lossless-openclaw-orchestrator 1.2.3 → 1.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -23,7 +23,7 @@ safe action without rereading raw transcripts.
23
23
  | Approval-gated boundaries | Dry-run Codex actions and verify matching audit ids before any live control. |
24
24
  | OpenClaw/MCP tools | Use the same local-first recall and approval-bounded surfaces from agent workflows. |
25
25
 
26
- [Setup](docs/SETUP.md) · [Contributing](CONTRIBUTING.md) · [Agent Instructions](AGENTS.md) · [Agent Skill](skills/lossless-openclaw-orchestrator/SKILL.md) · [OpenClaw Plugin](docs/OPENCLAW_PLUGIN.md) · [Security](SECURITY.md) · [Code of Conduct](CODE_OF_CONDUCT.md) · [Vision](VISION.md) · [Privacy](docs/PRIVACY.md) · [Claude Boundary](docs/CLAUDE_ADAPTER_BOUNDARY.md) · [Claim Audit](docs/CLAIM_AUDIT.md) · [Release Notes](docs/RELEASE_NOTES_1.2.3.md) · [1.2.2 Notes](docs/RELEASE_NOTES_1.2.2.md) · [1.2.1 Notes](docs/RELEASE_NOTES_1.2.1.md) · [1.2.0 Notes](docs/RELEASE_NOTES_1.2.0.md) · [1.1.4 Notes](docs/RELEASE_NOTES_1.1.4.md) · [1.0 Notes](docs/RELEASE_NOTES_1.0.0.md) · [License](LICENSE)
26
+ [Setup](docs/SETUP.md) · [Contributing](CONTRIBUTING.md) · [Agent Instructions](AGENTS.md) · [Agent Skill](skills/lossless-openclaw-orchestrator/SKILL.md) · [OpenClaw Plugin](docs/OPENCLAW_PLUGIN.md) · [Security](SECURITY.md) · [Code of Conduct](CODE_OF_CONDUCT.md) · [Vision](VISION.md) · [Privacy](docs/PRIVACY.md) · [Claude Boundary](docs/CLAUDE_ADAPTER_BOUNDARY.md) · [Claim Audit](docs/CLAIM_AUDIT.md) · [Release Notes](docs/RELEASE_NOTES_1.2.5.md) · [1.2.4 Notes](docs/RELEASE_NOTES_1.2.4.md) · [1.2.3 Notes](docs/RELEASE_NOTES_1.2.3.md) · [1.2.2 Notes](docs/RELEASE_NOTES_1.2.2.md) · [1.2.1 Notes](docs/RELEASE_NOTES_1.2.1.md) · [1.2.0 Notes](docs/RELEASE_NOTES_1.2.0.md) · [1.1.4 Notes](docs/RELEASE_NOTES_1.1.4.md) · [1.0 Notes](docs/RELEASE_NOTES_1.0.0.md) · [License](LICENSE)
27
27
 
28
28
  ## Why It Matters
29
29
 
@@ -325,7 +325,7 @@ The stable public product is Codex-first local orchestration: index, search,
325
325
  describe, expand, prepared-state recall, OpenClaw/MCP tools, and
326
326
  approval-gated dry-run/control boundaries.
327
327
 
328
- The 1.2 prepared-state and summary-leaves lane is shipped in stable `1.2.3`.
328
+ The 1.2 prepared-state and summary-leaves lane is shipped in stable `1.2.5`.
329
329
  Current launch work is the M11 GA assurance sprint, tracked in GitHub and
330
330
  summarized in [VISION.md](VISION.md). Keep sprint and agent-operator details
331
331
  there, in [AGENTS.md](AGENTS.md), and in the packaged
@@ -376,6 +376,7 @@ loo release preflight --claim-scope codex-read-search-expand-dry-run --evidence-
376
376
  loo release demo-status --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/demo --strict
377
377
  loo release status --claim-scope codex-read-search-expand-dry-run --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-status --candidate-sha <release-candidate-sha> --npm-publish-approval-evidence npm-publish-approval.json --github-release-approval-evidence github-release-approval.json --github-ci-evidence github-ci.json --codeql-evidence codeql.json --strict
378
378
  loo release general-readiness --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/general-readiness --fresh-npm-evidence published-package-smoke.json --agent-dogfood-evidence openclaw-tool-smoke.json --strict
379
+ loo release ga-smoke --evidence-dir /Volumes/LEXAR/Codex/lossless-openclaw-orchestrator/YYYY-MM-DD/release-ga-smoke --package-version <version> --candidate-sha <release-candidate-sha> --strict
379
380
  ```
380
381
 
381
382
  ## Development
package/VISION.md CHANGED
@@ -12,11 +12,11 @@ The stable product should feel like a local orchestration cockpit: OpenClaw can
12
12
 
13
13
  The current release-readiness lane is Milestone 11: LCO 1.2.0 GA Assurance And Global Launch Readiness. GitHub tracker [#478](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/478) and children [#479](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/479)-[#493](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/493) own implementation truth; this file owns the product and eval boundary.
