lossless-openclaw-orchestrator 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. package/AGENTS.md +55 -0
  2. package/CODE_OF_CONDUCT.md +33 -0
  3. package/CONTRIBUTING.md +142 -0
  4. package/README.md +248 -323
  5. package/VISION.md +40 -10
  6. package/dist/packages/adapters/src/index.js +417 -0
  7. package/dist/packages/adapters/src/policy.js +8 -0
  8. package/dist/packages/cli/src/index.js +257 -41
  9. package/dist/packages/cli/src/openclaw-live-control-smoke.js +12 -2
  10. package/dist/packages/cli/src/openclaw-tool-smoke.js +733 -4
  11. package/dist/packages/cli/src/published-package-smoke.js +148 -11
  12. package/dist/packages/cli/src/release-finalization-status.js +243 -0
  13. package/dist/packages/cli/src/release-preflight.js +29 -3
  14. package/dist/packages/cli/src/scorecard-sweep.js +1 -0
  15. package/dist/packages/core/src/index.js +2089 -36
  16. package/dist/packages/mcp-server/src/tools.js +259 -31
  17. package/docs/BETA_RELEASE_RUNBOOK.md +22 -1
  18. package/docs/OPENCLAW_PLUGIN.md +18 -0
  19. package/docs/RELEASE_CHECKLIST.md +12 -2
  20. package/docs/RELEASE_NOTES_0.1.0-beta.36.md +76 -0
  21. package/docs/RELEASE_NOTES_0.1.0-beta.37.md +79 -0
  22. package/docs/RELEASE_NOTES_0.1.0-beta.38.md +84 -0
  23. package/docs/RELEASE_NOTES_0.1.0-beta.39.md +94 -0
  24. package/docs/RELEASE_NOTES_0.1.0-beta.40.md +86 -0
  25. package/docs/RELEASE_NOTES_0.1.0-beta.41.md +87 -0
  26. package/docs/RELEASE_NOTES_0.1.0-beta.42.md +80 -0
  27. package/docs/RELEASE_NOTES_0.1.0-beta.43.md +90 -0
  28. package/docs/RELEASE_NOTES_0.1.0-beta.44.md +85 -0
  29. package/docs/RELEASE_NOTES_0.1.0-beta.45.md +92 -0
  30. package/docs/RELEASE_NOTES_0.1.0-beta.46.md +91 -0
  31. package/docs/RELEASE_NOTES_0.1.0-beta.47.md +95 -0
  32. package/docs/RELEASE_NOTES_0.1.0-beta.48.md +91 -0
  33. package/docs/RELEASE_NOTES_0.1.0-beta.49.md +97 -0
  34. package/docs/RELEASE_NOTES_1.1.0.md +100 -0
  35. package/docs/SETUP.md +290 -0
  36. package/evals/scenarios/v1/codex-collaboration-cockpit.json +68 -0
  37. package/evals/scenarios/v1/eva-operating-picture-dogfood.json +2 -1
  38. package/evals/scenarios/v1.1/README.md +2 -0
  39. package/evals/scenarios/v1.1/codex-desktop-coherence.json +59 -0
  40. package/evals/scenarios/v1.1/codex-desktop-fallback-status.json +66 -0
  41. package/evals/scenarios/v1.1/desktop-collaboration-action-bound.json +16 -4
  42. package/evals/scenarios/v1.1/runtime-desktop-visibility-status.json +78 -0
  43. package/evals/scorecards/v1.0/README.md +1 -1
  44. package/evals/scorecards/v1.0/local-agent-usability-review.json +35 -7
  45. package/evals/scorecards/v1.0/local-mac-search-ui-review.json +16 -3
  46. package/evals/scorecards/v1.0/packaging-install-review.json +5 -5
  47. package/evals/scorecards/v1.0/public-community-readiness-review.json +58 -0
  48. package/evals/scorecards/v1.0/safety-bypass-review.json +20 -9
  49. package/evals/scorecards/v1.0/working-app-runtime-proof-review.json +5 -5
  50. package/openclaw.plugin.json +424 -2
  51. package/package.json +4 -1
  52. package/packages/adapters/src/index.ts +583 -0
  53. package/packages/adapters/src/policy.ts +8 -0
  54. package/packages/cli/src/index.ts +267 -41
  55. package/packages/cli/src/openclaw-live-control-smoke.ts +14 -2
  56. package/packages/cli/src/openclaw-tool-smoke.ts +748 -4
  57. package/packages/cli/src/published-package-smoke.ts +183 -10
  58. package/packages/cli/src/release-finalization-status.ts +308 -0
  59. package/packages/cli/src/release-preflight.ts +30 -3
  60. package/packages/cli/src/scorecard-sweep.ts +1 -0
  61. package/packages/core/src/index.ts +2802 -83
  62. package/packages/local-mac-ui/src/shell.ts +1 -1
  63. package/packages/mcp-server/src/tools.ts +281 -29
  64. package/packages/openclaw-plugin/openclaw.plugin.json +424 -2
  65. package/skills/lossless-openclaw-orchestrator/SKILL.md +70 -3
package/AGENTS.md ADDED
@@ -0,0 +1,55 @@
1
+ # LCO Agent Instructions
2
+
3
+ ## Repository Agent Quick Start
4
+
5
+ If you are a coding agent working in this repository:
6
+
7
+ 1. Read README.md for the public product promise and proof boundary.
