agent-cli-runtime 0.1.0-alpha.1 → 0.1.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -0
- package/README.md +44 -9
- package/README.zh-CN.md +44 -9
- package/dist/core/schema-contract.d.ts +10 -0
- package/dist/core/schema-contract.js +36 -0
- package/dist/core/schema-contract.js.map +1 -1
- package/docs/api-schema-contract.md +14 -3
- package/docs/compatibility.md +82 -30
- package/docs/daemon-ready-contract.md +51 -0
- package/docs/production-readiness.md +44 -15
- package/docs/release-checklist.md +115 -266
- package/docs/release-publish-runbook.md +35 -19
- package/docs/release-report.md +73 -470
- package/docs/ssot.md +47 -31
- package/package.json +10 -2
package/docs/ssot.md
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
# 本地 Coding Agent CLI Runtime SSOT
|
|
2
2
|
|
|
3
|
-
状态:0.1.0-alpha.1
|
|
3
|
+
状态:0.1.0-alpha.1 已发布;0.1.0-alpha.2 为 publish-ready release candidate;P7-3 dry-run publish evidence 保持包外记录
|
|
4
4
|
负责人:local project
|
|
5
|
-
最后更新:2026-06-
|
|
5
|
+
最后更新:2026-06-25
|
|
6
6
|
主要语言:中文;API 名、CLI 名、模型名、协议名、错误码、代码标识符等技术关键词保留英文。
|
|
7
7
|
|
|
8
8
|
本页同时记录了当前边界与历史里程碑;凡未以“当前”或“P3-1”明确标注者,均作为历史证据归档,不代表当前承诺 API。
|
|
@@ -23,13 +23,29 @@ Runtime 不重新实现 agent loop。模型调用、规划、工具执行、权
|
|
|
23
23
|
|
|
24
24
|
从 OpenDesign 抽取的是 adapter/runtime 边界,而不是整套 OpenDesign daemon、design workspace、plugin system、media pipeline、web UI、artifact model 或 skill marketplace。
|
|
25
25
|
|
|
26
|
-
|
|
26
|
+
当前已发布 npm 版本是 `0.1.0-alpha.1`。当前仓库版本 `0.1.0-alpha.2` 是 alpha.2 publish-ready release candidate:fresh main release-candidate evidence 与 `npm publish --dry-run --ignore-scripts --tag alpha` 均作为包外证据记录。真实 npm publish 和 GitHub Release 创建必须由 maintainer 另行明确授权。
|
|
27
27
|
|
|
28
|
-
P3-11 current-head evidence boundary 继续约束
|
|
28
|
+
P3-11 current-head evidence boundary 继续约束 release-candidate 与 post-alpha evidence:易漂移发布证据必须留在包外,并且每个 workflow run 只证明自己的 `headSha`。Published verification 和 release-candidate run id、artifact metadata、target SHA、下载复验命令和 registry 摘要记录在 `.release-evidence/`,不写入 npm package。
|
|
29
29
|
|
|
30
|
-
|
|
30
|
+
Current-head release-candidate 的易漂移证据必须移出 npm package:当前 run id、artifact metadata、tarball hash、pack hash、下载归一化路径和本地命令摘录写入 `.release-evidence/` 或作为 GitHub Release assets 长期保留,包内 README/docs 只保留稳定发布规则、artifact 名称、验证命令、dry-run 边界、人工发布门禁和历史证据的 historical-only 说明。`package:check` 与 `release:verify` 均拒绝 `.release-evidence/` 出现在 npm pack metadata 中。fresh release-candidate workflow 只证明它自己的 `headSha`;`npm publish --dry-run --ignore-scripts --tag alpha` 只是 dry-run,不是真实发布。
|
|
31
31
|
|
|
32
|
-
`0.1.0-alpha.0` 已发布到 npm,并创建了 GitHub pre-release `v0.1.0-alpha.0`;该不可变 tarball 内含过期的发布前状态说明,所以 `0.1.0-alpha.
