# verel - Doramagic AI Context Pack

> 定位：安装前体验与判断资产。它帮助宿主 AI 有一个好的开始，但不代表已经安装、执行或验证目标项目。

## 充分原则

- **充分原则，不是压缩原则**：AI Context Pack 应该充分到让宿主 AI 在开工前理解项目价值、能力边界、使用入口、风险和证据来源；它可以分层组织，但不以最短摘要为目标。
- **压缩策略**：只压缩噪声和重复内容，不压缩会影响判断和开工质量的上下文。

## 给宿主 AI 的使用方式

你正在读取 Doramagic 为 verel 编译的 AI Context Pack。请把它当作开工前上下文：帮助用户理解适合谁、能做什么、如何开始、哪些必须安装后验证、风险在哪里。不要声称你已经安装、运行或执行了目标项目。

## Claim 消费规则

- **事实来源**：Repo Evidence + Claim/Evidence Graph；Human Wiki 只提供显著性、术语和叙事结构。
- **事实最低状态**：`supported`
- `supported`：可以作为项目事实使用，但回答中必须引用 claim_id 和证据路径。
- `weak`：只能作为低置信度线索，必须要求用户继续核实。
- `inferred`：只能用于风险提示或待确认问题，不能包装成项目事实。
- `unverified`：不得作为事实使用，应明确说证据不足。
- `contradicted`：必须展示冲突来源，不得替用户强行选择一个版本。

## 它最适合谁

- **正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**：README 或插件配置提到多个宿主 AI。 证据：`README.md` Claim：`clm_0002` supported 0.86

## 它能做什么

- **命令行启动或安装流程**（需要安装后验证）：项目文档中存在可执行命令，真实使用需要在本地或宿主环境中运行这些命令。 证据：`README.md` Claim：`clm_0001` supported 0.86

## 怎么开始

- `pip install verel` 证据：`README.md` Claim：`clm_0003` supported 0.86

## 继续前判断卡

- **当前建议**：先做权限沙盒试用
- **为什么**：项目存在安装命令、宿主配置或本地写入线索，不建议直接进入主力环境，应先在隔离环境试装。

### 30 秒判断

- **现在怎么做**：先做权限沙盒试用
- **最小安全下一步**：先跑 Prompt Preview；若仍要安装，只在隔离环境试装
- **先别相信**：工具权限边界不能在安装前相信。
- **继续会触碰**：命令执行、本地环境或项目文件、宿主 AI 上下文

### 现在可以相信

- **适合人群线索：正在使用 Claude/Codex/Cursor/Gemini 等宿主 AI 的开发者**（supported）：有 supported claim 或项目证据支撑，但仍不等于真实安装效果。 证据：`README.md` Claim：`clm_0002` supported 0.86
- **能力存在：命令行启动或安装流程**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`README.md` Claim：`clm_0001` supported 0.86
- **存在 Quick Start / 安装命令线索**（supported）：可以相信项目文档出现过启动或安装入口；不要因此直接在主力环境运行。 证据：`README.md` Claim：`clm_0003` supported 0.86

### 现在还不能相信

- **工具权限边界不能在安装前相信。**（unverified）：MCP/tool 类项目通常会触碰文件、网络、浏览器或外部 API，必须真实检查权限和日志。
- **真实输出质量不能在安装前相信。**（unverified）：Prompt Preview 只能展示引导方式，不能证明真实项目中的结果质量。
- **宿主 AI 版本兼容性不能在安装前相信。**（unverified）：Claude、Cursor、Codex、Gemini 等宿主加载规则和版本差异必须在真实环境验证。
- **不会污染现有宿主 AI 行为，不能直接相信。**（inferred）：Skill、plugin、AGENTS/CLAUDE/GEMINI 指令可能改变宿主 AI 的默认行为。
- **可安全回滚不能默认相信。**（unverified）：除非项目明确提供卸载和恢复说明，否则必须先在隔离环境验证。
- **真实安装后是否与用户当前宿主 AI 版本兼容？**（unverified）：兼容性只能通过实际宿主环境验证。
- **项目输出质量是否满足用户具体任务？**（unverified）：安装前预览只能展示流程和边界，不能替代真实评测。
- **安装命令是否需要网络、权限或全局写入？**（unverified）：这影响企业环境和个人环境的安装风险。 证据：`README.md`

### 继续会触碰什么

- **命令执行**：包管理器、网络下载、本地插件目录、项目配置或用户主目录。 原因：运行第一条命令就可能产生环境改动；必须先判断是否值得跑。 证据：`README.md`
- **本地环境或项目文件**：安装结果、插件缓存、项目配置或本地依赖目录。 原因：安装前无法证明写入范围和回滚方式，需要隔离验证。 证据：`README.md`
- **宿主 AI 上下文**：AI Context Pack、Prompt Preview、Skill 路由、风险规则和项目事实。 原因：导入上下文会影响宿主 AI 后续判断，必须避免把未验证项包装成事实。

### 最小安全下一步

- **先跑 Prompt Preview**：用安装前交互式试用判断工作方式是否匹配，不需要授权或改环境。（适用：任何项目都适用，尤其是输出质量未知时。）
- **只在隔离目录或测试账号试装**：避免安装命令污染主力宿主 AI、真实项目或用户主目录。（适用：存在命令执行、插件配置或本地写入线索时。）
- **安装后只验证一个最小任务**：先验证加载、兼容、输出质量和回滚，再决定是否深用。（适用：准备从试用进入真实工作流时。）

### 退出方式

- **保留安装前状态**：记录原始宿主配置和项目状态，后续才能判断是否可恢复。
- **记录安装命令和写入路径**：没有明确卸载说明时，至少要知道哪些目录或配置需要手动清理。
- **如果没有回滚路径，不进入主力环境**：不可回滚是继续前阻断项，不应靠信任或运气继续。

## 哪些只能预览

- 解释项目适合谁和能做什么
- 基于项目文档演示典型对话流程
- 帮助用户判断是否值得安装或继续研究

## 哪些必须安装后验证

- 真实安装 Skill、插件或 CLI
- 执行脚本、修改本地文件或访问外部服务
- 验证真实输出质量、性能和兼容性

## 边界与风险判断卡

- **把安装前预览误认为真实运行**：用户可能高估项目已经完成的配置、权限和兼容性验证。 处理方式：明确区分 prompt_preview_can_do 与 runtime_required。 Claim：`clm_0004` inferred 0.45
- **命令执行会修改本地环境**：安装命令可能写入用户主目录、宿主插件目录或项目配置。 处理方式：先在隔离环境或测试账号中运行。 证据：`README.md` Claim：`clm_0005` supported 0.86
- **待确认**：真实安装后是否与用户当前宿主 AI 版本兼容？。原因：兼容性只能通过实际宿主环境验证。
- **待确认**：项目输出质量是否满足用户具体任务？。原因：安装前预览只能展示流程和边界，不能替代真实评测。
- **待确认**：安装命令是否需要网络、权限或全局写入？。原因：这影响企业环境和个人环境的安装风险。

