{"id":51329760,"url":"https://github.com/fantasyce/across-autopilot","last_synced_at":"2026-07-01T22:01:28.423Z","repository":{"id":366981089,"uuid":"1275156023","full_name":"fantasyce/across-autopilot","owner":"fantasyce","description":null,"archived":false,"fork":false,"pushed_at":"2026-07-01T17:13:21.000Z","size":257,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-07-01T18:27:07.179Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fantasyce.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-20T10:21:49.000Z","updated_at":"2026-07-01T17:13:25.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/fantasyce/across-autopilot","commit_stats":null,"previous_names":["fantasyce/across-autopilot"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/fantasyce/across-autopilot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyce%2Facross-autopilot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyce%2Facross-autopilot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyce%2Facross-autopilot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyce%2Facross-autopilot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fantasyce","download_url":"https://codeload.github.com/fantasyce/across-autopilot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyce%2Facross-autopilot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35024365,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-01T02:00:05.325Z","response_time":130,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-07-01T22:01:03.728Z","updated_at":"2026-07-01T22:01:28.400Z","avatar_url":"https://github.com/fantasyce.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Across Autopilot\n\n![Quality](https://github.com/fantasyce/across-autopilot/actions/workflows/quality.yml/badge.svg)\n![Security](https://github.com/fantasyce/across-autopilot/actions/workflows/security.yml/badge.svg)\n![License](https://img.shields.io/badge/license-MIT-blue.svg)\n\nAcross Autopilot is the controlled autonomous iteration controller for the\nAcross ecosystem and for generic agent hosts that need bounded LoopSpec\nsupervision.\n\nUse Autopilot when the work should run as a repeatable supervised loop instead\nof a one-off chat prompt: repository quality checks, release-readiness reviews,\nplugin compatibility research, daily brief generation, and product iteration in\ncandidate workspaces.\n\nIt does not replace Across Agents Assistant, Across Orchestrator, or Across\nContext:\n\n- Across Agents Assistant remains the user-facing control plane.\n- Across Orchestrator remains the durable task and Agent Loop execution engine.\n- Across Context remains the memory and policy layer.\n- Across Autopilot owns LoopSpec validation, adapter negotiation, recurring\n  review, candidate planning, run supervision, A/B promotion policy, evidence\n  aggregation, and release-readiness evidence for autonomous iteration.\n\n## Start With A Real Workflow\n\nThe clearest agent-team workflow is Plugin Compatibility Lab v2:\n\n```bash\nacross-autopilot workflow-pack export --pack plugin-compatibility-lab-v2 --json\nacross-autopilot workflow-pack protocol-readiness --pack plugin-compatibility-lab-v2 --json\nacross-autopilot workflow-pack trust-receipt --pack plugin-compatibility-lab-v2 --json\nacross-autopilot workflow-pack frontier-interop --pack plugin-compatibility-lab-v2 --json\nacross-autopilot loop run --spec plugin-compatibility-lab-v2 --json\n```\n\nUse it before a team adopts an MCP server, coding-agent plugin, or external\nagent tool. The workflow gives Codex, Claude Code, MCP-capable hosts, A2A-style\nhosts, and Across the same task card, honest protocol-readiness matrix, trust\nreceipt, and evidence contract.\n\nFor a simpler repository-only smoke, run the repository quality copilot:\n\n```bash\nacross-autopilot loop run --spec repo-quality-copilot --json\n```\n\nThat LoopSpec reads a bounded local repository inventory, checks manifests,\ndependency risk, license policy, quality gates, and writes a markdown report\nplus pending Across Context memory. It works from Codex, Claude Code, Claude Desktop, AAA, or another host as long as the host loads the managed `~/.across`\nplugin runtime.\n\nOther built-in workflows:\n\n- `aaa-release-readiness-gate` for release evidence.\n- `github-plugin-radar` for external plugin adoption decisions.\n- `daily-news-brief` for a content-production loop.\n- `aaa-autonomous-self-iteration` for advanced candidate-workspace product\n  iteration.