follow-up for duplicated domain lists                                     |
+| Task split guard       | `node --test test/task-split-assessment.test.js`  | PO/BA functional oversize, Architect technical complexity, routine small-task non-blocking behavior, and markdown evidence rendering                                   |
+| Sonar quality gate     | GitHub Actions: `Sonar` or local SonarQube import | conditional quality gate for duplication, bugs, code smells, maintainability, coverage readiness, and security hotspots when a Sonar provider is configured            |
+| Browser E2E            | `npm run test:e2e`                                | Playwright checks map scenario acceptance criteria to visible UI state, API persistence, artifact attachment, responsive layout, and recovery behavior                 |
+| Installed package init | `npm run test:e2e:init`                           | Installed CLI checks map scenario acceptance criteria to stdout, stderr, exit code, filesystem state, JSON contracts, evidence records, and release-readiness outcomes |
+| Runtime manual queue   | `npm run test:e2e:runtime`                        | Temporary-workspace runtime checks prove manual spawn requests queue under delegate pressure and expose queued artifacts through runtime sessions                      |
+| Public site build      | `npm run site:build`                              | production site build                                                                                                                                                  |
+| Release readiness      | `orchestra release check --json`                  | `releaseReadiness` and `gaReadiness` report                                                                                                                            |
+| Package contents       | `npm run package:validate`                        | package file list includes bin, dist, web console, site assets, docs, rules, skills, metadata, and changelog                                                           |
+| Performance budgets    | `npm run performance:bench -- --json`             | CLI and web API timings on a synthetic large workspace                                                                                                                 |
 