## 开工前工作上下文

### 加载顺序

- 先读取 how_to_use.host_ai_instruction，建立安装前判断资产的边界。
- 读取 claim_graph_summary，确认事实来自 Claim/Evidence Graph，而不是 Human Wiki 叙事。
- 再读取 intended_users、capabilities 和 quick_start_candidates，判断用户是否匹配。
- 需要执行具体任务时，优先查 role_skill_index，再查 evidence_index。
- 遇到真实安装、文件修改、网络访问、性能或兼容性问题时，转入 risk_card 和 boundaries.runtime_required。

### 任务路由

- **命令行启动或安装流程**：先说明这是安装后验证能力，再给出安装前检查清单。 边界：必须真实安装或运行后验证。 证据：`README.md` Claim：`clm_0001` supported 0.86

### 上下文规模

- 文件总数：139
- 重要文件覆盖：40/139
- 证据索引条目：80
- 角色 / Skill 条目：19

### 证据不足时的处理

- **missing_evidence**：说明证据不足，要求用户提供目标文件、README 段落或安装后验证记录；不要补全事实。
- **out_of_scope_request**：说明该任务超出当前 AI Context Pack 证据范围，并建议用户先查看 Human Manual 或真实安装后验证。
- **runtime_request**：给出安装前检查清单和命令来源，但不要替用户执行命令或声称已执行。
- **source_conflict**：同时展示冲突来源，标记为待核实，不要强行选择一个版本。

## Prompt Recipes

### 适配判断

- 目标：判断这个项目是否适合用户当前任务。
- 预期输出：适配结论、关键理由、证据引用、安装前可预览内容、必须安装后验证内容、下一步建议。

```text
请基于 verel 的 AI Context Pack，先问我 3 个必要问题，然后判断它是否适合我的任务。回答必须包含：适合谁、能做什么、不能做什么、是否值得安装、证据来自哪里。所有项目事实必须引用 evidence_refs、source_paths 或 claim_id。
```

### 安装前体验

- 目标：让用户在安装前感受核心工作流，同时避免把预览包装成真实能力或营销承诺。
- 预期输出：一段带边界标签的体验剧本、安装后验证清单和谨慎建议；不含真实运行承诺或强营销表述。

```text
请把 verel 当作安装前体验资产，而不是已安装工具或真实运行环境。

请严格输出四段：
1. 先问我 3 个必要问题。
2. 给出一段“体验剧本”：用 [安装前可预览]、[必须安装后验证]、[证据不足] 三种标签展示它可能如何引导工作流。
3. 给出安装后验证清单：列出哪些能力只有真实安装、真实宿主加载、真实项目运行后才能确认。
4. 给出谨慎建议：只能说“值得继续研究/试装”“先补充信息后再判断”或“不建议继续”，不得替项目背书。

硬性边界：
- 不要声称已经安装、运行、执行测试、修改文件或产生真实结果。
- 不要写“自动适配”“确保通过”“完美适配”“强烈建议安装”等承诺性表达。
- 如果描述安装后的工作方式，必须使用“如果安装成功且宿主正确加载 Skill，它可能会……”这种条件句。
- 体验剧本只能写成“示例台词/假设流程”：使用“可能会询问/可能会建议/可能会展示”，不要写“已写入、已生成、已通过、正在运行、正在生成”。
- Prompt Preview 不负责给安装命令；如用户准备试装，只能提示先阅读 Quick Start 和 Risk Card，并在隔离环境验证。
- 所有项目事实必须来自 supported claim、evidence_refs 或 source_paths；inferred/unverified 只能作风险或待确认项。

```

### 角色 / Skill 选择

- 目标：从项目里的角色或 Skill 中挑选最匹配的资产。
- 预期输出：候选角色或 Skill 列表，每项包含适用场景、证据路径、风险边界和是否需要安装后验证。

```text
请读取 role_skill_index，根据我的目标任务推荐 3-5 个最相关的角色或 Skill。每个推荐都要说明适用场景、可能输出、风险边界和 evidence_refs。
```

### 风险预检

- 目标：安装或引入前识别环境、权限、规则冲突和质量风险。
- 预期输出：环境、权限、依赖、许可、宿主冲突、质量风险和未知项的检查清单。

```text
请基于 risk_card、boundaries 和 quick_start_candidates，给我一份安装前风险预检清单。不要替我执行命令，只说明我应该检查什么、为什么检查、失败会有什么影响。
```

### 宿主 AI 开工指令

- 目标：把项目上下文转成一次对话开始前的宿主 AI 指令。
- 预期输出：一段边界明确、证据引用明确、适合复制给宿主 AI 的开工前指令。

```text
请基于 verel 的 AI Context Pack，生成一段我可以粘贴给宿主 AI 的开工前指令。这段指令必须遵守 not_runtime=true，不能声称项目已经安装、运行或产生真实结果。
```

