lossless-openclaw-orchestrator 0.1.0-beta.49 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/README.md +323 -247
  2. package/VISION.md +10 -38
  3. package/dist/packages/adapters/src/index.js +0 -416
  4. package/dist/packages/adapters/src/policy.js +0 -8
  5. package/dist/packages/cli/src/index.js +41 -257
  6. package/dist/packages/cli/src/openclaw-live-control-smoke.js +2 -12
  7. package/dist/packages/cli/src/openclaw-tool-smoke.js +4 -733
  8. package/dist/packages/cli/src/published-package-smoke.js +11 -148
  9. package/dist/packages/cli/src/release-preflight.js +3 -29
  10. package/dist/packages/cli/src/scorecard-sweep.js +0 -1
  11. package/dist/packages/core/src/index.js +36 -2089
  12. package/dist/packages/mcp-server/src/tools.js +31 -259
  13. package/docs/BETA_RELEASE_RUNBOOK.md +1 -22
  14. package/docs/OPENCLAW_PLUGIN.md +0 -18
  15. package/docs/RELEASE_CHECKLIST.md +2 -12
  16. package/evals/scenarios/v1/eva-operating-picture-dogfood.json +1 -2
  17. package/evals/scenarios/v1.1/README.md +0 -2
  18. package/evals/scenarios/v1.1/desktop-collaboration-action-bound.json +4 -16
  19. package/evals/scorecards/v1.0/local-agent-usability-review.json +7 -35
  20. package/evals/scorecards/v1.0/local-mac-search-ui-review.json +3 -16
  21. package/evals/scorecards/v1.0/packaging-install-review.json +5 -5
  22. package/evals/scorecards/v1.0/safety-bypass-review.json +9 -20
  23. package/openclaw.plugin.json +2 -424
  24. package/package.json +2 -5
  25. package/packages/adapters/src/index.ts +0 -581
  26. package/packages/adapters/src/policy.ts +0 -8
  27. package/packages/cli/src/index.ts +41 -267
  28. package/packages/cli/src/openclaw-live-control-smoke.ts +2 -14
  29. package/packages/cli/src/openclaw-tool-smoke.ts +4 -748
  30. package/packages/cli/src/published-package-smoke.ts +10 -183
  31. package/packages/cli/src/release-preflight.ts +3 -30
  32. package/packages/cli/src/scorecard-sweep.ts +0 -1
  33. package/packages/core/src/index.ts +153 -2872
  34. package/packages/local-mac-ui/src/shell.ts +1 -1
  35. package/packages/mcp-server/src/tools.ts +29 -281
  36. package/packages/openclaw-plugin/openclaw.plugin.json +2 -424
  37. package/skills/lossless-openclaw-orchestrator/SKILL.md +3 -70
  38. package/AGENTS.md +0 -55
  39. package/CODE_OF_CONDUCT.md +0 -33
  40. package/CONTRIBUTING.md +0 -142
  41. package/dist/packages/cli/src/release-finalization-status.js +0 -243
  42. package/docs/RELEASE_NOTES_0.1.0-beta.36.md +0 -76
  43. package/docs/RELEASE_NOTES_0.1.0-beta.37.md +0 -79
  44. package/docs/RELEASE_NOTES_0.1.0-beta.38.md +0 -84
  45. package/docs/RELEASE_NOTES_0.1.0-beta.39.md +0 -94
  46. package/docs/RELEASE_NOTES_0.1.0-beta.40.md +0 -86
  47. package/docs/RELEASE_NOTES_0.1.0-beta.41.md +0 -87
  48. package/docs/RELEASE_NOTES_0.1.0-beta.42.md +0 -80
  49. package/docs/RELEASE_NOTES_0.1.0-beta.43.md +0 -90
  50. package/docs/RELEASE_NOTES_0.1.0-beta.44.md +0 -85
  51. package/docs/RELEASE_NOTES_0.1.0-beta.45.md +0 -92
  52. package/docs/RELEASE_NOTES_0.1.0-beta.46.md +0 -91
  53. package/docs/RELEASE_NOTES_0.1.0-beta.47.md +0 -95
  54. package/docs/RELEASE_NOTES_0.1.0-beta.48.md +0 -91
  55. package/docs/RELEASE_NOTES_0.1.0-beta.49.md +0 -97
  56. package/docs/SETUP.md +0 -290
  57. package/evals/scenarios/v1/codex-collaboration-cockpit.json +0 -68
  58. package/evals/scenarios/v1.1/codex-desktop-coherence.json +0 -59
  59. package/evals/scenarios/v1.1/codex-desktop-fallback-status.json +0 -66
  60. package/evals/scenarios/v1.1/runtime-desktop-visibility-status.json +0 -78
  61. package/evals/scorecards/v1.0/public-community-readiness-review.json +0 -58
  62. package/packages/cli/src/release-finalization-status.ts +0 -308
package/README.md CHANGED
@@ -1,337 +1,413 @@
1
- # Lossless OpenClaw Orchestrator
1
+ # Orchestrator CCC+L
2
+
3
+ **Lossless OpenClaw Orchestrator** turns local agent sessions into searchable,
4
+ summarizable, product-management objects for OpenClaw.
5
+
6
+ 3C+L is the working shorthand for **Codex + Claude Code + Lossless**. The beta is
7
+ Codex-first: Claude Code support is intentionally shipped as an adapter stub
8
+ until its storage and control paths are proven.
9
+
10
+ [Vision](VISION.md) · [Current Sprint Brief](docs/sprints/brief-lco-codex-autonomy-cockpit-sprint-2026-07-01.md) · [Source Authority](docs/SOURCE_AUTHORITY_PROFILE.md) · [Agent Skill](skills/lossless-openclaw-orchestrator/SKILL.md) · [Release Checklist](docs/RELEASE_CHECKLIST.md) · [Working App Proof Sprint](docs/WORKING_APP_PROOF_SPRINT.md) · [OpenClaw Plugin](docs/OPENCLAW_PLUGIN.md) · [Claude Adapter Boundary](docs/CLAUDE_ADAPTER_BOUNDARY.md) · [Beta Demo](docs/BETA_RELEASE_DEMO.md) · [Beta Release Runbook](docs/BETA_RELEASE_RUNBOOK.md) · [Claim Audit](docs/CLAIM_AUDIT.md) · [PolyForm Noncommercial](LICENSE)
11
+
12
+ ## Why This Exists
13
+
14
+ OpenClaw should be able to manage hundreds of local agent sessions without
15
+ spending its whole context window rereading raw transcripts.
