@openlife/cli 1.7.4 → 1.7.5

package/CHANGELOG.md

@@ -0,0 +1,186 @@
+# Changelog
+
+All notable changes to OpenLife CLI (`@openlife/cli`) are documented here.
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+Project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+Detailed per-milestone notes (story-level breakdown, commit map, scorecard
+deltas) live in `docs/v<N>-changelog.md`.
+
+## [Unreleased]
+
+Hit-10 sprint in progress — see plan for M2→M6 (docs hygiene, first-run
+wizard, observability, aiobuilder depth, self-update).
+
+---
+
+## [1.7.4] — 2026-05-14
+
+### Fixed
+- `openlife --version` now reads dynamically from `package.json` instead
+  of a hardcoded `1.0.0`. After install, the reported version matches
+  the npm tag.
+
+## [1.7.3] — 2026-05-14
+
+### Added
+- `LICENSE` (MIT) at repository root and registered in `package.json`
+  `files[]` so the tarball ships it.
+- `.npmignore` to enforce exclusions over `files[]` whitelist when
+  needed.
+
+### Changed
+- Cleaned external dev-kit branding (AIOX, GSD, AIOS) from every
+  user-facing surface: 33 catalog files scrubbed, 8 unused legacy
+  catalog entries removed, source comments and test function names
+  generalized, `dist-templates/workflows/AIOX_PORT_NOTES.md` renamed
+  to `PORTED_WORKFLOWS.md`.
+- `.planning/` and `CLAUDE.md` untracked and `.gitignore`'d — they
+  remain on disk for the maintainer but never ship publicly.
+- Compact, OpenLife-only `CLAUDE.md` content (local-only).
+
+### Removed
+- 7 unused `aios-*` agents + 1 squad from `.catalog/` (imported mirrors
+  with zero runtime consumers).
+- Internal strategy/study docs moved out of public `docs/`.
+
+## [1.7.2] — 2026-05-14
+
+### Changed
+- Package renamed from `@open-life/cli` → `@openlife/cli` to match
+  the existing npm organization (`openlife`). No code/behavior change.
+
+## [1.7.1] — 2026-05-13
+
+### Fixed
+- `SystemDoctor` graceful downgrade when running on Node 20+ builds
+  that lack `--permission` flag support (e.g. CI runners). Sandbox
+  enforcement check no longer false-fails on unsupported runtimes.
+
+## [1.7.0] — 2026-05-13 — "Enforcement at scale"
+
+See `docs/v1.7-changelog.md` for full per-story breakdown.
+
+### Added
+- Toolset enforcement coverage expanded from 2 to **13 categories**
+  (memory, tts, cron, mcp, skills, workflows, squads, web, file,
+  vision, gateway, plus terminal and delegation from v1.4). Behind
+  `OPENLIFE_TOOLSET_ENFORCEMENT=on` (default still off, calendar-gated
+  flip in 20.1).
+- `OrchestrationLoop` now branches on `OPENLIFE_BRAIN_FORECAST=on` to
+  reach `ConsequenceForecaster.forecastWithBrain()` (shipped v1.5,
+  unwired until now). Brain verdict / risk amplifiers / opportunity
+  factors surfaced into the attempt trace.
+- `test_forecast_brain_wiring.ts` regression guard catches the
+  "shipped but unwired" class of bug.
+- Consolidated `docs/release-process.md` runbook.
+
+### Fixed
+- CI lint `any`-budget grep filter (`-h` flag was stripping filenames,
+  causing test-file matches to count as production). Production `any`
+  count driven to **0** against a filename-aware grep.
+
+### Note on prior measurement
+The v1.4–v1.6 `any` counts (172, 109, 83) reflected the broken filter
+and were inflated. Real production counts were ~30, ~20, 12–14.
+Historical changelogs are not retroactively edited; the correction is
+documented in `docs/v1.7-changelog.md`.
+
+## [1.6.0] — 2026-05-13 — "Sandbox rollout"
+
+See `docs/v1.6-changelog.md`.
+
+### Added
+- `ProcessSandbox` (Story 18.1): Node 20+ `--permission` flag-based
+  process sandboxing. First production wire-in via `openlife doctor`
+  with graceful downgrade when unsupported.
+- `TaskExecutor` opt-in sandbox (Story 18.2) via
+  `OPENLIFE_SANDBOX_TASK_EXEC=on`.
+- Distributed lock primitive for multi-process queue coordination.
+
+### Changed
+- `RuntimeHealthMonitor` exponential backoff (10s base → 1h cap) with