## 角色 / Skill 索引

- 共索引 19 个角色 / Skill / 项目文档条目。

- **Verel — Verified Agents 👁️🧠**（project_doc）：Problem: AI agents declare work “done” on their own say-so — shipping broken UIs, failing tests and unverified claims they can’t actually check. Result: Verel makes “done” a verdict , not an opinion — every action is graded by real senses including eyes , via AgentVision https://github.com/amitpatole/agent-vision , and only verified work compounds into the fleet’s shared memory. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`README.md`
- **verel — module guide**（project_doc）：A map of the package: what each module does, what to import from it, and where to go deeper. For task-oriented docs install, recipes, per-organ usage read the Developer guide ../../docs/usage.md . 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`src/verel/README.md`
- **Contributing to Verel**（project_doc）：Thanks for considering a contribution! Verel is small, typed, and dogfooded — it gates its own development through its own verdict bus, so the bar for "done" is the same for the project as it is for its users: nothing is done until a grader returns a verdict. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CONTRIBUTING.md`
- **Verel — Architecture & Roadmap**（project_doc）：Verel is an agent framework built on one idea: every agent action is a hypothesis, and nothing is "done" until a grader returns a verdict. A single verdict bus unifies every kind of check — vision, tests, lint, types — into one pass / warn / fail , so progress , "done" , and what compounds into memory are all decided in one place. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/ARCHITECTURE.md`
- **H2 — corpus-transfer experiment, model sweep**（project_doc）：H2 — corpus-transfer experiment, model sweep 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/H2_RESULTS.md`
- **Verel as a verification substrate for agentic tools — design & build plan**（project_doc）：Verel as a verification substrate for agentic tools — design & build plan 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/SUBSTRATE_DESIGN.md`
- **Adoption**（project_doc）：Verel and AgentVision ship and version independently, but grow together. Live-ish snapshot of real PyPI download adoption the trend is from pypistats; the country map from the BigQuery public dataset . 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/adoption.md`
- **Python API**（project_doc）：The verdict bus, senses, and CI stages are all importable. Example — gate any repo: 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/api.md`
- **CLI reference**（project_doc）：Verel ships two console scripts: verel interactive / agent commands and verel-ci the gated CI entry point . Both support -h . 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/cli.md`
- **Configuration**（project_doc）：Verel is configured by a few environment variables — there is no config file. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/configuration.md`
- **Real-world scenarios**（project_doc）：Six situations a team actually hits — and what Verel does about them. Every block below is real captured output from a runnable script in examples/ https://github.com/amitpatole/verel/tree/main/examples ; nothing here is mocked up. Run any of them yourself: 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/examples.md`
- **FAQ & troubleshooting**（project_doc）：It makes "done" a verdict, not an opinion. One verdict bus fuses every sense — tests, lint, types, and the eyes AgentVision: visual defects, intent match, playback — into a single pass / warn / fail , with grader attestation so a hollow check can't mint green. Only verified work compounds into memory. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/faq.md`
- **Get started**（project_doc）：Default LLM is Ollama Cloud ~/.config/ollama/key , model qwen3-coder:480b ; set VEREL LLM PROVIDER=openai to switch. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/getting-started.md`
- **Verel — Verified Agents 👁️🧠**（project_doc）：Problem: AI agents declare work "done" on their own say-so — shipping broken UIs, failing tests and unverified claims they can't actually check. Result: Verel makes "done" a verdict , not an opinion — every action is graded by real senses including eyes , via AgentVision https://github.com/amitpatole/agent-vision , and only verified work compounds into the fleet's shared memory. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/index.md`
- **5-minute tutorial**（project_doc）：By the end of this you'll have watched Verel do the one thing it exists to do: turn "done" from an opinion into a verdict — gate a real repo, let an agent heal failing tests, and watch a fixed bug get remembered so it can't sneak back. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/tutorial.md`
- **Developer guide**（project_doc）：How to use Verel as a library, a CLI, a CI gate, and an MCP server. Every example here runs against the real API; the ones that need a model say so. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/usage.md`
- **Use cases — what Verel + AgentVision are for**（project_doc）：Use cases — what Verel + AgentVision are for 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`docs/use-cases.md`
- **Changelog**（project_doc）：0.36.0 — TLS for routable brain/lease/registry binds 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`CHANGELOG.md`
- **Security Policy**（project_doc）：Please report security issues privately via GitHub Security Advisories Security → Report a vulnerability on this repository, or by email to the maintainer. Do not open a public issue for an unfixed vulnerability. 激活提示：当用户需要理解项目结构、安装方式或边界时参考。 证据：`SECURITY.md`

