npm - agent-cli-runtime - Versions diffs - 0.1.0-alpha.1 → 0.1.0-alpha.3 - Mend

agent-cli-runtime 0.1.0-alpha.1 → 0.1.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/CHANGELOG.md +34 -0
package/README.md +45 -9
package/README.zh-CN.md +45 -9
package/dist/cli/main.js +0 -0
package/dist/core/schema-contract.d.ts +10 -0
package/dist/core/schema-contract.js +36 -0
package/dist/core/schema-contract.js.map +1 -1
package/docs/api-schema-contract.md +14 -3
package/docs/compatibility.md +82 -30
package/docs/daemon-ready-contract.md +51 -0
package/docs/production-readiness.md +44 -15
package/docs/release-checklist.md +127 -266
package/docs/release-publish-runbook.md +45 -39
package/docs/release-report.md +72 -472
package/docs/ssot.md +48 -32
package/package.json +12 -3

package/docs/release-checklist.md CHANGED Viewed

@@ -1,268 +1,129 @@
 # Release Checklist (pre-alpha / developer preview)
-## 0.1.0-alpha.1 corrective alpha package
-- [ ] Confirm `package.json` and `package-lock.json` version are `0.1.0-alpha.1`.
-- [ ] Confirm packaged README/docs no longer describe the current package as unpublished or forbid the already-created GitHub pre-release.
-- [ ] Confirm `0.1.0-alpha.0` is treated as immutable historical npm/GitHub Release evidence, not overwritten.
-- [ ] Trigger a fresh Release Candidate workflow for the corrective commit and verify its `headSha` equals that commit.
-- [ ] Download all five release-candidate artifacts and run `npm run release:verify -- --dir <normalized-artifact-dir>`.
-- [ ] Run local gates: `npm run typecheck`, `npm run lint`, `npm test`, `npm run package:check`, and `npm publish --dry-run --ignore-scripts --tag alpha`.
-- [ ] Publish `agent-cli-runtime@0.1.0-alpha.1` only after explicit maintainer authorization and interactive npm authentication.
-- [ ] Create GitHub pre-release `v0.1.0-alpha.1` and attach durable release evidence assets.
-## P3-11 current-head release candidate evidence boundary
-- [x] Current-head release evidence uses `.release-evidence/` as the non-package local evidence landing zone.
-- [x] Package docs describe stable release rules only and do not store current run ids, artifact digests, tarball shasums, or npm pack shasums.
-- [x] `npm pack` / `package:check` must not include `.release-evidence/`, `.reference/`, tests, fixtures, temporary downloads, private paths, or token-looking values.
-- [x] A fresh release-candidate workflow proves only its own `headSha`; historical runs are not reused as proof for later commits.
-- [x] `npm publish --dry-run --ignore-scripts --tag alpha` remains a dry-run gate, not a real publish.
-## P3-7 API / CLI schema freeze
-- [x] `docs/api-schema-contract.md` records the public root boundary and package-root value export remains `createAgentRuntime`.
-- [x] `docs/api-schema-contract.md` records schema versioning policy for optional additive fields, breaking field changes, terminal/failure vocabulary changes, and CLI command/flag semantic changes.
-- [x] Schema inventory covers `agent-runtime.event.v1`, `agent-runtime.diagnostics.v1`, `agent-runtime.conformance.v1`, `agent-runtime.realSmoke.v1`, `agent-runtime.storeHealth.v1`, `agent-runtime.storeRepair.v1`, `agent-runtime.cliError.v1`, `agent-cli-runtime.releaseVerification.v1`, and `agent-cli-runtime.releaseGateEvidence.v1`.
-- [x] Failure taxonomy keeps `success`, `failed`, `timeout`, `canceled`, `interrupted`, `validation_failed`, `execution_failed`, `unavailable`, `auth_missing`, and `task_graph_invalid` as event terminal reasons.
-- [x] Smoke/conformance classifications keep `success`, `real_run_skipped`, `auth_missing`, `unavailable_executable`, `unsupported_flag`, `needs_verification`, `unexpected_output`, `cwd_mutated`, `timeout`, and `failed`.
-- [x] Docs state that skipped evidence is not success, `auth_missing` is not unavailable, and `needs_verification` must not be guessed into a flag mapping.
-- [x] Drift tests protect package root value exports, built declaration boundaries, schema inventory, failure taxonomy, release artifact schemas, redaction boundaries, and over-claiming language.
-- [x] P3-7 does not publish npm, configure tokens/trusted publishing, add daemon/API server/database/WAL/remote worker/UI/telemetry, or add authenticated real runs to default gates.
