ClankerOS is a local-first agent OS harness for durable AI coding work. It turns goals into task graphs, records evidence, keeps approval boundaries explicit, and shows operators what is actually proven before any autonomous capability is allowed to act.
project -> goal/task -> scout delegation -> context pack -> implementation handoff
-> coder prep -> coder worktree plan -> approval -> bounded execution
-> commit request -> local commit -> publication request -> publication handoff
The project is intentionally conservative. It prefers local state, reportable evidence, idempotent effects, and human approval over chat-only claims or hidden autonomy.
- Tracks goals, tasks, evidence, approvals, effects, incidents, playbooks, and iteration packets in SQLite plus human-readable Markdown.
- Registers local git repositories and exposes
projects,project-status, andproject-contextcommands so an operator can inspect target repos before starting work. - Creates durable project-scoped
goal,plan,contract, andtasksrecords before execution, with versioned plan artifacts and explicit non-claims. - Dispatches planned goal tasks through local profiles with
run-task, records routing decisions, runs safe verifier commands, and writes evidence packets under.clanker/projects/<project>/goals/<goal_id>/runs/. - Records retry/replan recommendations for failed planned-task runs and blocked planned tasks without automatically retrying, resetting, or dispatching work.
- Generates an operator dashboard and next-iteration packet from current local state.
- Starts a local-only browser operator app with
python3 -m agent_os.cli appathttp://127.0.0.1:8787, wrapping existing local state, artifacts, health, workflow, project, delegation/run, artifact, approval, inbox, and demo pages, with action results returning to the Goal or operator queue that launched the confirmed local action. - Runs worktree-isolated coding goals, captures diffs and verification output, and gates local commits behind explicit approval.
- Produces GitHub handoff packets after committed local effects, including exact push and draft-PR commands without taking network action itself.
- Supports safe profile routing, read-only delegation contracts, deterministic context packs, executable local delegation through configured shell adapters, project-aware repo scouting, first-class implementation handoffs, safe coder-prep packets, approval-gated coder worktree plans, explicit coder worktree approvals, bounded worktree execution with evidence, structured delegation-result ingestion, proposed memory, and proposed skills.
- Keeps the old capability proof ladder as advanced blocked-proof/reference machinery instead of the default operator path.
python3 -m agent_os.cli init
python3 -m agent_os.cli app
python3 -m agent_os.cli demo
python3 -m agent_os.cli demo-app-scenario
python3 -m agent_os.cli projects
python3 -m agent_os.cli dashboard
python3 -m agent_os.cli iterate
python3 -m compileall -q agent_os tests
python3 -m agent_os.cli app-smoke-test
python3 -m agent_os.cli app-demo-smoke-test
python3 -m agent_os.cli app-golden-path-smoke-testapp-smoke-test renders the core local app routes without starting a browser
server and checks each route for its expected page marker, so GitHub Actions can
catch blank or wrong operator pages before the full pytest suite finishes.
app-demo-smoke-test creates fixture-backed demo state and checks the
stateful goal cockpit, goal detail, demo, scoped workflow, project,
delegation, run, approvals, inbox, actions, and health pages for their
expected operator markers.
app-golden-path-smoke-test starts from a fresh local root and proves the
actual browser loop: create project, create goal, do the next action, generate
proof, finish today, and resume tomorrow.
Then read:
- Getting Started
- Suggested Use
- Operator Recipes
- Local Operator App
- Concepts
- Architecture
- Command Reference
- Documentation Index
- First Loop Tutorial
- First Target Repository Tutorial
- Project Registry Tutorial
- Goal Planning Lifecycle Tutorial
- Run A Planned Task Tutorial
- Operator Daily Loop Tutorial
- Approval-Gated Coding Tutorial
- Executable Delegation Tutorial
- Public Snapshot Tutorial
- GitHub Testing
The primary operator surface is now the local app plus the CLI. Start the app for a browser view of goals, suggested-use guidance, resume state, search, workspace restore, memory, skills, profiles, projects, workflow, delegations, delegation runs, coder runs, safe action catalog, verification handoff, dogfooding checklist, health, artifacts, the operator inbox, approvals, incidents, and demo state:
python3 -m agent_os.cli appEvery app route now keeps the daily loop visible in the global operator
ribbon. The Operator Path Rail maps Today -> Goal -> Action -> Proof -> Finish -> Resume, highlights the current route posture, and uses the same
Goal-aware action, proof, finish, and resume targets as the header shortcuts.
It is read-only orientation; confirmed forms still own every local write, and
the app still does not poll GitHub, call providers, push, open PRs, deploy, or
mutate external systems on page render.
The ribbon also includes a Tomorrow readiness strip. It tells the operator
whether an exact saved return point exists, whether only a Goal or project is
saved, or whether the current action still needs Finish Today before the
workspace is ready to leave and resume tomorrow. The strip links only to the
existing Finish Today and Resume surfaces, keeps its evidence collapsed, and
writes nothing on GET.
Saved workspace panels are also treated as return-to-work context. When
.clanker/app/workspace.json contains expanded_panels, /resume,
/workspace, and the saved Goal page show a Workspace Panel Restore strip
with direct panel links; the saved Goal page browser-locally reopens matching
details panels without writing state, calling providers, or using the network.
The /resume workbench is now the quickest day-two surface: if the saved Goal
or first-run gate has a confirmed browser action form, the workbench renders it
at the top as #resume-workbench-action-form before the detailed evidence
sections.
The root / page is the Goal-First Home board. It now leads with the actual
Home operating surface before the shared route/focus diagnostics, and keeps
Home state plus board evidence collapsed by default. The Home Operator Board
shows visible Do Now, Attention, Resume, and Proof cards for the lead Goal or
first-run step, routing browser-available work to existing confirmed forms,
lead-goal approval attention to /approvals?goal_id=<goal_id>, Resume to an
explicit saved workspace surface first and otherwise the current Goal action,
and proof review to the current Goal's CI handoff when a lead Goal exists,
falling back to the local CI evidence surfaces during first run. Finish Today
remains the explicit save path for creating tomorrow's resume surface. Directly
after that board, Home now shows a read-only Home Milestone Checklist for the
no-docs path through Launch App, Create Project, Create Goal, Do Current
Action, Check Proof, Finish Today, and Resume Exactly, with the current
milestone highlighted from local project, goal, CI, and saved-resume state.
During first run, the action row names the concrete browser action, such as
Register ClankerOS project, instead of a generic waiting label.
Home also includes a scan-first
Home Goal Board with active, paused, and completed lanes, a browser-local
Find box, lane buttons, live match count, first-match jump, no-match empty state, visible View status,
reload persistence in localStorage:clankeros-home-goal-board-view, and reset
coverage in /workspace#workspace-view-memory. It also includes
recent activity, the operator inbox, recommendations, incidents, saved
workspace resume links, saved-goal phase and next-action readbacks, a read-only
Home Live State panel with five-second local page reload polling that pauses
while a form is focused or the tab is hidden, a Start Here cockpit for the
next click, resume posture, blockers, and the current Goal CI handoff or
first-run proof fallback, a Home Day Plan that names the current goal, phase,
one next action, waiting counts, whether end-of-day resume is ready, and a
confirmed save-workspace Finish Today form for the lead goal, the
read-only Home Attention Brief with visible Now, Inbox, Approvals,
Incidents, Recommendations, and Proof cards before deeper goal work, the
Home Focus Queue for next actions across active and paused goals, the
read-only Home Activity Command Bar with visible Latest, Goals, Artifacts,
and Notes cards for recent human-readable activity,
Home Verification Handoff for current branch/commit GitHub Actions proof
commands and the latest operator-supplied CI evidence, the
saved-goal browser-available action form, and first-run project/goal/delegation
guidance when the checkout has not completed
its first delegation. The First Run Guide is
state-aware, and Home's live state, Start Here, Day Plan, Attention Brief, and
Focus Queue point directly to the same-page Create Project or Create First Goal forms when no Goal exists yet. It shows the current step across create project, create first
goal, create first delegation, prepare context, and the confirmed local
run-delegation action with a copyable CLI fallback. It now starts with a
read-only First Run Command Bar that names the next first-run action, target
surface, form surface, Goal/delegation context, and zero-effect counters; after
a Goal exists it can render the same confirmed local next-action form inline,
so scout delegation, context-pack generation, and first delegation execution
can continue from the guide. The first-run progress, checklist, and empty-state
step links now jump to that same inline command action while the current
post-Goal gate is Delegation, Context, or Run, instead of sending the operator
to a generic Goal page. The command bar is followed by a visible
First Run Launchpad with five browser choices: continue guided setup, open a
populated demo, inspect workflow, review verification proof, or check health
and safety. A visible First Run Next Step panel follows with one primary
same-page action, setup/handoff/resume/safety cards, confirmation posture, and
zero-effect counters, making the current click obvious before the checklist.
A visible First Run Action Ladder then turns Project, Goal, Delegation,
Context, and Run into five action cards with the current action highlighted,
the exact browser target, the CLI/action name evidence, and the same
zero-effect safety counters. A visible First Run Empty State Map now renders a text-only
Project -> Goal -> Delegation -> Context -> Run illustration with step cards,
so a blank checkout shows a path instead of just empty inventories. A
browser-local First Run Checklist then lets the operator mark setup checks
and keep a short return note in localStorage:clankeros-first-run-checklist;
the real step state still comes from ClankerOS progress and GET rendering
stays read-only. The Action Ladder, Empty State Map, and Checklist now use the
same action-specific labels and concrete targets as the progress strip, so
current gates name the real browser action and waiting gates name the missing
prerequisite. A visible First Run Progress strip follows with a progress
bar and five step cards for Project, Goal, Delegation, Context, and Run. Its
cards use action-specific labels such as Register ClankerOS project, Open Project, and Needs Goal, link completed steps to their concrete local
surfaces, and keep detailed status evidence collapsed and read-only. Active
first-run Goal pages also show a read-only Goal First Run Rail between
Attention and the Goal Command Bar,
so the same Project -> Goal -> Delegation -> Context -> Run path stays visible
and routes the current step to the existing confirmed Goal action form. Done
steps open their concrete local surfaces, such as the project page, Goal page,
or delegation page, while waiting steps link back to the current prerequisite
action on the Goal page.
Confirmed browser
project registration and goal creation also update the saved workspace, so
/resume already knows the first project/goal after those actions. When a
lead goal exists, Home also shows an explicit
save-workspace form so the operator can remember the current goal/project
context for the next session. Use the
compact local app smoke commands before pushing, then let GitHub Actions run
the fast route smoke and full pytest suite for slower proof.
The default contributor loop is intentionally GitHub-first: make a small
change, run only the narrow local check that matches it, push the PR branch,
watch Fast smoke verification, and let Full pytest suite finish in Actions.
See GitHub Testing for the exact proof boundaries and
status-recording commands.
Use /today as the daily command center when you want one page for the
current day instead of the full dashboard inventory. It is content-first and
command-center-first: the shared route/focus diagnostics are pushed below the
daily cockpit, the visible opening is a six-card Today Command Center, and
state/command/workbench evidence stays collapsed until explicitly opened. The
command center chooses the lead Goal or first-run step, shows the current
phase, one primary action, the exact target or same-page action form,
attention routing for approvals/incidents/recommendations/inbox, resume
readiness, and CI proof posture. Saved resume surfaces still win; otherwise
populated sessions route the Resume card to the current Goal action, while
first-run sessions keep the resume hub fallback. When the current Goal action has a confirmed
browser form, /today renders it visibly as #today-current-action before
command evidence, so the daily cockpit can be used without opening a
collapsed details panel. Note capture, pause, and Finish Today
workspace save forms are also collapsed by default and open from the visible
cards or direct hash links, preserving confirmed local writes without making
the first screen feel like a report. A read-only Today Live State panel follows
with five-second local page reload polling that pauses while the tab is hidden
or a form field is focused, so the all-day cockpit can reflect changing local
goal state without adding action authority. A read-only
Today Session Summary then gives a return-to-work brief with visible
Continue, Latest, Proof, and Resume cards before the detailed readback. The
cards point at the current goal or first-run step, latest activity, the
current Goal's CI handoff or first-run CI proof recorder, and workspace resume
posture so the operator can act from the brief without reading the whole
evidence table. Saved resume surfaces still win; otherwise populated sessions
resume to the current Goal action, while first-run sessions keep the Goals
setup fallback. A read-only Today Activity Digest
follows with Now, Window, Artifacts, Notes, and Safety cards plus a compact
recent timeline list for the lead Goal or current first-run step, so the daily
cockpit carries enough context to regain the thread without opening the full
Goal timeline.
A browser-local Today Loop Checklist sits between the return brief and the
activity digest with Resume, Goal, Action, Proof, and Finish checkboxes. It
persists only in localStorage:clankeros-today-loop-checklist, routes active
Goal proof through the Goal CI handoff, and can be reset from
/workspace#workspace-view-memory without server writes.
A read-only Today Quick Capture strip follows the checklist with Capture,
Draft, Review, and Resume cards. When a Goal exists it opens the existing
confirmed save-goal-note form at #today-note, shows the
localStorage:clankeros-goal-note-draft:<goal_id> draft key, links back to the
Goal notes browser, and keeps first-run sessions on the setup guide until a
Goal exists.