## 证据索引

- 共索引 80 条证据。

- **Verel — Verified Agents 👁️🧠**（documentation）：Problem: AI agents declare work “done” on their own say-so — shipping broken UIs, failing tests and unverified claims they can’t actually check. Result: Verel makes “done” a verdict , not an opinion — every action is graded by real senses including eyes , via AgentVision https://github.com/amitpatole/agent-vision , and only verified work compounds into the fleet’s shared memory. 证据：`README.md`
- **verel — module guide**（documentation）：A map of the package: what each module does, what to import from it, and where to go deeper. For task-oriented docs install, recipes, per-organ usage read the Developer guide ../../docs/usage.md . 证据：`src/verel/README.md`
- **Contributing to Verel**（documentation）：Thanks for considering a contribution! Verel is small, typed, and dogfooded — it gates its own development through its own verdict bus, so the bar for "done" is the same for the project as it is for its users: nothing is done until a grader returns a verdict. 证据：`CONTRIBUTING.md`
- **License**（source_file）：Copyright c 2026 AMIT SAMSON PATOLE 证据：`LICENSE`
- **Verel — Architecture & Roadmap**（documentation）：Verel is an agent framework built on one idea: every agent action is a hypothesis, and nothing is "done" until a grader returns a verdict. A single verdict bus unifies every kind of check — vision, tests, lint, types — into one pass / warn / fail , so progress , "done" , and what compounds into memory are all decided in one place. 证据：`docs/ARCHITECTURE.md`
- **H2 — corpus-transfer experiment, model sweep**（documentation）：H2 — corpus-transfer experiment, model sweep 证据：`docs/H2_RESULTS.md`
- **Verel as a verification substrate for agentic tools — design & build plan**（documentation）：Verel as a verification substrate for agentic tools — design & build plan 证据：`docs/SUBSTRATE_DESIGN.md`
- **Adoption**（documentation）：Verel and AgentVision ship and version independently, but grow together. Live-ish snapshot of real PyPI download adoption the trend is from pypistats; the country map from the BigQuery public dataset . 证据：`docs/adoption.md`
- **Python API**（documentation）：The verdict bus, senses, and CI stages are all importable. Example — gate any repo: 证据：`docs/api.md`
- **CLI reference**（documentation）：Verel ships two console scripts: verel interactive / agent commands and verel-ci the gated CI entry point . Both support -h . 证据：`docs/cli.md`
- **Configuration**（documentation）：Verel is configured by a few environment variables — there is no config file. 证据：`docs/configuration.md`
- **Real-world scenarios**（documentation）：Six situations a team actually hits — and what Verel does about them. Every block below is real captured output from a runnable script in examples/ https://github.com/amitpatole/verel/tree/main/examples ; nothing here is mocked up. Run any of them yourself: 证据：`docs/examples.md`
- **FAQ & troubleshooting**（documentation）：It makes "done" a verdict, not an opinion. One verdict bus fuses every sense — tests, lint, types, and the eyes AgentVision: visual defects, intent match, playback — into a single pass / warn / fail , with grader attestation so a hollow check can't mint green. Only verified work compounds into memory. 证据：`docs/faq.md`
- **Get started**（documentation）：Default LLM is Ollama Cloud ~/.config/ollama/key , model qwen3-coder:480b ; set VEREL LLM PROVIDER=openai to switch. 证据：`docs/getting-started.md`
- **Verel — Verified Agents 👁️🧠**（documentation）：Problem: AI agents declare work "done" on their own say-so — shipping broken UIs, failing tests and unverified claims they can't actually check. Result: Verel makes "done" a verdict , not an opinion — every action is graded by real senses including eyes , via AgentVision https://github.com/amitpatole/agent-vision , and only verified work compounds into the fleet's shared memory. 证据：`docs/index.md`
- **5-minute tutorial**（documentation）：By the end of this you'll have watched Verel do the one thing it exists to do: turn "done" from an opinion into a verdict — gate a real repo, let an agent heal failing tests, and watch a fixed bug get remembered so it can't sneak back. 证据：`docs/tutorial.md`
- **Developer guide**（documentation）：How to use Verel as a library, a CLI, a CI gate, and an MCP server. Every example here runs against the real API; the ones that need a model say so. 证据：`docs/usage.md`
- **Use cases — what Verel + AgentVision are for**（documentation）：Use cases — what Verel + AgentVision are for 证据：`docs/use-cases.md`
- **Demo Hosted Registry**（source_file）：SLUG = "def slugify t :\n import re\n" TAX = "def tax total p :\n return round p 1.08, 2 \n" def publish client, name, capability, code ⋮---- tool = ToolRecord name=name, capability=capability, code=code, art = client.publish export skill tool, origin="tenant:A" ⋮---- def main - None ⋮---- srv = RegistryServer Path d / "registry", auth token="demo-key" .start ⋮---- A = RemoteRegistry srv.url, auth token="demo-key" ⋮---- B = RemoteRegistry srv.url, auth token="demo-key" ⋮---- regB = ToolRegistry LocalMemory , scope="tenant:B" cases = { ⋮---- res = import skill art, regB, target cases=cases art.name verdict = "VERIFIED transferred " if res.reverified else "candidate did NOT transfer " 证据：`examples/demo_hosted_registry.py`
- **Demo Promotion**（source_file）：def overflow px, locator HELD OUT = HeldOutCorpus cases= def main - int ⋮---- mem = LocalMemory led = FailureLedger mem, scope="repo:x" ⋮---- rules = consolidate failures mem, scope="repo:x", min cluster=2 ⋮---- rule = rules 0 ⋮---- res = PromotionGate mem, HELD OUT .consider rule ⋮---- res2 = PromotionGate mem, HELD OUT .consider rule ⋮---- ok = res.promoted and mem.get rule.id .trust == Trust.VERIFIED and not res2.promoted 证据：`examples/demo_promotion.py`
- **Init**（source_file）：version = "0.36.0" ⋮---- all = 证据：`src/verel/__init__.py`
- **Init**（source_file）：all = "Coder", "LLMCoder", "make fix hook", "fix code" 证据：`src/verel/agents/__init__.py`
- **Coder**（source_file）：FENCE = re.compile r" ", re.DOTALL SYSTEM = def issues block reports: list Report - str ⋮---- lines = ⋮---- loc = f" @ {i.locator}" if i.locator else "" ⋮---- def extract file reply: str - str ⋮---- m = FENCE.search reply ⋮---- class Coder Protocol ⋮---- def fix self, source: str, issues text: str, , filename: str - str class LLMCoder ⋮---- def init self, model: str None = None ⋮---- user = res = llm.chat ⋮---- def make fix hook coder: Coder None = None, , verbose: bool = True ⋮---- """Build a FixHook for verel.loop.ultracode loop backed by a coding agent.""" coder = coder or LLMCoder async def fix artifact: str, gate result: GateResult, reports: list Report - bool ⋮---- path = Path artifac… 证据：`src/verel/agents/coder.py`
- **Init**（source_file）：all = 证据：`src/verel/ci/__init__.py`
- **---------------------------------------------------------------------------**（source_file）：Runner = Callable list str , "str None" , tuple int, str, str def subprocess runner cmd: list str , cwd: str None = None, , timeout: int = 300 ⋮---- r = subprocess.run cmd, cwd=cwd, capture output=True, text=True, timeout=timeout ⋮---- Parser = Callable str, str , "list Issue " ⋮---- @dataclass class GraderSpec ⋮---- grader: GraderKind command: list str cwd: str None = None covers: list str = field default factory=list parser: Parser None = None lang: str = "python" def suite sha spec: GraderSpec - str def content digest cwd: str None, covers: list str - str ⋮---- h = blake2s ⋮---- def bound input digest cwd: str None, covers: list str , nonce: str = "" - str ⋮---- """The receipt's input bi… 证据：`src/verel/ci/graders.py`
- **ci-medic: transient retry and flaky failures are written volatile, so they**（source_file）：@dataclass class Stage ⋮---- name: str graders: list GraderSpec required: set GraderKind = field default factory=set ⋮---- @dataclass class StageResult ⋮---- verdict: Verdict gate: GateResult reports: list Report regressions: list = field default factory=list ⋮---- @property def passed self - bool ⋮---- diff files = diff files or set flaky signatures = flaky signatures or set ⋮---- nonce = secrets.token hex 8 reports = run grader s, runner, nonce=nonce, attest=attest for s in stage.graders frozen = {s.grader: suite sha s for s in stage.graders} inputs = {s.grader: bound input digest s.cwd, s.covers, nonce for s in stage.graders} regressions = ⋮---- flat = Report verdict=Verdict.FAIL, summar… 证据：`src/verel/ci/pipeline.py`
- **Cli**（source_file）：def doctor - int ⋮---- def ok b ⋮---- import agentvision noqa: F401 sight = True ⋮---- sight = False ⋮---- import mem0 noqa: F401 m = True ⋮---- m = False ⋮---- async def loop args - int ⋮---- outcome = await ultracode loop args.artifact, make fix hook verbose=True , ⋮---- async def fleet args - int ⋮---- fo = decide fanout args.goal, artifacts=args.artifacts ⋮---- tasks = to tasks fo, budget=BudgetLease max iters=args.max iter ⋮---- sched = Scheduler ultracode worker backend=args.backend , concurrency=fo.concurrency cap state = await sched.run tasks ⋮---- def heal args - int ⋮---- stage = inner loop stage args.repo, with lint=False res = self heal args.repo, stage, max rounds=args.max roun… 证据：`src/verel/cli.py`
