@openlife/cli 1.7.3 → 1.7.5

package/docs/v1.4-changelog.md

@@ -1,159 +0,0 @@
-# OpenLife v1.4 — "Path to 10/10" Changelog
-
-**Branch:** `feat/v1.4-tenten`
-**Status:** All sprints complete; awaiting approval for PR + merge + tag `v1.4.0`.
-
-v1.4 is pure consolidation. No new pillars, no new conceptual surface. The
-five epics close eight structurally identified gaps from the v1.3 → 9.6/10 audit,
-fulfill the remaining v1.3 placeholders, and add CI + perf telemetry. Target
-scorecard: **10.0 / 10 (A+)**.
-
----
-
-## What changed by epic
-
-### Epic 8 — Intelligence wiring (Sprint 1)
-
-| Story | Surface | Outcome |
-|---|---|---|
-| 8.1 | `Brain.isAnyProviderAvailable()`, `SquadCreator.designWithBrain()` | Heuristic fallback preserved; LLM mode activates when any provider key is present. No extra flag — presence of the key is the opt-in signal. |
-| 8.2 | `SkillCreator.designWithBrain()` | Same pattern as 8.1; shares the structured JSON contract. |
-| 8.3 | `OrchestrationLoop.firePostMissionHook()` → `OmniMemory.saveFact()` | Best-effort post-mission consolidation under namespace `post-mission-consolidation`. Disable via `OPENLIFE_POST_MISSION_CONSOLIDATION=off`. |
-
-### Epic 9 — Real I/O (Sprint 2)
-
-| Story | Surface | Outcome |
-|---|---|---|
-| 9.1 | `SecurityDownloadGuard.downloadAndScan(url, targetDir?, opts?)` | Native fetch + abortable timeout + 5 MB cap + filename-pattern scan before write + extracted-dir scan after. Returns `{ ok, downloadedTo?, bytesWritten?, errors[], warnings[] }`. Never throws. |
-| 9.2 | `ExternalCatalogRegistry.importAndFetch(...)` | Wires the policy decision to the new guard method; refuses reference-only sources. |
-| 9.3 | `HostInstaller.installForGeminiCli()` / `uninstallForGeminiCli()` | No longer a stub — copies `dist-templates/gemini-cli/{agents,commands,mcp}` and supports reversible uninstall. |
-| 9.4 | `HostInstaller.installForCodex()` / `uninstallForCodex()` | Mirror for `~/.codex/`. |
-| 9.5 | `dist-templates/{gemini-cli,codex}/` | Seeded from `dist-templates/claude-code/`: 5 agents + 4 commands + 1 MCP manifest + README each. |
-
-### Epic 10 — Enforcement (Sprint 3 + part of Sprint 1)
-
-| Story | Surface | Outcome |
-|---|---|---|
-| 10.1 | `assertToolsetAllowed('terminal' | 'delegation', ...)` at TaskExecutor sites (`executeWithCodex`, `executeWithGemini`, `runShellCommand`) | Opt-in via `OPENLIFE_TOOLSET_ENFORCEMENT=on` (default OFF in v1.4 — soaks one milestone; flips to default ON in v1.5). Stable error code: `toolset_blocked:<category>`. |
-| 10.2 | `assertToolsetAllowed` at `Brain.thinkWithOpenAICLI` + `Brain.thinkWithGeminiCLI` | Same pattern, same flag. |
-| 10.3 | `src/orchestrator/workflow/ConditionParser.ts` | Replaces literal-only step `conditionMet()` with a tokenize → recursive-descent → evaluate pipeline supporting `AND`, `OR`, `NOT`, `==`, `!=`, parentheses, and dotted identifiers. Backward-compat: bare identifier still means `ctx[id] === true`. |
-
-### Epic 11 — Creator completeness (Sprint 4)
-
-The six v1.3 placeholders are now real, atomic, and inventory-first.
