agent-cli-runtime 0.1.0-alpha.0 → 0.1.0-alpha.1

package/README.md

@@ -346,7 +346,7 @@ node ./dist/cli/main.js smoke --mode real --agent codex --json
 
 CI uses a Node.js 20/22/24 matrix for typecheck, lint, tests, build, production dependency audit, package boundary checks, and `npm pack --dry-run`. A separate single-Node release-gates job runs `npm run daemon:verify`, `npm run runtime:safety`, and `npm run dogfood` so the full matrix does not launch redundant installed-package gates. The dogfood, CI, and prepublish paths share the same safety boundary: fixtures, fake CLIs, and real local detection/profile certification are allowed by default; authenticated real agent runs are not launched unless `--allow-real-run` is explicit.
 
-For local release-candidate confidence, run `npm run prepublish:check`. It combines typecheck, lint, tests, build, daemon embedding verification, runtime safety verification, dogfood, production audit, package boundary checks, and a pack dry-run. The GitHub Actions `Release Candidate` workflow is manually triggered with `workflow_dispatch`, runs `npm ci`, `npm run ci`, `npm run dogfood`, and `npm run release:candidate -- --out-dir release-candidate`; the generated artifact set includes `agent-cli-runtime-tarball`, `agent-cli-runtime-pack-metadata`, `agent-cli-runtime-package-files`, `agent-cli-runtime-gate-evidence`, and `agent-cli-runtime-release-verification`. P3-10 pre-documentation release-candidate evidence is run `27945938663` for SHA `fdba3ebccb2e57a0ad295101028a2a3937a92204`, with all five downloaded artifacts passing `npm run release:verify -- --dir /tmp/agent-runtime-p3-10-current-head-remote-66VIhN/normalized` using `agent-cli-runtime.releaseVerification.v1`. Because release docs are included in the npm package, committing this evidence packet changes the package shasum; run `27945938663` must not be used as final post-documentation publish evidence. The human-gated publish packet stops at `npm publish --dry-run --ignore-scripts --tag alpha`; npm publish has not occurred, and a real publish requires a fresh release-candidate run after committing this packet. Historical P3-9 run `27943672095` only proves target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`; historical P3-9 interim run `27942743285` only proves target SHA `a0299a7d81bb614661922bebc8c75496cf0a3d11` before the strict `fixtures?` package-boundary lock; historical P3-8 run `27940814340` only proves target SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`; historical P3-5 run `27932628093` only proves workflow head SHA `8d7bc2a19c626caa1ad5223acbcd35df34aff18e`. It does not publish and does not require an npm token.
+For local release-candidate confidence, run `npm run prepublish:check`. It combines typecheck, lint, tests, build, daemon embedding verification, runtime safety verification, dogfood, production audit, package boundary checks, and a pack dry-run. The GitHub Actions `Release Candidate` workflow is manually triggered with `workflow_dispatch`, runs `npm ci`, `npm run ci`, `npm run dogfood`, and `npm run release:candidate -- --out-dir release-candidate`; the generated artifact set includes `agent-cli-runtime-tarball`, `agent-cli-runtime-pack-metadata`, `agent-cli-runtime-package-files`, `agent-cli-runtime-gate-evidence`, and `agent-cli-runtime-release-verification`. Version `0.1.0-alpha.0` was published to npm and has a GitHub pre-release at `v0.1.0-alpha.0`; that immutable tarball contains stale pre-publish status text, so `0.1.0-alpha.1` is the corrective alpha candidate. Because release docs are included in the npm package, volatile current-run evidence must stay outside packaged docs under `.release-evidence/` or GitHub Release assets. A real alpha publish requires a fresh release-candidate workflow for the exact commit being published, downloaded artifacts passing `npm run release:verify -- --dir <normalized-artifact-dir>`, and explicit maintainer authorization for `npm publish --tag alpha`.
 
 To create a local release-candidate artifact set without publishing, run:
 

package/README.zh-CN.md

@@ -344,7 +344,7 @@ node ./dist/cli/main.js smoke --mode real --agent codex --json
 
 CI 使用 Node.js 20/22/24 matrix 跑 typecheck、lint、tests、build、production dependency audit、package boundary check 和 `npm pack --dry-run`。`npm run daemon:verify`、`npm run runtime:safety` 和 `npm run dogfood` 放在单 Node 版本 release-gates job 中执行，避免 matrix 重复跑 installed-package gates。dogfood、CI 和 prepublish 的默认边界一致：允许 fixtures、fake CLIs、真实本地 detection/profile certification；不带 `--allow-real-run` 时不启动 authenticated real agent run。
 
