open-multi-agent-kit 0.78.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1304) hide show
  1. package/AGENTS.md +550 -0
  2. package/CHANGELOG.md +464 -0
  3. package/CLAUDE.md +8 -0
  4. package/DESIGN.md +334 -0
  5. package/GEMINI.md +8 -0
  6. package/LICENSE +21 -0
  7. package/MATURITY.md +77 -0
  8. package/README.md +279 -0
  9. package/ROADMAP.md +130 -0
  10. package/SECURITY.md +83 -0
  11. package/WORKER_MANIFEST.md +35 -0
  12. package/dist/adapters/commandcode/commandcode-cli-adapter.d.ts +10 -0
  13. package/dist/adapters/commandcode/commandcode-cli-adapter.js +57 -0
  14. package/dist/adapters/kimi/ascii-art.d.ts +1 -0
  15. package/dist/adapters/kimi/ascii-art.js +23 -0
  16. package/dist/adapters/kimi/banner.d.ts +53 -0
  17. package/dist/adapters/kimi/banner.js +284 -0
  18. package/dist/adapters/kimi/bug-filter.d.ts +15 -0
  19. package/dist/adapters/kimi/bug-filter.js +150 -0
  20. package/dist/adapters/kimi/capability.d.ts +25 -0
  21. package/dist/adapters/kimi/capability.js +68 -0
  22. package/dist/adapters/kimi/continue-prompt-guard.d.ts +20 -0
  23. package/dist/adapters/kimi/continue-prompt-guard.js +70 -0
  24. package/dist/adapters/kimi/isolated-home.d.ts +21 -0
  25. package/dist/adapters/kimi/isolated-home.js +270 -0
  26. package/dist/adapters/kimi/runner.d.ts +71 -0
  27. package/dist/adapters/kimi/runner.js +1084 -0
  28. package/dist/adapters/kimi/simple-art.d.ts +1 -0
  29. package/dist/adapters/kimi/simple-art.js +1 -0
  30. package/dist/adapters/kimi/statusline.d.ts +26 -0
  31. package/dist/adapters/kimi/statusline.js +142 -0
  32. package/dist/adapters/kimi/usage.d.ts +52 -0
  33. package/dist/adapters/kimi/usage.js +481 -0
  34. package/dist/adapters/kimi/wire-client.d.ts +142 -0
  35. package/dist/adapters/kimi/wire-client.js +725 -0
  36. package/dist/adapters/kimi/wire-protocol-types.d.ts +549 -0
  37. package/dist/adapters/kimi/wire-protocol-types.js +59 -0
  38. package/dist/adapters/opencode/opencode-cli-adapter.d.ts +9 -0
  39. package/dist/adapters/opencode/opencode-cli-adapter.js +43 -0
  40. package/dist/awareness/classifiers/browser-console-classifier.d.ts +3 -0
  41. package/dist/awareness/classifiers/browser-console-classifier.js +47 -0
  42. package/dist/awareness/classifiers/evidence-gap-classifier.d.ts +3 -0
  43. package/dist/awareness/classifiers/evidence-gap-classifier.js +31 -0
  44. package/dist/awareness/classifiers/stalled-run-classifier.d.ts +2 -0
  45. package/dist/awareness/classifiers/stalled-run-classifier.js +24 -0
  46. package/dist/awareness/notice-store.d.ts +6 -0
  47. package/dist/awareness/notice-store.js +91 -0
  48. package/dist/awareness/notice.d.ts +17 -0
  49. package/dist/awareness/notice.js +1 -0
  50. package/dist/awareness/noticer-engine.d.ts +42 -0
  51. package/dist/awareness/noticer-engine.js +63 -0
  52. package/dist/awareness/router.d.ts +6 -0
  53. package/dist/awareness/router.js +46 -0
  54. package/dist/brand/matrix-rain.d.ts +15 -0
  55. package/dist/brand/matrix-rain.js +132 -0
  56. package/dist/brand/omk-matrix-art.d.ts +1 -0
  57. package/dist/brand/omk-matrix-art.js +10 -0
  58. package/dist/brand/omk-simple-art.d.ts +7 -0
  59. package/dist/brand/omk-simple-art.js +13 -0
  60. package/dist/brand/palette.d.ts +194 -0
  61. package/dist/brand/palette.js +53 -0
  62. package/dist/brand/theme.d.ts +41 -0
  63. package/dist/brand/theme.js +262 -0
  64. package/dist/browser/browser-feedback.d.ts +10 -0
  65. package/dist/browser/browser-feedback.js +84 -0
  66. package/dist/browser/browser-observer.d.ts +21 -0
  67. package/dist/browser/browser-observer.js +159 -0
  68. package/dist/browser/browser-session.d.ts +26 -0
  69. package/dist/browser/browser-session.js +63 -0
  70. package/dist/cli/command-registry.d.ts +2 -0
  71. package/dist/cli/command-registry.js +20 -0
  72. package/dist/cli/input/argv-parser.d.ts +16 -0
  73. package/dist/cli/input/argv-parser.js +50 -0
  74. package/dist/cli/input/command-envelope.d.ts +16 -0
  75. package/dist/cli/input/command-envelope.js +64 -0
  76. package/dist/cli/input/config-loader.d.ts +16 -0
  77. package/dist/cli/input/config-loader.js +48 -0
  78. package/dist/cli/input/index.d.ts +8 -0
  79. package/dist/cli/input/index.js +8 -0
  80. package/dist/cli/input/input-resolver.d.ts +13 -0
  81. package/dist/cli/input/input-resolver.js +50 -0
  82. package/dist/cli/input/validator.d.ts +10 -0
  83. package/dist/cli/input/validator.js +37 -0
  84. package/dist/cli/main.d.ts +4 -0
  85. package/dist/cli/main.js +34 -0
  86. package/dist/cli/output/error-renderer.d.ts +10 -0
  87. package/dist/cli/output/error-renderer.js +68 -0
  88. package/dist/cli/output/hash.d.ts +1 -0
  89. package/dist/cli/output/hash.js +10 -0
  90. package/dist/cli/output/index.d.ts +9 -0
  91. package/dist/cli/output/index.js +9 -0
  92. package/dist/cli/output/json-renderer.d.ts +7 -0
  93. package/dist/cli/output/json-renderer.js +35 -0
  94. package/dist/cli/output/markdown-renderer.d.ts +5 -0
  95. package/dist/cli/output/markdown-renderer.js +86 -0
  96. package/dist/cli/output/nlp-renderer.d.ts +7 -0
  97. package/dist/cli/output/nlp-renderer.js +96 -0
  98. package/dist/cli/output/output-router.d.ts +5 -0
  99. package/dist/cli/output/output-router.js +33 -0
  100. package/dist/cli/register-awareness-commands.d.ts +2 -0
  101. package/dist/cli/register-awareness-commands.js +133 -0
  102. package/dist/cli/register-basic-commands.d.ts +2 -0
  103. package/dist/cli/register-basic-commands.js +487 -0
  104. package/dist/cli/register-integration-commands.d.ts +2 -0
  105. package/dist/cli/register-integration-commands.js +59 -0
  106. package/dist/cli/register-mcp-dag-cron-screenshot-commands.d.ts +2 -0
  107. package/dist/cli/register-mcp-dag-cron-screenshot-commands.js +273 -0
  108. package/dist/cli/register-openai-codex-commands.d.ts +2 -0
  109. package/dist/cli/register-openai-codex-commands.js +55 -0
  110. package/dist/cli/register-provider-commands.d.ts +2 -0
  111. package/dist/cli/register-provider-commands.js +244 -0
  112. package/dist/cli/register-spec-agent-goal-commands.d.ts +2 -0
  113. package/dist/cli/register-spec-agent-goal-commands.js +441 -0
  114. package/dist/cli/register-tool-commands.d.ts +2 -0
  115. package/dist/cli/register-tool-commands.js +191 -0
  116. package/dist/cli/register-workflow-commands.d.ts +2 -0
  117. package/dist/cli/register-workflow-commands.js +157 -0
  118. package/dist/cli/registry/core.d.ts +2 -0
  119. package/dist/cli/registry/core.js +27 -0
  120. package/dist/cli/registry/session.d.ts +2 -0
  121. package/dist/cli/registry/session.js +137 -0
  122. package/dist/cli/registry/system.d.ts +2 -0
  123. package/dist/cli/registry/system.js +95 -0
  124. package/dist/cli/registry/tooling.d.ts +2 -0
  125. package/dist/cli/registry/tooling.js +111 -0
  126. package/dist/cli/registry/visual.d.ts +2 -0
  127. package/dist/cli/registry/visual.js +91 -0
  128. package/dist/cli/root.d.ts +10 -0
  129. package/dist/cli/root.js +118 -0
  130. package/dist/cli/runtime/capability-selector.d.ts +18 -0
  131. package/dist/cli/runtime/capability-selector.js +208 -0
  132. package/dist/cli/runtime/cli-runtime.d.ts +10 -0
  133. package/dist/cli/runtime/cli-runtime.js +35 -0
  134. package/dist/cli/runtime/cli-writer.d.ts +18 -0
  135. package/dist/cli/runtime/cli-writer.js +87 -0
  136. package/dist/cli/runtime/command-bus.d.ts +45 -0
  137. package/dist/cli/runtime/command-bus.js +132 -0
  138. package/dist/cli/runtime/event-bus.d.ts +12 -0
  139. package/dist/cli/runtime/event-bus.js +31 -0
  140. package/dist/cli/runtime/generic-provider-adapter.d.ts +24 -0
  141. package/dist/cli/runtime/generic-provider-adapter.js +38 -0
  142. package/dist/cli/runtime/index.d.ts +17 -0
  143. package/dist/cli/runtime/index.js +18 -0
  144. package/dist/cli/runtime/intent-classifier.d.ts +16 -0
  145. package/dist/cli/runtime/intent-classifier.js +113 -0
  146. package/dist/cli/runtime/plan-controller.d.ts +7 -0
  147. package/dist/cli/runtime/plan-controller.js +29 -0
  148. package/dist/cli/runtime/provider-adapter-registry.d.ts +32 -0
  149. package/dist/cli/runtime/provider-adapter-registry.js +60 -0
  150. package/dist/cli/runtime/provider-event-normalizer.d.ts +19 -0
  151. package/dist/cli/runtime/provider-event-normalizer.js +150 -0
  152. package/dist/cli/runtime/run-controller.d.ts +7 -0
  153. package/dist/cli/runtime/run-controller.js +30 -0
  154. package/dist/cli/runtime/runtime-sidecar.d.ts +17 -0
  155. package/dist/cli/runtime/runtime-sidecar.js +138 -0
  156. package/dist/cli/runtime/task-controller.d.ts +7 -0
  157. package/dist/cli/runtime/task-controller.js +29 -0
  158. package/dist/cli/runtime/types.d.ts +312 -0
  159. package/dist/cli/runtime/types.js +6 -0
  160. package/dist/cli/theme/index.d.ts +9 -0
  161. package/dist/cli/theme/index.js +6 -0
  162. package/dist/cli/theme/terminal-capability.d.ts +18 -0
  163. package/dist/cli/theme/terminal-capability.js +88 -0
  164. package/dist/cli/theme/theme-registry.d.ts +25 -0
  165. package/dist/cli/theme/theme-registry.js +336 -0
  166. package/dist/cli/theme/theme-resolver.d.ts +12 -0
  167. package/dist/cli/theme/theme-resolver.js +38 -0
  168. package/dist/cli/ui/event.d.ts +65 -0
  169. package/dist/cli/ui/event.js +1 -0
  170. package/dist/cli/ui/green-rain-renderer.d.ts +17 -0
  171. package/dist/cli/ui/green-rain-renderer.js +96 -0
  172. package/dist/cli/ui/neon-grid-renderer.d.ts +17 -0
  173. package/dist/cli/ui/neon-grid-renderer.js +99 -0
  174. package/dist/cli/ui/plain-renderer.d.ts +37 -0
  175. package/dist/cli/ui/plain-renderer.js +160 -0
  176. package/dist/cli/ui/renderer.d.ts +7 -0
  177. package/dist/cli/ui/renderer.js +1 -0
  178. package/dist/cli/ui/rich-renderer.d.ts +32 -0
  179. package/dist/cli/ui/rich-renderer.js +234 -0
  180. package/dist/cli/ui/route-blocked-panel.d.ts +5 -0
  181. package/dist/cli/ui/route-blocked-panel.js +67 -0
  182. package/dist/cli/ui/rust-forge-renderer.d.ts +19 -0
  183. package/dist/cli/ui/rust-forge-renderer.js +129 -0
  184. package/dist/cli/ui/system24-renderer.d.ts +79 -0
  185. package/dist/cli/ui/system24-renderer.js +508 -0
  186. package/dist/cli/v2/chat-repl.d.ts +37 -0
  187. package/dist/cli/v2/chat-repl.js +280 -0
  188. package/dist/cli/v2/cli-v2-skeleton.d.ts +99 -0
  189. package/dist/cli/v2/cli-v2-skeleton.js +350 -0
  190. package/dist/cli/v2/interactive-prompt.d.ts +51 -0
  191. package/dist/cli/v2/interactive-prompt.js +187 -0
  192. package/dist/cli/v2/persistent-memory.d.ts +70 -0
  193. package/dist/cli/v2/persistent-memory.js +229 -0
  194. package/dist/cli/v2/provider-commands.d.ts +120 -0
  195. package/dist/cli/v2/provider-commands.js +244 -0
  196. package/dist/cli/v2/workflow-commands.d.ts +72 -0
  197. package/dist/cli/v2/workflow-commands.js +198 -0
  198. package/dist/cli.d.ts +2 -0
  199. package/dist/cli.js +17 -0
  200. package/dist/cockpit/git-numstat.d.ts +10 -0
  201. package/dist/cockpit/git-numstat.js +97 -0
  202. package/dist/cockpit/lsp-status.d.ts +5 -0
  203. package/dist/cockpit/lsp-status.js +51 -0
  204. package/dist/cockpit/types.d.ts +66 -0
  205. package/dist/cockpit/types.js +4 -0
  206. package/dist/cockpit/views/rail-view.d.ts +9 -0
  207. package/dist/cockpit/views/rail-view.js +160 -0
  208. package/dist/commands/agent.d.ts +6 -0
  209. package/dist/commands/agent.js +263 -0
  210. package/dist/commands/appshot.d.ts +15 -0
  211. package/dist/commands/appshot.js +122 -0
  212. package/dist/commands/auth.d.ts +43 -0
  213. package/dist/commands/auth.js +167 -0
  214. package/dist/commands/browser.d.ts +18 -0
  215. package/dist/commands/browser.js +110 -0
  216. package/dist/commands/chat/chat-turn-dag.d.ts +21 -0
  217. package/dist/commands/chat/chat-turn-dag.js +72 -0
  218. package/dist/commands/chat/core.d.ts +27 -0
  219. package/dist/commands/chat/core.js +418 -0
  220. package/dist/commands/chat/index.d.ts +5 -0
  221. package/dist/commands/chat/index.js +5 -0
  222. package/dist/commands/chat/native-root-loop.d.ts +57 -0
  223. package/dist/commands/chat/native-root-loop.js +1041 -0
  224. package/dist/commands/chat/runtime.d.ts +46 -0
  225. package/dist/commands/chat/runtime.js +395 -0
  226. package/dist/commands/chat/slash/commands/control.d.ts +2 -0
  227. package/dist/commands/chat/slash/commands/control.js +196 -0
  228. package/dist/commands/chat/slash/commands/diagnostics.d.ts +2 -0
  229. package/dist/commands/chat/slash/commands/diagnostics.js +64 -0
  230. package/dist/commands/chat/slash/commands/harness.d.ts +2 -0
  231. package/dist/commands/chat/slash/commands/harness.js +21 -0
  232. package/dist/commands/chat/slash/commands/index.d.ts +2 -0
  233. package/dist/commands/chat/slash/commands/index.js +18 -0
  234. package/dist/commands/chat/slash/commands/routing.d.ts +2 -0
  235. package/dist/commands/chat/slash/commands/routing.js +355 -0
  236. package/dist/commands/chat/slash/commands/session.d.ts +2 -0
  237. package/dist/commands/chat/slash/commands/session.js +86 -0
  238. package/dist/commands/chat/slash/commands/tool-plane.d.ts +2 -0