A read-only Today Operator Workbench follows with four obvious moves for the
day: do the current action, check timeline/evidence, clear the first blocker,
and save the resume point. A read-only Today Decision Queue then turns the
lead Goal or first-run state into exact daily rows: current action first, then
pending approvals, incidents, recommendations, or blocked work, all linked to
existing confirmed action forms or scoped review surfaces. A browser-local
Today Decision Filter narrows those already-rendered rows by lane or text,
restores lane/query from localStorage:clankeros-today-decision-filter, and
can be reset from /workspace#workspace-view-memory. A read-only Today Workflow Map follows with the whole first-run path when no Goal exists, or the
lead Goal's lifecycle gates when one does, including current gate, next action,
same-page action target, and gate counts.
A read-only Today CI Handoff follows so the daily cockpit shows the latest
operator-recorded GitHub Actions proof, whether it matches the current checkout,
the exact gh run list / gh run view commands to inspect current CI, and
links to /verification and /ci-evidence for recording proof after Actions
completes. It now includes a visible Merge Proof card that labels local full
workflow success as merge-ready proof, fast-smoke proof as review-only, and PR
draft/review/merge state as operator-checked outside ClankerOS; the app still
does not poll GitHub, merge, or write on GET. It also includes
a Today Goal Queue that lists active, paused, and completed goals with phase,
next action, switch links, same-page action availability for the lead goal,
progress, and waiting counts so daily goal switching does not require opening
the full /goals inventory. The queue has a browser-local Find box, All /
Active / Paused / Completed lane buttons, live match count, first-match link,
no-match state, visible View status, and reload persistence via
localStorage:clankeros-today-goal-queue-view; it can be reset from
/workspace#workspace-view-memory without server writes. In an empty
checkout, /today now points the command center, Today Goal Queue, Start
Here, and reused Home Day Plan targets directly to the same-page
Create Project or Create First Goal form instead of sending the operator
to another inventory page. It reuses the existing Home,
Goal, inbox, activity, and first-run surfaces below the command center, writes
nothing on GET, and only exposes confirmed local forms already available
elsewhere in the app.
Use /guide as the in-app Suggested Use Guide when you want the operator
loop in browser form. It maps Today -> Goal -> Action -> Proof -> Finish -> Resume: start in /today, choose or create the Goal through the Home
first-run forms or /goals, follow the current action to the existing
confirmed action form or Goal page, check proof in the current Goal's CI
handoff with /verification or /ci-evidence as the first-run fallback, save
the day with the route-local Finish Today form or
/workspace#save-workspace, and return through /resume. A visible
Guide Command Panel now embeds the existing confirmed first-run or current
Goal action form when available, so an empty checkout can register a project
and then create the first Goal from the guide without hunting through docs.
Its First Run Path cards use concrete action labels such as Register ClankerOS project, Needs project, and Needs Goal instead of generic
continue/waiting text, and the guide evidence records the action id plus the
visible link label for each step. Completed steps open their real local
surface, such as the registered project page, while the current step stays on
the guide command panel when its confirmed form is available.
Its Proof card also follows the current Goal's CI handoff when a Goal is in
focus, falling back to /verification during first run. A
read-only Operator Recipes panel follows it with seven intent cards for
Start The Day, Set Up Or Select Goal, Do The Next Thing, Unblock Work, Check
Proof, Finish Today, and Resume Tomorrow, routing Proof to the current Goal CI
handoff or first-run fallback while naming the current proof and workspace
posture. The Proof To Resume rail then turns the post-action ritual into five
visible browser steps: take the current action, review proof, record missing or
stale CI proof, save the workspace, and reopen /resume from the saved context.
The guide also includes a read-only Milestone Checklist that translates the
product Definition of Done into browser cards: launch app, create project,
create Goal, do the current action, check proof, Finish Today, and resume
exactly. It marks which step is current from local state, so a new operator can
see the whole clone-to-resume path without reading external docs. During first
run, both the checklist action row and Operator Recipes setup card point at
the confirmed guide command panel with the concrete next action instead of
generic continue or waiting copy.
It is read-only on GET and only reuses existing local surfaces and confirmed
forms; it does not call providers, perform network actions, push, create PRs,
deploy, or mutate external systems.
Use /resume when returning to ClankerOS after a break. It now opens with a
primary return link, a Resume Today Brief, a browser-local Browser Resume
panel, and a Resume Operator Workbench before shared route/focus diagnostics
or the command readback, so the first screen is the current return path instead
of a report. The brief gives one compact strip for Continue, Proof, Blockers,
Artifact, and Finish Today, routing first-run sessions to setup/proof fallback
surfaces and populated sessions to the current Goal action, Goal CI handoff,
and Goal proof recorder. Browser Resume reads this browser's
localStorage:clankeros-route-history, ignores /resume itself, and offers
the most recent non-resume route with route-scoped scroll/open-panel memory
when available. It also reads localStorage:clankeros-last-artifact and shows
the most recently opened artifact from this browser as a return card. It does
not write server state; the shared save-workspace / Finish Today form can
hydrate its last_viewed_artifact field from that browser-local breadcrumb
before confirmation/submission, and the canonical saved workspace still comes
only from the explicit /workspace#save-workspace Finish Today form.
The rest of /resume reads the saved workspace state, prefers the exact saved
resume_surface local route when one exists, shows the saved
goal/project/artifact links, preserves filters and expanded panel readbacks,
and keeps saved-state, command, workbench, and browser-local resume evidence
collapsed by default. Its Resume Readiness checklist now treats the safe
saved resume_surface as required proof for true come-back-tomorrow readiness,
alongside project, Goal, filters, expanded panels, and an existing last
artifact. When no workspace has been explicitly saved yet but the
database already has a lead Goal, /resume now treats that Goal as the return
source, renders its current confirmed action form at
#resume-workbench-action-form, and labels the command/workbench source as
lead_goal_state; first-run/no-goal states still use the setup-safe first-run
forms.
Saved Goal links on Home, /resume, /workspace, and the Goal resume snapshot
are now title-first when a title exists, while raw Goal ids and label-source
readbacks remain in collapsed evidence for review and automation.
Before a saved Goal exists, /resume follows first-run progress instead of
stopping at the project link: an empty checkout renders the same-page
Resume First-Run Action register-project form, and a
registered-project/no-goal state renders the same-page create-goal form while
still showing the saved project. The
workbench shows
do/check/unblock/finish cards for the saved Goal, the current action or
same-page action form, readiness repair, blockers, last artifact, and the
existing /workspace#save-workspace finish surface. The Resume Command Bar
follows with readiness, phase, current gate, next action, target surface,
action-form availability, last artifact, and zero-effect counters inside
collapsed evidence. It also adds a Resume Readiness checklist for the saved project, goal, safe exact resume surface,
filters, expanded panels, last artifact existence, and next local surface, and
shows a Resume Next Action section with the saved goal's current phase, one next action, operator
attention cue, target surface, and the same confirmed local action form that
the Goal page would show when that next action is browser-available. When
first-run is still incomplete, the same Readiness, Next Action, and Workflow
Map sections show the current first-run gate, next setup action, and
same-page setup target, with Home/Today/Goals setup links retained as fallback
evidence. It also
includes a read-only Resume Workflow Map that mirrors the Goal page
lifecycle rail, showing the saved goal's current gate, gate progress, next
action, and no-write/no-network boundaries before the operator leaves
/resume. /workspace now opens with the
Workspace Operator Workbench before shared route/focus diagnostics or
saved-state evidence. The workbench gives the saved workspace do/check/unblock/
finish cards, same-page action-form routing, blocker routing, last-artifact
readback, and a Finish Today link that opens the collapsed #save-workspace
form. When no workspace has been explicitly saved yet but a lead Goal exists,
that form is prefilled from the current project, Goal, goal-scoped filters,
latest artifact, and exact resume_surface route, with a
Workspace save defaults evidence block showing that the values are
suggestions only and nothing was written on GET. The
read-only Workspace Restore Map follows with Restore, Goal, Artifact,
Filters + Panels, and Tomorrow cards that distinguish saved workspace state
from suggested defaults before the longer checklist. The Goal card is
title-first when possible, while still retaining exact saved Goal id and route
evidence for restoration. A read-only Workspace View Memory panel follows to
inspect and clear browser-local view state such as theme, focus mode, Goal
board filters, route history, the last opened artifact breadcrumb, open panels,
scroll position, search lanes, timeline lanes, Goal section searches, Today
Goal Queue view, Today and Goal decision filters, artifact filters, notes
filters, note drafts, setup and workflow form drafts, Goal action prep checks,
Memory Bank filters, Skills Inventory filters, and the First Run Checklist
from localStorage without changing .clanker/app/workspace.json.
The read-only
Workspace Daily Brief and Workspace Workflow Map then follow with the
saved goal's current gate, gate counts, and finish posture, while saved-state
and restore-link readbacks stay inside collapsed evidence.
Before a saved Goal exists, /workspace now follows the
same first-run progress as Home, Today, Goals, and /resume: an empty checkout
points its daily brief, workbench, continuation readback, restore links, and
workflow map at the same-page Workspace First-Run Action register-project
form, while a registered-project/no-goal workspace points at the same-page
create-goal form and keeps the saved project visible. Home/Today/Goals setup
links remain in collapsed evidence as fallback routes. Both routes report that
they write nothing on GET.
For the first manual browser pass, open /demo#demo-fixture-action and confirm
the browser-local demo action. CLI fallback:
python3 -m agent_os.cli demo or
python3 -m agent_os.cli demo-app-scenario. After the action result offers
/demo as the next surface, open /goals and follow the state-aware dogfooding links
into the demo project, selected workflow, delegation, coder worktree run,
review artifact, approvals, and inbox. The /demo page starts with a
read-only Demo Operator Workbench for Now, Project, Workflow, and Proof,
then shows a read-only Demo Walkthrough Map with Fixture, Project + Goal,
Workflow, Run, Approval, Publish Boundary, and Resume + Proof cards before the
fixture command/readback details. It
still shows whether fixture state exists, the preferred demo command,
compatibility command, selected project, Goal, delegation, run, next local
surface, and zero-effect counters before the longer walkthrough. It also shows
a read-only Demo Next Action panel and Demo Browser Progress checklist for
the selected fixture run, so you can see
whether the app path is waiting on commit request, commit approval, local
commit, publication request, publication approval, publication handoff, or
manual push/PR outside ClankerOS. It also shows Demo Gate Artifacts, linking
the commit request, commit decision, local commit artifact, publication
request, publication decision, publication handoff, and PR-body artifact as
those gates become available. The Demo Gate Actions panel names the current
gate, the local form action, required input, expected output artifact, and
renders the safe confirmed local form when the current step can be driven from
the app. Draft-backed workflow fields preserve unsent operator notes,
messages, and safe local command text across reloads until the operator clears
them or the confirmed local action succeeds. Once the publication handoff is
ready, the demo keeps push/PR work
outside ClankerOS and exposes the confirmed local complete-goal form so the
operator can record that manual publication finished and review completed Goal
evidence.
Manual Browser Checkpoints lists the exact route markers to confirm across
/demo, /dogfooding, workflow, project, delegation, run, approvals, inbox,
verification, and health surfaces, then lets you jump directly to the relevant
local surface.
Use /goals as the daily cockpit. It separates active, paused, and completed
goals into scan-first Goal cards that link each goal to its detail page,
project page, and next action surface while showing phase, next action, task
progress, waiting count, and open work from existing local state. A
Goal Board Workbench starts the page before shared
route/focus diagnostics, with visible Do Now, Selected Goal, Attention, and
Start/Resume cards; it links the selected Goal straight to its confirmed
action form when one exists, routes pending approval attention through
/approvals?goal_id=<goal_id>, and anchors active, paused, and completed
lanes for fast switching. The read-only
Goal Board Command Bar follows as collapsed command evidence with total goal
counts, the prioritized saved or active Goal, its current phase, one next
action, the target surface, waiting counts, resume link, and zero-effect
counters. Populated cockpit counts are also collapsed as evidence so the board
arrives quickly on mobile. A browser-local Goal Board Filter follows the
goal creation form and filters active, paused, and completed lanes by title,
project, phase, status, next action, progress, or remaining work, with a live
count, mode buttons, first-match jump, and no-write/no-network evidence. It
also sorts the already-rendered Goal cards locally by updated time, waiting
items, open work, progress, or title, so a busy day can be re-prioritized
without running commands or changing state. The board view remembers its
query, lane mode, and sort in browser-local storage across reloads, with a
Reset view control for returning to the default board. The
cockpit also includes a confirmed local
Start Another Goal form backed by the existing create-goal action,
so an operator can add the next goal for a registered project without
switching to the CLI. Setup and Goal creation forms keep unsent edits in
browser-local localStorage:clankeros-action-form-draft:<action>:<scope>
until the operator clears them or the confirmed local action succeeds. The
shared action forms now open with a short action brief, human field labels,
field help, explicit confirmation/external-effect notes, and outcome-named
buttons such as Create project and Create Goal, so first-run setup is
usable without knowing the internal action ids. The confirmation and result
pages for those setup actions keep the same human labels (Confirm project setup, Project setup complete, Confirm Goal setup, Goal setup complete)
while preserving raw action ids in collapsed evidence. The next first-run
actions now keep that product language too: delegate renders as
Create scout delegation / Confirm scout delegation /
Scout delegation created, context-pack renders as Generate context pack
/ Confirm context pack / Context pack ready, and run-delegation renders
as Run scout delegation / Confirm scout run / Scout run finished, while
raw action ids stay in evidence fields. The
same browser-local draft behavior is used for goal workflow forms that collect
worktree approval notes, safe run commands, commit/publication messages,
publication approval notes, and manual complete-goal notes.