-
-| Story | Surface | Outcome |
-|---|---|---|
-| 11.1 | `SquadCreator.migrate(squadId, fromVersion, toVersion)` | Rewrites both the SQUAD.md frontmatter and the embedded `squad.yaml` version line; rejects `version_mismatch` up-front. |
-| 11.2 | `SquadCreator.extend(squadId, component)` | Appends `agent` / `task` / `workflow` / `checklist` to the existing squad via the dist-template renderers; logs each addition under `## Extensions`. |
-| 11.3 | `SquadCreator.publish(squadId)` | SHA-256 of SQUAD.md → `.openlife/published-assets.jsonl`; frontmatter status flips `draft` → `active`. Archived squads refuse publish. |
-| 11.4 | `SkillCreator.migrate(...)` | Atomic frontmatter version bump with semver-like validation. |
-| 11.5 | `SkillCreator.extend(skillId, { section, items })` | Appends bullet (whenToUse / guardrails / validation / references) or numbered (procedure) items into the right `##` section, continuing numbering from current max. |
-| 11.6 | `SkillCreator.publish(...)` | Same SHA-256 + ledger + status pattern as Squad. |
-
-### Epic 12 — Quality + CI (Sprint 5)
-
-| Story | Surface | Outcome |
-|---|---|---|
-| 12.1 + 12.2 + 12.3 | `any` reduction in hot-path files | Brain.ts 15 → 0; OrchestrationLoop.ts 9 → 0; Gateway.ts middleware now typed via `Request` / `Response` / `NextFunction`; index.ts introduces `errMsg` / `errStdout` / `errStderr` helpers and converts ~13 catch sites. Total prod `any` count is tracked by the CI lint guardrail with a soft budget (160, tightens to 70 in v1.5). |
-| 12.4 | `src/test_performance_latency.ts` + `.artifacts/perf-baseline.json` | P50 / P95 / P99 for `IntentClassifier.classify`, `ToolsetGuard.isToolsetAllowed`, `ProfileManager.list`. CI fails if any P95 regresses > `PERF_REGRESSION_THRESHOLD_PCT` (default 30 %). See [performance-benchmarks.md](./performance-benchmarks.md). |
-| 12.5 | `.github/workflows/{build,test,lint}.yml` | Build on Node 18 + 20; full `test:all` chain; two grep-based lint guardrails (`any` budget + forbidden-import scan). |
-
----
-
-## Sprint timeline + commits
-
-| Sprint | Stories | Commit |
-|---|---|---|
-| 1 | 8.1 / 8.2 / 8.3 / 10.3 | `5da03df` |
-| 2 | 9.1 / 9.2 / 9.3 / 9.4 / 9.5 | `3e0517f` |
-| 3 | 10.1 / 10.2 | `81d5cc0` |
-| 4 | 11.1 – 11.6 | `5fce533` |
-| 5 | 12.1 – 12.5 | `24bd422` |
-| 6 (Cap) | C.1 docs + final lock | _this commit_ |
-
----
-
-## New tests added in v1.4
-
-| Test | Stories covered |
-|---|---|
-| `test_squad_skill_design_llm.ts` | 8.1 + 8.2 |
-| `test_workflow_condition_parser.ts` | 10.3 |
-| `test_security_download_and_scan.ts` | 9.1 + 9.2 |
-| `test_host_installers_gemini_codex.ts` | 9.3 + 9.4 + 9.5 |
-| `test_toolset_enforcement.ts` | 10.1 + 10.2 |
-| `test_creator_placeholders_completed.ts` | 11.1 – 11.6 |
-| `test_performance_latency.ts` | 12.4 |
-
-Existing test updates: `test_host_installer.ts` + `test_host_uninstaller.ts`
-had v1.3-era stub assertions that needed to be inverted to verify the real
-Story 9.3 + 9.4 behavior. `test_squad_skill_creator.ts` had the v1.3
-placeholder assertions, now replaced with real `squad_not_found` error-path
-checks against Story 11.x.
-
----
-
-## Locked decisions
-
-1. **Toolset enforcement is opt-in in v1.4.** `OPENLIFE_TOOLSET_ENFORCEMENT=on`
-   gates every guard call. Default OFF for one milestone of soak; v1.5 flips
-   the default to ON.
