@ps-neko/nekowork 0.1.0-alpha.10 → 0.1.0-alpha.11

package/CLAUDE.md

@@ -8,7 +8,7 @@
 
 ## 자동 갱신 영역
 
-<!-- HARNESS:START version=0.1.0-alpha.10 -->
+<!-- HARNESS:START version=0.1.0-alpha.11 -->
 <!-- 이 영역은 scripts/sync-claude-md.js 가 자동 갱신한다. 직접 편집 금지. -->
 
 ## 카탈로그 요약

package/README.ko.md

@@ -2,17 +2,17 @@
 
 [English](README.md) | [한국어](README.ko.md)
 
-AI 코드 변경을 위한 검증 기반 오토파일럿입니다.
+**AI 가 만든 코드, 검증 없이는 통과시키지 마세요.**
 
 [![validate](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml/badge.svg)](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml)
 
-AI가 만들고, Codex가 검증하고, 사람은 최종 적용 경계를 승인합니다.
-
-NEKOWORK는 AI가 계획, 수정, 검증, 제한된 재수정, 리포트 생성을 수행하도록 돕습니다. 하지만 최종 `apply`는 항상 사람이 명시적으로 실행해야 합니다.
+NEKOWORK 는 AI 가 생성한 코드를 위한 로컬 검증 게이트입니다. diff 를 분석하고, 결정적 위험 룰을 실행하고, 증거를 수집한 뒤, 머지 / 적용 가능 여부를 판정합니다 — auto-commit / auto-push 없이, LLM 판정에 의존하지 않고.
 
 > 이 문서는 한국어 요약본입니다. 전체 상세 설명과 모든 고급 옵션은 [English README](README.md)를 참고하세요.
 
-여기서 "검증됨"은 정답을 수학적으로 보증한다는 뜻이 아닙니다. 독립 리뷰, 테스트 evidence, 위험 정책, Human Gate, 명시적 apply 경계를 기록했다는 뜻입니다.
+여기서 "검증됨"은 정답을 수학적으로 보증한다는 뜻이 아닙니다. verdict 는 결정적 룰과 검증 결과만 결정합니다. 선택적 Codex 리뷰는 advisor 노트로만 기록되며 verdict 에 영향을 주지 않습니다.
+
+> 1.0 scope 와 로드맵: [docs/SCOPE-1.0.md](docs/SCOPE-1.0.md). 장기 비전 (검증 우선 AI 개발 OS): [docs/VISION.md](docs/VISION.md).
 
 ## 용어
 
@@ -25,12 +25,13 @@ NEKOWORK는 AI가 계획, 수정, 검증, 제한된 재수정, 리포트 생성
 ## 핵심 원칙
 
 ```text
-NEKOWORK = 검증 기반 오토파일럿 -> Codex 검증 -> Human Gate -> 명시적 apply
+NEKOWORK = diff -> 결정적 위험 룰 -> 검증 명령 -> 증거 -> 결정적 verdict -> REPORT -> Human Gate -> 명시적 apply
 ```
 
 ```text
-apply 전까지는 자율적으로.
-ship 전에는 독립 검증.
+증거 없으면 통과 없음.
+LLM 의견은 verdict 아님.
+테스트 없으면 PASS 아님 (INSUFFICIENT_EVIDENCE).
 경계에서는 사람이 통제.
 ```
 
@@ -50,42 +51,41 @@ NEKOWORK는 기본 흐름을 mock provider 모드로 확인할 수 있습니다.
 
 ## 30초 실행
 
-현재 npm alpha를 바로 실행할 수 있습니다.
+요구사항: Node.js 22+, npm, git. commit 이 하나 이상 있는 git repo.
 
 ```bash
 npx -y @ps-neko/nekowork@alpha check
-npx -y @ps-neko/nekowork@alpha start "fix failing tests safely" --session first-start
-npx -y @ps-neko/nekowork@alpha report --session latest
+npx -y @ps-neko/nekowork@alpha verify-pr
+cat REPORT.md
+cat .nekowork/decision.json
 ```
 
-먼저 실행 경로만 보고 싶다면:
+`check` 가 환경을 진단합니다. `verify-pr` 가 현재 working tree diff 를 결정적 위험 룰로 스캔하고, `.nekowork/evidence/` 에 증거를 남기고, 머지/적용 가능 여부를 판정합니다. 프로젝트 루트에 `REPORT.md` 와 `.nekowork/decision.json` 을 작성합니다.
 
-```bash
-npx -y @ps-neko/nekowork@alpha start "fix failing tests safely" --dry-run
-npx -y @ps-neko/nekowork@alpha auto "refactor this safely" --parallel-candidates 2 --dry-run
-```
+> **재현성 메모:** `npx @ps-neko/nekowork@alpha` 는 가장 최근 publish 된 alpha 로 resolve 됩니다. publish 된 alpha 는 `main` 보다 뒤일 수 있습니다. 재현 가능한 동작을 원하면 정확한 버전 (예: `@ps-neko/nekowork@0.1.0-alpha.11`) 을 핀하세요.
+
+Compatibility / legacy 명령 (`cockpit`, `start`, `ask`, `plan`, `team`, `work`, `verify`, `gate`, `ship`, `run`, `build`, `auto`, `pr-prep`, `report --session`, `apply --session`, `review`) 은 [docs/ADVANCED.md](docs/ADVANCED.md) 에 있습니다. 2.0 에서 제거 예정 ([docs/SCOPE-1.0.md](docs/SCOPE-1.0.md) Phased Cut).
 
