lossless-openclaw-orchestrator 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -19
- package/VISION.md +14 -11
- package/dist/packages/cli/src/general-release-readiness.js +13 -5
- package/dist/packages/cli/src/index.js +19 -6
- package/dist/packages/cli/src/openclaw-tool-smoke.js +21 -3
- package/dist/packages/cli/src/published-package-smoke.js +9 -1
- package/dist/packages/openclaw-plugin/src/index.js +1 -1
- package/docs/BETA_RELEASE_RUNBOOK.md +17 -12
- package/docs/CLAIM_AUDIT.md +9 -6
- package/docs/RELEASE_CHECKLIST.md +6 -6
- package/docs/RELEASE_NOTES_1.2.1.md +127 -0
- package/docs/RELEASE_NOTES_1.2.2.md +94 -0
- package/docs/SETUP.md +4 -0
- package/openclaw.plugin.json +2 -2
- package/package.json +2 -2
- package/packages/cli/src/general-release-readiness.ts +14 -6
- package/packages/cli/src/index.ts +19 -6
- package/packages/cli/src/openclaw-tool-smoke.ts +23 -3
- package/packages/cli/src/published-package-smoke.ts +17 -1
- package/packages/openclaw-plugin/openclaw.plugin.json +2 -2
- package/packages/openclaw-plugin/src/index.ts +1 -1
package/README.md
CHANGED
|
@@ -20,10 +20,10 @@ safe action without rereading raw transcripts.
|
|
|
20
20
|
| --- | --- |
|
|
21
21
|
| Searchable local session memory | Find plans, finals, touched files, and refs without raw transcript rereads. |
|
|
22
22
|
| Bounded evidence expansion | Read compact public-safe briefs before opening larger source material. |
|
|
23
|
-
| Approval-gated
|
|
24
|
-
| OpenClaw/MCP tools | Use the same local-first recall and
|
|
23
|
+
| Approval-gated boundaries | Dry-run Codex actions and verify matching audit ids before any live control. |
|
|
24
|
+
| OpenClaw/MCP tools | Use the same local-first recall and approval-bounded surfaces from agent workflows. |
|
|
25
25
|
|
|
26
|
-
[Setup](docs/SETUP.md) · [Contributing](CONTRIBUTING.md) · [Agent Instructions](AGENTS.md) · [Agent Skill](skills/lossless-openclaw-orchestrator/SKILL.md) · [OpenClaw Plugin](docs/OPENCLAW_PLUGIN.md) · [Security](SECURITY.md) · [Code of Conduct](CODE_OF_CONDUCT.md) · [Vision](VISION.md) · [Privacy](docs/PRIVACY.md) · [Claude Boundary](docs/CLAUDE_ADAPTER_BOUNDARY.md) · [Claim Audit](docs/CLAIM_AUDIT.md) · [Release Notes](docs/RELEASE_NOTES_1.2.0
|
|
26
|
+
[Setup](docs/SETUP.md) · [Contributing](CONTRIBUTING.md) · [Agent Instructions](AGENTS.md) · [Agent Skill](skills/lossless-openclaw-orchestrator/SKILL.md) · [OpenClaw Plugin](docs/OPENCLAW_PLUGIN.md) · [Security](SECURITY.md) · [Code of Conduct](CODE_OF_CONDUCT.md) · [Vision](VISION.md) · [Privacy](docs/PRIVACY.md) · [Claude Boundary](docs/CLAUDE_ADAPTER_BOUNDARY.md) · [Claim Audit](docs/CLAIM_AUDIT.md) · [Release Notes](docs/RELEASE_NOTES_1.2.2.md) · [1.2.1 Notes](docs/RELEASE_NOTES_1.2.1.md) · [1.2.0 Notes](docs/RELEASE_NOTES_1.2.0.md) · [1.1.4 Notes](docs/RELEASE_NOTES_1.1.4.md) · [1.0 Notes](docs/RELEASE_NOTES_1.0.0.md) · [License](LICENSE)
|
|
27
27
|
|
|
28
28
|
## Why It Matters
|
|
29
29
|
|
|
@@ -322,18 +322,18 @@ connector URLs, or customer data into public issues or PRs. Use
|
|
|
322
322
|
## Roadmap And Proof Status
|
|
323
323
|
|
|
324
324
|
The stable public product is Codex-first local orchestration: index, search,
|
|
325
|
-
describe, expand, OpenClaw/MCP tools, and
|
|
326
|
-
boundaries.
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
325
|
+
describe, expand, prepared-state recall, OpenClaw/MCP tools, and
|
|
326
|
+
approval-gated dry-run/control boundaries.
|
|
327
|
+
|
|
328
|
+
The 1.2 prepared-state and summary-leaves lane is shipped in stable `1.2.2`.
|
|
329
|
+
Current launch work is the M11 GA assurance sprint, tracked in GitHub and
|
|
330
|
+
summarized in [VISION.md](VISION.md). Keep sprint and agent-operator details
|
|
331
|
+
there, in [AGENTS.md](AGENTS.md), and in the packaged
|
|
332
|
+
[agent skill](skills/lossless-openclaw-orchestrator/SKILL.md), not in this
|
|
333
|
+
public landing page. The historical 1.2 architecture handoff remains in
|
|
331
334
|
[docs/sprints/brief-lco-1.2-prepared-state-summary-leaves-2026-07-03.md](docs/sprints/brief-lco-1.2-prepared-state-summary-leaves-2026-07-03.md).
|
|
332
|
-
Keep sprint and agent-operator details there, in [AGENTS.md](AGENTS.md), and in
|
|
333
|
-
the packaged [agent skill](skills/lossless-openclaw-orchestrator/SKILL.md), not
|
|
334
|
-
in this public landing page.
|
|
335
335
|
|
|
336
|
-
The 1.2
|
|
336
|
+
The shipped 1.2 layer is local, deterministic, and opt-in. It provides
|
|
337
337
|
source-ref-backed ranges, summary leaves, prepared cards, persisted watcher
|
|
338
338
|
observations, execute-false local attention queue items, and hook capture so an
|
|
339
339
|
OpenClaw/Eva agent can start from compact prepared state rather than rereading
|
|
@@ -359,9 +359,9 @@ path:
|
|
|
359
359
|
- [Claim Audit](docs/CLAIM_AUDIT.md)
|
|
360
360
|
- [QA Demo](docs/BETA_RELEASE_DEMO.md)
|
|
361
361
|
|
|
362
|
-
For
|
|
363
|
-
evidence, agent dogfood evidence through gateway tools, CI,
|
|
364
|
-
claim-audit proof before `latest` promotion.
|
|
362
|
+
For stable releases, the general release checklist requires fresh npm
|
|
363
|
+
clean-profile evidence, agent dogfood evidence through gateway tools, CI,
|
|
364
|
+
scorecards, and claim-audit proof before `latest` promotion.
|
|
365
365
|
|
|
366
366
|
Versioned proof contracts live in `evals/scorecards/v1.0` and
|
|
367
367
|
`evals/scenarios/v1`; runtime-required scenario contracts live in
|
|
@@ -402,6 +402,4 @@ under those terms.
|
|
|
402
402
|
Commercial, internal-business, hosted-service, or product use requires a
|
|
403
403
|
separate commercial license from the project owner.
|
|
404
404
|
|
|
405
|
-
|
|
406
|
-
published on npm. Any copies already downloaded remain governed by the license
|
|
407
|
-
terms distributed with those copies.
|
|
405
|
+
Email admin@electricsheephq.com for licensing information.
|
package/VISION.md
CHANGED
|
@@ -8,19 +8,22 @@ An OpenClaw agent can understand, search, summarize, and safely coordinate a use
|
|
|
8
8
|
|
|
9
9
|
The stable product should feel like a local orchestration cockpit: OpenClaw can see what Codex sessions exist, what each session is working on, which plans and final messages matter, which files were touched, and which next action would be safe to dry-run or execute only after explicit approval.
|
|
10
10
|
|
|
11
|
-
## Current Milestone: 1.2
|
|
11
|
+
## Current Milestone: 1.2.0 GA Assurance And Global Launch Readiness
|
|
12
12
|
|
|
13
|
-
The current
|
|
13
|
+
The current release-readiness lane is Milestone 11: LCO 1.2.0 GA Assurance And Global Launch Readiness. GitHub tracker [#478](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/478) and children [#479](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/479)-[#493](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/493) own implementation truth; this file owns the product and eval boundary.
|
|
14
14
|
|
|
15
|
-
The stable 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3,
|
|
15
|
+
The stable 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2.0, 1.2.1, and 1.2.2 packages have shipped on npm `latest` and their GitHub Releases are published. The post-GA Desktop claim-validation lane [#306](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/306) records that Desktop-visible classification and fallback readiness/status are proven, while actual Codex GUI mutation remains excluded. Desktop parity [#307](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/307) added the coherence classifier; desktop fallback [#308](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/308) added the CUA-first and Peekaboo-secondary readiness report. The 1.1 collaboration cockpit [#309](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/309) is completed proof for read-only collaboration summaries and execute-false next steps, not the current active child-work list.
|
|
16
16
|
|
|
17
17
|
The Codex Autonomy Cockpit [#254](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/254) and Eva Operating Picture [#255](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/255) P0 lanes are completed beta foundation, not the current active child-work list. Completed P0 children include shared contracts [#256](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/256), source authority [#258](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/258), watcher/resume requests [#259](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/259), visible Codex map joins [#260](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/260), deterministic GitHub operating inputs [#264](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/264)/[#265](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/265), current-lane source balancing [#269](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/269), GitHub check-state fidelity [#270](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/270), cockpit card cleanup [#271](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/271), and end-to-end Eva cockpit dogfood [#272](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/272). The sprint brief remains the historical handoff for that P0 work: [docs/sprints/brief-lco-codex-autonomy-cockpit-sprint-2026-07-01.md](docs/sprints/brief-lco-codex-autonomy-cockpit-sprint-2026-07-01.md).