16
+
17
+ LCO gives an orchestrator agent a staged recall loop:
18
+
19
+ 1. Find likely sessions cheaply.
20
+ 2. Describe the session as compact metadata.
21
+ 3. Expand only the few sessions that need evidence.
22
+ 4. Recommend or dry-run the next action with source refs.
23
+
24
+ The product goal is not "search all the logs." The goal is to help an
25
+ orchestrator decide what matters next with the least possible token load.
26
+
27
+ ## Product Spine
28
+
29
+ The core product object is a managed session.
30
+
31
+ A useful managed session should expose:
32
+
33
+ - project, status, priority, owner, blocker, and next action
34
+ - proposed-plan refs, final-message refs, and closeout refs
35
+ - touched files, tool metadata, safe summaries, and source refs
36
+ - archive, fork, resume, steer, send, or interrupt recommendations
37
+ - bounded expansion profiles such as metadata-only, brief, and evidence bundle
38
+
39
+ The current stable path indexes and recalls Codex session evidence. The next
40
+ roadmap push is to make this spine explicit enough that an OpenClaw agent can
41
+ triage, prioritize, and manage many sessions as work objects instead of
42
+ rediscovering state from text every time.
43
+
44
+ ## What Works Now
45
+
46
+ | Area | Status | Notes |
47
+ | --- | --- | --- |
48
+ | Codex session indexing | Beta | Imports local Codex session JSONL/archive data into local SQLite. |
49
+ | Search / describe / expand | Beta | Supports the staged `grep -> describe -> expand_query` recall loop. |
50
+ | Plans, finals, files, tools | Beta | Extracts proposed plans, final messages, touched files, tool-call metadata, and safe summaries. |
51
+ | MCP / OpenClaw tools | Beta | Exposes `loo_*` tools for OpenClaw and other MCP clients. |
52
+ | OpenClaw LCM peer reads | Experimental | Reads peer summary DBs read-only without merging stores. |
53
+ | Codex direct controls | Beta boundary | Resume/send/steer/interrupt are approval-gated and dry-run first; installed OpenClaw gateway live proof exists only inside its explicit proof boundary. |
54
+ | Desktop fallback | Experimental | CUA Driver and Peekaboo have backend-specific scratch no-focus proof; product GUI mutation still needs an action-bound proof gate. |
55
+ | Scorecards and release proof | Beta | Public-safe scorecards and release-status commands track what is proven. |
56
+ | QA Lab scenarios | Beta | Dry-run scenario contracts under `evals/scenarios/v1` turn orchestrator workflows into public-safe eval tasks. |
57
+ | Working app runtime proof | Completed proof | M7/#156 proved the named runtime path and proof gates; generic GUI mutation, Claude parity, and 1.0 readiness remain excluded. |
58
+ | Codex autonomy cockpit | P0 beta | Recent session cards, cockpit inbox, read-only watcher/resume-request packets, approval packets, and operating-picture tools are public-safe by default. |
59
+ | Eva operating picture | P0 beta | Business pulse and attention inbox use LCO/Codex, optional structured GitHub items, explicit PLAN_STATE pins, and source-authority coverage; P1 business adapters are not configured yet. |
60
+ | Claude Code adapter | Fixture inventory | Supports redacted metadata-only fixtures with `claude_session:*` refs; no Claude parity, live control, GUI mutation, or cloud sync claim. |
61
+
62
+ ## Current Sprint: 1.0 Stable Release Gate
63
+
64
+ The roadmap is now ranked by one question:
65
+
66
+ > Does this help an OpenClaw orchestrator manage hundreds of sessions with less
67
+ > context, less rereading, and safer action?
68
+
69
+ The current release-hardening sprint is tracked by
70
+ [#302](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/302),
71
+ [#182](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/182),
72
+ and
73
+ [#16](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/16).
74
+ The completed Codex Autonomy Cockpit and Eva Operating Picture P0 foundation is
75
+ tracked by
76
+ [#254](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/254),
77
+ [#255](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/255),
78
+ and the historical sprint brief
79
+ [docs/sprints/brief-lco-codex-autonomy-cockpit-sprint-2026-07-01.md](docs/sprints/brief-lco-codex-autonomy-cockpit-sprint-2026-07-01.md).
80
+
81
+ The core Codex recall, M9 handoff paths, and P0 cockpit/Eva operating-picture
82
+ paths are working. The current release lane is the explicit 1.0 stable
83
+ promotion gate: release metadata, docs truth, strict release gates, public-safe
84
+ scorecards, fresh npm/OpenClaw gateway proof, and a clean line between completed
85
+ P0 cards and deferred P1 adapters. #298 proves the fresh-profile gateway path
86
+ can reach `ready` with scoped token env-ref onboarding and the protocol-4
87
+ backend caller fix; beta.35 published that compatibility fix. #302 owns the
88
+ stable-release lane and must prove any npm `latest` promotion or GitHub Release
89
+ creation against the exact stable candidate SHA.