14
14
 
15
- The stable 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2.0, 1.2.1, 1.2.2, and 1.2.3 packages have shipped on npm `latest` and their GitHub Releases are published. The post-GA Desktop claim-validation lane [#306](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/306) records that Desktop-visible classification and fallback readiness/status are proven, while actual Codex GUI mutation remains excluded. Desktop parity [#307](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/307) added the coherence classifier; desktop fallback [#308](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/308) added the CUA-first and Peekaboo-secondary readiness report. The 1.1 collaboration cockpit [#309](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/309) is completed proof for read-only collaboration summaries and execute-false next steps, not the current active child-work list.
15
+ The stable 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2.0, 1.2.1, 1.2.2, 1.2.3, and 1.2.4 packages have shipped on npm `latest` and their GitHub Releases are published. The 1.2.5 package is the current stable patch candidate; npm `latest` and GitHub Release finalization must be proven by release evidence before any global-ready claim treats it as published. The post-GA Desktop claim-validation lane [#306](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/306) records that Desktop-visible classification and fallback readiness/status are proven, while actual Codex GUI mutation remains excluded. Desktop parity [#307](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/307) added the coherence classifier; desktop fallback [#308](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/308) added the CUA-first and Peekaboo-secondary readiness report. The 1.1 collaboration cockpit [#309](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/309) is completed proof for read-only collaboration summaries and execute-false next steps, not the current active child-work list.
16
16
 
17
17
  The Codex Autonomy Cockpit [#254](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/254) and Eva Operating Picture [#255](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/255) P0 lanes are completed beta foundation, not the current active child-work list. Completed P0 children include shared contracts [#256](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/256), source authority [#258](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/258), watcher/resume requests [#259](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/259), visible Codex map joins [#260](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/260), deterministic GitHub operating inputs [#264](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/264)/[#265](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/265), current-lane source balancing [#269](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/269), GitHub check-state fidelity [#270](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/270), cockpit card cleanup [#271](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/271), and end-to-end Eva cockpit dogfood [#272](https://github.com/100yenadmin/Lossless-Codex-Orchestrator-LCO/issues/272). The sprint brief remains the historical handoff for that P0 work: [docs/sprints/brief-lco-codex-autonomy-cockpit-sprint-2026-07-01.md](docs/sprints/brief-lco-codex-autonomy-cockpit-sprint-2026-07-01.md).
18
18
 
19
- The core Codex recall, M9 handoff paths, Codex Autonomy Cockpit, Eva Operating Picture P0 paths, 1.1 Desktop collaboration cockpit paths, 1.2 prepared-state and summary-leaf paths, release metadata, package/gateway setup proof, docs truth, release gates, public-safe scorecards, post-publish fresh npm `@latest` install proof, and stable publication lanes are no longer the main product gap. The current gap is no-bug-left-behind launch assurance: prove the published `1.2.3` package is installable, discoverable, public-safe, and honest for global users before broad rollout.
19
+ The core Codex recall, M9 handoff paths, Codex Autonomy Cockpit, Eva Operating Picture P0 paths, 1.1 Desktop collaboration cockpit paths, 1.2 prepared-state and summary-leaf paths, release metadata, package/gateway setup proof, docs truth, release gates, and public-safe scorecards are no longer the main product gap. The current gap is no-bug-left-behind launch assurance: prove the `1.2.5` stable candidate is published, installable from npm `@latest`, discoverable, public-safe, and honest for global users before broad rollout.
20
20
 
21
21
  The current target is:
22
22
 
@@ -38,7 +38,7 @@ The current target is:
38
38
  - Keep P1 source adapters, including Notion, support-control, Company Brain, Stripe, dashboard/export, and model summarization, behind separate adapters and proof gates; P0 tools report those sources as `not_configured` instead of fabricating summaries.
39
39
  - Use the [source authority profile](docs/SOURCE_AUTHORITY_PROFILE.md) to distinguish "this source returned data" from "this source owns the current truth"; unavailable or cache-only sources must degrade claims to `unknown` or low confidence.