8
+ 2. Read CONTRIBUTING.md for issue routing, validation, evidence, and PR
9
+ expectations.
10
+ 3. Read docs/SETUP.md before changing install, OpenClaw, MCP, or first-run
11
+ behavior.
12
+ 4. Read SECURITY.md before touching vulnerability reporting, secrets, auth,
13
+ control, or private-data handling.
14
+ 5. Create or reuse a GitHub issue before meaningful implementation work.
15
+ 6. Write or update a failing test, smoke, or eval scenario before the minimal
16
+ implementation.
17
+ 7. Do not commit raw transcripts, private SQLite DBs, screenshots with private
18
+ data, tokens, cookies, connector URLs, or credentials.
19
+ 8. Update the issue before handoff, merge, pause, or external-review wait.
20
+
21
+ ## Shared Owned-Repo Policy
22
+
23
+ - Use `100yenadmin/codex-operating-kit` for the shared issue/epic/milestone/sprint policy, PR review-thread lifecycle, and release changelog standard.
24
+ - Shared rollout tracker: https://github.com/100yenadmin/codex-operating-kit/issues/5
25
+ - Shared kit merge: `100yenadmin/codex-operating-kit@d1bd004a85da6967041765b46fcb8885a88b802b`
26
+ - For meaningful GitHub work, create or reuse an issue before implementation, link PRs to the issue, and update the issue/tracker before handoff, merge, or pause.
27
+ - Before merge, release, or readiness claims, query current-head review threads and separate resolvable review threads from top-level bot comments and check annotations.
28
+ - P0-P2 current actionable review threads block merge/release unless fixed, proven false-positive, or explicitly escalated. P3/advisory threads still need terminal disposition.
29
+ - Releases, prereleases, and release-affecting PRs must lead with human-readable user/operator outcomes and keep proof, evidence, artifact identity, and rollback details in a compact verification tail.
30
+ - Keep LCO-specific beta claim tiers, release proof, demo status, and source-authority gates in this repo's runbooks. The shared kit supplies the common operating spine only.
31
+
32
+ ## LCO Release Gates
33
+
34
+ - Read `docs/BETA_RELEASE_RUNBOOK.md`, `docs/RELEASE_CHECKLIST.md`, `docs/SOURCE_AUTHORITY_PROFILE.md`, and `docs/CLAIM_AUDIT.md` before claiming release or beta readiness.
35
+ - Require `loo release preflight --strict` to report a structured `approved_live_control_smoke` marker before any beta/release claim that includes live-control or working-app proof.
36
+ - Do not treat merged code, local smoke, or docs-only proof as a beta release by itself.
37
+ - Do not rewrite historical release notes or resolve historical PR residue without a separate issue.
38
+
39
+ Do not widen LCO public claims from this file. Live Codex control, GUI mutation,
40
+ Claude parity, npm publish, GitHub Release creation, and 1.0 readiness require
41
+ their own scoped proof gates.
42
+
43
+ ## Public Documentation Placement
44
+
45
+ - Keep `README.md` as the public landing page: product value, install, setup,
46
+ first workflow, OpenClaw/MCP entrypoints, safety boundaries, and links.
47
+ - Keep detailed first-run instructions in `docs/SETUP.md`.
48
+ - Keep OpenClaw plugin/operator details in `docs/OPENCLAW_PLUGIN.md`.