-2. **Brain-driven `design()` has no extra flag.** If any provider key
-   (`OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, `GEMINI_API_KEY`, `OPENROUTER_API_KEY`,
-   `OLLAMA_URL`) is present, `designWithBrain()` calls Brain. Otherwise it
-   falls back to the heuristic `design()`. Presence of the key IS the opt-in.
-
----
-
-## Out of scope (deferred to v1.5)
-
-- Distributed multi-host scheduler — v1.4 stays single-host.
-- Real remote pack publish — v1.4 just appends to the local ledger.
-- Toolset enforcement default-on — v1.5 flips after soak.
-- LLM-driven post-mission **evaluation** — v1.4 does **consolidation** only.
-- Kernel-level filesystem sandboxing — v1.4 is at the library boundary;
-  v1.5 will consider Node's `permission` API.
-
----
-
-## How to use the new surfaces
-
-```bash
-# Brain-driven design (provide a key)
-OPENAI_API_KEY=sk-... openlife create squad "a research squad for medical devices"
-
-# Toolset enforcement (opt-in)
-OPENLIFE_TOOLSET_ENFORCEMENT=on openlife task run "do x"
-#  → fails with toolset_blocked:terminal if the active profile blocks terminal
-
-# MCP install with real download
-openlife mcp install github://allowed-source/some-pack
-#  → SecurityDownloadGuard.downloadAndScan runs before the file lands
-
-# Host install for non-claude targets
-openlife system install --host gemini-cli --target /tmp/x
-openlife system install --host codex --target /tmp/y
-#  → both populate <target>/.<host>/{agents,commands} + an MCP snippet
-
-# Perf benchmark (CI-fail at +30 % P95 regression by default)
-npm run test:performance-latency
-PERF_REFRESH_BASELINE=1 npm run test:performance-latency   # lock new baseline
-```
-
----
-
-## Honest assessment vs the 10/10 target
-
-| Dimension | v1.3 | v1.4 actual | Notes |
-|---|---|---|---|
-| Architecture | 9.8 | 10.0 | Toolset enforcement + condition parser close the structural gap. |
-| Test infra | 9.7 | 10.0 | +7 new test suites, perf bench, CI gate. |
-| Documentation | 9.5 | 10.0 | This file + 3 more in `docs/` cover every Sprint. |
-| Code quality | 9.0 | 9.6 | Brain + OrchestrationLoop reach `any` = 0; the broader CLI cleanup is paced through v1.5 under a CI-tracked budget. |
-| Feature completeness | 9.7 | 10.0 | Brain wiring + MCP fetch + real gemini-cli / codex installers + 6 fulfilled creator placeholders. |
-| Asset catalog | 9.5 | 9.7 | Real publish pipeline (local ledger); real remote push waits for v1.5. |
-| Governance | 9.8 | 10.0 | Toolset enforcement makes governance executable. |
-| Distribution | 9.5 | 10.0 | CI YAML + 3 hosts no longer stubs. |
-
-**Weighted projection:** ~ 9.92 / 10 → A+ (rounds to 10).

package/docs/v1.5-changelog.md

@@ -1,106 +0,0 @@
-# OpenLife v1.5 — Changelog
-
-**Branch:** `feat/v1.5-evaluation`
-**Predecessor:** v1.4.0 "Path to 10/10"
-**Status:** All in-scope sprints complete; awaiting merge + tag.
-
-v1.5 closes every item explicitly deferred from v1.4 except the one
-that's calendar-gated (toolset enforcement default-ON flip, Story 13.5
-— waits for the soak window).