-## P3-10 pre-documentation alpha release candidate evidence and human-gated publish packet
-- [x] Confirmed local branch `main`, `origin/main`, clean worktree, and pre-documentation SHA `fdba3ebccb2e57a0ad295101028a2a3937a92204` before the remote trigger.
-- [x] Confirmed existing P3-9 run `27943672095` only proves target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`; it is historical evidence.
-- [x] Confirmed historical release-candidate runs must not be reused for P3-10 publish evidence.
-- [x] Triggered fresh remote `.github/workflows/release-candidate.yml` run `27945938663` for pre-documentation SHA `fdba3ebccb2e57a0ad295101028a2a3937a92204`.
-- [x] Confirmed run `27945938663` status/conclusion `completed` / `success`; job `82690587870` and steps `Run CI gate`, `Run dogfood gate without authenticated real runs`, `Create npm pack artifact and gate evidence without publishing`, plus all five upload steps concluded `success`.
-- [x] Confirmed artifacts include `agent-cli-runtime-tarball`, `agent-cli-runtime-pack-metadata`, `agent-cli-runtime-package-files`, `agent-cli-runtime-gate-evidence`, and `agent-cli-runtime-release-verification`.
-- [x] Recorded artifact ids/digests: tarball `7789535097` / `sha256:698d80cd9ce86643396d7c9305424ac0f85cfe9d11bca654912048ed92118a34`; pack metadata `7789535626` / `sha256:6c902654a5a8ddc8c5cb59c63efd82ef600d81488efc9eab7c98669a3e8eb564`; package files `7789536134` / `sha256:18b8adab4fc43d54389137cbdcf6db8e744f0a12c9498f88c0238c759ce39b79`; gate evidence `7789536677` / `sha256:458f63ff6b59a7b16ec8a918d7253a12e000563a7f9452ae932924902b6e0179`; release verification `7789537198` / `sha256:27e094fd6aad1b317d9073bef75a27336fe08850592c408d8861eb14df6e7633`.
-- [x] Downloaded all five artifacts and normalized them to `/tmp/agent-runtime-p3-10-current-head-remote-66VIhN/normalized`.
-- [x] Re-ran `npm run release:verify -- --dir /tmp/agent-runtime-p3-10-current-head-remote-66VIhN/normalized` with this checkout's verifier; result `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`, `ok: true`, package file count `151`, empty diagnostics, and gate evidence for `daemon:verify` plus `runtime:safety`.
-- [x] Confirmed package file list has no `.reference/`, `tests/`, fixture paths, raw real CLI output, private paths, token-looking values, Bearer values, or auth env assignments.
-- [x] Confirmed workflow/script boundary still contains no npm publish step, npm token requirement, trusted-publishing setup, `id-token: write`, registry credential, or default `--allow-real-run`.
-- [x] Confirmed release docs are included in `package.json` `files`, so committing this packet changes package shasum; run `27945938663` must not be used as final post-documentation publish evidence.
-- [x] Human-gated publish packet stops at `npm publish --dry-run --ignore-scripts --tag alpha`; true `npm publish --tag alpha` remains documentation only and requires a later separate human authorization plus a fresh release-candidate workflow after committing this packet.
-## P3-9 final alpha dry-run and evidence-target release readiness lock (historical)
-- [x] Confirmed local branch `main`, evidence target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`, matching `origin/main`, and clean worktree before the remote trigger.
-- [x] Ran the full local P3-9 gate set: typecheck, lint, tests, build, package boundary check, dogfood, daemon verification, runtime safety verification, local release-candidate generation/verification, production dependency audit, pack dry-run, alpha publish dry-run, built CLI JSON/preflight commands, and `git diff --check`.
-- [x] Pushed local `main` to `origin/main` because remote `main` was still at the P3-9 interim evidence target before the strict `fixtures?` package-boundary lock; without this push, `workflow_dispatch --ref main` would not prove the evidence target.
-- [x] Triggered fresh remote `.github/workflows/release-candidate.yml` run `27943672095` for target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`.
-- [x] Confirmed run `27943672095` status/conclusion `completed` / `success`; job `82682936901` and steps `Run CI gate`, `Run dogfood gate without authenticated real runs`, `Create npm pack artifact and gate evidence without publishing`, plus all five upload steps concluded `success`.
-- [x] Downloaded all five artifacts and normalized them to `/tmp/agent-runtime-p3-9-final-remote-f4Wr9c/normalized`.
-- [x] Re-ran `npm run release:verify -- --dir /tmp/agent-runtime-p3-9-final-remote-f4Wr9c/normalized` with this checkout's verifier; result `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`, `ok: true`, package file count `151`, empty diagnostics, and gate evidence for `daemon:verify` plus `runtime:safety`.