|
|
32
|
+
`0.1.0-alpha.1` 已发布到 npm,并创建了 GitHub pre-release `v0.1.0-alpha.1`。`0.1.0-alpha.0` 已发布到 npm,并创建了 GitHub pre-release `v0.1.0-alpha.0`;该不可变 tarball 内含过期的发布前状态说明,所以 `0.1.0-alpha.0` 已 deprecate。当前 npm dist-tags 为 `alpha -> 0.1.0-alpha.1` 和 `latest -> 0.1.0-alpha.1`;由于当前只有 pre-alpha 版本,这被记录为 registry 现实状态,不当作发布失败。P4-1 post-alpha normalization 的规则是:registry 和 GitHub Release asset 分别证明各自 raw gzip artifact;两者 gzip hash 可以不同,但解包后的 `package/` 文件列表和内容必须一致,否则停止并报告 blocker。验证入口是 `npm run release:post-alpha:verify`、`npm run smoke:published` 和 `npm run release:verify -- --dir <downloaded-github-release-assets-dir>`。历史 workflow run 只证明各自的 `headSha`,不得作为后续 commit 的发布证据。P3-7 的 schema inventory、version bump policy、public root boundary 和 failure taxonomy 入口是 [docs/api-schema-contract.md](./api-schema-contract.md)。HTTP/API、auth、tenant/team、queue admission、remote worker、UI/artifact、telemetry、database/WAL 仍由上层负责。具体嵌入契约见 [docs/daemon-ready-contract.md](./daemon-ready-contract.md)。
|
|
33
|
+
|
|
34
|
+
P5-1 的 published-package daemon consumer harness 使用 `npm run published:daemon:verify`。该 gate 从 npm registry 安装 `agent-cli-runtime@0.1.0-alpha.1` 到临时 consumer project,不依赖本仓库源码 import、不使用本地 `dist/` 或 freshly packed tarball。consumer 进程只从 package root import `createAgentRuntime`,使用 fake Codex/Claude/OpenCode binaries 和独立临时 `storageDir`,覆盖 detect、run success、goal success、cancel、timeout、run/goal replay、writer active 时 read-only inspection、second-writer refusal、shutdown/reopen 和 stale owner recovery。输出 schema 固定为 `agent-runtime.publishedDaemonConsumer.v1`,必须包含 `packageSource: "npm-registry"`、`version`、`checks`、`diagnostics` 和 `noAuthenticatedRealRun`,且不得泄露 temp path、真实用户路径、token、raw secret 或完整 prompt。P5-1 不发布新 npm 版本、不引入 daemon server/HTTP/RPC/database/WAL/remote worker/queue service/UI/telemetry、不扩大 package root value exports,`createAgentRuntime` 仍是唯一 package-root value export。
|
|
35
|
+
|
|
36
|
+
P5-2 的 published-package built-in adapter compatibility gate 使用 `npm run published:adapters:verify`。该 gate 同样从 npm registry 安装当前 `package.json` version 的 `agent-cli-runtime`,不依赖本地 checkout、本地 `dist/` 或 freshly packed tarball;在临时 consumer project 中创建 fake `codex`、`claude`、`opencode-cli`/`opencode` binaries,通过已发布包的内置 adapter 验证 detection、`buildArgs` invocation shape、stdin prompt transport、parser noise tolerance、`agent-runtime conformance --mode fake --json` schema、redaction,以及单 adapter run 失败不影响其他 adapter summary。输出 schema 固定为 `agent-runtime.publishedAdapters.v1`,必须包含 `packageSource: "npm-registry"`、`agents`、`checks`、`diagnostics` 和 `noAuthenticatedRealRun`,且不得泄露 temp path、真实用户路径、完整 prompt、raw stdout/stderr、token-looking value、Bearer value 或 auth env assignment value。P5-2 是 fake-CLI built-in adapter contract evidence,不得表述为 authenticated real Codex/Claude/OpenCode compatibility success;它不发布新 npm 版本、不配置 trusted publishing/npm token/provenance、不引入 daemon/API server/database/WAL/remote worker/UI/telemetry、不扩大 package root value exports。
|
|
37
|
+
|
|
38
|
+
P5-3 的 published package remote verification evidence 使用 `npm run published:verify -- --out-dir published-verification` 和 manual workflow `.github/workflows/published-package-verification.yml`。聚合脚本依次运行 `smoke:published`、`published:daemon:verify`、`published:adapters:verify`、`release:post-alpha:verify`,并执行 `npm view agent-cli-runtime@<package.json version> version dist-tags dist --json`;输出 `published-verification/published-verification.json`,schema 固定为 `agent-cli-runtime.publishedVerification.v1`。summary 必须包含 `packageName`、`version`、`gitSha`、`checkedAt`、`packageSource: "npm-registry"`、`gates`、`registry`、`diagnostics`、`noAuthenticatedRealRun: true`、`noNpmPublish: true`、`noNpmToken: true`;每个 gate 只保存 command、ok、schemaVersion、durationMs、summary fields 和 redacted diagnostics,不保存 raw stdout/stderr、temp path、private path、完整 prompt、token、Bearer 或 auth env assignment。manual workflow 仅 `workflow_dispatch`,Node.js 22,执行 `npm ci`、`npm run published:verify -- --out-dir published-verification`、`npm run published:verify:evidence -- --dir published-verification`,上传 artifact `agent-cli-runtime-published-verification`,retention 14 days。P5-3 是 clean runner 上的 post-publish verification evidence,不发布 npm、不修改 dist-tags、不配置 npm token/trusted publishing/provenance、不执行 authenticated real agent runs、不新增 daemon/API server/database/WAL/remote worker/UI/telemetry。
|
|
39
|
+
|
|
40
|
+
