@ps-neko/nekowork 0.1.0-alpha.7 → 0.1.0-alpha.8

package/CLAUDE.md

@@ -8,7 +8,7 @@
 
 ## 자동 갱신 영역
 
-<!-- HARNESS:START version=0.1.0-alpha.7 -->
+<!-- HARNESS:START version=0.1.0-alpha.8 -->
 <!-- 이 영역은 scripts/sync-claude-md.js 가 자동 갱신한다. 직접 편집 금지. -->
 
 ## 카탈로그 요약
@@ -17,8 +17,8 @@
 - skills: 10
 - commands: 1 (legacy compat)
 - hooks: 5 (gateguard-fact-force, config-protection, quality-gate, pre-bash-dispatcher, persistent-mode)
-- packs: core, builder, quality, security, frontend, testing, release, enterprise
-- profiles: core, developer, builder, security, product, quality, frontend, testing, research, full
+- packs: core, builder, productivity, team, debugging, maintenance, pr, catalog-plus, quality, security, frontend, testing, release, enterprise
+- profiles: core, developer, builder, productivity, security, product, quality, frontend, testing, research, full
 - harnesses: claude, codex, cursor, gemini, opencode
 
 ## 에이전트 → 모델 매트릭스

package/README.md

@@ -1,27 +1,36 @@
 # NEKOWORK
 
-Local-first AI development runtime for fast, verified code changes.
+Verified Autopilot for AI code changes.
 
 [![harness-validate](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml/badge.svg)](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml)
 
-Build quickly with AI agents, verify independently with Codex, and apply only with human control.
-
-It runs:
-
-1. Work
-2. Independent verification
-3. Human approval
-4. Explicit apply
-
-No auto-commit. No auto-push. No surprise deploy.
+AI builds. Codex verifies. You approve the boundary.
+
+NEKOWORK plans, edits, verifies, repairs, and prepares ship-ready AI code changes. Final apply remains human-controlled.
+
+It runs:
+
+1. Autonomous planning and build
+2. Independent Codex verification
+3. Bounded repair when findings are fixable
+4. Report, ship/no-ship, and Human Gate
+5. Explicit apply only when the human chooses it
+
+No auto-commit. No auto-push. No surprise deploy.
 
