@openlife/cli 1.7.4 → 1.7.6

package/dist/test_install_wizard.js

@@ -3,12 +3,15 @@
 // Uses CannedAnswerProvider so no real stdin/tty is required.
 //
 // Question order in wizard.run() (when no pre-existing install):
-//   1) profile          (choice: 0=framework, 1=autonomous)
+//   1) profile          (choice: 0=framework, 1=autonomous, 2=both)
 //   2) host             (choice: 0=claude-code, 1=gemini-cli, 2=codex)
-//   3) model order      (text: blank or comma list)
-//   4) telegram?        (yesNo, autonomous only)
-//   5) skip doctor?     (yesNo)
-//   6) confirm preview  (yesNo)
+//   3) wantsApiKeys     (yesNo)
+//   3a-d) [if Y] OPENAI / ANTHROPIC / GEMINI / OPENROUTER pastes (text)
+//   4) wantsOAuth       (yesNo)
+//   5) model order      (text: blank or comma list)
+//   6) telegram?        (yesNo, autonomous only)
+//   7) skip doctor?     (yesNo)
+//   8) confirm preview  (yesNo)
 //
 // When pre-existing install detected, an extra choice prompt fires FIRST:
 //   0) abort  1) reinstall  2) repair
@@ -76,8 +79,8 @@ function writeExistingInstall(root) {
 async function scenario1HappyPathFrameworkClaudeCode() {
     const root = tempRoot();
     try {
-        // profile=framework(0), host=claude-code(0), models='', skipDoctor=false, confirm=true
-        const provider = new InstallWizard_1.CannedAnswerProvider([0, 0, '', false, true]);
+        // profile=framework(0), host=claude-code(0), apiKeys=N, oauth=N, models='', skipDoctor=false, confirm=true
+        const provider = new InstallWizard_1.CannedAnswerProvider([0, 0, false, false, '', false, true]);
         const wizard = new InstallWizard_1.InstallWizard(root, provider);
         const result = await wizard.run();
         assert(result.ok === true, 'scenario1: expected ok=true');
@@ -88,7 +91,8 @@ async function scenario1HappyPathFrameworkClaudeCode() {
         assert(result.options.skipDoctor === false, 'scenario1: skipDoctor should be false');
         assert(result.options.modelOrder === undefined, 'scenario1: modelOrder should be undefined when blank');
         assert(result.preExistingAction === undefined, 'scenario1: no pre-existing action expected');
-        assert(!result.warnings, 'scenario1: no warnings expected for default claude-code');
+        // SKIPPED_API_KEYS warning is expected when wantsApiKeys=false
+        assert(Array.isArray(result.warnings) && result.warnings.some((w) => w.includes('SKIPPED_API_KEYS')), 'scenario1: should warn SKIPPED_API_KEYS when api-key prompt skipped');
         console.log('✅ scenario 1: happy path framework + claude-code');
     }
     finally {
@@ -98,8 +102,8 @@ async function scenario1HappyPathFrameworkClaudeCode() {
 async function scenario2HappyPathAutonomousClaudeCode() {
     const root = tempRoot();
     try {
-        // profile=autonomous(1), host=claude-code(0), models='', telegram=true, skipDoctor=false, confirm=true
-        const provider = new InstallWizard_1.CannedAnswerProvider([1, 0, '', true, false, true]);
+        // profile=autonomous(1), host=claude-code(0), apiKeys=N, oauth=N, models='', telegram=true, skipDoctor=false, confirm=true
+        const provider = new InstallWizard_1.CannedAnswerProvider([1, 0, false, false, '', true, false, true]);
         const wizard = new InstallWizard_1.InstallWizard(root, provider);
         const result = await wizard.run();
         assert(result.ok === true, 'scenario2: expected ok=true');
@@ -107,7 +111,8 @@ async function scenario2HappyPathAutonomousClaudeCode() {
             return;
         assert(result.options.profile === 'autonomous', 'scenario2: profile should be autonomous');
         assert(result.options.host === 'claude-code', 'scenario2: host should be claude-code');
-        assert(!result.warnings, 'scenario2: no warnings when telegram already configured');
+        // SKIPPED_API_KEYS warning is expected when wantsApiKeys=false