-本地 release-candidate 置信门禁使用 `npm run prepublish:check`。它会组合 typecheck、lint、tests、build、daemon embedding verification、runtime safety verification、dogfood、production audit、package boundary check 和 pack dry-run。GitHub Actions 的 `Release Candidate` workflow 通过 `workflow_dispatch` 手动触发，执行 `npm ci`、`npm run ci`、`npm run dogfood` 和 `npm run release:candidate -- --out-dir release-candidate`；生成并上传 `agent-cli-runtime-tarball`、`agent-cli-runtime-pack-metadata`、`agent-cli-runtime-package-files`、`agent-cli-runtime-gate-evidence` 和 `agent-cli-runtime-release-verification`。P3-10 提交证据文档前的 release-candidate 证据是 SHA `fdba3ebccb2e57a0ad295101028a2a3937a92204` 的 run `27945938663`，五个下载 artifacts 已通过 `npm run release:verify -- --dir /tmp/agent-runtime-p3-10-current-head-remote-66VIhN/normalized`，schema 为 `agent-cli-runtime.releaseVerification.v1`。由于 release docs 会进入 npm package，提交本证据 packet 会改变 package shasum；run `27945938663` 不能作为提交这些文档后的最终发布证据。人工发布 packet 的 stop point 是 `npm publish --dry-run --ignore-scripts --tag alpha`；npm publish 尚未发生，真实发布前必须在提交本 packet 后重新触发 fresh release-candidate run。历史 P3-9 run `27943672095` 只证明目标 SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`；历史 P3-9 interim run `27942743285` 只证明 strict `fixtures?` package-boundary lock 之前的目标 SHA `a0299a7d81bb614661922bebc8c75496cf0a3d11`；历史 P3-8 run `27940814340` 只证明目标 SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`；历史 P3-5 run `27932628093` 只证明 workflow head SHA `8d7bc2a19c626caa1ad5223acbcd35df34aff18e`。它不执行 publish，也不需要 npm token。
+本地 release-candidate 置信门禁使用 `npm run prepublish:check`。它会组合 typecheck、lint、tests、build、daemon embedding verification、runtime safety verification、dogfood、production audit、package boundary check 和 pack dry-run。GitHub Actions 的 `Release Candidate` workflow 通过 `workflow_dispatch` 手动触发，执行 `npm ci`、`npm run ci`、`npm run dogfood` 和 `npm run release:candidate -- --out-dir release-candidate`；生成并上传 `agent-cli-runtime-tarball`、`agent-cli-runtime-pack-metadata`、`agent-cli-runtime-package-files`、`agent-cli-runtime-gate-evidence` 和 `agent-cli-runtime-release-verification`。`0.1.0-alpha.0` 已发布到 npm，并有 `v0.1.0-alpha.0` GitHub pre-release；该不可变 tarball 内含过期的发布前状态说明，所以 `0.1.0-alpha.1` 是修复该文档状态的 alpha candidate。由于 release docs 会进入 npm package，current-run 的易漂移证据必须留在包外的 `.release-evidence/` 或 GitHub Release assets 中。真实 alpha publish 需要先为待发布 commit 触发 fresh release-candidate workflow，下载 artifacts 并通过 `npm run release:verify -- --dir <normalized-artifact-dir>`，再由 maintainer 明确授权执行 `npm publish --tag alpha`。
 
 如需在本地生成可审查的 release-candidate artifact set：
 

package/docs/production-readiness.md

@@ -1,11 +1,11 @@
 # Production Readiness
 
-Status: P3-11 current-head alpha release candidate evidence uses non-package evidence storage; human gate required
+Status: 0.1.0-alpha.1 corrective alpha candidate; human publish gate required
 Last updated: 2026-06-23
 
-This project is still **pre-alpha / developer preview**. P2-11 through P2-13 established release-candidate artifact verification, remote evidence closure, and alpha publish-readiness docs without publishing npm. P3-1 froze daemon-ready execution-kernel contracts for embedders in [docs/daemon-ready-contract.md](./daemon-ready-contract.md); P3-2 added an executable daemon embedding stability gate for the installed-package fake-CLI path; P3-3 added an installed-package long-lived runtime resource safety gate; P3-4 aligned CI and release-candidate artifacts so those gates are represented in remote release artifacts; P3-5 verified its workflow head SHA through a successful remote release-candidate workflow and downloaded artifact re-verification; P3-6 added a redacted opt-in real smoke evidence format for Codex, Claude Code, and OpenCode while keeping default release gates on detection/profile certification only; P3-7 freezes the API / CLI schema inventory and versioning policy in [docs/api-schema-contract.md](./api-schema-contract.md); P3-8 refreshed remote release-candidate evidence for target SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`; P3-9 locked evidence-target release-candidate evidence for target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`.
+This project is still **pre-alpha / developer preview**. P2-11 through P2-13 established release-candidate artifact verification, remote evidence closure, and alpha publish-readiness docs. Version `0.1.0-alpha.0` has since been published to npm and GitHub pre-release `v0.1.0-alpha.0`, but that immutable tarball contains stale pre-publish status text; `0.1.0-alpha.1` is the corrective alpha candidate. P3-1 froze daemon-ready execution-kernel contracts for embedders in [docs/daemon-ready-contract.md](./daemon-ready-contract.md); P3-2 added an executable daemon embedding stability gate for the installed-package fake-CLI path; P3-3 added an installed-package long-lived runtime resource safety gate; P3-4 aligned CI and release-candidate artifacts so those gates are represented in remote release artifacts; P3-5 verified its workflow head SHA through a successful remote release-candidate workflow and downloaded artifact re-verification; P3-6 added a redacted opt-in real smoke evidence format for Codex, Claude Code, and OpenCode while keeping default release gates on detection/profile certification only; P3-7 freezes the API / CLI schema inventory and versioning policy in [docs/api-schema-contract.md](./api-schema-contract.md); P3-8 refreshed remote release-candidate evidence for target SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`; P3-9 locked evidence-target release-candidate evidence for target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`.
 