+  10-failure budget per 1h window.
+
+## [1.5.0] — 2026-05-13 — "Evaluation + remote publishing"
+
+See `docs/v1.5-changelog.md` and `docs/v1.5-roadmap.md`.
+
+### Added
+- Brain-driven post-mission evaluation (Story 13.1) — automatic
+  `quality / governance / actionability` scoring via `eval judge`
+  command, results in `.openlife/evaluations/`.
+- SHA-chained governance scope ledger (Story 14.2):
+  `.openlife/governance-ledger.jsonl` with tamper detection via chain
+  walk. PII protection by hashing goals before persistence.
+- Remote asset publishing over HTTPS (Story 14.1) —
+  `RemotePublisher` + signed manifests for catalog distribution.
+- `ConsequenceForecaster.forecastWithBrain()` API (wiring in v1.7).
+- Type safety improvements: structured Telegram API parsing, event
+  iteration typing.
+
+## [1.4.0] / [1.4.1] — 2026-05-12/13 — "Path to 10/10"
+
+See `docs/v1.4-changelog.md`.
+
+### Added (consolidation milestone — no new pillars)
+- Intelligence wiring: `Brain.isAnyProviderAvailable()` opt-in,
+  `SquadCreator/SkillCreator.designWithBrain()`, post-mission memory
+  consolidation hook.
+- Real I/O: `SecurityDownloadGuard.downloadAndScan()` with size cap +
+  filename-pattern scanning; `HostInstaller` real implementations for
+  Gemini CLI and Codex (no longer stubs); seeded
+  `dist-templates/{gemini-cli,codex}/`.
+- Toolset enforcement kernel: `assertToolsetAllowed()` at
+  `TaskExecutor` and `Brain` CLI sites (terminal + delegation
+  categories).
+- Workflow condition parser: tokenize → recursive-descent → evaluate
+  pipeline supporting `AND/OR/NOT/==/!=` + parens + dotted identifiers.
+- CI + perf telemetry: `npm run test:performance-latency`,
+  `.github/workflows/{test,build,lint}.yml`.
+
+### v1.4.1 — Maintenance cut
+- Backport-eligible bug fixes for v1.4 line.
+
+## [1.3.0] — 2026-05-12 — "Agent OS Integration"
+
+### Added
+- 5 blueprint docs covering Agent OS integration architecture.
+- Service Mode contract caller fixes (required `actor` parameter).
+- v1.3 placeholder commands now have real implementations.
+- Capability Pack schema + Capability Genesis Engine — turns free-text
+  briefs into draft capability packs (Stories 1.1, 2.1–2.4, 3.1–3.3).
+
+## [1.2.0] — 2026-05-12 — "Royal Stack"
+
+### Added
+- Workflow engine: `WorkflowSchema` + `WorkflowParser` +
+  `WorkflowEngine` with atomic state persistence and phase-step
+  execution model (Story 4.1).
+- 4 ported workflows shipped in `dist-templates/workflows/`:
+  `story-development-cycle`, `greenfield-fullstack`,
+  `brownfield-discovery`, `qa-loop` (Story 4.4).
+- Squad + Skill creators with interactive UX and Brain-driven design
+  modes (Stories 5.1–5.5).
+- Atomic writer + mission checkpoint API (Stories 6.1–6.2).
+- Runtime reliability: heartbeat, watchdog, distributed lock,
+  exponential backoff health monitor.
+- `aiobuilder` CLI surface with 16 sub-commands (`mode`, `create-agent`,
+  `create-squad`, `build-skill`, `generate-ui`, `discover`, `plan`,
+  `build`, `test`, `preview`, `release`, `infra`, `score`, `evolve`,
+  `ship`, `chat`, `canonize`, `create-capability`).
+
+---
+
+[Unreleased]: https://github.com/GOOODZ/openlife-core/compare/v1.7.4...HEAD
+[1.7.4]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.7.4
+[1.7.3]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.7.3
+[1.7.2]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.7.2
+[1.7.1]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.7.1
+[1.7.0]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.7.0
+[1.6.0]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.6.0
+[1.5.0]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.5.0
+[1.4.1]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.4.1
+[1.4.0]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.4.0
+[1.3.0]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.3.0
+[1.2.0]: https://github.com/GOOODZ/openlife-core/releases/tag/v1.2.0

