- Last updated: 2026-04-05
- OVERALL PROJECT COMPLETION: 93%
- MVP COMPLETION: 95%
- Primary operating mode: local-first NullClaw host security app
- Important limitation: fully meaningful interop/collaboration/skill-learning behavior still depends on real Codex or GitHub Copilot-driven work; standalone desktop mode is partial outside that lane
| Segment | Completion | Evidence |
|---|---|---|
| Runtime / core features | 94% | loopback agent, local inventory, legitimacy scoring, case-based mitigation, self-governance, desktop shell entrypoint, collaboration lane, stack-accounting ingestion, quest runtime, and live local supervisor runtime |
| Integrations / contracts | 90% | OpenAI built-in baseline reconcile, curated-source parsing, Codex/VS Code/Copilot interop tracking, OpenClaw / NullClaw threat matrix integration, SkillHub discovery-only intake, and local OpenAI-compatible model-host fallback |
| Validation / tests | 89% | privacy, self-governance, inventory, API, supply-chain, mitigation, public-release, collaboration, quest-runtime, stack-accounting, and SkillHub/runtime integration tests |
| Packaging / operations | 74% | desktop launcher, branded icon lane, shortcut installer, startup acceptance tightening, and public-release gate wired; packaged binary distribution still incomplete |
| Governance / docs | 95% | boundaries, security, contribution, scope, README, generated catalog, generated vetting report, SkillHub alignment references, meta-harness authority notes, and public-release guidance updated |
- Added the
skill_arbiterruntime package and loopback API. - Added the embedded desktop UI and app-first startup flow.
- Added shared privacy scanning and self-governance scanning.
- Added local Qwen advisor plumbing with local-only defaults.
- Added machine-generated skill catalog refresh.
- Added tests for privacy, self-governance, inventory, and agent API.
- Removed the current tracked privacy leak in
vrm-material-lighting-debug. - Added public release readiness checks, support/about metadata, and branded desktop launch surfaces.
- Added workspace interop inventory for Codex app, VS Code, and GitHub Copilot instruction surfaces.
- Added ownership/legitimacy scoring so official built-ins, repo-owned skills, and hostile skills are separated explicitly.
- Added machine-generated skill vetting report and mitigation runbook metadata.
- Expanded the advisor lane to support loopback-local model interoperability while preserving meta-harness authority semantics:
:9000public plane first,:2337hosted large-model lane second, and:1234as an operator surface only. - Restructured the desktop UI into a layered operator flow with critical-first triage, stronger on/off states, and severity-color differentiation.
- Added live stack accounting ingestion (
skill_arbiter.stack_accounting) so governed skills can consumeTPK, authoritative cost, displacement preview, benchmark API equivalent cost, routing provenance, and runtime latency directly from the local stack. - Upgraded
usage-watcher,local-compute-usage, andskill-cost-credit-governorto reason from dual-ledger runtime evidence instead of only manual credit logs or fallback token math. - Restored original skill lineage as a live skill-game signal instead of treating it as a deprecated legacy-only display, preserving longitudinal skill maturity and upgrade history.
- Completed the governed skill sweep with candidate audit, artifact cleanup, overlap detection, and public/privacy gate revalidation after the reconciliation pass.
- Added SkillHub Phase 1 bounded intake with discovery-only source reputation, first-wave shortlist evidence, and alignment matrix generation.
- Upgraded the desktop/runtime contract with
/v1/agent-runtime/status, local VS Code/task observation, and live loopback advisor fallback across local model hosts. - Tightened public-shape docs so the repo no longer depends on one private workstation topology or maintainer-name attribution in repo-facing release metadata.
- Tightened desktop startup acceptance and meta-harness authority docs so public launch guidance now prefers shell-free desktop surfaces and distinguishes
9000/2337authority from1234operator-only visibility. - Began the meta-harness publication pass across candidate skills and public docs so legacy
Documents\GitHubaliases, direct:1234authority assumptions, and empty-shell startup tolerance are treated as publish blockers. - Added a first-class quest runtime and API so substantial work can be tracked as a human-readable request -> chain -> checkpoints -> usable outcome path.
- Wired quest completion into the skill game so per-skill quest XP contributes to explicit cumulative agent progression instead of leaving agent leveling implicit.
- Marked Meta-Harness implementation work as quest-grade by default so authority recovery, bridge validation, and end-state proof can be tracked end to end.
- Desktop packaging and signed distributable verification beyond the Python-hosted shell.
- Multi-host federation beyond the local-first
host_idcontract. - Deeper cross-repo runtime orchestration hooks for app bring-up and host succession control.
- Broader machine-generated source matrix/reporting for all tracked external catalogs beyond the current SkillHub first wave.
- Richer Copilot/Codex instruction drift diffing beyond presence-level interop tracking.
- Signed packaged desktop distribution and installer verification.
- A stronger standalone operator mode that keeps collaboration, skill-game, and recommendation lanes richly populated even when governed Codex/Copilot-driven work is temporarily light.
- Richer quest authoring helpers and template generation so common chains can be opened as active quests before execution instead of only being recorded at closeout.