Use /goals/<goal_id> as the
goal-centered workbench: the page is now content-first, so the Goal summary,
large Current Phase banner, jump bar, action dock, progress meter, and
attention digest appear before shared route/focus diagnostics. The summary itself is title-first: it
uses the human Goal title/intent as the page heading, keeps the Goal id as
metadata instead of the headline, and preserves the project, status, phase,
and local refresh posture in the readback. Shared Goal navigation now follows
the same rule: breadcrumbs, Route Context, and command-palette route evidence
show the human Goal title while retaining explicit Goal id evidence fields for
review and automation. The Goal Jump Bar covers phase, action,
workflow, timeline, evidence, artifacts, notes, git, and remaining work. Its visible 1-9 key badges and
aria-keyshortcuts jump to those local anchors without submitting forms,
while jump-state evidence stays collapsed by default,
then an in-flow Goal Action Dock keeps the current action, gate, CI proof
target, and resume route near the top of the workbench while rendering a
top-of-page Current Action Form when the existing confirmed Goal action form
is available. The deeper Next Action section remains as the detailed readback
copy, but the operator can use the current action without hunting down-page.
An adjacent browser-local Goal Action Prep panel turns that next click into
five visible checks for current action, source gate, proof, latest artifact,
and Finish Today return point. It persists only in
localStorage:clankeros-goal-action-prep:<goal_id> and can be reset from the
Goal page or Workspace View Memory; it does not write Goal state, call
providers, use the network, or approve/run/push/PR/deploy work on GET.
Those form-backed primary controls now use the actual operator verb, such as
Create commit request or Approve commit, instead of generic labels like
Use current action, while raw action ids stay in evidence and form actions.
A read-only
Goal Progress Meter follows with task and workflow progress bars, waiting
operator work, latest proof state, and the next confirmed browser action before
deeper command evidence. A read-only Goal Attention Digest follows the meter
with Now, Approvals, Incidents, Recommendations, Open Work, and Safety cards so
the first waiting queue and safe next click are visible before deeper command
evidence. A read-only Goal Decision Queue follows with exact Goal-scoped
operator rows for the current action plus pending approvals, incidents,
recommendations, or blocked tasks, linking to the existing confirmed action
form or scoped approval surfaces without deciding anything on GET. It includes
a browser-local Goal Decision Filter for narrowing those already-rendered
rows by current action, approval type, incidents, recommendations, blocked
work, or text while restoring lane/query per Goal from
localStorage:clankeros-goal-decision-filter:<goal_id>. The dock, meter,
digest, and decision queue precede the Goal Command Bar, Goal Operator
Workbench, Goal Daily Loop, Goal Return Brief, Goal Session Digest, Goal
Activity Pulse, Goal Continuation Rail,
next action, next recommendation, Goal Workflow Map, Goal Coder Handoff
Digest, Goal CI Handoff, live state, and collapsed section index before the detailed progress, timeline, activity log, goal risk, completion
criteria, completion readiness, evidence, delegations, runs, approvals,
artifacts, a typed Goal Artifact Explorer, memory, skills used, git status,
operator notes, a goal-scoped resume snapshot, and remaining work. The page
auto-refreshes by local polling, pauses while the operator is editing a form or
the tab is hidden, and stays local-only. Goal and workflow routes scope
coder-prep and worktree-plan packet reads to the current Goal or selected
delegation, so populated dogfood/demo workspaces do not make the primary
operator pages scan unrelated handoff artifacts before rendering. The Goal Command Bar near the top now
opens with visible Now, Phase, Progress, Proof, and Resume cards, while its
Resume card keeps any explicitly saved workspace surface first and otherwise
routes to the current Goal action. The full current phase, primary action,
target local surface, progress, waiting counts, resolved resume route/source,
latest project-scoped CI proof state, same-page Goal CI handoff target, and
zero-effect boundary stay available in collapsed command evidence. Goal
Operator Workbench follows it with a human-readable do/check/unblock/finish
strip: its primary action points directly at the in-page Goal action form when
one is available, links
the source surface and first unblock surface, names the current gate/progress,
and keeps confirmation/write/provider/network/external-effect counters
available in collapsed workbench evidence before the deeper diagnostic
sections. A read-only Goal Milestone Checklist now sits near the top of the
Goal page after the Goal Path Rail, mapping Launch App, Create Project, Create
Goal, Do Current Action, Check Proof, Finish Today, and Resume Exactly to the
current Goal's local state. It highlights the active or waiting step, routes
proof to the same-page CI handoff, Finish to the existing save-workspace form,
and Resume to the saved exact surface when one exists, while keeping write,
provider, network, PR, push, deploy, and external-effect counters at zero on
GET. The Goal Next Action section now starts
with a human-first focus strip for Now, Gate, Target, and Boundary, with one
primary link to the existing confirmed form or source surface, then renders the
confirmed form before collapsed action evidence. Goal Daily Loop now opens as a
five-card Continue, Start, Unblock, Pause, and Finish Today strip. Detailed
local state stays in collapsed daily-loop evidence, while the confirmed
pause-goal and save-workspace forms live in hash-openable Pause and Finish
Today details so ending or shelving a goal is a direct click, not a hunt
through proof rows. pause-goal moves any non-paused incomplete goal into
paused lanes without approving work, running providers, using the network, or
mutating external systems. Goal Return Brief now follows as its own six-card
return board for Continue, Latest, Proof, Blocker, Finish, and Resume, with
Proof pointing to the same-page Goal CI handoff. Its Resume card keeps an
explicit saved resume surface when one exists; otherwise it routes to the
current Goal action, so the return board stays actionable without opening the
resume hub. The same gate, activity, artifact, CI, resume-readiness, blocker,
and zero-effect state stays preserved in collapsed return evidence instead of
leading the operator through proof rows.
The read-only Goal Session Digest follows the return brief and condenses the
current continuation into Continue, Since Save, Latest Artifact, Waiting, and
Finish Today cards. It uses existing Goal state, saved workspace timestamp,
latest local timeline item, latest artifact, and waiting queue counts, then
keeps the exact sources and zero-effect boundary in collapsed digest evidence.
The read-only Goal Activity Pulse follows the digest with Latest, Recent
Three, Mix, Artifact, and Next cards, reusing the Goal timeline so returning
operators can see the newest linked movement before opening the full timeline.
The read-only Goal Continuation Rail follows the pulse as visible
Now, Next Gate, Then, Publish Boundary, and Finish Today cards, while detailed
gate rows, exact surfaces, manual publish boundary, and zero-effect counters
stay in collapsed continuation evidence. Goal
Section Index now includes a browser-local section finder with a type-to-filter
input, match count, first-match jump, compact anchor chips, visible View
status, and per-Goal query memory in
localStorage:clankeros-goal-section-finder:<goal_id> before the collapsed
evidence ledger, so the long Goal page can jump back to operational panels
such as approvals, memory, or git without memorizing the page structure.
Workspace View Memory can inspect or clear those section searches alongside
the rest of the browser-local view state. Goal
Overview now starts with a read-only Goal Overview Command Bar with visible
Now, Scope, Progress, Waiting, and Safety cards before collapsed command
evidence and collapsed raw metadata. Goal Risk now starts with visible Now,
Counts, Boundary, First Task, and Safety cards before collapsed command
evidence and collapsed detailed risk rows. Goal Completion Criteria now starts
with visible Now, Source, Progress, First, and Safety cards before collapsed
command evidence and collapsed criteria rows. Goal Progress now starts with
visible Now, Tasks, Gates, Waiting, and Safety cards before collapsed command
evidence, the browser progress bar, and collapsed detailed progress counts. Goal
Completion Readiness turns the same local gate, approval, incident, and
publication-handoff state into one explicit finish posture. It names the
current blocker or next safe action, links the relevant local surface, and only
offers the confirmed complete-goal form after the manual publish handoff is
ready. The Goal
Git Status section now starts with a read-only Goal Git Command Bar that
opens with visible Now, Branch, Changes, Proof, and Safety cards. It still
summarizes the registered project root, branch, commit, clean/dirty posture,
tracked and untracked counts, latest goal-linked git_status.txt evidence
when available, and one next local surface, but the detailed command evidence
and repository snapshot stay collapsed without fetching GitHub status or
mutating the repo. The Goal
Daily Loop turns the same local state into start/continue/unblock/finish cues:
/resume, the current next action, the first approval/incident/recommendation
surface, and a confirmed save-workspace form that records this goal and its
latest artifact as tomorrow's resume point without writing on GET. Goal Return
Brief follows it with a read-only return-to-work snapshot: current gate, next
action, resume readiness, latest activity, latest artifact, CI proof posture,
blocker route, /resume, and finish surface. The Goal Workflow Map now opens
with visible Now, Progress, Approvals, Publish Boundary, and Finish Today cards
that point at the existing Goal action form, Remaining Work, goal-scoped
approvals, CI handoff, and Finish Today save form. The detailed lifecycle rail
from scout delegation through manual publish, every gate's eventual operator
surface, the manual publish boundary, and zero-effect counters remain in
collapsed workflow evidence without writing on GET. Goal Coder Handoff Digest
follows the workflow map and turns delegation, context-pack,
implementation-handoff, coder-prep, worktree, commit, and publication state
into scan-first Now, Handoff, Prep, Execute, Ship, and Safety cards. Goal CI
Handoff follows near the top of the Goal page with visible Check GitHub, Record
Proof, Current Proof, Full Suite, and Finish Today cards. The cards expose the
project-scoped proof status, latest operator-recorded GitHub Actions evidence,
exact gh run list / gh run view command templates, and a same-page JSON
paste target for recording proof, while the detailed ledger remains collapsed
and still does no GitHub polling or external mutation on GET. Goal Live State
now opens with visible Now, Phase, Refresh, Pause Rules, and Safety cards,
including a local Refresh now control, while detailed refresh posture stays
collapsed and the five-second loop still pauses during edits or hidden tabs.
Goal Remaining Work now opens with visible Now, Gate Progress, Waiting, Open
Work, and Finish cards; detailed command proof and the full remaining-work
checklist stay collapsed while preserving current gate, done/pending/waiting
gate counts, open task/incident/recommendation counts, pending approvals, one
next local surface, and zero-effect boundaries. It now also includes a
confirmed complete-goal-task closeout for ready publication-handoff evidence,
so a reviewed local workflow can update the task row, linked plan step when
present, refreshed TASKS.md/PLAN.md, workspace resume point, and timeline
event without running fresh verification or taking external action. The Next Recommendation
section names whether the recommendation
comes from an open task recommendation or from current phase plus local goal
records, then points at the local target surface without writing on GET. When
an open task recommendation includes recommended_commands, the Goal page
also shows copy-only Goal Recovery Commands cards with clipboard buttons,
evidence links, and explicit no-execute/no-retry/no-replan/no-write counters.
Those cards are now the primary Goal-local target for recommendation recovery:
the Goal Next Action, header Next shortcut, attention digest, ribbon, daily
loop, workbench, session digest, overview, incident, and remaining-work cards
route to /goals/<goal_id>#goal-recovery-commands when stored commands exist,
with incident triage preserved as a secondary surface.
The in-flow Goal Jump Bar keeps the most-used in-page anchors one click or
one keypress away without covering later controls. The in-flow Goal Action
Dock keeps the current action, gate, proof, and resume route visible near the
top of the Goal without covering later controls, and jumps directly to the
confirmed form without adding a second action form. The Goal
Next Action focus strip makes the selected action
readable at the point of decision and keeps the confirmed form ahead of
diagnostic evidence, while the Goal Section Index near the top links to the
main day-loop areas through visible Operate, Proof, Work, Knowledge, and
Finish cards, with the full stable anchor map still collapsed underneath for
deep review.
Goal Delegations starts with a read-only Goal Delegation Command Bar that
opens with visible Now, Latest, Workflow, Handoff, and Safety cards. It still
summarizes scout delegation counts, context-pack readiness, implementation
handoff readiness, coder-prep packets, worktree plans, the latest delegation
workflow surface, and one next local continuation, while command evidence and
detailed delegation rows stay collapsed.
Goal Runs starts with a read-only Goal Run Command Bar that summarizes task
and worktree run counts, review readiness, changed-file posture, the latest
run surface, and one next local run action as visible Now, Latest Run, Review,
Changes, and Safety cards before collapsed command evidence and detailed run
rows.
Goal Approvals starts with a read-only Goal Approval Command Bar that
summarizes pending and approved worktree, commit, and publication gates, points
at /approvals or the next local Goal surface as visible Now, Pending,
Approved, Downstream, and Safety cards, and keeps approval decisions on
confirmed local forms instead of writing on page load.
Goal Incidents starts with a read-only Goal Incident Command Bar that
opens with visible Now, Open, First, Recovery, and Safety cards while
preserving open/resolved incidents, recommendations, first incident evidence,
one triage surface, and zero-effect boundaries inside collapsed command
evidence before the detailed incident rows.