+        assert(Array.isArray(result.warnings) && result.warnings.some((w) => w.includes('SKIPPED_API_KEYS')), 'scenario2: should warn SKIPPED_API_KEYS when api-key prompt skipped');
         console.log('✅ scenario 2: happy path autonomous + claude-code');
     }
     finally {
@@ -117,8 +122,8 @@ async function scenario2HappyPathAutonomousClaudeCode() {
 async function scenario3UserAbortsOnConfirm() {
     const root = tempRoot();
     try {
-        // framework, claude-code, blank models, skipDoctor=false, confirm=false (abort)
-        const provider = new InstallWizard_1.CannedAnswerProvider([0, 0, '', false, false]);
+        // framework, claude-code, apiKeys=N, oauth=N, blank models, skipDoctor=false, confirm=false (abort)
+        const provider = new InstallWizard_1.CannedAnswerProvider([0, 0, false, false, '', false, false]);
         const wizard = new InstallWizard_1.InstallWizard(root, provider);
         const result = await wizard.run();
         assert(result.ok === false, 'scenario3: expected ok=false');
@@ -156,8 +161,8 @@ async function scenario5PreExistingRepair() {
     const root = tempRoot();
     try {
         writeExistingInstall(root);
-        // 2=repair, then full flow: framework, claude-code, '', skipDoctor=false, confirm=true
-        const provider = new InstallWizard_1.CannedAnswerProvider([2, 0, 0, '', false, true]);
+        // 2=repair, then full flow: framework, claude-code, apiKeys=N, oauth=N, '', skipDoctor=false, confirm=true
+        const provider = new InstallWizard_1.CannedAnswerProvider([2, 0, 0, false, false, '', false, true]);
         const wizard = new InstallWizard_1.InstallWizard(root, provider);
         const result = await wizard.run();
         assert(result.ok === true, 'scenario5: expected ok=true');
@@ -175,8 +180,8 @@ async function scenario6PreExistingReinstall() {
     const root = tempRoot();
     try {
         writeExistingInstall(root);
-        // 1=reinstall, framework, claude-code, '', skipDoctor=false, confirm=true
-        const provider = new InstallWizard_1.CannedAnswerProvider([1, 0, 0, '', false, true]);
+        // 1=reinstall, framework, claude-code, apiKeys=N, oauth=N, '', skipDoctor=false, confirm=true
+        const provider = new InstallWizard_1.CannedAnswerProvider([1, 0, 0, false, false, '', false, true]);
         const wizard = new InstallWizard_1.InstallWizard(root, provider);
         const result = await wizard.run();
         assert(result.ok === true, 'scenario6: expected ok=true');
@@ -192,8 +197,8 @@ async function scenario6PreExistingReinstall() {
 async function scenario7UnsupportedHostGeminiCli() {
     const root = tempRoot();
     try {
-        // framework, host=1 (gemini-cli, not yet supported), blank models, skipDoctor=false, confirm=true
-        const provider = new InstallWizard_1.CannedAnswerProvider([0, 1, '', false, true]);
+        // framework, host=1 (gemini-cli, not yet supported), apiKeys=N, oauth=N, blank models, skipDoctor=false, confirm=true
+        const provider = new InstallWizard_1.CannedAnswerProvider([0, 1, false, false, '', false, true]);
         const wizard = new InstallWizard_1.InstallWizard(root, provider);
         const result = await wizard.run();
         assert(result.ok === true, 'scenario7: expected ok=true even with unsupported host');
@@ -212,8 +217,8 @@ async function scenario8CustomModelChain() {
     const root = tempRoot();
     try {
         const models = 'gemini-api/gemini-3.1-pro-preview,openai-api/gpt-5.4-mini';
-        // framework, claude-code, models=custom, skipDoctor=false, confirm=true
-        const provider = new InstallWizard_1.CannedAnswerProvider([0, 0, models, false, true]);
+        // framework, claude-code, apiKeys=N, oauth=N, models=custom, skipDoctor=false, confirm=true
+        const provider = new InstallWizard_1.CannedAnswerProvider([0, 0, false, false, models, false, true]);
         const wizard = new InstallWizard_1.InstallWizard(root, provider);