P5-4 的 Remote Published Verification Evidence Closure 触发 fresh `.github/workflows/published-package-verification.yml` on `main`,确认 `gh run view <run-id> --json headSha,status,conclusion,url,jobs,createdAt,updatedAt` 的 `headSha` 等于当前 target SHA,然后下载 artifact `agent-cli-runtime-published-verification`,归一化为包含 `published-verification.json` 的目录,并运行 `npm run published:verify:evidence -- --dir <normalized-downloaded-artifact-dir>`。包外 evidence `.release-evidence/p5-4-published-verification.json` 只记录 redacted summary:stage、targetSha、runId、runUrl、status/conclusion、createdAt/updatedAt、artifact metadata、downloaded verification schema/ok、checked gates、registry version/dist-tags、本地复验命令占位符,以及 `noAuthenticatedRealRun/noNpmPublish/noNpmToken`。P5-4 run 只证明自己的 `headSha`,不得作为未来 commit、未来 publish、authenticated real run、daemon/control-plane 或 registry mutation evidence。
|
|
41
|
+
|
|
42
|
+
P6-1 的 Real CLI Compatibility Refresh 只审计本地真实 CLI 漂移和 `needsVerification` 边界,不扩大调度器、daemon、HTTP/RPC、database/WAL、remote worker、UI、telemetry 或 artifact model。新增 `npm run compat:real:evidence` 作为 repo-only evidence 生成入口,默认只执行 safe real preflight:`agents --json`、`doctor --json`、`conformance --mode real --agent all --json` 和各 adapter `smoke --mode real --json`。authenticated real smoke 必须显式传入 `--allow-real-run --agent <id> --expect-text <text>`;输出写入 `.release-evidence/p6-1-real-cli-compatibility.json`,只保存 redacted summary,不保存 raw stdout/stderr、完整 prompt、真实私有路径、token、Bearer 或 auth env assignment。P6-2 新增 `npm run compat:real:evidence:verify` 作为离线 evidence drift gate,输出 `agent-cli-runtime.realCompatibilityEvidenceVerification.v1`,默认只读取既有 evidence 文件,不启动 authenticated real agent run;它拒绝泄露、缺失 dirty-state evidence、把 `real_run_skipped` / `auth_missing` / `needs_verification` 伪装成 success、authenticated success 缺少 expected-text/cwd-mutation 证据、必需 `needsVerification` audit 缺失,以及 `.release-evidence/` repo-only 边界无效。P6-3 将该离线 verifier 接入 `prepublish:check` 和 `release:candidate` evidence:`gate-evidence.json` 新增 `compat:real:evidence:verify` gate,只保存 command、ok、verifier schema、被验证 evidence schema 和 diagnostic count/codes;不刷新真实 CLI 证据,不传 `--allow-real-run`,不让 `dogfood` 依赖 repo-only `.release-evidence/`。CI 不接入该 verifier,原因是 CI/dogfood 仍是 deterministic package / installed-consumer gate,而 compatibility verifier 的输入是 repo-only evidence。2026-06-23 本机证据显示 Codex `codex-cli 0.142.0` 和 OpenCode `1.15.6` 的 opt-in smoke 均为 `success`、expected text matched、cwd 未变更;Claude Code `2.1.178` 为 `auth_missing`,未尝试 authenticated run。Codex `session`/`authProbe`、Claude `session.id`/`reasoning`、OpenCode `extraAllowedDirs`/`session`/`permissionPolicy.read-only` 均继续保留在 `needsVerification`,不得因 smoke success 被猜进默认 argv。
|
|
43
|
+
|
|
44
|
+
P6-4 针对尚未合入 `origin/main` 的 P6-3 branch target 触发 fresh `.github/workflows/release-candidate.yml`,下载五个 artifacts 后执行 `npm run release:verify -- --dir <normalized-downloaded-artifact-dir>`。下载的 `gate-evidence.json` 包含 `daemon:verify`、`runtime:safety` 和 `compat:real:evidence:verify`;compat gate 输出 schema 为 `agent-cli-runtime.realCompatibilityEvidenceVerification.v1`,被验证 evidence schema 为 `agent-cli-runtime.realCompatibilityEvidence.v1`,diagnostics 只有 count/codes 摘要。证据摘要记录在 `.release-evidence/p6-4-remote-release-candidate.json`,属于 branch evidence,不是 main evidence。
|
|
45
|
+
|
|
46
|
+
P6-5 在 P6-1 至 P6-4 合入 `main` 后触发 fresh `.github/workflows/release-candidate.yml`,下载五个 artifacts 后执行 `npm run release:verify -- --dir <normalized-downloaded-artifact-dir>`。下载的 `gate-evidence.json` 包含 `daemon:verify`、`runtime:safety` 和 `compat:real:evidence:verify`;compat gate 输出 schema 为 `agent-cli-runtime.realCompatibilityEvidenceVerification.v1`,被验证 evidence schema 为 `agent-cli-runtime.realCompatibilityEvidence.v1`,diagnostics 只有 count/codes 摘要。证据摘要记录在 `.release-evidence/p6-5-main-release-candidate.json`,属于 main-scoped evidence;它不发布 npm、不创建 npm token、不配置 trusted publishing、不执行 authenticated real agent run。
|
|
47
|
+
|
|
48
|
+
P6-6 记录 P6-5 合并后的 main HEAD release-candidate artifact 可复验证据,摘要保存在 `.release-evidence/p6-6-main-head-release-candidate.json`。P6-6 证据只在包外,不改变 npm package 内容;P7-3 记录 `0.1.0-alpha.2` 的 fresh main release-candidate 与 dry-run publish evidence,摘要保存在 `.release-evidence/p7-3-alpha-2-publish.json`,并继续遵守同一边界。
|
|
33
49
|
|
|
34
50
|
## 2. OpenDesign 参考基线
|
|
35
51
|
|
|
@@ -1116,10 +1132,10 @@ agent-runtime smoke --mode real --agent codex --allow-real-run --expect-text <sa
|
|
|
1116
1132
|
### P2-12:Remote Release Candidate Evidence Closure
|
|
1117
1133
|
|
|
1118
