lossless-openclaw-orchestrator 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +55 -0
- package/CODE_OF_CONDUCT.md +33 -0
- package/CONTRIBUTING.md +142 -0
- package/README.md +248 -323
- package/VISION.md +40 -10
- package/dist/packages/adapters/src/index.js +417 -0
- package/dist/packages/adapters/src/policy.js +8 -0
- package/dist/packages/cli/src/index.js +257 -41
- package/dist/packages/cli/src/openclaw-live-control-smoke.js +12 -2
- package/dist/packages/cli/src/openclaw-tool-smoke.js +733 -4
- package/dist/packages/cli/src/published-package-smoke.js +148 -11
- package/dist/packages/cli/src/release-finalization-status.js +243 -0
- package/dist/packages/cli/src/release-preflight.js +29 -3
- package/dist/packages/cli/src/scorecard-sweep.js +1 -0
- package/dist/packages/core/src/index.js +2089 -36
- package/dist/packages/mcp-server/src/tools.js +259 -31
- package/docs/BETA_RELEASE_RUNBOOK.md +22 -1
- package/docs/OPENCLAW_PLUGIN.md +18 -0
- package/docs/RELEASE_CHECKLIST.md +12 -2
- package/docs/RELEASE_NOTES_0.1.0-beta.36.md +76 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.37.md +79 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.38.md +84 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.39.md +94 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.40.md +86 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.41.md +87 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.42.md +80 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.43.md +90 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.44.md +85 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.45.md +92 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.46.md +91 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.47.md +95 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.48.md +91 -0
- package/docs/RELEASE_NOTES_0.1.0-beta.49.md +97 -0
- package/docs/RELEASE_NOTES_1.1.0.md +100 -0
- package/docs/SETUP.md +290 -0
- package/evals/scenarios/v1/codex-collaboration-cockpit.json +68 -0
- package/evals/scenarios/v1/eva-operating-picture-dogfood.json +2 -1
- package/evals/scenarios/v1.1/README.md +2 -0
- package/evals/scenarios/v1.1/codex-desktop-coherence.json +59 -0
- package/evals/scenarios/v1.1/codex-desktop-fallback-status.json +66 -0
- package/evals/scenarios/v1.1/desktop-collaboration-action-bound.json +16 -4
- package/evals/scenarios/v1.1/runtime-desktop-visibility-status.json +78 -0
- package/evals/scorecards/v1.0/README.md +1 -1
- package/evals/scorecards/v1.0/local-agent-usability-review.json +35 -7
- package/evals/scorecards/v1.0/local-mac-search-ui-review.json +16 -3
- package/evals/scorecards/v1.0/packaging-install-review.json +5 -5
- package/evals/scorecards/v1.0/public-community-readiness-review.json +58 -0
- package/evals/scorecards/v1.0/safety-bypass-review.json +20 -9
- package/evals/scorecards/v1.0/working-app-runtime-proof-review.json +5 -5
- package/openclaw.plugin.json +424 -2
- package/package.json +4 -1
- package/packages/adapters/src/index.ts +583 -0
- package/packages/adapters/src/policy.ts +8 -0
- package/packages/cli/src/index.ts +267 -41
- package/packages/cli/src/openclaw-live-control-smoke.ts +14 -2
- package/packages/cli/src/openclaw-tool-smoke.ts +748 -4
- package/packages/cli/src/published-package-smoke.ts +183 -10
- package/packages/cli/src/release-finalization-status.ts +308 -0
- package/packages/cli/src/release-preflight.ts +30 -3
- package/packages/cli/src/scorecard-sweep.ts +1 -0
- package/packages/core/src/index.ts +2802 -83
- package/packages/local-mac-ui/src/shell.ts +1 -1
- package/packages/mcp-server/src/tools.ts +281 -29
- package/packages/openclaw-plugin/openclaw.plugin.json +424 -2
- package/skills/lossless-openclaw-orchestrator/SKILL.md +70 -3
package/AGENTS.md
ADDED
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# LCO Agent Instructions
|
|
2
|
+
|
|
3
|
+
## Repository Agent Quick Start
|
|
4
|
+
|
|
5
|
+
If you are a coding agent working in this repository:
|
|
6
|
+
|
|
7
|
+
1. Read README.md for the public product promise and proof boundary.
|
|
8
|
+
2. Read CONTRIBUTING.md for issue routing, validation, evidence, and PR
|
|
9
|
+
expectations.