Goal Evidence starts with a read-only Goal Evidence Command Bar that
opens with visible Now, Latest, Inventory, Attention, and Safety cards. It
summarizes run, worktree, incident, recommendation, and typed artifact evidence
counts, points at the latest bounded artifact or highest-priority local evidence
surface, and keeps provider/network/external-effect counters at zero inside
collapsed command evidence. A read-only Goal Evidence Digest follows with
Proof, Latest, Run Proof, Artifact Mix, CI Proof, and Safety cards before the
collapsed detailed evidence list, so the operator can distinguish local proof,
artifact coverage, and recorded CI posture without opening the full inventory.
Goal Verification Evidence starts with a read-only Goal Verification Command Bar that opens with visible Now, Current, Latest, Record, and Safety cards
before collapsed command evidence and collapsed proof lines. It shows whether
project-scoped proof is missing, stale, job-scoped early proof, or current
full workflow success, links to /verification and /ci-evidence, shows
whether the latest operator-supplied CI proof matches the current checkout,
and includes a confirmed Goal-scoped form for pasted GitHub Actions JSON. The
form infers run identity from databaseId/url, validates the supplied JSON,
and records local CI proof without app-side GitHub polling.
Goal Memory starts with a read-only Goal Memory Command Bar that summarizes
project/global memory artifacts, project/active/proposed/global/generated entry
counts, operator-note state, future-work count, pinning posture, one next local
memory action, and zero-effect boundaries as visible Now, Notes, Memory Bank,
Pin, and Safety cards before collapsed command evidence and detailed memory
readback.
Skills Used starts with a read-only Goal Skills Command Bar that summarizes
task skill tags, matching generated or available skill records, usage and
project counts, delegation profile usage, one /skills or /profiles review
target, and no-execution/no-install/no-network boundaries as visible Now,
Record, Usage, Profile, and Safety cards before collapsed command evidence and
detailed skill readback.
Timeline entries link back to the relevant local artifact, delegation, run,
approval queue, or goal surface, and render as scan-first event rows with
time, event-kind badge, clickable message, and target badge. The timeline also
adds explicit CI proof recorded artifact events for project-scoped CI
snapshot/deploy proof records, then backfills generic Artifact recorded events
from the same bounded artifact registry used by the Goal Artifact Explorer. The
timeline starts with a
read-only Goal Timeline Command Bar that exposes visible Now, Latest,
Families, Flow, and Safety cards before collapsed timeline command evidence
and metadata. A read-only Goal Timeline Digest follows with Span, Latest,
Artifact, Next, and Safety cards so the chronological list can be scanned from
the current useful event, newest artifact, and next action before reading every
row. A browser-local Timeline Lane Filter follows the digest so the operator
can switch the rendered chronology between all events, artifacts, approvals,
delegations, runs, tasks, notes, and generic events without changing Goal
state or leaving the page. The selected lane is remembered per Goal in
localStorage:clankeros-goal-timeline-lane:<goal_id> across reloads, with a
Reset lane control for returning to the full chronology. The Activity Log now starts
with a read-only Goal Activity Command Bar that exposes visible Now, Latest,
Signals, Window, and Safety cards before collapsed activity evidence and
metadata, then the recent human-readable event list. Progress starts with a read-only Goal Progress
Command Bar, then uses a real browser progress bar.
Operator Notes starts with a read-only Goal Operator Notes Command Bar that
opens with visible Now, Artifact, Resume, Capture, and Safety cards before
collapsed command evidence and collapsed note details. A Goal Notes Browser
follows it with already-rendered note cards, text search, per-Goal browser-local
view memory in localStorage:clankeros-goal-notes-filter:<goal_id>, and Reset
notes; it reads only the goal-scoped operator-notes.md artifact and does not
open arbitrary filesystem paths. The confirmed save-goal-note form remains
the local write path, now uses a multiline capture box, and keeps unsent draft
text in browser-local localStorage:clankeros-goal-note-draft:<goal_id> until
the operator clears it or a confirmed note write updates the artifact. It
appends resume context to the artifact without overwriting earlier notes.
The Goal Resume Snapshot reads .clanker/app/workspace.json and opens with
visible Now, Current, Saved, Artifact, and Safety cards before collapsed
resume evidence, collapsed Goal Workspace Restore State, and a collapsed
confirmed save-workspace form that returns to the same goal page after
saving. It does not write on page load, fetch GitHub status, call providers,
push, create PRs, deploy, or mutate external systems.
The Goal Artifact Explorer groups goal-linked artifacts as Markdown, JSON,
Patch, or Text and links them through the bounded /artifacts viewer instead
of exposing raw filesystem browsing. Project-scoped CI snapshot/deploy proof
JSON is included as bounded ci_snapshot_evidence/ci_deploy_evidence
artifacts, so the latest-artifact surfaces can open the proof record directly
after an operator records it. The Goal page now starts the artifact area with a
read-only Goal Artifact Command Bar that opens with visible Open,
Latest, Types, Inventory, and Safety cards. It summarizes artifact record
counts, available/missing posture, render-family counts, source-family counts,
the latest artifact, and one next bounded artifact review click while keeping
command evidence and the detailed artifact list collapsed by default. The
typed explorer now starts with a browser-local Goal Artifact Filter for
type, source, and text narrowing over the already-rendered artifact rows; the
selected filter is remembered per Goal in
localStorage:clankeros-goal-artifact-filter:<goal_id> and Reset filter clears
that browser-local view without reading arbitrary filesystem paths. A
browser-local Goal Artifact Reader follows the filter so the operator can
preview one already-registered artifact inline, switch between bounded
Markdown/JSON/Patch/Text renderers, keep the selected artifact per Goal in
localStorage:clankeros-goal-artifact-reader:<goal_id>, and reset that reader
view without executing content, writing state, or browsing raw paths. The bare
/artifacts index now uses those same Goal-owned artifact records first,
then appends older known-path entries, so the global artifact workbench opens
on the current real Goal instead of being dominated by stale demo inventory.
It shows a visible Goal card back to the Goal Artifact Command Bar while
preserving the bounded /artifacts?path=... viewer and no raw filesystem
browsing boundary. Each
artifact page starts with
a visible Artifact Operator Workbench for opening the inert content,
returning to the owning Goal/delegation context, remembering or resuming from
the artifact, and checking the safety proof. It now follows with a visible
Artifact Format Lens that names the active Markdown, JSON, patch/diff, text,
or log renderer, gives the format-specific read/review action, and keeps
structure, byte counts, and inert-renderer boundaries visible before the
content body. A visible Artifact Relationship Map follows it with Workflow,
Goal, Source, Resume, and Boundary cards so Goal/project/delegation/run return
paths are visible before dense evidence. When the artifact path resolves to a
stored Goal, or when a run-backed artifact such as runs/<source_run_id>/review.md
can be traced through local run/coder-run state to an owning Goal, those
artifact context links are title-first while preserving raw Goal ids,
source-run ids, and label-source evidence for automation. The confirmed
Remember Artifact form also defaults its project, Goal, filters,
resume-surface, and return target to that owning Goal instead of saving only a
loose file breadcrumb. The detailed Artifact Command Bar, Artifact Review Brief, format evidence, and relationship
evidence stay collapsed by default while preserving path, type, renderer,
size, line count, truncation state, inferred project/goal/delegation/run context,
saved-resume-anchor posture, and zero-effect boundaries. The content view
remains inert and bounded.
Use /goals on a fresh checkout for first-run browser actions. The page now
renders a state-aware First Run Guide plus confirmed local forms for
register-project and create-goal, with browser-local draft memory for
those setup fields, so a new operator can create a project and first goal
without switching to CLI commands. The guide tracks whether
the project, goal, first delegation, and context pack exist, then points to
the current surface, the confirmed local run-delegation action, or its exact
CLI fallback command. It also renders First Run Next Step plus the
browser-local First Run Checklist plus the First Run Progress strip so the
operator sees the immediate browser action, resumable setup checks, five-step
path, and current gate before the forms.
After a confirmed register-project action, the
Action Result Details page also renders a first-run continuation with an
inline confirmed create-goal form plus Home and Today fallback links, so the
operator can keep moving before a saved Goal exists. From the created goal
page, the Next Action card can create the first read-only scout delegation
with a confirmed delegate form, writing a local contract artifact without
starting a subagent or calling a provider. After the delegation exists, the
same card can generate the local context pack with a confirmed context-pack
form. When the context pack is ready, the card shows the exact
confirmed local run-delegation action while keeping the CLI command as a
fallback/readback. After a delegation has completed, the Goal Next Action
card can also create the local coder prep packet, create the approval-gated
worktree plan, and request the pending worktree approval with confirmed
browser forms. It can then approve the pending worktree request. After
approval, the Goal card exposes a confirmed run-coder-worktree form for one
operator-provided safe local command in the isolated worktree. The existing
approval, safe-command, verifier, and bounded-file checks still apply, and
the exact CLI fallback remains visible. Safe-command validation parses the
submitted command into an argv shape, rejects shell metacharacters and
traversal-looking script paths, and runs the approved command with the shell
disabled. Once the bounded run completes, the
Goal card can create the local review artifact for the completed coder
worktree run. Once that review gate passes, it can create the review-gated
commit request.
After that, the same Goal card can approve the commit request, create the
isolated local worktree commit, request and approve publication handoff
preparation, and write the local publication handoff/PR-body artifacts. Push
and draft PR creation remain copy-only/manual outside ClankerOS. After the
operator finishes that manual publication work, the Goal page exposes a
confirmed local complete-goal action that marks the Goal completed and moves
it into the completed-goals lane without pushing, creating a PR, deploying,
calling providers, or using the network.
Those steps write local artifacts, local approval rows, local approval
decisions, bounded worktree run evidence, or one isolated local worktree
commit only; they do not expose arbitrary commands, push, create PRs, deploy,
call providers, or use the network. Use Home, /resume, or /workspace to
save and restore open project, open goal, filters, expanded panels, last
viewed artifact, and exact resume_surface route in
.clanker/app/workspace.json, with saved-goal phase and next-action
readbacks on each return-to-work surface. /workspace now also
has a Workspace Operator Workbench beside the editable state form, and
/resume and /workspace both expose the saved goal's workflow gate map, so changing saved
context does not hide the current gate.
Use the goal page note form for day-to-day operator breadcrumbs, then find the
same note artifact again from /memory. The Memory Bank opens with a
workbench, pinboard, and browser-local Memory Inventory Filter, so you can
narrow already-rendered proposed, active, project, global, generated, note, or
future-work rows by lane/text and restore that view from
localStorage:clankeros-memory-inventory-filter without writing memory state.
Use /search for bounded global search across indexed goals, projects,
delegations, known artifacts, incidents, recommendations, memory, runs, and
approvals. Goal search results include live local phase, one next action, and
remaining-work counts, so action or phase searches can return the Goal to
continue. Artifact search now preserves content-only matches, so a phrase
inside a known Markdown, JSON, patch, log, or text artifact can return the
artifact even when the phrase is not present in the file name. Approval search now includes the first-class coder worktree, commit,
and publication approval queues, with scoped links back to the matching
/approvals?goal_id=..., /approvals?run_id=..., workflow, or run surface
instead of only the older generic approval rows. /search is now
content-first and opens with a visible
Search Operator Workbench before shared route/focus diagnostics, turning the
query, first useful hit, result list, and /resume into four browser cards.
When a Goal exists, the suggestions panel starts with the live Current Action
and links straight to the Goal action dock, while keeping the current-Goal and
next-action search query cards as secondary discovery paths.
It now follows with a visible read-only Search Domain Coverage panel that
names the objective's required global-search domains: Goals, Projects,
Delegations, Artifacts, Incidents, Recommendations, Memory, Runs, and
Approvals.
The broader visible read-only Search Result Map still follows for Goals,
Projects, Work, Decisions, Knowledge, and Artifacts, so category counts and
first targets are visible before the flat result list. A browser-local
Search Result Filter follows the map so broad queries can be narrowed to one
lane without another request; the selected lane is remembered per query in
localStorage:clankeros-search-result-lane:<query-hash> and Reset lane clears
that browser-local view. Search state, result map, result filter, workbench
evidence, and command evidence stay collapsed by default while preserving
result counts, first-result target links, lane counts, and the
no-write/no-network/no-raw-filesystem boundary in the DOM. Use /memory, /skills, and
/profiles for local readbacks of memory entries, generated skills/usage,
and inactive future provider-routing lanes. /memory is now action-first and
opens with a visible Memory Operator Workbench before shared route/focus
diagnostics and command readback, turning the next memory action, proposed
pins, operator notes, and resume target into four browser cards. It now follows
with a visible read-only Memory Pinboard for Active Pins, Proposed Pins,
Project, Global, Generated, Operator Notes, and Future Work before the dense
memory inventory. When no memory records exist but a saved workspace Goal or
real ClankerOS/root Goal exists, the workbench, pinboard, and command bar
route the first action to that Goal's operator-notes surface and the resume
card to Goal Memory instead of falling back to the generic /goals index.
