open-multi-agent-kit 0.78.0 → 0.78.1

package/CHANGELOG.md

@@ -1,35 +1,64 @@
 # Changelog
 
-## v0.78.0 — @omk/cli release (2026-06-07)
+## v0.78.1 — package alignment, JSON contract envelopes, and adaptive runtime algorithms (2026-06-07)
 
 ### Overview
 
-Stable `0.78.0` npm release for `@omk/cli` as the provider-neutral multi-agent control plane for coding workflows. OMK routes, verifies, measures, and controls agent execution with DAG orchestration, evidence gates, and scoped MCP/skills/hooks injection while the package remains on the pre-1.0 channel.
+Pre-1.0 source release target for `open-multi-agent-kit`. This entry aligns the public docs with the actual npm package name, makes the `v1.2` runtime label explicit as a contract family, and avoids implying that every provider lane has the same write/merge authority. It also records the runtime, CI, and orchestration work that ships between the prior release commit and this release: machine-readable `omk.contract.v1` JSON envelopes, real-run graph/proof linkage, an opt-in tool-authority gate, opt-in self-update and first-run star, and adaptorch/headroom/ouroboros adaptive runtime algorithms.
+
+### Added
+
+- Fast-gate CI job and a unified release-truthfulness check that ties publish/tag claims to the exact target commit and gate state.
+- Standard `ProviderHealth` shape embedded additively in `omk provider doctor --json`.
+- `omk.contract.v1` JSON envelope for `omk summary --json`.
+- `omk.contract.v1` JSON envelopes for the `omk dag`, `omk team`, and `omk merge` machine-readable surfaces.
+- Real-run linkage into graph memory plus `omk graph audit`, which validates links across run manifest, evidence JSONL, decision JSONL, and provider-route nodes.
+- Pure tool-authority decision-gate primitive that classifies tool calls against per-lane write authority.
+- `OMK_AUTO_UPDATE` opt-in for non-interactive startup self-update.
+- First-run GitHub star with a browser-open fallback when the `gh` CLI is unavailable.
+- Adaptive runtime algorithms in the package: adaptorch-style topology routing on first DAG composition (`OMK_ADAPTORCH_ROUTING`), headroom context-guard compaction before the 90% context window (`OMK_HEADROOM` / `OMK_HEADROOM_THRESHOLD`), and embedded-ouroboros preference for goal/spec intents with native fallback (`OMK_OUROBOROS`).
+- Ouroboros integration documentation covering the MCP server, bridge, and skills surface.
+
+### Changed
+
+- README install, badge, package contract, and npm links now use `open-multi-agent-kit` instead of the unavailable `@omk/cli` scope.
+- ROADMAP now separates public `0.78.x` package releases from historical v1.1.x/v1.2 source milestones.
+- Provider-lane wording now points readers to the provider-maturity contract before treating non-Kimi lanes as authority paths.
+- Release wording now treats npm publish/tag claims as gated by the exact target commit, CI/smoke status, package audit, and dist-tag state.
+- The tool-authority gate is wired into dispatch in shadow/opt-in mode; enforcement stays off by default and is enabled only by `OMK_TOOL_AUTHORITY_ENFORCE`.
+- Chat startup now resumes paused stdin before the native loop so first-run chat stays interactive.
+
+### Notes
+
+- Default MCP configuration excludes the adaptorch MCP server; adaptorch is not auto-injected and is opt-in only.
+- The new runtime behaviors are opt-in through environment flags and default to off, so existing default runs are unchanged.
+
+### Verification
+
+Release readiness requires `npm run release:check` or the documented CI equivalent, native safety build, package audit, and tarball install smoke before npm publish or git tag.
+
+## v0.78.0 — initial public npm release (2026-06-07)
+
+### Overview
+
+Initial `0.78.0` npm publication for `open-multi-agent-kit` as a pre-1.0 provider-neutral multi-agent control plane for coding workflows. OMK routes, verifies, measures, and controls agent execution with DAG orchestration, evidence gates, and scoped MCP/skills/hooks injection.
 
 ### Core
 
 - **OMK//CONTROL** brand system with operator TUI, runtime-flow diagrams, and telemetry.
-- **Provider-neutral architecture** — Codex, MiMo, Kimi API, DeepSeek, Qwen, OpenRouter, and local adapters share the same control plane.
+- **Provider-neutral architecture** with provider-specific maturity limits; Kimi remains the most mature authority path.
 - **DAG orchestration**: Goal → DAG plan → parallel lanes → evidence bundle → verify gate → merge / replay / inspect.
-- **Evidence gates** — Command output, diff, artifact, metric, and review proof required before completion claims.
-- **Scoped capability injection** — Project MCP, skills, hooks, and graph memory scoped per-run; global secrets not imported silently.
-- **Worktree isolation** — Parallel lanes stay bounded, reviewable, and recoverable.
-
-### CLI surface
-
-`omk init`, `omk doctor`, `omk chat`, `omk plan`, `omk run`, `omk parallel`, `omk review`, `omk verify`, `omk goal`, `omk provider`, `omk mcp`, `omk skill`, `omk agent`, `omk graph`, `omk replay`, `omk inspect`, `omk codex auth`, `omk image`.
+- **Evidence gates**: command output, diff, artifact, metric, and review proof before completion claims.
+- **Scoped capability injection**: project MCP, skills, hooks, and graph memory scoped per-run; global secrets not imported silently.
+- **Worktree isolation**: parallel lanes stay bounded, reviewable, and recoverable.
 