         const result = await wizard.run();
         assert(result.ok === true, 'scenario8: expected ok=true');
@@ -252,6 +257,64 @@ async function scenario9OutOfAnswersThrows() {
         cleanup(root);
     }
 }
+async function scenario10WithApiKeysPersists() {
+    const root = tempRoot();
+    try {
+        // framework, claude-code, apiKeys=Y, paste 4 keys (openai+anthropic, skip gemini+openrouter),
+        // oauth=N, blank models, skipDoctor=false, confirm=true
+        const provider = new InstallWizard_1.CannedAnswerProvider([
+            0, 0,
+            true, // wantsApiKeys
+            'openai-test-key', // openai paste (non-secret test fixture)
+            'anthropic-test-key', // anthropic paste (non-secret test fixture)
+            '', // gemini skip
+            '', // openrouter skip
+            false, // wantsOAuth
+            '', // models
+            false, // skipDoctor
+            true, // confirm
+        ]);
+        const wizard = new InstallWizard_1.InstallWizard(root, provider);
+        const result = await wizard.run();
+        assert(result.ok === true, 'scenario10: expected ok=true');
+        if (!result.ok)
+            return;
+        // .env should contain the pasted keys
+        const envPath = path.join(root, '.env');
+        assert(fs.existsSync(envPath), 'scenario10: .env should exist after wizard');
+        const envContent = fs.readFileSync(envPath, 'utf-8');
+        assert(envContent.includes('OPENAI_API_KEY=openai-test-key'), 'scenario10: .env should have OPENAI_API_KEY');
+        assert(envContent.includes('ANTHROPIC_API_KEY=anthropic-test-key'), 'scenario10: .env should have ANTHROPIC_API_KEY');
+        assert(!envContent.includes('GEMINI_API_KEY='), 'scenario10: .env should NOT have GEMINI_API_KEY (skipped)');
+        // SKIPPED_API_KEYS warning should NOT fire when at least one key was provided
+        if (result.warnings) {
+            assert(!result.warnings.some((w) => w.includes('SKIPPED_API_KEYS')), 'scenario10: should NOT warn SKIPPED_API_KEYS when keys were provided');
+        }
+        console.log('✅ scenario 10: API keys collected and persisted to .env');
+    }
+    finally {
+        cleanup(root);
+    }
+}
+async function scenario11ProfileBothMapsToAutonomous() {
+    const root = tempRoot();
+    try {
+        // profile=both(2), claude-code, apiKeys=N, oauth=N, models='', telegram=true (autonomous path),
+        // skipDoctor=false, confirm=true
+        const provider = new InstallWizard_1.CannedAnswerProvider([2, 0, false, false, '', true, false, true]);
+        const wizard = new InstallWizard_1.InstallWizard(root, provider);
+        const result = await wizard.run();
+        assert(result.ok === true, 'scenario11: expected ok=true');
+        if (!result.ok)
+            return;
+        assert(result.options.profile === 'autonomous', 'scenario11: profile=both should map internally to autonomous');
+        assert(Array.isArray(result.warnings) && result.warnings.some((w) => w.includes('INSTALLING_BOTH')), 'scenario11: should emit INSTALLING_BOTH warning so caller knows both layers were intended');
+        console.log('✅ scenario 11: profile=both maps to autonomous with INSTALLING_BOTH warning');
+    }
+    finally {
+        cleanup(root);
+    }
+}
 async function main() {
     console.log('🧪 test_install_wizard — Story 3.5 regression suite');
     await scenario1HappyPathFrameworkClaudeCode();
@@ -263,6 +326,8 @@ async function main() {
     await scenario7UnsupportedHostGeminiCli();
     await scenario8CustomModelChain();
     await scenario9OutOfAnswersThrows();
+    await scenario10WithApiKeysPersists();
+    await scenario11ProfileBothMapsToAutonomous();
     console.log('');
     console.log('TEST_INSTALL_WIZARD_OK');
 }

package/docs/getting-started.md

@@ -0,0 +1,137 @@
+# Getting Started
+
+A 5-minute walkthrough to get OpenLife CLI running on your machine.