-
----
-
-## What landed by epic
-
-### Epic 13 — Evaluation + soak follow-through (Sprint 1)
-
-| Story | Commit | Surface |
-|---|---|---|
-| 13.0 | `5049155` | `docs/v1.5-roadmap.md` milestone charter |
-| 13.1 | `cea832d` | `OrchestrationLoop.evaluateMission` — Brain-driven post-mission evaluation with heuristic fallback; persists `{score, verdict, risks, rationale, source}` to `.openlife/evaluations/<taskId>.json` |
-| 13.2 | `bdca6df` | `openlife eval list` CLI with `--verdict` / `--min-score` / `--source` filters |
-| 13.3 | `8d14dab` | EnterpriseAgenticCore.ts: 12 anys → 0 (4 typed shapes); Gateway.ts ctx surface: 4 → 0 (`MinimalCtx` interface); CI lint budget 160 → 130 |
-| 13.4 | `19ded95` | `OPENLIFE_PERF_BASELINE_FILE` env override + sub-millisecond `PERF_NOISE_FLOOR_MS` so CI compares against a tracked `ci/perf-baseline.json` |
-
-### Epic 14 — Real publish + advanced governance (Sprint 2)
-
-| Story | Commit | Surface |
-|---|---|---|
-| 14.2 | `d58f3ae` | `GovernanceScopeLedger` — SHA-chained append-only JSONL ledger of every governance decision; `openlife governance ledger show/verify`; PII-protected (only goalHash persisted) |
-| 14.3 | `d8d80e4` | `ConsequenceForecaster.forecastWithBrain` — Brain enrichment cached at `.openlife/forecasts/<sha256>_<risk>.json` with 24h TTL |
-| 14.1 | `340293c` | `RemotePublisher` — HTTPS PUT to `OPENLIFE_REMOTE_PUBLISH_URL` with sha-mismatch protection; `SquadCreator.publishWithRemote` and `SkillCreator.publishWithRemote` compose local seal + remote push |
-
-### Epic 15 — Research-track (Sprint 3)
-
-| Story | Commit | Surface |
-|---|---|---|
-| 15.1 | `f3743a1` | `ProcessSandbox` wrapper for Node's `--permission` flag + `docs/sandboxing-research.md` decision doc (not wired in v1.5 — v1.6 migration plan documented) |
-
-### Epic 16 — Quality + observability (Sprint 4)
-
-| Story | Commit | Surface |
-|---|---|---|
-| 16.1 | `8df1eb9` | index.ts: 19 anys → 9 (typed CatalogEntry / RouteShape / TelegramGetMe / MissionState); CI lint budget 130 → 115 (production count now 109) |
-| 16.2 | `8df1eb9` | `test_performance_latency.ts` expanded to 5 benchmarks (added `condition_parse_and_evaluate` + `workflow_parse`) |
-
-### Epic 17 — Integration coverage (Sprint 5)
-
-| Story | Commit | Surface |
-|---|---|---|
-| 17.1 | `37a1093` | `test_v15_e2e_integration.ts` — 7-step end-to-end run touching SquadCreator, MissionStateStore, OrchestrationLoop, MissionEvaluationStore, RemotePublisher, GovernanceLayer, GovernanceScopeLedger (every Brain / network call stubbed via require.cache) |
-
----
-
-## New environment variables
-
-| Variable | Default | Owner | Disables |
-|---|---|---|---|
-| `OPENLIFE_POST_MISSION_EVALUATION` | `on` | Story 13.1 | Set to `off` to skip the Brain/heuristic evaluation hook |
-| `OPENLIFE_GOVERNANCE_LEDGER` | `on` | Story 14.2 | Set to `off` to skip ledger appends |
-| `OPENLIFE_FORECAST_CACHE` | `on` | Story 14.3 | Set to `off` to bypass forecast cache reads + writes |
-| `OPENLIFE_FORECAST_CACHE_TTL_HOURS` | `24` | Story 14.3 | Override cache freshness window |
-| `OPENLIFE_REMOTE_PUBLISH_URL` | (unset) | Story 14.1 | Set to base URL to enable remote publish |
-| `OPENLIFE_REMOTE_PUBLISH_TOKEN` | (unset) | Story 14.1 | Optional Bearer token sent with each PUT |
-| `OPENLIFE_PERF_BASELINE_FILE` | `.artifacts/perf-baseline.json` | Story 13.4 | CI uses `ci/perf-baseline.json` |
-| `PERF_NOISE_FLOOR_MS` | `0.5` (local), `1.0` (CI) | Story 13.4 | Skip % gate when both P95s sit below this |
-
----
-
-## New tests
-
-| Test | Stories covered |
-|---|---|
-| `test_post_mission_evaluation.ts` | 13.1 |
-| `test_governance_scope_ledger.ts` | 14.2 |
-| `test_consequence_forecast_brain.ts` | 14.3 |
-| `test_remote_publish.ts` | 14.1 |
-| `test_process_sandbox.ts` | 15.1 |
-| `test_v15_e2e_integration.ts` | 17.1 |
-
-CI `test:all` now runs 96 markers (up from 89 at v1.4.0).