  239. package/dist/commands/chat/slash/commands/tool-plane.js +64 -0
  240. package/dist/commands/chat/slash/commands/ui.d.ts +2 -0
  241. package/dist/commands/chat/slash/commands/ui.js +108 -0
  242. package/dist/commands/chat/slash/context.d.ts +3 -0
  243. package/dist/commands/chat/slash/context.js +9 -0
  244. package/dist/commands/chat/slash/format.d.ts +3 -0
  245. package/dist/commands/chat/slash/format.js +19 -0
  246. package/dist/commands/chat/slash/parser.d.ts +15 -0
  247. package/dist/commands/chat/slash/parser.js +97 -0
  248. package/dist/commands/chat/slash/registry.d.ts +13 -0
  249. package/dist/commands/chat/slash/registry.js +38 -0
  250. package/dist/commands/chat/slash/result.d.ts +7 -0
  251. package/dist/commands/chat/slash/result.js +35 -0
  252. package/dist/commands/chat/slash/types.d.ts +32 -0
  253. package/dist/commands/chat/slash/types.js +1 -0
  254. package/dist/commands/chat/startup.d.ts +68 -0
  255. package/dist/commands/chat/startup.js +150 -0
  256. package/dist/commands/chat/state.d.ts +3 -0
  257. package/dist/commands/chat/state.js +100 -0
  258. package/dist/commands/chat/utils.d.ts +25 -0
  259. package/dist/commands/chat/utils.js +208 -0
  260. package/dist/commands/chat.d.ts +2 -0
  261. package/dist/commands/chat.js +2 -0
  262. package/dist/commands/cockpit/core.d.ts +5 -0
  263. package/dist/commands/cockpit/core.js +91 -0
  264. package/dist/commands/cockpit/render.d.ts +5 -0
  265. package/dist/commands/cockpit/render.js +931 -0
  266. package/dist/commands/cockpit/scroll.d.ts +39 -0
  267. package/dist/commands/cockpit/scroll.js +87 -0
  268. package/dist/commands/cockpit/telemetry.d.ts +30 -0
  269. package/dist/commands/cockpit/telemetry.js +361 -0
  270. package/dist/commands/cockpit/update-loop.d.ts +54 -0
  271. package/dist/commands/cockpit/update-loop.js +285 -0
  272. package/dist/commands/cockpit/utils.d.ts +231 -0
  273. package/dist/commands/cockpit/utils.js +388 -0
  274. package/dist/commands/cockpit.d.ts +8 -0
  275. package/dist/commands/cockpit.js +7 -0
  276. package/dist/commands/codex.d.ts +70 -0
  277. package/dist/commands/codex.js +597 -0
  278. package/dist/commands/consent.d.ts +24 -0
  279. package/dist/commands/consent.js +255 -0
  280. package/dist/commands/cron.d.ts +16 -0
  281. package/dist/commands/cron.js +187 -0
  282. package/dist/commands/dag-from-spec.d.ts +30 -0
  283. package/dist/commands/dag-from-spec.js +284 -0
  284. package/dist/commands/dag.d.ts +10 -0
  285. package/dist/commands/dag.js +467 -0
  286. package/dist/commands/design.d.ts +73 -0
  287. package/dist/commands/design.js +1251 -0
  288. package/dist/commands/diff-runs.d.ts +3 -0
  289. package/dist/commands/diff-runs.js +36 -0
  290. package/dist/commands/do.d.ts +29 -0
  291. package/dist/commands/do.js +196 -0
  292. package/dist/commands/doctor/checks.d.ts +20 -0
  293. package/dist/commands/doctor/checks.js +896 -0
  294. package/dist/commands/doctor/core.d.ts +2 -0
  295. package/dist/commands/doctor/core.js +53 -0
  296. package/dist/commands/doctor/fix-plan.d.ts +69 -0
  297. package/dist/commands/doctor/fix-plan.js +78 -0
  298. package/dist/commands/doctor/fix.d.ts +5 -0
  299. package/dist/commands/doctor/fix.js +1002 -0
  300. package/dist/commands/doctor/report.d.ts +7 -0
  301. package/dist/commands/doctor/report.js +151 -0
  302. package/dist/commands/doctor/utils.d.ts +52 -0
  303. package/dist/commands/doctor/utils.js +124 -0
  304. package/dist/commands/doctor.d.ts +2 -0
  305. package/dist/commands/doctor.js +1 -0
  306. package/dist/commands/goal.d.ts +46 -0
  307. package/dist/commands/goal.js +492 -0
  308. package/dist/commands/google.d.ts +1 -0
  309. package/dist/commands/google.js +27 -0
  310. package/dist/commands/graph.d.ts +9 -0
  311. package/dist/commands/graph.js +26 -0
  312. package/dist/commands/hud.d.ts +57 -0
  313. package/dist/commands/hud.js +1031 -0
  314. package/dist/commands/image.d.ts +16 -0
  315. package/dist/commands/image.js +102 -0
  316. package/dist/commands/init/config.d.ts +8 -0
  317. package/dist/commands/init/config.js +97 -0
  318. package/dist/commands/init/constants.d.ts +7 -0
  319. package/dist/commands/init/constants.js +49 -0
  320. package/dist/commands/init/content.d.ts +12 -0
  321. package/dist/commands/init/content.js +1783 -0
  322. package/dist/commands/init/core.d.ts +2 -0
  323. package/dist/commands/init/core.js +298 -0
  324. package/dist/commands/init/interactive.d.ts +9 -0
  325. package/dist/commands/init/interactive.js +170 -0
  326. package/dist/commands/init/scaffold.d.ts +17 -0
  327. package/dist/commands/init/scaffold.js +146 -0
  328. package/dist/commands/init/types.d.ts +35 -0
  329. package/dist/commands/init/types.js +1 -0
  330. package/dist/commands/init/utils.d.ts +13 -0
  331. package/dist/commands/init/utils.js +107 -0
  332. package/dist/commands/init.d.ts +32 -0
  333. package/dist/commands/init.js +2581 -0
  334. package/dist/commands/inspect.d.ts +9 -0
  335. package/dist/commands/inspect.js +12 -0
  336. package/dist/commands/lsp.d.ts +8 -0
  337. package/dist/commands/lsp.js +60 -0
  338. package/dist/commands/mcp.d.ts +104 -0
  339. package/dist/commands/mcp.js +1603 -0
  340. package/dist/commands/menu.d.ts +4 -0
  341. package/dist/commands/menu.js +213 -0
  342. package/dist/commands/merge.d.ts +8 -0
  343. package/dist/commands/merge.js +229 -0
  344. package/dist/commands/mode.d.ts +3 -0
  345. package/dist/commands/mode.js +60 -0
  346. package/dist/commands/model.d.ts +15 -0
  347. package/dist/commands/model.js +215 -0
  348. package/dist/commands/notice.d.ts +7 -0
  349. package/dist/commands/notice.js +76 -0
  350. package/dist/commands/open-design-agent.d.ts +46 -0
  351. package/dist/commands/open-design-agent.js +569 -0
  352. package/dist/commands/orchestrate.d.ts +18 -0
  353. package/dist/commands/orchestrate.js +284 -0
  354. package/dist/commands/parallel/core.d.ts +34 -0
  355. package/dist/commands/parallel/core.js +296 -0
  356. package/dist/commands/parallel/index.d.ts +5 -0
  357. package/dist/commands/parallel/index.js +5 -0
  358. package/dist/commands/parallel/interactive.d.ts +27 -0
  359. package/dist/commands/parallel/interactive.js +172 -0
  360. package/dist/commands/parallel/orchestrator.d.ts +40 -0
  361. package/dist/commands/parallel/orchestrator.js +564 -0
  362. package/dist/commands/parallel/utils.d.ts +12 -0
  363. package/dist/commands/parallel/utils.js +114 -0
  364. package/dist/commands/parallel/worker.d.ts +43 -0
  365. package/dist/commands/parallel/worker.js +276 -0
  366. package/dist/commands/parallel.d.ts +4 -0
  367. package/dist/commands/parallel.js +3 -0
  368. package/dist/commands/plan.d.ts +6 -0
  369. package/dist/commands/plan.js +113 -0
  370. package/dist/commands/project-index.d.ts +18 -0
  371. package/dist/commands/project-index.js +312 -0
  372. package/dist/commands/provider.d.ts +65 -0
  373. package/dist/commands/provider.js +619 -0
  374. package/dist/commands/rail.d.ts +6 -0
  375. package/dist/commands/rail.js +7 -0
  376. package/dist/commands/replay.d.ts +7 -0
  377. package/dist/commands/replay.js +10 -0
  378. package/dist/commands/research.d.ts +5 -0
  379. package/dist/commands/research.js +48 -0
  380. package/dist/commands/run.d.ts +15 -0
  381. package/dist/commands/run.js +312 -0
  382. package/dist/commands/runs.d.ts +36 -0
  383. package/dist/commands/runs.js +504 -0
  384. package/dist/commands/screenshot.d.ts +10 -0
  385. package/dist/commands/screenshot.js +72 -0
  386. package/dist/commands/skill.d.ts +28 -0
  387. package/dist/commands/skill.js +382 -0
  388. package/dist/commands/snip.d.ts +8 -0
  389. package/dist/commands/snip.js +77 -0
  390. package/dist/commands/spec.d.ts +17 -0
  391. package/dist/commands/spec.js +262 -0
  392. package/dist/commands/specify.d.ts +18 -0
  393. package/dist/commands/specify.js +111 -0
  394. package/dist/commands/star.d.ts +3 -0
  395. package/dist/commands/star.js +30 -0
  396. package/dist/commands/summary.d.ts +2 -0
  397. package/dist/commands/summary.js +343 -0
  398. package/dist/commands/sync.d.ts +6 -0
  399. package/dist/commands/sync.js +129 -0
  400. package/dist/commands/team.d.ts +7 -0
  401. package/dist/commands/team.js +264 -0
  402. package/dist/commands/verify.d.ts +4 -0
  403. package/dist/commands/verify.js +320 -0
  404. package/dist/commands/version.d.ts +6 -0
  405. package/dist/commands/version.js +83 -0
  406. package/dist/commands/web-bridge.d.ts +12 -0
  407. package/dist/commands/web-bridge.js +75 -0
  408. package/dist/commands/why.d.ts +14 -0
  409. package/dist/commands/why.js +46 -0
  410. package/dist/commands/workflow.d.ts +13 -0
  411. package/dist/commands/workflow.js +385 -0
  412. package/dist/contracts/dag.d.ts +134 -0
  413. package/dist/contracts/dag.js +4 -0
  414. package/dist/contracts/decision.d.ts +23 -0
  415. package/dist/contracts/decision.js +1 -0
  416. package/dist/contracts/envelope.d.ts +29 -0
  417. package/dist/contracts/envelope.js +1 -0
  418. package/dist/contracts/errors.d.ts +13 -0
  419. package/dist/contracts/errors.js +15 -0
  420. package/dist/contracts/evidence.d.ts +23 -0
  421. package/dist/contracts/evidence.js +1 -0
  422. package/dist/contracts/goal.d.ts +169 -0
  423. package/dist/contracts/goal.js +4 -0
  424. package/dist/contracts/hud.d.ts +17 -0
  425. package/dist/contracts/hud.js +4 -0
  426. package/dist/contracts/index.d.ts +8 -0
  427. package/dist/contracts/index.js +8 -0
  428. package/dist/contracts/orchestration.d.ts +215 -0
  429. package/dist/contracts/orchestration.js +4 -0
  430. package/dist/contracts/proof.d.ts +32 -0
  431. package/dist/contracts/proof.js +1 -0
  432. package/dist/contracts/provider.d.ts +35 -0
  433. package/dist/contracts/provider.js +1 -0
  434. package/dist/contracts/replay.d.ts +95 -0
  435. package/dist/contracts/replay.js +7 -0
  436. package/dist/contracts/run.d.ts +34 -0
  437. package/dist/contracts/run.js +1 -0
  438. package/dist/contracts/safety.d.ts +10 -0
  439. package/dist/contracts/safety.js +4 -0
  440. package/dist/contracts/version.d.ts +21 -0
  441. package/dist/contracts/version.js +1 -0
  442. package/dist/contracts/web-bridge.d.ts +95 -0
  443. package/dist/contracts/web-bridge.js +168 -0
  444. package/dist/contracts/worker-context.d.ts +70 -0
  445. package/dist/contracts/worker-context.js +1 -0
  446. package/dist/evidence/attempt-record.d.ts +78 -0
  447. package/dist/evidence/attempt-record.js +16 -0
  448. package/dist/evidence/context-snapshot.d.ts +20 -0
  449. package/dist/evidence/context-snapshot.js +81 -0
  450. package/dist/evidence/decision-trace.d.ts +14 -0
  451. package/dist/evidence/decision-trace.js +54 -0
  452. package/dist/evidence/diagnosis.d.ts +15 -0
  453. package/dist/evidence/diagnosis.js +279 -0
  454. package/dist/evidence/evidence-recorder.d.ts +19 -0
  455. package/dist/evidence/evidence-recorder.js +55 -0
  456. package/dist/evidence/index.d.ts +15 -0
  457. package/dist/evidence/index.js +7 -0
  458. package/dist/evidence/run-trace.d.ts +103 -0
  459. package/dist/evidence/run-trace.js +191 -0
  460. package/dist/goal/compiler.d.ts +5 -0
  461. package/dist/goal/compiler.js +350 -0
  462. package/dist/goal/control-loop.d.ts +109 -0
  463. package/dist/goal/control-loop.js +1089 -0
  464. package/dist/goal/ensemble-memory.d.ts +26 -0
  465. package/dist/goal/ensemble-memory.js +55 -0
  466. package/dist/goal/eval-criteria.d.ts +3 -0
  467. package/dist/goal/eval-criteria.js +72 -0
  468. package/dist/goal/evidence.d.ts +20 -0
  469. package/dist/goal/evidence.js +321 -0
  470. package/dist/goal/goal-daemon.d.ts +40 -0
  471. package/dist/goal/goal-daemon.js +318 -0
  472. package/dist/goal/intake.d.ts +48 -0
  473. package/dist/goal/intake.js +561 -0
  474. package/dist/goal/intent-analyzer.d.ts +9 -0
  475. package/dist/goal/intent-analyzer.js +322 -0
  476. package/dist/goal/intent-frame.d.ts +35 -0
  477. package/dist/goal/intent-frame.js +566 -0
  478. package/dist/goal/persistence.d.ts +11 -0
  479. package/dist/goal/persistence.js +134 -0
  480. package/dist/goal/prompt-digest.d.ts +13 -0
  481. package/dist/goal/prompt-digest.js +111 -0
  482. package/dist/goal/scoring.d.ts +2 -0
  483. package/dist/goal/scoring.js +69 -0
  484. package/dist/goal/wake-policy.d.ts +26 -0
  485. package/dist/goal/wake-policy.js +58 -0
  486. package/dist/harness/create-harness-task-runner.d.ts +43 -0
  487. package/dist/harness/create-harness-task-runner.js +56 -0
  488. package/dist/harness/execute-harness-run.d.ts +34 -0
  489. package/dist/harness/execute-harness-run.js +109 -0
  490. package/dist/hooks/events.d.ts +71 -0
  491. package/dist/hooks/events.js +1 -0
  492. package/dist/hooks/hook-bus.d.ts +13 -0
  493. package/dist/hooks/hook-bus.js +59 -0
  494. package/dist/hooks/hook-registry.d.ts +6 -0
  495. package/dist/hooks/hook-registry.js +64 -0
  496. package/dist/hooks/index.d.ts +3 -0
  497. package/dist/hooks/index.js +2 -0
  498. package/dist/hud/index.d.ts +9 -0
  499. package/dist/hud/index.js +11 -0
  500. package/dist/hud/live-renderer.d.ts +17 -0