|
|
18
18
|
|
|
19
|
-
The core Codex recall, M9 handoff paths, Codex Autonomy Cockpit, Eva Operating Picture P0 paths, 1.1 Desktop collaboration cockpit paths, release metadata, package/gateway setup proof, docs truth, release gates, public-safe scorecards, post-publish fresh npm `@latest` install proof, and stable publication lanes are no longer the main gap. The
|
|
19
|
+
The core Codex recall, M9 handoff paths, Codex Autonomy Cockpit, Eva Operating Picture P0 paths, 1.1 Desktop collaboration cockpit paths, 1.2 prepared-state and summary-leaf paths, release metadata, package/gateway setup proof, docs truth, release gates, public-safe scorecards, post-publish fresh npm `@latest` install proof, and stable publication lanes are no longer the main product gap. The current gap is no-bug-left-behind launch assurance: prove the published `1.2.2` package is installable, discoverable, public-safe, and honest for global users before broad rollout.
|
|
20
20
|
|
|
21
21
|
The current target is:
|
|
22
22
|
|
|
23
|
-
-
|
|
23
|
+
- Execute the M11 GA assurance tracker and children using public-safe evidence under `/Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/2026-07-05/m11-ga-assurance/`.
|
|
24
|
+
- Keep the launch claim scoped to local Codex prepared-state recall, search/describe/expand, summary leaves, prepared inbox/cards, OpenClaw gateway use, and approval-gated dry-run/control boundaries.
|
|
25
|
+
- Fix or defer every P0-P3 launch finding with terminal disposition before calling the release globally ready.
|
|
26
|
+
- Keep the 1.2 prepared-state tracker as completed proof, not the current active child-work list. The sprint brief remains the historical architecture handoff: [docs/sprints/brief-lco-1.2-prepared-state-summary-leaves-2026-07-03.md](docs/sprints/brief-lco-1.2-prepared-state-summary-leaves-2026-07-03.md).
|
|
24
27
|
- Keep prepared state as advisory cache: cards, inbox items, and summary leaves route an agent to source refs; they do not become authority for PR/CI/release/runtime/customer truth.
|
|
25
28
|
- Classify mutations explicitly: pure reads use empty `mutationClasses`, LCO-owned indexing/audit/prepared-state writes use `mode: "local_cache_write"` with `derived_cache`, and source-store, external-system, live-control, GUI, release, and npm mutations stay non-default.
|
|
26
29
|
- Add source ranges and summary leaves as an additive DB layer behind the existing search/describe/expand tools instead of rewriting the current session-level DB in one migration. Source ranges are the first 1.2 proof slice; summary leaves sit on top as metadata-only routing/evidence cards with bounded DAG expansion.
|
|
@@ -35,7 +38,7 @@ The current target is:
|
|
|
35
38
|
- Keep P1 source adapters, including Notion, support-control, Company Brain, Stripe, dashboard/export, and model summarization, behind separate adapters and proof gates; P0 tools report those sources as `not_configured` instead of fabricating summaries.
|
|
36
39
|
- Use the [source authority profile](docs/SOURCE_AUTHORITY_PROFILE.md) to distinguish "this source returned data" from "this source owns the current truth"; unavailable or cache-only sources must degrade claims to `unknown` or low confidence.
|
|
37
40
|
|
|
38
|
-
The sprint remains Codex-first, local-first, read-only-first, and public-safe by default. It does not claim full business truth, customer readiness, Claude Code parity, remote sync, generic GUI mutation, unattended desktop control, permission bypass, or enterprise/customer-ready security. npm `latest` promotion and GitHub Release creation are complete for 1.
|
|
41
|
+
The sprint remains Codex-first, local-first, read-only-first, and public-safe by default. It does not claim full business truth, customer readiness, Claude Code parity, remote sync, generic GUI mutation, unattended desktop control, permission bypass, or enterprise/customer-ready security. npm `latest` promotion and GitHub Release creation are complete for 1.2.2. Desktop-visible classification and fallback readiness/status are proven by #307/#308; actual Codex GUI mutation remains excluded until a future action-bound proof gate records the exact backend, target, action hash, approval, and observation.
|
|
39
42
|
|
|
40
43
|
What 1.2 should let a local OpenClaw agent do next:
|
|
41
44
|
|
|
@@ -79,13 +82,13 @@ What a local OpenClaw agent can do today:
|
|
|
79
82
|
- Inspect `authorityCoverage` on operating-picture outputs before trusting GitHub, PLAN_STATE, or future P1 source claims.
|
|
80
83
|
- Classify package and gateway readiness with `loo onboard status`, `loo openclaw dogfood`, `loo openclaw tool-smoke`, and `loo openclaw published-smoke`.
|
|
81
84
|
- Follow the packaged agent skill and M9 dogfood scenario to produce a public-safe recommendation from source refs, bounded expansion, detail lookups, and dry-run audit hashes.
|
|
82
|
-
- Use `loo release general-readiness --strict` to decide whether fresh npm install, clean-profile OpenClaw load, and agent dogfood evidence are enough for a
|
|
85
|
+
- Use `loo release general-readiness --strict` to decide whether fresh npm install, clean-profile OpenClaw load, clean-profile gateway readiness, and agent dogfood evidence are enough for a stable/general release claim.
|
|
83
86
|
|
|
84
87
|
## Completed Proof: Working App Runtime
|
|
85
88
|
|
|
86
|
-
Completed proof from M7/M9 remains part of the evidence base. Milestone 7 and the [Working App Proof Sprint](docs/WORKING_APP_PROOF_SPRINT.md) moved LCO beyond reduced-scope dry-run claims by proving installed OpenClaw gateway paths, live `loo_*` calls through the same surface an OpenClaw agent uses, approved live Codex action proof where explicitly claimed, post-action refresh reasoning, action-bound desktop collaboration proof gates, connected local search UI contracts, runtime proof gates, and Claude Code adapter inventory boundaries. M9 added the agent handoff lane, first-class OpenClaw agent usage skill, docs truth pass, agent dogfood scenario, fresh npm clean-profile smoke, and
|
|
89
|
+
Completed proof from M7/M9 remains part of the evidence base. Milestone 7 and the [Working App Proof Sprint](docs/WORKING_APP_PROOF_SPRINT.md) moved LCO beyond reduced-scope dry-run claims by proving installed OpenClaw gateway paths, live `loo_*` calls through the same surface an OpenClaw agent uses, approved live Codex action proof where explicitly claimed, post-action refresh reasoning, action-bound desktop collaboration proof gates, connected local search UI contracts, runtime proof gates, and Claude Code adapter inventory boundaries. M9 added the agent handoff lane, first-class OpenClaw agent usage skill, docs truth pass, agent dogfood scenario, fresh npm clean-profile smoke, and general-release readiness gate.
|
|
87
90
|
|
|
88
|
-
Completed proof does not mean
|
|
91
|
+
Completed proof does not mean broad automation parity. Generic GUI mutation, Codex GUI mutation, Claude Code parity, cloud sync, unattended takeover, and release-grade enterprise security remain excluded until separate issues and evidence prove them.
|
|
89
92
|
|
|
90
93
|
## Primary User Stories
|
|
91
94
|
|
|
@@ -291,9 +294,9 @@ Release candidates follow [docs/BETA_RELEASE_RUNBOOK.md](docs/BETA_RELEASE_RUNBO
|
|
|
291
294
|
|
|
292
295
|
## Proof Boundary
|
|
293
296
|
|
|
294
|
-
Allowed
|
|
297
|
+
Allowed stable 1.2.2 claim:
|
|
295
298
|
|
|
296
|
-
>
|
|
299
|
+
> Collaborate with local Codex sessions through OpenClaw using local indexing, prepared-state recall, bounded expansion, and approval-gated dry-run/control boundaries.
|
|
297
300
|
|
|
298
301
|
Do not claim:
|
|
299
302
|
|
|
@@ -23,6 +23,7 @@ export function createGeneralReleaseReadiness(options) {
|
|
|
23
23
|
const packageVersion = readString(packageJson, "version");
|
|
24
24
|
const expectedDistTag = distTagForVersion(packageVersion ?? "");
|
|
25
25
|
const expectedPackage = packageName ? `${packageName}@${expectedDistTag}` : null;
|
|
26
|
+
const releaseLabel = formatReleaseLabel(expectedPackage, packageVersion);
|
|
26
27
|
const freshNpmEvidence = resolveEvidencePath(evidenceDir, options.freshNpmEvidence);
|
|
27
28
|
const agentDogfoodEvidence = resolveEvidencePath(evidenceDir, options.agentDogfoodEvidence);
|
|
28
29
|
const checks = {
|
|
@@ -56,10 +57,10 @@ export function createGeneralReleaseReadiness(options) {
|
|
|
56
57
|
liveCodexControlRun: false,
|
|
57
58
|
desktopGuiActionRun: false
|
|
58
59
|
},
|
|
59
|
-
proofBoundary:
|
|
60
|
+
proofBoundary: `This gate defines and validates general-release readiness evidence for ${releaseLabel}; it does not publish npm, move npm dist-tags, create a GitHub Release, run live Codex control, mutate a GUI, claim Claude parity, or claim enterprise/customer-ready security.`,
|
|
60
61
|
nextAction: blockers.length === 0
|
|
61
|
-
? "Use this packet as one input to a separate explicit stable release issue before any npm
|
|
62
|
-
: "Produce the missing public-safe evidence or update docs before treating
|
|
62
|
+
? "Use this packet as one input to a separate explicit stable release issue before any npm dist-tag promotion or GitHub Release."
|
|
63
|
+
: "Produce the missing public-safe evidence or update docs before treating this release candidate as generally ready."