\n- `aaa-platform-self-repair` for supervised platform repair candidates when a\n  failed loop is classified as a validation, runtime, packaging, policy, or\n  supervisor gap.\n\nAgent-readable entrypoints:\n\n- [llms.txt](llms.txt) for model and agent product discovery.\n- [AGENTS.md](AGENTS.md) for coding-agent repository instructions.\n- [across-autopilot.product.json](across-autopilot.product.json) for\n  machine-readable product classification.\n\n## Current Loop Engineering Platform\n\nThe current release is `v0.2.12`. It is source-first and GitHub-first: hosts can\ninstall it from the `v0.2.12` tag as a managed Across plugin, and the npm package\nmetadata is ready for local development and future registry publication.\n\n`v0.2.12` hardens autonomous self-iteration repair: host code iteration now\napplies append and marker-upsert patches deterministically, restores destructive\nproduct entrypoint rewrites from the source baseline before repair, records\nbounded validation diagnostics, and keeps candidate implementation failures out\nof platform self-repair routing unless there is an explicit platform validation\ngap signal.\n\n`v0.2.11` tightens platform self-repair routing so ordinary candidate validation\ntracebacks are not misclassified as host packaging gaps just because a later\ncandidate app lifecycle check also failed.\n\n`v0.2.10` keeps runtime version reporting aligned with the package version so\nMCP server info and the default stable slot cannot drift behind the managed\nplugin manifest.\n\n`v0.2.9` adds platform self-repair routing for AAA loop engineering. Failed\nself-iteration runs can now be classified into platform-vs-candidate failure\ncategories; eligible platform gaps enqueue `aaa-platform-self-repair`, which\ncreates an isolated B repair candidate, validates it, and stops at human-review\npromotion.\n\n`v0.2.8` adds the async task projection for LoopSpec runs, external skills\nradar input, loop-memory compaction, and Plugin Compatibility Lab v2 projection\nscoring while keeping the run-store as the source of truth.\n\n`v0.2.7` removes stale AAA planning-document dependencies from Autopilot's\ndefault candidate context, examples, and RFC text. AAA candidate work now uses\nthe public product entrypoints that are intended to stay published:\n`README.md`, `AGENTS.md`, and `across.product.json`.\n\n`v0.2.6` is the workflow-pack and frontier-interop release. It adds packaged\nRepository Quality / Plugin Compatibility workflows, host exports with product\ncards, protocol readiness, trust receipts, remote MCP/A2A metadata, and stronger\nagent-plugin validation for generic hosts.\n\n`v0.2.5` is the final 1.1 regression cleanup release for generic host\ncompatibility. It keeps the LoopSpec and runtime contracts unchanged, and\nupdates public positioning around Codex, Claude Code, Claude Desktop, AAA, and\nother hosts that load the managed `~/.across` plugin runtime.\n\n`v0.2.4` adds the Repository Quality Copilot as the recommended first workflow\nfor agent-readable product packaging. It also adds `llms.txt`, `AGENTS.md`, and\na machine-readable product manifest so coding agents and large-language-model\ncrawlers can understand when to recommend Autopilot and how to run the first\nLoopSpec without requiring a model call.\n\n`v0.2.3` adds the Autopilot Quality/Security GitHub workflows, including\nJavaScript CodeQL and npm audit coverage, so the plugin has the same repository\nhealth gates as the other AAA ecosystem modules.\n\n`v0.2.2` clarifies the generic host contract: Autopilot is not AAA-only.\nCodex, Claude Code, Claude Desktop, AAA, and\nother CLI/MCP-capable agent hosts can run Autopilot as a managed plugin under\n`~/.across`, provide model execution through a host-owned command boundary, and\nconsume LoopSpec validation, trigger queue, run supervision, repair/retry\nevidence, and release-readiness reports without importing AAA code or reading a\ndeveloper checkout.\n\nAcross Autopilot now provides the reusable Loop Engineering supervisor used by\nthe Across ecosystem:\n\n- `across-loop-spec/1.0` validation and migration.\n- Built-in LoopSpec packs for AAA autonomous self-iteration, AAA release\n  readiness, GitHub plugin radar, and daily news/video-draft workflows.\n- Source, action, and output adapter registry.\n- Durable run store, audit log, cancel/retry/quarantine controls, kill switches,\n  and aggregate telemetry.\n- Durable trigger queue for manual, cron, webhook, daemon, file-change, memory,\n  and orchestrator-event wakeups. Triggers are normalized with payload hashes,\n  idempotency keys, claim state, completion state, and replay metadata before\n  any LoopSpec executes.