-P3-11 keeps volatile current-head release-candidate evidence out of the npm package. Fresh run ids, artifact ids, artifact digests, tarball shasums, and pack shasums belong under `.release-evidence/`, while packaged docs keep stable release rules and the human-gated publish packet that stops at `npm publish --dry-run --ignore-scripts --tag alpha`. It still does not publish npm, configure trusted publishing, claim provenance, or add daemon/API server/database/WAL/remote-worker/UI/telemetry/artifact layers.
+P3-11 keeps volatile current-head release-candidate evidence out of the npm package. Fresh run ids, artifact ids, artifact digests, tarball shasums, and pack shasums belong under `.release-evidence/` or durable GitHub Release assets, while packaged docs keep stable release rules and the human-gated publish packet. The corrective alpha path still does not configure trusted publishing, claim provenance, or add daemon/API server/database/WAL/remote-worker/UI/telemetry/artifact layers.
 
 ## Local-First Production Definition
 

package/docs/release-checklist.md

@@ -1,5 +1,16 @@
 # Release Checklist (pre-alpha / developer preview)
 
+## 0.1.0-alpha.1 corrective alpha package
+
+- [ ] Confirm `package.json` and `package-lock.json` version are `0.1.0-alpha.1`.
+- [ ] Confirm packaged README/docs no longer describe the current package as unpublished or forbid the already-created GitHub pre-release.
+- [ ] Confirm `0.1.0-alpha.0` is treated as immutable historical npm/GitHub Release evidence, not overwritten.
+- [ ] Trigger a fresh Release Candidate workflow for the corrective commit and verify its `headSha` equals that commit.
+- [ ] Download all five release-candidate artifacts and run `npm run release:verify -- --dir <normalized-artifact-dir>`.
+- [ ] Run local gates: `npm run typecheck`, `npm run lint`, `npm test`, `npm run package:check`, and `npm publish --dry-run --ignore-scripts --tag alpha`.
+- [ ] Publish `agent-cli-runtime@0.1.0-alpha.1` only after explicit maintainer authorization and interactive npm authentication.
+- [ ] Create GitHub pre-release `v0.1.0-alpha.1` and attach durable release evidence assets.
+
 ## P3-11 current-head release candidate evidence boundary
 
 - [x] Current-head release evidence uses `.release-evidence/` as the non-package local evidence landing zone.

package/docs/release-publish-runbook.md

@@ -1,9 +1,9 @@
 # Alpha Publish Readiness Runbook
 
-Status: P3-11 current-head release candidate evidence uses non-package evidence storage; human publish gate required
+Status: 0.1.0-alpha.1 corrective alpha publish runbook; human publish gate required
 Last updated: 2026-06-23
 
-This runbook is a decision and execution checklist for a future `agent-cli-runtime@0.1.0-alpha.0` npm alpha publish. P3-11 does not publish npm, does not create or commit npm credentials, and does not configure trusted publishing. Current-head release-candidate run ids, artifact digests, and tarball shasums are recorded outside the npm package under `.release-evidence/`; package docs keep only stable process rules and the human-gated alpha publish boundary.
+This runbook is a decision and execution checklist for `agent-cli-runtime@0.1.0-alpha.1`, the corrective alpha for the stale pre-publish status text shipped in immutable npm version `0.1.0-alpha.0`. It does not create or commit npm credentials and does not configure trusted publishing. Current-head release-candidate run ids, artifact digests, and tarball shasums are recorded outside the npm package under `.release-evidence/` or attached as GitHub Release assets; package docs keep only stable process rules and the human-gated alpha publish boundary.
 
 ## Decision
 
@@ -12,20 +12,18 @@ Recommended state for the next human gate:
 - Package metadata is ready for an alpha package page: `name`, `version`, `description`, `license`, `type`, `bin`, `main`, `types`, `exports`, `files`, `engines`, `repository`, `homepage`, `bugs`, `keywords`, and `publishConfig.tag` are present and intentional.
 - The package root value API remains `createAgentRuntime` only; public TypeScript types are exposed through the root declarations, not as runtime values.
 - The release-candidate workflow remains artifact-only: it creates and verifies the tarball but does not publish and does not require registry credentials.
-- The future publish must use the `alpha` dist-tag. Do not publish this pre-alpha version as `latest`.
-- Current publishable package candidate: `agent-cli-runtime@0.1.0-alpha.0`.
+- The corrective publish must use the `alpha` dist-tag. If npm keeps `latest` on the only available pre-release, record that post-publish state rather than pretending it was removed.
+- Current publishable package candidate: `agent-cli-runtime@0.1.0-alpha.1`.
 - Current-head evidence rule: trigger a fresh release-candidate workflow for the commit being considered, download all five artifacts, run `npm run release:verify -- --dir <normalized-artifact-dir>`, and record the volatile run evidence under `.release-evidence/`.
 - Because this runbook and release report are included in the npm package, do not write current run ids, artifact digests, tarball shasums, or pack shasums into package docs.
 - Before any real publish, confirm the fresh release-candidate workflow head SHA matches the commit being published.
 - Historical P3-9 run `27943672095` only proves target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`.
 - Do not reuse historical workflow runs as publish evidence for a later commit.
 
