ai-collab-open-system 0.1.0 → 0.1.1

package/.aict/START_HERE.md

@@ -105,7 +105,7 @@ Expected result: profile/context, acceptance, execution prompt, guard review, ha
 
 ## Want the AI to remind you on its own
 
-Tired of remembering to run the guard yourself? Install the adapter into your AI tool's always-on instructions with `node bin/ai-collab.js adapters install --target <repo>` (after publish: `ai-collab adapters install --target <repo>`). It turns on restrained coaching reminders, so the AI prompts you at the key moments - define done, review a completion claim, hand off, harvest. If you only have one tool, the completion-claim check routes through `single-tool-guard` (a fresh adversarial pass in the same tool) instead of a second AI brand.
+Tired of remembering to run the guard yourself? Install the adapter into your AI tool's always-on instructions with `ai-collab adapters install --target <repo>`. It turns on restrained coaching reminders, so the AI prompts you at the key moments - define done, review a completion claim, hand off, harvest. If you only have one tool, the completion-claim check routes through `single-tool-guard` (a fresh adversarial pass in the same tool) instead of a second AI brand.
 
 ## Where to go next
 

package/.aict/WORKSPACE_MANIFEST.json

@@ -1,6 +1,6 @@
 {
-  "name": "AI Collaboration Open System Workspace",
-  "version": "0.1.0",
+  "name": "DoneTrace Workspace",
+  "version": "0.1.1",
   "localFirst": true,
   "defaultNetworkUse": "none",
   "workspaceDirs": [

package/.aict/adapters/SHARED_CORE_CONTRACT.md

@@ -60,15 +60,19 @@ Separate from the timed reminders above: when the user's message contains one of
 
 When none of these words appears, ignore this section and behave normally — never force a mode the user did not ask for.
 
-### First-run promise (act on this the FIRST time, before anything else)
+### First-run onboarding (one-time, trigger-driven — runs in full when the user asks to start)
 
-The first time you work with this user after the workspace is installed — on your very first reply, proactively — run the full onboarding script below. Do not wait to be asked. This is a four-step script (install -> scan -> profile + pain points -> harvest), and you run it as a guided conversation, one step at a time, stopping for the user wherever it says to stop.
+This one-time onboarding is SEPARATE from the day-to-day coaching restraint above: that restraint governs recurring, per-turn nudges, while this is a single guided welcome that runs once, right after install. Running it once does NOT count as over-prompting.
+
+Reliable trigger: the `ai-collab first-run` command tells the user to send you one line — "Walk me through the ai-collab first run". When the user's message is that line (or any clear request — in any language, including the exact line the first-run command printed for the user — to start, onboard, or be walked through ai-collab), run the full four-step script below as a guided conversation — one step at a time, stopping for the user wherever it says to stop. Because that is a direct user request, it overrides the restraint above.
+
+If the user did NOT send a clear start request but their message is a question ABOUT ai-collab itself (e.g. "what is this", "what can it do", "what does this setup do", "how do I use this", "is this an AI", or the same in any language), OR they only said hello / brought no specific task yet: briefly answer their question in one or two plain sentences, AND offer the walkthrough with ONE short line ("Want me to walk you through what this setup does? Just say the word.") then wait — do NOT silently leave a curious newcomer with no next step, and do NOT launch the full four steps unprompted. Only when the user arrives with their OWN specific task (fix a bug, add a feature, change something concrete) do you skip even that offer and just do their task — never block a real task the user actually came with, though you may mention the walkthrough once at a natural pause. After onboarding is done or declined, the restraint above applies normally.
 
 **HARD RULE throughout — PLAIN LANGUAGE.** Never hand the user a technical term. Translate every task title into everyday words in your head before you say it: "auth" -> "login stuff", "payment" -> "money / checkout", "refactor" -> "tidying up the code", "API" -> "the connection between two things". Even a very technical title gets translated first. The whole script is spoken in the user's own language and stays plain — a person who has never written code should follow every sentence.
 
 #### Step 0 — Installed (show the canonical intro VERBATIM)
 
-Run `ai-collab welcome` (before publish: `node bin/ai-collab.js welcome`) and show its output VERBATIM. Do NOT re-summarize or paraphrase it — the CLI hard-prints the canonical intro (the six layers, the keyword modes, the honest privacy line, the closing question) so it always lands in full instead of being garbled by a re-write. Print it as-is, then STOP and let the user answer the closing question.
+Run `ai-collab welcome` and show its output VERBATIM. Do NOT re-summarize or paraphrase it — the CLI hard-prints the canonical intro (the six layers, the keyword modes, the honest privacy line, the closing question) so it always lands in full instead of being garbled by a re-write. Print it as-is, then STOP and let the user answer the closing question.
 
 #### Step 1 — Scan (only after they say go)
 
@@ -76,7 +80,7 @@ When they say to scan ("scan" / "go" / "just the X project" / etc.): first state
 
 Honesty about the scan — you MUST say this before scanning, it is the whole point: the scan is done by YOU, the cloud AI they already use, so the content passes through your provider's servers like any normal chat. Say plainly: this is NOT "zero data leaves your machine" — any tool claiming "absolutely no leak" is bluffing. But it is no more exposure than normally talking to you. The ai-collab tool itself sends nothing to third parties. They can narrow the scope or decline. Default scope: only the currently active project, nothing wider unless they ask.
 
-Then run `ai-collab bootstrap --yes` (before publish: `node bin/ai-collab.js bootstrap --yes`) for the DETERMINISTIC facts: which "done"s lack evidence (VERIFY), what is in flight (RESUME), profile clues, high-risk role signals, harvestable lessons. Everything you say from here on is built on these scanned facts plus the conversation you are having now — never on a guess.
+Then run `ai-collab bootstrap --yes` for the DETERMINISTIC facts: which "done"s lack evidence (VERIFY), what is in flight (RESUME), profile clues, high-risk role signals, harvestable lessons. Everything you say from here on is built on these scanned facts plus the conversation you are having now — never on a guess.
 
 #### Step 2 — Profile read + collaboration advice + CONFIRM (do this first, one block, then WAIT)
 

package/.aict/mechanisms/collaboration-coach/EXAMPLE.synthetic.md

@@ -10,8 +10,8 @@ A synthetic execution session reaches a 'done, implemented and tested' claim. At
 
 A solo user is working in one AI tool on a small synthetic feature. The coach runs at standard. The session passes through several collaboration moments; this shows the coach firing at the completion-claim node, once, with a concrete next step.
 