 ## Network Policy
 

package/docs/restricted-fragment-storage-contract.md

@@ -0,0 +1,147 @@
+# Restricted Fragment Storage Contract
+
+`GH-510-RESTRICTED-FRAGMENT-STORAGE` defines the future storage envelope for
+retained restricted fragments. This contract does not enable retention by
+default and does not add a vault, KMS, or retrieval product surface.
+
+## Scope
+
+Restricted fragment storage is exceptional. It is allowed only when a future
+structured workflow has an approved product need, tenant policy, retention
+class, and security review. Ordinary chat persistence remains redacted-only.
+
+The following values must not be retained raw in transcripts, logs, exports,
+evidence, markdown handoffs, telemetry, or provider requests:
+
+- credentials, passwords, API keys, tokens, secrets, and signing material
+- payment card data, CVV, track data, and payment account identifiers
+- regulated or sensitive PII unless a future structured policy explicitly
+  authorizes encrypted retention
+
+## Storage Boundary
+
+Restricted fragments must be stored outside `.agent-workflow/chat/v1` transcript
+JSONL and outside ordinary chat message tables. Chat records may keep only a
+redacted shadow and a restricted-fragment reference.
+
+The redacted shadow is the only transcript-safe representation:
+
+- fragment id
+- tenant id, workspace id, and source message id
+- classification category and policy id
+- redaction marker and short sanitized summary
+- optional digest of canonical plaintext for dedupe or audit correlation
+- lifecycle status, created timestamp, expiry timestamp, and legal-hold flag
+
+The shadow must not contain raw plaintext, ciphertext, encrypted data keys,
+KMS key ids that reveal tenant topology, provider payloads, or debug samples.
+
+## Envelope Encryption
+
+Each retained fragment uses envelope encryption:
+
+1. A tenant root key is managed by an external KMS or vault.
+2. A workspace key-encryption context is derived from tenant id, workspace id,
+   retention class, and policy id.
+3. A fresh per-fragment data encryption key encrypts the fragment with
+   `AES-256-GCM` or a reviewed equivalent AEAD.
+4. The per-fragment data key is wrapped by the workspace key context.
+5. The ciphertext object stores only ciphertext metadata and the wrapped key
+   reference needed for an authorized decrypt operation.
+
+The envelope metadata must include:
+
+- envelope schema version
+- fragment id and redacted shadow id
+- algorithm, IV/nonce id, authentication tag id, and ciphertext digest
+- wrapped data-key id and key version
+- KMS provider alias and tenant/workspace key scope
+- classification category, retention class, policy id, and purpose
+- creation timestamp, expiry timestamp, and legal-hold flag
+
+The envelope metadata must not include raw plaintext, derived plaintext samples,
+complete provider prompts, route request bodies, or user-supplied secret names.
+
+## Audit Contract
+
+The append-only audit trail must record sanitized lifecycle events:
+
+- `restricted_fragment_detected`
+- `restricted_fragment_shadow_recorded`
+- `restricted_fragment_encrypted`
+- `restricted_fragment_decrypt_denied`
+- `restricted_fragment_restore_attempted`
+- `restricted_fragment_ciphertext_deleted`
+- `restricted_fragment_key_destroyed`
+- `restricted_fragment_crypto_shredded`
+- `restricted_fragment_backup_expiry_pending`
+
+Audit entries include tenant id, workspace id, fragment id, policy id, actor id,
+decision id, category, timestamps, and counts. They never include plaintext,
+ciphertext, wrapped key material, provider payloads, or request bodies.
+
+## Crypto-Shred
+
+Deleting a retained fragment requires both storage deletion and key destruction:
+
+1. mark the redacted shadow as deletion requested;
+2. hard-delete the ciphertext object and index entry;
+3. destroy or disable the fragment data-key binding so decrypt is impossible;
+4. record the KMS/vault destruction receipt or local equivalent;
+5. record backup expiry status because immutable backups may age out later;
+6. record a final `crypto_shredded` audit event.
+
+If raw restricted data was blocked and never persisted, delete reports
+`raw_not_persisted` instead of claiming a ciphertext deletion occurred.
+
+Crypto-shred is complete only when the active ciphertext object is gone and the
+key binding can no longer unwrap the fragment data key. Backups may still retain
+already-encrypted bytes until their retention windows expire, but those bytes
+must remain unrecoverable once key destruction is complete.
+
+## Restore Constraints
+
+Restore is denied by default. A future restore operation must require:
+
+- tenant and workspace authorization
+- policy allowing restore for the exact category and retention class
+- legal basis or break-glass reason
+- active key material that has not been crypto-shredded
+- append-only audit before and after the attempt
+
+Restore must fail closed when the fragment is expired, the key is destroyed, the
+legal hold conflicts with the request, the actor lacks authorization, or the
+policy does not allow raw recovery. Restored plaintext must be streamed only to
+the authorized consumer and must not be written back into transcripts, evidence,
+logs, exports, or provider prompts.
+
+## Export And Compliance
+
+Default chat export remains redacted-only. Export may include redacted shadows
+and audit summaries, but it must not include ciphertext blobs, wrapped keys,
+plaintext, KMS key material, or restoration receipts that expose internals.
+Telemetry, evidence compaction, support bundles, and Markdown reporting follow
+the same rule: only sanitized category, count, marker, decision, and lifecycle
+status data may leave the restricted-fragment boundary.
+
+Logical chat tombstones do not satisfy crypto-shred for retained fragments.
+Compliance delete must distinguish:
+
+- transcript tombstone only
+- `raw_not_persisted`
+- ciphertext hard delete
+- key destroyed
+- crypto-shred complete
+- backup expiry pending
+
+## Implementation Slices
+
+1. Add storage-agnostic domain types and validation for restricted fragment
+   shadows, envelopes, audit events, and delete results.
+2. Teach chat compliance exports to include redacted shadow summaries while
+   excluding ciphertext and wrapped-key metadata.
+3. Add a storage adapter interface for encrypted fragment object stores.
+4. Add a KMS/vault adapter interface for wrap, unwrap, disable, and destroy.
+5. Add delete orchestration that hard-deletes ciphertext before recording key
+   destruction and crypto-shred audit events.
+6. Add restore denial tests before any restore implementation exists.

package/docs/runtime-adapters.md

@@ -75,6 +75,20 @@ OpenAI/Codex provider models are provider-backed execution. `codex-cli` is a
 runtime-native parent session and never becomes a provider API fallback unless a
 future explicit hybrid policy records that decision as evidence.
 