-## Non-Goals
+## Boundaries
 
-- Do not run a real `npm publish` during P3-11.
 - Do not add npm tokens, GitHub tokens, registry credential environment variables, or private auth files.
 - Do not configure real npm trusted publishing during P2-13.
-- Do not publish a GitHub release.
 - Do not add daemon, database, WAL, remote worker, web UI, telemetry, scheduler expansion, or package-root value exports.
 
 ## Pre-Publish Checks
@@ -57,8 +55,8 @@ git rev-parse --abbrev-ref HEAD
 git rev-parse HEAD
 git rev-parse origin/main
 gh workflow run release-candidate.yml --ref main
-gh run view <post-documentation-run-id> --json headSha,status,conclusion,url,jobs
-npm view agent-cli-runtime@0.1.0-alpha.0 version --json
+gh run view <current-release-candidate-run-id> --json headSha,status,conclusion,url,jobs
+npm view agent-cli-runtime@0.1.0-alpha.1 version --json
 npm dist-tag ls agent-cli-runtime
 ```
 
@@ -70,7 +68,7 @@ npm publish --dry-run --ignore-scripts --tag alpha
 
 The command must report a dry run and must show `tag alpha`. If it reports `latest`, stop and fix the command or metadata before publishing.
 
-P3-11 stop point: stop after `npm publish --dry-run --ignore-scripts --tag alpha`. A true publish requires a separate later user authorization and fresh current-head release-candidate evidence.
+Dry-run stop point: stop after `npm publish --dry-run --ignore-scripts --tag alpha` until a maintainer separately authorizes the true publish and fresh current-head release-candidate evidence has passed.
 
 ## Human Confirmation Points
 
@@ -82,13 +80,13 @@ Before a real publish, a maintainer must confirm:
 - `.reference/`, `tests/`, fixtures, raw real CLI output, private paths, token-looking values, and repair backups are absent from the packed files.
 - `dist/index.js` runtime value exports remain limited to `createAgentRuntime`.
 - `dist/index.d.ts` exposes public types without re-exporting storage/parser/store internals as the package-root contract.
-- The alpha tag is intentional and `latest` must not move.
+- The alpha tag is intentional. If this is still the only package version and npm also points `latest` at it, document that exact post-publish state.
 - The npm account/package publishing policy is understood: 2FA or an approved token path is required by npm package settings.
 - The publisher accepts the provenance choice below and has the right npm package permissions.
 
 ## Real Publish Commands
 
-These commands are documentation only in P2-13. Do not run them until the human publish gate is explicitly approved.
+Do not run these commands until the human publish gate is explicitly approved.
 
 Manual local publish with interactive npm authentication:
 
@@ -109,19 +107,19 @@ If npm asks for a second factor, complete the interactive 2FA prompt or use the
 Immediately after any real publish:
 
 ```bash
-npm view agent-cli-runtime@0.1.0-alpha.0 version dist-tags --json
+npm view agent-cli-runtime@0.1.0-alpha.1 version dist-tags --json
 npm dist-tag ls agent-cli-runtime
 ```
 
 Expected result:
 
-- `alpha` points to `0.1.0-alpha.0`.
-- `latest` is absent or still points to a stable version, not this pre-alpha version.
+- `alpha` points to `0.1.0-alpha.1`.
+- `latest` is absent, points to a stable version, or is explicitly documented as pointing to the only published pre-alpha version if npm does not allow removing it.
 
 If the wrong tag is attached but the package version itself is acceptable, fix the tag rather than republishing the same version:
 
 ```bash
-npm dist-tag add agent-cli-runtime@0.1.0-alpha.0 alpha
+npm dist-tag add agent-cli-runtime@0.1.0-alpha.1 alpha
 npm dist-tag rm agent-cli-runtime latest
 npm dist-tag ls agent-cli-runtime
 ```
@@ -170,7 +168,7 @@ If real publish fails before package creation:
 
 - Capture the redacted error class only.
 - Do not commit npm debug logs if they contain local paths, auth state, or registry session details.
-- Re-run `npm view agent-cli-runtime@0.1.0-alpha.0 version --json` before retrying to confirm the version was not created.
+- Re-run `npm view agent-cli-runtime@0.1.0-alpha.1 version --json` before retrying to confirm the version was not created.
 
 If real publish succeeds but post-publish checks fail:
 
@@ -180,13 +178,13 @@ If real publish succeeds but post-publish checks fail:
 - If the package is unsafe and still eligible under npm policy, consider unpublish only as an emergency path:
 