49
+ - Keep agent-facing workflow instructions in
50
+ `skills/lossless-openclaw-orchestrator/SKILL.md`.
51
+ - Keep repo-agent operating rules, release discipline, and source-of-truth
52
+ policy in this `AGENTS.md`.
53
+ - Do not put active sprint ledgers, long issue history, exhaustive release-gate
54
+ command inventories, or internal agent maintenance loops into the public
55
+ README. Link `VISION.md`, GitHub trackers, or runbooks instead.
@@ -0,0 +1,33 @@
1
+ # Code of Conduct
2
+
3
+ LCO is a small, safety-sensitive open-source project. The community standard is
4
+ simple: be respectful, be specific, and keep reports public-safe.
5
+
6
+ ## Expected Behavior
7
+
8
+ - Treat contributors, users, and maintainers with respect.
9
+ - Keep disagreement focused on evidence, behavior, safety, and user impact.
10
+ - Assume good intent while still verifying claims.
11
+ - File one issue per problem and use the appropriate issue form.
12
+ - Redact secrets, local transcripts, customer data, screenshots, and private
13
+ database contents before posting.
14
+
15
+ ## Unacceptable Behavior
16
+
17
+ - Harassment, threats, personal attacks, or discriminatory language.
18
+ - Publishing private credentials, local transcripts, customer data, or
19
+ vulnerability details in public issues.
20
+ - Pressuring maintainers to bypass safety, privacy, approval, or release gates.
21
+ - Spam, low-signal automated reports, or scanner output without a reproducible
22
+ LCO impact.
23
+
24
+ ## Reporting
25
+
26
+ For community conduct concerns, contact the project owner privately through the
27
+ GitHub profile linked from this repository.
28
+
29
+ For security vulnerabilities, use [SECURITY.md](SECURITY.md). Do not disclose
30
+ unpatched vulnerabilities in public issues or pull requests.
31
+
32
+ Maintainers may edit, hide, lock, or remove public content that exposes private
33
+ data, creates an active security risk, or violates this code.
@@ -0,0 +1,142 @@
1
+ # Contributing
2
+
3
+ Thanks for helping make local agent orchestration safer and less exhausting.
4
+ LCO is local-first infrastructure for Codex-heavy workflows, so useful
5
+ contributions are precise, well-scoped, and public-safe.
6
+
7
+ ## Quick Links
8
+
9
+ - [Setup guide](docs/SETUP.md)
10
+ - [Repository agent instructions](AGENTS.md)
11
+ - [OpenClaw plugin guide](docs/OPENCLAW_PLUGIN.md)
12
+ - [Privacy policy](docs/PRIVACY.md)
13
+ - [Security policy](SECURITY.md)
14
+ - [Code of Conduct](CODE_OF_CONDUCT.md)
15
+ - [Vision and proof boundary](VISION.md)
16
+
17
+ ## Issue Routing
18
+
19
+ Use the GitHub issue forms and keep one problem per issue.
20
+
21
+ | Situation | Use | Required evidence |
22
+ | --- | --- | --- |
23
+ | Product bug, regression, crash, or wrong output | Bug report | Version, OS, command/tool, minimal repro, expected result, actual result, redacted logs |
24
+ | Missing, stale, or contradictory docs | Docs bug report | Affected path, current wording, expected wording, setup or user impact |
25
+ | New capability or product improvement | Feature request | User story, problem, proposed behavior, alternatives, safety boundary |
26
+ | New app/runtime adapter | Adapter request | Target runtime, read/index path, control capability needed, local storage/protocol, proof available |
27
+ | Upstream API or protocol drift | Protocol drift | Surface, version/commit, observed drift, impact, proposed compatibility gate |
28
+ | Unsafe control behavior | Unsafe control report | Tool/command, whether dry-run happened, approval_audit_id behavior, no secrets |
29
+
30
+ Security vulnerabilities should be reported privately through
31
+ [SECURITY.md](SECURITY.md), not as public issues.
32
+
33
+ ## Before You Open A PR
34
+
35
+ 1. Create or reuse a GitHub issue and include `Closes #<issue>` or
36
+ `Related: #<issue>` in the PR.
37
+ 2. Read [docs/SETUP.md](docs/SETUP.md) and run the narrowest local setup needed
38
+ for your change.