+
+## 1. Install globally
+
+```bash
+npm install -g @openlife/cli
+openlife --version
+```
+
+You should see the current version (matching the npm tag).
+
+## 2. Run the wizard
+
+```bash
+openlife init
+```
+
+The wizard prints the OpenLife banner, then walks you through:
+
+1. **Profile** — choose `framework` (CLI only), `autonomous` (daemon),
+   or `both`. `both` installs the autonomous profile, which includes
+   the framework layer.
+2. **Host** — `claude-code`, `gemini-cli`, or `codex`. Auto-detected
+   when you launch `openlife init` from inside one of these CLIs.
+3. **API keys** — paste your `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`,
+   `GEMINI_API_KEY`, and/or `OPENROUTER_API_KEY`. Press Enter to skip
+   any one. Keys are saved to `.env` in the project directory.
+4. **OAuth pointer** — answer `y` if you plan to use `openlife auth
+   gemini` or `openlife auth openai` later. The wizard does not start
+   the OAuth flow itself; it just reminds you to run those commands
+   after init completes.
+5. **Model chain** — comma-separated `provider/model` list, e.g.
+   `openai-api/gpt-5.4-mini,anthropic-api/claude-sonnet-4-6`. Leave
+   blank to accept the defaults from `models.json`.
+6. **Telegram** (autonomous only) — confirm whether `TELEGRAM_BOT_TOKEN`
+   and `OPENLIFE_TELEGRAM_ALLOWED_USER_ID` are already in `.env`.
+7. **Doctor** — answer `n` to run system diagnostics after install.
+8. **Confirm** — review the summary and answer `Y` to proceed.
+
+When the wizard finishes you should see:
+
+```
+✅ OpenLife ready.
+
+Try:
+  openlife ask "hello, what can you do?"
+  openlife status
+  openlife --help
+
+Docs: https://github.com/GOOODZ/openlife-core
+```
+
+## 3. Try your first command
+
+```bash
+openlife ask "summarize this README in one sentence"
+```
+
+OpenLife will route the request to the highest-priority model in your
+chain that has a working key. If no API key is configured, it falls
+back to local Ollama (if available) or returns an error.
+
+## 4. Common follow-ups
+
+- **Set up OAuth (no API key needed):**
+  ```bash
+  openlife auth gemini    # browser-based Google login
+  openlife auth openai    # browser-based OpenAI login
+  ```
+- **Start the autonomous daemon (autonomous profile):**
+  ```bash
+  openlife start --daemon
+  ```
+- **Inspect runtime state:**
+  ```bash
+  ls .openlife/
+  cat .openlife/heartbeat.json
+  cat .openlife/install-manifest.json
+  ```
+- **Update to latest version:**
+  ```bash
+  npm install -g @openlife/cli@latest
+  ```
+
+## Troubleshooting
+
+### `openlife: command not found` after install
+
+The global npm bin directory is probably not on your `PATH`. Run:
+
+```bash
+npm bin -g
+```
+
+Add that path to your shell profile (`~/.bashrc`, `~/.zshrc`).
+
+### `npm install -g` says EEXIST
+
+You have a leftover symlink from a previous `npm link`. Run:
+
+```bash
+npm unlink -g @openlife/cli
+rm -f $(which openlife)
+npm install -g @openlife/cli
+```
+
+### `openlife ask` fails with `MODEL_TIMEOUT` or `no provider available`
+
+No API key is configured and no fallback (Ollama, OAuth) is wired up.
+Either:
+
+- Edit `.env` to add `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, or
+  `GEMINI_API_KEY`, then retry, or
+- Run `openlife auth gemini` / `openlife auth openai` to use OAuth, or
+- Start a local Ollama server (`ollama serve`) and set
+  `OPENLIFE_ENABLE_OLLAMA=true` in `.env`.
+
+### Telegram autonomous mode reports `TELEGRAM_NOT_CONFIGURED`
+
+Set both in `.env`:
+
+```
+TELEGRAM_BOT_TOKEN=<from BotFather>
+OPENLIFE_TELEGRAM_ALLOWED_USER_ID=<your Telegram user id>
+```
+
+Then restart with `openlife start --daemon`.