  501. package/dist/hud/live-renderer.js +52 -0
  502. package/dist/hud/render.d.ts +62 -0
  503. package/dist/hud/render.js +954 -0
  504. package/dist/hud/types.d.ts +58 -0
  505. package/dist/hud/types.js +7 -0
  506. package/dist/input/input-artifacts.d.ts +10 -0
  507. package/dist/input/input-artifacts.js +19 -0
  508. package/dist/input/input-envelope.d.ts +64 -0
  509. package/dist/input/input-envelope.js +86 -0
  510. package/dist/integrations/servarr/adapter.d.ts +29 -0
  511. package/dist/integrations/servarr/adapter.js +156 -0
  512. package/dist/integrations/servarr/commands.d.ts +15 -0
  513. package/dist/integrations/servarr/commands.js +119 -0
  514. package/dist/integrations/servarr/schema.d.ts +34 -0
  515. package/dist/integrations/servarr/schema.js +149 -0
  516. package/dist/kimi/ascii-art.d.ts +1 -0
  517. package/dist/kimi/ascii-art.js +23 -0
  518. package/dist/kimi/banner.d.ts +53 -0
  519. package/dist/kimi/banner.js +284 -0
  520. package/dist/kimi/bug-filter.d.ts +15 -0
  521. package/dist/kimi/bug-filter.js +150 -0
  522. package/dist/kimi/capability.d.ts +25 -0
  523. package/dist/kimi/capability.js +68 -0
  524. package/dist/kimi/isolated-home.d.ts +21 -0
  525. package/dist/kimi/isolated-home.js +270 -0
  526. package/dist/kimi/runner.d.ts +74 -0
  527. package/dist/kimi/runner.js +1052 -0
  528. package/dist/kimi/simple-art.d.ts +1 -0
  529. package/dist/kimi/simple-art.js +1 -0
  530. package/dist/kimi/statusline.d.ts +26 -0
  531. package/dist/kimi/statusline.js +142 -0
  532. package/dist/kimi/usage.d.ts +52 -0
  533. package/dist/kimi/usage.js +481 -0
  534. package/dist/kimi/wire-client.d.ts +95 -0
  535. package/dist/kimi/wire-client.js +338 -0
  536. package/dist/lsp/default-config.d.ts +16 -0
  537. package/dist/lsp/default-config.js +26 -0
  538. package/dist/mcp/acp-server.d.ts +2 -0
  539. package/dist/mcp/acp-server.js +357 -0
  540. package/dist/mcp/autoconnect.d.ts +60 -0
  541. package/dist/mcp/autoconnect.js +192 -0
  542. package/dist/mcp/client.d.ts +112 -0
  543. package/dist/mcp/client.js +276 -0
  544. package/dist/mcp/config-permissions.d.ts +23 -0
  545. package/dist/mcp/config-permissions.js +66 -0
  546. package/dist/mcp/consent-flow.d.ts +152 -0
  547. package/dist/mcp/consent-flow.js +329 -0
  548. package/dist/mcp/filesystem-readonly-server.d.ts +2 -0
  549. package/dist/mcp/filesystem-readonly-server.js +320 -0
  550. package/dist/mcp/governance.d.ts +292 -0
  551. package/dist/mcp/governance.js +602 -0
  552. package/dist/mcp/host.d.ts +154 -0
  553. package/dist/mcp/host.js +792 -0
  554. package/dist/mcp/omk-project-server.d.ts +2 -0
  555. package/dist/mcp/omk-project-server.js +1632 -0
  556. package/dist/mcp/omk-web-bridge-server.d.ts +14 -0
  557. package/dist/mcp/omk-web-bridge-server.js +154 -0
  558. package/dist/mcp/permission-resolver.d.ts +67 -0
  559. package/dist/mcp/permission-resolver.js +124 -0
  560. package/dist/mcp/quality-gate.d.ts +36 -0
  561. package/dist/mcp/quality-gate.js +247 -0
  562. package/dist/mcp/quarantine.d.ts +11 -0
  563. package/dist/mcp/quarantine.js +79 -0
  564. package/dist/mcp/secret-scanner.d.ts +189 -0
  565. package/dist/mcp/secret-scanner.js +709 -0
  566. package/dist/mcp/server-catalog.d.ts +36 -0
  567. package/dist/mcp/server-catalog.js +168 -0
  568. package/dist/mcp/shared-secret-registry.d.ts +61 -0
  569. package/dist/mcp/shared-secret-registry.js +171 -0
  570. package/dist/mcp/transports/stdio.d.ts +22 -0
  571. package/dist/mcp/transports/stdio.js +165 -0
  572. package/dist/mcp/transports/streamable-http.d.ts +31 -0
  573. package/dist/mcp/transports/streamable-http.js +289 -0
  574. package/dist/mcp/transports/transport.d.ts +20 -0
  575. package/dist/mcp/transports/transport.js +3 -0
  576. package/dist/memory/embedding.d.ts +11 -0
  577. package/dist/memory/embedding.js +24 -0
  578. package/dist/memory/graph-viewer.d.ts +72 -0
  579. package/dist/memory/graph-viewer.js +402 -0
  580. package/dist/memory/kuzu-memory-store.d.ts +37 -0
  581. package/dist/memory/kuzu-memory-store.js +453 -0
  582. package/dist/memory/local-graph-memory-store.d.ts +141 -0
  583. package/dist/memory/local-graph-memory-store.js +884 -0
  584. package/dist/memory/memory-config.d.ts +51 -0
  585. package/dist/memory/memory-config.js +187 -0
  586. package/dist/memory/memory-store.d.ts +48 -0
  587. package/dist/memory/memory-store.js +210 -0
  588. package/dist/memory/ontology-model.d.ts +175 -0
  589. package/dist/memory/ontology-model.js +131 -0
  590. package/dist/native/linux-x64/omk-safety +0 -0
  591. package/dist/openai/image-client.d.ts +103 -0
  592. package/dist/openai/image-client.js +380 -0
  593. package/dist/orchestration/agent-worker.d.ts +72 -0
  594. package/dist/orchestration/agent-worker.js +278 -0
  595. package/dist/orchestration/capability-agents.d.ts +14 -0
  596. package/dist/orchestration/capability-agents.js +180 -0
  597. package/dist/orchestration/capability-routing.d.ts +42 -0
  598. package/dist/orchestration/capability-routing.js +65 -0
  599. package/dist/orchestration/compiled-dag-executor.d.ts +56 -0
  600. package/dist/orchestration/compiled-dag-executor.js +88 -0
  601. package/dist/orchestration/completion-artifacts.d.ts +37 -0
  602. package/dist/orchestration/completion-artifacts.js +84 -0
  603. package/dist/orchestration/completion-sentinel.d.ts +37 -0
  604. package/dist/orchestration/completion-sentinel.js +66 -0
  605. package/dist/orchestration/contracts/index.d.ts +45 -0
  606. package/dist/orchestration/contracts/index.js +6 -0
  607. package/dist/orchestration/dag-artifacts.d.ts +11 -0
  608. package/dist/orchestration/dag-artifacts.js +42 -0
  609. package/dist/orchestration/dag-compiler-presets.d.ts +20 -0
  610. package/dist/orchestration/dag-compiler-presets.js +476 -0
  611. package/dist/orchestration/dag-compiler-types.d.ts +40 -0
  612. package/dist/orchestration/dag-compiler-types.js +1 -0
  613. package/dist/orchestration/dag-compiler.d.ts +3 -0
  614. package/dist/orchestration/dag-compiler.js +122 -0
  615. package/dist/orchestration/dag.d.ts +158 -0
  616. package/dist/orchestration/dag.js +310 -0
  617. package/dist/orchestration/diagnostics.d.ts +27 -0
  618. package/dist/orchestration/diagnostics.js +262 -0
  619. package/dist/orchestration/enhanced-modes.d.ts +116 -0
  620. package/dist/orchestration/enhanced-modes.js +231 -0
  621. package/dist/orchestration/enhanced-parallel-orchestrator.d.ts +127 -0
  622. package/dist/orchestration/enhanced-parallel-orchestrator.js +734 -0
  623. package/dist/orchestration/ensemble-decision.d.ts +40 -0
  624. package/dist/orchestration/ensemble-decision.js +297 -0
  625. package/dist/orchestration/ensemble.d.ts +22 -0
  626. package/dist/orchestration/ensemble.js +558 -0
  627. package/dist/orchestration/eta.d.ts +10 -0
  628. package/dist/orchestration/eta.js +75 -0
  629. package/dist/orchestration/evidence-check.d.ts +36 -0
  630. package/dist/orchestration/evidence-check.js +257 -0
  631. package/dist/orchestration/evidence-gate.d.ts +34 -0
  632. package/dist/orchestration/evidence-gate.js +501 -0
  633. package/dist/orchestration/execution-planner.d.ts +40 -0
  634. package/dist/orchestration/execution-planner.js +252 -0
  635. package/dist/orchestration/executor.d.ts +11 -0
  636. package/dist/orchestration/executor.js +979 -0
  637. package/dist/orchestration/interactive-orchestrator.d.ts +134 -0
  638. package/dist/orchestration/interactive-orchestrator.js +450 -0
  639. package/dist/orchestration/log-streamer.d.ts +104 -0
  640. package/dist/orchestration/log-streamer.js +288 -0
  641. package/dist/orchestration/loop-artifacts.d.ts +14 -0
  642. package/dist/orchestration/loop-artifacts.js +20 -0
  643. package/dist/orchestration/loop-controller.d.ts +14 -0
  644. package/dist/orchestration/loop-controller.js +311 -0
  645. package/dist/orchestration/loop-guard.d.ts +28 -0
  646. package/dist/orchestration/loop-guard.js +104 -0
  647. package/dist/orchestration/loop-state.d.ts +86 -0
  648. package/dist/orchestration/loop-state.js +1 -0
  649. package/dist/orchestration/node-monitor.d.ts +18 -0
  650. package/dist/orchestration/node-monitor.js +98 -0
  651. package/dist/orchestration/orchestrate-prompt.d.ts +43 -0
  652. package/dist/orchestration/orchestrate-prompt.js +533 -0
  653. package/dist/orchestration/orchestration-state.d.ts +3 -0
  654. package/dist/orchestration/orchestration-state.js +2 -0
  655. package/dist/orchestration/parallel-orchestrator.d.ts +159 -0
  656. package/dist/orchestration/parallel-orchestrator.js +576 -0
  657. package/dist/orchestration/parallel-ui.d.ts +51 -0
  658. package/dist/orchestration/parallel-ui.js +470 -0
  659. package/dist/orchestration/repair-policy.d.ts +20 -0
  660. package/dist/orchestration/repair-policy.js +221 -0
  661. package/dist/orchestration/routing/inventory.d.ts +9 -0
  662. package/dist/orchestration/routing/inventory.js +273 -0
  663. package/dist/orchestration/routing/mcp-config.d.ts +17 -0
  664. package/dist/orchestration/routing/mcp-config.js +154 -0
  665. package/dist/orchestration/routing/types.d.ts +38 -0
  666. package/dist/orchestration/routing/types.js +4 -0
  667. package/dist/orchestration/routing.d.ts +31 -0
  668. package/dist/orchestration/routing.js +961 -0
  669. package/dist/orchestration/run-state.d.ts +36 -0
  670. package/dist/orchestration/run-state.js +176 -0
  671. package/dist/orchestration/scheduler.d.ts +9 -0
  672. package/dist/orchestration/scheduler.js +85 -0
  673. package/dist/orchestration/skill-assigner.d.ts +22 -0
  674. package/dist/orchestration/skill-assigner.js +345 -0
  675. package/dist/orchestration/state-machine/index.d.ts +3 -0
  676. package/dist/orchestration/state-machine/index.js +3 -0
  677. package/dist/orchestration/state-machine/node-state-machine.d.ts +24 -0
  678. package/dist/orchestration/state-machine/node-state-machine.js +35 -0
  679. package/dist/orchestration/state-machine/run-state-machine.d.ts +38 -0
  680. package/dist/orchestration/state-machine/run-state-machine.js +161 -0
  681. package/dist/orchestration/state-machine/run-state-manager.d.ts +108 -0
  682. package/dist/orchestration/state-machine/run-state-manager.js +314 -0
  683. package/dist/orchestration/state-persister.d.ts +7 -0
  684. package/dist/orchestration/state-persister.js +77 -0
  685. package/dist/orchestration/task-graph.d.ts +29 -0
  686. package/dist/orchestration/task-graph.js +261 -0
  687. package/dist/orchestration/verification-only.d.ts +28 -0
  688. package/dist/orchestration/verification-only.js +94 -0
  689. package/dist/providers/attempt-recorder.d.ts +10 -0
  690. package/dist/providers/attempt-recorder.js +38 -0
  691. package/dist/providers/codex-cli-runner.d.ts +11 -0
  692. package/dist/providers/codex-cli-runner.js +129 -0
  693. package/dist/providers/context-preflight.d.ts +47 -0
  694. package/dist/providers/context-preflight.js +134 -0
  695. package/dist/providers/deepseek/deepseek-balance.d.ts +29 -0
  696. package/dist/providers/deepseek/deepseek-balance.js +80 -0
  697. package/dist/providers/deepseek/deepseek-client.d.ts +53 -0
  698. package/dist/providers/deepseek/deepseek-client.js +164 -0
  699. package/dist/providers/deepseek/deepseek-config.d.ts +89 -0
  700. package/dist/providers/deepseek/deepseek-config.js +272 -0
  701. package/dist/providers/deepseek/deepseek-errors.d.ts +5 -0
  702. package/dist/providers/deepseek/deepseek-errors.js +48 -0
  703. package/dist/providers/deepseek/deepseek-provider.d.ts +10 -0
  704. package/dist/providers/deepseek/deepseek-provider.js +162 -0
  705. package/dist/providers/deepseek/deepseek-super-config.d.ts +31 -0
  706. package/dist/providers/deepseek/deepseek-super-config.js +136 -0
  707. package/dist/providers/deepseek-provider.d.ts +8 -0
  708. package/dist/providers/deepseek-provider.js +78 -0
  709. package/dist/providers/health.d.ts +13 -0
  710. package/dist/providers/health.js +55 -0
  711. package/dist/providers/index.d.ts +22 -0
  712. package/dist/providers/index.js +22 -0
  713. package/dist/providers/kimi-provider-failure.d.ts +8 -0
  714. package/dist/providers/kimi-provider-failure.js +56 -0
  715. package/dist/providers/kimi-provider.d.ts +7 -0
  716. package/dist/providers/kimi-provider.js +27 -0
  717. package/dist/providers/model-registry.d.ts +103 -0
  718. package/dist/providers/model-registry.js +571 -0
  719. package/dist/providers/model-table.d.ts +24 -0
  720. package/dist/providers/model-table.js +140 -0
  721. package/dist/providers/model-tabs.d.ts +33 -0
  722. package/dist/providers/model-tabs.js +98 -0
  723. package/dist/providers/openai-compatible-runner.d.ts +17 -0
  724. package/dist/providers/openai-compatible-runner.js +180 -0
  725. package/dist/providers/provider-router.d.ts +8 -0
  726. package/dist/providers/provider-router.js +174 -0
  727. package/dist/providers/provider-runtime.d.ts +17 -0
  728. package/dist/providers/provider-runtime.js +246 -0
  729. package/dist/providers/provider-stats.d.ts +56 -0
  730. package/dist/providers/provider-stats.js +303 -0