 Product principle:
 
 ```text
-NEKOWORK = fast AI build -> Codex verification -> Human Gate -> explicit apply
-```
+NEKOWORK = verified autopilot -> Codex verification -> Human Gate -> explicit apply
+```
+
+```text
+Autonomous until apply.
+Verified before ship.
+Human-controlled at the boundary.
+```
 
-NEKOWORK packages a local runtime with one source catalog, `agent.yaml`, projected into Claude Code, Codex CLI, Cursor, Gemini CLI, and OpenCode surfaces. The `harness` CLI remains a legacy/internal alias for `nekowork`.
+NEKOWORK packages a local runtime with one source catalog, `agent.yaml`, projected into Claude Code, Codex CLI, Cursor, Gemini CLI, and OpenCode surfaces. The `harness` CLI remains a legacy/internal alias for `nekowork`.
 
 NEKOWORK is intentionally not a 100-agent pack. Every agent, skill, hook, profile, module, and pack must:
 
@@ -30,9 +39,13 @@ NEKOWORK is intentionally not a 100-agent pack. Every agent, skill, hook, profil
 3. produce auditable evidence,
 4. respect Human Gate.
 
-**Public alpha evidence:** 8 packs / 10 profiles / 36 components / 5 harness targets / 7 case-study flows / 277 tests / 0 moderate+ npm audit issues / fresh `npx @alpha` smoke
+**Public alpha evidence:** 14 packs / 11 profiles / 36 components / 5 harness targets / 7 case-study flows / 290 tests / 0 moderate+ npm audit issues / fresh `npx @alpha` smoke
 
-NEKOWORK does not automatically commit, push, publish, deploy, or apply diffs. `apply` is explicit and requires verified ship-ready evidence.
+NEKOWORK does not automatically commit, push, publish, deploy, or apply diffs. `apply` is explicit and requires verified ship-ready evidence.
+
+For bounded autonomy before that boundary, use `auto`: it can route, build, verify, repair fixable findings within a budget, write a report, and then stop before apply.
+
+Next track: `auto --parallel-candidates N` will let isolated candidate workers propose patches, then NEKOWORK will compare them into one canonical ship candidate before Codex verification and Human Gate.
 
 **Latest alpha evidence:** [CI badge](https://github.com/Ps-Neko/NEKOWORK/actions/workflows/harness-validate.yml) / [npm package](https://www.npmjs.com/package/@ps-neko/nekowork) / [smoke transcript](docs/DEMO.md#one-minute-terminal-transcript) / [report artifact](docs/DEMO-REPORT.md)
 
@@ -40,27 +53,33 @@ NEKOWORK does not automatically commit, push, publish, deploy, or apply diffs. `
 
 ![NEKOWORK one-minute terminal demo](docs/assets/demo-terminal.svg)
 
-## Start Here
-
-Use the current npm alpha for the published health smoke:
-
-```bash
-npx -y @ps-neko/nekowork@alpha check
-npx -y @ps-neko/nekowork@alpha build "implement this safely" --dry-run
-npx -y @ps-neko/nekowork@alpha build "implement this safely" --session first-build
-npx -y @ps-neko/nekowork@alpha report --session latest
-```
-
-Start with `build`. Drop down to `work`, `verify`, and `ship` only when you need phase-level control.
+## 30-Second First Run
+
+Use the current npm alpha for the fastest proof of the workflow:
+
+```bash
+npx -y @ps-neko/nekowork@alpha check
+npx -y @ps-neko/nekowork@alpha auto "fix failing tests safely" --session first-auto
+npx -y @ps-neko/nekowork@alpha report --session latest
+```
+
+Start with `auto` when you want NEKOWORK to keep going until report/gate. Use `build` when you want one build pass. Drop down to `work`, `verify`, and `ship` only when you need phase-level control.
+
+Preview the route before running providers or writing session state:
+
+```bash
+npx -y @ps-neko/nekowork@alpha auto "fix failing tests safely" --dry-run
+npx -y @ps-neko/nekowork@alpha build "fix this safely" --dry-run
+```
 
 Use a source checkout for local development:
 
 ```bash
-node scripts/cli.js check
-node scripts/cli.js build "implement this safely" --session first-build
-node scripts/cli.js report --session latest
-node scripts/cli.js gate status --session latest
-```
+node scripts/cli.js check
+node scripts/cli.js auto "implement this safely" --session first-auto
+node scripts/cli.js report --session latest
+node scripts/cli.js gate status --session latest
+```
 
 Or use the decomposed beginner path directly:
 
