Fearvox · Fearvox · May 13, 2026 · May 13, 2026 · May 13, 2026 · May 13, 2026
diff --git a/.github/ISSUE_TEMPLATE/pr_tracker.yml b/.github/ISSUE_TEMPLATE/pr_tracker.yml
@@ -0,0 +1,109 @@
+name: PR tracker (mirror)
+description: Mirror an in-flight pull request as a tracking issue for Linear and Slack sync / 镜像一个进行中的 PR 作为追踪 issue
+title: "[PR Track] #<number>: <short summary>"
+labels: ["pr-mirror", "tracking"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this when you want a long-lived, auditable record of an upstream PR.
+        Linear and Slack subscribe to issues with the `pr-mirror` label.
+        镜像一个 PR 用于 Linear / Slack 长期可审计追踪。带 `pr-mirror` 标签的 issue 会被订阅。
+  - type: input
+    id: pr_number
+    attributes:
+      label: PR number
+      placeholder: "e.g. 196"
+    validations:
+      required: true
+  - type: input
+    id: pr_url
+    attributes:
+      label: PR URL
+      placeholder: https://github.com/EverMind-AI/EverOS/pull/<number>
+    validations:
+      required: true
+  - type: input
+    id: author
+    attributes:
+      label: Author handle
+      placeholder: "@github-login"
+    validations:
+      required: true
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - methods/EverCore
+        - methods/HyperMem
+        - benchmarks/EverMemBench
+        - benchmarks/EvoAgentBench
+        - use-cases
+        - documentation
+        - CI / build / release
+        - other
+    validations:
+      required: true
+  - type: dropdown
+    id: lane
+    attributes:
+      label: Review lane
+      description: How this PR should be triaged. / 该 PR 的优先级处理通道。
+      options:
+        - hotfix (block release until merged)
+        - normal (standard review)
+        - docs-only (light review)
+        - exploratory (no merge intent)
+    validations:
+      required: true
+  - type: textarea
+    id: scope
+    attributes:
+      label: Scope summary
+      description: One paragraph. What does the PR change, and what is intentionally left out?
+      placeholder: |
+        Changes:
+        - ...
+        Out of scope:
+        - ...
+    validations:
+      required: true
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Evidence snapshot
+      description: |
+        Required before this mirror can be closed. Paste the CI summary, test command output,
+        or the link to the run. "No mirror closes without evidence."
+        关闭镜像 issue 前必填。粘贴 CI 摘要、测试命令输出或 run 链接。
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    id: decisions
+    attributes:
+      label: Decision log
+      description: Notable review decisions (approvals, requested changes, deferrals).
+      placeholder: |
+        - 2026-05-13 @reviewer: requested change on tests/test_x.py
+        - 2026-05-13 @author: scoped follow-up to PR #...
+  - type: input
+    id: linear_issue
+    attributes:
+      label: Linear issue (optional)
+      placeholder: "EVE-123"
+  - type: input
+    id: slack_thread
+    attributes:
+      label: Slack thread (optional)
+      placeholder: "https://everminddash.slack.com/archives/.../p..."
+  - type: checkboxes
+    id: closure
+    attributes:
+      label: Closure criteria
+      description: Check all that apply before closing this mirror.
+      options:
+        - label: PR is merged, closed, or marked won't-fix upstream.
+        - label: Evidence snapshot above reflects the final state.
+        - label: Linear and Slack records have been updated (if linked).
diff --git a/.github/ISSUE_TEMPLATE/security_tracker.yml b/.github/ISSUE_TEMPLATE/security_tracker.yml
@@ -0,0 +1,116 @@
+name: Security tracker (mirror)
+description: Mirror a security PR or disclosure for Linear and Slack escalation / 镜像一个安全 PR 或披露
+title: "[Security Track] CWE-<id>: <short summary>"
+labels: ["security", "pr-mirror", "tracking", "urgent"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Use this for any PR or disclosure that affects credentials, authn/authz, data exposure,
+        supply chain, or sandbox escape. The `urgent` label routes this to high-priority
+        notifications in Slack and Linear.
+        用于凭证、认证授权、数据暴露、供应链、沙箱逃逸等安全 PR / 披露。`urgent` 标签会触发高优先级通知。
+        Do NOT include exploit details that are not already public in the upstream PR.