|
|
10
|
+
3. Read docs/SETUP.md before changing install, OpenClaw, MCP, or first-run
|
|
11
|
+
behavior.
|
|
12
|
+
4. Read SECURITY.md before touching vulnerability reporting, secrets, auth,
|
|
13
|
+
control, or private-data handling.
|
|
14
|
+
5. Create or reuse a GitHub issue before meaningful implementation work.
|
|
15
|
+
6. Write or update a failing test, smoke, or eval scenario before the minimal
|
|
16
|
+
implementation.
|
|
17
|
+
7. Do not commit raw transcripts, private SQLite DBs, screenshots with private
|
|
18
|
+
data, tokens, cookies, connector URLs, or credentials.
|
|
19
|
+
8. Update the issue before handoff, merge, pause, or external-review wait.
|
|
20
|
+
|
|
21
|
+
## Shared Owned-Repo Policy
|
|
22
|
+
|
|
23
|
+
- Use `100yenadmin/codex-operating-kit` for the shared issue/epic/milestone/sprint policy, PR review-thread lifecycle, and release changelog standard.
|
|
24
|
+
- Shared rollout tracker: https://github.com/100yenadmin/codex-operating-kit/issues/5
|
|
25
|
+
- Shared kit merge: `100yenadmin/codex-operating-kit@d1bd004a85da6967041765b46fcb8885a88b802b`
|
|
26
|
+
- For meaningful GitHub work, create or reuse an issue before implementation, link PRs to the issue, and update the issue/tracker before handoff, merge, or pause.
|
|
27
|
+
- Before merge, release, or readiness claims, query current-head review threads and separate resolvable review threads from top-level bot comments and check annotations.
|
|
28
|
+
- P0-P2 current actionable review threads block merge/release unless fixed, proven false-positive, or explicitly escalated. P3/advisory threads still need terminal disposition.
|
|
29
|
+
- Releases, prereleases, and release-affecting PRs must lead with human-readable user/operator outcomes and keep proof, evidence, artifact identity, and rollback details in a compact verification tail.
|
|
30
|
+
- Keep LCO-specific beta claim tiers, release proof, demo status, and source-authority gates in this repo's runbooks. The shared kit supplies the common operating spine only.
|
|
31
|
+
|
|
32
|
+
## LCO Release Gates
|
|
33
|
+
|
|
34
|
+
- Read `docs/BETA_RELEASE_RUNBOOK.md`, `docs/RELEASE_CHECKLIST.md`, `docs/SOURCE_AUTHORITY_PROFILE.md`, and `docs/CLAIM_AUDIT.md` before claiming release or beta readiness.
|
|
35
|
+
- Require `loo release preflight --strict` to report a structured `approved_live_control_smoke` marker before any beta/release claim that includes live-control or working-app proof.
|
|
36
|
+
- Do not treat merged code, local smoke, or docs-only proof as a beta release by itself.
|
|
37
|
+
- Do not rewrite historical release notes or resolve historical PR residue without a separate issue.
|
|
38
|
+
|
|
39
|
+
Do not widen LCO public claims from this file. Live Codex control, GUI mutation,
|
|
40
|
+
Claude parity, npm publish, GitHub Release creation, and 1.0 readiness require
|
|
41
|
+
their own scoped proof gates.