 ```bash
-npm unpublish agent-cli-runtime@0.1.0-alpha.0
+npm unpublish agent-cli-runtime@0.1.0-alpha.1
 ```
 
 Unpublish has strict policy limits and cannot make the same `name@version` reusable. If unpublish is not allowed or would break consumers, prefer deprecation:
 
 ```bash
-npm deprecate agent-cli-runtime@0.1.0-alpha.0 "Do not use this alpha; upgrade to a later pre-release."
+npm deprecate agent-cli-runtime@0.1.0-alpha.1 "Do not use this alpha; upgrade to a later pre-release."
 ```
 
 ## Rollback Boundary
@@ -198,4 +196,4 @@ Rollback means one of these actions:
 - Unpublish only when npm policy allows it and a maintainer accepts the registry impact.
 - Publish a new corrected pre-release version.
 
-Rollback does not mean overwriting `agent-cli-runtime@0.1.0-alpha.0`; npm does not permit replacing an already published package version.
+Rollback does not mean overwriting `agent-cli-runtime@0.1.0-alpha.1`; npm does not permit replacing an already published package version.

package/docs/release-report.md

@@ -1,17 +1,17 @@
-# Release Report: 0.1.0-alpha.0 alpha release candidate evidence packet
+# Release Report: 0.1.0-alpha.1 corrective alpha candidate
 
-Status: P3-11 Current-Head Release Candidate Evidence Boundary & Human-Gated Publish Packet
+Status: Post-publish documentation repair candidate with non-package release evidence
 Last updated: 2026-06-23
 
-This report records release-candidate, alpha publish-readiness, daemon-ready contract hardening, P3-6 real CLI opt-in smoke evidence, P3-7 API / CLI schema freeze evidence, and the P3-11 non-package evidence boundary for `agent-cli-runtime@0.1.0-alpha.0`. It is a pre-alpha developer-preview audit and decision package, not an npm publication record.
+This report records release-candidate, alpha publish-readiness, daemon-ready contract hardening, P3-6 real CLI opt-in smoke evidence, P3-7 API / CLI schema freeze evidence, the P3-11 non-package evidence boundary, and the corrective alpha path for `agent-cli-runtime@0.1.0-alpha.1`. Immutable npm version `0.1.0-alpha.0` was published and has GitHub pre-release `v0.1.0-alpha.0`, but its package docs contain stale pre-publish status text; `0.1.0-alpha.1` is the repair release candidate.
 
 ## Verdict
 
 P3-7 freezes the public root boundary, daemon-facing CLI JSON schema inventory, version bump policy, and failure taxonomy in [docs/api-schema-contract.md](./api-schema-contract.md), with drift tests tying the docs to source-level schema/failure vocabularies.
 
-P3-11 moves current-head release-candidate run evidence out of packaged docs: volatile run ids, artifact ids, artifact digests, tarball shasums, and pack shasums belong under `.release-evidence/`. Packaged docs keep stable rules only: trigger a fresh release-candidate workflow for the commit being considered, download all five artifacts, run `npm run release:verify -- --dir <normalized-artifact-dir>`, verify the workflow head SHA equals that commit, and stop publish work at `npm publish --dry-run --ignore-scripts --tag alpha` unless a maintainer later gives separate real-publish authorization.
+P3-11 moves current-head release-candidate run evidence out of packaged docs: volatile run ids, artifact ids, artifact digests, tarball shasums, and pack shasums belong under `.release-evidence/` or durable GitHub Release assets. Packaged docs keep stable rules only: trigger a fresh release-candidate workflow for the commit being considered, download all five artifacts, run `npm run release:verify -- --dir <normalized-artifact-dir>`, verify the workflow head SHA equals that commit, and run `npm publish --dry-run --ignore-scripts --tag alpha` before any separately authorized real publish.
 
-It preserves the release boundary: no npm publish, no trusted publishing setup, no npm token, no daemon/API server, no database/WAL, no remote worker, no UI/telemetry layer, and no authenticated real agent run in default gates. Historical P3-9 run `27943672095` only proves target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`; Historical P3-9 interim run `27942743285` only proves target SHA `a0299a7d81bb614661922bebc8c75496cf0a3d11` before the strict `fixtures?` package-boundary lock; historical P3-8 run `27940814340` only proves target SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`; historical P3-5 run `27932628093` only proves workflow head SHA `8d7bc2a19c626caa1ad5223acbcd35df34aff18e`; historical P2-12 run `27869580048` only proves commit `2f8832119b4ebdb8393077052560589a398ebf56`. The package is not published to npm, does not claim a stable API, and does not claim OpenDesign daemon parity.
+It preserves the product boundary: no trusted publishing setup, no committed npm token, no daemon/API server, no database/WAL, no remote worker, no UI/telemetry layer, and no authenticated real agent run in default gates. Historical P3-9 run `27943672095` only proves target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`; Historical P3-9 interim run `27942743285` only proves target SHA `a0299a7d81bb614661922bebc8c75496cf0a3d11` before the strict `fixtures?` package-boundary lock; historical P3-8 run `27940814340` only proves target SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`; historical P3-5 run `27932628093` only proves workflow head SHA `8d7bc2a19c626caa1ad5223acbcd35df34aff18e`; historical P2-12 run `27869580048` only proves commit `2f8832119b4ebdb8393077052560589a398ebf56`. The package remains a pre-alpha developer preview, does not claim a stable API, and does not claim OpenDesign daemon parity.
 
 ## P3-11 Current-Head Evidence Boundary
 
@@ -118,17 +118,17 @@ Downloaded artifact re-verification result:
 - gate evidence flags: `noAuthenticatedRealRun: true`, `noNpmPublish: true`, `noNpmToken: true`
 - package file review: 151 entries and no `.reference/`, `tests/`, fixture paths, raw real CLI output, private paths, token-looking values, Bearer values, or auth env assignments.
 
-## P3-10 Human-Gated Alpha Publish Packet
+## 0.1.0-alpha.1 Corrective Alpha Publish Packet
 
-Current package candidate: `agent-cli-runtime@0.1.0-alpha.0`.
+Current package candidate: `agent-cli-runtime@0.1.0-alpha.1`.
 
-Stop point for this task:
+Dry-run checkpoint before a separately authorized publish:
 