|
|
63
64
|
};
|
|
64
65
|
writeFileSync(readinessManifestPath, `${JSON.stringify(report, null, 2)}\n`);
|
|
65
66
|
return report;
|
|
@@ -101,8 +102,7 @@ function validateDocsTruth(rootDir) {
|
|
|
101
102
|
return check(Boolean(surfaces.every((content) => content
|
|
102
103
|
&& /loo release general-readiness/i.test(content)
|
|
103
104
|
&& /fresh npm/i.test(content)
|
|
104
|
-
&& /agent dogfood/i.test(content)
|
|
105
|
-
&& /1\.0/i.test(content))), "README, VISION, and release runbook point to the 1.0 general-readiness gate");
|
|
105
|
+
&& /agent dogfood/i.test(content))), "README, VISION, and release runbook point to the general-readiness gate");
|
|
106
106
|
}
|
|
107
107
|
function validateFreshNpmEvidence(path, expected) {
|
|
108
108
|
if (!path || !existsSync(path)) {
|
|
@@ -230,6 +230,14 @@ function readString(input, key) {
|
|
|
230
230
|
const value = input[key];
|
|
231
231
|
return typeof value === "string" ? value : null;
|
|
232
232
|
}
|
|
233
|
+
function formatReleaseLabel(expectedPackage, packageVersion) {
|
|
234
|
+
if (!expectedPackage || !packageVersion)
|
|
235
|
+
return "the current package release";
|
|
236
|
+
const safePackageVersion = /^[0-9A-Za-z.+-]{1,80}$/.test(packageVersion)
|
|
237
|
+
? packageVersion
|
|
238
|
+
: "untrusted-version";
|
|
239
|
+
return `${expectedPackage} (${safePackageVersion})`;
|
|
240
|
+
}
|
|
233
241
|
function readNestedString(input, path) {
|
|
234
242
|
const value = readNested(input, path);
|
|
235
243
|
return typeof value === "string" ? value : null;
|
|
@@ -401,6 +401,8 @@ async function main() {
|
|
|
401
401
|
console.log(JSON.stringify(report, null, 2));
|
|
402
402
|
if (parsed.strict && !report.ok)
|
|
403
403
|
process.exitCode = 1;
|
|
404
|
+
if (parsed.gatewayReadyStrict && !report.publishedSmokeReady)
|
|
405
|
+
process.exitCode = 1;
|
|
404
406
|
return;
|
|
405
407
|
}
|
|
406
408
|
if (command === "openclaw" && args[0] === "live-control-smoke") {
|
|
@@ -1169,7 +1171,7 @@ function printGeneralReleaseReadinessHelp() {
|
|
|
1169
1171
|
"Usage:",
|
|
1170
1172
|
" loo release general-readiness --evidence-dir path [--fresh-npm-evidence path] [--agent-dogfood-evidence path] [--now iso] [--strict]",
|
|
1171
1173
|
"",
|
|
1172
|
-
"Writes a public-safe
|
|
1174
|
+
"Writes a public-safe general-release readiness packet for the current package version without performing release actions.",
|
|
1173
1175
|
"",
|
|
1174
1176
|
"Required evidence:",
|
|
1175
1177
|
" --fresh-npm-evidence points to a public-safe `loo openclaw published-smoke` report with clean-profile gateway status ready.",
|
|
@@ -1179,19 +1181,26 @@ function printGeneralReleaseReadinessHelp() {
|
|
|
1179
1181
|
" --strict exits non-zero until docs, skill/playbook, M9 scenarios, fresh npm proof, and agent dogfood proof are complete.",
|
|
1180
1182
|
"",
|
|
1181
1183
|
"Safety boundary:",
|
|
1182
|
-
" The command does not publish npm, does not move npm
|
|
1184
|
+
" The command does not publish npm, does not move npm dist-tags, does not create a GitHub Release, does not run live Codex control, and does not perform desktop GUI mutation."
|
|
1183
1185
|
].join("\n"));
|
|
1184
1186
|
}
|
|
1185
1187
|
function printOpenClawPublishedSmokeHelp() {
|
|
1186
1188
|
console.log([
|
|
1187
1189
|
"Usage:",
|
|
1188
|
-
" loo openclaw published-smoke --evidence-dir path --dogfood-report path --tool-smoke-report path [--configured-tool-smoke-report path] [--npm-install-diagnostic-report path] [--registry-version version] [--registry-beta-version version] [--root path] [--now iso] [--strict]",
|
|
1190
|
+
" loo openclaw published-smoke --evidence-dir path --dogfood-report path --tool-smoke-report path [--configured-tool-smoke-report path] [--npm-install-diagnostic-report path] [--registry-version version] [--registry-beta-version version] [--root path] [--now iso] [--strict] [--gateway-ready-strict]",
|
|
1189
1191
|
"",
|
|
1190
|
-
"Writes a public-safe summary of the published npm
|
|
1192
|
+
"Writes a public-safe summary of the published npm package path for the expected dist-tag and gateway setup state.",
|
|
1191
1193
|
"",
|
|
1192
1194
|
"This command consumes sanitized reports from `loo openclaw dogfood` and `loo openclaw tool-smoke`.",
|
|
1193
1195
|
"Optional `--configured-tool-smoke-report` records a separately named configured-profile gateway proof without marking the fresh published profile ready.",
|
|
1194
1196
|
"Optional `--npm-install-diagnostic-report` records public-safe npm selector drift and tarball fallback proof without storing raw npm output.",
|
|
1197
|
+
"",
|
|
1198
|
+
"Strict mode:",
|
|
1199
|
+
" --strict exits non-zero only when ok/packagePathOk is false; it is package-path strict.",
|
|
1200
|
+
" --gateway-ready-strict exits non-zero unless publishedSmokeReady is true for the clean published profile.",
|
|
1201
|
+
" With both flags, any failed package-path or clean-profile gateway-ready condition exits non-zero.",
|
|
1202
|
+
" A configured gateway proof is recorded separately and never substitutes for fresh-profile gateway readiness.",
|
|
1203
|
+
"",
|
|
1195
1204
|
"It does not run npm install, does not call OpenClaw, does not run live Codex control, and does not mutate a desktop GUI."
|
|
1196
1205
|
].join("\n"));
|
|
1197
1206
|
}
|
|
@@ -2205,7 +2214,7 @@ function parseOpenClawToolSmokeArgs(input) {
|
|
|
2205
2214
|
return parsed;
|
|
2206
2215
|
}
|
|
2207
2216
|
function parseOpenClawPublishedSmokeArgs(input) {
|
|
2208
|
-
const parsed = { strict: false };
|
|
2217
|
+
const parsed = { strict: false, gatewayReadyStrict: false };
|
|
2209
2218
|
for (let index = 0; index < input.length; index += 1) {
|
|
2210
2219
|
const arg = input[index];
|
|
2211
2220
|
if (arg === "--evidence-dir") {
|
|
@@ -2238,6 +2247,9 @@ function parseOpenClawPublishedSmokeArgs(input) {
|
|
|
2238
2247
|
else if (arg === "--strict") {
|
|
2239
2248
|
parsed.strict = true;
|
|
2240
2249
|
}
|
|
2250
|
+
else if (arg === "--gateway-ready-strict") {
|
|
2251
|
+
parsed.gatewayReadyStrict = true;
|
|
2252
|
+
}
|
|
2241
2253
|
else {
|
|
2242
2254
|
throw new Error(`Unknown openclaw published-smoke option: ${arg}`);
|
|
2243
2255
|
}
|
|
@@ -2256,7 +2268,8 @@ function parseOpenClawPublishedSmokeArgs(input) {
|
|
|
2256
2268
|
toolSmokeReportPath: parsed.toolSmokeReportPath,
|
|
2257
2269
|
configuredToolSmokeReportPath: parsed.configuredToolSmokeReportPath,
|
|
2258
2270
|
npmInstallDiagnosticReportPath: parsed.npmInstallDiagnosticReportPath,
|
|
2259
|
-
strict: parsed.strict
|
|
2271
|
+
strict: parsed.strict,
|
|
2272
|
+
gatewayReadyStrict: parsed.gatewayReadyStrict
|
|
2260
2273
|
};
|
|
2261
2274
|
}
|
|
2262
2275
|
function parseOpenClawLiveControlSmokeArgs(input) {
|
|
@@ -107,7 +107,13 @@ export function runOpenClawToolSmoke(options = {}) {
|
|
|
107
107
|
tokenBudget,
|
|
108
108
|
desktopFallbackCoherence: options.desktopFallbackCoherence
|
|
109
109
|
});
|
|
110
|
-
if (toolName === "
|
|
110
|
+
if (toolName === "loo_describe_ref"
|
|
111
|
+
|| toolName === "loo_describe_session"
|
|
112
|
+
|| toolName === "loo_expand_session"
|
|
113
|
+
|| toolName === "loo_codex_control_dry_run"
|
|
114
|
+
|| toolName === "loo_codex_resume_thread"
|
|
115
|
+
|| toolName === "loo_codex_desktop_coherence"
|
|
116
|
+
|| toolName === "loo_codex_desktop_fallback_status") {
|
|
111
117
|
if (!args) {
|
|
112
118
|
blockers.push("openclaw_tool_smoke_missing_thread_ref");
|
|
113
119
|
continue;
|
|
@@ -413,6 +419,8 @@ function sanitizeEvidencePath(evidencePath) {
|
|
|
413
419
|
function buildToolArgs(params) {
|
|
414
420
|
if (params.toolName === "loo_search_sessions")
|
|
415
421
|
return { query: params.query, limit: 3 };
|
|
422
|
+
if (params.toolName === "loo_describe_ref")
|
|
423
|
+
return params.threadId ? { source_ref: `codex_thread:${params.threadId}` } : null;
|
|
416
424
|
if (params.toolName === "loo_describe_session")
|
|
417
425
|
return params.threadId ? { thread_id: params.threadId } : null;
|
|
418
426
|
if (params.toolName === "loo_expand_session") {
|
|
@@ -560,6 +568,12 @@ function buildToolArgs(params) {
|
|
|
560
568
|
message: CONTROL_DRY_RUN_MESSAGE
|
|
561
569
|
} : null;
|
|
562
570
|
}
|
|
571
|
+
if (params.toolName === "loo_codex_resume_thread") {
|
|
572
|
+
return params.threadId ? {
|
|
573
|
+
thread_id: params.threadId,
|
|
574
|
+
dry_run: true
|
|
575
|
+
} : null;
|
|
576
|
+
}
|
|
563
577
|
return {};
|
|
564
578
|
}
|
|
565
579
|
const TOOL_SMOKE_NOW = "2026-07-01T12:00:00.000Z";
|
|
@@ -794,7 +808,7 @@ function summarizeInvocation(toolName, call, requestArgs = {}) {