90
+
91
+ Completed P0 foundation is read-only and deterministic:
92
+
93
+ - #254 added `loo_recent_sessions`, `loo_cockpit_inbox`, read-only
94
+ watcher/resume-request primitives, evidence-backed session cards, and
95
+ approval packets for dry-run control context.
96
+ - #260 added read-only Codex app-server status/thread signals and
97
+ `loo_visible_codex_map`, a public-safe join between sanitized visible Codex
98
+ candidates and indexed session cards.
99
+ - #255 added `loo_plan_state_pins`, `loo_github_operating_items`,
100
+ `loo_project_digest`, `loo_attention_inbox`, and `loo_business_pulse`.
101
+ - #264 added a deterministic read-only GitHub operating-item collector so
102
+ issue/PR/check records become public-safe `github_items` before digest tools
103
+ summarize them.
104
+ - #271 cleaned cockpit-card presentation so agent-facing titles, summaries, and
105
+ next actions do not expose directive fragments, markdown tables, duplicated
106
+ labels, or transcript-shaped excerpts.
107
+ - #272 added `eva-operating-picture-dogfood-v1`, an end-to-end public-safe
108
+ workflow fixture for GitHub check fidelity, recent Codex cards, cockpit
109
+ ranking, customer/runtime/security priority, source coverage, and P1 gaps.
110
+ - #258 added a public-safe [source authority profile](docs/SOURCE_AUTHORITY_PROFILE.md)
111
+ so P0 tools distinguish adapter coverage from who owns each truth claim.
112
+ - `PLAN_STATE.md` is demoted to bootloader, manual pins, approval boundaries,
113
+ stop conditions, and exception ledger. Unmarked prose is not current-state
114
+ truth.
115
+ - P1 sources such as Notion, support-control, Company Brain, Stripe,
116
+ dashboard/export, and model summarization remain `not_configured` until
117
+ separate read-only adapters prove source-backed collection.
118
+
119
+ What a local OpenClaw agent can do today:
120
+
121
+ - Search and describe local Codex sessions through `loo_search_sessions` and
122
+ `loo_describe_session`.
123
+ - Expand bounded evidence with `loo_expand_session` or `loo_expand_query`.
124
+ - Retrieve plans, finals, touched files, and session maps with the Codex detail
125
+ tools.
126
+ - List recent sessions and operating-picture attention items with
127
+ `loo_recent_sessions`, `loo_cockpit_inbox`, `loo_github_operating_items`,
128
+ `loo_project_digest`, `loo_attention_inbox`, and `loo_business_pulse`.
129
+ - Represent watcher-triggered follow-up requests with `loo_watchers_list`,
130
+ `loo_watcher_status`, `loo_watcher_dry_run`, and
131
+ `loo_resume_request_packet`; these tools create request packets only and do
132
+ not run live Codex control.
133
+ - Inspect Codex app-server readiness and visible-to-indexed session correlation
134
+ with `loo_codex_app_server_status`, `loo_codex_app_server_threads`, and
135
+ `loo_visible_codex_map`; these tools report source coverage, confidence, and
136
+ ambiguity without raw turns, screenshots, remote-control enablement, or GUI
137
+ mutation.
138
+ - Inspect `authorityCoverage` to see whether LCO, GitHub, or PLAN_STATE is
139
+ authoritative, fallback-only, unavailable, or not configured for a claim.
140
+ - Dry-run Codex control actions and inspect audit ids before any live action.
141
+ - Check package, plugin, gateway, and first-run readiness through `loo_doctor`,
142
+ `loo onboard status`, `loo openclaw dogfood`, `loo openclaw tool-smoke`, and
143
+ `loo openclaw published-smoke`. The published-smoke `setupRecovery` block
144
+ distinguishes clean-profile `ready` proof from credential, device-pairing,
145
+ scope-approval, token-rotation, generic setup, and package-failure states. A
146
+ clean-profile credential blocker is first-run setup, not a package failure:
147
+ the report points to token generation, env-ref onboarding, gateway status, and
148
+ fresh-profile tool-smoke commands with token placeholders only.
149
+
150
+ Completed proof:
151
+
152
+ - The [Working App Proof Sprint](docs/WORKING_APP_PROOF_SPRINT.md) and #156
153
+ closed the M7 runtime proof lane for the named Codex-first surfaces.
154
+ - M9 closed the first-class agent skill, docs truth pass, agent dogfood,
155
+ fresh npm clean-profile smoke, and 1.0 readiness gate.
156
+ - #298 proves a clean OpenClaw profile can install a published package and call
157
+ `loo_doctor` plus `loo_search_sessions` through an isolated loopback token
158
+ gateway after the protocol-4 backend caller fix. In #302, pre-promotion gates
159
+ validate the exact packed stable candidate and merged SHA; fresh npm
160
+ `@latest` published-smoke and general-readiness run only after publication and
161
+ must pass before the stable issue closes.
162
+ - Desktop fallback remains action-bound; generic GUI mutation and Codex GUI
163
+ mutation are not public beta claims.
164
+ - Claude Code remains an adapter stub and fixture inventory, not parity.
165
+
166
+ ## Quick Start
167
+
168
+ Node.js 22 or newer is required.
2
169
 