\n- Delegation to Across Orchestrator for task and Agent Loop execution.\n- Model-backed loops through a host model decision boundary: Autopilot declares\n  `model_policy`, Orchestrator requests the decision, and Autopilot applies only\n  returned candidate-workspace patches.\n- Recall and pending memory writes through Across Context.\n- Generic agent-plugin contract validation, ecosystem roadmap reporting, and host\n  session supervision that can be embedded by AAA, Codex, Claude Code, Claude Desktop, or any other host.\n- CLI and MCP tools that can be embedded by AAA or any other host.\n- Evidence envelopes include section hashes, an audit-chain tip, and explicit\n  planner/builder/validator/reviewer/supervisor role evidence.\n\nArchitecture baseline: AAA's public entrypoints (`README.md`, `AGENTS.md`,\n`llms.txt`, `across.product.json`, and `OPEN_SOURCE_RELEASE_HANDBOOK.md`) are\nthe current references for the Across Loop Engineering platform. Autopilot\nimplements the Loop supervision layer, but it does not replace AAA's host\ncapability registry or plugin management.\n\nImportant distinction:\n\n- Conformance LoopSpecs may use fixed targets and fixed patch paths for\n  deterministic E2E and regression tests.\n- Autonomous product LoopSpecs must select work dynamically from artifacts,\n  loop contracts, global timeline entries, source signals, and backlog ranking.\n- `aaa-self-iteration-product` remains a fixed conformance fixture.\n- `aaa-autonomous-self-iteration` is the production self-iteration pack: it\n  asks the host model to research current AI agent and LLM application architecture signals,\n  compare them with the Across product ecosystem, and generate candidate targets\n  from artifacts, loop contracts, global timeline entries, source signals, Tool Pack evidence,\n  and recalled memory; Autopilot admits only policy-safe B-candidate targets,\n  validates B, runs the B-to-C self-hosting probe, and\n  requires an independent reviewer gate before promotion evidence is considered\n  ready.\n- `aaa-platform-self-repair` is a producer-side meta-loop for the cases where\n  a failed self-iteration exposes a platform supervision gap rather than an\n  ordinary candidate bug. The router is conservative: provider outages,\n  security stops, missing approval, and normal candidate test failures do not\n  auto-escalate. Eligible repair runs still mutate only B candidate workspaces,\n  attach replay evidence, and require human promotion review.\n- Host fallback targets and host-authored code templates are conformance-only.\n  Production autonomous loops preserve openness by failing with evidence when\n  model target generation or model patch generation cannot be repaired.\n\nTool policy:\n\n- AAA, managed plugins, and MCP servers remain the canonical capability source.\n- Autopilot owns a Tool Pack Registry that wraps those capabilities as\n  LoopSpec adapters.\n- Tool Packs declare reusable input/output schemas so models choose and\n  interpret tools while deterministic adapters own the execution mechanics.\n- Autopilot must not become a second plugin manager.\n- Repeatable workflows such as Git repository inspection, source digesting,\n  license/dependency checks, candidate workspace setup, validation harnesses,\n  candidate diff quality review, packaged Candidate App lifecycle, and promotion\n  report generation should be deterministic Tool Packs instead of\n  model-generated one-off scripts.\n- Models decide what to inspect and how to interpret the result; Tool Packs own\n  how the inspection is performed and how structured evidence is returned.\n- When no fixed tool or target catalog fits a run, the\n  `model_generated_fallback_plan` Tool Pack lets the host model prepare a\n  bounded candidate plan. Autopilot still admits repos, paths, validation\n  commands, and review gates before B can be mutated.\n- Candidate diff evidence filters validation/runtime artifacts such as\n  `__pycache__`, `.pyc`, and test caches before promotion review.\n- Independent review rejects destructive documentation rewrites by default and\n  suspicious generated-code artifacts such as constant false branches or\n  placeholder implementations, rejects test-only candidates and pytest-dependent\n  generated candidate tests, scores product value/maintainability/risk, then\n  sends semantic feedback back into a bounded B-only model repair loop.