-- [x] Confirmed artifacts include `agent-cli-runtime-tarball`, `agent-cli-runtime-pack-metadata`, `agent-cli-runtime-package-files`, `agent-cli-runtime-gate-evidence`, and `agent-cli-runtime-release-verification`.
-- [x] Confirmed package file list has no `.reference/`, `tests/`, fixture paths, raw real CLI output, private paths, token-looking values, Bearer values, or auth env assignments.
-- [x] Confirmed workflow/script boundary still contains no npm publish step, npm token requirement, trusted-publishing setup, or default `--allow-real-run`.
-- [x] Confirmed `npm publish --dry-run --ignore-scripts --tag alpha` passed locally and reported `Publishing to https://registry.npmjs.org/ with tag alpha ... (dry-run)`.
-## P3-8 target SHA remote release-candidate evidence refresh (historical)
-- [x] P3-9 interim run `27942743285` proved target SHA `a0299a7d81bb614661922bebc8c75496cf0a3d11` only; it is historical after the strict `fixtures?` package-boundary lock in run `27943672095`.
-- [x] P3-8 run `27940814340` proved target SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4` only; it is historical after P3-9.
-## P3-6 real CLI opt-in smoke evidence
-- [x] `smoke --mode real --agent <id> --json` performs detection/profile certification only and does not launch a real run without `--allow-real-run`.
-- [x] Opt-in real smoke commands are documented for Codex, Claude Code, and OpenCode with `--allow-real-run --expect-text <safe_text> --json`.
-- [x] Real smoke summary uses `schemaVersion: "agent-runtime.realSmoke.v1"` and includes adapter/version/auth/models/run classification, expected text match, redacted observed tail, cwd mutation evidence, diagnostics count, and skip/failure reason.
-- [x] Real smoke summary excludes prompt text, token values, private cwd, raw stdout/stderr, and final run records.
-- [x] Custom `--prompt` / `--prompt-file` without `--expect-text` cannot pass solely on exit `0`; it classifies as `unexpected_output`.
-- [x] Preflight/run classifications cover `auth_missing`, `unavailable_executable`, `unsupported_flag`, `unexpected_output`, `cwd_mutated`, `needs_verification`, and `real_run_skipped`.
-- [x] Public docs use Anthropic-compatible provider env var names and placeholders only; no real token, concrete provider URL, or private model alias is committed.
-- [x] CI, release-candidate workflow, dogfood, prepublish, and release-candidate creator do not contain `--allow-real-run`.
-- [x] Local P3-6 opt-in evidence records Codex/OpenCode as `success` with `expectedTextMatched: true` and `cwdMutated: false` when run with explicit `--timeout-ms 120000`; Claude Code remains `auth_missing`.
-## P3-5 remote release evidence closure (historical)
-- [x] `.github/workflows/ci.yml` keeps the Node.js 20/22/24 matrix for typecheck, lint, tests, build, production dependency audit, package boundary checks, and pack dry-run.
-- [x] CI runs `npm run daemon:verify`, `npm run runtime:safety`, and `npm run dogfood` in one single-Node release-gates job instead of repeating installed-package gates across the matrix.
-- [x] `.github/workflows/release-candidate.yml` remains manual `workflow_dispatch`, runs `npm ci`, `npm run ci`, `npm run dogfood`, and delegates artifact creation to `npm run release:candidate -- --out-dir release-candidate`.
-- [x] `release:candidate` writes `gate-evidence.json` with `agent-cli-runtime.releaseGateEvidence.v1`, `npm run daemon:verify`, `npm run runtime:safety`, and the installed-package output schema versions.
-- [x] `release:verify` requires `gate-evidence.json`, rejects missing or incomplete daemon-ready gate evidence, and still checks `.reference/`, tests/fixtures, private paths, token-looking values, Bearer values, and auth env assignments.
-- [x] `npm run prepublish:check` includes both `npm run daemon:verify` and `npm run runtime:safety`.
-- [x] Workflows still contain no `npm publish`, no `NODE_AUTH_TOKEN` / `NPM_TOKEN`, no trusted-publishing credential setup, and no `--allow-real-run`.
-- [x] Triggered fresh remote `.github/workflows/release-candidate.yml` run `27932628093` for workflow head SHA `8d7bc2a19c626caa1ad5223acbcd35df34aff18e` and downloaded/re-verified all five artifacts, including `agent-cli-runtime-gate-evidence`. This is historical evidence only after P3-9.
-## P3-3 long-lived runtime resource safety gate
-- [x] `npm run runtime:safety` exists and emits `schemaVersion: "agent-runtime.runtimeSafety.v1"` JSON.
-- [x] The runtime safety verification path packs and installs the package into a temporary consumer before running fake CLI resource-safety checks.