+        请勿写入未在 upstream PR 公开的利用细节。
+  - type: input
+    id: cwe
+    attributes:
+      label: CWE id
+      placeholder: "CWE-798"
+    validations:
+      required: true
+  - type: input
+    id: pr_url
+    attributes:
+      label: Upstream PR or advisory URL
+      placeholder: https://github.com/EverMind-AI/EverOS/pull/<number>
+    validations:
+      required: true
+  - type: dropdown
+    id: severity
+    attributes:
+      label: Severity
+      options:
+        - Critical (full auth bypass / unauthenticated RCE / mass data loss)
+        - High (privileged data access / credential exposure / persistent compromise)
+        - Medium (limited data access / requires user interaction)
+        - Low (defense-in-depth / hardening)
+    validations:
+      required: true
+  - type: dropdown
+    id: exposure
+    attributes:
+      label: Reachability
+      description: How reachable is this in the documented quickstart / default config?
+      options:
+        - Default config (reproducible from a clean clone)
+        - Default config + network position
+        - Non-default config but documented
+        - Hypothetical / not yet reproducible
+    validations:
+      required: true
+  - type: textarea
+    id: affected
+    attributes:
+      label: Affected components
+      description: File paths, services, or versions impacted.
+      placeholder: |
+        - methods/EverCore/docker-compose.yaml (memsys-milvus-minio block)
+        - methods/EverCore/env.template
+    validations:
+      required: true
+  - type: textarea
+    id: fix_summary
+    attributes:
+      label: Proposed fix summary
+      description: One paragraph. What does the PR change? Cite the contract that makes it fail-closed.
+    validations:
+      required: true
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Verification evidence
+      description: |
+        Required before closure. Show the commands and output that prove the fix works AND
+        that the unpatched state was exploitable. "No security mirror closes without evidence."
+        关闭前必填。展示证明 fix 生效以及未修复状态可利用的命令与输出。
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    id: residual
+    attributes:
+      label: Residual risk / follow-ups
+      description: Anything intentionally out of scope, plus follow-up issues that should be filed.
+      placeholder: |
+        - docs/installation/ still references the old default in examples; follow-up sweep needed.
+        - Consider adding a CI lint to catch hardcoded secrets in docker-compose files.
+  - type: input
+    id: linear_issue
+    attributes:
+      label: Linear issue (optional)
+      placeholder: "EVE-123"
+  - type: input
+    id: slack_thread
+    attributes:
+      label: Slack thread (optional)
+      placeholder: "https://everminddash.slack.com/archives/.../p..."
+  - type: checkboxes
+    id: disclosure
+    attributes:
+      label: Disclosure hygiene
+      description: Confirm before submitting.
+      options:
+        - label: This mirror contains no exploit details beyond what is already public in the upstream PR.
+          required: true
+        - label: The upstream PR or advisory link is correct and reachable.
+          required: true
+        - label: A maintainer has been pinged in Slack #p-evermind-dash or via Linear EVE if Severity is Critical or High.
+  - type: checkboxes
+    id: closure
+    attributes:
+      label: Closure criteria
+      options:
+        - label: Upstream PR merged, advisory published, or risk formally accepted.
+        - label: Verification evidence above reflects the merged state.
+        - label: Residual-risk follow-ups have issues filed (or explicitly waived).
diff --git a/.github/MUW_REVIEW_LANE.md b/.github/MUW_REVIEW_LANE.md
@@ -0,0 +1,58 @@
+# MUW Review Lane
+
+Use this lane when GitHub's native Codex review is useful but its fixed review
+wrapper is too loose for MUW closeout work.
+
+The lane has three steps:
+
+1. Collect PR evidence.
+2. Ask Codex to produce an exact MUW verdict from the generated prompt.
+3. Post the verdict back to the PR with an idempotency marker.
+
+## Collect Evidence
+
+```bash
+node .github/scripts/muw-review-lane.mjs collect --pr 24 --repo Fearvox/EverOS
+```
+
+The command prints paths like:
+
+```text
+context=/tmp/muw-review-pr-24/pr-24-context.md
+prompt=/tmp/muw-review-pr-24/pr-24-prompt.md
+metadata=/tmp/muw-review-pr-24/pr-24-metadata.json
+```
+
+Give the prompt file to Codex. The context bundle includes PR metadata, changed
+files, status checks, recent comments, existing reviews, and a redacted patch.
+
+## Post Verdict
+
+Save the Codex verdict to a file, then post it:
+
+```bash
+node .github/scripts/muw-review-lane.mjs post \
+  --pr 24 \
+  --repo Fearvox/EverOS \
+  --body-file /tmp/muw-review-pr-24/verdict.md
+```
+
+`post` refuses bodies that do not contain:
+
+```text
+VERDICT:
+VERDICT_SUMMARY:
+EVIDENCE:
+```
+
+It also adds a hidden marker containing the PR head SHA. Re-running `post` for
+the same head is a no-op unless `--force` is provided.