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,31 @@
+# Code of Conduct
+
+This project welcomes contributions from anyone willing to engage
+constructively. To keep collaboration productive and respectful, all
+participants are expected to:
+
+- Communicate professionally and assume good faith.
+- Focus discussion on ideas, code, and project goals.
+- Accept constructive feedback gracefully and offer it the same way.
+- Respect differing viewpoints and experience levels.
+- Help maintain a focused, useful technical environment.
+
+## Scope
+
+This Code of Conduct applies to all project spaces — issues, pull
+requests, discussions, and any public communication associated with
+OpenLife CLI.
+
+## Reporting
+
+If a concern arises, please contact the maintainer privately by opening
+a confidential issue or via email at the address listed in
+`package.json`. Reports will be reviewed and addressed by the
+maintainer.
+
+## Enforcement
+
+The maintainer is responsible for clarifying acceptable behavior and
+may take appropriate corrective action for participation that disrupts
+the project, including edits to or removal of contributions and, where
+necessary, blocking continued participation.

package/CONTRIBUTING.md

@@ -0,0 +1,133 @@
+# Contributing to OpenLife CLI
+
+Thanks for your interest in improving OpenLife. This document covers the
+dev setup, test discipline, commit conventions, and PR process used in
+this project.
+
+## Quick start (dev setup)
+
+```bash
+git clone https://github.com/GOOODZ/openlife-core.git
+cd openlife-core
+npm install         # postinstall runs scripts/postinstall-check.sh
+npm run build       # tsc → dist/
+node bin/openlife.js --help    # verify the CLI loads
+```
+
+For interactive development without rebuilding each time:
+
+```bash
+npm run dev         # ts-node src/index.ts
+```
+
+## Test discipline
+
+OpenLife does **not** use Jest. Each test is a standalone executable in
+`src/test_*.ts` that the `test:*` script in `package.json` compiles and
+runs directly. Tests `throw` or `process.exit(1)` on failure; success
+prints a summary line ending with `TEST_<NAME>_OK`.
+
+Run the full canonical suite before committing:
+
+```bash
+npm run test:all
+```
+
+Run an individual test:
+
+```bash
+npm run test:workflow-parser
+# or ad-hoc without script:
+npm run build && node dist/test_<name>.js
+```
+
+`prepublishOnly` runs `test:all` automatically — publish will block on
+the suite. Add new tests by:
+
+1. Create `src/test_<feature>.ts` following the existing pattern (use a
+   neighboring test file as template).
+2. Add a matching `test:<feature>` script in `package.json`.
+3. If the test is canonical, append it to the `test:all` chain.
+
+## Commit conventions
+
+- Use [Conventional Commits](https://www.conventionalcommits.org/):
+  `feat:`, `fix:`, `docs:`, `chore:`, `refactor:`, `test:`, `ci:`,
+  `style:`, `perf:`, `build:`.
+- Reference the story or issue: `feat(workflow): add idempotent flag (Story 4.2, v1.2)`.
+- Keep commits atomic — one logical change per commit. Pre-commit
+  validation runs `npm run test:all` indirectly via prepublish gate.
+
+## TypeScript conventions
+
+- **Strict mode** is enforced (`tsconfig.json` has `"strict": true`).
+  Production code must not use `any` — `unknown` + type narrowing is the
+  idiomatic alternative. Test files may use `(x as any)` as a test seam.
+- **Lazy imports** for heavy classes inside `src/index.ts` Commander
+  handlers — never move `Gateway`, `Brain`, `TestHarness`,
+  `OrchestrationLoop`, etc. to module scope. They are inside
+  `.action(...)` via `require(...)` so that deterministic commands
+  (`--help`, `plugin`, tests) stay fast.
+- **Error contract for CLI handlers**: return JSON via
+  `JSON.stringify(...)` with `{ ok: false, error: '<snake_case_code>',
+  ... }`. Use `process.exitCode = 1` (not `process.exit(1)`) for
+  failures in handlers.
+- **Provider pattern**: new asset sources follow `Composite{X}Provider`
+  → `File{X}Provider` / `Cloud{X}Provider` in
+  `src/orchestrator/providers/`.
+- **No external dev-kit paths at runtime** — runtime must not import
+  from `~/.hermes`, Obsidian vaults, or local-only dev-kit dirs.
+
+## Pull request process
+
+1. Fork the repository or create a feature branch (`feat/<short-name>`
+   or `fix/<short-name>`).
+2. Make atomic commits with conventional commit messages.
+3. Ensure `npm run test:all` passes locally.
+4. Run `npm run build` to confirm clean TypeScript compilation.
+5. Open a PR against `main`. Include in the description:
+   - **Summary** of the change (1-3 bullets).
+   - **Tests added/changed** with file paths.
+   - **Risk assessment** for any runtime-behavior change.
+6. CI (`.github/workflows/test.yml`, `build.yml`, `lint.yml`) must pass.
+7. A maintainer will review and merge. **Push to `main` and
+   `gh pr merge` are restricted to the maintainer** to keep the release
+   pipeline deterministic.
+
+## Filing issues
+
+Use the templates in `.github/ISSUE_TEMPLATE/`:
+
+- **Bug report** — for unexpected behavior, crashes, or regressions.
+- **Feature request** — for new capabilities or enhancements.
+- **Question** — for usage questions that don't fit the above.
+
+Include OS, Node version, OpenLife version (`openlife --version`),
+reproduction steps, and expected vs actual behavior.
+
+## Where to put new code
+
+| Adding... | Lives in... |
+|---|---|
+| Commander command | `src/index.ts` (near related commands, reuse banner sections) |
+| Orchestrator class | `src/orchestrator/<ClassName>.ts` |
+| CLI installer/wizard | `src/cli/<ClassName>.ts` |
+| Memory provider | `src/memory/<Name>Provider.ts` + register in `MemoryProviderRegistry.ts` |
+| Asset provider | `src/orchestrator/providers/{File,Cloud,Composite}<X>Provider.ts` |
+| Reversa contract/executor | `src/reversa/Reversa<Name>.ts` |
+| Test | `src/test_<feature>.ts` + matching `test:<feature>` script |
+
+## Code of Conduct
+
+This project adheres to a Contributor Covenant. See
+[CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md). By participating, you agree
+to abide by its terms.
+
+## License
+
+By contributing, you agree that your contributions will be licensed
+under the [MIT License](./LICENSE).
+
+## Questions
+
+Open a question issue or check `docs/getting-started.md` (coming soon).