|
|
|
794
808
|
if (tokenBudget !== undefined)
|
|
795
809
|
summary.tokenBudget = tokenBudget;
|
|
796
810
|
}
|
|
797
|
-
if (toolName === "loo_codex_control_dry_run") {
|
|
811
|
+
if (toolName === "loo_codex_control_dry_run" || toolName === "loo_codex_resume_thread") {
|
|
798
812
|
const upstreamBlocked = blockers.length > 0;
|
|
799
813
|
const dryRunOutput = details ?? output;
|
|
800
814
|
summary.live = booleanPath(dryRunOutput, ["live"]);
|
|
@@ -813,7 +827,11 @@ function summarizeInvocation(toolName, call, requestArgs = {}) {
|
|
|
813
827
|
summary.method = method;
|
|
814
828
|
if (action)
|
|
815
829
|
summary.action = action;
|
|
816
|
-
|
|
830
|
+
const messageHashRequired = action === "codex_send_message"
|
|
831
|
+
|| action === "codex_steer_thread"
|
|
832
|
+
|| method === "turn/start"
|
|
833
|
+
|| method === "turn/steer";
|
|
834
|
+
if (!upstreamBlocked && (summary.live !== false || !approvalAuditId || !paramsHash || (messageHashRequired && !messageHash))) {
|
|
817
835
|
blockers.push("openclaw_control_dry_run_not_proven");
|
|
818
836
|
}
|
|
819
837
|
}
|
|
@@ -2,6 +2,13 @@ import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
|
|
|
2
2
|
import { dirname, join, resolve } from "node:path";
|
|
3
3
|
import { fileURLToPath } from "node:url";
|
|
4
4
|
import { PACKAGE_NAME, distTagForVersion, matchingRegistryStatus, mismatchedRegistryStatus } from "./dist-tag.js";
|
|
5
|
+
const READINESS_SEMANTICS = Object.freeze({
|
|
6
|
+
okField: "packagePathOk",
|
|
7
|
+
strictModeExitsOn: "packagePathOk_false",
|
|
8
|
+
gatewayReadyStrictExitsOn: "publishedSmokeReady_false",
|
|
9
|
+
cleanProfileGatewayReadyField: "publishedSmokeReady",
|
|
10
|
+
configuredGatewayProofSeparate: true
|
|
11
|
+
});
|
|
5
12
|
export function createPublishedPackageSmokeReport(options) {
|
|
6
13
|
const rootDir = options.rootDir
|
|
7
14
|
? resolve(options.rootDir)
|
|
@@ -69,6 +76,7 @@ export function createPublishedPackageSmokeReport(options) {
|
|
|
69
76
|
ok: packagePathOk,
|
|
70
77
|
publishedSmokeReady: packagePathOk && toolSmokeReady,
|
|
71
78
|
packagePathOk,
|
|
79
|
+
readinessSemantics: READINESS_SEMANTICS,
|
|
72
80
|
publicSafe: true,
|
|
73
81
|
localOnly: true,
|
|
74
82
|
dryRun: true,
|
|
@@ -118,7 +126,7 @@ export function createPublishedPackageSmokeReport(options) {
|
|
|
118
126
|
"tokens, credentials, API keys, cookies",
|
|
119
127
|
"private customer data"
|
|
120
128
|
],
|
|
121
|
-
proofBoundary: `This published package smoke report summarizes public-safe ${expectedDistTag} install and gateway setup evidence only;
|
|
129
|
+
proofBoundary: `This published package smoke report summarizes public-safe ${expectedDistTag} install and gateway setup evidence only. ok/packagePathOk are package-path claims; publishedSmokeReady is the clean-profile gateway-ready claim. This command does not run live Codex control, mutate a desktop GUI, publish npm, create a GitHub Release, store raw npm output, or store raw OpenClaw gateway output.`
|
|
122
130
|
};
|
|
123
131
|
if (options.evidenceDir)
|
|
124
132
|
writePublishedPackageSmokeReport(report, options.evidenceDir);
|
|
@@ -7,7 +7,7 @@ import { createLooToolDeclarations, executeLooToolForOpenClaw, createLooTools }
|
|
|
7
7
|
export const pluginMetadata = {
|
|
8
8
|
id: "lossless-openclaw-orchestrator",
|
|
9
9
|
name: "Lossless OpenClaw Orchestrator",
|
|
10
|
-
description: "
|
|
10
|
+
description: "Collaborate with local Codex sessions through OpenClaw using local indexing, prepared-state recall, bounded expansion, and approval-gated dry-run/control boundaries.",
|
|
11
11
|
kind: "tool",
|
|
12
12
|
mcp: {
|
|
13
13
|
command: "loo-mcp-server",
|
|
@@ -321,10 +321,11 @@ A release candidate may be announced internally when all of these are true:
|
|
|
321
321
|
- no public artifact contains raw Codex JSONL, local SQLite databases, raw
|
|
322
322
|
prompts, screenshots, credentials, tokens, or private transcripts
|
|
323
323
|
|
|
324
|
-
##
|
|
324
|
+
## Stable General Readiness Gate
|
|
325
325
|
|
|
326
|
-
The beta train can publish scoped prereleases without claiming
|
|
327
|
-
candidate must also pass the deeper
|
|
326
|
+
The beta train can publish scoped prereleases without claiming stable/general
|
|
327
|
+
readiness. A stable candidate must also pass the deeper
|
|
328
|
+
[Release Checklist](RELEASE_CHECKLIST.md).
|
|
328
329
|
Run candidate gates before publication, then run fresh npm `@latest` and agent
|
|
329
330
|
dogfood evidence after publication before closing the stable issue. The
|
|
330
331
|
user-facing post-publish command is `loo release general-readiness`; the
|
|
@@ -338,13 +339,14 @@ node ./dist/packages/cli/src/index.js release general-readiness \
|
|
|
338
339
|
--strict
|
|
339
340
|
```
|
|
340
341
|
|
|
341
|
-
This post-publish gate is intentionally stricter than a beta first-run
|
|
342
|
-
`gateway_setup_required` can be acceptable beta onboarding evidence,
|
|
343
|
-
not enough for
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
342
|
+
This post-publish gate is intentionally stricter than a beta first-run
|
|
343
|
+
classifier: `gateway_setup_required` can be acceptable beta onboarding evidence,
|
|
344
|
+
but it is not enough for a stable/general readiness claim. The stable gate
|
|
345
|
+
requires a fresh npm install, clean-profile OpenClaw load, clean-profile gateway
|
|
346
|
+
tool-smoke readiness, agent dogfood through gateway tools, and docs truth. If
|
|
347
|
+
resume, steer, or interrupt have not passed live proof on disposable threads,
|
|
348
|
+
the release copy must exclude broad live control and name only the proven live
|
|
349
|
+
send path.
|
|
348
350
|
|
|
349
351
|
## Publication Approval Gates
|
|
350
352
|
|
|
@@ -381,8 +383,11 @@ separate operations are actually approved and executed.
|
|
|
381
383
|
Record `npm dist-tag ls lossless-openclaw-orchestrator` in the release evidence
|
|
382
384
|
after every npm publication. Stable releases publish with
|
|
383
385
|
`npm publish --tag latest`; public betas publish with `npm publish --tag beta`;
|
|
384
|
-
release candidates publish with `npm publish --tag next`. The
|
|
385
|
-
|
|
386
|
+
release candidates publish with `npm publish --tag next`. The stable channel
|
|
387
|
+
currently points at `1.2.2`; future stable releases move `latest` only after the
|
|
388
|
+
separate stable-promotion gate proves the exact candidate. Keep beta and other
|
|
389
|
+
prereleases on prerelease tags. Do not publish a fake stable package just to
|
|
390
|
+
move a dist-tag. Release candidates must publish with `npm publish --tag next`;
|
|
386
391
|
RC branches also carry `package.json` `publishConfig.tag` set to `next` as a
|
|
387
392
|
fail-closed guard against accidental untagged publication. Stable branches carry
|
|
388
393
|
`package.json` `publishConfig.tag` set to `latest`. Do not run untagged
|
package/docs/CLAIM_AUDIT.md
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
# Public
|
|
1
|
+
# Public Claim Audit
|
|
2
2
|
|
|
3
|
-
## Allowed
|
|
3
|
+
## Allowed Stable 1.2.2 Claim
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Collaborate with local Codex sessions through OpenClaw using local indexing, prepared-state recall, bounded expansion, and approval-gated dry-run/control boundaries.
|
|
6
6
|
|
|
7
|
-
This claim is limited to the Codex
|
|
7
|
+
This claim is limited to the Codex stable path that has tests and local smoke coverage: indexing, search, describe, prepared-state cards/inbox, summary leaves, bounded expansion, read-only LCM peer recall, Codex direct protocol diagnostics, dry-run approval audits, and read-only CUA/Peekaboo readiness.
|
|
8
8
|
|
|
9
9
|
When a release candidate is scoped to read/search/describe/expand plus dry-run
|
|
10
10
|
control only, use `--claim-scope codex-read-search-expand-dry-run` on release
|
|
@@ -74,8 +74,11 @@ blockers instead of allowing a working-app claim.
|
|
|
74
74
|
## npm dist-tag policy
|
|
75
75
|
|
|
76
76
|
Install stable releases through the `latest` dist-tag, public betas through the
|
|
77
|
-
`beta` dist-tag, and release candidates through `next`. The
|
|
78
|
-
|
|
77
|
+
`beta` dist-tag, and release candidates through `next`. The stable channel
|
|
78
|
+
currently points at `1.2.2`; future stable releases move `latest` only after the
|
|
79
|
+
separate stable-promotion gate proves the exact candidate. Keep beta and other
|
|
80
|
+
prereleases on prerelease tags. Do not publish a fake stable package just to
|
|
81
|
+
move a dist-tag.