+Before the wrapper creates a provider adapter or sends a request, it evaluates
+provider egress through the security policy boundary. Messages are classified
+through the shared classifier/redaction contract and treated as a `provider`
+sink. Restricted or unsafe-unredacted content is blocked before any provider
+call; only sanitized policy metadata may be recorded as evidence. Provider
+failure messages are sanitized before surfacing so backend base URLs,
+authorization headers, API keys, and token-shaped values are not exposed.
+
+Internal providers such as `ollama` are private-only. `OLLAMA_BASE_URL` must be
+server-configured and point at `localhost`, loopback, link-local, or RFC1918
+private-network IP addresses. Public DNS names and public IPs are rejected by
+policy. Use loopback for local development, or a private address reachable only
+inside the trusted deployment network.
+
 ## Init Modes
 
 Default project init keeps the current compact bootstrap behavior:
@@ -487,13 +501,26 @@ agent path and records that choice in phase provenance.
 
 When no task or role executor is configured and the default executor is
 `generic-runtime`, `auto` and strict `subagents` mode infer the active runtime
-from `OPEN_ORCHESTRA_ACTIVE_RUNTIME`, known parent-runtime environment markers,
-or managed runtime bootstrap files. Codex maps to `codex-cli`, Claude maps to
-`claude-cli`, Cursor maps to `cursor-cli`, Windsurf maps to `windsurf-agent`,
-and VS Code maps to `vscode-agent`.
-
-Explicit selections always take precedence in this order: `--runtime`, task
-override, role override, then `runtimePolicy.defaults.executor`. Automatic
+from `.agent-workflow/active-runtime.json`, then from `OPEN_ORCHESTRA_ACTIVE_RUNTIME`
+as a final fallback for non-hook environments (CI, scripts).
+
+`.agent-workflow/active-runtime.json` is the truthful signal of which AI runtime
+is currently driving the conversation. It is written by the active runtime's
+UserPromptSubmit hook on every session start. `orchestra init --target claude`
+configures Claude's `.claude/settings.json` hook to call
+`orchestra health --runtime claude-cli --json`; `--target cursor` configures the
+equivalent in `.cursor/rules/orchestra-health.mdc`. Manual-setup guidance for
+Codex/VS Code/Windsurf documents the same `orchestra health --runtime <id>`
+pattern that must run at session start. Each hook overwrites the file with its
+own runtime id, so "last writer wins" matches "current parent runtime".
+
+The persisted record has a 24h TTL. Records older than that are ignored and
+inference falls through to the next signal. Codex maps to `codex-cli`, Claude
+maps to `claude-cli`, Cursor maps to `cursor-cli`, Windsurf maps to
+`windsurf-agent`, and VS Code maps to `vscode-agent`.
+
+Explicit selections always take precedence in this order: `--runtime` flag,
+task override, role override, then `runtimePolicy.defaults.executor`. Automatic
 inference never rewrites `.agent-workflow/config.json`; it only affects the
 current planning decision. Set `workflow.phaseExecutionMode` to `single-agent`
 or configure `runtimePolicy.defaults.executor` to override inference for
@@ -501,6 +528,12 @@ deterministic local or CI runs. If `OPEN_ORCHESTRA_ACTIVE_RUNTIME` names an
 unknown runtime, workflow planning fails with supported values and the same
 override options instead of requiring hidden config edits.
 