  731. package/dist/providers/provider-task-runner.d.ts +23 -0
  732. package/dist/providers/provider-task-runner.js +1171 -0
  733. package/dist/providers/provider.d.ts +74 -0
  734. package/dist/providers/provider.js +9 -0
  735. package/dist/providers/router.d.ts +14 -0
  736. package/dist/providers/router.js +486 -0
  737. package/dist/providers/runner/deepseek-helpers.d.ts +38 -0
  738. package/dist/providers/runner/deepseek-helpers.js +150 -0
  739. package/dist/providers/runner/env.d.ts +12 -0
  740. package/dist/providers/runner/env.js +98 -0
  741. package/dist/providers/runner/execution.d.ts +26 -0
  742. package/dist/providers/runner/execution.js +42 -0
  743. package/dist/providers/runner/helpers.d.ts +9 -0
  744. package/dist/providers/runner/helpers.js +38 -0
  745. package/dist/providers/runner/results.d.ts +26 -0
  746. package/dist/providers/runner/results.js +104 -0
  747. package/dist/providers/thinking-levels.d.ts +7 -0
  748. package/dist/providers/thinking-levels.js +67 -0
  749. package/dist/providers/types.d.ts +139 -0
  750. package/dist/providers/types.js +60 -0
  751. package/dist/replay/differ.d.ts +5 -0
  752. package/dist/replay/differ.js +314 -0
  753. package/dist/replay/index.d.ts +6 -0
  754. package/dist/replay/index.js +4 -0
  755. package/dist/replay/inspector.d.ts +14 -0
  756. package/dist/replay/inspector.js +264 -0
  757. package/dist/replay/manifest-builder.d.ts +11 -0
  758. package/dist/replay/manifest-builder.js +184 -0
  759. package/dist/replay/replay-engine.d.ts +18 -0
  760. package/dist/replay/replay-engine.js +265 -0
  761. package/dist/runtime/adapter.d.ts +77 -0
  762. package/dist/runtime/adapter.js +28 -0
  763. package/dist/runtime/agent-runtime.d.ts +123 -0
  764. package/dist/runtime/agent-runtime.js +18 -0
  765. package/dist/runtime/cache-stable-session.d.ts +55 -0
  766. package/dist/runtime/cache-stable-session.js +108 -0
  767. package/dist/runtime/capability-injection.d.ts +39 -0
  768. package/dist/runtime/capability-injection.js +93 -0
  769. package/dist/runtime/chat-advisory-runtime.d.ts +2 -0
  770. package/dist/runtime/chat-advisory-runtime.js +71 -0
  771. package/dist/runtime/child-env.d.ts +31 -0
  772. package/dist/runtime/child-env.js +131 -0
  773. package/dist/runtime/codex-cli-runtime.d.ts +10 -0
  774. package/dist/runtime/codex-cli-runtime.js +78 -0
  775. package/dist/runtime/codex-runtime.d.ts +35 -0
  776. package/dist/runtime/codex-runtime.js +264 -0
  777. package/dist/runtime/command-bus.d.ts +13 -0
  778. package/dist/runtime/command-bus.js +57 -0
  779. package/dist/runtime/context-broker-converter.d.ts +9 -0
  780. package/dist/runtime/context-broker-converter.js +96 -0
  781. package/dist/runtime/context-broker.d.ts +25 -0
  782. package/dist/runtime/context-broker.js +308 -0
  783. package/dist/runtime/context-budget-optimizer.d.ts +73 -0
  784. package/dist/runtime/context-budget-optimizer.js +300 -0
  785. package/dist/runtime/context-capsule.d.ts +81 -0
  786. package/dist/runtime/context-capsule.js +46 -0
  787. package/dist/runtime/contracts/command-envelope.d.ts +99 -0
  788. package/dist/runtime/contracts/command-envelope.js +5 -0
  789. package/dist/runtime/contracts/reasoning-trace.d.ts +120 -0
  790. package/dist/runtime/contracts/reasoning-trace.js +10 -0
  791. package/dist/runtime/contracts/shared.d.ts +34 -0
  792. package/dist/runtime/contracts/shared.js +12 -0
  793. package/dist/runtime/core-verified-preset.d.ts +37 -0
  794. package/dist/runtime/core-verified-preset.js +205 -0
  795. package/dist/runtime/debloat-nlp.d.ts +140 -0
  796. package/dist/runtime/debloat-nlp.js +398 -0
  797. package/dist/runtime/deepseek-runtime.d.ts +28 -0
  798. package/dist/runtime/deepseek-runtime.js +270 -0
  799. package/dist/runtime/external-cli-adapter.d.ts +29 -0
  800. package/dist/runtime/external-cli-adapter.js +283 -0
  801. package/dist/runtime/index.d.ts +8 -0
  802. package/dist/runtime/index.js +8 -0
  803. package/dist/runtime/kimi-api-runtime.d.ts +52 -0
  804. package/dist/runtime/kimi-api-runtime.js +367 -0
  805. package/dist/runtime/kimi-print-runtime.d.ts +10 -0
  806. package/dist/runtime/kimi-print-runtime.js +87 -0
  807. package/dist/runtime/kimi-wire-protocol-runtime.d.ts +44 -0
  808. package/dist/runtime/kimi-wire-protocol-runtime.js +436 -0
  809. package/dist/runtime/kimi-wire-runtime.d.ts +17 -0
  810. package/dist/runtime/kimi-wire-runtime.js +112 -0
  811. package/dist/runtime/legacy-bridge.d.ts +14 -0
  812. package/dist/runtime/legacy-bridge.js +27 -0
  813. package/dist/runtime/local-llm-runtime.d.ts +29 -0
  814. package/dist/runtime/local-llm-runtime.js +231 -0
  815. package/dist/runtime/mimo-api-runtime.d.ts +13 -0
  816. package/dist/runtime/mimo-api-runtime.js +24 -0
  817. package/dist/runtime/nlg-renderer.d.ts +38 -0
  818. package/dist/runtime/nlg-renderer.js +132 -0
  819. package/dist/runtime/output-router.d.ts +20 -0
  820. package/dist/runtime/output-router.js +171 -0
  821. package/dist/runtime/process-session.d.ts +27 -0
  822. package/dist/runtime/process-session.js +35 -0
  823. package/dist/runtime/prompt-envelope.d.ts +28 -0
  824. package/dist/runtime/prompt-envelope.js +78 -0
  825. package/dist/runtime/provider-event-normalizer.d.ts +117 -0
  826. package/dist/runtime/provider-event-normalizer.js +454 -0
  827. package/dist/runtime/provider-tool-contracts.d.ts +24 -0
  828. package/dist/runtime/provider-tool-contracts.js +56 -0
  829. package/dist/runtime/reasoning-trace.d.ts +46 -0
  830. package/dist/runtime/reasoning-trace.js +289 -0
  831. package/dist/runtime/renderers.d.ts +33 -0
  832. package/dist/runtime/renderers.js +221 -0
  833. package/dist/runtime/runtime-backed-task-runner.d.ts +20 -0
  834. package/dist/runtime/runtime-backed-task-runner.js +166 -0
  835. package/dist/runtime/runtime-bootstrap.d.ts +21 -0
  836. package/dist/runtime/runtime-bootstrap.js +208 -0
  837. package/dist/runtime/runtime-registry.d.ts +23 -0
  838. package/dist/runtime/runtime-registry.js +95 -0
  839. package/dist/runtime/runtime-router.d.ts +51 -0
  840. package/dist/runtime/runtime-router.js +620 -0
  841. package/dist/runtime/sandbox-profile.d.ts +25 -0
  842. package/dist/runtime/sandbox-profile.js +35 -0
  843. package/dist/runtime/slash-commands.d.ts +46 -0
  844. package/dist/runtime/slash-commands.js +321 -0
  845. package/dist/runtime/stable-json.d.ts +9 -0
  846. package/dist/runtime/stable-json.js +45 -0
  847. package/dist/runtime/tool-call-repair.d.ts +35 -0
  848. package/dist/runtime/tool-call-repair.js +181 -0
  849. package/dist/runtime/tool-dispatch-contracts.d.ts +8 -0
  850. package/dist/runtime/tool-dispatch-contracts.js +32 -0
  851. package/dist/runtime/tool-plane.d.ts +31 -0
  852. package/dist/runtime/tool-plane.js +112 -0
  853. package/dist/runtime/tool-proxy.d.ts +20 -0
  854. package/dist/runtime/tool-proxy.js +109 -0
  855. package/dist/runtime/tool-registry-contract.d.ts +40 -0
  856. package/dist/runtime/tool-registry-contract.js +52 -0
  857. package/dist/runtime/ui-components.d.ts +64 -0
  858. package/dist/runtime/ui-components.js +232 -0
  859. package/dist/runtime/worker-manifest.d.ts +34 -0
  860. package/dist/runtime/worker-manifest.js +204 -0
  861. package/dist/safety/approval-policy.d.ts +4 -0
  862. package/dist/safety/approval-policy.js +33 -0
  863. package/dist/safety/guard-hooks.d.ts +3 -0
  864. package/dist/safety/guard-hooks.js +64 -0
  865. package/dist/schema/decision.schema.d.ts +57 -0
  866. package/dist/schema/decision.schema.js +32 -0
  867. package/dist/schema/envelope.schema.d.ts +216 -0
  868. package/dist/schema/envelope.schema.js +38 -0
  869. package/dist/schema/error.schema.d.ts +51 -0
  870. package/dist/schema/error.schema.js +12 -0
  871. package/dist/schema/evidence.schema.d.ts +58 -0
  872. package/dist/schema/evidence.schema.js +31 -0
  873. package/dist/schema/index.d.ts +8 -0
  874. package/dist/schema/index.js +8 -0
  875. package/dist/schema/proof-bundle.schema.d.ts +150 -0
  876. package/dist/schema/proof-bundle.schema.js +42 -0
  877. package/dist/schema/provider.schema.d.ts +138 -0
  878. package/dist/schema/provider.schema.js +35 -0
  879. package/dist/schema/run-manifest.schema.d.ts +168 -0
  880. package/dist/schema/run-manifest.schema.js +35 -0
  881. package/dist/schema/version.schema.d.ts +64 -0
  882. package/dist/schema/version.schema.js +21 -0
  883. package/dist/theme/ansi.d.ts +15 -0
  884. package/dist/theme/ansi.js +41 -0
  885. package/dist/theme/colors.d.ts +87 -0
  886. package/dist/theme/colors.js +105 -0
  887. package/dist/theme/hud-theme.d.ts +6 -0
  888. package/dist/theme/hud-theme.js +41 -0
  889. package/dist/theme/index.d.ts +12 -0
  890. package/dist/theme/index.js +20 -0
  891. package/dist/theme/layout.d.ts +24 -0
  892. package/dist/theme/layout.js +139 -0
  893. package/dist/theme/metrics.d.ts +23 -0
  894. package/dist/theme/metrics.js +93 -0
  895. package/dist/theme/parallel.d.ts +68 -0
  896. package/dist/theme/parallel.js +345 -0
  897. package/dist/theme/working-indicator.d.ts +38 -0
  898. package/dist/theme/working-indicator.js +149 -0
  899. package/dist/tui/model.d.ts +28 -0
  900. package/dist/tui/model.js +1 -0
  901. package/dist/tui/terminal-frame-renderer.d.ts +19 -0
  902. package/dist/tui/terminal-frame-renderer.js +60 -0
  903. package/dist/tui/views/capabilities-view.d.ts +3 -0
  904. package/dist/tui/views/capabilities-view.js +13 -0
  905. package/dist/tui/views/common.d.ts +11 -0
  906. package/dist/tui/views/common.js +35 -0
  907. package/dist/tui/views/dag-view.d.ts +3 -0
  908. package/dist/tui/views/dag-view.js +12 -0
  909. package/dist/tui/views/evidence-view.d.ts +3 -0
  910. package/dist/tui/views/evidence-view.js +18 -0
  911. package/dist/tui/views/index.d.ts +4 -0
  912. package/dist/tui/views/index.js +3 -0
  913. package/dist/ui/omk-sigil.d.ts +13 -0
  914. package/dist/ui/omk-sigil.js +277 -0
  915. package/dist/ui/omk-working-sweep.d.ts +61 -0
  916. package/dist/ui/omk-working-sweep.js +416 -0
  917. package/dist/util/agent-schema.d.ts +24 -0
  918. package/dist/util/agent-schema.js +293 -0
  919. package/dist/util/appshot-store.d.ts +68 -0
  920. package/dist/util/appshot-store.js +506 -0
  921. package/dist/util/chat-agent-mode.d.ts +173 -0
  922. package/dist/util/chat-agent-mode.js +905 -0
  923. package/dist/util/chat-cockpit.d.ts +45 -0
  924. package/dist/util/chat-cockpit.js +293 -0
  925. package/dist/util/chat-startup.d.ts +35 -0
  926. package/dist/util/chat-startup.js +330 -0
  927. package/dist/util/chat-state.d.ts +27 -0
  928. package/dist/util/chat-state.js +105 -0
  929. package/dist/util/checkpoint.d.ts +21 -0
  930. package/dist/util/checkpoint.js +238 -0
  931. package/dist/util/cli-contract.d.ts +46 -0
  932. package/dist/util/cli-contract.js +72 -0
  933. package/dist/util/cron-engine.d.ts +24 -0
  934. package/dist/util/cron-engine.js +227 -0
  935. package/dist/util/events-logger.d.ts +30 -0
  936. package/dist/util/events-logger.js +135 -0
  937. package/dist/util/execution-selection.d.ts +13 -0
  938. package/dist/util/execution-selection.js +82 -0
  939. package/dist/util/first-run-star.d.ts +49 -0
  940. package/dist/util/first-run-star.js +223 -0
  941. package/dist/util/fs.d.ts +128 -0
  942. package/dist/util/fs.js +1757 -0
  943. package/dist/util/git.d.ts +11 -0
  944. package/dist/util/git.js +39 -0
  945. package/dist/util/help-text.d.ts +1 -0
  946. package/dist/util/help-text.js +60 -0
  947. package/dist/util/i18n.d.ts +10 -0
  948. package/dist/util/i18n.js +848 -0
  949. package/dist/util/json-envelope.d.ts +15 -0
  950. package/dist/util/json-envelope.js +28 -0
  951. package/dist/util/mcp-preflight.d.ts +26 -0
  952. package/dist/util/mcp-preflight.js +29 -0
  953. package/dist/util/mode-preset.d.ts +29 -0
  954. package/dist/util/mode-preset.js +222 -0
  955. package/dist/util/mode-selector.d.ts +6 -0
  956. package/dist/util/mode-selector.js +74 -0
  957. package/dist/util/native-safety.d.ts +28 -0
  958. package/dist/util/native-safety.js +118 -0
  959. package/dist/util/output-buffer.d.ts +12 -0
  960. package/dist/util/output-buffer.js +59 -0
  961. package/dist/util/process-tree.d.ts +18 -0
  962. package/dist/util/process-tree.js +102 -0
  963. package/dist/util/project-root.d.ts +27 -0
  964. package/dist/util/project-root.js +382 -0
  965. package/dist/util/provider-usage.d.ts +2 -0
  966. package/dist/util/provider-usage.js +1 -0
  967. package/dist/util/reasoning-nlp.d.ts +84 -0
  968. package/dist/util/reasoning-nlp.js +325 -0
  969. package/dist/util/resource-profile.d.ts +32 -0
  970. package/dist/util/resource-profile.js +219 -0
  971. package/dist/util/run-store.d.ts +38 -0
  972. package/dist/util/run-store.js +151 -0
  973. package/dist/util/run-view-model.d.ts +111 -0
  974. package/dist/util/run-view-model.js +333 -0
  975. package/dist/util/runtime-profile.d.ts +34 -0
  976. package/dist/util/runtime-profile.js +149 -0
  977. package/dist/util/runtime-scope.d.ts +2 -0
  978. package/dist/util/runtime-scope.js +19 -0
  979. package/dist/util/scoped-agent-file.d.ts +47 -0