 ### Package contract
 
-- Package: `@omk/cli`
+- Package: `open-multi-agent-kit`
 - Bins: `omk`, `omk-project-mcp`, `omk-acp`, `omk-mcp-host`
 - Engine: Node.js >=20, npm >=10
 - License: MIT
 
-### Verification
-
-Release readiness requires `npm run release:check`, native safety build, package audit, and tarball install smoke before npm publish or git tag.
-
 ## v1.2.0-rc.0 — Version and provider documentation alignment (2026-05-31)
 
 ### Added

package/MATURITY.md

@@ -1,7 +1,7 @@
 # OMK Command Maturity Matrix
 
 Last updated: 2026-06-07
-Current source version: v0.78.0 (`v1.2` runtime contract family)
+Current source version: v0.78.1 (`v1.2` runtime contract family)
 
 | Level | Meaning |
 |-------|---------|
@@ -72,6 +72,6 @@ Current source version: v0.78.0 (`v1.2` runtime contract family)
 | Native runtime safety | OMK owns the root-orchestrator direction, but native chat must still lock turn-risk inference, approval/sandbox propagation, authority resolution, provider health probes, and DeepSeek read-only enforcement before stable provider-neutral claims. | Treat `docs/native-root-runtime-hardening.md` and `.omk/specs/native-orchestrator-phase1/` as the active hardening contract. |
 | MCP diagnostics | `mcp list/doctor/test` exist; invalid project/global MCP JSON now fails visibly through diagnostics without exposing config contents. | Add machine-readable MCP JSON and structured failure categories for command resolution, timeout, permission, and server health. |
 | Skills and harness templates | `omk skill` exposes current core/TypeScript/review packs, while init templates document project MCP scope, runtime skills, portable `.agents/skills`, and run-scoped harness manifests. | Keep external-inspired skills compact, source-linked, and non-vendored; verify install/sync through `skill-command` tests and package audit. |
-| Release docs and site | README, CHANGELOG, MATURITY, ROADMAP, versioning docs, provider-maturity docs, package audit, and release-gate commands distinguish the `0.78.0` package release from the `v1.2` runtime contract family while documenting alpha/experimental surfaces, current harness templates, provider limits, and the public project repository at `https://github.com/dmae97/open-multi-agent-kit`. | Treat `npm run release:check`, native safety packaging, tarball install smoke, and CI evidence on the exact commit as the publish/deploy gate before claiming `0.78.0` published or release-ready. |
+| Release docs and site | README, CHANGELOG, MATURITY, ROADMAP, versioning docs, provider-maturity docs, package audit, and release-gate commands distinguish the `0.78.x` public package line from the `v1.2` runtime contract family while documenting alpha/experimental surfaces, current harness templates, provider limits, and the public project repository at `https://github.com/dmae97/open-multi-agent-kit`. | Treat `npm run release:check`, native safety packaging, tarball install smoke, and CI evidence on the exact commit as the publish/deploy gate before claiming `0.78.1` published or release-ready. |
 | Public proof bundles | `omk.proof-bundle.v1`, `npm run proof:check`, `npm run proof:index`, and ten scoped RC hardening bundles now cover no-Kimi, provider/doctor, fallback routing, native safety, contract/version, evidence-block, replay/inspect, and graph-audit axes. Proof integrity includes runId/commit/evidence/decision linkage and per-bundle `sha256sums.txt` artifact hashes. | Keep strengthening proof authenticity with sanitized repo-relative artifacts, non-empty known limitations, and broader provider fallback variants. |
 | Goal planner | Goal lifecycle exists, including continue, generated plan/evidence criteria, and verification. | Expand planner quality scoring and release evidence. |