+File-based inference (reading `target=` from `AGENTS.md`/`CLAUDE.md`/etc.) and
+per-tool environment detection (`CLAUDECODE`, `CODEX_THREAD_ID`,
+`CURSOR_TRACE_ID`, etc.) are intentionally **not** used: instruction files
+describe which runtimes the project supports, not which one is active right
+now, and per-tool env vars can coexist in nested or inherited sessions.
+
 Subagent spawning is fully asynchronous by default. A spawn request returns the
 `sessionId`, request artifact, prompt artifact, expected result artifact, status,
 next lifecycle commands, and quality warnings, then the parent agent should

package/docs/site-manifest.json

@@ -1,9 +1,7 @@
 {
   "repositoryUrl": "https://github.com/jterrats/open-orchestra",
   "packageUrl": "https://www.npmjs.com/package/@jterrats/open-orchestra",
-  "nav": [
-    { "href": "https://jterrats.dev", "label": "Main site" }
-  ],
+  "nav": [{ "href": "https://jterrats.dev", "label": "Main site" }],
   "pages": [
     {
       "path": "/",
@@ -54,7 +52,7 @@
   },
   "quickstart": {
     "source": "README.md",
-    "heading": "First Visible Value"
+    "heading": "Individual Mode: First Value In Minutes"
   },
   "capabilities": {
     "source": "README.md",
@@ -92,7 +90,7 @@
         "label": "README",
         "href": "https://github.com/jterrats/open-orchestra#quick-start",
         "source": "README.md",
-        "heading": "First Visible Value"
+        "heading": "Individual Mode: First Value In Minutes"
       },
       {
         "title": "Release matrix",
@@ -110,43 +108,143 @@
   },
   "docs": {
     "links": [
-      { "title": "Adoption guide", "source": "docs/adoption-guide.md", "heading": "Open Orchestra 1.0.0 Adoption Guide" },
-      { "title": "Core command surface", "source": "docs/core-command-surface.md", "heading": "Core Command Surface" },
-      { "title": "E2E test batteries", "source": "docs/e2e-test-batteries.md", "heading": "End-to-End Test Batteries" },
-      { "title": "Duplicate-code enforcement", "source": "docs/duplicate-code-enforcement.md", "heading": "Duplicate-Code Enforcement" },
-      { "title": "Sonar quality gates", "source": "docs/sonar-quality-gates.md", "heading": "Sonar Quality Gates" },
-      { "title": "Sonar architecture model", "source": "docs/sonar-architecture-model.md", "heading": "Sonar Architecture Model" },
-      { "title": "Runtime adapters", "source": "docs/runtime-adapters.md", "heading": "Runtime Adapters" },
-      { "title": "Context vault", "source": "docs/context-vault.md", "heading": "Context Vault" },
-      { "title": "Site content workflow", "source": "docs/site-content-workflow.md", "heading": "Public Site Content Workflow" }
+      {
+        "title": "Adoption guide",
+        "source": "docs/adoption-guide.md",
+        "heading": "Open Orchestra 1.0.0 Adoption Guide"
+      },
+      {
+        "title": "Core command surface",
+        "source": "docs/core-command-surface.md",
+        "heading": "Core Command Surface"
+      },
+      {
+        "title": "E2E test batteries",
+        "source": "docs/e2e-test-batteries.md",
+        "heading": "End-to-End Test Batteries"
+      },
+      {
+        "title": "Duplicate-code enforcement",
+        "source": "docs/duplicate-code-enforcement.md",
+        "heading": "Duplicate-Code Enforcement"
+      },
+      {
+        "title": "Sonar quality gates",
+        "source": "docs/sonar-quality-gates.md",
+        "heading": "Sonar Quality Gates"
+      },
+      {
+        "title": "Sonar architecture model",
+        "source": "docs/sonar-architecture-model.md",
+        "heading": "Sonar Architecture Model"
+      },
+      {
+        "title": "Runtime adapters",
+        "source": "docs/runtime-adapters.md",
+        "heading": "Runtime Adapters"
+      },
+      {
+        "title": "Context vault",
+        "source": "docs/context-vault.md",
+        "heading": "Context Vault"
+      },
+      {
+        "title": "Site content workflow",
+        "source": "docs/site-content-workflow.md",
+        "heading": "Public Site Content Workflow"
+      }
     ]
   },
   "releaseDocs": {
     "links": [
-      { "title": "Release test matrix", "source": "docs/release-test-matrix.md", "heading": "1.0.0 Release Test Matrix" },
-      { "title": "E2E test batteries", "source": "docs/e2e-test-batteries.md", "heading": "End-to-End Test Batteries" },
-      { "title": "Sonar quality gates", "source": "docs/sonar-quality-gates.md", "heading": "Sonar Quality Gates" },
-      { "title": "Sonar architecture model", "source": "docs/sonar-architecture-model.md", "heading": "Sonar Architecture Model" },
-      { "title": "QA evidence", "source": "docs/site-content-workflow.md", "heading": "QA Evidence" },
-      { "title": "Package naming", "source": "docs/package-naming.md", "heading": "Package Naming Decision" },