1134
|
- P2-12 不新增 runtime API;目标是把 P2-11 的本地可复现 artifact verification 推进到真实 GitHub Actions `workflow_dispatch` run、artifact 下载、本地机器复验和文档证据闭环。
|
|
1119
|
-
- 2026-06-20 remote audit 触发了 `.github/workflows/release-candidate.yml` 的真实 `workflow_dispatch` run:run id
|
|
1135
|
+
- 2026-06-20 remote audit 触发了 `.github/workflows/release-candidate.yml` 的真实 `workflow_dispatch` run:run id <recorded outside package>,URL `https://github.com/iiwish/agent-cli-runtime/actions/runs/27869580048`,commit `2f8832119b4ebdb8393077052560589a398ebf56`,branch `main`,status/conclusion 为 `completed` / `success`。
|
|
1120
1136
|
- 该 run 的 job `Build release candidate artifacts` 执行并通过 `npm ci`、`npm run ci`、`npm run dogfood`、`npm pack --json`、`npm run release:verify` 和四个 artifact upload step;workflow 没有执行 `npm publish`,没有要求 npm token,也没有传 `--allow-real-run`。
|
|
1121
|
-
- 下载并复验 artifacts:`agent-cli-runtime-tarball`、`agent-cli-runtime-pack-metadata`、`agent-cli-runtime-package-files`、`agent-cli-runtime-release-verification`。GitHub 下载目录按 artifact name 分层,因此临时归一化到同层 review dir 后执行 `npm run release:verify -- --dir
|
|
1122
|
-
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `145`、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `187378` bytes、tarball sha256
|
|
1137
|
+
- 下载并复验 artifacts:`agent-cli-runtime-tarball`、`agent-cli-runtime-pack-metadata`、`agent-cli-runtime-package-files`、`agent-cli-runtime-release-verification`。GitHub 下载目录按 artifact name 分层,因此临时归一化到同层 review dir 后执行 `npm run release:verify -- --dir <local-temp-dir>`。
|
|
1138
|
+
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `145`、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `187378` bytes、tarball sha256 <recorded outside package>、diagnostics empty。
|
|
1123
1139
|
- P2-12 仍不发布 npm,不要求 npm token,不执行 authenticated real agent run,不新增 daemon、database、WAL、remote worker、web UI、telemetry 或 package root value API;remote evidence 只证明 commit `2f8832119b4ebdb8393077052560589a398ebf56`,不能自动外推到后续提交。
|
|
1124
1140
|
|
|
1125
1141
|
### P2-13:Alpha Publish Readiness Decision
|
|
@@ -1167,8 +1183,8 @@ agent-runtime smoke --mode real --agent codex --allow-real-run --expect-text <sa
|
|
|
1167
1183
|
- P3-4 不新增 runtime API,不实现 daemon/API server,也不发布 npm;目标是把 P3-2 `daemon:verify` 和 P3-3 `runtime:safety` 纳入 CI / release-candidate evidence chain。
|
|
1168
1184
|
- `.github/workflows/ci.yml` 保持 Node.js 20/22/24 matrix 跑 typecheck、lint、tests、build、production dependency audit、package boundary check 和 pack dry-run;`npm run daemon:verify`、`npm run runtime:safety`、`npm run dogfood` 移到单 Node.js 22 release-gates job,避免在 matrix 中重复 installed-package gates。
|
|
1169
1185
|
- `.github/workflows/release-candidate.yml` 保持 manual `workflow_dispatch`,执行 `npm ci`、`npm run ci`、`npm run dogfood`,再执行 `npm run release:candidate -- --out-dir release-candidate`;workflow 继续不执行 `npm publish`,不设置 `NODE_AUTH_TOKEN` / `NPM_TOKEN`,不配置 trusted publishing credential,不传 `--allow-real-run`。
|
|
1170
|
-
- `scripts/create-release-candidate.mjs` 在生成 pack artifacts 前实际执行 `npm run daemon:verify` 和 `npm run
|
|
1171
|
-
- `scripts/verify-release-artifacts.mjs` 要求 `gate-evidence.json` 存在且包含 `daemon:verify` / `runtime:safety
|
|
1186
|
+
- `scripts/create-release-candidate.mjs` 在生成 pack artifacts 前实际执行 `npm run daemon:verify`、`npm run runtime:safety` 和 `npm run compat:real:evidence:verify`,写入 `gate-evidence.json`:`schemaVersion: "agent-cli-runtime.releaseGateEvidence.v1"`、gate commands、output schema versions、installed-package `packageSource: "installed-tarball"`、compatibility verifier 的 evidence schema 和 diagnostic count/codes,以及 no authenticated real run / no npm publish / no npm token flags。
|
|
1187
|
+
- `scripts/verify-release-artifacts.mjs` 要求 `gate-evidence.json` 存在且包含 `daemon:verify` / `runtime:safety` / `compat:real:evidence:verify`,缺失、失败、schema/command/source 不匹配或 compatibility diagnostics 非 count/codes 摘要都会失败;原有 `.reference/`、tests/fixtures、raw real CLI output、repo-only real compatibility scripts、private path、token-looking value、Bearer、auth env assignment 检查保持有效。
|
|
1172
1188
|
- Release-candidate artifacts 变为五个:`agent-cli-runtime-tarball`、`agent-cli-runtime-pack-metadata`、`agent-cli-runtime-package-files`、`agent-cli-runtime-gate-evidence`、`agent-cli-runtime-release-verification`。
|
|
1173
1189
|
- P3-4 远端证据在 P3-5 闭环;不得复用 P2-12 run `27869580048` 作为 P3-5 workflow head SHA 证据。
|
|
1174
1190
|