- **Init**（source_file）：all = 证据：`src/verel/fleet/__init__.py`
- **Init**（source_file）：all = 证据：`src/verel/memory/__init__.py`
- **A chat function: messages - text. Injectable so tests run offline.**（source_file）：WORD = re.compile r" a-z0-9- +" A chat function: messages - text. Injectable so tests run offline. ChatFn = Callable list dict , str A vector lookup for a record returns its dense embedding or None . Enables semantic clustering. VectorOf = Callable MemoryRecord , "list float None" RULE SYSTEM = SCHEMA SYSTEM = def default chat messages: list dict - str ⋮---- clusters: list tuple list list float , list MemoryRecord = ⋮---- v = vector of r ⋮---- best: tuple list list float , list MemoryRecord None = None best sim = threshold ⋮---- sim = max cosine v, cv for cv in c 0 if cv , default=0.0 ⋮---- buckets: dict str, list MemoryRecord = defaultdict list ⋮---- cat = r.detail.get "kind" or r.detail.g… 证据：`src/verel/memory/consolidate.py`
- **Fail closed at construction for fast feedback; send re-checks per request on the live token.**（source_file）：MAX BODY = 16 1024 1024 def rec json r: MemoryRecord None - dict None def make id for b: dict - str def kind v - MemoryKind None SIGNED MODE POST = frozenset {"/write signed", "/recall", "/all"} CLUSTER POST = frozenset {"/apply", "/replicate"} ⋮---- class Handler BaseHTTPRequestHandler ⋮---- protocol version = "HTTP/1.1" timeout = 30 def log message self, a def authed self - bool def cluster authed self, require signed: bool - bool ⋮---- """The replication channel /apply, /replicate needs the CLUSTER credential, not the client bearer. If a cluster token is configured it must match constant-time . If none is configured, the channel is allowed only in LEGACY non-signed mode — a multi-princip… 证据：`src/verel/memory/hosted.py`
- **Lattice**（source_file）：GLOBAL = "global" SPECIFICITY BONUS = 0.15 ⋮---- @dataclass class ScopeLattice ⋮---- parents: dict str, str = field default factory=dict def parent self, scope: str - str None def ancestors self, scope: str - list str ⋮---- chain: list str = seen: set str = set cur: str None = scope ⋮---- cur = self.parent cur ⋮---- def children self, parent: str, scopes - list str ⋮---- lattice = lattice or ScopeLattice chain = lattice.ancestors scope span = max 1, len chain - 1 scored: list tuple float, int, MemoryRecord = ⋮---- rel = relevance query, r ⋮---- bonus = SPECIFICITY BONUS span - depth / span ⋮---- by claim: dict tuple str, str, str , list MemoryRecord = defaultdict list ⋮---- written: list Me… 证据：`src/verel/memory/lattice.py`
- **Librarian**（source_file）：ChatFn = Callable list dict , str ⋮---- @dataclass class LibrarianReport ⋮---- scope: str rules induced: int = 0 schemas induced: int = 0 graduated: int = 0 pruned: int = 0 ⋮---- @property def changed self - int def summary self - str ⋮---- rep = LibrarianReport scope=scope ⋮---- levels = induce hierarchy mem, scope=scope, min size=min size, chat=chat, ts=ts 证据：`src/verel/memory/librarian.py`
- **migrate older dbs that predate the vector column**（source_file）：COLS = class LocalMemory MemoryView ⋮---- migrate older dbs that predate the vector column cols = {r 1 for r in self. db.execute "PRAGMA table info memory " } ⋮---- def embed text self, r: MemoryRecord - str def set vector self, record id: str, text: str - None ⋮---- vec = self.embedder.embed text 0 ⋮---- def get vector self, record id: str - list float None ⋮---- row = self. db.execute "SELECT vector FROM memory WHERE id=?", record id, .fetchone ⋮---- ---- serialization ---- def row to record self, row: sqlite3.Row - MemoryRecord ⋮---- d = dict row ⋮---- def upsert self, r: MemoryRecord - None ⋮---- row = self. db.execute "SELECT vector FROM memory WHERE id=?", r.id, .fetchone vector = row… 证据：`src/verel/memory/local.py`
- **Refuse keys that collide with server-managed control state reputation ledger, failure ledger,**（source_file）：MAX TEXT = 20 000 MAX FIELD = 512 CLIENT KIND = MemoryKind.FACT RESERVED SCOPES = frozenset {"meta:authors"} RESERVED PREDICATES = frozenset {"author trust", "fails", "design rule", "schema", "tool"} def is reserved key predicate: str, scope: str - bool def write payload key id: str, subject: str, predicate: str, scope: str, text: str - str class Principal ⋮---- def init self, seed: bytes ⋮---- @classmethod def generate cls - Principal def public key b64 self - str def sign write self, , subject: str, predicate: str, scope: str, text: str - str ⋮---- payload = write payload self.key id, subject, predicate, scope, text ⋮---- def enroll self - tuple str, str ⋮---- pub b64 = trusted.get key id… 证据：`src/verel/memory/principal.py`
- **0 leakage canary — a compromised corpus must FAIL, not silently pass.**（source_file）：PROMOTE F1 = 0.8 ⋮---- @dataclass class EvalCase ⋮---- text: str covers kind: str label: str canary: bool = False ⋮---- @dataclass class HeldOutCorpus ⋮---- cases: list EvalCase = field default factory=list canary token: str = "VEREL-CANARY-DO-NOT-STORE" def sha self - str ⋮---- blob = json.dumps c.text, c.covers kind, c.label, c.canary for c in self.cases , ⋮---- def subtokens keywords: list str - set str ⋮---- out: set str = set ⋮---- def rule applies rule: MemoryRecord, case: EvalCase - bool ⋮---- kws = subtokens rule.detail.get "keywords", words = re.findall r" a-z0-9 +", case.text.lower ⋮---- @dataclass class PromotionResult ⋮---- promoted: bool f1: float verdict: Verdict reason: str r… 证据：`src/verel/memory/promotion.py`
- **keep the schema's identity subject/key so it SUPERSEDES; re-derive only the principle.**（source_file）：ChatFn = Callable list dict , str REVISE SYSTEM = REINDUCE SYSTEM = def default chat messages: list dict - str ⋮---- @dataclass class Revision ⋮---- action: str rule id: str confidence: float trust: str narrowed: MemoryRecord None = None exception: MemoryRecord None = None propagated: list MemoryRecord = field default factory=list def contradicts rule: MemoryRecord, failure: MemoryRecord - bool ⋮---- rk = rule.detail.get "covers kind" or rule.detail.get "from kind" fk = failure.detail.get "kind" ⋮---- chat = chat or default chat seen = rule.detail.get "counterexamples", , ⋮---- weakened = mem.contradict rule.id, delta=contradiction delta cur = weakened or mem.get rule.id or rule ⋮---- parse… 证据：`src/verel/memory/revise.py`
- **read-modify-write — approximate under heavy concurrency, which is fine for reputation.**（source_file）：Verifier = Callable MemoryRecord , bool NEUTRAL PRIOR = 0.5 def author of record: MemoryRecord - str ⋮---- @dataclass class AuthorTrust ⋮---- """Per-author reputation, persisted in the brain so every agent shares the same view of who's reliable. prior author is a Laplace-smoothed re-verification rate in 0, 1 .""" mem: MemoryView scope: str = "meta:authors" def key self, author: str - str def get self, author: str - MemoryRecord None def record self, author: str, , ok: bool, ts: float = 0.0 - None ⋮---- rec = self. get author ⋮---- rec = self.mem.write MemoryRecord d = rec.detail read-modify-write — approximate under heavy concurrency, which is fine for reputation. ⋮---- def prior self, auth… 证据：`src/verel/memory/share.py`
- **Ranking weights documented; the v2 MMR assembler refines these — §11.2 .**（source_file）：WORD = re.compile r" a-z0-9 +" def tokens s: str - set str Ranking weights documented; the v2 MMR assembler refines these — §11.2 . W REL = 0.5 lexical relevance to the query W REC = 0.2 retrieval strength recency/use W CONF = 0.3 epistemic confidence belief in truth W TRUST = 0.15 trust tier — a VERIFIED memory edges out an equally-relevant CANDIDATE small, so relevance still dominates; closes the trust-blind-ranking gap from the brain audit Prune thresholds §5 . PRUNE RS = 0.15 PRUNE EC = 0.4 PRUNE SUPPORT = 2 Lifecycle defaults community-validated additions, r/aiagents memory thread : - context-triggered staleness: flag a memory not recalled within this window. - volatile-until-confirmed… 证据：`src/verel/memory/view.py`
- **Init**（source_file）：all = 证据：`src/verel/registry/__init__.py`
- **Hosted**（source_file）：MAX BODY = 16 1024 1024 def make handler registry: PublicRegistry, token: str None ⋮---- class Handler BaseHTTPRequestHandler ⋮---- protocol version = "HTTP/1.1" timeout = 30 def log message self, a def authed self - bool def send self, code: int, body: dict - None ⋮---- data = json.dumps body .encode ⋮---- def do GET self ⋮---- u = urlparse self.path q = parse qs u.query ⋮---- hits = registry.search q.get "q" or "" 0 ⋮---- art = registry.get q.get "hash" or "" 0 ⋮---- def do POST self ⋮---- n = int self.headers.get "Content-Length", "0" ⋮---- body = json.loads self.rfile.read n or b"{}" art = SkillArtifact body "artifact" ⋮---- class RegistryServer ⋮---- ssl context = build server context… 证据：`src/verel/registry/hosted.py`