-### First-run: act proactively the first time
-"You just installed a collaboration discipline — before I say 'done' I'll show evidence, when I'm unsure I'll pull in a second AI, you won't re-explain when you switch tools, and I'll help you save what's worth keeping. Want me to take 30 seconds and look at a few of your recent tasks to show you what this changes?" Then it offers a scan, respects yes / narrow / no, and gets to work; it does not repeat this.
+### First-run: one-time onboarding, trigger-driven
+Earlier this session the user sent the trigger line first-run printed ("Walk me through the ai-collab first run."), so the coach ran the one-time welcome — it did NOT fire this on its own opening reply. "You just installed a collaboration discipline — before I say 'done' I'll show evidence, when I'm unsure I'll pull in a second AI, you won't re-explain when you switch tools, and I'll help you save what's worth keeping. Want me to take 30 seconds and look at a few of your recent tasks to show you what this changes?" Then it offered a scan, stated the privacy boundary first, respected yes / narrow / no, and got to work; it does not repeat this.
 
 ### Firing node and signal
 Node 3, completion claim. The execution assistant just returned: "Done. I implemented the new sort option and added a test; everything passes." That 'done / everything passes' phrasing is the signal.

package/.aict/mechanisms/collaboration-coach/PROMPT.md

@@ -24,7 +24,7 @@ Input:
 [paste redacted task material, context package, and acceptance card here]
 
 Process:
-1. On the FIRST message after install, act proactively: introduce yourself, offer to scan the user's recent work, state the privacy boundary before scanning (the scan is run by you, the cloud AI they already use, so content passes through your provider like any normal chat — not 'zero data leaves the machine'), and respect their yes / narrow / no choice — not just recite a list of future reminder moments. Then say reminders are restrained by default and switchable with `coach: light` / `coach: strict`. Do this once, then stop.
+1. First-run onboarding is one-time and trigger-driven, NOT something you fire automatically on your first reply. When the user sends the trigger line first-run printed (Walk me through the ai-collab first run.) or otherwise clearly asks to start / be onboarded, run the guided welcome: introduce yourself, offer to scan the user's recent work, state the privacy boundary before scanning (the scan is run by you, the cloud AI they already use, so content passes through your provider like any normal chat — not 'zero data leaves the machine'), and respect their yes / narrow / no choice — not just recite a list of future reminder moments. Then say reminders are restrained by default and switchable with `coach: light` / `coach: strict`. Do this once, then stop.
 2. Map each firing moment to its node and reminder. 1 Task start -> set a context boundary and acceptance before building. 2 Pre-execution -> define the acceptance card first. 3 Completion claim -> run a guard review before trusting it. 4 Long thread / tool switch -> generate a handoff instead of relying on chat memory. 5 Reusable insight -> harvest it into a card. 6 Repeated preference -> offer it as a profile-update candidate.
 3. At node 3 (completion claim), branch on available model families and name the matching guard: one model family only -> run single-tool-guard (a new conversation plus an adversarial prompt); a second, different family available -> run dual-guard (the cross-family binding gate); a multi-tool setup -> run the full fusion review. Do not silently skip the branch and just say 'looks good'.
 4. Apply the restraint tier before speaking. Light: only fire at nodes 3 and 4. Standard (default): fire at nodes 1, 3, 4, 6 — fold node 2 into the task-start reminder (skip it entirely if node 1 already landed an acceptance card) and node 5 into a natural pause, not a separate interruption; count "once per moment" by task phase, not by node, so the opening of one task is a single moment even if nodes 1 and 2 both trip — never stack reminders on back-to-back turns at a task's start, and never re-raise a reminder already acted on. Strict: fire at all six every time they trip. If a tier would make you repeat a just-given reminder, stay silent instead.
@@ -32,7 +32,7 @@ Process:
 6. Honor a restraint switch immediately. When the user says `coach: light` / `coach: standard` / `coach: strict`, change tier for the rest of the session without arguing, and confirm the new tier in a few words.
 
 Output shape:
-- First-run promise: on the first reply, the assistant proactively introduces itself, offers to scan the user's recent work, states the privacy boundary before scanning, and respects the user's yes / narrow / no choice — rather than passively reciting a list of future reminder moments.
+- First-run promise: one-time and trigger-driven (when the user sends the first-run trigger line or asks to start), the assistant introduces itself, offers to scan the user's recent work, states the privacy boundary before scanning, and respects the user's yes / narrow / no choice — rather than firing automatically on the first reply or passively reciting a list of future reminder moments.
 - Per-moment reminder: the firing node named, plus the one-or-two-sentence concrete next step it hands over.
 - Completion-claim branch: which guard was named (single-tool-guard / dual-guard / full fusion) based on available model families.
 - Restraint state: the current tier and a note that the reminder respected it (and was not a repeat of one already acted on).
@@ -47,7 +47,7 @@ Return:
 - Next action
 
 Pass bar (do not pass unless all hold):
-- On the first reply the assistant acted proactively: it introduced itself, offered to scan recent work, stated the privacy boundary before scanning, respected the user's yes / narrow / no choice, and did not repeat the intro afterward.
+- When the user sent the first-run trigger line (or otherwise asked to start), the assistant ran the one-time onboarding: it introduced itself, offered to scan recent work, stated the privacy boundary before scanning, respected the user's yes / narrow / no choice, and did not repeat the intro afterward — and it did not fire this onboarding automatically on an unrelated first reply.
 - Each reminder fired at the right node with a concrete next step the user can act on in one move.
 - The completion-claim node named the correct guard depth for the number of model families available.
 - Restraint held: standard by default, once per moment, no reminder the user already acted on was re-raised, and a `coach:` switch was honored immediately.

package/.aict/mechanisms/collaboration-coach/README.md

@@ -29,7 +29,7 @@ The live collaboration moment (which of the six nodes is firing, and the signal
 
