Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions .github/workflows/profile-consistency.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Profile consistency

on:
pull_request:
paths:
- ".github/workflows/profile-consistency.yml"
- "LAUNCH_PLAN.md"
- "REPOSITORY_LIFECYCLE.md"
- "profile/README.md"
- "README.md"
- "repository-lifecycle.yml"
- "scripts/check_profile.py"
push:
branches: [main]
paths:
- ".github/workflows/profile-consistency.yml"
- "LAUNCH_PLAN.md"
- "REPOSITORY_LIFECYCLE.md"
- "profile/README.md"
- "README.md"
- "repository-lifecycle.yml"
- "scripts/check_profile.py"

permissions:
contents: read

jobs:
validate-profile:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Validate product truth and links
run: python3 scripts/check_profile.py
134 changes: 134 additions & 0 deletions LAUNCH_PLAN.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
# OpenAdapt Public Launch Plan

Last reviewed: 2026-07-15

## Objective

Launch the real hosted OpenAdapt product end to end. Development mocks may
remain available, but production execution, billing, artifact handling, and run
status must be backed by configured live services. A simulated run must never
be reported as a production success.

## Launch Gate

The launch candidate is accepted only when a clean account can complete this
workflow against production-like infrastructure:

1. Create an account and organization.
2. Select and purchase the configured plan through Stripe Checkout.
3. Record or import a workflow.
4. Produce a sanitized derivative, review it when policy requires, and approve
its exact content hash.
5. Compile, lint, and certify the workflow.
6. Execute it through a real configured runner.
7. Receive authenticated callbacks and inspect the report and audit trail.
8. Halt on induced failure, teach or repair the workflow locally, validate and
activate the replacement on the same hosted workflow, and rerun it.
9. Confirm entitlement, usage, and billing state.
10. Confirm that missing production dependencies cannot fall back to simulated
success.

## Workstreams

| Workstream | Required outcome |
|---|---|
| Cloud mode | Explicit development/mock and production/live behavior with production dependency validation |
| Execution | Real storage, queue/runner dispatch, authenticated callbacks, reports, retries, resume, and failure recovery |
| Billing | Stripe test/live support, configured products and prices, checkout, portal, signed idempotent webhooks, entitlements, and usage metering |
| Artifact privacy | Type-complete sanitized derivatives, local review and correction, verification, manifest, and exact-hash approval |
| Runtime data | Parameters and secrets separated from templates; PHI-bearing observations retained inside the declared trusted boundary |
| Product surfaces | Website, docs, launcher, cloud, and GitHub profile describe the same shipped scope without invented claims or prices |
| Evidence | Bounded subsystem tests plus the clean-account production-like launch lifecycle |

## Fourteen-Step Execution Plan

1. Establish one public product description and canonical repository path.
2. Label every public component with an evidence-backed lifecycle state.
3. Freeze the launch substrate to the browser workflow until its complete gate
passes; keep other backends visibly Experimental or Research.
4. Prove clean-machine install, record, compile, lint, certify, replay, induced
drift, report inspection, and uninstall on every claimed operating system.
5. Produce sanitized derivatives from immutable source copies, inventory every
file, refuse unsupported content, rescan, review locally, and approve exact
hashes.
6. Bind runnable upload to source and bundle hashes, compiler/configuration,
parameter schema, strict lint, certification, risk class, replay evidence,
target boundary, one-time challenge, and deployment allowlists.
7. Make production mode explicit and validate every live dependency at
readiness; never substitute simulated execution when configuration is
absent.
8. Complete Stripe Checkout, portal, signed idempotent webhooks, subscription
linkage, entitlements, metering, cancellation, and refund verification.
9. Dispatch immutable bundle/version/validation snapshots to the real runner;
authenticate callbacks, verify downloaded bytes, isolate runtime parameters
and secrets, require request idempotency and single-flight dispatch, retain
ambiguous acknowledgements for operator reconciliation, reconcile only
provably abandoned work, and meter terminal outcomes exactly once.
10. Complete governed failure handling: structured halt reports, local teaching
or repair, validated replacement activation, checkpoint/resume, and rerun.
11. Publish the actual enterprise data boundary, threat model, credential and
log handling, update/rollback design, audit limitations, and regulated
deployment responsibilities.
12. Align the website, canonical journey-first docs, launcher, desktop surfaces,
pricing, organization profile, examples, and lifecycle registry.
13. Run the clean-account production lifecycle, provider probes, nightly
cross-platform lifecycle, real purchase/refund, backup/restore, incident,
and one high-value fail-closed workflow qualification; release only the
substrate that passes.
14. Publish reproducible evaluation artifacts, failure taxonomy, limitations,
and an arXiv paper after author, disclosure, licensing, sanitized-artifact,
release-identity, and evidence checks pass.