3
- **LCO turns local Codex sessions into searchable, bounded, approval-aware
4
- work objects for OpenClaw.**
5
-
6
- Use it when an agent or user needs to answer: what sessions are active, what did
7
- they plan, what did they finish, what files did they touch, and what is the next
8
- safe action without rereading raw transcripts.
9
-
10
- [![npm beta](https://img.shields.io/npm/v/lossless-openclaw-orchestrator/beta?label=npm%20beta)](https://www.npmjs.com/package/lossless-openclaw-orchestrator)
11
- [![CI](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/actions/workflows/ci.yml/badge.svg)](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/actions/workflows/ci.yml)
12
- [![CodeQL](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/actions/workflows/codeql.yml/badge.svg)](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/actions/workflows/codeql.yml)
13
- [![License](https://img.shields.io/badge/license-PolyForm%20Noncommercial-blue)](LICENSE)
14
- [![PRs welcome](https://img.shields.io/badge/PRs-welcome-brightgreen)](CONTRIBUTING.md)
15
-
16
- [Setup](docs/SETUP.md) · [Contributing](CONTRIBUTING.md) · [Agent Instructions](AGENTS.md) · [Agent Skill](skills/lossless-openclaw-orchestrator/SKILL.md) · [OpenClaw Plugin](docs/OPENCLAW_PLUGIN.md) · [Security](SECURITY.md) · [Code of Conduct](CODE_OF_CONDUCT.md) · [Vision](VISION.md) · [Privacy](docs/PRIVACY.md) · [Claude Boundary](docs/CLAUDE_ADAPTER_BOUNDARY.md) · [Claim Audit](docs/CLAIM_AUDIT.md) · [Release Notes](docs/RELEASE_NOTES_1.0.0.md) · [License](LICENSE)
17
-
18
- ## Why It Matters
19
-
20
- Codex is powerful, but long-running local work can become hard to supervise
21
- once you have dozens or hundreds of threads. LCO gives your orchestrator agent a
22
- safe operating picture: search first, inspect compact session cards, expand only
23
- bounded evidence, and dry-run the next action before anything live happens.
24
-
25
- If you are here to contribute, start with [CONTRIBUTING.md](CONTRIBUTING.md).
26
- If you are an agent working in this repository, read [AGENTS.md](AGENTS.md)
27
- before editing files.
28
-
29
- ## What It Does
30
-
31
- LCO is a local-first orchestration layer for Codex-heavy work:
32
-
33
- - indexes local Codex session stores into a local SQLite database
34
- - searches sessions by safe summaries, plans, finals, touched files, and refs
35
- - describes one session without exposing the whole transcript
36
- - expands only the evidence an agent needs, with token-budgeted profiles
37
- - exposes `loo_*` tools through MCP and the OpenClaw plugin
38
- - creates dry-run approval packets before Codex resume/send/steer/interrupt
39
- - reports Codex Desktop visibility and fallback readiness without GUI mutation
40
- - validates exact action-bound Desktop collaboration proof packets without executing them
41
- - summarizes runtime Desktop visibility coverage and next read-only proof steps
42
- - classifies active threads as running, blocked, needs-nudge, stale, waiting,
43
- approval-needed, idle, or unknown from public-safe read-only signals,
44
- including attention coverage, non-executed read-only probe recommendations,
45
- and non-executed control dry-run recommendations for safe nudge handoff
46
- - plans one deterministic read-only autonomy loop tick with `execute:false`
47
- tool calls so an agent can probe before dry-run handoff without mutation
48
-
49
- The result is a staged recall loop:
50
-
51
- 1. Search broadly.
52
- 2. Describe the likely session.
53
- 3. Expand a small evidence bundle.
54
- 4. Dry-run the next action.
55
- 5. Execute only after the user approves the exact target/action.
56
-
57
- ## Install
58
-
59
- Requirements:
60
-
61
- - Node.js 22 or newer
62
- - npm
63
- - local Codex session files, usually under `~/.codex/sessions`
64
- - OpenClaw Desktop/CLI if you want installed `loo_*` tools through OpenClaw
170
+ ```bash
171
+ git clone https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO.git
172
+ cd Lossless-Codex-Orchestrator-LCO
173
+ npm install
174
+ npm run build
175
+ ```
65
176
 