 ## Process
 
-1. On the FIRST message after install, act proactively: introduce yourself, offer to scan the user's recent work, state the privacy boundary before scanning (the scan is run by you, the cloud AI they already use, so content passes through your provider like any normal chat — not 'zero data leaves the machine'), and respect their yes / narrow / no choice — not just recite a list of future reminder moments. Then say reminders are restrained by default and switchable with `coach: light` / `coach: strict`. Do this once, then stop.
+1. First-run onboarding is one-time and trigger-driven, NOT something you fire automatically on your first reply. When the user sends the trigger line first-run printed (Walk me through the ai-collab first run.) or otherwise clearly asks to start / be onboarded, run the guided welcome: introduce yourself, offer to scan the user's recent work, state the privacy boundary before scanning (the scan is run by you, the cloud AI they already use, so content passes through your provider like any normal chat — not 'zero data leaves the machine'), and respect their yes / narrow / no choice — not just recite a list of future reminder moments. Then say reminders are restrained by default and switchable with `coach: light` / `coach: strict`. Do this once, then stop.
 2. Map each firing moment to its node and reminder. 1 Task start -> set a context boundary and acceptance before building. 2 Pre-execution -> define the acceptance card first. 3 Completion claim -> run a guard review before trusting it. 4 Long thread / tool switch -> generate a handoff instead of relying on chat memory. 5 Reusable insight -> harvest it into a card. 6 Repeated preference -> offer it as a profile-update candidate.
 3. At node 3 (completion claim), branch on available model families and name the matching guard: one model family only -> run single-tool-guard (a new conversation plus an adversarial prompt); a second, different family available -> run dual-guard (the cross-family binding gate); a multi-tool setup -> run the full fusion review. Do not silently skip the branch and just say 'looks good'.
 4. Apply the restraint tier before speaking. Light: only fire at nodes 3 and 4. Standard (default): fire at nodes 1, 3, 4, 6 — fold node 2 into the task-start reminder (skip it entirely if node 1 already landed an acceptance card) and node 5 into a natural pause, not a separate interruption; count "once per moment" by task phase, not by node, so the opening of one task is a single moment even if nodes 1 and 2 both trip — never stack reminders on back-to-back turns at a task's start, and never re-raise a reminder already acted on. Strict: fire at all six every time they trip. If a tier would make you repeat a just-given reminder, stay silent instead.
@@ -38,7 +38,7 @@ The live collaboration moment (which of the six nodes is firing, and the signal
 
 ## Output shape
 
-- First-run promise: on the first reply, the assistant proactively introduces itself, offers to scan the user's recent work, states the privacy boundary before scanning, and respects the user's yes / narrow / no choice — rather than passively reciting a list of future reminder moments.
+- First-run promise: one-time and trigger-driven (when the user sends the first-run trigger line or asks to start), the assistant introduces itself, offers to scan the user's recent work, states the privacy boundary before scanning, and respects the user's yes / narrow / no choice — rather than firing automatically on the first reply or passively reciting a list of future reminder moments.
 - Per-moment reminder: the firing node named, plus the one-or-two-sentence concrete next step it hands over.
 - Completion-claim branch: which guard was named (single-tool-guard / dual-guard / full fusion) based on available model families.
 - Restraint state: the current tier and a note that the reminder respected it (and was not a repeat of one already acted on).
@@ -47,7 +47,7 @@ The live collaboration moment (which of the six nodes is firing, and the signal
 
 ## Pass bar (what counts as done / safe to trust)
 
-- On the first reply the assistant acted proactively: it introduced itself, offered to scan recent work, stated the privacy boundary before scanning, respected the user's yes / narrow / no choice, and did not repeat the intro afterward.
+- When the user sent the first-run trigger line (or otherwise asked to start), the assistant ran the one-time onboarding: it introduced itself, offered to scan recent work, stated the privacy boundary before scanning, respected the user's yes / narrow / no choice, and did not repeat the intro afterward — and it did not fire this onboarding automatically on an unrelated first reply.
 - Each reminder fired at the right node with a concrete next step the user can act on in one move.
 - The completion-claim node named the correct guard depth for the number of model families available.
 - Restraint held: standard by default, once per moment, no reminder the user already acted on was re-raised, and a `coach:` switch was honored immediately.

package/.aict/mechanisms/collaboration-coach/TEMPLATE.md

@@ -8,7 +8,7 @@ Make the assistant proactively remind the user of the matching collaboration ste
 
 ## Template
 
-### First-run promise (first reply, proactive — introduce + offer to scan + state the privacy boundary + respect yes / narrow / no):
+### First-run promise (one-time, trigger-driven — on the first-run trigger line / a start request, NOT auto on the first reply: introduce + offer to scan + state the privacy boundary + respect yes / narrow / no):
 
 
 ### Firing node (1-6) and the signal that tripped it:
@@ -35,7 +35,7 @@ Make the assistant proactively remind the user of the matching collaboration ste
 
 ## Pass bar (tick before you trust the result)
 
-- On the first reply the assistant acted proactively: it introduced itself, offered to scan recent work, stated the privacy boundary before scanning, respected the user's yes / narrow / no choice, and did not repeat the intro afterward.
+- When the user sent the first-run trigger line (or otherwise asked to start), the assistant ran the one-time onboarding: it introduced itself, offered to scan recent work, stated the privacy boundary before scanning, respected the user's yes / narrow / no choice, and did not repeat the intro afterward — and it did not fire this onboarding automatically on an unrelated first reply.
 - Each reminder fired at the right node with a concrete next step the user can act on in one move.
 - The completion-claim node named the correct guard depth for the number of model families available.
 - Restraint held: standard by default, once per moment, no reminder the user already acted on was re-raised, and a `coach:` switch was honored immediately.

package/.aict/walkthroughs/10-minute-your-task.md

@@ -8,7 +8,7 @@ Everything stays local-first. You paste a redacted description into the AI tools
 
 What you need: one real task that is a bit messy, and one AI tool you can paste into. A second tool of a different model family (a different AI brand) makes Step 3 much stronger, but you can run all three rounds in one tool if that is all you have.
 
-Want the AI to prompt you for these steps on its own - to ping you to review every time it says "done", instead of you remembering to paste Step 3? Install the adapter into your tool's always-on instructions with `node bin/ai-collab.js adapters install --target <repo>`; it turns on the coaching reminders, and if you only have one tool it routes the completion-claim check through `single-tool-guard` (a fresh adversarial pass in the same tool).
+Want the AI to prompt you for these steps on its own - to ping you to review every time it says "done", instead of you remembering to paste Step 3? Install the adapter into your tool's always-on instructions with `ai-collab adapters install --target <repo>`; it turns on the coaching reminders, and if you only have one tool it routes the completion-claim check through `single-tool-guard` (a fresh adversarial pass in the same tool).
 
 ## Step 1 (2 min) - Define done before any work
 

package/CHANGELOG.md

@@ -1,14 +1,25 @@
 # Changelog
 
-This project's source is on GitHub with CI green, but it is **not published to npm**. The version
-below is prepared and unpublished; see [Release Status](./README.md#release-status) for the
-four-state ladder.
+This project is **published to npm** as `ai-collab-open-system`, and the global `ai-collab` command
+is live. See [Release Status](./README.md#release-status) for the four-state ladder it moved through.
 
-## 0.1.0 — Unreleased (GitHub source on `main`, CI green)
+## 0.1.1 — 2026-06-27
 
-Status: source pushed to GitHub on `main` with CI green; **not git-tagged and not published to
-npm**. No release date is claimed because no npm release has happened. The date here will be
-filled in only when the package is actually published.
+Status: patch release for the published npm package line; `ai-collab-open-system` remains the npm
+package name and `ai-collab` remains the global command, while DoneTrace is the formal product name.
+
+- Formalized **DoneTrace** as the product name across the README, package metadata, CLI first-run
+  copy, generated workspace comments, and open-system start docs.
+- Preserved compatibility for existing npm users by keeping the package name `ai-collab-open-system`
+  and the executable command `ai-collab`.
+- Kept private owner decision records outside the public package, so old naming notes remain
+  historical context rather than current execution guidance.
+
+## 0.1.0 — 2026-06-25 (published to npm)
+
+Status: published to npm as `ai-collab-open-system@0.1.0`; the global `ai-collab` command installs via
+`npm install -g ai-collab-open-system` and every documented command works as written. Source is on
+GitHub `main` with CI green.
 