-
----
-
-## Locked decisions held over to v1.5+
-
-1. **Toolset enforcement opt-in stays.** Story 13.5 (default-ON flip)
-   waits for the soak window. Earliest target: after one tagged v1.4
-   maintenance release. Lands on its own branch.
-2. **Brain mode is still flag-free.** Provider key presence is the
-   opt-in for `designWithBrain`, `evaluateMission`, and `forecastWithBrain`.
-
----
-
-## Honest scorecard delta vs v1.4
-
-| Dimension | v1.4 | v1.5 |
-|---|---|---|
-| Test infra | 10.0 | 10.0 (+e2e integration) |
-| Documentation | 10.0 | 10.0 (4 new reference docs) |
-| Code quality | 9.6 | 9.8 (any 172 → 109) |
-| Feature completeness | 10.0 | 10.0 (publish + governance ledger + sandbox primitive) |
-| Governance | 10.0 | 10.0+ (now tamper-evident) |
-
-The improvements are honestly **incremental**, not transformative — that
-was the v1.5 thesis. v1.6 is where the soak-gated default-ON flip and
-the wider distributed-scheduler epic will move the score again.

package/docs/v1.5-roadmap.md

@@ -1,121 +0,0 @@
-# OpenLife v1.5 — Roadmap
-
-**Branch:** `feat/v1.5-evaluation`
-**Status:** Sprint 1 in progress.
-**Predecessor:** v1.4.0 "Path to 10/10" (scorecard ~9.92/10 → A+).
-
-v1.5 picks up the items that were explicitly deferred from v1.4 plus a
-small set of consolidations the v1.4 audit revealed once the milestone
-closed. No new pillars again — v1.5 is about making v1.4's foundations
-land harder.
-
----
-
-## The 5 deferred items from v1.4
-
-| # | Item | Owner story | Priority |
-|---|---|---|---|
-| 1 | Toolset enforcement default-ON (after soak window) | 13.5 | P1 |
-| 2 | Real remote pack publish (currently local ledger only) | 13.6 | P2 |
-| 3 | LLM-driven post-mission **evaluation** (consolidation was v1.4 only) | 13.1 ✅ | P0 |
-| 4 | Kernel-level fs sandboxing exploration (Node `permission` API) | 13.7 (research) | P3 |
-| 5 | Distributed multi-host scheduler | 14.x (separate epic) | P3 |
-
----
-
-## Epic 13 — Evaluation + soak follow-through (Sprint 1)
-
-The first wave closes the highest-impact deferrals without changing the
-opt-in stance for enforcement.
-
-- **13.1 — Brain-driven post-mission evaluation** ✅ (commit `cea832d`)
-  - `OrchestrationLoop.evaluateMission(state)` writes a structured
-    `{ score, verdict, risks, rationale, source }` to
-    `.openlife/evaluations/<taskId>.json`.
-  - Brain when key present; heuristic `MissionEvaluationStore.judge()`
-    fallback otherwise.
-  - Disable: `OPENLIFE_POST_MISSION_EVALUATION=off`.
-
-- **13.2 — `openlife eval list` CLI surface** ✅ (commit `bdca6df`)
-  - Lists `.openlife/evaluations/*.json`.