package/README.md

@@ -13,10 +13,10 @@
 </p>
 
 <p align="center">
-  <a href="https://www.npmjs.com/package/@omk/cli"><img alt="npm version" src="https://img.shields.io/npm/v/%40omk%2Fcli?color=00D6FF"></a>
-  <a href="https://www.npmjs.com/package/@omk/cli"><img alt="npm package" src="https://img.shields.io/badge/package-%40omk%2Fcli-FF47B2"></a>
-  <a href="docs/versioning.md"><img alt="runtime" src="https://img.shields.io/badge/runtime-v1.2-9D4EDD"></a>
-  <a href="https://github.com/dmae97/open-multi-agent-kit/blob/main/proof/PROOF_INDEX.md"><img alt="proof gate" src="https://img.shields.io/badge/proof--gate-passing-00FFC2"></a>
+  <a href="https://www.npmjs.com/package/open-multi-agent-kit"><img alt="npm version" src="https://img.shields.io/npm/v/open-multi-agent-kit?color=00D6FF"></a>
+  <a href="https://www.npmjs.com/package/open-multi-agent-kit"><img alt="npm package" src="https://img.shields.io/badge/package-open--multi--agent--kit-FF47B2"></a>
+  <a href="docs/versioning.md"><img alt="runtime contract" src="https://img.shields.io/badge/contract-v1.2_pre--1.0-9D4EDD"></a>
+  <a href="https://github.com/dmae97/open-multi-agent-kit/blob/main/proof/PROOF_INDEX.md"><img alt="proof check" src="https://img.shields.io/badge/proof--check-source-00FFC2"></a>
   <a href="LICENSE"><img alt="license" src="https://img.shields.io/badge/license-MIT-blue.svg"></a>
 </p>
 
@@ -30,11 +30,35 @@
 
 `OMK` (`omk`) turns a coding goal into a bounded, evidence-gated agent run.
 
-> Current package source version: `@omk/cli@0.78.0`.
-> Runtime contract family: `v1.2`.
+> Current package source target: `open-multi-agent-kit@0.78.1`.
+> Public package name: `open-multi-agent-kit` (`@omk/cli` is not the active npm package).
+> Runtime contract family: `v1.2` (contract family, not a stable npm `1.x` release).
 > Release channel: `pre-1.0`.
 > See [versioning](docs/versioning.md) and [provider maturity](docs/provider-maturity.md).
 
+## Quickstart (3 minutes)
+
+A beginner reads this, runs four commands, and succeeds.
+
+```bash
+npm i -g open-multi-agent-kit
+omk init
+omk doctor
+omk chat
+```
+
+## Current release reality
+
+- The public npm line is `open-multi-agent-kit@0.78.x`. Published npm `latest` is `0.78.0`;
+  source/target is `0.78.1` and is published only after the release workflow passes on the tagged commit.
+- The `v1.2` label in docs is a runtime contract family for the source tree, not a claim that
+  an npm `1.2.x` stable release exists.
+- Provider support is intentionally uneven: Kimi remains the most mature authority path;
+  Codex/OpenCode/CommandCode depend on local CLIs; MiMo/DeepSeek/Qwen/OpenRouter/local LLM
+  lanes are scoped by the provider-maturity contract.
+- Safety and evidence claims apply to the exact adapter, command, and verification gate that
+  produced them.
+
 ## Why OMK
 
 Most coding agents optimize for a single prompt/result loop. OMK wraps agent execution with a control-plane algorithm:
@@ -68,26 +92,28 @@ The GitHub visual set presents OMK as a Night City Ops Console: route status, DA
 
 ## Install
 
-Requires Node.js `>=20` and npm `>=10`.
+Requires Node.js `>=20` and npm `>=10`. The [3-minute route](#quickstart-3-minutes) uses the global install; these are the alternatives:
+
+Project/local install:
 
 ```bash
-npm install -g @omk/cli
-omk --help
+npm i open-multi-agent-kit
+npx omk --help
 ```
 
-No global install:
+No install:
 
 ```bash
-npx -p @omk/cli omk doctor
+npx -p open-multi-agent-kit omk doctor
 ```
 
 ## Quick start
 
+The [3-minute route](#quickstart-3-minutes) is the canonical path. Beyond it, add provider auth and orchestration:
+
 ```bash
-omk init                         # scaffold AGENTS.md, DESIGN.md, .omk/
-omk doctor                       # check runtime, providers, MCP, skills, hooks
-omk codex auth --choice plus-pro # prefer official Codex app/CLI OAuth for Codex lanes
-omk chat --provider codex --mode agent
+omk codex auth --choice plus-pro # optional; requires official Codex app/CLI login
+omk chat --provider auto --mode agent
 omk orchestrate "ship feature" --workers 4 --dry-run
 ```
 