Memory state, pinboard, workbench evidence, and command
evidence stay collapsed by default while preserving entry counts,
proposed-memory pin posture, saved workspace context, and
no-write/provider/network/external-effect boundaries in the DOM. /skills
is now action-first and opens with a visible Skills Operator Workbench before
shared route/focus diagnostics or command readback, turning generated-skill
review, usage review, and resume context into browser cards. It now follows
the usage map, including a first-class Last Used card, with a browser-local
Skills Inventory Filter, so you can narrow
already-rendered available, generated, active, proposed, used, or unused skill
rows by lane/text and restore that view from
localStorage:clankeros-skills-inventory-filter without installing or
executing skills. Skills state, usage-map, filter, workbench evidence, and
command evidence stay collapsed by default while preserving skill counts,
generated-skill posture, usage/project counts, visible last-used posture, the first
bounded skill artifact, and no execution/install/provider/network effects in
the DOM. When no explicit workspace resume exists, the Skills resume card
returns to the same real ClankerOS/root Goal context used by Today, Home, and
Memory instead of drifting to demo fixture Goals.
/profiles is also action-first: it opens with a visible
Profiles Operator Workbench before shared route/focus diagnostics or command
readback, turning storage-profile review, future-lane review, and resume
context into browser cards while provider/model routing remains inactive.
It now follows with a read-only Profile Routing Matrix that maps Planning,
Coding, Review, Docs, Cheap Model, and Frontier Model lanes to stored local
profile rows, cost posture, use_for labels, and inactive provider/model
routing status. A visible Profile Routing Plan panel lets the operator save
inactive lane preferences to .clanker/app/profile-routing-plan.json through
the confirmed save-profile-plan action; the saved plan is read back on
/profiles but does not affect dispatch, providers, or model routing. A
browser-local Profile Routing Filter then narrows the
already-rendered matrix cards and profile rows by lane, storage/configured
posture, or text, remembers lane/query in
localStorage:clankeros-profile-routing-filter, and resets without enabling
providers or model routing. Profiles state, matrix evidence, filter evidence,
plan evidence, workbench evidence, and command evidence stay collapsed by default while preserving
configured/storage profile counts, future-lane readiness, adapter/write
posture, use_for posture, and provider/model routing disabled proof in the
DOM. Without an explicit saved workspace, its Resume card also points back to
the same real ClankerOS/root Goal context before falling back to generic Goal
setup.
/profiles also shows both .clanker/profiles.yml names and SQLite profile
storage rows, including labels, modes, cost tiers, write posture, adapter
status, and use_for labels without enabling providers.
Use /incidents as a read-only triage board for open incidents, resolved
incident history, and task recovery recommendations. The page now opens with
an Incident Operator Workbench before shared route/focus diagnostics or
command readback, showing Now, Evidence, Recover, and Finish Today cards while
incident workbench evidence, command evidence, and the Finish Today save form
stay collapsed by default. The older Incident Triage Command Bar remains as
read-only evidence with one local review target, incident and recommendation
counts, evidence links, and no-resolution/no-retry/no-network boundaries.
The app shell also includes a global Operator Ribbon, Operator Focus
strip, a read-only Route Context breadcrumb strip, recent local items, a
command palette, keyboard shortcuts, local Focus mode, and a dark/light theme
toggle on every page. The header keeps the daily routes visible
(Dashboard, Today, Guide, Resume, Goals, Search, Workspace) and
moves advanced routes under More, which opens automatically on secondary
pages. The header also exposes a visible Keys control and the ? shortcut
to open the same local keyboard-help dialog without opening palette evidence
first. The shared Operator Ribbon keeps explicit saved resume surfaces as the
strongest return point; when no saved surface exists, populated sessions route
its Resume card to the current Goal action, while first-run sessions keep the
/resume hub fallback. The shared Operator Focus strip uses the same resume
rule: saved surfaces win, populated sessions resume the current Goal action,
and first-run sessions keep the setup-safe hub fallback. The g keyboard shortcut is Goal-aware: first-run or empty states still
open /goals, while populated operator sessions open the current saved or
lead Goal cockpit directly. The global Proof button and p shortcut are
also Goal-aware: first-run or empty states open the manual CI evidence
recorder, while populated sessions open the current Goal's CI handoff surface.
The a artifact shortcut keeps empty sessions on the bounded /artifacts
index, but populated sessions jump straight to the current Goal's artifact
command bar so generated handoffs, diffs, evidence, and notes stay attached to
the Goal loop.
Focus mode uses the header Focus button or m
shortcut to hide Recent Items, Route Context, Operator Focus, and Last Action
strips while keeping the Operator Ribbon and page body visible. It is stored in
localStorage:clankeros-focus-mode only and does not write server state. The
shared shortcut layer now includes w for /workspace and a route-aware f
for Finish Today: populated Home opens #home-finish-today, Today opens
#today-finish, Goal pages open #goal-finish-today, /workflow opens
#workflow-finish-today, /actions opens #action-finish-today,
/verification opens #verification-finish-today, project detail pages open
#project-finish-today, run detail pages open #run-finish-today, /inbox opens
#inbox-finish-today, /approvals opens #approval-finish-today,
/incidents opens #incident-finish-today,
and other routes fall back to /workspace#save-workspace.
n still opens the current recommended next
action, and the header button is labeled with the concrete operator move, such
as Create Project or Create commit request, so return-to-work, Finish
Today, and the main next click are available without opening the palette. If a
browser-confirmed action form is available, n opens that existing form
details panel; it never submits the form or writes state on its own. The
header also exposes a visible Finish control backed by
the same route-aware target. The ribbon sits above the sidebar and page body
with visible Now, Goal,
Attention, Finish, Resume, and Search cards, so every route immediately shows
the current or lead Goal, one recommended click, waiting-review posture,
end-of-day save routing, resume state, and collapsed no-write/no-provider/
no-network evidence before the operator starts decoding the page. After a
confirmed local action, the shell also shows a read-only Last Action strip
from .clanker/app/workspace.json, with the action result, target notice
surface, saved Goal/project context, and zero-effect counters so the operator
can recover the last handoff after navigating away. Action notice pages now
start with a Next Step card sourced from first-run or saved-Goal state, so
following a completed-action notice points straight at the next confirmed form
or workflow surface instead of only echoing the previous result. When the next
saved-Goal action has a confirmed browser form, the notice renders an inline
Action Notice Next Step form before the notice evidence and keeps the
original Goal/workflow target as an evidence link. The route
context strip now starts with a compact action-first focus grid: current page,
next local action, back target, Goal, Project, and /resume. The full route
family/path, saved workspace anchors, focus target, and zero-effect counters
remain available inside collapsed Route evidence before the page content.
The recent-items sidebar now starts with a read-only Recent Items Command Bar plus a visible return dock for Recent, Workspace, Action, and
Artifact, so the operator can reopen the latest surface, saved project/Goal,
live Goal action, last action notice, or saved artifact without expanding the
longer shortcut list. When a Goal is available, the Action card uses the same
Goal action dock target as the command palette instead of falling back to the
generic /actions catalog, and the same Current Action is prepended to the
filterable Recent shortcuts list as current-action, so filtering for action
text such as commit finds the live Goal action instead of only older route
shortcuts. The Artifact card also hydrates after load from browser-local
localStorage:clankeros-last-artifact, so the most recently opened artifact
is available from every shell route before the operator explicitly promotes it
with /workspace#save-workspace. The compact Recent Items Resume shortcut now
uses the same return rule as the broader shell: exact saved resume surfaces
win, otherwise populated sessions resume the current Goal action, and first-run
sessions keep the setup-safe /resume hub. It also includes a browser-local
Viewed Pages panel backed by
localStorage:clankeros-route-history, which records the local app pages
visited in this browser, dedupes them by route, caps the list at 12 entries,
and can be cleared with an explicit click without touching server state. The
shared shell also remembers open/closed route panels in route-scoped
localStorage:clankeros-open-panels:<route> entries, so expanded evidence and
details survive reloads on the same page while /workspace#workspace-view-memory
can inspect or reset them with the other browser-local view state. It also
remembers route-scoped scroll position in
localStorage:clankeros-scroll-position:<route> after the operator scrolls, so
long Goal pages reopen near the same working position while hash anchors still
take precedence. A
browser-local Find Recent filter narrows the already-rendered
shortcut rows by text, remembers the query in
localStorage:clankeros-recent-items-filter, and resets without writing server
state. When an exact saved resume_surface exists, the Workspace card opens
that route directly. Workspace/goal/delegation/run counts, saved workspace
context, last action, artifact targets, filter evidence, and zero-effect
counters stay inside collapsed evidence and the remaining recent shortcuts stay
in a second collapsed disclosure. The focus strip keeps the saved or lead
goal's primary action, phase, progress, waiting counts, and resume link visible
as compact action cards outside the Goal page. It can expand the same confirmed
local action form when the current next action is browser-available, while the
full focus readback and zero-effect counters stay inside collapsed
Focus evidence.
Before any Goal exists, the same shared shell follows first-run progress
instead: Home, Today, and Goals point the route context, command palette, and
Operator Focus at their same-page Create Project or Create First Goal
forms, while other pages link back to those Home/Today/Goals first-run
anchors.
The command palette now opens with a Palette Focus launcher: continue the
current Goal action, jump to search, resume the saved workspace, or stay on the
current page. Its Continue and Action cards use the exact current action copy,
such as Create commit request, instead of generic "run current action"
labels. The search box also narrows a visible Palette Results list of
local routes, recent work, and the focused Goal's core section anchors as you
type. When a Goal action exists, the list prepends that exact Current Action
as current-action with the Goal action dock href, so typing action text such
as commit can open the live Goal action before broader route matches.
Queries like timeline, approval, artifact, memory, git, or
remaining can still jump straight into the Goal page without scanning.
ArrowDown/ArrowUp move through visible local commands and Enter opens the
active local result, while
the Search button remains the full indexed /search fallback. Browser-local viewed
pages are appended to the same palette results after localStorage readback, so
recent route hops are searchable from / without a server write. The palette
also has a browser-local Last Artifact result backed by
localStorage:clankeros-last-artifact, so typing artifact or last artifact
can reopen the last viewed artifact before the operator saves it into durable
workspace state. A no-match state leaves
the existing Search button available for full indexed search. It also includes a
visible Quick Switch dock for Continue, Workspace, Action, Artifact, and
Finish so the palette can recover the current Goal, exact saved workspace
surface, last action target, latest artifact, or /workspace#save-workspace
handoff without opening the sidebar. When no saved workspace surface is
stronger, the Workspace card also resolves the current Goal action dock
surface and labels it with the action, keeping the return path action-first.
The
route-aware Current Page readback, keyboard shortcuts, and long open list
live in collapsed Palette evidence and shortcuts, while the
goal-aware Continue Current Goal block and its confirmed local action form
remain one keyboard open away. Those controls stay inside the local browser app
and do not perform external effects.
Use /workflow?delegation_id=<id> or /workflow?run_id=<coder_run_id> when
you want the scoped operator map. The workflow page is action-first: it opens
with a visible Workflow Operator Workbench before shared route/focus
diagnostics and command readback, with cards for the current workflow action,
selected state, queue attention, and /resume. When the selected workflow is
at the reviewed-run commit request gate, the workbench also renders the
confirmed coder-commit-request form inline at
#workflow-workbench-action-form while preserving the owning /runs/<id>
surface as source evidence. It then shows a read-only
Workflow Scope Picker with direct cards for the primary pickup, recent
delegations, recent coder runs, the parent Goal, and safety evidence, so a
plain /workflow visit can choose the right delegation or run without
detouring through another page. A visible read-only
Workflow Journey follows with nine stage cards for Select, Goal + Scout,
Context, Handoff, Coder Prep, Approval, Execution, Commit, and Publish, marking
the current stage and linking to the next safe local surface. A visible
Workflow Live State panel follows so a selected delegation or coder-run
workflow can be left open during the day; it reloads the local page every five
seconds, pauses while form fields are focused or the tab is hidden, and keeps
refresh evidence collapsed with zero provider/network/external-effect
counters. A
Workflow Finish Today section then exposes a confirmed save-workspace form
that stores the exact scoped workflow route as resume_surface, so /resume
can reopen /workflow?delegation_id=<id> or /workflow?run_id=<coder_run_id>
tomorrow. The selected workflow page still includes a read-only
Workflow Command Bar, but its detailed
delegation/run, parent Goal, project, current stage, next local action, target
surface, reason, and zero-effect counters stay collapsed by default before the
detailed stepper. It also includes a read-only Selected Workflow Continuation block with the exact next local action, run detail surface,
approvals queue, inbox, dogfooding checklist, and the explicit
external_effects_created: false boundary.
Use /runs/<delegation_execution_run_id> after scout/delegation execution to
continue from the returned evidence. The read-only Delegation Run Continuation strip shows Now, Workflow, Handoff, Artifacts, and Goal cards
before the detailed evidence. When the run has a form-backed next action such
as prepare_coder_from_handoff, the strip renders that exact confirmed local
form inline at #delegation-run-continuation-action-form, points the primary
Now card there, and keeps the delegation page's Safe Local Actions anchor as
source/fallback evidence. The inline form still posts through the existing
/actions/<action> confirmation flow and preserves the run, project, Goal,
handoff, return, and resume fields without writing on GET. Other cards link to
the workflow map, artifact anchors, and parent Goal.