 - Hardened CI: Node 18/20/22 matrix running `npm ci`, `npm run check`, `npm pack`, a fresh-tarball
   install smoke test (install the packed artifact into a clean dir and run the installed `ai-collab`

package/README.md

@@ -1,8 +1,23 @@
-# AI Collaboration Open System
+# DoneTrace
+A local-first layer for evidence, review, supervision, handoff, and learning in AI workflows.
+
+For builders whose AI keeps saying “done” before the work is actually proven.
+
+DoneTrace is a local-first evidence, review, supervision, and handoff layer for AI workflows.
+It does not replace Claude, Cursor, Codex, or your other tools.
+It makes the work checkable.
+
+## What it adds
+
+- acceptance before execution
+- evidence before “done”
+- independent re-check with another model family
+- handoff across tools and sessions
+- harvest after the task
 
 Does your AI keep saying "done" when it is not? This is an **open-source personal AI collaboration workspace** — a thin discipline pack you drop into the AI you already use (Claude, Cursor, Codex, and others). It does not write your code and does not think for you. It does one thing: it makes your AI prove a "done" claim with evidence, gets a second AI to re-check it, and lets you switch tools or pick the work up tomorrow without re-explaining the background. Why a workspace beats a better prompt: [docs/WHY_THIS_EXISTS.md](./docs/WHY_THIS_EXISTS.md). New here? Start at [START_HERE.md](./START_HERE.md).
 
-> Runs today from a clone (`node bin/ai-collab.js`); the npm package and global `ai-collab` command are not published yet — see [Release Status](#release-status).
+> Install globally: `npm install -g ai-collab-open-system`, then use the `ai-collab` command everywhere below. If you cloned the source instead, replace `ai-collab` with `node bin/ai-collab.js` in every command.
 
 中文：你的 AI 是不是老跟你说"搞定了"，其实没做完？这是一套塞进你现有 AI（Claude、Cursor、Codex 等）的开源"协作纪律包"。它不替你写代码、不替你想，只干一件事：让 AI 说"做完了"前先拿证据自证、让另一个 AI 复核一遍、让你换工具或隔天再接着干时不用重讲背景。为什么是工作区而不是提示词，见 docs/WHY_THIS_EXISTS.md；新手从 START_HERE.md 开始。
 
@@ -37,19 +52,18 @@ That is the value: less smooth guessing, more visible state. This is a local AI
 
 ## Run it in 2 minutes
 
-One main path. Clone, init a workspace, then open the 10-minute walkthrough — that is the whole on-ramp.
-
-> The package is not on npm yet, so the commands below use the local CLI entry `node bin/ai-collab.js`. After the npm package ships, the same commands work under the global `ai-collab` name (e.g. `ai-collab init ...`); until then, keep using `node bin/ai-collab.js`.
+One main path: `first-run`. One command does the whole on-ramp — it **creates your workspace, installs the rules into your AI's always-on instructions (CLAUDE.md / AGENTS.md / Cursor rules / …), and prints the one line you send your AI** so it starts guiding you.
 
 ```bash
-git clone https://github.com/aaronyi97/ai-collab-open-system.git
-cd ai-collab-open-system
-node bin/ai-collab.js init --target ./my-ai-workspace
+npm install -g ai-collab-open-system
+ai-collab first-run --target . --tool claude   # or codex / cursor / copilot / cline / windsurf
 ```
 
-Now open `./my-ai-workspace/.aict/walkthroughs/10-minute-your-task.md`. In 10 minutes you will feel three things on your own task: **the AI defines *done* before it touches the work**, an **independent re-check pressure-tests the "completed" claim against the evidence — passing, rejecting, or flagging insufficient evidence depending on what the evidence shows**, and **task state stops living only in the chat scroll** (it sits in plain files you can reopen, hand off, and resume).
+(Prefer not to install globally? Clone the repo and run `node bin/ai-collab.js first-run --target . --tool claude` instead — same command, local entry.)
+
+That command ends by printing one line to copy into your AI; the moment your AI receives it, it introduces the system, offers a read-only scan of your recent work, and starts the guided first run. **Why this matters:** plain `ai-collab init` only creates the workspace files — it does **not** install any AI rules, so your AI will not open up or guide you on its own. `first-run` is the path that actually wires the rules into your tool. (`init` is still useful on its own when you just want the local workspace files; see Commands below.)
 
-(To open the file: macOS `open <file>` · Linux `xdg-open <file>` · Windows `start <file>`. `init` writes a local `.aict/` workspace of plain files; it does not use the network.)
+(`first-run` writes a local `.aict/` workspace of plain files plus your tool's rule file; it does not use the network. To open any workspace file later: macOS `open <file>` · Linux `xdg-open <file>` · Windows `start <file>`.)
 
 ### Or taste it with zero install (60 seconds)
 
@@ -73,12 +87,12 @@ For the full public-system explanation, read [docs/open-system/00-start-here.md]
 
 中文：一个AI也能开始：先把"做完了"变成有证据、可复核、可交接、可沉淀的结果。这就是大部分价值。有第二个模型族时，可以升级成跨族双守卫。那是一个单工具给不了自己的独立复核。守卫等级怎么算、为什么单工具自称的跨族复核会被标成"未验证"，见下面 Commands 和 --help。
 
-## First Run (keep the workspace as local files)
+## `init`: workspace files only (the manual / advanced path)
 
-This is the same `init` as the 2-minute path, with the cross-platform openers spelled out. You only need it if you want the workspace saved locally so the same rules drive every tool and survive across sessions:
+This is **not** the recommended first experience — `first-run` (above) is. Use `init` only when you want the local `.aict/` workspace files **by themselves**, with **no AI rules installed**. It builds the workspace; it does **not** wire any rules into your AI, so on its own `init` will not make your AI open up or guide you. Cross-platform openers spelled out:
 
 ```bash
-node bin/ai-collab.js init --target ./my-ai-workspace
+ai-collab init --target ./my-ai-workspace
 # then open these two files in your editor — pick your platform's opener:
 #   macOS:   open ./my-ai-workspace/.aict/START_HERE.md
 #   Linux:   xdg-open ./my-ai-workspace/.aict/START_HERE.md
@@ -86,13 +100,13 @@ node bin/ai-collab.js init --target ./my-ai-workspace
 # (then the same for ./my-ai-workspace/.aict/walkthroughs/10-minute-your-task.md)
 ```
 