@@ -71,7 +90,7 @@ node scripts/cli.js report --session first-run
 node scripts/cli.js gate status --session first-run
 ```
 
-The simple paths map to the evidence loop: `check = doctor --quick`, `build = auto routing plus mode presets over run`, and `run = work -> verify -> ship`.
+The simple paths map to the evidence loop: `check = doctor --quick`, `build = auto routing plus mode presets over run`, `auto = bounded build/verify/repair/report before apply`, and `run = work -> verify -> ship`.
 
 Use `build --dry-run` when you want to preview auto routing, mode, profile, workers, stages, and apply policy before running providers or writing session state. Use `build --explain` when you want the same routing rationale and evidence list after a real build.
 
@@ -96,14 +115,16 @@ Strict quality: enabled
 Acceptance coverage: 4/5
 Quality warnings: 2
 
-Evidence:
-- work-summary.json
-- verify-summary.json
-- ship-summary.json
-- gate-summary.json
-```
-
-See the full report contract and example artifact in [docs/DEMO-REPORT.md](docs/DEMO-REPORT.md), and the one-minute terminal transcript in [docs/DEMO.md](docs/DEMO.md).
+Evidence:
+- work-summary.json
+- verify-summary.json
+- ship-summary.json
+- gate-summary.json
+```
+
+The first screen of `REPORT.md` is the trust card: work produced, independent verification, Human Gate, ship readiness, apply state, and whether the target project was mutated.
+
+See the full report contract and example artifact in [docs/DEMO-REPORT.md](docs/DEMO-REPORT.md), and the one-minute terminal transcript in [docs/DEMO.md](docs/DEMO.md).
 
 ## Human Gate Example
 
@@ -147,29 +168,31 @@ Apply command: node scripts/cli.js apply --session first-work
 |---|---|---|
 | Large Claude Code packs | More agents, commands, skills | Curated verification loop |
 | Team simulation | More specialist perspectives | Read-only team plus one executor |
-| Autopilot | Fast autonomous execution | `build` modes, report, gate, explicit apply |
+| Autopilot | Fast autonomous execution | verified autonomy until apply, report, gate, explicit apply |
 | Discipline workflows | Better development habits | Evidence-backed ship decision |
 
-## When To Choose What
-
-| Use case | Prefer |
-|---|---|
-| Add TDD and discipline habits to Claude Code | Superpowers |
-| Get the broadest Claude Code skill/command environment | Everything Claude Code |
-| Simulate startup team roles from planning to QA | GStack |
-| Run autonomous multi-agent execution | OMC |
-| Use one local AI development runtime with safe build modes | NEKOWORK |
-| Verify AI changes, require human approval, then apply explicitly | NEKOWORK |
-
-Use Superpowers, Everything Claude Code, GStack, or OMC to produce stronger AI work when they fit your workflow. Use NEKOWORK as the main runtime when you want build speed plus verification, gate, report, and explicit apply in one product.
+## When To Choose NEKOWORK
+
+| Use case | NEKOWORK fit |
+|---|---|
+| You want one command to keep working until report/gate | `auto` routes, builds, verifies, repairs, and stops before apply |
+| You want one build pass with safe routing | `build` routes the task into safe mode presets |
+| You want daily planning, TDD, debugging, and finish checks | use the `productivity` pack |
+| You want team-style review before implementation | use the `team` pack; handoffs stay read-only |
+| You need PR or release evidence | use `pr` or `release` before ship/apply |
+| You need sensitive-change control | use `security` and keep Human Gate active |
+| You need explicit apply instead of autopilot mutation | keep the default `report -> gate -> apply` path |
+
+Use other AI development tools when they fit your preferred authoring flow. Use NEKOWORK when AI work needs to become verified, reportable, gated, and explicitly applied.
 
 ## Three Paths
 
 Most users should start with the Beginner path. The other paths are for explicit phase control or legacy compatibility.
 
-1. Beginner: `check -> build -> report -> gate`
-2. Advanced: `ask -> plan -> team -> work -> verify -> gate -> ship -> report -> apply`
-3. Legacy: `review` / `review-cycle`
+1. Beginner verified autopilot: `check -> auto -> report -> gate`
+2. One-pass safe build: `check -> build -> report -> gate`
+3. Advanced: `ask -> plan -> team -> work -> verify -> gate -> ship -> report -> apply`
+4. Legacy: `review` / `review-cycle`
 
 ## Why NEKOWORK
 
@@ -177,19 +200,19 @@ NEKOWORK is for teams that want AI-assisted development without making the agent
 
 ## Status
 
-- Current repository version: `0.1.0-alpha.7`
-- Current package name: `@ps-neko/nekowork`
-- Published CLI names: `nekowork` and `harness`
-- Current npm alpha: `@ps-neko/nekowork@0.1.0-alpha.6`
-- Current npm alpha.7 status: repository candidate only; publish requires owner approval
-- Supported install path today: npm alpha, clone, submodule, or local repository integration
+- Current repository version: `0.1.0-alpha.8` alpha candidate
+- Current package name: `@ps-neko/nekowork`
+- Published CLI names: `nekowork` and `harness`
+- Current npm alpha: `@ps-neko/nekowork@0.1.0-alpha.7`
+- Current npm alpha.8 status: repository candidate; public publish is pending owner OTP/web auth
+- Supported install path today: npm alpha, clone, submodule, or local repository integration
 - Dist-tag note: use `@alpha` until a stable release; `latest` still points at the first alpha line
 - Default mode: mock providers, no API keys, no provider CLI calls
 
 Current local verification:
 
 - `npm run lint`: pass
-- `npm test`: 277 tests pass
+- `npm test`: 290 tests pass