Use /runs/<coder_run_id> to review the worktree evidence and gate state. The
read-only Run Command Bar starts the page with the run status, review gate,
commit/publication state, changed-file count, diff summary, next local action,
target surface, and no-write/no-network/no-push boundary. A Run Operator Workbench follows it with do/check/unblock/finish cards for the same run gate,
including same-page action anchors, review/evidence links, approvals, parent
Goal, and a confirmed save-workspace form that stores the run and review or
evidence artifact as tomorrow's resume point without writing on GET. When the
current run gate is ready for a confirmed local action, the workbench renders
that form inline at #run-workbench-action-form and promotes it as the
primary Do Now target while preserving the original gate surface, such as
#run-approval-actions, as source evidence. Commit request, local commit,
publication request, and publication handoff forms still post through the
existing /actions/<action> confirmation screens. A
read-only Run Gate Map then lays out the run-scoped path from review through
commit request, commit approval, local commit, publication request,
publication approval, publication handoff, and the manual publish boundary,
marking the current gate and linking only to existing local surfaces. A
read-only Run Continuation Strip then condenses the current gate, scoped
approval queue, evidence, parent Goal, and manual publication boundary into
five visible cards before the dense workflow/evidence sections. The Run Review Gate panel shows whether runs/<source_run_id>/review.md exists and
mentions the coder worktree run id. A read-only Run Evidence Map follows it
with Review, Diff, Changed Files, Validation, Logs, and Verification cards
that link to the bounded artifact viewer before the full evidence inventory.
The app only exposes the
coder-commit-request form when that gate passes. The Goal Next Action card
can now create that local review artifact with a confirmed review-run form
when the goal is waiting on review.
Use /runs/<coder_run_id> after publication handoff preparation when you want
the display-only manual publication commands. The app shows
suggested_push_command, suggested_draft_pr_command, and pr_body_path, but
it does not run them.
Use /dogfooding when you want one checklist for a browser route walk or a
return-after-push pass. The page now starts with Dogfooding Real Goal Continuation, which prefers the real non-demo ClankerOS Goal, names its phase,
current gate, next action, and exact /goals/<goal_id>#goal-action-dock-form
surface, then keeps the fixture-backed demo workbench as a secondary route
walk. After that, Dogfooding Operator Workbench, Dogfooding Return Brief,
and the browser-local Dogfooding Session Checklist still cover fixture
refresh, demo/workflow/project/delegation/run surfaces, current checkout CI
proof, gh run view and record-after-success command templates, Finish Today,
and localStorage:clankeros-dogfooding-session. When a real non-demo Goal
exists, the checklist's Action step follows that Goal's current action surface
instead of the fixture route, while the Fixture step remains the deterministic
demo refresh. The confirmed
demo-app-scenario action still creates or refreshes the local fixture and
returns to /dogfooding, while evidence panels stay collapsed by default. GET
remains read-only, and the page does not fetch GitHub status.
Use /delegation-runs when you want a compact read-only index of scout
execution evidence, context packs, implementation handoffs, zero-effect
counters, retry signals, and next local operator actions before handing work to
coder prep. The page is action-first: it opens with a visible Delegation Run Operator Workbench before shared route/focus diagnostics and command
readback, with cards for the next delegation/run action, scoped workflow,
handoffs ready for coder prep, and /resume. The Delegation Run Command Bar
still counts completed/pending runs, incidents, retry candidates, context
packs, and implementation handoffs, then points at the first local delegation,
run, or workflow surface to inspect next, but detailed evidence stays
collapsed by default.
Use /projects as the project workflow index. It shows each registered
project's root, default test command, current branch/commit, goal/task/
delegation counts, next recommended local operator action, and direct project
or selected workflow links. It also includes a confirmed local
Register Local Project form backed by the existing register-project
action, so daily project onboarding does not require switching back to the
CLI. The page now opens with a Project Index Workbench before shared
diagnostics, with Open, Register, Goals, and Resume cards plus collapsed
project-index evidence, so first-run project onboarding and daily project
selection have one visible next click.
Use /projects/<project_id> as the project-level launchpad. It shows goals,
tasks, delegations, artifacts, project guidance, and a read-only
Project Command Bar that summarizes branch/commit, goal and queue counts,
the next project action, the target local surface, and no-write/no-network
boundaries before the longer inventory. The page now starts with a
Project Operator Workbench before command evidence or shared diagnostics,
with Do Now, Goal, Unblock, and Finish Today cards. Workbench evidence,
command evidence, and the confirmed save-workspace form stay collapsed by
default while still preserving project state and zero-effect readbacks in the
DOM. A visible read-only Project Goal Map now follows the project-scoped
Goal form with Lead Goal, Phase, Work, Waiting, and Finish cards, so the
project page shows the Goal to resume before the dense inventory. It also
includes a confirmed
local project-scoped create-goal form, goal rows that link directly to
/goals/<goal_id> with phase, next action, and task progress, scoped workflow
links for delegations and coder runs, and links back to safe actions,
dogfooding, and verification without executing external effects.
Use /actions when you want a read-only catalog of available local app
actions, where their forms appear, what previous artifact they require, what
local artifact or approval they write, and the no-external-effects boundary.
The page now opens with the safe action header and an Action Operator Workbench before shared route/focus diagnostics, so the first viewport is the
current usable action rather than readback. The workbench reads the same
first-run or lead-Goal focus as the rest of the app, names the current safe
local action, links the owning surface where the confirmed form already lives,
routes blockers to inbox/approvals/incidents, and exposes a confirmed
save-workspace finish form for returning to action context later. The
read-only Action Workflow Map follows with Setup, Scout, Context, Prep,
Approval, Execute, Commit, Publish, and Proof cards, marking the current stage
from the same operator focus context and linking to the existing local browser
surfaces. The Action Catalog Command Bar follows with visible Catalog,
Forms, Approvals, and Boundary cards, while detailed posture counters and
zero-effect readbacks stay available inside collapsed evidence.
When the fixture exists, /actions also shows Current Demo Action Surfaces
with links to the selected project, delegation, workflow, run, approvals, and
inbox surfaces.
Use /approvals when you want to keep driving the gate sequence from one
queue, and use /approvals?run_id=<coder_run_id> when you arrived from a run
gate and want that run's pending commit or publication decision foregrounded
even if unrelated approvals also exist. The page now opens with the
Approval Operator Workbench before shared route/focus diagnostics or command
readback, showing do/inspect/Goal/finish cards, the first pending decision, the
parent Goal when known, request and evidence artifact links, confirmation
posture, and a collapsed confirmed save-workspace form so an approval queue
can become tomorrow's resume point without writing on GET. The Goal card and
goal links are title-first when the parent Goal has a title, while raw Goal ids
remain in the collapsed evidence fields for durable review. The read-only
Approval Queue Command Bar follows with total pending worktree, commit, and
publication decisions, the scoped or global first recommended decision, the
same-page form target, the follow-up after approval, and the zero-effect
boundary inside collapsed evidence. The read-only Approval Decision Brief
then turns the first recommended decision into visible Decision, Inspect,
Evidence, After, and Safety cards before collapsed evidence for the relevant
delegation, workflow, run when one exists, request artifact, evidence artifact,
form anchor, post-decision surface, and no-write/no-network/no-external-effect
boundary. A browser-local Approval Queue Filter follows, narrowing
already-rendered approval rows by worktree, commit, publication, scoped Goal,
scoped run, or text and restoring lane/query from
localStorage:clankeros-approval-queue-filter without deciding or approving
anything. Pending commit and publication approvals link back to the relevant
run and name the next local-only follow-up action after
approval, including the typed commit-message requirement and the manual
push/PR boundary.
Use /inbox when you want the read-only operator queue. Pending commit and
publication items include the same run links and next-action cues, but the
first approval-backed workbench item can also render the same confirmed local
decision form inline. Use /inbox?run_id=<coder_run_id> when you arrived from
a run and want that run's commit or publication approval promoted to the top
workbench action, even if unrelated global approvals still exist. The page now
opens with the Inbox Operator Workbench before shared
route/focus diagnostics or command readback, so the first screen is the next
queue action. Its do/inspect/Goal/finish cards resolve Goal, delegation, run,
evidence, and continuation surfaces when available, and include a confirmed
save-workspace form in a collapsed Finish Today section so the queue can
become tomorrow's resume point without writing on GET. Goal cards and queue
goal links are title-first when possible, while raw Goal ids and label-source
evidence stay available in the collapsed readback. Inline Inbox approval
forms reuse the existing /actions/<action> confirmation route and do not
approve, execute, commit, push, create PRs, deploy, call providers, or use
non-loopback network actions on GET. A visible read-only
Inbox Triage Board follows with Attention, Decisions, Work, Publication,
and Finish Today lane cards, turning the long queue lists into count-backed
first targets before dense evidence. A read-only Inbox Next Item Brief
then turns the first queue item into Next, Inspect, Evidence, After, and
Safety cards, so an operator can see the immediate click, inspection surface,
bounded artifact target or queue fallback, and follow-up without opening the
long lists. The read-only
Inbox Command Bar follows with total local queue size, counts by queue type,
the first attention item, its target section, and the no-write/no-network
boundary inside collapsed evidence. A browser-local Inbox Queue Filter then
narrows already-rendered inbox rows by lane, current route scope, or text,
remembers lane/query in localStorage:clankeros-inbox-queue-filter, and resets
without deciding, approving, executing, or calling providers.
Use /verification when you want the local-vs-GitHub testing split in one
place. It reads the checked-in GitHub Actions workflow, lists the compact local
checks to run before a push, and states that CI proof requires a completed
passing GitHub Actions run. It also shows the configured job timeout, the
latest operator-supplied CI evidence record when one exists, and makes clear
that an in-progress GitHub run is pending proof, not CI proof, so you can wait
on GitHub instead of rerunning the full suite locally. It also shows a
copyable ci-snapshot-handoff template for the current checkout so you can
watch a direct pushed-snapshot run and then record it after success. The page
itself does not contact GitHub. A Verification Operator Workbench now leads
the page with Now, Check GitHub, Proof, and Finish Today cards so the next
operator action is visible before the workflow inventory. When a saved or lead
Goal exists, the Now and Proof cards route to that Goal's
#goal-ci-handoff surface and the collapsed evidence records whether the
source was saved Goal state or lead Goal state. If no Goal exists, or if the
workflow itself is incomplete, the page keeps the setup-safe global CI evidence
recorder or workflow repair target. Detailed workbench evidence and the save
form stay collapsed by default while still preserving the current proof
posture, target action, and zero-effect readbacks in the DOM. A visible
read-only Verification Proof Map follows with Current, Fast Smoke, Full
Suite, Record, and Boundary cards, making the early-smoke versus full-workflow
proof split explicit before the command details while still making the current
Goal CI handoff the primary surface when a Goal exists. A read-only
Milestone Proof Map then translates the product Definition of Done into
proof cards for Launch App, Create Project, Create Goal, Walk Workflow,
Check Proof, Leave Work, and Resume Exactly. It shows the local evidence
source, current status, next browser surface, saved resume surface, and
zero-effect boundaries without contacting GitHub or writing on GET. The read-only
Verification Command Bar follows as evidence and records the same
Goal-aware target or the /ci-evidence#record-ci-snapshot-json fallback.
The root dashboard includes the same proof boundary as a compact
Verification Snapshot, with links to /verification and /ci-evidence, so
you can see from the first screen whether local CI proof has been recorded and
whether it came from a publication handoff or a direct pushed snapshot.
It also shows the current direct-snapshot handoff, status-check, and
record-after-success command templates without executing them.
It also includes a Dashboard Dogfooding Snapshot that shows whether the
fixture-backed demo state exists, the next dogfooding action, the selected
workflow/run surface when available, and the /demo manual browser script
link.
Use /ci-evidence after recording CI proof with ci-deploy-evidence for a
publication handoff or ci-snapshot-evidence for a direct operator-authorized
push. It shows operator-supplied GitHub Actions/deploy evidence already stored
in local ClankerOS state and links the inert evidence artifact. It also shows
the latest local GitHub handoff id, branch, commit, handoff evidence, and a
handoff-specific ci-deploy-evidence command template when a recordable
handoff exists. When no handoff exists, it shows a direct snapshot evidence
template instead. The page now starts with a read-only CI Proof Workbench
before shared diagnostics, with four scannable cards: check the pushed run,
record fast-smoke proof, record full-suite proof, or fall back to manual
record-after-success. Each long GitHub command is available through a compact
per-card command disclosure. Summary rows, proof workbench evidence, and the
CI Evidence Command Bar evidence stay collapsed by default while preserving
handoff/snapshot counts, proof source/status/scope, current proof posture, one
next action, same-page targets, the direct ci-snapshot-handoff template, and
the exact gh run view / validated recorder commands in the DOM. A visible
CI Merge Readiness Map now follows the readiness strip, separating
fast-smoke-only review proof from merge-ready full-suite proof for the current
checkout. It also exposes a copy-only gh pr view --json isDraft,mergeable,mergeStateStatus,statusCheckRollup,url command template so
PR state can be checked outside ClankerOS without the app fetching GitHub. The
same merge-proof status now appears in Today and Goal CI handoffs, so the
operator does not have to leave the cockpit to see whether the local proof
boundary is satisfied. A
browser-local CI JSON Assistant follows with copy buttons for the current
gh run view JSON command, optional clipboard paste into the recorder
textarea, and quick job-name fill buttons for fast-smoke or full-suite proof.