|
|
79
82
|
|
|
80
83
|
## Release Checklist
|
|
81
84
|
|
|
@@ -52,9 +52,9 @@ Every beta, RC, and stable release must have public-safe evidence for:
|
|
|
52
52
|
- GitHub issue/tracker updates with evidence path and proof boundary
|
|
53
53
|
- no open PRs or release-blocking issues for the claimed tier
|
|
54
54
|
|
|
55
|
-
##
|
|
55
|
+
## Stable General Release
|
|
56
56
|
|
|
57
|
-
For
|
|
57
|
+
For a stable/general release, the release must additionally prove:
|
|
58
58
|
|
|
59
59
|
- fresh npm stable install from the registry, not a linked repo checkout or a
|
|
60
60
|
beta/RC substitute
|
|
@@ -63,8 +63,8 @@ For 1.0, the release must additionally prove:
|
|
|
63
63
|
- if fresh-profile gateway credentials are missing, published-smoke evidence
|
|
64
64
|
must classify the blocker as setup-required and show token generation,
|
|
65
65
|
env-ref onboarding, gateway status, and fresh-profile tool-smoke commands
|
|
66
|
-
without storing raw tokens; this remains a
|
|
67
|
-
actually ready
|
|
66
|
+
without storing raw tokens; this remains a stable-readiness blocker until
|
|
67
|
+
clean-profile tool-smoke is actually ready
|
|
68
68
|
- first-class agent skill/playbook is packaged and current
|
|
69
69
|
- agent dogfood completes the core workflow through gateway tools:
|
|
70
70
|
doctor, search, describe, expand, plan/final/touched-file lookup, recommend,
|
|
@@ -75,8 +75,8 @@ For 1.0, the release must additionally prove:
|
|
|
75
75
|
- live control claims name the exact control matrix that passed
|
|
76
76
|
|
|
77
77
|
If resume, steer, or interrupt have not passed live proof on disposable threads,
|
|
78
|
-
the
|
|
79
|
-
path is available.
|
|
78
|
+
the stable/general release claim must exclude broad live control and say only the
|
|
79
|
+
proven live send path is available.
|
|
80
80
|
|
|
81
81
|
## npm Dist-Tag Boundary
|
|
82
82
|
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
# Release Notes 1.2.1
|
|
2
|
+
|
|
3
|
+
`1.2.1` is a patch release for the LCO 1.2 prepared-state sprint and
|
|
4
|
+
Codex-first local orchestration. It publishes the OpenClaw facade dogfood fix
|
|
5
|
+
from #497 / #498 to the stable npm `latest` channel without widening the 1.2
|
|
6
|
+
claim boundary.
|
|
7
|
+
|
|
8
|
+
This release is focused on local Codex sessions. Prepared state remains an
|
|
9
|
+
advisory local derived cache, not source authority for PR, CI, release,
|
|
10
|
+
runtime, customer, or business truth.
|
|
11
|
+
|
|
12
|
+
## What Changed
|
|
13
|
+
|
|
14
|
+
- Fixes the OpenClaw facade smoke validator so `loo_codex_resume_thread`
|
|
15
|
+
dry-run proof accepts the actual resume packet shape: `live: false`,
|
|
16
|
+
`approvalAuditId`, `paramsHash`, `method: "thread/resume"`, and
|
|
17
|
+
`action: "codex_resume_thread"`.
|
|
18
|
+
- Keeps message hashes required for message-carrying send/steer dry-run
|
|
19
|
+
proofs such as `loo_codex_control_dry_run` with `turn/start` or
|
|
20
|
+
`turn/steer`.
|
|
21
|
+
- Adds regression coverage proving resume dry-run proof does not require a
|
|
22
|
+
message hash while send-message dry-runs still fail closed without one.
|
|
23
|
+
- Carries forward additive prepared-state storage for source events, source
|
|
24
|
+
ranges, summary leaves, summary edges, prepared cards, watcher observations,
|
|
25
|
+
hook capture packets, and state-prep jobs.
|
|
26
|
+
- Carries forward deterministic summary leaves from user prompts, proposed
|
|
27
|
+
plans, finals, closeout envelopes, touched-file metadata, tool-call metadata,
|
|
28
|
+
and compaction markers while ignoring huge raw tool-call payloads by default.
|
|
29
|
+
- Carries forward bounded summary expansion with source ranges, max-depth and
|
|
30
|
+
max-node limits, cycle rejection, and explicit omission markers.
|
|
31
|
+
- Carries forward prepared cards and prepared inbox routing with freshness,
|
|
32
|
+
confidence, privacy class, source coverage, authority coverage, and
|
|
33
|
+
stale/partial/unknown downgrades.
|
|
34
|
+
- Carries forward persisted watcher observations and an execute-false local
|
|
35
|
+
attention queue for safe advisory automation.
|
|
36
|
+
- Carries forward hook sidecar commands for closeout capture, state prep, and
|
|
37
|
+
compaction marker capture without opening transcript paths by default.
|
|
38
|
+
- Carries forward OpenClaw gateway dogfood coverage for the prepared-state
|
|
39
|
+
workflow.
|
|
40
|
+
- Carries forward optional local model compaction spike gates and a
|
|
41
|
+
Codex-native compaction-summary capture proposal without claiming true native
|
|
42
|
+
capture.
|
|
43
|
+
- Carries forward semantic lifecycle states for prepared cards and prepared
|
|
44
|
+
inbox routing: `completed`, `blocked_missing_info`, `waiting_approval`,
|
|
45
|
+
`watching_external_check`, `needs_resume`, `dirty_worktree_handoff`,
|
|
46
|
+
`ready_for_review`, `stale_or_partial`, and `unknown_lifecycle`.
|
|
47
|
+
- Carries forward the shared core lifecycle registry, MCP tool schema,
|
|
48
|
+
OpenClaw plugin manifests, and OpenClaw gateway smoke validation.
|
|
49
|
+
- Carries forward deterministic lifecycle reason codes, lifecycle-aware next
|
|
50
|
+
actions, and urgency ranking for advisory prepared cards.
|
|
51
|
+
- Carries forward the completed-card summary counter so finished lanes remain
|
|
52
|
+
visible in prepared-card summaries.
|
|
53
|
+
- Carries forward lifecycle classification hardening so generic words such as
|
|
54
|
+
`resume`, `monitor`, and `ci` do not become lifecycle states without
|
|
55
|
+
operator-action context.
|
|
56
|
+
- Carries forward completed prepared-card target coverage so a fresh public
|
|
57
|
+
completed card counts as target coverage `ok` and does not make
|
|
58
|
+
`loo_prepared_state_status` report stale/partial coverage for a fully
|
|
59
|
+
materialized completed lane.
|
|
60
|
+
- Carries forward stale, partial, unknown, unsafe-row, and stale-freshness
|
|
61
|
+
downgrades for incomplete or unsafe prepared-state evidence.
|
|
62
|
+
- Carries forward the #160 desktop proof-action release boundary:
|
|
63
|
+
`loo_desktop_proof_action` / `loo desktop proof-action` validates the
|
|
64
|
+
CUA Driver TextEdit scratch proof gate and does not prove generic GUI
|
|
65
|
+
mutation.
|
|
66
|
+
The proof action still requires exact backend, target app, target window, action hash, approval ref, permission state, scratch file path, and `execute: true` before the backend can run.
|
|
67
|
+
Generic gateway invocation without exact proof args fails closed. The desktop
|
|
68
|
+
proof action keeps the same proof boundary as beta.35.
|
|
69
|
+
- Carries forward strict OpenClaw gateway result handling: plugin output with
|
|
70
|
+
`output.details.ok: false` is reported as
|
|
71
|
+
`openclaw_tool_result_not_ok:<tool>` rather than successful tool proof.
|
|
72
|
+
|
|
73
|
+
## Current Claim Scope
|
|
74
|
+
|
|
75
|
+
Allowed stable claim:
|
|
76
|
+
|
|
77
|
+
> Local prepared Codex state and summary-leaf recall for OpenClaw/Eva, including
|
|
78
|
+
> semantic prepared-card lifecycle routing, prepared inbox prioritization,
|
|
79
|
+
> bounded summary expansion, visible Codex sidebar inventory, hook sidecar
|
|
80
|
+
> foundations, watcher observations, and approval-gated start-thread proof
|
|
81
|
+
> packets without raw transcript reads.
|
|
82
|
+
|
|
83
|
+
The stable channel means the scoped prepared-state and cockpit-management
|
|
84
|
+
surface is ready as a public local-Codex release. It does not broaden the
|
|
85
|
+
control, GUI, Claude, customer, or enterprise-security proof boundary.
|
|
86
|
+
|
|
87
|
+
## Release Gate Notes
|
|
88
|
+
|
|
89
|
+
- Parent 1.2 tracker: #405.
|
|
90
|
+
- GA assurance tracker: #478.
|
|
91
|
+
- Patch-release issue: #500.
|
|
92
|
+
- Facade dogfood bug: #497.
|
|
93
|
+
- Patch PRs: #498 and the 1.2.1 release PR.
|
|
94
|
+
- Baseline stable release: `v1.2.0`.
|
|
95
|
+
- Candidate package: `lossless-openclaw-orchestrator@1.2.1`.
|
|
96
|
+
- Expected npm dist-tag: `latest`.
|
|
97
|
+
- Expected git tag: `v1.2.1`.
|
|
98
|
+
- Required stable gates: focused OpenClaw tool-smoke tests, release claim
|
|
99
|
+
audit, build/typecheck, `npm pack --dry-run`, release bundle/status checks,
|
|
100
|
+
GitHub CI, CodeQL, current-head review threads clear, npm publish to
|
|
101
|
+
`latest`, GitHub release, and post-publish finalization status.
|
|
102
|
+
- Bundle/status/finalization dry-run checks do not publish to npm and do not create a GitHub Release.
|
|
103
|
+
- Working-app status example:
|
|
104
|
+
`loo release status --claim-scope codex-working-app-proof --runtime-proof-dir <path> --approved-live-control-evidence <path> --npm-publish-approval-evidence <path> --github-release-approval-evidence <path> --candidate-sha <sha> --github-ci-evidence <path> --codeql-evidence <path> --evidence-dir <path> --strict`
|
|
105
|
+
- Reduced-scope status example:
|
|
106
|
+
`loo release status --claim-scope codex-read-search-expand-dry-run --npm-publish-approval-evidence <path> --github-release-approval-evidence <path> --candidate-sha <sha> --github-ci-evidence <path> --codeql-evidence <path> --evidence-dir <path> --strict`
|
|
107
|
+
- `approved_live_control_smoke_missing` remains the expected blocker when a
|
|
108
|
+
working-app or live-control claim is attempted without approved live-control
|
|
109
|
+
smoke evidence for the exact candidate SHA.