 ```bash
 npm publish --dry-run --ignore-scripts --tag alpha
 ```
 
-P3-10 stops at the dry-run command above. The real publish commands below are documentation only and must not be executed unless the user later gives a separate explicit publish authorization:
+The real publish commands below must not be executed unless the user gives explicit publish authorization for this immutable version:
 
 ```bash
 npm publish --tag alpha
@@ -138,12 +138,12 @@ npm publish --tag alpha --access public
 Before any future real publish, a maintainer must manually confirm:
 
 - `git rev-parse HEAD` and `git rev-parse origin/main` still match the intended reviewed SHA.
-- After committing this P3-10 evidence packet, trigger a fresh `.github/workflows/release-candidate.yml` run for the new commit and verify that `gh run view <new-run-id> --json headSha,status,conclusion,url,jobs` shows that post-documentation commit SHA and success.
-- Do not use run `27945938663` as the final publish evidence after the P3-10 docs/tests are committed; it proves only pre-documentation SHA `fdba3ebccb2e57a0ad295101028a2a3937a92204`.
+- After committing this corrective package-doc update, trigger a fresh `.github/workflows/release-candidate.yml` run for the new commit and verify that `gh run view <new-run-id> --json headSha,status,conclusion,url,jobs` shows that exact commit SHA and success.
+- Do not use run `27945938663` or run `27998762396` as final publish evidence for a later corrective commit; each run proves only its own workflow `headSha`.
 - `npm run typecheck`, `npm run lint`, `npm test`, `npm run build`, `npm run package:check`, `npm run dogfood`, `npm run daemon:verify`, `npm run runtime:safety`, `npm run release:candidate -- --out-dir <tmp>`, `npm run release:verify -- --dir <tmp>`, `npm audit --omit=dev`, `npm pack --dry-run --json --ignore-scripts`, `npm publish --dry-run --ignore-scripts --tag alpha`, `node ./dist/cli/main.js agents --json`, `node ./dist/cli/main.js doctor --json`, and `git diff --check` pass.
 - `npm publish --dry-run --ignore-scripts --tag alpha` reports dry-run mode and `tag alpha`; if it reports `latest`, stop.
-- `npm view agent-cli-runtime@0.1.0-alpha.0 version --json` does not show an already-created immutable version.
-- `npm dist-tag ls agent-cli-runtime` confirms `latest` will not move to this pre-alpha version.
+- `npm view agent-cli-runtime@0.1.0-alpha.1 version --json` does not show an already-created immutable version before publish.
+- `npm dist-tag ls agent-cli-runtime` is captured after publish; if npm keeps `latest` on the only published pre-alpha version, record the exact tag state.
 - npm 2FA or the package's configured publish policy is ready for the maintainer account.
 - Trusted publishing is not configured for P3-10. A future trusted-publishing path would need a separate publish workflow, npm-side trusted publisher configuration, and explicit `id-token: write`; none of that is present in this release-candidate workflow.
 - Manual local publish must not claim GitHub Actions provenance. Provenance is a future trusted-publishing concern, not a P3-10 dry-run claim.
@@ -151,15 +151,15 @@ Before any future real publish, a maintainer must manually confirm:
 Post-publish checks for a separately authorized future publish:
 
 ```bash
-npm view agent-cli-runtime@0.1.0-alpha.0 version dist-tags --json
+npm view agent-cli-runtime@0.1.0-alpha.1 version dist-tags --json
 npm dist-tag ls agent-cli-runtime
 ```
 
 Rollback boundary:
 