66
- Stable install:
177
+ Published stable package target:
67
178
 
68
179
  ```bash
69
180
  npm install -g lossless-openclaw-orchestrator@latest
70
- loo doctor
71
181
  ```
72
182
 
73
- Beta train, when you explicitly want the newest prerelease:
183
+ Published beta package target:
74
184
 
75
185
  ```bash
76
186
  npm install -g lossless-openclaw-orchestrator@beta
77
187
  ```
78
188
 
79
- Package channels:
189
+ Release-candidate package target, once `1.0.0-rc.1` is published:
80
190
 
81
- - `latest` is the stable public channel.
82
- - `beta` is the active prerelease train.
83
- - `next` is reserved for release candidates.
191
+ ```bash
192
+ npm install -g lossless-openclaw-orchestrator@next
193
+ ```
84
194
 
85
- Full first-run instructions live in [docs/SETUP.md](docs/SETUP.md).
195
+ ### npm dist-tag policy
86
196
 
87
- ## Set Up
197
+ Stable users install through `latest`; public betas stay on `beta`; release
198
+ candidates stay on `next`. The first stable release moves `latest` to `1.0.0`
199
+ only after #302 proves the exact candidate through strict release gates. Keep
200
+ prereleases on prerelease tags such as `beta` or `next`. Do not publish a fake stable package just to move a dist-tag.
88
201
 
89
- Choose where LCO stores its local index. The default is already under
90
- `~/.openclaw`, but setting it explicitly makes setup easier to inspect:
202
+ Default local database:
91
203
 
92
204
  ```bash
93
205
  export LOO_DB_PATH="$HOME/.openclaw/lossless-openclaw-orchestrator/orchestrator.sqlite"
94
206
  ```
95
207
 
96
- Index local Codex sessions:
97
-
98
- ```bash
99
- loo index codex --max-files 500 "$HOME/.codex/sessions" "$HOME/.codex/archived_sessions"
100
- ```
101
-
102
- Optional: allow read-only recall from one or more OpenClaw LCM peer databases:
208
+ Optional read-only OpenClaw LCM peer DBs:
103
209
 
104
210
  ```bash
105
211
  export LOO_LCM_DB_PATHS="$HOME/.openclaw/lcm.db"
106
212
  ```
107
213
 
108
- Check local readiness:
214
+ ## CLI
109
215
 
110
216
  ```bash
217
+ loo onboard status --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/onboarding --now 2026-07-01T00:00:00.000Z --strict
111
218
  loo doctor
112
- loo onboard status --strict
219
+ loo index codex --max-files 150 ~/.codex/sessions ~/.codex/archived_sessions
220
+ loo search "proposed plan billing bridge"
221
+ loo grep --lcm-db ~/.openclaw/lcm.db "billing bridge"
222
+ loo describe codex_thread:019f-example
223
+ loo expand-query --profile brief "billing bridge"
224
+ loo sanitize sessions --thread-id 019f-example --repair-plan --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/issue-<number>-sanitizer
225
+ loo serve
113
226
  ```
114
227
 
115
- ## First Workflow
116
-
117
- Search for a session:
228
+ Desktop readiness checks:
118
229
 
119
230
  ```bash
120
- loo search "billing bridge proposed plan"
231
+ loo desktop see cua-driver
232
+ loo desktop see peekaboo --snapshot --max-nodes 50
233
+ loo desktop act cua-driver "click primary" # dry-run only in this beta
121
234
  ```
122
235
 
123
- Describe a result:
124
-
125
- ```bash
126
- loo describe codex_thread:<thread-id>
127
- ```
236
+ Live desktop act requests are intentionally blocked in this beta. Through MCP or
237
+ OpenClaw, `loo_desktop_act` returns structured blockers for missing or
238
+ mismatched action-bound proof fields so an agent can continue through `loo_desktop_live_proof_harness`
239
+ and `loo_desktop_proof_report` without performing GUI mutation.
128
240
 
129
- Expand a bounded brief:
241
+ Scorecard and release proof commands:
130
242
 
131
243
  ```bash
132
- loo expand-ref --profile brief --token-budget 1000 codex_thread:<thread-id>
244
+ loo scorecards sweep --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/issue-<number>-scorecard-sweep --strict
245
+ loo eval scenarios --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/issue-<number>-qa-lab-v1 --strict
246
+ loo eval scenarios --scenario-dir evals/scenarios/v1.1 --runtime-proof-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/runtime-proofs --scenario-id openclaw-gateway-live-codex-v1-1 --scenario-id post-action-refresh-reasoning-v1-1 --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/issue-<number>-qa-lab-v1.1 --strict
247
+ loo release preflight --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-preflight
248
+ loo release status --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status --candidate-sha <release-candidate-sha> --approved-live-control-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/approved-live-control-smoke.json --npm-publish-approval-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/npm-approval.json --github-release-approval-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/github-release-approval.json --github-ci-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/github-ci.json --codeql-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/codeql.json
249
+ loo release demo-status --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/demo
250
+ loo release general-readiness --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/general-readiness --fresh-npm-evidence published-package-smoke.json --agent-dogfood-evidence openclaw-tool-smoke.json --strict
133
251
  ```
134
252
 
135
- Expand from a query when you do not know the ref yet:
253
+ QA Lab dry-run scenarios live in `evals/scenarios/v1`. Runtime-required working
254
+ app proof scenarios live in `evals/scenarios/v1.1`. The current
255
+ `loo eval scenarios` command validates `v1` dry-run contracts and `v1.1`
256
+ runtime-required proof markers without performing the live actions itself.
257
+ Milestone 7 runtime scenarios stay incomplete until `--runtime-proof-dir`
258
+ contains public-safe `<scenario-id>.runtime-proof.json` markers from the later
259
+ child issues. Use repeated `--scenario-id` flags to scope the sweep to the
260
+ surfaces claimed by the release: a Codex-first working-app claim includes
261
+ `openclaw-gateway-live-codex-v1-1` and
262
+ `post-action-refresh-reasoning-v1-1`; add the desktop or local UI scenario ids
263
+ only when the release copy claims those surfaces.
264
+
265
+ For a release candidate that intentionally claims only read/search/describe/expand
266
+ plus dry-run control, name the smaller scope explicitly and do not pass
267
+ live-control proof:
136
268
 