  980. package/dist/util/scoped-agent-file.js +121 -0
  981. package/dist/util/screenshot-store.d.ts +35 -0
  982. package/dist/util/screenshot-store.js +310 -0
  983. package/dist/util/secret-mask.d.ts +5 -0
  984. package/dist/util/secret-mask.js +41 -0
  985. package/dist/util/session.d.ts +19 -0
  986. package/dist/util/session.js +80 -0
  987. package/dist/util/shell.d.ts +30 -0
  988. package/dist/util/shell.js +350 -0
  989. package/dist/util/snippet.d.ts +17 -0
  990. package/dist/util/snippet.js +110 -0
  991. package/dist/util/sync-manifest.d.ts +13 -0
  992. package/dist/util/sync-manifest.js +22 -0
  993. package/dist/util/terminal-input.d.ts +25 -0
  994. package/dist/util/terminal-input.js +35 -0
  995. package/dist/util/terminal-layout.d.ts +18 -0
  996. package/dist/util/terminal-layout.js +108 -0
  997. package/dist/util/terminal-owner.d.ts +19 -0
  998. package/dist/util/terminal-owner.js +64 -0
  999. package/dist/util/theme.d.ts +9 -0
  1000. package/dist/util/theme.js +9 -0
  1001. package/dist/util/timeout-config.d.ts +18 -0
  1002. package/dist/util/timeout-config.js +101 -0
  1003. package/dist/util/todo-sync.d.ts +58 -0
  1004. package/dist/util/todo-sync.js +473 -0
  1005. package/dist/util/update-check.d.ts +89 -0
  1006. package/dist/util/update-check.js +321 -0
  1007. package/dist/util/usage-view-model.d.ts +22 -0
  1008. package/dist/util/usage-view-model.js +57 -0
  1009. package/dist/util/user-visible-output.d.ts +19 -0
  1010. package/dist/util/user-visible-output.js +48 -0
  1011. package/dist/util/version.d.ts +4 -0
  1012. package/dist/util/version.js +51 -0
  1013. package/dist/util/worktree.d.ts +10 -0
  1014. package/dist/util/worktree.js +165 -0
  1015. package/dist/ux/explain-loop-decision.d.ts +4 -0
  1016. package/dist/ux/explain-loop-decision.js +55 -0
  1017. package/dist/ux/intent-router.d.ts +15 -0
  1018. package/dist/ux/intent-router.js +64 -0
  1019. package/dist/ux/natural-entrypoint.d.ts +21 -0
  1020. package/dist/ux/natural-entrypoint.js +122 -0
  1021. package/dist/version.d.ts +11 -0
  1022. package/dist/version.js +18 -0
  1023. package/dist/web-bridge/host.d.ts +8 -0
  1024. package/dist/web-bridge/host.js +109 -0
  1025. package/dist/web-bridge/native-host.d.ts +6 -0
  1026. package/dist/web-bridge/native-host.js +40 -0
  1027. package/dist/web-bridge/status.d.ts +84 -0
  1028. package/dist/web-bridge/status.js +201 -0
  1029. package/docs/2026-05-01-16gb-lite-mode.md +37 -0
  1030. package/docs/2026-05-01-critical-issues-and-improvements.md +361 -0
  1031. package/docs/2026-05-01-dag-ensemble-runtime.md +74 -0
  1032. package/docs/2026-05-02-p1-p2-hardening-handoff.md +139 -0
  1033. package/docs/2026-05-05-adjustable-timeouts-and-cron-jobs.md +252 -0
  1034. package/docs/2026-05-08-omk-hardening-plan.md +62 -0
  1035. package/docs/2026-05-14/critical-issues.md +20 -0
  1036. package/docs/2026-05-14/improvements.md +14 -0
  1037. package/docs/2026-05-14/init-checklist.md +25 -0
  1038. package/docs/2026-05-14/plan.md +20 -0
  1039. package/docs/2026-05-15/critical-issues.md +20 -0
  1040. package/docs/2026-05-15/improvements.md +14 -0
  1041. package/docs/2026-05-15/init-checklist.md +25 -0
  1042. package/docs/2026-05-15/plan.md +20 -0
  1043. package/docs/2026-05-16/critical-issues.md +20 -0
  1044. package/docs/2026-05-16/improvements.md +14 -0
  1045. package/docs/2026-05-16/init-checklist.md +25 -0
  1046. package/docs/2026-05-16/plan.md +20 -0
  1047. package/docs/2026-05-17/critical-issues.md +20 -0
  1048. package/docs/2026-05-17/improvements.md +14 -0
  1049. package/docs/2026-05-17/init-checklist.md +25 -0
  1050. package/docs/2026-05-17/plan.md +20 -0
  1051. package/docs/2026-05-18/improvements.md +14 -0
  1052. package/docs/2026-05-18/init-checklist.md +25 -0
  1053. package/docs/2026-05-18/plan.md +20 -0
  1054. package/docs/2026-05-18-critical-issues-and-improvements.md +441 -0
  1055. package/docs/2026-05-18-project-direction.md +223 -0
  1056. package/docs/2026-05-19/critical-issues.md +20 -0
  1057. package/docs/2026-05-19/improvements.md +14 -0
  1058. package/docs/2026-05-19/init-checklist.md +25 -0
  1059. package/docs/2026-05-19/plan.md +20 -0
  1060. package/docs/2026-05-20/critical-issues.md +20 -0
  1061. package/docs/2026-05-20/improvements.md +14 -0
  1062. package/docs/2026-05-20/init-checklist.md +25 -0
  1063. package/docs/2026-05-20/plan.md +20 -0
  1064. package/docs/2026-05-21/critical-issues.md +20 -0
  1065. package/docs/2026-05-21/improvements.md +14 -0
  1066. package/docs/2026-05-21/init-checklist.md +25 -0
  1067. package/docs/2026-05-21/plan.md +20 -0
  1068. package/docs/2026-05-22/critical-issues.md +20 -0
  1069. package/docs/2026-05-22/improvements.md +14 -0
  1070. package/docs/2026-05-22/init-checklist.md +25 -0
  1071. package/docs/2026-05-22/plan.md +20 -0
  1072. package/docs/2026-05-23/critical-issues.md +20 -0
  1073. package/docs/2026-05-23/improvements.md +14 -0
  1074. package/docs/2026-05-23/init-checklist.md +25 -0
  1075. package/docs/2026-05-23/plan.md +20 -0
  1076. package/docs/2026-05-24/critical-issues.md +30 -0
  1077. package/docs/2026-05-24/improvements.md +23 -0
  1078. package/docs/2026-05-24/init-checklist.md +25 -0
  1079. package/docs/2026-05-24/plan.md +22 -0
  1080. package/docs/2026-05-25/critical-issues.md +20 -0
  1081. package/docs/2026-05-25/improvements.md +14 -0
  1082. package/docs/2026-05-25/init-checklist.md +25 -0
  1083. package/docs/2026-05-25/plan.md +20 -0
  1084. package/docs/2026-05-26/critical-issues.md +20 -0
  1085. package/docs/2026-05-26/improvements.md +14 -0
  1086. package/docs/2026-05-26/init-checklist.md +25 -0
  1087. package/docs/2026-05-26/plan.md +20 -0
  1088. package/docs/2026-05-27/critical-issues.md +20 -0
  1089. package/docs/2026-05-27/improvements.md +14 -0
  1090. package/docs/2026-05-27/init-checklist.md +25 -0
  1091. package/docs/2026-05-27/plan.md +20 -0
  1092. package/docs/2026-05-28/critical-issues.md +20 -0
  1093. package/docs/2026-05-28/improvements.md +14 -0
  1094. package/docs/2026-05-28/init-checklist.md +25 -0
  1095. package/docs/2026-05-28/plan.md +20 -0
  1096. package/docs/2026-05-29/critical-issues.md +20 -0
  1097. package/docs/2026-05-29/improvements.md +14 -0
  1098. package/docs/2026-05-29/init-checklist.md +25 -0
  1099. package/docs/2026-05-29/plan.md +20 -0
  1100. package/docs/2026-05-30/critical-issues.md +20 -0
  1101. package/docs/2026-05-30/improvements.md +14 -0
  1102. package/docs/2026-05-30/init-checklist.md +25 -0
  1103. package/docs/2026-05-30/plan.md +20 -0
  1104. package/docs/2026-05-31/critical-issues.md +20 -0
  1105. package/docs/2026-05-31/improvements.md +14 -0
  1106. package/docs/2026-05-31/init-checklist.md +25 -0
  1107. package/docs/2026-05-31/plan.md +20 -0
  1108. package/docs/2026-06-01/critical-issues.md +20 -0
  1109. package/docs/2026-06-01/improvements.md +14 -0
  1110. package/docs/2026-06-01/init-checklist.md +25 -0
  1111. package/docs/2026-06-01/plan.md +20 -0
  1112. package/docs/2026-06-02/critical-issues.md +20 -0
  1113. package/docs/2026-06-02/improvements.md +14 -0
  1114. package/docs/2026-06-02/init-checklist.md +25 -0
  1115. package/docs/2026-06-02/plan.md +20 -0
  1116. package/docs/2026-06-03/critical-issues.md +20 -0
  1117. package/docs/2026-06-03/improvements.md +14 -0
  1118. package/docs/2026-06-03/init-checklist.md +25 -0
  1119. package/docs/2026-06-03/plan.md +20 -0
  1120. package/docs/2026-06-04/critical-issues.md +20 -0
  1121. package/docs/2026-06-04/improvements.md +14 -0
  1122. package/docs/2026-06-04/init-checklist.md +25 -0
  1123. package/docs/2026-06-04/plan.md +20 -0
  1124. package/docs/2026-06-05/critical-issues.md +20 -0
  1125. package/docs/2026-06-05/improvements.md +14 -0
  1126. package/docs/2026-06-05/init-checklist.md +25 -0
  1127. package/docs/2026-06-05/plan.md +20 -0
  1128. package/docs/2026-06-06/critical-issues.md +20 -0
  1129. package/docs/2026-06-06/improvements.md +14 -0
  1130. package/docs/2026-06-06/init-checklist.md +25 -0
  1131. package/docs/2026-06-06/plan.md +20 -0
  1132. package/docs/2026-06-07/critical-issues.md +20 -0
  1133. package/docs/2026-06-07/improvements.md +14 -0
  1134. package/docs/2026-06-07/init-checklist.md +25 -0
  1135. package/docs/2026-06-07/plan.md +20 -0
  1136. package/docs/GSTACK_MIGRATION.md +169 -0
  1137. package/docs/OMK_CLI_V2_RUNTIME_ARCHITECTURE.md +2058 -0
  1138. package/docs/cli-v2-migration.md +87 -0
  1139. package/docs/codex-oauth-setup.md +48 -0
  1140. package/docs/demo/verified-run/README.md +32 -0
  1141. package/docs/demo/verified-run/artifacts/README.md +18 -0
  1142. package/docs/demo/verified-run/capture-plan.md +51 -0
  1143. package/docs/demo/verified-run/generated-diff.md +27 -0
  1144. package/docs/demo/verified-run/raw-prompt.md +21 -0
  1145. package/docs/demo/verified-run/video-shot-list.md +14 -0
  1146. package/docs/design-md.md +35 -0
  1147. package/docs/getting-started.md +37 -0
  1148. package/docs/hud-and-parallel-ux.md +155 -0
  1149. package/docs/kimi-oauth-usage-status.md +33 -0
  1150. package/docs/kimi-okabe-dmail.md +44 -0
  1151. package/docs/local-graph-memory.md +102 -0
  1152. package/docs/lsp.md +48 -0
  1153. package/docs/mcp-ontology-proposal.md +12 -0
  1154. package/docs/native-root-runtime-algorithms.md +402 -0
  1155. package/docs/native-root-runtime-hardening.md +131 -0
  1156. package/docs/neo4j-memory.md +5 -0
  1157. package/docs/openai-platform-image-keys.md +23 -0
  1158. package/docs/phase1-final-report.md +154 -0
  1159. package/docs/provider-maturity.md +44 -0
  1160. package/docs/runtime-architecture.md +89 -0
  1161. package/docs/versioning.md +49 -0
  1162. package/llms.txt +38 -0
  1163. package/package.json +188 -0
  1164. package/readmeasset/.npmignore +20 -0
  1165. package/readmeasset/ASSET_INDEX.md +36 -0
  1166. package/readmeasset/ASSET_PROVENANCE.md +94 -0
  1167. package/readmeasset/omk-control.webp +0 -0
  1168. package/readmeasset/omk-core-loop.svg +25 -0
  1169. package/readmeasset/omk-evidence-gate-card.png +0 -0
  1170. package/readmeasset/omk-github-banner.webp +0 -0
  1171. package/readmeasset/omk-github-header.webp +0 -0
  1172. package/readmeasset/omk-install-card.png +0 -0
  1173. package/readmeasset/omk-logo-512.png +0 -0
  1174. package/readmeasset/omk-logo-mark.svg +7 -0
  1175. package/readmeasset/omk-provider-router-card.png +0 -0
  1176. package/readmeasset/omk-runtime-flow-0.78.0.webp +0 -0
  1177. package/readmeasset/omk-social-preview.png +0 -0
  1178. package/readmeasset/omk-tui-0.78.0.webp +0 -0
  1179. package/readmeasset/omk_tui.png +0 -0
  1180. package/templates/.kimi/AGENTS.md +93 -0
  1181. package/templates/.omk/agents/okabe.yaml +30 -0
  1182. package/templates/.omk/agents/roles/aggregator.yaml +13 -0
  1183. package/templates/.omk/agents/roles/architect.yaml +13 -0
  1184. package/templates/.omk/agents/roles/coder.yaml +9 -0
  1185. package/templates/.omk/agents/roles/explorer.yaml +13 -0
  1186. package/templates/.omk/agents/roles/integrator.yaml +13 -0
  1187. package/templates/.omk/agents/roles/interviewer.yaml +13 -0
  1188. package/templates/.omk/agents/roles/ontology.yaml +18 -0
  1189. package/templates/.omk/agents/roles/planner.yaml +13 -0
  1190. package/templates/.omk/agents/roles/qa.yaml +12 -0
  1191. package/templates/.omk/agents/roles/researcher.yaml +13 -0
  1192. package/templates/.omk/agents/roles/reviewer.yaml +13 -0
  1193. package/templates/.omk/agents/roles/router.yaml +13 -0
  1194. package/templates/.omk/agents/roles/security.yaml +12 -0
  1195. package/templates/.omk/agents/roles/tester.yaml +12 -0
  1196. package/templates/.omk/agents/roles/vision-debugger.yaml +12 -0
  1197. package/templates/.omk/agents/root.yaml +62 -0
  1198. package/templates/.omk/lsp.json +27 -0
  1199. package/templates/.omk/prompts/root.md +74 -0
  1200. package/templates/AGENTS.md +510 -0
  1201. package/templates/skills/agents/agentmemory/SKILL.md +40 -0
  1202. package/templates/skills/agents/andrej-karpathy-skills/SKILL.md +41 -0
  1203. package/templates/skills/agents/claude-for-legal/SKILL.md +63 -0
  1204. package/templates/skills/agents/claude-for-legal/references/workflow-catalog.md +38 -0
  1205. package/templates/skills/agents/matt-pocock-skills/SKILL.md +40 -0
  1206. package/templates/skills/agents/multica/SKILL.md +40 -0
  1207. package/templates/skills/agents/omk-adaptorch-orchestration-review/SKILL.md +52 -0
  1208. package/templates/skills/agents/omk-backend-api-review/SKILL.md +30 -0
  1209. package/templates/skills/agents/omk-code-review/SKILL.md +40 -0
  1210. package/templates/skills/agents/omk-context-broker/SKILL.md +57 -0
  1211. package/templates/skills/agents/omk-control-loop-debugger/SKILL.md +49 -0
  1212. package/templates/skills/agents/omk-design-system/SKILL.md +22 -0
  1213. package/templates/skills/agents/omk-docs-release/SKILL.md +42 -0
  1214. package/templates/skills/agents/omk-evidence-contract/SKILL.md +52 -0
  1215. package/templates/skills/agents/omk-frontend-implementation/SKILL.md +13 -0