@@ -133,7 +159,7 @@ DAG node
   → TaskResult with selected runtime + fallback chain
 ```
 
-OMK converts DAG context into an adapter-neutral task so Codex, MiMo, Kimi API/print lanes, DeepSeek, Qwen, OpenRouter, local adapters, or future runtimes can participate through the same contract.
+OMK converts DAG context into an adapter-neutral task so Codex, MiMo, Kimi API/print lanes, DeepSeek, Qwen, OpenRouter, local adapters, or future runtimes can participate through the same contract when configured. That contract does not imply equal write/merge authority for every adapter.
 
 ### 4. Intent-aware runtime routing and fallback
 
@@ -180,13 +206,16 @@ Goal → DAG plan → parallel lanes → evidence bundle → verify gate → mer
 
 ## Provider lanes
 
-OMK is provider-neutral. The configured runtime decides which adapters are available, but the control plane is the same:
+OMK is provider-neutral, but providers are not equally mature or equally authorized:
+
+- **Kimi API / print lanes**: most mature authority path and compatibility fallback when configured.
+- **MiMo**: default/read-review-thinking path when configured; direct workspace-write authority is not claimed for the API runtime.
+- **Codex app / CLI OAuth lanes**: compatibility path through the official Codex CLI/app login; local CLI availability and policy decide what can run.
+- **OpenCode / CommandCode CLI lanes**: compatibility paths when the local CLI and auth are present.
+- **DeepSeek, Qwen, OpenRouter, local LLM adapters**: advisory/read/review/QA/research lanes unless a tested contract grants more authority.
+- **GPT Image 2 asset lane**: visual asset workflow only when explicitly selected and separately configured.
 
-- **Codex app / CLI OAuth lanes** for Codex-backed coding sessions;
-- **MiMo** as the default provider path when configured;
-- **Kimi API / print lanes** as explicit provider adapters, not the root identity;
-- **DeepSeek, Qwen, OpenRouter, local adapters** for advisory or execution lanes when capability contracts match;
-- **GPT Image 2 asset lane** for visual assets when the image workflow is explicitly selected.
+See [provider maturity](docs/provider-maturity.md) before treating any non-Kimi lane as an authority/write/merge path.
 
 ## Codex app / OAuth first
 
@@ -206,9 +235,9 @@ The npm package is intentionally package-safe:
 
 | Contract          | Value                                                                                                                                                                                                                          |
 | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Package           | [`@omk/cli`](https://www.npmjs.com/package/@omk/cli)                                                                                                                                                                           |
-| Version           | `0.78.0`                                                                                                                                                                                                                       |
-| Runtime family    | `v1.2`                                                                                                                                                                                                                         |
+| Package           | [`open-multi-agent-kit`](https://www.npmjs.com/package/open-multi-agent-kit)                                                                                                                                                   |
+| Version           | `0.78.1`                                                                                                                                                                                                                       |
+| Runtime contract family | `v1.2`                                                                                                                                                                                                                         |
 | Bins              | `omk`, `omk-project-mcp`, `omk-acp`, `omk-mcp-host`                                                                                                                                                                            |
 | Packaged docs     | `README.md`, `docs/`, `SECURITY.md`, `ROADMAP.md`, `MATURITY.md`, `DESIGN.md`                                                                                                                                                  |
 | Packaged branding | Canonical hero/social/TUI/runtime images plus the curated derivative gallery documented in [`readmeasset/ASSET_INDEX.md`](readmeasset/ASSET_INDEX.md) and [`readmeasset/ASSET_PROVENANCE.md`](readmeasset/ASSET_PROVENANCE.md) |
@@ -262,6 +291,7 @@ Public copy stays OMK-owned: **OMK//CONTROL**, **NEON GRID ONLINE**, route/evide
 - [Provider maturity](docs/provider-maturity.md)
 - [Native root runtime algorithms](docs/native-root-runtime-algorithms.md)
 - [Codex OAuth setup](docs/codex-oauth-setup.md)
+- [Ouroboros integration](docs/integrations/ouroboros.md)
 - [Security policy](SECURITY.md)
 
 ## Security
@@ -271,7 +301,7 @@ Safe by default: child env is sanitized, ambient secrets are dropped, and worksp