## Artifact And PHI Contract

- Scrubbing transforms a copy and never mutates the source artifact.
- Every file is inventoried and must have an explicit transformer or exclusion;
unknown or unsuccessfully processed content is refused.
- The sanitized derivative is rescanned and accompanied by a versioned manifest
containing source/result hashes, transformations, findings, and policy.
- Recordings and bundles containing or suspected of containing PHI require
local review by default. Review can add redactions or reject the derivative.
- Approval is bound to the exact derivative hash. A later change requires new
approval.
- Schema-minimized break reports may use an automatic policy.
- Automatic artifact approval is disabled by default. A deployment operator
may enable it only for a fully covered, reviewed sanitizer policy; an upload
request cannot enable that capability. Automatic approval must be signed by a
deployment-controlled key in an explicit allowlist over the exact artifact
and approval envelope; the ingest token alone is not sufficient.
- Sanitizing design-time artifacts does not sanitize live execution. Runtime
screenshots or observations that reintroduce PHI remain inside the declared
customer, BYOC, on-prem, or regulated managed boundary.

## Publication Order

1. Engine artifact policy and sanitized-derivative implementation.
2. Cloud live execution, production health, and billing.
3. Canonical product documentation and security architecture.
4. Website launch, checkout, and configured pricing surfaces.
5. Reproducible evaluation artifacts and failure taxonomy.
6. arXiv paper with methodology, identity/effect/refusal design, comparative
evidence, silent incorrect success, over-halt, limitations, and a
reproducibility checklist. Missing results must remain explicitly pending.
7. GitHub organization descriptions, pins, and lifecycle registry.
8. Repository archival and local relocation only after independent clean-tree,
credential, dependency, and worktree checks.

## Evidence Standard

- Comparative claims require at least three trials per task and condition.
- Results must name the task, environment, oracle, run count, failure taxonomy,
authoring effort, maintenance interventions, latency, model calls, cost,
silent incorrect success, over-halt, and recovery time.
- Mock, synthetic, analog, and real-application results must be labeled
separately.
- Code presence and a green UI are not evidence of a live remote execution.
- The arXiv paper and marketing pages may cite only checked-in, reproducible
results and must preserve the limitations disclosed by the engine.

## Scope Control

Launch only the backends that pass the complete gate. Other backends remain
visible with their measured maturity. Do not add repositories or unrelated
features before the launch gate passes. Do not move dirty, credential-bearing,
or registered-worktree directories into `_deprecated`.
34 changes: 33 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1 +1,33 @@
# .github
# OpenAdaptAI Organization Configuration

This repository owns the public organization profile and the lifecycle registry.
It does not change GitHub organization settings automatically.

The cross-repository delivery sequence and acceptance criteria are maintained in
[LAUNCH_PLAN.md](LAUNCH_PLAN.md).

## Manual GitHub Actions

Organization owners should apply these settings after this branch is merged:

1. Set the organization description to: `Deterministic, governed automation for repeated work trapped behind GUIs.`
2. Change the `OpenAdapt` repository description to: `Beta launcher for openadapt-flow: compile demonstrated GUI workflows into deterministic, governed local replay.`
3. Change the `openadapt-flow` description to: `Canonical OpenAdapt engine: compile demonstrated GUI workflows, replay locally without model calls on healthy runs, and govern repair and refusal.`
4. Change the `openadapt-desktop` description to: `Experimental desktop authoring and teaching surface for OpenAdapt workflows.`
5. Change the `openadapt-cloud` description to: `OpenAdapt Cloud: managed execution of locally authored, attested browser workflows, with billing and structural reports.`
6. The currently observed pins are `OpenAdapt`, `openadapt-retrieval`,
`openadapt-evals`, `openadapt-grounding`, `openadapt-capture`, and
`openadapt-privacy`.
7. Pin these five public repositories: `OpenAdapt`, `openadapt-flow`,
`openadapt-desktop`, `openadapt-ops`, and `openadapt-evals`. Leave the sixth
slot empty rather than substituting an unrelated component. The cloud source
repository is private and cannot be a public organization pin.
8. The examples surface currently lives under `openadapt-flow/docs/showcase`;
do not link or pin a nonexistent `openadapt-examples` repository. Revisit the
empty slot only after a standalone examples repository actually exists and
carries an evidence-backed lifecycle label.
9. Apply the archive queue in [REPOSITORY_LIFECYCLE.md](REPOSITORY_LIFECYCLE.md) only after each repository has an archive notice and any dirty local work is preserved.