137
269
  ```bash
138
- loo expand-query --profile brief --token-budget 1000 "billing bridge"
270
+ loo release preflight --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-preflight --strict
271
+ loo release bundle --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-bundle
272
+ loo release demo-status --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/demo --strict
273
+ loo release status --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status --candidate-sha <release-candidate-sha> --npm-publish-approval-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/npm-approval.json --github-release-approval-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/github-release-approval.json --github-ci-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/github-ci.json --codeql-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/codeql.json --strict
139
274
  ```
140
275
 
141
- For normal agent workflows, use the MCP/OpenClaw tools:
142
-
143
- - `loo_search_sessions`
144
- - `loo_describe_session`
145
- - `loo_expand_session`
146
- - `loo_codex_plans`
147
- - `loo_codex_final_messages`
148
- - `loo_codex_touched_files`
149
- - `loo_codex_control_dry_run`
150
-
151
- `loo_codex_control_dry_run` returns the audit id and hashes an agent should show
152
- before any live resume/send/steer/interrupt call. Live control requires the
153
- matching `approval_audit_id`.
154
-
155
- The packaged agent playbook is
156
- [skills/lossless-openclaw-orchestrator/SKILL.md](skills/lossless-openclaw-orchestrator/SKILL.md).
276
+ That scope records approved live Codex control and working-app runtime proof as
277
+ excluded claims. Use the default `codex-live-control` scope when the release
278
+ claims live send/resume/steer or interrupt proof but does not yet claim the
279
+ installed gateway plus post-action refresh loop.
157
280
 
158
- ## OpenClaw And MCP
159
-
160
- Run the MCP server directly:
281
+ Use `codex-working-app-proof` only when the release candidate has both the
282
+ approved live-control proof and public-safe v1.1 runtime marker files from #158
283
+ and #159:
161
284
 
162
285
  ```bash
163
- loo-mcp-server
286
+ loo release preflight --claim-scope codex-working-app-proof --runtime-proof-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/runtime-proof --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-preflight --approved-live-control-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/approved-live-control-smoke.json --strict
287
+ loo release status --claim-scope codex-working-app-proof --runtime-proof-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/runtime-proof --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status --candidate-sha <release-candidate-sha> --approved-live-control-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/approved-live-control-smoke.json --npm-publish-approval-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/npm-approval.json --github-release-approval-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/github-release-approval.json --github-ci-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/github-ci.json --codeql-evidence /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status/codeql.json --strict
164
288
  ```
165
289
 
166
- Typical MCP client entry:
290
+ Without `openclaw-gateway-live-codex-v1-1.runtime-proof.json` and
291
+ `post-action-refresh-reasoning-v1-1.runtime-proof.json`, that scope fails closed
292
+ with `runtime_proof_missing:*` blockers.
167
293
 
168
- ```json
169
- {
170
- "mcpServers": {
171
- "lossless-openclaw-orchestrator": {
172
- "command": "loo-mcp-server"
173
- }
174
- }
175
- }
176
- ```
294
+ The beta proof workflow lives in [docs/BETA_RELEASE_DEMO.md](docs/BETA_RELEASE_DEMO.md).
295
+ The release cadence and approval gates live in
296
+ [docs/BETA_RELEASE_RUNBOOK.md](docs/BETA_RELEASE_RUNBOOK.md).
177
297
 
178
- Install the OpenClaw plugin from npm:
298
+ ## Beta Claim Boundary
179
299
 
180
- ```bash
181
- openclaw plugins install lossless-openclaw-orchestrator@latest
182
- openclaw plugins list --json
183
- ```
300
+ Allowed public beta claim:
184
301
 
185
- Verify the package and OpenClaw gateway path:
302
+ > Control and collaborate with local Codex sessions through OpenClaw using local
303
+ > indexing, bounded recall, and approval-gated controls.
186
304
 
187
- ```bash
188
- loo openclaw dogfood --profile lco-dogfood --install-source lossless-openclaw-orchestrator@latest --required-tool loo_doctor --required-tool loo_search_sessions --strict
189
- loo openclaw tool-smoke --profile lco-dogfood --required-tool loo_doctor --required-tool loo_search_sessions --strict
190
- ```
305
+ Forbidden beta claims:
191
306
 
192
- OpenClaw gateway setup may require local credential, device-pairing, token, or
193
- scope approval steps before tool smoke can pass. LCO reports those as setup
194
- blockers, not package failures. See [docs/SETUP.md](docs/SETUP.md) and
195
- [docs/OPENCLAW_PLUGIN.md](docs/OPENCLAW_PLUGIN.md).
307
+ - Full Claude Code parity
308
+ - cloud sync
309
+ - unattended desktop takeover
310
+ - bypasses Codex permissions
311
+ - release-grade enterprise security
196
312
 
197
- ## Safety Boundaries
313
+ Detailed public-claim checks live in [docs/CLAIM_AUDIT.md](docs/CLAIM_AUDIT.md).
198
314
 