package/README.md

@@ -1,19 +1,18 @@
 # OpenLife CLI
 
+[![npm version](https://img.shields.io/npm/v/@openlife/cli.svg)](https://www.npmjs.com/package/@openlife/cli)
+[![Build](https://github.com/GOOODZ/openlife-core/actions/workflows/test.yml/badge.svg)](https://github.com/GOOODZ/openlife-core/actions/workflows/test.yml)
+[![License: MIT](https://img.shields.io/npm/l/@openlife/cli.svg)](./LICENSE)
+[![Node](https://img.shields.io/node/v/@openlife/cli.svg)](https://nodejs.org)
+[![npm downloads](https://img.shields.io/npm/dm/@openlife/cli.svg)](https://www.npmjs.com/package/@openlife/cli)
+
 OpenLife é um CLI/framework de orquestração com dois modos principais:
 
 - **CLI framework**: uso local por terminal, automações e comandos de operador.
 - **Agente autônomo**: runtime contínuo com daemon, Telegram e governança.
 
-> OpenLife é separado do Hermes. Hermes pode ajudar a operar/desenvolver OpenLife, mas o runtime do OpenLife não deve depender de `~/.hermes` nem de pastas do Obsidian.
-
-## Fonte executável canônica
-
-- Código/dev: `D:\VSCODDE-DEV\openlife-core-main`
-- WSL: `/mnt/d/VSCODDE-DEV/openlife-core-main`
-- GitHub: `https://github.com/GOOODZ/openlife-core`
-
-Obsidian (`OPENLIFE_PRODUCTION` e `LARA/OPEN-LIFE`) é camada estratégica/documental. Catálogos runtime devem viver no repo/cloud, por exemplo:
+OpenLife é um produto standalone. Catálogos runtime vivem no repositório
+e não dependem de dev-kits externos ou pastas de terceiros.
 
 ```txt
 .catalog/agents/
@@ -22,6 +21,23 @@ Obsidian (`OPENLIFE_PRODUCTION` e `LARA/OPEN-LIFE`) é camada estratégica/docum
 .catalog/mcps/
 ```
 