- P3-4 仍明确非目标:不发布 npm,不新增 npm token,不配置 trusted publishing,不移动 latest dist-tag,不执行 authenticated real agent run,不新增 daemon/API server、HTTP/IPC/RPC、auth/user/tenant、remote worker、Docker/SSH、database/WAL、telemetry backend、UI/artifact layer,不扩大 package root value exports。
|
|
@@ -1179,9 +1195,9 @@ agent-runtime smoke --mode real --agent codex --allow-real-run --expect-text <sa
|
|
|
1179
1195
|
- Workflow head SHA:`8d7bc2a19c626caa1ad5223acbcd35df34aff18e` on `main`。
|
|
1180
1196
|
- 远端触发:`gh workflow run release-candidate.yml --ref main`,GitHub Actions run `27932628093`,URL `https://github.com/iiwish/agent-cli-runtime/actions/runs/27932628093`,status/conclusion 为 `completed` / `success`。
|
|
1181
1197
|
- Job `Build release candidate artifacts` 在 `2026-06-22T05:56:53Z` 开始、`2026-06-22T05:57:58Z` 完成;`Run CI gate`、`Run dogfood gate without authenticated real runs`、`Create npm pack artifact and gate evidence without publishing` 及五个 upload artifact steps 均为 `success`。
|
|
1182
|
-
- GitHub API 返回五个 artifacts:`agent-cli-runtime-tarball` id
|
|
1183
|
-
- 下载路径
|
|
1184
|
-
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `147`、review-time 本地 pack file count `147`、diagnostics empty、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `206662` bytes、tarball sha256
|
|
1198
|
+
- GitHub API 返回五个 artifacts:`agent-cli-runtime-tarball` id <recorded outside package> size `206911` digest `sha256:<redacted>` expires `2026-07-06T05:57:52Z`;`agent-cli-runtime-pack-metadata` id <recorded outside package> size `1960` digest `sha256:<redacted>` expires `2026-07-06T05:57:53Z`;`agent-cli-runtime-package-files` id <recorded outside package> size `947` digest `sha256:<redacted>` expires `2026-07-06T05:57:54Z`;`agent-cli-runtime-gate-evidence` id <recorded outside package> size `443` digest `sha256:<redacted>` expires `2026-07-06T05:57:55Z`;`agent-cli-runtime-release-verification` id <recorded outside package> size `649` digest `sha256:<redacted>` expires `2026-07-06T05:57:56Z`。
|
|
1199
|
+
- 下载路径 `<local-temp-dir>` 按 artifact name 分目录;归一化到 `<local-temp-dir>` 后执行 `npm run release:verify -- --dir <local-temp-dir>`。
|
|
1200
|
+
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `147`、review-time 本地 pack file count `147`、diagnostics empty、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `206662` bytes、tarball sha256 <recorded outside package>。
|
|
1185
1201
|
- `gate-evidence.json` 包含 `daemon:verify` 和 `runtime:safety`,两个 gate 的 `packageSource` 均为 `installed-tarball`,并记录 `noAuthenticatedRealRun: true`、`noNpmPublish: true`、`noNpmToken: true`。
|
|
1186
1202
|
- 本地 sanity gate:`git diff --check`、`node ./dist/cli/main.js agents --json`、`node ./dist/cli/main.js doctor --json`、`node ./dist/cli/main.js conformance --mode real --agent all --json` 均通过;未带 `--allow-real-run`,Codex/OpenCode 为 `real_run_skipped`,Claude 为 `auth_missing`。
|
|
1187
1203
|
|
|
@@ -1199,14 +1215,14 @@ agent-runtime smoke --mode real --agent codex --allow-real-run --expect-text <sa
|
|
|
1199
1215
|
|
|
1200
1216
|
- P3-8 不新增 runtime API,不发布 npm,不创建 npm token,不配置 trusted publishing/provenance publish,不执行 authenticated real agent run;目标是把 P3-7 schema-freeze target SHA 从本地可验收推进到远端 release-candidate artifact 可审查证据闭环。
|
|
1201
1217
|
- 证据目标 SHA:`eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4` on `main`。触发远端 workflow 前,本地 `main` clean 且领先 `origin/main` 三个提交;已执行 `git push origin main`,将远端 `main` 从 `8d7bc2a19c626caa1ad5223acbcd35df34aff18e` 推进到该证据目标 SHA。
|
|
1202
|
-
- 本地完整 gate:`npm run typecheck`、`npm run lint`、`npm test`(196 passed、1 skipped)、`npm run build`、`npm run package:check`(151 files checked)、`npm run dogfood`、`npm run daemon:verify`、`npm run runtime:safety`、`npm run release:candidate -- --out-dir
|
|
1218
|
+
- 本地完整 gate:`npm run typecheck`、`npm run lint`、`npm test`(196 passed、1 skipped)、`npm run build`、`npm run package:check`(151 files checked)、`npm run dogfood`、`npm run daemon:verify`、`npm run runtime:safety`、`npm run release:candidate -- --out-dir <local-temp-dir>`、`npm run release:verify -- --dir <local-temp-dir>`、`node ./dist/cli/main.js agents --json`、`node ./dist/cli/main.js doctor --json`、`node ./dist/cli/main.js conformance --mode real --agent all --json`、`node ./dist/cli/main.js smoke --mode real --agent codex --json`、`git diff --check` 均通过或按预期安全跳过真实 run;未使用 `--allow-real-run`。
|
|
1203
1219
|