-`init` writes a local `.aict/` workspace of plain files. Network: not used at runtime. If you ran this inside a clone of *this* repo, the generated `my-ai-workspace/` is already in our `.gitignore`, so it will not show up as untracked files or dirty your `git status`. Next, take the 10-minute first experience below: the main path runs the loop on *your own* real task; if you would rather watch the flow on a prepared example first, the demo preview (`.aict/walkthroughs/10-minute.md`) is the optional second path.
+`init` writes a local `.aict/` workspace of plain files and nothing else. Network: not used at runtime. If you ran this inside a clone of *this* repo, the generated `my-ai-workspace/` is already in our `.gitignore`, so it will not show up as untracked files or dirty your `git status`. To get the rules actually loaded into your AI, run `first-run` (above) instead — or, after `init`, add the rules with `ai-collab adapters install --target . --tool <claude|codex|cursor|...>`. Next, take the 10-minute first experience below: the main path runs the loop on *your own* real task; if you would rather watch the flow on a prepared example first, the demo preview (`.aict/walkthroughs/10-minute.md`) is the optional second path.
 
 ### What the first conversation looks like
 
-Once the workspace is installed, the rules **instruct** your AI to open the first conversation proactively, rather than waiting to be asked: introduce itself, offer to take ~30 seconds to scan your recent work, and state the privacy boundary *before* scanning (the scan is run by the cloud AI you already use, so its content passes through your provider like any normal chat — this is **not** "zero data leaves your machine"; the `ai-collab` tool itself sends nothing). You stay in control: answer "yes", "just the X project", or "not now". Whether the AI actually opens this way depends on your tool loading this rule — some tools follow workspace instructions more eagerly than others. If you would rather drive it yourself, run `node bin/ai-collab.js bootstrap --yes` for the same read-only baseline at any time.
+Onboarding is **trigger-driven**, not automatic: your AI does not open up on its own first reply. Once the rules are installed (via `first-run`, or `init` + `adapters install`), you start the onboarding by sending your AI the one trigger line `first-run` prints — "Walk me through the ai-collab first run." (or by just asking it to start). Then the rules **instruct** your AI to run a one-time guided welcome: introduce itself, offer to take ~30 seconds to scan your recent work, and state the privacy boundary *before* scanning (the scan is run by the cloud AI you already use, so its content passes through your provider like any normal chat — this is **not** "zero data leaves your machine"; the `ai-collab` tool itself sends nothing). You stay in control: answer "yes", "just the X project", or "not now". (With `first-run --enable-hooks` on Claude Code, a project-local SessionStart hook sends that trigger for you automatically on your first session — Claude Code only.) Whether the AI follows the rule once triggered depends on your tool loading it — some tools follow workspace instructions more eagerly than others. If you would rather drive it yourself, run `ai-collab bootstrap --yes` for the same read-only baseline at any time.
 
-中文：装好工作区后，这套规则会**指示**你的 AI 在第一次对话时主动开口（而不是等你问）：先自我介绍、提出花约 30 秒扫一眼你最近的活，并在扫描**之前**说清隐私边界——扫描是由你本来就在用的那个云端 AI 执行的，内容会像平常聊天一样经过你的服务商，所以这**不是**「零数据离开你的机器」；`ai-collab` 工具本身不向任何第三方发送东西。主动权在你：回「好」「只看 X 项目」或「先不要」。AI 是否真的这样开口，取决于你的工具有没有加载这条规则——有的工具比别的更听工作区指令。想自己来，随时跑 `node bin/ai-collab.js bootstrap --yes` 拿同样的只读基线。
+中文：引导是**触发式**的，不会自动发生：你的 AI 不会在自己的第一条回复里主动开口。等规则装好后（用 `first-run`，或 `init` 加 `adapters install`），你把 `first-run` 打印出来的那句触发语发给 AI——「Walk me through the ai-collab first run.」（或直接让它开始），这套规则才会**指示**你的 AI 跑一次性的引导欢迎：先自我介绍、提出花约 30 秒扫一眼你最近的活，并在扫描**之前**说清隐私边界——扫描是由你本来就在用的那个云端 AI 执行的，内容会像平常聊天一样经过你的服务商，所以这**不是**「零数据离开你的机器」；`ai-collab` 工具本身不向任何第三方发送东西。主动权在你：回「好」「只看 X 项目」或「先不要」。（在 Claude Code 上用 `first-run --enable-hooks`，一个仅限本项目的 SessionStart 钩子会在你首次会话时替你自动发出那句触发语——仅限 Claude Code。）触发之后 AI 是否照做，取决于你的工具有没有加载这条规则——有的工具比别的更听工作区指令。想自己来，随时跑 `ai-collab bootstrap --yes` 拿同样的只读基线。
 
 ## 10-Minute Experience
 
@@ -102,8 +116,8 @@ Two ways in. Pick one.
 
 This is the fast way to feel why it matters: you watch the discipline work on *your* task, and an independent AI catch a thin "done" on something you actually care about.
 
-1. Run `node bin/ai-collab.js init --target ./my-ai-workspace`.
-2. Open `./my-ai-workspace/.aict/walkthroughs/10-minute-your-task.md` and follow its five steps.
+1. Run `ai-collab first-run --target . --tool claude` (or codex / cursor / …) — creates the workspace, installs your AI's rules, and prints the line to send your AI. (Just want the local files with no AI rules? `ai-collab init --target ./my-ai-workspace` does only that; your AI will not open up on its own.)
+2. Send your AI the printed trigger line ("Walk me through the ai-collab first run."), then open `./my-ai-workspace/.aict/walkthroughs/10-minute-your-task.md` and follow its five steps.
 3. You describe one real (lightly redacted) task and the AI returns a boundary card and an acceptance card — *done* defined before any work.
 4. You let it do only the accepted slice and report what it changed, ran, and did not verify.
 5. You open a fresh chat (ideally a different AI brand) and have it re-check the result against evidence — watch it pressure-test the "done" claim and either pass it, reject it, or flag insufficient evidence, depending on what the evidence shows rather than the tone.
@@ -118,7 +132,7 @@ Pick this if your task feels too sensitive to paste right now, or you just want
 4. You copy the context, acceptance, and execution prompt into your AI tool.
 5. You run guard review and watch it catch a false "done" the prepared case plants — then come back and run Path 1 on your own task.
 