-- [x] The gate covers repeated fake runs, repeated fake goals, slow event consumption, run replay counts, cancel churn, timeout/process-close race, goal cancellation with queued/running tasks, diagnostics tail bounds/redaction, repeated shutdown, storage lease closure, and reopen of terminal records.
-- [x] The gate does not require real Codex, Claude Code, OpenCode accounts or `--allow-real-run`.
-- [x] P3-3 tests cover event iterators closing after terminal events, one terminal event per run/goal, active run/goal cleanup, no false active recovery after reopen, and bounded redacted diagnostics.
-- [x] `npm run prepublish:check` includes `npm run runtime:safety`; `npm run dogfood` remains the bounded package/API dogfood gate and does not duplicate the P3-3 churn verifier.
-- [x] P3-3 does not add daemon/API server, database, WAL, remote worker, web UI, telemetry, npm publish, publish workflow, npm token, trusted publishing configuration, or package-root value exports.
-## P3-2 daemon embedding stability gate
-- [x] `npm run daemon:verify` exists and emits `schemaVersion: "agent-runtime.daemonVerification.v1"` JSON.
-- [x] The daemon verification path packs and installs the package into a temporary consumer before running fake CLI embedding checks.
-- [x] The gate covers fake adapter detection, fake conformance, fake run, fake goal, run/goal replay, store health, diagnostics export, shutdown, and reopen of terminal records.
-- [x] The gate does not require real Codex, Claude Code, OpenCode accounts or `--allow-real-run`.
-- [x] Read-only inspection coverage verifies `store-health`, `store-lock`, `diagnostics`, `replay-run`, and `replay-goal` do not acquire the writer lease or recover live-owner active records.
-- [x] Second writer refusal leaves live-owner active run/goal records active and unmodified.
-- [x] Shutdown/cancel/recovery paths are covered for single terminal event idempotence.
-- [x] Active goal recovery keeps pending/running tasks canceled and succeeded tasks stable across reopen.
-- [x] Daemon-facing schema compatibility coverage includes event envelope, diagnostics, conformance, store health, store repair, and CLI JSON error v1 shapes.
-- [x] P3-2 does not add daemon/API server, database, WAL, remote worker, web UI, telemetry, npm publish, publish workflow, npm token, trusted publishing configuration, or package-root value exports.
-## P3-1 daemon-ready contract freeze
-- [x] `docs/daemon-ready-contract.md` documents daemon/product shell embedding semantics without implementing a daemon.
-- [x] Public docs position the package as a local-first execution kernel, not a hosted control plane.
-- [x] Package root value exports remain limited to `createAgentRuntime`; public types remain type exports only.
-- [x] `store-health --json` uses `schemaVersion: "agent-runtime.storeHealth.v1"`.
-- [x] CLI `--json` usage errors use `schemaVersion: "agent-runtime.cliError.v1"`.
-- [x] Event, diagnostics, conformance, store-health, store-repair, and CLI-error schema compatibility rules are documented.
-- [x] Failure taxonomy preserves skipped/auth-missing/unsupported/unexpected-output/cwd-mutated states instead of converting them into success.
-- [x] P3-1 does not add daemon/API server, database, WAL, remote worker, web UI, telemetry, npm publish, publish workflow, npm token, or trusted publishing configuration.
-## P2-13 alpha publish readiness gate
-- [x] `package.json` metadata includes `name`, `version`, `description`, `license`, `type`, `bin`, `main`, `types`, `exports`, `files`, `engines`, `repository`, `homepage`, `bugs`, `keywords`, and `publishConfig.tag`.
-- [x] Package root value exports remain limited to `createAgentRuntime`; public types remain type exports only.
-- [x] `docs/release-publish-runbook.md` records dry-run, real publish commands, human confirmation points, dist-tag checks, rollback/deprecation/unpublish boundaries, npm 2FA, trusted publishing, provenance, and token strategy.
-- [x] `npm publish --dry-run --ignore-scripts --tag alpha` passed locally on 2026-06-22 and reported `Publishing to https://registry.npmjs.org/ with tag alpha ... (dry-run)`.
-- [x] `npm pack --dry-run` includes release docs, including `docs/release-publish-runbook.md`, and excludes `.reference/`, tests, fixtures, raw real CLI output, private paths, and token-looking values.
-- [x] `.github/workflows/ci.yml` and `.github/workflows/release-candidate.yml` still contain no `npm publish`, no npm token setup, and no registry credential requirement.
-- [x] P2-13 records publish readiness only; it does not publish npm, create npm tokens, configure trusted publishing, publish a GitHub release, or launch authenticated real agent runs.
-## P2-12 release candidate gate
-- [x] `npm ci` — passed in remote release-candidate run `27869580048`.
-- [x] `npm run typecheck` — passed locally on 2026-06-20.