- **write atomically so a concurrent reader never sees a half-written artifact**（source_file）：HASH RE = re.compile r" 0-9a-f {1,64}\Z" class PublicRegistry ⋮---- def init self, root: str Path def publish self, artifact: SkillArtifact - SkillArtifact ⋮---- dest = self.root / f"{artifact.content hash}.json" ⋮---- existing = SkillArtifact json.loads dest.read text ⋮---- write atomically so a concurrent reader never sees a half-written artifact tmp = dest.with name f"{dest.name}.{os.getpid }.tmp" ⋮---- def get self, content hash: str - SkillArtifact None ⋮---- p = self.root / f"{content hash}.json" ⋮---- def all self - list SkillArtifact def search self, capability: str - list SkillArtifact ⋮---- q = set capability.lower .split scored = ⋮---- hay = set f"{a.name} {a.capability}".lower .… 证据：`src/verel/registry/store.py`
- **Init**（source_file）：all = "PerceptLog", "SightResult", "classic capabilities", "from agentvision", 证据：`src/verel/senses/__init__.py`
- **Sight**（source_file）：SOURCE TO GRADER = { def classic capabilities - set str ⋮---- @dataclass class SightResult ⋮---- reports: list Report percept: Percept raw: object = field default=None, repr=False def conf c: str - Confidence def verdict v: str - Verdict def is synthetic fallback av issue - bool ⋮---- """Map a real agentvision.models.report.Report into the Verel verdict-bus contract. Pure function over the AgentVision object — no rendering, no I/O. """ locator of = {} verel issues by grader: dict GraderKind, list Issue = {} observations: list Observation = ⋮---- source = SOURCE TO GRADER.get str getattr av.source, "value", av.source , GraderKind.CV bbox = getattr av, "bbox", None locator = None ⋮---- locato… 证据：`src/verel/senses/sight.py`
- **Init**（source_file）：all = 证据：`src/verel/toolsmith/__init__.py`
- **The syscalls this tool exercised while passing its held-out eval learned, see**（source_file）：SECRET = load secret "VEREL TOOL SECRET", "tool secret" class SideEffect str, Enum ⋮---- READ ONLY = "read only" IDEMPOTENT = "idempotent" DESTRUCTIVE = "destructive" AUTO PROMOTABLE = {SideEffect.READ ONLY, SideEffect.IDEMPOTENT} class ToolRecord BaseModel ⋮---- name: str version: int = 1 capability: str = "" natural-language description - semantic reuse key code: str = "" a self-contained python module defining def {name} ... doc: str = "" side effect: SideEffect = SideEffect.READ ONLY provenance: list str = Field default factory=list eval score: float = 0.0 The syscalls this tool exercised while passing its held-out eval learned, see seccomp learn.py . Operator-set containment metadata f… 证据：`src/verel/toolsmith/registry.py`
- **Init**（source_file）：all = 证据：`src/verel/verdict/__init__.py`
- **Attest**（source_file）：rr = RunReceipt suite sha=suite sha, inputs digest=inputs digest, ⋮---- def was clamped report: Report - bool ⋮---- gate idx = SEV ORDER.index GATING SEVERITY advisory = report.grader in ADVISORY GRADERS ⋮---- def fingerprint verdict: Verdict, graders: list GraderAttestation - str ⋮---- parts = sorted blob = f"{verdict.value}\x1e" + "\x1e".join parts ⋮---- """Assemble the gate-level receipt from a stage's reports each carrying its signed RunReceipt and SIGN the envelope attest : "hmac" in-domain, or "ed25519" publicly verifiable . The envelope signature binds the aggregate verdict + the grader set — the grader receipts alone don't a real grader receipt could otherwise be paired with a flipp… 证据：`src/verel/verdict/attest.py`
- **Constants**（source_file）：SEV ORDER = Severity.INFO, Severity.WARNING, Severity.ERROR, Severity.CRITICAL GATING SEVERITY = Severity.ERROR ADVISORY CEIL = Severity.WARNING PRECISE GRADERS = { ADVISORY GRADERS = {GraderKind.VISION, GraderKind.LLM JUDGE, W = 4 证据：`src/verel/verdict/constants.py`
- **Boundary-free so digits glued to units are scrubbed too "12px" - " px" ; floats are**（source_file）：ADDR = re.compile r"0x 0-9a-f +" UUID = re.compile r"\b 0-9a-f {8}- 0-9a-f {4}- 0-9a-f {4}- 0-9a-f {4}- 0-9a-f {12}\b" TS = re.compile r"\b\d{4}-\d{2}-\d{2}t \d:. +z?\b" PATH = re.compile r" /\\ \w./\\- +" FLOAT = re.compile r"-?\d+\.\d+" Boundary-free so digits glued to units are scrubbed too "12px" - " px" ; floats are INT = re.compile r"\d+" def canonicalize msg: str - str ⋮---- """Scrub volatile tokens so the same logical failure hashes stably across reruns.""" s = msg.strip .lower s = ADDR.sub " ", s s = UUID.sub " ", s s = TS.sub " ", s s = PATH.sub " ", s s = FLOAT.sub " ", s s = INT.sub " ", s ⋮---- def fingerprint i: Issue - str ⋮---- """Per-GraderKind stable identity for one issue… 证据：`src/verel/verdict/fingerprint.py`
- **Gate**（source_file）：HMAC = "hmac-sha256" RUNNER SECRET = load secret "VEREL RUNNER SECRET", "runner secret" def clamp ceiling sev: Severity, ceil: Severity - Severity def hmac sig receipt: SignableReceipt, secret: bytes - str def sign receipt receipt: SignableReceipt, secret: bytes = RUNNER SECRET - str ⋮---- alg = receipt.alg ⋮---- ident = receipt.runner identity ⋮---- ok = keys.ed25519 verify receipt ⋮---- ok = hmac.compare digest receipt.signature, hmac sig receipt, secret ⋮---- def coverage satisfied coverage assertion: str, diff files: set str - bool ⋮---- """The grader must prove it scanned at least one changed file. coverage assertion is of the form "scanned files: a.py,b.py". An empty diff set is treat… 证据：`src/verel/verdict/gate.py`
- **to the Report it graded; a stripped/tampered Report fails the gate**（source_file）：class SignableReceipt Protocol ⋮---- alg: str runner identity: str public key: str signature: str def signing payload self - str: ... class Verdict str, Enum ⋮---- PASS = "pass" WARN = "warn" FAIL = "fail" class Severity str, Enum ⋮---- INFO = "info" WARNING = "warning" ERROR = "error" CRITICAL = "critical" class Confidence str, Enum ⋮---- HIGH = "high" MEDIUM = "medium" LOW = "low" class IssueKind str, Enum ⋮---- LAYOUT = "layout" OVERFLOW = "overflow" CLIPPED = "clipped" CONTRAST = "contrast" MISSING ELEMENT = "missing element" BROKEN IMAGE = "broken image" OVERLAP = "overlap" BLANK = "blank" ERROR TEXT = "error text" TYPO = "typo" SILENCE = "silence" CLIPPING = "clipping" LOUDNESS = "lou… 证据：`src/verel/verdict/models.py`
- **Changelog**（documentation）：0.36.0 — TLS for routable brain/lease/registry binds 证据：`CHANGELOG.md`
- **Security Policy**（documentation）：Please report security issues privately via GitHub Security Advisories Security → Report a vulnerability on this repository, or by email to the maintainer. Do not open a public issue for an unfixed vulnerability. 证据：`SECURITY.md`
- **Mcp**（structured_config）：{ "mcpServers": { "verel": { "command": "verel-mcp", "env": { "VEREL RUNNER ED25519 SEED": "" } } } } 证据：`examples/mcp.json`
- **.gitignore**（source_file）：.venv/ pycache / .pyc .ruff cache/ .pytest cache/ 证据：`.gitignore`
- **.Pre Commit Hooks**（source_file）：- id: verel-precommit name: Verel verdict gate description: Gate the commit on the Verel verdict bus tests + lint + types . entry: verel-ci precommit --repo . language: python additional dependencies: "verel dev " pass filenames: false always run: true 证据：`.pre-commit-hooks.yaml`
- **Action**（source_file）：name: "Verel" description: "Gate your build on the Verel verdict bus — tests + lint + types in one verdict. Nothing is done until a grader returns a verdict." branding: icon: "check-circle" color: "purple" inputs: repo: description: "Path to the repository to gate." required: false default: "." no-lint: description: "Skip the lint grader set 'true' ." required: false default: "false" install: description: "Pip spec s for YOUR project's deps so its tests import e.g. '-e . dev ' ." required: false default: "" extras: description: "Verel extras to install dev brings pytest/ruff/mypy graders ." required: false default: "dev" python-version: description: "Python version." required: false default… 证据：`action.yml`
- **Render Og**（source_file）：BRAND = Path file .resolve .parent CARDS = sorted BRAND.glob "social .html" async def main - None ⋮---- browser = await pw.chromium.launch ⋮---- out = BRAND / "og-" + card.stem.replace "social ", "" + ".png" page = await browser.new page 证据：`brand/render_og.py`
- **Social Verel**（source_file）：:root{ --bg: f7f5f1; --surface: fffdf9; --panel: efece4; --ink: 1b1a17; --ink-muted: 6b6862; --ink-faint: 918d84; --rule: e3ded4; --accent: 7a72b5; --accent-ink: 564f8c; --serif:"Source Serif 4",Georgia,serif; --sans:"Inter",system-ui,sans-serif; --mono:ui-monospace,"JetBrains Mono",Menlo,monospace; } {margin:0;padding:0;box-sizing:border-box} body{width:1280px;height:640px;overflow:hidden;background:var --bg ; color:var --ink ;font-family:var --sans ;display:flex} .spine{width:8px;height:100%;background:var --accent } .pad{flex:1;padding:84px 96px 64px;display:flex;flex-direction:column;justify-content:space-between} .eyebrow{font-size:21px;letter-spacing:.22em;text-transform:uppercase; co… 证据：`brand/social_verel.html`
- 其余 20 条证据见 `AI_CONTEXT_PACK.json` 或 `EVIDENCE_INDEX.json`。