+
+## Why Not Native Review
+
+- GitHub's `@codex review` endpoint is useful, but it wraps responses in the
+  native Codex review shell.
+- GitHub Agent tasks are mutation-oriented and may create draft PRs even for a
+  review-only prompt.
+- This lane keeps review evidence gathering and comment publishing mechanical,
+  while leaving the verdict judgment to Codex.
diff --git a/.github/MUW_REVIEW_REPLY.md b/.github/MUW_REVIEW_REPLY.md
@@ -0,0 +1,24 @@
+VERDICT: FLAG
+VERDICT_SUMMARY: The PR adds a comprehensive MUW review lane, tracker templates, and automation wiring, but one default target points to the wrong repository and makes the core script unsafe by default. Workflow-level verification evidence is not attached in this branch, so rollout should be held until that default is corrected and one end-to-end dry run is captured.
+EVIDENCE:
+
+1) Severity: High
+- File/path: `.github/scripts/muw-review-lane.mjs`
+- Evidence: `DEFAULT_REPO` is set to `Fearvox/EverOS` even though this repository remote is `EverMind-AI/EverOS`.
+- Why it matters: Running the script without `--repo` can collect/post to the wrong project, creating data leakage risk and invalid review artifacts.
+- Fix guidance: Change default to `EverMind-AI/EverOS` (or require explicit `--repo`) and add a guard that confirms current git remote matches the target repo before posting.
+
+2) Severity: Medium
+- File/path: `.github/workflows/overnight-watch.yml`, `.github/workflows/linear-sync.yml`, `.github/workflows/sync-upstream.yml`
+- Evidence: New automation workflows are introduced, but this branch does not provide a successful run artifact, dry-run log, or fixture-based script test proving safe behavior.
+- Why it matters: These workflows can post comments/sync state automatically; missing proof increases risk of noisy or incorrect cross-system updates.
+- Fix guidance: Attach one successful dry run per workflow (or script-level unit test evidence) in PR checks/comments before merge.
+
+3) Severity: Low
+- File/path: `.github/ISSUE_TEMPLATE/pr_tracker.yml`, `.github/ISSUE_TEMPLATE/security_tracker.yml`
+- Evidence: Templates are detailed and useful, but they introduce mandatory operational fields without a short onboarding note in CONTRIBUTING/docs.
+- Why it matters: Contributors may submit incomplete triage data, reducing template effectiveness.
+- Fix guidance: Add a short “how to use tracker templates” section in contributor docs with one minimal example.
+
+Residual verification gap:
+- Confirm no credentials appear in generated context bundles after redaction by running the script against a test PR and scanning artifacts.
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -0,0 +1,42 @@
+# Copilot and Codex Review Instructions
+
+When reviewing pull requests in this repository, use the MUW review contract.
+Start every review with this block:
+
+```text
+VERDICT: PASS / FLAG / BLOCK
+VERDICT_SUMMARY: three lines or fewer; what passed, what is risky, and the next action
+EVIDENCE:
+```
+
+Use the verdicts this way:
+
+- `PASS`: the pull request objective is met and the evidence is sufficient.
+- `FLAG`: useful progress, but a non-blocking issue, missing evidence, or follow-up remains.
+- `BLOCK`: the objective is unmet, unsafe, unverifiable, or materially wrong.
+
+Report findings first, ordered by severity. For each actionable finding, include:
+
+- Severity
+- File/path
+- Evidence from the actual diff, status check, command output, or linked issue
+- Why it matters
+- Fix guidance or the next verification required
+
+Review method:
+
+1. Identify the promised objective from the PR title, body, linked issue, and changed files.
+2. Inspect the real diff and available checks before making a success claim.
+3. Compare evidence against the objective; do not accept `done` from a summary alone.
+4. Verify the smallest real path that proves the claim.
+5. Keep evidence concise, reproducible, and repository-relative.
+
+EverOS-specific checks:
+
+- For `methods/EverCore/`, preserve async I/O, tenant scoping, and existing module boundaries.
+- For prompts, keep EN/ZH variants aligned when both exist.
+- For docs and community files, preserve the README reader journey and keep root uncluttered.
+- For `.github/workflows/docs.yml`, keep the workflow lightweight and dependency-free unless the PR explicitly changes that contract.
+- Do not expose secrets, credential paths, raw tokens, private host values, or operator-only commands in review text.
+
+For clean reviews, still return the MUW block with the evidence checked and any residual test gap. Keep the final review concise; prefer one clear judgment over a long menu of weak suggestions.