40
40
 
41
- The sprint remains Codex-first, local-first, read-only-first, and public-safe by default. It does not claim full business truth, customer readiness, Claude Code parity, remote sync, generic GUI mutation, unattended desktop control, permission bypass, or enterprise/customer-ready security. npm `latest` promotion and GitHub Release creation are complete for 1.2.3. Desktop-visible classification and fallback readiness/status are proven by #307/#308; actual Codex GUI mutation remains excluded until a future action-bound proof gate records the exact backend, target, action hash, approval, and observation.
41
+ The sprint remains Codex-first, local-first, read-only-first, and public-safe by default. It does not claim full business truth, customer readiness, Claude Code parity, remote sync, generic GUI mutation, unattended desktop control, permission bypass, or enterprise/customer-ready security. npm `latest` promotion and GitHub Release creation for 1.2.5 are release gates, not assumptions. Desktop-visible classification and fallback readiness/status are proven by #307/#308; actual Codex GUI mutation remains excluded until a future action-bound proof gate records the exact backend, target, action hash, approval, and observation.
42
42
 
43
43
  What 1.2 should let a local OpenClaw agent do next:
44
44
 
@@ -83,6 +83,7 @@ What a local OpenClaw agent can do today:
83
83
  - Classify package and gateway readiness with `loo onboard status`, `loo openclaw dogfood`, `loo openclaw tool-smoke`, and `loo openclaw published-smoke`.
84
84
  - Follow the packaged agent skill and M9 dogfood scenario to produce a public-safe recommendation from source refs, bounded expansion, detail lookups, and dry-run audit hashes.
85
85
  - Use `loo release general-readiness --strict` to decide whether fresh npm install, clean-profile OpenClaw load, clean-profile gateway readiness, and agent dogfood evidence are enough for a stable/general release claim.
86
+ - Use `loo release ga-smoke --strict` after the individual release reports exist to aggregate the release-status, finalization, published-smoke, OpenClaw dogfood/tool-smoke, scenario, scorecard, bundle, preflight, and privacy packets into one public-safe blocker taxonomy. It is a report aggregator only; it must not publish npm, create tags, create GitHub Releases, run live control, mutate a GUI, or read raw transcripts.
86
87
 
87
88
  ## Completed Proof: Working App Runtime
88
89
 
@@ -294,7 +295,7 @@ Release candidates follow [docs/BETA_RELEASE_RUNBOOK.md](docs/BETA_RELEASE_RUNBO
294
295
 
295
296
  ## Proof Boundary
296
297
 
297
- Allowed stable 1.2.3 claim:
298
+ Allowed stable 1.2.5 claim:
298
299
 
299
300
  > Collaborate with local Codex sessions through OpenClaw using local indexing, prepared-state recall, bounded expansion, and approval-gated dry-run/control boundaries.
300
301
 
@@ -6,6 +6,7 @@ import { dirname, join, resolve } from "node:path";
6
6
  import { createReleaseBundle } from "./release-bundle.js";
7
7
  import { createReleaseDemoStatus } from "./release-demo-status.js";
8
8
  import { createReleaseFinalizationStatus } from "./release-finalization-status.js";
9
+ import { createReleaseGaSmokeReport } from "./release-ga-smoke.js";
9
10
  import { runReleasePreflight } from "./release-preflight.js";
10
11
  import { createReleaseStatus } from "./release-status.js";
11
12
  import { createGeneralReleaseReadiness } from "./general-release-readiness.js";
@@ -636,6 +637,18 @@ async function main() {
636
637
  process.exitCode = 1;
637
638
  return;
638
639
  }
640
+ if (command === "release" && args[0] === "ga-smoke") {
641
+ if (hasHelpFlag(args.slice(1))) {
642
+ printReleaseGaSmokeHelp();
643
+ return;
644
+ }
645
+ const parsed = parseReleaseGaSmokeArgs(args.slice(1));
646
+ const report = createReleaseGaSmokeReport(parsed);
647
+ console.log(JSON.stringify(report, null, 2));