The current public organization tagline, `AI for Desktops.`, and several
repository descriptions are GitHub settings. Editing `profile/README.md` cannot
change them.
79 changes: 79 additions & 0 deletions REPOSITORY_LIFECYCLE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# OpenAdapt Repository Lifecycle Registry

Last reviewed: 2026-07-15

This public registry separates the product from experiments and records the
intended lifecycle of organization repositories. It does not authorize moving
a local directory or archiving a GitHub repository by itself. Machine-local
checkout state and credential-response details belong in private operations
records, not in this public repository.

The machine-readable source is [`repository-lifecycle.yml`](repository-lifecycle.yml).

## Lifecycle Definitions

| Status | Meaning |
|--------|---------|
| **Beta** | Active product surface with compatibility intent, but not a blanket production-readiness claim |
| **Experimental** | Active prototype or optional component with no production support promise |
| **Research** | Evidence-generating work, not required by the product runtime |
| **Internal** | Team tooling or private strategy, not a public product surface |
| **Labs** | Standalone experiment, fork, or adjacent library; not automatically deprecated |
| **Historical** | Earlier direction retained for context; retirement still requires an explicit decision |
| **Superseded** | Functionality has a named successor; new integrations use the successor |
| **Deprecated** | Superseded; migration fixes only, no new integrations |
| **Archived** | Historical and read-only |

## Current Product Boundary

| Repository | Lifecycle | Role |
|------------|-----------|------|
| `OpenAdapt` | **Beta** | Launcher/meta-package and unified CLI |
| `openadapt-flow` | **Beta** | Canonical compiler and governed runtime |
| `openadapt-desktop` | **Experimental** | Desktop authoring and teaching surface |
| `openadapt-cloud` | **Beta** | Hosted browser-workflow control plane, execution, billing, structural reports, and validated replacement activation; authoring and repair remain local |
| `openadapt-capture` | **Experimental** | Optional native recorder |
| `openadapt-privacy` | **Experimental** | Optional scrubbing component |
| `openadapt-types` | **Experimental** | Interoperability schemas |
| `openadapt-web` | **Internal** | Marketing website implementation |

## Research, Labs, and Internal Work

| Group | Repositories |
|-------|--------------|
| **Research** | `openadapt-ml`, `openadapt-evals`, `openadapt-retrieval`, `openadapt-grounding`, `openadapt-verifier` |
| **Internal** | `openadapt-ops`, `openadapt-wright`, `openadapt-herald`, `openadapt-crier`, `openadapt-consilium`, `openadapt-presenter`, `openadapt-telemetry`, `openadapt-viewer`, `openadapt-blog`, `openadapt-internal`, `openadapt-yc` |
| **Experimental UI/support** | `openadapt-console`, `openadapt-tray` |
| **Labs/forks** | `OmniMCP` (`omnimcp` locally), `SoM`, `PydanticPrompt` |
| **Historical directions** | `OpenAdapter`, `OpenReflector` |
| **Superseded** | `OpenSanitizer` (successor: `openadapt-privacy`) |

## Retirement Queue

| Repository | Lifecycle | Public action |
|------------|-----------|---------------|
| `openadapt-gitbook` | **Archived** | Keep an archive notice and route documentation traffic to `docs.openadapt.ai`. |
| `openadapt-new` | **Archived** | Keep read-only historical context and route product traffic to `OpenAdapt` and `openadapt-flow`. |
| `openadapt-agent` | **Deprecated** | Add a successor notice for `openadapt-flow`; accept migration fixes only. |
| `OpenSanitizer` | **Superseded** | Add a successor notice for `openadapt-privacy`, then decide whether to archive. |
| `OpenReflector` | **Historical** | Decide Archive versus Labs before changing organization state. |
| `OpenAdapter` | **Historical** | Decide Archive versus Labs before changing organization state. |

Experimental, Research, Labs, and Internal repositories are not deprecated by
default. Moving local checkouts is a separate operational decision that must
use private, current evidence.

## Archive Procedure

1. Preserve or intentionally discard every tracked and untracked local change.
2. Confirm the branch is pushed and record the final commit in private
operations evidence.
3. Replace the repository README opening with an archive notice and a link to
`openadapt-flow` or the named successor.
4. Remove active package discovery, CI, dependency, and documentation references.
5. Move the local checkout only after steps 1-4; then archive the GitHub
repository and remove it from organization pins.

Before a separately approved local move, re-run clean-tree, upstream, dependency,
credential, destination, and registered-worktree checks without publishing
machine-specific findings here.
Loading