-- If only the dist-tag is wrong, use `npm dist-tag add agent-cli-runtime@0.1.0-alpha.0 alpha` and, only after confirming it points at the accidental alpha, `npm dist-tag rm agent-cli-runtime latest`.
-- If package contents are wrong, publish a new corrected pre-release version; npm does not allow overwriting `agent-cli-runtime@0.1.0-alpha.0`.
-- Use `npm unpublish agent-cli-runtime@0.1.0-alpha.0` only if npm policy allows it and a maintainer accepts the registry impact; otherwise deprecate the bad version.
+- If only the dist-tag is wrong, use `npm dist-tag add agent-cli-runtime@0.1.0-alpha.1 alpha` and, only after confirming it points at an unintended pre-alpha, `npm dist-tag rm agent-cli-runtime latest`.
+- If package contents are wrong, publish a new corrected pre-release version; npm does not allow overwriting `agent-cli-runtime@0.1.0-alpha.1`.
+- Use `npm unpublish agent-cli-runtime@0.1.0-alpha.1` only if npm policy allows it and a maintainer accepts the registry impact; otherwise deprecate the bad version.
 
 ## P3-7 API / CLI Schema Freeze
 

package/docs/ssot.md

@@ -1,6 +1,6 @@
 # 本地 Coding Agent CLI Runtime SSOT
 
-状态：P3-11 Current-Head Release Evidence Boundary & Human-Gated Publish Packet
+状态：0.1.0-alpha.1 corrective alpha candidate，current-head release evidence 保持包外记录
 负责人：local project
 最后更新：2026-06-23
 主要语言：中文；API 名、CLI 名、模型名、协议名、错误码、代码标识符等技术关键词保留英文。
@@ -23,11 +23,13 @@ Runtime 不重新实现 agent loop。模型调用、规划、工具执行、权
 
 从 OpenDesign 抽取的是 adapter/runtime 边界，而不是整套 OpenDesign daemon、design workspace、plugin system、media pipeline、web UI、artifact model 或 skill marketplace。
 
-当前 P3-11 在 P3-2/P3-3 daemon-ready installed-package gates、P3-4/P3-5 CI / release-candidate artifact evidence、P3-6 real smoke evidence format、P3-7 API / CLI schema freeze、P3-8 target-SHA remote evidence、P3-9 final alpha dry-run evidence、P3-10 pre-documentation release evidence 之上。
+当前 `0.1.0-alpha.1` corrective alpha candidate 在 P3-2/P3-3 daemon-ready installed-package gates、P3-4/P3-5 CI / release-candidate artifact evidence、P3-6 real smoke evidence format、P3-7 API / CLI schema freeze、P3-8 target-SHA remote evidence、P3-9 final alpha dry-run evidence、P3-10 pre-documentation release evidence 之上。
 
-P3-11 的核心边界是把 current-head release-candidate 的易漂移证据移出 npm package：当前 run id、artifact id、artifact digest、tarball shasum、npm pack shasum、下载归一化路径和本地命令摘录写入 `.release-evidence/`，包内 README/docs 只保留稳定发布规则、artifact 名称、验证命令、dry-run 边界、人工发布门禁和历史证据的 historical-only 说明。`package:check` 与 `release:verify` 均拒绝 `.release-evidence/` 出现在 npm pack metadata 中。fresh release-candidate workflow 只证明它自己的 `headSha`；`npm publish --dry-run --ignore-scripts --tag alpha` 只是 dry-run，不是真实发布。
+P3-11 current-head evidence boundary 继续约束 corrective alpha candidate：易漂移发布证据必须留在包外，并且每个 workflow run 只证明自己的 `headSha`。
 