 ## Links
 
 - GitHub: <https://github.com/dmae97/open-multi-agent-kit>
-- NPM: <https://www.npmjs.com/package/@omk/cli>
+- NPM: <https://www.npmjs.com/package/open-multi-agent-kit>
 - Releases: <https://github.com/dmae97/open-multi-agent-kit/releases>
 
 ## License

package/ROADMAP.md

@@ -1,21 +1,27 @@
 # Roadmap
 
-Current source version: v0.78.0 (`v1.2` runtime contract family)
+Current source version: v0.78.1 (`v1.2` runtime contract family)
 Last updated: 2026-06-07
 
-## Historical 2026-05-31 v1.2 RC status
+## 2026-06-07 release reality
 
-At the 2026-05-31 RC checkpoint, the source tree was aligned to package version `1.2.0-rc.0`, runtime version `v1.2`, and release channel `rc`. The architecture direction is OMK-as-root with providers as adapters. Kimi remains the most mature authority path in this RC line; other providers have narrower or advisory maturity unless tests and contracts say otherwise.
+The public npm package line is `open-multi-agent-kit@0.78.x`. The `v1.2` label below is the source-tree runtime contract family, not a claim that a stable npm `1.2.x` package has shipped.
+
+The v1.1.x/v1.2 rows in this file are historical source checkpoints and architecture milestones unless a row explicitly says it was npm-published. Current public-release work should be judged against the exact target commit, CI/smoke status, package audit, and npm dist-tag state.
+
+## Historical 2026-05-31 v1.2 contract checkpoint
+
+At the 2026-05-31 checkpoint, the source tree was being aligned toward a `v1.2` runtime contract and an internal RC packaging target. That checkpoint is useful architectural history, but it is not the current public npm package line. The architecture direction is OMK-as-root with providers as adapters. Kimi remains the most mature authority path; other providers have narrower or advisory maturity unless tests and contracts say otherwise.
 
 - Version contract details: `docs/versioning.md`.
 - Provider status and limitations: `docs/provider-maturity.md`.
 - Public proof index: `proof/PROOF_INDEX.md`.
 - Active native-runtime backlog: `docs/native-root-runtime-hardening.md`, `docs/native-root-runtime-algorithms.md`, and `.omk/specs/native-orchestrator-phase1/`.
-- Do not claim stable `v1.2` until release gates pass on the exact target commit and the stable package/tag is published.
+- Do not claim stable npm `1.x` status until release gates pass on the exact target commit and the stable package/tag is published.
 
-## Historical v1.1.9 reality
+## Historical v1.1.9 source reality
 
-Provider routing and graph viewing are no longer purely future work:
+Provider routing and graph viewing are no longer purely future work in the source tree, but these notes are historical and provider-dependent:
 
 - `omk run`, `omk parallel`, and DAG replay expose `--provider auto|kimi`.
 - `omk provider` / `omk deepseek` manage DeepSeek enablement, key setup, availability checks, and default fallback to the most mature adapter.
@@ -23,7 +29,7 @@ Provider routing and graph viewing are no longer purely future work:
 - `omk graph view` generates an HTML view from `.omk/memory/graph-state.json`.
 - `omk goal` has a persisted lifecycle, continue loop, generated plan/evidence criteria, and verification flow.
 
-## v1.2 RC — Native Orchestrator Decoupling
+## v1.2 contract hardening — Native Orchestrator Decoupling
 
 ### Phase 0: Foundation & Spec
 
@@ -64,35 +70,35 @@ Provider routing and graph viewing are no longer purely future work:
 - Deprecate Kimi-only subagent language where OMK `ParallelOrchestrator` is the actual spawn surface.
 - Mark v1.2.x stable only after provider fallback, evidence gates, DAG replay, version contracts, and provider-maturity docs are green across supported adapters.
 
-## v1.3 — Hardening the current surface
+## Post-0.78 hardening — current surface
 
 ### P0: release and contract gates
 
-- Done: YAML validation now runs in local `verify` plus CI/smoke workflows.
-- Done: package dry-pack, package audit, tarball smoke, native safety build, and release matrix gates were re-verified during the v1.1.x release-prep line; v1.2 RC publish/tag claims now depend on `npm run release:check` on the exact target commit.
-- Required before stable v1.2 publish/tag: regenerate the native safety binary, pass package audit, pass smoke-pack/tarball install smoke, and pass `npm run release:check` on the exact intended release diff.
-- Required before stable v1.2 publish/tag: CI and smoke checks must pass on the exact intended commit.
-- Done: provider/deepseek and screenshot JSON command contracts gained hermetic regression tests.
-- Done: proof bundle schema/check/index scaffolding exists, with ten scoped RC hardening bundles covering no-Kimi smoke, doctor-provider, fallback-route, native-safety, contract-version, evidence-block, replay/inspect, graph-audit, deeper no-Kimi verification, and provider fallback-routing gates.
-- Done: proof integrity now enforces artifact linkage plus per-bundle `sha256sums.txt` hash validation.
-- Done: current AGENTS/init templates and packaged workflow skills were aligned with the active skills/MCP/agents/harness surface, including all generated agent MCP/skills/hooks flags and parallel subagent orchestration guidance.
-- Remaining: lock runtime safety gates for native turn risk, approval/sandbox propagation, authority-provider resolution, provider health probes, and DeepSeek read-only routing.