-- [x] `npm run lint` — passed locally on 2026-06-20.
-- [x] `npm test` — passed locally on 2026-06-20 with 170 tests.
-- [x] `npm run build` — passed locally on 2026-06-20.
-- [x] `npm run daemon:verify` — passed locally on 2026-06-22.
-- [x] `npm run ci` — passed in remote release-candidate run `27869580048`.
-- [x] `npm run dogfood` — passed locally and in remote release-candidate run `27869580048`.
-- [x] `npm run runtime:safety` — passed locally on 2026-06-22.
-- [x] `npm run prepublish:check` — passed locally on 2026-06-22 with `runtime:safety` included.
-- [x] `npm run release:candidate -- --out-dir <temp-dir>` — passed locally on 2026-06-20.
-- [x] `npm run release:verify -- --dir <temp-dir>` — passed locally and against downloaded remote artifacts.
-- [ ] `node ./dist/cli/main.js conformance --mode fixtures --json`
-- [ ] `node ./dist/cli/main.js conformance --mode fake --json`
-- [x] `node ./dist/cli/main.js conformance --mode real --agent all --json` — passed locally without `--allow-real-run`.
-- [ ] `node ./dist/cli/main.js smoke --mode fixtures --json`
-- [x] `node ./dist/cli/main.js agents --json` — passed locally on 2026-06-20.
-- [x] `node ./dist/cli/main.js doctor --json` — passed locally on 2026-06-20.
-- [ ] `node ./dist/cli/main.js store-health --storage-dir <empty-temp-dir> --json`
-- [ ] `node ./dist/cli/main.js store-repair --storage-dir <empty-temp-dir> --dry-run --json`
-- [ ] Error contract: `node ./dist/cli/main.js run --json` exits `1` and prints parseable redacted JSON.
-- [ ] Error contract: `node ./dist/cli/main.js store-health --json` exits `1` and prints parseable redacted JSON.
-- [ ] Error contract: `node ./dist/cli/main.js store-repair --storage-dir <temp-dir> --apply --dry-run --json` exits `1` and prints parseable redacted JSON.
-- [ ] `node ./dist/cli/main.js store-repair --storage-dir <corrupt-fixture-temp-dir> --dry-run --json`
-- [ ] `node ./dist/cli/main.js store-repair --storage-dir <corrupt-fixture-temp-dir> --apply --json`
-- [ ] `node ./dist/cli/main.js store-health --storage-dir <corrupt-fixture-temp-dir> --json`
-- [x] `npm audit --omit=dev` — passed inside `npm run prepublish:check`.
-- [x] `npm run package:check` — passed locally on 2026-06-20.
-- [x] `npm pack --dry-run` — passed locally and inside `npm run prepublish:check`.
-- [x] `npm publish --dry-run --ignore-scripts --tag alpha` — passed locally as dry-run with `tag alpha`.
-`npm run dogfood` is the default publish-readiness bundle. It rebuilds, runs offline fixtures/fake conformance, runs real local detection/profile conformance without `--allow-real-run`, executes fake-CLI examples, performs a pack dry-run, and installs the packed tarball into a temporary project for package-root import, TypeScript `tsc --noEmit`, fake library run/goal/replay/diagnostics, and installed CLI smoke.
-`npm run prepublish:check` is the local release-candidate guard. It combines typecheck, lint, tests, build, daemon verification, runtime safety verification, dogfood, production audit, package boundary checking, and pack dry-run. It must not run authenticated real agents.
-`npm publish --dry-run --ignore-scripts --tag alpha` is a manual local safety check only. It must show `tag alpha`, must not publish, and must not require an npm token. Keep it out of required CI unless the output is proven stable enough for this repository.
-`npm test` uses Vitest's verbose reporter for default contract coverage. Slower installed-package gates and install smokes are kept out of the Node.js matrix and run through single-Node release gates, `dogfood`, `prepublish:check`, or explicit opt-in checks.
-## GitHub Actions release candidate
-P2-12 remote evidence, observed on 2026-06-20, remains historical evidence for commit `2f8832119b4ebdb8393077052560589a398ebf56`. P3-5 release-candidate evidence is workflow run `27932628093` for workflow head SHA `8d7bc2a19c626caa1ad5223acbcd35df34aff18e`; P3-8 release-candidate evidence is workflow run `27940814340` for target SHA `eb8de0f9b1edfa3f94c35a50b31005c5d3c105d4`; P3-9 interim release-candidate evidence is workflow run `27942743285` for target SHA `a0299a7d81bb614661922bebc8c75496cf0a3d11`; P3-9 release-candidate evidence is workflow run `27943672095` for locked evidence target SHA `65fac505ca3eb830a06d8656068cf4ed5f6dd46a`.