+## Quickstart
+
+```bash
+npm install -g @openlife/cli
+openlife init        # wizard interativo com banner, chaves, OAuth, Telegram
+openlife ask "hello, what can you do?"
+```
+
+Mais detalhes em [INSTALL.md](INSTALL.md) e [docs/getting-started.md](docs/getting-started.md).
+
+## Repositório
+
+- GitHub: <https://github.com/GOOODZ/openlife-core>
+- npm: <https://www.npmjs.com/package/@openlife/cli>
+- Issues: <https://github.com/GOOODZ/openlife-core/issues>
+- Changelog: [CHANGELOG.md](CHANGELOG.md)
+
 ## Quick Start
 
 ### Caminho recomendado — wizard interativo

package/package.json

@@ -1,17 +1,25 @@
 {
   "name": "@openlife/cli",
-  "version": "1.7.4",
+  "version": "1.7.5",
   "description": "OPEN-LIFE Córtex Orquestrador Dual-Core",
   "main": "dist/index.js",
   "files": [
     "dist",
     "bin",
     "scripts",
-    "docs",
     "dist-templates",
+    "docs/README.md",
+    "docs/quickstart.md",
+    "docs/workflow-schema.md",
+    "docs/toolset-enforcement.md",
+    "docs/release-process.md",
+    "docs/v1.7-changelog.md",
+    "CHANGELOG.md",
     "LICENSE",
     "README.md",
     "INSTALL.md",
+    "CONTRIBUTING.md",
+    "CODE_OF_CONDUCT.md",
     "package.json"
   ],
   "repository": {

package/docs/CHANGELOG_FEATURE_ROLLOUT_DESIGNMD.md

@@ -1,43 +0,0 @@
-# OpenLife Feature Rollout Changelog (Dual Mode + Reversa + DesignMD)
-
-## Completed in this cycle
-
-### Core execution
-- Dual mode persisted in mission lifecycle (`task` default, `service` explicit)
-- Formal job lifecycle with events (`enqueued/claimed/started/completed/failed/blocked`)
-- Destructive guardrails enforced (delete/remove/erase requires explicit consent)
-
-### Service operations
-- CLI operations: `service status/pause/resume/events`
-- Task introspection: `task status`
-- Budget hard-stop -> service paused + event log
-
-### Workspace foundations
-- Workspace-aware artifacts path under `.artifacts/workspaces/<workspaceId>/...`
-- Service state/events now namespaced by workspace
-
-### Runtime and orchestration
-- Runtime registry probe/list baseline
-- Teammate board baseline (owner/status/blockers/comments)
-- Learning loop baseline (governed skill candidates)
-
-### Reversa and DesignMD
-- Reversa state now supports mode metadata (`default` | `designmd`)
-- New mode setter in Reversa (`setMode`)
-- New `DesignMdMode` manager to apply/design profile and write root `DESIGN.md`
-- CLI surface:
-  - `reversa mode --set <default|designmd> --profile <id>`
-  - `designmd status`
-  - `designmd apply <profileId> <source> <title> <designPath>`
-  - `aiobuilder mode --set <default|designmd> --profile <id>`
-
-## Validation status
-- TypeScript build: passing
-- Automated tests passing for dual mode, guardrails, lifecycle, runtime, reversa-lite, service CLI, teammate/learning
-
-## Next integration step (pending your references/models)
-1. Add importer for Awesome DESIGN.md catalog profile manifests
-2. Add profile templates bundle under `design/profiles/`
-3. Wire Reversa generation phase to enforce active DesignMD profile tokens
-4. Wire AIOBUILDER scaffolding prompts to DesignMD profile context
-5. Add regression tests for DesignMD profile switching and output consistency