-- Remaining: lock broader provider fallback metadata with tests for rate limit, timeout, and default fallback variants.
-- Remaining: define minimum machine-readable CLI envelopes for the rest of the automation-critical commands.
-- Remaining: promote additional real proof bundles beyond the RC ten-bundle baseline, especially provider fallback variants for rate limit, timeout, and default route behavior.
+- Source implemented: YAML validation runs in local `verify` plus CI/smoke workflows.
+- Source verified in recent gates: package dry-pack, package audit, tarball smoke, native safety build, and release matrix coverage. Public publish/tag claims still depend on the exact target commit.
+- Required before a public npm publish/tag: regenerate the native safety binary if the target platform artifacts changed, pass package audit, pass smoke-pack/tarball install smoke, and pass `npm run release:check` or the documented CI equivalent on the exact intended release diff.
+- Required before a public npm publish/tag: CI and smoke checks must pass on the exact intended commit.
+- Source implemented: provider/deepseek and screenshot JSON command contracts have hermetic regression tests.
+- Source implemented: proof bundle schema/check/index scaffolding exists, with scoped hardening bundles covering no-Kimi smoke, doctor-provider, fallback-route, native-safety, contract-version, evidence-block, replay/inspect, graph-audit, deeper no-Kimi verification, and provider fallback-routing gates.
+- Source implemented: proof integrity enforces artifact linkage plus per-bundle `sha256sums.txt` hash validation.
+- Source implemented: current AGENTS/init templates and packaged workflow skills align with the active skills/MCP/agents/harness surface.
+- Still required: lock runtime safety gates for native turn risk, approval/sandbox propagation, authority-provider resolution, provider health probes, and DeepSeek read-only routing.
+- Still required: lock broader provider fallback metadata with tests for rate limit, timeout, and default fallback variants.
+- Still required: define minimum machine-readable CLI envelopes for the rest of the automation-critical commands.
+- Still required: promote additional proof bundles beyond the current baseline, especially provider fallback variants for rate limit, timeout, and default route behavior.
 
 ### P1: observability and diagnostics
 
-- Done: provider route/fallback counts are now emitted in run summaries/reports and summary terminal output.
-- Done: invalid MCP JSON is reported as a visible diagnostic without leaking secret-like config values.
-- Done: `omk mcp doctor --json` exposes structured server status, command resolution, timeout, permission, and config-source fields.
+- Source implemented: provider route/fallback counts are emitted in run summaries/reports and summary terminal output.
+- Source implemented: invalid MCP JSON is reported as a visible diagnostic without leaking secret-like config values.
+- Source implemented: `omk mcp doctor --json` exposes structured server status, command resolution, timeout, permission, and config-source fields.
 - Expand JSON output for DAG, summary, and workflow commands where CI or agents consume results.
 - Link live graph nodes back to runs, goals, providers, and evidence so `omk graph audit` can validate real project graph memory, not only compact proof fixtures.
 
 ### P2: execution depth and planner quality
 
 - Deepen `omk team` runtime reporting: worker state, pane/session health, artifacts, and verification handoff.
-- Done: replace the `omk goal plan` stub with a planner that emits steps, acceptance criteria, risks, and evidence gates.
+- Source implemented: replace the `omk goal plan` stub with a planner that emits steps, acceptance criteria, risks, and evidence gates.
 - Add provider-quality gates before broader non-Kimi worker pools.
 - Keep Kimi execution as the safe fallback path for every run.
 
@@ -109,10 +115,12 @@ Provider routing and graph viewing are no longer purely future work:
 - Materialize provider routes, fallback events, goals, evidence gates, and run artifacts in the local graph/Kuzu ontology.
 - Keep `omk graph view` local-first and safe for private repositories.
 
-### Historical milestones
+### Historical source milestones
+
+These are source/development checkpoints unless a release note explicitly says the version was npm-published.
 
-| Version | Focus |
-|---------|-------|
+| Source checkpoint | Focus |
+| --- | --- |
 | v0.1 | init / doctor / chat, P0 skills, AGENTS.md / DESIGN.md generation, quality gate hooks |
 | v0.2 | wire controller, HUD, run state, worker logs |
 | v0.3 | worktree team, merge queue, reviewer / QA / integrator agents |
@@ -127,4 +135,4 @@ Provider routing and graph viewing are no longer purely future work:
 | v1.1.16 | Deterministic IntentFrame/ActionAtom orchestration, chat schema preflight, MCP duplicate policy, agent capability propagation, and doctor/init/pack smoke fixes |
 | v1.1.17 | Full generated-agent MCP/skills/hooks enablement, parallel subagent orchestration emphasis, and v1.1.17 release docs |
 | v1.1.18 | Historical Kimi-wrapper dominant release-prep line: package source version alignment, native safety package gate, typed doctor repair plans, startup update prompt UX, and parallel subagent orchestration release-doc alignment |