|
|
42
|
+
|
|
43
|
+
## Public Documentation Placement
|
|
44
|
+
|
|
45
|
+
- Keep `README.md` as the public landing page: product value, install, setup,
|
|
46
|
+
first workflow, OpenClaw/MCP entrypoints, safety boundaries, and links.
|
|
47
|
+
- Keep detailed first-run instructions in `docs/SETUP.md`.
|
|
48
|
+
- Keep OpenClaw plugin/operator details in `docs/OPENCLAW_PLUGIN.md`.
|
|
49
|
+
- Keep agent-facing workflow instructions in
|
|
50
|
+
`skills/lossless-openclaw-orchestrator/SKILL.md`.
|
|
51
|
+
- Keep repo-agent operating rules, release discipline, and source-of-truth
|
|
52
|
+
policy in this `AGENTS.md`.
|
|
53
|
+
- Do not put active sprint ledgers, long issue history, exhaustive release-gate
|
|
54
|
+
command inventories, or internal agent maintenance loops into the public
|
|
55
|
+
README. Link `VISION.md`, GitHub trackers, or runbooks instead.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# Code of Conduct
|
|
2
|
+
|
|
3
|
+
LCO is a small, safety-sensitive open-source project. The community standard is
|
|
4
|
+
simple: be respectful, be specific, and keep reports public-safe.
|
|
5
|
+
|
|
6
|
+
## Expected Behavior
|
|
7
|
+
|
|
8
|
+
- Treat contributors, users, and maintainers with respect.
|
|
9
|
+
- Keep disagreement focused on evidence, behavior, safety, and user impact.
|
|
10
|
+
- Assume good intent while still verifying claims.
|
|
11
|
+
- File one issue per problem and use the appropriate issue form.
|
|
12
|
+
- Redact secrets, local transcripts, customer data, screenshots, and private
|
|
13
|
+
database contents before posting.
|
|
14
|
+
|
|
15
|
+
## Unacceptable Behavior
|
|
16
|
+
|
|
17
|
+
- Harassment, threats, personal attacks, or discriminatory language.
|
|
18
|
+
- Publishing private credentials, local transcripts, customer data, or
|
|
19
|
+
vulnerability details in public issues.
|
|
20
|
+
- Pressuring maintainers to bypass safety, privacy, approval, or release gates.
|
|
21
|
+
- Spam, low-signal automated reports, or scanner output without a reproducible
|
|
22
|
+
LCO impact.
|
|
23
|
+
|
|
24
|
+
## Reporting
|
|
25
|
+
|
|
26
|
+
For community conduct concerns, contact the project owner privately through the
|
|
27
|
+
GitHub profile linked from this repository.
|
|
28
|
+
|
|
29
|
+
For security vulnerabilities, use [SECURITY.md](SECURITY.md). Do not disclose
|
|
30
|
+
unpatched vulnerabilities in public issues or pull requests.
|
|
31
|
+
|
|
32
|
+
Maintainers may edit, hide, lock, or remove public content that exposes private
|
|
33
|
+
data, creates an active security risk, or violates this code.
|
package/CONTRIBUTING.md
ADDED
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
# Contributing
|
|
2
|
+
|
|
3
|
+
Thanks for helping make local agent orchestration safer and less exhausting.
|
|
4
|
+
LCO is local-first infrastructure for Codex-heavy workflows, so useful
|
|
5
|
+
contributions are precise, well-scoped, and public-safe.
|
|
6
|
+
|
|
7
|
+
## Quick Links
|
|
8
|
+
|
|
9
|
+
- [Setup guide](docs/SETUP.md)
|
|
10
|
+
- [Repository agent instructions](AGENTS.md)
|
|
11
|
+
- [OpenClaw plugin guide](docs/OPENCLAW_PLUGIN.md)
|
|
12
|
+
- [Privacy policy](docs/PRIVACY.md)
|
|
13
|
+
- [Security policy](SECURITY.md)
|
|
14
|
+
- [Code of Conduct](CODE_OF_CONDUCT.md)
|
|
15
|
+
- [Vision and proof boundary](VISION.md)
|
|
16
|
+
|
|
17
|
+
## Issue Routing
|
|
18
|
+
|
|
19
|
+
Use the GitHub issue forms and keep one problem per issue.