-      { "title": "Upgrade dogfooding", "source": "README.md", "heading": "Quick Start" }
+      {
+        "title": "Release test matrix",
+        "source": "docs/release-test-matrix.md",
+        "heading": "1.0.0 Release Test Matrix"
+      },
+      {
+        "title": "E2E test batteries",
+        "source": "docs/e2e-test-batteries.md",
+        "heading": "End-to-End Test Batteries"
+      },
+      {
+        "title": "Sonar quality gates",
+        "source": "docs/sonar-quality-gates.md",
+        "heading": "Sonar Quality Gates"
+      },
+      {
+        "title": "Sonar architecture model",
+        "source": "docs/sonar-architecture-model.md",
+        "heading": "Sonar Architecture Model"
+      },
+      {
+        "title": "QA evidence",
+        "source": "docs/site-content-workflow.md",
+        "heading": "QA Evidence"
+      },
+      {
+        "title": "Package naming",
+        "source": "docs/package-naming.md",
+        "heading": "Package Naming Decision"
+      },
+      {
+        "title": "Upgrade dogfooding",
+        "source": "README.md",
+        "heading": "Quick Start"
+      }
     ]
   },
   "console": {
     "links": [
-      { "title": "Web console QA", "source": "docs/web-console-qa.md", "heading": "Web Console QA Notes" },
-      { "title": "Local web console", "source": "docs/orchestra-mvp.md", "heading": "Commands" },
-      { "title": "Workflow progress API", "source": "README.md", "heading": "1.0.0 Workflow Tooling" },
-      { "title": "Delivery dashboard", "source": "docs/adoption-guide.md", "heading": "Release Operations" }
+      {
+        "title": "Web console QA",
+        "source": "docs/web-console-qa.md",
+        "heading": "Web Console QA Notes"
+      },
+      {
+        "title": "Local web console",
+        "source": "docs/orchestra-mvp.md",
+        "heading": "Commands"
+      },
+      {
+        "title": "Workflow progress API",
+        "source": "README.md",
+        "heading": "1.0.0 Workflow Tooling"
+      },
+      {
+        "title": "Delivery dashboard",
+        "source": "docs/adoption-guide.md",
+        "heading": "Release Operations"
+      }
     ]
   },
   "reference": {
     "links": [
-      { "title": "Command contracts", "source": "docs/command-contracts.md", "heading": "Command Contracts" },
-      { "title": "Generated artifact APIs", "source": "docs/generated-artifact-api-catalog.md", "heading": "Generated Artifact API Catalog" },
-      { "title": "Runtime LLM flow", "source": "docs/runtime-llm-flow.md", "heading": "Runtime LLM Flow" },
-      { "title": "Tracker adapter contract", "source": "docs/tracker-adapter-contract.md", "heading": "Tracker Adapter Contract" },
-      { "title": "Source of truth and learning", "source": "docs/source-of-truth-and-agent-learning.md", "heading": "Source of Truth and Agent Learning" }
+      {
+        "title": "Command contracts",
+        "source": "docs/command-contracts.md",
+        "heading": "Command Contracts"
+      },
+      {
+        "title": "Generated artifact APIs",
+        "source": "docs/generated-artifact-api-catalog.md",
+        "heading": "Generated Artifact API Catalog"
+      },
+      {
+        "title": "Runtime LLM flow",
+        "source": "docs/runtime-llm-flow.md",
+        "heading": "Runtime LLM Flow"
+      },
+      {
+        "title": "Tracker adapter contract",
+        "source": "docs/tracker-adapter-contract.md",
+        "heading": "Tracker Adapter Contract"
+      },
+      {
+        "title": "Source of truth and learning",
+        "source": "docs/source-of-truth-and-agent-learning.md",
+        "heading": "Source of Truth and Agent Learning"
+      }
     ]
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jterrats/open-orchestra",
-  "version": "1.0.17",
+  "version": "1.1.0",
   "type": "module",
   "workspaces": [
     "extensions/vscode-open-orchestra",
@@ -31,7 +31,9 @@
     "release:matrix": "node scripts/release-test-matrix.js",
     "performance:bench": "npm run build && node scripts/performance-benchmark.js",
     "precommit": "npm run lint && npm run typecheck && npm run secret-scan && npm run security:audit && npm test && npm run validate:workflow",
-    "prepack": "npm run build",
+    "package:build": "npm run build && npm run site:build",
+    "package:validate": "node scripts/validate-package-contents.js",
+    "prepack": "npm run package:build && npm run package:validate",
     "sonar:preflight:local": "node bin/orchestra.js sonar preflight --provider sonarqube-local --project-key jterrats_open-orchestra --host-url ${SONAR_HOST_URL:-http://localhost:9001}",
     "sonar:scan:local": "sonar-scanner -Dsonar.host.url=${SONAR_HOST_URL:-http://localhost:9001}",
     "hooks:install": "git config core.hooksPath .githooks",
@@ -71,6 +73,7 @@
   "files": [
     "bin/",
     "dist/",
+    "site/dist/",
     "rules/",
     "docs/",
     "skills/",