|
|
110
|
+
|
|
111
|
+
## Explicit Non-Claims
|
|
112
|
+
|
|
113
|
+
No new live Codex control smoke is run by this release.
|
|
114
|
+
It does not run generic GUI mutation and does not run Codex GUI mutation.
|
|
115
|
+
No automatic gateway authorization.
|
|
116
|
+
No broad gateway scope approval. No prompt typing. No clicking. No arbitrary app control.
|
|
117
|
+
No screenshots or videos are part of the public release evidence.
|
|
118
|
+
Claude Code remains an adapter stub, not an adapter-equivalence claim.
|
|
119
|
+
No true Codex compaction-summary capture.
|
|
120
|
+
No raw model compaction by default and no default model access to raw transcript
|
|
121
|
+
or current `safe_text`.
|
|
122
|
+
No raw transcript upload and no OpenClaw LCM merge.
|
|
123
|
+
No source-store mutation.
|
|
124
|
+
No Notion, support-control, Stripe, or Company Brain P1 adapter proof.
|
|
125
|
+
No cloud sync.
|
|
126
|
+
No unattended desktop takeover.
|
|
127
|
+
No release-grade enterprise security or customer-ready security claim.
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
# Release Notes 1.2.2
|
|
2
|
+
|
|
3
|
+
`1.2.2` is a patch release for the LCO 1.2 stable train and Codex-first local orchestration.
|
|
4
|
+
It publishes the readiness-smoke semantics clarification from
|
|
5
|
+
#494 / #499 to the npm `latest` channel without widening the 1.2 claim
|
|
6
|
+
boundary.
|
|
7
|
+
|
|
8
|
+
This release is focused on local Codex sessions. Prepared state remains an
|
|
9
|
+
advisory local derived cache, not source authority for PR, CI, release,
|
|
10
|
+
runtime, customer, or business truth.
|
|
11
|
+
|
|
12
|
+
## What Changed
|
|
13
|
+
|
|
14
|
+
- Clarifies `loo openclaw published-smoke` strictness semantics:
|
|
15
|
+
`ok` / `packagePathOk` are package-path claims, while
|
|
16
|
+
`publishedSmokeReady` is the clean-profile gateway-ready claim.
|
|
17
|
+
- Adds `--gateway-ready-strict` so operators and CI can explicitly fail when a
|
|
18
|
+
fresh published profile still needs gateway credentials or device setup.
|
|
19
|
+
- Documents the combined `--strict` plus `--gateway-ready-strict` behavior:
|
|
20
|
+
either a package-path failure or clean-profile gateway-readiness failure exits
|
|
21
|
+
non-zero.
|
|
22
|
+
- Hardens the public `loo release general-readiness` proof-boundary label so an
|
|
23
|
+
unexpected package version string cannot inject uncontrolled text into the
|
|
24
|
+
public proof boundary.
|
|
25
|
+
- Freezes the `readinessSemantics` metadata object emitted by
|
|
26
|
+
`published-smoke`, keeping machine-readable exit semantics stable for
|
|
27
|
+
release scripts and audits.
|
|
28
|
+
- Carries forward the 1.2.1 facade smoke fix for resume dry-run proof, including
|
|
29
|
+
the distinction between resume packets and message-carrying send/steer
|
|
30
|
+
packets.
|
|
31
|
+
- Carries forward the #160 desktop proof-action release boundary:
|
|
32
|
+
`loo_desktop_proof_action` / `loo desktop proof-action` validates the
|
|
33
|
+
CUA Driver TextEdit scratch proof gate and does not prove generic GUI
|
|
34
|
+
mutation.
|
|
35
|
+
The proof action still requires exact backend, target app, target window, action hash, approval ref, permission state, scratch file path, and `execute: true` before the backend can run.
|
|
36
|
+
Generic gateway invocation without exact proof args fails closed. The desktop
|
|
37
|
+
proof action keeps the same proof boundary as beta.35.
|
|
38
|
+
- Carries forward strict OpenClaw gateway result handling: plugin output with
|
|
39
|
+
`output.details.ok: false` is reported as
|
|
40
|
+
`openclaw_tool_result_not_ok:<tool>` rather than successful tool proof.
|
|
41
|
+
|
|
42
|
+
## Current Claim Scope
|
|
43
|
+
|
|
44
|
+
Allowed stable claim:
|
|
45
|
+
|
|
46
|
+
> Collaborate with local Codex sessions through OpenClaw using local indexing,
|
|
47
|
+
> prepared-state recall, bounded expansion, and approval-gated dry-run/control
|
|
48
|
+
> boundaries.
|
|
49
|
+
|
|
50
|
+
The stable channel means the scoped prepared-state and cockpit-management
|
|
51
|
+
surface is ready as a public local-Codex release. It does not broaden the
|
|
52
|
+
control, GUI, Claude, customer, or enterprise-security proof boundary.
|
|
53
|
+
|
|
54
|
+
## Release Gate Notes
|
|
55
|
+
|
|
56
|
+
- Parent 1.2 tracker: #405.
|
|
57
|
+
- GA assurance tracker: #478.
|
|
58
|
+
- Patch-release issue: #503.
|
|
59
|
+
- Readiness-semantics issue: #494.
|
|
60
|
+
- Patch PRs: #499 and the 1.2.2 release PR.
|
|
61
|
+
- Baseline stable release: `v1.2.1`.
|
|
62
|
+
- Candidate package: `lossless-openclaw-orchestrator@1.2.2`.
|
|
63
|
+
- Expected npm dist-tag: `latest`.
|
|
64
|
+
- Expected git tag: `v1.2.2`.
|
|
65
|
+
- Required stable gates: focused release-smoke tests, release claim audit,
|
|
66
|
+
build/typecheck, `npm pack --dry-run`, release bundle/status checks, GitHub
|
|
67
|
+
CI, CodeQL, current-head review threads clear, npm publish to `latest`,
|
|
68
|
+
GitHub Release, and post-publish finalization status.
|
|
69
|
+
- Bundle/status/finalization dry-run checks do not publish to npm and will not create a GitHub Release.
|
|
70
|
+
- Working-app status example:
|
|
71
|
+
`loo release status --claim-scope codex-working-app-proof --runtime-proof-dir <path> --approved-live-control-evidence <path> --npm-publish-approval-evidence <path> --github-release-approval-evidence <path> --candidate-sha <sha> --github-ci-evidence <path> --codeql-evidence <path> --evidence-dir <path> --strict`
|
|
72
|
+
- Reduced-scope status example:
|
|
73
|
+
`loo release status --claim-scope codex-read-search-expand-dry-run --npm-publish-approval-evidence <path> --github-release-approval-evidence <path> --candidate-sha <sha> --github-ci-evidence <path> --codeql-evidence <path> --evidence-dir <path> --strict`
|
|
74
|
+
- `approved_live_control_smoke_missing` remains the expected blocker when a
|
|
75
|
+
working-app or live-control claim is attempted without approved live-control
|
|
76
|
+
smoke evidence for the exact candidate SHA.
|
|
77
|
+
|
|
78
|
+
## Explicit Non-Claims
|
|
79
|
+
|
|
80
|
+
No new live Codex control smoke is run by this release.
|
|
81
|
+
It does not run generic GUI mutation and does not run Codex GUI mutation.
|
|
82
|
+
No automatic gateway authorization.
|
|
83
|
+
No broad gateway scope approval. No prompt typing. No clicking. No arbitrary app control.
|
|
84
|
+
No screenshots or videos are part of the public release evidence.
|
|
85
|
+
Claude Code remains an adapter stub, not an adapter-equivalence claim.
|
|
86
|
+
No true Codex compaction-summary capture.
|
|
87
|
+
No raw model compaction by default and no default model access to raw transcript
|
|
88
|
+
or current `safe_text`.
|
|
89
|
+
No raw transcript upload and no OpenClaw LCM merge.
|
|
90
|
+
No source-store mutation.
|
|
91
|
+
No Notion, support-control, Stripe, or Company Brain P1 adapter proof.
|
|
92
|
+
No cloud sync.
|
|
93
|
+
No unattended desktop takeover.
|
|
94
|
+
No release-grade enterprise security or customer-ready security claim.
|
package/docs/SETUP.md
CHANGED
|
@@ -396,6 +396,10 @@ OpenClaw plugin installs but tools are missing
|
|
|
396
396
|
OpenClaw gateway tool smoke reports credential or device blockers
|
|
397
397
|
|
|
398
398
|
- Treat this as first-run gateway setup, not a package failure.
|
|
399
|
+
- In `loo openclaw published-smoke`, `ok`/`packagePathOk` prove package-path
|
|
400
|
+
health only. `publishedSmokeReady` is the clean-profile gateway-ready claim.
|
|
401
|
+
- A configured gateway proof is useful local evidence, but it does not satisfy
|
|
402
|
+
fresh-profile gateway readiness.
|
|
399
403
|
- Use the recovery commands returned by `loo openclaw published-smoke` or
|
|
400
404
|
`loo openclaw tool-smoke`.
|
|
401
405
|
|
package/openclaw.plugin.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"id": "lossless-openclaw-orchestrator",
|
|
3
3
|
"name": "Lossless OpenClaw Orchestrator",
|
|
4
|
-
"description": "
|
|
5
|
-
"version": "1.2.
|
|
4
|
+
"description": "Collaborate with local Codex sessions through OpenClaw using local indexing, prepared-state recall, bounded expansion, and approval-gated dry-run/control boundaries.",
|
|
5
|
+
"version": "1.2.2",
|
|
6
6
|
"kind": "tool",
|
|
7
7
|
"tools": {
|
|
8
8
|
"prefix": "loo_"
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "lossless-openclaw-orchestrator",
|
|
3
|
-
"version": "1.2.