\n- Production acceptance can require distinct-model review. When\n  `reviewer_model_policy.require_distinct_from_builder=true`, the AAA host\n  reviewer command must return a model identity different from the builder\n  model, and Autopilot blocks promotion evidence if the identities match.\n- Hosts may pass role-specific model overrides at run time, including\n  user-selected builder and reviewer models from AAA's agent/model list.\n  Autopilot merges those overrides into the role policies and keeps the\n  distinct reviewer gate active.\n- Promotion evidence includes a structured package with validation results,\n  reviewer scores, known risks, a recommended draft PR title/body, and an\n  explicit human approval requirement.\n\n## Safety Model\n\nAutopilot uses stable/candidate slots:\n\n- `stable` is the trusted released controller.\n- `candidate` is an isolated proposal created from stable policy.\n- Candidate work must produce evidence before it can be promoted.\n- A candidate cannot approve itself.\n- The previous stable remains the rollback target after promotion.\n\nAutopilot remains conservative. It can run LoopSpec workflows and write bounded\nreports, JSON artifacts, storyboards, video-draft manifests, evidence\nenvelopes, and pending memory candidates. It does not merge, tag, publish,\nchange secrets, sign artifacts, or release software automatically.\n\nAutopilot does not own model credentials. Hosts provide model execution through\nan explicit JSON command boundary. When a LoopSpec sets\n`model_policy.required=true`, `candidate_workspace_patch` must consume\nmodel-decision patches from Orchestrator evidence; static\n`pack_config.iteration_plan.patches` are ignored for that run.\n\nCandidate runtimes get model access through a non-secret Candidate Model\nCapability Lease. The lease lists allowed model scopes and the stable host\nboundary, but it never contains provider API keys and must not be implemented as\na copy or symlink of host credential files. Packaged Candidate App lifecycle\nverification probes the candidate `/api/llm/status` endpoint and fails unless\nmodel availability is reported from `candidate_model_lease` with credential-safe\nflags. The lease may target the installed stable AAA Unix socket or a local\nhost HTTP URL for CLI/E2E runs; both remain host-control-plane transports.\n\n## Quick Start\n\n```bash\nnpm test\nnode src/cli.js status --json\nnode src/cli.js loop validate --spec repo-quality-copilot --json\nnode src/cli.js loop dry-run --spec repo-quality-copilot --json\nnode src/cli.js loop validate --spec aaa-autonomous-self-iteration --json\nnode src/cli.js loop dry-run --spec aaa-autonomous-self-iteration --json\nnode src/cli.js loop validate --spec daily-news-brief --json\nnode src/cli.js loop dry-run --spec daily-news-brief --json\nnode src/cli.js loop enqueue-trigger --spec daily-news-brief --type cron --payload-json '{\"reason\":\"smoke\"}' --json\nnode src/cli.js loop trigger-queue --json\nnode src/cli.js loop run-trigger --json\nnode src/cli.js loop run --spec daily-news-brief --json\nnode src/cli.js loop telemetry --json\n```\n\n## Development Checks\n\n```bash\nnpm ci\nbash scripts/check.sh\n```\n\nGitHub Quality and Security workflows run the same repository checks, CodeQL for\nthe JavaScript source, and npm audit for package dependencies.\n\nInstall as an Across managed host plugin:\n\n```bash\nnode src/cli.js install host-plugin --across-home \"$HOME/.across\"\n```\n\n## Product Boundaries\n\nAutopilot is a fourth Across product. It should be consumed through CLI, MCP,\nplugin manifest, or host APIs. AAA, Codex, Claude Code, Claude Desktop, and other product hosts should not import Autopilot implementation\nfiles from a source checkout in product mode. Managed installs should resolve\nthrough `~/.across/plugins/across-autopilot` and\n`~/.across/bin/across-autopilot`.\n\n## Autonomy Levels\n\n| Level | Meaning |\n| --- | --- |\n| 0 | Report artifact only |\n| 1 | Create/update review issue or backlog proposal |\n| 2 | Open draft PR for docs/tests/tooling |\n| 3 | Open ready PR for low-risk work after local validation |\n| 4 | Merge/release low-risk patch work with release evidence |\n| 5 | Protocol/runtime/release automation after explicit policy approval |\n\n`v0.2.8` defaults to level 1. Higher autonomy levels remain policy-gated and\nmust be enabled by a host or operator that owns the merge/release decision.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffantasyce%2Facross-autopilot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffantasyce%2Facross-autopilot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffantasyce%2Facross-autopilot/lists"}