- 远端触发:`gh workflow run release-candidate.yml --ref main`,GitHub Actions run `27940814340`,URL `https://github.com/iiwish/agent-cli-runtime/actions/runs/27940814340`,status/conclusion 为 `completed` / `success`,head SHA 为 `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`。
|
|
1204
|
-
- Job `Build release candidate artifacts` id
|
|
1205
|
-
- GitHub API 返回五个 artifacts:`agent-cli-runtime-tarball` id
|
|
1206
|
-
- 下载路径
|
|
1207
|
-
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `151`、diagnostics empty、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `219786` bytes、tarball sha256
|
|
1220
|
+
- Job `Build release candidate artifacts` id <recorded outside package> 在 `2026-06-22T08:49:47Z` 开始、`2026-06-22T08:51:09Z` 完成;`Run CI gate`、`Run dogfood gate without authenticated real runs`、`Create npm pack artifact and gate evidence without publishing` 及五个 upload artifact steps 均为 `success`。
|
|
1221
|
+
- GitHub API 返回五个 artifacts:`agent-cli-runtime-tarball` id <recorded outside package> size `220040` digest `sha256:<redacted>` expires `2026-07-06T08:50:58Z`;`agent-cli-runtime-pack-metadata` id <recorded outside package> size `2011` digest `sha256:<redacted>` expires `2026-07-06T08:51:00Z`;`agent-cli-runtime-package-files` id <recorded outside package> size `963` digest `sha256:<redacted>` expires `2026-07-06T08:51:02Z`;`agent-cli-runtime-gate-evidence` id <recorded outside package> size `443` digest `sha256:<redacted>` expires `2026-07-06T08:51:03Z`;`agent-cli-runtime-release-verification` id <recorded outside package> size `649` digest `sha256:<redacted>` expires `2026-07-06T08:51:04Z`。
|
|
1222
|
+
- 下载路径 `<local-temp-dir>` 按 artifact name 分目录;归一化到 `<local-temp-dir>` 后执行 `npm run release:verify -- --dir <local-temp-dir>`。
|
|
1223
|
+
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `151`、diagnostics empty、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `219786` bytes、tarball sha256 <recorded outside package>、npm pack shasum <recorded outside package>。
|
|
1208
1224
|
- `gate-evidence.json` 包含 `daemon:verify` 和 `runtime:safety`,两个 gate 的 `packageSource` 均为 `installed-tarball`,并记录 `noAuthenticatedRealRun: true`、`noNpmPublish: true`、`noNpmToken: true`。
|
|
1209
|
-
- Package file list 151 项,无 `.reference/`、`tests/`、fixtures、raw real CLI output、private paths、token-looking values、Bearer values 或 auth env assignments。下载 artifacts 和 tarball 保留在
|
|
1225
|
+
- Package file list 151 项,无 `.reference/`、`tests/`、fixtures、raw real CLI output、private paths、token-looking values、Bearer values 或 auth env assignments。下载 artifacts 和 tarball 保留在 `<local-temp-dir>`,不进入仓库。
|
|
1210
1226
|
|
|
1211
1227
|
### P3-10:Pre-Documentation Alpha Release Candidate Evidence & Human-Gated Publish Packet
|
|
1212
1228
|
|
|
@@ -1214,12 +1230,12 @@ agent-runtime smoke --mode real --agent codex --allow-real-run --expect-text <sa
|
|
|
1214
1230
|
- P3-10 把提交证据文档前的 HEAD 重新建立为可审查的 alpha release candidate,并生成只到 dry-run 为止的人工发布 packet。
|
|
1215
1231
|
- 提交证据文档前的 SHA:`fdba3ebccb2e57a0ad295101028a2a3937a92204` on `main`。触发远端 workflow 前,本地 `main`、`origin/main` 与 `HEAD` 均为该 SHA,worktree clean。
|
|
1216
1232
|
- 远端触发:`gh workflow run release-candidate.yml --ref main`,GitHub Actions run `27945938663`,URL `https://github.com/iiwish/agent-cli-runtime/actions/runs/27945938663`,status/conclusion 为 `completed` / `success`,head SHA 为 `fdba3ebccb2e57a0ad295101028a2a3937a92204`。
|
|
1217
|
-
- Job `Build release candidate artifacts` id
|
|
1218
|
-
- GitHub API 返回五个 artifacts:`agent-cli-runtime-tarball` id
|
|
1219
|
-
- 下载路径
|
|
1220
|
-
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `151`、diagnostics empty、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `225378` bytes、tarball sha256
|
|
1233
|
+
- Job `Build release candidate artifacts` id <recorded outside package>,URL `https://github.com/iiwish/agent-cli-runtime/actions/runs/27945938663/job/82690587870`,在 `2026-06-22T10:22:18Z` 开始、`2026-06-22T10:23:33Z` 完成;`Run CI gate`、`Run dogfood gate without authenticated real runs`、`Create npm pack artifact and gate evidence without publishing` 及五个 upload artifact steps 均为 `success`。
|
|
1234
|
+
- GitHub API 返回五个 artifacts:`agent-cli-runtime-tarball` id <recorded outside package> size `225632` digest `sha256:<redacted>` expires `2026-07-06T10:23:22Z`;`agent-cli-runtime-pack-metadata` id <recorded outside package> size `1998` digest `sha256:<redacted>` expires `2026-07-06T10:23:24Z`;`agent-cli-runtime-package-files` id <recorded outside package> size `961` digest `sha256:<redacted>` expires `2026-07-06T10:23:25Z`;`agent-cli-runtime-gate-evidence` id <recorded outside package> size `443` digest `sha256:<redacted>` expires `2026-07-06T10:23:27Z`;`agent-cli-runtime-release-verification` id <recorded outside package> size `649` digest `sha256:<redacted>` expires `2026-07-06T10:23:28Z`。