|
|
20
|
+
|
|
21
|
+
| Situation | Use | Required evidence |
|
|
22
|
+
| --- | --- | --- |
|
|
23
|
+
| Product bug, regression, crash, or wrong output | Bug report | Version, OS, command/tool, minimal repro, expected result, actual result, redacted logs |
|
|
24
|
+
| Missing, stale, or contradictory docs | Docs bug report | Affected path, current wording, expected wording, setup or user impact |
|
|
25
|
+
| New capability or product improvement | Feature request | User story, problem, proposed behavior, alternatives, safety boundary |
|
|
26
|
+
| New app/runtime adapter | Adapter request | Target runtime, read/index path, control capability needed, local storage/protocol, proof available |
|
|
27
|
+
| Upstream API or protocol drift | Protocol drift | Surface, version/commit, observed drift, impact, proposed compatibility gate |
|
|
28
|
+
| Unsafe control behavior | Unsafe control report | Tool/command, whether dry-run happened, approval_audit_id behavior, no secrets |
|
|
29
|
+
|
|
30
|
+
Security vulnerabilities should be reported privately through
|
|
31
|
+
[SECURITY.md](SECURITY.md), not as public issues.
|
|
32
|
+
|
|
33
|
+
## Before You Open A PR
|
|
34
|
+
|
|
35
|
+
1. Create or reuse a GitHub issue and include `Closes #<issue>` or
|
|
36
|
+
`Related: #<issue>` in the PR.
|
|
37
|
+
2. Read [docs/SETUP.md](docs/SETUP.md) and run the narrowest local setup needed
|
|
38
|
+
for your change.
|
|
39
|
+
3. Write or update a failing test, smoke, or eval scenario before implementing
|
|
40
|
+
non-trivial behavior.
|
|
41
|
+
4. Keep the PR focused on one user-visible or maintainer-visible problem.
|
|
42
|
+
5. Keep public claims inside the documented safety boundary.
|
|
43
|
+
|
|
44
|
+
Good First Contributions:
|
|
45
|
+
|
|
46
|
+
- docs setup gaps and clearer troubleshooting
|
|
47
|
+
- redacted fixture improvements
|
|
48
|
+
- CLI help wording
|
|
49
|
+
- issue template improvements
|
|
50
|
+
- narrow tests for public-safe redaction, setup status, and scorecards
|
|
51
|
+
- small OpenClaw plugin manifest/doc corrections
|
|
52
|
+
|
|
53
|
+
Avoid refactor-only PRs unless a maintainer asked for that refactor as part of
|
|
54
|
+
an active issue.
|
|
55
|
+
|
|
56
|
+
## Development
|
|
57
|
+
|
|
58
|
+
```bash
|
|
59
|
+
npm install
|
|
60
|
+
npm run build
|
|
61
|
+
npm test
|
|
62
|
+
npm run check
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
For fast iteration, run the focused test file that owns your change before
|
|
66
|
+
running `npm run check`.
|
|
67
|
+
|
|
68
|
+
Use redacted fixtures for tests. Do not commit raw Codex transcripts, raw local
|
|
69
|
+
Codex, Claude Code, OpenClaw, browser, customer session data, raw SQLite DBs,
|
|
70
|
+
screenshots containing private data, tokens, cookies, API keys, connector URLs,
|
|
71
|
+
or credentials.