39
+ 3. Write or update a failing test, smoke, or eval scenario before implementing
40
+ non-trivial behavior.
41
+ 4. Keep the PR focused on one user-visible or maintainer-visible problem.
42
+ 5. Keep public claims inside the documented safety boundary.
43
+
44
+ Good First Contributions:
45
+
46
+ - docs setup gaps and clearer troubleshooting
47
+ - redacted fixture improvements
48
+ - CLI help wording
49
+ - issue template improvements
50
+ - narrow tests for public-safe redaction, setup status, and scorecards
51
+ - small OpenClaw plugin manifest/doc corrections
52
+
53
+ Avoid refactor-only PRs unless a maintainer asked for that refactor as part of
54
+ an active issue.
55
+
56
+ ## Development
57
+
58
+ ```bash
59
+ npm install
60
+ npm run build
61
+ npm test
62
+ npm run check
63
+ ```
64
+
65
+ For fast iteration, run the focused test file that owns your change before
66
+ running `npm run check`.
67
+
68
+ Use redacted fixtures for tests. Do not commit raw Codex transcripts, raw local
69
+ Codex, Claude Code, OpenClaw, browser, customer session data, raw SQLite DBs,
70
+ screenshots containing private data, tokens, cookies, API keys, connector URLs,
71
+ or credentials.
72
+
73
+ ## Validation And Evidence
74
+
75
+ Every meaningful PR should name the proof it ran:
76
+
77
+ - failing test, smoke, or eval scenario used to define the change
78
+ - focused validation command
79
+ - `npm run check`, or why CI is the right place for heavier validation
80
+ - OpenClaw gateway dogfood when the change affects installed `loo_*` tools
81
+ - evidence path such as `evidence/YYYY-MM-DD/issue-<number>/`, or the
82
+ maintainer-provided external evidence path linked from the issue
83
+
84
+ Evidence should contain public-safe summaries, counts, refs, hashes, setup
85
+ status, blocker codes, and command names. It must not contain raw Codex
86
+ transcripts, raw prompts, customer data, private DBs, secrets, or screenshots
87
+ with sensitive content.
88
+
89
+ ## Agent-Authored Contributions
90
+
91
+ Agent-authored PRs are welcome when the agent leaves a human-reviewable trail.
92
+ If a coding agent authored or materially edited the PR:
93
+
94
+ - say so in the PR body
95
+ - keep the issue updated before handoff, merge, or pause
96
+ - include the exact focused validation commands
97
+ - summarize safety boundaries and restricted actions not performed
98
+ - resolve or reply to bot review conversations after addressing them
99
+ - do not claim release readiness, live control, GUI mutation, Claude parity, or
100
+ customer readiness unless the matching proof gates pass
101
+
102
+ Agents should read [AGENTS.md](AGENTS.md) before editing this repository.
103
+
104
+ ## Pull Request Expectations
105
+
106
+ - Preserve local-only defaults.
107
+ - Preserve safe summaries before raw expansion.
108
+ - Preserve source refs instead of absolute transcript paths in public output.
109
+ - Preserve dry-run plus matching `approval_audit_id` before live control.
110
+ - Add or update tests for extraction, search, approval gates, setup status,
111
+ scorecards, or adapter behavior when those surfaces change.
112
+ - Do not add cloud sync, hidden control, transcript upload paths, permission
113
+ bypasses, or generic GUI mutation without a separate design issue and proof
114
+ boundary.
115
+
116
+ ## Review Threads
117
+
118
+ Review conversations are author-owned. If a bot or human leaves an actionable
119
+ thread:
120
+
121
+ - verify it against current code before changing anything
122
+ - fix real issues with focused tests
123
+ - explain false positives with concrete file/test evidence
124
+ - reply with the terminal outcome
125
+ - resolve the thread when the concern is handled
126
+
127
+ Do not leave "fixed" bot threads for maintainers to clean up.
128
+
129
+ ## Safety Boundaries
130
+
131
+ LCO is Codex-first and local-first. Public contributions must not widen these
132
+ claims without explicit evidence:
133
+
134
+ - no full Claude Code parity
135
+ - no cloud sync
136
+ - no unattended desktop takeover
137
+ - no permission bypass
138
+ - no enterprise/customer-ready security claim
139
+ - no generic GUI mutation
140
+ - no Codex GUI mutation as a stable public claim
141
+
142
+ When in doubt, file a design issue first.