 ## 한 명령. 하나의 차단된 위험.
 
+AI 가 작성한 변경에 `process.env.X || "fallback"` 이 들어가면:
+
 ```bash
-npx -y @ps-neko/nekowork@alpha auto "add OPENAI_API_KEY fallback for Codex auth"
+npx -y @ps-neko/nekowork@alpha verify-pr
 ```
 
-예시 출력:
+전형적 BLOCK 출력:
 
 ```text
-Risk: provider-auth / long-lived-secret
-Codex verdict: request_changes
-Human Gate: required
-Ship ready: false
-Applied: false
-
-Blocked because NEKOWORK defaults to delegated CLI auth and rejects long-lived provider API key paths unless the human explicitly opts in.
+=== verify-pr ===
+  verdict        : BLOCK
+  reason         : Hardcoded secret fallback detected (src/auth.ts:42)
+  merge_allowed  : false
+  apply_allowed  : false
+  risk_level     : CRITICAL
 ```
 
-설명: NEKOWORK는 delegated CLI auth를 기본값으로 두고, 장기 provider API key 경로는 사람이 명시적으로 선택하지 않는 한 거부합니다.
-
-이것이 NEKOWORK의 핵심입니다. 오토파일럿은 경계 전까지 계속 일할 수 있지만, 위험한 ship/apply 결정은 evidence와 사람의 승인 아래에 둡니다.
+NEKOWORK 의 핵심: AI 는 변경을 만들 수 있지만, 위험한 ship/apply 결정은 결정적 룰과 사람 승인 아래에 둡니다. LLM verdict 는 게이트를 통과할 수 없습니다.
 
 ## 왜 필요한가
 
@@ -189,10 +189,10 @@ NEKOWORK는 하나의 거대한 agent 묶음이 아니라, 일을 나누고 검
 ## 현재 alpha 상태
 
 - Package: `@ps-neko/nekowork`
-- Current alpha: `0.1.0-alpha.10` candidate
+- Current alpha: `0.1.0-alpha.10` (npm `@alpha` published 2026-05-14)
 - CLI: `nekowork`
 - Legacy/internal alias: `harness`
-- Tests: 359 pass
+- Tests: 401 pass
 - npm audit: 0 moderate+ issues
 - Fresh `npx @alpha` smoke: pass
 

package/README.md

@@ -2,15 +2,15 @@
 
 [English](README.md) | [한국어](README.ko.md)
 
-Verifies AI-made code changes before you apply them.
+**Don't merge AI code without verification.**
 
 [![validate](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml/badge.svg)](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml)
 
-Bring your coding agent. NEKOWORK proves the change before apply.
+NEKOWORK is a local verification gate for AI-generated code. It analyzes the diff, runs deterministic risk rules, collects evidence, and decides whether the change is safe to merge or apply — without auto-committing, auto-pushing, or trusting LLM verdicts.
 
-NEKOWORK is a local safety gate for AI coding tools. It checks the diff, records evidence, requires a Human Gate for risky work, and only applies a verified change when you explicitly ask it to.
+Note: "Verified" means independently reviewed with recorded evidence — not mathematically proven correct. The verdict is decided by deterministic rules and check results. Optional Codex review is recorded as an advisor note only and never controls the verdict.
 
-Note: "Verified" means independently reviewed with recorded evidence, not mathematically proven correctness. NEKOWORK combines Codex review, test evidence, risk policy, Human Gate, and explicit apply boundaries.
+> 1.0 scope and roadmap: [docs/SCOPE-1.0.md](docs/SCOPE-1.0.md). Long-term vision (Verification-first AI development OS): [docs/VISION.md](docs/VISION.md).
 
 Note: "ship" in NEKOWORK is a **readiness decision** (`SHIP_READY` or `NO_SHIP`), not a deployment. The `ship` step decides whether `apply` is allowed; it never commits, pushes, deploys, or publishes by itself.
 
@@ -18,79 +18,85 @@ Default path:
 
 ```bash
 npx -y @ps-neko/nekowork@alpha check
-npx -y @ps-neko/nekowork@alpha start "fix failing tests safely" --session first-start
-npx -y @ps-neko/nekowork@alpha report --session latest
+npx -y @ps-neko/nekowork@alpha verify-pr
+cat REPORT.md
+cat .nekowork/decision.json
 ```
 
-Every real `start` run puts the decision first:
+Every real `verify-pr` run puts the verdict first:
 
 ```text
-Verdict: BLOCKED
-Reason: preverify requires Human Gate for secret env fallback
-Human Gate: required
-Ship ready: false
-Apply allowed: false
+=== verify-pr ===
+  verdict        : BLOCK
+  reason         : Hardcoded secret fallback detected (src/auth.ts:42)
+  merge_allowed  : false
+  apply_allowed  : false
+  risk_level     : CRITICAL
 ```
 
-The machine-readable companion `decision.json` is shown in [Example Report](#example-report).
+The machine-readable companion `decision.json` and the full report are in [Example Report](#example-report).
 