199
- LCO is Codex-first and local-first.
315
+ ## MCP / OpenClaw Tools
200
316
 
201
- Default behavior:
317
+ Tool prefix: `loo_*`.
202
318
 
203
- - local SQLite index
204
- - public-safe summaries before raw expansion
205
- - source refs instead of raw transcript paths
206
- - bounded expansion profiles
207
- - read-only OpenClaw LCM peer DB access
208
- - direct Codex protocol before desktop fallback
209
- - dry-run plus matching `approval_audit_id` before live Codex control
319
+ Read/search:
210
320
 
211
- Not claimed:
321
+ - `loo_index_sessions`
322
+ - `loo_grep`
323
+ - `loo_search_sessions`
324
+ - `loo_describe_ref`
325
+ - `loo_describe_session`
326
+ - `loo_expand_session`
327
+ - `loo_expand_query`
212
328
 
213
- - full Claude Code parity
214
- - cloud sync
215
- - unattended desktop takeover
216
- - permission bypass
217
- - enterprise or customer-ready security claim
218
- - generic GUI mutation is not supported
219
- - Codex GUI mutation is not a stable public claim
220
-
221
- Claude Code support is an adapter stub and redacted fixture inventory until its
222
- storage and control paths are proven. Desktop fallback surfaces report
223
- readiness, blockers, and proof states; they do not authorize prompt typing,
224
- clicking, refresh/restart automation, or arbitrary app control.
225
-
226
- Claude adapter proof boundaries live in
227
- [docs/CLAUDE_ADAPTER_BOUNDARY.md](docs/CLAUDE_ADAPTER_BOUNDARY.md). Public
228
- claim details live in [docs/CLAIM_AUDIT.md](docs/CLAIM_AUDIT.md).
229
- Privacy details live in [docs/PRIVACY.md](docs/PRIVACY.md) and
230
- [docs/SAFE_SUMMARIES.md](docs/SAFE_SUMMARIES.md).
231
-
232
- ## Community And Contributing
233
-
234
- LCO is meant to be easy to try and safe to improve. The public contribution
235
- path is:
236
-
237
- 1. Read [CONTRIBUTING.md](CONTRIBUTING.md) for issue routing, validation,
238
- evidence, and agent-authored PR expectations.
239
- 2. Follow [docs/SETUP.md](docs/SETUP.md) for local install and first-run setup.
240
- 3. Use [AGENTS.md](AGENTS.md) when a coding agent is making or reviewing the
241
- change.
242
- 4. File a bug, docs bug, feature request, adapter request, protocol drift
243
- report, or unsafe-control report through the GitHub issue forms.
244
-
245
- Good first issue candidates are docs gaps, redacted fixture coverage, setup
246
- diagnostics, issue-template improvements, and narrow CLI help fixes. Use the
247
- adapter request form to request an adapter; describe the target app/runtime,
248
- read/index path, control boundary, and redacted proof available to test it.
249
-
250
- Never paste raw Codex transcripts, private SQLite databases, tokens, cookies,
251
- connector URLs, or customer data into public issues or PRs. Use
252
- [SECURITY.md](SECURITY.md) for private vulnerability reports and
253
- [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for community expectations.
329
+ Codex details:
254
330
 
255
- ## Architecture
256
-
257
- - `packages/core`: SQLite index, Codex import, safe summaries, source refs,
258
- extraction, search, and expansion
259
- - `packages/mcp-server`: stdio MCP server exposing `loo_*` tools
260
- - `packages/openclaw-plugin`: OpenClaw plugin entry and manifest surface
261
- - `packages/cli`: `loo` CLI for setup, indexing, recall, smoke, eval, and
262
- release gates
263
- - `packages/adapters`: Codex transport, audit, redaction, CUA/Peekaboo
264
- readiness, and adapter boundaries
265
- - `skills/`: packaged agent-facing OpenClaw playbook
266
- - `evals/`: scenario and scorecard contracts
267
- - `docs/`: setup, privacy, release proof, source authority, adapter boundaries,
268
- and deeper operator guides
331
+ - `loo_codex_thread_map`
332
+ - `loo_codex_final_messages`
333
+ - `loo_codex_plans`
334
+ - `loo_codex_touched_files`
335
+ - `loo_codex_tool_calls`
269
336
 
270
- ## Roadmap And Proof Status
337
+ Approval-gated controls:
271
338
 
272
- The stable public product is Codex-first local orchestration: index, search,
273
- describe, expand, OpenClaw/MCP tools, and approval-gated dry-run/live-control
274
- boundaries.
339
+ - `loo_codex_control_dry_run`
340
+ - `loo_codex_resume_thread`
341
+ - `loo_codex_send_message`
342
+ - `loo_codex_steer_thread`
343
+ - `loo_codex_interrupt_thread`
275
344
 
276
- Current deeper product work is tracked in GitHub issues and summarized in
277
- [VISION.md](VISION.md). Keep sprint and agent-operator details there, in
278
- [AGENTS.md](AGENTS.md), and in the packaged
279
- [agent skill](skills/lossless-openclaw-orchestrator/SKILL.md), not in this
280
- public landing page.
345
+ Desktop fallback:
281
346
 
282
- ## Maintainer Proof
347
+ - `loo_desktop_see`
348
+ - `loo_desktop_act`
283
349
 
284
- Release and readiness proof lives in the runbooks, not in the first-run setup
285
- path:
350
+ Admin:
286
351
 