|
|
4
|
-
"description": "Index, search, and
|
|
3
|
+
"version": "1.2.2",
|
|
4
|
+
"description": "Index, search, and prepare local Codex sessions for OpenClaw with approval-gated dry-run/control boundaries.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "PolyForm-Noncommercial-1.0.0",
|
|
7
7
|
"private": false,
|
|
@@ -74,6 +74,7 @@ export function createGeneralReleaseReadiness(options: GeneralReleaseReadinessOp
|
|
|
74
74
|
const packageVersion = readString(packageJson, "version");
|
|
75
75
|
const expectedDistTag = distTagForVersion(packageVersion ?? "");
|
|
76
76
|
const expectedPackage = packageName ? `${packageName}@${expectedDistTag}` : null;
|
|
77
|
+
const releaseLabel = formatReleaseLabel(expectedPackage, packageVersion);
|
|
77
78
|
const freshNpmEvidence = resolveEvidencePath(evidenceDir, options.freshNpmEvidence);
|
|
78
79
|
const agentDogfoodEvidence = resolveEvidencePath(evidenceDir, options.agentDogfoodEvidence);
|
|
79
80
|
const checks: Record<string, GeneralReleaseReadinessCheck> = {
|
|
@@ -107,10 +108,10 @@ export function createGeneralReleaseReadiness(options: GeneralReleaseReadinessOp
|
|
|
107
108
|
liveCodexControlRun: false,
|
|
108
109
|
desktopGuiActionRun: false
|
|
109
110
|
},
|
|
110
|
-
proofBoundary:
|
|
111
|
+
proofBoundary: `This gate defines and validates general-release readiness evidence for ${releaseLabel}; it does not publish npm, move npm dist-tags, create a GitHub Release, run live Codex control, mutate a GUI, claim Claude parity, or claim enterprise/customer-ready security.`,
|
|
111
112
|
nextAction: blockers.length === 0
|
|
112
|
-
? "Use this packet as one input to a separate explicit stable release issue before any npm
|
|
113
|
-
: "Produce the missing public-safe evidence or update docs before treating
|
|
113
|
+
? "Use this packet as one input to a separate explicit stable release issue before any npm dist-tag promotion or GitHub Release."
|
|
114
|
+
: "Produce the missing public-safe evidence or update docs before treating this release candidate as generally ready."
|
|
114
115
|
};
|
|
115
116
|
writeFileSync(readinessManifestPath, `${JSON.stringify(report, null, 2)}\n`);
|
|
116
117
|
return report;
|
|
@@ -163,9 +164,8 @@ function validateDocsTruth(rootDir: string): GeneralReleaseReadinessCheck {
|
|
|
163
164
|
surfaces.every((content) => content
|
|
164
165
|
&& /loo release general-readiness/i.test(content)
|
|
165
166
|
&& /fresh npm/i.test(content)
|
|
166
|
-
&& /agent dogfood/i.test(content)
|
|
167
|
-
|
|
168
|
-
), "README, VISION, and release runbook point to the 1.0 general-readiness gate");
|
|
167
|
+
&& /agent dogfood/i.test(content))
|
|
168
|
+
), "README, VISION, and release runbook point to the general-readiness gate");
|
|
169
169
|
}
|
|
170
170
|
|
|
171
171
|
function validateFreshNpmEvidence(
|
|
@@ -327,6 +327,14 @@ function readString(input: JsonObject, key: string): string | null {
|
|
|
327
327
|
return typeof value === "string" ? value : null;
|
|
328
328
|
}
|
|
329
329
|
|
|
330
|
+
function formatReleaseLabel(expectedPackage: string | null, packageVersion: string | null): string {
|
|
331
|
+
if (!expectedPackage || !packageVersion) return "the current package release";
|
|
332
|
+
const safePackageVersion = /^[0-9A-Za-z.+-]{1,80}$/.test(packageVersion)
|
|
333
|
+
? packageVersion
|
|
334
|
+
: "untrusted-version";
|
|
335
|
+
return `${expectedPackage} (${safePackageVersion})`;
|
|
336
|
+
}
|
|
337
|
+
|
|
330
338
|
function readNestedString(input: JsonObject, path: string[]): string | null {
|
|
331
339
|
const value = readNested(input, path);
|
|
332
340
|
return typeof value === "string" ? value : null;
|
|
@@ -423,6 +423,7 @@ async function main() {
|
|
|
423
423
|
const report = createPublishedPackageSmokeReport(parsed);
|
|
424
424
|
console.log(JSON.stringify(report, null, 2));
|
|
425
425
|
if (parsed.strict && !report.ok) process.exitCode = 1;
|
|
426
|
+
if (parsed.gatewayReadyStrict && !report.publishedSmokeReady) process.exitCode = 1;
|
|
426
427
|
return;
|
|
427
428
|
}
|
|
428
429
|
if (command === "openclaw" && args[0] === "live-control-smoke") {
|
|
@@ -1206,7 +1207,7 @@ function printGeneralReleaseReadinessHelp(): void {
|
|
|
1206
1207
|
"Usage:",
|
|
1207
1208
|
" loo release general-readiness --evidence-dir path [--fresh-npm-evidence path] [--agent-dogfood-evidence path] [--now iso] [--strict]",
|
|
1208
1209
|
"",
|
|
1209
|
-
"Writes a public-safe
|
|
1210
|
+
"Writes a public-safe general-release readiness packet for the current package version without performing release actions.",
|
|
1210
1211
|
"",
|
|
1211
1212
|
"Required evidence:",
|
|
1212
1213
|
" --fresh-npm-evidence points to a public-safe `loo openclaw published-smoke` report with clean-profile gateway status ready.",
|
|
@@ -1216,20 +1217,27 @@ function printGeneralReleaseReadinessHelp(): void {
|
|
|
1216
1217
|
" --strict exits non-zero until docs, skill/playbook, M9 scenarios, fresh npm proof, and agent dogfood proof are complete.",
|
|
1217
1218
|
"",
|
|
1218
1219
|
"Safety boundary:",
|
|
1219
|
-
" The command does not publish npm, does not move npm
|
|
1220
|
+
" The command does not publish npm, does not move npm dist-tags, does not create a GitHub Release, does not run live Codex control, and does not perform desktop GUI mutation."
|
|
1220
1221
|
].join("\n"));
|
|
1221
1222
|
}
|
|
1222
1223
|
|
|
1223
1224
|
function printOpenClawPublishedSmokeHelp(): void {
|
|
1224
1225
|
console.log([
|
|
1225
1226
|
"Usage:",
|
|
1226
|
-
" loo openclaw published-smoke --evidence-dir path --dogfood-report path --tool-smoke-report path [--configured-tool-smoke-report path] [--npm-install-diagnostic-report path] [--registry-version version] [--registry-beta-version version] [--root path] [--now iso] [--strict]",
|
|
1227
|
+
" loo openclaw published-smoke --evidence-dir path --dogfood-report path --tool-smoke-report path [--configured-tool-smoke-report path] [--npm-install-diagnostic-report path] [--registry-version version] [--registry-beta-version version] [--root path] [--now iso] [--strict] [--gateway-ready-strict]",
|
|
1227
1228
|
"",
|
|
1228
|
-
"Writes a public-safe summary of the published npm
|
|
1229
|
+
"Writes a public-safe summary of the published npm package path for the expected dist-tag and gateway setup state.",
|
|
1229
1230
|
"",
|
|
1230
1231
|
"This command consumes sanitized reports from `loo openclaw dogfood` and `loo openclaw tool-smoke`.",
|
|
1231
1232
|
"Optional `--configured-tool-smoke-report` records a separately named configured-profile gateway proof without marking the fresh published profile ready.",
|
|
1232
1233
|
"Optional `--npm-install-diagnostic-report` records public-safe npm selector drift and tarball fallback proof without storing raw npm output.",
|
|
1234
|
+
"",
|
|
1235
|
+
"Strict mode:",
|
|
1236
|
+
" --strict exits non-zero only when ok/packagePathOk is false; it is package-path strict.",
|
|
1237
|
+
" --gateway-ready-strict exits non-zero unless publishedSmokeReady is true for the clean published profile.",
|
|
1238
|
+
" With both flags, any failed package-path or clean-profile gateway-ready condition exits non-zero.",
|
|
1239
|
+
" A configured gateway proof is recorded separately and never substitutes for fresh-profile gateway readiness.",
|
|
1240
|
+
"",
|
|
1233
1241
|
"It does not run npm install, does not call OpenClaw, does not run live Codex control, and does not mutate a desktop GUI."