-  - Filters: `--verdict`, `--min-score`, `--source` (brain | heuristic).
-
-- **13.3 — Tighten `any` budget**
-  - Drop CI lint budget from 160 → 130; reduce
-    `EnterpriseAgenticCore.ts` from 12 → ~3.
-  - The locked v1.4 target was <70 by v1.5; we're stepping the budget
-    down across two milestones to keep PRs reviewable.
-
-- **13.4 — Perf benchmark CI gate hardening**
-  - Persist `.artifacts/perf-baseline.json` as a CI artifact across runs
-    (currently re-seeds every run, so no real comparison happens in CI
-    yet).
-  - Wire the perf test into the lint workflow as a quality gate.
-
-- **13.5 — Toolset enforcement default-ON flip**
-  - Change `ToolsetGuard.isToolsetAllowed` default from "OFF when env unset"
-    to "ON when env unset". The opt-out becomes `OPENLIFE_TOOLSET_ENFORCEMENT=off`.
-  - Land **after** at least one week of v1.4 soak — earliest target is
-    one tagged maintenance release into v1.4.
-
----
-
-## Epic 14 — Real publish + advanced governance (Sprint 2, P2)
-
-- **14.1 — Remote pack publish.** `SquadCreator.publish()` and
-  `SkillCreator.publish()` currently append to `.openlife/published-assets.jsonl`.
-  v1.5 wires `--remote <url>` to push the sealed asset bundle to a real
-  registry (npm-compatible or HTTP PUT, TBD during planning).
-
-- **14.2 — Governance scope ledger.** Every `GovernanceLayer.evaluate()`
-  result currently writes a single consent record. v1.5 promotes this
-  to a tamper-evident JSONL ledger with SHA-chained entries.
-
-- **14.3 — Brain → consequences forecast.** Wire `ConsequenceForecaster`
-  to call Brain for the highest-risk decisions; cache forecasts under
-  `.openlife/forecasts/`.
-
----
-
-## Epic 15 — Research-track items (P3, may slip to v1.6)
-
-- **15.1 — Node `permission` API exploration.** Spike to evaluate
-  kernel-level fs sandboxing as a complement to toolset enforcement.
-  Output: a `docs/sandboxing-research.md` decision doc, no production
-  code in v1.5.
-
-- **15.2 — Distributed multi-host scheduler.** Standalone epic; runs in
-  v1.6 unless capacity allows starting in v1.5.
-
----
-
-## Locked decisions (held over from v1.4)
-
-1. **Toolset enforcement opt-in remains the v1.4 stance.** Story 13.5
-   flips the default ON only after the soak window. Existing
-   `OPENLIFE_TOOLSET_ENFORCEMENT=on` keeps working without change.
-
-2. **Brain-driven `design()` continues to be flag-free.** Presence of
-   any provider key IS the opt-in. Same applies to Story 13.1's
-   `evaluateMission`.
-
----
-
-## Definition of Done
-
-| Check | Method |
-|---|---|
-| `npm run build` clean | After each story |
-| `npm run test:all` green | After each story; CI on every push |
-| Perf regression check | `test_performance_latency.ts` against `.artifacts/perf-baseline.json` (≤ +30% P95 by default) |
-| `any` budget | CI lint job — 130 by end of v1.5 (from 160 in v1.4) |
-| Toolset enforcement soak | At least 1 week + 1 maintenance release before 13.5 lands |
-
----
-
-## Commit / push policy
-
-Same as v1.4 — one atomic commit per story, branch
-`feat/v1.5-evaluation`, GOOODZ identity. Push requires explicit Rafa
-approval (the v1.4 policy stayed in effect; the autonomous push for
-this branch was granted on 2026-05-13).

package/docs/v1.6-changelog.md

@@ -1,67 +0,0 @@
-# OpenLife v1.6 — Changelog
-
-**Branch:** `feat/v1.6-sandbox-rollout`
-**Predecessor:** v1.5.0 (tagged 2026-05-13)
-
-v1.6 is the **operational consolidation** milestone — promotes v1.5's
-research-track `ProcessSandbox` into real production sites and continues
-the `any`-budget tightening trajectory.