287
- - [Release Checklist](docs/RELEASE_CHECKLIST.md)
288
- - [Release Runbook](docs/BETA_RELEASE_RUNBOOK.md)
289
- - [Claim Audit](docs/CLAIM_AUDIT.md)
290
- - [QA Demo](docs/BETA_RELEASE_DEMO.md)
352
+ - `loo_doctor`
353
+ - `loo_lcm_peer_dbs`
354
+ - `loo_permissions`
355
+ - `loo_audit_tail`
291
356
 
292
- For `1.0`, the general release checklist requires fresh npm clean-profile
293
- evidence, agent dogfood evidence through gateway tools, CI, scorecards, and
294
- claim-audit proof before `latest` promotion.
357
+ OpenClaw setup lives in [docs/OPENCLAW_PLUGIN.md](docs/OPENCLAW_PLUGIN.md).
295
358
 
296
- Versioned proof contracts live in `evals/scorecards/v1.0` and
297
- `evals/scenarios/v1`; runtime-required scenario contracts live in
298
- `evals/scenarios/v1.1`.
359
+ ## Architecture
299
360
 
300
- Core proof commands:
361
+ - `packages/core`: SQLite schema, Codex import, search, expansion, extraction, source refs.
362
+ - `packages/mcp-server`: stdio MCP tool server.
363
+ - `packages/openclaw-plugin`: OpenClaw plugin metadata and registration.
364
+ - `packages/cli`: `loo` CLI.
365
+ - `packages/adapters`: Codex control, CUA/Peekaboo boundary, Claude Code stub.
366
+ - `evals/scorecards/v1.0`: beta scorecards for safety, retrieval, install, claims, usability, local Mac search UI, and orchestrator leverage.
367
+ - `evals/scorecards/v1.0/working-app-runtime-proof-review.json`: Milestone 7 runtime proof scorecard.
368
+ - `evals/scenarios/v1`: QA Lab dry-run scenario contracts for session map triage, retrieval, bounded expansion, control safety, gateway dogfood, and release claims.
369
+ - `evals/scenarios/v1.1`: runtime-required working-app proof contracts for installed gateway live control, post-action refresh, desktop collaboration, and connected UI proof.
370
+ - `docs/`: install, demo, privacy, safe summaries, release proof, release runbook, and public-claim boundaries.
301
371
 
302
- ```bash
303
- loo scorecards sweep --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/issue-<number>-scorecard-sweep --strict
304
- loo eval scenarios --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/issue-<number>-qa-lab --strict
305
- loo release preflight --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-preflight --strict
306
- loo release demo-status --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/demo --strict
307
- loo release status --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status --candidate-sha <release-candidate-sha> --npm-publish-approval-evidence npm-publish-approval.json --github-release-approval-evidence github-release-approval.json --github-ci-evidence github-ci.json --codeql-evidence codeql.json --strict
308
- loo release general-readiness --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/general-readiness --fresh-npm-evidence published-package-smoke.json --agent-dogfood-evidence openclaw-tool-smoke.json --strict
309
- ```
372
+ Direct Codex protocol is preferred for thread work. GUI automation is a fallback
373
+ for visible app collaboration only.
310
374
 
311
375
  ## Development
312
376
 
313
377
  ```bash
314
- npm install
315
- npm run build
378
+ npm run typecheck
316
379
  npm test
380
+ npm run build
317
381
  npm run check
318
382
  ```
319
383
 
320
- The test suite uses redacted fixtures and Node's built-in test runner. Heavy
321
- validation is expected to run in CI; local development should use focused tests
322
- first.
384
+ The test suite uses redacted fixtures and Node's built-in test runner.
385
+
386
+ Every meaningful issue should include a failing test, fixture, smoke, or eval
387
+ scenario; minimal implementation; focused validation; public-safe evidence; and
388
+ an issue or PR status update.
389
+
390
+ ## Privacy
391
+
392
+ The default index is local SQLite. The index stores safe text and metadata so
393
+ agents can search and expand bounded evidence. Raw local session files remain
394
+ the source of truth and should not be committed.
395
+
396
+ Public evidence should contain counts, refs, hashes, statuses, and redacted
397
+ metadata. It should not contain raw transcripts, raw prompts, SQLite databases,
398
+ tokens, cookies, API keys, screenshots, videos, or private customer data.
323
399
 
324
- For contributor workflow details, use [CONTRIBUTING.md](CONTRIBUTING.md).
400
+ See [docs/PRIVACY.md](docs/PRIVACY.md) and [docs/SAFE_SUMMARIES.md](docs/SAFE_SUMMARIES.md).
325
401
 
326
402
  ## License
327
403
 
328
- Current source and current npm-published versions are source-available under the
404
+ Current source is source-available under the
329
405
  [PolyForm Noncommercial License 1.0.0](LICENSE). Noncommercial use is permitted
330
406
  under those terms.
331
407
 
332
408
  Commercial, internal-business, hosted-service, or product use requires a
333
409
  separate commercial license from the project owner.
334
410
 
335
- Earlier prerelease artifacts that previously carried MIT metadata are no longer
336
- published on npm. Any copies already downloaded remain governed by the license
337
- terms distributed with those copies.
411
+ Historical beta releases published under the MIT License remain available under
412
+ the terms that applied to those releases. This license transition applies
413
+ prospectively to the current source and future releases.