+
+## Where to go next
+
+- [INSTALL.md](../INSTALL.md) — full install options including
+  non-interactive (`openlife system setup`) for CI use.
+- [README.md](../README.md) — feature overview and architecture.
+- [CHANGELOG.md](../CHANGELOG.md) — what changed across versions.
+- [CONTRIBUTING.md](../CONTRIBUTING.md) — dev setup and conventions.

package/package.json

@@ -1,17 +1,26 @@
 {
   "name": "@openlife/cli",
-  "version": "1.7.4",
+  "version": "1.7.6",
   "description": "OPEN-LIFE Córtex Orquestrador Dual-Core",
   "main": "dist/index.js",
   "files": [
     "dist",
     "bin",
     "scripts",
-    "docs",
     "dist-templates",
+    "docs/README.md",
+    "docs/quickstart.md",
+    "docs/getting-started.md",
+    "docs/workflow-schema.md",
+    "docs/toolset-enforcement.md",
+    "docs/release-process.md",
+    "docs/v1.7-changelog.md",
+    "CHANGELOG.md",
     "LICENSE",
     "README.md",
     "INSTALL.md",
+    "CONTRIBUTING.md",
+    "CODE_OF_CONDUCT.md",
     "package.json"
   ],
   "repository": {

package/docs/CHANGELOG_FEATURE_ROLLOUT_DESIGNMD.md

@@ -1,43 +0,0 @@
-# OpenLife Feature Rollout Changelog (Dual Mode + Reversa + DesignMD)
-
-## Completed in this cycle
-
-### Core execution
-- Dual mode persisted in mission lifecycle (`task` default, `service` explicit)
-- Formal job lifecycle with events (`enqueued/claimed/started/completed/failed/blocked`)
-- Destructive guardrails enforced (delete/remove/erase requires explicit consent)
-
-### Service operations
-- CLI operations: `service status/pause/resume/events`
-- Task introspection: `task status`
-- Budget hard-stop -> service paused + event log
-
-### Workspace foundations
-- Workspace-aware artifacts path under `.artifacts/workspaces/<workspaceId>/...`
-- Service state/events now namespaced by workspace
-
-### Runtime and orchestration
-- Runtime registry probe/list baseline
-- Teammate board baseline (owner/status/blockers/comments)
-- Learning loop baseline (governed skill candidates)
-
-### Reversa and DesignMD
-- Reversa state now supports mode metadata (`default` | `designmd`)
-- New mode setter in Reversa (`setMode`)
-- New `DesignMdMode` manager to apply/design profile and write root `DESIGN.md`
-- CLI surface:
-  - `reversa mode --set <default|designmd> --profile <id>`
-  - `designmd status`
-  - `designmd apply <profileId> <source> <title> <designPath>`
-  - `aiobuilder mode --set <default|designmd> --profile <id>`
-
-## Validation status
-- TypeScript build: passing
-- Automated tests passing for dual mode, guardrails, lifecycle, runtime, reversa-lite, service CLI, teammate/learning
-
-## Next integration step (pending your references/models)
-1. Add importer for Awesome DESIGN.md catalog profile manifests
-2. Add profile templates bundle under `design/profiles/`
-3. Wire Reversa generation phase to enforce active DesignMD profile tokens
-4. Wire AIOBUILDER scaffolding prompts to DesignMD profile context
-5. Add regression tests for DesignMD profile switching and output consistency

package/docs/EXTERNAL_SOURCES_AND_SECURITY_GUARD.md

@@ -1,33 +0,0 @@
-# OpenLife External Sources & Security Guard
-
-## New source catalog commands
-- `openlife sources list`
-- `openlife sources guard-check <url>`
-- `openlife sources scaffold <type> <id> --notes "..."`
-
-## Autonomous creation baselines (local)
-- `openlife agents create <id> --role <role> --notes "..."`
-- `openlife squads create <id> --domain <domain> --notes "..."`
-- `openlife skills create <id> --notes "..."`
-- `openlife mcp create <id> --transport <stdio|http> --entry "..."`
-
-Created artifacts:
-- `.catalog/agents/<id>/AGENT.md`
-- `.catalog/squads/<id>/SQUAD.md`
-- `.catalog/skills/<id>/SKILL.md`
-- `.catalog/mcps/<id>/mcp.json`
-
-## Default reference sources configured
-- https://skills.sh/
-- https://clawhub.ai/
-- https://mcpmarket.com/
-- https://mcpservers.org/
-- https://github.com/ (import-allowed with guard)
-
-## Cybersecurity guard (mandatory pre-download)
-1. Validate source URL trust.