 The evidence chain is intentionally narrow:
 
 ```text
-diff -> deterministic risk scan -> Codex verification -> decision.json -> REPORT.md -> Human Gate -> explicit apply
+diff -> deterministic risk rules -> available checks (detected, executed in a later alpha) -> evidence package -> deterministic decision -> REPORT.md -> Human Gate -> explicit apply
 ```
 
-No auto-commit. No auto-push. No surprise deploy. `apply` is explicit and requires verified ship-ready evidence.
+No auto-commit. No auto-push. No surprise deploy. `apply` is explicit; it requires a `decision.json` whose `apply_allowed` is `true`.
 
-Use `start` first. It is the safe beginner entrypoint and prints the final decision before detailed build output. Advanced controls are documented later.
+Bring your AI tool (Cursor / Claude Code / Codex). NEKOWORK starts after the diff is on disk. Advanced and legacy commands are documented in [docs/ADVANCED.md](docs/ADVANCED.md) and gated under Phased Cut (see [docs/SCOPE-1.0.md](docs/SCOPE-1.0.md)).
 
-**Public alpha evidence:** 359 tests / 0 moderate+ npm audit issues / fresh `npx @alpha` smoke / 10 case-study flows / 5 starter packs · [CI badge](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml) · [npm package](https://www.npmjs.com/package/@ps-neko/nekowork) · [terminal transcript](docs/DEMO.md#one-minute-terminal-transcript) · [full report example](docs/DEMO-REPORT.md) · [external run kit](docs/EXTERNAL-RUN.md) · [alpha feedback](https://github.com/Ps-Neko/NEKOWORK/issues/new?template=alpha-feedback.yml) · [roadmap](docs/ROADMAP.md)
+**Public alpha evidence:** 401 tests / 0 moderate+ npm audit issues / fresh `npx @alpha` smoke / 10 case-study flows / 5 starter packs · [CI badge](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml) · [npm package](https://www.npmjs.com/package/@ps-neko/nekowork) · [terminal transcript](docs/DEMO.md#one-minute-terminal-transcript) · [full report example](docs/DEMO-REPORT.md) · [external run kit](docs/EXTERNAL-RUN.md) · [alpha feedback](https://github.com/Ps-Neko/NEKOWORK/issues/new?template=alpha-feedback.yml) · [roadmap](docs/ROADMAP.md)
 
 ![NEKOWORK one-minute terminal demo](docs/assets/demo-terminal.svg)
 
 ## One Command. One Blocked Risk.
 
+After your AI tool (Cursor / Claude Code / Codex) writes a `process.env.X || "fallback"` into your auth code, run:
+
 ```bash
-npx -y @ps-neko/nekowork@alpha start "add OPENAI_API_KEY fallback for Codex auth"
+npx -y @ps-neko/nekowork@alpha verify-pr
 ```
 
-Typical blocked-risk evidence:
+Typical blocked-risk output:
 
 ```text
-Verdict: BLOCKED
-Reason: preverify requires Human Gate for secret env fallback
-Human Gate: required
-Ship ready: false
-Apply allowed: false
-
-Blocked because NEKOWORK defaults to delegated CLI auth and rejects long-lived provider API key paths unless the human explicitly opts in.
+=== verify-pr ===
+  verdict        : BLOCK
+  reason         : Hardcoded secret fallback detected (src/auth.ts:42)
+  risk_level     : CRITICAL
+  merge_allowed  : false
+  apply_allowed  : false
+  findings       : critical=1 high=0 medium=0 low=0
+  top findings:
+    - [CRITICAL] Hardcoded secret fallback detected (src/auth.ts:42)
 ```
 
-That is the thesis: the coding agent can produce the change, but risky ship/apply decisions stay evidence-backed and human-controlled.
+That is the thesis: AI can write the change, but `verify-pr` runs deterministic rules over the diff and refuses to let unverified changes merge or apply.
 
 ## 30-Second First Run
 
-Requirements: Node.js 22+, npm, and git.
+Requirements: Node.js 22+, npm, and git. A git repo with at least one commit.
 
 ```bash
 npx -y @ps-neko/nekowork@alpha check
-npx -y @ps-neko/nekowork@alpha start "fix failing tests safely" --session first-start
-npx -y @ps-neko/nekowork@alpha report --session latest
+npx -y @ps-neko/nekowork@alpha verify-pr
+cat REPORT.md
+cat .nekowork/decision.json
 ```
 
-Start with `start` when you want the simplest safe entrypoint. It is the only command a new user needs before reading the report.
+`check` confirms the environment is ready. `verify-pr` scans the current working tree diff with deterministic risk rules, writes evidence to `.nekowork/evidence/`, and decides whether the change is safe to merge or apply. It writes `REPORT.md` at the project root and `.nekowork/decision.json`.
 
 Source checkout for local development:
 
 ```bash
 node scripts/cli.js check
-node scripts/cli.js start "implement this safely" --session first-start
-node scripts/cli.js report --session latest
+node scripts/cli.js verify-pr
 ```
 
-> **Reproducibility note:** `npx @ps-neko/nekowork@alpha` runs the **published** `0.1.0-alpha.9`. The repository on `main` is the `0.1.0-alpha.10` candidate. If a feature described below was added between those tags, use the source-checkout path above until alpha.10 is published.
+> **Reproducibility note:** `npx @ps-neko/nekowork@alpha` resolves to the most recently published alpha. The published alpha may lag behind `main`. Pin an exact version (e.g. `@ps-neko/nekowork@0.1.0-alpha.11`) for reproducible behavior.
 