|
|
1235
|
+
- 下载路径 `<local-temp-dir>` 按 artifact name 分目录;归一化到 `<local-temp-dir>` 后执行 `npm run release:verify -- --dir <local-temp-dir>`。
|
|
1236
|
+
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `151`、diagnostics empty、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `225378` bytes、tarball sha256 <recorded outside package>、npm pack shasum <recorded outside package>、integrity <recorded outside package>。
|
|
1221
1237
|
- `gate-evidence.json` 包含 `daemon:verify` 和 `runtime:safety`,两个 gate 的 `packageSource` 均为 `installed-tarball`,并记录 `noAuthenticatedRealRun: true`、`noNpmPublish: true`、`noNpmToken: true`。
|
|
1222
|
-
- Package file list 151 项,无 `.reference/`、`tests/`、fixture paths、raw real CLI output、private paths、token-looking values、Bearer values 或 auth env assignments。下载 artifacts 和 tarball 保留在
|
|
1238
|
+
- Package file list 151 项,无 `.reference/`、`tests/`、fixture paths、raw real CLI output、private paths、token-looking values、Bearer values 或 auth env assignments。下载 artifacts 和 tarball 保留在 `<local-temp-dir>`,不进入仓库。
|
|
1223
1239
|
- Human-gated publish packet 只记录未来发布路径;P3-10 的 stop point 是 `npm publish --dry-run --ignore-scripts --tag alpha`,真发布命令必须由用户后续单独明确授权后才可执行。
|
|
1224
1240
|
- Release docs 包含在 `package.json` `files` 中;提交本 P3-10 packet 会改变 npm pack shasum。run `27945938663` 不能作为提交这些文档后的最终发布证据;真实发布前必须在提交后触发 fresh release-candidate workflow 并重新下载复验 artifacts。
|
|
1225
1241
|
|
|
@@ -1227,15 +1243,15 @@ agent-runtime smoke --mode real --agent codex --allow-real-run --expect-text <sa
|
|
|
1227
1243
|
|
|
1228
1244
|
- P3-9 不新增 runtime API,不发布 npm,不创建 npm token,不配置 trusted publishing/provenance publish,不执行 authenticated real agent run;目标是把 P3-8 文档证据提交后的证据目标提交重新建立最终 pre-alpha release-candidate 证据,并用 alpha dist-tag 完成本地 publish dry-run。
|
|
1229
1245
|
- 证据目标 SHA:`65fac505ca3eb830a06d8656068cf4ed5f6dd46a` on `main`。触发远端 workflow 前,本地 `main` clean 且领先 `origin/main` 一个 package-boundary/evidence-lock 提交;已执行 `git push origin main`,将远端 `main` 从 `a0299a7d81bb614661922bebc8c75496cf0a3d11` 推进到该证据目标 SHA。推送后本地 `HEAD` 与 `origin/main` 均为 `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`。
|
|
1230
|
-
- 本地完整 gate:`npm run typecheck`、`npm run lint`、`npm test`(196 passed、1 skipped)、`npm run build`、`npm run package:check`(151 files checked)、`npm run dogfood`、`npm run daemon:verify`、`npm run runtime:safety`、`npm run release:candidate -- --out-dir
|
|
1246
|
+
- 本地完整 gate:`npm run typecheck`、`npm run lint`、`npm test`(196 passed、1 skipped)、`npm run build`、`npm run package:check`(151 files checked)、`npm run dogfood`、`npm run daemon:verify`、`npm run runtime:safety`、`npm run release:candidate -- --out-dir <local-temp-dir>`、`npm run release:verify -- --dir <local-temp-dir>`、`npm audit --omit=dev`(0 vulnerabilities)、`npm pack --dry-run --json --ignore-scripts`、`npm publish --dry-run --ignore-scripts --tag alpha`、`node ./dist/cli/main.js agents --json`、`node ./dist/cli/main.js doctor --json`、`node ./dist/cli/main.js conformance --mode real --agent all --json`、`node ./dist/cli/main.js smoke --mode real --agent codex --json`、`git diff --check` 均通过或按预期安全跳过真实 run;未使用 `--allow-real-run`。
|
|
1231
1247
|
- `npm publish --dry-run --ignore-scripts --tag alpha` 明确输出 `Publishing to https://registry.npmjs.org/ with tag alpha and default access (dry-run)`,没有真实发布。
|
|
1232
1248
|
- 远端触发:`gh workflow run release-candidate.yml --ref main`,GitHub Actions run `27943672095`,URL `https://github.com/iiwish/agent-cli-runtime/actions/runs/27943672095`,status/conclusion 为 `completed` / `success`,head SHA 为 `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`。
|
|
1233
|
-
- Job `Build release candidate artifacts` id
|
|
1234
|
-
- GitHub API 返回五个 artifacts:`agent-cli-runtime-tarball` id
|
|
1235
|
-
- 下载路径
|
|
1236
|
-
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `151`、diagnostics empty、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `224740` bytes、tarball sha256
|
|
1249
|
+
- Job `Build release candidate artifacts` id <recorded outside package> 在 `2026-06-22T09:40:45Z` 开始、`2026-06-22T09:41:58Z` 完成;`Run CI gate`、`Run dogfood gate without authenticated real runs`、`Create npm pack artifact and gate evidence without publishing` 及五个 upload artifact steps 均为 `success`。