  1216. package/templates/skills/agents/omk-frontend-ui-review/SKILL.md +29 -0
  1217. package/templates/skills/agents/omk-git-commit-pr/SKILL.md +45 -0
  1218. package/templates/skills/agents/omk-industrial-control-loop/SKILL.md +33 -0
  1219. package/templates/skills/agents/omk-plan-first/SKILL.md +39 -0
  1220. package/templates/skills/agents/omk-project-rules/SKILL.md +46 -0
  1221. package/templates/skills/agents/omk-python-typing/SKILL.md +33 -0
  1222. package/templates/skills/agents/omk-quality-gate/SKILL.md +54 -0
  1223. package/templates/skills/agents/omk-repo-explorer/SKILL.md +33 -0
  1224. package/templates/skills/agents/omk-research-verify/SKILL.md +30 -0
  1225. package/templates/skills/agents/omk-secret-guard/SKILL.md +23 -0
  1226. package/templates/skills/agents/omk-security-review/SKILL.md +49 -0
  1227. package/templates/skills/agents/omk-test-debug-loop/SKILL.md +43 -0
  1228. package/templates/skills/agents/omk-troubleshooting/SKILL.md +14 -0
  1229. package/templates/skills/agents/omk-typescript-strict/SKILL.md +38 -0
  1230. package/templates/skills/agents/omk-worktree-team/SKILL.md +44 -0
  1231. package/templates/skills/agents/react-doctor/SKILL.md +46 -0
  1232. package/templates/skills/kimi/agentmemory/SKILL.md +40 -0
  1233. package/templates/skills/kimi/andrej-karpathy-skills/SKILL.md +41 -0
  1234. package/templates/skills/kimi/awesome-design-md/SKILL.md +54 -0
  1235. package/templates/skills/kimi/claude-for-legal/SKILL.md +63 -0
  1236. package/templates/skills/kimi/claude-for-legal/references/workflow-catalog.md +38 -0
  1237. package/templates/skills/kimi/deepseek-api/SKILL.md +27 -0
  1238. package/templates/skills/kimi/deepseek-disable/SKILL.md +20 -0
  1239. package/templates/skills/kimi/deepseek-enable/SKILL.md +20 -0
  1240. package/templates/skills/kimi/deepseekset/SKILL.md +27 -0
  1241. package/templates/skills/kimi/graph-view/SKILL.md +29 -0
  1242. package/templates/skills/kimi/matt-pocock-skills/SKILL.md +40 -0
  1243. package/templates/skills/kimi/mcp-install/SKILL.md +66 -0
  1244. package/templates/skills/kimi/multica/SKILL.md +40 -0
  1245. package/templates/skills/kimi/omk-adaptorch-orchestration-review/SKILL.md +52 -0
  1246. package/templates/skills/kimi/omk-backend-api-review/SKILL.md +30 -0
  1247. package/templates/skills/kimi/omk-code-review/SKILL.md +34 -0
  1248. package/templates/skills/kimi/omk-context-broker/SKILL.md +57 -0
  1249. package/templates/skills/kimi/omk-control-loop-debugger/SKILL.md +49 -0
  1250. package/templates/skills/kimi/omk-design-md/SKILL.md +55 -0
  1251. package/templates/skills/kimi/omk-design-system/SKILL.md +22 -0
  1252. package/templates/skills/kimi/omk-docs-release/SKILL.md +42 -0
  1253. package/templates/skills/kimi/omk-evidence-contract/SKILL.md +52 -0
  1254. package/templates/skills/kimi/omk-flow-bugfix/SKILL.md +20 -0
  1255. package/templates/skills/kimi/omk-flow-design-to-code/SKILL.md +23 -0
  1256. package/templates/skills/kimi/omk-flow-feature-dev/SKILL.md +24 -0
  1257. package/templates/skills/kimi/omk-flow-pr-review/SKILL.md +17 -0
  1258. package/templates/skills/kimi/omk-flow-refactor/SKILL.md +21 -0
  1259. package/templates/skills/kimi/omk-flow-release/SKILL.md +20 -0
  1260. package/templates/skills/kimi/omk-flow-team-run/SKILL.md +24 -0
  1261. package/templates/skills/kimi/omk-frontend-implementation/SKILL.md +13 -0
  1262. package/templates/skills/kimi/omk-frontend-ui-review/SKILL.md +29 -0
  1263. package/templates/skills/kimi/omk-git-commit-pr/SKILL.md +45 -0
  1264. package/templates/skills/kimi/omk-global-rules/SKILL.md +31 -0
  1265. package/templates/skills/kimi/omk-industrial-control-loop/SKILL.md +33 -0
  1266. package/templates/skills/kimi/omk-kimi-runtime/SKILL.md +46 -0
  1267. package/templates/skills/kimi/omk-multimodal-ui-review/SKILL.md +26 -0
  1268. package/templates/skills/kimi/omk-plan-first/SKILL.md +39 -0
  1269. package/templates/skills/kimi/omk-project-rules/SKILL.md +21 -0
  1270. package/templates/skills/kimi/omk-python-typing/SKILL.md +33 -0
  1271. package/templates/skills/kimi/omk-quality-gate/SKILL.md +36 -0
  1272. package/templates/skills/kimi/omk-repo-explorer/SKILL.md +33 -0
  1273. package/templates/skills/kimi/omk-research-verify/SKILL.md +30 -0
  1274. package/templates/skills/kimi/omk-secret-guard/SKILL.md +23 -0
  1275. package/templates/skills/kimi/omk-security-review/SKILL.md +49 -0
  1276. package/templates/skills/kimi/omk-task-router/SKILL.md +27 -0
  1277. package/templates/skills/kimi/omk-test-debug-loop/SKILL.md +43 -0
  1278. package/templates/skills/kimi/omk-typescript-strict/SKILL.md +38 -0
  1279. package/templates/skills/kimi/omk-worktree-team/SKILL.md +44 -0
  1280. package/templates/skills/kimi/open-design/SKILL.md +56 -0
  1281. package/templates/skills/kimi/provider/SKILL.md +47 -0
  1282. package/templates/skills/kimi/react-doctor/SKILL.md +46 -0
  1283. package/templates/skills/kimi/speckit-analyze/SKILL.md +255 -0
  1284. package/templates/skills/kimi/speckit-checklist/SKILL.md +367 -0
  1285. package/templates/skills/kimi/speckit-clarify/SKILL.md +249 -0
  1286. package/templates/skills/kimi/speckit-constitution/SKILL.md +152 -0
  1287. package/templates/skills/kimi/speckit-implement/SKILL.md +204 -0
  1288. package/templates/skills/kimi/speckit-plan/SKILL.md +147 -0
  1289. package/templates/skills/kimi/speckit-specify/SKILL.md +325 -0
  1290. package/templates/skills/kimi/speckit-tasks/SKILL.md +197 -0
  1291. package/templates/skills/kimi/speckit-taskstoissues/SKILL.md +101 -0
  1292. package/templates/skills/kimi/think/SKILL.md +41 -0
  1293. package/templates/spec-kit-omk-preset/commands/plan.md +21 -0
  1294. package/templates/spec-kit-omk-preset/commands/tasks.md +21 -0
  1295. package/templates/spec-kit-omk-preset/preset.yml +12 -0
  1296. package/templates/spec-kit-omk-preset/templates/plan-template.md +75 -0
  1297. package/templates/spec-kit-omk-preset/templates/spec-template.md +80 -0
  1298. package/templates/spec-kit-omk-preset/templates/tasks-template.md +160 -0
  1299. package/templates/web-bridge/chrome-extension/README.md +18 -0
  1300. package/templates/web-bridge/chrome-extension/background.js +57 -0
  1301. package/templates/web-bridge/chrome-extension/content-script.js +46 -0
  1302. package/templates/web-bridge/chrome-extension/manifest.json +16 -0
  1303. package/templates/web-bridge/chrome-extension/popup.html +21 -0
  1304. package/templates/web-bridge/chrome-extension/popup.js +9 -0
package/docs/2026-05-18-critical-issues-and-improvements.md ADDED
@@ -0,0 +1,441 @@
1
+ # 2026-05-18 Critical Issues
2
+
3
+ ## Scope
4
+
5
+ 분석 범위는 현재 `open-multi-agent-kit` working tree 전체다. 병렬 subagent fan-out으로 architecture, source archaeology, security, infra/release, QA/test, docs 방향성을 분리 검토했고, 로컬에서 핵심 파일을 추가 확인했다.
6
+
7
+ 주의:
8
+
9
+ - 이 문서는 최초 발견 사항과 이후 안정화 결과를 함께 기록한다.
10
+ - secret 값은 출력하지 않았다.
11
+ - “Critical/P0”는 public release 또는 기본 런타임 안전성 전에 반드시 해결해야 하는 항목이다.
12
+
13
+ ## Stabilization status after 2026-05-18 fixes
14
+
15
+ Resolved/mitigated in source and covered by regression tests:
16
+
17
+ - MCP raw permission await bypass: fixed for tool/resource/prompt paths.
18
+ - Standard `tools/call`: now routes through governance redaction/audit before returning MCP-compatible content.
19
+ - MCP lifecycle: request timeout, notification shape, pending close rejection, stdio close handling, streamable HTTP session/header behavior.
20
+ - Fresh init: project-local scopes and `omk-core-verified` baseline; `--local-user` remains explicit high-trust mode.
21
+ - Kimi CLI / `.kimi`: DAG runner honors `KIMI_BIN`; `kimi-wire` is opt-in until isolated HOME/MCP/hook parity exists; project hook commands are absolute inside isolated HOME.
22
+ - Runtime MCP merge: project `.kimi/.omk` relative direct args and simple inline shell paths are normalized against project root.
23
+ - Secret handling: shell/evidence/quality/state/attempt/event/checkpoint persistence paths redact secret-looking strings; runtime secret scan covers selected `.omk/.kimi` trust-boundary files.
24
+ - Checkpoint restore: dirty worktree requires explicit force and protected patch paths are rejected.
25
+
26
+ Still operationally relevant:
27
+
28
+ - Existing ignored/generated `.omk/*` and `.kimi/*` artifacts can be stale relative to fixed source templates and should be checked against current scoped runtime policy before demos/releases.
29
+ - `mcp_scope = all`, `skills_scope = all`, and `hooks_scope = all` are trusted local-user modes, not fresh-project defaults.
30
+ - Current generated root roles include `security`; docs/prompts should list it consistently while still treating role availability as harness-scoped.
31
+ - `team`/worktree mode remains experimental until merge handoff and verification reconstruction are consistently evidenced.
32
+
33
+ ## Executive summary
34
+
35
+ This section is historical as of the 2026-05-18 stabilization pass. The original review found three release-blocking risk classes; current source/runtime docs now mark the first two as resolved or scoped, and the remaining items are tracked as follow-up hardening rather than active default-runtime blockers.
36
+
37
+ 1. **Historical: MCP trust boundary bypass.** `McpHost` raw tool/resource/prompt paths previously missed `await` on async permission checks; current source marks this fixed with regression coverage.
38
+ 2. **Historical: default runtime surface drift.** Earlier generated files described or enabled broad/full MCP behavior. Current `.omk/runtime-preset.json` is `omk-core-verified`, `.omk/config.toml` uses project scope for MCP/skills/hooks, and current project `.omk/mcp.json` / `.kimi/mcp.json` do not list secret-backed project MCP servers.
39
+ 3. **Partially mitigated: side-effect, evidence, and restore hardening.** Current source records AbortSignal propagation, redaction, runtime secret scan, and checkpoint dirty-worktree/protected-path guards; related P1/P2 follow-ups remain historical backlog items unless revalidated against current files.
40
+
41
+ ## P0 / Critical
42
+
43
+ ### P0-1. MCP host raw operations bypass permission policy
44
+
45
+ **Status:** Resolved in source; regression coverage: `test/mcp-host-permissions.test.mjs`.
46
+
47
+ **Severity:** Critical
48
+ **Area:** MCP authorization / tool trust boundary
49
+
50
+ **Evidence**
51
+
52
+ - `src/mcp/host.ts:370-400` — `McpHost.callTool`
53
+ - `src/mcp/host.ts:509-536` — `McpHost.readResource`
54
+ - `src/mcp/host.ts:559-586` — `McpHost.getPrompt`
55
+ - `src/mcp/host.ts:591-602` — `checkPermission` is async
56
+
57
+ **Problem**
58
+
59
+ `checkPermission` returns `Promise<boolean>`, but raw callers use it as `if (!this.checkPermission(...))`. A Promise is truthy, so denial is never triggered on those raw paths. `governedCallTool` correctly uses `await`, but `callTool`, `readResource`, and `getPrompt` do not.
60
+
61
+ **Impact**
62
+
63
+ - denyServers / allowServers policy can be bypassed.
64
+ - A connected MCP server can expose tools/resources/prompts even when host policy should block them.
65
+ - Any higher-level code path using raw `callTool` instead of governed call inherits the bypass.
66
+
67
+ **Exploit scenario**
68
+
69
+ A project or user config denies a remote MCP server, but a code path calls `host.callTool(name, args, serverHint)` directly. The Promise-based permission check passes by truthiness, and the remote MCP executes.
70
+
71
+ **Fix**
72
+
73
+ - Add `await` in `callTool`, `readResource`, `getPrompt`.
74
+ - Prefer routing all operations through governed variants or split raw APIs as internal-only.
75
+ - Add tests for denied server/tool/resource/prompt access.
76
+
77
+ **Acceptance tests**
78
+
79
+ - Denied server cannot execute `callTool`.
80
+ - Denied server cannot `readResource`.
81
+ - Denied server cannot `getPrompt`.
82
+ - Tests must fail on the current implementation and pass after adding `await`.
83
+
84
+ ---
85
+
86
+ ### P0-2. Secret-backed/full MCP runtime is active in project config and conflicts with safe baseline
87
+
88
+ **Status:** Resolved for current source and current checked generated/runtime docs; still audit local ignored runtime artifacts before release/demo.
89
+
90
+ **Severity:** Critical
91
+ **Area:** MCP startup / secret boundary / runtime default
92
+
93
+ **Evidence**
94
+
95
+ Historical evidence from the original review:
96
+
97
+ - `.omk/config.toml` previously used `mcp_scope = "all"`, `skills_scope = "all"`, and `hooks_scope = "all"`.
98
+ - `.omk/runtime-preset.json` / `.omk/runtime-presets.json` previously pointed at `omk-parallel-orchestrator`.
99
+ - Project MCP files previously included or exposed broader/secret-backed surfaces.
100
+
101
+ Current 2026-05-19 check:
102
+
103
+ - `.omk/config.toml` uses `mcp_scope = "project"`, `skills_scope = "project"`, and `hooks_scope = "project"`.
104
+ - `.omk/runtime-preset.json` uses `id = "omk-core-verified"`.
105
+ - Current project `.omk/mcp.json` and `.kimi/mcp.json` list no project secret-backed MCP server entries; `omk-core-verified` keeps `omk-project` as the baseline project-local MCP hint.