-| v1.2.0-rc.0 | Package RC for the `v1.2` runtime contract family, provider-neutral docs alignment, version contract docs, and provider maturity limits |
+| v1.2.0-rc.0 | Internal RC target for the `v1.2` runtime contract family, provider-neutral docs alignment, version contract docs, and provider maturity limits |

package/dist/cli/register-basic-commands.js

@@ -268,9 +268,10 @@ export function registerBasicCommands(program) {
     program
         .command("summary")
         .description(t("cmd.summaryDesc"))
-        .action(async () => {
+        .option("--json", "Output the latest run summary as a JSON envelope")
+        .action(async (options) => {
         const { summaryLatestCommand } = await import("../commands/summary.js");
-        await summaryLatestCommand();
+        await summaryLatestCommand(options);
     });
     program
         .command("summary-show [run-id]")

package/dist/cli/register-mcp-dag-cron-screenshot-commands.js

@@ -157,6 +157,7 @@ export function registerMcpDagCronScreenshotCommands(program) {
         .option("-o, --output <path>", "Output JSON file path")
         .option("-p, --parallel", "Enable intra-phase parallelism")
         .option("-r, --run <id>", "Use spec from run ID (latest)")
+        .option("--json", "Output the DAG artifact as a JSON envelope")
         .action(async (specDir, options) => {
         const { dagFromSpecCommand } = await import("../commands/dag-from-spec.js");
         const root = (await import("../util/fs.js")).getProjectRoot();
@@ -165,6 +166,7 @@ export function registerMcpDagCronScreenshotCommands(program) {
             output: options.output,
             parallel: Boolean(options.parallel),
             run: options.run,
+            json: Boolean(options.json),
         });
     });
     dag

package/dist/cli/register-tool-commands.js

@@ -14,6 +14,16 @@ export function registerToolCommands(program) {
         const { graphViewCommand } = await import("../commands/graph.js");
         await graphViewCommand(options);
     });
+    graph
+        .command("audit")
+        .description("Audit linked run subgraphs (run -> route/provider/evidence/decision/artifact)")
+        .option("--run <id>", "Audit a single run id (default: all runs under .omk/runs)")
+        .option("--input <path>", "Graph state JSON path (default: .omk/memory/graph-state.json)")
+        .option("--json", "Output machine-readable omk.contract.v1 JSON verdict")
+        .action(async (options) => {
+        const { graphAuditCommand } = await import("../commands/graph.js");
+        await graphAuditCommand({ run: options.run, input: options.input, json: Boolean(options.json) });
+    });
     program
         .command("hud")
         .description(t("cmd.hudDesc"))
@@ -47,6 +57,7 @@ export function registerToolCommands(program) {
         .option("--run <id>", "run ID", "latest")
         .option("--strategy <strategy>", "merge strategy (first | best)", "first")
         .option("--dry-run", "preview merge without applying")
+        .option("--json", "Output the merge preview as a JSON envelope")
         .action(async (runIdArg, options) => {
         const globalOpts = program.opts();
         const { mergeCommand } = await import("../commands/merge.js");

package/dist/cli/register-workflow-commands.js

@@ -72,6 +72,7 @@ export function registerWorkflowCommands(program) {
         .command("team")
         .description(t("cmd.teamDesc"))
         .option("--workers <n>", t("cmd.teamWorkersOption"), "auto")
+        .option("--json", "Output the team layout as a JSON envelope")
         .action(async (options) => {
         const globalOpts = program.opts();
         const { teamCommand } = await import("../commands/team.js");

package/dist/cli/registry/tooling.js

@@ -89,9 +89,10 @@ export function registerToolingCommands(program) {
     program
         .command("summary")
         .description(t("cmd.summaryDesc"))
-        .action(async () => {
+        .option("--json", "Output the latest run summary as a JSON envelope")
+        .action(async (options) => {
         const { summaryLatestCommand } = await import("../../commands/summary.js");
-        await summaryLatestCommand();
+        await summaryLatestCommand(options);
     });
     program
         .command("summary-show [run-id]")

package/dist/commands/chat/core.js

@@ -245,6 +245,11 @@ export async function chatCommand(options) {
         catch {
             // Update prompts are advisory and must not block chat startup.
         }
+        // NOTE: the star/update prompts above use @inquirer/prompts (raw mode + their
+        // own readline) and can leave interactive stdin paused. The native root loop
+        // re-validates and resumes a paused TTY via resumeInteractiveInput() right
+        // before it builds its readline (see runNativeOmkRootLoop), so the first run
+        // after `omk init` does not exit immediately with "Session ended".
     }
     // ── tmux cockpit layout: keep prompt pane clean; move cockpit/HUD telemetry to the side pane ──
     const explicitTmux = layout === "tmux";

package/dist/commands/chat/native-root-loop.js

@@ -2,6 +2,9 @@ import { style } from "../../util/theme.js";
 import { runShell } from "../../util/shell.js";