-2. Scan file list / extracted directory for blocked patterns.
-3. Reject package when blocked files are present.
-
-Active enforcement:
-- `designmd import` runs guard before import and blocks when malicious patterns exist.

package/docs/OPENLIFE_AUDIT_2026-05-06.md

@@ -1,170 +0,0 @@
-# OpenLife — Auditoria Geral (2026-05-06)
-
-## Escopo
-
-Auditoria executada em `D:\\VSCODDE-DEV\\openlife-core-main` (`/mnt/d/VSCODDE-DEV/openlife-core-main`).
-
-Sem ações destrutivas, sem commit/push/deploy.
-
-## Estado geral
-
-- Repo correto: `https://github.com/GOOODZ/openlife-core.git`
-- Branch: `main`
-- Build TypeScript: OK
-- CLI principal: operacional via `node bin/openlife.js`
-- Testes oficiais de package:
-  - `npm run test:distribution`: OK
-  - `npm run test:orchestration`: OK
-- Skill `design-extractor`: instalada e reconhecida pelo OpenLife runtime.
-
-## Correções aplicadas após a auditoria
-
-- Runtime-source truth corrigido: `agents list` e `squads list` agora usam `.catalog/agents` e `.catalog/squads` por padrão.
-- `FileAgentProvider` e `FileSquadProvider` aceitam estrutura recursiva `.catalog/<tipo>/<id>/AGENT.md|SQUAD.md`.
-- `phase1-check` não falha mais falsamente quando a fixture de imagem não existe; o check multimodal vira skip explícito.
-- README atualizado para comandos reais (`install`, `system setup`, `up`, `start --daemon`, `chat`).
-- `npm audit fix` aplicado para `axios`/`follow-redirects`; resta apenas advisory moderado de `@anthropic-ai/sdk` com fix breaking.
-- `postinstall-check.sh` atualizado para npm moderno (`npm prefix -g`).
-- Adicionados `test:runtime-source` e `test:all`.
-- Material extra de referência encontrado em `LARA/OPEN-LIFE`; continua tratado como estratégia/documentação, não runtime.
-
-## Achados críticos remanescentes
-
-### 1. Railway último deploy falhou
-
-`railway status` aponta:
-
-- Project: `openlife-01`
-- Environment: `production`
-- Service: `openlife-01`
-
-Último deploy listado: `FAILED` (`efaa3b3f-97b4-4012-a4a2-d6f2f826dec6`).
-
-Logs via CLI não retornaram conteúdo útil nesta auditoria.
-
-Recomendação: investigar pelo Railway UI ou redeploy controlado somente com aprovação explícita.
-
-### 3. `phase1-check` falha em gateway-image
-
-Resultado:
-
-- `gateway-image`: falha por imagem de teste ausente em `.temp_images`.
-
-Recomendação: criar fixture estável de imagem de teste ou tornar o check opcional/skip explícito quando fixture não existir.
-
-### 4. Vulnerabilidades npm
-
-`npm audit --omit=dev` reportou:
-
-- `axios`: high
-- `follow-redirects`: moderate
-- `@anthropic-ai/sdk`: moderate, fix com breaking change
-
-Recomendação: aplicar `npm audit fix` para axios/follow-redirects e avaliar upgrade controlado do Anthropic SDK.
-
-## Achados importantes
-
-### 5. README tem drift de comandos
-
-README documenta:
-
-- `openlife agent start`
-
-Mas o CLI atual não lista comando `agent`; o caminho real é:
-
-- `openlife start --daemon`
-- `openlife up`
-
-Recomendação: atualizar README/INSTALL/docs/commands para superfície real.