-All historical runs above are historical after the P3-10 evidence packet. P3-10 pre-documentation release-candidate evidence is workflow run `27945938663` for SHA `fdba3ebccb2e57a0ad295101028a2a3937a92204`; it must not be reused as final publish evidence after this packaged packet is committed.
-- [x] Trigger `.github/workflows/release-candidate.yml` manually with `workflow_dispatch` for the P3-10 pre-documentation SHA.
-- [ ] After committing this P3-10 evidence packet, trigger another fresh `.github/workflows/release-candidate.yml` run for the post-documentation commit before any real publish.
-- [x] Confirm the workflow is configured to run `npm ci`, `npm run ci`, `npm run dogfood`, and `npm run release:candidate -- --out-dir release-candidate`.
-- [x] Confirm dogfood output is limited to fixtures, fake CLIs, and real local detection/profile certification without `--allow-real-run`.
-- [x] Confirm `npm run release:candidate` is configured to create a tarball artifact, gate evidence, and release verification JSON but no `npm publish` step exists.
-- [x] Download and review the uploaded artifacts:
-  - `agent-cli-runtime-tarball`
-  - `agent-cli-runtime-pack-metadata`
-  - `agent-cli-runtime-package-files`
-  - `agent-cli-runtime-gate-evidence`
-  - `agent-cli-runtime-release-verification`
-- [x] Recreate a review directory from downloaded artifacts and run `npm run release:verify -- --dir /tmp/agent-runtime-p3-10-current-head-remote-66VIhN/normalized`.
-- [x] Confirm `release-verification.json` uses `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`, has `ok: true`, package file count `151`, and empty diagnostics.
-- [x] Confirm `gate-evidence.json` uses `schemaVersion: "agent-cli-runtime.releaseGateEvidence.v1"` and records `daemon:verify` plus `runtime:safety` with `packageSource: "installed-tarball"`.
-- [x] Confirm no npm token, npm provenance publish, or registry credential is required.
-- [x] Confirm artifacts use the documented 14-day retention window.
-## Package boundary verification
-- [x] `npm run package:check`.
-- [x] `npm run release:verify -- --dir <release-candidate-or-downloaded-artifact-dir>`.
-- [ ] `npm pack --json` and confirm package files do not include:
-  - `.reference/`
-  - `tests/`
-  - `tests/fixtures/`
-  - raw fixtures
-  - fault fixtures
-  - `repair-backups/`
-  - raw corrupt samples
-  - fixture secrets / private paths
-  - raw real CLI output
-  - real provider tokens or token-looking values.
-- [ ] Confirm `dist/`, docs, examples, `scripts/dogfood.mjs`, README files, LICENSE, and release docs are included.
-- [ ] Confirm `docs/release-report.md` is included.
-- [ ] Confirm package root value exports remain limited to `createAgentRuntime`; replay, diagnostics, and storage inspection are facade methods plus public type exports only.
-- [ ] Confirm built `dist/index.d.ts` does not re-export package-root types from `storage/`, parser, store, or adapter instance internals.
-## Install smoke
-- [ ] `repo_root="${GITHUB_WORKSPACE:-$(pwd -P)}"`.
-- [ ] `tmp_dir="$(mktemp -d /tmp/agent-runtime-release-XXXXXX)"`.
-- [ ] `pack_info="$(cd "$repo_root" && npm pack --json --ignore-scripts --pack-destination "$tmp_dir")"`.
-- [ ] `package_file="$(printf '%s' "$pack_info" | node -e "const data = JSON.parse(require('node:fs').readFileSync(0, 'utf8')); process.stdout.write(data[0].filename);")"`.
-- [ ] `pushd "$tmp_dir"`.
-- [ ] `npm init -y`.
-- [ ] `npm install "$tmp_dir/$package_file" --no-save --ignore-scripts --no-audit --no-fund`.
-- [ ] `node -e "(async()=>{ const m = await import('agent-cli-runtime'); if (typeof m.createAgentRuntime !== 'function') process.exit(1); console.log(typeof m.createAgentRuntime); })()"`.
-- [ ] Create `consumer.ts` importing `createAgentRuntime`, `RunRequest`, `CreateGoalRequest`, and other public types from `agent-cli-runtime`.
-- [ ] Run `tsc --noEmit` in the temporary consumer project.
-- [ ] Create a fake consumer adapter/CLI and run installed-package library `run`, `createGoal`, `replayRunEvents`, `replayGoalEvents`, `exportDiagnostics`, and `inspectStore`.
-- [ ] `node ./node_modules/.bin/agent-runtime agents --json` returns JSON.
-- [ ] `node ./node_modules/.bin/agent-runtime doctor --json` returns an object with `ok`.