-The simple path maps to the evidence loop: `check = doctor --quick`, `start = build`, `report = readable evidence`, and `apply = explicit verified diff application`. See [docs/QUICKSTART.md](docs/QUICKSTART.md) for the longer first-run guide.
+Compatibility / legacy commands (`cockpit`, `start`, `ask`, `plan`, `team`, `work`, `verify`, `gate`, `ship`, `run`, `build`, `auto`, `pr-prep`, `report --session`, `apply --session`, `review`) are documented in [docs/ADVANCED.md](docs/ADVANCED.md). They are scheduled for deprecation in 2.0 per [SCOPE-1.0.md](docs/SCOPE-1.0.md).
 
 ## Works With Your Existing AI Workflow
 
@@ -139,28 +145,35 @@ See the full report contract and example artifact in [docs/DEMO-REPORT.md](docs/
 
 ## Main Surface
 
-The user-facing CLI is intentionally small. Three layers:
-
-**Beginner — start here:**
+**1.0 front surface — start here:**
 
 - `check` — local readiness probe
-- `start` — safe beginner entrypoint, prints verdict first
-- `report` — readable evidence into `REPORT.md`
-- `apply` — explicit verified diff application (refuses without `SHIP_READY` and clear gate)
+- `verify-pr` — verify a diff / PR against deterministic risk rules; writes `REPORT.md` and `.nekowork/decision.json`
+- `verify-pr --comment-file <path>` — emit GitHub PR comment markdown for CI integration
+- `verify-pr --ci-exit-soft` — treat `NEEDS_HUMAN_REVIEW` / `INSUFFICIENT_EVIDENCE` as exit 0 (label-driven CI)
+
+The CI exit code matrix is fixed:
+
+```text
+ALLOW                  = 0
+ALLOW_WITH_WARNINGS    = 0
+NEEDS_HUMAN_REVIEW     = 1
+INSUFFICIENT_EVIDENCE  = 1
+BLOCK                  = 2
+```
 
-**Advanced — phase control:**
+GitHub Actions example: [docs/examples/github-actions-verify-pr.yml](docs/examples/github-actions-verify-pr.yml).
 
-- `ask` / `plan` / `team` / `work` — decomposed authoring with single-executor writes
-- `verify` / `gate` / `ship` — Codex verification, Human Gate, ship-readiness handoff
-- `build` / `auto` / `run` — wrappers over the safety gate; `auto` and `build` never accept `--apply`
-- `pr-prep` — review-ready local artifacts without branch, commit, push, or PR
+**Compatibility / labs — scheduled for deprecation in 2.0:**
 
-**Legacy — compatibility:**
+- Session-based gate: `start` / `report --session` / `apply --session` / `gate status` / `ship --session`
+- Decomposed authoring: `ask` / `plan` / `team` / `work` / `verify` / `pr-prep`
+- Wrappers: `build` / `auto` / `run`
+- Legacy alias: `review` / `review-cycle` / `harness` binary
 
-- `review` / `review-cycle` — older full Claude-led / Codex-reviewed workflow
-- `harness` binary — legacy alias for `nekowork`
+These commands are functional in alpha and documented in [docs/ADVANCED.md](docs/ADVANCED.md). They will get `[deprecated]` labels in 0.3.x and be removed in 2.0 per [docs/SCOPE-1.0.md](docs/SCOPE-1.0.md). Pure 1.0 users should not need them.
 
-Full stage contract: [docs/CLI-STAGES.md](docs/CLI-STAGES.md). Build modes and routing: [docs/BUILD.md](docs/BUILD.md). Bounded autonomy and the apply boundary: [docs/AUTONOMY.md](docs/AUTONOMY.md). Advanced runtime (`ralph`, `wait`, instincts, cost tracking, Rust supervisor): [docs/ADVANCED.md](docs/ADVANCED.md).
+Stage contract for legacy commands: [docs/CLI-STAGES.md](docs/CLI-STAGES.md). Build modes: [docs/BUILD.md](docs/BUILD.md). Bounded autonomy: [docs/AUTONOMY.md](docs/AUTONOMY.md). Advanced runtime (`ralph`, `wait`, instincts, cost tracking, Rust supervisor): [docs/ADVANCED.md](docs/ADVANCED.md).
 
 ## Starter Packs
 
@@ -186,9 +199,9 @@ For comparison and positioning: [docs/WHY-NEKOWORK.md](docs/WHY-NEKOWORK.md).
 
 ## Status
 
-Current repository version: `0.1.0-alpha.10` alpha candidate · Current npm alpha: `@ps-neko/nekowork@0.1.0-alpha.9` (alpha.10 is repository candidate; npm `@alpha` remains 0.1.0-alpha.9 until publish). Package: `@ps-neko/nekowork`. CLI: `nekowork` (`harness` is a legacy alias). Default: mock providers, no API keys.
+Current repository version: `0.1.0-alpha.11` · Current npm alpha: `@ps-neko/nekowork@0.1.0-alpha.10` (published 2026-05-14, `@alpha` dist-tag). Package: `@ps-neko/nekowork`. CLI: `nekowork` (`harness` is a legacy alias). Default: mock providers, no API keys.
 