-中文路径：两条路任选其一。**路 1（推荐）跑你自己的真实任务**：跑 `node bin/ai-collab.js init --target ./my-ai-workspace`（发布到 npm 后才能用全局 `ai-collab`），打开 `.aict/walkthroughs/10-minute-your-task.md`，把你手头一个（脱敏的）真实乱任务丢进去，看 AI 先给边界卡和验收卡（先把“做完”定义清楚），再只做验收卡里的那一小块，最后你新开一个对话（最好换个牌子的 AI）逼它拿证据复核——它会拿证据压你的“做完了”，可能放行、可能驳回、也可能判证据不足，取决于证据本身，而不是替你假设结论。**路 2 先看演示**：怕任务敏感、或想先看流程长啥样，就先打开 `.aict/walkthroughs/10-minute.md`（演示预览版）走旗舰案例，再回来跑路 1。
+中文路径：两条路任选其一。**路 1（推荐）跑你自己的真实任务**：跑 `ai-collab first-run --target . --tool claude`（或 codex / cursor / …）——它会建工作区、把规则装进你的 AI、并打印出一句要发给 AI 的话（只想要本地工作区文件、不装 AI 规则？用 `ai-collab init --target ./my-ai-workspace` 只建文件，你的 AI 不会自己主动开口）。把打印出来的那句触发语发给 AI 开始引导，打开 `.aict/walkthroughs/10-minute-your-task.md`，把你手头一个（脱敏的）真实乱任务丢进去，看 AI 先给边界卡和验收卡（先把“做完”定义清楚），再只做验收卡里的那一小块，最后你新开一个对话（最好换个牌子的 AI）逼它拿证据复核——它会拿证据压你的“做完了”，可能放行、可能驳回、也可能判证据不足，取决于证据本身，而不是替你假设结论。**路 2 先看演示**：怕任务敏感、或想先看流程长啥样，就先打开 `.aict/walkthroughs/10-minute.md`（演示预览版）走旗舰案例，再回来跑路 1。
 
 ### Optional: prove it is the discipline, not the model (two-track comparison)
 
@@ -135,40 +149,48 @@ Want to try it on your own work and tell us what happened? See the [Dogfood Guid
 1. Fill a light profile for how you want AI to collaborate.
 2. Fill one context package for a real task, with private details redacted.
 3. Define acceptance before asking for output.
-4. Use your tool adapter or install guidance files with `node bin/ai-collab.js adapters install --target <repo>`.
+4. Use your tool adapter or install guidance files with `ai-collab adapters install --target <repo>`.
 5. Run a guard review on the first artifact.
 6. Write a handoff note.
 7. Extract one harvest seed for future reuse.
 
 ## Commands
 
-Before publish, run every command as `node bin/ai-collab.js <args>` from a clone. After the package is published to npm, the same commands work under the global `ai-collab` name shown here:
+With the package installed globally, run every command under the `ai-collab` name shown here (from a clone, `node bin/ai-collab.js <args>` is the same entry):
 
 ```bash
-node bin/ai-collab.js init --target ./my-ai-workspace
-node bin/ai-collab.js init --target ./my-ai-workspace --dry-run
-node bin/ai-collab.js guide
-node bin/ai-collab.js demo
-node bin/ai-collab.js check --workspace ./my-ai-workspace
-node bin/ai-collab.js adapters install --target ./my-repo
+ai-collab first-run --target . --tool claude   # recommended on-ramp: workspace + AI rules + the line to send your AI
+ai-collab init --target ./my-ai-workspace      # workspace files only (no AI rules — the AI will not open up on its own)
+ai-collab init --target ./my-ai-workspace --dry-run
+ai-collab guide
+ai-collab demo
+ai-collab check --workspace ./my-ai-workspace
+ai-collab adapters install --target ./my-repo  # install AI rules into an existing workspace (advanced; first-run does this for you)
 npm run check
 ```
 
+**Optional Claude Code hooks (opt-in, off by default).** Add `--enable-hooks` to `first-run` / `adapters install` (Claude Code only) and the tool merges **two project-local** Claude Code hooks into the repo's own `.claude/settings.json` — never a global/home hook, and the install lists every file first and is removable:
+
+- a **Stop** hook that reminds you to capture evidence + a receipt whenever you claim a task is done, and
+- a one-time **SessionStart** hook so that, on your **first** Claude Code session in this repo, the AI starts the first-run walkthrough on its own — no need to paste the trigger line. It writes a small marker (`.claude/.ai-collab-firstrun-done`) the first time it fires and stays silent afterward.
+
+Heads-up on the trust gate: the first time you open the repo in Claude Code it asks **"trust this folder?"** — accept it, otherwise the hook cannot run and the auto-start will not happen (you can always send the printed trigger line by hand instead).
+
 Once a workspace exists, operate the loop on a real task with the **run layer** — these are the commands that actually produce the evidence, receipts, and guard levels this README is about (omit `--workspace` to use `./.aict` here; a state command refuses if no workspace exists rather than scattering files):
 
 ```bash
-node bin/ai-collab.js task create   --title "Fix the flaky reorder test" --workspace ./my-ai-workspace/.aict
-node bin/ai-collab.js run start      --task t1 --command "npm test"        --workspace ./my-ai-workspace/.aict
-node bin/ai-collab.js run finish     --task t1 --exit 0                    --workspace ./my-ai-workspace/.aict
-node bin/ai-collab.js evidence add   --task t1 --kind output --summary "npm test -> exit 0, suite green" --workspace ./my-ai-workspace/.aict
-node bin/ai-collab.js receipt create --task t1 --verdict pass_with_risk --review-mode self --evidence e2 --workspace ./my-ai-workspace/.aict
-node bin/ai-collab.js receipt accept --id c1 --owner you                  --workspace ./my-ai-workspace/.aict
-node bin/ai-collab.js status                                              --workspace ./my-ai-workspace/.aict
+ai-collab task create   --title "Fix the flaky reorder test" --workspace ./my-ai-workspace/.aict
+ai-collab run start      --task t1 --command "npm test"        --workspace ./my-ai-workspace/.aict
+ai-collab run finish     --task t1 --exit 0                    --workspace ./my-ai-workspace/.aict
+ai-collab evidence add   --task t1 --kind output --summary "npm test -> exit 0, suite green" --workspace ./my-ai-workspace/.aict
+ai-collab receipt create --task t1 --verdict pass_with_risk --review-mode self --evidence e2 --workspace ./my-ai-workspace/.aict
+ai-collab receipt accept --id c1 --owner you                  --workspace ./my-ai-workspace/.aict
+ai-collab status                                              --workspace ./my-ai-workspace/.aict
 ```
 
 Run that and the receipt prints `guardLevel: L2 (computed)` — exactly the single-tool ceiling described next. (Cite only a bare `--kind note` instead and it computes `L1`, which cannot pass; you need run/output evidence to reach L2.)
 