package/docs/EXTERNAL_SOURCES_AND_SECURITY_GUARD.md

@@ -1,33 +0,0 @@
-# OpenLife External Sources & Security Guard
-
-## New source catalog commands
-- `openlife sources list`
-- `openlife sources guard-check <url>`
-- `openlife sources scaffold <type> <id> --notes "..."`
-
-## Autonomous creation baselines (local)
-- `openlife agents create <id> --role <role> --notes "..."`
-- `openlife squads create <id> --domain <domain> --notes "..."`
-- `openlife skills create <id> --notes "..."`
-- `openlife mcp create <id> --transport <stdio|http> --entry "..."`
-
-Created artifacts:
-- `.catalog/agents/<id>/AGENT.md`
-- `.catalog/squads/<id>/SQUAD.md`
-- `.catalog/skills/<id>/SKILL.md`
-- `.catalog/mcps/<id>/mcp.json`
-
-## Default reference sources configured
-- https://skills.sh/
-- https://clawhub.ai/
-- https://mcpmarket.com/
-- https://mcpservers.org/
-- https://github.com/ (import-allowed with guard)
-
-## Cybersecurity guard (mandatory pre-download)
-1. Validate source URL trust.
-2. Scan file list / extracted directory for blocked patterns.
-3. Reject package when blocked files are present.
-
-Active enforcement:
-- `designmd import` runs guard before import and blocks when malicious patterns exist.