 - `npm audit --audit-level=moderate`: 0 vulnerabilities
 - `npm pack --dry-run --json`: pass
 - `npx -y @ps-neko/nekowork@alpha check`: pass with warnings only
@@ -208,12 +231,19 @@ Current local verification:
 
 ## Official Packs
 
-| Pack | Adds | Use when |
-|---|---|---|
-| `core` | minimal verification runtime | first install or repo smoke |
-| `quality` | acceptance coverage, strict evidence prompts | feature work needs proof |
-| `security` | auth/secrets/deploy risk prompts | sensitive changes |
-| `frontend` | UI mockup, component review, accessibility checks | product-facing UI work |
+| Pack | Adds | Use when |
+|---|---|---|
+| `core` | minimal verification runtime | first install or repo smoke |
+| `builder` | safe build modes entrypoint | one-command build with verification and gates |
+| `productivity` | planning, TDD, debugging, finish routines | daily AI-assisted development |
+| `team` | read-only role handoffs | you want team-style review before one executor writes |
+| `debugging` | failing-test and regression triage | the task starts from a bug or unclear root cause |
+| `maintenance` | dependency, refactor, migration, cleanup routines | routine upkeep still needs verification |
+| `pr` | diff review, test evidence, changelog, risk notes | preparing or reviewing a PR |
+| `catalog-plus` | richest curated catalog surface | evaluating the full NEKOWORK catalog |
+| `quality` | acceptance coverage, strict evidence prompts | feature work needs proof |
+| `security` | auth/secrets/deploy risk prompts | sensitive changes |
+| `frontend` | UI mockup, component review, accessibility checks | product-facing UI work |
 | `testing` | regression planning and coverage handoffs | test confidence is the main risk |
 | `release` | ship/no-ship evidence | pre-release checks |
 | `enterprise` | full catalog with all gates | high-control teams |
@@ -316,9 +346,10 @@ The public alpha surface is intentionally small:
 - `gate`: inspect, approve, or block a human gate for a session
 - `ship`: produce a ship/no-ship readiness handoff after Codex verification
 - `apply`: apply a verified `SHIP_READY` live-work diff to the target project
-- `run`: execute the decomposed wrapper, `work -> verify -> ship`, with optional apply
-- `build`: one-command builder wrapper with default `auto` routing, explicit `fast`, `safe`, `team`, `tdd`, `release`, and `--dry-run` preview
-- `report`: summarize session evidence into `REPORT.md` without project mutation
+- `run`: execute the decomposed wrapper, `work -> verify -> ship`, with optional apply
+- `build`: one-command builder wrapper with default `auto` routing, explicit `fast`, `safe`, `team`, `tdd`, `release`, and `--dry-run` preview
+- `auto`: bounded autonomy wrapper that can repair fixable no-ship findings within budget, then report and stop before apply
+- `report`: summarize session evidence into `REPORT.md` without project mutation
 - `review`: run the legacy full Claude-led/Codex-reviewed workflow
 - `review-cycle`: explicit compatibility alias for the legacy full review workflow
 - `install --plan` / `install --apply`: project generated harness surfaces
@@ -327,22 +358,27 @@ Advanced features such as `team-lite`, `ralph`, `wait`, instincts, cost tracking
 
 `plan` is recommended before `work` for larger changes. The current `run` command intentionally stays compact: it runs `work -> verify -> ship`, records acceptance criteria through `work`, and applies only when `--apply` is explicitly provided.
 
-Use `build "<task>"` when NEKOWORK should be the single entrypoint. It defaults to `--mode auto`, classifies the task, selects `fast`, `safe`, `team`, `tdd`, or `release`, records build intelligence, and still uses one executor for writes, Codex verification before ship, and explicit apply only. Use an explicit `--mode` when you need to override the router.
-
-Risky explicit overrides are protected. For example, `build "change OAuth token validation" --mode fast` is blocked because auto routing recommends `safe`; use `--mode safe` or add `--force-mode` only when you intentionally accept that override.
+Use `build "<task>"` when NEKOWORK should be the single entrypoint. It defaults to `--mode auto`, classifies the task, selects `fast`, `safe`, `team`, `tdd`, or `release`, records build intelligence, and still uses one executor for writes, Codex verification before ship, and explicit apply only. The mode safety ordering is manifest-backed in `manifests/build-modes.json`. Use an explicit `--mode` when you need to override the router.
+
+Risky explicit overrides are protected. For example, `build "change OAuth token validation" --mode fast` is blocked because auto routing recommends `safe`, and `build "prepare npm package publish release notes" --mode fast` is blocked because auto routing recommends the higher-safety `release` mode. Use the recommended mode or add `--force-mode` only when you intentionally accept that downgrade.
+
+Use `auto "<task>"` when NEKOWORK should continue before the apply boundary. `auto` routes through the same build intelligence, runs `build`, repeats fixable no-ship work within `--level cautious|normal|aggressive` budgets, writes `auto-summary.json`, generates `REPORT.md`, and never accepts `--apply`.
 
 Use `--profile quality` or `--profile security` on `work`, `verify`, and `run` when a task needs stronger evidence prompts. Add `--strict-quality` to `verify`, `run`, or `build` when missing evidence or acceptance coverage should become a fix-required verdict before ship.
 
 Use official packs when choosing an install shape:
 