## 宿主 AI 必须遵守的规则

- **把本资产当作开工前上下文，而不是运行环境。**：AI Context Pack 只包含证据化项目理解，不包含目标项目的可执行状态。 证据：`README.md`, `src/verel/README.md`, `CONTRIBUTING.md`
- **回答用户时区分可预览内容与必须安装后才能验证的内容。**：安装前体验的消费者价值来自降低误装和误判，而不是伪装成真实运行。 证据：`README.md`, `src/verel/README.md`, `CONTRIBUTING.md`

## 用户开工前应该回答的问题

- 你准备在哪个宿主 AI 或本地环境中使用它？
- 你只是想先体验工作流，还是准备真实安装？
- 你最在意的是安装成本、输出质量、还是和现有规则的冲突？

## 验收标准

- 所有能力声明都能回指到 evidence_refs 中的文件路径。
- AI_CONTEXT_PACK.md 没有把预览包装成真实运行。
- 用户能在 3 分钟内看懂适合谁、能做什么、如何开始和风险边界。

---

## Doramagic Context Augmentation

下面内容用于强化 Repomix/AI Context Pack 主体。Human Manual 只提供阅读骨架；踩坑日志会被转成宿主 AI 必须遵守的工作约束。

## Human Manual 骨架

使用规则：这里只是项目阅读路线和显著性信号，不是事实权威。具体事实仍必须回到 repo evidence / Claim Graph。

宿主 AI 硬性规则：
- 不得把页标题、章节顺序、摘要或 importance 当作项目事实证据。
- 解释 Human Manual 骨架时，必须明确说它只是阅读路线/显著性信号。
- 能力、安装、兼容性、运行状态和风险判断必须引用 repo evidence、source path 或 Claim Graph。

- **框架总览与五大器官架构**：importance `high`
  - source_paths: README.md, docs/ARCHITECTURE.md, docs/SUBSTRATE_DESIGN.md, docs/index.md, src/verel/__init__.py
- **判决总线与 CI/CD 评分器（Verdict Bus & Graders）**：importance `high`
  - source_paths: src/verel/verdict/__init__.py, src/verel/verdict/models.py, src/verel/verdict/gate.py, src/verel/verdict/attest.py, src/verel/verdict/fingerprint.py
- **Brain 记忆子系统：共享、验证与高可用**：importance `high`
  - source_paths: src/verel/memory/__init__.py, src/verel/memory/local.py, src/verel/memory/lattice.py, src/verel/memory/principal.py, src/verel/memory/share.py
- **Fleet 编排、Toolsmith 与部署运维**：importance `high`
  - source_paths: src/verel/fleet/__init__.py, src/verel/fleet/manager.py, src/verel/fleet/scheduler.py, src/verel/fleet/worker.py, src/verel/fleet/worktree.py