648
+ if (parsed.strict && !report.gaSmokeReady)
649
+ process.exitCode = 1;
650
+ return;
651
+ }
639
652
  if (command === "release" && args[0] === "demo-status") {
640
653
  if (hasHelpFlag(args.slice(1))) {
641
654
  printReleaseDemoStatusHelp();
@@ -855,6 +868,7 @@ function mainUsageText() {
855
868
  " loo release status --evidence-dir path --candidate-sha sha [--claim-scope codex-live-control|codex-read-search-expand-dry-run|codex-working-app-proof] [--approved-live-control-evidence path] [--runtime-proof-dir path] [--npm-publish-approval-evidence path] [--github-release-approval-evidence path] [--github-ci-evidence path] [--codeql-evidence path] [--desktop-gui-required --desktop-gui-approval-evidence path] [--now iso] [--strict]",
856
869
  " loo release finalization-status --evidence-dir path --candidate-sha sha --npm-publish-evidence path --git-tag-evidence path --github-release-evidence path [--package-name name] [--package-version version] [--expected-dist-tag beta|next|latest] [--expected-github-prerelease true|false] [--now iso] [--strict]",
857
870
  " loo release general-readiness --evidence-dir path [--fresh-npm-evidence path] [--agent-dogfood-evidence path] [--now iso] [--strict]",
871
+ " loo release ga-smoke --evidence-dir path --package-version version --candidate-sha sha [--release-status path] [--release-finalization-status path] [--published-smoke path] [--dogfood-report path] [--tool-smoke-report path] [--scenario-sweep path] [--scorecard-sweep path] [--release-preflight path] [--release-bundle path] [--privacy-scan path] [--claim-scope codex-live-control|codex-read-search-expand-dry-run|codex-working-app-proof] [--allow-setup-required] [--now iso] [--strict]",
858
872
  " loo release demo-status --evidence-dir path [--claim-scope codex-live-control|codex-read-search-expand-dry-run|codex-working-app-proof] [--approved-live-control-evidence path] [--runtime-proof-dir path] [--min-sessions n] [--strict]"
859
873
  ].join("\n");
860
874
  }
@@ -1184,6 +1198,24 @@ function printGeneralReleaseReadinessHelp() {
1184
1198
  " The command does not publish npm, does not move npm dist-tags, does not create a GitHub Release, does not run live Codex control, and does not perform desktop GUI mutation."
1185
1199
  ].join("\n"));
1186
1200
  }
1201
+ function printReleaseGaSmokeHelp() {
1202
+ console.log([
1203
+ "Usage:",
1204
+ " loo release ga-smoke --evidence-dir path --package-version version --candidate-sha sha [--release-status path] [--release-finalization-status path] [--published-smoke path] [--dogfood-report path] [--tool-smoke-report path] [--scenario-sweep path] [--scorecard-sweep path] [--release-preflight path] [--release-bundle path] [--privacy-scan path] [--claim-scope codex-live-control|codex-read-search-expand-dry-run|codex-working-app-proof] [--allow-setup-required] [--now iso] [--strict]",
1205
+ "",
1206
+ "Aggregates public-safe release evidence into one GA smoke readiness packet.",
1207
+ "",
1208
+ "Default evidence names:",
1209
+ " release-status.json, release-finalization-status.json, published-package-smoke.json, openclaw-dogfood.json, openclaw-tool-smoke.json, scenario-sweep.json, scorecard-sweep.json, release-preflight.json, release-bundle.json, and privacy-scan.json.",
1210
+ "",
1211
+ "Strict mode:",
1212
+ " --strict exits non-zero for P0-P2 package, release, safety, setup, or evidence blockers. P3 warnings remain non-blocking.",
1213
+ " --allow-setup-required permits a classified fresh-profile setup blocker only when package-path, configured-gateway, and finalization proof are clean.",
1214
+ "",
1215
+ "Safety boundary:",
1216
+ " This command is aggregate-only. It consumes existing sanitized evidence and does not publish npm, create tags, create GitHub Releases, run live Codex control, mutate a GUI, read raw transcripts, or store raw npm/gateway output."