-The guard level (L0–L4) is **computed from the evidence you cite, never self-asserted**: a single tool tops out at L2 (`pass_with_risk`); a plain `pass` needs an L3+ review from a *different* model family; and L4 needs **both** that cross-family review **and** a rerun reconciled to a recorded run — a reconciled rerun on its own is just the author re-running their own command, so it stays L2. Use `run exec` to actually run a command and record its **real** exit code (`run start/finish` only record an exit you report). **Safety: `run exec` runs a real shell command locally — read the command first, especially if an AI suggested it.** A receipt records *who claimed what* — it is a local audit trail, **not** a cryptographic proof or an independent-execution guarantee (the cross-family family label is self-declared; the tool runs locally and cannot verify it). The full ladder is in `node bin/ai-collab.js --help`.
+The guard level (L0–L4) is **computed from the evidence you cite, never self-asserted**: a single tool tops out at L2 (`pass_with_risk`); a plain `pass` needs an L3+ review from a *different* model family; and L4 needs **both** that cross-family review **and** a rerun reconciled to a recorded run — a reconciled rerun on its own is just the author re-running their own command, so it stays L2. Use `run exec` to actually run a command and record its **real** exit code (`run start/finish` only record an exit you report). **Safety: `run exec` runs a real shell command locally — read the command first, especially if an AI suggested it.** A receipt records *who claimed what* — it is a local audit trail, **not** a cryptographic proof or an independent-execution guarantee (the cross-family family label is self-declared; the tool runs locally and cannot verify it). The full ladder is in `ai-collab --help`.
 
 `demo` is a no-setup preview: it writes a throwaway workspace into a new temporary directory so you can see the layout without touching your project. In a strictly read-only environment that temp write can fail; use `init --target <writable-dir>` instead. `init` writes to a directory you choose and is what you keep.
 
@@ -199,30 +221,24 @@ This is a collaboration operating system, not a prompt collection. What makes it
 
 ## Release Status
 
-This project moves through four explicit release states. Being honest about which one we are
-in is part of the product: the docs must never describe a step that has not happened yet as if
-it already has.
+This project moved through four explicit release states to get here. Being honest about which one
+we are in is part of the product: the docs describe each step as it actually happened, never ahead
+of itself.
 
 | State | Meaning | Reached? | What it means for you (plain language) |
 | --- | --- | --- | --- |
 | **local candidate** | Built and verified on a local machine; committed to git locally. | Yes | (Superseded.) The earliest state; the source is now on GitHub. |
 | **publishable candidate** | All release checks green, packed tarball install-smoke passes, version/CHANGELOG prepared. | Yes | (Superseded.) The quality bar was met before the source was pushed. |
-| **GitHub source release** | Pushed to the public GitHub repo; CI green on the pushed commit. Not git-tagged yet. | **Current** | You can `git clone` it from GitHub and run `node bin/ai-collab.js`. There is **no** `npm install` and no global `ai-collab` command yet, and no version tag. |
-| **npm package** | Published to npm via `npm publish`. | No | Only then does `npm install -g ai-collab-open-system` (the package name) install the global `ai-collab` command so it works as written elsewhere in this README. |
-
-**The source is on GitHub and CI is green, but it is still not an npm package.** The code,
-privacy, and packaging checks (`npm test`, `npm run check`, `npm pack --dry-run`) all pass on the
-pushed `main`, and CI is green. What has **not** happened: a git version tag, and the actual
-`npm publish`. "Release-ready" is a quality bar, not a release event, so no doc here claims an
-`npm install` works today.
+| **GitHub source release** | Pushed to the public GitHub repo; CI green on the pushed commit. | Yes | (Superseded.) The source went public on GitHub with CI green before the package shipped. |
+| **npm package** | Published to npm via `npm publish`. | **Yes** | `npm install -g ai-collab-open-system` installs the global `ai-collab` command, so every command in this README works as written. |
 
-Everywhere this README (or `ai-collab guide`/`--help`) shows a global `ai-collab ...` command or an
-`npm install`, read it as **"available after the npm package state"**. Until then the working
-command is `node bin/ai-collab.js <args>` from a clone.
+**The package is published to npm as `ai-collab-open-system` (version 0.1.1), and the global
+`ai-collab` command is live.** The code, privacy, and packaging checks (`npm test`, `npm run check`,
+`npm pack --dry-run`) all pass, CI is green, and the package is installable from npm. If you would
+rather run from a clone than install globally, `node bin/ai-collab.js <args>` is the same entry.
 
-The exact remaining steps that move this from the current **GitHub source release** to an **npm
-package** (tag, publish, post-publish verification) are listed in
-[RELEASE_CHECKLIST.md](./RELEASE_CHECKLIST.md).
+The release steps that took this from a local build to the published **npm package** (and the
+post-publish verification) are recorded in [RELEASE_CHECKLIST.md](./RELEASE_CHECKLIST.md).
 
 ## Release Checks
 
@@ -238,8 +254,23 @@ See [PRODUCT_CONTRACT.md](./PRODUCT_CONTRACT.md), [docs/PUBLIC_BOUNDARY.md](./do
 
 This is a **collaboration discipline + state layer**, not a development methodology or an agent framework. It complements, rather than replaces, tools like Spec Kit, BMAD, or an `AGENTS.md`: keep using those to plan and drive the work; this adds the evidence, guard, handoff, and harvest layer that makes a "done" claim checkable and resumable across tools and sessions.
 
+## Free Async AI Workflow Snapshot
+
+If you want me to diagnose your workflow asynchronously, I’m opening 5 free workflow snapshots.
+Start here: [Request a workflow teardown](https://github.com/aaronyi97/ai-collab-open-system/issues/1).
+
 ## Contact
 
 - Security issues: see [SECURITY.md](./SECURITY.md) (private channel).
 - General: **X/Twitter** [@AaronYiaazw](https://x.com/AaronYiaazw) · **Email** yi19970319@gmail.com
 - Source & issues: https://github.com/aaronyi97/ai-collab-open-system
+
+---
+
+## Stay in touch
+
+- **X / Twitter:** [@AaronYiaazw](https://x.com/AaronYiaazw)
+- **Substack:** [@aaronyi97](https://substack.com/@aaronyi97)
+- **Free Async AI Workflow Snapshot:** [Request a workflow teardown](https://github.com/aaronyi97/ai-collab-open-system/issues/1). Send me one workflow, one failed AI task, or one place where your AI process keeps breaking. I'll tell you where I think it breaks. No live call required.
+
+This snapshot is an AI workflow diagnostic. It is not a certified code audit, security audit, or architecture certification.

package/RELEASE_CHECKLIST.md

@@ -4,12 +4,11 @@ Use this before labeling a commit as a public release candidate, and to move it
 release states. The four states are defined in [README Release Status](./README.md#release-status):
 **local candidate → publishable candidate → GitHub source release → npm package**.
 