106
+
107
+ **Problem**
108
+
109
+ The original repository state did not match the conservative `omk-core-verified` baseline described by AGENTS/docs. Current checked files now align on project-scoped MCP/skills/hooks and avoid claiming that broad MCP is fully enabled by default.
110
+
111
+ **Impact**
112
+
113
+ - Local, CI, Kimi, Codex, and OMK runtime surfaces can diverge.
114
+ - Unpinned or compromised MCP packages can receive loaded credentials at startup.
115
+ - Debugging and release evidence becomes non-reproducible because the active MCP set depends on user-local files and network-installed packages.
116
+
117
+ **Exploit scenario**
118
+
119
+ A malicious or compromised `npx` MCP package starts through a project-level MCP wrapper that sources user secret env files, then exfiltrates the environment during MCP startup.
120
+
121
+ **Fix**
122
+
123
+ - Make `omk-core-verified` the default public preset, or explicitly document `omk-parallel-orchestrator` as high-trust opt-in.
124
+ - Keep fresh project MCP minimal: `omk-project` and possibly readonly filesystem only.
125
+ - Move secret-backed MCP to user scope or explicit `--local-user` / `--with-mcp` setup.
126
+ - Pin MCP package versions and prefer lockfile-backed installation.
127
+
128
+ **Acceptance tests**
129
+
130
+ - Fresh init does not create secret-backed remote MCP entries in project config.
131
+ - Runtime preset default matches docs/templates.
132
+ - `omk doctor` reports config drift between `.omk/mcp.json` and `.kimi/mcp.json` without leaking env values.
133
+
134
+ ---
135
+
136
+ ### P0-3. MCP client and stdio transport can hang indefinitely
137
+
138
+ **Status:** Resolved/mitigated in source; regression coverage: `test/mcp-client-lifecycle.test.mjs`, `test/mcp-streamable-http.test.mjs`, `test/mcp-host-permissions.test.mjs`.
139
+
140
+ **Severity:** Critical
141
+ **Area:** MCP lifecycle / reliability
142
+
143
+ **Evidence**
144
+
145
+ - `src/mcp/client.ts:176-188` — `sendRequest` has no timeout
146
+ - `src/mcp/transports/stdio.ts:64-100` — `connect` resolves after spawn/stdin/stdout setup, not after protocol readiness
147
+ - `src/mcp/transports/stdio.ts:111-130` — malformed stdout is ignored
148
+ - `startupTimeoutMs` exists on `McpServerConfig` but is not enforced by `McpClientSession.sendRequest`.
149
+
150
+ **Problem**
151
+
152
+ If an MCP server starts but never responds, prints malformed stdout, or dies after a pending request is created, the request can hang. Startup timeout is represented in config but not consistently wired into request lifecycle.
153
+
154
+ **Impact**
155
+
156
+ - `omk mcp doctor/test`, host startup, and runtime MCP calls can stall.
157
+ - A single bad MCP server can block orchestration.
158
+ - CI and local test flakiness increase, especially around slow `npx` startup.
159
+
160
+ **Fix**
161
+
162
+ - Enforce startup timeout around `connect + initialize`.
163
+ - Add per-request timeout in `sendRequest`.
164
+ - Reject all pending requests on child close, not only on transport error.
165
+ - Before initialization, treat non-JSON stdout as a startup failure with a sanitized diagnostic.
166
+
167
+ **Acceptance tests**
168
+
169
+ - Server that never responds fails within configured timeout.
170
+ - Server that prints invalid stdout before initialize fails with clear diagnostic.
171
+ - Server close rejects pending requests.
172
+
173
+ ---
174
+
175
+ ### P0-4. Executor timeout/abort does not cancel underlying runner side effects
176
+
177
+ **Status:** Resolved for current TaskRunner/Kimi/provider/shell paths via `AbortSignal` propagation; keep extending this contract for new runners.
178
+
179
+ **Severity:** Critical
180
+ **Area:** DAG executor / side-effect containment
181
+
182
+ **Evidence**
183
+
184
+ - `src/orchestration/executor.ts:359-385` — `nodeRunner.run(node, env)` is raced against timeout/abort promises.
185
+ - `src/contracts/orchestration.ts` `TaskRunner` does not accept `AbortSignal`.
186
+
187
+ **Problem**
188
+
189
+ The executor marks a node failed when timeout/abort wins the race, but the underlying runner keeps running because it receives no cancellation signal. That runner can still mutate files, write logs, update worktrees, or produce output after the scheduler has already moved on.
190
+
191
+ **Impact**
192
+
193
+ - Timed-out/aborted nodes can cause late writes after failure.
194
+ - Evidence and state can lie about what actually changed.
195
+ - Parallel runs may merge or verify while a “failed” task is still mutating state.
196
+
197
+ **Fix**
198
+
199
+ - Extend `TaskRunner.run(node, env, signal)` or add cancellation hooks.
200
+ - Wire signal to Kimi child process, provider runner, shell runner, and worktree cleanup.
201
+ - Kill or quarantine timed-out worktrees before dependents proceed.
202
+
203
+ **Acceptance tests**
204
+
205
+ - A timed-out runner attempting a delayed file write cannot mutate the main workspace after timeout.
206
+ - Abort cancels child process and no late state updates occur.
207
+ - State records timeout reason and cleanup result.
208
+
209
+ ---
210
+
211
+ ### P0-5. Evidence and quality logs can persist secret text
212
+
213
+ **Status:** Mitigated across shell/evidence/quality/state/attempt/event/checkpoint paths; runtime scan added for selected `.omk/.kimi` trust-boundary files.
214
+
215
+ **Severity:** Critical
216
+ **Area:** secret redaction / evidence storage
217
+
218
+ **Evidence**
219
+
220
+ - `src/orchestration/evidence-gate.ts:504-515` stores `stdoutTail`, `stderrTail`, `evidenceText`, `message`.
221
+ - `src/orchestration/state-persister.ts:8-27` redacts by secret-like object keys, not arbitrary secret-looking substrings.
222
+ - `src/util/shell.ts:75-79`, `src/util/shell.ts:141-149` can write raw output to log files.
223
+ - `src/mcp/quality-gate.ts:281-293` stores quality gate logs.
224
+
225
+ **Problem**
226
+
227
+ Secret redaction is key-based in state persister and not applied uniformly to command output. If a malicious or accidental command prints environment values, evidence and log artifacts can persist them.
228
+
229
+ **Impact**
230
+
231
+ - `.omk/runs/**/state.json`, decision traces, quality logs, and shell logs may retain sensitive output.
232
+ - Secret-scan may pass because `.omk/` is ignored or outside the tracked scan target.
233
+
234
+ **Fix**
235
+
236
+ - Use the centralized `src/mcp/secret-scanner.ts` redactor for all diagnostic text before persistence.
237
+ - Redact stdout/stderr tails before storing evidence.
238
+ - Add runtime scan mode covering selected `.omk`/`.kimi` trust-boundary files and logs.
239
+
240
+ **Acceptance tests**
241
+
242
+ - A command-pass gate that prints a fake token stores only redacted text.
243
+ - Quality gate logs redact known token patterns.
244
+ - Runtime secret scan reports file path and finding type without printing the secret.
245
+
246
+ ## P1 / High
247
+
248
+ ### P1-1. Dynamic fallback nodes are not resume-stable
249
+
250
+ **Evidence:** `src/orchestration/executor.ts:487-503`, `src/orchestration/executor.ts:523-582`
251
+
252
+ Fallback nodes are pushed into `dag.nodes` at runtime. On resume, the original DAG may not contain those dynamically-added nodes or rewritten dependencies, so fallback progress can be lost or replayed incorrectly.
253
+
254
+ **Fix:** persist dynamic DAG mutations or reconstruct them from saved state during resume. Add a resume regression for `fallbackRole`.
255
+
256
+ ---
257
+
258
+ ### P1-2. Streamable HTTP transport performs duplicate initialize and does not propagate headers to SSE
259
+
260
+ **Evidence:** `src/mcp/transports/streamable-http.ts:24-55`, `src/mcp/client.ts`
261
+
262
+ The transport sends `initialize` during `connect`, then `McpClientSession.initialize()` sends another initialize. `EventSource` is also created without custom auth headers.
263
+
264
+ **Fix:** make transport connect transport-only and let `McpClientSession.initialize()` own the MCP handshake. Use a streaming implementation that supports auth headers or fail actionably.
265
+
266
+ ---
267
+
268
+ ### P1-3. PR review workflow runs PR code with write-token permissions
269
+
270
+ **Evidence:** `.github/workflows/omk-review.yml:13-15`, `.github/workflows/omk-review.yml:38-61`
271
+
272
+ The same job checks out PR code, builds/runs it, and has `pull-requests: write` to post comments.
273
+
274
+ **Fix:** split read-only analysis from minimal-permission comment posting.
275
+
276
+ ---
277
+
278
+ ### P1-4. Secret scan excludes ignored runtime trust-boundary files
279
+
280
+ **Evidence:** `.gitignore` excludes `.omk/` and `.kimi/`; `scripts/secret-scan.mjs` scans tracked + untracked non-ignored files.
281
+
282
+ Runtime trust files such as `.omk/mcp.json`, `.omk/kimi.config.toml`, `.omk/hooks/**`, `.kimi/hooks/**`, `.kimi/mcp.json` can contain secret-loading commands or logs while `npm run secret:scan` still passes.
283
+
284
+ **Fix:** add `secret:scan:runtime` with curated runtime paths and redacted output.
285
+
286
+ ---
287
+
288
+ ### P1-5. `runShell` inherits full environment and global `OMK_SUDO=1` can escalate package-manager commands
289
+
290
+ **Evidence:** `src/util/shell.ts:45`, `src/util/shell.ts:64-67`
291
+
292
+ Package scripts and quality gates can inherit cloud/provider tokens. If `OMK_SUDO=1` is set globally, allowlisted package-manager/docker operations can run under sudo unexpectedly.
293
+
294
+ **Fix:** minimal env by default for untrusted scripts; explicit env passthrough; remove global sudo switch or make it per-call and never default for package managers/docker.
295
+
296
+ ---
297
+
298
+ ### P1-6. Hook drift: `.kimi` guard is weaker than `.omk` guard
299
+
300
+ Infra review found `.omk/hooks/pre-shell-guard.sh` and `.kimi/hooks/pre-shell-guard.sh` checksums differ. Depending on runtime surface, the same shell command can be blocked in one context and allowed in another.
301
+
302
+ **Fix:** treat `.omk/hooks` as canonical generated source and add drift tests comparing guard behavior on fixture commands.
303
+
304
+ ---
305
+
306
+ ### P1-7. Checkpoint restore can mutate a dirty worktree without a safety gate
307
+
308
+ **Evidence:** `src/util/checkpoint.ts:122-178`
309
+
310
+ Restore applies `git apply` or `patch` without clean worktree check or pre-restore backup.
311
+
312
+ **Fix:** refuse restore unless worktree is clean or explicit `--force` is provided; create pre-restore checkpoint automatically; print affected files before applying.
313
+
314
+ ---
315
+
316
+ ### P1-8. Release tag is not checked against package version
317
+
318
+ **Evidence:** `.github/workflows/release.yml:3-6`, publish job
319
+
320
+ The release workflow triggers on `v*`, but publish does not assert `github.ref_name === v${package.json.version}`.
321
+
322
+ **Fix:** add a pre-publish exact-match step comparing tag name to `package.json.version`.
323
+
324
+ ---
325
+
326
+ ### P1-9. Tarball audit validates local checkout for some checks instead of extracted tarball
327
+
328
+ **Evidence:** `scripts/package-audit.mjs:635-669`, `scripts/package-audit.mjs:378`, `scripts/package-audit.mjs:450-471`
329
+
330
+ `--tarball` mode sets file sizes/unpacked size to `0` and some checks read local files instead of extracted tarball contents.
331
+
332
+ **Fix:** extract tarball to a temp directory and run all validations against extracted files.
333
+
334
+ ---
335
+
336
+ ### P1-10. CI diagnostics print environment/home metadata
337
+
338
+ **Evidence:** `.github/workflows/ci.yml:26-33`
339
+
340
+ CI prints env keys/values matching `omk|kimi|node|home` and lists `$HOME`.
341
+
342
+ **Fix:** print only allowlisted key names and versions. Avoid env values and home directory listings.
343
+
344
+ ## P2 / Medium
345
+
346
+ ### P2-1. `protect-secrets` hook scans only `tool_input.content`
347
+
348
+ Replacement-style edit tools can carry new text in fields like `new_string`, `replacement`, `old_str/new_str`, bypassing content-only scanning.
349
+
350
+ **Fix:** recursively scan every string field in tool input and add post-edit diff scan.
351
+
352
+ ### P2-2. Worker count / “all agents” semantics are inconsistent
353
+
354
+ **Evidence:** `.omk/agents/root.yaml`, `src/commands/run.ts:187-193`, `src/commands/parallel.ts:366-372`, `.omk/config.toml`
355
+
356
+ The root exposes 16 aliases / 14 role files, but run/parallel hard-cap parsed worker count at `6` and project config sets `runtime.max_workers = 4`.
357
+
358
+ **Fix:** document “all roles available” separately from “all roles concurrently running.” Add an explicit `--all-roles` planning mode if needed, but keep execution concurrency resource-bounded.
359
+
360
+ ### P2-3. CLI command contract still has many direct `process.exit` calls
361
+
362
+ Search found direct `process.exit` calls in multiple command modules including `run.ts`, `parallel.ts`, `chat.ts`, `doctor.ts`, `spec.ts`, `plan.ts`, `menu.ts`, `project-index.ts`, `research.ts`, `snip.ts`, `google.ts`, `screenshot.ts`.
363
+
364
+ **Fix:** move automation-critical commands to typed results and let `src/cli/main.ts` handle process exit code.
365
+
366
+ ### P2-4. Dist freshness policy differs between local and CI
367
+
368
+ `scripts/run-tests.mjs` enforces dist freshness locally unless `OMK_SKIP_DIST_FRESHNESS=1`, while CI/smoke paths often bypass after build steps.
369
+
370
+ **Fix:** make build freshness an explicit manifest/hash gate in both local and CI.
371
+
372
+ ### P2-5. Test coverage has blind spots
373
+
374
+ No direct tests for `McpHost` permission bypass were found. Critical files such as `src/mcp/host.ts`, `src/mcp/client.ts`, MCP transports, and checkpoint restore need focused regression tests.
375
+
376
+ **Priority tests**
377
+
378
+ 1. MCP host permission denial
379
+ 2. MCP request timeout/child close
380
+ 3. executor late side-effect cancellation
381
+ 4. fallback resume stability
382
+ 5. redacted evidence output
383
+ 6. checkpoint dirty-worktree refusal
384
+ 7. `run-tests --summary-json` path containment
385
+ 8. JSON-RPC notifications omit `id`
386
+
387
+ ## Critical init artifact status
388
+
389
+ No critical init artifacts were missing when this file was updated.
390
+
391
+ - ✅ `AGENTS.md`
392
+ - ✅ `.kimi/AGENTS.md`
393
+ - ✅ `.omk/config.toml`
394
+ - ✅ `.omk/agents/root.yaml`
395
+ - ✅ `.kimi/mcp.json`
396
+ - ✅ `.omk/hooks/pre-shell-guard.sh`
397
+ - ✅ `.omk/hooks/protect-secrets.sh`
398
+ - ✅ `.omk/memory/graph-state.json`
399
+
400
+ ## Recommended fix order
401
+
402
+ Historical fix order from the 2026-05-18 review; items 1, 2, 3, 4, 7, 8, and 9 are now marked resolved/mitigated above where current files differ. Revalidate remaining backlog items before treating them as active defects.
403
+
404
+ 1. Fix MCP host permission bypass and add regression tests. — resolved.
405
+ 2. Enforce MCP startup/request timeout and reject pending requests on close. — resolved/mitigated.