-P3-10 记录提交证据文档前的 release-candidate 证据和人工门禁 alpha publish packet：上层 daemon 或 product shell 可以嵌入 runtime 来管理 run/goal lifecycle、event replay、cancel/timeout/shutdown、diagnostics、store health/repair、conformance 和 release-artifact verification；仓库用 `npm run daemon:verify` 证明基础嵌入路径可跑，并用 `npm run runtime:safety` 证明单 runtime 长期重复 run/goal、慢事件消费、取消/timeout churn、重复 shutdown、lease close 和 reopen 路径稳定。CI 单 Node release-gates job 执行这两个 gate 和 dogfood；release-candidate artifact 通过 `gate-evidence.json` 和 `release-verification.json` 证明 gate 未漂移；P3-10 远端 run `27945938663` 已在提交证据文档前的 SHA `fdba3ebccb2e57a0ad295101028a2a3937a92204` 上传五个 artifacts：`agent-cli-runtime-tarball`、`agent-cli-runtime-pack-metadata`、`agent-cli-runtime-package-files`、`agent-cli-runtime-gate-evidence`、`agent-cli-runtime-release-verification`，并通过下载归一化后的 `npm run release:verify -- --dir /tmp/agent-runtime-p3-10-current-head-remote-66VIhN/normalized`，schema 为 `agent-cli-runtime.releaseVerification.v1`、ok: true、diagnostics empty。由于 release docs 会进入 npm package，提交本证据 packet 会改变 package shasum；run `27945938663` 不能作为提交这些文档后的最终发布证据。人工发布 packet 的 stop point 是 `npm publish --dry-run --ignore-scripts --tag alpha`；npm publish 尚未发生，且 alpha publish 仍需用户后续单独明确授权和提交后 fresh release-candidate run。P3-7 的 schema inventory、version bump policy、public root boundary 和 failure taxonomy 入口是 [docs/api-schema-contract.md](./api-schema-contract.md)。历史 P3-9 run `27943672095` 只证明目标 SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`；历史 P3-9 interim run `27942743285` 只证明 strict `fixtures?` package-boundary lock 之前的目标 SHA `a0299a7d81bb614661922bebc8c75496cf0a3d11`；历史 P3-8 run `27940814340` 只证明目标 SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`；历史 P3-5 run `27932628093` 只证明 workflow head SHA `8d7bc2a19c626caa1ad5223acbcd35df34aff18e`。HTTP/API、auth、tenant/team、queue admission、remote worker、UI/artifact、telemetry、database/WAL 仍由上层负责。具体嵌入契约见 [docs/daemon-ready-contract.md](./daemon-ready-contract.md)。
+P3-11 的核心边界是把 current-head release-candidate 的易漂移证据移出 npm package：当前 run id、artifact id、artifact digest、tarball shasum、npm pack shasum、下载归一化路径和本地命令摘录写入 `.release-evidence/` 或作为 GitHub Release assets 长期保留，包内 README/docs 只保留稳定发布规则、artifact 名称、验证命令、dry-run 边界、人工发布门禁和历史证据的 historical-only 说明。`package:check` 与 `release:verify` 均拒绝 `.release-evidence/` 出现在 npm pack metadata 中。fresh release-candidate workflow 只证明它自己的 `headSha`；`npm publish --dry-run --ignore-scripts --tag alpha` 只是 dry-run，不是真实发布。
+
+`0.1.0-alpha.0` 已发布到 npm，并创建了 GitHub pre-release `v0.1.0-alpha.0`；该不可变 tarball 内含过期的发布前状态说明，所以 `0.1.0-alpha.1` 是修复该状态说明的 corrective alpha candidate。`0.1.0-alpha.1` 发布前必须触发 fresh release-candidate workflow，下载五个 artifacts，执行 `npm run release:verify -- --dir <normalized-artifact-dir>` 并确认 workflow `headSha` 等于待发布 commit。P3-10/P3-11 及更早 workflow run 只证明各自的历史 `headSha`，不得作为 corrective commit 的发布证据。P3-7 的 schema inventory、version bump policy、public root boundary 和 failure taxonomy 入口是 [docs/api-schema-contract.md](./api-schema-contract.md)。HTTP/API、auth、tenant/team、queue admission、remote worker、UI/artifact、telemetry、database/WAL 仍由上层负责。具体嵌入契约见 [docs/daemon-ready-contract.md](./daemon-ready-contract.md)。
 
 ## 2. OpenDesign 参考基线
 
@@ -1123,7 +1125,7 @@ agent-runtime smoke --mode real --agent codex --allow-real-run --expect-text <sa
 ### P2-13：Alpha Publish Readiness Decision
 
 - P2-13 不新增 runtime API；目标是把 alpha 发布前的 package metadata、npm dry-run、2FA/token/provenance/trusted-publishing 策略、dist-tag、rollback 和 runbook 做成可审查的决策包。
-- 本阶段不执行真实 `npm publish`，不创建 npm token，不配置 npm trusted publishing，不发布 GitHub release，不执行 authenticated real agent run。
+- P2-13 当时只做 publish readiness decision，没有执行真实 `npm publish`、没有创建 npm token、没有配置 npm trusted publishing、没有创建 GitHub release，也没有执行 authenticated real agent run。
 - `package.json` 发布 metadata 补齐到 npm 用户可用的最小完整集合：`repository`、`homepage`、`bugs` 与既有 `name`、`version`、`description`、`license`、`type`、`bin`、`main`、`types`、`exports`、`files`、`engines`、`keywords`、`publishConfig.tag: "alpha"` 一起接受 contract test 覆盖。
 - Package root value export 继续只承诺 `createAgentRuntime`；public types 仍通过 package root declarations 暴露，不扩大 runtime value API。
 - 新增 `docs/release-publish-runbook.md`，记录 `npm publish --dry-run --ignore-scripts --tag alpha`、未来真人确认后的 `npm publish --tag alpha`、2FA、trusted publishing/provenance、token 策略、dist-tag 检查、rollback/deprecation/unpublish 边界，以及版本不可覆盖规则。

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-cli-runtime",
-  "version": "0.1.0-alpha.0",
+  "version": "0.1.0-alpha.1",
   "description": "Local-first TypeScript runtime for scheduling Codex CLI, Claude Code, OpenCode, and compatible coding-agent CLIs.",
   "type": "module",
   "license": "Apache-2.0",