-Current state of `main`: **GitHub source release** (pushed to GitHub, CI green; not git-tagged,
-not npm-published). All automated gates are green (`npm test`, `npm run check` — contract +
-privacy + pack — and `npm pack --dry-run`) and the changes have been reviewed. "Release-ready" is
-a quality bar, not a release event: the source is on GitHub, but it moves to an **npm package**
-only when the maintainer performs the tag + publish steps below. The remaining boxes are those
-publish actions, which have not been run yet.
+Current state of `main`: **npm package** (published to npm as `ai-collab-open-system@0.1.1`; the
+global `ai-collab` command is live). All automated gates are green (`npm test`, `npm run check` —
+contract + privacy + pack — and `npm pack --dry-run`), the source is on GitHub with CI green, and
+the package is installable from npm. The boxes below are kept as the reusable release procedure
+(and re-verification points) for the next version.
 
 ## Required local checks
 
@@ -31,14 +30,15 @@ and the *installed* `ai-collab` bin runs — not just that the source tree runs.
   - [ ] `ai-collab guide`
   - [ ] `ai-collab demo`
   - [ ] `ai-collab check --workspace <dir>/.aict`
-- [ ] (Pre-publish, the documented user path is `node bin/ai-collab.js <cmd>` from a clone; CI also
-      smoke-tests that source entry. The global `ai-collab` name only works after the npm-package state.)
+- [ ] (The documented user path is the global `ai-collab <cmd>` after `npm install -g
+      ai-collab-open-system`; from a clone, `node bin/ai-collab.js <cmd>` is the same entry, and CI
+      smoke-tests both the installed bin and the source entry.)
 
 ## Product surface
 
 - [ ] README first screen shows messy input -> structured result.
-- [ ] README Release Status section states the honest current state, and global `ai-collab` /
-      `npm install` mentions are marked "after publish".
+- [ ] README Release Status section states the honest current state (npm package reached), and the
+      global `ai-collab` / `npm install` mentions match the published reality.
 - [ ] Generated `.aict/START_HERE.md` supports both 10-minute experience and 60-minute setup.
 - [ ] The flagship case includes `raw-input`, `baseline-output`, `system-run`, `artifacts`, `comparison`, and `next-step`.
 - [ ] Other cases contain enough detail to run and review, not one-line filler.
@@ -49,9 +49,9 @@ and the *installed* `ai-collab` bin runs — not just that the source tree runs.
 - [ ] `--force` backs up existing `.aict` content before replacement.
 - [ ] Adapter files are called adapter guidance, not deep integration.
 - [ ] No claim says the CLI automatically understands a user's real business.
-- [ ] No doc states an unreached release step as already done (no false "published to npm",
-      no live `npm install ai-collab` as if it works today).
-- [ ] CHANGELOG shows the current version as unreleased (GitHub source, CI green; not npm-published) with no fake release date.
+- [ ] No doc states an unreached release step as already done, and no doc claims ahead of reality
+      (the docs describe each release state only once it has actually been reached).
+- [ ] CHANGELOG shows the current version's real status (published to npm) with a release date that matches the actual publish.
 - [ ] No private source material, local personal paths, tokens, email addresses, customer data, or private governance content are present.
 - [ ] Privacy scan passes on the source tree and generated workspace.
 - [ ] **Maintainer ran the privacy scan with their LOCAL override active.** The shipped `privacy-manifest.json` deliberately contains only generic, anyone-applies markers — it does NOT list this maintainer's own private directory names (e.g. a personal governance folder or knowledge base), because the manifest itself is published and listing them would leak the very names we are protecting. Those names live ONLY in the gitignored `privacy-scan.local.json` (copy `privacy-scan.local.json.example`, fill in the real folder names under `paths`). Before publishing, confirm that file exists and run `npm run privacy:scan` once with it in place, so any stray reference to your private dirs is caught and blocked from the tarball. Verify (and re-confirm after the run) that `privacy-scan.local.json` is still gitignored and is NOT staged/committed — it must never ship.
@@ -59,20 +59,19 @@ and the *installed* `ai-collab` bin runs — not just that the source tree runs.
 ## From GitHub source release to npm package
 
 These are the steps (and their state gates) that take this repo from earliest build all the way to
-a published **npm package**. Each step is also a re-verification point. Steps 1 and 2 (through the
-current **GitHub source release**) are done except git-tagging; the remaining work is the tag plus
-the npm publish in step 3.
+a published **npm package**. Each step is also a re-verification point. Steps 1–3 are done for
+`0.1.1` (the package is published); re-run this same procedure for the next version.
 
 1. **local candidate → publishable candidate** (done)
    - [x] All "Required local checks", "Fresh-tarball install smoke", and "Safety and honesty" boxes above are green.
    - [x] Decide the version. If it changes, update `version` in `package.json` and `package-lock.json`, and add a dated CHANGELOG entry.
    - [x] Working tree clean; no stray `*.tgz` or `*.aict-backup-*` / `.aict.backup-*` artifacts tracked (they are gitignored).
-2. **publishable candidate → GitHub source release** (done except tag)
+2. **publishable candidate → GitHub source release** (done)
    - [x] `git push` the release commit to the public GitHub repo.
    - [x] Confirm CI is green on the pushed commit (matrix + tarball install smoke + CLI smoke).
-   - [ ] `git tag v<version>` and `git push --tags` (or create a GitHub Release for the tag).
-3. **GitHub source release → npm package**
-   - [ ] Confirm npm auth (`npm whoami`) and that the `name`/`version` are publishable (not already taken/published).
-   - [ ] `npm publish` (consider `npm publish --dry-run` first; the package is public, Apache-2.0).
-   - [ ] Post-publish: in a clean dir, `npm install -g ai-collab-open-system` (the package name) and verify the global `ai-collab init/guide/demo/check` command all work.
-   - [ ] Only after this step do README/CHANGELOG statements about the global `ai-collab` command and `npm install` become literally true; update the Release Status table to mark **npm package** reached and set the CHANGELOG release date.
+   - [x] `git tag v<version>` and `git push --tags` (or create a GitHub Release for the tag).
+3. **GitHub source release → npm package** (done)
+   - [x] Confirm npm auth (`npm whoami`) and that the `name`/`version` are publishable (not already taken/published).
+   - [x] `npm publish` (consider `npm publish --dry-run` first; the package is public, Apache-2.0).
+   - [x] Post-publish: in a clean dir, `npm install -g ai-collab-open-system` (the package name) and verify the global `ai-collab init/guide/demo/check` command all work.
+   - [x] README/CHANGELOG statements about the global `ai-collab` command and `npm install` are now literally true; the Release Status table marks **npm package** reached and the CHANGELOG carries the release date.