Fast-smoke proof remains labeled as early route/CLI proof only. It does not
fetch GitHub status.
The app is local-only by default, binds to 127.0.0.1, and refuses non-local
binds unless --allow-nonlocal-bind is explicitly supplied. It does not push,
create PRs, deploy, call providers, or perform network actions beyond local
browser/server loopback. Confirmation pages show submitted payloads before
local writes. Served browser POSTs include a process-local hidden token and
reject missing/invalid tokens; when Origin or Referer is present, the app
requires the same loopback app origin before any action or confirmation check
runs. Confirmation pages now start with a read-only Action Preflight that shows the
local action, return route, expected local write, submitted project/Goal
context, field count, and safety boundary before the existing read-only
Action Confirmation Review cards and payload. The existing Action Confirmation Command Bar remains as collapsed evidence, preserving the action
kind, required input, output artifact, local mutation/execution posture, and
no-provider/no-network/no-push boundaries before the final confirm=yes
submit. Confirmed actions now return an
action-first Action Complete surface before the raw details, with visible
Continue, Completed, Artifact, Workflow, and Boundary cards plus collapsed
result-command evidence preserving the target notice surface, result, primary
artifact, confirmation source, and zero-effect counters. An
Action Result Next Step panel follows the command bar and promotes the
refreshed next operator move before the dense result details. When that next
move has a confirmed browser form, the panel renders it inline and keeps the
same confirmation screen in front of any local write or local execution. For
saved-Goal continuations, it also shows a visible Continue Goal panel with
the Goal, phase, primary next action, form availability, confirmation posture,
and zero-effect evidence before the form. An
Resume Tomorrow follows, reading .clanker/app/workspace.json back as the
operator's return path with visible Resume Tomorrow, Context, Artifact, Last
Action, and Boundary cards. During incomplete first-run setup, the primary
Resume Tomorrow link opens /resume#resume-first-run-action-form so the
operator returns to the next setup form, while the receipt evidence still keeps
the raw saved project surface. Its Action Resume Receipt evidence keeps the
saved project, Goal, exact resume_surface, latest artifact, updater, last
action/result, readiness, and zero-effect counters. The existing
Action Result Details section remains below it with the payload, result
fields, artifact links, next-page link, and safety boundary. Successful
results also show an
Action Continuation block from the
refreshed saved goal, including current phase, one next action, target page,
and the same confirmed local action form when available. Before a saved Goal
exists, that block follows first-run progress instead and can render the
confirmed next first-run form inline, such as create-goal after
register-project. The same result page now includes an
Action Result Workflow Map that shows the first-run or saved-Goal gate rail,
current gate, next action, next local surface, progress counts, and explicit
manual-publish boundary after the confirmed action, without writing on GET or
adding provider, network, push, PR, or deploy authority. The workspace also
remembers that completed local action as the shell's Last Action strip, so
the next page and /resume can reopen the result notice without reading the
original action result page. Following the
next-page link now opens an action-first Action Notice surface on the
target page, with visible Continue Here, Last Action, Resume, Details, and
Boundary cards plus collapsed notice/workspace evidence so the operator can
continue without reconstructing context from a plain banner. For saved Goal
continuations with a confirmed next action form, Action Notice also renders
an inline Action Notice Next Step form and points the primary Next Step card
at that form while preserving the original Goal/workflow source surface in
evidence. The daily workflow forms now use operator-language labels and
confirmation titles for coder prep, worktree planning/approval, commit
request/approval/local commit, and publication request/approval/handoff, while
raw action ids remain visible in action URLs and evidence fields. Action
errors now open with an action-first
Action Needs Attention recovery surface before the raw error details, with
Fix Input, Retry Surface, Error, Catalog, and Boundary cards plus collapsed
error evidence proving no result was recorded and no external effect was
created. The dashboard and /health
surface the same warning posture for non-local binds, dirty tracked files,
ahead-of-origin state, and known duplicate untracked files. /health starts
with a Health Operator Workbench that turns warning count, bind scope,
branch/commit, storage and workflow-import readiness, the refreshed local
status artifact, the fact that the artifact is written on GET, one next local
surface, and zero provider/network/external-effect counters into visible
operator cards. It also includes a read-only Health CI Boundary for current
checkout proof, Fast Smoke, Full pytest suite, latest local proof, and
operator-supplied/no-polling safety before the collapsed command and diagnostic evidence. Stop it with
Ctrl-C.
The underlying CLI workflow remains the source of truth: scout a repo, inspect
the generated handoff, prepare a bounded coder plan from either the delegation
or the implementation_handoff.md artifact, propose an approval-gated
worktree plan, request explicit approval, run a bounded local command in an
isolated worktree, review evidence, request and approve a separate local
commit, create that commit only inside the isolated worktree, then request and
approve a local-only publication handoff packet with suggested push and
draft-PR commands. Once the handoff is ready, the run detail page shows the
suggested push command, draft PR command, and PR body path as copy-only
operator guidance while keeping manual push/PR outside ClankerOS.
python3 -m agent_os.cli delegate <task_id> --profile scout --title "Find relevant files"
python3 -m agent_os.cli context-pack <delegation_id>
python3 -m agent_os.cli run-delegation <delegation_id>
python3 -m agent_os.cli implementation-handoff <delegation_id>
python3 -m agent_os.cli coder-prep <delegation_id>
python3 -m agent_os.cli coder-prep-from-handoff <path/to/implementation_handoff.md>
python3 -m agent_os.cli coder-worktree-plan <delegation_id>
python3 -m agent_os.cli coder-worktree-approval <delegation_id> --requested-by operator --note "Approve bounded worktree execution"
python3 -m agent_os.cli approve-coder-worktree <approval_id> --decided-by operator --note "Approved bounded execution"
python3 -m agent_os.cli run-coder-worktree <delegation_id> --command "python3 scripts/local_change.py" --verify
python3 -m agent_os.cli review <coder_worktree_run_id>
python3 -m agent_os.cli coder-commit-request <coder_worktree_run_id> --requested-by operator --message "Implement bounded change from approved worktree run" --note "Request local commit after review"
python3 -m agent_os.cli approve-coder-commit <commit_request_id> --decided-by operator --note "Approved local commit"
python3 -m agent_os.cli commit-coder-worktree <coder_worktree_run_id> --message "Implement bounded change from approved worktree run"
python3 -m agent_os.cli coder-publication-request <coder_worktree_run_id> --requested-by operator --remote origin --target-branch main --note "Request publication handoff"
python3 -m agent_os.cli approve-coder-publication <publication_request_id> --decided-by operator --note "Approved publication handoff preparation"
python3 -m agent_os.cli coder-publication-handoff <coder_worktree_run_id>
python3 -m agent_os.cli review <coder_worktree_run_id>
python3 -m agent_os.cli dashboard
python3 -m agent_os.cli inboxThe historical capability proof ladder remains callable and documented for advanced blocked-proof work, but it is not the default README or CLI-help path. Use the Command Reference or Documentation Index when you need a specific blocked-activation rung.
Register and inspect a target repository before asking ClankerOS to touch it:
python3 -m agent_os.cli register-project my-repo --path /path/to/repo --test-command "python3 -m pytest -q"
python3 -m agent_os.cli projects
python3 -m agent_os.cli project-status my-repo
python3 -m agent_os.cli project-context my-repoPlan a registered project goal before executing work:
python3 -m agent_os.cli goal "Make the smallest verified improvement" --project my-repo
python3 -m agent_os.cli plan <goal_id>
python3 -m agent_os.cli contract <goal_id>
python3 -m agent_os.cli tasks <goal_id>This writes versioned local artifacts under
.clanker/projects/<project>/goals/<goal_id>/. It does not execute tasks,
commit, push, deploy, or call model providers.
Execute one planned task only after the plan and sprint contract are clear:
python3 -m agent_os.cli run-task <task_id> --profile tester
python3 -m agent_os.cli review <run_id>
python3 -m agent_os.cli evidence <run_id>
python3 -m agent_os.cli task-recommendations --goal <goal_id>
python3 -m agent_os.cli dashboardrun-task is profile-gated. tester can only run the registered project
default test command; coder can run safe local verifier commands. The command
creates a local run and evidence packet, but it does not commit, push, deploy,
start a model provider, or start a subagent.
evidence <run_id> adds the replayable operator packet under
.clanker/projects/<project>/goals/<goal_id>/runs/<run_id>/evidence/ and
prints the packet_dir. If the run already has command-proof files from
run-task, ClankerOS preserves them and writes aggregate review sidecars.
The packet also includes git_status.txt, diff.patch, and
changed_files.json for the selected evidence target: the registered project
repo when the run belongs to one, otherwise the ClankerOS system root. These
files are local snapshots only; export does not fetch, pull, commit, push, or
mutate the repo.
If a planned task verifier fails, ClankerOS opens a local incident and records
an open failed_run_task_recovery recommendation with review, replan, and
manual rerun guidance. If a planned task is blocked, task-recommendations
records blocked_planned_task_replan guidance. These records are local
operator guidance only; /incidents does not retry, resolve, or change task
status by itself.
Run a read-only delegation through a configured local shell adapter when you want a replaceable specialist executor:
python3 -m agent_os.cli delegate <task_id> --profile scout --title "Find relevant files"
python3 -m agent_os.cli context-pack <delegation_id> --max-files 12 --max-snippets 8
python3 -m agent_os.cli profile-adapter scout --command "python3 .clanker/adapters/fake_scout.py" --input-mode json_file --output-mode json --timeout-seconds 120
python3 -m agent_os.cli run-delegation <delegation_id>
python3 -m agent_os.cli delegation-result <delegation_id>
python3 -m agent_os.cli implementation-handoff <delegation_id>
python3 -m agent_os.cli coder-prep <delegation_id>
python3 -m agent_os.cli coder-worktree-plan <delegation_id>
python3 -m agent_os.cli coder-worktree-approval <delegation_id> --requested-by operator --note "Approve bounded worktree execution"
python3 -m agent_os.cli approve-coder-worktree <approval_id> --decided-by operator --note "Approved bounded execution"
python3 -m agent_os.cli run-coder-worktree <delegation_id> --command "python3 scripts/local_change.py" --verify
python3 -m agent_os.cli review <run_id>
python3 -m agent_os.cli dashboardrun-delegation is provider-agnostic. ClankerOS owns the durable state,
prompt/context bundle, evidence packet, schema validation, and incident
handling; the configured adapter is only a local executor. There are no
built-in OpenAI, Anthropic, Codex, OpenCode, Hermes, Aider, or MCP provider
integrations yet. Subagent profiles remain read-only by default and cannot be
used by ClankerOS to commit, push, approve, deploy, or mutate external systems.
When the parent task belongs to a registered project, context-pack writes
ranked files, grep hits, snippets, test hints, entrypoint hints, config hints,
and non-claims under .clanker/delegations/<delegation_id>/context/.
run-delegation auto-generates that pack if it is missing, copies it into the
run evidence packet, and passes compact context_pack metadata to the adapter.
Successful executable delegations also write compact implementation handoff
artifacts in the run evidence packet. These handoffs point at the context pack,
returned files, validation status, and relevant test hints without embedding
the large snippets:
.clanker/delegations/<delegation_id>/runs/<run_id>/evidence/implementation_handoff.json
.clanker/delegations/<delegation_id>/runs/<run_id>/evidence/implementation_handoff.md
Use implementation-handoff <delegation_id> to parse that handoff directly.
It prints readability, schema/kind, context-pack validation, scout returned
files, top ranked files, test hints, and whether snippets were embedded.
Use coder-prep <delegation_id> when an operator wants to turn the handoff
into a bounded future coding plan before editing anything. It consumes
implementation_handoff.md, writes coder_prep.json and coder_prep.md
under the delegation run, and prints zero-effect counters for task rows, runs,
routing decisions, worktrees, approvals, source edits, command reruns, network
actions, and external mutations.
Use coder-worktree-plan <delegation_id> after reviewing the prep packet. It
consumes coder_prep.md, writes coder_worktree_plan.json and
coder_worktree_plan.md beside it, proposes a bounded future worktree/run
shape, and keeps dispatch_ready=false with no worktree, approval request, run,
task, effect, command rerun, source edit, network action, provider call, commit,
push, deploy, or external mutation.
Use coder-worktree-approval <delegation_id> to request the explicit operator
gate for that exact plan hash. It writes coder_worktree_approval_request.json
and .md beside the plan and still creates no worktree, runs no command, and
edits no source.
Use approve-coder-worktree <approval_id> to mark that local approval request
approved. It writes coder_worktree_approval_decision.json and .md, but it
still does not create a worktree or run commands.
Only run-coder-worktree <delegation_id> --command "<safe local cmd>" --verify
can create the isolated worktree. It requires an approved matching plan hash,
runs the operator-provided safe local command in that worktree, captures stdout,
stderr, verification output, git status, diff, changed files, and bounded-file
validation under .clanker/delegations/<delegation_id>/runs/<run_id>/coder_worktree/.
It blocks if changed files are outside allowed_files. It does not commit,
push, deploy, call providers, or intentionally use the network.