 ```bash
-node scripts/install-plan.js --list
-node scripts/install-plan.js --pack builder
-node scripts/install-plan.js --pack quality
-node scripts/install-plan.js --pack security --target codex --json
-```
-
-Packs are aliases over validated profiles. They add clearer product packaging without weakening the core gates.
+node scripts/install-plan.js --list
+node scripts/install-plan.js --pack productivity
+node scripts/install-plan.js --pack team
+node scripts/install-plan.js --pack pr
+node scripts/install-plan.js --pack builder
+node scripts/install-plan.js --pack quality
+node scripts/install-plan.js --pack security --target codex --json
+```
+
+Packs are aliases over validated profiles. They add clearer product packaging without weakening the core gates. `productivity` is the shortest daily discipline pack: brainstorm, plan, TDD, debug, execute, verify, report, and finish over the same safe build loop. `team`, `debugging`, `maintenance`, `pr`, and `catalog-plus` make the catalog feel richer while still resolving to safety-checked profiles.
 
 ## Catalog
 
@@ -350,8 +386,8 @@ Packs are aliases over validated profiles. They add clearer product packaging wi
 - Skills: 10
 - Hooks: 5
 - Modules: 7
-- Profiles: `core`, `developer`, `builder`, `security`, `product`, `quality`, `frontend`, `testing`, `research`, `full`
-- Official packs: `core`, `builder`, `quality`, `security`, `frontend`, `testing`, `release`, `enterprise`
+- Profiles: `core`, `developer`, `builder`, `productivity`, `security`, `product`, `quality`, `frontend`, `testing`, `research`, `full`
+- Official packs: `core`, `builder`, `productivity`, `team`, `debugging`, `maintenance`, `pr`, `catalog-plus`, `quality`, `security`, `frontend`, `testing`, `release`, `enterprise`
 - Harness targets: `claude`, `codex`, `cursor`, `gemini`, `opencode`
 
 Key skills:
@@ -372,9 +408,10 @@ Key skills:
 ```bash
 node scripts/cli.js doctor
 node scripts/cli.js doctor --quick --gemini-smoke
-npm run demo:quick
-node scripts/cli.js build "builder smoke" --mode team --session build-smoke
-node scripts/cli.js report --session latest
+npm run demo:quick
+node scripts/cli.js build "builder smoke" --mode team --session build-smoke
+node scripts/cli.js auto "fix failing tests safely" --level normal --dry-run
+node scripts/cli.js report --session latest
 node scripts/install-plan.js --list
 node scripts/install-plan.js --pack quality
 node scripts/install-plan.js --profile developer
@@ -419,13 +456,16 @@ npm run security:hardening
 npm pack --dry-run --json
 ```
 
-`npm pack --dry-run --json` currently produces a package named like `ps-neko-nekowork-0.1.0-alpha.7.tgz`. It does not publish.
+`npm pack --dry-run --json` currently produces a package named like `ps-neko-nekowork-0.1.0-alpha.8.tgz`. It does not publish.
 