406
+ 3. Reset/clarify default runtime preset and MCP scope. — resolved in current docs/runtime files.
407
+ 4. Add evidence/log redaction using the central secret scanner. — mitigated.
408
+ 5. Split PR review workflow permissions. — historical backlog; revalidate.
409
+ 6. Add release tag/package version gate. — historical backlog; revalidate.
410
+ 7. Harden executor cancellation and fallback resume. — cancellation mitigated; fallback resume remains historical backlog unless revalidated.
411
+ 8. Add runtime secret scan for `.omk`/`.kimi` trust files. — resolved with `secret:scan:runtime`.
412
+ 9. Harden checkpoint restore. — resolved/mitigated.
413
+ 10. Convert tarball audit to extracted-tarball validation. — historical backlog; revalidate.
414
+
415
+ ## Verification snapshot for this review
416
+
417
+ Commands run locally by the lead agent:
418
+
419
+ - `git status --short`
420
+ - `omx doctor --team`
421
+ - `omx list --json`
422
+ - `omx hud --json`
423
+ - targeted `ctx_tree`, `ctx_read`, `ctx_search`
424
+ - `.omk` / `.kimi` hook checksum diff
425
+ - `npm run -s yaml:check` — passed
426
+ - `npm run -s lint` — passed
427
+ - `npm run -s secret:scan` — passed
428
+ - `npm run -s check` — passed
429
+
430
+ Additional subagent-reported checks:
431
+
432
+ - `npm run -s yaml:check` — passed
433
+ - `npm run -s lint` — passed
434
+ - `npm run -s check` — passed
435
+ - `npm run -s secret:scan` — passed
436
+ - targeted tests passed for `run-tests-harness`, `mcp-command`, `provider-routing`, `chat-startup`, `rust-safety-harness`, `orchestration` matches, `init-mcp-secrets`, `cli-timeout-preset`, and `goal`
437
+
438
+ Not complete:
439
+
440
+ - Full test suite pass was not proven in this lead run.
441
+ - Release check/native build/package audit/smoke pack were not run by the lead agent.
package/docs/2026-05-18-project-direction.md ADDED
@@ -0,0 +1,223 @@
1
+ # Project Direction — 2026-05-18
2
+
3
+ ## Summary
4
+
5
+ open-multi-agent-kit(OMK)의 현재 방향성은 **provider-neutral verified agent runtime**이다. Kimi는 하나의 강한 adapter/provider lane일 뿐이며, OMK는 그 주변의 실행 제어면을 담당한다: DAG 실행, evidence gate, 로컬 그래프 메모리, MCP/skills/hooks 라우팅, provider fallback, run replay/inspect, HUD/cockpit 가시성, worktree 격리.
6
+
7
+ 핵심 문장:
8
+
9
+ > Kimi writes. OMK coordinates, verifies, remembers, and guards.
10
+
11
+ 이 방향은 `README.md`, `ROADMAP.md`, `MATURITY.md`, init templates, `src/orchestration/*`, `src/goal/*`, `src/mcp/*`가 공통으로 지향하는 제품 축이다. 2026-05-18 안정화 이후 source/fresh-init 기준은 **project-local `omk-core-verified` baseline**으로 정렬되었고, 기존 생성 `.omk/*` artifact drift는 별도 운영 caveat로 취급한다.
12
+
13
+ 2026-05-24 이후 native root/runtime 알고리즘의 현재 후속 기준은
14
+ [`native-root-runtime-hardening.md`](./native-root-runtime-hardening.md)와
15
+ [`native-root-runtime-algorithms.md`](./native-root-runtime-algorithms.md)이다.
16
+ 이 문서는 방향성 기록으로 유지하며, ActionAtom/Novelty Guard 표현은
17
+ 구현 및 테스트가 확인된 범위와 구분한다.
18
+
19
+ ## Stabilization update — Kimi CLI / `.kimi`
20
+
21
+ - Fresh init: project-local `.kimi/mcp.json`, project scopes, `omk-core-verified`.
22
+ - Trusted local mode: `--local-user` 또는 `OMK_*_SCOPE=all`에서만 user/global `~/.kimi/mcp.json`, skills, hooks를 runtime에 결합한다.
23
+ - Isolated Kimi HOME: Kimi auth는 보존하되, project hook command는 absolute path로 rewrite하여 temp HOME 상대경로 문제를 막는다.
24
+ - DAG print runner: `KIMI_BIN`을 존중하고 `.kimi`/MCP runtime cache를 source project 기준으로 정규화한다.
25
+ - `kimi-wire`: print runtime과 isolated HOME/MCP/hook parity가 완성될 때까지 opt-in(`OMK_ENABLE_KIMI_WIRE=1`)이다.
26
+ - Runtime evidence: state/evidence/attempt/event/checkpoint artifacts는 secret-looking 문자열을 저장 전 redaction한다.
27
+
28
+ ## Current product thesis
29
+
30
+ OMK는 단순 prompt pack, 범용 multi-model router, 또는 모델에게 모든 write/merge 권한을 넘기는 agent buffet가 아니다.
31
+
32
+ OMK가 되어야 하는 것은 다음이다.
33
+
34
+ - Kimi Code를 중심에 둔 local-first coding control plane
35
+ - 작업을 goal / action atom / DAG / evidence / graph로 명시화하는 실행 런타임
36
+ - 사람이 현재 실행 상태, 변경 파일, evidence, blocker, retry/fallback 이유를 볼 수 있는 운영 UI
37
+ - remote provider와 MCP를 기본 신뢰가 아니라 **명시적 권한·증거·fallback 계약**으로 다루는 안전한 agent harness
38
+
39
+ ## Product pillars
40
+
41
+ ### 1. Stable verified Kimi core
42
+
43
+ 일상 사용 경로는 보수적으로 안정화해야 한다.
44
+
45
+ ```txt
46
+ omk init → omk doctor → omk chat / omk plan → omk verify → omk summary / inspect
47
+ ```
48
+
49
+ `MATURITY.md` 기준 stable surface는 `init`, `doctor`, `chat`, `hud`, `cockpit`, `plan`, `mode`, `runs/history`, `index`, `lsp`, `design`, `google`, `update`, `star`다. 이 경로는 public user가 매일 써도 되는 “boring reliable core”로 유지되어야 한다.
50
+
51
+ ### 2. IntentFrame / ActionAtom / DAG execution spine
52
+
53
+ 현재 런타임은 단일 prompt 실행에서 명시적 action graph로 이동 중이다.
54
+
55
+ ```txt
56
+ User intent
57
+ → GoalSpec / IntentFrame
58
+ → ActionAtoms
59
+ → DAG nodes with routing, retries, timeout, evidence gates
60
+ → Executor / Scheduler
61
+ → Decision trace + run state
62
+ → Verify / Summary / Graph memory
63
+ ```
64
+
65
+ 관련 영역:
66
+
67
+ - `src/goal/intent-frame.ts`
68
+ - `src/goal/compiler.ts`
69
+ - `src/orchestration/dag.ts`
70
+ - `src/orchestration/executor.ts`
71
+ - `src/orchestration/evidence-gate.ts`
72
+ - `src/evidence/decision-trace.ts`
73
+
74
+ v1.2 방향은 이 spine을 “있는 기능”이 아니라 “모든 자동화가 따르는 계약”으로 고정하는 것이다.
75
+
76
+ ### 3. Evidence-gated completion
77
+
78
+ OMK의 차별점은 “done by narration”을 거부하는 것이다. 완료 판단은 다음 증거에 묶여야 한다.
79
+
80
+ - 파일 존재 / diff 존재
81
+ - command-pass 결과
82
+ - review-pass 결과
83
+ - run summary / report
84
+ - provider fallback metadata
85
+ - decision trace
86
+ - replay/inspect artifact
87
+ - graph edge: `Goal → Run → DagNode → EvidenceGate → Artifact`
88
+
89
+ `omk verify --json`은 최소 완료 증거로 유지하고, 자동화가 소비하는 command는 stable JSON envelope를 제공해야 한다.
90
+
91
+ ### 4. Local-first graph memory and forensic audit
92
+
93
+ 그래프 메모리는 단순 요약 저장소가 아니라 audit substrate가 되어야 한다.
94
+
95
+ - `.omk/memory/graph-state.json`을 project-local source of truth로 유지한다.
96
+ - `.omk/memory/*.md`는 사람이 읽는 mirror/cache로 취급한다.
97
+ - optional Kuzu backend는 고급 쿼리용으로 유지한다.
98
+ - 기본 모드는 daemon/password 없는 local graph다.
99
+
100
+ 다음 단계는 `Run`, `Goal`, `DagNode`, `EvidenceGate`, `ProviderAttempt`, `FallbackEvent`, `Artifact`, `Decision`, `Risk` 노드를 명시하고 `verify`, `goal`, `parallel`, provider runtime이 일관된 edge를 기록하게 하는 것이다.
101
+
102
+ ### 5. Runtime presets as product modes
103
+
104
+ 프리셋은 설정 묶음이 아니라 제품 trust mode다.
105
+
106
+ | Preset | Direction | Trust posture |
107
+ |---|---|---|
108
+ | `omk-core-verified` | everyday coding/refactor/debug baseline | conservative default |
109
+ | `omk-parallel-orchestrator` | max parallel agent orchestration | high-trust, opt-in recommended |
110
+ | `omk-ts-product` | strict TS/React/Next/Nest/API/UI work | product implementation lane |
111
+ | `omk-worktree-team` | isolated parallel worktree lanes | merge/review gated |
112
+ | `omk-release-guard` | release/security evidence gate | narrowed authority |
113
+ | `omk-full-mcp` | all configured MCP integration | explicit high-trust mode |
114
+
115
+ Source templates now generate `omk-core-verified` as the fresh-init active/default preset. 기존 repository-local `.omk/runtime*.json` 파일은 ignored/generated artifact일 수 있으므로, release/demo 전에는 `omk doctor`와 runtime secret scan으로 drift를 확인한다.
116
+
117
+ 권장 결정:
118
+
119
+ 1. public default는 `omk-core-verified`로 유지한다.
120
+ 2. `omk-parallel-orchestrator`는 “all agents / all MCP / full hooks”가 필요한 명시적 고신뢰 모드로 표시한다.
121
+ 3. full MCP와 secret-backed MCP는 release/security preset에서 자동 사용하지 않는다.
122
+
123
+ ### 6. Advisory provider lanes only
124
+
125
+ DeepSeek 등 외부 provider는 당분간 write authority를 갖지 않는다.
126
+
127
+ 허용 방향:
128
+
129
+ - explorer / reviewer / QA / planner / docs / research lane
130
+ - low-risk, read-heavy, advisory output
131
+ - Kimi fallback mandatory
132
+ - provider attempt / fallback reason / final authority marker 기록
133
+
134
+ 금지 방향:
135
+
136
+ - provider가 직접 merge/write authority 보유
137
+ - provider fallback 실패가 evidence 없이 성공 처리
138
+ - provider output이 graph/summary에 출처 없이 섞이는 것
139
+
140
+ ### 7. Operator visibility as core UX
141
+
142
+ HUD/cockpit은 부가 기능이 아니라 OMK의 운영 면이다.
143
+
144
+ 보여야 하는 것:
145
+
146
+ - active run / session / goal
147
+ - worker state, role, ETA
148
+ - changed files
149
+ - TODOs
150
+ - blockers
151
+ - evidence gate status
152
+ - provider route/fallback counts
153
+ - MCP/skills/hooks inventory summary
154
+ - run replay/inspect links
155
+
156
+ `team`/tmux 모드는 이 가시성이 충분해질 때까지 experimental로 유지해야 한다.
157
+
158
+ ### 8. Resource-aware local execution
159
+
160
+ OMK는 16GB/WSL/laptop에서도 안전하게 돌아가야 한다.
161
+
162
+ - lite/standard/super profile 유지
163
+ - bounded shell/wire output buffers
164
+ - worker count는 resource profile과 명시 override가 모두 반영되도록 정리
165
+ - all-scope MCP/skills/hooks는 high-trust opt-in으로 취급
166
+ - default project execution은 가능한 한 project-local로 유지
167
+ - bounded output buffers, request timeouts, abort signals는 성능 옵션이 아니라 reliability contract다.
168
+
169
+ ## Roadmap ordering
170
+
171
+ ### P0 — contract, security, runtime consistency
172
+
173
+ 1. MCP host permission/governance/redaction 유지
174
+ 2. MCP request/startup timeout 유지
175
+ 3. secret-backed MCP와 `mcp_scope = all`은 trusted local opt-in으로만 유지
176
+ 4. runtime preset source default는 `omk-core-verified`로 유지
177
+ 5. evidence/log/checkpoint/runtime artifact redaction 유지
178
+ 6. Kimi CLI `.kimi` isolated HOME / relative path parity 유지
179
+ 7. release tag/package version 일치 검증
180
+ 8. tarball audit를 실제 tarball extract 기준으로 유지
181
+
182
+ ### P1 — evidence and audit graph
183
+
184
+ 1. stable `CommandEnvelope<T>` / `EvidenceEnvelope` 정의
185
+ 2. graph/DAG/summary/workflow JSON 계약 확대
186
+ 3. provider fallback metadata coverage 확대
187
+ 4. `graph view`를 audit evidence surface로 승격
188
+ 5. HUD/cockpit에 provider/evidence/worker health 추가
189
+
190
+ ### P2 — execution depth
191
+
192
+ 1. executor timeout/abort cancellation을 모든 신규 runner/child process까지 계속 전파
193
+ 2. dynamic fallback node resume 재현성 확보
194
+ 3. checkpoint restore protected-path policy 확장
195
+ 4. `team` 실행 상태·pane·worktree·artifact·verification reporting 강화
196
+ 5. capability routing rationale를 summary/inspect에 표시
197
+
198
+ ### P3 — broader integrations
199
+
200
+ 1. remote MCP version pinning / provenance 정책
201
+ 2. external provider lane 확대는 read-only/advisory 품질 게이트 후 진행
202
+ 3. design/open-design bridge는 DESIGN.md token과 accessibility gate 기반으로 유지
203
+
204
+ ## Known limitations as of 2026-05-18
205
+
206
+ - 기존 생성 `.omk/runtime*.json` artifact는 source/fresh-init default와 다를 수 있다.
207
+ - 일부 user/global MCP runtime은 high-trust secret-backed shell wrapper와 unpinned `npx -y`/`@latest`에 의존할 수 있다.
208
+ - `kimi-wire`는 `.kimi` isolated HOME/MCP/hook parity 전까지 opt-in이다.
209
+ - `team`은 maturity상 experimental이며, run reconstruction이 충분하지 않다.
210
+ - `graph view`는 유용하지만 ontology/run/evidence/provider linking이 아직 완성된 audit substrate는 아니다.
211
+ - JSON contract는 `doctor`, `verify`, 일부 provider/screenshot/goal 경로에 있으나 graph/DAG/summary/workflow까지 완전히 균일하지 않다.
212
+ - full test suite는 느린 MCP/init 테스트와 dist freshness 정책 차이로 로컬/CI 결과 해석에 주의가 필요하다.
213
+ - historical docs는 trajectory 참고 자료이며, 현재 truth는 `README.md`, `ROADMAP.md`, `MATURITY.md`, `.omk/runtime*.json`, 실제 source/test 결과를 함께 봐야 한다.
214
+
215
+ ## Operating rule for next changes
216
+
217
+ 새 기능 추가보다 먼저 다음 invariant를 만족해야 한다.
218
+
219
+ ```txt
220
+ safe default ≤ project-local scope ≤ evidence-gated completion ≤ reproducible run artifacts ≤ no secret leakage
221
+ ```
222
+
223
+ 이 invariant를 만족하지 않는 “all agents / all MCP / all hooks” 모드는 기본값이 아니라 명시적 고신뢰 모드로 다뤄야 한다.