-- [ ] `node ./node_modules/.bin/agent-runtime conformance --mode fixtures --json` returns stable adapter summaries.
-- [ ] `node ./node_modules/.bin/agent-runtime conformance --mode fake --json` returns stable adapter summaries.
-- [ ] `node ./node_modules/.bin/agent-runtime smoke --mode fixtures --json` returns `{ ok: true, mode: "fixtures" }`.
-- [ ] The install smoke uses fake/local CLIs for deterministic `agents` and `doctor` checks; it does not require real auth.
-## Examples smoke
-- [ ] `node examples/library-run.js` succeeds after `npm run build`.
-- [ ] `node examples/library-goal.js` succeeds after `npm run build`.
-- [ ] `examples/cli-dogfood.md` documents fixtures, fake, and real-profile conformance.
-- [ ] Examples contain no real token, real user path, provider secret, complete prompt dump, or raw real CLI output.
-## Artifact review
-- [ ] `CHANGELOG.md`, `SECURITY.md`, `CONTRIBUTING.md` are present and up to date.
-- [ ] `README.md` and `README.zh-CN.md` explain npm install, `npx`, and local checkout paths.
-- [x] `README.md` and `README.zh-CN.md` explain Codex / Claude / OpenCode configuration without token values.
-- [x] Claude Anthropic-compatible provider docs list environment variable names/placeholders only; no real token values.
-- [x] `docs/compatibility.md` is refreshed with the 2026-06-22 P3-6 real conformance detection/preflight evidence plus opt-in smoke evidence and does not describe skipped/auth-missing runs as real-run success.
-- [x] `docs/ssot.md`, `docs/compatibility.md`, and `docs/production-readiness.md` are synced to current release-readiness status.
-- [x] `docs/release-report.md` records local commands, remote workflow evidence, artifact checklist, package boundary, real CLI evidence boundary, known risks, and explicit non-goals.
-- [x] `docs/production-readiness.md` names remaining known risks rather than treating skipped/preflight evidence as real run success.
-## Final review notes
-- [x] No stable API guarantee language is used for this release track.
-- [x] Confirm no daemon/WAL/remote runtime promises are made in public docs.
-- [x] Confirm OpenDesign daemon-level gaps are named without implying parity.
-- [x] Confirm authenticated real conformance runs require `--allow-real-run` and safely skip unauthorized CLIs.
-- [x] Confirm `conformance --mode real --agent all --json` without `--allow-real-run` does not launch real agent runs.
-- [x] Confirm optional real run docs use isolated cwd by default and make `--allow-real-run` the explicit account/network boundary.
-- [x] Confirm status-only exit `0` real smoke remains `unexpected_output`, not success.
-- [ ] Confirm package install smoke is covered by `npm run dogfood` and remains available as the explicit `AGENT_RUNTIME_RUN_INSTALLED_PACKAGE_TESTS=1` contract test path.
-- [ ] Confirm `store-repair --apply` remains opt-in, holds the local store lease while writing, creates atomic backups, refuses live owners, records redacted repair success/failure diagnostics, leaves original logs untouched on backup/rewrite failure, is idempotent, and does not claim WAL/database/daemon resume semantics.
-- [ ] Confirm crash consistency tests cover manifest rename failure, JSONL append failure, repair backup/rewrite failure, fsync/fdatasync fallback, lock takeover/close behavior, corrupt lock read-only CLI inspection, and diagnostics redaction.
+Status: `0.1.0-alpha.3` corrective pre-alpha release
+Last updated: 2026-06-26
+## P7-5 Alpha.3 Corrective Release
+- [x] Prepare package metadata for `0.1.0-alpha.3` in `package.json` and `package-lock.json`.
+- [x] Record that `0.1.0-alpha.2` is published but its immutable npm tarball contains stale pre-publish package docs.
+- [x] Recommend `0.1.0-alpha.3` as the corrective pre-alpha release for package consumers.
+- [x] Keep `0.1.0-alpha.1` and GitHub pre-release `v0.1.0-alpha.1` documented as earlier alpha history.
+- [x] Keep `0.1.0-alpha.0` documented as deprecated because its immutable package docs shipped stale pre-publish state.
+- [x] Keep npm registry metadata and GitHub Releases as the source of truth for available versions and dist-tags.
+- [x] Add a local packaged-docs gate that runs an actual pack, unpacks the tarball, and scans the docs that enter the package.
+- [x] Add a published verification gate that downloads and unpacks `agent-cli-runtime@<version>` from the npm registry before accepting package-docs state.
+- [x] Keep `.release-evidence/` and `.reference/` outside npm package contents.
+- [x] Keep volatile run ids, artifact ids, artifact digests, tarball hashes, pack hashes, local temporary paths, raw logs, raw CLI output, full prompts, and token-looking values outside packaged docs.