After a successful run, use review <coder_worktree_run_id> before requesting
local commit promotion. coder-commit-request <coder_worktree_run_id> requires
completed bounded worktree evidence, a clean verification result, current
changes still inside allowed_files, a readable worktree, and an explicit
commit message. It writes coder_commit/coder_commit_request.json and .md
without staging or committing. approve-coder-commit <commit_request_id>
records the operator decision in coder_commit/coder_commit_decision.json and
.md without staging or committing. Only
commit-coder-worktree <coder_worktree_run_id> may stage the reviewed allowed
files and create one local commit in the isolated worktree branch. It re-checks
the source run hash, branch/HEAD, current changed files, outside files,
message, and verifier state, then writes coder_commit/commit.json,
pre_commit_status.txt, post_commit_status.txt, committed_diff.patch, and
committed_files.json. After the local commit exists, use
coder-publication-request <coder_worktree_run_id> to request the next
boundary. approve-coder-publication <publication_request_id> records the
operator decision without pushing or creating a PR.
coder-publication-handoff <coder_worktree_run_id> writes
coder_publication/publication_handoff.json, a Markdown handoff, and a PR body
draft at coder_publication/pr_body.md with suggested git push and draft
gh pr create commands. It does not execute those commands, contact GitHub,
push, create a PR, deploy, call providers, or mutate external systems.
Add --working-directory project_root when configuring the adapter if the
local executor should run from the target repository instead of the ClankerOS
system root.
For the full walkthrough, see
Executable Delegation.
| Need | Command |
|---|---|
| Initialize local state | python3 -m agent_os.cli init |
| See current operator state | python3 -m agent_os.cli dashboard |
| Select the next narrow slice | python3 -m agent_os.cli iterate |
| Register a local git repo | python3 -m agent_os.cli register-project <name> --path <path> |
| Create planning state | goal, plan, contract, tasks |
| Run one planned task | python3 -m agent_os.cli run-task <task_id> --profile tester |
| Configure delegation adapter | python3 -m agent_os.cli profile-adapter scout --command "python3 .clanker/adapters/fake_scout.py" |
| Configure project-root scout adapter | python3 -m agent_os.cli profile-adapter scout --command "python3 /path/to/scout.py" --working-directory project_root |
| Generate scout context | python3 -m agent_os.cli context-pack <delegation_id> |
| Run read-only delegation | python3 -m agent_os.cli run-delegation <delegation_id> |
| Inspect implementation handoff | python3 -m agent_os.cli implementation-handoff <delegation_id> |
| Prepare bounded coder plan | python3 -m agent_os.cli coder-prep <delegation_id> |
| Prepare approval-gated worktree plan | python3 -m agent_os.cli coder-worktree-plan <delegation_id> |
| Request coder worktree approval | python3 -m agent_os.cli coder-worktree-approval <delegation_id> --requested-by operator --note "..." |
| Approve coder worktree execution | python3 -m agent_os.cli approve-coder-worktree <approval_id> --decided-by operator --note "..." |
| Run approved bounded worktree command | python3 -m agent_os.cli run-coder-worktree <delegation_id> --command "python3 scripts/local_change.py" --verify |
| Request local commit from reviewed worktree | python3 -m agent_os.cli coder-commit-request <coder_worktree_run_id> --requested-by operator --message "..." --note "..." |
| Approve local commit request | python3 -m agent_os.cli approve-coder-commit <commit_request_id> --decided-by operator --note "..." |
| Create local worktree commit | python3 -m agent_os.cli commit-coder-worktree <coder_worktree_run_id> --message "..." |
| Request publication handoff | python3 -m agent_os.cli coder-publication-request <coder_worktree_run_id> --requested-by operator --remote origin --target-branch main --note "..." |
| Approve publication handoff | python3 -m agent_os.cli approve-coder-publication <publication_request_id> --decided-by operator --note "..." |
| Write publication handoff | python3 -m agent_os.cli coder-publication-handoff <coder_worktree_run_id> |
| Review evidence | review, evidence, replay-summary |
| Inspect approvals | python3 -m agent_os.cli approvals |
| Inspect operator queue | python3 -m agent_os.cli inbox |
For common workflows, use Operator Recipes. For legacy proof-ladder and advanced report-only commands, use Command Reference.
The current delegation loop can execute a pending read-only delegation through a locally configured shell adapter. The adapter receives a scoped prompt/context bundle, returns a JSON result envelope, and ClankerOS validates the output against the delegation schema before marking the delegation completed.
For registered-project tasks, input.json includes a project object with
the registered root path, default test command, and allowed write roots; a
repo_scouting object with a capped git file inventory; and a context_pack
object pointing at the evidence-local context_pack.json and
context_pack.md.
context-pack is the deterministic scout preflight. It extracts technical
terms from the goal, task, delegation prompt, and schema; ranks repository
files with explainable scores; records capped grep hits and snippets; skips
ignored and secret-like paths; and writes:
.clanker/delegations/<delegation_id>/context/context_pack.json
.clanker/delegations/<delegation_id>/context/context_pack.md
During run-delegation, those files are copied into:
.clanker/delegations/<delegation_id>/runs/<run_id>/evidence/context_pack.json
.clanker/delegations/<delegation_id>/runs/<run_id>/evidence/context_pack.md
.clanker/delegations/<delegation_id>/runs/<run_id>/evidence/implementation_handoff.json
.clanker/delegations/<delegation_id>/runs/<run_id>/evidence/implementation_handoff.md
delegation-result, implementation-handoff <delegation_id>,
coder-prep <delegation_id>, coder-worktree-plan <delegation_id>,
coder-worktree-approval <delegation_id>, approve-coder-worktree <approval_id>,
run-coder-worktree <delegation_id>, review <run_id>, inbox, and dashboard
surface the context-pack path, returned-file inventory validation, missing
returned files, and implementation handoff health so a later implementation
pass can start from paths and metadata instead of pasted snippets. review
writes ## Implementation Handoff, ## Coder Prep, and
## Coder Worktree Plan, ## Coder Worktree Approval, and
## Coder Worktree Run sections, and the dashboard writes
### Implementation Handoffs, ### Coder Prep Packets, and
### Coder Worktree Plans, ### Coder Worktree Approvals, and
### Approved Coder Worktree Runs.
coder-prep is artifact-only and idempotent for the same handoff hash. It
does not create task rows, dispatch runs, rerun commands, edit source files,
create worktrees, request approvals, commit, push, deploy, call providers, or
mutate external systems.
coder-worktree-plan is also artifact-only and idempotent for the same
coder_prep.md hash. It proposes a branch/path and future explicit
run-goal --isolation worktree command, but it does not create the worktree,
run the command, request approval, edit files, commit, push, deploy, call
providers, or mutate external systems.
coder-worktree-approval is idempotent for the same plan hash unless
--force-new is used. approve-coder-worktree tolerates already-approved
requests and prints already_approved. run-coder-worktree refuses to run
without an approved matching plan hash and does not rerun a completed
approval/plan pair unless --rerun is provided.
Adapters run from the ClankerOS root by default; configure
--working-directory project_root to let a scout read repo files with relative
paths.
Malformed JSON, schema-invalid output, non-zero exits, timeouts, and unsafe adapter commands fail safely with local incidents and evidence packets under:
.clanker/delegations/<delegation_id>/runs/<run_id>/evidence/
This is the first executable delegation primitive, not a general provider integration layer. Adapter commands are configured locally per profile, and ClankerOS records that network/provider actions taken by the adapter are unknown unless the adapter itself proves otherwise.
ClankerOS is a Python CLI with a local SQLite control plane, generated Markdown reports, JSON artifacts, pytest coverage, eval/playbook checks, and bootstrap project memory. The first milestone is the closed loop:
goal -> task graph -> execution -> verification -> memory -> visibility -> learning
The current control plane's primary operator path is implementation handoff:
run-delegation writes context and handoff evidence, implementation-handoff
reads it back, coder-prep writes a bounded future coding plan, and
coder-worktree-plan writes an approval-gated future worktree plan.
coder-worktree-approval, approve-coder-worktree, and run-coder-worktree
then provide the first explicit bounded worktree execution gate with local
evidence but no automatic commit, push, deploy, provider call, or network
action. A reviewed successful coder worktree run can then move through the
separate local-only gate coder-commit-request -> approve-coder-commit -> commit-coder-worktree -> coder-publication-request -> approve-coder-publication -> coder-publication-handoff; commit approval
remains separate from execution approval, publication approval remains separate
from commit approval, and the publication handoff remains separate from manual
push/PR execution.
Executable local slices still exist where the verifier is explicit (run-goal,
run-task, run-delegation, run-coder-worktree). The older report-only
proof ladders remain available as
advanced blocked-proof machinery, and every activation step still preserves
activation_allowed=false, capability_enabled=false,
approval_requests_created=0, activation_actions_taken=0, and
external_mutations_taken=0 unless a future approved capability boundary
changes that contract.
For the detailed state, use:
- Operator Dashboard
- Next Iteration Packet
- Operating Summary
- Generated Evidence Reports
- Status Log
- Bootstrap Handoff
agent_os/cli.py- command entrypoint.agent_os/storage.py- SQLite schema and persistence layer.agent_os/dashboard.py- generated operator dashboard.agent_os/iteration.py- next-iteration packet generator.docs/OPERATING_SUMMARY.md- current architecture and proof state.docs/dashboard.md- generated operator cockpit.docs/next-iteration.md- generated next work packet.tasks.md- human-readable momentum queue.status.md- chronological implementation evidence.projects/bootstrap/- bootstrap project continuity notes.
Before pushing a public snapshot, run a fast local slice:
git status --short --branch
git diff --check
python3 -m compileall -q agent_os tests
python3 -m agent_os.cli app-smoke-test
python3 -m agent_os.cli app-demo-smoke-test
python3 -m pytest tests/test_first_milestone.py -q -k "github_actions or ci_snapshot or local_app or inbox"After pushing or opening a PR, wait for the GitHub Tests workflow to run the
fast smoke job first, then the dependent full-suite job with
python -m pytest -q --durations=25 --durations-min=1.0. The smoke job is
early route/CLI proof only; a committed workflow file is not CI proof until
GitHub Actions passes on that commit. The duration summary stays in GitHub
logs so slow-test diagnosis starts from Actions evidence instead of a local
full-suite rerun.
While the run is pending, generate a pasteable watch/record handoff without
contacting GitHub from ClankerOS:
python3 -m agent_os.cli ci-snapshot-handoff --project clankeros --branch main --commit <commit_sha> --external-run-id <run_id> --repo Reedtrullz/ClankerOSThe local app mirrors this on /, /verification, and /ci-evidence as a
template-only operator surface. The app never runs the gh run view command;
it only shows what the operator can run outside ClankerOS after a push. On
/ci-evidence, the CI Proof Workbench turns the same flow into four browser
cards for checking status, recording fast-smoke proof, recording full-suite
proof, or manually recording an already-known successful run.
Prefer the validated record path after GitHub completes:
gh run view <run_id> --repo Reedtrullz/ClankerOS --json status,conclusion,headSha,headBranch,databaseId,url,jobs \
| python3 -m agent_os.cli ci-snapshot-evidence-from-gh-json --project clankeros --branch main --commit <commit_sha> --status-json -If the fast smoke job is green but the full suite is still running, record scoped smoke proof from the same JSON instead:
gh run view <run_id> --repo Reedtrullz/ClankerOS --json status,conclusion,headSha,headBranch,databaseId,url,jobs \
| python3 -m agent_os.cli ci-snapshot-evidence-from-gh-json --project clankeros --branch main --commit <commit_sha> --status-json - --job-name "Fast smoke verification"That smoke record is early route/CLI proof, not full-suite proof.
That command consumes GitHub status JSON from stdin, infers the run id and URL
from databaseId/url, refuses pending/failed or
wrong-commit runs, and records local proof only after the status JSON matches.
The /ci-evidence page offers the same validated recorder as a confirmed
local form for pasted gh run view JSON; the app still never contacts GitHub
and still requires operator confirmation before writing local proof.
For direct pushes, record the completed run locally with
python3 -m agent_os.cli ci-snapshot-evidence --project clankeros --branch main --commit <commit_sha> --provider github-actions --status success --external-run-id <run_id> --url <run_url>.
Pushing is not deployment. GitHub metadata readback is not runtime proof. See
GitHub Testing and
Tutorial: Public Snapshot for the full
recommended flow.
This repository does not yet claim hosted dashboard availability, remote worker
execution, autonomous scheduling, browser/desktop adapter readiness, live
CI/deploy proof, built-in model provider integrations, budget enforcement,
trust promotion, automatic retries, automatic memory activation, automatic
skill activation, or real cost tracking. Shell adapters are local configured
executors; ClankerOS records provider_calls_taken_by_clankeros=0 and
external_mutations_taken=0, but adapter network/provider behavior is unknown
unless the adapter writes evidence proving otherwise. Those surfaces remain
blocked until their evidence and approval contracts are satisfied.
Suggested repository description:
Local-first agent OS harness for durable AI coding: task graphs, executable delegation, verification evidence, and approval gates.
Suggested topics:
agent-operating-system, agent-os, ai-agents, agentic-ai, coding-agents, agent-orchestration, subagent-delegation, executable-delegation, local-first, human-in-the-loop, approval-workflow, verification, evidence, task-graph, operator-dashboard, worktrees, sqlite, python, cli-tool, developer-tools