-
-### 6. Doctor textual `system doctor` mostra Anthropic ausente como ❌
-
-Mesmo com `OPENLIFE_RUNTIME_PROFILE=oauth-only`, o comando textual `system doctor` ainda imprime `❌ env:ANTHROPIC_API_KEY`.
-
-O doctor universal (`openlife doctor`) classifica corretamente como `severity: info`.
-
-Recomendação: alinhar `system doctor` com severidade do doctor universal para não assustar operador.
-
-### 7. Railway variables parecem incompletas vs local
-
-Railway mostrou `GEMINI_API_KEY`, `TELEGRAM_BOT_TOKEN`, Nixpacks commands e Railway vars. Não apareceram no recorte:
-
-- `OPENLIFE_TELEGRAM_ALLOWED_USER_ID`
-- `OPENLIFE_RUNTIME_PROFILE`
-- `OPENLIFE_ALLOWED_LLM_EXECUTORS`
-- `OPENAI_API_KEY`
-
-Recomendação: validar vars de produção antes de redeploy/start.
-
-### 8. Não há daemon OpenLife local rodando
-
-Processos locais não mostram `openlife.js start --daemon`; só `telegram-proxy.js`.
-
-Recomendação: se a operação local for desejada, iniciar com `openlife up` após confirmar single-poller e token correto.
-
-## Pontos positivos
-
-- `npm run build`: OK
-- `node bin/openlife.js --help`: OK
-- `node bin/openlife.js status`: OK
-- `node bin/openlife.js doctor`: JSON com severidade e sem blocker de Anthropic no perfil oauth-only
-- Telegram token local valida com `getMe` para `@openlife_master_bot`
-- MCP real detecta `mcporter`, `claude`, `codex`
-- Inventário determinístico existe:
-  - 323 agentes
-  - 47 squads
-  - 71 skills
-- `design-extractor` aparece em `skills list` via `/home/rafaleao/skills/design-extractor/SKILL.md`
-- Segurança de delete tem testes dedicados.
-- `Procfile` e `NIXPACKS_START_CMD` usam `node dist/index.js start --daemon`.
-
-## Plano de ação recomendado
-
-### P0 — Estabilização operacional
-
-1. Remover dependência runtime de Obsidian/LARA para agents/squads.
-2. Corrigir Railway vars e investigar último deploy falho.
-3. Atualizar README/INSTALL para comandos reais (`install`, `up`, `start --daemon`).
-4. Corrigir `phase1-check gateway-image` com fixture ou skip controlado.
-
-### P1 — Segurança e governança
-
-1. Rodar upgrade controlado de `axios`/`follow-redirects`.
-2. Avaliar upgrade do `@anthropic-ai/sdk` sem reintroduzir Anthropic obrigatório.
-3. Trocar `execSync(curl ... token ...)` por `fetch`/axios sem interpolar token em shell em `InstallModules.ts`.
-4. Garantir que Railway usa `OPENLIFE_TELEGRAM_ALLOWED_USER_ID`.
-
-### P2 — Produto/UX
-
-1. Consolidar doctor único com severidade clara.
-2. Criar comando `openlife audit` ou `system audit`.
-3. Criar `media route-status` como alias de status, pois `media status` falha.
-4. Documentar separação Hermes vs OpenLife no README principal.
-
-### P3 — Qualidade contínua
-
-1. Criar script `test:all` para os 44 testes `src/test_*.ts`.
-2. Separar testes mutantes dos testes puros.
-3. Criar CI com build + audit + testes essenciais.
-4. Adicionar smoke Railway pós-deploy.
-
-## Comandos usados
-
-```bash
-npm run build
-node bin/openlife.js --help
-node bin/openlife.js system status
-OPENLIFE_RUNTIME_PROFILE=oauth-only node bin/openlife.js system doctor
-node bin/openlife.js doctor
-node bin/openlife.js status
-node bin/openlife.js agents list
-node bin/openlife.js squads list
-node bin/openlife.js skills list
-node bin/openlife.js mcp status --real
-node bin/openlife.js phase1-check
-npm run test:distribution
-npm run test:orchestration
-npm audit --omit=dev
-railway status
-railway deployment list
-```