-Verification: `npm run lint` pass · `npm test` 359 pass · `npm audit --audit-level=moderate` 0 vulns · `npm pack --dry-run --json` pass · `npx -y @ps-neko/nekowork@alpha check` pass with warnings only.
+Verification: `npm run lint` pass · `npm test` 401 tests pass · `npm audit --audit-level=moderate` 0 vulns · `npm pack --dry-run --json` pass · `npx -y @ps-neko/nekowork@alpha check` pass with warnings only.
 
 Live provider auth delegates to local CLI sessions (`claude auth status`, `codex login`, `gemini`); long-lived API key env vars (`ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, `GEMINI_API_KEY`, `GOOGLE_API_KEY`) are blocked unless `HARNESS_AUTH_ALLOW_ENV_OVERRIDE=1`. See [docs/SETUP.md](docs/SETUP.md).
 
@@ -196,7 +209,8 @@ Live provider auth delegates to local CLI sessions (`claude auth status`, `codex
 
 - **Core:** [QUICKSTART](docs/QUICKSTART.md) · [CLI-STAGES](docs/CLI-STAGES.md) · [INTEGRATION](docs/INTEGRATION.md) · [UPSTREAM-RECIPES](docs/UPSTREAM-RECIPES.md) · [BUILD](docs/BUILD.md) · [AUTONOMY](docs/AUTONOMY.md) · [SAFETY-GUARANTEES](docs/SAFETY-GUARANTEES.md) · [FAILURE-MODES](docs/FAILURE-MODES.md)
 - **Demos & evidence:** [DEMO](docs/DEMO.md) · [DEMO-REPORT](docs/DEMO-REPORT.md) · [EXTERNAL-RUN](docs/EXTERNAL-RUN.md) · [case-studies](docs/case-studies)
-- **Reference:** [ADVANCED](docs/ADVANCED.md) · [CATALOG-PACKS](docs/CATALOG-PACKS.md) · [PORTING](docs/PORTING.md) · [PR-PREP](docs/PR-PREP.md) · [RELEASE-READINESS](docs/RELEASE-READINESS.md) · [ARCHITECTURE](docs/ARCHITECTURE.md) · [PRODUCT-PRINCIPLES](docs/PRODUCT-PRINCIPLES.md) · [ROADMAP](docs/ROADMAP.md)
+- **1.0 direction:** [SCOPE-1.0.md](docs/SCOPE-1.0.md) — scope, risk rules, decision policy, fixture sourcing · [VISION.md](docs/VISION.md) — long-term verification-first OS vision
+- **Reference:** [GUIDED-MODE](docs/GUIDED-MODE.md) · [ADVANCED](docs/ADVANCED.md) · [CATALOG-PACKS](docs/CATALOG-PACKS.md) · [PORTING](docs/PORTING.md) · [PR-PREP](docs/PR-PREP.md) · [RELEASE-READINESS](docs/RELEASE-READINESS.md) · [ARCHITECTURE](docs/ARCHITECTURE.md) · [PRODUCT-PRINCIPLES](docs/PRODUCT-PRINCIPLES.md) · [ROADMAP](docs/ROADMAP.md)
 - **Project rules:** [SOUL.md](SOUL.md) · [RULES.md](RULES.md) · [AGENTS.md](AGENTS.md)
 
 ## License

package/WORKING-CONTEXT.md

@@ -10,7 +10,7 @@
 ## Current Truth
 
 - 위치: `C:/Users/Mun/harness/` · 브랜치: `main`
-- 버전: `0.1.0-alpha.10` (repo candidate, npm alpha = 0.1.0-alpha.9)
+- 버전: `0.1.0-alpha.11` (repo candidate, npm alpha = 0.1.0-alpha.10)
 - 카탈로그: 11 agents · 5 skills (+1 ralph) · 5 hooks · 6 modules · 5 profiles
 - 5 빌더 모두 동작 (claude / codex / cursor / gemini / opencode) + codemaps
 - `npm test`, `npm run lint`, `npm audit --audit-level=moderate`, provider live smoke, Rust release build 검증 경로 유지

package/agent.yaml

@@ -1,7 +1,7 @@
 spec_version: gitagent/0.1.0
 name: nekowork
 runtime_name: harness
-version: 0.1.0-alpha.10
+version: 0.1.0-alpha.11
 description: "NEKOWORK - Verified autopilot for AI code changes with Codex verification, Human Gate, and explicit apply"
 license: MIT
 homepage: https://github.com/Ps-Neko/NEKOWORK

package/docs/ADVANCED.md

@@ -1,5 +1,21 @@
 # Advanced Features
 
+> ## Phased Cut status
+>
+> 이 페이지의 대부분 명령은 알파.10 시기의 wide CLI surface 입니다.
+> NEKOWORK 1.0 은 [검증 게이트 정체성](SCOPE-1.0.md) 에 집중하며,
+> 이 명령들은 [Phased Cut](SCOPE-1.0.md#2-phased-cut-단계) 을 거칩니다.
+>
+> | Phase | 시기 | 상태 |
+> |---|---|---|
+> | Phase 0 | now (0.1.x → 0.2.x) | **functional** + hero 강등 |
+> | Phase 1 | 0.3.x → 1.0 | `[deprecated]` 마크 + "removed in 2.0" 경고 |
+> | Phase 2 | 1.x → 2.0 | 제거 또는 `@ps-neko/nekowork-legacy` 분리 |
+>
+> 1.0 의 hero 명령 4종 — `check / verify-pr / report / apply` — 으로 이주를 권장합니다.
+> 명령별 운명은 [SCOPE-1.0.md §3](SCOPE-1.0.md#3-명령-운명-표) 참고.
+> 장기 비전은 [VISION.md](VISION.md) 참고.
+
 The public alpha path focuses on `doctor`, `build`, `report`, `gate`, and the decomposed `ask`, `plan`, `team`, `work`, `verify`, `ship`, `apply`, `run`, `review`, `review-cycle`, and install/apply surfaces. This page keeps the larger runtime surface discoverable without crowding the first-run docs.
 