package/docs/OPENLIFE_AUDIT_2026-05-06.md

@@ -1,170 +0,0 @@
-# OpenLife — Auditoria Geral (2026-05-06)
-
-## Escopo
-
-Auditoria executada em `D:\\VSCODDE-DEV\\openlife-core-main` (`/mnt/d/VSCODDE-DEV/openlife-core-main`).
-
-Sem ações destrutivas, sem commit/push/deploy.
-
-## Estado geral
-
-- Repo correto: `https://github.com/GOOODZ/openlife-core.git`
-- Branch: `main`
-- Build TypeScript: OK
-- CLI principal: operacional via `node bin/openlife.js`
-- Testes oficiais de package:
-  - `npm run test:distribution`: OK
-  - `npm run test:orchestration`: OK
-- Skill `design-extractor`: instalada e reconhecida pelo OpenLife runtime.
-
-## Correções aplicadas após a auditoria
-
-- Runtime-source truth corrigido: `agents list` e `squads list` agora usam `.catalog/agents` e `.catalog/squads` por padrão.
-- `FileAgentProvider` e `FileSquadProvider` aceitam estrutura recursiva `.catalog/<tipo>/<id>/AGENT.md|SQUAD.md`.
-- `phase1-check` não falha mais falsamente quando a fixture de imagem não existe; o check multimodal vira skip explícito.
-- README atualizado para comandos reais (`install`, `system setup`, `up`, `start --daemon`, `chat`).
-- `npm audit fix` aplicado para `axios`/`follow-redirects`; resta apenas advisory moderado de `@anthropic-ai/sdk` com fix breaking.
-- `postinstall-check.sh` atualizado para npm moderno (`npm prefix -g`).
-- Adicionados `test:runtime-source` e `test:all`.
-- Material extra de referência encontrado em `LARA/OPEN-LIFE`; continua tratado como estratégia/documentação, não runtime.
-
-## Achados críticos remanescentes
-
-### 1. Railway último deploy falhou
-
-`railway status` aponta:
-
-- Project: `openlife-01`
-- Environment: `production`
-- Service: `openlife-01`
-
-Último deploy listado: `FAILED` (`efaa3b3f-97b4-4012-a4a2-d6f2f826dec6`).
-
-Logs via CLI não retornaram conteúdo útil nesta auditoria.
-
-Recomendação: investigar pelo Railway UI ou redeploy controlado somente com aprovação explícita.
-
-### 3. `phase1-check` falha em gateway-image
-
-Resultado:
-
-- `gateway-image`: falha por imagem de teste ausente em `.temp_images`.
-
-Recomendação: criar fixture estável de imagem de teste ou tornar o check opcional/skip explícito quando fixture não existir.
-
-### 4. Vulnerabilidades npm
-
-`npm audit --omit=dev` reportou:
-
-- `axios`: high
-- `follow-redirects`: moderate
-- `@anthropic-ai/sdk`: moderate, fix com breaking change
-
-Recomendação: aplicar `npm audit fix` para axios/follow-redirects e avaliar upgrade controlado do Anthropic SDK.
-
-## Achados importantes
-
-### 5. README tem drift de comandos
-
-README documenta:
-
-- `openlife agent start`
-
-Mas o CLI atual não lista comando `agent`; o caminho real é:
-
-- `openlife start --daemon`
-- `openlife up`
-
-Recomendação: atualizar README/INSTALL/docs/commands para superfície real.
-
-### 6. Doctor textual `system doctor` mostra Anthropic ausente como ❌
-
-Mesmo com `OPENLIFE_RUNTIME_PROFILE=oauth-only`, o comando textual `system doctor` ainda imprime `❌ env:ANTHROPIC_API_KEY`.
-
-O doctor universal (`openlife doctor`) classifica corretamente como `severity: info`.
-
-Recomendação: alinhar `system doctor` com severidade do doctor universal para não assustar operador.
-
-### 7. Railway variables parecem incompletas vs local
-
-Railway mostrou `GEMINI_API_KEY`, `TELEGRAM_BOT_TOKEN`, Nixpacks commands e Railway vars. Não apareceram no recorte:
-
-- `OPENLIFE_TELEGRAM_ALLOWED_USER_ID`
-- `OPENLIFE_RUNTIME_PROFILE`
-- `OPENLIFE_ALLOWED_LLM_EXECUTORS`
-- `OPENAI_API_KEY`
-
-Recomendação: validar vars de produção antes de redeploy/start.
-
-### 8. Não há daemon OpenLife local rodando
-
-Processos locais não mostram `openlife.js start --daemon`; só `telegram-proxy.js`.
-
-Recomendação: se a operação local for desejada, iniciar com `openlife up` após confirmar single-poller e token correto.
-
-## Pontos positivos
-
-- `npm run build`: OK
-- `node bin/openlife.js --help`: OK
-- `node bin/openlife.js status`: OK
-- `node bin/openlife.js doctor`: JSON com severidade e sem blocker de Anthropic no perfil oauth-only
-- Telegram token local valida com `getMe` para `@openlife_master_bot`
-- MCP real detecta `mcporter`, `claude`, `codex`
-- Inventário determinístico existe:
-  - 323 agentes
-  - 47 squads
-  - 71 skills
-- `design-extractor` aparece em `skills list` via `/home/rafaleao/skills/design-extractor/SKILL.md`
-- Segurança de delete tem testes dedicados.
-- `Procfile` e `NIXPACKS_START_CMD` usam `node dist/index.js start --daemon`.
-
-## Plano de ação recomendado
-
-### P0 — Estabilização operacional
-
-1. Remover dependência runtime de Obsidian/LARA para agents/squads.
-2. Corrigir Railway vars e investigar último deploy falho.
-3. Atualizar README/INSTALL para comandos reais (`install`, `up`, `start --daemon`).
-4. Corrigir `phase1-check gateway-image` com fixture ou skip controlado.
-
-### P1 — Segurança e governança
-
-1. Rodar upgrade controlado de `axios`/`follow-redirects`.
-2. Avaliar upgrade do `@anthropic-ai/sdk` sem reintroduzir Anthropic obrigatório.
-3. Trocar `execSync(curl ... token ...)` por `fetch`/axios sem interpolar token em shell em `InstallModules.ts`.
-4. Garantir que Railway usa `OPENLIFE_TELEGRAM_ALLOWED_USER_ID`.
-
-### P2 — Produto/UX
-
-1. Consolidar doctor único com severidade clara.
-2. Criar comando `openlife audit` ou `system audit`.
-3. Criar `media route-status` como alias de status, pois `media status` falha.
-4. Documentar separação Hermes vs OpenLife no README principal.
-
-### P3 — Qualidade contínua
-
-1. Criar script `test:all` para os 44 testes `src/test_*.ts`.
-2. Separar testes mutantes dos testes puros.
-3. Criar CI com build + audit + testes essenciais.
-4. Adicionar smoke Railway pós-deploy.
-
-## Comandos usados
-
-```bash
-npm run build
-node bin/openlife.js --help
-node bin/openlife.js system status
-OPENLIFE_RUNTIME_PROFILE=oauth-only node bin/openlife.js system doctor
-node bin/openlife.js doctor
-node bin/openlife.js status
-node bin/openlife.js agents list
-node bin/openlife.js squads list
-node bin/openlife.js skills list
-node bin/openlife.js mcp status --real
-node bin/openlife.js phase1-check
-npm run test:distribution
-npm run test:orchestration
-npm audit --omit=dev
-railway status
-railway deployment list
-```