 import { createDag } from "../../orchestration/dag.js";
 import { applyCapabilityInjectionToRouting, buildCapabilityInjection, } from "../../runtime/capability-injection.js";
+import { capabilityScopesFromRouting } from "../../orchestration/capability-routing.js";
+import { decideToolAuthority, } from "../../safety/tool-authority-gate.js";
+import { resolveToolAuthorityEnforcement } from "../../runtime/tool-dispatch-contracts.js";
 import { compileBloatToNlp, } from "../../runtime/debloat-nlp.js";
 import { buildPromptEnvelope, renderPromptEnvelope, } from "../../runtime/prompt-envelope.js";
 import { buildTaskRunContext } from "../../runtime/worker-manifest.js";
@@ -10,6 +13,7 @@ import { persistInputEnvelope } from "../../input/input-artifacts.js";
 import { buildDagCompileResult } from "../../orchestration/dag-compiler.js";
 import { persistDagCompileArtifacts } from "../../orchestration/dag-artifacts.js";
 import { TerminalOwner } from "../../util/terminal-owner.js";
+import { resumeInteractiveInput } from "../../util/terminal-input.js";
 import { executeHarnessRun } from "../../harness/execute-harness-run.js";
 import { normalizeProviderId, readProviderRegistry } from "../../providers/model-registry.js";
 import { renderProviderModelTable } from "../../providers/model-table.js";
@@ -192,6 +196,53 @@ function bootstrapProviderPolicy(bootstrap) {
             return "auto";
     }
 }
+function nativeTurnRiskToToolOp(risk) {
+    switch (risk) {
+        case "merge":
+            return "merge";
+        case "shell":
+            return "shell";
+        case "write":
+            return "write";
+        default:
+            return "read";
+    }
+}
+/**
+ * Shadow-only tool-authority observability at the live turn dispatch
+ * checkpoint. The kimi runner executes tools inside a spawned CLI, so per-tool
+ * enforcement lives in dispatchToolCallsByContract; here we only compute and
+ * record the turn-level verdict for the trace. Default output is byte-identical
+ * (emitted only under OMK_DEBUG / OMK_TOOL_AUTHORITY_TRACE); this path never
+ * blocks dispatch.
+ */
+function recordNativeTurnToolAuthority(input) {
+    const traceEnabled = input.env.OMK_DEBUG === "1" ||
+        /^(1|true|yes|on)$/i.test(input.env.OMK_TOOL_AUTHORITY_TRACE ?? "");
+    if (!traceEnabled)
+        return;
+    const routing = input.node.routing;
+    const scopes = capabilityScopesFromRouting(routing);
+    const op = nativeTurnRiskToToolOp(routing?.risk);
+    const enforce = resolveToolAuthorityEnforcement(input.env);
+    const decision = decideToolAuthority({
+        op,
+        writeAuthority: scopes.writeAuthority,
+        shellAuthority: scopes.shellAuthority,
+        approvalPolicy: nativeApprovalPolicy(routing?.approvalPolicy ?? routing?.executionPrompt),
+        sandboxMode: routing?.sandboxMode === "read-only" ? "read-only" : "workspace-write",
+        tty: Boolean(process.stdout.isTTY),
+    });
+    const line = `  tool-authority(${enforce ? "enforce" : "shadow"}): node=${input.node.id} ` +
+        `op=${op} decision=${decision} write=${scopes.writeAuthority} ` +
+        `shell=${scopes.shellAuthority} sandbox=${routing?.sandboxMode ?? "auto"}\n`;
+    if (input.renderer) {
+        input.renderer.emit({ type: "control:output", text: style.phosphorDim(line) });
+    }
+    else {
+        process.stderr.write(style.phosphorDim(line));
+    }
+}
 function emitNativeTurnRoute(input) {
     if (!input.heartbeatEnabled)
         return;
@@ -463,6 +514,7 @@ async function executeNativeRootTurn(input) {
     const routing = input.node.routing;
     const activity = describeNativeTurnActivity(input.node);
     emitNativeTurnRoute(input);
+    recordNativeTurnToolAuthority({ node: input.node, env: input.env, renderer: input.renderer });
     let heartbeatPrinted = false;
     let heartbeatLineClosed = false;
     const heartbeat = input.heartbeatEnabled
@@ -598,6 +650,7 @@ async function executeNativeRootHarnessTurn(input) {
                 skillNames: node.routing?.skills ?? input.skillNames,
                 hookNames: node.routing?.hooks ?? input.hookNames,
             });
+            recordNativeTurnToolAuthority({ node, env: input.env, renderer: input.renderer });
         },
         onNodeComplete: (node, result) => {
             completed.push({ node, result });
@@ -666,6 +719,13 @@ export async function runNativeOmkRootLoop(input) {
         else
             process.stdout.write(`${text}\n`);
     };
+    // Defensive stdin re-validation before the chat readline takes ownership.
+    // The first-run GitHub-star / update prompts (@inquirer/prompts) can take
+    // over raw mode and leave the shared interactive stdin paused; a paused TTY
+    // makes the readline below see an immediate EOF/'close' and exit the loop
+    // with "Session ended". This only resumes an explicitly-paused TTY and never
+    // touches non-TTY stdin (its EOF/exit behavior must stay unchanged).
+    resumeInteractiveInput(process.stdin);
     const { createInterface } = await import("readline");
     const rl = createInterface({
         input: process.stdin,

package/dist/commands/dag-from-spec.d.ts

@@ -27,4 +27,5 @@ export declare function dagFromSpecCommand(specDir: string, options?: {
     parallel?: boolean;
     runId?: string;
     run?: string;
+    json?: boolean;
 }): Promise<Dag>;