## Repo Inspection Evidence / 源码检查证据

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `f44d54b93b6272f09f3b41a2a82ffc26baa994a4`
- inspected_files: `README.md`, `pyproject.toml`, `docs/ARCHITECTURE.md`, `docs/H2_RESULTS.md`, `docs/SUBSTRATE_DESIGN.md`, `docs/adoption.md`, `docs/api.md`, `docs/cli.md`, `docs/configuration.md`, `docs/examples.md`, `docs/faq.md`, `docs/getting-started.md`, `docs/index.md`, `docs/tutorial.md`, `docs/usage.md`, `docs/use-cases.md`, `examples/demo_agent_loop.py`, `examples/demo_canary_rollback.py`, `examples/demo_capability_jail.py`, `examples/demo_cicd.py`

宿主 AI 硬性规则：
- 没有 repo_clone_verified=true 时，不得声称已经读过源码。
- 没有 repo_inspection_verified=true 时，不得把 README/docs/package 文件判断写成事实。
- 没有 quick_start_verified=true 时，不得声称 Quick Start 已跑通。

## Doramagic Pitfall Constraints / 踩坑约束

这些规则来自 Doramagic 发现、验证或编译过程中的项目专属坑点。宿主 AI 必须把它们当作工作约束，而不是普通说明文字。

### Constraint 1: 失败模式：security_permissions: verel doctor: report installed extras and key presence

- Trigger: Developers should check this security_permissions risk before relying on the project: verel doctor: report installed extras and key presence
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: verel doctor: report installed extras and key presence. Context: Observed when using docker
- Why it matters: Developers may expose sensitive permissions or credentials: verel doctor: report installed extras and key presence
- Evidence: failure_mode_cluster:github_issue | https://github.com/amitpatole/verel/issues/2 | verel doctor: report installed extras and key presence
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 2: 失败模式：installation: Add a Rust toolchain (cargo test + clippy) to the CI graders

- Trigger: Developers should check this installation risk before relying on the project: Add a Rust toolchain (cargo test + clippy) to the CI graders
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Add a Rust toolchain (cargo test + clippy) to the CI graders. Context: Observed when using python
- Why it matters: Developers may fail before the first successful local run: Add a Rust toolchain (cargo test + clippy) to the CI graders
- Evidence: failure_mode_cluster:github_issue | https://github.com/amitpatole/verel/issues/1 | Add a Rust toolchain (cargo test + clippy) to the CI graders
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 3: 失败模式：installation: v0.28.0 — quorum reads: a point read survives the leader being down

- Trigger: Developers should check this installation risk before relying on the project: v0.28.0 — quorum reads: a point read survives the leader being down
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.28.0 — quorum reads: a point read survives the leader being down. Context: Observed when using node, python
- Why it matters: Upgrade or migration may change expected behavior: v0.28.0 — quorum reads: a point read survives the leader being down
- Evidence: failure_mode_cluster:github_release | https://github.com/amitpatole/verel/releases/tag/v0.28.0 | v0.28.0 — quorum reads: a point read survives the leader being down
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 4: 失败模式：installation: v0.29.0 — security hardening: full attack-surface audit + red-team

- Trigger: Developers should check this installation risk before relying on the project: v0.29.0 — security hardening: full attack-surface audit + red-team
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.29.0 — security hardening: full attack-surface audit + red-team. Context: Observed when using python, docker
- Why it matters: Upgrade or migration may change expected behavior: v0.29.0 — security hardening: full attack-surface audit + red-team
- Evidence: failure_mode_cluster:github_release | https://github.com/amitpatole/verel/releases/tag/v0.29.0 | v0.29.0 — security hardening: full attack-surface audit + red-team
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 5: 失败模式：installation: v0.29.1 — security: 3-round adversarial red-team

- Trigger: Developers should check this installation risk before relying on the project: v0.29.1 — security: 3-round adversarial red-team
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.29.1 — security: 3-round adversarial red-team. Context: Observed when using python, docker
- Why it matters: Upgrade or migration may change expected behavior: v0.29.1 — security: 3-round adversarial red-team
- Evidence: failure_mode_cluster:github_release | https://github.com/amitpatole/verel/releases/tag/v0.29.1 | v0.29.1 — security: 3-round adversarial red-team
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 6: 失败模式：installation: v0.29.2 — CI fix for the v0.29.1 security release

- Trigger: Developers should check this installation risk before relying on the project: v0.29.2 — CI fix for the v0.29.1 security release
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.29.2 — CI fix for the v0.29.1 security release. Context: Observed when using python, docker
- Why it matters: Upgrade or migration may change expected behavior: v0.29.2 — CI fix for the v0.29.1 security release
- Evidence: failure_mode_cluster:github_release | https://github.com/amitpatole/verel/releases/tag/v0.29.2 | v0.29.2 — CI fix for the v0.29.1 security release
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 7: 失败模式：installation: v0.30.0 — the verification substrate

- Trigger: Developers should check this installation risk before relying on the project: v0.30.0 — the verification substrate
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.30.0 — the verification substrate. Context: Observed when using python
- Why it matters: Upgrade or migration may change expected behavior: v0.30.0 — the verification substrate
- Evidence: failure_mode_cluster:github_release | https://github.com/amitpatole/verel/releases/tag/v0.30.0 | v0.30.0 — the verification substrate
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 8: 失败模式：installation: v0.31.0 — the shared verified brain

- Trigger: Developers should check this installation risk before relying on the project: v0.31.0 — the shared verified brain
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.31.0 — the shared verified brain. Context: Observed when using python
- Why it matters: Upgrade or migration may change expected behavior: v0.31.0 — the shared verified brain
- Evidence: failure_mode_cluster:github_release | https://github.com/amitpatole/verel/releases/tag/v0.31.0 | v0.31.0 — the shared verified brain
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 9: 失败模式：installation: v0.32.0 — the authenticated multi-principal brain

- Trigger: Developers should check this installation risk before relying on the project: v0.32.0 — the authenticated multi-principal brain
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.32.0 — the authenticated multi-principal brain. Context: Observed when using python
- Why it matters: Upgrade or migration may change expected behavior: v0.32.0 — the authenticated multi-principal brain
- Evidence: failure_mode_cluster:github_release | https://github.com/amitpatole/verel/releases/tag/v0.32.0 | v0.32.0 — the authenticated multi-principal brain
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 10: 失败模式：installation: v0.34.0 — cross-principal verified tier (fact-bound attestation)

- Trigger: Developers should check this installation risk before relying on the project: v0.34.0 — cross-principal verified tier (fact-bound attestation)
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: v0.34.0 — cross-principal verified tier (fact-bound attestation). Context: Observed when using python
- Why it matters: Upgrade or migration may change expected behavior: v0.34.0 — cross-principal verified tier (fact-bound attestation)
- Evidence: failure_mode_cluster:github_release | https://github.com/amitpatole/verel/releases/tag/v0.34.0 | v0.34.0 — cross-principal verified tier (fact-bound attestation)
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。