 ## team

package/docs/ALPHA-RECRUITMENT.md

@@ -0,0 +1,157 @@
+# Alpha User Recruitment — Draft Messages
+
+> 5명 알파 사용자 모집을 위한 채널별 메시지 초안.
+> 검토 후 사용자가 실제 게시 (Claude 가 게시하지 않음).
+> 발화 시점: alpha.11 publish 직후, verify-pr 가 working tree 에서 실제 검증을 수행하는 상태.
+>
+> 목표: 5명 응답 (per [SCOPE-1.0.md §13.1](SCOPE-1.0.md#131-외부-알파-5명-모집-채널)).
+> 채널: 직접 아는 사람 1-2 + r/cursor 또는 r/ClaudeAI 1-2 + GeekNews (한국) 1-2.
+>
+> **모집의 목표는 홍보가 아니라 실제 AI 생성 diff 수집** — SCOPE-1.0 §9 의
+> stage 2/3 fixture 와 §13.2 의 1.0 release gate 를 동시에 만족시키는 경로.
+
+## Pasteable Template — 짧은 버전 (DM / 슬랙 / Discord 등)
+
+가장 빠른 복사용. 친한 사람에게 바로 보낼 때:
+
+```text
+AI 가 만든 PR / diff 를 NEKOWORK verify-pr 로 검증해줄 외부 알파를 찾습니다.
+
+목표는 자동 코딩이 아니라,
+"이 AI 변경을 머지해도 되는가?" 를 REPORT.md 와 decision.json 으로 판정하는 것.
+
+필요한 것:
+- 최근 Claude Code / Cursor / Codex 가 만든 diff 또는 PR
+- npx 로 verify-pr 실행
+- REPORT.md / decision.json 결과 공유
+- 오탐 / 미탐 / 이해 가능성 피드백
+
+10분 정도 부탁드려요.
+
+설치 + 실행:
+  npx -y @ps-neko/nekowork@alpha verify-pr
+
+피드백 양식:
+  https://github.com/Ps-Neko/NEKOWORK/issues/new?template=alpha-feedback.yml
+```
+
+긴 채널별 메시지는 아래 섹션에 보존. 상황에 맞게 골라 사용.
+
+## 공통 정체성 한 줄
+
+```text
+EN: Don't merge AI code without verification.
+KO: AI 가 만든 코드, 검증 없이는 통과시키지 마세요.
+```
+
+## 채널 1: 직접 아는 사람 (DM / Slack / Discord)
+
+### EN
+
+> Hey — I shipped an alpha of NEKOWORK, a local verification gate for AI-generated code. It scans diffs from Cursor / Claude Code / Codex with deterministic rules (secret fallbacks, auto-push, hardcoded credentials, test disables, supply-chain hooks) and refuses to allow merge/apply unless the verdict is clear. No LLM in the verdict path, no auto-commit/push.
+>
+> 60-second try: `npx -y @ps-neko/nekowork@alpha verify-pr` in any git repo with a working tree diff. It writes REPORT.md + decision.json under `.nekowork/`.
+>
+> I'd love 10 minutes of your feedback after a real PR: did the verdict help you decide, was the report readable, did anything false-positive, did anything slip through? Issue template: <link to alpha-feedback>.
+
+### KO
+
+> 안녕하세요 — NEKOWORK 알파를 출시했어요. AI 가 만든 코드 변경의 로컬 검증 게이트입니다. Cursor / Claude Code / Codex 가 만든 diff 를 결정적 룰 (secret fallback, 자동 push, hardcoded credential, test disable, supply chain hook) 로 스캔하고, 판정이 명확하지 않으면 머지/적용을 차단합니다. LLM 은 verdict 경로에 없고, auto-commit/push 없음.
+>
+> 60초 체험: 아무 git repo 의 working tree diff 에서 `npx -y @ps-neko/nekowork@alpha verify-pr`. `.nekowork/` 아래에 REPORT.md 와 decision.json 가 생깁니다.
+>
+> 실제 PR 한 번 돌려보시고 10분 정도 피드백 부탁드려요 — verdict 가 머지 결정에 도움됐는지, REPORT 가 읽기 좋았는지, 오탐/미탐 있었는지. 이슈 템플릿: <link to alpha-feedback>.
+
+## 채널 2: r/cursor / r/ClaudeAI / r/ChatGPTCoding
+
+### Title
+
+```text
+Local verification gate for AI-generated diffs — recall 90+%, no LLM in the verdict path
+```
+
+### Body
+
+```text
+I built NEKOWORK after watching Cursor and Claude Code happily commit `process.env.X || "fallback-secret"` and `git push --force` into PRs I had to review.
+