|
|
1234
1242
|
].join("\n"));
|
|
1235
1243
|
}
|
|
@@ -2223,6 +2231,7 @@ function parseOpenClawPublishedSmokeArgs(input: string[]): {
|
|
|
2223
2231
|
configuredToolSmokeReportPath?: string;
|
|
2224
2232
|
npmInstallDiagnosticReportPath?: string;
|
|
2225
2233
|
strict: boolean;
|
|
2234
|
+
gatewayReadyStrict: boolean;
|
|
2226
2235
|
} {
|
|
2227
2236
|
const parsed: {
|
|
2228
2237
|
evidenceDir?: string;
|
|
@@ -2235,7 +2244,8 @@ function parseOpenClawPublishedSmokeArgs(input: string[]): {
|
|
|
2235
2244
|
configuredToolSmokeReportPath?: string;
|
|
2236
2245
|
npmInstallDiagnosticReportPath?: string;
|
|
2237
2246
|
strict: boolean;
|
|
2238
|
-
|
|
2247
|
+
gatewayReadyStrict: boolean;
|
|
2248
|
+
} = { strict: false, gatewayReadyStrict: false };
|
|
2239
2249
|
for (let index = 0; index < input.length; index += 1) {
|
|
2240
2250
|
const arg = input[index]!;
|
|
2241
2251
|
if (arg === "--evidence-dir") {
|
|
@@ -2258,6 +2268,8 @@ function parseOpenClawPublishedSmokeArgs(input: string[]): {
|
|
|
2258
2268
|
parsed.npmInstallDiagnosticReportPath = requireOptionValue(input[++index], arg);
|
|
2259
2269
|
} else if (arg === "--strict") {
|
|
2260
2270
|
parsed.strict = true;
|
|
2271
|
+
} else if (arg === "--gateway-ready-strict") {
|
|
2272
|
+
parsed.gatewayReadyStrict = true;
|
|
2261
2273
|
} else {
|
|
2262
2274
|
throw new Error(`Unknown openclaw published-smoke option: ${arg}`);
|
|
2263
2275
|
}
|
|
@@ -2274,7 +2286,8 @@ function parseOpenClawPublishedSmokeArgs(input: string[]): {
|
|
|
2274
2286
|
toolSmokeReportPath: parsed.toolSmokeReportPath,
|
|
2275
2287
|
configuredToolSmokeReportPath: parsed.configuredToolSmokeReportPath,
|
|
2276
2288
|
npmInstallDiagnosticReportPath: parsed.npmInstallDiagnosticReportPath,
|
|
2277
|
-
strict: parsed.strict
|
|
2289
|
+
strict: parsed.strict,
|
|
2290
|
+
gatewayReadyStrict: parsed.gatewayReadyStrict
|
|
2278
2291
|
};
|
|
2279
2292
|
}
|
|
2280
2293
|
|
|
@@ -235,7 +235,15 @@ export function runOpenClawToolSmoke(options: OpenClawToolSmokeOptions = {}): Op
|
|
|
235
235
|
tokenBudget,
|
|
236
236
|
desktopFallbackCoherence: options.desktopFallbackCoherence
|
|
237
237
|
});
|
|
238
|
-
if (
|
|
238
|
+
if (
|
|
239
|
+
toolName === "loo_describe_ref"
|
|
240
|
+
|| toolName === "loo_describe_session"
|
|
241
|
+
|| toolName === "loo_expand_session"
|
|
242
|
+
|| toolName === "loo_codex_control_dry_run"
|
|
243
|
+
|| toolName === "loo_codex_resume_thread"
|
|
244
|
+
|| toolName === "loo_codex_desktop_coherence"
|
|
245
|
+
|| toolName === "loo_codex_desktop_fallback_status"
|
|
246
|
+
) {
|
|
239
247
|
if (!args) {
|
|
240
248
|
blockers.push("openclaw_tool_smoke_missing_thread_ref");
|
|
241
249
|
continue;
|
|
@@ -570,6 +578,7 @@ function buildToolArgs(params: {
|
|
|
570
578
|
desktopFallbackCoherence?: "fixture" | "omit";
|
|
571
579
|
}): Record<string, unknown> | null {
|
|
572
580
|
if (params.toolName === "loo_search_sessions") return { query: params.query, limit: 3 };
|
|
581
|
+
if (params.toolName === "loo_describe_ref") return params.threadId ? { source_ref: `codex_thread:${params.threadId}` } : null;
|
|
573
582
|
if (params.toolName === "loo_describe_session") return params.threadId ? { thread_id: params.threadId } : null;
|
|
574
583
|
if (params.toolName === "loo_expand_session") {
|
|
575
584
|
return params.threadId ? { thread_id: params.threadId, profile: params.expandProfile, token_budget: params.tokenBudget } : null;
|
|
@@ -708,6 +717,12 @@ function buildToolArgs(params: {
|
|
|
708
717
|
message: CONTROL_DRY_RUN_MESSAGE
|
|
709
718
|
} : null;
|
|
710
719
|
}
|
|
720
|
+
if (params.toolName === "loo_codex_resume_thread") {
|
|
721
|
+
return params.threadId ? {
|
|
722
|
+
thread_id: params.threadId,
|
|
723
|
+
dry_run: true
|
|
724
|
+
} : null;
|
|
725
|
+
}
|
|
711
726
|
return {};
|
|
712
727
|
}
|
|
713
728
|
|
|
@@ -954,7 +969,7 @@ function summarizeInvocation(
|
|
|
954
969
|
const tokenBudget = numberPath(summarySource, ["limits", "tokenBudget"]) ?? numberPath(summarySource, ["tokenBudget"]) ?? numberPath(summarySource, ["token_budget"]);
|
|
955
970
|
if (tokenBudget !== undefined) summary.tokenBudget = tokenBudget;
|
|
956
971
|
}
|
|
957
|
-
if (toolName === "loo_codex_control_dry_run") {
|
|
972
|
+
if (toolName === "loo_codex_control_dry_run" || toolName === "loo_codex_resume_thread") {
|
|
958
973
|
const upstreamBlocked = blockers.length > 0;
|
|
959
974
|
const dryRunOutput = details ?? output;
|
|
960
975
|
summary.live = booleanPath(dryRunOutput, ["live"]);
|
|
@@ -968,7 +983,12 @@ function summarizeInvocation(
|
|
|
968
983
|
if (messageHash) summary.messageHash = messageHash;
|
|
969
984
|
if (method) summary.method = method;
|
|
970
985
|
if (action) summary.action = action;
|
|
971
|
-
|
|
986
|
+
const messageHashRequired =
|
|
987
|
+
action === "codex_send_message"
|
|
988
|
+
|| action === "codex_steer_thread"
|
|
989
|
+
|| method === "turn/start"
|
|
990
|
+
|| method === "turn/steer";
|
|
991
|
+
if (!upstreamBlocked && (summary.live !== false || !approvalAuditId || !paramsHash || (messageHashRequired && !messageHash))) {
|
|
972
992
|
blockers.push("openclaw_control_dry_run_not_proven");
|
|
973
993
|
}
|
|
974
994
|
}
|
|
@@ -19,6 +19,13 @@ export type PublishedPackageSmokeReport = {
|
|
|
19
19
|
ok: boolean;
|
|
20
20
|
publishedSmokeReady: boolean;
|
|
21
21
|
packagePathOk: boolean;
|
|
22
|
+
readinessSemantics: Readonly<{
|
|
23
|
+
okField: "packagePathOk";
|
|
24
|
+
strictModeExitsOn: "packagePathOk_false";
|
|
25
|
+
gatewayReadyStrictExitsOn: "publishedSmokeReady_false";
|
|
26
|
+
cleanProfileGatewayReadyField: "publishedSmokeReady";
|
|
27
|
+
configuredGatewayProofSeparate: true;
|
|
28
|
+
}>;
|
|
22
29
|
publicSafe: true;
|
|
23
30
|
localOnly: true;
|
|
24
31
|
dryRun: true;
|
|
@@ -104,6 +111,14 @@ export type PublishedPackageSmokeReport = {
|
|
|
104
111
|
proofBoundary: string;
|
|
105
112
|
};
|
|
106
113
|
|
|
114
|
+
const READINESS_SEMANTICS = Object.freeze({
|
|
115
|
+
okField: "packagePathOk",
|
|
116
|
+
strictModeExitsOn: "packagePathOk_false",
|
|
117
|
+
gatewayReadyStrictExitsOn: "publishedSmokeReady_false",
|
|
118
|
+
cleanProfileGatewayReadyField: "publishedSmokeReady",
|
|
119
|
+
configuredGatewayProofSeparate: true
|
|
120
|
+
} as const);
|
|
121
|
+
|
|
107
122
|
export function createPublishedPackageSmokeReport(options: PublishedPackageSmokeOptions): PublishedPackageSmokeReport {
|
|
108
123
|
const rootDir = options.rootDir
|
|
109
124
|
? resolve(options.rootDir)
|
|
@@ -171,6 +186,7 @@ export function createPublishedPackageSmokeReport(options: PublishedPackageSmoke
|
|
|
171
186
|
ok: packagePathOk,
|
|
172
187
|
publishedSmokeReady: packagePathOk && toolSmokeReady,
|
|
173
188
|
packagePathOk,
|
|
189
|
+
readinessSemantics: READINESS_SEMANTICS,
|
|
174
190
|
publicSafe: true,
|
|
175
191
|
localOnly: true,
|
|
176
192
|
dryRun: true,
|
|
@@ -220,7 +236,7 @@ export function createPublishedPackageSmokeReport(options: PublishedPackageSmoke
|
|
|
220
236
|
"tokens, credentials, API keys, cookies",
|
|
221
237
|
"private customer data"
|
|
222
238
|
],
|
|
223
|
-
proofBoundary: `This published package smoke report summarizes public-safe ${expectedDistTag} install and gateway setup evidence only;
|
|
239
|
+
proofBoundary: `This published package smoke report summarizes public-safe ${expectedDistTag} install and gateway setup evidence only. ok/packagePathOk are package-path claims; publishedSmokeReady is the clean-profile gateway-ready claim. This command does not run live Codex control, mutate a desktop GUI, publish npm, create a GitHub Release, store raw npm output, or store raw OpenClaw gateway output.`
|
|
224
240
|
};
|
|
225
241
|
if (options.evidenceDir) writePublishedPackageSmokeReport(report, options.evidenceDir);
|
|
226
242
|
return report;
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"id": "lossless-openclaw-orchestrator",
|
|
3
3
|
"name": "Lossless OpenClaw Orchestrator",
|
|
4
|
-
"description": "
|
|
5
|
-
"version": "1.2.
|
|
4
|
+
"description": "Collaborate with local Codex sessions through OpenClaw using local indexing, prepared-state recall, bounded expansion, and approval-gated dry-run/control boundaries.",
|
|
5
|
+
"version": "1.2.2",
|
|
6
6
|
"kind": "tool",
|
|
7
7
|
"tools": {
|
|
8
8
|
"prefix": "loo_"
|
|
@@ -18,7 +18,7 @@ import {
|
|
|
18
18
|
export const pluginMetadata = {
|
|
19
19
|
id: "lossless-openclaw-orchestrator",
|
|
20
20
|
name: "Lossless OpenClaw Orchestrator",
|
|
21
|
-
description: "
|
|
21
|
+
description: "Collaborate with local Codex sessions through OpenClaw using local indexing, prepared-state recall, bounded expansion, and approval-gated dry-run/control boundaries.",
|
|
22
22
|
kind: "tool",
|
|
23
23
|
mcp: {
|
|
24
24
|
command: "loo-mcp-server",
|