 ## Documentation
 
-- [docs/QUICKSTART.md](docs/QUICKSTART.md) - first run and common paths
-- [docs/BUILD.md](docs/BUILD.md) - build command modes and invariants
-- [docs/WHY-NEKOWORK.md](docs/WHY-NEKOWORK.md) - comparison and product positioning
+- [docs/QUICKSTART.md](docs/QUICKSTART.md) - first run and common paths
+- [docs/BUILD.md](docs/BUILD.md) - build command modes and invariants
+- [docs/AUTONOMY.md](docs/AUTONOMY.md) - bounded autonomy, repair budgets, and the apply boundary
+- [docs/PARALLEL-CANDIDATES.md](docs/PARALLEL-CANDIDATES.md) - planned isolated candidate writer contract
+- [docs/PR-PREP.md](docs/PR-PREP.md) - planned PR prep artifact contract
+- [docs/WHY-NEKOWORK.md](docs/WHY-NEKOWORK.md) - comparison and product positioning
 - [docs/CATALOG-PACKS.md](docs/CATALOG-PACKS.md) - curated catalog, official packs, and case-study evidence
 - [docs/PUBLISH-ALPHA.md](docs/PUBLISH-ALPHA.md) - public npm alpha release plan
 - [docs/ROADMAP.md](docs/ROADMAP.md) - small alpha roadmap and non-goals

package/agent.yaml

@@ -1,8 +1,8 @@
 spec_version: gitagent/0.1.0
 name: nekowork
 runtime_name: harness
-version: 0.1.0-alpha.7
-description: "NEKOWORK - Local-first AI development runtime for fast, verified code changes"
+version: 0.1.0-alpha.8
+description: "NEKOWORK - Verified autopilot for AI code changes with Codex verification, Human Gate, and explicit apply"
 license: MIT
 homepage: https://github.com/Ps-Neko/NEKOWORK
 # authors: contributor 목록은 git 히스토리로 갈음. 별도 명시 안 함.
@@ -90,6 +90,7 @@ profiles:
     - core
     - developer
     - builder
+    - productivity
     - security
     - product
     - quality

package/docs/ADVANCED.md

@@ -205,7 +205,8 @@ Rules:
 - `release` focuses on ship/readiness and report evidence.
 - `--dry-run` previews auto routing, preset resolution, stages, workers, and safety invariants without writing session state.
 - `--explain` prints routing rationale and evidence files after the build.
-- `--force-mode` is required when a risky task is manually forced away from the recommended `safe` mode.
+- `--force-mode` is required when a risky task is manually forced into a lower-safety mode than the risk-aware recommendation.
+- Build mode safety ranks are defined in `manifests/build-modes.json` and validated with the manifest schemas, so mode policy changes are reviewable outside the CLI code.
 - `apply` is never implicit; use `--apply` only for verified live-work diffs.
 
 Outputs:

package/docs/ARCHITECTURE.md

@@ -1,6 +1,6 @@
 # Architecture
 
-NEKOWORK is the product and public name. It packages a local runtime with one canonical catalog and projects that catalog into multiple agent surfaces. The `harness` binary remains a legacy/internal CLI alias.
+NEKOWORK is the product and public name. It is a verified autopilot for AI code changes with one canonical catalog projected into multiple agent surfaces. The `harness` binary remains a legacy/internal CLI alias.
 