+## Local Verification
+Run these before treating a future alpha version as a local release candidate:
+```bash
+npm test
+npm run typecheck
+npm run lint
+npm run package:check
+npm run package:docs:check
+npm run compat:real:evidence:verify
+npm run release:candidate -- --out-dir <tmp-dir>
+npm run release:verify -- --dir <tmp-dir>
+npm pack --dry-run
+npm publish --dry-run --ignore-scripts --tag alpha
+node ./dist/cli/main.js agents --json
+node ./dist/cli/main.js doctor --json
+git diff --check
+```
+Acceptance:
+- [x] `npm test` passes.
+- [x] `npm run typecheck` passes.
+- [x] `npm run lint` passes.
+- [x] `npm run package:check` passes and rejects `.release-evidence/` plus `.reference/` if they appear in pack metadata.
+- [x] `npm run package:docs:check` unpacks the local tarball and rejects stale publish-state claims for this version, dry-run stop wording, publish-ready candidate wording, and old current dist-tag claims.
+- [x] `npm run compat:real:evidence:verify` passes without launching authenticated real agent runs.
+- [x] `npm run release:candidate -- --out-dir <tmp-dir>` produces the five-artifact release-candidate set.
+- [x] `npm run release:verify -- --dir <tmp-dir>` passes with `schemaVersion: "agent-cli-runtime.releaseVerification.v1"`, `ok: true`, and empty diagnostics.
+- [x] `gate-evidence.json` contains `daemon:verify`, `runtime:safety`, and `compat:real:evidence:verify`.
+- [x] `npm pack --dry-run` shows only expected package files.
+- [x] `npm publish --dry-run --ignore-scripts --tag alpha` passes as a dry-run and reports `tag alpha`.
+- [x] `node ./dist/cli/main.js agents --json` returns parseable JSON.
+- [x] `node ./dist/cli/main.js doctor --json` returns parseable JSON.
+- [x] `git diff --check` passes.
+## Human Publish Gate
+Do not run a real publish, deprecate an existing version, or create/modify a GitHub Release without explicit maintainer authorization. Before any later publish:
+- [ ] Trigger a fresh manual release-candidate workflow for the exact commit being considered.
+- [ ] Download all five artifacts into a local review directory.
+- [ ] Run `npm run release:verify -- --dir <normalized-artifact-dir>` on the downloaded artifacts.
+- [ ] Confirm the workflow head SHA equals the commit selected for publish.
+- [ ] Run `npm publish --dry-run --ignore-scripts --tag alpha`.
+- [ ] Run `npm run package:docs:check` and confirm it inspected the local packed tarball.
+- [ ] Obtain separate explicit maintainer authorization for the real publish.
+- [ ] Run real `npm publish --tag alpha` only after that authorization.
+- [ ] After publish, verify npm registry state, run the published package verification workflow, and confirm registry tarball docs pass `agent-cli-runtime.packagedDocsVerification.v1`.
+## Release-Candidate Artifact Contract
+The candidate artifact set is exactly:
+- `agent-cli-runtime-tarball`
+- `agent-cli-runtime-pack-metadata`
+- `agent-cli-runtime-package-files`
+- `agent-cli-runtime-gate-evidence`
+- `agent-cli-runtime-release-verification`
+`agent-cli-runtime-gate-evidence` must record:
+- `daemon:verify`
+- `runtime:safety`
+- `compat:real:evidence:verify`
+It must also keep:
+- `noAuthenticatedRealRun: true`
+- `noNpmPublish: true`
+- `noNpmToken: true`
+## Package Boundary
+The package must not contain:
+- `.release-evidence/`
+- `.reference/`
+- `tests/`
+- fixtures
+- raw real CLI output
+- local temporary review directories
+- private user paths
+- full prompts
+- raw stdout/stderr transcripts
+- token-looking values
+- Bearer values
+- auth environment assignment values
+## Stable Contract Reminders
+- The package root value export remains `createAgentRuntime`.
+- The schema inventory and versioning policy live in [docs/api-schema-contract.md](./api-schema-contract.md).
+- The daemon/product shell embedding contract lives in [docs/daemon-ready-contract.md](./daemon-ready-contract.md).
+- `agent-cli-runtime.releaseVerification.v1`, `agent-cli-runtime.releaseGateEvidence.v1`, and `agent-cli-runtime.packagedDocsVerification.v1` are release artifact schemas.
+## Schema Vocabulary
+Smoke and conformance classifications remain:
+- `success`
+- `real_run_skipped`
+- `auth_missing`
+- `unavailable_executable`
+- `unsupported_flag`
+- `needs_verification`
+- `unexpected_output`
+- `cwd_mutated`
+- `timeout`
+- `failed`