+What it does: takes the working-tree diff (or a patch file), runs 5 deterministic rules over the added lines, writes evidence, and emits a verdict — ALLOW / ALLOW_WITH_WARNINGS / NEEDS_HUMAN_REVIEW / INSUFFICIENT_EVIDENCE / BLOCK. Optional Codex review is recorded as an advisor note only and never controls the verdict.
+
+Rules (1.0 scope):
+- Secret Fallback (`env.X || "literal"` and 6 variants) — 90% recall on synthetic seed
+- Auto-Apply / Commit / Push (`git push --force`, subprocess git push, auto-merge config)
+- Hardcoded Credential (provider signatures: AKIA, sk_live_, ghp_, xox-, AIza, PEM)
+- Test-Or-Security-Disable (it.skip, @ts-nocheck, file-wide eslint-disable)
+- Package-Lockfile-Risk (postinstall, curl|bash, git/tarball URL deps)
+
+Quick try:
+    npx -y @ps-neko/nekowork@alpha verify-pr
+
+Exit codes match the verdict: 0 ALLOW, 1 NEEDS_REVIEW/NO_EVIDENCE, 2 BLOCK. There's a GitHub Actions example that posts the verdict as a PR comment.
+
+Looking for 5 alpha users to run it on a real PR and report: did it block a real risk? Did it false-positive? Issue template inside the repo. <link>
+```
+
+## 채널 3: GeekNews (한국)
+
+### Title
+
+```text
+NEKOWORK alpha — AI 가 만든 diff 를 결정적 룰로 검증하는 로컬 게이트
+```
+
+### Body
+
+```text
+AI 코딩 도구 (Cursor, Claude Code, Codex) 가 PR 에 자신감 있게 넣는 두 패턴이 가장 무서웠습니다:
+
+1. `process.env.API_KEY || "fallback-secret"` — secret 이 없으면 hardcoded 값으로 동작
+2. `git push --force origin main` — 자동 release script 에 슬쩍 추가
+
+NEKOWORK 는 이런 패턴을 결정적 룰로 잡고, 판정이 명확하지 않으면 머지/적용을 차단하는 로컬 게이트입니다. LLM 은 verdict 경로에 없습니다 (advisor 만).
+
+설치 + 실행 (60초):
+    npx -y @ps-neko/nekowork@alpha verify-pr
+
+산출: `.nekowork/decision.json`, `REPORT.md`, `.nekowork/evidence/risk-findings.json`.
+
+1.0 시점 룰 (synthetic seed 측정):
+- Secret Fallback: recall 90% / FP 0%
+- Auto-Apply-Commit-Push: 100% / 0%
+- Hardcoded Credential (provider 시그니처): 100% / 0%
+- Test-Or-Security-Disable: 100% / 0%
+- Package-Lockfile-Risk: 100% / 0%
+
+알파 사용자 5명 찾고 있어요. 실제 PR 에 돌려보고 (a) BLOCK 이 정당했는지 (b) 오탐 있었는지 (c) REPORT 가 읽기 좋았는지 알려주시면 큰 도움됩니다.
+
+GitHub: <repo link>
+피드백 이슈 템플릿: <link to alpha-feedback>
+```
+
+## 채널 4: HN Show (보류)
+
+verify-pr recall 0.90 이 합성 코퍼스 기준이고 OSS / live AI fixture 가 아직 부족하므로 HN 은 1.0 release 또는 verify-skill land-grab 시점까지 보류.
+SCOPE-1.0.md §13.1 정책에 부합.
+
+## 피드백 수집 항목
+
+각 응답자에게 받을 정보 (alpha-feedback issue template 에 반영):
+
+```text
+- Project type (open source / SaaS / internal / etc.)
+- AI tool used to generate the change (Cursor / Claude Code / Codex / other)
+- Verdict received
+- Was the verdict correct? (yes / no / partial)
+- False positive? (which finding, what context)
+- False negative? (what slipped through)
+- Did REPORT.md help you decide? (1-5)
+- Would you run it on the next PR? (yes / no / depends — say why)
+- What was confusing or missing?
+```
+
+## 1.0 release 게이트 (per SCOPE-1.0.md §13.2)
+
+- 내부 fixture benchmark Secret Fallback recall ≥ 0.90, FP ≤ 0.10 (✅ 이미 통과)
+- CI 에 benchmark job 추가, 3일 연속 PASS (대기)
+- 외부 알파 3/5 명 "다시 쓰겠다" 응답 (대기 — 이 모집의 목표)
+- CRITICAL 미탐 0건 또는 수정 완료 (대기)