|
|
1250
|
+
- GitHub API 返回五个 artifacts:`agent-cli-runtime-tarball` id <recorded outside package> size `224994` digest `sha256:<redacted>` expires `2026-07-06T09:41:51Z`;`agent-cli-runtime-pack-metadata` id <recorded outside package> size `2003` digest `sha256:<redacted>` expires `2026-07-06T09:41:52Z`;`agent-cli-runtime-package-files` id <recorded outside package> size `961` digest `sha256:<redacted>` expires `2026-07-06T09:41:53Z`;`agent-cli-runtime-gate-evidence` id <recorded outside package> size `444` digest `sha256:<redacted>` expires `2026-07-06T09:41:54Z`;`agent-cli-runtime-release-verification` id <recorded outside package> size `649` digest `sha256:<redacted>` expires `2026-07-06T09:41:55Z`。
|
|
1251
|
+
- 下载路径 `<local-temp-dir>` 按 artifact name 分目录;归一化到 `<local-temp-dir>` 后执行 `npm run release:verify -- --dir <local-temp-dir>`。
|
|
1252
|
+
- 下载 artifact 复验结果为 `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`、`ok: true`、package file count `151`、diagnostics empty、tarball `agent-cli-runtime-0.1.0-alpha.0.tgz`、tarball size `224740` bytes、tarball sha256 <recorded outside package>、npm pack shasum <recorded outside package>。
|
|
1237
1253
|
- `gate-evidence.json` 包含 `daemon:verify` 和 `runtime:safety`,两个 gate 的 `packageSource` 均为 `installed-tarball`,并记录 `noAuthenticatedRealRun: true`、`noNpmPublish: true`、`noNpmToken: true`。
|
|
1238
|
-
- Package file list 151 项,无 `.reference/`、`tests/`、fixture paths、raw real CLI output、private paths、token-looking values、Bearer values 或 auth env assignments。下载 artifacts 和 tarball 保留在
|
|
1254
|
+
- Package file list 151 项,无 `.reference/`、`tests/`、fixture paths、raw real CLI output、private paths、token-looking values、Bearer values 或 auth env assignments。下载 artifacts 和 tarball 保留在 `<local-temp-dir>`,不进入仓库。
|
|
1239
1255
|
|
|
1240
1256
|
## 19. 待定问题
|
|
1241
1257
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-cli-runtime",
|
|
3
|
-
"version": "0.1.0-alpha.
|
|
3
|
+
"version": "0.1.0-alpha.2",
|
|
4
4
|
"description": "Local-first TypeScript runtime for scheduling Codex CLI, Claude Code, OpenCode, and compatible coding-agent CLIs.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -48,14 +48,22 @@
|
|
|
48
48
|
"scripts": {
|
|
49
49
|
"build": "tsc -p tsconfig.json",
|
|
50
50
|
"ci": "npm run typecheck && npm run lint && npm test && npm run build && npm audit --omit=dev && npm run package:check && npm pack --dry-run",
|
|
51
|
+
"compat:real:evidence": "node ./scripts/create-real-compatibility-evidence.mjs",
|
|
52
|
+
"compat:real:evidence:verify": "node ./scripts/verify-real-compatibility-evidence.mjs",
|
|
51
53
|
"daemon:verify": "node ./scripts/verify-daemon-ready.mjs",
|
|
52
54
|
"dogfood": "node ./scripts/dogfood.mjs",
|
|
53
55
|
"package:check": "node ./scripts/check-package-boundary.mjs",
|
|
54
|
-
"prepublish:check": "npm run typecheck && npm run lint && npm test && npm run build && npm run daemon:verify && npm run runtime:safety && npm run dogfood && npm audit --omit=dev && npm run package:check && npm pack --dry-run",
|
|
56
|
+
"prepublish:check": "npm run typecheck && npm run lint && npm test && npm run build && npm run daemon:verify && npm run runtime:safety && npm run compat:real:evidence:verify && npm run dogfood && npm audit --omit=dev && npm run package:check && npm pack --dry-run",
|
|
55
57
|
"prepack": "npm run build",
|
|
58
|
+
"published:adapters:verify": "node ./scripts/verify-published-adapters.mjs",
|
|
59
|
+
"published:daemon:verify": "node ./scripts/verify-published-daemon-consumer.mjs",
|
|
60
|
+
"published:verify": "node ./scripts/create-published-verification-evidence.mjs",
|
|
61
|
+
"published:verify:evidence": "node ./scripts/verify-published-verification-evidence.mjs",
|
|
56
62
|
"release:candidate": "node ./scripts/create-release-candidate.mjs",
|
|
63
|
+
"release:post-alpha:verify": "node ./scripts/verify-post-alpha-release.mjs",
|
|
57
64
|
"release:verify": "node ./scripts/verify-release-artifacts.mjs",
|
|
58
65
|
"runtime:safety": "node ./scripts/verify-runtime-safety.mjs",
|
|
66
|
+
"smoke:published": "node ./scripts/smoke-published.mjs",
|
|
59
67
|
"typecheck": "tsc -p tsconfig.json --noEmit",
|
|
60
68
|
"lint": "tsc -p tsconfig.json --noEmit",
|
|
61
69
|
"test": "npm run build && vitest run --reporter=verbose --no-file-parallelism --testTimeout 30000"
|