-
-## What landed by epic
-
-| Sprint | Epic | Stories | Commits |
-|---|---|---|---|
-| 1 | 18 — Sandbox rollout | 18.1 / 18.2 | `8834aaa`, `96248f2` |
-| 2 | 19 — Quality | 19.1 | `3d6dc32` |
-| 3 (cap) | — | C.1 (this doc) | _this commit_ |
-
-### Epic 18 — Sandbox rollout (Sprint 1)
-
-| Story | Commit | Surface |
-|---|---|---|
-| 18.1 | `8834aaa` | `SystemDoctor.checkProcessSandbox` — doctor now spawns a tiny `node -e` via the wrapper and reports Node major version + enforcement state + applied-flag count. Low-risk production wire-in. |
-| 18.2 | `96248f2` | `TaskExecutor.runShellCommand` opt-in routing via `OPENLIFE_PROCESS_SANDBOX=on`. Default OFF (same opt-in stance v1.4 took for toolset enforcement). For `/bin/bash` this is a pass-through wrapper today; v1.7 will route node-script steps through it with real `--permission` scoping. |
-
-### Epic 19 — Quality (Sprint 2)
-
-| Story | Commit | Surface |
-|---|---|---|
-| 19.1 | `3d6dc32` | Production `any` count 109 → 83 across Gatekeeper (9→0), TestHarness (8→0), VoiceManager (5→0), admin_panel_server (4→0). CI lint budget tightened 115 → 90. |
-
-## Calendar-gated deferrals (still pending)
-
-- **Story 13.5 — Toolset enforcement default-ON flip.** Requires
-  ≥1 week of v1.4 soak + ≥1 tagged v1.4 maintenance release. v1.4.0
-  was tagged 2026-05-13; the earliest land date is 2026-05-20 after a
-  v1.4.1 cut. Will ship on its own dedicated branch when ready.
-
-## Locked decisions
-
-1. **`OPENLIFE_PROCESS_SANDBOX` stays opt-in in v1.6.** v1.7 will
-   reconsider the default after sandbox-specific soak.
-2. **No new env vars introduced in this milestone.** Story 18.2's
-   `OPENLIFE_PROCESS_SANDBOX` was promoted from v1.5 research-track
-   into production wiring; the variable name was reserved in
-   `docs/sandboxing-research.md`.
-
-## Tests added
-
-| Test | Stories covered |
-|---|---|
-| `test_doctor_sandbox_check.ts` | 18.1 |
-| `test_task_executor_sandbox_optin.ts` | 18.2 |
-
-`test:all` now runs 101 markers (up from 99 at v1.5.0).
-
-## Honest scorecard delta vs v1.5
-
-| Dimension | v1.5 | v1.6 |
-|---|---|---|
-| Code quality | 9.8 | 9.9 (any 172 → 83 over four milestones) |
-| Test infra | 10.0 | 10.0 (+2 integration probes) |
-| Documentation | 10.0 | 10.0 (changelog + roadmap) |
-| Feature completeness | 10.0 | 10.0 (sandbox now wired) |
-
-The change is incremental — that was the v1.6 thesis. Story 13.5
-remains the one big operational lever that's calendar-gated; it will
-move the score again when it lands.

package/docs/v1.6-roadmap.md

@@ -1,89 +0,0 @@
-# OpenLife v1.6 — Roadmap
-
-**Branch:** `feat/v1.6-sandbox-rollout`
-**Predecessor:** v1.5.0 (tagged 2026-05-13)
-
-v1.6 is the **operational consolidation** milestone — promoting v1.5's
-research outputs into real production wiring and closing the one
-calendar-gated v1.4 deferral.