 ## Core Idea
 
@@ -88,6 +88,7 @@ node scripts/cli.js report --session work-smoke --project-root <target>
 node scripts/cli.js apply --session work-smoke --project-root <target>
 node scripts/cli.js run "decomposed wrapper" --session run-smoke --project-root <target>
 node scripts/cli.js build "safe builder wrapper" --mode team --session build-smoke --project-root <target>
+node scripts/cli.js auto "bounded autonomy before apply" --level normal --session auto-smoke --project-root <target>
 node scripts/cli.js review "change request" --no-ship --project-root <target>
 node scripts/cli.js review-cycle "legacy full-cycle request" --no-ship --project-root <target>
 ```
@@ -205,8 +206,8 @@ Builders project the catalog into tool-specific files:
 
 ## Release State
 
-The current repository release line is `0.1.0-alpha.7`:
+The current repository release line is `0.1.0-alpha.8` candidate:
 
 - Repository and GitHub tarball release are available.
-- Public npm alpha is published as `@ps-neko/nekowork@alpha` and currently points at `0.1.0-alpha.6` until alpha.7 is explicitly published.
+- Public npm alpha is published as `@ps-neko/nekowork@alpha` and currently points at `0.1.0-alpha.7`; alpha.8 publish is pending owner OTP/web auth.
 - Clone, submodule, and local checkout integration remain supported for repository-pinned workflows.

package/docs/AUDIT.md

@@ -2,20 +2,20 @@
 
 Status date: 2026-05-08
 
-This audit summarizes the current NEKOWORK state after publishing the `0.1.0-alpha.6` public alpha and preparing the `0.1.0-alpha.7` repository candidate.
+This audit summarizes the current NEKOWORK state after preparing the `0.1.0-alpha.8` repository alpha candidate. Public npm `@alpha` remains on `0.1.0-alpha.7` until the owner completes OTP/web auth for alpha.8.
 
 ## Current Status
 
 | Area | Status | Notes |
 |---|---|---|
-| Package metadata | OK | repository version `@ps-neko/nekowork@0.1.0-alpha.7`, `agent.yaml` uses `name: nekowork`, `runtime_name: harness`, matching version, and `nekowork`/`harness` CLI bins |
-| npm publish | OK | `@ps-neko/nekowork@alpha` points at `0.1.0-alpha.6` |
+| Package metadata | OK | repository version `@ps-neko/nekowork@0.1.0-alpha.8`, `agent.yaml` uses `name: nekowork`, `runtime_name: harness`, matching version, and `nekowork`/`harness` CLI bins |
+| npm publish | Pending | `@ps-neko/nekowork@alpha` points at `0.1.0-alpha.7`; alpha.8 dry-run passes but real publish is blocked by owner OTP |
 | Source install | OK | Clone, local checkout, and submodule workflows are documented |
-| Public npm alpha | OK | `docs/PUBLISH-ALPHA.md` records alpha publishes through `0.1.0-alpha.6` |
+| Public npm alpha | OK | `docs/PUBLISH-ALPHA.md` records alpha publishes through `0.1.0-alpha.7` and alpha.8 candidate state |
 | CLI doctor/check | OK | `check`, `doctor`, `doctor --quick`, and `doctor --gemini-smoke` are available |
 | Provider auth | OK | Local delegated CLI auth is the default path |
 | Internal provider adapter | OK | `HARNESS_PROVIDER_OVERRIDE=internal` can call an explicit JSON command adapter without weakening gates |
-| Catalog | OK | 8 official packs, 11 agents, 10 skills, 5 hooks, 7 modules, 36 components, 10 profiles |
+| Catalog | OK | 14 official packs, 11 agents, 10 skills, 5 hooks, 7 modules, 36 components, 11 profiles |
 | Multi-harness output | OK | Claude, Codex, Cursor, Gemini, and OpenCode builders are present |
 | Quick demo | OK | `npm run demo:quick` verifies the shortest no-API `doctor -> build -> report -> gate status` path |
 | Fresh npm alpha smoke | OK | CI runs `npx -y @ps-neko/nekowork@alpha check --json` from a disposable directory |
@@ -30,7 +30,7 @@ This audit summarizes the current NEKOWORK state after publishing the `0.1.0-alp
 | Persistent wakeup | OK | `wait` resumes supported active sessions and blocks on `HUMAN_GATE` |
 | Generated docs | OK | CODEMAP output is stable ASCII and reproducible |
 | Tests | OK | Unit, integration, and e2e suites pass locally and in CI |
-| Release | OK | `v0.1.0-alpha.6` is tagged and published as a GitHub prerelease |
+| Release | Pending | `v0.1.0-alpha.7` is the latest GitHub prerelease; alpha.8 tag/release waits on publish |
 
 ## Verification Gates
 
@@ -55,7 +55,7 @@ Current local result for this working tree:
 - `npm run test:unit`: covered by full `npm test`
 - `npm run validate:all`: pass
 - `npm run lint`: pass
-- `npm test`: 277 tests pass