1217
+ ].join("\n"));
1218
+ }
1187
1219
  function printOpenClawPublishedSmokeHelp() {
1188
1220
  console.log([
1189
1221
  "Usage:",
@@ -2802,6 +2834,122 @@ function parseGeneralReleaseReadinessArgs(input) {
2802
2834
  throw new Error("release general-readiness requires --evidence-dir");
2803
2835
  return { evidenceDir, freshNpmEvidence, agentDogfoodEvidence, now, strict };
2804
2836
  }
2837
+ function parseReleaseGaSmokeArgs(input) {
2838
+ let evidenceDir;
2839
+ let packageVersion;
2840
+ let candidateSha;
2841
+ let claimScope;
2842
+ let releaseStatus;
2843
+ let releaseFinalizationStatus;
2844
+ let publishedSmoke;
2845
+ let dogfoodReport;
2846
+ let toolSmokeReport;
2847
+ let scenarioSweep;
2848
+ let scorecardSweep;
2849
+ let releasePreflight;
2850
+ let releaseBundle;
2851
+ let privacyScan;
2852
+ let allowSetupRequired = false;
2853
+ let now;
2854
+ let strict = false;
2855
+ for (let index = 0; index < input.length; index += 1) {
2856
+ const arg = input[index];
2857
+ if (arg === "--evidence-dir") {
2858
+ evidenceDir = readReleaseStatusPath(input, ++index, "--evidence-dir");
2859
+ continue;
2860
+ }
2861
+ if (arg === "--package-version") {
2862
+ packageVersion = readReleaseStatusValue(input, ++index, "--package-version");
2863
+ continue;
2864
+ }
2865
+ if (arg === "--candidate-sha") {
2866
+ candidateSha = readReleaseStatusValue(input, ++index, "--candidate-sha");
2867
+ continue;
2868
+ }
2869
+ if (arg === "--claim-scope") {
2870
+ claimScope = parseReleaseClaimScope(input, ++index, "--claim-scope");
2871
+ continue;
2872
+ }
2873
+ if (arg === "--release-status") {
2874
+ releaseStatus = readReleaseStatusPath(input, ++index, "--release-status");
2875
+ continue;
2876
+ }
2877
+ if (arg === "--release-finalization-status") {
2878
+ releaseFinalizationStatus = readReleaseStatusPath(input, ++index, "--release-finalization-status");
2879
+ continue;
2880
+ }
2881
+ if (arg === "--published-smoke") {
2882
+ publishedSmoke = readReleaseStatusPath(input, ++index, "--published-smoke");
2883
+ continue;
2884
+ }
2885
+ if (arg === "--dogfood-report") {
2886
+ dogfoodReport = readReleaseStatusPath(input, ++index, "--dogfood-report");
2887
+ continue;
2888
+ }
2889
+ if (arg === "--tool-smoke-report") {
2890
+ toolSmokeReport = readReleaseStatusPath(input, ++index, "--tool-smoke-report");
2891
+ continue;
2892
+ }
2893
+ if (arg === "--scenario-sweep") {
2894
+ scenarioSweep = readReleaseStatusPath(input, ++index, "--scenario-sweep");
2895
+ continue;
2896
+ }
2897
+ if (arg === "--scorecard-sweep") {
2898
+ scorecardSweep = readReleaseStatusPath(input, ++index, "--scorecard-sweep");
2899
+ continue;
2900
+ }
2901
+ if (arg === "--release-preflight") {
2902
+ releasePreflight = readReleaseStatusPath(input, ++index, "--release-preflight");
2903
+ continue;
2904
+ }
2905
+ if (arg === "--release-bundle") {
2906
+ releaseBundle = readReleaseStatusPath(input, ++index, "--release-bundle");
2907
+ continue;
2908
+ }
2909
+ if (arg === "--privacy-scan") {
2910
+ privacyScan = readReleaseStatusPath(input, ++index, "--privacy-scan");
2911
+ continue;
2912
+ }
2913
+ if (arg === "--allow-setup-required") {
2914
+ allowSetupRequired = true;
2915
+ continue;
2916
+ }
2917
+ if (arg === "--now") {
2918
+ now = readReleaseStatusValue(input, ++index, "--now");
2919
+ continue;
2920
+ }
2921
+ if (arg === "--strict") {
2922
+ strict = true;
2923
+ continue;
2924
+ }
2925
+ throw new Error(`Unknown release ga-smoke option: ${arg}`);
2926
+ }
2927
+ if (!evidenceDir)
2928
+ throw new Error("release ga-smoke requires --evidence-dir");
2929
+ if (!packageVersion)
2930
+ throw new Error("release ga-smoke requires --package-version");
2931
+ if (!candidateSha)
2932
+ throw new Error("release ga-smoke requires --candidate-sha");
2933
+ return {
2934
+ evidenceDir,
2935
+ packageVersion,
2936
+ candidateSha,
2937
+ claimScope,
2938
+ releaseStatus,
2939
+ releaseFinalizationStatus,
2940
+ publishedSmoke,
2941
+ dogfoodReport,
2942
+ toolSmokeReport,
2943
+ scenarioSweep,
2944
+ scorecardSweep,
2945
+ releasePreflight,
2946
+ releaseBundle,
2947
+ privacyScan,
2948
+ allowSetupRequired,
2949
+ now,
2950
+ strict
2951
+ };
2952
+ }
2805
2953
  function readReleaseStatusPath(input, index, flag) {
2806
2954
  const value = input[index];
2807
2955
  if (!value || value.startsWith("--"))