package/docs/AUDIT.md

@@ -56,7 +56,7 @@ Current local result for this working tree:
 - `npm run test:unit`: covered by full `npm test`
 - `npm run validate:all`: pass
 - `npm run lint`: pass
-- `npm test`: 359 tests pass
+- `npm test`: 401 tests pass
 - quick run demo: pass through `npm run demo:quick -- --cleanup`
 - external project e2e smoke: pass through `npm test`
 - `node scripts/sync-claude-md.js --check`: pass

package/docs/CATALOG-PACKS.md

@@ -20,7 +20,7 @@ Packs are public install aliases over validated profiles. They make the catalog
 5 hooks
 5 tool targets
 10 case-study flows
-359 tests
+401 tests
 ```
 
 Tool targets:

package/docs/CHANGELOG.md

@@ -4,20 +4,48 @@
 
 ## [Unreleased]
 
+## [0.1.0-alpha.11] - TBD
+
 ### Added
-- Add `nekowork start` as the beginner alias for the safe `build` entrypoint.
-- Add `decision.json` as the shared machine-readable session decision surface.
-- Add deterministic `preverify-summary.json` findings before Codex review for secret, auth, deploy, payment, env/config, permission, and destructive-data risks.
+- Add `nekowork verify-pr` 1.0 entrypoint: scans diff (working tree / staged / range / patch file) with deterministic risk rules, writes evidence to `.nekowork/evidence/`, decides verdict from rule findings + check availability, renders `REPORT.md`.
+- Add 5 deterministic risk rules: Secret Fallback (killer), Auto-Apply-Commit-Push, Hardcoded Credential, Test-Or-Security-Disable, Package-Lockfile-Risk. All pass synthetic seed gate (recall ≥ 0.90, CRITICAL FP ≤ 0.10).
+- Add `INSUFFICIENT_EVIDENCE` verdict: source change with no test command available no longer auto-passes — explicit "cannot verify" state per SCOPE-1.0 §7.
+- Add `--comment-file <path>` option: emits GitHub PR comment markdown.
+- Add `--ci-exit-soft` option: exits 0 for NEEDS_HUMAN_REVIEW / INSUFFICIENT_EVIDENCE so check is informational, not blocking.
+- Add CI exit-code mapping (SCOPE-1.0 §8): ALLOW/ALLOW_WITH_WARNINGS=0, NEEDS_HUMAN_REVIEW/INSUFFICIENT_EVIDENCE=1, BLOCK=2.
+- Add `scripts/lib/diff-parser.js`: unified diff parsing + working-tree git diff (incl. untracked synthesis) + patch-file loading.
+- Add `scripts/lib/project-detector.js`: language / package manager / test / lint / typecheck / build / audit / CI / security file detection.
+- Add `scripts/benchmark/rules.js` and `npm run bench:rules`: per-rule recall + FP measurement against fixture manifests, exits non-zero on 1.0 gate regression.
+- Add `docs/examples/github-actions-verify-pr.yml`: drop-in workflow that posts the verdict as a PR comment and applies labels (`neko/needs-review`, `neko/no-evidence`, `neko/blocked`).
+- Add `docs/SCOPE-1.0.md`: Phased Cut plan (Phase 0 / 1 / 2), risk rules, decision policy, fixture sourcing.
+- Add `docs/VISION.md`: long-term "Verification-first AI development OS" vision separated from current 1.0 product surface.
+- Add `tests/fixtures/secret-fallback`, `tests/fixtures/auto-apply-commit-push`, `tests/fixtures/hardcoded-credential`, `tests/fixtures/test-or-security-disable`, `tests/fixtures/package-lockfile-risk`, `tests/fixtures/oss-negatives` synthetic + real-OSS corpus with `manifest.json` and benchmark targets.
 
 ### Changed
-- Print verdict, reason, Human Gate state, ship readiness, and apply permission first for real `start`/`build` runs.
+- README hero aligned with verification-gate identity ("Don't merge AI code without verification" / "AI 가 만든 코드, 검증 없이는 통과시키지 마세요"). Codex repositioned as optional advisor, never controls verdict.
+- README 30-second flow and "One Command. One Blocked Risk." promote `verify-pr` as the 1.0 entrypoint; `start` documented under Phased Cut.
+- `docs/ADVANCED.md` gains Phased Cut banner with Phase 0 / 1 / 2 status table — 19 alpha-era commands remain functional but are scheduled for deprecation in 2.0 in favor of the verification-first surface.
+
+### Preserved
+- Codex review remains opt-in advisor only — never affects `decision.json.verdict`.
+- No auto-commit, auto-push, auto-merge, or auto-apply behavior is introduced.
+- Existing `check / start / report / apply` and the wider Advanced / Legacy surface continue to function for alpha users; deprecation begins in 0.3.x per SCOPE-1.0 Phase 1.
 
-## [0.1.0-alpha.10] - 2026-05-13
+## [0.1.0-alpha.10] - 2026-05-14
 
 ### Added
+- Add `nekowork start` as the beginner alias for the safe `build` entrypoint.
+- Add `decision.json` as the shared machine-readable session decision surface.
+- Add deterministic `preverify-summary.json` findings before Codex review for secret, auth, deploy, payment, env/config, permission, and destructive-data risks.
 - Add `nekowork pr-prep` to generate review-ready local artifacts from an existing verified session.
 - Add `PR_SUMMARY.md`, `RISK_NOTES.md`, `TEST_EVIDENCE.md`, `CHANGELOG_DRAFT.md`, `SHIP_DECISION.md`, and `pr-prep-summary.json` session evidence.
 - Add `REPORT.md` PR Prep section and `examples/pr-prep-smoke` fixture.
+- Add Beta Graduation Criteria burndown and alpha.10 evidence log in `docs/FEEDBACK-TRIAGE.md`.
+- Promote `nekowork` as the canonical CLI verb prefix (`harness` retained as permanent alias).
+
+### Changed
+- Print verdict, reason, Human Gate state, ship readiness, and apply permission first for real `start`/`build` runs.
+- Lock alpha.10 version consistency across `VERSION`, `package.json`, Provider Mode surface, and upstream artifact catalog.
 
 ### Preserved
 - `pr-prep` does not create branches, commits, pushes, pull requests, applies, publishes, or deploys.