package/site/dist/_headers

@@ -0,0 +1,9 @@
+/*
+  Content-Security-Policy: default-src 'self'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; object-src 'none'; script-src 'self'; style-src 'self'; form-action 'self'; upgrade-insecure-requests
+  Permissions-Policy: camera=(), geolocation=(), microphone=(), payment=(), usb=()
+  Referrer-Policy: strict-origin-when-cross-origin
+  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
+  X-Content-Type-Options: nosniff
+
+/architecture.mmd
+  Content-Type: text/plain; charset=utf-8

package/site/dist/_redirects

@@ -0,0 +1,2 @@
+https://www.open-orchestra.jterrats.dev/* https://open-orchestra.jterrats.dev/:splat 301
+/* /index.html 200

package/site/dist/architecture.mmd

@@ -0,0 +1,61 @@
+flowchart LR
+  subgraph entry["Entry surfaces"]
+    human["Human operator"]
+    runtime["Agent runtimes"]
+    ide["IDE control center"]
+    web["Local web console"]
+  end
+
+  subgraph contract["Runtime and CLI contract"]
+    bootstrap["Runtime bootstrap"]
+    commands["orchestra CLI"]
+    manifest["Command manifest"]
+    api["JSON contracts"]
+  end
+
+  subgraph workflow["Workflow core"]
+    intake["Task registry"]
+    phases["PM to release phases"]
+    gates["Human review gates"]
+    skills["Skills and memory"]
+    readiness["Release readiness"]
+  end
+
+  subgraph state["Local state and adapters"]
+    files[".agent-workflow state"]
+    providers["Model providers"]
+    trackers["Tracker adapters"]
+    evidence["Evidence packs"]
+    content["Docs manifest"]
+  end
+
+  subgraph delivery["Delivery outputs"]
+    site["Public site"]
+    package["npm package"]
+    reports["Handoffs and reports"]
+    release["CI release tags"]
+  end
+
+  human --> commands
+  runtime --> bootstrap
+  ide --> api
+  web --> api
+  bootstrap --> commands
+  commands --> manifest
+  api --> manifest
+  manifest --> phases
+  phases --> intake
+  phases --> gates
+  phases --> skills
+  phases --> readiness
+  intake --> files
+  gates --> evidence
+  skills --> files
+  phases --> providers
+  phases --> trackers
+  readiness --> evidence
+  content --> site
+  readiness --> site
+  readiness --> package
+  readiness --> release
+  evidence --> reports