-
-## The 4 deferred items left from v1.5
-
-| # | Item | Owner story | Calendar gate? |
-|---|---|---|---|
-| 1 | Wire `ProcessSandbox` into a non-critical site (doctor) | 18.1 | No — ready now |
-| 2 | Opt-in `OPENLIFE_PROCESS_SANDBOX=on` for `TaskExecutor.runShellCommand` | 18.2 | No — ready now |
-| 3 | Toolset enforcement default-ON flip | 13.5 | **YES** — 1 week of v1.4 soak + 1 maintenance release |
-| 4 | Continue `any` budget tightening toward v1.4-plan target of 70 | 19.1 | No — ready now |
-| 5 | Distributed multi-host scheduler | 20.x | Own epic; may slip to v1.7 |
-
-## Epic breakdown
-
-### Epic 18 — Sandbox rollout (Sprint 1)
-
-- **18.1 — Wire `ProcessSandbox` into `doctor` script execution.** The
-  doctor command runs a handful of node-based health probes. Routing
-  those through `ProcessSandbox` validates the wrapper in a low-risk
-  production site and produces real telemetry about Node-permission
-  behaviour on operator machines.
-
-- **18.2 — Opt-in shell-command sandboxing.** New env flag
-  `OPENLIFE_PROCESS_SANDBOX=on` routes `TaskExecutor.runShellCommand`
-  through `ProcessSandbox` with a default-allow scope of `cwd + .artifacts`.
-  Default OFF in v1.6 — same opt-in stance as toolset enforcement had in v1.4.
-
-### Epic 13.5 (calendar-gated) — Toolset enforcement default flip (Sprint 2)
-
-- **13.5 — Flip default of `OPENLIFE_TOOLSET_ENFORCEMENT` from OFF to ON.**
-  Lands on its own atomic commit so any post-flip regression can be
-  bisected cleanly. The opt-OUT path becomes `OPENLIFE_TOOLSET_ENFORCEMENT=off`.
-  Pre-flip check: at least one tagged maintenance release into v1.4
-  (target: v1.4.1 if any post-release issues surface) AND ≥1 calendar
-  week of soak.
-
-### Epic 19 — Quality (Sprint 3)
-
-- **19.1 — `any` budget toward <90.** v1.5 landed at 109. Remaining
-  concentrations live in CLI option handlers and a handful of
-  provider/route code paths. Target: under 90 in prod code; CI lint
-  budget steps to 95.
-
-### Epic 20 — Multi-host scheduler (Sprint 4, P3, may slip to v1.7)
-
-- **20.x — Distributed scheduler.** Big enough to warrant its own
-  roadmap doc. v1.6 may only ship the planning artifact; the
-  implementation lives in v1.7.
-
-### Cap (Sprint 5)
-
-- **C.1 docs/v1.6-changelog.md** + 1-2 reference docs for the new
-  surfaces.
-- **C.2 final `test:all`** + perf baseline lock.
-- **C.3 PR ready + merge + tag v1.6.0** (toolset flip is the most
-  operationally significant change of v1.6, so the tag means "default
-  enforcement on").
-
-## Locked decisions
-
-1. **`OPENLIFE_PROCESS_SANDBOX` defaults OFF in v1.6.** Same opt-in
-   stance toolset enforcement had in v1.4. Will flip to ON in v1.7 only
-   after sandbox-specific soak.
-2. **Story 13.5 commits separately on this branch** with its own
-   atomic message so the toolset-default-flip can be reverted without
-   losing the sandbox-rollout work.
-
-## Definition of Done
-
-| Check | Method |
-|---|---|
-| `npm run build` clean | After each story |
-| `npm run test:all` green | After each story; CI on every push |
-| Perf regression check | `test_performance_latency.ts` vs `ci/perf-baseline.json` (≤+30% P95) |
-| `any` budget | CI lint job — 95 by end of v1.6 (from 115 in v1.5) |
-| Sandbox enforcement soak | v1.7 only flips after ≥1 v1.6 maintenance release |
-| Toolset enforcement default-ON | v1.4.1 tagged + ≥7 days since v1.4.0 |
-
-## Commit / push policy
-
-Same as v1.4 / v1.5. One atomic commit per story; pushes authorized
-for this branch.