+- `npm test`: 290 tests pass
 - quick run demo: pass through `npm run demo:quick -- --cleanup`
 - external project e2e smoke: pass through `npm test`
 - `node scripts/sync-claude-md.js --check`: pass
@@ -63,9 +63,9 @@ Current local result for this working tree:
 - `npm audit --audit-level=moderate`: 0 vulnerabilities
 - `npm pack --dry-run --json`: pass
 - `npm publish --dry-run --access public --tag alpha`: pass
-- `npm publish --access public --tag alpha`: `0.1.0-alpha.6` published
-- `npm view @ps-neko/nekowork dist-tags version versions --json`: `alpha` points at `0.1.0-alpha.6`; `latest` remains `0.1.0-alpha.0`
-- `npx -y @ps-neko/nekowork@alpha check`: passed for `0.1.0-alpha.6` with WARN summary from Gemini auth not checked
+- `npm publish --access public --tag alpha`: blocked by `EOTP`; owner OTP/web auth still required
+- `npm view @ps-neko/nekowork dist-tags version versions --json`: `alpha` points at `0.1.0-alpha.7`; `latest` remains `0.1.0-alpha.0`
+- `npx -y @ps-neko/nekowork@alpha check`: passed for `0.1.0-alpha.7` with WARN summary from Gemini auth not checked
 
 ## Completed Work
 
@@ -94,7 +94,7 @@ Current local result for this working tree:
 - Official packs expose curated install shapes without creating a second safety model.
 - Checked-in example fixtures now cover financial UI, CI hardening, and quality lifecycle evidence flows.
 - Third-party case studies record NEKOWORK runs against `sindresorhus/is-plain-obj`, `jshttp/basic-auth`, `python-hyper/h11`, and `motdotla/dotenv`.
-- Public npm alpha `0.1.0-alpha.6` is published under the `alpha` dist-tag.
+- Public npm alpha `0.1.0-alpha.7` is published under the `alpha` dist-tag; alpha.8 is a repository candidate.
 
 ## Remaining Optional Work
 

package/docs/AUTONOMY.md

@@ -0,0 +1,92 @@
+# Verified Autopilot
+
+NEKOWORK is a verified autopilot for AI code changes. It can plan, build, verify, and repair before the apply boundary, but it never applies, commits, pushes, publishes, or deploys without explicit human action.
+
+Autonomy is bounded by the apply boundary:
+
+```text
+route -> build -> verify -> repair loop -> report -> Human Gate / explicit apply
+```
+
+`auto` can plan, build, verify, and repair fixable findings before apply. It never commits, pushes, publishes, deploys, opens a PR, or applies a diff.
+
+## Command
+
+```bash
+nekowork auto "fix failing tests safely"
+nekowork auto "implement OAuth login" --level cautious
+nekowork auto "prepare release readiness" --level normal --mode release
+nekowork auto "large cleanup" --level aggressive --budget 5
+```
+
+Preview without creating a session:
+
+```bash
+nekowork auto "change OAuth token validation" --dry-run --json
+```
+
+## Levels
+
+| Level | Repair Budget | Use when |
+|---|---:|---|
+| `cautious` | 1 round, no repair loop | the human wants one verified attempt and a report |
+| `normal` | up to 3 rounds | fixable findings can be repaired before report |
+| `aggressive` | up to 5 rounds | larger work can iterate more, but still stops before apply |
+
+All levels preserve the same hard boundary:
+
+- no automatic `apply`
+- no automatic commit, push, publish, deploy, or PR creation
+- multi-worker thinking stays read-only
+- one executor owns project-file mutation per work round
+- Codex verification remains required before ship/apply
+- Human Gate cannot be bypassed
+
+## Repair Policy
+
+`auto` repeats the safe build loop only when the prior round is fixable:
+
+| Result | Auto behavior |
+|---|---|
+| `ship_ready` | stop and write report |
+| `no_ship` with fixable findings | repair until the level budget is exhausted |
+| `human_gate` | stop immediately |
+| unknown or non-fixable state | stop and write report |
+
+The output is `auto-summary.json` plus the normal session evidence:
+
+```text
+build-intelligence.json
+build-plan.json
+acceptance-criteria.json
+build-summary.json
+run-summary.json
+verify-summary.json
+ship-summary.json
+REPORT.md
+```
+
+## Apply Boundary
+
+`auto` deliberately rejects `--apply`.
+
+After `auto` finishes, the human should inspect:
+
+```bash
+nekowork report --session <id>
+nekowork gate status --session <id>
+```
+
+Only after verified `SHIP_READY` evidence and clear gates should the human choose an explicit apply command:
+
+```bash
+nekowork apply --session <id>
+```
+
+This is the product rule:
+
+```text
+Autonomous until apply.
+Verified before ship.
+Human-controlled at the boundary.
+```