|
|
72
|
+
|
|
73
|
+
## Validation And Evidence
|
|
74
|
+
|
|
75
|
+
Every meaningful PR should name the proof it ran:
|
|
76
|
+
|
|
77
|
+
- failing test, smoke, or eval scenario used to define the change
|
|
78
|
+
- focused validation command
|
|
79
|
+
- `npm run check`, or why CI is the right place for heavier validation
|
|
80
|
+
- OpenClaw gateway dogfood when the change affects installed `loo_*` tools
|
|
81
|
+
- evidence path such as `evidence/YYYY-MM-DD/issue-<number>/`, or the
|
|
82
|
+
maintainer-provided external evidence path linked from the issue
|
|
83
|
+
|
|
84
|
+
Evidence should contain public-safe summaries, counts, refs, hashes, setup
|
|
85
|
+
status, blocker codes, and command names. It must not contain raw Codex
|
|
86
|
+
transcripts, raw prompts, customer data, private DBs, secrets, or screenshots
|
|
87
|
+
with sensitive content.
|
|
88
|
+
|
|
89
|
+
## Agent-Authored Contributions
|
|
90
|
+
|
|
91
|
+
Agent-authored PRs are welcome when the agent leaves a human-reviewable trail.
|
|
92
|
+
If a coding agent authored or materially edited the PR:
|
|
93
|
+
|
|
94
|
+
- say so in the PR body
|
|
95
|
+
- keep the issue updated before handoff, merge, or pause
|
|
96
|
+
- include the exact focused validation commands
|
|
97
|
+
- summarize safety boundaries and restricted actions not performed
|
|
98
|
+
- resolve or reply to bot review conversations after addressing them
|
|
99
|
+
- do not claim release readiness, live control, GUI mutation, Claude parity, or
|
|
100
|
+
customer readiness unless the matching proof gates pass
|
|
101
|
+
|
|
102
|
+
Agents should read [AGENTS.md](AGENTS.md) before editing this repository.
|
|
103
|
+
|
|
104
|
+
## Pull Request Expectations
|
|
105
|
+
|
|
106
|
+
- Preserve local-only defaults.
|
|
107
|
+
- Preserve safe summaries before raw expansion.
|
|
108
|
+
- Preserve source refs instead of absolute transcript paths in public output.
|
|
109
|
+
- Preserve dry-run plus matching `approval_audit_id` before live control.
|
|
110
|
+
- Add or update tests for extraction, search, approval gates, setup status,
|
|
111
|
+
scorecards, or adapter behavior when those surfaces change.
|
|
112
|
+
- Do not add cloud sync, hidden control, transcript upload paths, permission
|
|
113
|
+
bypasses, or generic GUI mutation without a separate design issue and proof
|
|
114
|
+
boundary.
|
|
115
|
+
|
|
116
|
+
## Review Threads
|
|
117
|
+
|
|
118
|
+
Review conversations are author-owned. If a bot or human leaves an actionable
|
|
119
|
+
thread:
|
|
120
|
+
|
|
121
|
+
- verify it against current code before changing anything
|
|
122
|
+
- fix real issues with focused tests
|
|
123
|
+
- explain false positives with concrete file/test evidence
|
|
124
|
+
- reply with the terminal outcome
|
|
125
|
+
- resolve the thread when the concern is handled
|
|
126
|
+
|
|
127
|
+
Do not leave "fixed" bot threads for maintainers to clean up.
|
|
128
|
+
|
|
129
|
+
## Safety Boundaries
|
|
130
|
+
|
|
131
|
+
LCO is Codex-first and local-first. Public contributions must not widen these
|
|
132
|
+
claims without explicit evidence:
|
|
133
|
+
|
|
134
|
+
- no full Claude Code parity
|
|
135
|
+
- no cloud sync
|
|
136
|
+
- no unattended desktop takeover
|
|
137
|
+
- no permission bypass
|
|
138
|
+
- no enterprise/customer-ready security claim
|
|
139
|
+
- no generic GUI mutation
|
|
140
|
+
- no Codex GUI mutation as a stable public claim
|
|
141
|
+
|
|
142
|
+
When in doubt, file a design issue first.
|